diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 488df7a8c..3938244c6 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,18 +1,6 @@
 <!--- Provide a general summary of the issue in the Title above -->
 
-<!-- If you are reporting a problem or a bug, please ensure to read https://github.com/Icinga/icinga2/blob/master/doc/15-troubleshooting.md first. -->
-
-<!-- Formatting tips:
-
-GitHub supports Markdown: https://guides.github.com/features/mastering-markdown/
-Multi-line code blocks either with three back ticks, or four space indent.
-
-```
-object Host "myhost" {
-  ...
-}
-```
--->
+<!-- If you are reporting a problem or a bug, please ensure to read https://github.com/Icinga/icinga2/blob/master/doc/15-troubleshooting.md first. Formatting tips: GitHub supports Markdown: https://guides.github.com/features/mastering-markdown/ -->
 
 ## Expected Behavior
 <!--- If you're describing a bug, tell us what should happen -->
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 000000000..7f6e12135
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,46 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+Please ensure to read https://github.com/Icinga/icinga2/blob/master/doc/15-troubleshooting.md first. Formatting tips: GitHub supports Markdown: https://guides.github.com/features/mastering-markdown/
+
+## To Reproduce
+
+Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include configuration, logs, etc. to reproduce, if relevant.
+
+1.
+2.
+3.
+4.
+
+## Expected behavior
+
+A clear and concise description of what you expected to happen.
+
+## Screenshots
+
+If applicable, add screenshots to help explain your problem.
+
+## Your Environment
+
+Include as many relevant details about the environment you experienced the problem in
+
+* Version used (`icinga2 --version`):
+* Operating System and version:
+* Enabled features (`icinga2 feature list`):
+* Icinga Web 2 version and modules (System - About):
+* Config validation (`icinga2 daemon -C`):
+* If you run multiple Icinga 2 instances, the `zones.conf` file (or `icinga2 object list --type Endpoint` and `icinga2 object list --type Zone`) from all affected nodes.
+
+## Additional context
+
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 000000000..1d19ccf8a
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,24 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+## Is your feature request related to a problem? Please describe.
+
+A clear and concise description of what the problem is. Ex. I'm always using this feature but am missing [...]
+
+## Describe the solution you'd like
+
+A clear and concise description of what you want to happen.
+
+## Describe alternatives you've considered
+
+A clear and concise description of any alternative solutions or features you've considered.
+
+## Additional context
+
+Add any other context or screenshots about the feature request here.
diff --git a/.gitignore b/.gitignore
index 0f798cb79..b300b597d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,20 +1,18 @@
-## Editors
-.idea/
-*.komodoproject
-.*.sw[op]
-*~
+# Exclude all hidden files
+.*
 
-## C++ and Tools
-*.patch
-*.playground
-.vagrant
+# Except those related to git and vagrant
+!.git*
+!.puppet*
+!.travis.yml
+!.mailmap
+
+## Tools
+*~
+tickets.pickle
 
 ## Build artifacts
-build/
-build-debug/
-build-release/
-build32/
-build64/
+build*/
 debug/
 release/
 cmake-build-debug
diff --git a/.mailmap b/.mailmap
index ab70551b8..e37a5aca9 100644
--- a/.mailmap
+++ b/.mailmap
@@ -6,12 +6,17 @@ Gunnar Beutner <gunnar.beutner@icinga.com> <icinga@net-icinga2.adm.netways.de>
 <michael.friedrich@icinga.com> <Michael.Friedrich@netways.de>
 Michael Insel <mcktr55@gmail.com> <mcktr55@gmail.com>
 <tobias.vonderkrone@profitbricks.com> <tobias@vonderkrone.info>
-Jean Flach <jean-marcel.flach@icinga.com> <jean-marcel.flach@netways.de>
-Jean Flach <jean-marcel.flach@icinga.com> <Crunsher@users.noreply.github.com>
-Jean Flach <jean-marcel.flach@icinga.com> Jean Flach <jean-marcel.flach@icinga.com>
+Diana Flach <diana.flach@icinga.com> <jean-marcel.flach@netways.de>
+Diana Flach <diana.flach@icinga.com> <Crunsher@users.noreply.github.com>
+Diana Flach <diana.flach@icinga.com> Jean Flach <jean-marcel.flach@icinga.com>
+Diana Flach <diana.flach@icinga.com> <crunsher@bamberg.ccc.de>
 Dolf Schimmel <dolf@transip.nl> <dolf@dolfschimmel.nl>
 Markus Waldmüller <markus.waldmueller@netways.de>
 Claudio Kuenzler <ck@claudiokuenzler.com>
+Carsten Köbke <carsten.koebke@gmx.de> Carsten Koebke <carsten.koebke@koebbes.de>
+Thomas Gelf <thomas.gelf@icinga.com> <thomas@gelf.net>
+Michael Insel <mcktr55@gmail.com> <michael@email.de>
+Michael Insel <mcktr55@gmail.com> <michael@insel.email>
 <markus.frosch@icinga.com> <markus@lazyfrosch.de>
 <markus.frosch@icinga.com> <lazyfrosch@icinga.org>
 <bernd.erk@icinga.com> <bernd.erk@icinga.org>
@@ -32,3 +37,7 @@ Claudio Kuenzler <ck@claudiokuenzler.com>
 Marianne Spiller <github@spiller.me>
 Robin O'Brien <robin@labs.epiuse.com> <robinjohnobrien@gmail.com>
 <noah.hilverling@icinga.com> <noah@hilverling.com>
+Jens Schanz <jens.schanz@mueller.de> <mail@jensschanz.de>
+Jens Schanz <jens.schanz@mueller.de> Schanz, Jens <jens.schanz@mueller.de>
+Henrik Triem <Henrik.Triem@icinga.com> Henrik Triem <43344334+htriem@users.noreply.github.com>
+nemtrif <ntrifunovic@hotmail.com> <nemtrif@users.noreply.github.com>
diff --git a/.travis.yml b/.travis.yml
index 89b52bdd8..03f43f032 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,51 +1,42 @@
-dist: trusty
+dist: xenial
 sudo: false
 
 language: cpp
 
 cache: ccache
 
-env:
-  global:
-   # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
-   #   via the "travis encrypt" command using the project repo's public key
-   - secure: "eOnFdiRhB7VUZY7Of4Ff0px93HRWGcD4fXCPiy8V2OC2ER98CYCVw7PKt2Is6i/yTveFTps1kObOo0T03aUT8y/xeBy/wMuJYk1d6mVgmSXOjxcxjQVTUh4J+xB+k/R6FoP2dirNDbvSayCj9Fi9toN9hQHMM8oAZOZfiKmYTJc="
-
-before_install:
-      - echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
-
 addons:
-  apt_packages:
-    - libboost-all-dev
-    - flex
-    - bison
-    - libssl-dev
-    - libpq-dev
-    - libmysqlclient-dev
-    - libedit-dev
-    - libyajl-dev
-    - libwxbase3.0-dev
-    - libwxgtk3.0-dev
-  coverity_scan:
-    project:
-      name: "Icinga/icinga2"
-    notification_email: icinga2@icinga.com
-    build_command_prepend: "cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=/tmp/icinga2 -DICINGA2_PLUGINDIR=/tmp/icinga2/sbin -DICINGA2_UNITY_BUILD=ON"
-    build_command: "make -j 2"
-    branch_pattern: coverity_scan
-
+  apt:
+    sources:
+      - sourceline: 'deb http://packages.icinga.com/ubuntu icinga-xenial main'
+        key_url: 'https://packages.icinga.com/icinga.key'
+    packages:
+      - libboost1.67-icinga-all-dev
+      - flex
+      - bison
+      - libssl-dev
+      - libpq-dev
+      - libmysqlclient-dev
+      - libedit-dev
 before_script:
-  - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then
-      mkdir build;
-      cd build;
-      cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=/tmp/icinga2 -DICINGA2_PLUGINDIR=/tmp/icinga2/sbin;
-    fi
+  - arch=$(uname -m)
+  - mkdir build
+  - cd build
+  - >
+    cmake ..
+    -DCMAKE_BUILD_TYPE=Debug
+    -DICINGA2_UNITY_BUILD=Off
+    -DCMAKE_INSTALL_PREFIX=/tmp/icinga2
+    -DICINGA2_PLUGINDIR=/tmp/icinga2/sbin
+    -DBoost_NO_BOOST_CMAKE=TRUE
+    -DBoost_NO_SYSTEM_PATHS=TRUE
+    -DBOOST_LIBRARYDIR=/usr/lib/${arch}-linux-gnu/icinga-boost
+    -DBOOST_INCLUDEDIR=/usr/include/icinga-boost
+    -DCMAKE_INSTALL_RPATH=/usr/lib/${arch}-linux-gnu/icinga-boost
 
 script:
-  - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then
-      make;
-      make test;
-      make install;
-      /tmp/icinga2/sbin/icinga2 --version;
-      /tmp/icinga2/sbin/icinga2 daemon -C -DRunAsUser=$(id -u -n) -DRunAsGroup=$(id -g -n);
-    fi
+  - make
+  - make test
+  - make install
+  - /tmp/icinga2/sbin/icinga2 --version
+  - /tmp/icinga2/sbin/icinga2 daemon -C -DRunAsUser=$(id -u -n) -DRunAsGroup=$(id -g -n)
diff --git a/AUTHORS b/AUTHORS
index 7d85ded0d..e13ab9ebb 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,16 +1,27 @@
+Aaron Bishop <erroneous@gmail.com>
 Adam Bolte <abolte@systemsaviour.com>
 Adam James <adam.james@transitiv.co.uk>
+Alan Jenkins <alan.christopher.jenkins@gmail.com>
+Alan Litster <alan.litster@twentyci.co.uk>
+Alex <alexp710@hotmail.com>
+Alex Merry <alexander.merry@nanoporetech.com>
 Alexander A. Klimov <alexander.klimov@icinga.com>
 Alexander Fuhr <alexander.fuhr@netways.de>
 Alexander Schomburg <script.acc@alex.schomb.org>
+Alexander Stoll <astoll@netways.de>
 Alexander Wirt <formorer@debian.org>
+Andrea Kao <eirinikos@gmail.com>
 Andreas Scherbaum <andreas@scherbaum.biz>
 Andres Ivanov <andres@andres.wtf>
+Andrew Jaffie <ajaffie@gmail.com>
 Andrew Meyer <ameyer+secure@nodnetwork.org>
 Andy Grunwald <andygrunwald@gmail.com>
 Arnd Hannemann <arnd@arndnet.de>
 Assaf Flatto <assaf@aikilinux.com>
+BarbUk <julien.virey@gmail.com>
+Bas Couwenberg <sebastic@xs4all.nl>
 Bastian Guse <bguse@nocopy.de>
+Bauerheim, Marcus <mbauerheim@spirit21.com>
 Benedikt Heine <bebe@bebehei.de>
 Bernd Erk <bernd.erk@icinga.com>
 Berthold Cogel <cogel@uni-koeln.de>
@@ -29,6 +40,7 @@ Christian Jonak <christian@jonak.org>
 Christian Lehmann <christian_lehmann@gmx.de>
 Christian Loos <cloos@netsandbox.de>
 Christian Schmidt <github@chsc.dk>
+Christopher Schirner <schinken@bamberg.ccc.de>
 Claudio Bilotta <bilottalove@gmail.com>
 Claudio Kuenzler <ck@claudiokuenzler.com>
 Conrad Clement <cclement@printeron.com>
@@ -36,7 +48,10 @@ Daniel Helgenberger <daniel.helgenberger@m-box.de>
 Daniel Kesselberg <mail@danielkesselberg.de>
 Daniil Yaroslavtsev <dyaroslavtsev@confyrm.com>
 David Beck <techiscool@gmail.com>
+David Lublink <github.com@spam.lublink.net>
 Denis <zaharden@gmail.com>
+Dennis Lichtenthäler <dennis.lichtenthaeler@stiftung-tannenhof.de>
+Diana Flach <diana.flach@icinga.com>
 Dinesh Majrekar <dinesh.majrekar@serverchoice.com>
 Dirk Goetz <dirk.goetz@icinga.com>
 Dirk Melchers <dirk@dirk-melchers.de>
@@ -44,10 +59,13 @@ Dolf Schimmel <dolf@transip.nl>
 Edgar Fuß <ef@math.uni-bonn.de>
 Eduard Güldner <eduard.gueldner@gmail.com>
 Edvin Seferovic <edvin@seferovic.net>
+Elias Ohm <eohm@novomind.com>
 Eric Lippmann <eric.lippmann@icinga.com>
 Evgeni Golov <evgeni@golov.de>
 Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
+Fabian Röhl <FRoehl@freicon.de>
 Federico Cuello <federico.cuello@sociomantic.com>
+Federico Pires <federico.pires@upsight.com>
 Ferdi Gueran <ferdi.gueran@nextevolution.de>
 Francesco Colista <fcolista@alpinelinux.org>
 Gaël Beaudoin <gaboo@gaboo.org>
@@ -56,41 +74,55 @@ Georg Haas <hax404foogit@hax404.de>
 Gerd von Egidy <gerd@egidy.de>
 Gerhardt Roman <roman.gerhardt@cbc-x.com>
 Glauco Vinicius <gl4uc0@gmail.com>
+Greg Hewgill <greg@hewgill.com>
 Gunnar Beutner <gunnar.beutner@icinga.com>
 Hannes Happle <info@h2-it.de>
 Hannes Van de Vel <h@nnes.be>
+Harald Laabs <github@dasr.de>
 Heike Jurzik <icinga@huhnix.org>
 Hendrik Röder <hendrik.biz@gmail.com>
+Henrik Triem <Henrik.Triem@icinga.com>
 Ian Kelling <ian@iankelling.org>
 Ildar Hizbulin <hizel@vyborg.ru>
 Irina Kaprizkina <ikapriz@gmail.com>
+Jack <jackdev@mailbox.org>
 James Pharaoh <james@pharaoh.uk>
 Jan Andres <jan.andres@berenberg.de>
 Jan Beich <jbeich@FreeBSD.org>
 Jan Wagner <waja@cyconet.org>
+Janne Heß <janne@hess.ooo>
 Jason Young <jason.young@velaspan.com>
-Jean Flach <jean-marcel.flach@icinga.com>
 Jean-Louis Dupond <jean-louis@dupond.be>
-Jens Schanz <mail@jensschanz.de>
+Jens Link <jenslink@quux.de>
+Jens Schanz <jens.schanz@mueller.de>
+Jeon Sang Wan <maxswjeon@naver.com>
 Jeremy Armstrong <lepubel@gmail.com>
 Jesse Morgan <morgajel@gmail.com>
 Jo Goossens <jo.goossens@hosted-power.com>
 Johannes Meyer <johannes.meyer@icinga.com>
 Jonas Meurer <jonas@freesources.org>
+Jordi van Scheijen <jordi.vanscheijen@solvinity.com>
 Joseph L. Casale <jcasale@activenetwerx.com>
 Julian Brost <julian@0x4a42.net>
 Jérôme Drouet <jerome.drouet@gmail.com>
+K0nne <34264690+K0nne@users.noreply.github.com>
 Kai Goller <kai.goller@netways.de>
 Konstantin Kelemen <konstantin@kel.mn>
 Kálmán Szalai - KAMI <kami911@gmail.com>
+Kálmán „KAMI” Szalai <kami911@gmail.com>
 Lars Engels <lars.engels@0x20.net>
 Lars Krüger <krueger-lars@web.de>
+Leah Oswald <mail@leahoswald.de>
 Lee Clemens <java@leeclemens.net>
+Lee Garrett <lgarrett@rocketjump.eu>
 Lennart Betz <lennart.betz@icinga.com>
-lihan <tclh123@gmail.com>
+Leon Stringer <leon@priorsvle.com>
 Louis Sautier <sautier.louis@gmail.com>
 Luca Lesinigo <luca@lm-net.it>
+Lucas Bremgartner <breml@users.noreply.github.com>
 Lucas Fairchild-Madar <lucas.madar@gmail.com>
+Luiz Amaral <luiz.amaral@innogames.com>
+Magnus Bäck <magnus@noun.se>
 Malte Rabenseifner <mail@malte-rabenseifner.de>
 Manuel Reiter <reiter@csc.uni-frankfurt.de>
 Marcus van Dam <marcus@marcusvandam.nl>
@@ -98,37 +130,48 @@ MarcusCaepio <MarcusCaepio@users.noreply.github.com>
 Marianne Spiller <github@spiller.me>
 Marius Bergmann <marius@yeai.de>
 Marius Sturm <marius@graylog.com>
+Mark Leary <mleary@mit.edu>
 Markus Frosch <markus.frosch@icinga.com>
 Markus Waldmüller <markus.waldmueller@netways.de>
+Martijn van Duren <m.vanduren@itisit.nl>
+Martin Neubert <martin.neubert@t-systems.com>
 Martin Stiborsky <martin.stiborsky@gmail.com>
 Mathieu Arnold <mat@mat.cc>
 Mathieu Lutfy <mathieu@bidon.ca>
 Matthaus Owens <matthaus@puppetlabs.com>
 Matthias Schales <black-dragon131@web.de>
 Maurice Meyer <morre@mor.re>
+Max Deparade <max.deparade@netways.de>
 Max Rosin <git@hackrid.de>
 Max Zhang <zhenzhan@tibco.com>
+Maximilian Falkenstein <maxf@njsm.de>
 Mhd Sulhan <ms@kilabit.info>
 Micha Ahrweiler <me@schnitzi.net>
 Michael Friedrich <michael.friedrich@icinga.com>
 Michael Insel <mcktr55@gmail.com>
-Michael Insel <michael@insel.email>
 Michael Kraus <michael.kraus@consol.de>
 Michael Newton <miken32@gmail.com>
+Michal Moravec <michal.moravec@macadmin.cz>
+Michal Petko <michal.petko@jumpshot.com>
 Mikesch-mp <mikesch-mp@koebbes.de>
 Mirco Bauer <meebey@meebey.net>
 Mirko Nardin <mirko.nardin@gmx.net>
+Muhammad Mominul Huque <nahidbinbaten1995@gmail.com>
+Nemanja Trifunovic <ntrifunovic@hotmail.com>
 Nicolai <nbuchwitz@users.noreply.github.com>
 Nicolas Limage <github@xephon.org>
 Nicole Lang <nicole.lang@icinga.com>
 Niflou <dubuscyr@gmail.com>
 Noah Hilverling <noah.hilverling@icinga.com>
+Obihörnchen <obihoernchende@gmail.com>
+Oleg Artenii <oleg@artenii.email>
 Pall Sigurdsson <palli-github@minor.is>
 Paolo Schiro <paolo.schiro@kpnqwest.it>
 Patrick Huy <frz@frz.cc>
 Paul Richards <paul@minimoo.org>
 Pawel Szafer <pszafer@gmail.com>
 Per von Zweigbergk <pvz@itassistans.se>
+Peter Eckel <pe-git@hindenburgring.com>
 Peter Eckel <pe-icinga2@hindenburgring.com>
 Petr Ruzicka <petr.ruzicka@gmail.com>
 Phil Hutchinson <phil@volumedia.co.uk>
@@ -136,18 +179,23 @@ Philipp Dallig <philipp.dallig@gmail.com>
 Ralph Breier <ralph.breier@roedl.com>
 Reto Zeder <reto.zeder@arcade.ch>
 Ricardo Bartels <ricardo@bitchbrothers.com>
+Robert Lindgren <robert.lindgren@gmail.com>
+Robert Scheck <robert@fedoraproject.org>
 Robin O'Brien <robin@labs.epiuse.com>
 Roland Hopferwieser <rhopfer@ica.jku.at>
 Roman Gerhardt <roman.gerhardt@cbc-x.com>
 Rudy Gevaert <rudy.gevaert@ugent.be>
 Rune Darrud <theflyingcorpse@gmail.com>
 Sam Kottler <shk@linux.com>
+Sascha Westermann <sascha.westermann@hl-services.de>
 Sebastian Brückner <mail@invlid.com>
 Sebastian Chrostek <sebastian@chrostek.net>
+Sebastian Eikenberg <eikese@mail.uni-paderborn.de>
 Sebastian Marsching <sebastian-git-2016@marsching.com>
 Simon Murray <spjmurray@yahoo.co.uk>
 Simon Ruderich <simon@ruderich.org>
 Siyalrach Anton Thomas <sat@level8.dk>
+Stefan Bethke <stb@lassitu.de>
 Stefan Triep <stefan@triep.net>
 Stefar77 <Stefar77@users.noreply.github.com>
 Stephan Platz <github@paalsteek.de>
@@ -156,7 +204,10 @@ Steve McMaster <mcmaster@hurricanelabs.com>
 Strajan Sebastian Ioan <strajan.sebastian@yahoo.com>
 Strix <660956+MrStrix@users.noreply.github.com>
 Sven Nierlein <sven@nierlein.de>
-Thomas Gelf <thomas@gelf.net>
+Sven Wegener <swegener@gentoo.org>
+T. Mulyana <nothinux@gmail.com>
+Thomas Forrer <thomas.forrer@wuerth-phoenix.com>
+Thomas Gelf <thomas.gelf@icinga.com>
 Thomas Niedermeier <tniedermeier@thomas-krenn.com>
 Thomas Widhalm <thomas.widhalm@icinga.com>
 Tim Hardeck <thardeck@suse.de>
@@ -169,19 +220,33 @@ Uwe Ebel <kobmaki@aol.com>
 Valentin Hoebel <valentin@xenuser.org>
 Vytenis Darulis <vytenis@uber.com>
 Wenger Florian <wenger@unifox.at>
+Will Frey <will.frey@digitalreasoning.com>
 Winfried Angele <winfried.angele@gmail.com>
 Wolfgang Nieder <wnd@gmx.net>
 Yannick Charton <tontonitch-pro@yahoo.fr>
 Yohan Jarosz <yohanjarosz@yahoo.fr>
 Zachary McGibbon <zachary.mcgibbon@gmail.com>
 Zoltan Nagy <abesto@abesto.net>
+akrus <akrus@flygroup.st>
 bascarsija <bascarsija.dev@gmail.com>
+chrostek <sebastian@chrostek.net>
 cstegm <cstegm@users.noreply.github.com>
 ctrlaltca <ctrlaltca@gmail.com>
+dh.harald <dh.harald@gmail.com>
+dominik-r-s <43005480+dominik-r-s@users.noreply.github.com>
+fbachmann <bachmann.f@gmail.com>
+fluxX04 <alexp710@hotmail.com>
 gitmopp <mopp@gmx.net>
+htriem <henrik.triem@netways.de>
+jre3brg <jorge.rebelo@pt.bosch.com>
 krishna <gskrishna44@gmail.com>
+lihan <tclh123@gmail.com>
+marxin <mliska@suse.cz>
 mocruz <mocruz@theworkshop.com>
+nemtrif <ntrifunovic@hotmail.com>
 noobahoi <20069422+noobahoi@users.noreply.github.com>
 pv2b <pvz@pvz.pp.se>
 ryanohnemus <ryan.ohnemus@tradingtechnologies.com>
+sah <sah@mss.secunet.com>
+teclogi <27726999+teclogi@users.noreply.github.com>
 Élie Bouttier <elie@bouttier.eu>
diff --git a/BUILD_WINDOWS.md b/BUILD_WINDOWS.md
deleted file mode 100644
index 28e75259e..000000000
--- a/BUILD_WINDOWS.md
+++ /dev/null
@@ -1,103 +0,0 @@
-# Build Icinga 2 on Windows
-
-The Icinga Project is providing Windows MSI packages under https://packages.icinga.com/windows/
-
-> **Note:**
-> This is a developer documentation on how to build Icinga 2 on Windows!
-
-Also see [INSTALL.md](INSTALL.md) for Linux build instructions.
-
-## Requirements
-
-* 32 or 64-bit system
-* Visual Studio >= 14 2015
-* CMake >= 2.6
-* OpenSSL >= 1.0.1
-* Flex and Bison
-
-## Install Requirements
-
-**Visual Studio**
-
-Download from [visualstudio.com](https://www.visualstudio.com/en/downloads/)
-
-The Community Edition is available for free, and is what we use to build.
-
-Workloads to install:
-* C++ Desktop
-* .NET Desktop
-
-**OpenSSL for Icinga**
-
-See our [openssl-windows GitHub project](https://github.com/Icinga/openssl-windows).
-
-You will need to install a binary dist version to 'C:\\Program Files\\OpenSSL'.
-
-There is a Powershell script to help you downloading: `.\tools\win32\download-openssl.ps1`
-
-**Chocolatey**
-
-A simple package manager for Windows, please see [install instructions](https://chocolatey.org/install).
-
-**Git**
-
-Best to use Chocolatey, see [package details](https://chocolatey.org/packages/git).
-
-```
-choco install git
-```
-
-**Flex / Bison**
-
-Best to use Chocolatey, see [package details](https://chocolatey.org/packages/winflexbison3).
-
-```
-choco install winflexbison3
-```
-
-**CMake**
-
-Best to use Chocolatey, see [package details](https://chocolatey.org/packages/cmake)
-or download from: [cmake.org](https://cmake.org/download/)
-
-```
-choco install cmake
-```
-
-**WIX**
-
-Best to use Chocolatey, see [package details](https://chocolatey.org/packages/wixtoolset).
-
-```
-choco install wixtoolset
-```
-
-**Boost**
-
-Download third party Windows binaries from: [boost.org](http://www.boost.org/users/download/)
-
-For example: `https://dl.bintray.com/boostorg/release/1.65.1/binaries/boost_1_65_1-msvc-14.1-64.exe`
-
-*Warnings:*
-* Must match your Visual Studio version!
-* CMake might not support the latest Boost version (we used CMake 3.10 and Boost 1_65_1)
-
-Run the installer exe.
-
-## Build Icinga 2
-
-Run with VC Native x64 Command Prompt:
-
-```
-powershell .\tools\win32\configure.ps1
-powershell .\tools\win32\build.ps1
-powershell .\tools\win32\test.ps1
-```
-
-See these scripts for details.
-
-## AppVeyor
-
-We are building [Icinga 2 with AppVeyor](https://ci.appveyor.com/project/icinga/icinga2) for testing and CI integration.
-
-Please check `appveyor.yml` for our instructions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a01c42c5..5070efec2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,882 @@
-# Icinga 2.x CHANGELOG
+# Icinga 2 CHANGELOG
+
+**The latest release announcements are available on [https://icinga.com/blog/](https://icinga.com/blog/).**
+
+Please read the [upgrading](https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/)
+documentation before upgrading to a new release.
+
+Released closed milestones can be found on [GitHub](https://github.com/Icinga/icinga2/milestones?state=closed).
+
+## 2.11.0 (2019-09-19)
+
+[Issue and PRs](https://github.com/Icinga/icinga2/issues?utf8=%E2%9C%93&q=milestone%3A2.11.0)
+
+### Notes
+
+Upgrading docs: https://icinga.com/docs/icinga2/snapshot/doc/16-upgrading-icinga-2/
+
+Thanks to all contributors: [Obihoernchen](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AObihoernchen), [dasJ](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AdasJ), [sebastic](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Asebastic), [waja](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Awaja), [BarbUk](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3ABarbUk), [alanlitster](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aalanlitster), [mcktr](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amcktr), [KAMI911](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AKAMI911), [peteeckel](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Apeteeckel), [breml](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Abreml), [episodeiv](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aepisodeiv), [Crited](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3ACrited), [robert-scheck](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Arobert-scheck), [west0rmann](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Awest0rmann), [Napsty](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3ANapsty), [Elias481](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AElias481), [uubk](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Auubk), [miso231](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amiso231), [neubi4](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aneubi4), [atj](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aatj), [mvanduren-itisit](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amvanduren-itisit), [jschanz](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Ajschanz), [MaBauMeBad](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AMaBauMeBad), [markleary](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amarkleary), [leeclemens](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aleeclemens), [m4k5ym](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Am4k5ym)
+
+### Enhancements
+
+* Core
+  * Rewrite Network Stack (cluster, REST API) based on Boost Asio, Beast, Coroutines
+     * Technical concept: #7041
+     * Requires package updates: Boost >1.66 (either from packages.icinga.com, EPEL or backports). SLES11 & Ubuntu 14 are EOL.
+     * Require TLS 1.2 and harden default cipher list
+  * Improved Reload Handling (umbrella process, now 3 processes at runtime)
+    * Support running Icinga 2 in (Docker) containers natively in foreground
+  * Quality: Use Modern JSON for C++ library instead of YAJL (dead project)
+  * Quality: Improve handling of invalid UTF8 strings
+* API
+  * Fix crashes on Linux, Unix and Windows from Nessus scans #7431
+  * Locks and stalled waits are fixed with the core rewrite in #7071
+  * schedule-downtime action supports `all_services` for host downtimes
+  * Improve storage handling for runtime created objects in the `_api` package
+* Cluster
+  * HA aware features & improvements for failover handling #2941 #7062
+  * Improve cluster config sync with staging #6716
+  * Fixed that same downtime/comment objects would be synced again in a cluster loop #7198
+* Checks & Notifications
+  * Ensure that notifications during a restart are sent
+  * Immediately notify about a problem after leaving a downtime and still NOT-OK
+  * Improve reload handling and wait for features/metrics
+  * Store notification command results and sync them in HA enabled zones #6722
+* DSL/Configuration
+  * Add getenv() function
+  * Fix TimePeriod range support over midnight
+  * `concurrent_checks` in the Checker feature has no effect, use the global MaxConcurrentChecks constant instead
+* CLI
+  * Permissions: node wizard/setup, feature, api setup now run in the Icinga user context, not root
+  * `ca list` shows pending CSRs by default, `ca remove/restore` allow to delete signing requests
+* ITL
+  * Add new commands and missing attributes
+* Windows
+  * Update bundled NSClient++ to 0.5.2.39
+  * Refine agent setup wizard & update requirements to .NET 4.6
+* Documentation
+  * Service Monitoring: How to create plugins by example, check commands and a modern version of the supported plugin API with best practices
+  * Features: Better structure on metrics, and supported features
+  * Technical Concepts: TLS Network IO, Cluster Feature HA, Cluster Config Sync
+  * Development: Rewritten for better debugging and development experience for contributors including a style guide.  Add nightly build setup instructions.
+  * Packaging: INSTALL.md was integrated into the Development chapter, being available at https://icinga.com/docs too.
+
+
+
+
+## 2.11.0 RC1 (2019-07-25)
+
+[Issue and PRs](https://github.com/Icinga/icinga2/issues?utf8=%E2%9C%93&q=milestone%3A2.11.0)
+
+### Notes
+
+**This is the first release candidate for 2.11.**
+
+Upgrading docs: https://icinga.com/docs/icinga2/snapshot/doc/16-upgrading-icinga-2/
+
+Thanks to all contributors: [BarbUk](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3ABarbUk), [alanlitster](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aalanlitster), [mcktr](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amcktr), [KAMI911](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AKAMI911), [peteeckel](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Apeteeckel), [breml](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Abreml), [episodeiv](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aepisodeiv), [Crited](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3ACrited), [robert-scheck](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Arobert-scheck), [west0rmann](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Awest0rmann), [Napsty](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3ANapsty), [Elias481](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AElias481), [uubk](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Auubk), [miso231](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amiso231), [neubi4](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aneubi4), [atj](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aatj), [mvanduren-itisit](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amvanduren-itisit), [jschanz](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Ajschanz), [MaBauMeBad](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3AMaBauMeBad), [markleary](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Amarkleary), [leeclemens](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Aleeclemens), [m4k5ym](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+author%3Am4k5ym)
+
+### Enhancements
+
+* Core
+  * Rewrite Network Stack (cluster, REST API) based on Boost Asio, Beast, Coroutines
+     * Technical concept: #7041
+     * Requires package updates: Boost >1.66 (either from packages.icinga.com, EPEL or backports). SLES11 & Ubuntu 14 are EOL.
+     * Require TLS 1.2 and harden default cipher list
+  * Improved Reload Handling (umbrella process, now 3 processes at runtime)
+    * Support running Icinga 2 in (Docker) containers natively in foreground
+  * Quality: Use Modern JSON for C++ library instead of YAJL (dead project)
+  * Quality: Improve handling of invalid UTF8 strings
+* API
+  * Fix crashes and problems with permission filters from recent Namespace introduction #6785 (thanks Elias Ohm) #6874 (backported to 2.10.5)
+  * Locks and stalled waits are fixed with the core rewrite in #7071
+  * schedule-downtime action supports `all_services` for host downtimes
+  * Improve storage handling for runtime created objects in the `_api` package
+* Cluster
+  * HA aware features & improvements for failover handling #2941 #7062
+  * Improve cluster config sync with staging #6716
+* Checks & Notifications
+  * Ensure that notifications during a restart are sent
+  * Immediately notify about a problem after leaving a downtime and still NOT-OK
+  * Improve reload handling and wait for features/metrics
+  * Store notification command results and sync them in HA enabled zones #6722
+* DSL/Configuration
+  * Add getenv() function
+  * Fix TimePeriod range support over midnight
+  * `concurrent_checks` in the Checker feature has no effect, use the global MaxConcurrentChecks constant instead
+* CLI
+  * Permissions: node wizard/setup, feature, api setup now run in the Icinga user context, not root
+  * `ca list` shows pending CSRs by default, `ca remove/restore` allow to delete signing requests
+* ITL
+  * Add new commands and missing attributes - thanks to all contributors!
+* Windows
+  * Update bundled NSClient++ to 0.5.2.39
+  * Update agent installer and OpenSSL
+* Documentation
+  * Service Monitoring: How to create plugins by example, check commands and a modern version of the supported plugin API with best practices.
+  * Features: Better structure on metrics, and supported features.
+  * Basics: Rename `Custom Attributes` to `Custom Variables`.
+  * Basics: Refine explanation of command arguments.
+  * Distributed: Reword `Icinga client` into `Icinga agent` and add new images for scenarios and modes.
+  * Security: Add TLS v1.2+ requirement, hardened cipher lists
+  * Technical Concepts: TLS Network IO, Cluster Feature HA, Cluster Config Sync, Core Reload Handling.
+  * Development: Rewritten for better debugging and development experience for contributors including a style guide.  Add nightly build setup instructions.
+  * Packaging: INSTALL.md was integrated into the Development chapter available at https://icinga.com/docs too.
+
+
+
+
+## 2.10.5 (2019-05-23)
+
+[Issues and PRs](https://github.com/Icinga/icinga2/milestone/81?closed=1)
+
+### Bugfixes
+
+* Core
+  * Fix crashes with logrotate signals #6737 (thanks Elias Ohm)
+* API
+  * Fix crashes and problems with permission filters from recent Namespace introduction #6785 (thanks Elias Ohm) #6874 (backported from 2.11)
+  * Reduce log spam with locked connections (real fix is the network stack rewrite in 2.11) #6877
+* Cluster
+  * Fix problems with replay log rotation and storage #6932 (thanks Peter Eckel)
+* IDO DB
+  * Fix that reload shutdown deactivates hosts and hostgroups (introduced in 2.9) #7157
+* Documentation
+  * Improve the [REST API](https://icinga.com/docs/icinga2/latest/doc/12-icinga2-api/) chapter: Unix timestamp handling, filters, unify POST requests with filters in the body
+  * Better layout for the [features](https://icinga.com/docs/icinga2/latest/doc/14-features/) chapter, specifically metrics and events
+  * Split [object types](https://icinga.com/docs/icinga2/latest/doc/09-object-types/) into monitoring, runtime, features
+  * Add technical concepts for [cluster messages](https://icinga.com/docs/icinga2/latest/doc/19-technical-concepts/#json-rpc-message-api)
+
+
+## 2.10.4 (2019-03-19)
+
+### Notes
+
+* Fix TLS connections in Influxdb/Elasticsearch features leaking file descriptors (#6989 #7018 ref/IP/12219)
+* Fixes for delayed and one-time notifications (#5561 #6757)
+* Improve performance for downtimes/comments added in HA clusters (#6885 ref/IP/9235)
+* check_perfmon supports non-localized performance counter names (#5546 #6418)
+
+### Enhancement
+
+* [#6732](https://github.com/icinga/icinga2/issues/6732) (Windows, PR): Update Windows Agent with new design
+* [#6729](https://github.com/icinga/icinga2/issues/6729) (Windows): Polish the Windows Agent design
+* [#6418](https://github.com/icinga/icinga2/issues/6418) (Windows): check\_perfmon.exe: Add fallback support for localized performance counters
+
+### Bug
+
+* [#7020](https://github.com/icinga/icinga2/issues/7020) (Elasticsearch, PR): ElasticsearchWriter: don't leak sockets
+* [#7018](https://github.com/icinga/icinga2/issues/7018) (Elasticsearch): ElasticsearchWriter not closing SSL connections on  Icinga2 2.10.3.1
+* [#6991](https://github.com/icinga/icinga2/issues/6991) (CLI, PR): PkiUtility::NewCa\(\): just warn if the CA files already exist
+* [#6990](https://github.com/icinga/icinga2/issues/6990) (InfluxDB, PR): InfluxdbWriter: don't leak sockets
+* [#6989](https://github.com/icinga/icinga2/issues/6989) (InfluxDB): InfluxdbWriter not closing connections Icinga2 2.10.3 CentOS 7
+* [#6976](https://github.com/icinga/icinga2/issues/6976) (Cluster, PR): Don't require OS headers to provide SO\_REUSEPORT
+* [#6896](https://github.com/icinga/icinga2/issues/6896) (Notifications, PR): Notification\#BeginExecuteNotification\(\): SetNextNotification\(\) correctly
+* [#6885](https://github.com/icinga/icinga2/issues/6885) (API, Configuration, PR): Don't run UpdateObjectAuthority for Comments and Downtimes
+* [#6800](https://github.com/icinga/icinga2/issues/6800) (Plugins, Windows, PR): Fix check\_perfmon to support non-localized names
+* [#6757](https://github.com/icinga/icinga2/issues/6757) (Notifications, PR): Fix that no\_more\_notifications gets reset when Recovery notifications are filtered away
+* [#5561](https://github.com/icinga/icinga2/issues/5561) (Notifications): Set the notification mode times.begin is not 0, the first notification has a delay
+* [#5546](https://github.com/icinga/icinga2/issues/5546) (Plugins, Windows): check\_perfmon.exe doesn't support cyrillic names of perf counters
+
+### Documentation
+
+* [#7033](https://github.com/icinga/icinga2/issues/7033) (Documentation, PR): Docs: Update supported package repos in Getting Started chapter
+* [#7028](https://github.com/icinga/icinga2/issues/7028) (Documentation, PR): Fix heading level in development chapter
+* [#7001](https://github.com/icinga/icinga2/issues/7001) (Documentation, PR): Assignment operators doc: tell what the { } are for
+* [#6995](https://github.com/icinga/icinga2/issues/6995) (Documentation, PR): Typo and link fix
+* [#6979](https://github.com/icinga/icinga2/issues/6979) (Documentation, PR): Doc: write systemd lower-case
+* [#6975](https://github.com/icinga/icinga2/issues/6975) (Documentation, PR): Fix nested hostgroup example
+* [#6949](https://github.com/icinga/icinga2/issues/6949) (Documentation, PR): Doc fix: update check\_rbl parameter
+* [#6708](https://github.com/icinga/icinga2/issues/6708) (Documentation, PR): Docs: Alpine needs 'edge/main' repository too
+* [#5430](https://github.com/icinga/icinga2/issues/5430) (Documentation): Documentation about dictionaries and assignements
+
+### Support
+
+* [#7032](https://github.com/icinga/icinga2/issues/7032) (code-quality, PR): Backport Defer class for 2.10
+* [#7030](https://github.com/icinga/icinga2/issues/7030) (Packages, PR): SELinux: add unreserved\_port\_type attribute to icinga2\_port\_t
+* [#7029](https://github.com/icinga/icinga2/issues/7029) (Packages): Add unreserved\_port\_type attribute to icinga2\_port\_t
+* [#7002](https://github.com/icinga/icinga2/issues/7002) (Plugins, Windows, PR): check\_network -h: drop non-existent feature
+* [#6987](https://github.com/icinga/icinga2/issues/6987) (Tests): base-base\_utility/comparepasswords\_issafe test fails on i386
+* [#6977](https://github.com/icinga/icinga2/issues/6977) (Tests, PR): Ignore failure of unit test base\_utility/comparepasswords\_issafe
+
+## 2.10.3 (2019-02-26)
+
+### Notes
+
+Bugfixes:
+
+- Stalled TLS connections on reload/Director deployments (#6816 #6898 ref/NC/588119)
+- 'Connection: close' header leading to unstable instance, affects Ruby clients (#6799)
+- Server time in the future breaks check result processing (#6797 ref/NC/595861)
+- ScheduledDowntimes: Generate downtime objects only on one HA endpoint (#2844 ref/IC/9673 ref/NC/590167 ref/NC/591721)
+- Improve activation & syncing for downtime objects generated from ScheduledDowntimes (#6826 ref/IC/9673 ref/NC/585559)
+- Generate a runtime downtime object from already running ScheduledDowntime objects (#6704)
+- DB IDO: Don't enqueue queries when the feature is paused in HA zones (#5876)
+- Crashes with localtime_r errors (#6887)
+
+Documentation updates:
+
+- Ephemeral port range blocking on Windows agents (ref/NC/597307)
+- Technical concepts for the check scheduler (#6775)
+- DB IDO cleanup (#6791)
+- Unified development docs (#6819)
+
+### Bug
+
+* [#6971](https://github.com/icinga/icinga2/issues/6971) (Notifications, PR): Activate downtimes before any checkable object
+* [#6968](https://github.com/icinga/icinga2/issues/6968) (API, PR): Secure ApiUser::GetByAuthHeader\(\) against timing attacks
+* [#6940](https://github.com/icinga/icinga2/issues/6940) (Plugins, Windows, PR): Fix check\_swap percentage calculation
+* [#6925](https://github.com/icinga/icinga2/issues/6925) (Plugins, Windows, PR): Fix check\_swap formatting
+* [#6924](https://github.com/icinga/icinga2/issues/6924) (PR): Fix double to long conversions
+* [#6922](https://github.com/icinga/icinga2/issues/6922) (API, DB IDO): IDO MySQL fails on start if check\_interval is a float \(Icinga 2.9.2\)
+* [#6920](https://github.com/icinga/icinga2/issues/6920) (PR): Downtime::AddDowntime\(\): place Downtimes in the same zone as the origin ScheduledDowntimes
+* [#6917](https://github.com/icinga/icinga2/issues/6917) (Cluster, Log, PR): Cluster: Delete object message should log that
+* [#6916](https://github.com/icinga/icinga2/issues/6916) (PR): Don't allow retry\_interval \<= 0
+* [#6914](https://github.com/icinga/icinga2/issues/6914) (Cluster, PR): ClusterEvents::AcknowledgementSet event should forward 'persistent' attribute
+* [#6913](https://github.com/icinga/icinga2/issues/6913) (Plugins, Windows): check\_swap return value wrong when no swap file configured
+* [#6901](https://github.com/icinga/icinga2/issues/6901) (API, PR): TcpSocket\#Bind\(\): also set SO\_REUSEPORT
+* [#6899](https://github.com/icinga/icinga2/issues/6899) (PR): Log: Ensure not to pass negative values to localtime\(\)
+* [#6898](https://github.com/icinga/icinga2/issues/6898) (API): API action restart-process fails on FreeBSD
+* [#6894](https://github.com/icinga/icinga2/issues/6894) (Check Execution, PR): Fix checkresults from the future breaking checks
+* [#6887](https://github.com/icinga/icinga2/issues/6887) (Check Execution, Windows): Icinga2 Windows Service does not start critical/checker: Exception occurred while checking 'hostname.tld'
+* [#6883](https://github.com/icinga/icinga2/issues/6883) (Check Execution, PR): Allow Checkable\#retry\_interval to be 0
+* [#6871](https://github.com/icinga/icinga2/issues/6871): Icinga2 crashes after localtime\_r call
+* [#6857](https://github.com/icinga/icinga2/issues/6857) (Plugins, Windows, PR): Url\#m\_Query: preserve order
+* [#6826](https://github.com/icinga/icinga2/issues/6826) (Configuration, PR): Downtime\#HasValidConfigOwner\(\): wait for ScheduledDowntimes
+* [#6821](https://github.com/icinga/icinga2/issues/6821) (Cluster, Configuration, PR): Don't delete downtimes in satellite zones
+* [#6820](https://github.com/icinga/icinga2/issues/6820) (Cluster, PR): Only create downtimes from non-paused ScheduledDowntime objects in HA enabled cluster zones
+* [#6817](https://github.com/icinga/icinga2/issues/6817) (API, PR): HttpServerConnection\#DataAvailableHandler\(\): be aware of being called multiple times concurrently
+* [#6816](https://github.com/icinga/icinga2/issues/6816) (API, Cluster): Stalled TLS connections and lock waits in SocketEventEngine
+* [#6814](https://github.com/icinga/icinga2/issues/6814) (API, PR): Restore 'Connection: close' behaviour in HTTP responses
+* [#6811](https://github.com/icinga/icinga2/issues/6811) (Plugins, Windows, PR): Fix state conditions in check\_memory and check\_swap
+* [#6810](https://github.com/icinga/icinga2/issues/6810) (Plugins, Windows): Windows check\_memory never gets critical
+* [#6808](https://github.com/icinga/icinga2/issues/6808) (API, PR): Remove redundand check for object existence on creation via API
+* [#6807](https://github.com/icinga/icinga2/issues/6807) (API): \[2.10.2\] Director deploy crashes the Icinga service \[FreeBSD\]
+* [#6799](https://github.com/icinga/icinga2/issues/6799) (API): "Connection: close" header leads to unstable instance
+* [#6797](https://github.com/icinga/icinga2/issues/6797) (Check Execution): Servertime in the future breaks check results processing
+* [#6750](https://github.com/icinga/icinga2/issues/6750) (Configuration, PR): \#6749 Wrong operator on stride variable causing incorrect behaviour
+* [#6749](https://github.com/icinga/icinga2/issues/6749) (Configuration): Stride is misinterpreted in multi-date legacydatetime
+* [#6748](https://github.com/icinga/icinga2/issues/6748) (CLI, PR): Fix api setup to automatically create the conf.d directory
+* [#6718](https://github.com/icinga/icinga2/issues/6718) (API, Cluster, PR): Call SSL\_shutdown\(\) at least twice
+* [#6704](https://github.com/icinga/icinga2/issues/6704) (Notifications, PR): Put newly configured already running ScheduledDowntime immediately in effect
+* [#6542](https://github.com/icinga/icinga2/issues/6542) (Configuration, Log): /var/log/icinga2/icinga2.log is growing very fast on satellites 
+* [#6536](https://github.com/icinga/icinga2/issues/6536) (Windows, help wanted): check\_nscp\_api: Query arguments are sorted on Url::Format\(\)
+* [#4790](https://github.com/icinga/icinga2/issues/4790) (Notifications): Newly configured already running ScheduledDowntime not put into effect
+* [#3937](https://github.com/icinga/icinga2/issues/3937) (API): Icinga2 API: PUT request fails at 0-byte file
+* [#2844](https://github.com/icinga/icinga2/issues/2844) (Cluster): Duplicated scheduled downtimes created in cluster HA zone
+
+### Documentation
+
+* [#6956](https://github.com/icinga/icinga2/issues/6956) (Documentation, PR): Escape pipe symbol in api documentation
+* [#6944](https://github.com/icinga/icinga2/issues/6944) (Documentation, PR): Troubleshooting: Add notes on ephemeral port range blocking on Windows agents
+* [#6928](https://github.com/icinga/icinga2/issues/6928) (Documentation, PR): Doc: Add .NET 3.5 to the windows build stack
+* [#6825](https://github.com/icinga/icinga2/issues/6825) (Documentation, PR): Document that retry\_interval is only used after an active check result
+* [#6819](https://github.com/icinga/icinga2/issues/6819) (Documentation, PR): Enhance and unify development docs for debug, develop, package
+* [#6791](https://github.com/icinga/icinga2/issues/6791) (Documentation, PR): Docs: Add a section for DB IDO Cleanup
+* [#6776](https://github.com/icinga/icinga2/issues/6776) (Documentation, PR): Doc fix: update apache section
+* [#6775](https://github.com/icinga/icinga2/issues/6775) (Documentation, PR): Add technical docs for the check scheduler \(general, initial check, offsets\)
+* [#6751](https://github.com/icinga/icinga2/issues/6751) (Documentation, PR): Doc fix: documentation link for apt
+* [#6743](https://github.com/icinga/icinga2/issues/6743) (Documentation, PR): Doc fix: error in example path.
+* [#5341](https://github.com/icinga/icinga2/issues/5341) (Documentation): Enhance development documentation
+
+### Support
+
+* [#6972](https://github.com/icinga/icinga2/issues/6972) (PR): Fix formatting in development docs
+* [#6958](https://github.com/icinga/icinga2/issues/6958) (code-quality, PR): Debug: Log calls to ConfigObject::Deactivate\(\)
+* [#6897](https://github.com/icinga/icinga2/issues/6897) (PR): Validate Zone::GetLocalZone\(\) before using
+* [#6872](https://github.com/icinga/icinga2/issues/6872) (Windows): 2.10 is unstable \(Windows Agent\)
+* [#6843](https://github.com/icinga/icinga2/issues/6843) (Tests, Windows, PR): Improve AppVeyor builds
+* [#6479](https://github.com/icinga/icinga2/issues/6479) (code-quality, PR): SocketEvents: inherit from Stream
+* [#6477](https://github.com/icinga/icinga2/issues/6477) (code-quality): SocketEvents: inherit from Object
+
+## 2.10.2 (2018-11-14)
+
+### Bug
+
+* [#6770](https://github.com/icinga/icinga2/issues/6770) (PR): Fix deadlock in GraphiteWriter
+* [#6769](https://github.com/icinga/icinga2/issues/6769) (Cluster): Hanging TLS connections
+* [#6759](https://github.com/icinga/icinga2/issues/6759) (Log, PR): Fix possible double free in StreamLogger::BindStream\(\)
+* [#6753](https://github.com/icinga/icinga2/issues/6753): Icinga2.service state is reloading in systemd after safe-reload until systemd time-out
+* [#6740](https://github.com/icinga/icinga2/issues/6740) (DB IDO, PR): DB IDO: Don't enqueue queries when the feature is paused \(HA\)
+* [#6738](https://github.com/icinga/icinga2/issues/6738) (API, Cluster, PR): Ensure that API/JSON-RPC messages in the same session are processed and not stalled
+* [#6736](https://github.com/icinga/icinga2/issues/6736) (Crash): Stability issues with Icinga 2.10.x
+* [#6717](https://github.com/icinga/icinga2/issues/6717) (API, PR): Improve error handling for invalid child\_options for API downtime actions
+* [#6712](https://github.com/icinga/icinga2/issues/6712) (API): Downtime name not returned when error occurs
+* [#6711](https://github.com/icinga/icinga2/issues/6711) (API, Cluster): Slow API \(TLS-Handshake\)
+* [#6709](https://github.com/icinga/icinga2/issues/6709) (PR):  Fix the Icinga2 version check for versions with more than 5 characters
+* [#6707](https://github.com/icinga/icinga2/issues/6707) (Compat, PR): Fix regression for wrong objects.cache path overwriting icinga2.debug file
+* [#6705](https://github.com/icinga/icinga2/issues/6705) (CLI, Compat, Configuration): Crash "icinga2 object list" command with 2.10.1-1 on CentOS 7
+* [#6703](https://github.com/icinga/icinga2/issues/6703): Check command 'icinga' breaks when vars.icinga\_min\_version is defined \(2.10.x\)
+* [#6635](https://github.com/icinga/icinga2/issues/6635) (API): API TLS session connection closed after 2 requests
+* [#5876](https://github.com/icinga/icinga2/issues/5876) (DB IDO): IDO Work queue on the inactive node growing when switching connection between redundant master servers
+
+### Documentation
+
+* [#6714](https://github.com/icinga/icinga2/issues/6714) (Documentation, PR): Docs: Add package related changes to the upgrading docs
+
+### Support
+
+* [#6773](https://github.com/icinga/icinga2/issues/6773) (Installation, Packages, PR): Initialize ICINGA2\_ERROR\_LOG inside the systemd environment
+* [#6771](https://github.com/icinga/icinga2/issues/6771) (Tests, PR): Implement unit tests for Dictionary initializers
+* [#6760](https://github.com/icinga/icinga2/issues/6760) (Packages, Tests, PR): armhf: Apply workaround for timer tests with std::bind callbacks
+* [#6710](https://github.com/icinga/icinga2/issues/6710) (Packages): Crash when upgrading from 2.10.0 to 2.10.1 \(SELinux related\)
+
+## 2.10.1 (2018-10-18)
+
+### Bug
+
+* [#6696](https://github.com/icinga/icinga2/issues/6696) (PR): Remove default environment, regression from e678fa1aa5
+* [#6694](https://github.com/icinga/icinga2/issues/6694): v2.10.0 sets a default environment "production" in SNI
+* [#6691](https://github.com/icinga/icinga2/issues/6691) (PR): Add missing shutdown/program state dumps for SIGUSR2 reload handler
+* [#6689](https://github.com/icinga/icinga2/issues/6689): State file not updated on reload
+* [#6685](https://github.com/icinga/icinga2/issues/6685) (API, PR): Fix regression with API permission filters and namespaces in v2.10
+* [#6682](https://github.com/icinga/icinga2/issues/6682) (API): API process-check-result fails in 2.10.0
+* [#6679](https://github.com/icinga/icinga2/issues/6679) (Windows, PR): Initialize Configuration::InitRunDir for Windows and writing the PID file
+* [#6624](https://github.com/icinga/icinga2/issues/6624) (Check Execution): Master Reload Causes Passive Check State Change
+* [#6592](https://github.com/icinga/icinga2/issues/6592): Reloads seem to reset the check atempt count. Also notifications go missing shortly after a reload.
+
+### Documentation
+
+* [#6701](https://github.com/icinga/icinga2/issues/6701) (Documentation, PR): Add GitHub release tag to README
+* [#6700](https://github.com/icinga/icinga2/issues/6700) (Documentation, PR): Enhance the addon chapter in the docs
+* [#6699](https://github.com/icinga/icinga2/issues/6699) (Documentation, PR): Update to https://icinga.com/
+* [#6692](https://github.com/icinga/icinga2/issues/6692) (Documentation, PR): Update release docs for Chocolatey
+* [#6690](https://github.com/icinga/icinga2/issues/6690) (Documentation, PR): Extend 09-object-types.md with argument array
+* [#6674](https://github.com/icinga/icinga2/issues/6674) (Documentation, PR): Add a note to the docs on \>2 endpoints in a zone
+* [#6673](https://github.com/icinga/icinga2/issues/6673) (Documentation, PR): Update RELEASE docs
+* [#6672](https://github.com/icinga/icinga2/issues/6672) (Documentation, PR): Extend upgrade docs
+* [#6671](https://github.com/icinga/icinga2/issues/6671) (Documentation): Zone requirements changed in 2.10 - Undocumented Change
+
+### Support
+
+* [#6681](https://github.com/icinga/icinga2/issues/6681) (code-quality, PR): Fix spelling errors.
+* [#6677](https://github.com/icinga/icinga2/issues/6677) (Packages, Windows): icinga does not start after Update to 2.10
+
+## 2.10.0 (2018-10-11)
+
+### Notes
+
+* Support for namespaces, details in [this blogpost](https://icinga.com/2018/09/17/icinga-2-dsl-feature-namespaces-coming-in-v2-10/)
+* Only send acknowledgement notification to users notified about a problem before, thanks for sponsoring to the [Max-Planck-Institut for Marine Mikrobiologie](https://www.mpi-bremen.de)
+* More child options for scheduled downtimes
+* Performance improvements and fixes for the TLS connections inside cluster/REST API
+* Better logging for HTTP requests and less verbose object creation (e.g. downtimes via Icinga Web 2 & REST API)
+* New configuration path constants, e.g. ConfigDir
+* Fixed problem with dependencies rescheduling parent checks too fast
+* Fixed problem with logging in systemd and syslog
+* Improved vim syntax highlighting
+* [Technical concepts docs](https://icinga.com/docs/icinga2/latest/doc/19-technical-concepts/) update with config compiler and TLS network IO
+
+### Enhancement
+
+* [#6663](https://github.com/icinga/icinga2/issues/6663) (API, Log, PR): Silence config compiler logging for runtime created objects
+* [#6657](https://github.com/icinga/icinga2/issues/6657) (API, Log, PR): Enable the HTTP request body debug log entry for release builds
+* [#6655](https://github.com/icinga/icinga2/issues/6655) (API, Log, PR): Improve logging for disconnected HTTP clients
+* [#6651](https://github.com/icinga/icinga2/issues/6651) (Plugins, PR): Add 'used' feature to check\_swap
+* [#6633](https://github.com/icinga/icinga2/issues/6633) (API, Cluster, PR): Use a dynamic thread pool for API connections
+* [#6632](https://github.com/icinga/icinga2/issues/6632) (Cluster, PR): Increase the cluster reconnect frequency to 10s
+* [#6616](https://github.com/icinga/icinga2/issues/6616) (API, Cluster, PR): Add ApiListener\#tls\_handshake\_timeout option
+* [#6611](https://github.com/icinga/icinga2/issues/6611) (Notifications): Allow types = \[ Recovery \] to always send recovery notifications 
+* [#6595](https://github.com/icinga/icinga2/issues/6595) (API, Cluster, PR): Allow to configure anonymous clients limit inside the ApiListener object
+* [#6532](https://github.com/icinga/icinga2/issues/6532) (Configuration, PR): Add child\_options to ScheduledDowntime
+* [#6531](https://github.com/icinga/icinga2/issues/6531) (API, PR): Expose Zone\#all\_parents via API
+* [#6527](https://github.com/icinga/icinga2/issues/6527) (Notifications, PR): Acknowledgment notifications should only be send if problem notification has been send
+* [#6521](https://github.com/icinga/icinga2/issues/6521) (Configuration, PR): Implement references
+* [#6512](https://github.com/icinga/icinga2/issues/6512) (Cluster, PR): Refactor environment for API connections
+* [#6511](https://github.com/icinga/icinga2/issues/6511) (Cluster, PR): ApiListener: Add support for dynamic port handling
+* [#6509](https://github.com/icinga/icinga2/issues/6509) (Configuration, PR): Implement support for namespaces
+* [#6508](https://github.com/icinga/icinga2/issues/6508) (Configuration, PR): Implement the Dictionary\#clear script function
+* [#6506](https://github.com/icinga/icinga2/issues/6506) (PR): Improve path handling in cmake and daemon
+* [#6460](https://github.com/icinga/icinga2/issues/6460) (Log, help wanted): Feature suggestion: Do not log warnings when env elements are undefined in CheckCommand objects
+* [#6455](https://github.com/icinga/icinga2/issues/6455) (Log, PR): Log something when the Filelogger has been started
+* [#6379](https://github.com/icinga/icinga2/issues/6379) (Configuration, PR): Throw config error when using global zones as parent
+* [#6356](https://github.com/icinga/icinga2/issues/6356) (Log, PR): Fix logging under systemd
+* [#6339](https://github.com/icinga/icinga2/issues/6339) (Log, help wanted): On systemd, icinga2 floods the system log, and this cannot simply be opted out of
+* [#6110](https://github.com/icinga/icinga2/issues/6110) (Configuration, PR): Implement support for optionally specifying the 'var' keyword in 'for' loops
+* [#6047](https://github.com/icinga/icinga2/issues/6047) (Notifications): Acknowledgment notifications should only be sent if the user already received a problem notification
+* [#4282](https://github.com/icinga/icinga2/issues/4282) (API, Log): Icinga should log HTTP bodies for API requests
+
+### Bug
+
+* [#6658](https://github.com/icinga/icinga2/issues/6658) (API, PR): Ensure that HTTP/1.0 or 'Connection: close' headers are properly disconnecting the client
+* [#6652](https://github.com/icinga/icinga2/issues/6652) (Plugins, PR): Fix check\_memory thresholds in 'used' mode
+* [#6647](https://github.com/icinga/icinga2/issues/6647) (CLI, PR): node setup: always respect --accept-config and --accept-commands
+* [#6643](https://github.com/icinga/icinga2/issues/6643) (Check Execution, Notifications, PR): Fix that check\_timeout was used for Event/Notification commands too
+* [#6639](https://github.com/icinga/icinga2/issues/6639) (Windows, PR): Ensure to \_unlink before renaming replay log on Windows
+* [#6622](https://github.com/icinga/icinga2/issues/6622) (DB IDO, PR): Ensure to use UTC timestamps for IDO PgSQL cleanup queries
+* [#6603](https://github.com/icinga/icinga2/issues/6603) (Check Execution, Cluster): CheckCommand 'icinga' seems to ignore retry interval via command\_endpoint
+* [#6575](https://github.com/icinga/icinga2/issues/6575): LTO builds fail on Linux
+* [#6566](https://github.com/icinga/icinga2/issues/6566) (Cluster): Master disconnects during signing process
+* [#6546](https://github.com/icinga/icinga2/issues/6546) (API, CLI, PR): Overridden path constants not passed to config validation in /v1/config/stages API call
+* [#6530](https://github.com/icinga/icinga2/issues/6530) (DB IDO, PR): IDO/MySQL: avoid empty queries
+* [#6519](https://github.com/icinga/icinga2/issues/6519) (CLI, PR): Reset terminal on erroneous console exit
+* [#6517](https://github.com/icinga/icinga2/issues/6517) (Cluster): Not all Endpoints can't reconnect due to "Client TLS handshake failed" error after "reload or restart"
+* [#6514](https://github.com/icinga/icinga2/issues/6514) (API): API using "Connection: close" header results in infinite threads
+* [#6507](https://github.com/icinga/icinga2/issues/6507) (Cluster): Variable name conflict in constants.conf / Problem with TLS verification, CN and Environment variable
+* [#6503](https://github.com/icinga/icinga2/issues/6503) (Log, PR): Reduce the log level for missing env macros to debug
+* [#6485](https://github.com/icinga/icinga2/issues/6485) (Log): Icinga logs discarding messages still as warning and not as notice
+* [#6475](https://github.com/icinga/icinga2/issues/6475) (Compat, PR): lib-\>compat-\>statusdatawriter: fix notifications\_enabled
+* [#6430](https://github.com/icinga/icinga2/issues/6430) (Log, PR): Fix negative 'empty in' value in WorkQueue log message
+* [#6427](https://github.com/icinga/icinga2/issues/6427) (Configuration, Crash, PR): Improve error message for serializing objects with recursive references
+* [#6409](https://github.com/icinga/icinga2/issues/6409) (Configuration, Crash): Assigning vars.x = vars causes Icinga 2 segfaults
+* [#6408](https://github.com/icinga/icinga2/issues/6408) (PR): ObjectLock\#Unlock\(\): don't reset m\_Object-\>m\_LockOwner too early
+* [#6386](https://github.com/icinga/icinga2/issues/6386) (Configuration, PR): Fix that TimePeriod segments are not cleared on restart
+* [#6382](https://github.com/icinga/icinga2/issues/6382) (CLI, help wanted): icinga2 console breaks the terminal on errors
+* [#6313](https://github.com/icinga/icinga2/issues/6313) (Plugins, Windows, PR): Fix wrong calculation of check\_swap windows plugin
+* [#6304](https://github.com/icinga/icinga2/issues/6304) (Configuration, Notifications): Timeout defined in NotificationCommand is ignored and uses check\_timeout
+* [#5815](https://github.com/icinga/icinga2/issues/5815) (Plugins, Windows): swap-windows check delivers wrong result
+* [#5375](https://github.com/icinga/icinga2/issues/5375) (Check Execution, PR): Parents who are non-active should not be rescheduled
+* [#5052](https://github.com/icinga/icinga2/issues/5052) (Cluster, Windows): Replay log not working with Windows client
+* [#5022](https://github.com/icinga/icinga2/issues/5022) (Check Execution): Dependencies may reschedule passive checks, triggering freshness checks
+
+### ITL
+
+* [#6646](https://github.com/icinga/icinga2/issues/6646) (ITL, PR): Update ITL and Docs for memory-windows - show used
+* [#6640](https://github.com/icinga/icinga2/issues/6640) (ITL): Update ITL and Docs for memory-windows - show used
+* [#6563](https://github.com/icinga/icinga2/issues/6563) (ITL, PR): \[Feature\] Cloudera service health CheckCommand
+* [#6561](https://github.com/icinga/icinga2/issues/6561) (ITL, PR): \[Feature\] Ceph health CheckCommand
+* [#6504](https://github.com/icinga/icinga2/issues/6504) (ITL, PR): squashfs ignored
+* [#6491](https://github.com/icinga/icinga2/issues/6491) (ITL, PR): Feature/itl vmware health
+* [#6481](https://github.com/icinga/icinga2/issues/6481) (ITL): command-plugins.conf check\_disk exclude squashfs
+
+### Documentation
+
+* [#6670](https://github.com/icinga/icinga2/issues/6670) (Documentation, PR): Add technical concepts for the config compiler and daemon CLI command
+* [#6665](https://github.com/icinga/icinga2/issues/6665) (Documentation, PR): Make the two modes of check\_http more obvious.
+* [#6615](https://github.com/icinga/icinga2/issues/6615) (Documentation, PR): Update distributed monitoring docs for 2.10
+* [#6610](https://github.com/icinga/icinga2/issues/6610) (Documentation, PR): Add "TLS Network IO" into technical concepts docs
+* [#6607](https://github.com/icinga/icinga2/issues/6607) (Documentation, PR): Enhance development docs with GDB backtrace and thread list
+* [#6606](https://github.com/icinga/icinga2/issues/6606) (Documentation, PR): Enhance contributing docs
+* [#6598](https://github.com/icinga/icinga2/issues/6598) (Documentation, PR): doc/09-object-types: states filter ignored for Acknowledgements
+* [#6597](https://github.com/icinga/icinga2/issues/6597) (Documentation, PR): Add Fedora to development docs for debuginfo packages
+* [#6593](https://github.com/icinga/icinga2/issues/6593) (Documentation, help wanted): Include CA Proxy in 3rd scenario in Distributed Monitoring docs
+* [#6573](https://github.com/icinga/icinga2/issues/6573) (Documentation, PR): Fix operator precedence table
+* [#6528](https://github.com/icinga/icinga2/issues/6528) (Documentation, PR): Document default of User\#enable\_notifications
+* [#6502](https://github.com/icinga/icinga2/issues/6502) (Documentation, PR): Update 17-language-reference.md
+* [#6501](https://github.com/icinga/icinga2/issues/6501) (Documentation, PR): Update 03-monitoring-basics.md
+* [#6488](https://github.com/icinga/icinga2/issues/6488) (Documentation, ITL, PR): Fix typo with the CheckCommand cert
+
+### Support
+
+* [#6669](https://github.com/icinga/icinga2/issues/6669) (PR): Don't throw an error when namespace indexers don't find a valid key
+* [#6668](https://github.com/icinga/icinga2/issues/6668) (Installation, PR): Enhance vim syntax highlighting for 2.10
+* [#6661](https://github.com/icinga/icinga2/issues/6661) (API, Log, code-quality, PR): Cache the peer address in the HTTP server
+* [#6642](https://github.com/icinga/icinga2/issues/6642) (PR): Allow to override MaxConcurrentChecks constant
+* [#6621](https://github.com/icinga/icinga2/issues/6621) (code-quality, PR): Remove unused timestamp function in DB IDO
+* [#6618](https://github.com/icinga/icinga2/issues/6618) (PR): Silence compiler warning for nice\(\)
+* [#6591](https://github.com/icinga/icinga2/issues/6591) (PR): Fix static initializer priority for namespaces in LTO builds
+* [#6588](https://github.com/icinga/icinga2/issues/6588) (PR): Fix using full path in prepare-dirs/safe-reload scripts
+* [#6586](https://github.com/icinga/icinga2/issues/6586) (PR): Fix non-unity builds on CentOS 7 with std::shared\_ptr
+* [#6583](https://github.com/icinga/icinga2/issues/6583) (Documentation, Installation, PR): Update PostgreSQL library path variable in INSTALL.md
+* [#6574](https://github.com/icinga/icinga2/issues/6574) (PR): Move new downtime constants into the Icinga namespace
+* [#6570](https://github.com/icinga/icinga2/issues/6570) (Cluster, PR): Increase limit for simultaneously connected anonymous TLS clients
+* [#6567](https://github.com/icinga/icinga2/issues/6567) (PR): ApiListener: Dump the state file port detail as number
+* [#6556](https://github.com/icinga/icinga2/issues/6556) (Installation, Windows, PR): windows: Allow suppression of extra actions in the MSI package
+* [#6544](https://github.com/icinga/icinga2/issues/6544) (code-quality, PR): Remove \#include for deprecated header file
+* [#6539](https://github.com/icinga/icinga2/issues/6539) (PR): Build fix for CentOS 7 and non-unity builds
+* [#6526](https://github.com/icinga/icinga2/issues/6526) (code-quality, PR): icinga::PackObject\(\): shorten conversion to string
+* [#6510](https://github.com/icinga/icinga2/issues/6510) (Tests, Windows, PR): Update windows build scripts
+* [#6494](https://github.com/icinga/icinga2/issues/6494) (Tests, PR): Test PackObject
+* [#6489](https://github.com/icinga/icinga2/issues/6489) (code-quality, PR): Implement object packer for consistent hashing
+* [#6484](https://github.com/icinga/icinga2/issues/6484) (Packages): Packages from https://packages.icinga.com are not Systemd Type=notify enabled?
+* [#6469](https://github.com/icinga/icinga2/issues/6469) (Installation, Windows, PR): Fix Windows Agent resize behavior
+* [#6458](https://github.com/icinga/icinga2/issues/6458) (code-quality, PR): Fix debug build log entry for ConfigItem activation priority
+* [#6456](https://github.com/icinga/icinga2/issues/6456) (code-quality, PR): Keep notes for immediately log flushing
+* [#6440](https://github.com/icinga/icinga2/issues/6440) (code-quality, PR): Fix typo
+* [#6410](https://github.com/icinga/icinga2/issues/6410) (code-quality, PR): Remove unused code
+* [#4959](https://github.com/icinga/icinga2/issues/4959) (Installation, Windows): Windows Agent Wizard Window resizes with screen, hiding buttons
+
+## 2.9.2 (2018-09-26)
+
+### Enhancement
+
+* [#6602](https://github.com/icinga/icinga2/issues/6602) (API, Cluster, PR): Improve TLS handshake exception logging
+* [#6568](https://github.com/icinga/icinga2/issues/6568) (Configuration, PR): Ensure that config object types are committed in dependent load order
+* [#6497](https://github.com/icinga/icinga2/issues/6497) (Configuration, PR): Improve error logging for match/regex/cidr\_match functions and unsupported dictionary usage
+
+### Bug
+
+* [#6596](https://github.com/icinga/icinga2/issues/6596) (Crash, PR): Fix crash on API queries with Fedora 28 hardening and GCC 8
+* [#6581](https://github.com/icinga/icinga2/issues/6581) (Configuration, PR): Shuffle items before config validation
+* [#6569](https://github.com/icinga/icinga2/issues/6569) (DB IDO): Custom Vars not updated after upgrade
+* [#6533](https://github.com/icinga/icinga2/issues/6533) (Crash): Icinga2 crashes after using some api-commands on Fedora 28
+* [#6505](https://github.com/icinga/icinga2/issues/6505) (Cluster, PR): Fix clusterzonecheck if not connected
+* [#6498](https://github.com/icinga/icinga2/issues/6498) (Configuration, PR): Fix regression with MatchAny false conditions on match/regex/cidr\_match
+* [#6496](https://github.com/icinga/icinga2/issues/6496) (Configuration): error with match and type matchany
+
+### Documentation
+
+* [#6590](https://github.com/icinga/icinga2/issues/6590) (DB IDO, Documentation, PR): Update workaround for custom vars
+* [#6572](https://github.com/icinga/icinga2/issues/6572) (Documentation, PR): Add note about workaround for broken custom vars
+
+### Support
+
+* [#6540](https://github.com/icinga/icinga2/issues/6540) (Configuration): Evaluate a fixed config compiler commit order
+* [#6486](https://github.com/icinga/icinga2/issues/6486) (Configuration): Configuration validation w/ ScheduledDowntimes performance decreased in 2.9
+* [#6442](https://github.com/icinga/icinga2/issues/6442) (Configuration): Error while evaluating "assign where match" expression: std::bad\_cast
+
+## 2.9.1 (2018-07-24)
+
+### Bug
+
+* [#6457](https://github.com/icinga/icinga2/issues/6457) (PR): Ensure that timer thread is initialized after Daemonize\(\)
+* [#6449](https://github.com/icinga/icinga2/issues/6449): icinga r2.9.0-1 init.d script overrides PATH variable
+* [#6445](https://github.com/icinga/icinga2/issues/6445): Problem with daemonize \(init scripts, -d\) on Debian 8 / CentOS 6 / Ubuntu 14 / SLES 11 in 2.9
+* [#6444](https://github.com/icinga/icinga2/issues/6444) (PR): SELinux: allow systemd notify
+* [#6443](https://github.com/icinga/icinga2/issues/6443): selinux and 2.9
+
+### Support
+
+* [#6470](https://github.com/icinga/icinga2/issues/6470) (code-quality, PR): Fix spelling errors.
+* [#6467](https://github.com/icinga/icinga2/issues/6467) (Tests, PR): Start and stop the timer thread lazily
+* [#6461](https://github.com/icinga/icinga2/issues/6461) (Tests): Broken tests with fix from \#6457
+* [#6451](https://github.com/icinga/icinga2/issues/6451) (Packages, PR): Fix initscripts
+* [#6450](https://github.com/icinga/icinga2/issues/6450) (Packages): init script helpers - source: not found
+
+## 2.9.0 (2018-07-17)
+
+### Notes
+
+- Elasticsearch 6 Support
+- icinga health check supports minimum version parameter, ido thresholds for query rate, dummy check is executed in-memory, avoids plugin call
+- `ApplicationVersion` constant in the configuration
+- Setup wizards: global zone, disable conf.d inclusion, unified parameter handling
+- TTL support for check results, pretty formatting for REST API queries
+- TLS support for IDO PostgreSQL
+- Improvements for check scheduling, concurrent checks with command endpoints, downtime notification handling, scheduled downtimes and memory handling with many API requests
+
+### Enhancement
+
+* [#6400](https://github.com/icinga/icinga2/issues/6400) (Plugins, Windows, PR): Enhance debug logging for check\_nscp\_api
+* [#6321](https://github.com/icinga/icinga2/issues/6321) (Log, PR): Update log message for skipped certificate renewal
+* [#6305](https://github.com/icinga/icinga2/issues/6305) (PR): Introduce the 'Environment' variable
+* [#6299](https://github.com/icinga/icinga2/issues/6299) (Check Execution, Log, PR): Change log level for failed event command execution
+* [#6285](https://github.com/icinga/icinga2/issues/6285) (CLI, Log, PR): Add support for config validation log timestamps
+* [#6270](https://github.com/icinga/icinga2/issues/6270) (Configuration, PR): Add activation priority for config object types
+* [#6236](https://github.com/icinga/icinga2/issues/6236) (DB IDO, PR): Add TLS support for DB IDO PostgreSQL feature
+* [#6219](https://github.com/icinga/icinga2/issues/6219) (Elasticsearch, PR): Add support for Elasticsearch 6
+* [#6211](https://github.com/icinga/icinga2/issues/6211) (DB IDO): IDO pgsql with TLS support
+* [#6209](https://github.com/icinga/icinga2/issues/6209) (CLI, PR): Unify zone name settings in node setup/wizard; add connection-less mode for node setup
+* [#6208](https://github.com/icinga/icinga2/issues/6208) (CLI): Add connection-less support for node setup CLI command
+* [#6206](https://github.com/icinga/icinga2/issues/6206) (Configuration, PR): Add ApplicationVersion built-in constant
+* [#6205](https://github.com/icinga/icinga2/issues/6205) (API, PR): API: Unify verbose error messages
+* [#6194](https://github.com/icinga/icinga2/issues/6194) (Elasticsearch, Graylog, PR): Elasticsearch/GELF: Add metric unit to performance data fields
+* [#6170](https://github.com/icinga/icinga2/issues/6170) (Configuration, Windows, PR): Add option to windows installer to add global zones
+* [#6158](https://github.com/icinga/icinga2/issues/6158) (API, Log): Review API debugging: verboseErrors and diagnostic information
+* [#6136](https://github.com/icinga/icinga2/issues/6136) (Check Execution, PR): Add counter for current concurrent checks to Icinga check
+* [#6131](https://github.com/icinga/icinga2/issues/6131) (Log, PR): Log which ticket was invalid on the master
+* [#6109](https://github.com/icinga/icinga2/issues/6109) (Plugins, PR): Add 'used' feature to check\_memory
+* [#6090](https://github.com/icinga/icinga2/issues/6090) (Notifications, PR): Fixed URL encoding for HOSTNAME and SERVICENAME in mail notification
+* [#6078](https://github.com/icinga/icinga2/issues/6078) (Check Execution, PR): Add more metrics and details to built-in 'random' check
+* [#6039](https://github.com/icinga/icinga2/issues/6039) (Configuration, PR): Improve location info for some error messages
+* [#6033](https://github.com/icinga/icinga2/issues/6033) (Compat): Deprecate StatusDataWriter
+* [#6032](https://github.com/icinga/icinga2/issues/6032) (Compat): Deprecate CompatLogger
+* [#6010](https://github.com/icinga/icinga2/issues/6010) (Cluster, PR): Move the endpoint list into a new line for the 'cluster' check
+* [#5996](https://github.com/icinga/icinga2/issues/5996) (PR): Add systemd watchdog and adjust reload behaviour
+* [#5985](https://github.com/icinga/icinga2/issues/5985) (DB IDO, PR): Add query thresholds for the 'ido' check: Rate and pending queries
+* [#5979](https://github.com/icinga/icinga2/issues/5979) (CLI, PR): Add quit, exit and help
+* [#5973](https://github.com/icinga/icinga2/issues/5973) (API, Check Execution, PR): Add 'ttl' support for check result freshness via REST API
+* [#5959](https://github.com/icinga/icinga2/issues/5959) (API, PR): API: Add 'pretty' parameter for beautified JSON response bodies
+* [#5905](https://github.com/icinga/icinga2/issues/5905) (Elasticsearch): Add support for Elasticsearch 6
+* [#5888](https://github.com/icinga/icinga2/issues/5888) (DB IDO, PR): FindMySQL: Support mariadbclient implementation
+* [#5877](https://github.com/icinga/icinga2/issues/5877) (API): Add pretty format to REST API parameters \(for debugging\)
+* [#5811](https://github.com/icinga/icinga2/issues/5811) (CLI, PR): Update NodeName/ZoneName constants with 'api setup'
+* [#5767](https://github.com/icinga/icinga2/issues/5767) (CLI, PR): Implement ability to make global zones configurable during node wizard/setup
+* [#5733](https://github.com/icinga/icinga2/issues/5733) (Plugins, Windows, PR): Make --perf-syntax also change short message
+* [#5729](https://github.com/icinga/icinga2/issues/5729) (CLI, Cluster, PR): Correct node wizard output formatting
+* [#5675](https://github.com/icinga/icinga2/issues/5675) (InfluxDB, PR): Add pdv unit to influxdbwriter if not empty + doc
+* [#5627](https://github.com/icinga/icinga2/issues/5627) (InfluxDB, Metrics): InfluxDBWriter: Send metric unit \(perfdata\)
+* [#5605](https://github.com/icinga/icinga2/issues/5605) (CLI, Cluster, Configuration): Disable conf.d inclusion in node setup wizards
+* [#5509](https://github.com/icinga/icinga2/issues/5509) (Cluster, wishlist): Add metrics about communication between endpoints
+* [#5444](https://github.com/icinga/icinga2/issues/5444) (Cluster): Display endpoints in the second line of the ClusterCheckTask output
+* [#5426](https://github.com/icinga/icinga2/issues/5426) (CLI, Configuration, PR): Add the ability to disable the conf.d inclusion through the node wizard
+* [#5418](https://github.com/icinga/icinga2/issues/5418) (Plugins, Windows): Feature request: check\_perfmon.exe - Change name of counter in output
+* [#4966](https://github.com/icinga/icinga2/issues/4966) (CLI, Cluster): Unify setting of master zones name
+* [#4508](https://github.com/icinga/icinga2/issues/4508) (CLI): node wizard/setup: allow to disable conf.d inclusion
+* [#3455](https://github.com/icinga/icinga2/issues/3455) (API, Log): startup.log in stage dir has no timestamps
+* [#3245](https://github.com/icinga/icinga2/issues/3245) (CLI, help wanted, wishlist): Add option to Windows installer to add global zone during setup
+* [#2287](https://github.com/icinga/icinga2/issues/2287) (help wanted, wishlist): Please support systemd startup notification
+
+### Bug
+
+* [#6429](https://github.com/icinga/icinga2/issues/6429) (PR): Make HttpServerConnection\#m\_DataHandlerMutex a boost::recursive\_mutex
+* [#6428](https://github.com/icinga/icinga2/issues/6428) (API): Director kickstart wizard querying the API results in TLS stream disconnected infinite loop
+* [#6411](https://github.com/icinga/icinga2/issues/6411) (Plugins, Windows, PR): Windows: Conform to the Plugin API spec for performance label quoting
+* [#6407](https://github.com/icinga/icinga2/issues/6407) (Windows, PR): Fix wrong UOM in check\_uptime windows plugin
+* [#6405](https://github.com/icinga/icinga2/issues/6405) (Windows, PR): TcpSocket\#Bind\(\): reuse socket addresses on Windows, too
+* [#6403](https://github.com/icinga/icinga2/issues/6403) (API, PR): Conform to RFC for CRLF in HTTP requests
+* [#6401](https://github.com/icinga/icinga2/issues/6401) (Elasticsearch, InfluxDB, PR): Fix connection error handling in Elasticsearch and InfluxDB features
+* [#6397](https://github.com/icinga/icinga2/issues/6397) (Plugins, Windows, PR): TlsStream\#IsEof\(\): fix false positive EOF indicator
+* [#6394](https://github.com/icinga/icinga2/issues/6394) (Crash, Elasticsearch): Icinga will throw an exception, if ElasticSearch is not reachable
+* [#6393](https://github.com/icinga/icinga2/issues/6393) (API, Elasticsearch, PR): Stream\#ReadLine\(\): fix false positive buffer underflow indicator
+* [#6387](https://github.com/icinga/icinga2/issues/6387) (Configuration, Crash, Windows, PR): Remove ApiUser password\_hash functionality
+* [#6383](https://github.com/icinga/icinga2/issues/6383) (API, CLI, PR): HttpRequest\#ParseBody\(\): indicate success on complete body
+* [#6378](https://github.com/icinga/icinga2/issues/6378) (Windows): Analyze Windows reload behaviour
+* [#6371](https://github.com/icinga/icinga2/issues/6371) (API, Cluster, PR): ApiListener\#NewClientHandlerInternal\(\): Explicitly close the TLS stream on any failure
+* [#6368](https://github.com/icinga/icinga2/issues/6368) (CLI, PR): Fix program option parsing
+* [#6365](https://github.com/icinga/icinga2/issues/6365) (CLI): Different behavior between `icinga2 -V` and `icinga2 --version`
+* [#6355](https://github.com/icinga/icinga2/issues/6355) (API): HTTP header size too low: Long URLs and session cookies cause bad requests
+* [#6354](https://github.com/icinga/icinga2/issues/6354) (Elasticsearch): ElasticsearchWriter not writing to ES
+* [#6336](https://github.com/icinga/icinga2/issues/6336) (Log, PR): Fix unnecessary blank in log message
+* [#6324](https://github.com/icinga/icinga2/issues/6324) (Crash, PR): Ensure that password hash generation from OpenSSL is atomic
+* [#6319](https://github.com/icinga/icinga2/issues/6319) (Windows): Windows service restart fails and config validate runs forever
+* [#6297](https://github.com/icinga/icinga2/issues/6297) (Cluster, PR): Execute event commands only on actively checked host/service objects in an HA zone
+* [#6294](https://github.com/icinga/icinga2/issues/6294) (API, Configuration, PR): Ensure that group memberships on API object creation are unique
+* [#6292](https://github.com/icinga/icinga2/issues/6292) (Notifications, PR): Fix problem with reminder notifications if the checkable is flapping
+* [#6290](https://github.com/icinga/icinga2/issues/6290) (OpenTSDB, PR): Fixed opentsdb metric name with colon chars
+* [#6282](https://github.com/icinga/icinga2/issues/6282) (Configuration): Issue when using excludes in TimePeriod Objects
+* [#6279](https://github.com/icinga/icinga2/issues/6279) (Crash): segfault with sha1\_block\_data\_order\_avx of libcrypto
+* [#6255](https://github.com/icinga/icinga2/issues/6255) (Configuration): On debian based systems /etc/default/icinga2 is not read/used
+* [#6242](https://github.com/icinga/icinga2/issues/6242) (Plugins, Windows): Sporadic check\_nscp\_api timeouts
+* [#6239](https://github.com/icinga/icinga2/issues/6239) (Plugins, Windows, PR): Fix Windows check\_memory rounding
+* [#6231](https://github.com/icinga/icinga2/issues/6231) (Notifications): icinga2.8 - Notifications are sent even in downtime
+* [#6218](https://github.com/icinga/icinga2/issues/6218) (PR): attempt to fix issue \#5277
+* [#6217](https://github.com/icinga/icinga2/issues/6217) (Check Execution, PR): Fix check behavior on restart
+* [#6204](https://github.com/icinga/icinga2/issues/6204) (API, PR): API: Check if objects exists and return proper error message
+* [#6195](https://github.com/icinga/icinga2/issues/6195) (API, Crash, PR): Fix crash in remote api console
+* [#6193](https://github.com/icinga/icinga2/issues/6193) (Crash, Graylog, PR): GelfWriter: Fix crash on invalid performance data metrics
+* [#6184](https://github.com/icinga/icinga2/issues/6184) (API): debug console with API connection sometimes hangs since 2.8.2
+* [#6125](https://github.com/icinga/icinga2/issues/6125) (Configuration, PR): Fix description of the NotificationComponent in notification.conf
+* [#6077](https://github.com/icinga/icinga2/issues/6077) (API, PR): Allow to pass raw performance data in 'process-check-result' API action
+* [#6057](https://github.com/icinga/icinga2/issues/6057) (Notifications): Icinga2 sends notifications without logging about it and despite having a downtime
+* [#6020](https://github.com/icinga/icinga2/issues/6020) (CLI, PR): Fix crash when running 'icinga2 console' without HOME environment variable
+* [#6019](https://github.com/icinga/icinga2/issues/6019): icinga2 console -r crashes when run without a HOME environment variable
+* [#6016](https://github.com/icinga/icinga2/issues/6016) (Notifications, PR): Check notification state filters for problems only, not for Custom, etc.
+* [#5988](https://github.com/icinga/icinga2/issues/5988) (Check Execution, Cluster, PR): Fix concurrent checks limit while using command\_endpoint
+* [#5964](https://github.com/icinga/icinga2/issues/5964) (Metrics, OpenTSDB, PR): OpenTSDB writer - Fix function for escaping host tag chars.
+* [#5963](https://github.com/icinga/icinga2/issues/5963) (Metrics, OpenTSDB): OpenTSDB writer is escaping wrong chars for host names.
+* [#5952](https://github.com/icinga/icinga2/issues/5952) (Notifications): Custom notifications are filtered by object state
+* [#5940](https://github.com/icinga/icinga2/issues/5940) (PR): Remove deprecated Chocolatey functions
+* [#5928](https://github.com/icinga/icinga2/issues/5928) (PR): Fix build problem with MSVC
+* [#5908](https://github.com/icinga/icinga2/issues/5908) (Windows): Icinga2 fails to build on Windows
+* [#5901](https://github.com/icinga/icinga2/issues/5901) (PR): Do not replace colons in plugin output
+* [#5885](https://github.com/icinga/icinga2/issues/5885) (PR): Workaround for GCC bug 61321
+* [#5884](https://github.com/icinga/icinga2/issues/5884): Icinga2 fails to build
+* [#5872](https://github.com/icinga/icinga2/issues/5872) (PR): Replace incorrect fclose\(\) call with pclose\(\)
+* [#5863](https://github.com/icinga/icinga2/issues/5863) (PR): Fix glob error handling
+* [#5861](https://github.com/icinga/icinga2/issues/5861) (PR): Fix incorrect memory access
+* [#5860](https://github.com/icinga/icinga2/issues/5860) (PR): Fix memory leaks in the unit tests
+* [#5853](https://github.com/icinga/icinga2/issues/5853) (Plugins, Windows, PR): Fix missing space in check\_service output
+* [#5840](https://github.com/icinga/icinga2/issues/5840) (Elasticsearch, PR): Fix newline terminator for bulk requests in ElasticsearchWriter
+* [#5796](https://github.com/icinga/icinga2/issues/5796) (CLI, PR): Fix error reporting for 'icinga2 console -r'
+* [#5795](https://github.com/icinga/icinga2/issues/5795) (Elasticsearch): ElasticsearchWriter gives "Unexpected response code 400" with Elasticsearch 6.x
+* [#5763](https://github.com/icinga/icinga2/issues/5763) (API): "icinga2 api setup" should explicitly set the NodeName constant in constants.conf
+* [#5753](https://github.com/icinga/icinga2/issues/5753) (API, Cluster, Metrics, PR): Fix that RingBuffer does not get updated and add metrics about communication between endpoints
+* [#5718](https://github.com/icinga/icinga2/issues/5718) (API, PR): API: Fix http status codes
+* [#5550](https://github.com/icinga/icinga2/issues/5550) (API): Verify error codes and returned log messages in API actions
+* [#5277](https://github.com/icinga/icinga2/issues/5277) (Notifications): Flexible downtime is expired at end\_time, not trigger\_time+duration
+* [#5095](https://github.com/icinga/icinga2/issues/5095) (API): Wrong HTTP status code when API request fails
+* [#5083](https://github.com/icinga/icinga2/issues/5083) (Check Execution): Initial checks are not executed immediately
+* [#4786](https://github.com/icinga/icinga2/issues/4786) (API): API: Command process-check-result fails if it contains performance data
+* [#4785](https://github.com/icinga/icinga2/issues/4785) (Compat): Semicolons in plugin output are converted to colon
+* [#4732](https://github.com/icinga/icinga2/issues/4732) (API, Configuration): Duplicate groups allowed when creating host
+* [#4436](https://github.com/icinga/icinga2/issues/4436) (Check Execution): New objects not scheduled to check immediately
+* [#4272](https://github.com/icinga/icinga2/issues/4272) (Cluster, Configuration): Duplicating downtime from ScheduledDowntime object on each restart
+* [#3431](https://github.com/icinga/icinga2/issues/3431) (Cluster): Eventhandler trigger on all endpoints in high available zone 
+
+### ITL
+
+* [#6389](https://github.com/icinga/icinga2/issues/6389) (ITL, PR): New ITL command nscp-local-tasksched
+* [#6348](https://github.com/icinga/icinga2/issues/6348) (ITL, PR): Fix for catalogued locally databases. Fixes \#6338
+* [#6338](https://github.com/icinga/icinga2/issues/6338) (ITL): db2\_health not working with catalogued databases, as --hostname is always used
+* [#6308](https://github.com/icinga/icinga2/issues/6308) (ITL, PR): Update lsi-raid ITL command
+* [#6263](https://github.com/icinga/icinga2/issues/6263) (ITL, PR): ITL: Add default thresholds to windows check commands
+* [#6139](https://github.com/icinga/icinga2/issues/6139) (ITL, PR): itl/disk: Ignore overlay and netfs filesystems
+* [#6045](https://github.com/icinga/icinga2/issues/6045) (ITL, PR): Move the "passive" check command to command-icinga.conf
+* [#6043](https://github.com/icinga/icinga2/issues/6043) (ITL): ITL "plugins" has an implicit dependency on "itl"
+* [#6034](https://github.com/icinga/icinga2/issues/6034) (ITL, PR): ITL by\_ssh add -E parameter
+* [#5958](https://github.com/icinga/icinga2/issues/5958) (ITL, PR): Add minimum version check to the built-in icinga command
+* [#5954](https://github.com/icinga/icinga2/issues/5954) (ITL, PR): ITL: Add mongodb --authdb parameter support
+* [#5951](https://github.com/icinga/icinga2/issues/5951) (ITL, PR): itl: Add command parameters for snmp-memory
+* [#5921](https://github.com/icinga/icinga2/issues/5921) (ITL, PR): Add icingacli-director check to ITL
+* [#5920](https://github.com/icinga/icinga2/issues/5920) (ITL): Add Check for Director Jobs to ITL
+* [#5914](https://github.com/icinga/icinga2/issues/5914) (ITL, PR): Fix for wrong attribute in ITL mongodb CheckCommand
+* [#5906](https://github.com/icinga/icinga2/issues/5906) (ITL, PR): Add check\_openmanage command to ITL.
+* [#5902](https://github.com/icinga/icinga2/issues/5902) (ITL, PR): Add parameter --octetlength to snmp-storage command.
+* [#5817](https://github.com/icinga/icinga2/issues/5817) (ITL): mongodb\_address vs mongodb\_host
+* [#5812](https://github.com/icinga/icinga2/issues/5812) (ITL): Better way to check required parameters in notification scripts
+* [#5805](https://github.com/icinga/icinga2/issues/5805) (ITL, PR): Add support for LD\_LIBRARY\_PATH env variable in oracle\_health ITL CheckCommand
+* [#5792](https://github.com/icinga/icinga2/issues/5792) (ITL, PR): ITL: Add check\_rpc
+* [#5787](https://github.com/icinga/icinga2/issues/5787) (Check Execution, ITL): random check should provide performance data metrics
+* [#5744](https://github.com/icinga/icinga2/issues/5744) (Check Execution, ITL, PR): Implement DummyCheckTask and move dummy into embedded in-memory checks
+* [#5717](https://github.com/icinga/icinga2/issues/5717) (ITL, PR): add order tags to disk check
+* [#5714](https://github.com/icinga/icinga2/issues/5714) (ITL): disk check in icinga2/itl/command-plugins.conf lacks order tags
+* [#5260](https://github.com/icinga/icinga2/issues/5260) (ITL): CheckCommand mongodb does not expose authdb option
+
+### Documentation
+
+* [#6436](https://github.com/icinga/icinga2/issues/6436) (Documentation, PR): Update tested Elasticsearch version
+* [#6435](https://github.com/icinga/icinga2/issues/6435) (Documentation, PR): Add note on sysconfig shell variables for Systemd to the Upgrading docs
+* [#6433](https://github.com/icinga/icinga2/issues/6433) (Documentation, PR): Docs: Fix typos in 03-monitoring-basics.md
+* [#6426](https://github.com/icinga/icinga2/issues/6426) (Documentation, PR): Update 'Upgrading to 2.9' docs
+* [#6413](https://github.com/icinga/icinga2/issues/6413) (Documentation, PR): Fix table in Livestatus Filters
+* [#6391](https://github.com/icinga/icinga2/issues/6391) (Documentation, PR): Docs: Fix icinga.com link
+* [#6390](https://github.com/icinga/icinga2/issues/6390) (Documentation, Windows, PR): Docs: Update Windows wizard images
+* [#6375](https://github.com/icinga/icinga2/issues/6375) (Documentation, PR): some minor fixes in the flapping documentation
+* [#6374](https://github.com/icinga/icinga2/issues/6374) (Documentation, PR): Docs: Add an additional note for VMWare timeouts on Ubuntu 16.04 LTS
+* [#6373](https://github.com/icinga/icinga2/issues/6373) (Documentation, PR): Drop command template imports for versions \< 2.6 in the docs
+* [#6372](https://github.com/icinga/icinga2/issues/6372) (Documentation, PR): Remove the import of 'legacy-timeperiod' in the docs
+* [#6350](https://github.com/icinga/icinga2/issues/6350) (Documentation, PR): clarify the permision system of the api in the docs
+* [#6344](https://github.com/icinga/icinga2/issues/6344) (Documentation, PR): README: Fix broken community link
+* [#6330](https://github.com/icinga/icinga2/issues/6330) (Documentation, PR): Fix $ipaddress6$ attribute name typo in the docs
+* [#6317](https://github.com/icinga/icinga2/issues/6317) (Documentation, PR): Add a note on Windows NSClient++ CPU checks to the docs
+* [#6289](https://github.com/icinga/icinga2/issues/6289) (Documentation, PR): Update release documentation with git tag signing key configuration
+* [#6286](https://github.com/icinga/icinga2/issues/6286) (Documentation): Update Windows wizard screenshots in the docs
+* [#6283](https://github.com/icinga/icinga2/issues/6283) (Documentation, PR): edit Icinga license info so that GitHub recognizes it
+* [#6271](https://github.com/icinga/icinga2/issues/6271) (Documentation, PR): Enhance advanced topics with \(scheduled\) downtimes
+* [#6267](https://github.com/icinga/icinga2/issues/6267) (Documentation, PR): Update docs to reflect required user\* attributes for notification objects
+* [#6265](https://github.com/icinga/icinga2/issues/6265) (Documentation): Notifications user/user\_groups required
+* [#6264](https://github.com/icinga/icinga2/issues/6264) (Documentation, PR): Enhance "Getting Started" chapter
+* [#6262](https://github.com/icinga/icinga2/issues/6262) (Documentation, PR): Enhance the environment variables chapter
+* [#6254](https://github.com/icinga/icinga2/issues/6254) (Documentation, PR): Enhance release documentation
+* [#6253](https://github.com/icinga/icinga2/issues/6253) (Documentation, PR): Doc: Add note for not fully supported Plugin collections
+* [#6243](https://github.com/icinga/icinga2/issues/6243) (Documentation, PR): Update PostgreSQL documentation
+* [#6226](https://github.com/icinga/icinga2/issues/6226) (Documentation, PR): Fix broken SELinux anchor in the documentation
+* [#6224](https://github.com/icinga/icinga2/issues/6224) (Documentation, PR): Update volatile docs
+* [#6216](https://github.com/icinga/icinga2/issues/6216) (Documentation): Volatile service explanation 
+* [#6180](https://github.com/icinga/icinga2/issues/6180) (Documentation, PR): Doc: fixed wrong information about defaulting
+* [#6128](https://github.com/icinga/icinga2/issues/6128) (Documentation, PR): Adding documentation for configurable global zones during setup
+* [#6067](https://github.com/icinga/icinga2/issues/6067) (Documentation, Windows, PR): Improve Windows builds and testing
+* [#6022](https://github.com/icinga/icinga2/issues/6022) (Configuration, Documentation, PR): Update default config and documentation for the "library" keyword
+* [#6018](https://github.com/icinga/icinga2/issues/6018) (Documentation): Move init configuration from getting-started
+* [#6000](https://github.com/icinga/icinga2/issues/6000) (Documentation, PR): Add newline to COPYING to fix Github license detection
+* [#5948](https://github.com/icinga/icinga2/issues/5948) (Documentation, PR): doc: Improve INSTALL documentation
+* [#4958](https://github.com/icinga/icinga2/issues/4958) (Check Execution, Documentation): How to set the HOME environment variable
+
+### Support
+
+* [#6439](https://github.com/icinga/icinga2/issues/6439) (PR): Revert "Fix obsolete parameter in Systemd script"
+* [#6423](https://github.com/icinga/icinga2/issues/6423) (PR): Fix missing next check update causing the scheduler to execute checks too often
+* [#6421](https://github.com/icinga/icinga2/issues/6421) (Check Execution): High CPU load due to seemingly ignored check\_interval
+* [#6412](https://github.com/icinga/icinga2/issues/6412) (Plugins, Windows, PR): Fix output formatting in windows plugins
+* [#6402](https://github.com/icinga/icinga2/issues/6402) (Cluster, code-quality, PR): Use SSL\_pending\(\) for remaining TLS stream data
+* [#6384](https://github.com/icinga/icinga2/issues/6384) (PR): Remove leftover for sysconfig file parsing
+* [#6381](https://github.com/icinga/icinga2/issues/6381) (Packages, PR): Fix sysconfig not being handled correctly by sysvinit
+* [#6377](https://github.com/icinga/icinga2/issues/6377) (code-quality, PR): Fix missing name for workqueue while creating runtime objects via API
+* [#6364](https://github.com/icinga/icinga2/issues/6364) (code-quality): lib/base/workqueue.cpp:212: assertion failed: !m\_Name.IsEmpty\(\)
+* [#6361](https://github.com/icinga/icinga2/issues/6361) (API, Cluster): Analyse socket IO handling with HTTP/JSON-RPC
+* [#6359](https://github.com/icinga/icinga2/issues/6359) (Configuration, PR): Fix ScheduledDowntimes replicating on restart
+* [#6357](https://github.com/icinga/icinga2/issues/6357) (API, PR): Increase header size to 8KB for HTTP requests
+* [#6347](https://github.com/icinga/icinga2/issues/6347) (Packages, PR): SELinux: Allow notification plugins to read local users 
+* [#6343](https://github.com/icinga/icinga2/issues/6343) (Check Execution, Cluster, PR): Fix that checks with command\_endpoint don't return any check results
+* [#6337](https://github.com/icinga/icinga2/issues/6337): Checks via command\_endpoint are not executed \(snapshot packages only\)
+* [#6328](https://github.com/icinga/icinga2/issues/6328) (Installation, Packages, PR): Rework sysconfig file/startup environment
+* [#6320](https://github.com/icinga/icinga2/issues/6320) (PR): Ensure that icinga\_min\_version parameter is optional
+* [#6309](https://github.com/icinga/icinga2/issues/6309) (PR): Fix compiler warning in checkercomponent.ti
+* [#6306](https://github.com/icinga/icinga2/issues/6306) (code-quality, PR): Adjust message for CheckResultReader deprecation
+* [#6301](https://github.com/icinga/icinga2/issues/6301) (Documentation, code-quality, PR): Adjust deprecation removal for compat features
+* [#6295](https://github.com/icinga/icinga2/issues/6295) (Compat, PR): Deprecate compatlog feature
+* [#6238](https://github.com/icinga/icinga2/issues/6238) (Notifications, PR): Implement better way to check parameters in notification scripts
+* [#6233](https://github.com/icinga/icinga2/issues/6233) (Check Execution): Verify next check execution on daemon reload
+* [#6229](https://github.com/icinga/icinga2/issues/6229) (Packages, PR): Don't use shell variables in sysconfig
+* [#6214](https://github.com/icinga/icinga2/issues/6214) (Packages): Reload-internal with unresolved shell variable
+* [#6201](https://github.com/icinga/icinga2/issues/6201) (Windows, PR): Handle exceptions from X509Certificate2
+* [#6199](https://github.com/icinga/icinga2/issues/6199) (API, PR): Return 500 when no api action is successful
+* [#6198](https://github.com/icinga/icinga2/issues/6198) (Compat, PR): Deprecate Statusdatawriter
+* [#6187](https://github.com/icinga/icinga2/issues/6187) (code-quality, PR): Remove Icinga Studio Screenshots
+* [#6181](https://github.com/icinga/icinga2/issues/6181) (Tests, PR): tests: Ensure IcingaApplication is initialized before adding config
+* [#6174](https://github.com/icinga/icinga2/issues/6174) (API, PR): Fix crash without CORS setting
+* [#6173](https://github.com/icinga/icinga2/issues/6173) (API, Crash): Using the API crashes Icinga2 in v2.8.1-537-g064fc80
+* [#6171](https://github.com/icinga/icinga2/issues/6171) (code-quality, PR): Update copyright of the Windows Agent to 2018
+* [#6163](https://github.com/icinga/icinga2/issues/6163) (PR): Fix reload handling by updating the PID file before process overtake
+* [#6160](https://github.com/icinga/icinga2/issues/6160) (code-quality, PR): Replace std::vector:push\_back calls with initializer list
+* [#6126](https://github.com/icinga/icinga2/issues/6126) (PR): Require systemd headers
+* [#6113](https://github.com/icinga/icinga2/issues/6113) (Tests, PR): appveyor: Disable artifacts until we use them
+* [#6107](https://github.com/icinga/icinga2/issues/6107) (code-quality, PR): Allow MYSQL\_LIB to be specified by ENV variable
+* [#6105](https://github.com/icinga/icinga2/issues/6105) (Tests): Snapshot builds fail on livestatus tests
+* [#6098](https://github.com/icinga/icinga2/issues/6098) (API, code-quality, PR): Clean up CORS implementation
+* [#6085](https://github.com/icinga/icinga2/issues/6085) (Cluster, Crash, PR): Fix crash with anonymous clients on certificate signing request and storing sent bytes
+* [#6083](https://github.com/icinga/icinga2/issues/6083) (Log, code-quality, PR): Fix wrong type logging in ConfigItem::Commit
+* [#6082](https://github.com/icinga/icinga2/issues/6082) (Installation, Packages): PID file removed after reload
+* [#6063](https://github.com/icinga/icinga2/issues/6063) (Compat, PR): Deprecate CheckResultReader
+* [#6062](https://github.com/icinga/icinga2/issues/6062) (code-quality, PR): Remove the obsolete 'make-agent-config.py' script
+* [#6061](https://github.com/icinga/icinga2/issues/6061) (code-quality, PR): Remove jenkins test scripts
+* [#6060](https://github.com/icinga/icinga2/issues/6060) (code-quality, PR): Remove Icinga development docker scripts
+* [#6059](https://github.com/icinga/icinga2/issues/6059) (code-quality, PR): Remove Icinga Studio
+* [#6058](https://github.com/icinga/icinga2/issues/6058) (code-quality, PR): Clean up the Icinga plugins a bit
+* [#6055](https://github.com/icinga/icinga2/issues/6055) (Check Execution, Windows, code-quality, PR): methods: Remove unused clrchecktask feature
+* [#6054](https://github.com/icinga/icinga2/issues/6054) (Check Execution, Windows, code-quality): Remove unused clrchecktask
+* [#6051](https://github.com/icinga/icinga2/issues/6051) (code-quality, PR): Set FOLDER cmake property for the icingaloader target
+* [#6050](https://github.com/icinga/icinga2/issues/6050) (code-quality, PR): Replace boost::algorithm::split calls with String::Split
+* [#6044](https://github.com/icinga/icinga2/issues/6044) (code-quality, PR): Implement support for frozen arrays and dictionaries
+* [#6038](https://github.com/icinga/icinga2/issues/6038) (PR): Fix missing include for boost::split
+* [#6037](https://github.com/icinga/icinga2/issues/6037) (PR): Fix build error on Windows
+* [#6029](https://github.com/icinga/icinga2/issues/6029) (code-quality, PR): Remove duplicate semicolons
+* [#6028](https://github.com/icinga/icinga2/issues/6028) (Packages): python notification not running when icinga ran as a service
+* [#6026](https://github.com/icinga/icinga2/issues/6026) (Check Execution, Windows, PR): Fix flapping support for Windows
+* [#6025](https://github.com/icinga/icinga2/issues/6025) (Windows): Implement Flapping on Windows
+* [#6023](https://github.com/icinga/icinga2/issues/6023): Icinga should check whether the libsystemd library is available
+* [#6017](https://github.com/icinga/icinga2/issues/6017) (PR): Remove build breaking include
+* [#6015](https://github.com/icinga/icinga2/issues/6015) (code-quality, PR): Fix whitespaces in CMakeLists files
+* [#6009](https://github.com/icinga/icinga2/issues/6009) (PR): Build fix for ancient versions of GCC
+* [#6008](https://github.com/icinga/icinga2/issues/6008) (PR): Fix compatibility with CMake \< 3.1
+* [#6007](https://github.com/icinga/icinga2/issues/6007) (PR): Fix missing include
+* [#6005](https://github.com/icinga/icinga2/issues/6005) (PR): Fix incorrect dependencies for mkunity targets
+* [#5999](https://github.com/icinga/icinga2/issues/5999) (PR): Build fix
+* [#5998](https://github.com/icinga/icinga2/issues/5998) (code-quality, PR): Build all remaining libraries as object libraries
+* [#5997](https://github.com/icinga/icinga2/issues/5997) (PR): Use gcc-ar and gcc-ranlib when building with -flto
+* [#5994](https://github.com/icinga/icinga2/issues/5994) (InfluxDB, PR): InfluxDBWriter: Fix macro in template
+* [#5993](https://github.com/icinga/icinga2/issues/5993) (code-quality, PR): Use CMake object libraries for our libs
+* [#5992](https://github.com/icinga/icinga2/issues/5992) (code-quality, PR): Remove unused includes
+* [#5984](https://github.com/icinga/icinga2/issues/5984) (DB IDO, PR): Fix missing static libraries for DB IDO
+* [#5983](https://github.com/icinga/icinga2/issues/5983) (code-quality, PR): Use initializer lists for arrays and dictionaries
+* [#5980](https://github.com/icinga/icinga2/issues/5980) (code-quality, PR): Explicitly pass 1 or 0 for notification filters in DB IDO
+* [#5974](https://github.com/icinga/icinga2/issues/5974) (PR): Fix non-unity builds with the icinga check
+* [#5971](https://github.com/icinga/icinga2/issues/5971) (code-quality, PR): Remove libdemo and libhello
+* [#5970](https://github.com/icinga/icinga2/issues/5970) (code-quality, PR): Allocate ConfigItemBuilder objects on the stack
+* [#5969](https://github.com/icinga/icinga2/issues/5969) (code-quality, PR): Remove the WorkQueue::m\_StatsMutex instance variable
+* [#5968](https://github.com/icinga/icinga2/issues/5968) (code-quality, PR): Update the RingBuffer class to use a regular mutex instead of ObjectLock
+* [#5967](https://github.com/icinga/icinga2/issues/5967) (code-quality, PR): Avoid accessing attributes for validators where not necessary
+* [#5965](https://github.com/icinga/icinga2/issues/5965) (code-quality, PR): Avoid unnecessary casts in the JSON encoder
+* [#5961](https://github.com/icinga/icinga2/issues/5961) (PR): Fix macro warning from the icinga check
+* [#5960](https://github.com/icinga/icinga2/issues/5960): Macro warning from the icinga check
+* [#5957](https://github.com/icinga/icinga2/issues/5957) (code-quality, PR): Change a bunch more copyright headers for 2018
+* [#5955](https://github.com/icinga/icinga2/issues/5955) (Configuration, code-quality, PR): Avoid mutex contention in the config parser
+* [#5946](https://github.com/icinga/icinga2/issues/5946) (code-quality, PR): Use clang-tidy to add some more C++11 features
+* [#5945](https://github.com/icinga/icinga2/issues/5945) (code-quality, PR): Fix incorrect indentation for code generated by mkclass
+* [#5944](https://github.com/icinga/icinga2/issues/5944) (code-quality, PR): Add the final keyword to classes
+* [#5939](https://github.com/icinga/icinga2/issues/5939) (PR): Build fix for Debian wheezy
+* [#5937](https://github.com/icinga/icinga2/issues/5937) (code-quality, PR): Remove inline methods and use explicit template instantiation to minimize the number of weak symbols
+* [#5936](https://github.com/icinga/icinga2/issues/5936) (code-quality, PR): Clean up source lists in the CMakeLists.txt files
+* [#5935](https://github.com/icinga/icinga2/issues/5935) (code-quality, PR): Implement support for precompiled headers
+* [#5934](https://github.com/icinga/icinga2/issues/5934) (code-quality, PR): Add more include/library paths for MySQL and PostgreSQL
+* [#5933](https://github.com/icinga/icinga2/issues/5933) (code-quality, PR): Change copyright headers for 2018
+* [#5932](https://github.com/icinga/icinga2/issues/5932) (code-quality, PR): Fix copyright header in cli/troubleshootcommand.hpp
+* [#5931](https://github.com/icinga/icinga2/issues/5931) (code-quality, PR): Improve detection for linker flags
+* [#5930](https://github.com/icinga/icinga2/issues/5930) (code-quality, PR): Replace boost::function with std::function
+* [#5929](https://github.com/icinga/icinga2/issues/5929) (code-quality, PR): Get rid of boost::assign::list\_of in mkclass
+* [#5927](https://github.com/icinga/icinga2/issues/5927) (code-quality, PR): Build libraries as static libraries
+* [#5909](https://github.com/icinga/icinga2/issues/5909) (code-quality, PR): WIP: Improve build times
+* [#5903](https://github.com/icinga/icinga2/issues/5903) (code-quality, PR): Cleanup CompatUtility class and features
+* [#5897](https://github.com/icinga/icinga2/issues/5897) (code-quality, PR): Remove unnecessary inline statements
+* [#5894](https://github.com/icinga/icinga2/issues/5894) (code-quality, PR): Remove string\_iless
+* [#5891](https://github.com/icinga/icinga2/issues/5891) (code-quality, PR): Update .gitignore
+* [#5889](https://github.com/icinga/icinga2/issues/5889) (code-quality, PR): execvpe: Fixup indention for readability
+* [#5887](https://github.com/icinga/icinga2/issues/5887) (PR): Windows build fix
+* [#5886](https://github.com/icinga/icinga2/issues/5886) (code-quality): Remove unnecessary 'inline' keyword
+* [#5882](https://github.com/icinga/icinga2/issues/5882) (code-quality, PR): Avoid unnecessary allocations
+* [#5871](https://github.com/icinga/icinga2/issues/5871) (code-quality, PR): Unit tests for the LegacyTimePeriod class
+* [#5868](https://github.com/icinga/icinga2/issues/5868) (Configuration, code-quality, PR): Use std::unique\_ptr for Expression objects
+* [#5865](https://github.com/icinga/icinga2/issues/5865) (code-quality, PR): Add missing initializer in Utility::NewUniqueID\(\)
+* [#5862](https://github.com/icinga/icinga2/issues/5862) (code-quality, PR): Replace a few more NULLs with nullptr
+* [#5858](https://github.com/icinga/icinga2/issues/5858) (Tests, code-quality, PR): Travis: Add support for Coverity
+* [#5857](https://github.com/icinga/icinga2/issues/5857) (code-quality, PR): Fix compiler warnings
+* [#5855](https://github.com/icinga/icinga2/issues/5855) (PR): Fix build problems with Visual Studio 2017
+* [#5848](https://github.com/icinga/icinga2/issues/5848) (code-quality, PR): Fix COPYING format
+* [#5846](https://github.com/icinga/icinga2/issues/5846) (code-quality, PR): Fix compiler warnings
+* [#5831](https://github.com/icinga/icinga2/issues/5831) (Check Execution, Configuration): No checks were launched on snapshot version 2.8.0.71 \(RHEL6\)
+* [#5827](https://github.com/icinga/icinga2/issues/5827) (code-quality, PR): Replace StatsFunction with Function
+* [#5825](https://github.com/icinga/icinga2/issues/5825) (code-quality, PR): Replace boost::assign::list\_of with initializer lists
+* [#5824](https://github.com/icinga/icinga2/issues/5824) (code-quality, PR): Replace a few Boost features with equivalent C++11 features
+* [#5821](https://github.com/icinga/icinga2/issues/5821) (Packages, Windows): check\_disk build error
+* [#5819](https://github.com/icinga/icinga2/issues/5819) (code-quality, PR): Avoid unnecessary allocations in the FunctionCallExpression class
+* [#5816](https://github.com/icinga/icinga2/issues/5816) (code-quality, PR): Re-implement WrapFunction\(\) using C++11 features
+* [#5809](https://github.com/icinga/icinga2/issues/5809) (Documentation, Installation, PR): Raise required OpenSSL version to 1.0.1
+* [#5758](https://github.com/icinga/icinga2/issues/5758) (Documentation, Packages): Completely remove the spec file from the icinga2 repository
+* [#5743](https://github.com/icinga/icinga2/issues/5743) (CLI, Configuration, Installation): node setup: Deprecate --master\_host and use --parent\_host instead
+* [#5725](https://github.com/icinga/icinga2/issues/5725) (code-quality, PR): Use real UUIDs for Utility::NewUniqueID
+* [#5388](https://github.com/icinga/icinga2/issues/5388) (Packages, PR): Handle mis-detection with clang on RHEL/CentOS 7
+* [#3246](https://github.com/icinga/icinga2/issues/3246) (Installation): Add option to windows installer to disable inclusion of conf.d directory
 
 ## 2.8.4 (2018-04-25)
 
diff --git a/CMakeLists.txt b/CMakeLists.txt
index e66efb2e8..bfc558769 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,22 +1,7 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 cmake_minimum_required(VERSION 2.8.8)
-set(BOOST_MIN_VERSION "1.48.0")
+set(BOOST_MIN_VERSION "1.66.0")
 
 project(icinga2)
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
@@ -42,24 +27,45 @@ option (USE_SYSTEMD
 
 set(HAVE_SYSTEMD ${USE_SYSTEMD})
 
-file(STRINGS VERSION VERSION_LINE REGEX "^Version: ")
-string(REPLACE "Version: " "" ICINGA2_VERSION ${VERSION_LINE})
-
 include(GNUInstallDirs)
 include(InstallConfig)
+include(SetFullDir)
 
 set(ICINGA2_USER "icinga" CACHE STRING "Icinga 2 user")
 set(ICINGA2_GROUP "icinga" CACHE STRING "Icinga 2 group")
 set(ICINGA2_COMMAND_GROUP "icingacmd" CACHE STRING "Icinga 2 command group")
-set(ICINGA2_RUNDIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/run" CACHE STRING "/run directory")
 set(ICINGA2_PLUGINDIR "/usr/lib/nagios/plugins" CACHE STRING "Path for the check plugins")
 set(ICINGA2_GIT_VERSION_INFO ON CACHE BOOL "Whether to use git describe")
 set(ICINGA2_UNITY_BUILD ON CACHE BOOL "Whether to perform a unity build")
 set(ICINGA2_LTO_BUILD OFF CACHE BOOL "Whether to use LTO")
 
-if(NOT WIN32)
-  set(ICINGA2_SYSCONFIGFILE "${CMAKE_INSTALL_FULL_SYSCONFDIR}/sysconfig/icinga2" CACHE PATH "where to store configuation for the init system, defaults to /etc/sysconfig/icinga2")
+set(ICINGA2_CONFIGDIR "${CMAKE_INSTALL_SYSCONFDIR}/icinga2" CACHE FILEPATH "Main config directory, e.g. /etc/icinga2")
+set(ICINGA2_CACHEDIR "${CMAKE_INSTALL_LOCALSTATEDIR}/cache/icinga2" CACHE FILEPATH "Directory for cache files, e.g. /var/cache/icinga2")
+set(ICINGA2_DATADIR "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/icinga2" CACHE FILEPATH "Data directory for the daemon, e.g. /var/lib/icinga2")
+set(ICINGA2_LOGDIR "${CMAKE_INSTALL_LOCALSTATEDIR}/log/icinga2" CACHE FILEPATH "Logging directory, e.g. /var/log/icinga2")
+set(ICINGA2_SPOOLDIR "${CMAKE_INSTALL_LOCALSTATEDIR}/spool/icinga2" CACHE FILEPATH "Spooling directory, e.g. /var/spool/icinga2")
+set(ICINGA2_RUNDIR "${CMAKE_INSTALL_LOCALSTATEDIR}/run" CACHE STRING "/run directory (deprecated, please use ICINGA2_INITRUNDIR)")
+set(ICINGA2_INITRUNDIR "${ICINGA2_RUNDIR}/icinga2" CACHE FILEPATH "Runtime data for the init system, e.g. /run/icinga2")
 
+set(ICINGA2_PKGDATADIR "${CMAKE_INSTALL_DATADIR}/icinga2" CACHE FILEPATH "Installed data, e.g. /usr/share/icinga2")
+set(ICINGA2_INCLUDEDIR "${ICINGA2_PKGDATADIR}/include" CACHE FILEPATH "Include directory for the ITL, e.g. /usr/share/icinga2/include")
+
+# ensure absolute paths
+set_full_dir(ICINGA2_FULL_CONFIGDIR "${ICINGA2_CONFIGDIR}")
+set_full_dir(ICINGA2_FULL_CACHEDIR "${ICINGA2_CACHEDIR}")
+set_full_dir(ICINGA2_FULL_DATADIR "${ICINGA2_DATADIR}")
+set_full_dir(ICINGA2_FULL_LOGDIR "${ICINGA2_LOGDIR}")
+set_full_dir(ICINGA2_FULL_SPOOLDIR "${ICINGA2_SPOOLDIR}")
+set_full_dir(ICINGA2_FULL_RUNDIR "${ICINGA2_RUNDIR}")
+set_full_dir(ICINGA2_FULL_INITRUNDIR "${ICINGA2_INITRUNDIR}")
+set_full_dir(ICINGA2_FULL_PKGDATADIR "${ICINGA2_PKGDATADIR}")
+set_full_dir(ICINGA2_FULL_INCLUDEDIR "${ICINGA2_INCLUDEDIR}")
+
+set(LOGROTATE_DIR "${CMAKE_INSTALL_SYSCONFDIR}/logrotate.d" CACHE STRING "Location of logrotate configs, e.g. /etc/logrotate.d")
+set(BASHCOMPLETION_DIR "${CMAKE_INSTALL_SYSCONFDIR}/bash_completion.d" CACHE STRING "Location of bash_completion files, e.g. /etc/bash_completion.d")
+
+if(NOT WIN32)
+  set(ICINGA2_SYSCONFIGFILE "${CMAKE_INSTALL_SYSCONFDIR}/sysconfig/icinga2" CACHE PATH "where to store configuation for the init system, defaults to /etc/sysconfig/icinga2")
 endif()
 
 site_name(ICINGA2_BUILD_HOST_NAME)
@@ -95,15 +101,38 @@ else()
     string(SUBSTRING ${SPEC_REVISION} 10 ${SPEC_REVISION_LENGTH} SPEC_REVISION)
 
     set(GIT_VERSION "r${SPEC_VERSION}-${SPEC_REVISION}")
+    set(ICINGA2_VERSION "${SPEC_VERSION}")
+  else()
+    # use GIT version as ICINGA2_VERSION
+    string(REGEX REPLACE "^[rv]" "" ICINGA2_VERSION "${GIT_VERSION}")
   endif()
   configure_file(icinga-version.h.cmake icinga-version.h)
 endif()
 
+# NuGet on Windows requires a semantic versioning, example: 2.10.4.123 (only 4 element, only numeric)
+string(REGEX REPLACE "-([0-9]+).*$" ".\\1" ICINGA2_VERSION_SAFE "${ICINGA2_VERSION}")
+string(REGEX REPLACE "-[^\\.]*(.*)$" "\\1" ICINGA2_VERSION_SAFE "${ICINGA2_VERSION_SAFE}")
+message(STATUS "ICINGA2_VERSION_SAFE=${ICINGA2_VERSION_SAFE}")
+
 if(WIN32)
   set(Boost_USE_STATIC_LIBS ON)
-  add_definitions(-DBOOST_ALL_NO_LIB)
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /bigobj")
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /bigobj")
+  # Disabled for linking issues for newer Boost versions, they link against Windows SDKs
+  #add_definitions(-DBOOST_ALL_NO_LIB)
+
+  # Disable optimization for Boost::context
+  # https://www.boost.org/doc/libs/1_69_0/libs/context/doc/html/context/overview.html
+  # https://docs.microsoft.com/en-us/cpp/build/reference/gl-whole-program-optimization?view=vs-2017
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /bigobj /GL- /EHs")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /bigobj /GL- /EHs")
+
+  # detect if 32-bit target
+  if(CMAKE_VS_PLATFORM_NAME STREQUAL "Win32")
+    # SAFESEH is not supported in Boost on Windows x86
+    # maybe it is when Boost is compiled with it...
+    # https://lists.boost.org/Archives/boost/2013/10/206720.php
+    # https://docs.microsoft.com/en-us/cpp/build/reference/safeseh-image-has-safe-exception-handlers?view=vs-2017
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /SAFESEH:NO")
+  endif()
 endif()
 
 if(NOT DEFINED LOGROTATE_HAS_SU)
@@ -121,9 +150,18 @@ if(NOT DEFINED LOGROTATE_HAS_SU)
 endif()
 if(LOGROTATE_HAS_SU)
   set(LOGROTATE_USE_SU "\n\tsu ${ICINGA2_USER} ${ICINGA2_GROUP}")
+else()
+  set(LOGROTATE_CREATE "\n\tcreate 644 ${ICINGA2_USER} ${ICINGA2_GROUP}")
 endif()
 
-find_package(Boost ${BOOST_MIN_VERSION} COMPONENTS thread system program_options regex REQUIRED)
+find_package(Boost ${BOOST_MIN_VERSION} COMPONENTS context coroutine date_time filesystem thread system program_options regex REQUIRED)
+
+# Boost.Coroutine2 (the successor of Boost.Coroutine)
+# (1) doesn't even exist in old Boost versions and
+# (2) isn't supported by ASIO, yet.
+add_definitions(-DBOOST_COROUTINES_NO_DEPRECATION_WARNING)
+
+add_definitions(-DBOOST_FILESYSTEM_NO_DEPRECATED)
 
 link_directories(${Boost_LIBRARY_DIRS})
 include_directories(${Boost_INCLUDE_DIRS})
@@ -134,15 +172,13 @@ include_directories(${OPENSSL_INCLUDE_DIR})
 set(base_DEPS ${CMAKE_DL_LIBS} ${Boost_LIBRARIES} ${OPENSSL_LIBRARIES})
 set(base_OBJS $<TARGET_OBJECTS:mmatch> $<TARGET_OBJECTS:socketpair> $<TARGET_OBJECTS:base>)
 
-find_package(YAJL)
+# JSON
+find_package(JSON)
+include_directories(${JSON_INCLUDE})
 
-if(NOT YAJL_FOUND)
-  include_directories(${icinga2_BINARY_DIR}/third-party/yajl/include)
-  link_directories(${icinga2_BINARY_DIR}/third-party/yajl)
-  list(APPEND base_OBJS $<TARGET_OBJECTS:yajl>)
-else()
-  list(APPEND base_DEPS ${YAJL_LIBRARIES})
-endif()
+# UTF8CPP
+find_package(UTF8CPP)
+include_directories(${UTF8CPP_INCLUDE})
 
 find_package(Editline)
 set(HAVE_EDITLINE "${EDITLINE_FOUND}")
@@ -183,6 +219,7 @@ if(WIN32)
 endif()
 
 set(CMAKE_MACOSX_RPATH 1)
+set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_RPATH};${CMAKE_INSTALL_FULL_LIBDIR}/icinga2")
 
 if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Qunused-arguments -fcolor-diagnostics")
@@ -203,7 +240,7 @@ endif()
 
 if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
   if(CMAKE_SYSTEM_NAME MATCHES AIX)
-    set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -g -lpthread")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -lpthread")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -lpthread")
   elseif(CMAKE_SYSTEM_NAME MATCHES "kOpenBSD.*|OpenBSD.*")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -pthread")
@@ -277,7 +314,7 @@ if(ICINGA2_LTO_BUILD)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -flto")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -flto")
     set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -flto")
-    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -flto")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -flto")
 
     if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU" AND NOT (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9.0) AND NOT OPENBSD)
       set(CMAKE_AR "gcc-ar")
@@ -340,6 +377,54 @@ if(NOT MSVC)
   endif()
 endif()
 
+# Architecture specifics
+# - Log the target architecture
+# - ARM needs to link against atomic
+if(NOT MSVC)
+  # inspired by https://github.com/civetweb/civetweb/blob/master/cmake/DetermineTargetArchitecture.cmake
+  execute_process(
+    COMMAND ${CMAKE_C_COMPILER} -dumpmachine
+    RESULT_VARIABLE RESULT
+    OUTPUT_VARIABLE ARCH
+    ERROR_QUIET
+  )
+
+  if (RESULT)
+    message(STATUS "Failed to detect target architecture with compiler ${CMAKE_C_COMPILER}: ${RESULT}")
+  endif()
+
+  string(REGEX MATCH "([^-]+).*" ARCH_MATCH "${ARCH}")
+  if (NOT CMAKE_MATCH_1 OR NOT ARCH_MATCH)
+    message(STATUS "Failed to match the target architecture: ${ARCH}")
+  endif()
+
+  set(ARCH ${CMAKE_MATCH_1})
+
+  message(STATUS "Target architecture - ${ARCH}")
+
+  # ARM settings
+  if("${ARCH}" STREQUAL "arm")
+    check_cxx_source_compiles( "include <atomic>; int main(){ std::atomic<uint_fast64_t> x; x.fetch_add(1); x.sub_add(1);  }" CXX_ATOMIC)
+
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -latomic")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -latomic")
+    set(CMAKE_STATIC_LINKER_FLAGS "${CMAKE_STATIC_LINKER_FLAGS} -latomic")
+  endif()
+
+else()
+  if("${MSVC_C_ARCHITECTURE_ID}" STREQUAL "X86")
+    set(ARCH "i686")
+  elseif("${MSVC_C_ARCHITECTURE_ID}" STREQUAL "x64")
+    set(ARCH "x86_64")
+  elseif("${MSVC_C_ARCHITECTURE_ID}" STREQUAL "ARM")
+    set(ARCH "arm")
+  else()
+    message(FATAL_ERROR "Failed to determine the MSVC target architecture: ${MSVC_C_ARCHITECTURE_ID}")
+  endif()
+
+  message(STATUS "Target architecture - ${ARCH}")
+endif()
+
 configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h ESCAPE_QUOTES)
 
 install(
@@ -372,8 +457,8 @@ if(ICINGA2_WITH_TESTS)
 endif()
 
 set(CPACK_PACKAGE_NAME "Icinga 2")
-set(CPACK_PACKAGE_VENDOR "Icinga Development Team")
-set(CPACK_PACKAGE_VERSION ${ICINGA2_VERSION})
+set(CPACK_PACKAGE_VENDOR "Icinga GmbH")
+set(CPACK_PACKAGE_VERSION ${ICINGA2_VERSION_SAFE})
 set(CPACK_PACKAGE_INSTALL_DIRECTORY "ICINGA2")
 set(CPACK_PACKAGE_ICON "${CMAKE_CURRENT_SOURCE_DIR}/icinga-app\\\\icinga.ico")
 set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_BINARY_DIR}/LICENSE.txt")
@@ -381,11 +466,11 @@ set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_BINARY_DIR}/LICENSE.txt")
 set(CPACK_PACKAGE_EXECUTABLES "Icinga2SetupAgent;Icinga 2 Agent Wizard")
 set(CPACK_WIX_PRODUCT_ICON "${CMAKE_CURRENT_SOURCE_DIR}/icinga-app\\\\icinga.ico")
 set(CPACK_WIX_UPGRADE_GUID "52F2BEAA-4DF0-4C3E-ABDC-C0F61DE4DF8A")
-set(CPACK_WIX_EXTENSIONS "WixUtilExtension")
 set(CPACK_WIX_UI_BANNER "${CMAKE_CURRENT_SOURCE_DIR}/icinga-installer/bannrbmp.bmp")
 set(CPACK_WIX_UI_DIALOG "${CMAKE_CURRENT_SOURCE_DIR}/icinga-installer/dlgbmp.bmp")
 set(CPACK_WIX_PATCH_FILE "${CMAKE_CURRENT_BINARY_DIR}/icinga-installer/icinga2.wixpatch.Debug")
 set(CPACK_WIX_PATCH_FILE "${CMAKE_CURRENT_BINARY_DIR}/icinga-installer/icinga2.wixpatch")
+set(CPACK_WIX_EXTENSIONS "WixUtilExtension" "WixNetFxExtension")
 
 set(CMAKE_INSTALL_SYSTEM_RUNTIME_DESTINATION "sbin")
 set(CMAKE_INSTALL_UCRT_LIBRARIES TRUE)
@@ -393,11 +478,11 @@ include(InstallRequiredSystemLibraries)
 
 if(WIN32)
   if(CMAKE_VS_PLATFORM_NAME STREQUAL "x64")
-    set(NSCP_URL "https://github.com/mickem/nscp/releases/download/0.5.0.62/NSCP-0.5.0.62-x64.msi")
-    set(NSCP_SHA256 "1854de86ad4fda3391f273de0f9985b702c014bdec01b26ad28a1343177f537f")
+    set(NSCP_URL "https://github.com/mickem/nscp/releases/download/0.5.2.39/NSCP-0.5.2.39-x64.msi")
+    set(NSCP_SHA256 "dfe93c293f30586b02510d8b7884e4e177b93a5fead8b5dc6de8103532e6e159")
   else()
-    set(NSCP_URL "https://github.com/mickem/nscp/releases/download/0.5.0.62/NSCP-0.5.0.62-Win32.msi")
-    set(NSCP_SHA256 "2186b60d588fa0811344ce709332f9c63670019c62ae92eae49698bf76205a95")
+    set(NSCP_URL "https://github.com/mickem/nscp/releases/download/0.5.2.39/NSCP-0.5.2.39-Win32.msi")
+    set(NSCP_SHA256 "ca6a67fb01c1468f2b510fd2f9eb0750887db3fb49a0302732c1421c85c6627c")
   endif()
 
   set(NSCP_SHA256SUM "")
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1d6992b86..fc9a4bfb0 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -23,6 +23,9 @@ bug reports and features requests or writing code to add enhancements or fix bug
 Please consider our [roadmap](https://github.com/Icinga/icinga2/milestones) and
 [open issues](https://github.com/icinga/icinga2/issues) when you start contributing
 to the project.
+Issues labeled with [help wanted](https://github.com/Icinga/icinga2/labels/help%20wanted) or
+[good first issue](https://github.com/Icinga/icinga2/labels/good%20first%20issue) will
+help you get started more easily.
 
 Before starting your work on Icinga 2, you should [fork the project](https://help.github.com/articles/fork-a-repo/)
 to your GitHub account. This allows you to freely experiment with your changes.
@@ -64,12 +67,12 @@ Please continue to learn about [branches](CONTRIBUTING.md#contributing-branches)
 
 Choosing a proper name for a branch helps us identify its purpose and possibly
 find an associated bug or feature.
-Generally a branch name should include a topic such as `fix` or `feature` followed
+Generally a branch name should include a topic such as `bugfix` or `feature` followed
 by a description and an issue number if applicable. Branches should have only changes
 relevant to a specific issue.
 
 ```
-git checkout -b fix/service-template-typo-1234
+git checkout -b bugfix/service-template-typo-1234
 git checkout -b feature/config-handling-1235
 ```
 
@@ -111,13 +114,13 @@ Don't worry, you can squash those changes into a single commit later on.
 ## <a id="contributing-pull-requests"></a> Pull Requests
 
 Once you've commited your changes, please update your local master
-branch and rebase your fix/feature branch against it before submitting a PR.
+branch and rebase your bugfix/feature branch against it before submitting a PR.
 
 ```
 git checkout master
 git pull upstream HEAD
 
-git checkout fix/notifications
+git checkout bugfix/notifications
 git rebase master
 ```
 
@@ -126,12 +129,12 @@ It might be necessary to force push after rebasing - use with care!
 
 New branch:
 ```
-git push --set-upstream origin fix/notifications
+git push --set-upstream origin bugfix/notifications
 ```
 
 Existing branch:
 ```
-git push -f origin fix/notifications
+git push -f origin bugfix/notifications
 ```
 
 You can now either use the [hub](https://hub.github.com) CLI tool to create a PR, or nagivate
@@ -168,7 +171,7 @@ git pull upstream HEAD
 Then change to your working branch and start rebasing it against master:
 
 ```
-git checkout fix/notifications
+git checkout bugfix/notifications
 git rebase master
 ```
 
@@ -192,22 +195,22 @@ git rebase --continue
 Once succeeded ensure to push your changed history remotely.
 
 ```
-git push -f origin fix/notifications
+git push -f origin bugfix/notifications
 ```
 
 
 If you fear to break things, do the rebase in a backup branch first and later replace your current branch.
 
 ```
-git checkout fix/notifications
-git checkout -b fix/notifications-rebase
+git checkout bugfix/notifications
+git checkout -b bugfix/notifications-rebase
 
 git rebase master
 
-git branch -D fix/notifications
-git checkout -b fix/notifications
+git branch -D bugfix/notifications
+git checkout -b bugfix/notifications
 
-git push -f origin fix/notifications
+git push -f origin bugfix/notifications
 ```
 
 ### <a id="contributing-squash"></a> Squash Commits
@@ -237,17 +240,14 @@ squash b37fd5377 Doc updates
 Save and let rebase to its job. Then force push the changes to the remote origin.
 
 ```
-git push -f origin fix/notifications
+git push -f origin bugfix/notifications
 ```
 
 
 ## <a id="contributing-testing"></a> Testing
 
-Basic unit test coverage is provided by running `make test` during package builds.
-Read the [INSTALL.md](INSTALL.md) file for more information about development builds.
-
-Snapshot packages from the laster development branch are available inside the
-[package repository](https://packages.icinga.com).
+Please follow the [documentation](https://icinga.com/docs/icinga2/snapshot/doc/21-development/#test-icinga-2)
+for build and test instructions.
 
 You can help test-drive the latest Icinga 2 snapshot packages inside the
 [Icinga 2 Vagrant boxes](https://github.com/icinga/icinga-vagrant).
@@ -255,17 +255,11 @@ You can help test-drive the latest Icinga 2 snapshot packages inside the
 
 ## <a id="contributing-patches-source-code"></a> Source Code Patches
 
-Icinga 2 is written in C++ and uses the Boost libraries. We are also using the C++11 standard where applicable (please
-note the minimum required compiler versions in the [INSTALL.md](INSTALL.md) file.
-
 Icinga 2 can be built on Linux/Unix nodes and Windows clients. In order to develop patches for Icinga 2,
 you should prepare your own local build environment and know how to work with C++.
 
-More tips:
-
-* Requirements and source code installation for Linux/Unix is explained inside the [INSTALL.md](INSTALL.md) file.
-* Debug requirements and GDB instructions can be found in the [documentation](https://github.com/Icinga/icinga2/blob/master/doc/20-development.md).
-* If you are planning to develop and debug the Windows client, setup a Windows environment with [Visual Studio](https://www.visualstudio.com/vs/community/). An example can be found in [this blogpost](https://blog.netways.de/2015/08/24/developing-icinga-2-on-windows-10-using-visual-studio-2015/).
+Please follow the [development documentation](https://icinga.com/docs/icinga2/latest/doc/21-development/)
+for development environments, the style guide and more advanced insights.
 
 ## <a id="contributing-patches-documentation"></a> Documentation Patches
 
@@ -466,7 +460,7 @@ By default, pull requests allow to push into the repository of the PR creator.
 
 Example for [#4956](https://github.com/Icinga/icinga2/pull/4956):
 
-At the bottom it says "Add more commits by pushing to the fix/persistent-comments-are-not-persistent branch on TheFlyingCorpse/icinga2."
+At the bottom it says "Add more commits by pushing to the bugfix/persistent-comments-are-not-persistent branch on TheFlyingCorpse/icinga2."
 
 First off, add the remote repository as additional origin and fetch its content:
 
@@ -478,20 +472,20 @@ git fetch --all
 Checkout the mentioned remote branch into a local branch (Note: `theflyingcorpse` is the name of the remote):
 
 ```
-git checkout theflyingcorpse/fix/persistent-comments-are-not-persistent -b fix/persistent-comments-are-not-persistent
+git checkout theflyingcorpse/bugfix/persistent-comments-are-not-persistent -b bugfix/persistent-comments-are-not-persistent
 ```
 
 Rebase, amend, squash or add your own commits on top.
 
-Once you are satisfied, push the changes to the remote `theflyingcorpse` and its branch `fix/persistent-comments-are-not-persistent`.
+Once you are satisfied, push the changes to the remote `theflyingcorpse` and its branch `bugfix/persistent-comments-are-not-persistent`.
 The syntax here is `git push <remote> <localbranch>:<remotebranch>`.
 
 ```
-git push theflyingcorpse fix/persistent-comments-are-not-persistent:fix/persistent-comments-are-not-persistent
+git push theflyingcorpse bugfix/persistent-comments-are-not-persistent:bugfix/persistent-comments-are-not-persistent
 ```
 
 In case you've changed the commit history (rebase, amend, squash), you'll need to force push. Be careful, this can't be reverted!
 
 ```
-git push -f theflyingcorpse fix/persistent-comments-are-not-persistent:fix/persistent-comments-are-not-persistent
+git push -f theflyingcorpse bugfix/persistent-comments-are-not-persistent:bugfix/persistent-comments-are-not-persistent
 ```
diff --git a/INSTALL.md b/INSTALL.md
deleted file mode 100644
index 6c3b9aa0b..000000000
--- a/INSTALL.md
+++ /dev/null
@@ -1,395 +0,0 @@
-# Installing Icinga 2
-
-The recommended way of installing Icinga 2 is to use packages. The Icinga
-project provides both release and development packages for a number
-of operating systems.
-
-Please check the documentation in the [doc/](doc/) directory for a current list
-of available packages and detailed installation instructions.
-
-The online documentation is available on [icinga.com/docs](https://www.icinga.com/docs/)
-and will guide you step by step.
-
-There are a number of known caveats when installing from source such as
-incorrect directory and file permissions. So even if you're planning to
-not use the official packages it is advisable to build your own Debian
-or RPM packages.
-
-**Disclaimer**
-
-This information is intended for developers and packagers. It might be incomplete or unclear
-in some cases. Make also sure to check our [packaging scripts on GitHub](https://github.com/Icinga/icinga-packaging)!
-
-# Build Requirements
-
-The following requirements need to be fulfilled in order to build the
-application using a dist tarball (including notes for distributions):
-
-* cmake >= 2.6
-* GNU make (make) or ninja-build
-* C++ compiler which supports C++11
-  - RHEL/Fedora/SUSE: gcc-c++ >= 4.7 (extra Developer Tools on RHEL5/6 see below)
-  - Debian/Ubuntu: build-essential
-  - Alpine: build-base
-  - you can also use clang++
-* pkg-config
-* OpenSSL library and header files >= 1.0.1
-  - RHEL/Fedora: openssl-devel
-  - SUSE: libopenssl-devel (for SLES 11: libopenssl1-devel)
-  - Debian/Ubuntu: libssl-dev
-  - Alpine: libressl-dev
-* Boost library and header files >= 1.48.0
-  - RHEL/Fedora: boost148-devel
-  - Debian/Ubuntu: libboost-all-dev
-  - Alpine: boost-dev
-* GNU bison (bison)
-* GNU flex (flex) >= 2.5.35
-* Systemd headers
-  - Only required when using Systemd
-  - Debian/Ubuntu: libsystemd-dev
-  - RHEL/Fedora: systemd-devel
-
-## Optional features
-
-* MySQL (disable with CMake variable `ICINGA2_WITH_MYSQL` to `OFF`)
-  - RHEL/Fedora: mysql-devel
-  - SUSE: libmysqlclient-devel
-  - Debian/Ubuntu: default-libmysqlclient-dev | libmysqlclient-dev
-  - Alpine: mariadb-dev
-* PostgreSQL (disable with CMake variable `ICINGA2_WITH_PGSQL` to `OFF`)
-  - RHEL/Fedora: postgresql-devel
-  - Debian/Ubuntu: libpq-dev
-  - postgresql-dev on Alpine
-* YAJL (Faster JSON library)
-  - RHEL/Fedora: yajl-devel
-  - Debian: libyajl-dev
-  - Alpine: yajl-dev
-* libedit (CLI console)
-  - RHEL/Fedora: libedit-devel on CentOS (RHEL requires rhel-7-server-optional-rpms)
-  - Debian/Ubuntu/Alpine: libedit-dev
-* Termcap (only required if libedit doesn't already link against termcap/ncurses)
-  - RHEL/Fedora: libtermcap-devel
-  - Debian/Ubuntu: (not necessary)
-
-## Special requirements
-
-**FreeBSD**: libexecinfo (automatically used when Icinga 2 is installed via port or package)
-
-**RHEL5** ships an ancient flex version. Updated packages are available for
-example from the repoforge buildtools repository.
-
-* x86: https://mirror.hs-esslingen.de/repoforge/redhat/el5/en/i386/buildtools/
-* x86\_64: https://mirror.hs-esslingen.de/repoforge/redhat/el5/en/x86\_64/buildtools/
-
-## Runtime user environment
-
-By default Icinga will run as user 'icinga' and group 'icinga'. Additionally the
-external command pipe and livestatus features require a dedicated command group
-'icingacmd'. You can choose your own user/group names and pass them to CMake
-using the `ICINGA2_USER`, `ICINGA2_GROUP` and `ICINGA2_COMMAND_GROUP` variables.
-```
-# groupadd icinga
-# groupadd icingacmd
-# useradd -c "icinga" -s /sbin/nologin -G icingacmd -g icinga icinga
-```
-
-On Alpine (which uses ash busybox) you can run:
-```
-# addgroup -S icinga
-# addgroup -S icingacmd
-# adduser -S -D -H -h /var/spool/icinga2 -s /sbin/nologin -G icinga -g icinga icinga
-# adduser icinga icingacmd
-```
-
-Add the web server user to the icingacmd group in order to grant it write
-permissions to the external command pipe and livestatus socket:
-```
-# usermod -a -G icingacmd www-data
-```
-
-Make sure to replace "www-data" with the name of the user your web server
-is running as.
-
-# Building Icinga 2
-
-Once you have installed all the necessary build requirements you can build
-Icinga 2 using the following commands:
-```
-$ mkdir build && cd build
-$ cmake ..
-$ make
-$ make install
-```
-
-You can specify an alternative installation prefix using `-DCMAKE_INSTALL_PREFIX`:
-```
-$ cmake .. -DCMAKE_INSTALL_PREFIX=/tmp/icinga2
-```
-
-## CMake Variables
-
-In addition to `CMAKE_INSTALL_PREFIX` here are most of the supported Icinga-specific cmake variables.
-
-**System Environment**
-- `ICINGA2_GIT_VERSION_INFO`: Whether to use Git to determine the version number; defaults to `ON`
-- `ICINGA2_USER`: The user Icinga 2 should run as; defaults to `icinga`
-- `ICINGA2_GROUP`: The group Icinga 2 should run as; defaults to `icinga`
-- `ICINGA2_COMMAND_GROUP`: The command group Icinga 2 should use; defaults to `icingacmd`
-- `ICINGA2_RUNDIR`: The location of the "run" directory; defaults to `CMAKE_INSTALL_LOCALSTATEDIR/run`
-- `CMAKE_INSTALL_SYSCONFDIR`: The configuration directory; defaults to `CMAKE_INSTALL_PREFIX/etc`
-- `ICINGA2_SYSCONFIGFILE`: Where to put the config file the initscript/systemd pulls it's dirs from;
-  defaults to `CMAKE_INSTALL_PREFIX/etc/sysconfig/icinga2`
-- `CMAKE_INSTALL_LOCALSTATEDIR`: The state directory; defaults to `CMAKE_INSTALL_PREFIX/var`
-- `ICINGA2_PLUGINDIR`: The path for the Monitoring Plugins project binaries; defaults to `/usr/lib/nagios/plugins`
-
-**Build Optimization**
-- `ICINGA2_UNITY_BUILD`: Whether to perform a unity build; defaults to `ON`
-- `ICINGA2_LTO_BUILD`: Whether to use link time optimization (LTO); defaults to `OFF`
-
-**Init System**
-- `USE_SYSTEMD=ON|OFF`: Use systemd or a classic SysV initscript; defaults to `OFF`
-- `INSTALL_SYSTEMD_SERVICE_AND_INITSCRIPT=ON|OFF` Force install both the systemd service definition file
-  and the SysV initscript in parallel, regardless of how `USE_SYSTEMD` is set.
-  Only use this for special packaging purposes and if you know what you are doing.
-  Defaults to `OFF`.
-
-**Features:**
-- `ICINGA2_WITH_CHECKER`: Determines whether the checker module is built; defaults to `ON`
-- `ICINGA2_WITH_COMPAT`: Determines whether the compat module is built; defaults to `ON`
-- `ICINGA2_WITH_DEMO`: Determines whether the demo module is built; defaults to `OFF`
-- `ICINGA2_WITH_HELLO`: Determines whether the hello module is built; defaults to `OFF`
-- `ICINGA2_WITH_LIVESTATUS`: Determines whether the Livestatus module is built; defaults to `ON`
-- `ICINGA2_WITH_NOTIFICATION`: Determines whether the notification module is built; defaults to `ON`
-- `ICINGA2_WITH_PERFDATA`: Determines whether the perfdata module is built; defaults to `ON`
-- `ICINGA2_WITH_TESTS`: Determines whether the unit tests are built; defaults to `ON`
-
-**MySQL or MariaDB:**
-
-The following settings can be tuned for the MySQL / MariaDB IDO feature.
-
-- `ICINGA2_WITH_MYSQL`: Determines whether the MySQL IDO module is built; defaults to `ON`
-- `MYSQL_CLIENT_LIBS`: Client implementation used (mysqlclient / mariadbclient); defaults searches for `mysqlclient` and `mariadbclient`
-- `MYSQL_INCLUDE_DIR`: Directory containing include files for the mysqlclient; default empty -
-  checking multiple paths like `/usr/include/mysql`
-
-See [FindMySQL.cmake](third-party/cmake/FindMySQL.cmake) for the implementation.
-
-**PostgreSQL:**
-
-The following settings can be tuned for the PostgreSQL IDO feature.
-
-- `ICINGA2_WITH_PGSQL`: Determines whether the PostgreSQL IDO module is built; defaults to `ON`
-- `PostgreSQL_INCLUDE_DIR`: Top-level directory containing the PostgreSQL include directories
-- `PostgreSQL_LIBRARY_DIR`: Top-level directory containing the PostgreSQL libraries
-
-See [FindMySQL.cmake](third-party/cmake/FindPostgreSQL.cmake) for the implementation.
-
-**Version detection:**
-
-CMake determines the Icinga 2 version number using `git describe` if the
-source directory is contained in a Git repository. Otherwise the version number
-is extracted from the [VERSION](VERSION) file. This behavior can be
-overridden by creating a file called `icinga-version.h.force` in the source
-directory. Alternatively the `-DICINGA2_GIT_VERSION_INFO=OFF` option for CMake
-can be used to disable the usage of `git describe`.
-
-# Building packages
-
-> **WARNING:** Some of this information is outdated!
-
-## Building RPMs
-
-### Build Environment on RHEL, CentOS, Fedora, Amazon Linux
-
-Setup your build environment:
-```
-yum -y install rpmdevtools
-```
-
-### Build Environment on SuSE/SLES
-
-SLES:
-```
-zypper addrepo http://download.opensuse.org/repositories/devel:tools/SLE_12_SP2/devel:tools.repo
-zypper refresh
-zypper install rpmdevtools spectool
-```
-
-OpenSuSE:
-```
-zypper addrepo http://download.opensuse.org/repositories/devel:tools/openSUSE_Leap_42.3/devel:tools.repo
-zypper refresh
-zypper install rpmdevtools spectool
-```
-
-### Package Builds
-
-Prepare the rpmbuild directory tree:
-```
-cd $HOME
-rpmdev-setuptree
-```
-
-Copy the icinga2.spec file to `rpmbuild/SPEC` or fetch the latest version:
-```
-curl https://raw.githubusercontent.com/Icinga/rpm-icinga2/master/icinga2.spec -o $HOME/rpmbuild/SPECS/icinga2.spec
-```
-
-Copy the tarball to `rpmbuild/SOURCES` e.g. by using the `spectool` binary
-provided with `rpmdevtools`:
-```
-cd $HOME/rpmbuild/SOURCES
-spectool -g ../SPECS/icinga2.spec
-
-cd $HOME/rpmbuild
-```
-
-Install the build dependencies. Example for CentOS 7:
-```
-yum -y install libedit-devel ncurses-devel gcc-c++ libstdc++-devel openssl-devel \
-cmake flex bison boost-devel systemd mysql-devel postgresql-devel httpd \
-selinux-policy-devel checkpolicy selinux-policy selinux-policy-doc
-```
-
-Note: If you are using Amazon Linux, systemd is not required.
-
-A shorter way is available using the `yum-builddep` command on RHEL based systems:
-```
-yum-builddep SPECS/icinga2.spec
-```
-
-Build the RPM:
-```
-rpmbuild -ba SPECS/icinga2.spec
-```
-
-### Additional Hints
-
-#### SELinux policy module
-
-The following packages are required to build the SELinux policy module:
-
-* checkpolicy
-* selinux-policy (selinux-policy on CentOS 6, selinux-policy-devel on CentOS 7)
-* selinux-policy-doc
-
-#### RHEL/CentOS 5 and 6
-
-The RedHat Developer Toolset is required for building Icinga 2 beforehand.
-This contains a modern version of flex and a C++ compiler which supports
-C++11 features.
-```
-cat >/etc/yum.repos.d/devtools-2.repo <<REPO
-[testing-devtools-2-centos-\$releasever]
-name=testing 2 devtools for CentOS $releasever
-baseurl=https://people.centos.org/tru/devtools-2/\$releasever/\$basearch/RPMS
-gpgcheck=0
-REPO
-```
-
-Dependencies to devtools-2 are used in the RPM SPEC, so the correct tools
-should be used for building.
-
-As an alternative, you can use newer Boost packages provided on
-[packages.icinga.com](https://packages.icinga.com/epel).
-```
-cat >$HOME/.rpmmacros <<MACROS
-%build_icinga_org 1
-MACROS
-```
-
-#### Amazon Linux
-
-If you prefer to build packages offline, a suitable Vagrant box is located
-[here](https://atlas.hashicorp.com/mvbcoding/boxes/awslinux/).
-
-#### SLES 11
-
-The Icinga repository provides the required boost package version and must be
-added before building.
-
-## Build Debian/Ubuntu packages
-
-> **WARNING:** This information is outdated!
-
-Setup your build environment on Debian/Ubuntu, copy the 'debian' directory from
-the Debian packaging Git repository (https://github.com/Icinga/pkg-icinga2-debian)
-into your source tree and run the following command:
-```
-$ dpkg-buildpackage -uc -us
-```
-
-## Build Alpine Linux packages
-
-A simple way to setup a build environment is installing Alpine in a chroot.
-In this way, you can set up an Alpine build environment in a chroot under a
-different Linux distro.
-There is a script that simplifies these steps with just two commands, and
-can be found [here](https://github.com/alpinelinux/alpine-chroot-install).
-
-Once the build environment is installed, you can setup the system to build
-the packages by following [this document](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package).
-
-# Build Post Install Tasks
-
-After building Icinga 2 yourself, your package build system should at least run the following post
-install requirements:
-
-* enable the `checker`, `notification` and `mainlog` feature by default
-* run 'icinga2 api setup' in order to enable the `api` feature and generate SSL certificates for the node
-
-## Run Icinga 2
-
-Icinga 2 comes with a binary that takes care of loading all the relevant
-components (e.g. for check execution, notifications, etc.):
-```
-# icinga2 daemon
-[2016-12-08 16:44:24 +0100] information/cli: Icinga application loader (version: v2.5.4-231-gb10a6b7; debug)
-[2016-12-08 16:44:24 +0100] information/cli: Loading configuration file(s).
-[2016-12-08 16:44:25 +0100] information/ConfigItem: Committing config item(s).
-...
-```
-
-### Init Script
-
-Icinga 2 can be started as a daemon using the provided init script:
-```
-# /etc/init.d/icinga2
-Usage: /etc/init.d/icinga2 {start|stop|restart|reload|checkconfig|status}
-```
-
-### Systemd
-
-If your distribution uses Systemd:
-```
-# systemctl {start|stop|reload|status|enable|disable} icinga2
-```
-
-In case the distribution is running Systemd >227, you'll also
-need to package and install the `etc/initsystem/icinga2.service.limits.conf`
-file into `/etc/systemd/system/icinga2.service.d`.
-
-### openrc
-
-Or if your distribution uses openrc (like Alpine):
-```
-# rc-service icinga2
-Usage: /etc/init.d/icinga2 {start|stop|restart|reload|checkconfig|status}
-  ```
-
-Note: the openrc's init.d is not shipped by default.
-A working init.d with openrc can be found here: (https://git.alpinelinux.org/cgit/aports/plain/community/icinga2/icinga2.initd). If you have customized some path, edit the file and adjust it according with your setup.
-Those few steps can be followed:
-```
-# wget https://git.alpinelinux.org/cgit/aports/plain/community/icinga2/icinga2.initd
-# mv icinga2.initd /etc/init.d/icinga2
-# chmod +x /etc/init.d/icinga2
-```
-
-Icinga 2 reads a single configuration file which is used to specify all
-configuration settings (global settings, hosts, services, etc.). The
-configuration format is explained in detail in the [doc/](doc/) directory.
-
-By default `make install` installs example configuration files in
-`/usr/local/etc/icinga2` unless you have specified a different prefix or
-sysconfdir.
diff --git a/NEWS b/NEWS
index ef80fe476..3cc501a7a 100644
--- a/NEWS
+++ b/NEWS
@@ -1 +1 @@
-News for this application can be found on the project website at https://www.icinga.com
+News for this application can be found on the project website at https://icinga.com
diff --git a/README.md b/README.md
index 595af36fe..31847a584 100644
--- a/README.md
+++ b/README.md
@@ -1,33 +1,60 @@
 [![Build Status](https://travis-ci.org/Icinga/icinga2.svg?branch=master)](https://travis-ci.org/Icinga/icinga2)
+[![Github Tag](https://img.shields.io/github/tag/Icinga/icinga2.svg)](https://github.com/Icinga/icinga2)
 
 # Icinga 2
 
-![Icinga Logo](https://www.icinga.com/wp-content/uploads/2014/06/icinga_logo.png)
+![Icinga Logo](https://icinga.com/wp-content/uploads/2014/06/icinga_logo.png)
 
 #### Table of Contents
 
 1. [About][About]
-2. [License][License]
-3. [Installation][Installation]
-4. [Documentation][Documentation]
-5. [Support][Support]
+2. [Installation][Installation]
+3. [Documentation][Documentation]
+4. [Support][Support]
+5. [License][License]
 6. [Contributing][Contributing]
 
 ## About
 
-Icinga 2 is an open source monitoring system which checks the availability of your
-network resources, notifies users of outages, and generates performance data for reporting.
+[Icinga](https://icinga.com/products/) is a monitoring system which checks
+the availability of your network resources, notifies users of outages, and generates
+performance data for reporting.
 
-Scalable and extensible, Icinga 2 can monitor large, complex environments across
+Scalable and extensible, Icinga can monitor large, complex environments across
 multiple locations.
 
-Icinga 2 as monitoring core works best with [Icinga Web 2](https://www.icinga.com/products/icinga-web-2/)
-as web interface.
+Icinga 2 is the monitoring server and requires [Icinga Web 2](https://icinga.com/products/)
+on top in your Icinga Stack. The [configuration](https://icinga.com/products/configuration/)
+can be easily managed with either the [Icinga Director](https://icinga.com/docs/director/latest/),
+config management tools or plain text within the [Icinga DSL](https://icinga.com/docs/icinga2/latest/doc/17-language-reference/).
 
-More information can be found at [www.icinga.com](https://www.icinga.com/products/icinga-2/)
-and inside the [documentation](https://www.icinga.com/docs/icinga2/latest/).
+![Icinga Dashboard](https://icinga.com/wp-content/uploads/2017/12/icingaweb2-2.5.0-dashboard.png)
 
-## Licensing
+## Installation
+
+* [Installation](https://icinga.com/docs/icinga2/latest/doc/02-installation/)
+* [Monitoring Basics](https://icinga.com/docs/icinga2/latest/doc/03-monitoring-basics/)
+* [Configuration](https://icinga.com/docs/icinga2/latest/doc/04-configuration/)
+* [Distributed Monitoring](https://icinga.com/docs/icinga2/latest/doc/06-distributed-monitoring/)
+* [Addons, Integrations and Features](https://icinga.com/docs/icinga2/latest/doc/13-addons/)
+* [Troubleshooting](https://icinga.com/docs/icinga2/latest/doc/15-troubleshooting/)
+* [Upgrading](https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/)
+
+Once Icinga Server and Web are running in your distributed environment,
+make sure to check out the many [Icinga modules](https://icinga.com/docs/)
+for even better monitoring.
+
+## Documentation
+
+The documentation is available on [icinga.com/docs](https://icinga.com/docs/icinga2/latest/).
+
+## Support
+
+Check the [project website](https://icinga.com) for status updates. Join the
+[community channels](https://icinga.com/community/) for questions
+or ask an Icinga partner for [professional support](https://icinga.com/support/).
+
+## License
 
 Icinga 2 and the Icinga 2 documentation are licensed under the terms of the GNU
 General Public License Version 2, you will find a copy of this license in the
@@ -47,21 +74,6 @@ so, delete this exception statement from your version. If you delete
 this exception statement from all source files in the program, then
 also delete it here.
 
-## Installation
-
-Read the [INSTALL.md](INSTALL.md) file for more information about how to install it.
-
-## Documentation
-
-The documentation is located in the [doc/](doc/) directory. The latest documentation
-is also available on https://docs.icinga.com
-
-## Support
-
-Check the project website at https://www.icinga.com for status updates. Join the
-[community channels](https://www.icinga.com/community) for questions
-or ask an Icinga partner for [professional support](https://www.icinga.com/services/support/).
-
 ## Contributing
 
 There are many ways to contribute to Icinga -- whether it be sending patches,
@@ -70,6 +82,13 @@ contribution is appreciated!
 
 Please continue reading in the [contributing chapter](CONTRIBUTING.md).
 
+If you are a packager, please read the [development chapter](https://icinga.com/docs/icinga2/latest/doc/21-development/)
+for more details.
+
+### Security Issues
+
+For reporting security issues please visit [this page](https://icinga.com/contact/security/).
+
 <!-- TOC URLs -->
 [About]: #about
 [License]: #license
diff --git a/RELEASE.md b/RELEASE.md
index 44a32cfa3..ab816d9cc 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -12,7 +12,7 @@
 - [5. Package Builds](#package-builds)
   - [5.1. RPM Packages](#rpm-packages)
   - [5.2. DEB Packages](#deb-packages)
-- [6. Build Server](#build-server)
+- [6. Build Server](#build-infrastructure)
 - [7. Release Tests](#release-tests)
 - [8. GitHub Release](#github-release)
 - [9. Chocolatey](#chocolatey)
@@ -26,7 +26,7 @@
 Specify the release version.
 
 ```
-VERSION=2.8.3
+VERSION=2.11.0
 ```
 
 Add your signing key to your Git configuration file, if not already there.
@@ -60,7 +60,7 @@ git log --use-mailmap | grep '^Author:' | cut -f2- -d' ' | sort | uniq > AUTHORS
 
 ## Version <a id="version"></a>
 
-Update the version in the version file:
+Update the version:
 
 ```
 sed -i "s/Version: .*/Version: $VERSION/g" VERSION
@@ -68,29 +68,12 @@ sed -i "s/Version: .*/Version: $VERSION/g" VERSION
 
 ## Changelog <a id="changelog"></a>
 
-Update the [CHANGELOG.md](CHANGELOG.md) file.
+Choose the most important issues and summarize them in multiple groups/paragraphs. Provide links to the mentioned
+issues/PRs. At the start include a link to the milestone's closed issues.
 
-Export these environment variables:
-
-```
-export ICINGA_GITHUB_AUTH_USERNAME='user'
-export ICINGA_GITHUB_AUTH_TOKEN='token'
-export ICINGA_GITHUB_PROJECT='icinga/icinga2'
-```
-
-Run the script which updates the [CHANGELOG.md](CHANGELOG.md) file.
-
-```
-./changelog.py
-git diff
-```
 
 ## Git Tag  <a id="git-tag"></a>
 
-> **Major Releases**: Commit these changes to the `master` branch.
->
-> **Minor Releases**: Commit changes to the `support` branch.
-
 ```
 git commit -v -a -m "Release version $VERSION"
 ```
@@ -112,135 +95,147 @@ git push --tags
 
 ```
 git checkout master
-git checkout -b support/2.9
-git push -u origin support/2.9
+git push
+
+git checkout -b support/2.12
+git push -u origin support/2.12
 ```
 
-**For minor releases:** Push the support branch, cherry-pick the release commit
-into master and merge the support branch:
-
-```
-git push -u origin support/2.8
-git checkout master
-git cherry-pick support/2.8
-git merge --strategy=ours support/2.8
-git push origin master
-```
 
 ## Package Builds  <a id="package-builds"></a>
 
+```
+mkdir $HOME/dev/icinga/packaging
+cd $HOME/dev/icinga/packaging
+```
+
 ### RPM Packages  <a id="rpm-packages"></a>
 
 ```
-git clone git@github.com:icinga/rpm-icinga2.git && cd rpm-icinga2
+git clone git@git.icinga.com:icinga/rpm-icinga2.git && cd rpm-icinga2
 ```
 
-#### Branch Workflow
-
-**Major releases** are branched off `master`.
+### DEB Packages <a id="deb-packages"></a>
 
 ```
-git checkout master && git pull
+git clone git@git.icinga.com:packaging/deb-icinga2.git && cd deb-icinga2
 ```
 
-**Bugfix releases** are created in the `release` branch and later merged to master.
+#### Raspbian Packages
 
 ```
-git checkout release && git pull
+git clone git@git.icinga.com:icinga/raspbian-icinga2.git && cd raspbian-icinga2
 ```
 
-#### Release Commit
-
-Set the `Version`, `Revision` and `changelog` inside the spec file.
+### Windows Packages
 
 ```
-sed -i "s/Version: .*/Version: $VERSION/g" icinga2.spec
+git clone git@git.icinga.com:icinga/windows-icinga2.git && cd windows-icinga2
+```
+
+
+### Branch Workflow
+
+Checkout `master` and create a new branch.
+
+* For releases use x.x[.x] as branch name (e.g. 2.11 or 2.11.1)
+* For releases with revision use x.x.x-n (e.g. 2.11.0-2)
+
+
+### Switch Build Type
+
+Edit file `.gitlab-ci.yml` and comment variable `ICINGA_BUILD_TYPE` out.
+
+```yaml
+variables:
+  ...
+  #ICINGA_BUILD_TYPE: snapshot
+  ...
+```
+
+Commit the change.
+
+```
+git commit -av -m "Switch build type for $VERSION-1"
+
+#### RPM Release Preparations
+
+Set the `Version`, `revision` and `%changelog` inside the spec file:
+
+```
+sed -i "s/Version:.*/Version:        $VERSION/g" icinga2.spec
 
 vim icinga2.spec
 
 %changelog
-* Tue Apr 24 2018 Jean Flach <jean.flach@icinga.com> 2.8.3-1
-- Update to 2.8.3
+* Thu Sep 19 2019 Michael Friedrich <michael.friedrich@icinga.com> 2.11.0-1
+- Update to 2.11.0
 ```
 
-```
-git commit -av -m "Release 2.8.3-1"
-git push
-```
+#### DEB and Raspbian Release Preparations
 
-**Note for major releases**: Update release branch to latest.
-`git checkout release && git pull && git merge master && git push`
-
-**Note for minor releases**: Cherry-pick the release commit into master.
-`git checkout master && git pull && git cherry-pick release && git push`
-
-
-### DEB Packages  <a id="deb-packages"></a>
+Update file `debian/changelog` and add at the beginning:
 
 ```
-git clone git@github.com:icinga/deb-icinga2.git && cd deb-icinga2
-```
+icinga2 (2.11.0-1) icinga; urgency=medium
 
-#### Branch Workflow
+  * Release 2.11.0
 
-**Major releases** are branched off `master`.
-
-```
-git checkout master && git pull
-```
-
-**Bugfix releases** are created in the `release` branch and later merged to master.
-
-```
-git checkout release && git pull
-```
-
-#### Release Commit
-
-Set the `Version`, `Revision` and `changelog` inside the spec file.
-
-```
-./dch 2.8.3-1 "Update to 2.8.3"
-```
-
-```
-git commit -av -m "Release 2.8.3-1"
-git push
-```
-
-```
-git commit -av -m "Release 2.8.3-1"
-```
-
-**Note for major releases**: Update release branch to latest.
-`git checkout release && git pull && git merge master && git push`
-
-**Note for minor releases**: Cherry-pick the release commit into master.
-`git checkout master && git pull && git cherry-pick release && git push`
-
-
-#### DEB with dch on macOS
-
-```
-docker run -v `pwd`:/mnt/packaging -ti ubuntu:xenial bash
-
-apt-get update
-apt-get install git dev-tools vim
-cd /mnt/packaging
-
-git config --global user.name "Michael Friedrich"
-git config --global user.email "michael.friedrich@icinga.com"
-
-./dch 2.8.3-1 "Update to 2.8.3"
+ -- Michael Friedrich <michael.friedrich@icinga.com>  Thu, 19 Sep 2019 10:50:31 +0200
 ```
 
 
-## Build Server <a id="build-server"></a>
+### Release Commit
+
+Commit the changes and push the branch.
+
+```
+git commit -av -m "Release $VERSION-1"
+git push origin 2.11
+```
+
+GitLab will now build snapshot packages based on the tag `v2.11.0` of Icinga 2.
+
+### Package Tests
+
+In order to test the created packages you can download a job's artifacts:
+
+Visit [git.icinga.com](https://git.icinga.com/packaging/rpm-icinga2)
+and navigate to the respective pipeline under `CI / CD -> Pipelines`.
+
+There click on the job you want to download packages from.
+
+The job's output appears. On the right-hand sidebar you can browse its artifacts.
+
+Once there, navigate to `build/RPMS/noarch` where you'll find the packages.
+
+### Release Packages
+
+To build release packages and upload them to [packages.icinga.com](https://packages.icinga.com)
+tag the release commit and push it.
+
+```
+git tag -s 2.11.0-1
+git push origin 2.11.0-1
+```
+
+Now cherry pick the release commit to `master` so that the changes are transferred back to it.
+
+**Attention**: Only the release commit. *NOT* the one switching the build type!
+
+
+## Build Infrastructure <a id="build-infrastructure"></a>
+
+https://git.icinga.com/packaging/rpm-icinga2/pipelines
+https://git.icinga.com/packaging/deb-icinga2/pipelines
+https://git.icinga.com/packaging/windows-icinga2/pipelines
+https://git.icinga.com/packaging/raspbian-icinga2/pipelines
 
 * Verify package build changes for this version.
 * Test the snapshot packages for all distributions beforehand.
-* Build the newly created Git tag for Debian/RHEL/SuSE.
-* Build the newly created Git tag for Windows.
+
+Once the release repository tags are pushed, release builds
+are triggered and automatically published to packages.icinga.com
 
 ## Release Tests  <a id="release-tests"></a>
 
@@ -249,52 +244,127 @@ git config --global user.email "michael.friedrich@icinga.com"
 * Test the [setup wizard](https://packages.icinga.com/windows/) inside a Windows VM.
 * Start a new docker container and install/run icinga2.
 
-Example for CentOS7:
+### CentOS
 
 ```
 docker run -ti centos:latest bash
 
 yum -y install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
+yum -y install epel-release
 yum -y install icinga2
 icinga2 daemon -C
 ```
 
+### Ubuntu
+
+```
+docker run -ti ubuntu:bionic bash
+
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
+
+wget -O - https://packages.icinga.com/icinga.key | apt-key add -
+
+. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
+ echo "deb https://packages.icinga.com/ubuntu icinga-${DIST} main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+ echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST} main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+
+apt-get update
+
+apt-get -y install icinga2
+icinga2 daemon -C
+```
+
+
 ## GitHub Release  <a id="github-release"></a>
 
 Create a new release for the newly created Git tag: https://github.com/Icinga/icinga2/releases
 
+> Hint: Choose [tags](https://github.com/Icinga/icinga2/tags), pick one to edit and
+> make this a release. You can also create a draft release.
+
+The release body should contain a short changelog, with links
+into the roadmap, changelog and blogpost.
+
+
 ## Chocolatey  <a id="chocolatey"></a>
 
 Navigate to the git repository on your Windows box which
 already has chocolatey installed. Pull/checkout the release.
 
-Create the nupkg package:
+Create the nupkg package (or use the one generated on https://packages.icinga.com/windows):
 
 ```
 cpack
 ```
 
-Install the created icinga2 package locally:
+Fetch the API key from https://chocolatey.org/account and use the `choco push`
+command line.
 
 ```
-choco install icinga2 -version 2.8.3 -fdv "%cd%" -source "'%cd%;https://chocolatey.org/api/v2/'"
+choco apikey --key xxx --source https://push.chocolatey.org/
+
+choco push Icinga2-v2.11.0.nupkg --source https://push.chocolatey.org/
 ```
 
-Upload the package to [chocolatey](https://chocolatey.org/packages/upload).
 
 ## Post Release  <a id="post-release"></a>
 
 ### Online Documentation  <a id="online-documentation"></a>
 
-Ask @bobapple to update the documentation at docs.icinga.com.
+> Only required for major releases.
+
+Navigate to `puppet-customer/icinga.git` and do the following steps:
+
+#### Testing
+
+```
+git checkout testing && git pull
+vim files/var/www/docs/config/icinga2-latest.yml
+
+git commit -av -m "icinga-web: Update docs for Icinga 2"
+
+git push
+```
+
+SSH into the webserver and do a manual Puppet dry run with the testing environment.
+
+```
+puppet agent -t --environment testing --noop
+```
+
+Once succeeded, continue with production deployment.
+
+#### Production
+
+```
+git checkout master && git pull
+git merge testing
+git push
+```
+
+SSH into the webserver and do a manual Puppet run from the production environment (default).
+
+```
+puppet agent -t
+```
+
+#### Manual Generation
+
+SSH into the webserver or ask @bobapple.
+
+```
+cd /usr/local/icinga-docs-tools && ./build-docs.rb -c /var/www/docs/config/icinga2-latest.yml
+```
 
 ### Announcement  <a id="announcement"></a>
 
-* Create a new blog post on www.icinga.com/blog
-* Social media: [Twitter](https://twitter.com/icinga), [Facebook](https://www.facebook.com/icinga), [G+](https://plus.google.com/+icinga), [Xing](https://www.xing.com/communities/groups/icinga-da4b-1060043), [LinkedIn](https://www.linkedin.com/groups/Icinga-1921830/about)
-* Update IRC channel topic
+* Create a new blog post on [icinga.com/blog](https://icinga.com/blog) including a featured image
+* Create a release topic on [community.icinga.com](https://community.icinga.com)
+* Release email to net-tech & team
 
 ### Project Management  <a id="project-management"></a>
 
 * Add new minor version on [GitHub](https://github.com/Icinga/icinga2/milestones).
-* Close the released version on [GitHub](https://github.com/Icinga/icinga2/milestones).
diff --git a/VERSION b/VERSION
index 0abdb3cf0..1ec9a7841 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-Version: 2.8.4
+Version: 2.11.0
 Revision: 1
diff --git a/agent/CMakeLists.txt b/agent/CMakeLists.txt
index 98885c62b..59c1e26c4 100644
--- a/agent/CMakeLists.txt
+++ b/agent/CMakeLists.txt
@@ -1,26 +1,10 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 if(MSVC)
   include_external_msproject(
     icinga2setupagent
     ${CMAKE_CURRENT_SOURCE_DIR}/windows-setup-agent/Icinga2SetupAgent.csproj
     TYPE FAE04EC0-301F-11D3-BF4B-00C04F79EFBC
-    PLATFORM Win32
   )
 
   install(
diff --git a/agent/windows-setup-agent/App.config b/agent/windows-setup-agent/App.config
index 49c7a61c6..5669c3558 100644
--- a/agent/windows-setup-agent/App.config
+++ b/agent/windows-setup-agent/App.config
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <configuration>
-    <startup>
-	<supportedRuntime version="v2.0.50727" />
-        <supportedRuntime version="v4.0" />
-    </startup>
+  <startup>
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6"/>
+  </startup>
 </configuration>
\ No newline at end of file
diff --git a/agent/windows-setup-agent/Icinga2SetupAgent.csproj b/agent/windows-setup-agent/Icinga2SetupAgent.csproj
index 0a5146d95..17fe54ff5 100644
--- a/agent/windows-setup-agent/Icinga2SetupAgent.csproj
+++ b/agent/windows-setup-agent/Icinga2SetupAgent.csproj
@@ -3,13 +3,13 @@
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">x86</Platform>
+    <Platform Condition=" '$(Platform)' == '' ">x64</Platform>
     <ProjectGuid>{A86F1159-66E8-4BDB-BF28-A2BDAF76517C}</ProjectGuid>
     <OutputType>WinExe</OutputType>
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>Icinga</RootNamespace>
     <AssemblyName>Icinga2SetupAgent</AssemblyName>
-    <TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.6</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <TargetFrameworkProfile />
     <PublishUrl>publish\</PublishUrl>
@@ -37,6 +37,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x86' ">
     <PlatformTarget>x86</PlatformTarget>
@@ -46,6 +47,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'RelWithDebInfo|x86' ">
     <PlatformTarget>x86</PlatformTarget>
@@ -55,6 +57,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'MinSizeRel|x86' ">
     <PlatformTarget>x86</PlatformTarget>
@@ -64,6 +67,48 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|Win32' ">
+    <PlatformTarget>x86</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|Win32' ">
+    <PlatformTarget>x86</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'RelWithDebInfo|Win32' ">
+    <PlatformTarget>x86</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\RelWithDebInfo\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'MinSizeRel|Win32' ">
+    <PlatformTarget>x86</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\MinSizeRel\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x64' ">
     <PlatformTarget>x64</PlatformTarget>
@@ -74,6 +119,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x64' ">
     <PlatformTarget>x64</PlatformTarget>
@@ -83,6 +129,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'RelWithDebInfo|x64' ">
     <PlatformTarget>x64</PlatformTarget>
@@ -92,6 +139,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'MinSizeRel|x64' ">
     <PlatformTarget>x64</PlatformTarget>
@@ -101,6 +149,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup>
     <ApplicationIcon>icinga.ico</ApplicationIcon>
@@ -203,7 +252,7 @@
     </BootstrapperPackage>
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
   </Target>
diff --git a/agent/windows-setup-agent/Properties/AssemblyInfo.cs b/agent/windows-setup-agent/Properties/AssemblyInfo.cs
index 34d61840c..44d894c1f 100644
--- a/agent/windows-setup-agent/Properties/AssemblyInfo.cs
+++ b/agent/windows-setup-agent/Properties/AssemblyInfo.cs
@@ -8,9 +8,9 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTitle("Icinga 2 Agent Wizard")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("Icinga Development Team")]
+[assembly: AssemblyCompany("Icinga GmbH")]
 [assembly: AssemblyProduct("Icinga 2")]
-[assembly: AssemblyCopyright("Copyright © 2014-2018 Icinga Development Team")]
+[assembly: AssemblyCopyright("Copyright © 2019 Icinga GmbH")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 
diff --git a/agent/windows-setup-agent/Properties/Resources.Designer.cs b/agent/windows-setup-agent/Properties/Resources.Designer.cs
index cb365d286..737e2d3d4 100644
--- a/agent/windows-setup-agent/Properties/Resources.Designer.cs
+++ b/agent/windows-setup-agent/Properties/Resources.Designer.cs
@@ -1,7 +1,7 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:4.0.30319.34011
+//     Runtime Version:4.0.30319.42000
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -19,7 +19,7 @@ namespace Icinga.Properties {
     // class via a tool like ResGen or Visual Studio.
     // To add or remove a member, edit your .ResX file then rerun ResGen
     // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "15.0.0.0")]
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
     internal class Resources {
@@ -65,7 +65,7 @@ namespace Icinga.Properties {
         /// </summary>
         internal static System.Drawing.Bitmap icinga_banner {
             get {
-                object obj = ResourceManager.GetObject("icinga-banner", resourceCulture);
+                object obj = ResourceManager.GetObject("icinga_banner", resourceCulture);
                 return ((System.Drawing.Bitmap)(obj));
             }
         }
diff --git a/agent/windows-setup-agent/Properties/Resources.resx b/agent/windows-setup-agent/Properties/Resources.resx
index ccc5fab1e..864cbe11f 100644
--- a/agent/windows-setup-agent/Properties/Resources.resx
+++ b/agent/windows-setup-agent/Properties/Resources.resx
@@ -118,7 +118,7 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
-  <data name="icinga-banner" type="System.Resources.ResXFileRef, System.Windows.Forms">
+  <data name="icinga_banner" type="System.Resources.ResXFileRef, System.Windows.Forms">
     <value>..\icinga-banner.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
   </data>
 </root>
\ No newline at end of file
diff --git a/agent/windows-setup-agent/Properties/Settings.Designer.cs b/agent/windows-setup-agent/Properties/Settings.Designer.cs
index f1515dde6..ad169dae3 100644
--- a/agent/windows-setup-agent/Properties/Settings.Designer.cs
+++ b/agent/windows-setup-agent/Properties/Settings.Designer.cs
@@ -1,7 +1,7 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:4.0.30319.34011
+//     Runtime Version:4.0.30319.42000
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -12,7 +12,7 @@ namespace Icinga.Properties {
     
     
     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "12.0.0.0")]
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "15.9.0.0")]
     internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
         
         private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
diff --git a/agent/windows-setup-agent/ServiceStatus.Designer.cs b/agent/windows-setup-agent/ServiceStatus.Designer.cs
index 874f29672..cda0fd418 100644
--- a/agent/windows-setup-agent/ServiceStatus.Designer.cs
+++ b/agent/windows-setup-agent/ServiceStatus.Designer.cs
@@ -28,95 +28,95 @@
 		/// </summary>
 		private void InitializeComponent()
 		{
-            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(ServiceStatus));
-            this.picBanner = new System.Windows.Forms.PictureBox();
-            this.lblStatus = new System.Windows.Forms.Label();
-            this.txtStatus = new System.Windows.Forms.TextBox();
-            this.btnReconfigure = new System.Windows.Forms.Button();
-            this.btnOK = new System.Windows.Forms.Button();
-            this.btnOpenConfigDir = new System.Windows.Forms.Button();
-            ((System.ComponentModel.ISupportInitialize)(this.picBanner)).BeginInit();
-            this.SuspendLayout();
-            // 
-            // picBanner
-            // 
-            this.picBanner.Image = global::Icinga.Properties.Resources.icinga_banner;
-            this.picBanner.Location = new System.Drawing.Point(0, 0);
-            this.picBanner.Name = "picBanner";
-            this.picBanner.Size = new System.Drawing.Size(625, 77);
-            this.picBanner.TabIndex = 2;
-            this.picBanner.TabStop = false;
-            // 
-            // lblStatus
-            // 
-            this.lblStatus.AutoSize = true;
-            this.lblStatus.Location = new System.Drawing.Point(12, 105);
-            this.lblStatus.Name = "lblStatus";
-            this.lblStatus.Size = new System.Drawing.Size(79, 13);
-            this.lblStatus.TabIndex = 3;
-            this.lblStatus.Text = "Service Status:";
-            // 
-            // txtStatus
-            // 
-            this.txtStatus.Location = new System.Drawing.Point(97, 102);
-            this.txtStatus.Name = "txtStatus";
-            this.txtStatus.ReadOnly = true;
-            this.txtStatus.Size = new System.Drawing.Size(278, 20);
-            this.txtStatus.TabIndex = 3;
-            // 
-            // btnReconfigure
-            // 
-            this.btnReconfigure.Location = new System.Drawing.Point(195, 143);
-            this.btnReconfigure.Name = "btnReconfigure";
-            this.btnReconfigure.Size = new System.Drawing.Size(89, 23);
-            this.btnReconfigure.TabIndex = 1;
-            this.btnReconfigure.Text = "Reconfigure";
-            this.btnReconfigure.UseVisualStyleBackColor = true;
-            this.btnReconfigure.Click += new System.EventHandler(this.btnReconfigure_Click);
-            // 
-            // btnOK
-            // 
-            this.btnOK.DialogResult = System.Windows.Forms.DialogResult.Cancel;
-            this.btnOK.Location = new System.Drawing.Point(290, 143);
-            this.btnOK.Name = "btnOK";
-            this.btnOK.Size = new System.Drawing.Size(89, 23);
-            this.btnOK.TabIndex = 0;
-            this.btnOK.Text = "OK";
-            this.btnOK.UseVisualStyleBackColor = true;
-            this.btnOK.Click += new System.EventHandler(this.btnOK_Click);
-            // 
-            // btnOpenConfigDir
-            // 
-            this.btnOpenConfigDir.DialogResult = System.Windows.Forms.DialogResult.Cancel;
-            this.btnOpenConfigDir.Location = new System.Drawing.Point(100, 143);
-            this.btnOpenConfigDir.Name = "btnOpenConfigDir";
-            this.btnOpenConfigDir.Size = new System.Drawing.Size(89, 23);
-            this.btnOpenConfigDir.TabIndex = 2;
-            this.btnOpenConfigDir.Text = "Examine Config";
-            this.btnOpenConfigDir.UseVisualStyleBackColor = true;
-            this.btnOpenConfigDir.Click += new System.EventHandler(this.btnOpenConfigDir_Click);
-            // 
-            // ServiceStatus
-            // 
-            this.AcceptButton = this.btnOK;
-            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
-            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
-            this.CancelButton = this.btnOK;
-            this.ClientSize = new System.Drawing.Size(391, 186);
-            this.Controls.Add(this.btnOpenConfigDir);
-            this.Controls.Add(this.btnOK);
-            this.Controls.Add(this.btnReconfigure);
-            this.Controls.Add(this.txtStatus);
-            this.Controls.Add(this.lblStatus);
-            this.Controls.Add(this.picBanner);
-            this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedSingle;
-            this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
-            this.MaximizeBox = false;
-            this.Name = "ServiceStatus";
-            this.Text = "Icinga 2 Service Status";
-            ((System.ComponentModel.ISupportInitialize)(this.picBanner)).EndInit();
-            this.ResumeLayout(false);
-            this.PerformLayout();
+			System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(ServiceStatus));
+			this.picBanner = new System.Windows.Forms.PictureBox();
+			this.lblStatus = new System.Windows.Forms.Label();
+			this.txtStatus = new System.Windows.Forms.TextBox();
+			this.btnReconfigure = new System.Windows.Forms.Button();
+			this.btnOK = new System.Windows.Forms.Button();
+			this.btnOpenConfigDir = new System.Windows.Forms.Button();
+			((System.ComponentModel.ISupportInitialize)(this.picBanner)).BeginInit();
+			this.SuspendLayout();
+			// 
+			// picBanner
+			// 
+			this.picBanner.Image = global::Icinga.Properties.Resources.icinga_banner;
+			this.picBanner.Location = new System.Drawing.Point(0, 0);
+			this.picBanner.Name = "picBanner";
+			this.picBanner.Size = new System.Drawing.Size(625, 77);
+			this.picBanner.TabIndex = 2;
+			this.picBanner.TabStop = false;
+			// 
+			// lblStatus
+			// 
+			this.lblStatus.AutoSize = true;
+			this.lblStatus.Location = new System.Drawing.Point(12, 105);
+			this.lblStatus.Name = "lblStatus";
+			this.lblStatus.Size = new System.Drawing.Size(79, 13);
+			this.lblStatus.TabIndex = 3;
+			this.lblStatus.Text = "Service Status:";
+			// 
+			// txtStatus
+			// 
+			this.txtStatus.Location = new System.Drawing.Point(97, 102);
+			this.txtStatus.Name = "txtStatus";
+			this.txtStatus.ReadOnly = true;
+			this.txtStatus.Size = new System.Drawing.Size(278, 20);
+			this.txtStatus.TabIndex = 3;
+			// 
+			// btnReconfigure
+			// 
+			this.btnReconfigure.Location = new System.Drawing.Point(195, 143);
+			this.btnReconfigure.Name = "btnReconfigure";
+			this.btnReconfigure.Size = new System.Drawing.Size(89, 23);
+			this.btnReconfigure.TabIndex = 1;
+			this.btnReconfigure.Text = "Reconfigure";
+			this.btnReconfigure.UseVisualStyleBackColor = true;
+			this.btnReconfigure.Click += new System.EventHandler(this.btnReconfigure_Click);
+			// 
+			// btnOK
+			// 
+			this.btnOK.DialogResult = System.Windows.Forms.DialogResult.Cancel;
+			this.btnOK.Location = new System.Drawing.Point(290, 143);
+			this.btnOK.Name = "btnOK";
+			this.btnOK.Size = new System.Drawing.Size(89, 23);
+			this.btnOK.TabIndex = 0;
+			this.btnOK.Text = "OK";
+			this.btnOK.UseVisualStyleBackColor = true;
+			this.btnOK.Click += new System.EventHandler(this.btnOK_Click);
+			// 
+			// btnOpenConfigDir
+			// 
+			this.btnOpenConfigDir.DialogResult = System.Windows.Forms.DialogResult.Cancel;
+			this.btnOpenConfigDir.Location = new System.Drawing.Point(100, 143);
+			this.btnOpenConfigDir.Name = "btnOpenConfigDir";
+			this.btnOpenConfigDir.Size = new System.Drawing.Size(89, 23);
+			this.btnOpenConfigDir.TabIndex = 2;
+			this.btnOpenConfigDir.Text = "Examine Config";
+			this.btnOpenConfigDir.UseVisualStyleBackColor = true;
+			this.btnOpenConfigDir.Click += new System.EventHandler(this.btnOpenConfigDir_Click);
+			// 
+			// ServiceStatus
+			// 
+			this.AcceptButton = this.btnOK;
+			this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+			this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+			this.CancelButton = this.btnOK;
+			this.ClientSize = new System.Drawing.Size(391, 186);
+			this.Controls.Add(this.btnOpenConfigDir);
+			this.Controls.Add(this.btnOK);
+			this.Controls.Add(this.btnReconfigure);
+			this.Controls.Add(this.txtStatus);
+			this.Controls.Add(this.lblStatus);
+			this.Controls.Add(this.picBanner);
+			this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedSingle;
+			this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
+			this.MaximizeBox = false;
+			this.Name = "ServiceStatus";
+			this.Text = "Icinga Windows Agent Service Status";
+			((System.ComponentModel.ISupportInitialize)(this.picBanner)).EndInit();
+			this.ResumeLayout(false);
+			this.PerformLayout();
 
 		}
 
diff --git a/agent/windows-setup-agent/ServiceStatus.cs b/agent/windows-setup-agent/ServiceStatus.cs
index e9782fe1d..c1272a98d 100644
--- a/agent/windows-setup-agent/ServiceStatus.cs
+++ b/agent/windows-setup-agent/ServiceStatus.cs
@@ -1,9 +1,4 @@
 using System;
-using System.Collections.Generic;
-using System.ComponentModel;
-using System.Data;
-using System.Drawing;
-using System.Text;
 using System.Windows.Forms;
 using System.ServiceProcess;
 using System.Diagnostics;
diff --git a/agent/windows-setup-agent/ServiceStatus.resx b/agent/windows-setup-agent/ServiceStatus.resx
index 724f4a292..0eff4d7ba 100644
--- a/agent/windows-setup-agent/ServiceStatus.resx
+++ b/agent/windows-setup-agent/ServiceStatus.resx
@@ -112,27 +112,469 @@
     <value>2.0</value>
   </resheader>
   <resheader name="reader">
-    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <resheader name="writer">
-    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <assembly alias="System.Drawing" name="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
     <value>
-        AAABAAEAICAQAAAABADoAgAAFgAAACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAA
-        AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//
-        AAD///8AAAAAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAcAAAcAB3AAAAAAAAAAAAAAcABwB///cA
-        AAAAAAAAAAAAcAAA////AAAAAAAAAAAAAAAAAP///3AAAAAAAAAAAAAAAAD///9wAAAAAAAAAAAAAAAA
-        j//4AAAAB3AAAAAAAAAAAAj/jwAAAA/4AAAAAAAAAAAAAAiAAAAP9wAAAAAAAAAAAAAH9wAAf3AAAAAA
-        AAAAAAAAAH93d/cAAAAAAAAAAAAAAAB////3AAAAAAAAAAAAAAAA/////wAAAAAAAAAAAAAAB/////9w
-        AAAAAAAAAAAAAAf/////gAAAAAAAAAAAAAAH//////h3AAAAAAAAAAAAB/////+I//h3eHAAAAAAAAD/
-        ////AAB3j//3AAAAAAB4////9wAAAAf/+AAAAAf/+AB4iPAAAAAAj/cAAAAH//AAAAD3AAAAAAcAAAAA
-        B/+AAAAAjwAAAAAAAAAAAAB3AAAAAA9wAAAAAAAAAAAAAAAAAAAIh3AAAAAAAAAAAAAAAAAAD//wAAAA
-        AAAAAAAAAAAAAH//9wAAAAAAAAAAAAAAAAB///cAAAAAAAcAAAAAAAAACP+AAAAAAHAAcAAAAAAAAAB3
-        AAAAAAcAAAcAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAD/////4AAAB8AAAAOAAAABgAAAAYAA
-        AAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAA
-        AAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAcAAAAPgAAAH/////w==
+        AAABAAUAEBAAAAEAIABoBAAAVgAAABgYAAABACAAiAkAAL4EAAAgIAAAAQAgAKgQAABGDgAAMDAAAAEA
+        IACoJQAA7h4AAAAAAAABACAA6iUAAJZEAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAADDDgAAww4AAAAA
+        AAAAAAAAv5UA/7+VAP+/lQD/v5UB/7+WAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+UAf++kwD/v5YB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/76TAP/Alwv/xZ8Z/72SAP+/lQD/v5UA/7+WAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf++kwD/7eG3///////Orj3/vJAA/8CWA/+9kgD/v5QA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf+/lQD/v5QA//Hoyf//////0rVQ/7yQAP/AlwX/yKMj/8CX
+        Bf+/lAD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/DnBb/zaw2/8WfHP+7jgD/vJAB/9a7
+        Xf/BmQn/vpQA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/vpQD/7qMAP/LqTT/7N+y/+na
+        p//EnSD/vZEA/8CWAv/AlgL/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CXBP+9kgD/7N+z////
+        ////////5dSX/7uPAP+/lQP/vJAA/7uOAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lAL/uYsA/+3h
+        uP///////////+fYov/EnRX/xqEd/82tOv/Vulr/vpQA/7+VAP+/lQD/v5UA/7+VAf++kwD/xJ0S/8+v
+        Qf/NrTr/696v/+zgtP/Fnxv/v5UA/72SAP/cxXP/9e7X/76TAP+/lQD/v5UB/7+VAP+/lgL/vJEA/8uo
+        L//j0ZD/u48A/7uOAP/Algv/wZgQ/7uOAP+/lQD/vpMB/7+VBP+/lAD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP++kwD/vI8A/8CWA//AlgL/wJYE/+nbqf/awWr/vJEA/8CWA/+/lQH/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UB/8CWAv+/lQH/vpQA/8GYCf/7+fD/696w/7uPAP/AlgP/v5UB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP++kwD/w5sS/8GYC/++lAD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76TAP++lAH/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgH/v5UB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAoAAAAGAAAADAAAAABACAAAAAAAAAJAADDDgAAww4AAAAAAAAAAAAAv5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/wJcE/8CWAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        Af+7jwD/uo0A/7yRAP+/lgD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/72SAP/Yv2j/6t2s/82tPf+8kQD/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP/AlgP/u48A/9K0S/////////////n16P/DnBL/vpMA/7+WAf+/lQD/v5YC/7+WAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlwT/u44A/9W6Wf////////////v5
+        8f/Fnxn/vpMA/7+VAf+/lgD/vZEA/72SAP+/lgD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQH/v5UA/7+VBP/k05b/9e/Z/9/Kgv++kwH/wJYE/8GYCP+7jwD/3cd6/9W6
+        Wf+7jgD/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76U
+        AP+8kAH/vJEA/8KaFv/Mqjb/uowA/7uOAf+7jgD/17xh/8ikJP+9kgD/v5YB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf/AlgP/wJYD/72RAP/JpS3/3sl9/+PR
+        kf/bxHD/wpoc/7yPAP/AlgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5YB/72SAP/o2qb///////79+v//////3cd7/7yQAP/AlwT/v5YB/7+V
+        AP+/lQH/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgL/vJEA/8uo
+        L////////v37//38+f//////+PTl/8KZDP+9kQD/vpMB/76UAP+/lAH/vZIA/7+VAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/vZIA/8upMP///////v37//79+f//////+vbr/86u
+        Pf/Kpiz/x6Ig/8KZC//Alwr/x6Mj/76TAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP++kwH/uo0A/7+VBf/x58b///////79+v//////4MuF/7yQAP/EnRL/yKMk/8ejI//q3Kv//////9K0
+        TP+7jwD/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/Fnhf/2L5k/86tPP/EnRb/3MZ2/+jZ
+        pP/fyoH/v5UJ/7+VAP++lAD/vpMD/7qNAP/eyHz//Pr1/82sOf+8kAD/wJYD/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJYD/7uPAP/StEv//////8mlKf+7jwD/vI8D/7mLAP/EnR7/yKUp/7yQAP/AlwP/v5UB/7+V
+        Af+9kgL/wJYH/72SAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgT/xJ4Y/7+U
+        Af+/lgH/wJcE/8CXBP+/lAL/zKo3/8SdFv+9kQD/v5UA/7+VAP+/lQH/v5QB/7+WAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/vZIA/7+VAP+/lQD/v5UB/7+VAP+/lAD/696x////
+        ///VuVf/vJAA/8CWA/+/lQD/v5UB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5YC/7+VAP+/lQD/v5YB/76TAP/EnhX/+vfs///////l1Jn/u44A/8CXBP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+W
+        Av+9kQD/1rtd/+japv/GoR//vZIA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/vJAA/7qNAP+9kgD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/wJYD/8CXBP+/lgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAA
+        AABAAAAAAQAgAAAAAAAAEAAAww4AAMMOAAAAAAAAAAAAAL+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/wJYD/7+VAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/76TAf+8kAD/vpQB/8CWAv+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+WAf+8kAD/w5wV/86tOv/CmhH/vJEA/7+W
+        Af+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgL/vJEA/86tPv/69+3///////j0
+        5f/KqDH/vZEA/8CWAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+WAf+9kgD/7+XC////
+        ///9/Pj//////+vfsv+8kAD/wJYC/7+VAP+/lQD/v5UA/7+WAf/AlgP/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76U
+        AP/z69H///////z79f//////7+XC/72RAP+/lgL/v5UA/7+VAP+/lQD/vZIA/7yPAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP/AlgP/u48A/9m/af///////v37///////Wu2H/u44A/8CXA/+/lQD/v5UB/76TAP/HoyL/0LJG/76U
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQH/vZEA/8+wQ//dyHr/0LFF/8+vQf++lAT/wJYC/8CXBP/BmAj/uo0A/9zF
+        eP/38uD/vpMA/7+VAP+/lQH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgL/vJAA/7qOAf+6jAD/yqcv/86uP/+6jQD/u44C/7uO
+        AP+9kQD/0rVP/8SeF/++kwD/v5UB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/wJcE/8CXBP+9kQD/zKo3/9Cy
+        R//awm7/17xf/8+wQv/Ioyj/vJAA/8CWAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/7yQ
+        AP/eyX////////7+/P///////v37/9CySf+8kAD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CW
+        A/+8kAD/0LFF///////+/vz//v37//79+v//////+PTm/8OcFP++lAD/wJYD/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJcE/7uOAP/k0pP///////79+/////////////79+///////0rRP/7mLAP++kwP/vpQA/7+V
+        Af/AlgL/wJYD/7+VAf/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlwT/u44A/+XTl////////v37/////////////v78///////fyYD/yqcu/8il
+        J//Cmw7/vpQA/72RAP+8kAD/vpQB/7yRAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UB/8GYB/+8kAD/z7BI///////+/vz//v36//79+v//////+vbq/8Wg
+        HP/EnRT/y6ky/8+vQf/Qskf/y6gx/93GeP/48+L/171g/7yRAP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP++kwD/uo0A/7yQAP/LqC//6Nqn/////////v7///////37
+        9v/Tt1X/u48A/76UAv+9kQD/vZIA/7+WAv/HoiH/+PTm///////z69D/vpQA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgH/vpMA/8ahHf/gy4P/1rte/8qnL/+7jwD/zq8+/+DL
+        g//cxnX/1rth/7yRA/+/lgD/v5UB/7+WAv+/lgL/v5UC/7uPAP/eyX7//Pr0/9rDb/+8kQD/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CXBP+7jgD/2cFr///////hzoz/uYsA/8GY
+        Bv+8kAD/u44C/7iJAP/JpjL/y6gy/72SAP/AlwT/v5UA/7+VAP+/lQD/v5UB/72RAf/Alwj/vZEA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/EnRX/3MV2/8ah
+        H/++kwD/v5YB/8CWA//AlwX/wJYC/8CXCf/Rs0z/u44A/7yQAP+/lgH/v5UA/7+VAP+/lQD/v5YC/7+U
+        AP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76T
+        AP+6jQD/vpMA/7+VAP+/lQD/v5UA/7+VAP/AlgL/u48A/8yrQP/eyX3/zKo2/72RAP+/lgH/v5UA/7+V
+        AP+/lQD/v5UB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UB/8CXBP+/lgH/v5UA/7+VAP+/lQD/v5UB/7+VAP+/lQL/7uO+////////////0LJG/7yQ
+        AP/AlgP/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgL/vZIA/8agHP/9+/b//v35////
+        ///fy4L/uo0A/8CXBP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgH/vZIA/+fX
+        of//////+vfr/8qnLv+9kQD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP++lAD/vpQF/8yrNf/Fnhr/vZEA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQL/vJAA/76TAf/AlgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/v5YB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP8AAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgA
+        AAAwAAAAYAAAAAEAIAAAAAAAACQAAMMOAADDDgAAAAAAAAAAAAC/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+WAv/AlgT/wJYD/7+VAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/72SAP+7jgD/vJAA/7+V
+        Av+/lgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQL/vI8A/8ij
+        JP/Tt1T/zq49/76UBf+9kgD/wJYB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+W
+        Af+9kQD/38uE///+/f///v7///////HoyP/Fnx3/vZIA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJYD/7uPAP/Wu1////////7+/P/+/vz//v37///////t4rv/vZIA/7+VAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/wJYC/7yRAP/u4rv///////79+//////////+///+/f/+/v3/yaYs/72R
+        AP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/72SAP/x6Mj///////7+/f/////////////+
+        /v//////zKs4/7yQAP/AlgP/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJcE/8CWA/+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJcE/7uOAP/izoz///////38
+        +P/+/vz//v36///////48+P/wpoO/76UAP+/lQH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lAD/uo4A/7yQ
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5YB/76T
+        AP/DnBb/9O3W/////////v3//v78///////XvWj/uo0A/8CXA/+/lQD/v5UA/7+VAP+/lQD/v5UB/7+U
+        AP/AlwX/3MV1/9GzSf+9kgD/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/8CWAf+9kgD/wpoT/9/Jf//s4LX/5tWc/9GySf/XvWT/v5UH/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJYD/7yQAP/NrDr///////Pr0f++lAD/v5UA/7+VAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgH/vpQB/7qOAP+8jwD/u48C/7mLAP/OrkH/1blc/7uO
+        AP/AlwP/v5UB/8CWAv/AlgL/wJYC/72SAP/FnyD/7eG5/9O2Uf+9kgD/v5YC/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/8CXBP/AlgP/wJYE/8CX
+        Bf+7jwD/2L5m/8qoM/+8kQD/vpQC/7yQAP+9kQD/v5YC/7yQAP/XvGP/xqAl/7mMAP/AlgH/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAf++lAD/wZgP/9rCcP++lAf/w5wT/8yqNP/Kpy3/vZIA/8ijLP/WvGH/vJAA/8CX
+        Bf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlwP/uo0A/86tSP/y6cv/+vbq////////////9e7X/+nb
+        qv/Alxb/vpMA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CWAv+9kgD/x6Il//fy4P/////////+////
+        //////////7+///////l05j/vZEA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf+9kgD/7eK8////
+        ///+/fr///7+/////////////v79//79+///////1bpe/7uPAP/AlgP/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/7yQ
+        AP/Nqzj///////7+/f////////////////////////////7+/P//////8ObD/76TAP/AlgP/v5UB/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJcE/7uOAP/ZwGj///////79+//////////////////////////////+/v//////+fbq/8CX
+        Ef+8jwD/v5QB/7+WAv/AlgP/v5YB/7+VAP+/lQD/v5UA/7+VAf/AlgT/wJYC/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/wJcE/7uOAP/ZwWr///////79+///////////////////////////////
+        /v///////Pr0/9W5WP/IpCb/wpkL/72RAP+8jwD/vZEA/76UAP+/lgH/wJcD/76UAf+7jgD/vZEA/8CW
+        Av+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/7yQAP/Orj7///////7+/f//////////////
+        //////////////7+/f//////8unM/8qnLv/Ut1T/2L5l/9e8Yv/Rs0v/yaYr/8KaDP+9kgD/u44A/8Kb
+        E//UuFP/yqcu/7yRAP+/lgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/7+WAf++kwD/7uS/////
+        ///+/fn////+///////////////+//79+v//////2L9q/7iKAP+9kQT/vpMA/8OcEv/LqTL/07ZS/9i+
+        Zf/XvWH/0rVP//Tt1P///////////9W5WP+8kAD/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CWAv+/lQH/wJcD/76U
+        Av+8kQD/3cd5//z79v/////////+//7+/P///v3//v79///////q3K3/vZIA/8CWAv/AlgP/v5UB/76T
+        AP+8kAD/vI8A/76UA/+/lgL/4MyH///////8+vT///////Dnxf+9kgD/v5YB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5YA/72R
+        AP++kwH/u48A/8KaEv/cxnf/yaYt/8eiJP/u5L7//v79///////+/v3//v38/+TSk/+9kgL/v5QB/7+W
+        Af+/lQD/v5UA/7+VAf+/lgL/wJYD/8CXBP+6jQD/0bNP///////+/fr//////+rcrf+8kAD/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP/AlgL/vZEA/8yqNf/z69D/6duq/9vDcP/GoCD/vJAA/72SAf+8kQH/yKUm/9GzSv/OrTv/yKQk/9W5
+        Xf+9kgD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/vpMA/+DMiP/59en/7+S//8ah
+        Iv+9kgD/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlgP/vI8A/+rdrv///////////9S4XP+5iwD/wZgF/7+WAv/AlgL/vZEA/7uP
+        AP+9kQP/uo0A/9W6Xv/KqDT/vJEA/7+WAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/7yQ
+        AP/BmAf/vZIC/72SAP+/lgD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/vI8A/9zEdP//////+/jv/8qnLf+9kgD/v5YC/7+V
+        AP+/lQD/v5YC/8CWA//AlgT/vpMA/8SdGv/Zv23/vZEA/8CXA/+/lQH/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UB/8CWA/+/lAD/v5YC/7+WAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/72SAf/NrDn/x6Mk/72R
+        AP+/lgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/7uPAP/Wu2H/yaYv/7qNAP+/lQL/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        Af+8kAD/vZIB/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/Cmxn/171k/8ah
+        Hf/CmQ//vJAA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlgP/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/72R
+        AP/LqDP/+PPj///////59ef/0rVS/7yQAP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQH/v5UA/8CWBf/07NP///////7+/P//////+/jv/8agHP+9kgD/v5YC/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lgL/vZEA/8ilKP/9/Pn///79/////v/+/fn//////9K0TP+7jwD/wJYD/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/vpQA/8KbD//48+T///////79+v///////v38/8mm
+        K/+9kQD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/7yQAP/VuVz//v37////
+        /v//////3sh9/7yQAP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+W
+        Af+8kAD/x6Ij/9S4Vv/Kpy7/vJAA/7+VAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlgL/vZIA/7uOAP+9kQD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5YC/8CWBP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACJUE5HDQoaCgAAAA1JSERSAAABAAAA
+        AQAIAgAAANMQPzEAACWxSURBVHja7Z15fF1Xde9/a+9z7qDharImS/I8JrZjO4mHzCEUAiGEkhJCBwih
+        rw2EqZQOD0qB5qWE1xI+vEfyQmlLKVAIJKShJcEhITij49gZPM+2bGuer3Sv7r3n7L3eH1uSHQ+JbEu6
+        5/rs78efxNZH0j1XWt9z9rD2WoT7nobFElZEvi/AYsknVgBLqLECWEKNFcASaqwAllBjBbCEGiuAJdRY
+        ASyhxgpgCTVWAEuosQJYQo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjRXAEmqsAJZQ
+        YwWwhBorgCXUWAEsocYKYAk1VgBLqLECWEKNFcASaqwAllBjBbCEGiuAJdRYASyhxgpgCTVWAEuosQJY
+        Qo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjZPvC7CcFkEQRACUZvMRIhIEZmhmzvfl
+        nR9YAQIHAZJIg7Wvta8BwBEgAsBaaV9DCjhCCsGAtiKcG1aAYCGIwOxnPUixeFrJmtrEBZXF88rikghA
+        Mudv60293jP0YnuyP5khKaQr7dPgXLACBAhJpDw/IuV7F9ffvrj+7Y0VrqATPocBAlpS2R/v7fzXnW07
+        O5LCdUiQfRScHYT7ns73NVgAE/1Zb0ld2f1XL7iyvowZRNDMms3wBwBMkEtBAAjIKv21Vw7fs+lQ1tfC
+        kdaBs8AKEAgkQWXVx1c03XvFvJgUihmAIKLTfL5maLAACcLLnYO3rtt+oDclo87YdNkyTuwyaP6RRCqr
+        PnfprPuvXhARQjFLInn66AcgCA4REXzNl9aUrnvvRXMri1VOiTf7IsspsALkGTPy+cSKpm9cPtfc+OW4
+        g5gAR5CveV5Z/LEblzWURrXSVoEzwgqQTwSR8vzldWX/+/K5AAgkzjx8jQMLyou+eeV8aJ3v91RgWAHy
+        iWaGlPdeOb/YkYr5LKLf4AhSzB+YV3Pr4nrOqfE/QyxWgLwhiZDzb54z7dqGcs18jlFrvvgLK2e4UUdp
+        tgaMEytA3tBgSPHhRXUAzn3tRhAxY2lVyfVNlfDsbHi8WAHygyCwrxdWlbxzRiWACYlXDQZw6/waCOIJ
+        cCoUWAHygyCCr1fXlEal0DwxIxYCAbisriwWdbQdBY0PK0A+ubCqBMBEbV6Zp0h9caShJArNdhA0HqwA
+        +UExwxFzEjEAExWpBDAQlWJ+WRyaCdaAt8YKkE/Oet3zzbHLoOPHCpAnTFrb5ESqnf+OHytAfhBE0NyT
+        8TGa43nu8OhuwEDOB1kNxoUVID8QAUrv6EtN+Hfuy/o7+9IQwp6TGQ9WgPzADEixpScFwJmgqYCJ+F19
+        6d6MN1nTi/MOK0B+0MxwxIvtAweSGUzQSqj5Jk8c6UXOd4js/X88WAHyAwNSiqGh7IN7OzERZ9sZcARl
+        lP7Rng5Ioe0UYHxYAfIGM8MR39/dlsz5jjjXG7Y5C/bw/q693UPCkfZk2DixAuQNzZCO3N05ePfmZhxX
+        /OfsvpUjqD2d+9uXDkCQXQgdP1aAfKKYKeL8wyuH17f2m3MtZ/FNGDCpb1/YcOBAd0q69vZ/BlgB8gwR
+        seY/emLHjr60I8g7w+DVDHOW4O83N39vW4uIufZc/BlhBcgzmlk48khy+F2/eG17X9oV5I+v0hWbhCJA
+        Ev39K81ffG6frYxyFlgB8o9mlq5zOJm59uev/GhPhyNG0tg0s3FhLKh5NO7HQr83633kqV1ffG6fcKVN
+        gD4LJG64Ld/XYAEDQorhnHp4T8fr/em1tYnyqMMgUxpoLLDN34lIEGV8/ZO9nR9ct/3ZQz0y6rKd+Z4V
+        tjRiUNDMQgoI+u99XXetmg3gpY5ksSsWVRRHRrd1NaMv6+3uH368ueeHezsO9aRIkIzbcf/ZYwUIEIKg
+        s/5ty5uWVBYfHcre9NjWrmFvdllsTiIuCJKoN+Pv7k8nsz7nfDhCRByAbfSfC1aAoECAr9iNuXdcOB3A
+        d3e0dQ0My5h7sC99sCd17JOEgCAn5mqwnfKeO1aAoCCJ/Jz3ewumX1xd2jmc+5cdrXAlA2JsUmwmwcwA
+        fBv6E4QVIBAQ4DOLiPPJJQ0AvrezvaUvfdzg3ob7ZGGXQQOBIELOf9/saZfVl/Xn/H/a3grHJvRPBVaA
+        QKCY4co7lzUA+Pdd7Qd6hqRNaJsSzhMBRhfIC7IQgiRCTt0ws+ptDRVpXz+wtRVS2OCfGgpeAEEwucSs
+        mRUzsykaXkCFETQzHLpzaQOAH+3p2NmVlDapYaoobAEkkfa1P+wJoCzu1hRHSyIOmP1hj9W5lpudsrfA
+        nnp7U+W7ZlZ5mu/fchTC3v6njkJdBSJAEFTWm11VctviuutnVM5LxGOOTPtqW0/qv5t7/m1nW89gVkYd
+        FexbqQaD6BNLGwD8ZG/Hax1JEXHs7X/KKNQeYQLQvv7kiqa7V89ORBw+LmHG/L0tlbvzmT2P7OkQkeDO
+        JgWRzvlXNFY8e/NKDVz2s80vtfUL1wowdRTkEEgQtK/+4cr5//fK+SWu4+tjWZOmd7Riri+O/PxdS+5Y
+        3qQD3jmLcOeyRgAP7eu00T/1FJ4Akkhn1ceWNn5+RZM5QuWIkZZyNNpmXRJpZmbcf/WCa2dW6ZwfwPmA
+        INKef2l92S3zagDct6XF7ndNPQUmABGU0tMSsa+umgVA0GmbagkiDSbg79fOIVeqCSpBPsEwPrm0URAe
+        Pdj9TEsfReziz1RTYAJIInjqQ/NrGoqjvn6LplqSiIE1tYm3N1YErWmKINKeWlabuHVBLYD7t7RAsyjI
+        bYzCpsAEMFXFr2kox/iqiptcmt9pqgxavXwCoPUnljZEBK073PvEkV7zmMr3dYWOQhKAANZwXbmgvAij
+        DVHe4ksIAOaWxeCI4ISXIChfLawu/cOFtQDu29oCXwfqARUeCkkAAAALopg8s8uOSQEKULlkAkHpO5ZM
+        L3bkb1v6/+tQNyL29p8fCk0AopzS3RkPwHiShE1QdWU8KB2Q7AgiKF/Nqiz+yKJ6mNu/Zzv75o1CEoDN
+        vDanXusewpkUlN3ak4LSAamXbNrj/cmF0yuizovtyZ8f7ELBbv2aRWdHkCAigiA4RIWViFVIAoxAeGR/
+        F8bRWtTUi+3L+j/Z0xGQICOC8vX0iqKPLq4HcN+2Fp0tyErOJvSZWWV9P53Tns++1p72M54/7LGvBVFB
+        zGoKLBdIMZMrnzjc+6vDvdfPqPQ0u6e/sZuSaYIwv7yopS9N0iXK8yETQaQ8//bF9XVFkVe7hn66rxNu
+        0LOVTvkuWGuV8+PxyNtmTVtZXbqgPF7kSE/r9nRuc+fg+raBw6ZiRUTqINx4Tk+BCYCRWoL6c8/uveh3
+        V9QXRTzNzkm3GmZosCRSzGUR5/Ebl3362b3ffe2IjDhMNIG/ERq5pOP/xYyR6Qmf9MnK11WJ2B9fUA/g
+        /u0t3rDnxN2zKwmaL6QglfVLYu6nLp71xxfUzUnET07EGvLUQ/u7/vG1w9vbkjLm6AC37S68wlimsn7n
+        YOaZ9uS7ZlVVRB0wGOwzmEcmBgQSRBs7B9/72Na6osiSyuIbZ01LxCO/bu7RzFKKc1GAAEEkBQHEAJjZ
+        1GobqeTG0GyO58iRTxvBEaSz/icuarplXs2O3tSnn93nBWhpalxIIpX1Lmuq/MV7lt46v6Y86gJQmk2I
+        8+jELCLFimklty2qG2RsaO0XIrgnlQpPABgHHHm0P/3jfZ0VMXdRRVFECkEkiUzVtL6s943Xj/7pb3Yd
+        7ks9fKCrOOpeVpdYW5e4uLbsicO9qWHPOasSypJImCwjX+msz2AhZYkrG0pjjaWxWWVFDaWxRMyJudJn
+        9jVrT2lPMQBBriBfcWnc/c41C6ti7l2bmp9v7nEiTgHd/SWRyvnvmV/76LuXmp14GslGecMfMwVWml1B
+        755ZVVkUefxAtzjnBgiTRKGmQ8OMRJVmX8+aVnxdQ8WiiqJiVw5k/a09qSeO9HYnh8mVQgpoVjn/Y8ub
+        /s8V84ocuaMv/aF127e0DThxV417MCSJGKxzCpqjRZEV00rW1CUurSldUFY0szSWiEhB5BAB8Ji15p6s
+        dyCZ2d2f3tiRfL49ubs3hZxSvvr4qln3X7Vgf3L4kp9u7s96VDjTXxP9lzVWPHnT8rgjFL/1eSNTudoR
+        dPem5r95fl8wzzkUsAAYaTRN2lfwNQAQQWsQwZVSCpMjTQQBUhnvqllVP/ydC5pKor1Z749/s/uRXe0y
+        5ui36lJq1jp0zocUq6aXf2Bu9XtnTVtQHh//RSrm17uHfrq/61eHe//9ukXLqkr+54YD92w44MQKZvRP
+        ADOXRpxn37/ioqqS8US/gQFmCMLbH33tqUM9MhK4GX9hC2AQNLIkyjwyHz351u4I8jPejMriH7/jwsvq
+        Er7mL208dM/GA0IKCHHKO5N5vqucL6S4fva0zy5rvK6xYmxIr5jNr/bUi94MBmsG0bFu2DmlI1J0Zbyl
+        P9jQkc45UWf8j6D8IolUxvvrtXO+tmaOr/mM2loaWzZ2JNc+/Io2LuX77bzhrRXiHOAEeORpe+wvJ6MZ
+        0pX96dxP9nY0lcZXVJe8vbFiTnnxukM9OV9J58RpsSAihs75FzdU/PAdF3zx4plzyuJEJrvObPqMjHfH
+        ziG84Q+N1HAWRKacmwYcIQDEpZxeGnu1N9U7mJFSBH8URIBmLolHvnPNwsqYC5zZPpf5CTSWRDe0D+zr
+        SUlHBur9ng8CjBNmCCl8rR/Z25FlumZ6+YrqkmubKp5s6e8fzB4/LZaCtKfijrjnqgXfvWbh3LK4GU2N
+        Bv2Zve5YQXPzdxCWVZXcvrh+GHixtR8MEexT8Gb3/XdmVX5yaSPjbBoQK82CKKv5F/u7RMAqvhTgTvA5
+        oJlZkHTlPS/uv2Xd9t6sd1ld2XPvX3nVzEp/2JNERJCCVMa/oLpk/c0rP3dRIxEUs1liOsdXp9H/KuZi
+        V37z8nmP3risuiiiPV8GJE/jlJdNAPPq2jKcbSc/8+Yuri41c4BAvdVwCQCM7BU4cfeRXe3XPvLajr5U
+        U0n08RuXfWxFk8p6kqGGvXfPq37h5pWX1JT6emJC/wTMAU5f83tnTXvx91YuqUmojDdR/eInHM0MKeaV
+        xTG+MxgnYx6asxOx8qgzMT3BJ47QCQCAAV+zE3e3dCSv/vmrv2zuLXLkP1+z8N5rF/lK/9HShv9899Ky
+        iKP4FHvMEwURTFvIOYn4b25afuWMKj8T0OcAM0CIn2EK+sm4QsSlADhQm2JhFMDga5ZRp3vYu+m/Xr/3
+        9aMA/uyixg0fvOTbVy1wBWnGFKQoO4IUc3Xc/cV7lq5uLFcZL5gOADj3qNXMGaWBYO1+h1cAmMmZFBD0
+        57/dffvTu9K+Xl2TKHHF2U31zg6TsFQecR5+15JF1aUqYEVcCHAFQXPzYAZvtWdyWhgA+rJ+2teBuv0j
+        5ALADHAFQdCzh/sySgM424Hu2WMcaCiO/sc7L0xEHa11fhUwGyAmy5+Zta+Rzr3ensTZ3hc0GMDLncl0
+        1qOA5USEXQAyWSuO+N47LqiMOoo5L2MQSeRrXjGt5B+umAdfT33u2IlB7yl/OKdzvivF4uqS29fMvmFu
+        teYz3AJ4I+tbB+DroJ19K7x06IlFCFIZ74uXz7uivmz8O/yTgZkP/MmF0399tO+hnW1y8nu+j25QQDNr
+        zexr7Ss4Ihp1F1cXralNrKopvaK+fG5ZfOymcBYXZM7xtaVzP97TgeBVvgi1AIJI5dTS2sTnVzRhHEfM
+        Jhtz479r9exfH+4dyPmTsUl8UtAr7Ws4MhZzLqwpXlNngr5sdiI+9rMY9vWr3YPrWwba0tm7Vs8ue2Ml
+        1rdEaXYEfXtLS1dyWEZdK0CAML+Kv1s9p9iRPrOTbwEEQTEvKi/63PKmLz+/T0xQuJjhjdnR4+OCPh5z
+        ltaWralNrKotvaK+bGZpbOxLUr7a1Dn4YntyY2fypY7BtlRW5JTy/GJXjqUDjeeHZY7srW8d+PorzQE5
+        lXoC4RXAVGa+vLHifXOmAch79I9dFYA7ljQ8sK21LZUlSWcXM8eCXjMzK09BabiyOOYuqypeU5tYVZO4
+        or6ssSQ69iWDnnq5M/lie3Jjx+DGzmRHKsc5HwQ4EoIo5rhR556XDzWVRD+xpMFnNseCT3cBzFDMrqBd
+        /enbfr1DKS0C2fUjvAIYTFuu/I7+j8ckStTE3Y8srrtnwwEhXTXugfcbgl6zUiNBXxJ3l08vWVObWFWb
+        uLyubHpxZOxLkjn/pY7ki+3JjZ2DL3cOdqazyKmxoHfirjlcCoavmQgkxCef3jPk6b9c0QRAM2vGG/Kj
+        eGTNR4AcQRs6kh94fNvRZEa4QYx+nB/p0GeBIGhfz6ko3nbrpXFHnNGgdrLRDEHY05++6MFNGV+/eUWv
+        E4IeSkNpRJxEzF0xbTTo6xO18WNB35f1N3QkN7QnN3YmN3UOdg/nkFNmaxqCHEFjQX/y6xJBMFTOv35e
+        zdfXzllWVXLyj858ZCDnf/3VI9/Y3JwL6r3fENIngCDSvr5p9rRxHm6a2msDAwvKi66ZXv6r/V3ipCY3
+        p7jTa4Yry+PuxdWlq2pK19QmLqsvmxZzx76kJ+O92J7c0JF8qSO5uWuwb9iDNxL0JEiO3umZ8eZndJih
+        ARF1f7W/68nDvTfMnva7s6ddUlM6KxEjkADah3M7+9KPN/c8uK+zc2BYuE6Qox/hFMAkoiEib5pdle9r
+        OTVm5eSmOdN+tb8Lo0nUAscFva/ADFdWFkUuqS5ZVZtYU5tYW5uoPC7ou4a9F9oHTNC/0j00YIJeEORx
+        Qc9sMqPGf23meIPJ63x0d/ujezrcqFMedWJSMNCd8TI5BU/BlTLqauaAdzsOowBmoN2YiF1aU4oArH6e
+        jLmktzWUx+JuTjMAVqx8HwxE5LTiyKXVpatqE2trE6trE+XRY7/E9nTu+faBlzoGX+oYeK07lRzOwVcQ
+        4hyD/mRMVrOMugA8xV2p3EiahCDzQqZQRr5/kG9NGAUQIOX7a2sTRY40A+6gYZSclYjPKors6kiKokh1
+        cXRVbemqmtK1dWWrakoTkWO/uJZU9vm25MbO5Ib25Os9Q0MZD56CFJCCpJCunKigPwE21erN1RKNXDRj
+        wl9oUgmjAESA5pXVpQA0cwCfAObgbETQncub2tK5dzZVrqwuKXHl2CccGco+1zZggn5Lbyo9FvSOIGcS
+        g/6U8Bv+V2CEUQDNDFfOScQw9Ylv48Zc1yeXNph/MnBoMPNc28DGjuSGjuS23tRwxoev4AjINwY9wy+E
+        sUdACJ0AZNYZHTnXHHHK9/WcDrOY2Jv1/+tQtwn67b3pbNYEvYQk4QrTAZZt0J8DoRMAAJijjqiOuxhf
+        m5m8YCr7buocvO3x7WAmKfiNQW/KTuX7MgueUAoAOEQjQ+qAxv8IRY4QUSmIzPDGBv2EE0oBGBEpIiLQ
+        ZyGMmEWOJJCpwmkDfzIIdBBMHqa5fL6vYhzXyUEuLX4+EEoBCD5zRp2qhn9gMNc1mFO6cNbUC5FQCgB4
+        mvuzHoIb/yMMegp2/DOZhE4As3WZ89VImYOghpYZoB0azATwHO35ROgEgDnG4euDySzOus7HFEAAcCiZ
+        AQerktR5RhgFIAKU3tGXQoB3gs0Jte29KZxbQyfLmxNGATQDjnyxPWnKvwUwuswl9WS8V7oGIUVBLFgV
+        KGEUgJkhaVtvqiWVBYI4wTQRv7Ej2TscuEpS5xmhFACQQqTTuceaezCa0xtA1h3pg6eCWy30vCCMAozx
+        6MFuAEGLMFNJKu3rRw92w7Hjn8klpAKYjOgnj/Zt6RkiBKtmvYn4x5t7DvWlyRGBurbzj5AKwIAjyRv2
+        vrO9FQHbDTAHdB7Y1gJmYVdAJ5mQCgDT7Scif7inY39yWBIF5EZrzto+daTvySN9Aaykef4RXgHMVDg5
+        lP3a5sMIzEPA3PLv3nwIym4ATwXhFQBm/Sfi/MuO1vWt/aZIf36vx1Rf+9edbU8f6hXB6yl9XhJqAWAG
+        3Er/xXP7Ur7K76aYZnYEHUxm/nbDQTgiIE+k856wC6CZZcR5uaX/r17YD+TtvBUDJvvn4+v3tAykT27c
+        bZkkwi4ATKewmHPfa0e/t6vddGrJzzUQvvTSwXX7O2V00ltjWMawAgDmBizFHb/Z9cvmXtO9dCpf2pTb
+        //bWlv+14YCM2qH/lGIFAABmCEE5zX+wbtv61n7jwBSEIfNIGdDv727/1Po95Eqd7x9F2LACjKCZhRQD
+        OfWeX7z+nwe7HUFK86Q+CTRDgx1B39py9LYndggiUIDPJ5ynWAGOYRxI+fqWx7Z+e2uLI86lJ+JbYFoR
+        a8bnX9j/2ad3SylY2OjPAxI33JbvawgQDJAQAH65r2v3YObahvIiR2pmPUFFpBkjJTsF0e7+9Psf3/7g
+        jlYZdbS99+cJ+wQ4EWbWgBNzfrKl5d2/2OJrFkSSyJQfPOsoNT2zcFxfra3dQ88f6nZirmYb/XnDCnAK
+        2JwVdsUfLqp1BO0bGH7iSB8RHCLTw8vX46rXw4BmU4MIRJBEmvkHu9s/vn5PTunfm1dz0+J6P+MFsDx1
+        eAhlZbi3QgpSGe/mRXWfWtYI4C9f2P/Irva3za3+H4vrr59RWR51xnI0x+7rAEaaefGxbzJaN58I6Ejn
+        HjnYff+21q0dSXj+yurSOy6c/uVLZz15uDflq8loCWwZDyFtkvcmCCLtqxmlsfU3r5xVGrt/a8udT+2S
+        UUfnfAZqy+I3zqy6trFibW1iZmn0zW/enua9/ekNHYOPH+759ZG+gaEsBMmIVL5uKI6+8IGLZ5RE/+al
+        g3e/sF/G7eZXfrACnIggaE8/dMPSm+dWv9YzdO3Dr/Z7PgkSIAa00vAUJMWi7oLy+PyyorllsbqiaIkr
+        S1ypmNO+GsypI0PZ5sHMzr70vuSwyvqmn5cUwkyCpSA17P3pyqYHrl7Yn/Uvf2jzjt5UwJvJna9YAd6A
+        Cc07Vsz4f9csUMzX/edr6w/3yuMSM0eH8tBaQzG0hhngC9MjiEcG/swQApIghBkLqTdOoAlgxm/et/za
+        hvKf7eu85bGtwg1iI/XzHjsJPoYgUjm1pDZx99rZAO7e1Ly+ueeE3AQemdQyEQlXyqjrFEWcuCsjjnCF
+        cB0ZcZy46xRFZNQRjiCCYj55+UgQwVdf3XgQwAfm1bxnbo3O+vYAwNRjBRiBAGYWUnzr6gWVUXd968Bd
+        Lx9CxDldbVozmDErQr5mNVq8/4SPnO6WrphFxFnf3Pudba0AvrpqVlHcVVpbA6YYK8AIQhDn/C9cMvNt
+        DeX9Of8zz+zxfSUmc3GGwXDE3ZsOHRnKrqwu/exFjcgpEbASFec9VgAAkEQq61/RVPmlS2cB+NKGg6+3
+        DcjI5A7KmSEdcaQv/bXNzQA+v2LG4ppS5Sm7LTCVWAFABKV1Iu5+66oFEUGPHuz+9utHRMyZgnVJpRlR
+        54Htretb+yuizldWz7Z7wlOMFQACBE/dtWbOyuqSI0PZP3tmL4Apax4midhTX3npIIBb5tXcMLfazoan
+        krALIAWprHfj/NpPL2sE8BfP7zvYl5Lu1C3Jm9nwb5t7/2m7mQ3PjsddpdkaMDWEWgBBUL6enojfe8U8
+        AP+yo+3BXe1TfyKRwZB098uHjqayF1eXfuaiRuR8OxueGkItAEDQ+h+vnD+vLL69N/XXL+yDFHrKyzEw
+        Q7ry8Ohs+C9WzFhYXap85QiSRI6dFE8m4RVACtIZ7/YlDR+aXwPgM8/u6x7K5ascw8hseFvrM639lWY2
+        nFUq56uc7w97zGwtmCRCeiBGEGlPLaou+eE7Lix25T2bm7/7+hEZy2dGmiTSvtqbzPzRwrolVcWN5UXv
+        nVP9/vk1RTHn6FBuOOsJKe0K0YQT0nRoZoagb121oCbuvtA+8JWNh+A6+W1IqgEQ7esbbk/nmkqiH1tc
+        LwgM3Lao7shQ9g9+vePZw71ikrcmQsh5MgSi0T/jQQrirP9XF894R1PFkKc+88zerOfLvDZiIYA1R135
+        H9df0FQSVcya2desNCvmppLouhsvunZmlc7ZFdIJpoAFEASHyBFk7pQ8ehZFjHzw1JFiNn1XN1Z8+dLZ
+        AL688eCmln6Z70KcUhBy/ueWN72tocLXbOa+5o+p1RV3xN+tnm3qRVsDJpDCE4AAszCife1nPT+d0/5o
+        DhkzmHXO99M57fnMLImOnz4SoLQuijrfunpB3BGPNffc+8phEZ2KTd83f0e+Zhlzb55bDeDk9U9HkGZc
+        UV/2zqZK2FyJCaWQ5gBkMpa19od9OGLhtJKLp5UuKI9fUFncVBL1NeeU9pnb07lNnYMbOwe39aZSqSyE
+        EK6EqXpCpHL+3102b3VNaVs691mz6Ut5LslABPb1rMriCyuLAZzy0cVggOaWxaGZbOf4iaNgBBBEYFZZ
+        L1EcvXFh3YcX1l7bUOGeZrfowwvrGGhP5R7c3/nA9tbdnYNEFIk6ueHc9XNr/nxFE4C/emH/3u6hIJxF
+        NM3rM75+kwkuM0CoiDqwQ6AJpTAEkETKU0LQHStn/O3FM+uLowyY3l6amWhk+mvCh0dLMNQXRz67rPGO
+        C6c/erD7rk3N21v66sqLv3nlPAD/vrv9B9tbRV7XPY/BAKE/6w/mVJEjT/kpZtiztScFYbuGTSQFIIAk
+        Ujn/gprSb1+14NqG8uNrSwk6Vb0qAkZLmzA4KsUH59XcMLPqzmf2Xj29bFF50Z7+4b98bh9kUGrwm141
+        qeHcg/s6P72s0dd8wpNNMUuiw0PZp1r64Nq+kRNJ0AVwiPyM94EL6r9/3eK4IxQzgcYzCzQlSQBiQDEX
+        u/L71y0C4Gn+1LN7OoayeV/5OR4GQ9C9rx65ZV5NXVHE0ywINLI6OiL5VzYeTKVzditgYgn0KpAk8rPe
+        h5c1/vgdF5jol0RnmiRGphgbwxQ9PziYebF1AFIEqg6zZghHNg8Mv/u/txxIZlxBBBIEMrlAhC9sOPC9
+        rS0iYitHTDDBTYWQglTW/+iyxn+7bpG5kZ/LHhARBJFmnhZzl9eUPryvy9dMQdKfASFF28Dwzw50dWb8
+        uCMU48DA8JNH+z7y1K6H97SLiLSj/wknoGVRzLj/kvqy9e9fWeQIzZio7GDzGPnezrbbn9gRwOGEIGKl
+        OefLqOs4Iqc15xQItmjKJBGke+AoZrsqHnXuu2ZhkSMU8wTmxptukB9dXP++BbU66wUts0AzQ5JTFNGE
+        rK+YISKOjf7JI4gCCCJ4+kuXzlpVU2pu2BP7/c2q6dfXzq0qjSmlA6bASOkhYKSoqGa20T95BE4AIihf
+        NVUU3bGkARNUlf/E90zwNS8oj39ueRN8Jabq+O8ZcXx2k2XyCJwAkgi+/vCiuoqo40/arqd5qvz+gtqS
+        4qgtRxVmgiUAAb7SpSXRjy6ug6nXMEkvRNDMs0pjN86ssullYSZYAggi+PryurK5iThjwlZ+TokZXXxw
+        fg2k3VsNL8ESgAhQ+tLaUphjspP6zokAXFZXVhpz2WaYhZVgCaA0I+JcUlOKkUSGSaci6swqjUHxJHaE
+        tASYAAlg6jPHI3L5tBJM5gRg7OU0wxF0QWUx7Dw4rARIAABgOEQJ1wGmojahGfrPK4tDT+Rem6WACJgA
+        gOlJOpWvaCM/zARJAAKAqJzqooAZpWG3nMJKkARgwOz8T9krEgD4dg00xARJAABE/Vn/UDIDTMU5dfPm
+        B7L+FC05WYJHgARgQAj4ntrem8JIHYRJfjkiX/OmrkFIe9A2pARIAIz2TtwzkMYUPAEYAI4MZff2D0MS
+        24FQKAmWAMyAFM+0DgBwJnkubMqgv9SRzGR9kde6iJY8EiwBNDNc+duWvle6BjG6Tj9JmFMBjx7qhtZk
+        10LDSrAEYMARpDL+j/d2Api8cbk5Y7mtN/Xz/d2w561CTLAEAKCY4cqf7O3sGvacSRuZmIj/5x1tueGc
+        I+34J7wETgBmSCmO9qXu3nwIkzMK0syOoB196X/b1YaIDERxOEueCJwAABQzRZxvvX706ZZ+Uxx8Ar85
+        A2YD7NPP7BkYykkhbPiHmSAKAFMhWfGfP7u3P+c7gibwOaA0C8Ldm5qfOtgtowEqDmfJCwEVQDNLV77a
+        kbx13fa0rwXRuUcqA75mR9BD+7u+/NJBCl5RIMvUE1ABYCpYRZ11+7p+/4ntOc3y3BzQzEqzI+hHezs+
+        9KttCgyyCXCWAAsAQGmWcffRPZ03/nLL0VTWOHCmGpjiuARyBD2wvfXD63YogER+2qFagkagBYBxIOo8
+        sb975YObHjrQZVoeaYZifvOyOSbujS2S6Egqe/O67R9/aqcpqW4THyyG4BbHHYMB6cpU1v/pno5dyeFZ
+        pbHGkqjpgWe6a2k+VkZKj2yfjZRWFkQpT313R9uHntj+Sku/jLjapv5bjiOgxXFPxmQG6awvXXndzKqP
+        Xzj9qullFVH3dDkMmvnV7qEf7O742f7O1v5hkkI4wi75W06gYAQwSCLNzDkFQWXFkYuqilfXli2uKIpK
+        coWISTHkqZ196V19qR196d29KT/rw5VCCtNpwmI5gQITwCCJGKwVQ2koDSlg+oQRQTN8BUGQgqSQgjTb
+        0LeclqC3SDolZmpLgoR0TI9Tc3qGGSRJRKT5yFiZZYvldBSkAAazznPClJZ5cpOoLecZQV8GtVgmFSuA
+        JdRYASyhxgpgCTVWAEuosQJYQo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjRXAEmqs
+        AJZQYwWwhBorgCXUWAEsocYKYAk1VgBLqLECWEKNFcASaqwAllBjBbCEGiuAJdRYASyhxgpgCTVWAEuo
+        sQJYQo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjRXAEmqsAJZQYwWwhBorgCXUWAEs
+        oeb/A5fj85sn5OS0AAAAAElFTkSuQmCC
 </value>
   </data>
 </root>
\ No newline at end of file
diff --git a/agent/windows-setup-agent/SetupWizard.Designer.cs b/agent/windows-setup-agent/SetupWizard.Designer.cs
index 258139224..7dc52d1c4 100644
--- a/agent/windows-setup-agent/SetupWizard.Designer.cs
+++ b/agent/windows-setup-agent/SetupWizard.Designer.cs
@@ -46,6 +46,7 @@
 			this.colGlobalZoneName = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
 			this.introduction1 = new System.Windows.Forms.Label();
 			this.groupBox3 = new System.Windows.Forms.GroupBox();
+			this.chkDisableConf = new System.Windows.Forms.CheckBox();
 			this.txtUser = new System.Windows.Forms.TextBox();
 			this.chkRunServiceAsThisUser = new System.Windows.Forms.CheckBox();
 			this.chkInstallNSCP = new System.Windows.Forms.CheckBox();
@@ -87,7 +88,7 @@
 			this.txtError = new System.Windows.Forms.TextBox();
 			this.lblError = new System.Windows.Forms.Label();
 			this.picBanner = new System.Windows.Forms.PictureBox();
-			this.chkDisableConf = new System.Windows.Forms.CheckBox();
+			this.linkLabelDocs = new System.Windows.Forms.LinkLabel();
 			this.tabFinish.SuspendLayout();
 			this.tabConfigure.SuspendLayout();
 			this.tabParameters.SuspendLayout();
@@ -141,7 +142,7 @@
 			this.tabFinish.Location = new System.Drawing.Point(4, 5);
 			this.tabFinish.Name = "tabFinish";
 			this.tabFinish.Padding = new System.Windows.Forms.Padding(3);
-			this.tabFinish.Size = new System.Drawing.Size(617, 471);
+			this.tabFinish.Size = new System.Drawing.Size(617, 495);
 			this.tabFinish.TabIndex = 5;
 			this.tabFinish.Text = "Finish";
 			this.tabFinish.UseVisualStyleBackColor = true;
@@ -151,9 +152,9 @@
 			this.lblSetupCompleted.AutoSize = true;
 			this.lblSetupCompleted.Location = new System.Drawing.Point(34, 35);
 			this.lblSetupCompleted.Name = "lblSetupCompleted";
-			this.lblSetupCompleted.Size = new System.Drawing.Size(259, 13);
+			this.lblSetupCompleted.Size = new System.Drawing.Size(252, 13);
 			this.lblSetupCompleted.TabIndex = 0;
-			this.lblSetupCompleted.Text = "The Icinga 2 Windows client was set up successfully.";
+			this.lblSetupCompleted.Text = "The Icinga Windows agent was set up successfully.";
 			// 
 			// tabConfigure
 			// 
@@ -162,7 +163,7 @@
 			this.tabConfigure.Location = new System.Drawing.Point(4, 5);
 			this.tabConfigure.Name = "tabConfigure";
 			this.tabConfigure.Padding = new System.Windows.Forms.Padding(3);
-			this.tabConfigure.Size = new System.Drawing.Size(617, 471);
+			this.tabConfigure.Size = new System.Drawing.Size(617, 495);
 			this.tabConfigure.TabIndex = 4;
 			this.tabConfigure.Text = "Configure Icinga 2";
 			this.tabConfigure.UseVisualStyleBackColor = true;
@@ -185,6 +186,7 @@
 			// 
 			// tabParameters
 			// 
+			this.tabParameters.Controls.Add(this.linkLabelDocs);
 			this.tabParameters.Controls.Add(this.groupBox4);
 			this.tabParameters.Controls.Add(this.introduction1);
 			this.tabParameters.Controls.Add(this.groupBox3);
@@ -270,9 +272,9 @@
 			this.introduction1.AutoSize = true;
 			this.introduction1.Location = new System.Drawing.Point(11, 3);
 			this.introduction1.Name = "introduction1";
-			this.introduction1.Size = new System.Drawing.Size(269, 13);
+			this.introduction1.Size = new System.Drawing.Size(262, 13);
 			this.introduction1.TabIndex = 6;
-			this.introduction1.Text = "Welcome to the Icinga 2 Windows Client Setup Wizard!";
+			this.introduction1.Text = "Welcome to the Icinga Windows Agent Setup Wizard!";
 			// 
 			// groupBox3
 			// 
@@ -289,6 +291,18 @@
 			this.groupBox3.TabStop = false;
 			this.groupBox3.Text = "Advanced Options";
 			// 
+			// chkDisableConf
+			// 
+			this.chkDisableConf.AutoSize = true;
+			this.chkDisableConf.Checked = true;
+			this.chkDisableConf.CheckState = System.Windows.Forms.CheckState.Checked;
+			this.chkDisableConf.Location = new System.Drawing.Point(9, 137);
+			this.chkDisableConf.Name = "chkDisableConf";
+			this.chkDisableConf.Size = new System.Drawing.Size(211, 17);
+			this.chkDisableConf.TabIndex = 9;
+			this.chkDisableConf.Text = "Disable including local \'conf.d\' directory";
+			this.chkDisableConf.UseVisualStyleBackColor = true;
+			// 
 			// txtUser
 			// 
 			this.txtUser.Enabled = false;
@@ -341,9 +355,9 @@
 			// 
 			// txtTicket
 			// 
-			this.txtTicket.Location = new System.Drawing.Point(136, 56);
+			this.txtTicket.Location = new System.Drawing.Point(164, 56);
 			this.txtTicket.Name = "txtTicket";
-			this.txtTicket.Size = new System.Drawing.Size(378, 20);
+			this.txtTicket.Size = new System.Drawing.Size(350, 20);
 			this.txtTicket.TabIndex = 1;
 			// 
 			// lblTicket
@@ -351,15 +365,15 @@
 			this.lblTicket.AutoSize = true;
 			this.lblTicket.Location = new System.Drawing.Point(9, 59);
 			this.lblTicket.Name = "lblTicket";
-			this.lblTicket.Size = new System.Drawing.Size(117, 13);
+			this.lblTicket.Size = new System.Drawing.Size(149, 13);
 			this.lblTicket.TabIndex = 4;
-			this.lblTicket.Text = "Setup Ticket (optional):";
+			this.lblTicket.Text = "CSR Signing Ticket (optional):";
 			// 
 			// txtInstanceName
 			// 
-			this.txtInstanceName.Location = new System.Drawing.Point(136, 27);
+			this.txtInstanceName.Location = new System.Drawing.Point(164, 27);
 			this.txtInstanceName.Name = "txtInstanceName";
-			this.txtInstanceName.Size = new System.Drawing.Size(378, 20);
+			this.txtInstanceName.Size = new System.Drawing.Size(350, 20);
 			this.txtInstanceName.TabIndex = 0;
 			// 
 			// lblInstanceName
@@ -437,7 +451,7 @@
 			this.groupBox1.Size = new System.Drawing.Size(601, 110);
 			this.groupBox1.TabIndex = 1;
 			this.groupBox1.TabStop = false;
-			this.groupBox1.Text = "Parent master/satellite instance(s) for this client";
+			this.groupBox1.Text = "Parent master/satellite instance(s) for this agent";
 			// 
 			// btnEditEndpoint
 			// 
@@ -527,7 +541,7 @@
 			this.tabRetrieveCertificate.Location = new System.Drawing.Point(4, 5);
 			this.tabRetrieveCertificate.Name = "tabRetrieveCertificate";
 			this.tabRetrieveCertificate.Padding = new System.Windows.Forms.Padding(3);
-			this.tabRetrieveCertificate.Size = new System.Drawing.Size(617, 471);
+			this.tabRetrieveCertificate.Size = new System.Drawing.Size(617, 495);
 			this.tabRetrieveCertificate.TabIndex = 7;
 			this.tabRetrieveCertificate.Text = "Checking Certificate";
 			this.tabRetrieveCertificate.UseVisualStyleBackColor = true;
@@ -559,7 +573,7 @@
 			this.tabVerifyCertificate.Location = new System.Drawing.Point(4, 5);
 			this.tabVerifyCertificate.Name = "tabVerifyCertificate";
 			this.tabVerifyCertificate.Padding = new System.Windows.Forms.Padding(3);
-			this.tabVerifyCertificate.Size = new System.Drawing.Size(617, 471);
+			this.tabVerifyCertificate.Size = new System.Drawing.Size(617, 495);
 			this.tabVerifyCertificate.TabIndex = 6;
 			this.tabVerifyCertificate.Text = "Verify Certificate";
 			this.tabVerifyCertificate.UseVisualStyleBackColor = true;
@@ -659,7 +673,7 @@
 			this.tabError.Location = new System.Drawing.Point(4, 5);
 			this.tabError.Name = "tabError";
 			this.tabError.Padding = new System.Windows.Forms.Padding(3);
-			this.tabError.Size = new System.Drawing.Size(617, 471);
+			this.tabError.Size = new System.Drawing.Size(617, 495);
 			this.tabError.TabIndex = 8;
 			this.tabError.Text = "Error";
 			this.tabError.UseVisualStyleBackColor = true;
@@ -686,25 +700,25 @@
 			// 
 			// picBanner
 			// 
-			this.picBanner.Image = global::Icinga.Properties.Resources.icinga_banner;
+			this.picBanner.Image = ((System.Drawing.Image)(resources.GetObject("picBanner.Image")));
 			this.picBanner.Location = new System.Drawing.Point(0, 0);
 			this.picBanner.Name = "picBanner";
 			this.picBanner.Size = new System.Drawing.Size(625, 77);
 			this.picBanner.TabIndex = 1;
 			this.picBanner.TabStop = false;
 			// 
-			// chkDisableConf
+			// linkLabelDocs
 			// 
-			this.chkDisableConf.AutoSize = true;
-			this.chkDisableConf.Checked = true;
-			this.chkDisableConf.CheckState = System.Windows.Forms.CheckState.Checked;
-			this.chkDisableConf.Location = new System.Drawing.Point(9, 137);
-			this.chkDisableConf.Name = "chkDisableConf";
-			this.chkDisableConf.Size = new System.Drawing.Size(138, 17);
-			this.chkDisableConf.TabIndex = 9;
-			this.chkDisableConf.Text = "Disable conf.d inclusion";
-			this.chkDisableConf.UseVisualStyleBackColor = true;
-			this.chkDisableConf.CheckedChanged += new System.EventHandler(this.checkBox1_CheckedChanged);
+			this.linkLabelDocs.AutoSize = true;
+			this.linkLabelDocs.LinkColor = System.Drawing.Color.FromArgb(((int)(((byte)(0)))), ((int)(((byte)(149)))), ((int)(((byte)(191)))));
+			this.linkLabelDocs.Location = new System.Drawing.Point(525, 3);
+			this.linkLabelDocs.Name = "linkLabelDocs";
+			this.linkLabelDocs.Size = new System.Drawing.Size(79, 13);
+			this.linkLabelDocs.TabIndex = 10;
+			this.linkLabelDocs.TabStop = true;
+			this.linkLabelDocs.Text = "Documentation";
+			this.linkLabelDocs.VisitedLinkColor = System.Drawing.Color.FromArgb(((int)(((byte)(0)))), ((int)(((byte)(149)))), ((int)(((byte)(191)))));
+			this.linkLabelDocs.LinkClicked += new System.Windows.Forms.LinkLabelLinkClickedEventHandler(this.linkLabelDocs_LinkClicked);
 			// 
 			// SetupWizard
 			// 
@@ -722,7 +736,8 @@
 			this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
 			this.MaximizeBox = false;
 			this.Name = "SetupWizard";
-			this.Text = "Icinga 2 Setup Wizard";
+			this.Text = "Icinga Windows Agent Setup Wizard";
+			this.Load += new System.EventHandler(this.SetupWizard_Load);
 			this.tabFinish.ResumeLayout(false);
 			this.tabFinish.PerformLayout();
 			this.tabConfigure.ResumeLayout(false);
@@ -810,6 +825,7 @@
 		private System.Windows.Forms.ListView lvwGlobalZones;
 		private System.Windows.Forms.ColumnHeader colGlobalZoneName;
 		private System.Windows.Forms.CheckBox chkDisableConf;
+		private System.Windows.Forms.LinkLabel linkLabelDocs;
 	}
 }
 
diff --git a/agent/windows-setup-agent/SetupWizard.cs b/agent/windows-setup-agent/SetupWizard.cs
index 6aceaf16b..84d322704 100644
--- a/agent/windows-setup-agent/SetupWizard.cs
+++ b/agent/windows-setup-agent/SetupWizard.cs
@@ -1,16 +1,11 @@
 using System;
 using System.IO;
 using System.Text;
-using System.Collections.Generic;
-using System.ComponentModel;
 using System.Windows.Forms;
-using System.Runtime.InteropServices;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Net.NetworkInformation;
-using System.IO.Compression;
 using System.Diagnostics;
-using System.ServiceProcess;
 using System.Security.AccessControl;
 
 namespace Icinga
@@ -290,7 +285,7 @@ namespace Icinga
 			SetConfigureStatus(100, "Finished.");
 
 			// Override the completed text
-			lblSetupCompleted.Text = "The Icinga 2 Windows client was set up successfully.";
+			lblSetupCompleted.Text = "The Icinga Windows agent was set up successfully.";
 
 			// Add a note for the user for ticket-less signing
 			if (ticket.Length == 0) {
@@ -572,9 +567,17 @@ namespace Icinga
 			lvwGlobalZones.Items.Add(lvi2);
 		}
 
-		private void checkBox1_CheckedChanged(object sender, EventArgs e)
+		private void SetupWizard_Load(object sender, EventArgs e)
 		{
+			this.MinimumSize = this.Size;
+			this.MaximumSize = this.Size;
+		}
 
+		private void linkLabelDocs_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
+		{
+			linkLabelDocs.LinkVisited = true;
+
+			Process.Start("https://icinga.com/docs/icinga2/latest/");
 		}
 	}
 }
diff --git a/agent/windows-setup-agent/SetupWizard.resx b/agent/windows-setup-agent/SetupWizard.resx
index 724f4a292..9d11b6c73 100644
--- a/agent/windows-setup-agent/SetupWizard.resx
+++ b/agent/windows-setup-agent/SetupWizard.resx
@@ -112,27 +112,1321 @@
     <value>2.0</value>
   </resheader>
   <resheader name="reader">
-    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <resheader name="writer">
-    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <assembly alias="System.Drawing" name="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="picBanner.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAAnIAAABOCAYAAACkCftqAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfiChgPIB4skikEAADGP0lEQVR4XuydB3gVV5K2
+        PeNAMjkKISQQIucMTjjngAPGOIExOeecFVBEOeeIkIQkEAgQOWdwnvGMZzy7k2cn7+yE3f3rr6/61tVR
+        qyWEjT32rO7zfM/t2923b4dzTr23zqk6t33nxU10K/XdlzbX1Ctbauj2SVtr6pUAS6/W1h2TA92687Wg
+        GrpryvZauvON4BvqrjdDqMlboaKmb4dVa1q4qNk7EbXUdKqlZtN2uNX8nUi3mk6vrWbvRrnVfEZ0DbWY
+        GSO6e1asWy1mW7p7Tly9au5Sy7nxorvnJdRSy/mJbrVakFJLLRdaarUotZZaL06rpTZL0mup7dIMt9ot
+        y3RU++VZog4rsmuo7cpqtVuV46j2q3Pd6rAmr4Y6rs13VId1ljquL6ilTht21qkOG3ZRx41Fok6biutU
+        580ltdRly+5a6rzVUpdtpfXKw79M1DWg3KW9DtJt5eQZWCHqGrSnWvhsk2fQPkvb94q6bd/vlm4z13kF
+        V9aSZ0htdQs9cFPyCjt4y9Q9/FCD5BVRLad19m0NldM53ayc7lF9cnoG5jMyn2F9cpcHlatcQI7lx0HO
+        ZdOSlmOnMq51QeqDQ11ROdUtlVNd1PoKof5CqMudNxZSl027RFq/tf532VBInrxft02F1J2399hSJO+d
+        1hW425Uua/LJY22BvNdoW1xtD9ojp/bKbNMgs73TdhByaidNme2qU7urbbJT263S9l3aeHe7n+QW7ILd
+        ZrRgWwKJTTHsTV1Se1VDLrumUntn2kInW2naUlOws2J3nWyyy16bNlztOgQ7r7IzwB2vbxc5MoSNMyCT
+        Q2pxivKLjWvs3GPnIid2+jJqBDlVI8iJTIBTOTUoZoPj1CBBjSBX27CZ+meCnAkETvJ0gAgn2KhPTjDz
+        ReUEV05ygjVznX2bd0SVW7ruRnI6v4bI6R7VJ6dnYD4j87nWJ3d5UH2NIGfKY6slxzrjULdUTnXRCeQU
+        4jw2F9ULcp4bdwrA+fJ+PTYXk8c6bgNcbYuCHCRtitHeKPA5wZzZpkFme9cIcjcPci2m8/5sZ5u8XYdN
+        bgS5GrqlIGee6O0vM7SxzIuxX6xc8CT/2jeHVRfAqcybrw/G/sBU5kM1H7ZZCBxBzgC3hsCbyiy49QGc
+        U2VwqjSqVkaFs1dEqOX8ZJFZaU2Ac8uh8kO3At5UZuMFmQ2bvRE0VRe82aWNa8e13FCzOq9nGKsH3uyf
+        ZV0D4A1yMi4qtyEyPQ8ORsxJTkZRVW1E97jlaHQdjLOuczLqKhMIPF2QcCOYsG9zgpWGygmQ6pMJXG7w
+        2lFbTrDmuM34jlu2/aFax7qBnK61obLf3xtJn4v5LFXms3aXESe5yky3YC5L/F7jzwGWXboZoDPVdRu/
+        K8BxmTfridQVA+bcdclWx5zqpCmtx6Y3Dsv2+i6Qt3EXdd1URN14fx9+99lSTF7YVyCNhT+C3K50ccEc
+        wM5sb/C58+pqmHOCOsgEOrMddGorVWb7Cjm1wWYb7dSGQ84gVy39kw+bYbcn7s8O9seUo+2CTTNADjLt
+        n2kXVXbbadpYu/01bbMd5Ey7Dpk234kJTJksobLzRr0wBzmxjck+ykMGI0FOHPVF1AhyjSDnltlIODUi
+        ZiPj1BCZMhsv6P86yDkaOQdjqPqmgFx9coKRhsoJgupTQ0HOO/JwtWz7mdvM77i313Ncp3NyktO1NlRO
+        97g+6XMzn6WT9Jm7y4opV5n5JoGcSuuYU500pfVYAU5lr+8KchA8cwA4gJw3f4a3DiDXbr3Lq89ti90z
+        BwHiFO6gbzvI2dUIcpbsvPF/AuTsJycyLsKUXKS6Ix26VM2bZr+ZkONNd3g4KvOBqkyAazLVgjizkLgL
+        i6s7Fe9mAYPsBRDSwqmF1izEZuF2AjmnymKXCXJ1wVxd8FajcjtU/voADmoIvEFmo2XCmzZskFPDpwBX
+        H8hVw5shG7yZsjfkkDb6ppyMgwlrdtUwNmqQbOBmVw3jZnSXWlJjiO5TG7QZxtRtVBXYIMMom6BmyjTq
+        ni7jb8oJEpzkBB/1yQ03pifMtU6hyZR7HyeQ+rbJdZ2mnO5RfXJ6Bk5yeqbmM3cqEyqz/NgFuHOXO1d5
+        rP6DAaizl+NqmWXdqT6o6gM6p7pn1k9d1nqs3jgFOnvdV5DDO0AOy923FFGPrcXUfQMfg/8Q6vAMqMva
+        QjfMqScObRXaInzWdZ1W5VLHlTUBTpe1/TPbRcip7VTdDNBh2ak9d8vBFsBGqL2or5tVh/E42SLItF81
+        ZNg6SG2g2keVkw2121lIbXAt+6wwVwfQ4bPafCc2gBraxXpDkDOZxgZ0kJuBbJzkxFNfRI0g1whyokaQ
+        qym7ATFVw9g0glydcgNMI8iJnO5RfXJ6Bk5yeqbmM3cqEyqz/Nj1fwHkEPjgwzAHr5x0rxogB7DTLlaF
+        OW2bAHCmFORMNYJcI8ip3Axk4yQnnvoiagS5RpATNYJcTdkNiKkaxuYbDHKmMVd5Ohh9JzhwkhNsqJxg
+        xb2ugSDnCETfVrmusy6Z96kuOT0DJzk9U/OZ28uFKbP82PVtATnVFwE5BD4A5Hpu5WO6ulWrxe0FtzGA
+        uK68DKEdQnsFcAPAqWcOXjltu7RNawS5RpBTuRnIxklOPPVFdMvGyJknZ46Nc7qoGhdtuyH2m2a/oU43
+        vSHj48yHrA9d5CoI9kIi4gIEORUuewG0F1KVE8Q5Fn6WU2WBTHiD7BXPrIx2kKsP3kxpw+AEc9qgODU6
+        KrNxcgI4bdycZAIcVDfAoWF1yQHcVPYGHDIjU+uDOLvhgGoZGJfxcQI4NVwmuFkGzYI1D382im5wYxAT
+        o2iDtzrkNrIGyDkZZ9OIQ56GgXcCASc5wYQJGVANMLGBmsgJcL5iOY2DM9fZt32tMu+Ng+z310nm82io
+        7OUBspcZE+BU3QxVA5xVVk2Z5dkuez2w1xfIrE9Sp7SeOdRFlb3OemDd5l2iDgxn7vpttAEKcoA8gThE
+        rLre0b0KuINXrrq9YZhztT+mZw4A59ReYb12s0Jm+2e2iTeCORPi7EJ7bLbVppzadXf7b9gEsQvzk2vZ
+        DhVsjGZFuFEUq6MdczkqxNYZtk+BzoQ6ux1VmbZW7bACnQl1dpCDnEDuRjCnUqawc4fJInZmgTDWX2Wy
+        jhvglIds4+ScWMrUnS9uZE4KoqYT1ztuVzWC3FcEcmahNQvzvzLIqcxGqxHkLFUbtq8G5JyMtcrzS4Bc
+        faoBIk6wYkLMl5QThH2RdfZtX6vMe+Mgp3tsl9OzupGcyoQJcZAJcCoT5LxQxrCfAXDVsiDPLNcqez2w
+        1xfIrE9Sp7SeOdRFlb3OAuQ6b+E6vanQktZvow1wAjkEOWDZmwGwO47rAHLt11ptUOc11QEQsp7bKrMN
+        025WSGGuEeQaQc7UzYLcXZM307iVMXTbs+sct6tuadeqnqQJcu4LMC8OF2u7EXWBm116o5u8HuyW08OB
+        9AHqQ3UCuVpdq0ahUZmFyqnQNQTgVCbIOVUMu1CR1MV9I5CzV1ZV64W1K7i9EagL3lRmA2NvdOwQp42X
+        Cg2dvttVF8CZjalKuzzQKDcE4DS/lBPE2Q1BfTIhTmQzQuZnqNpw1e+tcBvAIN4PwrJNTgbWlBpi00h7
+        3gS0OcGCk2oAx1fkfXMCrm+DnK6loarRtaz31+H+1yen5+okLRdmWXGCOHSpioL4j4JLus2pjLrLr0MZ
+        N6X14ma7W53qpF1al+31XIU2ACCH1CMAOQgpSOCF0+UeW0ukq7XzWm6LXN2qVnvkSk3CwjqP9RbQqQdO
+        gc5sx0zvnL1NNNtLyN6m2qXtrr2Ntrfh9jbelAJdTajDn35LTkCnctsdwy456YuAHORkU02ba9piO8ip
+        3EBnQJ3ae6g+kDOlfKGy84dyisrOMSKTdewcxGxkhzkVWOq2iRstvbCB99tE3jMjaXFyGfWZE0bffWGj
+        HMPOX/I9p5U3Kz2RRpBrBLlGkPt6QE4B7qsCOTtU6GdZ1whyNeR0LQ2VE8ipzOdRn5yeq5O0XJhlBbKX
+        pf+LIId3pCJBFCtAreP6QqvNcQC5LuvyBOR0fBzaLnt7VpdnDjLbS8jeptql7a69jba34fY23lQjyH07
+        QA7vALnbX9xAo9dmkMebW+m+LTtp/MYcuvulDbzN2YvXCHKNICeyNxLaeKjMBsXeyJiNUiPIffUgpwbX
+        NMKmYfb8loGcT9QRkRMkfRvkdE0NlRPI6WfzedQnp+fqJC0XZllRaTkS/YuDHN7RPpgg15XBDSDns62E
+        um5Ae+IMcvgMj512sUJou9CWaRtngpx65cz20GwvIXubape2u/Y22t6G29t4U40g980HOXjhAHHt+Z4M
+        WBRLd/HnOycF0JOBeXTby0H0aGAx89ZX5JGrdUJ6wrYLkc91jIuz3xzIvHmANfsN1j5tx4dhAJwJcm4Z
+        D10LgbtAaEGxAZzKXuDMAmkWVBPcTHgz5VQZTLnHKNgqFSqdygQ2JwHinEAOMhsBeyOhjYfKqYExGyMA
+        nMpstExoc5Id4FRYbwc4J3gzZQc5syE3wU1Vl0GoAW2mHIwOBOOk75ahcjZkkMKbAJxNJqypahhYlml0
+        TUPs6TLSkJMRVzmBgJNqQJoNMJyApKFyAqEvKgXAWyWn37gVcroP9cnxPruegdOzcpLTs9fy0T3kgFta
+        fuoqYyqnsukuu0EWyJnj5pzKvgp/cFT2OmTKDnQqs+7is9ZbJ5ltgB3kzICHLhuKyHszZnookpQk9rFy
+        kL1NkgAIVxcstqm0XYPUK2d2s5oy21CnNhbSNtjeRmu7bbbjkFNb7wxy1VJ7YtoaldohdShATvYKqmXj
+        6oA5025Cdrtqt7tqj02oEzUQ5JQFVE7cANk5w+QQlZ1V7Dyj7OMkNw8ZMHfbS8xSL2+muyauI9/5ceQx
+        LYi+88Iaun3iJtE9GzIY5LZR+zf9ZR/ZH+z1wkY3hzWCXCPIieyNhAlxkFMDYzZCZuPUCHLOBgz6vwhy
+        TnBzK+QEY19GTr9xK+R0T+rTVwVyqkaQqw1y2N5Vc8ptda1ztT8qs01CAASCHwBz1vRe1ZGsZvsGeLN7
+        58y20mxDndpYSNtgexut7bbZjkNObX0jyH1zQe72F9dR74Xx5D03mm57djV9l6ENXagANoDc/Zuz6Tuv
+        +FPTF7fQg1vyqBl6NPn73+HjKIfdUpCTkzPBzS4XyNm7Vs2bojfKvHE3A3Lmw7I/SEgesFPuOFsBsRck
+        lVnYFN60MGohhczC+0VBDtAmlcaoVApyUsHqAjmHiqyyV3yzYbgRuNllNkKQNk5mQ+YkbfDs8KayGkv8
+        03XJAdpUdniDtOF2athVagjsshsNMRRqUGyGBmoIvEFuA2eAm8rJSNoNKdQ12JKnAW0qJ4OtcjL0TjKh
+        rQZENEBOAHOzcoIrL15vV3de/3XJ6Tft5+h0LTeS0z1skMxn5JLTs3SSU9lQKdCZMsueUxlVOZVphbua
+        dYDXG58hrT9OdUul9c+EOq2rmPrLrL+o2/a6b7YHADkdJ4fJ9bEMaNNxc5ZXDvtVe+VqeuesNslsr7SL
+        Fct2kFMB4iD10Jkgh7bUXK5PZhtttt32Nt2p7XfLwWbYIc78DBskdseQk72Catk4dWQY9tC0k6YNNW2r
+        KbW9dhstqgfkTJlcANm5QWXnDBm6ZbAIZPKKyuQZt8PKxj/KRfC+3TmJOYmBrcmkTTR4WSq1nuLvyFcA
+        ufs2ZdNtL2+l217cSK1e20zj1qXz+i10x4vV4+UaQa4R5NwyGwmnRsQuE+KgRpCrW40gd2PZAQkyAeqb
+        Ivs5Ol3LjeR0Dxsk8xm55PQsneRUNlQ3AjmVU1l1KtNfNchBMn8r6qdRf1G3Gwpy6qGD1EvntXmXRK8i
+        6KHzem5PGOJuBHIa9IDt+OwEc4A3SL1yKgW4RpD7vwFy0B2vbqO7Jm+nDm8H0fDlCdKNeserzmPfLI9c
+        joAc+OrOlzdR3/kx1OGd7dT0OYZC136NINcIcm6ZjYRTI2KXCXHaGDWCnLMaQe7GsgMS5ARS/2zZz9Hp
+        Wm4kp3vYIJnPyCWnZ+kkp7Kh+raBnE7Eb6+/qNsNBTkIy5JPzgVyXTYUiFcOQo65hoAcvGwyuwPvp+vs
+        bR7aRQU5O8xp24l3p3bWlNlGm223vU13avvdcrAZjSDn4gcbZ3wVIIcu0xErEqnbtO30nZe2iaftzsl1
+        e+Qe2JJL33mF95NgCOasSZvpBf9Cum1y9X5fCuRMiGsQyJkXa8h+U+w3DtIbWxfAqfRB2eHNVA2A04Lg
+        GhenqgveTNnhzZS74NoKtsqpEkCoMHaZFcyUHeTcYyBsFReV2/5ZK7wps5FwakRMmeCmqm9cnMKbXWaD
+        qKpuNF1yADioLoAzG267dL3Z+JvQpqphPGyGRY1PTYCrPU2RjoUTA+Ygu0G0G00YUydwczLEppyMuJMU
+        BHozjAyIO0L944+Qb6TD+CybnMCkoVL4cQIkJ3lHHxU1dN3NqqHHMPezy6nb98uAntM9d5J7LN1NQp1T
+        mTGl5aw+qKtRfjVBNS+7y3eQC+RMOdQRO9Cp7HUOUpBTiHPyyKns9V5leuAAcjpODuvQhsALh2AHmUh/
+        C4IguK3hNghjdNvLMiDOWqfSdgswZ49kdZICnAl1CnIqextstst4t7fdkLbrpsx2X1XXWDlNEuwktUWA
+        OnEu1CNHe1cH0KkTROVkZ01bLPbYZavl3cmW24DOZIEbgZzKhDmVnUlMZrEzjTirDPaBFw7dqT4zwqjv
+        smQZF4c8ceheFW4yOAqRq8pYt720QcbI3fai4X3D+LlnltNz24qoKViLv//1gNzLvA3rJ21z1O2vwkNX
+        rTsmA+6qhZvWf1EcRe05Rdd/8DmtSt9LbabyDReo4xtq6M43AHl849/kh+FSk7cAdtVqOo0fsE1N8NCn
+        8sN3qdk0LhQuNeHC4aSm0xn63gXQ1VbzGYA81iwGOwe1mA3Iq63mc2JrqcVcAF5t3T0P3jmEjlu6e4Gl
+        lguTa6jVIlTcmp+h1osBddVqswRwZ6nt0vQaDYldjSD37QY5NfwAgQFxx+je9DN0T8YJ6htbRT0YXHpE
+        HhH57GD4cskJOm5WTiBXHyyZMPVNkf3czPNV/auBnErLZo3y+zWCnAlxtxLkIHwGrGF8XO/AMhoUvIf8
+        AkqpO38PgCcBV3WAHNoy9cx5ri90r3NqC9FWmiBnjptrBLl/TZBrOcWfhixPo/ZTQyx2QkDDiy5WugHI
+        PbAlRzx3uu6OV7ZSUz5+y7cDqOUkPtYL/B3d2FDhR8wfVeFk6gQ5l+xdqpB5M8ybpDcO72NWJtLuU9fo
+        f/73f+m//+d/6A9//gsdu/wBb2PIM2++6yFB+uD0YcoDdepSVTl44twFx1aw7IUPsnvi3AXXqVA7FH7I
+        dF1Ddm+c6e62V0KpiFpBHSqvWbmdGgFtKLSxcJI2MioT3uqDOMiEN8gEN3yubhitrouGgBuEeRVV9QGc
+        U2OvulmAq4a3ugDOoRvVZcxMaDOXTZmGEwZV5WR0nWQ33DUMvSsHnAogAE/cuNQzND7lDPWLqSK/6CPU
+        M+oo+UYfE5jTZbxDCnmmFEKcAMZc5wQ9JiR9G1TfeZvXZZd5H/TeNFR2eKtL5rOW520rC3Y5lR+VWfbs
+        IKfSMmyXG96MOuD+U2OrP1adqq4/9cEc6qhCnL3uSv211W2zDUDb4LHZ6k4FyGEqL8CbeuSwDMEbNyKs
+        gh6Jr6L7oytpUMg+Br7qNskCumqIM9sxvKOLFRPsA9Dw2ak9RFupQIf9IEAd2lWnttcus60223GznVc5
+        2QORgw0x7Y1dCnMQYK5ZHbbM0ebVAXJ2qT017a2TTVZ77ZZhy+sDOXw2OQEyGUKlPX8myCmTmDLZRZnm
+        u8w6iCgV7uHPrd8Kpv5LUuguOKqUhVyc5ARykPLW7RO30kMb8uiuF2qzGPRIQA7d8eLWrwfkdB36eQFz
+        pvTiITvU6c1bkX2I/vGPf5D5+utf/0YTVsVQ0zfhgbNuvPkg9CGZD/Gut/ndBXO1xHSvpG9Xk3dqyixk
+        qrqArvms2nIq6JC9QqCymJXHrEz492TX3QssKdCZMiuwU2U3G4O6gK4R5L65IOdkpFU1DLsL4BQM4Gnr
+        HVVFfWOOsY5Qn+jDDHJVNYBNAQ4wd2MdcUs8ezY5wc8/Uz583XY5bTfXNUS3GuTcMqHNAe7MZy3P26E8
+        mHIqSyqz7P0rgBzUdYsr5chmbisMkIMAd123FNOA7eX0RGIVvZ53kl7LPkmPJxymXv6WV07HzKmq261q
+        zxyWtZsVy1hnbw8V5FRO3az29tdUI8jZ7PQ3COTumhJIt728mdq+FULD12ZT69eYj17dJt2rXwTkHt6Y
+        T03qmNHhzudW0T2IanXaWJ/sP2jCm5yUAXAiBDe8zAAH1dOtau9O1S5V3LzA3afof/7nf+h///f/uTCO
+        6P/9v/9H9y/aTk3f4H3kYQDkLKH71LFbdSpAjh9mA7tU6+padepSdXel1tOl6tSVqmrm0t1zUDksOXWn
+        tpwPzxxU3aXq1kJAXG1pV6ops0sV3aj2blV716od4FQ3gjgFN8iEtxpy5Ykz1WCQM2ZtsDfapuwNPORu
+        /OuBNxgWXXYGOWsQt8JbLYBzyex+UtmN4s12ozoZZlNqzO2GXpe1y7RHJMCNjVXUIYE4CCDms+NQjS5V
+        hRCFMhPgesUcJ7/YE/K9XjFHeRnrjrp03C3dX+EQUtBxAiKVCUQqE76+TjmdX0Nknrs5pk6X7ZBnejzl
+        OeD5ueDtpnQLoc78k2EHO7Nsq9xAZ8isK9VgV/PPkNY1ATquowpvXbdx/WNp3YXqq+OmOm22QK3blhJ5
+        hxdOu1ZlHX/utqWU+geVCby9lXeKXs89TU8mHZZuVkSydsMMERsKa7ZNLohToNPPAD3AHKAOn7VNBKzZ
+        pe2pAh2W269kYFtutcMmuOmyHeTw2Q50jgDHqvVH3w1zSW5wM3uAWjC86bJ2r8o6A+CcVAvqDJCzw5zp
+        EDFBTvVFQc6EOTvIOUEcZAc4lQlxkIIcOAgBC+KQesWfBi5OoJ4L4gTebpvEgGfjohrMVA/IfXfianp4
+        Uw7d/uKaGhymwvF9Zkd+XSDnb8nmjTM9cnpDTOnNe2pLBr3/6Y9dCGe9PvnBZ9RlGu8HarY9EDwwfVD6
+        AEVTq7tXVU3eBsBZ3rib8chpgVOZBVJ0E544CP9u7P9wUFHsQuWyxJBml61yqpwqsvmPzWwAtEHQRkLV
+        CHL/+iCn7wJ1DGDiVQNEuOBCQcNJCnc9Y46IfGMZ4OIY5lgAvPrkG3ucv+MMSiZAfVNknt/N6MuAnK5z
+        BLUb6VsOcnaIg/DZhDmpxw51vIYYxDy3lgi0wSPnHifHy+qVA8z1DSij+6IP0nNpR+mp5CM0LqpS4A5p
+        SRDNKhPrr7dk98qZIId3dLFKNyuiWjEWzgVq6n2zgxyWdVuHVdzeMsxpG6xtsrbP+tlst3W5EeS+XpC7
+        7aWtdOergdSceaT/Cr7vrzP3vLLJgjZmHzsX1WCm+jxyDHAAuTteWluDw1ToIb3jpfXfbJDDjcLNazkl
+        gN4KzqL3v/dD+s3v/0iHL71PrwRmVt904wFAeGCNIGdUUoeK3AhyjSBnBzkTyhTm4EXDZxMwVAogCiG6
+        nwV0x9wyPXJOIKfqFVdbCk89GPbsMuHKSQ3d72blBGkNkQlypuwgp2oEuWqQA7x5+vM2A+TscqrjptQj
+        B2DTrlVI1jPAWTC3i3z9d9PgkL0McPtoWPge6rltt0CcL7cPPV3RrJinFfOz6swOTkCHtk27WAFzWIYU
+        5EyZUKfrOq/GZ6vNNdtibZ+1jTbbbV1uBLmvF+S++1ogecyKoKGr06kJkv3yZ0lBwmxzmzE2TlWDmeoB
+        OQAcQO6uV9bX4LBqWSlJvjTIiYyTkhMzT5hhDWPjbneCNtfnWutdEpCD+Ab2nhVKCyIyaVnGAbp/ZZzc
+        bBkX5+rLrvUgFORc8GaqoSBnBziFOAjLdoirAXQ3AXEo8Fo5AHMmuJkVCLLDW33j4iCz8prwphVepQ2D
+        uWw2HibIQfXBm+qGEPclAU5VF8g5NebmP3i3DHBzkmlU7AbHgrja4KYSY+Z6h0zDZwpG0fMWAZx9HJwp
+        E+B0Wce/ARiq4Q7j3I5R72gLwABkdoAzYcQJXJykcAcvnEqhrXfcSZFffP3S/U2oc4I2+zpzvy8j8zfs
+        crrm+gToVdlBzpTeeyc5PWdHfQmg03JpBznIsTy71A1l3pD9T4/KrFPdtpdS+00MTgF7BKoU3gTkeDvq
+        YY066lCnneo+2oSuvM0Ncq52owvWM8hhwvwe/Hu+/qXUm3+nf9Ae6oXf523oTsU7ulcx8wM8c0gejFQl
+        6G4Vr9t6jO+1AM5s97BO05JoUINdJshVA122wBzeAXQW1GWI2i1Dl2v18BcT4tosQQYCVe1xc6ZNgMRO
+        GCCnMGeCHPRdtm9vpRygkIrTtKbgEtu1yFrgZlctW3eDsXJqUyET4iAT5EzZQc6U2HjYfBvQQfWBnMoO
+        clDTN0KEV8AngLTWb/rTiPV5Epmq7KJM43ZYmUxk5yUHkFPd+fI6um9NWo2uVXjhVPiurNONDZXTj9U6
+        MfOk9UL4oppOCSSvWTvIe3YktXyTQQwXbQCcSbomxLV5K5hGLo2h4UtiJUGfJOmz33AXuLkBTgncgDZV
+        jQdtgzezgNgLEmQWMi18ZoF0F1B7AXYo5CqNUIUAc2blgaq9cLUTADsBmymzAldX9GpYs0ObuWzqVoKc
+        +x/r/3GQMw0h3tVYQk7GVOVkfGuoHpBTSDNBDsAGmNNtst0FEOpRA9ApbJgAd7MgV5dMUDIhT+Gtd8Kp
+        WuoTXy3drycDnso85q2UE8CpnK6tPn2TQc5xnavMmjLLtOrLgJzX1jJ6LPkwxZ77IcWcfL8GyNWCOMih
+        TjvVfQU5HSOnbQZArjtvB8D5BlpdqL34uH2CyqlnANd/QJ+rHcKYOi/e3w5ykCcLk+jDS6dAB6H9A8Dp
+        eDkncDN7OdxalSUCwAHmoA4r0BY7g1y10MtiyWzzVaZtcNsKt02pG+QmxRZR4N6LtHrvR7T50FmanXvW
+        0Z6ZqmUH/wVADqyCd3CNz4IEGrw6g+56mXnnVXCM5aW7VSAHgLtnVYqMlTM5TCHuuxPX092vfkmQw4Hk
+        YPYTwwnDrYhuVb6I77yCiwyg4UvjKar8JGUcPEsPb0hzXbBT3jhAHd8sF8j5Tg+i3jN4HW6ueOD4Zjnk
+        j6udO04jVa0AB3ugg6iOAAfIHuQAIdDBHuxgBjm0mAmY40J5E4EOEPLFIdjBDGwwc8ghZxzeGxrgANUV
+        3KByCnAwZQc5s5GpD+RMgHOCOCsPk/Xv1Q50dojTBtSu+gAOsjfijo19PV2qJrxVA5x2p1YbHXeXkQFv
+        7i4kGC6Xahk6lwGsYRBdxrIumYbVlBhnF7xB2nVqGnCFNjfEuQBAPW8AOawDNChUyD78DphD16cd5pzA
+        xJQT6KicAKl+Acws+TKwQQpvdYGe7ufkwbsVsOfN982HIRfAifuC+4T13WOcr928Nwpv5jqVwrF6PiGF
+        Nke5nndDpUBnyqlcmdIy6DThfo0ybCvn7iEFxrACd50xpH+IoN5BFeR/8aeUceWHdPJHv6Yu/rw9eDd5
+        BvD3/fdSN4a6jpsZwLie1qjDTnXc1g5A0r3KsIYxchrs0J2PBWiDMGk+vHN+gQxy2ywPnnSdutoijKsD
+        wHXn73vz97vxOk/eJjC3vtAteOnQzrVfnS8gZ4c5bUO1HcW72cZC+scZyxbwWSCn76bM9touE+TactsP
+        tWG7oMut2V5AgLjW4jRgG8JqITaG95sVTxEVFyjp2If0/uf/TrkXfkjbDr5HzebHUCuGvNazoCRqMzue
+        Ws1JZJsGcEPwXk2guxHImbLDnBPEQaYjxg51NwI5U3aIg0yAazKFeWVKEN32egjd8cpmGrUylTryMbFN
+        nVEqBTmFOeWhumBOxEwFQMM7ukzBW/j+wOXJdNuL2Gbx1u28rd2bAdR9Zhj1XRxPXWdHfH0gh/03ZFbQ
+        7/70nxKssKP4MN3+/BrXhZsgV+2Zww1q9uoW6jN1M/m5QM4J4qCaIGdBXFNEr75tda82glwjyNVq5E0j
+        YEDcvxrI6Wc7yEHarWoHORPYsKzj2/CO/euCEFNOMKOyQ9GNVQ1yus70vim0merFMAf1STwt0s+Q+V2V
+        HvdmzxMwpwLU+cTVPIbK6R45SUHOlBvaHITnaZc+cyfZIU7Kj0O5MuVUHj0dulvt5fyLgFy3gD00a/dF
+        yjn3CV37+e9oxZ5r9GD6Beq9HWNWuX4GWF451Eu83yzIAeIgeNrQXQoPnRd/3w5yvfh37CCn7VHn9fkC
+        cIA5CCCnY+EgN9TxOzx02qWKd4Ac3tE2or1sKMhZwgT7aJMtj5zpfXOCNicpvCnMQQpxLRcny+eOS1Oo
+        67I08uM2e+jWnTQysJimJpZT7MEL9OG//5LSj12ndbtP0NANhTR4SxF5LEuk1vNiqTmS1M9mezUbXryk
+        fymQwxCuJswa7adtp8Hrc6jZpM283uIVE+KgLwJySPSrbIWJ9cFWt03aQoMWRVPLVwPJY1ow+c6Lop6z
+        Iqnz1GBqOXkrfef5DdZ+TrBWn/SHoJsCOX6fE7OLfvLL/xCQiyiqojueXem6cJcnjpdxU5rwTYNw8+5f
+        uoNGLIyQm3inDd5M2UGuHV8ovHhtpmySh9kIco0gV6uRdxmAf3WQU+Pu7jbFZxccAMpuBHJ4x3ZAXN+Y
+        E9SHhe84QYgTwDjJCYjqlwFy8ZZMgNJtJpgp0KmHzgQ5hTvTg6cyYdAOeabg5cMxhiafpOGpp2lYyinq
+        l3hG1jtds9P9cpId4vQZ1CV9rqZMcLPLDnFSfhzKlSktg55h1eoaWimqUYZt5fyLgNyEbL5X/nsY3Iro
+        6bgyejb/LC0qvUgPpZ6gkSEldF/yGeoevE/qZY067FTHbe0A1I3hDALIAeBUGB9nghwgzgnkLGEe1kLy
+        WLeLvDZa3jkdKwdQq4Y6zPRQM9hBvXJo+9A+NgTkILTDgDh0tapHru2SrGq5ulad4M0cYqPet3bc7rfn
+        dr7Dsgzy4GN6rs6hPgwofdflkC+fDyDOZ3kmteV9u6/ZSS0W59LC/BOUcPhjGr0xl7xWpNE9gXyPl6XS
+        nYuSqN3COOq/KZeGBxZRDz5W50Vp/1Ig14pBaujaDGqHXj7kigOTuBxOtwLklKmQOLgTM4b3nAjyeDeC
+        Ri2Po/ZvIegzkL77gjXrgzAYL9/x0kaJkG0wyJkA55bTybBMkLMuBPni+P2FdfS6fwrdv3A79X1zDY2Y
+        E0St37C8bwC5znyjHlibTFN4n8n+qXTPqkQaviCCuk4FqPGNtXWrat44U3hAw1ck0M4j5wUYf/Yff6DH
+        N6XwA7ceqgAdHqorb1xDQE7h7UYQZwc5AbR6IM7MGWdCmylrGi6MV1A1HOQgO8gB0EyAqwvk2nHlNhsR
+        E95UdoAz5QRx1TBndTlAaAxrNpCWnOBNwc2uG0Ec5NTI2+HNBDgT1uwgZxodO7yJUTIADhKDZixDMHqe
+        X3A8XA0D7II3LLsNtc0Tp8ZdPDUuL44AHkOAeuTEw+YCOVnP4GH3uul4OeSIg8T75AIUO7RATvDjLBeg
+        OcgHUPQF1TMOIHbSfaz6IA8ClPVNOuOGPMiEP5V+tw/D5Ii0M/T4zkv0dMFleqLwMk3IuUhDkvl7/Bv2
+        63S6R+b9VSlIO0mfD+S0Tp+vKS0PTjLLj7tMOZQ5szya5RPSclwv0KH8G0BX448Pq3PgXvIJKqPHMs/Q
+        0Mj9XOf28OcKGhZVRXPLLtCQkP30dMphmll0XurjwJAyujf5MI2LOSD7tt+21/LUcb0267u9HYAAcV7+
+        pTUgDh46n62lAnOQghzGy3kx2Ekgg0M7Bal3DkCH1CSYn1WjWJF2BB45RLhCGEMHuIMAdNgu7aQDwJnL
+        dlV3rVqAZwe4anBD25/C61KpI0NZR27bO63Ioq6AN17uzu1xzw2F1GNtLn9OFSjrytvbsc1os4DhjNWd
+        23N0t97vv5P6r0ilYetTqc/ydPJenU0t50TTsMASGsL3oO1cK6tCqznx1ImXe67IoBHbdtKAdZnUZWUq
+        NZkTKd46jAlvigDAG0AcZAYY1gV1CnAY747gxWaw6bDtbO8V5hTkFOYAbnaYMwEO4/ABaBbMBZLnnB3U
+        d1kK3fXaNuEVu+oDOeiOSbyehewdd0xi8HqNNXmreNyav7KJOk0LJa950dRtbhS1fyOAWkzaKMETzZhp
+        /BZG0XefXyfMha5Xk8vgxXsscNfXA3KmmvNNacLEeSer/ZQt5PPGBuo3J5Re2ppGn//iN/SrP/xZul9/
+        +8f/pN//51/pxNWP6bXgXGrxtutGg4JdN9t8CCo8nHnJe+l///d/BeSQOPizn/2SWs3gB84PVR5sPQEO
+        prTQaKFSmQXO/GcBuf9x4N+H65+I/iuxq77puFRWgIM1ANUSg5kpHaxah7RCawXXSm+Xet5UtRuORpD7
+        MiBn19cBck6eONPAw/CrRw5AoOsgJ5BTyEB+OYAc4KcuQIHsIFO3asKbKSdAa6jsINcjFufrEoMYpPtY
+        qt1F6wRyCK6A521Y2ml6JP8SvVpylV7ffZ2msF4qukZjM8/JvbF78pzukSnzHtclfT6Q+Rzt60yZ4GbX
+        PxvktI70DK6gJ7Mu0KCIcgEywFl3BrnBDHKPpp2iaeUfUq+IAzQq/jjN3vuBBE505H3QDXtvfBXdl3BY
+        vGkY99ZpS/0gB3Dz5jqNLlWVE8ghOrUhIAcJoDHAiXeOwQifAWlWD4TVEwG4w3HgoZMxdfwZANiZIQrd
+        rgpuCm/msqq6jU7nzxnuQAlsQ1ep6WUDsHXmdhrLHRjkOvG2brzOb+Mu6rmRf5vb6bYLk2Sb19o86rqK
+        2/RFydR6XrKAHKDPk7/fYj7bohnhNDX7JB+Df3dZGk2M2UtN56Tyd9Oo+dxY8lqcSGOCSwXsAH0YN9dq
+        Xjw1m8M2am4SefPvDOX7g25YnxV8frxfS7alluOjpg21bCtsrTpM6g98UIhz23M4Ym4ByEHN3wyigasy
+        qMfcGGr6Rih9d3JtiGsIyIGFAHHgo7te2UwdGdB6MgP0nBVFHaeGULOXN1JTBrrWbwRSq6nbqdnkbQJt
+        t728lbrPDrfmU7VBHNR/XhS1YY66qa7VukBO3YXqMqwP5CC9WNyAbtOCaG1qKf30178T6LK/MKPD9/7t
+        FzQztpjumMI3DTfaBXPmQ2gxNYzavulPfWYEUFLFSde3rdenP/xRg0HOXmCgG4GcCW92OQGcCvCmcgI4
+        fXcCufqiVav/jdWEOFVd8GbKhDxtUBoCcXXBm0q7UqUB5GWRqzE0ZQKcPTq1LnizQ1wNaFMZ0FZ/lypD
+        mQvcFN7wDgNiQptpjOqTGrQaxs5mEE3ZDanKNLgiB+OsUohzMu4w+gADc8yb2ZWnIAeZIAcBOuBx6htr
+        pQsBsAiIMNyZ4FKtajBTOYGXezsD1DdFvgxtlqrhDpAGkBuTfo6e3XWZ3tjzAb2z5yN6s/wDmlL2Ht2f
+        e1E8e7h2q9u3bpkgp7Lfb5X5fEzdCORUTmVEJX8AXBCnZcte9iCnsqrydAEdZAe6GnUhaC95MNB1Dizn
+        z/upR+AeejjtGPXZYf0h0kjW3gx1A6L3UY+oSnoo5QiNCdlDvuGV4o1bXnyGRsXw8QMqqOOWMvJkiBsS
+        cZgeTD5JQwN2WbnmNpWR9yau5/6l1JGBTNsEQJwP/zHTLlbx0HFbYI2VK5auVXjjkGoEkazd+F1nc3D/
+        qbS1V7LNBWoIoJCuVv7cZS1/j/+wmm0gEgOLl24DPHkF1H0jf4dBSqJSV/I+quXclrLaLuP2djm3r6w2
+        DGKtl1f/0e7Cn61u0Szy4WN7rMiV7W25DW+zJIW6MMT1WJtNfXE+a/hYy9OpFWzC/BSBOvkOA5vYlPnJ
+        0o0KAOvJENqZ17dcmEhNFxfQU1Hl0h2LLle8byg+S83nJ1Enl+cONgxptsYGFlOHxQkCeW3fjZDgB8nE
+        4FKzOTHUnm1aL76+EVsLqc9KBs+5vJ6B7q65KdR2RozY6rvfiaLWM2Kp1btsX99l6OP1LaYz+KnQGyY9
+        ZJbdbjEtUsCw3axI6sBw1Bq23gVz1hh5a9kJ6FRgCqQWufP1ELqdIa4jA9UItk8t3rLGx5ndrCoT5MA2
+        WG72Kn+etJ2+8+p2WYfEwC3e3EYecyKo74J48prJ3DElmBlqq8wC0ZaP3R6/j55LjHdzBTyIJvlTt5mh
+        dMeLRpLgSYA61osbaez6DP69m+hahWpAHNRAkMPJmFKYw5i4hzdl0tXvV8/aAJgzhRe8a+c//hE9sTXL
+        TcxQO745D6+JoxFzA6nrm5up3ZTN1H16ED3vn0m7jl2gzz//nM5eukovBqTzw3dBHB7sF8wd5wR2plfO
+        njsOcoI7leaOg0yogwBx+g6Yq1ayqKHzqtYHdias2QWY08aiEeS+GMipETP1dYCcGu4vA3L4XJdXDsAG
+        4ADMQYA5p67EahmQ5tK3BeT0nEzPHa4JkbKDU07Tw3kX6c2K92n63g/prb3v0+Td79F9OZeoX/JZl0cO
+        cronluwQB9W63y6Zz8fUtxHkIMDakOjDNC6Jyxl/B92rnVGfXCDnF15GA2P20yAux/dmnqZXcs5Rn+17
+        qGfYfuobfJxGRpTRuyXXyTewhDwYCjsF7LGiWbmeD4zYRxOSTlF/eNI3cXuxlWEP3jUGM4AcolRNkKv2
+        zhWRjJUD3G3eZb0z2AHOzDbJqc3S9gxAhyCH7twewePWZV11+4f2sbqtzBZvnBXxannqAHSaCNgp/UiX
+        VQxerihYtM3tWGivu6zIJA9e7sVta1++jn7ctgHQ2i9GZCoDGdsBeOw8GPIAdFjfcmES24dktgku5wDb
+        lXZLU8lzJQMjw5k6EfosS6DRgUXyuQ9fG2xS+JEPZUwc4AyevtawW7PiqRmDG7po7+X9O8xiwIOt4/UK
+        ck0Y2CRXKgvdq4C0VgxeXZcmU/+NOTRwXTZ1XcBg904I3e2yny35O61c+7o1I0oEoGvFNrgDb++xOIlG
+        bMgWeS1KoLthrxXgGgxy26n11FAauCqdPOfG0J0uiLv9NWeQgwBv8NTdzlDWbEoQtWCu6T4rmnouiCXv
+        udESYfqdlxnOmIvuenEbteTvtJ0aTK3eDKRmkxncXmZIA0sxU7njDlyMBY+cx/Tt7rFxEODvuxPX0n1b
+        8um7fDx0r35NIFd7flWAXKu3QmhecgX97W9/E2BzeinM/edf/0ZpVRfJb1Yw9Zi6mfrM2k7eb2+mwfNC
+        qee7geKNa/Z6ADV/K5haTwulwcvi6K0dBfTw+iRq9laQ60GCzKvHyAmxM8g5eeScAhzqGiNXV4ADQE4L
+        sMqCOBRQBj3X2Din8XEa3IBK4+SRu5uXofrGxdnHx1kCyFmyj4szZY6RawS5Lw9yJsC5jZyDMVQ5GVHI
+        DXAqJ6PsMtxfFch1j3N53+ItkINnDt2NdcOcAk21vi0gpx65nnGn3cK5Yh1gbXzmWXq++CpNKrpOE4uu
+        0tM7L9KorPONIKdl3AHkvLZznfEvpyF8D8fEVUn3KepS56AS3s6ygdyAkP003L+CuoWX0mu7zlNHroeD
+        Qguob8Qx6hu6h97ZfZUGRRyQOu+xqZS6bi6nLlv3SBetT9AueiTpJD3AwAjPHwAOEg+cDeQQ1ACQQxct
+        PHEAOXStdt/Gx20AyJnrNRAC3azSfbqev8cQhDawHYOUiNtLTNkFKNOgCEjH0PnwdyHAHWAO3anqkYPH
+        DQL0+W4uov58jt4b0M2KP+Hcti9Pp7u5jW+12Opi9VqbI2Pf2s5HUEIa3c1/+NssShN40/eOy7MJ4+HE
+        5rCdgBMA69/KOsrvbDsWJksABOyQf8VFhi/L0dCGhTF3ALZW82IF6pqx7RoVyL/HIIOuV7f9czk8LDto
+        zWYE26mAdifb1Hb8nQErkmnYpnzqsZQhkfcRaDM8cvgMwGvLdrQjH7fbgkTJ5/ZwQAE94J9HvZayrWTA
+        u1mQ67YwlgavYhv6JiJU0fsXQk2nhNAdU4LrhDjs14qPjZxyvRbFU4fpvP+rW2QeVOSVg2eu+aQg6jR1
+        B7WbFkJNpliTJKhTCxGqGqVqQhyEtCOdpwVKdKpy2G3PbaRO74ZS77cYAp9bQbc9ve7WgJwd5kR8gion
+        kMMNaM9QtS7vsHSf3uj1j//+byo9c52Gzg0WgOvNQNfh7UC6yxXgoHI/JMOdCk9cjYhVDIg0ulXvnhZB
+        bd/lmzwjUjx3Frwp1MErZ8Fccy5kWFfDC8cFSmFOAhsgVyGFWvLntkz27bgwt5ptbUOBlnFxNwA5hbiW
+        8xJl0GkH/geFithyHv5JWd62mwE5eOG029TyyDkLEKcgpxAH2aHNLkCcyg5w1ZGqlm5mbJwJcnaAM2VC
+        nB3kNLKtfnjDWDiFt+oxchAMi47rMWUaKFN2iPM0jJzKbgjtRrOWMXWNZ8KyfTycqfrGxUEKcVbwghXs
+        4AQOkBNomAKMoLsRIIcuR4U5a5sFMnZgg5ygqT71xJizf6JqnAufv9XFeoKGpp6ie7MvisYxwI1MP0OD
+        kk/RgORz0v2K/eDFwzXbx8zVJfs9VgHanJ6RE9TZn7kppzJTQy6QM1WjHLpkL7+mtIybMIcp6LoFM5Cx
+        xiadouHRB6h/JO9rr1tBe8Rj1yuslIbEVIp3rXvAHhodf1TmPfWSGR54e/BeGhheyfuV0+Sci/RE5mmr
+        7m8rl3ouY+V4GdGpPtuK6Z7oIzSB728fPo9Om3ZbdZ4BCCAnk+i78ssh7YjMKLGpyB3BCpCTSFVuj5za
+        LZHRvqlnDl2rADnLO2elIkF7iDZS5l11dbNqXjoBP3j0+PtdGPaw3RpDh3FwGeTBf6J78n5+W/nc+DsI
+        YMCYOHjVxEPHIIcxbBA8b93xp5nX4Q+8vXfG+sz2gW1GNz4njIlz9+zMT6TmDHhtFybQUP9C8eh1YBvU
+        ZUkK26s4mhhfKQEMGrzQbkGq2Ch45JB6pCVyyTHYDd+cSwNWJcnQI3jjTNsow5FcdtQU7Cvs7N0z2CbP
+        iiTfJXE0aEMm9V6dTl0Y8tBl25ntqQf/XleGJ08+/6683HNJskSVDl/P4Mq2ssU7bOPVYWMDOWUFgbi3
+        Iqj5m8HUd3kiec2PEyeTgt1dDHAYGwePXBN45V4LoKav+VPrt4Jl3158P7qy/W75dpBwD+BNulr5velr
+        gdSGeaMdnEeY9cEFd3ZWcjOUC+RqeuS2UcvJm+lO5JF7fr1sw3i6+zZl020vrHOz2T8V5DpMC6WNBUdd
+        qFb/629//wdlVF2kFnxD5AYbJC0pR2SdlQgY+ePazwinvotjqPs8LhQMdQpyzQByri7VzjMj6eEt2bQ0
+        6xCt4/PYUHicluceptdjSqknk3lTDJp8F5EzvD8KBbpSGeg85sXQkJVJ1Jn/fbTgQuf2yrkgDv84ui6M
+        owf9c2gJH28tHxdakX+UXoosoZ7LrPw66DpVmKsBcgA9rkgduBKN35pDs9IP0tqiU7S++DStLjxBU5P3
+        07CNXLEF1LgySRdrHSDHlRIQ15YrrveKNHoyvJj/VTGoadeqA9A1gty3G+QU4m4FyDUEMLANwNI3oTrS
+        0/rOvybI4Vpxjf2TTtOg1HMMbWdEfRlOAG8YH+fnioAdmHhW7ovOOmHez7rkdI+hrwvk3GXrFoOcd8h+
+        6hVaQaOTjtPIuGPku90KDMIMEDXqVZAFcvDIDY3lehF8gHry5wERB8gvrJLeLr7IdZXrsf8e8g4sp8FR
+        h6gTg9oIhrxXc87RqGius1znZTaIgFKBwO7+FfIOcMNcqcPCK+i+uCoasL1cPHT1gRy6WqV7ltsgtEdO
+        7ZaoRvvmAjaGNHStdmfo8uXf7sW/gVkh4HHTthI9HHiHZ85MGNyVAa43f29ocDkNCNpNvTZz+7gyUwIY
+        2nN7jNxxLZfyH3R44HgZnjdv/n53/j6AD4EPADtswx93O8gB4jDGDkEPbRYkSv44dLl25P27LU+m7vwb
+        7+bwn7S12TSAQfbBkCIa7b+LnojdT2nvf0r++9+jhxiih/O6EYG76f6wPTRy2y7qvSaLfFemU4/lqdRl
+        sRXYMGILA+s8Bjy2edozVR/IiZeO7Wgr3hceuc7zksiDbaLngjjyW55CY/l3xmzJlyhawB28b+hKbT83
+        QbpVOwIWGwByCIzoszSJ/JYlW5Gqb4dKVyoYA2r2ZqjAmMescPJdmkKebJ9b8nfvnOwv+8NTJ+DH70hJ
+        guCItu+EUwtmkCbS3coMJD2TYB8bI7l0I5Br9vJ6ATl8RjfqA1sz6M7nN9JtL1WzWb0gV2PQnSH3j9UD
+        cuo2FJDTuVYNAeTaTg2hlVkH6R//+IcL1+p+/e0f/03Jh6/QHUzEcpORfgQDEAFwhvBwWjEgPh2QRXlV
+        52jLzipq9Q4eGsQPkgGuBT+8UWvTaWXmfjr34Q9q/f5vf/d7iiw7Ro8wiLVn8se/A42e8VoQS3MSS6ng
+        yHlalFZBLeEmBsQB6KTgxdJopuU1eQfpzAef0t///nfXUa2xfp/9+88puPQ4jdmUJfsC5qRgu3Q3PnOB
+        9+aCNSt1H+059x7913/9l7uLGe9//NOfKOfoJXo9fg914Yos/6AY5gBtqtaotC6hEqNyrs2vorMffI+2
+        FbMB58ppeecY3gBzhtphjBxLu1br607VxsiUHeBE6xjI3HLuToXsECcNZx3dqaq64K2GbPCmMiGuJsgZ
+        YsNSl5zADYIBM6WGDXIyfE6GUuSCNyeDawrAplKIU8Otxl2lEIf0IXWBnAkQChd24FBQg3Q6LU3boVGb
+        SI5bY3yZC4ZM2WHJBKhvpPi6AG1DU87RwJTzAmz9k84K3EH4jOuHsDyIYQ6AZ92Tk+Qdw9cJwJVAiOp7
+        aL+/5jMwZX9WpuxAB5kQZ5dTWXLrBiAHOZVlSMs6ZoDw2L5PlnuHVopXbVhsFfUMszxzWn/cEa0sHUPX
+        M7yUBsVy3QqoIN8dXKcC99JIhrbhCSfo8ZRj1In3wR8zv5AK6h/OMMjANTz6EE3MOk2Ppp0QMOsWWCYe
+        N4yN07ZAo1YRlTooZC89mHSExkUfJo+NO6XLV8fIYTJ97IuuVgW5DrxPe6QXQbvkarPwud16DBNBF+ou
+        6rKhSMbIYWJ9BElAHrwdQnoSL14P7xy8dmgvtZu1LUOaDwNg/0C+bj5vPwbOzhhHx20vIK0L79OV21Sd
+        f1XG0PEf7i68Dzxv2E8iV13JguHBw3ewHmPoZBwdxtvx76ALdSAff9DWQuq7IVeWod6bCsh7dSZ5rUii
+        8QHF9GDobklN0nVlBo3g6+uyPImmZ/P9DyuhxTu5DeFjTQgro+FbdlLbmTtkvBzSabWbE09efC5eDD89
+        lqfL2Lfn4w7S03GHaFTALhrlX0L912dTr1UZ5MPX4MkQiS7Slu/uoNYzo6j9rDj+nCAAh23d2U514+N1
+        ZtvYjo/fhiEQArD5LU+j/msyyY+P1XlOFHWbF0ud+FgKcHdhSBTGwr8dwZ9DBdbw+e63g2kYn1cHeACZ
+        G777pjVLAyCsy6xoy9s2O4LaTefvvRFijZWbEkTNXg+huxjStHu15Vvh1I6P15qhrzlDHcAOMp1ZbinY
+        maxkcBSk3axgrdte2SCpSJq8xMw0cRsNX5lEbV7fao25e4nfldVMcLPrloGcywtnCiDXnG/MW5HF9Ic/
+        /tENKU7C61e//yOtzatyQRyI2VJ1EmBLeCDdmJ7DSo7I95DKpPtseOEsTxy6U8etTaXiU9fcAIeu3V/9
+        7g/0i//4Pf3pz9bME3h98OOf0vNhhdSCCxf+JQDmJmzOpKufWsEZf/7zn6kt4IsL1N34N8GF6oFtuVR2
+        /kP3sf/7v/+bfs3HxvH/8pf/knUAuoOXPqR7t2RZXjmR5Y1ryQXVc1kqBRcf4XP5s+yP8/vtH/9Ev/zt
+        H+gPfH6aWgXHnZNcTggft3vizO5UaNTWfPc5/eW//kqvxJRSB4Y7N8wZMj1yjSD37QE50wsHqbE2jTr0
+        VYAcPgNwFGAU5rRrsSEg920Rrm1wylmGOAa05LP1ghyk2/smWBGvGF9X895V30NT5jMwZX9Wpr5pINcl
+        mOtG6H4JUBiZcJwGRFVSn6gqATYBvHpArkfYbhocx4DGdbA3gxrq69jE4/xeTq/mctkJrJA6C88culn7
+        RR6kLgG7xdP3KAPDC+l8v7mOAsbgiUM74LHVCnaA0PWK73dGSoxtxXRf9EG6N/Ywg1QJ+WAWCYY3jJ0D
+        2GH8HOZkdbdL6DYFoG205ljFXK0YUwdQQxoSQJq0f9zWiXgZbSPWC+TxPhq1ijFuA7eXU2+GR0+GKgCa
+        HJ8BD5639gxLUKc1Fsh1X5tDPvzdwUHl1G/rLuq1uVCS+QLSOkv3K4PRamtcXJ+NhdQPY+h4v35bGNo2
+        7yQk6+3H547vtF6IHp00/vOfyH/iU6gb2wOJWF2ZSzPyT0t3KxwLXvz7IxjAno2ppAFb02lcwH4KO/ID
+        6sG/1Xx+GnksSaDx4fsYjNKp48Jkasog1mJBupVeazYvz0sRh0XvJUkCcR3mx8p6wFiH+ZHktSSeQSyN
+        Bq3LopFbd9KEYMsDCN0bkE8jNzAMrkgn74UAPIYwhqvm0sO2g1pOj6bmU/mdl72XpgqAjtrCwIuxebD7
+        zAR3AehYd6LHjrmhC8PgSL6HTd4OohZvBkgPns+ieBlb13lmOLWYGkzffd1yGgHgzDFyd74WILDXBkOy
+        3tlBLcAk6E5leMO7LtcAONXNghxDHDxytz8P79xa6j03StKX3D4RfGaMmzPBza5bBXKQUqpKL7jH7B2U
+        efCcwEpdEIf3tANn6I4XVlsgx9JuVXN8nLpLvWaGUvDOA/Ld3/zxL9RzLkjceuht+AGlHDgnMIMX4ObY
+        5fdp4tod9PCyMApI20m///NfZBteZScv0cjVSRbITY+kR/1z3VG2//W3f1Bbhi8BOVbLt/wpveq8+7z/
+        k8Gt6vxVmrQ5hp5eG0kpJfvoP/7wJ9mGV+rBs9R7meWBU3VcnExr8g4JAOL1v//7/+js9Q9pcUwOPb56
+        B21MK6Lv/+hz92/89W9/p2eC8/ifGOCt2m2uAAf5rc+lgtPvu+8pQDD1+Hs0iP9FAeTsUoBrBLlvD8gp
+        xCHBr0Acusdcxto06tBXAXLaZarzngJe0KWI5VsNcr4MUnWpofs77eckp/0BZUNcXaqAOhPkAK66Du8Q
+        1sEjNzAJ7xYIyr0w7p+lmvfXfAam7M/K1DcN5DADhN+Og5L/bSC/I3DBO5SBK6jC2t4QkGNg6x3K+yBY
+        IcCalqtX+GF6c+c5ao9IV3/U4z00KIABjI+LsWyINH004yS9mH1GAiE6bGNg4/YBIIeuVICclW6E6/zm
+        MvLcVEYdNu8m762FNDaygp5J5j8lOEcGOIAc9vXg71vfAdhhnlZX8l+0UWi/1uyiTmuLqPO6Ylt7t1O6
+        WNsxIGHZhwFxcMheGs33Yhhfb891eQJ1OJbn2p3SPYpcb+iOBbi5vWr8jnxvgLHeG/Olq7UvXwu8d4MD
+        i/n6i3hbPvms5/3WZFLnZckyVg6RqNYUXpaXzot/B+DWZnEidVuRRj4rUiUNSZclbDt4X0zTNXRznnQ3
+        NpuXKF7Cjgti6LXEKhq+JVvG1PVfmk0bCy/wMfn7y1KoxZwMKyfdolR6NLhYulvb834IesCYOnSPtuTl
+        OzHGm4Hqnm1F1JVhrtO8WGq7IJ66LEqmnovTyZPPs+sSdMlmMuDxec9JotYMhQiEaDsjSjxtGA/Xh8Fv
+        0KpUGrI2mUbzuSJSdRhfNzxzA9dnybi8PktieTsvr84mT/wuQx1+e/D6bBqyOoW8FsVJYmNPvhet3oli
+        WAunJm+G0e1vhcu4OIyJu+NNC+QwNq45r2vL0Njx3R3U6u0QuuO1rbIPvHSy7yQGv1cttjHZp4ZuFuQm
+        b6a7Jq4RkHt0TZaMs7vtxS2SjgTj7dysZoKbXXaQuxG8ifREMahPVNsj556SywVzPd/dTsevfChgorCh
+        oILXrqPn3XOtmrM41OWR85oZRiGFB+W7v/nTX6jHHAQ8WN2q0+LL6Yc/t6YJQ7RscOEhiXa1Ahus4IYB
+        s4PEO6fnsCqviiHOGiP36LYcuvy9H8n6v/z17wJy8MRBwRUX6Pf/aXnd4DkLLz1OLaaHyz8RHRfw1OYk
+        +tHPfiX7ACI3l54RgENhx7sP/8P55W+t38b2pL3HuLCZ0arJNG5zFh28+L4cA/td+cFPJMs2AM7JGzdy
+        awF98rPf1Livn/zbL+il2D3UHuMoGN5qe+MwHYw1Nu5mQK4mxCFKlRs5lv4zdTd6dUjhzYxSdYI3lQlx
+        KoW3+sbFQdUAx1DmBjcdF8dGhQ2IU9Jft/ExhO12mPNUY8ZyMnZOhtEtF8DpeCUZs+RgbNUTB4BTb5wa
+        aTXkatxVMPiIVrVmaTghUId1JizYoaLm+C47gFSDHJYBKb0Y4gTmWAJzCQC2amhrKMiZ8PXPVM/4M3JN
+        vfl6BqahS/WsjIMDpAHi+qecc4MchG2Quc434Tj1Sz7N+1v3Rr9ffW9r3tPq+10t8xmpTJBT2Z85VB/Y
+        OZWtGrpJqMNnjIkbm8h/GsKraEQ8lymGMXS11qgjrvqDcXKmEB3uE1rKIIe6t496bC+X76P+3cf3zSuo
+        nIZE7qUXdl4mj4AK6QZFPe4TUkGDdvBx/fdKHR/N1zshpoqeyTzD8FRKQUc/o+AzP6Y5hddk/FwXBj4I
+        34cHDkmB4cXrH7KHevkX01j+zWcz+Hlt53Zic6HVLnE7hYnzuzJoIcoUnj3vjdb4OoCfF7dLELpWkXgX
+        3rZhoWXi6eu2Ht45buukTcwlzAqBJMKAK3jnsH+fbcXU179EPG4jGGjH8rkMD9pN/Tcx7K3IEi+Zdp9q
+        WhIIsAfBo4excRg7hxkdMBYOaUcGbttNA/nPu/f6POrMn1uzbUD0KgIZdPzc3fPjyYth79nEAzLjA8bM
+        eSxJohdSqsh3aZJ0uw7h+9pteTbdG2rBWqe5ieSxiiFwfqK7h6njkmTquDCeJkRUkB9/B8DWcnaCTNvV
+        kaGq66JE6rMmgx4LraDuDIxIP9JuXhx1YHBsA1uJ4EEGNx3SBFXbaFO83zu8z4xYQqowpCNpMzuSuiyI
+        lbFy6Grtz/fiUYbczflH6MOf/pRGrYyVMXxDGfJGbimi4RtyaTAD4ICVaeTHcIuUIV3nRJPH7Cjq/G4E
+        dZmxgzq+EyawBlBTz5xEtapjaTKvcwmRqrfzfnBmQVaE6lZJMeIEcpDJVaKX/ek25i1Mnt/i5U3Uj+9v
+        m9eZo4w0JDVYzWml6isHOZdnDgP4fN9YR5n7T9KHP/opfcag8+Nf/IYufPIjSireR/eviJabZQ1C/IIg
+        xySOQYtxFafp967u06SKU9T29a1SEBDQ4M4bx8sPrYykn/3md7JfQMkJajfTilZ9ZFu2I8i1nR1NGcev
+        01///g+BpcT9Z6j5W4FugINkeUYkrc7eR79gWMOr/PwHNGxNshT+NnNj6JktyRKhi2N88tNf0YiNWW6I
+        Qyi4jIdj4HtgaxYD4S/lGOhi7bE2xxHkunBlfjd5L/3+j39yQxxegNgVhSfIc6XlhWsEuW8nyKknTiHu
+        nw5yDCYq9czBGwUvFKDGCdbscgKpL6Je/NuQ07abVa+EswxxFrAhwAHLCmgmyAFWJS0LLyvM4d5Bvomu
+        mSF4HTxzGGeHZXgxrWhfu2o+A8h8RioT4FT2Zw59nSCHCNWRyScZ3A7SiLjD1H8Hg13oQfKw1xFX/QG8
+        dQ+uFNlBDkmDvQNLpXsW9XJk1GHqwmDVa/tBmlZwgl7L5OMzcPluKyRvBpWB20toRBR/n4EIiX/7Be+l
+        B1OOUMTpzyn+zEcUeuRjCq265s4nByE1iV/gXhkb5xdYzjCHIIgS8QD2Cd5NI8P3SRqT8dGHyBftCUPX
+        M8nH6Y2so+IdQ3vVaV0ew9hO6sEw14+PMWD7XhmHhy7SbhsZ8ngfjI/rw5A2MHiPeNIGBJUJ6CF9SK8t
+        VhJhBTJEpfoAUJEseLXVnkreOPScuEBNu13NfHNIM4IABu+1+eTLoAhh7Bvgrd0SbtvxPT4OAA+55O5e
+        kCggB9sCGzIti+/vinRqzlCFsdWPJxyiXgw+/TftlEnxh2zKJW/+bofFSeQ1jyGLbRu6dDuyjYIda8dg
+        h5kdAG2AM5/lSfRAaAkN25TD0JYqMztg/Bwm5e+yIF629V2b6Q52aMYQV0MIMsQ4NgeQk6wT/A5PXbdF
+        SeTDQIgccOM2ZNOjQYV0j38ejWIb+mr8PgG2sVtyGfriqckbAcIKUDNwA7MEJsSXYIWpwTJdVvf5MeQx
+        K0KmzfJdkihTdA1iKB3Bx4GGwPvH8NePQdRzDsPjzHDqOD1Evt+Sj3/Xq0j4C3baKCx0MyCHYIqh8yNp
+        0+7zFFR6nt4MSaPvvLBOcsg5sprTSpVj16rtB+0nVA1y1TKjVVV3ujxyTacEUddp22nA9C1Cvz4MM94z
+        Q8l7Vjh58Q1sMy2URizeQSOWWjAnQQ51gJwVmcrfm+XkkYsgX6btEx9aEPa73/2OFqbskYLQfJqVYkSF
+        AtKFST6k5ChVnLlKz27Pc3etPhZQs2u1HfK9cUH2XhBFxWfeky7i3zE0rcg5aHniBOIwfs4S1j0WlEdX
+        Pv2JdHH+8Bf/QdNTK8Ub57s6g0rOfeD2nB28/gPqzYBmBTNYeeNaLcCEx6nkxZVhQ0EVVV37Hq3LOygV
+        SUHOgjkmeAY5uMhLLnws54tjHjh/nf6bzxGvXSev0Jht+W6QU4izg5wTwJmqG+KsAcCWsOxSHfCmwr9d
+        hbj6YK4ugHPLgDa7AGsKctUQZ0ngLciCNpEL5ExwU5lGCWpIN6rKNIJiIF3wBjkaUxXvC7AzvXFqpE2p
+        AfeCoeZ3GHh3tCqDg0qBwAkc7JJ98R2AhwvYTNWAMpdnDvACTxbeAT49Emvup7Bk/3wjKajVgLVkXr4J
+        mceodSxDfonnqF8SIO4CDUy7YAFakrUNENeXJev0Gvg6cc0YQ9eL9+vB4Ib7g/3xGxbMnaEBCQbk4p7K
+        fcYzsd4bCnUNATmVE8iZcixzLLN8iozyCyF4oXs4l0sENTCkem3fI564gTGHGey4/rjqBOqIWWekHgXt
+        5f0rXLK8cr0iK2lYIsBuD3mF7KVeXGeQGw5wNTz6MN2Teoz8D1ylqs9+RasPXqNpO0/TnLKrNLv0Cq3c
+        /x5tOvEDWl35KW2q+oy2Hf8xXf71X+jDX/6RfvCr/6STP/wVreLvLiu/SPOKztH0vHP0asYZeib1CD2V
+        XEWPxu2n8ZF7aVgwQ0ZkEZ/DTmq/JVs8Z8ND9vDvXKboYx/T9qqrFHj4Q+rL5zg+rMrdXTqIQW1I2D7q
+        w0AIcOuxBWlIMC6OgWoNt4Grcqktw1n71fzndrU1Hg4BC738d0t0qzfaRVdAA6JZEcmKthjQJpGo3Ga3
+        WWrNumO13xgXlyOpSTBuDt21CGjotiabevFvYm5WdK9KF+sSaxovBEaIzVhopR1B123PVZk0PrxUen7g
+        OHh4Rzndzcd/nK+l3eJ4cSj0WFNAXvhjz8B2z2YAYZpM4+W9km3V3DiJgEWqkq5sf9BN2m1ZOnVbjjla
+        c+iJiD107/Zi8sAYOd4XgRGAN4DioHXZ4oWDrb1jxg6BuLtnMXRNZ4jDDA9sf9vxOszjCpDstzqLeixj
+        cEV6rndDyHtRrHjWRqzLov4rGBLnRko+uomR5eJVa/NuJI1ZmyvwdgcAbmo4c0OIjJu7e2oEtXknitoh
+        AwUiTt+ycsypx82UeuMQ0dqUeQTzoTZlaGsxJYABzsrGgd/rwTDYa2Ec9V6cQANx/WuyaNCKFF5Opn5L
+        kshvQRx5MwBiYvx2DJB3vxZATSZtkYnw73h+DW3OP8iqopzj12lL0Sm6YxID4QtrnVnNaaXqqwQ5jJO7
+        i0Guy9TtNHBmALV/kwnW5bKUwYXifbNuXOepgeQ3fRvfqK3WjZQbfPMg14dp/dz3/03Wf/+Hn9ErwQxo
+        AnLVEKdCgfJeGE99+Ka3nw03L0BuR50g57comkrPWiD301//lual73d546ohTkFuyKokOnjlYxkH95Pf
+        /J7mZB4SkOu3IYcu/9jysgG6EivPUg+uWKhkmgAYIIfK1IYroffKDBq8LoO6M9Ths0IcBIhrx5X1jZQD
+        9Iv/sKY/+8Uvf0lDVyfR2fes3/7rX/9K83KOSENgqRHkvg0gZ0Kc2xvHBvqrBjkFjYaCnH4WLxQDDcAG
+        0ALPlLmfCUx21QdXus2UE6zVJ8djOPxGn+Rz0qU6OO28XAu23QjkcN0AOV1v3jN47nAvtPsZ4wmrYc5J
+        tZ9HfSCn0jJgygneTDmVOcgsnyKj/ELeO/jYIRU0OpWvN6yChjDM9ebfkzFvXN61TjiBHACue7D1Dm8c
+        PHMKcuhaxdg5P4YJTKyPiNV3y6+Qr385TS+9JtD2fMZJmpx/mR5MO03eAUUy/Zcf0p2E7aV+O/bR+PST
+        lHzxR3TmJ7+l9377B9r/6c9pIP9e7+2V0pU6KKSIRkXvpcfiK+mJxIP0ZNIhmphylF5IPkIvZxyjSdkn
+        6cWs4/RmwUl6p+A0HfrJn+jD//gD/dsvfktl732Pnk47SWOi9lLfgALqvj7TmgwfAMVw1m5DkUS1Ijq1
+        85pd0lai3UTXKiJVkZ7EZ0uRC+Bck+rzdwF3HVej29RKTSLzsTIswSuHaFWMn4PHDkKqEqyzxsFhO6bt
+        yhWwa7883ZowH2069sFwGhbgDt20nRkCvdHNy8v3he+hzosZjJZk0ePRe8h7uTXN15jteVaKEoYm2B8v
+        BiUENEzPOSbdttiGIAdfhisPhizAmyf/LlKReC1F/rk06sg2qsWCWDn+0K07BWyQ1LfpvDhqzuq0NIFG
+        bs2nVmx/W7wdIWPhfBgEe/JvoSsU4+faz2M7yHCHwIXWbJcR/DCE7SYiYwF4SA+G7BHe8+NpesZBmhDA
+        AMyfEbEKr93otQUCcE2mhkiwBLZ1mhUrU3opwJns4SRJU8KcIr2JLlapMf4f4+RYt78WIsmAb3ulOvDh
+        u5MsYTou1d2vbaN2rweS1zvB5MdgN4w55f616ZRx8Dxln3yPwoqO0KaC49Rk4nK68yV0tzqwmtNK1Rfp
+        WtUgB32Xi9N3vVC+AXITJgdQl7cDqN/M6lBeuUG2G4c5Vp8LyKLEipM0bm2KrLPyxtkCHiRfXBh5zQ6v
+        CXJzrem5enOBOvPJ57L+w+99ShMD+R8AgxyCILRb1epaxQwO1X3zgDgREz1A7oqra9UEud6LY6j83PsW
+        yP3mdzQ/o9IFctXdqhCieAYsj6d9Fz4QmPr817+nWVzgAHIDN+bR1Z/8Wo4N8Irec1LGzFkeOf6HBIhz
+        jWewC/+KJN0IPHEub1znxUm0POeQeP7+6+//oOCSI5JeZGZyOf3id1akcPyBc+TL/xIU5jTAARnEG9Kl
+        aoc3uwBxdeWMg+wAZ3ap3gzEmSBXX5eqwpslhjQHiKvRnerSjeDNlBosqD54U2mXVQ05GFJIjC2DHOAN
+        QQoKbVhvBzgnw66GXwIdGBrw7gQJChAKbZB0D7pAxC4FGCdhO2DIzwVzABtACwSos0OTE3A5qVfK2XpV
+        3344F7vMY5uCRw3dqUPSL0miX79EXg84c4HcgNTzAnICYnrNLlhFF6xCrNO9wr1Q75xGwOIe4153jztO
+        3vF879Fd20CgUzk9exPm3GXEADiVU7lTaTc/pEDnE3aIuoYfpJHxB2l4zHHqsuMgDYvl42M8nKvcm3XC
+        rCvuOhTCEMeSlCTby2UZwRFj4w8JwI2N3kfPZp2he5OPSooQz8376Z28ffRY1lV6t/QqvZB5hpBceELc
+        IRoRv49mFV2l13eepjExh2g0H2dSJj+TqEoKO/kjSjz9E9p08BotrvyEhmwvo/abdnObgqTA1fOwIqCh
+        V1A5+SKQgIFvROQeGpO0nyalHqeH06voCQbE97jt/uTf/0jrjn0sXanoUvXYWExd1pdIHjoEWUyI3U/P
+        px6iZ5Iq6cHIchq1HRGuBdR1fQ715OvATBRteH8AXxt0q67JlG2IXvVkwENqkS6IVuVlr407pftVomJd
+        k+VX/wlnod1emiXBDQioANRJrlCX5w6BDp0REcvwCGjrziCHFCeIcsX3+q5LowdDSqjToiR6mp8fbAjm
+        RQWMYUxcUwYr9BphnlbAXXsGs5CjH/L3s0WAuz4MlH3WpAvcYR/PRWnkuSCD7p6fTk1mx1HTuUnUZE6i
+        qNO8aOkGfYOf0VP8u178vS4L08iPIfQe/wJqMpNt63RmA0S9su3FuDV0bY7dWihpTTC7A+wyxr4D3pq+
+        Eyv55F6O4+fF96/3ilSGtxiZCaId23MkGH5gEwPx7Ehq8y7v/7aVT84uMAXSjUieuDerha5XCJ635q/5
+        y8T2SEOCsXMyRRcCH1i3vR5Ct/H7XQxzTfm9OX/2nBFGPuiinR8n6s723oMhtj3zCqJe74KDi/kKYIcp
+        u257fi0F7L1Cm3Yepq35R2l90Rm6/ZkV1HRSoDOrOa1U3TKQc+neVYn0btQums4avTyOevBDGjQnmFq/
+        6QI4BTylXIOM1+RVSU62HaXH6G7sbwCc9nXfCOT8llSD3Eef/pBe2p7jBjmz3x0C0OkASzfM8bvpkcMY
+        uXZuj1yMeOQAZxhbNz/zgBvkFOD0feCKBDfI/fhXv6sFcoA4KLbidDXIudRzVQY9G1ZIU2J306vRJTQ5
+        Zjc9FrzTAjkD4qDHworp3Ec/kHP9w1/+SkP5nyIq/LDN+XT9xz+X9f/2i1/TWymVsl4hDpVeIa4R5L55
+        IOfUpSrrXctuI+1gzNXQf50gBymoiVfOBTYCdC4Y+qaCHM4H5wuQQ5cqlvUcAXJYNkFOrwXbcN2APlwr
+        JOuNeyL3he+deOaM4BAFXb23uPffZJDz4DI8MP449Ys5Ql0YcIbHHKXBcVzWGPC03Jt1wqwr7jpkgBw8
+        cN4MgWN2VNJLuSfp4dSzkh8OAQ99w63vdAkup2UHvk+vFl2jSXln6e1dF+iepGP0dPpZmpx/kQZH7yff
+        bUX00s5ztLDiCo0LLZN246mYvTQ6upKmFJyixXsu09Si8zQq3JoJAkmGJYdcQKm8I3CiX1AJDYsoo8eT
+        T9IYBkp4yZB8eMflH9OzSVUUVHVdpsbCoH4k7R0QXCpj9IaEVtCIHQcY5g5SL4y927SLfDftFHAcvaOc
+        7o2rpCdSGAgTq2QM2riIShrozxDI4AbYkmTA23ZT/6A95MuACO8b2mZ0t7q7WfmzCXKYVgtj67pv4HZU
+        ulItiFMB5DA+DgETSD/iu57bXF7XiYEPUaOTMo7zn/9kejKB//AvxHjsJOrD4INgB4AfAidGwNvJx+rO
+        5+jJvxVw8D3qu36XpCxB6hJ43bqvhBMhmdoyBGICfgQydOdjdF+ZKmPhMENDL14GMCKwoSkDXds5UfRg
+        wB7qvz6L7p4dJVNv3bstR5IAD12XTUMYzDCuDilGYK9ht6W79d1YunNquMzF6rMwTsbCtZ8RSl7wAM6O
+        pi7z4iS1SB+GW8wSMW5TjqQcuWsaf78ekMPUXHYpkzR7k3njDd6X14FFkGcOY+m8F8RSz8UJ0pWKblXM
+        t9p5aqh425ogLuAVjJljTmKOwrys7ihXhjfdrtN1tXs7lJq/vIae9s+ip4MKqflzKyRi9faXqyNVa7Ca
+        00rVLQM5PtG5CWV0+PKH9PNf/or+/ee/oKrLH9Gq5BIaPNvliXNBnBPI3cEU/NSWdNpZdYYWJ5dKwl8F
+        uZvxyJkg9+H3f1AD5EyPnEqhriEgB49cXSBn98gNXFHtkQPIzWwgyLVekEjTU/bT+z/8nL7343+jD/gd
+        Ovn+pzRqI/9TcnWpQggRX198SiJf/+uvf6P8oxekcqLCd16SQokHz9Mf/tNKs5J56gMZeKogBzV65L55
+        IAcjC1Azu1RNA/xNBjmVeKAYhgA+gBuAnAKcyg5TdckJ0BqqhoIcPGoAOICcwFqKtb4nHwPvdYGc7MOf
+        NdJVAdB+PzBeEN+DtKtVPXP4bu2cc7WflQlwKqdnbwKcu4wY5UflVPZUTiA3PO4YDYg7IstDYo9S/3he
+        DuO6wGVby71ZJ+z1RWSAnC/D2vjk4/R46gmamGtFqHoGMNwxEPXiuoEZG55MOUG9ww/QwvJLNLX0Oi2o
+        fJ/eKrjI9bGUevL+E1L5PjKEPZd9VoIOXtp5hd7NPU/3hO1icNtHE9MqacC2QklhMm3neYaqI5JuBEET
+        CHToxTA3NraK7k84RoPD9shsEB6B3MZsLJUu1FdSD9PY8P209OA1yR03El3J4XslChXpT9C2dWF4gxfN
+        b8tOiVhFypH+QWU0gtuQ0QyqI8MPWusCi2jQ1gKBzUcYQJ+IP0RPJ2Gs3hF6OGY/71vK51ok+eMsD53V
+        1Wr3yGH8Hqb2Uk8colIV4sQmLE4RSPRZz+3y8myrW9XV5Xpf+G56IHg3PR13mDosSaYWDGLdlzJ0cbvc
+        l68D3aXwsD3A19id2/Uea7IE5l5PKKc+/JuYKL8T2x90ocIzN9zfSjTca022NU5uOR+T7WDzmWwTMYn+
+        7ASZsgvZGjCMCd661vMTyGdRIj0dXkovxO0XgLs/iAF4Kab+4u/OsKCt5QzLywa7jLQkLd4Jp4e25tMj
+        Ibup9fQdEkDRbsYO8luWJLNACNDNjaY7GI6GrclgFgiju95x9sgpT2DKLqQr6TA9jDrP3CHeQHTX9liY
+        SL58bzCvqicfF7M4iGPJ5ZmTyFaXkHsOnrrvMKzdMUkV4IY4XYY3DjAnaUeYoVrzNTYDS720VVKNIFDi
+        tonMYC9YHObIak4rVSbEOYGcI8wxvJkCyN2/OkGS59pfH3/+c3pyU1p1l6oL5JCXxQ1yLNzcO17eQM2f
+        X0ptMJYON5uFdxPkZAoO+xi5P2KMnJUIuDf/M6jLI+cEcApx1SBXd9eqH4Ncmatr1QnkpMDis8sjt//i
+        h3WCHF5OINeRC9H28jPyG5D5WhC3kytTNciN4H8eRWesFCVIRrwiuYiejSyl56LK6MHAPNq++5i7e/Wj
+        z39GbyVWSMPQ4QuAnB3ozPFwGq1qBziVCXLQjSBOoQ3LCm61ZIM3E+DMZTvEieoBuPpADgZKZYKbKTvA
+        QTeCN5VAmssTJzAH48xGtyHwZkrzxyFSsjpaUqGgGhgU3mrAWpwrjYZr+UYQ54YaQxbYWB65fgxAABw/
+        gSbeLu815QRhX1RO8Oa0nwrb+zPEoUsVMGeBZ/U5yfnxZwU57O90zfDK1eg2dbhXEGBOu1oV6vCO5yQA
+        bXtG9YGcKadyYMKclBsbzNlllkX5zOUV4+HGpJ8jHwYqfB6XeYF6MoRhGWXbqQ6IXHVGZ3zAuDjkmhub
+        cpqGRjLgxB6mwTFHaGhEBd2XdFzSmEgwBINcHwafUQyOT6cfpWHRh2nZgY/o2ZRjNDqUQSrqAA2IPkKe
+        W4skh9wzmScl6KBH6F7pLp2YeYym5Zyi2YXH6DEGlvGJR6kHQ96UjLMCjC9lHqXHk47So8kMptuRjqRQ
+        JtHHNF3ISwch0GH9oQ/osagqAbm30s5KUAOCF4by++CwMsn/hvQjvQL2yLvVbZonastC1yiiWRH9ii5Q
+        gFk7Bh7IY02OABkiVuFRHBS4m4YFl9K48D30QMQ+mhC5lx6NqaTnEw/QMwkMfYlH6B4GwPsj9lIPTMzP
+        59FuaTa1WZpDLZfxMrfl8NR5cxuN7W0XJknPDda1W55EmOKr7doCejVuN72YzmVzFQMhAyNShoxisEOe
+        uZHbS/j6kqnnigwa659PA9al02C+joHcXiNn2+uJ+8hvRTy1Z9ABjCGAoSXbPE8GxKazYti28e+w3UOq
+        khZzE92OjeazIq3xchuzadS2Auq3ms9tQQzdOZNt77RQ8lmWRuOCdtPgtZY9az87iu58l7/LkNZkOtvV
+        OTskJ9wrkYdk0np47LwZTjFDBAIbOsxPps4LUkUt3o2g5m9vlzQeADtMswkPGhIA92bI7LU0kXoujhcP
+        HiCwLX9fxsy5ulPvmmKlHdHxcXYpu6jMnkjIzkVILwIhnkA8dYhqZZDrNCOS7hbPW7VMBnPiNOhrAbmD
+        Fz+gv//DSnALQNEXlvNPvkd38nGsm4Hxc3zRfNPghVNhPJyMi1N4k+VqYX5VkVOwA0ButoJcEp3+2GmM
+        XM1AB+SSq+GJU/HDfdS/Oo9czWAHyyNXV7BD9eT4NwY59cjVGCPHwj4vRe2m8nPv0eHr36c/uHLW4Te3
+        5HODuNKCOGhp3mH6wx/+INv//t//Q5/8+6/o2g9+Qtd/+BO68unn9NkvfiPTnuGF80g89p4FcuKyz2SQ
+        y2wEuW8YyJndqWpgv3Ug54Ih9czVhDlLfqkMRS6ZYPVl1VCAg/DbffjcBmdcEvXhz4DNHja4xLFMkNPr
+        M68Z3ay4PgRF4LplndP94nsJmEPaFoU5lXXPq5+PJX1u1fo6QK5b+EH5UzE2/axEqGI7Zm3ADA5Yr2Xd
+        Xv5VXUMtzxsADuA1JvmUjCcbEX+ERiVW55sbuGO/gBzmVx3E5zyAf6df2H6avfc6DYo8SIMjK+mxpCoa
+        F8/1LqCEnik4S89mnaJnC69Sn6BSSQ6M7tYB4RWSguT53FP0VNw+ejiBzz2yguYVX5YuzUERpTQ58yyt
+        2f8BTc7lMsnn1SWQQXNrqYyVQ1errz8vbyykjYc/YmjcQ2MYQh+MPUrjow/QuKiD3NblyuT3DzNUjuTf
+        9mTQ0fYP+en8uM2C+mwqIQ8kCeZ2st0qtJcFkiy408p8UbvVO91Cu4pgCPyxRmoRTNeFKFR41DAeD8mA
+        x4eU0gM7GHgZ9J6I2UMTk6vo5Yyj9HzyIXoiag+NDy6je0LKJUEwZm6Alw49N4hYHc/PIvDAB5R85D2a
+        llZJmPGh97pcmegek+KP9t9Jo4L4viLoJLCExm0vZYjLpF6rMR47gZovQDL7JFpddk6SDwPikLIENg7g
+        hpkb4KHDZ9jCDgsSqAPbSqQgGbR5Fw3buJN6LkqipjOQwiSRmsxKplbvxojHTSbYn8kQyNswzu2B7UX0
+        bBSXr0WJDFkIUthBr/DncWszJZrWiwG148wokSc8e0tSqS+f04j1GfRAYD71ZnDtyeeAmSMw6X6rqdvd
+        Q7K++9YOt9Cjhym87norjO54w+INq1ewboiDbhbkNChUvHRI08Zs1eFtpC0JsjjqqwI590GdIE4jVSHb
+        CeMiMNhe4USF11//hi6/y9RlqhXsoDfB9Mi5PXMumFO5oc4lcYvyA6jVtWp45Prwg3V75FxdqwA2J28c
+        IK4TQ5rX4iSZhsvsWlWPnOSRm68gh6jV6+6u1Xm2YAdxDeOzC+T2Mdxi31rBDp//yn2P4vZVe+RkDtVF
+        qdQG2bPnx9E4/wL68N8t6APIrU4v439AaQJxfbmiFZ//SM5RjwWZL/v6C5/+Gz0VtsuCN5c3zgngTJkw
+        Z8k1i4Mr4SXUEIhDd6qqPpBTiDNlAlxd3akmvKE79aa7VPlfu8gGce5uIZaTwbLLDnHaNaVdVaaxVGE9
+        jCMkSX9hiA0DqxGpYowNQ20aayybhh0GX7081mcLDBTe7ABnygIOS3YQkW2ADpsUbgRwXLCGZYUqeL0A
+        c70FjmqC0q3SzUBhz5TzAl4DMs7T0IzLNCj9Ip+bBWoCa8a+OGd469weOdf12YXrxT7SxYr7hC5T1/20
+        C88GMAfoU+EzpEBnPVOF7/qBziwTprR8QPqHwPyTYKobl0WvMP6zEXGUfBmiHsk8J7niuoVX0phEPt8o
+        bLeVbxb+2Mgy15GuDGeY6QGfkVsOud0QyDBkRyXdw9fovZ3hKZihiEHKJ2wP3Zt4hCbuuij54/qF7KPh
+        cUcloAHj1by37WPIO0oj+VyeY/jzidpLLySfoxm7r9JIBhiMb8Pcrr4MXUOiD9ObuSclKnVy8hEBt7Gh
+        e+mlhEM0t+x9mlZwgV5Kr6JeW0poVvo5mrLzGIMiX6v/Puq4eTf5BXHbsymfppecpedyLlP/rfkSFHFP
+        XCX1Cz1MT0TvI79Abn8xlm3zTpqQeJyGMyAisa/kkdvEbZtrhgdTAnrcbko7upbBDuPvVnPbuIrXrwTo
+        oWckw90WYz9MvdV9bRZ1XZVNffB7DJAdBfYY0BDosCyTWq/h9pm/N4Tv4+jgchoXVsFgd4JeTTtGU7NP
+        0kuJB2li9B5KPfshJZ76kE7/+OcUdvh9BtQyidh9MaWKHowollkckLS3D9phPvbYoN3ksSJVEga3W5RM
+        dzOYdVqWQUFHvk8eDJ4Y84aZHdBzhPQj7RYkky+fd3cGrb7rcmgcP8N7GSoR0dphkTV3KsbmYf5URKh2
+        5+9itoduC+P59xjM+B3j87ozgPZcHEsD16bTu1lHaH3xSVq08xQN3pxP/ddmsN3MFe+dJ/+ueNTmMEQy
+        CKLbtePsSEl10nrqDrr97UBJOIzACQy1qqtr1ZSdO+xcoiAHyDNBDnICOV0GvCFXHPgJLIX0I/hs8pUw
+        1jcJ5M5c/YD+YXjkVP/1t79TetUlavWG5basyyMHmbnj7GlH1Ct319vwyoVRdxvI+bg9csl0yuWRQx65
+        RWn7XCBX0xsHiOs8L5Z27DlNZz/6IZP/7mqQ868L5OCRcwI5yyPXzOWVqwY5yyNnglxvrqAVV74n9wbw
+        e+i9z6jv+lyXRw6DT62EwAC6AZsL6MqPfyH74t5O3p5OHTF4VLxxR+jn/2ElM/7b3/9Ov/ndH+jnv/4N
+        /eI3/+EWPv+S98EUX3j98S9/pR2HrkqjYXWrcqNgQJuTGkHuqwc5hTgnbxxUH8iZMg07DP03CeQAOPDM
+        4d2CuVurm/XuYV+cz+CMC+KNs87ry4OcjpUDmKGL2en+QXgukHa1miBnQSA/CwE267mZAKcyn7dTeYBu
+        BuSw3nPHAerHADYm8Qx5RR2QdcNTT9GQeAZL15g4uzwZ3lC2uzJUIQ/ciPjjNDqJyx1DYN/o0zQu+bTM
+        veoRvl/qWJ8IRLwepb4MgCMjK+n5vPM0KPaIdIGie/W++KPktaOcv3+Ans45RwNC99HjGafoIYaqd0ou
+        M/BV0pOph2S9T9Ae8cp5bC6iSYUX6IWMs/RMGkNK/D6amHGGXiw4S8MjK2RC/d4MYksrPyTfHfvoyZj9
+        NIuBcCADUM+A3dQtYA+9nHuGFu48KuPvxkRVUPctRfR42nHqwyD3Ujr/wdpaIgmFEemKY2FcHMbcdV1f
+        aEEbt3doCwFsGEMHL5wpbTfbrykUb1zbVbzMbau0swA1lpX015pvdcDmQuqxNlumzxJxO4qACnjrBm7J
+        p7Fh5dIlOnB7KQ1hmB0RWkrDQ3bTqPC9ksftxZhyOvrRv9OnP/0dffL5z+jYT35DIQc/oE2V12lb5TWa
+        lnmCXo7fT4+GFdNo/100GNcbuZeGMtCiy7XfuiyZpB4zPfjvv0KDGGBl3eps6rk8iQauTqXx2/Lp0cgy
+        eiS0kHrxtXgsTiOf5ZkCd5gIH+lEevDnIevSaMSmLBrvXyDTez0VUU6vxvAzYth8OryEnggppvu25NLQ
+        LRl037Y0mpq+j+56J8ry1rGdbj2Tbes7ruTADG+IXAWsYbnrgjjx3rXl/ZtM3S5zuwrEYRjWPwHkVIA2
+        wBzUhrml7dRQN9RhnZuxvkkgd9/yaPr9n61uQIU4vDAJ/Nqcg+6boTfgVnrkfv3H/6Qec6xIlzbvhFHc
+        3lP0+z9ZMztElp2gJlO21fDKqTfu0c3p9Pmvfiv7Be0+Se1nRoqrF3Ot1g1y1cEON/LIVVyo7ZFrx4Xy
+        5W0pAl+4Rx//9Nc0aK2VRw7wVv2eTPcF5NNnv/yt7Acg7jk3jLdZszrEV12W80OQQ/qRy9Rh9g7+B5VC
+        7Rn0VB34nxD+vUUfuizRwAiKKDn/EfXifzjilWv0yH0jQE6DGsQbx+92A6sAVxfIqSE3DTsM/dcBcibA
+        qUywUTAC4ACEFIhMUPoy6p12XtQn/YK8O+3jJHSjDs44R0Mzra5fwNqtADlAGPaTfTWFie3+QXqvFeRw
+        fxTkzO5W6d7+mkAOZXEgQ9Sg2GPUKeoQ+YYdpgEJRxnOuC7wNinL9vLN6rx9Dw1KOk7jGfh6hu2VujI2
+        oZKGxh2TXHE9GNyG8PliMn3P0L2SugRdqKNiDtKYmMM0IZ2vJ+SQ1DeAIPK1Dd5xSMDv5ZyL4jl7KvcY
+        zS+6SB47jvG2PTSUofGR9FPkHczHCyijvqEVMon+q9knaSXDih+m+9q2hx6L20uPZx7nY3Ad5vbFl4Ht
+        8ZxDdD9D4KTs0xR+4hNKu/gZZZ//AQVWXKVx4VU0jK/z+fRjDIrl9DSfW5ctZTSt+LLM2NB+o9XewbPW
+        G9Ns8bUjGbDnxgKZVN+b26ge2xjyAsupD7cng0IsYYzdmJAKGhe2X7ptRzB8DQ0opiGYAWLLLgk28OP2
+        0pchEBGsmCS/89pcmQWi+4Yi+W1PhsOuG/KpV2AJdVyNblgrPQny0Hmsz5cAhcHbdtFD0ZU0OY2vIbKY
+        lhaeo9Of/IxyL/2QBq9Joh6rdtLgwP3UZl4ytVjE8Lg0XcbMIWL0EYapt5NKaE5GFa0uOk9zs47Tq4kH
+        aDTDYtnlTyiq6gI9HVHE8FVGT0WV0oNBhfR01D56Wj6X07PRe2nMtjzqtz6X+vG5eS/LorvnplHTuSnU
+        bG4sNZ0TQ3fOjqK7GLQgGWc3M1rAq/28GPJaFCszRPgsT6R+m7Il+W+H2Wx7Gdhgs5ELFmrJthuS1CQM
+        dpgHthum6prBtvddKwkwGAH6Z4CcBoFiPByA7W5mluavbHJ76Ey+Esb6siBnftkOcO4faSDI3TU5gNYk
+        7qRPf/Iz+v0f/ki/+e3v6Qf/9nNanblfZniwIM7yxkF2b9wt8chNtbxyU7gAf/YLa67VP//nXyi49CRv
+        swAQBaLNjB00Zm2KJOrFC7C1OvcgF4oIF8jZ5lqtAXJ1e+TMMXL9kUfO8MjNTD8gINdqQRL5rcmi3/ze
+        CkIAYCUeukTDNuW6c8i1nJ9I9/jnU8m5D91AfOnjH5A3Vzh44+ZnV7mv7+cMyuuLTwiwIXJJo5tUGHvx
+        evwe+uDHP5X9f8TnMq/ghEBca7jPGwRv1aoeF4cGzVJ9AKeqC9zqgjdTJsgptDnBXL0gx//c7XLDmwvg
+        VHaQQ9cR1CBwY+l4OICbgpwd3iDTC6cQp4bW9MKpnAy1acjxrkYeXXOAAvXs1AdvTqABiJOISoYJO7jp
+        uwk1Jvg4CZCE8WiAJvXMAab8Up33b6jgWQPA4d0up/3Rpdo77Rz1Y4gblMWQkM7nwpBW1/4QQA5dw31t
+        oGhCnPs+AMhYGFOnnjnz/jnda0juKb9DCnQQPlvj5qrhTZf1s70c1CctSybQSVnkZQQ1IMUIyqVXxAEa
+        nnCCBjCMWV2uB6U8e7rKNNKOdEfwQtJpGhfL5xjOQBe+j4YlnpJpu/pG7BcoHJzIfyYiD5JHcLl0sQ7j
+        4w+KPizeuh5cp5C646FM3j+EzyFyPz2fw88jhCGM62QfBo4n88/RlF3XpPt09u73ZWL8p7LPCyCOTTpM
+        A0PKaHzMEZqx+z0aHlYukPNGwVmakHiUYaqQ4SpPZnB4LPmwRKrid3sFFdD4+GPUwX8/xV/+KZ379z/S
+        9V/8no589mt6Of8SvZxexQBYQffuKKcpBWfo3vgqCqi8Ts8BVmP20bjoChobtZdGBu+hZxKO0fgdFXRP
+        7GEJugDUAfB8NxeJ90zVYyMCG0qo59Zi8t64SwIgIOzXa0sxydg6Brhh3Fb153au16bd5Lcxn/ptKaDB
+        3NYN37abHtyxjwGwhPpvK6IBW0tp0BaGQT7m0O276f6wMpqcfIjeYmh9OrKcHoook3QpqxhA7wvK5nUl
+        NGxrCQ3ZtpPGhHIbifF43P4jF1z/DXkykf+4IIbFdTnUfX029d3KAMmQ13ddHkNvAV3+7LdUefH74q1r
+        w3YM4+aaz0lgOIu3IG0e2z54zxbx+nnxkvOt8+JUsYumswO6m8ENgRJt2U4C4vA7nReyXUS07oJ4Seo7
+        YE0GjWKYg71WwbbDAweAg0cOUIdo1s78+13gJGEoxLyr8Map4JVToFPZgc4OcnY1FORUiEC9g4HtOy9t
+        pVb8e8gjB4hzs5RLbsb6JoEc1PatYBoyP4Je2JhAT6+NpSELo6jttDDrRsiF32qQOyBwApDrORceOQvk
+        2kwNpsxD52WuUbx+/+e/UOXlj2lp2h6aGrVLZlNQEMJr/9lrNH59mkAcgh0eD8yja59a3bN/+8f/uEGu
+        jyQErg52qE4IXH+wA4BxtmtmB4BcBy7gyzL2CcSJt+3v/6CTH/2INhUeoXcSSimk/BS99/kv3IEKf/rT
+        n+j5EP4XuAQDUFMo8eh1+svf/iHbSs6+T14LogXa2vB2TMNlCiDXdkECRVackXP5y9/+TjvPfUTeXGFb
+        cyVuBLl/PsippIvVZWD/1UBOBbgByMHDhXcL5uoGL1O6382qxjFSLlhRqpkXaWAmw1m6BZnmPnbVBXLm
+        b+h9QMoSpFvBdQJWAXXm/XO61yrtaq1LJtCpzGevy/VJy5KWs+74AxHBUJTBzySGt0dwGQw/QCMzGXQZ
+        uLwxjsxVVqVMh+ynPlxWR/O1jeVz8gyroC4MaP0YjB7ka0ZAxOC44wxvXPa3W9GkQ3j/EXEMawx73YMq
+        yCf0oIBgr/DDvK2KHsw4QX23H6Aewbvp5cKrkprEm8FvUHwFrdn3KY1kkOrkv4+ez+Oyw+sfTT0k3bIv
+        ZF+kt3e9R/0Z5u7P4vKNAAoGm7eLLlGPLUU0OtKaEmw8n+cgPuZz6SfoHoaue2OO07tFF2hVxXXKf/8z
+        OvWDn9FP//Rnyj3/PRrPMHp/8gnpQvVg4IInrcPG3TSv5Dr5bdlDHTaVUPuNxZY2F1Kbtdk0gu8BpsXC
+        pPuYh9XqsbDaSsyfCmEWCARKQDKn6kpuZxF0xvCCYIfWmB2BAQ2ettYrM6jNav6TvbqQv4fu213UJ6CQ
+        em3Nl+E2mBTfb1sB9WbYGhZaIulMnkusolHBReS3KZcGM4R7rcmmB8PL6c3UIwJso8J2cpufzeBXJCmq
+        JLqV7RCCIvpsKhAHwaiAneS1JIPhrYDuCeFnuiGb4SqZnmUon5lyiCZE76LxEXsZwKKpFYNbq7kxMvNC
+        Wwa69nOsAAhEsbbm91YueGvHNs+EOAgBEu0YADF+rjOGFDGAAeZavruDevC1I5q0x6I4GsfQieFOCnJI
+        RyLi7QpynefHSToSj7lxMusDJtH/Z4Mcol8xgX5rZpj2DJpIP2ICnMrNWF8G5MwvumUAnPtH9IcbAHKi
+        V/2pxWvbJCMyZnXAxeMm4KLRnaqyuy8h941z3WC94SJ+GPJA+MHgAXWbHUFhJUcEZv7r7/9NXjNC3SAH
+        d+vg5YlUevqaTFGFF8aj/YyBCl2pf3RFguL13g9+TM9tz6OWTPkCcvw+YVMGXf/UlUfuL3+htq6o1Z4L
+        Iqnq6iey/nd//DMtyWY44wKraUe0axXA1ndpLB177/uy769+/yeam3lQIM5SskT1bN1ZJd2deAHosN9P
+        fv07+u0frW5hvH7729/SosxK6rTUmiDfgwvq3qufyjZ8N3jvWW5ELE+c5hNSqUcOmhRTKh5SvL7/s1/T
+        8MAiR4iDFOScYE5BTrtVRTcAOft0XHaQU9UJb6bqhDcL4Cxw00nxy8kzkIGNZe9OdXep1gFvppwAzpQd
+        4uqDNxU8ITCOOiYO0i4uy8DWDXBqtCG7YYexh9CtanXN3RzAQQocgDWFOU2MKyDngpabATgV4E88c+kW
+        UInnSmDIBmoMXFDv1Itu6TZznV36vRrfdQEYvgsYG5hxiYZmXbECMPj39bj2c1XhOwPSL7qh02kfFa5P
+        pV2sbiDGPcO76/7WJUCbjpvDsgIe3hXM61J9QFejTO3AnwdeH1ZJYzIYVhni8MejF0PO2ORjAmaAOt8w
+        ywvXdcch6sPHeCT9OA2Itspwl/CTNBQZ+3PPSbdq3xj+AxJuRbz6hVRI1yrGy8Fb1yPsgByrZ+gh6hFS
+        HSDRP/YwPZvB9yXhPL1efIF8AneTV8AB8crN3neBBsYepMH8fdTt8YmH6fmM/RK1+kDCEa63u2kcvz/K
+        GsLQNiCM6+/WvTRt33vUN3SPAN7rBSdoUfF5ejf/Ar2dd07ytvWLOiCANC6hSiJpP/oF0Se//BMtLrlA
+        z8ccoEcTD5FvYKlEj/oFlFK7DQU0s/R98t6KLs5C8kAbhUS7vAy15T/FQxlQ228uov7c5nTeaLWB8kfX
+        1n5C1jysgDwL+AB/6E5F3jgBvjW5/Nt51Iu/PxiRuehOZWjsv3UnjdxeTA9F76UnWY9HltMzcftpBN8z
+        vw1FMi5tcOAuhsQ06rwugybxdQzYmE+dV6TQA9t30qCgYv68i//Ysy1hO9RrbSG1WxhDgxmYEFDwUOR+
+        GYeHCfn7r8+WgIVHIvbRCN4+PngX+TKE9lieSoO3MMCyjbtrJlKRWJPnQ7CFiGTtyjAmXjNe12kpg5oA
+        XIy1z6xY6sogiZymbWbzd2dEUs+VKeKdgyeuE9tGryUMZ2yLuy5iOJwa7AY5HSMHkJPuVWaBznOS5Le6
+        zubvL4yV+U4xhZeygls2iINuFuRMOUGcrgMTYT7VFm+HCtBBJsBBNRjLBnKQE7N9rSCnpKpSkIOcoK3G
+        DbMBnEnR5kMByLV+N5wmBmVT8eHTFLjzILV+J0wgTkEOGr02jdZm7aMz1z+qlePuV7/6FcWXH6MnA3Oo
+        w1wuaFxwVD6L4mlJSintPnKaVmbs5X8X1j+J1rMiaU7ibio6fIr8dx6QWRTEI8eFENLxcQC5tnzMBcml
+        tKvqFG0uOEADuGJVg1yKyHtpMs3nhunAuau1zu/3v/897Tx6jt5JriAPhj5AHNR2cQrNS91LJXxuEbuP
+        0HiuuAptdinEQb3W5tDitD1UceIcbS3if9frETHVCHL/DJBTWHN74nj5/xLIwQOG7k0AErxyFlBZXaQq
+        J5BzbzfXNUQ4Hh8f4+gAcUMyL8s7fl+32WWe8xcFuWqv3NmbBjlTCnDmOjxX+7OHGgpy6C7tHX9U8sJJ
+        uY06LoEOIzL5GqO4XPH+gDJ43+7jZ4QuUinbDH6Y1/TR7FP0cO4ZGf8G4EN5Bwii63Rkwgnqz6AIgPNh
+        AJT0JSH73V5t/F4vBihoUGwlPZd9jh6IPiRQ1inA6iodFr2PJqQdlXlUJyScpIdSTtGTGcfpwfgq8o2s
+        pHcLr0vQweDQClpUdpaeTj5AU3JO0ws5l2jbiU9pTOQB8aohGMI3sIQm8nUNDmXoYaAcEXeIum0skYTA
+        RZc+pZCLH9Ly8isyp+uTDKYvpJ+U9CV9/POpN7cx3dbn08vpJ2R/pChBIEOnddVtXed1iFwtopEMqG03
+        5Mpcql6bGahsbae7TV2HSNYc6sTCBPo4PoTcclB/hkhElw7030V9tu2SHHNjcB927KeHd+yV+WEfiqyQ
+        btK+/Lvd1+XyeyF58bGR+BdAODSwQGalaLUoWdYhyADzonquypQxcYhS7ccg12d9Dg3fspO816RTxyXJ
+        5LGC91mZLSlKHo+ppB4MWQ9HVdKAzWwvFqVQP5zn4mRxBMAb12IegxrbPBXsYbOZUYTJ/O+eZdlTJBJu
+        w6AlE+wDzlw9WC1nMsQxtLZBdykLY93ggfNblSaT6APQBq7LlvHskibMZdcBcgA9pDlpMc0KZOyMNCiL
+        42kEQ/U/E+TAQ63e3E5tpkVYAPfqNvqOyVEu1WCsbxLImcum9KLlIm+BRw5Sl2mnmeE0cEGEzHEGgMN8
+        bDInmwFzbaaF0sObM2hNdiUF5O+X7tiNuZU0P2UP+WA2CC4gAnCIgoF4+W5+7zYvmkYsj6G2M8KpBQqk
+        /KvgfxPzo2kYr+++IEoKraNHzgVz3fgfwrAVcdSd3/EZEIfxb63mW5PiQxjwed+WTFqSdYC2Fx+l0OIq
+        CuR35KgbsS5NghsU4nRqLp/lKQypyeS3IrmWF86UCXQYFNuT/6mN35BKvqvT6g12aAS5rw7kFNQg8cYZ
+        3an/F0BOAwp803jZBXNI/QGYc4Ma4OoWgpzCWb9MyxM3LPOKeAT7pJ+nXvgt13bz981z/jIgJ93Hyfwd
+        vW8NADk7uNk/6/g5+7OHGgpyA/h496SfI18GLs8I/KGoopEpp6U7tRtvH8jP+wHcr0TeHnOAekbzH1cG
+        v4ezztF9aQxw4bxfmDVWbiAD3LjUMzQ83oIznfHBAr+D4vVDd63pkZO0Jlx3+sVU0fN8zGkV70u06FM5
+        V2gsH2cw14t3ys7R8/knGVyOUy8Gtnv4+oYyUI1POkdvlpynV/N5e/oRmr/7Ko2KOkSj+TfaBpXSrPKP
+        qcfWYvLcWkKDNu+XtgFj4jCt15A4htPg3TScrxHj3BaVXaa1FZ/S60Vn6ZXMSppZwNfG8DQ+ooyeTuDz
+        3babOm3Np2fiD1L/kAqGuTJu3yyQ0/YNYNYFULQlh/psLZeuWES1eiAwwqHthDcPCYUHBmNqrkIZIwf1
+        Yfgbzm3VMIakfgxpg5AfLnyvzPqAgAOcz7jgYvJdz7DIx0H0Krx1QwN2M2BxO7zSmkR/RFAxPRCO2Rhy
+        qSVDl8fSdHo2toJ68L5+fO6YYeLupbBBSBicQh0WJ9D94RUyt2n7xSkMfKn0WFS5dHti5oeBazNpaPBe
+        STI8eFsxeS9PI4+FcfI7gDT1yinIwZmB6bQwK0Q7JOtdmCTTdbWbG23ZyZlWdywgDbB2O9tpn2UZhGwS
+        LeckUn++PgRDYJYHRN8KxKEr1WXTJVp1eqR49ppPjaIm/LnjLKQxSaAxmwr+aSAH/mn+Vhh1mR4uCYDd
+        EFfP+DhhrK8K5Ow/Kj88yd8thTYT3sxllQKcygneTLlvnOsG14A5F8ThoTSDGOZUgDcT5MQrZ8Ccumab
+        vraVmkzaQE3eDrEKhksAOC0sWIb7F1J4gzB4825+V3hzi9cB4CD1zIlXDoIrGQWcC7qAHANcS0Py2RWl
+        Ct09cwfdPTWIWvI/HZ1XVcTbdFlhrga02T+zanjmWJoIGFJgcwI5Z4irHalaDXSsekDOKVLVCeKgukBO
+        I1VvHK2KBMDVEGeBnCtSlf+ZO46Nc8kOcvAeqOzgBpnwpkZLBc+Eyg5xWAcvnAQ3sHFViFPVBW+QCXAq
+        uyFXkAPEwdhjuT54M6FCIcMUAARQYgKcE8DcSApLdmiClwwQB/UDLPFnX2xXEHPtJ3CVdvELyvqdgVmX
+        JcAB3jiNcoUUGk3peWM7QA7nh3fzmuoT7pMFc1aaE2usnAuOZbluoDOflcKbvZtVl+X52soAZJYRLT/w
+        wmHb4OQTNCztNJdFBDAcJM8dR2lEykmGHAa4+OPS1YouT8zgMIivY0jSCRqdcILGZZzjMnuIukVWUo8o
+        K4XImGQ+Ly7zADUPV/4479CD1HPHIeoVdVgkXrtQrlch++Qdwj4IVNhx5jPK//jX9Gb2KXp6z3s0fEc5
+        g9oZeoDP55WM0zQ2rpJeyz9NE/PO0VuF52lyyWV6ltd39d9ND8TtpwGRR2l07CF6Kv2kJAxG+pJZFdfJ
+        m7fLxPsMRt0ZvoYziPYK2k2PpxyjQSH7yYdhLfDkD2nNwffpufRTtHLvdZpXfomm7bpE3oGFki/uSQbI
+        x5KPytizoaG7ZG5XgJxAHEOXtnFuAcQi+BoZ4Dqv3yXdspg5ArM8eHKb6L25iHx4nyEMm8NC9lB/f4Y/
+        /xKGuF0SsDAmrJwGMzSODNsjU4wNCSoSiMNMFGOCywXgMM9qF26n0Y4jYGEgXzNmacByl1V5/LlUxtFN
+        yToh+w/l9nPcjjIaG8B/5hcnib3BXKyYdL8FcsCtzSPMw4pAiE6rM6g3PHDhZTIbQzf+HYyT67ggjvz4
+        NzAvay++Fp9VvG4xputKkGTCmM0B4+4AdLCJCIBA12u3Jcni/WvL65FzDmPnMD4O49t6r8mRfVuz3VRP
+        HQAPY+CwrRlDHGzwgLVZMnZO7LvLjjeTMXKR4pFTG49jAjzv3ZorkCec4HL4mCB3szAHLnGCODfTMOdg
+        Hd4x5ZeMiTPYCBJmsvNUPSBnchqmUHUvmxtU5hfd+hIg5wRvtW6Aw40yVQveWO4H4HogJsCpFN5U+nBV
+        TY2UIxCWa4DcTIyNs97FI+cAclANgDOkHjkFN7vcIOfywplCxTJhTlUD5FzwZqo+cBN4M7pV1SNnBzkn
+        NYLcVwtyOi4OMGd64FQmuNllGmeV3YB/G0EOnrG+GRdoQPol6o8uzwwGujSGLZbuBzlD2o2F4w/IvCQQ
+        NyCLgYx/q/q3bV4/l/Q8sV3H890syMm9S7TSrgDmkIC4ISCnwvOye+NMmdvsQGeWES0/PaIP06iscwxX
+        h6yuUy6D8Bw/tfMiPZB5kQZJlOoRBrdT4rHrGXFYvHSjUvjYkVXUa8dBGhF/jEYlclmKqJTyrWUf+/bi
+        Mu4XeYj68b59+bcwwT7Um8u1H5dz6WoNraTuwfvIl3839tKPKfni53T6Jz+jio9+RCsrP6KXCi7Rkzln
+        6OG045LXrQ8DzUBXIuJeEftpQiIfh6EHARQYK/dQ+hmpvw8nHZYExIC2WQyEmKu1i/9ebhN2y+wNSAky
+        ir8/gM/7weQDFHTkE5pZdJ5m7LKCNqbnnqaN+9+jRxIP0TsF16njpny6N/m4AN2IHRU0MfMoDQ3fLZGn
+        fRgOO26q2esAdeO2DVOHDWdgxJi2nogoDUBet33UL6CY+gWW0ig+FqJa/RicemzcRYMCy2hMqNWVisn2
+        e/P3AWf3hO+RwAxAmhe3seiGRX45pByB5w0RrRjPhoCJTivgicuiEfw9DLV5q+A83Ru6R6APueH8NmRR
+        r43WfKsdl6ZR2+Vp1G9LoczJOnDbbgl46L0ik8GxhIYwXAKkEHTQbEks3c/3DtDmuYi/t9iaKB/zqmId
+        HBbobsVvYA5WjG/rwrYLiXsxF2vrebGSV67t/CSxnwA+ePAwJZh45fj77ecmSPJhtcuw3x1msZ3GnKvT
+        ImUcHKbY0u0Kch4MhohYlflY+TuANyQCvm9bnkDd1wVy+AzuafpGCLV8K9jNQyYn3XKQM1eaX3SrHpDT
+        kzJlApxd5sWq6upSVeHG6Y1VuW+64ZFzy+WBM6UwZ87kYOaPg7CsUAeZUCeaxWDnIDvYQSbImR45U4A4
+        vJveONXdXPgV5kzVB3V2sLNDnRPYQUgCrLJ3rZoAZwe5GtCmIOcAb5C9cVOIcwI3XQ9w03cT4NxygDeo
+        NsBZEaranSpdqi54q6tL1d61qt2pADhVQ0BOVE+XqnShspzGxJldXnV54yDTOJtGG1KAg0zDjzxkPkgP
+        gWVDdohQsHBLoc0FcionaLFLIchchpfLBKUaoIXuRxYADt2fAzIvu7o+re9gH9/06v39GPgaIl8GOAvE
+        GFL4mIhUBSwi3Yge60Zyg5zLi6fXdTNCl6yAIAIfXEBsBzqV+UxM2YFOP6vQlQ5hJoheiSf4mR+Rqdn6
+        xKK8HCff6CN0b9Yl6pd4SgIdMI3biLQz9HLJNZlNYQTuUcIxBq6j5Mf7jk0/TROyTotnri9vH556mgYn
+        cjmLQjnGn5WDDGxHaGTcceofd4z6xR6lPgxvmE+1d/h+gTxAW0+uK32jD9FQ/t69yUcZ0s7SS4WXaUbF
+        +3Tih3+ko5//ByEcrfSjz+m5RC77wVyPuY72jz4oU29hrldM1QVvXs/gPTQ6sYoBbQ89nHiMhkUep8eS
+        TpAHgIlh7/7kU9IOzC+/Tp4BpVz/y6x3eMYY6B5JP0F9o47Ts6mnaHPFRZpRdk0iPmV2icwLtOXQR/Rq
+        PkNkDK+LPUD3xR+nThvzBASHRpTRxKQ9NIIBC92m3bfvkdkckIi426ZCSR4McMOYt74Mk48lH5Oxbr25
+        /RocVE5DtxfTML62XpuKxGPXe2uhTP01Npyvlb/Xc+su6sfHujf8AA0PKaNu63PJY22egFunVQxrhgB7
+        GFPXcUUGYd5WjJMbxBA3mgG318YcejashHx5O2aGQLoSdG322ZApOdpgBzyR4201pgHj723Jlxkc7gku
+        pX4bC6jdkgzquDCZBmzIo+Hrc2SWB8zh2gaT1M9Npg4MbJjrtOuyDMsDNy9JUo4M3JxH3ssSZaJ9TNnV
+        lrfBA4dxct34PNFl2m5eHA3iY6I7tT1vhxevI0Ne+7lsO11OFEShihOFYU3t8biAQpniSz+7u1WnW04b
+        dd50mJ1A921nm8MgiIjWO128INxwC0EOAs/gHayDCfU9ZkbWYCKTk5xADjJBTmHODnVfO8jZoc1+4XLR
+        LlirSzXAzSX3A3DBWw1vnAvaTLm9cC5oM6XghmUtFJAWIrccgA2ye+IgjAswgc1JN/LImdDmBG8mtDnB
+        mx3YILtHDlJ4u1GXaiPIfTUgp8ENCnDfRJBzA4YL5EyIu1mQg9SbVh/IqXcMIAcB5OBBU88coKwXg5Qd
+        1G4sC+LQlTo464q8a/et+fv16VaAHNKXVHvlqr11pm4EcvpcVXaYU5DzZaDCcXwSTpIXL3fFd7m8jMu5
+        JCltAHQjMs7SAxlnrGjTzPMCYYC3njFHJAHwuPTLDGVcpvh7Y1LP0qCkI+Kt68/7DWPYgwbFVFG/uCoa
+        mHiURvH2cSnH6cGsc/Ro3iV6LPc8PZl2gl7MO0evFpynNwsv0cuF5+nRjNM0hgFzCMMeAiS2X/iMsi78
+        G334mz/S+5//lgaH7qL74k7R41mnaGL2cbovmesHw8+wGK5zDHFewWU0JMqqv4hkfSj5OE0uOEteDEq+
+        DFb9+bjwFsIjhwn0uzLAdWPoggBzmEB/HEPlwrLrtBBzuW4toJfyuPzx9rkFp+m5tNO0uuoq+QQfpHfy
+        jhFy0XVg6OrKbZA3Q9mzDI+Y3/R5vo7uW3P5ewxO/vC0lVN/bmP6B5WJ4HnDOLf7oyvJh7+LXHHoSvXd
+        Vijj7+7dUUnjd+yn/pvyyQ/JgP2L6L6wvTRmx17qsSGbuiIYwuV9g9A+I5IVADaAQRHf6cdtHqAQEabw
+        sqHLs9vaTHot/Qz125ZPHtzGowsXwQvd2B4M4fMdsInhcDUfe5n1HczSgLlXJ0Tsob783S58LHjN0KWK
+        OVOfjT9GnVam00AG1eZzY6nNPIaz+Ql8rGLyXonxb0kCcwA339VZNCxgF7VbmCDrAXx4B9Ah8K/36kzq
+        tSZb7Cg8euh6xTg6T7ZfyBShttd3ZSbdMXUHtZgeKrYZtnoEg6vYe5f9RsQqcsYBCE2Qazsjlu4JzJd5
+        W1u8s+MrBTlNRQKI68jnLcl++XMjyLEaQa4R5P5VQU4hDkAn8Mbrvi0gh89fBuQEgOoBOYyJ03FsgDdA
+        E0CufxYDxZcAORxrYMZlGpp1iYZkX3V32wLwzN+vT7cC5NClisAHeOXsIKf3V+55PSCnz1jBzQnkJAgi
+        DjN6HKetJz6noMu/oWfyrjHE8T2PPETjsy/QI7lXGbpO0mM7r9GwRCvXIDx3/ZPO0oO5V+heBoF7kVR2
+        5wUZTzYu8xQ9wRD8DMPYs7su08MMf/dnnKR7Uo/RyMRD1C/mkBx7KB/joZzr9FLRNXqRv/tQzlkaHM9l
+        PqJSpu7qHsL1I4RBJWIfeYXvpQFBxdSbl5fvv0pVn/yM4fEwhZz4MQ1mKOzM9fH+5GP0HIPcE5lnafKu
+        a5KbDl6w4fGHyIPreLfNe+jVXefptTwG0OAK2QYP3PiE4zS1hJ8z6q4L4hTkEKzwUvYpWlh+lR6KP0CP
+        pfN1hBbTcznnaVrmMXoi9gA9kXGEXss9Td22lNAr+Vwn+LhIOYLI1yfTjtF9/L1XGVIn8vkO3l5Cw0IZ
+        3hjSAHWIcO3J38NYOOSgG7i9nIZH7hcvXZ+gSnok+gA9yvcLyXYBgD7bSmh0xH4awQDkAQ/aup3kuYrb
+        TeSeW5Ut8AavHH4fQQ2AP3jcuq7NltQlrZdkytyrSCzst7mY+q7fRROiSmnAljJqvzhJxr+1W5ZOnrzf
+        SP888b4BEFstZpvB8NVxeS49GVFCj0ftZxhLYcCzcsgh7QgSBQ9cmyUpWEZvL+PvpMm8qkj2O4zPvSfb
+        EHjluq7IJi+2LS3nJIuXzYeBrRXvA4DDuDgAHY49eF2ejINrtTBRjg+vW9vZyEMX6548H+rD19Z0VgK1
+        QQAj22rYZ0yS32pmhNuGt5sTL7njxGtngFzr6dE0PiBPEgR/1SAHxmn2Zih1nRUlszXc+XpIDR4yOemW
+        g5wpc2f3geoBOQ2ltXTzEAfVB3J6Q82bDNUHcmZX6o1ATiHODnI1AI7lNDauLohT1TdGrjrlSHXakbq6
+        UJ0gzgQ5QFtDIE4FeDPHxtUFcSbIKbyZ+jIgB1gzpRAHmSCnMgGurrFxJsAhUrU6WtUB5FzgVgPidGyc
+        AXAmxEFO8Aaos8ObOTbODm8CaxG1IU6lXaw3gri64M1S9dgoBbnqHGSnZZwVvDN2MFBoUICDFDJUJoxI
+        yhB0DRrrTJnwpqoL3OzS8XCqvumXpYsVIAeAwjLgywnW6hOgbVD2Fcsb5zqWgqGTHM9NIO6iePJwPDMQ
+        Q6/T6X7Yhf3QpQvPnDlWzlR9IFdDLqCzw5ys52MHnP05RV79GWVd+zHt/ujntP349yWZ7vMFV+hZhrkZ
+        lT+kV0reo+d2XqJXd1+kFwrP0WNZxwXQBscymEUdY0Dj34ngMhleRZ5RB6nvjkMCfo/zMV4ofI9eZT2a
+        c4ZGxByUCe+RXgRlHSlMPPnPjL3uILgBARGYeB9j7TCODnVuTNJhWrH/Q3q3/Br58e+9tesizSi9KHnp
+        ZPYHhrBB4fvIN2QfDQyvpKdST9DDKackYvWldIbF0BIaEm3lmescuJf3q6TF+95nECuSOV29A8vJi9d3
+        Y9B6kq9v7eGPaVL2SfLeWkzTyq5RX4ZAJBl+OfM0jeTfmVH6Pr2TUUXP5V+kFYe+TwMj9tIYvrahDKsz
+        yq7QBOTYCyim+xkoH2XoHBtZIbM1oGu1KwMVIlI9GMoGcNszjiF2VMRueiruCA2NqiC/gBLqvamAJkRb
+        c8x231wgoAahnUUOOc91ReS9Pk+8bgP53HrxPn39S6g7vHSrqv+Uy1hnBiKkK8HUXm1WptNEBk2/DTmE
+        Se6HMbR2WZEpgREeS5Np2KYcGsLtaHvM5rMkg7osT6En4/bJXKpjgndLN2cX/h7SgXRZkU4PxOyT8XDw
+        3A3330U9GfA6L00XD1yP5ek0FDDKkAdvHAAPzgoI3aR+G/KoFQNO67kJksYE860iNYgvn2PnudES8NBl
+        caIEOWCsnNhsDF3iZYyvgx3W+dBFbOtH+RfRXdPY5jMDAAjhjVOQE3vPLIB1Y7fwOc2LE6+dMIKLG0wp
+        WyhzmHJiE3CLsAuzDcbCgWWavh5EbaaF1eAeJ4hzg5xm/FCecrFWLRlcBjWCXCPINYLcNwDkFOIaQa5u
+        2UEO+wPeIIxpG8gghuXeGZdFJnzZ1+lnCF20w7KvCsTJuDs+xj8L5CDcP3jl0NX6VYAc1CPuNIVc+gkl
+        n/8x/fQv/0N7v/9zCr/2CxqdyEY+7hCNzjlNfRKO0KiMc/RQ3lXx0g3BpPYxJ6g3Zl/gcjYIk+anHBPv
+        27NFV+iZnVfogazzkn6kB0Mb0osgRQm6R7vtOCqfpT4w9PVkISWJ1g/UG4li5fWAuN6RSDnCdSWY62TI
+        AXog7QTNLXuflpTz/eX6geAGdMkuP/gxg+Q+STvSM4jrNdfdzv6lNDDmMA2POSKBEI/EH6YXii6KB240
+        n3ef7XsY3PbS8soPqR+DDCbTR5coJsQfH8NwlnWC1jE09gvbJyD1UGIV9QsqkahXeLuezjxHc/Zep3d2
+        n6UpGefpmcQD9FbhBfIJKZdjzS29SiOjD0hKkv58/piS64GYSoY5htjNu2SeVczugICGwfwdHHsEH/dB
+        hl2MicMYubFhB6jH1jzpTu28Mle6UWXGBwYoBEAMQnLfrbxtdY5Eofbm3+rAQNaa4anjKm5/V1oRq+2W
+        W0EPyCHXY701tVY/FsbPDQooYvDKk67YNmwj4BUbsimXhnLbCU8cZnoYv303PbK9RCJY4alrvzhVvHAe
+        DHmdliaR9/IkSUWCIIb+m3aSF9sNQBkmzsdyX/4tjH0D2OG77WHL2N4B0hTmkKYEXrm2vI/n4iSZ5cGP
+        zxndtj1XZEmUKexn61lx4pVrNydevGmWva622XfNiKERGzLpTl7XbmYstZ1jzbNqBznMEDF8HV/H/HjJ
+        M4cxdCbAqZQtTIBTObGJghy6UyF44jrPjKrFPspD/xyQczoYy4Q4+WGcjO0EbxbknG4SZN5IE+IgE+RM
+        iHMCOX2oTiBnFY7aIKcwB4BTfVGQg8wuVvxD+TIgpwBnglxDAA6yQ5yCXH0QZ6omyLngTeQCOgeIg6oh
+        bhd1rgPgVCbA3QzI1YS5miBnj1B1A5zCmwvgVHaIA6yZqg/kakCcCXK8DO+EDPh2jY0zAU5lApwd5BTe
+        TNUGOAviFODUwGuqCkcIYJnwJgBRB7zZhYAEO8y5wc3oOgUA1QVGELaZ4GbClKo3QxMEAAPIDULXKAOZ
+        3TNnBzmrC/YCQ9tF8cQNzrkqx8B3cTzzuw0R4E2+7+paRRewXoder0AdX7/cA2w37o9d6KbVJMH2e28+
+        F8jp2ZmyQxwEr9+U3e9Tyfs/pZ1Xv0/X/uM/6aXckzSGf+/pwiv0eN4FmlT2ET3HgIaozHFJx+iJ/Is0
+        sfQDeomBCtA2If2kjIPrF83wF+WKenWVZ/NPSq3y75JVN6xIU8zZivQjmBUCYAZPnKQhYYhDvXsi8zS9
+        U3JZPGxYxn7D447R2sqP6Q2GNEBbj+1WGhF0qQ6PPkQTGEiHRB2l3qH76J6UUzS54Dz1CGd4YrgaGXuY
+        1h34SFJ2eAcBuCrJb0clPZJ6khbs+YBeyztDntsO0Ys5x2lI8G4BuIfiD0nC3Ufiq2he8UWaWXiWXss+
+        JfOs3h+9Xyai9+a2ZmoR/7Hgc+nJEDaEobELt2HIV4dI10cSD8uxxuzYR8NCd9Pw0L2SrLjHxgJZnpxz
+        SjxtXTYUWjM5MBwBuJB6BOPqfBiQEMAgY+G4HfVYmyvbAGuAN5W247ABODaiaJuuLKBJDKWIYu0vwFZC
+        SCkCj5zYiyVJNHRzHvXh3+i6NJnGhTKYrs6UuVp783cwhg6zMQDIEI0KsLt7cTa1n5dEdy+Mo56r0qnH
+        WgY5tgWAs+4YN8fH8+PP8MZBADmMr8MYOtjLPmuyaMSWAhknB5jThMEYZ+e3Jp28liaQF/9WWwY/BETA
+        M9eR7Wcb2FH+DBvuBrl3oshnYSrDXrxAWot3LWjTMXJi7wFyU0Oo55JE2ac9b2+lnKAAN9UVMOliCjvM
+        ObEJpPwCb1zz1wOp65zoaqYxuOdmQK4GW5nsZUCcSpmtEeRcagS5RpD7OkDODnF2T9y3GeTMKa1q6CsC
+        OXjRAGEDstE9esUFZPUL3zG7VNUbZ0Kgub/5u3bdapBDBCuCHvqm8H5fEuTMZ65C2fHgMuF/5Hu0+PAP
+        6c2ia5R05Wc0e+9FmrfvfVp06BOaWn6VXiu9LmPeJmSfo3uyzskMD+g67Rtzgo9xgrz4OF7R1py/8Boj
+        ZQ7UK7JaprdZpWUfY0UlCTCDHKJZ4ckbwMcTgAvnuuMCuRd3XqJXck9Jt+nkwnPkHbxXPH8Ts07TixkX
+        aEbxeQmQQAQskggPYliazEAFIATcIV/cE6nHyTe4nMGuknpzPUS+uUeTquiBpMP0dPpRmlZyhablHqWF
+        u8/JPKp9gkolAGNc1D56Ou0kPZ5wiO6POSDHeYqh7pHYffTGzvN0f0QpPZZ4hKYUvyft5Ms5pyXi1Gdb
+        sUDjwO2lMhcrptF6Pv0YPZt2lB6I2i9A14chbWz4fhoduYd8thZS1y3FEqUKmOvH14iACHSbwlMHjxza
+        VJ2LFSAH7xzGyWFMWw2QY6F990IXLuYlXcpgtSqJno6slOAGQCO6TtHtCk+egtwwhrN+m7JpTGCJzPAA
+        b1qXNTk0mq+j05I06s/nB5BD9+pj8ZhOMoU6sjozuPXB1GFL0wXsEOGKBMPD/YvJdwVvX5bqBjl4/jot
+        jBdvHYCxC++LKb1gI2UsOdtReOz8GCK9+ZyQekRSmfB2RLj2XJEmgIYEv7Dhaq+RZQJRqGCALmxTJXGw
+        A8i1mhZK3RfECsh1xG+5mOHLghyYBl64u17dSl3mxFOTKbWZB/raQA5uOvtO6FJVmQes9WP1gNyNYE5d
+        k3V1rZo30w5vpuoCObzrA3U/WBvEQfWBnFPXqh3Y7NIgBxPeFOBuBcjdCObsQIfPOoZCdStArj3GcGCM
+        hiEniIMU5G6UO64+gHPLBm8mwCm4OcoFbyIX0JnwZgKcCXGQCW521QlwLim83QjgILNLVeHNlDPEKbxV
+        yzTkWAbA2UFOocAOCg2BN1PwxtUCORfAmKCmMoHINxWJfi/cAN5qAhnUJ/OKW4C4gTnoKr0igGXBXvV+
+        eEeOOEAcghsAcg0BP5XTOVkgxzCZzufgOm+na3UDHd8Tp3unwnZ4zSyY4/uXzOtcAQ/6PKSL2/as3PDm
+        kuYFVCGoxTfeClx4eOeH9O7eD6l/0mnqHX+aHmZIO/ab/6Lpe75PTxVdpodzLjG8XaB7M85L2pF+8ehW
+        PU794k6TX9wpGpBQRcOQhDbtFD2QfI7G87GRhsQ38qDMBCHlHGU3AmWdAS7sEAMb8sRZXjpAHMANACdj
+        4qIOSbBCD96uQs45zL8KKHs27Th1DNlPM8o/ksCDQQwlYxP5esKqxEv3bOZJernoggQ0dI/YT88UnJWU
+        Jt2CK8gnpIIe4PN8NO0EdeG67Mv18/Wi69Q7eI8c650S/n7KMdp86H2ZZ/WZ1CO0svIKvVZ4kV7IOkov
+        5GJGh3P0YFwl3RO5j0ZFV9BT2Wcld90rWWdoQiwDXtphmpx5nu5NrqABYaX0SMQR8guqoGERlTQyai8N
+        gzcwbI98/430E/RcxhEBqq7rC2WaLYAewM17U6F0zQLa0MZ68h9j5IdDBCpy0CFPJxIEo1sV4+FMgBOI
+        4za84+psOU7ntTk0AJP4M5C9XXCc2/E8GhtSRq0XVQ+/wVRd6JLFfKePhZdIIAPyw6F7tdcathn8jhxw
+        6F7FGDkfbutHbckhv7VZ5MXbvVYzVPJxWvM2CPtAsGsdGMAw5+pAbuvhhcN6j4UJEgiBd3j8OjLUwRuH
+        +V4BcE1nxZHHskTxuMF+IqEwcsx5L2Wbx8vDN+RJ9yrywCHFiNprsbWzY2jsthwraTDLDnJQu+kR1O7d
+        MJmztQvbX0y+32xqTZgTGSBXF8wpu2h36p2TtlBnBlnhGeYdvNuZx+QhOyvVBXImc4lsfObYtdoIco0g
+        1whyjSDn1tcIcg2RE1zZQc70zPVhwLLvB+hCdyoEoPuyIAdPngRKNBDkJNXKDWAO9xAgp+lIbiXIDeHv
+        jsq8SG/t+YQGpSO1yHF6tegKvZRzmoo//QW9Xvoe3Z97kUYkn5JZHAbGH6GxDDL3Zl8UjUo7TQMSuQzF
+        cpljEPOJPCDqG3WURjBcjUw6RaNTztDwJIY7BjS/qAMy4T7y1UkKk6jD0j06kNdhEn3fmCoaEn9MPHMY
+        K6cCxGGcHLxwmEEB9QvghZkURjIQjUCXKsMggikmMIA9n32aJhe/R/3Cy+n+lMPUmYGnWxC8cPtoWMwh
+        ejH/IvXYvpcGcZ17o/gK+TEYwsP2cMoJWld5jabtukiPpjOghR+g2TtP032hDHq8HdN7IYXJQylHaGDQ
+        XurLx3ucz8dnSzGNjCinB2IO0KvZJ2lh0Xl6NuEwjQwvpXvjD1LfzWXSdQpgu5fPFx69+7he+/rn0ZNJ
+        hxnqAIaVAnAy08PaXJkRAuPfAGKY7QFRqh7r82V6rgEBuyS6Fd44wJomALaDHLpevbg97rEph7oxaA0P
+        KqOh24pk0n2vNdnUZkUOtXXZArUJQ7buohei98jYuB4bcmXdoK0Mg8uSre5RBrk2DGZIBPxMfBWN5vay
+        w7x4tj8pErUK24WkwfDYKchh3RB+Bn58rt34nDAurt+GQuowP5aBEAEWqRKtCpCDdw4RtAiAwHJTBjmM
+        ifPkYyIFSftFidSONZCBD0l9AXPocoU9hr0Wmz4rmh6PLKc7GcycPHIQolvbTg+lDnxMgBy6V+HJ+6Ig
+        B4BDd2qzN7ZLShMT3sxllclDdlZqBDlDjSDXCHKNIPfPBznAilsugHGCGzsUCQRlWHICKHOdygQ5QJWC
+        3KDca9RXYK56e98syws3hLcNzAHEXZJ9nI7rJPM8VTcLcuh+VZhTOd1HQJymI7mVIPdg/nXyjT1MT+Zd
+        pf78O/fnXqbJ5R/Q6MzzNGnXZYq5/Dk9tfOyeNswTdcQdAfzd5EzDnnkMKUWvG9DE46LxqSfo7EZ52WG
+        hwFxALJDMv0WZnqAx20En+/otLNWt+wOJP+1vHBIOwJ4w3cwowO6UxEEoYJHDuunFF2gJ9NOUu+wwzSK
+        AWli7ll6PuccDcSxWP0ZIofsYCiKqaSn04/L9FuPpcGrhwjVvTQs9oikMXkl94zM3DAm4QS9XXaVBoRX
+        yLHm7b5E66o+lqCDsVEHaWzsQZq684RA1iPw0KXzfQgtk+UnE4/Rw3GH6LnEKln3cPwBGsOAhvxzc8su
+        UuCR9yj49Me0rPgiea0vlmAJ5Iq7L/ogjeLzwTRg/RkGvRjcHuTjjIzYK+PcMFWXJ6/rsi6POq7KlZke
+        PBngOjLcAeiwP5IHIwAC29uv5m2r8qkTL0MmyCFCFhGtGFPXenk2Tc84Qe2WZtMEhpx23N6rHVDbgNki
+        +q3LpLGBuyS3XF/+HrYhp1z/bXky8wLsCgIvRmzbKePnuq/l31qWIePlkKRYPXKYxQGCLWs2N0HSiPjw
+        OWBs3OiA3ZKkF12zbRYwjPE+CJRAVCu6XXssS6ERDI8ANESztmJYg+3FNF6tEMCwKI4hz4I4CN2ueEfQ
+        Qqt3GaKmR9Dw1cnU5O1wSS3iBHJd5sRS62nB1I7Xe7DtRfeqTtdVQy6+qA/k3BCHwIa5sdTktWqeUdmZ
+        x+QhOyvdUpCz72SHN1WNH9MTsJ2YedKQeUH2C74ZiKsL5OwQJ3IYG6dyAjgT3uwA5wRyN4I5HcBZP8hZ
+        8GaqPohDpaoL5LSCmqoP5BTeTNUFcia4Vcs1NZcL3gBoTvCmUoiT/eoAOFVdIFffuDjkiqsGOeSNqy2N
+        VFXZAa4uiPOsY1ycwptddoBTKcCp7ACHMUfQjQAOyxa8mTIgzmXAFeIQrQhjDoiD7CCgAjC4ZQOMGwlQ
+        AkhB1yDezfFidpkwZEKSHZ5MmVBWlwBr0sXKwDaYlwdkAeiuUt9sBi6Gt6E51wTkAHzqtbMfo67fsp8P
+        JFN78bH6ZVyR89d8dk7XbJd6K/0cgA6fMeWXBD4Y6yEFOoFsAJ7x/OxAp8JUYCMzz9GgZHjTTsgyIG54
+        6il6be/HDHWnJPL0ibyztOn4j+j13VdpfMYFiV7tF3+MesUclVx0fROP8/JxGQ+H8ov18LJ5xxymri7v
+        nF90lczmMCKhisannpBZH+ChG8wg2Ad50mKraGTCUbo37ZzAYH/8wcD4Udc8qxAmzkeX7POFp2lECv82
+        1wm/sEp6u/Q6TSq+Itu6cV1F4EPPsArxlCGg4N2979Or2cdoyi5+XoFlNATnwuf0YPwReqPwFI1POEnT
+        Ci7RxPwrMj8spgEDkD3CwDYq6gCNitknMzu8mHdKxry9wfs9wICHQAfAF/K+AQgnpRygidlH6PX8U/Rc
+        wiGaU3yBzn/+H1T4/i8p69L3qfTDn9LD/Nu9QneTF9ozjFljIENaE8zH2nVDvnSTPppyWOCp+zYrvxxy
+        wgHgxkczEG/Mox5bisjT1dUqU28FlLjaZMAct8sugIOXDuPuuvA79sc+CGzowu3+6Ig95L0m3QVy/L4s
+        TYBqbChD5ZpM8lyVKTMeSFdqUKlAWe+NuTITBCa277mhkGEwme7ne4y0JL7rcqjtnBTJUTfUn7/nAjhT
+        LeZaMzdgBog+6xH0kCRj77ryb6tdRD45eOQ6LkyUKbW6LYmnIRsLJEEwYA4Rr5jZoftSPudZkdRhDttl
+        dLuyDUYkazsGM0vxMjYO3rvey605WQFxZtQq5LckTt6RYw4euY6zo2WcnMkRIgPilDdMkMN78zdCmWUC
+        qNOMSIE4gJ2dayCTe1TKRMpK6gSTd5OtXKrBXzZGgxpBrhHkGkHOBnFfJci54c0Au28KyNUAOJUNIG4k
+        wMdXAXJOUKUSSHOpN8Nbn+yrvL46AAJdqIC3oflXaXg+v+ddF6CDJ+6bDHIQAh8G8r3UsXK6/ouAXI+4
+        w/TQrvekTAxkqBqecZGe2HmVBiedosd3XqKhSRhXdpjuZciZXPI+LT70EU3d96F0pcLjNjzptDWdF5dL
+        QBy8dP0YDtFtCi9dn8hjEgjhE8lllIX0I5hsvxuvx/yqfaKqCLnmRjK43cfnjXF4wxkKMbH+AN4+iH97
+        KEPWkPgTMl5uGMMi9n8s8xANwzypiScZ9o7IXKvPZjJIBnP9DK6gkQxy8M5hntWJuy7TQ4kH6fVdlyRp
+        7+QiBvfw/TIlGMbKTSu6Svfw78/f/Z54wZ5OrqIH+Bwm5fE1xh6kQREHZIL8exNP0JTC83RPVAXdk1RF
+        o2P30/0Jx+jFrJMyNReSCs8ovUz38nWOidovs0lkXvsJnfzsl/SXv/+DSq79gMKO/ZA8N5VRF3RRcjvn
+        sbHYmrJr4y6Zsgsw58nQ0mV1ukTZ9tyMHHF5NGD7XurFbRmWn0o6LulDkD8O4IY2F9MnIhIV7TLaa3jk
+        kGcOEaqYcxXXhSCG5guzGUJPkQ9D2IiQfdR+JdsAbvMR/ACQG4fEy2uyCVN4Ia3IuO2F1J6BafC2YskN
+        N3h9tkwPhshWAB5mXuiyMpntRrpEvXZgW9RyUToN2pJnpRcxBJCTMXGLU+gRvq/dl2G9BXftFyVKgmDM
+        o9oM9nN+PLVn9V3LMLqEv8NA139DAbVmyJLgCQAXgx6CH5Bbru0ctqFsgwFrADckDIZ6sn3D8e8NKhBv
+        nJNHrt+KJOmdQ7QqxsnBk9YG4+T4s8kS9YGcckizt4LIc35C9Rg5sIqNayCTe1TKRMpKXwvIfedlXnYC
+        OJUL5Oxdq04QZ16YebH1gRz0dYGcHeYAbnagu3Vdq0n8nlwnyDlBHGSCnAlxKieAcwI5QNyNQE67UesC
+        OXukKsZ4OAEcZELcjUDODnF1gZwd5gBqCnLVMFfdpdqQCfJhHEyYs4OcCXH1wVxdIOcEbyqzO9UJ5BTi
+        aoOcAXAsABsMtnanmVCHyfIBcjDuJgAovLkBwQCK+qQQAmn3ISBOuxAVWhDIoLDmFNCgYOQETSZMuQVg
+        s8u1zS+Hv+fqNgW43V/8Hj3OxvsRfh+R/750hfbLvsbC/nwu/N2+DHsQvmeXXyZDFwvHtp/TgOzL0l1r
+        nq9eE+Z/VZkAp3LfL0Pu+8rgZnax9uZnI12qtmejz8sJ5PQz3h8qYIjjsuKXwqCSdY0mFX5EvinH6Z60
+        4/RA3hXJFYdZHAB2EzLPS0LgWXvep7n7r9MAhs1xuWdpPEPdwAQuY5FHXJPqW384+nAZw1g7AJ2Oh4PQ
+        xYp1AD+Ue0Sy+oZXynReZv3APkhlgumzxjIwIpBhXMJB6Up9Kv8ITcg+wvDGz4xB6z6+lqmFF+lBjFnj
+        Y+LzcIbAvlEnaHLBGXoy5YTA3JtlVxm+DtJLJdcIMzf04no6IukETUjYR+8Un6ERvC3s5KfUb8c+msJA
+        i0CHIWEH6LXC05Inb0r+eXqWfx8g8lAqw2XIQXpjJz9bdMEmHqU1FR/S9OwTNJsh+AUGY3jmPvz5r+mn
+        v/srJZ37mI69/zk9zLCERMNo0+BpA8h1YIjrtHkXdV6fT1783mMrt20Ma/cknqLhYbtlyq5hgSU0PGQP
+        eazbKTM7tF9TSK3XWkAn8MbwhblXOzKcoesVXaI4FpL7wkMH6Bu8NZ2GbyqiCaF7qcd6q5sVueXarUin
+        e7bvIR8k8MUk+bx/m0VpNDawWMbOYVqw4f6FNHST5aHD2DfM2vAQP7cWCxG0kCDTenWUAIYkGe+mXatQ
+        B/4O1J3BC3nlMMUXPHGwm+rYALwBHhEc0JzBDMDXhgEOgQ3t5zDs8XbM4AAb22RWlKQcGboWEasRAoXo
+        TgWkAeAAc23mRJHHPIbMeVE0iu9D63fCqM0sgFxN2z90fSbdOXWHfLcDf9eDfwdTeYEVTJawgxwE/gCL
+        oDu1yRR/8pqXQs0wW4OLW/BuMo1KeQcymQhSVhJ2UoeYA2OZIAcmMxmtwV2rjSDXCHKNIPfFQU4hrhHk
+        vnqQq/bMWRAHj9yYne/TsxWf0NRDP6TXD31K9xR/KJ45c5wcgA771yXLawfVPg8FOSzr+eo1mdBm/wy5
+        75ch9311gRy8cYA5TOGFz+a9h+oDOZU3l5GxfK0oGz5JZ+mZne/ROIbLPmmn6Jld12kkZkAAKHL56Bt3
+        nO7LuUT3ZZ2hSWXvSyDECwWnaBA/3yEpJ+neDCsNCeZk9Wb4Qpm1ym6VrEN0K2AOXaEIagDgoesVgQ7o
+        PkWXK8DNBLnumFs1nOsSxspxffIOq6TeYXtksv6HC47ShLxT9Nauq/RgxglJB+J/+jN6bTc/26TDktOu
+        X9QBGhBRSfcmVckk/Q9lnqXHU0/R87mXaND2Cnou9xz1DOK2gOvxjsM/oMk7T9E7DKavlZ6n+xjonkk5
+        TPMYWp9JPUbTdp/n3zhFk7NOyxRf2C7j8rLOkf/BH9Drqadlxoa3809S5y2FNDr+MD2WeYqW7b1Gxz/9
+        FV372R8o7tRnNCGugu6P2ktL975HL6QeJs8NDFobuL3jtg/drJ03cpu4Lk9grWdAKXXjtvN+vl8P8++h
+        OxWeNa/NhTJHqvdGBkC0tzI+LtcdmYqEwm0ZkjDtF7pM4clrzYDUZnEyvZN/hXw25pKPP7e1K7NkfddV
+        8LxxGyfzpjJIoc1nuwBYGxu0U4IuRjB49t2QTUO375ZxcAhygDdtAG+TdCUMb0hH4svnBODC7A41QI6/
+        g+m5MME+ZmzAhPnIK4cxbwpykoaL7SfGx3VakChTeWE9ulPhhWvL9tFraYrMq9rKZUf7r04lH6RbmRMt
+        4/bgqQPgQUgmjJkaWs0OJy8GTKQYkZxzDHMtpkeJYPMV5NDl2l4CHuLkHaxgskRdIAc1mxpKHnPjBOLA
+        LrdPYZ5hRmkEOVYjyDWCnKl/JZDT7lRVI8g1DOScZHajOoGc5WWzPG2D867T0Lz3aELJhzSl8ns098hn
+        NPXg9+nhsk9oXOE1GlFwlYYXvC8eu2EMe0Pyr9Og3KsSJGEXgBAyf19/CzCIVCZyTq7zdF+L6zohBbyG
+        ghygDTAHgAPIAeg0Iti8//WBHD7juaOr2weD/pMvUDeGqQXHP+dycoqB6zA9upOvMe0MDUnm3+Dnjy7T
+        QXy8B7Iv0UO5F2hi/hl6Ou88Td97me5niOuTeJJGJZ+me3j70GQuUwxz8MyhbOPdO9IV6BB5REAO4980
+        zcgwRLsy0HULMyCO5Qa40INWmhJe7hNtBSbcl3OYhqZU0ZMA6aiDMh/qtN2XaRAf+770E/RE1imJUp3P
+        APYkQ/WjmZdpfOJheiL7NI1JPEgj4vfT0B1HaHjyPlq46xoFHr9MC0ov0Jqqj+jeuCM0a/dFvrartLbi
+        Mm0/+j1aeeA6rWQoW1BygabvPkMjGSh7Be+lXuFH6IW0czQqsErA6cnkAzI919MMl29mHaAFZVdozaHv
+        0YZDn9Cyysv0YCxf87bddG8E1+Nt+2Qe1VllH9ADfC981pdSOwY45NL03FAs3a09t5TKhP0e6zJlmjEP
+        bnORJ85n8y4aFYyJ8Mukje3ObaEVscpt+MocGh25zxofx+0dQAtDXSbEchu0KZ+GYA7YFbnS9nfj9rov
+        gikwXm1JliQXBgRignxMr/XEjlK2H6nUi89r4JadNCriACGFCGzEwC351GxJInVblCNj7iQ6lSFt4KYC
+        ajOb4Yztmar7Gj7HZYkCXR0Bdmyz4F3ryPYKMztArecx9IkNTCCfZSkS0NB8nmUnAXwIjuiMLtrZoeTH
+        96HN7ETqszKN7p4dJfu2YRusEIcuWi+GS4zHazErgtpOj6Z7t7Md4W3wuiF4AvsD9IZtyKIm77CdZzaA
+        Jw6RpgA+gJ3JEnaQU/bAem/+LeEY5pLb32BuedNilG8UyDlFrZoHkQPZf0hPwIA4SE/WvBCnC4VMaLNL
+        Ic4EOb2p7gR+Jsi54M1UXQB3UyDngjdTTvCmQoGtH+R0eq6aAKdygjjICd4gBbi6IA6yQ9wXAznXuDhj
+        bFzDQW6XWwpyDYE5hTg7yJkQpyBnl8KbAJyDAG0qhTc7xEF2eAPU1QVvKkCbOzqVl90JgQ14U2k3lTk+
+        zoQ5BbhqeDNlAZwPG02VQhwkRl2WT1pddInVhh/SLrsvBHCucV4CIQakAF76ptYPbaZMYLNL4cmEtmqg
+        uiKC56w/csgJwDGc5V2lkTvfowcZ5Cbu/Zgm7/8evbzvezSh6CMau/M6gxwr/33RsPz3RPiepiUBwElO
+        Onx2LetvQRhfNxiBE3wuGIOnsIf1TurHIALpMvLP6TqAlgrj4iBAsIjvtXav4h3PSp+BG+Lw3ADhxjOF
+        eiScI9+E4/RowWUX3J2UCNLni65LxOqwlJP0YM55GphynqHshOSY8+XyNCCBwY63Tci+QMP5d9/e9zG9
+        kH9BolsREOHHANQ//giNYAAck8plAd45Lrf4I4JACMCddL+ysA3dpoA4pBnBPKraBSvRrREHRb4Mf+6x
+        dAw7A6OO0aM55+jx7GM0ILqcnuTzxGwSGBOHnHAYF/cUg+ao+OPkFVROD2XxfglHZTqtB/jcEbzwdvF5
+        mph7mt7dfY5eL7hArxZclIn3UxDgkHCY5pacp+CTH1PMxR9TwNH3KebcZ/Ry1hHJK3dP3AFJGeIdUES+
+        /uU0OLKSXsg8xW0Br+N26K2iC/Ry9llJDry47DK9zFD5wI4yiYJdvueSfL87t0lIQfIAX1uHdWhHi2lQ
+        aDm9ln+anoyrpO4bCqmLf5EkLR7uXyFdp5iTFTD0YNIRhsgKaXPh/Xo0iaHYv5DarCyQtrkNJs1fW0De
+        3LYODymT6bYQydp2ZSZNTONnw/cH6zy4TceMDQP8iwX4ZKJ9BkF4ztDlitke4GG7J6hQQBAJfEcyCHkj
+        iGIx26jFGXRvWLl47SB40dRu3RdaSi0XpIm9unteCvVYk8Xfy5LjYfJ7ABmWh20rJK/lbJv4swDc/Hh5
+        hxcO+7RkW+q1Ik3SkbSbZ0WtiubFSqTrQLYx8M4h0AHbIXj6ms2MknQkgDkZK8efEQQxLoCvhfeFt83U
+        GAbS5jNi2c5Hytg4gBzUmrlBEgqrg8glN2swXzSZGiLJfptOsZjEzikNATmVyUZuZqoD5Oz8ZeezRpBr
+        BLlGkGN91SDn9sL9HwU5THAP3QqQM7s7qz1iFmjBA4fuUoUydJ8qyD1e+iE9Wf4xPVH2Cd1T9AGNYZBD
+        8MOQXMtrB4AT+HPBHI6D4+G4KjvIAdowLRjAz4yC7eeCM6gukLPvh3laq8XAxpKIVRVD18CMSzQI2xnm
+        AHcQJtcXsHM9UxXm0LXm0T1BY7MvUn8GHF8GqYFJx+mRnZdpXMYZCaJ4aOdVSfzbP+msgBz2R3mC1xZd
+        pIN53YScizSEwW1y+TV6LPMkvclAPJZBaQADFLpihyafpvEpfLwELnMMaCbEyUwPvA7dqZijVRL98mfk
+        j+vP78glh9kcBsUC1qx1mJGhNwPdgMijAnKP5JygPjv2CLwNi62i+xgeh8YcpsfT+NhcDxH1OZiPPSbm
+        pHjYEDwB2BvN5zeCl2W8XdxhWrr3As3YeZK2n/mUfvCnf9Daysu0cs9lWlZxnRaWXadpxZdpxb7r9ELO
+        KSs6NfoAw1AF9WFY6bGlnHwDyyTXHtqgCalnaPouTNN1kiZmH6c3Cy/QrAK+JwG7aHLOSXon5xg9knBQ
+        2rkuSB/CYDSC24sBATvJy7+U27QyGszwOYV/6/WsM/QgQ2KHTTlWu8jtKLph4YkbHLibHk48JrnkOjHI
+        IA0LwA1A1m5VlnTBSiTr1iLqG1Amy0+lHBBo67QakLeTj1EsINeF4RDbu65lkON3pD1BcANSk7RdnErj
+        thewbcgQL9zo4CIBJPT6+K7PpZ5rs2VfqNuKLLFbGFc3fGuBdAmjd6nPJis5MGZ4kJ6mRehtwkwPKdR3
+        baZMpI80IxgHJ/aOoQi55ABnsKVtGKgwxyqADsmBZU5WtpOIWvViGByywUr222xGhHTZwqPWdkE8deXf
+        AJghCXCrmQxkDGpe8+Oo7bsR1HaWNQYOEAfv3D3+BRIs0e7dGGqLcXJzoiXgAYmBkbJEkgMjD50d5N7Y
+        Th4Mli3etIIe1Atn6hsNcuLGMw5i/5E7Xt0mbkGVHeTsFwA5XqztpphSiDNvrNxc3Gx1hZogZ+omQc4O
+        cRC6Us3uVFNOAKcyQc6EOOhGIOcEcNqdWle36o1ATiHOCeRMeLPLGeYs2btWRTaAUwHkkDvOzB8HYLO/
+        1wVwKieAg6q7U7UrVWHO6FJ1UF0gB3gDrJkyQc4OcSoFOIU4hbe6AA5eDLNLVcHNlEJcXSCn8KZdqJDm
+        j9NuNnxGlypADkYeAKfdqdql6gRsdvkZAGeHNxPiBORcEFcfyDkDW00ptLm9ceIBu8yAZUGUSoFseMEH
+        AmUjdr1PE3Z/QBOKPxCgg8YXfijj5mScXP518eINzgO48fcLqkFO3yH1zPVFtKuKYQzrdB8T0HAtuDa9
+        dr0Xdd2Tfmn8PZfUM6dgpzAHuBuMWSnSrc/quXMU4I6feb/kk5I3zi/1LHkzxD2Wf5keKLgqCX4Bck/s
+        ukbDGZB6M4QhUbBZpvox+KGLFXnixqWeov7J52kKAzHGn71SfJHuSb0gYIhxcYA4pDIZzZ8RWdojio8Z
+        baUpQaoRBD7A42Z54g7zZ/4OQxwiVBGpiim3BscepiH8u/DGYYYIv7gqeiznMk3KPS+zHdyXfEpSjTyR
+        cYSG8nHe2nmFBkeeoBlF12h08mGJOB244yANiDpIY+IO0iNpx+hR/g66f98puSjRqS/kXqDDP/gDVX7/
+        ZxR9/Do9V3ieFpd9QAv3vUeL9lyh5Qx12w5+Ru/uOk338TEwv+pjSZXkEbCf2oYV0YyCiwK4SGUys+gi
+        rahkuE2qohHBu2g5HwPdsA8l7qXnMw7RGwX8DIK4PdrIIOi/W9rGfsGlMh2Xz7YS6SIeFFxGI8Iwl2sV
+        TWIoHLWd28b1edR27S4Grl00dEsxDdy2mx6L3i8zNeDP89PJB8mToU/mWWV46sNgCLBDNGt/Pu6LaUeo
+        N9rJtVk0fAuD45ps6rqpiG1EqqQN6b2lRGaMgE2ArYDt6Mjw9UjkHpmEvwMD10MRe+gujH1bninBHrAZ
+        mNYLwRHeqzMt+zU/nnpsLKSu+N0NeTL+DnnlxI4xyGEfFUCsPwMhxtMB5lovTLVyyvF6HTcHSbcr74+A
+        BiT4hf3FZ3TTdlmaQN0Wxsp6eOJ6rMghzwXWBPzY7/+3d25PVZVhGL/CtEzTLDuMiuggsFEgUhCMEkhM
+        bahpshvRMWLEQ2liOnnIQ5KDoignZbM5KLgVt6AgHkaJ4iCZOgqC03T4C/onnp7n3Szcbmmm6cLxgotn
+        9tqLdfrWYn/fb953fe9jY3nOUY7VmvxQhudzCzFuBcWxXJMjlF6dv4/3lmBozg7rig34pn113GBOJUnG
+        rFJUzs8aft4owHOEt6mEUkFcSNbhYRlF+q8g50CcFMhLkjFUEGNJjzFYUGpVGgG5QY2A3JMA52gE5P4f
+        yAWnU591kBsO2oaTQZz0FEFOEsgJuiQXwUngJRBz4E1ygExSNG7B+QGk+AaQ2NA/tDyPsKa/xTdQZ/u5
+        be9QlE0SnGmdc3xHgkadW9voMxjkAlOrKkUSqMD74Nwbaeh+8D46cu7vUGq1SsuEMwKcy3PLX45E6/Us
+        LCL3pPQ8NQM17Vw/ppe183s3MrwPMIswk3GO7eaxYghdirYl1PF4FV2I47EFf45k36WJDwYuZ+4juaob
+        sfIVJfgkE+5WNvcjvrITSbWESsKXzPPn8FyL6nuQeuqWlRaZV9Fp54kmqElzuE7wJqkQcFRpOyJLfoSr
+        +AZmE+5UmkRSujTO044PCU6fnua1ymievxV5pb5fTUDk70/RwdjSa0jhNS339do+qiUXoaK/hLA07p/u
+        6UZMyWUr2pt+8mcUdPxhadWiW38R2Ppwoe9vpLr979pl1t1EOj8XlF8z8EsgSCaWtyGzth0uAlkqj/dl
+        622sbuwzE/39nX8i29tlhXaXea5ine9XzC1qRWKRD2nuK0h337DJCHr/TbXjZIY/meAzlQAmy66ogy3m
+        5qBi6krVyjs1/tAFfMTzLK9h2/KbrH9WlkPFfdPYBhXvFbAls43R+RcM3CZvY5++lX38t14kHWzEgqOt
+        ePkbDxYRaMN2qJ+uQ9huFRRu9Pf3ei+O+zjjgsaSN9m3pxw8b+OIZrMuZvte3FKD8O01Vipk3NdKq1YZ
+        yIURBpViHb/RXxdO9ebC2e9P0DYbBsexIJBT9G022yCgE5hNWlcBzWbVepnkOzXjBHNOhE7v1ykipzIi
+        mjgxdm0pQvOqLMUqU/wxa0usZMmEXH/WTBqd4y/mP/aLYqtHp5St3n9zNGd7NV5YU44JOSWEt3JM21SJ
+        t3bWIYGSmf747GMICfBaHb3ysEXixmT5OSQk69CwjCKNgJwaO8yNcTQCciMgNwJyTwfkBBDB4BYsBzSe
+        dkTOVd/3GFwNQZvAy5EBGKGO4JGkaNz5fiRwWcCWfO6haW7DA4O4OL0nR7hR9C7qdB8i63st0udE/zSJ
+        QfCmczwCRb9mE9yCQU7LDsi5agh91Vyu5bX/C9AF3hPHZ1by19570vlBUDfLrRmsj0BOgOY8P6VYHel5
+        zyQoqdhvGLeLKu8243s9+6W+PpuB+k79TSRW9yC+lpB4guBQ+Yv9jziSBZesuGL5jOMIY2neHkTzfG9X
+        3zQj+4RTd7G+dcBcDbSsdGkMjysf0qyLvWb1lVFHoHN32CxXScV/ZfsliBP8ORLQmeNDSZt9uvi7iCFg
+        LfHewSdewuuRSxaFk+F9yonrCCtsQ3RpM96t72QburHizD0ke3rgklPEYEQuiQCXeeo2MhvuYObRq1jv
+        u48DHXex5acB5Lfew56O37Dj8h2sanpo0THZfyUTxGTxpTImcn6Ysb+JYNSCD9jmWPYJ3135HeEEnvfK
+        2pBV2WozTJdUd2FN431k81o+86qAcJdNxlAx4djCZkz/4aKVBpnCfmvaPh9C9/rgOnQJkQXNmLTjLF6y
+        CQgyw29A2N5mROxvxFxew7Kq61jquW4Ru1e2ec2XdWGhDxnH2zD/cIsBYUxBE2bs8Vl6U9vkNt7Fq3nV
+        +JgAO3On+us6xOzyIXJvA8eMSkzczH6c/b9SrIFjw2uEw9QjF22cCWf/LFP8sTzOwtIWwpnfZ1VRNG03
+        XfC0yWP+q3H5DXh9s9siZor4qY7bcCCn7xE7TyKM++v7lI0cswhiVm9uQwUM5rheY6Yf5oo55sq9ocze
+        m9OkCtWcU5pVkyNC82psm1CeW1ZhOobG7xCO+TLQlxNE6oFmjF4fUBg4uwgReW6MyuH4/Pkxe0dOadn4
+        XbVI+b4eUVvdlm41i69BkHsjtxwTVxciZCUhjhq16lkGud34B+aXO5I36oUUAAAAAElFTkSuQmCC
+</value>
+  </data>
   <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
     <value>
-        AAABAAEAICAQAAAABADoAgAAFgAAACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAA
-        AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//
-        AAD///8AAAAAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAcAAAcAB3AAAAAAAAAAAAAAcABwB///cA
-        AAAAAAAAAAAAcAAA////AAAAAAAAAAAAAAAAAP///3AAAAAAAAAAAAAAAAD///9wAAAAAAAAAAAAAAAA
-        j//4AAAAB3AAAAAAAAAAAAj/jwAAAA/4AAAAAAAAAAAAAAiAAAAP9wAAAAAAAAAAAAAH9wAAf3AAAAAA
-        AAAAAAAAAH93d/cAAAAAAAAAAAAAAAB////3AAAAAAAAAAAAAAAA/////wAAAAAAAAAAAAAAB/////9w
-        AAAAAAAAAAAAAAf/////gAAAAAAAAAAAAAAH//////h3AAAAAAAAAAAAB/////+I//h3eHAAAAAAAAD/
-        ////AAB3j//3AAAAAAB4////9wAAAAf/+AAAAAf/+AB4iPAAAAAAj/cAAAAH//AAAAD3AAAAAAcAAAAA
-        B/+AAAAAjwAAAAAAAAAAAAB3AAAAAA9wAAAAAAAAAAAAAAAAAAAIh3AAAAAAAAAAAAAAAAAAD//wAAAA
-        AAAAAAAAAAAAAH//9wAAAAAAAAAAAAAAAAB///cAAAAAAAcAAAAAAAAACP+AAAAAAHAAcAAAAAAAAAB3
-        AAAAAAcAAAcAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAD/////4AAAB8AAAAOAAAABgAAAAYAA
-        AAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAA
-        AAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAcAAAAPgAAAH/////w==
+        AAABAAUAEBAAAAEAIABoBAAAVgAAABgYAAABACAAiAkAAL4EAAAgIAAAAQAgAKgQAABGDgAAMDAAAAEA
+        IACoJQAA7h4AAAAAAAABACAA6iUAAJZEAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAADDDgAAww4AAAAA
+        AAAAAAAAv5UA/7+VAP+/lQD/v5UB/7+WAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+UAf++kwD/v5YB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/76TAP/Alwv/xZ8Z/72SAP+/lQD/v5UA/7+WAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf++kwD/7eG3///////Orj3/vJAA/8CWA/+9kgD/v5QA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf+/lQD/v5QA//Hoyf//////0rVQ/7yQAP/AlwX/yKMj/8CX
+        Bf+/lAD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/DnBb/zaw2/8WfHP+7jgD/vJAB/9a7
+        Xf/BmQn/vpQA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/vpQD/7qMAP/LqTT/7N+y/+na
+        p//EnSD/vZEA/8CWAv/AlgL/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CXBP+9kgD/7N+z////
+        ////////5dSX/7uPAP+/lQP/vJAA/7uOAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lAL/uYsA/+3h
+        uP///////////+fYov/EnRX/xqEd/82tOv/Vulr/vpQA/7+VAP+/lQD/v5UA/7+VAf++kwD/xJ0S/8+v
+        Qf/NrTr/696v/+zgtP/Fnxv/v5UA/72SAP/cxXP/9e7X/76TAP+/lQD/v5UB/7+VAP+/lgL/vJEA/8uo
+        L//j0ZD/u48A/7uOAP/Algv/wZgQ/7uOAP+/lQD/vpMB/7+VBP+/lAD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP++kwD/vI8A/8CWA//AlgL/wJYE/+nbqf/awWr/vJEA/8CWA/+/lQH/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UB/8CWAv+/lQH/vpQA/8GYCf/7+fD/696w/7uPAP/AlgP/v5UB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP++kwD/w5sS/8GYC/++lAD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76TAP++lAH/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgH/v5UB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAoAAAAGAAAADAAAAABACAAAAAAAAAJAADDDgAAww4AAAAAAAAAAAAAv5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/wJcE/8CWAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        Af+7jwD/uo0A/7yRAP+/lgD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/72SAP/Yv2j/6t2s/82tPf+8kQD/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP/AlgP/u48A/9K0S/////////////n16P/DnBL/vpMA/7+WAf+/lQD/v5YC/7+WAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlwT/u44A/9W6Wf////////////v5
+        8f/Fnxn/vpMA/7+VAf+/lgD/vZEA/72SAP+/lgD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQH/v5UA/7+VBP/k05b/9e/Z/9/Kgv++kwH/wJYE/8GYCP+7jwD/3cd6/9W6
+        Wf+7jgD/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76U
+        AP+8kAH/vJEA/8KaFv/Mqjb/uowA/7uOAf+7jgD/17xh/8ikJP+9kgD/v5YB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf/AlgP/wJYD/72RAP/JpS3/3sl9/+PR
+        kf/bxHD/wpoc/7yPAP/AlgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5YB/72SAP/o2qb///////79+v//////3cd7/7yQAP/AlwT/v5YB/7+V
+        AP+/lQH/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgL/vJEA/8uo
+        L////////v37//38+f//////+PTl/8KZDP+9kQD/vpMB/76UAP+/lAH/vZIA/7+VAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/vZIA/8upMP///////v37//79+f//////+vbr/86u
+        Pf/Kpiz/x6Ig/8KZC//Alwr/x6Mj/76TAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP++kwH/uo0A/7+VBf/x58b///////79+v//////4MuF/7yQAP/EnRL/yKMk/8ejI//q3Kv//////9K0
+        TP+7jwD/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/Fnhf/2L5k/86tPP/EnRb/3MZ2/+jZ
+        pP/fyoH/v5UJ/7+VAP++lAD/vpMD/7qNAP/eyHz//Pr1/82sOf+8kAD/wJYD/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJYD/7uPAP/StEv//////8mlKf+7jwD/vI8D/7mLAP/EnR7/yKUp/7yQAP/AlwP/v5UB/7+V
+        Af+9kgL/wJYH/72SAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgT/xJ4Y/7+U
+        Af+/lgH/wJcE/8CXBP+/lAL/zKo3/8SdFv+9kQD/v5UA/7+VAP+/lQH/v5QB/7+WAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/vZIA/7+VAP+/lQD/v5UB/7+VAP+/lAD/696x////
+        ///VuVf/vJAA/8CWA/+/lQD/v5UB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5YC/7+VAP+/lQD/v5YB/76TAP/EnhX/+vfs///////l1Jn/u44A/8CXBP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+W
+        Av+9kQD/1rtd/+japv/GoR//vZIA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/vJAA/7qNAP+9kgD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/wJYD/8CXBP+/lgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAA
+        AABAAAAAAQAgAAAAAAAAEAAAww4AAMMOAAAAAAAAAAAAAL+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/wJYD/7+VAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/76TAf+8kAD/vpQB/8CWAv+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+WAf+8kAD/w5wV/86tOv/CmhH/vJEA/7+W
+        Af+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgL/vJEA/86tPv/69+3///////j0
+        5f/KqDH/vZEA/8CWAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+WAf+9kgD/7+XC////
+        ///9/Pj//////+vfsv+8kAD/wJYC/7+VAP+/lQD/v5UA/7+WAf/AlgP/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76U
+        AP/z69H///////z79f//////7+XC/72RAP+/lgL/v5UA/7+VAP+/lQD/vZIA/7yPAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP/AlgP/u48A/9m/af///////v37///////Wu2H/u44A/8CXA/+/lQD/v5UB/76TAP/HoyL/0LJG/76U
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQH/vZEA/8+wQ//dyHr/0LFF/8+vQf++lAT/wJYC/8CXBP/BmAj/uo0A/9zF
+        eP/38uD/vpMA/7+VAP+/lQH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgL/vJAA/7qOAf+6jAD/yqcv/86uP/+6jQD/u44C/7uO
+        AP+9kQD/0rVP/8SeF/++kwD/v5UB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/wJcE/8CXBP+9kQD/zKo3/9Cy
+        R//awm7/17xf/8+wQv/Ioyj/vJAA/8CWAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/7yQ
+        AP/eyX////////7+/P///////v37/9CySf+8kAD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CW
+        A/+8kAD/0LFF///////+/vz//v37//79+v//////+PTm/8OcFP++lAD/wJYD/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJcE/7uOAP/k0pP///////79+/////////////79+///////0rRP/7mLAP++kwP/vpQA/7+V
+        Af/AlgL/wJYD/7+VAf/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlwT/u44A/+XTl////////v37/////////////v78///////fyYD/yqcu/8il
+        J//Cmw7/vpQA/72RAP+8kAD/vpQB/7yRAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UB/8GYB/+8kAD/z7BI///////+/vz//v36//79+v//////+vbq/8Wg
+        HP/EnRT/y6ky/8+vQf/Qskf/y6gx/93GeP/48+L/171g/7yRAP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP++kwD/uo0A/7yQAP/LqC//6Nqn/////////v7///////37
+        9v/Tt1X/u48A/76UAv+9kQD/vZIA/7+WAv/HoiH/+PTm///////z69D/vpQA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgH/vpMA/8ahHf/gy4P/1rte/8qnL/+7jwD/zq8+/+DL
+        g//cxnX/1rth/7yRA/+/lgD/v5UB/7+WAv+/lgL/v5UC/7uPAP/eyX7//Pr0/9rDb/+8kQD/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CXBP+7jgD/2cFr///////hzoz/uYsA/8GY
+        Bv+8kAD/u44C/7iJAP/JpjL/y6gy/72SAP/AlwT/v5UA/7+VAP+/lQD/v5UB/72RAf/Alwj/vZEA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/EnRX/3MV2/8ah
+        H/++kwD/v5YB/8CWA//AlwX/wJYC/8CXCf/Rs0z/u44A/7yQAP+/lgH/v5UA/7+VAP+/lQD/v5YC/7+U
+        AP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/76T
+        AP+6jQD/vpMA/7+VAP+/lQD/v5UA/7+VAP/AlgL/u48A/8yrQP/eyX3/zKo2/72RAP+/lgH/v5UA/7+V
+        AP+/lQD/v5UB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UB/8CXBP+/lgH/v5UA/7+VAP+/lQD/v5UB/7+VAP+/lQL/7uO+////////////0LJG/7yQ
+        AP/AlgP/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgL/vZIA/8agHP/9+/b//v35////
+        ///fy4L/uo0A/8CXBP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lgH/vZIA/+fX
+        of//////+vfr/8qnLv+9kQD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP++lAD/vpQF/8yrNf/Fnhr/vZEA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQL/vJAA/76TAf/AlgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/v5YB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP8AAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgA
+        AAAwAAAAYAAAAAEAIAAAAAAAACQAAMMOAADDDgAAAAAAAAAAAAC/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+WAv/AlgT/wJYD/7+VAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/72SAP+7jgD/vJAA/7+V
+        Av+/lgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQL/vI8A/8ij
+        JP/Tt1T/zq49/76UBf+9kgD/wJYB/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+W
+        Af+9kQD/38uE///+/f///v7///////HoyP/Fnx3/vZIA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJYD/7uPAP/Wu1////////7+/P/+/vz//v37///////t4rv/vZIA/7+VAf+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/wJYC/7yRAP/u4rv///////79+//////////+///+/f/+/v3/yaYs/72R
+        AP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/72SAP/x6Mj///////7+/f/////////////+
+        /v//////zKs4/7yQAP/AlgP/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJcE/8CWA/+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJcE/7uOAP/izoz///////38
+        +P/+/vz//v36///////48+P/wpoO/76UAP+/lQH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lAD/uo4A/7yQ
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5YB/76T
+        AP/DnBb/9O3W/////////v3//v78///////XvWj/uo0A/8CXA/+/lQD/v5UA/7+VAP+/lQD/v5UB/7+U
+        AP/AlwX/3MV1/9GzSf+9kgD/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/8CWAf+9kgD/wpoT/9/Jf//s4LX/5tWc/9GySf/XvWT/v5UH/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJYD/7yQAP/NrDr///////Pr0f++lAD/v5UA/7+VAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgH/vpQB/7qOAP+8jwD/u48C/7mLAP/OrkH/1blc/7uO
+        AP/AlwP/v5UB/8CWAv/AlgL/wJYC/72SAP/FnyD/7eG5/9O2Uf+9kgD/v5YC/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/8CXBP/AlgP/wJYE/8CX
+        Bf+7jwD/2L5m/8qoM/+8kQD/vpQC/7yQAP+9kQD/v5YC/7yQAP/XvGP/xqAl/7mMAP/AlgH/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAf++lAD/wZgP/9rCcP++lAf/w5wT/8yqNP/Kpy3/vZIA/8ijLP/WvGH/vJAA/8CX
+        Bf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlwP/uo0A/86tSP/y6cv/+vbq////////////9e7X/+nb
+        qv/Alxb/vpMA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CWAv+9kgD/x6Il//fy4P/////////+////
+        //////////7+///////l05j/vZEA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAf+9kgD/7eK8////
+        ///+/fr///7+/////////////v79//79+///////1bpe/7uPAP/AlgP/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/7yQ
+        AP/Nqzj///////7+/f////////////////////////////7+/P//////8ObD/76TAP/AlgP/v5UB/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/wJcE/7uOAP/ZwGj///////79+//////////////////////////////+/v//////+fbq/8CX
+        Ef+8jwD/v5QB/7+WAv/AlgP/v5YB/7+VAP+/lQD/v5UA/7+VAf/AlgT/wJYC/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/wJcE/7uOAP/ZwWr///////79+///////////////////////////////
+        /v///////Pr0/9W5WP/IpCb/wpkL/72RAP+8jwD/vZEA/76UAP+/lgH/wJcD/76UAf+7jgD/vZEA/8CW
+        Av+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/7yQAP/Orj7///////7+/f//////////////
+        //////////////7+/f//////8unM/8qnLv/Ut1T/2L5l/9e8Yv/Rs0v/yaYr/8KaDP+9kgD/u44A/8Kb
+        E//UuFP/yqcu/7yRAP+/lgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/7+WAf++kwD/7uS/////
+        ///+/fn////+///////////////+//79+v//////2L9q/7iKAP+9kQT/vpMA/8OcEv/LqTL/07ZS/9i+
+        Zf/XvWH/0rVP//Tt1P///////////9W5WP+8kAD/wJYD/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/8CWAv+/lQH/wJcD/76U
+        Av+8kQD/3cd5//z79v/////////+//7+/P///v3//v79///////q3K3/vZIA/8CWAv/AlgP/v5UB/76T
+        AP+8kAD/vI8A/76UA/+/lgL/4MyH///////8+vT///////Dnxf+9kgD/v5YB/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5YA/72R
+        AP++kwH/u48A/8KaEv/cxnf/yaYt/8eiJP/u5L7//v79///////+/v3//v38/+TSk/+9kgL/v5QB/7+W
+        Af+/lQD/v5UA/7+VAf+/lgL/wJYD/8CXBP+6jQD/0bNP///////+/fr//////+rcrf+8kAD/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP/AlgL/vZEA/8yqNf/z69D/6duq/9vDcP/GoCD/vJAA/72SAf+8kQH/yKUm/9GzSv/OrTv/yKQk/9W5
+        Xf+9kgD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/vpMA/+DMiP/59en/7+S//8ah
+        Iv+9kgD/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlgP/vI8A/+rdrv///////////9S4XP+5iwD/wZgF/7+WAv/AlgL/vZEA/7uP
+        AP+9kQP/uo0A/9W6Xv/KqDT/vJEA/7+WAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/7yQ
+        AP/BmAf/vZIC/72SAP+/lgD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP/AlgP/vI8A/9zEdP//////+/jv/8qnLf+9kgD/v5YC/7+V
+        AP+/lQD/v5YC/8CWA//AlgT/vpMA/8SdGv/Zv23/vZEA/8CXA/+/lQH/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UB/8CWA/+/lAD/v5YC/7+WAv+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/72SAf/NrDn/x6Mk/72R
+        AP+/lgH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/7uPAP/Wu2H/yaYv/7qNAP+/lQL/wJYC/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        Af+8kAD/vZIB/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UB/76TAP/Cmxn/171k/8ah
+        Hf/CmQ//vJAA/7+WAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlgP/v5YC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYC/72R
+        AP/LqDP/+PPj///////59ef/0rVS/7yQAP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQH/v5UA/8CWBf/07NP///////7+/P//////+/jv/8agHP+9kgD/v5YC/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lgL/vZEA/8ilKP/9/Pn///79/////v/+/fn//////9K0TP+7jwD/wJYD/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQH/vpQA/8KbD//48+T///////79+v///////v38/8mm
+        K/+9kQD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/wJYD/7yQAP/VuVz//v37////
+        /v//////3sh9/7yQAP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+W
+        Af+8kAD/x6Ij/9S4Vv/Kpy7/vJAA/7+VAf+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP/AlgL/vZIA/7uOAP+9kQD/wJYC/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5YC/8CWBP/AlgL/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+VAP+/lQD/v5UA/7+V
+        AP+/lQD/v5UA/7+VAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACJUE5HDQoaCgAAAA1JSERSAAABAAAA
+        AQAIAgAAANMQPzEAACWxSURBVHja7Z15fF1Xde9/a+9z7qDharImS/I8JrZjO4mHzCEUAiGEkhJCBwih
+        rw2EqZQOD0qB5qWE1xI+vEfyQmlLKVAIJKShJcEhITij49gZPM+2bGuer3Sv7r3n7L3eH1uSHQ+JbEu6
+        5/rs78efxNZH0j1XWt9z9rD2WoT7nobFElZEvi/AYsknVgBLqLECWEKNFcASaqwAllBjBbCEGiuAJdRY
+        ASyhxgpgCTVWAEuosQJYQo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjRXAEmqsAJZQ
+        YwWwhBorgCXUWAEsocYKYAk1VgBLqLECWEKNFcASaqwAllBjBbCEGiuAJdRYASyhxgpgCTVWAEuosQJY
+        Qo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjZPvC7CcFkEQRACUZvMRIhIEZmhmzvfl
+        nR9YAQIHAZJIg7Wvta8BwBEgAsBaaV9DCjhCCsGAtiKcG1aAYCGIwOxnPUixeFrJmtrEBZXF88rikghA
+        Mudv60293jP0YnuyP5khKaQr7dPgXLACBAhJpDw/IuV7F9ffvrj+7Y0VrqATPocBAlpS2R/v7fzXnW07
+        O5LCdUiQfRScHYT7ns73NVgAE/1Zb0ld2f1XL7iyvowZRNDMms3wBwBMkEtBAAjIKv21Vw7fs+lQ1tfC
+        kdaBs8AKEAgkQWXVx1c03XvFvJgUihmAIKLTfL5maLAACcLLnYO3rtt+oDclo87YdNkyTuwyaP6RRCqr
+        PnfprPuvXhARQjFLInn66AcgCA4REXzNl9aUrnvvRXMri1VOiTf7IsspsALkGTPy+cSKpm9cPtfc+OW4
+        g5gAR5CveV5Z/LEblzWURrXSVoEzwgqQTwSR8vzldWX/+/K5AAgkzjx8jQMLyou+eeV8aJ3v91RgWAHy
+        iWaGlPdeOb/YkYr5LKLf4AhSzB+YV3Pr4nrOqfE/QyxWgLwhiZDzb54z7dqGcs18jlFrvvgLK2e4UUdp
+        tgaMEytA3tBgSPHhRXUAzn3tRhAxY2lVyfVNlfDsbHi8WAHygyCwrxdWlbxzRiWACYlXDQZw6/waCOIJ
+        cCoUWAHygyCCr1fXlEal0DwxIxYCAbisriwWdbQdBY0PK0A+ubCqBMBEbV6Zp0h9caShJArNdhA0HqwA
+        +UExwxFzEjEAExWpBDAQlWJ+WRyaCdaAt8YKkE/Oet3zzbHLoOPHCpAnTFrb5ESqnf+OHytAfhBE0NyT
+        8TGa43nu8OhuwEDOB1kNxoUVID8QAUrv6EtN+Hfuy/o7+9IQwp6TGQ9WgPzADEixpScFwJmgqYCJ+F19
+        6d6MN1nTi/MOK0B+0MxwxIvtAweSGUzQSqj5Jk8c6UXOd4js/X88WAHyAwNSiqGh7IN7OzERZ9sZcARl
+        lP7Rng5Ioe0UYHxYAfIGM8MR39/dlsz5jjjXG7Y5C/bw/q693UPCkfZk2DixAuQNzZCO3N05ePfmZhxX
+        /OfsvpUjqD2d+9uXDkCQXQgdP1aAfKKYKeL8wyuH17f2m3MtZ/FNGDCpb1/YcOBAd0q69vZ/BlgB8gwR
+        seY/emLHjr60I8g7w+DVDHOW4O83N39vW4uIufZc/BlhBcgzmlk48khy+F2/eG17X9oV5I+v0hWbhCJA
+        Ev39K81ffG6frYxyFlgB8o9mlq5zOJm59uev/GhPhyNG0tg0s3FhLKh5NO7HQr83633kqV1ffG6fcKVN
+        gD4LJG64Ld/XYAEDQorhnHp4T8fr/em1tYnyqMMgUxpoLLDN34lIEGV8/ZO9nR9ct/3ZQz0y6rKd+Z4V
+        tjRiUNDMQgoI+u99XXetmg3gpY5ksSsWVRRHRrd1NaMv6+3uH368ueeHezsO9aRIkIzbcf/ZYwUIEIKg
+        s/5ty5uWVBYfHcre9NjWrmFvdllsTiIuCJKoN+Pv7k8nsz7nfDhCRByAbfSfC1aAoECAr9iNuXdcOB3A
+        d3e0dQ0My5h7sC99sCd17JOEgCAn5mqwnfKeO1aAoCCJ/Jz3ewumX1xd2jmc+5cdrXAlA2JsUmwmwcwA
+        fBv6E4QVIBAQ4DOLiPPJJQ0AvrezvaUvfdzg3ob7ZGGXQQOBIELOf9/saZfVl/Xn/H/a3grHJvRPBVaA
+        QKCY4co7lzUA+Pdd7Qd6hqRNaJsSzhMBRhfIC7IQgiRCTt0ws+ptDRVpXz+wtRVS2OCfGgpeAEEwucSs
+        mRUzsykaXkCFETQzHLpzaQOAH+3p2NmVlDapYaoobAEkkfa1P+wJoCzu1hRHSyIOmP1hj9W5lpudsrfA
+        nnp7U+W7ZlZ5mu/fchTC3v6njkJdBSJAEFTWm11VctviuutnVM5LxGOOTPtqW0/qv5t7/m1nW89gVkYd
+        FexbqQaD6BNLGwD8ZG/Hax1JEXHs7X/KKNQeYQLQvv7kiqa7V89ORBw+LmHG/L0tlbvzmT2P7OkQkeDO
+        JgWRzvlXNFY8e/NKDVz2s80vtfUL1wowdRTkEEgQtK/+4cr5//fK+SWu4+tjWZOmd7Riri+O/PxdS+5Y
+        3qQD3jmLcOeyRgAP7eu00T/1FJ4Akkhn1ceWNn5+RZM5QuWIkZZyNNpmXRJpZmbcf/WCa2dW6ZwfwPmA
+        INKef2l92S3zagDct6XF7ndNPQUmABGU0tMSsa+umgVA0GmbagkiDSbg79fOIVeqCSpBPsEwPrm0URAe
+        Pdj9TEsfReziz1RTYAJIInjqQ/NrGoqjvn6LplqSiIE1tYm3N1YErWmKINKeWlabuHVBLYD7t7RAsyjI
+        bYzCpsAEMFXFr2kox/iqiptcmt9pqgxavXwCoPUnljZEBK073PvEkV7zmMr3dYWOQhKAANZwXbmgvAij
+        DVHe4ksIAOaWxeCI4ISXIChfLawu/cOFtQDu29oCXwfqARUeCkkAAAALopg8s8uOSQEKULlkAkHpO5ZM
+        L3bkb1v6/+tQNyL29p8fCk0AopzS3RkPwHiShE1QdWU8KB2Q7AgiKF/Nqiz+yKJ6mNu/Zzv75o1CEoDN
+        vDanXusewpkUlN3ak4LSAamXbNrj/cmF0yuizovtyZ8f7ELBbv2aRWdHkCAigiA4RIWViFVIAoxAeGR/
+        F8bRWtTUi+3L+j/Z0xGQICOC8vX0iqKPLq4HcN+2Fp0tyErOJvSZWWV9P53Tns++1p72M54/7LGvBVFB
+        zGoKLBdIMZMrnzjc+6vDvdfPqPQ0u6e/sZuSaYIwv7yopS9N0iXK8yETQaQ8//bF9XVFkVe7hn66rxNu
+        0LOVTvkuWGuV8+PxyNtmTVtZXbqgPF7kSE/r9nRuc+fg+raBw6ZiRUTqINx4Tk+BCYCRWoL6c8/uveh3
+        V9QXRTzNzkm3GmZosCRSzGUR5/Ebl3362b3ffe2IjDhMNIG/ERq5pOP/xYyR6Qmf9MnK11WJ2B9fUA/g
+        /u0t3rDnxN2zKwmaL6QglfVLYu6nLp71xxfUzUnET07EGvLUQ/u7/vG1w9vbkjLm6AC37S68wlimsn7n
+        YOaZ9uS7ZlVVRB0wGOwzmEcmBgQSRBs7B9/72Na6osiSyuIbZ01LxCO/bu7RzFKKc1GAAEEkBQHEAJjZ
+        1GobqeTG0GyO58iRTxvBEaSz/icuarplXs2O3tSnn93nBWhpalxIIpX1Lmuq/MV7lt46v6Y86gJQmk2I
+        8+jELCLFimklty2qG2RsaO0XIrgnlQpPABgHHHm0P/3jfZ0VMXdRRVFECkEkiUzVtL6s943Xj/7pb3Yd
+        7ks9fKCrOOpeVpdYW5e4uLbsicO9qWHPOasSypJImCwjX+msz2AhZYkrG0pjjaWxWWVFDaWxRMyJudJn
+        9jVrT2lPMQBBriBfcWnc/c41C6ti7l2bmp9v7nEiTgHd/SWRyvnvmV/76LuXmp14GslGecMfMwVWml1B
+        755ZVVkUefxAtzjnBgiTRKGmQ8OMRJVmX8+aVnxdQ8WiiqJiVw5k/a09qSeO9HYnh8mVQgpoVjn/Y8ub
+        /s8V84ocuaMv/aF127e0DThxV417MCSJGKxzCpqjRZEV00rW1CUurSldUFY0szSWiEhB5BAB8Ji15p6s
+        dyCZ2d2f3tiRfL49ubs3hZxSvvr4qln3X7Vgf3L4kp9u7s96VDjTXxP9lzVWPHnT8rgjFL/1eSNTudoR
+        dPem5r95fl8wzzkUsAAYaTRN2lfwNQAQQWsQwZVSCpMjTQQBUhnvqllVP/ydC5pKor1Z749/s/uRXe0y
+        5ui36lJq1jp0zocUq6aXf2Bu9XtnTVtQHh//RSrm17uHfrq/61eHe//9ukXLqkr+54YD92w44MQKZvRP
+        ADOXRpxn37/ioqqS8US/gQFmCMLbH33tqUM9MhK4GX9hC2AQNLIkyjwyHz351u4I8jPejMriH7/jwsvq
+        Er7mL208dM/GA0IKCHHKO5N5vqucL6S4fva0zy5rvK6xYmxIr5jNr/bUi94MBmsG0bFu2DmlI1J0Zbyl
+        P9jQkc45UWf8j6D8IolUxvvrtXO+tmaOr/mM2loaWzZ2JNc+/Io2LuX77bzhrRXiHOAEeORpe+wvJ6MZ
+        0pX96dxP9nY0lcZXVJe8vbFiTnnxukM9OV9J58RpsSAihs75FzdU/PAdF3zx4plzyuJEJrvObPqMjHfH
+        ziG84Q+N1HAWRKacmwYcIQDEpZxeGnu1N9U7mJFSBH8URIBmLolHvnPNwsqYC5zZPpf5CTSWRDe0D+zr
+        SUlHBur9ng8CjBNmCCl8rR/Z25FlumZ6+YrqkmubKp5s6e8fzB4/LZaCtKfijrjnqgXfvWbh3LK4GU2N
+        Bv2Zve5YQXPzdxCWVZXcvrh+GHixtR8MEexT8Gb3/XdmVX5yaSPjbBoQK82CKKv5F/u7RMAqvhTgTvA5
+        oJlZkHTlPS/uv2Xd9t6sd1ld2XPvX3nVzEp/2JNERJCCVMa/oLpk/c0rP3dRIxEUs1liOsdXp9H/KuZi
+        V37z8nmP3risuiiiPV8GJE/jlJdNAPPq2jKcbSc/8+Yuri41c4BAvdVwCQCM7BU4cfeRXe3XPvLajr5U
+        U0n08RuXfWxFk8p6kqGGvXfPq37h5pWX1JT6emJC/wTMAU5f83tnTXvx91YuqUmojDdR/eInHM0MKeaV
+        xTG+MxgnYx6asxOx8qgzMT3BJ47QCQCAAV+zE3e3dCSv/vmrv2zuLXLkP1+z8N5rF/lK/9HShv9899Ky
+        iKP4FHvMEwURTFvIOYn4b25afuWMKj8T0OcAM0CIn2EK+sm4QsSlADhQm2JhFMDga5ZRp3vYu+m/Xr/3
+        9aMA/uyixg0fvOTbVy1wBWnGFKQoO4IUc3Xc/cV7lq5uLFcZL5gOADj3qNXMGaWBYO1+h1cAmMmZFBD0
+        57/dffvTu9K+Xl2TKHHF2U31zg6TsFQecR5+15JF1aUqYEVcCHAFQXPzYAZvtWdyWhgA+rJ+2teBuv0j
+        5ALADHAFQdCzh/sySgM424Hu2WMcaCiO/sc7L0xEHa11fhUwGyAmy5+Zta+Rzr3ensTZ3hc0GMDLncl0
+        1qOA5USEXQAyWSuO+N47LqiMOoo5L2MQSeRrXjGt5B+umAdfT33u2IlB7yl/OKdzvivF4uqS29fMvmFu
+        teYz3AJ4I+tbB+DroJ19K7x06IlFCFIZ74uXz7uivmz8O/yTgZkP/MmF0399tO+hnW1y8nu+j25QQDNr
+        zexr7Ss4Ihp1F1cXralNrKopvaK+fG5ZfOymcBYXZM7xtaVzP97TgeBVvgi1AIJI5dTS2sTnVzRhHEfM
+        Jhtz479r9exfH+4dyPmTsUl8UtAr7Ws4MhZzLqwpXlNngr5sdiI+9rMY9vWr3YPrWwba0tm7Vs8ue2Ml
+        1rdEaXYEfXtLS1dyWEZdK0CAML+Kv1s9p9iRPrOTbwEEQTEvKi/63PKmLz+/T0xQuJjhjdnR4+OCPh5z
+        ltaWralNrKotvaK+bGZpbOxLUr7a1Dn4YntyY2fypY7BtlRW5JTy/GJXjqUDjeeHZY7srW8d+PorzQE5
+        lXoC4RXAVGa+vLHifXOmAch79I9dFYA7ljQ8sK21LZUlSWcXM8eCXjMzK09BabiyOOYuqypeU5tYVZO4
+        or6ssSQ69iWDnnq5M/lie3Jjx+DGzmRHKsc5HwQ4EoIo5rhR556XDzWVRD+xpMFnNseCT3cBzFDMrqBd
+        /enbfr1DKS0C2fUjvAIYTFuu/I7+j8ckStTE3Y8srrtnwwEhXTXugfcbgl6zUiNBXxJ3l08vWVObWFWb
+        uLyubHpxZOxLkjn/pY7ki+3JjZ2DL3cOdqazyKmxoHfirjlcCoavmQgkxCef3jPk6b9c0QRAM2vGG/Kj
+        eGTNR4AcQRs6kh94fNvRZEa4QYx+nB/p0GeBIGhfz6ko3nbrpXFHnNGgdrLRDEHY05++6MFNGV+/eUWv
+        E4IeSkNpRJxEzF0xbTTo6xO18WNB35f1N3QkN7QnN3YmN3UOdg/nkFNmaxqCHEFjQX/y6xJBMFTOv35e
+        zdfXzllWVXLyj858ZCDnf/3VI9/Y3JwL6r3fENIngCDSvr5p9rRxHm6a2msDAwvKi66ZXv6r/V3ipCY3
+        p7jTa4Yry+PuxdWlq2pK19QmLqsvmxZzx76kJ+O92J7c0JF8qSO5uWuwb9iDNxL0JEiO3umZ8eZndJih
+        ARF1f7W/68nDvTfMnva7s6ddUlM6KxEjkADah3M7+9KPN/c8uK+zc2BYuE6Qox/hFMAkoiEib5pdle9r
+        OTVm5eSmOdN+tb8Lo0nUAscFva/ADFdWFkUuqS5ZVZtYU5tYW5uoPC7ou4a9F9oHTNC/0j00YIJeEORx
+        Qc9sMqPGf23meIPJ63x0d/ujezrcqFMedWJSMNCd8TI5BU/BlTLqauaAdzsOowBmoN2YiF1aU4oArH6e
+        jLmktzWUx+JuTjMAVqx8HwxE5LTiyKXVpatqE2trE6trE+XRY7/E9nTu+faBlzoGX+oYeK07lRzOwVcQ
+        4hyD/mRMVrOMugA8xV2p3EiahCDzQqZQRr5/kG9NGAUQIOX7a2sTRY40A+6gYZSclYjPKors6kiKokh1
+        cXRVbemqmtK1dWWrakoTkWO/uJZU9vm25MbO5Ib25Os9Q0MZD56CFJCCpJCunKigPwE21erN1RKNXDRj
+        wl9oUgmjAESA5pXVpQA0cwCfAObgbETQncub2tK5dzZVrqwuKXHl2CccGco+1zZggn5Lbyo9FvSOIGcS
+        g/6U8Bv+V2CEUQDNDFfOScQw9Ylv48Zc1yeXNph/MnBoMPNc28DGjuSGjuS23tRwxoev4AjINwY9wy+E
+        sUdACJ0AZNYZHTnXHHHK9/WcDrOY2Jv1/+tQtwn67b3pbNYEvYQk4QrTAZZt0J8DoRMAAJijjqiOuxhf
+        m5m8YCr7buocvO3x7WAmKfiNQW/KTuX7MgueUAoAOEQjQ+qAxv8IRY4QUSmIzPDGBv2EE0oBGBEpIiLQ
+        ZyGMmEWOJJCpwmkDfzIIdBBMHqa5fL6vYhzXyUEuLX4+EEoBCD5zRp2qhn9gMNc1mFO6cNbUC5FQCgB4
+        mvuzHoIb/yMMegp2/DOZhE4As3WZ89VImYOghpYZoB0azATwHO35ROgEgDnG4euDySzOus7HFEAAcCiZ
+        AQerktR5RhgFIAKU3tGXQoB3gs0Jte29KZxbQyfLmxNGATQDjnyxPWnKvwUwuswl9WS8V7oGIUVBLFgV
+        KGEUgJkhaVtvqiWVBYI4wTQRv7Ej2TscuEpS5xmhFACQQqTTuceaezCa0xtA1h3pg6eCWy30vCCMAozx
+        6MFuAEGLMFNJKu3rRw92w7Hjn8klpAKYjOgnj/Zt6RkiBKtmvYn4x5t7DvWlyRGBurbzj5AKwIAjyRv2
+        vrO9FQHbDTAHdB7Y1gJmYVdAJ5mQCgDT7Scif7inY39yWBIF5EZrzto+daTvySN9Aaykef4RXgHMVDg5
+        lP3a5sMIzEPA3PLv3nwIym4ATwXhFQBm/Sfi/MuO1vWt/aZIf36vx1Rf+9edbU8f6hXB6yl9XhJqAWAG
+        3Er/xXP7Ur7K76aYZnYEHUxm/nbDQTgiIE+k856wC6CZZcR5uaX/r17YD+TtvBUDJvvn4+v3tAykT27c
+        bZkkwi4ATKewmHPfa0e/t6vddGrJzzUQvvTSwXX7O2V00ltjWMawAgDmBizFHb/Z9cvmXtO9dCpf2pTb
+        //bWlv+14YCM2qH/lGIFAABmCEE5zX+wbtv61n7jwBSEIfNIGdDv727/1Po95Eqd7x9F2LACjKCZhRQD
+        OfWeX7z+nwe7HUFK86Q+CTRDgx1B39py9LYndggiUIDPJ5ynWAGOYRxI+fqWx7Z+e2uLI86lJ+JbYFoR
+        a8bnX9j/2ad3SylY2OjPAxI33JbvawgQDJAQAH65r2v3YObahvIiR2pmPUFFpBkjJTsF0e7+9Psf3/7g
+        jlYZdbS99+cJ+wQ4EWbWgBNzfrKl5d2/2OJrFkSSyJQfPOsoNT2zcFxfra3dQ88f6nZirmYb/XnDCnAK
+        2JwVdsUfLqp1BO0bGH7iSB8RHCLTw8vX46rXw4BmU4MIRJBEmvkHu9s/vn5PTunfm1dz0+J6P+MFsDx1
+        eAhlZbi3QgpSGe/mRXWfWtYI4C9f2P/Irva3za3+H4vrr59RWR51xnI0x+7rAEaaefGxbzJaN58I6Ejn
+        HjnYff+21q0dSXj+yurSOy6c/uVLZz15uDflq8loCWwZDyFtkvcmCCLtqxmlsfU3r5xVGrt/a8udT+2S
+        UUfnfAZqy+I3zqy6trFibW1iZmn0zW/enua9/ekNHYOPH+759ZG+gaEsBMmIVL5uKI6+8IGLZ5RE/+al
+        g3e/sF/G7eZXfrACnIggaE8/dMPSm+dWv9YzdO3Dr/Z7PgkSIAa00vAUJMWi7oLy+PyyorllsbqiaIkr
+        S1ypmNO+GsypI0PZ5sHMzr70vuSwyvqmn5cUwkyCpSA17P3pyqYHrl7Yn/Uvf2jzjt5UwJvJna9YAd6A
+        Cc07Vsz4f9csUMzX/edr6w/3yuMSM0eH8tBaQzG0hhngC9MjiEcG/swQApIghBkLqTdOoAlgxm/et/za
+        hvKf7eu85bGtwg1iI/XzHjsJPoYgUjm1pDZx99rZAO7e1Ly+ueeE3AQemdQyEQlXyqjrFEWcuCsjjnCF
+        cB0ZcZy46xRFZNQRjiCCYj55+UgQwVdf3XgQwAfm1bxnbo3O+vYAwNRjBRiBAGYWUnzr6gWVUXd968Bd
+        Lx9CxDldbVozmDErQr5mNVq8/4SPnO6WrphFxFnf3Pudba0AvrpqVlHcVVpbA6YYK8AIQhDn/C9cMvNt
+        DeX9Of8zz+zxfSUmc3GGwXDE3ZsOHRnKrqwu/exFjcgpEbASFec9VgAAkEQq61/RVPmlS2cB+NKGg6+3
+        DcjI5A7KmSEdcaQv/bXNzQA+v2LG4ppS5Sm7LTCVWAFABKV1Iu5+66oFEUGPHuz+9utHRMyZgnVJpRlR
+        54Htretb+yuizldWz7Z7wlOMFQACBE/dtWbOyuqSI0PZP3tmL4Apax4midhTX3npIIBb5tXcMLfazoan
+        krALIAWprHfj/NpPL2sE8BfP7zvYl5Lu1C3Jm9nwb5t7/2m7mQ3PjsddpdkaMDWEWgBBUL6enojfe8U8
+        AP+yo+3BXe1TfyKRwZB098uHjqayF1eXfuaiRuR8OxueGkItAEDQ+h+vnD+vLL69N/XXL+yDFHrKyzEw
+        Q7ry8Ohs+C9WzFhYXap85QiSRI6dFE8m4RVACtIZ7/YlDR+aXwPgM8/u6x7K5ascw8hseFvrM639lWY2
+        nFUq56uc7w97zGwtmCRCeiBGEGlPLaou+eE7Lix25T2bm7/7+hEZy2dGmiTSvtqbzPzRwrolVcWN5UXv
+        nVP9/vk1RTHn6FBuOOsJKe0K0YQT0nRoZoagb121oCbuvtA+8JWNh+A6+W1IqgEQ7esbbk/nmkqiH1tc
+        LwgM3Lao7shQ9g9+vePZw71ikrcmQsh5MgSi0T/jQQrirP9XF894R1PFkKc+88zerOfLvDZiIYA1R135
+        H9df0FQSVcya2desNCvmppLouhsvunZmlc7ZFdIJpoAFEASHyBFk7pQ8ehZFjHzw1JFiNn1XN1Z8+dLZ
+        AL688eCmln6Z70KcUhBy/ueWN72tocLXbOa+5o+p1RV3xN+tnm3qRVsDJpDCE4AAszCife1nPT+d0/5o
+        DhkzmHXO99M57fnMLImOnz4SoLQuijrfunpB3BGPNffc+8phEZ2KTd83f0e+Zhlzb55bDeDk9U9HkGZc
+        UV/2zqZK2FyJCaWQ5gBkMpa19od9OGLhtJKLp5UuKI9fUFncVBL1NeeU9pnb07lNnYMbOwe39aZSqSyE
+        EK6EqXpCpHL+3102b3VNaVs691mz6Ut5LslABPb1rMriCyuLAZzy0cVggOaWxaGZbOf4iaNgBBBEYFZZ
+        L1EcvXFh3YcX1l7bUOGeZrfowwvrGGhP5R7c3/nA9tbdnYNEFIk6ueHc9XNr/nxFE4C/emH/3u6hIJxF
+        NM3rM75+kwkuM0CoiDqwQ6AJpTAEkETKU0LQHStn/O3FM+uLowyY3l6amWhk+mvCh0dLMNQXRz67rPGO
+        C6c/erD7rk3N21v66sqLv3nlPAD/vrv9B9tbRV7XPY/BAKE/6w/mVJEjT/kpZtiztScFYbuGTSQFIIAk
+        Ujn/gprSb1+14NqG8uNrSwk6Vb0qAkZLmzA4KsUH59XcMLPqzmf2Xj29bFF50Z7+4b98bh9kUGrwm141
+        qeHcg/s6P72s0dd8wpNNMUuiw0PZp1r64Nq+kRNJ0AVwiPyM94EL6r9/3eK4IxQzgcYzCzQlSQBiQDEX
+        u/L71y0C4Gn+1LN7OoayeV/5OR4GQ9C9rx65ZV5NXVHE0ywINLI6OiL5VzYeTKVzditgYgn0KpAk8rPe
+        h5c1/vgdF5jol0RnmiRGphgbwxQ9PziYebF1AFIEqg6zZghHNg8Mv/u/txxIZlxBBBIEMrlAhC9sOPC9
+        rS0iYitHTDDBTYWQglTW/+iyxn+7bpG5kZ/LHhARBJFmnhZzl9eUPryvy9dMQdKfASFF28Dwzw50dWb8
+        uCMU48DA8JNH+z7y1K6H97SLiLSj/wknoGVRzLj/kvqy9e9fWeQIzZio7GDzGPnezrbbn9gRwOGEIGKl
+        OefLqOs4Iqc15xQItmjKJBGke+AoZrsqHnXuu2ZhkSMU8wTmxptukB9dXP++BbU66wUts0AzQ5JTFNGE
+        rK+YISKOjf7JI4gCCCJ4+kuXzlpVU2pu2BP7/c2q6dfXzq0qjSmlA6bASOkhYKSoqGa20T95BE4AIihf
+        NVUU3bGkARNUlf/E90zwNS8oj39ueRN8Jabq+O8ZcXx2k2XyCJwAkgi+/vCiuoqo40/arqd5qvz+gtqS
+        4qgtRxVmgiUAAb7SpSXRjy6ug6nXMEkvRNDMs0pjN86ssullYSZYAggi+PryurK5iThjwlZ+TokZXXxw
+        fg2k3VsNL8ESgAhQ+tLaUphjspP6zokAXFZXVhpz2WaYhZVgCaA0I+JcUlOKkUSGSaci6swqjUHxJHaE
+        tASYAAlg6jPHI3L5tBJM5gRg7OU0wxF0QWUx7Dw4rARIAABgOEQJ1wGmojahGfrPK4tDT+Rem6WACJgA
+        gOlJOpWvaCM/zARJAAKAqJzqooAZpWG3nMJKkARgwOz8T9krEgD4dg00xARJAABE/Vn/UDIDTMU5dfPm
+        B7L+FC05WYJHgARgQAj4ntrem8JIHYRJfjkiX/OmrkFIe9A2pARIAIz2TtwzkMYUPAEYAI4MZff2D0MS
+        24FQKAmWAMyAFM+0DgBwJnkubMqgv9SRzGR9kde6iJY8EiwBNDNc+duWvle6BjG6Tj9JmFMBjx7qhtZk
+        10LDSrAEYMARpDL+j/d2Api8cbk5Y7mtN/Xz/d2w561CTLAEAKCY4cqf7O3sGvacSRuZmIj/5x1tueGc
+        I+34J7wETgBmSCmO9qXu3nwIkzMK0syOoB196X/b1YaIDERxOEueCJwAABQzRZxvvX706ZZ+Uxx8Ar85
+        A2YD7NPP7BkYykkhbPiHmSAKAFMhWfGfP7u3P+c7gibwOaA0C8Ldm5qfOtgtowEqDmfJCwEVQDNLV77a
+        kbx13fa0rwXRuUcqA75mR9BD+7u+/NJBCl5RIMvUE1ABYCpYRZ11+7p+/4ntOc3y3BzQzEqzI+hHezs+
+        9KttCgyyCXCWAAsAQGmWcffRPZ03/nLL0VTWOHCmGpjiuARyBD2wvfXD63YogER+2qFagkagBYBxIOo8
+        sb975YObHjrQZVoeaYZifvOyOSbujS2S6Egqe/O67R9/aqcpqW4THyyG4BbHHYMB6cpU1v/pno5dyeFZ
+        pbHGkqjpgWe6a2k+VkZKj2yfjZRWFkQpT313R9uHntj+Sku/jLjapv5bjiOgxXFPxmQG6awvXXndzKqP
+        Xzj9qullFVH3dDkMmvnV7qEf7O742f7O1v5hkkI4wi75W06gYAQwSCLNzDkFQWXFkYuqilfXli2uKIpK
+        coWISTHkqZ196V19qR196d29KT/rw5VCCtNpwmI5gQITwCCJGKwVQ2koDSlg+oQRQTN8BUGQgqSQgjTb
+        0LeclqC3SDolZmpLgoR0TI9Tc3qGGSRJRKT5yFiZZYvldBSkAAazznPClJZ5cpOoLecZQV8GtVgmFSuA
+        JdRYASyhxgpgCTVWAEuosQJYQo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjRXAEmqs
+        AJZQYwWwhBorgCXUWAEsocYKYAk1VgBLqLECWEKNFcASaqwAllBjBbCEGiuAJdRYASyhxgpgCTVWAEuo
+        sQJYQo0VwBJqrACWUGMFsIQaK4Al1FgBLKHGCmAJNVYAS6ixAlhCjRXAEmqsAJZQYwWwhBorgCXUWAEs
+        oeb/A5fj85sn5OS0AAAAAElFTkSuQmCC
 </value>
   </data>
 </root>
\ No newline at end of file
diff --git a/agent/windows-setup-agent/icinga-banner.png b/agent/windows-setup-agent/icinga-banner.png
index 34d89956a..245149523 100644
Binary files a/agent/windows-setup-agent/icinga-banner.png and b/agent/windows-setup-agent/icinga-banner.png differ
diff --git a/agent/windows-setup-agent/icinga.ico b/agent/windows-setup-agent/icinga.ico
index 6ff7e9029..9be324c5f 100644
Binary files a/agent/windows-setup-agent/icinga.ico and b/agent/windows-setup-agent/icinga.ico differ
diff --git a/appveyor.yml b/appveyor.yml
index 05c72cd75..92dfe7bef 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,12 +1,18 @@
 ---
-version: 2.9.0.dev.{build}
+version: 2.11.0.dev.{build}
 
 os: Visual Studio 2017
+platform: x64
 
 environment:
+  BITS: 64
+  CMAKE_BUILD_TYPE: Debug
   CMAKE_GENERATOR: "Visual Studio 15 2017 Win64"
-  BOOST_ROOT: 'C:\Libraries\boost_1_65_1'
-  BOOST_LIBRARYDIR: 'C:\Libraries\boost_1_65_1\lib64-msvc-14.1'
+  # https://www.appveyor.com/docs/windows-images-software/#boost
+  BOOST_ROOT: 'C:\Libraries\boost_1_67_0'
+  BOOST_LIBRARYDIR: 'C:\Libraries\boost_1_67_0\lib64-msvc-14.1'
+  # https://www.appveyor.com/docs/windows-images-software/#tools
+  OPENSSL_ROOT_DIR: 'C:\OpenSSL-v111-Win64'
   BISON_BINARY: 'C:\ProgramData\chocolatey\lib\winflexbison3\tools\win_bison.exe'
   FLEX_BINARY: 'C:\ProgramData\chocolatey\lib\winflexbison3\tools\win_flex.exe'
 
@@ -16,36 +22,35 @@ branches:
 
 cache:
 - build -> appveyor.yml
-- vendor -> tools\win32\download-openssl.ps1
 - C:\ProgramData\chocolatey\lib\winflexbison3
 
 install:
-- ps: |
-    if (-not (Test-Path "vendor\OpenSSL")) {
-      .\tools\win32\download-openssl.ps1
-      if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode)  }
-    }
 - ps: |
     if (-not (Test-Path "C:\ProgramData\chocolatey\lib\winflexbison3")) {
-      choco install winflexbison3
-      if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode)  }
+      & choco install winflexbison3
+      if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode) }
     }
 
+# why that env handling, see
+# https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell#comment_44999171
 before_build:
 - ps: |
-    .\tools\win32\configure.ps1
-    if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode)  }
+    & .\tools\win32\load-vsenv.ps1
+
+    & powershell.exe .\tools\win32\configure.ps1
+    if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode) }
+
     del build\Icinga*.msi
 
 build_script:
 - ps: |
-    .\tools\win32\build.ps1
-    if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode)  }
+    & powershell.exe .\tools\win32\build.ps1
+    if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode) }
 
 test_script:
 - ps: |
-    .\tools\win32\test.ps1
-    if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode)  }
+    & powershell.exe .\tools\win32\test.ps1
+    if ($LastExitCode -ne 0) { $host.SetShouldExit($LastExitCode) }
 
 # Disable until we really need them
 # https://github.com/Icinga/icinga2/issues/6106
diff --git a/changelog.py b/changelog.py
deleted file mode 100755
index a6bf2afbc..000000000
--- a/changelog.py
+++ /dev/null
@@ -1,234 +0,0 @@
-#!/usr/bin/env python
-# -*- coding:utf-8 -*-
-
-import requests
-import re
-import pickle
-import sys
-import os
-from datetime import datetime
-from collections import defaultdict
-from collections import OrderedDict
-
-#################################
-## Env Config
-
-try:
-    github_auth_username = os.environ['ICINGA_GITHUB_AUTH_USERNAME']
-except KeyError:
-    print "ERROR: Environment variable 'ICINGA_GITHUB_AUTH_USERNAME' is not set."
-    sys.exit(1)
-
-try:
-    github_auth_token = os.environ['ICINGA_GITHUB_AUTH_TOKEN']
-except:
-    print "ERROR: Environment variable 'ICINGA_GITHUB_AUTH_TOKEN' is not set."
-    sys.exit(1)
-
-try:
-    project_name = os.environ['ICINGA_GITHUB_PROJECT']
-except:
-    print "ERROR: Environment variable 'ICINGA_GITHUB_PROJECT' is not set."
-    sys.exit(1)
-
-#################################
-## Config
-
-changelog_file = "CHANGELOG.md" # TODO: config param
-debug = 1
-
-# Keep this in sync with GitHub labels.
-ignored_labels = [
-    "high-priority", "low-priority",
-    "bug", "enhancement",
-    "needs-feedback", "question", "duplicate", "invalid", "wontfix",
-    "backported", "build-fix"
-]
-
-# Selectively show and collect specific categories
-#
-# (category, list of case sensitive matching labels)
-# The order is important!
-# Keep this in sync with GitHub labels.
-categories = OrderedDict(
-[
-    ("Enhancement", ["enhancement"]),
-    ("Bug", ["bug", "crash"]),
-    ("ITL", ["ITL"]),
-    ("Documentation", ["Documentation"]),
-    ("Support", ["code-quality", "Tests", "Packages", "Installation"])
-]
-)
-
-#################################
-## Helpers
-
-def write_changelog(line):
-    clfp.write(line + "\n")
-
-def log(level, msg):
-    if level <= debug:
-        print " " + msg
-
-def fetch_github_resources(uri, params = {}):
-    resources = []
-
-    url = 'https://api.github.com/repos/' + project_name + uri + "?per_page=100" # 100 is the maximum
-
-    while True:
-        log(2, "Requesting URL: " + url)
-        resp = requests.get(url, auth=(github_auth_username, github_auth_token), params=params)
-        try:
-            resp.raise_for_status()
-        except requests.exceptions.HTTPError as e:
-            raise e
-
-        data = resp.json()
-
-        if len(data) == 0:
-            break
-
-        resources.extend(data)
-
-        # fetch the next page from headers, do not count pages
-        # http://engineering.hackerearth.com/2014/08/21/python-requests-module/
-        if "next" in resp.links:
-            url = resp.links['next']['url']
-            log(2, "Found next link for Github pagination: " + url)
-        else:
-            break # no link found, we are done
-            log(2, "No more pages to fetch, stop.")
-
-    return resources
-
-def issue_type(issue):
-    issue_labels = [label["name"] for label in issue["labels"]]
-
-    # start with the least important first (e.g. "Support", "Documentation", "Bug", "Enhancement" as order)
-    for category in reversed(categories):
-        labels = categories[category]
-
-        for label in labels:
-            if label in issue_labels:
-                return category
-
-    return "Support"
-
-def escape_markdown(text):
-    #tmp = text.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;')
-    tmp = text
-    tmp.replace('\\', '\\\\')
-
-    return re.sub("([<>*_()\[\]#])", r"\\\1", tmp)
-
-def format_labels(issue):
-    labels = filter(lambda label: label not in ignored_labels, [label["name"] for label in issue["labels"]])
-
-    # Mark PRs as custom label
-    if "pull_request" in issue:
-        labels.append("PR")
-
-    if len(labels):
-        return " (" + ", ".join(labels) + ")"
-    else:
-        return ""
-
-def format_title(title):
-    # Fix encoding
-    try:
-        issue_title = str(title.encode('ascii', 'ignore').encode('utf-8'))
-    except Error:
-        log(1, "Error: Cannot convert " + title + " to UTF-8")
-
-    # Remove dev.icinga.com tag
-    issue_title = re.sub('\[dev\.icinga\.com #\d+\] ', '', issue_title)
-
-    #log(1, "Issue title: " + issue_title + "Type: " + str(type(issue_title)))
-
-    return escape_markdown(issue_title)
-
-#################################
-## MAIN
-
-milestones = {}
-issues = defaultdict(lambda: defaultdict(list))
-
-log(1, "Fetching data from GitHub API for project " + project_name)
-
-try:
-    tickets = fetch_github_resources("/issues", { "state": "all" })
-except requests.exceptions.HTTPError as e:
-    log(1, "ERROR " + str(e.response.status_code) + ": " + e.response.text)
-
-    sys.exit(1)
-
-clfp = open(changelog_file, "w+")
-
-with open('tickets.pickle', 'wb') as fp:
-    pickle.dump(tickets, fp)
-
-with open('tickets.pickle', 'rb') as fp:
-    cached_issues = pickle.load(fp)
-
-for issue in cached_issues: #fetch_github_resources("/issues", { "state": "all" }):
-    milestone = issue["milestone"]
-
-    if not milestone:
-        continue
-
-    ms_title = milestone["title"]
-
-    if not re.match('^\d+\.\d+\.\d+$', ms_title):
-        continue
-
-    if ms_title.split(".")[0] != "2":
-        continue
-
-    milestones[ms_title] = milestone
-
-    ms_tickets = issues[ms_title][issue_type(issue)]
-    ms_tickets.append(issue)
-
-# TODO: Generic header based on project_name
-write_changelog("# Icinga 2.x CHANGELOG")
-write_changelog("")
-
-for milestone in sorted(milestones.values(), key=lambda ms: (ms["due_on"], ms["title"]), reverse=True):
-    if milestone["state"] != "closed":
-        continue
-
-    if milestone["due_on"] == None:
-        print "Milestone", milestone["title"], "does not have a due date."
-        sys.exit(1)
-
-    ms_due_on = datetime.strptime(milestone["due_on"], "%Y-%m-%dT%H:%M:%SZ")
-
-    write_changelog("## %s (%s)" % (milestone["title"], ms_due_on.strftime("%Y-%m-%d")))
-    write_changelog("")
-
-    ms_description = milestone["description"]
-    ms_description = re.sub('\r\n', '\n', ms_description)
-
-    if len(ms_description) > 0:
-        write_changelog("### Notes\n\n" + ms_description + "\n") # Don't escape anything, we take care on Github for valid Markdown
-
-    for category, labels in categories.iteritems():
-        try:
-            ms_issues = issues[milestone["title"]][category]
-        except KeyError:
-            continue
-
-        if len(ms_issues) == 0:
-            continue
-
-        write_changelog("### " + category)
-        write_changelog("")
-
-        for issue in ms_issues:
-            write_changelog("* [#" + str(issue["number"]) + "](https://github.com/" + project_name
-                + "/issues/" + str(issue["number"]) + ")" + format_labels(issue) + ": " + format_title(issue["title"]))
-
-        write_changelog("")
-
-clfp.close()
-log(1, "Finished writing " + changelog_file)
diff --git a/choco/CMakeLists.txt b/choco/CMakeLists.txt
index 21a7cf028..d7b90bb47 100644
--- a/choco/CMakeLists.txt
+++ b/choco/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 if(WIN32)
   find_program(CHOCO_BINARY choco)
@@ -23,7 +8,7 @@ if(WIN32)
 
   add_custom_target(choco-pkg ALL
     COMMAND choco pack
-    COMMAND ${CMAKE_COMMAND} -E rename ${CMAKE_CURRENT_BINARY_DIR}/icinga2.${SPEC_VERSION}.nupkg ${CMAKE_CURRENT_BINARY_DIR}/icinga2.nupkg
+    COMMAND ${CMAKE_COMMAND} -E rename ${CMAKE_CURRENT_BINARY_DIR}/icinga2.${ICINGA2_VERSION_SAFE}.nupkg ${CMAKE_CURRENT_BINARY_DIR}/icinga2.nupkg
     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/icinga2.nuspec ${CMAKE_CURRENT_BINARY_DIR}/chocolateyInstall.ps1 chocolateyUninstall.ps1
   )
 endif()
diff --git a/choco/chocolateyInstall.ps1.cmake b/choco/chocolateyInstall.ps1.cmake
index cbf4ca0d9..ab1660324 100755
--- a/choco/chocolateyInstall.ps1.cmake
+++ b/choco/chocolateyInstall.ps1.cmake
@@ -1,7 +1,7 @@
 $packageName = 'icinga2'
 $installerType = 'msi'
-$url32 = 'https://packages.icinga.com/windows/Icinga2-v${SPEC_VERSION}-x86.msi'
-$url64 = 'https://packages.icinga.com/windows/Icinga2-v${SPEC_VERSION}-x86_64.msi'
+$url32 = 'https://packages.icinga.com/windows/Icinga2-v${ICINGA2_VERSION_SAFE}-x86.msi'
+$url64 = 'https://packages.icinga.com/windows/Icinga2-v${ICINGA2_VERSION_SAFE}-x86_64.msi'
 $silentArgs = '/qn /norestart'
 $validExitCodes = @(0)
 
diff --git a/choco/icinga2.nuspec.cmake b/choco/icinga2.nuspec.cmake
index 2fa56d64a..46225b556 100755
--- a/choco/icinga2.nuspec.cmake
+++ b/choco/icinga2.nuspec.cmake
@@ -6,21 +6,21 @@
     <!-- Read this before publishing packages to chocolatey.org: https://github.com/chocolatey/chocolatey/wiki/CreatePackages -->
     <id>icinga2</id>
     <title>Icinga 2</title>
-    <version>${SPEC_VERSION}</version>
-    <authors>The Icinga Project</authors>
-    <owners>Icinga Development Team</owners>
+    <version>${ICINGA2_VERSION_SAFE}</version>
+    <authors>Icinga GmbH</authors>
+    <owners>Icinga GmbH</owners>
     <summary>icinga2 - Monitoring Agent for Windows</summary>
     <description>Icinga 2 is an open source monitoring platform which notifies users about host and service outages.</description>
-    <projectUrl>https://www.icinga.com/</projectUrl>
+    <projectUrl>https://icinga.com/</projectUrl>
     <tags>icinga2 agent monitoring admin</tags>
-    <licenseUrl>https://www.icinga.com/resources/faq/</licenseUrl>
+    <licenseUrl>https://icinga.com/resources/faq/</licenseUrl>
     <releaseNotes>https://github.com/Icinga/icinga2/blob/master/ChangeLog</releaseNotes>
     <docsUrl>https://docs.icinga.com/icinga2/</docsUrl>
     <bugTrackerUrl>https://github.com/Icinga/icinga2/issues</bugTrackerUrl>
     <packageSourceUrl>https://github.com/Icinga/icinga2</packageSourceUrl>
     <projectSourceUrl>https://github.com/Icinga/icinga2</projectSourceUrl>
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
-    <iconUrl>https://www.icinga.com/wp-content/uploads/2015/05/icinga_icon_128x128.png</iconUrl>
+    <iconUrl>https://icinga.com/wp-content/uploads/2015/05/icinga_icon_128x128.png</iconUrl>
   </metadata>
   <files>
     <file src="${CMAKE_CURRENT_BINARY_DIR}/chocolateyInstall.ps1" target="tools" />
diff --git a/cmake/FindJSON.cmake b/cmake/FindJSON.cmake
new file mode 100644
index 000000000..b7d5d79d2
--- /dev/null
+++ b/cmake/FindJSON.cmake
@@ -0,0 +1,9 @@
+FIND_PATH (JSON_INCLUDE json.hpp HINTS "${PROJECT_SOURCE_DIR}/third-party/nlohmann_json")
+
+if (JSON_INCLUDE)
+  set(JSON_BuildTests OFF CACHE INTERNAL "")
+
+  message(STATUS "Found JSON: ${JSON_INCLUDE}" )
+else ()
+  message(FATAL_ERROR "Unable to include json.hpp")
+endif ()
diff --git a/cmake/FindUTF8CPP.cmake b/cmake/FindUTF8CPP.cmake
new file mode 100644
index 000000000..b00035357
--- /dev/null
+++ b/cmake/FindUTF8CPP.cmake
@@ -0,0 +1,7 @@
+FIND_PATH (UTF8CPP_INCLUDE utf8.h HINTS "${PROJECT_SOURCE_DIR}/third-party/utf8cpp/source")
+
+if (UTF8CPP_INCLUDE)
+  message(STATUS "Found UTF8CPP: ${UTF8CPP_INCLUDE}" )
+else ()
+  message(FATAL_ERROR "Unable to include utf8.h")
+endif ()
diff --git a/cmake/FindYAJL.cmake b/cmake/FindYAJL.cmake
deleted file mode 100644
index 186e31953..000000000
--- a/cmake/FindYAJL.cmake
+++ /dev/null
@@ -1,28 +0,0 @@
-# - Try to find libyajl
-# Once done this will define
-#  YAJL_FOUND - System has YAJL
-#  YAJL_INCLUDE_DIRS - The YAJL include directories
-#  YAJL_LIBRARIES - The libraries needed to use YAJL
-#  YAJL_DEFINITIONS - Compiler switches required for using YAJL
-
-find_package(PkgConfig)
-pkg_check_modules(PC_YAJL QUIET yajl)
-set(YAJL_DEFINITIONS ${PC_YAJL_CFLAGS_OTHER})
-
-find_path(YAJL_INCLUDE_DIR yajl/yajl_version.h
-          HINTS ${PC_YAJL_INCLUDEDIR} ${PC_YAJL_INCLUDE_DIRS}
-          PATH_SUFFIXES libyajl)
-
-find_library(YAJL_LIBRARY NAMES yajl libyajl
-             HINTS ${PC_YAJL_LIBDIR} ${PC_YAJL_LIBRARY_DIRS})
-
-set(YAJL_LIBRARIES ${YAJL_LIBRARY} )
-set(YAJL_INCLUDE_DIRS ${YAJL_INCLUDE_DIR})
-
-include(FindPackageHandleStandardArgs)
-# handle the QUIETLY and REQUIRED arguments and set YAJL_FOUND to TRUE
-# if all listed variables are TRUE
-find_package_handle_standard_args(yajl  DEFAULT_MSG
-                                  YAJL_LIBRARY YAJL_INCLUDE_DIR)
-
-mark_as_advanced(YAJL_INCLUDE_DIR YAJL_LIBRARY)
diff --git a/cmake/InstallConfig.cmake b/cmake/InstallConfig.cmake
index f01357c79..70eae91e6 100644
--- a/cmake/InstallConfig.cmake
+++ b/cmake/InstallConfig.cmake
@@ -1,52 +1,47 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com)
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 #
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
+# Install $src into directory $dest - usually only used for config files
 #
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
+# * similar to install() a non absolute path is prefixed with CMAKE_INSTALL_PREFIX on runtime
+# * in case of CPack path with be prefixed with share/skel/
+# * DESTDIR is prefixed as well
 #
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# also see https://cmake.org/cmake/help/latest/command/install.html
 
 function(install_if_not_exists src dest)
-  set(real_dest "${dest}")
   if(NOT IS_ABSOLUTE "${src}")
     set(src "${CMAKE_CURRENT_SOURCE_DIR}/${src}")
   endif()
+
   get_filename_component(src_name "${src}" NAME)
-  get_filename_component(basename_dest "${src}" NAME)
-  string(REPLACE "/" "\\\\" nsis_src "${src}")
-  string(REPLACE "/" "\\\\" nsis_dest_dir "${real_dest}")
-  string(REPLACE "/" "\\\\" nsis_dest "${real_dest}/${basename_dest}")
+
   install(CODE "
-   if(\"\$ENV{DESTDIR}\" STREQUAL \"\")
-      set(target_dir \${CMAKE_INSTALL_PREFIX})
+    set(dest \"${dest}\")
+
+    if (\"\${CMAKE_INSTALL_PREFIX}\" MATCHES .*/_CPack_Packages/.*)
+      set(dest \"share/skel/\${dest}\")
+      set(force_overwrite TRUE)
     else()
-      set(target_dir \$ENV{DESTDIR})
+      set(force_overwrite FALSE)
     endif()
-    if(\${CMAKE_INSTALL_PREFIX} MATCHES .*/_CPack_Packages/.* OR NOT EXISTS \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\${skel_prefix}${dest}/${src_name}\")
-      message(STATUS \"Installing: \$ENV{DESTDIR}${dest}/${src_name}\")
-      if(\${CMAKE_INSTALL_PREFIX} MATCHES .*/_CPack_Packages/.*)
-        set(skel_prefix \"share/skel/\")
-      else()
-        set(skel_prefix \"\")
-      endif()
-      execute_process(COMMAND \${CMAKE_COMMAND} -E copy \"${src}\"
-                      \"\${target_dir}/\${skel_prefix}${dest}/${src_name}\"
+
+    if(NOT IS_ABSOLUTE \"\${dest}\")
+      set(dest \"\${CMAKE_INSTALL_PREFIX}/\${dest}\")
+    endif()
+
+    set(full_dest \"\$ENV{DESTDIR}\${dest}/${src_name}\")
+
+    if(force_overwrite OR NOT EXISTS \"\${full_dest}\")
+      message(STATUS \"Installing: ${src} into \${full_dest}\")
+
+      execute_process(COMMAND \${CMAKE_COMMAND} -E copy \"${src}\" \"\${full_dest}\"
                       RESULT_VARIABLE copy_result
                       ERROR_VARIABLE error_output)
       if(copy_result)
         message(FATAL_ERROR \${error_output})
       endif()
     else()
-      message(STATUS \"Skipping  : \${target_dir}/${dest}/${src_name}\")
+      message(STATUS \"Skipping  : \${full_dest}\")
     endif()
   ")
 endfunction(install_if_not_exists)
diff --git a/cmake/SetFullDir.cmake b/cmake/SetFullDir.cmake
new file mode 100644
index 000000000..8dce669af
--- /dev/null
+++ b/cmake/SetFullDir.cmake
@@ -0,0 +1,11 @@
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
+#
+# Ensures a directory is absolute by prefixing CMAKE_INSTALL_PREFIX if it is not
+# similar to CMAKE_INSTALL_FULL_... https://cmake.org/cmake/help/latest/module/GNUInstallDirs.html
+function(set_full_dir var path)
+  if(NOT IS_ABSOLUTE "${path}")
+    message(STATUS "Prefixing in ${var} \"${path}\" with ${CMAKE_INSTALL_PREFIX}")
+    set(path "${CMAKE_INSTALL_PREFIX}/${path}")
+  endif()
+  set(${var} "${path}" PARENT_SCOPE)
+endfunction(set_full_dir)
diff --git a/config.h.cmake b/config.h.cmake
index c461e029f..16fa190f1 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -13,17 +13,24 @@
 
 #cmakedefine ICINGA2_UNITY_BUILD
 
-#define ICINGA_PREFIX "${CMAKE_INSTALL_PREFIX}"
-#define ICINGA_SYSCONFDIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}"
-#define ICINGA_RUNDIR "${ICINGA2_RUNDIR}"
-#define ICINGA_LOCALSTATEDIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}"
-#define ICINGA_PKGDATADIR "${CMAKE_INSTALL_FULL_DATADIR}/icinga2"
-#define ICINGA_INCLUDECONFDIR "${CMAKE_INSTALL_FULL_DATADIR}/icinga2/include"
+#define ICINGA_CONFIGDIR "${ICINGA2_FULL_CONFIGDIR}"
+#define ICINGA_DATADIR "${ICINGA2_FULL_DATADIR}"
+#define ICINGA_LOGDIR "${ICINGA2_FULL_LOGDIR}"
+#define ICINGA_CACHEDIR "${ICINGA2_FULL_CACHEDIR}"
+#define ICINGA_SPOOLDIR "${ICINGA2_FULL_SPOOLDIR}"
+#define ICINGA_INITRUNDIR "${ICINGA2_FULL_INITRUNDIR}"
+#define ICINGA_INCLUDECONFDIR "${ICINGA2_FULL_INCLUDEDIR}"
 #define ICINGA_USER "${ICINGA2_USER}"
 #define ICINGA_GROUP "${ICINGA2_GROUP}"
-#define ICINGA_SYSCONFIGFILE "${ICINGA2_SYSCONFIGFILE}"
 #define ICINGA_BUILD_HOST_NAME "${ICINGA2_BUILD_HOST_NAME}"
 #define ICINGA_BUILD_COMPILER_NAME "${ICINGA2_BUILD_COMPILER_NAME}"
 #define ICINGA_BUILD_COMPILER_VERSION "${ICINGA2_BUILD_COMPILER_VERSION}"
 
+// Deprecated options?
+#define ICINGA_PKGDATADIR "${ICINGA2_FULL_PKGDATADIR}"
+#define ICINGA_PREFIX "${CMAKE_INSTALL_PREFIX}"
+#define ICINGA_SYSCONFDIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}"
+#define ICINGA_RUNDIR "${ICINGA2_FULL_RUNDIR}"
+#define ICINGA_LOCALSTATEDIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}"
+
 #endif /* CONFIG_H */
diff --git a/contrib/GPLHeader b/contrib/GPLHeader
index 6bc8a95ba..9b2cfd1a2 100644
--- a/contrib/GPLHeader
+++ b/contrib/GPLHeader
@@ -1,19 +1 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
diff --git a/contrib/discover-api.py b/contrib/discover-api.py
index 9c3dd6a20..48be827d7 100755
--- a/contrib/discover-api.py
+++ b/contrib/discover-api.py
@@ -1,20 +1,5 @@
 #!/usr/bin/env python
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 import sys
 import subprocess
diff --git a/contrib/discover.py b/contrib/discover.py
index a49b62c95..8a7d0fe3e 100755
--- a/contrib/discover.py
+++ b/contrib/discover.py
@@ -1,20 +1,5 @@
 #!/usr/bin/env python
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 import sys
 import subprocess
diff --git a/doc/01-about.md b/doc/01-about.md
index 7669ec81e..582e226d8 100644
--- a/doc/01-about.md
+++ b/doc/01-about.md
@@ -2,24 +2,45 @@
 
 ## What is Icinga 2?  <a id="what-is-icinga2"></a>
 
-Icinga 2 is an open source monitoring system which checks the availability of
-your network resources, notifies users of outages and generates performance
-data for reporting.
+[Icinga](https://icinga.com/products/) is a monitoring system which checks
+the availability of your network resources, notifies users of outages, and generates
+performance data for reporting.
 
-Scalable and extensible, Icinga 2 can monitor large, complex environments across
+Scalable and extensible, Icinga can monitor large, complex environments across
 multiple locations.
 
-## Licensing  <a id="licensing"></a>
+Icinga 2 is the monitoring server and requires [Icinga Web 2](https://icinga.com/products/)
+on top in your Icinga Stack. The [configuration](https://icinga.com/products/configuration/)
+can be easily managed with either the [Icinga Director](https://icinga.com/docs/director/latest/),
+config management tools or plain text within the [Icinga DSL](04-configuration.md#configuration).
 
-Icinga 2 and the Icinga 2 documentation are licensed under the terms of the GNU
-General Public License Version 2. You will find a copy of this license in the
-LICENSE file included in the source package.
 
-## Support  <a id="support"></a>
+![Icinga 2 Distributed Master and Satellites with Agents](images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_satellites_agents.png)
 
-Check the project website at https://www.icinga.com for status updates. Join the
-[community channels](https://www.icinga.com/community/get-involved/) for questions
-or ask an Icinga partner for [professional support](https://www.icinga.com/services/support/).
+## Start with Icinga <a id="start-icinga"></a>
+
+* [Installation](02-installation.md#installation)
+* [Monitoring Basics](03-monitoring-basics.md#monitoring-basics)
+* [Configuration](04-configuration.md#configuration)
+* [Distributed Monitoring](06-distributed-monitoring.md#distributed-monitoring)
+* [Addons, Integrations and Features](13-addons.md#addons)
+* [Troubleshooting](15-troubleshooting.md#troubleshooting)
+* [Upgrading](16-upgrading-icinga-2.md#upgrading-icinga-2)
+
+Once Icinga Server and Web are running in your distributed environment,
+make sure to check out the many [Icinga modules](https://icinga.com/docs/)
+for even better monitoring.
+
+## What's New <a id="whats-new"></a>
+
+You can follow the development and release milestones on [GitHub](https://github.com/icinga/icinga2/issues).
+Please follow our release announcements on [icinga.com](https://icinga.com/blog/) too.
+
+## Support <a id="support"></a>
+
+Check the project website at [icinga.com](https://icinga.com) for status updates. Join the
+[community channels](https://icinga.com/community/) for questions
+or get in touch for [professional support](https://icinga.com/subscription/).
 
 ## Contribute  <a id="contribute"></a>
 
@@ -29,15 +50,21 @@ contribution is appreciated!
 
 Please continue reading in the [Contributing chapter](https://github.com/Icinga/icinga2/blob/master/CONTRIBUTING.md).
 
+### Security Issues <a id="security"></a>
+
+For reporting security issues please visit [this page](https://icinga.com/contact/security/).
+
 ### Icinga 2 Development <a id="development-info"></a>
 
 The Git repository is located on [GitHub](https://github.com/Icinga/icinga2).
 
 Icinga 2 is written in C++ and can be built on Linux/Unix and Windows.
-Read more about development builds in the [INSTALL.md](https://github.com/Icinga/icinga2/blob/master/INSTALL.md)
-file.
+Read more about development builds in the [development chapter](21-development.md#development).
 
-## What's New <a id="whats-new"></a>
 
-The Icinga 2 Changelog is located [here](https://github.com/Icinga/icinga2/blob/master/CHANGELOG.md).
-Please follow our release announcements on [icinga.com](https://www.icinga.com/blog/) too.
+## License <a id="license"></a>
+
+Icinga 2 and the Icinga 2 documentation are licensed under the terms of the GNU
+General Public License Version 2. You will find a copy of this license in the
+LICENSE file included in the source package.
+
diff --git a/doc/02-getting-started.md b/doc/02-installation.md
similarity index 85%
rename from doc/02-getting-started.md
rename to doc/02-installation.md
index 244a797de..b247ca972 100644
--- a/doc/02-getting-started.md
+++ b/doc/02-installation.md
@@ -1,7 +1,7 @@
-# Getting Started <a id="getting-started"></a>
+# Installation <a id="installation"></a>
 
-This tutorial is a step-by-step introduction to installing [Icinga 2](02-getting-started.md#setting-up-icinga2)
-and [Icinga Web 2](02-getting-started.md#setting-up-icingaweb2).
+This tutorial is a step-by-step introduction to installing [Icinga 2](02-installation.md#setting-up-icinga2)
+and [Icinga Web 2](02-installation.md#setting-up-icingaweb2).
 It assumes that you are familiar with the operating system you're using to install Icinga 2.
 
 In case you are upgrading an existing setup, please ensure to
@@ -13,13 +13,21 @@ First off you have to install Icinga 2. The preferred way of doing this
 is to use the official package repositories depending on which operating system
 and distribution you are running.
 
+Official repositories ([support matrix](https://icinga.com/subscription/support-details/)):
+
   Distribution            | Repository
   ------------------------|---------------------------
   Debian                  | [Icinga Repository](https://packages.icinga.com/debian/)
   Ubuntu                  | [Icinga Repository](https://packages.icinga.com/ubuntu/)
+  Raspbian		  | [Icinga Repository](https://packages.icinga.com/raspbian/). Note that **Raspbian `icinga-buster` is required.**
   RHEL/CentOS             | [Icinga Repository](https://packages.icinga.com/epel/)
   openSUSE                | [Icinga Repository](https://packages.icinga.com/openSUSE/)
   SLES                    | [Icinga Repository](https://packages.icinga.com/SUSE/)
+
+Community repositories:
+
+  Distribution            | Repository
+  ------------------------|---------------------------
   Gentoo                  | [Upstream](https://packages.gentoo.org/package/net-analyzer/icinga2)
   FreeBSD                 | [Upstream](https://www.freshports.org/net-mgmt/icinga2)
   OpenBSD                 | [Upstream](http://ports.su/net/icinga/core2,-main)
@@ -29,84 +37,106 @@ and distribution you are running.
 Packages for distributions other than the ones listed above may also be
 available. Please contact your distribution packagers.
 
+> **Note**
+>
+> Windows is only supported for agent installations. Please refer
+> to the [distributed monitoring chapter](06-distributed-monitoring.md#distributed-monitoring-setup-client-windows).
+
 ### Package Repositories <a id="package-repositories"></a>
 
 You need to add the Icinga repository to your package management configuration.
 The following commands must be executed with `root` permissions unless noted otherwise.
 
+#### Debian/Ubuntu/Raspbian Repositories <a id="package-repositories-debian-ubuntu-raspbian"></a>
+
 Debian:
 
 ```
-apt-get -y install apt-transport-https
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
 
 wget -O - https://packages.icinga.com/icinga.key | apt-key add -
-echo 'deb https://packages.icinga.com/debian icinga-stretch main' >/etc/apt/sources.list.d/icinga.list
+
+DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
+ echo "deb https://packages.icinga.com/debian icinga-${DIST} main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+ echo "deb-src https://packages.icinga.com/debian icinga-${DIST} main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+
 apt-get update
 ```
 
 Ubuntu:
 
 ```
-apt-get -y install apt-transport-https
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
 
 wget -O - https://packages.icinga.com/icinga.key | apt-key add -
-echo 'deb https://packages.icinga.com/ubuntu icinga-xenial main' >/etc/apt/sources.list.d/icinga.list
+
+. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
+ echo "deb https://packages.icinga.com/ubuntu icinga-${DIST} main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+ echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST} main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+
 apt-get update
 ```
 
+Raspbian Buster:
+
+```
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
+
+wget -O - https://packages.icinga.com/icinga.key | apt-key add -
+
+DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
+ echo "deb https://packages.icinga.com/raspbian icinga-${DIST} main" > \
+ /etc/apt/sources.list.d/icinga.list
+ echo "deb-src https://packages.icinga.com/raspbian icinga-${DIST} main" >> \
+ /etc/apt/sources.list.d/icinga.list
+
+apt-get update
+```
+
+##### Debian Backports Repository <a id="package-repositories-debian-backports"></a>
+
+> **Note**:
+>
+> This repository is required for Debian Stretch since v2.11.
+
+Debian Stretch:
+
+```
+DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
+ echo "deb https://deb.debian.org/debian ${DIST}-backports main" > \
+ /etc/apt/sources.list.d/${DIST}-backports.list
+
+apt-get update
+```
+
+#### RHEL/CentOS/Fedora Repositories <a id="package-repositories-rhel-centos-fedora"></a>
+
 RHEL/CentOS 7:
 
 ```
 yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
 ```
 
-RHEL/CentOS 6:
+RHEL/CentOS 6 x64:
 
 ```
 yum install https://packages.icinga.com/epel/icinga-rpm-release-6-latest.noarch.rpm
 ```
 
-Fedora 27:
+Fedora 29:
 
 ```
-dnf install https://packages.icinga.com/fedora/icinga-rpm-release-27-latest.noarch.rpm
+dnf install https://packages.icinga.com/fedora/icinga-rpm-release-29-latest.noarch.rpm
 ```
 
-Fedora 26:
-
-```
-dnf install https://packages.icinga.com/fedora/icinga-rpm-release-26-latest.noarch.rpm
-```
-
-SLES 12:
-
-```
-zypper ar https://packages.icinga.com/SUSE/ICINGA-release.repo
-zypper ref
-```
-
-SLES 11:
-
-```
-zypper ar https://packages.icinga.com/SUSE/ICINGA-release-11.repo
-zypper ref
-```
-
-openSUSE:
-
-```
-zypper ar https://packages.icinga.com/openSUSE/ICINGA-release.repo
-zypper ref
-```
-
-Alpine Linux:
-
-```
-echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
-apk update
-```
-
-#### RHEL/CentOS EPEL Repository <a id="package-repositories-rhel-epel"></a>
+##### RHEL/CentOS EPEL Repository <a id="package-repositories-rhel-epel"></a>
 
 The packages for RHEL/CentOS depend on other packages which are distributed
 as part of the [EPEL repository](https://fedoraproject.org/wiki/EPEL).
@@ -126,17 +156,38 @@ subscription-manager repos --enable rhel-7-server-optional-rpms
 subscription-manager repos --enable rhel-6-server-optional-rpms
 ```
 
-#### SLES Security Repository <a id="package-repositories-sles-security"></a>
+#### SLES/OpenSUSE Repositories <a id="package-repositories-sles-opensuse"></a>
 
-The packages for SLES 11 depend on the `openssl1` package which is distributed
-as part of the [SLES 11 Security Module](https://www.suse.com/communities/conversations/introducing-the-suse-linux-enterprise-11-security-module/).
+The release repository also provides the required Boost 1.66+ packages
+since v2.11.
 
-#### SLES 12 SDK <a id="package-sles-sdk"></a>
+SLES 15/12:
 
-Icinga 2 requires the `libboost_chrono1_54_0` package from the `SLES 12 SDK` repository. Refer to the SUSE Enterprise
-Linux documentation for further information.
+```
+rpm --import https://packages.icinga.com/icinga.key
 
-#### Alpine Linux Notes  <a id="package-repositories-alpine-notes"></a>
+zypper ar https://packages.icinga.com/SUSE/ICINGA-release.repo
+zypper ref
+```
+
+openSUSE:
+
+```
+rpm --import https://packages.icinga.com/icinga.key
+
+zypper ar https://packages.icinga.com/openSUSE/ICINGA-release.repo
+zypper ref
+```
+
+#### Alpine Linux Repositories <a id="package-repositories-alpine"></a>
+
+Alpine Linux:
+
+```
+echo "http://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories
+echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
+apk update
+```
 
 The example provided assumes that you are running Alpine edge, which is the -dev branch and is a rolling release.
 If you are using a stable version please "pin" the edge repository on the latest Icinga 2 package version.
@@ -155,14 +206,6 @@ Debian/Ubuntu:
 apt-get install icinga2
 ```
 
-RHEL/CentOS 6:
-
-```
-yum install icinga2
-chkconfig icinga2 on
-service icinga2 start
-```
-
 RHEL/CentOS 7 and Fedora:
 
 ```
@@ -171,6 +214,14 @@ systemctl enable icinga2
 systemctl start icinga2
 ```
 
+RHEL/CentOS 6:
+
+```
+yum install icinga2
+chkconfig icinga2 on
+service icinga2 start
+```
+
 SLES/openSUSE:
 
 ```
@@ -215,8 +266,8 @@ By default Icinga 2 uses the following files and directories:
   Path                                		| Description
   ----------------------------------------------|------------------------------------
   /etc/icinga2                        		| Contains Icinga 2 configuration files.
-  /usr/lib/systemd/system/icinga2.service 	| The Icinga 2 Systemd service file on systems using Systemd.
-  /etc/systemd/system/icinga2.service.d/limits.conf | On distributions with Systemd >227, additional service limits are required.
+  /usr/lib/systemd/system/icinga2.service 	| The Icinga 2 systemd service file on systems using systemd.
+  /etc/systemd/system/icinga2.service.d/limits.conf | On distributions with systemd >227, additional service limits are required.
   /etc/init.d/icinga2                 		| The Icinga 2 init script on systems using SysVinit or OpenRC.
   /usr/sbin/icinga2                   		| Shell wrapper for the Icinga 2 binary.
   /usr/lib\*/icinga2				| Libraries and the Icinga 2 binary (use `find /usr -type f -name icinga2` to locate the binary path).
@@ -255,7 +306,7 @@ Without plugins Icinga 2 does not know how to check external services. The
 an extensive set of plugins which can be used with Icinga 2 to check whether
 services are working properly.
 
-These plugins are required to make the [example configuration](04-configuring-icinga-2.md#configuring-icinga2-overview)
+These plugins are required to make the [example configuration](04-configuration.md#configuring-icinga2-overview)
 work out-of-the-box.
 
 For your convenience here is a list of package names for some of the more
@@ -268,7 +319,7 @@ SLES/OpenSUSE          | monitoring-plugins | [server:monitoring](https://build.
 Debian/Ubuntu          | monitoring-plugins | -                         | /usr/lib/nagios/plugins
 FreeBSD                | monitoring-plugins | -                         | /usr/local/libexec/nagios
 Alpine Linux           | monitoring-plugins | -                         | /usr/lib/monitoring-plugins
-OS X                   | nagios-plugins     | [MacPorts](https://www.macports.org), [Homebrew](https://brew.sh) | /opt/local/libexec or /usr/local/sbin
+macOS                  | monitoring-plugins | [MacPorts](https://www.macports.org), [Homebrew](https://brew.sh) | /opt/local/libexec or /usr/local/sbin
 
 The recommended way of installing these standard plugins is to use your
 distribution's package manager.
@@ -286,9 +337,7 @@ yum install nagios-plugins-all
 ```
 
 The packages for RHEL/CentOS depend on other packages which are distributed
-as part of the [EPEL repository](https://fedoraproject.org/wiki/EPEL). Please
-make sure to enable this repository by following
-[these instructions](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F).
+as part of the [EPEL repository](02-installation.md#package-repositories-rhel-epel).
 
 Fedora:
 
@@ -322,7 +371,7 @@ Note: For Alpine you don't need to explicitly add the `monitoring-plugins` packa
 `icinga2` and is pulled automatically.
 
 Depending on which directory your plugins are installed into you may need to
-update the global `PluginDir` constant in your [Icinga 2 configuration](04-configuring-icinga-2.md#constants-conf).
+update the global `PluginDir` constant in your [Icinga 2 configuration](04-configuration.md#constants-conf).
 This constant is used by the check command definitions contained in the Icinga Template Library
 to determine where to find the plugin binaries.
 
@@ -335,10 +384,10 @@ to determine where to find the plugin binaries.
 
 ### Systemd Service <a id="systemd-service"></a>
 
-Some distributions (e.g. Fedora, openSUSE and RHEL/CentOS 7) use Systemd. The
-Icinga 2 packages automatically install the necessary Systemd unit files.
+Some distributions (e.g. Fedora, openSUSE and RHEL/CentOS 7) use systemd. The
+Icinga 2 packages automatically install the necessary systemd unit files.
 
-The Icinga 2 Systemd service can be (re-)started, reloaded, stopped and also
+The Icinga 2 systemd service can be (re-)started, reloaded, stopped and also
 queried for its current status.
 
 ```
@@ -387,7 +436,7 @@ If you're stuck with configuration errors, you can manually invoke the
 
 > **Tip**
 >
-> If you are running into fork errors with Systemd enabled distributions,
+> If you are running into fork errors with systemd enabled distributions,
 > please check the [troubleshooting chapter](15-troubleshooting.md#check-fork-errors).
 
 ### Init Script <a id="init-script"></a>
@@ -500,7 +549,7 @@ Test it:
 # vim /etc/icinga2/conf.d/templates.conf
 ```
 
-![Vim with syntax highlighting](images/getting-started/vim-syntax.png "Vim with Icinga 2 syntax highlighting")
+![Vim with syntax highlighting](images/installation/vim-syntax.png "Vim with Icinga 2 syntax highlighting")
 
 
 ### Configuration Syntax Highlighting using Nano <a id="configuration-syntax-highlighting-nano"></a>
@@ -544,7 +593,7 @@ Test it:
 $ nano /etc/icinga2/conf.d/templates.conf
 ```
 
-![Nano with syntax highlighting](images/getting-started/nano-syntax.png "Nano with Icinga 2 syntax highlighting")
+![Nano with syntax highlighting](images/installation/nano-syntax.png "Nano with Icinga 2 syntax highlighting")
 
 ## Setting up Icinga Web 2 <a id="setting-up-icingaweb2"></a>
 
@@ -554,8 +603,8 @@ This chapter explains how to set up Icinga Web 2.
 The DB IDO (Database Icinga Data Output) feature for Icinga 2 take care of
 exporting all configuration and status information into a database.
 
-Please choose whether to install [MySQL](02-getting-started.md#configuring-db-ido-mysql) or
-[PostgreSQL](02-getting-started.md#configuring-db-ido-postgresql).
+Please choose whether to install [MySQL](02-installation.md#configuring-db-ido-mysql) or
+[PostgreSQL](02-installation.md#configuring-db-ido-postgresql).
 
 ### Configuring DB IDO MySQL <a id="configuring-db-ido-mysql"></a>
 
@@ -578,16 +627,6 @@ systemctl start mariadb
 mysql_secure_installation
 ```
 
-RHEL/CentOS 6:
-
-```
-yum install mysql-server mysql
-chkconfig mysqld on
-service mysqld start
-
-mysql_secure_installation
-```
-
 SUSE:
 
 ```
@@ -665,7 +704,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icing
 quit
 ```
 
-![setting up the database on CentOS 7](images/getting-started/mariadb-centos7.png "Setting up the database on CentOS 7")
+![setting up the database on CentOS 7](images/installation/mariadb-centos7.png "Setting up the database on CentOS 7")
 
 After creating the database you can import the Icinga 2 IDO schema using the
 following command. Enter the root password into the prompt when asked.
@@ -705,7 +744,7 @@ Alpine Linux:
 rc-service icinga2 restart
 ```
 
-Continue with the [webserver setup](02-getting-started.md#icinga2-user-interface-webserver).
+Continue with the [webserver setup](02-installation.md#icinga2-user-interface-webserver).
 
 ### Configuring DB IDO PostgreSQL <a id="configuring-db-ido-postgresql"></a>
 
@@ -717,15 +756,6 @@ Debian/Ubuntu:
 apt-get install postgresql
 ```
 
-RHEL/CentOS 6:
-
-```
-yum install postgresql-server postgresql
-chkconfig postgresql on
-service postgresql initdb
-service postgresql start
-```
-
 RHEL/CentOS 7:
 
 ```
@@ -846,7 +876,7 @@ export PGPASSWORD=icinga
 psql -U icinga -d icinga < /usr/share/icinga2-ido-pgsql/schema/pgsql.sql
 ```
 
-![importing the Icinga 2 IDO schema](images/getting-started/postgr-import-ido.png "Importing the Icinga 2 IDO schema on Debian Jessie")
+![importing the Icinga 2 IDO schema](images/installation/postgr-import-ido.png "Importing the Icinga 2 IDO schema on Debian Jessie")
 
 
 #### Enabling the IDO PostgreSQL module <a id="enabling-ido-postgresql"></a>
@@ -880,7 +910,7 @@ Alpine Linux:
 rc-service icinga2 restart
 ```
 
-Continue with the [webserver setup](02-getting-started.md#icinga2-user-interface-webserver).
+Continue with the [webserver setup](02-installation.md#icinga2-user-interface-webserver).
 
 ### Webserver <a id="icinga2-user-interface-webserver"></a>
 
@@ -902,19 +932,11 @@ systemctl enable httpd
 systemctl start httpd
 ```
 
-RHEL/CentOS 6:
-
-```
-yum install httpd
-chkconfig httpd on
-service httpd start
-```
-
 SUSE:
 
 ```
 zypper install apache2
-chkconfig on
+chkconfig apache2 on
 service apache2 start
 ```
 
@@ -1003,10 +1025,10 @@ rc-service icinga2 restart
 
 ### Installing Icinga Web 2 <a id="installing-icingaweb2"></a>
 
-Please consult the [installation documentation](https://www.icinga.com/docs/icingaweb2/latest/doc/02-Installation/)
+Please consult the [installation documentation](https://icinga.com/docs/icingaweb2/latest/doc/02-Installation/)
 for further instructions on how to install Icinga Web 2.
 
-The Icinga 2 API can be defined as [command transport](https://www.icinga.com/docs/icingaweb2/latest/modules/monitoring/doc/05-Command-Transports/)
+The Icinga 2 API can be defined as [command transport](https://icinga.com/docs/icingaweb2/latest/modules/monitoring/doc/05-Command-Transports/)
 in Icinga Web 2 >= 2.4.
 
 ## Addons <a id="install-addons"></a>
diff --git a/doc/03-monitoring-basics.md b/doc/03-monitoring-basics.md
index 8e8e59839..569d0f85d 100644
--- a/doc/03-monitoring-basics.md
+++ b/doc/03-monitoring-basics.md
@@ -208,10 +208,10 @@ You can also import existing non-template objects.
 
 ### Multiple Templates <a id="object-inheritance-using-multiple-templates"></a>
 
-The following example uses [custom attributes](03-monitoring-basics.md#custom-attributes) which
+The following example uses [custom variables](03-monitoring-basics.md#custom-variables) which
 are provided in each template. The `web-server` template is used as the
 base template for any host providing web services. In addition to that it
-specifies the custom attribute `webserver_type`, e.g. `apache`. Since this
+specifies the custom variable `webserver_type`, e.g. `apache`. Since this
 template is also the base template, we import the `generic-host` template here.
 This provides the `check_command` attribute by default and we don't need
 to set it anywhere later on.
@@ -226,7 +226,7 @@ template Host "web-server" {
 ```
 
 The `wp-server` host template specifies a Wordpress instance and sets
-the `application_type` custom attribute. Please note the `+=` [operator](17-language-reference.md#dictionary-operators)
+the `application_type` custom variable. Please note the `+=` [operator](17-language-reference.md#dictionary-operators)
 which adds [dictionary](17-language-reference.md#dictionary) items,
 but does not override any previous `vars` attribute.
 
@@ -265,10 +265,22 @@ object Host "wp1.example.com" {
 }
 ```
 
-## Custom Attributes <a id="custom-attributes"></a>
+<!-- Keep this for compatibility -->
+<a id="custom-attributes"></a>
 
-In addition to built-in attributes you can define your own attributes
-inside the `vars` attribute:
+## Custom Variables <a id="custom-variables"></a>
+
+In addition to built-in object attributes you can define your own custom
+attributes inside the `vars` attribute.
+
+> **Tip**
+>
+> This is called `custom variables` throughout the documentation, backends and web interfaces.
+>
+> Older documentation versions referred to this as `custom attribute`.
+
+The following example specifies the key `ssh_port` as custom
+variable and assigns an integer value.
 
 ```
 object Host "localhost" {
@@ -295,17 +307,17 @@ or
   vars["ssh_port"] = 2222
 ```
 
-### Custom Attribute Values <a id="custom-attributes-values"></a>
+### Custom Variable Values <a id="custom-variables-values"></a>
 
-Valid values for custom attributes include:
+Valid values for custom variables include:
 
 * [Strings](17-language-reference.md#string-literals), [numbers](17-language-reference.md#numeric-literals) and [booleans](17-language-reference.md#boolean-literals)
 * [Arrays](17-language-reference.md#array) and [dictionaries](17-language-reference.md#dictionary)
-* [Functions](03-monitoring-basics.md#custom-attributes-functions)
+* [Functions](03-monitoring-basics.md#custom-variables-functions)
 
 You can also define nested values such as dictionaries in dictionaries.
 
-This example defines the custom attribute `disks` as dictionary.
+This example defines the custom variable `disks` as dictionary.
 The first key is set to `disk /` is itself set to a dictionary
 with one key-value pair.
 
@@ -338,7 +350,7 @@ Another example which is shown in the example configuration:
   }
 ```
 
-This defines the `notification` custom attribute as dictionary
+This defines the `notification` custom variable as dictionary
 with the key `mail`. Its value is a dictionary with the key `groups`
 which itself has an array as value. Note: This array is the exact
 same as the `user_groups` attribute for [notification apply rules](#03-monitoring-basics.md#using-apply-notifications)
@@ -354,11 +366,13 @@ expects.
   }
 ```
 
+<!-- Keep this for compatibility -->
+<a id="custom-attributes-functions"></a>
 
-### Functions as Custom Attributes <a id="custom-attributes-functions"></a>
+### Functions as Custom Variables <a id="custom-variables-functions"></a>
 
-Icinga 2 lets you specify [functions](17-language-reference.md#functions) for custom attributes.
-The special case here is that whenever Icinga 2 needs the value for such a custom attribute it runs
+Icinga 2 lets you specify [functions](17-language-reference.md#functions) for custom variables.
+The special case here is that whenever Icinga 2 needs the value for such a custom variable it runs
 the function and uses whatever value the function returns:
 
 ```
@@ -430,22 +444,25 @@ Accessing object attributes at runtime inside these functions is described in th
 
 ## Runtime Macros <a id="runtime-macros"></a>
 
-Macros can be used to access other objects' attributes at runtime. For example they
-are used in command definitions to figure out which IP address a check should be
-run against:
+Macros can be used to access other objects' attributes and [custom variables](03-monitoring-basics.md#custom-variables)
+at runtime. For example they are used in command definitions to figure out
+which IP address a check should be run against:
 
 ```
 object CheckCommand "my-ping" {
-  command = [ PluginDir + "/check_ping", "-H", "$ping_address$" ]
+  command = [ PluginDir + "/check_ping" ]
 
   arguments = {
+    "-H" = "$ping_address$"
     "-w" = "$ping_wrta$,$ping_wpl$%"
     "-c" = "$ping_crta$,$ping_cpl$%"
     "-p" = "$ping_packets$"
   }
 
+  // Resolve from a host attribute, or custom variable.
   vars.ping_address = "$address$"
 
+  // Default values
   vars.ping_wrta = 100
   vars.ping_wpl = 5
 
@@ -464,7 +481,7 @@ object Host "router" {
 In this example we are using the `$address$` macro to refer to the host's `address`
 attribute.
 
-We can also directly refer to custom attributes, e.g. by using `$ping_wrta$`. Icinga
+We can also directly refer to custom variables, e.g. by using `$ping_wrta$`. Icinga
 automatically tries to find the closest match for the attribute you specified. The
 exact rules for this are explained in the next section.
 
@@ -483,12 +500,12 @@ up macros and their respective values:
 2. Service object
 3. Host object
 4. Command object
-5. Global custom attributes in the `Vars` constant
+5. Global custom variables in the `Vars` constant
 
-This execution order allows you to define default values for custom attributes
+This execution order allows you to define default values for custom variables
 in your command objects.
 
-Here's how you can override the custom attribute `ping_packets` from the previous
+Here's how you can override the custom variable `ping_packets` from the previous
 example:
 
 ```
@@ -500,7 +517,7 @@ object Service "ping" {
 }
 ```
 
-If a custom attribute isn't defined anywhere, an empty value is used and a warning is
+If a custom variable isn't defined anywhere, an empty value is used and a warning is
 written to the Icinga 2 log.
 
 You can also directly refer to a specific attribute -- thereby ignoring these evaluation
@@ -510,14 +527,14 @@ rules -- by specifying the full attribute name:
 $service.vars.ping_wrta$
 ```
 
-This retrieves the value of the `ping_wrta` custom attribute for the service. This
-returns an empty value if the service does not have such a custom attribute no matter
+This retrieves the value of the `ping_wrta` custom variable for the service. This
+returns an empty value if the service does not have such a custom variable no matter
 whether another object such as the host has this attribute.
 
 
 ### Host Runtime Macros <a id="host-runtime-macros"></a>
 
-The following host custom attributes are available in all commands that are executed for
+The following host custom variables are available in all commands that are executed for
 hosts or services:
 
   Name                         | Description
@@ -583,7 +600,7 @@ attributes can be accessed too.
 
 ### Command Runtime Macros <a id="command-runtime-macros"></a>
 
-The following custom attributes are available in all commands:
+The following custom variables are available in all commands:
 
   Name                   | Description
   -----------------------|--------------
@@ -591,7 +608,7 @@ The following custom attributes are available in all commands:
 
 ### User Runtime Macros <a id="user-runtime-macros"></a>
 
-The following custom attributes are available in all commands that are executed for
+The following custom variables are available in all commands that are executed for
 users:
 
   Name                   | Description
@@ -661,7 +678,7 @@ attribute and reference an existing host attribute.
 ```
 object Service "ping4" {
   check_command = "ping4"
-  host_name = "icinga2-client1.localdomain"
+  host_name = "icinga2-agent1.localdomain"
 }
 ```
 
@@ -688,7 +705,7 @@ More explanations on assign where expressions can be found [here](03-monitoring-
 Before you start with apply rules keep the following in mind:
 
 * Define the best match.
-    * A set of unique [custom attributes](03-monitoring-basics.md#custom-attributes) for these hosts/services?
+    * A set of unique [custom variables](03-monitoring-basics.md#custom-variables) for these hosts/services?
     * Or [group](03-monitoring-basics.md#groups) memberships, e.g. a host being a member of a hostgroup which should have a service set?
     * A generic pattern [match](18-library-reference.md#global-functions-match) on the host/service name?
     * [Multiple expressions combined](03-monitoring-basics.md#using-apply-expressions) with `&&` or `||` [operators](17-language-reference.md#expression-operators)
@@ -710,12 +727,12 @@ objects in that scope (host and/or service objects).
 vars.application_type = host.vars.application_type
 ```
 
-[Custom attributes](03-monitoring-basics.md#custom-attributes) can also store
+[Custom variables](03-monitoring-basics.md#custom-variables) can also store
 nested dictionaries and arrays. That way you can use them for not only matching
 for their existence or values in apply expressions, but also assign
 ("inherit") their values into the generated objected from apply rules.
 
-Remember the examples shown for [custom attribute values](03-monitoring-basics.md#custom-attributes-values):
+Remember the examples shown for [custom variable values](03-monitoring-basics.md#custom-variables-values):
 
 ```
   vars.notification["mail"] = {
@@ -725,7 +742,7 @@ Remember the examples shown for [custom attribute values](03-monitoring-basics.m
 
 You can do two things here:
 
-* Check for the existence of the `notification` custom attribute and its nested dictionary key `mail`.
+* Check for the existence of the `notification` custom variable and its nested dictionary key `mail`.
 If this is boolean true, the notification object will be generated.
 * Assign the value of the `groups` key to the `user_groups` attribute.
 
@@ -742,9 +759,9 @@ apply Notification "mail-icingaadmin" to Host {
 
 A more advanced example is to use [apply rules with for loops on arrays or
 dictionaries](03-monitoring-basics.md#using-apply-for) provided by
-[custom atttributes](03-monitoring-basics.md#custom-attributes) or groups.
+[custom atttributes](03-monitoring-basics.md#custom-variables) or groups.
 
-Remember the examples shown for [custom attribute values](03-monitoring-basics.md#custom-attributes-values):
+Remember the examples shown for [custom variable values](03-monitoring-basics.md#custom-variables-values):
 
 ```
   vars.disks["disk /"] = {
@@ -801,7 +818,7 @@ Assign a service to a specific host in a host group [array](18-library-reference
 assign where "hostgroup-dev" in host.groups
 ```
 
-Assign an object when a custom attribute is [equal](17-language-reference.md#expression-operators) to a value:
+Assign an object when a custom variable is [equal](17-language-reference.md#expression-operators) to a value:
 
 ```
 assign where host.vars.application_type == "database"
@@ -827,8 +844,8 @@ Match the host name by using a [regular expression](18-library-reference.md#glob
 assign where regex("^webserver-[\\d+]", host.name)
 ```
 
-[Match](18-library-reference.md#global-functions-match) all `*mysql*` patterns in the host name and (`&&`) custom attribute `prod_mysql_db`
-matches the `db-*` pattern. All hosts with the custom attribute `test_server` set to `true`
+[Match](18-library-reference.md#global-functions-match) all `*mysql*` patterns in the host name and (`&&`) custom variable `prod_mysql_db`
+matches the `db-*` pattern. All hosts with the custom variable `test_server` set to `true`
 should be ignored, or any host name ending with `*internal` pattern.
 
 ```
@@ -843,11 +860,11 @@ object HostGroup "mysql-server" {
 
 Similar example for advanced notification apply rule filters: If the service
 attribute `notes` [matches](18-library-reference.md#global-functions-match) the `has gold support 24x7` string `AND` one of the
-two condition passes, either the `customer` host custom attribute is set to `customer-xy`
-`OR` the host custom attribute `always_notify` is set to `true`.
+two condition passes, either the `customer` host custom variable is set to `customer-xy`
+`OR` the host custom variable `always_notify` is set to `true`.
 
 The notification is ignored for services whose host name ends with `*internal`
-`OR` the `priority` custom attribute is [less than](17-language-reference.md#expression-operators) `2`.
+`OR` the `priority` custom variable is [less than](17-language-reference.md#expression-operators) `2`.
 
 ```
 template Notification "cust-xy-notification" {
@@ -867,11 +884,11 @@ More advanced examples are covered [here](08-advanced-topics.md#use-functions-as
 
 ### Apply Services to Hosts <a id="using-apply-services"></a>
 
-The sample configuration already includes a detailed example in [hosts.conf](04-configuring-icinga-2.md#hosts-conf)
-and [services.conf](04-configuring-icinga-2.md#services-conf) for this use case.
+The sample configuration already includes a detailed example in [hosts.conf](04-configuration.md#hosts-conf)
+and [services.conf](04-configuration.md#services-conf) for this use case.
 
 The example for `ssh` applies a service object to all hosts with the `address`
-attribute being defined and the custom attribute `os` set to the string `Linux` in `vars`.
+attribute being defined and the custom variable `os` set to the string `Linux` in `vars`.
 
 ```
 apply Service "ssh" {
@@ -902,17 +919,17 @@ apply Notification "mail-noc" to Service {
 ```
 
 In this example the `mail-noc` notification will be created as object for all services having the
-`notification.mail` custom attribute defined. The notification command is set to `mail-service-notification`
+`notification.mail` custom variable defined. The notification command is set to `mail-service-notification`
 and all members of the user group `noc` will get notified.
 
 It is also possible to generally apply a notification template and dynamically overwrite values from
-the template by checking for custom attributes. This can be achieved by using [conditional statements](17-language-reference.md#conditional-statements):
+the template by checking for custom variables. This can be achieved by using [conditional statements](17-language-reference.md#conditional-statements):
 
 ```
 apply Notification "host-mail-noc" to Host {
   import "mail-host-notification"
 
-  // replace interval inherited from `mail-host-notification` template with new notfication interval set by a host custom attribute
+  // replace interval inherited from `mail-host-notification` template with new notfication interval set by a host custom variable
   if (host.vars.notification_interval) {
     interval = host.vars.notification_interval
   }
@@ -922,7 +939,7 @@ apply Notification "host-mail-noc" to Host {
     period = host.vars.notification_period
   }
 
-  // Send SMS instead of email if the host's custom attribute `notification_type` is set to `sms`
+  // Send SMS instead of email if the host's custom variable `notification_type` is set to `sms`
   if (host.vars.notification_type == "sms") {
     command = "sms-host-notification"
   } else {
@@ -939,7 +956,7 @@ In the example above the notification template `mail-host-notification`
 contains all relevant notification settings.
 The apply rule is applied on all host objects where the `host.address` is defined.
 
-If the host object as a specific custom attributed set, its value is inherited
+If the host object has a specific custom variable set, its value is inherited
 into the local notification object scope, e.g. `host.vars.notification_interval`,
 `host.vars.notification_period` and `host.vars.notification_type`.
 This overwrites attributes already specified in the imported `mail-host-notification`
@@ -964,7 +981,7 @@ Detailed examples can be found in the [dependencies](03-monitoring-basics.md#dep
 
 ### Apply Recurring Downtimes to Hosts and Services <a id="using-apply-scheduledowntimes"></a>
 
-The sample configuration includes an example in [downtimes.conf](04-configuring-icinga-2.md#downtimes-conf).
+The sample configuration includes an example in [downtimes.conf](04-configuration.md#downtimes-conf).
 
 Detailed examples can be found in the [recurring downtimes](08-advanced-topics.md#recurring-downtimes) chapter.
 
@@ -975,8 +992,8 @@ Next to the standard way of using [apply rules](03-monitoring-basics.md#using-ap
 there is the requirement of applying objects based on a set (array or
 dictionary) using [apply for](17-language-reference.md#apply-for) expressions.
 
-The sample configuration already includes a detailed example in [hosts.conf](04-configuring-icinga-2.md#hosts-conf)
-and [services.conf](04-configuring-icinga-2.md#services-conf) for this use case.
+The sample configuration already includes a detailed example in [hosts.conf](04-configuration.md#hosts-conf)
+and [services.conf](04-configuration.md#services-conf) for this use case.
 
 Take the following example: A host provides the snmp oids for different service check
 types. This could look like the following example:
@@ -984,7 +1001,7 @@ types. This could look like the following example:
 ```
 object Host "router-v6" {
   check_command = "hostalive"
-  address6 = "::1"
+  address6 = "2001:db8:1234::42"
 
   vars.oids["if01"] = "1.1.1.1.1"
   vars.oids["temp"] = "1.1.1.1.2"
@@ -993,7 +1010,7 @@ object Host "router-v6" {
 ```
 
 The idea is to create service objects for `if01` and `temp` but not `bgp`.
-The oid value should also be used as service custom attribute `snmp_oid`.
+The oid value should also be used as service custom variable `snmp_oid`.
 This is the command argument required by the [snmp](10-icinga-template-library.md#plugin-check-command-snmp)
 check command.
 The service's `display_name` should be set to the identifier inside the dictionary,
@@ -1009,7 +1026,7 @@ apply Service for (identifier => oid in host.vars.oids) {
 }
 ```
 
-Icinga 2 evaluates the `apply for` rule for all objects with the custom attribute
+Icinga 2 evaluates the `apply for` rule for all objects with the custom variable
 `oids` set.
 It iterates over all dictionary items inside the `for` loop and evaluates the
 `assign/ignore where` expressions. You can access the loop variable
@@ -1026,13 +1043,15 @@ unwanted services. A different approach would be to match the `oid` value with a
 > **Note**
 >
 > You don't need an `assign where` expression which checks for the existence of the
-> `oids` custom attribute.
+> `oids` custom variable.
 
 This method saves you from creating multiple apply rules. It also moves
 the attribute specification logic from the service to the host.
 
+<!-- Keep this for compatibility -->
+<a id="using-apply-for-custom-attribute-override"></a>
 
-#### Apply For and Custom Attribute Override <a id="using-apply-for-custom-attribute-override"></a>
+#### Apply For and Custom Variable Override <a id="using-apply-for-custom-variable-override"></a>
 
 Imagine a different more advanced example: You are monitoring your network device (host)
 with many interfaces (services). The following requirements/problems apply:
@@ -1046,17 +1065,17 @@ dynamically generated.
 
 > **Tip**
 >
-> Define the SNMP community as global constant in your [constants.conf](04-configuring-icinga-2.md#constants-conf) file.
+> Define the SNMP community as global constant in your [constants.conf](04-configuration.md#constants-conf) file.
 
 ```
 const IftrafficSnmpCommunity = "public"
 ```
 
-Define the `interfaces` [custom attribute](03-monitoring-basics.md#custom-attributes)
+Define the `interfaces` [custom variable](03-monitoring-basics.md#custom-variables)
 on the `cisco-catalyst-6509-34` host object and add three example interfaces as dictionary keys.
 
 Specify additional attributes inside the nested dictionary
-as learned with [custom attribute values](03-monitoring-basics.md#custom-attributes-values):
+as learned with [custom variable values](03-monitoring-basics.md#custom-variables-values):
 
 ```
 object Host "cisco-catalyst-6509-34" {
@@ -1068,7 +1087,7 @@ object Host "cisco-catalyst-6509-34" {
    * and key name in service apply for later on
    */
   vars.interfaces["GigabitEthernet0/2"] = {
-     /* define all custom attributes with the
+     /* define all custom variables with the
       * same name required for command parameters/arguments
       * in service apply (look into your CheckCommand definition)
       */
@@ -1141,17 +1160,17 @@ interface_config = {
 ```
 
 Access the dictionary keys with the [indexer](17-language-reference.md#indexer) syntax
-and assign them to custom attributes used as command parameters for the `iftraffic`
+and assign them to custom variables used as command parameters for the `iftraffic`
 check command.
 
 ```
-  /* map the custom attributes as command arguments */
+  /* map the custom variables as command arguments */
   vars.iftraffic_units = interface_config.iftraffic_units
   vars.iftraffic_community = interface_config.iftraffic_community
 ```
 
 If you just want to inherit all attributes specified inside the `interface_config`
-dictionary, add it to the generated service custom attributes like this:
+dictionary, add it to the generated service custom variables like this:
 
 ```
   /* the above can be achieved in a shorter fashion if the names inside host.vars.interfaces
@@ -1161,7 +1180,7 @@ dictionary, add it to the generated service custom attributes like this:
   vars += interface_config
 ```
 
-If the user did not specify default values for required service custom attributes,
+If the user did not specify default values for required service custom variables,
 add them here. This also helps to avoid unwanted configuration validation errors or
 runtime failures. Please read more about conditional statements [here](17-language-reference.md#conditional-statements).
 
@@ -1211,7 +1230,7 @@ more object attributes which can be e.g. seen in external interfaces.
 > after successful [configuration validation](11-cli-commands.md#config-validation).
 
 Verify that the apply-for-rule successfully created the service objects with the
-inherited custom attributes:
+inherited custom variables:
 
 ```
 # icinga2 daemon -C
@@ -1292,7 +1311,7 @@ object Host "opennebula-host" {
 }
 ```
 
-`hosting` is a custom attribute with the Dictionary value type.
+`hosting` is a custom variable with the Dictionary value type.
 This is mandatory to iterate with the `key => value` notation
 in the below apply for rule.
 
@@ -1553,26 +1572,34 @@ send notifications to all group members.
 > Only users who have been notified of a problem before  (`Warning`, `Critical`, `Unknown`
 states for services, `Down` for hosts) will receive `Recovery` notifications.
 
+Icinga 2 v2.10 allows you to configure `Acknowledgement` and/or `Recovery`
+without a `Problem` notification. These notifications will be sent without
+any problem notifications beforehand, and can be used for e.g. ticket systems.
+
+```
+  types = [ Acknowledgement, Recovery ]
+```
+
 ### Notifications: Users from Host/Service <a id="alert-notifications-users-host-service"></a>
 
 A common pattern is to store the users and user groups
 on the host or service objects instead of the notification
 object itself.
 
-The sample configuration provided in [hosts.conf](04-configuring-icinga-2.md#hosts-conf) and [notifications.conf](notifications-conf)
+The sample configuration provided in [hosts.conf](04-configuration.md#hosts-conf) and [notifications.conf](notifications-conf)
 already provides an example for this question.
 
 > **Tip**
 >
 > Please make sure to read the [apply](03-monitoring-basics.md#using-apply) and
-> [custom attribute values](03-monitoring-basics.md#custom-attributes-values) chapter to
+> [custom variable values](03-monitoring-basics.md#custom-variables-values) chapter to
 > fully understand these examples.
 
 
-Specify the user and groups as nested custom attribute on the host object:
+Specify the user and groups as nested custom variable on the host object:
 
 ```
-object Host "icinga2-client1.localdomain" {
+object Host "icinga2-agent1.localdomain" {
   [...]
 
   vars.notification["mail"] = {
@@ -1589,7 +1616,7 @@ As you can see, there is the option to use two different notification
 apply rules here: One for `mail` and one for `sms`.
 
 This example assigns the `users` and `groups` nested keys from the `notification`
-custom attribute to the actual notification object attributes.
+custom variable to the actual notification object attributes.
 
 Since errors are hard to debug if host objects don't specify the required
 configuration attributes, you can add a safety condition which logs which
@@ -1661,7 +1688,7 @@ notification users and groups are inherited from the service and if not set,
 from the host object. A default user is set too.
 
 ```
-apply Notification "mail-host-notification" to Service {
+apply Notification "mail-service-notification" to Service {
   [...]
 
   if (service.vars.notification.mail.users) {
@@ -1675,11 +1702,11 @@ apply Notification "mail-host-notification" to Service {
 
   if (service.vars.notification.mail.groups) {
     user_groups = service.vars.notification.mail.groups
-  } else (host.vars.notification.mail.groups) {
+  } else if (host.vars.notification.mail.groups) {
     user_groups = host.vars.notification.mail.groups
   }
 
-  assign where host.vars.notification.mail && typeof(host.vars.notification.mail) == Dictionary
+  assign where ( host.vars.notification.mail && typeof(host.vars.notification.mail) == Dictionary ) || ( service.vars.notification.mail && typeof(service.vars.notification.mail) == Dictionary )
 }
 ```
 
@@ -1866,7 +1893,7 @@ using the `check_command` attribute.
 #### Integrate the Plugin with a CheckCommand Definition <a id="command-plugin-integration"></a>
 
 Unless you have done so already, download your check plugin and put it
-into the [PluginDir](04-configuring-icinga-2.md#constants-conf) directory. The following example uses the
+into the [PluginDir](04-configuration.md#constants-conf) directory. The following example uses the
 `check_mysql` plugin contained in the Monitoring Plugins package.
 
 The plugin path and all command arguments are made a list of
@@ -1896,7 +1923,7 @@ Please continue reading in the [plugins section](05-service-monitoring.md#servic
 
 #### Passing Check Command Parameters from Host or Service <a id="command-passing-parameters"></a>
 
-Check command parameters are defined as custom attributes which can be accessed as runtime macros
+Check command parameters are defined as custom variables which can be accessed as runtime macros
 by the executed check command.
 
 The check command parameters for ITL provided plugin check command definitions are documented
@@ -1905,11 +1932,11 @@ The check command parameters for ITL provided plugin check command definitions a
 
 In order to practice passing command parameters you should [integrate your own plugin](03-monitoring-basics.md#command-plugin-integration).
 
-The following example will use `check_mysql` provided by the [Monitoring Plugins installation](02-getting-started.md#setting-up-check-plugins).
+The following example will use `check_mysql` provided by the [Monitoring Plugins installation](02-installation.md#setting-up-check-plugins).
 
-Define the default check command custom attributes, for example `mysql_user` and `mysql_password`
+Define the default check command custom variables, for example `mysql_user` and `mysql_password`
 (freely definable naming schema) and optional their default threshold values. You can
-then use these custom attributes as runtime macros for [command arguments](03-monitoring-basics.md#command-arguments)
+then use these custom variables as runtime macros for [command arguments](03-monitoring-basics.md#command-arguments)
 on the command line.
 
 > **Tip**
@@ -1918,8 +1945,8 @@ on the command line.
 > readability. `mysql_user` helps understanding the context better than just
 > `user` as argument.
 
-The default custom attributes can be overridden by the custom attributes
-defined in the host or service using the check command `my-mysql`. The custom attributes
+The default custom variables can be overridden by the custom variables
+defined in the host or service using the check command `my-mysql`. The custom variables
 can also be inherited from a parent template using additive inheritance (`+=`).
 
 ```
@@ -1965,7 +1992,7 @@ The check command definition also sets `mysql_host` to the `$address$` default v
 this command parameter if for example your MySQL host is not running on the same server's ip address.
 
 Make sure pass all required command parameters, such as `mysql_user`, `mysql_password` and `mysql_database`.
-`MysqlUsername` and `MysqlPassword` are specified as [global constants](04-configuring-icinga-2.md#constants-conf)
+`MysqlUsername` and `MysqlPassword` are specified as [global constants](04-configuration.md#constants-conf)
 in this example.
 
 ```
@@ -1988,10 +2015,10 @@ apply Service "mysql-icinga-db-health" {
 ```
 
 
-Take a different example: The example host configuration in [hosts.conf](04-configuring-icinga-2.md#hosts-conf)
+Take a different example: The example host configuration in [hosts.conf](04-configuration.md#hosts-conf)
 also applies an `ssh` service check. Your host's ssh port is not the default `22`, but set to `2022`.
-You can pass the command parameter as custom attribute `ssh_port` directly inside the service apply rule
-inside [services.conf](04-configuring-icinga-2.md#services-conf):
+You can pass the command parameter as custom variable `ssh_port` directly inside the service apply rule
+inside [services.conf](04-configuration.md#services-conf):
 
 ```
 apply Service "ssh" {
@@ -2008,7 +2035,7 @@ If you prefer this being configured at the host instead of the service, modify t
 object instead. The runtime macro resolving order is described [here](03-monitoring-basics.md#macro-evaluation-order).
 
 ```
-object Host "icinga2-client1.localdomain {
+object Host "icinga2-agent1.localdomain {
 ...
   vars.ssh_port = 2022
 }
@@ -2018,10 +2045,10 @@ object Host "icinga2-client1.localdomain {
 
 The host `localhost` with the generated services from the `basic-partitions` dictionary (see
 [apply for](03-monitoring-basics.md#using-apply-for) for details) checks a basic set of disk partitions
-with modified custom attributes (warning thresholds at `10%`, critical thresholds at `5%`
+with modified custom variables (warning thresholds at `10%`, critical thresholds at `5%`
 free disk space).
 
-The custom attribute `disk_partition` can either hold a single string or an array of
+The custom variable `disk_partition` can either hold a single string or an array of
 string values for passing multiple partitions to the `check_disk` check plugin.
 
 ```
@@ -2047,121 +2074,360 @@ apply Service for (disk => config in host.vars.local_disks) {
 ```
 
 
-More details on using arrays in custom attributes can be found in
-[this chapter](03-monitoring-basics.md#custom-attributes).
+More details on using arrays in custom variables can be found in
+[this chapter](03-monitoring-basics.md#custom-variables).
 
 
 #### Command Arguments <a id="command-arguments"></a>
 
-By defining a check command line using the `command` attribute Icinga 2
-will resolve all macros in the static string or array. Sometimes it is
-required to extend the arguments list based on a met condition evaluated
-at command execution. Or making arguments optional -- only set if the
-macro value can be resolved by Icinga 2.
+Next to the short `command` array specified in the command object,
+it is advised to define plugin/script parameters in the `arguments`
+dictionary attribute.
+
+The value of the `--parameter` key itself is a dictionary with additional
+keys. They allow to create generic command objects and are also for documentation
+purposes, e.g. with the `description` field copying the plugin's help text in there.
+The Icinga Director uses this field to show the argument's purpose when selecting it.
 
 ```
-object CheckCommand "http" {
-  command = [ PluginDir + "/check_http" ]
+  arguments = {
+    "--parameter" = {
+      description = "..."
+      value = "..."
+    }
+  }
+```
+
+Each argument is optional by default and is omitted if
+the value is not set.
+
+Learn more about integrating plugins with CheckCommand
+objects in [this chapter](05-service-monitoring.md#service-monitoring-plugin-checkcommand).
+
+There are additional possibilities for creating a command only once,
+with different parameters and arguments, shown below.
+
+##### Command Arguments: Value <a id="command-arguments-value"></a>
+
+In order to find out about the command argument, call the plugin's help
+or consult the README.
+
+```
+./check_systemd.py --help
+
+...
+
+  -u UNIT, --unit UNIT  Name of the systemd unit that is beeing tested.
+```
+
+Whenever the long parameter name is available, prefer this over the short one.
+
+```
+  arguments = {
+    "--unit" = {
+
+    }
+  }
+```
+
+Define a unique `prefix` for the command's specific arguments. Best practice is to follow this schema:
+
+```
+<command name>_<parameter name>
+```
+
+Therefore use `systemd_` as prefix, and use the long plugin parameter name `unit` inside the [runtime macro](03-monitoring-basics.md#runtime-macros)
+syntax.
+
+```
+  arguments = {
+    "--unit" = {
+      value = "$systemd_unit$"
+    }
+  }
+```
+
+In order to specify a default value, specify
+a [custom variable](03-monitoring-basics.md#custom-variables) inside
+the CheckCommand object.
+
+```
+  vars.systemd_unit = "icinga2"
+```
+
+This value can be overridden from the host/service
+object as command parameters.
+
+
+##### Command Arguments: Description <a id="command-arguments-description"></a>
+
+Best practice, also inside the [ITL](10-icinga-template-library.md#icinga-template-library), is to always
+copy the command parameter help output into the `description`
+field of your check command.
+
+Learn more about integrating plugins with CheckCommand
+objects in [this chapter](05-service-monitoring.md#service-monitoring-plugin-checkcommand).
+
+With the [example above](03-monitoring-basics.md#command-arguments-value),
+inspect the parameter's help text.
+
+```
+./check_systemd.py --help
+
+...
+
+  -u UNIT, --unit UNIT  Name of the systemd unit that is beeing tested.
+```
+
+Copy this into the command arguments `description` entry.
+
+```
+  arguments = {
+    "--unit" = {
+      value = "$systemd_unit$"
+      description = "Name of the systemd unit that is beeing tested."
+    }
+  }
+```
+
+##### Command Arguments: Required <a id="command-arguments-required"></a>
+
+Specifies whether this command argument is required, or not. By
+default all arguments are optional.
+
+> **Tip**
+>
+> Good plugins provide optional parameters in square brackets, e.g. `[-w SECONDS]`.
+
+The `required` field can be toggled with a [boolean](17-language-reference.md#boolean-literals) value.
+
+```
+  arguments = {
+    "--host" = {
+      value = "..."
+      description = "..."
+      required = true
+    }
+  }
+```
+
+Whenever the check is executed and the argument is missing, Icinga
+logs an error. This allows to better debug configuration errors
+instead of sometimes unreadable plugin errors when parameters are
+missing.
+
+##### Command Arguments: Skip Key <a id="command-arguments-skip-key"></a>
+
+The `arguments` attribute requires a key, empty values are not allowed.
+To overcome this for parameters which don't need the name in front of
+the value, use the `skip_key` [boolean](17-language-reference.md#boolean-literals) toggle.
+
+```
+  command = [ PrefixDir + "/bin/icingacli", "businessprocess", "process", "check" ]
 
   arguments = {
-    "-H" = "$http_vhost$"
-    "-I" = "$http_address$"
-    "-u" = "$http_uri$"
-    "-p" = "$http_port$"
-    "-S" = {
-      set_if = "$http_ssl$"
+    "--process" = {
+      value = "$icingacli_businessprocess_process$"
+      description = "Business process to monitor"
+      skip_key = true
+      required = true
+      order = -1
     }
+  }
+```
+
+The service specifies the [custom variable](03-monitoring-basics.md#custom-variables) `icingacli_businessprocess_process`.
+
+```
+  vars.icingacli_businessprocess_process = "bp-shop-web"
+```
+
+This results in this command line without the `--process` parameter:
+
+```
+'/bin/icingacli' 'businessprocess' 'process' 'check' 'bp-shop-web'
+```
+
+You can use this method to put everything into the `arguments` attribute
+in a defined order and without keys. This avoids entries in the `command`
+attributes too.
+
+
+##### Command Arguments: Set If <a id="command-arguments-set-if"></a>
+
+This can be used for the following scenarios:
+
+**Parameters without value, e.g. `--sni`.**
+
+```
+  command = [ PluginDir + "/check_http"]
+
+  arguments = {
     "--sni" = {
       set_if = "$http_sni$"
     }
-    "-a" = {
-      value = "$http_auth_pair$"
-      description = "Username:password on sites with basic authentication"
-    }
-    "--no-body" = {
-      set_if = "$http_ignore_body$"
-    }
-    "-r" = "$http_expect_body_regex$"
-    "-w" = "$http_warn_time$"
-    "-c" = "$http_critical_time$"
-    "-e" = "$http_expect$"
   }
-
-  vars.http_address = "$address$"
-  vars.http_ssl = false
-  vars.http_sni = false
-}
 ```
 
-The example shows the `check_http` check command defining the most common
-arguments. Each of them is optional by default and is omitted if
-the value is not set. For example, if the service calling the check command
-does not have `vars.http_port` set, it won't get added to the command
-line.
+Whenever a host/service object sets the `http_sni` [custom variable](03-monitoring-basics.md#custom-variables)
+to `true`, the parameter is added to the command line.
 
-If the `vars.http_ssl` custom attribute is set in the service, host or command
-object definition, Icinga 2 will add the `-S` argument based on the `set_if`
-numeric value to the command line. String values are not supported.
+```
+'/usr/lib64/nagios/plugins/check_http' '--sni'
+```
 
-If the macro value cannot be resolved, Icinga 2 will not add the defined argument
-to the final command argument array. Empty strings for macro values won't omit
-the argument.
-
-That way you can use the `check_http` command definition for both, with and
-without SSL enabled checks saving you duplicated command definitions.
-
-Details on all available options can be found in the
-[CheckCommand object definition](09-object-types.md#objecttype-checkcommand).
-
-##### Command Arguments: set_if <a id="command-arguments-set-if"></a>
-
-The `set_if` attribute in command arguments can be used to only add
-this parameter if the runtime macro value is boolean `true`.
-
-Best practice is to define and pass only [boolean](17-language-reference.md#boolean-literals) values here.
 [Numeric](17-language-reference.md#numeric-literals) values are allowed too.
 
-Examples:
+**Parameters with value, but additionally controlled with an extra custom variable boolean flag.**
+
+The following example is taken from the [postgres]() CheckCommand. The host
+parameter should use a `value` but only whenever the `postgres_unixsocket`
+[custom variable](03-monitoring-basics.md#custom-variables) is set to false.
+
+Note: `set_if` is using a runtime lambda function because the value
+is evaluated at runtime. This is explained in [this chapter](08-advanced-topics.md#use-functions-object-config).
 
 ```
-vars.test_b = true
-vars.test_n = 3.0
+  command = [ PluginContribDir + "/check_postgres.pl" ]
 
-arguments = {
-  "-x" = {
-    set_if = "$test_b$"
+  arguments = {
+    "-H" = {
+      value = "$postgres_host$"
+      set_if = {{ macro("$postgres_unixsocket$") == false }}
+      description = "hostname(s) to connect to; defaults to none (Unix socket)"
   }
-  "-y" = {
-    set_if = "$test_n$"
+```
+
+An executed check for this host and services ...
+
+```
+object Host "postgresql-cluster" {
+  // ...
+
+  vars.postgres_host = "192.168.56.200"
+  vars.postgres_unixsocket = false
+}
+```
+
+... use the following command line:
+
+```
+'/usr/lib64/nagios/plugins/check_postgres.pl' '-H' '192.168.56.200'
+```
+
+Host/service objects which set `postgres_unixsocket` to `false` don't add the `-H` parameter
+and its value to the command line.
+
+References: [abbreviated lambda syntax](17-language-reference.md#nullary-lambdas), [macro](18-library-reference.md#scoped-functions-macro).
+
+##### Command Arguments: Order <a id="command-arguments-order"></a>
+
+Plugin may require parameters in a special order. One after the other,
+or e.g. one parameter always in the first position.
+
+```
+  arguments = {
+    "--first" = {
+      value = "..."
+      description = "..."
+      order = -5
+    }
+    "--second" = {
+      value = "..."
+      description = "..."
+      order = -4
+    }
+    "--last" = {
+      value = "..."
+      description = "..."
+      order = 99
+    }
+  }
+```
+
+Keep in mind that positional arguments need to be tested thoroughly.
+
+##### Command Arguments: Repeat Key <a id="command-arguments-repeat-key"></a>
+
+Parameters can use [Array](17-language-reference.md#array) as value type. Whenever Icinga encounters
+an array, it repeats the parameter key and each value element by default.
+
+```
+  command = [ NscpPath + "\\nscp.exe", "client" ]
+
+  arguments = {
+    "-a" = {
+      value = "$nscp_arguments$"
+      description = "..."
+      repeat_key = true
+    }
+  }
+```
+
+On a host/service object, specify the `nscp_arguments` [custom variable](03-monitoring-basics.md#custom-variables)
+as an array.
+
+```
+  vars.nscp_arguments = [ "exclude=sppsvc", "exclude=ShellHWDetection" ]
+```
+
+This translates into the following command line:
+
+```
+nscp.exe 'client' '-a' 'exclude=sppsvc' '-a' 'exclude=ShellHWDetection'
+```
+
+If the plugin requires you to pass the list without repeating the key,
+set `repeat_key = false` in the argument definition.
+
+```
+  command = [ NscpPath + "\\nscp.exe", "client" ]
+
+  arguments = {
+    "-a" = {
+      value = "$nscp_arguments$"
+      description = "..."
+      repeat_key = false
+    }
+  }
+```
+
+This translates into the following command line:
+
+```
+nscp.exe 'client' '-a' 'exclude=sppsvc' 'exclude=ShellHWDetection'
+```
+
+
+##### Command Arguments: Key <a id="command-arguments-key"></a>
+
+The `arguments` attribute requires unique keys. Sometimes, you'll
+need to override this in the resulting command line with same key
+names. Therefore you can specifically override the arguments key.
+
+```
+arguments = {
+  "--key1" = {
+    value = "..."
+    key = "-specialkey"
+  }
+  "--key2" = {
+    value = "..."
+    key = "-specialkey"
   }
 }
 ```
 
-If you accidentally used a [String](17-language-reference.md#string-literals) value, this could lead into
-an undefined behaviour.
-
-If you still want to work with String values and other variants, you can also
-use runtime evaluated functions for `set_if`.
+This results in the following command line:
 
 ```
-vars.test_s = "1.1.2.1"
-arguments = {
-  "-z" = {
-    set_if = {{
-      var str = macro("$test_s$")
-
-      return regex("^\d.\d.\d.\d$", str)
-    }}
-  }
+  '-specialkey' '...' '-specialkey' '...'
 ```
 
-References: [abbreviated lambda syntax](17-language-reference.md#nullary-lambdas), [macro](18-library-reference.md#scoped-functions-macro), [regex](18-library-reference.md#global-functions-regex).
-
-
 #### Environment Variables <a id="command-environment-variables"></a>
 
 The `env` command object attribute specifies a list of environment variables with values calculated
-from custom attributes which should be exported as environment variables prior to executing the command.
+from custom variables which should be exported as environment variables prior to executing the command.
 
 This is useful for example for hiding sensitive information on the command line output
 when passing credentials to database checks:
@@ -2195,7 +2461,7 @@ the database credentials in the user's environment.
 > **Note**
 >
 > If the CheckCommand also supports setting the parameter in the command line,
-> ensure to use a different name for the custom attribute. Otherwise Icinga 2
+> ensure to use a different name for the custom variable. Otherwise Icinga 2
 > adds the command line parameter.
 
 If a specific CheckCommand object provided with the [Icinga Template Library](10-icinga-template-library.md#icinga-template-library)
@@ -2213,13 +2479,13 @@ object CheckCommand "mysql_health_env" {
 }
 ```
 
-Specify the custom attributes `mysql_health_env_username` and `mysql_health_env_password`
+Specify the custom variables `mysql_health_env_username` and `mysql_health_env_password`
 in the service object then.
 
 > **Note**
 >
 > Keep in mind that the values are still visible with the [debug console](11-cli-commands.md#cli-command-console)
-> and the inspect mode in the [Icinga Director](https://www.icinga.com/docs/director/latest/).
+> and the inspect mode in the [Icinga Director](https://icinga.com/docs/director/latest/).
 
 You can also set global environment variables in the application's
 sysconfig configuration file, e.g. `HOME` or specific library paths
@@ -2265,54 +2531,13 @@ defaults can always be overwritten locally.
 >
 > This example requires the `mail` binary installed on the Icinga 2
 > master.
-
-#### Notification Commands in 2.7 <a id="notification-command-2-7"></a>
-
-Icinga 2 v2.7.0 introduced new notification scripts which support both
-environment variables and command line parameters.
-
-Therefore the `NotificationCommand` objects inside the [commands.conf](04-configuring-icinga-2.md#commands-conf)
-and `Notification` apply rules inside the [notifications.conf](04-configuring-icinga-2.md#notifications-conf)
-configuration files have been updated. Your configuration needs to be
-updated next to the notification scripts themselves.
-
-> **Note**
 >
-> Several parameters have been changed. Please review the notification
-> script parameters and configuration objects before updating your production
-> environment.
-
-The safest way is to incorporate the configuration updates from
-v2.7.0 inside the [commands.conf](04-configuring-icinga-2.md#commands-conf) and [notifications.conf](04-configuring-icinga-2.md#notifications-conf)
-configuration files.
-
-A quick-fix is shown below:
-
-```
-@@ -5,7 +5,8 @@ object NotificationCommand "mail-host-notification" {
-
-   env = {
-     NOTIFICATIONTYPE = "$notification.type$"
--    HOSTALIAS = "$host.display_name$"
-+    HOSTNAME = "$host.name$"
-+    HOSTDISPLAYNAME = "$host.display_name$"
-     HOSTADDRESS = "$address$"
-     HOSTSTATE = "$host.state$"
-     LONGDATETIME = "$icinga.long_date_time$"
-@@ -22,8 +23,9 @@ object NotificationCommand "mail-service-notification" {
-
-   env = {
-     NOTIFICATIONTYPE = "$notification.type$"
--    SERVICEDESC = "$service.name$"
--    HOSTALIAS = "$host.display_name$"
-+    SERVICENAME = "$service.name$"
-+    HOSTNAME = "$host.name$"
-+    HOSTDISPLAYNAME = "$host.display_name$"
-     HOSTADDRESS = "$address$"
-     SERVICESTATE = "$service.state$"
-     LONGDATETIME = "$icinga.long_date_time$"
-```
-
+> Depending on the distribution, you need a local mail transfer
+> agent (MTA) such as Postfix, Exim or Sendmail in order
+> to send emails.
+>
+> These tools virtually provide the `mail` binary executed
+> by the notification scripts below.
 
 #### mail-host-notification <a id="mail-host-notification"></a>
 
@@ -2383,7 +2608,7 @@ account but all parents are inherited.
 The `parent_host_name` and `parent_service_name` attributes are mandatory for
 service dependencies, `parent_host_name` is required for host dependencies.
 [Apply rules](03-monitoring-basics.md#using-apply) will allow you to
-[determine these attributes](03-monitoring-basics.md#dependencies-apply-custom-attributes) in a more
+[determine these attributes](03-monitoring-basics.md#dependencies-apply-custom-variables) in a more
 dynamic fashion if required.
 
 ```
@@ -2416,14 +2641,19 @@ states = [ OK, Critical, Unknown ]
 > If the parent service object changes into the `Warning` state, this
 > dependency will fail and render all child objects (hosts or services) unreachable.
 
-You can determine the child's reachability by querying the `is_reachable` attribute
-in for example [DB IDO](24-appendix.md#schema-db-ido-extensions).
+You can determine the child's reachability by querying the `last_reachable` attribute
+via the [REST API](12-icinga2-api.md#icinga2-api).
+
+> **Note**
+>
+> Reachability calculation depends on fresh and processed check results. If dependencies
+> disable checks for child objects, this won't work reliably.
 
 ### Implicit Dependencies for Services on Host <a id="dependencies-implicit-host-service"></a>
 
 Icinga 2 automatically adds an implicit dependency for services on their host. That way
 service notifications are suppressed when a host is `DOWN` or `UNREACHABLE`. This dependency
-does not overwrite other dependencies and implicitely sets `disable_notifications = true` and
+does not overwrite other dependencies and implicitly sets `disable_notifications = true` and
 `states = [ Up ]` for all service objects.
 
 Service checks are still executed. If you want to prevent them from happening, you can
@@ -2485,7 +2715,10 @@ apply Dependency "internet" to Service {
 }
 ```
 
-### Apply Dependencies based on Custom Attributes <a id="dependencies-apply-custom-attributes"></a>
+<!-- Keep this for compatibility -->
+<a id="dependencies-apply-custom-attríbutes"></a>
+
+### Apply Dependencies based on Custom Variables <a id="dependencies-apply-custom-variables"></a>
 
 You can use [apply rules](03-monitoring-basics.md#using-apply) to set parent or
 child attributes, e.g. `parent_host_name` to other objects'
@@ -2493,7 +2726,7 @@ attributes.
 
 A common example are virtual machines hosted on a master. The object
 name of that master is auto-generated from your CMDB or VMWare inventory
-into the host's custom attributes (or a generic template for your
+into the host's custom variables (or a generic template for your
 cloud).
 
 Define your master host object:
@@ -2515,7 +2748,7 @@ template Host "generic-vm" {
 ```
 
 Add a template for all hosts on your example.com cloud setting
-custom attribute `vm_parent` to `master.example.com`:
+custom variable `vm_parent` to `master.example.com`:
 
 ```
 template Host "generic-vm-example.com" {
@@ -2538,7 +2771,7 @@ object Host "www.example2.com" {
 
 Apply the host dependency to all child hosts importing the
 `generic-vm` template and set the `parent_host_name`
-to the previously defined custom attribute `host.vars.vm_parent`.
+to the previously defined custom variable `host.vars.vm_parent`.
 
 ```
 apply Dependency "vm-host-to-parent-master" to Host {
@@ -2570,55 +2803,40 @@ will detect their reachability immediately when executing checks.
 
 ### Dependencies for Agent Checks <a id="dependencies-agent-checks"></a>
 
-Another classic example are agent based checks. You would define a health check
+Another good example are agent based checks. You would define a health check
 for the agent daemon responding to your requests, and make all other services
 querying that daemon depend on that health check.
 
-The following configuration defines two nrpe based service checks `nrpe-load`
-and `nrpe-disk` applied to the host `nrpe-server` [matched](18-library-reference.md#global-functions-match)
-by its name. The health check is defined as `nrpe-health` service.
+```
+apply Service "agent-health" {
+  check_command = "cluster-zone"
+
+  display_name = "cluster-health-" + host.name
+
+  /* This follows the convention that the agent zone name is the FQDN which is the same as the host object name. */
+  vars.cluster_zone = host.name
+
+  assign where host.vars.agent_endpoint
+}
+```
+
+Now, make all other agent based checks dependent on the OK state of the `agent-health`
+service.
 
 ```
-apply Service "nrpe-health" {
-  import "generic-service"
-  check_command = "nrpe"
-  assign where match("nrpe-*", host.name)
-}
+apply Dependency "agent-health-check" to Service {
+  parent_service_name = "agent-health"
 
-apply Service "nrpe-load" {
-  import "generic-service"
-  check_command = "nrpe"
-  vars.nrpe_command = "check_load"
-  assign where match("nrpe-*", host.name)
-}
-
-apply Service "nrpe-disk" {
-  import "generic-service"
-  check_command = "nrpe"
-  vars.nrpe_command = "check_disk"
-  assign where match("nrpe-*", host.name)
-}
-
-object Host "nrpe-server" {
-  import "generic-host"
-  address = "192.168.1.5"
-}
-
-apply Dependency "disable-nrpe-checks" to Service {
-  parent_service_name = "nrpe-health"
-
-  states = [ OK ]
-  disable_checks = true
+  states = [ OK ] // Fail if the parent service state switches to NOT-OK
   disable_notifications = true
-  assign where service.check_command == "nrpe"
-  ignore where service.name == "nrpe-health"
+
+  assign where host.vars.agent_endpoint // Automatically assigns all agent endpoint checks as child services on the matched host
+  ignore where service.name == "agent-health" // Avoid a self reference from child to parent
 }
+
 ```
 
-The `disable-nrpe-checks` dependency is applied to all services
-on the `nrpe-service` host using the `nrpe` check_command attribute
-but not the `nrpe-health` service itself.
-
+This is described in detail in [this chapter](06-distributed-monitoring.md#distributed-monitoring-health-checks).
 
 ### Event Commands <a id="event-commands"></a>
 
@@ -2769,7 +2987,7 @@ The script only is executed if the service state is `CRITICAL`. Warning and Unkn
 are ignored as they indicate not an immediate failure.
 
 ```
-[root@icinga2-client1.localdomain /]# vim /usr/lib64/nagios/plugins/restart_service
+[root@icinga2-agent1.localdomain /]# vim /usr/lib64/nagios/plugins/restart_service
 
 #!/bin/bash
 
@@ -2800,7 +3018,7 @@ else
   fi
 fi
 
-[root@icinga2-client1.localdomain /]# chmod +x /usr/lib64/nagios/plugins/restart_service
+[root@icinga2-agent1.localdomain /]# chmod +x /usr/lib64/nagios/plugins/restart_service
 ```
 
 Add a service on the master node which is executed via command endpoint on the client.
@@ -2808,15 +3026,15 @@ Set the `event_command` attribute to `restart_service`, the name of the previous
 EventCommand object.
 
 ```
-[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-client1.localdomain.conf
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-agent1.localdomain.conf
 
 object Service "Process httpd" {
   check_command = "procs"
   event_command = "restart_service"
   max_check_attempts = 4
 
-  host_name = "icinga2-client1.localdomain"
-  command_endpoint = "icinga2-client1.localdomain"
+  host_name = "icinga2-agent1.localdomain"
+  command_endpoint = "icinga2-agent1.localdomain"
 
   vars.procs_command = "httpd"
   vars.procs_warning = "1:10"
@@ -2824,17 +3042,17 @@ object Service "Process httpd" {
 }
 ```
 
-In order to test this configuration just stop the `httpd` on the remote host `icinga2-client1.localdomain`.
+In order to test this configuration just stop the `httpd` on the remote host `icinga2-agent1.localdomain`.
 
 ```
-[root@icinga2-client1.localdomain /]# systemctl stop httpd
+[root@icinga2-agent1.localdomain /]# systemctl stop httpd
 ```
 
 You can enable the [debug log](15-troubleshooting.md#troubleshooting-enable-debug-output) and search for the
 executed command line.
 
 ```
-[root@icinga2-client1.localdomain /]# tail -f /var/log/icinga2/debug.log | grep restart_service
+[root@icinga2-agent1.localdomain /]# tail -f /var/log/icinga2/debug.log | grep restart_service
 ```
 
 #### Use Event Commands to Restart Service Daemon via Command Endpoint on Windows <a id="event-command-restart-service-daemon-command-endpoint-windows"></a>
@@ -2910,21 +3128,21 @@ Set the `event_command` attribute to `restart_service-windows`, the name of the
 EventCommand object.
 
 ```
-[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-client2.localdomain.conf
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-agent2.localdomain.conf
 
 object Service "Service httpd" {
   check_command = "service-windows"
   event_command = "restart_service-windows"
   max_check_attempts = 4
 
-  host_name = "icinga2-client2.localdomain"
-  command_endpoint = "icinga2-client2.localdomain"
+  host_name = "icinga2-agent2.localdomain"
+  command_endpoint = "icinga2-agent2.localdomain"
 
   vars.service_win_service = "httpd"
 }
 ```
 
-In order to test this configuration just stop the `httpd` on the remote host `icinga2-client1.localdomain`.
+In order to test this configuration just stop the `httpd` on the remote host `icinga2-agent1.localdomain`.
 
 ```
 C:> net stop httpd
@@ -2985,7 +3203,7 @@ object EventCommand "event_by_ssh" {
 ```
 
 The actual event command only passes the `event_by_ssh_command` attribute.
-The `event_by_ssh_service` custom attribute takes care of passing the correct
+The `event_by_ssh_service` custom variable takes care of passing the correct
 daemon name, while `test $service.state_id$ -gt 0` makes sure that the daemon
 is only restarted when the service is not in an `OK` state.
 
@@ -3018,7 +3236,7 @@ apply Service "http" {
 }
 ```
 
-Specify the `httpd_name` custom attribute on the host to assign the
+Specify the `httpd_name` custom variable on the host to assign the
 service and set the event handler service.
 
 ```
@@ -3030,15 +3248,15 @@ object Host "remote-http-host" {
 }
 ```
 
-In order to test this configuration just stop the `httpd` on the remote host `icinga2-client1.localdomain`.
+In order to test this configuration just stop the `httpd` on the remote host `icinga2-agent1.localdomain`.
 
 ```
-[root@icinga2-client1.localdomain /]# systemctl stop httpd
+[root@icinga2-agent1.localdomain /]# systemctl stop httpd
 ```
 
 You can enable the [debug log](15-troubleshooting.md#troubleshooting-enable-debug-output) and search for the
 executed command line.
 
 ```
-[root@icinga2-client1.localdomain /]# tail -f /var/log/icinga2/debug.log | grep by_ssh
+[root@icinga2-agent1.localdomain /]# tail -f /var/log/icinga2/debug.log | grep by_ssh
 ```
diff --git a/doc/04-configuring-icinga-2.md b/doc/04-configuration.md
similarity index 57%
rename from doc/04-configuring-icinga-2.md
rename to doc/04-configuration.md
index 61e920126..be787e77b 100644
--- a/doc/04-configuring-icinga-2.md
+++ b/doc/04-configuration.md
@@ -1,8 +1,18 @@
-# Configuring Icinga 2: First Steps <a id="configuring-icinga2-first-steps"></a>
+# Configuration <a id="configuration"></a>
 
-This chapter provides an introduction into best practices for your Icinga 2 configuration.
-The configuration files which are automatically created when installing the Icinga 2 packages
-are a good way to start with Icinga 2.
+The Icinga [configuration](https://icinga.com/products/configuration/)
+can be easily managed with either the [Icinga Director](https://icinga.com/docs/director/latest/),
+config management tools or plain text within the [Icinga DSL](04-configuration.md#configuration).
+
+Before looking into web based configuration or any sort of automation,
+we recommend to start with the configuration files and fully understand
+the possibilities of the Icinga DSL (Domain Specific Language).
+
+The package installation provides example configuration which already
+monitors the local Icinga server. You can view the monitoring details
+in Icinga Web.
+
+![Icinga Web Local Server](images/configuration/icinga_web_local_server.png)
 
 The [Language Reference](17-language-reference.md#language-reference) chapter explains details
 on value types (string, number, dictionaries, etc.) and the general configuration syntax.
@@ -15,8 +25,9 @@ decide for a possible strategy.
 
 There are many ways of creating Icinga 2 configuration objects:
 
+* The [Icinga Director](https://icinga.com/docs/director/latest/) as web based and/or automation configuration interface
+    * [Monitoring Automation with Icinga - The Director](https://icinga.com/2019/04/23/monitoring-automation-with-icinga-the-director/)
 * Manually with your preferred editor, for example vi(m), nano, notepad, etc.
-* A configuration tool for Icinga 2 e.g. the [Icinga Director](https://github.com/Icinga/icingaweb2-module-director)
 * Generated by a [configuration management tool](13-addons.md#configuration-tools) such as Puppet, Chef, Ansible, etc.
 * A custom exporter script from your CMDB or inventory tool
 * etc.
@@ -36,7 +47,7 @@ host and service basis.
 Then you should look for the object specific configuration setting `host_name` etc. accordingly.
 
 You decide on the "best" layout for configuration files and directories. Ensure that
-the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration file includes them.
+the [icinga2.conf](04-configuration.md#icinga2-conf) configuration file includes them.
 
 Consider these ideas:
 
@@ -48,12 +59,12 @@ Consider these ideas:
 
 In either way of choosing the right strategy you should additionally check the following:
 
-* Are there any specific attributes describing the host/service you could set as `vars` custom attributes?
+* Are there any specific attributes describing the host/service you could set as `vars` custom variables?
 You can later use them for applying assign/ignore rules, or export them into external interfaces.
 * Put hosts into hostgroups, services into servicegroups and use these attributes for your apply rules.
 * Use templates to store generic attributes for your objects and apply rules making your configuration more readable.
 Details can be found in the [using templates](03-monitoring-basics.md#object-inheritance-using-templates) chapter.
-* Apply rules may overlap. Keep a central place (for example, [services.conf](04-configuring-icinga-2.md#services-conf) or [notifications.conf](04-configuring-icinga-2.md#notifications-conf)) storing
+* Apply rules may overlap. Keep a central place (for example, [services.conf](04-configuration.md#services-conf) or [notifications.conf](04-configuration.md#notifications-conf)) storing
 the configuration instead of defining apply rules deep in your configuration tree.
 * Every plugin used as check, notification or event command requires a `Command` definition.
 Further details can be looked up in the [check commands](03-monitoring-basics.md#check-commands) chapter.
@@ -66,7 +77,7 @@ There is a detailed chapter on [distributed monitoring scenarios](06-distributed
 Please ensure to have read the [introduction](06-distributed-monitoring.md#distributed-monitoring) at first glance.
 
 If you happen to have further questions, do not hesitate to join the
-[community support channels](https://www.icinga.com/community/get-involved/)
+[community forum](https://community.icinga.com)
 and ask community members for their experience and best practices.
 
 ## Your Configuration <a id="your-configuration"></a>
@@ -77,14 +88,16 @@ If you prefer to organize your own local object tree, you can also remove
 Create a new configuration directory, e.g. `objects.d` and include it
 in your icinga2.conf file.
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/objects.d
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/objects.d
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/icinga2.conf
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/icinga2.conf
 
-    /* Local object configuration on our master instance. */
-    include_recursive "objects.d"
+/* Local object configuration on our master instance. */
+include_recursive "objects.d"
+```
 
-This approach is used by the [Icinga 2 Puppet module](https://github.com/Icinga/puppet-icinga2).
+This approach is used by the [Icinga 2 Puppet module](https://icinga.com/products/integrations/puppet/).
 
 If you plan to setup a distributed setup with HA clusters and clients, please refer to [this chapter](#06-distributed-monitoring.md#distributed-monitoring-top-down)
 for examples with `zones.d` as configuration directory.
@@ -97,76 +110,84 @@ An example configuration file is installed for you in `/etc/icinga2/icinga2.conf
 
 Here's a brief description of the example configuration:
 
-    /**
-     * Icinga 2 configuration file
-     * -- this is where you define settings for the Icinga application including
-     * which hosts/services to check.
-     *
-     * For an overview of all available configuration options please refer
-     * to the documentation that is distributed as part of Icinga 2.
-     */
+```
+/**
+* Icinga 2 configuration file
+* -- this is where you define settings for the Icinga application including
+* which hosts/services to check.
+*
+* For an overview of all available configuration options please refer
+* to the documentation that is distributed as part of Icinga 2.
+*/
+```
 
 Icinga 2 supports [C/C++-style comments](17-language-reference.md#comments).
 
-    /**
-     * The constants.conf defines global constants.
-     */
-    include "constants.conf"
+/**
+* The constants.conf defines global constants.
+*/
+include "constants.conf"
 
 The `include` directive can be used to include other files.
 
-    /**
-     * The zones.conf defines zones for a cluster setup.
-     * Not required for single instance setups.
-     */
-     include "zones.conf"
+```
+/**
+* The zones.conf defines zones for a cluster setup.
+* Not required for single instance setups.
+*/
+include "zones.conf"
+```
 
 The [Icinga Template Library](10-icinga-template-library.md#icinga-template-library) provides a set of common templates
 and [CheckCommand](03-monitoring-basics.md#check-commands) definitions.
 
-    /**
-     * The Icinga Template Library (ITL) provides a number of useful templates
-     * and command definitions.
-     * Common monitoring plugin command definitions are included separately.
-     */
-    include <itl>
-    include <plugins>
-    include <plugins-contrib>
-    include <manubulon>
+```
+/**
+* The Icinga Template Library (ITL) provides a number of useful templates
+* and command definitions.
+* Common monitoring plugin command definitions are included separately.
+*/
+include <itl>
+include <plugins>
+include <plugins-contrib>
+include <manubulon>
 
-    /**
-     * This includes the Icinga 2 Windows plugins. These command definitions
-     * are required on a master node when a client is used as command endpoint.
-     */
-    include <windows-plugins>
+/**
+* This includes the Icinga 2 Windows plugins. These command definitions
+* are required on a master node when a client is used as command endpoint.
+*/
+include <windows-plugins>
 
-    /**
-     * This includes the NSClient++ check commands. These command definitions
-     * are required on a master node when a client is used as command endpoint.
-     */
-    include <nscp>
+/**
+* This includes the NSClient++ check commands. These command definitions
+* are required on a master node when a client is used as command endpoint.
+*/
+include <nscp>
 
-    /**
-     * The features-available directory contains a number of configuration
-     * files for features which can be enabled and disabled using the
-     * icinga2 feature enable / icinga2 feature disable CLI commands.
-     * These commands work by creating and removing symbolic links in
-     * the features-enabled directory.
-     */
-    include "features-enabled/*.conf"
+/**
+* The features-available directory contains a number of configuration
+* files for features which can be enabled and disabled using the
+* icinga2 feature enable / icinga2 feature disable CLI commands.
+* These commands work by creating and removing symbolic links in
+* the features-enabled directory.
+*/
+include "features-enabled/*.conf"
+```
 
 This `include` directive takes care of including the configuration files for all
 the features which have been enabled with `icinga2 feature enable`. See
 [Enabling/Disabling Features](11-cli-commands.md#enable-features) for more details.
 
-    /**
-     * Although in theory you could define all your objects in this file
-     * the preferred way is to create separate directories and files in the conf.d
-     * directory. Each of these files must have the file extension ".conf".
-     */
-    include_recursive "conf.d"
+```
+/**
+* Although in theory you could define all your objects in this file
+* the preferred way is to create separate directories and files in the conf.d
+* directory. Each of these files must have the file extension ".conf".
+*/
+include_recursive "conf.d"
+```
 
-You can put your own configuration files in the [conf.d](04-configuring-icinga-2.md#conf-d) directory. This
+You can put your own configuration files in the [conf.d](04-configuration.md#conf-d) directory. This
 directive makes sure that all of your own configuration files are included.
 
 ### constants.conf <a id="constants-conf"></a>
@@ -175,7 +196,7 @@ The `constants.conf` configuration file can be used to define global constants.
 
 By default, you need to make sure to set these constants:
 
-* The `PluginDir` constant must be set to the path where the [Monitoring Project plugins](02-getting-started.md#setting-up-check-plugins) are installed.
+* The `PluginDir` constant must be set to the path where the [Monitoring Project plugins](02-installation.md#setting-up-check-plugins) are installed.
 This constant is used by a number of
 [built-in check command definitions](10-icinga-template-library.md#icinga-template-library).
 * The `NodeName` constant defines your local node name. Should be set to FQDN which is the default
@@ -184,27 +205,30 @@ cluster setup.
 
 Example:
 
-    /* The directory which contains the plugins from the Monitoring Plugins project. */
-    const PluginDir = "/usr/lib64/nagios/plugins"
+```
+/* The directory which contains the plugins from the Monitoring Plugins project. */
+const PluginDir = "/usr/lib64/nagios/plugins"
 
-    /* The directory which contains the Manubulon plugins.
-     * Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details.
-     */
-    const ManubulonPluginDir = "/usr/lib64/nagios/plugins"
+/* The directory which contains the Manubulon plugins.
+* Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details.
+*/
+const ManubulonPluginDir = "/usr/lib64/nagios/plugins"
 
-    /* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`.
-     * This should be the common name from the API certificate.
-     */
-    //const NodeName = "localhost"
+/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`.
+* This should be the common name from the API certificate.
+*/
+//const NodeName = "localhost"
 
-    /* Our local zone name. */
-    const ZoneName = NodeName
+/* Our local zone name. */
+const ZoneName = NodeName
 
-    /* Secret key for remote node tickets */
-    const TicketSalt = ""
+/* Secret key for remote node tickets */
+const TicketSalt = ""
+```
 
 The `ZoneName` and `TicketSalt` constants are required for remote client
-and distributed setups only.
+and distributed setups. The `node setup/wizard` CLI tools take care of
+populating these values.
 
 ### zones.conf <a id="zones-conf"></a>
 
@@ -212,7 +236,7 @@ This file can be used to specify the required [Zone](09-object-types.md#objectty
 and [Endpoint](09-object-types.md#objecttype-endpoint) configuration object for
 [distributed monitoring](06-distributed-monitoring.md#distributed-monitoring).
 
-By default the `NodeName` and `ZoneName` [constants](04-configuring-icinga-2.md#constants-conf) will be used.
+By default the `NodeName` and `ZoneName` [constants](04-configuration.md#constants-conf) will be used.
 
 It also contains several [global zones](06-distributed-monitoring.md#distributed-monitoring-global-zone-config-sync)
 for distributed monitoring environments.
@@ -225,38 +249,38 @@ for your `Zone` and `Endpoint` object names.
 
 This directory contains **example configuration** which should help you get started
 with monitoring the local host and its services. It is included in the
-[icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration file by default.
+[icinga2.conf](04-configuration.md#icinga2-conf) configuration file by default.
 
 It can be used as reference example for your own configuration strategy.
 Just keep in mind to include the main directories in the
-[icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) file.
+[icinga2.conf](04-configuration.md#icinga2-conf) file.
 
 > **Note**
 >
-> You can remove the include directive in [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf)
+> You can remove the include directive in [icinga2.conf](04-configuration.md#icinga2-conf)
 > if you prefer your own way of deploying Icinga 2 configuration.
 
 Further details on configuration best practice and how to build your
-own strategy is described in [this chapter](04-configuring-icinga-2.md#configuration-best-practice).
+own strategy is described in [this chapter](04-configuration.md#configuration-best-practice).
 
 Available configuration files which are installed by default:
 
-* [hosts.conf](04-configuring-icinga-2.md#hosts-conf)
-* [services.conf](04-configuring-icinga-2.md#services-conf)
-* [users.conf](04-configuring-icinga-2.md#users-conf)
-* [notifications.conf](04-configuring-icinga-2.md#notifications-conf)
-* [commands.conf](04-configuring-icinga-2.md#commands-conf)
-* [groups.conf](04-configuring-icinga-2.md#groups-conf)
-* [templates.conf](04-configuring-icinga-2.md#templates-conf)
-* [downtimes.conf](04-configuring-icinga-2.md#downtimes-conf)
-* [timeperiods.conf](04-configuring-icinga-2.md#timeperiods-conf)
-* [api-users.conf](04-configuring-icinga-2.md#api-users-conf)
-* [app.conf](04-configuring-icinga-2.md#app-conf)
+* [hosts.conf](04-configuration.md#hosts-conf)
+* [services.conf](04-configuration.md#services-conf)
+* [users.conf](04-configuration.md#users-conf)
+* [notifications.conf](04-configuration.md#notifications-conf)
+* [commands.conf](04-configuration.md#commands-conf)
+* [groups.conf](04-configuration.md#groups-conf)
+* [templates.conf](04-configuration.md#templates-conf)
+* [downtimes.conf](04-configuration.md#downtimes-conf)
+* [timeperiods.conf](04-configuration.md#timeperiods-conf)
+* [api-users.conf](04-configuration.md#api-users-conf)
+* [app.conf](04-configuration.md#app-conf)
 
 #### hosts.conf <a id="hosts-conf"></a>
 
 The `hosts.conf` file contains an example host based on your
-`NodeName` setting in [constants.conf](04-configuring-icinga-2.md#constants-conf). You
+`NodeName` setting in [constants.conf](04-configuration.md#constants-conf). You
 can use global constants for your object names instead of string
 values.
 
@@ -264,82 +288,84 @@ The `import` keyword is used to import the `generic-host` template which
 takes care of setting up the host check command to `hostalive`. If you
 require a different check command, you can override it in the object definition.
 
-The `vars` attribute can be used to define custom attributes which are available
+The `vars` attribute can be used to define custom variables which are available
 for check and notification commands. Most of the [Plugin Check Commands](10-icinga-template-library.md#icinga-template-library)
 in the Icinga Template Library require an `address` attribute.
 
-The custom attribute `os` is evaluated by the `linux-servers` group in
-[groups.conf](04-configuring-icinga-2.md#groups-conf) making the local host a member.
+The custom variable `os` is evaluated by the `linux-servers` group in
+[groups.conf](04-configuration.md#groups-conf) making the local host a member.
 
 The example host will show you how to:
 
 * define http vhost attributes for the `http` service apply rule defined
-in [services.conf](04-configuring-icinga-2.md#services-conf).
+in [services.conf](04-configuration.md#services-conf).
 * define disks (all, specific `/`) and their attributes for the `disk`
-service apply rule defined in [services.conf](04-configuring-icinga-2.md#services-conf).
+service apply rule defined in [services.conf](04-configuration.md#services-conf).
 * define notification types (`mail`) and set the groups attribute. This
-will be used by notification apply rules in [notifications.conf](04-configuring-icinga-2.md#notifications-conf).
+will be used by notification apply rules in [notifications.conf](04-configuration.md#notifications-conf).
 
-If you've installed [Icinga Web 2](02-getting-started.md#setting-up-icingaweb2), you can
+If you've installed [Icinga Web 2](02-installation.md#setting-up-icingaweb2), you can
 uncomment the http vhost attributes and reload Icinga 2. The apply
-rules in [services.conf](04-configuring-icinga-2.md#services-conf) will automatically
+rules in [services.conf](04-configuration.md#services-conf) will automatically
 generate a new service checking the `/icingaweb2` URI using the `http`
 check.
 
-    /*
-     * Host definitions with object attributes
-     * used for apply rules for Service, Notification,
-     * Dependency and ScheduledDowntime objects.
-     *
-     * Tip: Use `icinga2 object list --type Host` to
-     * list all host objects after running
-     * configuration validation (`icinga2 daemon -C`).
-     */
+```
+/*
+* Host definitions with object attributes
+* used for apply rules for Service, Notification,
+* Dependency and ScheduledDowntime objects.
+*
+* Tip: Use `icinga2 object list --type Host` to
+* list all host objects after running
+* configuration validation (`icinga2 daemon -C`).
+*/
 
-    /*
-     * This is an example host based on your
-     * local host's FQDN. Specify the NodeName
-     * constant in `constants.conf` or use your
-     * own description, e.g. "db-host-1".
-     */
+/*
+ * This is an example host based on your
+ * local host's FQDN. Specify the NodeName
+ * constant in `constants.conf` or use your
+ * own description, e.g. "db-host-1".
+ */
 
-    object Host NodeName {
-      /* Import the default host template defined in `templates.conf`. */
-      import "generic-host"
+object Host NodeName {
+  /* Import the default host template defined in `templates.conf`. */
+  import "generic-host"
 
-      /* Specify the address attributes for checks e.g. `ssh` or `http`. */
-      address = "127.0.0.1"
-      address6 = "::1"
+  /* Specify the address attributes for checks e.g. `ssh` or `http`. */
+  address = "127.0.0.1"
+  address6 = "::1"
 
-      /* Set custom attribute `os` for hostgroup assignment in `groups.conf`. */
-      vars.os = "Linux"
+  /* Set custom variable `os` for hostgroup assignment in `groups.conf`. */
+  vars.os = "Linux"
 
-      /* Define http vhost attributes for service apply rules in `services.conf`. */
-      vars.http_vhosts["http"] = {
-        http_uri = "/"
-      }
-      /* Uncomment if you've sucessfully installed Icinga Web 2. */
-      //vars.http_vhosts["Icinga Web 2"] = {
-      //  http_uri = "/icingaweb2"
-      //}
+  /* Define http vhost attributes for service apply rules in `services.conf`. */
+  vars.http_vhosts["http"] = {
+    http_uri = "/"
+  }
+  /* Uncomment if you've sucessfully installed Icinga Web 2. */
+  //vars.http_vhosts["Icinga Web 2"] = {
+  //  http_uri = "/icingaweb2"
+  //}
 
-      /* Define disks and attributes for service apply rules in `services.conf`. */
-      vars.disks["disk"] = {
-        /* No parameters. */
-      }
-      vars.disks["disk /"] = {
-        disk_partitions = "/"
-      }
+  /* Define disks and attributes for service apply rules in `services.conf`. */
+  vars.disks["disk"] = {
+    /* No parameters. */
+  }
+  vars.disks["disk /"] = {
+    disk_partitions = "/"
+  }
 
-      /* Define notification mail attributes for notification apply rules in `notifications.conf`. */
-      vars.notification["mail"] = {
-        /* The UserGroup `icingaadmins` is defined in `users.conf`. */
-        groups = [ "icingaadmins" ]
-      }
-    }
+  /* Define notification mail attributes for notification apply rules in `notifications.conf`. */
+  vars.notification["mail"] = {
+    /* The UserGroup `icingaadmins` is defined in `users.conf`. */
+    groups = [ "icingaadmins" ]
+  }
+}
+```
 
 This is only the host object definition. Now we'll need to make sure that this
-host and your additional hosts are getting [services](04-configuring-icinga-2.md#services-conf) applied.
+host and your additional hosts are getting [services](04-configuration.md#services-conf) applied.
 
 > **Tip**
 >
@@ -363,8 +389,8 @@ Service(s)                                  | Applied on host(s)
 `load`, `procs`, `swap`, `users`, `icinga`  | The `NodeName` host only.
 `ping4`, `ping6`                            | All hosts with `address` resp. `address6` attribute.
 `ssh`                                       | All hosts with `address` and `vars.os` set to `Linux`
-`http`, optional: `Icinga Web 2`            | All hosts with custom attribute `http_vhosts` defined as dictionary.
-`disk`, `disk /`                            | All hosts with custom attribute `disks` defined as dictionary.
+`http`, optional: `Icinga Web 2`            | All hosts with custom variable `http_vhosts` defined as dictionary.
+`disk`, `disk /`                            | All hosts with custom variable `disks` defined as dictionary.
 
 The Debian packages also include an additional `apt` service check applied to the local host.
 
@@ -376,24 +402,26 @@ which we enabled earlier by including the `itl` and `plugins` configuration file
 
 Example `load` service apply rule:
 
-    apply Service "load" {
-      import "generic-service"
+```
+apply Service "load" {
+import "generic-service"
 
-      check_command = "load"
+check_command = "load"
 
-      /* Used by the ScheduledDowntime apply rule in `downtimes.conf`. */
-      vars.backup_downtime = "02:00-03:00"
+/* Used by the ScheduledDowntime apply rule in `downtimes.conf`. */
+vars.backup_downtime = "02:00-03:00"
 
-      assign where host.name == NodeName
-    }
+assign where host.name == NodeName
+}
+```
 
 The `apply` keyword can be used to create new objects which are associated with
 another group of objects. You can `import` existing templates, define (custom)
 attributes.
 
-The custom attribute `backup_downtime` is defined to a specific timerange string.
+The custom variable `backup_downtime` is defined to a specific timerange string.
 This variable value will be used for applying a `ScheduledDowntime` object to
-these services in [downtimes.conf](04-configuring-icinga-2.md#downtimes-conf).
+these services in [downtimes.conf](04-configuration.md#downtimes-conf).
 
 In this example the `assign where` condition is a boolean expression which is
 evaluated for all objects of type `Host` and a new service with name "load"
@@ -403,16 +431,18 @@ may be used in `assign where` conditions.
 Multiple `assign where` condition can be combined with `AND` using the `&&` operator
 as shown in the `ssh` example:
 
-    apply Service "ssh" {
-      import "generic-service"
+```
+apply Service "ssh" {
+  import "generic-service"
 
-      check_command = "ssh"
+  check_command = "ssh"
 
-      assign where host.address && host.vars.os == "Linux"
-    }
+  assign where host.address && host.vars.os == "Linux"
+}
+```
 
 In this example, the service `ssh` is applied to all hosts having the `address`
-attribute defined `AND` having the custom attribute `os` set to the string
+attribute defined `AND` having the custom variable `os` set to the string
 `Linux`.
 You can modify this condition to match multiple expressions by combining `AND`
 and `OR` using `&&` and `||` [operators](17-language-reference.md#expression-operators), for example
@@ -424,21 +454,22 @@ rules. While one `apply` rule for `ssh` will only create a service for matching
 hosts, you can go one step further: Generate apply rules based on array items
 or dictionary key-value pairs.
 
-The idea is simple: Your host in [hosts.conf](04-configuring-icinga-2.md#hosts-conf) defines the
-`disks` dictionary as custom attribute in `vars`.
+The idea is simple: Your host in [hosts.conf](04-configuration.md#hosts-conf) defines the
+`disks` dictionary as custom variable in `vars`.
 
-Remember the example from [hosts.conf](04-configuring-icinga-2.md#hosts-conf):
-
-    ...
-      /* Define disks and attributes for service apply rules in `services.conf`. */
-      vars.disks["disk"] = {
-        /* No parameters. */
-      }
-      vars.disks["disk /"] = {
-        disk_partition = "/"
-      }
-    ...
+Remember the example from [hosts.conf](04-configuration.md#hosts-conf):
 
+```
+...
+  /* Define disks and attributes for service apply rules in `services.conf`. */
+  vars.disks["disk"] = {
+    /* No parameters. */
+  }
+  vars.disks["disk /"] = {
+    disk_partition = "/"
+  }
+...
+```
 
 This dictionary contains multiple service names we want to monitor. `disk`
 should just check all available disks, while `disk /` will pass an additional
@@ -466,23 +497,25 @@ generated service
 
 Configuration example:
 
-    apply Service for (disk => config in host.vars.disks) {
-      import "generic-service"
+```
+apply Service for (disk => config in host.vars.disks) {
+  import "generic-service"
 
-      check_command = "disk"
+  check_command = "disk"
 
-      vars += config
-    }
+  vars += config
+}
+```
 
 A similar example is used for the `http` services. That way you can make your
 host the information provider for all apply rules. Define them once, and only
 manage your hosts.
 
-Look into [notifications.conf](04-configuring-icinga-2.md#notifications-conf) how this technique is used
+Look into [notifications.conf](04-configuration.md#notifications-conf) how this technique is used
 for applying notifications to hosts and services using their type and user
 attributes.
 
-Don't forget to install the [check plugins](02-getting-started.md#setting-up-check-plugins) required by
+Don't forget to install the [check plugins](02-installation.md#setting-up-check-plugins) required by
 the hosts and services and their check commands.
 
 Further details on the monitoring configuration can be found in the
@@ -491,22 +524,23 @@ Further details on the monitoring configuration can be found in the
 #### users.conf <a id="users-conf"></a>
 
 Defines the `icingaadmin` User and the `icingaadmins` UserGroup. The latter is used in
-[hosts.conf](04-configuring-icinga-2.md#hosts-conf) for defining a custom host attribute later used in
-[notifications.conf](04-configuring-icinga-2.md#notifications-conf) for notification apply rules.
+[hosts.conf](04-configuration.md#hosts-conf) for defining a custom host attribute later used in
+[notifications.conf](04-configuration.md#notifications-conf) for notification apply rules.
 
-    object User "icingaadmin" {
-      import "generic-user"
+```
+object User "icingaadmin" {
+  import "generic-user"
 
-      display_name = "Icinga 2 Admin"
-      groups = [ "icingaadmins" ]
+  display_name = "Icinga 2 Admin"
+  groups = [ "icingaadmins" ]
 
-      email = "icinga@localhost"
-    }
-
-    object UserGroup "icingaadmins" {
-      display_name = "Icinga 2 Admin Group"
-    }
+  email = "icinga@localhost"
+}
 
+object UserGroup "icingaadmins" {
+  display_name = "Icinga 2 Admin Group"
+}
+```
 
 #### notifications.conf <a id="notifications-conf"></a>
 
@@ -519,31 +553,33 @@ nested dictionary attribute `notification.mail` is set.
 
 Please note that the `to` keyword is important in [notification apply rules](03-monitoring-basics.md#using-apply-notifications)
 defining whether these notifications are applies to hosts or services.
-The `import` keyword imports the specific mail templates defined in [templates.conf](04-configuring-icinga-2.md#templates-conf).
+The `import` keyword imports the specific mail templates defined in [templates.conf](04-configuration.md#templates-conf).
 
 The `interval` attribute is not explicitly set -- it [defaults to 30 minutes](09-object-types.md#objecttype-notification).
 
 By setting the `user_groups` to the value provided by the
-respective [host.vars.notification.mail](04-configuring-icinga-2.md#hosts-conf) attribute we'll
-implicitely use the `icingaadmins` UserGroup defined in [users.conf](04-configuring-icinga-2.md#users-conf).
+respective [host.vars.notification.mail](04-configuration.md#hosts-conf) attribute we'll
+implicitely use the `icingaadmins` UserGroup defined in [users.conf](04-configuration.md#users-conf).
 
-    apply Notification "mail-icingaadmin" to Host {
-      import "mail-host-notification"
+```
+apply Notification "mail-icingaadmin" to Host {
+  import "mail-host-notification"
 
-      user_groups = host.vars.notification.mail.groups
-      users = host.vars.notification.mail.users
+  user_groups = host.vars.notification.mail.groups
+  users = host.vars.notification.mail.users
 
-      assign where host.vars.notification.mail
-    }
+  assign where host.vars.notification.mail
+}
 
-    apply Notification "mail-icingaadmin" to Service {
-      import "mail-service-notification"
+apply Notification "mail-icingaadmin" to Service {
+  import "mail-service-notification"
 
-      user_groups = host.vars.notification.mail.groups
-      users = host.vars.notification.mail.users
+  user_groups = host.vars.notification.mail.groups
+  users = host.vars.notification.mail.users
 
-      assign where host.vars.notification.mail
-    }
+  assign where host.vars.notification.mail
+}
+```
 
 More details on defining notifications and their additional attributes such as
 filters can be read in [this chapter](03-monitoring-basics.md#alert-notifications).
@@ -551,7 +587,7 @@ filters can be read in [this chapter](03-monitoring-basics.md#alert-notification
 #### commands.conf <a id="commands-conf"></a>
 
 This is the place where your own command configuration can be defined. By default
-only the notification commands used by the notification templates defined in [templates.conf](04-configuring-icinga-2.md#templates-conf).
+only the notification commands used by the notification templates defined in [templates.conf](04-configuration.md#templates-conf).
 
 You can freely customize these notification commands, and adapt them for your needs.
 Read more on that topic [here](03-monitoring-basics.md#notification-commands).
@@ -559,122 +595,129 @@ Read more on that topic [here](03-monitoring-basics.md#notification-commands).
 #### groups.conf <a id="groups-conf"></a>
 
 The example host defined in [hosts.conf](hosts-conf) already has the
-custom attribute `os` set to `Linux` and is therefore automatically
+custom variable `os` set to `Linux` and is therefore automatically
 a member of the host group `linux-servers`.
 
 This is done by using the [group assign](17-language-reference.md#group-assign) expressions similar
 to previously seen [apply rules](03-monitoring-basics.md#using-apply).
 
-    object HostGroup "linux-servers" {
-      display_name = "Linux Servers"
+```
+object HostGroup "linux-servers" {
+  display_name = "Linux Servers"
 
-      assign where host.vars.os == "Linux"
-    }
+  assign where host.vars.os == "Linux"
+}
 
-    object HostGroup "windows-servers" {
-      display_name = "Windows Servers"
+object HostGroup "windows-servers" {
+  display_name = "Windows Servers"
 
-      assign where host.vars.os == "Windows"
-    }
+  assign where host.vars.os == "Windows"
+}
+```
 
 Service groups can be grouped together by similar pattern matches.
 The [match function](18-library-reference.md#global-functions-match) expects a wildcard match string
 and the attribute string to match with.
 
-    object ServiceGroup "ping" {
-      display_name = "Ping Checks"
+```
+object ServiceGroup "ping" {
+  display_name = "Ping Checks"
 
-      assign where match("ping*", service.name)
-    }
+  assign where match("ping*", service.name)
+}
 
-    object ServiceGroup "http" {
-      display_name = "HTTP Checks"
+object ServiceGroup "http" {
+  display_name = "HTTP Checks"
 
-      assign where match("http*", service.check_command)
-    }
+  assign where match("http*", service.check_command)
+}
 
-    object ServiceGroup "disk" {
-      display_name = "Disk Checks"
-
-      assign where match("disk*", service.check_command)
-    }
+object ServiceGroup "disk" {
+  display_name = "Disk Checks"
 
+  assign where match("disk*", service.check_command)
+}
+```
 
 #### templates.conf <a id="templates-conf"></a>
 
 Most of the example configuration objects use generic global templates by
 default:
 
-    template Host "generic-host" {
-      max_check_attempts = 5
-      check_interval = 1m
-      retry_interval = 30s
+```
+template Host "generic-host" {
+  max_check_attempts = 5
+  check_interval = 1m
+  retry_interval = 30s
 
-      check_command = "hostalive"
-    }
+  check_command = "hostalive"
+}
 
-    template Service "generic-service" {
-      max_check_attempts = 3
-      check_interval = 1m
-      retry_interval = 30s
-    }
+template Service "generic-service" {
+  max_check_attempts = 3
+  check_interval = 1m
+  retry_interval = 30s
+}
+```
 
 The `hostalive` check command is part of the
 [Plugin Check Commands](10-icinga-template-library.md#icinga-template-library).
 
+```
+template Notification "mail-host-notification" {
+  command = "mail-host-notification"
 
-    template Notification "mail-host-notification" {
-      command = "mail-host-notification"
+  states = [ Up, Down ]
+  types = [ Problem, Acknowledgement, Recovery, Custom,
+            FlappingStart, FlappingEnd,
+            DowntimeStart, DowntimeEnd, DowntimeRemoved ]
 
-      states = [ Up, Down ]
-      types = [ Problem, Acknowledgement, Recovery, Custom,
-                FlappingStart, FlappingEnd,
-                DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+  period = "24x7"
+}
 
-      period = "24x7"
-    }
+template Notification "mail-service-notification" {
+  command = "mail-service-notification"
 
-    template Notification "mail-service-notification" {
-      command = "mail-service-notification"
+  states = [ OK, Warning, Critical, Unknown ]
+  types = [ Problem, Acknowledgement, Recovery, Custom,
+            FlappingStart, FlappingEnd,
+            DowntimeStart, DowntimeEnd, DowntimeRemoved ]
 
-      states = [ OK, Warning, Critical, Unknown ]
-      types = [ Problem, Acknowledgement, Recovery, Custom,
-                FlappingStart, FlappingEnd,
-                DowntimeStart, DowntimeEnd, DowntimeRemoved ]
-
-      period = "24x7"
-    }
+  period = "24x7"
+}
+```
 
 More details on `Notification` object attributes can be found [here](09-object-types.md#objecttype-notification).
 
 
 #### downtimes.conf <a id="downtimes-conf"></a>
 
-The `load` service apply rule defined in [services.conf](04-configuring-icinga-2.md#services-conf) defines
-the `backup_downtime` custom attribute.
+The `load` service apply rule defined in [services.conf](04-configuration.md#services-conf) defines
+the `backup_downtime` custom variable.
 
 The ScheduledDowntime apply rule uses this attribute to define the default value
 for the time ranges required for recurring downtime slots.
 
 Learn more about downtimes in [this chapter](08-advanced-topics.md#downtimes).
 
-    apply ScheduledDowntime "backup-downtime" to Service {
-      author = "icingaadmin"
-      comment = "Scheduled downtime for backup"
+```
+apply ScheduledDowntime "backup-downtime" to Service {
+  author = "icingaadmin"
+  comment = "Scheduled downtime for backup"
 
-      ranges = {
-        monday = service.vars.backup_downtime
-        tuesday = service.vars.backup_downtime
-        wednesday = service.vars.backup_downtime
-        thursday = service.vars.backup_downtime
-        friday = service.vars.backup_downtime
-        saturday = service.vars.backup_downtime
-        sunday = service.vars.backup_downtime
-      }
-
-      assign where service.vars.backup_downtime != ""
-    }
+  ranges = {
+    monday = service.vars.backup_downtime
+    tuesday = service.vars.backup_downtime
+    wednesday = service.vars.backup_downtime
+    thursday = service.vars.backup_downtime
+    friday = service.vars.backup_downtime
+    saturday = service.vars.backup_downtime
+    sunday = service.vars.backup_downtime
+  }
 
+  assign where service.vars.backup_downtime != ""
+}
+```
 
 #### timeperiods.conf <a id="timeperiods-conf"></a>
 
diff --git a/doc/05-service-monitoring.md b/doc/05-service-monitoring.md
index 855b75b53..3158d162f 100644
--- a/doc/05-service-monitoring.md
+++ b/doc/05-service-monitoring.md
@@ -4,44 +4,142 @@ The power of Icinga 2 lies in its modularity. There are thousands of
 community plugins available next to the standard plugins provided by
 the [Monitoring Plugins project](https://www.monitoring-plugins.org).
 
+Start your research on [Icinga Exchange](https://exchange.icinga.com)
+and look which services are already [covered](05-service-monitoring.md#service-monitoring-overview).
+
+The [requirements chapter](05-service-monitoring.md#service-monitoring-requirements) guides you
+through the plugin setup, tests and their integration with an [existing](05-service-monitoring.md#service-monitoring-plugin-checkcommand)
+or [new](05-service-monitoring.md#service-monitoring-plugin-checkcommand-new) CheckCommand object
+and host/service objects inside the [Director](05-service-monitoring.md#service-monitoring-plugin-checkcommand-integration-director)
+or [Icinga config files](05-service-monitoring.md#service-monitoring-plugin-checkcommand-integration-config-files).
+It also adds hints on [modifying](05-service-monitoring.md#service-monitoring-plugin-checkcommand-modify) existing commands.
+
+Plugins follow the [Plugin API specification](05-service-monitoring.md#service-monitoring-plugin-api)
+which is enriched with examples and also code examples to get you started with
+[your own plugin](05-service-monitoring.md#service-monitoring-plugin-new).
+
+
+
 ## Requirements <a id="service-monitoring-requirements"></a>
 
 ### Plugins <a id="service-monitoring-plugins"></a>
 
-All existing Nagios or Icinga 1.x plugins work with Icinga 2. Community
+All existing Icinga or Nagios plugins work with Icinga 2. Community
 plugins can be found for example on [Icinga Exchange](https://exchange.icinga.com).
 
-The recommended way of setting up these plugins is to copy them to a common directory
-and create a new global constant, e.g. `CustomPluginDir` in your [constants.conf](04-configuring-icinga-2.md#constants-conf)
-configuration file:
+The recommended way of setting up these plugins is to copy them
+into the `PluginDir` directory.
 
-    # cp check_snmp_int.pl /opt/monitoring/plugins
-    # chmod +x /opt/plugins/check_snmp_int.pl
+If you have plugins with many dependencies, consider creating a
+custom RPM/DEB package which handles the required libraries and binaries.
 
-    # cat /etc/icinga2/constants.conf
-    /**
-     * This file defines global constants which can be used in
-     * the other configuration files. At a minimum the
-     * PluginDir constant should be defined.
-     */
+Configuration management tools such as Puppet, Ansible, Chef or Saltstack
+also help with automatically installing the plugins on different
+operating systems. They can also help with installing the required
+dependencies, e.g. Python libraries, Perl modules, etc.
 
-    const PluginDir = "/usr/lib/nagios/plugins"
-    const CustomPluginDir = "/opt/monitoring/plugins"
+### Plugin Setup <a id="service-monitoring-plugins-setup"></a>
+
+Good plugins provide installations and configuration instructions
+in their docs and/or README on GitHub.
+
+Sometimes dependencies are not listed, or your distribution differs from the one
+described. Try running the plugin after setup and [ensure it works](05-service-monitoring.md#service-monitoring-plugins-it-works).
+
+#### Ensure it works <a id="service-monitoring-plugins-it-works"></a>
 
 Prior to using the check plugin with Icinga 2 you should ensure that it is working properly
 by trying to run it on the console using whichever user Icinga 2 is running as:
 
-    # su - icinga -s /bin/bash
-    $ /opt/monitoring/plugins/check_snmp_int.pl --help
+RHEL/CentOS/Fedora
+
+```
+sudo -u icinga /usr/lib64/nagios/plugins/check_mysql_health --help
+```
+
+Debian/Ubuntu
+
+```
+sudo -u nagios /usr/lib/nagios/plugins/check_mysql_health --help
+```
 
 Additional libraries may be required for some plugins. Please consult the plugin
 documentation and/or the included README file for installation instructions.
 Sometimes plugins contain hard-coded paths to other components. Instead of changing
-the plugin it might be easier to create a symbolic link to make sure it doesn't get overwritten during the next update.
+the plugin it might be easier to create a symbolic link to make sure it doesn't get
+overwritten during the next update.
 
 Sometimes there are plugins which do not exactly fit your requirements.
 In that case you can modify an existing plugin or just write your own.
 
+#### Plugin Dependency Errors <a id="service-monitoring-plugins-setup-dependency-errors"></a>
+
+Plugins can be scripts (Shell, Python, Perl, Ruby, PHP, etc.)
+or compiled binaries (C, C++, Go).
+
+These scripts/binaries may require additional libraries
+which must be installed on every system they are executed.
+
+> **Tip**
+>
+> Don't test the plugins on your master instance, instead
+> do that on the satellites and clients which execute the
+> checks.
+
+There are errors, now what? Typical errors are missing libraries,
+binaries or packages.
+
+##### Python Example
+
+Example for a Python plugin which uses the `tinkerforge` module
+to query a network service:
+
+```
+ImportError: No module named tinkerforge.ip_connection
+```
+
+Its [documentation](https://github.com/NETWAYS/check_tinkerforge#installation)
+points to installing the `tinkerforge` Python module.
+
+##### Perl Example
+
+Example for a Perl plugin which uses SNMP:
+
+```
+Can't locate Net/SNMP.pm in @INC (you may need to install the Net::SNMP module)
+```
+
+Prior to installing the Perl module via CPAN, look for a distribution
+specific package, e.g. `libnet-snmp-perl` on Debian/Ubuntu or `perl-Net-SNMP`
+on RHEL/CentOS.
+
+
+#### Optional: Custom Path <a id="service-monitoring-plugins-custom-path"></a>
+
+If you are not using the default `PluginDir` directory, you
+can create a custom plugin directory and constant
+and reference this in the created CheckCommand objects.
+
+Create a common directory e.g. `/opt/monitoring/plugins`
+and install the plugin there.
+
+```
+mkdir -p /opt/monitoring/plugins
+cp check_snmp_int.pl /opt/monitoring/plugins
+chmod +x /opt/monitoring/plugins/check_snmp_int.pl
+```
+
+Next create a new global constant, e.g. `CustomPluginDir`
+in your [constants.conf](04-configuration.md#constants-conf)
+configuration file:
+
+```
+vim /etc/icinga2/constants.conf
+
+const PluginDir = "/usr/lib/nagios/plugins"
+const CustomPluginDir = "/opt/monitoring/plugins"
+```
+
 ### CheckCommand Definition <a id="service-monitoring-plugin-checkcommand"></a>
 
 Each plugin requires a [CheckCommand](09-object-types.md#objecttype-checkcommand) object in your
@@ -50,54 +148,617 @@ configuration which can be used in the [Service](09-object-types.md#objecttype-s
 
 Please check if the Icinga 2 package already provides an
 [existing CheckCommand definition](10-icinga-template-library.md#icinga-template-library).
-If that's the case, throroughly check the required parameters and integrate the check command
-into your host and service objects.
+
+If that's the case, thoroughly check the required parameters and integrate the check command
+into your host and service objects. Best practice is to run the plugin on the CLI
+with the required parameters first.
+
+Example for database size checks with [check_mysql_health](10-icinga-template-library.md#plugin-contrib-command-mysql_health).
+
+```
+/usr/lib64/nagios/plugins/check_mysql_health --hostname '127.0.0.1' --username root --password icingar0xx --mode sql --name 'select sum(data_length + index_length) / 1024 / 1024 from information_schema.tables where table_schema = '\''icinga'\'';' '--name2' 'db_size' --units 'MB' --warning 4096 --critical 8192
+```
+
+The parameter names inside the ITL commands follow the
+`<command name>_<parameter name>` schema.
+
+#### Icinga Director Integration <a id="service-monitoring-plugin-checkcommand-integration-director"></a>
+
+Navigate into `Commands > External Commands` and search for `mysql_health`.
+Select `mysql_health` and navigate into the `Fields` tab.
+
+In order to access the parameters, the Director requires you to first
+define the needed custom data fields:
+
+* `mysql_health_hostname`
+* `mysql_health_username` and `mysql_health_password`
+* `mysql_health_mode`
+* `mysql_health_name`, `mysql_health_name2` and `mysql_health_units`
+* `mysql_health_warning` and `mysql_health_critical`
+
+Create a new host template and object where you'll generic
+settings like `mysql_health_hostname` (if it differs from the host's
+`address` attribute) and `mysql_health_username` and `mysql_health_password`.
+
+Create a new service template for `mysql-health` and set the `mysql_health`
+as check command. You can also define a default for `mysql_health_mode`.
+
+Next, create a service apply rule or a new service set which gets assigned
+to matching host objects.
+
+
+#### Icinga Config File Integration <a id="service-monitoring-plugin-checkcommand-integration-config-files"></a>
+
+Create or modify a host object which stores
+the generic database defaults and prepares details
+for a service apply for rule.
+
+```
+object Host "icinga2-master1.localdomain" {
+  check_command = "hostalive"
+  address = "..."
+
+  // Database listens locally, not external
+  vars.mysql_health_hostname = "127.0.0.1"
+
+  // Basic database size checks for Icinga DBs
+  vars.databases["icinga"] = {
+    mysql_health_warning = 4096 //MB
+    mysql_health_critical = 8192 //MB
+  }
+  vars.databases["icingaweb2"] = {
+    mysql_health_warning = 4096 //MB
+    mysql_health_critical = 8192 //MB
+  }
+}
+```
+
+The host object prepares the database details and thresholds already
+for advanced [apply for](03-monitoring-basics.md#using-apply-for) rules. It also uses
+conditions to fetch host specified values, or set default values.
+
+```
+apply Service "db-size-" for (db_name => config in host.vars.databases) {
+  check_interval = 1m
+  retry_interval = 30s
+
+  check_command = "mysql_health"
+
+  if (config.mysql_health_username) {
+    vars.mysql_healt_username = config.mysql_health_username
+  } else {
+    vars.mysql_health_username = "root"
+  }
+  if (config.mysql_health_password) {
+    vars.mysql_healt_password = config.mysql_health_password
+  } else {
+    vars.mysql_health_password = "icingar0xx"
+  }
+
+  vars.mysql_health_mode = "sql"
+  vars.mysql_health_name = "select sum(data_length + index_length) / 1024 / 1024 from information_schema.tables where table_schema = '" + db_name + "';"
+  vars.mysql_health_name2 = "db_size"
+  vars.mysql_health_units = "MB"
+
+  if (config.mysql_health_warning) {
+    vars.mysql_health_warning = config.mysql_health_warning
+  }
+  if (config.mysql_health_critical) {
+    vars.mysql_health_critical = config.mysql_health_critical
+  }
+
+  vars += config
+}
+```
+
+#### New CheckCommand <a id="service-monitoring-plugin-checkcommand-new"></a>
+
+This chapter describes how to add a new CheckCommand object for a plugin.
 
 Please make sure to follow these conventions when adding a new command object definition:
 
 * Use [command arguments](03-monitoring-basics.md#command-arguments) whenever possible. The `command` attribute
 must be an array in `[ ... ]` for shell escaping.
-* Define a unique `prefix` for the command's specific arguments. That way you can safely
-set them on host/service level and you'll always know which command they control.
+* Define a unique `prefix` for the command's specific arguments. Best practice is to follow this schema:
+
+```
+<command name>_<parameter name>
+```
+
+That way you can safely set them on host/service level and you'll always know which command they control.
 * Use command argument default values, e.g. for thresholds.
 * Use [advanced conditions](09-object-types.md#objecttype-checkcommand) like `set_if` definitions.
 
-This is an example for a custom `my-snmp-int` check command:
+Before starting with the CheckCommand definition, please check
+the existing objects available inside the ITL. They follow best
+practices and are maintained by developers and our community.
 
-    object CheckCommand "my-snmp-int" {
-      command = [ CustomPluginDir + "/check_snmp_int.pl" ]
+This example picks a new plugin called [check_systemd](https://exchange.icinga.com/joseffriedrich/check_systemd)
+uploaded to Icinga Exchange in June 2019.
 
-      arguments = {
-        "-H" = "$snmp_address$"
-        "-C" = "$snmp_community$"
-        "-p" = "$snmp_port$"
-        "-2" = {
-          set_if = "$snmp_v2$"
-        }
-        "-n" = "$snmp_interface$"
-        "-f" = {
-          set_if = "$snmp_perf$"
-        }
-        "-w" = "$snmp_warn$"
-        "-c" = "$snmp_crit$"
-      }
+First, [install](05-service-monitoring.md#service-monitoring-plugins-setup) the plugin and ensure
+that [it works](05-service-monitoring.md#service-monitoring-plugins-it-works). Then run it with the
+`--help` parameter to see the actual parameters (docs might be outdated).
 
-      vars.snmp_v2 = true
-      vars.snmp_perf = true
-      vars.snmp_warn = "300,400"
-      vars.snmp_crit = "0,600"
+```
+./check_systemd.py --help
+
+usage: check_systemd.py [-h] [-c SECONDS] [-e UNIT | -u UNIT] [-v] [-V]
+                        [-w SECONDS]
+
+...
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -c SECONDS, --critical SECONDS
+                        Startup time in seconds to result in critical status.
+  -e UNIT, --exclude UNIT
+                        Exclude a systemd unit from the checks. This option
+                        can be applied multiple times. For example: -e mnt-
+                        data.mount -e task.service.
+  -u UNIT, --unit UNIT  Name of the systemd unit that is beeing tested.
+  -v, --verbose         Increase output verbosity (use up to 3 times).
+  -V, --version         show program's version number and exit
+  -w SECONDS, --warning SECONDS
+                        Startup time in seconds to result in warning status.
+```
+
+The argument description is important, based on this you need to create the
+command arguments.
+
+> **Tip**
+>
+> When you are using the Director, you can prepare the commands as files
+> e.g. inside the `global-templates` zone. Then run the kickstart wizard
+> again to import the commands as external reference.
+>
+> If you prefer to use the Director GUI/CLI, please apply the steps
+> in the `Add Command` form.
+
+Start with the basic plugin call without any parameters.
+
+```
+object CheckCommand "systemd" { // Plugin name without 'check_' prefix
+  command = [ PluginContribDir + "/check_systemd.py" ] // Use the 'PluginContribDir' constant, see the contributed ITL commands
+}
+```
+
+Run a config validation to see if that works, `icinga2 daemon -C`
+
+Next, analyse the plugin parameters. Plugins with a good help output show
+optional parameters in square brackes. This is the case for all parameters
+for this plugin. If there are required parameters, use the `required` key
+inside the argument.
+
+The `arguments` attribute is a dictionary which takes the parameters as keys.
+
+```
+  arguments = {
+    "--unit" = { ... }
+  }
+```
+
+If there a long parameter names available, prefer them. This increases
+readability in both the configuration as well as the executed command line.
+
+The argument value itself is a sub dictionary which has additional keys:
+
+* `value` which references the runtime macro string
+* `description` where you copy the plugin parameter help text into
+* `required`, `set_if`, etc. for advanced parameters, check the [CheckCommand object](09-object-types.md#objecttype-checkcommand) chapter.
+
+The runtime macro syntax is required to allow value extraction when
+the command is executed.
+
+> **Tip**
+>
+> Inside the Director, store the new command first in order to
+> unveil the `Arguments` tab.
+
+Best practice is to use the command name as prefix, in this specific
+case e.g. `systemd_unit`.
+
+```
+  arguments = {
+    "--unit" = {
+      value = "$systemd_unit$" // The service parameter would then be defined as 'vars.systemd_unit = "icinga2"'
+      description = "Name of the systemd unit that is beeing tested."
     }
+    "--warning" = {
+      value = "$systemd_warning$"
+      description = "Startup time in seconds to result in warning status."
+    }
+    "--critical" = {
+      value = "$systemd_critical$"
+      description = "Startup time in seconds to result in critical status."
+    }
+  }
+```
+
+This may take a while -- validate the configuration in between up until
+the CheckCommand definition is done.
+
+Then test and integrate it into your monitoring configuration.
+
+Remember: Do it once and right, and never touch the CheckCommand again.
+Optional arguments allow different use cases and scenarios.
 
 
-For further information on your monitoring configuration read the
-[Monitoring Basics](03-monitoring-basics.md#monitoring-basics) chapter.
+Once you have created your really good CheckCommand, please consider
+sharing it with our community by creating a new PR on [GitHub](https://github.com/Icinga/icinga2/blob/master/CONTRIBUTING.md).
+_Please also update the documentation for the ITL._
+
+
+> **Tip**
+>
+> Inside the Director, you can render the configuration in the Deployment
+> section. Extract the static configuration object and use that as a source
+> for sending it upstream.
+
+
+
+#### Modify Existing CheckCommand <a id="service-monitoring-plugin-checkcommand-modify"></a>
+
+Sometimes an existing CheckCommand inside the ITL is missing a parameter.
+Or you don't need a default parameter value being set.
+
+Instead of copying the entire configuration object, you can import
+an object into another new object.
+
+```
+object CheckCommand "http-custom" {
+  import "http" // Import existing http object
+
+  arguments += { // Use additive assignment to add missing parameters
+    "--key" = {
+      value = "$http_..." // Keep the parameter name the same as with http
+    }
+  }
+
+  // Override default parameters
+  vars.http_address = "..."
+}
+```
+
+This CheckCommand can then be referenced in your host/service object
+definitions.
 
-If you have created your own `CheckCommand` definition, please kindly
-[send it upstream](https://www.icinga.com/community/get-involved/).
 
 ### Plugin API <a id="service-monitoring-plugin-api"></a>
 
-Currently Icinga 2 supports the native plugin API specification from the Monitoring Plugins project. It is defined in the [Monitoring Plugins Development Guidelines](https://www.monitoring-plugins.org/doc/guidelines.html).
+Icinga 2 supports the native plugin API specification from the Monitoring Plugins project.
+It is defined in the [Monitoring Plugins](https://www.monitoring-plugins.org) guidelines.
+
+The Icinga documentation revamps the specification into our
+own guideline enriched with examples and best practices.
+
+#### Output <a id="service-monitoring-plugin-api-output"></a>
+
+The output should be as short and as detailed as possible. The
+most common cases include:
+
+- Viewing a problem list in Icinga Web and dashboards
+- Getting paged about a problem
+- Receiving the alert on the CLI or forwarding it to external (ticket) systems
+
+Examples:
+
+```
+<STATUS>: <A short description what happened>
+
+OK: MySQL connection time is fine (0.0002s)
+WARNING: MySQL connection time is slow (0.5s > 0.1s threshold)
+CRITICAL: MySQL connection time is causing degraded performance (3s > 0.5s threshold)
+```
+
+Icinga supports reading multi-line output where Icinga Web
+only shows the first line in the listings and everything in the detail view.
+
+Example for an end2end check with many smaller test cases integrated:
+
+```
+OK: Online banking works.
+Testcase 1: Site reached.
+Testcase 2: Attempted login, JS loads.
+Testcase 3: Login succeeded.
+Testcase 4: View current state works.
+Testcase 5: Transactions fine.
+```
+
+If the extended output shouldn't be visible in your monitoring, but only for testing,
+it is recommended to implement the `--verbose` plugin parameter to allow
+developers and users to debug further. Check [here](05-service-monitoring.md#service-monitoring-plugin-api-verbose)
+for more implementation tips.
+
+> **Tip**
+>
+> More debug output also helps when implementing your plugin.
+>
+> Best practice is to have the plugin parameter and handling implemented first,
+> then add it anywhere you want to see more, e.g. from initial database connections
+> to actual query results.
+
+
+#### Status <a id="service-monitoring-plugin-api-status"></a>
+
+Value | Status    | Description
+------|-----------|-------------------------------
+0     | OK        | The check went fine and everything is considered working.
+1     | Warning   | The check is above the given warning threshold, or anything else is suspicious requiring attention before it breaks.
+2     | Critical  | The check exceeded the critical threshold, or something really is broken and will harm the production environment.
+3     | Unknown   | Invalid parameters, low level resource errors (IO device busy, no fork resources, TCP sockets, etc.) preventing the actual check. Higher level errors such as DNS resolving, TCP connection timeouts should be treated as `Critical` instead. Whenever the plugin reaches its timeout (best practice) it should also terminate with `Unknown`.
+
+Keep in mind that these are service states. Icinga automatically maps
+the [host state](03-monitoring-basics.md#check-result-state-mapping) from the returned plugin states.
+
+#### Thresholds <a id="service-monitoring-plugin-api-thresholds"></a>
+
+A plugin calculates specific values and may decide about the exit state on its own.
+This is done with thresholds - warning and critical values which are compared with
+the actual value. Upon this logic, the exit state is determined.
+
+Imagine the following value and defined thresholds:
+
+```
+ptc_value = 57.8
+
+warning = 50
+critical = 60
+```
+
+Whenever `ptc_value` is higher than warning or critical, it should return
+the appropriate [state](05-service-monitoring.md#service-monitoring-plugin-api-status).
+
+The threshold evaluation order also is important:
+
+* Critical thresholds are evaluated first and superseed everything else.
+* Warning thresholds are evaluated second
+* If no threshold is matched, return the OK state
+
+Avoid using hardcoded threshold values in your plugins, always
+add them to the argument parser.
+
+Example for Python:
+
+```
+import argparse
+import signal
+import sys
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+
+    parser.add_argument("-w", "--warning", help="Warning threshold. Single value or range, e.g. '20:50'.")
+    parser.add_argument("-c", "--critical", help="Critical threshold. Single vluae or range, e.g. '25:45'.")
+
+    args = parser.parse_args()
+```
+
+Users might call plugins only with the critical threshold parameter,
+leaving out the warning parameter. Keep this in mind when evaluating
+the thresholds, always check if the parameters have been defined before.
+
+```
+    if args.critical:
+        if ptc_value > args.critical:
+            print("CRITICAL - ...")
+            sys.exit(2) # Critical
+
+    if args.warning:
+        if ptc_value > args.warning:
+            print("WARNING - ...")
+            sys.exit(1) # Warning
+
+    print("OK - ...")
+    sys.exit(0) # OK
+```
+
+The above is a simplified example for printing the [output](05-service-monitoring.md#service-monitoring-plugin-api-output)
+and using the [state](05-service-monitoring.md#service-monitoring-plugin-api-status)
+as exit code.
+
+Before diving into the implementation, learn more about required
+[performance data metrics](05-service-monitoring.md#service-monitoring-plugin-api-performance-data-metrics)
+and more best practices below.
+
+##### Threshold Ranges <a id="service-monitoring-plugin-api-thresholds-ranges"></a>
+
+Threshold ranges can be used to specify an alert window, e.g. whenever a calculated
+value is between a lower and higher critical threshold.
+
+The schema for threshold ranges looks as follows. The `@` character in square brackets
+is optional.
+
+```
+[@]start:end
+```
+
+There are a few requirements for ranges:
+
+* `start <= end`. Add a check in your code and let the user know about problematic values.
+
+```
+10:20 	# OK
+
+30:10 	# Error
+```
+
+* `start:` can be omitted if its value is 0. This is the default handling for single threshold values too.
+
+```
+10 	# Every value > 10 and < 0, outside of 0..10
+```
+
+* If `end` is omitted, assume end is infinity.
+
+```
+10: 	# < 10, outside of 10..∞
+```
+
+* In order to specify negative infinity, use the `~` character.
+
+```
+~:10	# > 10, outside of -∞..10
+```
+
+* Raise alert if value is outside of the defined range.
+
+```
+10:20 	# < 10 or > 20, outside of 10..20
+```
+
+* Start with `@` to raise an alert if the value is **inside** the defined range, inclusive start/end values.
+
+```
+@10:20	# >= 10 and <= 20, inside of 10..20
+```
+
+Best practice is to either implement single threshold values, or fully support ranges.
+This requires parsing the input parameter values, therefore look for existing libraries
+already providing this functionality.
+
+[check_tinkerforge](https://github.com/NETWAYS/check_tinkerforge/blob/master/check_tinkerforge.py)
+implements a simple parser to avoid dependencies.
+
+
+#### Performance Data Metrics <a id="service-monitoring-plugin-api-performance-data-metrics"></a>
+
+Performance data metrics must be appended to the plugin output with a preceding `|` character.
+The schema is as follows:
+
+```
+<output> | 'label'=value[UOM];[warn];[crit];[min];[max]
+```
+
+The label should be encapsulated with single quotes. Avoid spaces or special characters such
+as `%` in there, this could lead to problems with metric receivers such as Graphite.
+
+Labels must not include `'` and `=` characters. Keep the label length as short and unique as possible.
+
+Example:
+
+```
+'load1'=4.7
+```
+
+Values must respect the C/POSIX locale and not implement e.g. German locale for floating point numbers with `,`.
+Icinga sets `LC_NUMERIC=C` to enforce this locale on plugin execution.
+
+##### Unit of Measurement (UOM) <a id="service-monitoring-plugin-api-performance-data-metrics-uom"></a>
+
+Unit     | Description
+---------|---------------------------------
+None     | Integer or floating point number for any type (processes, users, etc.).
+`s`      | Seconds, can be `s`, `ms`, `us`.
+`%`      | Percentage.
+`B`      | Bytes, can be `KB`, `MB`, `GB`, `TB`. Lowercase is also possible.
+`c`      | A continuous counter (e.g. interface traffic counters).
+
+Icinga metric writers normalize these values to the lowest common base, e.g. seconds and bytes.
+Bad plugins change the UOM for different sizing, e.g. returning the disk usage in MB and later GB
+for the same performance data label. This is to ensure that graphs always look the same.
+
+```
+'rta'=12.445000ms 'pl'=0%
+```
+
+##### Thresholds and Min/Max <a id="service-monitoring-plugin-api-performance-data-metrics-thresholds-min-max"></a>
+
+Next to the performance data value, warn, crit, min, max can optionally be provided. They must be separated
+with the semi-colon `;` character. They share the same UOM with the performance data value.
+
+```
+$ check_ping -4 -H icinga.com -c '200,15%' -w '100,5%'
+
+PING OK - Packet loss = 0%, RTA = 12.44 ms|rta=12.445000ms;100.000000;200.000000;0.000000 pl=0%;5;15;0
+```
+
+##### Multiple Performance Data Values <a id="service-monitoring-plugin-api-performance-data-metrics-multiple"></a>
+
+Multiple performance data values must be joined with a space character. The below example
+is from the [check_load](10-icinga-template-library.md#plugin-check-command-load) plugin.
+
+```
+load1=4.680;1.000;2.000;0; load5=0.000;5.000;10.000;0; load15=0.000;10.000;20.000;0;
+```
+
+#### Timeout <a id="service-monitoring-plugin-api-timeout"></a>
+
+Icinga has a safety mechanism where it kills processes running for too
+long. The timeout can be specified in [CheckCommand objects](09-object-types.md#objecttype-checkcommand)
+or on the host/service object.
+
+Best practice is to control the timeout in the plugin itself
+and provide a clear message followed by the Unknown state.
+
+Example in Python taken from [check_tinkerforge](https://github.com/NETWAYS/check_tinkerforge/blob/master/check_tinkerforge.py):
+
+```
+import argparse
+import signal
+import sys
+
+def handle_sigalrm(signum, frame, timeout=None):
+    output('Plugin timed out after %d seconds' % timeout, 3)
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    # ... add more arguments
+    parser.add_argument("-t", "--timeout", help="Timeout in seconds (default 10s)", type=int, default=10)
+    args = parser.parse_args()
+
+    signal.signal(signal.SIGALRM, partial(handle_sigalrm, timeout=args.timeout))
+    signal.alarm(args.timeout)
+
+    # ... perform the check and generate output/status
+```
+
+#### Versions <a id="service-monitoring-plugin-api-versions"></a>
+
+Plugins should provide a version via `-V` or `--version` parameter
+which is bumped on releases. This allows to identify problems with
+too old or new versions on the community support channels.
+
+Example in Python taken from [check_tinkerforge](https://github.com/NETWAYS/check_tinkerforge/blob/master/check_tinkerforge.py):
+
+```
+import argparse
+import signal
+import sys
+
+__version__ = '0.9.1'
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+
+    parser.add_argument('-V', '--version', action='version', version='%(prog)s v' + sys.modules[__name__].__version__)
+```
+
+#### Verbose <a id="service-monitoring-plugin-api-verbose"></a>
+
+Plugins should provide a verbose mode with `-v` or `--verbose` in order
+to show more detailed log messages. This helps to debug and analyse the
+flow and execution steps inside the plugin.
+
+Ensure to add the parameter prior to implementing the check logic into
+the plugin.
+
+Example in Python taken from [check_tinkerforge](https://github.com/NETWAYS/check_tinkerforge/blob/master/check_tinkerforge.py):
+
+```
+import argparse
+import signal
+import sys
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+
+    parser.add_argument('-v', '--verbose', action='store_true')
+
+    if args.verbose:
+        print("Verbose debug output")
+```
+
 
 ### Create a new Plugin <a id="service-monitoring-plugin-new"></a>
 
@@ -113,42 +774,55 @@ its output/exit code and return your specified output/exit code.
 On the other hand plugins for specific services and hardware might not yet
 exist.
 
-Common best practices when creating a new plugin are for example:
+> **Tip**
+>
+> Watch this presentation from Icinga Camp Berlin to learn more
+> about [How to write checks that don't suck](https://www.youtube.com/watch?v=Ey_APqSCoFQ).
+
+Common best practices:
 
 * Choose the programming language wisely
  * Scripting languages (Bash, Python, Perl, Ruby, PHP, etc.) are easier to write and setup but their check execution might take longer (invoking the script interpreter as overhead, etc.).
  * Plugins written in C/C++, Go, etc. improve check execution time but may generate an overhead with installation and packaging.
-* Use a modern VCS such as Git for developing the plugin (e.g. share your plugin on GitHub).
+* Use a modern VCS such as Git for developing the plugin, e.g. share your plugin on GitHub and let it sync to [Icinga Exchange](https://exchange.icinga.com).
+* **Look into existing plugins endorsed by community members.**
+
+Implementation hints:
+
 * Add parameters with key-value pairs to your plugin. They should allow long names (e.g. `--host localhost`) and also short parameters (e.g. `-H localhost`)
- * `-h|--help` should print the version and all details about parameters and runtime invocation.
-* Add a verbose/debug output functionality for detailed on-demand logging.
+ * `-h|--help` should print the version and all details about parameters and runtime invocation. Note: Python's ArgParse class provides this OOTB.
+ * `--version` should print the plugin [version](05-service-monitoring.md#service-monitoring-plugin-api-versions).
+* Add a [verbose/debug output](05-service-monitoring.md#service-monitoring-plugin-api-verbose) functionality for detailed on-demand logging.
 * Respect the exit codes required by the [Plugin API](05-service-monitoring.md#service-monitoring-plugin-api).
-* Always add performance data to your plugin output
+* Always add [performance data](05-service-monitoring.md#service-monitoring-plugin-api-performance-data-metrics) to your plugin output.
+* Allow to specify [warning/critical thresholds](05-service-monitoring.md#service-monitoring-plugin-api-thresholds) as parameters.
 
 Example skeleton:
 
-    # 1. include optional libraries
-    # 2. global variables
-    # 3. helper functions and/or classes
-    # 4. define timeout condition
+```
+# 1. include optional libraries
+# 2. global variables
+# 3. helper functions and/or classes
+# 4. define timeout condition
 
-    if (<timeout_reached>) then
-      print "UNKNOWN - Timeout (...) reached | 'time'=30.0
-    endif
+if (<timeout_reached>) then
+  print "UNKNOWN - Timeout (...) reached | 'time'=30.0
+endif
 
-    # 5. main method
+# 5. main method
 
-    <execute and fetch data>
+<execute and fetch data>
 
-    if (<threshold_critical_condition>) then
-      print "CRITICAL - ... | 'time'=0.1 'myperfdatavalue'=5.0
-      exit(2)
-    else if (<threshold_warning_condition>) then
-      print "WARNING - ... | 'time'=0.1 'myperfdatavalue'=3.0
-      exit(1)
-    else
-      print "OK - ... | 'time'=0.2 'myperfdatavalue'=1.0
-    endif
+if (<threshold_critical_condition>) then
+  print "CRITICAL - ... | 'time'=0.1 'myperfdatavalue'=5.0
+  exit(2)
+else if (<threshold_warning_condition>) then
+  print "WARNING - ... | 'time'=0.1 'myperfdatavalue'=3.0
+  exit(1)
+else
+  print "OK - ... | 'time'=0.2 'myperfdatavalue'=1.0
+endif
+```
 
 There are various plugin libraries available which will help
 with plugin execution and output formatting too, for example
@@ -162,12 +836,17 @@ with plugin execution and output formatting too, for example
 Once you've finished your plugin please upload/sync it to [Icinga Exchange](https://exchange.icinga.com/new).
 Thanks in advance!
 
+
 ## Service Monitoring Overview <a id="service-monitoring-overview"></a>
 
 The following examples should help you to start implementing your own ideas.
 There is a variety of plugins available. This collection is not complete --
 if you have any updates, please send a documentation patch upstream.
 
+Please visit our [community forum](https://community.icinga.com) which
+may provide an answer to your use case already. If not, do not hesitate
+to create a new topic.
+
 ### General Monitoring <a id="service-monitoring-general"></a>
 
 If the remote service is available (via a network protocol and port),
@@ -226,11 +905,13 @@ Instead, choose a plugin and configure its parameters and thresholds. The follow
 * [ftp](10-icinga-template-library.md#plugin-check-command-ftp)
 * [webinject](10-icinga-template-library.md#plugin-contrib-command-webinject)
 * [squid](10-icinga-template-library.md#plugin-contrib-command-squid)
-* [apache_status](10-icinga-template-library.md#plugin-contrib-command-apache_status)
+* [apache-status](10-icinga-template-library.md#plugin-contrib-command-apache-status)
 * [nginx_status](10-icinga-template-library.md#plugin-contrib-command-nginx_status)
 * [kdc](10-icinga-template-library.md#plugin-contrib-command-kdc)
 * [rbl](10-icinga-template-library.md#plugin-contrib-command-rbl)
 
+* [Icinga Certificate Monitoring](https://icinga.com/products/icinga-certificate-monitoring/)
+
 ### Java Monitoring <a id="service-monitoring-java"></a>
 
 * [jmx4perl](10-icinga-template-library.md#plugin-contrib-command-jmx4perl)
@@ -255,11 +936,14 @@ Instead, choose a plugin and configure its parameters and thresholds. The follow
 
 ### VMware Monitoring <a id="service-monitoring-virtualization-vmware"></a>
 
+* [Icinga Module for vSphere](https://icinga.com/products/icinga-module-for-vsphere/)
 * [esxi_hardware](10-icinga-template-library.md#plugin-contrib-command-esxi-hardware)
 * [VMware](10-icinga-template-library.md#plugin-contrib-vmware)
 
 **Tip**: If you are encountering timeouts using the VMware Perl SDK,
 check [this blog entry](https://www.claudiokuenzler.com/blog/650/slow-vmware-perl-sdk-soap-request-error-libwww-version).
+Ubuntu 16.04 LTS can have troubles with random entropy in Perl asked [here](https://monitoring-portal.org/t/check-vmware-api-slow-when-run-multiple-times/2868).
+In that case, [haveged](http://issihosts.com/haveged/) may help.
 
 ### SAP Monitoring <a id="service-monitoring-sap"></a>
 
diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md
index fe3e04c51..17396000a 100644
--- a/doc/06-distributed-monitoring.md
+++ b/doc/06-distributed-monitoring.md
@@ -1,42 +1,51 @@
-# Distributed Monitoring with Master, Satellites, and Clients <a id="distributed-monitoring"></a>
+# Distributed Monitoring with Master, Satellites and Agents <a id="distributed-monitoring"></a>
 
 This chapter will guide you through the setup of a distributed monitoring
 environment, including high-availability clustering and setup details
-for the Icinga 2 client.
+for Icinga masters, satellites and agents.
 
-## Roles: Master, Satellites, and Clients <a id="distributed-monitoring-roles"></a>
+## Roles: Master, Satellites and Agents <a id="distributed-monitoring-roles"></a>
 
 Icinga 2 nodes can be given names for easier understanding:
 
 * A `master` node which is on top of the hierarchy.
 * A `satellite` node which is a child of a `satellite` or `master` node.
-* A `client` node which works as an `agent` connected to `master` and/or `satellite` nodes.
+* An `agent` node which is connected to `master` and/or `satellite` nodes.
 
-![Icinga 2 Distributed Roles](images/distributed-monitoring/icinga2_distributed_roles.png)
+![Icinga 2 Distributed Roles](images/distributed-monitoring/icinga2_distributed_monitoring_roles.png)
 
 Rephrasing this picture into more details:
 
 * A `master` node has no parent node.
-  * A `master`node is where you usually install Icinga Web 2.
-  * A `master` node can combine executed checks from child nodes into backends and notifications.
+    * A `master`node is where you usually install Icinga Web 2.
+    * A `master` node can combine executed checks from child nodes into backends and notifications.
 * A `satellite` node has a parent and a child node.
-  * A `satellite` node may execute checks on its own or delegate check execution to child nodes.
-  * A `satellite` node can receive configuration for hosts/services, etc. from the parent node.
-  * A `satellite` node continues to run even if the master node is temporarily unavailable.
-* A `client` node only has a parent node.
-  * A `client` node will either run its own configured checks or receive command execution events from the parent node.
+    * A `satellite` node may execute checks on its own or delegate check execution to child nodes.
+    * A `satellite` node can receive configuration for hosts/services, etc. from the parent node.
+    * A `satellite` node continues to run even if the master node is temporarily unavailable.
+* An `agent` node only has a parent node.
+    * An `agent` node will either run its own configured checks or receive command execution events from the parent node.
+
+A client can be a secondary master, a satellite or an agent. It
+typically requests something from the primary master or parent node.
 
 The following sections will refer to these roles and explain the
 differences and the possibilities this kind of setup offers.
 
+> **Note**
+>
+> Previous versions of this documentation used the term `Icinga client`.
+> This has been refined into `Icinga agent` and is visible in the docs,
+> backends and web interfaces.
+
 **Tip**: If you just want to install a single master node that monitors several hosts
-(i.e. Icinga 2 clients), continue reading -- we'll start with
+(i.e. Icinga agents), continue reading -- we'll start with
 simple examples.
 In case you are planning a huge cluster setup with multiple levels and
-lots of clients, read on -- we'll deal with these cases later on.
+lots of satellites and agents, read on -- we'll deal with these cases later on.
 
 The installation on each system is the same: You need to install the
-[Icinga 2 package](02-getting-started.md#setting-up-icinga2) and the required [plugins](02-getting-started.md#setting-up-check-plugins).
+[Icinga 2 package](02-installation.md#setting-up-icinga2) and the required [plugins](02-installation.md#setting-up-check-plugins).
 
 The required configuration steps are mostly happening
 on the command line. You can also [automate the setup](06-distributed-monitoring.md#distributed-monitoring-automation).
@@ -48,23 +57,25 @@ The first thing you need learn about a distributed setup is the hierarchy of the
 The Icinga 2 hierarchy consists of so-called [zone](09-object-types.md#objecttype-zone) objects.
 Zones depend on a parent-child relationship in order to trust each other.
 
-![Icinga 2 Distributed Zones](images/distributed-monitoring/icinga2_distributed_zones.png)
+![Icinga 2 Distributed Zones](images/distributed-monitoring/icinga2_distributed_monitoring_zones.png)
 
 Have a look at this example for the `satellite` zones which have the `master` zone as a parent zone:
 
-    object Zone "master" {
-       //...
-    }
+```
+object Zone "master" {
+   //...
+}
 
-    object Zone "satellite region 1" {
-      parent = "master"
-      //...
-    }
+object Zone "satellite region 1" {
+  parent = "master"
+  //...
+}
 
-    object Zone "satellite region 2" {
-      parent = "master"
-      //...
-    }
+object Zone "satellite region 2" {
+  parent = "master"
+  //...
+}
+```
 
 There are certain limitations for child zones, e.g. their members are not allowed
 to send configuration commands to the parent zone members. Vice versa, the
@@ -72,43 +83,51 @@ trust hierarchy allows for example the `master` zone to send
 configuration files to the `satellite` zone. Read more about this
 in the [security section](06-distributed-monitoring.md#distributed-monitoring-security).
 
-`client` nodes also have their own unique zone. By convention you
-can use the FQDN for the zone name.
+`agent` nodes also have their own unique zone. By convention you
+must use the FQDN for the zone name.
 
 ## Endpoints <a id="distributed-monitoring-endpoints"></a>
 
 Nodes which are a member of a zone are so-called [Endpoint](09-object-types.md#objecttype-endpoint) objects.
 
-![Icinga 2 Distributed Endpoints](images/distributed-monitoring/icinga2_distributed_endpoints.png)
+![Icinga 2 Distributed Endpoints](images/distributed-monitoring/icinga2_distributed_monitoring_endpoints.png)
 
 Here is an example configuration for two endpoints in different zones:
 
-    object Endpoint "icinga2-master1.localdomain" {
-      host = "192.168.56.101"
-    }
+```
+object Endpoint "icinga2-master1.localdomain" {
+  host = "192.168.56.101"
+}
 
-    object Endpoint "icinga2-satellite1.localdomain" {
-      host = "192.168.56.105"
-    }
+object Endpoint "icinga2-satellite1.localdomain" {
+  host = "192.168.56.105"
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain" ]
-    }
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain" ]
+}
 
-    object Zone "satellite" {
-      endpoints = [ "icinga2-satellite1.localdomain" ]
-      parent = "master"
-    }
+object Zone "satellite" {
+  endpoints = [ "icinga2-satellite1.localdomain" ]
+  parent = "master"
+}
+```
 
 All endpoints in the same zone work as high-availability setup. For
 example, if you have two nodes in the `master` zone, they will load-balance the check execution.
 
 Endpoint objects are important for specifying the connection
-information, e.g. if the master should actively try to connect to a client.
+information, e.g. if the master should actively try to connect to an agent.
 
 The zone membership is defined inside the `Zone` object definition using
 the `endpoints` attribute with an array of `Endpoint` names.
 
+> **Note**
+>
+> There is a known [problem](https://github.com/Icinga/icinga2/issues/3533)
+> with >2 endpoints in a zone and a message routing loop.
+> The config validation will log a warning to let you know about this too.
+
 If you want to check the availability (e.g. ping checks) of the node
 you still need a [Host](09-object-types.md#objecttype-host) object.
 
@@ -116,8 +135,8 @@ you still need a [Host](09-object-types.md#objecttype-host) object.
 
 In case you are using the CLI commands later, you don't have to write
 this configuration from scratch in a text editor.
-The [ApiListener](09-object-types.md#objecttype-apilistener)
-object is used to load the SSL certificates and specify restrictions, e.g.
+The [ApiListener](09-object-types.md#objecttype-apilistener) object is
+used to load the TLS certificates and specify restrictions, e.g.
 for accepting configuration commands.
 
 It is also used for the [Icinga 2 REST API](12-icinga2-api.md#icinga2-api) which shares
@@ -129,7 +148,9 @@ and `accept_config` can be configured here.
 
 In order to use the `api` feature you need to enable it and restart Icinga 2.
 
-    icinga2 feature enable api
+```
+icinga2 feature enable api
+```
 
 ## Conventions <a id="distributed-monitoring-conventions"></a>
 
@@ -152,8 +173,10 @@ While there are certain mechanisms to ensure a secure communication between all
 nodes (firewalls, policies, software hardening, etc.), Icinga 2 also provides
 additional security:
 
-* SSL certificates are mandatory for communication between nodes. The CLI commands
-help you create those certificates.
+* TLS v1.2+ is required.
+* TLS cipher lists are hardened [by default](09-object-types.md#objecttype-apilistener).
+* TLS certificates are mandatory for communication between nodes. The CLI command wizards
+help you create these certificates.
 * Child zones only receive updates (check results, commands, etc.) for their configured objects.
 * Child zones are not allowed to push configuration updates to parent zones.
 * Zones cannot interfere with other zones and influence each other. Each checkable host or service object is assigned to **one zone** only.
@@ -165,32 +188,58 @@ The connection is secured by TLS. The message protocol uses an internal API,
 and as such message types and names may change internally and are not documented.
 
 Zones build the trust relationship in a distributed environment. If you do not specify
-a zone for a client and specify the parent zone, its zone members e.g. the master instance
-won't trust the client.
+a zone for an agent/satellite and specify the parent zone, its zone members e.g. the master instance
+won't trust the agent/satellite.
 
 Building this trust is key in your distributed environment. That way the parent node
 knows that it is able to send messages to the child zone, e.g. configuration objects,
 configuration in global zones, commands to be executed in this zone/for this endpoint.
 It also receives check results from the child zone for checkable objects (host/service).
 
-Vice versa, the client trusts the master and accepts configuration and commands if enabled
-in the api feature. If the client would send configuration to the parent zone, the parent nodes
-will deny it. The parent zone is the configuration entity, and does not trust clients in this matter.
-A client could attempt to modify a different client for example, or inject a check command
+Vice versa, the agent/satellite trusts the master and accepts configuration and commands if enabled
+in the api feature. If the agent/satellite would send configuration to the parent zone, the parent nodes
+will deny it. The parent zone is the configuration entity, and does not trust agents/satellites in this matter.
+An agent/satellite could attempt to modify a different agent/satellite for example, or inject a check command
 with malicious code.
 
-While it may sound complicated for client setups, it removes the problem with different roles
-and configurations for a master and a client. Both of them work the same way, are configured
+While it may sound complicated for agent/satellite setups, it removes the problem with different roles
+and configurations for a master and child nodes. Both of them work the same way, are configured
 in the same way (Zone, Endpoint, ApiListener), and you can troubleshoot and debug them in just one go.
 
+## Versions and Upgrade <a id="distributed-monitoring-versions-upgrade"></a>
+
+It generally is advised to use the newest releases with the same version on all instances.
+Prior to upgrading, make sure to plan a maintenance window.
+
+The Icinga project aims to allow the following compatibility:
+
+```
+master (2.11) >= satellite (2.10) >= agent (2.9)
+```
+
+Older agent versions may work, but there's no guarantee. Always keep in mind that
+older versions are out of support and can contain bugs.
+
+In terms of an upgrade, ensure that the master is upgraded first, then
+involved satellites, and last the Icinga agents. If you are on v2.10
+currently, first upgrade the master instance(s) to 2.11, and then proceed
+with the satellites. Things are getting easier with any sort of automation
+tool (Puppet, Ansible, etc.).
+
+Releases and new features may require you to upgrade master/satellite instances at once,
+this is highlighted in the [upgrading docs](16-upgrading-icinga-2.md#upgrading-icinga-2) if needed.
+One example is the CA Proxy and on-demand signing feature
+available since v2.8 where all involved instances need this version
+to function properly.
+
 ## Master Setup <a id="distributed-monitoring-setup-master"></a>
 
 This section explains how to install a central single master node using
 the `node wizard` command. If you prefer to do an automated installation, please
 refer to the [automated setup](06-distributed-monitoring.md#distributed-monitoring-automation) section.
 
-Install the [Icinga 2 package](02-getting-started.md#setting-up-icinga2) and setup
-the required [plugins](02-getting-started.md#setting-up-check-plugins) if you haven't done
+Install the [Icinga 2 package](02-installation.md#setting-up-icinga2) and setup
+the required [plugins](02-installation.md#setting-up-check-plugins) if you haven't done
 so already.
 
 **Note**: Windows is not supported for a master node setup.
@@ -212,9 +261,9 @@ The setup wizard will ensure that the following steps are taken:
 * Enable the `api` feature.
 * Generate a new certificate authority (CA) in `/var/lib/icinga2/ca` if it doesn't exist.
 * Create a certificate for this node signed by the CA key.
-* Update the [zones.conf](04-configuring-icinga-2.md#zones-conf) file with the new zone hierarchy.
-* Update the [ApiListener](06-distributed-monitoring.md#distributed-monitoring-apilistener) and [constants](04-configuring-icinga-2.md#constants-conf) configuration.
-* Update the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) to disable the `conf.d` inclusion, and add the `api-users.conf` file inclusion.
+* Update the [zones.conf](04-configuration.md#zones-conf) file with the new zone hierarchy.
+* Update the [ApiListener](06-distributed-monitoring.md#distributed-monitoring-apilistener) and [constants](04-configuration.md#constants-conf) configuration.
+* Update the [icinga2.conf](04-configuration.md#icinga2-conf) to disable the `conf.d` inclusion, and add the `api-users.conf` file inclusion.
 
 Here is an example of a master setup for the `icinga2-master1.localdomain` node on CentOS 7:
 
@@ -225,7 +274,7 @@ Welcome to the Icinga 2 Setup Wizard!
 
 We will guide you through all required configuration details.
 
-Please specify if this is a satellite/client setup ('n' installs a master setup) [Y/n]: n
+Please specify if this is a satellite/agent setup ('n' installs a master setup) [Y/n]: n
 
 Starting the Master setup routine...
 
@@ -255,9 +304,9 @@ Now restart your Icinga 2 daemon to finish the installation!
 ```
 
 You can verify that the CA public and private keys are stored in the `/var/lib/icinga2/ca` directory.
-Keep this path secure and include it in your [backups](02-getting-started.md#install-backup).
+Keep this path secure and include it in your [backups](02-installation.md#install-backup).
 
-In case you lose the CA private key you have to generate a new CA for signing new client
+In case you lose the CA private key you have to generate a new CA for signing new agent/satellite
 certificate requests. You then have to also re-create new signed certificates for all
 existing nodes.
 
@@ -276,7 +325,7 @@ and should be the same on all master instances.
 You can avoid signing and deploying certificates [manually](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-certificates-manual)
 by using built-in methods for auto-signing certificate signing requests (CSR):
 
-* [CSR Auto-Signing](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing) which uses a client ticket generated on the master as trust identifier.
+* [CSR Auto-Signing](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing) which uses a client (an agent or a satellite) ticket generated on the master as trust identifier.
 * [On-Demand CSR Signing](06-distributed-monitoring.md#distributed-monitoring-setup-on-demand-csr-signing) which allows to sign pending certificate requests on the master.
 
 Both methods are described in detail below.
@@ -287,20 +336,21 @@ Both methods are described in detail below.
 
 ### CSR Auto-Signing <a id="distributed-monitoring-setup-csr-auto-signing"></a>
 
-A client which sends a certificate signing request (CSR) must authenticate itself
-in a trusted way. The master generates a client ticket which is included in this request.
+A client can be a secondary master, a satellite or an agent. It sends a certificate signing request (CSR)
+and must authenticate itself in a trusted way. The master generates a client ticket which is included in this request.
 That way the master can verify that the request matches the previously trusted ticket
 and sign the request.
 
 > **Note**
 >
-> Icinga 2 v2.8 adds the possibility to forward signing requests on a satellite
-> to the master node. This helps with the setup of [three level clusters](#06-distributed-monitoring.md#distributed-monitoring-scenarios-master-satellite-client)
+> Icinga 2 v2.8 added the possibility to forward signing requests on a satellite
+> to the master node. This is called `CA Proxy` in blog posts and design drafts.
+> This functionality helps with the setup of [three level clusters](06-distributed-monitoring.md#distributed-monitoring-scenarios-master-satellite-agents)
 > and more.
 
 Advantages:
 
-* Nodes can be installed by different users who have received the client ticket.
+* Nodes (secondary master, satellites, agents) can be installed by different users who have received the client ticket.
 * No manual interaction necessary on the master node.
 * Automation tools like Puppet, Ansible, etc. can retrieve the pre-generated ticket in their client catalog
 and run the node setup directly.
@@ -310,42 +360,58 @@ Disadvantages:
 * Tickets need to be generated on the master and copied to client setup wizards.
 * No central signing management.
 
+#### CSR Auto-Signing: Preparation <a id="distributed-monitoring-setup-csr-auto-signing-preparation"></a>
 
-Setup wizards for satellite/client nodes will ask you for this specific client ticket.
+Prior to using this mode, ensure that the following steps are taken on
+the signing master:
+
+* The [master setup](06-distributed-monitoring.md#distributed-monitoring-setup-master) was run successfully. This includes:
+    * Generated a CA key pair
+    * Generated a private ticket salt stored in the `TicketSalt` constant, set as `ticket_salt` attribute inside the [api](09-object-types.md#objecttype-apilistener) feature.
+* Restart of the master instance.
+
+#### CSR Auto-Signing: On the master <a id="distributed-monitoring-setup-csr-auto-signing-master"></a>
+
+Setup wizards for agent/satellite nodes will ask you for this specific client ticket.
 
 There are two possible ways to retrieve the ticket:
 
 * [CLI command](11-cli-commands.md#cli-command-pki) executed on the master node.
 * [REST API](12-icinga2-api.md#icinga2-api) request against the master node.
 
+
 Required information:
 
   Parameter           | Description
   --------------------|--------------------
-  Common name (CN)    | **Required.** The common name for the satellite/client. By convention this should be the FQDN.
+  Common name (CN)    | **Required.** The common name for the agent/satellite. By convention this should be the FQDN.
 
-The following example shows how to generate a ticket on the master node `icinga2-master1.localdomain` for the client `icinga2-client1.localdomain`:
+The following example shows how to generate a ticket on the master node `icinga2-master1.localdomain` for the agent `icinga2-agent1.localdomain`:
 
-    [root@icinga2-master1.localdomain /]# icinga2 pki ticket --cn icinga2-client1.localdomain
+```
+[root@icinga2-master1.localdomain /]# icinga2 pki ticket --cn icinga2-agent1.localdomain
+```
 
 Querying the [Icinga 2 API](12-icinga2-api.md#icinga2-api) on the master requires an [ApiUser](12-icinga2-api.md#icinga2-api-authentication)
 object with at least the `actions/generate-ticket` permission.
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/conf.d/api-users.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/conf.d/api-users.conf
 
-    object ApiUser "client-pki-ticket" {
-      password = "bea11beb7b810ea9ce6ea" //change this
-      permissions = [ "actions/generate-ticket" ]
-    }
+object ApiUser "client-pki-ticket" {
+  password = "bea11beb7b810ea9ce6ea" //change this
+  permissions = [ "actions/generate-ticket" ]
+}
 
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
 
 Retrieve the ticket on the master node `icinga2-master1.localdomain` with `curl`, for example:
 
-     [root@icinga2-master1.localdomain /]# curl -k -s -u client-pki-ticket:bea11beb7b810ea9ce6ea -H 'Accept: application/json' \
-     -X POST 'https://localhost:5665/v1/actions/generate-ticket' -d '{ "cn": "icinga2-client1.localdomain" }'
+ [root@icinga2-master1.localdomain /]# curl -k -s -u client-pki-ticket:bea11beb7b810ea9ce6ea -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/generate-ticket' -d '{ "cn": "icinga2-agent1.localdomain" }'
+```
 
-Store that ticket number for the satellite/client setup below.
+Store that ticket number for the [agent/satellite setup](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite) below.
 
 > **Note**
 >
@@ -354,12 +420,14 @@ Store that ticket number for the satellite/client setup below.
 > to the authorized Puppet agent node which will invoke the
 > [automated setup steps](06-distributed-monitoring.md#distributed-monitoring-automation-cli-node-setup).
 
+
 ### On-Demand CSR Signing <a id="distributed-monitoring-setup-on-demand-csr-signing"></a>
 
-Icinga 2 v2.8 adds the possibility to sign certificates from clients without
-requiring a client ticket for auto-signing.
+The client can be a secondary master, satellite or agent.
+It sends a certificate signing request to specified parent node without any
+ticket. The admin on the primary master is responsible for reviewing and signing the requests
+with the private CA key.
 
-Instead, the client sends a certificate signing request to specified parent node.
 This could either be directly the master, or a satellite which forwards the request
 to the signing master.
 
@@ -373,16 +441,34 @@ Disadvantages:
 * Asynchronous step for automated deployments.
 * Needs client verification on the master.
 
+#### On-Demand CSR Signing: Preparation <a id="distributed-monitoring-setup-on-demand-csr-signing-preparation"></a>
 
-You can list certificate requests by using the `ca list` CLI command. This also shows
-which requests already have been signed.
+Prior to using this mode, ensure that the following steps are taken on
+the signing master:
+
+* The [master setup](06-distributed-monitoring.md#distributed-monitoring-setup-master) was run successfully. This includes:
+    * Generated a CA key pair
+* Restart of the master instance.
+
+#### On-Demand CSR Signing: On the master <a id="distributed-monitoring-setup-on-demand-csr-signing-master"></a>
+
+You can list pending certificate signing requests with the `ca list` CLI command.
 
 ```
 [root@icinga2-master1.localdomain /]# icinga2 ca list
 Fingerprint                                                      | Timestamp           | Signed | Subject
 -----------------------------------------------------------------|---------------------|--------|--------
-403da5b228df384f07f980f45ba50202529cded7c8182abf96740660caa09727 | 2017/09/06 17:02:40 | *      | CN = icinga2-client1.localdomain
-71700c28445109416dd7102038962ac3fd421fbb349a6e7303b6033ec1772850 | 2017/09/06 17:20:02 |        | CN = icinga2-client2.localdomain
+71700c28445109416dd7102038962ac3fd421fbb349a6e7303b6033ec1772850 | 2017/09/06 17:20:02 |        | CN = icinga2-agent2.localdomain
+```
+
+In order to show all requests, use the `--all` parameter.
+
+```
+[root@icinga2-master1.localdomain /]# icinga2 ca list --all
+Fingerprint                                                      | Timestamp           | Signed | Subject
+-----------------------------------------------------------------|---------------------|--------|--------
+403da5b228df384f07f980f45ba50202529cded7c8182abf96740660caa09727 | 2017/09/06 17:02:40 | *      | CN = icinga2-agent1.localdomain
+71700c28445109416dd7102038962ac3fd421fbb349a6e7303b6033ec1772850 | 2017/09/06 17:20:02 |        | CN = icinga2-agent2.localdomain
 ```
 
 **Tip**: Add `--json` to the CLI command to retrieve the details in JSON format.
@@ -392,57 +478,78 @@ and pass its fingerprint as argument.
 
 ```
 [root@icinga2-master1.localdomain /]# icinga2 ca sign 71700c28445109416dd7102038962ac3fd421fbb349a6e7303b6033ec1772850
-information/cli: Signed certificate for 'CN = icinga2-client2.localdomain'.
+information/cli: Signed certificate for 'CN = icinga2-agent2.localdomain'.
 ```
 
-## Client/Satellite Setup <a id="distributed-monitoring-setup-satellite-client"></a>
+> **Note**
+>
+> `ca list` cannot be used as historical inventory. Certificate
+> signing requests older than 1 week are automatically deleted.
 
-This section describes the setup of a satellite and/or client connected to an
+You can also remove an undesired CSR using the `ca remove` command using the
+syntax as the `ca sign` command.
+
+```
+[root@pym ~]# icinga2 ca remove 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e
+information/cli: Certificate 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e removed.
+```
+If you want to restore a certificate you have removed, you can use `ca restore`.
+
+<!-- Keep this for compatibility -->
+<a id="distributed-monitoring-setup-satellite-client"></a>
+
+## Agent/Satellite Setup <a id="distributed-monitoring-setup-agent-satellite"></a>
+
+This section describes the setup of an agent or satellite connected to an
 existing master node setup. If you haven't done so already, please [run the master setup](06-distributed-monitoring.md#distributed-monitoring-setup-master).
 
 Icinga 2 on the master node must be running and accepting connections on port `5665`.
 
+<!-- Keep this for compatibility -->
+<a id="distributed-monitoring-setup-client-linux"></a>
 
-### Client/Satellite Setup on Linux <a id="distributed-monitoring-setup-client-linux"></a>
+### Agent/Satellite Setup on Linux <a id="distributed-monitoring-setup-agent-satellite-linux"></a>
 
-Please ensure that you've run all the steps mentioned in the [client/satellite section](06-distributed-monitoring.md#distributed-monitoring-setup-satellite-client).
+Please ensure that you've run all the steps mentioned in the [agent/satellite section](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite).
 
-Install the [Icinga 2 package](02-getting-started.md#setting-up-icinga2) and setup
-the required [plugins](02-getting-started.md#setting-up-check-plugins) if you haven't done
+Install the [Icinga 2 package](02-installation.md#setting-up-icinga2) and setup
+the required [plugins](02-installation.md#setting-up-check-plugins) if you haven't done
 so already.
 
 The next step is to run the `node wizard` CLI command.
 
-In this example we're generating a ticket on the master node `icinga2-master1.localdomain` for the client `icinga2-client1.localdomain`:
+In this example we're generating a ticket on the master node `icinga2-master1.localdomain` for the agent `icinga2-agent1.localdomain`:
 
-    [root@icinga2-master1.localdomain /]# icinga2 pki ticket --cn icinga2-client1.localdomain
-    4f75d2ecd253575fe9180938ebff7cbca262f96e
+```
+[root@icinga2-master1.localdomain /]# icinga2 pki ticket --cn icinga2-agent1.localdomain
+4f75d2ecd253575fe9180938ebff7cbca262f96e
+```
 
 Note: You don't need this step if you have chosen to use [On-Demand CSR Signing](06-distributed-monitoring.md#distributed-monitoring-setup-on-demand-csr-signing).
 
-Start the wizard on the client `icinga2-client1.localdomain`:
+Start the wizard on the agent `icinga2-agent1.localdomain`:
 
 ```
-[root@icinga2-client1.localdomain /]# icinga2 node wizard
+[root@icinga2-agent1.localdomain /]# icinga2 node wizard
 
 Welcome to the Icinga 2 Setup Wizard!
 
 We will guide you through all required configuration details.
 ```
 
-Press `Enter` or add `y` to start a satellite or client setup.
+Press `Enter` or add `y` to start a satellite or agent setup.
 
 ```
-Please specify if this is a satellite/client setup ('n' installs a master setup) [Y/n]:
+Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]:
 ```
 
 Press `Enter` to use the proposed name in brackets, or add a specific common name (CN). By convention
 this should be the FQDN.
 
 ```
-Starting the Client/Satellite setup routine...
+Starting the Agent/Satellite setup routine...
 
-Please specify the common name (CN) [icinga2-client1.localdomain]: icinga2-client1.localdomain
+Please specify the common name (CN) [icinga2-agent1.localdomain]: icinga2-agent1.localdomain
 ```
 
 Specify the direct parent for this node. This could be your primary master `icinga2-master1.localdomain`
@@ -505,7 +612,7 @@ Proceed with adding the optional client ticket for [CSR auto-signing](06-distrib
 
 ```
 Please specify the request ticket generated on your Icinga 2 master (optional).
- (Hint: # icinga2 pki ticket --cn 'icinga2-client1.localdomain'):
+ (Hint: # icinga2 pki ticket --cn 'icinga2-agent1.localdomain'):
 4f75d2ecd253575fe9180938ebff7cbca262f96e
 ```
 
@@ -541,10 +648,10 @@ in the generated zone configuration file.
 Set the local zone name to something else, if you are installing a satellite or secondary master instance.
 
 ```
-Local zone name [icinga2-client1.localdomain]:
+Local zone name [icinga2-agent1.localdomain]:
 ```
 
-Set the parent zone name to something else than `master` if this client connects to a satellite instance instead of the master.
+Set the parent zone name to something else than `master` if this agents connects to a satellite instance instead of the master.
 
 ```
 Parent zone name [master]:
@@ -561,7 +668,7 @@ Do you want to specify additional global zones? [y/N]: N
 ```
 
 Last but not least the wizard asks you whether you want to disable the inclusion of the local configuration
-directory in `conf.d`, or not. Defaults to disabled, as clients either are checked via command endpoint, or
+directory in `conf.d`, or not. Defaults to disabled, as agents either are checked via command endpoint, or
 they receive configuration synced from the parent zone.
 
 ```
@@ -589,7 +696,7 @@ Now restart your Icinga 2 daemon to finish the installation!
 Restart Icinga 2 as requested.
 
 ```
-[root@icinga2-client1.localdomain /]# systemctl restart icinga2
+[root@icinga2-agent1.localdomain /]# systemctl restart icinga2
 ```
 
 Here is an overview of all parameters in detail:
@@ -599,8 +706,8 @@ Here is an overview of all parameters in detail:
   Common name (CN)    | **Required.** By convention this should be the host's FQDN. Defaults to the FQDN.
   Master common name  | **Required.** Use the common name you've specified for your master node before.
   Establish connection to the parent node | **Optional.** Whether the node should attempt to connect to the parent node or not. Defaults to `y`.
-  Master/Satellite endpoint host | **Required if the the client needs to connect to the master/satellite.** The parent endpoint's IP address or FQDN. This information is included in the `Endpoint` object configuration in the `zones.conf` file.
-  Master/Satellite endpoint port | **Optional if the the client needs to connect to the master/satellite.** The parent endpoints's listening port. This information is included in the `Endpoint` object configuration.
+  Master/Satellite endpoint host | **Required if the the agent needs to connect to the master/satellite.** The parent endpoint's IP address or FQDN. This information is included in the `Endpoint` object configuration in the `zones.conf` file.
+  Master/Satellite endpoint port | **Optional if the the agent needs to connect to the master/satellite.** The parent endpoints's listening port. This information is included in the `Endpoint` object configuration.
   Add more master/satellite endpoints | **Optional.** If you have multiple master/satellite nodes configured, add them here.
   Parent Certificate information | **Required.** Verify that the connecting host really is the requested master node.
   Request ticket      | **Optional.** Add the [ticket](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing) generated on the master.
@@ -608,8 +715,8 @@ Here is an overview of all parameters in detail:
   API bind port       | **Optional.** Allows to specify the port the ApiListener is bound to. For advanced usage only (requires changing the default port 5665 everywhere).
   Accept config       | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this defaults to `n`.
   Accept commands     | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this defaults to `n`.
-  Local zone name     | **Optional.** Allows to specify the name for the local zone. This comes in handy when this instance is a satellite, not a client. Defaults to the FQDN.
-  Parent zone name    | **Optional.** Allows to specify the name for the parent zone. This is important if the client has a satellite instance as parent, not the master. Defaults to `master`.
+  Local zone name     | **Optional.** Allows to specify the name for the local zone. This comes in handy when this instance is a satellite, not an agent. Defaults to the FQDN.
+  Parent zone name    | **Optional.** Allows to specify the name for the parent zone. This is important if the agent has a satellite instance as parent, not the master. Defaults to `master`.
   Global zones        | **Optional.** Allows to specify more global zones in addition to `global-templates` and `director-global`. Defaults to `n`.
   Disable conf.d      | **Optional.** Allows to disable the inclusion of the `conf.d` directory which holds local example configuration. Clients should retrieve their configuration from the parent node, or act as command endpoint execution bridge. Defaults to `y`.
 
@@ -619,7 +726,7 @@ The setup wizard will ensure that the following steps are taken:
 * Create a certificate signing request (CSR) for the local node.
 * Request a signed certificate i(optional with the provided ticket number) on the master node.
 * Allow to verify the parent node's certificate.
-* Store the signed client certificate and ca.crt in `/var/lib/icinga2/certs`.
+* Store the signed agent/satellite certificate and ca.crt in `/var/lib/icinga2/certs`.
 * Update the `zones.conf` file with the new zone hierarchy.
 * Update `/etc/icinga2/features-enabled/api.conf` (`accept_config`, `accept_commands`) and `constants.conf`.
 * Update `/etc/icinga2/icinga2.conf` and comment out `include_recursive "conf.d"`.
@@ -628,45 +735,44 @@ You can verify that the certificate files are stored in the `/var/lib/icinga2/ce
 
 > **Note**
 >
-> The certificate location changed in v2.8 to `/var/lib/icinga2/certs`. Please read the [upgrading chapter](16-upgrading-icinga-2.md#upgrading-to-2-8-certificate-paths)
-> for more details.
-
-> **Note**
->
-> If the client is not directly connected to the certificate signing master,
-> signing requests and responses might need some minutes to fully update the client certificates.
+> If the agent is not directly connected to the certificate signing master,
+> signing requests and responses might need some minutes to fully update the agent certificates.
 >
 > If you have chosen to use [On-Demand CSR Signing](06-distributed-monitoring.md#distributed-monitoring-setup-on-demand-csr-signing)
 > certificates need to be signed on the master first. Ticket-less setups require at least Icinga 2 v2.8+ on all involved instances.
 
-Now that you've successfully installed a Linux/Unix satellite/client instance, please proceed to
+Now that you've successfully installed a Linux/Unix agent/satellite instance, please proceed to
 the [configuration modes](06-distributed-monitoring.md#distributed-monitoring-configuration-modes).
 
 
+<!-- Keep this for compatibility -->
+<a id="distributed-monitoring-setup-client-windows"></a>
 
-### Client Setup on Windows <a id="distributed-monitoring-setup-client-windows"></a>
+### Agent Setup on Windows <a id="distributed-monitoring-setup-agent-windows"></a>
 
-Download the MSI-Installer package from [https://packages.icinga.com/windows/](https://packages.icinga.com/windows/).
+The supported Windows agent versions are listed [here](https://icinga.com/subscription/support-details/).
 
 Requirements:
 
-* Windows Vista/Server 2008 or higher
-* Versions older than Windows 10/Server 2016 require the [Universal C Runtime for Windows](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows)
-* [Microsoft .NET Framework 2.0](https://www.microsoft.com/de-de/download/details.aspx?id=1639) for the setup wizard
+* [Microsoft .NET Framework 4.6](https://www.microsoft.com/en-US/download/details.aspx?id=53344) or higher. This is the default on Windows Server 2016 or later.
+* [Universal C Runtime for Windows](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) for Windows Server 2012 and older.
 
-The installer package includes the [NSClient++](https://www.nsclient.org/) package
-so that Icinga 2 can use its built-in plugins. You can find more details in
-[this chapter](06-distributed-monitoring.md#distributed-monitoring-windows-nscp).
-The Windows package also installs native [monitoring plugin binaries](06-distributed-monitoring.md#distributed-monitoring-windows-plugins)
+#### Agent Setup on Windows: Installer <a id="distributed-monitoring-setup-agent-windows-installer"></a>
+
+Download the MSI-Installer package from [https://packages.icinga.com/windows/](https://packages.icinga.com/windows/).
+The preferred flavor is `x86_64` for modern Windows systems.
+
+The Windows package provides native [monitoring plugin binaries](06-distributed-monitoring.md#distributed-monitoring-windows-plugins)
 to get you started more easily.
+The installer package also includes the [NSClient++](https://www.nsclient.org/) package
+to allow using its built-in plugins. You can find more details in
+[this chapter](06-distributed-monitoring.md#distributed-monitoring-windows-nscp).
 
 > **Note**
 >
-> Please note that Icinga 2 was designed to run as light-weight client on Windows.
+> Please note that Icinga 2 was designed to run as light-weight agent on Windows.
 > There is no support for satellite instances.
 
-#### Windows Client Setup Start <a id="distributed-monitoring-setup-client-windows-start"></a>
-
 Run the MSI-Installer package and follow the instructions shown in the screenshots.
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_installer_01.png)
@@ -675,12 +781,14 @@ Run the MSI-Installer package and follow the instructions shown in the screensho
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_installer_04.png)
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_installer_05.png)
 
-The graphical installer offers to run the Icinga 2 setup wizard after the installation. Select
-the check box to proceed.
+The graphical installer offers to run the [Icinga Agent setup wizard](06-distributed-monitoring.md#distributed-monitoring-setup-agent-windows-configuration-wizard)
+after the installation. Select the check box to proceed.
 
 > **Tip**
 >
-> You can also run the Icinga 2 setup wizard from the Start menu later.
+> You can also run the Icinga agent setup wizard from the Start menu later.
+
+#### Agent Setup on Windows: Configuration Wizard <a id="distributed-monitoring-setup-agent-windows-configuration-wizard"></a>
 
 On a fresh installation the setup wizard guides you through the initial configuration.
 It also provides a mechanism to send a certificate request to the [CSR signing master](distributed-monitoring-setup-sign-certificates-master).
@@ -700,7 +808,7 @@ Add the following details:
 
   Parameter                      | Description
   -------------------------------|-------------------------------
-  Instance name                  | **Required.** The master/satellite endpoint name where this client is a direct child of.
+  Instance name                  | **Required.** The master/satellite endpoint name where this agent is a direct child of.
   Master/Satellite endpoint host | **Required.** The master or satellite's IP address or FQDN. This information is included in the `Endpoint` object configuration in the `zones.conf` file.
   Master/Satellite endpoint port | **Optional.** The master or satellite's listening port. This information is included in the `Endpoint` object configuration.
 
@@ -712,12 +820,13 @@ When needed you can add an additional global zone (the zones `global-templates`
 
 Optionally enable the following settings:
 
-  Parameter                         | Description
-  ----------------------------------|----------------------------------
-  Accept config                     | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this is disabled by default.
-  Accept commands                   | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this is disabled by default.
-  Run Icinga 2 service as this user | **Optional.** Specify a different Windows user. This defaults to `NT AUTHORITY\Network Service` and is required for more privileged service checks.
-  Install NSClient++                | **Optional.** The Windows installer bundles the NSClient++ installer for additional [plugin checks](06-distributed-monitoring.md#distributed-monitoring-windows-nscp).
+  Parameter                                               | Description
+  --------------------------------------------------------|----------------------------------
+  Accept commands from master/satellite instance(s)       | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this is disabled by default.
+  Accept config updates from master/satellite instance(s) | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this is disabled by default.
+  Run Icinga 2 service as this user                       | **Optional.** Specify a different Windows user. This defaults to `NT AUTHORITY\Network Service` and is required for more privileged service checks.
+  Install/Update bundled NSClient++                       | **Optional.** The Windows installer bundles the NSClient++ installer for additional [plugin checks](06-distributed-monitoring.md#distributed-monitoring-windows-nscp).
+  Disable including local 'conf.d' directory              | **Optional.** Allows to disable the `include_recursive "conf.d"` directive except for the `api-users.conf` file in the `icinga2.conf` file. Defaults to `true`.
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_03.png)
 
@@ -726,7 +835,7 @@ Verify the certificate from the master/satellite instance where this node should
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_04.png)
 
 
-#### Bundled NSClient++ Setup <a id="distributed-monitoring-setup-client-windows-nsclient"></a>
+#### Bundled NSClient++ Setup <a id="distributed-monitoring-setup-agent-windows-nsclient"></a>
 
 If you have chosen to install/update the NSClient++ package, the Icinga 2 setup wizard asks
 you to do so.
@@ -764,7 +873,7 @@ The NSClient++ REST API can be used to query metrics. [check_nscp_api](06-distri
 uses this transport method.
 
 
-#### Finish Windows Client Setup <a id="distributed-monitoring-setup-client-windows-finish"></a>
+#### Finish Windows Agent Setup <a id="distributed-monitoring-setup-agent-windows-finish"></a>
 
 Finish the Windows setup wizard.
 
@@ -774,11 +883,6 @@ If you did not provide a setup ticket, you need to sign the certificate request
 The setup wizards tells you to do so. The Icinga 2 service is running at this point already
 and will automatically receive and update a signed client certificate.
 
-> **Note**
->
-> Ticket-less setups require at least Icinga 2 v2.8+ on all involved instances.
-
-
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_no_ticket.png)
 
 Icinga 2 is automatically started as a Windows service.
@@ -790,35 +894,22 @@ Click `Examine Config` in the setup wizard to open a new Explorer window.
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_examine_config.png)
 
-The configuration files can be modified with your favorite editor e.g. Notepad.
+The configuration files can be modified with your favorite editor e.g. Notepad++ or vim in Powershell (via chocolatey).
 
-In order to use the [top down](06-distributed-monitoring.md#distributed-monitoring-top-down) client
+In order to use the [top down](06-distributed-monitoring.md#distributed-monitoring-top-down) agent
 configuration prepare the following steps.
 
-Add a [global zone](06-distributed-monitoring.md#distributed-monitoring-global-zone-config-sync)
-for syncing check commands later. Navigate to `C:\ProgramData\icinga2\etc\icinga2` and open
-the `zones.conf` file in your preferred editor. Add the following lines if not existing already:
-
-```
-object Zone "global-templates" {
-  global = true
-}
-```
-
-> **Note:**
->
-> Packages >= 2.8 provide this configuration by default.
-
-You don't need any local configuration on the client except for
+You don't need any local configuration on the agent except for
 CheckCommand definitions which can be synced using the global zone
 above. Therefore disable the inclusion of the `conf.d` directory
 in the `icinga2.conf` file.
+
 Navigate to `C:\ProgramData\icinga2\etc\icinga2` and open
 the `icinga2.conf` file in your preferred editor. Remove or comment (`//`)
 the following line:
 
 ```
-// Commented out, not required on a client with top down mode
+// Commented out, not required on an agent with top down mode
 //include_recursive "conf.d"
 ```
 
@@ -827,29 +918,30 @@ the following line:
 > Packages >= 2.9 provide an option in the setup wizard to disable this.
 > Defaults to disabled.
 
-Validate the configuration on Windows open an administrator terminal
+Validate the configuration on Windows open an administrative Powershell
 and run the following command:
 
 ```
-C:\WINDOWS\system32>cd "C:\Program Files\ICINGA2\sbin"
-C:\Program Files\ICINGA2\sbin>icinga2.exe daemon -C
+C:\> cd C:\Program Files\ICINGA2\sbin
+
+C:\Program Files\ICINGA2\sbin> .\icinga2.exe daemon -C
 ```
 
 **Note**: You have to run this command in a shell with `administrator` privileges.
 
-Now you need to restart the Icinga 2 service. Run `services.msc` from the start menu
-and restart the `icinga2` service. Alternatively, you can use the `net {start,stop}` CLI commands.
+Now you need to restart the Icinga 2 service. Run `services.msc` from the start menu and restart the `icinga2` service.
+Alternatively open an administrative Powershell and run the following commands:
 
-![Icinga 2 Windows Service Start/Stop](images/distributed-monitoring/icinga2_windows_cmd_admin_net_start_stop.png)
+```
+C:\> Restart-Service icinga2
 
-Now that you've successfully installed a Windows client, please proceed to
+C:\> Get-Service icinga2
+```
+
+
+Now that you've successfully installed a Windows agent, please proceed to
 the [detailed configuration modes](06-distributed-monitoring.md#distributed-monitoring-configuration-modes).
 
-> **Note**
->
-> The certificate location changed in v2.8 to `%ProgramData%\var\lib\icinga2\certs`.
-> Please read the [upgrading chapter](16-upgrading-icinga-2.md#upgrading-to-2-8-certificate-paths)
-> for more details.
 
 ## Configuration Modes <a id="distributed-monitoring-configuration-modes"></a>
 
@@ -857,19 +949,19 @@ There are different ways to ensure that the Icinga 2 cluster nodes execute
 checks, send notifications, etc.
 
 The preferred method is to configure monitoring objects on the master
-and distribute the configuration to satellites and clients.
+and distribute the configuration to satellites and agents.
 
-The following chapters will explain this in detail with hands-on manual configuration
+The following chapters explain this in detail with hands-on manual configuration
 examples. You should test and implement this once to fully understand how it works.
 
 Once you are familiar with Icinga 2 and distributed monitoring, you
 can start with additional integrations to manage and deploy your
 configuration:
 
-* [Icinga Director](https://github.com/icinga/icingaweb2-module-director) provides a web interface to manage configuration and also allows to sync imported resources (CMDB, PuppetDB, etc.)
-* [Ansible Roles](https://github.com/Icinga/icinga2-ansible)
-* [Puppet Module](https://github.com/Icinga/puppet-icinga2)
-* [Chef Cookbook](https://github.com/Icinga/chef-icinga2)
+* [Icinga Director](https://icinga.com/docs/director/latest/) provides a web interface to manage configuration and also allows to sync imported resources (CMDB, PuppetDB, etc.)
+* [Ansible Roles](https://icinga.com/products/integrations/)
+* [Puppet Module](https://icinga.com/products/integrations/puppet/)
+* [Chef Cookbook](https://icinga.com/products/integrations/chef/)
 
 More details can be found [here](13-addons.md#configuration-tools).
 
@@ -880,24 +972,24 @@ There are two different behaviors with check execution:
 * Send a command execution event remotely: The scheduler still runs on the parent node.
 * Sync the host/service objects directly to the child node: Checks are executed locally.
 
-Again, technically it does not matter whether this is a `client` or a `satellite`
+Again, technically it does not matter whether this is an `agent` or a `satellite`
 which is receiving configuration or command execution events.
 
 ### Top Down Command Endpoint <a id="distributed-monitoring-top-down-command-endpoint"></a>
 
-This mode will force the Icinga 2 node to execute commands remotely on a specified endpoint.
-The host/service object configuration is located on the master/satellite and the client only
-needs the CheckCommand object definitions being used there.
+This mode forces the Icinga 2 node to execute commands remotely on a specified endpoint.
+The host/service object configuration is located on the master/satellite and the agent only
+needs the CheckCommand object definitions available.
 
 Every endpoint has its own remote check queue. The amount of checks executed simultaneously
-can be limited on the endpoint with the `MaxConcurrentChecks` constant defined in [constants.conf](04-configuring-icinga-2.md#constants-conf). Icinga 2 may discard check requests,
+can be limited on the endpoint with the `MaxConcurrentChecks` constant defined in [constants.conf](04-configuration.md#constants-conf). Icinga 2 may discard check requests,
 if the remote check queue is full.
 
-![Icinga 2 Distributed Top Down Command Endpoint](images/distributed-monitoring/icinga2_distributed_top_down_command_endpoint.png)
+![Icinga 2 Distributed Top Down Command Endpoint](images/distributed-monitoring/icinga2_distributed_monitoring_agent_checks_command_endpoint.png)
 
 Advantages:
 
-* No local checks need to be defined on the child node (client).
+* No local checks need to be defined on the child node (agent).
 * Light-weight remote check execution (asynchronous events).
 * No [replay log](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-command-endpoint-log-duration) is necessary for the child node.
 * Pin checks to specific endpoints (if the child zone consists of 2 endpoints).
@@ -913,65 +1005,55 @@ commands, you need to configure the `Zone` and `Endpoint` hierarchy
 on all nodes.
 
 * `icinga2-master1.localdomain` is the configuration master in this scenario.
-* `icinga2-client1.localdomain` acts as client which receives command execution messages via command endpoint from the master. In addition, it receives the global check command configuration from the master.
+* `icinga2-agent1.localdomain` acts as agent which receives command execution messages via command endpoint from the master. In addition, it receives the global check command configuration from the master.
 
 Include the endpoint and zone configuration on **both** nodes in the file `/etc/icinga2/zones.conf`.
 
 The endpoint configuration could look like this, for example:
 
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
-
-    object Endpoint "icinga2-master1.localdomain" {
-      host = "192.168.56.101"
-    }
-
-    object Endpoint "icinga2-client1.localdomain" {
-      host = "192.168.56.111"
-    }
-
-Next, you need to define two zones. There is no naming convention, best practice is to either use `master`, `satellite`/`client-fqdn` or to choose region names for example `Europe`, `USA` and `Asia`, though.
-
-**Note**: Each client requires its own zone and endpoint configuration. Best practice
-is to use the client's FQDN for all object names.
-
-The `master` zone is a parent of the `icinga2-client1.localdomain` zone:
-
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
-
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain" ] //array with endpoint names
-    }
-
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
-
-      parent = "master" //establish zone hierarchy
-    }
-
-In addition, add a [global zone](06-distributed-monitoring.md#distributed-monitoring-global-zone-config-sync)
-for syncing check commands later:
-
 ```
-[root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/zones.conf
 
-object Zone "global-templates" {
-  global = true
+object Endpoint "icinga2-master1.localdomain" {
+  host = "192.168.56.101"
+}
+
+object Endpoint "icinga2-agent1.localdomain" {
+  host = "192.168.56.111"
+  log_duration = 0 // Disable the replay log for command endpoint agents
 }
 ```
 
-> **Note:**
->
-> Packages >= 2.8 provide this configuration by default.
+Next, you need to define two zones. There is no naming convention, best practice is to either use `master`, `satellite`/`agent-fqdn` or to choose region names for example `Europe`, `USA` and `Asia`, though.
 
-You don't need any local configuration on the client except for
+**Note**: Each agent requires its own zone and endpoint configuration. Best practice
+is to use the agent's FQDN for all object names.
+
+The `master` zone is a parent of the `icinga2-agent1.localdomain` zone:
+
+```
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/zones.conf
+
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain" ] //array with endpoint names
+}
+
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
+
+  parent = "master" //establish zone hierarchy
+}
+```
+
+You don't need any local configuration on the agent except for
 CheckCommand definitions which can be synced using the global zone
 above. Therefore disable the inclusion of the `conf.d` directory
 in `/etc/icinga2/icinga2.conf`.
 
 ```
-[root@icinga2-client1.localdomain /]# vim /etc/icinga2/icinga2.conf
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/icinga2.conf
 
-// Commented out, not required on a client as command endpoint
+// Commented out, not required on an agent as command endpoint
 //include_recursive "conf.d"
 ```
 
@@ -980,93 +1062,102 @@ in `/etc/icinga2/icinga2.conf`.
 > Packages >= 2.9 provide an option in the setup wizard to disable this.
 > Defaults to disabled.
 
-Edit the `api` feature on the client `icinga2-client1.localdomain` in
-the `/etc/icinga2/features-enabled/api.conf` file and make sure to set
-`accept_commands` and `accept_config` to `true`:
-
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/features-enabled/api.conf
-
-    object ApiListener "api" {
-       //...
-       accept_commands = true
-       accept_config = true
-    }
-
 Now it is time to validate the configuration and to restart the Icinga 2 daemon
 on both nodes.
 
 Example on CentOS 7:
 
-    [root@icinga2-client1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-client1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-agent1.localdomain /]# icinga2 daemon -C
+[root@icinga2-agent1.localdomain /]# systemctl restart icinga2
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
-Once the clients have successfully connected, you are ready for the next step: **execute
-a remote check on the client using the command endpoint**.
+Once the agents have successfully connected, you are ready for the next step: **execute
+a remote check on the agent using the command endpoint**.
 
 Include the host and service object configuration in the `master` zone
 -- this will help adding a secondary master for high-availability later.
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+```
 
 Add the host and service objects you want to monitor. There is
 no limitation for files and directories -- best practice is to
 sort things by type.
 
-By convention a master/satellite/client host object should use the same name as the endpoint object.
-You can also add multiple hosts which execute checks against remote services/clients.
+By convention a master/satellite/agent host object should use the same name as the endpoint object.
+You can also add multiple hosts which execute checks against remote services/agents.
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+The following example adds the `agent_endpoint` custom variable to the
+host and stores its name (FQDN). _Versions older than 2.11
+used the `client_endpoint` custom variable._
 
-    object Host "icinga2-client1.localdomain" {
-      check_command = "hostalive" //check is executed on the master
-      address = "192.168.56.111"
+This custom variable serves two purposes: 1) Service apply rules can match against it.
+2) Apply rules can retrieve its value and assign it to the `command_endpoint` attribute.
 
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-    }
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
 
-Given that you are monitoring a Linux client, we'll add a remote [disk](10-icinga-template-library.md#plugin-check-command-disk)
+object Host "icinga2-agent1.localdomain" {
+  check_command = "hostalive" //check is executed on the master
+  address = "192.168.56.111"
+
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+}
+```
+
+Given that you are monitoring a Linux agent, add a remote [disk](10-icinga-template-library.md#plugin-check-command-disk)
 check.
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
 
-    apply Service "disk" {
-      check_command = "disk"
+apply Service "disk" {
+  check_command = "disk"
 
-      //specify where the check is executed
-      command_endpoint = host.vars.client_endpoint
+  // Specify the remote agent as command execution endpoint, fetch the host custom variable
+  command_endpoint = host.vars.agent_endpoint
 
-      assign where host.vars.client_endpoint
-    }
+  // Only assign where a host is marked as agent endpoint
+  assign where host.vars.agent_endpoint
+}
+```
 
 If you have your own custom `CheckCommand` definition, add it to the global zone:
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/global-templates
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/global-templates/commands.conf
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/global-templates
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/global-templates/commands.conf
 
-    object CheckCommand "my-cmd" {
-      //...
-    }
+object CheckCommand "my-cmd" {
+  //...
+}
+```
 
 Save the changes and validate the configuration on the master node:
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+```
 Restart the Icinga 2 daemon (example for CentOS 7):
 
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
 The following steps will happen:
 
 * Icinga 2 validates the configuration on `icinga2-master1.localdomain` and restarts.
 * The `icinga2-master1.localdomain` node schedules and executes the checks.
-* The `icinga2-client1.localdomain` node receives the execute command event with additional command parameters.
-* The `icinga2-client1.localdomain` node maps the command parameters to the local check command, executes the check locally, and sends back the check result message.
+* The `icinga2-agent1.localdomain` node receives the execute command event with additional command parameters.
+* The `icinga2-agent1.localdomain` node maps the command parameters to the local check command, executes the check locally, and sends back the check result message.
 
-As you can see, no interaction from your side is required on the client itself, and it's not necessary to reload the Icinga 2 service on the client.
+As you can see, no interaction from your side is required on the agent itself, and it's not necessary to reload the Icinga 2 service on the agent.
 
 You have learned the basics about command endpoint checks. Proceed with
 the [scenarios](06-distributed-monitoring.md#distributed-monitoring-scenarios)
@@ -1080,7 +1171,7 @@ It comes in handy if you want to configure everything on the master node
 and sync the satellite checks (disk, memory, etc.). The satellites run their
 own local scheduler and will send the check result messages back to the master.
 
-![Icinga 2 Distributed Top Down Config Sync](images/distributed-monitoring/icinga2_distributed_top_down_config_sync.png)
+![Icinga 2 Distributed Top Down Config Sync](images/distributed-monitoring/icinga2_distributed_monitoring_satellite_config_sync.png)
 
 Advantages:
 
@@ -1096,126 +1187,151 @@ Disadvantages:
 * Additional zone and endpoint configuration needed.
 * Replay log is replicated on reconnect after connection loss. This might increase the data transfer and create an overload on the connection.
 
+> **Note**
+>
+> This mode only supports **configuration text files** for Icinga. Do not abuse
+> this for syncing binaries, this is not supported and may harm your production
+> environment. The config sync uses checksums to detect changes, binaries may
+> trigger reload loops.
+>
+> This is a fair warning. If you want to deploy plugin binaries, create
+> packages for dependency management and use infrastructure lifecycle tools
+> such as Foreman, Puppet, Ansible, etc.
+
 To make sure that all involved nodes accept configuration and/or
 commands, you need to configure the `Zone` and `Endpoint` hierarchy
 on all nodes.
 
 * `icinga2-master1.localdomain` is the configuration master in this scenario.
-* `icinga2-client2.localdomain` acts as client which receives configuration from the master. Checks are scheduled locally.
+* `icinga2-satellite1.localdomain` acts as satellite which receives configuration from the master. Checks are scheduled locally.
 
 Include the endpoint and zone configuration on **both** nodes in the file `/etc/icinga2/zones.conf`.
 
 The endpoint configuration could look like this:
 
-    [root@icinga2-client2.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-satellite1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-master1.localdomain" {
-      host = "192.168.56.101"
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  host = "192.168.56.101"
+}
 
-    object Endpoint "icinga2-client2.localdomain" {
-      host = "192.168.56.112"
-    }
+object Endpoint "icinga2-satellite1.localdomain" {
+  host = "192.168.56.105"
+}
+```
 
-Next, you need to define two zones. There is no naming convention, best practice is to either use `master`, `satellite`/`client-fqdn` or to choose region names for example `Europe`, `USA` and `Asia`, though.
+Next, you need to define two zones. There is no naming convention, best practice is to either use `master`, `satellite`/`agent-fqdn` or to choose region names for example `Europe`, `USA` and `Asia`, though.
 
-**Note**: Each client requires its own zone and endpoint configuration. Best practice
-is to use the client's FQDN for all object names.
+The `master` zone is a parent of the `satellite` zone:
 
-The `master` zone is a parent of the `icinga2-client2.localdomain` zone:
+```
+[root@icinga2-agent2.localdomain /]# vim /etc/icinga2/zones.conf
 
-    [root@icinga2-client2.localdomain /]# vim /etc/icinga2/zones.conf
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain" ] //array with endpoint names
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain" ] //array with endpoint names
-    }
+object Zone "satellite" {
+  endpoints = [ "icinga2-satellite1.localdomain" ]
 
-    object Zone "icinga2-client2.localdomain" {
-      endpoints = [ "icinga2-client2.localdomain" ]
+  parent = "master" //establish zone hierarchy
+}
+```
 
-      parent = "master" //establish zone hierarchy
-    }
-
-Edit the `api` feature on the client `icinga2-client2.localdomain` in
+Edit the `api` feature on the satellite `icinga2-satellite1.localdomain` in
 the `/etc/icinga2/features-enabled/api.conf` file and set
 `accept_config` to `true`.
 
-    [root@icinga2-client2.localdomain /]# vim /etc/icinga2/features-enabled/api.conf
+```
+[root@icinga2-satellite1.localdomain /]# vim /etc/icinga2/features-enabled/api.conf
 
-    object ApiListener "api" {
-       //...
-       accept_config = true
-    }
+object ApiListener "api" {
+   //...
+   accept_config = true
+}
+```
 
 Now it is time to validate the configuration and to restart the Icinga 2 daemon
 on both nodes.
 
 Example on CentOS 7:
 
-    [root@icinga2-client2.localdomain /]# icinga2 daemon -C
-    [root@icinga2-client2.localdomain /]# systemctl restart icinga2
-
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-satellite1.localdomain /]# icinga2 daemon -C
+[root@icinga2-satellite1.localdomain /]# systemctl restart icinga2
 
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
 **Tip**: Best practice is to use a [global zone](06-distributed-monitoring.md#distributed-monitoring-global-zone-config-sync)
 for common configuration items (check commands, templates, groups, etc.).
 
-Once the clients have connected successfully, it's time for the next step: **execute
-a local check on the client using the configuration sync**.
+Once the satellite(s) have connected successfully, it's time for the next step: **execute
+a local check on the satellite using the configuration sync**.
 
 Navigate to `/etc/icinga2/zones.d` on your master node
 `icinga2-master1.localdomain` and create a new directory with the same
-name as your satellite/client zone name:
+name as your satellite/agent zone name:
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/icinga2-client2.localdomain
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/satellite
+```
 
 Add the host and service objects you want to monitor. There is
 no limitation for files and directories -- best practice is to
 sort things by type.
 
-By convention a master/satellite/client host object should use the same name as the endpoint object.
-You can also add multiple hosts which execute checks against remote services/clients.
+By convention a master/satellite/agent host object should use the same name as the endpoint object.
+You can also add multiple hosts which execute checks against remote services/agents via [command endpoint](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
+checks.
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/icinga2-client2.localdomain
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/icinga2-client2.localdomain]# vim hosts.conf
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/satellite
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim hosts.conf
 
-    object Host "icinga2-client2.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.112"
-      zone = "master" //optional trick: sync the required host object to the client, but enforce the "master" zone to execute the check
-    }
+object Host "icinga2-satellite1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.112"
+  zone = "master" //optional trick: sync the required host object to the satellite, but enforce the "master" zone to execute the check
+}
+```
 
-Given that you are monitoring a Linux client we'll just add a local [disk](10-icinga-template-library.md#plugin-check-command-disk)
+Given that you are monitoring a Linux satellite add a local [disk](10-icinga-template-library.md#plugin-check-command-disk)
 check.
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/icinga2-client2.localdomain]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim services.conf
 
-    object Service "disk" {
-      host_name = "icinga2-client2.localdomain"
+object Service "disk" {
+  host_name = "icinga2-satellite1.localdomain"
 
-      check_command = "disk"
-    }
+  check_command = "disk"
+}
+```
 
 Save the changes and validate the configuration on the master node:
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+```
 
 Restart the Icinga 2 daemon (example for CentOS 7):
 
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
 The following steps will happen:
 
 * Icinga 2 validates the configuration on `icinga2-master1.localdomain`.
 * Icinga 2 copies the configuration into its zone config store in `/var/lib/icinga2/api/zones`.
 * The `icinga2-master1.localdomain` node sends a config update event to all endpoints in the same or direct child zones.
-* The `icinga2-client2.localdomain` node accepts config and populates the local zone config store with the received config files.
-* The `icinga2-client2.localdomain` node validates the configuration and automatically restarts.
+* The `icinga2-satellite1.localdomain` node accepts config and populates the local zone config store with the received config files.
+* The `icinga2-satellite1.localdomain` node validates the configuration and automatically restarts.
 
-Again, there is no interaction required on the client
-itself.
+Again, there is no interaction required on the satellite itself.
 
 You can also use the config sync inside a high-availability zone to
 ensure that all config objects are synced among zone members.
@@ -1232,185 +1348,258 @@ section where you can find detailed information on extending the setup.
 
 
 If you are eager to start fresh instead you might take a look into the
-[Icinga Director](https://github.com/icinga/icingaweb2-module-director).
+[Icinga Director](https://icinga.com/docs/director/latest/).
 
 ## Scenarios <a id="distributed-monitoring-scenarios"></a>
 
 The following examples should give you an idea on how to build your own
 distributed monitoring environment. We've seen them all in production
-environments and received feedback from our [community](https://www.icinga.com/community/get-involved/)
-and [partner support](https://www.icinga.com/services/support/) channels:
+environments and received feedback from our [community](https://community.icinga.com/)
+and [partner support](https://icinga.com/support/) channels:
 
-* Single master with clients.
-* HA master with clients as command endpoint.
-* Three level cluster with config HA masters, satellites receiving config sync, and clients checked using command endpoint.
+* [Single master with agents](06-distributed-monitoring.md#distributed-monitoring-master-agents).
+* [HA master with agents as command endpoint](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-agents)
+* [Three level cluster](06-distributed-monitoring.md#distributed-monitoring-scenarios-master-satellite-agents) with config HA masters, satellites receiving config sync, and agents checked using command endpoint.
 
-### Master with Clients <a id="distributed-monitoring-master-clients"></a>
+You can also extend the cluster tree depth to four levels e.g. with 2 satellite levels.
+Just keep in mind that multiple levels become harder to debug in case of errors.
 
-![Icinga 2 Distributed Master with Clients](images/distributed-monitoring/icinga2_distributed_scenarios_master_clients.png)
+You can also start with a single master setup, and later add a secondary
+master endpoint. This requires an extra step with the [initial sync](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-initial-sync)
+for cloning the runtime state. This is described in detail [here](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-agents).
+
+<!-- Keep this for compatiblity -->
+<a id="distributed-monitoring-master-clients"></a>
+
+### Master with Agents <a id="distributed-monitoring-master-agents"></a>
+
+In this scenario, a single master node runs the check scheduler, notifications
+and IDO database backend and uses the [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
+to execute checks on the remote agents.
+
+![Icinga 2 Distributed Master with Agents](images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_with_agents.png)
 
 * `icinga2-master1.localdomain` is the primary master node.
-* `icinga2-client1.localdomain` and `icinga2-client2.localdomain` are two child nodes as clients.
+* `icinga2-agent1.localdomain` and `icinga2-agent2.localdomain` are two child nodes as agents.
 
 Setup requirements:
 
 * Set up `icinga2-master1.localdomain` as [master](06-distributed-monitoring.md#distributed-monitoring-setup-master).
-* Set up `icinga2-client1.localdomain` and `icinga2-client2.localdomain` as [client](06-distributed-monitoring.md#distributed-monitoring-setup-satellite-client).
+* Set up `icinga2-agent1.localdomain` and `icinga2-agent2.localdomain` as [agent](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite).
 
 Edit the `zones.conf` configuration file on the master:
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-master1.localdomain" {
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // That's us
+}
 
-    object Endpoint "icinga2-client1.localdomain" {
-      host = "192.168.56.111" //the master actively tries to connect to the client
-    }
+object Endpoint "icinga2-agent1.localdomain" {
+  host = "192.168.56.111" // The master actively tries to connect to the agent
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
 
-    object Endpoint "icinga2-client2.localdomain" {
-      host = "192.168.56.112" //the master actively tries to connect to the client
-    }
+object Endpoint "icinga2-agent2.localdomain" {
+  host = "192.168.56.112" // The master actively tries to connect to the agent
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain" ]
-    }
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain" ]
+}
 
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
 
-      parent = "master"
-    }
+  parent = "master"
+}
 
-    object Zone "icinga2-client2.localdomain" {
-      endpoints = [ "icinga2-client2.localdomain" ]
+object Zone "icinga2-agent2.localdomain" {
+  endpoints = [ "icinga2-agent2.localdomain" ]
 
-      parent = "master"
-    }
+  parent = "master"
+}
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+object Zone "director-global" {
+  global = true
+}
+```
 
-The two client nodes do not necessarily need to know about each other. The only important thing
+The two agent nodes do not need to know about each other. The only important thing
 is that they know about the parent zone and their endpoint members (and optionally the global zone).
 
 If you specify the `host` attribute in the `icinga2-master1.localdomain` endpoint object,
-the client will actively try to connect to the master node. Since we've specified the client
-endpoint's attribute on the master node already, we don't want the clients to connect to the
+the agent will actively try to connect to the master node. Since you've specified the agent
+endpoint's attribute on the master node already, you don't want the agents to connect to the
 master. **Choose one [connection direction](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-connection-direction).**
 
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-master1.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+}
 
-    object Endpoint "icinga2-client1.localdomain" {
-    }
+object Endpoint "icinga2-agent1.localdomain" {
+  // That's us
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain" ]
-    }
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain" ]
+}
 
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
 
-      parent = "master"
-    }
+  parent = "master"
+}
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+object Zone "director-global" {
+  global = true
+}
+```
+```
+[root@icinga2-agent2.localdomain /]# vim /etc/icinga2/zones.conf
 
-    [root@icinga2-client2.localdomain /]# vim /etc/icinga2/zones.conf
+object Endpoint "icinga2-master1.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+}
 
-    object Endpoint "icinga2-master1.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-    }
+object Endpoint "icinga2-agent2.localdomain" {
+  // That's us
+}
 
-    object Endpoint "icinga2-client2.localdomain" {
-    }
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain" ]
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain" ]
-    }
+object Zone "icinga2-agent2.localdomain" {
+  endpoints = [ "icinga2-agent2.localdomain" ]
 
-    object Zone "icinga2-client2.localdomain" {
-      endpoints = [ "icinga2-client2.localdomain" ]
+  parent = "master"
+}
 
-      parent = "master"
-    }
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+object Zone "director-global" {
+  global = true
+}
+```
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
-
-Now it is time to define the two client hosts and apply service checks using
+Now it is time to define the two agent hosts and apply service checks using
 the command endpoint execution method on them. Note: You can also use the
 config sync mode here.
 
 Create a new configuration directory on the master node:
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+```
 
-Add the two client nodes as host objects:
+Add the two agent nodes as host objects:
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
 
-    object Host "icinga2-client1.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.111"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-    }
+object Host "icinga2-agent1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.111"
 
-    object Host "icinga2-client2.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.112"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-    }
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+}
+
+object Host "icinga2-agent2.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.112"
+
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+}
+```
 
 Add services using command endpoint checks:
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
 
-    apply Service "ping4" {
-      check_command = "ping4"
-      //check is executed on the master node
-      assign where host.address
-    }
+apply Service "ping4" {
+  check_command = "ping4"
 
-    apply Service "disk" {
-      check_command = "disk"
+  //check is executed on the master node
+  assign where host.address
+}
 
-      //specify where the check is executed
-      command_endpoint = host.vars.client_endpoint
+apply Service "disk" {
+  check_command = "disk"
 
-      assign where host.vars.client_endpoint
-    }
+  // Execute the check on the remote command endpoint
+  command_endpoint = host.vars.agent_endpoint
+
+  // Assign the service onto an agent
+  assign where host.vars.agent_endpoint
+}
+```
 
 Validate the configuration and restart Icinga 2 on the master node `icinga2-master1.localdomain`.
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
-Open Icinga Web 2 and check the two newly created client hosts with two new services
+Open Icinga Web 2 and check the two newly created agent hosts with two new services
 -- one executed locally (`ping4`) and one using command endpoint (`disk`).
 
-### High-Availability Master with Clients <a id="distributed-monitoring-scenarios-ha-master-clients"></a>
+> **Note**
+>
+> You don't necessarily need to add the agent endpoint/zone configuration objects
+> into the master's zones.conf file. Instead, you can put them into `/etc/icinga2/zones.d/master`
+> either in `hosts.conf` shown above, or in a new file called `agents.conf`.
 
-![Icinga 2 Distributed High Availability Master with Clients](images/distributed-monitoring/icinga2_distributed_scenarios_ha_master_clients.png)
+> **Tip**:
+>
+> It's a good idea to add [health checks](06-distributed-monitoring.md#distributed-monitoring-health-checks)
+to make sure that your cluster notifies you in case of failure.
 
-This scenario is similar to the one in the [previous section](06-distributed-monitoring.md#distributed-monitoring-master-clients). The only difference is that we will now set up two master nodes in a high-availability setup.
+In terms of health checks, consider adding the following for this scenario:
+
+- Master node(s) check the connection to the agents
+- Optional: Add dependencies for the agent host to prevent unwanted notifications when agents are unreachable
+
+Proceed in [this chapter](06-distributed-monitoring.md#distributed-monitoring-health-checks-master-agents).
+
+<!-- Keep this for compatibility -->
+<a id="distributed-monitoring-scenarios-ha-master-clients"></a>
+
+### High-Availability Master with Agents <a id="distributed-monitoring-scenarios-ha-master-agents"></a>
+
+This scenario is similar to the one in the [previous section](06-distributed-monitoring.md#distributed-monitoring-master-agents). The only difference is that we will now set up two master nodes in a high-availability setup.
 These nodes must be configured as zone and endpoints objects.
 
+![Icinga 2 Distributed High Availability Master with Agents](images/distributed-monitoring/icinga2_distributed_monitoring_scenario_ha_masters_with_agents.png)
+
 The setup uses the capabilities of the Icinga 2 cluster. All zone members
-replicate cluster events amongst each other. In addition to that, several Icinga 2
-features can enable HA functionality.
+replicate cluster events between each other. In addition to that, several Icinga 2
+features can enable [HA functionality](06-distributed-monitoring.md#distributed-monitoring-high-availability-features).
+
+Best practice is to run the database backend on a dedicated server/cluster and
+only expose a virtual IP address to Icinga and the IDO feature. By default, only one
+endpoint will actively write to the backend then. Typical setups for MySQL clusters
+involve Master-Master-Replication (Master-Slave-Replication in both directions) or Galera,
+more tips can be found on our [community forums](https://community.icinga.com/).
+The IDO object must have the same `instance_name` on all master nodes.
 
 **Note**: All nodes in the same zone require that you enable the same features for high-availability (HA).
 
@@ -1418,16 +1607,16 @@ Overview:
 
 * `icinga2-master1.localdomain` is the config master master node.
 * `icinga2-master2.localdomain` is the secondary master master node without config in `zones.d`.
-* `icinga2-client1.localdomain` and `icinga2-client2.localdomain` are two child nodes as clients.
+* `icinga2-agent1.localdomain` and `icinga2-agent2.localdomain` are two child nodes as agents.
 
 Setup requirements:
 
 * Set up `icinga2-master1.localdomain` as [master](06-distributed-monitoring.md#distributed-monitoring-setup-master).
-* Set up `icinga2-master2.localdomain` as [client](06-distributed-monitoring.md#distributed-monitoring-setup-satellite-client) (we will modify the generated configuration).
-* Set up `icinga2-client1.localdomain` and `icinga2-client2.localdomain` as [clients](06-distributed-monitoring.md#distributed-monitoring-setup-satellite-client) (when asked for adding multiple masters, set to `y` and add the secondary master `icinga2-master2.localdomain`).
+* Set up `icinga2-master2.localdomain` as [satellite](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite) (**we will modify the generated configuration**).
+* Set up `icinga2-agent1.localdomain` and `icinga2-agent2.localdomain` as [agents](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite) (when asked for adding multiple masters, set to `y` and add the secondary master `icinga2-master2.localdomain`).
 
 In case you don't want to use the CLI commands, you can also manually create and sync the
-required SSL certificates. We will modify and discuss all the details of the automatically generated configuration here.
+required TLS certificates. We will modify and discuss all the details of the automatically generated configuration here.
 
 Since there are now two nodes in the same zone, we must consider the
 [high-availability features](06-distributed-monitoring.md#distributed-monitoring-high-availability-features).
@@ -1441,445 +1630,791 @@ you can disable the HA feature and write to a local database on each node.
 Both methods require that you configure Icinga Web 2 accordingly (monitoring
 backend, IDO database, used transports, etc.).
 
-The zone hierarchy could look like this. It involves putting the two master nodes
-`icinga2-master1.localdomain` and `icinga2-master2.localdomain` into the `master` zone.
+> **Note**
+>
+> You can also start with a single master shown [here](06-distributed-monitoring.md#distributed-monitoring-master-agents) and later add
+> the second master. This requires an extra step with the [initial sync](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-initial-sync)
+> for cloning the runtime state after done. Once done, proceed here.
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
+In this scenario, we are not adding the agent configuration immediately
+to the `zones.conf` file but will establish the hierarchy later.
 
-    object Endpoint "icinga2-master1.localdomain" {
-      host = "192.168.56.101"
-    }
+The first master looks like this:
 
-    object Endpoint "icinga2-master2.localdomain" {
-      host = "192.168.56.102"
-    }
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-client1.localdomain" {
-      host = "192.168.56.111" //the master actively tries to connect to the client
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // That's us
+}
 
-    object Endpoint "icinga2-client2.localdomain" {
-      host = "192.168.56.112" //the master actively tries to connect to the client
-    }
+object Endpoint "icinga2-master2.localdomain" {
+  host = "192.168.56.102" // Actively connect to the secondary master
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
-    }
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
+}
 
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+object Zone "director-global" {
+  global = true
+}
+```
 
-      parent = "master"
-    }
+The secondary master waits for connection attempts from the first master,
+and therefore does not try to connect to it again.
 
-    object Zone "icinga2-client2.localdomain" {
-      endpoints = [ "icinga2-client2.localdomain" ]
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
 
-      parent = "master"
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // That's us
+}
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+object Endpoint "icinga2-master2.localdomain" {
+  // The first master already connects to us
+}
 
-The two client nodes do not necessarily need to know about each other. The only important thing
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
+}
+
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+object Zone "director-global" {
+  global = true
+}
+```
+
+Restart both masters and ensure the initial connection and TLS handshake works.
+
+The two agent nodes do not need to know about each other. The only important thing
 is that they know about the parent zone and their endpoint members (and optionally about the global zone).
 
 If you specify the `host` attribute in the `icinga2-master1.localdomain` and `icinga2-master2.localdomain`
-endpoint objects, the client will actively try to connect to the master node. Since we've specified the client
-endpoint's attribute on the master node already, we don't want the clients to connect to the
+endpoint objects, the agent will actively try to connect to the master node. Since we've specified the agent
+endpoint's attribute on the master node already, we don't want the agent to connect to the
 master nodes. **Choose one [connection direction](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-connection-direction).**
 
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-master1.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+}
 
-    object Endpoint "icinga2-master2.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-    }
+object Endpoint "icinga2-master2.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+}
 
-    object Endpoint "icinga2-client1.localdomain" {
-    }
+object Endpoint "icinga2-agent1.localdomain" {
+  // That's us
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
-    }
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
+}
 
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
 
-      parent = "master"
-    }
+  parent = "master"
+}
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+object Zone "director-global" {
+  global = true
+}
 
-    [root@icinga2-client2.localdomain /]# vim /etc/icinga2/zones.conf
+```
 
-    object Endpoint "icinga2-master1.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-    }
+```
+[root@icinga2-agent2.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-master2.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+}
 
-    object Endpoint "icinga2-client2.localdomain" {
-    }
+object Endpoint "icinga2-master2.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
-    }
+object Endpoint "icinga2-agent2.localdomain" {
+  //That's us
+}
 
-    object Zone "icinga2-client2.localdomain" {
-      endpoints = [ "icinga2-client2.localdomain" ]
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
+}
 
-      parent = "master"
-    }
+object Zone "icinga2-agent2.localdomain" {
+  endpoints = [ "icinga2-agent2.localdomain" ]
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+  parent = "master"
+}
 
-Now it is time to define the two client hosts and apply service checks using
-the command endpoint execution method. Note: You can also use the
-config sync mode here.
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+object Zone "director-global" {
+  global = true
+}
+```
+
+Now it is time to define the two agent hosts and apply service checks using
+the command endpoint execution method.
 
 Create a new configuration directory on the master node `icinga2-master1.localdomain`.
 **Note**: The secondary master node `icinga2-master2.localdomain` receives the
 configuration using the [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync).
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+```
 
-Add the two client nodes as host objects:
+Add the two agent nodes with their zone/endpoint and host object configuration.
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+> **Note**
+>
+> In order to keep things in sync between the two HA masters,
+> keep the `zones.conf` file as small as possible.
+>
+> You can create the agent zone and endpoint objects inside the
+> master zone and have them synced to the secondary master.
+> The cluster config sync enforces a reload allowing the secondary
+> master to connect to the agents as well.
 
-    object Host "icinga2-client1.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.111"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-    }
+Edit the `zones.conf` file and ensure that the agent zone/endpoint objects
+are **not** specified in there.
 
-    object Host "icinga2-client2.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.112"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-    }
+Then navigate into `/etc/icinga2/zones.d/master` and create a new file `agents.conf`.
+
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim agents.conf
+
+//-----------------------------------------------
+// Endpoints
+
+object Endpoint "icinga2-agent1.localdomain" {
+  host = "192.168.56.111" // The master actively tries to connect to the agent
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
+
+object Endpoint "icinga2-agent2.localdomain" {
+  host = "192.168.56.112" // The master actively tries to connect to the agent
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
+
+//-----------------------------------------------
+// Zones
+
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
+
+  parent = "master"
+}
+
+object Zone "icinga2-agent2.localdomain" {
+  endpoints = [ "icinga2-agent2.localdomain" ]
+
+  parent = "master"
+}
+```
+
+Whenever you need to add an agent again, edit the mentioned files.
+
+Next, create the corresponding host objects for the agents. Use the same names
+for host and endpoint objects.
+
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+
+object Host "icinga2-agent1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.111"
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+}
+
+object Host "icinga2-agent2.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.112"
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+}
+```
 
 Add services using command endpoint checks:
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
 
-    apply Service "ping4" {
-      check_command = "ping4"
-      //check is executed on the master node
-      assign where host.address
-    }
+apply Service "ping4" {
+  check_command = "ping4"
 
-    apply Service "disk" {
-      check_command = "disk"
+  // Check is executed on the master node
+  assign where host.address
+}
 
-      //specify where the check is executed
-      command_endpoint = host.vars.client_endpoint
+apply Service "disk" {
+  check_command = "disk"
 
-      assign where host.vars.client_endpoint
-    }
+  // Check is executed on the remote command endpoint
+  command_endpoint = host.vars.agent_endpoint
+
+  assign where host.vars.agent_endpoint
+}
+```
 
 Validate the configuration and restart Icinga 2 on the master node `icinga2-master1.localdomain`.
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
-Open Icinga Web 2 and check the two newly created client hosts with two new services
+Open Icinga Web 2 and check the two newly created agent hosts with two new services
 -- one executed locally (`ping4`) and one using command endpoint (`disk`).
 
-**Tip**: It's a good idea to add [health checks](06-distributed-monitoring.md#distributed-monitoring-health-checks)
+> **Tip**:
+>
+> It's a good idea to add [health checks](06-distributed-monitoring.md#distributed-monitoring-health-checks)
 to make sure that your cluster notifies you in case of failure.
 
+In terms of health checks, consider adding the following for this scenario:
 
-### Three Levels with Master, Satellites, and Clients <a id="distributed-monitoring-scenarios-master-satellite-client"></a>
+- Master node(s) check the connection to the agents
+- Optional: Add dependencies for the agent host to prevent unwanted notifications when agents are unreachable
 
-![Icinga 2 Distributed Master and Satellites with Clients](images/distributed-monitoring/icinga2_distributed_scenarios_master_satellite_client.png)
+Proceed in [this chapter](06-distributed-monitoring.md#distributed-monitoring-health-checks-master-agents).
+
+<!-- Keep this for compatibility -->
+<a id="distributed-monitoring-scenarios-master-satellite-client"></a>
+
+### Three Levels with Masters, Satellites and Agents <a id="distributed-monitoring-scenarios-master-satellite-agents"></a>
 
 This scenario combines everything you've learned so far: High-availability masters,
-satellites receiving their configuration from the master zone, and clients checked via command
+satellites receiving their configuration from the master zone, and agents checked via command
 endpoint from the satellite zones.
 
-**Tip**: It can get complicated, so grab a pen and paper and bring your thoughts to life.
-Play around with a test setup before using it in a production environment!
+![Icinga 2 Distributed Master and Satellites with Agents](images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_satellites_agents.png)
+
+> **Tip**:
+>
+> It can get complicated, so grab a pen and paper and bring your thoughts to life.
+> Play around with a test setup before using it in a production environment!
+
+Best practice is to run the database backend on a dedicated server/cluster and
+only expose a virtual IP address to Icinga and the IDO feature. By default, only one
+endpoint will actively write to the backend then. Typical setups for MySQL clusters
+involve Master-Master-Replication (Master-Slave-Replication in both directions) or Galera,
+more tips can be found on our [community forums](https://community.icinga.com/).
 
 Overview:
 
 * `icinga2-master1.localdomain` is the configuration master master node.
 * `icinga2-master2.localdomain` is the secondary master master node without configuration in `zones.d`.
-* `icinga2-satellite1.localdomain` and `icinga2-satellite2.localdomain` are satellite nodes in a `master` child zone.
-* `icinga2-client1.localdomain` and `icinga2-client2.localdomain` are two child nodes as clients.
+* `icinga2-satellite1.localdomain` and `icinga2-satellite2.localdomain` are satellite nodes in a `master` child zone. They forward CSR signing requests to the master zone.
+* `icinga2-agent1.localdomain` and `icinga2-agent2.localdomain` are two child nodes as agents.
 
 Setup requirements:
 
 * Set up `icinga2-master1.localdomain` as [master](06-distributed-monitoring.md#distributed-monitoring-setup-master).
-* Set up `icinga2-master2.localdomain`, `icinga2-satellite1.localdomain` and `icinga2-satellite2.localdomain` as [clients](06-distributed-monitoring.md#distributed-monitoring-setup-satellite-client) (we will modify the generated configuration).
-* Set up `icinga2-client1.localdomain` and `icinga2-client2.localdomain` as [clients](06-distributed-monitoring.md#distributed-monitoring-setup-satellite-client).
+* Set up `icinga2-master2.localdomain`, `icinga2-satellite1.localdomain` and `icinga2-satellite2.localdomain` as [agents](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite) (we will modify the generated configuration).
+* Set up `icinga2-agent1.localdomain` and `icinga2-agent2.localdomain` as [agents](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite).
 
-When being asked for the master endpoint providing CSR auto-signing capabilities,
-please add the master node which holds the CA and has the `ApiListener` feature configured and enabled.
-The parent endpoint must still remain the satellite endpoint name.
+When being asked for the parent endpoint providing CSR auto-signing capabilities,
+please add one of the satellite nodes. **Note**: This requires Icinga 2 v2.8+
+and the `CA Proxy` on all master, satellite and agent nodes.
 
-Example for `icinga2-client1.localdomain`:
+Example for `icinga2-agent1.localdomain`:
 
-    Please specify the master endpoint(s) this node should connect to:
+```
+Please specify the parent endpoint(s) (master or satellite) where this node should connect to:
+```
 
-Master is the first satellite `icinga2-satellite1.localdomain`:
+Parent endpoint is the first satellite `icinga2-satellite1.localdomain`:
 
-    Master Common Name (CN from your master setup): icinga2-satellite1.localdomain
-    Do you want to establish a connection to the master from this node? [Y/n]: y
-    Please fill out the master connection information:
-    Master endpoint host (Your master's IP address or FQDN): 192.168.56.105
-    Master endpoint port [5665]:
+```
+Master/Satellite Common Name (CN from your master/satellite node): icinga2-satellite1.localdomain
+Do you want to establish a connection to the parent node from this node? [Y/n]: y
 
-Add the second satellite `icinga2-satellite2.localdomain` as master:
+Please specify the master/satellite connection information:
+Master/Satellite endpoint host (IP address or FQDN): 192.168.56.105
+Master/Satellite endpoint port [5665]: 5665
+```
 
-    Add more master endpoints? [y/N]: y
-    Master Common Name (CN from your master setup): icinga2-satellite2.localdomain
-    Do you want to establish a connection to the master from this node? [Y/n]: y
-    Please fill out the master connection information:
-    Master endpoint host (Your master's IP address or FQDN): 192.168.56.106
-    Master endpoint port [5665]:
-    Add more master endpoints? [y/N]: n
+Add the second satellite `icinga2-satellite2.localdomain` as parent:
 
-Specify the master node `icinga2-master2.localdomain` with the CA private key and ticket salt:
+```
+Add more master/satellite endpoints? [y/N]: y
 
-    Please specify the master connection for CSR auto-signing (defaults to master endpoint host):
-    Host [192.168.56.106]: icinga2-master1.localdomain
-    Port [5665]:
+Master/Satellite Common Name (CN from your master/satellite node): icinga2-satellite2.localdomain
+Do you want to establish a connection to the parent node from this node? [Y/n]: y
 
-In case you cannot connect to the master node from your clients, you'll manually need
-to [generate the SSL certificates](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-certificates-manual)
-and modify the configuration accordingly.
+Please specify the master/satellite connection information:
+Master/Satellite endpoint host (IP address or FQDN): 192.168.56.106
+Master/Satellite endpoint port [5665]: 5665
 
-We'll discuss the details of the required configuration below.
+Add more master/satellite endpoints? [y/N]: n
+```
+
+The specified parent nodes will forward the CSR signing request to the master instances.
+
+Proceed with adding the optional client ticket for [CSR auto-signing](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing):
+
+```
+Please specify the request ticket generated on your Icinga 2 master (optional).
+ (Hint: # icinga2 pki ticket --cn 'icinga2-agent1.localdomain'):
+4f75d2ecd253575fe9180938ebff7cbca262f96e
+```
+
+In case you've chosen to use [On-Demand CSR Signing](06-distributed-monitoring.md#distributed-monitoring-setup-on-demand-csr-signing)
+you can leave the ticket question blank.
+
+Instead, Icinga 2 tells you to approve the request later on the master node.
+
+```
+No ticket was specified. Please approve the certificate signing request manually
+on the master (see 'icinga2 ca list' and 'icinga2 ca sign --help' for details).
+```
+
+You can optionally specify a different bind host and/or port.
+
+```
+Please specify the API bind host/port (optional):
+Bind Host []:
+Bind Port []:
+```
+
+The next step asks you to accept configuration (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync))
+and commands (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)).
+
+```
+Accept config from parent node? [y/N]: y
+Accept commands from parent node? [y/N]: y
+```
+
+Next you can optionally specify the local and parent zone names. This will be reflected
+in the generated zone configuration file.
+
+```
+Local zone name [icinga2-agent1.localdomain]: icinga2-agent1.localdomain
+```
+
+Set the parent zone name to `satellite` for this agent.
+
+```
+Parent zone name [master]: satellite
+```
+
+You can add more global zones in addition to `global-templates` and `director-global` if necessary.
+Press `Enter` or choose `n`, if you don't want to add any additional.
+
+```
+Reconfiguring Icinga...
+
+Default global zones: global-templates director-global
+Do you want to specify additional global zones? [y/N]: N
+```
+
+Last but not least the wizard asks you whether you want to disable the inclusion of the local configuration
+directory in `conf.d`, or not. Defaults to disabled, since agents are checked via command endpoint and the example
+configuration would collide with this mode.
+
+```
+Do you want to disable the inclusion of the conf.d directory [Y/n]: Y
+Disabling the inclusion of the conf.d directory...
+```
+
+
+**We'll discuss the details of the required configuration below. Most of this
+configuration can be rendered by the setup wizards.**
 
 The zone hierarchy can look like this. We'll define only the directly connected zones here.
 
-You can safely deploy this configuration onto all master and satellite zone
-members. You should keep in mind to control the endpoint [connection direction](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-connection-direction)
-using the `host` attribute.
+The master instances should actively connect to the satellite instances, therefore
+the configuration on `icinga2-master1.localdomain` and `icinga2-master2.localdomain`
+must include the `host` attribute for the satellite endpoints:
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-master1.localdomain" {
-      host = "192.168.56.101"
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // That's us
+}
 
-    object Endpoint "icinga2-master2.localdomain" {
-      host = "192.168.56.102"
-    }
+object Endpoint "icinga2-master2.localdomain" {
+  host = "192.168.56.102" // Actively connect to the second master.
+}
 
-    object Endpoint "icinga2-satellite1.localdomain" {
-      host = "192.168.56.105"
-    }
+object Endpoint "icinga2-satellite1.localdomain" {
+  host = "192.168.56.105" // Actively connect to the satellites.
+}
 
-    object Endpoint "icinga2-satellite2.localdomain" {
-      host = "192.168.56.106"
-    }
+object Endpoint "icinga2-satellite2.localdomain" {
+  host = "192.168.56.106" // Actively connect to the satellites.
+}
 
-    object Zone "master" {
-      endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
-    }
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
+}
+```
 
-    object Zone "satellite" {
-      endpoints = [ "icinga2-satellite1.localdomain", "icinga2-satellite2.localdomain" ]
+The endpoint configuration on the secondary master looks similar,
+but changes the connection attributes - the first master already
+tries to connect, there is no need for a secondary attempt.
 
-      parent = "master"
-    }
+```
+[root@icinga2-master2.localdomain /]# vim /etc/icinga2/zones.conf
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // First master already connects to us
+}
 
-Repeat the configuration step for `icinga2-master2.localdomain`, `icinga2-satellite1.localdomain`
-and `icinga2-satellite2.localdomain`.
+object Endpoint "icinga2-master2.localdomain" {
+  // That's us
+}
+
+object Endpoint "icinga2-satellite1.localdomain" {
+  host = "192.168.56.105" // Actively connect to the satellites.
+}
+
+object Endpoint "icinga2-satellite2.localdomain" {
+  host = "192.168.56.106" // Actively connect to the satellites.
+}
+```
+
+The zone configuration on both masters looks the same. Add this
+to the corresponding `zones.conf` entries for the endpoints.
+
+```
+object Zone "satellite" {
+  endpoints = [ "icinga2-satellite1.localdomain", "icinga2-satellite2.localdomain" ]
+
+  parent = "master"
+}
+
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+
+object Zone "director-global" {
+  global = true
+}
+
+```
+
+In contrast to that, the satellite instances `icinga2-satellite1.localdomain`
+and `icinga2-satellite2.localdomain` should not actively connect to the master
+instances.
+
+```
+[root@icinga2-satellite1.localdomain /]# vim /etc/icinga2/zones.conf
+
+object Endpoint "icinga2-master1.localdomain" {
+  // This endpoint will connect to us
+}
+
+object Endpoint "icinga2-master2.localdomain" {
+  // This endpoint will connect to us
+}
+
+object Endpoint "icinga2-satellite1.localdomain" {
+  // That's us
+}
+
+object Endpoint "icinga2-satellite2.localdomain" {
+  host = "192.168.56.106" // Actively connect to the secondary satellite
+}
+```
+
+Again, only one side is required to establish the connection inside the HA zone.
+Since satellite1 already connects to satellite2, leave out the `host` attribute
+for `icinga2-satellite1.localdomain` on satellite2.
+
+```
+[root@icinga2-satellite2.localdomain /]# vim /etc/icinga2/zones.conf
+
+object Endpoint "icinga2-master1.localdomain" {
+  // This endpoint will connect to us
+}
+
+object Endpoint "icinga2-master2.localdomain" {
+  // This endpoint will connect to us
+}
+
+object Endpoint "icinga2-satellite1.localdomain" {
+  // First satellite already connects to us
+}
+
+object Endpoint "icinga2-satellite2.localdomain" {
+  // That's us
+}
+```
+
+The zone configuration on both satellites looks the same. Add this
+to the corresponding `zones.conf` entries for the endpoints.
+
+```
+object Zone "master" {
+  endpoints = [ "icinga2-master1.localdomain", "icinga2-master2.localdomain" ]
+}
+
+object Zone "satellite" {
+  endpoints = [ "icinga2-satellite1.localdomain", "icinga2-satellite2.localdomain" ]
+
+  parent = "master"
+}
+
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+
+object Zone "director-global" {
+  global = true
+}
+```
+
+Keep in mind to control the endpoint [connection direction](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-connection-direction)
+using the `host` attribute, also for other endpoints in the same zone.
 
 Since we want to use [top down command endpoint](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint) checks,
-we must configure the client endpoint and zone objects.
-In order to minimize the effort, we'll sync the client zone and endpoint configuration to the
-satellites where the connection information is needed as well.
+we must configure the agent endpoint and zone objects.
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/{master,satellite,global-templates}
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/satellite
+In order to minimize the effort, we'll sync the agent zone and endpoint configuration to the
+satellites where the connection information is needed as well. Note: This only works with satellite
+and agents, since there already is a trust relationship between the master and the satellite zone.
+The cluster config sync to the satellite invokes an automated reload causing the agent connection attempts.
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-client1.localdomain.conf
+`icinga2-master1.localdomain` is the configuration master where everything is stored:
 
-    object Endpoint "icinga2-client1.localdomain" {
-      host = "192.168.56.111" //the satellite actively tries to connect to the client
-    }
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/{master,satellite,global-templates}
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/satellite
 
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-agent1.localdomain.conf
 
-      parent = "satellite"
-    }
+object Endpoint "icinga2-agent1.localdomain" {
+  host = "192.168.56.111" // The satellite actively tries to connect to the agent
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-client2.localdomain.conf
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
 
-    object Endpoint "icinga2-client2.localdomain" {
-      host = "192.168.56.112" //the satellite actively tries to connect to the client
-    }
+  parent = "satellite"
+}
 
-    object Zone "icinga2-client2.localdomain" {
-      endpoints = [ "icinga2-client2.localdomain" ]
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-agent2.localdomain.conf
 
-      parent = "satellite"
-    }
+object Endpoint "icinga2-agent2.localdomain" {
+  host = "192.168.56.112" // The satellite actively tries to connect to the agent
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
 
-The two client nodes do not necessarily need to know about each other, either. The only important thing
+object Zone "icinga2-agent2.localdomain" {
+  endpoints = [ "icinga2-agent2.localdomain" ]
+
+  parent = "satellite"
+}
+```
+
+The two agent nodes do not need to know about each other. The only important thing
 is that they know about the parent zone (the satellite) and their endpoint members (and optionally the global zone).
 
-If you specify the `host` attribute in the `icinga2-satellite1.localdomain` and `icinga2-satellite2.localdomain`
-endpoint objects, the client node will actively try to connect to the satellite node. Since we've specified the client
-endpoint's attribute on the satellite node already, we don't want the client node to connect to the
-satellite nodes. **Choose one [connection direction](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-connection-direction).**
+> **Tipp**
+>
+> In the example above we've specified the `host` attribute in the agent endpoint configuration. In this mode,
+> the satellites actively connect to the agents. This costs some resources on the satellite -- if you prefer to
+> offload the connection attempts to the agent, or your DMZ requires this, you can also change the **[connection direction](06-distributed-monitoring.md#distributed-monitoring-advanced-hints-connection-direction).**
+>
+> 1) Don't set the `host` attribute for the agent endpoints put into `zones.d/satellite`.
+> 2) Modify each agent's zones.conf file and add the `host` attribute to all parent satellites. You can automate this with using the `node wizard/setup` CLI commands.
 
-Example for `icinga2-client1.localdomain`:
+The agents are waiting for the satellites to connect, therefore they don't specify
+the `host` attribute in the endpoint objects locally.
 
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
+Example for `icinga2-agent1.localdomain`:
 
-    object Endpoint "icinga2-satellite1.localdomain" {
-      //do not actively connect to the satellite by leaving out the 'host' attribute
-    }
+```
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-satellite2.localdomain" {
-      //do not actively connect to the satellite by leaving out the 'host' attribute
-    }
+object Endpoint "icinga2-satellite1.localdomain" {
+  // Do not actively connect to the satellite by leaving out the 'host' attribute
+}
 
-    object Endpoint "icinga2-client1.localdomain" {
-      //that's us
-    }
+object Endpoint "icinga2-satellite2.localdomain" {
+  // Do not actively connect to the satellite by leaving out the 'host' attribute
+}
 
-    object Zone "satellite" {
-      endpoints = [ "icinga2-satellite1.localdomain", "icinga2-satellite2.localdomain" ]
-    }
+object Endpoint "icinga2-agent1.localdomain" {
+  // That's us
+}
 
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
+object Zone "satellite" {
+  endpoints = [ "icinga2-satellite1.localdomain", "icinga2-satellite2.localdomain" ]
+}
 
-      parent = "satellite"
-    }
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+  parent = "satellite"
+}
 
-Example for `icinga2-client2.localdomain`:
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
 
-    [root@icinga2-client2.localdomain /]# vim /etc/icinga2/zones.conf
+object Zone "director-global" {
+  global = true
+}
+```
 
-    object Endpoint "icinga2-satellite1.localdomain" {
-      //do not actively connect to the satellite by leaving out the 'host' attribute
-    }
+Example for `icinga2-agent2.localdomain`:
 
-    object Endpoint "icinga2-satellite2.localdomain" {
-      //do not actively connect to the satellite by leaving out the 'host' attribute
-    }
+```
+[root@icinga2-agent2.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Endpoint "icinga2-client2.localdomain" {
-      //that's us
-    }
+object Endpoint "icinga2-satellite1.localdomain" {
+  // Do not actively connect to the satellite by leaving out the 'host' attribute
+}
 
-    object Zone "satellite" {
-      endpoints = [ "icinga2-satellite1.localdomain", "icinga2-satellite2.localdomain" ]
-    }
+object Endpoint "icinga2-satellite2.localdomain" {
+  // Do not actively connect to the satellite by leaving out the 'host' attribute
+}
 
-    object Zone "icinga2-client2.localdomain" {
-      endpoints = [ "icinga2-client2.localdomain" ]
+object Endpoint "icinga2-agent2.localdomain" {
+  // That's us
+}
 
-      parent = "satellite"
-    }
+object Zone "satellite" {
+  endpoints = [ "icinga2-satellite1.localdomain", "icinga2-satellite2.localdomain" ]
+}
 
-    /* sync global commands */
-    object Zone "global-templates" {
-      global = true
-    }
+object Zone "icinga2-agent2.localdomain" {
+  endpoints = [ "icinga2-agent2.localdomain" ]
 
-Now it is time to define the two client hosts on the master, sync them to the satellites
+  parent = "satellite"
+}
+
+/* sync global commands */
+object Zone "global-templates" {
+  global = true
+}
+
+object Zone "director-global" {
+  global = true
+}
+```
+
+Now it is time to define the two agents hosts on the master, sync them to the satellites
 and apply service checks using the command endpoint execution method to them.
-Add the two client nodes as host objects to the `satellite` zone.
+Add the two agent nodes as host objects to the `satellite` zone.
 
 We've already created the directories in `/etc/icinga2/zones.d` including the files for the
-zone and endpoint configuration for the clients.
+zone and endpoint configuration for the agents.
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/satellite
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/satellite
+```
 
-Add the host object configuration for the `icinga2-client1.localdomain` client. You should
+Add the host object configuration for the `icinga2-agent1.localdomain` agent. You should
 have created the configuration file in the previous steps and it should contain the endpoint
 and zone object configuration already.
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-client1.localdomain.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-agent1.localdomain.conf
 
-    object Host "icinga2-client1.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.111"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-    }
+object Host "icinga2-agent1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.111"
 
-Add the host object configuration for the `icinga2-client2.localdomain` client configuration file:
+  vars.agent_endpoint = name // Follows the convention that host name == endpoint name
+}
+```
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-client2.localdomain.conf
+Add the host object configuration for the `icinga2-agent2.localdomain` agent configuration file:
 
-    object Host "icinga2-client2.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.112"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-    }
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim icinga2-agent2.localdomain.conf
+
+object Host "icinga2-agent2.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.112"
+
+  vars.agent_endpoint = name // Follows the convention that host name == endpoint name
+}
+```
 
 Add a service object which is executed on the satellite nodes (e.g. `ping4`). Pin the apply rule to the `satellite` zone only.
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim services.conf
 
-    apply Service "ping4" {
-      check_command = "ping4"
-      //check is executed on the satellite node
-      assign where host.zone == "satellite" && host.address
-    }
+apply Service "ping4" {
+  check_command = "ping4"
+
+  // Check is executed on the satellite node
+  assign where host.zone == "satellite" && host.address
+}
+```
 
 Add services using command endpoint checks. Pin the apply rules to the `satellite` zone only.
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim services.conf
 
-    apply Service "disk" {
-      check_command = "disk"
+apply Service "disk" {
+  check_command = "disk"
 
-      //specify where the check is executed
-      command_endpoint = host.vars.client_endpoint
+  // Execute the check on the remote command endpoint
+  command_endpoint = host.vars.agent_endpoint
 
-      assign where host.zone == "satellite" && host.vars.client_endpoint
-    }
+  assign where host.zone == "satellite" && host.vars.agent_endpoint
+}
+```
 
 Validate the configuration and restart Icinga 2 on the master node `icinga2-master1.localdomain`.
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
-Open Icinga Web 2 and check the two newly created client hosts with two new services
+Open Icinga Web 2 and check the two newly created agent hosts with two new services
 -- one executed locally (`ping4`) and one using command endpoint (`disk`).
 
-**Tip**: It's a good idea to add [health checks](06-distributed-monitoring.md#distributed-monitoring-health-checks)
+> **Tip**:
+>
+> It's a good idea to add [health checks](06-distributed-monitoring.md#distributed-monitoring-health-checks)
 to make sure that your cluster notifies you in case of failure.
 
+In terms of health checks, consider adding the following for this scenario:
+
+- Master nodes check whether the satellite zone is connected
+- Satellite nodes check the connection to the agents
+- Optional: Add dependencies for the agent host to prevent unwanted notifications when agents are unreachable
+
+Proceed in [this chapter](06-distributed-monitoring.md#distributed-monitoring-health-checks-master-satellite-agent).
+
+
 ## Best Practice <a id="distributed-monitoring-best-practice"></a>
 
 We've put together a collection of configuration examples from community feedback.
-If you like to share your tips and tricks with us, please join the [community channels](https://www.icinga.com/community/get-involved/)!
+If you like to share your tips and tricks with us, please join the [community channels](https://icinga.com/community/)!
 
 ### Global Zone for Config Sync <a id="distributed-monitoring-global-zone-config-sync"></a>
 
@@ -1893,50 +2428,63 @@ to all nodes depending on them. Common examples are:
 * Group objects.
 * TimePeriod objects.
 
-Plugin scripts and binaries cannot be synced, this is for Icinga 2
+Plugin scripts and binaries must not be synced, this is for Icinga 2
 configuration files only. Use your preferred package repository
 and/or configuration management tool (Puppet, Ansible, Chef, etc.)
-for that.
+for keeping packages and scripts uptodate.
 
 **Note**: Checkable objects (hosts and services) cannot be put into a global
-zone. The configuration validation will terminate with an error.
+zone. The configuration validation will terminate with an error. Apply rules
+work as they are evaluated locally on each endpoint.
 
 The zone object configuration must be deployed on all nodes which should receive
 the global configuration files:
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    object Zone "global-templates" {
-      global = true
-    }
+object Zone "global-commands" {
+  global = true
+}
+```
 
-Note: Packages >= 2.8 provide this configuration by default.
+The default global zones generated by the setup wizards are called `global-templates` and `director-global`.
+
+While you can should `global-templates` for your global configuration, `director-global` is reserved for use
+by [Icinga Director](https://icinga.com/docs/director/latest/). Please don't
+place any configuration in it manually.
 
 Similar to the zone configuration sync you'll need to create a new directory in
 `/etc/icinga2/zones.d`:
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/global-templates
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/global-commands
+```
 
 Next, add a new check command, for example:
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/global-templates/commands.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/global-commands/web.conf
 
-    object CheckCommand "my-cmd" {
-      //...
-    }
+object CheckCommand "webinject" {
+  //...
+}
+```
 
-Restart the client(s) which should receive the global zone before
+Restart the endpoints(s) which should receive the global zone before
 before restarting the parent master/satellite nodes.
 
 Then validate the configuration on the master node and restart Icinga 2.
 
 **Tip**: You can copy the example configuration files located in `/etc/icinga2/conf.d`
-into your global zone.
+into the default global zone `global-templates`.
 
 Example:
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/conf.d
-    [root@icinga2-master1.localdomain /etc/icinga2/conf.d]# cp {commands,groups,notifications,services,templates,timeperiods,users}.conf /etc/icinga2/zones.d/global-templates
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/conf.d
+[root@icinga2-master1.localdomain /etc/icinga2/conf.d]# cp {commands,groups,notifications,services,templates,timeperiods,users}.conf /etc/icinga2/zones.d/global-templates
+```
 
 ### Health Checks <a id="distributed-monitoring-health-checks"></a>
 
@@ -1947,72 +2495,158 @@ checks.
 In order to minimize the problems caused by this, you should configure
 additional health checks.
 
-The `cluster` check, for example, will check if all endpoints in the current zone and the directly
-connected zones are working properly:
-
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-master1.localdomain.conf
-
-    object Host "icinga2-master1.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.101"
-    }
-
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/cluster.conf
-
-    object Service "cluster" {
-      check_command = "cluster"
-      check_interval = 5s
-      retry_interval = 1s
-
-      host_name = "icinga2-master1.localdomain"
-    }
+#### cluster-zone with Masters and Agents <a id="distributed-monitoring-health-checks-master-agents"></a>
 
 The `cluster-zone` check will test whether the configured target zone is currently
-connected or not. This example adds a health check for the [ha master with clients scenario](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-clients).
+connected or not. This example adds a health check for the [ha master with agents scenario](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-agents).
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/services.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/services.conf
 
-    apply Service "cluster-health" {
-      check_command = "cluster-zone"
+apply Service "agent-health" {
+  check_command = "cluster-zone"
 
-      display_name = "cluster-health-" + host.name
+  display_name = "cluster-health-" + host.name
 
-      /* This follows the convention that the client zone name is the FQDN which is the same as the host object name. */
-      vars.cluster_zone = host.name
+  /* This follows the convention that the agent zone name is the FQDN which is the same as the host object name. */
+  vars.cluster_zone = host.name
 
-      assign where host.vars.client_endpoint
-    }
+  assign where host.vars.agent_endpoint
+}
+```
 
-In case you cannot assign the `cluster_zone` attribute, add specific
-checks to your cluster:
+In order to prevent unwanted notifications, add a service dependency which gets applied to
+all services using the command endpoint mode.
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/cluster.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/dependencies.conf
 
-    object Service "cluster-zone-satellite" {
-      check_command = "cluster-zone"
-      check_interval = 5s
-      retry_interval = 1s
-      vars.cluster_zone = "satellite"
+apply Dependency "agent-health-check" to Service {
+  parent_service_name = "agent-health"
 
-      host_name = "icinga2-master1.localdomain"
-    }
+  states = [ OK ] // Fail if the parent service state switches to NOT-OK
+  disable_notifications = true
 
+  assign where host.vars.agent_endpoint // Automatically assigns all agent endpoint checks as child services on the matched host
+  ignore where service.name == "agent-health" // Avoid a self reference from child to parent
+}
+```
 
-If you are using top down checks with command endpoint configuration, you can
-add a dependency which prevents notifications for all other failing services:
+#### cluster-zone with Masters, Satellites and Agents <a id="distributed-monitoring-health-checks-master-satellite-agent"></a>
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/dependencies.conf
+This example adds health checks for the [master, satellites and agents scenario](06-distributed-monitoring.md#distributed-monitoring-scenarios-master-satellite-agents).
 
-    apply Dependency "health-check" to Service {
-      parent_service_name = "child-health"
+Whenever the connection between the master and satellite zone breaks,
+you may encounter late check results in Icinga Web. In order to view
+this failure and also send notifications, add the following configuration:
 
-      states = [ OK ]
-      disable_notifications = true
+First, add the two masters as host objects to the master zone, if not already
+existing.
 
-      assign where host.vars.client_endpoint
-      ignore where service.name == "child-health"
-    }
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/hosts.conf
+
+object Host "icinga2-master1.localdomain" {
+  check_command = "hostalive"
+
+  address = "192.168.56.101"
+}
+
+object Host "icinga2-master2.localdomain" {
+  check_command = "hostalive"
+
+  address = "192.168.56.102"
+}
+```
+
+Add service health checks against the satellite zone.
+
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/health.conf
+
+apply Service "satellite-zone-health" {
+  check_command = "cluster-zone"
+  check_interval = 30s
+  retry_interval = 10s
+
+  vars.cluster_zone = "satellite"
+
+  assign where match("icinga2-master*.localdomain", host.name)
+}
+```
+
+**Don't forget to create notification apply rules for these services.**
+
+Next are health checks for agents connected to the satellite zone.
+Navigate into the satellite directory in `zones.d`:
+
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/satellite
+```
+
+You should already have configured agent host objects following [the master, satellite, agents scenario](06-distributed-monitoring.md#distributed-monitoring-scenarios-master-satellite-agents).
+Add a new configuration file where all the health checks are defined.
+
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim health.conf
+
+apply Service "agent-health" {
+  check_command = "cluster-zone"
+
+  display_name = "agent-health-" + host.name
+
+  // This follows the convention that the agent zone name is the FQDN which is the same as the host object name.
+  vars.cluster_zone = host.name
+
+  // Create this health check for agent hosts in the satellite zone
+  assign where host.zone == "satellite" && host.vars.agent_endpoint
+}
+```
+
+In order to prevent unwanted notifications, add a service dependency which gets applied to
+all services using the command endpoint mode.
+
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/satellite]# vim health.conf
+
+apply Dependency "agent-health-check" to Service {
+  parent_service_name = "agent-health"
+
+  states = [ OK ] // Fail if the parent service state switches to NOT-OK
+  disable_notifications = true
+
+  assign where host.zone == "satellite" && host.vars.agent_endpoint // Automatically assigns all agent endpoint checks as child services on the matched host
+  ignore where service.name == "agent-health" // Avoid a self reference from child to parent
+}
+```
+
+This is all done on the configuration master, and requires the scenario to be fully up and running.
+
+#### Cluster Check
+
+The `cluster` check will check if all endpoints in the current zone and the directly
+connected zones are working properly. The disadvantage of using this check is that
+you cannot monitor 3 or more cluster levels with it.
+
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-master1.localdomain.conf
+
+object Host "icinga2-master1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.101"
+}
+
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/cluster.conf
+
+object Service "cluster" {
+  check_command = "cluster"
+  check_interval = 5s
+  retry_interval = 1s
+
+  host_name = "icinga2-master1.localdomain"
+}
+```
 
 ### Pin Checks in a Zone <a id="distributed-monitoring-pin-checks-zone"></a>
 
@@ -2020,23 +2654,25 @@ In case you want to pin specific checks to their endpoints in a given zone you'l
 the `command_endpoint` attribute. This is reasonable if you want to
 execute a local disk check in the `master` Zone on a specific endpoint then.
 
-    [root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-master1.localdomain.conf
+```
+[root@icinga2-master1.localdomain /]# mkdir -p /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/icinga2-master1.localdomain.conf
 
-    object Host "icinga2-master1.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.101"
-    }
+object Host "icinga2-master1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.101"
+}
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/services.conf
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.d/master/services.conf
 
-    apply Service "disk" {
-      check_command = "disk"
+apply Service "disk" {
+  check_command = "disk"
 
-      command_endpoint = host.name //requires a host object matching the endpoint object name e.g. icinga2-master1.localdomain
+  command_endpoint = host.name //requires a host object matching the endpoint object name e.g. icinga2-master1.localdomain
 
-      assign where host.zone == "master" && match("icinga2-master*", host.name)
-    }
+  assign where host.zone == "master" && match("icinga2-master*", host.name)
+}
+```
 
 The `host.zone` attribute check inside the expression ensures that
 the service object is only created for host objects inside the `master`
@@ -2050,85 +2686,91 @@ function ensures to only create services for the master nodes.
 By default ICMP requests are disabled in the Windows firewall. You can
 change that by [adding a new rule](https://support.microsoft.com/en-us/kb/947709).
 
-    C:\WINDOWS\system32>netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
+```
+C:\> netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
+```
 
 #### Icinga 2 <a id="distributed-monitoring-windows-firewall-icinga2"></a>
 
-If your master/satellite nodes should actively connect to the Windows client
+If your master/satellite nodes should actively connect to the Windows agent
 you'll also need to ensure that port `5665` is enabled.
 
-    C:\WINDOWS\system32>netsh advfirewall firewall add rule name="Open port 5665 (Icinga 2)" dir=in action=allow protocol=TCP localport=5665
+```
+C:\> netsh advfirewall firewall add rule name="Open port 5665 (Icinga 2)" dir=in action=allow protocol=TCP localport=5665
+```
 
 #### NSClient++ API <a id="distributed-monitoring-windows-firewall-nsclient-api"></a>
 
 If the [check_nscp_api](06-distributed-monitoring.md#distributed-monitoring-windows-nscp-check-api)
 plugin is used to query NSClient++, you need to ensure that its port is enabled.
 
-    C:\WINDOWS\system32>netsh advfirewall firewall add rule name="Open port 8443 (NSClient++ API)" dir=in action=allow protocol=TCP localport=8443
+```
+C:\> netsh advfirewall firewall add rule name="Open port 8443 (NSClient++ API)" dir=in action=allow protocol=TCP localport=8443
+```
 
 For security reasons, it is advised to enable the NSClient++ HTTP API for local
-connection from the Icinga 2 client only. Remote connections to the HTTP API
+connection from the Icinga agent only. Remote connections to the HTTP API
 are not recommended with using the legacy HTTP API.
 
-### Windows Client and Plugins <a id="distributed-monitoring-windows-plugins"></a>
+### Windows Agent and Plugins <a id="distributed-monitoring-windows-plugins"></a>
 
 The Icinga 2 package on Windows already provides several plugins.
 Detailed [documentation](10-icinga-template-library.md#windows-plugins) is available for all check command definitions.
 
-Add the following `include` statement on all your nodes (master, satellite, client):
-
-    vim /etc/icinga2/icinga2.conf
-
-    include <windows-plugins>
-
-Based on the [master with clients](06-distributed-monitoring.md#distributed-monitoring-master-clients)
+Based on the [master with agents](06-distributed-monitoring.md#distributed-monitoring-master-agents)
 scenario we'll now add a local disk check.
 
-First, add the client node as host object:
+First, add the agent node as host object:
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
 
-    object Host "icinga2-client2.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.112"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-      vars.os_type = "windows"
-    }
+object Host "icinga2-agent2.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.112"
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+  vars.os_type = "windows"
+}
+```
 
 Next, add the disk check using command endpoint checks (details in the
 [disk-windows](10-icinga-template-library.md#windows-plugins-disk-windows) documentation):
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
 
-    apply Service "disk C:" {
-      check_command = "disk-windows"
+apply Service "disk C:" {
+  check_command = "disk-windows"
 
-      vars.disk_win_path = "C:"
+  vars.disk_win_path = "C:"
 
-      //specify where the check is executed
-      command_endpoint = host.vars.client_endpoint
+  //specify where the check is executed
+  command_endpoint = host.vars.agent_endpoint
 
-      assign where host.vars.os_type == "windows" && host.vars.client_endpoint
-    }
+  assign where host.vars.os_type == "windows" && host.vars.agent_endpoint
+}
+```
 
 Validate the configuration and restart Icinga 2.
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
 Open Icinga Web 2 and check your newly added Windows disk check :)
 
-![Icinga 2 Client Windows](images/distributed-monitoring/icinga2_distributed_windows_client_disk_icingaweb2.png)
+![Icinga Windows Agent](images/distributed-monitoring/icinga2_distributed_windows_client_disk_icingaweb2.png)
 
 If you want to add your own plugins please check [this chapter](05-service-monitoring.md#service-monitoring-requirements)
 for the requirements.
 
-### Windows Client and NSClient++ <a id="distributed-monitoring-windows-nscp"></a>
+### Windows Agent and NSClient++ <a id="distributed-monitoring-windows-nscp"></a>
 
 There are two methods available for querying NSClient++:
 
-* Query the [HTTP API](06-distributed-monitoring.md#distributed-monitoring-windows-nscp-check-api) locally from an Icinga 2 client (requires a running NSClient++ service)
+* Query the [HTTP API](06-distributed-monitoring.md#distributed-monitoring-windows-nscp-check-api) locally from an Icinga agent (requires a running NSClient++ service)
 * Run a [local CLI check](06-distributed-monitoring.md#distributed-monitoring-windows-nscp-check-local) (does not require NSClient++ as a service)
 
 Both methods have their advantages and disadvantages. One thing to
@@ -2137,164 +2779,183 @@ CPU utilization, please use the HTTP API instead of the CLI sample call.
 
 #### NSCLient++ with check_nscp_api <a id="distributed-monitoring-windows-nscp-check-api"></a>
 
-The [Windows setup](06-distributed-monitoring.md#distributed-monitoring-setup-client-windows) already allows
+The [Windows setup](06-distributed-monitoring.md#distributed-monitoring-setup-agent-windows) already allows
 you to install the NSClient++ package. In addition to the Windows plugins you can
 use the [nscp_api command](10-icinga-template-library.md#nscp-check-api) provided by the Icinga Template Library (ITL).
 
 The initial setup for the NSClient++ API and the required arguments
 is the described in the ITL chapter for the [nscp_api](10-icinga-template-library.md#nscp-check-api) CheckCommand.
 
-Based on the [master with clients](06-distributed-monitoring.md#distributed-monitoring-master-clients)
+Based on the [master with agents](06-distributed-monitoring.md#distributed-monitoring-master-agents)
 scenario we'll now add a local nscp check which queries the NSClient++ API to check the free disk space.
 
-Define a host object called `icinga2-client2.localdomain` on the master. Add the `nscp_api_password`
-custom attribute and specify the drives to check.
+Define a host object called `icinga2-agent2.localdomain` on the master. Add the `nscp_api_password`
+custom variable and specify the drives to check.
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
 
-    object Host "icinga2-client1.localdomain" {
-        check_command = "hostalive"
-        address = "192.168.56.111"
-        vars.client_endpoint = name //follows the convention that host name == endpoint name
-        vars.os_type = "Windows"
-        vars.nscp_api_password = "icinga"
-        vars.drives = [ "C:", "D:" ]
-    }
+object Host "icinga2-agent1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.111"
+
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+  vars.os_type = "Windows"
+  vars.nscp_api_password = "icinga"
+  vars.drives = [ "C:", "D:" ]
+}
+```
 
 The service checks are generated using an [apply for](03-monitoring-basics.md#using-apply-for)
 rule based on `host.vars.drives`:
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
 
-    apply Service "nscp-api-" for (drive in host.vars.drives) {
-      import "generic-service"
+apply Service "nscp-api-" for (drive in host.vars.drives) {
+  import "generic-service"
 
-      check_command = "nscp_api"
-      command_endpoint = host.vars.client_endpoint
+  check_command = "nscp_api"
+  command_endpoint = host.vars.agent_endpoint
 
-      //display_name = "nscp-drive-" + drive
+  //display_name = "nscp-drive-" + drive
 
-      vars.nscp_api_host = "localhost"
-      vars.nscp_api_query = "check_drivesize"
-      vars.nscp_api_password = host.vars.nscp_api_password
-      vars.nscp_api_arguments = [ "drive=" +  drive ]
+  vars.nscp_api_host = "localhost"
+  vars.nscp_api_query = "check_drivesize"
+  vars.nscp_api_password = host.vars.nscp_api_password
+  vars.nscp_api_arguments = [ "drive=" +  drive ]
 
-      ignore where host.vars.os_type != "Windows"
-    }
+  ignore where host.vars.os_type != "Windows"
+}
+```
 
 Validate the configuration and restart Icinga 2.
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
 Two new services ("nscp-drive-D:" and "nscp-drive-C:") will be visible in Icinga Web 2.
 
-![Icinga 2 Distributed Monitoring Windows Client with NSClient++ nscp-api](images/distributed-monitoring/icinga2_distributed_windows_nscp_api_drivesize_icingaweb2.png)
+![Icinga 2 Distributed Monitoring Windows Agent with NSClient++ nscp-api](images/distributed-monitoring/icinga2_distributed_windows_nscp_api_drivesize_icingaweb2.png)
 
 Note: You can also omit the `command_endpoint` configuration to execute
 the command on the master. This also requires a different value for `nscp_api_host`
 which defaults to `host.address`.
 
-      //command_endpoint = host.vars.client_endpoint
+```
+  //command_endpoint = host.vars.agent_endpoint
 
-      //vars.nscp_api_host = "localhost"
+  //vars.nscp_api_host = "localhost"
+```
 
 You can verify the check execution by looking at the `Check Source` attribute
 in Icinga Web 2 or the REST API.
 
 If you want to monitor specific Windows services, you could use the following example:
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
 
-    object Host "icinga2-client1.localdomain" {
-        check_command = "hostalive"
-        address = "192.168.56.111"
-        vars.client_endpoint = name //follows the convention that host name == endpoint name
-        vars.os_type = "Windows"
-        vars.nscp_api_password = "icinga"
-        vars.services = [ "Windows Update", "wscsvc" ]
-    }
+object Host "icinga2-agent1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.111"
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+  vars.os_type = "Windows"
+  vars.nscp_api_password = "icinga"
+  vars.services = [ "Windows Update", "wscsvc" ]
+}
 
-    apply Service "nscp-api-" for (svc in host.vars.services) {
-      import "generic-service"
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
 
-      check_command = "nscp_api"
-      command_endpoint = host.vars.client_endpoint
+apply Service "nscp-api-" for (svc in host.vars.services) {
+  import "generic-service"
 
-      //display_name = "nscp-service-" + svc
+  check_command = "nscp_api"
+  command_endpoint = host.vars.agent_endpoint
 
-      vars.nscp_api_host = "localhost"
-      vars.nscp_api_query = "check_service"
-      vars.nscp_api_password = host.vars.nscp_api_password
-      vars.nscp_api_arguments = [ "service=" + svc ]
+  //display_name = "nscp-service-" + svc
 
-      ignore where host.vars.os_type != "Windows"
-    }
+  vars.nscp_api_host = "localhost"
+  vars.nscp_api_query = "check_service"
+  vars.nscp_api_password = host.vars.nscp_api_password
+  vars.nscp_api_arguments = [ "service=" + svc ]
+
+  ignore where host.vars.os_type != "Windows"
+}
+```
 
 #### NSCLient++ with nscp-local <a id="distributed-monitoring-windows-nscp-check-local"></a>
 
-The [Windows setup](06-distributed-monitoring.md#distributed-monitoring-setup-client-windows) already allows
-you to install the NSClient++ package. In addition to the Windows plugins you can
+The [Windows setup](06-distributed-monitoring.md#distributed-monitoring-setup-agent-windows) allows
+you to install the bundled NSClient++ package. In addition to the Windows plugins you can
 use the [nscp-local commands](10-icinga-template-library.md#nscp-plugin-check-commands)
 provided by the Icinga Template Library (ITL).
 
-![Icinga 2 Distributed Monitoring Windows Client with NSClient++](images/distributed-monitoring/icinga2_distributed_windows_nscp.png)
+Add the following `include` statement on all your nodes (master, satellite, agent):
 
-Add the following `include` statement on all your nodes (master, satellite, client):
+```
+vim /etc/icinga2/icinga2.conf
 
-    vim /etc/icinga2/icinga2.conf
-
-    include <nscp>
+include <nscp>
+```
 
 The CheckCommand definitions will automatically determine the installed path
 to the `nscp.exe` binary.
 
-Based on the [master with clients](06-distributed-monitoring.md#distributed-monitoring-master-clients)
+Based on the [master with agents](06-distributed-monitoring.md#distributed-monitoring-master-agents)
 scenario we'll now add a local nscp check querying a given performance counter.
 
-First, add the client node as host object:
+First, add the agent node as host object:
 
-    [root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
+```
+[root@icinga2-master1.localdomain /]# cd /etc/icinga2/zones.d/master
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim hosts.conf
 
-    object Host "icinga2-client1.localdomain" {
-      check_command = "hostalive"
-      address = "192.168.56.111"
-      vars.client_endpoint = name //follows the convention that host name == endpoint name
-      vars.os_type = "windows"
-    }
+object Host "icinga2-agent1.localdomain" {
+  check_command = "hostalive"
+  address = "192.168.56.111"
+
+  vars.agent_endpoint = name //follows the convention that host name == endpoint name
+  vars.os_type = "windows"
+}
+```
 
 Next, add a performance counter check using command endpoint checks (details in the
 [nscp-local-counter](10-icinga-template-library.md#nscp-check-local-counter) documentation):
 
-    [root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
+```
+[root@icinga2-master1.localdomain /etc/icinga2/zones.d/master]# vim services.conf
 
-    apply Service "nscp-local-counter-cpu" {
-      check_command = "nscp-local-counter"
-      command_endpoint = host.vars.client_endpoint
+apply Service "nscp-local-counter-cpu" {
+  check_command = "nscp-local-counter"
+  command_endpoint = host.vars.agent_endpoint
 
-      vars.nscp_counter_name = "\\Processor(_total)\\% Processor Time"
-      vars.nscp_counter_perfsyntax = "Total Processor Time"
-      vars.nscp_counter_warning = 1
-      vars.nscp_counter_critical = 5
+  vars.nscp_counter_name = "\\Processor(_total)\\% Processor Time"
+  vars.nscp_counter_perfsyntax = "Total Processor Time"
+  vars.nscp_counter_warning = 1
+  vars.nscp_counter_critical = 5
 
-      vars.nscp_counter_showall = true
+  vars.nscp_counter_showall = true
 
-      assign where host.vars.os_type == "windows" && host.vars.client_endpoint
-    }
+  assign where host.vars.os_type == "windows" && host.vars.agent_endpoint
+}
+```
 
 Validate the configuration and restart Icinga 2.
 
-    [root@icinga2-master1.localdomain /]# icinga2 daemon -C
-    [root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-master1.localdomain /]# icinga2 daemon -C
+[root@icinga2-master1.localdomain /]# systemctl restart icinga2
+```
 
 Open Icinga Web 2 and check your newly added Windows NSClient++ check :)
 
-![Icinga 2 Distributed Monitoring Windows Client with NSClient++ nscp-local](images/distributed-monitoring/icinga2_distributed_windows_nscp_counter_icingaweb2.png)
+![Icinga 2 Distributed Monitoring Windows Agent with NSClient++ nscp-local](images/distributed-monitoring/icinga2_distributed_windows_nscp_counter_icingaweb2.png)
 
 > **Tip**
 >
@@ -2309,10 +2970,11 @@ with automating setups (setup, certificates, configuration).
 
 ### Certificate Auto-Renewal <a id="distributed-monitoring-certificate-auto-renewal"></a>
 
-Icinga 2 v2.8+ adds the possibility that nodes request certificate updates
+Icinga 2 v2.8+ added the possibility that nodes request certificate updates
 on their own. If their expiration date is soon enough, they automatically
 renew their already signed certificate by sending a signing request to the
-parent node.
+parent node. You'll also see a message in the logs if certificate renewal
+isn't necessary.
 
 ### High-Availability for Icinga 2 Features <a id="distributed-monitoring-high-availability-features"></a>
 
@@ -2323,6 +2985,12 @@ By default, the following features provide advanced HA functionality:
 * [Checks](06-distributed-monitoring.md#distributed-monitoring-high-availability-checks) (load balanced, automated failover).
 * [Notifications](06-distributed-monitoring.md#distributed-monitoring-high-availability-notifications) (load balanced, automated failover).
 * [DB IDO](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido) (Run-Once, automated failover).
+* [Elasticsearch](09-object-types.md#objecttype-elasticsearchwriter)
+* [Gelf](09-object-types.md#objecttype-gelfwriter)
+* [Graphite](09-object-types.md#objecttype-graphitewriter)
+* [InfluxDB](09-object-types.md#objecttype-influxdbwriter)
+* [OpenTsdb](09-object-types.md#objecttype-opentsdbwriter)
+* [Perfdata](09-object-types.md#objecttype-perfdatawriter) (for PNP)
 
 #### High-Availability with Checks <a id="distributed-monitoring-high-availability-checks"></a>
 
@@ -2331,7 +2999,9 @@ have the `checker` feature enabled.
 
 Example:
 
-    # icinga2 feature enable checker
+```
+# icinga2 feature enable checker
+```
 
 All nodes in the same zone load-balance the check execution. If one instance shuts down,
 the other nodes will automatically take over the remaining checks.
@@ -2343,7 +3013,9 @@ have the `notification` feature enabled.
 
 Example:
 
-    # icinga2 feature enable notification
+```
+# icinga2 feature enable notification
+```
 
 Notifications are load-balanced amongst all nodes in a zone. By default this functionality
 is enabled.
@@ -2358,7 +3030,9 @@ have the DB IDO feature enabled.
 
 Example DB IDO MySQL:
 
-    # icinga2 feature enable ido-mysql
+```
+# icinga2 feature enable ido-mysql
+```
 
 By default the DB IDO feature only runs on one node. All other nodes in the same zone disable
 the active IDO database connection at runtime. The node with the active DB IDO connection is
@@ -2379,11 +3053,13 @@ The DB IDO feature will try to determine which cluster endpoint is currently wri
 to the database and bail out if another endpoint is active. You can manually verify that
 by running the following query command:
 
-    icinga=> SELECT status_update_time, endpoint_name FROM icinga_programstatus;
-       status_update_time   | endpoint_name
-    ------------------------+---------------
-     2016-08-15 15:52:26+02 | icinga2-master1.localdomain
-    (1 Zeile)
+```
+icinga=> SELECT status_update_time, endpoint_name FROM icinga_programstatus;
+   status_update_time   | endpoint_name
+------------------------+---------------
+ 2016-08-15 15:52:26+02 | icinga2-master1.localdomain
+(1 Zeile)
+```
 
 This is useful when the cluster connection between endpoints breaks, and prevents
 data duplication in split-brain-scenarios. The failover timeout can be set for the
@@ -2391,38 +3067,43 @@ data duplication in split-brain-scenarios. The failover timeout can be set for t
 
 ### Endpoint Connection Direction <a id="distributed-monitoring-advanced-hints-connection-direction"></a>
 
-Nodes will attempt to connect to another node when its local [Endpoint](09-object-types.md#objecttype-endpoint) object
+Endpoints attempt to connect to another endpoint when its local [Endpoint](09-object-types.md#objecttype-endpoint) object
 configuration specifies a valid `host` attribute (FQDN or IP address).
 
 Example for the master node `icinga2-master1.localdomain` actively connecting
-to the client node `icinga2-client1.localdomain`:
+to the agent node `icinga2-agent1.localdomain`:
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    //...
+//...
 
-    object Endpoint "icinga2-client1.localdomain" {
-      host = "192.168.56.111" //the master actively tries to connect to the client
-      log_duration = 0
-    }
+object Endpoint "icinga2-agent1.localdomain" {
+  host = "192.168.56.111" // The master actively tries to connect to the agent
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
+```
 
-Example for the client node `icinga2-client1.localdomain` not actively
+Example for the agent node `icinga2-agent1.localdomain` not actively
 connecting to the master node `icinga2-master1.localdomain`:
 
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    //...
+//...
 
-    object Endpoint "icinga2-master1.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-      log_duration = 0
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+  log_duration = 0 // Disable the replay log for command endpoint agents
+}
+```
 
-It is not necessary that both the master and the client node establish
+It is not necessary that both the master and the agent node establish
 two connections to each other. Icinga 2 will only use one connection
-and close the second connection if established.
+and close the second connection if established. This generates useless
+CPU cycles and leads to blocking resources when the connection times out.
 
-**Tip**: Choose either to let master/satellite nodes connect to client nodes
+**Tip**: Choose either to let master/satellite nodes connect to agent nodes
 or vice versa.
 
 
@@ -2433,60 +3114,76 @@ keep the same history (check results, notifications, etc.) when nodes are tempor
 disconnected and then reconnect.
 
 This functionality is not needed when a master/satellite node is sending check
-execution events to a client which is purely configured for [command endpoint](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
-checks only.
+execution events to an agent which is configured as [command endpoint](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
+for check execution.
 
 The [Endpoint](09-object-types.md#objecttype-endpoint) object attribute `log_duration` can
 be lower or set to 0 to fully disable any log replay updates when the
-client is not connected.
+agent is not connected.
 
 Configuration on the master node `icinga2-master1.localdomain`:
 
-    [root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-master1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    //...
+//...
 
-    object Endpoint "icinga2-client1.localdomain" {
-      host = "192.168.56.111" //the master actively tries to connect to the client
-      log_duration = 0
-    }
+object Endpoint "icinga2-agent1.localdomain" {
+  host = "192.168.56.111" // The master actively tries to connect to the agent
+  log_duration = 0
+}
 
-    object Endpoint "icinga2-client2.localdomain" {
-      host = "192.168.56.112" //the master actively tries to connect to the client
-      log_duration = 0
-    }
+object Endpoint "icinga2-agent2.localdomain" {
+  host = "192.168.56.112" // The master actively tries to connect to the agent
+  log_duration = 0
+}
+```
 
-Configuration on the client `icinga2-client1.localdomain`:
+Configuration on the agent `icinga2-agent1.localdomain`:
 
-    [root@icinga2-client1.localdomain /]# vim /etc/icinga2/zones.conf
+```
+[root@icinga2-agent1.localdomain /]# vim /etc/icinga2/zones.conf
 
-    //...
+//...
 
-    object Endpoint "icinga2-master1.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-      log_duration = 0
-    }
+object Endpoint "icinga2-master1.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+  log_duration = 0
+}
 
-    object Endpoint "icinga2-master2.localdomain" {
-      //do not actively connect to the master by leaving out the 'host' attribute
-      log_duration = 0
-    }
+object Endpoint "icinga2-master2.localdomain" {
+  // Do not actively connect to the master by leaving out the 'host' attribute
+  log_duration = 0
+}
+```
 
-### CSR auto-signing with HA and multiple Level Cluster <a id="distributed-monitoring-advanced-hints-csr-autosigning-ha-satellites"></a>
+### Initial Sync for new Endpoints in a Zone <a id="distributed-monitoring-advanced-hints-initial-sync"></a>
 
-If you are using two masters in a High-Availability setup it can be necessary
-to allow both to sign requested certificates. Ensure to safely sync the following
-details in private:
+> **Note**
+>
+> This is required if you decide to change an already running single endpoint production
+> environment into a HA-enabled cluster zone with two endpoints.
+> The [initial setup](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-clients)
+> with 2 HA masters doesn't require this step.
 
-* `TicketSalt` constant in `constants.conf`.
-* `var/lib/icinga2/ca` directory.
+In order to make sure that all of your zone endpoints have the same state you need
+to pick the authoritative running one and copy the following content:
 
-This also helps if you are using a [three level cluster](06-distributed-monitoring.md#distributed-monitoring-scenarios-master-satellite-client)
-and your client nodes are not able to reach the CSR auto-signing master node(s).
-Make sure that the directory permissions for `/var/lib/icinga2/ca` are secure
-(not world readable).
+* State file from `/var/lib/icinga2/icinga2.state`
+* Internal config package for runtime created objects (downtimes, comments, hosts, etc.) at `/var/lib/icinga2/api/packages/_api`
 
-**Do not expose these private keys to anywhere else. This is a matter of security.**
+If you need already deployed config packages from the Director, or synced cluster zones,
+you can also sync the entire `/var/lib/icinga2/api/packages` directory. This directory should also be
+included in your [backup strategy](02-installation.md#install-backup).
+
+Do **not** sync `/var/lib/icinga2/api/zones*` manually - this is an internal directory
+and handled by the Icinga cluster config sync itself.
+
+> **Note**
+>
+> Ensure that all endpoints are shut down during this procedure. Once you have
+> synced the cached files, proceed with configuring the remaining endpoints
+> to let them know about the new master/satellite node (zones.conf).
 
 ### Manual Certificate Creation <a id="distributed-monitoring-advanced-hints-certificates-manual"></a>
 
@@ -2497,7 +3194,9 @@ Choose the host which should store the certificate authority (one of the master
 The first step is the creation of the certificate authority (CA) by running the following command
 as root user:
 
-    [root@icinga2-master1.localdomain /root]# icinga2 pki new-ca
+```
+[root@icinga2-master1.localdomain /root]# icinga2 pki new-ca
+```
 
 #### Create CSR and Certificate <a id="distributed-monitoring-advanced-hints-certificates-manual-create"></a>
 
@@ -2517,11 +3216,6 @@ Sign the CSR with the previously created CA:
 
 Repeat the steps for all instances in your setup.
 
-> **Note**
->
-> The certificate location changed in v2.8 to `/var/lib/icinga2/certs`. Please read the [upgrading chapter](16-upgrading-icinga-2.md#upgrading-to-2-8-certificate-paths)
-> for more details.
-
 #### Copy Certificates <a id="distributed-monitoring-advanced-hints-certificates-manual-copy"></a>
 
 Copy the host's certificate files and the public CA certificate to `/var/lib/icinga2/certs`:
@@ -2576,15 +3270,17 @@ These are collected best practices from various community channels.
 
 If you prefer an alternate method, we still recommend leaving all the Icinga 2 features intact (e.g. `icinga2 feature enable api`).
 You should also use well known and documented default configuration file locations (e.g. `zones.conf`).
-This will tremendously help when someone is trying to help in the [community channels](https://www.icinga.com/community/get-involved/).
+This will tremendously help when someone is trying to help in the [community channels](https://icinga.com/community/).
 
 
 ### Silent Windows Setup <a id="distributed-monitoring-automation-windows-silent"></a>
 
-If you want to install the client silently/unattended, use the `/qn` modifier. The
+If you want to install the agent silently/unattended, use the `/qn` modifier. The
 installation should not trigger a restart, but if you want to be completely sure, you can use the `/norestart` modifier.
 
-    C:> msiexec /i C:\Icinga2-v2.5.0-x86.msi /qn /norestart
+```
+C:> msiexec /i C:\Icinga2-v2.5.0-x86.msi /qn /norestart
+```
 
 Once the setup is completed you can use the `node setup` cli command too.
 
@@ -2618,7 +3314,9 @@ Example:
 In case you want to bind the `ApiListener` object to a specific
 host/port you can specify it like this:
 
-    --listen 192.68.56.101,5665
+```
+--listen 192.68.56.101,5665
+```
 
 In case you don't need anything in `conf.d`, use the following command line:
 
@@ -2626,19 +3324,18 @@ In case you don't need anything in `conf.d`, use the following command line:
 [root@icinga2-master1.localdomain /]# icinga2 node setup --master --disable-confd
 ```
 
+<!-- Keep this for compatibility -->
+<a id="distributed-monitoring-automation-cli-node-setup-satellite-client"></a>
 
-#### Node Setup with Satellites/Clients <a id="distributed-monitoring-automation-cli-node-setup-satellite-client"></a>
-
-> **Note**
->
-> The certificate location changed in v2.8 to `/var/lib/icinga2/certs`. Please read the [upgrading chapter](16-upgrading-icinga-2.md#upgrading-to-2-8-certificate-paths)
-> for more details.
+#### Node Setup with Agents/Satellites <a id="distributed-monitoring-automation-cli-node-setup-agent-satellite"></a>
 
 Make sure that the `/var/lib/icinga2/certs` directory exists and is owned by the `icinga`
 user (or the user Icinga 2 is running as).
 
-    [root@icinga2-client1.localdomain /]# mkdir -p /var/lib/icinga2/certs
-    [root@icinga2-client1.localdomain /]# chown -R icinga:icinga /var/lib/icinga2/certs
+```
+[root@icinga2-agent1.localdomain /]# mkdir -p /var/lib/icinga2/certs
+[root@icinga2-agent1.localdomain /]# chown -R icinga:icinga /var/lib/icinga2/certs
+```
 
 First you'll need to generate a new local self-signed certificate.
 Pass the following details to the `pki new-cert` CLI command:
@@ -2650,9 +3347,11 @@ Pass the following details to the `pki new-cert` CLI command:
 
 Example:
 
-    [root@icinga2-client1.localdomain /]# icinga2 pki new-cert --cn icinga2-client1.localdomain \
-    --key /var/lib/icinga2/certs/icinga2-client1.localdomain.key \
-    --cert /var/lib/icinga2/certs/icinga2-client1.localdomain.crt
+```
+[root@icinga2-agent1.localdomain /]# icinga2 pki new-cert --cn icinga2-agent1.localdomain \
+--key /var/lib/icinga2/certs/icinga2-agent1.localdomain.key \
+--cert /var/lib/icinga2/certs/icinga2-agent1.localdomain.crt
+```
 
 Request the master certificate from the master host (`icinga2-master1.localdomain`)
 and store it as `trusted-master.crt`. Review it and continue.
@@ -2667,12 +3366,14 @@ Pass the following details to the `pki save-cert` CLI command:
 
 Example:
 
-    [root@icinga2-client1.localdomain /]# icinga2 pki save-cert --key /var/lib/icinga2/certs/icinga2-client1.localdomain.key \
-    --cert /var/lib/icinga2/certs/icinga2-client1.localdomain.crt \
-    --trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
-    --host icinga2-master1.localdomain
+```
+[root@icinga2-agent1.localdomain /]# icinga2 pki save-cert --key /var/lib/icinga2/certs/icinga2-agent1.localdomain.key \
+--cert /var/lib/icinga2/certs/icinga2-agent1.localdomain.crt \
+--trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
+--host icinga2-master1.localdomain
+```
 
-Continue with the additional node setup step. Specify a local endpoint and zone name (`icinga2-client1.localdomain`)
+Continue with the additional node setup step. Specify a local endpoint and zone name (`icinga2-agent1.localdomain`)
 and set the master host (`icinga2-master1.localdomain`) as parent zone configuration. Specify the path to
 the previously stored trusted master certificate.
 
@@ -2685,7 +3386,7 @@ Pass the following details to the `node setup` CLI command:
   Trusted master certificate | **Required.** Add the previously fetched trusted master certificate (this step means that you've verified its origin).
   Parent host         | **Optional.** FQDN or IP address of the parent host. This is where the command connects for CSR signing. If not specified, you need to manually copy the parent's public CA certificate file into `/var/lib/icinga2/certs/ca.crt` in order to start Icinga 2.
   Parent endpoint     | **Required.** Specify the parent's endpoint name.
-  Client zone name    | **Required.** Specify the client's zone name.
+  Local zone name    | **Required.** Specify the agent/satellite zone name.
   Parent zone name    | **Optional.** Specify the parent's zone name.
   Accept config       | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)).
   Accept commands     | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)).
@@ -2694,15 +3395,15 @@ Pass the following details to the `node setup` CLI command:
 
 > **Note**
 >
-> The `master_host` parameter is deprecated and will be removed in 2.10.0. Please use `--parent_host` instead.
+> The `master_host` parameter is deprecated and will be removed. Please use `--parent_host` instead.
 
-Example for Icinga 2 v2.9:
+Example:
 
 ```
-[root@icinga2-client1.localdomain /]# icinga2 node setup --ticket ead2d570e18c78abf285d6b85524970a0f69c22d \
---cn icinga2-client1.localdomain \
+[root@icinga2-agent1.localdomain /]# icinga2 node setup --ticket ead2d570e18c78abf285d6b85524970a0f69c22d \
+--cn icinga2-agent1.localdomain \
 --endpoint icinga2-master1.localdomain \
---zone icinga2-client1.localdomain \
+--zone icinga2-agent1.localdomain \
 --parent_zone master \
 --parent_host icinga2-master1.localdomain \
 --trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
@@ -2710,26 +3411,32 @@ Example for Icinga 2 v2.9:
 --disable-confd
 ```
 
-In case the client should connect to the master node, you'll
+In case the agent/satellite should connect to the master node, you'll
 need to modify the `--endpoint` parameter using the format `cn,host,port`:
 
-    --endpoint icinga2-master1.localdomain,192.168.56.101,5665
+```
+--endpoint icinga2-master1.localdomain,192.168.56.101,5665
+```
 
 Specify the parent zone using the `--parent_zone` parameter. This is useful
-if the client connects to a satellite, not the master instance.
+if the agent connects to a satellite, not the master instance.
 
-    --parent_zone satellite
+```
+--parent_zone satellite
+```
 
-In case the client should know the additional global zone `linux-templates`, you'll
+In case the agent should know the additional global zone `linux-templates`, you'll
 need to set the `--global-zones` parameter.
 
-    --global_zones linux-templates
+```
+--global_zones linux-templates
+```
 
 The `--parent-host` parameter is optional since v2.9 and allows you to perform a connection-less setup.
 You cannot restart Icinga 2 yet, the CLI command asked to to manually copy the parent's public CA
 certificate file in `/var/lib/icinga2/certs/ca.crt`. Once Icinga 2 is started, it sends
 a ticket signing request to the parent node. If you have provided a ticket, the master node
-signs the request and sends it back to the client which performs a certificate update in-memory.
+signs the request and sends it back to the agent/satellite which performs a certificate update in-memory.
 
 In case you did not provide a ticket, you need to manually sign the CSR on the master node
 which holds the CA's key pair.
@@ -2737,58 +3444,95 @@ which holds the CA's key pair.
 
 **You can find additional best practices below.**
 
-Add an additional global zone. Please note the `>>` append mode.
-
-    [root@icinga2-client1.localdomain /]# cat <<EOF >>/etc/icinga2/zones.conf
-    object Zone "global-templates" {
-      global = true
-    }
-    EOF
-
-Note: Packages >= 2.8 provide this configuration by default.
-
-If this client node is configured as [remote command endpoint execution](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
+If this agent node is configured as [remote command endpoint execution](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
 you can safely disable the `checker` feature. The `node setup` CLI command already disabled the `notification` feature.
 
-    [root@icinga2-client1.localdomain /]# icinga2 feature disable checker
+```
+[root@icinga2-agent1.localdomain /]# icinga2 feature disable checker
+```
 
 Disable "conf.d" inclusion if this is a [top down](06-distributed-monitoring.md#distributed-monitoring-top-down)
-configured client.
+configured agent.
 
-    [root@icinga2-client1.localdomain /]# sed -i 's/include_recursive "conf.d"/\/\/include_recursive "conf.d"/g' /etc/icinga2/icinga2.conf
+```
+[root@icinga2-agent1.localdomain /]# sed -i 's/include_recursive "conf.d"/\/\/include_recursive "conf.d"/g' /etc/icinga2/icinga2.conf
+```
+
+**Note**: This is the default since v2.9.
 
 **Optional**: Add an ApiUser object configuration for remote troubleshooting.
 
-    [root@icinga2-client1.localdomain /]# cat <<EOF >/etc/icinga2/conf.d/api-users.conf
-    object ApiUser "root" {
-      password = "clientsupersecretpassword"
-      permissions = ["*"]
-    }
-    EOF
+```
+[root@icinga2-agent1.localdomain /]# cat <<EOF >/etc/icinga2/conf.d/api-users.conf
+object ApiUser "root" {
+  password = "agentsupersecretpassword"
+  permissions = ["*"]
+}
+EOF
+```
 
 In case you've previously disabled the "conf.d" directory only
 add the file file `conf.d/api-users.conf`:
 
-    [root@icinga2-client1.localdomain /]# echo 'include "conf.d/api-users.conf"' >> /etc/icinga2/icinga2.conf
+```
+[root@icinga2-agent1.localdomain /]# echo 'include "conf.d/api-users.conf"' >> /etc/icinga2/icinga2.conf
+```
 
 Finally restart Icinga 2.
 
-    [root@icinga2-client1.localdomain /]# systemctl restart icinga2
+```
+[root@icinga2-agent1.localdomain /]# systemctl restart icinga2
+```
 
 Your automation tool must then configure master node in the meantime.
-Add the global zone `global-templates` in case it did not exist.
 
-    # cat <<EOF >>/etc/icinga2/zones.conf
-    object Endpoint "icinga2-client1.localdomain" {
-      //client connects itself
-    }
+```
+# cat <<EOF >>/etc/icinga2/zones.conf
+object Endpoint "icinga2-agent1.localdomain" {
+  // Agent connects itself
+}
 
-    object Zone "icinga2-client1.localdomain" {
-      endpoints = [ "icinga2-client1.localdomain" ]
-      parent = "master"
-    }
+object Zone "icinga2-agent1.localdomain" {
+  endpoints = [ "icinga2-agent1.localdomain" ]
+  parent = "master"
+}
 
-    object Zone "global-templates" {
-      global = true
-    }
-    EOF
+EOF
+```
+
+## Using Multiple Environments <a id="distributed-monitoring-environments"></a>
+
+> **Note**
+>
+> This documentation only covers the basics. Full functionality requires a not yet released addon.
+
+In some cases it can be desired to run multiple Icinga instances on the same host.
+Two potential scenarios include:
+
+* Different versions of the same monitoring configuration (e.g. production and testing)
+* Disparate sets of checks for entirely unrelated monitoring environments (e.g. infrastructure and applications)
+
+The configuration is done with the global constants `ApiBindHost` and `ApiBindPort`
+or the `bind_host` and `bind_port` attributes of the
+[ApiListener](09-object-types.md#objecttype-apilistener) object.
+
+The environment must be set with the global constant `Environment` or as object attribute
+of the [IcingaApplication](09-object-types.md#objecttype-icingaapplication) object.
+
+In any case the constant is default value for the attribute and the direct configuration in the objects
+have more precedence. The constants have been added to allow the values being set from the CLI on startup.
+
+When Icinga establishes a TLS connection to another cluster instance it automatically uses the [SNI extension](https://en.wikipedia.org/wiki/Server_Name_Indication)
+to signal which endpoint it is attempting to connect to. On its own this can already be used to position multiple
+Icinga instances behind a load balancer.
+
+SNI example: `icinga2-agent1.localdomain`
+
+However, if the environment is configured to `production`, Icinga appends the environment name to the SNI hostname like this:
+
+SNI example with environment: `icinga2-agent1.localdomain:production`
+
+Middleware like loadbalancers or TLS proxies can read the SNI header and route the connection to the appropriate target.
+I.e., it uses a single externally-visible TCP port (usually 5665) and forwards connections to one or more Icinga
+instances which are bound to a local TCP port. It does so by inspecting the environment name that is sent as part of the
+SNI extension.
diff --git a/doc/07-agent-based-monitoring.md b/doc/07-agent-based-monitoring.md
index e2597a341..4d2802b07 100644
--- a/doc/07-agent-based-monitoring.md
+++ b/doc/07-agent-based-monitoring.md
@@ -1,181 +1,221 @@
-# Additional Agent-based Checks <a id="agent-based-checks-addon"></a>
+# Agent-based Checks <a id="agent-based-checks-addon"></a>
 
 If the remote services are not directly accessible through the network, a
 local agent installation exposing the results to check queries can
 become handy.
 
+Prior to installing and configuration an agent service, evaluate possible
+options based on these requirements:
+
+* Security (authentication, TLS certificates, secure connection handling, etc.)
+* Connection direction
+    * Master/satellite can execute commands directly or
+    * Agent sends back passive/external check results
+* Availability on specific OS types and versions
+    * Packages available
+* Configuration and initial setup
+* Updates and maintenance, compatibility
+
+Available agent types:
+
+* [Icinga Agent](07-agent-based-monitoring.md#agent-based-checks-icinga) on Linux/Unix and Windows
+* [SSH](07-agent-based-monitoring.md#agent-based-checks-ssh) on Linux/Unix
+* [SNMP](07-agent-based-monitoring.md#agent-based-checks-snmp) on Linux/Unix and hardware
+* [SNMP Traps](07-agent-based-monitoring.md#agent-based-checks-snmp-traps) as passive check results
+* [REST API](07-agent-based-monitoring.md#agent-based-checks-rest-api) for passive external check results
+* [NSClient++](07-agent-based-monitoring.md#agent-based-checks-nsclient) and [WMI](07-agent-based-monitoring.md#agent-based-checks-wmi) on Windows
+
+
+## Icinga Agent <a id="agent-based-checks-icinga"></a>
+
+For the most common setups on Linux/Unix and Windows, we recommend
+to setup the Icinga agent in a [distributed environment](06-distributed-monitoring.md#distributed-monitoring).
+
+![Icinga 2 Distributed Master with Agents](images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_with_agents.png)
+
+Key benefits:
+
+* Directly integrated into the distributed monitoring stack of Icinga
+* Works on Linux/Unix and Windows
+* Secure communication with TLS
+* Connection can be established from both sides. Once connected, command execution and check results are exchanged.
+    * Master/satellite connects to agent
+    * Agent connects to parent satellite/master
+* Same configuration language and binaries
+* Troubleshooting docs and community best practices
+
+Follow the setup and configuration instructions [here](06-distributed-monitoring.md#distributed-monitoring-setup-agent-satellite).
+
+On Windows hosts, the Icinga agent can query a local NSClient++ service
+for additional checks in case there are no plugins available. The NSCP
+installer is bundled with Icinga and can be installed with the setup wizard.
+
+![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_01.png)
+
+## SSH <a id="agent-based-checks-ssh"></a>
+
+> **Tip**
+>
+> This is the recommended way for systems where the Icinga agent is not available
+> Be it specific hardware architectures, old systems or forbidden to install an additional software.
+
+This method uses the SSH service on the remote host to execute
+an arbitrary plugin command line. The output and exit code is
+returned and used by the core.
+
+The `check_by_ssh` plugin takes care of this. It is available in the
+[Monitoring Plugins package](02-installation.md#setting-up-check-plugins).
+For your convenience, the Icinga template library provides the [by_ssh](10-icinga-template-library.md#plugin-check-command-by-ssh)
+CheckCommand already.
+
+### SSH: Preparations <a id="agent-based-checks-ssh-preparations"></a>
+
+SSH key pair for the Icinga daemon user. In case the user has no shell, temporarily enable this.
+When asked for a passphrase, **do not set it** and press enter.
+
+```
+sudo su - icinga
+
+ssh-keygen -b 4096 -t rsa -C "icinga@$(hostname) user for check_by_ssh" -f $HOME/.ssh/id_rsa
+```
+
+On the remote agent, create the icinga user and generate a temporary password.
+
+```
+useradd -m icinga
+passwd icinga
+```
+
+Copy the public key from the Icinga server to the remote agent, e.g. with `ssh-copy-id`
+or manually into `/home/icinga/.ssh/authorized_keys`.
+This will ask for the password once.
+
+```
+sudo su - icinga
+
+ssh-copy-id -i $HOME/.ssh/id_rsa icinga@ssh-agent1.localdomain
+```
+
+After the SSH key is copied, test at the connection **at least once** and
+accept the host key verification. If you forget about this step, checks will
+become UNKNOWN later.
+
+```
+ssh -i $HOME/.ssh/id_rsa icinga@ssh-agent1.localdomain
+```
+
+After the SSH key login works, disable the previously enabled logins.
+
+* Remote agent user's password with `passwd -l icinga`
+* Local icinga user terminal
+
+Also, ensure that the permissions are correct for the `.ssh` directory
+as otherwise logins will fail.
+
+* `.ssh` directory: 700
+* `.ssh/id_rsa.pub` public key file: 644
+* `.ssh/id_rsa` private key file: 600
+
+
+### SSH: Configuration <a id="agent-based-checks-ssh-config"></a>
+
+First, create a host object which has SSH configured and enabled.
+Mark this e.g. with the custom variable `agent_type` to later
+use this for service apply rule matches. Best practice is to
+store that in a specific template, either in the static configuration
+or inside the Director.
+
+```
+template Host "ssh-agent" {
+  check_command = "hostalive"
+
+  vars.agent_type = "ssh"
+  vars.os_type = "linux"
+}
+
+object Host "ssh-agent1.localdomain" {
+  import "ssh-agent"
+
+  address = "192.168.56.115"
+}
+```
+
+Example for monitoring the remote users:
+
+```
+apply Service "users" {
+  check_command = "by_ssh"
+
+  vars.by_ssh_command = [ "/usr/lib/nagios/plugins/check_users" ]
+
+  // Follows the same principle as with command arguments, e.g. for ordering
+  vars.by_ssh_arguments = {
+    "-w" = {
+      value = "$users_wgreater$" // Can reference an existing custom variable defined on the host or service, evaluated at runtime
+    }
+    "-c" = {
+      value = "$users_cgreater$"
+    }
+  }
+
+  vars.users_wgreater = 3
+  vars.users_cgreater = 5
+
+  assign where host.vars.os_type == "linux" && host.vars.agent_type == "ssh"
+}
+```
+
+A more advanced example with better arguments is shown in [this blogpost](https://www.netways.de/blog/2016/03/21/check_by_ssh-mit-icinga-2/).
+
+
 ## SNMP <a id="agent-based-checks-snmp"></a>
 
-The SNMP daemon runs on the remote system and answers SNMP queries by plugin
-binaries. The [Monitoring Plugins package](02-getting-started.md#setting-up-check-plugins) ships
+The SNMP daemon runs on the remote system and answers SNMP queries by plugin scripts.
+The [Monitoring Plugins package](02-installation.md#setting-up-check-plugins) provides
 the `check_snmp` plugin binary, but there are plenty of [existing plugins](05-service-monitoring.md#service-monitoring-plugins)
 for specific use cases already around, for example monitoring Cisco routers.
 
-The following example uses the [SNMP ITL](10-icinga-template-library.md#plugin-check-command-snmp) `CheckCommand` and just
-overrides the `snmp_oid` custom attribute. A service is created for all hosts which
-have the `snmp-community` custom attribute.
+The following example uses the [SNMP ITL](10-icinga-template-library.md#plugin-check-command-snmp)
+CheckCommand and sets the `snmp_oid` custom variable. A service is created for all hosts which
+have the `snmp-community` custom variable.
 
-    apply Service "uptime" {
-      import "generic-service"
+```
+template Host "snmp-agent" {
+  check_command = "hostalive"
 
-      check_command = "snmp"
-      vars.snmp_oid = "1.3.6.1.2.1.1.3.0"
-      vars.snmp_miblist = "DISMAN-EVENT-MIB"
+  vars.agent_type = "snmp"
 
-      assign where host.vars.snmp_community != ""
-    }
+  vars.snmp_community = "public-icinga"
+}
 
-Additional SNMP plugins are available using the [Manubulon SNMP Plugins](10-icinga-template-library.md#snmp-manubulon-plugin-check-commands).
+object Host "snmp-agent1.localdomain" {
+  import "snmp-agent"
+}
+```
+
+```
+apply Service "uptime" {
+  import "generic-service"
+
+  check_command = "snmp"
+  vars.snmp_oid = "1.3.6.1.2.1.1.3.0"
+  vars.snmp_miblist = "DISMAN-EVENT-MIB"
+
+  assign where host.vars.agent_type == "snmp" && host.vars.snmp_community != ""
+}
+```
 
 If no `snmp_miblist` is specified, the plugin will default to `ALL`. As the number of available MIB files
 on the system increases so will the load generated by this plugin if no `MIB` is specified.
 As such, it is recommended to always specify at least one `MIB`.
 
-## SSH <a id="agent-based-checks-ssh"></a>
+Additional SNMP plugins are available using the [Manubulon SNMP Plugins](10-icinga-template-library.md#snmp-manubulon-plugin-check-commands).
 
-Calling a plugin using the SSH protocol to execute a plugin on the remote server fetching
-its return code and output. The `by_ssh` command object is part of the built-in templates and
-requires the `check_by_ssh` check plugin which is available in the [Monitoring Plugins package](02-getting-started.md#setting-up-check-plugins).
-
-    object CheckCommand "by_ssh_swap" {
-      import "by_ssh"
-
-      vars.by_ssh_command = "/usr/lib/nagios/plugins/check_swap -w $by_ssh_swap_warn$ -c $by_ssh_swap_crit$"
-      vars.by_ssh_swap_warn = "75%"
-      vars.by_ssh_swap_crit = "50%"
-    }
-
-    object Service "swap" {
-      import "generic-service"
-
-      host_name = "remote-ssh-host"
-
-      check_command = "by_ssh_swap"
-
-      vars.by_ssh_logname = "icinga"
-    }
-
-## NSClient++ <a id="agent-based-checks-nsclient"></a>
-
-[NSClient++](https://nsclient.org/) works on both Windows and Linux platforms and is well
-known for its magnificent Windows support. There are alternatives like the WMI interface,
-but using `NSClient++` will allow you to run local scripts similar to check plugins fetching
-the required output and performance counters.
-
-You can use the `check_nt` plugin from the Monitoring Plugins project to query NSClient++.
-Icinga 2 provides the [nscp check command](10-icinga-template-library.md#plugin-check-command-nscp) for this:
-
-Example:
-
-    object Service "disk" {
-      import "generic-service"
-
-      host_name = "remote-windows-host"
-
-      check_command = "nscp"
-
-      vars.nscp_variable = "USEDDISKSPACE"
-      vars.nscp_params = "c"
-      vars.nscp_warn = 70
-      vars.nscp_crit = 80
-    }
-
-For details on the `NSClient++` configuration please refer to the [official documentation](https://docs.nsclient.org/).
-
-## NSCA-NG <a id="agent-based-checks-nsca-ng"></a>
-
-[NSCA-ng](http://www.nsca-ng.org) provides a client-server pair that allows the
-remote sender to push check results into the Icinga 2 `ExternalCommandListener`
-feature.
-
-> **Note**
->
-> This addon works in a similar fashion like the Icinga 1.x distributed model. If you
-> are looking for a real distributed architecture with Icinga 2, scroll down.
-
-## NRPE <a id="agent-based-checks-nrpe"></a>
-
-[NRPE](https://docs.icinga.com/latest/en/nrpe.html) runs as daemon on the remote client including
-the required plugins and command definitions.
-Icinga 2 calls the `check_nrpe` plugin binary in order to query the configured command on the
-remote client.
-
-> **Note**
->
-> The NRPE protocol is considered insecure and has multiple flaws in its
-> design. Upstream is not willing to fix these issues.
->
-> In order to stay safe, please use the native [Icinga 2 client](06-distributed-monitoring.md#distributed-monitoring)
-> instead.
-
-The NRPE daemon uses its own configuration format in nrpe.cfg while `check_nrpe`
-can be embedded into the Icinga 2 `CheckCommand` configuration syntax.
-
-You can use the `check_nrpe` plugin from the NRPE project to query the NRPE daemon.
-Icinga 2 provides the [nrpe check command](10-icinga-template-library.md#plugin-check-command-nrpe) for this:
-
-Example:
-
-    object Service "users" {
-      import "generic-service"
-
-      host_name = "remote-nrpe-host"
-
-      check_command = "nrpe"
-      vars.nrpe_command = "check_users"
-    }
-
-nrpe.cfg:
-
-    command[check_users]=/usr/local/icinga/libexec/check_users -w 5 -c 10
-
-If you are planning to pass arguments to NRPE using the `-a`
-command line parameter, make sure that your NRPE daemon has them
-supported and enabled.
-
-> **Note**
->
-> Enabling command arguments in NRPE is considered harmful
-> and exposes a security risk allowing attackers to execute
-> commands remotely. Details at [seclists.org](http://seclists.org/fulldisclosure/2014/Apr/240).
-
-The plugin check command `nrpe` provides the `nrpe_arguments` custom
-attribute which expects either a single value or an array of values.
-
-Example:
-
-    object Service "nrpe-disk-/" {
-      import "generic-service"
-
-      host_name = "remote-nrpe-host"
-
-      check_command = "nrpe"
-      vars.nrpe_command = "check_disk"
-      vars.nrpe_arguments = [ "20%", "10%", "/" ]
-    }
-
-Icinga 2 will execute the nrpe plugin like this:
-
-    /usr/lib/nagios/plugins/check_nrpe -H <remote-nrpe-host> -c 'check_disk' -a '20%' '10%' '/'
-
-NRPE expects all additional arguments in an ordered fashion
-and interprets the first value as `$ARG1$` macro, the second
-value as `$ARG2$`, and so on.
-
-nrpe.cfg:
-
-    command[check_disk]=/usr/local/icinga/libexec/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
-
-Using the above example with `nrpe_arguments` the command
-executed by the NRPE daemon looks similar to that:
-
-    /usr/local/icinga/libexec/check_disk -w 20% -c 10% -p /
-
-You can pass arguments in a similar manner to [NSClient++](07-agent-based-monitoring.md#agent-based-checks-nsclient)
-when using its NRPE supported check method.
+For network monitoring, community members advise to use [nwc_health](05-service-monitoring.md#service-monitoring-network)
+for example.
 
 
-## Passive Check Results and SNMP Traps <a id="agent-based-checks-snmp-traps"></a>
+## SNMP Traps and Passive Check Results <a id="agent-based-checks-snmp-traps"></a>
 
 SNMP Traps can be received and filtered by using [SNMPTT](http://snmptt.sourceforge.net/)
 and specific trap handlers passing the check results to Icinga 2.
@@ -193,14 +233,16 @@ state or from a missed reset event.
 
 Add a directive in `snmptt.conf`
 
-    EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
-    FORMAT Device reinitialized (coldStart)
-    EXEC echo "[$@] PROCESS_SERVICE_CHECK_RESULT;$A;Coldstart;2;The snmp agent has reinitialized." >> /var/run/icinga2/cmd/icinga2.cmd
-    SDESC
-    A coldStart trap signifies that the SNMPv2 entity, acting
-    in an agent role, is reinitializing itself and that its
-    configuration may have been altered.
-    EDESC
+```
+EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
+FORMAT Device reinitialized (coldStart)
+EXEC echo "[$@] PROCESS_SERVICE_CHECK_RESULT;$A;Coldstart;2;The snmp agent has reinitialized." >> /var/run/icinga2/cmd/icinga2.cmd
+SDESC
+A coldStart trap signifies that the SNMPv2 entity, acting
+in an agent role, is reinitializing itself and that its
+configuration may have been altered.
+EDESC
+```
 
 1. Define the `EVENT` as per your need.
 2. Construct the `EXEC` statement with the service name matching your template
@@ -208,107 +250,123 @@ applied to your _n_ hosts. The host address inferred by SNMPTT will be the
 correlating factor. You can have snmptt provide host names or ip addresses to
 match your Icinga convention.
 
+> **Note**
+>
+> Replace the deprecated command pipe EXEC statement with a curl call
+> to the REST API action [process-check-result](12-icinga2-api.md#icinga2-api-actions-process-check-result).
+
 Add an `EventCommand` configuration object for the passive service auto reset event.
 
-    object EventCommand "coldstart-reset-event" {
-      command = [ SysconfDir + "/icinga2/conf.d/custom/scripts/coldstart_reset_event.sh" ]
+```
+object EventCommand "coldstart-reset-event" {
+  command = [ ConfigDir + "/conf.d/custom/scripts/coldstart_reset_event.sh" ]
 
-      arguments = {
-        "-i" = "$service.state_id$"
-        "-n" = "$host.name$"
-        "-s" = "$service.name$"
-      }
-    }
+  arguments = {
+    "-i" = "$service.state_id$"
+    "-n" = "$host.name$"
+    "-s" = "$service.name$"
+  }
+}
+```
 
 Create the `coldstart_reset_event.sh` shell script to pass the expanded variable
 data in. The `$service.state_id$` is important in order to prevent an endless loop
 of event firing after the service has been reset.
 
-    #!/bin/bash
+```
+#!/bin/bash
 
-    SERVICE_STATE_ID=""
-    HOST_NAME=""
-    SERVICE_NAME=""
+SERVICE_STATE_ID=""
+HOST_NAME=""
+SERVICE_NAME=""
 
-    show_help()
-    {
-    cat <<-EOF
-    	Usage: ${0##*/} [-h] -n HOST_NAME -s SERVICE_NAME
-    	Writes a coldstart reset event to the Icinga command pipe.
+show_help()
+{
+cat <<-EOF
+	Usage: ${0##*/} [-h] -n HOST_NAME -s SERVICE_NAME
+	Writes a coldstart reset event to the Icinga command pipe.
 
-    	  -h                  Display this help and exit.
-    	  -i SERVICE_STATE_ID The associated service state id.
-    	  -n HOST_NAME        The associated host name.
-    	  -s SERVICE_NAME     The associated service name.
-    EOF
-    }
+	  -h                  Display this help and exit.
+	  -i SERVICE_STATE_ID The associated service state id.
+	  -n HOST_NAME        The associated host name.
+	  -s SERVICE_NAME     The associated service name.
+EOF
+}
 
-    while getopts "hi:n:s:" opt; do
-        case "$opt" in
-          h)
-              show_help
-              exit 0
-              ;;
-          i)
-              SERVICE_STATE_ID=$OPTARG
-              ;;
-          n)
-              HOST_NAME=$OPTARG
-              ;;
-          s)
-              SERVICE_NAME=$OPTARG
-              ;;
-          '?')
-              show_help
-              exit 0
-              ;;
-          esac
-    done
+while getopts "hi:n:s:" opt; do
+    case "$opt" in
+      h)
+          show_help
+          exit 0
+          ;;
+      i)
+          SERVICE_STATE_ID=$OPTARG
+          ;;
+      n)
+          HOST_NAME=$OPTARG
+          ;;
+      s)
+          SERVICE_NAME=$OPTARG
+          ;;
+      '?')
+          show_help
+          exit 0
+          ;;
+      esac
+done
 
-    if [ -z "$SERVICE_STATE_ID" ]; then
-        show_help
-        printf "\n  Error: -i required.\n"
-        exit 1
-    fi
+if [ -z "$SERVICE_STATE_ID" ]; then
+    show_help
+    printf "\n  Error: -i required.\n"
+    exit 1
+fi
 
-    if [ -z "$HOST_NAME" ]; then
-        show_help
-        printf "\n  Error: -n required.\n"
-        exit 1
-    fi
+if [ -z "$HOST_NAME" ]; then
+    show_help
+    printf "\n  Error: -n required.\n"
+    exit 1
+fi
 
-    if [ -z "$SERVICE_NAME" ]; then
-        show_help
-        printf "\n  Error: -s required.\n"
-        exit 1
-    fi
+if [ -z "$SERVICE_NAME" ]; then
+    show_help
+    printf "\n  Error: -s required.\n"
+    exit 1
+fi
 
-    if [ "$SERVICE_STATE_ID" -gt 0 ]; then
-        echo "[`date +%s`] PROCESS_SERVICE_CHECK_RESULT;$HOST_NAME;$SERVICE_NAME;0;Auto-reset (`date +"%m-%d-%Y %T"`)." >> /var/run/icinga2/cmd/icinga2.cmd
-    fi
+if [ "$SERVICE_STATE_ID" -gt 0 ]; then
+    echo "[`date +%s`] PROCESS_SERVICE_CHECK_RESULT;$HOST_NAME;$SERVICE_NAME;0;Auto-reset (`date +"%m-%d-%Y %T"`)." >> /var/run/icinga2/cmd/icinga2.cmd
+fi
+```
+
+> **Note**
+>
+> Replace the deprecated command pipe EXEC statement with a curl call
+> to the REST API action [process-check-result](12-icinga2-api.md#icinga2-api-actions-process-check-result).
 
 Finally create the `Service` and assign it:
 
-    apply Service "Coldstart" {
-      import "generic-service-custom"
+```
+apply Service "Coldstart" {
+  import "generic-service-custom"
 
-      check_command         = "dummy"
-      event_command         = "coldstart-reset-event"
+  check_command         = "dummy"
+  event_command         = "coldstart-reset-event"
 
-      enable_notifications  = 1
-      enable_active_checks  = 0
-      enable_passive_checks = 1
-      enable_flapping       = 0
-      volatile              = 1
-      enable_perfdata       = 0
+  enable_notifications  = 1
+  enable_active_checks  = 0
+  enable_passive_checks = 1
+  enable_flapping       = 0
+  volatile              = 1
+  enable_perfdata       = 0
 
-      vars.dummy_state      = 0
-      vars.dummy_text       = "Manual reset."
+  vars.dummy_state      = 0
+  vars.dummy_text       = "Manual reset."
 
-      vars.sla              = "24x7"
+  vars.sla              = "24x7"
 
-      assign where (host.vars.os == "Linux" || host.vars.os == "Windows")
-    }
+  assign where (host.vars.os == "Linux" || host.vars.os == "Windows")
+}
+```
 
 ### Complex SNMP Traps <a id="complex-traps"></a>
 
@@ -321,39 +379,109 @@ As long as the most recent passive update has occurred, the active check is bypa
 
 Add a directive in `snmptt.conf`
 
-    EVENT enterpriseSpecific <YOUR OID> "Status Events" Normal
-    FORMAT Enterprise specific trap
-    EXEC echo "[$@] PROCESS_SERVICE_CHECK_RESULT;$A;$1;$2;$3" >> /var/run/icinga2/cmd/icinga2.cmd
-    SDESC
-    An enterprise specific trap.
-    The varbinds in order denote the Icinga service name, state and text.
-    EDESC
+```
+EVENT enterpriseSpecific <YOUR OID> "Status Events" Normal
+FORMAT Enterprise specific trap
+EXEC echo "[$@] PROCESS_SERVICE_CHECK_RESULT;$A;$1;$2;$3" >> /var/run/icinga2/cmd/icinga2.cmd
+SDESC
+An enterprise specific trap.
+The varbinds in order denote the Icinga service name, state and text.
+EDESC
+```
 
 1. Define the `EVENT` as per your need using your actual oid.
 2. The service name, state and text are extracted from the first three varbinds.
 This has the advantage of accommodating an unlimited set of use cases.
 
+> **Note**
+>
+> Replace the deprecated command pipe EXEC statement with a curl call
+> to the REST API action [process-check-result](12-icinga2-api.md#icinga2-api-actions-process-check-result).
+
 Create a `Service` for the specific use case associated to the host. If the host
 matches and the first varbind value is `Backup`, SNMPTT will submit the corresponding
 passive update with the state and text from the second and third varbind:
 
-    object Service "Backup" {
-      import "generic-service-custom"
+```
+object Service "Backup" {
+  import "generic-service-custom"
 
-      host_name             = "host.domain.com"
-      check_command         = "dummy"
+  host_name             = "host.domain.com"
+  check_command         = "dummy"
 
-      enable_notifications  = 1
-      enable_active_checks  = 1
-      enable_passive_checks = 1
-      enable_flapping       = 0
-      volatile              = 1
-      max_check_attempts    = 1
-      check_interval        = 87000
-      enable_perfdata       = 0
+  enable_notifications  = 1
+  enable_active_checks  = 1
+  enable_passive_checks = 1
+  enable_flapping       = 0
+  volatile              = 1
+  max_check_attempts    = 1
+  check_interval        = 87000
+  enable_perfdata       = 0
+
+  vars.sla              = "24x7"
+  vars.dummy_state      = 2
+  vars.dummy_text       = "No passive check result received."
+}
+```
+
+
+## Agents sending Check Results via REST API <a id="agent-based-checks-rest-api"></a>
+
+Whenever the remote agent cannot run the Icinga agent, or a backup script
+should just send its current state after finishing, you can use the [REST API](12-icinga2-api.md#icinga2-api)
+as secure transport and send [passive external check results](08-advanced-topics.md#external-check-results).
+
+Use the [process-check-result](12-icinga2-api.md#icinga2-api-actions-process-check-result) API action to send the external passive check result.
+You can either use `curl` or implement the HTTP requests in your preferred programming
+language. Examples for API clients are available in [this chapter](12-icinga2-api.md#icinga2-api-clients).
+
+Feeding check results from remote hosts requires the host/service
+objects configured on the master/satellite instance.
+
+## NSClient++ on Windows <a id="agent-based-checks-nsclient"></a>
+
+[NSClient++](https://nsclient.org/) works on both Windows and Linux platforms and is well
+known for its magnificent Windows support. There are alternatives like the WMI interface,
+but using `NSClient++` will allow you to run local scripts similar to check plugins fetching
+the required output and performance counters.
+
+> **Tip**
+>
+> Best practice is to use the Icinga agent as secure execution
+> bridge (`check_nt` and `check_nrpe` are considered insecure)
+> and query the NSClient++ service [locally](06-distributed-monitoring.md#distributed-monitoring-windows-nscp).
+
+You can use the `check_nt` plugin from the Monitoring Plugins project to query NSClient++.
+Icinga 2 provides the [nscp check command](10-icinga-template-library.md#plugin-check-command-nscp) for this:
+
+Example:
+
+```
+object Service "disk" {
+  import "generic-service"
+
+  host_name = "remote-windows-host"
+
+  check_command = "nscp"
+
+  vars.nscp_variable = "USEDDISKSPACE"
+  vars.nscp_params = "c"
+  vars.nscp_warn = 70
+  vars.nscp_crit = 80
+}
+```
+
+For details on the `NSClient++` configuration please refer to the [official documentation](https://docs.nsclient.org/).
+
+## WMI on Windows <a id="agent-based-checks-wmi"></a>
+
+The most popular plugin is [check_wmi_plus](http://edcint.co.nz/checkwmiplus/).
+
+> Check WMI Plus uses the Windows Management Interface (WMI) to check for common services (cpu, disk, sevices, eventlog…) on Windows machines. It requires the open source wmi client for Linux.
+
+Community examples:
+
+* [Icinga 2 check_wmi_plus example by 18pct](http://18pct.com/icinga2-check_wmi_plus-example/)
+* [Agent-less monitoring with WMI](https://www.devlink.de/linux/icinga2-nagios-agentless-monitoring-von-windows/)
 
-      vars.sla              = "24x7"
-      vars.dummy_state      = 2
-      vars.dummy_text       = "No passive check result received."
-    }
 
diff --git a/doc/08-advanced-topics.md b/doc/08-advanced-topics.md
index c51a303d7..fe427abfb 100644
--- a/doc/08-advanced-topics.md
+++ b/doc/08-advanced-topics.md
@@ -206,14 +206,6 @@ the `check_period` attribute. Or a notification should be sent to
 users or not, filtered by the `period` and `notification_period`
 configuration attributes for `Notification` and `User` objects.
 
-> **Note**
->
-> If you are familiar with Icinga 1.x, these time period definitions
-> are called `legacy timeperiods` in Icinga 2.
->
-> An Icinga 2 legacy timeperiod requires the `ITL` provided template
->`legacy-timeperiod`.
-
 The `TimePeriod` attribute `ranges` may contain multiple directives,
 including weekdays, days of the month, and calendar dates.
 These types may overlap/override other types in your ranges dictionary.
@@ -231,78 +223,97 @@ If you don't set any `check_period` or `notification_period` attribute
 on your configuration objects, Icinga 2 assumes `24x7` as time period
 as shown below.
 
-    object TimePeriod "24x7" {
-      import "legacy-timeperiod"
-
-      display_name = "Icinga 2 24x7 TimePeriod"
-      ranges = {
-        "monday"    = "00:00-24:00"
-        "tuesday"   = "00:00-24:00"
-        "wednesday" = "00:00-24:00"
-        "thursday"  = "00:00-24:00"
-        "friday"    = "00:00-24:00"
-        "saturday"  = "00:00-24:00"
-        "sunday"    = "00:00-24:00"
-      }
-    }
+```
+object TimePeriod "24x7" {
+  display_name = "Icinga 2 24x7 TimePeriod"
+  ranges = {
+    "monday"    = "00:00-24:00"
+    "tuesday"   = "00:00-24:00"
+    "wednesday" = "00:00-24:00"
+    "thursday"  = "00:00-24:00"
+    "friday"    = "00:00-24:00"
+    "saturday"  = "00:00-24:00"
+    "sunday"    = "00:00-24:00"
+  }
+}
+```
 
 If your operation staff should only be notified during workhours,
 create a new timeperiod named `workhours` defining a work day from
 09:00 to 17:00.
 
-    object TimePeriod "workhours" {
-      import "legacy-timeperiod"
+```
+object TimePeriod "workhours" {
+  display_name = "Icinga 2 8x5 TimePeriod"
+  ranges = {
+    "monday"    = "09:00-17:00"
+    "tuesday"   = "09:00-17:00"
+    "wednesday" = "09:00-17:00"
+    "thursday"  = "09:00-17:00"
+    "friday"    = "09:00-17:00"
+  }
+}
+```
 
-      display_name = "Icinga 2 8x5 TimePeriod"
-      ranges = {
-        "monday"    = "09:00-17:00"
-        "tuesday"   = "09:00-17:00"
-        "wednesday" = "09:00-17:00"
-        "thursday"  = "09:00-17:00"
-        "friday"    = "09:00-17:00"
-      }
-    }
+### Across midnight <a id="timeperiods-across-midnight"></a>
 
-Furthermore if you wish to specify a notification period across midnight,
+If you want to specify a notification period across midnight,
 you can define it the following way:
 
-    object Timeperiod "across-midnight" {
-      import "legacy-timeperiod"
+```
+object Timeperiod "across-midnight" {
+  display_name = "Nightly Notification"
+  ranges = {
+    "saturday" = "22:00-24:00"
+    "sunday" = "00:00-03:00"
+  }
+}
+```
 
-      display_name = "Nightly Notification"
-      ranges = {
-        "saturday" = "22:00-24:00"
-        "sunday" = "00:00-03:00"
-      }
-    }
+Starting with v2.11 this can be shortened to using
+the first day as start with an overlapping range into
+the next day:
+
+```
+object Timeperiod "do-not-disturb" {
+  display_name = "Weekend DND"
+  ranges = {
+    "saturday" = "22:00-06:00"
+  }
+}
+```
+
+### Across several days, weeks or months <a id="timeperiods-across-days-weeks-months"></a>
 
 Below you can see another example for configuring timeperiods across several
 days, weeks or months. This can be useful when taking components offline
 for a distinct period of time.
 
-    object Timeperiod "standby" {
-      import "legacy-timeperiod"
-
-      display_name = "Standby"
-      ranges = {
-        "2016-09-30 - 2016-10-30" = "00:00-24:00"
-      }
-    }
+```
+object Timeperiod "standby" {
+  display_name = "Standby"
+  ranges = {
+    "2016-09-30 - 2016-10-30" = "00:00-24:00"
+  }
+}
+```
 
 Please note that the spaces before and after the dash are mandatory.
 
 Once your time period is configured you can Use the `period` attribute
 to assign time periods to `Notification` and `Dependency` objects:
 
-    object Notification "mail" {
-      import "generic-notification"
+```
+apply Notification "mail-icingaadmin" to Service {
+  import "mail-service-notification"
+  user_groups = host.vars.notification.mail.groups
+  users = host.vars.notification.mail.users
 
-      host_name = "localhost"
+  period = "workhours"
 
-      command = "mail-notification"
-      users = [ "icingaadmin" ]
-      period = "workhours"
-    }
+  assign where host.vars.notification.mail
+}
+```
 
 ### Time Periods Inclusion and Exclusion <a id="timeperiods-includes-excludes"></a>
 
@@ -319,53 +330,53 @@ preferred.
 The following example defines a time period called `holidays` where
 notifications should be suppressed:
 
-    object TimePeriod "holidays" {
-      import "legacy-timeperiod"
-
-      ranges = {
-        "january 1" = "00:00-24:00"                 //new year's day
-        "july 4" = "00:00-24:00"                    //independence day
-        "december 25" = "00:00-24:00"               //christmas
-        "december 31" = "18:00-24:00"               //new year's eve (6pm+)
-        "2017-04-16" = "00:00-24:00"                //easter 2017
-        "monday -1 may" = "00:00-24:00"             //memorial day (last monday in may)
-        "monday 1 september" = "00:00-24:00"        //labor day (1st monday in september)
-        "thursday 4 november" = "00:00-24:00"       //thanksgiving (4th thursday in november)
-      }
-    }
+```
+object TimePeriod "holidays" {
+  ranges = {
+    "january 1" = "00:00-24:00"                 //new year's day
+    "july 4" = "00:00-24:00"                    //independence day
+    "december 25" = "00:00-24:00"               //christmas
+    "december 31" = "18:00-24:00"               //new year's eve (6pm+)
+    "2017-04-16" = "00:00-24:00"                //easter 2017
+    "monday -1 may" = "00:00-24:00"             //memorial day (last monday in may)
+    "monday 1 september" = "00:00-24:00"        //labor day (1st monday in september)
+    "thursday 4 november" = "00:00-24:00"       //thanksgiving (4th thursday in november)
+  }
+}
+```
 
 In addition to that the time period `weekends` defines an additional
 time window which should be excluded from notifications:
 
-    object TimePeriod "weekends-excluded" {
-      import "legacy-timeperiod"
-
-      ranges = {
-        "saturday"  = "00:00-09:00,18:00-24:00"
-        "sunday"    = "00:00-09:00,18:00-24:00"
-      }
-    }
+```
+object TimePeriod "weekends-excluded" {
+  ranges = {
+    "saturday"  = "00:00-09:00,18:00-24:00"
+    "sunday"    = "00:00-09:00,18:00-24:00"
+  }
+}
+```
 
 The time period `prod-notification` defines the default time ranges
 and adds the excluded time period names as an array.
 
-    object TimePeriod "prod-notification" {
-      import "legacy-timeperiod"
+```
+object TimePeriod "prod-notification" {
+  excludes = [ "holidays", "weekends-excluded" ]
 
-      excludes = [ "holidays", "weekends-excluded" ]
+  ranges = {
+    "monday"    = "00:00-24:00"
+    "tuesday"   = "00:00-24:00"
+    "wednesday" = "00:00-24:00"
+    "thursday"  = "00:00-24:00"
+    "friday"    = "00:00-24:00"
+    "saturday"  = "00:00-24:00"
+    "sunday"    = "00:00-24:00"
+  }
+}
+```
 
-      ranges = {
-        "monday"    = "00:00-24:00"
-        "tuesday"   = "00:00-24:00"
-        "wednesday" = "00:00-24:00"
-        "thursday"  = "00:00-24:00"
-        "friday"    = "00:00-24:00"
-        "saturday"  = "00:00-24:00"
-        "sunday"    = "00:00-24:00"
-      }
-    }
-
-## External Check Results <a id="external-check-results"></a>
+## External Passive Check Results <a id="external-check-results"></a>
 
 Hosts or services which do not actively execute a check plugin to receive
 the state and output are called "passive checks" or "external check results".
@@ -393,12 +404,16 @@ In Icinga 2 active check freshness is enabled by default. It is determined by th
 
 The threshold is calculated based on the last check execution time for actively executed checks:
 
-    (last check execution time + check interval) > current time
+```
+(last check execution time + check interval) > current time
+```
 
 If this host/service receives check results from an [external source](08-advanced-topics.md#external-check-results),
 the threshold is based on the last time a check result was received:
 
-    (last check result time + check interval) > current time
+```
+(last check result time + check interval) > current time
+```
 
 > **Tip**
 >
@@ -443,13 +458,12 @@ Icinga 2 supports optional detection of hosts and services that are "flapping".
 
 Flapping occurs when a service or host changes state too frequently, which would result in a storm of problem and
 recovery notifications. With flapping detection enabled a flapping notification will be sent while other notifications are
-suppresed until it calms down after receiving the same status from checks a few times. Flapping detection can help detect
-
-configuration problems (wrong thresholds), troublesome services, or network problems.
+suppressed until it calms down after receiving the same status from checks a few times. Flapping detection can help detect
+configuration problems (wrong thresholds), troublesome services or network problems.
 
 Flapping detection can be enabled or disabled using the `enable_flapping` attribute.
 The `flapping_threshold_high` and `flapping_threshold_low` attributes allows to specify the thresholds that control
-when a [host](09-object-types.md#objecttype-host) or [service](objecttype-service) is considered to be flapping.
+when a [host](09-object-types.md#objecttype-host) or [service](09-object-types.md#objecttype-service) is considered to be flapping.
 
 The default thresholds are 30% for high and 25% for low. If the computed flapping value exceeds the high threshold a
 host or service is considered flapping until it drops below the low flapping threshold.
@@ -466,7 +480,7 @@ Icinga 2 saves the last 20 state changes for every host and service. See the gra
 
 ![Icinga 2 Flapping State Timeline](images/advanced-topics/flapping-state-graph.png)
 
-All the states ware weighted, with the most recent one being worth the most (1.15) and the 20th the least (0.8). The
+All the states are weighted, with the most recent one being worth the most (1.15) and the 20th the least (0.8). The
 states in between are fairly distributed. The final flapping value are the weighted state changes divided by the total
 count of 20.
 
@@ -515,7 +529,7 @@ System		| Memory, Swap			| [mem](10-icinga-template-library.md#plugin-contrib-co
 System		| Hardware			| [hpasm](10-icinga-template-library.md#plugin-contrib-command-hpasm), [ipmi-sensor](10-icinga-template-library.md#plugin-contrib-command-ipmi-sensor)
 System		| Virtualization		| [VMware](10-icinga-template-library.md#plugin-contrib-vmware), [esxi_hardware](10-icinga-template-library.md#plugin-contrib-command-esxi-hardware)
 System		| Processes			| [procs](10-icinga-template-library.md#plugin-check-command-processes), [service-windows](10-icinga-template-library.md#windows-plugins) (Windows Client)
-System		| System Activity Reports	| [check_sar_perf](https://github.com/dnsmichi/icinga-plugins/blob/master/scripts/check_sar_perf.py)
+System		| System Activity Reports	| [sar-perf](10-icinga-template-library.md#plugin-contrib-command-sar-perf)
 System		| I/O				| [iostat](10-icinga-template-library.md#plugin-contrib-command-iostat)
 System		| Network interfaces		| [nwc_health](10-icinga-template-library.md#plugin-contrib-command-nwc_health), [interfaces](10-icinga-template-library.md#plugin-contrib-command-interfaces)
 System		| Users				| [users](10-icinga-template-library.md#plugin-check-command-users), [users-windows](10-icinga-template-library.md#windows-plugins) (Windows Client)
@@ -528,8 +542,8 @@ Database	| MySQL				| [mysql_health](10-icinga-template-library.md#plugin-contri
 Database	| PostgreSQL			| [postgres](10-icinga-template-library.md#plugin-contrib-command-postgres)
 Database	| Housekeeping			| Check the database size and growth and analyse metrics to examine trends.
 Database	| DB IDO			| [ido](10-icinga-template-library.md#itl-icinga-ido) (more below)
-Webserver	| Apache2, Nginx, etc.		| [http](10-icinga-template-library.md#plugin-check-command-http), [apache_status](10-icinga-template-library.md#plugin-contrib-command-apache_status), [nginx_status](10-icinga-template-library.md#plugin-contrib-command-nginx_status)
-Webserver	| Certificates			| [http](10-icinga-template-library.md#plugin-check-command-http)
+Webserver	| Apache2, Nginx, etc.		| [http](10-icinga-template-library.md#plugin-check-command-http), [apache-status](10-icinga-template-library.md#plugin-contrib-command-apache-status), [nginx_status](10-icinga-template-library.md#plugin-contrib-command-nginx_status)
+Webserver	| Certificates			| [http](10-icinga-template-library.md#plugin-check-command-http), [Icinga certificate monitoring](https://icinga.com/products/icinga-certificate-monitoring/)
 Webserver	| Authorization			| [http](10-icinga-template-library.md#plugin-check-command-http)
 Notifications	| Mail (queue)			| [smtp](10-icinga-template-library.md#plugin-check-command-smtp), [mailq](10-icinga-template-library.md#plugin-check-command-mailq)
 Notifications	| SMS (GSM modem)		| [check_sms3_status](https://exchange.icinga.com/netways/check_sms3status)
@@ -564,7 +578,10 @@ apply Service "ido-mysql" {
 More specific database queries can be found in the [DB IDO](14-features.md#db-ido) chapter.
 
 Distributed setups should include specific [health checks](06-distributed-monitoring.md#distributed-monitoring-health-checks).
-You might also want to add additional checks for SSL certificate expiration.
+
+You might also want to add additional checks for TLS certificate expiration.
+This can be done using the [Icinga certificate monitoring](https://icinga.com/products/icinga-certificate-monitoring/) module.
+
 
 
 ## Advanced Configuration Hints <a id="advanced-configuration-hints"></a>
@@ -573,7 +590,7 @@ You might also want to add additional checks for SSL certificate expiration.
 
 [Apply rules](03-monitoring-basics.md#using-apply) can be used to create a rule set which is
 entirely based on host objects and their attributes.
-In addition to that [apply for and custom attribute override](03-monitoring-basics.md#using-apply-for)
+In addition to that [apply for and custom variable override](03-monitoring-basics.md#using-apply-for)
 extend the possibilities.
 
 The following example defines a dictionary on the host object which contains
@@ -586,67 +603,71 @@ In addition to that you can optionally define the `ssl` attribute which enables
 
 Host definition:
 
-    object Host "webserver01" {
-      import "generic-host"
-      address = "192.168.56.200"
-      vars.os = "Linux"
+```
+object Host "webserver01" {
+  import "generic-host"
+  address = "192.168.56.200"
+  vars.os = "Linux"
 
-      vars.webserver = {
-        instance["status"] = {
-          address = "192.168.56.201"
-          port = "80"
-          url = "/status"
-        }
-        instance["tomcat"] = {
-          address = "192.168.56.202"
-          port = "8080"
-        }
-        instance["icingaweb2"] = {
-          address = "192.168.56.210"
-          port = "443"
-          url = "/icingaweb2"
-          ssl = true
-        }
-      }
+  vars.webserver = {
+    instance["status"] = {
+      address = "192.168.56.201"
+      port = "80"
+      url = "/status"
     }
+    instance["tomcat"] = {
+      address = "192.168.56.202"
+      port = "8080"
+    }
+    instance["icingaweb2"] = {
+      address = "192.168.56.210"
+      port = "443"
+      url = "/icingaweb2"
+      ssl = true
+    }
+  }
+}
+```
 
 Service apply for definitions:
 
-    apply Service "webserver_ping" for (instance => config in host.vars.webserver.instance) {
-      display_name = "webserver_" + instance
-      check_command = "ping4"
+```
+apply Service "webserver_ping" for (instance => config in host.vars.webserver.instance) {
+  display_name = "webserver_" + instance
+  check_command = "ping4"
 
-      vars.ping_address = config.address
+  vars.ping_address = config.address
 
-      assign where host.vars.webserver.instance
-    }
+  assign where host.vars.webserver.instance
+}
 
-    apply Service "webserver_port" for (instance => config in host.vars.webserver.instance) {
-      display_name = "webserver_" + instance + "_" + config.port
-      check_command = "tcp"
+apply Service "webserver_port" for (instance => config in host.vars.webserver.instance) {
+  display_name = "webserver_" + instance + "_" + config.port
+  check_command = "tcp"
 
-      vars.tcp_address = config.address
-      vars.tcp_port = config.port
+  vars.tcp_address = config.address
+  vars.tcp_port = config.port
 
-      assign where host.vars.webserver.instance
-    }
+  assign where host.vars.webserver.instance
+}
 
-    apply Service "webserver_url" for (instance => config in host.vars.webserver.instance) {
-      display_name = "webserver_" + instance + "_" + config.url
-      check_command = "http"
+apply Service "webserver_url" for (instance => config in host.vars.webserver.instance) {
+  display_name = "webserver_" + instance + "_" + config.url
+  check_command = "http"
 
-      vars.http_address = config.address
-      vars.http_port = config.port
-      vars.http_uri = config.url
+  vars.http_address = config.address
+  vars.http_port = config.port
+  vars.http_uri = config.url
 
-      if (config.ssl) {
-        vars.http_ssl = config.ssl
-      }
+  if (config.ssl) {
+    vars.http_ssl = config.ssl
+  }
 
-      assign where config.url != ""
-    }
+  assign where config.url != ""
+}
+```
 
-The variables defined in the host dictionary are not using the typical custom attribute
+The variables defined in the host dictionary are not using the typical custom variable
 prefix recommended for CheckCommand parameters. Instead they are re-used for multiple
 service checks in this example.
 In addition to defining check parameters this way, you can also enrich the `display_name`
@@ -656,7 +677,7 @@ attribute with more details. This will be shown in in Icinga Web 2 for example.
 
 There is a limited scope where functions can be used as object attributes such as:
 
-* As value for [Custom Attributes](03-monitoring-basics.md#custom-attributes-functions)
+* As value for [Custom Variables](03-monitoring-basics.md#custom-variables-functions)
 * Returning boolean expressions for [set_if](08-advanced-topics.md#use-functions-command-arguments-setif) inside command arguments
 * Returning a [command](08-advanced-topics.md#use-functions-command-attribute) array inside command objects
 
@@ -665,7 +686,7 @@ The other way around you can create objects dynamically using your own global fu
 > **Note**
 >
 > Functions called inside command objects share the same global scope as runtime macros.
-> Therefore you can access host custom attributes like `host.vars.os`, or any other
+> Therefore you can access host custom variables like `host.vars.os`, or any other
 > object attribute from inside the function definition used for [set_if](08-advanced-topics.md#use-functions-command-arguments-setif) or [command](08-advanced-topics.md#use-functions-command-attribute).
 
 Tips when implementing functions:
@@ -681,7 +702,7 @@ inside the `icinga2.log` file depending in your log severity
 in objects and other functions. Keep in mind that these functions are not marked
 as side-effect-free and as such are not available via the REST API.
 
-Add a new configuration file `functions.conf` and include it into the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf)
+Add a new configuration file `functions.conf` and include it into the [icinga2.conf](04-configuration.md#icinga2-conf)
 configuration file in the very beginning, e.g. after `constants.conf`. You can also manage global
 functions inside `constants.conf` if you prefer.
 
@@ -721,7 +742,7 @@ to connect to the REST API.
 
 ```
 $ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/'
-Icinga 2 (version: v2.8.1-373-g4bea6d25c)
+Icinga 2 (version: v2.11.0)
 <1> => globals.state_to_string(1)
 "Warning"
 <2> => state_to_string(2)
@@ -763,25 +784,27 @@ slightly unexpected way. The following example shows how to assign values
 depending on group membership. All hosts in the `slow-lan` host group use 300
 as value for `ping_wrta`, all other hosts use 100.
 
-    globals.group_specific_value = function(group, group_value, non_group_value) {
-        return function() use (group, group_value, non_group_value) {
-            if (group in host.groups) {
-                return group_value
-            } else {
-                return non_group_value
-            }
+```
+globals.group_specific_value = function(group, group_value, non_group_value) {
+    return function() use (group, group_value, non_group_value) {
+        if (group in host.groups) {
+            return group_value
+        } else {
+            return non_group_value
         }
     }
+}
 
-    apply Service "ping4" {
-        import "generic-service"
-        check_command = "ping4"
+apply Service "ping4" {
+    import "generic-service"
+    check_command = "ping4"
 
-        vars.ping_wrta = group_specific_value("slow-lan", 300, 100)
-        vars.ping_crta = group_specific_value("slow-lan", 500, 200)
+    vars.ping_wrta = group_specific_value("slow-lan", 300, 100)
+    vars.ping_crta = group_specific_value("slow-lan", 500, 200)
 
-        assign where true
-    }
+    assign where true
+}
+```
 
 #### Use Functions in Assign Where Expressions <a id="use-functions-assign-where"></a>
 
@@ -797,81 +820,85 @@ The following example requires the host `myprinter` being added
 to the host group `printers-lexmark` but only if the host uses
 a template matching the name `lexmark*`.
 
-    template Host "lexmark-printer-host" {
-      vars.printer_type = "Lexmark"
+```
+template Host "lexmark-printer-host" {
+  vars.printer_type = "Lexmark"
+}
+
+object Host "myprinter" {
+  import "generic-host"
+  import "lexmark-printer-host"
+
+  address = "192.168.1.1"
+}
+
+/* register a global function for the assign where call */
+globals.check_host_templates = function(host, search) {
+  /* iterate over all host templates and check if the search matches */
+  for (tmpl in host.templates) {
+    if (match(search, tmpl)) {
+      return true
     }
+  }
 
-    object Host "myprinter" {
-      import "generic-host"
-      import "lexmark-printer-host"
-
-      address = "192.168.1.1"
-    }
-
-    /* register a global function for the assign where call */
-    globals.check_host_templates = function(host, search) {
-      /* iterate over all host templates and check if the search matches */
-      for (tmpl in host.templates) {
-        if (match(search, tmpl)) {
-          return true
-        }
-      }
-
-      /* nothing matched */
-      return false
-    }
-
-    object HostGroup "printers-lexmark" {
-      display_name = "Lexmark Printers"
-      /* call the global function and pass the arguments */
-      assign where check_host_templates(host, "lexmark*")
-    }
+  /* nothing matched */
+  return false
+}
 
+object HostGroup "printers-lexmark" {
+  display_name = "Lexmark Printers"
+  /* call the global function and pass the arguments */
+  assign where check_host_templates(host, "lexmark*")
+}
+```
 
 Take a different more complex example: All hosts with the
-custom attribute `vars_app` as nested dictionary should be
+custom variable `vars_app` as nested dictionary should be
 added to the host group `ABAP-app-server`. But only if the
 `app_type` for all entries is set to `ABAP`.
 
 It could read as wildcard match for nested dictionaries:
 
+```
     where host.vars.vars_app["*"].app_type == "ABAP"
+```
 
 The solution for this problem is to register a global
 function which checks the `app_type` for all hosts
 with the `vars_app` dictionary.
 
-    object Host "appserver01" {
-      check_command = "dummy"
-      vars.vars_app["ABC"] = { app_type = "ABAP" }
-    }
-    object Host "appserver02" {
-      check_command = "dummy"
-      vars.vars_app["DEF"] = { app_type = "ABAP" }
+```
+object Host "appserver01" {
+  check_command = "dummy"
+  vars.vars_app["ABC"] = { app_type = "ABAP" }
+}
+object Host "appserver02" {
+  check_command = "dummy"
+  vars.vars_app["DEF"] = { app_type = "ABAP" }
+}
+
+globals.check_app_type = function(host, type) {
+  /* ensure that other hosts without the custom variable do not match */
+  if (typeof(host.vars.vars_app) != Dictionary) {
+    return false
+  }
+
+  /* iterate over the vars_app dictionary */
+  for (key => val in host.vars.vars_app) {
+    /* if the value is a dictionary and if contains the app_type being the requested type */
+    if (typeof(val) == Dictionary && val.app_type == type) {
+      return true
     }
+  }
 
-    globals.check_app_type = function(host, type) {
-      /* ensure that other hosts without the custom attribute do not match */
-      if (typeof(host.vars.vars_app) != Dictionary) {
-        return false
-      }
-
-      /* iterate over the vars_app dictionary */
-      for (key => val in host.vars.vars_app) {
-        /* if the value is a dictionary and if contains the app_type being the requested type */
-        if (typeof(val) == Dictionary && val.app_type == type) {
-          return true
-        }
-      }
-
-      /* nothing matched */
-      return false
-    }
-
-    object HostGroup "ABAP-app-server" {
-      assign where check_app_type(host, "ABAP")
-    }
+  /* nothing matched */
+  return false
+}
 
+object HostGroup "ABAP-app-server" {
+  assign where check_app_type(host, "ABAP")
+}
+```
 
 #### Use Functions in Command Arguments set_if <a id="use-functions-command-arguments-setif"></a>
 
@@ -886,35 +913,39 @@ multiple conditions and attributes.
 The following example was found on the community support channels. The user had defined a host
 dictionary named `compellent` with the key `disks`. This was then used inside service apply for rules.
 
-    object Host "dict-host" {
-      check_command = "check_compellent"
-      vars.compellent["disks"] = {
-        file = "/var/lib/check_compellent/san_disks.0.json",
-        checks = ["disks"]
-      }
-    }
+```
+object Host "dict-host" {
+  check_command = "check_compellent"
+  vars.compellent["disks"] = {
+    file = "/var/lib/check_compellent/san_disks.0.json",
+    checks = ["disks"]
+  }
+}
+```
 
 The more significant problem was to only add the command parameter `--disk` to the plugin call
 when the dictionary `compellent` contains the key `disks`, and omit it if not found.
 
 By defining `set_if` as [abbreviated lambda function](17-language-reference.md#nullary-lambdas)
-and evaluating the host custom attribute `compellent` containing the `disks` this problem was
+and evaluating the host custom variable `compellent` containing the `disks` this problem was
 solved like this:
 
-    object CheckCommand "check_compellent" {
-      command   = [ "/usr/bin/check_compellent" ]
-      arguments   = {
-        "--disks"  = {
-          set_if = {{
-            var host_vars = host.vars
-            log(host_vars)
-            var compel = host_vars.compellent
-            log(compel)
-            compel.contains("disks")
-          }}
-        }
-      }
+```
+object CheckCommand "check_compellent" {
+  command   = [ "/usr/bin/check_compellent" ]
+  arguments   = {
+    "--disks"  = {
+      set_if = {{
+        var host_vars = host.vars
+        log(host_vars)
+        var compel = host_vars.compellent
+        log(compel)
+        compel.contains("disks")
+      }}
     }
+  }
+}
+```
 
 This implementation uses the dictionary type method [contains](18-library-reference.md#dictionary-contains)
 and will fail if `host.vars.compellent` is not of the type `Dictionary`.
@@ -922,35 +953,38 @@ Therefore you can extend the checks using the [typeof](17-language-reference.md#
 
 You can test the types using the `icinga2 console`:
 
-    # icinga2 console
-    Icinga (version: v2.3.0-193-g3eb55ad)
-    <1> => srv_vars.compellent["check_a"] = { file="outfile_a.json", checks = [ "disks", "fans" ] }
-    null
-    <2> => srv_vars.compellent["check_b"] = { file="outfile_b.json", checks = [ "power", "voltages" ] }
-    null
-    <3> => typeof(srv_vars.compellent)
-    type 'Dictionary'
-    <4> =>
+```
+# icinga2 console
+Icinga (version: v2.3.0-193-g3eb55ad)
+<1> => srv_vars.compellent["check_a"] = { file="outfile_a.json", checks = [ "disks", "fans" ] }
+null
+<2> => srv_vars.compellent["check_b"] = { file="outfile_b.json", checks = [ "power", "voltages" ] }
+null
+<3> => typeof(srv_vars.compellent)
+type 'Dictionary'
+<4> =>
+```
 
 The more programmatic approach for `set_if` could look like this:
 
-        "--disks" = {
-          set_if = {{
-            var srv_vars = service.vars
-            if(len(srv_vars) > 0) {
-              if (typeof(srv_vars.compellent) == Dictionary) {
-                return srv_vars.compellent.contains("disks")
-              } else {
-                log(LogInformationen, "checkcommand set_if", "custom attribute compellent_checks is not a dictionary, ignoring it.")
-                return false
-              }
-            } else {
-              log(LogWarning, "checkcommand set_if", "empty custom attributes")
-              return false
-            }
-          }}
+```
+    "--disks" = {
+      set_if = {{
+        var srv_vars = service.vars
+        if(len(srv_vars) > 0) {
+          if (typeof(srv_vars.compellent) == Dictionary) {
+            return srv_vars.compellent.contains("disks")
+          } else {
+            log(LogInformationen, "checkcommand set_if", "custom variable compellent_checks is not a dictionary, ignoring it.")
+            return false
+          }
+        } else {
+          log(LogWarning, "checkcommand set_if", "empty custom variables")
+          return false
         }
-
+      }}
+    }
+```
 
 #### Use Functions as Command Attribute <a id="use-functions-command-attribute"></a>
 
@@ -959,53 +993,56 @@ or [EventCommands](09-object-types.md#objecttype-eventcommand) which does not re
 a returned checkresult including state/output.
 
 The following example was taken from the community support channels. The requirement was to
-specify a custom attribute inside the notification apply rule and decide which notification
+specify a custom variable inside the notification apply rule and decide which notification
 script to call based on that.
 
-    object User "short-dummy" {
-    }
+```
+object User "short-dummy" {
+}
 
-    object UserGroup "short-dummy-group" {
-      assign where user.name == "short-dummy"
-    }
+object UserGroup "short-dummy-group" {
+  assign where user.name == "short-dummy"
+}
 
-    apply Notification "mail-admins-short" to Host {
-       import "mail-host-notification"
-       command = "mail-host-notification-test"
-       user_groups = [ "short-dummy-group" ]
-       vars.short = true
-       assign where host.vars.notification.mail
-    }
+apply Notification "mail-admins-short" to Host {
+   import "mail-host-notification"
+   command = "mail-host-notification-test"
+   user_groups = [ "short-dummy-group" ]
+   vars.short = true
+   assign where host.vars.notification.mail
+}
+```
 
 The solution is fairly simple: The `command` attribute is implemented as function returning
 an array required by the caller Icinga 2.
 The local variable `mailscript` sets the default value for the notification scrip location.
-If the notification custom attribute `short` is set, it will override the local variable `mailscript`
+If the notification custom variable `short` is set, it will override the local variable `mailscript`
 with a new value.
 The `mailscript` variable is then used to compute the final notification command array being
 returned.
 
 You can omit the `log()` calls, they only help debugging.
 
-    object NotificationCommand "mail-host-notification-test" {
-      command = {{
-        log("command as function")
-        var mailscript = "mail-host-notification-long.sh"
-        if (notification.vars.short) {
-           mailscript = "mail-host-notification-short.sh"
-        }
-        log("Running command")
-        log(mailscript)
-
-        var cmd = [ SysconfDir + "/icinga2/scripts/" + mailscript ]
-        log(LogCritical, "me", cmd)
-        return cmd
-      }}
-
-      env = {
-      }
+```
+object NotificationCommand "mail-host-notification-test" {
+  command = {{
+    log("command as function")
+    var mailscript = "mail-host-notification-long.sh"
+    if (notification.vars.short) {
+       mailscript = "mail-host-notification-short.sh"
     }
+    log("Running command")
+    log(mailscript)
 
+    var cmd = [ ConfigDir + "/scripts/" + mailscript ]
+    log(LogCritical, "me", cmd)
+    return cmd
+  }}
+
+  env = {
+  }
+}
+```
 
 ### Access Object Attributes at Runtime <a id="access-object-attributes-at-runtime"></a>
 
@@ -1077,8 +1114,6 @@ time of the day compared to the defined time period.
 
 ```
 object TimePeriod "backup" {
-  import "legacy-timeperiod"
-
   ranges = {
     monday = "02:00-03:00"
     tuesday = "02:00-03:00"
@@ -1155,3 +1190,16 @@ Icinga 2 parses performance data strings returned by check plugins and makes the
   warn                      | Value                 | Warning threshold value.
   min                       | Value                 | Minimum value returned by the check.
   max                       | Value                 | Maximum value returned by the check.
+
+### NotificationResult <a id="advanced-value-types-notificationresult"></a>
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  exit\_status              | Number                | The exit status returned by the check execution.
+  output                    | String                | The notification command output.
+  execution\_endpoint       | String                | Name of the node executing the check.
+  command                   | Value                 | Array of command with shell-escaped arguments or command line string.
+  execution\_start          | Timestamp             | Check execution start time (as a UNIX timestamp).
+  execution\_end            | Timestamp             | Check execution end time (as a UNIX timestamp).
+  active                    | Boolean               | Whether the result is from an active or passive check.
+
diff --git a/doc/09-object-types.md b/doc/09-object-types.md
index 17b3444e1..6111ec0aa 100644
--- a/doc/09-object-types.md
+++ b/doc/09-object-types.md
@@ -1,4 +1,4 @@
-# Config Object Types <a id="object-types"></a>
+# Object Types <a id="object-types"></a>
 
 This chapter provides an overview of all available config object types which can be
 instantiated using the `object` keyword.
@@ -12,6 +12,14 @@ You should note that the `Timestamp` type is a `Number`.
 In addition to that `Object name` is an object reference to
 an existing object name as `String` type.
 
+## Overview <a id="object-types-overview"></a>
+
+* [Monitoring Objects](09-object-types.md#object-types-monitoring) such as host, service, etc.
+* [Runtime Objects](09-object-types.md#object-types-runtime) generated by Icinga itself.
+* [Features](09-object-types.md#object-types-features) available via `icinga2 feature` CLI command.
+
+## Common Runtime Attributes <a id="object-types-runtime-attributes"></a>
+
 Configuration objects share these runtime attributes which cannot be
 modified by the user. You can access these attributes using
 the [Icinga 2 API](12-icinga2-api.md#icinga2-api-config-objects).
@@ -27,74 +35,9 @@ the [Icinga 2 API](12-icinga2-api.md#icinga2-api-config-objects).
   package                   | String                | [Configuration package name](12-icinga2-api.md#icinga2-api-config-management) this object belongs to. Local configuration is set to `_etc`, runtime created objects use `_api`.
   source\_location          | Dictionary            | Location information where the configuration files are stored.
 
+## Monitoring Objects <a id="object-types-monitoring"></a>
 
-## ApiListener <a id="objecttype-apilistener"></a>
-
-ApiListener objects are used for distributed monitoring setups
-and API usage specifying the certificate files used for ssl
-authorization and additional restrictions.
-This configuration object is available as [api feature](11-cli-commands.md#cli-command-feature).
-
-The `TicketSalt` constant must be defined in [constants.conf](04-configuring-icinga-2.md#constants-conf).
-
-Example:
-
-```
-object ApiListener "api" {
-  accept_commands = true
-  accept_config = true
-
-  ticket_salt = TicketSalt
-}
-```
-
-Configuration Attributes:
-
-  Name                                  | Type                  | Description
-  --------------------------------------|-----------------------|----------------------------------
-  cert\_path                            | String                | **Deprecated.** Path to the public key.
-  key\_path                             | String                | **Deprecated.** Path to the private key.
-  ca\_path                              | String                | **Deprecated.** Path to the CA certificate file.
-  ticket\_salt                          | String                | **Optional.** Private key for [CSR auto-signing](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing). **Required** for a signing master instance.
-  crl\_path                             | String                | **Optional.** Path to the CRL file.
-  bind\_host                            | String                | **Optional.** The IP address the api listener should be bound to. Defaults to `0.0.0.0`.
-  bind\_port                            | Number                | **Optional.** The port the api listener should be bound to. Defaults to `5665`.
-  accept\_config                        | Boolean               | **Optional.** Accept zone configuration. Defaults to `false`.
-  accept\_commands                      | Boolean               | **Optional.** Accept remote commands. Defaults to `false`.
-  cipher\_list                          | String                | **Optional.** Cipher list that is allowed. For a list of available ciphers run `openssl ciphers`. Defaults to `ALL:!LOW:!WEAK:!MEDIUM:!EXP:!NULL`.
-  tls\_protocolmin                      | String                | **Optional.** Minimum TLS protocol version. Must be one of `TLSv1`, `TLSv1.1` or `TLSv1.2`. Defaults to `TLSv1`.
-  access\_control\_allow\_origin        | Array                 | **Optional.** Specifies an array of origin URLs that may access the API. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Origin)
-  access\_control\_allow\_credentials   | Boolean               | **Deprecated.** Indicates whether or not the actual request can be made using credentials. Defaults to `true`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials)
-  access\_control\_allow\_headers       | String                | **Deprecated.** Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Defaults to `Authorization`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers)
-  access\_control\_allow\_methods       | String                | **Deprecated.** Used in response to a preflight request to indicate which HTTP methods can be used when making the actual request. Defaults to `GET, POST, PUT, DELETE`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Methods)
-
-The attributes `access_control_allow_credentials`, `access_control_allow_headers` and `access_control_allow_methods`
-are controlled by Icinga 2 and are not changeable by config any more.
-
-
-The ApiListener type expects its certificate files to be in the following locations:
-
-  Type                 | Location
-  ---------------------|-------------------------------------
-  Private key          | `LocalStateDir + "/lib/icinga2/certs/" + NodeName + ".key"`
-  Certificate file     | `LocalStateDir + "/lib/icinga2/certs/" + NodeName + ".crt"`
-  CA certificate file  | `LocalStateDir + "/lib/icinga2/certs/ca.crt"`
-
-If the deprecated attributes `cert_path`, `key_path` and/or `ca_path` are specified Icinga 2
-copies those files to the new location in `LocalStateDir + "/lib/icinga2/certs"` unless the
-file(s) there are newer.
-
-Please check the [upgrading chapter](16-upgrading-icinga-2.md#upgrading-to-2-8-certificate-paths) for more details.
-
-While Icinga 2 and the underlying OpenSSL library use sane and secure defaults, the attributes
-`cipher_list` and `tls_protocolmin` can be used to increase communication security. A good source
-for a more secure configuration is provided by the [Mozilla Wiki](https://wiki.mozilla.org/Security/Server_Side_TLS).
-Ensure to use the same configuration for both attributes on **all** endpoints to avoid communication problems which
-requires to use `cipher_list` compatible with the endpoint using the oldest version of the OpenSSL library. If using
-other tools to connect to the API ensure also compatibility with them as this setting affects not only inter-cluster
-communcation but also the REST API.
-
-## ApiUser <a id="objecttype-apiuser"></a>
+### ApiUser <a id="objecttype-apiuser"></a>
 
 ApiUser objects are used for authentication against the [Icinga 2 API](12-icinga2-api.md#icinga2-api-authentication).
 
@@ -112,22 +55,17 @@ Configuration Attributes:
   Name                      | Type                  | Description
   --------------------------|-----------------------|----------------------------------
   password                  | String                | **Optional.** Password string. Note: This attribute is hidden in API responses.
-  password\_hash            | String                | **Optional.** A hashed password string in the form of /etc/shadow. Note: This attribute is hidden in API responses.
   client\_cn                | String                | **Optional.** Client Common Name (CN).
   permissions               | Array                 | **Required.** Array of permissions. Either as string or dictionary with the keys `permission` and `filter`. The latter must be specified as function.
 
 Available permissions are explained in the [API permissions](12-icinga2-api.md#icinga2-api-permissions)
 chapter.
 
-## CheckCommand <a id="objecttype-checkcommand"></a>
+### CheckCommand <a id="objecttype-checkcommand"></a>
 
-A check command definition. Additional default command custom attributes can be
+A check command definition. Additional default command custom variables can be
 defined here.
 
-> **Note**
->
-> Icinga 2 versions < 2.6.0 require the import of the [plugin-check-command](10-icinga-template-library.md#itl-plugin-check-command) template.
-
 Example:
 
 ```
@@ -170,168 +108,47 @@ Configuration Attributes:
   --------------------------|-----------------------|----------------------------------
   command                   | Array                 | **Required.** The command. This can either be an array of individual command arguments. Alternatively a string can be specified in which case the shell interpreter (usually /bin/sh) takes care of parsing the command. When using the "arguments" attribute this must be an array. Can be specified as function for advanced implementations.
   env                       | Dictionary            | **Optional.** A dictionary of macros which should be exported as environment variables prior to executing the command.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are specific to this command.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are specific to this command.
   timeout                   | Duration              | **Optional.** The command timeout in seconds. Defaults to `1m`.
   arguments                 | Dictionary            | **Optional.** A dictionary of command arguments.
 
 
-### CheckCommand Arguments <a id="objecttype-checkcommand-arguments"></a>
+#### CheckCommand Arguments <a id="objecttype-checkcommand-arguments"></a>
 
 Command arguments can be defined as key-value-pairs in the `arguments`
-dictionary. If the argument requires additional configuration, for example
-a `description` attribute or an optional condition, the value can be defined
-as dictionary specifying additional options.
-
-Service:
+dictionary. Best practice is to assign a dictionary as value which
+provides additional details such as the `description` next to the `value`.
 
 ```
-vars.x_val = "My command argument value."
-vars.have_x = "true"
-```
-
-CheckCommand:
-
-```
-arguments = {
-  "-X" = {
-    value = "$x_val$"
-    key = "-Xnew"	    /* optional, set a new key identifier */
-    description = "My plugin requires this argument for doing X."
-    required = false    /* optional, no error if not set */
-    skip_key = false    /* always use "-X <value>" */
-    set_if = "$have_x$" /* only set if variable defined and resolves to a numeric value. String values are not supported */
-    order = -1          /* first position */
-    repeat_key = true   /* if `value` is an array, repeat the key as parameter: ... 'key' 'value[0]' 'key' 'value[1]' 'key' 'value[2]' ... */
+  arguments = {
+    "--parameter" = {
+      description = "..."
+      value = "..."
+    }
   }
-  "-Y" = {
-    value = "$y_val$"
-    description = "My plugin requires this argument for doing Y."
-    required = false    /* optional, no error if not set */
-    skip_key = true     /* don't prefix "-Y" only use "<value>" */
-    set_if = "$have_y$" /* only set if variable defined and resolves to a numeric value. String values are not supported */
-    order = 0           /* second position */
-    repeat_key = false  /* if `value` is an array, do not repeat the key as parameter: ... 'key' 'value[0]' 'value[1]' 'value[2]' ... */
-  }
-}
 ```
 
+All available argument value entries are shown below:
+
   Name                      | Type                  | Description
   --------------------------|-----------------------|----------------------------------
-  value                     | String/Function       | Optional argument value set by a [runtime macro string](03-monitoring-basics.md#runtime-macros) or a [function call](17-language-reference.md#functions).
-  key 	                    | String                | Optional argument key overriding the key identifier.
-  description               | String                | Optional argument description.
-  required                  | Boolean               | Required argument. Execution error if not set. Defaults to false (optional).
-  skip\_key                 | Boolean               | Use the value as argument and skip the key.
-  set\_if                   | String/Function       | Argument is added if the [runtime macro string](03-monitoring-basics.md#runtime-macros) resolves to a defined numeric or boolean value. String values are not supported. [Function calls](17-language-reference.md#functions) returning a value are supported too.
-  order                     | Number                | Set if multiple arguments require a defined argument order.
-  repeat\_key               | Boolean               | If the argument value is an array, repeat the argument key, or not. Defaults to true (repeat).
+  value                     | String/Function       | Optional argument value set by a [runtime macro string](03-monitoring-basics.md#runtime-macros) or a [function call](17-language-reference.md#functions). [More details](03-monitoring-basics.md#command-arguments-value).
+  description               | String                | Optional argument description. [More details](03-monitoring-basics.md#command-arguments-description).
+  required                  | Boolean               | Required argument. Execution error if not set. Defaults to false (optional). [More details](03-monitoring-basics.md#command-arguments-required).
+  skip\_key                 | Boolean               | Use the value as argument and skip the key. [More details](03-monitoring-basics.md#command-arguments-skip-key).
+  set\_if                   | String/Function       | Argument is added if the [runtime macro string](03-monitoring-basics.md#runtime-macros) resolves to a defined numeric or boolean value. String values are not supported. [Function calls](17-language-reference.md#functions) returning a value are supported too. [More details](03-monitoring-basics.md#command-arguments-set-if).
+  order                     | Number                | Set if multiple arguments require a defined argument order. The syntax is `..., -3, -2, -1, <un-ordered keys>, 1, 2, 3, ...`. [More details](03-monitoring-basics.md#command-arguments-order).
+  repeat\_key               | Boolean               | If the argument value is an array, repeat the argument key, or not. Defaults to true (repeat). [More details](03-monitoring-basics.md#command-arguments-repeat-key).
+  key 	                    | String                | Optional argument key overriding the key identifier. [More details](03-monitoring-basics.md#command-arguments-key).
 
-Argument order:
+`value` and `description` are commonly used, the other entries allow
+to build more advanced CheckCommand objects and arguments.
 
-```
-..., -3, -2, -1, <un-ordered keys>, 1, 2, 3, ...
-```
-
-Argument array with `repeat_key = true`:
-
-```
-'key' 'value[0]' 'key' 'value[1]' 'key' 'value[2]'
-```
-
-Argument array with `repeat_key = false`:
-
-```
-'key' 'value[0]' 'value[1]' 'value[2]'
-```
-
-## CheckerComponent <a id="objecttype-checkcomponent"></a>
-
-The checker component is responsible for scheduling active checks.
-This configuration object is available as [checker feature](11-cli-commands.md#cli-command-feature).
-
-Example:
-
-```
-object CheckerComponent "checker" { }
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  concurrent\_checks        | Number                | **Optional and deprecated.** The maximum number of concurrent checks. Was replaced by global constant `MaxConcurrentChecks` which will be set if you still use `concurrent_checks`.
-
-## CheckResultReader <a id="objecttype-checkresultreader"></a>
-
-Reads Icinga 1.x check result files from a directory. This functionality is provided
-to help existing Icinga 1.x users and might be useful for migration scenarios.
-
-Example:
-
-```
-object CheckResultReader "reader" {
-  spool_dir = "/data/check-results"
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  spool\_dir                | String                | **Optional.** The directory which contains the check result files. Defaults to LocalStateDir + "/lib/icinga2/spool/checkresults/".
-
-## Comment <a id="objecttype-comment"></a>
-
-Comments created at runtime are represented as objects.
-Note: This is for reference only. You can create comments
-with the [add-comment](12-icinga2-api.md#icinga2-api-actions-add-comment) API action.
-
-Example:
-
-```
-object Comment "localhost!my-comment" {
-  host_name = "localhost"
-  author = "icingaadmin"
-  text = "This is a comment."
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host\_name                | Object name           | **Required.** The name of the host this comment belongs to.
-  service\_name             | Object name           | **Optional.** The short name of the service this comment belongs to. If omitted, this comment object is treated as host comment.
-  author                    | String                | **Required.** The author's name.
-  text                      | String                | **Required.** The comment text.
-  entry\_time               | Timestamp             | **Optional.** The UNIX timestamp when this comment was added.
-  entry\_type               | Number                | **Optional.** The comment type (`User` = 1, `Downtime` = 2, `Flapping` = 3, `Acknowledgement` = 4).
-  expire\_time              | Timestamp             | **Optional.** The comment's expire time as UNIX timestamp.
-  persistent                | Boolean               | **Optional.** Only evaluated for `entry_type` Acknowledgement. `true` does not remove the comment when the acknowledgement is removed.
-
-## CompatLogger <a id="objecttype-compatlogger"></a>
-
-Writes log files in a format that's compatible with Icinga 1.x.
-This configuration object is available as [compatlog feature](14-features.md#compat-logging).
-
-Example:
-
-```
-object CompatLogger "compatlog" {
-  log_dir = "/var/log/icinga2/compat"
-  rotation_method = "DAILY"
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  log\_dir                  | String                | **Optional.** Path to the compat log directory. Defaults to LocalStateDir + "/log/icinga2/compat".
-  rotation\_method          | String                | **Optional.** Specifies when to rotate log files. Can be one of "HOURLY", "DAILY", "WEEKLY" or "MONTHLY". Defaults to "HOURLY".
+Please continue reading [here](03-monitoring-basics.md#command-arguments) for advanced usage and examples
+for command arguments.
 
 
-## Dependency <a id="objecttype-dependency"></a>
+### Dependency <a id="objecttype-dependency"></a>
 
 Dependency objects are used to specify dependencies between hosts and services. Dependencies
 can be defined as Host-to-Host, Service-to-Service, Service-to-Host, or Host-to-Service
@@ -391,12 +208,14 @@ Configuration Attributes:
 
 Available state filters:
 
-    OK
-    Warning
-    Critical
-    Unknown
-    Up
-    Down
+```
+OK
+Warning
+Critical
+Unknown
+Up
+Down
+```
 
 When using [apply rules](03-monitoring-basics.md#using-apply) for dependencies, you can leave out certain attributes which will be
 automatically determined by Icinga 2.
@@ -435,96 +254,7 @@ Dependency objects have composite names, i.e. their names are based on the `chil
 name you specified. This means you can define more than one object with the same (short) name as long as one of the `child_host_name` and
 `child_service_name` attributes has a different value.
 
-## Downtime <a id="objecttype-downtime"></a>
-
-Downtimes created at runtime are represented as objects.
-You can create downtimes with the [schedule-downtime](12-icinga2-api.md#icinga2-api-actions-schedule-downtime) API action.
-
-Example:
-
-```
-object Downtime "my-downtime" {
-  host_name = "localhost"
-  author = "icingaadmin"
-  comment = "This is a downtime."
-  start_time = 1505312869
-  end_time = 1505312924
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host\_name                | Object name           | **Required.** The name of the host this comment belongs to.
-  service\_name             | Object name           | **Optional.** The short name of the service this comment belongs to. If omitted, this comment object is treated as host comment.
-  author                    | String                | **Required.** The author's name.
-  comment                   | String                | **Required.** The comment text.
-  start\_time               | Timestamp             | **Required.** The start time as UNIX timestamp.
-  end\_time                 | Timestamp             | **Required.** The end time as UNIX timestamp.
-  duration                  | Number                | **Optional.** The duration as number.
-  entry\_time               | Timestamp             | **Optional.** The UNIX timestamp when this downtime was added.
-  fixed                     | Boolean               | **Optional.** Whether the downtime is fixed (true) or flexible (false). Defaults to flexible. Details in the [advanced topics chapter](08-advanced-topics.md#fixed-flexible-downtimes).
-  triggers                  | Array of object names | **Optional.** List of downtimes which should be triggered by this downtime.
-
-Runtime Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  trigger\_time             | Timestamp             | The UNIX timestamp when this downtime was triggered.
-  triggered\_by             | Object name           | The name of the downtime this downtime was triggered by.
-
-
-## ElasticsearchWriter <a id="objecttype-elasticsearchwriter"></a>
-
-Writes check result metrics and performance data to an Elasticsearch instance.
-This configuration object is available as [elasticsearch feature](14-features.md#elasticsearch-writer).
-
-Example:
-
-```
-object ElasticsearchWriter "elasticsearch" {
-  host = "127.0.0.1"
-  port = 9200
-  index = "icinga2"
-
-  enable_send_perfdata = true
-
-  flush_threshold = 1024
-  flush_interval = 10
-}
-```
-
-The index is rotated daily, as is recommended by Elastic, meaning the index will be renamed to `$index-$d.$M.$y`.
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host                      | String                | **Required.** Elasticsearch host address. Defaults to `127.0.0.1`.
-  port                      | Number                | **Required.** Elasticsearch port. Defaults to `9200`.
-  index                     | String                | **Required.** Elasticsearch index name. Defaults to `icinga2`.
-  enable\_send\_perfdata    | Boolean               | **Optional.** Send parsed performance data metrics for check results. Defaults to `false`.
-  flush\_interval           | Duration              | **Optional.** How long to buffer data points before transferring to Elasticsearch. Defaults to `10s`.
-  flush\_threshold          | Number                | **Optional.** How many data points to buffer before forcing a transfer to Elasticsearch.  Defaults to `1024`.
-  username                  | String                | **Optional.** Basic auth username if Elasticsearch is hidden behind an HTTP proxy.
-  password                  | String                | **Optional.** Basic auth password if Elasticsearch is hidden behind an HTTP proxy.
-  enable\_tls               | Boolean               | **Optional.** Whether to use a TLS stream. Defaults to `false`. Requires an HTTP proxy.
-  ca\_path                  | String                | **Optional.** Path to CA certificate to validate the remote host. Requires `enable_tls` set to `true`.
-  cert\_path                | String                | **Optional.** Path to host certificate to present to the remote host for mutual verification. Requires `enable_tls` set to `true`.
-  key\_path                 | String                | **Optional.** Path to host key to accompany the cert\_path. Requires `enable_tls` set to `true`.
-
-Note: If `flush_threshold` is set too low, this will force the feature to flush all data to Elasticsearch too often.
-Experiment with the setting, if you are processing more than 1024 metrics per second or similar.
-
-Basic auth is supported with the `username` and `password` attributes. This requires an
-HTTP proxy (Nginx, etc.) in front of the Elasticsearch instance. Check [this blogpost](https://blog.netways.de/2017/09/14/secure-elasticsearch-and-kibana-with-an-nginx-http-proxy/)
-for an example.
-
-TLS for the HTTP proxy can be enabled with `enable_tls`. In addition to that
-you can specify the certificates with the `ca_path`, `cert_path` and `cert_key` attributes.
-
-## Endpoint <a id="objecttype-endpoint"></a>
+### Endpoint <a id="objecttype-endpoint"></a>
 
 Endpoint objects are used to specify connection information for remote
 Icinga 2 instances. More details can be found in the [distributed monitoring chapter](06-distributed-monitoring.md#distributed-monitoring).
@@ -532,7 +262,7 @@ Icinga 2 instances. More details can be found in the [distributed monitoring cha
 Example:
 
 ```
-object Endpoint "icinga2-client1.localdomain" {
+object Endpoint "icinga2-agent1.localdomain" {
   host = "192.168.56.111"
   port = 5665
   log_duration = 1d
@@ -542,7 +272,7 @@ object Endpoint "icinga2-client1.localdomain" {
 Example (disable replay log):
 
 ```
-object Endpoint "icinga2-client1.localdomain" {
+object Endpoint "icinga2-agent1.localdomain" {
   host = "192.168.5.111"
   port = 5665
   log_duration = 0
@@ -559,14 +289,10 @@ Configuration Attributes:
 
 Endpoint objects cannot currently be created with the API.
 
-## EventCommand <a id="objecttype-eventcommand"></a>
+### EventCommand <a id="objecttype-eventcommand"></a>
 
 An event command definition.
 
-> **Note**
->
-> Icinga 2 versions < 2.6.0 require the import of the [plugin-event-command](10-icinga-template-library.md#itl-plugin-event-command) template.
-
 Example:
 
 ```
@@ -582,7 +308,7 @@ Configuration Attributes:
   --------------------------|-----------------------|----------------------------------
   command                   | Array                 | **Required.** The command. This can either be an array of individual command arguments. Alternatively a string can be specified in which case the shell interpreter (usually /bin/sh) takes care of parsing the command. When using the "arguments" attribute this must be an array. Can be specified as function for advanced implementations.
   env                       | Dictionary            | **Optional.** A dictionary of macros which should be exported as environment variables prior to executing the command.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are specific to this command.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are specific to this command.
   timeout                   | Duration              | **Optional.** The command timeout in seconds. Defaults to `1m`.
   arguments                 | Dictionary            | **Optional.** A dictionary of command arguments.
 
@@ -590,111 +316,15 @@ Command arguments can be used the same way as for [CheckCommand objects](09-obje
 
 More advanced examples for event command usage can be found [here](03-monitoring-basics.md#event-commands).
 
-## ExternalCommandListener <a id="objecttype-externalcommandlistener"></a>
 
-Implements the Icinga 1.x command pipe which can be used to send commands to Icinga.
-This configuration object is available as [command feature](14-features.md#external-commands).
-
-Example:
-
-```
-object ExternalCommandListener "command" {
-    command_path = "/var/run/icinga2/cmd/icinga2.cmd"
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  command\_path             | String                | **Optional.** Path to the command pipe. Defaults to RunDir + "/icinga2/cmd/icinga2.cmd".
-
-
-
-## FileLogger <a id="objecttype-filelogger"></a>
-
-Specifies Icinga 2 logging to a file.
-This configuration object is available as `mainlog` and `debuglog` [logging feature](14-features.md#logging).
-
-Example:
-
-```
-object FileLogger "debug-file" {
-  severity = "debug"
-  path = "/var/log/icinga2/debug.log"
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  path                      | String                | **Required.** The log path.
-  severity                  | String                | **Optional.** The minimum severity for this log. Can be "debug", "notice", "information", "warning" or "critical". Defaults to "information".
-
-
-## GelfWriter <a id="objecttype-gelfwriter"></a>
-
-Writes event log entries to a defined GELF receiver host (Graylog, Logstash).
-This configuration object is available as [gelf feature](14-features.md#gelfwriter).
-
-Example:
-
-```
-object GelfWriter "gelf" {
-  host = "127.0.0.1"
-  port = 12201
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host                      | String                | **Optional.** GELF receiver host address. Defaults to `127.0.0.1`.
-  port                      | Number                | **Optional.** GELF receiver port. Defaults to `12201`.
-  source                    | String                | **Optional.** Source name for this instance. Defaults to `icinga2`.
-  enable\_send\_perfdata    | Boolean               | **Optional.** Enable performance data for 'CHECK RESULT' events.
-
-
-## GraphiteWriter <a id="objecttype-graphitewriter"></a>
-
-Writes check result metrics and performance data to a defined
-Graphite Carbon host.
-This configuration object is available as [graphite feature](14-features.md#graphite-carbon-cache-writer).
-
-Example:
-
-```
-object GraphiteWriter "graphite" {
-  host = "127.0.0.1"
-  port = 2003
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host                      | String                | **Optional.** Graphite Carbon host address. Defaults to `127.0.0.1`.
-  port                      | Number                | **Optional.** Graphite Carbon port. Defaults to `2003`.
-  host\_name\_template      | String                | **Optional.** Metric prefix for host name. Defaults to `icinga2.$host.name$.host.$host.check_command$`.
-  service\_name\_template   | String                | **Optional.** Metric prefix for service name. Defaults to `icinga2.$host.name$.services.$service.name$.$service.check_command$`.
-  enable\_send\_thresholds  | Boolean               | **Optional.** Send additional threshold metrics. Defaults to `false`.
-  enable\_send\_metadata    | Boolean               | **Optional.** Send additional metadata metrics. Defaults to `false`.
-
-Additional usage examples can be found [here](14-features.md#graphite-carbon-cache-writer).
-
-
-
-## Host <a id="objecttype-host"></a>
+### Host <a id="objecttype-host"></a>
 
 A host.
 
 Example:
 
 ```
-object Host "icinga2-client1.localdomain" {
+object Host "icinga2-agent1.localdomain" {
   display_name = "Linux Client 1"
   address = "192.168.56.111"
   address6 = "2a00:1450:4001:815::2003"
@@ -713,13 +343,13 @@ Configuration Attributes:
   address                   | String                | **Optional.** The host's IPv4 address. Available as command runtime macro `$address$` if set.
   address6                  | String                | **Optional.** The host's IPv6 address. Available as command runtime macro `$address6$` if set.
   groups                    | Array of object names | **Optional.** A list of host groups this host belongs to.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are specific to this host.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are specific to this host.
   check\_command            | Object name           | **Required.** The name of the check command.
   max\_check\_attempts      | Number                | **Optional.** The number of times a host is re-checked before changing into a hard state. Defaults to 3.
-  check\_period             | Object name           | **Optional.** The name of a time period which determines when this host should be checked. Not set by default.
+  check\_period             | Object name           | **Optional.** The name of a time period which determines when this host should be checked. Not set by default (effectively 24x7).
   check\_timeout            | Duration              | **Optional.** Check command timeout in seconds. Overrides the CheckCommand's `timeout` attribute.
   check\_interval           | Duration              | **Optional.** The check interval (in seconds). This interval is used for checks when the host is in a `HARD` state. Defaults to `5m`.
-  retry\_interval           | Duration              | **Optional.** The retry interval (in seconds). This interval is used for checks when the host is in a `SOFT` state. Defaults to `1m`.
+  retry\_interval           | Duration              | **Optional.** The retry interval (in seconds). This interval is used for checks when the host is in a `SOFT` state. Defaults to `1m`. Note: This does not affect the scheduling [after a passive check result](08-advanced-topics.md#check-result-freshness).
   enable\_notifications     | Boolean               | **Optional.** Whether notifications are enabled. Defaults to true.
   enable\_active\_checks    | Boolean               | **Optional.** Whether active checks are enabled. Defaults to true.
   enable\_passive\_checks   | Boolean               | **Optional.** Whether passive checks are enabled. Defaults to true.
@@ -771,10 +401,15 @@ Runtime Attributes:
   last\_hard\_state         | Number                | The last hard state (0 = UP, 1 = DOWN).
   last\_state\_up           | Timestamp             | When the last UP state occurred (as a UNIX timestamp).
   last\_state\_down         | Timestamp             | When the last DOWN state occurred (as a UNIX timestamp).
+  last\_state\_unreachable  | Timestamp             | When the host was unreachable the last time (as a UNIX timestamp).
+  previous\_state\_change   | Timestamp             | Previous timestamp of `last_state_change` before processing a new check result.
+  severity                  | Number                | [Severity](19-technical-concepts.md#technical-concepts-checks-severity) calculated value.
+  problem                   | Boolean               | Whether the host is considered in a problem state type (NOT-UP).
+  handled                   | Boolean               | Whether the host problem is handled (downtime or acknowledgement).
 
 
 
-## HostGroup <a id="objecttype-hostgroup"></a>
+### HostGroup <a id="objecttype-hostgroup"></a>
 
 A group of hosts.
 
@@ -799,308 +434,9 @@ Configuration Attributes:
   display\_name             | String                | **Optional.** A short description of the host group.
   groups                    | Array of object names | **Optional.** An array of nested group names.
 
-## IcingaApplication <a id="objecttype-icingaapplication"></a>
-
-The IcingaApplication object is required to start Icinga 2.
-The object name must be `app`. If the object configuration
-is missing, Icinga 2 will automatically create an IcingaApplication
-object.
-
-Example:
-
-```
-object IcingaApplication "app" {
-  enable_perfdata = false
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  enable\_notifications     | Boolean               | **Optional.** Whether notifications are globally enabled. Defaults to true.
-  enable\_event\_handlers   | Boolean               | **Optional.** Whether event handlers are globally enabled. Defaults to true.
-  enable\_flapping          | Boolean               | **Optional.** Whether flap detection is globally enabled. Defaults to true.
-  enable\_host\_checks      | Boolean               | **Optional.** Whether active host checks are globally enabled. Defaults to true.
-  enable\_service\_checks   | Boolean               | **Optional.** Whether active service checks are globally enabled. Defaults to true.
-  enable\_perfdata          | Boolean               | **Optional.** Whether performance data processing is globally enabled. Defaults to true.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are available globally.
-
-## IdoMySqlConnection <a id="objecttype-idomysqlconnection"></a>
-
-IDO database adapter for MySQL.
-This configuration object is available as [ido-mysql feature](14-features.md#db-ido).
-
-Example:
-
-```
-object IdoMysqlConnection "mysql-ido" {
-  host = "127.0.0.1"
-  port = 3306
-  user = "icinga"
-  password = "icinga"
-  database = "icinga"
-
-  cleanup = {
-    downtimehistory_age = 48h
-    contactnotifications_age = 31d
-  }
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host                      | String                | **Optional.** MySQL database host address. Defaults to `localhost`.
-  port                      | Number                | **Optional.** MySQL database port. Defaults to `3306`.
-  socket\_path              | String                | **Optional.** MySQL socket path.
-  user                      | String                | **Optional.** MySQL database user with read/write permission to the icinga database. Defaults to `icinga`.
-  password                  | String                | **Optional.** MySQL database user's password. Defaults to `icinga`.
-  database                  | String                | **Optional.** MySQL database name. Defaults to `icinga`.
-  enable\_ssl               | Boolean               | **Optional.** Use SSL. Defaults to false. Change to `true` in case you want to use any of the SSL options.
-  ssl\_key                  | String                | **Optional.** MySQL SSL client key file path.
-  ssl\_cert                 | String                | **Optional.** MySQL SSL certificate file path.
-  ssl\_ca                   | String                | **Optional.** MySQL SSL certificate authority certificate file path.
-  ssl\_capath               | String                | **Optional.** MySQL SSL trusted SSL CA certificates in PEM format directory path.
-  ssl\_cipher               | String                | **Optional.** MySQL SSL list of allowed ciphers.
-  table\_prefix             | String                | **Optional.** MySQL database table prefix. Defaults to `icinga_`.
-  instance\_name            | String                | **Optional.** Unique identifier for the local Icinga 2 instance. Defaults to `default`.
-  instance\_description     | String                | **Optional.** Description for the Icinga 2 instance.
-  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Defaults to "true".
-  failover\_timeout         | Duration              | **Optional.** Set the failover timeout in a [HA cluster](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Must not be lower than 60s. Defaults to `60s`.
-  cleanup                   | Dictionary            | **Optional.** Dictionary with items for historical table cleanup.
-  categories                | Array                 | **Optional.** Array of information types that should be written to the database.
-
-Cleanup Items:
-
-  Name                            | Type                  | Description
-  --------------------------------|-----------------------|----------------------------------
-  acknowledgements\_age           | Duration              | **Optional.** Max age for acknowledgements table rows (entry\_time). Defaults to 0 (never).
-  commenthistory\_age             | Duration              | **Optional.** Max age for commenthistory table rows (entry\_time). Defaults to 0 (never).
-  contactnotifications\_age       | Duration              | **Optional.** Max age for contactnotifications table rows (start\_time). Defaults to 0 (never).
-  contactnotificationmethods\_age | Duration              | **Optional.** Max age for contactnotificationmethods table rows (start\_time). Defaults to 0 (never).
-  downtimehistory\_age            | Duration              | **Optional.** Max age for downtimehistory table rows (entry\_time). Defaults to 0 (never).
-  eventhandlers\_age              | Duration              | **Optional.** Max age for eventhandlers table rows (start\_time). Defaults to 0 (never).
-  externalcommands\_age           | Duration              | **Optional.** Max age for externalcommands table rows (entry\_time). Defaults to 0 (never).
-  flappinghistory\_age            | Duration              | **Optional.** Max age for flappinghistory table rows (event\_time). Defaults to 0 (never).
-  hostchecks\_age                 | Duration              | **Optional.** Max age for hostalives table rows (start\_time). Defaults to 0 (never).
-  logentries\_age                 | Duration              | **Optional.** Max age for logentries table rows (logentry\_time). Defaults to 0 (never).
-  notifications\_age              | Duration              | **Optional.** Max age for notifications table rows (start\_time). Defaults to 0 (never).
-  processevents\_age              | Duration              | **Optional.** Max age for processevents table rows (event\_time). Defaults to 0 (never).
-  statehistory\_age               | Duration              | **Optional.** Max age for statehistory table rows (state\_time). Defaults to 0 (never).
-  servicechecks\_age              | Duration              | **Optional.** Max age for servicechecks table rows (start\_time). Defaults to 0 (never).
-  systemcommands\_age             | Duration              | **Optional.** Max age for systemcommands table rows (start\_time). Defaults to 0 (never).
-
-Data Categories:
-
-  Name                 | Description            | Required by
-  ---------------------|------------------------|--------------------
-  DbCatConfig          | Configuration data     | Icinga Web 2
-  DbCatState           | Current state data     | Icinga Web 2
-  DbCatAcknowledgement | Acknowledgements       | Icinga Web 2
-  DbCatComment         | Comments               | Icinga Web 2
-  DbCatDowntime        | Downtimes              | Icinga Web 2
-  DbCatEventHandler    | Event handler data     | Icinga Web 2
-  DbCatExternalCommand | External commands      | --
-  DbCatFlapping        | Flap detection data    | Icinga Web 2
-  DbCatCheck           | Check results          | --
-  DbCatLog             | Log messages           | --
-  DbCatNotification    | Notifications          | Icinga Web 2
-  DbCatProgramStatus   | Program status data    | Icinga Web 2
-  DbCatRetention       | Retention data         | Icinga Web 2
-  DbCatStateHistory    | Historical state data  | Icinga Web 2
-
-The default value for `categories` includes everything required
-by Icinga Web 2 in the table above.
-
-In addition to the category flags listed above the `DbCatEverything`
-flag may be used as a shortcut for listing all flags.
-
-## IdoPgsqlConnection <a id="objecttype-idopgsqlconnection"></a>
-
-IDO database adapter for PostgreSQL.
-This configuration object is available as [ido-pgsql feature](14-features.md#db-ido).
-
-Example:
-
-```
-object IdoPgsqlConnection "pgsql-ido" {
-  host = "127.0.0.1"
-  port = 5432
-  user = "icinga"
-  password = "icinga"
-  database = "icinga"
-
-  cleanup = {
-    downtimehistory_age = 48h
-    contactnotifications_age = 31d
-  }
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host                      | String                | **Optional.** PostgreSQL database host address. Defaults to `localhost`.
-  port                      | Number                | **Optional.** PostgreSQL database port. Defaults to `5432`.
-  user                      | String                | **Optional.** PostgreSQL database user with read/write permission to the icinga database. Defaults to `icinga`.
-  password                  | String                | **Optional.** PostgreSQL database user's password. Defaults to `icinga`.
-  database                  | String                | **Optional.** PostgreSQL database name. Defaults to `icinga`.
-  ssl\_mode                 | String                | **Optional.** Enable SSL connection mode. Value must be set according to the [sslmode setting](https://www.postgresql.org/docs/9.3/static/libpq-connect.html#LIBPQ-CONNSTRING): `prefer`, `require`, `verify-ca`, `verify-full`, `allow`, `disable`.
-  ssl\_key                  | String                | **Optional.** PostgreSQL SSL client key file path.
-  ssl\_cert                 | String                | **Optional.** PostgreSQL SSL certificate file path.
-  ssl\_ca                   | String                | **Optional.** PostgreSQL SSL certificate authority certificate file path.
-  table\_prefix             | String                | **Optional.** PostgreSQL database table prefix. Defaults to `icinga_`.
-  instance\_name            | String                | **Optional.** Unique identifier for the local Icinga 2 instance. Defaults to `default`.
-  instance\_description     | String                | **Optional.** Description for the Icinga 2 instance.
-  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Defaults to "true".
-  failover\_timeout         | Duration              | **Optional.** Set the failover timeout in a [HA cluster](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Must not be lower than 60s. Defaults to `60s`.
-  cleanup                   | Dictionary            | **Optional.** Dictionary with items for historical table cleanup.
-  categories                | Array                 | **Optional.** Array of information types that should be written to the database.
-
-Cleanup Items:
-
-  Name                            | Type                  | Description
-  --------------------------------|-----------------------|----------------------------------
-  acknowledgements\_age           | Duration              | **Optional.** Max age for acknowledgements table rows (entry\_time). Defaults to 0 (never).
-  commenthistory\_age             | Duration              | **Optional.** Max age for commenthistory table rows (entry\_time). Defaults to 0 (never).
-  contactnotifications\_age       | Duration              | **Optional.** Max age for contactnotifications table rows (start\_time). Defaults to 0 (never).
-  contactnotificationmethods\_age | Duration              | **Optional.** Max age for contactnotificationmethods table rows (start\_time). Defaults to 0 (never).
-  downtimehistory\_age            | Duration              | **Optional.** Max age for downtimehistory table rows (entry\_time). Defaults to 0 (never).
-  eventhandlers\_age              | Duration              | **Optional.** Max age for eventhandlers table rows (start\_time). Defaults to 0 (never).
-  externalcommands\_age           | Duration              | **Optional.** Max age for externalcommands table rows (entry\_time). Defaults to 0 (never).
-  flappinghistory\_age            | Duration              | **Optional.** Max age for flappinghistory table rows (event\_time). Defaults to 0 (never).
-  hostchecks\_age                 | Duration              | **Optional.** Max age for hostalives table rows (start\_time). Defaults to 0 (never).
-  logentries\_age                 | Duration              | **Optional.** Max age for logentries table rows (logentry\_time). Defaults to 0 (never).
-  notifications\_age              | Duration              | **Optional.** Max age for notifications table rows (start\_time). Defaults to 0 (never).
-  processevents\_age              | Duration              | **Optional.** Max age for processevents table rows (event\_time). Defaults to 0 (never).
-  statehistory\_age               | Duration              | **Optional.** Max age for statehistory table rows (state\_time). Defaults to 0 (never).
-  servicechecks\_age              | Duration              | **Optional.** Max age for servicechecks table rows (start\_time). Defaults to 0 (never).
-  systemcommands\_age             | Duration              | **Optional.** Max age for systemcommands table rows (start\_time). Defaults to 0 (never).
-
-Data Categories:
-
-  Name                 | Description            | Required by
-  ---------------------|------------------------|--------------------
-  DbCatConfig          | Configuration data     | Icinga Web 2
-  DbCatState           | Current state data     | Icinga Web 2
-  DbCatAcknowledgement | Acknowledgements       | Icinga Web 2
-  DbCatComment         | Comments               | Icinga Web 2
-  DbCatDowntime        | Downtimes              | Icinga Web 2
-  DbCatEventHandler    | Event handler data     | Icinga Web 2
-  DbCatExternalCommand | External commands      | --
-  DbCatFlapping        | Flap detection data    | Icinga Web 2
-  DbCatCheck           | Check results          | --
-  DbCatLog             | Log messages           | --
-  DbCatNotification    | Notifications          | Icinga Web 2
-  DbCatProgramStatus   | Program status data    | Icinga Web 2
-  DbCatRetention       | Retention data         | Icinga Web 2
-  DbCatStateHistory    | Historical state data  | Icinga Web 2
-
-The default value for `categories` includes everything required
-by Icinga Web 2 in the table above.
-
-In addition to the category flags listed above the `DbCatEverything`
-flag may be used as a shortcut for listing all flags.
-
-## InfluxdbWriter <a id="objecttype-influxdbwriter"></a>
-
-Writes check result metrics and performance data to a defined InfluxDB host.
-This configuration object is available as [influxdb feature](14-features.md#influxdb-writer).
-
-Example:
-
-```
-object InfluxdbWriter "influxdb" {
-  host = "127.0.0.1"
-  port = 8086
-  database = "icinga2"
-
-  flush_threshold = 1024
-  flush_interval = 10s
-
-  host_template = {
-    measurement = "$host.check_command$"
-    tags = {
-      hostname = "$host.name$"
-    }
-  }
-  service_template = {
-    measurement = "$service.check_command$"
-    tags = {
-      hostname = "$host.name$"
-      service = "$service.name$"
-    }
-  }
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host                      | String                | **Required.** InfluxDB host address. Defaults to `127.0.0.1`.
-  port                      | Number                | **Required.** InfluxDB HTTP port. Defaults to `8086`.
-  database                  | String                | **Required.** InfluxDB database name. Defaults to `icinga2`.
-  username                  | String                | **Optional.** InfluxDB user name. Defaults to `none`.
-  password                  | String                | **Optional.** InfluxDB user password.  Defaults to `none`.
-  ssl\_enable               | Boolean               | **Optional.** Whether to use a TLS stream. Defaults to `false`.
-  ssl\_ca\_cert             | String                | **Optional.** Path to CA certificate to validate the remote host.
-  ssl\_cert                 | String                | **Optional.** Path to host certificate to present to the remote host for mutual verification.
-  ssl\_key                  | String                | **Optional.** Path to host key to accompany the ssl\_cert.
-  host\_template            | String                | **Required.** Host template to define the InfluxDB line protocol.
-  service\_template         | String                | **Required.** Service template to define the influxDB line protocol.
-  enable\_send\_thresholds  | Boolean               | **Optional.** Whether to send warn, crit, min & max tagged data.
-  enable\_send\_metadata    | Boolean               | **Optional.** Whether to send check metadata e.g. states, execution time, latency etc.
-  flush\_interval           | Duration              | **Optional.** How long to buffer data points before transferring to InfluxDB. Defaults to `10s`.
-  flush\_threshold          | Number                | **Optional.** How many data points to buffer before forcing a transfer to InfluxDB.  Defaults to `1024`.
-
-Note: If `flush_threshold` is set too low, this will always force the feature to flush all data
-to InfluxDB. Experiment with the setting, if you are processing more than 1024 metrics per second
-or similar.
 
 
-
-## LiveStatusListener <a id="objecttype-livestatuslistener"></a>
-
-Livestatus API interface available as TCP or UNIX socket. Historical table queries
-require the [CompatLogger](09-object-types.md#objecttype-compatlogger) feature enabled
-pointing to the log files using the `compat_log_path` configuration attribute.
-This configuration object is available as [livestatus feature](14-features.md#setting-up-livestatus).
-
-Examples:
-
-```
-object LivestatusListener "livestatus-tcp" {
-  socket_type = "tcp"
-  bind_host = "127.0.0.1"
-  bind_port = "6558"
-}
-
-object LivestatusListener "livestatus-unix" {
-  socket_type = "unix"
-  socket_path = "/var/run/icinga2/cmd/livestatus"
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  socket\_type              | String                | **Optional.** Specifies the socket type. Can be either `tcp` or `unix`. Defaults to `unix`.
-  bind\_host                | String                | **Optional.** Only valid when `socket_type` is set to `tcp`. Host address to listen on for connections. Defaults to `127.0.0.1`.
-  bind\_port                | Number                | **Optional.** Only valid when `socket_type` is set to `tcp`. Port to listen on for connections. Defaults to `6558`.
-  socket\_path              | String                | **Optional.** Only valid when `socket_type` is set to `unix`. Specifies the path to the UNIX socket file. Defaults to RunDir + "/icinga2/cmd/livestatus".
-  compat\_log\_path         | String                | **Optional.** Path to Icinga 1.x log files. Required for historical table queries. Requires `CompatLogger` feature enabled. Defaults to LocalStateDir + "/log/icinga2/compat"
-
-> **Note**
->
-> UNIX sockets are not supported on Windows.
-
-
-## Notification <a id="objecttype-notification"></a>
+### Notification <a id="objecttype-notification"></a>
 
 Notification objects are used to specify how users should be notified in case
 of host and service state changes and other events.
@@ -1135,40 +471,46 @@ Configuration Attributes:
   --------------------------|-----------------------|----------------------------------
   host\_name                | Object name           | **Required.** The name of the host this notification belongs to.
   service\_name             | Object name           | **Optional.** The short name of the service this notification belongs to. If omitted, this notification object is treated as host notification.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are specific to this notification object.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are specific to this notification object.
   users                     | Array of object names | **Required.** A list of user names who should be notified. **Optional.** if the `user_groups` attribute is set.
   user\_groups              | Array of object names | **Required.** A list of user group names who should be notified. **Optional.** if the `users` attribute is set.
   times                     | Dictionary            | **Optional.** A dictionary containing `begin` and `end` attributes for the notification.
   command                   | Object name           | **Required.** The name of the notification command which should be executed when the notification is triggered.
   interval                  | Duration              | **Optional.** The notification interval (in seconds). This interval is used for active notifications. Defaults to 30 minutes. If set to 0, [re-notifications](03-monitoring-basics.md#disable-renotification) are disabled.
-  period                    | Object name           | **Optional.** The name of a time period which determines when this notification should be triggered. Not set by default.
+  period                    | Object name           | **Optional.** The name of a time period which determines when this notification should be triggered. Not set by default (effectively 24x7).
   zone		            | Object name           | **Optional.** The zone this object is a member of. Please read the [distributed monitoring](06-distributed-monitoring.md#distributed-monitoring) chapter for details.
   types                     | Array                 | **Optional.** A list of type filters when this notification should be triggered. By default everything is matched.
-  states                    | Array                 | **Optional.** A list of state filters when this notification should be triggered. By default everything is matched.
+  states                    | Array                 | **Optional.** A list of state filters when this notification should be triggered. By default everything is matched. Note that the states filter is ignored for notifications of type Acknowledgement!
 
 Available notification state filters for Service:
 
-    OK
-    Warning
-    Critical
-    Unknown
+```
+OK
+Warning
+Critical
+Unknown
+```
 
 Available notification state filters for Host:
 
-    Up
-    Down
+```
+Up
+Down
+```
 
 Available notification type filters:
 
-    DowntimeStart
-    DowntimeEnd
-    DowntimeRemoved
-    Custom
-    Acknowledgement
-    Problem
-    Recovery
-    FlappingStart
-    FlappingEnd
+```
+DowntimeStart
+DowntimeEnd
+DowntimeRemoved
+Custom
+Acknowledgement
+Problem
+Recovery
+FlappingStart
+FlappingEnd
+```
 
 Runtime Attributes:
 
@@ -1180,19 +522,15 @@ Runtime Attributes:
   last\_problem\_notification | Timestamp             | When the last notification was sent for a problem (as a UNIX timestamp).
 
 
-## NotificationCommand <a id="objecttype-notificationcommand"></a>
+### NotificationCommand <a id="objecttype-notificationcommand"></a>
 
 A notification command definition.
 
-> **Note**
->
-> Icinga 2 versions < 2.6.0 require the import of the [plugin-notification-command](10-icinga-template-library.md#itl-plugin-notification-command) template.
-
 Example:
 
 ```
 object NotificationCommand "mail-service-notification" {
-  command = [ SysconfDir + "/icinga2/scripts/mail-service-notification.sh" ]
+  command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
 
   arguments += {
     "-4" = {
@@ -1270,7 +608,7 @@ Configuration Attributes:
   --------------------------|-----------------------|----------------------------------
   command                   | Array                 | **Required.** The command. This can either be an array of individual command arguments. Alternatively a string can be specified in which case the shell interpreter (usually /bin/sh) takes care of parsing the command. When using the "arguments" attribute this must be an array. Can be specified as function for advanced implementations.
   env                       | Dictionary            | **Optional.** A dictionary of macros which should be exported as environment variables prior to executing the command.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are specific to this command.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are specific to this command.
   timeout                   | Duration              | **Optional.** The command timeout in seconds. Defaults to `1m`.
   arguments                 | Dictionary            | **Optional.** A dictionary of command arguments.
 
@@ -1278,83 +616,7 @@ Command arguments can be used the same way as for [CheckCommand objects](09-obje
 
 More details on specific attributes can be found in [this chapter](03-monitoring-basics.md#notification-commands).
 
-## NotificationComponent <a id="objecttype-notificationcomponent"></a>
-
-The notification component is responsible for sending notifications.
-This configuration object is available as [notification feature](11-cli-commands.md#cli-command-feature).
-
-Example:
-
-```
-object NotificationComponent "notification" { }
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-notifications). Disabling this currently only affects reminder notifications. Defaults to "true".
-
-## OpenTsdbWriter <a id="objecttype-opentsdbwriter"></a>
-
-Writes check result metrics and performance data to [OpenTSDB](http://opentsdb.net).
-This configuration object is available as [opentsdb feature](14-features.md#opentsdb-writer).
-
-Example:
-
-```
-object OpenTsdbWriter "opentsdb" {
-  host = "127.0.0.1"
-  port = 4242
-
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host            	    | String                | **Optional.** OpenTSDB host address. Defaults to `127.0.0.1`.
-  port            	    | Number                | **Optional.** OpenTSDB port. Defaults to `4242`.
-
-
-## PerfdataWriter <a id="objecttype-perfdatawriter"></a>
-
-Writes check result performance data to a defined path using macro
-pattern consisting of custom attributes and runtime macros.
-This configuration object is available as [perfdata feature](14-features.md#writing-performance-data-files).
-
-Example:
-
-```
-object PerfdataWriter "perfdata" {
-  host_perfdata_path = "/var/spool/icinga2/perfdata/host-perfdata"
-
-  service_perfdata_path = "/var/spool/icinga2/perfdata/service-perfdata"
-
-  host_format_template = "DATATYPE::HOSTPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tHOSTPERFDATA::$host.perfdata$\tHOSTCHECKCOMMAND::$host.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$"
-  service_format_template = "DATATYPE::SERVICEPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tSERVICEDESC::$service.name$\tSERVICEPERFDATA::$service.perfdata$\tSERVICECHECKCOMMAND::$service.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$\tSERVICESTATE::$service.state$\tSERVICESTATETYPE::$service.state_type$"
-
-  rotation_interval = 15s
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  host\_perfdata\_path      | String                | **Optional.** Path to the host performance data file. Defaults to LocalStateDir + "/spool/icinga2/perfdata/host-perfdata".
-  service\_perfdata\_path   | String                | **Optional.** Path to the service performance data file. Defaults to LocalStateDir + "/spool/icinga2/perfdata/service-perfdata".
-  host\_temp\_path          | String                | **Optional.** Path to the temporary host file. Defaults to LocalStateDir + "/spool/icinga2/tmp/host-perfdata".
-  service\_temp\_path       | String                | **Optional.** Path to the temporary service file. Defaults to LocalStateDir + "/spool/icinga2/tmp/service-perfdata".
-  host\_format\_template    | String                | **Optional.** Host Format template for the performance data file. Defaults to a template that's suitable for use with PNP4Nagios.
-  service\_format\_template | String                | **Optional.** Service Format template for the performance data file. Defaults to a template that's suitable for use with PNP4Nagios.
-  rotation\_interval        | Duration              | **Optional.** Rotation interval for the files specified in `{host,service}_perfdata_path`. Defaults to `30s`.
-
-When rotating the performance data file the current UNIX timestamp is appended to the path specified
-in `host_perfdata_path` and `service_perfdata_path` to generate a unique filename.
-
-
-## ScheduledDowntime <a id="objecttype-scheduleddowntime"></a>
+### ScheduledDowntime <a id="objecttype-scheduleddowntime"></a>
 
 ScheduledDowntime objects can be used to set up recurring downtimes for hosts/services.
 
@@ -1396,6 +658,7 @@ Configuration Attributes:
   fixed                     | Boolean               | **Optional.** Whether this is a fixed downtime. Defaults to `true`.
   duration                  | Duration              | **Optional.** How long the downtime lasts. Only has an effect for flexible (non-fixed) downtimes.
   ranges                    | Dictionary            | **Required.** A dictionary containing information which days and durations apply to this timeperiod.
+  child\_options            | String                | **Optional.** Schedule child downtimes. `DowntimeNoChildren` does not do anything, `DowntimeTriggeredChildren` schedules child downtimes triggered by this downtime, `DowntimeNonTriggeredChildren` schedules non-triggered downtimes. Defaults to `DowntimeNoChildren`.
 
 ScheduledDowntime objects have composite names, i.e. their names are based
 on the `host_name` and `service_name` attributes and the
@@ -1404,7 +667,7 @@ with the same (short) name as long as one of the `host_name` and
 `service_name` attributes has a different value.
 
 
-## Service <a id="objecttype-service"></a>
+### Service <a id="objecttype-service"></a>
 
 Service objects describe network services and how they should be checked
 by Icinga 2.
@@ -1443,13 +706,13 @@ Configuration Attributes:
   display\_name             | String                | **Optional.** A short description of the service.
   host\_name                | Object name           | **Required.** The host this service belongs to. There must be a `Host` object with that name.
   groups                    | Array of object names | **Optional.** The service groups this service belongs to.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are specific to this service.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are specific to this service.
   check\_command            | Object name           | **Required.** The name of the check command.
   max\_check\_attempts      | Number                | **Optional.** The number of times a service is re-checked before changing into a hard state. Defaults to 3.
-  check\_period             | Object name           | **Optional.** The name of a time period which determines when this service should be checked. Not set by default.
+  check\_period             | Object name           | **Optional.** The name of a time period which determines when this service should be checked. Not set by default (effectively 24x7).
   check\_timeout            | Duration              | **Optional.** Check command timeout in seconds. Overrides the CheckCommand's `timeout` attribute.
   check\_interval           | Duration              | **Optional.** The check interval (in seconds). This interval is used for checks when the service is in a `HARD` state. Defaults to `5m`.
-  retry\_interval           | Duration              | **Optional.** The retry interval (in seconds). This interval is used for checks when the service is in a `SOFT` state. Defaults to `1m`.
+  retry\_interval           | Duration              | **Optional.** The retry interval (in seconds). This interval is used for checks when the service is in a `SOFT` state. Defaults to `1m`. Note: This does not affect the scheduling [after a passive check result](08-advanced-topics.md#check-result-freshness).
   enable\_notifications     | Boolean               | **Optional.** Whether notifications are enabled. Defaults to `true`.
   enable\_active\_checks    | Boolean               | **Optional.** Whether active checks are enabled. Defaults to `true`.
   enable\_passive\_checks   | Boolean               | **Optional.** Whether passive checks are enabled. Defaults to `true`.
@@ -1494,7 +757,7 @@ Runtime Attributes:
   downtime\_depth           | Number                | Whether the service has one or more active downtimes.
   flapping\_last\_change    | Timestamp             | When the last flapping change occurred (as a UNIX timestamp).
   flapping\_current         | Number                | Current flapping value in percent (see flapping\_thresholds)
-  flapping                  | Boolean               | Whether the host is flapping between states.
+  flapping                  | Boolean               | Whether the service is flapping between states.
   state                     | Number                | The current state (0 = OK, 1 = WARNING, 2 = CRITICAL, 3 = UNKNOWN).
   last\_state               | Number                | The previous state (0 = OK, 1 = WARNING, 2 = CRITICAL, 3 = UNKNOWN).
   last\_hard\_state         | Number                | The last hard state (0 = OK, 1 = WARNING, 2 = CRITICAL, 3 = UNKNOWN).
@@ -1502,9 +765,14 @@ Runtime Attributes:
   last\_state\_warning      | Timestamp             | When the last WARNING state occurred (as a UNIX timestamp).
   last\_state\_critical     | Timestamp             | When the last CRITICAL state occurred (as a UNIX timestamp).
   last\_state\_unknown      | Timestamp             | When the last UNKNOWN state occurred (as a UNIX timestamp).
+  last\_state\_unreachable  | Timestamp             | When the service was unreachable the last time (as a UNIX timestamp).
+  previous\_state\_change   | Timestamp             | Previous timestamp of `last_state_change` before processing a new check result.
+  severity                  | Number                | [Severity](19-technical-concepts.md#technical-concepts-checks-severity) calculated value.
+  problem                   | Boolean               | Whether the service is considered in a problem state type (NOT-OK).
+  handled                   | Boolean               | Whether the service problem is handled (downtime or acknowledgement).
 
 
-## ServiceGroup <a id="objecttype-servicegroup"></a>
+### ServiceGroup <a id="objecttype-servicegroup"></a>
 
 A group of services.
 
@@ -1528,84 +796,12 @@ Configuration Attributes:
   groups                    | Array of object names | **Optional.** An array of nested group names.
 
 
-## StatusDataWriter <a id="objecttype-statusdatawriter"></a>
 
-Periodically writes status and configuration data files which are used by third-party tools.
-This configuration object is available as [statusdata feature](14-features.md#status-data).
-
-Example:
-
-```
-object StatusDataWriter "status" {
-    status_path = "/var/cache/icinga2/status.dat"
-    objects_path = "/var/cache/icinga2/objects.cache"
-    update_interval = 30s
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  status\_path              | String                | **Optional.** Path to the `status.dat` file. Defaults to LocalStateDir + "/cache/icinga2/status.dat".
-  objects\_path             | String                | **Optional.** Path to the `objects.cache` file. Defaults to LocalStateDir + "/cache/icinga2/objects.cache".
-  update\_interval          | Duration              | **Optional.** The interval in which the status files are updated. Defaults to `15s`.
-
-
-## SyslogLogger <a id="objecttype-sysloglogger"></a>
-
-Specifies Icinga 2 logging to syslog.
-This configuration object is available as `syslog` [logging feature](14-features.md#logging).
-
-Example:
-
-```
-object SyslogLogger "syslog" {
-  severity = "warning"
-}
-```
-
-Configuration Attributes:
-
-  Name                      | Type                  | Description
-  --------------------------|-----------------------|----------------------------------
-  severity                  | String                | **Optional.** The minimum severity for this log. Can be "debug", "notice", "information", "warning" or "critical". Defaults to "warning".
-  facility                  | String                | **Optional.** Defines the facility to use for syslog entries. This can be a facility constant like `FacilityDaemon`. Defaults to `FacilityUser`.
-
-Facility Constants:
-
-  Name                 | Facility      | Description
-  ---------------------|---------------|----------------
-  FacilityAuth         | LOG\_AUTH     | The authorization system.
-  FacilityAuthPriv     | LOG\_AUTHPRIV | The same as `FacilityAuth`, but logged to a file readable only by selected individuals.
-  FacilityCron         | LOG\_CRON     | The cron daemon.
-  FacilityDaemon       | LOG\_DAEMON   | System daemons that are not provided for explicitly by other facilities.
-  FacilityFtp          | LOG\_FTP      | The file transfer protocol daemons.
-  FacilityKern         | LOG\_KERN     | Messages generated by the kernel. These cannot be generated by any user processes.
-  FacilityLocal0       | LOG\_LOCAL0   | Reserved for local use.
-  FacilityLocal1       | LOG\_LOCAL1   | Reserved for local use.
-  FacilityLocal2       | LOG\_LOCAL2   | Reserved for local use.
-  FacilityLocal3       | LOG\_LOCAL3   | Reserved for local use.
-  FacilityLocal4       | LOG\_LOCAL4   | Reserved for local use.
-  FacilityLocal5       | LOG\_LOCAL5   | Reserved for local use.
-  FacilityLocal6       | LOG\_LOCAL6   | Reserved for local use.
-  FacilityLocal7       | LOG\_LOCAL7   | Reserved for local use.
-  FacilityLpr          | LOG\_LPR      | The line printer spooling system.
-  FacilityMail         | LOG\_MAIL     | The mail system.
-  FacilityNews         | LOG\_NEWS     | The network news system.
-  FacilitySyslog       | LOG\_SYSLOG   | Messages generated internally by syslogd.
-  FacilityUser         | LOG\_USER     | Messages generated by user processes. This is the default facility identifier if none is specified.
-  FacilityUucp         | LOG\_UUCP     | The UUCP system.
-
-## TimePeriod <a id="objecttype-timeperiod"></a>
+### TimePeriod <a id="objecttype-timeperiod"></a>
 
 Time periods can be used to specify when hosts/services should be checked or to limit
 when notifications should be sent out.
 
-> **Note**
->
-> Icinga 2 versions < 2.6.0 require the import of the [legacy-timeperiod](10-icinga-template-library.md#itl-legacy-timeperiod) template.
-
 Examples:
 
 ```
@@ -1662,7 +858,7 @@ Runtime Attributes:
   is\_inside                | Boolean               | Whether we're currently inside this timeperiod.
 
 
-## User <a id="objecttype-user"></a>
+### User <a id="objecttype-user"></a>
 
 A user.
 
@@ -1686,24 +882,28 @@ object User "icingaadmin" {
 
 Available notification state filters:
 
-    OK
-    Warning
-    Critical
-    Unknown
-    Up
-    Down
+```
+OK
+Warning
+Critical
+Unknown
+Up
+Down
+```
 
 Available notification type filters:
 
-    DowntimeStart
-    DowntimeEnd
-    DowntimeRemoved
-    Custom
-    Acknowledgement
-    Problem
-    Recovery
-    FlappingStart
-    FlappingEnd
+```
+DowntimeStart
+DowntimeEnd
+DowntimeRemoved
+Custom
+Acknowledgement
+Problem
+Recovery
+FlappingStart
+FlappingEnd
+```
 
 Configuration Attributes:
 
@@ -1712,10 +912,10 @@ Configuration Attributes:
   display\_name             | String                | **Optional.** A short description of the user.
   email                     | String                | **Optional.** An email string for this user. Useful for notification commands.
   pager                     | String                | **Optional.** A pager string for this user. Useful for notification commands.
-  vars                      | Dictionary            | **Optional.** A dictionary containing custom attributes that are specific to this user.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are specific to this user.
   groups                    | Array of object names | **Optional.** An array of group names.
-  enable\_notifications     | Boolean               | **Optional.** Whether notifications are enabled for this user.
-  period                    | Object name           | **Optional.** The name of a time period which determines when a notification for this user should be triggered. Not set by default.
+  enable\_notifications     | Boolean               | **Optional.** Whether notifications are enabled for this user. Defaults to true.
+  period                    | Object name           | **Optional.** The name of a time period which determines when a notification for this user should be triggered. Not set by default (effectively 24x7).
   types                     | Array                 | **Optional.** A set of type filters when a notification for this user should be triggered. By default everything is matched.
   states                    | Array                 | **Optional.** A set of state filters when a notification for this should be triggered. By default everything is matched.
 
@@ -1725,7 +925,7 @@ Runtime Attributes:
   --------------------------|-----------------------|----------------------------------
   last\_notification        | Timestamp             | When the last notification was sent for this user (as a UNIX timestamp).
 
-## UserGroup <a id="objecttype-usergroup"></a>
+### UserGroup <a id="objecttype-usergroup"></a>
 
 A user group.
 
@@ -1749,7 +949,7 @@ Configuration Attributes:
   groups                    | Array of object names | **Optional.** An array of nested group names.
 
 
-## Zone <a id="objecttype-zone"></a>
+### Zone <a id="objecttype-zone"></a>
 
 Zone objects are used to specify which Icinga 2 instances are located in a zone.
 Please read the [distributed monitoring chapter](06-distributed-monitoring.md#distributed-monitoring) for additional details.
@@ -1772,7 +972,847 @@ Configuration Attributes:
   Name                      | Type                  | Description
   --------------------------|-----------------------|----------------------------------
   endpoints                 | Array of object names | **Optional.** Array of endpoint names located in this zone.
-  parent                    | Object name           | **Optional.** The name of the parent zone.
+  parent                    | Object name           | **Optional.** The name of the parent zone. (Do not specify a global zone)
   global                    | Boolean               | **Optional.** Whether configuration files for this zone should be [synced](06-distributed-monitoring.md#distributed-monitoring-global-zone-config-sync) to all endpoints. Defaults to `false`.
 
 Zone objects cannot currently be created with the API.
+
+
+## Runtime Objects <a id="object-types-runtime"></a>
+
+These objects are generated at runtime by the daemon
+from API actions. Downtime objects are also created
+by ScheduledDowntime objects.
+
+### Comment <a id="objecttype-comment"></a>
+
+Comments created at runtime are represented as objects.
+Note: This is for reference only. You can create comments
+with the [add-comment](12-icinga2-api.md#icinga2-api-actions-add-comment) API action.
+
+Example:
+
+```
+object Comment "my-comment" {
+  host_name = "localhost"
+  author = "icingaadmin"
+  text = "This is a comment."
+  entry_time = 1234567890
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host\_name                | Object name           | **Required.** The name of the host this comment belongs to.
+  service\_name             | Object name           | **Optional.** The short name of the service this comment belongs to. If omitted, this comment object is treated as host comment.
+  author                    | String                | **Required.** The author's name.
+  text                      | String                | **Required.** The comment text.
+  entry\_time               | Timestamp             | **Optional.** The UNIX timestamp when this comment was added. If omitted, the entry time is volatile!
+  entry\_type               | Number                | **Optional.** The comment type (`User` = 1, `Downtime` = 2, `Flapping` = 3, `Acknowledgement` = 4).
+  expire\_time              | Timestamp             | **Optional.** The comment's expire time as UNIX timestamp.
+  persistent                | Boolean               | **Optional.** Only evaluated for `entry_type` Acknowledgement. `true` does not remove the comment when the acknowledgement is removed.
+
+### Downtime <a id="objecttype-downtime"></a>
+
+Downtimes created at runtime are represented as objects.
+You can create downtimes with the [schedule-downtime](12-icinga2-api.md#icinga2-api-actions-schedule-downtime) API action.
+
+Example:
+
+```
+object Downtime "my-downtime" {
+  host_name = "localhost"
+  author = "icingaadmin"
+  comment = "This is a downtime."
+  start_time = 1505312869
+  end_time = 1505312924
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host\_name                | Object name           | **Required.** The name of the host this comment belongs to.
+  service\_name             | Object name           | **Optional.** The short name of the service this comment belongs to. If omitted, this comment object is treated as host comment.
+  author                    | String                | **Required.** The author's name.
+  comment                   | String                | **Required.** The comment text.
+  start\_time               | Timestamp             | **Required.** The start time as UNIX timestamp.
+  end\_time                 | Timestamp             | **Required.** The end time as UNIX timestamp.
+  duration                  | Number                | **Optional.** The duration as number.
+  entry\_time               | Timestamp             | **Optional.** The UNIX timestamp when this downtime was added.
+  fixed                     | Boolean               | **Optional.** Whether the downtime is fixed (true) or flexible (false). Defaults to flexible. Details in the [advanced topics chapter](08-advanced-topics.md#fixed-flexible-downtimes).
+  triggers                  | Array of object names | **Optional.** List of downtimes which should be triggered by this downtime.
+
+Runtime Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  trigger\_time             | Timestamp             | The UNIX timestamp when this downtime was triggered.
+  triggered\_by             | Object name           | The name of the downtime this downtime was triggered by.
+
+
+
+## Features <a id="object-types-features"></a>
+
+### ApiListener <a id="objecttype-apilistener"></a>
+
+ApiListener objects are used for distributed monitoring setups
+and API usage specifying the certificate files used for ssl
+authorization and additional restrictions.
+This configuration object is available as [api feature](11-cli-commands.md#cli-command-feature).
+
+The `TicketSalt` constant must be defined in [constants.conf](04-configuration.md#constants-conf).
+
+Example:
+
+```
+object ApiListener "api" {
+  accept_commands = true
+  accept_config = true
+
+  ticket_salt = TicketSalt
+}
+```
+
+Configuration Attributes:
+
+  Name                                  | Type                  | Description
+  --------------------------------------|-----------------------|----------------------------------
+  cert\_path                            | String                | **Deprecated.** Path to the public key.
+  key\_path                             | String                | **Deprecated.** Path to the private key.
+  ca\_path                              | String                | **Deprecated.** Path to the CA certificate file.
+  ticket\_salt                          | String                | **Optional.** Private key for [CSR auto-signing](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing). **Required** for a signing master instance.
+  crl\_path                             | String                | **Optional.** Path to the CRL file.
+  bind\_host                            | String                | **Optional.** The IP address the api listener should be bound to. If not specified, the ApiListener is bound to `::` and listens for both IPv4 and IPv6 connections.
+  bind\_port                            | Number                | **Optional.** The port the api listener should be bound to. Defaults to `5665`.
+  accept\_config                        | Boolean               | **Optional.** Accept zone configuration. Defaults to `false`.
+  accept\_commands                      | Boolean               | **Optional.** Accept remote commands. Defaults to `false`.
+  max\_anonymous\_clients               | Number                | **Optional.** Limit the number of anonymous client connections (not configured endpoints and signing requests).
+  cipher\_list                          | String                | **Optional.** Cipher list that is allowed. For a list of available ciphers run `openssl ciphers`. Defaults to `ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256`.
+  tls\_protocolmin                      | String                | **Optional.** Minimum TLS protocol version. Since v2.11, only `TLSv1.2` is supported. Defaults to `TLSv1.2`.
+  tls\_handshake\_timeout               | Number                | **Optional.** TLS Handshake timeout. Defaults to `10s`.
+  access\_control\_allow\_origin        | Array                 | **Optional.** Specifies an array of origin URLs that may access the API. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Origin)
+  access\_control\_allow\_credentials   | Boolean               | **Deprecated.** Indicates whether or not the actual request can be made using credentials. Defaults to `true`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials)
+  access\_control\_allow\_headers       | String                | **Deprecated.** Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Defaults to `Authorization`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers)
+  access\_control\_allow\_methods       | String                | **Deprecated.** Used in response to a preflight request to indicate which HTTP methods can be used when making the actual request. Defaults to `GET, POST, PUT, DELETE`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Methods)
+  environment                           | String                | **Optional.** Used as suffix in TLS SNI extension name; default from constant `ApiEnvironment`, which is empty.
+
+The attributes `access_control_allow_credentials`, `access_control_allow_headers` and `access_control_allow_methods`
+are controlled by Icinga 2 and are not changeable by config any more.
+
+
+The ApiListener type expects its certificate files to be in the following locations:
+
+  Type                 | Location
+  ---------------------|-------------------------------------
+  Private key          | `DataDir + "/certs/" + NodeName + ".key"`
+  Certificate file     | `DataDir + "/certs/" + NodeName + ".crt"`
+  CA certificate file  | `DataDir + "/certs/ca.crt"`
+
+If the deprecated attributes `cert_path`, `key_path` and/or `ca_path` are specified Icinga 2
+copies those files to the new location in `DataDir + "/certs"` unless the
+file(s) there are newer.
+
+Please check the [upgrading chapter](16-upgrading-icinga-2.md#upgrading-to-2-8-certificate-paths) for more details.
+
+While Icinga 2 and the underlying OpenSSL library use sane and secure defaults, the attributes
+`cipher_list` and `tls_protocolmin` can be used to increase communication security. A good source
+for a more secure configuration is provided by the [Mozilla Wiki](https://wiki.mozilla.org/Security/Server_Side_TLS).
+Ensure to use the same configuration for both attributes on **all** endpoints to avoid communication problems which
+requires to use `cipher_list` compatible with the endpoint using the oldest version of the OpenSSL library. If using
+other tools to connect to the API ensure also compatibility with them as this setting affects not only inter-cluster
+communcation but also the REST API.
+
+### CheckerComponent <a id="objecttype-checkercomponent"></a>
+
+The checker component is responsible for scheduling active checks.
+This configuration object is available as [checker feature](11-cli-commands.md#cli-command-feature).
+
+Example:
+
+```
+object CheckerComponent "checker" { }
+```
+
+In order to limit the concurrent checks on a master/satellite endpoint,
+use [MaxConcurrentChecks](17-language-reference.md#icinga-constants-global-config) constant.
+This also applies to an agent as command endpoint where the checker
+feature is disabled.
+
+### CheckResultReader <a id="objecttype-checkresultreader"></a>
+
+Reads Icinga 1.x check result files from a directory. This functionality is provided
+to help existing Icinga 1.x users and might be useful for migration scenarios.
+
+> **Note**
+>
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
+
+Example:
+
+```
+object CheckResultReader "reader" {
+  spool_dir = "/data/check-results"
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  spool\_dir                | String                | **Optional.** The directory which contains the check result files. Defaults to DataDir + "/spool/checkresults/".
+
+### CompatLogger <a id="objecttype-compatlogger"></a>
+
+Writes log files in a format that's compatible with Icinga 1.x.
+This configuration object is available as [compatlog feature](14-features.md#compat-logging).
+
+> **Note**
+>
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
+
+Example:
+
+```
+object CompatLogger "compatlog" {
+  log_dir = "/var/log/icinga2/compat"
+  rotation_method = "DAILY"
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  log\_dir                  | String                | **Optional.** Path to the compat log directory. Defaults to LogDir + "/compat".
+  rotation\_method          | String                | **Optional.** Specifies when to rotate log files. Can be one of "HOURLY", "DAILY", "WEEKLY" or "MONTHLY". Defaults to "HOURLY".
+
+
+### ElasticsearchWriter <a id="objecttype-elasticsearchwriter"></a>
+
+Writes check result metrics and performance data to an Elasticsearch instance.
+This configuration object is available as [elasticsearch feature](14-features.md#elasticsearch-writer).
+
+Example:
+
+```
+object ElasticsearchWriter "elasticsearch" {
+  host = "127.0.0.1"
+  port = 9200
+  index = "icinga2"
+
+  enable_send_perfdata = true
+
+  flush_threshold = 1024
+  flush_interval = 10
+}
+```
+
+The index is rotated daily, as is recommended by Elastic, meaning the index will be renamed to `$index-$d.$M.$y`.
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host                      | String                | **Required.** Elasticsearch host address. Defaults to `127.0.0.1`.
+  port                      | Number                | **Required.** Elasticsearch port. Defaults to `9200`.
+  index                     | String                | **Required.** Elasticsearch index name. Defaults to `icinga2`.
+  enable\_send\_perfdata    | Boolean               | **Optional.** Send parsed performance data metrics for check results. Defaults to `false`.
+  flush\_interval           | Duration              | **Optional.** How long to buffer data points before transferring to Elasticsearch. Defaults to `10s`.
+  flush\_threshold          | Number                | **Optional.** How many data points to buffer before forcing a transfer to Elasticsearch.  Defaults to `1024`.
+  username                  | String                | **Optional.** Basic auth username if Elasticsearch is hidden behind an HTTP proxy.
+  password                  | String                | **Optional.** Basic auth password if Elasticsearch is hidden behind an HTTP proxy.
+  enable\_tls               | Boolean               | **Optional.** Whether to use a TLS stream. Defaults to `false`. Requires an HTTP proxy.
+  ca\_path                  | String                | **Optional.** Path to CA certificate to validate the remote host. Requires `enable_tls` set to `true`.
+  cert\_path                | String                | **Optional.** Path to host certificate to present to the remote host for mutual verification. Requires `enable_tls` set to `true`.
+  key\_path                 | String                | **Optional.** Path to host key to accompany the cert\_path. Requires `enable_tls` set to `true`.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-features). Defaults to `false`.
+
+Note: If `flush_threshold` is set too low, this will force the feature to flush all data to Elasticsearch too often.
+Experiment with the setting, if you are processing more than 1024 metrics per second or similar.
+
+Basic auth is supported with the `username` and `password` attributes. This requires an
+HTTP proxy (Nginx, etc.) in front of the Elasticsearch instance. Check [this blogpost](https://blog.netways.de/2017/09/14/secure-elasticsearch-and-kibana-with-an-nginx-http-proxy/)
+for an example.
+
+TLS for the HTTP proxy can be enabled with `enable_tls`. In addition to that
+you can specify the certificates with the `ca_path`, `cert_path` and `cert_key` attributes.
+
+### ExternalCommandListener <a id="objecttype-externalcommandlistener"></a>
+
+Implements the Icinga 1.x command pipe which can be used to send commands to Icinga.
+This configuration object is available as [command feature](14-features.md#external-commands).
+
+> **Note**
+>
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
+
+Example:
+
+```
+object ExternalCommandListener "command" {
+    command_path = "/var/run/icinga2/cmd/icinga2.cmd"
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  command\_path             | String                | **Optional.** Path to the command pipe. Defaults to RunDir + "/icinga2/cmd/icinga2.cmd".
+
+
+
+### FileLogger <a id="objecttype-filelogger"></a>
+
+Specifies Icinga 2 logging to a file.
+This configuration object is available as `mainlog` and `debuglog` [logging feature](14-features.md#logging).
+
+Example:
+
+```
+object FileLogger "debug-file" {
+  severity = "debug"
+  path = "/var/log/icinga2/debug.log"
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  path                      | String                | **Required.** The log path.
+  severity                  | String                | **Optional.** The minimum severity for this log. Can be "debug", "notice", "information", "warning" or "critical". Defaults to "information".
+
+
+### GelfWriter <a id="objecttype-gelfwriter"></a>
+
+Writes event log entries to a defined GELF receiver host (Graylog, Logstash).
+This configuration object is available as [gelf feature](14-features.md#gelfwriter).
+
+Example:
+
+```
+object GelfWriter "gelf" {
+  host = "127.0.0.1"
+  port = 12201
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host                      | String                | **Optional.** GELF receiver host address. Defaults to `127.0.0.1`.
+  port                      | Number                | **Optional.** GELF receiver port. Defaults to `12201`.
+  source                    | String                | **Optional.** Source name for this instance. Defaults to `icinga2`.
+  enable\_send\_perfdata    | Boolean               | **Optional.** Enable performance data for 'CHECK RESULT' events.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-features). Defaults to `false`.
+  enable\_tls               | Boolean               | **Optional.** Whether to use a TLS stream. Defaults to `false`.
+  ca\_path                  | String                | **Optional.** Path to CA certificate to validate the remote host. Requires `enable_tls` set to `true`.
+  cert\_path                | String                | **Optional.** Path to host certificate to present to the remote host for mutual verification. Requires `enable_tls` set to `true`.
+  key\_path                 | String                | **Optional.** Path to host key to accompany the cert\_path. Requires `enable_tls` set to `true`.
+
+### GraphiteWriter <a id="objecttype-graphitewriter"></a>
+
+Writes check result metrics and performance data to a defined
+Graphite Carbon host.
+This configuration object is available as [graphite feature](14-features.md#graphite-carbon-cache-writer).
+
+Example:
+
+```
+object GraphiteWriter "graphite" {
+  host = "127.0.0.1"
+  port = 2003
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host                      | String                | **Optional.** Graphite Carbon host address. Defaults to `127.0.0.1`.
+  port                      | Number                | **Optional.** Graphite Carbon port. Defaults to `2003`.
+  host\_name\_template      | String                | **Optional.** Metric prefix for host name. Defaults to `icinga2.$host.name$.host.$host.check_command$`.
+  service\_name\_template   | String                | **Optional.** Metric prefix for service name. Defaults to `icinga2.$host.name$.services.$service.name$.$service.check_command$`.
+  enable\_send\_thresholds  | Boolean               | **Optional.** Send additional threshold metrics. Defaults to `false`.
+  enable\_send\_metadata    | Boolean               | **Optional.** Send additional metadata metrics. Defaults to `false`.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-features). Defaults to `false`.
+
+Additional usage examples can be found [here](14-features.md#graphite-carbon-cache-writer).
+
+
+### IcingaApplication <a id="objecttype-icingaapplication"></a>
+
+The IcingaApplication object is required to start Icinga 2.
+The object name must be `app`. If the object configuration
+is missing, Icinga 2 will automatically create an IcingaApplication
+object.
+
+Example:
+
+```
+object IcingaApplication "app" {
+  enable_perfdata = false
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  enable\_notifications     | Boolean               | **Optional.** Whether notifications are globally enabled. Defaults to true.
+  enable\_event\_handlers   | Boolean               | **Optional.** Whether event handlers are globally enabled. Defaults to true.
+  enable\_flapping          | Boolean               | **Optional.** Whether flap detection is globally enabled. Defaults to true.
+  enable\_host\_checks      | Boolean               | **Optional.** Whether active host checks are globally enabled. Defaults to true.
+  enable\_service\_checks   | Boolean               | **Optional.** Whether active service checks are globally enabled. Defaults to true.
+  enable\_perfdata          | Boolean               | **Optional.** Whether performance data processing is globally enabled. Defaults to true.
+  vars                      | Dictionary            | **Optional.** A dictionary containing custom variables that are available globally.
+  environment               | String                | **Optional.** Specify the Icinga environment. This overrides the `Environment` constant specified in the configuration or on the CLI with `--define`. Defaults to empty.
+
+### IdoMySqlConnection <a id="objecttype-idomysqlconnection"></a>
+
+IDO database adapter for MySQL.
+This configuration object is available as [ido-mysql feature](14-features.md#db-ido).
+
+Example:
+
+```
+object IdoMysqlConnection "mysql-ido" {
+  host = "127.0.0.1"
+  port = 3306
+  user = "icinga"
+  password = "icinga"
+  database = "icinga"
+
+  cleanup = {
+    downtimehistory_age = 48h
+    contactnotifications_age = 31d
+  }
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host                      | String                | **Optional.** MySQL database host address. Defaults to `localhost`.
+  port                      | Number                | **Optional.** MySQL database port. Defaults to `3306`.
+  socket\_path              | String                | **Optional.** MySQL socket path.
+  user                      | String                | **Optional.** MySQL database user with read/write permission to the icinga database. Defaults to `icinga`.
+  password                  | String                | **Optional.** MySQL database user's password. Defaults to `icinga`.
+  database                  | String                | **Optional.** MySQL database name. Defaults to `icinga`.
+  enable\_ssl               | Boolean               | **Optional.** Use SSL. Defaults to false. Change to `true` in case you want to use any of the SSL options.
+  ssl\_key                  | String                | **Optional.** MySQL SSL client key file path.
+  ssl\_cert                 | String                | **Optional.** MySQL SSL certificate file path.
+  ssl\_ca                   | String                | **Optional.** MySQL SSL certificate authority certificate file path.
+  ssl\_capath               | String                | **Optional.** MySQL SSL trusted SSL CA certificates in PEM format directory path.
+  ssl\_cipher               | String                | **Optional.** MySQL SSL list of allowed ciphers.
+  table\_prefix             | String                | **Optional.** MySQL database table prefix. Defaults to `icinga_`.
+  instance\_name            | String                | **Optional.** Unique identifier for the local Icinga 2 instance, used for multiple Icinga 2 clusters writing to the same database. Defaults to `default`.
+  instance\_description     | String                | **Optional.** Description for the Icinga 2 instance.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Defaults to `true`.
+  failover\_timeout         | Duration              | **Optional.** Set the failover timeout in a [HA cluster](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Must not be lower than 30s. Defaults to `30s`.
+  cleanup                   | Dictionary            | **Optional.** Dictionary with items for historical table cleanup.
+  categories                | Array                 | **Optional.** Array of information types that should be written to the database.
+
+Cleanup Items:
+
+  Name                            | Type                  | Description
+  --------------------------------|-----------------------|----------------------------------
+  acknowledgements\_age           | Duration              | **Optional.** Max age for acknowledgements table rows (entry\_time). Defaults to 0 (never).
+  commenthistory\_age             | Duration              | **Optional.** Max age for commenthistory table rows (entry\_time). Defaults to 0 (never).
+  contactnotifications\_age       | Duration              | **Optional.** Max age for contactnotifications table rows (start\_time). Defaults to 0 (never).
+  contactnotificationmethods\_age | Duration              | **Optional.** Max age for contactnotificationmethods table rows (start\_time). Defaults to 0 (never).
+  downtimehistory\_age            | Duration              | **Optional.** Max age for downtimehistory table rows (entry\_time). Defaults to 0 (never).
+  eventhandlers\_age              | Duration              | **Optional.** Max age for eventhandlers table rows (start\_time). Defaults to 0 (never).
+  externalcommands\_age           | Duration              | **Optional.** Max age for externalcommands table rows (entry\_time). Defaults to 0 (never).
+  flappinghistory\_age            | Duration              | **Optional.** Max age for flappinghistory table rows (event\_time). Defaults to 0 (never).
+  hostchecks\_age                 | Duration              | **Optional.** Max age for hostalives table rows (start\_time). Defaults to 0 (never).
+  logentries\_age                 | Duration              | **Optional.** Max age for logentries table rows (logentry\_time). Defaults to 0 (never).
+  notifications\_age              | Duration              | **Optional.** Max age for notifications table rows (start\_time). Defaults to 0 (never).
+  processevents\_age              | Duration              | **Optional.** Max age for processevents table rows (event\_time). Defaults to 0 (never).
+  statehistory\_age               | Duration              | **Optional.** Max age for statehistory table rows (state\_time). Defaults to 0 (never).
+  servicechecks\_age              | Duration              | **Optional.** Max age for servicechecks table rows (start\_time). Defaults to 0 (never).
+  systemcommands\_age             | Duration              | **Optional.** Max age for systemcommands table rows (start\_time). Defaults to 0 (never).
+
+Data Categories:
+
+  Name                 | Description            | Required by
+  ---------------------|------------------------|--------------------
+  DbCatConfig          | Configuration data     | Icinga Web 2
+  DbCatState           | Current state data     | Icinga Web 2
+  DbCatAcknowledgement | Acknowledgements       | Icinga Web 2
+  DbCatComment         | Comments               | Icinga Web 2
+  DbCatDowntime        | Downtimes              | Icinga Web 2
+  DbCatEventHandler    | Event handler data     | Icinga Web 2
+  DbCatExternalCommand | External commands      | --
+  DbCatFlapping        | Flap detection data    | Icinga Web 2
+  DbCatCheck           | Check results          | --
+  DbCatLog             | Log messages           | --
+  DbCatNotification    | Notifications          | Icinga Web 2
+  DbCatProgramStatus   | Program status data    | Icinga Web 2
+  DbCatRetention       | Retention data         | Icinga Web 2
+  DbCatStateHistory    | Historical state data  | Icinga Web 2
+
+The default value for `categories` includes everything required
+by Icinga Web 2 in the table above.
+
+In addition to the category flags listed above the `DbCatEverything`
+flag may be used as a shortcut for listing all flags.
+
+Runtime Attributes:
+
+  Name                        | Type                  | Description
+  ----------------------------|-----------------------|-----------------
+  last\_failover              | Timestamp             | When the last failover happened for this connection (only available with `enable_ha = true`.
+
+### IdoPgsqlConnection <a id="objecttype-idopgsqlconnection"></a>
+
+IDO database adapter for PostgreSQL.
+This configuration object is available as [ido-pgsql feature](14-features.md#db-ido).
+
+Example:
+
+```
+object IdoPgsqlConnection "pgsql-ido" {
+  host = "127.0.0.1"
+  port = 5432
+  user = "icinga"
+  password = "icinga"
+  database = "icinga"
+
+  cleanup = {
+    downtimehistory_age = 48h
+    contactnotifications_age = 31d
+  }
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host                      | String                | **Optional.** PostgreSQL database host address. Defaults to `localhost`.
+  port                      | Number                | **Optional.** PostgreSQL database port. Defaults to `5432`.
+  user                      | String                | **Optional.** PostgreSQL database user with read/write permission to the icinga database. Defaults to `icinga`.
+  password                  | String                | **Optional.** PostgreSQL database user's password. Defaults to `icinga`.
+  database                  | String                | **Optional.** PostgreSQL database name. Defaults to `icinga`.
+  ssl\_mode                 | String                | **Optional.** Enable SSL connection mode. Value must be set according to the [sslmode setting](https://www.postgresql.org/docs/9.3/static/libpq-connect.html#LIBPQ-CONNSTRING): `prefer`, `require`, `verify-ca`, `verify-full`, `allow`, `disable`.
+  ssl\_key                  | String                | **Optional.** PostgreSQL SSL client key file path.
+  ssl\_cert                 | String                | **Optional.** PostgreSQL SSL certificate file path.
+  ssl\_ca                   | String                | **Optional.** PostgreSQL SSL certificate authority certificate file path.
+  table\_prefix             | String                | **Optional.** PostgreSQL database table prefix. Defaults to `icinga_`.
+  instance\_name            | String                | **Optional.** Unique identifier for the local Icinga 2 instance, used for multiple Icinga 2 clusters writing to the same database. Defaults to `default`.
+  instance\_description     | String                | **Optional.** Description for the Icinga 2 instance.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Defaults to `true`.
+  failover\_timeout         | Duration              | **Optional.** Set the failover timeout in a [HA cluster](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido). Must not be lower than 30s. Defaults to `30s`.
+  cleanup                   | Dictionary            | **Optional.** Dictionary with items for historical table cleanup.
+  categories                | Array                 | **Optional.** Array of information types that should be written to the database.
+
+Cleanup Items:
+
+  Name                            | Type                  | Description
+  --------------------------------|-----------------------|----------------------------------
+  acknowledgements\_age           | Duration              | **Optional.** Max age for acknowledgements table rows (entry\_time). Defaults to 0 (never).
+  commenthistory\_age             | Duration              | **Optional.** Max age for commenthistory table rows (entry\_time). Defaults to 0 (never).
+  contactnotifications\_age       | Duration              | **Optional.** Max age for contactnotifications table rows (start\_time). Defaults to 0 (never).
+  contactnotificationmethods\_age | Duration              | **Optional.** Max age for contactnotificationmethods table rows (start\_time). Defaults to 0 (never).
+  downtimehistory\_age            | Duration              | **Optional.** Max age for downtimehistory table rows (entry\_time). Defaults to 0 (never).
+  eventhandlers\_age              | Duration              | **Optional.** Max age for eventhandlers table rows (start\_time). Defaults to 0 (never).
+  externalcommands\_age           | Duration              | **Optional.** Max age for externalcommands table rows (entry\_time). Defaults to 0 (never).
+  flappinghistory\_age            | Duration              | **Optional.** Max age for flappinghistory table rows (event\_time). Defaults to 0 (never).
+  hostchecks\_age                 | Duration              | **Optional.** Max age for hostalives table rows (start\_time). Defaults to 0 (never).
+  logentries\_age                 | Duration              | **Optional.** Max age for logentries table rows (logentry\_time). Defaults to 0 (never).
+  notifications\_age              | Duration              | **Optional.** Max age for notifications table rows (start\_time). Defaults to 0 (never).
+  processevents\_age              | Duration              | **Optional.** Max age for processevents table rows (event\_time). Defaults to 0 (never).
+  statehistory\_age               | Duration              | **Optional.** Max age for statehistory table rows (state\_time). Defaults to 0 (never).
+  servicechecks\_age              | Duration              | **Optional.** Max age for servicechecks table rows (start\_time). Defaults to 0 (never).
+  systemcommands\_age             | Duration              | **Optional.** Max age for systemcommands table rows (start\_time). Defaults to 0 (never).
+
+Data Categories:
+
+  Name                 | Description            | Required by
+  ---------------------|------------------------|--------------------
+  DbCatConfig          | Configuration data     | Icinga Web 2
+  DbCatState           | Current state data     | Icinga Web 2
+  DbCatAcknowledgement | Acknowledgements       | Icinga Web 2
+  DbCatComment         | Comments               | Icinga Web 2
+  DbCatDowntime        | Downtimes              | Icinga Web 2
+  DbCatEventHandler    | Event handler data     | Icinga Web 2
+  DbCatExternalCommand | External commands      | --
+  DbCatFlapping        | Flap detection data    | Icinga Web 2
+  DbCatCheck           | Check results          | --
+  DbCatLog             | Log messages           | --
+  DbCatNotification    | Notifications          | Icinga Web 2
+  DbCatProgramStatus   | Program status data    | Icinga Web 2
+  DbCatRetention       | Retention data         | Icinga Web 2
+  DbCatStateHistory    | Historical state data  | Icinga Web 2
+
+The default value for `categories` includes everything required
+by Icinga Web 2 in the table above.
+
+In addition to the category flags listed above the `DbCatEverything`
+flag may be used as a shortcut for listing all flags.
+
+Runtime Attributes:
+
+  Name                        | Type                  | Description
+  ----------------------------|-----------------------|-----------------
+  last\_failover              | Timestamp             | When the last failover happened for this connection (only available with `enable_ha = true`.
+
+### InfluxdbWriter <a id="objecttype-influxdbwriter"></a>
+
+Writes check result metrics and performance data to a defined InfluxDB host.
+This configuration object is available as [influxdb feature](14-features.md#influxdb-writer).
+
+Example:
+
+```
+object InfluxdbWriter "influxdb" {
+  host = "127.0.0.1"
+  port = 8086
+  database = "icinga2"
+
+  flush_threshold = 1024
+  flush_interval = 10s
+
+  host_template = {
+    measurement = "$host.check_command$"
+    tags = {
+      hostname = "$host.name$"
+    }
+  }
+  service_template = {
+    measurement = "$service.check_command$"
+    tags = {
+      hostname = "$host.name$"
+      service = "$service.name$"
+    }
+  }
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host                      | String                | **Required.** InfluxDB host address. Defaults to `127.0.0.1`.
+  port                      | Number                | **Required.** InfluxDB HTTP port. Defaults to `8086`.
+  database                  | String                | **Required.** InfluxDB database name. Defaults to `icinga2`.
+  username                  | String                | **Optional.** InfluxDB user name. Defaults to `none`.
+  password                  | String                | **Optional.** InfluxDB user password.  Defaults to `none`.
+  ssl\_enable               | Boolean               | **Optional.** Whether to use a TLS stream. Defaults to `false`.
+  ssl\_ca\_cert             | String                | **Optional.** Path to CA certificate to validate the remote host.
+  ssl\_cert                 | String                | **Optional.** Path to host certificate to present to the remote host for mutual verification.
+  ssl\_key                  | String                | **Optional.** Path to host key to accompany the ssl\_cert.
+  host\_template            | String                | **Required.** Host template to define the InfluxDB line protocol.
+  service\_template         | String                | **Required.** Service template to define the influxDB line protocol.
+  enable\_send\_thresholds  | Boolean               | **Optional.** Whether to send warn, crit, min & max tagged data.
+  enable\_send\_metadata    | Boolean               | **Optional.** Whether to send check metadata e.g. states, execution time, latency etc.
+  flush\_interval           | Duration              | **Optional.** How long to buffer data points before transferring to InfluxDB. Defaults to `10s`.
+  flush\_threshold          | Number                | **Optional.** How many data points to buffer before forcing a transfer to InfluxDB.  Defaults to `1024`.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-features). Defaults to `false`.
+
+Note: If `flush_threshold` is set too low, this will always force the feature to flush all data
+to InfluxDB. Experiment with the setting, if you are processing more than 1024 metrics per second
+or similar.
+
+
+
+### LiveStatusListener <a id="objecttype-livestatuslistener"></a>
+
+Livestatus API interface available as TCP or UNIX socket. Historical table queries
+require the [CompatLogger](09-object-types.md#objecttype-compatlogger) feature enabled
+pointing to the log files using the `compat_log_path` configuration attribute.
+This configuration object is available as [livestatus feature](14-features.md#setting-up-livestatus).
+
+Examples:
+
+```
+object LivestatusListener "livestatus-tcp" {
+  socket_type = "tcp"
+  bind_host = "127.0.0.1"
+  bind_port = "6558"
+}
+
+object LivestatusListener "livestatus-unix" {
+  socket_type = "unix"
+  socket_path = "/var/run/icinga2/cmd/livestatus"
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  socket\_type              | String                | **Optional.** Specifies the socket type. Can be either `tcp` or `unix`. Defaults to `unix`.
+  bind\_host                | String                | **Optional.** Only valid when `socket_type` is set to `tcp`. Host address to listen on for connections. Defaults to `127.0.0.1`.
+  bind\_port                | Number                | **Optional.** Only valid when `socket_type` is set to `tcp`. Port to listen on for connections. Defaults to `6558`.
+  socket\_path              | String                | **Optional.** Only valid when `socket_type` is set to `unix`. Specifies the path to the UNIX socket file. Defaults to RunDir + "/icinga2/cmd/livestatus".
+  compat\_log\_path         | String                | **Optional.** Path to Icinga 1.x log files. Required for historical table queries. Requires `CompatLogger` feature enabled. Defaults to LogDir + "/compat"
+
+> **Note**
+>
+> UNIX sockets are not supported on Windows.
+
+### NotificationComponent <a id="objecttype-notificationcomponent"></a>
+
+The notification component is responsible for sending notifications.
+This configuration object is available as [notification feature](11-cli-commands.md#cli-command-feature).
+
+Example:
+
+```
+object NotificationComponent "notification" { }
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-notifications). Disabling this currently only affects reminder notifications. Defaults to "true".
+
+### OpenTsdbWriter <a id="objecttype-opentsdbwriter"></a>
+
+Writes check result metrics and performance data to [OpenTSDB](http://opentsdb.net).
+This configuration object is available as [opentsdb feature](14-features.md#opentsdb-writer).
+
+Example:
+
+```
+object OpenTsdbWriter "opentsdb" {
+  host = "127.0.0.1"
+  port = 4242
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host            	    | String                | **Optional.** OpenTSDB host address. Defaults to `127.0.0.1`.
+  port            	    | Number                | **Optional.** OpenTSDB port. Defaults to `4242`.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-features). Defaults to `false`.
+
+
+### PerfdataWriter <a id="objecttype-perfdatawriter"></a>
+
+Writes check result performance data to a defined path using macro
+pattern consisting of custom variables and runtime macros.
+This configuration object is available as [perfdata feature](14-features.md#writing-performance-data-files).
+
+Example:
+
+```
+object PerfdataWriter "perfdata" {
+  host_perfdata_path = "/var/spool/icinga2/perfdata/host-perfdata"
+
+  service_perfdata_path = "/var/spool/icinga2/perfdata/service-perfdata"
+
+  host_format_template = "DATATYPE::HOSTPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tHOSTPERFDATA::$host.perfdata$\tHOSTCHECKCOMMAND::$host.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$"
+  service_format_template = "DATATYPE::SERVICEPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tSERVICEDESC::$service.name$\tSERVICEPERFDATA::$service.perfdata$\tSERVICECHECKCOMMAND::$service.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$\tSERVICESTATE::$service.state$\tSERVICESTATETYPE::$service.state_type$"
+
+  rotation_interval = 15s
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  host\_perfdata\_path      | String                | **Optional.** Path to the host performance data file. Defaults to SpoolDir + "/perfdata/host-perfdata".
+  service\_perfdata\_path   | String                | **Optional.** Path to the service performance data file. Defaults to SpoolDir + "/perfdata/service-perfdata".
+  host\_temp\_path          | String                | **Optional.** Path to the temporary host file. Defaults to SpoolDir + "/tmp/host-perfdata".
+  service\_temp\_path       | String                | **Optional.** Path to the temporary service file. Defaults to SpoolDir + "/tmp/service-perfdata".
+  host\_format\_template    | String                | **Optional.** Host Format template for the performance data file. Defaults to a template that's suitable for use with PNP4Nagios.
+  service\_format\_template | String                | **Optional.** Service Format template for the performance data file. Defaults to a template that's suitable for use with PNP4Nagios.
+  rotation\_interval        | Duration              | **Optional.** Rotation interval for the files specified in `{host,service}_perfdata_path`. Defaults to `30s`.
+  enable\_ha                | Boolean               | **Optional.** Enable the high availability functionality. Only valid in a [cluster setup](06-distributed-monitoring.md#distributed-monitoring-high-availability-features). Defaults to `false`.
+
+When rotating the performance data file the current UNIX timestamp is appended to the path specified
+in `host_perfdata_path` and `service_perfdata_path` to generate a unique filename.
+
+
+### StatusDataWriter <a id="objecttype-statusdatawriter"></a>
+
+Periodically writes status and configuration data files which are used by third-party tools.
+This configuration object is available as [statusdata feature](14-features.md#status-data).
+
+> **Note**
+>
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
+
+Example:
+
+```
+object StatusDataWriter "status" {
+    status_path = "/var/cache/icinga2/status.dat"
+    objects_path = "/var/cache/icinga2/objects.cache"
+    update_interval = 30s
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  status\_path              | String                | **Optional.** Path to the `status.dat` file. Defaults to CacheDir + "/status.dat".
+  objects\_path             | String                | **Optional.** Path to the `objects.cache` file. Defaults to CacheDir + "/objects.cache".
+  update\_interval          | Duration              | **Optional.** The interval in which the status files are updated. Defaults to `15s`.
+
+### SyslogLogger <a id="objecttype-sysloglogger"></a>
+
+Specifies Icinga 2 logging to syslog.
+This configuration object is available as `syslog` [logging feature](14-features.md#logging).
+
+Example:
+
+```
+object SyslogLogger "syslog" {
+  severity = "warning"
+}
+```
+
+Configuration Attributes:
+
+  Name                      | Type                  | Description
+  --------------------------|-----------------------|----------------------------------
+  severity                  | String                | **Optional.** The minimum severity for this log. Can be "debug", "notice", "information", "warning" or "critical". Defaults to "warning".
+  facility                  | String                | **Optional.** Defines the facility to use for syslog entries. This can be a facility constant like `FacilityDaemon`. Defaults to `FacilityUser`.
+
+Facility Constants:
+
+  Name                 | Facility      | Description
+  ---------------------|---------------|----------------
+  FacilityAuth         | LOG\_AUTH     | The authorization system.
+  FacilityAuthPriv     | LOG\_AUTHPRIV | The same as `FacilityAuth`, but logged to a file readable only by selected individuals.
+  FacilityCron         | LOG\_CRON     | The cron daemon.
+  FacilityDaemon       | LOG\_DAEMON   | System daemons that are not provided for explicitly by other facilities.
+  FacilityFtp          | LOG\_FTP      | The file transfer protocol daemons.
+  FacilityKern         | LOG\_KERN     | Messages generated by the kernel. These cannot be generated by any user processes.
+  FacilityLocal0       | LOG\_LOCAL0   | Reserved for local use.
+  FacilityLocal1       | LOG\_LOCAL1   | Reserved for local use.
+  FacilityLocal2       | LOG\_LOCAL2   | Reserved for local use.
+  FacilityLocal3       | LOG\_LOCAL3   | Reserved for local use.
+  FacilityLocal4       | LOG\_LOCAL4   | Reserved for local use.
+  FacilityLocal5       | LOG\_LOCAL5   | Reserved for local use.
+  FacilityLocal6       | LOG\_LOCAL6   | Reserved for local use.
+  FacilityLocal7       | LOG\_LOCAL7   | Reserved for local use.
+  FacilityLpr          | LOG\_LPR      | The line printer spooling system.
+  FacilityMail         | LOG\_MAIL     | The mail system.
+  FacilityNews         | LOG\_NEWS     | The network news system.
+  FacilitySyslog       | LOG\_SYSLOG   | Messages generated internally by syslogd.
+  FacilityUser         | LOG\_USER     | Messages generated by user processes. This is the default facility identifier if none is specified.
+  FacilityUucp         | LOG\_UUCP     | The UUCP system.
+
+
+
diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md
index 0da925058..bbd3e824b 100644
--- a/doc/10-icinga-template-library.md
+++ b/doc/10-icinga-template-library.md
@@ -23,9 +23,11 @@ You are advised to create your own CheckCommand definitions in
 
 ## Generic Templates <a id="itl-generic-templates"></a>
 
-By default the generic templates are included in the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration file:
+By default the generic templates are included in the [icinga2.conf](04-configuration.md#icinga2-conf) configuration file:
 
-    include <itl>
+```
+include <itl>
+```
 
 These templates are imported by the provided example configuration.
 
@@ -74,9 +76,9 @@ plugin scripts.
 ### icinga <a id="itl-icinga"></a>
 
 Check command for the built-in `icinga` check. This check returns performance
-data for the current Icinga instance and optionally allows for minimum version checks.
+data for the current Icinga instance, reports as warning if the last reload failed and optionally allows for minimum version checks.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                   | Description
 -----------------------|---------------
@@ -93,7 +95,7 @@ The `cluster` check command does not support any vars.
 
 Check command for the built-in `cluster-zone` check.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                   | Description
 -----------------------|---------------
@@ -105,7 +107,7 @@ cluster\_lag\_critical | **Optional.** Critical threshold for log lag in seconds
 
 Check command for the built-in `ido` check.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                            | Description
 --------------------------------|-----------------------------
@@ -125,7 +127,7 @@ or [runtime object checks](08-advanced-topics.md#access-object-attributes-at-run
 In contrast to the [check_dummy](https://www.monitoring-plugins.org/doc/man/check_dummy.html)
 plugin, Icinga 2 implements a light-weight in memory check with 2.9+.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -136,7 +138,7 @@ dummy\_text      | **Optional.** Plugin output. Defaults to "Check was successfu
 
 Specialised check command object for passive checks which uses the functionality of the "dummy" check command with appropriate default values.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -158,6 +160,15 @@ Check command for the built-in `exception` check. This check throws an exception
 For test and demo purposes only. The `exception` check command does not support
 any vars.
 
+### sleep <a id="itl-sleep"></a>
+
+Check command for the built-in `sleep` check. This allows to use sleep for testing
+and debugging only.
+
+Name            | Description
+----------------|--------------
+sleep\_time     | **Optional.** The duration of the sleep in seconds. Defaults to 1s.
+
 <!-- keep this anchor for URL link history only -->
 <a id="plugin-check-commands"></a>
 
@@ -166,7 +177,7 @@ any vars.
 The Plugin Check Commands provides example configuration for plugin check commands
 provided by the [Monitoring Plugins](https://www.monitoring-plugins.org) project.
 
-By default the Plugin Check Commands are included in the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration
+By default the Plugin Check Commands are included in the [icinga2.conf](04-configuration.md#icinga2-conf) configuration
 file:
 
     include <plugins>
@@ -182,10 +193,10 @@ which contains the path of the plugins from the Monitoring Plugins project.
 
 ### apt <a id="plugin-check-command-apt"></a>
 
-The plugin [apt](https://www.monitoring-plugins.org/doc/index.html) checks for software updates on systems that use
+The plugin [apt](https://www.monitoring-plugins.org/doc/man/check_apt.html) checks for software updates on systems that use
 package management systems based on the apt-get(8) command found in Debian based systems.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
@@ -197,6 +208,7 @@ apt_exclude             | **Optional.** Exclude packages matching REGEXP from th
 apt_critical            | **Optional.** If the full package information of any of the upgradable packages match this REGEXP, the plugin will return CRITICAL status. Can be specified multiple times.
 apt_timeout             | **Optional.** Seconds before plugin times out (default: 10).
 apt_only_critical       | **Optional.** Only warn about critical upgrades.
+apt_list                | **Optional.** List packages available for upgrade.
 
 
 ### breeze <a id="plugin-check-command-breeze"></a>
@@ -204,7 +216,7 @@ apt_only_critical       | **Optional.** Only warn about critical upgrades.
 The [check_breeze](https://www.monitoring-plugins.org/doc/man/check_breeze.html) plugin reports the signal
 strength of a Breezecom wireless equipment.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name             | Description
 -----------------|---------------------------------
@@ -219,7 +231,7 @@ breeze_critical  | **Required.** Percentage strength below which a WARNING statu
 The [check_by_ssh](https://www.monitoring-plugins.org/doc/man/check_by_ssh.html) plugin uses SSH to execute
 commands on a remote host.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name               | Description
 ----------------   | --------------
@@ -244,7 +256,7 @@ by_ssh_skip_stderr | **Optional.** Ignore all or (if specified) first n lines on
 The [check_clamd](https://www.monitoring-plugins.org/doc/man/check_clamd.html) plugin tests CLAMD
 connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name               | Description
 -------------------|--------------
@@ -275,7 +287,7 @@ clamd_ipv6           | **Optional.** Use IPv6 connection. Defaults to false.
 The [check_dhcp](https://www.monitoring-plugins.org/doc/man/check_dhcp.html) plugin
 tests the availability of DHCP servers on a network.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -292,7 +304,7 @@ dhcp_unicast    | **Optional.** Whether to use unicast requests. Defaults to fal
 The [check_dig](https://www.monitoring-plugins.org/doc/man/check_dig.html) plugin
 test the DNS service on the specified host using dig.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                 | Description
 ---------------------|--------------
@@ -316,7 +328,7 @@ The [check_disk](https://www.monitoring-plugins.org/doc/man/check_disk.html) plu
 checks the amount of used disk space on a mounted file system and generates an alert
 if free space is less than one of the threshold values.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            	| Description
 --------------------|------------------------
@@ -345,14 +357,15 @@ disk\_ignore\_eregi\_path | **Optional.** Regular expression to ignore selected
 disk\_ignore\_ereg\_path  | **Optional.** Regular expression to ignore selected path or partition. Multiple regular expression strings must be defined as array.
 disk\_timeout             | **Optional.** Seconds before connection times out (default: 10).
 disk\_units               | **Optional.** Choose bytes, kB, MB, GB, TB (default: MB).
-disk\_exclude\_type       | **Optional.** Ignore all filesystems of indicated type. Multiple regular expression strings must be defined as array. Defaults to "none", "tmpfs", "sysfs", "proc", "configfs", "devtmpfs", "devfs", "mtmfs", "tracefs", "cgroup", "fuse.gvfsd-fuse", "fuse.gvfs-fuse-daemon", "fdescfs", "overlay", "nsfs".
+disk\_exclude\_type       | **Optional.** Ignore all filesystems of indicated type. Multiple regular expression strings must be defined as array. Defaults to "none", "tmpfs", "sysfs", "proc", "configfs", "devtmpfs", "devfs", "mtmfs", "tracefs", "cgroup", "fuse.gvfsd-fuse", "fuse.gvfs-fuse-daemon", "fdescfs", "overlay", "nsfs", "squashfs".
+disk\_include\_type       | **Optional.** Check only filesystems of indicated type. Multiple regular expression strings must be defined as array.
 
 ### disk_smb <a id="plugin-check-command-disk-smb"></a>
 
 The [check_disk_smb](https://www.monitoring-plugins.org/doc/man/check_disk_smb.html) plugin
 uses the `smbclient` binary to check SMB shares.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            	| Description
 ------------------------|------------------------
@@ -373,7 +386,7 @@ uses the nslookup program to obtain the IP address for the given host/domain que
 An optional DNS server to use may be specified. If no DNS server is specified, the
 default server(s) specified in `/etc/resolv.conf` will be used.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                 | Description
 ---------------------|--------------
@@ -394,7 +407,7 @@ dns_timeout          | **Optional.** Seconds before connection times out. Defaul
 The [check_file_age](https://www.monitoring-plugins.org/doc/man/check_file_age.html) plugin
 checks a file's size and modification time to make sure it's not empty and that it's sufficiently recent.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                   | Description
 -----------------------|--------------------------------------------------------------------------------------------------------
@@ -411,7 +424,7 @@ file_age_ignoremissing | **Optional.** Return OK if the file does not exist. Def
 The [check_flexlm](https://www.monitoring-plugins.org/doc/man/check_flexlm.html) plugin
 checks available flexlm license managers. Requires the `lmstat` command.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name               | Description
 -------------------|----------------------------------------------------------
@@ -427,7 +440,7 @@ necessary to set the `suid` flag on `fping`.
 
 This CheckCommand expects an IPv4 address.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -452,7 +465,7 @@ necessary to set the `suid` flag on `fping`.
 
 This CheckCommand expects an IPv6 address.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -474,7 +487,7 @@ fping_source_interface | **Optional.** The source interface name.
 The [check_ftp](https://www.monitoring-plugins.org/doc/man/check_ftp.html) plugin
 tests FTP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name               | Description
 -------------------|--------------
@@ -508,7 +521,7 @@ This plugin uses the 'qstat' command, the popular game server status query tool.
 If you don't have the package installed, you will need to [download](http://www.activesw.com/people/steve/qstat.html)
 or install the package `quakestat` before you can use this plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name               | Description
 -------------------|-------------------
@@ -529,7 +542,7 @@ Check command object for the [check_ping](https://www.monitoring-plugins.org/doc
 plugin with host check default values. This variant uses the host's `address` attribute
 if available and falls back to using the `address6` attribute if the `address` attribute is not set.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -547,7 +560,7 @@ ping_timeout    | **Optional.** The plugin timeout in seconds. Defaults to 0 (no
 Check command object for the [check_ping](https://www.monitoring-plugins.org/doc/man/check_ping.html)
 plugin with host check default values. This variant uses the host's `address` attribute.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -565,7 +578,7 @@ ping_timeout    | **Optional.** The plugin timeout in seconds. Defaults to 0 (no
 Check command object for the [check_ping](https://www.monitoring-plugins.org/doc/man/check_ping.html)
 plugin with host check default values. This variant uses the host's `address6` attribute.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -584,7 +597,7 @@ The [check_hpjd](https://www.monitoring-plugins.org/doc/man/check_hpjd.html) plu
 tests the state of an HP printer with a JetDirect card. Net-snmp must be installed
 on the computer running the plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -600,7 +613,9 @@ tests the HTTP service on the specified host. It can test normal (http) and secu
 (https) servers, follow redirects, search for strings and regular expressions,
 check connection times, and report on certificate expiration times.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+The plugin can either test the HTTP response of a server, or if `http_certificate` is set to a non-empty value, the TLS certificate age for a HTTPS host.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|---------------------------------
@@ -659,7 +674,7 @@ The main difference is that check_ping executes the system's ping(1) command and
 parses its output while `check_icmp` talks ICMP itself. `check_icmp` must be installed with
 `setuid` root.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -683,7 +698,7 @@ icmp_ttl        | **Optional.** The TTL on outgoing packets.
 The [check_imap](https://www.monitoring-plugins.org/doc/man/check_imap.html) plugin
 tests IMAP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                  | Description
 ----------------------|--------------
@@ -716,7 +731,7 @@ can be used to check LDAP servers.
 The plugin can also be used for monitoring ldaps connections instead of the deprecated `check_ldaps`.
 This can be ensured by enabling `ldap_starttls` or `ldap_ssl`.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            	| Description
 ------------------------|--------------
@@ -742,7 +757,7 @@ ldap_verbose		| **Optional.** Show details for command-line debugging (disabled
 The [check_load](https://www.monitoring-plugins.org/doc/man/check_load.html) plugin
 tests the current system load average.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -759,7 +774,7 @@ load_percpu     | **Optional.** Divide the load averages by the number of CPUs (
 The [check_mailq](https://www.monitoring-plugins.org/doc/man/check_mailq.html) plugin
 checks the number of messages in the mail queue (supports multiple sendmail queues, qmail).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -776,7 +791,7 @@ mailq_sudo		| **Optional.** Use sudo to execute the mailq command.
 The [check_mysql](https://www.monitoring-plugins.org/doc/man/check_mysql.html) plugin
 tests connections to a MySQL server.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name			| Description
 ------------------------|---------------------------------------------------------------
@@ -809,7 +824,7 @@ The result from the query should be numeric. For extra security, create a user w
 **Note**: You must specify `mysql_query_password` with an empty string to force an empty password,
 overriding any my.cnf settings.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|---------------------------------------------------------------
@@ -831,7 +846,7 @@ The [negate](https://www.monitoring-plugins.org/doc/man/negate.html) plugin
 negates the status of a plugin (returns OK for CRITICAL and vice-versa).
 Additional switches can be used to control which state becomes what.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                  | Description
 ----------------------|---------------------------------------------------------------
@@ -847,11 +862,11 @@ negate_arguments      | **Optional.** Arguments for the negated command.
 
 ### nrpe <a id="plugin-check-command-nrpe"></a>
 
-The `check_nrpe` plugin can be used to query an [NRPE](https://docs.icinga.com/latest/en/nrpe.html)
+The `check_nrpe` plugin can be used to query an [NRPE](https://icinga.com/docs/icinga1/latest/en/nrpe.html)
 server or [NSClient++](https://www.nsclient.org). **Note**: This plugin
 is considered insecure/deprecated.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -872,7 +887,7 @@ nrpe_version_2	| **Optional.** Use this if you want to connect using NRPE v2 pro
 The [check_nt](https://www.monitoring-plugins.org/doc/man/check_nt.html) plugin
 collects data from the [NSClient++](https://www.nsclient.org) service.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -894,7 +909,7 @@ checks the clock offset between the local host and a remote NTP server.
 
 **Note**: If you want to monitor an NTP server, please use `ntp_peer`.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -916,7 +931,7 @@ checks the health of an NTP server. It supports checking the offset with the syn
 jitter and stratum. This plugin will not check the clock offset between the local host and NTP
  server; please use `ntp_time` for that purpose.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -944,7 +959,7 @@ If a query is specified using the `pgsql_query` attribute, it will be executed a
 connecting to the server. The result from the query has to be numeric in order
 to compare it against the query thresholds if set.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name			| Description
 ------------------------|---------------------------------------------------------------
@@ -970,7 +985,7 @@ round trip average (milliseconds).
 This command uses the host's `address` attribute if available and falls back to using
 the `address6` attribute if the `address` attribute is not set.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -992,7 +1007,7 @@ round trip average (milliseconds).
 This command uses the host's `address` attribute if not explicitly specified using
 the `ping_address` attribute.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1013,7 +1028,7 @@ round trip average (milliseconds).
 This command uses the host's `address6` attribute if not explicitly specified using
 the `ping_address` attribute.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1031,7 +1046,7 @@ ping_timeout    | **Optional.** The plugin timeout in seconds. Defaults to 0 (no
 The [check_pop](https://www.monitoring-plugins.org/doc/man/check_pop.html) plugin
 tests POP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                 | Description
 ---------------------|--------------
@@ -1063,7 +1078,7 @@ checks all processes and generates WARNING or CRITICAL states if the specified
 metric is outside the required threshold ranges. The metric defaults to number
 of processes. Search filters can be applied to limit the processes to check.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                 | Description
 ---------------------|--------------
@@ -1097,7 +1112,7 @@ typically be executed at regular predictable intervals. Please be sure that the
 password used does not allow access to sensitive system resources.
 
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name               | Description
 -------------------|--------------
@@ -1117,7 +1132,7 @@ radius_timeout     | **Optional.** The number of seconds before connection times
 The [check_rpc](https://www.monitoring-plugins.org/doc/man/check_rpc.html)
 plugin tests if a service is registered and running using `rpcinfo -H host -C rpc_command`.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name        | Description
 ---         | ---
@@ -1134,7 +1149,7 @@ rpc_verbose | **Optional.** Show verbose output. Defaults to false.
 The [check_simap](https://www.monitoring-plugins.org/doc/man/check_simap.html) plugin
 tests SIMAP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                   | Description
 -----------------------|--------------
@@ -1163,7 +1178,7 @@ simap_ipv6             | **Optional.** Use IPv6 connection. Defaults to false.
 The [check_ide_smart](https://www.monitoring-plugins.org/doc/man/check_ide_smart.html) plugin
 checks a local hard drive with the (Linux specific) SMART interface. Requires installation of `smartctl`.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1175,7 +1190,7 @@ smart_device    | **Required.** The name of a local hard drive to monitor.
 The [check_smtp](https://www.monitoring-plugins.org/doc/man/check_smtp.html) plugin
 will attempt to open an SMTP connection with the host.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                  | Description
 ----------------------|--------------
@@ -1206,7 +1221,7 @@ checks the status of remote machines and obtains system information via SNMP.
 
 **Note**: This plugin uses the `snmpget` command included with the NET-SNMP package.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                | Description
 --------------------|--------------
@@ -1238,7 +1253,7 @@ snmp_perf_oids      | **Optional.** Label performance data with OIDs instead of
 Check command object for the [check_snmp](https://www.monitoring-plugins.org/doc/man/check_snmp.html)
 plugin, using SNMPv3 authentication and encryption options.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                 | Description
 ---------------------|--------------
@@ -1247,6 +1262,7 @@ snmpv3_getnext       | **Optional.** Use SNMP GETNEXT instead of SNMP GET.
 snmpv3_seclevel      | **Optional.** The security level. Defaults to authPriv.
 snmpv3_auth_alg      | **Optional.** The authentication algorithm. Defaults to SHA.
 snmpv3_user          | **Required.** The username to log in with.
+snmpv3_context       | **Optional.** The SNMPv3 context.
 snmpv3_auth_key      | **Required,** The authentication key. Required if `snmpv3_seclevel` is set to `authPriv` otherwise optional.
 snmpv3_priv_key      | **Required.** The encryption key.
 snmpv3_oid           | **Required.** The SNMP OID.
@@ -1268,7 +1284,7 @@ snmpv3_timeout       | **Optional.** The command timeout in seconds. Defaults to
 Check command object for the [check_snmp](https://www.monitoring-plugins.org/doc/man/check_snmp.html)
 plugin, using the uptime OID by default.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1282,7 +1298,7 @@ snmp_community  | **Optional.** The SNMP community. Defaults to "public".
 The [check_spop](https://www.monitoring-plugins.org/doc/man/check_spop.html) plugin
 tests SPOP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                  | Description
 ----------------------|--------------
@@ -1312,7 +1328,7 @@ spop_ipv6             | **Optional.** Use IPv6 connection. Defaults to false.
 The [check_ssh](https://www.monitoring-plugins.org/doc/man/check_ssh.html) plugin
 connects to an SSH server at a specified host and port.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1328,7 +1344,7 @@ ssh_ipv6        | **Optional.** Use IPv6 connection. Defaults to false.
 Check command object for the [check_tcp](https://www.monitoring-plugins.org/doc/man/check_tcp.html) plugin,
 using ssl-related options.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                          | Description
 ------------------------------|--------------
@@ -1345,7 +1361,7 @@ ssl_sni                       | **Optional.** The `server_name` that is send to
 The [check_ssmtp](https://www.monitoring-plugins.org/doc/man/check_ssmtp.html) plugin
 tests SSMTP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                   | Description
 -----------------------|--------------
@@ -1375,7 +1391,7 @@ ssmtp_ipv6             | **Optional.** Use IPv6 connection. Defaults to false.
 The [check_swap](https://www.monitoring-plugins.org/doc/man/check_swap.html) plugin
 checks the swap space on a local machine.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1391,7 +1407,7 @@ swap_noswap     | **Optional.** Resulting state when there is no swap regardless
 The [check_tcp](https://www.monitoring-plugins.org/doc/man/check_tcp.html) plugin
 tests TCP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1422,7 +1438,7 @@ tcp_ipv6        | **Optional.** Use IPv6 connection. Defaults to false.
 The [check_udp](https://www.monitoring-plugins.org/doc/man/check_udp.html) plugin
 tests UDP connections with the specified host (or unix socket).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1441,7 +1457,7 @@ The [check_ups](https://www.monitoring-plugins.org/doc/man/check_ups.html) plugi
 tests the UPS service on the specified host. [Network UPS Tools](http://www.networkupstools.org)
  must be running for this plugin to work.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1461,7 +1477,7 @@ The [check_users](https://www.monitoring-plugins.org/doc/man/check_users.html) p
 checks the number of users currently logged in on the local system and generates an
 error if the number exceeds the thresholds specified.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1469,6 +1485,21 @@ users_wgreater  | **Optional.** The user count warning threshold. Defaults to 20
 users_cgreater  | **Optional.** The user count critical threshold. Defaults to 50.
 
 
+### uptime <a id="plugin-check-command-uptime"></a>
+
+The [check_uptime](https://www.monitoring-plugins.org/doc/man/check_uptime.html) plugin
+checks the uptime of the system using /proc/uptime.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name            | Description
+----------------|--------------
+uptime_warning  | **Required.** Min. number of uptime to generate warning (-w 30m). Defaults to 30m.
+uptime_critical | **Required.** Min. number of uptime to generate critical alert (-c 15m). Defaults to 15m.
+uptime_for      | **Optional.** Show uptime in a pretty format (Running for x weeks, x days, ...). Defaults to false.
+uptime_since    | **Optional.** Show last boot in yyyy-mm-dd HH:MM:SS format (output from 'uptime -s'). Defaults to false.
+
+
 
 ## Windows Plugins for Icinga 2 <a id="windows-plugins"></a>
 
@@ -1504,7 +1535,7 @@ The data collection is instant and free disk space (default, see `disk_win_show_
 > Percentage based thresholds can be used by adding a '%' to the threshold
 > value.
 
-Custom attributes:
+Custom variables:
 
 Name                  | Description
 :---------------------|:------------
@@ -1520,7 +1551,7 @@ disk\_win\_show\_used | **Optional**. Use used instead of free space.
 Check command object for the `check_load.exe` plugin.
 This plugin collects the inverse of the performance counter `\Processor(_Total)\% Idle Time` two times, with a wait time of one second between the collection. To change this wait time use [`perfmon-windows`](10-icinga-template-library.md#windows-plugins-load-windows).
 
-Custom attributes:
+Custom variables:
 
 Name            | Description
 :---------------|:------------
@@ -1539,13 +1570,14 @@ The memory collection is instant and free memory is used for threshold computati
 > value. Keep in mind that memory\_win\_unit is applied before the
 > value is calculated.
 
-Custom attributes:
+Custom variables:
 
 Name              | Description
 :-----------------|:------------
 memory\_win\_warn | **Optional**. The warning threshold. Defaults to "10%".
 memory\_win\_crit | **Optional**. The critical threshold. Defaults to "5%".
 memory\_win\_unit | **Optional**. The unit to display the received value in, thresholds are interpreted in this unit. Defaults to "mb" (megabyte), possible values are: b, kb, mb, gb and tb.
+memory\_win\_show\_used | **Optional**. Show used memory instead of the free memory.
 
 
 ### network-windows <a id="windows-plugins-network-windows"></a>
@@ -1553,7 +1585,7 @@ memory\_win\_unit | **Optional**. The unit to display the received value in, thr
 Check command object for the `check_network.exe` plugin.
 Collects the total Bytes inbound and outbound for all interfaces in one second, to itemise interfaces or use a different collection interval use [`perfmon-windows`](10-icinga-template-library.md#windows-plugins-load-windows).
 
-Custom attributes:
+Custom variables:
 
 Name                | Description
 :-------------------|:------------
@@ -1569,7 +1601,7 @@ This plugins allows to collect data from a Performance Counter. After the first
 
 To receive a list of possible Performance Counter Objects run `check_perfmon.exe --print-objects` and to view an objects instances and counters run `check_perfmon.exe --print-object-info -P "name of object"`
 
-Custom attributes:
+Custom variables:
 
 Name                  | Description
 :---------------------|:------------
@@ -1586,7 +1618,7 @@ perfmon\_win\_syntax  | **Optional**. Use this in the performance output instead
 Check command object for the `check_ping.exe` plugin.
 ping-windows should automatically detect whether `ping_win_address` is an IPv4 or IPv6 address. If not, use ping4-windows and ping6-windows. Also note that check\_ping.exe waits at least `ping_win_timeout` milliseconds between the pings.
 
-Custom attributes:
+Custom variables:
 
 Name               | Description
 :------------------|:------------
@@ -1602,7 +1634,7 @@ ping\_win\_timeout | **Optional**. The timeout in milliseconds. Default: 1000
 Check command object for `check_procs.exe` plugin.
 When using `procs_win_user` this plugins needs administrative privileges to access the processes of other users, to just enumerate them no additional privileges are required.
 
-Custom attributes:
+Custom variables:
 
 Name             | Description
 :----------------|:------------
@@ -1616,7 +1648,7 @@ procs\_win\_user | **Optional**. Count this users processes.
 Check command object for `check_service.exe` plugin.
 This checks thresholds work different since the binary decision whether a service is running or not does not allow for three states. As a default `check_service.exe` will return CRITICAL when `service_win_service` is not running, the `service_win_warn` flag changes this to WARNING.
 
-Custom attributes:
+Custom variables:
 
 Name                      | Description
 :-------------------------|:------------
@@ -1630,14 +1662,14 @@ service\_win\_service     | **Required**. Name of the service to check.
 Check command object for `check_swap.exe` plugin.
 The data collection is instant.
 
-Custom attributes:
-
-Name            | Description
-:---------------|:------------
-swap\_win\_warn | **Optional**. The warning threshold. Defaults to "10%".
-swap\_win\_crit | **Optional**. The critical threshold. Defaults to "5%".
-swap\_win\_unit | **Optional**. The unit to display the received value in, thresholds are interpreted in this unit. Defaults to "mb" (megabyte).
+Custom variables:
 
+Name             | Description
+:--------------- | :------------
+swap\_win\_warn  | **Optional**. The warning threshold. Defaults to "10%".
+swap\_win\_crit  | **Optional**. The critical threshold. Defaults to "5%".
+swap\_win\_unit  | **Optional**. The unit to display the received value in, thresholds are interpreted in this unit. Defaults to "mb" (megabyte).
+swap\_win\_show\_used | **Optional**. Show used swap instead of the free swap.
 
 ### update-windows <a id="windows-plugins-update-windows"></a>
 
@@ -1649,23 +1681,23 @@ Querying Microsoft for Windows updates can take multiple seconds to minutes. An
 > The Network Services Account which runs Icinga 2 by default does not have the required
 > permissions to run this check.
 
-Custom attributes:
+Custom variables:
 
 Name                | Description
 :-------------------|:------------
-update\_win\_warn   | **Optional**. If set, returns warning when important updates are available.
-update\_win\_crit   | **Optional**. If set, return critical when important updates that require a reboot are available.
+update\_win\_warn   | **Optional**. The warning threshold.
+update\_win\_crit   | **Optional**. The critical threshold.
 update\_win\_reboot | **Optional**. Set to treat 'may need update' as 'definitely needs update'. Please Note that this is true for almost every update and is therefore not recommended.
+ignore\_reboot      | **Optional**. Set to disable behavior of returning critical if any updates require a reboot.
 
 
-In contrast to most other plugins, the values of check_update's custom attributes do not set thresholds, but just enable/disable the behavior described in the table above.  
-It can be enabled/disabled for example by setting them to "true" or "false", "1" or "0" would also work.  
-Thresholds will always be "1".
+If a warning threshold is set but not a critical threshold, the critical threshold will be set to one greater than the set warning threshold.
+Unless the `ignore_reboot` flag is set, if any updates require a reboot the plugin will return critical.
 
 > **Note**
 >
-> If they are enabled, performance data will be shown in the web interface.  
-> If run without the optional parameters, the plugin will output critical if any important updates are available.  
+> If they are enabled, performance data will be shown in the web interface.
+> If run without the optional parameters, the plugin will output critical if any important updates are available.
 
 
 ### uptime-windows <a id="windows-plugins-uptime-windows"></a>
@@ -1673,7 +1705,7 @@ Thresholds will always be "1".
 Check command object for `check_uptime.exe` plugin.
 Uses GetTickCount64 to get the uptime, so boot time is not included.
 
-Custom attributes:
+Custom variables:
 
 Name              | Description
 :-----------------|:------------
@@ -1686,7 +1718,7 @@ uptime\_win\_unit | **Optional**. The unit to display the received value in, thr
 
 Check command object for `check_users.exe` plugin.
 
-Custom attributes:
+Custom variables:
 
 Name             | Description
 :----------------|:------------
@@ -1714,7 +1746,7 @@ are not recommended with using the legacy HTTP API.
 `check_nscp_api` is part of the Icinga 2 plugins. This plugin is available for
 both, Windows and Linux/Unix.
 
-Verify that the ITL CheckCommand is included in the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration file:
+Verify that the ITL CheckCommand is included in the [icinga2.conf](04-configuration.md#icinga2-conf) configuration file:
 
     vim /etc/icinga2/icinga2.conf
 
@@ -1733,7 +1765,7 @@ and integrate them into Icinga 2.
 
 The check plugin `check_nscp_api` can be integrated with the `nscp_api` CheckCommand object:
 
-Custom attributes:
+Custom variables:
 
 Name                   | Description
 :----------------------|:----------------------
@@ -1757,12 +1789,12 @@ check_cpu CRITICAL: critical(5m: 48%, 1m: 36%), 5s: 0% | 'total 5m'=48%;40;30 't
 Icinga 2 can use the `nscp client` command to run arbitrary NSClient++ checks locally on the client.
 
 You can enable these check commands by adding the following the include directive in your
-[icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration file:
+[icinga2.conf](04-configuration.md#icinga2-conf) configuration file:
 
     include <nscp>
 
 You can also optionally specify an alternative installation directory for NSClient++ by adding
-the NscpPath constant in your [constants.conf](04-configuring-icinga-2.md#constants-conf) configuration
+the NscpPath constant in your [constants.conf](04-configuration.md#constants-conf) configuration
 file:
 
     const NscpPath = "C:\\Program Files (x86)\\NSClient++"
@@ -1774,7 +1806,7 @@ Note that it is not necessary to run NSClient++ as a Windows service for these c
 
 The check command object for NSClient++ is available as `nscp-local`.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------
@@ -1822,19 +1854,19 @@ nscp_memory_showall   | **Optional.** Shows more details in plugin output, defau
 
 Check command object for the `check_os_version` NSClient++ plugin.
 
-This command has the same custom attributes like the `nscp-local` check command.
+This command has the same custom variables like the `nscp-local` check command.
 
 ### nscp-local-pagefile <a id="nscp-check-local-pagefile"></a>
 
 Check command object for the `check_pagefile` NSClient++ plugin.
 
-This command has the same custom attributes like the `nscp-local` check command.
+This command has the same custom variables like the `nscp-local` check command.
 
 ### nscp-local-process <a id="nscp-check-local-process"></a>
 
 Check command object for the `check_process` NSClient++ plugin.
 
-This command has the same custom attributes like the `nscp-local` check command.
+This command has the same custom variables like the `nscp-local` check command.
 
 ### nscp-local-service <a id="nscp-check-local-service"></a>
 
@@ -1857,13 +1889,13 @@ nscp_service_showall   | **Optional.** Shows more details in plugin output, defa
 
 Check command object for the `check_uptime` NSClient++ plugin.
 
-This command has the same custom attributes like the `nscp-local` check command.
+This command has the same custom variables like the `nscp-local` check command.
 
 ### nscp-local-version <a id="nscp-check-local-version"></a>
 
 Check command object for the `check_version` NSClient++ plugin.
 
-This command has the same custom attributes like the `nscp-local` check command.
+This command has the same custom variables like the `nscp-local` check command.
 In addition to that the default value for `nscp_modules` is set to `[ "CheckHelpers" ]`.
 
 ### nscp-local-disk <a id="nscp-check-local-disk"></a>
@@ -1872,7 +1904,8 @@ Check command object for the `check_drivesize` NSClient++ plugin.
 
 Name                   | Description
 -----------------------|------------------
-nscp_disk_drive        | **Optional.** Drive character, default to all drives.
+nscp_disk_drive        | **Optional.** Drive character, default to all drives. Can be an array if multiple drives should be monitored.
+nscp_disk_exclude      | **Optional.** Drive character, default to none. Can be an array of drive characters if multiple drives should be excluded.
 nscp_disk_free         | **Optional.** Switch between checking free space (free=true) or used space (free=false), default to false.
 nscp_disk_warning      | **Optional.** Threshold for WARNING in percent or absolute (use MB, GB, ...), default to 80 (used) or 20 percent (free).
 nscp_disk_critical     | **Optional.** Threshold for CRITICAL in percent or absolute (use MB, GB, ...), default to 90 (used) or 10 percent (free).
@@ -1893,6 +1926,25 @@ nscp_counter_arguments | **Optional.** Additional arguments.
 nscp_counter_showall   | **Optional.** Shows more details in plugin output, default to false.
 nscp_counter_perfsyntax | **Optional.** Apply performance data label, e.g. `Total Processor Time` to avoid special character problems. Defaults to `nscp_counter_name`.
 
+### nscp-local-tasksched <a id="nscp-check-local-tasksched"></a>
+
+Check Command object for the `check_tasksched` NSClient++ plugin.
+You can check for a single task or for a complete folder (and sub folders) of tasks.
+
+Name                   | Description
+-----------------------|------------------
+nscp_tasksched_name         | **Optional.** Name of the task to check.
+nscp_tasksched_folder       | **Optional.** The folder in which the tasks to check reside.
+nscp_tasksched_recursive    | **Optional.** Recurse sub folder, defaults to true.
+nscp_tasksched_hidden       | **Optional.** Look for hidden tasks, defaults to false.
+nscp_tasksched_warning      | **Optional.** Filter which marks items which generates a warning state, defaults to `exit_code != 0`.
+nscp_tasksched_critical     | **Optional.** Filter which marks items which generates a critical state, defaults to `exit_code < 0`.
+nscp_tasksched_emptystate   | **Optional.** Return status to use when nothing matched filter, defaults to warning.
+nscp_tasksched_perfsyntax   | **Optional.** Performance alias syntax., defaults to `%(title)`
+nscp_tasksched_detailsyntax | **Optional.** Detail level syntax, defaults to `%(folder)/%(title): %(exit_code) != 0`
+nscp_tasksched_arguments    | **Optional.** Additional arguments.
+nscp_tasksched_showall      | **Optional.** Shows more details in plugin output, default to false.
+nscp_modules                | **Optional.** An array of NSClient++ modules to load. Defaults to `[ "CheckTaskSched" ]`.
 
 
 ## Plugin Check Commands for Manubulon SNMP <a id="snmp-manubulon-plugin-check-commands"></a>
@@ -1907,7 +1959,7 @@ The SNMP manubulon plugin check commands assume that the global constant named `
 is set to the path where the Manubublon SNMP plugins are installed.
 
 You can enable these plugin check commands by adding the following the include directive in your
-[icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration file:
+[icinga2.conf](04-configuration.md#icinga2-conf) configuration file:
 
     include <manubulon>
 
@@ -1943,7 +1995,7 @@ You can enable these plugin check commands by adding the following the include d
 
 Check command object for the [check_snmp_env.pl](http://nagios.manubulon.com/snmp_env.html) plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 
 Name                    | Description
@@ -1970,7 +2022,7 @@ snmp_timeout            | **Optional.** The command timeout in seconds. Defaults
 
 Check command object for the [check_snmp_load.pl](http://nagios.manubulon.com/snmp_load.html) plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 
 Name                    | Description
@@ -1997,7 +2049,7 @@ snmp_timeout            | **Optional.** The command timeout in seconds. Defaults
 
 Check command object for the [check_snmp_mem.pl](http://nagios.manubulon.com/snmp_mem.html) plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -2026,7 +2078,7 @@ snmp_timeout            | **Optional.** The command timeout in seconds. Defaults
 
 Check command object for the [check_snmp_storage.pl](http://nagios.manubulon.com/snmp_storage.html) plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -2045,7 +2097,9 @@ snmp_privpass           | **Required.** SNMP version 3 priv password. No value d
 snmp_warn               | **Optional.** The warning threshold.
 snmp_crit               | **Optional.** The critical threshold.
 snmp_storage_name       | **Optional.** Storage name. Default to regex "^/$$". More options available in the [snmp storage](http://nagios.manubulon.com/snmp_storage.html) documentation.
+snmp_storage_type       | **Optional.** Filter by storage type. Valid options are Other, Ram, VirtualMemory, FixedDisk, RemovableDisk, FloppyDisk, CompactDisk, RamDisk, FlashMemory, or NetworkDisk. No value defined as default.
 snmp_perf               | **Optional.** Enable perfdata values. Defaults to true.
+snmp_exclude            | **Optional.** Select all storages except the one(s) selected by -m. No action on storage type selection.
 snmp_timeout            | **Optional.** The command timeout in seconds. Defaults to 5 seconds.
 snmp_storage_olength	| **Optional.** Max-size of the SNMP message, usefull in case of Too Long responses.
 
@@ -2053,7 +2107,7 @@ snmp_storage_olength	| **Optional.** Max-size of the SNMP message, usefull in ca
 
 Check command object for the [check_snmp_int.pl](http://nagios.manubulon.com/snmp_int.html) plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                        | Description
 ----------------------------|--------------
@@ -2094,7 +2148,7 @@ snmp_timeout                | **Optional.** The command timeout in seconds. Defa
 
 Check command object for the [check_snmp_process.pl](http://nagios.manubulon.com/snmp_process.html) plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                       | Description
 ---------------------------|--------------
@@ -2125,7 +2179,7 @@ snmp_process_cpu_threshold | **Optional.** Defines the warning and critical thre
 
 Check command object for the [check_snmp_win.pl](http://nagios.manubulon.com/snmp_windows.html) plugin.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                       | Description
 ---------------------------|--------------
@@ -2155,7 +2209,7 @@ contributed by community members.
 
 These check commands assume that the global constant named `PluginContribDir`
 is set to the path where the user installs custom plugins and can be enabled by
-uncommenting the corresponding line in [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf):
+uncommenting the corresponding line in [icinga2.conf](04-configuration.md#icinga2-conf):
 
 ```
 vim /etc/icinga2/icinga2.conf
@@ -2165,6 +2219,58 @@ include <plugin-contrib>
 
 This is enabled by default since Icinga 2 2.5.0.
 
+### Big Data <a id="plugin-contrib-big-data"></a>
+
+This category contains plugins for various Big Data systems.
+
+#### cloudera_service_status <a id="plugin-contrib-command-cloudera_service_status"></a>
+
+The [cloudera_service_status](https://github.com/miso231/icinga2-cloudera-plugin) plugin
+uses Cloudera Manager API to monitor cluster services
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                  | Description
+----------------------|-----------------------------------------------------------------
+cloudera_host         | **Required.** Hostname of cloudera server.
+cloudera_port         | **Optional.** Port where cloudera is listening. Defaults to 443.
+cloudera_user         | **Required.** The username for the API connection.
+cloudera_pass         | **Required.** The password for the API connection.
+cloudera_api_version  | **Required.** API version of cloudera.
+cloudera_cluster      | **Required.** The cluster name in cloudera manager.
+cloudera_service      | **Required.** Name of cluster service to be checked.
+cloudera_verify_ssl   | **Optional.** Verify SSL. Defaults to true.
+
+#### cloudera_hdfs_space <a id="plugin-contrib-command-cloudera_hdfs_space"></a>
+
+The [cloudera_hdfs_space](https://github.com/miso231/icinga2-cloudera-plugin) plugin
+connects to Hadoop Namenode and gets used capacity of selected disk
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                      | Description
+--------------------------|-----------------------------------------------------------------
+cloudera_hdfs_space_host  | **Required.** Namenode host to connect to.
+cloudera_hdfs_space_port  | **Optional.** Namenode port (default 50070).
+cloudera_hdfs_space_disk  | **Required.** HDFS disk to check.
+cloudera_hdfs_space_warn  | **Required.** Warning threshold in percent.
+cloudera_hdfs_space_crit  | **Required.** Critical threshold in percent.
+
+#### cloudera_hdfs_files <a id="plugin-contrib-command-cloudera_hdfs_files"></a>
+
+The [cloudera_hdfs_files](https://github.com/miso231/icinga2-cloudera-plugin) plugin
+connects to Hadoop Namenode and gets total number of files on HDFS
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                      | Description
+--------------------------|-----------------------------------------------------------------
+cloudera_hdfs_files_host  | **Required.** Namenode host to connect to.
+cloudera_hdfs_files_port  | **Optional.** Namenode port (default 50070).
+cloudera_hdfs_files_warn  | **Required.** Warning threshold.
+cloudera_hdfs_files_crit  | **Required.** Critical threshold.
+cloudera_hdfs_files_max   | **Required.** Max files count that causes problems (default 140,000,000).
+
 ### Databases <a id="plugin-contrib-databases"></a>
 
 This category contains plugins for various database servers.
@@ -2177,11 +2283,11 @@ database.
 
 The Git repository is located on [GitHub](https://github.com/lausser/check_db2_health).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|------------------------------------------------------------------------------------------------------------------------------
-db2_health_database           | **Required.** The name of the database. (If it was catalogued locally, this parameter is the only you need. Otherwise you must specify database, hostname and port)
+db2_health_database           | **Required.** The name of the database. (If it was catalogued locally, this parameter and `db2_health_not_catalogued = false` are the only you need. Otherwise you must specify database, hostname and port)
 db2_health_username           | **Optional.** The username for the database connection.
 db2_health_password           | **Optional.** The password for the database connection.
 db2_health_port               | **Optional.** The port where DB2 is listening.
@@ -2197,6 +2303,7 @@ db2_health_maxinactivity      | **Optional.** Used for the maximum amount of tim
 db2_health_mitigation         | **Optional.** Classifies the severity of an offline tablespace.
 db2_health_lookback           | **Optional.** How many days in the past db2_health check should look back to calculate exitcode.
 db2_health_report             | **Optional.** Report can be used to output only the bad news. Possible values are "short", "long", "html". Defaults to `short`.
+db2_health_not_catalogued     | **Optional.** Set this variable to false if you want to use a catalogued locally database. Defaults to `true`.
 db2_health_env_db2_home       | **Required.** Specifies the location of the db2 client libraries as environment variable `DB2_HOME`. Defaults to "/opt/ibm/db2/V10.5".
 db2_health_env_db2_version    | **Optional.** Specifies the DB2 version as environment variable `DB2_VERSION`.
 
@@ -2208,7 +2315,7 @@ uses the `DBD::Sybase` Perl library based on [FreeTDS](http://www.freetds.org/)
 
 The Git repository is located on [GitHub](https://github.com/lausser/check_mssql_health).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|------------------------------------------------------------------------------------------------------------------------------
@@ -2258,7 +2365,7 @@ uses the `DBD::MySQL` Perl library to monitor a
 
 The Git repository is located on [GitHub](https://github.com/lausser/check_mysql_health).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|------------------------------------------------------------------------------------------------------------------------------
@@ -2306,7 +2413,7 @@ uses the `DBD::Oracle` Perl library to monitor an [Oracle](https://www.oracle.co
 
 The Git repository is located on [GitHub](https://github.com/lausser/check_oracle_health).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|------------------------------------------------------------------------------------------------------------------------------
@@ -2331,9 +2438,9 @@ Environment Macros:
 
 Name                | Description
 --------------------|------------------------------------------------------------------------------------------------------------------------------------------
-ORACLE\_HOME         | **Required.** Specifies the location of the oracle instant client libraries. Defaults to "/usr/lib/oracle/11.2/client64/lib". Can be overridden by setting the custom attribute `oracle_home`.
-LD\_LIBRARY\_PATH    | **Required.** Specifies the location of the oracle instant client libraries for the run-time shared library loader. Defaults to "/usr/lib/oracle/11.2/client64/lib". Can be overridden by setting the custom attribute `oracle_ld_library_path`.
-TNS\_ADMIN           | **Required.** Specifies the location of the tnsnames.ora including the database connection strings. Defaults to "/etc/icinga2/plugin-configs". Can be overridden by setting the custom attribute `oracle_tns_admin`.
+ORACLE\_HOME         | **Required.** Specifies the location of the oracle instant client libraries. Defaults to "/usr/lib/oracle/11.2/client64/lib". Can be overridden by setting the custom variable `oracle_home`.
+LD\_LIBRARY\_PATH    | **Required.** Specifies the location of the oracle instant client libraries for the run-time shared library loader. Defaults to "/usr/lib/oracle/11.2/client64/lib". Can be overridden by setting the custom variable `oracle_ld_library_path`.
+TNS\_ADMIN           | **Required.** Specifies the location of the tnsnames.ora including the database connection strings. Defaults to "/etc/icinga2/plugin-configs". Can be overridden by setting the custom variable `oracle_tns_admin`.
 
 #### postgres <a id="plugin-contrib-command-postgres"></a>
 
@@ -2342,7 +2449,7 @@ uses the `psql` binary to monitor a [PostgreSQL](https://www.postgresql.org/abou
 
 The Git repository is located on [GitHub](https://github.com/bucardo/check_postgres).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|------------------------------------------------------------------------------------------------------------------------------
@@ -2372,7 +2479,7 @@ postgres_tempdir     | **Optional.** Specify directory for temporary files. The
 The [check_mongodb.py](https://github.com/mzupan/nagios-plugin-mongodb) plugin
 uses the `pymongo` Python library to monitor a [MongoDB](https://docs.mongodb.com/manual/) instance.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|------------------------------------------------------------------------------------------------------------------------------
@@ -2401,7 +2508,7 @@ mongodb_sampletime               | **Optional.** Time used to sample number of p
 The [check_elasticsearch](https://github.com/anchor/nagios-plugin-elasticsearch) plugin
 uses the HTTP API to monitor an [Elasticsearch](https://www.elastic.co/products/elasticsearch) node.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                         | Description
 -----------------------------|-------------------------------------------------------------------------------------------------------
@@ -2419,7 +2526,7 @@ uses the `Redis` Perl library to monitor a [Redis](https://redis.io/) instance.
 measure response time, hitrate, memory utilization, check replication synchronization, etc. It is
 also possible to test data in a specified key and calculate averages or summaries on ranges.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                     | Description
 -------------------------|--------------------------------------------------------------------------------------------------------------
@@ -2444,6 +2551,49 @@ redis_memory_utilization | **Optional.** This calculates percent of total memory
 redis_total_memory       | **Optional.** Amount of memory on a system for memory utilization calculation. Use system memory or max_memory setting of redis.
 redis_replication_delay  | **Optional.** Allows to set threshold on replication delay info.
 
+#### proxysql <a id="plugin-contrib-command-proxysql"></a>
+
+The [check_proxysql](https://github.com/sysown/proxysql-nagios) plugin,
+uses the `proxysql` binary to monitor [proxysql](https://proxysql.com/).
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                         | Description
+-----------------------------|----------------------------------------------------------------------------------
+proxysql_user                | **Optional.** ProxySQL admin username (default=admin)
+proxysql_password            | **Optional.** ProxySQL admin password (default=admin)
+proxysql_host                | **Optional.** ProxySQL hostname / IP (default=127.0.0.1)
+proxysql_port                | **Optional.** ProxySQL admin port (default=6032)
+proxysql_defaultfile         | **Optional.** ProxySQL defaults file
+proxysql_type                | **Required.** ProxySQL check type (one of conns,hg,rules,status,var)
+proxysql_name                | **Optional.** ProxySQL variable name to check
+proxysql_lower               | **Optional.** Alert if ProxySQL value are LOWER than defined WARN / CRIT thresholds (only applies to 'var' check type)
+proxysql_runtime             | **Optional.** Force ProxySQL Nagios check to query the runtime_mysql_XXX tables rather than the mysql_XXX tables
+proxysql_warning             | **Optional.** Warning threshold
+proxysql_critical            | **Optional.** Critical threshold
+proxysql\_include\_hostgroup | **Optional.** ProxySQL hostgroup(s) to include (only applies to '--type hg' checks, accepts comma-separated list)
+proxysql\_ignore\_hostgroup  | **Optional.** ProxySQL hostgroup(s) to ignore (only applies to '--type hg' checks, accepts comma-separated list)
+
+#### memcached <a id="plugin-contrib-command-memcached"></a>
+
+The [check_memcached](https://packages.debian.org/stretch/nagios-plugins-contrib) plugin
+is provided by the `nagios-plugin-contrib` package on Debian/Ubuntu.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                            | Description
+--------------------------------|----------------------------------------------------------------------------------
+memcached_hostname              | **Required.** Hostname or IP address (required) optional ':port' overrides -p
+memcached_port                  | **Optional.** Port number (default: 11211)
+memcached_verbose               | **Optional.** verbose messages
+memcached_keep                  | **Optional.** Keep up to this many items in the history object in memcached (default: 30)
+memcached_minimum_stat_interval | **Optional.** Minimum time interval (in minutes) to use to analyse stats. (default: 30)
+memcached_warning_hits_misses   | **Optional.** Generate warning if quotient of hits/misses falls below this value (default: 2.0)
+memcached_warning_evictions     | **Optional.** Generate warning if number of evictions exceeds this threshold. 0=disable. (default: 10)
+memcached_timeout               | **Optional.** timeout in seconds (default: 1.0)
+memcached_key                   | **Optional.** key name for history object (default: check_memcached)
+memcached_expiry                | **Optional.** expiry time in seconds for history object (default: 7200)
+memcached_performance_output    | **Optional.** output performance statistics as rate-per-minute figures (better suited to pnp4nagios)
 
 ### Hardware <a id="plugin-contrib-hardware"></a>
 
@@ -2461,13 +2611,13 @@ The plugin can run in two different ways:
 1. Local execution using the `hpasmcli` command line tool.
 2. Remote SNMP query which invokes the HP Insight Tools on the remote node.
 
-You can either set or omit `hpasm_hostname` custom attribute and select the corresponding node.
+You can either set or omit `hpasm_hostname` custom variable and select the corresponding node.
 
 The `hpasm_remote` attribute enables the plugin to execute remote SNMP queries if set to `true`.
 For compatibility reasons this attribute uses `true` as default value, and ensures that
 specifying the `hpasm_hostname` always enables remote checks.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    	| Description
 --------------------------------|-----------------------------------------------------------------------
@@ -2501,7 +2651,7 @@ check_by_ssh or similar, whichever suits your needs and particular taste.
 The plugin checks the health of the storage subsystem, power supplies, memory modules,
 temperature probes etc., and gives an alert if any of the components are faulty or operate outside normal parameters.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    	| Description
 --------------------------------|-----------------------------------------------------------------------
@@ -2531,12 +2681,53 @@ openmanage_timeout		| **Optional.** Plugin timeout in seconds [default=30]
 openmanage_vdisk_critical	| **Optional.** Make any alerts on virtual disks critical
 openmanage_warning		| **Optional.** Custom temperature warning limits
 
+#### lmsensors <a id="plugin-contrib-command-lmsensors"></a>
+
+The [check_lmsensors](https://github.com/jackbenny/check_temp) plugin,
+uses the `lm-sensors` binary to monitor temperature sensors.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                    | Description
+------------------------|----------------------------------------------------------------------------------
+lmsensors_warning       | **Required.** Exit with WARNING status if above INTEGER degrees
+lmsensors_critical      | **Required.** Exit with CRITICAL status if above INTEGER degrees
+lmsensors_sensor        | **Optional.** Set what to monitor, for example CPU or MB (or M/B). Check sensors for the correct word. Default is CPU.
+
+#### hddtemp <a id="plugin-contrib-command-hddtemp"></a>
+
+The [check_hddtemp](https://github.com/vint21h/nagios-check-hddtemp) plugin,
+uses the `hddtemp` binary to monitor hard drive temperature.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                    | Description
+------------------------|----------------------------------------------------------------------------------
+hddtemp_server          | **Required.** server name or address
+hddtemp_port            | **Optional.** port number
+hddtemp_devices         | **Optional.** comma separated devices list, or empty for all devices in hddtemp response
+hddtemp_separator       | **Optional.** hddtemp separator
+hddtemp_warning         | **Required.** warning temperature
+hddtemp_critical        | **Required.** critical temperature
+hddtemp_timeout         | **Optional.** receiving data from hddtemp operation network timeout
+hddtemp_performance     | **Optional.** If set, return performance data
+hddtemp_quiet           | **Optional.** If set, be quiet
+
+The following sane default value are specified:
+```
+vars.hddtemp_server = "127.0.0.1"
+vars.hddtemp_warning = 55
+vars.hddtemp_critical = 60
+vars.hddtemp_performance = true
+vars.hddtemp_timeout = 5
+```
+
 #### adaptec-raid <a id="plugin-contrib-command-adaptec-raid"></a>
 
 The [check_adaptec_raid](https://github.com/thomas-krenn/check_adaptec_raid) plugin
 uses the `arcconf` binary to monitor Adaptec RAID controllers.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                            | Description
 --------------------------------|-----------------------------------------------------------------------
@@ -2548,19 +2739,40 @@ arcconf_path                    | **Required.** Path to the `arcconf` binary, e.
 The [check_lsi_raid](https://github.com/thomas-krenn/check_lsi_raid) plugin
 uses the `storcli` binary to monitor MegaRAID RAID controllers.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                            | Description
 --------------------------------|-----------------------------------------------------------------------
-lsi_controller_number           | **Required.** Controller number to monitor.
-storcli_path                    | **Required.** Path to the `storcli` binary, e.g. "/usr/sbin/storcli".
+lsi_controller_number           | **Optional.** Controller number to monitor.
+storcli_path                    | **Optional.** Path to the `storcli` binary, e.g. "/usr/sbin/storcli".
+lsi_enclosure_id                | **Optional.** Enclosure numbers to be checked, comma-separated.
+lsi_ld_id                       | **Optional.** Logical devices to be checked, comma-separated.
+lsi_pd_id                       | **Optional.** Physical devices to be checked, comma-separated.
+lsi_temp_warning                | **Optional.** RAID controller warning temperature.
+lsi_temp_critical               | **Optional.** RAID controller critical temperature.
+lsi_pd_temp_warning             | **Optional.** Disk warning temperature.
+lsi_pd_temp_critical            | **Optional.** Disk critical temperature.
+lsi_bbu_temp_warning            | **Optional.** Battery warning temperature.
+lsi_bbu_temp_critical           | **Optional.** Battery critical temperature.
+lsi_cv_temp_warning             | **Optional.** CacheVault warning temperature.
+lsi_cv_temp_critical            | **Optional.** CacheVault critical temperature.
+lsi_ignored_media_errors        | **Optional.** Warning threshold for media errors.
+lsi_ignored_other_errors        | **Optional.** Warning threshold for other errors.
+lsi_ignored_predictive_fails    | **Optional.** Warning threshold for predictive failures.
+lsi_ignored_shield_counters     | **Optional.** Warning threshold for shield counter.
+lsi_ignored_bbm_counters        | **Optional.** Warning threshold for BBM counter.
+lsi_bbu                         | **Optional.** Define if BBU is present and it's state should be checked.
+lsi_noenclosures                | **Optional.** If set to true, does not check enclosures.
+lsi_nosudo                      | **Optional.** If set to true, does not use sudo when running storcli.
+lsi_nocleanlogs                 | **Optional.** If set to true, does not clean up the log files after executing storcli checks.
+
 
 #### smart-attributes <a id="plugin-contrib-command-smart-attributes"></a>
 
 The [check_smart_attributes](https://github.com/thomas-krenn/check_smart_attributes) plugin
 uses the `smartctl` binary to monitor SMART values of SSDs and HDDs.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                            | Description
 --------------------------------|-----------------------------------------------------------------------
@@ -2579,7 +2791,7 @@ The user running Icinga 2 needs sufficient permissions to read the Icinga Web 2
 This subcommand is provided by the [business process module](https://exchange.icinga.com/icinga/Business+Process)
 and executed as `icingacli businessprocess` CLI command.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    	          | Description
 ------------------------------------------|-----------------------------------------------------------------------------------------
@@ -2592,13 +2804,46 @@ icingacli_businessprocess_statetype       | **Optional.** Define which state typ
 
 This subcommand is provided by the [director module](https://github.com/Icinga/icingaweb2-module-director) > 1.4.2 and executed as `icingacli director health check`. Please refer to the [documentation](https://github.com/Icinga/icingaweb2-module-director/blob/master/doc/60-CLI.md#health-check-plugin) for all available sub-checks.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                                      | Description
 ------------------------------------------|-----------------------------------------------------------------------------------------
 icingacli_director_check                  | **Optional.** Run only a specific test suite.
 icingacli_director_db                     | **Optional.** Use a specific Icinga Web DB resource.
 
+#### Elasticsearch <a id="plugin-contrib-icingacli-elasticsearch"></a>
+
+This subcommand is provided by the [elasticsearch_module](https://github.com/Icinga/icingaweb2-module-elasticsearch) and executed as `icingacli elasticsearch check`.
+
+* The value of `icingacli_elasticsearch_instance` is the same like in the configuration of the module.
+* The value of `icingacli_elasticsearch_filter` are filters for events in Icinga Web 2 syntax. e.g. `"beat.hostname=www.example.com" AND severity=critical`
+* The thresholds are just numerical values. They get checked against how many events match the filter within the given timeframe.
+* The value of `icingacli_elasticsearch_index` is an index pattern. e.g. `logstash*`
+
+Name                                      | Description
+------------------------------------------|-----------------------------------------------------------------------------------------
+icingacli_elasticsearch_instance          | **Required.** The Elasticsearch to connect to
+icingacli_elasticsearch_index             | **Required.** Index pattern to use when searching
+icingacli_elasticsearch_critical          | **Required.** Critical threshold
+icingacli_elasticsearch_warning           | **Required.** Warning threshold
+icingacli_elasticsearch_filter            | **Required.** Filter for events
+icingacli_elasticsearch_from              | **Optional.** Negative value of time to search from now (Default: -5m)
+
+#### x509 <a id="plugin-contrib-icingacli-x509"></a>
+
+This subcommand is provided by the [x509 module](https://github.com/Icinga/icingaweb2-module-x509) and executed as `icingacli x509 check host`. Please refer to the [documentation](https://github.com/Icinga/icingaweb2-module-x509/blob/master/doc/10-Monitoring.md#host-check-command) for more information.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                                      | Description
+------------------------------------------|-----------------------------------------------------------------------------------------
+icingacli_x509_ip                         | **Required.** A hosts IP address [or]
+icingacli_x509_host                       | **Required.** A hosts name
+icingacli_x509_port                       | **Optional.** The port to check in particular
+icingacli_x509_warning                    | **Optional.** Less remaining time results in state WARNING (Default: 25%)
+icingacli_x509_critical                   | **Optional.** Less remaining time results in state CRITICAL (Default: 10%)
+icingacli_x509_allow_self_signed          | **Optional.** Ignore if a certificate or its issuer has been self-signed (Default: false)
+
 ### IPMI Devices <a id="plugin-contrib-ipmi"></a>
 
 This category includes all plugins for IPMI devices.
@@ -2610,7 +2855,7 @@ uses the `ipmimonitoring` binary to monitor sensor data for IPMI devices. Please
 read the [documentation](https://www.thomas-krenn.com/en/wiki/IPMI_Sensor_Monitoring_Plugin)
 for installation and configuration details.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|-----------------------------------------------------------------------------------------------------
@@ -2633,12 +2878,13 @@ ipmi_no_sel_checking             | **Optional.** Turn off system event log check
 ipmi_no_thresholds               | **Optional.** Turn off performance data thresholds from output-sensor-thresholds.
 ipmi_verbose                     | **Optional.** Be Verbose multi line output, also with additional details for warnings.
 ipmi_debug                       | **Optional.** Be Verbose debugging output, followed by normal multi line output.
+ipmi_unify_file                  | **Optional.** Path to the unify file to unify sensor names.
 
 #### ipmi-alive <a id="plugin-contrib-command-ipmi-alive"></a>
 
 The `ipmi-alive` check commands allows you to create a ping check for the IPMI Interface.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                             | Description
 ---------------------------------|-----------------------------------------------------------------------------------------------------
@@ -2676,6 +2922,38 @@ logstash_inflight_crit     | **Optional.** Critical threshold of inflight events
 logstash_cpu_warn          | **Optional.** Warning threshold for cpu usage in percent.
 logstash_cpu_crit          | **Optional.** Critical threshold for cpu usage in percent.
 
+#### logfiles <a id="plugins-contrib-command-logfiles"></a>
+
+The [logfiles](https://labs.consol.de/nagios/check_logfiles/) plugin finds
+specified patterns in log files.
+
+Name                        | Description
+----------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+logfiles_tag                | **Optional.** A short unique descriptor for this search. It will appear in the output of the plugin and is used to separare the different services.
+logfiles_logfile            | **Optional.** This is the name of the log file you want to scan.
+logfiles_rotation           | **Optional.** This is the method how log files are rotated. One of the predefined methods or a regular expression, which helps identify the rotated archives. If this key is missing, check_logfiles assumes that the log file will be simply overwritten instead of rotated.
+logfiles_critical_pattern   | **Optional.** A regular expression which will trigger a critical error.
+logfiles_warning_pattern    | **Optional.** A regular expression which will trigger a warning error.
+logfiles_critical_exception | **Optional.** A regular expression, the exceptions which are not counted as critical errors.
+logfiles_warning_exception  | **Optional.** A regular expression, the exceptions which are not counted as warning errors.
+logfiles_ok_pattern         | **Optional.** A regular expression which resets the error counters.
+logfiles_no_protocol        | **Optional.** Normally all the matched lines are written into a protocol file with this file’s name appearing in the plugin’s output. This option switches this off.
+logfiles_syslog_server      | **Optional.** With this option you limit the pattern matching to lines originating from the host check_logfiles is running on.
+logfiles_syslog_client      | **Optional.** With this option you limit the pattern matching to lines originating from the host named in this option.
+logfiles_sticky             | **Optional.** Errors are propagated through successive runs.
+logfiles_unstick            | **Optional.** Resets sticky errors.
+logfiles_config             | **Optional.** The name of a configuration file.
+logfiles_configdir          | **Optional.** The name of a configuration directory. Configfiles ending in .cfg or .conf are (recursively) imported.
+logfiles_searches           | **Optional.** A list of tags of those searches which are to be run. Using this parameter, not all searches listed in the config file are run, but only those selected.
+logfiles_selectedsearches   | **Optional.** A list of tags of those searches which are to be run. Using this parameter, not all searches listed in the config file are run, but only those selected.
+logfiles_report             | **Optional.** This option turns on multiline output (Default: off). The setting html generates a table which display the last hits in the service details view. Possible values are: short, long, html or off.
+logfiles_max_length         | **Optional.** With this parameter long lines are truncated (Default: off). Some programs (e.g. TrueScan) generate entries in the eventlog of such a length, that the output of the plugin becomes longer than 1024 characters. NSClient++ discards these.
+logfiles_winwarncrit        | **Optional.** With this parameter messages in the eventlog are classified by the type WARNING/ERROR (Default: off). Replaces or complements warning/criticalpattern.
+logfiles_run_unique         | **Optional.** This parameter prevents check_logfiles from starting when there’s already another instance using the same config file. (exits with UNKNOWN).
+logfiles_timeout            | **Optional.** This parameter causes an abort of a running search after a defined number of seconds. It is an aborted in a controlled manner, so that the lines which have been read so far, are used for the computation of the final result.
+logfiles_warning            | **Optional.** Complex handler-scripts can be provided with a warning-parameter this way. Inside the scripts the value is accessible as the macro CL_WARNING.
+logfiles_critical           | **Optional.** Complex handler-scripts can be provided with a critical-parameter this way. Inside the scripts the value is accessible as the macro CL_CRITICAL.
+
 
 ### Metrics <a id="plugin-contrib-metrics"></a>
 
@@ -2686,7 +2964,7 @@ This category includes all plugins for metric-based checks.
 The [check_graphite](https://github.com/obfuscurity/nagios-scripts) plugin
 uses the `rest-client` Ruby library to monitor a [Graphite](https://graphiteapp.org) instance.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                                | Description
 ------------------------------------|-----------------------------------------------------------------------------------------------------
@@ -2713,7 +2991,7 @@ generates a html page containing information about the monitored node and all of
 
 The Git repository is located on [GitHub](https://github.com/Tontonitch/interfacetable_v3t).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                                | Description
 ------------------------------------|-----------------------------------------------------------------------------------------------------
@@ -2784,12 +3062,13 @@ interfacetable_notype               | **Optional.** Remove the interface type fo
 The [check_iftraffic](https://exchange.icinga.com/exchange/iftraffic) plugin
 checks the utilization of a given interface name using the SNMP protocol.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|---------------------------------------------------------
 iftraffic_address	| **Required.** Specifies the remote host. Defaults to "$address$".
 iftraffic_community	| **Optional.** SNMP community. Defaults to "public'" if omitted.
+iftraffic_version	| **Optional.** SNMP version to use. Defaults to "1" if omitted. Requires v1.0.2+.
 iftraffic_interface	| **Required.** Queried interface name.
 iftraffic_bandwidth	| **Required.** Interface maximum speed in kilo/mega/giga/bits per second.
 iftraffic_units		| **Optional.** Interface units can be one of these values: `g` (gigabits/s),`m` (megabits/s), `k` (kilobits/s),`b` (bits/s)
@@ -2799,10 +3078,10 @@ iftraffic_max_counter	| **Optional.** Maximum counter value of net devices in ki
 
 #### iftraffic64 <a id="plugin-contrib-command-iftraffic64"></a>
 
-The [check_iftraffic64](https://exchange.icinga.com/exchange/iftraffic64) plugin
+The [check_iftraffic64](https://exchange.icinga.com/exchange/check_iftraffic64) plugin
 checks the utilization of a given interface name using the SNMP protocol.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|---------------------------------------------------------
@@ -2820,7 +3099,7 @@ iftraffic64_max_counter	| **Optional.** Maximum counter value of net devices in
 The [check_interfaces](https://git.netways.org/plugins/check_interfaces) plugin
 uses SNMP to monitor network interfaces and their utilization.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                      | Description
 --------------------------|---------------------------------------------------------
@@ -2862,7 +3141,7 @@ Brocade ICX6610-24-HPOE, Cisco UC Telefonzeugs, FOUNDRY-SN-AGENT-MIB, FRITZ!BOX
 Juniper IVE, Pulse-Gateway MAG4610, Cisco IronPort AsyncOS, Foundry, etc. A complete list can be
 found in the plugin [documentation](https://labs.consol.de/nagios/check_nwc_health/index.html).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                      	| Description
 --------------------------------|---------------------------------------------------------
@@ -2881,6 +3160,7 @@ nwc_health_privpassword   	| **Optional.** The password for authPriv security le
 nwc_health_privprotocol		| **Optional.** The private protocol for SNMPv3 (des\|aes\|aes128\|3des\|3desde).
 nwc_health_contextengineid	| **Optional.** The context engine id for SNMPv3 (10 to 64 hex characters).
 nwc_health_contextname		| **Optional.** The context name for SNMPv3 (empty represents the default context).
+nwc_health_community2		| **Optional.** SNMP community which can be used to switch the context during runtime.
 nwc_health_name			| **Optional.** The name of an interface (ifDescr).
 nwc_health_drecksptkdb		| **Optional.** This parameter must be used instead of --name, because Devel::ptkdb is stealing the latter from the command line.
 nwc_health_alias		| **Optional.** The alias name of a 64bit-interface (ifAlias)
@@ -2890,6 +3170,7 @@ nwc_health_ifspeedout		| **Optional.** Override the ifspeed oid of an interface
 nwc_health_ifspeed		| **Optional.** Override the ifspeed oid of an interface
 nwc_health_units		| **Optional.** One of %, B, KB, MB, GB, Bit, KBi, MBi, GBi. (used for e.g. mode interface-usage)
 nwc_health_name2		| **Optional.** The secondary name of a component.
+nwc_health_name3		| **Optional.** The tertiary name of a component.
 nwc_health_role			| **Optional.** The role of this device in a hsrp group (active/standby/listen).
 nwc_health_report		| **Optional.** Can be used to shorten the output. Possible values are: 'long' (default), 'short' (to shorten if available), or 'html' (to produce some html outputs if available)
 nwc_health_lookback		| **Optional.** The amount of time you want to look back when calculating average rates. Use it for mode interface-errors or interface-usage. Without --lookback the time between two runs of check_nwc_health is the base for calculations. If you want your checkresult to be based for example on the past hour, use --lookback 3600.
@@ -2908,6 +3189,103 @@ nwc_health_oids			| **Optional.** A list of oids which are downloaded and writte
 nwc_health_offline		| **Optional.** The maximum number of seconds since the last update of cache file before it is considered too old.
 nwc_health_multiline		| **Optional.** Multiline output
 
+#### printer_health <a id="plugin-contrib-command-printer_health"></a>
+
+The [check_printer_health](https://labs.consol.de/nagios/check_printer_health/index.html) plugin
+uses SNMP to monitor printer. The plugin is able to generate supply statistics and check hardware.
+A complete list can be found in the plugin [documentation](https://labs.consol.de/nagios/check_printer_health/index.html).
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name				| Description
+--------------------------------|---------------------------------------------------------
+printer_health_hostname		| **Required.** The host's address. Defaults to "$address$" if the host's `address` attribute is set, "$address6$" otherwise.
+printer_health_mode		| **Required.** The plugin mode. A list of all available modes can be found in the [plugin documentation](https://labs.consol.de/nagios/check_printer_health/index.html).
+printer_health_timeout		| **Optional.** Seconds before plugin times out (default: 15)
+printer_health_blacklist	| **Optional.** Blacklist some (missing/failed) components.
+printer_health_port		| **Optional.** The SNMP port to use (default: 161).
+printer_health_domain	  	| **Optional.** The transport domain to use (default: udp/ipv4, other possible values: udp6, udp/ipv6, tcp, tcp4, tcp/ipv4, tcp6, tcp/ipv6).
+printer_health_protocol		| **Optional.** The SNMP protocol to use (default: 2c, other possibilities: 1,3).
+printer_health_community	| **Optional.** SNMP community of the server (SNMP v1/2 only).
+printer_health_username	  	| **Optional.** The securityName for the USM security model (SNMPv3 only).
+printer_health_authpassword	| **Optional.** The authentication password for SNMPv3.
+printer_health_authprotocol	| **Optional.** The authentication protocol for SNMPv3 (md5\|sha).
+printer_health_privpassword   	| **Optional.** The password for authPriv security level.
+printer_health_privprotocol	| **Optional.** The private protocol for SNMPv3 (des\|aes\|aes128\|3des\|3desde).
+printer_health_contextengineid	| **Optional.** The context engine id for SNMPv3 (10 to 64 hex characters).
+printer_health_contextname	| **Optional.** The context name for SNMPv3 (empty represents the default context).
+printer_health_community2	| **Optional.** SNMP community which can be used to switch the context during runtime.
+printer_health_name		| **Optional.** The name of an interface (ifDescr).
+printer_health_regexp		| **Optional.** A flag indicating that --name is a regular expression
+printer_health_ifspeedin	| **Optional.** Override the ifspeed oid of an interface (only inbound)
+printer_health_ifspeedout	| **Optional.** Override the ifspeed oid of an interface (only outbound)
+printer_health_ifspeed		| **Optional.** Override the ifspeed oid of an interface
+printer_health_units		| **Optional.** One of %, B, KB, MB, GB, Bit, KBi, MBi, GBi. (used for e.g. mode interface-usage)
+printer_health_name2		| **Optional.** The secondary name of a component.
+printer_health_name3		| **Optional.** The teritary name of a component.
+printer_health_role		| **Optional.** The role of this device in a hsrp group (active/standby/listen).
+printer_health_report		| **Optional.** Can be used to shorten the output. Possible values are: 'long' (default), 'short' (to shorten if available), or 'html' (to produce some html outputs if available)
+printer_health_lookback		| **Optional.** The amount of time you want to look back when calculating average rates. Use it for mode interface-errors or interface-usage. Without --lookback the time between two runs of `check_printer_health` is the base for calculations. If you want your checkresult to be based for example on the past hour, use --lookback 3600.
+printer_health_warning		| **Optional.** The warning threshold
+printer_health_critical		| **Optional.** The critical threshold
+printer_health_warningx		| **Optional.** The extended warning thresholds
+printer_health_criticalx	| **Optional.** The extended critical thresholds
+printer_health_mitigation	| **Optional.** The parameter allows you to change a critical error to a warning (1) or ok (0).
+printer_health_selectedperfdata	| **Optional.** The parameter allows you to limit the list of performance data. It's a perl regexp. Only matching perfdata show up in the output.
+printer_health_morphperfdata	| **Optional.** The parameter allows you to change performance data labels. It's a perl regexp and a substitution. --morphperfdata '(.*)ISATAP(.*)'='$1patasi$2'
+printer_health_negate		| **Optional.** The parameter allows you to map exit levels, such as warning=critical.
+printer_health_mymodules-dyn-dir | **Optional.** A directory where own extensions can be found.
+printer_health_servertype	| **Optional.** The type of the network device: cisco (default). Use it if auto-detection is not possible.
+printer_health_statefilesdir	| **Optional.** An alternate directory where the plugin can save files.
+printer_health_oids		| **Optional.** A list of oids which are downloaded and written to a cache file. Use it together with --mode oidcache.
+printer_health_offline		| **Optional.** The maximum number of seconds since the last update of cache file before it is considered too old.
+printer_health_multiline	| **Optional.** Multiline output
+
+
+### Network Services <a id="plugin-contrib-network-services"></a>
+
+This category contains plugins which receive details about network services
+
+#### lsyncd <a id="plugin-contrib-command-lsyncd"></a>
+
+The [check_lsyncd](https://github.com/ohitz/check_lsyncd) plugin,
+uses the `lsyncd` status file to monitor [lsyncd](https://axkibe.github.io/lsyncd/).
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                    | Description
+------------------------|---------------------------------------------------------------------------
+lsyncd_statfile         | **Optional.** Set status file path (default: /var/run/lsyncd.status).
+lsyncd_warning          | **Optional.** Warning if more than N delays (default: 10).
+lsyncd_critical         | **Optional.** Critical if more then N delays (default: 100).
+
+#### fail2ban <a id="plugin-contrib-command-fail2ban"></a>
+
+The [check_fail2ban](https://github.com/fail2ban/fail2ban/tree/master/files/nagios) plugin
+uses the `fail2ban-client` binary to monitor [fail2ban](http://www.fail2ban.org) jails.
+
+The plugin requires `sudo` permissions.
+You can add a sudoers file to allow your monitoring user to use the plugin, i.e. edit /etc/sudoers.d/icinga and add:
+```
+icinga ALL=(root) NOPASSWD:/usr/lib/nagios/plugins/check_fail2ban
+```
+
+and set the correct permissions:
+```bash
+chown -c root: /etc/sudoers.d/icinga
+chmod -c 0440 /etc/sudoers.d/icinga
+```
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                    | Description
+------------------------|---------------------------------------------------------------------------
+fail2ban_display        | **Optional.** To modify the output display, default is 'CHECK FAIL2BAN ACTIVITY'
+fail2ban_path           | **Optional.** Specify the path to the tw_cli binary, default value is /usr/bin/fail2ban-client
+fail2ban_warning        | **Optional.** Specify a warning threshold, default is 1
+fail2ban_critical       | **Optional.** Specify a critical threshold, default is 2
+fail2ban_socket         | **Optional.** Specify a socket path, default is unset
+fail2ban_perfdata       | **Optional.** If set to true, activate the perfdata output, default value for the plugin is set to true.
 
 ### Operating System <a id="plugin-contrib-operating-system"></a>
 
@@ -2920,7 +3298,7 @@ The [check_mem.pl](https://github.com/justintime/nagios-plugins) plugin checks t
 memory usage on linux and unix hosts. It is able to count cache memory as free when
 compared to thresholds. More details can be found on [this blog entry](http://sysadminsjourney.com/content/2009/06/04/new-and-improved-checkmempl-nagios-plugin).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name         | Description
 -------------|-----------------------------------------------------------------------------------------------------------------------
@@ -2930,12 +3308,25 @@ mem_cache    | **Optional.** If set to true, plugin will count cache as free mem
 mem_warning  | **Required.** Specify the warning threshold as number interpreted as percent.
 mem_critical | **Required.** Specify the critical threshold as number interpreted as percent.
 
+#### sar-perf <a id="plugin-contrib-command-sar-perf"></a>
+
+The [check_sar_perf.py](https://github.com/dnsmichi/check-sar-perf)
+plugin collects performance metrics from Linux hosts using the `sar` binary available in the `sysstat` package.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name             | Description
+-----------------|-----------------------------------------------------------------------------------------------------------------------
+sar_perf_profile | **Required.** Define the run profile: `pagestat`, `cpu`, `memory_util`, `memory_stat`, `io_transfer`, `queueln_load`, `swap_util`, `swap_stat`, `task`, `kernel`, `disk <disk>`. Can be a string or an array of multiple profiles.
+sar_perf_disk    | **Optional.** Disk name for the 'disk' profile.
+
+
 #### running_kernel <a id="plugin-contrib-command-running_kernel"></a>
 
 The [check_running_kernel](https://packages.debian.org/stretch/nagios-plugins-contrib) plugin
 is provided by the `nagios-plugin-contrib` package on Debian/Ubuntu.
 
-Custom attributes:
+Custom variables:
 
 Name                       | Description
 ---------------------------|-------------
@@ -2947,7 +3338,7 @@ The [check_iostats](https://github.com/dnsmichi/icinga-plugins/blob/master/scrip
 uses the `iostat` binary to monitor I/O on a Linux host. The default thresholds are rather high
 so you can use a grapher for baselining before setting your own.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name           | Description
 ---------------|-----------------------------------------------------------------------------------------------------------------------
@@ -2967,7 +3358,7 @@ The [check_iostat](https://github.com/dnsmichi/icinga-plugins/blob/master/script
 uses the `iostat` binary to monitor disk I/O on a Linux host. The default thresholds are rather high
 so you can use a grapher for baselining before setting your own.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name           | Description
 ---------------|-----------------------------------------------------------------------------------------------------------------------
@@ -2985,7 +3376,7 @@ The [check_yum](https://github.com/calestyo/check_yum) plugin checks the YUM pac
 management system for package updates.
 The plugin requires the `yum-plugin-security` package to differentiate between security and normal updates.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
@@ -3009,7 +3400,7 @@ The [glusterfs](https://www.unixadm.org/software/nagios-stuff/checks/check_glust
 is used to check the GlusterFS storage health on the server.
 The plugin requires `sudo` permissions.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                       | Description
 ---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
@@ -3021,6 +3412,52 @@ glusterfs_disk_critical    | **Optional.** Return a critical error if disk usage
 glusterfs_inode_warning    | **Optional.** Warn if inode usage is above *DISKWARN*. Defaults to 90 (percent).
 glusterfs_inode_critical   | **Optional.** Return a critical error if inode usage is above *DISKCRIT*. Defaults to 95 (percent).
 
+#### ceph <a id="plugins-contrib-command-ceph"></a>
+
+The [ceph plugin](https://github.com/ceph/ceph-nagios-plugins)
+is used to check the Ceph storage health on the server.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name             | Description
+-----------------|---------------------------------------------------------
+ceph_exec_dir    | **Optional.** Ceph executable. Default /usr/bin/ceph.
+ceph_conf_file   | **Optional.** Alternative ceph conf file.
+ceph_mon_address | **Optional.** Ceph monitor address[:port].
+ceph_client_id   | **Optional.** Ceph client id.
+ceph_client_name | **Optional.** Ceph client name.
+ceph_client_key  | **Optional.** Ceph client keyring file.
+ceph_whitelist   | **Optional.** Whitelist regexp for ceph health warnings.
+ceph_details     | **Optional.** Run 'ceph health detail'.
+
+#### btrfs <a id="plugins-contrib-command-btrfs"></a>
+
+The [btrfs plugin](https://github.com/knorrie/python-btrfs/)
+is used to check the btrfs storage health on the server.
+
+The plugin requires `sudo` permissions.
+You can add a sudoers file to allow your monitoring user to use the plugin, i.e. edit /etc/sudoers.d/icinga and add:
+```
+icinga ALL=(root) NOPASSWD:/usr/lib/nagios/plugins/check_btrfs
+```
+
+and set the correct permissions:
+```bash
+chown -c root: /etc/sudoers.d/icinga
+chmod -c 0440 /etc/sudoers.d/icinga
+```
+
+[monitoring-plugins-btrfs](https://packages.debian.org/monitoring-plugins-btrfs) provide the necessary binary on debian/ubuntu.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name             | Description
+-----------------|---------------------------------------------------------
+btrfs_awg        | **Optional.** Exit with WARNING status if less than the specified amount of disk space (in GiB) is unallocated
+btrfs_acg        | **Optional.** Exit with CRITICAL status if less than the specified amount of disk space (in GiB) is unallocated
+btrfs_awp        | **Optional.** Exit with WARNING status if more than the specified percent of disk space is allocated
+btrfs_acp        | **Optional.** Exit with CRITICAL status if more than the specified percent of disk space is allocated
+btrfs_mountpoint | **Required.** Path to the BTRFS mountpoint
 
 ### Virtualization <a id="plugin-contrib-virtualization"></a>
 
@@ -3028,11 +3465,11 @@ This category includes all plugins for various virtualization technologies.
 
 #### esxi_hardware <a id="plugin-contrib-command-esxi-hardware"></a>
 
-The [check_esxi_hardware.py](https://www.claudiokuenzler.com/nagios-plugins/check_esxi_hardware.php) plugin
+The [check_esxi_hardware.py](https://www.claudiokuenzler.com/monitoring-plugins/check_esxi_hardware.php) plugin
 uses the [pywbem](https://pywbem.github.io/pywbem/) Python library to monitor the hardware of ESXi servers
 through the [VMWare API](https://www.vmware.com/support/pubs/sdk_pubs.html) and CIM service.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
@@ -3042,7 +3479,8 @@ esxi_hardware_pass      | **Required.** Password of the user. Can also be provid
 esxi_hardware_port      | **Optional.** Specifies the CIM port to connect to. Defaults to 5989.
 esxi_hardware_vendor    | **Optional.** Defines the vendor of the server: "auto", "dell", "hp", "ibm", "intel", "unknown" (default).
 esxi_hardware_html      | **Optional.** Add web-links to hardware manuals for Dell servers (use your country extension). Only useful with **esxi_hardware_vendor** = dell.
-esxi_hardware_ignore    | **Optional.** Comma separated list of elements to ignore.
+esxi_hardware_ignore    | **Optional.** Comma separated list of CIM elements to ignore.
+esxi_hardware_regex     | **Optional.** Allow regular expression lookups of elements in ignore list. Defaults to false.
 esxi_hardware_perfdata  | **Optional.** Add performcedata for graphers like PNP4Nagios to the output. Defaults to false.
 esxi_hardware_nopower   | **Optional.** Do not collect power performance data, when **esxi_hardware_perfdata** is set to true. Defaults to false.
 esxi_hardware_novolts   | **Optional.** Do not collect voltage performance data, when **esxi_hardware_perfdata** is set to true. Defaults to false.
@@ -3059,7 +3497,7 @@ Check commands for the [check_vmware_esx](https://github.com/BaldMansMojo/check_
 
 Check command object for the `check_vmware_esx` plugin. Shows all datastore volumes info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3092,7 +3530,7 @@ vmware_crit             | **Optional.** The critical threshold for volumes. Defa
 
 Check command object for the `check_vmware_esx` plugin. Shows all runtime info for the datacenter/Vcenter.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3115,7 +3553,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. List of vmware machines and their power state. BEWARE!! In larger environments systems can cause trouble displaying the informations needed due to the mass of data. Use **vmware_alertonly** to avoid this.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3143,7 +3581,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. List of VMware ESX hosts and their power state.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3171,7 +3609,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. List of VMware clusters and their states.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3199,7 +3637,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. All issues for the host.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3226,7 +3664,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Overall object status (gray/green/red/yellow).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3249,7 +3687,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Vmware Tools status.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3279,7 +3717,7 @@ vmware_openvmtools	| **Optional** Prevent CRITICAL state for installed and runni
 
 Check command object for the `check_vmware_esx` plugin. Simple check to verify a successful connection to VMware SOAP API.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3302,7 +3740,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Displays uptime of the VMware host.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3325,7 +3763,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. CPU usage in percentage.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3350,7 +3788,7 @@ vmware_crit             | **Optional.** The critical threshold in percent. Defau
 
 Check command object for the `check_vmware_esx` plugin. Percentage of time that the virtual machine was ready, but could not get scheduled to run on the physical CPU. CPU ready time is dependent on the number of virtual machines on the host and their CPU loads. High or growing ready time can be a hint CPU bottlenecks.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3373,7 +3811,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. CPU time spent in wait state. The wait total includes time spent the CPU idle, CPU swap wait, and CPU I/O wait states. High or growing wait time can be a hint I/O bottlenecks.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3396,7 +3834,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Actively used CPU of the host, as a percentage of the total available CPU. Active CPU is approximately equal to the ratio of the used CPU to the available CPU.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3421,7 +3859,7 @@ vmware_crit             | **Optional.** The critical threshold in percent. Defau
 
 Check command object for the `check_vmware_esx` plugin. All mem info(except overall and no thresholds).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3444,7 +3882,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Average mem usage in percentage.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3469,7 +3907,7 @@ vmware_crit             | **Optional.** The critical threshold in percent. Defau
 
 Check command object for the `check_vmware_esx` plugin. Amount of machine memory used on the host. Consumed memory includes Includes memory used by the Service Console, the VMkernel vSphere services, plus the total consumed metrics for all running virtual machines in MB.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3494,7 +3932,7 @@ vmware_crit             | **Optional.** The critical threshold in percent. No va
 
 Check command object for the `check_vmware_esx` plugin. Amount of memory that is used by swap. Sum of memory swapped of all powered on VMs and vSphere services on the host in MB. In case of an error all VMs with their swap used will be displayed.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3520,7 +3958,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Additional mem used by VM Server in MB.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3545,7 +3983,7 @@ vmware_crit             | **Optional.** The critical threshold in percent. No va
 
 Check command object for the `check_vmware_esx` plugin. The sum of all vmmemctl values in MB for all powered-on virtual machines, plus vSphere services on the host. If the balloon target value is greater than the balloon value, the VMkernel inflates the balloon, causing more virtual machine memory to be reclaimed. If the balloon target value is less than the balloon value, the VMkernel deflates the balloon, which allows the virtual machine to consume additional memory if needed (used by VM memory control driver). In case of an error all VMs with their vmmemctl values will be displayed.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3571,7 +4009,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Shows net info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3596,7 +4034,7 @@ vmware_isregexp         | **Optional.** Treat blacklist expression as regexp.
 
 Check command object for the `check_vmware_esx` plugin. Overall network usage in KBps(Kilobytes per Second).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3621,7 +4059,7 @@ vmware_crit             | **Optional.** The critical threshold in KBps(Kilobytes
 
 Check command object for the `check_vmware_esx` plugin. Data receive in KBps(Kilobytes per Second).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3646,7 +4084,7 @@ vmware_crit             | **Optional.** The critical threshold in KBps(Kilobytes
 
 Check command object for the `check_vmware_esx` plugin. Data send in KBps(Kilobytes per Second).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3671,7 +4109,7 @@ vmware_crit             | **Optional.** The critical threshold in KBps(Kilobytes
 
 Check command object for the `check_vmware_esx` plugin. Check all active NICs.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3696,7 +4134,7 @@ vmware_isregexp         | **Optional.** Treat blacklist expression as regexp.
 
 Check command object for the `check_vmware_esx` plugin. Shows all datastore volumes info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3729,7 +4167,7 @@ vmware_spaceleft        | **Optional.** This has to be used in conjunction with
 
 Check command object for the `check_vmware_esx` plugin. Shows all disk io info. Without subselect no thresholds can be given. All I/O values are aggregated from historical intervals over the past 24 hours with a 5 minute sample rate.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3752,7 +4190,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Number of aborted SCSI commands.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3777,7 +4215,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Number of SCSI bus resets.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3802,7 +4240,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average number of kilobytes read from the disk each second.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3827,7 +4265,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average amount of time (ms) to process a SCSI read command issued from the Guest OS to the virtual machine.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3852,7 +4290,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average number of kilobytes written to disk each second.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3877,7 +4315,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average amount of time (ms) taken to process a SCSI write command issued by the Guest OS to the virtual machine.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3902,7 +4340,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Aggregated disk I/O rate. For hosts, this metric includes the rates for all virtual machines running on the host.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3927,7 +4365,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average amount of time (ms) spent by VMkernel processing each SCSI command.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3952,7 +4390,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average amount of time (ms) to complete a SCSI command from the physical device.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -3977,7 +4415,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average amount of time (ms) spent in the VMkernel queue.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4002,7 +4440,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average amount of time (ms) taken during the collection interval to process a SCSI command issued by the guest OS to the virtual machine. The sum of kernelWriteLatency and deviceWriteLatency.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4027,7 +4465,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. List vm's with attached host mounted media like cd,dvd or floppy drives. This is important for monitoring because a virtual machine with a mount cd or dvd drive can not be moved to another host.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4054,7 +4492,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Shows host service info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4081,7 +4519,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Shows runtime info: VMs, overall status, connection state, health, storagehealth, temperature and sensor are represented as one value and without thresholds.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4098,13 +4536,16 @@ vmware_nosession        | **Optional.** No auth session -- IT SHOULD BE USED FOR
 vmware_username         | **Optional.** The username to connect to Host or vCenter server. No value defined as default.
 vmware_password         | **Optional.** The username's password. No value defined as default.
 vmware_authfile         | **Optional.** Use auth file instead username/password to session connect. No effect if **vmware_username** and **vmware_password** are defined <br> **Authentication file content:** <br>  username=vmuser <br> password=p@ssw0rd
+vmware_exclude          | **Optional.** Blacklist VMs name. No value defined as default.
+vmware_include          | **Optional.** Whitelist VMs name. No value defined as default.
+vmware_isregexp         | **Optional.** Treat blacklist and whitelist expressions as regexp.
 
 
 **vmware-esx-soap-host-runtime-con**
 
 Check command object for the `check_vmware_esx` plugin. Shows connection state.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4127,7 +4568,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. List of VMware machines and their status.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4154,7 +4595,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Overall object status (gray/green/red/yellow).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4177,7 +4618,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Checks cpu/storage/memory/sensor status.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4203,7 +4644,7 @@ vmware_isregexp         | **Optional.** Treat blacklist and whitelist expression
 
 Check command object for the `check_vmware_esx` plugin. List all available sensors(use for listing purpose only).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4229,7 +4670,7 @@ vmware_isregexp         | **Optional.** Treat blacklist and whitelist expression
 
 Check command object for the `check_vmware_esx` plugin. This is to avoid a double alarm if you use **vmware-esx-soap-host-runtime-health** and **vmware-esx-soap-host-runtime-storagehealth**.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4255,7 +4696,7 @@ vmware_isregexp         | **Optional.** Treat blacklist and whitelist expression
 
 Check command object for the `check_vmware_esx` plugin. Local storage status check.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4282,7 +4723,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Lists all temperature sensors.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4309,7 +4750,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Lists all configuration issues for the host.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4336,7 +4777,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. Shows Host storage info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4362,7 +4803,7 @@ vmware_isregexp         | **Optional.** Treat blacklist and whitelist expression
 
 Check command object for the `check_vmware_esx` plugin. List host bus adapters.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4389,7 +4830,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. List SCSI logical units. The listing will include: LUN, canonical name of the disc, all of displayed name which is not part of the canonical name and status.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4416,7 +4857,7 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 Check command object for the `check_vmware_esx` plugin. List multipaths and the associated paths.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4445,7 +4886,7 @@ vmware_standbyok        | **Optional.** For storage systems where a standby mult
 
 Check command object for the `check_vmware_esx` plugin. Shows all CPU usage info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4470,7 +4911,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Percentage of time that the virtual machine was ready, but could not get scheduled to run on the physical CPU.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4496,7 +4937,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. CPU time spent in wait state. The wait total includes time spent the CPU idle, CPU swap wait, and CPU I/O wait states. High or growing wait time can be a hint I/O bottlenecks.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4522,7 +4963,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Amount of actively used virtual CPU, as a percentage of total available CPU. This is the host's view of the CPU usage, not the guest operating system view. It is the average CPU utilization over all available virtual CPUs in the virtual machine.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4548,7 +4989,7 @@ vmware_crit             | **Optional.** Critical threshold in percent. Defaults
 
 Check command object for the `check_vmware_esx` plugin. Shows all memory info, except overall.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4572,7 +5013,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Average mem usage in percentage of configured virtual machine "physical" memory.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4599,7 +5040,7 @@ vmware_crit             | **Optional.** Critical threshold in percent. Defaults
 Check command object for the `check_vmware_esx` plugin. Amount of guest physical memory in MB consumed by the virtual machine for guest memory. Consumed memory does not include overhead memory. It includes shared memory and memory that might be reserved, but not actually used. Use this metric for charge-back purposes.<br>
 **vm consumed memory = memory granted -- memory saved**
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4625,7 +5066,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Amount of guest physical memory that is currently reclaimed from the virtual machine through ballooning. This is the amount of guest physical memory that has been allocated and pinned by the balloon driver.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4652,7 +5093,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Shows net info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4676,7 +5117,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Overall network usage in KBps(Kilobytes per Second).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4702,7 +5143,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Receive in KBps(Kilobytes per Second).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4728,7 +5169,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Send in KBps(Kilobytes per Second).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4754,7 +5195,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Shows all disk io info. Without subselect no thresholds can be given. All I/O values are aggregated from historical intervals over the past 24 hours with a 5 minute sample rate.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4778,7 +5219,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Average number of kilobytes read from the disk each second.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4804,7 +5245,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Average number of kilobytes written to disk each second.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4830,7 +5271,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Aggregated disk I/O rate.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4856,7 +5297,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Shows virtual machine runtime info.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4880,7 +5321,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Shows the connection state.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4904,7 +5345,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Shows virtual machine power state: poweredOn, poweredOff or suspended.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4928,7 +5369,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Overall object status (gray/green/red/yellow).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4952,7 +5393,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Console connections to virtual machine.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -4978,7 +5419,7 @@ vmware_crit             | **Optional.** The critical threshold. No value defined
 
 Check command object for the `check_vmware_esx` plugin. Guest OS status. Needs VMware Tools installed and running.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -5001,7 +5442,7 @@ vmware_authfile         | **Optional.** Use auth file instead username/password
 
 Check command object for the `check_vmware_esx` plugin. Guest OS status. VMware tools  status.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -5026,7 +5467,7 @@ vmware_openvmtools	| **Optional** Prevent CRITICAL state for installed and runni
 
 Check command object for the `check_vmware_esx` plugin. All issues for the virtual machine.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -5051,31 +5492,35 @@ vmware_multiline        | **Optional.** Multiline output in overview. This mean
 
 This category includes all plugins for web-based checks.
 
-#### apache_status <a id="plugin-contrib-command-apache_status"></a>
+#### apache-status <a id="plugin-contrib-command-apache-status"></a>
 
 The [check_apache_status.pl](https://github.com/lbetz/check_apache_status) plugin
 uses the [/server-status](https://httpd.apache.org/docs/current/mod/mod_status.html)
 HTTP endpoint to monitor status metrics for the Apache webserver.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
-Name                    | Description
-------------------------|----------------------------------------------------------------------------------
-apache_status_address	| **Optional.** The host's address. Defaults to "$address$" if the host's `address` attribute is set, `address6` otherwise.
-apache_status_port	| **Optional.** the http port.
-apache_status_url	| **Optional.** URL to use, instead of the default (http://`apache_status_address`/server-status).
-apache_status_ssl	| **Optional.** set to use ssl connection
-apache_status_timeout	| **Optional.** timeout in seconds
-apache_status_warning	| **Optional.** Warning threshold (number of open slots, busy workers and idle workers that will cause a WARNING) like ':20,50,:50'.
-apache_status_critical	| **Optional.** Critical threshold (number of open slots, busy workers and idle workers that will cause a CRITICAL) like ':10,25,:20'.
+Name                            | Description
+--------------------------------|----------------------------------------------------------------------------------
+apache_status_address		| **Optional.** Host address. Defaults to "$address$" if the host's `address` attribute is set, `address6` otherwise.
+apache_status_port		| **Optional.** HTTP port.
+apache_status_uri		| **Optional.** URL to use, instead of the default (http://`apache_status_address`/server-status).
+apache_status_ssl		| **Optional.** Set to use SSL connection.
+apache_status_no_validate	| **Optional.** Skip SSL certificate validation.
+apache_status_username		| **Optional.** Username for basic auth.
+apache_status_password		| **Optional.** Password for basic auth.
+apache_status_timeout		| **Optional.** Timeout in seconds.
+apache_status_unreachable	| **Optional.** Return CRITICAL if socket timed out or http code >= 500.
+apache_status_warning		| **Optional.** Warning threshold (number of open slots, busy workers and idle workers that will cause a WARNING) like ':20,50,:50'.
+apache_status_critical		| **Optional.** Critical threshold (number of open slots, busy workers and idle workers that will cause a CRITICAL) like ':10,25,:20'.
 
 
-### cert <a id="plugin-check-command-ssl_cert"></a>
+#### ssl_cert <a id="plugin-check-command-ssl_cert"></a>
 
 The [check_ssl_cert](https://github.com/matteocorti/check_ssl_cert) plugin
 uses the openssl binary (and optional curl) to check a X.509 certificate.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                      | Description
 --------------------------|--------------
@@ -5117,7 +5562,7 @@ web application and queries Java message beans on an application server. It is
 part of the `JMX::Jmx4Perl` Perl module which includes detailed
 [documentation](http://search.cpan.org/~roland/jmx4perl/scripts/check_jmx4perl).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                         | Description
 -----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------
@@ -5162,7 +5607,7 @@ jmx4perl_check               | **Optional.** Name of a check configuration as de
 The [check_kdc](https://exchange.nagios.org/directory/Plugins/Security/check_kdc/details) plugin
 uses the Kerberos `kinit` binary to monitor Kerberos 5 KDC by acquiring a ticket.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------------------------------------------------------------------
@@ -5178,7 +5623,7 @@ The [check_nginx_status.pl](https://github.com/regilero/check_nginx_status) plug
 uses the [/nginx_status](https://nginx.org/en/docs/http/ngx_http_stub_status_module.html)
 HTTP endpoint which provides metrics for monitoring Nginx.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    	| Description
 --------------------------------|----------------------------------------------------------------------------------
@@ -5203,7 +5648,7 @@ The [check_rbl](https://github.com/matteocorti/check_rbl) plugin
 uses the `Net::DNS` Perl library to check whether your SMTP server
 is blacklisted.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name            | Description
 ----------------|--------------------------------------------------------------------------
@@ -5211,7 +5656,7 @@ rbl_hostname	| **Optional.** The address or name of the SMTP server to check. De
 rbl_server	| **Required** List of RBL servers as an array.
 rbl_warning	| **Optional** Number of blacklisting servers for a warning.
 rbl_critical	| **Optional** Number of blacklisting servers for a critical.
-tbl_timeout	| **Optional** Seconds before plugin times out (default: 15).
+rbl_timeout	| **Optional** Seconds before plugin times out (default: 15).
 
 
 #### squid <a id="plugin-contrib-command-squid"></a>
@@ -5219,7 +5664,7 @@ tbl_timeout	| **Optional** Seconds before plugin times out (default: 15).
 The [check_squid](https://exchange.icinga.com/exchange/check_squid) plugin
 uses the `squidclient` binary to monitor a [Squid proxy](http://www.squid-cache.org).
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|----------------------------------------------------------------------------------
@@ -5246,7 +5691,7 @@ acceptance, and regression tests. A test harness allows you to run many test cas
 and collect/report your results. WebInject offers real-time results
 display and may also be used for monitoring system response times.
 
-Custom attributes passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
 
 Name                    | Description
 ------------------------|--------------
@@ -5256,3 +5701,104 @@ webinject_no_output     | **Optional.** Suppresses all output to STDOUT except t
 webinject_timeout       | **Optional.** The value [given in seconds] will be compared to the global time elapsed to run all the tests. If the tests have all been successful, but have taken more time than the 'globaltimeout' value, a warning message is sent back to Icinga.
 webinject_report_type   | **Optional.** This setting is used to enable output formatting that is compatible for use with specific external programs. The available values you can set this to are: nagios, mrtg, external and standard.
 webinject_testcase_file | **Optional.** When you launch WebInject in console mode, you can optionally supply an argument for a testcase file to run. It will look for this file in the directory that webinject.pl resides in. If no filename is passed from the command line, it will look in config.xml for testcasefile declarations. If no files are specified, it will look for a default file named 'testcases.xml' in the current [webinject] directory. If none of these are found, the engine will stop and give you an error.
+
+#### varnish <a id="plugin-contrib-command-varnish"></a>
+
+The [check_varnish](https://github.com/varnish/varnish-nagios) plugin,
+also available in the [monitoring-plugins-contrib](https://packages.debian.org/sid/nagios-plugins-contrib) on debian,
+uses the `varnishstat` binary to monitor [varnish](https://varnish-cache.org/).
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                    | Description
+------------------------|----------------------------------------------------------------------------------
+varnish_name            | **Optional.** Specify the Varnish instance name
+varnish_param           | **Optional.** Specify the parameter to check (see below). The default is 'ratio'.
+varnish_critical        | **Optional.** Set critical threshold: [@][lo:]hi
+varnish_warning         | **Optional.** Set warning threshold: [@][lo:]hi
+
+For *varnish_param*, all items reported by varnishstat(1) are available - use the
+identifier listed in the left column by `varnishstat -l`.  In
+addition, the following parameters are available:
+
+Name                    | Description
+------------------------|----------------------------------------------------------------------------------
+uptime                  | How long the cache has been running (in seconds)
+ratio                   | The cache hit ratio expressed as a percentage of hits to hits + misses.  Default thresholds are 95 and 90.
+usage                   | Cache file usage as a percentage of the total cache space.
+
+#### haproxy <a id="plugin-contrib-command-haproxy"></a>
+
+The [check_haproxy](https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/blob/master/check_haproxy/check_haproxy) plugin,
+also available in the [monitoring-plugins-contrib](https://packages.debian.org/nagios-plugins-contrib) on debian,
+uses the `haproxy` csv statistics page to monitor [haproxy](http://www.haproxy.org/) response time. The plugin outputa performance data for backends sessions and statistics response time.
+
+This plugin need to access the csv statistics page. You can configure it in haproxy by adding a new frontend:
+```
+frontend stats
+    bind 127.0.0.1:80
+    stats enablestats
+    stats uri /stats
+```
+
+The statistics page will be available at `http://127.0.0.1/stats;csv;norefresh`.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                    | Description
+------------------------|----------------------------------------------------------------------------------
+haproxy_username        | **Optional.** Username for HTTP Auth
+haproxy_password        | **Optional.** Password for HTTP Auth
+haproxy_url             | **Required.** URL of the HAProxy csv statistics page.
+haproxy_timeout         | **Optional.** Seconds before plugin times out (default: 10)
+haproxy_warning         | **Optional.** Warning request time threshold (in seconds)
+haproxy_critical        | **Optional.** Critical request time threshold (in seconds)
+
+#### haproxy_status <a id="plugin-contrib-command-haproxy_status"></a>
+
+The [check_haproxy_status](https://github.com/jonathanio/monitoring-nagios-haproxy) plugin,
+uses the `haproxy` statistics socket to monitor [haproxy](http://www.haproxy.org/) frontends/backends.
+
+This plugin need read/write access to the statistics socket with an operator level. You can configure it in the global section of haproxy to allow icinga user to use it:
+```
+stats socket /run/haproxy/admin.sock user haproxy group icinga mode 660 level operator
+```
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                        | Description
+----------------------------|----------------------------------------------------------------------------------
+haproxy\_status\_default    | **Optional.** Set/Override the defaults which will be applied to all checks (unless specifically set by --overrides).
+haproxy\_status\_frontends  | **Optional.** Enable checks for the frontends in HAProxy (that they're marked as OPEN and the session limits haven't been reached).
+haproxy\_status\_nofrontends| **Optional.** Disable checks for the frontends in HAProxy (that they're marked as OPEN and the session limits haven't been reached).
+haproxy\_status\_backends   | **Optional.** Enable checks for the backends in HAProxy (that they have the required quorum of servers, and that the session limits haven't been reached).
+haproxy\_status\_nobackends | **Optional.** Disable checks for the backends in HAProxy (that they have the required quorum of servers, and that the session limits haven't been reached).
+haproxy\_status\_servers    | **Optional.** Enable checks for the servers in HAProxy (that they haven't reached the limits for the sessions or for queues).
+haproxy\_status\_noservers  | **Optional.** Disable checks for the servers in HAProxy (that they haven't reached the limits for the sessions or for queues).
+haproxy\_status\_overrides  | **Optional.** Override the defaults for a particular frontend or backend, in the form {name}:{override}, where {override} is the same format as --defaults above.
+haproxy\_status\_socket     | **Required.** Path to the socket check_haproxy should connect to
+
+#### phpfpm_status <a id="plugin-contrib-command-phpfpm_status"></a>
+
+The [check_phpfpm_status](http://github.com/regilero/check_phpfpm_status) plugin,
+uses the `php-fpm` status page to monitor php-fpm.
+
+Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters):
+
+Name                      | Description
+--------------------------|----------------------------------------------------------------------------------
+phpfpm\_status\_hostname  | **Required.** name or IP address of host to check
+phpfpm\_status\_port      | **Optional.** Http port, or Fastcgi port when using --fastcgi
+phpfpm\_status\_url       | **Optional.** Specific URL (only the path part of it in fact) to use, instead of the default /fpm-status
+phpfpm\_status\_servername| **Optional.** ServerName, (host header of HTTP request) use it if you specified an IP in -H to match the good Virtualhost in your target
+phpfpm\_status\_fastcgi   | **Optional.** If set, connect directly to php-fpm via network or local socket, using fastcgi protocol instead of HTTP.
+phpfpm\_status\_user      | **Optional.** Username for basic auth
+phpfpm\_status\_pass      | **Optional.** Password for basic auth
+phpfpm\_status\_realm     | **Optional.** Realm for basic auth
+phpfpm\_status\_debug     | **Optional.** If set, debug mode (show http request response)
+phpfpm\_status\_timeout   | **Optional.** timeout in seconds (Default: 15)
+phpfpm\_status\_ssl       | **Optional.** Wether we should use HTTPS instead of HTTP. Note that you can give some extra parameters to this settings. Default value is 'TLSv1' but you could use things like 'TLSv1_1' or 'TLSV1_2' (or even 'SSLv23:!SSLv2:!SSLv3' for old stuff).
+phpfpm\_status\_verifyssl | **Optional.** If set, verify certificate and hostname from ssl cert, default is 0 (no security), set it to 1 to really make SSL peer name and certificater checks.
+phpfpm\_status\_cacert    | **Optional.** Full path to the cacert.pem certificate authority used to verify ssl certificates (use with --verifyssl). if not given the cacert from Mozilla::CA cpan plugin will be used.
+phpfpm\_status\_warn      | **Optional.** MIN_AVAILABLE_PROCESSES,PROC_MAX_REACHED,QUEUE_MAX_REACHED number of available workers, or max states reached that will cause a warning. -1 for no warning
+phpfpm\_status\_critical  | **Optional.** MIN_AVAILABLE_PROCESSES,PROC_MAX_REACHED,QUEUE_MAX_REACHED number of available workers, or max states reached that will cause an error, -1 for no CRITICAL
diff --git a/doc/11-cli-commands.md b/doc/11-cli-commands.md
index d288c64f5..7eac4247c 100644
--- a/doc/11-cli-commands.md
+++ b/doc/11-cli-commands.md
@@ -13,17 +13,18 @@ options.
 
 ```
 # icinga2
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 <command> [<arguments>]
 
 Supported commands:
   * api setup (setup for API)
-  * api user (API user creation helper)
   * ca list (lists all certificate signing requests)
+  * ca restore (restores a removed certificate request)
+  * ca remove (removes an outstanding certificate request)  
   * ca sign (signs an outstanding certificate request)
-  * console (Icinga console)
+  * console (Icinga debug console)
   * daemon (starts Icinga 2)
   * feature disable (disables specified feature)
   * feature enable (enables specified feature)
@@ -37,7 +38,6 @@ Supported commands:
   * pki save-cert (saves another Icinga 2 instance's certificate)
   * pki sign-csr (signs a CSR)
   * pki ticket (generates a ticket)
-  * troubleshoot (collect information for troubleshooting)
   * variable get (gets a variable)
   * variable list (lists all variables)
 
@@ -56,7 +56,7 @@ Global options:
   -X [ --script-debugger ]  whether to enable the script debugger
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 ```
 
 
@@ -136,20 +136,19 @@ added.
 
 ## CLI command: Api <a id="cli-command-api"></a>
 
-Provides the helper functions `api setup` and `api user`. The first to enable the REST API, the second to create
-ApiUser objects with hashed password strings.
-More details in the [Icinga 2 API](12-icinga2-api.md#icinga2-api-setup) chapter.
+Provides helper functions to enable and setup the
+[Icinga 2 API](12-icinga2-api.md#icinga2-api-setup).
+
+### CLI command: Api Setup <a id="cli-command-api-setup "></a>
 
 ```
-# icinga2 api --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
+# icinga2 api setup --help
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
-  icinga2 <command> [<arguments>]
+  icinga2 api setup [<arguments>]
 
-Supported commands:
-  * api setup (setup for API)
-  * api user (API user creation helper)
+Setup for Icinga 2 API.
 
 Global options:
   -h [ --help ]             show this help message
@@ -157,16 +156,19 @@ Global options:
   --color                   use VT100 color codes even when stdout is not a
                             terminal
   -D [ --define ] arg       define a constant
-  -a [ --app ] arg          application library name (default: icinga)
-  -l [ --library ] arg      load a library
   -I [ --include ] arg      add include search directory
   -x [ --log-level ] arg    specify the log level for the console log.
                             The valid value is either debug, notice,
                             information (default), warning, or critical
   -X [ --script-debugger ]  whether to enable the script debugger
 
+Command options:
+  --cn arg                  The certificate's common name
+
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Get support: <https://icinga.com/support/>
+Documentation: <https://icinga.com/docs/>
+Icinga home page: <https://icinga.com/>
 ```
 
 ## CLI command: Ca <a id="cli-command-ca"></a>
@@ -177,7 +179,7 @@ chapter. This CLI command is available since v2.8.
 
 ```
 # icinga2 ca --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 <command> [<arguments>]
@@ -185,6 +187,8 @@ Usage:
 Supported commands:
   * ca list (lists all certificate signing requests)
   * ca sign (signs an outstanding certificate request)
+  * ca restore (restores a removed certificate request)
+  * ca remove (removes an outstanding certificate request)
 
 Global options:
   -h [ --help ]             show this help message
@@ -201,7 +205,44 @@ Global options:
   -X [ --script-debugger ]  whether to enable the script debugger
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
+```
+
+
+### CLI command: Ca List <a id="cli-command-ca-list"></a>
+
+```
+icinga2 ca list --help
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
+
+Usage:
+  icinga2 ca list [<arguments>]
+
+Lists pending certificate signing requests.
+
+Global options:
+  -h [ --help ]             show this help message
+  -V [ --version ]          show version information
+  --color                   use VT100 color codes even when stdout is not a
+                            terminal
+  -D [ --define ] arg       define a constant
+  -I [ --include ] arg      add include search directory
+  -x [ --log-level ] arg    specify the log level for the console log.
+                            The valid value is either debug, notice,
+                            information (default), warning, or critical
+  -X [ --script-debugger ]  whether to enable the script debugger
+
+Command options:
+  --all                     List all certificate signing requests, including
+                            signed. Note: Old requests are automatically
+                            cleaned by Icinga after 1 week.
+  --removed                 List all removed CSRs (for use with 'ca restore')
+  --json                    encode output as JSON
+
+Report bugs at <https://github.com/Icinga/icinga2>
+Get support: <https://icinga.com/support/>
+Documentation: <https://icinga.com/docs/>
+Icinga home page: <https://icinga.com/>
 ```
 
 ## CLI command: Console <a id="cli-command-console"></a>
@@ -211,7 +252,7 @@ e.g. to test [functions](17-language-reference.md#functions) in your local sandb
 
 ```
 $ icinga2 console
-Icinga 2 (version: v2.8.0)
+Icinga 2 (version: v2.11.0)
 <1> => function test(name) {
 <1> ..   log("Hello " + name)
 <1> .. }
@@ -226,7 +267,7 @@ Further usage examples can be found in the [library reference](18-library-refere
 
 ```
 # icinga2 console --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 console [<arguments>]
@@ -255,7 +296,7 @@ Command options:
   --sandbox                 enable sandbox mode
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 ```
 
 
@@ -273,7 +314,7 @@ are required for executing config expressions and auto-completion.
 
 > **Note**
 >
-> The debug console does not currently support SSL certificate verification.
+> The debug console does not currently support TLS certificate verification.
 >
 > Runtime modifications are not validated and might cause the Icinga 2
 > daemon to crash or behave in an unexpected way. Use these runtime changes
@@ -294,19 +335,19 @@ Here's an example:
 
 ```
 $ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/'
-Icinga 2 (version: v2.8.0)
+Icinga 2 (version: v2.11.0)
 <1> =>
 ```
 
 Once connected you can inspect variables and execute other expressions by entering them at the prompt:
 
 ```
-<1> => var h = get_host("icinga2-client1.localdomain")
+<1> => var h = get_host("icinga2-agent1.localdomain")
 null
 <2> => h.last_check_result
 {
         active = true
-        check_source = "icinga2-client1.localdomain"
+        check_source = "icinga2-agent1.localdomain"
         command = [ "/usr/local/sbin/check_ping", "-H", "127.0.0.1", "-c", "5000,100%", "-w", "3000,80%" ]
         execution_end = 1446653527.174983
         execution_start = 1446653523.152673
@@ -341,10 +382,10 @@ The `--syntax-only` option can be used in combination with `--eval` or `--file`
 to check a script for syntax errors. In this mode the script is parsed to identify
 syntax errors but not evaluated.
 
-Here's an example that retrieves the command that was used by Icinga to check the `icinga2-client1.localdomain` host:
+Here's an example that retrieves the command that was used by Icinga to check the `icinga2-agent1.localdomain` host:
 
 ```
-$ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/' --eval 'get_host("icinga2-client1.localdomain").last_check_result.command' | python -m json.tool
+$ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/' --eval 'get_host("icinga2-agent1.localdomain").last_check_result.command' | python -m json.tool
 [
     "/usr/local/sbin/check_ping",
     "-H",
@@ -363,7 +404,7 @@ Furthermore it allows to run the [configuration validation](11-cli-commands.md#c
 
 ```
 # icinga2 daemon --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 daemon [<arguments>]
@@ -389,11 +430,13 @@ Command options:
   -z [ --no-config ]        start without a configuration file
   -C [ --validate ]         exit after validating the configuration
   -e [ --errorlog ] arg     log fatal errors to the specified log file (only
-                            works in combination with --daemonize)
+                            works in combination with --daemonize or
+                            --close-stdio)
   -d [ --daemonize ]        detach from the controlling terminal
+  --close-stdio             do not log to stdout (or stderr) after startup
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 ```
 
 ### Config Files <a id="cli-command-daemon-config-files"></a>
@@ -403,7 +446,7 @@ Configuration files are processed in the order they're specified on the command-
 
 When no configuration file is specified and the `--no-config` is not used
 Icinga 2 automatically falls back to using the configuration file
-`SysconfDir + "/icinga2/icinga2.conf"` (where SysconfDir is usually `/etc`).
+`ConfigDir + "/icinga2.conf"` (where ConfigDir is usually `/etc/icinga2`).
 
 ### Validation <a id="cli-command-daemon-validation"></a>
 
@@ -442,7 +485,7 @@ nodes in a [distributed monitoring](06-distributed-monitoring.md#distributed-mon
 
 ```
 # icinga2 node --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 <command> [<arguments>]
@@ -466,7 +509,7 @@ Global options:
   -X [ --script-debugger ]  whether to enable the script debugger
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 ```
 
 ## CLI command: Object <a id="cli-command-object"></a>
@@ -485,7 +528,7 @@ More information can be found in the [troubleshooting](15-troubleshooting.md#tro
 
 ```
 # icinga2 object --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.7.1-196-g23e8a6253; debug)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 <command> [<arguments>]
@@ -508,7 +551,7 @@ Global options:
   -X [ --script-debugger ]  whether to enable the script debugger
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 ```
 
 ## CLI command: Pki <a id="cli-command-pki"></a>
@@ -527,7 +570,7 @@ You will need them in the [distributed monitoring chapter](06-distributed-monito
 
 ```
 # icinga2 pki --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 <command> [<arguments>]
@@ -555,51 +598,7 @@ Global options:
   -X [ --script-debugger ]  whether to enable the script debugger
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
-```
-
-## CLI command: Troubleshoot <a id="cli-command-troubleshoot"></a>
-
-Collects basic information like version, paths, log files and crash reports for troubleshooting
-purposes and prints them to a file or the console. See [troubleshooting](15-troubleshooting.md#troubleshooting-information-required).
-
-Its output defaults to a file named `troubleshooting-[TIMESTAMP].log` so it won't overwrite older troubleshooting files.
-
-Keep in mind that this tool can not collect information from other icinga2 nodes, you will have to run it on
-each of one of you instances.
-This is only a tool to collect information to help others help you, it will not attempt to fix anything.
-
-```
-# icinga2 troubleshoot --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0)
-
-Usage:
-  icinga2 troubleshoot [<arguments>]
-
-Collect logs and other relevant information for troubleshooting purposes.
-
-Global options:
-  -h [ --help ]             show this help message
-  -V [ --version ]          show version information
-  --color                   use VT100 color codes even when stdout is not a
-                            terminal
-  -D [ --define ] arg       define a constant
-  -a [ --app ] arg          application library name (default: icinga)
-  -l [ --library ] arg      load a library
-  -I [ --include ] arg      add include search directory
-  -x [ --log-level ] arg    specify the log level for the console log.
-                            The valid value is either debug, notice,
-                            information (default), warning, or critical
-  -X [ --script-debugger ]  whether to enable the script debugger
-
-Command options:
-  -c [ --console ]          print to console instead of file
-  -o [ --output ] arg       path to output file
-  --include-objects         Print the whole objectfile (like `object list`)
-  --include-vars            Print all Variables (like `variable list`)
-
-Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 ```
 
 ## CLI command: Variable <a id="cli-command-variable"></a>
@@ -608,7 +607,7 @@ Lists all configured variables (constants) in a similar fashion like [object lis
 
 ```
 # icinga2 variable --help
-icinga2 - The Icinga 2 network monitoring daemon (version: v2.8.0; debug)
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
 
 Usage:
   icinga2 <command> [<arguments>]
@@ -632,7 +631,7 @@ Global options:
   -X [ --script-debugger ]  whether to enable the script debugger
 
 Report bugs at <https://github.com/Icinga/icinga2>
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 ```
 
 ## Enabling/Disabling Features <a id="enable-features"></a>
@@ -731,4 +730,3 @@ safely reload the Icinga 2 daemon.
 The `reload` action will send the `SIGHUP` signal to the Icinga 2 daemon
 which will validate the configuration in a separate process and not stop
 the other events like check execution, notifications, etc.
-
diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md
index c029aee0e..ccecc587f 100644
--- a/doc/12-icinga2-api.md
+++ b/doc/12-icinga2-api.md
@@ -1,4 +1,20 @@
-# Icinga 2 API <a id="icinga2-api"></a>
+# REST API <a id="icinga2-api"></a>
+
+* [Setup](12-icinga2-api.md#icinga2-api-setup)
+* [Introduction](12-icinga2-api.md#icinga2-api-introduction)
+* Endpoints
+    * [Config Objects](12-icinga2-api.md#icinga2-api-config-objects)
+    * [Actions](12-icinga2-api.md#icinga2-api-actions)
+    * [Event Streams](12-icinga2-api.md#icinga2-api-event-streams)
+    * [Status and Statistics](12-icinga2-api.md#icinga2-api-status)
+    * [Config Management](12-icinga2-api.md#icinga2-api-config-management)
+    * [Types](12-icinga2-api.md#icinga2-api-types)
+    * [Templates](12-icinga2-api.md#icinga2-api-config-templates)
+    * [Variables](12-icinga2-api.md#icinga2-api-variables)
+    * [Debug Console](12-icinga2-api.md#icinga2-api-console)
+* [API Clients](12-icinga2-api.md#icinga2-api-clients)
+    * [Programmatic Examples](12-icinga2-api.md#icinga2-api-clients-programmatic-examples)
+
 
 ## Setting up the API <a id="icinga2-api-setup"></a>
 
@@ -7,39 +23,24 @@ You can run the CLI command `icinga2 api setup` to enable the
 certificates as well as a new API user `root` with an auto-generated password in the
 `/etc/icinga2/conf.d/api-users.conf` configuration file:
 
-    # icinga2 api setup
+```
+# icinga2 api setup
+```
 
 Make sure to restart Icinga 2 to enable the changes you just made:
 
-    # service icinga2 restart
+```
+# systemctl restart icinga2
+```
 
 If you prefer to set up the API manually, you will have to perform the following steps:
 
-* Set up X.509 certificates for Icinga 2
+* Set up X.509 TLS certificates for Icinga 2
 * Enable the `api` feature (`icinga2 feature enable api`)
 * Create an `ApiUser` object for authentication
 
 The next chapter provides a quick overview of how you can use the API.
 
-### Creating ApiUsers <a id="icinga2-api-creating-users"></a>
-
-The CLI command `icinga2 api user` allows you to create an ApiUser object with a hashed password string, ready to be
-added to your configuration. Example:
-
-```
-$ icinga2 api user --user icingaweb2 --password icinga
-object ApiUser "icingaweb2" {
-  password_hash ="$5$d5f1a17ea308acb6$9e9fd5d24a9373a16e8811765cc5a5939687faf9ef8ed496db6e7f1d0ae9b2a9"
-  // client_cn = ""
-
-  permissions = [ "*" ]
-}
-```
-
-Optionally a salt can be provided with `--salt`, otherwise a random value will be used. When ApiUsers are stored this
-way, even somebody able to read the configuration files won't be able to authenticate using this information. There is
-no way to recover your password should you forget it, you'd need to create it anew.
-
 ## Introduction <a id="icinga2-api-introduction"></a>
 
 The Icinga 2 API allows you to manage configuration objects
@@ -77,13 +78,15 @@ Supported request methods:
   PUT    | Create a new object. The PUT request must include all attributes required to create a new object.
   DELETE | Remove an object created by the API. The DELETE method is idempotent and does not require any check if the object actually exists.
 
-All requests apart from `GET` require that the following `Accept` header is set:
+All requests except `GET` require the following `Accept` header:
 
-    Accept: application/json
+```
+Accept: application/json
+```
 
 Each URL is prefixed with the API version (currently "/v1").
 
-HTTP header size is limited to 8KB.
+HTTP header size is limited to 8KB per request.
 
 ### Responses <a id="icinga2-api-responses"></a>
 
@@ -93,27 +96,38 @@ list. Depending on the number of affected objects in your request, the
 
 The output will be sent back as a JSON object:
 
-
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Object was created."
-            }
-        ]
-    }
+```
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Object was created."
+        }
+    ]
+}
+```
 
 > **Tip**
 >
-> You can use the [pretty](12-icinga2-api.md#icinga2-api-parameters-global) parameter to beautify the JSON response with Icinga v2.9+.
+> You can use the [pretty](12-icinga2-api.md#icinga2-api-parameters-global) parameter to beautify the JSON response.
 
 You can also use [jq](https://stedolan.github.io/jq/) or `python -m json.tool`
 in combination with curl on the CLI.
 
 ```
+curl ... | jq 
 curl ... | python -m json.tool
 ```
 
+jq also has additional filter capabilities, as shown in [this blogpost](https://www.netways.de/blog/2018/08/24/json-in-bequem/).
+
+```
+curl ... |jq '{name: .results[].name}'
+```
+
+For programmatic examples in various languages, check the chapter
+[below](12-icinga2-api.md#icinga2-api-clients).
+
 > **Note**
 >
 > Future versions of Icinga 2 might set additional fields. Your application
@@ -140,45 +154,62 @@ was malformed.
 A status in the range of 500 generally means that there was a server-side problem
 and Icinga 2 is unable to process your request.
 
+### Security <a id="icinga2-api-security"></a>
+
+* HTTPS only.
+* TLS v1.2+ is required.
+* TLS cipher lists are hardened [by default](09-object-types.md#objecttype-apilistener).
+* Authentication is [required](12-icinga2-api.md#icinga2-api-authentication).
+
 ### Authentication <a id="icinga2-api-authentication"></a>
 
 There are two different ways for authenticating against the Icinga 2 API:
 
-* username and password using HTTP basic auth
-* X.509 certificate
+* Username and password using HTTP basic auth
+* X.509 client certificate
 
 In order to configure a new API user you'll need to add a new [ApiUser](09-object-types.md#objecttype-apiuser)
 configuration object. In this example `root` will be the basic auth username
 and the `password` attribute contains the basic auth password.
 
-    # vim /etc/icinga2/conf.d/api-users.conf
+```
+# vim /etc/icinga2/conf.d/api-users.conf
 
-    object ApiUser "root" {
-      password = "icinga"
-    }
+object ApiUser "root" {
+  password = "icinga"
+}
+```
 
 Alternatively you can use X.509 client certificates by specifying the `client_cn`
 the API should trust. The X.509 certificate has to be signed by the CA certificate
 that is configured in the [ApiListener](09-object-types.md#objecttype-apilistener) object.
 
-    # vim /etc/icinga2/conf.d/api-users.conf
+```
+# vim /etc/icinga2/conf.d/api-users.conf
 
-    object ApiUser "root" {
-      client_cn = "CertificateCommonName"
-    }
+object ApiUser "root" {
+  client_cn = "CertificateCommonName"
+}
+```
 
 An `ApiUser` object can have both authentication methods configured.
 
+#### Authentication Test <a id="icinga2-api-authentication-test"></a>
+
 You can test authentication by sending a GET request to the API:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1'
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1'
+```
 
 In case you get an error message make sure to check the API user credentials.
 
 When using client certificates for authentication you'll need to pass your client certificate
 and private key to the curl call:
 
-    $ curl -k --cert example.localdomain.crt --key example.localdomain.key 'https://example.localdomain:5665/v1/status'
+```
+$ curl -k --cert example.localdomain.crt --key example.localdomain.key 'https://example.localdomain:5665/v1/status'
+```
 
 In case of an error make sure to verify the client certificate and CA.
 
@@ -186,7 +217,9 @@ The curl parameter `-k` disables certificate verification and should therefore
 only be used for testing. In order to securely check each connection you'll need to
 specify the trusted CA certificate using the curl parameter`--cacert`:
 
-    $ curl -u root:icinga --cacert ca.crt 'icinga2.node1.localdomain:5665/v1'
+```
+$ curl -u root:icinga --cacert ca.crt 'icinga2.node1.localdomain:5665/v1'
+```
 
 Read the next chapter on [API permissions](12-icinga2-api.md#icinga2-api-permissions)
 in order to configure authorization settings for your newly created API user.
@@ -204,34 +237,46 @@ The permission system mainly relies on the url scheme of the API endpoints (See
 
 Example for an API user with all permissions:
 
-    permissions = [ "*" ]
+```
+permissions = [ "*" ]
+```
 
 Note that you can use wildcards to include all possible hierarchically lower items. Here's another example that only allows the user
 to perform read-only object queries for hosts and services:
 
-    permissions = [ "objects/query/Host", "objects/query/Service" ]
+```
+permissions = [ "objects/query/Host", "objects/query/Service" ]
+```
 
 You can also further restrict permissions by specifying a filter expression. The
 filter expression has to be a [lambda function](17-language-reference.md#nullary-lambdas)
 which must return a boolean value.
 
 The following example allows the API user to query all hosts and services which have a
-custom attribute `os` that matches the regular expression `^Linux`.
+custom variable `os` that matches the regular expression `^Linux`.
 The [regex function](18-library-reference.md#global-functions-regex) is available as global function.
 
-    permissions = [
-      {
-        permission = "objects/query/Host"
-        filter = {{ regex("^Linux", host.vars.os) }}
-      },
-      {
-        permission = "objects/query/Service"
-        filter = {{ regex("^Linux", service.vars.os) }}
-      }
-    ]
+```
+permissions = [
+  {
+    permission = "objects/query/Host"
+    filter = {{ regex("^Linux", host.vars.os) }}
+  },
+  {
+    permission = "objects/query/Service"
+    filter = {{ regex("^Linux", service.vars.os) }}
+  }
+]
+```
 
 More information about filters can be found in the [filters](12-icinga2-api.md#icinga2-api-filters) chapter.
 
+Prior to setting complex permissions, ensure to always [test](12-icinga2-api.md#icinga2-api-authentication-test)
+them step by step.
+
+
+#### Overview <a id="icinga2-api-permissions-overview"></a>
+
 Permissions are tied to a maximum HTTP request size to prevent abuse, responses sent by Icinga are not limited.
 An API user with all permissions ("\*") may send up to 512 MB regardless of the endpoint.
 
@@ -255,6 +300,7 @@ Available permissions for specific URL endpoints:
 
 The required actions or types can be replaced by using a wildcard match ("\*").
 
+
 ### Parameters <a id="icinga2-api-parameters"></a>
 
 Depending on the request method there are two ways of passing parameters to the request:
@@ -267,15 +313,27 @@ as query string, e.g. a space character becomes `%20`.
 
 Example for a URL-encoded query string:
 
-    /v1/objects/hosts?filter=match(%22example.localdomain*%22,host.name)&attrs=name&attrs=state
+```
+/v1/objects/hosts?filter=match(%22example.localdomain*%22,host.name)&attrs=name&attrs=state
+```
 
 Here are the exact same query parameters as a JSON object:
 
-    { "filter": "match(\"example.localdomain*\",host.name)", "attrs": [ "host.name", "host.state" ] }
+```
+{ "filter": "match(\"example.localdomain*\",host.name)", "attrs": [ "host.name", "host.state" ] }
+```
 
 The [match function](18-library-reference.md#global-functions-match) is available as global function
 in Icinga 2.
 
+Whenever filters and other URL parameters don't work due to encoding issues,
+consider passing them in the request body. For GET requests, this method is explained
+[here](12-icinga2-api.md#icinga2-api-requests-method-override).
+
+You can use [jo](https://github.com/jpmens/jo) to format JSON strings on the shell. An example
+for API actions shown [here](12-icinga2-api.md#icinga2-api-actions-unix-timestamps).
+
+
 ### Global Parameters <a id="icinga2-api-parameters-global"></a>
 
 Name            | Description
@@ -295,8 +353,6 @@ Example as JSON object:
 { "pretty": true }
 ```
 
-Both parameters have been added in Icinga 2 v2.9.
-
 ### Request Method Override <a id="icinga2-api-requests-method-override"></a>
 
 `GET` requests do not allow you to send a request body. In case you cannot pass everything as URL
@@ -305,11 +361,29 @@ header. This comes in handy when you are using HTTP proxies disallowing `PUT` or
 
 Query an existing object by sending a `POST` request with `X-HTTP-Method-Override: GET` as request header:
 
-    $ curl -k -s -u 'root:icinga' -H 'Accept: application/json' -X POST -H 'X-HTTP-Method-Override: GET' 'https://localhost:5665/v1/objects/hosts'
+```
+$ curl -k -s -u 'root:icinga' -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5665/v1/objects/hosts'
+```
 
 Delete an existing object by sending a `POST` request with `X-HTTP-Method-Override: DELETE` as request header:
 
-    $ curl -k -s -u 'root:icinga' -H 'Accept: application/json' -X POST -H 'X-HTTP-Method-Override: DELETE' 'https://localhost:5665/v1/objects/hosts/example.localdomain'
+```
+$ curl -k -s -u 'root:icinga' -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: DELETE' -X POST \
+ 'https://localhost:5665/v1/objects/hosts/example.localdomain'
+```
+
+Query objects with complex filters. For a detailed introduction into filter, please
+read the [following chapter](12-icinga2-api.md#icinga2-api-filters).
+
+```
+curl -k -s -u 'root:icinga' -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5665/v1/objects/services' \
+ -d '{ "filter": "service.state==2 && match(\"ping*\",service.name)" }'
+```
 
 ### Filters <a id="icinga2-api-filters"></a>
 
@@ -318,11 +392,15 @@ Delete an existing object by sending a `POST` request with `X-HTTP-Method-Overri
 By default actions and queries operate on all objects unless further restricted by the user. For
 example, the following query returns all `Host` objects:
 
-    https://localhost:5665/v1/objects/hosts
+```
+https://localhost:5665/v1/objects/hosts
+```
 
 If you're only interested in a single object, you can limit the output to that object by specifying its name:
 
-    https://localhost:5665/v1/objects/hosts?host=localhost
+```
+https://localhost:5665/v1/objects/hosts?host=localhost
+```
 
 **The name of the URL parameter is the lower-case version of the type the query applies to.** For
 example, for `Host` objects the URL parameter therefore is `host`, for `Service` objects it is
@@ -330,14 +408,18 @@ example, for `Host` objects the URL parameter therefore is `host`, for `Service`
 
 You can also specify multiple objects:
 
-    https://localhost:5665/v1/objects/hosts?hosts=first-host&hosts=second-host
+```
+https://localhost:5665/v1/objects/hosts?hosts=first-host&hosts=second-host
+```
 
 Again -- like in the previous example -- the name of the URL parameter is the lower-case version of the type. However, because we're specifying multiple objects here the **plural form** of the type is used.
 
 When specifying names for objects which have composite names like for example services the
 full name has to be used:
 
-    https://localhost:5665/v1/objects/services?service=localhost!ping6
+```
+https://localhost:5665/v1/objects/services?service=localhost!ping6
+```
 
 The full name of an object can be obtained by looking at the `__name` attribute.
 
@@ -346,7 +428,11 @@ The full name of an object can be obtained by looking at the `__name` attribute.
 Most of the information provided in this chapter applies to both permission filters (as used when
 configuring `ApiUser` objects) and filters specified in queries.
 
-Advanced filters allow users to filter objects using lambda expressions. The syntax for these filters is the same like for [apply rule expressions](03-monitoring-basics.md#using-apply-expressions).
+Advanced filters allow users to filter objects using lambda expressions.
+The syntax for these filters is the same like for [apply rule expressions](03-monitoring-basics.md#using-apply-expressions).
+
+The `filter` parameter can only be specified once, complex filters must
+be defined once in the provided string value.
 
 > **Note**
 >
@@ -355,15 +441,25 @@ Advanced filters allow users to filter objects using lambda expressions. The syn
 
 Example matching all services in NOT-OK state:
 
-    https://localhost:5665/v1/objects/services?filter=service.state!=ServiceOK
+```
+https://localhost:5665/v1/objects/services?filter=service.state!=ServiceOK
+```
 
 Example [matching](18-library-reference.md#global-functions-match) all hosts by a name string pattern:
 
-    https://localhost:5665/v1/objects/hosts?filter=match("example.localdomain*",host.name)
+```
+https://localhost:5665/v1/objects/hosts?filter=match("example.localdomain*",host.name)
+```
 
 Example for all hosts which are in the host group `linux-servers`:
+```
+https://localhost:5665/v1/objects/hosts?filter="linux-servers" in host.groups
+```
 
-    https://localhost:5665/v1/objects/hosts?filter="linux-servers" in host.groups
+> **Tip**
+>
+> Best practice for filters is to use [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
+> for GET requests and always pass them in the request body.
 
 User-specified filters are run in a sandbox environment which ensures that filters cannot
 modify Icinga's state, for example object attributes or global variables.
@@ -385,19 +481,42 @@ Some queries can be performed for more than just one object type. One example is
 action which can be used for both hosts and services. When using advanced filters you will also have to specify the
 type using the `type` parameter:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/reschedule-check' \
-    -d '{ "type": "Service", "filter": "service.name==\"ping6\"", "pretty": true }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST \
+ 'https://localhost:5665/v1/actions/reschedule-check' \
+ -d '{ "type": "Service", "filter": "service.name==\"ping6\"", "pretty": true }'
+```
 
-When building filters you have to ensure that values such as
-`"linux-servers"` are escaped properly according to the rules of the Icinga 2 configuration
-language.
+##### Filter Variables <a id="icinga2-api-advanced-filters-variables"></a>
 
-To make using the API in scripts easier you can use the `filter_vars` attribute to specify
-variables which should be made available to your filter expression. This way you don't have
-to worry about escaping values:
+Filter values need to be escaped in the same way as in the Icinga 2 DSL.
 
-    $ curl -k -s -u 'root:icinga' -H 'Accept: application/json' -H 'X-HTTP-Method-Override: GET' -X POST 'https://localhost:5665/v1/objects/hosts' \
-    -d '{ "filter": "host.vars.os == os", "filter_vars": { "os": "Linux" }, "pretty": true }'
+The example below is not valid:
+
+```
+-d '{ "type": "Host", "filter": ""linux-servers" in host.groups" }'
+```
+
+The double quotes need to be escaped with a preceeding backslash:
+
+```
+-d '{ "type": "Host", "filter": "\"linux-servers\" in host.groups" }'
+```
+
+You can use the `filter_vars` attribute to avoid additional escaping.
+This follows the same principle as with parameter binding known from RDBMS.
+Specify a placeholder variable inside the `filter` string, and actually
+assign its value inside the `filter_vars` dictionary.
+
+That way you can also keep the `filter` string the same for different
+requests with only changing the `filter_vars`.
+
+```
+$ curl -k -s -u 'root:icinga' -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5665/v1/objects/hosts' \
+ -d '{ "filter": "group in host.groups", "filter_vars": { "group": "linux-servers" }, "pretty": true }'
+```
 
 We're using [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override) here because
 the HTTP specification does not allow message bodies for GET requests.
@@ -405,6 +524,16 @@ the HTTP specification does not allow message bodies for GET requests.
 The `filters_vars` attribute can only be used inside the request body, but not as
 a URL parameter because there is no way to specify a dictionary in a URL.
 
+The example from [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
+can be enhanced to avoid additional parameter value escaping.
+
+```
+curl -k -s -u 'root:icinga' -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5665/v1/objects/services' \
+ -d '{ "filter": "service.state==state && match(pattern,service.name)", "filter_vars": { "state": 2, "pattern": "ping*" } }'
+```
+
 ## Config Objects <a id="icinga2-api-config-objects"></a>
 
 Provides methods to manage configuration objects:
@@ -440,7 +569,9 @@ a `GET` query to the `/v1/objects/<type>` URL endpoint. `<type` has
 to be replaced with the plural name of the object type you are interested
 in:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/hosts'
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/hosts'
+```
 
 A list of all available configuration types is available in the
 [object types](09-object-types.md#object-types) chapter.
@@ -459,25 +590,29 @@ Instead of using a filter you can optionally specify the object name in the
 URL path when querying a single object. For objects with composite names
 (e.g. services) the full name (e.g. `example.localdomain!http`) must be specified:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/services/example.localdomain!http'
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/services/example.localdomain!http'
+```
 
 You can limit the output to specific attributes using the `attrs` URL parameter:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/hosts/example.localdomain?attrs=name&attrs=address&pretty=1'
-    {
-        "results": [
-            {
-                "attrs": {
-                    "name": "example.localdomain"
-                    "address": "192.168.1.1"
-                },
-                "joins": {},
-                "meta": {},
-                "name": "example.localdomain",
-                "type": "Host"
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/hosts/example.localdomain?attrs=name&attrs=address&pretty=1'
+{
+    "results": [
+        {
+            "attrs": {
+                "name": "example.localdomain"
+                "address": "192.168.1.1"
+            },
+            "joins": {},
+            "meta": {},
+            "name": "example.localdomain",
+            "type": "Host"
+        }
+    ]
+}
+```
 
 #### Object Queries Result <a id="icinga2-api-config-objects-query-result"></a>
 
@@ -498,17 +633,23 @@ information about the host when querying service objects.
 
 The following query retrieves all host attributes:
 
-    https://localhost:5665/v1/objects/services?joins=host
+```
+https://localhost:5665/v1/objects/services?joins=host
+```
 
 Instead of requesting all host attributes you can also limit the output to specific
 attributes:
 
-    https://localhost:5665/v1/objects/services?joins=host.name&joins=host.address
+```
+https://localhost:5665/v1/objects/services?joins=host.name&joins=host.address
+```
 
 You can request that all available joins are returned in the result set by using
 the `all_joins` query parameter.
 
-    https://localhost:5665/v1/objects/services?all_joins=1
+```
+https://localhost:5665/v1/objects/services?all_joins=1
+```
 
 > **Note**
 >
@@ -527,109 +668,133 @@ The following joins are available:
   Zones        | parent
 
 Here's an example that retrieves all service objects for hosts which have had their `os`
-custom attribute set to `Linux`. The result set contains the `display_name` and `check_command`
+custom variable set to `Linux`. The result set contains the `display_name` and `check_command`
 attributes for the service. The query also returns the host's `name` and `address` attribute
 via a join:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/services?attrs=display_name&attrs=check_command&joins=host.name&joins=host.address&filter=host.vars.os==%22Linux%22&pretty=1'
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/objects/services?attrs=display_name&attrs=check_command&joins=host.name&joins=host.address&filter=host.vars.os==%22Linux%22&pretty=1'
 
-    {
-        "results": [
-            {
-                "attrs": {
-                    "check_command": "ping4",
-                    "display_name": "ping4"
-                },
-                "joins": {
-                    "host": {
-                        "address": "192.168.1.1",
-                        "name": "example.localdomain"
-                    }
-                },
-                "meta": {},
-                "name": "example.localdomain!ping4",
-                "type": "Service"
+{
+    "results": [
+        {
+            "attrs": {
+                "check_command": "ping4",
+                "display_name": "ping4"
             },
-            {
-                "attrs": {
-                    "check_command": "ssh",
-                    "display_name": "ssh"
-                },
-                "joins": {
-                    "host": {
-                        "address": "192.168.1.1",
-                        "name": "example.localdomain"
-                    }
-                },
-                "meta": {},
-                "name": "example.localdomain!ssh",
-                "type": "Service"
-            }
-        ]
-    }
+            "joins": {
+                "host": {
+                    "address": "192.168.1.1",
+                    "name": "example.localdomain"
+                }
+            },
+            "meta": {},
+            "name": "example.localdomain!ping4",
+            "type": "Service"
+        },
+        {
+            "attrs": {
+                "check_command": "ssh",
+                "display_name": "ssh"
+            },
+            "joins": {
+                "host": {
+                    "address": "192.168.1.1",
+                    "name": "example.localdomain"
+                }
+            },
+            "meta": {},
+            "name": "example.localdomain!ssh",
+            "type": "Service"
+        }
+    ]
+}
+```
+
+> **Tip**
+>
+> Use [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
+> and pass everything in the request body like this:
+
+```
+$ curl -k -s -u 'root:icinga' -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5665/v1/objects/services' \
+ -d '{ "attrs": [ "display_name", "check_command" ], "joins": [ "host.name", "host.address" ], "filter": "host.vars.os==\"Linux\"", "pretty": true }'
+```
 
 In case you want to fetch all [comments](09-object-types.md#objecttype-comment)
 for hosts and services, you can use the following query URL (similar example
 for downtimes):
 
-    https://localhost:5665/v1/objects/comments?joins=host&joins=service
+```
+https://localhost:5665/v1/objects/comments?joins=host&joins=service
+```
 
 This is another example for listing all service objects which are unhandled problems (state is not OK
 and no downtime or acknowledgement set). We're using [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
 here because we want to pass all query attributes in the request body.
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Override: GET' -X POST 'https://127.0.0.1:5665/v1/objects/services' \
-    -d '{ "joins": [ "host.name", "host.address" ], "attrs": [ "name", "state", "downtime_depth", "acknowledgement" ], "filter": "service.state != ServiceOK && service.downtime_depth == 0.0 && service.acknowledgement == 0.0", "pretty": true }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://127.0.0.1:5665/v1/objects/services' \
+-d '{ "joins": [ "host.name", "host.address" ], "attrs": [ "name", "state", "downtime_depth", "acknowledgement" ], "filter": "service.state != ServiceOK && service.downtime_depth == 0.0 && service.acknowledgement == 0.0", "pretty": true }'
 
-    {
-        "results": [
-            {
-                "attrs": {
-                    "acknowledgement": 0.0,
-                    "downtime_depth": 0.0,
-                    "name": "10807-service",
-                    "state": 3.0
-                },
-                "joins": {
-                    "host": {
-                        "address": "",
-                        "name": "10807-host"
-                    }
-                },
-                "meta": {},
-                "name": "10807-host!10807-service",
-                "type": "Service"
-            }
-        ]
-    }
+{
+    "results": [
+        {
+            "attrs": {
+                "acknowledgement": 0.0,
+                "downtime_depth": 0.0,
+                "name": "10807-service",
+                "state": 3.0
+            },
+            "joins": {
+                "host": {
+                    "address": "",
+                    "name": "10807-host"
+                }
+            },
+            "meta": {},
+            "name": "10807-host!10807-service",
+            "type": "Service"
+        }
+    ]
+}
+```
 
 In order to list all acknowledgements without expire time, you query the `/v1/objects/comments`
 URL endpoint with `joins` and `filter` request parameters using the [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
 method:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Override: GET' -X POST 'https://localhost:5665/v1/objects/comments' \
-    -d '{ "joins": [ "service.name", "service.acknowledgement", "service.acknowledgement_expiry" ], "attrs": [ "author", "text" ], "filter": "service.acknowledgement!=0 && service.acknowledgement_expiry==0", "pretty": true }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5665/v1/objects/comments' \
+ -d '{ "joins": [ "service.name", "service.acknowledgement", "service.acknowledgement_expiry" ], "attrs": [ "author", "text" ], "filter": "service.acknowledgement!=0 && service.acknowledgement_expiry==0", "pretty": true }'
 
-    {
-        "results": [
-            {
-                "attrs": {
-                    "author": "icingaadmin",
-                    "text": "maintenance work"
-                },
-                "joins": {
-                    "service": {
-                        "__name": "example.localdomain!disk /",
-                        "acknowledgement": 1.0,
-                        "acknowledgement_expiry": 0.0
-                    }
-                },
-                "meta": {},
-                "name": "example.localdomain!disk /!example.localdomain-1495457222-0",
-                "type": "Comment"
-            }
-        ]
-    }
+{
+    "results": [
+        {
+            "attrs": {
+                "author": "icingaadmin",
+                "text": "maintenance work"
+            },
+            "joins": {
+                "service": {
+                    "__name": "example.localdomain!disk /",
+                    "acknowledgement": 1.0,
+                    "acknowledgement_expiry": 0.0
+                }
+            },
+            "meta": {},
+            "name": "example.localdomain!disk /!example.localdomain-1495457222-0",
+            "type": "Comment"
+        }
+    ]
+}
+```
 
 ### Creating Config Objects <a id="icinga2-api-config-objects-create"></a>
 
@@ -647,50 +812,62 @@ the full name (e.g. `example.localdomain!http`) must be specified.
 
 If attributes are of the Dictionary type, you can also use the indexer format. This might be necessary to only override specific custom variables and keep all other existing custom variables (e.g. from templates):
 
-    "attrs": { "vars.os": "Linux" }
+```
+"attrs": { "vars.os": "Linux" }
+```
 
 Example for creating the new host object `example.localdomain`:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X PUT 'https://localhost:5665/v1/objects/hosts/example.localdomain' \
-    -d '{ "templates": [ "generic-host" ], "attrs": { "address": "192.168.1.1", "check_command": "hostalive", "vars.os" : "Linux" }, "pretty": true }'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Object was created."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X PUT 'https://localhost:5665/v1/objects/hosts/example.localdomain' \
+ -d '{ "templates": [ "generic-host" ], "attrs": { "address": "192.168.1.1", "check_command": "hostalive", "vars.os" : "Linux" }, "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Object was created."
+        }
+    ]
+}
+```
 
 If the configuration validation fails, the new object will not be created and the response body
 contains a detailed error message. The following example is missing the `check_command` attribute
 which is required for host objects:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X PUT 'https://localhost:5665/v1/objects/hosts/example.localdomain' \
-    -d '{ "attrs": { "address": "192.168.1.1", "vars.os" : "Linux" }, "pretty": true }'
-    {
-        "results": [
-            {
-                "code": 500.0,
-                "errors": [
-                    "Error: Validation failed for object 'example.localdomain' of type 'Host'; Attribute 'check_command': Attribute must not be empty."
-                ],
-                "status": "Object could not be created."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X PUT 'https://localhost:5665/v1/objects/hosts/example.localdomain' \
+ -d '{ "attrs": { "address": "192.168.1.1", "vars.os" : "Linux" }, "pretty": true }'
+{
+    "results": [
+        {
+            "code": 500.0,
+            "errors": [
+                "Error: Validation failed for object 'example.localdomain' of type 'Host'; Attribute 'check_command': Attribute must not be empty."
+            ],
+            "status": "Object could not be created."
+        }
+    ]
+}
+```
 
 Service objects must be created using their full name ("hostname!servicename") referencing an existing host object:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X PUT 'https://localhost:5665/v1/objects/services/example.localdomain!realtime-load' \
-    -d '{ "templates": [ "generic-service" ], "attrs": { "check_command": "load", "check_interval": 1,"retry_interval": 1 } }'
-
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X PUT 'https://localhost:5665/v1/objects/services/example.localdomain!realtime-load' \
+ -d '{ "templates": [ "generic-service" ], "attrs": { "check_command": "load", "check_interval": 1,"retry_interval": 1 } }'
+```
 
 Example for a new CheckCommand object:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X PUT 'https://localhost:5665/v1/objects/checkcommands/mytest' \
-    -d '{ "templates": [ "plugin-check-command" ], "attrs": { "command": [ "/usr/local/sbin/check_http" ], "arguments": { "-I": "$mytest_iparam$" } } }'
-
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X PUT 'https://localhost:5665/v1/objects/checkcommands/mytest' \
+ -d '{ "templates": [ "plugin-check-command" ], "attrs": { "command": [ "/usr/local/sbin/check_http" ], "arguments": { "-I": "$mytest_iparam$" } } }'
+```
 
 ### Modifying Objects <a id="icinga2-api-config-objects-modify"></a>
 
@@ -701,38 +878,44 @@ parameters need to be passed inside the JSON body:
   -----------|------------|---------------------------
   attrs      | Dictionary | **Required.** Set specific object attributes for this [object type](09-object-types.md#object-types).
 
-In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters) should be provided.
+In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters)
+parameter should be provided.
 
 > **Note**:
 >
 > Modified attributes do not trigger a re-evaluation of existing
 > static [apply rules](03-monitoring-basics.md#using-apply) and [group assignments](03-monitoring-basics.md#group-assign-intro).
-> Delete and re-create the objects if you require such changes.
+> Delete and re-create the objects if you require such changes or
+> consider funding [this feature request](https://github.com/Icinga/icinga2/issues/4084).
 >
 > Furthermore you cannot modify templates which have already been resolved
 > during [object creation](12-icinga2-api.md#icinga2-api-config-objects-create).
 > There are attributes which can only be set for [PUT requests](12-icinga2-api.md#icinga2-api-config-objects-create) such as `groups`
 > or `zone`. A complete list of `no_user_modify` attributes can be fetched from the [types](12-icinga2-api.md#icinga2-api-types) URL endpoint.
 
-If attributes are of the Dictionary type, you can also use the indexer format:
+If attributes are of the [Dictionary](17-language-reference.md#dictionary) type, you can also use the indexer format:
 
-    "attrs": { "vars.os": "Linux" }
+```
+"attrs": { "vars.os": "Linux" }
+```
 
-The following example updates the `address` attribute and the custom attribute `os` for the `example.localdomain` host:
-
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/objects/hosts/example.localdomain' \
-    -d '{ "attrs": { "address": "192.168.1.2", "vars.os" : "Windows" }, "pretty": true }'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "name": "example.localdomain",
-                "status": "Attributes updated.",
-                "type": "Host"
-            }
-        ]
-    }
+The following example updates the `address` attribute and the custom variable `os` for the `example.localdomain` host:
 
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/objects/hosts/example.localdomain' \
+ -d '{ "attrs": { "address": "192.168.1.2", "vars.os" : "Windows" }, "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "name": "example.localdomain",
+            "status": "Attributes updated.",
+            "type": "Host"
+        }
+    ]
+}
+```
 
 ### Deleting Objects <a id="icinga2-api-config-objects-delete"></a>
 
@@ -747,92 +930,32 @@ In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters
 
 Example for deleting the host object `example.localdomain`:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X DELETE 'https://localhost:5665/v1/objects/hosts/example.localdomain?cascade=1&pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "name": "example.localdomain",
-                "status": "Object was deleted.",
-                "type": "Host"
-            }
-        ]
-    }
-
-## Config Templates <a id="icinga2-api-config-templates"></a>
-
-Provides methods to manage configuration templates:
-
-* [querying templates](12-icinga2-api.md#icinga2-api-config-templates-query)
-
-Creation, modification and deletion of templates at runtime is not supported.
-
-### Querying Templates <a id="icinga2-api-config-templates-query"></a>
-
-You can request information about configuration templates by sending
-a `GET` query to the `/v1/templates/<type>` URL endpoint. `<type` has
-to be replaced with the plural name of the object type you are interested
-in:
-
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/templates/hosts'
-
-A list of all available configuration types is available in the
-[object types](09-object-types.md#object-types) chapter.
-
-A [filter](12-icinga2-api.md#icinga2-api-filters) may be provided for this query type. The
-template object can be accessed in the filter using the `tmpl` variable. In this
-example the [match function](18-library-reference.md#global-functions-match) is used to
-check a wildcard string pattern against `tmpl.name`.
-The `filter` attribute is passed inside the request body thus requiring to use [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
-here.
-
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Override: GET' -X POST 'https://localhost:5661/v1/templates/hosts' \
-    -d '{ "filter": "match(\"g*\", tmpl.name)" }'
-
-Instead of using a filter you can optionally specify the template name in the
-URL path when querying a single object:
-
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/templates/hosts/generic-host'
-
-The result set contains the type, name as well as the location of the template.
-
-## Variables <a id="icinga2-api-variables"></a>
-
-Provides methods to manage global variables:
-
-* [querying variables](12-icinga2-api.md#icinga2-api-variables-query)
-
-### Querying Variables <a id="icinga2-api-variables-query"></a>
-
-You can request information about global variables by sending
-a `GET` query to the `/v1/variables/` URL endpoint:
-
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/variables'
-
-A [filter](12-icinga2-api.md#icinga2-api-filters) may be provided for this query type. The
-variable information object can be accessed in the filter using the `variable` variable.
-The `filter` attribute is passed inside the request body thus requiring to use [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
-here.
-
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Override: GET' -X POST 'https://localhost:5661/v1/variables' \
-    -d '{ "filter": "variable.type in [ \"String\", \"Number\" ]" }'
-
-Instead of using a filter you can optionally specify the variable name in the
-URL path when querying a single variable:
-
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/variables/PrefixDir'
-
-The result set contains the type, name and value of the global variable.
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X DELETE 'https://localhost:5665/v1/objects/hosts/example.localdomain?cascade=1&pretty=1'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "name": "example.localdomain",
+            "status": "Object was deleted.",
+            "type": "Host"
+        }
+    ]
+}
+```
 
 ## Actions <a id="icinga2-api-actions"></a>
 
 There are several actions available for Icinga 2 provided by the `/v1/actions`
 URL endpoint. You can run actions by sending a `POST` request.
 
-In case you have been using the [external commands](14-features.md#external-commands)
-in the past, the API actions provide a similar interface with filter
-capabilities for some of the more common targets which do not directly change
-the configuration.
+The following actions are also used by [Icinga Web 2](https://icinga.com/products/icinga-web-2/):
+
+* sending check results to Icinga from scripts, remote agents, etc.
+* scheduling downtimes from external scripts or cronjobs
+* acknowledging problems
+* adding comments
 
 All actions return a 200 `OK` or an appropriate error code for each
 action performed on each object matching the supplied filter.
@@ -842,7 +965,40 @@ notification on a program-wide basis must be applied by updating the
 [IcingaApplication object](12-icinga2-api.md#icinga2-api-config-objects)
 called `app`.
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/objects/icingaapplications/app' -d '{ "attrs": { "enable_notifications": false } }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/objects/icingaapplications/app' \
+ -d '{ "attrs": { "enable_notifications": false } }'
+```
+
+### Unix Timestamp Handling <a id="icinga2-api-actions-unix-timestamps"></a>
+
+If you don't want to write JSON manually, especially for adding the `start_time`
+and `end_time` parameters, you can use [jo](https://github.com/jpmens/jo) to format this.
+
+```
+$ jo -p pretty=true type=Service filter="service.name==\"ping4\"" author=icingaadmin comment="IPv4 network maintenance" fixed=true start_time=$(date +%s -d "+0 hour") end_time=$(date +%s -d "+1 hour")
+{
+   "pretty": true,
+   "type": "Service",
+   "filter": "service.name==\"ping4\"",
+   "author": "icingaadmin",
+   "comment": "IPv4 network maintenance",
+   "fixed": true,
+   "start_time": 1557414097,
+   "end_time": 1557417697
+}
+```
+
+Now wrap this into the actual curl command:
+
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/schedule-downtime' \
+ -d "$(jo -p pretty=true type=Service filter="service.name==\"ping4\"" author=icingaadmin comment="IPv4 network maintanence" fixed=true start_time=$(date +%s -d "+0 hour") end_time=$(date +%s -d "+1 hour"))"
+```
+
+Note: This requires GNU date. On macOS, install `coreutils` from Homebrew and use `gdate`.
 
 ### process-check-result <a id="icinga2-api-actions-process-check-result"></a>
 
@@ -850,39 +1006,46 @@ Process a check result for a host or a service.
 
 Send a `POST` request to the URL endpoint `/v1/actions/process-check-result`.
 
-  Parameter         | Type         | Description
-  ------------------|--------------|--------------
-  exit\_status      | Number       | **Required.** For services: 0=OK, 1=WARNING, 2=CRITICAL, 3=UNKNOWN, for hosts: 0=OK, 1=CRITICAL.
-  plugin\_output    | String       | **Required.** One or more lines of the plugin main output. Does **not** contain the performance data.
-  performance\_data | Array|String | **Optional.** The performance data as array of strings. The raw performance data string can be used too.
-  check\_command    | Array        | **Optional.** The first entry should be the check commands path, then one entry for each command line option followed by an entry for each of its argument.
-  check\_source     | String       | **Optional.** Usually the name of the `command_endpoint`
-  execution\_start  | Timestamp    | **Optional.** The timestamp where a script/process started its execution.
-  execution\_end    | Timestamp    | **Optional.** The timestamp where a script/process ended its execution. This timestamp is used in features to determine e.g. the metric timestamp.
-  ttl               | Number       | **Optional.** Time-to-live duration in seconds for this check result. The next expected check result is `now + ttl` where freshness checks are executed.
+  Parameter          | Type                           | Description
+  ------------------ | --------------                 | --------------
+  exit\_status       | Number                         | **Required.** For services: 0=OK, 1=WARNING, 2=CRITICAL, 3=UNKNOWN, for hosts: 0=OK, 1=CRITICAL.
+  plugin\_output     | String                         | **Required.** One or more lines of the plugin main output. Does **not** contain the performance data.
+  performance\_data  | Array<code>&#124;</code>String | **Optional.** The performance data as array of strings. The raw performance data string can be used too.
+  check\_command     | Array<code>&#124;</code>String | **Optional.** The first entry should be the check commands path, then one entry for each command line option followed by an entry for each of its argument. Alternativly a single string can be used.
+  check\_source      | String                         | **Optional.** Usually the name of the `command_endpoint`
+  execution\_start   | Timestamp                      | **Optional.** The timestamp where a script/process started its execution.
+  execution\_end     | Timestamp                      | **Optional.** The timestamp where a script/process ended its execution. This timestamp is used in features to determine e.g. the metric timestamp.
+  ttl                | Number                         | **Optional.** Time-to-live duration in seconds for this check result. The next expected check result is `now + ttl` where freshness checks are executed.
 
 In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters) must be provided. The valid types for this action are `Host` and `Service`.
 
-Example for the service `passive-ping6`:
+Example for the service `passive-ping`:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/process-check-result?service=example.localdomain!passive-ping6' \
-    -d '{ "exit_status": 2, "plugin_output": "PING CRITICAL - Packet loss = 100%", "performance_data": [ "rta=5000.000000ms;3000.000000;5000.000000;0.000000", "pl=100%;80;100;0" ], "check_source": "example.localdomain", "pretty": true }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/process-check-result' \
+-d '{ "type": "Service", "filter": "host.name==\"icinga2-master1.localdomain\" && service.name==\"passive-ping\"", "exit_status": 2, "plugin_output": "PING CRITICAL - Packet loss = 100%", "performance_data": [ "rta=5000.000000ms;3000.000000;5000.000000;0.000000", "pl=100%;80;100;0" ], "check_source": "example.localdomain", "pretty": true }'
 
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully processed check result for object 'localdomain!passive-ping6'."
-            }
-        ]
-    }
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully processed check result for object 'icinga2-master1.localdomain!passive-ping'."
+        }
+    ]
+}
+```
+
+You can avoid URL encoding of white spaces in object names by using the `filter` attribute in the request body.
 
 Example for using the `Host` type and filter by the host name:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/process-check-result' \
-    -d '{ "filter": "host.name==\"example.localdomain\"", "type": "Host", "exit_status": 1, "plugin_output": "Host is not available." }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/process-check-result' \
+ -d '{ "filter": "host.name==\"example.localdomain\"", "type": "Host", "exit_status": 1, "plugin_output": "Host is not available." }'
+```
 
-You can avoid URL encoding of white spaces in object names by using the `filter` attribute in the request body.
 
 > **Note**
 >
@@ -907,18 +1070,20 @@ The example reschedules all services with the name "ping6" to immediately perfor
 (`next_check` default), ignoring any time periods or whether active checks are
 allowed for the service (`force=true`).
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/reschedule-check' \
-    -d '{ "type": "Service", "filter": "service.name==\"ping6\"", "force": true, "pretty": true }'
-
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully rescheduled check for object 'example.localdomain!ping6'."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/reschedule-check' \
+ -d '{ "type": "Service", "filter": "service.name==\"ping6\"", "force": true, "pretty": true }'
 
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully rescheduled check for object 'icinga2-master1.localdomain!ping6'."
+        }
+    ]
+}
+```
 
 ### send-custom-notification <a id="icinga2-api-actions-send-custom-notification"></a>
 
@@ -938,20 +1103,23 @@ In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters
 Example for a custom host notification announcing a global maintenance to
 host owners:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/send-custom-notification' \
-    -d '{ "type": "Host", "author": "icingaadmin", "comment": "System is going down for maintenance", "force": true, "pretty": true }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/send-custom-notification' \
+ -d '{ "type": "Host", "author": "icingaadmin", "comment": "System is going down for maintenance", "force": true, "pretty": true }'
 
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully sent custom notification for object 'host0'."
-            },
-            {
-                "code": 200.0,
-                "status": "Successfully sent custom notification for object 'host1'."
-            }
-    }
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully sent custom notification for object 'host0'."
+        },
+        {
+            "code": 200.0,
+            "status": "Successfully sent custom notification for object 'host1'."
+        }
+}
+```
 
 ### delay-notification <a id="icinga2-api-actions-delay-notification"></a>
 
@@ -970,20 +1138,23 @@ In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters
 
 Example:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/delay-notification' \
-    -d '{ "type": "Service", "timestamp": 1446389894, "pretty": true }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/delay-notification' \
+ -d '{ "type": "Service", "timestamp": 1446389894, "pretty": true }'
 
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully delayed notifications for object 'host0!service0'."
-            },
-            {
-                "code": 200.0,
-                "status": "Successfully delayed notifications for object 'host1!service1'."
-            }
-    }
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully delayed notifications for object 'host0!service0'."
+        },
+        {
+            "code": 200.0,
+            "status": "Successfully delayed notifications for object 'host1!service1'."
+        }
+}
+```
 
 ### acknowledge-problem <a id="icinga2-api-actions-acknowledge-problem"></a>
 
@@ -1007,26 +1178,28 @@ In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters
 The following example acknowledges all services which are in a hard critical state and sends out
 a notification for them:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/acknowledge-problem?type=Service&filter=service.state==2&service.state_type=1' \
-    -d '{ "author": "icingaadmin", "comment": "Global outage. Working on it.", "notify": true, "pretty": true }'
-
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully acknowledged problem for object 'example2.localdomain!ping4'."
-            },
-            {
-                "code": 200.0,
-                "status": "Successfully acknowledged problem for object 'example.localdomain!ping4'."
-            }
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/acknowledge-problem' \
+ -d '{ "type": "Service", "filter": "service.state==2&service.state_type=1", "author": "icingaadmin", "comment": "Global outage. Working on it.", "notify": true, "pretty": true }'
 
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully acknowledged problem for object 'icinga2-satellite1.localdomain!ping4'."
+        },
+        {
+            "code": 200.0,
+            "status": "Successfully acknowledged problem for object 'icinga2-satellite2.localdomain!ping4'."
+        }
+}
+```
 
 ### remove-acknowledgement <a id="icinga2-api-actions-remove-acknowledgement"></a>
 
 Removes the acknowledgements for services or hosts. Once the acknowledgement has
-been removed notifications will be sent out again.
+been removed the next notification will be sent again.
 
 Send a `POST` request to the URL endpoint `/v1/actions/remove-acknowledgement`.
 
@@ -1034,19 +1207,23 @@ A [filter](12-icinga2-api.md#icinga2-api-filters) must be provided. The valid ty
 
 The example removes all service acknowledgements:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/remove-acknowledgement?type=Service&pretty=1'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/remove-acknowledgement' \
+ -d '{ "type": "Service", "pretty": true }'
 
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully removed acknowledgement for object 'host0!service0'."
-            },
-            {
-                "code": 200.0,
-                "status": "Successfully removed acknowledgement for object 'example2.localdomain!aws-health'."
-            }
-    }
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully removed acknowledgement for object 'host0!service0'."
+        },
+        {
+            "code": 200.0,
+            "status": "Successfully removed acknowledgement for object 'example2.localdomain!aws-health'."
+        }
+}
+```
 
 ### add-comment <a id="icinga2-api-actions-add-comment"></a>
 
@@ -1063,23 +1240,27 @@ In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters
 
 The following example adds a comment for all `ping4` services:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/add-comment?type=Service&filter=service.name==%22ping4%22' -d '{ "author": "icingaadmin", "comment": "Troubleticket #123456789 opened.", "pretty": true }'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "legacy_id": 26.0,
-                "name": "example.localdomain!ping4!example.localdomain-1446824161-0",
-                "status": "Successfully added comment 'example.localdomain!ping4!example.localdomain-1446824161-0' for object 'example.localdomain!ping4'."
-            },
-            {
-                "code": 200.0,
-                "legacy_id": 27.0,
-                "name": "example2.localdomain!ping4!example.localdomain-1446824161-1",
-                "status": "Successfully added comment 'example2.localdomain!ping4!example.localdomain-1446824161-1' for object 'example2.localdomain!ping4'."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/add-comment' \
+ -d '{ "type": "Service", "filter": "service.name==\"ping4\"", "author": "icingaadmin", "comment": "Troubleticket #123456789 opened.", "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "legacy_id": 26.0,
+            "name": "icinga2-satellite1.localdomain!ping4!7e7861c8-8008-4e8d-9910-2a0bb26921bd",
+            "status": "Successfully added comment 'icinga2-satellite1.localdomain!ping4!7e7861c8-8008-4e8d-9910-2a0bb26921bd' for object 'icinga2-satellite1.localdomain!ping4'."
+        },
+        {
+            "code": 200.0,
+            "legacy_id": 27.0,
+            "name": "icinga2-satellite2.localdomain!ping4!9a4c43f5-9407-a536-18bf-4a6cc4b73a9f",
+            "status": "Successfully added comment 'icinga2-satellite2.localdomain!ping4!9a4c43f5-9407-a536-18bf-4a6cc4b73a9f' for object 'icinga2-satellite2.localdomain!ping4'."
+        }
+    ]
+}
+```
 
 ### remove-comment <a id="icinga2-api-actions-remove-comment"></a>
 
@@ -1094,32 +1275,39 @@ A [filter](12-icinga2-api.md#icinga2-api-filters) must be provided. The valid ty
 
 Example for a simple filter using the `comment` URL parameter:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/remove-comment?comment=example2.localdomain!ping4!mbmif.local-1446986367-0&pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully removed comment 'example2.localdomain!ping4!mbmif.local-1446986367-0'."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/remove-comment' \
+ -d '{ "comment": "icinga2-satellite2.localdomain!ping4!9a4c43f5-9407-a536-18bf-4a6cc4b73a9f", "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully removed comment 'icinga2-satellite2.localdomain!ping4!9a4c43f5-9407-a536-18bf-4a6cc4b73a9f'."
+        }
+    ]
+}
+```
 
 Example for removing all service comments using a service name filter for `ping4`:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/remove-comment?filter=service.name==%22ping4%22&type=Service&pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully removed all comments for object 'example2.localdomain!ping4'."
-            },
-            {
-                "code": 200.0,
-                "status": "Successfully removed all comments for object 'example.localdomain!ping4'."
-            }
-        ]
-    }
-
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/remove-comment'
+ -d '{ "type": "Service", "filter": "service.name==\"ping4\"", "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully removed all comments for object 'icinga2-satellite1.localdomain!ping4'."
+        },
+        {
+            "code": 200.0,
+            "status": "Successfully removed all comments for object 'icinga2-satellite2.localdomain!ping4'."
+        }
+    ]
+}
+```
 
 ### schedule-downtime <a id="icinga2-api-actions-schedule-downtime"></a>
 
@@ -1135,30 +1323,53 @@ Send a `POST` request to the URL endpoint `/v1/actions/schedule-downtime`.
   end\_time     | Timestamp | **Required.** Timestamp marking the end of the downtime.
   fixed         | Boolean   | **Optional.** Defaults to `true`. If true, the downtime is `fixed` otherwise `flexible`. See [downtimes](08-advanced-topics.md#downtimes) for more information.
   duration      | Number    | **Required for flexible downtimes.** Duration of the downtime in seconds if `fixed` is set to false.
+  all\_services | Boolean   | **Optional for host downtimes.** Sets downtime for [all services](12-icinga2-api.md#icinga2-api-actions-schedule-downtime-host-all-services) for the matched host objects. If `child_options` are set, all child hosts and their services will schedule a downtime too. Defaults to `false`.
   trigger\_name | String    | **Optional.** Sets the trigger for a triggered downtime. See [downtimes](08-advanced-topics.md#downtimes) for more information on triggered downtimes.
-  child\_options | Number   | **Optional.** Schedule child downtimes. `0` does not do anything, `1` schedules child downtimes triggered by this downtime, `2` schedules non-triggered downtimes. Defaults to `0`.
+  child\_options| String    | **Optional.** Schedule child downtimes. `DowntimeNoChildren` does not do anything, `DowntimeTriggeredChildren` schedules child downtimes triggered by this downtime, `DowntimeNonTriggeredChildren` schedules non-triggered downtimes. Defaults to `DowntimeNoChildren`.
 
 In addition to these parameters a [filter](12-icinga2-api.md#icinga2-api-filters) must be provided. The valid types for this action are `Host` and `Service`.
 
-Example:
+Example for scheduling a downtime for all `ping4` services:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/schedule-downtime?type=Service&filter=service.name==%22ping4%22' -d '{ "start_time": 1446388806, "end_time": 1446389806, "duration": 1000, "author": "icingaadmin", "comment": "IPv4 network maintenance", "pretty": true }'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "legacy_id": 2.0,
-                "name": "example2.localdomain!ping4!example.localdomain-1446822004-0",
-                "status": "Successfully scheduled downtime 'example2.localdomain!ping4!example.localdomain-1446822004-0' for object 'example2.localdomain!ping4'."
-            },
-            {
-                "code": 200.0,
-                "legacy_id": 3.0,
-                "name": "example.localdomain!ping4!example.localdomain-1446822004-1",
-                "status": "Successfully scheduled downtime 'example.localdomain!ping4!example.localdomain-1446822004-1' for object 'example.localdomain!ping4'."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/schedule-downtime' \
+ -d '{ "type": "Service", "filter": "service.name==\"ping4\"", "start_time": 1446388806, "end_time": 1446389806, "duration": 1000, "author": "icingaadmin", "comment": "IPv4 network maintenance", "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "legacy_id": 2.0,
+            "name": "icinga2-satellite1.localdomain!ping4!ecc5fa55-a5b8-4189-a013-a5d4bb47af34",
+            "status": "Successfully scheduled downtime 'icinga2-satellite1.localdomain!ping4!ecc5fa55-a5b8-4189-a013-a5d4bb47af34' for object 'icinga2-satellite1.localdomain!ping4'."
+        },
+        {
+            "code": 200.0,
+            "legacy_id": 3.0,
+            "name": "icinga2-satellite2.localdomain!ping4!abc59032-4589-abcd-4567-ecf67856c347",
+            "status": "Successfully scheduled downtime 'icinga2-satellite2.localdomain!ping4!abc59032-4589-abcd-4567-ecf67856c347' for object 'icinga2-satellite2.localdomain!ping4'."
+        }
+    ]
+}
+```
+
+In case you want to target just a single service on a host, modify the filter
+like this:
+
+```
+"filter": "host.name==\"icinga2-satellite1.localdomain\" && service.name==\"ping4\""
+```
+
+#### Schedule Host Downtime(s) with all Services <a id="icinga2-api-actions-schedule-downtime-host-all-services"></a>
+
+Schedule a downtime for one (or multiple) hosts and all of their services.
+Note the `all_services` attribute.
+
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/schedule-downtime' \
+ -d "$(jo -p pretty=true type=Host filter="match(\"*satellite*\", host.name)" all_services=true author=icingaadmin comment="Cluster upgrade maintenance" fixed=true start_time=$(date +%s -d "+0 hour") end_time=$(date +%s -d "+1 hour"))"
+```
 
 ### remove-downtime <a id="icinga2-api-actions-remove-downtime"></a>
 
@@ -1173,54 +1384,65 @@ A [filter](12-icinga2-api.md#icinga2-api-filters) must be provided. The valid ty
 
 Example for a simple filter using the `downtime` URL parameter:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/remove-downtime?downtime=example.localdomain!ping4!mbmif.local-1446979168-6&pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully removed downtime 'example.localdomain!ping4!mbmif.local-1446979168-6'."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/remove-downtime' \
+ -d '{ "downtime": "icinga2-satellite2.localdomain!ping4!abc59032-4589-abcd-4567-ecf67856c347", "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully removed downtime 'icinga2-satellite2.localdomain!ping4!abc59032-4589-abcd-4567-ecf67856c347'."
+        }
+    ]
+}
+```
 
-Example for removing all host downtimes using a host name filter for `example.localdomain`:
+Example for removing all host downtimes using a host name filter for `icinga2-satellite2.localdomain`:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/remove-downtime?filter=host.name==%22example.localdomain%22&type=Host&pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully removed all downtimes for object 'example.localdomain'."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/remove-downtime' \
+ -d '{ "type": "Host", "filter": "host.name==\"icinga2-satellite2.localdomain\"", "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully removed all downtimes for object 'icinga2-satellite2.localdomain'."
+        }
+    ]
+}
+```
 
 Example for removing a downtime from a host but not the services filtered by the author name. This example uses
 filter variables explained in the [advanced filters](12-icinga2-api.md#icinga2-api-advanced-filters) chapter.
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/remove-downtime' \
-            -d $'{
-      "type": "Downtime",
-      "filter": "host.name == filterHost && !service && downtime.author == filterAuthor",
-      "filter_vars": {
-        "filterHost": "example.localdomain",
-        "filterAuthor": "icingaadmin"
-      },
-      "pretty": true
-    }'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/remove-downtime' \
+ -d $'{
+  "type": "Downtime",
+  "filter": "host.name == filterHost && !service && downtime.author == filterAuthor",
+  "filter_vars": {
+    "filterHost": "icinga2-satellite1.localdomain",
+    "filterAuthor": "icingaadmin"
+  },
+  "pretty": true
+}'
 
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Successfully removed downtime 'example.localdomain!mbmif.local-1463043129-3'."
-            }
-        ]
-    }
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Successfully removed downtime 'icinga2-satellite1.localdomain!ecc5fa55-a5b8-ef34-abcd-a5d41234af34'."
+        }
+    ]
+}
+```
 
 ### shutdown-process <a id="icinga2-api-actions-shutdown-process"></a>
 
-Shuts down Icinga2. May or may not return.
+Shuts down Icinga. May or may not return.
 
 Send a `POST` request to the URL endpoint `/v1/actions/shutdown-process`.
 
@@ -1228,20 +1450,23 @@ This action does not support a target type or filter.
 
 Example:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/shutdown-process?pretty=1'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/shutdown-process?pretty=1'
 
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Shutting down Icinga 2."
-            }
-        ]
-    }
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Shutting down Icinga 2."
+        }
+    ]
+}
+```
 
 ### restart-process <a id="icinga2-api-actions-restart-process"></a>
 
-Restarts Icinga2. May or may not return.
+Restarts Icinga. May or may not return.
 
 Send a `POST` request to the URL endpoint `/v1/actions/restart-process`.
 
@@ -1249,22 +1474,31 @@ This action does not support a target type or filter.
 
 Example:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/restart-process?pretty=1'
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/restart-process?pretty=1'
 
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Restarting Icinga 2."
-            }
-        ]
-    }
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Restarting Icinga 2."
+        }
+    ]
+}
+```
 
 ### generate-ticket <a id="icinga2-api-actions-generate-ticket"></a>
 
 Generates a PKI ticket for [CSR auto-signing](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing).
 This can be used in combination with satellite/client setups requesting this ticket number.
 
+> **Note**
+>
+> This must be used on the local host, or e.g. by a Puppet master.
+> Doing so remotely may result in security issues with cluster
+> trust relationships.
+
 Send a `POST` request to the URL endpoint `/v1/actions/generate-ticket`.
 
   Parameter     | Type      | Description
@@ -1273,21 +1507,31 @@ Send a `POST` request to the URL endpoint `/v1/actions/generate-ticket`.
 
 Example:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/actions/generate-ticket' \
-    -d '{ "cn": "icinga2-client1.localdomain", "pretty": true }'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Generated PKI ticket '4f75d2ecd253575fe9180938ebff7cbca262f96e' for common name 'icinga2-client1.localdomain'.",
-                "ticket": "4f75d2ecd253575fe9180938ebff7cbca262f96e"
-            }
-        ]
-    }
-
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/actions/generate-ticket' \
+ -d '{ "cn": "icinga2-agent1.localdomain", "pretty": true }'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Generated PKI ticket '4f75d2ecd253575fe9180938ebff7cbca262f96e' for common name 'icinga2-agent1.localdomain'.",
+            "ticket": "4f75d2ecd253575fe9180938ebff7cbca262f96e"
+        }
+    ]
+}
+```
 
 ## Event Streams <a id="icinga2-api-event-streams"></a>
 
+Event streams can be used to receive check results, downtimes, comments,
+acknowledgements, etc. as a "live stream" from Icinga.
+
+You can for example forward these types into your own backend. Process the
+metrics and correlate them with notifications and state changes e.g. in Elasticsearch
+with the help of [Icingabeat](https://icinga.com/docs/icingabeat/latest/). Another use
+case are aligned events and creating/resolving tickets automatically in your ticket system.
+
 You can subscribe to event streams by sending a `POST` request to the URL endpoint `/v1/events`.
 The following parameters need to be specified (either as URL parameters or in a JSON-encoded message body):
 
@@ -1320,7 +1564,11 @@ being set.
 
 Example for all downtime events:
 
-    &types=DowntimeAdded&types=DowntimeRemoved&types=DowntimeTriggered
+```
+&types=DowntimeAdded&types=DowntimeRemoved&types=DowntimeTriggered
+
+-d '{ "types": ["DowntimeAdded", "DowntimeRemoved", "DowntimeTriggered"] }'
+```
 
 #### <a id="icinga2-api-event-streams-type-checkresult"></a> Event Stream Type: CheckResult
 
@@ -1352,6 +1600,7 @@ Example for all downtime events:
   timestamp     | Timestamp     | Unix timestamp when the event happened.
   host	        | String        | [Host](09-object-types.md#objecttype-host) name.
   service       | String        | [Service](09-object-types.md#objecttype-service) name. Optional if this is a host notification.
+  command       | String        | [NotificationCommand](09-object-types.md#objecttype-notificationcommand) name.
   users         | Array         | List of notified [user](09-object-types.md#objecttype-user) names.
   notification\_type | String   | [$notification.type$](03-monitoring-basics.md#notification-runtime-macros) runtime macro value.
   author        | String        | [$notification.author$](03-monitoring-basics.md#notification-runtime-macros) runtime macro value.
@@ -1457,13 +1706,20 @@ Event streams can be filtered by attributes using the prefix `event.`.
 
 Example for the `CheckResult` type with the `exit_code` set to `2`:
 
-    &types=CheckResult&filter=event.check_result.exit_status==2
+```
+&types=CheckResult&filter=event.check_result.exit_status==2
+
+-d '{ "types": "CheckResult", "filter": "event.check_result.exit_status==2" }'
+```
 
 Example for the `CheckResult` type with the service [matching](18-library-reference.md#global-functions-match)
 the string pattern "random\*":
 
-    &types=CheckResult&filter=match%28%22random*%22,event.service%29
+```
+&types=CheckResult&filter=match%28%22random*%22,event.service%29
 
+-d { "types": "CheckResult", "filter": "match(\"random*\", event.service)" }
+```
 
 ### Event Stream Response <a id="icinga2-api-event-streams-response"></a>
 
@@ -1472,12 +1728,15 @@ must support long-polling and HTTP/1.1. HTTP/1.0 is not supported.
 
 Example:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/events?queue=michi&types=CheckResult&filter=event.check_result.exit_status==2'
-
-    {"check_result":{ ... },"host":"example.localdomain","service":"ping4","timestamp":1445421319.7226390839,"type":"CheckResult"}
-    {"check_result":{ ... },"host":"example.localdomain","service":"ping4","timestamp":1445421324.7226390839,"type":"CheckResult"}
-    {"check_result":{ ... },"host":"example.localdomain","service":"ping4","timestamp":1445421329.7226390839,"type":"CheckResult"}
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/events' \
+ -d '{ "queue": "myqueue", "types": "CheckResult", "filter": "event.check_result.exit_status==2" }'
 
+{"check_result":{ ... },"host":"example.localdomain","service":"ping4","timestamp":1445421319.7226390839,"type":"CheckResult"}
+{"check_result":{ ... },"host":"example.localdomain","service":"ping4","timestamp":1445421324.7226390839,"type":"CheckResult"}
+{"check_result":{ ... },"host":"example.localdomain","service":"ping4","timestamp":1445421329.7226390839,"type":"CheckResult"}
+```
 
 ## Status and Statistics <a id="icinga2-api-status"></a>
 
@@ -1485,86 +1744,106 @@ Send a `GET` request to the URL endpoint `/v1/status` to retrieve status informa
 
 Example:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/status?pretty=1'
-    {
-        "results": [
-            {
-                "name": "ApiListener",
-                "perfdata": [ ... ],
-                "status": [ ... ]
-            },
-            ...
-            {
-                "name": "IcingaAplication",
-                "perfdata": [ ... ],
-                "status": [ ... ]
-            },
-            ...
-        ]
-    }
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/status?pretty=1'
+{
+    "results": [
+        {
+            "name": "ApiListener",
+            "perfdata": [ ... ],
+            "status": [ ... ]
+        },
+        ...
+        {
+            "name": "IcingaAplication",
+            "perfdata": [ ... ],
+            "status": [ ... ]
+        },
+        ...
+    ]
+}
+```
 
 You can limit the output by specifying a status type in the URL, e.g. `IcingaApplication`:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/status/IcingaApplication?pretty=1'
-    {
-        "results": [
-            {
-                "perfdata": [],
-                "status": {
-                    "icingaapplication": {
-                        "app": {
-                            "enable_event_handlers": true,
-                            "enable_flapping": true,
-                            "enable_host_checks": true,
-                            "enable_notifications": true,
-                            "enable_perfdata": true,
-                            "enable_service_checks": true,
-                            "node_name": "example.localdomain",
-                            "pid": 59819.0,
-                            "program_start": 1443019345.093372,
-                            "version": "v2.3.0-573-g380a131"
-                        }
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/status/IcingaApplication?pretty=1'
+{
+    "results": [
+        {
+            "perfdata": [],
+            "status": {
+                "icingaapplication": {
+                    "app": {
+                        "enable_event_handlers": true,
+                        "enable_flapping": true,
+                        "enable_host_checks": true,
+                        "enable_notifications": true,
+                        "enable_perfdata": true,
+                        "enable_service_checks": true,
+                        "node_name": "example.localdomain",
+                        "pid": 59819.0,
+                        "program_start": 1443019345.093372,
+                        "version": "v2.3.0-573-g380a131"
                     }
                 }
             }
-        ]
-    }
-
+        }
+    ]
+}
+```
 
 ## Configuration Management <a id="icinga2-api-config-management"></a>
 
-The main idea behind configuration management is to allow external applications
-creating configuration packages and stages based on configuration files and
+The main idea behind configuration management is that external applications
+can create configuration packages and stages based on configuration files and
 directory trees. This replaces any additional SSH connection and whatnot to
 dump configuration files to Icinga 2 directly.
+
 In case you are pushing a new configuration stage to a package, Icinga 2 will
 validate the configuration asynchronously and populate a status log which
-can be fetched in a separated request.
+can be fetched in a separated request. Once the validation succeeds,
+a reload is triggered by default.
+
+This functionality was primarly developed for the [Icinga Director](https://icinga.com/docs/director/latest/)
+but can be used with your own deployments too. It also solves the problem
+with certain runtime objects (zones, endpoints) and can be used to
+deploy global templates in [global cluster zones](06-distributed-monitoring.md#distributed-monitoring-global-zone-config-sync).
 
 
-### Creating a Config Package <a id="icinga2-api-config-management-create-package"></a>
+### Create a Config Package <a id="icinga2-api-config-management-create-package"></a>
 
 Send a `POST` request to a new config package called `example-cmdb` in this example. This
-will create a new empty configuration package.
+creates a new empty configuration package.
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST \
-    'https://localhost:5665/v1/config/packages/example-cmdb?pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "package": "example-cmdb",
-                "status": "Created package."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+-X POST 'https://localhost:5665/v1/config/packages/example-cmdb?pretty=1'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "package": "example-cmdb",
+            "status": "Created package."
+        }
+    ]
+}
+```
 
-Package names starting with an underscore are reserved for internal packages and must not be used.
+Package names with the `_` prefix are reserved for internal packages and must not be used.
+You can recognize `_api`, `_etc` and `_cluster` when querying specific objects and packages.
 
-### Uploading configuration for a Config Package <a id="icinga2-api-config-management-create-config-stage"></a>
+Each configuration object stores the package source in the `package` attribute.
 
-Configuration files in packages are managed in stages.
-Stages provide a way to maintain multiple configuration versions for a package.
+### Create a Stage: Upload Configuration <a id="icinga2-api-config-management-create-config-stage"></a>
+
+Configuration files in packages are managed in stages. Stages provide a way
+to maintain multiple configuration versions for a package. Once a new stage
+is deployed, the content is validated and set as active stage on success.
+
+On failure, the older stage remains active, and the caller can fetch the `startup.log`
+from this stage deployment attempt to see what exactly failed. You can see that
+in the Director's deployment log.
 
 Send a `POST` request to the URL endpoint `/v1/config/stages` and add the name of an existing
 configuration package to the URL path (e.g. `example-cmdb`).
@@ -1581,30 +1860,36 @@ The file path requires one of these two directories inside its path:
 
 Example for a local configuration in the `conf.d` directory:
 
-    "files": { "conf.d/host1.conf": "object Host \"local-host\" { address = \"127.0.0.1\", check_command = \"hostalive\" }" }
+```
+"files": { "conf.d/host1.conf": "object Host \"local-host\" { address = \"127.0.0.1\", check_command = \"hostalive\" }" }
+```
 
 Example for a host configuration inside the `satellite` zone in the `zones.d` directory:
 
-    "files": { "zones.d/satellite/host2.conf": "object Host \"satellite-host\" { address = \"192.168.1.100\", check_command = \"hostalive\" }" }
+```
+"files": { "zones.d/satellite/host2.conf": "object Host \"satellite-host\" { address = \"192.168.1.100\", check_command = \"hostalive\" }" }
+```
 
 
 The example below will create a new file called `test.conf` in the `conf.d`
 directory. Note: This example contains an error (`chec_command`). This is
 intentional.
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST \
-    -d '{ "files": { "conf.d/test.conf": "object Host \"cmdb-host\" { chec_command = \"dummy\" }" }, "pretty": true }' \
-    'https://localhost:5665/v1/config/stages/example-cmdb'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "package": "example-cmdb",
-                "stage": "example.localdomain-1441625839-0",
-                "status": "Created stage. Icinga2 will reload."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST \
+-d '{ "files": { "conf.d/test.conf": "object Host \"cmdb-host\" { chec_command = \"dummy\" }" }, "pretty": true }' \
+'https://localhost:5665/v1/config/stages/example-cmdb'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "package": "example-cmdb",
+            "stage": "7e7861c8-8008-4e8d-9910-2a0bb26921bd",
+            "status": "Created stage. Reload triggered."
+        }
+    ]
+}
+```
 
 The Icinga 2 API returns the `package` name this stage was created for, and also
 generates a unique name for the `stage` attribute you'll need for later requests.
@@ -1618,7 +1903,7 @@ and its configuration objects will remain active.
 >
 > Old stages are not purged automatically. You can [remove stages](12-icinga2-api.md#icinga2-api-config-management-delete-config-stage) that are no longer in use.
 
-Icinga 2 will create the following files in the configuration package
+Icinga 2 creates the following files in the configuration package
 stage after configuration validation:
 
   File        | Description
@@ -1627,7 +1912,8 @@ stage after configuration validation:
   startup.log | Contains the [configuration validation](11-cli-commands.md#config-validation) output.
 
 You can [fetch these files](12-icinga2-api.md#icinga2-api-config-management-fetch-config-package-stage-files)
-in order to verify that the new configuration was deployed successfully.
+in order to verify that the new configuration was deployed successfully. Please follow the chapter below
+to learn more about this.
 
 
 ### List Configuration Packages and their Stages <a id="icinga2-api-config-management-list-config-packages"></a>
@@ -1637,52 +1923,55 @@ A list of packages and their stages can be retrieved by sending a `GET` request
 The following example contains one configuration package `example-cmdb`. The package does not currently
 have an active stage.
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/packages?pretty=1'
-    {
-        "results": [
-            {
-                "active-stage": "",
-                "name": "example-cmdb",
-                "stages": [
-                    "example.localdomain-1441625839-0"
-                ]
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/packages?pretty=1'
+{
+    "results": [
+        {
+            "active-stage": "",
+            "name": "example-cmdb",
+            "stages": [
+                "7e7861c8-8008-4e8d-9910-2a0bb26921bd"
+            ]
+        }
+    ]
+}
+```
 
-
-### List Configuration Packages and their Stages <a id="icinga2-api-config-management-list-config-package-stage-files"></a>
+### List Configuration Package Stage Files <a id="icinga2-api-config-management-list-config-package-stage-files"></a>
 
 In order to retrieve a list of files for a stage you can send a `GET` request to
 the URL endpoint `/v1/config/stages`. You need to include
-the package name (`example-cmdb`) and stage name (`example.localdomain-1441625839-0`) in the URL:
+the package name (`example-cmdb`) and stage name (`7e7861c8-8008-4e8d-9910-2a0bb26921bd`) in the URL:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/stages/example-cmdb/example.localdomain-1441625839-0?pretty=1'
-    {
-        "results": [
-    ...
-            {
-                "name": "startup.log",
-                "type": "file"
-            },
-            {
-                "name": "status",
-                "type": "file"
-            },
-            {
-                "name": "conf.d",
-                "type": "directory"
-            },
-            {
-                "name": "zones.d",
-                "type": "directory"
-            },
-            {
-                "name": "conf.d/test.conf",
-                "type": "file"
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/stages/example-cmdb/7e7861c8-8008-4e8d-9910-2a0bb26921bd?pretty=1'
+{
+    "results": [
+...
+        {
+            "name": "startup.log",
+            "type": "file"
+        },
+        {
+            "name": "status",
+            "type": "file"
+        },
+        {
+            "name": "conf.d",
+            "type": "directory"
+        },
+        {
+            "name": "zones.d",
+            "type": "directory"
+        },
+        {
+            "name": "conf.d/test.conf",
+            "type": "file"
+        }
+    ]
+}
+```
 
 ### Fetch Configuration Package Stage Files <a id="icinga2-api-config-management-fetch-config-package-stage-files"></a>
 
@@ -1695,9 +1984,11 @@ the package name, the stage name and the relative path to the file to the URL pa
 
 The following example fetches the configuration file `conf.d/test.conf`:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/files/example-cmdb/example.localdomain-1441625839-0/conf.d/test.conf'
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/files/example-cmdb/7e7861c8-8008-4e8d-9910-2a0bb26921bd/conf.d/test.conf'
 
-    object Host "cmdb-host" { chec_command = "dummy" }
+object Host "cmdb-host" { chec_command = "dummy" }
+```
 
 You can fetch a [list of existing files](12-icinga2-api.md#icinga2-api-config-management-list-config-package-stage-files)
 in a configuration stage and then specifically request their content.
@@ -1711,17 +2002,19 @@ In order to check for validation errors you can fetch the `startup.log` file
 by sending a `GET` request to the URL endpoint `/v1/config/files`. You must include
 the package name, stage name and the `startup.log` in the URL path.
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/files/example-cmdb/example.localdomain-1441133065-1/startup.log'
-    ...
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/config/files/example-cmdb/7e7861c8-8008-4e8d-9910-2a0bb26921bd/startup.log'
+...
 
-    critical/config: Error: Attribute 'chec_command' does not exist.
-    Location:
-    /var/lib/icinga2/api/packages/example-cmdb/example.localdomain-1441133065-1/conf.d/test.conf(1): object Host "cmdb-host" { chec_command = "dummy" }
-                                                                                                           ^^^^^^^^^^^^^^^^^^^^^^
+critical/config: Error: Attribute 'chec_command' does not exist.
+Location:
+/var/lib/icinga2/api/packages/example-cmdb/7e7861c8-8008-4e8d-9910-2a0bb26921bd/conf.d/test.conf(1): object Host "cmdb-host" { chec_command = "dummy" }
+                                                                                                       ^^^^^^^^^^^^^^^^^^^^^^
 
-    critical/config: 1 error
+critical/config: 1 error
+```
 
-The output is similar to the manual [configuration validation](11-cli-commands.md#config-validation).
+The output is the exact as known from [configuration validation](11-cli-commands.md#config-validation).
 
 > **Note**
 >
@@ -1734,20 +2027,21 @@ You can send a `DELETE` request to the URL endpoint `/v1/config/stages`
 in order to purge a configuration stage. You must include the package and
 stage name inside the URL path.
 
-The following example removes the failed configuration stage `example.localdomain-1441133065-1`
+The following example removes the failed configuration stage `7e7861c8-8008-4e8d-9910-2a0bb26921bd`
 in the `example-cmdb` configuration package:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X DELETE \
-    'https://localhost:5665/v1/config/stages/example-cmdb/example.localdomain-1441133065-1?pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Stage deleted."
-            }
-        ]
-    }
-
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X DELETE 'https://localhost:5665/v1/config/stages/example-cmdb/7e7861c8-8008-4e8d-9910-2a0bb26921bd?pretty=1'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Stage deleted."
+        }
+    ]
+}
+```
 
 ### Deleting Configuration Package <a id="icinga2-api-config-management-delete-config-package"></a>
 
@@ -1757,18 +2051,19 @@ with the package name in the URL path.
 
 This example entirely deletes the configuration package `example-cmdb`:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X DELETE \
-    'https://localhost:5665/v1/config/packages/example-cmdb?pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "package": "example-cmdb",
-                "status": "Deleted package."
-            }
-        ]
-    }
-
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' -X DELETE \
+'https://localhost:5665/v1/config/packages/example-cmdb?pretty=1'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "package": "example-cmdb",
+            "status": "Deleted package."
+        }
+    ]
+}
+```
 
 ## Types <a id="icinga2-api-types"></a>
 
@@ -1788,43 +2083,131 @@ Each response entry in the results array contains the following attributes:
 
 In order to view a specific configuration object type specify its name inside the URL path:
 
-    $ curl -k -s -u root:icinga 'https://localhost:5665/v1/types/Object?pretty=1'
-    {
-        "results": [
-            {
-                "abstract": false,
-                "fields": {
-                    "type": {
-                        "array_rank": 0.0,
-                        "attributes": {
-                            "config": false,
-                            "navigation": false,
-                            "no_user_modify": false,
-                            "no_user_view": false,
-                            "required": false,
-                            "state": false
-                        },
-                        "id": 0.0,
-                        "type": "String"
-                    }
-                },
-                "name": "Object",
-                "plural_name": "Objects",
-                "prototype_keys": [
-                    "clone",
-                    "notify_attribute",
-                    "to_string"
-                ]
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/types/Object?pretty=1'
+{
+    "results": [
+        {
+            "abstract": false,
+            "fields": {
+                "type": {
+                    "array_rank": 0.0,
+                    "attributes": {
+                        "config": false,
+                        "navigation": false,
+                        "no_user_modify": false,
+                        "no_user_view": false,
+                        "required": false,
+                        "state": false
+                    },
+                    "id": 0.0,
+                    "type": "String"
+                }
+            },
+            "name": "Object",
+            "plural_name": "Objects",
+            "prototype_keys": [
+                "clone",
+                "notify_attribute",
+                "to_string"
+            ]
+        }
+    ]
+}
+```
 
+## Config Templates <a id="icinga2-api-config-templates"></a>
 
-## Console <a id="icinga2-api-console"></a>
+Provides methods to manage configuration templates:
+
+* [querying templates](12-icinga2-api.md#icinga2-api-config-templates-query)
+
+Creation, modification and deletion of templates at runtime is not supported.
+
+### Querying Templates <a id="icinga2-api-config-templates-query"></a>
+
+You can request information about configuration templates by sending
+a `GET` query to the `/v1/templates/<type>` URL endpoint. `<type` has
+to be replaced with the plural name of the object type you are interested
+in:
+
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/templates/hosts'
+```
+
+A list of all available configuration types is available in the
+[object types](09-object-types.md#object-types) chapter.
+
+A [filter](12-icinga2-api.md#icinga2-api-filters) may be provided for this query type. The
+template object can be accessed in the filter using the `tmpl` variable. In this
+example the [match function](18-library-reference.md#global-functions-match) is used to
+check a wildcard string pattern against `tmpl.name`.
+The `filter` attribute is passed inside the request body thus requiring to use [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
+here.
+
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5661/v1/templates/hosts' \
+ -d '{ "filter": "match(\"g*\", tmpl.name)" }'
+```
+
+Instead of using a filter you can optionally specify the template name in the
+URL path when querying a single object:
+
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/templates/hosts/generic-host'
+```
+
+The result set contains the type, name as well as the location of the template.
+
+## Variables <a id="icinga2-api-variables"></a>
+
+Provides methods to manage global variables:
+
+* [querying variables](12-icinga2-api.md#icinga2-api-variables-query)
+
+### Querying Variables <a id="icinga2-api-variables-query"></a>
+
+You can request information about global variables by sending
+a `GET` query to the `/v1/variables/` URL endpoint:
+
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/variables'
+```
+
+A [filter](12-icinga2-api.md#icinga2-api-filters) may be provided for this query type. The
+variable information object can be accessed in the filter using the `variable` variable.
+The `filter` attribute is passed inside the request body thus requiring to use [X-HTTP-Method-Override](12-icinga2-api.md#icinga2-api-requests-method-override)
+here.
+
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -H 'X-HTTP-Method-Override: GET' -X POST \
+ 'https://localhost:5661/v1/variables' \
+ -d '{ "filter": "variable.type in [ \"String\", \"Number\" ]" }'
+```
+
+Instead of using a filter you can optionally specify the variable name in the
+URL path when querying a single variable:
+
+```
+$ curl -k -s -u root:icinga 'https://localhost:5665/v1/variables/PrefixDir'
+```
+
+The result set contains the type, name and value of the global variable.
+
+## Debug Console <a id="icinga2-api-console"></a>
 
 You can inspect variables and execute other expressions by sending a `POST` request to the URL endpoint `/v1/console/execute-script`.
 In order to receive auto-completion suggestions, send a `POST` request to the URL endpoint `/v1/console/auto-complete-script`.
 
+> **Note**
+>
+> This functionality is used by the [debug console](11-cli-commands.md#cli-command-console). Do not use this in production, unless
+> you are aware of the fact that expressions and commands may crash the daemon, or lead into
+> unwanted behaviour. Use this URL endpoint **read-only** when needed.
+
 The following parameters need to be specified (either as URL parameters or in a JSON-encoded message body):
 
   Parameter  | Type         | Description
@@ -1845,82 +2228,160 @@ If you specify a session identifier, the same script context can be reused for m
 
 Example for fetching the command line from the local host's last check result:
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/console/execute-script?command=get_host(NodeName).last_check_result.command&sandboxed=0&session=bb75fd7c-c686-407d-9688-582c04227756&pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "result": [
-                    "/usr/local/sbin/check_ping",
-                    "-H",
-                    "127.0.0.1",
-                    "-c",
-                    "5000,100%",
-                    "-w",
-                    "3000,80%"
-                ],
-                "status": "Executed successfully."
-            }
-        ]
-    }
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/console/execute-script?command=get_host(NodeName).last_check_result.command&sandboxed=0&session=bb75fd7c-c686-407d-9688-582c04227756&pretty=1'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "result": [
+                "/usr/local/sbin/check_ping",
+                "-H",
+                "127.0.0.1",
+                "-c",
+                "5000,100%",
+                "-w",
+                "3000,80%"
+            ],
+            "status": "Executed successfully."
+        }
+    ]
+}
+```
 
 Example for fetching auto-completion suggestions for the `Host.` type. This works in a
 similar fashion when pressing TAB inside the [console CLI command](11-cli-commands.md#cli-command-console):
 
-    $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/console/auto-complete-script?command=Host.&sandboxed=0&session=bb75fd7c-c686-407d-9688-582c04227756&pretty=1'
-    {
-        "results": [
-            {
-                "code": 200.0,
-                "status": "Auto-completed successfully.",
-                "suggestions": [
-                    "Host.type",
-                    "Host.name",
-                    "Host.prototype",
-                    "Host.base",
-                    "Host.register_attribute_handler",
-                    "Host.clone",
-                    "Host.notify_attribute",
-                    "Host.to_string"
-                ]
-            }
-        ]
-    }
-
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' \
+ -X POST 'https://localhost:5665/v1/console/auto-complete-script?command=Host.&sandboxed=0&session=bb75fd7c-c686-407d-9688-582c04227756&pretty=1'
+{
+    "results": [
+        {
+            "code": 200.0,
+            "status": "Auto-completed successfully.",
+            "suggestions": [
+                "Host.type",
+                "Host.name",
+                "Host.prototype",
+                "Host.base",
+                "Host.register_attribute_handler",
+                "Host.clone",
+                "Host.notify_attribute",
+                "Host.to_string"
+            ]
+        }
+    ]
+}
+```
 
 ## API Clients <a id="icinga2-api-clients"></a>
 
-There are a couple of existing clients which can be used with the Icinga 2 API:
+After its initial release in 2015, community members
+and developers have been working hard to add more REST API
+clients and integrations into DevOps tools.
 
-* [curl](https://curl.haxx.se/) or any other HTTP client really
-* [Icinga 2 console (CLI command)](12-icinga2-api.md#icinga2-api-clients-cli-console)
-* [Icinga Web 2 Director](https://www.icinga.com/products/icinga-web-2-modules/)
-
-Demo cases:
-
-* [Dashing](https://github.com/Icinga/dashing-icinga2)
-* [API examples](https://github.com/Icinga/icinga2-api-examples)
+* [Libraries](12-icinga2-api.md#icinga2-api-clients-libraries)
+* [Status](12-icinga2-api.md#icinga2-api-clients-status)
+* [Management](12-icinga2-api.md#icinga2-api-clients-management)
+* [Event Streams](12-icinga2-api.md#icinga2-api-clients-event-streams)
+* [Actions](12-icinga2-api.md#icinga2-api-clients-actions)
+* [REST API Apps](12-icinga2-api.md#icinga2-api-clients-apps)
 
 Additional [programmatic examples](12-icinga2-api.md#icinga2-api-clients-programmatic-examples)
 will help you getting started using the Icinga 2 API in your environment.
 
-### Icinga 2 Console <a id="icinga2-api-clients-cli-console"></a>
+### Libraries <a id="icinga2-api-clients-libraries"></a>
 
-By default the [console CLI command](11-cli-commands.md#cli-command-console) evaluates
-expressions in a local interpreter, i.e. independently from your Icinga 2 daemon.
-Add the `--connect` parameter to debug and evaluate expressions via the API.
+Name												| Language	| Description
+------------------------------------------------------------------------------------------------|---------------|--------------------------------------------------------
+[ruby-icinga2](https://github.com/bodsch/ruby-icinga2)                                          | Ruby          | Ruby library
+[python-icinga2_api](https://github.com/KevinHonka/Icinga2_Python_API)                          | Python        | Python library
+[python-icinga2-api](https://github.com/fmnisme/python-icinga2api)				| Python	| Python bindings for Icinga 2 interaction
+[go-icinga2](https://github.com/xert/go-icinga2)						| Golang	| Golang functions and type definitions
+[go-icinga2-api](https://github.com/lrsmith/go-icinga2-api/)					| Golang	| Golang implementation used inside the Terraform provider
+[go-icinga2-client](https://github.com/Nexinto/go-icinga2-client)     | Golang  | Golang implementation for the Rancher integration.
+[Monitoring::Icinga2::Client::REST](https://metacpan.org/release/THESEAL/Monitoring-Icinga2-Client-REST-2.0.0) | Perl | Perl bindings.
+[Icinga 2 API in PHP](https://github.com/uniwue-rz/icinga2-api)					| PHP		| PHP implementation. For other examples, look into Icinga Web 2 and Director.
 
-### API Clients Programmatic Examples <a id="icinga2-api-clients-programmatic-examples"></a>
+### Status <a id="icinga2-api-clients-status"></a>
 
-The programmatic examples use HTTP basic authentication and SSL certificate
-verification. The CA file is expected in `pki/icinga2-ca.crt`
-but you may adjust the examples for your likings.
+Name												| Language	| Description
+------------------------------------------------------------------------------------------------|---------------|--------------------------------------------------------
+[Dashing](https://github.com/dnsmichi/dashing-icinga2)						| Ruby, HTML	| Dashboard for Dashing querying the REST API for current host/service/global status
+[InfluxDB Telegraf Input](https://github.com/influxdata/telegraf/blob/master/plugins/inputs/icinga2/README.md) | Golang	| [Telegraf](https://github.com/influxdata/telegraf) is an agent written in Go for collecting, processing, aggregating, and writing metrics.
+[Icinga Slack Bot](https://github.com/bb-Ricardo/icinga-slack-bot)				| Python	| It can be used to interact with Icinga2 from your Slack client. It uses the Icinga2 API to get Host/Service status details. Simple status filters can be used to narrow down the returned status list.
+[Icinga 2 Slack Bot](https://github.com/mlabouardy/icinga2-slack-bot) 				| Golang | Query host/service details from a [Slack](https://slack.com/) channel
+[icinga2bot](https://github.com/reikoNeko/icinga2bot)						| Python	| [Errbot](http://errbot.io/en/latest/user_guide/setup.html) plugin to fetch status and event stream information and forward to XMPP, IRC, etc.
+[IcingaBusyLightAgent](https://github.com/stdevel/IcingaBusylightAgent) 			| C#		| Notification Agent in Systray
+[BitBar for OSX](https://getbitbar.com/plugins/Dev/Icinga2/icinga2.24m.py)			| Python	| macOS tray app for highlighting the host/service status
+[Icinga 2 Multistatus](https://chrome.google.com/webstore/detail/icinga-multi-status/khabbhcojgkibdeipanmiphceeoiijal/related)	| - 	| Chrome Extension
+[Naglite4](https://github.com/wftech/icinga2-naglite4)						| Python	| Naglite3 rewrite using the Icinga 2 REST API.
 
-The [request method](icinga2-api-requests) is `POST` using
-[X-HTTP-Method-Override: GET](12-icinga2-api.md#icinga2-api-requests-method-override)
-which allows you to send a JSON request body. The examples request
-specific service attributes joined with host attributes. `attrs`
-and `joins` are therefore specified as array.
+### Manage Objects <a id="icinga2-api-clients-management"></a>
+
+Name												| Language	| Description
+------------------------------------------------------------------------------------------------|---------------|--------------------------------------------------------
+[Icinga Director](https://icinga.com/docs/director/latest) 					| PHP, JS	| Icinga 2 configuration interface with a nice frontend, and automated imports for nearly any source.
+[Terraform Provider](https://github.com/terraform-providers/terraform-provider-icinga2)		| Golang	| Register hosts from Terraform in Icinga 2. [Official docs](https://www.terraform.io/docs/providers/icinga2/index.html).
+[Kube Icinga](https://github.com/gyselroth/kube-icinga)			                        | Typescript    | Monitor Kubernetes services / resources using icinga2 (including autodiscovery support)
+[Logstash output for Icinga](https://www.icinga.com/products/integrations/elastic/)             | Ruby          | Forward check results and create objects from log events
+[Foreman Smart Proxy Monitoring](https://github.com/theforeman/smart_proxy_monitoring)		| Ruby		| Smart Proxy extension for Foreman creating and deleting hosts and services in Icinga 2
+[Rancher integration](https://github.com/Nexinto/rancher-icinga)         		        | Golang        | Registers [Rancher](http://rancher.com/rancher/) resources in Icinga 2 for monitoring.
+[AWS/EC2](https://github.com/Icinga/icinga2-api-examples/tree/master/aws-ec2)			| Ruby		| Example script for creating and deleting AWS instances in Icinga 2
+[Ansible Host Module](https://docs.ansible.com/ansible/latest/modules/icinga2_host_module.html) | Python 	| In progress, [Ansible Feature](https://docs.ansible.com/ansible/latest/modules/icinga2_feature_module.html#icinga2-feature-module) is also there.
+[gocinga](https://gitlab.com/sambadevi/gocinga)							| Golang	| CLI Tool for Icinga, written in go
+
+### Event Streams <a id="icinga2-api-clients-event-streams"></a>
+
+Name												| Language	| Description
+------------------------------------------------------------------------------------------------|---------------|--------------------------------------------------------
+[Elastic Icingabeat](https://icinga.com/docs/icingabeat/latest/)				| Golang	| Process events and send to Elasticsearch/Logstash outputs
+[Request Tracker ticket integration](https://github.com/bytemine/icinga2rt)			| Golang	| Create and update RT tickets
+[Logstash input event stream](https://github.com/bobapple/logstash-input-icinga_eventstream)	| Ruby		| Forward events as Logstash input
+[Flapjack events](https://github.com/sol1/flapjack-icinga2)					| Golang	| Dumping events into Redis for Flapjack processing
+[Stackstorm integration](https://github.com/StackStorm-Exchange/stackstorm-icinga2)		| Python	| Processing events and fetching status information
+[NodeJS consumer](https://community.icinga.com/t/consume-api-event-stream/1010/6)		| NodeJS	| Example from our community :)
+
+### Actions <a id="icinga2-api-clients-actions"></a>
+
+Name												| Language	| Description
+------------------------------------------------------------------------------------------------|---------------|--------------------------------------------------------
+[Icinga Web 2](https://icinga.com/docs/icingaweb2/latest/)                                      | PHP           | Trigger actions via command transport
+[Logstash output for Icinga](https://www.icinga.com/products/integrations/elastic/)             | Ruby          | Forward check results and create objects from log events
+[OTRS SystemMonitoring](https://github.com/OTRS/SystemMonitoring)                               | Perl          | Acknowledge problems in Icinga 2 from OTRS tickets
+[mqttwarn](https://github.com/jpmens/mqttwarn#icinga2)						| Python	| Forward check results from mqttwarn to Icinga 2
+[Lita handler](https://github.com/tuxmea/lita-icinga2)						| Ruby		| List, recheck and acknowledge through a #chatops bot called [Lita](https://github.com/litaio/lita)
+[Sakuli forwarder](http://sakuli.readthedocs.io/en/latest/forwarder-icinga2api/)		| Java		| Forward check results from tests from [Sakuli](https://github.com/ConSol/sakuli) to Icinga 2
+[OpsGenie actions](https://www.opsgenie.com/docs/integrations/icinga2-integration)		| Golang, Java	| Integrate Icinga 2 into OpsGenie
+
+
+### REST API Apps <a id="icinga2-api-clients-apps"></a>
+
+Name												| Language	| Description
+------------------------------------------------------------------------------------------------|---------------|--------------------------------------------------------
+Browser plugins											| -		| [Postman for Chrome](https://www.getpostman.com), [RESTED for Firefox](https://addons.mozilla.org/en-US/firefox/addon/rested/)
+[Postman](https://www.getpostman.com/)                                                          | -             | App instead of browser plugin
+[Cocoa Rest Client](http://mmattozzi.github.io/cocoa-rest-client/)                              | -             | macOS app
+[Paw for MacOS](https://paw.cloud)								| (exported)	| Paw is a full-featured HTTP client that lets you test and describe the APIs you build or consume. It has a beautiful native macOS interface to compose requests, inspect server responses, generate client code and export API definitions.
+
+
+### Programmatic Examples <a id="icinga2-api-clients-programmatic-examples"></a>
+
+The following languages are covered:
+
+* [Python](12-icinga2-api.md#icinga2-api-clients-programmatic-examples-python)
+* [Ruby](12-icinga2-api.md#icinga2-api-clients-programmatic-examples-ruby)
+* [PHP](12-icinga2-api.md#icinga2-api-clients-programmatic-examples-php)
+* [Perl](12-icinga2-api.md#icinga2-api-clients-programmatic-examples-perl)
+* [Golang](12-icinga2-api.md#icinga2-api-clients-programmatic-examples-golang)
+* [Powershell](12-icinga2-api.md#icinga2-api-clients-programmatic-examples-powershell)
+
+The [request method](icinga2-api-requests) is `POST` using [X-HTTP-Method-Override: GET](12-icinga2-api.md#icinga2-api-requests-method-override)
+which allows you to send a JSON request body. The examples request specific service
+attributes joined with host attributes. `attrs` and `joins` are therefore specified
+as array.
 The `filter` attribute [matches](18-library-reference.md#global-functions-match)
 on all services with `ping` in their name.
 
@@ -1928,92 +2389,95 @@ on all services with `ping` in their name.
 
 The following example uses **Python** and the `requests` and `json` module:
 
-    # pip install requests
-    # pip install json
+```
+# pip install requests
+# pip install json
 
-    $ vim icinga2-api-example.py
+$ vim icinga.py
 
-    #!/usr/bin/env python
-    
-    import requests, json
-    
-    # Replace 'localhost' with your FQDN and certificate CN
-    # for SSL verification
-    request_url = "https://localhost:5665/v1/objects/services"
-    headers = {
-            'Accept': 'application/json',
-            'X-HTTP-Method-Override': 'GET'
-            }
-    data = {
-            "attrs": [ "name", "state", "last_check_result" ],
-            "joins": [ "host.name", "host.state", "host.last_check_result" ],
-            "filter": "match(\"ping*\", service.name)",
-    }
-    
-    r = requests.post(request_url,
-            headers=headers,
-            auth=('root', 'icinga'),
-            data=json.dumps(data),
-            verify="pki/icinga2-ca.crt")
-    
-    print "Request URL: " + str(r.url)
-    print "Status code: " + str(r.status_code)
-    
-    if (r.status_code == 200):
-            print "Result: " + json.dumps(r.json())
-    else:
-            print r.text
-            r.raise_for_status()
+#!/usr/bin/env python
 
-    $ python icinga2-api-example.py
+import requests, json
 
+# Replace 'localhost' with your FQDN and certificate CN
+# for TLS verification
+request_url = "https://localhost:5665/v1/objects/services"
+headers = {
+        'Accept': 'application/json',
+        'X-HTTP-Method-Override': 'GET'
+        }
+data = {
+        "attrs": [ "name", "state", "last_check_result" ],
+        "joins": [ "host.name", "host.state", "host.last_check_result" ],
+        "filter": "match(\"ping*\", service.name)",
+}
+
+r = requests.post(request_url,
+        headers=headers,
+        auth=('root', 'icinga'),
+        data=json.dumps(data),
+        verify="pki/icinga2-ca.crt")
+
+print "Request URL: " + str(r.url)
+print "Status code: " + str(r.status_code)
+
+if (r.status_code == 200):
+        print "Result: " + json.dumps(r.json())
+else:
+        print r.text
+        r.raise_for_status()
+
+$ python icinga.py
+```
 
 #### Example API Client in Ruby <a id="icinga2-api-clients-programmatic-examples-ruby"></a>
 
 The following example uses **Ruby** and the `rest_client` gem:
 
-    # gem install rest_client
+```
+# gem install rest_client
 
-    $ vim icinga2-api-example.rb
+$ vim icinga.rb
 
-    #!/usr/bin/ruby
-    
-    require 'rest_client'
-    
-    # Replace 'localhost' with your FQDN and certificate CN
-    # for SSL verification
-    request_url = "https://localhost:5665/v1/objects/services"
-    headers = {
-            "Accept" => "application/json",
-            "X-HTTP-Method-Override" => "GET"
-    }
-    data = {
-            "attrs" => [ "name", "state", "last_check_result" ],
-            "joins" => [ "host.name", "host.state", "host.last_check_result" ],
-            "filter" => "match(\"ping*\", service.name)",
-    }
-    
-    r = RestClient::Resource.new(
-            URI.encode(request_url),
-            :headers => headers,
-            :user => "root",
-            :password => "icinga",
-            :ssl_ca_file => "pki/icinga2-ca.crt")
-    
-    begin
-            response = r.post(data.to_json)
-    rescue => e
-            response = e.response
-    end
-    
-    puts "Status: " + response.code.to_s
-    if response.code == 200
-            puts "Result: " + (JSON.pretty_generate JSON.parse(response.body))
-    else
-            puts "Error: " + response
-    end
+#!/usr/bin/ruby
 
-    $ ruby icinga2-api-example.rb
+require 'rest_client'
+
+# Replace 'localhost' with your FQDN and certificate CN
+# for TLS verification
+request_url = "https://localhost:5665/v1/objects/services"
+headers = {
+        "Accept" => "application/json",
+        "X-HTTP-Method-Override" => "GET"
+}
+data = {
+        "attrs" => [ "name", "state", "last_check_result" ],
+        "joins" => [ "host.name", "host.state", "host.last_check_result" ],
+        "filter" => "match(\"ping*\", service.name)",
+}
+
+r = RestClient::Resource.new(
+        URI.encode(request_url),
+        :headers => headers,
+        :user => "root",
+        :password => "icinga",
+        :ssl_ca_file => "pki/icinga2-ca.crt")
+
+begin
+        response = r.post(data.to_json)
+rescue => e
+        response = e.response
+end
+
+puts "Status: " + response.code.to_s
+if response.code == 200
+        puts "Result: " + (JSON.pretty_generate JSON.parse(response.body))
+else
+        puts "Error: " + response
+end
+
+$ ruby icinga.rb
+```
 
 A more detailed example can be found in the [Dashing demo](https://github.com/Icinga/dashing-icinga2).
 
@@ -2021,100 +2485,252 @@ A more detailed example can be found in the [Dashing demo](https://github.com/Ic
 
 The following example uses **PHP** and its `curl` library:
 
-    $ vim icinga2-api-example.php
+```
+$ vim icinga.php
 
-    #!/usr/bin/env php
-    <?php
-    # Replace 'localhost' with your FQDN and certificate CN
-    # for SSL verification
-    $request_url = "https://localhost:5665/v1/objects/services";
-    $username = "root";
-    $password = "icinga";
-    $headers = array(
-            'Accept: application/json',
-            'X-HTTP-Method-Override: GET'
-    );
-    $data = array(
-            attrs => array('name', 'state', 'last_check_result'),
-            joins => array('host.name', 'host.state', 'host.last_check_result'),
-            filter => 'match("ping*", service.name)',
-    );
-    
-    $ch = curl_init();
-    curl_setopt_array($ch, array(
-            CURLOPT_URL => $request_url,
-            CURLOPT_HTTPHEADER => $headers,
-            CURLOPT_USERPWD => $username . ":" . $password,
-            CURLOPT_RETURNTRANSFER => true,
-            CURLOPT_CAINFO => "pki/icinga2-ca.crt",
-            CURLOPT_POST => count($data),
-            CURLOPT_POSTFIELDS => json_encode($data)
-    ));
-    
-    $response = curl_exec($ch);
-    if ($response === false) {
-            print "Error: " . curl_error($ch) . "(" . $response . ")\n";
-    }
-    
-    $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-    curl_close($ch);
-    print "Status: " . $code . "\n";
-    
-    if ($code == 200) {
-            $response = json_decode($response, true);
-            print_r($response);
-    }
-    ?>
+#!/usr/bin/env php
+<?php
+# Replace 'localhost' with your FQDN and certificate CN
+# for TLS verification
+$request_url = "https://localhost:5665/v1/objects/services";
+$username = "root";
+$password = "icinga";
+$headers = array(
+        'Accept: application/json',
+        'X-HTTP-Method-Override: GET'
+);
+$data = array(
+        attrs => array('name', 'state', 'last_check_result'),
+        joins => array('host.name', 'host.state', 'host.last_check_result'),
+        filter => 'match("ping*", service.name)',
+);
 
-    $ php icinga2-api-example.php
+$ch = curl_init();
+curl_setopt_array($ch, array(
+        CURLOPT_URL => $request_url,
+        CURLOPT_HTTPHEADER => $headers,
+        CURLOPT_USERPWD => $username . ":" . $password,
+        CURLOPT_RETURNTRANSFER => true,
+        CURLOPT_CAINFO => "pki/icinga2-ca.crt",
+        CURLOPT_POST => count($data),
+        CURLOPT_POSTFIELDS => json_encode($data)
+));
+
+$response = curl_exec($ch);
+if ($response === false) {
+        print "Error: " . curl_error($ch) . "(" . $response . ")\n";
+}
+
+$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+curl_close($ch);
+print "Status: " . $code . "\n";
+
+if ($code == 200) {
+        $response = json_decode($response, true);
+        print_r($response);
+}
+?>
+
+$ php icinga.php
+```
 
 #### Example API Client in Perl <a id="icinga2-api-clients-programmatic-examples-perl"></a>
 
 The following example uses **Perl** and the `Rest::Client` module:
 
-    # perl -MCPAN -e 'install REST::Client'
-    # perl -MCPAN -e 'install JSON'
-    # perl -MCPAN -e 'install MIME::Base64'
-    # perl -MCPAN -e 'install Data::Dumper'
+```
+# perl -MCPAN -e 'install REST::Client'
+# perl -MCPAN -e 'install JSON'
+# perl -MCPAN -e 'install MIME::Base64'
+# perl -MCPAN -e 'install Data::Dumper'
 
-    $ vim icinga2-api-example.pl
+$ vim icinga.pl
 
-    #!/usr/bin/env perl
-    
-    use strict;
-    use warnings;
-    use REST::Client;
-    use MIME::Base64;
-    use JSON;
-    use Data::Dumper;
-    
-    # Replace 'localhost' with your FQDN and certificate CN
-    # for SSL verification
-    my $request_host = "https://localhost:5665";
-    my $userpass = "root:icinga";
-    
-    my $client = REST::Client->new();
-    $client->setHost($request_host);
-    $client->setCa("pki/icinga2-ca.crt");
-    $client->addHeader("Accept", "application/json");
-    $client->addHeader("X-HTTP-Method-Override", "GET");
-    $client->addHeader("Authorization", "Basic " . encode_base64($userpass));
-    my %json_data = (
-            attrs => ['name', 'state', 'last_check_result'],
-            joins => ['host.name', 'host.state', 'host.last_check_result'],
-            filter => 'match("ping*", service.name)',
-    );
-    my $data = encode_json(\%json_data);
-    $client->POST("/v1/objects/services", $data);
-    
-    my $status = $client->responseCode();
-    print "Status: " . $status . "\n";
-    my $response = $client->responseContent();
-    if ($status == 200) {
-            print "Result: " . Dumper(decode_json($response)) . "\n";
-    } else {
-            print "Error: " . $response . "\n";
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use REST::Client;
+use MIME::Base64;
+use JSON;
+use Data::Dumper;
+
+# Replace 'localhost' with your FQDN and certificate CN
+# for TLS verification
+my $request_host = "https://localhost:5665";
+my $userpass = "root:icinga";
+
+my $client = REST::Client->new();
+$client->setHost($request_host);
+$client->setCa("pki/icinga2-ca.crt");
+$client->addHeader("Accept", "application/json");
+$client->addHeader("X-HTTP-Method-Override", "GET");
+$client->addHeader("Authorization", "Basic " . encode_base64($userpass));
+my %json_data = (
+        attrs => ['name', 'state', 'last_check_result'],
+        joins => ['host.name', 'host.state', 'host.last_check_result'],
+        filter => 'match("ping*", service.name)',
+);
+my $data = encode_json(\%json_data);
+$client->POST("/v1/objects/services", $data);
+
+my $status = $client->responseCode();
+print "Status: " . $status . "\n";
+my $response = $client->responseContent();
+if ($status == 200) {
+        print "Result: " . Dumper(decode_json($response)) . "\n";
+} else {
+        print "Error: " . $response . "\n";
+}
+
+$ perl icinga.pl
+```
+
+
+#### Example API Client in Golang <a id="icinga2-api-clients-programmatic-examples-golang"></a>
+
+Requires the Golang build chain.
+
+```
+$ vim icinga.go
+
+package main
+
+import (
+	"bytes"
+	"crypto/tls"
+	"log"
+	"io/ioutil"
+	"net/http"
+)
+
+func main() {
+	var urlBase= "https://localhost:5665"
+	var apiUser= "root"
+	var apiPass= "icinga"
+
+	urlEndpoint := urlBase + "/v1/objects/services"
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	httpClient := &http.Client{Transport: tr}
+
+	var requestBody = []byte(`{
+		"attrs": [ "name", "state", "last_check_result" ],
+		"joins": [ "host.name", "host.state", "host.last_check_result" ],
+		"filter": "match(\"ping*\", service.name)"
+	}`)
+
+	req, err := http.NewRequest("POST", urlEndpoint, bytes.NewBuffer(requestBody))
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("X-HTTP-Method-Override", "GET")
+
+	req.SetBasicAuth(apiUser, apiPass)
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		log.Fatal("Server error:", err)
+		return
+	}
+	defer resp.Body.Close()
+
+	log.Print("Response status:", resp.Status)
+
+	bodyBytes, _ := ioutil.ReadAll(resp.Body)
+	bodyString := string(bodyBytes)
+
+	if resp.StatusCode == http.StatusOK {
+		log.Print("Result: " + bodyString)
+	} else {
+		log.Fatal(bodyString)
+	}
+}
+```
+
+Build the binary:
+
+```
+go build icinga.go
+./icinga
+```
+
+#### Example API Client in Powershell <a id="icinga2-api-clients-programmatic-examples-powershell"></a>
+
+Requires Windows 10+ with Powershell 5+.
+
+Note: The workaround for self signed certificates is not considered
+best practice.
+
+```
+# Workaround for self signed certificates
+# https://stackoverflow.com/questions/36456104/invoke-restmethod-ignore-self-signed-certs
+if (-not("dummy" -as [type])) {
+    add-type -TypeDefinition @"
+using System;
+using System.Net;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+public static class Dummy {
+    public static bool ReturnTrue(object sender,
+        X509Certificate certificate,
+        X509Chain chain,
+        SslPolicyErrors sslPolicyErrors) { return true; }
+
+    public static RemoteCertificateValidationCallback GetDelegate() {
+        return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
     }
+}
+"@
+}
 
-    $ perl icinga2-api-example.pl
+[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()
 
+$icingaApiHost = "localhost"
+$icingaApiUser = "root"
+$icingaApiPassword = "icinga"
+
+$requestUrl = "https://{0}:5665/v1/objects/services" -f $icingaApiHost
+
+$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $icingaApiUser, $icingaApiPassword)))
+$httpAuthInfo = "Basic $base64AuthInfo"
+$httpAcceptInfo = "application/json"
+
+$httpHeaders = @{
+    "Authorization" = $httpAuthInfo
+    "Accept" = $httpAcceptInfo
+    "X-HTTP-Method-Override" = "GET"
+}
+
+$attrs =  @( "name", "state", "last_check_result" )
+$joins = @( "host.name", "host.state", "host.last_check_result")
+$filter = 'match("ping*", service.name)'
+
+$data = @{
+    "attrs" = $attrs
+    "joins" = $joins
+    "filter" = $filter
+}
+
+$result = Invoke-RestMethod -Headers $httpHeaders -Uri $requestUrl -Method "POST" -Body ($data|ConvertTo-Json)
+
+foreach ($s in $result.results) {
+    Write-Host "Service " $s.attrs.name " on Host " $s.joins.host.name "State " $s.attrs.state " Output: " $s.attrs.last_check_result.output
+    # Debug
+    Write-Host "Debug: Attributes " $s.attrs | ConvertTo-Json
+    Write-Host "Debug: Joins Host" $s.joins.host | ConvertTo-Json
+    Write-Host "`n"
+}
+```
+
+Run the Powershell ISE as administrator, and execute the script as you change it.
+
+![Icinga 2 API Windows Powershell ISE Script](images/api/icinga2_api_powershell_ise.png)
+
+
+Alternatively, save the code and run it in Powershell:
+
+```
+.\icinga.ps1
+```
diff --git a/doc/13-addons.md b/doc/13-addons.md
index 1d26de747..68325120d 100644
--- a/doc/13-addons.md
+++ b/doc/13-addons.md
@@ -1,37 +1,27 @@
-# Icinga 2 Addons <a id="addons"></a>
+# Icinga 2 Addons and Integrations <a id="addons"></a>
 
-## Graphing <a id="addons-graphing"></a>
+For an uptodate overview of all integrations and modules,
+please visit [https://icinga.com/products/](https://icinga.com/products/).
 
-### PNP <a id="addons-graphing-pnp"></a>
 
-[PNP](https://www.pnp4nagios.org) is a graphing addon.
+## Icinga Reporting <a id="addons-reporting"></a>
 
-[PNP](https://www.pnp4nagios.org) is an addon which adds a graphical representation of the performance data collected
-by the monitoring plugins. The data is stored as rrd (round robin database) files.
+The [Icinga Reporting Module](https://icinga.com/docs/reporting/latest/)
+is the framework and foundation we created to handle data collected
+by Icinga 2 and other data providers. By definition Icinga Reporting does not collect
+or calculate any data. The framework processes usable data from data providers such as
+Icinga’s IDO or Icinga Web 2 modules and makes them available in different formats.
 
-Use your distribution's package manager to install the `pnp4nagios` package.
+It can display the data directly within the Icinga web interface or export it to PDF,
+JSON or CSV format. With scheduled reports you can receive the prepared data periodically
+via email.
 
-If you're planning to use it, configure it to use the
-[bulk mode with npcd and npcdmod](https://docs.pnp4nagios.org/pnp-0.6/modes#bulk_mode_with_npcd_and_npcdmod)
-in combination with Icinga 2's [PerfdataWriter](14-features.md#performance-data). NPCD collects the performance
-data files which Icinga 2 generates.
+![Icinga Reporting](images/addons/icinga_reporting.png)
 
-Enable performance data writer in icinga 2
+Follow along in this [hands-on blog post](https://icinga.com/2019/06/17/icinga-reporting-hands-on/).
 
-    # icinga2 feature enable perfdata
-
-Configure npcd to use the performance data created by Icinga 2:
-
-    vim /etc/pnp4nagios/npcd.cfg
-
-Set `perfdata_spool_dir = /var/spool/icinga2/perfdata` and restart the `npcd` daemon.
-
-There's also an Icinga Web 2 module for direct PNP graph integration
-available at [Icinga Exchange](https://exchange.icinga.com/icinga/PNP).
-
-More information on [action_url as attribute](13-addons.md#addons-graphing-pnp-action-url)
-and [graph template names](13-addons.md#addons-graphing-pnp-custom-templates).
 
+## Graphs and Metrics <a id="addons-graphs-metrics"></a>
 
 ### Graphite <a id="addons-graphing-graphite"></a>
 
@@ -45,15 +35,22 @@ Graphite consists of 3 software components:
 * whisper -- a simple database library for storing time-series data (similar in design to RRD)
 * graphite webapp -- a Django webapp that renders graphs on-demand using Cairo
 
+You need to install Graphite first, then proceed with configuring it in Icinga 2.
+
 Use the [GraphiteWriter](14-features.md#graphite-carbon-cache-writer) feature
 for sending real-time metrics from Icinga 2 to Graphite.
 
-    # icinga2 feature enable graphite
-
-There are Graphite addons available for collecting the performance data files too (e.g. `Graphios`).
+```
+# icinga2 feature enable graphite
+```
 
 A popular alternative frontend for Graphite is for example [Grafana](https://grafana.org).
 
+Integration in Icinga Web 2 is possible by installing the official [graphite module](https://icinga.com/docs/graphite/latest/).
+
+![Icinga Web 2 Detail View with Graphite](images/addons/icingaweb2_graphite.png)
+
+
 ### InfluxDB <a id="addons-graphing-influxdb"></a>
 
 [InfluxDB](https://influxdb.com) is a time series, metrics, and analytics database.
@@ -62,35 +59,96 @@ It’s written in Go and has no external dependencies.
 Use the [InfluxdbWriter](14-features.md#influxdb-writer) feature
 for sending real-time metrics from Icinga 2 to InfluxDB.
 
-    # icinga2 feature enable influxdb
+```
+# icinga2 feature enable influxdb
+```
 
 A popular frontend for InfluxDB is for example [Grafana](https://grafana.org).
 
+Integration in Icinga Web 2 is possible by installing the community [Grafana module](https://github.com/Mikesch-mp/icingaweb2-module-grafana).
+
+![Icinga Web 2 Detail View with Grafana](images/addons/icingaweb2_grafana.png)
+
+
+### PNP <a id="addons-graphing-pnp"></a>
+
+[PNP](https://www.pnp4nagios.org) is a graphing addon.
+
+[PNP](https://www.pnp4nagios.org) is an addon which adds a graphical representation of the performance data collected
+by the monitoring plugins. The data is stored as rrd (round robin database) files.
+
+Use your distribution's package manager to install the `pnp4nagios` package.
+
+If you're planning to use it, configure it to use the
+[bulk mode with npcd and npcdmod](https://docs.pnp4nagios.org/pnp-0.6/modes#bulk_mode_with_npcd_and_npcdmod)
+in combination with Icinga 2's [PerfdataWriter](14-features.md#writing-performance-data-files). NPCD collects the performance
+data files which Icinga 2 generates.
+
+Enable performance data writer in icinga 2
+
+```
+# icinga2 feature enable perfdata
+```
+
+Configure npcd to use the performance data created by Icinga 2:
+
+```
+vim /etc/pnp4nagios/npcd.cfg
+```
+
+Set `perfdata_spool_dir = /var/spool/icinga2/perfdata` and restart the `npcd` daemon.
+
+There's also an Icinga Web 2 module for direct PNP graph integration
+available at [Icinga Exchange](https://exchange.icinga.com/icinga/PNP).
+
 ## Visualization <a id="addons-visualization"></a>
 
-### Icinga Reporting <a id="addons-visualization-reporting"></a>
+### Maps <a id="addons-visualization-maps"></a>
 
-By enabling the [DB IDO](14-features.md#db-ido) feature you can use the
-[Icinga Reporting package](https://docs.icinga.com/latest/en/reporting.html).
+This community module displays host objects as markers on openstreetmap in Icinga Web 2.
+It uses the data provided by the monitoring module and as such the [DB IDO](14-features.md#db-ido)
+from Icinga 2.
 
-### NagVis <a id="addons-visualization-nagvis"></a>
+If you configure multiple hosts with the same coordinates, i.e. servers in a datacenter, a clustered view is rendered.
 
-By using either [Livestatus](14-features.md#setting-up-livestatus) or
-[DB IDO](14-features.md#db-ido) as a backend you can create your own network maps
-based on your monitoring configuration and status data using [NagVis](https://www.nagvis.org).
+Check the  [Map module docs](https://github.com/nbuchwitz/icingaweb2-module-map) for more details on
+installation, configuration and integration.
 
-The configuration in nagvis.ini.php should look like this for Livestatus for example:
+![Icinga Web 2 Maps](images/addons/icingaweb2_maps.png)
 
-    [backend_live_1]
-    backendtype="mklivestatus"
-    socket="unix:/var/run/icinga2/cmd/livestatus"
+### Business Process <a id="addons-business-process"></a>
 
-If you are planning an integration into Icinga Web 2, look at [this module](https://github.com/Icinga/icingaweb2-module-nagvis).
+Create top-level views of your applications in a graphical editor.
+Rules express dependencies between existing hosts and services and
+let you alert on application level. Business processes are displayed
+in a tree or list overview and can be added to any dashboard.
 
-### Thruk <a id="addons-visualization-thruk"></a>
+![Icinga Web 2 Business Process](images/addons/icingaweb2_businessprocess.png)
+
+Read more [here](https://icinga.com/products/icinga-business-process-modelling/).
+
+### Certificate Monitoring <a id="addons-visualization-certificate-monitoring"></a>
+
+Monitor your certificates in an efficient and comfortable way. Be aware of required
+actions and view all details at a glance.
+
+![Icinga Certificate Monitoring](images/addons/icinga_certificate_monitoring.png)
+
+Read more [here](https://icinga.com/products/icinga-certificate-monitoring/)
+and [here](https://icinga.com/2019/06/03/monitoring-automation-with-icinga-certificate-monitoring/).
+
+### Dashing Dashboard <a id="addons-visualization-dashing-dashboard"></a>
+
+The [Icinga 2 dashboard](https://github.com/dnsmichi/dashing-icinga2) is built
+on top of Dashing and uses the [REST API](12-icinga2-api.md#icinga2-api) to visualize what's going
+on with your monitoring. It combines several popular widgets and provides development
+instructions for your own implementation.
+
+The dashboard also allows to embed the [Icinga Web 2](https://icinga.com/products/icinga-web-2/)
+host and service problem lists as Iframe.
+
+![Dashing dashboard](images/addons/dashing_icinga2.png)
 
-[Thruk](https://www.thruk.org) is an alternative web interface which can be used with Icinga 2
-and the [Livestatus](14-features.md#setting-up-livestatus) feature.
 
 ## Log Monitoring <a id="log-monitoring"></a>
 
@@ -102,7 +160,7 @@ is even simpler these days.
 * Configure the logstash `nagios` output to send passive traps to Icinga 2 using the external command pipe.
 * Execute a plugin to check Graylog alert streams.
 
-More details can be found in [this blog post](https://www.icinga.com/2014/12/02/team-icinga-at-osmc-2014/).
+More details can be found in [this blog post](https://icinga.com/2014/12/02/team-icinga-at-osmc-2014/).
 
 ## Notification Scripts and Interfaces <a id="notification-scripts-interfaces"></a>
 
@@ -116,79 +174,27 @@ There's a variety of resources available, for example different notification scr
 * Ticket systems
 * etc.
 
-Additionally external services can be [integrated with Icinga 2](https://www.icinga.com/products/integrations/):
+Blog posts and howtos:
 
-* [Pagerduty](https://www.icinga.com/partners/pagerduty/)
-* [VictorOps](https://www.icinga.com/partners/victorops/)
-* [StackStorm](https://www.icinga.com/partners/stackstorm/)
+* [Environmental Monitoring and Alerting](https://icinga.com/2019/09/02/environmental-monitoring-and-alerting-via-text-message/)
 
-More information can be found on the [Icinga Website](https://www.icinga.com/).
+Additionally external services can be [integrated with Icinga 2](https://icinga.com/products/integrations/):
+
+* [Pagerduty](https://icinga.com/products/integrations/pagerduty/)
+* [VictorOps](https://icinga.com/products/integrations/victorops/)
+* [StackStorm](https://icinga.com/products/integrations/stackstorm/)
+
+More information can be found on the [Icinga Website](https://icinga.com/).
 
 ## Configuration Management Tools <a id="configuration-tools"></a>
 
-If you require your favourite configuration tool to export the Icinga 2 configuration, please get in
-touch with their developers. The Icinga project does not provide a configuration web interface
-yet. Follow the [Icinga Blog](https://www.icinga.com/blog/) for updates on this topic.
+Checkout these specific integrations:
 
-If you're looking for puppet manifests, chef cookbooks, ansible recipes, etc. -- we're happy
-to integrate them upstream, so please get in touch with the [Icinga team](https://www.icinga.com/community/get-involved/).
+* [Ansible Roles](https://icinga.com/products/integrations/)
+* [Puppet Module](https://icinga.com/products/integrations/puppet/)
+* [Chef Cookbook](https://icinga.com/products/integrations/chef/)
 
-These tools are currently in development and require feedback and tests:
+If you're looking for different config management integrations -- we're happy
+to add them upstream, so please get in touch with the [Icinga team](https://icinga.com/community/).
 
-* [Ansible Roles](https://github.com/Icinga/icinga2-ansible)
-* [Puppet Module](https://github.com/Icinga/puppet-icinga2)
-* [Chef Cookbook](https://github.com/Icinga/chef-icinga2)
 
-## More Addon Integration Hints <a id="addon-integration-hints"></a>
-
-### PNP Action Url <a id="addons-graphing-pnp-action-url"></a>
-
-They work in a similar fashion for Icinga 2 and are used for 1.x web interfaces (Icinga Web 2 doesn't require
-the action url attribute in its own module).
-
-    template Host "pnp-hst" {
-      action_url = "/pnp4nagios/graph?host=$HOSTNAME$"
-    }
-
-    template Service "pnp-svc" {
-      action_url = "/pnp4nagios/graph?host=$HOSTNAME$&srv=$SERVICEDESC$"
-    }
-
-### PNP Custom Templates with Icinga 2 <a id="addons-graphing-pnp-custom-templates"></a>
-
-PNP automatically determines the graph template from the check command name (or the argument's name).
-This behavior changed in Icinga 2 compared to Icinga 1.x. Though there are certain possibilities to
-fix this:
-
-* Create a symlink for example from the `templates.dist/check_ping.php` template to the actual check name in Icinga 2 (`templates/ping4.php`)
-* Pass the check command name inside the [format template configuration](14-features.md#writing-performance-data-files)
-
-The latter becomes difficult with agent based checks like NRPE or SSH where the first command argument acts as
-graph template identifier. There is the possibility to define the pnp template name as custom attribute
-and use that inside the formatting templates as `SERVICECHECKCOMMAND` for instance.
-
-Example for services:
-
-    # vim /etc/icinga2/features-enabled/perfdata.conf
-
-    service_format_template = "DATATYPE::SERVICEPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tSERVICEDESC::$service.name$\tSERVICEPERFDATA::$service.perfdata$\tSERVICECHECKCOMMAND::$service.check_command$$pnp_check_arg1$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$\tSERVICESTATE::$service.state$\tSERVICESTATETYPE::$service.state_type$"
-
-    # vim /etc/icinga2/conf.d/services.conf
-
-    template Service "pnp-svc" {
-      action_url = "/pnp4nagios/graph?host=$HOSTNAME$&srv=$SERVICEDESC$"
-      vars.pnp_check_arg1 = ""
-    }
-
-    apply Service "nrpe-check" {
-      import "pnp-svc"
-      check_command = nrpe
-      vars.nrpe_command = "check_disk"
-
-      vars.pnp_check_arg1 = "!$nrpe_command$"
-    }
-
-If there are warnings about unresolved macros, make sure to specify a default value for `vars.pnp_check_arg1` inside the
-
-In PNP, the custom template for nrpe is then defined in `/etc/pnp4nagios/custom/nrpe.cfg`
-and the additional command arg string will be seen in the xml too for other templates.
diff --git a/doc/14-features.md b/doc/14-features.md
index d7a41a289..c9fa71b95 100644
--- a/doc/14-features.md
+++ b/doc/14-features.md
@@ -21,25 +21,42 @@ By default file the `mainlog` feature is enabled. When running Icinga 2
 on a terminal log messages with severity `information` or higher are
 written to the console.
 
-Packages will install a configuration file for logrotate on supported
-platforms. This configuration ensures that the `icinga2.log`, `error.log` and
-`debug.log` files are rotated on a daily basis.
+### Log Rotation <a id="logging-logrotate"></a>
 
-## DB IDO <a id="db-ido"></a>
+Packages provide a configuration file for [logrotate](https://linux.die.net/man/8/logrotate)
+on Linux/Unix. Typically this is installed into `/etc/logrotate.d/icinga2`
+and modifications won't be overridden on upgrade.
+
+Instead of sending the reload HUP signal, logrotate
+sends the USR1 signal to notify the Icinga daemon
+that it has rotate the log file. Icinga reopens the log
+files then:
+
+* `/var/log/icinga2/icinga2.log` (requires `mainlog` enabled)
+* `/var/log/icinga2/debug.log` (requires `debuglog` enabled)
+* `/var/log/icinga2/erorr.log`
+
+By default, log files will be rotated daily.
+
+## Core Backends <a id="core-backends"></a>
+
+### REST API <a id="core-backends-api"></a>
+
+The REST API is documented [here](12-icinga2-api.md#icinga2-api) as a core feature.
+
+### IDO Database (DB IDO) <a id="db-ido"></a>
 
 The IDO (Icinga Data Output) feature for Icinga 2 takes care of exporting all
 configuration and status information into a database. The IDO database is used
 by Icinga Web 2 as data backend.
 
-Details on the installation can be found in the [Configuring DB IDO](02-getting-started.md#configuring-db-ido-mysql)
+Details on the installation can be found in the [Configuring DB IDO](02-installation.md#configuring-db-ido-mysql)
 chapter. Details on the configuration can be found in the
 [IdoMysqlConnection](09-object-types.md#objecttype-idomysqlconnection) and
 [IdoPgsqlConnection](09-object-types.md#objecttype-idopgsqlconnection)
 object configuration documentation.
-The DB IDO feature supports [High Availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido) in
-the Icinga 2 cluster.
 
-### DB IDO Health <a id="db-ido-health"></a>
+#### DB IDO Health <a id="db-ido-health"></a>
 
 If the monitoring health indicator is critical in Icinga Web 2,
 you can use the following queries to manually check whether Icinga 2
@@ -87,8 +104,46 @@ status_update_time
 
 A detailed list on the available table attributes can be found in the [DB IDO Schema documentation](24-appendix.md#schema-db-ido).
 
+#### DB IDO in Cluster HA Zones <a id="db-ido-cluster-ha"></a>
 
-### DB IDO Tuning <a id="db-ido-tuning"></a>
+The DB IDO feature supports [High Availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-db-ido) in
+the Icinga 2 cluster.
+
+By default, both endpoints in a zone calculate the
+endpoint which activates the feature, the other endpoint
+automatically pauses it. If the cluster connection
+breaks at some point, the paused IDO feature automatically
+does a failover.
+
+You can disable this behaviour by setting `enable_ha = false`
+in both feature configuration files.
+
+#### DB IDO Cleanup <a id="db-ido-cleanup"></a>
+
+Objects get deactivated when they are deleted from the configuration.
+This is visible with the `is_active` column in the `icinga_objects` table.
+Therefore all queries need to join this table and add `WHERE is_active=1` as
+condition. Deleted objects preserve their history table entries for later SLA
+reporting.
+
+Historical data isn't purged by default. You can enable the least
+kept data age inside the `cleanup` configuration attribute for the
+IDO features [IdoMysqlConnection](09-object-types.md#objecttype-idomysqlconnection)
+and [IdoPgsqlConnection](09-object-types.md#objecttype-idopgsqlconnection).
+
+Example if you prefer to keep notification history for 30 days:
+
+```
+  cleanup = {
+     notifications_age = 30d
+     contactnotifications_age = 30d
+  }
+```
+
+The historical tables are populated depending on the data `categories` specified.
+Some tables are empty by default.
+
+#### DB IDO Tuning <a id="db-ido-tuning"></a>
 
 As with any application database, there are ways to optimize and tune the database performance.
 
@@ -134,103 +189,52 @@ VACUUM
 > Don't use `VACUUM FULL` as this has a severe impact on performance.
 
 
-## External Commands <a id="external-commands"></a>
+## Metrics <a id="metrics"></a>
 
-> **Note**
->
-> Please use the [REST API](12-icinga2-api.md#icinga2-api) as modern and secure alternative
-> for external actions.
+Whenever a host or service check is executed, or received via the REST API,
+best practice is to provide performance data.
 
-Icinga 2 provides an external command pipe for processing commands
-triggering specific actions (for example rescheduling a service check
-through the web interface).
+This data is parsed by features sending metrics to time series databases (TSDB):
 
-In order to enable the `ExternalCommandListener` configuration use the
-following command and restart Icinga 2 afterwards:
+* [Graphite](14-features.md#graphite-carbon-cache-writer)
+* [InfluxDB](14-features.md#influxdb-writer)
+* [OpenTSDB](14-features.md#opentsdb-writer)
 
-    # icinga2 feature enable command
+Metrics, state changes and notifications can be managed with the following integrations:
 
-Icinga 2 creates the command pipe file as `/var/run/icinga2/cmd/icinga2.cmd`
-using the default configuration.
+* [Elastic Stack](14-features.md#elastic-stack-integration)
+* [Graylog](14-features.md#graylog-integration)
 
-Web interfaces and other Icinga addons are able to send commands to
-Icinga 2 through the external command pipe, for example for rescheduling
-a forced service check:
 
-    # /bin/echo "[`date +%s`] SCHEDULE_FORCED_SVC_CHECK;localhost;ping4;`date +%s`" >> /var/run/icinga2/cmd/icinga2.cmd
+### Graphite Writer <a id="graphite-carbon-cache-writer"></a>
 
-    # tail -f /var/log/messages
+[Graphite](13-addons.md#addons-graphing-graphite) is a tool stack for storing
+metrics and needs to be running prior to enabling the `graphite` feature.
 
-    Oct 17 15:01:25 icinga-server icinga2: Executing external command: [1382014885] SCHEDULE_FORCED_SVC_CHECK;localhost;ping4;1382014885
-    Oct 17 15:01:25 icinga-server icinga2: Rescheduling next check for service 'ping4'
-
-A list of currently supported external commands can be found [here](24-appendix.md#external-commands-list-detail).
-
-Detailed information on the commands and their required parameters can be found
-on the [Icinga 1.x documentation](https://docs.icinga.com/latest/en/extcommands2.html).
-
-## Performance Data <a id="performance-data"></a>
-
-When a host or service check is executed plugins should provide so-called
-`performance data`. Next to that additional check performance data
-can be fetched using Icinga 2 runtime macros such as the check latency
-or the current service state (or additional custom attributes).
-
-The performance data can be passed to external applications which aggregate and
-store them in their backends. These tools usually generate graphs for historical
-reporting and trending.
-
-Well-known addons processing Icinga performance data are [PNP4Nagios](13-addons.md#addons-graphing-pnp),
-[Graphite](13-addons.md#addons-graphing-graphite) or [OpenTSDB](14-features.md#opentsdb-writer).
-
-### Writing Performance Data Files <a id="writing-performance-data-files"></a>
-
-PNP4Nagios and Graphios use performance data collector daemons to fetch
-the current performance files for their backend updates.
-
-Therefore the Icinga 2 [PerfdataWriter](09-object-types.md#objecttype-perfdatawriter)
-feature allows you to define the output template format for host and services helped
-with Icinga 2 runtime vars.
-
-    host_format_template = "DATATYPE::HOSTPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tHOSTPERFDATA::$host.perfdata$\tHOSTCHECKCOMMAND::$host.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$"
-    service_format_template = "DATATYPE::SERVICEPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tSERVICEDESC::$service.name$\tSERVICEPERFDATA::$service.perfdata$\tSERVICECHECKCOMMAND::$service.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$\tSERVICESTATE::$service.state$\tSERVICESTATETYPE::$service.state_type$"
-
-The default templates are already provided with the Icinga 2 feature configuration
-which can be enabled using
-
-    # icinga2 feature enable perfdata
-
-By default all performance data files are rotated in a 15 seconds interval into
-the `/var/spool/icinga2/perfdata/` directory as `host-perfdata.<timestamp>` and
-`service-perfdata.<timestamp>`.
-External collectors need to parse the rotated performance data files and then
-remove the processed files.
-
-### Graphite Carbon Cache Writer <a id="graphite-carbon-cache-writer"></a>
-
-While there are some [Graphite](13-addons.md#addons-graphing-graphite)
-collector scripts and daemons like Graphios available for Icinga 1.x it's more
-reasonable to directly process the check and plugin performance
-in memory in Icinga 2. Once there are new metrics available, Icinga 2 will directly
-write them to the defined Graphite Carbon daemon tcp socket.
+Icinga 2 writes parsed metrics directly to Graphite's Carbon Cache
+TCP port, defaulting to `2003`.
 
 You can enable the feature using
 
-    # icinga2 feature enable graphite
+```
+# icinga2 feature enable graphite
+```
 
 By default the [GraphiteWriter](09-object-types.md#objecttype-graphitewriter) feature
 expects the Graphite Carbon Cache to listen at `127.0.0.1` on TCP port `2003`.
 
-#### Current Graphite Schema <a id="graphite-carbon-cache-writer-schema"></a>
+#### Graphite Schema <a id="graphite-carbon-cache-writer-schema"></a>
 
-The current naming schema is defined as follows. The [Icinga Web 2 Graphite module](https://github.com/icinga/icingaweb2-module-graphite)
+The current naming schema is defined as follows. The [Icinga Web 2 Graphite module](https://icinga.com/products/integrations/graphite/)
 depends on this schema.
 
 The default prefix for hosts and services is configured using
 [runtime macros](03-monitoring-basics.md#runtime-macros)like this:
 
-    icinga2.$host.name$.host.$host.check_command$
-    icinga2.$host.name$.services.$service.name$.$service.check_command$
+```
+icinga2.$host.name$.host.$host.check_command$
+icinga2.$host.name$.services.$service.name$.$service.check_command$
+```
 
 You can customize the prefix name by using the `host_name_template` and
 `service_name_template` configuration attributes.
@@ -250,9 +254,12 @@ The following characters are escaped in prefix labels:
 
 Metric values are stored like this:
 
-    <prefix>.perfdata.<perfdata-label>.value
+```
+<prefix>.perfdata.<perfdata-label>.value
+```
 
-The following characters are escaped in perfdata labels:
+The following characters are escaped in performance labels
+parsed from plugin output:
 
   Character	| Escaped character
   --------------|--------------------------
@@ -261,29 +268,33 @@ The following characters are escaped in perfdata labels:
   /		| _
   ::		| .
 
-Note that perfdata labels may contain dots (`.`) allowing to
+Note that labels may contain dots (`.`) allowing to
 add more subsequent levels inside the Graphite tree.
 `::` adds support for [multi performance labels](http://my-plugin.de/wiki/projects/check_multi/configuration/performance)
 and is therefore replaced by `.`.
 
 By enabling `enable_send_thresholds` Icinga 2 automatically adds the following threshold metrics:
 
-    <prefix>.perfdata.<perfdata-label>.min
-    <prefix>.perfdata.<perfdata-label>.max
-    <prefix>.perfdata.<perfdata-label>.warn
-    <prefix>.perfdata.<perfdata-label>.crit
+```
+<prefix>.perfdata.<perfdata-label>.min
+<prefix>.perfdata.<perfdata-label>.max
+<prefix>.perfdata.<perfdata-label>.warn
+<prefix>.perfdata.<perfdata-label>.crit
+```
 
 By enabling `enable_send_metadata` Icinga 2 automatically adds the following metadata metrics:
 
-    <prefix>.metadata.current_attempt
-    <prefix>.metadata.downtime_depth
-    <prefix>.metadata.acknowledgement
-    <prefix>.metadata.execution_time
-    <prefix>.metadata.latency
-    <prefix>.metadata.max_check_attempts
-    <prefix>.metadata.reachable
-    <prefix>.metadata.state
-    <prefix>.metadata.state_type
+```
+<prefix>.metadata.current_attempt
+<prefix>.metadata.downtime_depth
+<prefix>.metadata.acknowledgement
+<prefix>.metadata.execution_time
+<prefix>.metadata.latency
+<prefix>.metadata.max_check_attempts
+<prefix>.metadata.reachable
+<prefix>.metadata.state
+<prefix>.metadata.state_type
+```
 
 Metadata metric overview:
 
@@ -302,10 +313,31 @@ Metadata metric overview:
 The following example illustrates how to configure the storage schemas for Graphite Carbon
 Cache.
 
-    [icinga2_default]
-    # intervals like PNP4Nagios uses them per default
-    pattern = ^icinga2\.
-    retentions = 1m:2d,5m:10d,30m:90d,360m:4y
+```
+[icinga2_default]
+# intervals like PNP4Nagios uses them per default
+pattern = ^icinga2\.
+retentions = 1m:2d,5m:10d,30m:90d,360m:4y
+```
+
+#### Graphite in Cluster HA Zones <a id="graphite-carbon-cache-writer-cluster-ha"></a>
+
+The Graphite feature supports [high availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-features)
+in cluster zones since 2.11.
+
+By default, all endpoints in a zone will activate the feature and start
+writing metrics to a Carbon Cache socket. In HA enabled scenarios,
+it is possible to set `enable_ha = true` in all feature configuration
+files. This allows each endpoint to calculate the feature authority,
+and only one endpoint actively writes metrics, the other endpoints
+pause the feature.
+
+When the cluster connection breaks at some point, the remaining endpoint(s)
+in that zone will automatically resume the feature. This built-in failover
+mechanism ensures that metrics are written even if the cluster fails.
+
+The recommended way of running Graphite in this scenario is a dedicated server
+where Carbon Cache/Relay is running as receiver.
 
 
 ### InfluxDB Writer <a id="influxdb-writer"></a>
@@ -315,7 +347,9 @@ defined InfluxDB HTTP API.
 
 You can enable the feature using
 
-    # icinga2 feature enable influxdb
+```
+# icinga2 feature enable influxdb
+```
 
 By default the [InfluxdbWriter](09-object-types.md#objecttype-influxdbwriter) feature
 expects the InfluxDB daemon to listen at `127.0.0.1` on port `8086`.
@@ -352,7 +386,7 @@ apply Service "disk" for (disk => attributes in host.vars.disks) {
 }
 ```
 
-This is a typical pattern for checking individual disks, NICs, SSL certificates etc associated
+This is a typical pattern for checking individual disks, NICs, TLS certificates etc associated
 with a host.  What would be useful is to have the data points tagged with the specific instance
 for that check.  This would allow you to query time series data for a check on a host and for a
 specific instance e.g. /dev/sda.  To do this quite simply add the instance to the service variables:
@@ -383,16 +417,35 @@ object InfluxdbWriter "influxdb" {
 }
 ```
 
+#### InfluxDB in Cluster HA Zones <a id="influxdb-writer-cluster-ha"></a>
+
+The InfluxDB feature supports [high availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-features)
+in cluster zones since 2.11.
+
+By default, all endpoints in a zone will activate the feature and start
+writing metrics to the InfluxDB HTTP API. In HA enabled scenarios,
+it is possible to set `enable_ha = true` in all feature configuration
+files. This allows each endpoint to calculate the feature authority,
+and only one endpoint actively writes metrics, the other endpoints
+pause the feature.
+
+When the cluster connection breaks at some point, the remaining endpoint(s)
+in that zone will automatically resume the feature. This built-in failover
+mechanism ensures that metrics are written even if the cluster fails.
+
+The recommended way of running InfluxDB in this scenario is a dedicated server
+where the InfluxDB HTTP API or Telegraf as Proxy are running.
+
 ### Elastic Stack Integration <a id="elastic-stack-integration"></a>
 
-[Icingabeat](https://github.com/icinga/icingabeat) is an Elastic Beat that fetches data
+[Icingabeat](https://icinga.com/products/integrations/elastic/) is an Elastic Beat that fetches data
 from the Icinga 2 API and sends it either directly to [Elasticsearch](https://www.elastic.co/products/elasticsearch)
 or [Logstash](https://www.elastic.co/products/logstash).
 
 More integrations:
 
-* [Logstash output](https://github.com/Icinga/logstash-output-icinga) for the Icinga 2 API.
-* [Logstash Grok Pattern](https://github.com/Icinga/logstash-grok-pattern) for Icinga 2 logs.
+* [Logstash output](https://icinga.com/products/integrations/elastic/) for the Icinga 2 API.
+* [Logstash Grok Pattern](https://icinga.com/products/integrations/elastic/) for Icinga 2 logs.
 
 #### Elasticsearch Writer <a id="elasticsearch-writer"></a>
 
@@ -403,7 +456,10 @@ The check results include parsed performance data metrics if enabled.
 
 > **Note**
 >
-> Elasticsearch 5.x or 6.x are required. This feature has been successfully tested with Elasticsearch 5.6.7 and 6.2.3.
+> Elasticsearch 5.x or 6.x are required. This feature has been successfully tested with
+> Elasticsearch 5.6.7 and 6.3.1.
+
+
 
 Enable the feature and restart Icinga 2.
 
@@ -429,7 +485,9 @@ attribute.
 
 Metric values are stored like this:
 
-    check_result.perfdata.<perfdata-label>.value
+```
+check_result.perfdata.<perfdata-label>.value
+```
 
 The following characters are escaped in perfdata labels:
 
@@ -448,10 +506,32 @@ and is therefore replaced by `.`.
 Icinga 2 automatically adds the following threshold metrics
 if existing:
 
-    check_result.perfdata.<perfdata-label>.min
-    check_result.perfdata.<perfdata-label>.max
-    check_result.perfdata.<perfdata-label>.warn
-    check_result.perfdata.<perfdata-label>.crit
+```
+check_result.perfdata.<perfdata-label>.min
+check_result.perfdata.<perfdata-label>.max
+check_result.perfdata.<perfdata-label>.warn
+check_result.perfdata.<perfdata-label>.crit
+```
+
+#### Elasticsearch in Cluster HA Zones <a id="elasticsearch-writer-cluster-ha"></a>
+
+The Elasticsearch feature supports [high availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-features)
+in cluster zones since 2.11.
+
+By default, all endpoints in a zone will activate the feature and start
+writing events to the Elasticsearch HTTP API. In HA enabled scenarios,
+it is possible to set `enable_ha = true` in all feature configuration
+files. This allows each endpoint to calculate the feature authority,
+and only one endpoint actively writes events, the other endpoints
+pause the feature.
+
+When the cluster connection breaks at some point, the remaining endpoint(s)
+in that zone will automatically resume the feature. This built-in failover
+mechanism ensures that events are written even if the cluster fails.
+
+The recommended way of running Elasticsearch in this scenario is a dedicated server
+where you either have the Elasticsearch HTTP API, or a TLS secured HTTP proxy,
+or Logstash for additional filtering.
 
 ### Graylog Integration <a id="graylog-integration"></a>
 
@@ -467,7 +547,9 @@ While it has been specified by the [Graylog](https://www.graylog.org) project as
 
 You can enable the feature using
 
-    # icinga2 feature enable gelf
+```
+# icinga2 feature enable gelf
+```
 
 By default the `GelfWriter` object expects the GELF receiver to listen at `127.0.0.1` on TCP port `12201`.
 The default `source`  attribute is set to `icinga2`. You can customize that for your needs if required.
@@ -477,6 +559,24 @@ Currently these events are processed:
 * State changes
 * Notifications
 
+#### Graylog/GELF in Cluster HA Zones <a id="gelf-writer-cluster-ha"></a>
+
+The Gelf feature supports [high availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-features)
+in cluster zones since 2.11.
+
+By default, all endpoints in a zone will activate the feature and start
+writing events to the Graylog HTTP API. In HA enabled scenarios,
+it is possible to set `enable_ha = true` in all feature configuration
+files. This allows each endpoint to calculate the feature authority,
+and only one endpoint actively writes events, the other endpoints
+pause the feature.
+
+When the cluster connection breaks at some point, the remaining endpoint(s)
+in that zone will automatically resume the feature. This built-in failover
+mechanism ensures that events are written even if the cluster fails.
+
+The recommended way of running Graylog in this scenario is a dedicated server
+where you have the Graylog HTTP API listening.
 
 ### OpenTSDB Writer <a id="opentsdb-writer"></a>
 
@@ -487,27 +587,35 @@ write them to the defined TSDB TCP socket.
 
 You can enable the feature using
 
-    # icinga2 feature enable opentsdb
+```
+# icinga2 feature enable opentsdb
+```
 
 By default the `OpenTsdbWriter` object expects the TSD to listen at
 `127.0.0.1` on port `4242`.
 
 The current naming schema is
 
-    icinga.host.<metricname>
-    icinga.service.<servicename>.<metricname>
+```
+icinga.host.<metricname>
+icinga.service.<servicename>.<metricname>
+```
 
 for host and service checks. The tag host is always applied.
 
 To make sure Icinga 2 writes a valid metric into OpenTSDB some characters are replaced
 with `_` in the target name:
 
-    \  (and space)
+```
+\  (and space)
+```
 
 The resulting name in OpenTSDB might look like:
 
-    www-01 / http-cert / response time
-    icinga.http_cert.response_time
+```
+www-01 / http-cert / response time
+icinga.http_cert.response_time
+```
 
 In addition to the performance data retrieved from the check plugin, Icinga 2 sends
 internal check statistic data to OpenTSDB:
@@ -527,7 +635,9 @@ internal check statistic data to OpenTSDB:
 While reachable, state and state_type are metrics for the host or service the
 other metrics follow the current naming schema
 
-    icinga.check.<metricname>
+```
+icinga.check.<metricname>
+```
 
 with the following tags
 
@@ -542,6 +652,75 @@ with the following tags
 > You might want to set the tsd.core.auto_create_metrics setting to `true`
 > in your opentsdb.conf configuration file.
 
+#### OpenTSDB in Cluster HA Zones <a id="opentsdb-writer-cluster-ha"></a>
+
+The OpenTSDB feature supports [high availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-features)
+in cluster zones since 2.11.
+
+By default, all endpoints in a zone will activate the feature and start
+writing events to the OpenTSDB listener. In HA enabled scenarios,
+it is possible to set `enable_ha = true` in all feature configuration
+files. This allows each endpoint to calculate the feature authority,
+and only one endpoint actively writes metrics, the other endpoints
+pause the feature.
+
+When the cluster connection breaks at some point, the remaining endpoint(s)
+in that zone will automatically resume the feature. This built-in failover
+mechanism ensures that metrics are written even if the cluster fails.
+
+The recommended way of running OpenTSDB in this scenario is a dedicated server
+where you have OpenTSDB running.
+
+
+### Writing Performance Data Files <a id="writing-performance-data-files"></a>
+
+PNP and Graphios use performance data collector daemons to fetch
+the current performance files for their backend updates.
+
+Therefore the Icinga 2 [PerfdataWriter](09-object-types.md#objecttype-perfdatawriter)
+feature allows you to define the output template format for host and services helped
+with Icinga 2 runtime vars.
+
+```
+host_format_template = "DATATYPE::HOSTPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tHOSTPERFDATA::$host.perfdata$\tHOSTCHECKCOMMAND::$host.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$"
+service_format_template = "DATATYPE::SERVICEPERFDATA\tTIMET::$icinga.timet$\tHOSTNAME::$host.name$\tSERVICEDESC::$service.name$\tSERVICEPERFDATA::$service.perfdata$\tSERVICECHECKCOMMAND::$service.check_command$\tHOSTSTATE::$host.state$\tHOSTSTATETYPE::$host.state_type$\tSERVICESTATE::$service.state$\tSERVICESTATETYPE::$service.state_type$"
+```
+
+The default templates are already provided with the Icinga 2 feature configuration
+which can be enabled using
+
+```
+# icinga2 feature enable perfdata
+```
+
+By default all performance data files are rotated in a 15 seconds interval into
+the `/var/spool/icinga2/perfdata/` directory as `host-perfdata.<timestamp>` and
+`service-perfdata.<timestamp>`.
+External collectors need to parse the rotated performance data files and then
+remove the processed files.
+
+#### Perfdata Files in Cluster HA Zones <a id="perfdata-writer-cluster-ha"></a>
+
+The Perfdata feature supports [high availability](06-distributed-monitoring.md#distributed-monitoring-high-availability-features)
+in cluster zones since 2.11.
+
+By default, all endpoints in a zone will activate the feature and start
+writing metrics to the local spool directory. In HA enabled scenarios,
+it is possible to set `enable_ha = true` in all feature configuration
+files. This allows each endpoint to calculate the feature authority,
+and only one endpoint actively writes metrics, the other endpoints
+pause the feature.
+
+When the cluster connection breaks at some point, the remaining endpoint(s)
+in that zone will automatically resume the feature. This built-in failover
+mechanism ensures that metrics are written even if the cluster fails.
+
+The recommended way of running Perfdata is to mount the perfdata spool
+directory via NFS on a central server where PNP with the NPCD collector
+is running on.
+
+
+
 
 ## Livestatus <a id="setting-up-livestatus"></a>
 
@@ -557,7 +736,7 @@ Livestatus.
 >
 > Only install the Livestatus feature if your web interface or addon requires
 > you to do so.
-> [Icinga Web 2](02-getting-started.md#setting-up-icingaweb2) does not need
+> [Icinga Web 2](02-installation.md#setting-up-icingaweb2) does not need
 > Livestatus.
 
 Details on the available tables and attributes with Icinga 2 can be found
@@ -565,18 +744,24 @@ in the [Livestatus Schema](24-appendix.md#schema-livestatus) section.
 
 You can enable Livestatus using icinga2 feature enable:
 
-    # icinga2 feature enable livestatus
+```
+# icinga2 feature enable livestatus
+```
 
 After that you will have to restart Icinga 2:
 
-    # systemctl restart icinga2
+```
+# systemctl restart icinga2
+```
 
 By default the Livestatus socket is available in `/var/run/icinga2/cmd/livestatus`.
 
 In order for queries and commands to work you will need to add your query user
 (e.g. your web server) to the `icingacmd` group:
 
-    # usermod -a -G icingacmd www-data
+```
+# usermod -a -G icingacmd www-data
+```
 
 The Debian packages use `nagios` as the user and group name. Make sure to change `icingacmd` to
 `nagios` if you're using Debian.
@@ -588,8 +773,9 @@ In order to use the historical tables provided by the livestatus feature (for ex
 are expected to be in `/var/log/icinga2/compat`. A different path can be set using the
 `compat_log_path` configuration attribute.
 
-    # icinga2 feature enable compatlog
-
+```
+# icinga2 feature enable compatlog
+```
 
 ### Livestatus Sockets <a id="livestatus-sockets"></a>
 
@@ -615,33 +801,35 @@ programmatically: [Monitoring::Livestatus](http://search.cpan.org/~nierlein/Moni
 
 Example using the unix socket:
 
-    # echo -e "GET services\n" | /usr/bin/nc -U /var/run/icinga2/cmd/livestatus
+```
+# echo -e "GET services\n" | /usr/bin/nc -U /var/run/icinga2/cmd/livestatus
 
 Example using the tcp socket listening on port `6558`:
 
-    # echo -e 'GET services\n' | netcat 127.0.0.1 6558
+# echo -e 'GET services\n' | netcat 127.0.0.1 6558
 
-    # cat servicegroups <<EOF
-    GET servicegroups
+# cat servicegroups <<EOF
+GET servicegroups
 
-    EOF
-
-    (cat servicegroups; sleep 1) | netcat 127.0.0.1 6558
+EOF
 
+(cat servicegroups; sleep 1) | netcat 127.0.0.1 6558
+```
 
 ### Livestatus COMMAND Queries <a id="livestatus-command-queries"></a>
 
 A list of available external commands and their parameters can be found [here](24-appendix.md#external-commands-list-detail)
 
-    $ echo -e 'COMMAND <externalcommandstring>' | netcat 127.0.0.1 6558
-
+```
+$ echo -e 'COMMAND <externalcommandstring>' | netcat 127.0.0.1 6558
+```
 
 ### Livestatus Filters <a id="livestatus-filters"></a>
 
 and, or, negate
 
   Operator  | Negate   | Description
-  ----------|------------------------
+  ----------|----------|-------------
    =        | !=       | Equality
    ~        | !~       | Regex match
    =~       | !=~      | Equality ignoring case
@@ -669,20 +857,22 @@ Schema: "Stats: aggregatefunction aggregateattribute"
 
 Example:
 
-    GET hosts
-    Filter: has_been_checked = 1
-    Filter: check_type = 0
-    Stats: sum execution_time
-    Stats: sum latency
-    Stats: sum percent_state_change
-    Stats: min execution_time
-    Stats: min latency
-    Stats: min percent_state_change
-    Stats: max execution_time
-    Stats: max latency
-    Stats: max percent_state_change
-    OutputFormat: json
-    ResponseHeader: fixed16
+```
+GET hosts
+Filter: has_been_checked = 1
+Filter: check_type = 0
+Stats: sum execution_time
+Stats: sum latency
+Stats: sum percent_state_change
+Stats: min execution_time
+Stats: min latency
+Stats: min percent_state_change
+Stats: max execution_time
+Stats: max latency
+Stats: max percent_state_change
+OutputFormat: json
+ResponseHeader: fixed16
+```
 
 ### Livestatus Output <a id="livestatus-output"></a>
 
@@ -694,7 +884,9 @@ is a pipe (2nd level).
 
 Separators can be set using ASCII codes like:
 
-    Separators: 10 59 44 124
+```
+Separators: 10 59 44 124
+```
 
 * JSON
 
@@ -735,27 +927,33 @@ The `commands` table is populated with `CheckCommand`, `EventCommand` and `Notif
 A detailed list on the available table attributes can be found in the [Livestatus Schema documentation](24-appendix.md#schema-livestatus).
 
 
-## Status Data Files <a id="status-data"></a>
+## Deprecated Features <a id="deprecated-features"></a>
+
+### Status Data Files <a id="status-data"></a>
 
 > **Note**
 >
-> This feature is DEPRECATED and will be removed in Icinga 2 v2.11.
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
 
 Icinga 1.x writes object configuration data and status data in a cyclic
 interval to its `objects.cache` and `status.dat` files. Icinga 2 provides
 the `StatusDataWriter` object which dumps all configuration objects and
 status updates in a regular interval.
 
-    # icinga2 feature enable statusdata
+```
+# icinga2 feature enable statusdata
+```
 
 If you are not using any web interface or addon which uses these files,
 you can safely disable this feature.
 
-## Compat Log Files <a id="compat-logging"></a>
+### Compat Log Files <a id="compat-logging"></a>
 
 > **Note**
 >
-> This feature is DEPRECATED and will be removed in Icinga 2 v2.11.
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
 
 The Icinga 1.x log format is considered being the `Compat Log`
 in Icinga 2 provided with the `CompatLogger` object.
@@ -768,17 +966,65 @@ for answering queries to historical tables.
 
 The `CompatLogger` object can be enabled with
 
-    # icinga2 feature enable compatlog
+```
+# icinga2 feature enable compatlog
+```
 
 By default, the Icinga 1.x log file called `icinga.log` is located
 in `/var/log/icinga2/compat`. Rotated log files are moved into
 `var/log/icinga2/compat/archives`.
 
-## Check Result Files <a id="check-result-files"></a>
+### External Command Pipe <a id="external-commands"></a>
 
 > **Note**
 >
-> This feature is DEPRECATED and will be removed in Icinga 2 v2.11.
+> Please use the [REST API](12-icinga2-api.md#icinga2-api) as modern and secure alternative
+> for external actions.
+
+> **Note**
+>
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
+
+Icinga 2 provides an external command pipe for processing commands
+triggering specific actions (for example rescheduling a service check
+through the web interface).
+
+In order to enable the `ExternalCommandListener` configuration use the
+following command and restart Icinga 2 afterwards:
+
+```
+# icinga2 feature enable command
+```
+
+Icinga 2 creates the command pipe file as `/var/run/icinga2/cmd/icinga2.cmd`
+using the default configuration.
+
+Web interfaces and other Icinga addons are able to send commands to
+Icinga 2 through the external command pipe, for example for rescheduling
+a forced service check:
+
+```
+# /bin/echo "[`date +%s`] SCHEDULE_FORCED_SVC_CHECK;localhost;ping4;`date +%s`" >> /var/run/icinga2/cmd/icinga2.cmd
+
+# tail -f /var/log/messages
+
+Oct 17 15:01:25 icinga-server icinga2: Executing external command: [1382014885] SCHEDULE_FORCED_SVC_CHECK;localhost;ping4;1382014885
+Oct 17 15:01:25 icinga-server icinga2: Rescheduling next check for service 'ping4'
+```
+
+A list of currently supported external commands can be found [here](24-appendix.md#external-commands-list-detail).
+
+Detailed information on the commands and their required parameters can be found
+on the [Icinga 1.x documentation](https://docs.icinga.com/latest/en/extcommands2.html).
+
+
+### Check Result Files <a id="check-result-files"></a>
+
+> **Note**
+>
+> This feature is DEPRECATED and will be removed in future releases.
+> Check the [roadmap](https://github.com/Icinga/icinga2/milestones).
 
 Icinga 1.x writes its check result files to a temporary spool directory
 where they are processed in a regular interval.
@@ -793,7 +1039,8 @@ environments, Icinga 2 supports the `CheckResultReader` object.
 There is no feature configuration available, but it must be defined
 on-demand in your Icinga 2 objects configuration.
 
-    object CheckResultReader "reader" {
-      spool_dir = "/data/check-results"
-    }
-
+```
+object CheckResultReader "reader" {
+  spool_dir = "/data/check-results"
+}
+```
diff --git a/doc/15-troubleshooting.md b/doc/15-troubleshooting.md
index d78bc9aa0..5422f2c49 100644
--- a/doc/15-troubleshooting.md
+++ b/doc/15-troubleshooting.md
@@ -3,7 +3,8 @@
 ## Required Information <a id="troubleshooting-information-required"></a>
 
 Please ensure to provide any detail which may help reproduce and understand your issue.
-Whether you ask on the community channels or you create an issue at [GitHub](https://github.com/Icinga), make sure
+Whether you ask on the [community channels](https://community.icinga.com) or you
+create an issue at [GitHub](https://github.com/Icinga), make sure
 that others can follow your explanations. If necessary, draw a picture and attach it for
 better illustration. This is especially helpful if you are troubleshooting a distributed
 setup.
@@ -18,12 +19,12 @@ findings and details please.
 	* `icinga2 --version`
 	* `icinga2 feature list`
 	* `icinga2 daemon -C`
-	* [Icinga Web 2](https://www.icinga.com/products/icinga-web-2/) version (screenshot from System - About)
-	* [Icinga Web 2 modules](https://www.icinga.com/products/icinga-web-2-modules/) e.g. the Icinga Director (optional)
+	* [Icinga Web 2](https://icinga.com/products/icinga-web-2/) version (screenshot from System - About)
+	* [Icinga Web 2 modules](https://icinga.com/products/icinga-web-2-modules/) e.g. the Icinga Director (optional)
 * Configuration insights:
 	* Provide complete configuration snippets explaining your problem in detail
-	* Your [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) file
-	* If you run multiple Icinga 2 instances, the [zones.conf](04-configuring-icinga-2.md#zones-conf) file (or `icinga2 object list --type Endpoint` and `icinga2 object list --type Zone`) from all affected nodes.
+	* Your [icinga2.conf](04-configuration.md#icinga2-conf) file
+	* If you run multiple Icinga 2 instances, the [zones.conf](04-configuration.md#zones-conf) file (or `icinga2 object list --type Endpoint` and `icinga2 object list --type Zone`) from all affected nodes.
 * Logs
 	* Relevant output from your main and [debug log](15-troubleshooting.md#troubleshooting-enable-debug-output) in `/var/log/icinga2`. Please add step-by-step explanations with timestamps if required.
 	* The newest Icinga 2 crash log if relevant, located in `/var/log/icinga2/crash`
@@ -44,7 +45,7 @@ is also key to identify bottlenecks and issues.
 * Analyze the system's performance and dentify bottlenecks and issues.
 * Collect details about all applications (e.g. Icinga 2, MySQL, Apache, Graphite, Elastic, etc.).
 * If data is exchanged via network (e.g. central MySQL cluster) ensure to monitor the bandwidth capabilities too.
-* Add graphs and screenshots to your issue description
+* Add graphs from Grafana or Graphite as screenshots to your issue description
 
 Install tools which help you to do so. Opinions differ, let us know if you have any additions here!
 
@@ -107,6 +108,16 @@ You can also start `perfmon` and analyze specific performance counters.
 Keep notes which could be important for your monitoring, and add service
 checks later on.
 
+> **Tip**
+>
+> Use an administrative Powershell to gain more insights.
+
+```
+cd C:\ProgramData\icinga2\var\log\icinga2
+
+Get-Content .\icinga2.log -tail 10 -wait
+```
+
 ## Enable Debug Output <a id="troubleshooting-enable-debug-output"></a>
 
 ### Enable Debug Output on Linux/Unix <a id="troubleshooting-enable-debug-output-linux"></a>
@@ -120,6 +131,13 @@ Enable the `debuglog` feature:
 
 The debug log file can be found in `/var/log/icinga2/debug.log`.
 
+You can tail the log files with an administrative shell:
+
+```
+cd /var/log/icinga2
+tail -f debug.log
+```
+
 Alternatively you may run Icinga 2 in the foreground with debugging enabled. Specify the console
 log severity as an additional parameter argument to `-x`.
 
@@ -132,18 +150,29 @@ and `debug`.
 
 ### Enable Debug Output on Windows <a id="troubleshooting-enable-debug-output-windows"></a>
 
-Open a command prompt with administrative privileges and enable the debug log feature.
+Open a Powershell with administrative privileges and enable the debug log feature.
 
 ```
-C:> icinga2.exe feature enable debuglog
+C:\> cd C:\Program Files\ICINGA2\sbin
+
+C:\Program Files\ICINGA2\sbin> .\icinga2.exe feature enable debuglog
 ```
 
 Ensure that the Icinga 2 service already writes the main log into `C:\ProgramData\icinga2\var\log\icinga2`.
-Restart the Icinga 2 service and open the newly created `debug.log` file.
+Restart the Icinga 2 service in an administrative Powershell and open the newly created `debug.log` file.
 
 ```
-C:> net stop icinga2
-C:> net start icinga2
+C:\> Restart-Service icinga2
+
+C:\> Get-Service icinga2
+```
+
+You can tail the log files with an administrative Powershell:
+
+```
+C:\> cd C:\ProgramData\icinga2\var\log\icinga2
+
+C:\ProgramData\icinga2\var\log\icinga2> Get-Content .\debug.log -tail 10 -wait
 ```
 
 ## Configuration Troubleshooting <a id="troubleshooting-configuration"></a>
@@ -187,6 +216,14 @@ Object 'localhost!ssh' of type 'Service':
 [...]
 ```
 
+On Windows, use an administrative Powershell:
+
+```
+C:\> cd C:\Program Files\ICINGA2\sbin
+
+C:\Program Files\ICINGA2\sbin> .\icinga2.exe object list
+```
+
 You can also filter by name and type:
 
 ```
@@ -237,9 +274,9 @@ include <itl>
 include <plugins>
 ```
 
-in the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) configuration file. These files are not considered configuration files and will be overridden
-on upgrade, so please send modifications as proposed patches upstream. The default include path is set to
-`LocalStateDir + "/share/icinga2/includes"`.
+in the [icinga2.conf](04-configuration.md#icinga2-conf) configuration file. These files are not considered
+configuration files and will be overridden on upgrade, so please send modifications as proposed patches upstream.
+The default include path is set to `/usr/share/icinga2/includes` with the constant `IncludeConfDir`.
 
 You should add your own command definitions to a new file in `conf.d/` called `commands.conf`
 or similar.
@@ -248,7 +285,7 @@ or similar.
 
 * Make sure that the line(s) are not [commented out](17-language-reference.md#comments) (starting with `//` or `#`, or
 encapsulated by `/* ... */`).
-* Is the configuration file included in [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf)?
+* Is the configuration file included in [icinga2.conf](04-configuration.md#icinga2-conf)?
 
 Run the [configuration validation](11-cli-commands.md#config-validation) and add `notice` as log severity.
 Search for the file which should be included i.e. using the `grep` CLI command.
@@ -274,7 +311,7 @@ did not properly escape the single dollar sign preventing its usage as [runtime
 critical/config: Error: Validation failed for Object 'ping4' (Type: 'Service') at /etc/icinga2/zones.d/global-templates/windows.conf:24: Closing $ not found in macro format string 'top-syntax=${list}'.
 ```
 
-Correct the custom attribute value to
+Correct the custom variable value to
 
 ```
 "top-syntax=$${list}"
@@ -326,6 +363,9 @@ $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Over
 }
 ```
 
+Alternatively when using the Director, navigate into the Service Detail View
+in Icinga Web and pick `Inspect` to query the details.
+
 Example for using the `icinga2 console` CLI command evaluation functionality:
 
 ```
@@ -351,17 +391,34 @@ Example for searching the debug log:
 
 ### Checks are not executed <a id="checks-not-executed"></a>
 
+* First off, decide whether the checks are executed locally, or remote in a distributed setup.
+
+If the master does not receive check results from the satellite, move your analysis to the satellite
+and verify why the checks are not executed there.
+
 * Check the [debug log](15-troubleshooting.md#troubleshooting-enable-debug-output) to see if the check command gets executed.
-* Verify that failed depedencies do not prevent command execution.
+* Verify that failed dependencies do not prevent command execution.
 * Make sure that the plugin is executable by the Icinga 2 user (run a manual test).
 * Make sure the [checker](11-cli-commands.md#enable-features) feature is enabled.
 * Use the Icinga 2 API [event streams](12-icinga2-api.md#icinga2-api-event-streams) to receive live check result streams.
 
-Examples:
+Test a plugin as icinga user.
 
 ```
 # sudo -u icinga /usr/lib/nagios/plugins/check_ping -4 -H 127.0.0.1 -c 5000,100% -w 3000,80%
+```
 
+> **Note**
+>
+> **Never test plugins as root, but the icinga daemon user.** The environment and permissions differ.
+>
+> Also, the daemon user **does not** spawn a terminal shell (Bash, etc.) so it won't read anything from .bashrc
+> and variants. The Icinga daemon only relies on sysconfig environment variables being set.
+
+
+Enable the checker feature.
+
+```
 # icinga2 feature enable checker
 The feature 'checker' is already enabled.
 ```
@@ -369,7 +426,8 @@ The feature 'checker' is already enabled.
 Fetch all check result events matching the `event.service` name `random`:
 
 ```
-$ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/events?queue=debugchecks&types=CheckResult&filter=match%28%22random*%22,event.service%29'
+$ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST \
+ 'https://localhost:5665/v1/events?queue=debugchecks&types=CheckResult&filter=match%28%22random*%22,event.service%29'
 ```
 
 
@@ -393,10 +451,10 @@ $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Over
     "results": [
         {
             "attrs": {
-                "__name": "icinga2-client1.localdomain!disk",
+                "__name": "icinga2-agent1.localdomain!disk",
                 "last_check_result": {
                     "active": true,
-                    "check_source": "icinga2-client1.localdomain",
+                    "check_source": "icinga2-agent1.localdomain",
 
   ...
 
@@ -404,20 +462,23 @@ $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Over
             },
             "joins": {},
             "meta": {},
-            "name": "icinga2-client1.localdomain!disk",
+            "name": "icinga2-agent1.localdomain!disk",
             "type": "Service"
         }
     ]
 }
 ```
 
-Example for using the `icinga2 console` CLI command evaluation functionality:
+Alternatively when using the Director, navigate into the Service Detail View
+in Icinga Web and pick `Inspect` to query the details.
+
+Example with the debug console:
 
 ```
 $ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/' \
---eval 'get_service("icinga2-client1.localdomain", "disk").last_check_result.check_source' | python -m json.tool
+--eval 'get_service("icinga2-agent1.localdomain", "disk").last_check_result.check_source' | python -m json.tool
 
-"icinga2-client1.localdomain"
+"icinga2-agent1.localdomain"
 ```
 
 
@@ -475,13 +536,13 @@ in mind when using a different package.
 
 This could happen with [clients as command endpoint execution](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint).
 
-If you have for example a client host `icinga2-client1.localdomain`
+If you have for example a client host `icinga2-agent1.localdomain`
 and a service `disk` check defined on the master, the warning and
 critical thresholds are sometimes to applied and unwanted notification
 alerts are raised.
 
 This happens because the client itself includes a host object with
-its `NodeName` and a basic set of checks in the [conf.d](04-configuring-icinga-2.md#conf-d)
+its `NodeName` and a basic set of checks in the [conf.d](04-configuration.md#conf-d)
 directory, i.e. `disk` with the default thresholds.
 
 Clients which have the `checker` feature enabled will attempt
@@ -494,11 +555,11 @@ master you will receive wrong check results from the client.
 Solution:
 
 * Disable the `checker` feature on clients: `icinga2 feature disable checker`.
-* Remove the inclusion of [conf.d](04-configuring-icinga-2.md#conf-d) as suggested in the [client setup docs](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint).
+* Remove the inclusion of [conf.d](04-configuration.md#conf-d) as suggested in the [client setup docs](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint).
 
 ### Check Fork Errors <a id="check-fork-errors"></a>
 
-Newer versions of Systemd on Linux limit spawned processes for
+Newer versions of systemd on Linux limit spawned processes for
 services.
 
 * v227 introduces the `TasksMax` setting to units which allows to specify the spawned process limit.
@@ -506,7 +567,7 @@ services.
 * v231 changes the default value to 15%
 
 This can cause problems with Icinga 2 in large environments with many
-commands executed in parallel starting with Systemd v228. Some distributions
+commands executed in parallel starting with systemd v228. Some distributions
 also may have changed the defaults.
 
 The error message could look like this:
@@ -534,41 +595,45 @@ An example is available inside the GitHub repository in [etc/initsystem](https:/
 External Resources:
 
 * [Fork limit for cgroups](https://lwn.net/Articles/663873/)
-* [Systemd changelog](https://github.com/systemd/systemd/blob/master/NEWS)
+* [systemd changelog](https://github.com/systemd/systemd/blob/master/NEWS)
 * [Icinga 2 upstream issue](https://github.com/Icinga/icinga2/issues/5611)
-* [Systemd upstream discussion](https://github.com/systemd/systemd/issues/3211)
+* [systemd upstream discussion](https://github.com/systemd/systemd/issues/3211)
 
 ### Systemd Watchdog <a id="check-systemd-watchdog"></a>
 
 Usually Icinga 2 is a mission critical part of infrastructure and should be
 online at all times. In case of a recoverable crash (e.g. OOM) you may want to
-restart Icinga 2 automatically. With Systemd it is as easy as overriding some
-settings of the Icinga 2 Systemd service by creating
+restart Icinga 2 automatically. With systemd it is as easy as overriding some
+settings of the Icinga 2 systemd service by creating
 `/etc/systemd/system/icinga2.service.d/override.conf` with the following
 content:
 
-    [Service]
-    Restart=always
-    RestartSec=1
-    StartLimitInterval=10
-    StartLimitBurst=3
+```
+[Service]
+Restart=always
+RestartSec=1
+StartLimitInterval=10
+StartLimitBurst=3
+```
 
 Using the watchdog can also help with monitoring Icinga 2, to activate and use it add the following to the override:
 
-    WatchdogSec=30s
+```
+WatchdogSec=30s
+```
 
-This way Systemd will kill Icinga 2 if does not notify for over 30 seconds, a timout of less than 10 seconds is not
+This way systemd will kill Icinga 2 if does not notify for over 30 seconds, a timout of less than 10 seconds is not
 recommended. When the watchdog is activated, `Restart=` can be set to `watchdog` to restart Icinga 2 in the case of a
 watchdog timeout.
 
 Run `systemctl daemon-reload && systemctl restart icinga2` to apply the changes.
-Now Systemd will always try to restart Icinga 2 (except if you run
+Now systemd will always try to restart Icinga 2 (except if you run
 `systemctl stop icinga2`). After three failures in ten seconds it will stop
 trying because you probably have a problem that requires manual intervention.
 
 ### Late Check Results <a id="late-check-results"></a>
 
-[Icinga Web 2](https://www.icinga.com/products/icinga-web-2/) provides
+[Icinga Web 2](https://icinga.com/products/icinga-web-2/) provides
 a dashboard overview for `overdue checks`.
 
 The REST API provides the [status](12-icinga2-api.md#icinga2-api-status) URL endpoint with some generic metrics
@@ -584,7 +649,7 @@ You can also calculate late check results via the REST API:
 * Compare the timestamp with the current time and add `check_interval` multiple times (change it to see which results are really late, like five times check_interval)
 
 You can use the [icinga2 console](11-cli-commands.md#cli-command-console) to connect to the instance, fetch all data
-and calculate the differences. More infos can be found in [this blogpost](https://www.icinga.com/2016/08/11/analyse-icinga-2-problems-using-the-console-api/).
+and calculate the differences. More infos can be found in [this blogpost](https://icinga.com/2016/08/11/analyse-icinga-2-problems-using-the-console-api/).
 
 ```
 # ICINGA2_API_USERNAME=root ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://localhost:5665/'
@@ -659,7 +724,7 @@ but you can adjust this by omitting the `len()` call inside the for loop.
 
 ## Notifications Troubleshooting <a id="troubleshooting-notifications"></a>
 
-### Notifications are not sent <a id="notifications-not-sent"></a>
+### Notifications are not sent <a id="troubleshooting-notifications-not-sent"></a>
 
 * Check the [debug log](15-troubleshooting.md#troubleshooting-enable-debug-output) to see if a notification is triggered.
 * If yes, verify that all conditions are satisfied.
@@ -703,12 +768,102 @@ You can use the Icinga 2 API [event streams](12-icinga2-api.md#icinga2-api-event
 $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/events?queue=debugnotifications&types=Notification'
 ```
 
+
+### Analyze Notification Result <a id="troubleshooting-notifications-result"></a>
+
+> **Note**
+>
+> This feature is available since v2.11 and requires all endpoints
+> being updated.
+
+Notifications inside a HA enabled zone are balanced between the endpoints,
+just like checks.
+
+Sometimes notifications may fail, and with looking into the (debug) logs
+for both masters, you cannot correlate this correctly.
+
+The `last_notification_result` runtime attribute is stored and synced for Notification
+objects and can be queried via REST API.
+
+Example for retrieving the notification object and result from all `disk` services using a
+[regex match](18-library-reference.md#global-functions-regex) on the name:
+
+```
+$ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Override: GET' -X POST 'https://localhost:5665/v1/objects/notifications' \
+-d '{ "filter": "regex(pattern, service.name)", "filter_vars": { "pattern": "^disk" }, "attrs": [ "__name", "last_notification_result" ], "pretty": true }'
+{
+    "results": [
+
+        {
+            "attrs": {
+                "last_notification_result": {
+                    "active": true,
+                    "command": [
+                        "/etc/icinga2/scripts/mail-service-notification.sh",
+                        "-4",
+                        "",
+                        "-6",
+                        "",
+                        "-b",
+                        "",
+                        "-c",
+                        "",
+                        "-d",
+                        "2019-08-02 10:54:16 +0200",
+                        "-e",
+                        "disk",
+                        "-l",
+                        "icinga2-agent1.localdomain",
+                        "-n",
+                        "icinga2-agent1.localdomain",
+                        "-o",
+                        "DISK OK - free space: / 38108 MB (90.84% inode=100%);",
+                        "-r",
+                        "user@localdomain",
+                        "-s",
+                        "OK",
+                        "-t",
+                        "RECOVERY",
+                        "-u",
+                        "disk"
+                    ],
+                    "execution_end": 1564736056.186217,
+                    "execution_endpoint": "icinga2-master1.localdomain",
+                    "execution_start": 1564736056.132323,
+                    "exit_status": 0.0,
+                    "output": "",
+                    "type": "NotificationResult"
+                }
+            },
+            "joins": {},
+            "meta": {},
+            "name": "icinga2-agent1.localdomain!disk!mail-service-notification",
+            "type": "Notification"
+        }
+
+...
+
+    ]
+}
+```
+
+Example with the debug console:
+
+```
+$ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/' --eval 'get_object(Notification, "icinga2-agent1.localdomain!disk!mail-service-notification").last_notification_result.execution_endpoint' | jq
+
+"icinga2-agent1.localdomain"
+```
+
+Whenever a notification command failed to execute, you can fetch the output as well. 
+
+
 ## Feature Troubleshooting <a id="troubleshooting-features"></a>
 
 ### Feature is not working <a id="feature-not-working"></a>
 
 * Make sure that the feature configuration is enabled by symlinking from `features-available/`
-to `features-enabled` and that the latter is included in [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf).
+to `features-enabled` and that the latter is included in [icinga2.conf](04-configuration.md#icinga2-conf).
 * Are the feature attributes set correctly according to the documentation?
 * Any errors on the logs?
 
@@ -743,7 +898,7 @@ $ curl -k -s -u root:icinga -H 'Accept: application/json' -X DELETE 'https://loc
 }
 ```
 
-## REST API Troubleshooting: No Objects Found <a id="troubleshooting-api-no-objects-found"></a>
+### REST API Troubleshooting: No Objects Found <a id="troubleshooting-api-no-objects-found"></a>
 
 Please note that the `404` status with no objects being found can also originate
 from missing or too strict object permissions for the authenticated user.
@@ -757,33 +912,137 @@ In order to analyse and fix the problem, please check the following:
 - use an administrative account with full permissions to check whether the objects are actually there.
 - verify the permissions on the affected ApiUser object and fix them.
 
+### Missing Runtime Objects (Hosts, Downtimes, etc.) <a id="troubleshooting-api-missing-runtime-objects"></a>
+
+Runtime objects consume the internal config packages shared with
+the REST API config packages. Each host, downtime, comment, service, etc. created
+via the REST API is stored in the `_api` package.
+
+This includes downtimes and comments, which where sometimes stored in the wrong
+directory path, because the active-stage file was empty/truncated/unreadable at
+this point.
+
+Wrong:
+
+```
+/var/lib/icinga2/api/packages/_api//conf.d/downtimes/1234-5678-9012-3456.conf
+```
+
+Correct:
+
+```
+/var/lib/icinga2/api/packages/_api/dbe0bef8-c72c-4cc9-9779-da7c4527c5b2/conf.d/downtimes/1234-5678-9012-3456.conf
+```
+
+At creation time, the object lives in memory but its storage is broken. Upon restart,
+it is missing and e.g. a missing downtime will re-enable unwanted notifications.
+
+`abcd-ef12-3456-7890` is the active stage name which wasn't correctly
+read by the Icinga daemon. This information is stored in `/var/lib/icinga2/api/packages/_api/active-stage`.
+
+2.11 now limits the direct active-stage file access (this is hidden from the user),
+and caches active stages for packages in-memory.
+
+It also tries to repair the broken package, and logs a new message:
+
+```
+systemctl restart icinga2
+
+tail -f /var/log/icinga2/icinga2.log
+
+[2019-05-10 12:27:15 +0200] information/ConfigObjectUtility: Repairing config package '_api' with stage 'dbe0bef8-c72c-4cc9-9779-da7c4527c5b2'.
+```
+
+If this does not happen, you can manually fix the broken config package, and mark a deployed stage as active
+again, carefully do the following steps with creating a backup before:
+
+Navigate into the API package prefix.
+
+```
+cd /var/lib/icinga2/api/packages
+```
+
+Change into the broken package directory and list all directories and files
+ordered by latest changes.
+
+```
+cd _api
+ls -lahtr
+
+drwx------  4 michi  wheel   128B Mar 27 14:39 ..
+-rw-r--r--  1 michi  wheel    25B Mar 27 14:39 include.conf
+-rw-r--r--  1 michi  wheel   405B Mar 27 14:39 active.conf
+drwx------  7 michi  wheel   224B Mar 27 15:01 dbe0bef8-c72c-4cc9-9779-da7c4527c5b2
+drwx------  5 michi  wheel   160B Apr 26 12:47 .
+```
+
+As you can see, the `active-stage` file is missing. When it is there, verify that its content
+is set to the stage directory as follows.
+
+If you have more than one stage directory here, pick the latest modified
+directory. Copy the directory name `abcd-ef12-3456-7890` and
+add it into a new file `active-stage`. This can be done like this:
+
+```
+echo "dbe0bef8-c72c-4cc9-9779-da7c4527c5b2" > active-stage
+```
+
+`active.conf` needs to have the correct active stage too, add it again
+like this. Note: This is deep down in the code, use with care!
+
+```
+sed -i 's/ActiveStages\["_api"\] = .*/ActiveStages\["_api"\] = "dbe0bef8-c72c-4cc9-9779-da7c4527c5b2"/g' /var/lib/icinga2/api/packages/_api/active.conf
+```
+
+Restart Icinga 2.
+
+```
+systemctl restart icinga2
+```
+
+
+> **Note**
+>
+> The internal `_api` config package structure may change in the future. Do not modify
+> things in there manually or with scripts unless guided here or asked by a developer.
+
 
 ## Certificate Troubleshooting <a id="troubleshooting-certificate"></a>
 
+Tools for analysing certificates and TLS connections:
+
+- `openssl` binary on Linux/Unix, `openssl.exe` on Windows ([download](https://slproweb.com/products/Win32OpenSSL.html))
+- `sslscan` tool, available [here](https://github.com/rbsec/sslscan) (Linux/Windows)
+
+Note: You can also execute sslscan on Windows using Powershell.
+
+
 ### Certificate Verification <a id="troubleshooting-certificate-verification"></a>
 
-If the TLS handshake fails when a client connects to the cluster or the REST API,
+Whenever the TLS handshake fails when a client connects to the cluster or the REST API,
 ensure to verify the used certificates.
 
 Print the CA and client certificate and ensure that the following attributes are set:
 
 * Version must be 3.
 * Serial number is a hex-encoded string.
-* Issuer should be your certificate authority (defaults to `Icinga CA` for all CLI commands).
-* Validity, meaning to say the certificate is not expired.
+* Issuer should be your certificate authority (defaults to `Icinga CA` for all certificates generated by CLI commands and automated signing requests).
+* Validity: The certificate must not be expired.
 * Subject with the common name (CN) matches the client endpoint name and its FQDN.
 * v3 extensions must set the basic constraint for `CA:TRUE` (ca.crt) or `CA:FALSE` (client certificate).
-* Subject Alternative Name is set to a proper DNS name (required for REST API and browsers).
+* Subject Alternative Name is set to the resolvable DNS name (required for REST API and browsers).
 
 
+Navigate into the local certificate store:
+
 ```
-# cd /var/lib/icinga2/certs/
+$ cd /var/lib/icinga2/certs/
 ```
 
-CA certificate:
+Print the CA certificate:
 
 ```
-# openssl x509 -in ca.crt -text
+$ openssl x509 -in ca.crt -text
 
 Certificate:
     Data:
@@ -808,10 +1067,10 @@ Certificate:
 ...
 ```
 
-Client public certificate:
+Print the client public certificate:
 
 ```
-# openssl x509 -in icinga2-client1.localdomain.crt -text
+$ openssl x509 -in icinga2-agent1.localdomain.crt -text
 
 Certificate:
     Data:
@@ -823,7 +1082,7 @@ Certificate:
         Validity
             Not Before: Aug 20 16:20:05 2016 GMT
             Not After : Aug 17 16:20:05 2031 GMT
-        Subject: CN=icinga2-client1.localdomain
+        Subject: CN=icinga2-agent1.localdomain
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (4096 bit)
@@ -834,7 +1093,7 @@ Certificate:
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Subject Alternative Name:
-                DNS:icinga2-client1.localdomain
+                DNS:icinga2-agent1.localdomain
     Signature Algorithm: sha256WithRSAEncryption
 ...
 ```
@@ -843,46 +1102,182 @@ Make sure to verify the client's certificate and its received `ca.crt` in `/var/
 both instances are signed by the **same CA**.
 
 ```
-# openssl verify -verbose -CAfile /var/lib/icinga2/certs/ca.crt /var/lib/icinga2/certs/icinga2-master1.localdomain.crt
-icinga2-master1.localdomain.crt: OK
+$ openssl verify -verbose -CAfile /var/lib/icinga2/certs/ca.crt /var/lib/icinga2/certs/icinga2-master1.localdomain.crt
 
-# openssl verify -verbose -CAfile /var/lib/icinga2/certs/ca.crt /var/lib/icinga2/certs/icinga2-client1.localdomain.crt
-icinga2-client1.localdomain.crt: OK
+icinga2-master1.localdomain.crt: OK
+```
+
+```
+$ openssl verify -verbose -CAfile /var/lib/icinga2/certs/ca.crt /var/lib/icinga2/certs/icinga2-agent1.localdomain.crt
+
+icinga2-agent1.localdomain.crt: OK
 ```
 
 Fetch the `ca.crt` file from the client node and compare it to your master's `ca.crt` file:
 
 ```
-# scp icinga2-client1:/var/lib/icinga2/certs/ca.crt test-client-ca.crt
-# diff -ur /var/lib/icinga2/certs/ca.crt test-client-ca.crt
+$ scp icinga2-agent1:/var/lib/icinga2/certs/ca.crt test-client-ca.crt
+$ diff -ur /var/lib/icinga2/certs/ca.crt test-client-ca.crt
 ```
 
-On SLES11 you'll need to use the `openssl1` command instead of `openssl`.
-
-<!--
 ### Certificate Signing <a id="troubleshooting-certificate-signing"></a>
--->
+
+Icinga offers two methods:
+
+* [CSR Auto-Signing](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing) which uses a client (an agent or a satellite) ticket generated on the master as trust identifier.
+* [On-Demand CSR Signing](06-distributed-monitoring.md#distributed-monitoring-setup-on-demand-csr-signing) which allows to sign pending certificate requests on the master.
+
+Whenever a signed certificate is not received on the requesting clients, ensure to check the following:
+
+* The ticket was valid and the master's log shows nothing different (CSR Auto-Signing only)
+* If the agent/satellite is directly connected to the CA master, check whether the master actually has performance problems to process the request. If the connection is closed without certificate response, analyse the master's health. It is also advised to upgrade to v2.11 where network stack problems have been fixed.
+* If you're using a 3+ level cluster, check whether the satellite really forwarded the CSR signing request and the master processed it.
+
+Other common errors:
+
+* The generated ticket is invalid. The client receives this error message, as well as the master logs a warning message.
+* The [api](09-object-types.md#objecttype-apilistener) feature does not have the `ticket_salt` attribute set to the generated `TicketSalt` constant by the CLI wizards.
+
+In case you are using On-Demand CSR Signing, `icinga2 ca list` on the master only lists
+pending requests since v2.11. Add `--all` to also see signed requests. Keep in mind that
+old requests are purged after 1 week automatically.
 
 
-### Certificate Problems with OpenSSL 1.1.0 <a id="troubleshooting-certificate-openssl-1-1-0"></a>
+### TLS Handshake: Ciphers <a id="troubleshooting-certificate-handshake-ciphers"></a>
 
-Users have reported problems with SSL certificates inside a distributed monitoring setup when they
+Starting with v2.11, the default configured ciphers have been hardened to modern
+standards. This includes TLS v1.2 as minimum protocol version too.
 
-* updated their Icinga 2 package to 2.7.0 on Windows or
-* upgraded their distribution which included an update to OpenSSL 1.1.0.
+In case the TLS handshake fails with `no shared cipher`, first analyse whether both
+instances support the same ciphers.
 
-Example during startup on a Windows client:
+#### Client connects to Server <a id="troubleshooting-certificate-handshake-ciphers-client"></a>
+
+Connect using `openssl s_client` and try to reproduce the connection problem.
+
+> **Important**
+>
+> The endpoint with the server role **accepting** the connection picks the preferred
+> cipher. E.g. when a satellite connects to the master, the master chooses the cipher.
+>
+> Keep this in mind where to simulate the client role connecting to a server with
+> CLI tools such as `openssl s_client`.
+
+
+`openssl s_client` tells you about the supported and shared cipher suites
+on the remote server. `openssl ciphers` lists locally available ciphers.
 
 ```
-critical/SSL: Error loading and verifying locations in ca key file 'C:\ProgramData\icinga2\etc/icinga2/pki/ca.crt': 219029726, "error:0D0E20DE:asn1 encoding routines:c2i_ibuf:illegal zero content"
-critical/config: Error: Cannot make SSL context for cert path: 'C:\ProgramData\icinga2\etc/icinga2/pki/client.crt' key path: 'C:\ProgramData\icinga2\etc/icinga2/pki/client.key' ca path: 'C:\ProgramData\icinga2\etc/icinga2/pki/ca.crt'.
+$ openssl s_client -connect 192.168.33.5:5665
+...
+
+---
+SSL handshake has read 2899 bytes and written 786 bytes
+---
+New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
+Server public key is 4096 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : AES256-GCM-SHA384
+
+...
 ```
 
-A technical analysis and solution for re-creating the public CA certificate is
-available in [this advisory](https://www.icinga.com/2017/08/30/advisory-for-ssl-problems-with-leading-zeros-on-openssl-1-1-0/).
+You can specifically use one cipher or a list with the `-cipher` parameter:
+
+```
+openssl s_client -connect 192.168.33.5:5665 -cipher 'ECDHE-RSA-AES256-GCM-SHA384'
+```
+
+In order to fully simulate a connecting client, provide the certificates too:
+
+```
+CERTPATH='/var/lib/icinga2/certs'
+HOSTNAME='icinga2.vagrant.demo.icinga.com'
+openssl s_client -connect 192.168.33.5:5665 -cert "${CERTPATH}/${HOSTNAME}.crt" -key "${CERTPATH}/${HOSTNAME}.key" -CAfile "${CERTPATH}/ca.crt" -cipher 'ECDHE-RSA-AES256-GCM-SHA384'
+```
+
+In case to need to change the default cipher list,
+set the [cipher_list](09-object-types.md#objecttype-apilistener) attribute
+in the `api` feature configuration accordingly.
+
+Beware of using insecure ciphers, this may become a
+security risk in your organisation.
+
+#### Server Accepts Client <a id="troubleshooting-certificate-handshake-ciphers-server"></a>
+
+If the master node does not actively connect to the satellite/agent node(s), but instead
+the child node actively connectsm, you can still simulate a TLS handshake.
+
+Use `openssl s_server` instead of `openssl s_client` on the master during the connection
+attempt.
+
+```
+$ openssl s_server -connect 192.168.56.101:5665
+```
+
+Since the server role chooses the preferred cipher suite in Icinga,
+you can test-drive the "agent connects to master" mode here, granted that
+the TCP connection is not blocked by the firewall.
 
 
-## Cluster and Clients Troubleshooting <a id="troubleshooting-cluster"></a>
+#### Cipher Scan Tools <a id="troubleshooting-certificate-handshake-ciphers-scantools"></a>
+
+You can also use different tools to test the available cipher suites, this is what SSL Labs, etc.
+provide for TLS enabled websites as well. [This post](https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers)
+highlights some tools and scripts such as [sslscan](https://github.com/rbsec/sslscan) or [testssl.sh](https://github.com/drwetter/testssl.sh/)
+
+Example for sslscan on macOS against a Debian 10 Buster instance
+running v2.11:
+
+```
+$ brew install sslscan
+
+$ sslscan 192.168.33.22:5665
+Version: 1.11.13-static
+OpenSSL 1.0.2f  28 Jan 2016
+
+Connected to 192.168.33.22
+
+Testing SSL server 192.168.33.22 on port 5665 using SNI name 192.168.33.22
+
+  TLS Fallback SCSV:
+Server supports TLS Fallback SCSV
+
+  TLS renegotiation:
+Session renegotiation not supported
+
+  TLS Compression:
+Compression disabled
+
+  Heartbleed:
+TLS 1.2 not vulnerable to heartbleed
+TLS 1.1 not vulnerable to heartbleed
+TLS 1.0 not vulnerable to heartbleed
+
+  Supported Server Cipher(s):
+Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
+Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
+
+  SSL Certificate:
+Signature Algorithm: sha256WithRSAEncryption
+RSA Key Strength:    4096
+
+Subject:  icinga2-debian10.vagrant.demo.icinga.com
+Altnames: DNS:icinga2-debian10.vagrant.demo.icinga.com
+Issuer:   Icinga CA
+
+Not valid before: Jul 12 07:39:55 2019 GMT
+Not valid after:  Jul  8 07:39:55 2034 GMT
+```
+
+## Distributed Troubleshooting <a id="troubleshooting-cluster"></a>
 
 This applies to any Icinga 2 node in a [distributed monitoring setup](06-distributed-monitoring.md#distributed-monitoring-scenarios).
 
@@ -910,24 +1305,24 @@ works (default port is `5665`).
 
 # netstat -tulpen | grep icinga
 
-# nmap icinga2-client1.localdomain
+# nmap icinga2-agent1.localdomain
 ```
 
-### Cluster Troubleshooting SSL Errors <a id="troubleshooting-cluster-ssl-errors"></a>
+### Cluster Troubleshooting TLS Errors <a id="troubleshooting-cluster-tls-errors"></a>
 
-If the cluster communication fails with SSL error messages, make sure to check
+If the cluster communication fails with TLS/SSL error messages, make sure to check
 the following
 
-* File permissions on the SSL certificate files
+* File permissions on the TLS certificate files
 * Does the used CA match for all cluster endpoints?
   * Verify the `Issuer` being your trusted CA
   * Verify the `Subject` containing your endpoint's common name (CN)
   * Check the validity of the certificate itself
 
-Try to manually connect from `icinga2-client1.localdomain` to the master node `icinga2-master1.localdomain`:
+Try to manually connect from `icinga2-agent1.localdomain` to the master node `icinga2-master1.localdomain`:
 
 ```
-# openssl s_client -CAfile /var/lib/icinga2/certs/ca.crt -cert /var/lib/icinga2/certs/icinga2-client1.localdomain.crt -key /var/lib/icinga2/certs/icinga2-client1.localdomain.key -connect icinga2-master1.localdomain:5665
+$ openssl s_client -CAfile /var/lib/icinga2/certs/ca.crt -cert /var/lib/icinga2/certs/icinga2-agent1.localdomain.crt -key /var/lib/icinga2/certs/icinga2-agent1.localdomain.key -connect icinga2-master1.localdomain:5665
 
 CONNECTED(00000003)
 ---
@@ -939,21 +1334,22 @@ If the connection attempt fails or your CA does not match, [verify the certifica
 
 #### Cluster Troubleshooting Unauthenticated Clients <a id="troubleshooting-cluster-unauthenticated-clients"></a>
 
-Unauthenticated nodes are able to connect. This is required for client setups.
+Unauthenticated nodes are able to connect. This is required for agent/satellite setups.
 
 Master:
 
 ```
-[2015-07-13 18:29:25 +0200] information/ApiListener: New client connection for identity 'icinga2-client1.localdomain' (unauthenticated)
+[2015-07-13 18:29:25 +0200] information/ApiListener: New client connection for identity 'icinga2-agent1.localdomain' (unauthenticated)
 ```
 
-Client as command execution bridge:
+Agent as command execution bridge:
 
 ```
 [2015-07-13 18:29:26 +1000] notice/ClusterEvents: Discarding 'execute command' message from 'icinga2-master1.localdomain': Invalid endpoint origin (client not allowed).
 ```
 
-If these messages do not go away, make sure to [verify the master and client certificates](15-troubleshooting.md#troubleshooting-certificate-verification).
+If these messages do not go away, make sure to [verify the master and agent certificates](15-troubleshooting.md#troubleshooting-certificate-verification).
+
 
 ### Cluster Troubleshooting Message Errors <a id="troubleshooting-cluster-message-errors"></a>
 
@@ -967,21 +1363,25 @@ for later synchronisation, you should make sure to check why the network connect
 Ensure to setup [cluster health checks](06-distributed-monitoring.md#distributed-monitoring-health-checks)
 to monitor all endpoints and zones connectivity.
 
+
 ### Cluster Troubleshooting Command Endpoint Errors <a id="troubleshooting-cluster-command-endpoint-errors"></a>
 
-Command endpoints can be used [for clients](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
+Command endpoints can be used [for agents](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
 as well as inside an [High-Availability cluster](06-distributed-monitoring.md#distributed-monitoring-scenarios).
 
-There is no cli command for manually executing the check, but you can verify
+There is no CLI command for manually executing the check, but you can verify
 the following (e.g. by invoking a forced check from the web interface):
 
-* `/var/log/icinga2/icinga2.log` contains connection and execution errors.
- * The ApiListener is not enabled to [accept commands](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint).
- * `CheckCommand` definition not found on the remote client.
- * Referenced check plugin not found on the remote client.
+* `/var/log/icinga2/icinga2.log` shows connection and execution errors.
+ * The ApiListener is not enabled to [accept commands](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint). This is visible as `UNKNOWN` check result output.
+ * `CheckCommand` definition not found on the remote client. This is visible as `UNKNWON` check result output.
+ * Referenced check plugin not found on the remote agent.
  * Runtime warnings and errors, e.g. unresolved runtime macros or configuration problems.
 * Specific error messages are also populated into `UNKNOWN` check results including a detailed error message in their output.
-* Verify the `check_source` object attribute. This is populated by the node executing the check.
+* Verify the [check source](15-troubleshooting.md#checks-check-source). This is populated by the node executing the check. You can see that in Icinga Web's detail view or by querying the REST API for this checkable object.
+
+Additional tasks:
+
 * More verbose logs are found inside the [debug log](15-troubleshooting.md#troubleshooting-enable-debug-output).
 
 * Use the Icinga 2 API [event streams](12-icinga2-api.md#icinga2-api-event-streams) to receive live check result streams.
@@ -996,16 +1396,93 @@ $ curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://local
 
 ### Cluster Troubleshooting Config Sync <a id="troubleshooting-cluster-config-sync"></a>
 
-If the cluster zones do not sync their configuration, make sure to check the following:
+In order to troubleshoot this, remember the key things with the config sync:
 
 * Within a config master zone, only one configuration master is allowed to have its config in `/etc/icinga2/zones.d`.
-** The master syncs the configuration to `/var/lib/icinga2/api/zones/` during startup and only syncs valid configuration to the other nodes.
-** The other nodes receive the configuration into `/var/lib/icinga2/api/zones/`.
-* The `icinga2.log` log file in `/var/log/icinga2` will indicate whether this ApiListener
-[accepts config](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync), or not.
+    * The config master copies the zone configuration from `/etc/icinga2/zones.d` to `/var/lib/icinga2/api/zones`. This storage is the same for all cluster endpoints, and the source for all config syncs.
+    * The config master puts the `.authoritative` marker on these zone files locally. This is to ensure that it doesn't receive config updates from other endpoints. If you have copied the content from `/var/lib/icinga2/api/zones` to another node, ensure to remove them.
+* During startup, the master validates the entire configuration and only syncs valid configuration to other zone endpoints.
 
-Verify the object's [version](09-object-types.md#object-types) attribute on all nodes to
-check whether the config update and reload was successful or not.
+Satellites/Agents < 2.11 store the received configuration directly in `/var/lib/icinga2/api/zones`, validating it and reloading the daemon.
+Satellites/Agents >= 2.11 put the received configuration into the staging directory `/var/lib/icinga2/api/zones-stage` first, and will only copy this to the production directory `/var/lib/icinga2/api/zones` once the validation was successful.
+
+The configuration sync logs the operations during startup with the `information` severity level. Received zone configuration is also logged.
+
+Typical errors are:
+
+* The api feature doesn't [accept config](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync). This is logged into `/var/lib/icinga2/icinga2.log`.
+* The received configuration zone is not configured in [zones.conf](04-configuration.md#zones-conf) and Icinga denies it. This is logged into `/var/lib/icinga2/icinga2.log`.
+* The satellite/agent has local configuration in `/etc/icinga2/zones.d` and thinks it is authoritive for this zone. It then denies the received update. Purge the content from `/etc/icinga2/zones.d`, `/var/lib/icinga2/api/zones/*` and restart Icinga to fix this.
+
+#### New configuration does not trigger a reload <a id="troubleshooting-cluster-config-sync-no-reload"></a>
+
+The debug/notice log dumps the calculated checksums for all files and the comparison. Analyse this to troubleshoot further.
+
+A complete sync for the `director-global` global zone can look like this:
+
+```
+[2019-08-01 09:20:25 +0200] notice/JsonRpcConnection: Received 'config::Update' message from 'icinga2-master1.localdomain'
+[2019-08-01 09:20:25 +0200] information/ApiListener: Applying config update from endpoint 'icinga2-master1.localdomain' of zone 'master'.
+[2019-08-01 09:20:25 +0200] notice/ApiListener: Creating config update for file '/var/lib/icinga2/api/zones/director-global/.checksums'.
+[2019-08-01 09:20:25 +0200] notice/ApiListener: Creating config update for file '/var/lib/icinga2/api/zones/director-global/.timestamp'.
+[2019-08-01 09:20:25 +0200] notice/ApiListener: Creating config update for file '/var/lib/icinga2/api/zones/director-global/director/001-director-basics.conf'.
+[2019-08-01 09:20:25 +0200] notice/ApiListener: Creating config update for file '/var/lib/icinga2/api/zones/director-global/director/host_templates.conf'.
+[2019-08-01 09:20:25 +0200] information/ApiListener: Received configuration for zone 'director-global' from endpoint 'icinga2-master1.localdomain'. Comparing the checksums.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Checking for config change between stage and production. Old (4): '{"/.checksums":"c4dd1237e36dcad9142f4d9a81324a7cae7d01543a672299
+b8c1bb08b629b7d1","/.timestamp":"f21c0e6551328812d9f5176e5e31f390de0d431d09800a85385630727b404d83","/director/001-director-basics.conf":"f86583eec81c9bf3a1823a761991fb53d640bd0dc
+6cd12bf8c5e6a275359970f","/director/host_templates.conf":"831e9b7e3ec1e33288e56a51e63c688da1d6316155349382a101f7fce6229ecc"}' vs. new (4): '{"/.checksums":"c4dd1237e36dcad9142f4d
+9a81324a7cae7d01543a672299b8c1bb08b629b7d1","/.timestamp":"f21c0e6551328812d9f5176e5e31f390de0d431d09800a85385630727b404d83","/director/001-director-basics.conf":"f86583eec81c9bf
+3a1823a761991fb53d640bd0dc6cd12bf8c5e6a275359970f","/director/host_templates.conf":"831e9b7e3ec1e33288e56a51e63c688da1d6316155349382a101f7fce6229ecc"}'.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Ignoring old internal file '/.checksums'.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Ignoring old internal file '/.timestamp'.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Checking /director/001-director-basics.conf for old checksum: f86583eec81c9bf3a1823a761991fb53d640bd0dc6cd12bf8c5e6a275359970f.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Checking /director/host_templates.conf for old checksum: 831e9b7e3ec1e33288e56a51e63c688da1d6316155349382a101f7fce6229ecc.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Ignoring new internal file '/.checksums'.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Ignoring new internal file '/.timestamp'.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Checking /director/001-director-basics.conf for new checksum: f86583eec81c9bf3a1823a761991fb53d640bd0dc6cd12bf8c5e6a275359970f.
+[2019-08-01 09:20:25 +0200] debug/ApiListener: Checking /director/host_templates.conf for new checksum: 831e9b7e3ec1e33288e56a51e63c688da1d6316155349382a101f7fce6229ecc.
+[2019-08-01 09:20:25 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/001-director-basics.c
+onf' for zone 'director-global'.
+[2019-08-01 09:20:25 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/host_templates.conf'
+for zone 'director-global'.
+[2019-08-01 09:20:25 +0200] information/ApiListener: Applying configuration file update for path '/var/lib/icinga2/api/zones-stage/director-global' (2209 Bytes).
+
+...
+
+[2019-08-01 09:20:25 +0200] information/ApiListener: Received configuration updates (4) from endpoint 'icinga2-master1.localdomain' are different to production, triggering validation and reload.
+[2019-08-01 09:20:25 +0200] notice/Process: Running command '/usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2' '--no-stack-rlimit' 'daemon' '--close-stdio' '-e' '/var/log/icinga2/e
+rror.log' '--validate' '--define' 'System.ZonesStageVarDir=/var/lib/icinga2/api/zones-stage/': PID 4532
+[2019-08-01 09:20:25 +0200] notice/Process: PID 4532 ('/usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2' '--no-stack-rlimit' 'daemon' '--close-stdio' '-e' '/var/log/icinga2/error.l
+og' '--validate' '--define' 'System.ZonesStageVarDir=/var/lib/icinga2/api/zones-stage/') terminated with exit code 0
+[2019-08-01 09:20:25 +0200] information/ApiListener: Config validation for stage '/var/lib/icinga2/api/zones-stage/' was OK, replacing into '/var/lib/icinga2/api/zones/' and trig
+gering reload.
+[2019-08-01 09:20:26 +0200] information/ApiListener: Copying file 'director-global//.checksums' from config sync staging to production zones directory.
+[2019-08-01 09:20:26 +0200] information/ApiListener: Copying file 'director-global//.timestamp' from config sync staging to production zones directory.
+[2019-08-01 09:20:26 +0200] information/ApiListener: Copying file 'director-global//director/001-director-basics.conf' from config sync staging to production zones directory.
+[2019-08-01 09:20:26 +0200] information/ApiListener: Copying file 'director-global//director/host_templates.conf' from config sync staging to production zones directory.
+
+...
+
+[2019-08-01 09:20:26 +0200] notice/Application: Got reload command, forwarding to umbrella process (PID 4236)
+```
+
+#### Syncing Binary Files is Denied <a id="troubleshooting-cluster-config-sync-binary-denied"></a>
+
+The config sync is built for syncing text configuration files, wrapped into JSON-RPC messages.
+Some users have started to use this as binary file sync instead of using tools built for this:
+rsync, git, Puppet, Ansible, etc.
+
+Starting with 2.11, this attempt is now prohibited and logged.
+
+```
+[2019-08-02 16:03:19 +0200] critical/ApiListener: Ignoring file '/etc/icinga2/zones.d/global-templates/forbidden.exe' for cluster config sync: Does not contain valid UTF8. Binary files are not supported.
+Context:
+	(0) Creating config update for file '/etc/icinga2/zones.d/global-templates/forbidden.exe'
+	(1) Activating object 'api' of type 'ApiListener'
+```
+
+In order to solve this problem, remove the mentioned files from `zones.d` and use an alternate way
+of syncing plugin binaries to your satellites and agents.
 
 
 ### Cluster Troubleshooting Overdue Check Results <a id="troubleshooting-cluster-check-results"></a>
@@ -1024,7 +1501,7 @@ certificate's CN, the master will deny all events.
 
 > **Tip**
 >
-> [Icinga Web 2](02-getting-started.md#setting-up-icingaweb2) provides a dashboard view
+> [Icinga Web 2](02-installation.md#setting-up-icingaweb2) provides a dashboard view
 > for overdue check results.
 
 Enable the [debug log](15-troubleshooting.md#troubleshooting-enable-debug-output) on the master
@@ -1035,14 +1512,14 @@ If the client cannot authenticate, it's a more general [problem](15-troubleshoot
 The client's endpoint is not configured on nor trusted by the master node:
 
 ```
-Discarding 'check result' message from 'icinga2-client1.localdomain': Invalid endpoint origin (client not allowed).
+Discarding 'check result' message from 'icinga2-agent1.localdomain': Invalid endpoint origin (client not allowed).
 ```
 
 The check result message sent by the client does not belong to the zone the checkable object is
 in on the master:
 
 ```
-Discarding 'check result' message from 'icinga2-client1.localdomain': Unauthorized access.
+Discarding 'check result' message from 'icinga2-agent1.localdomain': Unauthorized access.
 ```
 
 
@@ -1058,3 +1535,93 @@ Check the following:
 * Check your [connection](15-troubleshooting.md#troubleshooting-cluster-connection-errors) in general.
 * Does the log replay work, e.g. are all events processed and the directory gets cleared up over time?
 * Decrease the `log_duration` attribute value for that specific [endpoint](09-object-types.md#objecttype-endpoint).
+
+The cluster health checks also measure the `slave_lag` metric. Use this data to correlate
+graphs with other events (e.g. disk I/O, network problems, etc).
+
+
+### Cluster Troubleshooting: Windows Agents <a id="troubleshooting-cluster-windows-agents"></a>
+
+
+#### Windows Service Exe Path <a id="troubleshooting-cluster-windows-agents-service-exe-path"></a>
+
+Icinga agents can be installed either as x86 or x64 package. If you enable features, or wonder why
+logs are not written, the first step is to analyse which path the Windows service `icinga2` is using.
+
+Start a new administrative Powershell and ensure that the `icinga2` service is running.
+
+```
+C:\Program Files\ICINGA2\sbin> net start icinga2
+```
+
+Use the `Get-WmiObject` function to extract the windows service and its path name.
+
+```
+C:\Program Files\ICINGA2\sbin> Get-WmiObject win32_service | ?{$_.Name -like '*icinga*'} | select Name, DisplayName, State, PathName
+
+Name    DisplayName State   PathName
+----    ----------- -----   --------
+icinga2 Icinga 2    Running "C:\Program Files\ICINGA2\sbin\icinga2.exe" --scm "daemon"
+```
+
+If you have used the `icinga2.exe` from a different path to enable e.g. the `debuglog` feature,
+navigate into `C:\Program Files\ICINGA2\sbin\` and use the correct exe to control the feature set.
+
+
+#### Windows Agents consuming 100% CPU <a id="troubleshooting-cluster-windows-agents-cpu"></a>
+
+> **Note**
+>
+> The network stack was rewritten in 2.11. This fixes several hanging connections and threads
+> on older Windows agents and master/satellite nodes. Prior to testing the below, plan an upgrade.
+
+Icinga 2 requires the `NodeName` [constant](17-language-reference.md#constants) in various places to run.
+This includes loading the TLS certificates, setting the proper check source,
+and so on.
+
+Typically the Windows setup wizard and also the CLI commands populate the [constants.conf](04-configuration.md#constants-conf)
+file with the auto-detected or user-provided FQDN/Common Name.
+
+If this constant is not set during startup, Icinga will try to resolve the
+FQDN, if that fails, fetch the hostname. If everything fails, it logs
+an error and sets this to `localhost`. This results in undefined behaviour
+if ignored by the admin.
+
+Querying the DNS when not reachable is CPU consuming, and may look like Icinga
+is doing lots of checks, etc. but actually really is just starting up.
+
+In order to fix this, edit the `constants.conf` file and populate
+the `NodeName` constant with the FQDN. Ensure this is the same value
+as the local endpoint object name.
+
+```
+const NodeName = "windows-agent1.domain.com"
+```
+
+
+
+#### Windows blocking Icinga 2 with ephemeral port range <a id="troubleshooting-cluster-windows-agents-ephemeral-port-range"></a>
+
+When you see a message like this in your Windows agent logs:
+
+```
+critical/TcpSocket: Invalid socket: 10055, "An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full."
+```
+
+Windows is blocking Icinga 2 and as such, no more TCP connection handling is possible.
+
+Depending on the version, patch level and installed applications, Windows is changing its
+range of [ephemeral ports](https://en.wikipedia.org/wiki/Ephemeral_port#Range).
+
+In order to solve this, raise the the `MaxUserPort` value in the registry.
+
+```
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
+
+Value Name: MaxUserPort Value
+Type: DWORD
+Value data: 65534
+```
+
+More details in [this blogpost](https://www.netways.de/blog/2019/01/24/windows-blocking-icinga-2-with-ephemeral-port-range/)
+and this [MS help entry](https://support.microsoft.com/en-us/help/196271/when-you-try-to-connect-from-tcp-ports-greater-than-5000-you-receive-t).
diff --git a/doc/16-upgrading-icinga-2.md b/doc/16-upgrading-icinga-2.md
index 2b8d486bf..88c7d8284 100644
--- a/doc/16-upgrading-icinga-2.md
+++ b/doc/16-upgrading-icinga-2.md
@@ -1,22 +1,541 @@
 # Upgrading Icinga 2 <a id="upgrading-icinga-2"></a>
 
-Upgrading Icinga 2 is usually quite straightforward. Ordinarily the only manual steps involved
+Upgrading Icinga 2 is usually quite straightforward.
+Ordinarily the only manual steps involved
 are scheme updates for the IDO database.
 
 Specific version upgrades are described below. Please note that version
 updates are incremental. An upgrade from v2.6 to v2.8 requires to
 follow the instructions for v2.7 too.
 
+## Upgrading to v2.11 <a id="upgrading-to-2-11"></a>
+
+### Packages <a id="upgrading-to-2-11-packages"></a>
+
+EOL distributions where no packages are available with this release:
+
+* SLES 11
+* Ubuntu 14 LTS
+* RHEL/CentOS 6 x86
+
+Raspbian Packages are available inside the `icinga-buster` repository
+on [https://packages.icinga.com](http://packages.icinga.com/raspbian/).
+Please note that Stretch is not supported suffering from compiler
+regressions. Upgrade to Raspbian Buster is highly recommended.
+
+#### Added: Boost 1.66+
+
+The rewrite of our core network stack for cluster and REST API
+requires newer Boost versions, specifically >= 1.66. For technical
+details, please continue reading in [this issue](https://github.com/Icinga/icinga2/issues/7041).
+
+The package dependencies have been updated for RPM/DEB already.
+On platforms where EPEL or Backports cannot satisfy this dependency,
+we provide Boost as package on our [package repository](https://packages.icinga.com):
+
+* SLES 12 (this replaces the SDK requirement)
+* CentOS 6 x64
+* Debian Jessie
+* Ubuntu Xenial/Bionic
+
+After upgrade, you may remove the old Boost packages (1.53 or anything above)
+if you don't need them anymore.
+
+#### Added: .NET Framework 4.6
+
+We modernized the graphical Windows wizard to use the more recent .NET Framework 4.6. This requires that Windows versions
+older than Windows 10/Windows Server 2016 installs at least [.NET Framework 4.6](https://www.microsoft.com/en-US/download/details.aspx?id=53344). Starting with Windows 10/Windows Server 2016 a .NET Framework 4.6 or higher is installed by default.
+
+The MSI-Installer package checks if the .NET Framework 4.6 or higher is present, if not the installation wizard will abort with an error message telling you to install at least .NET Framework 4.6.
+
+#### Removed: YAJL
+
+Our JSON library, namely [YAJL](https://github.com/lloyd/yajl), isn't maintained anymore
+and may cause [crashes](https://github.com/Icinga/icinga2/issues/6684).
+
+It is replaced by [JSON for Modern C++](https://github.com/nlohmann/json) by Niels Lohmann
+and compiled into the binary as header only include. It helps our way to C++11 and allows
+to fix additional UTF8 issues more easily. Read more about its [design goals](https://github.com/nlohmann/json#design-goals)
+and [benchmarks](https://github.com/miloyip/nativejson-benchmark#parsing-time).
+
+### Core <a id="upgrading-to-2-11-core"></a>
+
+#### Reload Handling <a id="upgrading-to-2-11-core-reload-handling"></a>
+
+2.11 provides fixes for unwanted notifications during restarts.
+The updated systemd service file now uses the `KillMode=mixed` setting.
+
+The reload handling was improved with an umbrella process, which means
+that normal runtime operations include **3 processes**. You may need to
+adjust the local instance monitoring of the [procs](08-advanced-topics.md#monitoring-icinga) check.
+
+More details can be found in the [technical concepts](19-technical-concepts.md#technical-concepts-core-reload) chapter.
+
+#### Downtime Notifications <a id="upgrading-to-2-11-core-downtime-notifications"></a>
+
+Imagine that a host/service changes to a HARD NOT-OK state,
+and its check interval is set to a high interval e.g. 1 hour.
+
+A maintenance downtime prevents the notification being sent,
+but once it ends and the host/service is still in a downtime,
+no immediate notification is re-sent but you'll have to wait
+for the next check.
+
+Another scenario is with one-shot notifications (interval=0)
+which would never notify again after the downtime ends and
+the problem state being intact. The state change logic requires
+to recover and become HARD NOT-OK to notify again.
+
+In order to solve these problems with filtered/suppressed notifications
+in downtimes, v2.11 changes the behaviour like this:
+
+- If there was a notification suppressed in a downtime, the core stores that information
+- Once the downtime ends and the problem state is still intact, Icinga checks whether a re-notification should be sent immediately
+
+A new cluster message was added to keep this in sync amongst HA masters.
+
+> **Important**
+>
+> In order to properly use this new feature, all involved endpoints
+> must be upgraded to v2.11.
+
+### Network Stack <a id="upgrading-to-2-11-network-stack"></a>
+
+The core network stack has been rewritten in 2.11 (some say this could be Icinga 3).
+
+You can read the full story [here](https://github.com/Icinga/icinga2/issues/7041).
+
+The only visible changes for users are:
+
+- No more dead-locks with hanging TLS connections (Cluster, REST API)
+- Better log messages in error cases
+- More robust and stable with using external libraries instead of self-written socket I/O
+
+Coming with this release, we've also updated TLS specific requirements
+explained below.
+
+#### TLS 1.2 <a id="upgrading-to-2-11-network-stack-tls-1-2"></a>
+
+v2.11 raises the minimum required TLS version to 1.2.
+This is available since OpenSSL 1.0.1 (EL6 & Debian Jessie).
+
+Older Icinga satellites/agents need to support TLS 1.2 during the TLS
+handshake.
+
+The `api` feature attribute `tls_protocolmin` now only supports the
+value `TLSv1.2` being the default.
+
+#### Hardened Cipher List <a id="upgrading-to-2-11-network-stack-cipher-list"></a>
+
+The previous default cipher list allowed weak ciphers. There's no sane way
+other than explicitly setting the allowed ciphers.
+
+The new default sets this to:
+
+```
+ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256
+```
+
+You can override this setting in the [api](09-object-types.md#objecttype-apilistener)
+feature with the `cipher_list` attribute.
+
+In case that one of these ciphers is marked as insecure in the future,
+please let us know with an issue on GitHub.
+
+### Cluster <a id="upgrading-to-2-11-cluster"></a>
+
+#### Config Sync <a id="upgrading-to-2-11-cluster-config-sync"></a>
+
+2.11 overhauls the cluster config sync in many ways. This includes the
+following under the hood:
+
+- Synced configuration files are not immediately put into production, but left inside a stage.
+- Unsuccessful config validation never puts the config into production, additional logging and API states are available.
+- Zone directories which are not configured in zones.conf, are not included anymore on secondary master/satellites/clients.
+- Synced config change calculation use checksums instead of timestamps to trigger validation/reload. This is more safe, and the usage of timestamps is now deprecated.
+- Don't allow parallel cluster syncs to avoid race conditions with overridden files.
+- Deleted directories and files are now purged, previous versions had a bug.
+
+Whenever a newer child endpoint receives a configuration update without
+checksums, it will log a warning.
+
+```
+Received configuration update without checksums from parent endpoint satellite1. This behaviour is deprecated. Please upgrade the parent endpoint to 2.11+
+```
+
+This is a gentle reminder to upgrade the master and satellites first,
+prior to installing new clients/agents.
+
+Technical details are available in the [technical concepts](19-technical-concepts.md#technical-concepts-cluster-config-sync) chapter.
+
+Since the config sync change detection now uses checksums, this may fail
+with anything else than syncing configuration text files. Syncing binary
+files were never supported, but rumors say that some users do so.
+
+This is now prohibited and logged.
+
+```
+[2019-08-02 16:03:19 +0200] critical/ApiListener: Ignoring file '/etc/icinga2/zones.d/global-templates/forbidden.exe' for cluster config sync: Does not contain valid UTF8. Binary files are not supported.
+Context:
+	(0) Creating config update for file '/etc/icinga2/zones.d/global-templates/forbidden.exe'
+	(1) Activating object 'api' of type 'ApiListener'
+```
+
+Such binaries wrapped into JSON-RPC cluster messages may always cause changes
+and trigger reload loops. In order to prevent such harm in production,
+use infrastructure tools such as Foreman, Puppet, Ansible, etc. to install
+plugins on the masters, satellites and agents.
+
+
+#### HA-aware Features <a id="upgrading-to-2-11-cluster-ha-aware-features"></a>
+
+v2.11 introduces additional HA functionality similar to the DB IDO feature.
+This enables the feature being active only on one endpoint while the other
+endpoint is paused. When one endpoint is shut down, automatic failover happens.
+
+This feature is turned off by default keeping the current behaviour. If you need
+it active on just one endpoint, set `enable_ha = true` on both endpoints in the
+feature configuration.
+
+This affects the following features:
+
+* [Elasticsearch](09-object-types.md#objecttype-elasticsearchwriter)
+* [Gelf](09-object-types.md#objecttype-gelfwriter)
+* [Graphite](09-object-types.md#objecttype-graphitewriter)
+* [InfluxDB](09-object-types.md#objecttype-influxdbwriter)
+* [OpenTsdb](09-object-types.md#objecttype-opentsdbwriter)
+* [Perfdata](09-object-types.md#objecttype-perfdatawriter) (for PNP)
+
+### HA Failover <a id="upgrading-to-2-11-ha-failover"></a>
+
+The reconnect failover has been improved, and the default `failover_timeout`
+for the DB IDO features has been lowered from 60 to 30 seconds.
+Object authority updates (required for balancing in the cluster) happen
+more frequenty (was 30, is 10 seconds).
+Also the cold startup without object authority updates has been reduced
+from 60 to 30 seconds. This is to allow cluster reconnects (lowered from 60s to 10s in 2.10)
+before actually considering a failover/split brain scenario.
+
+The [IdoMysqlConnection](09-object-types.md#objecttype-idomysqlconnection) and [IdoPgsqlConnection](09-object-types.md#objecttype-idopgsqlconnection)
+objects provide a new attribute named `last_failover` which shows the last failover timestamp.
+This value also is available in the [ido](10-icinga-template-library.md#itl-icinga-ido) CheckCommand output.
+
+
+### CLI Commands <a id="upgrading-to-2-11-cli-commands"></a>
+
+The `troubleshoot` CLI command has been removed. It was never completed,
+and turned out not to provide required details for GitHub issues anyways.
+
+We didn't ask nor endorse users on GitHub/Discourse in the past 2 years, so
+we're removing it without deprecation.
+
+Issue templates, the troubleshooting docs and support knowledge has
+proven to be better.
+
+#### Permissions <a id="upgrading-to-2-11-cli-commands-permissions"></a>
+
+CLI commands such as `api setup`, `node wizard/setup`, `feature enable/disable/list`
+required root permissions previously. Since the file permissions allow
+the Icinga user to change things already, and users kept asking to
+run Icinga on their own webspace without root permissions, this is now possible
+with 2.11.
+
+If you are running the commands with a different user than the
+compiled `ICINGA_USER` and `ICINGA_GROUP` CMake settings (`icinga` everywhere,
+except Debian with `nagios` for historical reasons), ensure that this
+user has the capabilities to change to a different user.
+
+If you still encounter problems, run the aforementioned CLI commands as root,
+or with sudo.
+
+#### CA List Behaviour Change <a id="upgrading-to-2-11-cli-commands-ca-list"></a>
+
+`ca list` only shows the pending certificate signing requests by default.
+
+You can use the new `--all` parameter to show all signing requests.
+Note that Icinga automatically purges signed requests older than 1 week.
+
+#### New: CA Remove/Restore <a id="upgrading-to-2-11-cli-commands-ca-remove-restore"></a>
+
+`ca remove` allows you to remove pending signing requests. Once the
+master receives a CSR, and it is marked as removed, the request is
+denied.
+
+`ca restore` allows you to restore a removed signing request. You
+can list removed signing requests with the new `--removed` parameter
+for `ca list`.
+
+### Configuration <a id="upgrading-to-2-11-configuration"></a>
+
+The deprecated `concurrent_checks` attribute in the [checker feature](09-object-types.md#objecttype-checkercomponent)
+has no effect anymore if set. Please use the [MaxConcurrentChecks](17-language-reference.md#icinga-constants-global-config)
+constant in [constants.conf](04-configuration.md#constants-conf) instead.
+
+### REST API <a id="upgrading-to-2-11-api"></a>
+
+#### Actions <a id="upgrading-to-2-11-api-actions"></a>
+
+The [schedule-downtime](12-icinga2-api.md#icinga2-api-actions-schedule-downtime-host-all-services)
+action supports the `all_services` parameter for Host types. Defaults to false.
+
+#### Config Packages <a id="upgrading-to-2-11-api-config-packages"></a>
+
+Deployed configuration packages require an active stage, with many previous
+allowed. This mechanism is used by the Icinga Director as external consumer,
+and Icinga itself for storing runtime created objects inside the `_api`
+package.
+
+This includes downtimes and comments, which where sometimes stored in the wrong
+directory path, because the active-stage file was empty/truncated/unreadable at
+this point.
+
+2.11 makes this mechanism more stable and detects broken config packages.
+It will also attempt to fix them, the following log entry is perfectly fine.
+
+```
+[2019-05-10 12:12:09 +0200] information/ConfigObjectUtility: Repairing config package '_api' with stage 'dbe0bef8-c72c-4cc9-9779-da7c4527c5b2'.
+```
+
+If you still encounter problems, please follow [this troubleshooting entry](15-troubleshooting.md#troubleshooting-api-missing-runtime-objects).
+
+### DB IDO MySQL Schema <a id="upgrading-to-2-11-db-ido"></a>
+
+The schema for MySQL contains an optional update which
+drops unneeded indexes. You don't necessarily need to apply
+this update.
+
+### Documentation <a id="upgrading-to-2-11-documentation"></a>
+
+* `Custom attributes` have been renamed to `Custom variables` following the name `vars` and their usage in backends and web interfaces.
+The term `custom attribute` still applies, but referring from the web to the core docs is easier.
+* The distributed environment term `client` has been refined into `agent`. Wordings and images have been adjusted, and a `client` only is used as
+general term when requesting something from a parent server role.
+* The images for basics, modes and scenarios in the distributed monitoring chapter have been re-created from scratch.
+* `02-getting-started.md` was renamed to `02-installation.md`, `04-configuring-icinga-2.md` into `04-configuration.md`. Apache redirects will be in place.
+
+## Upgrading to v2.10 <a id="upgrading-to-2-10"></a>
+
+### Path Constant Changes <a id="upgrading-to-2-10-path-constant-changes"></a>
+
+During package upgrades you may see a notice that the configuration
+content of features has changed. This is due to a more general approach
+with path constants in v2.10.
+
+The known constants `SysconfDir` and `LocalStateDir` stay intact and won't
+break on upgrade.
+If you are using these constants in your own custom command definitions
+or other objects, you are advised to revise them and update them according
+to the [documentation](17-language-reference.md#icinga-constants).
+
+Example diff:
+
+```
+object NotificationCommand "mail-service-notification" {
+-  command = [ SysconfDir + "/icinga2/scripts/mail-service-notification.sh" ]
++  command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
+```
+
+If you have the `ICINGA2_RUN_DIR` environment variable configured in the
+sysconfig file, you need to rename it to `ICINGA2_INIT_RUN_DIR`. `ICINGA2_STATE_DIR`
+has been removed and this setting has no effect.
+
+> **Note**
+>
+> This is important if you rely on the sysconfig configuration in your own scripts.
+
+### New Constants <a id="upgrading-to-2-10-path-new-constants"></a>
+
+New [Icinga constants](17-language-reference.md#icinga-constants) have been added in this release.
+
+* `Environment` for specifying the Icinga environment. Defaults to not set.
+* `ApiBindHost` and `ApiBindPort` to allow overriding the default ApiListener values. This will be used for an Icinga addon only.
+
+### Configuration: Namespaces <a id="upgrading-to-2-10-configuration-namespaces"></a>
+
+The keywords `namespace` and `using` are now [reserved](17-language-reference.md#reserved-keywords) for the namespace functionality provided
+with v2.10. Read more about how it works [here](17-language-reference.md#namespaces).
+
+### Configuration: ApiListener <a id="upgrading-to-2-10-configuration-apilistener"></a>
+
+Anonymous JSON-RPC connections in the cluster can now be configured with `max_anonymous_clients`
+attribute.
+The corresponding REST API results from `/v1/status/ApiListener` in `json_rpc` have been renamed
+from `clients` to `anonymous_clients` to better reflect their purpose. Authenticated clients
+are counted as connected endpoints. A similar change is there for the performance data metrics.
+
+The TLS handshake timeout defaults to 10 seconds since v2.8.2. This can now be configured
+with the configuration attribute `tls_handshake_timeout`. Beware of performance issues
+with setting a too high value.
+
+### API: schedule-downtime Action <a id="upgrading-to-2-10-api-schedule-downtime-action"></a>
+
+The attribute `child_options` was previously accepting 0,1,2 for specific child downtime settings.
+This behaviour stays intact, but the new proposed way are specific constants as values (`DowntimeNoChildren`, `DowntimeTriggeredChildren`, `DowntimeNonTriggeredChildren`).
+
+### Notifications: Recovery and Acknowledgement <a id="upgrading-to-2-10-notifications"></a>
+
+When a user should be notified on `Problem` and `Acknowledgement`, v2.10 now checks during
+the `Acknowledgement` notification event whether this user has been notified about a problem before.
+
+```
+  types = [ Problem, Acknowledgement, Recovery ]
+```
+
+If **no** `Problem` notification was sent, and the types filter includes problems for this user,
+the `Acknowledgement` notification is **not** sent.
+
+In contrast to that, the following configuration always sends `Acknowledgement` notifications.
+
+```
+  types = [ Acknowledgement, Recovery ]
+```
+
+This change also restores the old behaviour for `Recovery` notifications. The above configuration
+leaving out the `Problem` type can be used to only receive recovery notifications. If `Problem`
+is added to the types again, Icinga 2 checks whether it has notified a user of a problem when
+sending the recovery notification.
+
+More details can be found in [this PR](https://github.com/Icinga/icinga2/pull/6527).
+
+### Stricter configuration validation
+
+Some config errors are now fatal. While it never worked before, icinga2 refuses to start now!
+
+For example the following started to give a fatal error in 2.10:
+
+```
+  object Zone "XXX" {
+    endpoints = [ "master-server" ]
+    parent = "global-templates"
+  }
+```
+
+```critical/config: Error: Zone 'XXX' can not have a global zone as parent.```
+
+### Package Changes <a id="upgrading-to-2-10-package-changes"></a>
+
+Debian/Ubuntu drops the `libicinga2` package. `apt-get upgrade icinga2`
+won't remove such packages leaving the upgrade in an unsatisfied state.
+
+Please use `apt-get full-upgrade` or `apt-get dist-upgrade` instead, as explained [here](https://github.com/Icinga/icinga2/issues/6695#issuecomment-430585915).
+
+On RHEL/CentOS/Fedora, `icinga2-libs` has been obsoleted. Unfortunately yum's dependency
+resolver doesn't allow to install older versions than 2.10 then. Please
+read [here](https://github.com/Icinga/icinga-packaging/issues/114#issuecomment-429264827)
+for details.
+
+RPM packages dropped the [Classic UI](16-upgrading-icinga-2.md#upgrading-to-2-8-removed-classicui-config-package)
+package in v2.8, Debian/Ubuntu packages were forgotten. This is now the case with this
+release. Icinga 1.x is EOL by the end of 2018, plan your migration to [Icinga Web 2](https://icinga.com/docs/icingaweb2/latest/).
+
 ## Upgrading to v2.9 <a id="upgrading-to-2-9"></a>
 
+### Deprecation and Removal Notes <a id="upgrading-to-2-9-deprecation-removal-notes"></a>
+
+- Deprecation of 1.x compatibility features: `StatusDataWriter`, `CompatLogger`, `CheckResultReader`. Their removal is scheduled for 2.11.
+Icinga 1.x is EOL and will be out of support by the end of 2018.
+- Removal of Icinga Studio. It always has been experimental and did not satisfy our high quality standards. We've therefore removed it.
+
+### Sysconfig Changes <a id="upgrading-to-2-9-sysconfig-changes"></a>
+
+The security fixes in v2.8.2 required moving specific runtime settings
+into the Sysconfig file and environment. This included that Icinga 2
+would itself parse this file and read the required variables. This has generated
+numerous false-positive log messages and led to many support questions. v2.9.0
+changes this in the standard way to read these variables from the environment, and use
+sane compile-time defaults.
+
+> **Note**
+>
+> In order to upgrade, remove everything in the sysconfig file and re-apply
+> your changes.
+
+There is a bug with existing sysconfig files where path variables are not expanded
+because systemd [does not support](https://github.com/systemd/systemd/issues/2123)
+shell variable expansion. This worked with SysVInit though.
+
+Edit the sysconfig file and either remove everything, or edit this line
+on RHEL 7. Modify the path for other distributions.
+
+```
+vim /etc/sysconfig/icinga2
+
+-ICINGA2_PID_FILE=$ICINGA2_RUN_DIR/icinga2/icinga2.pid
++ICINGA2_PID_FILE=/run/icinga2/icinga2.pid
+```
+
+If you want to adjust the number of open files for the Icinga application
+for example, you would just add this setting like this on RHEL 7:
+
+```
+vim /etc/sysconfig/icinga2
+
+ICINGA2_RLIMIT_FILES=50000
+```
+
+Restart Icinga 2 afterwards, the systemd service file automatically puts the
+value into the application's environment where this is read on startup.
+
+### Setup Wizard Changes <a id="upgrading-to-2-9-setup-wizard-changes"></a>
+
+Client and satellite setups previously had the example configuration in `conf.d` included
+by default. This caused trouble on config sync, or with locally executed checks generating
+wrong check results for command endpoint clients.
+
+In v2.9.0 `node wizard`, `node setup` and the graphical Windows wizard will disable
+the inclusion by default. You can opt-out and explicitly enable it again if needed.
+
+In addition to the default global zones `global-templates` and `director-global`,
+the setup wizards also offer to specify your own custom global zones and generate
+the required configuration automatically.
+
+The setup wizards also use full qualified names for Zone and Endpoint object generation,
+either the default values (FQDN for clients) or the user supplied input. This removes
+the dependency on the `NodeName` and `ZoneName` constant and helps to immediately see
+the parent-child relationship. Those doing support will also see the benefit in production.
+
+### CLI Command Changes <a id="upgrading-to-2-9-cli-changes"></a>
+
+The [node setup](06-distributed-monitoring.md#distributed-monitoring-automation-cli-node-setup)
+parameter `--master_host` was deprecated and replaced with `--parent_host`.
+This parameter is now optional to allow connection-less client setups similar to the `node wizard`
+CLI command. The `parent_zone` parameter has been added to modify the parent zone name e.g.
+for client-to-satellite setups.
+
+The `api user` command which was released in v2.8.2 turned out to cause huge problems with
+configuration validation, windows restarts and OpenSSL versions. It is therefore removed in 2.9,
+the `password_hash` attribute for the ApiUser object stays intact but has no effect. This is to ensure
+that clients don't break on upgrade. We will revise this feature in future development iterations.
+
 ### Configuration Changes <a id="upgrading-to-2-9-config-changes"></a>
 
 The CORS attributes `access_control_allow_credentials`, `access_control_allow_headers` and
 `access_control_allow_methods` are now controlled by Icinga 2 and cannot be changed anymore.
 
-### CLI Command Changes <a id="upgrading-to-2-9-cli-changes"></a>
+### Unique Generated Names <a id="upgrading-to-2-9-unique-name-changes"></a>
+
+With the removal of RHEL 5 as supported platform, we can finally use real unique IDs.
+This is reflected in generating names for e.g. API stage names. Previously it was a handcrafted
+mix of local FQDN, timestamps and random numbers.
+
+### Custom Vars not updating <a id="upgrading-to-2-9-custom-vars-not-updating"></a>
+
+A rare issue preventing the custom vars of objects created prior to 2.9.0 being updated when changed may occur. To
+remedy this, truncate the customvar tables and restart Icinga 2. The following is an example of how to do this with mysql:
+
+```
+$ mysql -uroot -picinga icinga
+MariaDB [icinga]> truncate icinga_customvariables;
+Query OK, 0 rows affected (0.05 sec)
+MariaDB [icinga]> truncate icinga_customvariablestatus;
+Query OK, 0 rows affected (0.03 sec)
+MariaDB [icinga]> exit
+Bye
+$ sudo systemctl restart icinga2
+```
+
+Custom vars should now stay up to date.
 
-The `node setup` parameter `--master_host` was deprecated and replaced with `--parent_host`. This parameter is now optional to allow connection-less client setups similar to the `node wizard` CLI command. The `parent_zone` parameter has been added to modify the parent zone name e.g. for client-to-satellite setups.
 
 ## Upgrading to v2.8.2 <a id="upgrading-to-2-8-2"></a>
 
@@ -53,8 +572,8 @@ The default certificate path was changed from `/etc/icinga2/pki` to
 
   Old Path                                           | New Path
   ---------------------------------------------------|---------------------------------------------------
-  `/etc/icinga2/pki/icinga2-client1.localdomain.crt` | `/var/lib/icinga2/certs/icinga2-client1.localdomain.crt`
-  `/etc/icinga2/pki/icinga2-client1.localdomain.key` | `/var/lib/icinga2/certs/icinga2-client1.localdomain.key`
+  `/etc/icinga2/pki/icinga2-agent1.localdomain.crt` | `/var/lib/icinga2/certs/icinga2-agent1.localdomain.crt`
+  `/etc/icinga2/pki/icinga2-agent1.localdomain.key` | `/var/lib/icinga2/certs/icinga2-agent1.localdomain.key`
   `/etc/icinga2/pki/ca.crt`                          | `/var/lib/icinga2/certs/ca.crt`
 
 This applies to Windows clients in the same way: `%ProgramData%\etc\icinga2\pki`
@@ -62,8 +581,8 @@ was moved to `%ProgramData%\var\lib\icinga2\certs`.
 
   Old Path                                                        | New Path
   ----------------------------------------------------------------|----------------------------------------------------------------
-  `%ProgramData%\etc\icinga2\pki\icinga2-client1.localdomain.crt` | `%ProgramData%\var\lib\icinga2\certs\icinga2-client1.localdomain.crt`
-  `%ProgramData%\etc\icinga2\pki\icinga2-client1.localdomain.key` | `%ProgramData%\var\lib\icinga2\certs\icinga2-client1.localdomain.key`
+  `%ProgramData%\etc\icinga2\pki\icinga2-agent1.localdomain.crt` | `%ProgramData%\var\lib\icinga2\certs\icinga2-agent1.localdomain.crt`
+  `%ProgramData%\etc\icinga2\pki\icinga2-agent1.localdomain.key` | `%ProgramData%\var\lib\icinga2\certs\icinga2-agent1.localdomain.key`
   `%ProgramData%\etc\icinga2\pki\ca.crt`                          | `%ProgramData%\var\lib\icinga2\certs\ca.crt`
 
 
@@ -205,10 +724,10 @@ attributes. More details can be found [here](08-advanced-topics.md#check-flappin
 ## Upgrading to v2.7 <a id="upgrading-to-2-7"></a>
 
 v2.7.0 provided new notification scripts and commands. Please ensure to
-update your configuration accordingly. An advisory has been published [here](https://www.icinga.com/2017/08/23/advisory-for-icinga-2-v2-7-update-and-mail-notification-scripts/).
+update your configuration accordingly. An advisory has been published [here](https://icinga.com/2017/08/23/advisory-for-icinga-2-v2-7-update-and-mail-notification-scripts/).
 
 In case are having troubles with OpenSSL 1.1.0 and the
-public CA certificates, please read [this advisory](https://www.icinga.com/2017/08/30/advisory-for-ssl-problems-with-leading-zeros-on-openssl-1-1-0/)
+public CA certificates, please read [this advisory](https://icinga.com/2017/08/30/advisory-for-ssl-problems-with-leading-zeros-on-openssl-1-1-0/)
 and check the [troubleshooting chapter](15-troubleshooting.md#troubleshooting).
 
 If Icinga 2 fails to start with an empty reference to `$ICINGA2_CACHE_DIR`
diff --git a/doc/17-language-reference.md b/doc/17-language-reference.md
index d2a865811..ddf048614 100644
--- a/doc/17-language-reference.md
+++ b/doc/17-language-reference.md
@@ -5,12 +5,14 @@
 Icinga 2 features an object-based configuration format. You can define new
 objects using the `object` keyword:
 
-    object Host "host1.example.org" {
-      display_name = "host1"
+```
+object Host "host1.example.org" {
+  display_name = "host1"
 
-      address = "192.168.0.1"
-      address6 = "::1"
-    }
+  address = "192.168.0.1"
+  address6 = "2001:db8:1234::42"
+}
+```
 
 In general you need to write each statement on a new line. Expressions started
 with `{`, `(` and `[` extend until the matching closing character and can be broken
@@ -19,11 +21,13 @@ up into multiple lines.
 Alternatively you can write multiple statements on a single line by separating
 them with a semicolon:
 
-    object Host "host1.example.org" {
-      display_name = "host1"
+```
+object Host "host1.example.org" {
+  display_name = "host1"
 
-      address = "192.168.0.1"; address6 = "::1"
-    }
+  address = "192.168.0.1"; address6 = "2001:db8:1234::42"
+}
+```
 
 Each object is uniquely identified by its type (`Host`) and name
 (`host1.example.org`). Some types have composite names, e.g. the
@@ -53,7 +57,9 @@ A floating-point number.
 
 Example:
 
-    27.3
+```
+27.3
+```
 
 ### Duration Literals <a id="duration-literals"></a>
 
@@ -62,7 +68,9 @@ suffixes to help with specifying time durations.
 
 Example:
 
-    2.5m
+```
+2.5m
+```
 
 Supported suffixes include ms (milliseconds), s (seconds), m (minutes),
 h (hours) and d (days).
@@ -76,7 +84,9 @@ A string.
 
 Example:
 
-    "Hello World!"
+```
+"Hello World!"
+```
 
 #### String Literals Escape Sequences <a id="string-literals-escape-sequences"></a>
 
@@ -104,10 +114,12 @@ Strings spanning multiple lines can be specified by enclosing them in
 
 Example:
 
-    {{{This
-    is
-    a multi-line
-    string.}}}
+```
+{{{This
+is
+a multi-line
+string.}}}
+```
 
 Unlike in ordinary strings special characters do not have to be escaped
 in multi-line string literals.
@@ -130,10 +142,12 @@ The comma after the last key-value pair is optional.
 
 Example:
 
-    {
-      address = "192.168.0.1"
-      port = 443
-    }
+```
+{
+  address = "192.168.0.1"
+  port = 443
+}
+```
 
 Identifiers may not contain certain characters (e.g. space) or start
 with certain characters (e.g. digits). If you want to use a dictionary
@@ -149,7 +163,9 @@ The comma after the last element is optional.
 
 Example:
 
-    [ "hello", 42 ]
+```
+[ "hello", 42 ]
+```
 
 An array may simultaneously contain values of different types, such as
 strings and numbers.
@@ -160,46 +176,103 @@ The following operators are supported in expressions. The operators are sorted b
 
 Operator | Precedence | Examples (Result)                             | Description
 ---------|------------|-----------------------------------------------|--------------------------------
-()       | 1          | (3 + 3) * 5                                   | Groups sub-expressions
-()       | 1          | Math.random()                                 | Calls a function
-[]       | 1          | a[3]                                          | Array subscript
-.        | 1          | a.b                                           | Element access
-!        | 2          | !"Hello" (false), !false (true)               | Logical negation of the operand
-~        | 2          | ~true (false)                                 | Bitwise negation of the operand
-+        | 2          | +3                                            | Unary plus
--        | 2          | -3                                            | Unary minus
-*        | 3          | 5m * 10 (3000)                                | Multiplies two numbers
-/        | 3          | 5m / 5 (60)                                   | Divides two numbers
-%        | 3          | 17 % 12 (5)                                   | Remainder after division
-+        | 4          | 1 + 3 (4), "hello " + "world" ("hello world") | Adds two numbers; concatenates strings
--        | 4          | 3 - 1 (2)                                     | Subtracts two numbers
-<<       | 5          | 4 << 8 (1024)                                 | Left shift
->>       | 5          | 1024 >> 4 (64)                                | Right shift
-<        | 6         | 3 < 5 (true)                                  | Less than
->        | 6         | 3 > 5 (false)                                 | Greater than
-<=       | 6         | 3 <= 3 (true)                                 | Less than or equal
->=       | 6         | 3 >= 3 (true)                                 | Greater than or equal
-in       | 7          | "foo" in [ "foo", "bar" ] (true)              | Element contained in array
-!in      | 7          | "foo" !in [ "bar", "baz" ] (true)             | Element not contained in array
-==       | 8         | "hello" == "hello" (true), 3 == 5 (false)     | Equal to
-!=       | 8         | "hello" != "world" (true), 3 != 3 (false)     | Not equal to
-&        | 9          | 7 & 3 (3)                                     | Binary AND
-^        | 10          | 17 ^ 12 (29)                                  | Bitwise XOR
-&#124;   | 11          | 2 &#124; 3 (3)                                | Binary OR
-&&       | 13         | true && false (false), 3 && 7 (7), 0 && 7 (0) | Logical AND
-&#124;&#124; | 14     | true &#124;&#124; false (true), 0 &#124;&#124; 7 (7)| Logical OR
-=        | 12         | a = 3                                         | Assignment
-=>       | 15         | x => x * x (function with arg x)              | Lambda, for loop
+`()`       | 1          | (3 + 3) * 5                                   | Groups sub-expressions
+`()`       | 1          | Math.random()                                 | Calls a function
+`[]`       | 1          | a[3]                                          | Array subscript
+`.`       | 1          | a.b                                           | Element access
+`!`        | 2          | !"Hello" (false), !false (true)               | Logical negation of the operand
+`~`        | 2          | ~true (false)                                 | Bitwise negation of the operand
+`+`        | 2          | +3                                            | Unary plus
+`-`        | 2          | -3                                            | Unary minus
+`&`        | 2          | &var (reference to 'var')                     | Reference operator
+`*`        | 2          | *var                                          | Indirection operator
+`*`        | 3          | 5m * 10 (3000)                                | Multiplies two numbers
+`/`        | 3          | 5m / 5 (60)                                   | Divides two numbers
+`%`        | 3          | 17 % 12 (5)                                   | Remainder after division
+`+`        | 4          | 1 + 3 (4), "hello " + "world" ("hello world") | Adds two numbers; concatenates strings
+`-`        | 4          | 3 - 1 (2)                                     | Subtracts two numbers
+`<<`       | 5          | 4 << 8 (1024)                                 | Left shift
+`>>`       | 5          | 1024 >> 4 (64)                                | Right shift
+`<`        | 6         | 3 < 5 (true)                                  | Less than
+`>`        | 6         | 3 > 5 (false)                                 | Greater than
+`<=`       | 6         | 3 <= 3 (true)                                 | Less than or equal
+`>=`       | 6         | 3 >= 3 (true)                                 | Greater than or equal
+`in`       | 7          | "foo" in [ "foo", "bar" ] (true)              | Element contained in array
+`!in`      | 7          | "foo" !in [ "bar", "baz" ] (true)             | Element not contained in array
+`==`       | 8         | "hello" == "hello" (true), 3 == 5 (false)     | Equal to
+`!=`       | 8         | "hello" != "world" (true), 3 != 3 (false)     | Not equal to
+`&`        | 9          | 7 & 3 (3)                                     | Binary AND
+`^`        | 10          | 17 ^ 12 (29)                                  | Bitwise XOR
+<code>&#124;</code>    | 11          | 2 &#124; 3 (3)                                | Binary OR
+<code>&#124;&#124;</code>  | 12     | true &#124;&#124; false (true), 0 &#124;&#124; 7 (7)| Logical OR
+`&&`       | 13         | true && false (false), 3 && 7 (7), 0 && 7 (0) | Logical AND
+`=`        | 14         | a = 3                                         | Assignment
+`=>`       | 15         | x => x * x (function with arg x)              | Lambda, for loop
+
+### References <a id="references"></a>
+
+A reference to a value can be obtained using the `&` operator. The `*` operator can be used
+to dereference a reference:
+
+```
+var value = "Hello!"
+var p = &value /* p refers to value */
+*p = "Hi!"
+log(value) // Prints "Hi!" because the variable was changed
+```
+
+### Namespaces <a id="namespaces"></a>
+
+Namespaces can be used to organize variables and functions. They are used to avoid name conflicts. The `namespace`
+keyword is used to create a new namespace:
+
+```
+namespace Utils {
+    function calculate() {
+        return 2 + 2
+    }
+}
+```
+
+The namespace is made available as a global variable which has the namespace's name (e.g. `Utils`):
+
+```
+Utils.calculate()
+```
+
+The `using` keyword can be used to make all attributes in a namespace available to a script without having to
+explicitly specify the namespace's name for each access:
+
+```
+using Utils
+calculate()
+```
+
+The `using` keyword only has an effect for the current file and only for code that follows the keyword:
+
+```
+calculate() // This will not work.
+using Utils
+```
+
+The following namespaces are automatically imported as if by using the `using` keyword:
+
+* System
+* System.Configuration
+* Types
+* Icinga
 
 ### Function Calls <a id="function-calls"></a>
 
 Functions can be called using the `()` operator:
 
-    const MyGroups = [ "test1", "test" ]
+```
+const MyGroups = [ "test1", "test" ]
 
-    {
-      check_interval = len(MyGroups) * 1m
-    }
+{
+  check_interval = len(MyGroups) * 1m
+}
+```
 
 A list of available functions is available in the [Library Reference](18-library-reference.md#library-reference) chapter.
 
@@ -207,7 +280,7 @@ A list of available functions is available in the [Library Reference](18-library
 
 In addition to the `=` operator shown above a number of other operators
 to manipulate attributes are supported. Here's a list of all
-available operators:
+available operators (the outermost `{` `}` stand for a local variable scope):
 
 ### Operator = <a id="operator-assignment"></a>
 
@@ -215,10 +288,12 @@ Sets an attribute to the specified value.
 
 Example:
 
-    {
-      a = 5
-      a = 7
-    }
+```
+{
+  a = 5
+  a = 7
+}
+```
 
 In this example `a` has the value `7` after both instructions are executed.
 
@@ -226,65 +301,81 @@ In this example `a` has the value `7` after both instructions are executed.
 
 The += operator is a shortcut. The following expression:
 
-    {
-      a = [ "hello" ]
-      a += [ "world" ]
-    }
+```
+{
+  a = [ "hello" ]
+  a += [ "world" ]
+}
+```
 
 is equivalent to:
 
-    {
-      a = [ "hello" ]
-      a = a + [ "world" ]
-    }
+```
+{
+  a = [ "hello" ]
+  a = a + [ "world" ]
+}
+```
 
 ### Operator -= <a id="operator-substractive-assignment"></a>
 
 The -= operator is a shortcut. The following expression:
 
-    {
-      a = 10
-      a -= 5
-    }
+```
+{
+  a = 10
+  a -= 5
+}
+```
 
 is equivalent to:
 
-    {
-      a = 10
-      a = a - 5
-    }
+```
+{
+  a = 10
+  a = a - 5
+}
+```
 
 ### Operator \*= <a id="operator-multiply-assignment"></a>
 
 The *= operator is a shortcut. The following expression:
 
-    {
-      a = 60
-      a *= 5
-    }
+```
+{
+  a = 60
+  a *= 5
+}
+```
 
 is equivalent to:
 
-    {
-      a = 60
-      a = a * 5
-    }
+```
+{
+  a = 60
+  a = a * 5
+}
+```
 
 ### Operator /= <a id="operator-dividing-assignment"></a>
 
 The /= operator is a shortcut. The following expression:
 
-    {
-      a = 300
-      a /= 5
-    }
+```
+{
+  a = 300
+  a /= 5
+}
+```
 
 is equivalent to:
 
-    {
-      a = 300
-      a = a / 5
-    }
+```
+{
+  a = 300
+  a = a / 5
+}
+```
 
 ## Indexer <a id="indexer"></a>
 
@@ -292,23 +383,29 @@ The indexer syntax provides a convenient way to set dictionary elements.
 
 Example:
 
-    {
-      hello.key = "world"
-    }
+```
+{
+  hello.key = "world"
+}
+```
 
 Example (alternative syntax):
 
-    {
-      hello["key"] = "world"
-    }
+```
+{
+  hello["key"] = "world"
+}
+```
 
 This is equivalent to writing:
 
-    {
-      hello += {
-        key = "world"
-      }
-    }
+```
+{
+  hello += {
+    key = "world"
+  }
+}
+```
 
 If the `hello` attribute does not already have a value, it is automatically initialized to an empty dictionary.
 
@@ -318,22 +415,24 @@ Objects can import attributes from other objects.
 
 Example:
 
-    template Host "default-host" {
-      vars.colour = "red"
-    }
+```
+template Host "default-host" {
+  vars.colour = "red"
+}
 
-    template Host "test-host" {
-      import "default-host"
+template Host "test-host" {
+  import "default-host"
 
-      vars.colour = "blue"
-    }
+  vars.colour = "blue"
+}
 
-    object Host "localhost" {
-      import "test-host"
+object Host "localhost" {
+  import "test-host"
 
-      address = "127.0.0.1"
-      address6 = "::1"
-    }
+  address = "127.0.0.1"
+  address6 = "::1"
+}
+```
 
 The `default-host` and `test-host` objects are marked as templates
 using the `template` keyword. Unlike ordinary objects templates are not
@@ -341,7 +440,7 @@ instantiated at run-time. Parent objects do not necessarily have to be
 templates, however in general they are.
 
 The `vars` dictionary for the `localhost` object contains all three
-custom attributes and the custom attribute `colour` has the value `"blue"`.
+custom variables and the custom variable `colour` has the value `"blue"`.
 
 Parent objects are resolved in the order they're specified using the
 `import` keyword.
@@ -349,9 +448,11 @@ Parent objects are resolved in the order they're specified using the
 Default templates which are automatically imported into all object definitions
 can be specified using the `default` keyword:
 
-    template CheckCommand "plugin-check-command" default {
-      // ...
-    }
+```
+template CheckCommand "plugin-check-command" default {
+  // ...
+}
+```
 
 Default templates are imported before any other user-specified statement in an
 object definition is evaluated.
@@ -363,45 +464,91 @@ is unspecified.
 
 Global constants can be set using the `const` keyword:
 
-    const VarName = "some value"
+```
+const VarName = "some value"
+```
 
 Once defined a constant can be accessed from any file. Constants cannot be changed
 once they are set.
 
 > **Tip**
 >
-> Best practice is to manage constants in the [constants.conf](04-configuring-icinga-2.md#constants-conf) file.
+> Best practice is to manage constants in the [constants.conf](04-configuration.md#constants-conf) file.
 
 ### Icinga 2 Specific Constants <a id="icinga-constants"></a>
 
-Icinga 2 provides a number of special global constants. Some of them can be overridden using the `--define` command line parameter:
+Icinga 2 provides a number of special global constants. These include directory paths, global configuration
+and runtime parameters for the application version and (build) platform.
+
+#### Directory Path Constants <a id="icinga-constants-director-path"></a>
+
+Constant            | Description
+--------------------|-------------------
+ConfigDir           |**Read-only.** Main configuration directory. Usually set to `/etc/icinga2`.
+DataDir             |**Read-only.** Runtime data for the Icinga daemon. Usually set to `/var/lib/icinga2`.
+LogDir              |**Read-only.** Logfiles from the daemon. Usually set to `/var/log/icinga2`.
+CacheDir            |**Read-only.** Cached status information of the daemon. Usually set to `/var/cache/icinga2`.
+SpoolDir            |**Read-only.** Spool directory for certain data outputs. Usually set to `/var/spool/icinga2`.
+InitRunDir          |**Read-only.** Directory for PID files and sockets in daemon mode. Usually set to `/run/icinga2`.
+ZonesDir            |**Read-only.** Contains the path of the zones.d directory. Defaults to `ConfigDir + "/zones.d"`.
+
+#### Global Configuration Constants <a id="icinga-constants-global-config"></a>
+
+Constant            | Description
+--------------------|-------------------
+Vars                |**Read-write.** Contains a dictionary with global custom variables. Not set by default.
+NodeName            |**Read-write.** Contains the cluster node name. Set to the local hostname by default.
+ReloadTimeout       |**Read-write.** Defines the reload timeout for child processes. Defaults to `300s`.
+Environment         |**Read-write.** The name of the Icinga environment. Included in the SNI host name for outbound connections. Not set by default.
+RunAsUser           |**Read-write.** Defines the user the Icinga 2 daemon is running as. Set in the Icinga 2 sysconfig.
+RunAsGroup          |**Read-write.** Defines the group the Icinga 2 daemon is running as. Set in the Icinga 2 sysconfig.
+MaxConcurrentChecks |**Read-write.** The number of max checks run simultaneously. Defaults to `512`.
+ApiBindHost         |**Read-write.** Overrides the default value for the ApiListener `bind_host` attribute. Not set by default.
+ApiBindPort         |**Read-write.** Overrides the default value for the ApiListener `bind_port` attribute. Not set by default.
+
+#### Application Runtime Constants <a id="icinga-constants-application-runtime"></a>
+
+Constant            | Description
+--------------------|-------------------
+PlatformName        |**Read-only.** The name of the operating system, e.g. `Ubuntu`.
+PlatformVersion     |**Read-only.** The version of the operating system, e.g. `14.04.3 LTS`.
+PlatformKernel      |**Read-only.** The name of the operating system kernel, e.g. `Linux`.
+PlatformKernelVersion|**Read-only.** The version of the operating system kernel, e.g. `3.13.0-63-generic`.
+BuildCompilerName   |**Read-only.** The name of the compiler Icinga was built with, e.g. `Clang`.
+BuildCompilerVersion|**Read-only.** The version of the compiler Icinga was built with, e.g. `7.3.0.7030031`.
+BuildHostName       |**Read-only.** The name of the host Icinga was built on, e.g. `acheron`.
+ApplicationVersion  |**Read-only.** The application version, e.g. `2.9.0`.
+
+#### Additional Constants <a id="icinga-constants-additional"></a>
+
+Writable constants can be specified on the CLI using the `--define/-D` parameter.
+
+> **Note for v2.10+**
+>
+> Default paths which include `/etc` and `/var` as base directory continue to work
+> based on the `SysconfDir` and `LocalStateDir` constants respectively.
+
+In addition to that, the constants below are used to define specific file paths. You should never need
+to change them, as they are pre-compiled based on the constants above.
 
 Variable            |Description
 --------------------|-------------------
-PrefixDir           |**Read-only.** Contains the installation prefix that was specified with cmake -DCMAKE_INSTALL_PREFIX. Defaults to "/usr/local".
-SysconfDir          |**Read-only.** Contains the path of the sysconf directory. Defaults to PrefixDir + "/etc".
-ZonesDir            |**Read-only.** Contains the path of the zones.d directory. Defaults to SysconfDir + "/zones.d".
-LocalStateDir       |**Read-only.** Contains the path of the local state directory. Defaults to PrefixDir + "/var".
-RunDir              |**Read-only.** Contains the path of the run directory. Defaults to LocalStateDir + "/run".
-PkgDataDir          |**Read-only.** Contains the path of the package data directory. Defaults to PrefixDir + "/share/icinga2".
-StatePath           |**Read-write.** Contains the path of the Icinga 2 state file. Defaults to LocalStateDir + "/lib/icinga2/icinga2.state".
-ObjectsPath         |**Read-write.** Contains the path of the Icinga 2 objects file. Defaults to LocalStateDir + "/cache/icinga2/icinga2.debug".
-PidPath             |**Read-write.** Contains the path of the Icinga 2 PID file. Defaults to RunDir + "/icinga2/icinga2.pid".
-Vars                |**Read-write.** Contains a dictionary with global custom attributes. Not set by default.
-NodeName            |**Read-write.** Contains the cluster node name. Set to the local hostname by default.
-RunAsUser           |**Read-write.** Defines the user the Icinga 2 daemon is running as. Set in the Icinga 2 sysconfig.
-RunAsGroup          |**Read-write.** Defines the group the Icinga 2 daemon is running as. Set in the Icinga 2 sysconfig.
-PlatformName        |**Read-only.** The name of the operating system, e.g. "Ubuntu".
-PlatformVersion     |**Read-only.** The version of the operating system, e.g. "14.04.3 LTS".
-PlatformKernel      |**Read-only.** The name of the operating system kernel, e.g. "Linux".
-PlatformKernelVersion|**Read-only.** The version of the operating system kernel, e.g. "3.13.0-63-generic".
-BuildCompilerName   |**Read-only.** The name of the compiler Icinga was built with, e.g. "Clang".
-BuildCompilerVersion|**Read-only.** The version of the compiler Icinga was built with, e.g. "7.3.0.7030031".
-BuildHostName       |**Read-only.** The name of the host Icinga was built on, e.g. "acheron".
-ApplicationVersion  |**Read-only.** The application version, e.g. "2.9.0".
-MaxConcurrentChecks |**Read-write**. The number of max checks run simultaneously. Defaults to 512.
-Environment         |**Read-write**. The name of the Icinga environment. Included in the SNI host name when making outbound connections. Defaults to "production".
+StatePath           |**Read-write.** Contains the path of the Icinga 2 state file. Defaults to `DataDir + "/icinga2.state"`.
+ObjectsPath         |**Read-write.** Contains the path of the Icinga 2 objects file. Defaults to `CacheDir + "/icinga2.debug"`.
+PidPath             |**Read-write.** Contains the path of the Icinga 2 PID file. Defaults to `InitRunDir + "/icinga2.pid"`.
+PkgDataDir          |**Read-only.** Contains the path of the package data directory. Defaults to `PrefixDir + "/share/icinga2"`.
 
+The constants below have been used until Icinga v2.10, and are still intact. You don't need them
+for future builds and configuration based on the newly available constants above.
+
+Variable            |Description
+--------------------|-------------------
+PrefixDir           |**Read-only.** Contains the installation prefix that was specified with `cmake -DCMAKE_INSTALL_PREFIX`. `Defaults to "/usr/local"`.
+SysconfDir          |**Read-only.** Contains the path of the sysconf directory. Defaults to `PrefixDir + "/etc"`.
+LocalStateDir       |**Read-only.** Contains the path of the local state directory. Defaults to `PrefixDir + "/var"`.
+RunDir              |**Read-only.** Contains the path of the run directory. Defaults to `LocalStateDir + "/run"`.
+
+#### Advanced Constants and Variables <a id="icinga-constants-advanced"></a>
 
 Advanced runtime constants. Please only use them if advised by support or developers.
 
@@ -409,22 +556,30 @@ Variable                   | Description
 ---------------------------|-------------------
 EventEngine                |**Read-write.** The name of the socket event engine, can be `poll` or `epoll`. The epoll interface is only supported on Linux.
 AttachDebugger             |**Read-write.** Whether to attach a debugger when Icinga 2 crashes. Defaults to `false`.
-ICINGA2\_RLIMIT\_FILES     |**Read-write.** Defines the resource limit for RLIMIT_NOFILE that should be set at start-up. Value cannot be set lower than the default `16 * 1024`. 0 disables the setting. Set in Icinga 2 sysconfig.
-ICINGA2\_RLIMIT\_PROCESSES |**Read-write.** Defines the resource limit for RLIMIT_NPROC that should be set at start-up. Value cannot be set lower than the default `16 * 1024`. 0 disables the setting. Set in Icinga 2 sysconfig.
-ICINGA2\_RLIMIT\_STACK     |**Read-write.** Defines the resource limit for RLIMIT_STACK that should be set at start-up. Value cannot be set lower than the default `256 * 1024`. 0 disables the setting. Set in Icinga 2 sysconfig.
+
+Advanced sysconfig environment variables, defined in `/etc/sysconfig/icinga2` (RHEL/SLES) or `/etc/default/icinga2` (Debian/Ubuntu).
+
+Variable                   | Description
+---------------------------|-------------------
+ICINGA2\_RLIMIT\_FILES     |**Read-write.** Defines the resource limit for `RLIMIT_NOFILE` that should be set at start-up. Value cannot be set lower than the default `16 * 1024`. 0 disables the setting. Set in Icinga 2 sysconfig.
+ICINGA2\_RLIMIT\_PROCESSES |**Read-write.** Defines the resource limit for `RLIMIT_NPROC` that should be set at start-up. Value cannot be set lower than the default `16 * 1024`. 0 disables the setting. Set in Icinga 2 sysconfig.
+ICINGA2\_RLIMIT\_STACK     |**Read-write.** Defines the resource limit for `RLIMIT_STACK` that should be set at start-up. Value cannot be set lower than the default `256 * 1024`. 0 disables the setting. Set in Icinga 2 sysconfig.
+
 
 ## Apply <a id="apply"></a>
 
 The `apply` keyword can be used to create new objects which are associated with
 another group of objects.
 
-    apply Service "ping" to Host {
-      import "generic-service"
+```
+apply Service "ping" to Host {
+  import "generic-service"
 
-      check_command = "ping4"
+  check_command = "ping4"
 
-      assign where host.name == "localhost"
-    }
+  assign where host.name == "localhost"
+}
+```
 
 In this example the `assign where` condition is a boolean expression which is
 evaluated for all objects of type `Host` and a new service with name "ping"
@@ -459,13 +614,14 @@ chapter.
 [Apply](17-language-reference.md#apply) rules can be extended with the
 [for loop](17-language-reference.md#for-loops) keyword.
 
-    apply Service "prefix-" for (key => value in host.vars.dictionary) to Host {
-      import "generic-service"
-
-      check_command = "ping4"
-      vars.host_value = value
-    }
+```
+apply Service "prefix-" for (key => value in host.vars.dictionary) to Host {
+  import "generic-service"
 
+  check_command = "ping4"
+  vars.host_value = value
+}
+```
 
 Any valid config attribute can be accessed using the `host` and `service`
 variables. The attribute must be of the Array or Dictionary type. In this example
@@ -476,7 +632,7 @@ In this example all generated service object names consist of `prefix-` and
 the value of the `key` iterator. The prefix string can be omitted if not required.
 
 The `key` and `value` variables can be used for object attribute assignment, e.g. for
-setting the `check_command` attribute or custom attributes as command parameters.
+setting the `check_command` attribute or custom variables as command parameters.
 
 `apply for` rules are first evaluated against all objects matching the `for loop` list
 and afterwards the `assign where` and `ignore where` conditions are evaluated.
@@ -492,11 +648,13 @@ chapter.
 Group objects can be assigned to specific member objects using the `assign where`
 and `ignore where` conditions.
 
-    object HostGroup "linux-servers" {
-      display_name = "Linux Servers"
+```
+object HostGroup "linux-servers" {
+  display_name = "Linux Servers"
 
-      assign where host.vars.os == "Linux"
-    }
+  assign where host.vars.os == "Linux"
+}
+```
 
 In this example the `assign where` condition is a boolean expression which is evaluated
 for all objects of the type `Host`. Each matching host is added as member to the host group
@@ -538,13 +696,15 @@ The Icinga 2 configuration format supports C/C++-style and shell-style comments.
 
 Example:
 
-    /*
-     This is a comment.
-     */
-    object Host "localhost" {
-      check_interval = 30 // this is also a comment.
-      retry_interval = 15 # yet another comment
-    }
+```
+/*
+ This is a comment.
+ */
+object Host "localhost" {
+  check_interval = 30 // this is also a comment.
+  retry_interval = 15 # yet another comment
+}
+```
 
 ## Includes <a id="includes"></a>
 
@@ -554,15 +714,19 @@ Paths must be relative to the configuration file that contains the
 
 Example:
 
-    include "some/other/file.conf"
-    include "conf.d/*.conf"
+```
+include "some/other/file.conf"
+include "conf.d/*.conf"
+```
 
 Wildcard includes are not recursive.
 
 Icinga also supports include search paths similar to how they work in a
 C/C++ compiler:
 
-    include <itl>
+```
+include <itl>
+```
 
 Note the use of angle brackets instead of double quotes. This causes the
 config compiler to search the include search paths for the specified
@@ -579,8 +743,10 @@ files in a directory which match a certain pattern.
 
 Example:
 
-    include_recursive "conf.d", "*.conf"
-    include_recursive "templates"
+```
+include_recursive "conf.d", "*.conf"
+include_recursive "templates"
+```
 
 The first parameter specifies the directory from which files should be
 recursively included.
@@ -590,6 +756,14 @@ When no pattern is specified the default pattern "*.conf" is used.
 
 ## Zone Includes <a id="zone-includes"></a>
 
+> **Note**
+>
+> This is an internal functionality consumed by Icinga itself.
+>
+> The preferred way for users managing configuration files in
+> zones is to use the [cluster config sync](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)
+> or [REST API config packages](12-icinga2-api.md#icinga2-api-config-management).
+
 The `include_zones` recursively includes all subdirectories for the
 given path.
 
@@ -598,8 +772,10 @@ in these subdirectories to the name of the subdirectory.
 
 Example:
 
-    include_zones "etc", "zones.d", "*.conf"
-    include_zones "puppet", "puppet-zones"
+```
+include_zones "etc", "zones.d", "*.conf"
+include_zones "puppet", "puppet-zones"
+```
 
 The first parameter specifies a tag name for this directive. Each `include_zones`
 invocation should use a unique tag name. When copying the zones' configuration
@@ -623,14 +799,18 @@ Functions can be defined using the `function` keyword.
 
 Example:
 
-    function multiply(a, b) {
-      return a * b
-    }
+```
+function multiply(a, b) {
+  return a * b
+}
+```
 
 When encountering the `return` keyword further execution of the function is terminated and
 the specified value is supplied to the caller of the function:
 
-    log(multiply(3, 5))
+```
+log(multiply(3, 5))
+```
 
 In this example the `multiply` function we declared earlier is invoked with two arguments (3 and 5).
 The function computes the product of those arguments and makes the result available to the
@@ -642,16 +822,20 @@ Functions which do not have a `return` statement have their return value set to
 last expression which was performed by the function. For example, we could have also written our
 `multiply` function like this:
 
-    function multiply(a, b) {
-      a * b
-    }
+```
+function multiply(a, b) {
+  a * b
+}
+```
 
 Anonymous functions can be created by omitting the name in the function definition. The
 resulting function object can be used like any other value:
 
-    var fn = function() { 3 }
+```
+var fn = function() { 3 }
 
-    fn() /* Returns 3 */
+fn() /* Returns 3 */
+```
 
 ## Lambda Expressions <a id="lambdas"></a>
 
@@ -659,20 +843,26 @@ Functions can also be declared using the alternative lambda syntax.
 
 Example:
 
-    f = (x) => x * x
+```
+f = (x) => x * x
+```
 
 Multiple statements can be used by putting the function body into braces:
 
-    f = (x) => {
-      log("Lambda called")
-      x * x
-    }
+```
+f = (x) => {
+  log("Lambda called")
+  x * x
+}
+```
 
 Just like with ordinary functions the return value is the value of the last statement.
 
 For lambdas which take exactly one argument the braces around the arguments can be omitted:
 
-    f = x => x * x
+```
+f = x => x * x
+```
 
 ## Abbreviated Lambda Syntax <a id="nullary-lambdas"></a>
 
@@ -680,7 +870,9 @@ Lambdas which take no arguments can also be written using the abbreviated lambda
 
 Example:
 
-    f = {{ 3 }}
+```
+f = {{ 3 }}
+```
 
 This creates a new function which returns the value 3.
 
@@ -696,10 +888,12 @@ already exists there:
 The local scope contains variables which only exist during the invocation of the current function,
 object or apply statement. Local variables can be declared using the `var` keyword:
 
-    function multiply(a, b) {
-      var temp = a * b
-      return temp
-    }
+```
+function multiply(a, b) {
+  var temp = a * b
+  return temp
+}
+```
 
 Each time the `multiply` function is invoked a new `temp` variable is used which is in no way
 related to previous invocations of the function.
@@ -710,40 +904,45 @@ the `this` scope is used.
 The `this` scope refers to the current object which the function or object/apply statement
 operates on.
 
-    object Host "localhost" {
-      check_interval = 5m
-    }
+```
+object Host "localhost" {
+  check_interval = 5m
+}
+```
 
 In this example the `this` scope refers to the "localhost" object. The `check_interval` attribute
 is set for this particular host.
 
 You can explicitly access the `this` scope using the `this` keyword:
 
-    object Host "localhost" {
-      var check_interval = 5m
-  
-      /* This explicitly specifies that the attribute should be set
-       * for the host, if we had omitted `this.` the (poorly named)
-       * local variable `check_interval` would have been modified instead.
-       */
-      this.check_interval = 1m 
-  }
+```
+object Host "localhost" {
+  var check_interval = 5m
 
+  /* This explicitly specifies that the attribute should be set
+   * for the host, if we had omitted `this.` the (poorly named)
+   * local variable `check_interval` would have been modified instead.
+   */
+  this.check_interval = 1m
+}
+```
 Similarly the keywords `locals` and `globals` are available to access the local and global scope.
 
 Functions also have a `this` scope. However unlike for object/apply statements the `this` scope for
 a function is set to whichever object was used to invoke the function. Here's an example:
 
-     hm = {
-       h_word = null
- 
-       function init(word) {
-         h_word = word
-       }
-     }
+```
+ hm = {
+   h_word = null
 
-     /* Let's invoke the init() function */
-     hm.init("hello")
+   function init(word) {
+     h_word = word
+   }
+ }
+
+ /* Let's invoke the init() function */
+ hm.init("hello")
+```
 
 We're using `hm.init` to invoke the function which causes the value of `hm` to become the `this`
 scope for this function call.
@@ -755,22 +954,26 @@ outside of their scope (except for global variables).
 
 In order to access variables which are defined in the outer scope the `use` keyword can be used:
 
-    function MakeHelloFunction(name) {
-      return function() use(name) {
-        log("Hello, " + name)
-      }
-    }
+```
+function MakeHelloFunction(name) {
+  return function() use(name) {
+    log("Hello, " + name)
+  }
+}
+```
 
 In this case a new variable `name` is created inside the inner function's scope which has the
 value of the `name` function argument.
 
 Alternatively a different value for the inner variable can be specified:
 
-    function MakeHelloFunction(name) {
-      return function() use (greeting = "Hello, " + name) {
-        log(greeting)
-      }
-    }
+```
+function MakeHelloFunction(name) {
+  return function() use (greeting = "Hello, " + name) {
+    log(greeting)
+  }
+}
+```
 
 ## Conditional Statements <a id="conditional-statements"></a>
 
@@ -779,26 +982,30 @@ construct can be used to accomplish this.
 
 Example:
 
-    a = 3
+```
+a = 3
 
-    if (a < 5) {
-      a *= 7
-    } else if (a > 10) {
-      a *= 5
-    } else {
-      a *= 2
-    }
+if (a < 5) {
+  a *= 7
+} else if (a > 10) {
+  a *= 5
+} else {
+  a *= 2
+}
+```
 
 An if/else construct can also be used in place of any other value. The value of an if/else statement
 is the value of the last statement which was evaluated for the branch which was taken:
 
-    a = if (true) {
-      log("Taking the 'true' branch")
-      7 * 3
-    } else {
-      log("Taking the 'false' branch")
-      9
-    }
+```
+a = if (true) {
+  log("Taking the 'true' branch")
+  7 * 3
+} else {
+  log("Taking the 'false' branch")
+  9
+}
+```
 
 This example prints the log message "Taking the 'true' branch" and the `a` variable is set to 21 (7 * 3).
 
@@ -811,12 +1018,14 @@ This is repeated until the condition is no longer true.
 
 Example:
 
-    var num = 5
+```
+var num = 5
 
-    while (num > 5) {
-        log("Test")
-        num -= 1
-    }
+while (num > 5) {
+    log("Test")
+    num -= 1
+}
+```
 
 The `continue` and `break` keywords can be used to control how the loop is executed: The `continue` keyword
 skips over the remaining expressions for the loop body and begins the next loop evaluation. The `break` keyword
@@ -828,42 +1037,53 @@ The `for` statement can be used to iterate over arrays and dictionaries.
 
 Example:
 
-    var list = [ "a", "b", "c" ]
+```
+var list = [ "a", "b", "c" ]
 
-    for (item in list) {
-      log("Item: " + item)
-    }
+for (var item in list) {
+  log("Item: " + item)
+}
+```
 
 The loop body is evaluated once for each item in the array. The variable `item` is declared as a local
 variable just as if the `var` keyword had been used.
 
 Iterating over dictionaries can be accomplished in a similar manner:
 
-    var dict = { a = 3, b = 7 }
+```
+var dict = { a = 3, b = 7 }
 
-    for (key => value in dict) {
-      log("Key: " + key + ", Value: " + value)
-    }
+for (var key => var value in dict) {
+  log("Key: " + key + ", Value: " + value)
+}
+```
 
 The `continue` and `break` keywords can be used to control how the loop is executed: The `continue` keyword
 skips over the remaining expressions for the loop body and begins the next loop evaluation. The `break` keyword
 breaks out of the loop.
 
+The `var` keyword is optional when declaring variables in the loop's header. Variables declared without the `var`
+keyword are nonetheless local to the function.
+
 ## Constructors <a id="constructor"></a>
 
 In order to create a new value of a specific type constructor calls may be used.
 
 Example:
 
-    var pd = PerfdataValue()
-    pd.label = "test"
-    pd.value = 10
+```
+var pd = PerfdataValue()
+pd.label = "test"
+pd.value = 10
+```
 
 You can also try to convert an existing value to another type by specifying it as an argument for the constructor call.
 
 Example:
 
-    var s = String(3) /* Sets s to "3". */
+```
+var s = String(3) /* Sets s to "3". */
+```
 
 ## Throwing Exceptions <a id="throw"></a>
 
@@ -872,7 +1092,9 @@ using the `throw` keyword.
 
 Example:
 
-    throw "An error occurred."
+```
+throw "An error occurred."
+```
 
 ## Handling Exceptions <a id="try-except"></a>
 
@@ -881,13 +1103,15 @@ Exceptions can be handled using the `try` and `except` keywords. When an excepti
 
 Example:
 
-    try {
-        throw "Test"
+```
+try {
+    throw "Test"
 
-        log("This statement won't get executed.")
-    } except {
-        log("An error occurred in the try clause.")
-    }
+    log("This statement won't get executed.")
+} except {
+    log("An error occurred in the try clause.")
+}
+```
 
 ## Breakpoints <a id="breakpoints"></a>
 
@@ -899,7 +1123,9 @@ By default breakpoints have no effect unless Icinga is started with the `--scrip
 
 All values have a static type. The `typeof` function can be used to determine the type of a value:
 
-    typeof(3) /* Returns an object which represents the type for numbers */
+```
+typeof(3) /* Returns an object which represents the type for numbers */
+```
 
 The following built-in types are available:
 
@@ -918,14 +1144,18 @@ e.g. Host, Service, CheckCommand, etc.
 Each type has an associated type object which describes the type's semantics. These
 type objects are made available using global variables which match the type's name:
 
-    /* This logs 'true' */
-    log(typeof(3) == Number)
+```
+/* This logs 'true' */
+log(typeof(3) == Number)
+```
 
 The type object's `prototype` property can be used to find out which methods a certain type
 supports:
 
-    /* This returns: ["contains","find","len","lower","replace","reverse","split","substr","to_string","trim","upper"] */
-    keys(String.prototype)
+```
+/* This returns: ["contains","find","len","lower","replace","reverse","split","substr","to_string","trim","upper"] */
+keys(String.prototype)
+```
 
 Additional documentation on type methods is available in the
 [library reference](18-library-reference.md#library-reference).
@@ -937,76 +1167,84 @@ The location of the currently executing script can be obtained using the
 
 Example:
 
-    log("Hello from '" + current_filename + "' in line " + current_line)
+```
+log("Hello from '" + current_filename + "' in line " + current_line)
+```
 
 ## Reserved Keywords <a id="reserved-keywords"></a>
 
-These keywords are reserved and must not be used as constants or custom attributes.
-
-    object
-    template
-    include
-    include_recursive
-    include_zones
-    library
-    null
-    true
-    false
-    const
-    var
-    this
-    globals
-    locals
-    use
-    default
-    ignore_on_error
-    current_filename
-    current_line
-    apply
-    to
-    where
-    import
-    assign
-    ignore
-    function
-    return
-    break
-    continue
-    for
-    if
-    else
-    while
-    throw
-    try
-    except
-    in
+These keywords are reserved and must not be used as constants or custom variables.
 
+```
+object
+template
+include
+include_recursive
+include_zones
+library
+null
+true
+false
+const
+var
+this
+globals
+locals
+use
+default
+ignore_on_error
+current_filename
+current_line
+apply
+to
+where
+import
+assign
+ignore
+function
+return
+break
+continue
+for
+if
+else
+while
+throw
+try
+except
+in
+using
+namespace
+```
 You can escape reserved keywords using the `@` character. The following example
 tries to set `vars.include` which references a reserved keyword and generates
 an error:
 
-    [2014-09-15 17:24:00 +0200] critical/config: Location:
-    /etc/icinga2/conf.d/hosts/localhost.conf(13):   vars.sla = "24x7"
-    /etc/icinga2/conf.d/hosts/localhost.conf(14):
-    /etc/icinga2/conf.d/hosts/localhost.conf(15):   vars.include = "some cmdb export field"
-                                                         ^^^^^^^
-    /etc/icinga2/conf.d/hosts/localhost.conf(16): }
-    /etc/icinga2/conf.d/hosts/localhost.conf(17):
+```
+[2014-09-15 17:24:00 +0200] critical/config: Location:
+/etc/icinga2/conf.d/hosts/localhost.conf(13):   vars.sla = "24x7"
+/etc/icinga2/conf.d/hosts/localhost.conf(14):
+/etc/icinga2/conf.d/hosts/localhost.conf(15):   vars.include = "some cmdb export field"
+                                                     ^^^^^^^
+/etc/icinga2/conf.d/hosts/localhost.conf(16): }
+/etc/icinga2/conf.d/hosts/localhost.conf(17):
 
-    Config error: in /etc/icinga2/conf.d/hosts/localhost.conf: 15:8-15:14: syntax error, unexpected include (T_INCLUDE), expecting T_IDENTIFIER
-    [2014-09-15 17:24:00 +0200] critical/config: 1 errors, 0 warnings.
+Config error: in /etc/icinga2/conf.d/hosts/localhost.conf: 15:8-15:14: syntax error, unexpected include (T_INCLUDE), expecting T_IDENTIFIER
+[2014-09-15 17:24:00 +0200] critical/config: 1 errors, 0 warnings.
+```
 
 You can escape the `include` keyword by prefixing it with an additional `@` character:
 
-    object Host "localhost" {
-      import "generic-host"
+```
+object Host "localhost" {
+  import "generic-host"
 
-      address = "127.0.0.1"
-      address6 = "::1"
+  address = "127.0.0.1"
+  address6 = "::1"
 
-      vars.os = "Linux"
-      vars.sla = "24x7"
-
-      vars.@include = "some cmdb export field"
-    }
+  vars.os = "Linux"
+  vars.sla = "24x7"
 
+  vars.@include = "some cmdb export field"
+}
+```
diff --git a/doc/18-library-reference.md b/doc/18-library-reference.md
index 5a3209dfe..9ec4acd31 100644
--- a/doc/18-library-reference.md
+++ b/doc/18-library-reference.md
@@ -14,7 +14,9 @@ them in your scenarios.
 
 Signature:
 
-    function regex(pattern, value, mode)
+```
+function regex(pattern, value, mode)
+```
 
 Returns true if the regular expression `pattern` matches the `value`, false otherwise.
 The `value` can be of the type [String](18-library-reference.md#string-type) or [Array](18-library-reference.md#array-type) (which
@@ -28,32 +30,37 @@ The default mode is `MatchAll`.
 
 Example for string values:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => host.vars.os_type = "Linux/Unix"
-    null
-    <2> => regex("^Linux", host.vars.os_type)
-    true
-    <3> => regex("^Linux$", host.vars.os_type)
-    false
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => host.vars.os_type = "Linux/Unix"
+null
+<2> => regex("^Linux", host.vars.os_type)
+true
+<3> => regex("^Linux$", host.vars.os_type)
+false
+```
 
 Example for an array of string values:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => host.vars.databases = [ "db-prod1", "db-prod2", "db-dev" ]
-    null
-    <2> => regex("^db-prod\\d+", host.vars.databases, MatchAny)
-    true
-    <3> => regex("^db-prod\\d+", host.vars.databases, MatchAll)
-    false
-
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => host.vars.databases = [ "db-prod1", "db-prod2", "db-dev" ]
+null
+<2> => regex("^db-prod\\d+", host.vars.databases, MatchAny)
+true
+<3> => regex("^db-prod\\d+", host.vars.databases, MatchAll)
+false
+```
 
 ### match <a id="global-functions-match"></a>
 
 Signature:
 
-    function match(pattern, text, mode)
+```
+function match(pattern, text, mode)
+```
 
 Returns true if the wildcard (`?*`) `pattern` matches the `value`, false otherwise.
 The `value` can be of the type [String](18-library-reference.md#string-type) or [Array](18-library-reference.md#array-type) (which
@@ -65,32 +72,37 @@ The default mode is `MatchAll`.
 
 Example for string values:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var name = "db-prod-sfo-657"
-    null
-    <2> => match("*prod-sfo*", name)
-    true
-    <3> => match("*-dev-*", name)
-    false
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var name = "db-prod-sfo-657"
+null
+<2> => match("*prod-sfo*", name)
+true
+<3> => match("*-dev-*", name)
+false
+```
 
 Example for an array of string values:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0-28)
-    <1> => host.vars.application_types = [ "web-wp", "web-rt", "db-local" ]
-    null
-    <2> => match("web-*", host.vars.application_types, MatchAll)
-    false
-    <3> => match("web-*", host.vars.application_types, MatchAny)
-    true
-
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0-28)
+<1> => host.vars.application_types = [ "web-wp", "web-rt", "db-local" ]
+null
+<2> => match("web-*", host.vars.application_types, MatchAll)
+false
+<3> => match("web-*", host.vars.application_types, MatchAny)
+true
+```
 
 ### cidr_match <a id="global-functions-cidr_match"></a>
 
 Signature:
 
-    function cidr_match(pattern, ip, mode)
+```
+function cidr_match(pattern, ip, mode)
+```
 
 Returns true if the CIDR pattern matches the IP address, false otherwise.
 
@@ -102,33 +114,39 @@ either `MatchAll` (in which case all elements for an array have to match) or `Ma
 
 Example for a single IP address:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => host.address = "192.168.56.101"
-    null
-    <2> => cidr_match("192.168.56.0/24", host.address)
-    true
-    <3> => cidr_match("192.168.56.0/26", host.address)
-    false
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => host.address = "192.168.56.101"
+null
+<2> => cidr_match("192.168.56.0/24", host.address)
+true
+<3> => cidr_match("192.168.56.0/26", host.address)
+false
+```
 
 Example for an array of IP addresses:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => host.vars.vhost_ips = [ "192.168.56.101", "192.168.56.102", "10.0.10.99" ]
-    null
-    <2> => cidr_match("192.168.56.0/24", host.vars.vhost_ips, MatchAll)
-    false
-    <3> => cidr_match("192.168.56.0/24", host.vars.vhost_ips, MatchAny)
-    true
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => host.vars.vhost_ips = [ "192.168.56.101", "192.168.56.102", "10.0.10.99" ]
+null
+<2> => cidr_match("192.168.56.0/24", host.vars.vhost_ips, MatchAll)
+false
+<3> => cidr_match("192.168.56.0/24", host.vars.vhost_ips, MatchAny)
+true
+```
 
 ### range <a id="global-functions-range"></a>
 
 Signature:
 
-    function range(end)
-    function range(start, end)
-    function range(start, end, increment)
+```
+function range(end)
+function range(start, end)
+function range(start, end, increment)
+```
 
 Returns an array of numbers in the specified range.
 If you specify one parameter, the first element starts at `0`.
@@ -142,20 +160,24 @@ as third parameter.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => range(5)
-    [ 0.000000, 1.000000, 2.000000, 3.000000, 4.000000 ]
-    <2> => range(2,4)
-    [ 2.000000, 3.000000 ]
-    <3> => range(2,10,2)
-    [ 2.000000, 4.000000, 6.000000, 8.000000 ]
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => range(5)
+[ 0.000000, 1.000000, 2.000000, 3.000000, 4.000000 ]
+<2> => range(2,4)
+[ 2.000000, 3.000000 ]
+<3> => range(2,10,2)
+[ 2.000000, 4.000000, 6.000000, 8.000000 ]
+```
 
 ### len <a id="global-functions-len"></a>
 
 Signature:
 
-    function len(value)
+```
+function len(value)
+```
 
 Returns the length of the value, i.e. the number of elements for an array
 or dictionary, or the length of the string in bytes.
@@ -166,68 +188,78 @@ prototype method: [Array#len](18-library-reference.md#array-len), [Dictionary#le
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => host.groups = [ "linux-servers", "db-servers" ]
-    null
-    <2> => host.groups.len()
-    2.000000
-    <3> => host.vars.disks["/"] = {}
-    null
-    <4> => host.vars.disks["/var"] = {}
-    null
-    <5> => host.vars.disks.len()
-    2.000000
-    <6> => host.vars.os_type = "Linux/Unix"
-    null
-    <7> => host.vars.os_type.len()
-    10.000000
-
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => host.groups = [ "linux-servers", "db-servers" ]
+null
+<2> => host.groups.len()
+2.000000
+<3> => host.vars.disks["/"] = {}
+null
+<4> => host.vars.disks["/var"] = {}
+null
+<5> => host.vars.disks.len()
+2.000000
+<6> => host.vars.os_type = "Linux/Unix"
+null
+<7> => host.vars.os_type.len()
+10.000000
+```
 
 ### union <a id="global-functions-union"></a>
 
 Signature:
 
-    function union(array, array, ...)
+```
+function union(array, array, ...)
+```
 
 Returns an array containing all unique elements from the specified arrays.
 
 Example:
-
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var dev_notification_groups = [ "devs", "slack" ]
-    null
-    <2> => var host_notification_groups = [ "slack", "noc" ]
-    null
-    <3> => union(dev_notification_groups, host_notification_groups)
-    [ "devs", "noc", "slack" ]
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var dev_notification_groups = [ "devs", "slack" ]
+null
+<2> => var host_notification_groups = [ "slack", "noc" ]
+null
+<3> => union(dev_notification_groups, host_notification_groups)
+[ "devs", "noc", "slack" ]
+```
 
 ### intersection <a id="global-functions-intersection"></a>
 
 Signature:
 
-    function intersection(array, array, ...)
+```
+function intersection(array, array, ...)
+```
 
 Returns an array containing all unique elements which are common to all
 specified arrays.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var dev_notification_groups = [ "devs", "slack" ]
-    null
-    <2> => var host_notification_groups = [ "slack", "noc" ]
-    null
-    <3> => intersection(dev_notification_groups, host_notification_groups)
-    [ "slack" ]
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var dev_notification_groups = [ "devs", "slack" ]
+null
+<2> => var host_notification_groups = [ "slack", "noc" ]
+null
+<3> => intersection(dev_notification_groups, host_notification_groups)
+[ "slack" ]
+```
 
 ### keys <a id="global-functions-keys"></a>
 
 Signature:
 
-    function keys(dict)
+```
+function keys(dict)
+```
 
 Returns an array containing the dictionary's keys.
 
@@ -236,20 +268,24 @@ prototype method: [Dictionary#keys](18-library-reference.md#dictionary-keys).
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => host.vars.disks["/"] = {}
-    null
-    <2> => host.vars.disks["/var"] = {}
-    null
-    <3> => host.vars.disks.keys()
-    [ "/", "/var" ]
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => host.vars.disks["/"] = {}
+null
+<2> => host.vars.disks["/var"] = {}
+null
+<3> => host.vars.disks.keys()
+[ "/", "/var" ]
+```
 
 ### string <a id="global-functions-string"></a>
 
 Signature:
 
-    function string(value)
+```
+function string(value)
+```
 
 Converts the value to a string.
 
@@ -264,81 +300,99 @@ prototype method:
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => 5.to_string()
-    "5"
-    <2> => false.to_string()
-    "false"
-    <3> => "abc".to_string()
-    "abc"
-    <4> => [ "dev", "slack" ].to_string()
-    "[ \"dev\", \"slack\" ]"
-    <5> => { "/" = {}, "/var" = {} }.to_string()
-    "{\n\t\"/\" = {\n\t}\n\t\"/var\" = {\n\t}\n}"
-    <6> => DateTime(2016, 11, 25).to_string()
-    "2016-11-25 00:00:00 +0100"
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => 5.to_string()
+"5"
+<2> => false.to_string()
+"false"
+<3> => "abc".to_string()
+"abc"
+<4> => [ "dev", "slack" ].to_string()
+"[ \"dev\", \"slack\" ]"
+<5> => { "/" = {}, "/var" = {} }.to_string()
+"{\n\t\"/\" = {\n\t}\n\t\"/var\" = {\n\t}\n}"
+<6> => DateTime(2016, 11, 25).to_string()
+"2016-11-25 00:00:00 +0100"
+```
 
 ### number <a id="global-functions-number"></a>
 
 Signature:
 
-    function number(value)
+```
+function number(value)
+```
 
 Converts the value to a number.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => number(false)
-    0.000000
-    <2> => number("78")
-    78.000000
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => number(false)
+0.000000
+<2> => number("78")
+78.000000
+```
 
 ### bool <a id="global-functions-bool"></a>
 
 Signature:
 
-    function bool(value)
+```
+function bool(value)
+```
 
 Converts the value to a bool.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => bool(1)
-    true
-    <2> => bool(0)
-    false
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => bool(1)
+true
+<2> => bool(0)
+false
+```
 
 ### random <a id="global-functions-random"></a>
 
 Signature:
 
-    function random()
+```
+function random()
+```
 
 Returns a random value between 0 and RAND\_MAX (as defined in stdlib.h).
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => random()
-    1263171996.000000
-    <2> => random()
-    108402530.000000
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => random()
+1263171996.000000
+<2> => random()
+108402530.000000
+```
 
 ### log <a id="global-functions-log"></a>
 
 Signature:
 
-    function log(value)
+```
+function log(value)
+```
 
 Writes a message to the log. Non-string values are converted to a JSON string.
 
 Signature:
 
-    function log(severity, facility, value)
+```
+function log(severity, facility, value)
+```
 
 Writes a message to the log. `severity` can be one of `LogDebug`, `LogNotice`,
 `LogInformation`, `LogWarning`, and `LogCritical`.
@@ -347,140 +401,188 @@ Non-string values are converted to a JSON string.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => log(LogCritical, "Console", "First line")
-    critical/Console: First line
-    null
-    <2> => var groups = [ "devs", "slack" ]
-    null
-    <3> => log(LogCritical, "Console", groups)
-    critical/Console: ["devs","slack"]
-    null
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => log(LogCritical, "Console", "First line")
+critical/Console: First line
+null
+<2> => var groups = [ "devs", "slack" ]
+null
+<3> => log(LogCritical, "Console", groups)
+critical/Console: ["devs","slack"]
+null
+```
 
 ### typeof <a id="global-functions-typeof"></a>
 
 Signature:
 
-    function typeof(value)
+```
+function typeof(value)
+```
 
 Returns the [Type](18-library-reference.md#type-type) object for a value.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => typeof(3) == Number
-    true
-    <2> => typeof("str") == String
-    true
-    <3> => typeof(true) == Boolean
-    true
-    <4> => typeof([ 1, 2, 3]) == Array
-    true
-    <5> => typeof({ a = 2, b = 3 }) == Dictionary
-    true
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => typeof(3) == Number
+true
+<2> => typeof("str") == String
+true
+<3> => typeof(true) == Boolean
+true
+<4> => typeof([ 1, 2, 3]) == Array
+true
+<5> => typeof({ a = 2, b = 3 }) == Dictionary
+true
+```
 
 ### get_time <a id="global-functions-get_time"></a>
 
 Signature:
 
-    function get_time()
+```
+function get_time()
+```
 
 Returns the current UNIX timestamp as floating point number.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => get_time()
-    1480072135.633008
-    <2> => get_time()
-    1480072140.401207
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => get_time()
+1480072135.633008
+<2> => get_time()
+1480072140.401207
+```
 
 ### parse_performance_data <a id="global-functions-parse_performance_data"></a>
 
 Signature:
 
-    function parse_performance_data(pd)
+```
+function parse_performance_data(pd)
+```
 
 Parses a performance data string and returns an array describing the values.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var pd = "'time'=1480074205.197363;;;"
-    null
-    <2> => parse_performance_data(pd)
-    {
-    	counter = false
-    	crit = null
-    	label = "time"
-    	max = null
-    	min = null
-    	type = "PerfdataValue"
-    	unit = ""
-    	value = 1480074205.197363
-    	warn = null
-    }
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var pd = "'time'=1480074205.197363;;;"
+null
+<2> => parse_performance_data(pd)
+{
+	counter = false
+	crit = null
+	label = "time"
+	max = null
+	min = null
+	type = "PerfdataValue"
+	unit = ""
+	value = 1480074205.197363
+	warn = null
+}
+```
+
+### getenv <a id="global-functions-getenv"></a>
+
+Signature:
+
+```
+function getenv(key)
+```
+
+Returns the value from the specified environment variable key.
+
+Example:
+
+```
+$ MY_ENV_VAR=icinga2 icinga2 console
+Icinga 2 (version: v2.11.0)
+Type $help to view available commands.
+<1> => getenv("MY_ENV_VAR")
+"icinga2"
+```
 
 ### dirname <a id="global-functions-dirname"></a>
 
 Signature:
 
-    function dirname(path)
+```
+function dirname(path)
+```
 
 Returns the directory portion of the specified path.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var path = "/etc/icinga2/scripts/xmpp-notification.pl"
-    null
-    <2> => dirname(path)
-    "/etc/icinga2/scripts"
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var path = "/etc/icinga2/scripts/xmpp-notification.pl"
+null
+<2> => dirname(path)
+"/etc/icinga2/scripts"
+```
 
 ### basename <a id="global-functions-basename"></a>
 
 Signature:
 
-    function basename(path)
+```
+function basename(path)
+```
 
 Returns the filename portion of the specified path.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var path = "/etc/icinga2/scripts/xmpp-notification.pl"
-    null
-    <2> => basename(path)
-    "xmpp-notification.pl"
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var path = "/etc/icinga2/scripts/xmpp-notification.pl"
+null
+<2> => basename(path)
+"xmpp-notification.pl"
+```
 
 ### path\_exists <a id="global-functions-path-exists"></a>
 
 Signature:
 
-    function path_exists(path)
+```
+function path_exists(path)
+```
 
 Returns true if the specified path exists, false otherwise.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var path = "/etc/icinga2/scripts/xmpp-notification.pl"
-    null
-    <2> => path_exists(path)
-    true
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var path = "/etc/icinga2/scripts/xmpp-notification.pl"
+null
+<2> => path_exists(path)
+true
+```
 
 ### glob <a id="global-functions-glob"></a>
 
 Signature:
 
-    function glob(pathSpec, type)
+```
+function glob(pathSpec, type)
+```
 
 Returns an array containing all paths which match the
 `pathSpec` argument.
@@ -489,18 +591,22 @@ The `type` argument is optional and specifies which types
 of paths are matched. This can be a combination of the `GlobFile`
 and `GlobDirectory` constants. The default value is `GlobFile | GlobDirectory`.
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var pathSpec = "/etc/icinga2/conf.d/*.conf"
-    null
-    <2> => glob(pathSpec)
-    [ "/etc/icinga2/conf.d/app.conf", "/etc/icinga2/conf.d/commands.conf", ... ]
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var pathSpec = "/etc/icinga2/conf.d/*.conf"
+null
+<2> => glob(pathSpec)
+[ "/etc/icinga2/conf.d/app.conf", "/etc/icinga2/conf.d/commands.conf", ... ]
+```
 
 ### glob\_recursive <a id="global-functions-glob-recursive"></a>
 
 Signature:
 
-    function glob_recursive(path, pattern, type)
+```
+function glob_recursive(path, pattern, type)
+```
 
 Recursively descends into the specified directory and returns an array containing
 all paths which match the `pattern` argument.
@@ -509,50 +615,62 @@ The `type` argument is optional and specifies which types
 of paths are matched. This can be a combination of the `GlobFile`
 and `GlobDirectory` constants. The default value is `GlobFile | GlobDirectory`.
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => var path = "/etc/icinga2/zones.d/"
-    null
-    <2> => var pattern = "*.conf"
-    null
-    <3> => glob_recursive(path, pattern)
-    [ "/etc/icinga2/zones.d/global-templates/templates.conf", "/etc/icinga2/zones.d/master/hosts.conf", ... ]
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => var path = "/etc/icinga2/zones.d/"
+null
+<2> => var pattern = "*.conf"
+null
+<3> => glob_recursive(path, pattern)
+[ "/etc/icinga2/zones.d/global-templates/templates.conf", "/etc/icinga2/zones.d/master/hosts.conf", ... ]
+```
 
 ### escape_shell_arg <a id="global-functions-escape_shell_arg"></a>
 
 Signature:
 
-    function escape_shell_arg(text)
+```
+function escape_shell_arg(text)
+```
 
 Escapes a string for use as a single shell argument.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => escape_shell_arg("'$host.name$' '$service.name$'")
-    "''\\''$host.name$'\\'' '\\''$service.name$'\\'''"
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => escape_shell_arg("'$host.name$' '$service.name$'")
+"''\\''$host.name$'\\'' '\\''$service.name$'\\'''"
+```
 
 ### escape_shell_cmd <a id="global-functions-escape_shell_cmd"></a>
 
 Signature:
 
-    function escape_shell_cmd(text)
+```
+function escape_shell_cmd(text)
+```
 
 Escapes shell meta characters in a string.
 
 Example:
 
-    $ icinga2 console
-    Icinga 2 (version: v2.7.0)
-    <1> => escape_shell_cmd("/bin/echo 'shell test' $ENV")
-    "/bin/echo 'shell test' \\$ENV"
+```
+$ icinga2 console
+Icinga 2 (version: v2.11.0)
+<1> => escape_shell_cmd("/bin/echo 'shell test' $ENV")
+"/bin/echo 'shell test' \\$ENV"
+```
 
 ### escape_create_process_arg <a id="global-functions-escape_create_process_arg"></a>
 
 Signature:
 
-    function escape_create_process_arg(text)
+```
+function escape_create_process_arg(text)
+```
 
 Escapes a string for use as an argument for CreateProcess(). Windows only.
 
@@ -560,7 +678,9 @@ Escapes a string for use as an argument for CreateProcess(). Windows only.
 
 Signature:
 
-    function sleep(interval)
+```
+function sleep(interval)
+```
 
 Sleeps for the specified amount of time (in seconds).
 
@@ -584,10 +704,10 @@ The returned value depends on the attribute value which is resolved
 from the specified runtime macro.
 
 This function is only available in runtime evaluated functions, e.g.
-for [custom attributes](03-monitoring-basics.md#custom-attributes-functions) which
+for [custom variables](03-monitoring-basics.md#custom-variables-functions) which
 use the [abbreviated lambda syntax](17-language-reference.md#nullary-lambdas).
 
-This example sets the `snmp_address` custom attribute
+This example sets the `snmp_address` custom variable
 based on `$address$` and `$address6$`.
 
 ```
@@ -614,7 +734,9 @@ These functions can be used to retrieve a reference to another object by name.
 
 Signature:
 
-    function get_check_command(name);
+```
+function get_check_command(name);
+```
 
 Returns the CheckCommand object with the specified name, or `null` if no such CheckCommand object exists.
 
@@ -622,7 +744,9 @@ Returns the CheckCommand object with the specified name, or `null` if no such Ch
 
 Signature:
 
-    function get_event_command(name);
+```
+function get_event_command(name);
+```
 
 Returns the EventCommand object with the specified name, or `null` if no such EventCommand object exists.
 
@@ -630,7 +754,9 @@ Returns the EventCommand object with the specified name, or `null` if no such Ev
 
 Signature:
 
-    function get_notification_command(name);
+```
+function get_notification_command(name);
+```
 
 Returns the NotificationCommand object with the specified name, or `null` if no such NotificationCommand object exists.
 
@@ -638,7 +764,9 @@ Returns the NotificationCommand object with the specified name, or `null` if no
 
 Signature:
 
-    function get_host(host_name);
+```
+function get_host(host_name);
+```
 
 Returns the Host object with the specified name, or `null` if no such Host object exists.
 
@@ -647,8 +775,10 @@ Returns the Host object with the specified name, or `null` if no such Host objec
 
 Signature:
 
-    function get_service(host_name, service_name);
-    function get_service(host, service_name);
+```
+function get_service(host_name, service_name);
+function get_service(host, service_name);
+```
 
 Returns the Service object with the specified host name or object and service name pair,
 or `null` if no such Service object exists.
@@ -658,7 +788,7 @@ which fetches the `disk` service object from the current Icinga 2 node:
 
 ```
 $ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/'
-Icinga 2 (version: v2.7.0)
+Icinga 2 (version: v2.11.0)
 
 <1> => get_service(NodeName, "disk")
 <2> => get_service(NodeName, "disk").__name
@@ -672,8 +802,10 @@ Icinga 2 (version: v2.7.0)
 
 Signature:
 
-    function get_services(host_name);
-    function get_services(host);
+```
+function get_services(host_name);
+function get_services(host);
+```
 
 Returns an [array](17-language-reference.md#array) of service objects for the specified host name or object,
 or `null` if no such host object exists.
@@ -683,7 +815,7 @@ which fetches all service objects from the current Icinga 2 node:
 
 ```
 $ ICINGA2_API_PASSWORD=icinga icinga2 console --connect 'https://root@localhost:5665/'
-Icinga 2 (version: v2.7.0)
+Icinga 2 (version: v2.11.0)
 
 <1> => get_services(NodeName).map(s => s.name)
 [ "disk", "disk /", "http", "icinga", "load", "ping4", "ping6", "procs", "ssh", "users" ]
@@ -704,7 +836,9 @@ in using the [map](18-library-reference.md#array-map) functionality:
 
 Signature:
 
-    function get_user(name);
+```
+function get_user(name);
+```
 
 Returns the User object with the specified name, or `null` if no such User object exists.
 
@@ -712,7 +846,9 @@ Returns the User object with the specified name, or `null` if no such User objec
 
 Signature:
 
-    function get_host_group(name);
+```
+function get_host_group(name);
+```
 
 Returns the HostGroup object with the specified name, or `null` if no such HostGroup object exists.
 
@@ -721,7 +857,9 @@ Returns the HostGroup object with the specified name, or `null` if no such HostG
 
 Signature:
 
-    function get_service_group(name);
+```
+function get_service_group(name);
+```
 
 Returns the ServiceGroup object with the specified name, or `null` if no such ServiceGroup object exists.
 
@@ -729,7 +867,9 @@ Returns the ServiceGroup object with the specified name, or `null` if no such Se
 
 Signature:
 
-    function get_user_group(name);
+```
+function get_user_group(name);
+```
 
 Returns the UserGroup object with the specified name, or `null` if no such UserGroup object exists.
 
@@ -738,7 +878,9 @@ Returns the UserGroup object with the specified name, or `null` if no such UserG
 
 Signature:
 
-    function get_time_period(name);
+```
+function get_time_period(name);
+```
 
 Returns the TimePeriod object with the specified name, or `null` if no such TimePeriod object exists.
 
@@ -747,7 +889,9 @@ Returns the TimePeriod object with the specified name, or `null` if no such Time
 
 Signature:
 
-    function get_object(type, name);
+```
+function get_object(type, name);
+```
 
 Returns the object with the specified type and name, or `null` if no such object exists. `type` must refer
 to a type object.
@@ -757,7 +901,9 @@ to a type object.
 
 Signature:
 
-    function get_objects(type);
+```
+function get_objects(type);
+```
 
 Returns an array of objects whose type matches the specified type. `type` must refer
 to a type object.
@@ -800,7 +946,9 @@ Square root of 2.
 
 Signature:
 
-    function abs(x);
+```
+function abs(x);
+```
 
 Returns the absolute value of `x`.
 
@@ -808,7 +956,9 @@ Returns the absolute value of `x`.
 
 Signature:
 
-    function acos(x);
+```
+function acos(x);
+```
 
 Returns the arccosine of `x`.
 
@@ -816,7 +966,9 @@ Returns the arccosine of `x`.
 
 Signature:
 
-    function asin(x);
+```
+function asin(x);
+```
 
 Returns the arcsine of `x`.
 
@@ -824,7 +976,9 @@ Returns the arcsine of `x`.
 
 Signature:
 
-    function atan(x);
+```
+function atan(x);
+```
 
 Returns the arctangent of `x`.
 
@@ -832,15 +986,18 @@ Returns the arctangent of `x`.
 
 Signature:
 
-    function atan2(y, x);
-
+```
+function atan2(y, x);
+```
 Returns the arctangent of the quotient of `y` and `x`.
 
 ### Math.ceil <a id="math-ceil"></a>
 
 Signature:
 
-    function ceil(x);
+```
+function ceil(x);
+```
 
 Returns the smallest integer value not less than `x`.
 
@@ -848,7 +1005,9 @@ Returns the smallest integer value not less than `x`.
 
 Signature:
 
-    function cos(x);
+```
+function cos(x);
+```
 
 Returns the cosine of `x`.
 
@@ -856,7 +1015,9 @@ Returns the cosine of `x`.
 
 Signature:
 
-    function exp(x);
+```
+function exp(x);
+```
 
 Returns E raised to the `x`th power.
 
@@ -864,7 +1025,9 @@ Returns E raised to the `x`th power.
 
 Signature:
 
-    function floor(x);
+```
+function floor(x);
+```
 
 Returns the largest integer value not greater than `x`.
 
@@ -872,7 +1035,9 @@ Returns the largest integer value not greater than `x`.
 
 Signature:
 
-    function isinf(x);
+```
+function isinf(x);
+```
 
 Returns whether `x` is infinite.
 
@@ -880,7 +1045,9 @@ Returns whether `x` is infinite.
 
 Signature:
 
-    function isnan(x);
+```
+function isnan(x);
+```
 
 Returns whether `x` is NaN (not-a-number).
 
@@ -888,7 +1055,9 @@ Returns whether `x` is NaN (not-a-number).
 
 Signature:
 
-    function log(x);
+```
+function log(x);
+```
 
 Returns the natural logarithm of `x`.
 
@@ -896,7 +1065,9 @@ Returns the natural logarithm of `x`.
 
 Signature:
 
-    function max(...);
+```
+function max(...);
+```
 
 Returns the largest argument. A variable number of arguments can be specified.
 If no arguments are given, -Infinity is returned.
@@ -905,7 +1076,9 @@ If no arguments are given, -Infinity is returned.
 
 Signature:
 
-    function min(...);
+```
+function min(...);
+```
 
 Returns the smallest argument. A variable number of arguments can be specified.
 If no arguments are given, +Infinity is returned.
@@ -914,7 +1087,9 @@ If no arguments are given, +Infinity is returned.
 
 Signature:
 
-    function pow(x, y);
+```
+function pow(x, y);
+```
 
 Returns `x` raised to the `y`th power.
 
@@ -922,7 +1097,9 @@ Returns `x` raised to the `y`th power.
 
 Signature:
 
-    function random();
+```
+function random();
+```
 
 Returns a pseudo-random number between 0 and 1.
 
@@ -930,7 +1107,9 @@ Returns a pseudo-random number between 0 and 1.
 
 Signature:
 
-    function round(x);
+```
+function round(x);
+```
 
 Returns `x` rounded to the nearest integer value.
 
@@ -938,7 +1117,9 @@ Returns `x` rounded to the nearest integer value.
 
 Signature:
 
-    function sign(x);
+```
+function sign(x);
+```
 
 Returns -1 if `x` is negative, 1 if `x` is positive
 and 0 if `x` is 0.
@@ -947,7 +1128,9 @@ and 0 if `x` is 0.
 
 Signature:
 
-    function sin(x);
+```
+function sin(x);
+```
 
 Returns the sine of `x`.
 
@@ -955,7 +1138,9 @@ Returns the sine of `x`.
 
 Signature:
 
-    function sqrt(x);
+```
+function sqrt(x);
+```
 
 Returns the square root of `x`.
 
@@ -963,7 +1148,9 @@ Returns the square root of `x`.
 
 Signature:
 
-    function tan(x);
+```
+function tan(x);
+```
 
 Returns the tangent of `x`.
 
@@ -975,7 +1162,9 @@ The global `Json` object can be used to encode and decode JSON.
 
 Signature:
 
-    function encode(x);
+```
+function encode(x);
+```
 
 Encodes an arbitrary value into JSON.
 
@@ -983,7 +1172,9 @@ Encodes an arbitrary value into JSON.
 
 Signature:
 
-    function decode(x);
+```
+function decode(x);
+```
 
 Decodes a JSON string.
 
@@ -993,14 +1184,18 @@ Decodes a JSON string.
 
 Signature:
 
-    function to_string();
+```
+function to_string();
+```
 
 The `to_string` method returns a string representation of the number.
 
 Example:
 
-    var example = 7
+```
+var example = 7
 	example.to_string() /* Returns "7" */
+```
 
 ## Boolean type <a id="boolean-type"></a>
 
@@ -1008,14 +1203,18 @@ Example:
 
 Signature:
 
-    function to_string();
+```
+function to_string();
+```
 
 The `to_string` method returns a string representation of the boolean value.
 
 Example:
 
-    var example = true
+```
+var example = true
 	example.to_string() /* Returns "true" */
+```
 
 ## String type <a id="string-type"></a>
 
@@ -1023,7 +1222,9 @@ Example:
 
 Signature:
 
-    function find(str, start);
+```
+function find(str, start);
+```
 
 Returns the zero-based index at which the string `str` was found in the string. If the string
 was not found, -1 is returned. `start` specifies the zero-based index at which `find` should
@@ -1031,13 +1232,17 @@ start looking for the string (defaults to 0 when not specified).
 
 Example:
 
-    "Hello World".find("World") /* Returns 6 */
+```
+"Hello World".find("World") /* Returns 6 */
+```
 
 ### String#contains <a id="string-contains"></a>
 
 Signature:
 
-    function contains(str);
+```
+function contains(str);
+```
 
 Returns `true` if the string `str` was found in the string. If the string
 was not found, `false` is returned. Use [find](18-library-reference.md#string-find)
@@ -1045,50 +1250,66 @@ for getting the index instead.
 
 Example:
 
-    "Hello World".contains("World") /* Returns true */
+```
+"Hello World".contains("World") /* Returns true */
+```
 
 ### String#len <a id="string-len"></a>
 
 Signature
 
-    function len();
+```
+function len();
+```
 
 Returns the length of the string in bytes. Note that depending on the encoding type of the string
 this is not necessarily the number of characters.
 
 Example:
 
-    "Hello World".len() /* Returns 11 */
+```
+"Hello World".len() /* Returns 11 */
+```
 
 ### String#lower <a id="string-lower"></a>
 
 Signature:
 
-    function lower();
+```
+function lower();
+```
 
 Returns a copy of the string with all of its characters converted to lower-case.
 
 Example:
 
-    "Hello World".lower() /* Returns "hello world" */
+```
+"Hello World".lower() /* Returns "hello world" */
+```
 
 ### String#upper <a id="string-upper"></a>
 
 Signature:
 
-    function upper();
+```
+function upper();
+```
 
 Returns a copy of the string with all of its characters converted to upper-case.
 
 Example:
 
-    "Hello World".upper() /* Returns "HELLO WORLD" */
+```
+"Hello World".upper() /* Returns "HELLO WORLD" */
+```
 
 ### String#replace <a id="string-replace"></a>
 
 Signature:
 
-    function replace(search, replacement);
+```
+function replace(search, replacement);
+```
 
 Returns a copy of the string with all occurences of the string specified in `search` replaced
 with the string specified in `replacement`.
@@ -1097,33 +1318,43 @@ with the string specified in `replacement`.
 
 Signature:
 
-    function split(delimiters);
+```
+function split(delimiters);
+```
 
 Splits a string into individual parts and returns them as an array. The `delimiters` argument
 specifies the characters which should be used as delimiters between parts.
 
 Example:
 
-    "x-7,y".split("-,") /* Returns [ "x", "7", "y" ] */
+```
+"x-7,y".split("-,") /* Returns [ "x", "7", "y" ] */
+```
 
 ### String#substr <a id="string-substr"></a>
 
 Signature:
 
-    function substr(start, len);
+```
+function substr(start, len);
+```
 
 Returns a part of a string. The `start` argument specifies the zero-based index at which the part begins.
 The optional `len` argument specifies the length of the part ("until the end of the string" if omitted).
 
 Example:
 
-    "Hello World".substr(6) /* Returns "World" */
+```
+"Hello World".substr(6) /* Returns "World" */
+```
 
 ### String#to_string <a id="string-to_string"></a>
 
 Signature:
 
-    function to_string();
+```
+function to_string();
+```
 
 Returns a copy of the string.
 
@@ -1131,7 +1362,9 @@ Returns a copy of the string.
 
 Signature:
 
-    function reverse();
+```
+function reverse();
+```
 
 Returns a copy of the string in reverse order.
 
@@ -1139,7 +1372,9 @@ Returns a copy of the string in reverse order.
 
 Signature:
 
-    function trim();
+```
+function trim();
+```
 
 Removes trailing whitespaces and returns the string.
 
@@ -1151,7 +1386,9 @@ This is the base type for all types in the Icinga application.
 
 Signature:
 
-     function clone();
+```
+ function clone();
+```
 
 Returns a copy of the object. Note that for object elements which are
 reference values (e.g. objects such as arrays or dictionaries) the entire
@@ -1161,7 +1398,9 @@ object is recursively copied.
 
 Signature:
 
-    function to_string();
+```
+function to_string();
+```
 
 Returns a string representation for the object. Unless overridden this returns a string
 of the format "Object of type '<typename>'" where <typename> is the name of the
@@ -1169,19 +1408,23 @@ object's type.
 
 Example:
 
-    [ 3, true ].to_string() /* Returns "[ 3.000000, true ]" */
+```
+[ 3, true ].to_string() /* Returns "[ 3.000000, true ]" */
+```
 
 ### Object#type <a id="object-type-field"></a>
 
 Signature:
 
-    String type;
+String type;
 
 Returns the object's type name. This attribute is read-only.
 
 Example:
 
-    get_host("localhost").type /* Returns "Host" */
+```
+get_host("localhost").type /* Returns "Host" */
+```
 
 ## Type type <a id="type-type"></a>
 
@@ -1195,19 +1438,25 @@ All types are registered as global variables. For example, in order to obtain a
 
 Signature:
 
-    Type base;
+```
+Type base;
+```
 
 Returns a reference to the type's base type. This attribute is read-only.
 
 Example:
 
-    Dictionary.base == Object /* Returns true, because the Dictionary type inherits directly from the Object type. */
+```
+Dictionary.base == Object /* Returns true, because the Dictionary type inherits directly from the Object type. */
+```
 
 ### Type#name <a id="type-name"></a>
 
 Signature:
 
-    String name;
+```
+String name;
+```
 
 Returns the name of the type.
 
@@ -1215,7 +1464,9 @@ Returns the name of the type.
 
 Signature:
 
-    Object prototype;
+```
+Object prototype;
+```
 
 Returns the prototype object for the type. When an attribute is accessed on an object that doesn't exist the prototype object is checked to see if an attribute with the requested name exists. If it does, the attribute's value is returned.
 
@@ -1223,7 +1474,9 @@ The prototype functionality is used to implement methods.
 
 Example:
 
-    3.to_string() /* Even though '3' does not have a to_string property the Number type's prototype object does. */
+```
+3.to_string() /* Even though '3' does not have a to_string property the Number type's prototype object does. */
+```
 
 ## Array type <a id="array-type"></a>
 
@@ -1233,7 +1486,9 @@ Inherits methods from the [Object type](18-library-reference.md#object-type).
 
 Signature:
 
-    function add(value);
+```
+function add(value);
+```
 
 Adds a new value after the last element in the array.
 
@@ -1241,13 +1496,17 @@ Adds a new value after the last element in the array.
 
 Signature:
 
-    function clear();
+```
+function clear();
+```
 
 Removes all elements from the array.
 
 ### Array#shallow_clone <a id="array-shallow-clone"></a>
 
-    function shallow_clone();
+```
+function shallow_clone();
+```
 
 Returns a copy of the array. Note that for elements which are reference values (e.g. objects such
 as arrays and dictionaries) only the references are copied.
@@ -1256,7 +1515,9 @@ as arrays and dictionaries) only the references are copied.
 
 Signature:
 
-    function contains(value);
+```
+function contains(value);
+```
 
 Returns true if the array contains the specified value, false otherwise.
 
@@ -1264,7 +1525,9 @@ Returns true if the array contains the specified value, false otherwise.
 
 Signature:
 
-    function freeze()
+```
+function freeze()
+```
 
 Disallows further modifications to this array. Trying to modify the array will result in an exception.
 
@@ -1272,7 +1535,9 @@ Disallows further modifications to this array. Trying to modify the array will r
 
 Signature:
 
-    function len();
+```
+function len();
+```
 
 Returns the number of elements contained in the array.
 
@@ -1280,7 +1545,9 @@ Returns the number of elements contained in the array.
 
 Signature:
 
-    function remove(index);
+```
+function remove(index);
+```
 
 Removes the element at the specified zero-based index.
 
@@ -1288,7 +1555,9 @@ Removes the element at the specified zero-based index.
 
 Signature:
 
-    function set(index, value);
+```
+function set(index, value);
+```
 
 Sets the element at the zero-based index to the specified value. The `index` must refer to an element
 which already exists in the array.
@@ -1297,7 +1566,9 @@ which already exists in the array.
 
 Signature:
 
-    function get(index);
+```
+function get(index);
+```
 
 Retrieves the element at the specified zero-based index.
 
@@ -1305,7 +1576,9 @@ Retrieves the element at the specified zero-based index.
 
 Signature:
 
-    function sort(less_cmp);
+```
+function sort(less_cmp);
+```
 
 Returns a copy of the array where all items are sorted. The items are
 compared using the `<` (less-than) operator. A custom comparator function
@@ -1315,7 +1588,9 @@ can be specified with the `less_cmp` argument.
 
 Signature:
 
-    function join(separator);
+```
+function join(separator);
+```
 
 Joins all elements of the array using the specified separator.
 
@@ -1323,7 +1598,9 @@ Joins all elements of the array using the specified separator.
 
 Signature:
 
-    function reverse();
+```
+function reverse();
+```
 
 Returns a new array with all elements of the current array in reverse order.
 
@@ -1331,7 +1608,9 @@ Returns a new array with all elements of the current array in reverse order.
 
 Signature:
 
-    function map(func);
+```
+function map(func);
+```
 
 Calls `func(element)` for each of the elements in the array and returns
 a new array containing the return values of these function calls.
@@ -1340,7 +1619,9 @@ a new array containing the return values of these function calls.
 
 Signature:
 
-    function reduce(func);
+```
+function reduce(func);
+```
 
 Reduces the elements of the array into a single value by calling the provided
 function `func` as `func(a, b)` repeatedly where `a` and `b` are elements of the array
@@ -1350,7 +1631,9 @@ or results from previous function calls.
 
 Signature:
 
-    function filter(func);
+```
+function filter(func);
+```
 
 Returns a copy of the array containing only the elements for which `func(element)`
 is true.
@@ -1359,7 +1642,9 @@ is true.
 
 Signature:
 
-    function any(func);
+```
+function any(func);
+```
 
 Returns true if the array contains at least one element for which `func(element)`
 is true, false otherwise.
@@ -1368,7 +1653,9 @@ is true, false otherwise.
 
 Signature:
 
-    function all(func);
+```
+function all(func);
+```
 
 Returns true if the array contains only elements for which `func(element)`
 is true, false otherwise.
@@ -1377,7 +1664,9 @@ is true, false otherwise.
 
 Signature:
 
-    function unique();
+```
+function unique();
+```
 
 Returns a copy of the array with all duplicate elements removed. The original order
 of the array is not preserved.
@@ -1390,7 +1679,9 @@ Inherits methods from the [Object type](18-library-reference.md#object-type).
 
 Signature:
 
-    function shallow_clone();
+```
+function shallow_clone();
+```
 
 Returns a copy of the dictionary. Note that for elements which are reference values (e.g. objects such
 as arrays and dictionaries) only the references are copied.
@@ -1399,7 +1690,9 @@ as arrays and dictionaries) only the references are copied.
 
 Signature:
 
-    function contains(key);
+```
+function contains(key);
+```
 
 Returns true if a dictionary item with the specified `key` exists, false otherwise.
 
@@ -1407,7 +1700,9 @@ Returns true if a dictionary item with the specified `key` exists, false otherwi
 
 Signature:
 
-    function freeze()
+```
+function freeze()
+```
 
 Disallows further modifications to this dictionary. Trying to modify the dictionary will result in an exception.
 
@@ -1415,7 +1710,9 @@ Disallows further modifications to this dictionary. Trying to modify the diction
 
 Signature:
 
-    function len();
+```
+function len();
+```
 
 Returns the number of items contained in the dictionary.
 
@@ -1423,16 +1720,30 @@ Returns the number of items contained in the dictionary.
 
 Signature:
 
-    function remove(key);
+```
+function remove(key);
+```
 
 Removes the item with the specified `key`. Trying to remove an item which does not exist
 is a no-op.
 
+### Dictionary#clear <a id="dictionary-clear"></a>
+
+Signature:
+
+```
+function clear();
+```
+
+Removes all items from the dictionary.
+
 ### Dictionary#set <a id="dictionary-set"></a>
 
 Signature:
 
-    function set(key, value);
+```
+function set(key, value);
+```
 
 Creates or updates an item with the specified `key` and `value`.
 
@@ -1440,7 +1751,9 @@ Creates or updates an item with the specified `key` and `value`.
 
 Signature:
 
-    function get(key);
+```
+function get(key);
+```
 
 Retrieves the value for the specified `key`. Returns `null` if they `key` does not exist
 in the dictionary.
@@ -1449,7 +1762,9 @@ in the dictionary.
 
 Signature:
 
-    function keys();
+```
+function keys();
+```
 
 Returns a list of keys for all items that are currently in the dictionary.
 
@@ -1457,7 +1772,9 @@ Returns a list of keys for all items that are currently in the dictionary.
 
 Signature:
 
-    function values();
+```
+function values();
+```
 
 Returns a list of values for all items that are currently in the dictionary.
 
@@ -1469,41 +1786,49 @@ Inherits methods from the [Object type](18-library-reference.md#object-type).
 
 Signature:
 
-    function call(thisArg, ...);
+```
+function call(thisArg, ...);
+```
 
 Invokes the function using an alternative `this` scope. The `thisArg` argument specifies the `this`
 scope for the function. All other arguments are passed directly to the function.
 
 Example:
 
-    function set_x(val) {
-	  this.x = val
-	}
+```
+function set_x(val) {
+  this.x = val
+}
 	
-	dict = {}
+dict = {}
 	
-	set_x.call(dict, 7) /* Invokes set_x using `dict` as `this` */
+set_x.call(dict, 7) /* Invokes set_x using `dict` as `this` */
+```
 
 ### Function#callv <a id="scriptfunction-callv"></a>
 
 Signature:
 
-    function callv(thisArg, args);
+```
+function callv(thisArg, args);
+```
 
 Invokes the function using an alternative `this` scope. The `thisArg` argument specifies the `this`
 scope for the function. The items in the `args` array are passed to the function as individual arguments.
 
 Example:
 
-    function set_x(val) {
-	  this.x = val
-	}
+```
+function set_x(val) {
+  this.x = val
+}
 	
-	var dict = {}
+var dict = {}
 
-	var args = [ 7 ]
+var args = [ 7 ]
 
-	set_x.callv(dict, args) /* Invokes set_x using `dict` as `this` */
+set_x.callv(dict, args) /* Invokes set_x using `dict` as `this` */
+```
 
 ## DateTime type <a id="datetime-type"></a>
 
@@ -1513,18 +1838,22 @@ Inherits methods from the [Object type](18-library-reference.md#object-type).
 
 Signature:
 
-    function DateTime()
-    function DateTime(unixTimestamp)
-    function DateTime(year, month, day)
-    function DateTime(year, month, day, hours, minutes, seconds)
+```
+function DateTime()
+function DateTime(unixTimestamp)
+function DateTime(year, month, day)
+function DateTime(year, month, day, hours, minutes, seconds)
+```
 
 Constructs a new DateTime object. When no arguments are specified for the constructor a new
 DateTime object representing the current time is created.
 
 Example:
 
-    var d1 = DateTime() /* current time */
-    var d2 = DateTime(2016, 5, 21) /* midnight April 21st, 2016 (local time) */
+```
+var d1 = DateTime() /* current time */
+var d2 = DateTime(2016, 5, 21) /* midnight April 21st, 2016 (local time) */
+```
 
 ### DateTime arithmetic <a id="datetime-arithmetic"></a>
 
@@ -1532,41 +1861,55 @@ Subtracting two DateTime objects yields the interval between them, in seconds.
 
 Example:
 
-    var delta = DateTime() - DateTime(2016, 5, 21) /* seconds since midnight April 21st, 2016 */
+```
+var delta = DateTime() - DateTime(2016, 5, 21) /* seconds since midnight April 21st, 2016 */
+```
 
 Subtracting a number from a DateTime object yields a new DateTime object that is further in the past:
 
 Example:
 
-    var dt = DateTime() - 2 * 60 * 60 /* Current time minus 2 hours */
+```
+var dt = DateTime() - 2 * 60 * 60 /* Current time minus 2 hours */
+```
 
 Adding a number to a DateTime object yields a new DateTime object that is in the future:
 
 Example:
 
-    var dt = DateTime() + 24 * 60 60 /* Current time plus 24 hours */
+```
+var dt = DateTime() + 24 * 60 * 60 /* Current time plus 24 hours */
+```
 
 ### DateTime#format <a id="datetime-format"></a>
 
 Signature:
 
-    function format(fmt)
+```
+function format(fmt)
+```
 
 Returns a string representation for the DateTime object using the specified format string.
 The format string may contain format conversion placeholders as specified in strftime(3).
 
 Example:
 
-    var s = DateTime(2016, 4, 21).format("%A") /* Sets s to "Thursday". */
+```
+var s = DateTime(2016, 4, 21).format("%A") /* Sets s to "Thursday". */
+```
 
 ### DateTime#to_string <a id="datetime-tostring"></a>
 
 Signature:
 
-    function to_string()
+```
+function to_string()
+```
 
 Returns a string representation for the DateTime object. Uses a suitable default format.
 
 Example:
 
-    var s = DateTime(2016, 4, 21).to_string() /* Sets s to "2016-04-21 00:00:00 +0200". */
+```
+var s = DateTime(2016, 4, 21).to_string() /* Sets s to "2016-04-21 00:00:00 +0200". */
+```
diff --git a/doc/19-technical-concepts.md b/doc/19-technical-concepts.md
index 1932a6097..6b1718773 100644
--- a/doc/19-technical-concepts.md
+++ b/doc/19-technical-concepts.md
@@ -1,19 +1,223 @@
 # Technical Concepts <a id="technical-concepts"></a>
 
-This chapter provides insights into specific Icinga 2
-components, libraries, features and any other technical concept
-and design.
+This chapter provides technical concepts and design insights
+into specific Icinga 2 components such as:
+
+* [Application](19-technical-concepts.md#technical-concepts-application)
+* [Configuration](19-technical-concepts.md#technical-concepts-configuration)
+* [Features](19-technical-concepts.md#technical-concepts-features)
+* [Check Scheduler](19-technical-concepts.md#technical-concepts-check-scheduler)
+* [Checks](19-technical-concepts.md#technical-concepts-checks)
+* [Cluster](19-technical-concepts.md#technical-concepts-cluster)
+* [TLS Network IO](19-technical-concepts.md#technical-concepts-tls-network-io)
 
-<!--
 ## Application <a id="technical-concepts-application"></a>
 
-### Libraries <a id="technical-concepts-application-libraries"></a>
+### CLI Commands <a id="technical-concepts-application-cli-commands"></a>
 
+The Icinga 2 application is managed with different CLI sub commands.
+`daemon` takes care about loading the configuration files, running the
+application as daemon, etc.
+Other sub commands allow to enable features, generate and request
+TLS certificates or enter the debug console.
+
+The main entry point for each CLI command parses the command line
+parameters and then triggers the required actions.
+
+### daemon CLI command <a id="technical-concepts-application-cli-commands-daemon"></a>
+
+This CLI command loads the configuration files, starting with `icinga2.conf`.
+The [configuration compiler](19-technical-concepts.md#technical-concepts-configuration) parses the
+file and detects additional file includes, constants, and any other DSL
+specific declaration.
+
+At this stage, the configuration will already be checked against the
+defined grammar in the scanner, and custom object validators will also be
+checked.
+
+If the user provided `-C/--validate`, the CLI command returns with the
+validation exit code.
+
+When running as daemon, additional parameters are checked, e.g. whether
+this application was triggered by a reload, needs to daemonize with fork()
+involved and update the object's authority. The latter is important for
+HA-enabled cluster zones.
 
 ## Configuration <a id="technical-concepts-configuration"></a>
 
+### Lexer <a id="technical-concepts-configuration-lexer"></a>
+
+The lexer stage does not understand the DSL itself, it only
+maps specific character sequences into identifiers.
+
+This allows Icinga to detect the beginning of a string with `"`,
+reading the following characters and determining the end of the
+string with again `"`.
+
+Other parts covered by the lexer a escape sequences insides a string,
+e.g. `"\"abc"`.
+
+The lexer also identifiers logical operators, e.g. `&` or `in`,
+specific keywords like `object`, `import`, etc. and comment blocks.
+
+Please check `lib/config/config_lexer.ll` for details.
+
+Icinga uses [Flex](https://github.com/westes/flex) in the first stage.
+
+> Flex (The Fast Lexical Analyzer)
+>
+> Flex is a fast lexical analyser generator. It is a tool for generating programs
+> that perform pattern-matching on text. Flex is a free (but non-GNU) implementation
+> of the original Unix lex program.
+
+### Parser <a id="technical-concepts-configuration-parser"></a>
+
+The parser stage puts the identifiers from the lexer into more
+context with flow control and sequences.
+
+The following comparison is parsed into a left term, an operator
+and a right term.
+
+```
+x > 5
+```
+
+The DSL contains many elements which require a specific order,
+and sometimes only a left term for example.
+
+The parser also takes care of parsing an object declaration for
+example. It already knows from the lexer that `object` marks the
+beginning of an object. It then expects a type string afterwards,
+and the object name - which can be either a string with double quotes
+or a previously defined constant.
+
+An opening bracket `{` in this specific context starts the object
+scope, which also is stored for later scope specific variable access.
+
+If there's an apply rule defined, this follows the same principle.
+The config parser detects the scope of an apply rule and generates
+Icinga 2 C++ code for the parsed string tokens.
+
+```
+assign where host.vars.sla == "24x7"
+```
+
+is parsed into an assign token identifier, and the string expression
+is compiled into a new `ApplyExpression` object.
+
+The flow control inside the parser ensures that for example `ignore where`
+can only be defined when a previous `assign where` was given - or when
+inside an apply for rule.
+
+Another example are specific object types which allow assign expression,
+specifically group objects. Others objects must throw a configuration error.
+
+Please check `lib/config/config_parser.yy` for more details,
+and the [language reference](17-language-reference.md#language-reference) chapter for
+documented DSL keywords and sequences.
+
+> Icinga uses [Bison](https://en.wikipedia.org/wiki/GNU_bison) as parser generator
+> which reads a specification of a context-free language, warns about any parsing
+> ambiguities, and generates a parser in C++ which reads sequences of tokens and
+> decides whether the sequence conforms to the syntax specified by the grammar.
+
+
 ### Compiler <a id="technical-concepts-configuration-compiler"></a>
--->
+
+The config compiler initializes the scanner inside the [lexer](19-technical-concepts.md#technical-concepts-configuration-lexer)
+stage.
+
+The configuration files are parsed into memory from inside the [daemon CLI command](19-technical-concepts.md#technical-concepts-application-cli-commands-daemon)
+which invokes the config validation in `ValidateConfigFiles()`. This compiles the
+files into an AST expression which is executed.
+
+At this stage, the expressions generate so-called "config items" which
+are a pre-stage of the later compiled object.
+
+`ConfigItem::CommitItems` takes care of committing the items, and doing a
+rollback on failure. It also checks against matching apply rules from the previous run
+and generates statistics about the objects which can be seen by the config validation.
+
+`ConfigItem::CommitNewItems` collects the registered types and items,
+and checks for a specific required order, e.g. a service object needs
+a host object first.
+
+The following stages happen then:
+
+- **Commit**: A workqueue then commits the items in a parallel fashion for this specific type. The object gets its name, and the AST expression is executed. It is then registered into the item into `m_Object` as reference.
+- **OnAllConfigLoaded**: Special signal for each object to pre-load required object attributes, resolve group membership, initialize functions and timers.
+- **CreateChildObjects**: Run apply rules for this specific type.
+- **CommitNewItems**: Apply rules may generate new config items, this is to ensure that they again run through the stages.
+
+Note that the items are now committed and the configuration is validated and loaded
+into memory. The final config objects are not yet activated though.
+
+This only happens after the validation, when the application is about to be run
+with `ConfigItem::ActivateItems`.
+
+Each item has an object created in `m_Object` which is checked in a loop.
+Again, the dependency order of activated objects is important here, e.g. logger features come first, then
+config objects and last the checker, api, etc. features. This is done by sorting the objects
+based on their type specific activation priority.
+
+The following signals are triggered in the stages:
+
+- **PreActivate**: Setting the `active` flag for the config object.
+- **Activate**: Calls `Start()` on the object, sets the local HA authority and notifies subscribers that this object is now activated (e.g. for config updates in the DB backend).
+
+
+### References <a id="technical-concepts-configuration-references"></a>
+
+* [The Icinga Config Compiler: An Overview](https://www.netways.de/blog/2018/07/12/the-icinga-config-compiler-an-overview/)
+* [A parser/lexer/compiler for the Leonardo language](https://github.com/EmilGedda/Leonardo)
+* [I wrote a programming language. Here’s how you can, too.](https://medium.freecodecamp.org/the-programming-language-pipeline-91d3f449c919)
+* [http://onoffswitch.net/building-a-custom-lexer/](http://onoffswitch.net/building-a-custom-lexer/)
+* [Writing an Interpreter with Lex, Yacc, and Memphis](http://memphis.compilertools.net/interpreter.html)
+* [Flex](https://github.com/westes/flex)
+* [GNU Bison](https://www.gnu.org/software/bison/)
+
+## Core <a id="technical-concepts-core"></a>
+
+### Core: Reload Handling <a id="technical-concepts-core-reload"></a>
+
+The initial design of the reload state machine looks like this:
+
+* receive reload signal SIGHUP
+* fork a child process, start configuration validation in parallel work queues
+* parent process continues with old configuration objects and the event scheduling
+(doing checks, replicating cluster events, triggering alert notifications, etc.)
+* validation NOT ok: child process terminates, parent process continues with old configuration state
+* validation ok: child process signals parent process to terminate and save its current state (all events until now) into the icinga2 state file
+* parent process shuts down writing icinga2.state file
+* child process waits for parent process gone, reads the icinga2 state file and synchronizes all historical and status data
+* child becomes the new session leader
+
+Since Icinga 2.6, there are two processes when checked with `ps aux | grep icinga2` or `pidof icinga2`.
+This was to ensure that feature file descriptors don't leak into the plugin process (e.g. DB IDO MySQL sockets).
+
+Icinga 2.9 changed the reload handling a bit with SIGUSR2 signals
+and systemd notifies.
+
+With systemd, it could occur that the tree was broken thus resulting
+in killing all remaining processes on stop, instead of a clean exit.
+You can read the full story [here](https://github.com/Icinga/icinga2/issues/7309).
+
+With 2.11 you'll now see 3 processes:
+
+- The umbrella process which takes care about signal handling and process spawning/stopping
+- The main process with the check scheduler, notifications, etc.
+- The execution helper process
+
+During reload, the umbrella process spawns a new reload process which validates the configuration.
+Once successful, the new reload process signals the umbrella process that it is finished.
+The umbrella process forwards the signal and tells the old main process to shutdown.
+The old main process writes the icinga2.state file. The umbrella process signals
+the reload process that the main process terminated.
+
+The reload process was in idle wait before, and now continues to read the written
+state file and run the event loop (checks, notifications, "events", ...). The reload
+process itself also spawns the execution helper process again.
+
 
 ## Features <a id="technical-concepts-features"></a>
 
@@ -40,14 +244,292 @@ The GraphiteWriter feature calls the registered function and processes
 the received data. Features which connect Icinga 2 to external interfaces
 normally parse and reformat the received data into an applicable format.
 
+Since this check result signal is blocking, many of the features include a work queue
+with asynchronous task handling.
+
 The GraphiteWriter uses a TCP socket to communicate with the carbon cache
 daemon of Graphite. The InfluxDBWriter is instead writing bulk metric messages
-to InfluxDB's HTTP API.
+to InfluxDB's HTTP API, similar to Elasticsearch.
+
+
+## Check Scheduler <a id="technical-concepts-check-scheduler"></a>
+
+The check scheduler starts a thread which loops forever. It waits for
+check events being inserted into `m_IdleCheckables`.
+
+If the current pending check event number is larger than the configured
+max concurrent checks, the thread waits up until it there's slots again.
+
+In addition, further checks on enabled checks, check periods, etc. are
+performed. Once all conditions have passed, the next check timestamp is
+calculated and updated. This also is the timestamp where Icinga expects
+a new check result ("freshness check").
+
+The object is removed from idle checkables, and inserted into the
+pending checkables list. This can be seen via REST API metrics for the
+checker component feature as well.
+
+The actual check execution happens asynchronously using the application's
+thread pool.
+
+Once the check returns, it is removed from pending checkables and again
+inserted into idle checkables. This ensures that the scheduler takes this
+checkable event into account in the next iteration.
+
+### Start <a id="technical-concepts-check-scheduler-start"></a>
+
+When checkable objects get activated during the startup phase,
+the checker feature registers a handler for this event. This is due
+to the fact that the `checker` feature is fully optional, and e.g. not
+used on command endpoint clients.
+
+Whenever such an object activation signal is triggered, Icinga 2 checks
+whether it is [authoritative for this object](19-technical-concepts.md#technical-concepts-cluster-ha-object-authority).
+This means that inside an HA enabled zone with two endpoints, only non-paused checkable objects are
+actively inserted into the idle checkable list for the check scheduler.
+
+### Initial Check <a id="technical-concepts-check-scheduler-initial"></a>
+
+When a new checkable object (host or service) is initially added to the
+configuration, Icinga 2 performs the following during startup:
+
+* `Checkable::Start()` is called and calculates the first check time
+* With a spread delta, the next check time is actually set.
+
+If the next check should happen within a time frame of 60 seconds,
+Icinga 2 calculates a delta from a random value. The minimum of `check_interval`
+and 60 seconds is used as basis, multiplied with a random value between 0 and 1.
+
+In the best case, this check gets immediately executed after application start.
+The worst case scenario is that the check is scheduled 60 seconds after start
+the latest.
+
+The reasons for delaying and spreading checks during startup is that
+the application typically needs more resources at this time (cluster connections,
+feature warmup, initial syncs, etc.). Immediate check execution with
+thousands of checks could lead into performance problems, and additional
+events for each received check results.
+
+Therefore the initial check window is 60 seconds on application startup,
+random seed for all checkables. This is not predictable over multiple restarts
+for specific checkable objects, the delta changes every time.
+
+### Scheduling Offset <a id="technical-concepts-check-scheduler-offset"></a>
+
+There's a high chance that many checkable objects get executed at the same time
+and interval after startup. The initial scheduling spreads that a little, but
+Icinga 2 also attempts to ensure to keep fixed intervals, even with high check latency.
+
+During startup, Icinga 2 calculates the scheduling offset from a random number:
+
+* `Checkable::Checkable()` calls `SetSchedulingOffset()` with `Utility::Random()`
+* The offset is a pseudo-random integral value between `0` and `RAND_MAX`.
+
+Whenever the next check time is updated with `Checkable::UpdateNextCheck()`,
+the scheduling offset is taken into account.
+
+Depending on the state type (SOFT or HARD), either the `retry_interval` or `check_interval`
+is used. If the interval is greater than 1 second, the time adjustment is calculated in the
+following way:
+
+`now * 100 + offset` divided by `interval * 100`, using the remainder (that's what `fmod()` is for)
+and dividing this again onto base 100.
+
+Example: offset is 6500, interval 300, now is 1542190472.
+
+```
+1542190472 * 100 + 6500 = 154219053714
+300 * 100 = 30000
+154219053714 / 30000 = 5140635.1238
+
+(5140635.1238 - 5140635.0) * 30000 = 3714
+3714 / 100 = 37.14
+```
+
+37.15 seconds as an offset would be far too much, so this is again used as a calculation divider for the
+real offset with the base of 5 times the actual interval.
+
+Again, the remainder is calculated from the offset and `interval * 5`. This is divided onto base 100 again,
+with an additional 0.5 seconds delay.
+
+Example: offset is 6500, interval 300.
+
+```
+6500 / 300 = 21.666666666666667
+(21.666666666666667 - 21.0) * 300 = 200
+200 / 100 = 2
+2 + 0.5 = 2.5
+```
+
+The minimum value between the first adjustment and the second offset calculation based on the interval is
+taken, in the above example `2.5` wins.
+
+The actual next check time substracts the adjusted time from the future interval addition to provide
+a more widespread scheduling time among all checkable objects.
+
+`nextCheck = now - adj + interval`
+
+You may ask, what other values can happen with this offset calculation. Consider calculating more examples
+with different interval settings.
+
+Example: offset is 34567, interval 60, now is 1542190472.
+
+```
+1542190472 * 100 + 34567 = 154219081767
+60 * 100 = 6000
+154219081767 / 6000 = 25703180.2945
+(25703180.2945 - 25703180.0) * 6000 / 100 = 17.67
+
+34567 / 60 = 576.116666666666667
+(576.116666666666667 - 576.0) * 60 / 100 + 0.5 = 1.2
+```
+
+`1m` interval starts at `now + 1.2s`.
+
+Example: offset is 12345, interval 86400, now is 1542190472.
+
+```
+1542190472 * 100 + 12345 = 154219059545
+86400 * 100 = 8640000
+154219059545 / 8640000 = 17849.428188078703704
+(17849.428188078703704 - 17849) * 8640000 = 3699545
+3699545 / 100 = 36995.45
+
+12345 / 86400 = 0.142881944444444
+0.142881944444444 * 86400 / 100 + 0.5 = 123.95
+```
+
+`1d` interval starts at `now + 2m4s`.
+
+> **Note**
+>
+> In case you have a better algorithm at hand, feel free to discuss this in a PR on GitHub.
+> It needs to fulfill two things: 1) spread and shuffle execution times on each `next_check` update
+> 2) not too narrowed window for both long and short intervals
+> Application startup and initial checks need to be handled with care in a slightly different
+> fashion.
+
+When `SetNextCheck()` is called, there are signals registered. One of them sits
+inside the `CheckerComponent` class whose handler `CheckerComponent::NextCheckChangedHandler()`
+deletes/inserts the next check event from the scheduling queue. This basically
+is a list with multiple indexes with the keys for scheduling info and the object.
+
+
+## Checks<a id="technical-concepts-checks"></a>
+
+### Check Latency and Execution Time <a id="technical-concepts-checks-latency"></a>
+
+Each check command execution logs the start and end time where
+Icinga 2 (and the end user) is able to calculate the plugin execution time from it.
+
+```
+GetExecutionEnd() - GetExecutionStart()
+```
+
+The higher the execution time, the higher the command timeout must be set. Furthermore
+users and developers are encouraged to look into plugin optimizations to minimize the
+execution time. Sometimes it is better to let an external daemon/script do the checks
+and feed them back via REST API.
+
+Icinga 2 stores the scheduled start and end time for a check. If the actual
+check execution time differs from the scheduled time, e.g. due to performance
+problems or limited execution slots (concurrent checks), this value is stored
+and computed from inside the check result.
+
+The difference between the two deltas is called `check latency`.
+
+```
+(GetScheduleEnd() - GetScheduleStart()) - CalculateExecutionTime()
+```
+
+### Severity <a id="technical-concepts-checks-severity"></a>
+
+The severity attribute is introduced with Icinga v2.11 and provides
+a bit mask calculated value from specific checkable object states.
+
+The severity value is pre-calculated for visualization interfaces
+such as Icinga Web which sorts the problem dashboard by severity by default.
+
+The higher the severity number is, the more important the problem is.
+
+Flags:
+
+```
+/**
+ * Severity Flags
+ *
+ * @ingroup icinga
+ */
+enum SeverityFlag
+{
+	SeverityFlagDowntime = 1,
+	SeverityFlagAcknowledgement = 2,
+	SeverityFlagHostDown = 4,
+	SeverityFlagUnhandled = 8,
+	SeverityFlagPending = 16,
+	SeverityFlagWarning = 32,
+	SeverityFlagUnknown = 64,
+	SeverityFlagCritical = 128,
+};
+```
+
+
+Host:
+
+```
+	/* OK/Warning = Up, Critical/Unknown = Down */
+	if (!HasBeenChecked())
+		severity |= SeverityFlagPending;
+	else if (state == ServiceUnknown)
+		severity |= SeverityFlagCritical;
+	else if (state == ServiceCritical)
+		severity |= SeverityFlagCritical;
+
+	if (IsInDowntime())
+		severity |= SeverityFlagDowntime;
+	else if (IsAcknowledged())
+		severity |= SeverityFlagAcknowledgement;
+	else
+		severity |= SeverityFlagUnhandled;
+```
+
+
+Service:
+
+```
+	if (!HasBeenChecked())
+		severity |= SeverityFlagPending;
+	else if (state == ServiceWarning)
+		severity |= SeverityFlagWarning;
+	else if (state == ServiceUnknown)
+		severity |= SeverityFlagUnknown;
+	else if (state == ServiceCritical)
+		severity |= SeverityFlagCritical;
+
+	if (IsInDowntime())
+		severity |= SeverityFlagDowntime;
+	else if (IsAcknowledged())
+		severity |= SeverityFlagAcknowledgement;
+	else if (m_Host->GetProblem())
+		severity |= SeverityFlagHostDown;
+	else
+		severity |= SeverityFlagUnhandled;
+```
 
 
 
 ## Cluster <a id="technical-concepts-cluster"></a>
 
+This documentation refers to technical roles between cluster
+endpoints.
+
+- The `server` or `parent` role accepts incoming connection attempts and handles requests
+- The `client` role actively connects to remote endpoints receiving config/commands, requesting certificates, etc.
+
+A client role is not necessarily bound to the Icinga agent.
+It may also be a satellite which actively connects to the
+master.
+
 ### Communication <a id="technical-concepts-cluster-communication"></a>
 
 Icinga 2 uses its own certificate authority (CA) by default. The
@@ -58,11 +540,11 @@ Each node certificate must be signed by the private CA key.
 Note: The following description uses `parent node` and `child node`.
 This also applies to nodes in the same cluster zone.
 
-During the connection attempt, an SSL handshake is performed.
+During the connection attempt, a TLS handshake is performed.
 If the public certificate of a child node is not signed by the same
 CA, the child node is not trusted and the connection will be closed.
 
-If the SSL handshake succeeds, the parent node reads the
+If the TLS handshake succeeds, the parent node reads the
 certificate's common name (CN) of the child node and looks for
 a local Endpoint object name configuration.
 
@@ -93,7 +575,7 @@ signing master.
 
 Icinga 2 v2.8 introduces the possibility to request certificates
 from indirectly connected nodes. This is required for multi level
-cluster environments with masters, satellites and clients.
+cluster environments with masters, satellites and agents.
 
 CSR Signing in general starts with the master setup. This step
 ensures that the master is in a working CSR signing state with:
@@ -141,7 +623,7 @@ cluster message.
 
 If the child node was not the certificate request origin, it only updates
 the cached request for the child node and send another cluster message
-down to its child node (e.g. from a satellite to a client).
+down to its child node (e.g. from a satellite to an agent).
 
 
 If no ticket was specified, the signing master waits until the
@@ -164,6 +646,10 @@ This mode leaves the node in a semi-configured state. You need
 to manually copy the master's public CA key into `/var/lib/icinga2/certs/ca.crt`
 on the client before starting Icinga 2.
 
+> **Note**
+>
+> The `client` in this case can be either a satellite or an agent.
+
 The parent node needs to actively connect to the child node.
 Once this connections succeeds, the child node will actively
 request a signed certificate.
@@ -172,10 +658,10 @@ The update procedure works the same way as above.
 
 ### High Availability <a id="technical-concepts-cluster-ha"></a>
 
-High availability is automatically enabled between two nodes in the same
+General high availability is automatically enabled between two endpoints in the same
 cluster zone.
 
-This requires the same configuration and enabled features on both nodes.
+**This requires the same configuration and enabled features on both nodes.**
 
 HA zone members trust each other and share event updates as cluster messages.
 This includes for example check results, next check timestamp updates, acknowledgements
@@ -184,18 +670,52 @@ or notifications.
 This ensures that both nodes are synchronized. If one node goes away, the
 remaining node takes over and continues as normal.
 
+#### High Availability: Object Authority <a id="technical-concepts-cluster-ha-object-authority"></a>
 
 Cluster nodes automatically determine the authority for configuration
-objects. This results in activated but paused objects. You can verify
+objects. By default, all config objects are set to `HARunEverywhere` and
+as such the object authority is true for any config object on any instance.
+
+Specific objects can override and influence this setting, e.g. with `HARunOnce`
+instead prior to config object activation.
+
+This is done when the daemon starts and in a regular interval inside
+the ApiListener class, specifically calling `ApiListener::UpdateObjectAuthority()`.
+
+The algorithm works like this:
+
+* Determine whether this instance is assigned to a local zone and endpoint.
+* Collects all endpoints in this zone if they are connected.
+* If there's two endpoints, but only us seeing ourselves and the application start is less than 60 seconds in the past, do nothing (wait for cluster reconnect to take place, grace period).
+* Sort the collected endpoints by name.
+* Iterate over all config types and their respective objects
+ * Ignore !active objects
+ * Ignore objects which are !HARunOnce. This means, they can run multiple times in a zone and don't need an authority update.
+ * If this instance doesn't have a local zone, set authority to true. This is for non-clustered standalone environments where everything belongs to this instance.
+ * Calculate the object authority based on the connected endpoint names.
+ * Set the authority (true or false)
+
+The object authority calculation works "offline" without any message exchange.
+Each instance alculates the SDBM hash of the config object name, puts that in contrast
+modulo the connected endpoints size.
+This index is used to lookup the corresponding endpoint in the connected endpoints array,
+including the local endpoint. Whether the local endpoint is equal to the selected endpoint,
+or not, this sets the authority to `true` or `false`.
+
+```
+authority = endpoints[Utility::SDBM(object->GetName()) % endpoints.size()] == my_endpoint;
+```
+
+`ConfigObject::SetAuthority(bool authority)` triggers the following events:
+
+* Authority is true and object now paused: Resume the object and set `paused` to `false`.
+* Authority is false, object not paused: Pause the object and set `paused` to true.
+
+**This results in activated but paused objects on one endpoint.** You can verify
 that by querying the `paused` attribute for all objects via REST API
-or debug console.
-
-Nodes inside a HA zone calculate the object authority independent from each other.
-
-The number of endpoints in a zone is defined through the configuration. This number
-is used inside a local modulo calculation to determine whether the node feels
-responsible for this object or not.
+or debug console on both endpoints.
 
+Endpoints inside a HA zone calculate the object authority independent from each other.
 This object authority is important for selected features explained below.
 
 Since features are configuration objects too, you must ensure that all nodes
@@ -204,7 +724,37 @@ one might have a checker feature on the left node, nothing on the right node.
 This leads to late check results because one half is not executed by the right
 node which holds half of the object authorities.
 
-### High Availability: Checker <a id="technical-concepts-cluster-ha-checker"></a>
+By default, features are enabled to "Run-Everywhere". Specific features which
+support HA awareness, provide the `enable_ha` configuration attribute. When `enable_ha`
+is set to `true` (usually the default), "Run-Once" is set and the feature pauses on one side.
+
+```
+vim /etc/icinga2/features-enabled/graphite.conf
+
+object GraphiteWriter "graphite" {
+  ...
+  enable_ha = true
+}
+```
+
+Once such a feature is paused, there won't be any more event handling, e.g. the Elasticsearch
+feature won't process any checkresults nor write to the Elasticsearch REST API.
+
+When the cluster connection drops, the feature configuration object is updated with
+the new object authority by the ApiListener timer and resumes its operation. You can see
+that by grepping the log file for `resumed` and `paused`.
+
+```
+[2018-10-24 13:28:28 +0200] information/GraphiteWriter: 'g-ha' paused.
+```
+
+```
+[2018-10-24 13:28:28 +0200] information/GraphiteWriter: 'g-ha' resumed.
+```
+
+Specific features with HA capabilities are explained below.
+
+#### High Availability: Checker <a id="technical-concepts-cluster-ha-checker"></a>
 
 The `checker` feature only executes checks for `Checkable` objects (Host, Service)
 where it is authoritative.
@@ -215,7 +765,7 @@ The cluster message routing ensures that all check results are synchronized
 to nodes which are not authoritative for this configuration object.
 
 
-### High Availability: Notifications <a id="technical-concepts-cluster-notifications"></a>
+#### High Availability: Notifications <a id="technical-concepts-cluster-notifications"></a>
 
 The `notification` feature only sends notifications for `Notification` objects
 where it is authoritative.
@@ -225,7 +775,7 @@ That way each node only executes notifications for a segment of all notification
 Notified users and other event details are synchronized throughout the cluster.
 This is required if for example the DB IDO feature is active on the other node.
 
-### High Availability: DB IDO <a id="technical-concepts-cluster-ha-ido"></a>
+#### High Availability: DB IDO <a id="technical-concepts-cluster-ha-ido"></a>
 
 If you don't have HA enabled for the IDO feature, both nodes will
 write their status and historical data to their own separate database
@@ -320,9 +870,1188 @@ Icinga 2 v2.9+ adds more performance metrics for these values:
 * `sum_bytes_sent_per_second` and `sum_bytes_received_per_second`
 
 
+### Config Sync <a id="technical-concepts-cluster-config-sync"></a>
+
+The visible feature for the user is to put configuration files in `/etc/icinga2/zones.d/<zonename>`
+and have them synced automatically to all involved zones and endpoints.
+
+This not only includes host and service objects being checked
+in a satellite zone, but also additional config objects such as
+commands, groups, timeperiods and also templates.
+
+Additional thoughts and complexity added:
+
+- Putting files into zone directory names removes the burden to set the `zone` attribute on each object in this directory. This is done automatically by the config compiler.
+- Inclusion of `zones.d` happens automatically, the user shouldn't be bothered about this.
+- Before the REST API was created, only static configuration files in `/etc/icinga2/zones.d` existed. With the addition of config packages, additional `zones.d` targets must be registered (e.g. used by the Director)
+- Only one config master is allowed. This one identifies itself with configuration files in `/etc/icinga2/zones.d`. This is not necessarily the zone master seen in the debug logs, that one is important for message routing internally.
+- Objects and templates which cannot be bound into a specific zone (e.g. hosts in the satellite zone) must be made available "globally".
+- Users must be able to deny the synchronisation of specific zones, e.g. for security reasons.
+
+#### Config Sync: Config Master <a id="technical-concepts-cluster-config-sync-config-master"></a>
+
+All zones must be configured and included in the `zones.conf` config file beforehand.
+The zone names are the identifier for the directories underneath the `/etc/icinga2/zones.d`
+directory. If a zone is not configured, it will not be included in the config sync - keep this
+in mind for troubleshooting.
+
+When the config master starts, the content of `/etc/icinga2/zones.d` is automatically
+included. There's no need for an additional entry in `icinga2.conf` like `conf.d`.
+You can verify this by running the config validation on debug level:
+
+```
+icinga2 daemon -C -x debug | grep 'zones.d'
+
+[2019-06-19 15:16:19 +0200] notice/ConfigCompiler: Compiling config file: /etc/icinga2/zones.d/global-templates/commands.conf
+```
+
+Once the config validation succeeds, the startup routine for the daemon
+copies the files into the "production" directory in `/var/lib/icinga2/api/zones`.
+This directory is used for all endpoints where Icinga stores the received configuration.
+With the exception of the config master retrieving this from `/etc/icinga2/zones.d` instead.
+
+These operations are logged for better visibility.
+
+```
+[2019-06-19 15:26:38 +0200] information/ApiListener: Copying 1 zone configuration files for zone 'global-templates' to '/var/lib/icinga2/api/zones/global-templates'.
+[2019-06-19 15:26:38 +0200] information/ApiListener: Updating configuration file: /var/lib/icinga2/api/zones/global-templates//_etc/commands.conf
+```
+
+The master is finished at this point. Depending on the cluster configuration,
+the next iteration is a connected endpoint after successful TLS handshake and certificate
+authentication.
+
+It calls `SendConfigUpdate(client)` which sends the [config::Update](19-technical-concepts.md#technical-concepts-json-rpc-messages-config-update)
+JSON-RPC message including all required zones and their configuration file content.
+
+
+#### Config Sync: Receive Config <a id="technical-concepts-cluster-config-sync-receive-config"></a>
+
+The secondary master endpoint and endpoints in a child zone will be connected to the config
+master. The endpoint receives the [config::Update](19-technical-concepts.md#technical-concepts-json-rpc-messages-config-update)
+JSON-RPC message and processes the content in `ConfigUpdateHandler()`. This method checks
+whether config should be accepted. In addition to that, it locks a local mutex to avoid race conditions
+with multiple syncs in parallel.
+
+After that, the received configuration content is analysed.
+
+> **Note**
+>
+> The cluster design allows that satellite endpoints may connect to the secondary master first.
+> There is no immediate need to always connect to the config master first, especially since
+> the satellite endpoints don't know that.
+>
+> The secondary master not only stores the master zone config files, but also all child zones.
+> This is also the case for any HA enabled zone with more than one endpoint.
+
+
+2.11 puts the received configuration files into a staging directory in
+`/var/lib/icinga2/api/zones-stage`. Previous versions directly wrote the
+files into production which could have led to broken configuration on the
+next manual restart.
+
+```
+[2019-06-19 16:08:29 +0200] information/ApiListener: New client connection for identity 'master1' to [127.0.0.1]:5665
+[2019-06-19 16:08:30 +0200] information/ApiListener: Applying config update from endpoint 'master1' of zone 'master'.
+[2019-06-19 16:08:30 +0200] information/ApiListener: Received configuration for zone 'agent' from endpoint 'master1'. Comparing the checksums.
+[2019-06-19 16:08:30 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/agent//_etc/host.conf' for zone 'agent'.
+[2019-06-19 16:08:30 +0200] information/ApiListener: Applying configuration file update for path '/var/lib/icinga2/api/zones-stage/agent' (176 Bytes).
+[2019-06-19 16:08:30 +0200] information/ApiListener: Received configuration for zone 'master' from endpoint 'master1'. Comparing the checksums.
+[2019-06-19 16:08:30 +0200] information/ApiListener: Applying configuration file update for path '/var/lib/icinga2/api/zones-stage/master' (17 Bytes).
+[2019-06-19 16:08:30 +0200] information/ApiListener: Received configuration from endpoint 'master1' is different to production, triggering validation and reload.
+```
+
+It then validates the received configuration in its own config stage. There is
+an parameter override in place which disables the automatic inclusion of the production
+config in `/var/lib/icinga2/api/zones`.
+
+Once completed, the reload is triggered. This follows the same configurable timeout
+as with the global reload.
+
+```
+[2019-06-19 16:52:26 +0200] information/ApiListener: Config validation for stage '/var/lib/icinga2/api/zones-stage/' was OK, replacing into '/var/lib/icinga2/api/zones/' and triggering reload.
+[2019-06-19 16:52:27 +0200] information/Application: Got reload command: Started new instance with PID '19945' (timeout is 300s).
+[2019-06-19 16:52:28 +0200] information/Application: Reload requested, letting new process take over.
+```
+
+Whenever the staged configuration validation fails, Icinga logs this including a reference
+to the startup log file which includes additional errors.
+
+```
+[2019-06-19 15:45:27 +0200] critical/ApiListener: Config validation failed for staged cluster config sync in '/var/lib/icinga2/api/zones-stage/'. Aborting. Logs: '/var/lib/icinga2/api/zones-stage//startup.log'
+```
+
+
+#### Config Sync: Changes and Reload <a id="technical-concepts-cluster-config-sync-changes-reload"></a>
+
+Whenever a new configuration is received, it is validated and upon success, the
+daemon automatically reloads. While the daemon continues with checks, the reload
+cannot hand over open TCP connections. That being said, reloading the daemon everytime
+a configuration is synchronized would lead into many not connected endpoints.
+
+Therefore the cluster config sync checks whether the configuration files actually
+changed, and will only trigger a reload when such a change happened.
+
+2.11 calculates a checksum from each file content and compares this to the
+production configuration. Previous versions used additional metadata with timestamps from
+files which sometimes led to problems with asynchronous dates.
+
+> **Note**
+>
+> For compatibility reasons, the timestamp metadata algorithm is still intact, e.g.
+> when the client is 2.11 already, but the parent endpoint is still on 2.10.
+
+Icinga logs a warning when this happens.
+
+```
+Received configuration update without checksums from parent endpoint satellite1. This behaviour is deprecated. Please upgrade the parent endpoint to 2.11+
+```
+
+
+The debug log provides more details on the actual checksums and checks. Future output
+may change, use this solely for troubleshooting and debugging whenever the cluster
+config sync fails.
+
+```
+[2019-06-19 16:13:16 +0200] information/ApiListener: Received configuration for zone 'agent' from endpoint 'master1'. Comparing the checksums.
+[2019-06-19 16:13:16 +0200] debug/ApiListener: Checking for config change between stage and production. Old (3): '{"/.checksums":"7ede1276a9a32019c1412a52779804a976e163943e268ec4066e6b6ec4d15d73","/.timestamp":"ec4354b0eca455f7c2ca386fddf5b9ea810d826d402b3b6ac56ba63b55c2892c","/_etc/host.conf":"35d4823684d83a5ab0ca853c9a3aa8e592adfca66210762cdf2e54339ccf0a44"}' vs. new (3): '{"/.checksums":"84a586435d732327e2152e7c9b6d85a340cc917b89ae30972042f3dc344ea7cf","/.timestamp":"0fd6facf35e49ab1b2a161872fa7ad794564eba08624373d99d31c32a7a4c7d3","/_etc/host.conf":"0d62075e89be14088de1979644b40f33a8f185fcb4bb6ff1f7da2f63c7723fcb"}'.
+[2019-06-19 16:13:16 +0200] debug/ApiListener: Checking /_etc/host.conf for checksum: 35d4823684d83a5ab0ca853c9a3aa8e592adfca66210762cdf2e54339ccf0a44
+[2019-06-19 16:13:16 +0200] debug/ApiListener: Path '/_etc/host.conf' doesn't match old checksum '0d62075e89be14088de1979644b40f33a8f185fcb4bb6ff1f7da2f63c7723fcb' with new checksum '35d4823684d83a5ab0ca853c9a3aa8e592adfca66210762cdf2e54339ccf0a44'.
+```
+
+
+#### Config Sync: Trust <a id="technical-concepts-cluster-config-sync-trust"></a>
+
+The config sync follows the "top down" approach, where the master endpoint in the master
+zone is allowed to synchronize configuration to the child zone, e.g. the satellite zone.
+
+Endpoints in the same zone, e.g. a secondary master, receive configuration for the same
+zone and all child zones.
+
+Endpoints in the satellite zone trust the parent zone, and will accept the pushed
+configuration via JSON-RPC cluster messages. By default, this is disabled and must
+be enabled with the `accept_config` attribute in the ApiListener feature (manually or with CLI
+helpers).
+
+The satellite zone will not only accept zone configuration for its own zone, but also
+all configured child zones. That is why it is important to configure the zone hierarchy
+on the satellite as well.
+
+Child zones are not allowed to sync configuration up to the parent zone. Each Icinga instance
+evaluates this in startup and knows on endpoint connect which config zones need to be synced.
+
+
+Global zones have a special trust relationship: They are synced to all child zones, be it
+a satellite zone or agent zone. Since checkable objects such as a Host or a Service object
+must have only one endpoint as authority, they cannot be put into a global zone (denied by
+the config compiler).
+
+Apply rules and templates are allowed, since they are evaluated in the endpoint which received
+the synced configuration. Keep in mind that there may be differences on the master and the satellite
+when e.g. hostgroup membership is used for assign where expressions, but the groups are only
+available on the master.
+
+
+### Cluster: Message Routing <a id="technical-concepts-cluster-message-routing"></a>
+
+One fundamental part of the cluster message routing is the MessageOrigin object.
+This is created when a new JSON-RPC message is received in `JsonRpcConnection::MessageHandler()`.
+
+It contains
+
+- FromZone being extracted from the endpoint object which owns the JsonRpcConnection
+- FromClient being the JsonRpcConnection bound to the endpoint object
+
+These attributes are checked in message receive api handlers for security access. E.g. whether a
+message origin is from a child zone which is not allowed, etc.
+This is explained in the [JSON-RPC messages](19-technical-concepts.md#technical-concepts-json-rpc-messages) chapter.
+
+Whenever such a message is processed on the client, it may trigger additional cluster events
+which are sent back to other endpoints. Therefore it is key to always pass the MessageOrigin
+`origin` when processing these messages locally.
+
+Example:
+
+- Client receives a CheckResult from another endpoint in the same zone, call it `sender` for now
+- Calls ProcessCheckResult() to store the CR and calculcate states, notifications, etc.
+- Calls the OnNewCheckResult() signal to trigger IDO updates
+
+OnNewCheckResult() also calls a registered cluster handler which forwards the CheckResult to other cluster members.
+
+Without any origin details, this CheckResult would be relayed to the `sender` endpoint again.
+Which processes the message, ProcessCheckResult(), OnNewCheckResult(), sends back and so on.
+
+That creates a loop which our cluster protocol needs to prevent at all cost.
+
+RelayMessageOne() takes care of the routing. This involves fetching the targetZone for this message and its endpoints.
+
+- Don't relay messages to ourselves.
+- Don't relay messages to disconnected endpoints.
+- Don't relay the message to the zone through more than one endpoint unless this is our own zone.
+- Don't relay messages back to the endpoint which we got the message from. **THIS**
+- Don't relay messages back to the zone which we got the message from.
+- Only relay message to the zone master if we're not currently the zone master.
+
+```
+ e1 is zone master, e2 and e3 are zone members.
+
+ Message is sent from e2 or e3:
+   !isMaster == true
+   targetEndpoint e1 is zone master -> send the message
+   targetEndpoint e3 is not zone master -> skip it, avoid routing loops
+
+ Message is sent from e1:
+   !isMaster == false -> send the messages to e2 and e3 being the zone routing master.
+```
+
+With passing the `origin` the following condition prevents sending a message back to sender:
+
+```
+if (origin && origin->FromClient && targetEndpoint == origin->FromClient->GetEndpoint()) {
+```
+
+This message then simply gets skipped for this specific Endpoint and is never sent.
+
+This analysis originates from a long-lasting [downtime loop bug](https://github.com/Icinga/icinga2/issues/7198).
+
+## TLS Network IO <a id="technical-concepts-tls-network-io"></a>
+
+### TLS Connection Handling <a id="technical-concepts-tls-network-io-connection-handling"></a>
+
+Icinga supports two connection directions, controlled via the `host` attribute
+inside the Endpoint objects:
+
+* Outgoing connection attempts
+* Incoming connection handling
+
+Once the connection is established, higher layers can exchange JSON-RPC and
+HTTP messages. It doesn't matter which direction these message go.
+
+This offers a big advantage over single direction connections, just like
+polling via HTTP only. Also, connections are kept alive as long as data
+is transmitted.
+
+When the master connects to the child zone member(s), this requires more
+resources there. Keep this in mind when endpoints are not reachable, the
+TCP timeout blocks other resources. Moving a satellite zone in the middle
+between masters and agents helps to split the tasks - the master
+processes and stores data, deploys configuration and serves the API. The
+satellites schedule the checks, connect to the agents and receive
+check results.
+
+Agents/Clients can also connect to the parent endpoints - be it a master or
+a satellite. This is the preferred way out of a DMZ, and also reduces the
+overhead with connecting to e.g. 2000 agents on the master. You can
+benchmark this when TCP connections are broken and timeouts are encountered.
+
+#### Master Processes Incoming Connection <a id="technical-concepts-tls-network-io-connection-handling-incoming"></a>
+
+* The node starts a new ApiListener, this invokes `AddListener()`
+    * Setup TLS Context (SslContext)
+    * Initialize global I/O engine and create a TCP acceptor
+    * Resolve bind host/port (optional)
+    * Listen on IPv4 and IPv6
+    * Re-use socket address and port
+    * Listen on port 5665 with `INT_MAX` possible sockets
+* Spawn a new Coroutine which listens for new incoming connections as 'TCP server' pattern
+    * Accept new connections asynchronously
+    * Spawn a new Coroutine which handles the new client connection in a different context, Role: Server
+
+#### Master Connects Outgoing <a id="technical-concepts-tls-network-io-connection-handling-outgoing"></a>
+
+* The node starts a timer in a 10 seconds interval with `ApiReconnectTimerHandler()` as callback
+    * Loop over all configured zones, exclude global zones and not direct parent/child zones
+    * Get the endpoints configured in the zones, exclude: local endpoint, no 'host' attribute, already connected or in progress
+    * Call `AddConnection()`
+* Spawn a new Coroutine after making the TLS context
+    * Use the global I/O engine for socket I/O
+    * Create TLS stream
+    * Connect to endpoint host/port details
+    * Handle the client connection, Role: Client
+
+#### TLS Handshake <a id="technical-concepts-tls-network-io-connection-handling-handshake"></a>
+
+* Create a TLS connection in sslConn and perform an asynchronous TLS handshake
+* Get the peer certificate
+* Verify the presented certificate: `ssl::verify_peer` and `ssl::verify_client_once`
+* Get the certificate CN and compare it against the endpoint name - if not matching, return and close the connection
+
+#### Data Exchange <a id="technical-concepts-tls-network-io-connection-data-exchange"></a>
+
+Everything runs through TLS, we don't use any "raw" connections nor plain message handling.
+
+HTTP and JSON-RPC messages share the same port and API, so additional handling is required.
+
+On a new connection and successful TLS handshake, the first byte is read. This either
+is a JSON-RPC message in Netstring format starting with a number, or plain HTTP.
+
+```
+HTTP/1.1
+
+2:{}
+```
+
+Depending on this, `ClientJsonRpc` or `ClientHttp` are assigned.
+
+JSON-RPC:
+
+* Create a new JsonRpcConnection object
+    * When the endpoint object is configured, spawn a Coroutine which takes care of syncing the client (file and runtime config, replay log, etc.)
+    * No endpoint treats this connection as anonymous client, with a configurable limit. This client may send a CSR signing request for example.
+    * Start the JsonRpcConnection - this spawns Coroutines to HandleIncomingMessages, WriteOutgoingMessages, HandleAndWriteHeartbeats and CheckLiveness
+
+HTTP:
+
+* Create a new HttpServerConnection
+     * Start the HttpServerConnection - this spawns Coroutines to ProcessMessages and CheckLiveness
+
+
+All the mentioned Coroutines run asynchronously using the global I/O engine's context.
+More details on this topic can be found in [this blogpost](https://www.netways.de/blog/2019/04/04/modern-c-programming-coroutines-with-boost/).
+
+The lower levels of context switching and sharing or event polling are
+hidden in Boost ASIO, Beast, Coroutine and Context libraries.
+
+#### Data Exchange: Coroutines and I/O Engine <a id="technical-concepts-tls-network-io-connection-data-exchange-coroutines"></a>
+
+Light-weight and fast operations such as connection handling or TLS handshakes
+are performed in the default `IoBoundWorkSlot` pool inside the I/O engine.
+
+The I/O engine has another pool available: `CpuBoundWork`.
+
+This is used for processing CPU intensive tasks, such as handling a HTTP request.
+Depending on the available CPU cores, this is limited to `std::thread::hardware_concurrency() * 3u / 2u`.
+
+```
+1 core * 3 / 2 = 1
+2 cores * 3 / 2 = 3
+8 cores * 3 / 2 = 12
+16 cores * 3 / 2 = 24
+```
+
+The I/O engine itself is used with all network I/O in Icinga, not only the cluster
+and the REST API. Features such as Graphite, InfluxDB, etc. also consume its functionality.
+
+There are 2 * CPU cores threads available which run the event loop
+in the I/O engine. This polls the I/O service with `m_IoService.run();`
+and triggers an asynchronous event progress for waiting coroutines.
+
 <!--
 ## REST API <a id="technical-concepts-rest-api"></a>
 
 Icinga 2 provides its own HTTP server which shares the port 5665 with
 the JSON-RPC cluster protocol.
 -->
+
+## JSON-RPC Message API <a id="technical-concepts-json-rpc-messages"></a>
+
+**The JSON-RPC message API is not a public API for end users.** In case you want
+to interact with Icinga, use the [REST API](12-icinga2-api.md#icinga2-api).
+
+This section describes the internal cluster messages exchanged between endpoints.
+
+> **Tip**
+>
+> Debug builds with `icinga2 daemon -DInternal.DebugJsonRpc=1` unveils the JSON-RPC messages.
+
+### Registered Handler Functions
+
+Functions by example:
+
+Event Sender: `Checkable::OnNewCheckResult`
+
+```
+On<xyz>.connect(&xyzHandler)
+```
+
+Event Receiver (Client): `CheckResultAPIHandler` in `REGISTER_APIFUNCTION`
+
+```
+<xyz>APIHandler()
+```
+
+### Messages
+
+#### icinga::Hello <a id="technical-concepts-json-rpc-messages-icinga-hello"></a>
+
+> Location: `apilistener.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | icinga::Hello
+params    | Dictionary
+
+##### Params
+
+Currently empty.
+
+##### Functions
+
+Event Sender: When a new client connects in `NewClientHandlerInternal()`.
+Event Receiver: `HelloAPIHandler`
+
+##### Permissions
+
+None, this is a required message.
+
+#### event::Heartbeat <a id="technical-concepts-json-rpc-messages-event-heartbeat"></a>
+
+> Location: `jsonrpcconnection-heartbeat.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::Heartbeat
+params    | Dictionary
+
+##### Params
+
+Key       | Type          | Description
+----------|---------------|------------------
+timeout   | Number        | Heartbeat timeout, sender sets 120s.
+
+
+##### Functions
+
+Event Sender: `JsonRpcConnection::HeartbeatTimerHandler`
+Event Receiver: `HeartbeatAPIHandler`
+
+Both sender and receiver exchange this heartbeat message. If the sender detects
+that a client endpoint hasn't sent anything in the updated timeout span, it disconnects
+the client. This is to avoid stale connections with no message processing.
+
+##### Permissions
+
+None, this is a required message.
+
+#### event::CheckResult <a id="technical-concepts-json-rpc-messages-event-checkresult"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::CheckResult
+params    | Dictionary
+
+##### Params
+
+Key       | Type          | Description
+----------|---------------|------------------
+host      | String        | Host name
+service   | String        | Service name
+cr        | Serialized CR | Check result
+
+##### Functions
+
+Event Sender: `Checkable::OnNewCheckResult`
+Event Receiver: `CheckResultAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Hosts/services do not exist
+* Origin is a remote command endpoint different to the configured, and whose zone is not allowed to access this checkable.
+
+#### event::SetNextCheck <a id="technical-concepts-json-rpc-messages-event-setnextcheck"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::SetNextCheck
+params    | Dictionary
+
+##### Params
+
+Key         | Type          | Description
+------------|---------------|------------------
+host        | String        | Host name
+service     | String        | Service name
+next\_check | Timestamp     | Next scheduled time as UNIX timestamp.
+
+##### Functions
+
+Event Sender: `Checkable::OnNextCheckChanged`
+Event Receiver: `NextCheckChangedAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone is not allowed to access this checkable.
+
+#### event::SuppressedNotifications <a id="technical-concepts-json-rpc-messages-event-setsupressednotifications"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::SuppressedNotifications
+params    | Dictionary
+
+##### Params
+
+Key         		 | Type          | Description
+-------------------------|---------------|------------------
+host        		 | String        | Host name
+service     		 | String        | Service name
+supressed\_notifications | Number 	 | Bitmask for suppressed notifications.
+
+##### Functions
+
+Event Sender: `Checkable::OnSuppressedNotificationsChanged`
+Event Receiver: `SuppressedNotificationsChangedAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone is not allowed to access this checkable.
+
+
+#### event::SetNextNotification <a id="technical-concepts-json-rpc-messages-event-setnextnotification"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::SetNextNotification
+params    | Dictionary
+
+##### Params
+
+Key                | Type          | Description
+-------------------|---------------|------------------
+host               | String        | Host name
+service            | String        | Service name
+notification       | String        | Notification name
+next\_notification | Timestamp     | Next scheduled notification time as UNIX timestamp.
+
+##### Functions
+
+Event Sender: `Notification::OnNextNotificationChanged`
+Event Receiver: `NextNotificationChangedAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Notification does not exist.
+* Origin endpoint's zone is not allowed to access this checkable.
+
+#### event::SetForceNextCheck <a id="technical-concepts-json-rpc-messages-event-setforcenextcheck"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::SetForceNextCheck
+params    | Dictionary
+
+##### Params
+
+Key       | Type          | Description
+----------|---------------|------------------
+host      | String        | Host name
+service   | String        | Service name
+forced    | Boolean       | Forced next check (execute now)
+
+##### Functions
+
+Event Sender: `Checkable::OnForceNextCheckChanged`
+Event Receiver: `ForceNextCheckChangedAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone is not allowed to access this checkable.
+
+#### event::SetForceNextNotification <a id="technical-concepts-json-rpc-messages-event-setforcenextnotification"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::SetForceNextNotification
+params    | Dictionary
+
+##### Params
+
+Key       | Type          | Description
+----------|---------------|------------------
+host      | String        | Host name
+service   | String        | Service name
+forced    | Boolean       | Forced next check (execute now)
+
+##### Functions
+
+Event Sender: `Checkable::SetForceNextNotification`
+Event Receiver: `ForceNextNotificationChangedAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone is not allowed to access this checkable.
+
+#### event::SetAcknowledgement <a id="technical-concepts-json-rpc-messages-event-setacknowledgement"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::SetAcknowledgement
+params    | Dictionary
+
+##### Params
+
+Key        | Type          | Description
+-----------|---------------|------------------
+host       | String        | Host name
+service    | String        | Service name
+author     | String        | Acknowledgement author name.
+comment    | String        | Acknowledgement comment content.
+acktype    | Number        | Acknowledgement type (0=None, 1=Normal, 2=Sticky)
+notify     | Boolean       | Notification should be sent.
+persistent | Boolean       | Whether the comment is persistent.
+expiry     | Timestamp     | Optional expire time as UNIX timestamp.
+
+##### Functions
+
+Event Sender: `Checkable::OnForceNextCheckChanged`
+Event Receiver: `ForceNextCheckChangedAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone is not allowed to access this checkable.
+
+#### event::ClearAcknowledgement <a id="technical-concepts-json-rpc-messages-event-clearacknowledgement"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::ClearAcknowledgement
+params    | Dictionary
+
+##### Params
+
+Key       | Type          | Description
+----------|---------------|------------------
+host      | String        | Host name
+service   | String        | Service name
+
+##### Functions
+
+Event Sender: `Checkable::OnAcknowledgementCleared`
+Event Receiver: `AcknowledgementClearedAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone is not allowed to access this checkable.
+
+#### event::SendNotifications <a id="technical-concepts-json-rpc-messages-event-sendnotifications"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::SendNotifications
+params    | Dictionary
+
+##### Params
+
+Key       | Type          | Description
+----------|---------------|------------------
+host      | String        | Host name
+service   | String        | Service name
+cr        | Serialized CR | Check result
+type      | Number        | enum NotificationType, same as `types` for notification objects.
+author    | String        | Author name
+text      | String        | Notification text
+
+##### Functions
+
+Event Sender: `Checkable::OnNotificationsRequested`
+Event Receiver: `SendNotificationsAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone the same as the receiver. This binds notification messages to the HA zone.
+
+#### event::NotificationSentUser <a id="technical-concepts-json-rpc-messages-event-notificationsentuser"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::NotificationSentUser
+params    | Dictionary
+
+##### Params
+
+Key           | Type            | Description
+--------------|-----------------|------------------
+host          | String          | Host name
+service       | String          | Service name
+notification  | String          | Notification name.
+user          | String          | Notified user name.
+type          | Number          | enum NotificationType, same as `types` in Notification objects.
+cr            | Serialized CR   | Check result.
+author        | String          | Notification author (for specific types)
+text          | String          | Notification text (for specific types)
+command       | String          | Notification command name.
+
+##### Functions
+
+Event Sender: `Checkable::OnNotificationSentToUser`
+Event Receiver: `NotificationSentUserAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone the same as the receiver. This binds notification messages to the HA zone.
+
+#### event::NotificationSentToAllUsers <a id="technical-concepts-json-rpc-messages-event-notificationsenttoallusers"></a>
+
+> Location: `clusterevents.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::NotificationSentToAllUsers
+params    | Dictionary
+
+##### Params
+
+Key                         | Type            | Description
+----------------------------|-----------------|------------------
+host                        | String          | Host name
+service                     | String          | Service name
+notification                | String          | Notification name.
+users                       | Array of String | Notified user names.
+type                        | Number          | enum NotificationType, same as `types` in Notification objects.
+cr                          | Serialized CR   | Check result.
+author                      | String          | Notification author (for specific types)
+text                        | String          | Notification text (for specific types)
+last\_notification          | Timestamp       | Last notification time as UNIX timestamp.
+next\_notification          | Timestamp       | Next scheduled notification time as UNIX timestamp.
+notification\_number        | Number          | Current notification number in problem state.
+last\_problem\_notification | Timestamp       | Last problem notification time as UNIX timestamp.
+no\_more\_notifications     | Boolean         | Whether to send future notifications when this notification becomes active on this HA node.
+
+##### Functions
+
+Event Sender: `Checkable::OnNotificationSentToAllUsers`
+Event Receiver: `NotificationSentToAllUsersAPIHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Checkable does not exist.
+* Origin endpoint's zone the same as the receiver. This binds notification messages to the HA zone.
+
+#### event::ExecuteCommand <a id="technical-concepts-json-rpc-messages-event-executecommand"></a>
+
+> Location: `clusterevents-check.cpp` and `checkable-check.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | event::ExecuteCommand
+params    | Dictionary
+
+##### Params
+
+Key           | Type          | Description
+--------------|---------------|------------------
+host          | String        | Host name.
+service       | String        | Service name.
+command\_type | String        | `check_command` or `event_command`.
+command       | String        | CheckCommand or EventCommand name.
+macros        | Dictionary    | Command arguments as key/value pairs for remote execution.
+
+
+##### Functions
+
+**Event Sender:** This gets constructed directly in `Checkable::ExecuteCheck()` or `Checkable::ExecuteEventHandler()` when a remote command endpoint is configured.
+
+* `Get{CheckCommand,EventCommand}()->Execute()` simulates an execution and extracts all command arguments into the `macro` dictionary (inside lib/methods tasks).
+* When the endpoint is connected, the message is constructed and sent directly.
+* When the endpoint is not connected and not syncing replay logs and 5m after application start, generate an UNKNOWN check result for the user ("not connected").
+
+**Event Receiver:** `ExecuteCommandAPIHandler`
+
+Special handling, calls `ClusterEvents::EnqueueCheck()` for command endpoint checks.
+This function enqueues check tasks into a queue which is controlled in `RemoteCheckThreadProc()`.
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Origin endpoint's zone is not a parent zone of the receiver endpoint.
+* `accept_commands = false` in the `api` feature configuration sends back an UNKNOWN check result to the sender.
+
+The receiver constructs a virtual host object and looks for the local CheckCommand object.
+
+Returns UNKNOWN as check result to the sender
+
+* when the CheckCommand object does not exist.
+* when there was an exception triggered from check execution, e.g. the plugin binary could not be executed or similar.
+
+The returned messages are synced directly to the sender's endpoint, no cluster broadcast.
+
+> **Note**: EventCommand errors are just logged on the remote endpoint.
+
+#### config::Update <a id="technical-concepts-json-rpc-messages-config-update"></a>
+
+> Location: `apilistener-filesync.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | config::Update
+params    | Dictionary
+
+##### Params
+
+Key        | Type          | Description
+-----------|---------------|------------------
+update     | Dictionary    | Config file paths and their content.
+update\_v2 | Dictionary    | Additional meta config files introduced in 2.4+ for compatibility reasons.
+
+##### Functions
+
+**Event Sender:** `SendConfigUpdate()` called in `ApiListener::SyncClient()` when a new client endpoint connects.
+**Event Receiver:** `ConfigUpdateHandler` reads the config update content and stores them in `/var/lib/icinga2/api`.
+When it detects a configuration change, the function requests and application restart.
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* The origin sender is not in a parent zone of the receiver.
+* `api` feature does not accept config.
+
+Config updates will be ignored when:
+
+* The zone is not configured on the receiver endpoint.
+* The zone is authoritative on this instance (this only happens on a master which has `/etc/icinga2/zones.d` populated, and prevents sync loops)
+
+#### config::UpdateObject <a id="technical-concepts-json-rpc-messages-config-updateobject"></a>
+
+> Location: `apilistener-configsync.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | config::UpdateObject
+params    | Dictionary
+
+##### Params
+
+Key                  | Type        | Description
+---------------------|-------------|------------------
+name                 | String      | Object name.
+type                 | String      | Object type name.
+version              | Number      | Object version.
+config               | String      | Config file content for `_api` packages.
+modified\_attributes | Dictionary  | Modified attributes at runtime as key value pairs.
+original\_attributes | Array       | Original attributes as array of keys.
+
+
+##### Functions
+
+**Event Sender:** Either on client connect (full sync), or runtime created/updated object
+
+`ApiListener::SendRuntimeConfigObjects()` gets called when a new endpoint is connected
+and runtime created config objects need to be synced. This invokes a call to `UpdateConfigObject()`
+to only sync this JsonRpcConnection client.
+
+`ConfigObject::OnActiveChanged` (created or deleted) or `ConfigObject::OnVersionChanged` (updated)
+also call `UpdateConfigObject()`.
+
+**Event Receiver:** `ConfigUpdateObjectAPIHandler` calls `ConfigObjectUtility::CreateObject()` in order
+to create the object if it is not already existing. Afterwards, all modified attributes are applied
+and in case, original attributes are restored. The object version is set as well, keeping it in sync
+with the sender.
+
+##### Permissions
+
+###### Sender
+
+Client receiver connects:
+
+The sender only syncs config object updates to a client which can access
+the config object, in `ApiListener::SendRuntimeConfigObjects()`.
+
+In addition to that, the client endpoint's zone is checked whether this zone may access
+the config object.
+
+Runtime updated object:
+
+Only if the config object belongs to the `_api` package.
+
+
+###### Receiver
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Origin sender endpoint's zone is in a child zone.
+* `api` feature does not accept config
+* The received config object type does not exist (this is to prevent failures with older nodes and new object types).
+
+Error handling:
+
+* Log an error if `CreateObject` fails (only if the object does not already exist)
+* Local object version is newer than the received version, object will not be updated.
+* Compare modified and original attributes and restore any type of change here.
+
+
+#### config::DeleteObject <a id="technical-concepts-json-rpc-messages-config-deleteobject"></a>
+
+> Location: `apilistener-configsync.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | config::DeleteObject
+params    | Dictionary
+
+##### Params
+
+Key                 | Type        | Description
+--------------------|-------------|------------------
+name                | String      | Object name.
+type                | String      | Object type name.
+version             | Number      | Object version.
+
+##### Functions
+
+**Event Sender:**
+
+`ConfigObject::OnActiveChanged` (created or deleted) or `ConfigObject::OnVersionChanged` (updated)
+call `DeleteConfigObject()`.
+
+**Event Receiver:** `ConfigDeleteObjectAPIHandler`
+
+##### Permissions
+
+###### Sender
+
+Runtime deleted object:
+
+Only if the config object belongs to the `_api` package.
+
+###### Receiver
+
+The receiver will not process messages from not configured endpoints.
+
+Message updates will be dropped when:
+
+* Origin sender endpoint's zone is in a child zone.
+* `api` feature does not accept config
+* The received config object type does not exist (this is to prevent failures with older nodes and new object types).
+* The object in question was not created at runtime, it does not belong to the `_api` package.
+
+Error handling:
+
+* Log an error if `DeleteObject` fails (only if the object does not already exist)
+
+#### pki::RequestCertificate <a id="technical-concepts-json-rpc-messages-pki-requestcertificate"></a>
+
+> Location: `jsonrpcconnection-pki.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | pki::RequestCertificate
+params    | Dictionary
+
+##### Params
+
+Key           | Type          | Description
+--------------|---------------|------------------
+ticket        | String        | Own ticket, or as satellite in CA proxy from local store.
+cert\_request | String        | Certificate request content from local store, optional.
+
+##### Functions
+
+Event Sender: `RequestCertificateHandler`
+Event Receiver: `RequestCertificateHandler`
+
+##### Permissions
+
+This is an anonymous request, and the number of anonymous clients can be configured
+in the `api` feature.
+
+Only valid certificate request messages are processed, and valid signed certificates
+won't be signed again.
+
+#### pki::UpdateCertificate <a id="technical-concepts-json-rpc-messages-pki-updatecertificate"></a>
+
+> Location: `jsonrpcconnection-pki.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | pki::UpdateCertificate
+params    | Dictionary
+
+##### Params
+
+Key                  | Type          | Description
+---------------------|---------------|------------------
+status\_code         | Number        | Status code, 0=ok.
+cert                 | String        | Signed certificate content.
+ca                   | String        | Public CA certificate content.
+fingerprint\_request | String        | Certificate fingerprint from the CSR.
+
+
+##### Functions
+
+**Event Sender:**
+
+* When a client requests a certificate in `RequestCertificateHandler` and the satellite
+already has a signed certificate, the `pki::UpdateCertificate` message is constructed and sent back.
+* When the endpoint holding the master's CA private key (and TicketSalt private key) is able to sign
+the request, the `pki::UpdateCertificate` message is constructed and sent back.
+
+**Event Receiver:** `UpdateCertificateHandler`
+
+##### Permissions
+
+Message updates are dropped when
+
+* The origin sender is not in a parent zone of the receiver.
+* The certificate fingerprint is in an invalid format.
+
+#### log::SetLogPosition <a id="technical-concepts-json-rpc-messages-log-setlogposition"></a>
+
+> Location: `apilistener.cpp` and `jsonrpcconnection.cpp`
+
+##### Message Body
+
+Key       | Value
+----------|---------
+jsonrpc   | 2.0
+method    | log::SetLogPosition
+params    | Dictionary
+
+##### Params
+
+Key                 | Type          | Description
+--------------------|---------------|------------------
+log\_position       | Timestamp     | The endpoint's log position as UNIX timestamp.
+
+
+##### Functions
+
+**Event Sender:**
+
+During log replay to a client endpoint in `ApiListener::ReplayLog()`, each processed
+file generates a message which updates the log position timestamp.
+
+`ApiListener::ApiTimerHandler()` invokes a check to keep all connected endpoints and
+their log position in sync during replay log.
+
+**Event Receiver:** `SetLogPositionHandler`
+
+##### Permissions
+
+The receiver will not process messages from not configured endpoints.
diff --git a/doc/20-script-debugger.md b/doc/20-script-debugger.md
index 09a11e95f..733142d21 100644
--- a/doc/20-script-debugger.md
+++ b/doc/20-script-debugger.md
@@ -3,7 +3,9 @@
 You can run the Icinga 2 daemon with the `-X` (`--script-debugger`)
 parameter to enable the script debugger:
 
-    # icinga2 daemon -X
+```
+# icinga2 daemon -X
+```
 
 When an exception occurs or the [debugger](17-language-reference.md#breakpoints)
 keyword is encountered in a user script, Icinga 2 launches a console that
@@ -11,7 +13,9 @@ allows the user to debug the script.
 
 You can also attach the script debugger to the [configuration validation](11-cli-commands.md#config-validation):
 
-    # icinga2 daemon -C -X
+```
+# icinga2 daemon -C -X
+```
 
 Here is a list of common errors which can be diagnosed with the script debugger:
 
@@ -21,51 +25,57 @@ Here is a list of common errors which can be diagnosed with the script debugger:
 ## Debugging Configuration Errors <a id="script-debugger-config-errors"></a>
 
 The following example illustrates the problem of a service [apply rule](03-monitoring-basics.md#using-apply-for)
-which expects a dictionary value for `config`, but the host custom attribute only
+which expects a dictionary value for `config`, but the host custom variable only
 provides a string value:
 
-    object Host "script-debugger-host" {
-      check_command = "icinga"
+```
+object Host "script-debugger-host" {
+  check_command = "icinga"
 
-      vars.http_vhosts["example.org"] = "192.168.1.100" // a string value
-    }
+  vars.http_vhosts["example.org"] = "192.168.1.100" // a string value
+}
 
-    apply Service for (http_vhost => config in host.vars.http_vhosts) {
-      import "generic-service"
+apply Service for (http_vhost => config in host.vars.http_vhosts) {
+  import "generic-service"
 
-      vars += config // expects a dictionary
+  vars += config // expects a dictionary
 
-      check_command = "http"
-    }
+  check_command = "http"
+}
+```
 
 The error message on config validation will warn about the wrong value type,
 but does not provide any context which objects are affected.
 
 Enable the script debugger and run the config validation:
 
-    # icinga2 daemon -C -X
+```
+# icinga2 daemon -C -X
 
-    Breakpoint encountered in /etc/icinga2/conf.d/services.conf: 59:67-65:1
-    Exception: Error: Error while evaluating expression: Cannot convert value of type 'String' to an object.
-    Location:
-    /etc/icinga2/conf.d/services.conf(62):   check_command = "http"
-    /etc/icinga2/conf.d/services.conf(63):
-    /etc/icinga2/conf.d/services.conf(64):   vars += config
-                                             ^^^^^^^^^^^^^^
-    /etc/icinga2/conf.d/services.conf(65): }
-    /etc/icinga2/conf.d/services.conf(66):
-    You can inspect expressions (such as variables) by entering them at the prompt.
-    To leave the debugger and continue the program use "$continue".
-    <1> =>
+Breakpoint encountered in /etc/icinga2/conf.d/services.conf: 59:67-65:1
+Exception: Error: Error while evaluating expression: Cannot convert value of type 'String' to an object.
+Location:
+/etc/icinga2/conf.d/services.conf(62):   check_command = "http"
+/etc/icinga2/conf.d/services.conf(63):
+/etc/icinga2/conf.d/services.conf(64):   vars += config
+                                         ^^^^^^^^^^^^^^
+/etc/icinga2/conf.d/services.conf(65): }
+/etc/icinga2/conf.d/services.conf(66):
+You can inspect expressions (such as variables) by entering them at the prompt.
+To leave the debugger and continue the program use "$continue".
+<1> =>
+```
 
 You can print the variables `vars` and `config` to get an idea about
 their values:
 
-    <1> => vars
-    null
-    <2> => config
-    "192.168.1.100"
-    <3> =>
+```
+<1> => vars
+null
+<2> => config
+"192.168.1.100"
+<3> =>
+```
 
 The `vars` attribute has to be a dictionary. Trying to set this attribute to a string caused
 the error in our configuration example.
@@ -73,10 +83,12 @@ the error in our configuration example.
 In order to determine the name of the host where the value of the `config` variable came from
 you can inspect attributes of the service object:
 
-    <3> => host_name
-    "script-debugger-host-01"
-    <4> => name
-    "http"
+```
+<3> => host_name
+"script-debugger-host-01"
+<4> => name
+"http"
+```
 
 Additionally you can view the service object attributes by printing the value of `this`.
 
@@ -84,28 +96,31 @@ Additionally you can view the service object attributes by printing the value of
 
 In order to halt execution in a script you can use the `debugger` keyword:
 
-    object Host "script-debugger-host-02" {
-      check_command = "dummy"
-      check_interval = 5s
+```
+object Host "script-debugger-host-02" {
+  check_command = "dummy"
+  check_interval = 5s
 
-      vars.dummy_text = {{
-        var text = "Hello from " + macro("$name$")
-        debugger
-        return text
-      }}
-    }
+  vars.dummy_text = {{
+    var text = "Hello from " + macro("$name$")
+    debugger
+    return text
+  }}
+}
+```
 
 Icinga 2 will spawn a debugger console every time the function is executed:
 
-    # icinga2 daemon -X
-    ...
-    Breakpoint encountered in /etc/icinga2/tests/script-debugger.conf: 7:5-7:12
-    You can inspect expressions (such as variables) by entering them at the prompt.
-    To leave the debugger and continue the program use "$continue".
-    <1> => text
-    "Hello from script-debugger-host-02"
-    <2> => $continue
-
+```
+# icinga2 daemon -X
+...
+Breakpoint encountered in /etc/icinga2/tests/script-debugger.conf: 7:5-7:12
+You can inspect expressions (such as variables) by entering them at the prompt.
+To leave the debugger and continue the program use "$continue".
+<1> => text
+"Hello from script-debugger-host-02"
+<2> => $continue
+```
 
 ## Debugging API Filters <a id="script-debugger-api-filters"></a>
 
@@ -115,7 +130,7 @@ an internal error, they return an empty result to the caller.
 
 In order to analyse these server-side errors, you can use the script debugger.
 
-The following example tries filter for all host objects where the custom attribute
+The following example tries filter for all host objects where the custom variable
 `os` is set. There are various possibilities to check that, one of them would be
 `host.vars.os != ""`. Another idea is to use the [contains](18-library-reference.md#dictionary-contains) method on the custom
 attribute dictionary like this: `host.vars.contains("os")`.
@@ -126,7 +141,7 @@ $ curl -k -s -u root:icinga -H 'Accept: application/json' -H 'X-HTTP-Method-Over
  -d '{ "filter": "host.vars.contains(\"os\")", "attrs": [ "__name" ], "joins": [ "host.name", "host.vars" ], "pretty": true }'
 ```
 
-This will fail on all hosts which don't have any custom attribute specified.
+This will fail on all hosts which don't have any custom variable specified.
 
 ```
 # icinga2 daemon -X
diff --git a/doc/21-development.md b/doc/21-development.md
index cc591e506..ff24971a3 100644
--- a/doc/21-development.md
+++ b/doc/21-development.md
@@ -1,196 +1,193 @@
-# Develop Icinga 2 <a id="development"></a>
+# Development <a id="development"></a>
 
-This chapter provides hints on Icinga 2 development
-especially for debugging purposes.
+This chapter provides hints on Icinga 2 debugging,
+development, package builds and tests.
 
-> **Note**
+* [Debug Icinga 2](21-development.md#development-debug)
+    * [GDB Backtrace](21-development.md#development-debug-gdb-backtrace)
+    * [Core Dump](21-development.md#development-debug-core-dump)
+* [Test Icinga 2](21-development.md#development-tests)
+    * [Snapshot Packages (Nightly Builds)](21-development.md#development-tests-snapshot-packages)
+* [Develop Icinga 2](21-development.md#development-develop)
+    * [Preparations](21-development.md#development-develop-prepare)
+    * [Design Patterns](21-development.md#development-develop-design-patterns)
+    * [Build Tools](21-development.md#development-develop-builds-tools)
+    * [Unit Tests](21-development.md#development-develop-tests)
+    * [Style Guide](21-development.md#development-develop-styleguide)
+* [Development Environment](21-development.md#development-environment)
+    * [Linux Dev Environment](21-development.md#development-linux-dev-env)
+    * [macOS Dev Environment](21-development.md#development-macos-dev-env)
+    * [Windows Dev Environment](21-development.md#development-windows-dev-env)
+* [Package Builds](21-development.md#development-package-builds)
+    * [RPM](21-development.md#development-package-builds-rpms)
+    * [DEB](21-development.md#development-package-builds-deb)
+    * [Windows](21-development.md#development-package-builds-windows)
+* [Continuous Integration](21-development.md#development-ci)
+* [Advanced Tips](21-development.md#development-advanced)
+
+<!-- mkdocs requires 4 spaces indent for nested lists: https://github.com/Python-Markdown/markdown/issues/3 -->
+
+## Debug Icinga 2 <a id="development-debug"></a>
+
+This chapter targets all users who have been asked by developers to provide
+a stack trace or coredump if the application crashed. It is also useful
+for developers working with different debuggers.
+
+> **Note:**
 >
-> If you are planning to build your own development environment,
-> please consult the `INSTALL.md` file from the source tree.
+> This is intentionally mentioned before any development insights
+> as debugging is a more frequent and commonly asked question.
 
-## Debug Requirements <a id="debug-requirements"></a>
+### Debug Requirements <a id="debug-requirements"></a>
 
 Make sure that the debug symbols are available for Icinga 2.
 The Icinga 2 packages provide a debug package which must be
 installed separately for all involved binaries, like `icinga2-bin`
 or `icinga2-ido-mysql`.
 
-Debian/Ubuntu:
+Distribution       | Command
+-------------------|------------------------------------------
+Debian/Ubuntu      | `apt-get install icinga2-dbg`
+RHEL/CentOS        | `yum install icinga2-debuginfo`
+Fedora             | `dnf install icinga2-debuginfo icinga2-bin-debuginfo icinga2-ido-mysql-debuginfo`
+SLES/openSUSE      | `zypper install icinga2-bin-debuginfo icinga2-ido-mysql-debuginfo`
 
-    # apt-get install icinga2-dbg
-
-RHEL/CentOS:
-
-    # yum install icinga2-debuginfo
-
-SLES/openSUSE:
-
-    # zypper install icinga2-bin-debuginfo icinga2-ido-mysql-debuginfo
-
-
-Furthermore, you may also have to install debug symbols for Boost and your C library.
+Furthermore, you may also have to install debug symbols for Boost and your C++ library.
 
 If you're building your own binaries, you should use the `-DCMAKE_BUILD_TYPE=Debug` cmake
 build flag for debug builds.
 
 
-## GDB <a id="development-debug-gdb"></a>
+### GDB as Debugger <a id="development-debug-gdb"></a>
 
-Install gdb:
+Install GDB in your development environment.
 
-Debian/Ubuntu:
+Distribution       | Command
+-------------------|------------------------------------------
+Debian/Ubuntu      | `apt-get install gdb`
+RHEL/CentOS        | `yum install gdb`
+Fedora             | `dnf install gdb`
+SLES/openSUSE      | `zypper install gdb`
 
-    # apt-get install gdb
+#### GDB Run <a id="development-debug-gdb-run"></a>
 
-RHEL/CentOS/Fedora:
+Since v2.11 we would attach to the umbrella process spawned with `/usr/lib/icinga2/sbin/icinga2`,
+therefore rather attach to a running process.
 
-    # yum install gdb
+```
+# Typically the order of PIDs is: 1) umbrella 2) spawn helper 3) main process
+pidof icinga2
 
-SLES/openSUSE:
-
-    # zypper install gdb
-
-
-Install the `boost`, `python` and `icinga2` pretty printers. Absolute paths are required,
-so please make sure to update the installation paths accordingly (`pwd`).
-
-    $ mkdir -p ~/.gdb_printers && cd ~/.gdb_printers
-
-Boost Pretty Printers compatible with Python 3:
-
-    $ git clone https://github.com/mateidavid/Boost-Pretty-Printer.git && cd Boost-Pretty-Printer
-    $ git checkout python-3
-    $ pwd
-    /home/michi/.gdb_printers/Boost-Pretty-Printer
-
-Python Pretty Printers:
-
-    $ cd ~/.gdb_printers
-    $ svn co svn://gcc.gnu.org/svn/gcc/trunk/libstdc++-v3/python
-
-Icinga 2 Pretty Printers:
-
-    $ mkdir -p ~/.gdb_printers/icinga2 && cd ~/.gdb_printers/icinga2
-    $ wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/debug/gdb/icingadbg.py
-
-Now you'll need to modify/setup your `~/.gdbinit` configuration file.
-You can download the one from Icinga 2 and modify all paths.
-
-Example on Fedora 22:
-
-    $ wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/debug/gdb/gdbinit -O ~/.gdbinit
-    $ vim ~/.gdbinit
-
-    set print pretty on
-    
-    python
-    import sys
-    sys.path.insert(0, '/home/michi/.gdb_printers/icinga2')
-    from icingadbg import register_icinga_printers
-    register_icinga_printers()
-    end
-    
-    python
-    import sys
-    sys.path.insert(0, '/home/michi/.gdb_printers/python')
-    from libstdcxx.v6.printers import register_libstdcxx_printers
-    try:
-        register_libstdcxx_printers(None)
-    except:
-        pass
-    end
-    
-    python
-    import sys
-    sys.path.insert(0, '/home/michi/.gdb_printers/Boost-Pretty-Printer')
-    import boost_print
-    boost_print.register_printers()
-    end
-
-
-If you are getting the following error when running gdb, the `libstdcxx`
-printers are already preloaded in your environment and you can remove
-the duplicate import in your `~/.gdbinit` file.
-
-    RuntimeError: pretty-printer already registered: libstdc++-v6
-
-### GDB Run <a id="development-debug-gdb-run"></a>
-
-Call GDB with the binary (`/usr/sbin/icinga2` is a wrapper script calling
-`/usr/lib64/icinga2/sbin/icinga2` since 2.4) and all arguments and run it in foreground.
-
-    # gdb --args /usr/lib64/icinga2/sbin/icinga2 daemon -x debug --no-stack-rlimit
-
-The exact path to the Icinga 2 binary differs on each distribution. On Ubuntu
-it is installed into `/usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2` on 64-bit systems
-for example.
+gdb -p $(pidof icinga2 | cut -d ' ' -f3)
+```
 
 > **Note**
 >
 > If gdb tells you it's missing debug symbols, quit gdb and install
 > them: `Missing separate debuginfos, use: debuginfo-install ...`
 
-Run the application.
+Run/restart the application.
 
-    (gdb) r
+```
+(gdb) r
+```
 
 Kill the running application.
 
-    (gdb) k
+```
+(gdb) k
+```
 
 Continue after breakpoint.
 
-    (gdb) c
+```
+(gdb) c
+```
 
-### GDB Core Dump <a id="development-debug-gdb-coredump"></a>
+#### GDB Core Dump <a id="development-debug-gdb-coredump"></a>
 
 Either attach to the running process using `gdb -p PID` or start
 a new gdb run.
 
-    (gdb) r
-    (gdb) generate-core-file
+```
+(gdb) r
+(gdb) generate-core-file
+```
 
-### GDB Backtrace <a id="development-debug-gdb-backtrace"></a>
+#### GDB Backtrace <a id="development-debug-gdb-backtrace"></a>
 
 If Icinga 2 aborted its operation abnormally, generate a backtrace.
 
-    (gdb) bt
-    (gdb) thread apply all bt full
+> **Note**
+>
+> Please install the [required debug symbols](21-development.md#debug-requirements)
+> prior to generating a backtrace.
+
+`thread apply all` is important here since this includes all running threads.
+We need this information when e.g. debugging dead locks and hanging features.
+
+```
+(gdb) bt
+(gdb) thread apply all bt full
+```
 
 If gdb stops at a SIGPIPE signal please disable the signal before
-running Icinga 2.
+running Icinga 2. This isn't an error, but we need to workaround it.
 
-    (gdb) handle SIGPIPE nostop noprint pass
-    (gdb) r
+```
+(gdb) handle SIGPIPE nostop noprint pass
+(gdb) r
+```
 
-If you create a [bug report](https://www.icinga.com/community/get-involved/),
+If you create a [new issue](https://github.com/Icinga/icinga2/issues),
 make sure to attach as much detail as possible.
 
-### GDB Backtrace from Running Process <a id="development-debug-gdb-backtrace-running"></a>
+#### GDB Backtrace from Running Process <a id="development-debug-gdb-backtrace-running"></a>
 
 If Icinga 2 is still running, generate a full backtrace from the running
-process and store it into a new file (e.g. for debugging dead locks):
+process and store it into a new file (e.g. for debugging dead locks).
 
-    # gdb -p $(pidof icinga2) -batch -ex "thread apply all bt full" -ex "detach" -ex "q" > gdb_bt.log
+> **Note**
+>
+> Please install the [required debug symbols](21-development.md#debug-requirements)
+> prior to generating a backtrace.
 
-### GDB Backtrace Stepping <a id="development-debug-gdb-backtrace-stepping"></a>
+Icinga 2 runs with 2 processes: main and command executor, therefore generate two backtrace logs
+and add them to the GitHub issue.
+
+```
+for pid in $(pidof icinga2); do gdb -p $pid -batch -ex "thread apply all bt full" -ex "detach" -ex "q" > gdb_bt_${pid}_`date +%s`.log; done
+```
+
+#### GDB Thread List from Running Process <a id="development-debug-gdb-thread-list-running"></a>
+
+Instead of a full backtrace, you sometimes just need a list of running threads.
+
+```
+for pid in $(pidof icinga2); do gdb -p $pid -batch -ex "info threads" -ex "detach" -ex "q" > gdb_threads_${pid}_`date +%s`.log; done
+```
+
+#### GDB Backtrace Stepping <a id="development-debug-gdb-backtrace-stepping"></a>
 
 Identifying the problem may require stepping into the backtrace, analysing
 the current scope, attributes, and possible unmet requirements. `p` prints
 the value of the selected variable or function call result.
 
-    (gdb) up
-    (gdb) down
-    (gdb) p checkable
-    (gdb) p checkable.px->m_Name
+```
+(gdb) up
+(gdb) down
+(gdb) p checkable
+(gdb) p checkable.px->m_Name
+```
 
-
-### GDB Breakpoints <a id="development-debug-gdb-breakpoint"></a>
+#### GDB Breakpoints <a id="development-debug-gdb-breakpoint"></a>
 
 To set a breakpoint to a specific function call, or file specific line.
 
-    (gdb) b checkable.cpp:125
-    (gdb) b icinga::Checkable::SetEnablePerfdata
+```
+(gdb) b checkable.cpp:125
+(gdb) b icinga::Checkable::SetEnablePerfdata
+```
 
 GDB will ask about loading the required symbols later, select `yes` instead
 of `no`.
@@ -198,12 +195,25 @@ of `no`.
 Then run Icinga 2 until it reaches the first breakpoint. Continue with `c`
 afterwards.
 
-    (gdb) run
-    (gdb) c
+```
+(gdb) run
+(gdb) c
+```
+
+In case you want to step into the next line of code, use `n`. If there is a
+function call where you want to step into, use `s`.
+
+```
+(gdb) n
+
+(gdb) s
+```
 
 If you want to delete all breakpoints, use `d` and select `yes`.
 
-    (gdb) d
+```
+(gdb) d
+```
 
 > **Tip**
 >
@@ -211,107 +221,2405 @@ If you want to delete all breakpoints, use `d` and select `yes`.
 
 Breakpoint Example:
 
-    (gdb) b __cxa_throw
-    (gdb) r
-    (gdb) up
-    ....
-    (gdb) up
-    #11 0x00007ffff7cbf9ff in icinga::Utility::GlobRecursive(icinga::String const&, icinga::String const&, boost::function<void (icinga::String const&)> const&, int) (path=..., pattern=..., callback=..., type=1)
-        at /home/michi/coding/icinga/icinga2/lib/base/utility.cpp:609
-    609			callback(cpath);
-    (gdb) l
-    604
-    605	#endif /* _WIN32 */
-    606
-    607		std::sort(files.begin(), files.end());
-    608		BOOST_FOREACH(const String& cpath, files) {
-    609			callback(cpath);
-    610		}
-    611
-    612		std::sort(dirs.begin(), dirs.end());
-    613		BOOST_FOREACH(const String& cpath, dirs) {
-    (gdb) p files
-    $3 = std::vector of length 11, capacity 16 = {{static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/agent.conf"}, {static NPos = 18446744073709551615,
-        m_Data = "/etc/icinga2/conf.d/commands.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/downtimes.conf"}, {static NPos = 18446744073709551615,
-        m_Data = "/etc/icinga2/conf.d/groups.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/notifications.conf"}, {static NPos = 18446744073709551615,
-        m_Data = "/etc/icinga2/conf.d/satellite.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/services.conf"}, {static NPos = 18446744073709551615,
-        m_Data = "/etc/icinga2/conf.d/templates.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/test.conf"}, {static NPos = 18446744073709551615,
-        m_Data = "/etc/icinga2/conf.d/timeperiods.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/users.conf"}}
+```
+(gdb) b __cxa_throw
+(gdb) r
+(gdb) up
+....
+(gdb) up
+#11 0x00007ffff7cbf9ff in icinga::Utility::GlobRecursive(icinga::String const&, icinga::String const&, boost::function<void (icinga::String const&)> const&, int) (path=..., pattern=..., callback=..., type=1)
+    at /home/michi/coding/icinga/icinga2/lib/base/utility.cpp:609
+609			callback(cpath);
+(gdb) l
+604
+605	#endif /* _WIN32 */
+606
+607		std::sort(files.begin(), files.end());
+608		BOOST_FOREACH(const String& cpath, files) {
+609			callback(cpath);
+610		}
+611
+612		std::sort(dirs.begin(), dirs.end());
+613		BOOST_FOREACH(const String& cpath, dirs) {
+(gdb) p files
+$3 = std::vector of length 11, capacity 16 = {{static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/agent.conf"}, {static NPos = 18446744073709551615,
+    m_Data = "/etc/icinga2/conf.d/commands.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/downtimes.conf"}, {static NPos = 18446744073709551615,
+    m_Data = "/etc/icinga2/conf.d/groups.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/notifications.conf"}, {static NPos = 18446744073709551615,
+    m_Data = "/etc/icinga2/conf.d/satellite.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/services.conf"}, {static NPos = 18446744073709551615,
+    m_Data = "/etc/icinga2/conf.d/templates.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/test.conf"}, {static NPos = 18446744073709551615,
+    m_Data = "/etc/icinga2/conf.d/timeperiods.conf"}, {static NPos = 18446744073709551615, m_Data = "/etc/icinga2/conf.d/users.conf"}}
+```
 
 
-## Core Dump <a id="development-debug-core-dump"></a>
+### Core Dump <a id="development-debug-core-dump"></a>
 
 When the Icinga 2 daemon crashes with a `SIGSEGV` signal
 a core dump file should be written. This will help
 developers to analyze and fix the problem.
 
-### Core Dump File Size Limit <a id="development-debug-core-dump-limit"></a>
+#### Core Dump File Size Limit <a id="development-debug-core-dump-limit"></a>
 
 This requires setting the core dump file size to `unlimited`.
 
-Example for Systemd:
 
-    vim /usr/lib/systemd/system/icinga2.service
+##### Systemd
 
-    [Service]
-    ...
-    LimitCORE=infinity
+```
+systemctl edit icinga2.service
 
-    systemctl daemon-reload
+[Service]
+...
+LimitCORE=infinity
 
-    systemctl restart icinga2
+systemctl daemon-reload
 
-Example for init script:
+systemctl restart icinga2
+```
 
-    vim /etc/init.d/icinga2
-    ...
-    ulimit -c unlimited
+##### Init Script
 
-    service icinga2 restart
+```
+vim /etc/init.d/icinga2
+...
+ulimit -c unlimited
+
+service icinga2 restart
+```
+
+##### Verify
 
 Verify that the Icinga 2 process core file size limit is set to `unlimited`.
 
-    cat /proc/`pidof icinga2`/limits
-    ...
-    Max core file size        unlimited            unlimited            bytes
+```
+for pid in $(pidof icinga2); do cat /proc/$pid/limits; done
+
+...
+Max core file size        unlimited            unlimited            bytes
+```
 
 
-### Core Dump Kernel Format <a id="development-debug-core-dump-format"></a>
+#### Core Dump Kernel Format <a id="development-debug-core-dump-format"></a>
 
 The Icinga 2 daemon runs with the SUID bit set. Therefore you need
 to explicitly enable core dumps for SUID on Linux.
 
-    sysctl -w fs.suid_dumpable=1
+```
+sysctl -w fs.suid_dumpable=2
+```
 
 Adjust the coredump kernel format and file location on Linux:
 
-    sysctl -w kernel.core_pattern=/var/lib/cores/core.%e.%p
+```
+sysctl -w kernel.core_pattern=/var/lib/cores/core.%e.%p
 
-    install -m 1777 -d /var/lib/cores
+install -m 1777 -d /var/lib/cores
+```
 
 MacOS:
 
-    sysctl -w kern.corefile=/cores/core.%P
+```
+sysctl -w kern.corefile=/cores/core.%P
 
-    chmod 777 /cores
+chmod 777 /cores
+```
 
-### Core Dump Analysis <a id="development-debug-core-dump-analysis"></a>
+#### Core Dump Analysis <a id="development-debug-core-dump-analysis"></a>
 
 Once Icinga 2 crashes again a new coredump file will be written. Please
 attach this file to your bug report in addition to the general details.
 
 Simple test case for a `SIGSEGV` simulation with `sleep`:
 
-    ulimit -c unlimited
-    sleep 1800&
-    [1] <PID>
-    kill -SEGV <PID>
-    gdb `which sleep` /var/lib/cores/core.sleep.<PID>
-    (gdb) bt
-    rm /var/lib/cores/core.sleep.*
+```
+ulimit -c unlimited
+sleep 1800&
+[1] <PID>
+kill -SEGV <PID>
+gdb `which sleep` /var/lib/cores/core.sleep.<PID>
+(gdb) bt
+rm /var/lib/cores/core.sleep.*
+```
 
 Analyzing Icinga 2:
 
-    gdb /usr/lib64/icinga2/sbin/icinga2 core.icinga2.<PID>
-    (gdb) bt
+```
+gdb /usr/lib64/icinga2/sbin/icinga2 core.icinga2.<PID>
+(gdb) bt
+```
+
+### LLDB as Debugger <a id="development-debug-lldb"></a>
+
+LLDB is available on macOS with the Xcode command line tools.
+
+```
+$ xcode-select --install
+```
+
+In order to run Icinga 2 with LLDB you need to pass the binary as argument.
+Since v2.11 we would attach to the umbrella process, therefore rather
+attach to a running process.
+
+```
+# Typically the order of PIDs is: 1) umbrella 2) spawn helper 3) main process
+pidof icinga2
+
+lldb -p $(pidof icinga2 | cut -d ' ' -f3)
+```
+
+Breakpoint:
+
+```
+> b checkable.cpp:57
+> b icinga::Checkable::ProcessCheckResult
+```
+
+Full backtrace:
+
+```
+> bt all
+```
+
+Select thread:
+
+```
+> thr sel 5
+```
+
+Step into:
+
+```
+> s
+```
+
+Next step:
+
+```
+> n
+```
+
+Continue:
+
+```
+> c
+```
+
+Up/down in stacktrace:
+
+```
+> up
+> down
+```
+
+
+### Debug on Windows <a id="development-debug-windows"></a>
+
+
+Whenever the application crashes, the Windows error reporting (WER) can be [configured](https://docs.microsoft.com/en-gb/windows/win32/wer/collecting-user-mode-dumps)
+to create user-mode dumps.
+
+
+Tail the log file with Powershell:
+
+```
+Get-Content .\icinga2.log -tail 10 -wait
+```
+
+
+#### Debug on Windows: Dependencies <a id="development-debug-windows-dependencies"></a>
+
+Similar to `ldd` or `nm` on Linux/Unix.
+
+Extract the dependent DLLs from a binary with Visual Studio's `dumpbin` tool
+in Powershell:
+
+```
+C:> &'C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.22.27905\bin\Hostx64\x64\dumpbin.exe' /dependents .\debug\Bin\Debug\Debug\boosttest-test-base.exe
+DEBUG:    1+  >>>> &'C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.22.27905\bin\Hostx64\x64\dumpbin.exe' /dependents .\debug\Bin\Debug\Debug\boosttest-test-base.exe
+Microsoft (R) COFF/PE Dumper Version 14.22.27905.0
+Copyright (C) Microsoft Corporation.  All rights reserved.
+
+
+Dump of file .\debug\Bin\Debug\Debug\boosttest-test-base.exe
+
+File Type: EXECUTABLE IMAGE
+
+  Image has the following dependencies:
+
+    boost_coroutine-vc142-mt-gd-x64-1_71.dll
+    boost_date_time-vc142-mt-gd-x64-1_71.dll
+    boost_filesystem-vc142-mt-gd-x64-1_71.dll
+    boost_thread-vc142-mt-gd-x64-1_71.dll
+    boost_regex-vc142-mt-gd-x64-1_71.dll
+    libssl-1_1-x64.dll
+    libcrypto-1_1-x64.dll
+    WS2_32.dll
+    dbghelp.dll
+    SHLWAPI.dll
+    msi.dll
+    boost_unit_test_framework-vc142-mt-gd-x64-1_71.dll
+    KERNEL32.dll
+    SHELL32.dll
+    ADVAPI32.dll
+    MSVCP140D.dll
+    MSWSOCK.dll
+    bcrypt.dll
+    VCRUNTIME140D.dll
+    ucrtbased.dll
+
+  Summary
+
+        1000 .00cfg
+       68000 .data
+        B000 .idata
+      148000 .pdata
+      69C000 .rdata
+       25000 .reloc
+        1000 .rsrc
+      E7A000 .text
+        1000 .tls
+```
+
+
+## Test Icinga 2 <a id="development-tests"></a>
+
+### Snapshot Packages (Nightly Builds) <a id="development-tests-snapshot-packages"></a>
+
+Icinga provides snapshot packages as nightly builds from [Git master](https://github.com/icinga/icinga2).
+
+These packages contain development code which should be considered "work in progress".
+While developers ensure that tests are running fine with CI actions on PRs,
+things might break, or changes are not yet documented in the changelog.
+
+You can help the developers and test the snapshot packages, e.g. when larger
+changes or rewrites are taking place for a new major version. Your feedback
+is very much appreciated.
+
+Snapshot packages are available for all supported platforms including
+Linux and Windows and can be obtained from [https://packages.icinga.com](https://packages.icinga.com).
+
+The [Vagrant boxes](https://github.com/Icinga/icinga-vagrant) also use
+the Icinga snapshot packages to allow easier integration tests. It is also
+possible to use Docker with base OS images and installing the snapshot
+packages.
+
+If you encounter a problem, please [open a new issue](https://github.com/Icinga/icinga2/issues/new/choose)
+on GitHub and mention that you're testing the snapshot packages.
+
+#### RHEL/CentOS <a id="development-tests-snapshot-packages-rhel"></a>
+
+2.11+ requires the [EPEL repository](02-installation.md#package-repositories-rhel-epel) for Boost 1.66+.
+
+In addition to that, the `icinga-rpm-release` package already provides the `icinga-snapshot-builds`
+repository but it is disabled by default.
+
+```
+yum -y install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
+yum -y install epel-release
+yum makecache
+
+yum install --enablerepo=icinga-snapshot-builds icinga2
+```
+
+#### Debian <a id="development-tests-snapshot-packages-debian"></a>
+
+2.11+ requires Boost 1.66+ which either is provided by the OS, backports or Icinga stable repositories.
+It is advised to configure both Icinga repositories, stable and snapshot and selectively
+choose the repository with the `-t` flag on `apt-get install`.
+
+```
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
+
+wget -O - https://packages.icinga.com/icinga.key | apt-key add -
+
+DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
+ echo "deb https://packages.icinga.com/debian icinga-${DIST} main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+ echo "deb-src https://packages.icinga.com/debian icinga-${DIST} main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+
+DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
+ echo "deb http://packages.icinga.com/debian icinga-${DIST}-snapshots main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list
+ echo "deb-src http://packages.icinga.com/debian icinga-${DIST}-snapshots main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list
+
+apt-get update
+```
+
+On Debian Stretch, you'll also need to add Debian Backports.
+
+```
+DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
+ echo "deb https://deb.debian.org/debian ${DIST}-backports main" > \
+ /etc/apt/sources.list.d/${DIST}-backports.list
+
+apt-get update
+```
+
+Then install the snapshot packages.
+
+```
+DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
+apt-get install -t icinga-${DIST}-snapshots icinga2
+```
+
+#### Ubuntu <a id="development-tests-snapshot-packages-ubuntu"></a>
+
+```
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
+
+wget -O - https://packages.icinga.com/icinga.key | apt-key add -
+
+. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
+ echo "deb https://packages.icinga.com/ubuntu icinga-${DIST} main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+ echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST} main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+
+. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
+ echo "deb https://packages.icinga.com/ubuntu icinga-${DIST}-snapshots main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list
+ echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST}-snapshots main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list
+
+apt-get update
+```
+
+Then install the snapshot packages.
+
+```
+. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
+apt-get install -t icinga-${DIST}-snapshots icinga2
+```
+
+#### SLES <a id="development-tests-snapshot-packages-sles"></a>
+
+The required Boost packages are provided with the stable release repository.
+
+```
+rpm --import https://packages.icinga.com/icinga.key
+
+zypper ar https://packages.icinga.com/SUSE/ICINGA-release.repo
+zypper ref
+
+zypper ar https://packages.icinga.com/SUSE/ICINGA-snapshot.repo
+zypper ref
+```
+
+Selectively install the snapshot packages using the `-r` parameter.
+
+```
+zypper in -r icinga-snapshot-builds icinga2
+```
+
+
+### Unit Tests <a id="development-tests-unit"></a>
+
+Build the binaries and run the tests.
+
+
+```
+make -j4 -C debug
+make test -C debug
+```
+
+Run a specific boost test:
+
+```
+debug/Bin/Debug/boosttest-test-base --run_test=remote_url
+```
+
+
+
+## Develop Icinga 2 <a id="development-develop"></a>
+
+Icinga 2 can be built on many platforms such as Linux, Unix and Windows.
+There are limitations in terms of support, e.g. Windows is only supported for agents,
+not a full-featured master or satellite.
+
+Before you start with actual development, there is a couple of pre-requisites.
+
+### Preparations <a id="development-develop-prepare"></a>
+
+#### Choose your Editor <a id="development-develop-choose-editor"></a>
+
+Icinga 2 can be developed with your favorite editor. Icinga developers prefer
+these tools:
+
+- vim
+- CLion (macOS, Linux)
+- MS Visual Studio (Windows)
+- Atom
+
+Editors differ on the functionality. The more helpers you get for C++ development,
+the faster your development workflow will be.
+
+#### Get to know the architecture <a id="development-develop-get-to-know-the-architecture"></a>
+
+Icinga 2 can run standalone or in distributed environments. It contains a whole lot
+more than a simple check execution engine.
+
+Read more about it in the [Technical Concepts](19-technical-concepts.md#technical-concepts) chapter.
+
+#### Get to know the code <a id="development-develop-get-to-know-the-code"></a>
+
+First off, you really need to know C++ and portions of C++11 and the boost libraries.
+Best is to start with a book or online tutorial to get into the basics.
+Icinga developers gained their knowledge through studies, training and self-teaching
+code by trying it out and asking senior developers for guidance.
+
+Here's a few books we can recommend:
+
+* [Accelerated C++: Practical Programming by Example](https://www.amazon.com/Accelerated-C-Practical-Programming-Example/dp/020170353X) (Andrew Koenig, Barbara E. Moo)
+* [Effective C++](https://www.amazon.com/Effective-Specific-Improve-Programs-Designs/dp/0321334876) (Scott Meyers)
+* [Boost C++ Application Development Cookbook - Second Edition: Recipes to simplify your application development](https://www.amazon.com/dp/1787282244/ref=cm_sw_em_r_mt_dp_U_dN1OCbERS00EQ) (Antony Polukhin)
+* [Der C++ Programmierer](https://www.amazon.de/Programmierer-lernen-Professionell-anwenden-L%C3%B6sungen/dp/3446416447), German (Ulrich Breymann)
+* [C++11 programmieren](https://www.amazon.de/gp/product/3836217325/), German (Torsten T. Will)
+
+In addition, it is a good bet to also know SQL when diving into backend development.
+
+* [SQL Performance Explained](https://www.amazon.de/gp/product/3950307826/) (Markus Winand)
+
+Last but not least, if you are developing on Windows, get to know the internals about services and the Win32 API.
+
+### Design Patterns <a id="development-develop-design-patterns"></a>
+
+Icinga 2 heavily relies on object-oriented programming and encapsulates common
+functionality into classes and objects. It also uses modern programming techniques
+to e.g. work with shared pointer memory management.
+
+Icinga 2 consists of libraries bundled into the main binary. Therefore you'll
+find many code parts in the `lib/` directory wheras the actual application is
+built from `icinga-app/`. Accompanied with Icinga 2, there's the Windows plugins
+which are standalone and compiled from `plugins/`.
+
+Library        | Description
+---------------|------------------------------------
+base           | Objects, values, types, streams, tockets, TLS, utilities, etc.
+config         | Configuration compiler, expressions, etc.
+cli            | CLI (sub) commands and helpers.
+icinga         | Icinga specific objects and event handling.
+remote         | Cluster and HTTP client/server and REST API related code.
+checker        | Checker feature, check scheduler.
+notification   | Notification feature, notification scheduler.
+methods        | Command execution methods, plugins and built-in checks.
+perfdata       | Performance data related, including Graphite, Elastic, etc.
+db\_ido        | IDO database abstraction layer.
+db\_ido\_mysql | IDO database driver for MySQL.
+db\_ido\_pgsql | IDO database driver for PgSQL.
+mysql\_shin    | Library stub for linking against the MySQL client libraries.
+pgsql\_shim    | Library stub for linking against the PgSQL client libraries.
+
+#### Class Compiler <a id="development-develop-design-patterns-class-compiler"></a>
+
+Another thing you will recognize are the `.ti` files which are compiled
+by our own class compiler into actual source code. The meta language allows
+developers to easily add object attributes and specify their behaviour.
+
+Some object attributes need to be stored over restarts in the state file
+and therefore have the `state` attribute set. Others are treated as `config`
+attribute and automatically get configuration validation functions created.
+Hidden or read-only REST API attributes are marked with `no_user_view` and
+`no_user_modify`.
+
+The most beneficial thing are getters and setters being generated. The actual object
+inherits from `ObjectImpl<TYPE>` and therefore gets them "for free".
+
+Example:
+
+```
+vim lib/perfdata/gelfwriter.ti
+
+  [config] enable_tls;
+
+vim lib/perfdata/gelfwriter.cpp
+
+    if (GetEnableTls()) {
+```
+
+The logic is hidden in `tools/mkclass/` in case you want to learn more about it.
+The first steps during CMake & make also tell you about code generation.
+
+### Build Tools <a id="development-develop-builds-tools"></a>
+
+#### CMake <a id="development-develop-builds-cmake"></a>
+
+In its early development stages in 2012, Icinga 2 was built with autoconf/automake
+and separate Windows project files. We've found this very fragile, and have changed
+this into CMake as our build tool.
+
+The most common benefits:
+
+* Everything is described in CMakeLists.txt in each directory
+* CMake only needs to know that a sub directory needs to be included.
+* The global CMakeLists.txt acts as main entry point for requirement checks and library/header includes.
+* Separate binary build directories, the actual source tree stays clean.
+* CMake automatically generates a Visual Studio project file `icinga2.sln` on Windows.
+
+#### Unity Builds <a id="development-develop-builds-unity-builds"></a>
+
+Another thing you should be aware of: Unity builds on and off.
+
+Typically, we already use caching mechanisms to reduce recompile time with ccache.
+For release builds, there's always a new build needed as the difference is huge compared
+to a previous (major) release.
+
+Therefore we've invented the Unity builds, which basically concatenates all source files
+into one big library source code file. The compiler then doesn't need to load the many small
+files but compiles and links this huge one.
+
+Unity builds require more memory which is why you should disable them for development
+builds in small sized VMs (Linux, Windows) and also Docker containers.
+
+There's a couple of header files which are included everywhere. If you touch/edit them,
+the cache is invalidated and you need to recompile a lot more files then. `base/utility.hpp`
+and `remote/zone.hpp` are good candidates for this.
+
+### Unit Tests <a id="development-develop-tests"></a>
+
+New functions and classes must implement new unit tests. Whenever
+you decide to add new functions, ensure that you don't need a complex
+mock or runtime attributes in order to test them. Better isolate
+code into function interfaces which can be invoked in the Boost tests
+framework.
+
+Look into the existing tests in the [test/](https://github.com/Icinga/icinga2/tree/master/test) directory
+and adopt new test cases.
+
+Specific tests require special time windows, they are only
+enabled in debug builds for developers. This is the case e.g.
+for testing the flapping algorithm with expected state change
+detection at a specific point from now.
+
+
+### Style Guide <a id="development-develop-styleguide"></a>
+
+Overview of project files:
+
+File Type      | File Name/Extension | Description
+---------------|---------------------|-----------------------------
+Header         | .hpp                | Classes, enums, typedefs inside the icinga Namespace.
+Source         | .cpp                | Method implementation for class functions, static/global variables.
+CMake          | CMakeLists.txt      | Build configuration, source and header file references.
+CMake Source   | .cmake              | Source/Header files generated from CMake placeholders.
+ITL/conf.d     | .conf               | Template library and example files as configuration
+Class Compiler | .ti                 | Object classes in our own language, generates source code as `<filename>-ti.{c,h}pp`.
+Lexer/Parser   | .ll, .yy            | Flex/Bison code generated into source code from CMake builds.
+Docs           | .md                 | Markdown docs and READMEs.
+
+Anything else are additional tools and scripts for developers and build systems.
+
+All files must include the copyright header. We don't use the
+current year as this implies yearly updates we don't want.
+
+Depending on the file type, this must be a comment.
+
+```
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
+```
+
+#### Code Formatting <a id="development-develop-code-formatting"></a>
+
+**Tabs instead of spaces.** Inside Visual Studio, choose to keep tabs instead of
+spaces. Tabs should use 4 spaces indent by default, depending on your likings.
+
+We follow the clang format, with some exceptions.
+
+- Curly braces for functions and classes always start at a new line.
+
+```
+String ConfigObjectUtility::EscapeName(const String& name)
+{
+//...
+}
+
+String ConfigObjectUtility::CreateObjectConfig(const Type::Ptr& type, const String& fullName,
+	bool ignoreOnError, const Array::Ptr& templates, const Dictionary::Ptr& attrs)
+{
+//...
+}
+```
+
+- Too long lines break at a parameter, the new line needs a tab indent.
+
+```
+	static String CreateObjectConfig(const Type::Ptr& type, const String& fullName,
+		bool ignoreOnError, const Array::Ptr& templates, const Dictionary::Ptr& attrs);
+```
+
+- Conditions require curly braces if it is not a single if with just one line.
+
+
+```
+	if (s == "OK") {
+		//...
+	} else {
+		//...
+	}
+
+	if (!n)
+		return;
+```
+
+- There's a space between `if` and the opening brace `(`. Also after the closing brace `)` and opening curly brace `{`.
+- Negation with `!` doesn't need an extra space.
+- Else branches always start in the same line after the closing curly brace.
+
+
+#### Code Comments <a id="development-develop-code-comments"></a>
+
+Add comments wherever you think that another developer will have a hard
+time to understand the complex algorithm. Or you might have forgotten
+it in a year and struggle again. Also use comments to highlight specific
+stages in a function. Generally speaking, make things easier for the
+team and external contributors.
+
+Comments can also be used to mark additional references and TODOs.
+If there is a specific GitHub issue or discussion going on,
+use that information as a summary and link over to it on purpose.
+
+- Single line comments may use `//` or `/* ... */`
+- Multi line comments must use this format:
+
+```
+/* Ensure to check for XY
+ * This relies on the fact that ABC has been set before.
+ */
+```
+
+#### Function Docs <a id="development-develop-function-docs"></a>
+
+Function header documentation must be added. The current code basis
+needs rework, future functions must provide this.
+
+Editors like CLion or Visual Studio allow you to type `/**` followed
+by Enter and generate the skeleton from the implemented function.
+
+Add a short summary in the first line about the function's purpose.
+Edit the param section with short description on their intention.
+The `return` value should describe the value type and additional details.
+
+Example:
+
+```
+/**
+ * Reads a message from the connected peer.
+ *
+ * @param stream ASIO TLS Stream
+ * @param yc Yield Context for ASIO
+ * @param maxMessageLength maximum size of bytes read.
+ *
+ * @return A JSON string
+ */
+String JsonRpc::ReadMessage(const std::shared_ptr<AsioTlsStream>& stream, boost::asio::yield_context yc, ssize_t maxMessageLength)
+```
+
+While we can generate code docs from it, the main idea behind it is
+to provide on-point docs to fully understand all parameters and the
+function's purpose in the same spot.
+
+
+#### Header <a id="development-develop-styleguide-header"></a>
+
+Only include other headers which are mandatory for the header definitions.
+If the source file requires additional headers, add them there to avoid
+include loops.
+
+The included header order is important.
+
+- First, include the library header `i2-<libraryname>.hpp`, e.g. `i2-base.hpp`.
+- Second, include all headers from Icinga itself, e.g. `remote/apilistener.hpp`. `base` before `icinga` before `remote`, etc.
+- Third, include third-party and external library headers, e.g. openssl and boost.
+- Fourth, include STL headers.
+
+#### Source <a id="development-develop-styleguide-source"></a>
+
+The included header order is important.
+
+- First, include the header whose methods are implemented.
+- Second, include all headers from Icinga itself, e.g. `remote/apilistener.hpp`. `base` before `icinga` before `remote`, etc.
+- Third, include third-party and external library headers, e.g. openssl and boost.
+- Fourth, include STL headers.
+
+Always use an empty line after the header include parts.
+
+#### Namespace <a id="development-develop-styleguide-namespace"></a>
+
+The icinga namespace is used globally, as otherwise we would need to write `icinga::Utility::FormatDateTime()`.
+
+```
+using namespace icinga;
+```
+
+Other namespaces must be declared in the scope they are used. Typically
+this is inside the function where `boost::asio` and variants would
+complicate the code.
+
+```
+	namespace ssl = boost::asio::ssl;
+
+	auto context (std::make_shared<ssl::context>(ssl::context::sslv23));
+```
+
+#### Functions <a id="development-develop-styleguide-functions"></a>
+
+Ensure to pass values and pointers as const reference. By default, all
+values will be copied into the function scope, and we want to avoid this
+wherever possible.
+
+```
+std::vector<EventQueue::Ptr> EventQueue::GetQueuesForType(const String& type)
+```
+
+C++ only allows to return a single value. This can be abstracted with
+returning a specific class object, or with using a map/set. Array and
+Dictionary objects increase the memory footprint, use them only where needed.
+
+A common use case for Icinga value types is where a function can return
+different values - an object, an array, a boolean, etc. This happens in the
+inner parts of the config compiler expressions, or config validation.
+
+The function caller is responsible to determine the correct value type
+and handle possible errors.
+
+Specific algorithms may require to populate a list, which can be passed
+by reference to the function. The inner function can then append values.
+Do not use a global shared resource here, unless this is locked by the caller.
+
+
+#### Conditions and Cases <a id="development-develop-styleguide-conditions"></a>
+
+Prefer if-else-if-else branches. When integers are involved,
+switch-case statements increase readability. Don't forget about `break` though!
+
+Avoid using ternary operators where possible. Putting a condition
+after an assignment complicates reading the source. The compiler
+optimizes this anyways.
+
+Wrong:
+
+```
+	int res = s == "OK" ? 0 : s == "WARNING" ? 1;
+
+	return res;
+```
+
+Better:
+
+```
+	int res = 3;
+
+	if (s == "OK") {
+		res = 0;
+	} else if (s == "WARNING") {
+		res = 1;
+	}
+```
+
+Even better: Create a lookup map instead of if branches. The complexity
+is reduced to O(log(n)).
+
+```
+	std::map<String, unsigned int> stateMap = {
+		{ "OK", 1 },
+		{ "WARNING", 2 }
+	}
+
+	auto it = stateMap.find(s);
+
+	if (it == stateMap.end()) {
+		return 3
+	}
+
+	return it.second;
+```
+
+The code is not as short as with a ternary operator, but one can re-use
+this design pattern for other generic definitions with e.g. moving the
+lookup into a utility class.
+
+Once a unit test is written, everything works as expected in the future.
+
+#### Locks and Guards <a id="development-develop-locks-guards"></a>
+
+Lock access to resources where multiple threads can read and write.
+Icinga objects can be locked with the `ObjectLock` class.
+
+Object locks and guards must be limited to the scope where they are needed. Otherwise we could create dead locks.
+
+```
+	{
+		ObjectLock olock(frame.Locals);
+		for (const Dictionary::Pair& kv : frame.Locals) {
+			AddSuggestion(matches, word, kv.first);
+		}
+	}
+```
+
+#### Objects and Pointers <a id="development-develop-objects-pointers"></a>
+
+Use shared pointers for objects. Icinga objects implement the `Ptr`
+typedef returning an `intrusive_ptr` for the class object (object.hpp).
+This also ensures reference counting for the object's lifetime.
+
+Use raw pointers with care!
+
+Some methods and classes require specific shared pointers, especially
+when interacting with the Boost library.
+
+#### Value Types <a id="development-develop-styleguide-value-types"></a>
+
+Icinga has its own value types. These provide methods to allow
+generic serialization into JSON for example, and other type methods
+which are made available in the DSL too.
+
+- Always use `String` instead of `std::string`. If you need a C-string, use the `CStr()` method.
+- Avoid casts and rather use the `Convert` class methods.
+
+```
+	double s = static_cast<double>(v); //Wrong
+
+	double s = Convert::ToDouble(v);   //Correct, ToDouble also provides overloads with different value types
+```
+
+- Prefer STL containers for internal non-user interfaces. Icinga value types add a small overhead which may decrease performance if e.g. the function is called 100k times.
+- `Array::FromVector` and variants implement conversions, use them.
+
+#### Utilities <a id="development-develop-styleguide-utilities"></a>
+
+Don't re-invent the wheel. The `Utility` class provides
+many helper functions which allow you e.g. to format unix timestamps,
+search in filesystem paths.
+
+Also inspect the Icinga objects, they also provide helper functions
+for formatting, splitting strings, joining arrays into strings, etc.
+
+#### Libraries <a id="development-develop-styleguide-libraries"></a>
+
+2.11 depends on [Boost 1.66](https://www.boost.org/doc/libs/1_66_0/).
+Use the existing libraries and header-only includes
+for this specific version.
+
+Note: Prefer C++11 features where possible, e.g. std::atomic and lambda functions.
+
+General:
+
+- [exception](https://www.boost.org/doc/libs/1_66_0/libs/exception/doc/boost-exception.html) (header only)
+- [algorithm](https://www.boost.org/doc/libs/1_66_0/libs/algorithm/doc/html/index.html) (header only)
+- [lexical_cast](https://www.boost.org/doc/libs/1_66_0/doc/html/boost_lexical_cast.html) (header only)
+- [regex](https://www.boost.org/doc/libs/1_66_0/libs/regex/doc/html/index.html)
+- [uuid](https://www.boost.org/doc/libs/1_66_0/libs/uuid/doc/uuid.html) (header only)
+- [range](https://www.boost.org/doc/libs/1_66_0/libs/range/doc/html/index.html) (header only)
+- [variant](https://www.boost.org/doc/libs/1_66_0/doc/html/variant.html) (header only)
+- [multi_index](https://www.boost.org/doc/libs/1_66_0/libs/multi_index/doc/index.html) (header only)
+- [function_types](https://www.boost.org/doc/libs/1_66_0/libs/function_types/doc/html/index.html) (header only)
+- [circular_buffer](https://www.boost.org/doc/libs/1_66_0/doc/html/circular_buffer.html) (header only)
+- [math](https://www.boost.org/doc/libs/1_66_0/libs/math/doc/html/index.html) (header only)
+
+Events and Runtime:
+
+- [system](https://www.boost.org/doc/libs/1_66_0/libs/system/doc/index.html)
+- [thread](https://www.boost.org/doc/libs/1_66_0/doc/html/thread.html)
+- [signals2](https://www.boost.org/doc/libs/1_66_0/doc/html/signals2.html) (header only)
+- [program_options](https://www.boost.org/doc/libs/1_66_0/doc/html/program_options.html)
+- [date_time](https://www.boost.org/doc/libs/1_66_0/doc/html/date_time.html)
+- [filesystem](https://www.boost.org/doc/libs/1_66_0/libs/filesystem/doc/index.htm)
+
+Network I/O:
+
+- [asio](https://www.boost.org/doc/libs/1_66_0/doc/html/boost_asio.html) (header only)
+- [beast](https://www.boost.org/doc/libs/1_66_0/libs/beast/doc/html/index.html) (header only)
+- [coroutine](https://www.boost.org/doc/libs/1_66_0/libs/coroutine/doc/html/index.html)
+- [context](https://www.boost.org/doc/libs/1_66_0/libs/context/doc/html/index.html)
+
+Consider abstracting their usage into `*utility.{c,h}pp` files with
+wrapping existing Icinga types. That also allows later changes without
+rewriting large code parts.
+
+> **Note**
+>
+> A new Boost library should be explained in a PR and discussed with the team.
+>
+> This requires package dependency changes.
+
+If you consider an external library or code to be included with Icinga, the following
+requirements must be fulfilled:
+
+- License is compatible with GPLv2+. Boost license, MIT works, Apache is not.
+- C++11 is supported, C++14 or later doesn't work
+- Header only implementations are preferred, external libraries require packages on every distribution.
+- No additional frameworks, Boost is the only allowed.
+- The code is proven to be robust and the GitHub repository is alive, or has 1k+ stars. Good libraries also provide a user list, if e.g. Ceph is using it, this is a good candidate.
+
+
+#### Log <a id="development-develop-styleguide-log"></a>
+
+Icinga allows the user to configure logging backends, e.g. syslog or file.
+
+Any log message inside the code must use the `Log()` function.
+
+- The first parameter is the severity level, use them with care.
+- The second parameter defines the location/scope where the log
+happened. Typically we use the class name here, to better analyse
+the logs the user provide in GitHub issues and on the community
+channels.
+- The third parameter takes a log message string
+
+If the message string needs to be computed from existing values,
+everything must be converted to the String type beforehand.
+This conversion for every value is very expensive which is why
+we try to avoid it.
+
+Instead, use Log() with the shift operator where everything is written
+on the stream and conversions are explicitly done with templates
+in the background.
+
+The trick here is that the Log object is destroyed immediately
+after being constructed once. The destructor actually
+evaluates the values and sends it to registers loggers.
+
+Since flushing the stream every time a log entry occurs is
+very expensive, a timer takes care of flushing the stream
+every second.
+
+> **Tip**
+>
+> If logging stopped, the flush timer thread may be dead.
+> Inspect that with gdb/lldb.
+
+Avoid log messages which could irritate the user. During
+implementation, developers can change log levels to better
+see what's going one, but remember to change this back to `debug`
+or remove it entirely.
+
+
+#### Goto <a id="development-develop-styleguide-goto"></a>
+
+Avoid using `goto` statements. There are rare occasions where
+they are allowed:
+
+- The code would become overly complicated within nested loops and conditions.
+- Event processing and C interfaces.
+- Question/Answer loops within interactive CLI commands.
+
+#### Typedef and Auto Keywords <a id="development-develop-styleguide-typedef-auto"></a>
+
+Typedefs allow developers to use shorter names for specific types,
+classes and structs.
+
+```
+	typedef std::map<String, std::shared_ptr<NamespaceValue> >::iterator Iterator;
+```
+
+These typedefs should be part of the Class definition in the header,
+or may be defined in the source scope where they are needed.
+
+Avoid declaring global typedefs, unless necessary.
+
+Using the `auto` keyword allows to ignore a specific value type.
+This comes in handy with maps/sets where no specific access
+is required.
+
+The following example iterates over a map returned from `GetTypes()`.
+
+```
+	for (const auto& kv : GetTypes()) {
+		result.insert(kv.second);
+	}
+```
+
+The long example would require us to define a map iterator, and a slightly
+different algorithm.
+
+```
+	typedef std::map<String, DbType::Ptr> TypeMap;
+	typedef std::map<String, DbType::Ptr>::const_iterator TypeMapIterator;
+
+	TypeMap types = GetTypes();
+
+	for (TypeMapIterator it = types.begin(); it != types.end(); it++) {
+		result.insert(it.second);
+	}
+```
+
+We could also use a pair here, but requiring to know
+the specific types of the map keys and values.
+
+```
+	typedef std::pair<String, DbType::Ptr> kv_pair;
+
+	for (const kv_pair& kv : GetTypes()) {
+		result.insert(kv.second);
+	}
+```
+
+After all, `auto` shortens the code and one does not always need to know
+about the specific types. Function documentation for `GetTypes()` is
+required though.
+
+
+
+#### Whitespace Cleanup <a id="development-develop-choose-editor-whitespaces"></a>
+
+Patches must be cleaned up and follow the indent style (tabs instead of spaces).
+You should also remove any trailing whitespaces.
+
+`git diff` allows to highlight such.
+
+```
+vim $HOME/.gitconfig
+
+[color "diff"]
+        whitespace = red reverse
+[core]
+        whitespace=fix,-indent-with-non-tab,trailing-space,cr-at-eol
+```
+
+`vim` also can match these and visually alert you to remove them.
+
+```
+vim $HOME/.vimrc
+
+highlight ExtraWhitespace ctermbg=red guibg=red
+match ExtraWhitespace /\s\+$/
+autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
+autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
+autocmd InsertLeave * match ExtraWhitespace /\s\+$/
+autocmd BufWinLeave * call clearmatches()
+```
+
+
+## Development Environment <a id="development-environment"></a>
+
+### Linux Dev Environment <a id="development-linux-dev-env"></a>
+
+Based on CentOS 7, we have an early draft available inside the Icinga Vagrant boxes:
+[centos7-dev](https://github.com/Icinga/icinga-vagrant/tree/master/centos7-dev).
+
+If you're compiling Icinga 2 natively without any virtualization layer in between,
+this usually is faster. This is also the reason why developers on macOS prefer native builds
+over Linux or Windows VMs. Don't forget to test the actual code on Linux later! Socket specific
+stuff like `epoll` is not available on Unix kernels.
+
+Depending on your workstation and environment, you may either develop and run locally,
+use a container deployment pipeline or put everything in a high end resource remote VM.
+
+Fork https://github.com/Icinga/icinga2 into your own repository, e.g. `https://github.com/dnsmichi/icinga2`.
+
+Create two build directories for different binary builds.
+
+* `debug` contains the debug build binaries. They contain more debug information and run tremendously slower than release builds from packages. Don't use them for benchmarks.
+* `release` contains the release build binaries, as you would install them on a live system. This helps comparing specific scenarios for race conditions and more.
+
+```
+mkdir -p release debug
+```
+
+Proceed with the specific distribution examples below. Keep in mind that these instructions
+are best effort and sometimes out-of-date. Git Master may contain updates.
+
+* [CentOS 7](21-development.md#development-linux-dev-env-centos)
+* [Debian 10 Buster](21-development.md#development-linux-dev-env-debian)
+* [Ubuntu 18 Bionic](21-development.md#development-linux-dev-env-ubuntu)
+
+
+#### CentOS 7 <a id="development-linux-dev-env-centos"></a>
+
+```
+yum -y install gdb vim git bash-completion htop
+
+yum -y install rpmdevtools ccache \
+ cmake make gcc-c++ flex bison \
+ openssl-devel boost169-devel systemd-devel \
+ mysql-devel postgresql-devel libedit-devel \
+ libstdc++-devel
+
+groupadd icinga
+groupadd icingacmd
+useradd -c "icinga" -s /sbin/nologin -G icingacmd -g icinga icinga
+
+ln -s /bin/ccache /usr/local/bin/gcc
+ln -s /bin/ccache /usr/local/bin/g++
+
+git clone https://github.com/icinga/icinga2.git && cd icinga2
+```
+
+The debug build binaries contain specific code which runs
+slower but allows for better debugging insights.
+
+For benchmarks, change `CMAKE_BUILD_TYPE` to `RelWithDebInfo` and
+build inside the `release` directory.
+
+First, off export some generics for Boost.
+
+```
+export I2_BOOST="-DBoost_NO_BOOST_CMAKE=TRUE -DBoost_NO_SYSTEM_PATHS=TRUE -DBOOST_LIBRARYDIR=/usr/lib64/boost169 -DBOOST_INCLUDEDIR=/usr/include/boost169 -DBoost_ADDITIONAL_VERSIONS='1.69;1.69.0'"
+```
+
+Second, add the prefix path to it.
+
+```
+export I2_GENERIC="$I2_BOOST -DCMAKE_INSTALL_PREFIX=/usr/local/icinga2"
+```
+
+Third, define the two build types with their specific CMake variables.
+
+```
+export I2_DEBUG="-DCMAKE_BUILD_TYPE=Debug -DICINGA2_UNITY_BUILD=OFF $I2_GENERIC"
+export I2_RELEASE="-DCMAKE_BUILD_TYPE=RelWithDebInfo -DICINGA2_WITH_TESTS=ON -DICINGA2_UNITY_BUILD=ON $I2_GENERIC"
+```
+
+Fourth, depending on your likings, you may add a bash alias for building,
+or invoke the commands inside:
+
+```
+alias i2_debug="cd /root/icinga2; mkdir -p debug; cd debug; cmake $I2_DEBUG ..; make -j2; sudo make -j2 install; cd .."
+alias i2_release="cd /root/icinga2; mkdir -p release; cd release; cmake $I2_RELEASE ..; make -j2; sudo make -j2 install; cd .."
+```
+
+This is taken from the [centos7-dev](https://github.com/Icinga/icinga-vagrant/tree/master/centos7-dev) Vagrant box.
+
+
+The source installation doesn't set proper permissions, this is
+handled in the package builds which are officially supported.
+
+```
+chown -R icinga:icinga /usr/local/icinga2/var/
+
+/usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2
+/usr/local/icinga2/sbin/icinga2 api setup
+vim /usr/local/icinga2/etc/icinga2/conf.d/api-users.conf
+
+/usr/local/icinga2/lib/icinga2/sbin/icinga2 daemon
+```
+
+#### Debian 10 <a id="development-linux-dev-env-debian"></a>
+
+Debian Buster doesn't need updated Boost packages from packages.icinga.com,
+the distribution already provides 1.66+. For older versions such as Stretch,
+include the release repository for packages.icinga.com as shown in the [setup instructions](02-installation.md#package-repositories-debian-ubuntu-raspbian).
+
+```
+$ docker run -ti ubuntu:bionic bash
+
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
+
+apt-get -y install gdb vim git cmake make ccache build-essential libssl-dev bison flex default-libmysqlclient-dev libpq-dev libedit-dev monitoring-plugins
+apt-get -y install libboost-all-dev
+```
+
+```
+ln -s /usr/bin/ccache /usr/local/bin/gcc
+ln -s /usr/bin/ccache /usr/local/bin/g++
+
+groupadd icinga
+groupadd icingacmd
+useradd -c "icinga" -s /sbin/nologin -G icingacmd -g icinga icinga
+
+git clone https://github.com/icinga/icinga2.git && cd icinga2
+
+mkdir debug release
+
+export I2_DEB="-DBoost_NO_BOOST_CMAKE=TRUE -DBoost_NO_SYSTEM_PATHS=TRUE -DBOOST_LIBRARYDIR=/usr/lib/x86_64-linux-gnu -DBOOST_INCLUDEDIR=/usr/include -DCMAKE_INSTALL_RPATH=/usr/lib/x86_64-linux-gnu"
+export I2_GENERIC="-DCMAKE_INSTALL_PREFIX=/usr/local/icinga2 -DICINGA2_PLUGINDIR=/usr/local/sbin"
+export I2_DEBUG="$I2_DEB $I2_GENERIC -DCMAKE_BUILD_TYPE=Debug -DICINGA2_UNITY_BUILD=OFF"
+
+cd debug
+cmake .. $I2_DEBUG
+cd ..
+
+make -j2 install -C debug
+```
+
+
+The source installation doesn't set proper permissions, this is
+handled in the package builds which are officially supported.
+
+```
+chown -R icinga:icinga /usr/local/icinga2/var/
+
+/usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2
+/usr/local/icinga2/sbin/icinga2 api setup
+vim /usr/local/icinga2/etc/icinga2/conf.d/api-users.conf
+
+/usr/local/icinga2/lib/icinga2/sbin/icinga2 daemon
+```
+
+
+#### Ubuntu 18 Bionic <a id="development-linux-dev-env-ubuntu"></a>
+
+Requires Boost packages from packages.icinga.com.
+
+```
+$ docker run -ti ubuntu:bionic bash
+
+apt-get update
+apt-get -y install apt-transport-https wget gnupg
+
+wget -O - https://packages.icinga.com/icinga.key | apt-key add -
+
+. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
+ echo "deb https://packages.icinga.com/ubuntu icinga-${DIST} main" > \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+ echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST} main" >> \
+ /etc/apt/sources.list.d/${DIST}-icinga.list
+
+apt-get update
+```
+
+```
+apt-get -y install gdb vim git cmake make ccache build-essential libssl-dev bison flex default-libmysqlclient-dev libpq-dev libedit-dev monitoring-plugins
+
+apt-get install -y libboost1.67-icinga-all-dev
+
+ln -s /usr/bin/ccache /usr/local/bin/gcc
+ln -s /usr/bin/ccache /usr/local/bin/g++
+
+groupadd icinga
+groupadd icingacmd
+useradd -c "icinga" -s /sbin/nologin -G icingacmd -g icinga icinga
+
+git clone https://github.com/icinga/icinga2.git && cd icinga2
+
+mkdir debug release
+
+export I2_DEB="-DBoost_NO_BOOST_CMAKE=TRUE -DBoost_NO_SYSTEM_PATHS=TRUE -DBOOST_LIBRARYDIR=/usr/lib/x86_64-linux-gnu/icinga-boost -DBOOST_INCLUDEDIR=/usr/include/icinga-boost -DCMAKE_INSTALL_RPATH=/usr/lib/x86_64-linux-gnu/icinga-boost"
+export I2_GENERIC="-DCMAKE_INSTALL_PREFIX=/usr/local/icinga2 -DICINGA2_PLUGINDIR=/usr/local/sbin"
+export I2_DEBUG="$I2_DEB $I2_GENERIC -DCMAKE_BUILD_TYPE=Debug -DICINGA2_UNITY_BUILD=OFF"
+
+cd debug
+cmake .. $I2_DEBUG
+cd ..
+```
+
+```
+make -j2 install -C debug
+```
+
+The source installation doesn't set proper permissions, this is
+handled in the package builds which are officially supported.
+
+```
+chown -R icinga:icinga /usr/local/icinga2/var/
+
+/usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2
+/usr/local/icinga2/sbin/icinga2 api setup
+vim /usr/local/icinga2/etc/icinga2/conf.d/api-users.conf
+
+/usr/local/icinga2/lib/icinga2/sbin/icinga2 daemon
+```
+
+### macOS Dev Environment <a id="development-macos-dev-env"></a>
+
+It is advised to use Homebrew to install required build dependencies.
+Macports have been reported to work as well, typically you'll get more help
+with Homebrew from Icinga developers.
+
+The idea is to run Icinga with the current user, avoiding root permissions.
+This requires at least v2.11.
+
+> **Note**
+>
+> This is a pure development setup for Icinga developers reducing the compile
+> time in contrast to VMs. There are no packages, startup scripts or dependency management involved.
+>
+> **macOS agents are not officially supported.**
+>
+> macOS uses its own TLS implementation, Icinga relies on extra OpenSSL packages
+> requiring updates apart from vendor security updates.
+
+#### Requirements
+
+Explicitly use OpenSSL 1.1.x, older versions are out of support.
+
+```
+brew install ccache boost cmake bison flex openssl@1.1 mysql-connector-c++ postgresql libpq
+```
+
+##### ccache
+
+```
+sudo mkdir /opt/ccache
+
+sudo ln -s `which ccache` /opt/ccache/clang
+sudo ln -s `which ccache` /opt/ccache/clang++
+
+vim $HOME/.bash_profile
+
+# ccache is managed with symlinks to avoid collision with cgo
+export PATH="/opt/ccache:$PATH"
+
+source $HOME/.bash_profile
+```
+
+#### Builds
+
+Icinga is built as release (optimized build for packages) and debug (more symbols and details for debugging). Debug builds
+typically run slower than release builds and must not be used for performance benchmarks.
+
+The preferred installation prefix is `/usr/local/icinga/icinga2`. This allows to put e.g. Icinga Web 2 into the `/usr/local/icinga` directory as well.
+
+```
+mkdir -p release debug
+
+export I2_USER=$(id -u -n)
+export I2_GROUP=$(id -g -n)
+export I2_GENERIC="-DCMAKE_INSTALL_PREFIX=/usr/local/icinga/icinga2 -DICINGA2_USER=$I2_USER -DICINGA2_GROUP=$I2_GROUP -DOPENSSL_INCLUDE_DIR=/usr/local/opt/openssl@1.1/include -DOPENSSL_SSL_LIBRARY=/usr/local/opt/openssl@1.1/lib/libssl.dylib -DOPENSSL_CRYPTO_LIBRARY=/usr/local/opt/openssl@1.1/lib/libcrypto.dylib -DICINGA2_PLUGINDIR=/usr/local/sbin -DICINGA2_WITH_PGSQL=OFF -DCMAKE_EXPORT_COMPILE_COMMANDS=ON"
+export I2_DEBUG="-DCMAKE_BUILD_TYPE=Debug -DICINGA2_UNITY_BUILD=OFF $I2_GENERIC"
+export I2_RELEASE="-DCMAKE_BUILD_TYPE=RelWithDebInfo -DICINGA2_WITH_TESTS=ON -DICINGA2_UNITY_BUILD=ON $I2_GENERIC"
+
+cd debug
+cmake $I2_DEBUG ..
+cd ..
+
+make -j4 -C debug
+make -j4 install -C debug
+```
+
+In order to run Icinga without any path prefix, and also use Bash completion it is advised to source additional
+things into the local dev environment.
+
+```
+export PATH=/usr/local/icinga/icinga2/sbin/:$PATH
+
+test -f /usr/local/icinga/icinga2/etc/bash_completion.d/icinga2 && source /usr/local/icinga/icinga2/etc/bash_completion.d/icinga2
+```
+
+##### Build Aliases
+
+This is derived from [dnsmichi's flavour](https://github.com/dnsmichi/dotfiles) and not generally best practice.
+
+```
+vim $HOME/.bash_profile
+
+export I2_USER=$(id -u -n)
+export I2_GROUP=$(id -g -n)
+export I2_GENERIC="-DCMAKE_INSTALL_PREFIX=/usr/local/icinga/icinga2 -DICINGA2_USER=$I2_USER -DICINGA2_GROUP=$I2_GROUP -DOPENSSL_INCLUDE_DIR=/usr/local/opt/openssl@1.1/include -DOPENSSL_SSL_LIBRARY=/usr/local/opt/openssl@1.1/lib/libssl.dylib -DOPENSSL_CRYPTO_LIBRARY=/usr/local/opt/openssl@1.1/lib/libcrypto.dylib -DICINGA2_PLUGINDIR=/usr/local/sbin -DICINGA2_WITH_PGSQL=OFF -DCMAKE_EXPORT_COMPILE_COMMANDS=ON"
+
+export I2_DEBUG="-DCMAKE_BUILD_TYPE=Debug -DICINGA2_UNITY_BUILD=OFF $I2_GENERIC"
+export I2_RELEASE="-DCMAKE_BUILD_TYPE=RelWithDebInfo -DICINGA2_WITH_TESTS=ON -DICINGA2_UNITY_BUILD=ON $I2_GENERIC"
+
+alias i2_debug="mkdir -p debug; cd debug; cmake $I2_DEBUG ..; make -j4; make -j4 install; cd .."
+alias i2_release="mkdir -p release; cd release; cmake $I2_RELEASE ..; make -j4; make -j4 install; cd .."
+
+export PATH=/usr/local/icinga/icinga2/sbin/:$PATH
+test -f /usr/local/icinga/icinga2/etc/bash_completion.d/icinga2 && source /usr/local/icinga/icinga2/etc/bash_completion.d/icinga2
+
+
+source $HOME/.bash_profile
+```
+
+#### Permissions
+
+`make install` doesn't set all required permissions, override this.
+
+```
+chown -R $I2_USER:$I2_GROUP /usr/local/icinga/icinga2
+```
+
+#### Run
+
+Start Icinga in foreground.
+
+```
+icinga2 daemon
+```
+
+Reloads triggered with HUP or cluster syncs just put the process into background.
+
+#### Plugins
+
+```
+brew install monitoring-plugins
+
+sudo vim /usr/local/icinga/icinga2/etc/icinga2/constants.conf
+const PluginDir = "/usr/local/sbin"
+```
+
+#### Backends: Redis
+
+```
+brew install redis
+brew services start redis
+```
+
+#### Databases: MariaDB
+
+```
+brew install mariadb
+mkdir -p /usr/local/etc/my.cnf.d
+brew services start mariadb
+
+mysql_secure_installation
+```
+
+```
+vim $HOME/.my.cnf
+
+[client]
+user = root
+password = supersecurerootpassword
+
+sudo -i
+ln -s /Users/michi/.my.cnf $HOME/.my.cnf
+exit
+```
+
+```
+mysql -e 'create database icinga;'
+mysql -e "grant all on icinga.* to 'icinga'@'localhost' identified by 'icinga';"
+mysql icinga < $HOME/dev/icinga/icinga2/lib/db_ido_mysql/schema/mysql.sql
+```
+
+#### API
+
+```
+icinga2 api setup
+cd /usr/local/icinga/icinga2/var/lib/icinga2/certs
+HOST_NAME=mbpmif.int.netways.de
+icinga2 pki new-cert --cn ${HOST_NAME} --csr ${HOST_NAME}.csr --key ${HOST_NAME}.key
+icinga2 pki sign-csr --csr ${HOST_NAME}.csr --cert ${HOST_NAME}.crt
+echo "const NodeName = \"${HOST_NAME}\"" >> /usr/local/icinga/icinga2/etc/icinga2/constants.conf
+```
+
+#### Web
+
+While it is recommended to use Docker or the Icinga Web 2 development VM pointing to the shared IDO database resource/REST API, you can also install it locally on macOS.
+
+The required steps are described in [this script](https://github.com/dnsmichi/dotfiles/blob/master/icingaweb2.sh).
+
+
+
+### Windows Dev Environment <a id="development-windows-dev-env"></a>
+
+The following sections explain how to setup the required build tools
+and how to run and debug the code.
+
+#### Chocolatey
+
+Open an administrative command prompt (Win key, type “cmd”, right-click and “run as administrator”) and paste the following instructions:
+
+```
+@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin
+```
+
+#### Git, Posh and Vim
+
+In case you are used to `vim`, start a new administrative Powershell:
+
+```
+choco install -y vim
+```
+
+The same applies for Git integration in Powershell:
+
+```
+choco install -y poshgit
+```
+
+![Powershell Posh Git](images/development/windows_powershell_posh_git.png)
+
+In order to fix the colors for commands like `git status` or `git diff`,
+edit `$HOME/.gitconfig` in your Powershell and add the following lines:
+
+```
+vim $HOME/.gitconfig
+
+[color "status"]
+    changed = cyan bold
+    untracked = yellow bold
+    added = green bold
+    branch = cyan bold
+    unmerged = red bold
+
+[color "diff"]
+    frag = cyan
+    new = green bold
+    commit = yellow
+    old = red white
+
+[color "branch"]
+  current = yellow reverse
+  local = yellow
+  remote = green bold
+  remote = red bold
+```
+
+#### Visual Studio
+
+Thanks to Microsoft they’ll now provide their Professional Edition of Visual Studio
+as community version, free for use for open source projects such as Icinga.
+The installation requires ~9GB disk space. [Download](https://www.visualstudio.com/downloads/)
+the web installer and start the installation.
+
+Note: Both Visual Studio 2017 and 2019 are covered here. Older versions
+are not supported.
+
+You need a free Microsoft account to download and also store your preferences.
+
+Install the following complete workloads:
+
+* C++ Desktop Development
+* .NET Desktop Development
+
+In addition also choose these individual components on Visual Studio:
+
+* .NET
+    * .NET Framework 4.x targeting packs
+    * .NET Framework 4.x.y SDKs
+* Code tools
+    * Git for Windows
+    * GitHub Extension for Visual Studio
+    * NuGet package manager
+* Compilers, build tools and runtimes
+    * C# and Visual Basic Roslyn compilers
+    * C++ 2019 Redistributable Update
+    * C++ CMake tools for Windows
+    * C++/CLI Support for v142 build tools (14.22)
+    * MSBuild
+    * MSVC v142 - VS 2019 C++ x64/x86 build tools (v14.22)
+* Debugging and testing
+    * .NET profiling tools
+    * C++ profiling tools
+    * Just-in-Time debugger
+* Development activities
+    * C# and Visual Basic
+    * C++ core features
+    * IntelliCode
+    * Live Share
+* Games and Graphics
+    * Graphics debugger and GPU profiler for DirectX (required by C++ profiling tools)
+* SDKs, libraries and frameworks
+    * Windows 10 SDK (10.0.18362.0 or later)
+    * Windows Universal C Runtime
+
+![Visual Studio Installer](images/development/windows_visual_studio_installer_01.png)
+![Visual Studio Installer](images/development/windows_visual_studio_installer_02.png)
+![Visual Studio Installer](images/development/windows_visual_studio_installer_03.png)
+
+After a while, Visual Studio will be ready.
+
+##### Style Guide for Visual Studio
+
+Navigate into `Tools > Options > Text Editor` and repeat the following for
+
+- C++
+- C#
+
+Navigate into `Tabs` and set:
+
+- Indenting: Smart (default)
+- Tab size: 4
+- Indent size: 4
+- Keep tabs (instead of spaces)
+
+![Visual Studio Tabs](images/development/windows_visual_studio_tabs_c++.png)
+
+
+#### Flex and Bison
+
+Install it using [chocolatey](https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html):
+
+```
+choco install -y winflexbison
+```
+
+Chocolatey installs these tools into the hidden directory `C:\ProgramData\chocolatey\lib\winflexbison\tools`.
+
+#### OpenSSL
+
+Icinga 2 requires the OpenSSL library. [Download](http://slproweb.com/products/Win32OpenSSL.html) the Win64 package
+and install it into `c:\local\OpenSSL-Win64`.
+
+Once asked for `Copy OpenSSLs DLLs to` select `The Windows system directory`. That way CMake/Visual Studio
+will automatically detect them for builds and packaging.
+
+> **Note**
+>
+> We cannot use the chocolatey package as this one does not provide any development headers.
+>
+> Choose 1.1.1 LTS from manual downloads for best compatibility.
+
+#### Boost
+
+Icinga needs the development header and library files from the Boost library.
+
+Visual Studio translates into the following compiler versions:
+
+- `msvc-14.1` = Visual Studio 2017
+- `msvc-14.2` = Visual Studio 2019
+
+##### Pre-built Binaries
+
+Prefer the pre-built package over self-compiling, if the newest version already exists.
+
+Download the [boost-binaries](https://sourceforge.net/projects/boost/files/boost-binaries/) for
+
+- msvc-14.2 is Visual Studio 2019
+- 64 for 64 bit builds
+
+```
+https://sourceforge.net/projects/boost/files/boost-binaries/1.71.0/boost_1_71_0-msvc-14.2-64.exe/download
+```
+
+Run the installer and leave the default installation path in `C:\local\boost_1_71_0`.
+
+
+##### Source & Compile
+
+In order to use the boost development header and library files you need to [download](http://www.boost.org/users/download/)
+Boost and then extract it to e.g. `C:\local\boost_1_71_0`.
+
+> **Note**
+>
+> Just use `C:\local`, the zip file already contains the sub folder. Extraction takes a while,
+> the archive contains more than 70k files.
+
+In order to integrate Boost into Visual Studio, open the `Developer Command Prompt` from the start menu,
+and navigate to `C:\local\boost_1_71_0`.
+
+Execute `bootstrap.bat` first.
+
+```
+cd C:\local\boost_1_71_0
+bootstrap.bat
+```
+
+Once finished, specify the required `toolset` to compile boost against Visual Studio.
+This takes quite some time in a Windows VM. Boost Context uses Assembler code,
+which isn't treated as exception safe by the VS compiler. Therefore set the
+additional compilation flag according to [this entry](https://lists.boost.org/Archives/boost/2015/08/224570.php).
+
+```
+b2 --toolset=msvc-14.2 link=static threading=multi runtime-link=static address-model=64 asmflags=\safeseh
+```
+
+![Windows Boost Build in VS Development Console](images/development/windows_boost_build_dev_cmd.png)
+
+#### TortoiseGit
+
+TortoiseGit provides a graphical integration into the Windows explorer. This makes it easier to checkout, commit
+and whatnot.
+
+[Download](https://tortoisegit.org/download/) TortoiseGit on your system.
+
+In order to clone via Git SSH you also need to create a new directory called `.ssh`
+inside your user's home directory.
+Therefore open a command prompt (win key, type `cmd`, enter) and run `mkdir .ssh`.
+Add your `id_rsa` private key and `id_rsa.pub` public key files into that directory.
+
+Start the setup routine and choose `OpenSSH` as default secure transport when asked.
+
+Open a Windows Explorer window and navigate into
+
+```
+cd %HOMEPATH%\source\repos
+```
+
+Right click and select `Git Clone` from the context menu.
+
+Use `ssh://git@github.com/icinga/icinga2.git` for SSH clones, `https://github.com/icinga/icinga2.git` otherwise.
+
+#### Packages
+
+CMake uses CPack and NSIS to create the setup executable including all binaries and libraries
+in addition to setup dialogues and configuration. Therefore we’ll need to install [NSIS](http://nsis.sourceforge.net/Download)
+first.
+
+We also need to install the Windows Installer XML (WIX) toolset.
+
+```
+choco install -y wixtoolset
+```
+
+#### CMake
+
+Icinga 2 uses CMake to manage the build environment. You can generate the Visual Studio project files
+using CMake. [Download](https://cmake.org/download/) and install CMake. Select to add it to PATH for all users
+when asked.
+
+> **Note**
+>
+> In order to properly detect the Boost libraries and VS 2019, install CMake 3.15.2+.
+>
+> **Tip**
+>
+> Cheatsheet: http://www.brianlheim.com/2018/04/09/cmake-cheat-sheet.html
+
+Once setup is completed, open a command prompt and navigate to
+
+```
+cd %HOMEPATH%\source\repos
+```
+
+Build Icinga with specific CMake variables. This generates a new Visual Studio project file called `icinga2.sln`.
+
+Visual Studio translates into the following:
+
+- `msvc-14.1` = Visual Studio 2017
+- `msvc-14.2` = Visual Studio 2019
+
+You need to specify the previously installed component paths.
+
+Variable              | Value                                                                | Description
+----------------------|----------------------------------------------------------------------|-------------------------------------------------------
+`BOOST_ROOT`          | `C:\local\boost_1_71_0`                                                    | Root path where you've extracted and compiled Boost.
+`BOOST_LIBRARYDIR`    | Binary: `C:\local\boost_1_71_0\lib64-msvc-14.1`, Source: `C:\local\boost_1_71_0\stage` | Path to the static compiled Boost libraries, directory must contain `lib`.
+`BISON_EXECUTABLE`    | `C:\ProgramData\chocolatey\lib\winflexbison\tools\win_bison.exe`     | Path to the Bison executable.
+`FLEX_EXECUTABLE`     | `C:\ProgramData\chocolatey\lib\winflexbison\tools\win_flex.exe`      | Path to the Flex executable.
+`ICINGA2_WITH_MYSQL`  | OFF                                                                  | Requires extra setup for MySQL if set to `ON`. Not supported for client setups.
+`ICINGA2_WITH_PGSQL`  | OFF                                                                  | Requires extra setup for PgSQL if set to `ON`. Not supported for client setups.
+`ICINGA2_UNITY_BUILD` | OFF                                                                  | Disable unity builds for development environments.
+
+Tip: If you have previously opened a terminal, run `refreshenv` to re-read updated PATH variables.
+
+##### Build Scripts
+
+Icinga provides the build scripts inside the Git repository.
+
+Open a new Powershell and navigate into the cloned Git repository. Set
+specific environment variables and run the build scripts.
+
+```
+cd %HOMEPATH%\source\repos\icinga2
+
+.\tools\win32\configure-dev.ps1
+.\tools\win32\build.ps1
+.\tools\win32\test.ps1
+```
+
+The debug MSI package is located in the `debug` directory.
+
+If you did not follow the above steps with Boost binaries
+and OpenSSL paths, or using VS 2017, you can still modify
+the environment variables.
+
+```
+$env:CMAKE_GENERATOR='Visual Studio 16 2019'
+$env:CMAKE_GENERATOR_PLATFORM='x64'
+
+$env:ICINGA2_INSTALLPATH = 'C:\Program Files\Icinga2-debug'
+$env:ICINGA2_BUILDPATH='debug'
+$env:CMAKE_BUILD_TYPE='Debug'
+$env:OPENSSL_ROOT_DIR='C:\OpenSSL-Win64'
+$env:BOOST_ROOT='C:\local\boost_1_71_0'
+$env:BOOST_LIBRARYDIR='C:\local\boost_1_71_0\lib64-msvc-14.2'
+```
+
+#### Icinga 2 in Visual Studio
+
+This requires running the configure script once.
+
+Navigate to
+
+```
+cd %HOMEPATH%\source\repos\icinga2\debug
+```
+
+Open `icinga2.sln`. Log into Visual Studio when asked.
+
+On the right panel, select to build the `Bin/icinga-app` solution.
+
+The executable binaries are located in `Bin\Release\Debug` in your `icinga2`
+project directory.
+
+Navigate there and run `icinga2.exe --version`.
+
+```
+cd %HOMEPATH%\source\repos\icinga2\Bin\Release\Debug
+icinga2.exe --version
+```
+
+
+#### Release Package
+
+This is part of the build process script. Override the build type and pick a different
+build directory.
+
+```
+cd %HOMEPATH%\source\repos\icinga2
+
+$env:ICINGA2_BUILDPATH='release'
+$env:CMAKE_BUILD_TYPE='RelWithDebInfo'
+
+.\tools\win32\configure-dev.ps1
+.\tools\win32\build.ps1
+.\tools\win32\test.ps1
+```
+
+The release MSI package is located in the `release` directory.
+
+
+### Embedded Dev Env: Pi <a id="development-embedded-dev-env"></a>
+
+> **Note**
+>
+> This isn't officially supported yet, just a few hints how you can do it yourself.
+
+The following examples source from armhf on Raspberry Pi.
+
+#### ccache
+
+```
+apt install -y ccache
+
+/usr/sbin/update-ccache-symlinks
+
+echo 'export PATH="/usr/lib/ccache:$PATH"' | tee -a ~/.bashrc
+
+source ~/.bashrc && echo $PATH
+```
+
+#### Build
+
+Copy the icinga2 source code into `$HOME/icinga2`. Clone the `deb-icinga2` repository into `debian/`.
+
+```
+git clone https://github.com/Icinga/icinga2 $HOME/icinga2
+git clone https://github.com/Icinga/deb-icinga2 $HOME/icinga2/debian
+```
+
+Then build a Debian package and install it like normal.
+```
+dpkg-buildpackage -uc -us
+```
+
+## Package Builds <a id="development-package-builds"></a>
+
+This documentation is explicitly meant for packagers and the Icinga
+build infrastructure.
+
+The following requirements need to be fulfilled in order to build the
+Icinga application using a dist tarball (including notes for distributions):
+
+* cmake >= 2.6
+* GNU make (make) or ninja-build
+* C++ compiler which supports C++11
+    * RHEL/Fedora/SUSE: gcc-c++ >= 4.7 (extra Developer Tools on RHEL5/6 see below)
+    * Debian/Ubuntu: build-essential
+    * Alpine: build-base
+    * you can also use clang++
+* pkg-config
+* OpenSSL library and header files >= 1.0.1
+    * RHEL/Fedora: openssl-devel
+    * SUSE: libopenssl-devel
+    * Debian/Ubuntu: libssl-dev
+    * Alpine: libressl-dev
+* Boost library and header files >= 1.66.0
+    * RHEL/Fedora: boost166-devel
+    * Debian/Ubuntu: libboost-all-dev
+    * Alpine: boost-dev
+* GNU bison (bison)
+* GNU flex (flex) >= 2.5.35
+* systemd headers
+    * Only required when using systemd
+    * Debian/Ubuntu: libsystemd-dev
+    * RHEL/Fedora: systemd-devel
+
+### Optional features <a id="development-package-builds-optional-features"></a>
+
+* MySQL (disable with CMake variable `ICINGA2_WITH_MYSQL` to `OFF`)
+    * RHEL/Fedora: mysql-devel
+    * SUSE: libmysqlclient-devel
+    * Debian/Ubuntu: default-libmysqlclient-dev | libmysqlclient-dev
+    * Alpine: mariadb-dev
+* PostgreSQL (disable with CMake variable `ICINGA2_WITH_PGSQL` to `OFF`)
+    * RHEL/Fedora: postgresql-devel
+    * Debian/Ubuntu: libpq-dev
+    * postgresql-dev on Alpine
+* libedit (CLI console)
+    * RHEL/Fedora: libedit-devel on CentOS (RHEL requires rhel-7-server-optional-rpms)
+    * Debian/Ubuntu/Alpine: libedit-dev
+* Termcap (only required if libedit doesn't already link against termcap/ncurses)
+    * RHEL/Fedora: libtermcap-devel
+    * Debian/Ubuntu: (not necessary)
+
+### Special requirements <a id="development-package-builds-special-requirements"></a>
+
+**FreeBSD**: libexecinfo (automatically used when Icinga 2 is installed via port or package)
+
+**RHEL6**: Requires a newer boost version which is available on packages.icinga.com
+with a version suffixed name.
+
+### Runtime user environment <a id="development-package-builds-runtime-user-env"></a>
+
+By default Icinga will run as user `icinga` and group `icinga`. Additionally the
+external command pipe and livestatus features require a dedicated command group
+`icingacmd`. You can choose your own user/group names and pass them to CMake
+using the `ICINGA2_USER`, `ICINGA2_GROUP` and `ICINGA2_COMMAND_GROUP` variables.
+
+```
+# groupadd icinga
+# groupadd icingacmd
+# useradd -c "icinga" -s /sbin/nologin -G icingacmd -g icinga icinga
+```
+
+On Alpine (which uses ash busybox) you can run:
+
+```
+# addgroup -S icinga
+# addgroup -S icingacmd
+# adduser -S -D -H -h /var/spool/icinga2 -s /sbin/nologin -G icinga -g icinga icinga
+# adduser icinga icingacmd
+```
+
+Add the web server user to the icingacmd group in order to grant it write
+permissions to the external command pipe and livestatus socket:
+
+```
+# usermod -a -G icingacmd www-data
+```
+
+Make sure to replace "www-data" with the name of the user your web server
+is running as.
+
+### Building Icinga 2: Example <a id="development-package-builds-example"></a>
+
+Once you have installed all the necessary build requirements you can build
+Icinga 2 using the following commands:
+
+```
+$ mkdir release && cd release
+$ cmake ..
+$ cd ..
+$ make -C release
+$ make install -C release
+```
+
+You can specify an alternative installation prefix using `-DCMAKE_INSTALL_PREFIX`:
+
+```
+$ cmake .. -DCMAKE_INSTALL_PREFIX=/tmp/icinga2
+```
+
+### CMake Variables <a id="development-package-builds-cmake-variables"></a>
+
+In addition to `CMAKE_INSTALL_PREFIX` here are most of the supported Icinga-specific cmake variables.
+
+For all variables regarding defaults paths on in CMake, see
+[GNUInstallDirs](https://cmake.org/cmake/help/latest/module/GNUInstallDirs.html).
+
+Also see `CMakeLists.txt` for details.
+
+#### System Environment
+
+* `CMAKE_INSTALL_SYSCONFDIR`: The configuration directory; defaults to `CMAKE_INSTALL_PREFIX/etc`
+* `CMAKE_INSTALL_LOCALSTATEDIR`: The state directory; defaults to `CMAKE_INSTALL_PREFIX/var`
+* `ICINGA2_CONFIGDIR`: Main config directory; defaults to `CMAKE_INSTALL_SYSCONFDIR/icinga2` usually `/etc/icinga2`
+* `ICINGA2_CACHEDIR`: Directory for cache files; defaults to `CMAKE_INSTALL_LOCALSTATEDIR/cache/icinga2` usually `/var/cache/icinga2`
+* `ICINGA2_DATADIR`: Data directory  for the daemon; defaults to `CMAKE_INSTALL_LOCALSTATEDIR/lib/icinga2` usually `/var/lib/icinga2`
+* `ICINGA2_LOGDIR`: Logfiles of the daemon; defaults to `CMAKE_INSTALL_LOCALSTATEDIR/log/icinga2 usually `/var/log/icinga2`
+* `ICINGA2_SPOOLDIR`: Spooling directory ; defaults to `CMAKE_INSTALL_LOCALSTATEDIR/spool/icinga2` usually `/var/spool/icinga2`
+* `ICINGA2_INITRUNDIR`: Runtime data for the init system; defaults to `CMAKE_INSTALL_LOCALSTATEDIR/run/icinga2` usually `/run/icinga2`
+* `ICINGA2_GIT_VERSION_INFO`: Whether to use Git to determine the version number; defaults to `ON`
+* `ICINGA2_USER`: The user Icinga 2 should run as; defaults to `icinga`
+* `ICINGA2_GROUP`: The group Icinga 2 should run as; defaults to `icinga`
+* `ICINGA2_COMMAND_GROUP`: The command group Icinga 2 should use; defaults to `icingacmd`
+* `ICINGA2_SYSCONFIGFILE`: Where to put the config file the initscript/systemd pulls it's dirs from;
+* defaults to `CMAKE_INSTALL_PREFIX/etc/sysconfig/icinga2`
+* `ICINGA2_PLUGINDIR`: The path for the Monitoring Plugins project binaries; defaults to `/usr/lib/nagios/plugins`
+
+#### Build Optimization
+
+* `ICINGA2_UNITY_BUILD`: Whether to perform a unity build; defaults to `ON`. Note: This requires additional memory and is not advised for building VMs, Docker for Mac and embedded hardware.
+* `ICINGA2_LTO_BUILD`: Whether to use link time optimization (LTO); defaults to `OFF`
+
+#### Init System
+
+* `USE_SYSTEMD=ON|OFF`: Use systemd or a classic SysV initscript; defaults to `OFF`
+* `INSTALL_SYSTEMD_SERVICE_AND_INITSCRIPT=ON|OFF` Force install both the systemd service definition file
+  and the SysV initscript in parallel, regardless of how `USE_SYSTEMD` is set.
+  Only use this for special packaging purposes and if you know what you are doing.
+  Defaults to `OFF`.
+
+#### Features
+
+* `ICINGA2_WITH_CHECKER`: Determines whether the checker module is built; defaults to `ON`
+* `ICINGA2_WITH_COMPAT`: Determines whether the compat module is built; defaults to `ON`
+* `ICINGA2_WITH_LIVESTATUS`: Determines whether the Livestatus module is built; defaults to `ON`
+* `ICINGA2_WITH_NOTIFICATION`: Determines whether the notification module is built; defaults to `ON`
+* `ICINGA2_WITH_PERFDATA`: Determines whether the perfdata module is built; defaults to `ON`
+* `ICINGA2_WITH_TESTS`: Determines whether the unit tests are built; defaults to `ON`
+
+#### MySQL or MariaDB
+
+The following settings can be tuned for the MySQL / MariaDB IDO feature.
+
+* `ICINGA2_WITH_MYSQL`: Determines whether the MySQL IDO module is built; defaults to `ON`
+* `MYSQL_CLIENT_LIBS`: Client implementation used (mysqlclient / mariadbclient); defaults searches for `mysqlclient` and `mariadbclient`
+* `MYSQL_INCLUDE_DIR`: Directory containing include files for the mysqlclient; default empty -
+  checking multiple paths like `/usr/include/mysql`
+
+See [FindMySQL.cmake](https://github.com/Icinga/icinga2/blob/master/third-party/cmake/FindMySQL.cmake)
+for implementation details.
+
+#### PostgreSQL
+
+The following settings can be tuned for the PostgreSQL IDO feature.
+
+* `ICINGA2_WITH_PGSQL`: Determines whether the PostgreSQL IDO module is built; defaults to `ON`
+* `PostgreSQL_INCLUDE_DIR`: Top-level directory containing the PostgreSQL include directories
+* `PostgreSQL_LIBRARY`: File path to PostgreSQL library : libpq.so (or libpq.so.[ver] file)
+
+See [FindPostgreSQL.cmake](https://github.com/Icinga/icinga2/blob/master/third-party/cmake/FindPostgreSQL.cmake)
+for implementation details.
+
+#### Version detection
+
+CMake determines the Icinga 2 version number using `git describe` if the
+source directory is contained in a Git repository. Otherwise the version number
+is extracted from the [VERSION](VERSION) file. This behavior can be
+overridden by creating a file called `icinga-version.h.force` in the source
+directory. Alternatively the `-DICINGA2_GIT_VERSION_INFO=OFF` option for CMake
+can be used to disable the usage of `git describe`.
+
+
+### Building RPMs <a id="development-package-builds-rpms"></a>
+
+#### Build Environment on RHEL, CentOS, Fedora, Amazon Linux
+
+Setup your build environment:
+
+```
+yum -y install rpmdevtools
+```
+
+#### Build Environment on SuSE/SLES
+
+SLES:
+
+```
+zypper addrepo http://download.opensuse.org/repositories/devel:tools/SLE_12_SP4/devel:tools.repo
+zypper refresh
+zypper install rpmdevtools spectool
+```
+
+OpenSuSE:
+
+```
+zypper addrepo http://download.opensuse.org/repositories/devel:tools/openSUSE_Leap_15.0/devel:tools.repo
+zypper refresh
+zypper install rpmdevtools spectool
+```
+
+#### Package Builds <a id="development-package-builds-rpms-package-builds"></a>
+
+Prepare the rpmbuild directory tree:
+
+```
+cd $HOME
+rpmdev-setuptree
+```
+
+Snapshot builds:
+
+```
+curl https://raw.githubusercontent.com/Icinga/rpm-icinga2/master/icinga2.spec -o $HOME/rpmbuild/SPECS/icinga2.spec
+```
+
+> **Note**
+>
+> The above command builds snapshot packages. Change to the `release` branch
+> for release package builds.
+
+Copy the tarball to `rpmbuild/SOURCES` e.g. by using the `spectool` binary
+provided with `rpmdevtools`:
+
+```
+cd $HOME/rpmbuild/SOURCES
+spectool -g ../SPECS/icinga2.spec
+
+cd $HOME/rpmbuild
+```
+
+Install the build dependencies. Example for CentOS 7:
+
+```
+yum -y install libedit-devel ncurses-devel gcc-c++ libstdc++-devel openssl-devel \
+cmake flex bison boost-devel systemd mysql-devel postgresql-devel httpd \
+selinux-policy-devel checkpolicy selinux-policy selinux-policy-doc
+```
+
+Note: If you are using Amazon Linux, systemd is not required.
+
+A shorter way is available using the `yum-builddep` command on RHEL based systems:
+
+```
+yum-builddep SPECS/icinga2.spec
+```
+
+Build the RPM:
+
+```
+rpmbuild -ba SPECS/icinga2.spec
+```
+
+#### Additional Hints <a id="development-package-builds-rpms-additional-hints"></a>
+
+##### SELinux policy module
+
+The following packages are required to build the SELinux policy module:
+
+* checkpolicy
+* selinux-policy (selinux-policy on CentOS 6, selinux-policy-devel on CentOS 7)
+* selinux-policy-doc
+
+##### RHEL/CentOS 6
+
+The RedHat Developer Toolset is required for building Icinga 2 beforehand.
+This contains a modern version of flex and a C++ compiler which supports
+C++11 features.
+
+```
+cat >/etc/yum.repos.d/devtools-2.repo <<REPO
+[testing-devtools-2-centos-\$releasever]
+name=testing 2 devtools for CentOS $releasever
+baseurl=https://people.centos.org/tru/devtools-2/\$releasever/\$basearch/RPMS
+gpgcheck=0
+REPO
+```
+
+Dependencies to devtools-2 are used in the RPM SPEC, so the correct tools
+should be used for building.
+
+As an alternative, you can use newer Boost packages provided on
+[packages.icinga.com](https://packages.icinga.com/epel).
+```
+cat >$HOME/.rpmmacros <<MACROS
+%build_icinga_org 1
+MACROS
+```
+
+##### Amazon Linux
+
+If you prefer to build packages offline, a suitable Vagrant box is located
+[here](https://atlas.hashicorp.com/mvbcoding/boxes/awslinux/).
+
+### Build Debian/Ubuntu packages <a id="development-package-builds-deb"></a>
+
+Setup your build environment on Debian/Ubuntu, copy the 'debian' directory from
+the Debian packaging Git repository (https://github.com/Icinga/deb-icinga2)
+into your source tree and run the following command:
+
+```
+dpkg-buildpackage -uc -us
+```
+
+### Build Alpine Linux packages <a id="development-package-builds-alpine"></a>
+
+A simple way to setup a build environment is installing Alpine in a chroot.
+In this way, you can set up an Alpine build environment in a chroot under a
+different Linux distro.
+There is a script that simplifies these steps with just two commands, and
+can be found [here](https://github.com/alpinelinux/alpine-chroot-install).
+
+Once the build environment is installed, you can setup the system to build
+the packages by following [this document](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package).
+
+### Build Post Install Tasks <a id="development-package-builds-post-install-tasks"></a>
+
+After building Icinga 2 yourself, your package build system should at least run the following post
+install requirements:
+
+* enable the `checker`, `notification` and `mainlog` feature by default
+* run 'icinga2 api setup' in order to enable the `api` feature and generate TLS certificates for the node
+
+### Run Icinga 2 <a id="development-package-builds-run-icinga"></a>
+
+Icinga 2 comes with a binary that takes care of loading all the relevant
+components (e.g. for check execution, notifications, etc.):
+
+```
+icinga2 daemon
+
+[2016-12-08 16:44:24 +0100] information/cli: Icinga application loader (version: v2.5.4-231-gb10a6b7; debug)
+[2016-12-08 16:44:24 +0100] information/cli: Loading configuration file(s).
+[2016-12-08 16:44:25 +0100] information/ConfigItem: Committing config item(s).
+...
+```
+
+#### Init Script <a id="development-package-builds-init-script"></a>
+
+Icinga 2 can be started as a daemon using the provided init script:
+
+```
+/etc/init.d/icinga2
+Usage: /etc/init.d/icinga2 {start|stop|restart|reload|checkconfig|status}
+```
+
+#### Systemd <a id="development-package-builds-systemd"></a>
+
+If your distribution uses systemd:
+
+```
+systemctl {start|stop|reload|status|enable|disable} icinga2
+```
+
+In case the distribution is running systemd >227, you'll also
+need to package and install the `etc/initsystem/icinga2.service.limits.conf`
+file into `/etc/systemd/system/icinga2.service.d`.
+
+#### openrc <a id="development-package-builds-openrc"></a>
+
+Or if your distribution uses openrc (like Alpine):
+
+```
+rc-service icinga2
+Usage: /etc/init.d/icinga2 {start|stop|restart|reload|checkconfig|status}
+```
+
+Note: the openrc's init.d is not shipped by default.
+A working init.d with openrc can be found here: (https://git.alpinelinux.org/cgit/aports/plain/community/icinga2/icinga2.initd). If you have customized some path, edit the file and adjust it according with your setup.
+Those few steps can be followed:
+
+```
+wget https://git.alpinelinux.org/cgit/aports/plain/community/icinga2/icinga2.initd
+mv icinga2.initd /etc/init.d/icinga2
+chmod +x /etc/init.d/icinga2
+```
+
+Icinga 2 reads a single configuration file which is used to specify all
+configuration settings (global settings, hosts, services, etc.). The
+configuration format is explained in detail in the [doc/](doc/) directory.
+
+By default `make install` installs example configuration files in
+`/usr/local/etc/icinga2` unless you have specified a different prefix or
+sysconfdir.
+
+
+### Windows Builds <a id="development-package-builds-windows"></a>
+
+The Windows MSI packages are located at https://packages.icinga.com/windows/
+
+The build infrastructure is based on GitLab CI and an Ansible provisioned
+Windows VM running in OpenStack.
+
+The runner uses the scripts located in `tools/win32` to configure, build
+and test the packages. Uploading them to the package repository is a
+separate step. For manual package creation, please refer to [this chapter](21-development.md#development-windows-dev-env).
+
+![Windows build pipeline in GitLab](images/development/windows_builds_gitlab_pipeline.png)
+
+
+## Continuous Integration <a id="development-ci"></a>
+
+Icinga uses the integrated CI capabilities on GitHub in the development workflow.
+This ensures that incoming pull requests and branches are built on create/push events.
+Contributors and developers can immediately see whether builds fail or succeed and
+help the final reviews.
+
+* For Linux, we are currently using Travis CI.
+* For Windows, AppVeyor has been integrated.
+
+Future plans involve making use of GitHub Actions.
+
+In addition to our development platform on GitHub,
+we are using GitLab's CI platform to build binary packages for
+all supported operating systems and distributions.
+These CI pipelines provide even more detailed insights into
+specific platform failures and developers can react faster.
+
+### CI: Travis CI
+
+[Travis CI](https://travis-ci.org/Icinga/icinga2) provides Ubuntu as base
+distribution where Icinga is compiled from sources followed by running the
+unit tests and a config validation check.
+
+For details, please refer to the [.travis.yml](https://github.com/Icinga/icinga2/blob/master/.travis.yml)
+configuration file.
+
+### CI: AppVeyor
+
+[AppVeyor](https://ci.appveyor.com/project/icinga/icinga2) provides Windows
+as platform where Visual Studio and Boost libraries come pre-installed.
+
+Icinga is built using the Powershell scripts located in `tools/win32`.
+In addition to that, the unit tests are run.
+
+Please check the [appveyor.yml](https://github.com/Icinga/icinga2/blob/master/appveyor.yml) configuration
+file for details.
+
+
+## Advanced Development Tips <a id="development-advanced"></a>
+
+### GDB Pretty Printers <a id="development-advanced-gdb-pretty-printer"></a>
+
+Install the `boost`, `python` and `icinga2` pretty printers. Absolute paths are required,
+so please make sure to update the installation paths accordingly (`pwd`).
+
+```
+$ mkdir -p ~/.gdb_printers && cd ~/.gdb_printers
+```
+
+Boost Pretty Printers compatible with Python 3:
+
+```
+$ git clone https://github.com/mateidavid/Boost-Pretty-Printer.git && cd Boost-Pretty-Printer
+$ git checkout python-3
+$ pwd
+/home/michi/.gdb_printers/Boost-Pretty-Printer
+```
+
+Python Pretty Printers:
+
+```
+$ cd ~/.gdb_printers
+$ svn co svn://gcc.gnu.org/svn/gcc/trunk/libstdc++-v3/python
+```
+
+Icinga 2 Pretty Printers:
+
+```
+$ mkdir -p ~/.gdb_printers/icinga2 && cd ~/.gdb_printers/icinga2
+$ wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/debug/gdb/icingadbg.py
+```
+
+Now you'll need to modify/setup your `~/.gdbinit` configuration file.
+You can download the one from Icinga 2 and modify all paths.
+
+Example on Fedora 22:
+
+```
+$ wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/debug/gdb/gdbinit -O ~/.gdbinit
+$ vim ~/.gdbinit
+
+set print pretty on
+
+python
+import sys
+sys.path.insert(0, '/home/michi/.gdb_printers/icinga2')
+from icingadbg import register_icinga_printers
+register_icinga_printers()
+end
+
+python
+import sys
+sys.path.insert(0, '/home/michi/.gdb_printers/python')
+from libstdcxx.v6.printers import register_libstdcxx_printers
+try:
+    register_libstdcxx_printers(None)
+except:
+    pass
+end
+
+python
+import sys
+sys.path.insert(0, '/home/michi/.gdb_printers/Boost-Pretty-Printer')
+import boost_print
+boost_print.register_printers()
+end
+```
+
+If you are getting the following error when running gdb, the `libstdcxx`
+printers are already preloaded in your environment and you can remove
+the duplicate import in your `~/.gdbinit` file.
+
+```
+RuntimeError: pretty-printer already registered: libstdc++-v6
+```
 
diff --git a/doc/22-selinux.md b/doc/22-selinux.md
index 0e442ecf3..20074d52a 100644
--- a/doc/22-selinux.md
+++ b/doc/22-selinux.md
@@ -18,16 +18,18 @@ There are two ways of installing the SELinux Policy for Icinga 2 on Enterprise L
 
 If the system runs in enforcing mode and you encounter problems you can set Icinga 2's domain to permissive mode.
 
-    # sestatus
-    SELinux status:                 enabled
-    SELinuxfs mount:                /sys/fs/selinux
-    SELinux root directory:         /etc/selinux
-    Loaded policy name:             targeted
-    Current mode:                   enforcing
-    Mode from config file:          enforcing
-    Policy MLS status:              enabled
-    Policy deny_unknown status:     allowed
-    Max kernel policy version:      28
+```
+# sestatus
+SELinux status:                 enabled
+SELinuxfs mount:                /sys/fs/selinux
+SELinux root directory:         /etc/selinux
+Loaded policy name:             targeted
+Current mode:                   enforcing
+Mode from config file:          enforcing
+Policy MLS status:              enabled
+Policy deny_unknown status:     allowed
+Max kernel policy version:      28
+```
 
 You can change the configured mode by editing `/etc/selinux/config` and the current mode by executing `setenforce 0`.
 
@@ -35,13 +37,17 @@ You can change the configured mode by editing `/etc/selinux/config` and the curr
 
 Simply add the `icinga2-selinux` package to your installation.
 
-    # yum install icinga2-selinux
+```
+# yum install icinga2-selinux
+```
 
 Ensure that the `icinga2` process is running in its own `icinga2_t` domain after installing the policy package:
 
-    # systemctl restart icinga2.service
-    # ps -eZ | grep icinga2
-    system_u:system_r:icinga2_t:s0   2825 ?        00:00:00 icinga2
+```
+# systemctl restart icinga2.service
+# ps -eZ | grep icinga2
+system_u:system_r:icinga2_t:s0   2825 ?        00:00:00 icinga2
+```
 
 #### Manual installation <a id="selinux-policy-installation-manual"></a>
 
@@ -49,24 +55,32 @@ This section describes the installation to support development and testing. It a
 
 As a prerequisite install the `git`, `selinux-policy-devel` and `audit` packages. Enable and start the audit daemon afterwards:
 
-    # yum install git selinux-policy-devel audit
-    # systemctl enable auditd.service
-    # systemctl start auditd.service
+```
+# yum install git selinux-policy-devel audit
+# systemctl enable auditd.service
+# systemctl start auditd.service
+```
 
 After that clone the icinga2 git repository:
 
-    # git clone https://github.com/icinga/icinga2
+```
+# git clone https://github.com/icinga/icinga2
+```
 
 To create and install the policy package run the installation script which also labels the resources. (The script assumes Icinga 2 was started once after system startup, the labeling of the port will only happen once and fail later on.)
 
-    # cd tools/selinux/
-    # ./icinga.sh
+```
+# cd tools/selinux/
+# ./icinga.sh
+```
 
 After that restart Icinga 2 and verify it running in its own domain `icinga2_t`.
 
-    # systemctl restart icinga2.service
-    # ps -eZ | grep icinga2
-    system_u:system_r:icinga2_t:s0   2825 ?        00:00:00 icinga2
+```
+# systemctl restart icinga2.service
+# ps -eZ | grep icinga2
+system_u:system_r:icinga2_t:s0   2825 ?        00:00:00 icinga2
+```
 
 ### General <a id="selinux-policy-general"></a>
 
@@ -106,6 +120,10 @@ SELinux is based on the least level of access required for a service to run. Usi
 
 Having this boolean enabled allows icinga2 to connect to all ports. This can be necessary if you use features which connect to unconfined services, for example the [influxdb writer](14-features.md#influxdb-writer).
 
+**icinga2_run_sudo** 
+
+To allow Icinga 2 executing plugins via sudo you can toogle this boolean. It is disabled by default, resulting in error messages like `execvpe(sudo) failed: Permission denied`.
+
 **httpd_can_write_icinga2_command** 
 
 To allow httpd to write to the command pipe of icinga2 this boolean has to be enabled. This is enabled by default, if not needed you can disable it for more security.
@@ -126,23 +144,29 @@ Make sure to report the bugs in the policy afterwards.
 
 Download and install a plugin, for example check_mysql_health.
 
-    # wget https://labs.consol.de/download/shinken-nagios-plugins/check_mysql_health-2.1.9.2.tar.gz
-    # tar xvzf check_mysql_health-2.1.9.2.tar.gz
-    # cd check_mysql_health-2.1.9.2/
-    # ./configure --libexecdir /usr/lib64/nagios/plugins
-    # make
-    # make install
+```
+# wget https://labs.consol.de/download/shinken-nagios-plugins/check_mysql_health-2.1.9.2.tar.gz
+# tar xvzf check_mysql_health-2.1.9.2.tar.gz
+# cd check_mysql_health-2.1.9.2/
+# ./configure --libexecdir /usr/lib64/nagios/plugins
+# make
+# make install
+```
 
 It is labeled `nagios_unconfined_plugins_exec_t` by default, so it runs without restrictions.
 
-    # ls -lZ /usr/lib64/nagios/plugins/check_mysql_health
-    -rwxr-xr-x. root root system_u:object_r:nagios_unconfined_plugin_exec_t:s0 /usr/lib64/nagios/plugins/check_mysql_health
+```
+# ls -lZ /usr/lib64/nagios/plugins/check_mysql_health
+-rwxr-xr-x. root root system_u:object_r:nagios_unconfined_plugin_exec_t:s0 /usr/lib64/nagios/plugins/check_mysql_health
+```
 
 In this case the plugin is monitoring a service, so it should be labeled `nagios_services_plugin_exec_t` to restrict its permissions.
 
-    # chcon -t nagios_services_plugin_exec_t /usr/lib64/nagios/plugins/check_mysql_health
-    # ls -lZ /usr/lib64/nagios/plugins/check_mysql_health
-    -rwxr-xr-x. root root system_u:object_r:nagios_services_plugin_exec_t:s0 /usr/lib64/nagios/plugins/check_mysql_health
+```
+# chcon -t nagios_services_plugin_exec_t /usr/lib64/nagios/plugins/check_mysql_health
+# ls -lZ /usr/lib64/nagios/plugins/check_mysql_health
+-rwxr-xr-x. root root system_u:object_r:nagios_services_plugin_exec_t:s0 /usr/lib64/nagios/plugins/check_mysql_health
+```
 
 The plugin still runs fine but if someone changes the script to do weird stuff it will fail to do so.
 
@@ -152,28 +176,56 @@ You are running graphite on a different port than `2003` and want `icinga2` to c
 
 Change the port value for the graphite feature according to your graphite installation before enabling it.
 
-    # cat /etc/icinga2/features-enabled/graphite.conf
-    /**
-     * The GraphiteWriter type writes check result metrics and
-     * performance data to a graphite tcp socket.
-     */
+```
+# cat /etc/icinga2/features-enabled/graphite.conf
+/**
+ * The GraphiteWriter type writes check result metrics and
+ * performance data to a graphite tcp socket.
+ */
 
-    library "perfdata"
+library "perfdata"
 
-    object GraphiteWriter "graphite" {
-      //host = "127.0.0.1"
-      //port = 2003
-      port = 2004
-    }
-    # icinga2 feature enable graphite
+object GraphiteWriter "graphite" {
+  //host = "127.0.0.1"
+  //port = 2003
+  port = 2004
+}
+# icinga2 feature enable graphite
+```
 
-Before you restart the icinga2 service allow it to connect to all ports by enabling the boolean ´icinga2_can_connect_all` (now and permanent).
+Before you restart the icinga2 service allow it to connect to all ports by enabling the boolean `icinga2_can_connect_all` (now and permanent).
 
-    # setsebool icinga2_can_connect_all true
-    # setsebool -P icinga2_can_connect_all true
+```
+# setsebool icinga2_can_connect_all true
+# setsebool -P icinga2_can_connect_all true
+```
 
 If you restart the daemon now it will successfully connect to graphite.
 
+#### Running plugins requiring sudo  <a id="selinux-policy-examples-sudo"></a>
+
+Some plugins require privileged access to the system and are designied to be executed via `sudo` to get these privileges.
+
+In this case it is the CheckCommand [running_kernel](10-icinga-template-library.md#plugin-contrib-command-running_kernel) which is set to use `sudo`.
+
+    # cat /etc/icinga2/conf.d/services.conf
+    apply Service "kernel" {
+      import "generic-service"
+
+      check_command = "running_kernel"
+
+      vars.running_kernel_use_sudo = true
+
+      assign where host.name == NodeName
+    }
+
+Having this Service defined will result in a UNKNOWN state and the error message `execvpe(sudo) failed: Permission denied` because SELinux dening the execution.
+
+Switching the boolean `icinga2_run_sudo` to allow the execution will result in the check executed successfully.
+
+    # setsebool icinga2_run_sudo true
+    # setsebool -P icinga2_run_sudo true
+
 #### Confining a user <a id="selinux-policy-examples-user"></a>
 
 If you want to have an administrative account capable of only managing icinga2 and not the complete system, you can restrict the privileges by confining
@@ -181,49 +233,63 @@ this user. This is completly optional!
 
 Start by adding the Icinga 2 administrator role `icinga2adm_r` to the administrative SELinux user `staff_u`.
 
-    # semanage user -m -R "staff_r sysadm_r system_r unconfined_r icinga2adm_r" staff_u
+```
+# semanage user -m -R "staff_r sysadm_r system_r unconfined_r icinga2adm_r" staff_u
+```
 
 Confine your user login and create a sudo rule.
 
-    # semanage login -a dirk -s staff_u
-    # echo "dirk ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/dirk
+```
+# semanage login -a dirk -s staff_u
+# echo "dirk ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/dirk
+```
 
 Login to the system using ssh and verify your id.
 
-    $ id -Z
-    staff_u:staff_r:staff_t:s0-s0:c0.c1023
+```
+$ id -Z
+staff_u:staff_r:staff_t:s0-s0:c0.c1023
+```
 
 Try to execute some commands as root using sudo.
 
-    $ sudo id -Z
-    staff_u:staff_r:staff_t:s0-s0:c0.c1023
-    $ sudo vi /etc/icinga2/icinga2.conf
-    "/etc/icinga2/icinga2.conf" [Permission Denied]
-    $ sudo cat /var/log/icinga2/icinga2.log
-    cat: /var/log/icinga2/icinga2.log: Keine Berechtigung
-    $ sudo systemctl reload icinga2.service
-    Failed to get D-Bus connection: No connection to service manager.
+```
+$ sudo id -Z
+staff_u:staff_r:staff_t:s0-s0:c0.c1023
+$ sudo vi /etc/icinga2/icinga2.conf
+"/etc/icinga2/icinga2.conf" [Permission Denied]
+$ sudo cat /var/log/icinga2/icinga2.log
+cat: /var/log/icinga2/icinga2.log: Keine Berechtigung
+$ sudo systemctl reload icinga2.service
+Failed to get D-Bus connection: No connection to service manager.
+```
 
 Those commands fail because you only switch to root but do not change your SELinux role. Try again but tell sudo also to switch the SELinux role and type.
 
-    $ sudo -r icinga2adm_r -t icinga2adm_t id -Z
-    staff_u:icinga2adm_r:icinga2adm_t:s0-s0:c0.c1023
-    $ sudo -r icinga2adm_r -t icinga2adm_t vi /etc/icinga2/icinga2.conf
-    "/etc/icinga2/icinga2.conf"
-    $ sudo -r icinga2adm_r -t icinga2adm_t cat /var/log/icinga2/icinga2.log
-    [2015-03-26 20:48:14 +0000] information/DynamicObject: Dumping program state to file '/var/lib/icinga2/icinga2.state'
-    $ sudo -r icinga2adm_r -t icinga2adm_t systemctl reload icinga2.service
+```
+$ sudo -r icinga2adm_r -t icinga2adm_t id -Z
+staff_u:icinga2adm_r:icinga2adm_t:s0-s0:c0.c1023
+$ sudo -r icinga2adm_r -t icinga2adm_t vi /etc/icinga2/icinga2.conf
+"/etc/icinga2/icinga2.conf"
+$ sudo -r icinga2adm_r -t icinga2adm_t cat /var/log/icinga2/icinga2.log
+[2015-03-26 20:48:14 +0000] information/DynamicObject: Dumping program state to file '/var/lib/icinga2/icinga2.state'
+$ sudo -r icinga2adm_r -t icinga2adm_t systemctl reload icinga2.service
+```
 
 Now the commands will work, but you have always to remember to add the arguments, so change the sudo rule to set it by default.
 
-    # echo "dirk ALL=(ALL) ROLE=icinga2adm_r TYPE=icinga2adm_t NOPASSWD: ALL" > /etc/sudoers.d/dirk
+```
+# echo "dirk ALL=(ALL) ROLE=icinga2adm_r TYPE=icinga2adm_t NOPASSWD: ALL" > /etc/sudoers.d/dirk
+```
 
 Now try the commands again without providing the role and type and they will work, but if you try to read apache logs or restart apache for example it will still fail.
 
-    $ sudo cat /var/log/httpd/error_log
-    /bin/cat: /var/log/httpd/error_log: Keine Berechtigung
-    $ sudo systemctl reload httpd.service
-    Failed to issue method call: Access denied
+```
+$ sudo cat /var/log/httpd/error_log
+/bin/cat: /var/log/httpd/error_log: Keine Berechtigung
+$ sudo systemctl reload httpd.service
+Failed to issue method call: Access denied
+```
 
 ## Bugreports <a id="selinux-bugreports"></a>
 
@@ -231,7 +297,7 @@ If you experience any problems while running in enforcing mode try to reproduce
 
 After some feedback Icinga 2 is now running in a enforced domain, but still adds also some rules for other necessary services so no problems should occure at all. But you can help to enhance the policy by testing Icinga 2 running confined by SELinux.
 
-Please add the following information to [bug reports](https://www.icinga.com/community/get-involved/):
+Please add the following information to [bug reports](https://icinga.com/community/):
 
 * Versions, configuration snippets, etc.
 * Output of `semodule -l | grep -e icinga2 -e nagios -e apache`
diff --git a/doc/23-migrating-from-icinga-1x.md b/doc/23-migrating-from-icinga-1x.md
index 4dd6e8397..c9cfa5085 100644
--- a/doc/23-migrating-from-icinga-1x.md
+++ b/doc/23-migrating-from-icinga-1x.md
@@ -6,6 +6,33 @@ The Icinga 2 configuration format introduces plenty of behavioural changes. In
 order to ease migration from Icinga 1.x, this section provides hints and tips
 on your migration requirements.
 
+
+### Automated Config Migration <a id="automated-config-migration"></a>
+
+Depending on your previous setup, you may have already used different sources
+for generating the 1.x configuration files. If this is the case,
+we strongly recommend to use these sources in combination with
+the [Icinga Director](https://icinga.com/docs/director/latest/doc/01-Introduction/).
+
+This can be for example:
+
+* A CMDB or RDBMS which provides host details and facts
+* PuppetDB
+* CSV/XSL/JSON files
+* Cloud resources (AWS, etc.)
+
+In case you have been using Icinga Web 1.x or an addon requiring
+the underlying IDO database, you can use this as database resource
+to import the host details.
+
+Talks:
+
+* [This talk from OSMC 2016](https://www.youtube.com/watch?v=T6GBsfeXIZI) shares more insights (German).
+* [Automated Monitoring in heterogeneous environments](https://www.youtube.com/watch?v=bkUlS5rlHzM&list=PLeoxx10paaAn_xHJ5wBhnBJyW_d5G7-Bl&index=8)
+
+Continue reading more about [Import Sources](https://icinga.com/docs/director/latest/doc/70-Import-and-Sync/)
+for the Icinga Director.
+
 ### Manual Config Migration <a id="manual-config-migration"></a>
 
 For a long-term migration of your configuration you should consider re-creating
@@ -33,24 +60,28 @@ all existing Icinga 1.x `*_interval` attributes require an additional `m` durati
 
 Icinga 1.x:
 
-    define service {
-      service_description             service1
-      host_name                       localhost1
-      check_command                   test_customvar
-      use                             generic-service
-      check_interval                  5
-      retry_interval                  1
-    }
+```
+define service {
+  service_description             service1
+  host_name                       localhost1
+  check_command                   test_customvar
+  use                             generic-service
+  check_interval                  5
+  retry_interval                  1
+}
+```
 
 Icinga 2:
 
-    object Service "service1" {
-      import "generic-service"
-      host_name = "localhost1"
-      check_command = "test_customvar"
-      check_interval = 5m
-      retry_interval = 1m
-    }
+```
+object Service "service1" {
+  import "generic-service"
+  host_name = "localhost1"
+  check_command = "test_customvar"
+  check_interval = 5m
+  retry_interval = 1m
+}
+```
 
 #### Manual Config Migration Hints for Services <a id="manual-config-migration-hints-services"></a>
 
@@ -59,77 +90,88 @@ belongs to, you can migrate this to the [apply rules](03-monitoring-basics.md#us
 
 Icinga 1.x:
 
-    define service {
-      service_description             service1
-      host_name                       localhost1,localhost2
-      check_command                   test_check
-      use                             generic-service
-    }
+```
+define service {
+  service_description             service1
+  host_name                       localhost1,localhost2
+  check_command                   test_check
+  use                             generic-service
+}
+```
 
 Icinga 2:
 
-    apply Service "service1" {
-      import "generic-service"
-      check_command = "test_check"
+```
+apply Service "service1" {
+  import "generic-service"
+  check_command = "test_check"
 
-      assign where host.name in [ "localhost1", "localhost2" ]
-    }
+  assign where host.name in [ "localhost1", "localhost2" ]
+}
+```
 
 In Icinga 1.x you would have organized your services with hostgroups using the `hostgroup_name` attribute
 like the following example:
 
-    define service {
-      service_description             servicewithhostgroups
-      hostgroup_name                  hostgroup1,hostgroup3
-      check_command                   test_check
-      use                             generic-service
-    }
+```
+define service {
+  service_description             servicewithhostgroups
+  hostgroup_name                  hostgroup1,hostgroup3
+  check_command                   test_check
+  use                             generic-service
+}
+```
 
 Using Icinga 2 you can migrate this to the [apply rules](03-monitoring-basics.md#using-apply) syntax:
 
-    apply Service "servicewithhostgroups" {
-      import "generic-service"
-      check_command = "test_check"
+```
+apply Service "servicewithhostgroups" {
+  import "generic-service"
+  check_command = "test_check"
 
-      assign where "hostgroup1" in host.groups
-      assign where "hostgroup3" in host.groups
-    }
+  assign where "hostgroup1" in host.groups
+  assign where "hostgroup3" in host.groups
+}
+```
 
 #### Manual Config Migration Hints for Group Members <a id="manual-config-migration-hints-group-members"></a>
 
 The Icinga 1.x hostgroup `hg1` has two members `host1` and `host2`. The hostgroup `hg2` has `host3` as
 a member and includes all members of the `hg1` hostgroup.
 
-    define hostgroup {
-      hostgroup_name                  hg1
-      members                         host1,host2
-    }
+```
+define hostgroup {
+  hostgroup_name                  hg1
+  members                         host1,host2
+}
 
-    define hostgroup {
-      hostgroup_name                  hg2
-      members                         host3
-      hostgroup_members               hg1
-    }
+define hostgroup {
+  hostgroup_name                  hg2
+  members                         host3
+  hostgroup_members               hg1
+}
+```
 
 This can be migrated to Icinga 2 and [using group assign](17-language-reference.md#group-assign). The additional nested hostgroup
 `hg1` is included into `hg2` with the `groups` attribute.
 
+```
+object HostGroup "hg1" {
+  groups = [ "hg2" ]
+  assign where host.name in [ "host1", "host2" ]
+}
 
-    object HostGroup "hg1" {
-      assign where host.name in [ "host1", "host2" ]
-    }
-
-    object HostGroup "hg2" {
-      groups = [ "hg1" ]
-      assign where host.name == "host3"
-    }
+object HostGroup "hg2" {
+  assign where host.name == "host3"
+}
+```
 
 These assign rules can be applied for all groups: `HostGroup`, `ServiceGroup` and `UserGroup`
 (requires renaming from `contactgroup`).
 
 > **Tip**
 >
-> Define custom attributes and assign/ignore members based on these attribute pattern matches.
+> Define custom variables and assign/ignore members based on these attribute pattern matches.
 
 
 
@@ -138,50 +180,54 @@ These assign rules can be applied for all groups: `HostGroup`, `ServiceGroup` an
 Host and service check command arguments are separated by a `!` in Icinga 1.x. Their order is important and they
 are referenced as `$ARGn$` where `n` is the argument counter.
 
-    define command {
-      command_name                      my-ping
-      command_line                      $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
-    }
+```
+define command {
+  command_name                      my-ping
+  command_line                      $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
+}
 
-    define service {
-      use                               generic-service
-      host_name                         my-server
-      service_description               my-ping
-      check_command                     my-ping-check!100.0,20%!500.0,60%
-    }
+define service {
+  use                               generic-service
+  host_name                         my-server
+  service_description               my-ping
+  check_command                     my-ping-check!100.0,20%!500.0,60%
+}
+```
 
 While you could manually migrate this like (please note the new generic command arguments and default argument values!):
 
-    object CheckCommand "my-ping-check" {
-      command = [
-        PluginDir + "/check_ping", "-4"
-      ]
+```
+object CheckCommand "my-ping-check" {
+  command = [
+    PluginDir + "/check_ping", "-4"
+  ]
 
-      arguments = {
-        "-H" = "$ping_address$"
-        "-w" = "$ping_wrta$,$ping_wpl$%"
-        "-c" = "$ping_crta$,$ping_cpl$%"
-        "-p" = "$ping_packets$"
-        "-t" = "$ping_timeout$"
-      }
+  arguments = {
+    "-H" = "$ping_address$"
+    "-w" = "$ping_wrta$,$ping_wpl$%"
+    "-c" = "$ping_crta$,$ping_cpl$%"
+    "-p" = "$ping_packets$"
+    "-t" = "$ping_timeout$"
+  }
 
-      vars.ping_address = "$address$"
-      vars.ping_wrta = 100
-      vars.ping_wpl = 5
-      vars.ping_crta = 200
-      vars.ping_cpl = 15
-    }
+  vars.ping_address = "$address$"
+  vars.ping_wrta = 100
+  vars.ping_wpl = 5
+  vars.ping_crta = 200
+  vars.ping_cpl = 15
+}
 
-    object Service "my-ping" {
-      import "generic-service"
-      host_name = "my-server"
-      check_command = "my-ping-check"
+object Service "my-ping" {
+  import "generic-service"
+  host_name = "my-server"
+  check_command = "my-ping-check"
 
-      vars.ping_wrta = 100
-      vars.ping_wpl = 20
-      vars.ping_crta = 500
-      vars.ping_cpl = 60
-    }
+  vars.ping_wrta = 100
+  vars.ping_wpl = 20
+  vars.ping_crta = 500
+  vars.ping_cpl = 60
+}
+```
 
 #### Manual Config Migration Hints for Runtime Macros <a id="manual-config-migration-hints-runtime-macros"></a>
 
@@ -189,62 +235,73 @@ Runtime macros have been renamed. A detailed comparison table can be found [here
 
 For example, accessing the service check output looks like the following in Icinga 1.x:
 
-    $SERVICEOUTPUT$
+```
+$SERVICEOUTPUT$
+```
 
 In Icinga 2 you will need to write:
 
-    $service.output$
+```
+$service.output$
+```
 
 Another example referencing the host's address attribute in Icinga 1.x:
 
-    $HOSTADDRESS$
+```
+$HOSTADDRESS$
+```
 
 In Icinga 2 you'd just use the following macro to access all `address` attributes (even overridden from the service objects):
 
-    $address$
+```
+$address$
+```
 
+#### Manual Config Migration Hints for Runtime Custom Variables <a id="manual-config-migration-hints-runtime-custom-variables"></a>
 
-#### Manual Config Migration Hints for Runtime Custom Attributes <a id="manual-config-migration-hints-runtime-custom-attributes"></a>
+Custom variables from Icinga 1.x are available as Icinga 2 custom variables.
 
-Custom variables from Icinga 1.x are available as Icinga 2 custom attributes.
+```
+define command {
+  command_name                    test_customvar
+  command_line                    echo "Host CV: $_HOSTCVTEST$ Service CV: $_SERVICECVTEST$\n"
+}
 
-    define command {
-      command_name                    test_customvar
-      command_line                    echo "Host CV: $_HOSTCVTEST$ Service CV: $_SERVICECVTEST$\n"
-    }
+define host {
+  host_name                       localhost1
+  check_command                   test_customvar
+  use                             generic-host
+  _CVTEST                         host cv value
+}
 
-    define host {
-      host_name                       localhost1
-      check_command                   test_customvar
-      use                             generic-host
-      _CVTEST                         host cv value
-    }
-
-    define service {
-      service_description             service1
-      host_name                       localhost1
-      check_command                   test_customvar
-      use                             generic-service
-      _CVTEST                         service cv value
-    }
+define service {
+  service_description             service1
+  host_name                       localhost1
+  check_command                   test_customvar
+  use                             generic-service
+  _CVTEST                         service cv value
+}
+```
 
 Can be written as the following in Icinga 2:
 
-    object CheckCommand "test_customvar" {
-      command = "echo "Host CV: $host.vars.CVTEST$ Service CV: $service.vars.CVTEST$\n""
-    }
+```
+object CheckCommand "test_customvar" {
+  command = "echo "Host CV: $host.vars.CVTEST$ Service CV: $service.vars.CVTEST$\n""
+}
 
-    object Host "localhost1" {
-      import "generic-host"
-      check_command = "test_customvar"
-      vars.CVTEST = "host cv value"
-    }
+object Host "localhost1" {
+  import "generic-host"
+  check_command = "test_customvar"
+  vars.CVTEST = "host cv value"
+}
 
-    object Service "service1" {
-      host_name = "localhost1"
-      check_command = "test_customvar"
-      vars.CVTEST = "service cv value"
-    }
+object Service "service1" {
+  host_name = "localhost1"
+  check_command = "test_customvar"
+  vars.CVTEST = "service cv value"
+}
+```
 
 If you are just defining `$CVTEST$` in your command definition, its value depends on the
 execution scope -- the host check command will fetch the host attribute value of `vars.CVTEST`
@@ -252,30 +309,34 @@ while the service check command resolves its value to the service attribute attr
 
 > **Note**
 >
-> Custom attributes in Icinga 2 are case-sensitive. `vars.CVTEST` is not the same as `vars.CvTest`.
+> Custom variables in Icinga 2 are case-sensitive. `vars.CVTEST` is not the same as `vars.CvTest`.
 
 #### Manual Config Migration Hints for Contacts (Users) <a id="manual-config-migration-hints-contacts-users"></a>
 
 Contacts in Icinga 1.x act as users in Icinga 2, but do not have any notification commands specified.
 This migration part is explained in the [next chapter](23-migrating-from-icinga-1x.md#manual-config-migration-hints-notifications).
 
-    define contact{
-      contact_name                    testconfig-user
-      use                             generic-user
-      alias                           Icinga Test User
-      service_notification_options    c,f,s,u
-      email                           icinga@localhost
-    }
+```
+define contact{
+  contact_name                    testconfig-user
+  use                             generic-user
+  alias                           Icinga Test User
+  service_notification_options    c,f,s,u
+  email                           icinga@localhost
+}
+```
 
 The `service_notification_options` can be [mapped](23-migrating-from-icinga-1x.md#manual-config-migration-hints-notification-filters)
 into generic `state` and `type` filters, if additional notification filtering is required. `alias` gets
 renamed to `display_name`.
 
-    object User "testconfig-user" {
-      import "generic-user"
-      display_name = "Icinga Test User"
-      email = "icinga@localhost"
-    }
+```
+object User "testconfig-user" {
+  import "generic-user"
+  display_name = "Icinga Test User"
+  email = "icinga@localhost"
+}
+```
 
 This user can be put into usergroups (former contactgroups) or referenced in newly migration notification
 objects.
@@ -312,23 +373,28 @@ the host and service notification commands involved.
 Generate a new notification object based on these values. Import the generic template based on the type (`host` or `service`).
 Assign it to the host or service and set the newly generated notification command name as `command` attribute.
 
-    object Notification "<notificationname>" {
-      import "mail-host-notification"
-      host_name = "<thishostname>"
-      command = "<notificationcommandname>"
-
+```
+object Notification "<notificationname>" {
+  import "mail-host-notification"
+  host_name = "<thishostname>"
+  command = "<notificationcommandname>"
+```
 
 Convert the `notification_options` attribute from Icinga 1.x to Icinga 2 `states` and `types`. Details
 [here](23-migrating-from-icinga-1x.md#manual-config-migration-hints-notification-filters). Add the notification period.
 
-      states = [ OK, Warning, Critical ]
-      types = [ Recovery, Problem, Custom ]
-      period = "24x7"
+```
+  states = [ OK, Warning, Critical ]
+  types = [ Recovery, Problem, Custom ]
+  period = "24x7"
+```
 
 The current contact acts as `users` attribute.
 
-      users = [ "<contactwithnotificationcommand>" ]
-    }
+```
+  users = [ "<contactwithnotificationcommand>" ]
+}
+```
 
 Do this in a loop for all notification commands (depending if host or service contact). Once done, dump the
 collected notification commands.
@@ -374,53 +440,57 @@ hostgroup. The default `notification_interval` is set to `10` minutes notifying
 After 20 minutes (`10*2`, notification_interval * first_notification) the notification is escalated to the
 `cg_ops` contactgroup until 60 minutes (`10*6`) have passed.
 
-    define service {
-      service_description             dep_svc01
-      host_name                       dep_hostsvc01,dep_hostsvc03
-      check_command                   test2
-      use                             generic-service
-      notification_interval           10
-      contact_groups                  cg_admin
-    }
+```
+define service {
+  service_description             dep_svc01
+  host_name                       dep_hostsvc01,dep_hostsvc03
+  check_command                   test2
+  use                             generic-service
+  notification_interval           10
+  contact_groups                  cg_admin
+}
 
-    define hostgroup {
-      hostgroup_name                  hg_svcdep2
-      members                         dep_hostsvc03
-    }
+define hostgroup {
+  hostgroup_name                  hg_svcdep2
+  members                         dep_hostsvc03
+}
 
-    # with hostgroup_name and service_description
-    define serviceescalation {
-      hostgroup_name                  hg_svcdep2
-      service_description             dep_svc01
-      first_notification              2
-      last_notification               6
-      contact_groups                  cg_ops
-    }
+# with hostgroup_name and service_description
+define serviceescalation {
+  hostgroup_name                  hg_svcdep2
+  service_description             dep_svc01
+  first_notification              2
+  last_notification               6
+  contact_groups                  cg_ops
+}
+```
 
 In Icinga 2 the service and hostgroup definition will look quite the same. Save the `notification_interval`
 and `contact_groups` attribute for an additional notification.
 
-    apply Service "dep_svc01" {
-      import "generic-service"
+```
+apply Service "dep_svc01" {
+  import "generic-service"
 
-      check_command = "test2"
+  check_command = "test2"
 
-      assign where host.name == "dep_hostsvc01"
-      assign where host.name == "dep_hostsvc03"
-    }
+  assign where host.name == "dep_hostsvc01"
+  assign where host.name == "dep_hostsvc03"
+}
 
-    object HostGroup "hg_svcdep2" {
-      assign where host.name == "dep_hostsvc03"
-    }
+object HostGroup "hg_svcdep2" {
+  assign where host.name == "dep_hostsvc03"
+}
 
-    apply Notification "email" to Service {
-      import "service-mail-notification"
+apply Notification "email" to Service {
+  import "service-mail-notification"
 
-      interval = 10m
-      user_groups = [ "cg_admin" ]
+  interval = 10m
+  user_groups = [ "cg_admin" ]
 
-      assign where service.name == "dep_svc01" && (host.name == "dep_hostsvc01" || host.name == "dep_hostsvc03")
-    }
+  assign where service.name == "dep_svc01" && (host.name == "dep_hostsvc01" || host.name == "dep_hostsvc03")
+}
+```
 
 Calculate the begin and end time for the newly created escalation notification:
 
@@ -429,19 +499,21 @@ Calculate the begin and end time for the newly created escalation notification:
 
 Assign the notification escalation to the service `dep_svc01` on all hosts in the hostgroup `hg_svcdep2`.
 
-    apply Notification "email-escalation" to Service {
-      import "service-mail-notification"
+```
+apply Notification "email-escalation" to Service {
+  import "service-mail-notification"
 
-      interval = 10m
-      user_groups = [ "cg_ops" ]
+  interval = 10m
+  user_groups = [ "cg_ops" ]
 
-      times = {
-        begin = 20m
-        end = 1h
-      }
+  times = {
+    begin = 20m
+    end = 1h
+  }
 
-      assign where service.name == "dep_svc01" && "hg_svcdep2" in host.groups
-    }
+  assign where service.name == "dep_svc01" && "hg_svcdep2" in host.groups
+}
+```
 
 The assign rule could be made more generic and the notification be applied to more than
 just this service belonging to hosts in the matched hostgroup.
@@ -469,41 +541,43 @@ If the state filter matches, you can define whether to disable checks and notifi
 The following example describes service dependencies. If you migrate from Icinga 1.x, you will only
 want to use the classic `Host-to-Host` and `Service-to-Service` dependency relationships.
 
-    define service {
-      service_description             dep_svc01
-      hostgroup_name                  hg_svcdep1
-      check_command                   test2
-      use                             generic-service
-    }
+```
+define service {
+  service_description             dep_svc01
+  hostgroup_name                  hg_svcdep1
+  check_command                   test2
+  use                             generic-service
+}
 
-    define service {
-      service_description             dep_svc02
-      hostgroup_name                  hg_svcdep2
-      check_command                   test2
-      use                             generic-service
-    }
+define service {
+  service_description             dep_svc02
+  hostgroup_name                  hg_svcdep2
+  check_command                   test2
+  use                             generic-service
+}
 
-    define hostgroup {
-      hostgroup_name                  hg_svcdep2
-      members                         host2
-    }
+define hostgroup {
+  hostgroup_name                  hg_svcdep2
+  members                         host2
+}
 
-    define host{
-      use                             linux-server-template
-      host_name                       host1
-      address                         192.168.1.10
-    }
+define host{
+  use                             linux-server-template
+  host_name                       host1
+  address                         192.168.1.10
+}
 
-    # with hostgroup_name and service_description
-    define servicedependency {
-      host_name                       host1
-      dependent_hostgroup_name        hg_svcdep2
-      service_description             dep_svc01
-      dependent_service_description   *
-      execution_failure_criteria      u,c
-      notification_failure_criteria   w,u,c
-      inherits_parent                 1
-    }
+# with hostgroup_name and service_description
+define servicedependency {
+  host_name                       host1
+  dependent_hostgroup_name        hg_svcdep2
+  service_description             dep_svc01
+  dependent_service_description   *
+  execution_failure_criteria      u,c
+  notification_failure_criteria   w,u,c
+  inherits_parent                 1
+}
+```
 
 Map the dependency attributes accordingly.
 
@@ -517,44 +591,48 @@ Map the dependency attributes accordingly.
 
 And migrate the host and services.
 
-    object Host "host1" {
-      import "linux-server-template"
-      address = "192.168.1.10"
-    }
+```
+object Host "host1" {
+  import "linux-server-template"
+  address = "192.168.1.10"
+}
 
-    object HostGroup "hg_svcdep2" {
-      assign where host.name == "host2"
-    }
+object HostGroup "hg_svcdep2" {
+  assign where host.name == "host2"
+}
 
-    apply Service "dep_svc01" {
-      import "generic-service"
-      check_command = "test2"
+apply Service "dep_svc01" {
+  import "generic-service"
+  check_command = "test2"
 
-      assign where "hp_svcdep1" in host.groups
-    }
+  assign where "hp_svcdep1" in host.groups
+}
 
-    apply Service "dep_svc02" {
-      import "generic-service"
-      check_command = "test2"
+apply Service "dep_svc02" {
+  import "generic-service"
+  check_command = "test2"
 
-      assign where "hp_svcdep2" in host.groups
-    }
+  assign where "hp_svcdep2" in host.groups
+}
+```
 
 When it comes to the `execution_failure_criteria` and `notification_failure_criteria` attribute migration,
 you will need to map the most common values, in this example `u,c` (`Unknown` and `Critical` will cause the
 dependency to fail). Therefore the `Dependency` should be ok on Ok and Warning. `inherits_parents` is always
 enabled.
 
-    apply Dependency "all-svc-for-hg-hg_svcdep2-on-host1-dep_svc01" to Service {
-      parent_host_name = "host1"
-      parent_service_name = "dep_svc01"
+```
+apply Dependency "all-svc-for-hg-hg_svcdep2-on-host1-dep_svc01" to Service {
+  parent_host_name = "host1"
+  parent_service_name = "dep_svc01"
 
-      states = [ Ok, Warning ]
-      disable_checks = true
-      disable_notifications = true
+  states = [ Ok, Warning ]
+  disable_checks = true
+  disable_notifications = true
 
-      assign where "hg_svcdep2" in host.groups
-    }
+  assign where "hg_svcdep2" in host.groups
+}
+```
 
 Host dependencies are explained in the [next chapter](23-migrating-from-icinga-1x.md#manual-config-migration-hints-host-parents).
 
@@ -570,42 +648,46 @@ virtual machines `vmware-vm1` and `vmware-vm2`.
 By default all hosts in the hostgroup `vmware` should get the parent assigned. This isn't really
 solvable with Icinga 1.x parents, but only with host dependencies.
 
-    define host{
-      use                             linux-server-template
-      host_name                       vmware-master
-      hostgroups                      vmware
-      address                         192.168.1.10
-    }
+```
+define host{
+  use                             linux-server-template
+  host_name                       vmware-master
+  hostgroups                      vmware
+  address                         192.168.1.10
+}
 
-    define host{
-      use                             linux-server-template
-      host_name                       vmware-vm1
-      hostgroups                      vmware
-      address                         192.168.27.1
-      parents                         vmware-master
-    }
+define host{
+  use                             linux-server-template
+  host_name                       vmware-vm1
+  hostgroups                      vmware
+  address                         192.168.27.1
+  parents                         vmware-master
+}
 
-    define host{
-      use                             linux-server-template
-      host_name                       vmware-vm2
-      hostgroups                      vmware
-      address                         192.168.28.1
-      parents                         vmware-master
-    }
+define host{
+  use                             linux-server-template
+  host_name                       vmware-vm2
+  hostgroups                      vmware
+  address                         192.168.28.1
+  parents                         vmware-master
+}
+```
 
 By default all hosts in the hostgroup `vmware` should get the parent assigned (but not the `vmware-master`
 host itself). This isn't really solvable with Icinga 1.x parents, but only with host dependencies as shown
 below:
 
-    define hostdependency {
-      dependent_hostgroup_name        vmware
-      dependent_host_name             !vmware-master
-      host_name                       vmware-master
-      inherits_parent                 1
-      notification_failure_criteria   d,u
-      execution_failure_criteria      d,u
-      dependency_period               testconfig-24x7
-    }
+```
+define hostdependency {
+  dependent_hostgroup_name        vmware
+  dependent_host_name             !vmware-master
+  host_name                       vmware-master
+  inherits_parent                 1
+  notification_failure_criteria   d,u
+  execution_failure_criteria      d,u
+  dependency_period               testconfig-24x7
+}
+```
 
 When migrating to Icinga 2, the parents must be changed to a newly created host dependency.
 
@@ -620,33 +702,34 @@ Map the following attributes
 
 The Icinga 2 configuration looks like this:
 
+```
+object Host "vmware-master" {
+  import "linux-server-template"
+  groups += [ "vmware" ]
+  address = "192.168.1.10"
+  vars.is_vmware_master = true
+}
 
-    object Host "vmware-master" {
-      import "linux-server-template"
-      groups += [ "vmware" ]
-      address = "192.168.1.10"
-      vars.is_vmware_master = true
-    }
+object Host "vmware-vm1" {
+  import "linux-server-template"
+  groups += [ "vmware" ]
+  address = "192.168.27.1"
+}
 
-    object Host "vmware-vm1" {
-      import "linux-server-template"
-      groups += [ "vmware" ]
-      address = "192.168.27.1"
-    }
+object Host "vmware-vm2" {
+  import "linux-server-template"
+  groups += [ "vmware" ]
+  address = "192.168.28.1"
+}
 
-    object Host "vmware-vm2" {
-      import "linux-server-template"
-      groups += [ "vmware" ]
-      address = "192.168.28.1"
-    }
+apply Dependency "vmware-master" to Host {
+  parent_host_name = "vmware-master"
 
-    apply Dependency "vmware-master" to Host {
-      parent_host_name = "vmware-master"
-
-      assign where "vmware" in host.groups
-      ignore where host.vars.is_vmware_master
-      ignore where host.name == "vmware-master"
-    }
+  assign where "vmware" in host.groups
+  ignore where host.vars.is_vmware_master
+  ignore where host.name == "vmware-master"
+}
+```
 
 For easier identification you could add the `vars.is_vmware_master` attribute to the `vmware-master`
 host and let the dependency ignore that instead of the hardcoded host name. That's different
@@ -655,29 +738,31 @@ to the Icinga 1.x example and a best practice hint only.
 
 Another way to express the same configuration would be something like:
 
-    object Host "vmware-master" {
-      import "linux-server-template"
-      groups += [ "vmware" ]
-      address = "192.168.1.10"
-    }
+```
+object Host "vmware-master" {
+  import "linux-server-template"
+  groups += [ "vmware" ]
+  address = "192.168.1.10"
+}
 
-    object Host "vmware-vm1" {
-      import "linux-server-template"
-      groups += [ "vmware" ]
-      address = "192.168.27.1"
-      vars.parents = [ "vmware-master" ]
-    }
+object Host "vmware-vm1" {
+  import "linux-server-template"
+  groups += [ "vmware" ]
+  address = "192.168.27.1"
+  vars.parents = [ "vmware-master" ]
+}
 
-    object Host "vmware-vm2" {
-      import "linux-server-template"
-      groups += [ "vmware" ]
-      address = "192.168.28.1"
-      vars.parents = [ "vmware-master" ]
-    }
+object Host "vmware-vm2" {
+  import "linux-server-template"
+  groups += [ "vmware" ]
+  address = "192.168.28.1"
+  vars.parents = [ "vmware-master" ]
+}
 
-    apply Dependency "host-to-parent-" for (parent in host.vars.parents) to Host {
-      parent_host_name = parent
-    }
+apply Dependency "host-to-parent-" for (parent in host.vars.parents) to Host {
+  parent_host_name = parent
+}
+```
 
 This example allows finer grained host-to-host dependency, as well as multiple dependency support.
 
@@ -707,24 +792,30 @@ the Icinga daemon at startup.
 
 icinga.cfg:
 
-    enable_notifications=1
+```
+enable_notifications=1
+```
 
 objects.cfg:
 
-    define service {
-       notifications_enabled    0
-    }
+```
+define service {
+   notifications_enabled    0
+}
+```
 
 Icinga 2 supports objects and (global) variables, but does not make a difference 
 between the main configuration file or any other included file.
 
 icinga2.conf:
 
-    const EnableNotifications = true
+```
+const EnableNotifications = true
 
-    object Service "test" {
-        enable_notifications = false
-    }
+object Service "test" {
+    enable_notifications = false
+}
+```
 
 #### Sample Configuration and ITL <a id="differences-1x-2-sample-configuration-itl"></a>
 
@@ -746,7 +837,7 @@ included in `icinga2.conf` by default.
 > **Note**
 >
 > Add your own custom templates in the `conf.d/` directory as well, e.g. inside
-> the [templates.conf](04-configuring-icinga-2.md#templates-conf) file.
+> the [templates.conf](04-configuration.md#templates-conf) file.
 
 ### Main Config File <a id="differences-1x-2-main-config"></a>
 
@@ -754,7 +845,7 @@ In Icinga 1.x there are many global configuration settings available in `icinga.
 Icinga 2 only uses a small set of [global constants](17-language-reference.md#constants) allowing
 you to specify certain different setting such as the `NodeName` in a cluster scenario.
 
-Aside from that, the [icinga2.conf](04-configuring-icinga-2.md#icinga2-conf) should take care of including
+Aside from that, the [icinga2.conf](04-configuration.md#icinga2-conf) should take care of including
 global constants, enabled [features](11-cli-commands.md#enable-features) and the object configuration.
 
 ### Include Files and Directories <a id="differences-1x-2-include-files-dirs"></a>
@@ -765,25 +856,33 @@ suffix in the given directory. Only absolute paths may be used. The `cfg_file`
 and `cfg_dir` directives can include the same file twice which leads to
 configuration errors in Icinga 1.x.
 
-    cfg_file=/etc/icinga/objects/commands.cfg
-    cfg_dir=/etc/icinga/objects
+```
+cfg_file=/etc/icinga/objects/commands.cfg
+cfg_dir=/etc/icinga/objects
+```
 
 Icinga 2 supports wildcard includes and relative paths, e.g. for including
 `conf.d/*.conf` in the same directory.
 
-    include "conf.d/*.conf"
+```
+include "conf.d/*.conf"
+```
 
 If you want to include files and directories recursively, you need to define
 a separate option and add the directory and an optional pattern.
 
-    include_recursive "conf.d"
+```
+include_recursive "conf.d"
+```
 
 A global search path for includes is available for advanced features like
 the Icinga Template Library (ITL) or additional monitoring plugins check
 command configuration.
 
-    include <itl>
-    include <plugins>
+```
+include <itl>
+include <plugins>
+```
 
 By convention the `.conf` suffix is used for Icinga 2 configuration files.
 
@@ -796,13 +895,15 @@ set in the `resource.cfg` configuration file in Icinga 1.x. By convention the
 Icinga 2 uses global constants instead. In the default config these are
 set in the `constants.conf` configuration file:
 
-    /**
-     * This file defines global constants which can be used in
-     * the other configuration files. At a minimum the
-     * PluginDir constant should be defined.
-     */
+```
+/**
+ * This file defines global constants which can be used in
+ * the other configuration files. At a minimum the
+ * PluginDir constant should be defined.
+ */
 
-    const PluginDir = "/usr/lib/nagios/plugins"
+const PluginDir = "/usr/lib/nagios/plugins"
+```
 
 [Global macros](17-language-reference.md#constants) can only be defined once. Trying to modify a
 global constant will result in an error.
@@ -825,35 +926,41 @@ Icinga Web 2 for example).
 Object names are not specified using attributes (e.g. `service_description` for
 services) like in Icinga 1.x but directly after their type definition.
 
-    define service {
-        host_name  localhost
-        service_description  ping4
-    }
+```
+define service {
+    host_name  localhost
+    service_description  ping4
+}
 
-    object Service "ping4" {
-      host_name = "localhost"
-    }
+object Service "ping4" {
+  host_name = "localhost"
+}
+```
 
 ### Templates <a id="differences-1x-2-templates"></a>
 
 In Icinga 1.x templates are identified using the `register 0` setting. Icinga 2
 uses the `template` identifier:
 
-    template Service "ping4-template" { }
+```
+template Service "ping4-template" { }
+```
 
 Icinga 1.x objects inherit from templates using the `use` attribute.
 Icinga 2 uses the keyword `import` with template names in double quotes.
 
-    define service {
-        service_description testservice
-        use                 tmpl1,tmpl2,tmpl3
-    }
+```
+define service {
+    service_description testservice
+    use                 tmpl1,tmpl2,tmpl3
+}
 
-    object Service "testservice" {
-      import "tmpl1"
-      import "tmpl2"
-      import "tmpl3"
-    }
+object Service "testservice" {
+  import "tmpl1"
+  import "tmpl2"
+  import "tmpl3"
+}
+```
 
 The last template overrides previously set values.
 
@@ -862,13 +969,15 @@ The last template overrides previously set values.
 Icinga 1.x separates attribute and value pairs with whitespaces/tabs. Icinga 2
 requires an equal sign (=) between them.
 
-    define service {
-        check_interval  5
-    }
+```
+define service {
+    check_interval  5
+}
 
-    object Service "test" {
-        check_interval = 5m
-    }
+object Service "test" {
+    check_interval = 5m
+}
+```
 
 Please note that the default time value is seconds if no duration literal
 is given. `check_interval = 5` behaves the same as `check_interval = 5s`.
@@ -886,27 +995,27 @@ The `alias` is used for group, timeperiod, etc. objects too.
 Icinga 2 only supports the `display_name` attribute which is also taken into
 account by Icinga web interfaces.
 
-### Custom Attributes <a id="differences-1x-2-custom-attributes"></a>
+### Custom Variables <a id="differences-1x-2-custom-variables"></a>
 
-Icinga 2 allows you to define custom attributes in the `vars` dictionary.
+Icinga 2 allows you to define custom variables in the `vars` dictionary.
 The `notes`, `notes_url`, `action_url`, `icon_image`, `icon_image_alt`
 attributes for host and service objects are still available in Icinga 2.
 
 `2d_coords` and `statusmap_image` are not supported in Icinga 2.
 
-#### Custom Variables <a id="differences-1x-2-custom-variables"></a>
-
 Icinga 1.x custom variable attributes must be prefixed using an underscore (`_`).
-In Icinga 2 these attributes must be added to the `vars` dictionary as custom attributes.
+In Icinga 2 these attributes must be added to the `vars` dictionary as custom variables.
 
-    vars.dn = "cn=icinga2-dev-host,ou=icinga,ou=main,ou=IcingaConfig,ou=LConf,dc=icinga,dc=org"
-    vars.cv = "my custom cmdb description"
+```
+vars.dn = "cn=icinga2-dev-host,ou=icinga,ou=main,ou=IcingaConfig,ou=LConf,dc=icinga,dc=org"
+vars.cv = "my custom cmdb description"
+```
 
-These custom attributes are also used as [command parameters](03-monitoring-basics.md#command-passing-parameters).
+These custom variables are also used as [command parameters](03-monitoring-basics.md#command-passing-parameters).
 
-While Icinga 1.x only supports numbers and strings as custom attribute values,
+While Icinga 1.x only supports numbers and strings as custom variable values,
 Icinga 2 extends that to arrays and (nested) dictionaries. For more details
-look [here](03-monitoring-basics.md#custom-attributes).
+look [here](03-monitoring-basics.md#custom-variables).
 
 ### Host Service Relation <a id="differences-1x-2-host-service-relation"></a>
 
@@ -942,13 +1051,13 @@ and their users.
 ### Macros <a id="differences-1x-2-macros"></a>
 
 Various object attributes and runtime variables can be accessed as macros in
-commands in Icinga 1.x -- Icinga 2 supports all required [custom attributes](03-monitoring-basics.md#custom-attributes).
+commands in Icinga 1.x -- Icinga 2 supports all required [custom variables](03-monitoring-basics.md#custom-variables).
 
 #### Command Arguments <a id="differences-1x-2-command-arguments"></a>
 
 If you have previously used Icinga 1.x, you may already be familiar with
 user and argument definitions (e.g., `USER1` or `ARG1`). Unlike in Icinga 1.x
-the Icinga 2 custom attributes may have arbitrary names and arguments are no
+the Icinga 2 custom variables may have arbitrary names and arguments are no
 longer specified in the `check_command` setting.
 
 In Icinga 1.x arguments are specified in the `check_command` attribute and
@@ -972,7 +1081,7 @@ can be set using the `env` attribute in command objects.
 #### Runtime Macros <a id="differences-1x-2-runtime-macros"></a>
 
 Icinga 2 requires an object specific namespace when accessing configuration
-and stateful runtime macros. Custom attributes can be accessed directly.
+and stateful runtime macros. Custom variables can be accessed directly.
 
 If a runtime macro from Icinga 1.x is not listed here, it is not supported
 by Icinga 2.
@@ -1110,47 +1219,49 @@ Changes to global statistic macros:
 
 The following external commands are not supported:
 
-    CHANGE_*MODATTR
-    CHANGE_CONTACT_HOST_NOTIFICATION_TIMEPERIOD
-    CHANGE_HOST_NOTIFICATION_TIMEPERIOD
-    CHANGE_SVC_NOTIFICATION_TIMEPERIOD
-    DEL_DOWNTIME_BY_HOSTGROUP_NAME
-    DEL_DOWNTIME_BY_START_TIME_COMMENT
-    DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST
-    DISABLE_CONTACT_HOST_NOTIFICATIONS
-    DISABLE_CONTACT_SVC_NOTIFICATIONS
-    DISABLE_CONTACTGROUP_HOST_NOTIFICATIONS
-    DISABLE_CONTACTGROUP_SVC_NOTIFICATIONS
-    DISABLE_FAILURE_PREDICTION
-    DISABLE_HOST_AND_CHILD_NOTIFICATIONS
-    DISABLE_HOST_FRESHNESS_CHECKS
-    DISABLE_NOTIFICATIONS_EXPIRE_TIME
-    DISABLE_SERVICE_FRESHNESS_CHECKS
-    ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST
-    ENABLE_CONTACT_HOST_NOTIFICATIONS
-    ENABLE_CONTACT_SVC_NOTIFICATIONS
-    ENABLE_CONTACTGROUP_HOST_NOTIFICATIONS
-    ENABLE_CONTACTGROUP_SVC_NOTIFICATIONS
-    ENABLE_FAILURE_PREDICTION
-    ENABLE_HOST_AND_CHILD_NOTIFICATIONS
-    ENABLE_HOST_FRESHNESS_CHECKS
-    ENABLE_SERVICE_FRESHNESS_CHECKS
-    READ_STATE_INFORMATION
-    SAVE_STATE_INFORMATION
-    SET_HOST_NOTIFICATION_NUMBER
-    SET_SVC_NOTIFICATION_NUMBER
-    START_ACCEPTING_PASSIVE_HOST_CHECKS
-    START_ACCEPTING_PASSIVE_SVC_CHECKS
-    START_OBSESSING_OVER_HOST
-    START_OBSESSING_OVER_HOST_CHECKS
-    START_OBSESSING_OVER_SVC
-    START_OBSESSING_OVER_SVC_CHECKS
-    STOP_ACCEPTING_PASSIVE_HOST_CHECKS
-    STOP_ACCEPTING_PASSIVE_SVC_CHECKS
-    STOP_OBSESSING_OVER_HOST
-    STOP_OBSESSING_OVER_HOST_CHECKS
-    STOP_OBSESSING_OVER_SVC
-    STOP_OBSESSING_OVER_SVC_CHECKS
+```
+CHANGE_*MODATTR
+CHANGE_CONTACT_HOST_NOTIFICATION_TIMEPERIOD
+CHANGE_HOST_NOTIFICATION_TIMEPERIOD
+CHANGE_SVC_NOTIFICATION_TIMEPERIOD
+DEL_DOWNTIME_BY_HOSTGROUP_NAME
+DEL_DOWNTIME_BY_START_TIME_COMMENT
+DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST
+DISABLE_CONTACT_HOST_NOTIFICATIONS
+DISABLE_CONTACT_SVC_NOTIFICATIONS
+DISABLE_CONTACTGROUP_HOST_NOTIFICATIONS
+DISABLE_CONTACTGROUP_SVC_NOTIFICATIONS
+DISABLE_FAILURE_PREDICTION
+DISABLE_HOST_AND_CHILD_NOTIFICATIONS
+DISABLE_HOST_FRESHNESS_CHECKS
+DISABLE_NOTIFICATIONS_EXPIRE_TIME
+DISABLE_SERVICE_FRESHNESS_CHECKS
+ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST
+ENABLE_CONTACT_HOST_NOTIFICATIONS
+ENABLE_CONTACT_SVC_NOTIFICATIONS
+ENABLE_CONTACTGROUP_HOST_NOTIFICATIONS
+ENABLE_CONTACTGROUP_SVC_NOTIFICATIONS
+ENABLE_FAILURE_PREDICTION
+ENABLE_HOST_AND_CHILD_NOTIFICATIONS
+ENABLE_HOST_FRESHNESS_CHECKS
+ENABLE_SERVICE_FRESHNESS_CHECKS
+READ_STATE_INFORMATION
+SAVE_STATE_INFORMATION
+SET_HOST_NOTIFICATION_NUMBER
+SET_SVC_NOTIFICATION_NUMBER
+START_ACCEPTING_PASSIVE_HOST_CHECKS
+START_ACCEPTING_PASSIVE_SVC_CHECKS
+START_OBSESSING_OVER_HOST
+START_OBSESSING_OVER_HOST_CHECKS
+START_OBSESSING_OVER_SVC
+START_OBSESSING_OVER_SVC_CHECKS
+STOP_ACCEPTING_PASSIVE_HOST_CHECKS
+STOP_ACCEPTING_PASSIVE_SVC_CHECKS
+STOP_OBSESSING_OVER_HOST
+STOP_OBSESSING_OVER_HOST_CHECKS
+STOP_OBSESSING_OVER_SVC
+STOP_OBSESSING_OVER_SVC_CHECKS
+```
 
 ### Asynchronous Event Execution <a id="differences-1x-2-async-event-execution"></a>
 
@@ -1222,27 +1333,31 @@ attribute in the object. The old way of listing all group members in the group's
 `members` attribute is available through `assign where` and `ignore where`
 expressions by using [group assign](03-monitoring-basics.md#group-assign-intro).
 
-    object Host "web-dev" {
-      import "generic-host"
-    }
+```
+object Host "web-dev" {
+  import "generic-host"
+}
 
-    object HostGroup "dev-hosts" {
-      display_name = "Dev Hosts"
-      assign where match("*-dev", host.name)
-    }
+object HostGroup "dev-hosts" {
+  display_name = "Dev Hosts"
+  assign where match("*-dev", host.name)
+}
+```
 
 #### Add Service to Hostgroup where Host is Member <a id="differences-1x-2-service-hostgroup-host"></a>
 
 In order to associate a service with all hosts in a host group the [apply](03-monitoring-basics.md#using-apply)
 keyword can be used:
 
-    apply Service "ping4" {
-      import "generic-service"
+```
+apply Service "ping4" {
+  import "generic-service"
 
-      check_command = "ping4"
+  check_command = "ping4"
 
-      assign where "dev-hosts" in host.groups
-    }
+  assign where "dev-hosts" in host.groups
+}
+```
 
 ### Notifications <a id="differences-1x-2-notifications"></a>
 
@@ -1282,12 +1397,16 @@ Icinga 2 attempts to solve that problem in this way
 
 Previously in Icinga 1.x it looked like this:
 
-    service -> (contact, contactgroup) -> notification command
+```
+service -> (contact, contactgroup) -> notification command
+```
 
 In Icinga 2 it will look like this:
 
-    Service -> Notification -> NotificationCommand
-                            -> User, UserGroup
+```
+Service -> Notification -> NotificationCommand
+                        -> User, UserGroup
+```
 
 #### Escalations <a id="differences-1x-2-escalations"></a>
 
@@ -1295,8 +1414,10 @@ Escalations in Icinga 1.x require a separated object matching on existing
 objects. Escalations happen between a defined start and end time which is
 calculated from the notification_interval:
 
-    start = notification start + (notification_interval * first_notification)
-    end = notification start + (notification_interval * last_notification)
+```
+start = notification start + (notification_interval * first_notification)
+end = notification start + (notification_interval * last_notification)
+```
 
 In theory first_notification and last_notification can be set to readable
 numbers. In practice users are manipulating those attributes in combination
@@ -1319,10 +1440,12 @@ Unlike Icinga 1.x with the 'notification_options' attribute with comma-separated
 state and type filters, Icinga 2 uses two configuration attributes for that.
 All state and type filter use long names OR'd with a pipe together
 
-    notification_options w,u,c,r,f,s
+```
+notification_options w,u,c,r,f,s
 
-    states = [ Warning, Unknown, Critical ]
-    types = [ Problem, Recovery, FlappingStart, FlappingEnd, DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+states = [ Warning, Unknown, Critical ]
+types = [ Problem, Recovery, FlappingStart, FlappingEnd, DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+```
 
 Icinga 2 adds more fine-grained type filters for acknowledgements, downtime,
 and flapping type (start, end, ...).
@@ -1358,7 +1481,9 @@ The Icinga 1.x flapping detection uses the last 21 states of a service. This
 value is hardcoded and cannot be changed. The algorithm on determining a flapping state
 is as follows:
 
-    flapping value = (number of actual state changes / number of possible state changes)
+```
+flapping value = (number of actual state changes / number of possible state changes)
+```
 
 The flapping value is then compared to the low and high flapping thresholds.
 
@@ -1455,6 +1580,6 @@ and configuration distribution problems Icinga 1.x distributed monitoring curren
 
 Icinga 2 implements a new built-in
 [distributed monitoring architecture](06-distributed-monitoring.md#distributed-monitoring-scenarios),
-including config and check distribution, IPv4/IPv6 support, SSL certificates and zone support for DMZ.
+including config and check distribution, IPv4/IPv6 support, TLS certificates and zone support for DMZ.
 High Availability and load balancing are also part of the Icinga 2 Cluster feature, next to local replay
 logs on connection loss ensuring that the event history is kept in sync.
diff --git a/doc/24-appendix.md b/doc/24-appendix.md
index aa293d047..e0f0b2f2a 100644
--- a/doc/24-appendix.md
+++ b/doc/24-appendix.md
@@ -188,7 +188,7 @@ New columns:
   {host,service}group | notes                   | TEXT     | NULL    | -
   {host,service}group | notes_url               | TEXT     | NULL    | -
   {host,service}group | action_url              | TEXT     | NULL    | -
-  customvariable*     | is_json			| integer  | 0	     | Defines whether `varvalue` is a json encoded string from custom attributes, or not
+  customvariable*     | is_json			| integer  | 0	     | Defines whether `varvalue` is a json encoded string from custom variables, or not
   servicestatus       | original_attributes     | TEXT     | NULL    | JSON encoded dictionary of original attributes if modified at runtime.
   hoststatus          | original_attributes     | TEXT     | NULL    | JSON encoded dictionary of original attributes if modified at runtime.
 
@@ -611,7 +611,7 @@ Not supported: `neb_callbacks`, `neb_callbacks_rate`, `requests`, `requests_rate
   host_                 | join      | Prefix for attributes from implicit join with hosts table.
 
 
-#### Livestatus Timeperiod Table Attributes <a id="schema-livestatus-timeperiod-table-attributes"></a>
+#### Livestatus Timeperiods Table Attributes <a id="schema-livestatus-timeperiods-table-attributes"></a>
 
   Key                   | Type      | Note
   ----------------------|-----------|-------------------------
diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
index bbd924b31..3be5b582e 100644
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 file(GLOB DOCSRCS "*.md")
 
diff --git a/doc/icinga2.8 b/doc/icinga2.8
index 81fd9dba8..aa2c34c86 100644
--- a/doc/icinga2.8
+++ b/doc/icinga2.8
@@ -13,7 +13,7 @@ icinga2 \- The Icinga 2 network monitoring daemon
 
 .I command
 := [
-.B api | console | daemon | feature | node | object | pki | repository | troubleshoot | variable
+.B api | ca | console | daemon | feature | node | object | pki | variable
 ]
 .B --help
 
@@ -69,9 +69,9 @@ Config files are processed in the order they are specified on the command-line.
 When no configuration file is specified and the
 .B --no-config
 is not used, Icinga 2 automatically falls back to using the configuration file
-.B SysconfDir + "/icinga2/icinga2.conf"
-(where SysconfDir is usually
-.BI "/etc" ")."
+.B ConfigDir + "/icinga2.conf"
+(where ConfigDir is usually
+.BI "/etc/icinga2" ")."
 
 .TP
 .B "-z, --noconfig"
@@ -90,9 +90,9 @@ Detach from the controlling terminal.
 .SH "REPORTING BUGS"
 Report bugs at <https://github.com/Icinga/icinga2>
 .br
-Icinga home page: <https://www.icinga.com/>
+Icinga home page: <https://icinga.com/>
 .SH COPYRIGHT
-Copyright \(co 2012\-2014 Icinga Development Team (https://www.icinga.com)
+Copyright \(co 2012 Icinga GmbH
 License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl2.html>
 .br
 This is free software: you are free to change and redistribute it.
diff --git a/doc/images/addons/dashing_icinga2.png b/doc/images/addons/dashing_icinga2.png
new file mode 100644
index 000000000..d3e0e42d8
Binary files /dev/null and b/doc/images/addons/dashing_icinga2.png differ
diff --git a/doc/images/addons/icinga_certificate_monitoring.png b/doc/images/addons/icinga_certificate_monitoring.png
new file mode 100644
index 000000000..d1be34b82
Binary files /dev/null and b/doc/images/addons/icinga_certificate_monitoring.png differ
diff --git a/doc/images/addons/icinga_reporting.png b/doc/images/addons/icinga_reporting.png
new file mode 100644
index 000000000..4b561a3fe
Binary files /dev/null and b/doc/images/addons/icinga_reporting.png differ
diff --git a/doc/images/addons/icingaweb2_businessprocess.png b/doc/images/addons/icingaweb2_businessprocess.png
new file mode 100644
index 000000000..7824ded5b
Binary files /dev/null and b/doc/images/addons/icingaweb2_businessprocess.png differ
diff --git a/doc/images/addons/icingaweb2_grafana.png b/doc/images/addons/icingaweb2_grafana.png
new file mode 100644
index 000000000..0861543f4
Binary files /dev/null and b/doc/images/addons/icingaweb2_grafana.png differ
diff --git a/doc/images/addons/icingaweb2_graphite.png b/doc/images/addons/icingaweb2_graphite.png
new file mode 100644
index 000000000..4147ba5f3
Binary files /dev/null and b/doc/images/addons/icingaweb2_graphite.png differ
diff --git a/doc/images/addons/icingaweb2_maps.png b/doc/images/addons/icingaweb2_maps.png
new file mode 100644
index 000000000..5564edabe
Binary files /dev/null and b/doc/images/addons/icingaweb2_maps.png differ
diff --git a/doc/images/api/icinga2_api_powershell_ise.png b/doc/images/api/icinga2_api_powershell_ise.png
new file mode 100644
index 000000000..41acbddf1
Binary files /dev/null and b/doc/images/api/icinga2_api_powershell_ise.png differ
diff --git a/doc/images/configuration/icinga_web_local_server.png b/doc/images/configuration/icinga_web_local_server.png
new file mode 100644
index 000000000..3dac92d07
Binary files /dev/null and b/doc/images/configuration/icinga_web_local_server.png differ
diff --git a/doc/images/development/windows_boost_build_dev_cmd.png b/doc/images/development/windows_boost_build_dev_cmd.png
new file mode 100644
index 000000000..1a3c30c38
Binary files /dev/null and b/doc/images/development/windows_boost_build_dev_cmd.png differ
diff --git a/doc/images/development/windows_builds_gitlab_pipeline.png b/doc/images/development/windows_builds_gitlab_pipeline.png
new file mode 100644
index 000000000..8110c5359
Binary files /dev/null and b/doc/images/development/windows_builds_gitlab_pipeline.png differ
diff --git a/doc/images/development/windows_powershell_posh_git.png b/doc/images/development/windows_powershell_posh_git.png
new file mode 100644
index 000000000..48014a4c5
Binary files /dev/null and b/doc/images/development/windows_powershell_posh_git.png differ
diff --git a/doc/images/development/windows_visual_studio_installer_01.png b/doc/images/development/windows_visual_studio_installer_01.png
new file mode 100644
index 000000000..a8cb44989
Binary files /dev/null and b/doc/images/development/windows_visual_studio_installer_01.png differ
diff --git a/doc/images/development/windows_visual_studio_installer_02.png b/doc/images/development/windows_visual_studio_installer_02.png
new file mode 100644
index 000000000..036997020
Binary files /dev/null and b/doc/images/development/windows_visual_studio_installer_02.png differ
diff --git a/doc/images/development/windows_visual_studio_installer_03.png b/doc/images/development/windows_visual_studio_installer_03.png
new file mode 100644
index 000000000..c29f57f56
Binary files /dev/null and b/doc/images/development/windows_visual_studio_installer_03.png differ
diff --git a/doc/images/development/windows_visual_studio_tabs_c++.png b/doc/images/development/windows_visual_studio_tabs_c++.png
new file mode 100644
index 000000000..d511469be
Binary files /dev/null and b/doc/images/development/windows_visual_studio_tabs_c++.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_endpoints.png b/doc/images/distributed-monitoring/icinga2_distributed_endpoints.png
deleted file mode 100644
index 2ec94445a..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_endpoints.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_agent_checks_command_endpoint.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_agent_checks_command_endpoint.png
new file mode 100644
index 000000000..d55278ee1
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_agent_checks_command_endpoint.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_endpoints.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_endpoints.png
new file mode 100644
index 000000000..aa37f6016
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_endpoints.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_roles.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_roles.png
new file mode 100644
index 000000000..d9018f825
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_roles.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_satellite_config_sync.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_satellite_config_sync.png
new file mode 100644
index 000000000..92dcda953
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_satellite_config_sync.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenario_ha_masters_with_agents.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenario_ha_masters_with_agents.png
new file mode 100644
index 000000000..c45df2cb4
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenario_ha_masters_with_agents.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_satellites_agents.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_satellites_agents.png
new file mode 100644
index 000000000..8535993a2
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_satellites_agents.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_with_agents.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_with_agents.png
new file mode 100644
index 000000000..fe7ac4dcd
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_scenarios_master_with_agents.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_monitoring_zones.png b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_zones.png
new file mode 100644
index 000000000..84b42f804
Binary files /dev/null and b/doc/images/distributed-monitoring/icinga2_distributed_monitoring_zones.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_roles.png b/doc/images/distributed-monitoring/icinga2_distributed_roles.png
deleted file mode 100644
index e581aa5c7..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_roles.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_scenarios_ha_master_clients.png b/doc/images/distributed-monitoring/icinga2_distributed_scenarios_ha_master_clients.png
deleted file mode 100644
index a7d0f76dd..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_scenarios_ha_master_clients.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_scenarios_master_clients.png b/doc/images/distributed-monitoring/icinga2_distributed_scenarios_master_clients.png
deleted file mode 100644
index 475dd0e7c..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_scenarios_master_clients.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_scenarios_master_satellite_client.png b/doc/images/distributed-monitoring/icinga2_distributed_scenarios_master_satellite_client.png
deleted file mode 100644
index 400f83bd7..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_scenarios_master_satellite_client.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_top_down_command_endpoint.png b/doc/images/distributed-monitoring/icinga2_distributed_top_down_command_endpoint.png
deleted file mode 100644
index f34d3a424..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_top_down_command_endpoint.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_top_down_config_sync.png b/doc/images/distributed-monitoring/icinga2_distributed_top_down_config_sync.png
deleted file mode 100644
index 6c3c0e4d1..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_top_down_config_sync.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_windows_client_disk_icingaweb2.png b/doc/images/distributed-monitoring/icinga2_distributed_windows_client_disk_icingaweb2.png
index 8878b99b6..de13ad780 100644
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_windows_client_disk_icingaweb2.png and b/doc/images/distributed-monitoring/icinga2_distributed_windows_client_disk_icingaweb2.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_windows_nscp.png b/doc/images/distributed-monitoring/icinga2_distributed_windows_nscp.png
deleted file mode 100644
index d48ea5932..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_windows_nscp.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_distributed_zones.png b/doc/images/distributed-monitoring/icinga2_distributed_zones.png
deleted file mode 100644
index e5e351639..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_distributed_zones.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_cmd_admin_net_start_stop.png b/doc/images/distributed-monitoring/icinga2_windows_cmd_admin_net_start_stop.png
deleted file mode 100644
index 506d5987d..000000000
Binary files a/doc/images/distributed-monitoring/icinga2_windows_cmd_admin_net_start_stop.png and /dev/null differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_01.png b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_01.png
index 358548b0e..8460dc66d 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_01.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_01.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_02.png b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_02.png
index d23b7d68c..476b6d2ea 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_02.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_02.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_03.png b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_03.png
index 3e44e50af..35aad8348 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_03.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_03.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_04.png b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_04.png
index 2b6b1ac6d..4d314e643 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_04.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_04.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_05.png b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_05.png
index a6f974275..7b2c3d889 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_installer_05.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_installer_05.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_01.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_01.png
index dbc9d9448..c74857ab6 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_01.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_01.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02.png
index b065056ca..7084985b0 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02_global_zone.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02_global_zone.png
index 1f589d967..c0bc4e04c 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02_global_zone.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_02_global_zone.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_03.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_03.png
index 33cf736b9..0d246f4c3 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_03.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_03.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_04.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_04.png
index 3d4c5816a..9f1a5d033 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_04.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_04.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_01.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_01.png
index 628aaff99..8f9df0dc6 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_01.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_01.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_no_ticket.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_no_ticket.png
index b7cee9013..1c91f2d50 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_no_ticket.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_no_ticket.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_with_ticket.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_with_ticket.png
index 8d1b3c42d..3d602373e 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_with_ticket.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_with_ticket.png differ
diff --git a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_examine_config.png b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_examine_config.png
index 32f22cf21..f56877638 100644
Binary files a/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_examine_config.png and b/doc/images/distributed-monitoring/icinga2_windows_setup_wizard_examine_config.png differ
diff --git a/doc/images/getting-started/mariadb-centos7.png b/doc/images/installation/mariadb-centos7.png
similarity index 100%
rename from doc/images/getting-started/mariadb-centos7.png
rename to doc/images/installation/mariadb-centos7.png
diff --git a/doc/images/getting-started/nano-syntax.png b/doc/images/installation/nano-syntax.png
similarity index 100%
rename from doc/images/getting-started/nano-syntax.png
rename to doc/images/installation/nano-syntax.png
diff --git a/doc/images/getting-started/postgr-import-ido.png b/doc/images/installation/postgr-import-ido.png
similarity index 100%
rename from doc/images/getting-started/postgr-import-ido.png
rename to doc/images/installation/postgr-import-ido.png
diff --git a/doc/images/getting-started/vim-syntax.png b/doc/images/installation/vim-syntax.png
similarity index 100%
rename from doc/images/getting-started/vim-syntax.png
rename to doc/images/installation/vim-syntax.png
diff --git a/doc/update-links.py b/doc/update-links.py
index 24bfcde58..765d4a04f 100755
--- a/doc/update-links.py
+++ b/doc/update-links.py
@@ -1,20 +1,5 @@
 #!/usr/bin/env python
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 import os
 import sys
diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt
index bffca3016..f693bbcd4 100644
--- a/etc/CMakeLists.txt
+++ b/etc/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 if(NOT WIN32)
   configure_file(icinga2/constants.conf.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2/constants.conf @ONLY)
@@ -24,55 +9,52 @@ if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
 endif()
 
 if(NOT WIN32)
-  install_if_not_exists(${CMAKE_CURRENT_BINARY_DIR}/icinga2/constants.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2)
-	install_if_not_exists(icinga2/icinga2.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2)
+  install_if_not_exists(${CMAKE_CURRENT_BINARY_DIR}/icinga2/constants.conf ${ICINGA2_CONFIGDIR})
+	install_if_not_exists(icinga2/icinga2.conf ${ICINGA2_CONFIGDIR})
 else()
-  install_if_not_exists(${CMAKE_CURRENT_SOURCE_DIR}/icinga2/win32/constants.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2)
-		install_if_not_exists(icinga2/win32/icinga2.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2)
+  install_if_not_exists(${CMAKE_CURRENT_SOURCE_DIR}/icinga2/win32/constants.conf ${ICINGA2_CONFIGDIR})
+		install_if_not_exists(icinga2/win32/icinga2.conf ${ICINGA2_CONFIGDIR})
 endif()
 
-install_if_not_exists(icinga2/zones.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2)
-install_if_not_exists(icinga2/conf.d/app.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-install_if_not_exists(icinga2/conf.d/commands.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-install_if_not_exists(icinga2/conf.d/downtimes.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-install_if_not_exists(icinga2/conf.d/groups.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
+install_if_not_exists(icinga2/zones.conf ${ICINGA2_CONFIGDIR})
+install_if_not_exists(icinga2/conf.d/app.conf ${ICINGA2_CONFIGDIR}/conf.d)
+install_if_not_exists(icinga2/conf.d/commands.conf ${ICINGA2_CONFIGDIR}/conf.d)
+install_if_not_exists(icinga2/conf.d/downtimes.conf ${ICINGA2_CONFIGDIR}/conf.d)
+install_if_not_exists(icinga2/conf.d/groups.conf ${ICINGA2_CONFIGDIR}/conf.d)
 
 if(NOT WIN32)
-  install_if_not_exists(icinga2/conf.d/hosts.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-	install_if_not_exists(icinga2/conf.d/services.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
+  install_if_not_exists(icinga2/conf.d/hosts.conf ${ICINGA2_CONFIGDIR}/conf.d)
+	install_if_not_exists(icinga2/conf.d/services.conf ${ICINGA2_CONFIGDIR}/conf.d)
 else()
-  install_if_not_exists(icinga2/conf.d/win32/hosts.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-	install_if_not_exists(icinga2/conf.d/win32/services.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
+  install_if_not_exists(icinga2/conf.d/win32/hosts.conf ${ICINGA2_CONFIGDIR}/conf.d)
+	install_if_not_exists(icinga2/conf.d/win32/services.conf ${ICINGA2_CONFIGDIR}/conf.d)
 endif()
 
-install_if_not_exists(icinga2/conf.d/notifications.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-install_if_not_exists(icinga2/conf.d/templates.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-install_if_not_exists(icinga2/conf.d/timeperiods.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-install_if_not_exists(icinga2/conf.d/users.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d)
-install_if_not_exists(icinga2/features-available/api.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available)
-install_if_not_exists(icinga2/features-available/debuglog.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available)
-install_if_not_exists(icinga2/features-available/mainlog.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available)
+install_if_not_exists(icinga2/conf.d/notifications.conf ${ICINGA2_CONFIGDIR}/conf.d)
+install_if_not_exists(icinga2/conf.d/templates.conf ${ICINGA2_CONFIGDIR}/conf.d)
+install_if_not_exists(icinga2/conf.d/timeperiods.conf ${ICINGA2_CONFIGDIR}/conf.d)
+install_if_not_exists(icinga2/conf.d/users.conf ${ICINGA2_CONFIGDIR}/conf.d)
+install_if_not_exists(icinga2/features-available/api.conf ${ICINGA2_CONFIGDIR}/features-available)
+install_if_not_exists(icinga2/features-available/debuglog.conf ${ICINGA2_CONFIGDIR}/features-available)
+install_if_not_exists(icinga2/features-available/mainlog.conf ${ICINGA2_CONFIGDIR}/features-available)
 if(NOT WIN32)
-  install_if_not_exists(icinga2/features-available/syslog.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available)
+  install_if_not_exists(icinga2/features-available/syslog.conf ${ICINGA2_CONFIGDIR}/features-available)
 endif()
-install_if_not_exists(icinga2/scripts/mail-host-notification.sh ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/scripts)
-install_if_not_exists(icinga2/scripts/mail-service-notification.sh ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/scripts)
-install_if_not_exists(icinga2/zones.d/README ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/zones.d)
+install_if_not_exists(icinga2/scripts/mail-host-notification.sh ${ICINGA2_CONFIGDIR}/scripts)
+install_if_not_exists(icinga2/scripts/mail-service-notification.sh ${ICINGA2_CONFIGDIR}/scripts)
+install_if_not_exists(icinga2/zones.d/README ${ICINGA2_CONFIGDIR}/zones.d)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
-  install_if_not_exists(${CMAKE_CURRENT_BINARY_DIR}/logrotate.d/icinga2 ${CMAKE_INSTALL_SYSCONFDIR}/logrotate.d)
+  install_if_not_exists(${CMAKE_CURRENT_BINARY_DIR}/logrotate.d/icinga2 ${LOGROTATE_DIR})
 endif()
 
 if(NOT WIN32)
-  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SYSCONFDIR}/icinga2/features-enabled\")")
-  install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ../features-available/mainlog.conf \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SYSCONFDIR}/icinga2/features-enabled/mainlog.conf\")")
+  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_CONFIGDIR}/features-enabled\")")
+  install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ../features-available/mainlog.conf \"\$ENV{DESTDIR}${ICINGA2_FULL_CONFIGDIR}/features-enabled/mainlog.conf\")")
 
-  install(
-    FILES bash_completion.d/icinga2
-    DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/bash_completion.d
-  )
+  install(FILES bash_completion.d/icinga2 DESTINATION ${BASHCOMPLETION_DIR})
 else()
-  install_if_not_exists(icinga2/features-enabled/mainlog.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-enabled)
+  install_if_not_exists(icinga2/features-enabled/mainlog.conf ${ICINGA2_CONFIGDIR}/features-enabled)
 endif()
 
 if(${CMAKE_SYSTEM_NAME} MATCHES "(Linux|Solaris|SunOS)")
diff --git a/etc/icinga2/conf.d/commands.conf b/etc/icinga2/conf.d/commands.conf
index 9c5153811..bd511cebc 100644
--- a/etc/icinga2/conf.d/commands.conf
+++ b/etc/icinga2/conf.d/commands.conf
@@ -7,7 +7,7 @@
  */
 
 object NotificationCommand "mail-host-notification" {
-  command = [ SysconfDir + "/icinga2/scripts/mail-host-notification.sh" ]
+  command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
 
   arguments += {
     "-4" = "$notification_address$"
@@ -66,7 +66,7 @@ object NotificationCommand "mail-host-notification" {
 }
 
 object NotificationCommand "mail-service-notification" {
-  command = [ SysconfDir + "/icinga2/scripts/mail-service-notification.sh" ]
+  command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
 
   arguments += {
     "-4" = "$notification_address$"
@@ -146,7 +146,7 @@ object NotificationCommand "mail-service-notification" {
 /*
 
 object NotificationCommand "mail-host-notification" {
-  command = [ SysconfDir + "/icinga2/scripts/mail-host-notification.sh" ]
+  command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
 
   env = {
     NOTIFICATIONTYPE = "$notification.type$"
@@ -164,7 +164,7 @@ object NotificationCommand "mail-host-notification" {
 }
 
 object NotificationCommand "mail-service-notification" {
-  command = [ SysconfDir + "/icinga2/scripts/mail-service-notification.sh" ]
+  command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
 
   env = {
     NOTIFICATIONTYPE = "$notification.type$"
diff --git a/etc/icinga2/conf.d/hosts.conf b/etc/icinga2/conf.d/hosts.conf
index 5ff1f9b61..0118f033e 100644
--- a/etc/icinga2/conf.d/hosts.conf
+++ b/etc/icinga2/conf.d/hosts.conf
@@ -23,7 +23,7 @@ object Host NodeName {
   address = "127.0.0.1"
   address6 = "::1"
 
-  /* Set custom attribute `os` for hostgroup assignment in `groups.conf`. */
+  /* Set custom variable `os` for hostgroup assignment in `groups.conf`. */
   vars.os = "Linux"
 
   /* Define http vhost attributes for service apply rules in `services.conf`. */
diff --git a/etc/icinga2/conf.d/notifications.conf b/etc/icinga2/conf.d/notifications.conf
index 6a7e1f5a4..ac6587546 100644
--- a/etc/icinga2/conf.d/notifications.conf
+++ b/etc/icinga2/conf.d/notifications.conf
@@ -2,7 +2,7 @@
  * The example notification apply rules.
  *
  * Only applied if host/service objects have
- * the custom attribute `notification` defined
+ * the custom variable `notification` defined
  * and containing `mail` as key.
  *
  * Check `hosts.conf` for an example.
diff --git a/etc/icinga2/conf.d/services.conf b/etc/icinga2/conf.d/services.conf
index 416915bc0..c8e1b3cc6 100644
--- a/etc/icinga2/conf.d/services.conf
+++ b/etc/icinga2/conf.d/services.conf
@@ -42,7 +42,7 @@ apply Service "ping6" {
 /*
  * Apply the `ssh` service to all hosts
  * with the `address` attribute defined and
- * the custom attribute `os` set to `Linux`.
+ * the custom variable `os` set to `Linux`.
  */
 apply Service "ssh" {
   import "generic-service"
diff --git a/etc/icinga2/conf.d/win32/hosts.conf b/etc/icinga2/conf.d/win32/hosts.conf
index 53d169a8a..ecee11a94 100644
--- a/etc/icinga2/conf.d/win32/hosts.conf
+++ b/etc/icinga2/conf.d/win32/hosts.conf
@@ -23,7 +23,7 @@ object Host NodeName {
   address = "127.0.0.1"
   address6 = "::1"
 
-  /* Set custom attribute `os` for hostgroup assignment in `groups.conf`. */
+  /* Set custom variable `os` for hostgroup assignment in `groups.conf`. */
   vars.os = "Windows"
 
   /* Define disks and attributes for service apply rules in `services.conf`. */
diff --git a/etc/icinga2/features-available/debuglog.conf b/etc/icinga2/features-available/debuglog.conf
index 6e8e5813e..e66518fe1 100644
--- a/etc/icinga2/features-available/debuglog.conf
+++ b/etc/icinga2/features-available/debuglog.conf
@@ -6,6 +6,5 @@
 
 object FileLogger "debug-file" {
   severity = "debug"
-  path = LocalStateDir + "/log/icinga2/debug.log"
+  path = LogDir + "/debug.log"
 }
-
diff --git a/etc/icinga2/features-available/mainlog.conf b/etc/icinga2/features-available/mainlog.conf
index ded9a7c7d..a3bb19dab 100644
--- a/etc/icinga2/features-available/mainlog.conf
+++ b/etc/icinga2/features-available/mainlog.conf
@@ -4,6 +4,5 @@
 
 object FileLogger "main-log" {
   severity = "information"
-  path = LocalStateDir + "/log/icinga2/icinga2.log"
+  path = LogDir + "/icinga2.log"
 }
-
diff --git a/etc/icinga2/scripts/mail-host-notification.sh b/etc/icinga2/scripts/mail-host-notification.sh
index 6401ce5a0..2b0619c38 100755
--- a/etc/icinga2/scripts/mail-host-notification.sh
+++ b/etc/icinga2/scripts/mail-host-notification.sh
@@ -1,7 +1,6 @@
-#!/usr/bin/env bash
-#
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-# Except of function urlencode which is Copyright (C) by Brian White (brian@aljex.com) used under MIT license 
+#!/bin/sh
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
+# Except of function urlencode which is Copyright (C) by Brian White (brian@aljex.com) used under MIT license
 
 PROG="`basename $0`"
 ICINGA2HOST="`hostname`"
@@ -51,11 +50,14 @@ Error() {
 }
 
 urlencode() {
-  local LANG=C i c e=''
-  for ((i=0;i<${#1};i++)); do
-    c=${1:$i:1}
-    [[ "$c" =~ [a-zA-Z0-9\.\~\_\-] ]] || printf -v c '%%%02X' "'$c"
-    e+="$c"
+  local LANG=C i=0 c e s="$1"
+
+  while [ $i -lt ${#1} ]; do
+    [ "$i" -eq 0 ] || s="${s#?}"
+    c=${s%"${s#?}"}
+    [ -z "${c#[[:alnum:].~_-]}" ] || c=$(printf '%%%02X' "'$c")
+    e="${e}${c}"
+    i=$((i + 1))
   done
   echo "$e"
 }
@@ -156,13 +158,15 @@ if [ -n "$MAILFROM" ] ; then
 
   ## Debian/Ubuntu use mailutils which requires `-a` to append the header
   if [ -f /etc/debian_version ]; then
-    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | $MAILBIN -a "From: $MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
+    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE"  | tr -d '\015'
+    | $MAILBIN -a "From: $MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
   ## Other distributions (RHEL/SUSE/etc.) prefer mailx which sets a sender address with `-r`
   else
-    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | $MAILBIN -r "$MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
+    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
+    | $MAILBIN -r "$MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
   fi
 
 else
-  /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" \
+  /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
   | $MAILBIN -s "$ENCODED_SUBJECT" $USEREMAIL
 fi
diff --git a/etc/icinga2/scripts/mail-service-notification.sh b/etc/icinga2/scripts/mail-service-notification.sh
index a0c34a129..644d9d39f 100755
--- a/etc/icinga2/scripts/mail-service-notification.sh
+++ b/etc/icinga2/scripts/mail-service-notification.sh
@@ -1,6 +1,5 @@
-#!/usr/bin/env bash
-#
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
+#!/bin/sh
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 # Except of function urlencode which is Copyright (C) by Brian White (brian@aljex.com) used under MIT license
 
 PROG="`basename $0`"
@@ -53,11 +52,14 @@ Error() {
 }
 
 urlencode() {
-  local LANG=C i c e=''
-  for ((i=0;i<${#1};i++)); do
-    c=${1:$i:1}
-    [[ "$c" =~ [a-zA-Z0-9\.\~\_\-] ]] || printf -v c '%%%02X' "'$c"
-    e+="$c"
+  local LANG=C i=0 c e s="$1"
+
+  while [ $i -lt ${#1} ]; do
+    [ "$i" -eq 0 ] || s="${s#?}"
+    c=${s%"${s#?}"}
+    [ -z "${c#[[:alnum:].~_-]}" ] || c=$(printf '%%%02X' "'$c")
+    e="${e}${c}"
+    i=$((i + 1))
   done
   echo "$e"
 }
@@ -161,13 +163,15 @@ if [ -n "$MAILFROM" ] ; then
 
   ## Debian/Ubuntu use mailutils which requires `-a` to append the header
   if [ -f /etc/debian_version ]; then
-    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | $MAILBIN -a "From: $MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
+    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
+    | $MAILBIN -a "From: $MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
   ## Other distributions (RHEL/SUSE/etc.) prefer mailx which sets a sender address with `-r`
   else
-    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | $MAILBIN -r "$MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
+    /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
+    | $MAILBIN -r "$MAILFROM" -s "$ENCODED_SUBJECT" $USEREMAIL
   fi
 
 else
-  /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" \
+  /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
   | $MAILBIN -s "$ENCODED_SUBJECT" $USEREMAIL
 fi
diff --git a/etc/initsystem/CMakeLists.txt b/etc/initsystem/CMakeLists.txt
index dd57ab1a0..eb0f9f2da 100644
--- a/etc/initsystem/CMakeLists.txt
+++ b/etc/initsystem/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 
 if(NOT WIN32)
diff --git a/etc/initsystem/icinga2.init.d.cmake b/etc/initsystem/icinga2.init.d.cmake
index 03c88a632..49a6ee290 100644
--- a/etc/initsystem/icinga2.init.d.cmake
+++ b/etc/initsystem/icinga2.init.d.cmake
@@ -15,6 +15,13 @@
 # Description:       Icinga 2 is a monitoring and management system for hosts, services and networks.
 ### END INIT INFO
 
+# Get function from functions library
+if [ -f /etc/rc.d/init.d/functions ]; then
+	. /etc/rc.d/init.d/functions
+elif [ -f /etc/init.d/functions ]; then
+	. /etc/init.d/functions
+fi
+
 # load system specific defines
 SYSCONFIGFILE=@ICINGA2_SYSCONFIGFILE@
 if [ -f $SYSCONFIGFILE ]; then
@@ -29,10 +36,10 @@ fi
 : ${ICINGA2_GROUP:="@ICINGA2_GROUP@"}
 : ${ICINGA2_COMMAND_GROUP:="@ICINGA2_COMMAND_GROUP@"}
 : ${DAEMON:="@CMAKE_INSTALL_FULL_SBINDIR@/icinga2"}
-: ${ICINGA2_CONFIG_FILE:="@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2/icinga2.conf"}
-: ${ICINGA2_ERROR_LOG:=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/error.log}
-: ${ICINGA2_STARTUP_LOG:=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/startup.log}
-: ${ICINGA2_PID_FILE:="@ICINGA2_RUNDIR@/icinga2/icinga2.pid"}
+: ${ICINGA2_CONFIG_FILE:="@ICINGA2_CONFIGDIR@/icinga2.conf"}
+: ${ICINGA2_ERROR_LOG:=@ICINGA2_LOGDIR@/error.log}
+: ${ICINGA2_STARTUP_LOG:=@ICINGA2_LOGDIR@/startup.log}
+: ${ICINGA2_PID_FILE:="@ICINGA2_INITRUNDIR@/icinga2.pid"}
 
 # Load extra environment variables
 if [ -f /etc/default/icinga2 ]; then
@@ -50,17 +57,10 @@ getent passwd $ICINGA2_USER >/dev/null 2>&1 || (echo "Icinga user '$ICINGA2_USER
 getent group $ICINGA2_GROUP >/dev/null 2>&1 || (echo "Icinga group '$ICINGA2_GROUP' does not exist. Exiting." && exit 6)
 getent group $ICINGA2_COMMAND_GROUP >/dev/null 2>&1 || (echo "Icinga command group '$ICINGA2_COMMAND_GROUP' does not exist. Exiting." && exit 6)
 
-# Get function from functions library
-if [ -f /etc/rc.d/init.d/functions ]; then
-	. /etc/rc.d/init.d/functions
-elif [ -f /etc/init.d/functions ]; then
-	. /etc/init.d/functions
-fi
-
 # Start Icinga 2
 start() {
 	printf "Starting Icinga 2: "
-	@CMAKE_INSTALL_PREFIX@/lib/icinga2/prepare-dirs
+	@CMAKE_INSTALL_PREFIX@/lib/icinga2/prepare-dirs "$SYSCONFIGFILE"
 
 	if ! $DAEMON daemon -c $ICINGA2_CONFIG_FILE -d -e $ICINGA2_ERROR_LOG > $ICINGA2_STARTUP_LOG 2>&1; then
 		echo "Error starting Icinga. Check '$ICINGA2_STARTUP_LOG' for details."
@@ -90,7 +90,7 @@ stop() {
 		if ! icinga2 internal signal -s SIGCHLD -p $pid >/dev/null 2>&1; then
 				break
 			fi
-		
+
 			printf '.'
 			sleep 3
 		done
@@ -105,7 +105,7 @@ stop() {
 
 # Reload Icinga 2
 reload() {
-	exec @CMAKE_INSTALL_PREFIX@/lib/icinga2/safe-reload $SYSCONFIGFILE
+	exec @CMAKE_INSTALL_PREFIX@/lib/icinga2/safe-reload "$SYSCONFIGFILE"
 }
 
 # Check the Icinga 2 configuration
@@ -138,7 +138,7 @@ status() {
 
 	if [ ! -e $ICINGA2_PID_FILE ]; then
 		echo "Not running"
-		exit 7
+		exit 3
 	fi
 
 	pid=`cat $ICINGA2_PID_FILE`
@@ -146,7 +146,7 @@ status() {
 		echo "Running"
 	else
 		echo "Not running"
-		exit 7
+		exit 3
 	fi
 }
 
@@ -168,7 +168,8 @@ case "$1" in
 	start
   ;;
   condrestart)
-	status > /dev/null 2>&1 || exit 0
+	STATUS=$(status > /dev/null 2>&1)
+	if [ $? != 0 ]; then exit 0; fi
 	checkconfig restart fail
 	stop nofail
 	start
diff --git a/etc/initsystem/icinga2.service.cmake b/etc/initsystem/icinga2.service.cmake
index 27744e5aa..9b32db3e7 100644
--- a/etc/initsystem/icinga2.service.cmake
+++ b/etc/initsystem/icinga2.service.cmake
@@ -1,15 +1,18 @@
 [Unit]
 Description=Icinga host/service/network monitoring system
+Requires=network-online.target
 After=syslog.target network-online.target postgresql.service mariadb.service carbon-cache.service carbon-relay.service
 
 [Service]
 Type=notify
+Environment="ICINGA2_ERROR_LOG=@ICINGA2_LOGDIR@/error.log"
 EnvironmentFile=@ICINGA2_SYSCONFIGFILE@
-ExecStartPre=@CMAKE_INSTALL_PREFIX@/lib/icinga2/prepare-dirs
-ExecStart=@CMAKE_INSTALL_FULL_SBINDIR@/icinga2 daemon -e ${ICINGA2_ERROR_LOG}
-PIDFile=@ICINGA2_RUNDIR@/icinga2/icinga2.pid
-ExecReload=@CMAKE_INSTALL_PREFIX@/lib/icinga2/safe-reload
+ExecStartPre=@CMAKE_INSTALL_PREFIX@/lib/icinga2/prepare-dirs @ICINGA2_SYSCONFIGFILE@
+ExecStart=@CMAKE_INSTALL_FULL_SBINDIR@/icinga2 daemon --close-stdio -e ${ICINGA2_ERROR_LOG}
+PIDFile=@ICINGA2_INITRUNDIR@/icinga2.pid
+ExecReload=@CMAKE_INSTALL_PREFIX@/lib/icinga2/safe-reload @ICINGA2_SYSCONFIGFILE@
 TimeoutStartSec=30m
+KillMode=mixed
 
 # Systemd >228 enforces a lower process number for services.
 # Depending on the distribution and Systemd version, this must
diff --git a/etc/initsystem/icinga2.sysconfig.cmake b/etc/initsystem/icinga2.sysconfig.cmake
index d5d7497f1..167c12578 100644
--- a/etc/initsystem/icinga2.sysconfig.cmake
+++ b/etc/initsystem/icinga2.sysconfig.cmake
@@ -2,15 +2,14 @@
 #Make your changes here.
 
 #DAEMON=@CMAKE_INSTALL_FULL_SBINDIR@/icinga2
-#ICINGA2_CONFIG_FILE=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2/icinga2.conf
-#ICINGA2_RUN_DIR=@ICINGA2_RUNDIR@
-#ICINGA2_STATE_DIR=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@
-#ICINGA2_PID_FILE=@ICINGA2_RUNDIR@/icinga2/icinga2.pid
-#ICINGA2_LOG_DIR=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2
-#ICINGA2_ERROR_LOG=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/error.log
-#ICINGA2_STARTUP_LOG=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/startup.log
-#ICINGA2_LOG=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/icinga2.log
-#ICINGA2_CACHE_DIR=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/cache/icinga2
+#ICINGA2_CONFIG_FILE=@ICINGA2_CONFIGDIR@/icinga2.conf
+#ICINGA2_INIT_RUN_DIR=@ICINGA2_INITRUNDIR@
+#ICINGA2_PID_FILE=@ICINGA2_INITRUNDIR@/icinga2.pid
+#ICINGA2_LOG_DIR=@ICINGA2_LOGDIR@
+#ICINGA2_ERROR_LOG=@ICINGA2_LOGDIR@/error.log
+#ICINGA2_STARTUP_LOG=@ICINGA2_LOGDIR@/startup.log
+#ICINGA2_LOG=@ICINGA2_LOGDIR@/icinga2.log
+#ICINGA2_CACHE_DIR=@ICINGA2_CACHEDIR@
 #ICINGA2_USER=@ICINGA2_USER@
 #ICINGA2_GROUP=@ICINGA2_GROUP@
 #ICINGA2_COMMAND_GROUP=@ICINGA2_COMMAND_GROUP@
diff --git a/etc/initsystem/prepare-dirs.cmake b/etc/initsystem/prepare-dirs.cmake
index 2a6c4a262..99dc60223 100644
--- a/etc/initsystem/prepare-dirs.cmake
+++ b/etc/initsystem/prepare-dirs.cmake
@@ -3,33 +3,41 @@
 # This script prepares directories and files needed for running Icinga2
 #
 
+# Load sysconf on systems where the initsystem does not pass the environment
+if [ "$1" != "" ]; then
+	if [ -r "$1" ]; then
+		. "$1"
+	else
+		echo "Unable to read sysconf from '$1'. Exiting." && exit 6
+	fi
+fi
+
 # Set defaults, to overwrite see "@ICINGA2_SYSCONFIGFILE@"
 
 : ${ICINGA2_USER:="@ICINGA2_USER@"}
 : ${ICINGA2_GROUP:="@ICINGA2_GROUP@"}
 : ${ICINGA2_COMMAND_GROUP:="@ICINGA2_COMMAND_GROUP@"}
-: ${ICINGA2_RUN_DIR:="@ICINGA2_RUNDIR@"}
-: ${ICINGA2_LOG_DIR:="@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2"}
-: ${ICINGA2_STATE_DIR:="@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/cache/icinga2"}
-: ${ICINGA2_CACHE_DIR:="@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/cache/icinga2"}
+: ${ICINGA2_INIT_RUN_DIR:="@ICINGA2_FULL_INITRUNDIR@"}
+: ${ICINGA2_LOG_DIR:="@ICINGA2_FULL_LOGDIR@"}
+: ${ICINGA2_CACHE_DIR:="@ICINGA2_FULL_CACHEDIR@"}
 
 getent passwd $ICINGA2_USER >/dev/null 2>&1 || (echo "Icinga user '$ICINGA2_USER' does not exist. Exiting." && exit 6)
 getent group $ICINGA2_GROUP >/dev/null 2>&1 || (echo "Icinga group '$ICINGA2_GROUP' does not exist. Exiting." && exit 6)
 getent group $ICINGA2_COMMAND_GROUP >/dev/null 2>&1 || (echo "Icinga command group '$ICINGA2_COMMAND_GROUP' does not exist. Exiting." && exit 6)
 
-if [ ! -e "$ICINGA2_RUN_DIR"/icinga2 ]; then
-	mkdir "$ICINGA2_RUN_DIR"/icinga2
-	mkdir "$ICINGA2_RUN_DIR"/icinga2/cmd
+if [ ! -e "$ICINGA2_INIT_RUN_DIR" ]; then
+	mkdir "$ICINGA2_INIT_RUN_DIR"
+	mkdir "$ICINGA2_INIT_RUN_DIR"/cmd
 fi
 
-chmod 755 "$ICINGA2_RUN_DIR"/icinga2
-chmod 2750 "$ICINGA2_RUN_DIR"/icinga2/cmd
-chown -R $ICINGA2_USER:$ICINGA2_COMMAND_GROUP "$ICINGA2_RUN_DIR"/icinga2
+chmod 755 "$ICINGA2_INIT_RUN_DIR"
+chmod 2750 "$ICINGA2_INIT_RUN_DIR"/cmd
+chown -R $ICINGA2_USER:$ICINGA2_COMMAND_GROUP "$ICINGA2_INIT_RUN_DIR"
 
 test -e "$ICINGA2_LOG_DIR" || install -m 750 -o $ICINGA2_USER -g $ICINGA2_COMMAND_GROUP -d "$ICINGA2_LOG_DIR"
 
 if type restorecon >/dev/null 2>&1; then
-	restorecon -R "$ICINGA2_RUN_DIR"/icinga2/
+	restorecon -R "$ICINGA2_INIT_RUN_DIR"/
 fi
 
 test -e "$ICINGA2_CACHE_DIR" || install -m 750 -o $ICINGA2_USER -g $ICINGA2_COMMAND_GROUP -d "$ICINGA2_CACHE_DIR"
diff --git a/etc/initsystem/safe-reload.cmake b/etc/initsystem/safe-reload.cmake
index 57e10b1ac..a042fc66f 100644
--- a/etc/initsystem/safe-reload.cmake
+++ b/etc/initsystem/safe-reload.cmake
@@ -1,6 +1,17 @@
 #!/bin/sh
 
-: ${ICINGA2_PID_FILE:="@ICINGA2_RUNDIR@/icinga2/icinga2.pid"}
+# Load sysconf on systems where the initsystem does not pass the environment
+if [ "$1" != "" ]; then
+	if [ -r "$1" ]; then
+		. "$1"
+	else
+		echo "Unable to read sysconf from '$1'. Exiting." && exit 6
+	fi
+fi
+
+# Set defaults, to overwrite see "@ICINGA2_SYSCONFIGFILE@"
+
+: ${ICINGA2_PID_FILE:="@ICINGA2_FULL_INITRUNDIR@/icinga2.pid"}
 : ${DAEMON:="@CMAKE_INSTALL_FULL_SBINDIR@/icinga2"}
 
 printf "Validating config files: "
diff --git a/etc/logrotate.d/icinga2.cmake b/etc/logrotate.d/icinga2.cmake
index 91d8d23d3..f0a9e59ae 100644
--- a/etc/logrotate.d/icinga2.cmake
+++ b/etc/logrotate.d/icinga2.cmake
@@ -1,24 +1,21 @@
-@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/icinga2.log @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/debug.log {
+@ICINGA2_LOGDIR@/icinga2.log @ICINGA2_LOGDIR@/debug.log {
 	daily
 	rotate 7@LOGROTATE_USE_SU@
 	compress
 	delaycompress
 	missingok
-	notifempty
-	create 644 @ICINGA2_USER@ @ICINGA2_GROUP@
+	notifempty@LOGROTATE_CREATE@
 	postrotate
-		/bin/kill -USR1 $(cat @ICINGA2_RUNDIR@/icinga2/icinga2.pid 2> /dev/null) 2> /dev/null || true
+		/bin/kill -USR1 $(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null) 2> /dev/null || true
 	endscript
 }
 
-@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/icinga2/error.log {
+@ICINGA2_LOGDIR@/error.log {
 	daily
 	rotate 90@LOGROTATE_USE_SU@
 	compress
 	delaycompress
 	missingok
-	notifempty
-	create 644 @ICINGA2_USER@ @ICINGA2_GROUP@
+	notifempty@LOGROTATE_CREATE@
 	# TODO: figure out how to get Icinga to re-open this log file
 }
-
diff --git a/icinga-app/CMakeLists.txt b/icinga-app/CMakeLists.txt
index 0d1293279..ee3443b28 100644
--- a/icinga-app/CMakeLists.txt
+++ b/icinga-app/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 if(MSVC)
   set(WindowsSources icinga.rc)
@@ -83,7 +68,6 @@ target_link_libraries(icinga-app ${base_DEPS})
 
 set_target_properties (
   icinga-app PROPERTIES
-  INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR}/icinga2
   FOLDER Bin
   OUTPUT_NAME icinga2
 )
@@ -107,6 +91,6 @@ install(
   RUNTIME DESTINATION ${InstallPath}
 )
 
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/log/icinga2\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/icinga2\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_RUNDIR}/icinga2\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_LOGDIR}\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_DATADIR}\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_INITRUNDIR}\")")
diff --git a/icinga-app/icinga.cpp b/icinga-app/icinga.cpp
index 0e462307c..5d3e3165e 100644
--- a/icinga-app/icinga.cpp
+++ b/icinga-app/icinga.cpp
@@ -1,27 +1,12 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/clicommand.hpp"
 #include "config/configcompilercontext.hpp"
 #include "config/configcompiler.hpp"
 #include "config/configitembuilder.hpp"
+#include "config/expression.hpp"
 #include "base/application.hpp"
+#include "base/configuration.hpp"
 #include "base/logger.hpp"
 #include "base/timer.hpp"
 #include "base/utility.hpp"
@@ -94,6 +79,70 @@ static std::vector<String> GlobalArgumentCompletion(const String& argument, cons
 		return std::vector<String>();
 }
 
+static void HandleLegacyDefines()
+{
+#ifdef _WIN32
+	String dataPrefix = Utility::GetIcingaDataPath();
+#endif /* _WIN32 */
+
+	Value localStateDir = Configuration::LocalStateDir;
+
+	if (!localStateDir.IsEmpty()) {
+		Log(LogWarning, "icinga-app")
+			<< "Please do not set the deprecated 'LocalStateDir' constant,"
+			<< " use the 'DataDir', 'LogDir', 'CacheDir' and 'SpoolDir' constants instead!"
+			<< " For compatibility reasons, these are now set based on the 'LocalStateDir' constant.";
+
+#ifdef _WIN32
+		Configuration::DataDir = localStateDir + "\\lib\\icinga2";
+		Configuration::LogDir = localStateDir + "\\log\\icinga2";
+		Configuration::CacheDir = localStateDir + "\\cache\\icinga2";
+		Configuration::SpoolDir = localStateDir + "\\spool\\icinga2";
+	} else {
+		Configuration::LocalStateDir = dataPrefix + "\\var";
+#else /* _WIN32 */
+		Configuration::DataDir = localStateDir + "/lib/icinga2";
+		Configuration::LogDir = localStateDir + "/log/icinga2";
+		Configuration::CacheDir = localStateDir + "/cache/icinga2";
+		Configuration::SpoolDir = localStateDir + "/spool/icinga2";
+	} else {
+		Configuration::LocalStateDir = ICINGA_LOCALSTATEDIR;
+#endif /* _WIN32 */
+	}
+
+	Value sysconfDir = Configuration::SysconfDir;
+	if (!sysconfDir.IsEmpty()) {
+		Log(LogWarning, "icinga-app")
+			<< "Please do not set the deprecated 'Sysconfdir' constant, use the 'ConfigDir' constant instead! For compatibility reasons, their value is set based on the 'SysconfDir' constant.";
+
+#ifdef _WIN32
+		Configuration::ConfigDir = sysconfDir + "\\icinga2";
+	} else {
+		Configuration::SysconfDir = dataPrefix + "\\etc";
+#else /* _WIN32 */
+		Configuration::ConfigDir = sysconfDir + "/icinga2";
+	} else {
+		Configuration::SysconfDir = ICINGA_SYSCONFDIR;
+#endif /* _WIN32 */
+	}
+
+	Value runDir = Configuration::RunDir;
+	if (!runDir.IsEmpty()) {
+		Log(LogWarning, "icinga-app")
+			<< "Please do not set the deprecated 'RunDir' constant, use the 'InitRunDir' constant instead! For compatibility reasons, their value is set based on the 'RunDir' constant.";
+
+#ifdef _WIN32
+		Configuration::InitRunDir = runDir + "\\icinga2";
+	} else {
+		Configuration::RunDir = dataPrefix + "\\var\\run";
+#else /* _WIN32 */
+		Configuration::InitRunDir = runDir + "/icinga2";
+	} else {
+		Configuration::RunDir = ICINGA_RUNDIR;
+#endif /* _WIN32 */
+	}
+}
+
 static int Main()
 {
 	int argc = Application::GetArgC();
@@ -128,39 +177,52 @@ static int Main()
 #ifdef _WIN32
 	bool builtinPaths = true;
 
+	/* Programm install location, C:/Program Files/Icinga2 */
 	String binaryPrefix = Utility::GetIcingaInstallPath();
+	/* Returns the datapath for daemons, %PROGRAMDATA%/icinga2 */
 	String dataPrefix = Utility::GetIcingaDataPath();
 
 	if (!binaryPrefix.IsEmpty() && !dataPrefix.IsEmpty()) {
-		Application::DeclarePrefixDir(binaryPrefix);
-		Application::DeclareSysconfDir(dataPrefix + "\\etc");
-		Application::DeclareRunDir(dataPrefix + "\\var\\run");
-		Application::DeclareLocalStateDir(dataPrefix + "\\var");
-		Application::DeclarePkgDataDir(binaryPrefix + "\\share\\icinga2");
-		Application::DeclareIncludeConfDir(binaryPrefix + "\\share\\icinga2\\include");
+		Configuration::ProgramData = dataPrefix;
+
+		Configuration::ConfigDir = dataPrefix + "\\etc\\icinga2";
+
+		Configuration::DataDir =  dataPrefix + "\\var\\lib\\icinga2";
+		Configuration::LogDir = dataPrefix + "\\var\\log\\icinga2";
+		Configuration::CacheDir = dataPrefix + "\\var\\cache\\icinga2";
+		Configuration::SpoolDir = dataPrefix + "\\var\\spool\\icinga2";
+
+		Configuration::PrefixDir = binaryPrefix;
+
+		/* Internal constants. */
+		Configuration::PkgDataDir = binaryPrefix + "\\share\\icinga2";
+		Configuration::IncludeConfDir = binaryPrefix + "\\share\\icinga2\\include";
+
+		Configuration::InitRunDir = dataPrefix + "\\var\\run\\icinga2";
 	} else {
 		Log(LogWarning, "icinga-app", "Registry key could not be read. Falling back to built-in paths.");
 
 #endif /* _WIN32 */
-		Application::DeclarePrefixDir(ICINGA_PREFIX);
-		Application::DeclareSysconfigFile(ICINGA_SYSCONFIGFILE);
-		Application::DeclareSysconfDir(ICINGA_SYSCONFDIR);
-		Application::DeclareRunDir(ICINGA_RUNDIR);
-		Application::DeclareLocalStateDir(ICINGA_LOCALSTATEDIR);
-		Application::DeclarePkgDataDir(ICINGA_PKGDATADIR);
-		Application::DeclareIncludeConfDir(ICINGA_INCLUDECONFDIR);
+		Configuration::ConfigDir = ICINGA_CONFIGDIR;
+
+		Configuration::DataDir = ICINGA_DATADIR;
+		Configuration::LogDir = ICINGA_LOGDIR;
+		Configuration::CacheDir = ICINGA_CACHEDIR;
+		Configuration::SpoolDir = ICINGA_SPOOLDIR;
+
+		Configuration::PrefixDir = ICINGA_PREFIX;
+
+		/* Internal constants. */
+		Configuration::PkgDataDir = ICINGA_PKGDATADIR;
+		Configuration::IncludeConfDir = ICINGA_INCLUDECONFDIR;
+
+		Configuration::InitRunDir = ICINGA_INITRUNDIR;
+
 #ifdef _WIN32
 	}
 #endif /* _WIN32 */
 
-	Application::DeclareZonesDir(Application::GetSysconfDir() + "/icinga2/zones.d");
-
-#ifndef _WIN32
-	if (!autocomplete && !Utility::PathExists(Application::GetSysconfigFile())) {
-		Log(LogWarning, "icinga-app")
-			<< "Sysconfig file '" << Application::GetSysconfigFile() << "' cannot be read. Using default values.";
-	}
-#endif /* _WIN32 */
+	Configuration::ZonesDir = Configuration::ConfigDir + "/zones.d";
 
 	String icingaUser = Utility::GetFromEnvironment("ICINGA2_USER");
 	if (icingaUser.IsEmpty())
@@ -170,17 +232,17 @@ static int Main()
 	if (icingaGroup.IsEmpty())
 		icingaGroup = ICINGA_GROUP;
 
-	Application::DeclareRunAsUser(icingaUser);
-	Application::DeclareRunAsGroup(icingaGroup);
+	Configuration::RunAsUser = icingaUser;
+	Configuration::RunAsGroup = icingaGroup;
 
 	if (!autocomplete) {
 #ifdef RLIMIT_NOFILE
 		String rLimitFiles = Utility::GetFromEnvironment("ICINGA2_RLIMIT_FILES");
 		if (rLimitFiles.IsEmpty())
-			Application::DeclareRLimitFiles(Application::GetDefaultRLimitFiles());
+			Configuration::RLimitFiles = Application::GetDefaultRLimitFiles();
 		else {
 			try {
-				Application::DeclareRLimitFiles(Convert::ToLong(rLimitFiles));
+				Configuration::RLimitFiles = Convert::ToLong(rLimitFiles);
 			} catch (const std::invalid_argument& ex) {
 				std::cout
 					<< "Error setting \"ICINGA2_RLIMIT_FILES\": " << ex.what() << '\n';
@@ -192,10 +254,10 @@ static int Main()
 #ifdef RLIMIT_NPROC
 		String rLimitProcesses = Utility::GetFromEnvironment("ICINGA2_RLIMIT_PROCESSES");
 		if (rLimitProcesses.IsEmpty())
-			Application::DeclareRLimitProcesses(Application::GetDefaultRLimitProcesses());
+			Configuration::RLimitProcesses = Application::GetDefaultRLimitProcesses();
 		else {
 			try {
-				Application::DeclareRLimitProcesses(Convert::ToLong(rLimitProcesses));
+				Configuration::RLimitProcesses = Convert::ToLong(rLimitProcesses);
 			} catch (const std::invalid_argument& ex) {
 				std::cout
 					<< "Error setting \"ICINGA2_RLIMIT_PROCESSES\": " << ex.what() << '\n';
@@ -207,10 +269,10 @@ static int Main()
 #ifdef RLIMIT_STACK
 		String rLimitStack = Utility::GetFromEnvironment("ICINGA2_RLIMIT_STACK");
 		if (rLimitStack.IsEmpty())
-			Application::DeclareRLimitStack(Application::GetDefaultRLimitStack());
+			Configuration::RLimitStack = Application::GetDefaultRLimitStack();
 		else {
 			try {
-				Application::DeclareRLimitStack(Convert::ToLong(rLimitStack));
+				Configuration::RLimitStack = Convert::ToLong(rLimitStack);
 			} catch (const std::invalid_argument& ex) {
 				std::cout
 					<< "Error setting \"ICINGA2_RLIMIT_STACK\": " << ex.what() << '\n';
@@ -220,22 +282,16 @@ static int Main()
 #endif /* RLIMIT_STACK */
 	}
 
-	Application::DeclareConcurrency(std::thread::hardware_concurrency());
-	Application::DeclareMaxConcurrentChecks(Application::GetDefaultMaxConcurrentChecks());
+	/* Calculate additional global constants. */
+	ScriptGlobal::Set("System.PlatformKernel", Utility::GetPlatformKernel(), true);
+	ScriptGlobal::Set("System.PlatformKernelVersion", Utility::GetPlatformKernelVersion(), true);
+	ScriptGlobal::Set("System.PlatformName", Utility::GetPlatformName(), true);
+	ScriptGlobal::Set("System.PlatformVersion", Utility::GetPlatformVersion(), true);
+	ScriptGlobal::Set("System.PlatformArchitecture", Utility::GetPlatformArchitecture(), true);
 
-	ScriptGlobal::Set("Environment", "production");
-
-	ScriptGlobal::Set("AttachDebugger", false);
-
-	ScriptGlobal::Set("PlatformKernel", Utility::GetPlatformKernel());
-	ScriptGlobal::Set("PlatformKernelVersion", Utility::GetPlatformKernelVersion());
-	ScriptGlobal::Set("PlatformName", Utility::GetPlatformName());
-	ScriptGlobal::Set("PlatformVersion", Utility::GetPlatformVersion());
-	ScriptGlobal::Set("PlatformArchitecture", Utility::GetPlatformArchitecture());
-
-	ScriptGlobal::Set("BuildHostName", ICINGA_BUILD_HOST_NAME);
-	ScriptGlobal::Set("BuildCompilerName", ICINGA_BUILD_COMPILER_NAME);
-	ScriptGlobal::Set("BuildCompilerVersion", ICINGA_BUILD_COMPILER_VERSION);
+	ScriptGlobal::Set("System.BuildHostName", ICINGA_BUILD_HOST_NAME, true);
+	ScriptGlobal::Set("System.BuildCompilerName", ICINGA_BUILD_COMPILER_NAME, true);
+	ScriptGlobal::Set("System.BuildCompilerVersion", ICINGA_BUILD_COMPILER_VERSION, true);
 
 	if (!autocomplete)
 		Application::SetResourceLimits();
@@ -285,7 +341,10 @@ static int Main()
 	GetUserName(username, &usernameLen);
 
 	std::ifstream userFile;
-	userFile.open(Application::GetSysconfDir() + "/icinga2/user");
+
+	/* The implicit string assignment is needed for Windows builds. */
+	String configDir = Configuration::ConfigDir;
+	userFile.open(configDir + "/user");
 
 	if (userFile && command && !Application::IsProcessElevated()) {
 		std::string userLine;
@@ -365,20 +424,42 @@ static int Main()
 				key = define;
 				value = "1";
 			}
-			ScriptGlobal::Set(key, value);
+
+			std::vector<String> keyTokens = key.Split(".");
+
+			std::unique_ptr<Expression> expr;
+			std::unique_ptr<VariableExpression> varExpr{new VariableExpression(keyTokens[0], {}, DebugInfo())};
+			expr = std::move(varExpr);
+
+			for (size_t i = 1; i < keyTokens.size(); i++) {
+				std::unique_ptr<IndexerExpression> indexerExpr{new IndexerExpression(std::move(expr), MakeLiteral(keyTokens[i]))};
+				indexerExpr->SetOverrideFrozen();
+				expr = std::move(indexerExpr);
+			}
+
+			std::unique_ptr<SetExpression> setExpr{new SetExpression(std::move(expr), OpSetLiteral, MakeLiteral(value))};
+			setExpr->SetOverrideFrozen();
+
+			ScriptFrame frame(true);
+			setExpr->Evaluate(frame);
 		}
 	}
 
+	Configuration::SetReadOnly(true);
+
+	/* Ensure that all defined constants work in the way we expect them. */
+	HandleLegacyDefines();
+
 	if (vm.count("script-debugger"))
 		Application::SetScriptDebuggerEnabled(true);
 
-	Application::DeclareStatePath(Application::GetLocalStateDir() + "/lib/icinga2/icinga2.state");
-	Application::DeclareModAttrPath(Application::GetLocalStateDir() + "/lib/icinga2/modified-attributes.conf");
-	Application::DeclareObjectsPath(Application::GetLocalStateDir() + "/cache/icinga2/icinga2.debug");
-	Application::DeclareVarsPath(Application::GetLocalStateDir() + "/cache/icinga2/icinga2.vars");
-	Application::DeclarePidPath(Application::GetRunDir() + "/icinga2/icinga2.pid");
+	Configuration::StatePath = Configuration::DataDir + "/icinga2.state";
+	Configuration::ModAttrPath = Configuration::DataDir + "/modified-attributes.conf";
+	Configuration::ObjectsPath = Configuration::CacheDir + "/icinga2.debug";
+	Configuration::VarsPath = Configuration::CacheDir + "/icinga2.vars";
+	Configuration::PidPath = Configuration::InitRunDir + "/icinga2.pid";
 
-	ConfigCompiler::AddIncludeSearchDir(Application::GetIncludeConfDir());
+	ConfigCompiler::AddIncludeSearchDir(Configuration::IncludeConfDir);
 
 	if (!autocomplete && vm.count("include")) {
 		for (const String& includePath : vm["include"].as<std::vector<std::string> >()) {
@@ -444,7 +525,8 @@ static int Main()
 			}
 
 			if (vm.count("version")) {
-				std::cout << "Copyright (c) 2012-2018 Icinga Development Team (https://www.icinga.com/)" << std::endl
+				std::cout << "Copyright (c) 2012-" << Utility::FormatDateTime("%Y", Utility::GetTime())
+					<< " Icinga GmbH (https://icinga.com/)" << std::endl
 					<< "License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl2.html>" << std::endl
 					<< "This is free software: you are free to change and redistribute it." << std::endl
 					<< "There is NO WARRANTY, to the extent permitted by law.";
@@ -467,8 +549,9 @@ static int Main()
 
 			std::cout << visibleDesc << std::endl
 				<< "Report bugs at <https://github.com/Icinga/icinga2>" << std::endl
-				<< "Get support: <https://www.icinga.com/support/>" << std::endl
-				<< "Icinga home page: <https://www.icinga.com/>" << std::endl;
+				<< "Get support: <https://icinga.com/support/>" << std::endl
+				<< "Documentation: <https://icinga.com/docs/>" << std::endl
+				<< "Icinga home page: <https://icinga.com/>" << std::endl;
 			return EXIT_SUCCESS;
 		}
 	}
@@ -488,8 +571,8 @@ static int Main()
 				return 0;
 			}
 		} else if (command && command->GetImpersonationLevel() == ImpersonateIcinga) {
-			String group = Application::GetRunAsGroup();
-			String user = Application::GetRunAsUser();
+			String group = Configuration::RunAsGroup;
+			String user = Configuration::RunAsUser;
 
 			errno = 0;
 			struct group *gr = getgrnam(group.CStr());
@@ -825,7 +908,8 @@ static VOID WINAPI ServiceMain(DWORD argc, LPSTR *argv)
 int main(int argc, char **argv)
 {
 #ifndef _WIN32
-	if (!getenv("ICINGA2_KEEP_FDS")) {
+	String keepFDs = Utility::GetFromEnvironment("ICINGA2_KEEP_FDS");
+	if (keepFDs.IsEmpty()) {
 		rlimit rl;
 		if (getrlimit(RLIMIT_NOFILE, &rl) >= 0) {
 			rlim_t maxfds = rl.rlim_max;
@@ -839,6 +923,8 @@ int main(int argc, char **argv)
 #ifdef I2_DEBUG
 				if (rc >= 0)
 					std::cerr << "Closed FD " << i << " which we inherited from our parent process." << std::endl;
+#else /* I2_DEBUG */
+				(void)rc;
 #endif /* I2_DEBUG */
 			}
 		}
diff --git a/icinga-app/icinga.ico b/icinga-app/icinga.ico
index 6ff7e9029..9be324c5f 100644
Binary files a/icinga-app/icinga.ico and b/icinga-app/icinga.ico differ
diff --git a/icinga-app/icinga.rc b/icinga-app/icinga.rc
index 9294f989b..dbd317be6 100644
--- a/icinga-app/icinga.rc
+++ b/icinga-app/icinga.rc
@@ -16,11 +16,11 @@ BEGIN
 	BEGIN
 		BLOCK "040904E4"
 		BEGIN
-			VALUE "CompanyName", "Icinga Development Team"
+			VALUE "CompanyName", "Icinga GmbH"
 			VALUE "FileDescription", "Icinga 2"
 			VALUE "FileVersion", VERSION
 			VALUE "InternalName", "icinga2.exe"
-			VALUE "LegalCopyright", "� Icinga Development Team"
+			VALUE "LegalCopyright", "� Icinga GmbH"
 			VALUE "OriginalFilename", "icinga2.exe"
 			VALUE "ProductName", "Icinga 2"
 			VALUE "ProductVersion", VERSION
@@ -31,4 +31,4 @@ BEGIN
 	BEGIN
 		VALUE "Translation", 0x409, 0x04E4
 	END
-END
\ No newline at end of file
+END
diff --git a/icinga-installer/CMakeLists.txt b/icinga-installer/CMakeLists.txt
index 6e51928a4..6ac5e1f04 100644
--- a/icinga-installer/CMakeLists.txt
+++ b/icinga-installer/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 foreach(flag_var
   CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_DEBUG CMAKE_CXX_FLAGS_RELEASE
diff --git a/icinga-installer/bannrbmp.bmp b/icinga-installer/bannrbmp.bmp
index 51c3890b7..0f68e6200 100644
Binary files a/icinga-installer/bannrbmp.bmp and b/icinga-installer/bannrbmp.bmp differ
diff --git a/icinga-installer/dlgbmp.bmp b/icinga-installer/dlgbmp.bmp
index d998f74eb..e46566fb3 100644
Binary files a/icinga-installer/dlgbmp.bmp and b/icinga-installer/dlgbmp.bmp differ
diff --git a/icinga-installer/icinga-installer.cpp b/icinga-installer/icinga-installer.cpp
index e88ec2344..233f90cab 100644
--- a/icinga-installer/icinga-installer.cpp
+++ b/icinga-installer/icinga-installer.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include <string>
 #include <vector>
@@ -128,6 +111,7 @@ static void MkDirP(const std::string& path)
 static std::string GetNSISInstallPath(void)
 {
 	HKEY hKey;
+	//TODO: Change hardcoded key
 	if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Icinga Development Team\\ICINGA2", 0,
 		KEY_QUERY_VALUE | KEY_WOW64_32KEY, &hKey) == ERROR_SUCCESS) {
 		BYTE pvData[MAX_PATH];
diff --git a/icinga-installer/icinga2.wixpatch.cmake b/icinga-installer/icinga2.wixpatch.cmake
index 0666261d2..5ee6361ae 100644
--- a/icinga-installer/icinga2.wixpatch.cmake
+++ b/icinga-installer/icinga2.wixpatch.cmake
@@ -3,16 +3,21 @@
     <Property Id="ALLUSERS">1</Property>
     <Property Id="MSIRESTARTMANAGERCONTROL">Disable</Property>
 
+    <PropertyRef Id="WIX_IS_NETFRAMEWORK_46_OR_LATER_INSTALLED" />
+    <Condition Message='This application requires .NET Framework 4.6 or higher. Please install the .NET Framework then run this installer again.'>
+      <![CDATA[Installed OR WIX_IS_NETFRAMEWORK_46_OR_LATER_INSTALLED]]>
+    </Condition>
+
     <CustomAction Id="XtraUpgradeNSIS" BinaryKey="icinga2_installer" ExeCommand="upgrade-nsis" Execute="deferred" Impersonate="no" />
     <CustomAction Id="XtraInstall" FileKey="CM_FP_sbin.icinga2_installer.exe" ExeCommand="install" Execute="deferred" Impersonate="no" />
     <CustomAction Id="XtraUninstall" FileKey="CM_FP_sbin.icinga2_installer.exe" ExeCommand="uninstall" Execute="deferred" Impersonate="no" />
 
     <Binary Id="icinga2_installer" SourceFile="$<TARGET_FILE:icinga-installer>" />
-    
+
     <InstallExecuteSequence>
-      <Custom Action="XtraUpgradeNSIS" After="InstallInitialize">$CM_CP_sbin.icinga2_installer.exe&gt;2</Custom>
-      <Custom Action="XtraInstall" Before="InstallFinalize">$CM_CP_sbin.icinga2_installer.exe&gt;2</Custom>
-      <Custom Action="XtraUninstall" Before="RemoveExistingProducts">$CM_CP_sbin.icinga2_installer.exe=2</Custom>
+      <Custom Action="XtraUpgradeNSIS" After="InstallInitialize">$CM_CP_sbin.icinga2_installer.exe&gt;2 AND NOT SUPPRESS_XTRA</Custom>
+      <Custom Action="XtraInstall" Before="InstallFinalize">$CM_CP_sbin.icinga2_installer.exe&gt;2 AND NOT SUPPRESS_XTRA</Custom>
+      <Custom Action="XtraUninstall" Before="RemoveExistingProducts">$CM_CP_sbin.icinga2_installer.exe=2 AND NOT SUPPRESS_XTRA</Custom>
     </InstallExecuteSequence>
 
     <Property Id="WIXUI_EXITDIALOGOPTIONALCHECKBOXTEXT" Value="Run Icinga 2 setup wizard" />
@@ -24,9 +29,9 @@
         Impersonate="no" />
 
     <UI>
-        <Publish Dialog="ExitDialog" 
-            Control="Finish" 
-            Event="DoAction" 
+        <Publish Dialog="ExitDialog"
+            Control="Finish"
+            Event="DoAction"
             Value="LaunchIcinga2Wizard">WIXUI_EXITDIALOGOPTIONALCHECKBOX = 1 and NOT Installed</Publish>
     </UI>
   </CPackWiXFragment>
diff --git a/itl/CMakeLists.txt b/itl/CMakeLists.txt
index 75b2e7289..b302aa3eb 100644
--- a/itl/CMakeLists.txt
+++ b/itl/CMakeLists.txt
@@ -1,23 +1,8 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 add_subdirectory(plugins-contrib.d)
 
 install(
   FILES itl command-icinga.conf hangman plugins command-plugins.conf manubulon command-plugins-manubulon.conf windows-plugins command-plugins-windows.conf nscp command-nscp-local.conf plugins-contrib
-  DESTINATION ${CMAKE_INSTALL_DATADIR}/icinga2/include
+  DESTINATION ${ICINGA2_INCLUDEDIR}
 )
diff --git a/itl/command-icinga.conf b/itl/command-icinga.conf
index 4141b9030..206324a4e 100644
--- a/itl/command-icinga.conf
+++ b/itl/command-icinga.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "icinga" {
 	import "icinga-check-command"
@@ -52,3 +35,7 @@ object CheckCommand "random" {
 object CheckCommand "exception" {
 	import "exception-check-command"
 }
+
+object CheckCommand "sleep" {
+    import "sleep-check-command"
+}
diff --git a/itl/command-nscp-local.conf b/itl/command-nscp-local.conf
index 33677fccd..8498d68f8 100644
--- a/itl/command-nscp-local.conf
+++ b/itl/command-nscp-local.conf
@@ -1,24 +1,7 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 if (!globals.contains("NscpPath")) {
-	NscpPath = dirname(msi_get_component_path("{5C45463A-4AE9-4325-96DB-6E239C034F93}"))
+	globals.NscpPath = dirname(msi_get_component_path("{5C45463A-4AE9-4325-96DB-6E239C034F93}"))
 }
 
 object CheckCommand "nscp-local" {
@@ -222,6 +205,10 @@ object CheckCommand "nscp-local-disk" {
 			value = "$nscp_disk_drive$"
 			repeat_key = true
 		}
+		"--exclude" = {
+			value = "$nscp_disk_exclude$"
+			repeat_key = true
+		}
 		"--warning" = {
 			value = "$nscp_disk_op$ $nscp_disk_warning$"
 		}
@@ -293,3 +280,68 @@ object CheckCommand "nscp-local-counter" {
 	vars.nscp_counter_less = false
 	vars.nscp_counter_perfsyntax = "$nscp_counter_name$"
 }
+
+object CheckCommand "nscp-local-tasksched" {
+        import "nscp-local"
+
+        arguments += {
+                "--filter" = {
+                        set_if = {{
+                                var scheduler_name = macro("$nscp_tasksched_name$")
+                                if (len(scheduler_name) > 0 ) {
+                                        return true
+                                } else {
+                                        return false
+                                }
+                        }}
+                        value = "title='$nscp_tasksched_name$'"
+                        description = "Name of the task to check."
+                }
+                "--folder" = {
+                        value = "$nscp_tasksched_folder$"
+                        description = "The folder in which the tasks to check reside."
+                }
+                "--hidden" = {
+                        set_if = "$nscp_tasksched_hidden$"
+                        description = "Look for hidden tasks."
+                }
+                "--recursive" = {
+                        value = "$nscp_tasksched_recursive$"
+                        description = "Recurse sub folder (defaults to true)."
+                }
+                "--warning" = {
+                        value = "$nscp_tasksched_warning$"
+                        description = "Filter which marks items which generates a warning state."
+                }
+                "--critical" = {
+                        value = "$nscp_tasksched_critical$"
+                        description = "Filter which marks items which generates a critical state."
+                }
+                "--empty-state" = {
+                        value = "$nscp_tasksched_emptystate$"
+                        description = "Return status to use when nothing matched filter."
+                }
+                "--perf-syntax" = {
+                        value = "$nscp_tasksched_perfsyntax$"
+                        description = "Performance alias syntax."
+                }
+                "--detail-syntax" = {
+                        value = "$nscp_tasksched_detailsyntax$"
+                        description = "Detail level syntax."
+                }
+                "-a" = {
+                        value = "$nscp_tasksched_arguments$"
+                        repeat_key = true
+                }
+        }
+
+        vars.nscp_modules = "CheckTaskSched"
+        vars.nscp_query = "check_tasksched"
+        vars.nscp_showall = "$nscp_tasksched_showall$"
+        vars.nscp_tasksched_recursive = true
+        vars.nscp_tasksched_perfsyntax = "%(title)"
+        vars.nscp_tasksched_detailsyntax = "%(folder)/%(title): %(exit_code) != 0"
+        vars.nscp_tasksched_warning = "exit_code != 0"
+        vars.nscp_tasksched_critical = "exit_code < 0"
+
+}
diff --git a/itl/command-plugins-manubulon.conf b/itl/command-plugins-manubulon.conf
index 910a4ceae..d5cd08c25 100644
--- a/itl/command-plugins-manubulon.conf
+++ b/itl/command-plugins-manubulon.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 /**
  * main snmp-manubulon template
@@ -211,16 +194,25 @@ object CheckCommand "snmp-storage" {
 			set_if = "$snmp_perf$"
 			description = "Perfparse compatible output"
 		}
+		"-e" = {
+			set_if = "$snmp_exclude$"
+			description = "Select all storages except the one(s) selected by -m. No action on storage type selection."
+		}
 		"-o" = {
 			value = "$snmp_storage_olength$"
 			description = "Max-size of the SNMP message, usefull in case of Too Long responses."
 		}
+		"-q" = {
+			value = "$snmp_storage_type$"
+			description = "Storage type: Other, Ram, VirtualMemory, FixedDisk, RemovableDisk, FloppyDisk, CompactDisk, RamDisk, FlashMemory, or NetworkDisk"
+		}
 	}
 
 	vars.snmp_storage_name = "^/$$"
 	vars.snmp_warn = 80
 	vars.snmp_crit = 90
 	vars.snmp_perf = true
+	vars.snmp_exclude = false
 }
 
 
@@ -396,6 +388,6 @@ object CheckCommand "snmp-service" {
 			description = "Do not use regexp to match NAME in service description."
 		}
 	}
-	
+
 	vars.snmp_service_name = ".*"
 }
diff --git a/itl/command-plugins-windows.conf b/itl/command-plugins-windows.conf
index 1e48dc6b0..22ab623b9 100644
--- a/itl/command-plugins-windows.conf
+++ b/itl/command-plugins-windows.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "disk-windows" {
 	command = [ PluginDir + "/check_disk.exe" ]
@@ -85,6 +68,10 @@ object CheckCommand "memory-windows" {
 			value = "$memory_win_unit$"
 			description = "Use this unit to display memory"
 		}
+		"-U" = {
+                        set_if = "$memory_win_show_used$"
+                        description = "Show used memory instead of the free memory"
+                }
 	}
 
 	//The default
@@ -235,7 +222,7 @@ object CheckCommand "service-windows" {
 			required = true
 			description = "Service to check"
 		}
-		"-d" = {
+		"--description" = {
 			set_if = "$service_win_description$"
 			description = "Use service description instead of name"
 		}
@@ -258,6 +245,10 @@ object CheckCommand "swap-windows" {
 			value = "$swap_win_unit$"
 			description = "Unit to display swap in"
 		}
+		"-U" = {
+			set_if = "$swap_win_show_used$"
+			description = "Show used swap instead of the free swap"
+		}
 	}
 
 	// Default
@@ -271,17 +262,21 @@ object CheckCommand "update-windows" {
 
 	arguments = {
 		"-w" = {
-			set_if = "$update_win_warn$"
-			description = "Warn if there are important updates available"
+			value = "$update_win_warn$"
+			description = "Number of updates to trigger a warning"
 		}
 		"-c" = {
-			set_if = "$update_win_crit$"
-			description = "Critical if there are important updates that require a reboot"
+			value = "$update_win_crit$"
+			description = "Number of updates to trigger a critical"
 		}
 		"--possible-reboot" = {
 			set_if = "$update_win_reboot$"
 			description = "Treat 'may need update' as 'definitely needs update'"
 		}
+		"--no-reboot-critical" = {
+			set_if = "$ignore_reboot$"
+			description = "Do not automatically return critical if an update requiring reboot is present."
+		}
 	}
 
 	timeout = 5m
diff --git a/itl/command-plugins.conf b/itl/command-plugins.conf
index 0bf297fd1..c3f7ffe1f 100644
--- a/itl/command-plugins.conf
+++ b/itl/command-plugins.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 template CheckCommand "ipv4-or-ipv6" {
 	vars.check_address = {{
@@ -1475,6 +1458,11 @@ object CheckCommand "disk" {
 			description = "Ignore all filesystems of indicated type (may be repeated)"
 			repeat_key = true
 		}
+		"-N" = {
+			value = "$disk_include_type$"
+			description = "Check only filesystems of indicated type (may be repeated)"
+			repeat_key = true
+		}
 	}
 
 	vars.disk_wfree = "20%"
@@ -1495,7 +1483,8 @@ object CheckCommand "disk" {
 		"fuse.gvfs-fuse-daemon",
 		"fdescfs",
 		"overlay",
-		"nsfs"
+		"nsfs",
+		"squashfs"
 	]
 }
 
@@ -1842,6 +1831,10 @@ object CheckCommand "snmpv3" {
 			value = "$snmpv3_user$"
 			description = "SNMPv3 username"
 		}
+		"-N" = {
+			value = "$snmpv3_context$"
+			description = "SNMPv3 context"
+		}
 		"-A" = {
 			value = "$snmpv3_auth_key$"
 			description = "SNMPv3 authentication password"
@@ -1957,6 +1950,10 @@ object CheckCommand "apt" {
 			set_if = "$apt_only_critical$"
 			description = "Only warn about critical upgrades."
 		}
+		"--list" = {
+			set_if = "$apt_list$"
+			description = "List packages available for upgrade."
+		}
 	}
 
 	timeout = 5m
@@ -3143,3 +3140,32 @@ object CheckCommand "rpc" {
 
 	vars.rpc_address = "$check_address$"
 }
+
+object CheckCommand "uptime" {
+        command = [ PluginDir + "/check_uptime" ]
+
+        arguments = {
+		"--warning" = {
+			value = "$uptime_warning$"
+			description = "Min. number of uptime to generate warning"
+			required = true
+		}
+		"--critical" = {
+			value = "$uptime_critical$"
+			description = "Min. number of uptime to generate critical alert ( w < c )"
+			required = true
+		}
+		"--for" = {
+			set_if = "$uptime_for$"
+			description = "Show uptime in a pretty format (Running for x weeks, x days, ...)"
+		}
+		"--since" = {
+			set_if = "$uptime_since$"
+			description = "Show last boot in yyyy-mm-dd HH:MM:SS format (output from 'uptime -s')"
+		}
+	}
+
+	vars.uptime_warning = "30m"
+	vars.uptime_critical = "15m"
+}
+
diff --git a/itl/hangman b/itl/hangman
index f4dc118e0..b2feb3a79 100644
--- a/itl/hangman
+++ b/itl/hangman
@@ -1,24 +1,7 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
-if (!globals.irc) {
-	globals.irc = globals.log
+if (!globals.contains("irc")) {
+	globals.irc = log
 }
 
 hm = {
diff --git a/itl/itl b/itl/itl
index 340633ca6..8f98fe60e 100644
--- a/itl/itl
+++ b/itl/itl
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 /**
  * This is the Icinga Templare Library, a collection of general purpose Icinga
diff --git a/itl/manubulon b/itl/manubulon
index 094f1836e..6b6855da8 100644
--- a/itl/manubulon
+++ b/itl/manubulon
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 /**
  * This is the SNMP Manubulon Template Library.
diff --git a/itl/nscp b/itl/nscp
index 49283f323..c62513e54 100644
--- a/itl/nscp
+++ b/itl/nscp
@@ -1,20 +1,3 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 include "command-nscp-local.conf"
diff --git a/itl/plugins b/itl/plugins
index d142acdc9..edfe4cea3 100644
--- a/itl/plugins
+++ b/itl/plugins
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 /**
  * This is the Icinga Templare Library, a collection of general purpose Icinga
diff --git a/itl/plugins-contrib b/itl/plugins-contrib
index 9857a63ce..f2f56e042 100644
--- a/itl/plugins-contrib
+++ b/itl/plugins-contrib
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 /**
  * This is a directory for various contributed command definitions.
diff --git a/itl/plugins-contrib.d/CMakeLists.txt b/itl/plugins-contrib.d/CMakeLists.txt
index 099ea2485..6f94404b9 100644
--- a/itl/plugins-contrib.d/CMakeLists.txt
+++ b/itl/plugins-contrib.d/CMakeLists.txt
@@ -1,21 +1,6 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 install(
-  FILES databases.conf hardware.conf icingacli.conf ipmi.conf logmanagement.conf metrics.conf network-components.conf network-services.conf operating-system.conf raid-controller.conf smart-attributes.conf storage.conf virtualization.conf vmware.conf web.conf
-  DESTINATION ${CMAKE_INSTALL_DATADIR}/icinga2/include/plugins-contrib.d
+  FILES big-data.conf databases.conf hardware.conf icingacli.conf ipmi.conf logmanagement.conf metrics.conf network-components.conf network-services.conf operating-system.conf raid-controller.conf smart-attributes.conf storage.conf virtualization.conf vmware.conf web.conf
+  DESTINATION ${ICINGA2_INCLUDEDIR}/plugins-contrib.d
 )
diff --git a/itl/plugins-contrib.d/big-data.conf b/itl/plugins-contrib.d/big-data.conf
new file mode 100644
index 000000000..7d3d6f173
--- /dev/null
+++ b/itl/plugins-contrib.d/big-data.conf
@@ -0,0 +1,112 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+object CheckCommand "cloudera_service_status" {
+	command = [ PluginContribDir + "/check_cloudera_service_status.py" ]
+
+	arguments = {
+		"-H" = {
+			description = "host"
+			value       = "$cloudera_host$"
+			required    = true
+		}
+		"-P" = {
+			description = "port"
+			value       = "$cloudera_port$"
+			required    = false
+		}
+		"-u" = {
+			description = "user"
+			value       = "$cloudera_user$"
+			required    = true
+		}
+		"-p" = {
+			description = "pass"
+			value       = "$cloudera_pass$"
+			required    = true
+		}
+		"-v" = {
+			description = "api_version"
+			value       = "$cloudera_api_version$"
+			required    = true
+		}
+		"-c" = {
+			description = "cluster"
+			value       = "$cloudera_cluster$"
+			required    = true
+		}
+		"-s" = {
+			description = "service"
+			value       = "$cloudera_service$"
+			required    = true
+		}
+		"-k" = {
+			description = "verify_ssl"
+			value       = "$cloudera_verify_ssl$"
+			required    = false
+		}
+	}
+}
+
+object CheckCommand "cloudera_hdfs_space" {
+	command = [ PluginContribDir + "/check_cloudera_hdfs_space.py" ]
+
+	arguments = {
+		"-H" = {
+			description = "Namenode host"
+			value       = "$cloudera_hdfs_space_host$"
+			required    = true
+		}
+		"-P" = {
+			description = "Namenode port (default 50070)"
+			value       = "$cloudera_hdfs_space_port$"
+			required    = false
+		}
+		"-d" = {
+			description = "HDFS disk to check"
+			value       = "$cloudera_hdfs_space_disk$"
+			required    = true
+		}
+		"-w" = {
+			description = "Warning threshold in percent"
+			value       = "$cloudera_hdfs_space_warn$"
+			required    = true
+		}
+		"-c" = {
+			description = "Critical threshold in percent"
+			value       = "$cloudera_hdfs_space_crit$"
+			required    = true
+		}
+	}
+}
+
+object CheckCommand "cloudera_hdfs_files" {
+	command = [ PluginContribDir + "/check_cloudera_hdfs_files.py" ]
+
+	arguments = {
+		"-H" = {
+			description = "Namenode host"
+			value       = "$cloudera_hdfs_files_host$"
+			required    = true
+		}
+		"-P" = {
+			description = "Namenode port (default 50070)"
+			value       = "$cloudera_hdfs_files_port$"
+			required    = false
+		}
+		"-w" = {
+			description = "Warning threshold"
+			value       = "$cloudera_hdfs_files_warn$"
+			required    = true
+		}
+		"-c" = {
+			description = "Critical threshold"
+			value       = "$cloudera_hdfs_files_crit$"
+			required    = true
+		}
+		"-m" = {
+			description = "Max files count that causes problems (default 140000000)"
+			value       = "$cloudera_hdfs_files_max$"
+			required    = false
+		}
+	}
+}
diff --git a/itl/plugins-contrib.d/databases.conf b/itl/plugins-contrib.d/databases.conf
index 8b4c2ffd2..ecd436502 100644
--- a/itl/plugins-contrib.d/databases.conf
+++ b/itl/plugins-contrib.d/databases.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "mssql_health" {
 	import "ipv4-or-ipv6"
@@ -344,6 +327,7 @@ object CheckCommand "db2_health" {
         arguments = {
                 "--hostname" = {
                         value = "$db2_health_hostname$"
+                        set_if = "$db2_health_not_catalogued$"
                         description = "the host to connect"
                         order = -2
                 }
@@ -424,6 +408,7 @@ object CheckCommand "db2_health" {
         }
 
         vars.db2_health_regexp = false
+        vars.db2_health_not_catalogued = true
         vars.db2_health_hostname = "$check_address$"
         vars.db2_health_report = "short"
 
@@ -517,7 +502,7 @@ object CheckCommand "oracle_health" {
 
 	vars.oracle_home = "/usr/lib/oracle/11.2/client64/lib"
 	vars.oracle_ld_library_path = "/usr/lib/oracle/11.2/client64/lib"
-	vars.oracle_tns_admin = SysconfDir + "/icinga2/plugin-configs"
+	vars.oracle_tns_admin = ConfigDir + "/plugin-configs"
 }
 
 object CheckCommand "postgres" {
@@ -840,3 +825,120 @@ object CheckCommand "redis" {
 	vars.redis_perfparse = false
 	vars.redis_prev_perfdata = false
 }
+
+object CheckCommand "proxysql" {
+	import "plugin-check-command"
+	command = [ PluginContribDir + "/check_proxysql" ]
+
+	arguments = {
+		"--user" = {
+			value = "$proxysql_user$"
+			description = "ProxySQL admin username (default=admin)"
+		}
+		"--password" = {
+			value = "$proxysql_password$"
+			description = "ProxySQL admin password (default=admin)"
+		}
+		"--host" = {
+			value = "$proxysql_host$"
+			description = "ProxySQL hostname / IP (default=127.0.0.1)"
+		}
+		"--port" = {
+			value = "$proxysql_port$"
+			description = "ProxySQL admin port (default=6032)"
+		}
+		"--defaults-file" = {
+			value = "$proxysql_defaultfile$"
+			description = "ProxySQL defaults file"
+		}
+		"--type" = {
+			value = "$proxysql_type$"
+			description = "ProxySQL check type (one of conns,hg,rules,status,var)"
+			required = true
+		}
+		"--name" = {
+			value = "$proxysql_name$"
+			description = "ProxySQL variable name to check"
+		}
+		"--lower" = {
+			value = "$proxysql_lower$"
+			description = "Alert if ProxySQL value are LOWER than defined WARN / CRIT thresholds (only applies to 'var' check type)"
+		}
+		"--runtime" = {
+			value = "$proxysql_runtime$"
+			description = "Force ProxySQL Nagios check to query the runtime_mysql_XXX tables rather than the mysql_XXX tables"
+		}
+		"--warning" = {
+			value = "$proxysql_warning$"
+			description = "Warning threshold"
+		}
+		"--critical" = {
+			value = "$proxysql_critical$"
+			description = "Critical threshold"
+		}
+		"--include-hostgroup" = {
+			value = "$proxysql_include_hostgroup$"
+			description = "ProxySQL hostgroup(s) to include (only applies to '--type hg' checks, accepts comma-separated list)"
+		}
+		"--ignore-hostgroup" = {
+			value = "$proxysql_ignore_hostgroup$"
+			description = "ProxySQL hostgroup(s) to ignore (only applies to '--type hg' checks, accepts comma-separated list)"
+		}
+	}
+}
+
+object CheckCommand "memcached" {
+	command = [ PluginContribDir + "/check_memcached" ]
+
+	arguments = {
+		"-H" = {
+			value = "$memcached_hostname$"
+			required = true
+			description = "Hostname or IP address (required) optional ':port' overrides -p"
+		}
+		"-p" = {
+			value = "$memcached_port$"
+			description = "Port number (default: 11211)"
+		}
+		"-v" = {
+			set_if = "$memcached_verbose$"
+			description = "verbose messages"
+		}
+		"-n" = {
+			value = "$memcached_keep$"
+			description = "Keep up to this many items in the history object in memcached (default: 30)"
+		}
+		"-T" = {
+			value = "$memcached_minimum_stat_interval$"
+			description = "Minimum time interval (in minutes) to use to analyse stats. (default: 30)"
+		}
+		"-w" = {
+			value = "$memcached_warning_hits_misses$"
+			description = "Generate warning if quotient of hits/misses falls below this value (default: 2.0)"
+		}
+		"-E" = {
+			value = "$memcached_warning_evictions$"
+			description = "Generate warning if number of evictions exceeds this threshold. 0=disable. (default: 10)"
+		}
+		"-t" = {
+			value = "$memcached_timeout$"
+			description = "timeout in seconds (default: 1.0)"
+		}
+		"-k" = {
+			value = "$memcached_key$"
+			description = "key name for history object (default: check_memcached)"
+		}
+		"-K" = {
+			value = "$memcached_expiry$"
+			description = "expiry time in seconds for history object (default: 7200)"
+		}
+		"-r" = {
+			set_if = "$memcached_performance_output$"
+			description = "output performance statistics as rate-per-minute figures (better suited to pnp4nagios)"
+		}
+	}
+
+	vars.memcached_hostname = "127.0.0.1"
+	vars.memcached_minimum_stat_interval = "10"
+	vars.memcached_performance_output = true
+}
diff --git a/itl/plugins-contrib.d/hardware.conf b/itl/plugins-contrib.d/hardware.conf
index ae7c3f9ba..c412cb752 100644
--- a/itl/plugins-contrib.d/hardware.conf
+++ b/itl/plugins-contrib.d/hardware.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "hpasm" {
 	import "ipv4-or-ipv6"
@@ -204,3 +187,81 @@ object CheckCommand "openmanage" {
 		}
 	}
 }
+
+object CheckCommand "lmsensors" {
+	command = [ PluginContribDir + "/check_lmsensors" ]
+
+	arguments = {
+		"-w" = {
+			value = "$lmsensors_warning$"
+			description = "Exit with WARNING status if above INTEGER degrees"
+			required = true
+		}
+		"-c" = {
+			value = "$lmsensors_critical$"
+			description = "Exit with CRITICAL status if above INTEGER degrees"
+			required = true
+		}
+		"--sensor" = {
+			value = "$lmsensors_sensor$"
+			description = "Set what to monitor, for example CPU or MB (or M/B). Check sensors for the correct word. Default is CPU."
+		}
+	}
+
+	vars.lmsensors_warning = "75"
+	vars.lmsensors_critical = "80"
+	vars.lmsensors_sensor = "Core"
+}
+
+object CheckCommand "hddtemp" {
+	import "plugin-check-command"
+	command = [ PluginContribDir + "/check_hddtemp" ]
+
+	arguments = {
+		"--server" = {
+			value = "$hddtemp_server$"
+			description = "server name or address"
+			required = true
+		}
+		"--port" = {
+			value = "$hddtemp_port$"
+			description = "port number"
+		}
+		"--devices" = {
+			value = "$hddtemp_devices$"
+			description = "comma separated devices list, or empty for all devices in hddtemp response"
+		}
+		"--separator" = {
+			value = "$hddtemp_separator$"
+			description = "hddtemp separator"
+		}
+		"--warning" = {
+			value = "$hddtemp_warning$"
+			description = "warning temperature"
+			required = true
+		}
+		"--critical" = {
+			value = "$hddtemp_critical$"
+			description = "critical temperature"
+			required = true
+		}
+		"--timeout" = {
+			value = "$hddtemp_timeout$"
+			description = "receiving data from hddtemp operation network timeout"
+		}
+		"--performance-data" = {
+			set_if = "$hddtemp_performance$"
+			description = "return performance data"
+		}
+		"--quiet" = {
+			set_if = "$hddtemp_quiet$"
+			description = "be quiet"
+		}
+	}
+
+	vars.hddtemp_server = "127.0.0.1"
+	vars.hddtemp_warning = 55
+	vars.hddtemp_critical = 60
+	vars.hddtemp_performance = true
+	vars.hddtemp_timeout = 5
+}
diff --git a/itl/plugins-contrib.d/icingacli.conf b/itl/plugins-contrib.d/icingacli.conf
index 056b84ae7..3086aabec 100644
--- a/itl/plugins-contrib.d/icingacli.conf
+++ b/itl/plugins-contrib.d/icingacli.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com)   *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 template CheckCommand "icingacli" {
 	command = [ PrefixDir + "/bin/icingacli" ]
@@ -68,3 +51,70 @@ object CheckCommand "icingacli-director" {
         }
 }
 
+object CheckCommand "icingacli-elasticsearch" {
+        import "icingacli"
+
+        command += [ "elasticsearch", "check" ]
+
+        arguments = {
+                "--instance" = {
+                        value = "$icingacli_elasticsearch_instance$"
+                        description = "Elasticsearch instance to connect to"
+                }
+                "--crit" = {
+                        value = "$icingacli_elasticsearch_critical$"
+                        description = "Critical threshold"
+                }
+                "--warn" = {
+                        value = "$icingacli_elasticsearch_warning$"
+                        description = "Warning threshold"
+                }
+                "--index" = {
+                        value = "$icingacli_elasticsearch_index$"
+                        description = "Index pattern to use when searching"
+                }
+                "--filter" = {
+                        value = "$icingacli_elasticsearch_filter$"
+                        description = "Filter for events"
+                }
+                "--from" = {
+                        value = "$icingacli_elasticsearch_from$"
+                        description = "Negative value of time to search from now"
+                }
+        }
+
+}
+
+object CheckCommand "icingacli-x509" {
+        import "icingacli"
+
+        command += [ "x509", "check", "host" ]
+
+        arguments = {
+                "--ip" = {
+                        value = "$icingacli_x509_ip$"
+                        description = "A hosts IP address"
+                }
+                "--host" = {
+                        value = "$icingacli_x509_host$"
+                        description = "A hosts name"
+                }
+                "--port" = {
+                        value = "$icingacli_x509_port$"
+                        description = "The port to check in particular"
+                }
+                "--warning" = {
+                        value = "$icingacli_x509_warning$"
+                        description = "Less remaining time results in state WARNING"
+                }
+                "--critical" = {
+                        value = "$icingacli_x509_critical$"
+                        description = "Less remaining time results in state CRITICAL"
+                }
+                "--allow-self-signed" = {
+                        set_if = "$icingacli_x509_allow_self_signed$"
+                        description = "Ignore if a certificate or its issuer has been self-signed"
+                }
+        }
+}
+
diff --git a/itl/plugins-contrib.d/ipmi.conf b/itl/plugins-contrib.d/ipmi.conf
index 95570406a..200d56747 100644
--- a/itl/plugins-contrib.d/ipmi.conf
+++ b/itl/plugins-contrib.d/ipmi.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "ipmi-sensor" {
 	import "ipv4-or-ipv6"
@@ -103,6 +86,10 @@ object CheckCommand "ipmi-sensor" {
 			set_if = "$ipmi_debug$"
 			description = "Be Verbose debugging output, followed by normal multi line output"
 		}
+		"-us" = {
+			value = "$ipmi_unify_file$"
+			description = "Path to the unify file to unify sensor names."
+		}
 	}
 
 	vars.ipmi_address = "$check_address$"
diff --git a/itl/plugins-contrib.d/logmanagement.conf b/itl/plugins-contrib.d/logmanagement.conf
index 6e1a910a9..16cafe044 100644
--- a/itl/plugins-contrib.d/logmanagement.conf
+++ b/itl/plugins-contrib.d/logmanagement.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "logstash" {
 	import "ipv4-or-ipv6"
@@ -72,3 +55,106 @@ object CheckCommand "logstash" {
 	vars.logstash_heap_warn = 70
 	vars.logstash_heap_crit = 80
 }
+
+object CheckCommand "logfiles" {
+	command = [ PluginContribDir + "/check_logfiles" ]
+
+	arguments = {
+		"--tag" = {
+			value = "$logfiles_tag$"
+			description = "A short unique descriptor for this search. It will appear in the output of the plugin and is used to separare the different services."
+		}
+		"--logfile" = {
+			value = "$logfiles_logfile$"
+			description = "This is the name of the log file you want to scan."
+		}
+		"--rotation" = {
+			value = "$logfiles_rotation$"
+			description = "This is the method how log files are rotated. One of the predefined methods or a regular expression, which helps identify the rotated archives. If this key is missing, check_logfiles assumes that the log file will be simply overwritten instead of rotated."
+		}
+		"--criticalpattern" = {
+			value = "$logfiles_critical_pattern$"
+			description = "A regular expression which will trigger a critical error."
+		}
+		"--warningpattern" = {
+			value = "$logfiles_warning_pattern$"
+			description = "A regular expression which will trigger a warning error."
+		}
+		"--criticalexception" = {
+			value = "$logfiles_critical_exception$"
+			description = "A regular expression, the exceptions which are not counted as critical errors."
+		}
+		"--warningexception" = {
+			value = "$logfiles_warning_exception$"
+			description = "A regular expression, the exceptions which are not counted as warning errors."
+		}
+		"--okpattern" = {
+			value = "$logfiles_ok_pattern$"
+			description = "A regular expression which resets the error counters."
+		}
+		"--noprotocol" = {
+			set_if = "$logfiles_no_protocol$"
+			description = "Normally all the matched lines are written into a protocol file with this file’s name appearing in the plugin’s output. This option switches this off."
+		}
+		"--syslogserver" = {
+			set_if = "$logfiles_syslog_server$"
+			description = "With this option you limit the pattern matching to lines originating from the host check_logfiles is running on."
+		}
+		"--syslogclient" = {
+			value = "$logfiles_syslog_client$"
+			description = "With this option you limit the pattern matching to lines originating from the host named in this option."
+		}
+		"--sticky" = {
+			value = "$logfiles_sticky$"
+			description = "Errors are propagated through successive runs."
+		}
+		"--unstick" = {
+			set_if = "$logfiles_unstick$"
+			description = "Resets sticky errors."
+		}
+		"--config" = {
+			value = "$logfiles_config$"
+			description = "The name of a configuration file."
+		}
+		"--configdir" = {
+			value = "$logfiles_configdir$"
+			description = "The name of a configuration directory. Configfiles ending in .cfg or .conf are (recursively) imported."
+		}
+		"--searches" = {
+			value = "$logfiles_searches$"
+			description = "A list of tags of those searches which are to be run. Using this parameter, not all searches listed in the config file are run, but only those selected."
+		}
+		"--selectedsearches" = {
+			value = "$logfiles_selectedsearches$"
+			description = "A list of tags of those searches which are to be run. Using this parameter, not all searches listed in the config file are run, but only those selected."
+		}
+		"--report" = {
+			value = "$logfiles_report$"
+			description = "This option turns on multiline output (Default: off). The setting html generates a table which display the last hits in the service details view. Possible values are: short, long, html or off"
+		}
+		"--maxlength" = {
+			value = "$logfiles_max_length$"
+			description = "With this parameter long lines are truncated (Default: off). Some programs (e.g. TrueScan) generate entries in the eventlog of such a length, that the output of the plugin becomes longer than 1024 characters. NSClient++ discards these."
+		}
+		"--winwarncrit" = {
+			value = "$logfiles_winwarncrit$"
+			description = "With this parameter messages in the eventlog are classified by the type WARNING/ERROR (Default: off). Replaces or complements warning/criticalpattern."
+		}
+		"--rununique" = {
+			set_if = "$logfiles_run_unique$"
+			description = "This parameter prevents check_logfiles from starting when there’s already another instance using the same config file. (exits with UNKNOWN)"
+		}
+		"--timeout" = {
+			value = "$logfiles_timeout$"
+			description = "This parameter causes an abort of a running search after a defined number of seconds. It is an aborted in a controlled manner, so that the lines which have been read so far, are used for the computation of the final result."
+		}
+		"--warning" = {
+			value = "$logfiles_warning$"
+			description = "Complex handler-scripts can be provided with a warning-parameter this way. Inside the scripts the value is accessible as the macro CL_WARNING."
+		}
+		"--critical" = {
+			value = "$logfiles_critical$"
+			description = "Complex handler-scripts can be provided with a critical-parameter this way. Inside the scripts the value is accessible as the macro CL_CRITICAL."
+		}
+	}
+}
diff --git a/itl/plugins-contrib.d/metrics.conf b/itl/plugins-contrib.d/metrics.conf
index 180aa93c6..856ba755c 100644
--- a/itl/plugins-contrib.d/metrics.conf
+++ b/itl/plugins-contrib.d/metrics.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "graphite" {
 	command = [ PluginContribDir + "/check_graphite" ]
diff --git a/itl/plugins-contrib.d/network-components.conf b/itl/plugins-contrib.d/network-components.conf
index e34175952..e6fdba7d2 100644
--- a/itl/plugins-contrib.d/network-components.conf
+++ b/itl/plugins-contrib.d/network-components.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "interfacetable" {
 	command = [ PluginContribDir + "/check_interface_table_v3t" ]
@@ -314,6 +297,10 @@ object CheckCommand "iftraffic" {
 			value = "$iftraffic_community$"
 			description = "SNMP community. Defaults to 'public' if omitted."
 		}
+		"-V" = {
+			value = "$iftraffic_version$"
+			description = "SNMP version. Defaults to '1' if omitted."
+		}
 		"-i" = {
 			value = "$iftraffic_interface$"
 			description = "Interface name."
@@ -563,6 +550,10 @@ object CheckCommand "nwc_health" {
 			value = "$nwc_health_contextname$"
 			description = "The context name for SNMPv3 (empty represents the default context)"
 		}
+		"--community2" = {
+			value = "$nwc_health_community2$"
+			description = "SNMP community which can be used to switch the context during runtime"
+		}
 		"--mode" = {
 			value = "$nwc_health_mode$"
 			description = "Which mode should be executed. A list of all available modes can be found in the plugin documentation"
@@ -603,6 +594,10 @@ object CheckCommand "nwc_health" {
 			value = "$nwc_health_name2$"
 			description = "The secondary name of a component"
 		}
+		"--name3" = {
+			value = "$nwc_health_name3$"
+			description = "The tertiary name of a component"
+		}
 		"--role" = {
 			value = "$nwc_health_role$"
 			description = "The role of this device in a hsrp group (active/standby/listen)"
@@ -625,10 +620,12 @@ object CheckCommand "nwc_health" {
 		}
 		"--warningx" = {
 			value = "$nwc_health_warningx$"
+			repeat_key = true
 			description = "The extended warning thresholds"
 		}
 		"--criticalx" = {
 			value = "$nwc_health_criticalx$"
+			repeat_key = true
 			description = "The extended critical thresholds"
 		}
 		"--mitigation" = {
@@ -676,3 +673,163 @@ object CheckCommand "nwc_health" {
 	vars.nwc_health_hostname = "$check_address$"
 	vars.nwc_health_mode = "hardware-health"
 }
+
+object CheckCommand "printer_health" {
+	import "ipv4-or-ipv6"
+
+	command = [ PluginContribDir + "/check_printer_health" ]
+
+	arguments = {
+		"--timeout" = {
+			value = "$printer_health_timeout$"
+			description = "Seconds before plugin times out (default: 15)"
+		}
+		"--blacklist" = {
+			value = "$printer_health_blacklist$"
+			description = "Blacklist some (missing/failed) components"
+		}
+		"--hostname" = {
+			value = "$printer_health_hostname$"
+			description = "Hostname or IP-address of the switch or router"
+		}
+		"--port" = {
+			value = "$printer_health_port$"
+			description = "The SNMP port to use (default: 161)"
+		}
+		"--domain" = {
+			value = "$printer_health_domain$"
+			description = "The transport domain to use (default: udp/ipv4, other possible values: udp6, udp/ipv6, tcp, tcp4, tcp/ipv4, tcp6, tcp/ipv6)"
+		}
+		"--protocol" = {
+			value = "$printer_health_protocol$"
+			description = "The SNMP protocol to use (default: 2c, other possibilities: 1,3)"
+		}
+		"--community" = {
+			value = "$printer_health_community$"
+			description = "SNMP community of the server (SNMP v1/2 only)"
+		}
+		"--username" = {
+			value = "$printer_health_username$"
+			description = "The securityName for the USM security model (SNMPv3 only)"
+		}
+		"--authpassword" = {
+			value = "$printer_health_authpassword$"
+			description = "The authentication password for SNMPv3"
+		}
+		"--authprotocol" = {
+			value = "$printer_health_authprotocol$"
+			description = "The authentication protocol for SNMPv3 (md5|sha)"
+		}
+		"--privpassword" = {
+			value = "$printer_health_privpassword$"
+			description = "The password for authPriv security level"
+		}
+		"--privprotocol" = {
+			value = "$printer_health_privprotocol$"
+			description = "The private protocol for SNMPv3 (des|aes|aes128|3des|3desde)"
+		}
+		"--contextengineid" = {
+			value = "$printer_health_contextengineid$"
+			description = "The context engine id for SNMPv3 (10 to 64 hex characters)"
+		}
+		"--contextname" = {
+			value = "$printer_health_contextname$"
+			description = "The context name for SNMPv3 (empty represents the default context)"
+		}
+		"--community2" = {
+			value = "$printer_health_community2$"
+			description = "SNMP community which can be used to switch the context during runtime"
+		}
+		"--mode" = {
+			value = "$printer_health_mode$"
+			description = "Which mode should be executed. Available modes: hardware-health, supplies-status and uptime."
+		}
+		"--name" = {
+			value = "$printer_health_name$"
+			description = "The name of an interface (ifDescr)"
+		}
+		"--regexp" = {
+			set_if = "$printer_health_regexp$"
+			description = "A flag indicating that --name is a regular expression"
+		}
+		"--units" = {
+			value = "$printer_health_units$"
+			description = "One of %, B, KB, MB, GB, Bit, KBi, MBi, GBi. (used for e.g. mode interface-usage)"
+		}
+		"--name2" = {
+			value = "$printer_health_name2$"
+			description = "The secondary name of a component"
+		}
+		"--name3" = {
+			value = "$printer_health_name3$"
+			description = "The teritary name of a component"
+		}
+		"--report" = {
+			value = "$printer_health_report$"
+			description = "Can be used to shorten the output."
+		}
+		"--lookback" = {
+			value = "$printer_health_lookback$"
+			description = "The amount of time you want to look back when calculating average rates. Use it for mode interface-errors or interface-usage. Without --lookback the time between two runs of check_printer_health is the base for calculations. If you want your checkresult to be based for example on the past hour, use --lookback 3600." 
+		}
+		"--critical" = {
+			value = "$printer_health_critical$"
+			description = "The critical threshold"
+		}
+		"--warning" = {
+			value = "$printer_health_warning$"
+			description = "The warning threshold"
+		}
+		"--warningx" = {
+			value = "$printer_health_warningx$"
+			description = "The extended warning thresholds"
+		}
+		"--criticalx" = {
+			value = "$printer_health_criticalx$"
+			description = "The extended critical thresholds"
+		}
+		"--mitigation" = {
+			value = "$printer_health_mitigation$"
+			description = "The parameter allows you to change a critical error to a warning."
+		}
+		"--selectedperfdata" = {
+			value = "$printer_health_selectedperfdata$"
+			description = "The parameter allows you to limit the list of performance data. It's a perl regexp. Only matching perfdata show up in the output."
+		}
+		"--morphperfdata" = {
+			value = "$printer_health_morphperfdata$"
+			description = "The parameter allows you to change performance data labels. It's a perl regexp and a substitution. --morphperfdata '(.*)ISATAP(.*)'='$1patasi$2'"
+		}
+		"--negate" = {
+			value = "$printer_health_negate$"
+			description = "The parameter allows you to map exit levels, such as warning=critical"
+		}
+		"--with-mymodules-dyn-dir" = {
+			value = "$printer_health_mymodules-dyn-dir$"
+			description = "A directory where own extensions can be found"
+		}
+		"--servertype" = {
+			value = "$printer_health_servertype$"
+			description = "The type of the network device: cisco (default). Use it if auto-detection is not possible"
+		}
+		"--statefilesdir" = {
+			value = "$printer_health_statefilesdir$"
+			description = "An alternate directory where the plugin can save files"
+		}
+		"--oids" = {
+			value = "$printer_health_oids$"
+			description = "A list of oids which are downloaded and written to a cache file. Use it together with --mode oidcache"
+		}
+		"--offline" = {
+			value = "$printer_health_offline$"
+			description = "The maximum number of seconds since the last update of cache file before it is considered too old"
+		}
+		"--multiline" = {
+			set_if = "$printer_health_multiline$"
+			description = "Multiline output"
+		}
+	}
+
+	vars.printer_health_hostname = "$check_address$"
+	vars.printer_health_mode = "supplies-status"
+}
diff --git a/itl/plugins-contrib.d/network-services.conf b/itl/plugins-contrib.d/network-services.conf
index 31a9c84a0..89554e4cc 100644
--- a/itl/plugins-contrib.d/network-services.conf
+++ b/itl/plugins-contrib.d/network-services.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "kdc" {
 	import "ipv4-or-ipv6"
@@ -81,3 +64,56 @@ object CheckCommand "rbl" {
 	vars.rbl_warning = 1
 	vars.rbl_critical = 1
 }
+
+object CheckCommand "lsyncd" {
+	import "plugin-check-command"
+	command = [ PluginContribDir + "/check_lsyncd" ]
+
+	arguments = {
+		"-s" = {
+			value = "$lsyncd_statfile$"
+			description = "Set status file path (default: /var/run/lsyncd.status)."
+		}
+		"-w" = {
+			value = "$lsyncd_warning$"
+			description = "Warning if more than N delays (default: 10)."
+		}
+		"-c" = {
+			value = "$lsyncd_critical$"
+			description = "Critical if more then N delays (default: 100)."
+		}
+	}
+}
+
+object CheckCommand "fail2ban" {
+	command = [ "sudo", PluginContribDir + "/check_fail2ban" ]
+
+	arguments = {
+		"-D" = {
+			value = "$fail2ban_display$"
+			description = "To modify the output display, default is 'CHECK FAIL2BAN ACTIVITY'"
+		}
+		"-P" = {
+			value = "$fail2ban_path$"
+			description = "Specify the path to the tw_cli binary, default value is /usr/bin/fail2ban-client"
+		}
+		"-w" = {
+			value = "$fail2ban_warning$"
+			description = "Specify a warning threshold, default is 1"
+		}
+		"-c" = {
+			value = "$fail2ban_critical$"
+			description = "Specify a critical threshold, default is 2"
+		}
+		"-s" = {
+			value = "$fail2ban_socket$"
+			description = "Specify a socket path, default is unset"
+		}
+		"-p" = {
+			set_if = "$fail2ban_perfdata$"
+			description = "If set to true, activate the perfdata output"
+		}
+	}
+
+	vars.fail2ban_perfdata = true
+}
diff --git a/itl/plugins-contrib.d/operating-system.conf b/itl/plugins-contrib.d/operating-system.conf
index c58332c98..afab177f0 100644
--- a/itl/plugins-contrib.d/operating-system.conf
+++ b/itl/plugins-contrib.d/operating-system.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "mem" {
 	command = [ PluginContribDir + "/check_mem.pl" ]
@@ -48,6 +31,26 @@ object CheckCommand "mem" {
 	vars.mem_cache = false
 }
 
+object CheckCommand "sar-perf" {
+	command = [ PluginContribDir + "/check_sar_perf.py" ]
+
+	arguments = {
+		"sar_perf_profile" = {
+			value = "$sar_perf_profile$"
+			description = "Define the run profile: pagestat, cpu, memory_util, memory_stat, io_transfer, queueln_load, swap_util, swap_stat, task, kernel, disk <disk>. Can be a string or an array of multiple profiles."
+			skip_key = true
+			repeat_key = false
+			required = true
+		}
+		"sar_perf_disk" = {
+			value = "$sar_perf_disk$"
+			set_if = {{ macro("$sar_perf_profile$") == "disk" }}
+			description = "Disk name for the 'disk' profile"
+			skip_key = true
+		}
+	}
+}
+
 object CheckCommand "running_kernel" {
 	command = {{
 		var use_sudo = macro("$running_kernel_use_sudo$")
diff --git a/itl/plugins-contrib.d/raid-controller.conf b/itl/plugins-contrib.d/raid-controller.conf
index 7b3f738a2..17fb388e1 100644
--- a/itl/plugins-contrib.d/raid-controller.conf
+++ b/itl/plugins-contrib.d/raid-controller.conf
@@ -6,7 +6,7 @@
 object CheckCommand "adaptec-raid" {
 	import "plugin-check-command"
 
-	command = [ PluginDir + "/check_adaptec_raid" ]
+	command = [ PluginContribDir + "/check_adaptec_raid" ]
 
 	arguments = {
 		"-C" = {
@@ -27,20 +27,96 @@ object CheckCommand "adaptec-raid" {
 object CheckCommand "lsi-raid" {
 	import "plugin-check-command"
 
-	command = [ PluginDir + "/check_lsi_raid" ]
+	command = [ PluginContribDir + "/check_lsi_raid" ]
 
 	arguments = {
 		"-C" = {
-			required = true
 			value = "$lsi_controller_number$"
 			description = "Insert the controller number to be checked."
 		}
 		"-p" = {
-			required = true
 			value = "$storcli_path$"
 			description = "Insert the path to storcli (e.g. /usr/sbin/storcli)."
 		}
+		"-EID" = {
+			value = "$lsi_enclosure_id$"
+			description = "Enclosure numbers to be checked, comma-separated."
+		}
+		"-LD" = {
+			value = "$lsi_ld_id$"
+			description = "Logical devices to be checked, comma-separated."
+		}
+		"-PD" = {
+			value = "$lsi_pd_id$"
+			description = "Physical devices to be checked, comma-separated."
+		}
+		"-Tw" = {
+			value = "$lsi_temp_warning$"
+			description = "RAID controller warning temperature."
+		}
+		"-Tc" = {
+			value = "$lsi_temp_critical$"
+			description = "RAID controller critical temperature."
+		}
+		"-PDTw" = {
+			value = "$lsi_pd_temp_warning$"
+			description = "Disk warning temperature."
+		}
+		"-PDTc" = {
+			value = "$lsi_pd_temp_critical$"
+			description = "Disk critical temperature."
+		}
+		"-BBUTw" = {
+			value = "$lsi_bbu_temp_warning$"
+			description = "Battery warning temperature."
+		}
+		"-BBUTc" = {
+			value = "$lsi_bbu_temp_critical$"
+			description = "Battery critical temperature."
+		}
+		"-CVTw" = {
+			value = "$lsi_cv_temp_warning$"
+			description = "CacheVault warning temperature."
+		}
+		"-CVTc" = {
+			value = "$lsi_cv_temp_critical$"
+			description = "CacheVault critical temperature."
+		}
+		"-Im" = {
+			value = "$lsi_ignored_media_errors$"
+			description = "Warning threshold for media errors."
+		}
+		"-Io" = {
+			value = "$lsi_ignored_other_errors$"
+			description = "Warning threshold for other errors."
+		}
+		"-Ip" = {
+			value = "$lsi_ignored_predictive_fails$"
+			description = "Warning threshold for predictive failures."
+		}
+		"-Is" = {
+			value = "$lsi_ignored_shield_counters$"
+			description = "Warning threshold for shield counter."
+		}
+		"-Ib" = {
+			value = "$lsi_ignored_bbm_counters$"
+			description = "Warning threshold for BBM counter."
+		}
+		"-b" = {
+			value = "$lsi_bbu$"
+			description = "Define if BBU is present and it's state should be checked."
+		}
+		"--noenclosures" = {
+			set_if = "$lsi_noenclosures$"
+			description = "Define if enclosures are present."
+		}
+		"--nosudo" = {
+			set_if = "$lsi_nosudo$"
+			description = "Do not use sudo when running storcli."
+		}
+		"--nocleanlogs" = {
+			set_if = "$lsi_nocleanlogs$"
+			description = "Do not clean up the log files after executing storcli checks."
+		}
 	}
-
-	vars.storcli_path = "/usr/sbin/storcli"
 }
diff --git a/itl/plugins-contrib.d/smart-attributes.conf b/itl/plugins-contrib.d/smart-attributes.conf
index 25e3333dd..20eb34584 100644
--- a/itl/plugins-contrib.d/smart-attributes.conf
+++ b/itl/plugins-contrib.d/smart-attributes.conf
@@ -5,7 +5,7 @@
 object CheckCommand "smart-attributes" {
 	import "plugin-check-command"
 
-	command = [ PluginDir + "/check_smart_attributes" ]
+	command = [ PluginContribDir + "/check_smart_attributes" ]
 
 	arguments = {
 		"-dbj" = {
@@ -20,5 +20,5 @@ object CheckCommand "smart-attributes" {
 		}
 	}
 
-	vars.smart_attributes_config_path = SysconfDir + "/icinga2/plugins-config/check_smartdb.json"
+	vars.smart_attributes_config_path = ConfigDir + "/plugins-config/check_smartdb.json"
 }
diff --git a/itl/plugins-contrib.d/storage.conf b/itl/plugins-contrib.d/storage.conf
index 4cddb4fdd..dca080eb0 100644
--- a/itl/plugins-contrib.d/storage.conf
+++ b/itl/plugins-contrib.d/storage.conf
@@ -1,24 +1,7 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "glusterfs" {
-	command = [ "sudo", PluginDir + "/check_glusterfs" ]
+	command = [ "sudo", PluginContribDir + "/check_glusterfs" ]
 
 	arguments = {
 		"--perfdata" = {
@@ -56,3 +39,81 @@ object CheckCommand "glusterfs" {
 	vars.glusterfs_inode_warning = 90
 	vars.glusterfs_inode_critical = 95
 }
+
+object CheckCommand "ceph" {
+	command = [ PluginContribDir + "/check_ceph.py" ]
+
+	arguments = {
+		"-e" = {
+			value = "$ceph_exec_dir$"
+			required = false
+			description = "ceph executable [/usr/bin/ceph]"
+		}
+		"-c" = {
+			value = "$ceph_conf_file$"
+			required = false
+			description = "alternative ceph conf file"
+		}
+		"-m" = {
+			value = "$ceph_mon_address$"
+			required = false
+			description = "ceph monitor address[:port]"
+		}
+		"-i" = {
+			value = "$ceph_client_id$"
+			required = false
+			description = "ceph client id"
+		}
+		"-n" = {
+			value = "$ceph_client_name$"
+			required = false
+			description = "ceph client name"
+		}
+		"-k" = {
+			value = "$ceph_client_key$"
+			required = false
+			description = "ceph client keyring file"
+		}
+		"-w" = {
+			value = "$ceph_whitelist$"
+			required = false
+			description = "whitelist regexp for ceph health warnings"
+		}
+		"-d" = {
+			set_if = "$ceph_details$"
+			description = "exec 'ceph health detail'"
+		}
+	}
+}
+
+object CheckCommand "btrfs" {
+	import "plugin-check-command"
+	command = [ "sudo", PluginContribDir + "/check_btrfs" ]
+
+	arguments = {
+		"--allocated-warning-gib" = {
+			value = "$btrfs_awg$"
+			description = "Exit with WARNING status if less than the specified amount of disk space (in GiB) is unallocated"
+		}
+		"--allocated-critical-gib" = {
+			value = "$btrfs_acg$"
+			description = "Exit with CRITICAL status if less than the specified amount of disk space (in GiB) is unallocated"
+		}
+		"--allocated-warning-percent" = {
+			value = "$btrfs_awp$"
+			description = "Exit with WARNING status if more than the specified percent of disk space is allocated"
+		}
+		"--allocated-critical-percent" = {
+			value = "$btrfs_acp$"
+			description = "Exit with CRITICAL status if more than the specified percent of disk space is allocated"
+		}
+		"--mountpoint" = {
+			value = "$btrfs_mountpoint$"
+			description = "Path to the BTRFS mountpoint"
+			required = true
+		}
+	}
+	vars.btrfs_awp = 80
+	vars.btrfs_acp = 90
+}
+
diff --git a/itl/plugins-contrib.d/virtualization.conf b/itl/plugins-contrib.d/virtualization.conf
index 7a1401c05..19a249db8 100644
--- a/itl/plugins-contrib.d/virtualization.conf
+++ b/itl/plugins-contrib.d/virtualization.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "esxi_hardware" {
 	command = [ PluginContribDir + "/check_esxi_hardware.py" ]
@@ -49,6 +32,10 @@ object CheckCommand "esxi_hardware" {
 			value = "$esxi_hardware_ignore$"
 			description = "comma-separated list of elements to ignore"
 		}
+		"-r" = {
+			set_if = "$esxi_hardware_regex$"
+			description = "Allow regular expression lookups of elements in ignore list"
+		}
 		"-p" = {
 			set_if = "$esxi_hardware_perfdata$"
 			description = "collect performance data for pnp4nagios"
@@ -81,6 +68,7 @@ object CheckCommand "esxi_hardware" {
 
 	vars.esxi_hardware_host = "$address$"
 	vars.esxi_hardware_port = 5989
+	vars.esxi_hardware_regex = false
 	vars.esxi_hardware_perfdata = false
 	vars.esxi_hardware_nopower = false
 	vars.esxi_hardware_novolts = false
diff --git a/itl/plugins-contrib.d/vmware.conf b/itl/plugins-contrib.d/vmware.conf
index 2663ca5e2..63ee3fa06 100644
--- a/itl/plugins-contrib.d/vmware.conf
+++ b/itl/plugins-contrib.d/vmware.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 /**
  * main vmware-esx template
@@ -686,6 +669,11 @@ object CheckCommand "vmware-esx-soap-host-runtime" {
 
 	arguments += {
 		"--select" = "runtime"
+		"--exclude" = "$vmware_exclude$"
+		"--include" = "$vmware_include$"
+		"--isregexp" = {
+			set_if = "$vmware_isregexp$"
+		}
 	}
 }
 
diff --git a/itl/plugins-contrib.d/web.conf b/itl/plugins-contrib.d/web.conf
index 49bf33166..c7c4d2358 100644
--- a/itl/plugins-contrib.d/web.conf
+++ b/itl/plugins-contrib.d/web.conf
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 object CheckCommand "webinject" {
 	command = [ PluginContribDir + "/check_webinject" ]
@@ -342,12 +325,20 @@ object CheckCommand "apache-status" {
 		}
 		"-s" = {
 			set_if = "$apache_status_ssl$"
-			description = "Wether we should use HTTPS instead of HTTP"
+			description = "Whether we should use HTTPS instead of HTTP"
 		}
 		"-u" = {
 			value = "$apache_status_uri$"
 			description = "Specific URL to use, instead of the default 'http://<apache_status_address>/server-status'"
 		}
+		"-U" = {
+			value = "$apache_status_username$"
+			description = "username for basic auth"
+		}
+		"-P" = {
+			value = "$apache_status_password$"
+			description = "password for basic auth"
+		}
 		"-w" = {
 			value = "$apache_status_warning$"
 			description = "number of open slots, busy workers and idle workers that will cause a WARNING"
@@ -360,6 +351,14 @@ object CheckCommand "apache-status" {
 			value = "$apache_status_timeout$"
 			description = "timeout in seconds"
 		}
+		"-N" = {
+			set_if = "$apache_status_no_validate$"
+			description = "do not validate the SSL certificate chain"
+		}
+		"-R" = {
+			set_if = "$apache_status_unreachable$"
+			description = "CRITICAL if socket timed out or http code >= 500"
+		}
 	}
 
 	vars.apache_status_address = "$check_address$"
@@ -561,3 +560,176 @@ object CheckCommand "ssl_cert" {
 	vars.ssl_cert_address = "$check_address$"
 	vars.ssl_cert_port = 443
 }
+
+object CheckCommand "varnish" {
+	import "plugin-check-command"
+	command = [ PluginContribDir + "/check_varnish" ]
+
+	arguments = {
+		"-n" = {
+			value = "$varnish_name$"
+			description = "Specify the Varnish instance name"
+		}
+		"-p" = {
+			value = "$varnish_param$"
+			description = "Specify the parameter to check (see below). The default is 'ratio'."
+		}
+		"-c" = {
+			value = "$varnish_critical$"
+			description = "Set critical threshold: [@][lo:]hi"
+		}
+		"-w" = {
+			value = "$varnish_warning$"
+			description = "Set warning threshold: [@][lo:]hi"
+		}
+	}
+}
+
+object CheckCommand "haproxy" {
+	import "plugin-check-command"
+	command = [ PluginContribDir + "/check_haproxy" ]
+
+	arguments = {
+		"--username" = {
+			value = "$haproxy_username$"
+			description = "Username for HTTP Auth"
+		}
+		"--password" = {
+			value = "$haproxy_password$"
+			description = "Password for HTTP Auth"
+		}
+		"--url" = {
+			value = "$haproxy_url$"
+			description = "URL of the HAProxy csv statistics page"
+			required = true
+		}
+		"--timeout" = {
+			value = "$haproxy_timeout$"
+			description = "Seconds before plugin times out (default: 10)"
+		}
+		"-w" = {
+			value = "$haproxy_warning$"
+			description = "Warning request time threshold (in seconds)"
+		}
+		"-c" = {
+			value = "$haproxy_critical$"
+			description = "Critical request time threshold (in seconds)"
+		}
+	}
+}
+
+object CheckCommand "haproxy_status" {
+	import "plugin-check-command"
+	command = [ PluginContribDir + "/check_haproxy_status" ]
+
+	arguments = {
+		"--defaults" = {
+			value = "$haproxy_status_default$"
+			description = "Set/Override the defaults which will be applied to all checks (unless specifically set by --overrides)."
+		}
+		"--frontends" = {
+			set_if = "$haproxy_status_frontends$"
+			description = "Enable checks for the frontends in HAProxy (that they're marked as OPEN and the session limits haven't been reached)."
+		}
+		"--nofrontends" = {
+			set_if = "$haproxy_status_nofrontends$"
+			description = "Disable checks for the frontends in HAProxy (that they're marked as OPEN and the session limits haven't been reached)."
+		}
+		"--backends" = {
+			set_if = "$haproxy_status_backends$"
+			description = "Enable checks for the backends in HAProxy (that they have the required quorum of servers, and that the session limits haven't been reached)."
+		}
+		"--nobackends" = {
+			set_if = "$haproxy_status_nobackends$"
+			description = "Disable checks for the backends in HAProxy (that they have the required quorum of servers, and that the session limits haven't been reached)."
+		}
+		"--servers" = {
+			set_if = "$haproxy_status_servers$"
+			description = "Enable checks for the servers in HAProxy (that they haven't reached the limits for the sessions or for queues)."
+		}
+		"--noservers" = {
+			set_if = "$haproxy_status_noservers$"
+			description = "Disable checks for the servers in HAProxy (that they haven't reached the limits for the sessions or for queues)."
+		}
+		"--overrides" = {
+			value = "$haproxy_status_overrides$"
+			description = "Override the defaults for a particular frontend or backend, in the form {name}:{override}, where {override} is the same format as --defaults above."
+		}
+		"--socket" = {
+			value = "$haproxy_status_socket$"
+			description = "Path to the socket check_haproxy should connect to"
+			required = true
+		}
+	}
+}
+
+object CheckCommand "phpfpm_status" {
+	import "plugin-check-command"
+	command = [ PluginContribDir + "/check_phpfpm_status" ]
+
+	arguments = {
+		"-H" = {
+			value = "$phpfpm_status_hostname$"
+			description = "name or IP address of host to check"
+			required = true
+		}
+		"-p" = {
+			value = "$phpfpm_status_port$"
+			description = "Http port, or Fastcgi port when using --fastcgi"
+		}
+		"-u" = {
+			value = "$phpfpm_status_url$"
+			description = "Specific URL (only the path part of it in fact) to use, instead of the default /fpm-status"
+		}
+		"-s" = {
+			value = "$phpfpm_status_servername$"
+			description = "ServerName, (host header of HTTP request) use it if you specified an IP in -H to match the good Virtualhost in your target"
+		}
+		"-f" = {
+			set_if = "$phpfpm_status_fastcgi$"
+			description = "Connect directly to php-fpm via network or local socket, using fastcgi protocol instead of HTTP."
+		}
+		"-U" = {
+			value = "$phpfpm_status_user$"
+			description = "Username for basic auth"
+		}
+		"-P" = {
+			value = "$phpfpm_status_pass$"
+			description = "Password for basic auth"
+		}
+		"-r" = {
+			value = "$phpfpm_status_realm$"
+			description = "Realm for basic auth"
+		}
+		"-d" = {
+			set_if = "$phpfpm_status_debug$"
+			description = "Debug mode (show http request response)"
+		}
+		"-t" = {
+			value = "$phpfpm_status_timeout$"
+			description = "timeout in seconds (Default: 15)"
+		}
+		"-S" = {
+			set_if = "$phpfpm_status_ssl$"
+			description = "Wether we should use HTTPS instead of HTTP. Note that you can give some extra parameters to this settings. Default value is 'TLSv1' but you could use things like 'TLSv1_1' or 'TLSV1_2' (or even 'SSLv23:!SSLv2:!SSLv3' for old stuff)."
+		}
+		"-x" = {
+			set_if = "$phpfpm_status_verifyssl$"
+			description = "verify certificate and hostname from ssl cert, default is 0 (no security), set it to 1 to really make SSL peer name and certificater checks."
+		}
+		"-X" = {
+			value = "$phpfpm_status_cacert$"
+			description = "Full path to the cacert.pem certificate authority used to verify ssl certificates (use with --verifyssl). if not given the cacert from Mozilla::CA cpan plugin will be used."
+		}
+		"-w" = {
+			value = "$phpfpm_status_warn$"
+			description = "MIN_AVAILABLE_PROCESSES,PROC_MAX_REACHED,QUEUE_MAX_REACHED number of available workers, or max states reached that will cause a warning. -1 for no warning"
+		}
+		"-c" = {
+			value = "$phpfpm_status_critical$"
+			description = "MIN_AVAILABLE_PROCESSES,PROC_MAX_REACHED,QUEUE_MAX_REACHED number of available workers, or max states reached that will cause an error, -1 for no CRITICAL"
+		}
+	}
+
+	vars.phpfpm_status_hostname = "$address$"
+}
diff --git a/itl/windows-plugins b/itl/windows-plugins
index e95f0a1e6..a6e00db86 100644
--- a/itl/windows-plugins
+++ b/itl/windows-plugins
@@ -1,20 +1,3 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
  
 include "command-plugins-windows.conf"
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 67ad4afee..004fc154c 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 add_subdirectory(base)
 add_subdirectory(cli)
diff --git a/lib/base/CMakeLists.txt b/lib/base/CMakeLists.txt
index 29daa94a0..100ca27a7 100644
--- a/lib/base/CMakeLists.txt
+++ b/lib/base/CMakeLists.txt
@@ -1,22 +1,8 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(application.ti application-ti.cpp application-ti.hpp)
 mkclass_target(configobject.ti configobject-ti.cpp configobject-ti.hpp)
+mkclass_target(configuration.ti configuration-ti.cpp configuration-ti.hpp)
 mkclass_target(datetime.ti datetime-ti.cpp datetime-ti.hpp)
 mkclass_target(filelogger.ti filelogger-ti.cpp filelogger-ti.hpp)
 mkclass_target(function.ti function-ti.cpp function-ti.hpp)
@@ -27,12 +13,14 @@ mkclass_target(sysloglogger.ti sysloglogger-ti.cpp sysloglogger-ti.hpp)
 
 set(base_SOURCES
   i2-base.hpp
-  application.cpp application.hpp application-ti.hpp application-version.cpp
+  application.cpp application.hpp application-ti.hpp application-version.cpp application-environment.cpp
   array.cpp array.hpp array-script.cpp
+  atomic.hpp
   base64.cpp base64.hpp
   boolean.cpp boolean.hpp boolean-script.cpp
   configobject.cpp configobject.hpp configobject-ti.hpp configobject-script.cpp
   configtype.cpp configtype.hpp
+  configuration.cpp configuration.hpp configuration-ti.hpp
   configwriter.cpp configwriter.hpp
   console.cpp console.hpp
   context.cpp context.hpp
@@ -47,20 +35,25 @@ set(base_SOURCES
   filelogger.cpp filelogger.hpp filelogger-ti.hpp
   function.cpp function.hpp function-ti.hpp function-script.cpp functionwrapper.hpp
   initialize.cpp initialize.hpp
+  io-engine.cpp io-engine.hpp
   json.cpp json.hpp json-script.cpp
+  lazy-init.hpp
   library.cpp library.hpp
   loader.cpp loader.hpp
   logger.cpp logger.hpp logger-ti.hpp
   math-script.cpp
   netstring.cpp netstring.hpp
   networkstream.cpp networkstream.hpp
+  namespace.cpp namespace.hpp namespace-script.cpp
   number.cpp number.hpp number-script.cpp
   object.cpp object.hpp object-script.cpp
   objectlock.cpp objectlock.hpp
+  object-packer.cpp object-packer.hpp
   objecttype.cpp objecttype.hpp
   perfdatavalue.cpp perfdatavalue.hpp perfdatavalue-ti.hpp
   primitivetype.cpp primitivetype.hpp
   process.cpp process.hpp
+  reference.cpp reference.hpp reference-script.cpp
   registry.hpp
   ringbuffer.cpp ringbuffer.hpp
   scriptframe.cpp scriptframe.hpp
@@ -69,13 +62,13 @@ set(base_SOURCES
   serializer.cpp serializer.hpp
   singleton.hpp
   socket.cpp socket.hpp
-  socketevents.cpp socketevents-epoll.cpp socketevents-poll.cpp socketevents.hpp
   stacktrace.cpp stacktrace.hpp
   statsfunction.hpp
   stdiostream.cpp stdiostream.hpp
   stream.cpp stream.hpp
   streamlogger.cpp streamlogger.hpp streamlogger-ti.hpp
   string.cpp string.hpp string-script.cpp
+  stringbuilder.cpp stringbuilder.hpp
   sysloglogger.cpp sysloglogger.hpp sysloglogger-ti.hpp
   tcpsocket.cpp tcpsocket.hpp
   threadpool.cpp threadpool.hpp
@@ -120,7 +113,7 @@ set_target_properties (
   FOLDER Lib
 )
 
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/cache/icinga2\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/log/icinga2/crash\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_CACHEDIR}\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_LOGDIR}/crash\")")
 
 set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "${CPACK_NSIS_EXTRA_INSTALL_COMMANDS}" PARENT_SCOPE)
diff --git a/lib/base/application-environment.cpp b/lib/base/application-environment.cpp
new file mode 100644
index 000000000..819783f8d
--- /dev/null
+++ b/lib/base/application-environment.cpp
@@ -0,0 +1,17 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/application.hpp"
+#include "base/scriptglobal.hpp"
+
+using namespace icinga;
+
+String Application::GetAppEnvironment()
+{
+	Value defaultValue = Empty;
+	return ScriptGlobal::Get("Environment", &defaultValue);
+}
+
+void Application::SetAppEnvironment(const String& name)
+{
+	ScriptGlobal::Set("Environment", name);
+}
diff --git a/lib/base/application-version.cpp b/lib/base/application-version.cpp
index 0bb642519..d17775b73 100644
--- a/lib/base/application-version.cpp
+++ b/lib/base/application-version.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/application.hpp"
 #include "icinga-version.h"
diff --git a/lib/base/application.cpp b/lib/base/application.cpp
index 374285404..4707f0d23 100644
--- a/lib/base/application.cpp
+++ b/lib/base/application.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/application.hpp"
 #include "base/application-ti.cpp"
@@ -44,10 +27,9 @@
 #endif /* __linux__ */
 #ifdef _WIN32
 #include <windows.h>
+#else /* _WIN32 */
+#include <signal.h>
 #endif /* _WIN32 */
-#ifdef HAVE_SYSTEMD
-#include <systemd/sd-daemon.h>
-#endif /* HAVE_SYSTEMD */
 
 using namespace icinga;
 
@@ -59,6 +41,11 @@ bool Application::m_ShuttingDown = false;
 bool Application::m_RequestRestart = false;
 bool Application::m_RequestReopenLogs = false;
 pid_t Application::m_ReloadProcess = 0;
+
+#ifndef _WIN32
+pid_t Application::m_UmbrellaProcess = 0;
+#endif /* _WIN32 */
+
 static bool l_Restarting = false;
 static bool l_InExceptionHandler = false;
 int Application::m_ArgC;
@@ -90,7 +77,9 @@ void Application::Stop(bool runtimeRemoved)
 	WSACleanup();
 #endif /* _WIN32 */
 
+#ifdef _WIN32
 	ClosePidFile(true);
+#endif /* _WIN32 */
 
 	ObjectImpl<Application>::Stop(runtimeRemoved);
 }
@@ -138,8 +127,11 @@ void Application::InitializeBase()
 
 	Loader::ExecuteDeferredInitializers();
 
-	/* make sure the thread pool gets initialized */
+	/* Make sure the thread pool gets initialized. */
 	GetTP().Start();
+
+	/* Make sure the timer thread gets initialized. */
+	Timer::Initialize();
 }
 
 void Application::UninitializeBase()
@@ -165,10 +157,10 @@ void Application::SetResourceLimits()
 	rlimit rl;
 
 #	ifdef RLIMIT_NOFILE
-	rlim_t fileLimit = GetRLimitFiles();
+	rlim_t fileLimit = Configuration::RLimitFiles;
 
 	if (fileLimit != 0) {
-		if (fileLimit < GetDefaultRLimitFiles()) {
+		if (fileLimit < (rlim_t)GetDefaultRLimitFiles()) {
 			Log(LogWarning, "Application")
 				<< "The user-specified value for RLimitFiles cannot be smaller than the default value (" << GetDefaultRLimitFiles() << "). Using the default value instead.";
 			fileLimit = GetDefaultRLimitFiles();
@@ -186,10 +178,10 @@ void Application::SetResourceLimits()
 	}
 
 #	ifdef RLIMIT_NPROC
-	rlim_t processLimit = GetRLimitProcesses();
+	rlim_t processLimit = Configuration::RLimitProcesses;
 
 	if (processLimit != 0) {
-		if (processLimit < GetDefaultRLimitProcesses()) {
+		if (processLimit < (rlim_t)GetDefaultRLimitProcesses()) {
 			Log(LogWarning, "Application")
 				<< "The user-specified value for RLimitProcesses cannot be smaller than the default value (" << GetDefaultRLimitProcesses() << "). Using the default value instead.";
 			processLimit = GetDefaultRLimitProcesses();
@@ -225,10 +217,10 @@ void Application::SetResourceLimits()
 
 	rlim_t stackLimit;
 
-	stackLimit = GetRLimitStack();
+	stackLimit = Configuration::RLimitStack;
 
 	if (stackLimit != 0) {
-		if (stackLimit < GetDefaultRLimitStack()) {
+		if (stackLimit < (rlim_t)GetDefaultRLimitStack()) {
 			Log(LogWarning, "Application")
 				<< "The user-specified value for RLimitStack cannot be smaller than the default value (" << GetDefaultRLimitStack() << "). Using the default value instead.";
 			stackLimit = GetDefaultRLimitStack();
@@ -300,65 +292,51 @@ void Application::SetArgV(char **argv)
  */
 void Application::RunEventLoop()
 {
-
-#ifdef HAVE_SYSTEMD
-	sd_notify(0, "READY=1");
-#endif /* HAVE_SYSTEMD */
-
 	double lastLoop = Utility::GetTime();
 
-mainloop:
-	while (!m_ShuttingDown && !m_RequestRestart) {
-		/* Watches for changes to the system time. Adjusts timers if necessary. */
-		Utility::Sleep(2.5);
+	while (!m_ShuttingDown) {
+		if (m_RequestRestart) {
+			m_RequestRestart = false;         // we are now handling the request, once is enough
 
-		if (m_RequestReopenLogs) {
-			Log(LogNotice, "Application", "Reopening log files");
-			m_RequestReopenLogs = false;
-			OnReopenLogs();
+#ifdef _WIN32
+			// are we already restarting? ignore request if we already are
+			if (!l_Restarting) {
+				l_Restarting = true;
+				m_ReloadProcess = StartReloadProcess();
+			}
+#else /* _WIN32 */
+			Log(LogNotice, "Application")
+				<< "Got reload command, forwarding to umbrella process (PID " << m_UmbrellaProcess << ")";
+
+			(void)kill(m_UmbrellaProcess, SIGHUP);
+#endif /* _WIN32 */
+		} else {
+			/* Watches for changes to the system time. Adjusts timers if necessary. */
+			Utility::Sleep(2.5);
+
+			if (m_RequestReopenLogs) {
+				Log(LogNotice, "Application", "Reopening log files");
+				m_RequestReopenLogs = false;
+				OnReopenLogs();
+			}
+
+			double now = Utility::GetTime();
+			double timeDiff = lastLoop - now;
+
+			if (std::fabs(timeDiff) > 15) {
+				/* We made a significant jump in time. */
+				Log(LogInformation, "Application")
+					<< "We jumped "
+					<< (timeDiff < 0 ? "forward" : "backward")
+					<< " in time: " << std::fabs(timeDiff) << " seconds";
+
+				Timer::AdjustTimers(-timeDiff);
+			}
+
+			lastLoop = now;
 		}
-
-		double now = Utility::GetTime();
-		double timeDiff = lastLoop - now;
-
-#ifdef HAVE_SYSTEMD
-		sd_notify(0, "WATCHDOG=1");
-#endif /* HAVE_SYSTEMD */
-
-		if (std::fabs(timeDiff) > 15) {
-			/* We made a significant jump in time. */
-			Log(LogInformation, "Application")
-				<< "We jumped "
-				<< (timeDiff < 0 ? "forward" : "backward")
-				<< " in time: " << std::fabs(timeDiff) << " seconds";
-
-			Timer::AdjustTimers(-timeDiff);
-		}
-
-		lastLoop = now;
 	}
 
-	if (m_RequestRestart) {
-		m_RequestRestart = false;         // we are now handling the request, once is enough
-
-#ifdef HAVE_SYSTEMD
-		sd_notify(0, "RELOADING=1");
-#endif /* HAVE_SYSTEMD */
-
-		// are we already restarting? ignore request if we already are
-		if (l_Restarting)
-			goto mainloop;
-
-		l_Restarting = true;
-		m_ReloadProcess = StartReloadProcess();
-
-		goto mainloop;
-	}
-
-#ifdef HAVE_SYSTEMD
-	sd_notify(0, "STOPPING=1");
-#endif /* HAVE_SYSTEMD */
-
 	Log(LogInformation, "Application", "Shutting down...");
 
 	ConfigObject::StopObjects();
@@ -372,6 +350,11 @@ bool Application::IsShuttingDown()
 	return m_ShuttingDown;
 }
 
+bool Application::IsRestarting()
+{
+	return l_Restarting;
+}
+
 void Application::OnShutdown()
 {
 	/* Nothing to do here. */
@@ -399,8 +382,6 @@ static void ReloadProcessCallback(const ProcessResult& pr)
 
 pid_t Application::StartReloadProcess()
 {
-	Log(LogInformation, "Application", "Got reload command: Starting new instance.");
-
 	// prepare arguments
 	ArrayData args;
 	args.push_back(GetExePath(m_ArgV[0]));
@@ -416,14 +397,20 @@ pid_t Application::StartReloadProcess()
 	args.push_back("--reload-internal");
 	args.push_back(Convert::ToString(Utility::GetPid()));
 #else /* _WIN32 */
-	args.push_back("--restart-service");
-	args.push_back("icinga2");
+	args.push_back("--validate");
 #endif /* _WIN32 */
 
+	double reloadTimeout = Application::GetReloadTimeout();
+
 	Process::Ptr process = new Process(Process::PrepareCommand(new Array(std::move(args))));
-	process->SetTimeout(300);
+	process->SetTimeout(reloadTimeout);
 	process->Run(&ReloadProcessCallback);
 
+	Log(LogInformation, "Application")
+		<< "Got reload command: Started new instance with PID '"
+		<< (unsigned long)(process->GetPID()) << "' (timeout is "
+		<< reloadTimeout << "s).";
+
 	return process->GetPID();
 }
 
@@ -456,6 +443,18 @@ void Application::RequestReopenLogs()
 	m_RequestReopenLogs = true;
 }
 
+#ifndef _WIN32
+/**
+ * Sets the PID of the Icinga umbrella process.
+ *
+ * @param pid The PID of the Icinga umbrella process.
+ */
+void Application::SetUmbrellaProcess(pid_t pid)
+{
+	m_UmbrellaProcess = pid;
+}
+#endif /* _WIN32 */
+
 /**
  * Retrieves the full path of the executable.
  *
@@ -490,8 +489,8 @@ String Application::GetExePath(const String& argv0)
 	}
 
 	if (!foundSlash) {
-		const char *pathEnv = getenv("PATH");
-		if (pathEnv) {
+		String pathEnv = Utility::GetFromEnvironment("PATH");
+		if (!pathEnv.IsEmpty()) {
 			std::vector<String> paths = String(pathEnv).Split(":");
 
 			bool foundPath = false;
@@ -537,34 +536,44 @@ String Application::GetExePath(const String& argv0)
  */
 void Application::DisplayInfoMessage(std::ostream& os, bool skipVersion)
 {
-	os << "Application information:" << "\n";
-
+	/* icinga-app prints its own version information, stack traces need it here. */
 	if (!skipVersion)
-		os << "  Application version: " << GetAppVersion() << "\n";
+		os << "  Application version: " << GetAppVersion() << "\n\n";
 
-	os << "  Installation root: " << GetPrefixDir() << "\n"
-		<< "  Sysconf directory: " << GetSysconfDir() << "\n"
-		<< "  Run directory: " << GetRunDir() << "\n"
-		<< "  Local state directory: " << GetLocalStateDir() << "\n"
-		<< "  Package data directory: " << GetPkgDataDir() << "\n"
-		<< "  State path: " << GetStatePath() << "\n"
-		<< "  Modified attributes path: " << GetModAttrPath() << "\n"
-		<< "  Objects path: " << GetObjectsPath() << "\n"
-		<< "  Vars path: " << GetVarsPath() << "\n"
-		<< "  PID path: " << GetPidPath() << "\n";
-
-	os << "\n"
-		<< "System information:" << "\n"
+	os << "System information:\n"
 		<< "  Platform: " << Utility::GetPlatformName() << "\n"
 		<< "  Platform version: " << Utility::GetPlatformVersion() << "\n"
 		<< "  Kernel: " << Utility::GetPlatformKernel() << "\n"
 		<< "  Kernel version: " << Utility::GetPlatformKernelVersion() << "\n"
 		<< "  Architecture: " << Utility::GetPlatformArchitecture() << "\n";
 
-	os << "\n"
-		<< "Build information:" << "\n"
-		<< "  Compiler: " << ScriptGlobal::Get("BuildCompilerName") << " " << ScriptGlobal::Get("BuildCompilerVersion") << "\n"
-		<< "  Build host: " << ScriptGlobal::Get("BuildHostName") << "\n";
+	Namespace::Ptr systemNS = ScriptGlobal::Get("System");
+
+	os << "\nBuild information:\n"
+		<< "  Compiler: " << systemNS->Get("BuildCompilerName") << " " << systemNS->Get("BuildCompilerVersion") << "\n"
+		<< "  Build host: " << systemNS->Get("BuildHostName") << "\n";
+
+	os << "\nApplication information:\n"
+		<< "\nGeneral paths:\n"
+		<< "  Config directory: " << Configuration::ConfigDir << "\n"
+		<< "  Data directory: " << Configuration::DataDir << "\n"
+		<< "  Log directory: " << Configuration::LogDir << "\n"
+		<< "  Cache directory: " << Configuration::CacheDir << "\n"
+		<< "  Spool directory: " << Configuration::SpoolDir << "\n"
+		<< "  Run directory: " << Configuration::InitRunDir << "\n"
+		<< "\nOld paths (deprecated):\n"
+		<< "  Installation root: " << Configuration::PrefixDir << "\n"
+		<< "  Sysconf directory: " << Configuration::SysconfDir << "\n"
+		<< "  Run directory (base): " << Configuration::RunDir << "\n"
+		<< "  Local state directory: " << Configuration::LocalStateDir << "\n"
+		<< "\nInternal paths:\n"
+		<< "  Package data directory: " << Configuration::PkgDataDir << "\n"
+		<< "  State path: " << Configuration::StatePath << "\n"
+		<< "  Modified attributes path: " << Configuration::ModAttrPath << "\n"
+		<< "  Objects path: " << Configuration::ObjectsPath << "\n"
+		<< "  Vars path: " << Configuration::VarsPath << "\n"
+		<< "  PID path: " << Configuration::PidPath << "\n";
+
 }
 
 /**
@@ -581,7 +590,7 @@ void Application::DisplayBugMessage(std::ostream& os)
 
 String Application::GetCrashReportFilename()
 {
-	return GetLocalStateDir() + "/log/icinga2/crash/report." + Convert::ToString(Utility::GetTime());
+	return Configuration::LogDir + "/crash/report." + Convert::ToString(Utility::GetTime());
 }
 
 
@@ -680,29 +689,6 @@ void Application::AttachDebugger(const String& filename, bool interactive)
 #endif /* _WIN32 */
 }
 
-#ifndef _WIN32
-/**
- * Signal handler for SIGINT and SIGTERM. Prepares the application for cleanly
- * shutting down during the next execution of the event loop.
- *
- * @param - The signal number.
- */
-void Application::SigIntTermHandler(int signum)
-{
-	struct sigaction sa;
-	memset(&sa, 0, sizeof(sa));
-	sa.sa_handler = SIG_DFL;
-	sigaction(signum, &sa, nullptr);
-
-	Application::Ptr instance = Application::GetInstance();
-
-	if (!instance)
-		return;
-
-	instance->RequestShutdown();
-}
-#endif /* _WIN32 */
-
 /**
  * Signal handler for SIGUSR1. This signal causes Icinga to re-open
  * its log files and is mainly for use by logrotate.
@@ -711,38 +697,12 @@ void Application::SigIntTermHandler(int signum)
  */
 void Application::SigUsr1Handler(int)
 {
+	Log(LogInformation, "Application")
+		<< "Received USR1 signal, reopening application logs.";
+
 	RequestReopenLogs();
 }
 
-/**
- * Signal handler for SIGUSR2. Hands over PID to child and commits suicide
- *
- * @param - The signal number.
- */
-void Application::SigUsr2Handler(int)
-{
-	Log(LogInformation, "Application", "Reload requested, letting new process take over.");
-#ifdef HAVE_SYSTEMD
-	sd_notifyf(0, "MAINPID=%lu", (unsigned long) m_ReloadProcess);
-#endif /* HAVE_SYSTEMD */
-
-	/* Write the PID of the new process to the pidfile before this
-	 * process exits to keep systemd happy.
-	 */
-	Application::Ptr instance = GetInstance();
-	try {
-		instance->UpdatePidFile(GetPidPath(), m_ReloadProcess);
-	} catch (const std::exception&) {
-		/* abort restart */
-		Log(LogCritical, "Application", "Cannot update PID file. Aborting restart operation.");
-		return;
-	}
-
-	instance->ClosePidFile(false);
-
-	Exit(0);
-}
-
 /**
  * Signal handler for SIGABRT. Helps with debugging ASSERT()s.
  *
@@ -774,7 +734,7 @@ void Application::SigAbrtHandler(int)
 		}
 	}
 
-	bool interactive_debugger = Convert::ToBool(ScriptGlobal::Get("AttachDebugger"));
+	bool interactive_debugger = Configuration::AttachDebugger;
 
 	if (!interactive_debugger) {
 		std::ofstream ofs;
@@ -884,7 +844,7 @@ void Application::ExceptionHandler()
 		}
 	}
 
-	bool interactive_debugger = Convert::ToBool(ScriptGlobal::Get("AttachDebugger"));
+	bool interactive_debugger = Configuration::AttachDebugger;
 
 	if (!interactive_debugger) {
 		std::ofstream ofs;
@@ -989,26 +949,21 @@ int Application::Run()
 #ifndef _WIN32
 	struct sigaction sa;
 	memset(&sa, 0, sizeof(sa));
-	sa.sa_handler = &Application::SigIntTermHandler;
-	sigaction(SIGINT, &sa, nullptr);
-	sigaction(SIGTERM, &sa, nullptr);
-
 	sa.sa_handler = &Application::SigUsr1Handler;
 	sigaction(SIGUSR1, &sa, nullptr);
-
-	sa.sa_handler = &Application::SigUsr2Handler;
-	sigaction(SIGUSR2, &sa, nullptr);
 #else /* _WIN32 */
 	SetConsoleCtrlHandler(&Application::CtrlHandler, TRUE);
 #endif /* _WIN32 */
 
+#ifdef _WIN32
 	try {
-		UpdatePidFile(GetPidPath());
+		UpdatePidFile(Configuration::PidPath);
 	} catch (const std::exception&) {
 		Log(LogCritical, "Application")
-			<< "Cannot update PID file '" << GetPidPath() << "'. Aborting.";
+			<< "Cannot update PID file '" << Configuration::PidPath << "'. Aborting.";
 		return EXIT_FAILURE;
 	}
+#endif /* _WIN32 */
 
 	SetMainTime(Utility::GetTime());
 
@@ -1088,7 +1043,7 @@ void Application::ClosePidFile(bool unlink)
 
 	if (m_PidFile) {
 		if (unlink) {
-			String pidpath = GetPidPath();
+			String pidpath = Configuration::PidPath;
 			::unlink(pidpath.CStr());
 		}
 
@@ -1156,463 +1111,24 @@ pid_t Application::ReadPidFile(const String& filename)
 	return runningpid;
 }
 
-
-/**
- * Retrieves the path of the installation prefix.
- *
- * @returns The path.
- */
-String Application::GetPrefixDir()
-{
-	return ScriptGlobal::Get("PrefixDir");
-}
-
-/**
- * Sets the path for the installation prefix.
- *
- * @param path The new path.
- */
-void Application::DeclarePrefixDir(const String& path)
-{
-	if (!ScriptGlobal::Exists("PrefixDir"))
-		ScriptGlobal::Set("PrefixDir", path);
-}
-
-/**
- * Retrives the path of the sysconf dir.
- *
- * @returns The path.
- */
-String Application::GetSysconfDir()
-{
-	return ScriptGlobal::Get("SysconfDir");
-}
-
-/**
- * Sets the path of the sysconf dir.
- *
- * @param path The new path.
- */
-void Application::DeclareSysconfDir(const String& path)
-{
-	if (!ScriptGlobal::Exists("SysconfDir"))
-		ScriptGlobal::Set("SysconfDir", path);
-}
-
-/**
- * Retrieves the path for the run dir.
- *
- * @returns The path.
- */
-String Application::GetRunDir()
-{
-	return ScriptGlobal::Get("RunDir");
-}
-
-/**
- * Sets the path of the run dir.
- *
- * @param path The new path.
- */
-void Application::DeclareRunDir(const String& path)
-{
-	if (!ScriptGlobal::Exists("RunDir"))
-		ScriptGlobal::Set("RunDir", path);
-}
-
-/**
- * Retrieves the path for the local state dir.
- *
- * @returns The path.
- */
-String Application::GetLocalStateDir()
-{
-	return ScriptGlobal::Get("LocalStateDir");
-}
-
-/**
- * Sets the path for the local state dir.
- *
- * @param path The new path.
- */
-void Application::DeclareLocalStateDir(const String& path)
-{
-	if (!ScriptGlobal::Exists("LocalStateDir"))
-		ScriptGlobal::Set("LocalStateDir", path);
-}
-
-/**
- * Retrieves the path for the local state dir.
- *
- * @returns The path.
- */
-String Application::GetZonesDir()
-{
-	return ScriptGlobal::Get("ZonesDir", &Empty);
-}
-
-/**
- * Sets the path of the zones dir.
- *
- * @param path The new path.
- */
-void Application::DeclareZonesDir(const String& path)
-{
-	if (!ScriptGlobal::Exists("ZonesDir"))
-		ScriptGlobal::Set("ZonesDir", path);
-}
-
-/**
- * Retrieves the path for the package data dir.
- *
- * @returns The path.
- */
-String Application::GetPkgDataDir()
-{
-	String defaultValue = "";
-	return ScriptGlobal::Get("PkgDataDir", &Empty);
-}
-
-/**
- * Sets the path for the package data dir.
- *
- * @param path The new path.
- */
-void Application::DeclarePkgDataDir(const String& path)
-{
-	if (!ScriptGlobal::Exists("PkgDataDir"))
-		ScriptGlobal::Set("PkgDataDir", path);
-}
-
-/**
- * Retrieves the path for the include conf dir.
- *
- * @returns The path.
- */
-String Application::GetIncludeConfDir()
-{
-	return ScriptGlobal::Get("IncludeConfDir", &Empty);
-}
-
-/**
- * Sets the path for the package data dir.
- *
- * @param path The new path.
- */
-void Application::DeclareIncludeConfDir(const String& path)
-{
-	if (!ScriptGlobal::Exists("IncludeConfDir"))
-		ScriptGlobal::Set("IncludeConfDir", path);
-}
-
-/**
- * Retrieves the path for the state file.
- *
- * @returns The path.
- */
-String Application::GetStatePath()
-{
-	return ScriptGlobal::Get("StatePath", &Empty);
-}
-
-/**
- * Sets the path for the state file.
- *
- * @param path The new path.
- */
-void Application::DeclareStatePath(const String& path)
-{
-	if (!ScriptGlobal::Exists("StatePath"))
-		ScriptGlobal::Set("StatePath", path);
-}
-
-/**
- * Retrives the path of the sysconfig file.
- *
- * @returns The path.
- */
-String Application::GetSysconfigFile(void)
-{
-	return ScriptGlobal::Get("SysconfigFile");
-}
-
-/**
- * Sets the path of the sysconfig file.
- *
- * @param path The new path.
- */
-void Application::DeclareSysconfigFile(const String& path)
-{
-	if (!ScriptGlobal::Exists("SysconfigFile"))
-		ScriptGlobal::Set("SysconfigFile", path);
-}
-
-/**
- * Retrieves the path for the modified attributes file.
- *
- * @returns The path.
- */
-String Application::GetModAttrPath()
-{
-	return ScriptGlobal::Get("ModAttrPath", &Empty);
-}
-
-/**
- * Sets the path for the modified attributes file.
- *
- * @param path The new path.
- */
-void Application::DeclareModAttrPath(const String& path)
-{
-	if (!ScriptGlobal::Exists("ModAttrPath"))
-		ScriptGlobal::Set("ModAttrPath", path);
-}
-
-/**
- * Retrieves the path for the objects file.
- *
- * @returns The path.
- */
-String Application::GetObjectsPath()
-{
-	return ScriptGlobal::Get("ObjectsPath", &Empty);
-}
-
-/**
- * Sets the path for the objects file.
- *
- * @param path The new path.
- */
-void Application::DeclareObjectsPath(const String& path)
-{
-	if (!ScriptGlobal::Exists("ObjectsPath"))
-		ScriptGlobal::Set("ObjectsPath", path);
-}
-
-/**
-* Retrieves the path for the vars file.
-*
-* @returns The path.
-*/
-String Application::GetVarsPath()
-{
-	return ScriptGlobal::Get("VarsPath", &Empty);
-}
-
-/**
-* Sets the path for the vars file.
-*
-* @param path The new path.
-*/
-void Application::DeclareVarsPath(const String& path)
-{
-	if (!ScriptGlobal::Exists("VarsPath"))
-		ScriptGlobal::Set("VarsPath", path);
-}
-
-/**
- * Retrieves the path for the PID file.
- *
- * @returns The path.
- */
-String Application::GetPidPath()
-{
-	return ScriptGlobal::Get("PidPath", &Empty);
-}
-
-/**
- * Sets the path for the PID file.
- *
- * @param path The new path.
- */
-void Application::DeclarePidPath(const String& path)
-{
-	if (!ScriptGlobal::Exists("PidPath"))
-		ScriptGlobal::Set("PidPath", path);
-}
-
-/**
- * Retrieves the name of the user.
- *
- * @returns The name.
- */
-String Application::GetRunAsUser()
-{
-	return ScriptGlobal::Get("RunAsUser");
-}
-
-/**
- * Sets the name of the user.
- *
- * @param path The new user name.
- */
-void Application::DeclareRunAsUser(const String& user)
-{
-	if (!ScriptGlobal::Exists("RunAsUser"))
-		ScriptGlobal::Set("RunAsUser", user);
-}
-
-/**
- * Retrieves the name of the group.
- *
- * @returns The name.
- */
-String Application::GetRunAsGroup()
-{
-	return ScriptGlobal::Get("RunAsGroup");
-}
-
-/**
- * Sets the name of the group.
- *
- * @param path The new group name.
- */
-void Application::DeclareRunAsGroup(const String& group)
-{
-	if (!ScriptGlobal::Exists("RunAsGroup"))
-		ScriptGlobal::Set("RunAsGroup", group);
-}
-
-/**
- * Retrieves the file rlimit.
- *
- * @returns The limit.
- */
-int Application::GetRLimitFiles()
-{
-	return ScriptGlobal::Get("RLimitFiles");
-}
-
 int Application::GetDefaultRLimitFiles()
 {
 	return 16 * 1024;
 }
 
-/**
- * Sets the file rlimit.
- *
- * @param path The new file rlimit.
- */
-void Application::DeclareRLimitFiles(int limit)
-{
-	if (!ScriptGlobal::Exists("RLimitFiles"))
-		ScriptGlobal::Set("RLimitFiles", limit);
-}
-
-/**
- * Retrieves the process rlimit.
- *
- * @returns The limit.
- */
-int Application::GetRLimitProcesses()
-{
-	return ScriptGlobal::Get("RLimitProcesses");
-}
-
 int Application::GetDefaultRLimitProcesses()
 {
 	return 16 * 1024;
 }
 
-/**
- * Sets the process rlimit.
- *
- * @param path The new process rlimit.
- */
-void Application::DeclareRLimitProcesses(int limit)
-{
-	if (!ScriptGlobal::Exists("RLimitProcesses"))
-		ScriptGlobal::Set("RLimitProcesses", limit);
-}
-
-/**
- * Retrieves the stack rlimit.
- *
- * @returns The limit.
- */
-int Application::GetRLimitStack()
-{
-	return ScriptGlobal::Get("RLimitStack");
-}
-
 int Application::GetDefaultRLimitStack()
 {
 	return 256 * 1024;
 }
 
-/**
- * Sets the stack rlimit.
- *
- * @param path The new stack rlimit.
- */
-void Application::DeclareRLimitStack(int limit)
+double Application::GetReloadTimeout()
 {
-	if (!ScriptGlobal::Exists("RLimitStack"))
-		ScriptGlobal::Set("RLimitStack", limit);
-}
-
-/**
- * Sets the concurrency level.
- *
- * @param path The new concurrency level.
- */
-void Application::DeclareConcurrency(int ncpus)
-{
-	if (!ScriptGlobal::Exists("Concurrency"))
-		ScriptGlobal::Set("Concurrency", ncpus);
-}
-
-/**
- * Retrieves the concurrency level.
- *
- * @returns The concurrency level.
- */
-int Application::GetConcurrency()
-{
-	Value defaultConcurrency = std::thread::hardware_concurrency();
-	return ScriptGlobal::Get("Concurrency", &defaultConcurrency);
-}
-
-/**
- * Sets the max concurrent checks.
- *
- * @param maxChecks The new limit.
- */
-void Application::SetMaxConcurrentChecks(int maxChecks)
-{
-	ScriptGlobal::Set("MaxConcurrentChecks", maxChecks);
-}
-
-/**
- * Sets the max concurrent checks.
- *
- * @param maxChecks The new limit.
- */
-void Application::DeclareMaxConcurrentChecks(int maxChecks)
-{
-	if (!ScriptGlobal::Exists("MaxConcurrentChecks"))
-		ScriptGlobal::Set("MaxConcurrentChecks", maxChecks);
-}
-
-/**
- * Retrieves the max concurrent checks.
- *
- * @returns The max number of concurrent checks.
- */
-int Application::GetMaxConcurrentChecks()
-{
-	Value defaultMaxConcurrentChecks = GetDefaultMaxConcurrentChecks();
-	return ScriptGlobal::Get("MaxConcurrentChecks", &defaultMaxConcurrentChecks);
-}
-
-/**
- * Retrieves the default value for max concurrent checks.
- *
- * @returns The default max number of concurrent checks.
- */
-int Application::GetDefaultMaxConcurrentChecks()
-{
-	return 512;
+	return ScriptGlobal::Get("ReloadTimeout");
 }
 
 /**
diff --git a/lib/base/application.hpp b/lib/base/application.hpp
index 03d83599b..a6b78ff09 100644
--- a/lib/base/application.hpp
+++ b/lib/base/application.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APPLICATION_H
 #define APPLICATION_H
@@ -23,6 +6,7 @@
 #include "base/i2-base.hpp"
 #include "base/application-ti.hpp"
 #include "base/logger.hpp"
+#include "base/configuration.hpp"
 #include <iosfwd>
 
 namespace icinga
@@ -73,7 +57,12 @@ public:
 	static void RequestRestart();
 	static void RequestReopenLogs();
 
+#ifndef _WIN32
+	static void SetUmbrellaProcess(pid_t pid);
+#endif /* _WIN32 */
+
 	static bool IsShuttingDown();
+	static bool IsRestarting();
 
 	static void SetDebuggingSeverity(LogSeverity severity);
 	static LogSeverity GetDebuggingSeverity();
@@ -85,80 +74,24 @@ public:
 
 	static String GetExePath(const String& argv0);
 
-	static String GetPrefixDir();
-	static void DeclarePrefixDir(const String& path);
-
-	static String GetSysconfDir();
-	static void DeclareSysconfDir(const String& path);
-
-	static String GetZonesDir();
-	static void DeclareZonesDir(const String& path);
-
-	static String GetRunDir();
-	static void DeclareRunDir(const String& path);
-
-	static String GetLocalStateDir();
-	static void DeclareLocalStateDir(const String& path);
-
-	static String GetPkgDataDir();
-	static void DeclarePkgDataDir(const String& path);
-
-	static String GetIncludeConfDir();
-	static void DeclareIncludeConfDir(const String& path);
-
-	static String GetSysconfigFile(void);
-	static void DeclareSysconfigFile(const String& path);
-
-	static String GetStatePath(void);
-	static void DeclareStatePath(const String& path);
-
-	static String GetModAttrPath();
-	static void DeclareModAttrPath(const String& path);
-
-	static String GetObjectsPath();
-	static void DeclareObjectsPath(const String& path);
-
-	static String GetVarsPath();
-	static void DeclareVarsPath(const String& path);
-
-	static String GetPidPath();
-	static void DeclarePidPath(const String& path);
-
-	static String GetRunAsUser();
-	static void DeclareRunAsUser(const String& user);
-
-	static String GetRunAsGroup();
-	static void DeclareRunAsGroup(const String& group);
-
 #ifdef _WIN32
 	static bool IsProcessElevated();
 #endif /* _WIN32 */
 
-	static int GetRLimitFiles();
 	static int GetDefaultRLimitFiles();
-	static void DeclareRLimitFiles(int limit);
-
-	static int GetRLimitProcesses();
 	static int GetDefaultRLimitProcesses();
-	static void DeclareRLimitProcesses(int limit);
-
-	static int GetRLimitStack();
 	static int GetDefaultRLimitStack();
-	static void DeclareRLimitStack(int limit);
 
-	static int GetConcurrency();
-	static void DeclareConcurrency(int ncpus);
-
-	static int GetMaxConcurrentChecks();
-	static int GetDefaultMaxConcurrentChecks();
-	static void DeclareMaxConcurrentChecks(int maxChecks);
-	static void SetMaxConcurrentChecks(int maxChecks);
+	static double GetReloadTimeout();
 
 	static ThreadPool& GetTP();
 
 	static String GetAppVersion();
 	static String GetAppSpecVersion();
 
+	static String GetAppEnvironment();
+	static void SetAppEnvironment(const String& name);
+
 	static double GetStartTime();
 	static void SetStartTime(double ts);
 
@@ -193,9 +126,13 @@ private:
 	static pid_t m_ReloadProcess; /**< The PID of a subprocess doing a reload, only valid when l_Restarting==true */
 	static bool m_RequestReopenLogs; /**< Whether we should re-open log files. */
 
+#ifndef _WIN32
+	static pid_t m_UmbrellaProcess; /**< The PID of the Icinga umbrella process */
+#endif /* _WIN32 */
+
 	static int m_ArgC; /**< The number of command-line arguments. */
 	static char **m_ArgV; /**< Command-line arguments. */
-	FILE *m_PidFile; /**< The PID file */
+	FILE *m_PidFile = nullptr; /**< The PID file */
 	static bool m_Debugging; /**< Whether debugging is enabled. */
 	static LogSeverity m_DebuggingSeverity; /**< Whether debugging severity is set. */
 	static double m_StartTime;
@@ -203,9 +140,7 @@ private:
 	static bool m_ScriptDebuggerEnabled;
 	static double m_LastReloadFailed;
 
-#ifndef _WIN32
-	static void SigIntTermHandler(int signum);
-#else /* _WIN32 */
+#ifdef _WIN32
 	static BOOL WINAPI CtrlHandler(DWORD type);
 	static LONG WINAPI SEHUnhandledExceptionFilter(PEXCEPTION_POINTERS exi);
 #endif /* _WIN32 */
@@ -214,7 +149,6 @@ private:
 
 	static void SigAbrtHandler(int signum);
 	static void SigUsr1Handler(int signum);
-	static void SigUsr2Handler(int signum);
 	static void ExceptionHandler();
 
 	static String GetCrashReportFilename();
diff --git a/lib/base/application.ti b/lib/base/application.ti
index a1dcd964f..3d5908a29 100644
--- a/lib/base/application.ti
+++ b/lib/base/application.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
diff --git a/lib/base/array-script.cpp b/lib/base/array-script.cpp
index c12585b1f..1c00f1106 100644
--- a/lib/base/array-script.cpp
+++ b/lib/base/array-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/array.hpp"
 #include "base/function.hpp"
@@ -124,22 +107,7 @@ static Value ArrayJoin(const Value& separator)
 	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
 	Array::Ptr self = static_cast<Array::Ptr>(vframe->Self);
 	REQUIRE_NOT_NULL(self);
-
-	Value result;
-	bool first = true;
-
-	ObjectLock olock(self);
-	for (const Value& item : self) {
-		if (first) {
-			first = false;
-		} else {
-			result = result + separator;
-		}
-
-		result = result + item;
-	}
-
-	return result;
+	return self->Join(separator);
 }
 
 static Array::Ptr ArrayReverse()
diff --git a/lib/base/array.cpp b/lib/base/array.cpp
index 30cf7eba3..08e06fad2 100644
--- a/lib/base/array.cpp
+++ b/lib/base/array.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/array.hpp"
 #include "base/objectlock.hpp"
@@ -62,13 +45,14 @@ Value Array::Get(SizeType index) const
  *
  * @param index The index.
  * @param value The value.
+ * @param overrideFrozen Whether to allow modifying frozen arrays.
  */
-void Array::Set(SizeType index, const Value& value)
+void Array::Set(SizeType index, const Value& value, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
+	if (m_Frozen && !overrideFrozen)
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Value in array must not be modified."));
 
 	m_Data.at(index) = value;
 }
@@ -78,12 +62,13 @@ void Array::Set(SizeType index, const Value& value)
  *
  * @param index The index.
  * @param value The value.
+ * @param overrideFrozen Whether to allow modifying frozen arrays.
  */
-void Array::Set(SizeType index, Value&& value)
+void Array::Set(SizeType index, Value&& value, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	m_Data.at(index).Swap(value);
@@ -93,12 +78,13 @@ void Array::Set(SizeType index, Value&& value)
  * Adds a value to the array.
  *
  * @param value The value.
+ * @param overrideFrozen Whether to allow modifying frozen arrays.
  */
-void Array::Add(Value value)
+void Array::Add(Value value, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	m_Data.push_back(std::move(value));
@@ -162,14 +148,15 @@ bool Array::Contains(const Value& value) const
  *
  * @param index The index
  * @param value The value to add
+ * @param overrideFrozen Whether to allow modifying frozen arrays.
  */
-void Array::Insert(SizeType index, Value value)
+void Array::Insert(SizeType index, Value value, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
 	ASSERT(index <= m_Data.size());
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	m_Data.insert(m_Data.begin() + index, std::move(value));
@@ -179,14 +166,18 @@ void Array::Insert(SizeType index, Value value)
  * Removes the specified index from the array.
  *
  * @param index The index.
+ * @param overrideFrozen Whether to allow modifying frozen arrays.
  */
-void Array::Remove(SizeType index)
+void Array::Remove(SizeType index, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
+	if (index >= m_Data.size())
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Index to remove must be within bounds."));
+
 	m_Data.erase(m_Data.begin() + index);
 }
 
@@ -194,42 +185,43 @@ void Array::Remove(SizeType index)
  * Removes the item specified by the iterator from the array.
  *
  * @param it The iterator.
+ * @param overrideFrozen Whether to allow modifying frozen arrays.
  */
-void Array::Remove(Array::Iterator it)
+void Array::Remove(Array::Iterator it, bool overrideFrozen)
 {
 	ASSERT(OwnsLock());
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	m_Data.erase(it);
 }
 
-void Array::Resize(SizeType newSize)
+void Array::Resize(SizeType newSize, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	m_Data.resize(newSize);
 }
 
-void Array::Clear()
+void Array::Clear(bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	m_Data.clear();
 }
 
-void Array::Reserve(SizeType newSize)
+void Array::Reserve(SizeType newSize, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	m_Data.reserve(newSize);
@@ -288,11 +280,11 @@ Array::Ptr Array::Reverse() const
 	return result;
 }
 
-void Array::Sort()
+void Array::Sort(bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Array must not be modified."));
 
 	std::sort(m_Data.begin(), m_Data.end());
@@ -305,6 +297,26 @@ String Array::ToString() const
 	return msgbuf.str();
 }
 
+Value Array::Join(const Value& separator) const
+{
+	Value result;
+	bool first = true;
+
+	ObjectLock olock(this);
+
+	for (const Value& item : m_Data) {
+		if (first) {
+			first = false;
+		} else {
+			result = result + separator;
+		}
+
+		result = result + item;
+	}
+
+	return result;
+}
+
 Array::Ptr Array::Unique() const
 {
 	std::set<Value> result;
@@ -342,7 +354,7 @@ Value Array::GetFieldByName(const String& field, bool sandboxed, const DebugInfo
 	return Get(index);
 }
 
-void Array::SetFieldByName(const String& field, const Value& value, const DebugInfo& debugInfo)
+void Array::SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo)
 {
 	ObjectLock olock(this);
 
@@ -352,9 +364,9 @@ void Array::SetFieldByName(const String& field, const Value& value, const DebugI
 		BOOST_THROW_EXCEPTION(ScriptError("Array index '" + Convert::ToString(index) + "' is out of bounds.", debugInfo));
 
 	if (static_cast<size_t>(index) >= GetLength())
-		Resize(index + 1);
+		Resize(index + 1, overrideFrozen);
 
-	Set(index, value);
+	Set(index, value, overrideFrozen);
 }
 
 Array::Iterator icinga::begin(const Array::Ptr& x)
diff --git a/lib/base/array.hpp b/lib/base/array.hpp
index 62bcf7e2e..2c9a9dda7 100644
--- a/lib/base/array.hpp
+++ b/lib/base/array.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ARRAY_H
 #define ARRAY_H
@@ -55,9 +38,9 @@ public:
 	Array(std::initializer_list<Value> init);
 
 	Value Get(SizeType index) const;
-	void Set(SizeType index, const Value& value);
-	void Set(SizeType index, Value&& value);
-	void Add(Value value);
+	void Set(SizeType index, const Value& value, bool overrideFrozen = false);
+	void Set(SizeType index, Value&& value, bool overrideFrozen = false);
+	void Add(Value value, bool overrideFrozen = false);
 
 	Iterator Begin();
 	Iterator End();
@@ -65,14 +48,14 @@ public:
 	size_t GetLength() const;
 	bool Contains(const Value& value) const;
 
-	void Insert(SizeType index, Value value);
-	void Remove(SizeType index);
-	void Remove(Iterator it);
+	void Insert(SizeType index, Value value, bool overrideFrozen = false);
+	void Remove(SizeType index, bool overrideFrozen = false);
+	void Remove(Iterator it, bool overrideFrozen = false);
 
-	void Resize(SizeType newSize);
-	void Clear();
+	void Resize(SizeType newSize, bool overrideFrozen = false);
+	void Clear(bool overrideFrozen = false);
 
-	void Reserve(SizeType newSize);
+	void Reserve(SizeType newSize, bool overrideFrozen = false);
 
 	void CopyTo(const Array::Ptr& dest) const;
 	Array::Ptr ShallowClone() const;
@@ -108,15 +91,16 @@ public:
 
 	Array::Ptr Reverse() const;
 
-	void Sort();
+	void Sort(bool overrideFrozen = false);
 
 	String ToString() const override;
+	Value Join(const Value& separator) const;
 
 	Array::Ptr Unique() const;
 	void Freeze();
 
 	Value GetFieldByName(const String& field, bool sandboxed, const DebugInfo& debugInfo) const override;
-	void SetFieldByName(const String& field, const Value& value, const DebugInfo& debugInfo) override;
+	void SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) override;
 
 private:
 	std::vector<Value> m_Data; /**< The data for the array. */
diff --git a/lib/base/atomic.hpp b/lib/base/atomic.hpp
new file mode 100644
index 000000000..0ebcddefb
--- /dev/null
+++ b/lib/base/atomic.hpp
@@ -0,0 +1,43 @@
+/* Icinga 2 | (c) 2019 Icinga GmbH | GPLv2+ */
+
+#ifndef ATOMIC_H
+#define ATOMIC_H
+
+#include <atomic>
+
+namespace icinga
+{
+
+/**
+ * Extends std::atomic with an atomic constructor.
+ *
+ * @ingroup base
+ */
+template<class T>
+class Atomic : public std::atomic<T> {
+public:
+	/**
+	 * Like std::atomic#atomic, but operates atomically
+	 *
+	 * @param desired Initial value
+	 */
+	inline Atomic(T desired)
+	{
+		this->store(desired);
+	}
+
+	/**
+	 * Like std::atomic#atomic, but operates atomically
+	 *
+	 * @param desired Initial value
+	 * @param order Initial store operation's memory order
+	 */
+	inline Atomic(T desired, std::memory_order order)
+	{
+		this->store(desired, order);
+	}
+};
+
+}
+
+#endif /* ATOMIC_H */
diff --git a/lib/base/base64.cpp b/lib/base/base64.cpp
index 368dca878..42999c39b 100644
--- a/lib/base/base64.cpp
+++ b/lib/base/base64.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/base64.hpp"
 #include <openssl/bio.h>
diff --git a/lib/base/base64.hpp b/lib/base/base64.hpp
index 1cea938ca..8abbdbf36 100644
--- a/lib/base/base64.hpp
+++ b/lib/base/base64.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef BASE64_H
 #define BASE64_H
diff --git a/lib/base/boolean-script.cpp b/lib/base/boolean-script.cpp
index 1116cc250..a9167ca87 100644
--- a/lib/base/boolean-script.cpp
+++ b/lib/base/boolean-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/boolean.hpp"
 #include "base/convert.hpp"
diff --git a/lib/base/boolean.cpp b/lib/base/boolean.cpp
index 72305e1de..683a7271d 100644
--- a/lib/base/boolean.cpp
+++ b/lib/base/boolean.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/boolean.hpp"
 #include "base/primitivetype.hpp"
diff --git a/lib/base/boolean.hpp b/lib/base/boolean.hpp
index 3175e9beb..6533cb418 100644
--- a/lib/base/boolean.hpp
+++ b/lib/base/boolean.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef BOOLEAN_H
 #define BOOLEAN_H
diff --git a/lib/base/configobject-script.cpp b/lib/base/configobject-script.cpp
index 9f615eca7..46a9ca27c 100644
--- a/lib/base/configobject-script.cpp
+++ b/lib/base/configobject-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/dictionary.hpp"
diff --git a/lib/base/configobject.cpp b/lib/base/configobject.cpp
index 6aedfaca6..8d3e07656 100644
--- a/lib/base/configobject.cpp
+++ b/lib/base/configobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/configobject-ti.cpp"
@@ -374,7 +357,7 @@ void ConfigObject::PreActivate()
 	SetActive(true, true);
 }
 
-void ConfigObject::Activate(bool runtimeCreated)
+void ConfigObject::Activate(bool runtimeCreated, const Value& cookie)
 {
 	CONTEXT("Activating object '" + GetName() + "' of type '" + GetReflectionType()->GetName() + "'");
 
@@ -389,7 +372,7 @@ void ConfigObject::Activate(bool runtimeCreated)
 			SetAuthority(true);
 	}
 
-	NotifyActive();
+	NotifyActive(cookie);
 }
 
 void ConfigObject::Stop(bool runtimeRemoved)
@@ -401,7 +384,7 @@ void ConfigObject::Stop(bool runtimeRemoved)
 	SetStopCalled(true);
 }
 
-void ConfigObject::Deactivate(bool runtimeRemoved)
+void ConfigObject::Deactivate(bool runtimeRemoved, const Value& cookie)
 {
 	CONTEXT("Deactivating object '" + GetName() + "' of type '" + GetReflectionType()->GetName() + "'");
 
@@ -420,7 +403,7 @@ void ConfigObject::Deactivate(bool runtimeRemoved)
 
 	ASSERT(GetStopCalled());
 
-	NotifyActive();
+	NotifyActive(cookie);
 }
 
 void ConfigObject::OnConfigLoaded()
@@ -522,16 +505,7 @@ void ConfigObject::DumpObjects(const String& filename, int attributeTypes)
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(filename.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFilename.CStr(), filename.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempFilename));
-	}
+	Utility::RenameFile(tempFilename, filename);
 }
 
 void ConfigObject::RestoreObject(const String& message, int attributeTypes)
@@ -571,7 +545,7 @@ void ConfigObject::RestoreObjects(const String& filename, int attributeTypes)
 
 	unsigned long restored = 0;
 
-	WorkQueue upq(25000, Application::GetConcurrency());
+	WorkQueue upq(25000, Configuration::Concurrency);
 	upq.SetName("ConfigObject::RestoreObjects");
 
 	String message;
@@ -617,13 +591,25 @@ void ConfigObject::RestoreObjects(const String& filename, int attributeTypes)
 
 void ConfigObject::StopObjects()
 {
-	for (const Type::Ptr& type : Type::GetAllTypes()) {
+	std::vector<Type::Ptr> types = Type::GetAllTypes();
+
+	std::sort(types.begin(), types.end(), [](const Type::Ptr& a, const Type::Ptr& b) {
+		if (a->GetActivationPriority() > b->GetActivationPriority())
+			return true;
+		return false;
+	});
+
+	for (const Type::Ptr& type : types) {
 		auto *dtype = dynamic_cast<ConfigType *>(type.get());
 
 		if (!dtype)
 			continue;
 
 		for (const ConfigObject::Ptr& object : dtype->GetObjects()) {
+#ifdef I2_DEBUG
+			Log(LogDebug, "ConfigObject")
+				<< "Deactivate() called for config object '" << object->GetName() << "' with type '" << type->GetName() << "'.";
+#endif /* I2_DEBUG */
 			object->Deactivate();
 		}
 	}
diff --git a/lib/base/configobject.hpp b/lib/base/configobject.hpp
index 9afadac90..559636370 100644
--- a/lib/base/configobject.hpp
+++ b/lib/base/configobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGOBJECT_H
 #define CONFIGOBJECT_H
@@ -61,8 +44,8 @@ public:
 	void Unregister();
 
 	void PreActivate();
-	void Activate(bool runtimeCreated = false);
-	void Deactivate(bool runtimeRemoved = false);
+	void Activate(bool runtimeCreated = false, const Value& cookie = Empty);
+	void Deactivate(bool runtimeRemoved = false, const Value& cookie = Empty);
 	void SetAuthority(bool authority);
 
 	void Start(bool runtimeCreated = false) override;
diff --git a/lib/base/configobject.ti b/lib/base/configobject.ti
index 7a010b1ab..fcfcb0223 100644
--- a/lib/base/configobject.ti
+++ b/lib/base/configobject.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/debuginfo.hpp"
 #include "base/configtype.hpp"
diff --git a/lib/base/configtype.cpp b/lib/base/configtype.cpp
index 0c3aa68ed..50a53d547 100644
--- a/lib/base/configtype.cpp
+++ b/lib/base/configtype.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/convert.hpp"
diff --git a/lib/base/configtype.hpp b/lib/base/configtype.hpp
index 739bb0111..2244cc5fa 100644
--- a/lib/base/configtype.hpp
+++ b/lib/base/configtype.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGTYPE_H
 #define CONFIGTYPE_H
diff --git a/lib/base/configuration.cpp b/lib/base/configuration.cpp
new file mode 100644
index 000000000..d163937e2
--- /dev/null
+++ b/lib/base/configuration.cpp
@@ -0,0 +1,364 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/configuration.hpp"
+#include "base/configuration-ti.cpp"
+#include "base/exception.hpp"
+
+using namespace icinga;
+
+REGISTER_TYPE(Configuration);
+
+String Configuration::ApiBindHost;
+String Configuration::ApiBindPort{"5665"};
+bool Configuration::AttachDebugger{false};
+String Configuration::CacheDir;
+int Configuration::Concurrency{static_cast<int>(std::thread::hardware_concurrency())};
+String Configuration::ConfigDir;
+String Configuration::DataDir;
+String Configuration::EventEngine;
+String Configuration::IncludeConfDir;
+String Configuration::InitRunDir;
+String Configuration::LogDir;
+String Configuration::ModAttrPath;
+String Configuration::ObjectsPath;
+String Configuration::PidPath;
+String Configuration::PkgDataDir;
+String Configuration::PrefixDir;
+String Configuration::ProgramData;
+int Configuration::RLimitFiles;
+int Configuration::RLimitProcesses;
+int Configuration::RLimitStack;
+String Configuration::RunAsGroup;
+String Configuration::RunAsUser;
+String Configuration::SpoolDir;
+String Configuration::StatePath;
+double Configuration::TlsHandshakeTimeout{10};
+String Configuration::VarsPath;
+String Configuration::ZonesDir;
+
+/* deprecated */
+String Configuration::LocalStateDir;
+String Configuration::RunDir;
+String Configuration::SysconfDir;
+
+/* internal */
+bool Configuration::m_ReadOnly{false};
+
+template<typename T>
+void HandleUserWrite(const String& name, T *target, const T& value, bool readOnly)
+{
+	if (readOnly)
+		BOOST_THROW_EXCEPTION(ScriptError("Configuration attribute '" + name + "' is read-only."));
+
+	*target = value;
+}
+
+String Configuration::GetApiBindHost() const
+{
+	return Configuration::ApiBindHost;
+}
+
+void Configuration::SetApiBindHost(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("ApiBindHost", &Configuration::ApiBindHost, val, m_ReadOnly);
+}
+
+String Configuration::GetApiBindPort() const
+{
+	return Configuration::ApiBindPort;
+}
+
+void Configuration::SetApiBindPort(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("ApiBindPort", &Configuration::ApiBindPort, val, m_ReadOnly);
+}
+
+bool Configuration::GetAttachDebugger() const
+{
+	return Configuration::AttachDebugger;
+}
+
+void Configuration::SetAttachDebugger(bool val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("AttachDebugger", &Configuration::AttachDebugger, val, m_ReadOnly);
+}
+
+String Configuration::GetCacheDir() const
+{
+	return Configuration::CacheDir;
+}
+
+void Configuration::SetCacheDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("CacheDir", &Configuration::CacheDir, val, m_ReadOnly);
+}
+
+int Configuration::GetConcurrency() const
+{
+	return Configuration::Concurrency;
+}
+
+void Configuration::SetConcurrency(int val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("Concurrency", &Configuration::Concurrency, val, m_ReadOnly);
+}
+
+String Configuration::GetConfigDir() const
+{
+	return Configuration::ConfigDir;
+}
+
+void Configuration::SetConfigDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("ConfigDir", &Configuration::ConfigDir, val, m_ReadOnly);
+}
+
+String Configuration::GetDataDir() const
+{
+	return Configuration::DataDir;
+}
+
+void Configuration::SetDataDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("DataDir", &Configuration::DataDir, val, m_ReadOnly);
+}
+
+String Configuration::GetEventEngine() const
+{
+	return Configuration::EventEngine;
+}
+
+void Configuration::SetEventEngine(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("EventEngine", &Configuration::EventEngine, val, m_ReadOnly);
+}
+
+String Configuration::GetIncludeConfDir() const
+{
+	return Configuration::IncludeConfDir;
+}
+
+void Configuration::SetIncludeConfDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("IncludeConfDir", &Configuration::IncludeConfDir, val, m_ReadOnly);
+}
+
+String Configuration::GetInitRunDir() const
+{
+	return Configuration::InitRunDir;
+}
+
+void Configuration::SetInitRunDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("InitRunDir", &Configuration::InitRunDir, val, m_ReadOnly);
+}
+
+String Configuration::GetLogDir() const
+{
+	return Configuration::LogDir;
+}
+
+void Configuration::SetLogDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("LogDir", &Configuration::LogDir, val, m_ReadOnly);
+}
+
+String Configuration::GetModAttrPath() const
+{
+	return Configuration::ModAttrPath;
+}
+
+void Configuration::SetModAttrPath(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("ModAttrPath", &Configuration::ModAttrPath, val, m_ReadOnly);
+}
+
+String Configuration::GetObjectsPath() const
+{
+	return Configuration::ObjectsPath;
+}
+
+void Configuration::SetObjectsPath(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("ObjectsPath", &Configuration::ObjectsPath, val, m_ReadOnly);
+}
+
+String Configuration::GetPidPath() const
+{
+	return Configuration::PidPath;
+}
+
+void Configuration::SetPidPath(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("PidPath", &Configuration::PidPath, val, m_ReadOnly);
+}
+
+String Configuration::GetPkgDataDir() const
+{
+	return Configuration::PkgDataDir;
+}
+
+void Configuration::SetPkgDataDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("PkgDataDir", &Configuration::PkgDataDir, val, m_ReadOnly);
+}
+
+String Configuration::GetPrefixDir() const
+{
+	return Configuration::PrefixDir;
+}
+
+void Configuration::SetPrefixDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("PrefixDir", &Configuration::PrefixDir, val, m_ReadOnly);
+}
+
+String Configuration::GetProgramData() const
+{
+	return Configuration::ProgramData;
+}
+
+void Configuration::SetProgramData(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("ProgramData", &Configuration::ProgramData, val, m_ReadOnly);
+}
+
+int Configuration::GetRLimitFiles() const
+{
+	return Configuration::RLimitFiles;
+}
+
+void Configuration::SetRLimitFiles(int val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("RLimitFiles", &Configuration::RLimitFiles, val, m_ReadOnly);
+}
+
+int Configuration::GetRLimitProcesses() const
+{
+	return RLimitProcesses;
+}
+
+void Configuration::SetRLimitProcesses(int val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("RLimitProcesses", &Configuration::RLimitProcesses, val, m_ReadOnly);
+}
+
+int Configuration::GetRLimitStack() const
+{
+	return Configuration::RLimitStack;
+}
+
+void Configuration::SetRLimitStack(int val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("RLimitStack", &Configuration::RLimitStack, val, m_ReadOnly);
+}
+
+String Configuration::GetRunAsGroup() const
+{
+	return Configuration::RunAsGroup;
+}
+
+void Configuration::SetRunAsGroup(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("RunAsGroup", &Configuration::RunAsGroup, val, m_ReadOnly);
+}
+
+String Configuration::GetRunAsUser() const
+{
+	return Configuration::RunAsUser;
+}
+
+void Configuration::SetRunAsUser(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("RunAsUser", &Configuration::RunAsUser, val, m_ReadOnly);
+}
+
+String Configuration::GetSpoolDir() const
+{
+	return Configuration::SpoolDir;
+}
+
+void Configuration::SetSpoolDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("SpoolDir", &Configuration::SpoolDir, val, m_ReadOnly);
+}
+
+String Configuration::GetStatePath() const
+{
+	return Configuration::StatePath;
+}
+
+void Configuration::SetStatePath(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("StatePath", &Configuration::StatePath, val, m_ReadOnly);
+}
+
+double Configuration::GetTlsHandshakeTimeout() const
+{
+	return Configuration::TlsHandshakeTimeout;
+}
+
+void Configuration::SetTlsHandshakeTimeout(double val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("TlsHandshakeTimeout", &Configuration::TlsHandshakeTimeout, val, m_ReadOnly);
+}
+
+String Configuration::GetVarsPath() const
+{
+	return Configuration::VarsPath;
+}
+
+void Configuration::SetVarsPath(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("VarsPath", &Configuration::VarsPath, val, m_ReadOnly);
+}
+
+String Configuration::GetZonesDir() const
+{
+	return Configuration::ZonesDir;
+}
+
+void Configuration::SetZonesDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("ZonesDir", &Configuration::ZonesDir, val, m_ReadOnly);
+}
+
+String Configuration::GetLocalStateDir() const
+{
+	return Configuration::LocalStateDir;
+}
+
+void Configuration::SetLocalStateDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("LocalStateDir", &Configuration::LocalStateDir, val, m_ReadOnly);
+}
+
+String Configuration::GetSysconfDir() const
+{
+	return Configuration::SysconfDir;
+}
+
+void Configuration::SetSysconfDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("SysconfDir", &Configuration::SysconfDir, val, m_ReadOnly);
+}
+
+String Configuration::GetRunDir() const
+{
+	return Configuration::RunDir;
+}
+
+void Configuration::SetRunDir(const String& val, bool suppress_events, const Value& cookie)
+{
+	HandleUserWrite("RunDir", &Configuration::RunDir, val, m_ReadOnly);
+}
+
+bool Configuration::GetReadOnly()
+{
+	return m_ReadOnly;
+}
+
+void Configuration::SetReadOnly(bool readOnly)
+{
+	m_ReadOnly = readOnly;
+}
diff --git a/lib/base/configuration.hpp b/lib/base/configuration.hpp
new file mode 100644
index 000000000..560906596
--- /dev/null
+++ b/lib/base/configuration.hpp
@@ -0,0 +1,156 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef CONFIGURATION_H
+#define CONFIGURATION_H
+
+#include "base/i2-base.hpp"
+#include "base/configuration-ti.hpp"
+
+namespace icinga
+{
+
+/**
+ * Global configuration.
+ *
+ * @ingroup base
+ */
+class Configuration : public ObjectImpl<Configuration>
+{
+public:
+	DECLARE_OBJECT(Configuration);
+
+	String GetApiBindHost() const override;
+	void SetApiBindHost(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetApiBindPort() const override;
+	void SetApiBindPort(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	bool GetAttachDebugger() const override;
+	void SetAttachDebugger(bool value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetCacheDir() const override;
+	void SetCacheDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	int GetConcurrency() const override;
+	void SetConcurrency(int value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetConfigDir() const override;
+	void SetConfigDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetDataDir() const override;
+	void SetDataDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetEventEngine() const override;
+	void SetEventEngine(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetIncludeConfDir() const override;
+	void SetIncludeConfDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetInitRunDir() const override;
+	void SetInitRunDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetLogDir() const override;
+	void SetLogDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetModAttrPath() const override;
+	void SetModAttrPath(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetObjectsPath() const override;
+	void SetObjectsPath(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetPidPath() const override;
+	void SetPidPath(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetPkgDataDir() const override;
+	void SetPkgDataDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetPrefixDir() const override;
+	void SetPrefixDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetProgramData() const override;
+	void SetProgramData(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	int GetRLimitFiles() const override;
+	void SetRLimitFiles(int value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	int GetRLimitProcesses() const override;
+	void SetRLimitProcesses(int value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	int GetRLimitStack() const override;
+	void SetRLimitStack(int value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetRunAsGroup() const override;
+	void SetRunAsGroup(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetRunAsUser() const override;
+	void SetRunAsUser(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetSpoolDir() const override;
+	void SetSpoolDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetStatePath() const override;
+	void SetStatePath(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	double GetTlsHandshakeTimeout() const override;
+	void SetTlsHandshakeTimeout(double value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetVarsPath() const override;
+	void SetVarsPath(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetZonesDir() const override;
+	void SetZonesDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	/* deprecated */
+	String GetLocalStateDir() const override;
+	void SetLocalStateDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetSysconfDir() const override;
+	void SetSysconfDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	String GetRunDir() const override;
+	void SetRunDir(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
+	static bool GetReadOnly();
+	static void SetReadOnly(bool readOnly);
+
+	static String ApiBindHost;
+	static String ApiBindPort;
+	static bool AttachDebugger;
+	static String CacheDir;
+	static int Concurrency;
+	static String ConfigDir;
+	static String DataDir;
+	static String EventEngine;
+	static String IncludeConfDir;
+	static String InitRunDir;
+	static String LogDir;
+	static String ModAttrPath;
+	static String ObjectsPath;
+	static String PidPath;
+	static String PkgDataDir;
+	static String PrefixDir;
+	static String ProgramData;
+	static int RLimitFiles;
+	static int RLimitProcesses;
+	static int RLimitStack;
+	static String RunAsGroup;
+	static String RunAsUser;
+	static String SpoolDir;
+	static String StatePath;
+	static double TlsHandshakeTimeout;
+	static String VarsPath;
+	static String ZonesDir;
+
+	/* deprecated */
+	static String LocalStateDir;
+	static String RunDir;
+	static String SysconfDir;
+
+private:
+	static bool m_ReadOnly;
+
+};
+
+}
+
+#endif /* CONFIGURATION_H */
diff --git a/lib/base/configuration.ti b/lib/base/configuration.ti
new file mode 100644
index 000000000..72fa92dcf
--- /dev/null
+++ b/lib/base/configuration.ti
@@ -0,0 +1,164 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/configobject.hpp"
+
+library base;
+
+namespace icinga
+{
+
+abstract class Configuration
+{
+	[config, no_storage, virtual] String ApiBindHost {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String ApiBindPort {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] bool AttachDebugger {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String CacheDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] int Concurrency {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String ConfigDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String DataDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String EventEngine {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String IncludeConfDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String InitRunDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String LogDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String ModAttrPath {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String ObjectsPath {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String PidPath {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String PkgDataDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String PrefixDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String ProgramData {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] int RLimitFiles {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] int RLimitProcesses {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] int RLimitStack {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String RunAsGroup {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String RunAsUser {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String SpoolDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String StatePath {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] double TlsHandshakeTimeout {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String VarsPath {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String ZonesDir {
+		get;
+		set;
+	};
+
+	/* deprecated */
+	[config, no_storage, virtual] String LocalStateDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String RunDir {
+		get;
+		set;
+	};
+
+	[config, no_storage, virtual] String SysconfDir {
+		get;
+		set;
+	};
+};
+
+}
diff --git a/lib/base/configwriter.cpp b/lib/base/configwriter.cpp
index 58851c2cf..cef3f7eb8 100644
--- a/lib/base/configwriter.cpp
+++ b/lib/base/configwriter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configwriter.hpp"
 #include "base/exception.hpp"
@@ -239,7 +222,8 @@ const std::vector<String>& ConfigWriter::GetKeywords()
 		keywords.emplace_back("globals");
 		keywords.emplace_back("locals");
 		keywords.emplace_back("use");
-		keywords.emplace_back("__using");
+		keywords.emplace_back("using");
+		keywords.emplace_back("namespace");
 		keywords.emplace_back("default");
 		keywords.emplace_back("ignore_on_error");
 		keywords.emplace_back("current_filename");
diff --git a/lib/base/configwriter.hpp b/lib/base/configwriter.hpp
index 1e3fc7759..a0c70f76f 100644
--- a/lib/base/configwriter.hpp
+++ b/lib/base/configwriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGWRITER_H
 #define CONFIGWRITER_H
diff --git a/lib/base/console.cpp b/lib/base/console.cpp
index d1b1b7d86..99a5fad3d 100644
--- a/lib/base/console.cpp
+++ b/lib/base/console.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/console.hpp"
 #include "base/initialize.hpp"
diff --git a/lib/base/console.hpp b/lib/base/console.hpp
index 63bcfe417..f5b8c9a3e 100644
--- a/lib/base/console.hpp
+++ b/lib/base/console.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONSOLE_H
 #define CONSOLE_H
diff --git a/lib/base/context.cpp b/lib/base/context.cpp
index a654d9909..2cac7a8db 100644
--- a/lib/base/context.cpp
+++ b/lib/base/context.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/context.hpp"
 #include <boost/thread/tss.hpp>
diff --git a/lib/base/context.hpp b/lib/base/context.hpp
index 5b53515b8..0e4b92a78 100644
--- a/lib/base/context.hpp
+++ b/lib/base/context.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONTEXT_H
 #define CONTEXT_H
diff --git a/lib/base/convert.cpp b/lib/base/convert.cpp
index 054ff591d..3c60e1b44 100644
--- a/lib/base/convert.cpp
+++ b/lib/base/convert.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/convert.hpp"
 #include "base/datetime.hpp"
diff --git a/lib/base/convert.hpp b/lib/base/convert.hpp
index 84c66da5b..e0754b36d 100644
--- a/lib/base/convert.hpp
+++ b/lib/base/convert.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONVERT_H
 #define CONVERT_H
@@ -64,6 +47,11 @@ public:
 		return val;
 	}
 
+	static long ToLong(double val)
+	{
+		return static_cast<long>(val);
+	}
+
 	static double ToDouble(const Value& val)
 	{
 		return val;
diff --git a/lib/base/datetime-script.cpp b/lib/base/datetime-script.cpp
index c26177af1..6c1838153 100644
--- a/lib/base/datetime-script.cpp
+++ b/lib/base/datetime-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/datetime.hpp"
 #include "base/function.hpp"
diff --git a/lib/base/datetime.cpp b/lib/base/datetime.cpp
index 808312269..aa7b5e59e 100644
--- a/lib/base/datetime.cpp
+++ b/lib/base/datetime.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/datetime.hpp"
 #include "base/datetime-ti.cpp"
diff --git a/lib/base/datetime.hpp b/lib/base/datetime.hpp
index 54821b3a7..e7b8a1fdd 100644
--- a/lib/base/datetime.hpp
+++ b/lib/base/datetime.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DATETIME_H
 #define DATETIME_H
diff --git a/lib/base/datetime.ti b/lib/base/datetime.ti
index d2e7351e0..b9d737506 100644
--- a/lib/base/datetime.ti
+++ b/lib/base/datetime.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 library base;
 
diff --git a/lib/base/debug.hpp b/lib/base/debug.hpp
index d8ac052c8..54b424c6d 100644
--- a/lib/base/debug.hpp
+++ b/lib/base/debug.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DEBUG_H
 #define DEBUG_H
diff --git a/lib/base/debuginfo.cpp b/lib/base/debuginfo.cpp
index 3071e20c9..99006aca5 100644
--- a/lib/base/debuginfo.cpp
+++ b/lib/base/debuginfo.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/debuginfo.hpp"
 #include "base/convert.hpp"
diff --git a/lib/base/debuginfo.hpp b/lib/base/debuginfo.hpp
index 836069e47..d47db91c1 100644
--- a/lib/base/debuginfo.hpp
+++ b/lib/base/debuginfo.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DEBUGINFO_H
 #define DEBUGINFO_H
diff --git a/lib/base/defer.hpp b/lib/base/defer.hpp
new file mode 100644
index 000000000..9290c92b9
--- /dev/null
+++ b/lib/base/defer.hpp
@@ -0,0 +1,46 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef DEFER
+#define DEFER
+
+#include <functional>
+#include <utility>
+
+namespace icinga
+{
+
+/**
+ * An action to be executed at end of scope.
+ *
+ * @ingroup base
+ */
+class Defer
+{
+public:
+	inline
+	Defer(std::function<void()> func) : m_Func(std::move(func))
+	{
+	}
+
+	Defer(const Defer&) = delete;
+	Defer(Defer&&) = delete;
+	Defer& operator=(const Defer&) = delete;
+	Defer& operator=(Defer&&) = delete;
+
+	inline
+	~Defer()
+	{
+		try {
+			m_Func();
+		} catch (...) {
+			// https://stackoverflow.com/questions/130117/throwing-exceptions-out-of-a-destructor
+		}
+	}
+
+private:
+	std::function<void()> m_Func;
+};
+
+}
+
+#endif /* DEFER */
diff --git a/lib/base/dependencygraph.cpp b/lib/base/dependencygraph.cpp
index 8fccef5f3..63763af95 100644
--- a/lib/base/dependencygraph.cpp
+++ b/lib/base/dependencygraph.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/dependencygraph.hpp"
 
diff --git a/lib/base/dependencygraph.hpp b/lib/base/dependencygraph.hpp
index 39f50a6ae..426607488 100644
--- a/lib/base/dependencygraph.hpp
+++ b/lib/base/dependencygraph.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DEPENDENCYGRAPH_H
 #define DEPENDENCYGRAPH_H
diff --git a/lib/base/dictionary-script.cpp b/lib/base/dictionary-script.cpp
index d188119e5..ad19c5b52 100644
--- a/lib/base/dictionary-script.cpp
+++ b/lib/base/dictionary-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/dictionary.hpp"
 #include "base/function.hpp"
@@ -57,6 +40,14 @@ static void DictionaryRemove(const String& key)
 	self->Remove(key);
 }
 
+static void DictionaryClear()
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Dictionary::Ptr self = static_cast<Dictionary::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+	self->Clear();
+}
+
 static bool DictionaryContains(const String& key)
 {
 	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
@@ -115,6 +106,7 @@ Object::Ptr Dictionary::GetPrototype()
 		{ "set", new Function("Dictionary#set", DictionarySet, { "key", "value" }) },
 		{ "get", new Function("Dictionary#get", DictionaryGet, { "key" }) },
 		{ "remove", new Function("Dictionary#remove", DictionaryRemove, { "key" }) },
+		{ "clear", new Function("Dictionary#clear", DictionaryClear, {}) },
 		{ "contains", new Function("Dictionary#contains", DictionaryContains, { "key" }, true) },
 		{ "shallow_clone", new Function("Dictionary#shallow_clone", DictionaryShallowClone, {}, true) },
 		{ "keys", new Function("Dictionary#keys", DictionaryKeys, {}, true) },
diff --git a/lib/base/dictionary.cpp b/lib/base/dictionary.cpp
index a64540404..4fd9d24b9 100644
--- a/lib/base/dictionary.cpp
+++ b/lib/base/dictionary.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/dictionary.hpp"
 #include "base/objectlock.hpp"
@@ -89,13 +72,14 @@ bool Dictionary::Get(const String& key, Value *result) const
  *
  * @param key The key.
  * @param value The value.
+ * @param overrideFrozen Whether to allow modifying frozen dictionaries.
  */
-void Dictionary::Set(const String& key, Value value)
+void Dictionary::Set(const String& key, Value value, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Dictionary must not be modified."));
+	if (m_Frozen && !overrideFrozen)
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Value in dictionary must not be modified."));
 
 	m_Data[key] = std::move(value);
 }
@@ -157,12 +141,13 @@ Dictionary::Iterator Dictionary::End()
  * Removes the item specified by the iterator from the dictionary.
  *
  * @param it The iterator.
+ * @param overrideFrozen Whether to allow modifying frozen dictionaries.
  */
-void Dictionary::Remove(Dictionary::Iterator it)
+void Dictionary::Remove(Dictionary::Iterator it, bool overrideFrozen)
 {
 	ASSERT(OwnsLock());
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Dictionary must not be modified."));
 
 	m_Data.erase(it);
@@ -172,12 +157,13 @@ void Dictionary::Remove(Dictionary::Iterator it)
  * Removes the specified key from the dictionary.
  *
  * @param key The key.
+ * @param overrideFrozen Whether to allow modifying frozen dictionaries.
  */
-void Dictionary::Remove(const String& key)
+void Dictionary::Remove(const String& key, bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Dictionary must not be modified."));
 
 	Dictionary::Iterator it;
@@ -191,12 +177,14 @@ void Dictionary::Remove(const String& key)
 
 /**
  * Removes all dictionary items.
+ *
+ * @param overrideFrozen Whether to allow modifying frozen dictionaries.
  */
-void Dictionary::Clear()
+void Dictionary::Clear(bool overrideFrozen)
 {
 	ObjectLock olock(this);
 
-	if (m_Frozen)
+	if (m_Frozen && !overrideFrozen)
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Dictionary must not be modified."));
 
 	m_Data.clear();
@@ -288,9 +276,9 @@ Value Dictionary::GetFieldByName(const String& field, bool, const DebugInfo& deb
 		return GetPrototypeField(const_cast<Dictionary *>(this), field, false, debugInfo);
 }
 
-void Dictionary::SetFieldByName(const String& field, const Value& value, const DebugInfo&)
+void Dictionary::SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo&)
 {
-	Set(field, value);
+	Set(field, value, overrideFrozen);
 }
 
 bool Dictionary::HasOwnField(const String& field) const
diff --git a/lib/base/dictionary.hpp b/lib/base/dictionary.hpp
index 97ca81b78..227868751 100644
--- a/lib/base/dictionary.hpp
+++ b/lib/base/dictionary.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DICTIONARY_H
 #define DICTIONARY_H
@@ -58,7 +41,7 @@ public:
 
 	Value Get(const String& key) const;
 	bool Get(const String& key, Value *result) const;
-	void Set(const String& key, Value value);
+	void Set(const String& key, Value value, bool overrideFrozen = false);
 	bool Contains(const String& key) const;
 
 	Iterator Begin();
@@ -66,11 +49,11 @@ public:
 
 	size_t GetLength() const;
 
-	void Remove(const String& key);
+	void Remove(const String& key, bool overrideFrozen = false);
 
-	void Remove(Iterator it);
+	void Remove(Iterator it, bool overrideFrozen = false);
 
-	void Clear();
+	void Clear(bool overrideFrozen = false);
 
 	void CopyTo(const Dictionary::Ptr& dest) const;
 	Dictionary::Ptr ShallowClone() const;
@@ -86,7 +69,7 @@ public:
 	void Freeze();
 
 	Value GetFieldByName(const String& field, bool sandboxed, const DebugInfo& debugInfo) const override;
-	void SetFieldByName(const String& field, const Value& value, const DebugInfo& debugInfo) override;
+	void SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) override;
 	bool HasOwnField(const String& field) const override;
 	bool GetOwnField(const String& field, Value *result) const override;
 
diff --git a/lib/base/exception.cpp b/lib/base/exception.cpp
index b74a0a6c1..c694b6bf2 100644
--- a/lib/base/exception.cpp
+++ b/lib/base/exception.cpp
@@ -1,23 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/exception.hpp"
+#include <boost/thread/tss.hpp>
+
+#ifdef _WIN32
+#	include "base/utility.hpp"
+#endif /* _WIN32 */
 
 #ifdef HAVE_CXXABI_H
 #	include <cxxabi.h>
diff --git a/lib/base/exception.hpp b/lib/base/exception.hpp
index 9e06f3666..246c28a78 100644
--- a/lib/base/exception.hpp
+++ b/lib/base/exception.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EXCEPTION_H
 #define EXCEPTION_H
@@ -24,7 +7,6 @@
 #include "base/string.hpp"
 #include "base/stacktrace.hpp"
 #include "base/context.hpp"
-#include "base/utility.hpp"
 #include "base/debuginfo.hpp"
 #include "base/dictionary.hpp"
 #include "base/configobject.hpp"
@@ -52,7 +34,6 @@ class ScriptError : virtual public user_error
 public:
 	ScriptError(String message);
 	ScriptError(String message, DebugInfo di, bool incompleteExpr = false);
-	~ScriptError() throw() = default;
 
 	const char *what(void) const throw() final;
 
diff --git a/lib/base/fifo.cpp b/lib/base/fifo.cpp
index e0d295791..8653f5176 100644
--- a/lib/base/fifo.cpp
+++ b/lib/base/fifo.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/fifo.hpp"
 
diff --git a/lib/base/fifo.hpp b/lib/base/fifo.hpp
index 6b85a2842..a8273c1ba 100644
--- a/lib/base/fifo.hpp
+++ b/lib/base/fifo.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FIFO_H
 #define FIFO_H
diff --git a/lib/base/filelogger.cpp b/lib/base/filelogger.cpp
index 5ae739d2e..60efdba26 100644
--- a/lib/base/filelogger.cpp
+++ b/lib/base/filelogger.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/filelogger.hpp"
 #include "base/filelogger-ti.cpp"
@@ -51,6 +34,9 @@ void FileLogger::Start(bool runtimeCreated)
 	Application::OnReopenLogs.connect(std::bind(&FileLogger::ReopenLogFile, this));
 
 	ObjectImpl<FileLogger>::Start(runtimeCreated);
+
+	Log(LogInformation, "FileLogger")
+		<< "'" << GetName() << "' started.";
 }
 
 void FileLogger::ReopenLogFile()
diff --git a/lib/base/filelogger.hpp b/lib/base/filelogger.hpp
index 8c9a8eee9..420337f6a 100644
--- a/lib/base/filelogger.hpp
+++ b/lib/base/filelogger.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FILELOGGER_H
 #define FILELOGGER_H
diff --git a/lib/base/filelogger.ti b/lib/base/filelogger.ti
index f19b7c9d6..8af2498ec 100644
--- a/lib/base/filelogger.ti
+++ b/lib/base/filelogger.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/streamlogger.hpp"
 
diff --git a/lib/base/function-script.cpp b/lib/base/function-script.cpp
index 8a96b26f2..e59e84dbc 100644
--- a/lib/base/function-script.cpp
+++ b/lib/base/function-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/function.hpp"
 #include "base/functionwrapper.hpp"
diff --git a/lib/base/function.cpp b/lib/base/function.cpp
index 6fec96208..f9a261dc0 100644
--- a/lib/base/function.cpp
+++ b/lib/base/function.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/function.hpp"
 #include "base/function-ti.cpp"
diff --git a/lib/base/function.hpp b/lib/base/function.hpp
index dd08df6ff..d6f1d17e0 100644
--- a/lib/base/function.hpp
+++ b/lib/base/function.hpp
@@ -1,24 +1,7 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
-#ifndef SCRIPTFUNCTION_H
-#define SCRIPTFUNCTION_H
+#ifndef FUNCTION_H
+#define FUNCTION_H
 
 #include "base/i2-base.hpp"
 #include "base/function-ti.hpp"
@@ -72,50 +55,35 @@ private:
 		bool side_effect_free, bool deprecated);
 };
 
-#define REGISTER_SCRIPTFUNCTION_NS(ns, name, callback, args) \
+/* Ensure that the priority is lower than the basic namespace initialization in scriptframe.cpp. */
+#define REGISTER_FUNCTION(ns, name, callback, args) \
 	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
 		Function::Ptr sf = new icinga::Function(#ns "#" #name, callback, String(args).Split(":"), false); \
-		ScriptGlobal::Set(#ns "." #name, sf); \
+		Namespace::Ptr nsp = ScriptGlobal::Get(#ns); \
+		nsp->SetAttribute(#name, std::make_shared<ConstEmbeddedNamespaceValue>(sf)); \
 	}, 10)
 
-#define REGISTER_SCRIPTFUNCTION_NS_PREFIX(ns, name, callback, args) \
+#define REGISTER_SAFE_FUNCTION(ns, name, callback, args) \
+	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
+		Function::Ptr sf = new icinga::Function(#ns "#" #name, callback, String(args).Split(":"), true); \
+		Namespace::Ptr nsp = ScriptGlobal::Get(#ns); \
+		nsp->SetAttribute(#name, std::make_shared<ConstEmbeddedNamespaceValue>(sf)); \
+	}, 10)
+
+#define REGISTER_FUNCTION_NONCONST(ns, name, callback, args) \
 	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
 		Function::Ptr sf = new icinga::Function(#ns "#" #name, callback, String(args).Split(":"), false); \
-		ScriptGlobal::Set(#ns "." #name, sf); \
-		Function::Ptr dsf = new icinga::Function("Deprecated#__" #name " (deprecated)", WrapFunction(callback), String(args).Split(":"), false, true); \
-		ScriptGlobal::Set("Deprecated.__" #name, dsf); \
+		Namespace::Ptr nsp = ScriptGlobal::Get(#ns); \
+		nsp->SetAttribute(#name, std::make_shared<EmbeddedNamespaceValue>(sf)); \
 	}, 10)
 
-#define REGISTER_SCRIPTFUNCTION_NS_DEPRECATED(ns, name, callback, args) \
-	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
-		Function::Ptr sf = new icinga::Function(#ns "#" #name, callback, String(args).Split(":"), false); \
-		ScriptGlobal::Set(#ns "." #name, sf); \
-		Function::Ptr dsf = new icinga::Function("Deprecated#" #name " (deprecated)", WrapFunction(callback), String(args).Split(":"), false, true); \
-		ScriptGlobal::Set("Deprecated." #name, dsf); \
-	}, 10)
-
-#define REGISTER_SAFE_SCRIPTFUNCTION_NS(ns, name, callback, args) \
+#define REGISTER_SAFE_FUNCTION_NONCONST(ns, name, callback, args) \
 	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
 		Function::Ptr sf = new icinga::Function(#ns "#" #name, callback, String(args).Split(":"), true); \
-		ScriptGlobal::Set(#ns "." #name, sf); \
-	}, 10)
-
-#define REGISTER_SAFE_SCRIPTFUNCTION_NS_PREFIX(ns, name, callback, args) \
-	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
-		Function::Ptr sf = new icinga::Function(#ns "#" #name, callback, String(args).Split(":"), true); \
-		ScriptGlobal::Set(#ns "." #name, sf); \
-		Function::Ptr dsf = new icinga::Function("Deprecated#__" #name " (deprecated)", WrapFunction(callback), String(args).Split(":"), true, true); \
-		ScriptGlobal::Set("Deprecated.__" #name, dsf); \
-	}, 10)
-
-#define REGISTER_SAFE_SCRIPTFUNCTION_NS_DEPRECATED(ns, name, callback, args) \
-	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
-		Function::Ptr sf = new icinga::Function(#ns "#" #name, callback, String(args).Split(":"), true); \
-		ScriptGlobal::Set(#ns "." #name, sf); \
-		Function::Ptr dsf = new icinga::Function("Deprecated#" #name " (deprecated)", WrapFunction(callback), String(args).Split(":"), true, true); \
-		ScriptGlobal::Set("Deprecated." #name, dsf); \
+		Namespace::Ptr nsp = ScriptGlobal::Get(#ns); \
+		nsp->SetAttribute(#name, std::make_shared<EmbeddedNamespaceValue>(sf)); \
 	}, 10)
 
 }
 
-#endif /* SCRIPTFUNCTION_H */
+#endif /* FUNCTION_H */
diff --git a/lib/base/function.ti b/lib/base/function.ti
index c8a1d529a..f2623c168 100644
--- a/lib/base/function.ti
+++ b/lib/base/function.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
diff --git a/lib/base/functionwrapper.hpp b/lib/base/functionwrapper.hpp
index da32bb7ed..03b8a44aa 100644
--- a/lib/base/functionwrapper.hpp
+++ b/lib/base/functionwrapper.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FUNCTIONWRAPPER_H
 #define FUNCTIONWRAPPER_H
diff --git a/lib/base/i2-base.hpp b/lib/base/i2-base.hpp
index 95446b2cf..58aac4803 100644
--- a/lib/base/i2-base.hpp
+++ b/lib/base/i2-base.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2BASE_H
 #define I2BASE_H
@@ -89,14 +72,6 @@
 #	pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 #endif
 
-#if defined(__GNUC__)
-#	define likely(x) __builtin_expect(!!(x), 1)
-#	define unlikely(x) __builtin_expect(!!(x), 0)
-#else
-#	define likely(x) (x)
-#	define unlikely(x) (x)
-#endif
-
 #define BOOST_BIND_NO_PLACEHOLDERS
 
 #include <functional>
diff --git a/lib/base/initialize.cpp b/lib/base/initialize.cpp
index feffb4816..23373cc23 100644
--- a/lib/base/initialize.cpp
+++ b/lib/base/initialize.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/initialize.hpp"
 #include "base/loader.hpp"
diff --git a/lib/base/initialize.hpp b/lib/base/initialize.hpp
index 942aa5b0f..0629abe68 100644
--- a/lib/base/initialize.hpp
+++ b/lib/base/initialize.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef INITIALIZE_H
 #define INITIALIZE_H
diff --git a/lib/base/io-engine.cpp b/lib/base/io-engine.cpp
new file mode 100644
index 000000000..5dd3ee59c
--- /dev/null
+++ b/lib/base/io-engine.cpp
@@ -0,0 +1,146 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/exception.hpp"
+#include "base/io-engine.hpp"
+#include "base/lazy-init.hpp"
+#include "base/logger.hpp"
+#include <exception>
+#include <memory>
+#include <thread>
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/spawn.hpp>
+#include <boost/asio/post.hpp>
+#include <boost/date_time/posix_time/ptime.hpp>
+#include <boost/system/error_code.hpp>
+
+using namespace icinga;
+
+CpuBoundWork::CpuBoundWork(boost::asio::yield_context yc)
+	: m_Done(false)
+{
+	auto& ioEngine (IoEngine::Get());
+
+	for (;;) {
+		auto availableSlots (ioEngine.m_CpuBoundSemaphore.fetch_sub(1));
+
+		if (availableSlots < 1) {
+			ioEngine.m_CpuBoundSemaphore.fetch_add(1);
+			ioEngine.m_AlreadyExpiredTimer.async_wait(yc);
+			continue;
+		}
+
+		break;
+	}
+}
+
+CpuBoundWork::~CpuBoundWork()
+{
+	if (!m_Done) {
+		IoEngine::Get().m_CpuBoundSemaphore.fetch_add(1);
+	}
+}
+
+void CpuBoundWork::Done()
+{
+	if (!m_Done) {
+		IoEngine::Get().m_CpuBoundSemaphore.fetch_add(1);
+
+		m_Done = true;
+	}
+}
+
+IoBoundWorkSlot::IoBoundWorkSlot(boost::asio::yield_context yc)
+	: yc(yc)
+{
+	IoEngine::Get().m_CpuBoundSemaphore.fetch_add(1);
+}
+
+IoBoundWorkSlot::~IoBoundWorkSlot()
+{
+	auto& ioEngine (IoEngine::Get());
+
+	for (;;) {
+		auto availableSlots (ioEngine.m_CpuBoundSemaphore.fetch_sub(1));
+
+		if (availableSlots < 1) {
+			ioEngine.m_CpuBoundSemaphore.fetch_add(1);
+			ioEngine.m_AlreadyExpiredTimer.async_wait(yc);
+			continue;
+		}
+
+		break;
+	}
+}
+
+LazyInit<std::unique_ptr<IoEngine>> IoEngine::m_Instance ([]() { return std::unique_ptr<IoEngine>(new IoEngine()); });
+
+IoEngine& IoEngine::Get()
+{
+	return *m_Instance.Get();
+}
+
+boost::asio::io_context& IoEngine::GetIoContext()
+{
+	return m_IoContext;
+}
+
+IoEngine::IoEngine() : m_IoContext(), m_KeepAlive(boost::asio::make_work_guard(m_IoContext)), m_Threads(decltype(m_Threads)::size_type(std::thread::hardware_concurrency() * 2u)), m_AlreadyExpiredTimer(m_IoContext)
+{
+	m_AlreadyExpiredTimer.expires_at(boost::posix_time::neg_infin);
+	m_CpuBoundSemaphore.store(std::thread::hardware_concurrency() * 3u / 2u);
+
+	for (auto& thread : m_Threads) {
+		thread = std::thread(&IoEngine::RunEventLoop, this);
+	}
+}
+
+IoEngine::~IoEngine()
+{
+	for (auto& thread : m_Threads) {
+		boost::asio::post(m_IoContext, []() {
+			throw TerminateIoThread();
+		});
+	}
+
+	for (auto& thread : m_Threads) {
+		thread.join();
+	}
+}
+
+void IoEngine::RunEventLoop()
+{
+	for (;;) {
+		try {
+			m_IoContext.run();
+
+			break;
+		} catch (const TerminateIoThread&) {
+			break;
+		} catch (const std::exception& e) {
+			Log(LogCritical, "IoEngine", "Exception during I/O operation!");
+			Log(LogDebug, "IoEngine") << "Exception during I/O operation: " << DiagnosticInformation(e);
+		}
+	}
+}
+
+AsioConditionVariable::AsioConditionVariable(boost::asio::io_context& io, bool init)
+	: m_Timer(io)
+{
+	m_Timer.expires_at(init ? boost::posix_time::neg_infin : boost::posix_time::pos_infin);
+}
+
+void AsioConditionVariable::Set()
+{
+	m_Timer.expires_at(boost::posix_time::neg_infin);
+}
+
+void AsioConditionVariable::Clear()
+{
+	m_Timer.expires_at(boost::posix_time::pos_infin);
+}
+
+void AsioConditionVariable::Wait(boost::asio::yield_context yc)
+{
+	boost::system::error_code ec;
+	m_Timer.async_wait(yc[ec]);
+}
diff --git a/lib/base/io-engine.hpp b/lib/base/io-engine.hpp
new file mode 100644
index 000000000..b9e4ee6c3
--- /dev/null
+++ b/lib/base/io-engine.hpp
@@ -0,0 +1,196 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef IO_ENGINE_H
+#define IO_ENGINE_H
+
+#include "base/lazy-init.hpp"
+#include <atomic>
+#include <exception>
+#include <memory>
+#include <thread>
+#include <vector>
+#include <stdexcept>
+#include <boost/exception/all.hpp>
+#include <boost/asio/deadline_timer.hpp>
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/spawn.hpp>
+
+namespace icinga
+{
+
+/**
+ * Scope lock for CPU-bound work done in an I/O thread
+ *
+ * @ingroup base
+ */
+class CpuBoundWork
+{
+public:
+	CpuBoundWork(boost::asio::yield_context yc);
+	CpuBoundWork(const CpuBoundWork&) = delete;
+	CpuBoundWork(CpuBoundWork&&) = delete;
+	CpuBoundWork& operator=(const CpuBoundWork&) = delete;
+	CpuBoundWork& operator=(CpuBoundWork&&) = delete;
+	~CpuBoundWork();
+
+	void Done();
+
+private:
+	bool m_Done;
+};
+
+/**
+ * Scope break for CPU-bound work done in an I/O thread
+ *
+ * @ingroup base
+ */
+class IoBoundWorkSlot
+{
+public:
+	IoBoundWorkSlot(boost::asio::yield_context yc);
+	IoBoundWorkSlot(const IoBoundWorkSlot&) = delete;
+	IoBoundWorkSlot(IoBoundWorkSlot&&) = delete;
+	IoBoundWorkSlot& operator=(const IoBoundWorkSlot&) = delete;
+	IoBoundWorkSlot& operator=(IoBoundWorkSlot&&) = delete;
+	~IoBoundWorkSlot();
+
+private:
+	boost::asio::yield_context yc;
+};
+
+/**
+ * Async I/O engine
+ *
+ * @ingroup base
+ */
+class IoEngine
+{
+	friend CpuBoundWork;
+	friend IoBoundWorkSlot;
+
+public:
+	IoEngine(const IoEngine&) = delete;
+	IoEngine(IoEngine&&) = delete;
+	IoEngine& operator=(const IoEngine&) = delete;
+	IoEngine& operator=(IoEngine&&) = delete;
+	~IoEngine();
+
+	static IoEngine& Get();
+
+	boost::asio::io_context& GetIoContext();
+
+	/*
+	 * Custom exceptions thrown in a Boost.Coroutine may cause stack corruption.
+	 * Ensure that these are wrapped correctly.
+	 *
+	 * Inspired by https://github.com/niekbouman/commelec-api/blob/master/commelec-api/coroutine-exception.hpp
+	 * Source: http://boost.2283326.n4.nabble.com/coroutine-only-std-exceptions-are-caught-from-coroutines-td4683671.html
+	 */
+	static inline boost::exception_ptr convertExceptionPtr(std::exception_ptr ex) {
+		try {
+			throw boost::enable_current_exception(ex);
+		} catch (...) {
+			return boost::current_exception();
+		}
+	}
+
+	static inline void rethrowBoostExceptionPointer() {
+		std::exception_ptr sep;
+		sep = std::current_exception();
+		boost::exception_ptr bep = convertExceptionPtr(sep);
+		boost::rethrow_exception(bep);
+	}
+
+	static inline size_t GetCoroutineStackSize() {
+#ifdef _WIN32
+		// Increase the stack size for Windows coroutines to prevent exception corruption.
+		// Rationale: Low cost Windows agent only & https://github.com/Icinga/icinga2/issues/7431
+		return 8 * 1024 * 1024;
+#else /* _WIN32 */
+		return boost::coroutines::stack_allocator::traits_type::default_size(); // Default 64 KB
+#endif /* _WIN32 */
+	}
+
+	/* With dedicated strand in *Connection classes. */
+	template <typename Handler, typename Function>
+	static void SpawnCoroutine(Handler h, Function f) {
+
+		boost::asio::spawn(std::forward<Handler>(h),
+			[f](boost::asio::yield_context yc) {
+
+				try {
+					f(yc);
+				} catch (const boost::coroutines::detail::forced_unwind &) {
+					// Required for proper stack unwinding when coroutines are destroyed.
+					// https://github.com/boostorg/coroutine/issues/39
+					throw;
+				} catch (...) {
+					// Handle uncaught exceptions outside of the coroutine.
+					rethrowBoostExceptionPointer();
+				}
+			},
+			boost::coroutines::attributes(GetCoroutineStackSize()) // Set a pre-defined stack size.
+		);
+	}
+
+	/* Without strand in the IO executor's context. */
+	template <typename Function>
+	static void SpawnCoroutine(boost::asio::io_context& io, Function f) {
+
+		boost::asio::spawn(io,
+			[f](boost::asio::yield_context yc) {
+
+				try {
+					f(yc);
+				} catch (const boost::coroutines::detail::forced_unwind &) {
+					// Required for proper stack unwinding when coroutines are destroyed.
+					// https://github.com/boostorg/coroutine/issues/39
+					throw;
+				} catch (...) {
+					// Handle uncaught exceptions outside of the coroutine.
+					rethrowBoostExceptionPointer();
+				}
+			},
+			boost::coroutines::attributes(GetCoroutineStackSize()) // Set a pre-defined stack size.
+		);
+	}
+
+private:
+	IoEngine();
+
+	void RunEventLoop();
+
+	static LazyInit<std::unique_ptr<IoEngine>> m_Instance;
+
+	boost::asio::io_context m_IoContext;
+	boost::asio::executor_work_guard<boost::asio::io_context::executor_type> m_KeepAlive;
+	std::vector<std::thread> m_Threads;
+	boost::asio::deadline_timer m_AlreadyExpiredTimer;
+	std::atomic_int_fast32_t m_CpuBoundSemaphore;
+};
+
+class TerminateIoThread : public std::exception
+{
+};
+
+/**
+ * Condition variable which doesn't block I/O threads
+ *
+ * @ingroup base
+ */
+class AsioConditionVariable
+{
+public:
+	AsioConditionVariable(boost::asio::io_context& io, bool init = false);
+
+	void Set();
+	void Clear();
+	void Wait(boost::asio::yield_context yc);
+
+private:
+	boost::asio::deadline_timer m_Timer;
+};
+
+}
+
+#endif /* IO_ENGINE_H */
diff --git a/lib/base/json-script.cpp b/lib/base/json-script.cpp
index 9df6ee783..ee4221142 100644
--- a/lib/base/json-script.cpp
+++ b/lib/base/json-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/dictionary.hpp"
 #include "base/function.hpp"
@@ -32,11 +15,15 @@ static String JsonEncodeShim(const Value& value)
 }
 
 INITIALIZE_ONCE([]() {
-	Dictionary::Ptr jsonObj = new Dictionary({
-		/* Methods */
-		{ "encode", new Function("Json#encode", JsonEncodeShim, { "value" }, true) },
-		{ "decode", new Function("Json#decode", JsonDecode, { "value" }, true) }
-	});
+	auto jsonNSBehavior = new ConstNamespaceBehavior();
+	Namespace::Ptr jsonNS = new Namespace(jsonNSBehavior);
 
-	ScriptGlobal::Set("Json", jsonObj);
+	/* Methods */
+	jsonNS->Set("encode", new Function("Json#encode", JsonEncodeShim, { "value" }, true));
+	jsonNS->Set("decode", new Function("Json#decode", JsonDecode, { "value" }, true));
+
+	jsonNSBehavior->Freeze();
+
+	Namespace::Ptr systemNS = ScriptGlobal::Get("System");
+	systemNS->SetAttribute("Json", std::make_shared<ConstEmbeddedNamespaceValue>(jsonNS));
 });
diff --git a/lib/base/json.cpp b/lib/base/json.cpp
index c074aed56..c1a47c788 100644
--- a/lib/base/json.cpp
+++ b/lib/base/json.cpp
@@ -1,110 +1,186 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/json.hpp"
 #include "base/debug.hpp"
+#include "base/namespace.hpp"
 #include "base/dictionary.hpp"
 #include "base/array.hpp"
 #include "base/objectlock.hpp"
 #include "base/convert.hpp"
+#include "base/utility.hpp"
+#include <bitset>
 #include <boost/exception_ptr.hpp>
-#include <yajl/yajl_version.h>
-#include <yajl/yajl_gen.h>
-#include <yajl/yajl_parse.h>
+#include <cstdint>
+#include <json.hpp>
 #include <stack>
+#include <utility>
+#include <vector>
 
 using namespace icinga;
 
-static void Encode(yajl_gen handle, const Value& value);
-
-#if YAJL_MAJOR < 2
-typedef unsigned int yajl_size;
-#else /* YAJL_MAJOR */
-typedef size_t yajl_size;
-#endif /* YAJL_MAJOR */
-
-static void EncodeDictionary(yajl_gen handle, const Dictionary::Ptr& dict)
+class JsonSax : public nlohmann::json_sax<nlohmann::json>
 {
-	yajl_gen_map_open(handle);
+public:
+	bool null() override;
+	bool boolean(bool val) override;
+	bool number_integer(number_integer_t val) override;
+	bool number_unsigned(number_unsigned_t val) override;
+	bool number_float(number_float_t val, const string_t& s) override;
+	bool string(string_t& val) override;
+	bool start_object(std::size_t elements) override;
+	bool key(string_t& val) override;
+	bool end_object() override;
+	bool start_array(std::size_t elements) override;
+	bool end_array() override;
+	bool parse_error(std::size_t position, const std::string& last_token, const nlohmann::detail::exception& ex) override;
+
+	Value GetResult();
+
+private:
+	Value m_Root;
+	std::stack<std::pair<Dictionary*, Array*>> m_CurrentSubtree;
+	String m_CurrentKey;
+
+	void FillCurrentTarget(Value value);
+};
+
+const char l_Null[] = "null";
+const char l_False[] = "false";
+const char l_True[] = "true";
+const char l_Indent[] = "    ";
+
+// https://github.com/nlohmann/json/issues/1512
+template<bool prettyPrint>
+class JsonEncoder
+{
+public:
+	void Null();
+	void Boolean(bool value);
+	void NumberFloat(double value);
+	void Strng(String value);
+	void StartObject();
+	void Key(String value);
+	void EndObject();
+	void StartArray();
+	void EndArray();
+
+	String GetResult();
+
+private:
+	std::vector<char> m_Result;
+	String m_CurrentKey;
+	std::stack<std::bitset<2>> m_CurrentSubtree;
+
+	void AppendChar(char c);
+
+	template<class Iterator>
+	void AppendChars(Iterator begin, Iterator end);
+
+	void AppendJson(nlohmann::json json);
+
+	void BeforeItem();
+
+	void FinishContainer(char terminator);
+};
+
+template<bool prettyPrint>
+void Encode(JsonEncoder<prettyPrint>& stateMachine, const Value& value);
+
+template<bool prettyPrint>
+inline
+void EncodeNamespace(JsonEncoder<prettyPrint>& stateMachine, const Namespace::Ptr& ns)
+{
+	stateMachine.StartObject();
+
+	ObjectLock olock(ns);
+	for (const Namespace::Pair& kv : ns) {
+		stateMachine.Key(Utility::ValidateUTF8(kv.first));
+		Encode(stateMachine, kv.second->Get());
+	}
+
+	stateMachine.EndObject();
+}
+
+template<bool prettyPrint>
+inline
+void EncodeDictionary(JsonEncoder<prettyPrint>& stateMachine, const Dictionary::Ptr& dict)
+{
+	stateMachine.StartObject();
 
 	ObjectLock olock(dict);
 	for (const Dictionary::Pair& kv : dict) {
-		yajl_gen_string(handle, reinterpret_cast<const unsigned char *>(kv.first.CStr()), kv.first.GetLength());
-		Encode(handle, kv.second);
+		stateMachine.Key(Utility::ValidateUTF8(kv.first));
+		Encode(stateMachine, kv.second);
 	}
 
-	yajl_gen_map_close(handle);
+	stateMachine.EndObject();
 }
 
-static void EncodeArray(yajl_gen handle, const Array::Ptr& arr)
+template<bool prettyPrint>
+inline
+void EncodeArray(JsonEncoder<prettyPrint>& stateMachine, const Array::Ptr& arr)
 {
-	yajl_gen_array_open(handle);
+	stateMachine.StartArray();
 
 	ObjectLock olock(arr);
 	for (const Value& value : arr) {
-		Encode(handle, value);
+		Encode(stateMachine, value);
 	}
 
-	yajl_gen_array_close(handle);
+	stateMachine.EndArray();
 }
 
-static void Encode(yajl_gen handle, const Value& value)
+template<bool prettyPrint>
+void Encode(JsonEncoder<prettyPrint>& stateMachine, const Value& value)
 {
 	switch (value.GetType()) {
 		case ValueNumber:
-			if (yajl_gen_double(handle, value.Get<double>()) == yajl_gen_invalid_number)
-				yajl_gen_double(handle, 0);
-
+			stateMachine.NumberFloat(value.Get<double>());
 			break;
+
 		case ValueBoolean:
-			yajl_gen_bool(handle, value.ToBool());
-
+			stateMachine.Boolean(value.ToBool());
 			break;
+
 		case ValueString:
-			yajl_gen_string(handle, reinterpret_cast<const unsigned char *>(value.Get<String>().CStr()), value.Get<String>().GetLength());
-
+			stateMachine.Strng(Utility::ValidateUTF8(value.Get<String>()));
 			break;
+
 		case ValueObject:
 			{
 				const Object::Ptr& obj = value.Get<Object::Ptr>();
-				Dictionary::Ptr dict = dynamic_pointer_cast<Dictionary>(obj);
 
-				if (dict) {
-					EncodeDictionary(handle, dict);
-					break;
+				{
+					Namespace::Ptr ns = dynamic_pointer_cast<Namespace>(obj);
+					if (ns) {
+						EncodeNamespace(stateMachine, ns);
+						break;
+					}
+				}
+
+				{
+					Dictionary::Ptr dict = dynamic_pointer_cast<Dictionary>(obj);
+					if (dict) {
+						EncodeDictionary(stateMachine, dict);
+						break;
+					}
 				}
 
 				Array::Ptr arr = dynamic_pointer_cast<Array>(obj);
-
 				if (arr) {
-					EncodeArray(handle, arr);
+					EncodeArray(stateMachine, arr);
 					break;
 				}
 			}
 
-			yajl_gen_null(handle);
+			stateMachine.Null();
 
 			break;
+
 		case ValueEmpty:
-			yajl_gen_null(handle);
-
+			stateMachine.Null();
 			break;
+
 		default:
 			VERIFY(!"Invalid variant type.");
 	}
@@ -112,254 +188,309 @@ static void Encode(yajl_gen handle, const Value& value)
 
 String icinga::JsonEncode(const Value& value, bool pretty_print)
 {
-#if YAJL_MAJOR < 2
-	yajl_gen_config conf = { pretty_print, "" };
-	yajl_gen handle = yajl_gen_alloc(&conf, nullptr);
-#else /* YAJL_MAJOR */
-	yajl_gen handle = yajl_gen_alloc(nullptr);
-	if (pretty_print)
-		yajl_gen_config(handle, yajl_gen_beautify, 1);
-#endif /* YAJL_MAJOR */
+	if (pretty_print) {
+		JsonEncoder<true> stateMachine;
 
-	Encode(handle, value);
+		Encode(stateMachine, value);
 
-	const unsigned char *buf;
-	yajl_size len;
+		return stateMachine.GetResult();
+	} else {
+		JsonEncoder<false> stateMachine;
 
-	yajl_gen_get_buf(handle, &buf, &len);
+		Encode(stateMachine, value);
 
-	String result = String(buf, buf + len);
-
-	yajl_gen_free(handle);
-
-	return result;
-}
-
-struct JsonElement
-{
-	String Key;
-	bool KeySet{false};
-	Value EValue;
-};
-
-struct JsonContext
-{
-public:
-	void Push(const Value& value)
-	{
-		JsonElement element;
-		element.EValue = value;
-
-		m_Stack.push(element);
+		return stateMachine.GetResult();
 	}
-
-	JsonElement Pop()
-	{
-		JsonElement value = m_Stack.top();
-		m_Stack.pop();
-		return value;
-	}
-
-	void AddValue(const Value& value)
-	{
-		if (m_Stack.empty()) {
-			JsonElement element;
-			element.EValue = value;
-			m_Stack.push(element);
-			return;
-		}
-
-		JsonElement& element = m_Stack.top();
-
-		if (element.EValue.IsObjectType<Dictionary>()) {
-			if (!element.KeySet) {
-				element.Key = value;
-				element.KeySet = true;
-			} else {
-				Dictionary::Ptr dict = element.EValue;
-				dict->Set(element.Key, value);
-				element.KeySet = false;
-			}
-		} else if (element.EValue.IsObjectType<Array>()) {
-			Array::Ptr arr = element.EValue;
-			arr->Add(value);
-		} else {
-			BOOST_THROW_EXCEPTION(std::invalid_argument("Cannot add value to JSON element."));
-		}
-	}
-
-	Value GetValue() const
-	{
-		ASSERT(m_Stack.size() == 1);
-		return m_Stack.top().EValue;
-	}
-
-	void SaveException()
-	{
-		m_Exception = boost::current_exception();
-	}
-
-	void ThrowException() const
-	{
-		if (m_Exception)
-			boost::rethrow_exception(m_Exception);
-	}
-
-private:
-	std::stack<JsonElement> m_Stack;
-	Value m_Key;
-	boost::exception_ptr m_Exception;
-};
-
-static int DecodeNull(void *ctx)
-{
-	auto *context = static_cast<JsonContext *>(ctx);
-
-	try {
-		context->AddValue(Empty);
-	} catch (...) {
-		context->SaveException();
-		return 0;
-	}
-
-	return 1;
-}
-
-static int DecodeBoolean(void *ctx, int value)
-{
-	auto *context = static_cast<JsonContext *>(ctx);
-
-	try {
-		context->AddValue(static_cast<bool>(value));
-	} catch (...) {
-		context->SaveException();
-		return 0;
-	}
-
-	return 1;
-}
-
-static int DecodeNumber(void *ctx, const char *str, yajl_size len)
-{
-	auto *context = static_cast<JsonContext *>(ctx);
-
-	try {
-		String jstr = String(str, str + len);
-		context->AddValue(Convert::ToDouble(jstr));
-	} catch (...) {
-		context->SaveException();
-		return 0;
-	}
-
-	return 1;
-}
-
-static int DecodeString(void *ctx, const unsigned char *str, yajl_size len)
-{
-	auto *context = static_cast<JsonContext *>(ctx);
-
-	try {
-		context->AddValue(String(str, str + len));
-	} catch (...) {
-		context->SaveException();
-		return 0;
-	}
-
-	return 1;
-}
-
-static int DecodeStartMap(void *ctx)
-{
-	auto *context = static_cast<JsonContext *>(ctx);
-
-	try {
-		context->Push(new Dictionary());
-	} catch (...) {
-		context->SaveException();
-		return 0;
-	}
-
-	return 1;
-}
-
-static int DecodeEndMapOrArray(void *ctx)
-{
-	auto *context = static_cast<JsonContext *>(ctx);
-
-	try {
-		context->AddValue(context->Pop().EValue);
-	} catch (...) {
-		context->SaveException();
-		return 0;
-	}
-
-	return 1;
-}
-
-static int DecodeStartArray(void *ctx)
-{
-	auto *context = static_cast<JsonContext *>(ctx);
-
-	try {
-		context->Push(new Array());
-	} catch (...) {
-		context->SaveException();
-		return 0;
-	}
-
-	return 1;
 }
 
 Value icinga::JsonDecode(const String& data)
 {
-	static const yajl_callbacks callbacks = {
-		DecodeNull,
-		DecodeBoolean,
-		nullptr,
-		nullptr,
-		DecodeNumber,
-		DecodeString,
-		DecodeStartMap,
-		DecodeString,
-		DecodeEndMapOrArray,
-		DecodeStartArray,
-		DecodeEndMapOrArray
-	};
+	String sanitized (Utility::ValidateUTF8(data));
 
-	yajl_handle handle;
-#if YAJL_MAJOR < 2
-	yajl_parser_config cfg = { 1, 0 };
-#endif /* YAJL_MAJOR */
-	JsonContext context;
+	JsonSax stateMachine;
 
-#if YAJL_MAJOR < 2
-	handle = yajl_alloc(&callbacks, &cfg, nullptr, &context);
-#else /* YAJL_MAJOR */
-	handle = yajl_alloc(&callbacks, nullptr, &context);
-	yajl_config(handle, yajl_dont_validate_strings, 1);
-	yajl_config(handle, yajl_allow_comments, 1);
-#endif /* YAJL_MAJOR */
+	nlohmann::json::sax_parse(sanitized.Begin(), sanitized.End(), &stateMachine);
 
-	yajl_parse(handle, reinterpret_cast<const unsigned char *>(data.CStr()), data.GetLength());
+	return stateMachine.GetResult();
+}
 
-#if YAJL_MAJOR < 2
-	if (yajl_parse_complete(handle) != yajl_status_ok) {
-#else /* YAJL_MAJOR */
-	if (yajl_complete_parse(handle) != yajl_status_ok) {
-#endif /* YAJL_MAJOR */
-		unsigned char *internal_err_str = yajl_get_error(handle, 1, reinterpret_cast<const unsigned char *>(data.CStr()), data.GetLength());
-		String msg = reinterpret_cast<char *>(internal_err_str);
-		yajl_free_error(handle, internal_err_str);
+inline
+bool JsonSax::null()
+{
+	FillCurrentTarget(Value());
 
-		yajl_free(handle);
+	return true;
+}
 
-		/* throw saved exception (if there is one) */
-		context.ThrowException();
+inline
+bool JsonSax::boolean(bool val)
+{
+	FillCurrentTarget(val);
 
-		BOOST_THROW_EXCEPTION(std::invalid_argument(msg));
+	return true;
+}
+
+inline
+bool JsonSax::number_integer(JsonSax::number_integer_t val)
+{
+	FillCurrentTarget((double)val);
+
+	return true;
+}
+
+inline
+bool JsonSax::number_unsigned(JsonSax::number_unsigned_t val)
+{
+	FillCurrentTarget((double)val);
+
+	return true;
+}
+
+inline
+bool JsonSax::number_float(JsonSax::number_float_t val, const JsonSax::string_t&)
+{
+	FillCurrentTarget((double)val);
+
+	return true;
+}
+
+inline
+bool JsonSax::string(JsonSax::string_t& val)
+{
+	FillCurrentTarget(String(std::move(val)));
+
+	return true;
+}
+
+inline
+bool JsonSax::start_object(std::size_t)
+{
+	auto object (new Dictionary());
+
+	FillCurrentTarget(object);
+
+	m_CurrentSubtree.push({object, nullptr});
+
+	return true;
+}
+
+inline
+bool JsonSax::key(JsonSax::string_t& val)
+{
+	m_CurrentKey = String(std::move(val));
+
+	return true;
+}
+
+inline
+bool JsonSax::end_object()
+{
+	m_CurrentSubtree.pop();
+	m_CurrentKey = String();
+
+	return true;
+}
+
+inline
+bool JsonSax::start_array(std::size_t)
+{
+	auto array (new Array());
+
+	FillCurrentTarget(array);
+
+	m_CurrentSubtree.push({nullptr, array});
+
+	return true;
+}
+
+inline
+bool JsonSax::end_array()
+{
+	m_CurrentSubtree.pop();
+
+	return true;
+}
+
+inline
+bool JsonSax::parse_error(std::size_t, const std::string&, const nlohmann::detail::exception& ex)
+{
+	throw std::invalid_argument(ex.what());
+}
+
+inline
+Value JsonSax::GetResult()
+{
+	return m_Root;
+}
+
+inline
+void JsonSax::FillCurrentTarget(Value value)
+{
+	if (m_CurrentSubtree.empty()) {
+		m_Root = value;
+	} else {
+		auto& node (m_CurrentSubtree.top());
+
+		if (node.first) {
+			node.first->Set(m_CurrentKey, value);
+		} else {
+			node.second->Add(value);
+		}
+	}
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::Null()
+{
+	BeforeItem();
+	AppendChars((const char*)l_Null, (const char*)l_Null + 4);
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::Boolean(bool value)
+{
+	BeforeItem();
+
+	if (value) {
+		AppendChars((const char*)l_True, (const char*)l_True + 4);
+	} else {
+		AppendChars((const char*)l_False, (const char*)l_False + 5);
+	}
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::NumberFloat(double value)
+{
+	BeforeItem();
+	AppendJson(value);
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::Strng(String value)
+{
+	BeforeItem();
+	AppendJson(std::move(value));
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::StartObject()
+{
+	BeforeItem();
+	AppendChar('{');
+
+	m_CurrentSubtree.push(2);
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::Key(String value)
+{
+	m_CurrentKey = std::move(value);
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::EndObject()
+{
+	FinishContainer('}');
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::StartArray()
+{
+	BeforeItem();
+	AppendChar('[');
+
+	m_CurrentSubtree.push(0);
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::EndArray()
+{
+	FinishContainer(']');
+}
+
+template<bool prettyPrint>
+inline
+String JsonEncoder<prettyPrint>::GetResult()
+{
+	return String(m_Result.begin(), m_Result.end());
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::AppendChar(char c)
+{
+	m_Result.emplace_back(c);
+}
+
+template<bool prettyPrint>
+template<class Iterator>
+inline
+void JsonEncoder<prettyPrint>::AppendChars(Iterator begin, Iterator end)
+{
+	m_Result.insert(m_Result.end(), begin, end);
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::AppendJson(nlohmann::json json)
+{
+	nlohmann::detail::serializer<nlohmann::json>(nlohmann::detail::output_adapter<char>(m_Result), ' ').dump(std::move(json), prettyPrint, true, 0);
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::BeforeItem()
+{
+	if (!m_CurrentSubtree.empty()) {
+		auto& node (m_CurrentSubtree.top());
+
+		if (node[0]) {
+			AppendChar(',');
+		} else {
+			node[0] = true;
+		}
+
+		if (prettyPrint) {
+			AppendChar('\n');
+
+			for (auto i (m_CurrentSubtree.size()); i; --i) {
+				AppendChars((const char*)l_Indent, (const char*)l_Indent + 4);
+			}
+		}
+
+		if (node[1]) {
+			AppendJson(std::move(m_CurrentKey));
+			AppendChar(':');
+
+			if (prettyPrint) {
+				AppendChar(' ');
+			}
+		}
+	}
+}
+
+template<bool prettyPrint>
+inline
+void JsonEncoder<prettyPrint>::FinishContainer(char terminator)
+{
+	if (prettyPrint && m_CurrentSubtree.top()[0]) {
+		AppendChar('\n');
+
+		for (auto i (m_CurrentSubtree.size() - 1u); i; --i) {
+			AppendChars((const char*)l_Indent, (const char*)l_Indent + 4);
+		}
 	}
 
-	yajl_free(handle);
+	AppendChar(terminator);
 
-	return context.GetValue();
+	m_CurrentSubtree.pop();
 }
diff --git a/lib/base/json.hpp b/lib/base/json.hpp
index 368a25cbd..df0ea18a0 100644
--- a/lib/base/json.hpp
+++ b/lib/base/json.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef JSON_H
 #define JSON_H
diff --git a/lib/base/lazy-init.hpp b/lib/base/lazy-init.hpp
new file mode 100644
index 000000000..c1da2cd93
--- /dev/null
+++ b/lib/base/lazy-init.hpp
@@ -0,0 +1,72 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef LAZY_INIT
+#define LAZY_INIT
+
+#include <atomic>
+#include <functional>
+#include <mutex>
+#include <utility>
+
+namespace icinga
+{
+
+/**
+ * Lazy object initialization abstraction inspired from
+ * <https://docs.microsoft.com/en-us/dotnet/api/system.lazy-1?view=netframework-4.7.2>.
+ *
+ * @ingroup base
+ */
+template<class T>
+class LazyInit
+{
+public:
+	inline
+	LazyInit(std::function<T()> initializer = []() { return T(); }) : m_Initializer(std::move(initializer))
+	{
+		m_Underlying.store(nullptr, std::memory_order_release);
+	}
+
+	LazyInit(const LazyInit&) = delete;
+	LazyInit(LazyInit&&) = delete;
+	LazyInit& operator=(const LazyInit&) = delete;
+	LazyInit& operator=(LazyInit&&) = delete;
+
+	inline
+	~LazyInit()
+	{
+		auto ptr (m_Underlying.load(std::memory_order_acquire));
+
+		if (ptr != nullptr) {
+			delete ptr;
+		}
+	}
+
+	inline
+	T& Get()
+	{
+		auto ptr (m_Underlying.load(std::memory_order_acquire));
+
+		if (ptr == nullptr) {
+			std::unique_lock<std::mutex> lock (m_Mutex);
+
+			ptr = m_Underlying.load(std::memory_order_acquire);
+
+			if (ptr == nullptr) {
+				ptr = new T(m_Initializer());
+				m_Underlying.store(ptr, std::memory_order_release);
+			}
+		}
+
+		return *ptr;
+	}
+
+private:
+	std::function<T()> m_Initializer;
+	std::mutex m_Mutex;
+	std::atomic<T*> m_Underlying;
+};
+
+}
+
+#endif /* LAZY_INIT */
diff --git a/lib/base/library.cpp b/lib/base/library.cpp
index d1a4c5f06..541ed74ad 100644
--- a/lib/base/library.cpp
+++ b/lib/base/library.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/library.hpp"
 #include "base/loader.hpp"
diff --git a/lib/base/library.hpp b/lib/base/library.hpp
index 3832ab41d..6bd2065ec 100644
--- a/lib/base/library.hpp
+++ b/lib/base/library.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LIBRARY_H
 #define LIBRARY_H
diff --git a/lib/base/loader.cpp b/lib/base/loader.cpp
index a44beae76..e969f371d 100644
--- a/lib/base/loader.cpp
+++ b/lib/base/loader.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/loader.hpp"
 #include "base/logger.hpp"
diff --git a/lib/base/loader.hpp b/lib/base/loader.hpp
index d54cada10..704a32a09 100644
--- a/lib/base/loader.hpp
+++ b/lib/base/loader.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LOADER_H
 #define LOADER_H
diff --git a/lib/base/logger.cpp b/lib/base/logger.cpp
index 8c20231fb..1401975c5 100644
--- a/lib/base/logger.cpp
+++ b/lib/base/logger.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/logger.hpp"
 #include "base/logger-ti.cpp"
@@ -49,11 +32,11 @@ bool Logger::m_TimestampEnabled = true;
 LogSeverity Logger::m_ConsoleLogSeverity = LogInformation;
 
 INITIALIZE_ONCE([]() {
-	ScriptGlobal::Set("LogDebug", LogDebug);
-	ScriptGlobal::Set("LogNotice", LogNotice);
-	ScriptGlobal::Set("LogInformation", LogInformation);
-	ScriptGlobal::Set("LogWarning", LogWarning);
-	ScriptGlobal::Set("LogCritical", LogCritical);
+	ScriptGlobal::Set("System.LogDebug", LogDebug, true);
+	ScriptGlobal::Set("System.LogNotice", LogNotice, true);
+	ScriptGlobal::Set("System.LogInformation", LogInformation, true);
+	ScriptGlobal::Set("System.LogWarning", LogWarning, true);
+	ScriptGlobal::Set("System.LogCritical", LogCritical, true);
 });
 
 /**
@@ -238,10 +221,20 @@ Log::~Log()
 
 		if (entry.Severity >= logger->GetMinSeverity())
 			logger->ProcessLogEntry(entry);
+
+#ifdef I2_DEBUG /* I2_DEBUG */
+		/* Always flush, don't depend on the timer. Enable this for development sprints on Linux/macOS only. Windows crashes. */
+		//logger->Flush();
+#endif /* I2_DEBUG */
 	}
 
-	if (Logger::IsConsoleLogEnabled() && entry.Severity >= Logger::GetConsoleLogSeverity())
+	if (Logger::IsConsoleLogEnabled() && entry.Severity >= Logger::GetConsoleLogSeverity()) {
 		StreamLogger::ProcessLogEntry(std::cout, entry);
+
+		/* "Console" might be a pipe/socket (systemd, daemontools, docker, ...),
+		 * then cout will not flush lines automatically. */
+		std::cout << std::flush;
+	}
 }
 
 Log& Log::operator<<(const char *val)
diff --git a/lib/base/logger.hpp b/lib/base/logger.hpp
index 31ed6c821..4200fcc6c 100644
--- a/lib/base/logger.hpp
+++ b/lib/base/logger.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LOGGER_H
 #define LOGGER_H
diff --git a/lib/base/logger.ti b/lib/base/logger.ti
index faff9f936..df68b2540 100644
--- a/lib/base/logger.ti
+++ b/lib/base/logger.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
diff --git a/lib/base/math-script.cpp b/lib/base/math-script.cpp
index dab48a5df..21dbee411 100644
--- a/lib/base/math-script.cpp
+++ b/lib/base/math-script.cpp
@@ -1,27 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/dictionary.hpp"
 #include "base/function.hpp"
 #include "base/functionwrapper.hpp"
 #include "base/scriptframe.hpp"
 #include "base/initialize.hpp"
+#include "base/namespace.hpp"
 #include <boost/math/special_functions/round.hpp>
 #include <cmath>
 
@@ -158,40 +142,44 @@ static double MathSign(double x)
 }
 
 INITIALIZE_ONCE([]() {
-	Dictionary::Ptr mathObj = new Dictionary({
-		/* Constants */
-		{ "E", 2.71828182845904523536 },
-		{ "LN2", 0.693147180559945309417 },
-		{ "LN10", 2.30258509299404568402 },
-		{ "LOG2E", 1.44269504088896340736 },
-		{ "LOG10E", 0.434294481903251827651 },
-		{ "PI", 3.14159265358979323846 },
-		{ "SQRT1_2", 0.707106781186547524401 },
-		{ "SQRT2", 1.41421356237309504880 },
+	auto mathNSBehavior = new ConstNamespaceBehavior();
+	Namespace::Ptr mathNS = new Namespace(mathNSBehavior);
 
-		/* Methods */
-		{ "abs", new Function("Math#abs", MathAbs, { "x" }, true) },
-		{ "acos", new Function("Math#acos", MathAcos, { "x" }, true) },
-		{ "asin", new Function("Math#asin", MathAsin, { "x" }, true) },
-		{ "atan", new Function("Math#atan", MathAtan, { "x" }, true) },
-		{ "atan2", new Function("Math#atan2", MathAtan2, { "x", "y" }, true) },
-		{ "ceil", new Function("Math#ceil", MathCeil, { "x" }, true) },
-		{ "cos", new Function("Math#cos", MathCos, { "x" }, true) },
-		{ "exp", new Function("Math#exp", MathExp, { "x" }, true) },
-		{ "floor", new Function("Math#floor", MathFloor, { "x" }, true) },
-		{ "log", new Function("Math#log", MathLog, { "x" }, true) },
-		{ "max", new Function("Math#max", MathMax, {}, true) },
-		{ "min", new Function("Math#min", MathMin, {}, true) },
-		{ "pow", new Function("Math#pow", MathPow, { "x", "y" }, true) },
-		{ "random", new Function("Math#random", MathRandom, {}, true) },
-		{ "round", new Function("Math#round", MathRound, { "x" }, true) },
-		{ "sin", new Function("Math#sin", MathSin, { "x" }, true) },
-		{ "sqrt", new Function("Math#sqrt", MathSqrt, { "x" }, true) },
-		{ "tan", new Function("Math#tan", MathTan, { "x" }, true) },
-		{ "isnan", new Function("Math#isnan", MathIsnan, { "x" }, true) },
-		{ "isinf", new Function("Math#isinf", MathIsinf, { "x" }, true) },
-		{ "sign", new Function("Math#sign", MathSign, { "x" }, true) }
-	});
+	/* Constants */
+	mathNS->Set("E", 2.71828182845904523536);
+	mathNS->Set("LN2", 0.693147180559945309417);
+	mathNS->Set("LN10", 2.30258509299404568402);
+	mathNS->Set("LOG2E", 1.44269504088896340736);
+	mathNS->Set("LOG10E", 0.434294481903251827651);
+	mathNS->Set("PI", 3.14159265358979323846);
+	mathNS->Set("SQRT1_2", 0.707106781186547524401);
+	mathNS->Set("SQRT2", 1.41421356237309504880);
 
-	ScriptGlobal::Set("Math", mathObj);
+	/* Methods */
+	mathNS->Set("abs", new Function("Math#abs", MathAbs, { "x" }, true));
+	mathNS->Set("acos", new Function("Math#acos", MathAcos, { "x" }, true));
+	mathNS->Set("asin", new Function("Math#asin", MathAsin, { "x" }, true));
+	mathNS->Set("atan", new Function("Math#atan", MathAtan, { "x" }, true));
+	mathNS->Set("atan2", new Function("Math#atan2", MathAtan2, { "x", "y" }, true));
+	mathNS->Set("ceil", new Function("Math#ceil", MathCeil, { "x" }, true));
+	mathNS->Set("cos", new Function("Math#cos", MathCos, { "x" }, true));
+	mathNS->Set("exp", new Function("Math#exp", MathExp, { "x" }, true));
+	mathNS->Set("floor", new Function("Math#floor", MathFloor, { "x" }, true));
+	mathNS->Set("log", new Function("Math#log", MathLog, { "x" }, true));
+	mathNS->Set("max", new Function("Math#max", MathMax, {}, true));
+	mathNS->Set("min", new Function("Math#min", MathMin, {}, true));
+	mathNS->Set("pow", new Function("Math#pow", MathPow, { "x", "y" }, true));
+	mathNS->Set("random", new Function("Math#random", MathRandom, {}, true));
+	mathNS->Set("round", new Function("Math#round", MathRound, { "x" }, true));
+	mathNS->Set("sin", new Function("Math#sin", MathSin, { "x" }, true));
+	mathNS->Set("sqrt", new Function("Math#sqrt", MathSqrt, { "x" }, true));
+	mathNS->Set("tan", new Function("Math#tan", MathTan, { "x" }, true));
+	mathNS->Set("isnan", new Function("Math#isnan", MathIsnan, { "x" }, true));
+	mathNS->Set("isinf", new Function("Math#isinf", MathIsinf, { "x" }, true));
+	mathNS->Set("sign", new Function("Math#sign", MathSign, { "x" }, true));
+
+	mathNSBehavior->Freeze();
+
+	Namespace::Ptr systemNS = ScriptGlobal::Get("System");
+	systemNS->SetAttribute("Math", std::make_shared<ConstEmbeddedNamespaceValue>(mathNS));
 });
diff --git a/lib/base/namespace-script.cpp b/lib/base/namespace-script.cpp
new file mode 100644
index 000000000..29d23a000
--- /dev/null
+++ b/lib/base/namespace-script.cpp
@@ -0,0 +1,84 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/namespace.hpp"
+#include "base/function.hpp"
+#include "base/functionwrapper.hpp"
+#include "base/scriptframe.hpp"
+#include "base/array.hpp"
+
+using namespace icinga;
+
+static void NamespaceSet(const String& key, const Value& value)
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Namespace::Ptr self = static_cast<Namespace::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+	self->Set(key, value);
+}
+
+static Value NamespaceGet(const String& key)
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Namespace::Ptr self = static_cast<Namespace::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+	return self->Get(key);
+}
+
+static void NamespaceRemove(const String& key)
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Namespace::Ptr self = static_cast<Namespace::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+	self->Remove(key);
+}
+
+static bool NamespaceContains(const String& key)
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Namespace::Ptr self = static_cast<Namespace::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+	return self->Contains(key);
+}
+
+static Array::Ptr NamespaceKeys()
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Namespace::Ptr self = static_cast<Namespace::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+
+	ArrayData keys;
+	ObjectLock olock(self);
+	for (const Namespace::Pair& kv : self) {
+		keys.push_back(kv.first);
+	}
+	return new Array(std::move(keys));
+}
+
+static Array::Ptr NamespaceValues()
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Namespace::Ptr self = static_cast<Namespace::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+
+	ArrayData values;
+	ObjectLock olock(self);
+	for (const Namespace::Pair& kv : self) {
+		values.push_back(kv.second->Get());
+	}
+	return new Array(std::move(values));
+}
+
+Object::Ptr Namespace::GetPrototype()
+{
+	static Dictionary::Ptr prototype = new Dictionary({
+		{ "set", new Function("Namespace#set", NamespaceSet, { "key", "value" }) },
+		{ "get", new Function("Namespace#get", NamespaceGet, { "key" }) },
+		{ "remove", new Function("Namespace#remove", NamespaceRemove, { "key" }) },
+		{ "contains", new Function("Namespace#contains", NamespaceContains, { "key" }, true) },
+		{ "keys", new Function("Namespace#keys", NamespaceKeys, {}, true) },
+		{ "values", new Function("Namespace#values", NamespaceValues, {}, true) },
+	});
+
+	return prototype;
+}
+
diff --git a/lib/base/namespace.cpp b/lib/base/namespace.cpp
new file mode 100644
index 000000000..c02ac95e6
--- /dev/null
+++ b/lib/base/namespace.cpp
@@ -0,0 +1,224 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/namespace.hpp"
+#include "base/objectlock.hpp"
+#include "base/debug.hpp"
+#include "base/primitivetype.hpp"
+#include "base/debuginfo.hpp"
+#include "base/exception.hpp"
+#include <sstream>
+
+using namespace icinga;
+
+template class std::map<icinga::String, std::shared_ptr<icinga::NamespaceValue> >;
+
+REGISTER_PRIMITIVE_TYPE(Namespace, Object, Namespace::GetPrototype());
+
+Namespace::Namespace(NamespaceBehavior *behavior)
+	: m_Behavior(std::unique_ptr<NamespaceBehavior>(behavior))
+{ }
+
+Value Namespace::Get(const String& field) const
+{
+	ObjectLock olock(this);
+
+	Value value;
+	if (!GetOwnField(field, &value))
+		BOOST_THROW_EXCEPTION(ScriptError("Namespace does not contain field '" + field + "'"));
+	return value;
+}
+
+bool Namespace::Get(const String& field, Value *value) const
+{
+	ObjectLock olock(this);
+
+	auto nsVal = GetAttribute(field);
+
+	if (!nsVal)
+		return false;
+
+	*value =  nsVal->Get(DebugInfo());
+	return true;
+}
+
+void Namespace::Set(const String& field, const Value& value, bool overrideFrozen)
+{
+	ObjectLock olock(this);
+
+	return SetFieldByName(field, value, overrideFrozen, DebugInfo());
+}
+
+bool Namespace::Contains(const String& field) const
+{
+	ObjectLock olock(this);
+
+	return HasOwnField(field);
+}
+
+void Namespace::Remove(const String& field, bool overrideFrozen)
+{
+	ObjectLock olock(this);
+
+	m_Behavior->Remove(this, field, overrideFrozen);
+}
+
+void Namespace::RemoveAttribute(const String& field)
+{
+	ObjectLock olock(this);
+
+	Namespace::Iterator it;
+	it = m_Data.find(field);
+
+	if (it == m_Data.end())
+		return;
+
+	m_Data.erase(it);
+}
+
+std::shared_ptr<NamespaceValue> Namespace::GetAttribute(const String& key) const
+{
+	ObjectLock olock(this);
+
+	auto it = m_Data.find(key);
+
+	if (it == m_Data.end())
+		return nullptr;
+
+	return it->second;
+}
+
+void Namespace::SetAttribute(const String& key, const std::shared_ptr<NamespaceValue>& nsVal)
+{
+	ObjectLock olock(this);
+
+	m_Data[key] = nsVal;
+}
+
+Value Namespace::GetFieldByName(const String& field, bool, const DebugInfo& debugInfo) const
+{
+	ObjectLock olock(this);
+
+	auto nsVal = GetAttribute(field);
+
+	if (nsVal)
+		return nsVal->Get(debugInfo);
+	else
+		return GetPrototypeField(const_cast<Namespace *>(this), field, false, debugInfo); /* Ignore indexer not found errors similar to the Dictionary class. */
+}
+
+void Namespace::SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo)
+{
+	ObjectLock olock(this);
+
+	auto nsVal = GetAttribute(field);
+
+	if (!nsVal)
+		m_Behavior->Register(this, field, value, overrideFrozen, debugInfo);
+	else
+		nsVal->Set(value, overrideFrozen, debugInfo);
+}
+
+bool Namespace::HasOwnField(const String& field) const
+{
+	ObjectLock olock(this);
+
+	return GetAttribute(field) != nullptr;
+}
+
+bool Namespace::GetOwnField(const String& field, Value *result) const
+{
+	ObjectLock olock(this);
+
+	auto nsVal = GetAttribute(field);
+
+	if (!nsVal)
+		return false;
+
+	*result = nsVal->Get(DebugInfo());
+	return true;
+}
+
+EmbeddedNamespaceValue::EmbeddedNamespaceValue(const Value& value)
+	: m_Value(value)
+{ }
+
+Value EmbeddedNamespaceValue::Get(const DebugInfo& debugInfo) const
+{
+	return m_Value;
+}
+
+void EmbeddedNamespaceValue::Set(const Value& value, bool, const DebugInfo&)
+{
+	m_Value = value;
+}
+
+void ConstEmbeddedNamespaceValue::Set(const Value& value, bool overrideFrozen, const DebugInfo& debugInfo)
+{
+	if (!overrideFrozen)
+		BOOST_THROW_EXCEPTION(ScriptError("Constant must not be modified.", debugInfo));
+
+	EmbeddedNamespaceValue::Set(value, overrideFrozen, debugInfo);
+}
+
+void NamespaceBehavior::Register(const Namespace::Ptr& ns, const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) const
+{
+	ns->SetAttribute(field, std::make_shared<EmbeddedNamespaceValue>(value));
+}
+
+void NamespaceBehavior::Remove(const Namespace::Ptr& ns, const String& field, bool overrideFrozen)
+{
+	if (!overrideFrozen) {
+		auto attr = ns->GetAttribute(field);
+
+		if (dynamic_pointer_cast<ConstEmbeddedNamespaceValue>(attr))
+			BOOST_THROW_EXCEPTION(ScriptError("Constants must not be removed."));
+	}
+
+	ns->RemoveAttribute(field);
+}
+
+void ConstNamespaceBehavior::Register(const Namespace::Ptr& ns, const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) const
+{
+	if (m_Frozen && !overrideFrozen)
+		BOOST_THROW_EXCEPTION(ScriptError("Namespace is read-only and must not be modified.", debugInfo));
+
+	ns->SetAttribute(field, std::make_shared<ConstEmbeddedNamespaceValue>(value));
+}
+
+void ConstNamespaceBehavior::Remove(const Namespace::Ptr& ns, const String& field, bool overrideFrozen)
+{
+	if (m_Frozen && !overrideFrozen)
+		BOOST_THROW_EXCEPTION(ScriptError("Namespace is read-only and must not be modified."));
+
+	NamespaceBehavior::Remove(ns, field, overrideFrozen);
+}
+
+void ConstNamespaceBehavior::Freeze()
+{
+	m_Frozen = true;
+}
+
+Namespace::Iterator Namespace::Begin()
+{
+	ASSERT(OwnsLock());
+
+	return m_Data.begin();
+}
+
+Namespace::Iterator Namespace::End()
+{
+	ASSERT(OwnsLock());
+
+	return m_Data.end();
+}
+
+Namespace::Iterator icinga::begin(const Namespace::Ptr& x)
+{
+	return x->Begin();
+}
+
+Namespace::Iterator icinga::end(const Namespace::Ptr& x)
+{
+	return x->End();
+}
+
diff --git a/lib/base/namespace.hpp b/lib/base/namespace.hpp
new file mode 100644
index 000000000..6b2e92018
--- /dev/null
+++ b/lib/base/namespace.hpp
@@ -0,0 +1,107 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef NAMESPACE_H
+#define NAMESPACE_H
+
+#include "base/i2-base.hpp"
+#include "base/object.hpp"
+#include "base/value.hpp"
+#include "base/debuginfo.hpp"
+#include <map>
+#include <vector>
+#include <memory>
+
+namespace icinga
+{
+
+struct NamespaceValue
+{
+	virtual Value Get(const DebugInfo& debugInfo = DebugInfo()) const = 0;
+	virtual void Set(const Value& value, bool overrideFrozen, const DebugInfo& debugInfo = DebugInfo()) = 0;
+};
+
+struct EmbeddedNamespaceValue : public NamespaceValue
+{
+	EmbeddedNamespaceValue(const Value& value);
+
+	Value Get(const DebugInfo& debugInfo) const override;
+	void Set(const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) override;
+
+private:
+	Value m_Value;
+};
+
+struct ConstEmbeddedNamespaceValue : public EmbeddedNamespaceValue
+{
+	using EmbeddedNamespaceValue::EmbeddedNamespaceValue;
+
+	void Set(const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) override;
+};
+
+class Namespace;
+
+struct NamespaceBehavior
+{
+	virtual void Register(const boost::intrusive_ptr<Namespace>& ns, const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) const;
+	virtual void Remove(const boost::intrusive_ptr<Namespace>& ns, const String& field, bool overrideFrozen);
+};
+
+struct ConstNamespaceBehavior : public NamespaceBehavior
+{
+	void Register(const boost::intrusive_ptr<Namespace>& ns, const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) const override;
+	void Remove(const boost::intrusive_ptr<Namespace>& ns, const String& field, bool overrideFrozen) override;
+	void Freeze();
+
+private:
+	bool m_Frozen;
+};
+
+/**
+ * A namespace.
+ *
+ * @ingroup base
+ */
+class Namespace final : public Object
+{
+public:
+	DECLARE_OBJECT(Namespace);
+
+	typedef std::map<String, std::shared_ptr<NamespaceValue> >::iterator Iterator;
+
+	typedef std::map<String, std::shared_ptr<NamespaceValue> >::value_type Pair;
+
+	Namespace(NamespaceBehavior *behavior = new NamespaceBehavior);
+
+	Value Get(const String& field) const;
+	bool Get(const String& field, Value *value) const;
+	void Set(const String& field, const Value& value, bool overrideFrozen = false);
+	bool Contains(const String& field) const;
+	void Remove(const String& field, bool overrideFrozen = false);
+
+	std::shared_ptr<NamespaceValue> GetAttribute(const String& field) const;
+	void SetAttribute(const String& field, const std::shared_ptr<NamespaceValue>& nsVal);
+	void RemoveAttribute(const String& field);
+
+	Iterator Begin();
+	Iterator End();
+
+	Value GetFieldByName(const String& field, bool sandboxed, const DebugInfo& debugInfo) const override;
+	void SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo) override;
+	bool HasOwnField(const String& field) const override;
+	bool GetOwnField(const String& field, Value *result) const override;
+
+	static Object::Ptr GetPrototype();
+
+private:
+	std::map<String, std::shared_ptr<NamespaceValue> > m_Data;
+	std::unique_ptr<NamespaceBehavior> m_Behavior;
+};
+
+Namespace::Iterator begin(const Namespace::Ptr& x);
+Namespace::Iterator end(const Namespace::Ptr& x);
+
+}
+
+extern template class std::map<icinga::String, std::shared_ptr<icinga::NamespaceValue> >;
+
+#endif /* NAMESPACE_H */
diff --git a/lib/base/netstring.cpp b/lib/base/netstring.cpp
index 7d11d8928..2be7675a7 100644
--- a/lib/base/netstring.cpp
+++ b/lib/base/netstring.cpp
@@ -1,25 +1,16 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/netstring.hpp"
 #include "base/debug.hpp"
+#include "base/tlsstream.hpp"
+#include <cstdint>
+#include <memory>
 #include <sstream>
+#include <utility>
+#include <boost/asio/buffer.hpp>
+#include <boost/asio/read.hpp>
+#include <boost/asio/spawn.hpp>
+#include <boost/asio/write.hpp>
 
 using namespace icinga;
 
@@ -85,7 +76,7 @@ StreamReadStatus NetString::ReadStringFromStream(const Stream::Ptr& stream, Stri
 	/* read the whole message */
 	size_t data_length = len + 1;
 
-	if (maxMessageLength >= 0 && data_length > maxMessageLength) {
+	if (maxMessageLength >= 0 && data_length > (size_t)maxMessageLength) {
 		std::stringstream errorMessage;
 		errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024) << " KB";
 
@@ -127,6 +118,210 @@ size_t NetString::WriteStringToStream(const Stream::Ptr& stream, const String& s
 	return msg.GetLength();
 }
 
+/**
+ * Reads data from a stream in netstring format.
+ *
+ * @param stream The stream to read from.
+ * @returns The String that has been read from the IOQueue.
+ * @exception invalid_argument The input stream is invalid.
+ * @see https://github.com/PeterScott/netstring-c/blob/master/netstring.c
+ */
+String NetString::ReadStringFromStream(const std::shared_ptr<AsioTlsStream>& stream,
+	ssize_t maxMessageLength)
+{
+	namespace asio = boost::asio;
+
+	size_t len = 0;
+	bool leadingZero = false;
+
+	for (uint_fast8_t readBytes = 0;; ++readBytes) {
+		char byte = 0;
+
+		{
+			asio::mutable_buffer byteBuf (&byte, 1);
+			asio::read(*stream, byteBuf);
+		}
+
+		if (isdigit(byte)) {
+			if (readBytes == 9) {
+				BOOST_THROW_EXCEPTION(std::invalid_argument("Length specifier must not exceed 9 characters"));
+			}
+
+			if (leadingZero) {
+				BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (leading zero)"));
+			}
+
+			len = len * 10u + size_t(byte - '0');
+
+			if (!readBytes && byte == '0') {
+				leadingZero = true;
+			}
+		} else if (byte == ':') {
+			if (!readBytes) {
+				BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (no length specifier)"));
+			}
+
+			break;
+		} else {
+			BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (missing :)"));
+		}
+	}
+
+	if (maxMessageLength >= 0 && len > maxMessageLength) {
+		std::stringstream errorMessage;
+		errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024) << " KB";
+
+		BOOST_THROW_EXCEPTION(std::invalid_argument(errorMessage.str()));
+	}
+
+	String payload;
+
+	if (len) {
+		payload.Append(len, 0);
+
+		asio::mutable_buffer payloadBuf (&*payload.Begin(), payload.GetLength());
+		asio::read(*stream, payloadBuf);
+	}
+
+	char trailer = 0;
+
+	{
+		asio::mutable_buffer trailerBuf (&trailer, 1);
+		asio::read(*stream, trailerBuf);
+	}
+
+	if (trailer != ',') {
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (missing ,)"));
+	}
+
+	return std::move(payload);
+}
+
+/**
+ * Reads data from a stream in netstring format.
+ *
+ * @param stream The stream to read from.
+ * @returns The String that has been read from the IOQueue.
+ * @exception invalid_argument The input stream is invalid.
+ * @see https://github.com/PeterScott/netstring-c/blob/master/netstring.c
+ */
+String NetString::ReadStringFromStream(const std::shared_ptr<AsioTlsStream>& stream,
+	boost::asio::yield_context yc, ssize_t maxMessageLength)
+{
+	namespace asio = boost::asio;
+
+	size_t len = 0;
+	bool leadingZero = false;
+
+	for (uint_fast8_t readBytes = 0;; ++readBytes) {
+		char byte = 0;
+
+		{
+			asio::mutable_buffer byteBuf (&byte, 1);
+			asio::async_read(*stream, byteBuf, yc);
+		}
+
+		if (isdigit(byte)) {
+			if (readBytes == 9) {
+				BOOST_THROW_EXCEPTION(std::invalid_argument("Length specifier must not exceed 9 characters"));
+			}
+
+			if (leadingZero) {
+				BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (leading zero)"));
+			}
+
+			len = len * 10u + size_t(byte - '0');
+
+			if (!readBytes && byte == '0') {
+				leadingZero = true;
+			}
+		} else if (byte == ':') {
+			if (!readBytes) {
+				BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (no length specifier)"));
+			}
+
+			break;
+		} else {
+			BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (missing :)"));
+		}
+	}
+
+	if (maxMessageLength >= 0 && len > maxMessageLength) {
+		std::stringstream errorMessage;
+		errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024) << " KB";
+
+		BOOST_THROW_EXCEPTION(std::invalid_argument(errorMessage.str()));
+	}
+
+	String payload;
+
+	if (len) {
+		payload.Append(len, 0);
+
+		asio::mutable_buffer payloadBuf (&*payload.Begin(), payload.GetLength());
+		asio::async_read(*stream, payloadBuf, yc);
+	}
+
+	char trailer = 0;
+
+	{
+		asio::mutable_buffer trailerBuf (&trailer, 1);
+		asio::async_read(*stream, trailerBuf, yc);
+	}
+
+	if (trailer != ',') {
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid NetString (missing ,)"));
+	}
+
+	return std::move(payload);
+}
+
+/**
+ * Writes data into a stream using the netstring format and returns bytes written.
+ *
+ * @param stream The stream.
+ * @param str The String that is to be written.
+ *
+ * @return The amount of bytes written.
+ */
+size_t NetString::WriteStringToStream(const std::shared_ptr<AsioTlsStream>& stream, const String& str)
+{
+	namespace asio = boost::asio;
+
+	std::ostringstream msgbuf;
+	WriteStringToStream(msgbuf, str);
+
+	String msg = msgbuf.str();
+	asio::const_buffer msgBuf (msg.CStr(), msg.GetLength());
+
+	asio::write(*stream, msgBuf);
+
+	return msg.GetLength();
+}
+
+/**
+ * Writes data into a stream using the netstring format and returns bytes written.
+ *
+ * @param stream The stream.
+ * @param str The String that is to be written.
+ *
+ * @return The amount of bytes written.
+ */
+size_t NetString::WriteStringToStream(const std::shared_ptr<AsioTlsStream>& stream, const String& str, boost::asio::yield_context yc)
+{
+	namespace asio = boost::asio;
+
+	std::ostringstream msgbuf;
+	WriteStringToStream(msgbuf, str);
+
+	String msg = msgbuf.str();
+	asio::const_buffer msgBuf (msg.CStr(), msg.GetLength());
+
+	asio::async_write(*stream, msgBuf, yc);
+
+	return msg.GetLength();
+}
+
 /**
  * Writes data into a stream using the netstring format.
  *
diff --git a/lib/base/netstring.hpp b/lib/base/netstring.hpp
index 1daaa979a..2d2435907 100644
--- a/lib/base/netstring.hpp
+++ b/lib/base/netstring.hpp
@@ -1,27 +1,13 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NETSTRING_H
 #define NETSTRING_H
 
 #include "base/i2-base.hpp"
 #include "base/stream.hpp"
+#include "base/tlsstream.hpp"
+#include <memory>
+#include <boost/asio/spawn.hpp>
 
 namespace icinga
 {
@@ -40,7 +26,12 @@ class NetString
 public:
 	static StreamReadStatus ReadStringFromStream(const Stream::Ptr& stream, String *message, StreamReadContext& context,
 		bool may_wait = false, ssize_t maxMessageLength = -1);
+	static String ReadStringFromStream(const std::shared_ptr<AsioTlsStream>& stream, ssize_t maxMessageLength = -1);
+	static String ReadStringFromStream(const std::shared_ptr<AsioTlsStream>& stream,
+		boost::asio::yield_context yc, ssize_t maxMessageLength = -1);
 	static size_t WriteStringToStream(const Stream::Ptr& stream, const String& message);
+	static size_t WriteStringToStream(const std::shared_ptr<AsioTlsStream>& stream, const String& message);
+	static size_t WriteStringToStream(const std::shared_ptr<AsioTlsStream>& stream, const String& message, boost::asio::yield_context yc);
 	static void WriteStringToStream(std::ostream& stream, const String& message);
 
 private:
diff --git a/lib/base/networkstream.cpp b/lib/base/networkstream.cpp
index 4752b3fbf..57da507d8 100644
--- a/lib/base/networkstream.cpp
+++ b/lib/base/networkstream.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/networkstream.hpp"
 
diff --git a/lib/base/networkstream.hpp b/lib/base/networkstream.hpp
index edbd32f1c..453d7ad0b 100644
--- a/lib/base/networkstream.hpp
+++ b/lib/base/networkstream.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NETWORKSTREAM_H
 #define NETWORKSTREAM_H
@@ -28,7 +11,7 @@ namespace icinga
 {
 
 /**
- * A network stream.
+ * A network stream. DEPRECATED - Use Boost ASIO instead.
  *
  * @ingroup base
  */
diff --git a/lib/base/number-script.cpp b/lib/base/number-script.cpp
index 8ec9ae554..0dcaca58b 100644
--- a/lib/base/number-script.cpp
+++ b/lib/base/number-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/number.hpp"
 #include "base/convert.hpp"
diff --git a/lib/base/number.cpp b/lib/base/number.cpp
index 8a2a7ff6e..a33651988 100644
--- a/lib/base/number.cpp
+++ b/lib/base/number.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/number.hpp"
 #include "base/primitivetype.hpp"
diff --git a/lib/base/number.hpp b/lib/base/number.hpp
index 239ec299a..dd5196f98 100644
--- a/lib/base/number.hpp
+++ b/lib/base/number.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NUMBER_H
 #define NUMBER_H
diff --git a/lib/base/object-packer.cpp b/lib/base/object-packer.cpp
new file mode 100644
index 000000000..024325e3d
--- /dev/null
+++ b/lib/base/object-packer.cpp
@@ -0,0 +1,247 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/object-packer.hpp"
+#include "base/debug.hpp"
+#include "base/dictionary.hpp"
+#include "base/array.hpp"
+#include "base/objectlock.hpp"
+#include "base/stringbuilder.hpp"
+#include <algorithm>
+#include <climits>
+#include <cstdint>
+#include <utility>
+#include <vector>
+
+using namespace icinga;
+
+union EndiannessDetector
+{
+	EndiannessDetector()
+	{
+		i = 1;
+	}
+
+	int i;
+	char buf[sizeof(int)];
+};
+
+static const EndiannessDetector l_EndiannessDetector;
+
+// Assumption: The compiler will optimize (away) if/else statements using this.
+#define MACHINE_LITTLE_ENDIAN (l_EndiannessDetector.buf[0])
+
+static void PackAny(const Value& value, StringBuilder& builder);
+
+/**
+ * std::swap() seems not to work
+ */
+static inline void SwapBytes(char& a, char& b)
+{
+	char c = a;
+	a = b;
+	b = c;
+}
+
+#if CHAR_MIN != 0
+union CharU2SConverter
+{
+	CharU2SConverter()
+	{
+		s = 0;
+	}
+
+	unsigned char u;
+	signed char s;
+};
+#endif
+
+/**
+ * Avoid implementation-defined overflows during unsigned to signed casts
+ */
+static inline char UIntToByte(unsigned i)
+{
+#if CHAR_MIN == 0
+	return i;
+#else
+	CharU2SConverter converter;
+
+	converter.u = i;
+	return converter.s;
+#endif
+}
+
+/**
+ * Append the given int as big-endian 64-bit unsigned int
+ */
+static inline void PackUInt64BE(uint_least64_t i, StringBuilder& builder)
+{
+	char buf[8] = {
+		UIntToByte(i >> 56u),
+		UIntToByte((i >> 48u) & 255u),
+		UIntToByte((i >> 40u) & 255u),
+		UIntToByte((i >> 32u) & 255u),
+		UIntToByte((i >> 24u) & 255u),
+		UIntToByte((i >> 16u) & 255u),
+		UIntToByte((i >> 8u) & 255u),
+		UIntToByte(i & 255u)
+	};
+
+	builder.Append((char*)buf, (char*)buf + 8);
+}
+
+union Double2BytesConverter
+{
+	Double2BytesConverter()
+	{
+		buf[0] = 0;
+		buf[1] = 0;
+		buf[2] = 0;
+		buf[3] = 0;
+		buf[4] = 0;
+		buf[5] = 0;
+		buf[6] = 0;
+		buf[7] = 0;
+	}
+
+	double f;
+	char buf[8];
+};
+
+/**
+ * Append the given double as big-endian IEEE 754 binary64
+ */
+static inline void PackFloat64BE(double f, StringBuilder& builder)
+{
+	Double2BytesConverter converter;
+
+	converter.f = f;
+
+	if (MACHINE_LITTLE_ENDIAN) {
+		SwapBytes(converter.buf[0], converter.buf[7]);
+		SwapBytes(converter.buf[1], converter.buf[6]);
+		SwapBytes(converter.buf[2], converter.buf[5]);
+		SwapBytes(converter.buf[3], converter.buf[4]);
+	}
+
+	builder.Append((char*)converter.buf, (char*)converter.buf + 8);
+}
+
+/**
+ * Append the given string's length (BE uint64) and the string itself
+ */
+static inline void PackString(const String& string, StringBuilder& builder)
+{
+	PackUInt64BE(string.GetLength(), builder);
+	builder.Append(string);
+}
+
+/**
+ * Append the given array
+ */
+static inline void PackArray(const Array::Ptr& arr, StringBuilder& builder)
+{
+	ObjectLock olock(arr);
+
+	builder.Append('\5');
+	PackUInt64BE(arr->GetLength(), builder);
+
+	for (const Value& value : arr) {
+		PackAny(value, builder);
+	}
+}
+
+/**
+ * Append the given dictionary
+ */
+static inline void PackDictionary(const Dictionary::Ptr& dict, StringBuilder& builder)
+{
+	ObjectLock olock(dict);
+
+	builder.Append('\6');
+	PackUInt64BE(dict->GetLength(), builder);
+
+	for (const Dictionary::Pair& kv : dict) {
+		PackString(kv.first, builder);
+		PackAny(kv.second, builder);
+	}
+}
+
+/**
+ * Append any JSON-encodable value
+ */
+static void PackAny(const Value& value, StringBuilder& builder)
+{
+	switch (value.GetType()) {
+		case ValueString:
+			builder.Append('\4');
+			PackString(value.Get<String>(), builder);
+			break;
+
+		case ValueNumber:
+			builder.Append('\3');
+			PackFloat64BE(value.Get<double>(), builder);
+			break;
+
+		case ValueBoolean:
+			builder.Append(value.ToBool() ? '\2' : '\1');
+			break;
+
+		case ValueEmpty:
+			builder.Append('\0');
+			break;
+
+		case ValueObject:
+			{
+				const Object::Ptr& obj = value.Get<Object::Ptr>();
+
+				Dictionary::Ptr dict = dynamic_pointer_cast<Dictionary>(obj);
+				if (dict) {
+					PackDictionary(dict, builder);
+					break;
+				}
+
+				Array::Ptr arr = dynamic_pointer_cast<Array>(obj);
+				if (arr) {
+					PackArray(arr, builder);
+					break;
+				}
+			}
+
+			builder.Append('\0');
+			break;
+
+		default:
+			VERIFY(!"Invalid variant type.");
+	}
+}
+
+/**
+ * Pack any JSON-encodable value to a BSON-similar structure suitable for consistent hashing
+ *
+ * Spec:
+ *   null: 0x00
+ *   false: 0x01
+ *   true: 0x02
+ *   number: 0x03 (ieee754_binary64_bigendian)payload
+ *   string: 0x04 (uint64_bigendian)payload.length (char[])payload
+ *   array: 0x05 (uint64_bigendian)payload.length (any[])payload
+ *   object: 0x06 (uint64_bigendian)payload.length (keyvalue[])payload.sort()
+ *
+ *   any: null|false|true|number|string|array|object
+ *   keyvalue: (uint64_bigendian)key.length (char[])key (any)value
+ *
+ * Assumptions:
+ *   - double is IEEE 754 binary64
+ *   - all int types (signed and unsigned) and all float types share the same endianness
+ *   - char is exactly 8 bits wide and one char is exactly one byte affected by the machine endianness
+ *   - all input strings, arrays and dictionaries are at most 2^64-1 long
+ *
+ * If not, this function will silently produce invalid results.
+ */
+String icinga::PackObject(const Value& value)
+{
+	StringBuilder builder;
+	PackAny(value, builder);
+
+	return builder.ToString();
+}
diff --git a/lib/base/object-packer.hpp b/lib/base/object-packer.hpp
new file mode 100644
index 000000000..00f7b998b
--- /dev/null
+++ b/lib/base/object-packer.hpp
@@ -0,0 +1,18 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef OBJECT_PACKER
+#define OBJECT_PACKER
+
+#include "base/i2-base.hpp"
+
+namespace icinga
+{
+
+class String;
+class Value;
+
+String PackObject(const Value& value);
+
+}
+
+#endif /* OBJECT_PACKER */
diff --git a/lib/base/object-script.cpp b/lib/base/object-script.cpp
index 6db6374e8..fff7df0c9 100644
--- a/lib/base/object-script.cpp
+++ b/lib/base/object-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/object.hpp"
 #include "base/dictionary.hpp"
diff --git a/lib/base/object.cpp b/lib/base/object.cpp
index b1fff79d2..72f99adaf 100644
--- a/lib/base/object.cpp
+++ b/lib/base/object.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/object.hpp"
 #include "base/value.hpp"
@@ -27,6 +10,7 @@
 #include "base/exception.hpp"
 #include <boost/lexical_cast.hpp>
 #include <boost/thread/recursive_mutex.hpp>
+#include <thread>
 
 using namespace icinga;
 
@@ -38,12 +22,23 @@ static std::map<String, int> l_ObjectCounts;
 static Timer::Ptr l_ObjectCountTimer;
 #endif /* I2_LEAK_DEBUG */
 
+/**
+ * Constructor for the Object class.
+ */
+Object::Object()
+{
+	m_References.store(0);
+
+#ifdef I2_DEBUG
+	m_LockOwner.store(decltype(m_LockOwner.load())());
+#endif /* I2_DEBUG */
+}
+
 /**
  * Destructor for the Object class.
  */
 Object::~Object()
 {
-	delete reinterpret_cast<boost::recursive_mutex *>(m_Mutex);
 }
 
 /**
@@ -62,15 +57,7 @@ String Object::ToString() const
  */
 bool Object::OwnsLock() const
 {
-#ifdef _WIN32
-	DWORD tid = InterlockedExchangeAdd(&m_LockOwner, 0);
-
-	return (tid == GetCurrentThreadId());
-#else /* _WIN32 */
-	pthread_t tid = __sync_fetch_and_add(&m_LockOwner, 0);
-
-	return (tid == pthread_self());
-#endif /* _WIN32 */
+	return m_LockOwner.load() == std::this_thread::get_id();
 }
 #endif /* I2_DEBUG */
 
@@ -138,7 +125,7 @@ Value Object::GetFieldByName(const String& field, bool sandboxed, const DebugInf
 	return GetField(fid);
 }
 
-void Object::SetFieldByName(const String& field, const Value& value, const DebugInfo& debugInfo)
+void Object::SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo)
 {
 	Type::Ptr type = GetReflectionType();
 
@@ -255,28 +242,18 @@ INITIALIZE_ONCE([]() {
 void icinga::intrusive_ptr_add_ref(Object *object)
 {
 #ifdef I2_LEAK_DEBUG
-	if (object->m_References == 0)
+	if (object->m_References.fetch_add(1) == 0u)
 		TypeAddObject(object);
+#else /* I2_LEAK_DEBUG */
+	object->m_References.fetch_add(1);
 #endif /* I2_LEAK_DEBUG */
-
-#ifdef _WIN32
-	InterlockedIncrement(&object->m_References);
-#else /* _WIN32 */
-	__sync_add_and_fetch(&object->m_References, 1);
-#endif /* _WIN32 */
 }
 
 void icinga::intrusive_ptr_release(Object *object)
 {
-	uintptr_t refs;
+	auto previous (object->m_References.fetch_sub(1));
 
-#ifdef _WIN32
-	refs = InterlockedDecrement(&object->m_References);
-#else /* _WIN32 */
-	refs = __sync_sub_and_fetch(&object->m_References, 1);
-#endif /* _WIN32 */
-
-	if (unlikely(refs == 0)) {
+	if (previous == 1u) {
 #ifdef I2_LEAK_DEBUG
 		TypeRemoveObject(object);
 #endif /* I2_LEAK_DEBUG */
diff --git a/lib/base/object.hpp b/lib/base/object.hpp
index a29e4f73b..5a90cfa64 100644
--- a/lib/base/object.hpp
+++ b/lib/base/object.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECT_H
 #define OBJECT_H
@@ -23,6 +6,11 @@
 #include "base/i2-base.hpp"
 #include "base/debug.hpp"
 #include <boost/smart_ptr/intrusive_ptr.hpp>
+#include <atomic>
+#include <cstddef>
+#include <cstdint>
+#include <mutex>
+#include <thread>
 #include <vector>
 
 using boost::intrusive_ptr;
@@ -170,7 +158,7 @@ class Object
 public:
 	DECLARE_PTR_TYPEDEFS(Object);
 
-	Object() = default;
+	Object();
 	virtual ~Object();
 
 	virtual String ToString() const;
@@ -182,7 +170,7 @@ public:
 	virtual void SetField(int id, const Value& value, bool suppress_events = false, const Value& cookie = Empty);
 	virtual Value GetField(int id) const;
 	virtual Value GetFieldByName(const String& field, bool sandboxed, const DebugInfo& debugInfo) const;
-	virtual void SetFieldByName(const String& field, const Value& value, const DebugInfo& debugInfo);
+	virtual void SetFieldByName(const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo);
 	virtual bool HasOwnField(const String& field) const;
 	virtual bool GetOwnField(const String& field, Value *result) const;
 	virtual void ValidateField(int id, const Lazy<Value>& lvalue, const ValidationUtils& utils);
@@ -203,15 +191,12 @@ private:
 	Object(const Object& other) = delete;
 	Object& operator=(const Object& rhs) = delete;
 
-	uintptr_t m_References{0};
-	mutable uintptr_t m_Mutex{0};
+	std::atomic<uint_fast64_t> m_References;
+	mutable std::recursive_mutex m_Mutex;
 
 #ifdef I2_DEBUG
-#	ifndef _WIN32
-	mutable pthread_t m_LockOwner;
-#	else /* _WIN32 */
-	mutable DWORD m_LockOwner;
-#	endif /* _WIN32 */
+	mutable std::atomic<std::thread::id> m_LockOwner;
+	mutable size_t m_LockCount = 0;
 #endif /* I2_DEBUG */
 
 	friend struct ObjectLock;
diff --git a/lib/base/objectlock.cpp b/lib/base/objectlock.cpp
index 2abb43fba..fc0c7c631 100644
--- a/lib/base/objectlock.cpp
+++ b/lib/base/objectlock.cpp
@@ -1,24 +1,7 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/objectlock.hpp"
-#include <boost/thread/recursive_mutex.hpp>
+#include <thread>
 
 using namespace icinga;
 
@@ -31,10 +14,8 @@ ObjectLock::~ObjectLock()
 }
 
 ObjectLock::ObjectLock(const Object::Ptr& object)
-	: m_Object(object.get()), m_Locked(false)
+	: ObjectLock(object.get())
 {
-	if (m_Object)
-		Lock();
 }
 
 ObjectLock::ObjectLock(const Object *object)
@@ -44,93 +25,31 @@ ObjectLock::ObjectLock(const Object *object)
 		Lock();
 }
 
-void ObjectLock::LockMutex(const Object *object)
-{
-	unsigned int it = 0;
-
-#ifdef _WIN32
-#	ifdef _WIN64
-	while (likely(InterlockedCompareExchange64((LONGLONG *)&object->m_Mutex, I2MUTEX_LOCKED, I2MUTEX_UNLOCKED) != I2MUTEX_UNLOCKED)) {
-#	else /* _WIN64 */
-	while (likely(InterlockedCompareExchange(&object->m_Mutex, I2MUTEX_LOCKED, I2MUTEX_UNLOCKED) != I2MUTEX_UNLOCKED)) {
-#	endif /* _WIN64 */
-#else /* _WIN32 */
-	while (likely(!__sync_bool_compare_and_swap(&object->m_Mutex, I2MUTEX_UNLOCKED, I2MUTEX_LOCKED))) {
-#endif /* _WIN32 */
-		if (likely(object->m_Mutex > I2MUTEX_LOCKED)) {
-			auto *mtx = reinterpret_cast<boost::recursive_mutex *>(object->m_Mutex);
-			mtx->lock();
-
-			return;
-		}
-
-		Spin(it);
-		it++;
-	}
-
-	auto *mtx = new boost::recursive_mutex();
-	mtx->lock();
-#ifdef _WIN32
-#	ifdef _WIN64
-	InterlockedCompareExchange64((LONGLONG *)&object->m_Mutex, reinterpret_cast<LONGLONG>(mtx), I2MUTEX_LOCKED);
-#	else /* _WIN64 */
-	InterlockedCompareExchange(&object->m_Mutex, reinterpret_cast<LONG>(mtx), I2MUTEX_LOCKED);
-#	endif /* _WIN64 */
-#else /* _WIN32 */
-	__sync_bool_compare_and_swap(&object->m_Mutex, I2MUTEX_LOCKED, reinterpret_cast<uintptr_t>(mtx));
-#endif /* _WIN32 */
-}
-
 void ObjectLock::Lock()
 {
 	ASSERT(!m_Locked && m_Object);
 
-	LockMutex(m_Object);
+	m_Object->m_Mutex.lock();
 
 	m_Locked = true;
 
 #ifdef I2_DEBUG
-#	ifdef _WIN32
-	InterlockedExchange(&m_Object->m_LockOwner, GetCurrentThreadId());
-#	else /* _WIN32 */
-	__sync_lock_test_and_set(&m_Object->m_LockOwner, pthread_self());
-#	endif /* _WIN32 */
+	if (++m_Object->m_LockCount == 1u) {
+		m_Object->m_LockOwner.store(std::this_thread::get_id());
+	}
 #endif /* I2_DEBUG */
 }
 
-void ObjectLock::Spin(unsigned int it)
-{
-	if (it < 8) {
-		/* Do nothing. */
-	}
-#ifdef SPIN_PAUSE
-	else if (it < 16) {
-		SPIN_PAUSE();
-	}
-#endif /* SPIN_PAUSE */
-	else {
-#ifdef _WIN32
-		Sleep(0);
-#else /* _WIN32 */
-		sched_yield();
-#endif /* _WIN32 */
-	}
-}
-
 void ObjectLock::Unlock()
 {
 #ifdef I2_DEBUG
-	if (m_Locked) {
-#	ifdef _WIN32
-		InterlockedExchange(&m_Object->m_LockOwner, 0);
-#	else /* _WIN32 */
-		__sync_lock_release(&m_Object->m_LockOwner);
-#	endif /* _WIN32 */
+	if (m_Locked && !--m_Object->m_LockCount) {
+		m_Object->m_LockOwner.store(decltype(m_Object->m_LockOwner.load())());
 	}
 #endif /* I2_DEBUG */
 
 	if (m_Locked) {
-		reinterpret_cast<boost::recursive_mutex *>(m_Object->m_Mutex)->unlock();
+		m_Object->m_Mutex.unlock();
 		m_Locked = false;
 	}
 }
diff --git a/lib/base/objectlock.hpp b/lib/base/objectlock.hpp
index 1c2f993e8..277f99041 100644
--- a/lib/base/objectlock.hpp
+++ b/lib/base/objectlock.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECTLOCK_H
 #define OBJECTLOCK_H
@@ -36,12 +19,7 @@ public:
 
 	~ObjectLock();
 
-	static void LockMutex(const Object *object);
-
 	void Lock();
-
-	static void Spin(unsigned int it);
-
 	void Unlock();
 
 private:
diff --git a/lib/base/objecttype.cpp b/lib/base/objecttype.cpp
index d77bfcdae..7ab0f2ad8 100644
--- a/lib/base/objecttype.cpp
+++ b/lib/base/objecttype.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/objecttype.hpp"
 #include "base/initialize.hpp"
@@ -23,6 +6,7 @@
 
 using namespace icinga;
 
+/* Ensure that the priority is lower than the basic namespace initialization in scriptframe.cpp. */
 INITIALIZE_ONCE_WITH_PRIORITY([]() {
 	Type::Ptr type = new ObjectType();
 	type->SetPrototype(Object::GetPrototype());
diff --git a/lib/base/objecttype.hpp b/lib/base/objecttype.hpp
index 4fb0e5c3d..0db715e18 100644
--- a/lib/base/objecttype.hpp
+++ b/lib/base/objecttype.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECTTYPE_H
 #define OBJECTTYPE_H
diff --git a/lib/base/perfdatavalue.cpp b/lib/base/perfdatavalue.cpp
index f2a93e128..422988d80 100644
--- a/lib/base/perfdatavalue.cpp
+++ b/lib/base/perfdatavalue.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/perfdatavalue.hpp"
 #include "base/perfdatavalue-ti.cpp"
@@ -27,7 +10,7 @@
 using namespace icinga;
 
 REGISTER_TYPE(PerfdataValue);
-REGISTER_SCRIPTFUNCTION_NS(System, parse_performance_data, PerfdataValue::Parse, "perfdata");
+REGISTER_FUNCTION(System, parse_performance_data, PerfdataValue::Parse, "perfdata");
 
 PerfdataValue::PerfdataValue(const String& label, double value, bool counter,
 	const String& unit, const Value& warn, const Value& crit, const Value& min,
diff --git a/lib/base/perfdatavalue.hpp b/lib/base/perfdatavalue.hpp
index a72d267be..05b2c34ac 100644
--- a/lib/base/perfdatavalue.hpp
+++ b/lib/base/perfdatavalue.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PERFDATAVALUE_H
 #define PERFDATAVALUE_H
diff --git a/lib/base/perfdatavalue.ti b/lib/base/perfdatavalue.ti
index f234df2b1..b2692e98a 100644
--- a/lib/base/perfdatavalue.ti
+++ b/lib/base/perfdatavalue.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 library base;
 
diff --git a/lib/base/primitivetype.cpp b/lib/base/primitivetype.cpp
index 9f1a6a3e8..10286c781 100644
--- a/lib/base/primitivetype.cpp
+++ b/lib/base/primitivetype.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/primitivetype.hpp"
 #include "base/dictionary.hpp"
diff --git a/lib/base/primitivetype.hpp b/lib/base/primitivetype.hpp
index 45ae8411a..ae7454e07 100644
--- a/lib/base/primitivetype.hpp
+++ b/lib/base/primitivetype.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PRIMITIVETYPE_H
 #define PRIMITIVETYPE_H
@@ -48,6 +31,7 @@ private:
 	ObjectFactory m_Factory;
 };
 
+/* Ensure that the priority is lower than the basic namespace initialization in scriptframe.cpp. */
 #define REGISTER_BUILTIN_TYPE(type, prototype)					\
 	INITIALIZE_ONCE_WITH_PRIORITY([]() {					\
 		icinga::Type::Ptr t = new PrimitiveType(#type, "None"); 	\
diff --git a/lib/base/process.cpp b/lib/base/process.cpp
index d5d3d69d2..97754c19e 100644
--- a/lib/base/process.cpp
+++ b/lib/base/process.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/process.hpp"
 #include "base/exception.hpp"
@@ -164,8 +147,11 @@ static Value ProcessSpawnImpl(struct msghdr *msgh, const Dictionary::Ptr& reques
 		(void)close(fds[2]);
 
 #ifdef HAVE_NICE
-		if (adjustPriority)
-			nice(5);
+		if (adjustPriority) {
+			// Cheating the compiler on "warning: ignoring return value of 'int nice(int)', declared with attribute warn_unused_result [-Wunused-result]".
+			auto x (nice(5));
+			(void)x;
+		}
 #endif /* HAVE_NICE */
 
 		sigset_t mask;
@@ -413,12 +399,11 @@ static pid_t ProcessSpawn(const std::vector<String>& arguments, const Dictionary
 
 	msg.msg_controllen = cmsg->cmsg_len;
 
-send_message:
-	while (sendmsg(l_ProcessControlFD, &msg, 0) < 0)
-		StartSpawnProcessHelper();
-
-	if (send(l_ProcessControlFD, jrequest.CStr(), jrequest.GetLength(), 0) < 0)
-		goto send_message;
+	do {
+		while (sendmsg(l_ProcessControlFD, &msg, 0) < 0) {
+			StartSpawnProcessHelper();
+		}
+	} while (send(l_ProcessControlFD, jrequest.CStr(), jrequest.GetLength(), 0) < 0);
 
 	char buf[4096];
 
@@ -450,12 +435,11 @@ static int ProcessKill(pid_t pid, int signum)
 
 	boost::mutex::scoped_lock lock(l_ProcessControlMutex);
 
-send_message:
-	while (send(l_ProcessControlFD, &length, sizeof(length), 0) < 0)
-		StartSpawnProcessHelper();
-
-	if (send(l_ProcessControlFD, jrequest.CStr(), jrequest.GetLength(), 0) < 0)
-		goto send_message;
+	do {
+		while (send(l_ProcessControlFD, &length, sizeof(length), 0) < 0) {
+			StartSpawnProcessHelper();
+		}
+	} while (send(l_ProcessControlFD, jrequest.CStr(), jrequest.GetLength(), 0) < 0);
 
 	char buf[4096];
 
@@ -482,12 +466,11 @@ static int ProcessWaitPID(pid_t pid, int *status)
 
 	boost::mutex::scoped_lock lock(l_ProcessControlMutex);
 
-send_message:
-	while (send(l_ProcessControlFD, &length, sizeof(length), 0) < 0)
-		StartSpawnProcessHelper();
-
-	if (send(l_ProcessControlFD, jrequest.CStr(), jrequest.GetLength(), 0) < 0)
-		goto send_message;
+	do {
+		while (send(l_ProcessControlFD, &length, sizeof(length), 0) < 0) {
+			StartSpawnProcessHelper();
+		}
+	} while (send(l_ProcessControlFD, jrequest.CStr(), jrequest.GetLength(), 0) < 0);
 
 	char buf[4096];
 
diff --git a/lib/base/process.hpp b/lib/base/process.hpp
index 259f19e33..7fbfe0ac0 100644
--- a/lib/base/process.hpp
+++ b/lib/base/process.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PROCESS_H
 #define PROCESS_H
diff --git a/lib/base/reference-script.cpp b/lib/base/reference-script.cpp
new file mode 100644
index 000000000..940824578
--- /dev/null
+++ b/lib/base/reference-script.cpp
@@ -0,0 +1,35 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/reference.hpp"
+#include "base/function.hpp"
+#include "base/functionwrapper.hpp"
+#include "base/scriptframe.hpp"
+#include "base/exception.hpp"
+
+using namespace icinga;
+
+static void ReferenceSet(const Value& value)
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Reference::Ptr self = static_cast<Reference::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+	self->Set(value);
+}
+
+static Value ReferenceGet()
+{
+	ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
+	Reference::Ptr self = static_cast<Reference::Ptr>(vframe->Self);
+	REQUIRE_NOT_NULL(self);
+	return self->Get();
+}
+
+Object::Ptr Reference::GetPrototype()
+{
+	static Dictionary::Ptr prototype = new Dictionary({
+		{ "set", new Function("Reference#set", ReferenceSet, { "value" }) },
+		{ "get", new Function("Reference#get", ReferenceGet, {}, true) },
+	});
+
+	return prototype;
+}
diff --git a/lib/base/reference.cpp b/lib/base/reference.cpp
new file mode 100644
index 000000000..b0104af6c
--- /dev/null
+++ b/lib/base/reference.cpp
@@ -0,0 +1,38 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/reference.hpp"
+#include "base/debug.hpp"
+#include "base/primitivetype.hpp"
+#include "base/dictionary.hpp"
+#include "base/configwriter.hpp"
+#include "base/convert.hpp"
+#include "base/exception.hpp"
+
+using namespace icinga;
+
+REGISTER_PRIMITIVE_TYPE_NOINST(Reference, Object, Reference::GetPrototype());
+
+Reference::Reference(const Object::Ptr& parent, const String& index)
+	: m_Parent(parent), m_Index(index)
+{
+}
+
+Value Reference::Get() const
+{
+	return m_Parent->GetFieldByName(m_Index, true, DebugInfo());
+}
+
+void Reference::Set(const Value& value)
+{
+	m_Parent->SetFieldByName(m_Index, value, false, DebugInfo());
+}
+
+Object::Ptr Reference::GetParent() const
+{
+	return m_Parent;
+}
+
+String Reference::GetIndex() const
+{
+	return m_Index;
+}
diff --git a/lib/base/reference.hpp b/lib/base/reference.hpp
new file mode 100644
index 000000000..30faabe5f
--- /dev/null
+++ b/lib/base/reference.hpp
@@ -0,0 +1,40 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef REFERENCE_H
+#define REFERENCE_H
+
+#include "base/i2-base.hpp"
+#include "base/objectlock.hpp"
+#include "base/value.hpp"
+
+namespace icinga
+{
+
+/**
+ * A reference.
+ *
+ * @ingroup base
+ */
+class Reference final : public Object
+{
+public:
+	DECLARE_OBJECT(Reference);
+
+	Reference(const Object::Ptr& parent, const String& index);
+
+	Value Get() const;
+	void Set(const Value& value);
+
+	Object::Ptr GetParent() const;
+	String GetIndex() const;
+
+	static Object::Ptr GetPrototype();
+
+private:
+	Object::Ptr m_Parent;
+	String m_Index;
+};
+
+}
+
+#endif /* REFERENCE_H */
diff --git a/lib/base/registry.hpp b/lib/base/registry.hpp
index 9f13866d6..b8b0aced2 100644
--- a/lib/base/registry.hpp
+++ b/lib/base/registry.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef REGISTRY_H
 #define REGISTRY_H
diff --git a/lib/base/ringbuffer.cpp b/lib/base/ringbuffer.cpp
index 9e3b1c840..75ffff3eb 100644
--- a/lib/base/ringbuffer.cpp
+++ b/lib/base/ringbuffer.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/ringbuffer.hpp"
 #include "base/objectlock.hpp"
diff --git a/lib/base/ringbuffer.hpp b/lib/base/ringbuffer.hpp
index 44a96f868..ed5802829 100644
--- a/lib/base/ringbuffer.hpp
+++ b/lib/base/ringbuffer.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef RINGBUFFER_H
 #define RINGBUFFER_H
diff --git a/lib/base/scriptframe.cpp b/lib/base/scriptframe.cpp
index 65597a783..7510c8a11 100644
--- a/lib/base/scriptframe.cpp
+++ b/lib/base/scriptframe.cpp
@@ -1,44 +1,48 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/scriptframe.hpp"
 #include "base/scriptglobal.hpp"
+#include "base/namespace.hpp"
 #include "base/exception.hpp"
+#include "base/configuration.hpp"
 
 using namespace icinga;
 
 boost::thread_specific_ptr<std::stack<ScriptFrame *> > ScriptFrame::m_ScriptFrames;
-Array::Ptr ScriptFrame::m_Imports;
+
+static auto l_InternalNSBehavior = new ConstNamespaceBehavior();
+
+/* Ensure that this gets called with highest priority
+ * and wins against other static initializers in lib/icinga, etc.
+ * LTO-enabled builds will cause trouble otherwise, see GH #6575.
+ */
+INITIALIZE_ONCE_WITH_PRIORITY([]() {
+	Namespace::Ptr globalNS = ScriptGlobal::GetGlobals();
+
+	auto systemNSBehavior = new ConstNamespaceBehavior();
+	systemNSBehavior->Freeze();
+	Namespace::Ptr systemNS = new Namespace(systemNSBehavior);
+	globalNS->SetAttribute("System", std::make_shared<ConstEmbeddedNamespaceValue>(systemNS));
+
+	systemNS->SetAttribute("Configuration", std::make_shared<EmbeddedNamespaceValue>(new Configuration()));
+
+	auto typesNSBehavior = new ConstNamespaceBehavior();
+	typesNSBehavior->Freeze();
+	Namespace::Ptr typesNS = new Namespace(typesNSBehavior);
+	globalNS->SetAttribute("Types", std::make_shared<ConstEmbeddedNamespaceValue>(typesNS));
+
+	auto statsNSBehavior = new ConstNamespaceBehavior();
+	statsNSBehavior->Freeze();
+	Namespace::Ptr statsNS = new Namespace(statsNSBehavior);
+	globalNS->SetAttribute("StatsFunctions", std::make_shared<ConstEmbeddedNamespaceValue>(statsNS));
+
+	Namespace::Ptr internalNS = new Namespace(l_InternalNSBehavior);
+	globalNS->SetAttribute("Internal", std::make_shared<ConstEmbeddedNamespaceValue>(internalNS));
+}, 1000);
 
 INITIALIZE_ONCE_WITH_PRIORITY([]() {
-	Dictionary::Ptr systemNS = new Dictionary();
-	ScriptGlobal::Set("System", systemNS);
-	ScriptFrame::AddImport(systemNS);
-
-	Dictionary::Ptr typesNS = new Dictionary();
-	ScriptGlobal::Set("Types", typesNS);
-	ScriptFrame::AddImport(typesNS);
-
-	Dictionary::Ptr deprecatedNS = new Dictionary();
-	ScriptGlobal::Set("Deprecated", deprecatedNS);
-	ScriptFrame::AddImport(deprecatedNS);
-}, 50);
+	l_InternalNSBehavior->Freeze();
+}, 0);
 
 ScriptFrame::ScriptFrame(bool allocLocals)
 	: Locals(allocLocals ? new Dictionary() : nullptr), Self(ScriptGlobal::GetGlobals()), Sandboxed(false), Depth(0)
@@ -69,6 +73,10 @@ ScriptFrame::~ScriptFrame()
 {
 	ScriptFrame *frame = PopFrame();
 	ASSERT(frame == this);
+
+#ifndef I2_DEBUG
+	(void)frame;
+#endif /* I2_DEBUG */
 }
 
 void ScriptFrame::IncreaseStackDepth()
@@ -120,23 +128,3 @@ void ScriptFrame::PushFrame(ScriptFrame *frame)
 
 	frames->push(frame);
 }
-
-Array::Ptr ScriptFrame::GetImports()
-{
-	return m_Imports;
-}
-
-void ScriptFrame::AddImport(const Object::Ptr& import)
-{
-	Array::Ptr imports;
-
-	if (!m_Imports)
-		imports = new Array();
-	else
-		imports = m_Imports->ShallowClone();
-
-	imports->Add(import);
-
-	m_Imports = imports;
-}
-
diff --git a/lib/base/scriptframe.hpp b/lib/base/scriptframe.hpp
index 16a6592f5..18e23ef2f 100644
--- a/lib/base/scriptframe.hpp
+++ b/lib/base/scriptframe.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SCRIPTFRAME_H
 #define SCRIPTFRAME_H
@@ -45,12 +28,8 @@ struct ScriptFrame
 
 	static ScriptFrame *GetCurrentFrame();
 
-	static Array::Ptr GetImports();
-	static void AddImport(const Object::Ptr& import);
-
 private:
 	static boost::thread_specific_ptr<std::stack<ScriptFrame *> > m_ScriptFrames;
-	static Array::Ptr m_Imports;
 
 	static void PushFrame(ScriptFrame *frame);
 	static ScriptFrame *PopFrame();
diff --git a/lib/base/scriptglobal.cpp b/lib/base/scriptglobal.cpp
index 225bb695b..b567b79c2 100644
--- a/lib/base/scriptglobal.cpp
+++ b/lib/base/scriptglobal.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/scriptglobal.hpp"
 #include "base/singleton.hpp"
@@ -26,11 +9,13 @@
 #include "base/convert.hpp"
 #include "base/objectlock.hpp"
 #include "base/exception.hpp"
+#include "base/namespace.hpp"
+#include "base/utility.hpp"
 #include <fstream>
 
 using namespace icinga;
 
-Dictionary::Ptr ScriptGlobal::m_Globals = new Dictionary();
+Namespace::Ptr ScriptGlobal::m_Globals = new Namespace();
 
 Value ScriptGlobal::Get(const String& name, const Value *defaultValue)
 {
@@ -46,7 +31,7 @@ Value ScriptGlobal::Get(const String& name, const Value *defaultValue)
 	return result;
 }
 
-void ScriptGlobal::Set(const String& name, const Value& value)
+void ScriptGlobal::Set(const String& name, const Value& value, bool overrideFrozen)
 {
 	std::vector<String> tokens = name.Split(".");
 
@@ -56,7 +41,7 @@ void ScriptGlobal::Set(const String& name, const Value& value)
 	{
 		ObjectLock olock(m_Globals);
 
-		Dictionary::Ptr parent = m_Globals;
+		Namespace::Ptr parent = m_Globals;
 
 		for (std::vector<String>::size_type i = 0; i < tokens.size(); i++) {
 			const String& token = tokens[i];
@@ -65,7 +50,7 @@ void ScriptGlobal::Set(const String& name, const Value& value)
 				Value vparent;
 
 				if (!parent->Get(token, &vparent)) {
-					Dictionary::Ptr dict = new Dictionary();
+					Namespace::Ptr dict = new Namespace();
 					parent->Set(token, dict);
 					parent = dict;
 				} else {
@@ -74,16 +59,21 @@ void ScriptGlobal::Set(const String& name, const Value& value)
 			}
 		}
 
-		parent->Set(tokens[tokens.size() - 1], value);
+		parent->SetFieldByName(tokens[tokens.size() - 1], value, overrideFrozen, DebugInfo());
 	}
 }
 
+void ScriptGlobal::SetConst(const String& name, const Value& value)
+{
+	GetGlobals()->SetAttribute(name, std::make_shared<ConstEmbeddedNamespaceValue>(value));
+}
+
 bool ScriptGlobal::Exists(const String& name)
 {
 	return m_Globals->Contains(name);
 }
 
-Dictionary::Ptr ScriptGlobal::GetGlobals()
+Namespace::Ptr ScriptGlobal::GetGlobals()
 {
 	return m_Globals;
 }
@@ -102,8 +92,8 @@ void ScriptGlobal::WriteToFile(const String& filename)
 	StdioStream::Ptr sfp = new StdioStream(&fp, false);
 
 	ObjectLock olock(m_Globals);
-	for (const Dictionary::Pair& kv : m_Globals) {
-		Value value = kv.second;
+	for (const Namespace::Pair& kv : m_Globals) {
+		Value value = kv.second->Get();
 
 		if (value.IsObject())
 			value = Convert::ToString(value);
@@ -122,15 +112,6 @@ void ScriptGlobal::WriteToFile(const String& filename)
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(filename.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFilename.CStr(), filename.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempFilename));
-	}
+	Utility::RenameFile(tempFilename, filename);
 }
 
diff --git a/lib/base/scriptglobal.hpp b/lib/base/scriptglobal.hpp
index e2b5a8f41..c31cdcdf6 100644
--- a/lib/base/scriptglobal.hpp
+++ b/lib/base/scriptglobal.hpp
@@ -1,27 +1,10 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SCRIPTGLOBAL_H
 #define SCRIPTGLOBAL_H
 
 #include "base/i2-base.hpp"
-#include "base/dictionary.hpp"
+#include "base/namespace.hpp"
 
 namespace icinga
 {
@@ -35,15 +18,16 @@ class ScriptGlobal
 {
 public:
 	static Value Get(const String& name, const Value *defaultValue = nullptr);
-	static void Set(const String& name, const Value& value);
+	static void Set(const String& name, const Value& value, bool overrideFrozen = false);
+	static void SetConst(const String& name, const Value& value);
 	static bool Exists(const String& name);
 
 	static void WriteToFile(const String& filename);
 
-	static Dictionary::Ptr GetGlobals();
+	static Namespace::Ptr GetGlobals();
 
 private:
-	static Dictionary::Ptr m_Globals;
+	static Namespace::Ptr m_Globals;
 };
 
 }
diff --git a/lib/base/scriptutils.cpp b/lib/base/scriptutils.cpp
index cbedd9f97..47f2ccdea 100644
--- a/lib/base/scriptutils.cpp
+++ b/lib/base/scriptutils.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/scriptutils.hpp"
 #include "base/function.hpp"
@@ -30,6 +13,7 @@
 #include "base/application.hpp"
 #include "base/dependencygraph.hpp"
 #include "base/initialize.hpp"
+#include "base/namespace.hpp"
 #include <boost/regex.hpp>
 #include <algorithm>
 #include <set>
@@ -39,39 +23,40 @@
 
 using namespace icinga;
 
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, regex, &ScriptUtils::Regex, "pattern:text:mode");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, match, &ScriptUtils::Match, "pattern:text:mode");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, cidr_match, &ScriptUtils::CidrMatch, "pattern:ip:mode");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, len, &ScriptUtils::Len, "value");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, union, &ScriptUtils::Union, "");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, intersection, &ScriptUtils::Intersection, "");
-REGISTER_SCRIPTFUNCTION_NS(System, log, &ScriptUtils::Log, "severity:facility:value");
-REGISTER_SCRIPTFUNCTION_NS(System, range, &ScriptUtils::Range, "start:end:increment");
-REGISTER_SCRIPTFUNCTION_NS(System, exit, &Application::Exit, "status");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, typeof, &ScriptUtils::TypeOf, "value");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, keys, &ScriptUtils::Keys, "value");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, random, &Utility::Random, "");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, get_object, &ScriptUtils::GetObject, "type:name");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, get_objects, &ScriptUtils::GetObjects, "type");
-REGISTER_SCRIPTFUNCTION_NS(System, assert, &ScriptUtils::Assert, "value");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, string, &ScriptUtils::CastString, "value");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, number, &ScriptUtils::CastNumber, "value");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, bool, &ScriptUtils::CastBool, "value");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, get_time, &Utility::GetTime, "");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, basename, &Utility::BaseName, "path");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, dirname, &Utility::DirName, "path");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, msi_get_component_path, &ScriptUtils::MsiGetComponentPathShim, "component");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, track_parents, &ScriptUtils::TrackParents, "child");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, escape_shell_cmd, &Utility::EscapeShellCmd, "cmd");
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, escape_shell_arg, &Utility::EscapeShellArg, "arg");
+REGISTER_SAFE_FUNCTION(System, regex, &ScriptUtils::Regex, "pattern:text:mode");
+REGISTER_SAFE_FUNCTION(System, match, &ScriptUtils::Match, "pattern:text:mode");
+REGISTER_SAFE_FUNCTION(System, cidr_match, &ScriptUtils::CidrMatch, "pattern:ip:mode");
+REGISTER_SAFE_FUNCTION(System, len, &ScriptUtils::Len, "value");
+REGISTER_SAFE_FUNCTION(System, union, &ScriptUtils::Union, "");
+REGISTER_SAFE_FUNCTION(System, intersection, &ScriptUtils::Intersection, "");
+REGISTER_FUNCTION(System, log, &ScriptUtils::Log, "severity:facility:value");
+REGISTER_FUNCTION(System, range, &ScriptUtils::Range, "start:end:increment");
+REGISTER_FUNCTION(System, exit, &Application::Exit, "status");
+REGISTER_SAFE_FUNCTION(System, typeof, &ScriptUtils::TypeOf, "value");
+REGISTER_SAFE_FUNCTION(System, keys, &ScriptUtils::Keys, "value");
+REGISTER_SAFE_FUNCTION(System, random, &Utility::Random, "");
+REGISTER_SAFE_FUNCTION(System, get_object, &ScriptUtils::GetObject, "type:name");
+REGISTER_SAFE_FUNCTION(System, get_objects, &ScriptUtils::GetObjects, "type");
+REGISTER_FUNCTION(System, assert, &ScriptUtils::Assert, "value");
+REGISTER_SAFE_FUNCTION(System, string, &ScriptUtils::CastString, "value");
+REGISTER_SAFE_FUNCTION(System, number, &ScriptUtils::CastNumber, "value");
+REGISTER_SAFE_FUNCTION(System, bool, &ScriptUtils::CastBool, "value");
+REGISTER_SAFE_FUNCTION(System, get_time, &Utility::GetTime, "");
+REGISTER_SAFE_FUNCTION(System, basename, &Utility::BaseName, "path");
+REGISTER_SAFE_FUNCTION(System, dirname, &Utility::DirName, "path");
+REGISTER_SAFE_FUNCTION(System, getenv, &ScriptUtils::GetEnv, "value");
+REGISTER_SAFE_FUNCTION(System, msi_get_component_path, &ScriptUtils::MsiGetComponentPathShim, "component");
+REGISTER_SAFE_FUNCTION(System, track_parents, &ScriptUtils::TrackParents, "child");
+REGISTER_SAFE_FUNCTION(System, escape_shell_cmd, &Utility::EscapeShellCmd, "cmd");
+REGISTER_SAFE_FUNCTION(System, escape_shell_arg, &Utility::EscapeShellArg, "arg");
 #ifdef _WIN32
-REGISTER_SAFE_SCRIPTFUNCTION_NS(System, escape_create_process_arg, &Utility::EscapeCreateProcessArg, "arg");
+REGISTER_SAFE_FUNCTION(System, escape_create_process_arg, &Utility::EscapeCreateProcessArg, "arg");
 #endif /* _WIN32 */
-REGISTER_SCRIPTFUNCTION_NS(System, ptr, &ScriptUtils::Ptr, "object");
-REGISTER_SCRIPTFUNCTION_NS(System, sleep, &Utility::Sleep, "interval");
-REGISTER_SCRIPTFUNCTION_NS(System, path_exists, &Utility::PathExists, "path");
-REGISTER_SCRIPTFUNCTION_NS(System, glob, &ScriptUtils::Glob, "pathspec:callback:type");
-REGISTER_SCRIPTFUNCTION_NS(System, glob_recursive, &ScriptUtils::GlobRecursive, "pathspec:callback:type");
+REGISTER_FUNCTION(System, ptr, &ScriptUtils::Ptr, "object");
+REGISTER_FUNCTION(System, sleep, &Utility::Sleep, "interval");
+REGISTER_FUNCTION(System, path_exists, &Utility::PathExists, "path");
+REGISTER_FUNCTION(System, glob, &ScriptUtils::Glob, "pathspec:callback:type");
+REGISTER_FUNCTION(System, glob_recursive, &ScriptUtils::GlobRecursive, "pathspec:callback:type");
 
 INITIALIZE_ONCE(&ScriptUtils::StaticInitialize);
 
@@ -83,11 +68,11 @@ enum MatchType
 
 void ScriptUtils::StaticInitialize()
 {
-	ScriptGlobal::Set("MatchAll", MatchAll);
-	ScriptGlobal::Set("MatchAny", MatchAny);
+	ScriptGlobal::Set("System.MatchAll", MatchAll, true);
+	ScriptGlobal::Set("System.MatchAny", MatchAny, true);
 
-	ScriptGlobal::Set("GlobFile", GlobFile);
-	ScriptGlobal::Set("GlobDirectory", GlobDirectory);
+	ScriptGlobal::Set("System.GlobFile", GlobFile, true);
+	ScriptGlobal::Set("System.GlobDirectory", GlobDirectory, true);
 }
 
 String ScriptUtils::CastString(const Value& value)
@@ -108,10 +93,14 @@ bool ScriptUtils::CastBool(const Value& value)
 bool ScriptUtils::Regex(const std::vector<Value>& args)
 {
 	if (args.size() < 2)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Regular expression and text must be specified."));
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Regular expression and text must be specified for regex()."));
 
 	String pattern = args[0];
 	const Value& argTexts = args[1];
+
+	if (argTexts.IsObjectType<Dictionary>())
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Dictionaries are not supported by regex()."));
+
 	MatchType mode;
 
 	if (args.size() > 2)
@@ -147,7 +136,8 @@ bool ScriptUtils::Regex(const std::vector<Value>& args)
 				return false;
 		}
 
-		return true;
+		/* MatchAny: Nothing matched. MatchAll: Everything matched. */
+		return mode == MatchAll;
 	} else {
 		String text = argTexts;
 		boost::smatch what;
@@ -158,10 +148,14 @@ bool ScriptUtils::Regex(const std::vector<Value>& args)
 bool ScriptUtils::Match(const std::vector<Value>& args)
 {
 	if (args.size() < 2)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Pattern and text must be specified."));
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Pattern and text must be specified for match()."));
 
 	String pattern = args[0];
 	const Value& argTexts = args[1];
+
+	if (argTexts.IsObjectType<Dictionary>())
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Dictionaries are not supported by match()."));
+
 	MatchType mode;
 
 	if (args.size() > 2)
@@ -189,7 +183,8 @@ bool ScriptUtils::Match(const std::vector<Value>& args)
 				return false;
 		}
 
-		return true;
+		/* MatchAny: Nothing matched. MatchAll: Everything matched. */
+		return mode == MatchAll;
 	} else {
 		String text = argTexts;
 		return Utility::Match(pattern, argTexts);
@@ -199,10 +194,14 @@ bool ScriptUtils::Match(const std::vector<Value>& args)
 bool ScriptUtils::CidrMatch(const std::vector<Value>& args)
 {
 	if (args.size() < 2)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("CIDR and IP address must be specified."));
+		BOOST_THROW_EXCEPTION(std::invalid_argument("CIDR and IP address must be specified for cidr_match()."));
 
 	String pattern = args[0];
 	const Value& argIps = args[1];
+
+	if (argIps.IsObjectType<Dictionary>())
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Dictionaries are not supported by cidr_match()."));
+
 	MatchType mode;
 
 	if (args.size() > 2)
@@ -230,7 +229,8 @@ bool ScriptUtils::CidrMatch(const std::vector<Value>& args)
 				return false;
 		}
 
-		return true;
+		/* MatchAny: Nothing matched. MatchAll: Everything matched. */
+		return mode == MatchAll;
 	} else {
 		String ip = argIps;
 		return Utility::CidrMatch(pattern, ip);
@@ -382,10 +382,12 @@ Type::Ptr ScriptUtils::TypeOf(const Value& value)
 	return value.GetReflectionType();
 }
 
-Array::Ptr ScriptUtils::Keys(const Dictionary::Ptr& dict)
+Array::Ptr ScriptUtils::Keys(const Object::Ptr& obj)
 {
 	ArrayData result;
 
+	Dictionary::Ptr dict = dynamic_pointer_cast<Dictionary>(obj);
+
 	if (dict) {
 		ObjectLock olock(dict);
 		for (const Dictionary::Pair& kv : dict) {
@@ -393,6 +395,15 @@ Array::Ptr ScriptUtils::Keys(const Dictionary::Ptr& dict)
 		}
 	}
 
+	Namespace::Ptr ns = dynamic_pointer_cast<Namespace>(obj);
+
+	if (ns) {
+		ObjectLock olock(ns);
+		for (const Namespace::Pair& kv : ns) {
+			result.push_back(kv.first);
+		}
+	}
+
 	return new Array(std::move(result));
 }
 
@@ -503,3 +514,8 @@ Value ScriptUtils::GlobRecursive(const std::vector<Value>& args)
 
 	return Array::FromVector(paths);
 }
+
+String ScriptUtils::GetEnv(const String& key)
+{
+	return Utility::GetFromEnvironment(key);
+}
diff --git a/lib/base/scriptutils.hpp b/lib/base/scriptutils.hpp
index 9515b381e..c874ff857 100644
--- a/lib/base/scriptutils.hpp
+++ b/lib/base/scriptutils.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SCRIPTUTILS_H
 #define SCRIPTUTILS_H
@@ -49,7 +32,7 @@ public:
 	static void Log(const std::vector<Value>& arguments);
 	static Array::Ptr Range(const std::vector<Value>& arguments);
 	static Type::Ptr TypeOf(const Value& value);
-	static Array::Ptr Keys(const Dictionary::Ptr& dict);
+	static Array::Ptr Keys(const Object::Ptr& obj);
 	static ConfigObject::Ptr GetObject(const Value& type, const String& name);
 	static Array::Ptr GetObjects(const Type::Ptr& type);
 	static void Assert(const Value& arg);
@@ -58,6 +41,7 @@ public:
 	static double Ptr(const Object::Ptr& object);
 	static Value Glob(const std::vector<Value>& args);
 	static Value GlobRecursive(const std::vector<Value>& args);
+	static String GetEnv(const String& key);
 
 private:
 	ScriptUtils();
diff --git a/lib/base/serializer.cpp b/lib/base/serializer.cpp
index 7296ec3ce..c081c440d 100644
--- a/lib/base/serializer.cpp
+++ b/lib/base/serializer.cpp
@@ -1,30 +1,72 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/serializer.hpp"
 #include "base/type.hpp"
 #include "base/application.hpp"
 #include "base/objectlock.hpp"
+#include "base/convert.hpp"
+#include "base/exception.hpp"
+#include "base/namespace.hpp"
+#include <boost/algorithm/string/join.hpp>
+#include <deque>
 
 using namespace icinga;
 
-static Array::Ptr SerializeArray(const Array::Ptr& input, int attributeTypes)
+struct SerializeStackEntry
+{
+	String Name;
+	Value Val;
+};
+
+CircularReferenceError::CircularReferenceError(String message, std::vector<String> path)
+	: m_Message(message), m_Path(path)
+{ }
+
+const char *CircularReferenceError::what(void) const throw()
+{
+	return m_Message.CStr();
+}
+
+std::vector<String> CircularReferenceError::GetPath() const
+{
+	return m_Path;
+}
+
+struct SerializeStack
+{
+	std::deque<SerializeStackEntry> Entries;
+
+	inline void Push(const String& name, const Value& val)
+	{
+		Object::Ptr obj;
+
+		if (val.IsObject())
+			obj = val;
+
+		if (obj) {
+			for (const auto& entry : Entries) {
+				if (entry.Val == obj) {
+					std::vector<String> path;
+					for (const auto& entry : Entries)
+						path.push_back(entry.Name);
+					path.push_back(name);
+					BOOST_THROW_EXCEPTION(CircularReferenceError("Cannot serialize object which recursively refers to itself. Attribute path which leads to the cycle: " + boost::algorithm::join(path, " -> "), path));
+				}
+			}
+		}
+
+		Entries.push_back({ name, obj });
+	}
+
+	inline void Pop()
+	{
+		Entries.pop_back();
+	}
+};
+
+static Value SerializeInternal(const Value& value, int attributeTypes, SerializeStack& stack);
+
+static Array::Ptr SerializeArray(const Array::Ptr& input, int attributeTypes, SerializeStack& stack)
 {
 	ArrayData result;
 
@@ -32,14 +74,19 @@ static Array::Ptr SerializeArray(const Array::Ptr& input, int attributeTypes)
 
 	ObjectLock olock(input);
 
+	int index = 0;
+
 	for (const Value& value : input) {
-		result.emplace_back(Serialize(value, attributeTypes));
+		stack.Push(Convert::ToString(index), value);
+		result.emplace_back(SerializeInternal(value, attributeTypes, stack));
+		stack.Pop();
+		index++;
 	}
 
 	return new Array(std::move(result));
 }
 
-static Dictionary::Ptr SerializeDictionary(const Dictionary::Ptr& input, int attributeTypes)
+static Dictionary::Ptr SerializeDictionary(const Dictionary::Ptr& input, int attributeTypes, SerializeStack& stack)
 {
 	DictionaryData result;
 
@@ -48,13 +95,31 @@ static Dictionary::Ptr SerializeDictionary(const Dictionary::Ptr& input, int att
 	ObjectLock olock(input);
 
 	for (const Dictionary::Pair& kv : input) {
-		result.emplace_back(kv.first, Serialize(kv.second, attributeTypes));
+		stack.Push(kv.first, kv.second);
+		result.emplace_back(kv.first, SerializeInternal(kv.second, attributeTypes, stack));
+		stack.Pop();
 	}
 
 	return new Dictionary(std::move(result));
 }
 
-static Object::Ptr SerializeObject(const Object::Ptr& input, int attributeTypes)
+static Dictionary::Ptr SerializeNamespace(const Namespace::Ptr& input, int attributeTypes, SerializeStack& stack)
+{
+	DictionaryData result;
+
+	ObjectLock olock(input);
+
+	for (const Namespace::Pair& kv : input) {
+		Value val = kv.second->Get();
+		stack.Push(kv.first, val);
+		result.emplace_back(kv.first, Serialize(val, attributeTypes));
+		stack.Pop();
+	}
+
+	return new Dictionary(std::move(result));
+}
+
+static Object::Ptr SerializeObject(const Object::Ptr& input, int attributeTypes, SerializeStack& stack)
 {
 	Type::Ptr type = input->GetReflectionType();
 
@@ -64,6 +129,8 @@ static Object::Ptr SerializeObject(const Object::Ptr& input, int attributeTypes)
 	DictionaryData fields;
 	fields.reserve(type->GetFieldCount() + 1);
 
+	ObjectLock olock(input);
+
 	for (int i = 0; i < type->GetFieldCount(); i++) {
 		Field field = type->GetFieldInfo(i);
 
@@ -73,7 +140,10 @@ static Object::Ptr SerializeObject(const Object::Ptr& input, int attributeTypes)
 		if (strcmp(field.Name, "type") == 0)
 			continue;
 
-		fields.emplace_back(field.Name, Serialize(input->GetField(i), attributeTypes));
+		Value value = input->GetField(i);
+		stack.Push(field.Name, value);
+		fields.emplace_back(field.Name, SerializeInternal(value, attributeTypes, stack));
+		stack.Pop();
 	}
 
 	fields.emplace_back("type", type->GetName());
@@ -158,7 +228,7 @@ static Object::Ptr DeserializeObject(const Object::Ptr& object, const Dictionary
 	return instance;
 }
 
-Value icinga::Serialize(const Value& value, int attributeTypes)
+static Value SerializeInternal(const Value& value, int attributeTypes, SerializeStack& stack)
 {
 	if (!value.IsObject())
 		return value;
@@ -168,14 +238,25 @@ Value icinga::Serialize(const Value& value, int attributeTypes)
 	Array::Ptr array = dynamic_pointer_cast<Array>(input);
 
 	if (array)
-		return SerializeArray(array, attributeTypes);
+		return SerializeArray(array, attributeTypes, stack);
 
 	Dictionary::Ptr dict = dynamic_pointer_cast<Dictionary>(input);
 
 	if (dict)
-		return SerializeDictionary(dict, attributeTypes);
+		return SerializeDictionary(dict, attributeTypes, stack);
 
-	return SerializeObject(input, attributeTypes);
+	Namespace::Ptr ns = dynamic_pointer_cast<Namespace>(input);
+
+	if (ns)
+		return SerializeNamespace(ns, attributeTypes, stack);
+
+	return SerializeObject(input, attributeTypes, stack);
+}
+
+Value icinga::Serialize(const Value& value, int attributeTypes)
+{
+	SerializeStack stack;
+	return SerializeInternal(value, attributeTypes, stack);
 }
 
 Value icinga::Deserialize(const Value& value, bool safe_mode, int attributeTypes)
diff --git a/lib/base/serializer.hpp b/lib/base/serializer.hpp
index b5e8cd31a..77b31cecc 100644
--- a/lib/base/serializer.hpp
+++ b/lib/base/serializer.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SERIALIZER_H
 #define SERIALIZER_H
@@ -23,10 +6,24 @@
 #include "base/i2-base.hpp"
 #include "base/type.hpp"
 #include "base/value.hpp"
+#include "base/exception.hpp"
 
 namespace icinga
 {
 
+class CircularReferenceError : virtual public user_error
+{
+public:
+	CircularReferenceError(String message, std::vector<String> path);
+
+	const char *what(void) const throw() final;
+	std::vector<String> GetPath() const;
+
+private:
+	String m_Message;
+	std::vector<String> m_Path;
+};
+
 Value Serialize(const Value& value, int attributeTypes = FAState);
 Value Deserialize(const Value& value, bool safe_mode = false, int attributeTypes = FAState);
 Value Deserialize(const Object::Ptr& object, const Value& value, bool safe_mode = false, int attributeTypes = FAState);
diff --git a/lib/base/singleton.hpp b/lib/base/singleton.hpp
index 535c3faee..bc4fa9cc2 100644
--- a/lib/base/singleton.hpp
+++ b/lib/base/singleton.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SINGLETON_H
 #define SINGLETON_H
diff --git a/lib/base/socket.cpp b/lib/base/socket.cpp
index fae5665f3..cc3183b96 100644
--- a/lib/base/socket.cpp
+++ b/lib/base/socket.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/socket.hpp"
 #include "base/objectlock.hpp"
@@ -94,7 +77,7 @@ void Socket::Close()
 }
 
 /**
- * Retrieves the last error that occured for the socket.
+ * Retrieves the last error that occurred for the socket.
  *
  * @returns An error code.
  */
@@ -114,9 +97,21 @@ int Socket::GetError() const
 /**
  * Formats a sockaddr in a human-readable way.
  *
- * @returns A String describing the sockaddr.
+ * @returns A pair of host and service.
  */
-String Socket::GetAddressFromSockaddr(sockaddr *address, socklen_t len)
+String Socket::GetHumanReadableAddress(const std::pair<String, String>& socketDetails)
+{
+	std::ostringstream s;
+	s << "[" << socketDetails.first << "]:" << socketDetails.second;
+	return s.str();
+}
+
+/**
+ * Returns host and service as pair.
+ *
+ * @returns A pair with host and service.
+ */
+std::pair<String, String> Socket::GetDetailsFromSockaddr(sockaddr *address, socklen_t len)
 {
 	char host[NI_MAXHOST];
 	char service[NI_MAXSERV];
@@ -140,17 +135,15 @@ String Socket::GetAddressFromSockaddr(sockaddr *address, socklen_t len)
 #endif /* _WIN32 */
 	}
 
-	std::ostringstream s;
-	s << "[" << host << "]:" << service;
-	return s.str();
+	return std::make_pair(host, service);
 }
 
 /**
- * Returns a String describing the local address of the socket.
+ * Returns a pair describing the local host and service of the socket.
  *
- * @returns A String describing the local address.
+ * @returns A pair describing the local host and service.
  */
-String Socket::GetClientAddress()
+std::pair<String, String> Socket::GetClientAddressDetails()
 {
 	boost::mutex::scoped_lock lock(m_SocketMutex);
 
@@ -175,22 +168,32 @@ String Socket::GetClientAddress()
 #endif /* _WIN32 */
 	}
 
-	String address;
+	std::pair<String, String> details;
 	try {
-		address = GetAddressFromSockaddr((sockaddr *)&sin, len);
+		details = GetDetailsFromSockaddr((sockaddr *)&sin, len);
 	} catch (const std::exception&) {
 		/* already logged */
 	}
 
-	return address;
+	return details;
 }
 
 /**
- * Returns a String describing the peer address of the socket.
+ * Returns a String describing the local address of the socket.
  *
- * @returns A String describing the peer address.
+ * @returns A String describing the local address.
  */
-String Socket::GetPeerAddress()
+String Socket::GetClientAddress()
+{
+	return GetHumanReadableAddress(GetClientAddressDetails());
+}
+
+/**
+ * Returns a pair describing the peer host and service of the socket.
+ *
+ * @returns A pair describing the peer host and service.
+ */
+std::pair<String, String> Socket::GetPeerAddressDetails()
 {
 	boost::mutex::scoped_lock lock(m_SocketMutex);
 
@@ -215,14 +218,24 @@ String Socket::GetPeerAddress()
 #endif /* _WIN32 */
 	}
 
-	String address;
+	std::pair<String, String> details;
 	try {
-		address = GetAddressFromSockaddr((sockaddr *)&sin, len);
+		details = GetDetailsFromSockaddr((sockaddr *)&sin, len);
 	} catch (const std::exception&) {
 		/* already logged */
 	}
 
-	return address;
+	return details;
+}
+
+/**
+ * Returns a String describing the peer address of the socket.
+ *
+ * @returns A String describing the peer address.
+ */
+String Socket::GetPeerAddress()
+{
+	return GetHumanReadableAddress(GetPeerAddressDetails());
 }
 
 /**
@@ -415,4 +428,3 @@ void Socket::SocketPair(SOCKET s[2])
 			<< boost::errinfo_api_function("socketpair")
 			<< boost::errinfo_errno(errno));
 }
-
diff --git a/lib/base/socket.hpp b/lib/base/socket.hpp
index 89147c57d..a642fc496 100644
--- a/lib/base/socket.hpp
+++ b/lib/base/socket.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SOCKET_H
 #define SOCKET_H
@@ -45,7 +28,9 @@ public:
 
 	void Close();
 
+	std::pair<String, String> GetClientAddressDetails();
 	String GetClientAddress();
+	std::pair<String, String> GetPeerAddressDetails();
 	String GetPeerAddress();
 
 	size_t Read(void *buffer, size_t size);
@@ -70,7 +55,8 @@ protected:
 private:
 	SOCKET m_FD{INVALID_SOCKET}; /**< The socket descriptor. */
 
-	static String GetAddressFromSockaddr(sockaddr *address, socklen_t len);
+	static std::pair<String, String> GetDetailsFromSockaddr(sockaddr *address, socklen_t len);
+	static String GetHumanReadableAddress(const std::pair<String, String>& socketDetails);
 };
 
 class socket_error : virtual public std::exception, virtual public boost::exception { };
diff --git a/lib/base/socketevents-epoll.cpp b/lib/base/socketevents-epoll.cpp
deleted file mode 100644
index 7b810a6d6..000000000
--- a/lib/base/socketevents-epoll.cpp
+++ /dev/null
@@ -1,208 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "base/socketevents.hpp"
-#include "base/exception.hpp"
-#include "base/logger.hpp"
-#include <boost/thread/once.hpp>
-#include <map>
-#ifdef __linux__
-#	include <sys/epoll.h>
-
-using namespace icinga;
-
-void SocketEventEngineEpoll::InitializeThread(int tid)
-{
-	m_PollFDs[tid] = epoll_create(128);
-	Utility::SetCloExec(m_PollFDs[tid]);
-
-	SocketEventDescriptor sed;
-
-	m_Sockets[tid][m_EventFDs[tid][0]] = sed;
-	m_FDChanged[tid] = true;
-
-	epoll_event event;
-	memset(&event, 0, sizeof(event));
-	event.data.fd = m_EventFDs[tid][0];
-	event.events = EPOLLIN;
-	epoll_ctl(m_PollFDs[tid], EPOLL_CTL_ADD, m_EventFDs[tid][0], &event);
-}
-
-int SocketEventEngineEpoll::PollToEpoll(int events)
-{
-	int result = 0;
-
-	if (events & POLLIN)
-		result |= EPOLLIN;
-
-	if (events & POLLOUT)
-		result |= EPOLLOUT;
-
-	return events;
-}
-
-int SocketEventEngineEpoll::EpollToPoll(int events)
-{
-	int result = 0;
-
-	if (events & EPOLLIN)
-		result |= POLLIN;
-
-	if (events & EPOLLOUT)
-		result |= POLLOUT;
-
-	return events;
-}
-
-void SocketEventEngineEpoll::ThreadProc(int tid)
-{
-	Utility::SetThreadName("SocketIO");
-
-	for (;;) {
-		{
-			boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-			if (m_FDChanged[tid]) {
-				m_FDChanged[tid] = false;
-				m_CV[tid].notify_all();
-			}
-		}
-
-		epoll_event pevents[64];
-		int ready = epoll_wait(m_PollFDs[tid], pevents, sizeof(pevents) / sizeof(pevents[0]), -1);
-
-		std::vector<EventDescription> events;
-
-		{
-			boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-			if (m_FDChanged[tid]) {
-				m_FDChanged[tid] = false;
-
-				continue;
-			}
-
-			for (int i = 0; i < ready; i++) {
-				if (pevents[i].data.fd == m_EventFDs[tid][0]) {
-					char buffer[512];
-					if (recv(m_EventFDs[tid][0], buffer, sizeof(buffer), 0) < 0)
-						Log(LogCritical, "SocketEvents", "Read from event FD failed.");
-
-					continue;
-				}
-
-				if ((pevents[i].events & (EPOLLIN | EPOLLOUT | EPOLLHUP | EPOLLERR)) == 0)
-					continue;
-
-				EventDescription event;
-				event.REvents = SocketEventEngineEpoll::EpollToPoll(pevents[i].events);
-				event.Descriptor = m_Sockets[tid][pevents[i].data.fd];
-				event.LifesupportReference = event.Descriptor.LifesupportObject;
-				VERIFY(event.LifesupportReference);
-
-				events.emplace_back(std::move(event));
-			}
-		}
-
-		for (const EventDescription& event : events) {
-			try {
-				event.Descriptor.EventInterface->OnEvent(event.REvents);
-			} catch (const std::exception& ex) {
-				Log(LogCritical, "SocketEvents")
-					<< "Exception thrown in socket I/O handler:\n"
-					<< DiagnosticInformation(ex);
-			} catch (...) {
-				Log(LogCritical, "SocketEvents", "Exception of unknown type thrown in socket I/O handler.");
-			}
-		}
-	}
-}
-
-void SocketEventEngineEpoll::Register(SocketEvents *se, Object *lifesupportObject)
-{
-	int tid = se->m_ID % SOCKET_IOTHREADS;
-
-	{
-		boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-		VERIFY(se->m_FD != INVALID_SOCKET);
-
-		SocketEventDescriptor desc;
-		desc.EventInterface = se;
-		desc.LifesupportObject = lifesupportObject;
-
-		VERIFY(m_Sockets[tid].find(se->m_FD) == m_Sockets[tid].end());
-
-		m_Sockets[tid][se->m_FD] = desc;
-
-		epoll_event event;
-		memset(&event, 0, sizeof(event));
-		event.data.fd = se->m_FD;
-		event.events = 0;
-		epoll_ctl(m_PollFDs[tid], EPOLL_CTL_ADD, se->m_FD, &event);
-
-		se->m_Events = true;
-	}
-}
-
-void SocketEventEngineEpoll::Unregister(SocketEvents *se)
-{
-	int tid = se->m_ID % SOCKET_IOTHREADS;
-
-	{
-		boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-		if (se->m_FD == INVALID_SOCKET)
-			return;
-
-		m_Sockets[tid].erase(se->m_FD);
-		m_FDChanged[tid] = true;
-
-		epoll_ctl(m_PollFDs[tid], EPOLL_CTL_DEL, se->m_FD, nullptr);
-
-		se->m_FD = INVALID_SOCKET;
-		se->m_Events = false;
-	}
-
-	WakeUpThread(tid, true);
-}
-
-void SocketEventEngineEpoll::ChangeEvents(SocketEvents *se, int events)
-{
-	if (se->m_FD == INVALID_SOCKET)
-		BOOST_THROW_EXCEPTION(std::runtime_error("Tried to read/write from a closed socket."));
-
-	int tid = se->m_ID % SOCKET_IOTHREADS;
-
-	{
-		boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-		auto it = m_Sockets[tid].find(se->m_FD);
-
-		if (it == m_Sockets[tid].end())
-			return;
-
-		epoll_event event;
-		memset(&event, 0, sizeof(event));
-		event.data.fd = se->m_FD;
-		event.events = SocketEventEngineEpoll::PollToEpoll(events);
-		epoll_ctl(m_PollFDs[tid], EPOLL_CTL_MOD, se->m_FD, &event);
-	}
-}
-#endif /* __linux__ */
diff --git a/lib/base/socketevents-poll.cpp b/lib/base/socketevents-poll.cpp
deleted file mode 100644
index 19748434e..000000000
--- a/lib/base/socketevents-poll.cpp
+++ /dev/null
@@ -1,209 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "base/socketevents.hpp"
-#include "base/exception.hpp"
-#include "base/logger.hpp"
-#include <boost/thread/once.hpp>
-#include <map>
-
-using namespace icinga;
-
-void SocketEventEnginePoll::InitializeThread(int tid)
-{
-	SocketEventDescriptor sed;
-	sed.Events = POLLIN;
-
-	m_Sockets[tid][m_EventFDs[tid][0]] = sed;
-	m_FDChanged[tid] = true;
-}
-
-void SocketEventEnginePoll::ThreadProc(int tid)
-{
-	Utility::SetThreadName("SocketIO");
-
-	std::vector<pollfd> pfds;
-	std::vector<SocketEventDescriptor> descriptors;
-
-	for (;;) {
-		{
-			boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-			if (m_FDChanged[tid]) {
-				pfds.resize(m_Sockets[tid].size());
-				descriptors.resize(m_Sockets[tid].size());
-
-				int i = 0;
-
-				typedef std::map<SOCKET, SocketEventDescriptor>::value_type kv_pair;
-
-				for (const kv_pair& desc : m_Sockets[tid]) {
-					if (desc.second.Events == 0)
-						continue;
-
-					int events = desc.second.Events;
-
-					if (desc.second.EventInterface) {
-						desc.second.EventInterface->m_EnginePrivate = &pfds[i];
-
-						if (!desc.second.EventInterface->m_Events)
-							events = 0;
-					}
-
-					pfds[i].fd = desc.first;
-					pfds[i].events = events;
-					descriptors[i] = desc.second;
-
-					i++;
-				}
-
-				pfds.resize(i);
-
-				m_FDChanged[tid] = false;
-				m_CV[tid].notify_all();
-			}
-		}
-
-		ASSERT(!pfds.empty());
-
-#ifdef _WIN32
-		(void) WSAPoll(&pfds[0], pfds.size(), -1);
-#else /* _WIN32 */
-		(void) poll(&pfds[0], pfds.size(), -1);
-#endif /* _WIN32 */
-
-		std::vector<EventDescription> events;
-
-		{
-			boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-			if (m_FDChanged[tid])
-				continue;
-
-			for (std::vector<pollfd>::size_type i = 0; i < pfds.size(); i++) {
-				if ((pfds[i].revents & (POLLIN | POLLOUT | POLLHUP | POLLERR)) == 0)
-					continue;
-
-				if (pfds[i].fd == m_EventFDs[tid][0]) {
-					char buffer[512];
-					if (recv(m_EventFDs[tid][0], buffer, sizeof(buffer), 0) < 0)
-						Log(LogCritical, "SocketEvents", "Read from event FD failed.");
-
-					continue;
-				}
-
-				EventDescription event;
-				event.REvents = pfds[i].revents;
-				event.Descriptor = descriptors[i];
-				event.LifesupportReference = event.Descriptor.LifesupportObject;
-				VERIFY(event.LifesupportReference);
-
-				events.emplace_back(std::move(event));
-			}
-		}
-
-		for (const EventDescription& event : events) {
-			try {
-				event.Descriptor.EventInterface->OnEvent(event.REvents);
-			} catch (const std::exception& ex) {
-				Log(LogCritical, "SocketEvents")
-					<< "Exception thrown in socket I/O handler:\n"
-					<< DiagnosticInformation(ex);
-			} catch (...) {
-				Log(LogCritical, "SocketEvents", "Exception of unknown type thrown in socket I/O handler.");
-			}
-		}
-	}
-}
-
-void SocketEventEnginePoll::Register(SocketEvents *se, Object *lifesupportObject)
-{
-	int tid = se->m_ID % SOCKET_IOTHREADS;
-
-	{
-		boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-		VERIFY(se->m_FD != INVALID_SOCKET);
-
-		SocketEventDescriptor desc;
-		desc.Events = 0;
-		desc.EventInterface = se;
-		desc.LifesupportObject = lifesupportObject;
-
-		VERIFY(m_Sockets[tid].find(se->m_FD) == m_Sockets[tid].end());
-
-		m_Sockets[tid][se->m_FD] = desc;
-
-		m_FDChanged[tid] = true;
-
-		se->m_Events = true;
-	}
-
-	WakeUpThread(tid, true);
-}
-
-void SocketEventEnginePoll::Unregister(SocketEvents *se)
-{
-	int tid = se->m_ID % SOCKET_IOTHREADS;
-
-	{
-		boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-		if (se->m_FD == INVALID_SOCKET)
-			return;
-
-		m_Sockets[tid].erase(se->m_FD);
-		m_FDChanged[tid] = true;
-
-		se->m_FD = INVALID_SOCKET;
-		se->m_Events = false;
-	}
-
-	WakeUpThread(tid, true);
-}
-
-void SocketEventEnginePoll::ChangeEvents(SocketEvents *se, int events)
-{
-	if (se->m_FD == INVALID_SOCKET)
-		BOOST_THROW_EXCEPTION(std::runtime_error("Tried to read/write from a closed socket."));
-
-	int tid = se->m_ID % SOCKET_IOTHREADS;
-
-	{
-		boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-		auto it = m_Sockets[tid].find(se->m_FD);
-
-		if (it == m_Sockets[tid].end())
-			return;
-
-		if (it->second.Events == events)
-			return;
-
-		it->second.Events = events;
-
-		if (se->m_EnginePrivate && std::this_thread::get_id() == m_Threads[tid].get_id())
-			((pollfd *)se->m_EnginePrivate)->events = events;
-		else
-			m_FDChanged[tid] = true;
-	}
-
-	WakeUpThread(tid, false);
-}
-
diff --git a/lib/base/socketevents.cpp b/lib/base/socketevents.cpp
deleted file mode 100644
index e54ca0e6f..000000000
--- a/lib/base/socketevents.cpp
+++ /dev/null
@@ -1,158 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "base/socketevents.hpp"
-#include "base/exception.hpp"
-#include "base/logger.hpp"
-#include "base/application.hpp"
-#include "base/scriptglobal.hpp"
-#include <boost/thread/once.hpp>
-#include <map>
-#ifdef __linux__
-#	include <sys/epoll.h>
-#endif /* __linux__ */
-
-using namespace icinga;
-
-static boost::once_flag l_SocketIOOnceFlag = BOOST_ONCE_INIT;
-static SocketEventEngine *l_SocketIOEngine;
-
-int SocketEvents::m_NextID = 0;
-
-void SocketEventEngine::Start()
-{
-	for (int tid = 0; tid < SOCKET_IOTHREADS; tid++) {
-		Socket::SocketPair(m_EventFDs[tid]);
-
-		Utility::SetNonBlockingSocket(m_EventFDs[tid][0]);
-		Utility::SetNonBlockingSocket(m_EventFDs[tid][1]);
-
-#ifndef _WIN32
-		Utility::SetCloExec(m_EventFDs[tid][0]);
-		Utility::SetCloExec(m_EventFDs[tid][1]);
-#endif /* _WIN32 */
-
-		InitializeThread(tid);
-
-		m_Threads[tid] = std::thread(std::bind(&SocketEventEngine::ThreadProc, this, tid));
-	}
-}
-
-void SocketEventEngine::WakeUpThread(int sid, bool wait)
-{
-	int tid = sid % SOCKET_IOTHREADS;
-
-	if (std::this_thread::get_id() == m_Threads[tid].get_id())
-		return;
-
-	if (wait) {
-		boost::mutex::scoped_lock lock(m_EventMutex[tid]);
-
-		m_FDChanged[tid] = true;
-
-		while (m_FDChanged[tid]) {
-			(void) send(m_EventFDs[tid][1], "T", 1, 0);
-
-			boost::system_time const timeout = boost::get_system_time() + boost::posix_time::milliseconds(50);
-			m_CV[tid].timed_wait(lock, timeout);
-		}
-	} else {
-		(void) send(m_EventFDs[tid][1], "T", 1, 0);
-	}
-}
-
-void SocketEvents::InitializeEngine()
-{
-	String eventEngine = ScriptGlobal::Get("EventEngine", &Empty);
-
-	if (eventEngine.IsEmpty())
-#ifdef __linux__
-		eventEngine = "epoll";
-#else /* __linux__ */
-		eventEngine = "poll";
-#endif /* __linux__ */
-
-	if (eventEngine == "poll")
-		l_SocketIOEngine = new SocketEventEnginePoll();
-#ifdef __linux__
-	else if (eventEngine == "epoll")
-		l_SocketIOEngine = new SocketEventEngineEpoll();
-#endif /* __linux__ */
-	else {
-		Log(LogWarning, "SocketEvents")
-			<< "Invalid event engine selected: " << eventEngine << " - Falling back to 'poll'";
-
-		eventEngine = "poll";
-
-		l_SocketIOEngine = new SocketEventEnginePoll();
-	}
-
-	l_SocketIOEngine->Start();
-
-	ScriptGlobal::Set("EventEngine", eventEngine);
-}
-
-/**
- * Constructor for the SocketEvents class.
- */
-SocketEvents::SocketEvents(const Socket::Ptr& socket, Object *lifesupportObject)
-	: m_ID(m_NextID++), m_FD(socket->GetFD()), m_EnginePrivate(nullptr)
-{
-	boost::call_once(l_SocketIOOnceFlag, &SocketEvents::InitializeEngine);
-
-	Register(lifesupportObject);
-}
-
-SocketEvents::~SocketEvents()
-{
-	VERIFY(m_FD == INVALID_SOCKET);
-}
-
-void SocketEvents::Register(Object *lifesupportObject)
-{
-	l_SocketIOEngine->Register(this, lifesupportObject);
-}
-
-void SocketEvents::Unregister()
-{
-	l_SocketIOEngine->Unregister(this);
-}
-
-void SocketEvents::ChangeEvents(int events)
-{
-	l_SocketIOEngine->ChangeEvents(this, events);
-}
-
-boost::mutex& SocketEventEngine::GetMutex(int tid)
-{
-	return m_EventMutex[tid];
-}
-
-bool SocketEvents::IsHandlingEvents() const
-{
-	int tid = m_ID % SOCKET_IOTHREADS;
-	boost::mutex::scoped_lock lock(l_SocketIOEngine->GetMutex(tid));
-	return m_Events;
-}
-
-void SocketEvents::OnEvent(int revents)
-{
-
-}
-
diff --git a/lib/base/socketevents.hpp b/lib/base/socketevents.hpp
deleted file mode 100644
index 360a03477..000000000
--- a/lib/base/socketevents.hpp
+++ /dev/null
@@ -1,153 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef SOCKETEVENTS_H
-#define SOCKETEVENTS_H
-
-#include "base/i2-base.hpp"
-#include "base/socket.hpp"
-#include <boost/thread/condition_variable.hpp>
-#include <thread>
-
-#ifndef _WIN32
-#	include <poll.h>
-#endif /* _WIN32 */
-
-namespace icinga
-{
-
-/**
- * Socket event interface
- *
- * @ingroup base
- */
-class SocketEvents
-{
-public:
-	~SocketEvents();
-
-	virtual void OnEvent(int revents);
-
-	void Unregister();
-
-	void ChangeEvents(int events);
-
-	bool IsHandlingEvents() const;
-
-	void *GetEnginePrivate() const;
-	void SetEnginePrivate(void *priv);
-
-protected:
-	SocketEvents(const Socket::Ptr& socket, Object *lifesupportObject);
-
-private:
-	int m_ID;
-	SOCKET m_FD;
-	bool m_Events;
-	void *m_EnginePrivate;
-
-	static int m_NextID;
-
-	static void InitializeEngine();
-
-	void WakeUpThread(bool wait = false);
-
-	void Register(Object *lifesupportObject);
-
-	friend class SocketEventEnginePoll;
-	friend class SocketEventEngineEpoll;
-};
-
-#define SOCKET_IOTHREADS 8
-
-struct SocketEventDescriptor
-{
-	int Events{POLLIN};
-	SocketEvents *EventInterface{nullptr};
-	Object *LifesupportObject{nullptr};
-};
-
-struct EventDescription
-{
-	int REvents;
-	SocketEventDescriptor Descriptor;
-	Object::Ptr LifesupportReference;
-};
-
-class SocketEventEngine
-{
-public:
-	void Start();
-
-	void WakeUpThread(int sid, bool wait);
-
-	boost::mutex& GetMutex(int tid);
-
-protected:
-	virtual void InitializeThread(int tid) = 0;
-	virtual void ThreadProc(int tid) = 0;
-	virtual void Register(SocketEvents *se, Object *lifesupportObject) = 0;
-	virtual void Unregister(SocketEvents *se) = 0;
-	virtual void ChangeEvents(SocketEvents *se, int events) = 0;
-
-	std::thread m_Threads[SOCKET_IOTHREADS];
-	SOCKET m_EventFDs[SOCKET_IOTHREADS][2];
-	bool m_FDChanged[SOCKET_IOTHREADS];
-	boost::mutex m_EventMutex[SOCKET_IOTHREADS];
-	boost::condition_variable m_CV[SOCKET_IOTHREADS];
-	std::map<SOCKET, SocketEventDescriptor> m_Sockets[SOCKET_IOTHREADS];
-
-	friend class SocketEvents;
-};
-
-class SocketEventEnginePoll final : public SocketEventEngine
-{
-public:
-	void Register(SocketEvents *se, Object *lifesupportObject) override;
-	void Unregister(SocketEvents *se) override;
-	void ChangeEvents(SocketEvents *se, int events) override;
-
-protected:
-	void InitializeThread(int tid) override;
-	void ThreadProc(int tid) override;
-};
-
-#ifdef __linux__
-class SocketEventEngineEpoll : public SocketEventEngine
-{
-public:
-	virtual void Register(SocketEvents *se, Object *lifesupportObject);
-	virtual void Unregister(SocketEvents *se);
-	virtual void ChangeEvents(SocketEvents *se, int events);
-
-protected:
-	virtual void InitializeThread(int tid);
-	virtual void ThreadProc(int tid);
-
-private:
-	SOCKET m_PollFDs[SOCKET_IOTHREADS];
-
-	static int PollToEpoll(int events);
-	static int EpollToPoll(int events);
-};
-#endif /* __linux__ */
-
-}
-
-#endif /* SOCKETEVENTS_H */
diff --git a/lib/base/stacktrace.cpp b/lib/base/stacktrace.cpp
index 9fb6c519e..81fdd3380 100644
--- a/lib/base/stacktrace.cpp
+++ b/lib/base/stacktrace.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/stacktrace.hpp"
 #include "base/utility.hpp"
diff --git a/lib/base/stacktrace.hpp b/lib/base/stacktrace.hpp
index 1a197de2b..1416d6558 100644
--- a/lib/base/stacktrace.hpp
+++ b/lib/base/stacktrace.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STACKTRACE_H
 #define STACKTRACE_H
diff --git a/lib/base/statsfunction.hpp b/lib/base/statsfunction.hpp
index 8dc5af4d7..ecac33c57 100644
--- a/lib/base/statsfunction.hpp
+++ b/lib/base/statsfunction.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STATSFUNCTION_H
 #define STATSFUNCTION_H
@@ -27,7 +10,7 @@ namespace icinga
 {
 
 #define REGISTER_STATSFUNCTION(name, callback) \
-	REGISTER_SCRIPTFUNCTION_NS(StatsFunctions, name, callback, "status:perfdata")
+	REGISTER_FUNCTION(StatsFunctions, name, callback, "status:perfdata")
 
 }
 
diff --git a/lib/base/stdiostream.cpp b/lib/base/stdiostream.cpp
index 773ee35c3..449036f03 100644
--- a/lib/base/stdiostream.cpp
+++ b/lib/base/stdiostream.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/stdiostream.hpp"
 #include "base/objectlock.hpp"
diff --git a/lib/base/stdiostream.hpp b/lib/base/stdiostream.hpp
index e72cf4c43..05c7f0d57 100644
--- a/lib/base/stdiostream.hpp
+++ b/lib/base/stdiostream.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STDIOSTREAM_H
 #define STDIOSTREAM_H
diff --git a/lib/base/stream.cpp b/lib/base/stream.cpp
index 3048f096c..77d39d3aa 100644
--- a/lib/base/stream.cpp
+++ b/lib/base/stream.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/stream.hpp"
 #include <boost/algorithm/string/trim.hpp>
@@ -91,16 +74,6 @@ bool Stream::WaitForData(int timeout)
 	return IsDataAvailable() || IsEof();
 }
 
-void Stream::SetCorked(bool corked)
-{
-	m_Corked = corked;
-}
-
-bool Stream::IsCorked() const
-{
-	return m_Corked;
-}
-
 static void StreamDummyCallback()
 { }
 
@@ -129,31 +102,19 @@ StreamReadStatus Stream::ReadLine(String *line, StreamReadContext& context, bool
 		}
 	}
 
-	int count = 0;
-	size_t first_newline;
-
 	for (size_t i = 0; i < context.Size; i++) {
 		if (context.Buffer[i] == '\n') {
-			count++;
+			*line = String(context.Buffer, context.Buffer + i);
+			boost::algorithm::trim_right(*line);
 
-			if (count == 1)
-				first_newline = i;
-			else if (count > 1)
-				break;
+			context.DropData(i + 1u);
+
+			context.MustRead = !context.Size;
+			return StatusNewItem;
 		}
 	}
 
-	context.MustRead = (count <= 1);
-
-	if (count > 0) {
-		*line = String(context.Buffer, &(context.Buffer[first_newline]));
-		boost::algorithm::trim_right(*line);
-
-		context.DropData(first_newline + 1);
-
-		return StatusNewItem;
-	}
-
+	context.MustRead = true;
 	return StatusNeedData;
 }
 
diff --git a/lib/base/stream.hpp b/lib/base/stream.hpp
index bb4129138..393a0aee4 100644
--- a/lib/base/stream.hpp
+++ b/lib/base/stream.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STREAM_H
 #define STREAM_H
@@ -127,9 +110,6 @@ public:
 	bool WaitForData();
 	bool WaitForData(int timeout);
 
-	virtual void SetCorked(bool corked);
-	bool IsCorked() const;
-
 	virtual bool SupportsWaiting() const;
 
 	virtual bool IsDataAvailable() const;
@@ -146,8 +126,6 @@ private:
 
 	boost::mutex m_Mutex;
 	boost::condition_variable m_CV;
-
-	bool m_Corked{false};
 };
 
 }
diff --git a/lib/base/streamlogger.cpp b/lib/base/streamlogger.cpp
index fa93d740b..146fe3c91 100644
--- a/lib/base/streamlogger.cpp
+++ b/lib/base/streamlogger.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/streamlogger.hpp"
 #include "base/streamlogger-ti.cpp"
@@ -47,7 +30,7 @@ StreamLogger::~StreamLogger()
 	if (m_FlushLogTimer)
 		m_FlushLogTimer->Stop();
 
-	if (m_OwnsStream)
+	if (m_Stream && m_OwnsStream)
 		delete m_Stream;
 }
 
@@ -66,16 +49,18 @@ void StreamLogger::BindStream(std::ostream *stream, bool ownsStream)
 {
 	ObjectLock olock(this);
 
-	if (m_OwnsStream)
+	if (m_Stream && m_OwnsStream)
 		delete m_Stream;
 
 	m_Stream = stream;
 	m_OwnsStream = ownsStream;
 
-	m_FlushLogTimer = new Timer();
-	m_FlushLogTimer->SetInterval(1);
-	m_FlushLogTimer->OnTimerExpired.connect(std::bind(&StreamLogger::FlushLogTimerHandler, this));
-	m_FlushLogTimer->Start();
+	if (!m_FlushLogTimer) {
+		m_FlushLogTimer = new Timer();
+		m_FlushLogTimer->SetInterval(1);
+		m_FlushLogTimer->OnTimerExpired.connect(std::bind(&StreamLogger::FlushLogTimerHandler, this));
+		m_FlushLogTimer->Start();
+	}
 }
 
 /**
diff --git a/lib/base/streamlogger.hpp b/lib/base/streamlogger.hpp
index ae08361c5..81482aa98 100644
--- a/lib/base/streamlogger.hpp
+++ b/lib/base/streamlogger.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STREAMLOGGER_H
 #define STREAMLOGGER_H
diff --git a/lib/base/streamlogger.ti b/lib/base/streamlogger.ti
index 750c9f689..6dc36e0cb 100644
--- a/lib/base/streamlogger.ti
+++ b/lib/base/streamlogger.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/logger.hpp"
 
diff --git a/lib/base/string-script.cpp b/lib/base/string-script.cpp
index 2edb6dd01..323f99c41 100644
--- a/lib/base/string-script.cpp
+++ b/lib/base/string-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/object.hpp"
 #include "base/dictionary.hpp"
diff --git a/lib/base/string.cpp b/lib/base/string.cpp
index 5970f6ebf..c4617e357 100644
--- a/lib/base/string.cpp
+++ b/lib/base/string.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/string.hpp"
 #include "base/value.hpp"
diff --git a/lib/base/string.hpp b/lib/base/string.hpp
index 70b6f9e37..e9799e7eb 100644
--- a/lib/base/string.hpp
+++ b/lib/base/string.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STRING_H
 #define STRING_H
diff --git a/lib/base/stringbuilder.cpp b/lib/base/stringbuilder.cpp
new file mode 100644
index 000000000..5b5a508ec
--- /dev/null
+++ b/lib/base/stringbuilder.cpp
@@ -0,0 +1,36 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/stringbuilder.hpp"
+#include <cstring>
+
+using namespace icinga;
+
+void StringBuilder::Append(const String& str)
+{
+	m_Buffer.insert(m_Buffer.end(), str.Begin(), str.End());
+}
+
+void StringBuilder::Append(const std::string& str)
+{
+	m_Buffer.insert(m_Buffer.end(), str.begin(), str.end());
+}
+
+void StringBuilder::Append(const char *begin, const char *end)
+{
+	m_Buffer.insert(m_Buffer.end(), begin, end);
+}
+
+void StringBuilder::Append(const char *cstr)
+{
+	m_Buffer.insert(m_Buffer.end(), cstr, cstr + std::strlen(cstr));
+}
+
+void StringBuilder::Append(char chr)
+{
+	m_Buffer.emplace_back(chr);
+}
+
+String StringBuilder::ToString() const
+{
+	return String(m_Buffer.data(), m_Buffer.data() + m_Buffer.size());
+}
diff --git a/lib/base/stringbuilder.hpp b/lib/base/stringbuilder.hpp
new file mode 100644
index 000000000..4d806f4b7
--- /dev/null
+++ b/lib/base/stringbuilder.hpp
@@ -0,0 +1,36 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef STRINGBUILDER_H
+#define STRINGBUILDER_H
+
+#include "base/i2-base.hpp"
+#include "base/string.hpp"
+#include <string>
+#include <vector>
+
+namespace icinga
+{
+
+/**
+ * A string builder.
+ *
+ * @ingroup base
+ */
+class StringBuilder final
+{
+public:
+	void Append(const String&);
+	void Append(const std::string&);
+	void Append(const char *, const char *);
+	void Append(const char *);
+	void Append(char);
+
+	String ToString() const;
+
+private:
+	std::vector<char> m_Buffer;
+};
+
+}
+
+#endif /* STRINGBUILDER_H */
diff --git a/lib/base/sysloglogger.cpp b/lib/base/sysloglogger.cpp
index b5d735a80..44babc31c 100644
--- a/lib/base/sysloglogger.cpp
+++ b/lib/base/sysloglogger.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef _WIN32
 #include "base/sysloglogger.hpp"
@@ -35,26 +18,26 @@ std::map<String, int> SyslogLogger::m_FacilityMap;
 
 void SyslogLogger::StaticInitialize()
 {
-	ScriptGlobal::Set("FacilityAuth", "LOG_AUTH");
-	ScriptGlobal::Set("FacilityAuthPriv", "LOG_AUTHPRIV");
-	ScriptGlobal::Set("FacilityCron", "LOG_CRON");
-	ScriptGlobal::Set("FacilityDaemon", "LOG_DAEMON");
-	ScriptGlobal::Set("FacilityFtp", "LOG_FTP");
-	ScriptGlobal::Set("FacilityKern", "LOG_KERN");
-	ScriptGlobal::Set("FacilityLocal0", "LOG_LOCAL0");
-	ScriptGlobal::Set("FacilityLocal1", "LOG_LOCAL1");
-	ScriptGlobal::Set("FacilityLocal2", "LOG_LOCAL2");
-	ScriptGlobal::Set("FacilityLocal3", "LOG_LOCAL3");
-	ScriptGlobal::Set("FacilityLocal4", "LOG_LOCAL4");
-	ScriptGlobal::Set("FacilityLocal5", "LOG_LOCAL5");
-	ScriptGlobal::Set("FacilityLocal6", "LOG_LOCAL6");
-	ScriptGlobal::Set("FacilityLocal7", "LOG_LOCAL7");
-	ScriptGlobal::Set("FacilityLpr", "LOG_LPR");
-	ScriptGlobal::Set("FacilityMail", "LOG_MAIL");
-	ScriptGlobal::Set("FacilityNews", "LOG_NEWS");
-	ScriptGlobal::Set("FacilitySyslog", "LOG_SYSLOG");
-	ScriptGlobal::Set("FacilityUser", "LOG_USER");
-	ScriptGlobal::Set("FacilityUucp", "LOG_UUCP");
+	ScriptGlobal::Set("System.FacilityAuth", "LOG_AUTH", true);
+	ScriptGlobal::Set("System.FacilityAuthPriv", "LOG_AUTHPRIV", true);
+	ScriptGlobal::Set("System.FacilityCron", "LOG_CRON", true);
+	ScriptGlobal::Set("System.FacilityDaemon", "LOG_DAEMON", true);
+	ScriptGlobal::Set("System.FacilityFtp", "LOG_FTP", true);
+	ScriptGlobal::Set("System.FacilityKern", "LOG_KERN", true);
+	ScriptGlobal::Set("System.FacilityLocal0", "LOG_LOCAL0", true);
+	ScriptGlobal::Set("System.FacilityLocal1", "LOG_LOCAL1", true);
+	ScriptGlobal::Set("System.FacilityLocal2", "LOG_LOCAL2", true);
+	ScriptGlobal::Set("System.FacilityLocal3", "LOG_LOCAL3", true);
+	ScriptGlobal::Set("System.FacilityLocal4", "LOG_LOCAL4", true);
+	ScriptGlobal::Set("System.FacilityLocal5", "LOG_LOCAL5", true);
+	ScriptGlobal::Set("System.FacilityLocal6", "LOG_LOCAL6", true);
+	ScriptGlobal::Set("System.FacilityLocal7", "LOG_LOCAL7", true);
+	ScriptGlobal::Set("System.FacilityLpr", "LOG_LPR", true);
+	ScriptGlobal::Set("System.FacilityMail", "LOG_MAIL", true);
+	ScriptGlobal::Set("System.FacilityNews", "LOG_NEWS", true);
+	ScriptGlobal::Set("System.FacilitySyslog", "LOG_SYSLOG", true);
+	ScriptGlobal::Set("System.FacilityUser", "LOG_USER", true);
+	ScriptGlobal::Set("System.FacilityUucp", "LOG_UUCP", true);
 
 	m_FacilityMap["LOG_AUTH"] = LOG_AUTH;
 	m_FacilityMap["LOG_AUTHPRIV"] = LOG_AUTHPRIV;
diff --git a/lib/base/sysloglogger.hpp b/lib/base/sysloglogger.hpp
index 8718a21d0..168c5d9a5 100644
--- a/lib/base/sysloglogger.hpp
+++ b/lib/base/sysloglogger.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SYSLOGLOGGER_H
 #define SYSLOGLOGGER_H
diff --git a/lib/base/sysloglogger.ti b/lib/base/sysloglogger.ti
index 9ca92d637..8f343597f 100644
--- a/lib/base/sysloglogger.ti
+++ b/lib/base/sysloglogger.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/logger.hpp"
 
diff --git a/lib/base/tcpsocket.cpp b/lib/base/tcpsocket.cpp
index a25d52d77..a9390e5a7 100644
--- a/lib/base/tcpsocket.cpp
+++ b/lib/base/tcpsocket.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/tcpsocket.hpp"
 #include "base/logger.hpp"
@@ -89,10 +72,11 @@ void TcpSocket::Bind(const String& node, const String& service, int family)
 		const int optFalse = 0;
 		setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, reinterpret_cast<const char *>(&optFalse), sizeof(optFalse));
 
-#ifndef _WIN32
 		const int optTrue = 1;
 		setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, reinterpret_cast<const char *>(&optTrue), sizeof(optTrue));
-#endif /* _WIN32 */
+#ifdef SO_REUSEPORT
+		setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, reinterpret_cast<const char *>(&optTrue), sizeof(optTrue));
+#endif /* SO_REUSEPORT */
 
 		int rc = bind(fd, info->ai_addr, info->ai_addrlen);
 
diff --git a/lib/base/tcpsocket.hpp b/lib/base/tcpsocket.hpp
index 1b99128ae..e0f502256 100644
--- a/lib/base/tcpsocket.hpp
+++ b/lib/base/tcpsocket.hpp
@@ -1,33 +1,19 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TCPSOCKET_H
 #define TCPSOCKET_H
 
 #include "base/i2-base.hpp"
+#include "base/io-engine.hpp"
 #include "base/socket.hpp"
+#include <boost/asio/ip/tcp.hpp>
+#include <boost/asio/spawn.hpp>
 
 namespace icinga
 {
 
 /**
- * A TCP socket.
+ * A TCP socket. DEPRECATED - Use Boost ASIO instead.
  *
  * @ingroup base
  */
@@ -42,6 +28,69 @@ public:
 	void Connect(const String& node, const String& service);
 };
 
+/**
+ * TCP Connect based on Boost ASIO.
+ *
+ * @ingroup base
+ */
+template<class Socket>
+void Connect(Socket& socket, const String& node, const String& service)
+{
+	using boost::asio::ip::tcp;
+
+	tcp::resolver resolver (IoEngine::Get().GetIoContext());
+	tcp::resolver::query query (node, service);
+	auto result (resolver.resolve(query));
+	auto current (result.begin());
+
+	for (;;) {
+		try {
+			socket.open(current->endpoint().protocol());
+			socket.set_option(tcp::socket::keep_alive(true));
+			socket.connect(current->endpoint());
+
+			break;
+		} catch (const std::exception&) {
+			if (++current == result.end()) {
+				throw;
+			}
+
+			if (socket.is_open()) {
+				socket.close();
+			}
+		}
+	}
+}
+
+template<class Socket>
+void Connect(Socket& socket, const String& node, const String& service, boost::asio::yield_context yc)
+{
+	using boost::asio::ip::tcp;
+
+	tcp::resolver resolver (IoEngine::Get().GetIoContext());
+	tcp::resolver::query query (node, service);
+	auto result (resolver.async_resolve(query, yc));
+	auto current (result.begin());
+
+	for (;;) {
+		try {
+			socket.open(current->endpoint().protocol());
+			socket.set_option(tcp::socket::keep_alive(true));
+			socket.async_connect(current->endpoint(), yc);
+
+			break;
+		} catch (const std::exception&) {
+			if (++current == result.end()) {
+				throw;
+			}
+
+			if (socket.is_open()) {
+				socket.close();
+			}
+		}
+	}
+}
+
 }
 
 #endif /* TCPSOCKET_H */
diff --git a/lib/base/threadpool.cpp b/lib/base/threadpool.cpp
index 996931d00..26787ab52 100644
--- a/lib/base/threadpool.cpp
+++ b/lib/base/threadpool.cpp
@@ -1,40 +1,13 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/threadpool.hpp"
-#include "base/logger.hpp"
-#include "base/debug.hpp"
-#include "base/utility.hpp"
-#include "base/exception.hpp"
-#include "base/application.hpp"
-#include <iostream>
+#include <boost/thread/locks.hpp>
 
 using namespace icinga;
 
-int ThreadPool::m_NextID = 1;
-
-ThreadPool::ThreadPool(size_t max_threads)
-	: m_ID(m_NextID++), m_MaxThreads(max_threads)
+ThreadPool::ThreadPool(size_t threads)
+	: m_Threads(threads), m_Pending(0)
 {
-	if (m_MaxThreads != UINT_MAX && m_MaxThreads < sizeof(m_Queues) / sizeof(m_Queues[0]))
-		m_MaxThreads = sizeof(m_Queues) / sizeof(m_Queues[0]);
-
 	Start();
 }
 
@@ -45,354 +18,19 @@ ThreadPool::~ThreadPool()
 
 void ThreadPool::Start()
 {
-	if (!m_Stopped)
-		return;
+	boost::unique_lock<decltype(m_Mutex)> lock (m_Mutex);
 
-	m_Stopped = false;
-
-	for (auto& queue : m_Queues)
-		queue.SpawnWorker(m_ThreadGroup);
-
-	m_MgmtThread = std::thread(std::bind(&ThreadPool::ManagerThreadProc, this));
+	if (!m_Pool) {
+		m_Pool = decltype(m_Pool)(new boost::asio::thread_pool(m_Threads));
+	}
 }
 
 void ThreadPool::Stop()
 {
-	if (m_Stopped)
-		return;
+	boost::unique_lock<decltype(m_Mutex)> lock (m_Mutex);
 
-	{
-		boost::mutex::scoped_lock lock(m_MgmtMutex);
-		m_Stopped = true;
-		m_MgmtCV.notify_all();
-	}
-
-	if (m_MgmtThread.joinable())
-		m_MgmtThread.join();
-
-	for (auto& queue : m_Queues) {
-		boost::mutex::scoped_lock lock(queue.Mutex);
-		queue.Stopped = true;
-		queue.CV.notify_all();
-	}
-
-	m_ThreadGroup.join_all();
-	m_ThreadGroup.~thread_group();
-	new (&m_ThreadGroup) boost::thread_group();
-
-	for (auto& queue : m_Queues)
-		queue.Stopped = false;
-
-	m_Stopped = true;
-}
-
-/**
- * Waits for work items and processes them.
- */
-void ThreadPool::WorkerThread::ThreadProc(Queue& queue)
-{
-	std::ostringstream idbuf;
-	idbuf << "Q #" << &queue << " W #" << this;
-	Utility::SetThreadName(idbuf.str());
-
-	for (;;) {
-		WorkItem wi;
-
-		{
-			boost::mutex::scoped_lock lock(queue.Mutex);
-
-			UpdateUtilization(ThreadIdle);
-
-			while (queue.Items.empty() && !queue.Stopped && !Zombie) {
-				if (queue.Items.empty())
-					queue.CVStarved.notify_all();
-
-				queue.CV.wait(lock);
-			}
-
-			if (Zombie)
-				break;
-
-			if (queue.Items.empty() && queue.Stopped)
-				break;
-
-			wi = queue.Items.front();
-			queue.Items.pop_front();
-
-			UpdateUtilization(ThreadBusy);
-		}
-
-		double st = Utility::GetTime();
-
-#ifdef I2_DEBUG
-#	ifdef RUSAGE_THREAD
-		struct rusage usage_start, usage_end;
-
-		(void) getrusage(RUSAGE_THREAD, &usage_start);
-#	endif /* RUSAGE_THREAD */
-#endif /* I2_DEBUG */
-
-		try {
-			if (wi.Callback)
-				wi.Callback();
-		} catch (const std::exception& ex) {
-			Log(LogCritical, "ThreadPool")
-				<< "Exception thrown in event handler:\n"
-				<< DiagnosticInformation(ex);
-		} catch (...) {
-			Log(LogCritical, "ThreadPool", "Exception of unknown type thrown in event handler.");
-		}
-
-		double et = Utility::GetTime();
-		double latency = st - wi.Timestamp;
-
-		{
-			boost::mutex::scoped_lock lock(queue.Mutex);
-
-			queue.WaitTime += latency;
-			queue.ServiceTime += et - st;
-			queue.TaskCount++;
-		}
-
-#ifdef I2_DEBUG
-#	ifdef RUSAGE_THREAD
-		(void) getrusage(RUSAGE_THREAD, &usage_end);
-
-		double duser = (usage_end.ru_utime.tv_sec - usage_start.ru_utime.tv_sec) +
-			(usage_end.ru_utime.tv_usec - usage_start.ru_utime.tv_usec) / 1000000.0;
-
-		double dsys = (usage_end.ru_stime.tv_sec - usage_start.ru_stime.tv_sec) +
-			(usage_end.ru_stime.tv_usec - usage_start.ru_stime.tv_usec) / 1000000.0;
-
-		double dwait = (et - st) - (duser + dsys);
-
-		int dminfaults = usage_end.ru_minflt - usage_start.ru_minflt;
-		int dmajfaults = usage_end.ru_majflt - usage_start.ru_majflt;
-
-		int dvctx = usage_end.ru_nvcsw - usage_start.ru_nvcsw;
-		int divctx = usage_end.ru_nivcsw - usage_start.ru_nivcsw;
-#	endif /* RUSAGE_THREAD */
-		if (et - st > 0.5) {
-			Log(LogWarning, "ThreadPool")
-#	ifdef RUSAGE_THREAD
-				<< "Event call took user:" << duser << "s, system:" << dsys << "s, wait:" << dwait << "s, minor_faults:" << dminfaults << ", major_faults:" << dmajfaults << ", voluntary_csw:" << dvctx << ", involuntary_csw:" << divctx;
-#	else
-				<< "Event call took " << (et - st) << "s";
-#	endif /* RUSAGE_THREAD */
-		}
-#endif /* I2_DEBUG */
-	}
-
-	boost::mutex::scoped_lock lock(queue.Mutex);
-	UpdateUtilization(ThreadDead);
-	Zombie = false;
-}
-
-/**
- * Appends a work item to the work queue. Work items will be processed in FIFO order.
- *
- * @param callback The callback function for the work item.
- * @param policy The scheduling policy
- * @returns true if the item was queued, false otherwise.
- */
-bool ThreadPool::Post(const ThreadPool::WorkFunction& callback, SchedulerPolicy policy)
-{
-	WorkItem wi;
-	wi.Callback = callback;
-	wi.Timestamp = Utility::GetTime();
-
-	Queue& queue = m_Queues[Utility::Random() % (sizeof(m_Queues) / sizeof(m_Queues[0]))];
-
-	{
-		boost::mutex::scoped_lock lock(queue.Mutex);
-
-		if (queue.Stopped)
-			return false;
-
-		if (policy == LowLatencyScheduler)
-			queue.SpawnWorker(m_ThreadGroup);
-
-		queue.Items.emplace_back(std::move(wi));
-		queue.CV.notify_one();
-	}
-
-	return true;
-}
-
-void ThreadPool::ManagerThreadProc()
-{
-	std::ostringstream idbuf;
-	idbuf << "TP #" << m_ID << " Manager";
-	Utility::SetThreadName(idbuf.str());
-
-	double lastStats = 0;
-
-	for (;;) {
-		size_t total_pending = 0, total_alive = 0;
-		double total_avg_latency = 0;
-		double total_utilization = 0;
-
-		{
-			boost::mutex::scoped_lock lock(m_MgmtMutex);
-
-			if (!m_Stopped)
-				m_MgmtCV.timed_wait(lock, boost::posix_time::milliseconds(500));
-
-			if (m_Stopped)
-				break;
-		}
-
-		for (auto& queue : m_Queues) {
-			size_t pending, alive = 0;
-			double avg_latency;
-			double utilization = 0;
-
-				boost::mutex::scoped_lock lock(queue.Mutex);
-
-			for (auto& thread : queue.Threads)
-				thread.UpdateUtilization();
-
-			pending = queue.Items.size();
-
-			for (auto& thread : queue.Threads) {
-				if (thread.State != ThreadDead && !thread.Zombie) {
-					alive++;
-					utilization += thread.Utilization * 100;
-				}
-			}
-
-			utilization /= alive;
-
-			if (queue.TaskCount > 0)
-				avg_latency = queue.WaitTime / (queue.TaskCount * 1.0);
-			else
-				avg_latency = 0;
-
-			if (utilization < 60 || utilization > 80 || alive < 8) {
-				double wthreads = std::ceil((utilization * alive) / 80.0);
-
-				int tthreads = wthreads - alive;
-
-				/* Make sure there is at least one thread per queue */
-				if (alive + tthreads < 1)
-					tthreads = 1 - alive;
-
-				/* Don't kill more than 2 threads at once. */
-				if (tthreads < -2)
-					tthreads = -2;
-
-				/* Spawn more workers if there are outstanding work items. */
-				if (tthreads > 0 && pending > 0)
-					tthreads = 2;
-
-				if (m_MaxThreads != UINT_MAX && (alive + tthreads) * (sizeof(m_Queues) / sizeof(m_Queues[0])) > m_MaxThreads)
-					tthreads = m_MaxThreads / (sizeof(m_Queues) / sizeof(m_Queues[0])) - alive;
-
-				if (tthreads != 0) {
-					Log(LogNotice, "ThreadPool")
-						<< "Thread pool; current: " << alive << "; adjustment: " << tthreads;
-				}
-
-				for (int i = 0; i < -tthreads; i++)
-					queue.KillWorker(m_ThreadGroup);
-
-				for (int i = 0; i < tthreads; i++)
-					queue.SpawnWorker(m_ThreadGroup);
-			}
-
-			queue.WaitTime = 0;
-			queue.ServiceTime = 0;
-			queue.TaskCount = 0;
-
-			total_pending += pending;
-			total_alive += alive;
-			total_avg_latency += avg_latency;
-			total_utilization += utilization;
-		}
-
-		double now = Utility::GetTime();
-
-		if (lastStats < now - 15) {
-			lastStats = now;
-
-			Log(LogNotice, "ThreadPool")
-				<< "Pool #" << m_ID << ": Pending tasks: " << total_pending << "; Average latency: "
-				<< (long)(total_avg_latency * 1000 / (sizeof(m_Queues) / sizeof(m_Queues[0]))) << "ms"
-				<< "; Threads: " << total_alive
-				<< "; Pool utilization: " << (total_utilization / (sizeof(m_Queues) / sizeof(m_Queues[0]))) << "%";
-		}
+	if (m_Pool) {
+		m_Pool->join();
+		m_Pool = nullptr;
 	}
 }
-
-/**
- * Note: Caller must hold m_Mutex
- */
-void ThreadPool::Queue::SpawnWorker(boost::thread_group& group)
-{
-	for (auto& thread : Threads) {
-		if (thread.State == ThreadDead) {
-			Log(LogDebug, "ThreadPool", "Spawning worker thread.");
-
-			thread = WorkerThread(ThreadIdle);
-			thread.Thread = group.create_thread(std::bind(&ThreadPool::WorkerThread::ThreadProc, std::ref(thread), std::ref(*this)));
-
-			break;
-		}
-	}
-}
-
-/**
- * Note: Caller must hold Mutex.
- */
-void ThreadPool::Queue::KillWorker(boost::thread_group& group)
-{
-	for (auto& thread : Threads) {
-		if (thread.State == ThreadIdle && !thread.Zombie) {
-			Log(LogDebug, "ThreadPool", "Killing worker thread.");
-
-			group.remove_thread(thread.Thread);
-			thread.Thread->detach();
-			delete thread.Thread;
-
-			thread.Zombie = true;
-			CV.notify_all();
-
-			break;
-		}
-	}
-}
-
-/**
- * Note: Caller must hold queue Mutex.
- */
-void ThreadPool::WorkerThread::UpdateUtilization(ThreadState state)
-{
-	double utilization;
-
-	switch (State) {
-		case ThreadDead:
-			return;
-		case ThreadIdle:
-			utilization = 0;
-			break;
-		case ThreadBusy:
-			utilization = 1;
-			break;
-		default:
-			VERIFY(0);
-	}
-
-	double now = Utility::GetTime();
-	double time = now - LastUpdate;
-
-	const double avg_time = 5.0;
-
-	if (time > avg_time)
-		time = avg_time;
-
-	Utilization = (Utilization * (avg_time - time) + utilization * time) / avg_time;
-	LastUpdate = now;
-
-	if (state != ThreadUnspecified)
-		State = state;
-}
diff --git a/lib/base/threadpool.hpp b/lib/base/threadpool.hpp
index 06277c70c..af351cd7a 100644
--- a/lib/base/threadpool.hpp
+++ b/lib/base/threadpool.hpp
@@ -1,37 +1,25 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef THREADPOOL_H
 #define THREADPOOL_H
 
-#include "base/i2-base.hpp"
-#include <boost/thread/thread.hpp>
-#include <boost/thread/mutex.hpp>
-#include <boost/thread/condition_variable.hpp>
-#include <deque>
+#include "base/atomic.hpp"
+#include "base/exception.hpp"
+#include "base/logger.hpp"
+#include <cstddef>
+#include <exception>
+#include <functional>
+#include <memory>
 #include <thread>
+#include <boost/asio/post.hpp>
+#include <boost/asio/thread_pool.hpp>
+#include <boost/thread/locks.hpp>
+#include <boost/thread/shared_mutex.hpp>
+#include <cstdint>
 
 namespace icinga
 {
 
-#define QUEUECOUNT 4U
-
 enum SchedulerPolicy
 {
 	DefaultScheduler,
@@ -48,85 +36,63 @@ class ThreadPool
 public:
 	typedef std::function<void ()> WorkFunction;
 
-	ThreadPool(size_t max_threads = UINT_MAX);
+	ThreadPool(size_t threads = std::thread::hardware_concurrency() * 2u);
 	~ThreadPool();
 
 	void Start();
 	void Stop();
 
-	bool Post(const WorkFunction& callback, SchedulerPolicy policy = DefaultScheduler);
+	/**
+	 * Appends a work item to the work queue. Work items will be processed in FIFO order.
+	 *
+	 * @param callback The callback function for the work item.
+	 * @returns true if the item was queued, false otherwise.
+	 */
+	template<class T>
+	bool Post(T callback, SchedulerPolicy)
+	{
+		boost::shared_lock<decltype(m_Mutex)> lock (m_Mutex);
+
+		if (m_Pool) {
+			m_Pending.fetch_add(1);
+
+			boost::asio::post(*m_Pool, [this, callback]() {
+				m_Pending.fetch_sub(1);
+
+				try {
+					callback();
+				} catch (const std::exception& ex) {
+					Log(LogCritical, "ThreadPool")
+						<< "Exception thrown in event handler:\n"
+						<< DiagnosticInformation(ex);
+				} catch (...) {
+					Log(LogCritical, "ThreadPool", "Exception of unknown type thrown in event handler.");
+				}
+			});
+
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * Returns the amount of queued tasks not started yet.
+	 *
+	 * @returns amount of queued tasks.
+	 */
+	inline uint_fast64_t GetPending()
+	{
+		return m_Pending.load();
+	}
 
 private:
-	enum ThreadState
-	{
-		ThreadUnspecified,
-		ThreadDead,
-		ThreadIdle,
-		ThreadBusy
-	};
-
-	struct WorkItem
-	{
-		WorkFunction Callback;
-		double Timestamp;
-	};
-
-	struct Queue;
-
-	struct WorkerThread
-	{
-		ThreadState State{ThreadDead};
-		bool Zombie{false};
-		double Utilization{0};
-		double LastUpdate{0};
-		boost::thread *Thread{nullptr};
-
-		WorkerThread(ThreadState state = ThreadDead)
-			: State(state)
-		{ }
-
-		void UpdateUtilization(ThreadState state = ThreadUnspecified);
-
-		void ThreadProc(Queue& queue);
-	};
-
-	struct Queue
-	{
-		boost::mutex Mutex;
-		boost::condition_variable CV;
-		boost::condition_variable CVStarved;
-
-		std::deque<WorkItem> Items;
-
-		double WaitTime{0};
-		double ServiceTime{0};
-		int TaskCount{0};
-
-		bool Stopped{false};
-
-		WorkerThread Threads[16];
-
-		void SpawnWorker(boost::thread_group& group);
-		void KillWorker(boost::thread_group& group);
-	};
-
-	int m_ID;
-	static int m_NextID;
-
-	size_t m_MaxThreads;
-
-	boost::thread_group m_ThreadGroup;
-
-	std::thread m_MgmtThread;
-	boost::mutex m_MgmtMutex;
-	boost::condition_variable m_MgmtCV;
-	bool m_Stopped{true};
-
-	Queue m_Queues[QUEUECOUNT];
-
-	void ManagerThreadProc();
+	boost::shared_mutex m_Mutex;
+	std::unique_ptr<boost::asio::thread_pool> m_Pool;
+	size_t m_Threads;
+	Atomic<uint_fast64_t> m_Pending;
 };
 
 }
 
-#endif /* EVENTQUEUE_H */
+#endif /* THREADPOOL_H */
diff --git a/lib/base/timer.cpp b/lib/base/timer.cpp
index 0eb03f754..6abac8566 100644
--- a/lib/base/timer.cpp
+++ b/lib/base/timer.cpp
@@ -1,24 +1,9 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
+#include "base/defer.hpp"
 #include "base/timer.hpp"
 #include "base/debug.hpp"
+#include "base/logger.hpp"
 #include "base/utility.hpp"
 #include <boost/thread/mutex.hpp>
 #include <boost/thread/condition_variable.hpp>
@@ -71,7 +56,9 @@ static boost::condition_variable l_TimerCV;
 static std::thread l_TimerThread;
 static bool l_StopTimerThread;
 static TimerSet l_Timers;
-static int l_AliveTimers;
+static int l_AliveTimers = 0;
+
+static Defer l_ShutdownTimersCleanlyOnExit (&Timer::Uninitialize);
 
 /**
  * Destructor for the Timer class.
@@ -81,16 +68,43 @@ Timer::~Timer()
 	Stop(true);
 }
 
+void Timer::Initialize()
+{
+	boost::mutex::scoped_lock lock(l_TimerMutex);
+
+	if (l_AliveTimers > 0) {
+		InitializeThread();
+	}
+}
+
 void Timer::Uninitialize()
+{
+	boost::mutex::scoped_lock lock(l_TimerMutex);
+
+	if (l_AliveTimers > 0) {
+		UninitializeThread();
+	}
+}
+
+void Timer::InitializeThread()
+{
+	l_StopTimerThread = false;
+	l_TimerThread = std::thread(&Timer::TimerThreadProc);
+}
+
+void Timer::UninitializeThread()
 {
 	{
-		boost::mutex::scoped_lock lock(l_TimerMutex);
 		l_StopTimerThread = true;
 		l_TimerCV.notify_all();
 	}
 
+	l_TimerMutex.unlock();
+
 	if (l_TimerThread.joinable())
 		l_TimerThread.join();
+
+	l_TimerMutex.lock();
 }
 
 /**
@@ -99,7 +113,7 @@ void Timer::Uninitialize()
 void Timer::Call()
 {
 	try {
-		OnTimerExpired(Timer::Ptr(this));
+		OnTimerExpired(this);
 	} catch (...) {
 		InternalReschedule(true);
 
@@ -140,9 +154,8 @@ void Timer::Start()
 		boost::mutex::scoped_lock lock(l_TimerMutex);
 		m_Started = true;
 
-		if (l_AliveTimers++ == 0) {
-			l_StopTimerThread = false;
-			l_TimerThread = std::thread(&Timer::TimerThreadProc);
+		if (++l_AliveTimers == 1) {
+			InitializeThread();
 		}
 	}
 
@@ -160,15 +173,7 @@ void Timer::Stop(bool wait)
 	boost::mutex::scoped_lock lock(l_TimerMutex);
 
 	if (m_Started && --l_AliveTimers == 0) {
-		l_StopTimerThread = true;
-		l_TimerCV.notify_all();
-
-		lock.unlock();
-
-		if (l_TimerThread.joinable() && l_TimerThread.get_id() != std::this_thread::get_id())
-			l_TimerThread.join();
-
-		lock.lock();
+		UninitializeThread();
 	}
 
 	m_Started = false;
@@ -270,6 +275,8 @@ void Timer::AdjustTimers(double adjustment)
  */
 void Timer::TimerThreadProc()
 {
+	Log(LogDebug, "Timer", "TimerThreadProc started.");
+
 	Utility::SetThreadName("Timer Thread");
 
 	for (;;) {
@@ -297,8 +304,6 @@ void Timer::TimerThreadProc()
 			continue;
 		}
 
-		Timer::Ptr ptimer = timer;
-
 		/* Remove the timer from the list so it doesn't get called again
 		 * until the current call is completed. */
 		l_Timers.erase(timer);
@@ -308,6 +313,6 @@ void Timer::TimerThreadProc()
 		lock.unlock();
 
 		/* Asynchronously call the timer. */
-		Utility::QueueAsyncCallback(std::bind(&Timer::Call, ptimer));
+		Utility::QueueAsyncCallback([timer]() { timer->Call(); });
 	}
 }
diff --git a/lib/base/timer.hpp b/lib/base/timer.hpp
index 6d5e115ef..2088a6660 100644
--- a/lib/base/timer.hpp
+++ b/lib/base/timer.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TIMER_H
 #define TIMER_H
@@ -40,7 +23,10 @@ public:
 
 	~Timer() override;
 
+	static void Initialize();
 	static void Uninitialize();
+	static void InitializeThread();
+	static void UninitializeThread();
 
 	void SetInterval(double interval);
 	double GetInterval() const;
@@ -53,7 +39,7 @@ public:
 	void Reschedule(double next = -1);
 	double GetNext() const;
 
-	boost::signals2::signal<void(const Timer::Ptr&)> OnTimerExpired;
+	boost::signals2::signal<void(const Timer * const&)> OnTimerExpired;
 
 private:
 	double m_Interval{0}; /**< The interval of the timer. */
diff --git a/lib/base/tlsstream.cpp b/lib/base/tlsstream.cpp
index a05a3d7d5..b72a88030 100644
--- a/lib/base/tlsstream.cpp
+++ b/lib/base/tlsstream.cpp
@@ -1,426 +1,67 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/tlsstream.hpp"
+#include "base/application.hpp"
 #include "base/utility.hpp"
 #include "base/exception.hpp"
 #include "base/logger.hpp"
+#include "base/configuration.hpp"
+#include "base/convert.hpp"
+#include <boost/asio/ssl/context.hpp>
+#include <boost/asio/ssl/verify_context.hpp>
+#include <boost/asio/ssl/verify_mode.hpp>
 #include <iostream>
-
-#ifndef _WIN32
-#	include <poll.h>
-#endif /* _WIN32 */
-
-#define TLS_TIMEOUT_SECONDS 10
+#include <openssl/ssl.h>
+#include <openssl/tls1.h>
+#include <openssl/x509.h>
+#include <sstream>
 
 using namespace icinga;
 
-int TlsStream::m_SSLIndex;
-bool TlsStream::m_SSLIndexInitialized = false;
-
-/**
- * Constructor for the TlsStream class.
- *
- * @param role The role of the client.
- * @param sslContext The SSL context for the client.
- */
-TlsStream::TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, const std::shared_ptr<SSL_CTX>& sslContext)
-	: SocketEvents(socket, this), m_Eof(false), m_HandshakeOK(false), m_VerifyOK(true), m_ErrorCode(0),
-	m_ErrorOccurred(false),  m_Socket(socket), m_Role(role), m_SendQ(new FIFO()), m_RecvQ(new FIFO()),
-	m_CurrentAction(TlsActionNone), m_Retry(false), m_Shutdown(false)
-{
-	std::ostringstream msgbuf;
-	char errbuf[120];
-
-	m_SSL = std::shared_ptr<SSL>(SSL_new(sslContext.get()), SSL_free);
-
-	if (!m_SSL) {
-		msgbuf << "SSL_new() failed with code " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
-		Log(LogCritical, "TlsStream", msgbuf.str());
-
-		BOOST_THROW_EXCEPTION(openssl_error()
-			<< boost::errinfo_api_function("SSL_new")
-			<< errinfo_openssl_error(ERR_peek_error()));
-	}
-
-	if (!m_SSLIndexInitialized) {
-		m_SSLIndex = SSL_get_ex_new_index(0, const_cast<char *>("TlsStream"), nullptr, nullptr, nullptr);
-		m_SSLIndexInitialized = true;
-	}
-
-	SSL_set_ex_data(m_SSL.get(), m_SSLIndex, this);
-
-	SSL_set_verify(m_SSL.get(), SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, &TlsStream::ValidateCertificate);
-
-	socket->MakeNonBlocking();
-
-	SSL_set_fd(m_SSL.get(), socket->GetFD());
-
-	if (m_Role == RoleServer)
-		SSL_set_accept_state(m_SSL.get());
-	else {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-		if (!hostname.IsEmpty())
-			SSL_set_tlsext_host_name(m_SSL.get(), hostname.CStr());
-#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
-
-		SSL_set_connect_state(m_SSL.get());
-	}
-}
-
-TlsStream::~TlsStream()
-{
-	CloseInternal(true);
-}
-
-int TlsStream::ValidateCertificate(int preverify_ok, X509_STORE_CTX *ctx)
-{
-	auto *ssl = static_cast<SSL *>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-	auto *stream = static_cast<TlsStream *>(SSL_get_ex_data(ssl, m_SSLIndex));
-
-	if (!preverify_ok) {
-		stream->m_VerifyOK = false;
-
-		std::ostringstream msgbuf;
-		int err = X509_STORE_CTX_get_error(ctx);
-		msgbuf << "code " << err << ": " << X509_verify_cert_error_string(err);
-		stream->m_VerifyError = msgbuf.str();
-	}
-
-	return 1;
-}
-
-bool TlsStream::IsVerifyOK() const
+bool UnbufferedAsioTlsStream::IsVerifyOK() const
 {
 	return m_VerifyOK;
 }
 
-String TlsStream::GetVerifyError() const
+String UnbufferedAsioTlsStream::GetVerifyError() const
 {
 	return m_VerifyError;
 }
 
-/**
- * Retrieves the X509 certficate for this client.
- *
- * @returns The X509 certificate.
- */
-std::shared_ptr<X509> TlsStream::GetClientCertificate() const
+std::shared_ptr<X509> UnbufferedAsioTlsStream::GetPeerCertificate()
 {
-	boost::mutex::scoped_lock lock(m_Mutex);
-	return std::shared_ptr<X509>(SSL_get_certificate(m_SSL.get()), &Utility::NullDeleter);
+	return std::shared_ptr<X509>(SSL_get_peer_certificate(native_handle()), X509_free);
 }
 
-/**
- * Retrieves the X509 certficate for the peer.
- *
- * @returns The X509 certificate.
- */
-std::shared_ptr<X509> TlsStream::GetPeerCertificate() const
+void UnbufferedAsioTlsStream::BeforeHandshake(handshake_type type)
 {
-	boost::mutex::scoped_lock lock(m_Mutex);
-	return std::shared_ptr<X509>(SSL_get_peer_certificate(m_SSL.get()), X509_free);
-}
+	namespace ssl = boost::asio::ssl;
 
-void TlsStream::OnEvent(int revents)
-{
-	int rc;
-	size_t count;
+	set_verify_mode(ssl::verify_peer | ssl::verify_client_once);
 
-	boost::mutex::scoped_lock lock(m_Mutex);
+	set_verify_callback([this](bool preverified, ssl::verify_context& ctx) {
+		if (!preverified) {
+			m_VerifyOK = false;
 
-	if (!m_SSL)
-		return;
+			std::ostringstream msgbuf;
+			int err = X509_STORE_CTX_get_error(ctx.native_handle());
 
-	char buffer[64 * 1024];
-
-	if (m_CurrentAction == TlsActionNone) {
-		bool corked = IsCorked();
-		if (!corked && (revents & (POLLIN | POLLERR | POLLHUP)))
-			m_CurrentAction = TlsActionRead;
-		else if (m_SendQ->GetAvailableBytes() > 0 && (revents & POLLOUT))
-			m_CurrentAction = TlsActionWrite;
-		else {
-			if (corked)
-				ChangeEvents(0);
-			else
-				ChangeEvents(POLLIN);
-
-			return;
-		}
-	}
-
-	bool success = false;
-
-	/* Clear error queue for this thread before using SSL_{read,write,do_handshake}.
-	 * Otherwise SSL_*_error() does not work reliably.
-	 */
-	ERR_clear_error();
-
-	size_t readTotal = 0;
-
-	switch (m_CurrentAction) {
-		case TlsActionRead:
-			do {
-				rc = SSL_read(m_SSL.get(), buffer, sizeof(buffer));
-
-				if (rc > 0) {
-					m_RecvQ->Write(buffer, rc);
-					success = true;
-
-					readTotal += rc;
-				}
-			} while (rc > 0 && readTotal < 64 * 1024);
-
-			if (success)
-				m_CV.notify_all();
-
-			break;
-		case TlsActionWrite:
-			count = m_SendQ->Peek(buffer, sizeof(buffer), true);
-
-			rc = SSL_write(m_SSL.get(), buffer, count);
-
-			if (rc > 0) {
-				m_SendQ->Read(nullptr, rc, true);
-				success = true;
-			}
-
-			break;
-		case TlsActionHandshake:
-			rc = SSL_do_handshake(m_SSL.get());
-
-			if (rc > 0) {
-				success = true;
-				m_HandshakeOK = true;
-				m_CV.notify_all();
-			}
-
-			break;
-		default:
-			VERIFY(!"Invalid TlsAction");
-	}
-
-	if (rc <= 0) {
-		int err = SSL_get_error(m_SSL.get(), rc);
-
-		switch (err) {
-			case SSL_ERROR_WANT_READ:
-				m_Retry = true;
-				ChangeEvents(POLLIN);
-
-				break;
-			case SSL_ERROR_WANT_WRITE:
-				m_Retry = true;
-				ChangeEvents(POLLOUT);
-
-				break;
-			case SSL_ERROR_ZERO_RETURN:
-				lock.unlock();
-
-				Close();
-
-				return;
-			default:
-				m_ErrorCode = ERR_peek_error();
-				m_ErrorOccurred = true;
-
-				if (m_ErrorCode != 0) {
-					Log(LogWarning, "TlsStream")
-						<< "OpenSSL error: " << ERR_error_string(m_ErrorCode, nullptr);
-				} else {
-					Log(LogWarning, "TlsStream", "TLS stream was disconnected.");
-				}
-
-				lock.unlock();
-
-				Close();
-
-				return;
-		}
-	}
-
-	if (success) {
-		m_CurrentAction = TlsActionNone;
-
-		if (!m_Eof) {
-			if (m_SendQ->GetAvailableBytes() > 0)
-				ChangeEvents(POLLIN|POLLOUT);
-			else
-				ChangeEvents(POLLIN);
+			msgbuf << "code " << err << ": " << X509_verify_cert_error_string(err);
+			m_VerifyError = msgbuf.str();
 		}
 
-		lock.unlock();
+		return true;
+	});
 
-		while (!IsCorked() && m_RecvQ->IsDataAvailable() && IsHandlingEvents())
-			SignalDataAvailable();
-	}
-
-	if (m_Shutdown && !m_SendQ->IsDataAvailable()) {
-		if (!success)
-			lock.unlock();
-
-		Close();
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+	if (type == client && !m_Hostname.IsEmpty()) {
+		String environmentName = Application::GetAppEnvironment();
+		String serverName = m_Hostname;
+
+		if (!environmentName.IsEmpty())
+			serverName += ":" + environmentName;
+
+		SSL_set_tlsext_host_name(native_handle(), serverName.CStr());
 	}
-}
-
-void TlsStream::HandleError() const
-{
-	if (m_ErrorOccurred) {
-		BOOST_THROW_EXCEPTION(openssl_error()
-			<< boost::errinfo_api_function("TlsStream::OnEvent")
-			<< errinfo_openssl_error(m_ErrorCode));
-	}
-}
-
-void TlsStream::Handshake()
-{
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	m_CurrentAction = TlsActionHandshake;
-	ChangeEvents(POLLOUT);
-
-	boost::system_time const timeout = boost::get_system_time() + boost::posix_time::seconds(TLS_TIMEOUT_SECONDS);
-
-	while (!m_HandshakeOK && !m_ErrorOccurred && !m_Eof && timeout > boost::get_system_time())
-		m_CV.timed_wait(lock, timeout);
-
-	// We should _NOT_ (underline, bold, itallic and wordart) throw an exception for a timeout.
-	if (timeout < boost::get_system_time())
-		BOOST_THROW_EXCEPTION(std::runtime_error("Timeout during handshake."));
-
-	if (m_Eof)
-		BOOST_THROW_EXCEPTION(std::runtime_error("Socket was closed during TLS handshake."));
-
-	HandleError();
-}
-
-/**
- * Processes data for the stream.
- */
-size_t TlsStream::Peek(void *buffer, size_t count, bool allow_partial)
-{
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	if (!allow_partial)
-		while (m_RecvQ->GetAvailableBytes() < count && !m_ErrorOccurred && !m_Eof)
-			m_CV.wait(lock);
-
-	HandleError();
-
-	return m_RecvQ->Peek(buffer, count, true);
-}
-
-size_t TlsStream::Read(void *buffer, size_t count, bool allow_partial)
-{
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	if (!allow_partial)
-		while (m_RecvQ->GetAvailableBytes() < count && !m_ErrorOccurred && !m_Eof)
-			m_CV.wait(lock);
-
-	HandleError();
-
-	return m_RecvQ->Read(buffer, count, true);
-}
-
-void TlsStream::Write(const void *buffer, size_t count)
-{
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	m_SendQ->Write(buffer, count);
-
-	ChangeEvents(POLLIN|POLLOUT);
-}
-
-void TlsStream::Shutdown()
-{
-	m_Shutdown = true;
-	ChangeEvents(POLLOUT);
-}
-
-/**
- * Closes the stream.
- */
-void TlsStream::Close()
-{
-	CloseInternal(false);
-}
-
-void TlsStream::CloseInternal(bool inDestructor)
-{
-	if (m_Eof)
-		return;
-
-	m_Eof = true;
-
-	if (!inDestructor)
-		SignalDataAvailable();
-
-	SocketEvents::Unregister();
-
-	Stream::Close();
-
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	if (!m_SSL)
-		return;
-
-	(void)SSL_shutdown(m_SSL.get());
-	m_SSL.reset();
-
-	m_Socket->Close();
-	m_Socket.reset();
-
-	m_CV.notify_all();
-}
-
-bool TlsStream::IsEof() const
-{
-	return m_Eof;
-}
-
-bool TlsStream::SupportsWaiting() const
-{
-	return true;
-}
-
-bool TlsStream::IsDataAvailable() const
-{
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	return m_RecvQ->GetAvailableBytes() > 0;
-}
-
-void TlsStream::SetCorked(bool corked)
-{
-	Stream::SetCorked(corked);
-
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	if (corked)
-		m_CurrentAction = TlsActionNone;
-	else
-		ChangeEvents(POLLIN | POLLOUT);
-}
-
-Socket::Ptr TlsStream::GetSocket() const
-{
-	return m_Socket;
+#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
 }
diff --git a/lib/base/tlsstream.hpp b/lib/base/tlsstream.hpp
index ad5b92d0f..70a459114 100644
--- a/lib/base/tlsstream.hpp
+++ b/lib/base/tlsstream.hpp
@@ -1,114 +1,92 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TLSSTREAM_H
 #define TLSSTREAM_H
 
 #include "base/i2-base.hpp"
 #include "base/socket.hpp"
-#include "base/socketevents.hpp"
 #include "base/stream.hpp"
 #include "base/tlsutility.hpp"
 #include "base/fifo.hpp"
+#include <memory>
+#include <utility>
+#include <boost/asio/buffered_stream.hpp>
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/ip/tcp.hpp>
+#include <boost/asio/ssl/context.hpp>
+#include <boost/asio/ssl/stream.hpp>
 
 namespace icinga
 {
 
-enum TlsAction
+struct UnbufferedAsioTlsStreamParams
 {
-	TlsActionNone,
-	TlsActionRead,
-	TlsActionWrite,
-	TlsActionHandshake
+	boost::asio::io_context& IoContext;
+	boost::asio::ssl::context& SslContext;
+	const String& Hostname;
 };
 
-/**
- * A TLS stream.
- *
- * @ingroup base
- */
-class TlsStream final : public Stream, private SocketEvents
+typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> AsioTcpTlsStream;
+
+class UnbufferedAsioTlsStream : public AsioTcpTlsStream
 {
 public:
-	DECLARE_PTR_TYPEDEFS(TlsStream);
-
-	TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, const std::shared_ptr<SSL_CTX>& sslContext = MakeSSLContext());
-	~TlsStream() override;
-
-	Socket::Ptr GetSocket() const;
-
-	std::shared_ptr<X509> GetClientCertificate() const;
-	std::shared_ptr<X509> GetPeerCertificate() const;
-
-	void Handshake();
-
-	void Close() override;
-	void Shutdown() override;
-
-	size_t Peek(void *buffer, size_t count, bool allow_partial = false) override;
-	size_t Read(void *buffer, size_t count, bool allow_partial = false) override;
-	void Write(const void *buffer, size_t count) override;
-
-	bool IsEof() const override;
-
-	bool SupportsWaiting() const override;
-	bool IsDataAvailable() const override;
-
-	void SetCorked(bool corked) override;
+	inline
+	UnbufferedAsioTlsStream(UnbufferedAsioTlsStreamParams& init)
+		: stream(init.IoContext, init.SslContext), m_VerifyOK(true), m_Hostname(init.Hostname)
+	{
+	}
 
 	bool IsVerifyOK() const;
 	String GetVerifyError() const;
+	std::shared_ptr<X509> GetPeerCertificate();
+
+	template<class... Args>
+	inline
+	auto async_handshake(handshake_type type, Args&&... args) -> decltype(((AsioTcpTlsStream*)nullptr)->async_handshake(type, std::forward<Args>(args)...))
+	{
+		BeforeHandshake(type);
+
+		return AsioTcpTlsStream::async_handshake(type, std::forward<Args>(args)...);
+	}
+
+	template<class... Args>
+	inline
+	auto handshake(handshake_type type, Args&&... args) -> decltype(((AsioTcpTlsStream*)nullptr)->handshake(type, std::forward<Args>(args)...))
+	{
+		BeforeHandshake(type);
+
+		return AsioTcpTlsStream::handshake(type, std::forward<Args>(args)...);
+	}
 
 private:
-	std::shared_ptr<SSL> m_SSL;
-	bool m_Eof;
-	mutable boost::mutex m_Mutex;
-	mutable boost::condition_variable m_CV;
-	bool m_HandshakeOK;
 	bool m_VerifyOK;
 	String m_VerifyError;
-	int m_ErrorCode;
-	bool m_ErrorOccurred;
+	String m_Hostname;
 
-	Socket::Ptr m_Socket;
-	ConnectionRole m_Role;
-
-	FIFO::Ptr m_SendQ;
-	FIFO::Ptr m_RecvQ;
-
-	TlsAction m_CurrentAction;
-	bool m_Retry;
-	bool m_Shutdown;
-
-	static int m_SSLIndex;
-	static bool m_SSLIndexInitialized;
-
-	void OnEvent(int revents) override;
-
-	void HandleError() const;
-
-	static int ValidateCertificate(int preverify_ok, X509_STORE_CTX *ctx);
-	static void NullCertificateDeleter(X509 *certificate);
-
-	void CloseInternal(bool inDestructor);
+	void BeforeHandshake(handshake_type type);
 };
 
+class AsioTlsStream : public boost::asio::buffered_stream<UnbufferedAsioTlsStream>
+{
+public:
+	inline
+	AsioTlsStream(boost::asio::io_context& ioContext, boost::asio::ssl::context& sslContext, const String& hostname = String())
+		: AsioTlsStream(UnbufferedAsioTlsStreamParams{ioContext, sslContext, hostname})
+	{
+	}
+
+private:
+	inline
+	AsioTlsStream(UnbufferedAsioTlsStreamParams init)
+		: buffered_stream(init)
+	{
+	}
+};
+
+typedef boost::asio::buffered_stream<boost::asio::ip::tcp::socket> AsioTcpStream;
+typedef std::pair<std::shared_ptr<AsioTlsStream>, std::shared_ptr<AsioTcpStream>> OptionalTlsStream;
+
 }
 
 #endif /* TLSSTREAM_H */
diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 9b3c33fb2..3c6751002 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/tlsutility.hpp"
 #include "base/convert.hpp"
@@ -24,6 +7,7 @@
 #include "base/utility.hpp"
 #include "base/application.hpp"
 #include "base/exception.hpp"
+#include <boost/asio/ssl/context.hpp>
 #include <fstream>
 
 namespace icinga
@@ -74,35 +58,42 @@ void InitializeOpenSSL()
 	l_SSLInitialized = true;
 }
 
-/**
- * Initializes an SSL context using the specified certificates.
- *
- * @param pubkey The public key.
- * @param privkey The matching private key.
- * @param cakey CA certificate chain file.
- * @returns An SSL context.
- */
-std::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey)
+static void SetupSslContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& pubkey, const String& privkey, const String& cakey)
 {
-	char errbuf[120];
+	char errbuf[256];
 
-	InitializeOpenSSL();
+	// Enforce TLS v1.2 as minimum
+	context->set_options(
+		boost::asio::ssl::context::default_workarounds |
+		boost::asio::ssl::context::no_compression |
+		boost::asio::ssl::context::no_sslv2 |
+		boost::asio::ssl::context::no_sslv3 |
+		boost::asio::ssl::context::no_tlsv1 |
+		boost::asio::ssl::context::no_tlsv1_1
+	);
 
-	std::shared_ptr<SSL_CTX> sslContext = std::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free);
+	// Custom TLS flags
+	SSL_CTX *sslContext = context->native_handle();
 
-	long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE;
+	long flags = SSL_CTX_get_options(sslContext);
 
-#ifdef SSL_OP_NO_COMPRESSION
-	flags |= SSL_OP_NO_COMPRESSION;
-#endif /* SSL_OP_NO_COMPRESSION */
+	flags |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 
-	SSL_CTX_set_options(sslContext.get(), flags);
+	SSL_CTX_set_options(sslContext, flags);
 
-	SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-	SSL_CTX_set_session_id_context(sslContext.get(), (const unsigned char *)"Icinga 2", 8);
+	SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+	SSL_CTX_set_session_id_context(sslContext, (const unsigned char *)"Icinga 2", 8);
+
+	// Explicitly load ECC ciphers, required on el7 - https://github.com/Icinga/icinga2/issues/7247
+	// SSL_CTX_set_ecdh_auto is deprecated and removed in OpenSSL 1.1.x - https://github.com/openssl/openssl/issues/1437
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#	ifdef SSL_CTX_set_ecdh_auto
+	SSL_CTX_set_ecdh_auto(sslContext, 1);
+#	endif /* SSL_CTX_set_ecdh_auto */
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 
 	if (!pubkey.IsEmpty()) {
-		if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) {
+		if (!SSL_CTX_use_certificate_chain_file(sslContext, pubkey.CStr())) {
 			Log(LogCritical, "SSL")
 				<< "Error with public key file '" << pubkey << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
 			BOOST_THROW_EXCEPTION(openssl_error()
@@ -113,7 +104,7 @@ std::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& priv
 	}
 
 	if (!privkey.IsEmpty()) {
-		if (!SSL_CTX_use_PrivateKey_file(sslContext.get(), privkey.CStr(), SSL_FILETYPE_PEM)) {
+		if (!SSL_CTX_use_PrivateKey_file(sslContext, privkey.CStr(), SSL_FILETYPE_PEM)) {
 			Log(LogCritical, "SSL")
 				<< "Error with private key file '" << privkey << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
 			BOOST_THROW_EXCEPTION(openssl_error()
@@ -122,7 +113,7 @@ std::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& priv
 				<< boost::errinfo_file_name(privkey));
 		}
 
-		if (!SSL_CTX_check_private_key(sslContext.get())) {
+		if (!SSL_CTX_check_private_key(sslContext)) {
 			Log(LogCritical, "SSL")
 				<< "Error checking private key '" << privkey << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
 			BOOST_THROW_EXCEPTION(openssl_error()
@@ -132,7 +123,7 @@ std::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& priv
 	}
 
 	if (!cakey.IsEmpty()) {
-		if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), nullptr)) {
+		if (!SSL_CTX_load_verify_locations(sslContext, cakey.CStr(), nullptr)) {
 			Log(LogCritical, "SSL")
 				<< "Error loading and verifying locations in ca key file '" << cakey << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
 			BOOST_THROW_EXCEPTION(openssl_error()
@@ -153,10 +144,29 @@ std::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& priv
 				<< boost::errinfo_file_name(cakey));
 		}
 
-		SSL_CTX_set_client_CA_list(sslContext.get(), cert_names);
+		SSL_CTX_set_client_CA_list(sslContext, cert_names);
 	}
+}
 
-	return sslContext;
+/**
+ * Initializes an SSL context using the specified certificates.
+ *
+ * @param pubkey The public key.
+ * @param privkey The matching private key.
+ * @param cakey CA certificate chain file.
+ * @returns An SSL context.
+ */
+std::shared_ptr<boost::asio::ssl::context> MakeAsioSslContext(const String& pubkey, const String& privkey, const String& cakey)
+{
+	namespace ssl = boost::asio::ssl;
+
+	InitializeOpenSSL();
+
+	auto context (std::make_shared<ssl::context>(ssl::context::tlsv12));
+
+	SetupSslContext(context, pubkey, privkey, cakey);
+
+	return context;
 }
 
 /**
@@ -164,11 +174,11 @@ std::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& priv
  * @param context The ssl context.
  * @param cipherList The ciper list.
  **/
-void SetCipherListToSSLContext(const std::shared_ptr<SSL_CTX>& context, const String& cipherList)
+void SetCipherListToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& cipherList)
 {
 	char errbuf[256];
 
-	if (SSL_CTX_set_cipher_list(context.get(), cipherList.CStr()) == 0) {
+	if (SSL_CTX_set_cipher_list(context->native_handle(), cipherList.CStr()) == 0) {
 		Log(LogCritical, "SSL")
 			<< "Cipher list '"
 			<< cipherList
@@ -180,6 +190,23 @@ void SetCipherListToSSLContext(const std::shared_ptr<SSL_CTX>& context, const St
 			<< boost::errinfo_api_function("SSL_CTX_set_cipher_list")
 			<< errinfo_openssl_error(ERR_peek_error()));
 	}
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	//With OpenSSL 1.1.0, there might not be any returned 0.
+	STACK_OF(SSL_CIPHER) *ciphers;
+	Array::Ptr cipherNames = new Array();
+
+	ciphers = SSL_CTX_get_ciphers(context->native_handle());
+	for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+		const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
+		String cipher_name = SSL_CIPHER_get_name(cipher);
+
+		cipherNames->Add(cipher_name);
+	}
+
+	Log(LogNotice, "TlsUtility")
+		<< "Available TLS cipher list: " << cipherNames->Join(" ");
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
 }
 
 /**
@@ -188,26 +215,18 @@ void SetCipherListToSSLContext(const std::shared_ptr<SSL_CTX>& context, const St
  * @param context The ssl context.
  * @param tlsProtocolmin The minimum TLS protocol version.
  */
-void SetTlsProtocolminToSSLContext(const std::shared_ptr<SSL_CTX>& context, const String& tlsProtocolmin)
+void SetTlsProtocolminToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& tlsProtocolmin)
 {
-	long flags = SSL_CTX_get_options(context.get());
+	// tlsProtocolmin has no effect since we enforce TLS 1.2 since 2.11.
+	/*
+	std::shared_ptr<SSL_CTX> sslContext = std::shared_ptr<SSL_CTX>(context->native_handle());
 
-	flags |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+	long flags = SSL_CTX_get_options(sslContext.get());
 
-#ifdef SSL_TXT_TLSV1_1
-	if (tlsProtocolmin == SSL_TXT_TLSV1_1)
-		flags |= SSL_OP_NO_TLSv1;
-	else
-#endif /* SSL_TXT_TLSV1_1 */
-#ifdef SSL_TXT_TLSV1_2
-	if (tlsProtocolmin == SSL_TXT_TLSV1_2)
-		flags |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
-	else
-#endif /* SSL_TXT_TLSV1_2 */
-	if (tlsProtocolmin != SSL_TXT_TLSV1)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid TLS protocol version specified."));
+	flags |= ...;
 
-	SSL_CTX_set_options(context.get(), flags);
+	SSL_CTX_set_options(sslContext.get(), flags);
+	*/
 }
 
 /**
@@ -216,10 +235,10 @@ void SetTlsProtocolminToSSLContext(const std::shared_ptr<SSL_CTX>& context, cons
  * @param context The SSL context.
  * @param crlPath The path to the CRL file.
  */
-void AddCRLToSSLContext(const std::shared_ptr<SSL_CTX>& context, const String& crlPath)
+void AddCRLToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& crlPath)
 {
-	char errbuf[120];
-	X509_STORE *x509_store = SSL_CTX_get_cert_store(context.get());
+	char errbuf[256];
+	X509_STORE *x509_store = SSL_CTX_get_cert_store(context->native_handle());
 
 	X509_LOOKUP *lookup;
 	lookup = X509_STORE_add_lookup(x509_store, X509_LOOKUP_file());
@@ -249,7 +268,7 @@ void AddCRLToSSLContext(const std::shared_ptr<SSL_CTX>& context, const String& c
 
 static String GetX509NameCN(X509_NAME *name)
 {
-	char errbuf[120];
+	char errbuf[256];
 	char buffer[256];
 
 	int rc = X509_NAME_get_text_by_NID(name, NID_commonName, buffer, sizeof(buffer));
@@ -284,7 +303,7 @@ String GetCertificateCN(const std::shared_ptr<X509>& certificate)
  */
 std::shared_ptr<X509> GetX509Certificate(const String& pemfile)
 {
-	char errbuf[120];
+	char errbuf[256];
 	X509 *cert;
 	BIO *fpcert = BIO_new(BIO_s_file());
 
@@ -322,11 +341,32 @@ std::shared_ptr<X509> GetX509Certificate(const String& pemfile)
 
 int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, const String& certfile, bool ca)
 {
-	char errbuf[120];
+	char errbuf[256];
 
 	InitializeOpenSSL();
 
-	RSA *rsa = RSA_generate_key(4096, RSA_F4, nullptr, nullptr);
+	RSA *rsa = RSA_new();
+	BIGNUM *e = BN_new();
+
+	if (!rsa || !e) {
+		Log(LogCritical, "SSL")
+			<< "Error while creating RSA key: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+		BOOST_THROW_EXCEPTION(openssl_error()
+			<< boost::errinfo_api_function("RSA_generate_key")
+			<< errinfo_openssl_error(ERR_peek_error()));
+	}
+
+	BN_set_word(e, RSA_F4);
+
+	if (!RSA_generate_key_ex(rsa, 4096, e, nullptr)) {
+		Log(LogCritical, "SSL")
+			<< "Error while creating RSA key: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+		BOOST_THROW_EXCEPTION(openssl_error()
+			<< boost::errinfo_api_function("RSA_generate_key")
+			<< errinfo_openssl_error(ERR_peek_error()));
+	}
+
+	BN_free(e);
 
 	Log(LogInformation, "base")
 		<< "Writing private key to '" << keyfile << "'.";
@@ -535,7 +575,7 @@ std::shared_ptr<X509> CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME
 
 String GetIcingaCADir()
 {
-	return Application::GetLocalStateDir() + "/lib/icinga2/ca";
+	return Configuration::DataDir + "/ca";
 }
 
 std::shared_ptr<X509> CreateCertIcingaCA(EVP_PKEY *pubkey, X509_NAME *subject)
@@ -784,34 +824,4 @@ std::string to_string(const errinfo_openssl_error& e)
 	return "[errinfo_openssl_error]" + tmp.str() + "\n";
 }
 
-bool ComparePassword(const String& hash, const String& password, const String& salt)
-{
-	String otherHash = PBKDF2_SHA256(password, salt, 1000);
-	VERIFY(otherHash.GetLength() == 64 && hash.GetLength() == 64);
-
-	const char *p1 = otherHash.CStr();
-	const char *p2 = hash.CStr();
-
-	/* By Novelocrat, https://stackoverflow.com/a/25374036 */
-	volatile char c = 0;
-
-	for (size_t i = 0; i < 64; ++i)
-		c |= p1[i] ^ p2[i];
-
-	return (c == 0);
-}
-
-/* Returns a String in the format $algorithm$salt$hash or returns an empty string in case of an error */
-String CreateHashedPasswordString(const String& password, const String& salt, int algorithm)
-{
-	// We currently only support SHA256
-	if (algorithm != 5)
-		return String();
-
-	if (salt.FindFirstOf('$') != String::NPos)
-		return String();
-
-	return String("$5$" + salt + "$" + PBKDF2_SHA256(password, salt, 1000));
-}
-
 }
diff --git a/lib/base/tlsutility.hpp b/lib/base/tlsutility.hpp
index 31bb4e466..de7033311 100644
--- a/lib/base/tlsutility.hpp
+++ b/lib/base/tlsutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TLSUTILITY_H
 #define TLSUTILITY_H
@@ -31,33 +14,38 @@
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
+#include <boost/asio/ssl/context.hpp>
 #include <boost/exception/info.hpp>
 
 namespace icinga
 {
 
 void InitializeOpenSSL();
-std::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey = String(), const String& privkey = String(), const String& cakey = String());
-void AddCRLToSSLContext(const std::shared_ptr<SSL_CTX>& context, const String& crlPath);
-void SetCipherListToSSLContext(const std::shared_ptr<SSL_CTX>& context, const String& cipherList);
-void SetTlsProtocolminToSSLContext(const std::shared_ptr<SSL_CTX>& context, const String& tlsProtocolmin);
+
+std::shared_ptr<boost::asio::ssl::context> MakeAsioSslContext(const String& pubkey = String(), const String& privkey = String(), const String& cakey = String());
+void AddCRLToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& crlPath);
+void SetCipherListToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& cipherList);
+void SetTlsProtocolminToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& tlsProtocolmin);
+
 String GetCertificateCN(const std::shared_ptr<X509>& certificate);
 std::shared_ptr<X509> GetX509Certificate(const String& pemfile);
 int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile = String(), const String& certfile = String(), bool ca = false);
 std::shared_ptr<X509> CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME *issuer, EVP_PKEY *cakey, bool ca);
+
 String GetIcingaCADir();
 String CertificateToString(const std::shared_ptr<X509>& cert);
+
 std::shared_ptr<X509> StringToCertificate(const String& cert);
 std::shared_ptr<X509> CreateCertIcingaCA(EVP_PKEY *pubkey, X509_NAME *subject);
 std::shared_ptr<X509> CreateCertIcingaCA(const std::shared_ptr<X509>& cert);
+
 String PBKDF2_SHA1(const String& password, const String& salt, int iterations);
 String PBKDF2_SHA256(const String& password, const String& salt, int iterations);
 String SHA1(const String& s, bool binary = false);
 String SHA256(const String& s);
 String RandomString(int length);
+
 bool VerifyCertificate(const std::shared_ptr<X509>& caCertificate, const std::shared_ptr<X509>& certificate);
-bool ComparePassword(const String& hash, const String& password, const String& Salt);
-String CreateHashedPasswordString(const String& password, const String& salt, int algorithm = 5);
 
 class openssl_error : virtual public std::exception, virtual public boost::exception { };
 
diff --git a/lib/base/type.cpp b/lib/base/type.cpp
index 138269a87..493833d0c 100644
--- a/lib/base/type.cpp
+++ b/lib/base/type.cpp
@@ -1,30 +1,15 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/type.hpp"
 #include "base/scriptglobal.hpp"
+#include "base/namespace.hpp"
 #include "base/objectlock.hpp"
 
 using namespace icinga;
 
 Type::Ptr Type::TypeInstance;
 
+/* Ensure that the priority is lower than the basic namespace initialization in scriptframe.cpp. */
 INITIALIZE_ONCE_WITH_PRIORITY([]() {
 	Type::Ptr type = new TypeType();
 	type->SetPrototype(TypeType::GetPrototype());
@@ -39,19 +24,19 @@ String Type::ToString() const
 
 void Type::Register(const Type::Ptr& type)
 {
-	VERIFY(!GetByName(type->GetName()));
-
-	ScriptGlobal::Set("Types." + type->GetName(), type);
+	ScriptGlobal::Set("Types." + type->GetName(), type, true);
 }
 
 Type::Ptr Type::GetByName(const String& name)
 {
-	Dictionary::Ptr typesNS = ScriptGlobal::Get("Types", &Empty);
+	Namespace::Ptr typesNS = ScriptGlobal::Get("Types", &Empty);
 
 	if (!typesNS)
 		return nullptr;
 
-	Value ptype = typesNS->Get(name);
+	Value ptype;
+	if (!typesNS->Get(name, &ptype))
+		return nullptr;
 
 	if (!ptype.IsObjectType<Type>())
 		return nullptr;
@@ -63,14 +48,16 @@ std::vector<Type::Ptr> Type::GetAllTypes()
 {
 	std::vector<Type::Ptr> types;
 
-	Dictionary::Ptr typesNS = ScriptGlobal::Get("Types", &Empty);
+	Namespace::Ptr typesNS = ScriptGlobal::Get("Types", &Empty);
 
 	if (typesNS) {
 		ObjectLock olock(typesNS);
 
-		for (const Dictionary::Pair& kv : typesNS) {
-			if (kv.second.IsObjectType<Type>())
-				types.push_back(kv.second);
+		for (const Namespace::Pair& kv : typesNS) {
+			Value value = kv.second->Get();
+
+			if (value.IsObjectType<Type>())
+				types.push_back(value);
 		}
 	}
 
diff --git a/lib/base/type.hpp b/lib/base/type.hpp
index ef8ce6d23..2bf54ccf5 100644
--- a/lib/base/type.hpp
+++ b/lib/base/type.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TYPE_H
 #define TYPE_H
@@ -138,6 +121,7 @@ class TypeImpl
 {
 };
 
+/* Ensure that the priority is lower than the basic namespace initialization in scriptframe.cpp. */
 #define REGISTER_TYPE(type) \
 	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
 		icinga::Type::Ptr t = new TypeImpl<type>(); \
diff --git a/lib/base/typetype-script.cpp b/lib/base/typetype-script.cpp
index 88ebe3c92..df6a1873b 100644
--- a/lib/base/typetype-script.cpp
+++ b/lib/base/typetype-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/type.hpp"
 #include "base/dictionary.hpp"
diff --git a/lib/base/unix.hpp b/lib/base/unix.hpp
index 5312f51fa..7413a5b15 100644
--- a/lib/base/unix.hpp
+++ b/lib/base/unix.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef UNIX_H
 #define UNIX_H
diff --git a/lib/base/unixsocket.cpp b/lib/base/unixsocket.cpp
index c5aacbc54..dcc56ffa1 100644
--- a/lib/base/unixsocket.cpp
+++ b/lib/base/unixsocket.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/unixsocket.hpp"
 #include "base/exception.hpp"
diff --git a/lib/base/unixsocket.hpp b/lib/base/unixsocket.hpp
index ab5546b50..80a9f255e 100644
--- a/lib/base/unixsocket.hpp
+++ b/lib/base/unixsocket.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef UNIXSOCKET_H
 #define UNIXSOCKET_H
@@ -26,6 +9,11 @@
 namespace icinga
 {
 
+/**
+ * A TCP socket. DEPRECATED - Use Boost ASIO instead.
+ *
+ * @ingroup base
+ */
 class UnixSocket final : public Socket
 {
 public:
diff --git a/lib/base/utility.cpp b/lib/base/utility.cpp
index 8d2162011..1add7616c 100644
--- a/lib/base/utility.cpp
+++ b/lib/base/utility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/utility.hpp"
 #include "base/convert.hpp"
@@ -26,17 +9,26 @@
 #include "base/utility.hpp"
 #include "base/json.hpp"
 #include "base/objectlock.hpp"
+#include <cstdint>
 #include <mmatch.h>
+#include <boost/filesystem/path.hpp>
+#include <boost/filesystem/operations.hpp>
 #include <boost/lexical_cast.hpp>
+#include <boost/system/error_code.hpp>
 #include <boost/thread/tss.hpp>
 #include <boost/algorithm/string/trim.hpp>
 #include <boost/algorithm/string/replace.hpp>
 #include <boost/uuid/uuid_io.hpp>
 #include <boost/uuid/uuid_generators.hpp>
+#include <boost/regex.hpp>
 #include <ios>
 #include <fstream>
 #include <iostream>
+#include <iterator>
+#include <stdlib.h>
 #include <future>
+#include <utf8.h>
+#include <vector>
 
 #ifdef __FreeBSD__
 #	include <pthread_np.h>
@@ -48,6 +40,7 @@
 
 #ifndef _WIN32
 #	include <sys/types.h>
+#	include <sys/utsname.h>
 #	include <pwd.h>
 #	include <grp.h>
 #	include <errno.h>
@@ -260,47 +253,7 @@ bool Utility::CidrMatch(const String& pattern, const String& ip)
  */
 String Utility::DirName(const String& path)
 {
-	char *dir;
-
-#ifdef _WIN32
-	String dupPath = path;
-
-	/* PathRemoveFileSpec doesn't properly handle forward slashes. */
-	for (char& ch : dupPath) {
-		if (ch == '/')
-			ch = '\\';
-	}
-
-	dir = strdup(dupPath.CStr());
-#else /* _WIN32 */
-	dir = strdup(path.CStr());
-#endif /* _WIN32 */
-
-	if (!dir)
-		BOOST_THROW_EXCEPTION(std::bad_alloc());
-
-	String result;
-
-#ifndef _WIN32
-	result = dirname(dir);
-#else /* _WIN32 */
-	if (dir[0] != 0 && !PathRemoveFileSpec(dir)) {
-		free(dir);
-
-		BOOST_THROW_EXCEPTION(win32_error()
-			<< boost::errinfo_api_function("PathRemoveFileSpec")
-			<< errinfo_win32_error(GetLastError()));
-	}
-
-	result = dir;
-
-	if (result.IsEmpty())
-		result = ".";
-#endif /* _WIN32 */
-
-	free(dir);
-
-	return result;
+	return boost::filesystem::path(path.Begin(), path.End()).parent_path().string();
 }
 
 /**
@@ -311,21 +264,7 @@ String Utility::DirName(const String& path)
  */
 String Utility::BaseName(const String& path)
 {
-	char *dir = strdup(path.CStr());
-	String result;
-
-	if (!dir)
-		BOOST_THROW_EXCEPTION(std::bad_alloc());
-
-#ifndef _WIN32
-	result = basename(dir);
-#else /* _WIN32 */
-	result = PathFindFileName(dir);
-#endif /* _WIN32 */
-
-	free(dir);
-
-	return result;
+	return boost::filesystem::path(path.Begin(), path.End()).filename().string();
 }
 
 /**
@@ -764,38 +703,18 @@ void Utility::MkDirP(const String& path, int mode)
 	}
 }
 
-void Utility::RemoveDirRecursive(const String& path)
+void Utility::Remove(const String& path)
 {
-	std::vector<String> paths;
-	Utility::GlobRecursive(path, "*", std::bind(&Utility::CollectPaths, _1, std::ref(paths)), GlobFile | GlobDirectory);
+	namespace fs = boost::filesystem;
 
-	/* This relies on the fact that GlobRecursive lists the parent directory
-	 * first before recursing into subdirectories.
-	 */
-	std::reverse(paths.begin(), paths.end());
-
-	for (const String& path : paths) {
-		if (remove(path.CStr()) < 0)
-			BOOST_THROW_EXCEPTION(posix_error()
-				<< boost::errinfo_api_function("remove")
-				<< boost::errinfo_errno(errno)
-				<< boost::errinfo_file_name(path));
-	}
-
-#ifndef _WIN32
-	if (rmdir(path.CStr()) < 0)
-#else /* _WIN32 */
-	if (_rmdir(path.CStr()) < 0)
-#endif /* _WIN32 */
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rmdir")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(path));
+	(void)fs::remove(fs::path(path.Begin(), path.End()));
 }
 
-void Utility::CollectPaths(const String& path, std::vector<String>& paths)
+void Utility::RemoveDirRecursive(const String& path)
 {
-	paths.push_back(path);
+	namespace fs = boost::filesystem;
+
+	(void)fs::remove_all(fs::path(path.Begin(), path.End()));
 }
 
 /*
@@ -804,10 +723,20 @@ void Utility::CollectPaths(const String& path, std::vector<String>& paths)
  */
 void Utility::CopyFile(const String& source, const String& target)
 {
-	std::ifstream ifs(source.CStr(), std::ios::binary);
-	std::ofstream ofs(target.CStr(), std::ios::binary | std::ios::trunc);
+	namespace fs = boost::filesystem;
 
-	ofs << ifs.rdbuf();
+	fs::copy_file(fs::path(source.Begin(), source.End()), fs::path(target.Begin(), target.End()), fs::copy_option::overwrite_if_exists);
+}
+
+/*
+ * Renames a source file to a target location.
+ * Caller must ensure that the target's base directory exists and is writable.
+ */
+void Utility::RenameFile(const String& source, const String& target)
+{
+	namespace fs = boost::filesystem;
+
+	fs::rename(fs::path(source.Begin(), source.End()), fs::path(target.Begin(), target.End()));
 }
 
 /*
@@ -1244,6 +1173,26 @@ unsigned long Utility::SDBM(const String& str, size_t len)
 	return hash;
 }
 
+String Utility::ParseVersion(const String& v)
+{
+	/*
+	 * 2.11.0-0.rc1.1
+	 * v2.10.5
+	 * r2.10.3
+	 * v2.11.0-rc1-58-g7c1f716da
+	 */
+	boost::regex pattern("^[vr]?(2\\.\\d+\\.\\d+).*$");
+	boost::smatch result;
+
+	if (boost::regex_search(v.GetData(), result, pattern)) {
+		String res(result[1].first, result[1].second);
+		return res;
+	}
+
+	// Couldn't not extract anything, return unparsed version
+	return v;
+}
+
 int Utility::CompareVersion(const String& v1, const String& v2)
 {
 	std::vector<String> tokensv1 = v1.Split(".");
@@ -1350,13 +1299,11 @@ tm Utility::LocalTime(time_t ts)
 
 bool Utility::PathExists(const String& path)
 {
-#ifndef _WIN32
-	struct stat statbuf;
-	return (lstat(path.CStr(), &statbuf) >= 0);
-#else /* _WIN32 */
-	struct _stat statbuf;
-	return (_stat(path.CStr(), &statbuf) >= 0);
-#endif /* _WIN32 */
+	namespace fs = boost::filesystem;
+
+	boost::system::error_code ec;
+
+	return fs::exists(fs::path(path.Begin(), path.End()), ec) && !ec;
 }
 
 Value Utility::LoadJsonFile(const String& path)
@@ -1376,6 +1323,8 @@ Value Utility::LoadJsonFile(const String& path)
 
 void Utility::SaveJsonFile(const String& path, int mode, const Value& value)
 {
+	namespace fs = boost::filesystem;
+
 	std::fstream fp;
 	String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", mode, fp);
 
@@ -1383,16 +1332,7 @@ void Utility::SaveJsonFile(const String& path, int mode, const Value& value)
 	fp << JsonEncode(value);
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(path.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFilename.CStr(), path.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempFilename));
-	}
+	RenameFile(tempFilename, path);
 }
 
 static void HexEncode(char ch, std::ostream& os)
@@ -1462,28 +1402,23 @@ String Utility::UnescapeString(const String& s)
 #ifndef _WIN32
 static String UnameHelper(char type)
 {
-	/* Unfortunately the uname() system call doesn't support some of the
-	* query types we're interested in - so we're using popen() instead. */
+	struct utsname name;
+	uname(&name);
 
-	char cmd[] = "uname -X 2>&1";
-	cmd[7] = type;
-
-	FILE *fp = popen(cmd, "r");
-
-	if (!fp)
-		return "Unknown";
-
-	char line[1024];
-	std::ostringstream msgbuf;
-
-	while (fgets(line, sizeof(line), fp))
-		msgbuf << line;
-
-	pclose(fp);
-
-	String result = msgbuf.str();
-
-	return result.Trim();
+	switch (type) {
+		case 'm':
+			return (char*)name.machine;
+		case 'n':
+			return (char*)name.nodename;
+		case 'r':
+			return (char*)name.release;
+		case 's':
+			return (char*)name.sysname;
+		case 'v':
+			return (char*)name.version;
+		default:
+			VERIFY(!"Invalid uname query.");
+	}
 }
 #endif /* _WIN32 */
 static bool ReleaseHelper(String *platformName, String *platformVersion)
@@ -1720,40 +1655,20 @@ String Utility::GetPlatformArchitecture()
 #endif /* _WIN32 */
 }
 
+const char l_Utf8Replacement[] = "\xEF\xBF\xBD";
+
 String Utility::ValidateUTF8(const String& input)
 {
-	String output;
-	size_t length = input.GetLength();
+	std::vector<char> output;
+	output.reserve(input.GetLength() * 3u);
 
-	for (size_t i = 0; i < length; i++) {
-		if ((input[i] & 0x80) == 0) {
-			output += input[i];
-			continue;
-		}
-
-		if ((input[i] & 0xE0) == 0xC0 && length > i + 1 &&
-			(input[i + 1] & 0xC0) == 0x80) {
-			output += input[i];
-			output += input[i + 1];
-			i++;
-			continue;
-		}
-
-		if ((input[i] & 0xF0) == 0xE0 && length > i + 2 &&
-			(input[i + 1] & 0xC0) == 0x80 && (input[i + 2] & 0xC0) == 0x80) {
-			output += input[i];
-			output += input[i + 1];
-			output += input[i + 2];
-			i += 2;
-			continue;
-		}
-
-		output += '\xEF';
-		output += '\xBF';
-		output += '\xBD';
+	try {
+		utf8::replace_invalid(input.Begin(), input.End(), std::back_inserter(output));
+	} catch (const utf8::not_enough_room&) {
+		output.insert(output.end(), (const char*)l_Utf8Replacement, (const char*)l_Utf8Replacement + 3);
 	}
 
-	return output;
+	return String(output.begin(), output.end());
 }
 
 String Utility::CreateTempFile(const String& path, int mode, std::fstream& fp)
@@ -1936,16 +1851,53 @@ String Utility::GetIcingaDataPath()
 
 #endif /* _WIN32 */
 
+/**
+ * Retrieve the environment variable value by given key.
+ *
+ * @param env Environment variable name.
+ */
+
 String Utility::GetFromEnvironment(const String& env)
 {
-#ifndef _WIN32
 	const char *envValue = getenv(env.CStr());
+
 	if (envValue == NULL)
 		return String();
 	else
 		return String(envValue);
-#else /* _WIN32 */
-	// While getenv exists on Windows, we don't set them. Therefore there is no reason to read them.
-	return String();
-#endif /* _WIN32 */
+}
+
+/**
+ * Compare the password entered by a client with the actual password.
+ * The comparision is safe against timing attacks.
+ */
+bool Utility::ComparePasswords(const String& enteredPassword, const String& actualPassword)
+{
+	volatile const char * volatile enteredPasswordCStr = enteredPassword.CStr();
+	volatile size_t enteredPasswordLen = enteredPassword.GetLength();
+
+	volatile const char * volatile actualPasswordCStr = actualPassword.CStr();
+	volatile size_t actualPasswordLen = actualPassword.GetLength();
+
+	volatile uint_fast8_t result = enteredPasswordLen == actualPasswordLen;
+
+	if (result) {
+		auto cStr (actualPasswordCStr);
+		auto len (actualPasswordLen);
+
+		actualPasswordCStr = cStr;
+		actualPasswordLen = len;
+	} else {
+		auto cStr (enteredPasswordCStr);
+		auto len (enteredPasswordLen);
+
+		actualPasswordCStr = cStr;
+		actualPasswordLen = len;
+	}
+
+	for (volatile size_t i = 0; i < enteredPasswordLen; ++i) {
+		result &= uint_fast8_t(enteredPasswordCStr[i] == actualPasswordCStr[i]);
+	}
+
+	return result;
 }
diff --git a/lib/base/utility.hpp b/lib/base/utility.hpp
index 8311f8d54..4505dc918 100644
--- a/lib/base/utility.hpp
+++ b/lib/base/utility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef UTILITY_H
 #define UTILITY_H
@@ -69,6 +52,8 @@ public:
 	static String DirName(const String& path);
 	static String BaseName(const String& path);
 
+	static String GetEnv(const String& key);
+
 	static void NullDeleter(void *);
 
 	static double GetTime();
@@ -115,6 +100,7 @@ public:
 
 	static unsigned long SDBM(const String& str, size_t len = String::NPos);
 
+	static String ParseVersion(const String& v);
 	static int CompareVersion(const String& v1, const String& v2);
 
 	static int Random();
@@ -126,8 +112,10 @@ public:
 
 	static bool PathExists(const String& path);
 
+	static void Remove(const String& path);
 	static void RemoveDirRecursive(const String& path);
 	static void CopyFile(const String& source, const String& target);
+	static void RenameFile(const String& source, const String& target);
 
 	static Value LoadJsonFile(const String& path);
 	static void SaveJsonFile(const String& path, int mode, const Value& value);
@@ -149,6 +137,8 @@ public:
 
 	static String GetFromEnvironment(const String& env);
 
+	static bool ComparePasswords(const String& enteredPassword, const String& actualPassword);
+
 #ifdef I2_DEBUG
 	static void SetTime(double);
 	static void IncrementTime(double);
@@ -156,7 +146,6 @@ public:
 
 private:
 	Utility();
-	static void CollectPaths(const String& path, std::vector<String>& paths);
 
 #ifdef _WIN32
 	static int MksTemp (char *tmpl);
diff --git a/lib/base/value-operators.cpp b/lib/base/value-operators.cpp
index 9ce5a2d24..69974d038 100644
--- a/lib/base/value-operators.cpp
+++ b/lib/base/value-operators.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/value.hpp"
 #include "base/array.hpp"
diff --git a/lib/base/value.cpp b/lib/base/value.cpp
index 93c515a2b..867c8217e 100644
--- a/lib/base/value.cpp
+++ b/lib/base/value.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/value.hpp"
 #include "base/array.hpp"
diff --git a/lib/base/value.hpp b/lib/base/value.hpp
index 9d036c2b7..86a3b115d 100644
--- a/lib/base/value.hpp
+++ b/lib/base/value.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef VALUE_H
 #define VALUE_H
diff --git a/lib/base/win32.hpp b/lib/base/win32.hpp
index be840ff9d..064c5d669 100644
--- a/lib/base/win32.hpp
+++ b/lib/base/win32.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef WIN32_H
 #define WIN32_H
diff --git a/lib/base/workqueue.cpp b/lib/base/workqueue.cpp
index ae3dad9b0..cacd17b76 100644
--- a/lib/base/workqueue.cpp
+++ b/lib/base/workqueue.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/workqueue.hpp"
 #include "base/utility.hpp"
@@ -24,6 +7,7 @@
 #include "base/application.hpp"
 #include "base/exception.hpp"
 #include <boost/thread/tss.hpp>
+#include <math.h>
 
 using namespace icinga;
 
@@ -185,13 +169,13 @@ std::vector<boost::exception_ptr> WorkQueue::GetExceptions() const
 	return m_Exceptions;
 }
 
-void WorkQueue::ReportExceptions(const String& facility) const
+void WorkQueue::ReportExceptions(const String& facility, bool verbose) const
 {
 	std::vector<boost::exception_ptr> exceptions = GetExceptions();
 
 	for (const auto& eptr : exceptions) {
 		Log(LogCritical, facility)
-			<< DiagnosticInformation(eptr);
+			<< DiagnosticInformation(eptr, verbose);
 	}
 
 	Log(LogCritical, facility)
@@ -221,7 +205,7 @@ void WorkQueue::StatusTimerHandler()
 
 	if (pending > GetTaskCount(5)) {
 		timeInfo = " empty in ";
-		if (timeToZero < 0)
+		if (timeToZero < 0 || std::isinf(timeToZero))
 			timeInfo += "infinite time, your task handler isn't able to keep up";
 		else
 			timeInfo += Utility::FormatDuration(timeToZero);
diff --git a/lib/base/workqueue.hpp b/lib/base/workqueue.hpp
index 002e5f21c..bc84d9176 100644
--- a/lib/base/workqueue.hpp
+++ b/lib/base/workqueue.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef WORKQUEUE_H
 #define WORKQUEUE_H
@@ -36,9 +19,10 @@ namespace icinga
 
 enum WorkQueuePriority
 {
-	PriorityLow,
-	PriorityNormal,
-	PriorityHigh
+	PriorityLow = 0,
+	PriorityNormal = 1,
+	PriorityHigh = 2,
+	PriorityImmediate = 4
 };
 
 using TaskFunction = std::function<void ()>;
@@ -119,7 +103,7 @@ public:
 
 	bool HasExceptions() const;
 	std::vector<boost::exception_ptr> GetExceptions() const;
-	void ReportExceptions(const String& facility) const;
+	void ReportExceptions(const String& facility, bool verbose = false) const;
 
 protected:
 	void IncreaseTaskCount();
diff --git a/lib/checker/CMakeLists.txt b/lib/checker/CMakeLists.txt
index 8f3de0b1b..5a8334c7f 100644
--- a/lib/checker/CMakeLists.txt
+++ b/lib/checker/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(checkercomponent.ti checkercomponent-ti.cpp checkercomponent-ti.hpp)
 
@@ -36,14 +21,14 @@ set_target_properties (
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/checker.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 if(NOT WIN32)
-  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SYSCONFDIR}/icinga2/features-enabled\")")
-  install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ../features-available/checker.conf \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SYSCONFDIR}/icinga2/features-enabled/checker.conf\")")
+  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_CONFIGDIR}/features-enabled\")")
+  install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ../features-available/checker.conf \"\$ENV{DESTDIR}${ICINGA2_FULL_CONFIGDIR}/features-enabled/checker.conf\")")
 else()
-  install_if_not_exists(${PROJECT_SOURCE_DIR}/etc/icinga2/features-enabled/checker.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-enabled)
+  install_if_not_exists(${PROJECT_SOURCE_DIR}/etc/icinga2/features-enabled/checker.conf ${ICINGA2_CONFIGDIR}/features-enabled)
 endif()
 
 set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "${CPACK_NSIS_EXTRA_INSTALL_COMMANDS}" PARENT_SCOPE)
diff --git a/lib/checker/checkercomponent.cpp b/lib/checker/checkercomponent.cpp
index c26db9de1..20300b3ab 100644
--- a/lib/checker/checkercomponent.cpp
+++ b/lib/checker/checkercomponent.cpp
@@ -1,27 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "checker/checkercomponent.hpp"
 #include "checker/checkercomponent-ti.cpp"
 #include "icinga/icingaapplication.hpp"
 #include "icinga/cib.hpp"
 #include "remote/apilistener.hpp"
+#include "base/configuration.hpp"
 #include "base/configtype.hpp"
 #include "base/objectlock.hpp"
 #include "base/utility.hpp"
@@ -84,24 +68,49 @@ void CheckerComponent::Start(bool runtimeCreated)
 
 void CheckerComponent::Stop(bool runtimeRemoved)
 {
-	Log(LogInformation, "CheckerComponent")
-		<< "'" << GetName() << "' stopped.";
-
 	{
 		boost::mutex::scoped_lock lock(m_Mutex);
 		m_Stopped = true;
 		m_CV.notify_all();
 	}
 
+	double wait = 0.0;
+
+	while (Checkable::GetPendingChecks() > 0) {
+		Log(LogDebug, "CheckerComponent")
+			<< "Waiting for running checks (" << Checkable::GetPendingChecks()
+			<< ") to finish. Waited for " << wait << " seconds now.";
+
+		Utility::Sleep(0.1);
+		wait += 0.1;
+
+		/* Pick a timeout slightly shorther than the process reload timeout. */
+		double reloadTimeout = Application::GetReloadTimeout();
+		double waitMax = reloadTimeout - 30;
+		if (waitMax <= 0)
+			waitMax = 1;
+
+		if (wait > waitMax) {
+			Log(LogWarning, "CheckerComponent")
+				<< "Checks running too long for " << wait
+				<< " seconds, hard shutdown before reload timeout: " << reloadTimeout << ".";
+			break;
+		}
+	}
+
 	m_ResultTimer->Stop();
 	m_Thread.join();
 
+	Log(LogInformation, "CheckerComponent")
+		<< "'" << GetName() << "' stopped.";
+
 	ObjectImpl<CheckerComponent>::Stop(runtimeRemoved);
 }
 
 void CheckerComponent::CheckThreadProc()
 {
 	Utility::SetThreadName("Check Scheduler");
+	IcingaApplication::Ptr icingaApp = IcingaApplication::GetInstance();
 
 	boost::mutex::scoped_lock lock(m_Mutex);
 
@@ -120,7 +129,13 @@ void CheckerComponent::CheckThreadProc()
 
 		double wait = csi.NextCheck - Utility::GetTime();
 
-		if (Checkable::GetPendingChecks() >= GetConcurrentChecks())
+//#ifdef I2_DEBUG
+//		Log(LogDebug, "CheckerComponent")
+//			<< "Pending checks " << Checkable::GetPendingChecks()
+//			<< " vs. max concurrent checks " << icingaApp->GetMaxConcurrentChecks() << ".";
+//#endif /* I2_DEBUG */
+
+		if (Checkable::GetPendingChecks() >= icingaApp->GetMaxConcurrentChecks())
 			wait = 0.5;
 
 		if (wait > 0) {
@@ -148,12 +163,12 @@ void CheckerComponent::CheckThreadProc()
 			Service::Ptr service;
 			tie(host, service) = GetHostService(checkable);
 
-			if (host && !service && (!checkable->GetEnableActiveChecks() || !IcingaApplication::GetInstance()->GetEnableHostChecks())) {
+			if (host && !service && (!checkable->GetEnableActiveChecks() || !icingaApp->GetEnableHostChecks())) {
 				Log(LogNotice, "CheckerComponent")
 					<< "Skipping check for host '" << host->GetName() << "': active host checks are disabled";
 				check = false;
 			}
-			if (host && service && (!checkable->GetEnableActiveChecks() || !IcingaApplication::GetInstance()->GetEnableServiceChecks())) {
+			if (host && service && (!checkable->GetEnableActiveChecks() || !icingaApp->GetEnableServiceChecks())) {
 				Log(LogNotice, "CheckerComponent")
 					<< "Skipping check for service '" << service->GetName() << "': active service checks are disabled";
 				check = false;
@@ -174,6 +189,9 @@ void CheckerComponent::CheckThreadProc()
 			m_IdleCheckables.insert(GetCheckableScheduleInfo(checkable));
 			lock.unlock();
 
+			Log(LogDebug, "CheckerComponent")
+				<< "Checks for checkable '" << checkable->GetName() << "' are disabled. Rescheduling check.";
+
 			checkable->UpdateNextCheck();
 
 			lock.lock();
@@ -181,7 +199,16 @@ void CheckerComponent::CheckThreadProc()
 			continue;
 		}
 
-		m_PendingCheckables.insert(GetCheckableScheduleInfo(checkable));
+
+		csi = GetCheckableScheduleInfo(checkable);
+
+		Log(LogDebug, "CheckerComponent")
+			<< "Scheduling info for checkable '" << checkable->GetName() << "' ("
+			<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", checkable->GetNextCheck()) << "): Object '"
+			<< csi.Object->GetName() << "', Next Check: "
+			<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", csi.NextCheck) << "(" << csi.NextCheck << ").";
+
+		m_PendingCheckables.insert(csi);
 
 		lock.unlock();
 
@@ -209,7 +236,7 @@ void CheckerComponent::ExecuteCheckHelper(const Checkable::Ptr& checkable)
 		CheckResult::Ptr cr = new CheckResult();
 		cr->SetState(ServiceUnknown);
 
-		String output = "Exception occured while checking '" + checkable->GetName() + "': " + DiagnosticInformation(ex);
+		String output = "Exception occurred while checking '" + checkable->GetName() + "': " + DiagnosticInformation(ex);
 		cr->SetOutput(output);
 
 		double now = Utility::GetTime();
diff --git a/lib/checker/checkercomponent.hpp b/lib/checker/checkercomponent.hpp
index 601bb58b2..b3589e5fb 100644
--- a/lib/checker/checkercomponent.hpp
+++ b/lib/checker/checkercomponent.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CHECKERCOMPONENT_H
 #define CHECKERCOMPONENT_H
diff --git a/lib/checker/checkercomponent.ti b/lib/checker/checkercomponent.ti
index d6a76c9df..3959aeb48 100644
--- a/lib/checker/checkercomponent.ti
+++ b/lib/checker/checkercomponent.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
@@ -26,19 +9,10 @@ namespace icinga
 
 class CheckerComponent : ConfigObject
 {
-	activation_priority 100;
+	activation_priority 300;
 
-	[config, no_storage] int concurrent_checks {
-		get {{{
-			return Application::GetMaxConcurrentChecks();
-		}}}
-		set {{{
-			Application::SetMaxConcurrentChecks(value);
-		}}}
-		default {{{
-			return Application::GetDefaultMaxConcurrentChecks();
-		}}}
-	};
+	/* Has no effect. Keep this here to avoid breaking config changes. */
+	[deprecated, config] int concurrent_checks;
 };
 
 }
diff --git a/lib/cli/CMakeLists.txt b/lib/cli/CMakeLists.txt
index d92c22c45..38756b5ce 100644
--- a/lib/cli/CMakeLists.txt
+++ b/lib/cli/CMakeLists.txt
@@ -1,26 +1,12 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 set(cli_SOURCES
   i2-cli.hpp
   apisetupcommand.cpp apisetupcommand.hpp
-  apiusercommand.cpp apiusercommand.hpp
   apisetuputility.cpp apisetuputility.hpp
   calistcommand.cpp calistcommand.hpp
+  caremovecommand.cpp caremovecommand.hpp
+  carestorecommand.cpp carestorecommand.hpp
   casigncommand.cpp casigncommand.hpp
   clicommand.cpp clicommand.hpp
   consolecommand.cpp consolecommand.hpp
@@ -43,7 +29,6 @@ set(cli_SOURCES
   pkisavecertcommand.cpp pkisavecertcommand.hpp
   pkisigncsrcommand.cpp pkisigncsrcommand.hpp
   pkiticketcommand.cpp pkiticketcommand.hpp
-  troubleshootcommand.cpp troubleshootcommand.hpp
   variablegetcommand.cpp variablegetcommand.hpp
   variablelistcommand.cpp variablelistcommand.hpp
   variableutility.cpp variableutility.hpp
diff --git a/lib/cli/apisetupcommand.cpp b/lib/cli/apisetupcommand.cpp
index bc832c525..81b9d8db6 100644
--- a/lib/cli/apisetupcommand.cpp
+++ b/lib/cli/apisetupcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/apisetupcommand.hpp"
 #include "cli/apisetuputility.hpp"
@@ -41,12 +24,14 @@ String ApiSetupCommand::GetShortDescription() const
 
 ImpersonationLevel ApiSetupCommand::GetImpersonationLevel() const
 {
-	return ImpersonateRoot;
+	return ImpersonateIcinga;
 }
 
-int ApiSetupCommand::GetMaxArguments() const
+void ApiSetupCommand::InitParameters(boost::program_options::options_description& visibleDesc,
+	boost::program_options::options_description& hiddenDesc) const
 {
-	return -1;
+	visibleDesc.add_options()
+		("cn", po::value<std::string>(), "The certificate's common name");
 }
 
 /**
@@ -56,10 +41,16 @@ int ApiSetupCommand::GetMaxArguments() const
  */
 int ApiSetupCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-	String cn = VariableUtility::GetVariable("NodeName");
+	String cn;
 
-	if (cn.IsEmpty())
-		cn = Utility::GetFQDN();
+	if (vm.count("cn")) {
+		cn = vm["cn"].as<std::string>();
+	} else {
+		cn = VariableUtility::GetVariable("NodeName");
+
+		if (cn.IsEmpty())
+			cn = Utility::GetFQDN();
+	}
 
 	if (!ApiSetupUtility::SetupMaster(cn, true))
 		return 1;
diff --git a/lib/cli/apisetupcommand.hpp b/lib/cli/apisetupcommand.hpp
index f54da0685..be2693d13 100644
--- a/lib/cli/apisetupcommand.hpp
+++ b/lib/cli/apisetupcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APISETUPCOMMAND_H
 #define APISETUPCOMMAND_H
@@ -37,7 +20,8 @@ public:
 
 	String GetDescription() const override;
 	String GetShortDescription() const override;
-	int GetMaxArguments() const override;
+	void InitParameters(boost::program_options::options_description& visibleDesc,
+		boost::program_options::options_description& hiddenDesc) const override;
 	int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
 	ImpersonationLevel GetImpersonationLevel() const override;
 };
diff --git a/lib/cli/apisetuputility.cpp b/lib/cli/apisetuputility.cpp
index 070e78cff..21583af0a 100644
--- a/lib/cli/apisetuputility.cpp
+++ b/lib/cli/apisetuputility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/apisetuputility.hpp"
 #include "cli/nodeutility.hpp"
@@ -28,6 +11,7 @@
 #include "base/tlsutility.hpp"
 #include "base/scriptglobal.hpp"
 #include "base/exception.hpp"
+#include "base/utility.hpp"
 #include <boost/algorithm/string/join.hpp>
 #include <boost/algorithm/string/replace.hpp>
 #include <boost/algorithm/string/case_conv.hpp>
@@ -40,7 +24,7 @@ using namespace icinga;
 
 String ApiSetupUtility::GetConfdPath()
 {
-	return Application::GetSysconfDir() + "/icinga2/conf.d";
+	return Configuration::ConfigDir + "/conf.d";
 }
 
 String ApiSetupUtility::GetApiUsersConfPath()
@@ -80,8 +64,8 @@ bool ApiSetupUtility::SetupMasterCertificates(const String& cn)
 	String pki_path = ApiListener::GetCertsDir();
 	Utility::MkDirP(pki_path, 0700);
 
-	String user = ScriptGlobal::Get("RunAsUser");
-	String group = ScriptGlobal::Get("RunAsGroup");
+	String user = Configuration::RunAsUser;
+	String group = Configuration::RunAsGroup;
 
 	if (!Utility::SetFileOwnership(pki_path, user, group)) {
 		Log(LogWarning, "cli")
@@ -152,6 +136,15 @@ bool ApiSetupUtility::SetupMasterCertificates(const String& cn)
 
 bool ApiSetupUtility::SetupMasterApiUser()
 {
+	if (!Utility::PathExists(GetConfdPath())) {
+		Log(LogWarning, "cli")
+			<< "Path '" << GetConfdPath() << "' do not exist.";
+		Log(LogInformation, "cli")
+			<< "Creating path '" << GetConfdPath() << "'.";
+
+		Utility::MkDirP(GetConfdPath(), 0755);
+	}
+
 	String api_username = "root"; // TODO make this available as cli parameter?
 	String api_password = RandomString(8);
 	String apiUsersPath = GetConfdPath() + "/api-users.conf";
@@ -171,7 +164,7 @@ bool ApiSetupUtility::SetupMasterApiUser()
 	String tempFilename = Utility::CreateTempFile(apiUsersPath + ".XXXXXX", 0644, fp);
 
 	fp << "/**\n"
-		<< " * The APIUser objects are used for authentication against the API.\n"
+		<< " * The ApiUser objects are used for authentication against the API.\n"
 		<< " */\n"
 		<< "object ApiUser \"" << api_username << "\" {\n"
 		<< "  password = \"" << api_password << "\"\n"
@@ -182,22 +175,22 @@ bool ApiSetupUtility::SetupMasterApiUser()
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(apiUsersPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFilename.CStr(), apiUsersPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempFilename));
-	}
+	Utility::RenameFile(tempFilename, apiUsersPath);
 
 	return true;
 }
 
 bool ApiSetupUtility::SetupMasterEnableApi()
 {
+	/*
+	* Ensure the api-users.conf file is included, when conf.d inclusion is disabled.
+	*/
+	if (!NodeUtility::GetConfigurationIncludeState("\"conf.d\"", true))
+		NodeUtility::UpdateConfiguration("\"conf.d/api-users.conf\"", true, false);
+
+	/*
+	* Enable the API feature
+	*/
 	Log(LogInformation, "cli", "Enabling the 'api' feature.");
 
 	FeatureUtility::EnableFeatures({ "api" });
diff --git a/lib/cli/apisetuputility.hpp b/lib/cli/apisetuputility.hpp
index 9523ebffc..d3614462d 100644
--- a/lib/cli/apisetuputility.hpp
+++ b/lib/cli/apisetuputility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APISETUPUTILITY_H
 #define APISETUPUTILITY_H
diff --git a/lib/cli/apiusercommand.cpp b/lib/cli/apiusercommand.cpp
deleted file mode 100644
index 5bd77ab89..000000000
--- a/lib/cli/apiusercommand.cpp
+++ /dev/null
@@ -1,104 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "cli/apiusercommand.hpp"
-#include "base/logger.hpp"
-#include "base/tlsutility.hpp"
-#include "base/configwriter.hpp"
-#include "remote/apiuser.hpp"
-#include <iostream>
-
-using namespace icinga;
-namespace po = boost::program_options;
-
-REGISTER_CLICOMMAND("api/user", ApiUserCommand);
-
-String ApiUserCommand::GetDescription(void) const
-{
-	return "Create a hashed user and password string for the Icinga 2 API";
-}
-
-String ApiUserCommand::GetShortDescription(void) const
-{
-	return "API user creation helper";
-}
-
-void ApiUserCommand::InitParameters(boost::program_options::options_description& visibleDesc,
-    boost::program_options::options_description& hiddenDesc) const
-{
-	visibleDesc.add_options()
-		("user", po::value<std::string>(), "API username")
-		("password", po::value<std::string>(), "Password in clear text")
-		("salt", po::value<std::string>(), "Optional salt (default: 8 random chars)")
-		("oneline", "Print only the password hash");
-}
-
-/**
- * The entry point for the "api user" CLI command.
- *
- * @returns An exit status.
- */
-int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
-{
-	String passwd, salt;
-	if (!vm.count("user") && !vm.count("oneline")) {
-		Log(LogCritical, "cli", "Username (--user) must be specified.");
-		return 1;
-	}
-
-	if (!vm.count("password")) {
-		Log(LogCritical, "cli", "Password (--password) must be specified.");
-		return 1;
-	}
-
-	passwd = vm["password"].as<std::string>();
-	salt = vm.count("salt") ? String(vm["salt"].as<std::string>()) : RandomString(8);
-
-	if (salt.FindFirstOf('$') != String::NPos) {
-		Log(LogCritical, "cli", "Salt (--salt) may not contain '$'");
-		return 1;
-	}
-
-	String hashedPassword = CreateHashedPasswordString(passwd, salt, 5);
-	if (hashedPassword == String()) {
-		Log(LogCritical, "cli") << "Failed to hash password \"" << passwd << "\" with salt \"" << salt << "\"";
-		return 1;
-	}
-
-	if (vm.count("oneline"))
-		std::cout << hashedPassword << std::endl;
-	else {
-		std::cout << "object ApiUser ";
-
-		ConfigWriter::EmitString(std::cout, vm["user"].as<std::string>());
-
-		std::cout << "{\n"
-			<< "  password_hash = ";
-
-		ConfigWriter::EmitString(std::cout, hashedPassword);
-
-		std::cout << "\n"
-			<< "  // client_cn = \"\"\n"
-			<< "\n"
-			<< "  permissions = [ \"*\" ]\n"
-			<< "}\n";
-	}
-
-	return 0;
-}
diff --git a/lib/cli/apiusercommand.hpp b/lib/cli/apiusercommand.hpp
deleted file mode 100644
index 4a4bfb280..000000000
--- a/lib/cli/apiusercommand.hpp
+++ /dev/null
@@ -1,47 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef APIUSERCOMMAND_H
-#define APIUSERCOMMAND_H
-
-#include "cli/clicommand.hpp"
-
-namespace icinga
-{
-
-/**
- * The "api user" command.
- *
- * @ingroup cli
- */
-class ApiUserCommand : public CLICommand
-{
-public:
-	DECLARE_PTR_TYPEDEFS(ApiUserCommand);
-
-	virtual String GetDescription(void) const override;
-	virtual String GetShortDescription(void) const override;
-	virtual void InitParameters(boost::program_options::options_description& visibleDesc,
-		boost::program_options::options_description& hiddenDesc) const override;
-	virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
-};
-
-}
-
-#endif /* APIUSERCOMMAND_H */
diff --git a/lib/cli/calistcommand.cpp b/lib/cli/calistcommand.cpp
index 8d9caf382..f693ad72f 100644
--- a/lib/cli/calistcommand.cpp
+++ b/lib/cli/calistcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/calistcommand.hpp"
 #include "remote/apilistener.hpp"
@@ -31,32 +14,49 @@ namespace po = boost::program_options;
 
 REGISTER_CLICOMMAND("ca/list", CAListCommand);
 
+/**
+ * Provide a long CLI description sentence.
+ *
+ * @return text
+ */
 String CAListCommand::GetDescription() const
 {
-	return "Lists all certificate signing requests.";
+	return "Lists pending certificate signing requests.";
 }
 
+/**
+ * Provide a short CLI description.
+ *
+ * @return text
+ */
 String CAListCommand::GetShortDescription() const
 {
-	return "lists all certificate signing requests";
+	return "lists pending certificate signing requests";
 }
 
+/**
+ * Initialize available CLI parameters.
+ *
+ * @param visibleDesc Register visible parameters.
+ * @param hiddenDesc Register hidden parameters.
+ */
 void CAListCommand::InitParameters(boost::program_options::options_description& visibleDesc,
 	boost::program_options::options_description& hiddenDesc) const
 {
 	visibleDesc.add_options()
-		("json", "encode output as JSON")
-	;
+		("all", "List all certificate signing requests, including signed. Note: Old requests are automatically cleaned by Icinga after 1 week.")
+		("removed", "List all removed CSRs (for use with 'ca restore')")
+		("json", "encode output as JSON");
 }
 
 /**
  * The entry point for the "ca list" CLI command.
  *
- * @returns An exit status.
+ * @return An exit status.
  */
 int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-	Dictionary::Ptr requests = PkiUtility::GetCertificateRequests();
+	Dictionary::Ptr requests = PkiUtility::GetCertificateRequests(vm.count("removed"));
 
 	if (vm.count("json"))
 		std::cout << JsonEncode(requests);
@@ -69,6 +69,10 @@ int CAListCommand::Run(const boost::program_options::variables_map& vm, const st
 		for (auto& kv : requests) {
 			Dictionary::Ptr request = kv.second;
 
+			/* Skip signed requests by default. */
+			if (!vm.count("all") && request->Contains("cert_response"))
+				continue;
+
 			std::cout << kv.first
 				<< " | "
 /*			    << Utility::FormatDateTime("%Y/%m/%d %H:%M:%S", request->Get("timestamp")) */
diff --git a/lib/cli/calistcommand.hpp b/lib/cli/calistcommand.hpp
index e71ffd872..ddf44d43b 100644
--- a/lib/cli/calistcommand.hpp
+++ b/lib/cli/calistcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CALISTCOMMAND_H
 #define CALISTCOMMAND_H
diff --git a/lib/cli/caremovecommand.cpp b/lib/cli/caremovecommand.cpp
new file mode 100644
index 000000000..d8944944e
--- /dev/null
+++ b/lib/cli/caremovecommand.cpp
@@ -0,0 +1,93 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "cli/caremovecommand.hpp"
+#include "base/logger.hpp"
+#include "base/application.hpp"
+#include "base/tlsutility.hpp"
+#include "remote/apilistener.hpp"
+
+using namespace icinga;
+
+REGISTER_CLICOMMAND("ca/remove", CARemoveCommand);
+
+/**
+ * Provide a long CLI description sentence.
+ *
+ * @return text
+ */
+String CARemoveCommand::GetDescription() const
+{
+	return "Removes an outstanding certificate request.";
+}
+
+/**
+ * Provide a short CLI description.
+ *
+ * @return text
+ */
+String CARemoveCommand::GetShortDescription() const
+{
+	return "removes an outstanding certificate request";
+}
+
+/**
+ * Define minimum arguments without key parameter.
+ *
+ * @return number of arguments
+ */
+int CARemoveCommand::GetMinArguments() const
+{
+	return 1;
+}
+
+/**
+ * Impersonate as Icinga user.
+ *
+ * @return impersonate level
+ */
+ImpersonationLevel CARemoveCommand::GetImpersonationLevel() const
+{
+	return ImpersonateIcinga;
+}
+
+/**
+ * The entry point for the "ca remove" CLI command.
+ *
+ * @returns An exit status.
+ */
+int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
+{
+	String fingerPrint = ap[0];
+	String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json";
+
+	if (!Utility::PathExists(requestFile)) {
+		Log(LogCritical, "cli")
+			<< "No request exists for fingerprint '" << fingerPrint << "'.";
+		return 1;
+	}
+
+	Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
+	std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
+
+	if (!certRequest) {
+		Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
+		return 1;
+	}
+
+	String cn = GetCertificateCN(certRequest);
+
+	if (request->Contains("cert_response")) {
+		Log(LogCritical, "cli")
+			<< "Certificate request for CN '" << cn << "' already signed, removal is not possible.";
+		return 1;
+	}
+
+	Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed", 0600, request);
+
+	Utility::Remove(requestFile);
+
+	Log(LogInformation, "cli")
+		<< "Certificate request for CN " << cn << " removed.";
+
+	return 0;
+}
diff --git a/lib/cli/caremovecommand.hpp b/lib/cli/caremovecommand.hpp
new file mode 100644
index 000000000..2da92d39e
--- /dev/null
+++ b/lib/cli/caremovecommand.hpp
@@ -0,0 +1,30 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef CAREMOVECOMMAND_H
+#define CAREMOVECOMMAND_H
+
+#include "cli/clicommand.hpp"
+
+namespace icinga
+{
+
+/**
+ * The "ca remove" command.
+ *
+ * @ingroup cli
+ */
+class CARemoveCommand final : public CLICommand
+{
+public:
+	DECLARE_PTR_TYPEDEFS(CARemoveCommand);
+
+	String GetDescription() const override;
+	String GetShortDescription() const override;
+	int GetMinArguments() const override;
+	ImpersonationLevel GetImpersonationLevel() const override;
+	int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
+};
+
+}
+
+#endif /* CAREMOVECOMMAND_H */
diff --git a/lib/cli/carestorecommand.cpp b/lib/cli/carestorecommand.cpp
new file mode 100644
index 000000000..502036830
--- /dev/null
+++ b/lib/cli/carestorecommand.cpp
@@ -0,0 +1,88 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "cli/carestorecommand.hpp"
+#include "base/logger.hpp"
+#include "base/application.hpp"
+#include "base/tlsutility.hpp"
+#include "remote/apilistener.hpp"
+
+using namespace icinga;
+
+REGISTER_CLICOMMAND("ca/restore", CARestoreCommand);
+
+/**
+ * Provide a long CLI description sentence.
+ *
+ * @return text
+ */
+String CARestoreCommand::GetDescription() const
+{
+	return "Restores a previously removed certificate request.";
+}
+
+/**
+ * Provide a short CLI description.
+ *
+ * @return text
+ */
+String CARestoreCommand::GetShortDescription() const
+{
+	return "restores a removed certificate request";
+}
+
+/**
+ * Define minimum arguments without key parameter.
+ *
+ * @return number of arguments
+ */
+int CARestoreCommand::GetMinArguments() const
+{
+	return 1;
+}
+
+/**
+ * Impersonate as Icinga user.
+ *
+ * @return impersonate level
+ */
+ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const
+{
+	return ImpersonateIcinga;
+}
+
+/**
+ * The entry point for the "ca restore" CLI command.
+ *
+ * @returns An exit status.
+ */
+int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
+{
+	String fingerPrint = ap[0];
+	String removedRequestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed";
+
+	if (!Utility::PathExists(removedRequestFile)) {
+		Log(LogCritical, "cli")
+			<< "Cannot find removed fingerprint '" << fingerPrint << "', bailing out.";
+		return 1;
+	}
+
+	Dictionary::Ptr request = Utility::LoadJsonFile(removedRequestFile);
+	std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
+
+	if (!certRequest) {
+		Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
+		/* Purge the file when we know that it is broken. */
+		Utility::Remove(removedRequestFile);
+		return 1;
+	}
+
+	Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json", 0600, request);
+
+	Utility::Remove(removedRequestFile);
+
+	Log(LogInformation, "cli")
+		<< "Restored certificate request for CN '" << GetCertificateCN(certRequest) << "', sign it with:\n"
+	       	<< "\"icinga2 ca sign " << fingerPrint << "\"";
+
+	return 0;
+}
diff --git a/lib/cli/carestorecommand.hpp b/lib/cli/carestorecommand.hpp
new file mode 100644
index 000000000..74a27dff6
--- /dev/null
+++ b/lib/cli/carestorecommand.hpp
@@ -0,0 +1,30 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef CARESTORECOMMAND_H
+#define CARESTORECOMMAND_H
+
+#include "cli/clicommand.hpp"
+
+namespace icinga
+{
+
+/**
+ * The "ca restore" command.
+ *
+ * @ingroup cli
+ */
+class CARestoreCommand final : public CLICommand
+{
+public:
+	DECLARE_PTR_TYPEDEFS(CARestoreCommand);
+
+	String GetDescription() const override;
+	String GetShortDescription() const override;
+	int GetMinArguments() const override;
+	ImpersonationLevel GetImpersonationLevel() const override;
+	int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
+};
+
+}
+
+#endif /* CASTORECOMMAND_H */
diff --git a/lib/cli/casigncommand.cpp b/lib/cli/casigncommand.cpp
index 57c11d8f8..96d2c2c87 100644
--- a/lib/cli/casigncommand.cpp
+++ b/lib/cli/casigncommand.cpp
@@ -1,47 +1,50 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/casigncommand.hpp"
-#include "remote/apilistener.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/tlsutility.hpp"
+#include "remote/apilistener.hpp"
 
 using namespace icinga;
 
 REGISTER_CLICOMMAND("ca/sign", CASignCommand);
 
+/**
+ * Provide a long CLI description sentence.
+ *
+ * @return text
+ */
 String CASignCommand::GetDescription() const
 {
 	return "Signs an outstanding certificate request.";
 }
 
+/**
+ * Provide a short CLI description.
+ *
+ * @return text
+ */
 String CASignCommand::GetShortDescription() const
 {
 	return "signs an outstanding certificate request";
 }
 
+/**
+ * Define minimum arguments without key parameter.
+ *
+ * @return number of arguments
+ */
 int CASignCommand::GetMinArguments() const
 {
 	return 1;
 }
 
+/**
+ * Impersonate as Icinga user.
+ *
+ * @return impersonate level
+ */
 ImpersonationLevel CASignCommand::GetImpersonationLevel() const
 {
 	return ImpersonateIcinga;
@@ -50,7 +53,7 @@ ImpersonationLevel CASignCommand::GetImpersonationLevel() const
 /**
  * The entry point for the "ca sign" CLI command.
  *
- * @returns An exit status.
+ * @return An exit status.
  */
 int CASignCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
diff --git a/lib/cli/casigncommand.hpp b/lib/cli/casigncommand.hpp
index 28ae8b82a..0089af76c 100644
--- a/lib/cli/casigncommand.hpp
+++ b/lib/cli/casigncommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CASIGNCOMMAND_H
 #define CASIGNCOMMAND_H
diff --git a/lib/cli/clicommand.cpp b/lib/cli/clicommand.cpp
index ece65d4e6..878beac77 100644
--- a/lib/cli/clicommand.cpp
+++ b/lib/cli/clicommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/clicommand.hpp"
 #include "base/logger.hpp"
@@ -186,7 +169,7 @@ bool CLICommand::ParseCommand(int argc, char **argv, po::options_description& vi
 		std::vector<String>::size_type i;
 		int k;
 		for (i = 0, k = 1; i < vname.size() && k < argc; i++, k++) {
-			if (strncmp(argv[k], "--", 2) == 0) {
+			if (strncmp(argv[k], "-", 1) == 0 || strncmp(argv[k], "--", 2) == 0) {
 				i--;
 				continue;
 			}
diff --git a/lib/cli/clicommand.hpp b/lib/cli/clicommand.hpp
index 3023ed4f9..e3bbae171 100644
--- a/lib/cli/clicommand.hpp
+++ b/lib/cli/clicommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CLICOMMAND_H
 #define CLICOMMAND_H
diff --git a/lib/cli/consolecommand.cpp b/lib/cli/consolecommand.cpp
index 774879207..9f8a2cf8a 100644
--- a/lib/cli/consolecommand.cpp
+++ b/lib/cli/consolecommand.cpp
@@ -1,25 +1,7 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/consolecommand.hpp"
 #include "config/configcompiler.hpp"
-#include "remote/apiclient.hpp"
 #include "remote/consolehandler.hpp"
 #include "remote/url.hpp"
 #include "base/configwriter.hpp"
@@ -31,9 +13,26 @@
 #include "base/unixsocket.hpp"
 #include "base/utility.hpp"
 #include "base/networkstream.hpp"
+#include "base/defer.hpp"
+#include "base/io-engine.hpp"
+#include "base/stream.hpp"
+#include "base/tcpsocket.hpp" /* include global icinga::Connect */
+#include <base/base64.hpp>
 #include "base/exception.hpp"
+#include <boost/asio/ssl/context.hpp>
+#include <boost/beast/core/flat_buffer.hpp>
+#include <boost/beast/http/field.hpp>
+#include <boost/beast/http/message.hpp>
+#include <boost/beast/http/parser.hpp>
+#include <boost/beast/http/read.hpp>
+#include <boost/beast/http/status.hpp>
+#include <boost/beast/http/string_body.hpp>
+#include <boost/beast/http/verb.hpp>
+#include <boost/beast/http/write.hpp>
 #include <iostream>
 #include <fstream>
+
+
 #ifdef HAVE_EDITLINE
 #include "cli/editline.hpp"
 #endif /* HAVE_EDITLINE */
@@ -42,7 +41,8 @@ using namespace icinga;
 namespace po = boost::program_options;
 
 static ScriptFrame *l_ScriptFrame;
-static ApiClient::Ptr l_ApiClient;
+static Url::Ptr l_Url;
+static std::shared_ptr<AsioTlsStream> l_TlsStream;
 static String l_Session;
 
 REGISTER_CLICOMMAND("console", ConsoleCommand);
@@ -184,24 +184,16 @@ char *ConsoleCommand::ConsoleCompleteHelper(const char *word, int state)
 	static std::vector<String> matches;
 
 	if (state == 0) {
-		if (!l_ApiClient)
+		if (!l_Url)
 			matches = ConsoleHandler::GetAutocompletionSuggestions(word, *l_ScriptFrame);
 		else {
-			boost::mutex mutex;
-			boost::condition_variable cv;
-			bool ready = false;
 			Array::Ptr suggestions;
 
-			l_ApiClient->AutocompleteScript(l_Session, word, l_ScriptFrame->Sandboxed,
-				std::bind(&ConsoleCommand::AutocompleteScriptCompletionHandler,
-				std::ref(mutex), std::ref(cv), std::ref(ready),
-				_1, _2,
-				std::ref(suggestions)));
-
-			{
-				boost::mutex::scoped_lock lock(mutex);
-				while (!ready)
-					cv.wait(lock);
+			/* Remote debug console. */
+			try {
+				suggestions = AutoCompleteScript(l_Session, word, l_ScriptFrame->Sandboxed);
+			} catch (...) {
+				return nullptr; //Errors are just ignored here.
 			}
 
 			matches.clear();
@@ -244,14 +236,42 @@ int ConsoleCommand::Run(const po::variables_map& vm, const std::vector<std::stri
 		std::cout << "Icinga 2 (version: " << Application::GetAppVersion() << ")\n"
 			<< "Type $help to view available commands.\n";
 
-
-	const char *addrEnv = getenv("ICINGA2_API_URL");
-	if (addrEnv)
+	String addrEnv = Utility::GetFromEnvironment("ICINGA2_API_URL");
+	if (!addrEnv.IsEmpty())
 		addr = addrEnv;
 
-	if (vm.count("connect"))
+	/* Initialize remote connect parameters. */
+	if (vm.count("connect")) {
 		addr = vm["connect"].as<std::string>();
 
+		try {
+			l_Url = new Url(addr);
+		} catch (const std::exception& ex) {
+			Log(LogCritical, "ConsoleCommand", ex.what());
+			return EXIT_FAILURE;
+		}
+
+		String usernameEnv = Utility::GetFromEnvironment("ICINGA2_API_USERNAME");
+		String passwordEnv = Utility::GetFromEnvironment("ICINGA2_API_PASSWORD");
+
+		if (!usernameEnv.IsEmpty())
+			l_Url->SetUsername(usernameEnv);
+		if (!passwordEnv.IsEmpty())
+			l_Url->SetPassword(passwordEnv);
+
+		if (l_Url->GetPort().IsEmpty())
+			l_Url->SetPort("5665");
+
+		/* User passed --connect and wants to run the expression via REST API.
+		 * Evaluate this now before any user input happens.
+		 */
+		try {
+			l_TlsStream = ConsoleCommand::Connect();
+		} catch (const std::exception& ex) {
+			return EXIT_FAILURE;
+		}
+	}
+
 	String command;
 	bool syntaxOnly = false;
 
@@ -284,18 +304,19 @@ int ConsoleCommand::Run(const po::variables_map& vm, const std::vector<std::stri
 	return RunScriptConsole(scriptFrame, addr, session, command, commandFileName, syntaxOnly);
 }
 
-int ConsoleCommand::RunScriptConsole(ScriptFrame& scriptFrame, const String& addr, const String& session, const String& commandOnce, const String& commandOnceFileName, bool syntaxOnly)
+int ConsoleCommand::RunScriptConsole(ScriptFrame& scriptFrame, const String& connectAddr, const String& session,
+	const String& commandOnce, const String& commandOnceFileName, bool syntaxOnly)
 {
 	std::map<String, String> lines;
 	int next_line = 1;
 
 #ifdef HAVE_EDITLINE
-	char *homeEnv = getenv("HOME");
+	String homeEnv = Utility::GetFromEnvironment("HOME");
 
 	String historyPath;
 	std::fstream historyfp;
 
-	if (homeEnv) {
+	if (!homeEnv.IsEmpty()) {
 		historyPath = String(homeEnv) + "/.icinga2_history";
 
 		historyfp.open(historyPath.CStr(), std::fstream::in);
@@ -311,30 +332,6 @@ int ConsoleCommand::RunScriptConsole(ScriptFrame& scriptFrame, const String& add
 	l_ScriptFrame = &scriptFrame;
 	l_Session = session;
 
-	if (!addr.IsEmpty()) {
-		Url::Ptr url;
-
-		try {
-			url = new Url(addr);
-		} catch (const std::exception& ex) {
-			Log(LogCritical, "ConsoleCommand", ex.what());
-			return EXIT_FAILURE;
-		}
-
-		const char *usernameEnv = getenv("ICINGA2_API_USERNAME");
-		const char *passwordEnv = getenv("ICINGA2_API_PASSWORD");
-
-		if (usernameEnv)
-			url->SetUsername(usernameEnv);
-		if (passwordEnv)
-			url->SetPassword(passwordEnv);
-
-		if (url->GetPort().IsEmpty())
-			url->SetPort("5665");
-
-		l_ApiClient = new ApiClient(url->GetHost(), url->GetPort(), url->GetUsername(), url->GetPassword());
-	}
-
 	while (std::cin.good()) {
 		String fileName;
 
@@ -422,7 +419,8 @@ incomplete:
 
 			Value result;
 
-			if (!l_ApiClient) {
+			/* Local debug console. */
+			if (connectAddr.IsEmpty()) {
 				expr = ConfigCompiler::CompileText(fileName, command);
 
 				/* This relies on the fact that - for syntax errors - CompileText()
@@ -434,25 +432,23 @@ incomplete:
 				} else
 					result = true;
 			} else {
-				boost::mutex mutex;
-				boost::condition_variable cv;
-				bool ready = false;
-				boost::exception_ptr eptr;
+				/* Remote debug console. */
+				try {
+					result = ExecuteScript(l_Session, command, scriptFrame.Sandboxed);
+				} catch (const ScriptError&) {
+					/* Re-throw the exception for the outside try-catch block. */
+					boost::rethrow_exception(boost::current_exception());
+				} catch (const std::exception& ex) {
+					Log(LogCritical, "ConsoleCommand")
+						<< "HTTP query failed: " << ex.what();
 
-				l_ApiClient->ExecuteScript(l_Session, command, scriptFrame.Sandboxed,
-					std::bind(&ConsoleCommand::ExecuteScriptCompletionHandler,
-					std::ref(mutex), std::ref(cv), std::ref(ready),
-					_1, _2,
-					std::ref(result), std::ref(eptr)));
+#ifdef HAVE_EDITLINE
+					/* Ensures that the terminal state is reset */
+					rl_deprep_terminal();
+#endif /* HAVE_EDITLINE */
 
-				{
-					boost::mutex::scoped_lock lock(mutex);
-					while (!ready)
-						cv.wait(lock);
+					return EXIT_FAILURE;
 				}
-
-				if (eptr)
-					boost::rethrow_exception(eptr);
 			}
 
 			if (commandOnce.IsEmpty()) {
@@ -476,15 +472,15 @@ incomplete:
 
 				std::vector<String> ulines = text.Split("\n");
 
-				for (int i = 1; i <= ulines.size(); i++) {
+				for (decltype(ulines.size()) i = 1; i <= ulines.size(); i++) {
 					int start, len;
 
-					if (i == di.FirstLine)
+					if (i == (decltype(i))di.FirstLine)
 						start = di.FirstColumn;
 					else
 						start = 0;
 
-					if (i == di.LastLine)
+					if (i == (decltype(i))di.LastLine)
 						len = di.LastColumn - di.FirstColumn + 1;
 					else
 						len = ulines[i - 1].GetLength();
@@ -497,7 +493,7 @@ incomplete:
 					} else
 						offset = 4;
 
-					if (i >= di.FirstLine && i <= di.LastLine) {
+					if (i >= (decltype(i))di.FirstLine && i <= (decltype(i))di.LastLine) {
 						std::cout << String(di.Path.GetLength() + offset, ' ');
 						std::cout << String(start, ' ') << String(len, '^') << "\n";
 					}
@@ -521,48 +517,207 @@ incomplete:
 	return EXIT_SUCCESS;
 }
 
-void ConsoleCommand::ExecuteScriptCompletionHandler(boost::mutex& mutex, boost::condition_variable& cv,
-	bool& ready, const boost::exception_ptr& eptr, const Value& result, Value& resultOut, boost::exception_ptr& eptrOut)
+/**
+ * Connects to host:port and performs a TLS shandshake
+ *
+ * @returns AsioTlsStream pointer for future HTTP connections.
+ */
+std::shared_ptr<AsioTlsStream> ConsoleCommand::Connect()
 {
-	if (eptr) {
-		try {
-			boost::rethrow_exception(eptr);
-		} catch (const ScriptError&) {
-			eptrOut = boost::current_exception();
-		} catch (const std::exception& ex) {
-			Log(LogCritical, "ConsoleCommand")
-				<< "HTTP query failed: " << ex.what();
-			Application::Exit(EXIT_FAILURE);
+	std::shared_ptr<boost::asio::ssl::context> sslContext;
+
+	try {
+		sslContext = MakeAsioSslContext(Empty, Empty, Empty); //TODO: Add support for cert, key, ca parameters
+	} catch(const std::exception& ex) {
+		Log(LogCritical, "DebugConsole")
+			<< "Cannot make SSL context: " << ex.what();
+		throw;
+	}
+
+	String host = l_Url->GetHost();
+	String port = l_Url->GetPort();
+
+	std::shared_ptr<AsioTlsStream> stream = std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext(), *sslContext, host);
+
+	try {
+		icinga::Connect(stream->lowest_layer(), host, port);
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "DebugConsole")
+			<< "Cannot connect to REST API on host '" << host << "' port '" << port << "': " << ex.what();
+		throw;
+	}
+
+	auto& tlsStream (stream->next_layer());
+
+	try {
+		tlsStream.handshake(tlsStream.client);
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "DebugConsole")
+			<< "TLS handshake with host '" << host << "' failed: " << ex.what();
+		throw;
+	}
+
+	return std::move(stream);
+}
+
+/**
+ * Sends the request via REST API and returns the parsed response.
+ *
+ * @param tlsStream Caller must prepare TLS stream/handshake.
+ * @param url Fully prepared Url object.
+ * @return A dictionary decoded from JSON.
+ */
+Dictionary::Ptr ConsoleCommand::SendRequest()
+{
+	namespace beast = boost::beast;
+	namespace http = beast::http;
+
+	l_TlsStream = ConsoleCommand::Connect();
+
+	Defer s ([&]() {
+		l_TlsStream->next_layer().shutdown();
+	});
+
+	http::request<http::string_body> request(http::verb::post, std::string(l_Url->Format(false)), 10);
+
+	request.set(http::field::user_agent, "Icinga/DebugConsole/" + Application::GetAppVersion());
+	request.set(http::field::host, l_Url->GetHost() + ":" + l_Url->GetPort());
+
+	request.set(http::field::accept, "application/json");
+	request.set(http::field::authorization, "Basic " + Base64::Encode(l_Url->GetUsername() + ":" + l_Url->GetPassword()));
+
+	try {
+		http::write(*l_TlsStream, request);
+		l_TlsStream->flush();
+	} catch (const std::exception &ex) {
+		Log(LogWarning, "DebugConsole")
+			<< "Cannot write HTTP request to REST API at URL '" << l_Url->Format(true) << "': " << ex.what();
+		throw;
+	}
+
+	http::parser<false, http::string_body> parser;
+	beast::flat_buffer buf;
+
+	try {
+		http::read(*l_TlsStream, buf, parser);
+	} catch (const std::exception &ex) {
+		Log(LogWarning, "DebugConsole")
+			<< "Failed to parse HTTP response from REST API at URL '" << l_Url->Format(true) << "': " << ex.what();
+		throw;
+	}
+
+	auto &response(parser.get());
+
+	/* Handle HTTP errors first. */
+	if (response.result() != http::status::ok) {
+		String message = "HTTP request failed; Code: " + Convert::ToString(response.result())
+			+ "; Body: " + response.body();
+		BOOST_THROW_EXCEPTION(ScriptError(message));
+	}
+
+	Dictionary::Ptr jsonResponse;
+	auto &body(response.body());
+
+	//Log(LogWarning, "Console")
+	//	<< "Got response: " << response.body();
+
+	try {
+		jsonResponse = JsonDecode(body);
+	} catch (...) {
+		String message = "Cannot parse JSON response body: " + response.body();
+		BOOST_THROW_EXCEPTION(ScriptError(message));
+	}
+
+	return jsonResponse;
+}
+
+/**
+ * Executes the DSL script via HTTP and returns HTTP and user errors.
+ *
+ * @param session Local session handler.
+ * @param command The DSL string.
+ * @param sandboxed Whether to run this sandboxed.
+ * @return Result value, also contains user errors.
+ */
+Value ConsoleCommand::ExecuteScript(const String& session, const String& command, bool sandboxed)
+{
+	/* Extend the url parameters for the request. */
+	l_Url->SetPath({"v1", "console", "execute-script"});
+
+	l_Url->SetQuery({
+		{"session",   session},
+		{"command",   command},
+		{"sandboxed", sandboxed ? "1" : "0"}
+	});
+
+	Dictionary::Ptr jsonResponse = SendRequest();
+
+	/* Extract the result, and handle user input errors too. */
+	Array::Ptr results = jsonResponse->Get("results");
+	Value result;
+
+	if (results && results->GetLength() > 0) {
+		Dictionary::Ptr resultInfo = results->Get(0);
+
+		if (resultInfo->Get("code") >= 200 && resultInfo->Get("code") <= 299) {
+			result = resultInfo->Get("result");
+		} else {
+			String errorMessage = resultInfo->Get("status");
+
+			DebugInfo di;
+			Dictionary::Ptr debugInfo = resultInfo->Get("debug_info");
+
+			if (debugInfo) {
+				di.Path = debugInfo->Get("path");
+				di.FirstLine = debugInfo->Get("first_line");
+				di.FirstColumn = debugInfo->Get("first_column");
+				di.LastLine = debugInfo->Get("last_line");
+				di.LastColumn = debugInfo->Get("last_column");
+			}
+
+			bool incompleteExpression = resultInfo->Get("incomplete_expression");
+			BOOST_THROW_EXCEPTION(ScriptError(errorMessage, di, incompleteExpression));
 		}
 	}
 
-	resultOut = result;
-
-	{
-		boost::mutex::scoped_lock lock(mutex);
-		ready = true;
-		cv.notify_all();
-	}
+	return result;
 }
 
-void ConsoleCommand::AutocompleteScriptCompletionHandler(boost::mutex& mutex, boost::condition_variable& cv,
-	bool& ready, const boost::exception_ptr& eptr, const Array::Ptr& result, Array::Ptr& resultOut)
+/**
+ * Executes the auto completion script via HTTP and returns HTTP and user errors.
+ *
+ * @param session Local session handler.
+ * @param command The auto completion string.
+ * @param sandboxed Whether to run this sandboxed.
+ * @return Result value, also contains user errors.
+ */
+Array::Ptr ConsoleCommand::AutoCompleteScript(const String& session, const String& command, bool sandboxed)
 {
-	if (eptr) {
-		try {
-			boost::rethrow_exception(eptr);
-		} catch (const std::exception& ex) {
-			Log(LogCritical, "ConsoleCommand")
-				<< "HTTP query failed: " << ex.what();
-			Application::Exit(EXIT_FAILURE);
+	/* Extend the url parameters for the request. */
+	l_Url->SetPath({ "v1", "console", "auto-complete-script" });
+
+	l_Url->SetQuery({
+		{"session",   session},
+		{"command",   command},
+		{"sandboxed", sandboxed ? "1" : "0"}
+	});
+
+	Dictionary::Ptr jsonResponse = SendRequest();
+
+	/* Extract the result, and handle user input errors too. */
+	Array::Ptr results = jsonResponse->Get("results");
+	Array::Ptr suggestions;
+
+	if (results && results->GetLength() > 0) {
+		Dictionary::Ptr resultInfo = results->Get(0);
+
+		if (resultInfo->Get("code") >= 200 && resultInfo->Get("code") <= 299) {
+			suggestions = resultInfo->Get("suggestions");
+		} else {
+			String errorMessage = resultInfo->Get("status");
+			BOOST_THROW_EXCEPTION(ScriptError(errorMessage));
 		}
 	}
 
-	resultOut = result;
-
-	{
-		boost::mutex::scoped_lock lock(mutex);
-		ready = true;
-		cv.notify_all();
-	}
+	return suggestions;
 }
diff --git a/lib/cli/consolecommand.hpp b/lib/cli/consolecommand.hpp
index 9369080c4..95d6dce12 100644
--- a/lib/cli/consolecommand.hpp
+++ b/lib/cli/consolecommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONSOLECOMMAND_H
 #define CONSOLECOMMAND_H
@@ -23,6 +6,9 @@
 #include "cli/clicommand.hpp"
 #include "base/exception.hpp"
 #include "base/scriptframe.hpp"
+#include "base/tlsstream.hpp"
+#include "remote/url.hpp"
+
 
 namespace icinga
 {
@@ -46,7 +32,7 @@ public:
 		boost::program_options::options_description& hiddenDesc) const override;
 	int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
 
-	static int RunScriptConsole(ScriptFrame& scriptFrame, const String& addr = String(),
+	static int RunScriptConsole(ScriptFrame& scriptFrame, const String& connectAddr = String(),
 		const String& session = String(), const String& commandOnce = String(), const String& commandOnceFileName = String(),
 		bool syntaxOnly = false);
 
@@ -54,11 +40,12 @@ private:
 	mutable boost::mutex m_Mutex;
 	mutable boost::condition_variable m_CV;
 
-	static void ExecuteScriptCompletionHandler(boost::mutex& mutex, boost::condition_variable& cv,
-		bool& ready, const boost::exception_ptr& eptr, const Value& result, Value& resultOut,
-		boost::exception_ptr& eptrOut);
-	static void AutocompleteScriptCompletionHandler(boost::mutex& mutex, boost::condition_variable& cv,
-		bool& ready, const boost::exception_ptr& eptr, const Array::Ptr& result, Array::Ptr& resultOut);
+	static std::shared_ptr<AsioTlsStream> Connect();
+
+	static Value ExecuteScript(const String& session, const String& command, bool sandboxed);
+	static Array::Ptr AutoCompleteScript(const String& session, const String& command, bool sandboxed);
+
+	static Dictionary::Ptr SendRequest();
 
 #ifdef HAVE_EDITLINE
 	static char *ConsoleCompleteHelper(const char *word, int state);
diff --git a/lib/cli/daemoncommand.cpp b/lib/cli/daemoncommand.cpp
index d113dac11..28fce401d 100644
--- a/lib/cli/daemoncommand.cpp
+++ b/lib/cli/daemoncommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/daemoncommand.hpp"
 #include "cli/daemonutility.hpp"
@@ -24,6 +7,8 @@
 #include "config/configcompiler.hpp"
 #include "config/configcompilercontext.hpp"
 #include "config/configitembuilder.hpp"
+#include "base/atomic.hpp"
+#include "base/defer.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/timer.hpp"
@@ -33,11 +18,25 @@
 #include "base/scriptglobal.hpp"
 #include "base/context.hpp"
 #include "config.h"
+#include <cstdint>
+#include <cstring>
 #include <boost/program_options.hpp>
-#include <boost/tuple/tuple.hpp>
 #include <iostream>
 #include <fstream>
 
+#ifdef _WIN32
+#include <windows.h>
+#else /* _WIN32 */
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#endif /* _WIN32 */
+
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif /* HAVE_SYSTEMD */
+
 using namespace icinga;
 namespace po = boost::program_options;
 
@@ -45,21 +44,28 @@ static po::variables_map g_AppParams;
 
 REGISTER_CLICOMMAND("daemon", DaemonCommand);
 
-#ifndef _WIN32
-static void SigHupHandler(int)
-{
-	Application::RequestRestart();
-}
-#endif /* _WIN32 */
-
-static bool Daemonize()
+/*
+ * Daemonize().  On error, this function logs by itself and exits (i.e. does not return).
+ *
+ * Implementation note: We're only supposed to call exit() in one of the forked processes.
+ * The other process calls _exit().  This prevents issues with exit handlers like atexit().
+ */
+static void Daemonize() noexcept
 {
 #ifndef _WIN32
-	Application::UninitializeBase();
+	try {
+		Application::UninitializeBase();
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "cli")
+			<< "Failed to stop thread pool before daemonizing, unexpected error: " << DiagnosticInformation(ex);
+		exit(EXIT_FAILURE);
+	}
 
 	pid_t pid = fork();
 	if (pid == -1) {
-		return false;
+		Log(LogCritical, "cli")
+			<< "fork() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+		exit(EXIT_FAILURE);
 	}
 
 	if (pid) {
@@ -72,7 +78,7 @@ static bool Daemonize()
 		do {
 			Utility::Sleep(0.1);
 
-			readpid = Application::ReadPidFile(Application::GetPidPath());
+			readpid = Application::ReadPidFile(Configuration::PidPath);
 			ret = waitpid(pid, &status, WNOHANG);
 		} while (readpid != pid && ret == 0);
 
@@ -88,13 +94,28 @@ static bool Daemonize()
 		_exit(EXIT_SUCCESS);
 	}
 
-	Application::InitializeBase();
-#endif /* _WIN32 */
+	Log(LogDebug, "Daemonize()")
+		<< "Child process with PID " << Utility::GetPid() << " continues; re-initializing base.";
 
-	return true;
+	// Detach from controlling terminal
+	pid_t sid = setsid();
+	if (sid == -1) {
+		Log(LogCritical, "cli")
+			<< "setsid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+		exit(EXIT_FAILURE);
+	}
+
+	try {
+		Application::InitializeBase();
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "cli")
+			<< "Failed to re-initialize thread pool after daemonizing: " << DiagnosticInformation(ex);
+		exit(EXIT_FAILURE);
+	}
+#endif /* _WIN32 */
 }
 
-static bool SetDaemonIO(const String& stderrFile)
+static void CloseStdIO(const String& stderrFile)
 {
 #ifndef _WIN32
 	int fdnull = open("/dev/null", O_RDWR);
@@ -126,14 +147,7 @@ static bool SetDaemonIO(const String& stderrFile)
 		if (fderr > 2)
 			close(fderr);
 	}
-
-	pid_t sid = setsid();
-	if (sid == -1) {
-		return false;
-	}
 #endif
-
-	return true;
 }
 
 String DaemonCommand::GetDescription() const
@@ -153,19 +167,12 @@ void DaemonCommand::InitParameters(boost::program_options::options_description&
 		("config,c", po::value<std::vector<std::string> >(), "parse a configuration file")
 		("no-config,z", "start without a configuration file")
 		("validate,C", "exit after validating the configuration")
-		("errorlog,e", po::value<std::string>(), "log fatal errors to the specified log file (only works in combination with --daemonize)")
+		("errorlog,e", po::value<std::string>(), "log fatal errors to the specified log file (only works in combination with --daemonize or --close-stdio)")
 #ifndef _WIN32
 		("daemonize,d", "detach from the controlling terminal")
+		("close-stdio", "do not log to stdout (or stderr) after startup")
 #endif /* _WIN32 */
 	;
-
-#ifndef _WIN32
-	hiddenDesc.add_options()
-		("reload-internal", po::value<int>(), "used internally to implement config reload: do not call manually, send SIGHUP instead");
-#else
-	hiddenDesc.add_options()
-		("restart-service", po::value<std::string>(), "tries to restart the Icinga 2 service");
-#endif /* _WIN32 */
 }
 
 std::vector<String> DaemonCommand::GetArgumentSuggestions(const String& argument, const String& word) const
@@ -176,128 +183,68 @@ std::vector<String> DaemonCommand::GetArgumentSuggestions(const String& argument
 		return CLICommand::GetArgumentSuggestions(argument, word);
 }
 
+#ifndef _WIN32
+// The PID of the Icinga umbrella process
+pid_t l_UmbrellaPid = 0;
+
+// Whether the umbrella process allowed us to continue working beyond config validation
+static Atomic<bool> l_AllowedToWork (false);
+#endif /* _WIN32 */
+
 /**
- * The entry point for the "daemon" CLI command.
+ * Do the actual work (config loading, ...)
  *
- * @returns An exit status.
+ * @param configs Files to read config from
+ * @param closeConsoleLog Whether to close the console log after config loading
+ * @param stderrFile Where to log errors
+ *
+ * @return Exit code
  */
-int DaemonCommand::Run(const po::variables_map& vm, const std::vector<std::string>& ap) const
+static inline
+int RunWorker(const std::vector<std::string>& configs, bool closeConsoleLog = false, const String& stderrFile = String())
 {
-	Logger::EnableTimestamp();
-
-	Log(LogInformation, "cli")
-		<< "Icinga application loader (version: " << Application::GetAppVersion()
-#ifdef I2_DEBUG
-		<< "; debug"
-#endif /* I2_DEBUG */
-		<< ")";
-
-	if (!vm.count("validate") && !vm.count("reload-internal")) {
-		pid_t runningpid = Application::ReadPidFile(Application::GetPidPath());
-		if (runningpid > 0) {
-			Log(LogCritical, "cli")
-				<< "Another instance of Icinga already running with PID " << runningpid;
-			return EXIT_FAILURE;
-		}
-	}
-
-	std::vector<std::string> configs;
-	if (vm.count("config") > 0)
-		configs = vm["config"].as<std::vector<std::string> >();
-	else if (!vm.count("no-config"))
-		configs.push_back(Application::GetSysconfDir() + "/icinga2/icinga2.conf");
-
 	Log(LogInformation, "cli", "Loading configuration file(s).");
 
-	std::vector<ConfigItem::Ptr> newItems;
+	{
+		std::vector<ConfigItem::Ptr> newItems;
 
-	if (!DaemonUtility::LoadConfigFiles(configs, newItems, Application::GetObjectsPath(), Application::GetVarsPath()))
-		return EXIT_FAILURE;
-
-#ifdef _WIN32
-	if (vm.count("restart-service")) {
-		SC_HANDLE handleManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
-		if (!handleManager) {
-			Log(LogCritical, "cli") << "Failed to open service manager. Error code: " << GetLastError();
+		if (!DaemonUtility::LoadConfigFiles(configs, newItems, Configuration::ObjectsPath, Configuration::VarsPath)) {
+			Log(LogCritical, "cli", "Config validation failed. Re-run with 'icinga2 daemon -C' after fixing the config.");
 			return EXIT_FAILURE;
 		}
 
-		std::string service = vm["restart-service"].as<std::string>();
-
-		SC_HANDLE handleService = OpenService(handleManager, service.c_str(), SERVICE_START | SERVICE_STOP);
-		if (!handleService) {
-			Log(LogCritical, "cli") << "Failed to open service handle of '" << service << "'. Error code: " << GetLastError();
-			return EXIT_FAILURE;
-		}
-
-		SERVICE_STATUS serviceStatus;
-		if (!ControlService(handleService, SERVICE_CONTROL_STOP, &serviceStatus)) {
-			DWORD error = GetLastError();
-			if (error = ERROR_SERVICE_NOT_ACTIVE)
-				Log(LogInformation, "cli") << "Service '" << service << "' is not running.";
-			else {
-				Log(LogCritical, "cli") << "Failed to stop service. Error code: " << GetLastError();
-				return EXIT_FAILURE;
-			}
-		}
-
-		if (!StartService(handleService, 0, NULL)) {
-			Log(LogCritical, "cli") << "Failed to start up service '" << service << "'. Error code: " << GetLastError();
-			return EXIT_FAILURE;
-		}
-
-		return EXIT_SUCCESS;
-	}
-#endif /* _WIN32 */
-
-	if (vm.count("validate")) {
-		Log(LogInformation, "cli", "Finished validating the configuration file(s).");
-		return EXIT_SUCCESS;
-	}
-
 #ifndef _WIN32
-	if (vm.count("reload-internal")) {
-		/* We went through validation and now ask the old process kindly to die */
-		Log(LogInformation, "cli", "Requesting to take over.");
-		int rc = kill(vm["reload-internal"].as<int>(), SIGUSR2);
-		if (rc) {
+		Log(LogNotice, "cli")
+			<< "Notifying umbrella process (PID " << l_UmbrellaPid << ") about the config loading success";
+
+		(void)kill(l_UmbrellaPid, SIGUSR2);
+
+		Log(LogNotice, "cli")
+			<< "Waiting for the umbrella process to let us doing the actual work";
+
+		if (closeConsoleLog) {
+			CloseStdIO(stderrFile);
+			Logger::DisableConsoleLog();
+		}
+
+		while (!l_AllowedToWork.load()) {
+			Utility::Sleep(0.2);
+		}
+
+		Log(LogNotice, "cli")
+			<< "The umbrella process let us continuing";
+#endif /* _WIN32 */
+
+		/* restore the previous program state */
+		try {
+			ConfigObject::RestoreObjects(Configuration::StatePath);
+		} catch (const std::exception& ex) {
 			Log(LogCritical, "cli")
-				<< "Failed to send signal to \"" << vm["reload-internal"].as<int>() <<  "\" with " << strerror(errno);
+				<< "Failed to restore state file: " << DiagnosticInformation(ex);
 			return EXIT_FAILURE;
 		}
 
-		double start = Utility::GetTime();
-		while (kill(vm["reload-internal"].as<int>(), SIGCHLD) == 0)
-			Utility::Sleep(0.2);
-
-		Log(LogNotice, "cli")
-			<< "Waited for " << Utility::FormatDuration(Utility::GetTime() - start) << " on old process to exit.";
-	}
-#endif /* _WIN32 */
-
-	if (vm.count("daemonize")) {
-		if (!vm.count("reload-internal")) {
-			// no additional fork neccessary on reload
-			try {
-				Daemonize();
-			} catch (std::exception&) {
-				Log(LogCritical, "cli", "Daemonize failed. Exiting.");
-				return EXIT_FAILURE;
-			}
-		}
-	}
-
-	/* restore the previous program state */
-	try {
-		ConfigObject::RestoreObjects(Application::GetStatePath());
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "cli")
-			<< "Failed to restore state file: " << DiagnosticInformation(ex);
-		return EXIT_FAILURE;
-	}
-
-	{
-		WorkQueue upq(25000, Application::GetConcurrency());
+		WorkQueue upq(25000, Configuration::Concurrency);
 		upq.SetName("DaemonCommand::Run");
 
 		// activate config only after daemonization: it starts threads and that is not compatible with fork()
@@ -307,26 +254,536 @@ int DaemonCommand::Run(const po::variables_map& vm, const std::vector<std::strin
 		}
 	}
 
-	if (vm.count("daemonize")) {
-		String errorLog;
-		if (vm.count("errorlog"))
-			errorLog = vm["errorlog"].as<std::string>();
-
-		SetDaemonIO(errorLog);
-		Logger::DisableConsoleLog();
-	}
+	/* Create the internal API object storage. Do this here too with setups without API. */
+	ConfigObjectUtility::CreateStorage();
 
 	/* Remove ignored Downtime/Comment objects. */
-	ConfigItem::RemoveIgnoredItems(ConfigObjectUtility::GetConfigDir());
-
-#ifndef _WIN32
-	struct sigaction sa;
-	memset(&sa, 0, sizeof(sa));
-	sa.sa_handler = &SigHupHandler;
-	sigaction(SIGHUP, &sa, nullptr);
-#endif /* _WIN32 */
+	try {
+		String configDir = ConfigObjectUtility::GetConfigDir();
+		ConfigItem::RemoveIgnoredItems(configDir);
+	} catch (const std::exception& ex) {
+		Log(LogNotice, "cli")
+			<< "Cannot clean ignored downtimes/comments: " << ex.what();
+	}
 
 	ApiListener::UpdateObjectAuthority();
 
 	return Application::GetInstance()->Run();
 }
+
+#ifndef _WIN32
+/**
+ * The possible states of a seemless worker being started by StartUnixWorker().
+ */
+enum class UnixWorkerState : uint_fast8_t
+{
+	Pending,
+	LoadedConfig,
+	Failed
+};
+
+// The signals to block temporarily in StartUnixWorker().
+static const sigset_t l_UnixWorkerSignals = ([]() -> sigset_t {
+	sigset_t s;
+
+	(void)sigemptyset(&s);
+	(void)sigaddset(&s, SIGCHLD);
+	(void)sigaddset(&s, SIGUSR1);
+	(void)sigaddset(&s, SIGUSR2);
+	(void)sigaddset(&s, SIGINT);
+	(void)sigaddset(&s, SIGTERM);
+	(void)sigaddset(&s, SIGHUP);
+
+	return s;
+})();
+
+// The PID of the seemless worker currently being started by StartUnixWorker()
+static Atomic<pid_t> l_CurrentlyStartingUnixWorkerPid (-1);
+
+// The state of the seemless worker currently being started by StartUnixWorker()
+static Atomic<UnixWorkerState> l_CurrentlyStartingUnixWorkerState (UnixWorkerState::Pending);
+
+// The last temination signal we received
+static Atomic<int> l_TermSignal (-1);
+
+// Whether someone requested to re-load config (and we didn't handle that request, yet)
+static Atomic<bool> l_RequestedReload (false);
+
+// Whether someone requested to re-open logs (and we didn't handle that request, yet)
+static Atomic<bool> l_RequestedReopenLogs (false);
+
+/**
+ * Umbrella process' signal handlers
+ */
+static void UmbrellaSignalHandler(int num, siginfo_t *info, void*)
+{
+	switch (num) {
+		case SIGUSR1:
+			// Someone requested to re-open logs
+			l_RequestedReopenLogs.store(true);
+			break;
+		case SIGUSR2:
+			if (l_CurrentlyStartingUnixWorkerState.load() == UnixWorkerState::Pending
+				&& info->si_pid == l_CurrentlyStartingUnixWorkerPid.load()) {
+				// The seemless worker currently being started by StartUnixWorker() successfully loaded its config
+				l_CurrentlyStartingUnixWorkerState.store(UnixWorkerState::LoadedConfig);
+			}
+			break;
+		case SIGCHLD:
+			if (l_CurrentlyStartingUnixWorkerState.load() == UnixWorkerState::Pending
+				&& info->si_pid == l_CurrentlyStartingUnixWorkerPid.load()) {
+				// The seemless worker currently being started by StartUnixWorker() failed
+				l_CurrentlyStartingUnixWorkerState.store(UnixWorkerState::Failed);
+			}
+			break;
+		case SIGINT:
+		case SIGTERM:
+			// Someone requested our termination
+
+			{
+				struct sigaction sa;
+				memset(&sa, 0, sizeof(sa));
+
+				sa.sa_handler = SIG_DFL;
+
+				(void)sigaction(num, &sa, nullptr);
+			}
+
+			l_TermSignal.store(num);
+			break;
+		case SIGHUP:
+			// Someone requested to re-load config
+			l_RequestedReload.store(true);
+			break;
+		default:
+			// Programming error (or someone has broken the userspace)
+			VERIFY(!"Caught unexpected signal");
+	}
+}
+
+/**
+ * Seemless worker's signal handlers
+ */
+static void WorkerSignalHandler(int num, siginfo_t *info, void*)
+{
+	switch (num) {
+		case SIGUSR2:
+			if (info->si_pid == l_UmbrellaPid) {
+				// The umbrella process allowed us to continue working beyond config validation
+				l_AllowedToWork.store(true);
+			}
+			break;
+		case SIGINT:
+		case SIGTERM:
+			if (info->si_pid == l_UmbrellaPid) {
+				// The umbrella process requested our termination
+				Application::RequestShutdown();
+			}
+			break;
+		default:
+			// Programming error (or someone has broken the userspace)
+			VERIFY(!"Caught unexpected signal");
+	}
+}
+
+#ifdef HAVE_SYSTEMD
+// When we last notified the watchdog.
+static Atomic<double> l_LastNotifiedWatchdog (0);
+
+/**
+ * Notify the watchdog if not notified during the last 2.5s.
+ */
+static void NotifyWatchdog()
+{
+	double now = Utility::GetTime();
+
+	if (now - l_LastNotifiedWatchdog.load() >= 2.5) {
+		sd_notify(0, "WATCHDOG=1");
+		l_LastNotifiedWatchdog.store(now);
+	}
+}
+#endif /* HAVE_SYSTEMD */
+
+/**
+ * Starts seemless worker process doing the actual work (config loading, ...)
+ *
+ * @param configs Files to read config from
+ * @param closeConsoleLog Whether to close the console log after config loading
+ * @param stderrFile Where to log errors
+ *
+ * @return The worker's PID on success, -1 on failure (if the worker couldn't load its config)
+ */
+static pid_t StartUnixWorker(const std::vector<std::string>& configs, bool closeConsoleLog = false, const String& stderrFile = String())
+{
+	Log(LogNotice, "cli")
+		<< "Spawning seemless worker process doing the actual work";
+
+	try {
+		Application::UninitializeBase();
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "cli")
+			<< "Failed to stop thread pool before forking, unexpected error: " << DiagnosticInformation(ex);
+		exit(EXIT_FAILURE);
+	}
+
+	/* Block the signal handlers we'd like to change in the child process until we changed them.
+	 * Block SIGUSR2 and SIGCHLD handlers until we've set l_CurrentlyStartingUnixWorkerPid.
+	 */
+	(void)sigprocmask(SIG_BLOCK, &l_UnixWorkerSignals, nullptr);
+
+	pid_t pid = fork();
+
+	switch (pid) {
+		case -1:
+			Log(LogCritical, "cli")
+				<< "fork() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+			exit(EXIT_FAILURE);
+
+		case 0:
+			try {
+				{
+					struct sigaction sa;
+					memset(&sa, 0, sizeof(sa));
+
+					sa.sa_handler = SIG_DFL;
+
+					(void)sigaction(SIGCHLD, &sa, nullptr);
+					(void)sigaction(SIGUSR1, &sa, nullptr);
+					(void)sigaction(SIGHUP, &sa, nullptr);
+				}
+
+				{
+					struct sigaction sa;
+					memset(&sa, 0, sizeof(sa));
+
+					sa.sa_sigaction = &WorkerSignalHandler;
+					sa.sa_flags = SA_RESTART | SA_SIGINFO;
+
+					(void)sigaction(SIGUSR2, &sa, nullptr);
+					(void)sigaction(SIGINT, &sa, nullptr);
+					(void)sigaction(SIGTERM, &sa, nullptr);
+				}
+
+				(void)sigprocmask(SIG_UNBLOCK, &l_UnixWorkerSignals, nullptr);
+
+				try {
+					Application::InitializeBase();
+				} catch (const std::exception& ex) {
+					Log(LogCritical, "cli")
+						<< "Failed to re-initialize thread pool after forking (child): " << DiagnosticInformation(ex);
+					_exit(EXIT_FAILURE);
+				}
+
+				_exit(RunWorker(configs, closeConsoleLog, stderrFile));
+			} catch (...) {
+				_exit(EXIT_FAILURE);
+			}
+
+		default:
+			l_CurrentlyStartingUnixWorkerPid.store(pid);
+			(void)sigprocmask(SIG_UNBLOCK, &l_UnixWorkerSignals, nullptr);
+
+			Log(LogNotice, "cli")
+				<< "Spawned worker process (PID " << pid << "), waiting for it to load its config";
+
+			// Wait for the newly spawned process to either load its config or fail.
+			for (;;) {
+#ifdef HAVE_SYSTEMD
+				NotifyWatchdog();
+#endif /* HAVE_SYSTEMD */
+
+				switch (l_CurrentlyStartingUnixWorkerState.load()) {
+					case UnixWorkerState::LoadedConfig:
+						Log(LogNotice, "cli")
+							<< "Worker process successfully loaded its config";
+						break;
+					case UnixWorkerState::Failed:
+						Log(LogNotice, "cli")
+							<< "Worker process couldn't load its config";
+
+						while (waitpid(pid, nullptr, 0) == -1 && errno == EINTR) {
+#ifdef HAVE_SYSTEMD
+							NotifyWatchdog();
+#endif /* HAVE_SYSTEMD */
+						}
+						pid = -1;
+						break;
+					default:
+						Utility::Sleep(0.2);
+						continue;
+				}
+
+				break;
+			}
+
+			// Reset flags for the next time
+			l_CurrentlyStartingUnixWorkerPid.store(-1);
+			l_CurrentlyStartingUnixWorkerState.store(UnixWorkerState::Pending);
+
+			try {
+				Application::InitializeBase();
+			} catch (const std::exception& ex) {
+				Log(LogCritical, "cli")
+					<< "Failed to re-initialize thread pool after forking (parent): " << DiagnosticInformation(ex);
+				exit(EXIT_FAILURE);
+			}
+	}
+
+	return pid;
+}
+
+/**
+ * Workaround to instantiate Application (which is abstract) in DaemonCommand#Run()
+ */
+class PidFileManagementApp : public Application
+{
+public:
+	inline int Main() override
+	{
+		return EXIT_FAILURE;
+	}
+};
+#endif /* _WIN32 */
+
+/**
+ * The entry point for the "daemon" CLI command.
+ *
+ * @returns An exit status.
+ */
+int DaemonCommand::Run(const po::variables_map& vm, const std::vector<std::string>& ap) const
+{
+#ifdef _WIN32
+	SetConsoleOutputCP(65001);
+#endif /* _WIN32 */
+
+	Logger::EnableTimestamp();
+
+	Log(LogInformation, "cli")
+		<< "Icinga application loader (version: " << Application::GetAppVersion()
+#ifdef I2_DEBUG
+		<< "; debug"
+#endif /* I2_DEBUG */
+		<< ")";
+
+	std::vector<std::string> configs;
+	if (vm.count("config") > 0)
+		configs = vm["config"].as<std::vector<std::string> >();
+	else if (!vm.count("no-config")) {
+		/* The implicit string assignment is needed for Windows builds. */
+		String configDir = Configuration::ConfigDir;
+		configs.push_back(configDir + "/icinga2.conf");
+	}
+
+	if (vm.count("validate")) {
+		Log(LogInformation, "cli", "Loading configuration file(s).");
+
+		std::vector<ConfigItem::Ptr> newItems;
+
+		if (!DaemonUtility::LoadConfigFiles(configs, newItems, Configuration::ObjectsPath, Configuration::VarsPath)) {
+			Log(LogCritical, "cli", "Config validation failed. Re-run with 'icinga2 daemon -C' after fixing the config.");
+			return EXIT_FAILURE;
+		}
+
+		Log(LogInformation, "cli", "Finished validating the configuration file(s).");
+		return EXIT_SUCCESS;
+	}
+
+	{
+		pid_t runningpid = Application::ReadPidFile(Configuration::PidPath);
+		if (runningpid > 0) {
+			Log(LogCritical, "cli")
+				<< "Another instance of Icinga already running with PID " << runningpid;
+			return EXIT_FAILURE;
+		}
+	}
+
+	if (vm.count("daemonize")) {
+		// this subroutine either succeeds, or logs an error
+		// and terminates the process (does not return).
+		Daemonize();
+	}
+
+#ifndef _WIN32
+	/* The Application manages the PID file,
+	 * but on *nix this process doesn't load any config
+	 * so there's no central Application instance.
+	 */
+	PidFileManagementApp app;
+
+	try {
+		app.UpdatePidFile(Configuration::PidPath);
+	} catch (const std::exception&) {
+		Log(LogCritical, "Application")
+			<< "Cannot update PID file '" << Configuration::PidPath << "'. Aborting.";
+		return EXIT_FAILURE;
+	}
+
+	Defer closePidFile ([&app]() {
+		app.ClosePidFile(true);
+	});
+#endif /* _WIN32 */
+
+	if (vm.count("daemonize")) {
+		// After disabling the console log, any further errors will go to the configured log only.
+		// Let's try to make this clear and say good bye.
+		Log(LogInformation, "cli", "Closing console log.");
+
+		String errorLog;
+		if (vm.count("errorlog"))
+			errorLog = vm["errorlog"].as<std::string>();
+
+		CloseStdIO(errorLog);
+		Logger::DisableConsoleLog();
+	}
+
+#ifdef _WIN32
+	return RunWorker(configs);
+#else /* _WIN32 */
+	l_UmbrellaPid = getpid();
+	Application::SetUmbrellaProcess(l_UmbrellaPid);
+
+	{
+		struct sigaction sa;
+		memset(&sa, 0, sizeof(sa));
+
+		sa.sa_sigaction = &UmbrellaSignalHandler;
+		sa.sa_flags = SA_NOCLDSTOP | SA_RESTART | SA_SIGINFO;
+
+		(void)sigaction(SIGCHLD, &sa, nullptr);
+		(void)sigaction(SIGUSR1, &sa, nullptr);
+		(void)sigaction(SIGUSR2, &sa, nullptr);
+		(void)sigaction(SIGINT, &sa, nullptr);
+		(void)sigaction(SIGTERM, &sa, nullptr);
+		(void)sigaction(SIGHUP, &sa, nullptr);
+	}
+
+	bool closeConsoleLog = !vm.count("daemonize") && vm.count("close-stdio");
+
+	String errorLog;
+	if (vm.count("errorlog"))
+		errorLog = vm["errorlog"].as<std::string>();
+
+	// The PID of the current seemless worker
+	pid_t currentWorker = StartUnixWorker(configs, closeConsoleLog, errorLog);
+
+	if (currentWorker == -1) {
+		return EXIT_FAILURE;
+	}
+
+	if (closeConsoleLog) {
+		// After disabling the console log, any further errors will go to the configured log only.
+		// Let's try to make this clear and say good bye.
+		Log(LogInformation, "cli", "Closing console log.");
+
+		CloseStdIO(errorLog);
+		Logger::DisableConsoleLog();
+	}
+
+	// Immediately allow the first (non-reload) worker to continue working beyond config validation
+	(void)kill(currentWorker, SIGUSR2);
+
+#ifdef HAVE_SYSTEMD
+	sd_notify(0, "READY=1");
+#endif /* HAVE_SYSTEMD */
+
+	// Whether we already forwarded a termination signal to the seemless worker
+	bool requestedTermination = false;
+
+	// Whether we already notified systemd about our termination
+	bool notifiedTermination = false;
+
+	for (;;) {
+#ifdef HAVE_SYSTEMD
+		NotifyWatchdog();
+#endif /* HAVE_SYSTEMD */
+
+		if (!requestedTermination) {
+			int termSig = l_TermSignal.load();
+			if (termSig != -1) {
+				Log(LogNotice, "cli")
+					<< "Got signal " << termSig << ", forwarding to seemless worker (PID " << currentWorker << ")";
+
+				(void)kill(currentWorker, termSig);
+				requestedTermination = true;
+
+#ifdef HAVE_SYSTEMD
+				if (!notifiedTermination) {
+					notifiedTermination = true;
+					sd_notify(0, "STOPPING=1");
+				}
+#endif /* HAVE_SYSTEMD */
+			}
+		}
+
+		if (l_RequestedReload.exchange(false)) {
+			Log(LogInformation, "Application")
+				<< "Got reload command: Starting new instance.";
+
+#ifdef HAVE_SYSTEMD
+			sd_notify(0, "RELOADING=1");
+#endif /* HAVE_SYSTEMD */
+
+			pid_t nextWorker = StartUnixWorker(configs);
+
+			if (nextWorker == -1) {
+				Log(LogCritical, "Application", "Found error in config: reloading aborted");
+			} else {
+				Log(LogInformation, "Application")
+					<< "Reload done, old process shutting down. Child process with PID '" << nextWorker << "' is taking over.";
+
+				(void)kill(currentWorker, SIGTERM);
+
+				{
+					double start = Utility::GetTime();
+
+					while (waitpid(currentWorker, nullptr, 0) == -1 && errno == EINTR) {
+#ifdef HAVE_SYSTEMD
+						NotifyWatchdog();
+#endif /* HAVE_SYSTEMD */
+					}
+
+					Log(LogNotice, "cli")
+						<< "Waited for " << Utility::FormatDuration(Utility::GetTime() - start) << " on old process to exit.";
+				}
+
+				// Old instance shut down, allow the new one to continue working beyond config validation
+				(void)kill(nextWorker, SIGUSR2);
+
+				currentWorker = nextWorker;
+			}
+
+#ifdef HAVE_SYSTEMD
+			sd_notify(0, "READY=1");
+#endif /* HAVE_SYSTEMD */
+
+		}
+
+		if (l_RequestedReopenLogs.exchange(false)) {
+			Log(LogNotice, "cli")
+				<< "Got signal " << SIGUSR1 << ", forwarding to seemless worker (PID " << currentWorker << ")";
+
+			(void)kill(currentWorker, SIGUSR1);
+		}
+
+		{
+			int status;
+			if (waitpid(currentWorker, &status, WNOHANG) > 0) {
+				Log(LogNotice, "cli")
+					<< "Seemless worker (PID " << currentWorker << ") stopped, stopping as well";
+
+#ifdef HAVE_SYSTEMD
+				if (!notifiedTermination) {
+					notifiedTermination = true;
+					sd_notify(0, "STOPPING=1");
+				}
+#endif /* HAVE_SYSTEMD */
+
+				// If killed by signal, forward it via the exit code (to be as seemless as possible)
+				return WIFSIGNALED(status) ? 128 + WTERMSIG(status) : WEXITSTATUS(status);
+			}
+		}
+
+		Utility::Sleep(0.2);
+	}
+#endif /* _WIN32 */
+}
diff --git a/lib/cli/daemoncommand.hpp b/lib/cli/daemoncommand.hpp
index 7fafe6d10..da8a34bd3 100644
--- a/lib/cli/daemoncommand.hpp
+++ b/lib/cli/daemoncommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DAEMONCOMMAND_H
 #define DAEMONCOMMAND_H
diff --git a/lib/cli/daemonutility.cpp b/lib/cli/daemonutility.cpp
index 432fe3d45..d5bb2cf1e 100644
--- a/lib/cli/daemonutility.cpp
+++ b/lib/cli/daemonutility.cpp
@@ -1,31 +1,14 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/daemonutility.hpp"
 #include "base/utility.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
+#include "base/scriptglobal.hpp"
 #include "config/configcompiler.hpp"
 #include "config/configcompilercontext.hpp"
 #include "config/configitembuilder.hpp"
 
-
 using namespace icinga;
 
 static bool ExecuteExpression(Expression *expression)
@@ -48,6 +31,15 @@ static void IncludeZoneDirRecursive(const String& path, const String& package, b
 {
 	String zoneName = Utility::BaseName(path);
 
+	/* We don't have an activated zone object yet. We may forcefully guess from configitems
+	 * to not include this specific synced zones directory.
+	 */
+	if(!ConfigItem::GetByTypeAndName(Type::GetByName("Zone"), zoneName)) {
+		Log(LogWarning, "config")
+			<< "Ignoring directory '" << path << "' for unknown zone '" << zoneName << "'.";
+		return;
+	}
+
 	/* register this zone path for cluster config sync */
 	ConfigCompiler::RegisterZoneDir("_etc", path, zoneName);
 
@@ -65,6 +57,15 @@ static void IncludeNonLocalZone(const String& zonePath, const String& package, b
 
 	String zoneName = Utility::BaseName(zonePath);
 
+	/* We don't have an activated zone object yet. We may forcefully guess from configitems
+	 * to not include this specific synced zones directory.
+	 */
+	if(!ConfigItem::GetByTypeAndName(Type::GetByName("Zone"), zoneName)) {
+		Log(LogWarning, "config")
+			<< "Ignoring directory '" << zonePath << "' for unknown zone '" << zoneName << "'.";
+		return;
+	}
+
 	/* Check whether this node already has an authoritative config version
 	 * from zones.d in etc or api package directory, or a local marker file)
 	 */
@@ -99,6 +100,10 @@ static void IncludePackage(const String& packagePath, bool& success)
 bool DaemonUtility::ValidateConfigFiles(const std::vector<std::string>& configs, const String& objectsFile)
 {
 	bool success;
+
+	Namespace::Ptr systemNS = ScriptGlobal::Get("System");
+	VERIFY(systemNS);
+
 	if (!objectsFile.IsEmpty())
 		ConfigCompilerContext::GetInstance()->OpenObjectsFile(objectsFile);
 
@@ -121,31 +126,48 @@ bool DaemonUtility::ValidateConfigFiles(const std::vector<std::string>& configs,
 	 * unfortunately moving it there is somewhat non-trivial. */
 	success = true;
 
-	String zonesEtcDir = Application::GetZonesDir();
-	if (!zonesEtcDir.IsEmpty() && Utility::PathExists(zonesEtcDir))
-		Utility::Glob(zonesEtcDir + "/*", std::bind(&IncludeZoneDirRecursive, _1, "_etc", std::ref(success)), GlobDirectory);
+	/* Only load zone directory if we're not in staging validation. */
+	if (!systemNS->Contains("ZonesStageVarDir")) {
+		String zonesEtcDir = Configuration::ZonesDir;
+		if (!zonesEtcDir.IsEmpty() && Utility::PathExists(zonesEtcDir))
+			Utility::Glob(zonesEtcDir + "/*", std::bind(&IncludeZoneDirRecursive, _1, "_etc", std::ref(success)), GlobDirectory);
 
-	if (!success)
-		return false;
+		if (!success)
+			return false;
+	}
 
 	/* Load package config files - they may contain additional zones which
 	 * are authoritative on this node and are checked in HasZoneConfigAuthority(). */
-	String packagesVarDir = Application::GetLocalStateDir() + "/lib/icinga2/api/packages";
+	String packagesVarDir = Configuration::DataDir + "/api/packages";
 	if (Utility::PathExists(packagesVarDir))
 		Utility::Glob(packagesVarDir + "/*", std::bind(&IncludePackage, _1, std::ref(success)), GlobDirectory);
 
 	if (!success)
 		return false;
 
-	/* Load cluster synchronized configuration files */
-	String zonesVarDir = Application::GetLocalStateDir() + "/lib/icinga2/api/zones";
+	/* Load cluster synchronized configuration files. This can be overridden for staged sync validations. */
+	String zonesVarDir = Configuration::DataDir + "/api/zones";
+
+	/* Cluster config sync stage validation needs this. */
+	if (systemNS->Contains("ZonesStageVarDir")) {
+		zonesVarDir = systemNS->Get("ZonesStageVarDir");
+
+		Log(LogNotice, "DaemonUtility")
+			<< "Overriding zones var directory with '" << zonesVarDir << "' for cluster config sync staging.";
+	}
+
+
 	if (Utility::PathExists(zonesVarDir))
 		Utility::Glob(zonesVarDir + "/*", std::bind(&IncludeNonLocalZone, _1, "_cluster", std::ref(success)), GlobDirectory);
 
 	if (!success)
 		return false;
 
-	Type::Ptr appType = Type::GetByName(ScriptGlobal::Get("ApplicationType", &Empty));
+	/* This is initialized inside the IcingaApplication class. */
+	Value vAppType;
+	VERIFY(systemNS->Get("ApplicationType", &vAppType));
+
+	Type::Ptr appType = Type::GetByName(vAppType);
 
 	if (ConfigItem::GetItems(appType).empty()) {
 		ConfigItemBuilder builder;
@@ -170,7 +192,7 @@ bool DaemonUtility::LoadConfigFiles(const std::vector<std::string>& configs,
 		return false;
 	}
 
-	WorkQueue upq(25000, Application::GetConcurrency());
+	WorkQueue upq(25000, Configuration::Concurrency);
 	upq.SetName("DaemonUtility::LoadConfigFiles");
 	bool result = ConfigItem::CommitItems(ascope.GetContext(), upq, newItems);
 
diff --git a/lib/cli/daemonutility.hpp b/lib/cli/daemonutility.hpp
index ffd8f04b3..963bfba74 100644
--- a/lib/cli/daemonutility.hpp
+++ b/lib/cli/daemonutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DAEMONUTILITY_H
 #define DAEMONUTILITY_H
diff --git a/lib/cli/editline.hpp b/lib/cli/editline.hpp
index f284c207b..f97525edb 100644
--- a/lib/cli/editline.hpp
+++ b/lib/cli/editline.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EDITLINE_H
 #define EDITLINE_H
@@ -24,6 +7,7 @@ extern "C" {
 
 char *readline(const char *prompt);
 int add_history(const char *line);
+void rl_deprep_terminal();
 
 typedef char *ELFunction(const char *, int);
 
diff --git a/lib/cli/featuredisablecommand.cpp b/lib/cli/featuredisablecommand.cpp
index 54a702c3d..95a4a26d7 100644
--- a/lib/cli/featuredisablecommand.cpp
+++ b/lib/cli/featuredisablecommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/featuredisablecommand.hpp"
 #include "cli/featureutility.hpp"
@@ -53,7 +36,7 @@ int FeatureDisableCommand::GetMaxArguments() const
 
 ImpersonationLevel FeatureDisableCommand::GetImpersonationLevel() const
 {
-	return ImpersonateRoot;
+	return ImpersonateIcinga;
 }
 
 /**
diff --git a/lib/cli/featuredisablecommand.hpp b/lib/cli/featuredisablecommand.hpp
index 7dc5465d2..b24655de6 100644
--- a/lib/cli/featuredisablecommand.hpp
+++ b/lib/cli/featuredisablecommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FEATUREDISABLECOMMAND_H
 #define FEATUREDISABLECOMMAND_H
diff --git a/lib/cli/featureenablecommand.cpp b/lib/cli/featureenablecommand.cpp
index 244bbdb95..0cf906648 100644
--- a/lib/cli/featureenablecommand.cpp
+++ b/lib/cli/featureenablecommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/featureenablecommand.hpp"
 #include "cli/featureutility.hpp"
@@ -53,7 +36,7 @@ int FeatureEnableCommand::GetMaxArguments() const
 
 ImpersonationLevel FeatureEnableCommand::GetImpersonationLevel() const
 {
-	return ImpersonateRoot;
+	return ImpersonateIcinga;
 }
 
 /**
diff --git a/lib/cli/featureenablecommand.hpp b/lib/cli/featureenablecommand.hpp
index a81ecc2c9..fc917787d 100644
--- a/lib/cli/featureenablecommand.hpp
+++ b/lib/cli/featureenablecommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FEATUREENABLECOMMAND_H
 #define FEATUREENABLECOMMAND_H
diff --git a/lib/cli/featurelistcommand.cpp b/lib/cli/featurelistcommand.cpp
index 33e4e96ad..2aad4a9cd 100644
--- a/lib/cli/featurelistcommand.cpp
+++ b/lib/cli/featurelistcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/featurelistcommand.hpp"
 #include "cli/featureutility.hpp"
diff --git a/lib/cli/featurelistcommand.hpp b/lib/cli/featurelistcommand.hpp
index 46f357c75..cae1d740b 100644
--- a/lib/cli/featurelistcommand.hpp
+++ b/lib/cli/featurelistcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FEATURELISTCOMMAND_H
 #define FEATURELISTCOMMAND_H
diff --git a/lib/cli/featureutility.cpp b/lib/cli/featureutility.cpp
index 9056b60fe..a882104f6 100644
--- a/lib/cli/featureutility.cpp
+++ b/lib/cli/featureutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/featureutility.hpp"
 #include "base/logger.hpp"
@@ -31,12 +14,12 @@ using namespace icinga;
 
 String FeatureUtility::GetFeaturesAvailablePath()
 {
-	return Application::GetSysconfDir() + "/icinga2/features-available";
+	return Configuration::ConfigDir + "/features-available";
 }
 
 String FeatureUtility::GetFeaturesEnabledPath()
 {
-	return Application::GetSysconfDir() + "/icinga2/features-enabled";
+	return Configuration::ConfigDir + "/features-enabled";
 }
 
 std::vector<String> FeatureUtility::GetFieldCompletionSuggestions(const String& word, bool enable)
diff --git a/lib/cli/featureutility.hpp b/lib/cli/featureutility.hpp
index 38f91cce0..9cb2128c6 100644
--- a/lib/cli/featureutility.hpp
+++ b/lib/cli/featureutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FEATUREUTILITY_H
 #define FEATUREUTILITY_H
diff --git a/lib/cli/i2-cli.hpp b/lib/cli/i2-cli.hpp
index c23e2b875..86e5ddd14 100644
--- a/lib/cli/i2-cli.hpp
+++ b/lib/cli/i2-cli.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2CLI_H
 #define I2CLI_H
diff --git a/lib/cli/internalsignalcommand.cpp b/lib/cli/internalsignalcommand.cpp
index 3e196728d..b09796569 100644
--- a/lib/cli/internalsignalcommand.cpp
+++ b/lib/cli/internalsignalcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/internalsignalcommand.hpp"
 #include "base/logger.hpp"
diff --git a/lib/cli/internalsignalcommand.hpp b/lib/cli/internalsignalcommand.hpp
index 44830ccd9..d599b80cd 100644
--- a/lib/cli/internalsignalcommand.hpp
+++ b/lib/cli/internalsignalcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef INTERNALSIGNALCOMMAND_H
 #define INTERNALSIGNALCOMMAND_H
diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
index fa188e7f0..ad21f1d72 100644
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/nodesetupcommand.hpp"
 #include "cli/nodeutility.hpp"
@@ -88,7 +71,7 @@ std::vector<String> NodeSetupCommand::GetArgumentSuggestions(const String& argum
 
 ImpersonationLevel NodeSetupCommand::GetImpersonationLevel() const
 {
-	return ImpersonateRoot;
+	return ImpersonateIcinga;
 }
 
 /**
@@ -121,12 +104,6 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	if (vm.count("trustedcert"))
 		Log(LogWarning, "cli", "Master for Node setup: Ignoring --trustedcert");
 
-	if (vm.count("accept-config"))
-		Log(LogWarning, "cli", "Master for Node setup: Ignoring --accept-config");
-
-	if (vm.count("accept-commands"))
-		Log(LogWarning, "cli", "Master for Node setup: Ignoring --accept-commands");
-
 	String cn = Utility::GetFQDN();
 
 	if (vm.count("cn"))
@@ -176,7 +153,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	if (vm.count("global_zones"))
 		setupGlobalZones = vm["global_zones"].as<std::vector<std::string> >();
 
-	for (int i = 0; i < setupGlobalZones.size(); i++) {
+	for (decltype(setupGlobalZones.size()) i = 0; i < setupGlobalZones.size(); i++) {
 		if (std::find(globalZones.begin(), globalZones.end(), setupGlobalZones[i]) != globalZones.end()) {
 			Log(LogCritical, "cli")
 				<< "The global zone '" << setupGlobalZones[i] << "' is already specified.";
@@ -212,31 +189,34 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 			fp << "  bind_port = " << tokens[1] << "\n";
 	}
 
+	fp << "\n";
+
+	if (vm.count("accept-config"))
+		fp << "  accept_config = true\n";
+	else
+		fp << "  accept_config = false\n";
+
+	if (vm.count("accept-commands"))
+		fp << "  accept_commands = true\n";
+	else
+		fp << "  accept_commands = false\n";
+
 	fp << "\n"
 		<< "  ticket_salt = TicketSalt\n"
 		<< "}\n";
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(apipath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempApiPath.CStr(), apipath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempApiPath));
-	}
+	Utility::RenameFile(tempApiPath, apipath);
 
 	/* update constants.conf with NodeName = CN + TicketSalt = random value */
-	if (cn != Utility::GetFQDN()) {
+	if (endpointName != Utility::GetFQDN()) {
 		Log(LogWarning, "cli")
-			<< "CN '" << cn << "' does not match the default FQDN '" << Utility::GetFQDN() << "'. Requires update for NodeName constant in constants.conf!";
+			<< "CN/Endpoint name '" <<  endpointName << "' does not match the default FQDN '" << Utility::GetFQDN() << "'. Requires update for NodeName constant in constants.conf!";
 	}
 
-	NodeUtility::UpdateConstant("NodeName", cn);
-	NodeUtility::UpdateConstant("ZoneName", cn);
+	NodeUtility::UpdateConstant("NodeName", endpointName);
+	NodeUtility::UpdateConstant("ZoneName", zoneName);
 
 	String salt = RandomString(16);
 
@@ -262,7 +242,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 			NodeUtility::UpdateConfiguration("\"conf.d/api-users.conf\"", true, false);
 		} else {
 			Log(LogWarning, "cli")
-				<< "Included file dosen't exist " << apiUsersFilePath;
+				<< "Included file doesn't exist " << apiUsersFilePath;
 		}
 	}
 
@@ -353,8 +333,8 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	String certsDir = ApiListener::GetCertsDir();
 	Utility::MkDirP(certsDir, 0700);
 
-	String user = ScriptGlobal::Get("RunAsUser");
-	String group = ScriptGlobal::Get("RunAsGroup");
+	String user = Configuration::RunAsUser;
+	String group = Configuration::RunAsGroup;
 
 	if (!Utility::SetFileOwnership(certsDir, user, group)) {
 		Log(LogWarning, "cli")
@@ -410,7 +390,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	} else {
 		/* We cannot retrieve the parent certificate.
 		 * Tell the user to manually copy the ca.crt file
-		 * into LocalStateDir + "/lib/icinga2/certs"
+		 * into DataDir + "/certs"
 		 */
 		Log(LogWarning, "cli")
 			<< "\nNo connection to the parent node was specified.\n\n"
@@ -483,17 +463,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(apipath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempApiPath.CStr(), apipath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempApiPath));
-	}
-
+	Utility::RenameFile(tempApiPath, apipath);
 
 	/* Generate zones configuration. */
 	Log(LogInformation, "cli", "Generating zone and object configuration.");
@@ -516,7 +486,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	if (vm.count("global_zones"))
 		setupGlobalZones = vm["global_zones"].as<std::vector<std::string> >();
 
-	for (int i = 0; i < setupGlobalZones.size(); i++) {
+	for (decltype(setupGlobalZones.size()) i = 0; i < setupGlobalZones.size(); i++) {
 		if (std::find(globalZones.begin(), globalZones.end(), setupGlobalZones[i]) != globalZones.end()) {
 			Log(LogCritical, "cli")
 				<< "The global zone '" << setupGlobalZones[i] << "' is already specified.";
@@ -530,13 +500,14 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	NodeUtility::GenerateNodeIcingaConfig(endpointName, zoneName, parentZoneName, vm["endpoint"].as<std::vector<std::string> >(), globalZones);
 
 	/* update constants.conf with NodeName = CN */
-	if (cn != Utility::GetFQDN()) {
+	if (endpointName != Utility::GetFQDN()) {
 		Log(LogWarning, "cli")
-			<< "CN '" << cn << "' does not match the default FQDN '" << Utility::GetFQDN() << "'. Requires an update for the NodeName constant in constants.conf!";
+			<< "CN/Endpoint name '" << endpointName << "' does not match the default FQDN '"
+			<< Utility::GetFQDN() << "'. Requires an update for the NodeName constant in constants.conf!";
 	}
 
-	NodeUtility::UpdateConstant("NodeName", cn);
-	NodeUtility::UpdateConstant("ZoneName", vm["zone"].as<std::string>());
+	NodeUtility::UpdateConstant("NodeName", endpointName);
+	NodeUtility::UpdateConstant("ZoneName", zoneName);
 
 	if (!ticket.IsEmpty()) {
 		String ticketPath = ApiListener::GetCertsDir() + "/ticket";
@@ -554,16 +525,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 
 		fp.close();
 
-#ifdef _WIN32
-		_unlink(ticketPath.CStr());
-#endif /* _WIN32 */
-
-		if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) {
-			BOOST_THROW_EXCEPTION(posix_error()
-				<< boost::errinfo_api_function("rename")
-				<< boost::errinfo_errno(errno)
-				<< boost::errinfo_file_name(tempTicketPath));
-		}
+		Utility::RenameFile(tempTicketPath, ticketPath);
 	}
 
 	/* If no parent connection was made, the user must supply the ca.crt before restarting Icinga 2.*/
diff --git a/lib/cli/nodesetupcommand.hpp b/lib/cli/nodesetupcommand.hpp
index 1e3560a3b..d25d21e11 100644
--- a/lib/cli/nodesetupcommand.hpp
+++ b/lib/cli/nodesetupcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NODESETUPCOMMAND_H
 #define NODESETUPCOMMAND_H
diff --git a/lib/cli/nodeutility.cpp b/lib/cli/nodeutility.cpp
index eb9080b97..bd343ab4c 100644
--- a/lib/cli/nodeutility.cpp
+++ b/lib/cli/nodeutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/nodeutility.hpp"
 #include "cli/clicommand.hpp"
@@ -43,12 +26,12 @@ using namespace icinga;
 
 String NodeUtility::GetConstantsConfPath()
 {
-	return Application::GetSysconfDir() + "/icinga2/constants.conf";
+	return Configuration::ConfigDir + "/constants.conf";
 }
 
 String NodeUtility::GetZonesConfPath()
 {
-	return Application::GetSysconfDir() + "/icinga2/zones.conf";
+	return Configuration::ConfigDir + "/zones.conf";
 }
 
 /*
@@ -170,8 +153,8 @@ bool NodeUtility::WriteNodeConfigObjects(const String& filename, const Array::Pt
 
 	Utility::MkDirP(path, 0755);
 
-	String user = ScriptGlobal::Get("RunAsUser");
-	String group = ScriptGlobal::Get("RunAsGroup");
+	String user = Configuration::RunAsUser;
+	String group = Configuration::RunAsGroup;
 
 	if (!Utility::SetFileOwnership(path, user, group)) {
 		Log(LogWarning, "cli")
@@ -198,16 +181,7 @@ bool NodeUtility::WriteNodeConfigObjects(const String& filename, const Array::Pt
 	fp << std::endl;
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(filename.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFilename.CStr(), filename.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempFilename));
-	}
+	Utility::RenameFile(tempFilename, filename);
 
 	return true;
 }
@@ -265,6 +239,49 @@ void NodeUtility::SerializeObject(std::ostream& fp, const Dictionary::Ptr& objec
 	fp << "}\n\n";
 }
 
+/*
+* Returns true if the include is found, otherwise false
+*/
+bool NodeUtility::GetConfigurationIncludeState(const String& value, bool recursive) {
+	String configurationFile = Configuration::ConfigDir + "/icinga2.conf";
+
+	Log(LogInformation, "cli")
+		<< "Reading '" << configurationFile << "'.";
+
+	std::ifstream ifp(configurationFile.CStr());
+
+	String affectedInclude = value;
+
+	if (recursive)
+		affectedInclude = "include_recursive " + affectedInclude;
+	else
+		affectedInclude = "include " + affectedInclude;
+
+	bool isIncluded = false;
+
+	std::string line;
+
+	while(std::getline(ifp, line)) {
+		/*
+		* Trying to find if the inclusion is enabled.
+		* First hit breaks out of the loop.
+		*/
+
+		if (line.compare(0, affectedInclude.GetLength(), affectedInclude) == 0) {
+			isIncluded = true;
+
+			/*
+			* We can safely break out here, since an enabled include always win.
+			*/
+			break;
+		}
+	}
+
+	ifp.close();
+
+	return isIncluded;
+}
+
 /*
  * include = false, will comment out the include statement
  * include = true, will add an include statement or uncomment a statement if one is existing
@@ -274,7 +291,7 @@ void NodeUtility::SerializeObject(std::ostream& fp, const Dictionary::Ptr& objec
  */
 bool NodeUtility::UpdateConfiguration(const String& value, bool include, bool recursive)
 {
-	String configurationFile = Application::GetSysconfDir() + "/icinga2/icinga2.conf";
+	String configurationFile = Configuration::ConfigDir + "/icinga2.conf";
 
 	Log(LogInformation, "cli")
 		<< "Updating '" << value << "' include in '" << configurationFile << "'.";
@@ -334,16 +351,7 @@ bool NodeUtility::UpdateConfiguration(const String& value, bool include, bool re
 	ifp.close();
 	ofp.close();
 
-#ifdef _WIN32
-	_unlink(configurationFile.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFile.CStr(), configurationFile.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(configurationFile));
-	}
+	Utility::RenameFile(tempFile, configurationFile);
 
 	return (found || include);
 }
@@ -378,14 +386,5 @@ void NodeUtility::UpdateConstant(const String& name, const String& value)
 	ifp.close();
 	ofp.close();
 
-#ifdef _WIN32
-	_unlink(constantsConfPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFile.CStr(), constantsConfPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(constantsConfPath));
-	}
+	Utility::RenameFile(tempFile, constantsConfPath);
 }
diff --git a/lib/cli/nodeutility.hpp b/lib/cli/nodeutility.hpp
index 3017a8ead..7016b6bae 100644
--- a/lib/cli/nodeutility.hpp
+++ b/lib/cli/nodeutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NODEUTILITY_H
 #define NODEUTILITY_H
@@ -44,6 +27,7 @@ public:
 
 	static bool WriteNodeConfigObjects(const String& filename, const Array::Ptr& objects);
 
+	static bool GetConfigurationIncludeState(const String& value, bool recursive);
 	static bool UpdateConfiguration(const String& value, bool include, bool recursive);
 	static void UpdateConstant(const String& name, const String& value);
 
diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
index b5e143730..abf87d87e 100644
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/nodewizardcommand.hpp"
 #include "cli/nodeutility.hpp"
@@ -54,7 +37,7 @@ String NodeWizardCommand::GetShortDescription() const
 
 ImpersonationLevel NodeWizardCommand::GetImpersonationLevel() const
 {
-	return ImpersonateRoot;
+	return ImpersonateIcinga;
 }
 
 int NodeWizardCommand::GetMaxArguments() const
@@ -103,15 +86,15 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 	 * 8. copy key information to /var/lib/icinga2/certs
 	 * 9. enable ApiListener feature
 	 * 10. generate zones.conf with endpoints and zone objects
-	 * 11. set NodeName = cn in constants.conf
+	 * 11. set NodeName = cn and ZoneName in constants.conf
 	 * 12. disable conf.d directory?
 	 * 13. reload icinga2, or tell the user to
 	 */
 
 	std::string answer;
-	/* master or satellite/client setup */
+	/* master or satellite/agent setup */
 	std::cout << ConsoleColorTag(Console_Bold)
-		<< "Please specify if this is a satellite/client setup "
+		<< "Please specify if this is an agent/satellite setup "
 		<< "('n' installs a master setup)" << ConsoleColorTag(Console_Normal)
 		<< " [Y/n]: ";
 	std::getline (std::cin, answer);
@@ -127,7 +110,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 	if (choice.Contains("n"))
 		res = MasterSetup();
 	else
-		res = ClientSetup();
+		res = AgentSatelliteSetup();
 
 	if (res != 0)
 		return res;
@@ -144,13 +127,13 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 	return 0;
 }
 
-int NodeWizardCommand::ClientSetup() const
+int NodeWizardCommand::AgentSatelliteSetup() const
 {
 	std::string answer;
 	String choice;
 	bool connectToParent = false;
 
-	std::cout << "Starting the Client/Satellite setup routine...\n\n";
+	std::cout << "Starting the Agent/Satellite setup routine...\n\n";
 
 	/* CN */
 	std::cout << ConsoleColorTag(Console_Bold)
@@ -272,8 +255,8 @@ wizard_endpoint_loop_start:
 	String certsDir = ApiListener::GetCertsDir();
 	Utility::MkDirP(certsDir, 0700);
 
-	String user = ScriptGlobal::Get("RunAsUser");
-	String group = ScriptGlobal::Get("RunAsGroup");
+	String user = Configuration::RunAsUser;
+	String group = Configuration::RunAsGroup;
 
 	if (!Utility::SetFileOwnership(certsDir, user, group)) {
 		Log(LogWarning, "cli")
@@ -392,7 +375,7 @@ wizard_ticket:
 	} else {
 		/* We cannot retrieve the parent certificate.
 		 * Tell the user to manually copy the ca.crt file
-		 * into LocalStateDir + "/lib/icinga2/certs"
+		 * into DataDir + "/certs"
 		 */
 
 		std::cout <<  ConsoleColorTag(Console_Bold)
@@ -456,7 +439,7 @@ wizard_ticket:
 		<< "Reconfiguring Icinga...\n"
 		<< ConsoleColorTag(Console_Normal);
 
-	/* disable the notifications feature on client nodes */
+	/* disable the notifications feature on agent/satellite nodes */
 	Log(LogInformation, "cli", "Disabling the Notification feature.");
 
 	FeatureUtility::DisableFeatures({ "notification" });
@@ -487,16 +470,7 @@ wizard_ticket:
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(apiConfPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempApiConfPath.CStr(), apiConfPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempApiConfPath));
-	}
+	Utility::RenameFile(tempApiConfPath, apiConfPath);
 
 	/* Zones configuration. */
 	Log(LogInformation, "cli", "Generating local zones.conf.");
@@ -570,14 +544,14 @@ wizard_global_zone_loop_start:
 	/* Generate node configuration. */
 	NodeUtility::GenerateNodeIcingaConfig(endpointName, zoneName, parentZoneName, endpoints, globalZones);
 
-	if (cn != Utility::GetFQDN()) {
+	if (endpointName != Utility::GetFQDN()) {
 		Log(LogWarning, "cli")
-			<< "CN '" << cn << "' does not match the default FQDN '"
+			<< "CN/Endpoint name '" << endpointName << "' does not match the default FQDN '"
 			<< Utility::GetFQDN() << "'. Requires update for NodeName constant in constants.conf!";
 	}
 
-	NodeUtility::UpdateConstant("NodeName", cn);
-	NodeUtility::UpdateConstant("ZoneName", cn);
+	NodeUtility::UpdateConstant("NodeName", endpointName);
+	NodeUtility::UpdateConstant("ZoneName", zoneName);
 
 	if (!ticket.IsEmpty()) {
 		String ticketPath = ApiListener::GetCertsDir() + "/ticket";
@@ -595,16 +569,7 @@ wizard_global_zone_loop_start:
 
 		fp.close();
 
-#ifdef _WIN32
-		_unlink(ticketPath.CStr());
-#endif /* _WIN32 */
-
-		if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) {
-			BOOST_THROW_EXCEPTION(posix_error()
-				<< boost::errinfo_api_function("rename")
-				<< boost::errinfo_errno(errno)
-				<< boost::errinfo_file_name(tempTicketPath));
-		}
+		Utility::RenameFile(tempTicketPath, ticketPath);
 	}
 
 	/* If no parent connection was made, the user must supply the ca.crt before restarting Icinga 2.*/
@@ -638,7 +603,7 @@ wizard_global_zone_loop_start:
 				<< ConsoleColorTag(Console_Normal);
 		}
 
-		/* Satellite/Clients should not include the api-users.conf file.
+		/* Satellite/Agents should not include the api-users.conf file.
 		 * The configuration should instead be managed via config sync or automation tools.
 		 */
 	}
@@ -799,16 +764,7 @@ wizard_global_zone_loop_start:
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(apiConfPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempApiConfPath.CStr(), apiConfPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempApiConfPath));
-	}
+	Utility::RenameFile(tempApiConfPath, apiConfPath);
 
 	/* update constants.conf with NodeName = CN + TicketSalt = random value */
 	if (cn != Utility::GetFQDN()) {
@@ -821,8 +777,8 @@ wizard_global_zone_loop_start:
 
 	NodeUtility::CreateBackupFile(NodeUtility::GetConstantsConfPath());
 
-	NodeUtility::UpdateConstant("NodeName", cn);
-	NodeUtility::UpdateConstant("ZoneName", cn);
+	NodeUtility::UpdateConstant("NodeName", endpointName);
+	NodeUtility::UpdateConstant("ZoneName", zoneName);
 
 	String salt = RandomString(16);
 
@@ -850,7 +806,7 @@ wizard_global_zone_loop_start:
 		}
 
 		/* Include api-users.conf */
-		String apiUsersFilePath = Application::GetSysconfDir() + "/icinga2/conf.d/api-users.conf";
+		String apiUsersFilePath = Configuration::ConfigDir + "/conf.d/api-users.conf";
 
 		std::cout << ConsoleColorTag(Console_Bold | Console_ForegroundGreen)
 			<< "Checking if the api-users.conf file exists...\n"
diff --git a/lib/cli/nodewizardcommand.hpp b/lib/cli/nodewizardcommand.hpp
index 5cc6033c0..dfda70c8a 100644
--- a/lib/cli/nodewizardcommand.hpp
+++ b/lib/cli/nodewizardcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NODEWIZARDCOMMAND_H
 #define NODEWIZARDCOMMAND_H
@@ -44,7 +27,7 @@ public:
 		boost::program_options::options_description& hiddenDesc) const override;
 
 private:
-	int ClientSetup() const;
+	int AgentSatelliteSetup() const;
 	int MasterSetup() const;
 };
 
diff --git a/lib/cli/objectlistcommand.cpp b/lib/cli/objectlistcommand.cpp
index f5e46448c..f931d8c25 100644
--- a/lib/cli/objectlistcommand.cpp
+++ b/lib/cli/objectlistcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/objectlistcommand.hpp"
 #include "cli/objectlistutility.hpp"
@@ -67,11 +50,11 @@ void ObjectListCommand::InitParameters(boost::program_options::options_descripti
  */
 int ObjectListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-	String objectfile = Application::GetObjectsPath();
+	String objectfile = Configuration::ObjectsPath;
 
 	if (!Utility::PathExists(objectfile)) {
 		Log(LogCritical, "cli")
-			<< "Cannot open objects file '" << Application::GetObjectsPath() << "'.";
+			<< "Cannot open objects file '" << Configuration::ObjectsPath << "'.";
 		Log(LogCritical, "cli", "Run 'icinga2 daemon -C' to validate config and generate the cache file.");
 		return 1;
 	}
diff --git a/lib/cli/objectlistcommand.hpp b/lib/cli/objectlistcommand.hpp
index 2220e40c8..bafe3ec71 100644
--- a/lib/cli/objectlistcommand.hpp
+++ b/lib/cli/objectlistcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECTLISTCOMMAND_H
 #define OBJECTLISTCOMMAND_H
diff --git a/lib/cli/objectlistutility.cpp b/lib/cli/objectlistutility.cpp
index 3f5d9c0a3..a8135d98a 100644
--- a/lib/cli/objectlistutility.cpp
+++ b/lib/cli/objectlistutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/objectlistutility.hpp"
 #include "base/json.hpp"
diff --git a/lib/cli/objectlistutility.hpp b/lib/cli/objectlistutility.hpp
index 1b80f7dc2..ee1b97c4d 100644
--- a/lib/cli/objectlistutility.hpp
+++ b/lib/cli/objectlistutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECTLISTUTILITY_H
 #define OBJECTLISTUTILITY_H
diff --git a/lib/cli/pkinewcacommand.cpp b/lib/cli/pkinewcacommand.cpp
index c9c1e172e..eba08c69f 100644
--- a/lib/cli/pkinewcacommand.cpp
+++ b/lib/cli/pkinewcacommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/pkinewcacommand.hpp"
 #include "remote/pkiutility.hpp"
diff --git a/lib/cli/pkinewcacommand.hpp b/lib/cli/pkinewcacommand.hpp
index b9d362a9a..5b1bff645 100644
--- a/lib/cli/pkinewcacommand.hpp
+++ b/lib/cli/pkinewcacommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PKINEWCACOMMAND_H
 #define PKINEWCACOMMAND_H
diff --git a/lib/cli/pkinewcertcommand.cpp b/lib/cli/pkinewcertcommand.cpp
index 61215bd0a..5201d9239 100644
--- a/lib/cli/pkinewcertcommand.cpp
+++ b/lib/cli/pkinewcertcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/pkinewcertcommand.hpp"
 #include "remote/pkiutility.hpp"
diff --git a/lib/cli/pkinewcertcommand.hpp b/lib/cli/pkinewcertcommand.hpp
index c3b639c23..0c39bb6fb 100644
--- a/lib/cli/pkinewcertcommand.hpp
+++ b/lib/cli/pkinewcertcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PKINEWCERTCOMMAND_H
 #define PKINEWCERTCOMMAND_H
diff --git a/lib/cli/pkirequestcommand.cpp b/lib/cli/pkirequestcommand.cpp
index c14fb7b21..d2b79f0a9 100644
--- a/lib/cli/pkirequestcommand.cpp
+++ b/lib/cli/pkirequestcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/pkirequestcommand.hpp"
 #include "remote/pkiutility.hpp"
diff --git a/lib/cli/pkirequestcommand.hpp b/lib/cli/pkirequestcommand.hpp
index 71b9ca3a9..6e2a39334 100644
--- a/lib/cli/pkirequestcommand.hpp
+++ b/lib/cli/pkirequestcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PKIREQUESTCOMMAND_H
 #define PKIREQUESTCOMMAND_H
diff --git a/lib/cli/pkisavecertcommand.cpp b/lib/cli/pkisavecertcommand.cpp
index 1cfd463e1..dbde44339 100644
--- a/lib/cli/pkisavecertcommand.cpp
+++ b/lib/cli/pkisavecertcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/pkisavecertcommand.hpp"
 #include "remote/pkiutility.hpp"
diff --git a/lib/cli/pkisavecertcommand.hpp b/lib/cli/pkisavecertcommand.hpp
index 0fb0c4847..c552eefc2 100644
--- a/lib/cli/pkisavecertcommand.hpp
+++ b/lib/cli/pkisavecertcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PKISAVECERTCOMMAND_H
 #define PKISAVECERTCOMMAND_H
diff --git a/lib/cli/pkisigncsrcommand.cpp b/lib/cli/pkisigncsrcommand.cpp
index e7de7aca8..ce1427bcd 100644
--- a/lib/cli/pkisigncsrcommand.cpp
+++ b/lib/cli/pkisigncsrcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/pkisigncsrcommand.hpp"
 #include "remote/pkiutility.hpp"
diff --git a/lib/cli/pkisigncsrcommand.hpp b/lib/cli/pkisigncsrcommand.hpp
index da9e1c8e7..a66fd3935 100644
--- a/lib/cli/pkisigncsrcommand.hpp
+++ b/lib/cli/pkisigncsrcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PKISIGNCSRCOMMAND_H
 #define PKISIGNCSRCOMMAND_H
diff --git a/lib/cli/pkiticketcommand.cpp b/lib/cli/pkiticketcommand.cpp
index 8ba088488..82f3586f0 100644
--- a/lib/cli/pkiticketcommand.cpp
+++ b/lib/cli/pkiticketcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/pkiticketcommand.hpp"
 #include "remote/pkiutility.hpp"
diff --git a/lib/cli/pkiticketcommand.hpp b/lib/cli/pkiticketcommand.hpp
index 0ada10ea5..500ce864c 100644
--- a/lib/cli/pkiticketcommand.hpp
+++ b/lib/cli/pkiticketcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PKITICKETCOMMAND_H
 #define PKITICKETCOMMAND_H
diff --git a/lib/cli/troubleshootcommand.cpp b/lib/cli/troubleshootcommand.cpp
deleted file mode 100644
index aabd9e41a..000000000
--- a/lib/cli/troubleshootcommand.cpp
+++ /dev/null
@@ -1,691 +0,0 @@
-/*****************************************************************************
-* Icinga 2                                                                   *
-* Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
-*                                                                            *
-* This program is free software; you can redistribute it and/or              *
-* modify it under the terms of the GNU General Public License                *
-* as published by the Free Software Foundation; either version 2             *
-* of the License, or (at your option) any later version.                     *
-*                                                                            *
-* This program is distributed in the hope that it will be useful,            *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of             *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
-* GNU General Public License for more details.                               *
-*                                                                            *
-* You should have received a copy of the GNU General Public License          *
-* along with this program; if not, write to the Free Software Foundation     *
-* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
-******************************************************************************/
-
-#include "base/application.hpp"
-#include "base/console.hpp"
-#include "base/convert.hpp"
-#include "base/json.hpp"
-#include "base/netstring.hpp"
-#include "base/objectlock.hpp"
-#include "base/stdiostream.hpp"
-#include "cli/daemonutility.hpp"
-#include "cli/featureutility.hpp"
-#include "cli/objectlistutility.hpp"
-#include "cli/troubleshootcommand.hpp"
-#include "cli/variableutility.hpp"
-#include "config/configitembuilder.hpp"
-
-#include <boost/algorithm/string/join.hpp>
-#include <boost/circular_buffer.hpp>
-#include <boost/filesystem.hpp>
-
-#include <fstream>
-#include <iostream>
-
-using namespace icinga;
-namespace po = boost::program_options;
-
-REGISTER_CLICOMMAND("troubleshoot", TroubleshootCommand);
-
-String TroubleshootCommand::GetDescription() const
-{
-	return "Collect logs and other relevant information for troubleshooting purposes.";
-}
-
-String TroubleshootCommand::GetShortDescription() const
-{
-	return "collect information for troubleshooting";
-}
-
-class TroubleshootCommand::InfoLog
-{
-public:
-	InfoLog(const String& path, const bool cons)
-	{
-		m_Console = cons;
-		m_ConsoleType = Console_Dumb;
-		if (m_Console) {
-			m_Stream = new std::ostream(std::cout.rdbuf());
-#ifndef _WIN32
-			m_ConsoleType = Console_VT100;
-#else /*_WIN32*/
-			m_ConsoleType = Console_Windows;
-#endif /*_WIN32*/
-		}
-		else {
-			auto *ofs = new std::ofstream();
-			ofs->open(path.CStr(), std::ios::out | std::ios::trunc);
-			m_Stream = ofs;
-		}
-	}
-
-	~InfoLog()
-	{
-		delete m_Stream;
-	}
-
-	void WriteLine(const LogSeverity sev, const int color, const String& str)
-	{
-		if (!m_Console)
-			Log(sev, "troubleshoot", str);
-
-		if (sev == LogWarning) {
-			*m_Stream
-				<< '\n' << ConsoleColorTag(Console_ForegroundYellow, m_ConsoleType) << std::string(24, '#') << '\n'
-				<< ConsoleColorTag(Console_Normal, m_ConsoleType) << str
-				<< ConsoleColorTag(Console_ForegroundYellow, m_ConsoleType) << std::string(24, '#') << "\n\n"
-				<< ConsoleColorTag(Console_Normal, m_ConsoleType);
-		} else if (sev == LogCritical) {
-			*m_Stream
-				<< '\n' << ConsoleColorTag(Console_ForegroundRed, m_ConsoleType) << std::string(24, '#') << '\n'
-				<< ConsoleColorTag(Console_Normal, m_ConsoleType) << str
-				<< ConsoleColorTag(Console_ForegroundRed, m_ConsoleType) << std::string(24, '#') << "\n\n"
-				<< ConsoleColorTag(Console_Normal, m_ConsoleType);
-		} else
-			*m_Stream
-				<< ConsoleColorTag(color, m_ConsoleType) << str
-				<< ConsoleColorTag(Console_Normal, m_ConsoleType);
-	}
-
-	bool GetStreamHealth() const
-	{
-		return m_Stream->good();
-	}
-
-private:
-	bool m_Console;
-	ConsoleType m_ConsoleType;
-	std::ostream *m_Stream;
-};
-
-class TroubleshootCommand::InfoLogLine
-{
-public:
-	InfoLogLine(InfoLog& log, int col = Console_Normal, LogSeverity sev = LogInformation)
-		: m_Log(log), m_Color(col), m_Sev(sev) {}
-
-	~InfoLogLine()
-	{
-		m_Log.WriteLine(m_Sev, m_Color, m_String.str());
-	}
-
-	template <typename T>
-	InfoLogLine& operator<<(const T& info)
-	{
-		m_String << info;
-		return *this;
-	}
-
-private:
-	std::ostringstream m_String;
-	InfoLog& m_Log;
-	int m_Color;
-	LogSeverity m_Sev;
-};
-
-
-bool TroubleshootCommand::GeneralInfo(InfoLog& log, const boost::program_options::variables_map& vm)
-{
-	InfoLogLine(log, Console_ForegroundBlue)
-		<< std::string(14, '=') << " GENERAL INFORMATION " << std::string(14, '=') << "\n\n";
-
-	//Application::DisplayInfoMessage() but formatted
-	InfoLogLine(log)
-		<< "\tApplication version: " << Application::GetAppVersion() << '\n'
-		<< "\tInstallation root: " << Application::GetPrefixDir() << '\n'
-		<< "\tSysconf directory: " << Application::GetSysconfDir() << '\n'
-		<< "\tRun directory: " << Application::GetRunDir() << '\n'
-		<< "\tLocal state directory: " << Application::GetLocalStateDir() << '\n'
-		<< "\tPackage data directory: " << Application::GetPkgDataDir() << '\n'
-		<< "\tState path: " << Application::GetStatePath() << '\n'
-		<< "\tObjects path: " << Application::GetObjectsPath() << '\n'
-		<< "\tVars path: " << Application::GetVarsPath() << '\n'
-		<< "\tPID path: " << Application::GetPidPath() << '\n';
-
-	InfoLogLine(log)
-		<< '\n';
-
-	return true;
-}
-
-bool TroubleshootCommand::FeatureInfo(InfoLog& log, const boost::program_options::variables_map& vm)
-{
-	TroubleshootCommand::CheckFeatures(log);
-	//TODO Check whether active features are operational.
-	return true;
-}
-
-bool TroubleshootCommand::ObjectInfo(InfoLog& log, const boost::program_options::variables_map& vm, Dictionary::Ptr& logs, const String& path)
-{
-	InfoLogLine(log, Console_ForegroundBlue)
-		<< std::string(14, '=') << " OBJECT INFORMATION " << std::string(14, '=') << "\n\n";
-
-	String objectfile = Application::GetObjectsPath();
-	std::set<String> configs;
-
-	if (!Utility::PathExists(objectfile)) {
-		InfoLogLine(log, 0, LogCritical)
-			<< "Cannot open object file '" << objectfile << "'.\n"
-			<< "FAILED: This probably means you have a fault configuration.\n";
-		return false;
-	} else {
-		InfoLog *OFile = nullptr;
-		bool OConsole = false;
-		if (vm.count("include-objects")) {
-			if (vm.count("console"))
-				OConsole = true;
-			else {
-				OFile = new InfoLog(path+"-objects", false);
-				if (!OFile->GetStreamHealth()) {
-					InfoLogLine(log, 0, LogWarning)
-						<< "Failed to open Object-write-stream, not printing objects\n\n";
-					delete OFile;
-					OFile = nullptr;
-				} else
-					InfoLogLine(log)
-						<< "Printing all objects to " << path+"-objects\n";
-			}
-		}
-		CheckObjectFile(objectfile, log, OFile, OConsole, logs, configs);
-		delete OFile;
-	}
-
-	if (vm.count("include-vars")) {
-		if (vm.count("console")) {
-			InfoLogLine(log, Console_ForegroundBlue)
-				<< "\n[begin: varsfile]\n";
-			if (!PrintVarsFile(path, true))
-				InfoLogLine(log, 0, LogWarning)
-					<< "Failed to print vars file\n";
-			InfoLogLine(log, Console_ForegroundBlue)
-				<< "[end: varsfile]\n";
-		} else {
-			if (PrintVarsFile(path, false))
-				InfoLogLine(log)
-					<< "Successfully printed all variables to " << path+"-vars\n";
-			else
-				InfoLogLine(log, 0, LogWarning)
-					<< "Failed to print vars to " << path+"-vars\n";
-		}
-	}
-
-	InfoLogLine(log)
-		<< '\n';
-
-	return true;
-}
-
-bool TroubleshootCommand::ReportInfo(InfoLog& log, const boost::program_options::variables_map& vm, Dictionary::Ptr& logs)
-{
-	InfoLogLine(log, Console_ForegroundBlue)
-		<< std::string(14, '=') << " LOGS AND CRASH REPORTS " << std::string(14, '=') << "\n\n";
-	PrintLoggers(log, logs);
-	PrintCrashReports(log);
-
-	InfoLogLine(log)
-		<< '\n';
-
-	return true;
-}
-
-bool TroubleshootCommand::ConfigInfo(InfoLog& log, const boost::program_options::variables_map& vm)
-{
-	InfoLogLine(log, Console_ForegroundBlue)
-		<< std::string(14, '=') << " CONFIGURATION FILES " << std::string(14, '=') << "\n\n";
-
-	InfoLogLine(log)
-		<< "A collection of important configuration files follows, please make sure to remove any sensitive data such as credentials, internal company names, etc\n";
-
-	if (!PrintFile(log, Application::GetSysconfDir() + "/icinga2/icinga2.conf")) {
-		InfoLogLine(log, 0, LogWarning)
-			<< "icinga2.conf not found, therefore skipping validation.\n"
-			<< "If you are using an icinga2.conf somewhere but the default path please validate it via 'icinga2 daemon -C -c \"path\to/icinga2.conf\"'\n"
-			<< "and provide it with your support request.\n";
-	}
-
-	if (!PrintFile(log, Application::GetSysconfDir() + "/icinga2/zones.conf")) {
-		InfoLogLine(log, 0, LogWarning)
-			<< "zones.conf not found.\n"
-			<< "If you are using a zones.conf somewhere but the default path please provide it with your support request\n";
-	}
-
-	InfoLogLine(log)
-		<< '\n';
-
-	return true;
-}
-
-/*Print the last *numLines* of *file* to *os* */
-int TroubleshootCommand::Tail(const String& file, int numLines, InfoLog& log)
-{
-	boost::circular_buffer<std::string> ringBuf(numLines);
-	std::ifstream text;
-	text.open(file.CStr(), std::ifstream::in);
-	if (!text.good())
-		return 0;
-
-	std::string line;
-	int lines = 0;
-
-	while (std::getline(text, line)) {
-		ringBuf.push_back(line);
-		lines++;
-	}
-
-	if (lines < numLines)
-		numLines = lines;
-
-	InfoLogLine(log, Console_ForegroundCyan)
-		<< "[begin: '" << file << "' line: " << lines-numLines << "]\n";
-
-	for (int k = 0; k < numLines; k++) {
-		InfoLogLine(log, Console_ForegroundCyan)
-			<<  "#  ";
-		InfoLogLine(log)
-			<< ringBuf[k] << '\n';
-	}
-
-	text.close();
-
-	InfoLogLine(log, Console_ForegroundCyan)
-		<< "[end: '" << file << "' line: " << lines << "]\n\n";
-
-	return numLines;
-}
-
-bool TroubleshootCommand::CheckFeatures(InfoLog& log)
-{
-	Dictionary::Ptr features = new Dictionary;
-	std::vector<String> disabled_features;
-	std::vector<String> enabled_features;
-
-	if (!FeatureUtility::GetFeatures(disabled_features, true) ||
-		!FeatureUtility::GetFeatures(enabled_features, false)) {
-		InfoLogLine(log, 0, LogCritical)
-			<< "Failed to collect enabled and/or disabled features. Check\n"
-			<< FeatureUtility::GetFeaturesAvailablePath() << '\n'
-			<< FeatureUtility::GetFeaturesEnabledPath() << '\n';
-		return false;
-	}
-
-	for (const String& feature : disabled_features)
-		features->Set(feature, false);
-	for (const String& feature : enabled_features)
-		features->Set(feature, true);
-
-	InfoLogLine(log)
-		<< "Enabled features:\n";
-	InfoLogLine(log, Console_ForegroundGreen)
-		<< '\t' << boost::algorithm::join(enabled_features, " ") << '\n';
-	InfoLogLine(log)
-		<< "Disabled features:\n";
-	InfoLogLine(log, Console_ForegroundRed)
-		<< '\t' << boost::algorithm::join(disabled_features, " ") << '\n';
-
-	if (!features->Get("checker").ToBool())
-		InfoLogLine(log, 0, LogWarning)
-			<< "checker is disabled, no checks can be run from this instance\n";
-	if (!features->Get("mainlog").ToBool())
-		InfoLogLine(log, 0, LogWarning)
-			<< "mainlog is disabled, please activate it and rerun icinga2\n";
-	if (!features->Get("debuglog").ToBool())
-		InfoLogLine(log, 0, LogWarning)
-			<< "debuglog is disabled, please activate it and rerun icinga2\n";
-
-	return true;
-}
-
-void TroubleshootCommand::GetLatestReport(const String& filename, time_t& bestTimestamp, String& bestFilename)
-{
-#ifdef _WIN32
-	struct _stat buf;
-	if (_stat(filename.CStr(), &buf))
-		return;
-#else
-	struct stat buf;
-	if (stat(filename.CStr(), &buf))
-		return;
-#endif /*_WIN32*/
-	if (buf.st_mtime > bestTimestamp) {
-		bestTimestamp = buf.st_mtime;
-		bestFilename = filename;
-	}
-}
-
-bool TroubleshootCommand::PrintCrashReports(InfoLog& log)
-{
-	String spath = Application::GetLocalStateDir() + "/log/icinga2/crash/report.*";
-	time_t bestTimestamp = 0;
-	String bestFilename;
-
-	try {
-		Utility::Glob(spath, std::bind(&GetLatestReport, _1, std::ref(bestTimestamp),
-			std::ref(bestFilename)), GlobFile);
-	}
-#ifdef _WIN32
-	catch (win32_error &ex) {
-		if (int const * err = boost::get_error_info<errinfo_win32_error>(ex)) {
-			if (*err != 3) {//Error code for path does not exist
-				InfoLogLine(log, 0, LogWarning)
-					<< Application::GetLocalStateDir() << "/log/icinga2/crash/ does not exist\n";
-
-				return false;
-			}
-		}
-		InfoLogLine(log, 0, LogWarning)
-			<< "Error printing crash reports\n";
-
-		return false;
-	}
-#else
-	catch (...) {
-		InfoLogLine(log, 0, LogWarning) << "Error printing crash reports.\n"
-			<< "Does " << Application::GetLocalStateDir() << "/log/icinga2/crash/ exist?\n";
-
-		return false;
-	}
-#endif /*_WIN32*/
-
-	if (!bestTimestamp)
-		InfoLogLine(log, Console_ForegroundYellow)
-			<< "No crash logs found in " << Application::GetLocalStateDir().CStr() << "/log/icinga2/crash/\n\n";
-	else {
-		InfoLogLine(log)
-			<< "Latest crash report is from " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", Utility::GetTime()) << '\n'
-			<< "File: " << bestFilename << "\n\n";
-		PrintFile(log, bestFilename);
-		InfoLogLine(log)
-			<< '\n';
-	}
-
-	return true;
-}
-
-bool TroubleshootCommand::PrintFile(InfoLog& log, const String& path)
-{
-	std::ifstream text;
-	text.open(path.CStr(), std::ifstream::in);
-	if (!text.is_open())
-		return false;
-
-	std::string line;
-
-	InfoLogLine(log, Console_ForegroundCyan)
-		<< "[begin: '" << path << "']\n";
-
-	while (std::getline(text, line)) {
-		InfoLogLine(log, Console_ForegroundCyan)
-			<< "#  ";
-		InfoLogLine(log)
-			<< line << '\n';
-	}
-
-	InfoLogLine(log, Console_ForegroundCyan)
-		<< "[end: '" << path << "']\n";
-
-	return true;
-}
-
-bool TroubleshootCommand::CheckConfig()
-{
-	return DaemonUtility::ValidateConfigFiles({ Application::GetSysconfDir() + "/icinga2/icinga2.conf" }, Application::GetObjectsPath());
-}
-
-//print is supposed allow the user to print the object file
-void TroubleshootCommand::CheckObjectFile(const String& objectfile, InfoLog& log, InfoLog *OFile, const bool objectConsole,
-	Dictionary::Ptr& logs, std::set<String>& configs)
-{
-	InfoLogLine(log)
-		<< "Checking object file from " << objectfile << '\n';
-
-	std::fstream fp;
-	fp.open(objectfile.CStr(), std::ios_base::in);
-
-	if (!fp.is_open()) {
-		InfoLogLine(log, 0, LogWarning)
-			<< "Could not open object file.\n";
-		return;
-	}
-
-	StdioStream::Ptr sfp = new StdioStream(&fp, false);
-	String::SizeType typeL = 0, countTotal = 0;
-
-	String message;
-	StreamReadContext src;
-	StreamReadStatus srs;
-	std::map<String, int> type_count;
-	bool first = true;
-
-	std::stringstream sStream;
-
-	if (objectConsole)
-		InfoLogLine(log, Console_ForegroundBlue)
-			<< "\n[begin: objectfile]\n";
-
-	while ((srs = NetString::ReadStringFromStream(sfp, &message, src)) != StatusEof) {
-		if (srs != StatusNewItem)
-			continue;
-
-		if (objectConsole) {
-			ObjectListUtility::PrintObject(std::cout, first, message, type_count, "", "");
-		}
-		else {
-		ObjectListUtility::PrintObject(sStream, first, message, type_count, "", "");
-			if (OFile) {
-				InfoLogLine(*OFile)
-					<< sStream.str();
-				sStream.flush();
-			}
-		}
-
-		Dictionary::Ptr object = JsonDecode(message);
-		Dictionary::Ptr properties = object->Get("properties");
-
-		String name = object->Get("name");
-		String type = object->Get("type");
-
-		//Find longest typename for padding
-		typeL = type.GetLength() > typeL ? type.GetLength() : typeL;
-		countTotal++;
-
-		Array::Ptr debug_info = object->Get("debug_info");
-
-		if (debug_info)
-			configs.insert(debug_info->Get(0));
-
-		if (Utility::Match(type, "FileLogger")) {
-			Dictionary::Ptr debug_hints = object->Get("debug_hints");
-			Dictionary::Ptr properties = object->Get("properties");
-
-			ObjectLock olock(properties);
-			for (const Dictionary::Pair& kv : properties) {
-				if (Utility::Match(kv.first, "path"))
-					logs->Set(name, kv.second);
-			}
-		}
-	}
-
-	if (objectConsole)
-		InfoLogLine(log, Console_ForegroundBlue)
-			<< "\n[end: objectfile]\n";
-
-	if (!countTotal) {
-		InfoLogLine(log, 0, LogCritical)
-			<< "No objects found in objectfile.\n";
-		return;
-	}
-
-	//Print objects with count
-	InfoLogLine(log)
-		<< "Found the " << countTotal << " objects:\n"
-		<< "  Type" << std::string(typeL-4, ' ') << " : Count\n";
-
-	for (const Dictionary::Pair& kv : type_count) {
-		InfoLogLine(log)
-			<< "  " << kv.first << std::string(typeL - kv.first.GetLength(), ' ')
-			<< " : " << kv.second << '\n';
-	}
-
-	InfoLogLine(log)
-		<< '\n';
-
-	TroubleshootCommand::PrintObjectOrigin(log, configs);
-}
-
-bool TroubleshootCommand::PrintVarsFile(const String& path, const bool console) {
-	if (!console) {
-		auto *ofs = new std::ofstream();
-		ofs->open((path+"-vars").CStr(), std::ios::out | std::ios::trunc);
-		if (!ofs->is_open())
-			return false;
-		else
-			VariableUtility::PrintVariables(*ofs);
-		ofs->close();
-	} else
-		VariableUtility::PrintVariables(std::cout);
-
-	return true;
-}
-
-void TroubleshootCommand::PrintLoggers(InfoLog& log, Dictionary::Ptr& logs)
-{
-	if (!logs->GetLength()) {
-		InfoLogLine(log, 0, LogWarning)
-			<< "No loggers found, check whether you enabled any logging features\n";
-	} else {
-		InfoLogLine(log)
-			<< "Getting the last 20 lines of " << logs->GetLength() << " FileLogger objects.\n";
-
-		ObjectLock ulock(logs);
-		for (const Dictionary::Pair& kv : logs) {
-			InfoLogLine(log)
-				<< "Logger " << kv.first << " at path: " << kv.second << '\n';
-
-			if (!Tail(kv.second, 20, log)) {
-				InfoLogLine(log, 0, LogWarning)
-					<< kv.second << " either does not exist or is empty\n";
-			}
-		}
-	}
-}
-
-void TroubleshootCommand::PrintObjectOrigin(InfoLog& log, const std::set<String>& configSet)
-{
-	InfoLogLine(log)
-		<< "The objects origins are:\n";
-
-	for (const String& config : configSet) {
-		InfoLogLine(log)
-			<< "  " << config << '\n';
-	}
-}
-
-void TroubleshootCommand::InitParameters(boost::program_options::options_description& visibleDesc,
-	boost::program_options::options_description& hiddenDesc) const
-{
-	visibleDesc.add_options()
-		("console,c", "print to console instead of file")
-		("output,o", boost::program_options::value<std::string>(), "path to output file")
-		("include-objects", "Print the whole objectfile (like `object list`)")
-		("include-vars", "Print all Variables (like `variable list`)")
-		;
-}
-
-int TroubleshootCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
-{
-#ifdef _WIN32 //Dislikes ':' in filenames
-	String path = Application::GetLocalStateDir() + "/log/icinga2/troubleshooting-"
-		+ Utility::FormatDateTime("%Y-%m-%d_%H-%M-%S", Utility::GetTime()) + ".log";
-#else
-	String path = Application::GetLocalStateDir() + "/log/icinga2/troubleshooting-"
-		+ Utility::FormatDateTime("%Y-%m-%d_%H:%M:%S", Utility::GetTime()) + ".log";
-#endif /*_WIN32*/
-
-	InfoLog *log;
-	Logger::SetConsoleLogSeverity(LogWarning);
-
-	if (vm.count("output"))
-		path = vm["output"].as<std::string>();
-
-	if (vm.count("console")) {
-		log = new InfoLog("", true);
-	} else {
-		log = new InfoLog(path, false);
-		if (!log->GetStreamHealth()) {
-			Log(LogCritical, "troubleshoot", "Failed to open file to write: " + path);
-			delete log;
-			return 3;
-		}
-	}
-
-	String appName = Utility::BaseName(Application::GetArgV()[0]);
-	double goTime = Utility::GetTime();
-
-	InfoLogLine(*log)
-		<< appName << " -- Troubleshooting help:\n"
-		<< "Should you run into problems with Icinga please add this file to your help request\n"
-		<< "Started collection at " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", goTime) << "\n";
-
-	InfoLogLine(*log, Console_ForegroundMagenta)
-		<< std::string(52, '=') << "\n\n";
-
-	if (appName.GetLength() > 3 && appName.SubStr(0, 3) == "lt-")
-		appName = appName.SubStr(3, appName.GetLength() - 3);
-
-	Dictionary::Ptr logs = new Dictionary;
-
-	if (!GeneralInfo(*log, vm) ||
-		!FeatureInfo(*log, vm) ||
-		!ObjectInfo(*log, vm, logs, path) ||
-		!ReportInfo(*log, vm, logs) ||
-		!ConfigInfo(*log, vm)) {
-		InfoLogLine(*log, 0, LogCritical)
-			<< "Could not recover from critical failure, exiting.\n";
-
-		delete log;
-		return 3;
-	}
-
-	double endTime = Utility::GetTime();
-
-	InfoLogLine(*log, Console_ForegroundMagenta)
-		<< std::string(52, '=') << '\n';
-	InfoLogLine(*log, Console_ForegroundGreen)
-		<< "Finished collection at " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", endTime)
-		<< "\nTook " << Convert::ToString(endTime - goTime) << " seconds\n";
-
-	if (!vm.count("console")) {
-		std::cout << "Started collection at " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", goTime) << "\n"
-			<< "Finished collection at " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", endTime)
-			<< "\nTook " << Convert::ToString(endTime - goTime) << " seconds\n\n";
-
-		std::cout << "General log file: '" << path << "'\n";
-
-		if (vm.count("include-vars"))
-			std::cout << "Vars log file: '" << path << "-vars'\n";
-		if (vm.count("include-objects"))
-			std::cout << "Objects log file: '" << path << "-objects'\n";
-
-		std::cout << "\nPlease compress the files before uploading them,, for example:\n"
-			<< "  # tar czf troubleshoot.tar.gz " << path << "*\n";
-	}
-
-	delete log;
-	return 0;
-}
diff --git a/lib/cli/troubleshootcommand.hpp b/lib/cli/troubleshootcommand.hpp
deleted file mode 100644
index dbe5fba5e..000000000
--- a/lib/cli/troubleshootcommand.hpp
+++ /dev/null
@@ -1,71 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef TROUBLESHOOTCOMMAND_H
-#define TROUBLESHOOTCOMMAND_H
-
-#include "cli/clicommand.hpp"
-#include "base/i2-base.hpp"
-#include "base/dictionary.hpp"
-
-namespace icinga
-{
-
-/**
- * The "troubleshoot" command.
- *
- * @ingroup cli
- */
-class TroubleshootCommand final : public CLICommand
-{
-public:
-	DECLARE_PTR_TYPEDEFS(TroubleshootCommand);
-
-	String GetDescription() const override;
-	String GetShortDescription() const override;
-	int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
-	void InitParameters(boost::program_options::options_description& visibleDesc,
-		boost::program_options::options_description& hiddenDesc) const override;
-
-private:
-	class InfoLog;
-	class InfoLogLine;
-	static bool GeneralInfo(InfoLog& log, const boost::program_options::variables_map& vm);
-	static bool FeatureInfo(InfoLog& log, const boost::program_options::variables_map& vm);
-	static bool ObjectInfo(InfoLog& log, const boost::program_options::variables_map& vm,
-		Dictionary::Ptr& logs, const String& path);
-	static bool ReportInfo(InfoLog& log, const boost::program_options::variables_map& vm,
-		Dictionary::Ptr& logs);
-	static bool ConfigInfo(InfoLog& log, const boost::program_options::variables_map& vm);
-
-	static int Tail(const String& file, const int numLines, InfoLog& log);
-	static bool CheckFeatures(InfoLog& log);
-	static void GetLatestReport(const String& filename, time_t& bestTimestamp, String& bestFilename);
-	static bool PrintCrashReports(InfoLog& log);
-	static bool PrintFile(InfoLog& log, const String& path);
-	static bool CheckConfig();
-	static void CheckObjectFile(const String& objectfile, InfoLog& log, InfoLog *OFile, const bool objectConsole,
-		Dictionary::Ptr& logs, std::set<String>& configs);
-	static bool PrintVarsFile(const String& path, const bool console);
-	static void PrintLoggers(InfoLog& log, Dictionary::Ptr& logs);
-	static void PrintObjectOrigin(InfoLog& log, const std::set<String>& configSet);
-};
-
-}
-#endif /* TROUBLESHOOTCOMMAND_H */
diff --git a/lib/cli/variablegetcommand.cpp b/lib/cli/variablegetcommand.cpp
index 76fa634aa..c05ac965a 100644
--- a/lib/cli/variablegetcommand.cpp
+++ b/lib/cli/variablegetcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/variablegetcommand.hpp"
 #include "cli/variableutility.hpp"
@@ -75,7 +58,7 @@ int VariableGetCommand::Run(const boost::program_options::variables_map& vm, con
 		return 0;
 	}
 
-	String varsfile = Application::GetVarsPath();
+	String varsfile = Configuration::VarsPath;
 
 	if (!Utility::PathExists(varsfile)) {
 		Log(LogCritical, "cli")
diff --git a/lib/cli/variablegetcommand.hpp b/lib/cli/variablegetcommand.hpp
index 84f63df5b..9479b3a43 100644
--- a/lib/cli/variablegetcommand.hpp
+++ b/lib/cli/variablegetcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef VARIABLEGETCOMMAND_H
 #define VARIABLEGETCOMMAND_H
diff --git a/lib/cli/variablelistcommand.cpp b/lib/cli/variablelistcommand.cpp
index 9aff1cbea..b7ba1be3f 100644
--- a/lib/cli/variablelistcommand.cpp
+++ b/lib/cli/variablelistcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/variablelistcommand.hpp"
 #include "cli/variableutility.hpp"
@@ -53,7 +36,7 @@ String VariableListCommand::GetShortDescription() const
  */
 int VariableListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-	String varsfile = Application::GetVarsPath();
+	String varsfile = Configuration::VarsPath;
 
 	if (!Utility::PathExists(varsfile)) {
 		Log(LogCritical, "cli")
diff --git a/lib/cli/variablelistcommand.hpp b/lib/cli/variablelistcommand.hpp
index d5502dca1..909d9eb74 100644
--- a/lib/cli/variablelistcommand.hpp
+++ b/lib/cli/variablelistcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef VARIABLELISTCOMMAND_H
 #define VARIABLELISTCOMMAND_H
diff --git a/lib/cli/variableutility.cpp b/lib/cli/variableutility.cpp
index 9044a9e9b..398c9a0e5 100644
--- a/lib/cli/variableutility.cpp
+++ b/lib/cli/variableutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/variableutility.hpp"
 #include "base/logger.hpp"
@@ -31,7 +14,7 @@ using namespace icinga;
 
 Value VariableUtility::GetVariable(const String& name)
 {
-	String varsfile = Application::GetVarsPath();
+	String varsfile = Configuration::VarsPath;
 
 	std::fstream fp;
 	fp.open(varsfile.CStr(), std::ios_base::in);
@@ -61,7 +44,7 @@ Value VariableUtility::GetVariable(const String& name)
 
 void VariableUtility::PrintVariables(std::ostream& outfp)
 {
-	String varsfile = Application::GetVarsPath();
+	String varsfile = Configuration::VarsPath;
 
 	std::fstream fp;
 	fp.open(varsfile.CStr(), std::ios_base::in);
diff --git a/lib/cli/variableutility.hpp b/lib/cli/variableutility.hpp
index af1f3fb8e..69869b2b6 100644
--- a/lib/cli/variableutility.hpp
+++ b/lib/cli/variableutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef VARIABLEUTILITY_H
 #define VARIABLEUTILITY_H
diff --git a/lib/compat/CMakeLists.txt b/lib/compat/CMakeLists.txt
index df4a3e0eb..84225c4f8 100644
--- a/lib/compat/CMakeLists.txt
+++ b/lib/compat/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(checkresultreader.ti checkresultreader-ti.cpp checkresultreader-ti.hpp)
 mkclass_target(compatlogger.ti compatlogger-ti.cpp compatlogger-ti.hpp)
@@ -42,21 +27,21 @@ set_target_properties (
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/command.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/compatlog.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/statusdata.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/log/icinga2/compat/archives\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/spool/icinga2\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_RUNDIR}/icinga2/cmd\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_LOGDIR}/compat/archives\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_SPOOLDIR}\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_INITRUNDIR}/cmd\")")
 
 set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "${CPACK_NSIS_EXTRA_INSTALL_COMMANDS}" PARENT_SCOPE)
diff --git a/lib/compat/checkresultreader.cpp b/lib/compat/checkresultreader.cpp
index 016248765..2b3f05ccd 100644
--- a/lib/compat/checkresultreader.cpp
+++ b/lib/compat/checkresultreader.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/compatutility.hpp"
 #include "compat/checkresultreader.hpp"
@@ -62,7 +45,7 @@ void CheckResultReader::Start(bool runtimeCreated)
 		<< "'" << GetName() << "' started.";
 
 	Log(LogWarning, "CheckResultReader")
-		<< "The CheckResultReader feature is DEPRECATED and will be removed in Icinga v2.11.";
+		<< "This feature is DEPRECATED and will be removed in future releases. Check the roadmap at https://github.com/Icinga/icinga2/milestones";
 
 #ifndef _WIN32
 	m_ReadTimer = new Timer();
@@ -124,17 +107,9 @@ void CheckResultReader::ProcessCheckResultFile(const String& path) const
 	}
 
 	/* Remove the checkresult files. */
-	if (unlink(path.CStr()) < 0)
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("unlink")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(path));
+	Utility::Remove(path);
 
-	if (unlink(crfile.CStr()) < 0)
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("unlink")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(crfile));
+	Utility::Remove(crfile);
 
 	Checkable::Ptr checkable;
 
diff --git a/lib/compat/checkresultreader.hpp b/lib/compat/checkresultreader.hpp
index 445f8354c..6cd28e318 100644
--- a/lib/compat/checkresultreader.hpp
+++ b/lib/compat/checkresultreader.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CHECKRESULTREADER_H
 #define CHECKRESULTREADER_H
diff --git a/lib/compat/checkresultreader.ti b/lib/compat/checkresultreader.ti
index 18b3d0ac4..0132818cf 100644
--- a/lib/compat/checkresultreader.ti
+++ b/lib/compat/checkresultreader.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/application.hpp"
@@ -30,7 +13,7 @@ class CheckResultReader : ConfigObject
 	activation_priority 100;
 
 	[config] String spool_dir {
-		default {{{ return Application::GetLocalStateDir() + "/lib/icinga2/spool/checkresults/"; }}}
+		default {{{ return Configuration::DataDir + "/spool/checkresults/"; }}}
 	};
 };
 
diff --git a/lib/compat/compatlogger.cpp b/lib/compat/compatlogger.cpp
index 5e6d2c752..75e94dc95 100644
--- a/lib/compat/compatlogger.cpp
+++ b/lib/compat/compatlogger.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "compat/compatlogger.hpp"
 #include "compat/compatlogger-ti.cpp"
@@ -64,10 +47,10 @@ void CompatLogger::Start(bool runtimeCreated)
 		<< "'" << GetName() << "' started.";
 
 	Log(LogWarning, "CompatLogger")
-		<< "The CompatLogger feature is DEPRECATED and will be removed in Icinga v2.11.";
+		<< "This feature is DEPRECATED and will be removed in future releases. Check the roadmap at https://github.com/Icinga/icinga2/milestones";
 
 	Checkable::OnNewCheckResult.connect(std::bind(&CompatLogger::CheckResultHandler, this, _1, _2));
-	Checkable::OnNotificationSentToUser.connect(std::bind(&CompatLogger::NotificationSentHandler, this, _1, _2, _3, _4, _5, _6, _7, _8));
+	Checkable::OnNotificationSentToUser.connect(std::bind(&CompatLogger::NotificationSentHandler, this, _1, _2, _3, _4, _5, _6, _7, _8, _9));
 	Downtime::OnDowntimeTriggered.connect(std::bind(&CompatLogger::TriggerDowntimeHandler, this, _1));
 	Downtime::OnDowntimeRemoved.connect(std::bind(&CompatLogger::RemoveDowntimeHandler, this, _1));
 	Checkable::OnEventCommandExecuted.connect(std::bind(&CompatLogger::EventCommandHandler, this, _1));
@@ -247,14 +230,14 @@ void CompatLogger::RemoveDowntimeHandler(const Downtime::Ptr& downtime)
  * @threadsafety Always.
  */
 void CompatLogger::NotificationSentHandler(const Notification::Ptr& notification, const Checkable::Ptr& checkable,
-	const User::Ptr& user, NotificationType notification_type, CheckResult::Ptr const& cr,
+	const User::Ptr& user, NotificationType notification_type, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
 	const String& author, const String& comment_text, const String& command_name)
 {
 	Host::Ptr host;
 	Service::Ptr service;
 	tie(host, service) = GetHostService(checkable);
 
-	String notification_type_str = Notification::NotificationTypeToString(notification_type);
+	String notification_type_str = Notification::NotificationTypeToStringCompat(notification_type);
 
 	/* override problem notifications with their current state string */
 	if (notification_type == NotificationProblem) {
diff --git a/lib/compat/compatlogger.hpp b/lib/compat/compatlogger.hpp
index fecab1f99..748bb90a9 100644
--- a/lib/compat/compatlogger.hpp
+++ b/lib/compat/compatlogger.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMPATLOGGER_H
 #define COMPATLOGGER_H
@@ -53,8 +36,8 @@ private:
 
 	void CheckResultHandler(const Checkable::Ptr& service, const CheckResult::Ptr& cr);
 	void NotificationSentHandler(const Notification::Ptr& notification, const Checkable::Ptr& service,
-		const User::Ptr& user, NotificationType notification_type, CheckResult::Ptr const& cr,
-		const String& author, const String& comment_text, const String& command_name);
+		const User::Ptr& user, NotificationType notification_type, const CheckResult::Ptr& cr,
+		const NotificationResult::Ptr& nr, const String& author, const String& comment_text, const String& command_name);
 	void FlappingChangedHandler(const Checkable::Ptr& checkable);
 	void EnableFlappingChangedHandler(const Checkable::Ptr& checkable);
 	void TriggerDowntimeHandler(const Downtime::Ptr& downtime);
diff --git a/lib/compat/compatlogger.ti b/lib/compat/compatlogger.ti
index 322236cd8..56431eccd 100644
--- a/lib/compat/compatlogger.ti
+++ b/lib/compat/compatlogger.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/application.hpp"
@@ -30,7 +13,7 @@ class CompatLogger : ConfigObject
 	activation_priority 100;
 
 	[config] String log_dir {
-		default {{{ return Application::GetLocalStateDir() + "/log/icinga2/compat"; }}}
+		default {{{ return Configuration::LogDir + "/compat"; }}}
 	};
 	[config] String rotation_method {
 		default {{{ return "HOURLY"; }}}
diff --git a/lib/compat/externalcommandlistener.cpp b/lib/compat/externalcommandlistener.cpp
index bb9402c79..d5bdd63b5 100644
--- a/lib/compat/externalcommandlistener.cpp
+++ b/lib/compat/externalcommandlistener.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "compat/externalcommandlistener.hpp"
 #include "compat/externalcommandlistener-ti.cpp"
@@ -53,6 +36,8 @@ void ExternalCommandListener::Start(bool runtimeCreated)
 	Log(LogInformation, "ExternalCommandListener")
 		<< "'" << GetName() << "' started.";
 
+	Log(LogWarning, "ExternalCommandListener")
+		<< "This feature is DEPRECATED and will be removed in future releases. Check the roadmap at https://github.com/Icinga/icinga2/milestones";
 #ifndef _WIN32
 	m_CommandThread = std::thread(std::bind(&ExternalCommandListener::CommandPipeThread, this, GetCommandPath()));
 	m_CommandThread.detach();
@@ -82,12 +67,7 @@ void ExternalCommandListener::CommandPipeThread(const String& commandPath)
 		if (S_ISFIFO(statbuf.st_mode) && access(commandPath.CStr(), R_OK) >= 0) {
 			fifo_ok = true;
 		} else {
-			if (unlink(commandPath.CStr()) < 0) {
-				BOOST_THROW_EXCEPTION(posix_error()
-					<< boost::errinfo_api_function("unlink")
-					<< boost::errinfo_errno(errno)
-					<< boost::errinfo_file_name(commandPath));
-			}
+			Utility::Remove(commandPath);
 		}
 	}
 
diff --git a/lib/compat/externalcommandlistener.hpp b/lib/compat/externalcommandlistener.hpp
index a2adc47ef..895531f78 100644
--- a/lib/compat/externalcommandlistener.hpp
+++ b/lib/compat/externalcommandlistener.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EXTERNALCOMMANDLISTENER_H
 #define EXTERNALCOMMANDLISTENER_H
diff --git a/lib/compat/externalcommandlistener.ti b/lib/compat/externalcommandlistener.ti
index baffb7f51..5b529442e 100644
--- a/lib/compat/externalcommandlistener.ti
+++ b/lib/compat/externalcommandlistener.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/application.hpp"
@@ -30,7 +13,7 @@ class ExternalCommandListener : ConfigObject
 	activation_priority 100;
 
 	[config] String command_path {
-		default {{{ return Application::GetRunDir() + "/icinga2/cmd/icinga2.cmd"; }}}
+		default {{{ return Configuration::InitRunDir + "/cmd/icinga2.cmd"; }}}
 	};
 };
 
diff --git a/lib/compat/statusdatawriter.cpp b/lib/compat/statusdatawriter.cpp
index 6b1610b0e..5a0f136bf 100644
--- a/lib/compat/statusdatawriter.cpp
+++ b/lib/compat/statusdatawriter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "compat/statusdatawriter.hpp"
 #include "compat/statusdatawriter-ti.cpp"
@@ -39,7 +22,6 @@
 #include "base/application.hpp"
 #include "base/context.hpp"
 #include "base/statsfunction.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/algorithm/string/replace.hpp>
 #include <fstream>
@@ -78,7 +60,7 @@ void StatusDataWriter::Start(bool runtimeCreated)
 		<< "'" << GetName() << "' started.";
 
 	Log(LogWarning, "StatusDataWriter")
-		<< "The StatusDataWriter feature is DEPRECATED and will be removed in Icinga v2.11.";
+		<< "This feature is DEPRECATED and will be removed in future releases. Check the roadmap at https://github.com/Icinga/icinga2/milestones";
 
 	m_ObjectsCacheOutdated = true;
 
@@ -394,7 +376,7 @@ void StatusDataWriter::DumpCheckableStatusAttrs(std::ostream& fp, const Checkabl
 		"\t" "last_state_change=" << static_cast<long>(checkable->GetLastStateChange()) << "\n"
 		"\t" "last_hard_state_change=" << static_cast<long>(checkable->GetLastHardStateChange()) << "\n"
 		"\t" "last_update=" << static_cast<long>(Utility::GetTime()) << "\n"
-		"\t" "notifications_enabled" "\t" << Convert::ToLong(checkable->GetEnableNotifications()) << "\n"
+		"\t" "notifications_enabled=" << Convert::ToLong(checkable->GetEnableNotifications()) << "\n"
 		"\t" "active_checks_enabled=" << Convert::ToLong(checkable->GetEnableActiveChecks()) << "\n"
 		"\t" "passive_checks_enabled=" << Convert::ToLong(checkable->GetEnablePassiveChecks()) << "\n"
 		"\t" "flap_detection_enabled=" << Convert::ToLong(checkable->GetEnableFlapping()) << "\n"
@@ -559,6 +541,7 @@ void StatusDataWriter::UpdateObjectsCache()
 {
 	CONTEXT("Writing objects.cache file");
 
+	/* Use the compat path here from the .ti generated class. */
 	String objectsPath = GetObjectsPath();
 
 	std::fstream objectfp;
@@ -779,16 +762,7 @@ void StatusDataWriter::UpdateObjectsCache()
 
 	objectfp.close();
 
-#ifdef _WIN32
-	_unlink(objectsPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempObjectsPath.CStr(), objectsPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempObjectsPath));
-	}
+	Utility::RenameFile(tempObjectsPath, objectsPath);
 }
 
 /**
@@ -861,16 +835,7 @@ void StatusDataWriter::StatusTimerHandler()
 
 	statusfp.close();
 
-#ifdef _WIN32
-	_unlink(statusPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempStatusPath.CStr(), statusPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempStatusPath));
-	}
+	Utility::RenameFile(tempStatusPath, statusPath);
 
 	Log(LogNotice, "StatusDataWriter")
 		<< "Writing status.dat file took " << Utility::FormatDuration(Utility::GetTime() - start);
diff --git a/lib/compat/statusdatawriter.hpp b/lib/compat/statusdatawriter.hpp
index b8fb71d33..31a5efe54 100644
--- a/lib/compat/statusdatawriter.hpp
+++ b/lib/compat/statusdatawriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STATUSDATAWRITER_H
 #define STATUSDATAWRITER_H
diff --git a/lib/compat/statusdatawriter.ti b/lib/compat/statusdatawriter.ti
index 5ac2969a9..cc7eb113f 100644
--- a/lib/compat/statusdatawriter.ti
+++ b/lib/compat/statusdatawriter.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/application.hpp"
@@ -30,10 +13,10 @@ class StatusDataWriter : ConfigObject
 	activation_priority 100;
 
 	[config] String status_path {
-		default {{{ return Application::GetLocalStateDir() + "/cache/icinga2/status.dat"; }}}
+		default {{{ return Configuration::CacheDir + "/status.dat"; }}}
 	};
 	[config] String objects_path {
-		default {{{ return Application::GetLocalStateDir() + "/cache/icinga2/objects.cache"; }}}
+		default {{{ return Configuration::CacheDir + "/objects.cache"; }}}
 	};
 	[config] double update_interval {
 		default {{{ return 15; }}}
diff --git a/lib/config/CMakeLists.txt b/lib/config/CMakeLists.txt
index 471384cbb..042668dc3 100644
--- a/lib/config/CMakeLists.txt
+++ b/lib/config/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 find_package(BISON 2.3.0 REQUIRED)
 find_package(FLEX 2.5.31 REQUIRED)
diff --git a/lib/config/activationcontext.cpp b/lib/config/activationcontext.cpp
index c22f41caf..d05087552 100644
--- a/lib/config/activationcontext.cpp
+++ b/lib/config/activationcontext.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/activationcontext.hpp"
 #include "base/exception.hpp"
diff --git a/lib/config/activationcontext.hpp b/lib/config/activationcontext.hpp
index c5a275631..3fe5d09ab 100644
--- a/lib/config/activationcontext.hpp
+++ b/lib/config/activationcontext.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ACTIVATIONCONTEXT_H
 #define ACTIVATIONCONTEXT_H
diff --git a/lib/config/applyrule.cpp b/lib/config/applyrule.cpp
index c8f012e23..f7b7cbdd2 100644
--- a/lib/config/applyrule.cpp
+++ b/lib/config/applyrule.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/applyrule.hpp"
 #include "base/logger.hpp"
@@ -158,11 +141,11 @@ std::vector<ApplyRule>& ApplyRule::GetRules(const String& type)
 	return it->second;
 }
 
-void ApplyRule::CheckMatches()
+void ApplyRule::CheckMatches(bool silent)
 {
 	for (const RuleMap::value_type& kv : m_Rules) {
 		for (const ApplyRule& rule : kv.second) {
-			if (!rule.HasMatches())
+			if (!rule.HasMatches() && !silent)
 				Log(LogWarning, "ApplyRule")
 					<< "Apply rule '" << rule.GetName() << "' (" << rule.GetDebugInfo() << ") for type '" << kv.first << "' does not match anywhere!";
 		}
diff --git a/lib/config/applyrule.hpp b/lib/config/applyrule.hpp
index 91623df75..bc4868b9e 100644
--- a/lib/config/applyrule.hpp
+++ b/lib/config/applyrule.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APPLYRULE_H
 #define APPLYRULE_H
@@ -62,7 +45,7 @@ public:
 	static bool IsValidTargetType(const String& sourceType, const String& targetType);
 	static std::vector<String> GetTargetTypes(const String& sourceType);
 
-	static void CheckMatches();
+	static void CheckMatches(bool silent);
 
 private:
 	String m_TargetType;
diff --git a/lib/config/config_lexer.ll b/lib/config/config_lexer.ll
index 6a2d84027..71f1b96c7 100644
--- a/lib/config/config_lexer.ll
+++ b/lib/config/config_lexer.ll
@@ -1,22 +1,5 @@
 %{
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/configcompiler.hpp"
 #include "config/expression.hpp"
@@ -180,7 +163,7 @@ this				return T_THIS;
 globals				return T_GLOBALS;
 locals				return T_LOCALS;
 use				return T_USE;
-__using				return T_USING;
+using				return T_USING;
 apply				return T_APPLY;
 default				return T_DEFAULT;
 to				return T_TO;
@@ -203,6 +186,7 @@ ignore_on_error			return T_IGNORE_ON_ERROR;
 current_filename		return T_CURRENT_FILENAME;
 current_line			return T_CURRENT_LINE;
 debugger			return T_DEBUGGER;
+namespace			return T_NAMESPACE;
 =\>				return T_FOLLOWS;
 \<\<				return T_SHIFT_LEFT;
 \>\>				return T_SHIFT_RIGHT;
diff --git a/lib/config/config_parser.yy b/lib/config/config_parser.yy
index 70f309bd3..4e0d536cc 100644
--- a/lib/config/config_parser.yy
+++ b/lib/config/config_parser.yy
@@ -1,24 +1,7 @@
 %{
 #define YYDEBUG 1
- 
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/i2-config.hpp"
 #include "config/configcompiler.hpp"
@@ -149,8 +132,9 @@ static void MakeRBinaryOp(Expression** result, Expression *left, Expression *rig
 %token T_CURRENT_FILENAME "current_filename (T_CURRENT_FILENAME)"
 %token T_CURRENT_LINE "current_line (T_CURRENT_LINE)"
 %token T_DEBUGGER "debugger (T_DEBUGGER)"
+%token T_NAMESPACE "namespace (T_NAMESPACE)"
 %token T_USE "use (T_USE)"
-%token T_USING "__using (T_USING)"
+%token T_USING "using (T_USING)"
 %token T_OBJECT "object (T_OBJECT)"
 %token T_TEMPLATE "template (T_TEMPLATE)"
 %token T_INCLUDE "include (T_INCLUDE)"
@@ -227,6 +211,7 @@ static void MakeRBinaryOp(Expression** result, Expression *left, Expression *rig
 %left T_PLUS T_MINUS
 %left T_MULTIPLY T_DIVIDE_OP T_MODULO
 %left UNARY_MINUS UNARY_PLUS
+%right REF_OP DEREF_OP
 %right '!' '~'
 %left '.' '(' '['
 %left T_VAR T_THIS T_GLOBALS T_LOCALS
@@ -469,6 +454,10 @@ combined_set_op: T_SET
 	| T_SET_BINARY_OR
 	;
 
+optional_var: /* empty */
+	| T_VAR
+	;
+
 lterm: T_LIBRARY rterm
 	{
 		$$ = new LibraryExpression(std::unique_ptr<Expression>($2), @$);
@@ -597,13 +586,27 @@ lterm: T_LIBRARY rterm
 	{
 		$$ = new BreakpointExpression(@$);
 	}
+	| T_NAMESPACE rterm
+	{
+		BeginFlowControlBlock(context, FlowControlReturn, false);
+	}
+	rterm_scope_require_side_effect
+	{
+		EndFlowControlBlock(context);
+
+		std::unique_ptr<Expression> expr{$2};
+		BindToScope(expr, ScopeGlobal);
+		$$ = new SetExpression(std::move(expr), OpSetLiteral, std::unique_ptr<Expression>(new NamespaceExpression(std::unique_ptr<Expression>($4), @$)), @$);
+	}
 	| T_USING rterm
 	{
-		$$ = new UsingExpression(std::unique_ptr<Expression>($2), @$);
+		std::shared_ptr<Expression> expr{$2};
+		context->AddImport(expr);
+		$$ = MakeLiteralRaw();
 	}
 	| apply
 	| object
-	| T_FOR '(' identifier T_FOLLOWS identifier T_IN rterm ')'
+	| T_FOR '(' optional_var identifier T_FOLLOWS optional_var identifier T_IN rterm ')'
 	{
 		BeginFlowControlBlock(context, FlowControlContinue | FlowControlBreak, true);
 	}
@@ -611,11 +614,11 @@ lterm: T_LIBRARY rterm
 	{
 		EndFlowControlBlock(context);
 
-		$$ = new ForExpression(*$3, *$5, std::unique_ptr<Expression>($7), std::unique_ptr<Expression>($10), @$);
-		delete $3;
-		delete $5;
+		$$ = new ForExpression(*$4, *$7, std::unique_ptr<Expression>($9), std::unique_ptr<Expression>($12), @$);
+		delete $4;
+		delete $7;
 	}
-	| T_FOR '(' identifier T_IN rterm ')'
+	| T_FOR '(' optional_var identifier T_IN rterm ')'
 	{
 		BeginFlowControlBlock(context, FlowControlContinue | FlowControlBreak, true);
 	}
@@ -623,8 +626,8 @@ lterm: T_LIBRARY rterm
 	{
 		EndFlowControlBlock(context);
 
-		$$ = new ForExpression(*$3, "", std::unique_ptr<Expression>($5), std::unique_ptr<Expression>($8), @$);
-		delete $3;
+		$$ = new ForExpression(*$4, "", std::unique_ptr<Expression>($6), std::unique_ptr<Expression>($9), @$);
+		delete $4;
 	}
 	| T_FUNCTION identifier '(' identifier_items ')' use_specifier
 	{
@@ -643,7 +646,7 @@ lterm: T_LIBRARY rterm
 	}
 	| T_CONST T_IDENTIFIER T_SET rterm
 	{
-		$$ = new SetExpression(MakeIndexer(ScopeGlobal, *$2), OpSetLiteral, std::unique_ptr<Expression>($4));
+		$$ = new SetConstExpression(*$2, std::unique_ptr<Expression>($4), @$);
 		delete $2;
 	}
 	| T_VAR rterm
@@ -874,9 +877,17 @@ rterm_no_side_effect_no_dict: T_STRING
 	}
 	| T_IDENTIFIER
 	{
-		$$ = new VariableExpression(*$1, @1);
+		$$ = new VariableExpression(*$1, context->GetImports(), @1);
 		delete $1;
 	}
+	| T_MULTIPLY rterm %prec DEREF_OP
+	{
+		$$ = new DerefExpression(std::unique_ptr<Expression>($2), @$);
+	}
+	| T_BINARY_AND rterm %prec REF_OP
+	{
+		$$ = new RefExpression(std::unique_ptr<Expression>($2), @$);
+	}
 	| '!' rterm
 	{
 		$$ = new LogicalNegateExpression(std::unique_ptr<Expression>($2), @$);
@@ -1092,7 +1103,7 @@ use_specifier_items: use_specifier_item
 
 use_specifier_item: identifier
 	{
-		$$ = new std::pair<String, std::unique_ptr<Expression> >(*$1, std::unique_ptr<Expression>(new VariableExpression(*$1, @1)));
+		$$ = new std::pair<String, std::unique_ptr<Expression> >(*$1, std::unique_ptr<Expression>(new VariableExpression(*$1, context->GetImports(), @1)));
 		delete $1;
 	}
 	| identifier T_SET rterm
@@ -1103,24 +1114,24 @@ use_specifier_item: identifier
 	;
 
 apply_for_specifier: /* empty */
-	| T_FOR '(' identifier T_FOLLOWS identifier T_IN rterm ')'
+	| T_FOR '(' optional_var identifier T_FOLLOWS optional_var identifier T_IN rterm ')'
 	{
-		context->m_FKVar.top() = *$3;
-		delete $3;
+		context->m_FKVar.top() = *$4;
+		delete $4;
 
-		context->m_FVVar.top() = *$5;
-		delete $5;
+		context->m_FVVar.top() = *$7;
+		delete $7;
 
-		context->m_FTerm.top() = $7;
+		context->m_FTerm.top() = $9;
 	}
-	| T_FOR '(' identifier T_IN rterm ')'
+	| T_FOR '(' optional_var identifier T_IN rterm ')'
 	{
-		context->m_FKVar.top() = *$3;
-		delete $3;
+		context->m_FKVar.top() = *$4;
+		delete $4;
 
 		context->m_FVVar.top() = "";
 
-		context->m_FTerm.top() = $5;
+		context->m_FTerm.top() = $6;
 	}
 	;
 
diff --git a/lib/config/configcompiler.cpp b/lib/config/configcompiler.cpp
index f8b754bb9..8f450994f 100644
--- a/lib/config/configcompiler.cpp
+++ b/lib/config/configcompiler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/configcompiler.hpp"
 #include "config/configitem.hpp"
@@ -340,7 +323,8 @@ bool ConfigCompiler::HasZoneConfigAuthority(const String& zoneName)
 	if (!empty) {
 		std::vector<String> paths;
 		paths.reserve(zoneDirs.size());
-for (const ZoneFragment& zf : zoneDirs) {
+
+		for (const ZoneFragment& zf : zoneDirs) {
 			paths.push_back(zf.Path);
 		}
 
@@ -361,3 +345,12 @@ bool ConfigCompiler::IsAbsolutePath(const String& path)
 #endif /* _WIN32 */
 }
 
+void ConfigCompiler::AddImport(const std::shared_ptr<Expression>& import)
+{
+	m_Imports.push_back(import);
+}
+
+std::vector<std::shared_ptr<Expression> > ConfigCompiler::GetImports() const
+{
+	return m_Imports;
+}
diff --git a/lib/config/configcompiler.hpp b/lib/config/configcompiler.hpp
index d4a03681e..b89fdf05c 100644
--- a/lib/config/configcompiler.hpp
+++ b/lib/config/configcompiler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGCOMPILER_H
 #define CONFIGCOMPILER_H
@@ -109,6 +92,9 @@ public:
 	void SetPackage(const String& package);
 	String GetPackage() const;
 
+	void AddImport(const std::shared_ptr<Expression>& import);
+	std::vector<std::shared_ptr<Expression> > GetImports() const;
+
 	static void CollectIncludes(std::vector<std::unique_ptr<Expression> >& expressions,
 		const String& file, const String& zone, const String& package);
 
@@ -134,6 +120,7 @@ private:
 	std::istream *m_Input;
 	String m_Zone;
 	String m_Package;
+	std::vector<std::shared_ptr<Expression> > m_Imports;
 
 	void *m_Scanner;
 
diff --git a/lib/config/configcompilercontext.cpp b/lib/config/configcompilercontext.cpp
index b298a33ec..7be89fff6 100644
--- a/lib/config/configcompilercontext.cpp
+++ b/lib/config/configcompilercontext.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/configcompilercontext.hpp"
 #include "base/singleton.hpp"
@@ -23,6 +6,7 @@
 #include "base/netstring.hpp"
 #include "base/exception.hpp"
 #include "base/application.hpp"
+#include "base/utility.hpp"
 
 using namespace icinga;
 
@@ -79,15 +63,6 @@ void ConfigCompilerContext::FinishObjectsFile()
 	delete m_ObjectsFP;
 	m_ObjectsFP = nullptr;
 
-#ifdef _WIN32
-	_unlink(m_ObjectsPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(m_ObjectsTempFile.CStr(), m_ObjectsPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(m_ObjectsTempFile));
-	}
+	Utility::RenameFile(m_ObjectsTempFile, m_ObjectsPath);
 }
 
diff --git a/lib/config/configcompilercontext.hpp b/lib/config/configcompilercontext.hpp
index 7a7fb54c8..58c55d539 100644
--- a/lib/config/configcompilercontext.hpp
+++ b/lib/config/configcompilercontext.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGCOMPILERCONTEXT_H
 #define CONFIGCOMPILERCONTEXT_H
diff --git a/lib/config/configfragment.hpp b/lib/config/configfragment.hpp
index bd3c5939b..55038f8bf 100644
--- a/lib/config/configfragment.hpp
+++ b/lib/config/configfragment.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGFRAGMENT_H
 #define CONFIGFRAGMENT_H
@@ -26,6 +9,7 @@
 #include "base/exception.hpp"
 #include "base/application.hpp"
 
+/* Ensure that the priority is lower than the basic namespace initialization in scriptframe.cpp. */
 #define REGISTER_CONFIG_FRAGMENT(name, fragment) \
 	INITIALIZE_ONCE_WITH_PRIORITY([]() { \
 		std::unique_ptr<icinga::Expression> expression = icinga::ConfigCompiler::CompileText(name, fragment); \
diff --git a/lib/config/configitem.cpp b/lib/config/configitem.cpp
index c790f8794..5c9f0dd55 100644
--- a/lib/config/configitem.cpp
+++ b/lib/config/configitem.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/configitem.hpp"
 #include "config/configcompilercontext.hpp"
@@ -36,8 +19,12 @@
 #include "base/json.hpp"
 #include "base/exception.hpp"
 #include "base/function.hpp"
+#include "base/utility.hpp"
+#include <boost/algorithm/string/join.hpp>
 #include <sstream>
 #include <fstream>
+#include <algorithm>
+#include <random>
 
 using namespace icinga;
 
@@ -47,7 +34,7 @@ ConfigItem::TypeMap ConfigItem::m_DefaultTemplates;
 ConfigItem::ItemList ConfigItem::m_UnnamedItems;
 ConfigItem::IgnoredItemList ConfigItem::m_IgnoredItems;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, run_with_activation_context, &ConfigItem::RunWithActivationContext, "func");
+REGISTER_FUNCTION(Internal, run_with_activation_context, &ConfigItem::RunWithActivationContext, "func");
 
 /**
  * Constructor for the ConfigItem class.
@@ -289,6 +276,14 @@ ConfigObject::Ptr ConfigItem::Commit(bool discard)
 		throw;
 	}
 
+	Value serializedObject;
+
+	try {
+		serializedObject = Serialize(dobj, FAConfig);
+	} catch (const CircularReferenceError& ex) {
+		BOOST_THROW_EXCEPTION(ValidationError(dobj, ex.GetPath(), "Circular references are not allowed"));
+	}
+
 	Dictionary::Ptr persistentItem = new Dictionary({
 		{ "type", type->GetName() },
 		{ "name", GetName() },
@@ -428,27 +423,26 @@ bool ConfigItem::CommitNewItems(const ActivationContext::Ptr& context, WorkQueue
 	if (items.empty())
 		return true;
 
+	// Shuffle all items to evenly distribute them over the threads of the workqueue. This increases perfomance
+	// noticably in environments with lots of objects and available threads.
+	std::shuffle(std::begin(items), std::end(items), std::default_random_engine {});
+
+#ifdef I2_DEBUG
+	Log(LogDebug, "configitem")
+		<< "Committing " << items.size() << " new items.";
+#endif /* I2_DEBUG */
+
 	for (const auto& ip : items)
 		newItems.push_back(ip.first);
 
-	upq.ParallelFor(items, [](const ItemPair& ip) {
-		ip.first->Commit(ip.second);
-	});
-
-	upq.Join();
-
-	if (upq.HasExceptions())
-		return false;
-
 	std::set<Type::Ptr> types;
+	std::set<Type::Ptr> completed_types;
 
 	for (const Type::Ptr& type : Type::GetAllTypes()) {
 		if (ConfigObject::TypeInstance->IsAssignableFrom(type))
 			types.insert(type);
 	}
 
-	std::set<Type::Ptr> completed_types;
-
 	while (types.size() != completed_types.size()) {
 		for (const Type::Ptr& type : types) {
 			if (completed_types.find(type) != completed_types.end())
@@ -468,7 +462,60 @@ bool ConfigItem::CommitNewItems(const ActivationContext::Ptr& context, WorkQueue
 			if (unresolved_dep)
 				continue;
 
-			upq.ParallelFor(items, [&type](const ItemPair& ip) {
+			int committed_items = 0;
+			upq.ParallelFor(items, [&type, &committed_items](const ItemPair& ip) {
+				const ConfigItem::Ptr& item = ip.first;
+
+				if (item->m_Type != type)
+					return;
+
+				ip.first->Commit(ip.second);
+				committed_items++;
+			});
+
+			upq.Join();
+
+			completed_types.insert(type);
+
+#ifdef I2_DEBUG
+			if (committed_items > 0)
+				Log(LogDebug, "configitem")
+					<< "Committed " << committed_items << " items of type '" << type->GetName() << "'.";
+#endif /* I2_DEBUG */
+
+			if (upq.HasExceptions())
+				return false;
+		}
+	}
+
+#ifdef I2_DEBUG
+	Log(LogDebug, "configitem")
+		<< "Committed " << items.size() << " items.";
+#endif /* I2_DEBUG */
+
+	completed_types.clear();
+
+	while (types.size() != completed_types.size()) {
+		for (const Type::Ptr& type : types) {
+			if (completed_types.find(type) != completed_types.end())
+				continue;
+
+			bool unresolved_dep = false;
+
+			/* skip this type (for now) if there are unresolved load dependencies */
+			for (const String& loadDep : type->GetLoadDependencies()) {
+				Type::Ptr pLoadDep = Type::GetByName(loadDep);
+				if (types.find(pLoadDep) != types.end() && completed_types.find(pLoadDep) == completed_types.end()) {
+					unresolved_dep = true;
+					break;
+				}
+			}
+
+			if (unresolved_dep)
+				continue;
+
+			int notified_items = 0;
+			upq.ParallelFor(items, [&type, &notified_items](const ItemPair& ip) {
 				const ConfigItem::Ptr& item = ip.first;
 
 				if (!item->m_Object || item->m_Type != type)
@@ -476,6 +523,7 @@ bool ConfigItem::CommitNewItems(const ActivationContext::Ptr& context, WorkQueue
 
 				try {
 					item->m_Object->OnAllConfigLoaded();
+					notified_items++;
 				} catch (const std::exception& ex) {
 					if (!item->m_IgnoreOnError)
 						throw;
@@ -496,11 +544,18 @@ bool ConfigItem::CommitNewItems(const ActivationContext::Ptr& context, WorkQueue
 
 			upq.Join();
 
+#ifdef I2_DEBUG
+			if (notified_items > 0)
+				Log(LogDebug, "configitem")
+					<< "Sent OnAllConfigLoaded to " << notified_items << " items of type '" << type->GetName() << "'.";
+#endif /* I2_DEBUG */
+
 			if (upq.HasExceptions())
 				return false;
 
+			notified_items = 0;
 			for (const String& loadDep : type->GetLoadDependencies()) {
-				upq.ParallelFor(items, [loadDep, &type](const ItemPair& ip) {
+				upq.ParallelFor(items, [loadDep, &type, &notified_items](const ItemPair& ip) {
 					const ConfigItem::Ptr& item = ip.first;
 
 					if (!item->m_Object || item->m_Type->GetName() != loadDep)
@@ -508,14 +563,22 @@ bool ConfigItem::CommitNewItems(const ActivationContext::Ptr& context, WorkQueue
 
 					ActivationScope ascope(item->m_ActivationContext);
 					item->m_Object->CreateChildObjects(type);
+					notified_items++;
 				});
 			}
 
 			upq.Join();
 
+#ifdef I2_DEBUG
+			if (notified_items > 0)
+				Log(LogDebug, "configitem")
+					<< "Sent CreateChildObjects to " << notified_items << " items of type '" << type->GetName() << "'.";
+#endif /* I2_DEBUG */
+
 			if (upq.HasExceptions())
 				return false;
 
+			// Make sure to activate any additionally generated items
 			if (!CommitNewItems(context, upq, newItems))
 				return false;
 		}
@@ -539,7 +602,7 @@ bool ConfigItem::CommitItems(const ActivationContext::Ptr& context, WorkQueue& u
 		return false;
 	}
 
-	ApplyRule::CheckMatches();
+	ApplyRule::CheckMatches(silent);
 
 	if (!silent) {
 		/* log stats for external parsers */
@@ -561,15 +624,16 @@ bool ConfigItem::CommitItems(const ActivationContext::Ptr& context, WorkQueue& u
 	return true;
 }
 
-bool ConfigItem::ActivateItems(WorkQueue& upq, const std::vector<ConfigItem::Ptr>& newItems, bool runtimeCreated, bool silent, bool withModAttrs)
+bool ConfigItem::ActivateItems(WorkQueue& upq, const std::vector<ConfigItem::Ptr>& newItems, bool runtimeCreated,
+	bool silent, bool withModAttrs, const Value& cookie)
 {
 	static boost::mutex mtx;
 	boost::mutex::scoped_lock lock(mtx);
 
 	if (withModAttrs) {
 		/* restore modified attributes */
-		if (Utility::PathExists(Application::GetModAttrPath())) {
-			std::unique_ptr<Expression> expression = ConfigCompiler::CompileFile(Application::GetModAttrPath());
+		if (Utility::PathExists(Configuration::ModAttrPath)) {
+			std::unique_ptr<Expression> expression = ConfigCompiler::CompileFile(Configuration::ModAttrPath);
 
 			if (expression) {
 				try {
@@ -625,11 +689,11 @@ bool ConfigItem::ActivateItems(WorkQueue& upq, const std::vector<ConfigItem::Ptr
 #ifdef I2_DEBUG
 			Log(LogDebug, "ConfigItem")
 				<< "Activating object '" << object->GetName() << "' of type '"
-				<< objectType->GetName() << "' with priority '"
+				<< objectType->GetName() << "' with priority "
 				<< objectType->GetActivationPriority();
 #endif /* I2_DEBUG */
 
-			object->Activate(runtimeCreated);
+			object->Activate(runtimeCreated, cookie);
 		}
 	}
 
@@ -666,7 +730,7 @@ bool ConfigItem::RunWithActivationContext(const Function::Ptr& function)
 
 	function->Invoke();
 
-	WorkQueue upq(25000, Application::GetConcurrency());
+	WorkQueue upq(25000, Configuration::Concurrency);
 	upq.SetName("ConfigItem::RunWithActivationContext");
 
 	std::vector<ConfigItem::Ptr> newItems;
diff --git a/lib/config/configitem.hpp b/lib/config/configitem.hpp
index f560fa64d..0b7ee86a3 100644
--- a/lib/config/configitem.hpp
+++ b/lib/config/configitem.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGITEM_H
 #define CONFIGITEM_H
@@ -70,7 +53,8 @@ public:
 		const String& name);
 
 	static bool CommitItems(const ActivationContext::Ptr& context, WorkQueue& upq, std::vector<ConfigItem::Ptr>& newItems, bool silent = false);
-	static bool ActivateItems(WorkQueue& upq, const std::vector<ConfigItem::Ptr>& newItems, bool runtimeCreated = false, bool silent = false, bool withModAttrs = false);
+	static bool ActivateItems(WorkQueue& upq, const std::vector<ConfigItem::Ptr>& newItems, bool runtimeCreated = false,
+		bool silent = false, bool withModAttrs = false, const Value& cookie = Empty);
 
 	static bool RunWithActivationContext(const Function::Ptr& function);
 
diff --git a/lib/config/configitembuilder.cpp b/lib/config/configitembuilder.cpp
index d81b595d2..6a64c76a8 100644
--- a/lib/config/configitembuilder.cpp
+++ b/lib/config/configitembuilder.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/configitembuilder.hpp"
 #include "base/configtype.hpp"
@@ -31,6 +14,7 @@ ConfigItemBuilder::ConfigItemBuilder(const DebugInfo& debugInfo)
 
 void ConfigItemBuilder::SetType(const Type::Ptr& type)
 {
+	ASSERT(type);
 	m_Type = type;
 }
 
diff --git a/lib/config/configitembuilder.hpp b/lib/config/configitembuilder.hpp
index 2144bdbe2..792e351b7 100644
--- a/lib/config/configitembuilder.hpp
+++ b/lib/config/configitembuilder.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGITEMBUILDER_H
 #define CONFIGITEMBUILDER_H
diff --git a/lib/config/expression.cpp b/lib/config/expression.cpp
index 938deb69b..b02f2b73c 100644
--- a/lib/config/expression.cpp
+++ b/lib/config/expression.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/expression.hpp"
 #include "config/configitem.hpp"
@@ -28,6 +11,8 @@
 #include "base/exception.hpp"
 #include "base/scriptglobal.hpp"
 #include "base/loader.hpp"
+#include "base/reference.hpp"
+#include "base/namespace.hpp"
 #include <boost/exception_ptr.hpp>
 #include <boost/exception/errinfo_nested_exception.hpp>
 
@@ -115,6 +100,15 @@ const DebugInfo& DebuggableExpression::GetDebugInfo() const
 	return m_DebugInfo;
 }
 
+VariableExpression::VariableExpression(String variable, std::vector<std::shared_ptr<Expression> > imports, const DebugInfo& debugInfo)
+	: DebuggableExpression(debugInfo), m_Variable(std::move(variable)), m_Imports(std::move(imports))
+{
+	m_Imports.push_back(MakeIndexer(ScopeGlobal, "System"));
+	m_Imports.push_back(std::unique_ptr<Expression>(new IndexerExpression(MakeIndexer(ScopeGlobal, "System"), MakeLiteral("Configuration"))));
+	m_Imports.push_back(MakeIndexer(ScopeGlobal, "Types"));
+	m_Imports.push_back(MakeIndexer(ScopeGlobal, "Icinga"));
+}
+
 ExpressionResult VariableExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
 {
 	Value value;
@@ -123,7 +117,7 @@ ExpressionResult VariableExpression::DoEvaluate(ScriptFrame& frame, DebugHint *d
 		return value;
 	else if (frame.Self.IsObject() && frame.Locals != frame.Self.Get<Object::Ptr>() && frame.Self.Get<Object::Ptr>()->GetOwnField(m_Variable, &value))
 		return value;
-	else if (VMOps::FindVarImport(frame, m_Variable, &value, m_DebugInfo))
+	else if (VMOps::FindVarImport(frame, m_Imports, m_Variable, &value, m_DebugInfo))
 		return value;
 	else
 		return ScriptGlobal::Get(m_Variable);
@@ -143,7 +137,7 @@ bool VariableExpression::GetReference(ScriptFrame& frame, bool init_dict, Value
 
 		if (dhint && *dhint)
 			*dhint = new DebugHint((*dhint)->GetChild(m_Variable));
-	} else if (VMOps::FindVarImportRef(frame, m_Variable, parent, m_DebugInfo)) {
+	} else if (VMOps::FindVarImportRef(frame, m_Imports, m_Variable, parent, m_DebugInfo)) {
 		return true;
 	} else if (ScriptGlobal::Exists(m_Variable)) {
 		*parent = ScriptGlobal::GetGlobals();
@@ -156,6 +150,47 @@ bool VariableExpression::GetReference(ScriptFrame& frame, bool init_dict, Value
 	return true;
 }
 
+ExpressionResult RefExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
+{
+	Value parent;
+	String index;
+
+	if (!m_Operand->GetReference(frame, false, &parent, &index, &dhint))
+		BOOST_THROW_EXCEPTION(ScriptError("Cannot obtain reference for expression.", m_DebugInfo));
+
+	if (!parent.IsObject())
+		BOOST_THROW_EXCEPTION(ScriptError("Cannot obtain reference for expression because parent is not an object.", m_DebugInfo));
+
+	return new Reference(parent, index);
+}
+
+ExpressionResult DerefExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
+{
+	ExpressionResult operand = m_Operand->Evaluate(frame);
+	CHECK_RESULT(operand);
+
+	Object::Ptr obj = operand.GetValue();
+	Reference::Ptr ref = dynamic_pointer_cast<Reference>(obj);
+
+	if (!ref)
+		BOOST_THROW_EXCEPTION(ScriptError("Invalid reference specified.", GetDebugInfo()));
+
+	return ref->Get();
+}
+
+bool DerefExpression::GetReference(ScriptFrame& frame, bool init_dict, Value *parent, String *index, DebugHint **dhint) const
+{
+	ExpressionResult operand = m_Operand->Evaluate(frame);
+	if (operand.GetCode() != ResultOK)
+		return false;
+
+	Reference::Ptr ref = operand.GetValue();
+
+	*parent = ref->GetParent();
+	*index = ref->GetIndex();
+	return true;
+}
+
 ExpressionResult NegateExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
 {
 	ExpressionResult operand = m_Operand->Evaluate(frame);
@@ -517,6 +552,58 @@ ExpressionResult GetScopeExpression::DoEvaluate(ScriptFrame& frame, DebugHint *d
 		VERIFY(!"Invalid scope.");
 }
 
+static inline
+void WarnOnImplicitlySetGlobalVar(const std::unique_ptr<Expression>& setLhs, const Value& setLhsParent, CombinedSetOp setOp, const DebugInfo& debug)
+{
+	auto var (dynamic_cast<VariableExpression*>(setLhs.get()));
+
+	if (var && setLhsParent.IsObject()) {
+		auto ns (dynamic_pointer_cast<Namespace>(setLhsParent.Get<Object::Ptr>()));
+
+		if (ns && ns == ScriptGlobal::GetGlobals()) {
+			const char *opStr = nullptr;
+
+			switch (setOp) {
+				case OpSetLiteral:
+					opStr = "=";
+					break;
+				case OpSetAdd:
+					opStr = "+=";
+					break;
+				case OpSetSubtract:
+					opStr = "-=";
+					break;
+				case OpSetMultiply:
+					opStr = "*=";
+					break;
+				case OpSetDivide:
+					opStr = "/=";
+					break;
+				case OpSetModulo:
+					opStr = "%=";
+					break;
+				case OpSetXor:
+					opStr = "^=";
+					break;
+				case OpSetBinaryAnd:
+					opStr = "&=";
+					break;
+				case OpSetBinaryOr:
+					opStr = "|=";
+					break;
+				default:
+					VERIFY(!"Invalid opcode.");
+			}
+
+			auto varName (var->GetVariable());
+
+			Log(LogWarning, "config")
+				<< "Global variable '" << varName << "' has been set implicitly via '" << varName << ' ' << opStr << " ...' " << debug << "."
+				" Please set it explicitly via 'globals." << varName << ' ' << opStr << " ...' instead.";
+		}
+	}
+}
+
 ExpressionResult SetExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
 {
 	if (frame.Sandboxed)
@@ -566,7 +653,7 @@ ExpressionResult SetExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint)
 		}
 	}
 
-	VMOps::SetField(parent, index, operand2.GetValue(), m_DebugInfo);
+	VMOps::SetField(parent, index, operand2.GetValue(), m_OverrideFrozen, m_DebugInfo);
 
 	if (psdhint) {
 		psdhint->AddMessage("=", m_DebugInfo);
@@ -575,6 +662,35 @@ ExpressionResult SetExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint)
 			delete psdhint;
 	}
 
+	WarnOnImplicitlySetGlobalVar(m_Operand1, parent, m_Op, m_DebugInfo);
+
+	return Empty;
+}
+
+void SetExpression::SetOverrideFrozen()
+{
+	m_OverrideFrozen = true;
+}
+
+ExpressionResult SetConstExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
+{
+	auto globals = ScriptGlobal::GetGlobals();
+
+	auto attr = globals->GetAttribute(m_Name);
+
+	if (dynamic_pointer_cast<ConstEmbeddedNamespaceValue>(attr)) {
+		std::ostringstream msgbuf;
+		msgbuf << "Value for constant '" << m_Name << "' was modified. This behaviour is deprecated.\n";
+		ShowCodeLocation(msgbuf, GetDebugInfo(), false);
+		Log(LogWarning, msgbuf.str());
+	}
+
+	ExpressionResult operandres = m_Operand->Evaluate(frame);
+	CHECK_RESULT(operandres);
+	Value operand = operandres.GetValue();
+
+	globals->SetAttribute(m_Name, std::make_shared<ConstEmbeddedNamespaceValue>(operand));
+
 	return Empty;
 }
 
@@ -654,10 +770,19 @@ bool IndexerExpression::GetReference(ScriptFrame& frame, bool init_dict, Value *
 
 	if (m_Operand1->GetReference(frame, init_dict, &vparent, &vindex, &psdhint)) {
 		if (init_dict) {
-			Value old_value =  VMOps::GetField(vparent, vindex, frame.Sandboxed, m_Operand1->GetDebugInfo());
+			Value old_value;
+			bool has_field = true;
+
+			if (vparent.IsObject()) {
+				Object::Ptr oparent = vparent;
+				has_field = oparent->HasOwnField(vindex);
+			}
+
+			if (has_field)
+				old_value = VMOps::GetField(vparent, vindex, frame.Sandboxed, m_Operand1->GetDebugInfo());
 
 			if (old_value.IsEmpty() && !old_value.IsString())
-				VMOps::SetField(vparent, vindex, new Dictionary(), m_Operand1->GetDebugInfo());
+				VMOps::SetField(vparent, vindex, new Dictionary(), m_OverrideFrozen, m_Operand1->GetDebugInfo());
 		}
 
 		*parent = VMOps::GetField(vparent, vindex, frame.Sandboxed, m_DebugInfo);
@@ -683,6 +808,11 @@ bool IndexerExpression::GetReference(ScriptFrame& frame, bool init_dict, Value *
 	return true;
 }
 
+void IndexerExpression::SetOverrideFrozen()
+{
+	m_OverrideFrozen = true;
+}
+
 void icinga::BindToScope(std::unique_ptr<Expression>& expr, ScopeSpecifier scopeSpec)
 {
 	auto *dexpr = dynamic_cast<DictExpression *>(expr.get());
@@ -799,6 +929,17 @@ ExpressionResult ApplyExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhin
 		m_Package, m_FKVar, m_FVVar, m_FTerm, m_ClosedVars, m_IgnoreOnError, m_Expression, m_DebugInfo);
 }
 
+ExpressionResult NamespaceExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
+{
+	Namespace::Ptr ns = new Namespace(new ConstNamespaceBehavior());
+
+	ScriptFrame innerFrame(true, ns);
+	ExpressionResult result = m_Expression->Evaluate(innerFrame);
+	CHECK_RESULT(result);
+
+	return ns;
+}
+
 ExpressionResult ObjectExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
 {
 	if (frame.Sandboxed)
@@ -922,23 +1063,6 @@ ExpressionResult BreakpointExpression::DoEvaluate(ScriptFrame& frame, DebugHint
 	return Empty;
 }
 
-ExpressionResult UsingExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
-{
-	if (frame.Sandboxed)
-		BOOST_THROW_EXCEPTION(ScriptError("Using directives are not allowed in sandbox mode.", m_DebugInfo));
-
-	ExpressionResult importres = m_Name->Evaluate(frame);
-	CHECK_RESULT(importres);
-	Value import = importres.GetValue();
-
-	if (!import.IsObjectType<Dictionary>())
-		BOOST_THROW_EXCEPTION(ScriptError("The parameter must resolve to an object of type 'Dictionary'", m_DebugInfo));
-
-	ScriptFrame::AddImport(import);
-
-	return Empty;
-}
-
 ExpressionResult TryExceptExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const
 {
 	try {
diff --git a/lib/config/expression.hpp b/lib/config/expression.hpp
index ce3f438e6..6c36f06e7 100644
--- a/lib/config/expression.hpp
+++ b/lib/config/expression.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EXPRESSION_H
 #define EXPRESSION_H
@@ -305,9 +288,7 @@ protected:
 class VariableExpression final : public DebuggableExpression
 {
 public:
-	VariableExpression(String variable, const DebugInfo& debugInfo = DebugInfo())
-		: DebuggableExpression(debugInfo), m_Variable(std::move(variable))
-	{ }
+	VariableExpression(String variable, std::vector<std::shared_ptr<Expression> > imports, const DebugInfo& debugInfo = DebugInfo());
 
 	String GetVariable() const
 	{
@@ -320,10 +301,34 @@ protected:
 
 private:
 	String m_Variable;
+	std::vector<std::shared_ptr<Expression> > m_Imports;
 
 	friend void BindToScope(std::unique_ptr<Expression>& expr, ScopeSpecifier scopeSpec);
 };
 
+class DerefExpression final : public UnaryExpression
+{
+public:
+	DerefExpression(std::unique_ptr<Expression> operand, const DebugInfo& debugInfo = DebugInfo())
+		: UnaryExpression(std::move(operand), debugInfo)
+	{ }
+
+protected:
+	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
+	bool GetReference(ScriptFrame& frame, bool init_dict, Value *parent, String *index, DebugHint **dhint) const override;
+};
+
+class RefExpression final : public UnaryExpression
+{
+public:
+	RefExpression(std::unique_ptr<Expression> operand, const DebugInfo& debugInfo = DebugInfo())
+		: UnaryExpression(std::move(operand), debugInfo)
+	{ }
+
+protected:
+	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
+};
+
 class NegateExpression final : public UnaryExpression
 {
 public:
@@ -614,6 +619,19 @@ private:
 	friend void BindToScope(std::unique_ptr<Expression>& expr, ScopeSpecifier scopeSpec);
 };
 
+class SetConstExpression final : public UnaryExpression
+{
+public:
+	SetConstExpression(const String& name, std::unique_ptr<Expression> operand, const DebugInfo& debugInfo = DebugInfo())
+		: UnaryExpression(std::move(operand), debugInfo), m_Name(name)
+	{ }
+
+protected:
+	String m_Name;
+
+	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
+};
+
 class SetExpression final : public BinaryExpression
 {
 public:
@@ -621,11 +639,14 @@ public:
 		: BinaryExpression(std::move(operand1), std::move(operand2), debugInfo), m_Op(op)
 	{ }
 
+	void SetOverrideFrozen();
+
 protected:
 	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
 
 private:
 	CombinedSetOp m_Op;
+	bool m_OverrideFrozen{false};
 
 	friend void BindToScope(std::unique_ptr<Expression>& expr, ScopeSpecifier scopeSpec);
 };
@@ -716,7 +737,11 @@ public:
 		: BinaryExpression(std::move(operand1), std::move(operand2), debugInfo)
 	{ }
 
+	void SetOverrideFrozen();
+
 protected:
+	bool m_OverrideFrozen{false};
+
 	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
 	bool GetReference(ScriptFrame& frame, bool init_dict, Value *parent, String *index, DebugHint **dhint) const override;
 
@@ -813,6 +838,20 @@ private:
 	std::shared_ptr<Expression> m_Expression;
 };
 
+class NamespaceExpression final : public DebuggableExpression
+{
+public:
+	NamespaceExpression(std::unique_ptr<Expression> expression, const DebugInfo& debugInfo = DebugInfo())
+		: DebuggableExpression(debugInfo), m_Expression(std::move(expression))
+	{ }
+
+protected:
+	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
+
+private:
+	std::shared_ptr<Expression> m_Expression;
+};
+
 class ObjectExpression final : public DebuggableExpression
 {
 public:
@@ -909,20 +948,6 @@ protected:
 	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
 };
 
-class UsingExpression final : public DebuggableExpression
-{
-public:
-	UsingExpression(std::unique_ptr<Expression> name, const DebugInfo& debugInfo = DebugInfo())
-		: DebuggableExpression(debugInfo), m_Name(std::move(name))
-	{ }
-
-protected:
-	ExpressionResult DoEvaluate(ScriptFrame& frame, DebugHint *dhint) const override;
-
-private:
-	std::unique_ptr<Expression> m_Name;
-};
-
 class TryExceptExpression final : public DebuggableExpression
 {
 public:
diff --git a/lib/config/i2-config.hpp b/lib/config/i2-config.hpp
index 5ec9145c3..8c26287f9 100644
--- a/lib/config/i2-config.hpp
+++ b/lib/config/i2-config.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2CONFIG_H
 #define I2CONFIG_H
diff --git a/lib/config/objectrule.cpp b/lib/config/objectrule.cpp
index ce6c8d409..6a74a40b9 100644
--- a/lib/config/objectrule.cpp
+++ b/lib/config/objectrule.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/objectrule.hpp"
 #include <set>
diff --git a/lib/config/objectrule.hpp b/lib/config/objectrule.hpp
index 1e20f346c..d093c9f5f 100644
--- a/lib/config/objectrule.hpp
+++ b/lib/config/objectrule.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECTRULE_H
 #define OBJECTRULE_H
diff --git a/lib/config/vmops.hpp b/lib/config/vmops.hpp
index 503381730..8bd456d40 100644
--- a/lib/config/vmops.hpp
+++ b/lib/config/vmops.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef VMOPS_H
 #define VMOPS_H
@@ -28,6 +11,7 @@
 #include "base/debuginfo.hpp"
 #include "base/array.hpp"
 #include "base/dictionary.hpp"
+#include "base/namespace.hpp"
 #include "base/function.hpp"
 #include "base/scriptglobal.hpp"
 #include "base/exception.hpp"
@@ -42,15 +26,13 @@ namespace icinga
 class VMOps
 {
 public:
-	static inline bool FindVarImportRef(ScriptFrame& frame, const String& name, Value *result, const DebugInfo& debugInfo = DebugInfo())
+	static inline bool FindVarImportRef(ScriptFrame& frame, const std::vector<std::shared_ptr<Expression> >& imports, const String& name, Value *result, const DebugInfo& debugInfo = DebugInfo())
 	{
-		Array::Ptr imports = ScriptFrame::GetImports();
-
-		ObjectLock olock(imports);
-		for (const Value& import : imports) {
-			Object::Ptr obj = import;
+		for (const auto& import : imports) {
+			ExpressionResult res = import->Evaluate(frame);
+			Object::Ptr obj = res.GetValue();
 			if (obj->HasOwnField(name)) {
-				*result = import;
+				*result = obj;
 				return true;
 			}
 		}
@@ -58,11 +40,11 @@ public:
 		return false;
 	}
 
-	static inline bool FindVarImport(ScriptFrame& frame, const String& name, Value *result, const DebugInfo& debugInfo = DebugInfo())
+	static inline bool FindVarImport(ScriptFrame& frame, const std::vector<std::shared_ptr<Expression> >& imports, const String& name, Value *result, const DebugInfo& debugInfo = DebugInfo())
 	{
 		Value parent;
 
-		if (FindVarImportRef(frame, name, &parent, debugInfo)) {
+		if (FindVarImportRef(frame, imports, name, &parent, debugInfo)) {
 			*result = GetField(parent, name, frame.Sandboxed, debugInfo);
 			return true;
 		}
@@ -225,6 +207,26 @@ public:
 				ExpressionResult res = expression->Evaluate(frame);
 				CHECK_RESULT_LOOP(res);
 			}
+		} else if (value.IsObjectType<Namespace>()) {
+			if (fvvar.IsEmpty())
+				BOOST_THROW_EXCEPTION(ScriptError("Cannot use array iterator for namespace.", debugInfo));
+
+			Namespace::Ptr ns = value;
+			std::vector<String> keys;
+
+			{
+				ObjectLock olock(ns);
+				for (const Namespace::Pair& kv : ns) {
+					keys.push_back(kv.first);
+				}
+			}
+
+			for (const String& key : keys) {
+				frame.Locals->Set(fkvar, key);
+				frame.Locals->Set(fvvar, ns->Get(key));
+				ExpressionResult res = expression->Evaluate(frame);
+				CHECK_RESULT_LOOP(res);
+			}
 		} else
 			BOOST_THROW_EXCEPTION(ScriptError("Invalid type in for expression: " + value.GetTypeName(), debugInfo));
 
@@ -233,10 +235,10 @@ public:
 
 	static inline Value GetField(const Value& context, const String& field, bool sandboxed = false, const DebugInfo& debugInfo = DebugInfo())
 	{
-		if (unlikely(context.IsEmpty() && !context.IsString()))
+		if (BOOST_UNLIKELY(context.IsEmpty() && !context.IsString()))
 			return Empty;
 
-		if (unlikely(!context.IsObject()))
+		if (BOOST_UNLIKELY(!context.IsObject()))
 			return GetPrototypeField(context, field, true, debugInfo);
 
 		Object::Ptr object = context;
@@ -244,12 +246,12 @@ public:
 		return object->GetFieldByName(field, sandboxed, debugInfo);
 	}
 
-	static inline void SetField(const Object::Ptr& context, const String& field, const Value& value, const DebugInfo& debugInfo = DebugInfo())
+	static inline void SetField(const Object::Ptr& context, const String& field, const Value& value, bool overrideFrozen, const DebugInfo& debugInfo = DebugInfo())
 	{
 		if (!context)
 			BOOST_THROW_EXCEPTION(ScriptError("Cannot set field '" + field + "' on a value that is not an object.", debugInfo));
 
-		return context->SetFieldByName(field, value, debugInfo);
+		return context->SetFieldByName(field, value, overrideFrozen, debugInfo);
 	}
 
 private:
diff --git a/lib/db_ido/CMakeLists.txt b/lib/db_ido/CMakeLists.txt
index 6b94a7b9d..7a97d276e 100644
--- a/lib/db_ido/CMakeLists.txt
+++ b/lib/db_ido/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(dbconnection.ti dbconnection-ti.cpp dbconnection-ti.hpp)
 
diff --git a/lib/db_ido/commanddbobject.cpp b/lib/db_ido/commanddbobject.cpp
index b097bed33..2ac167aab 100644
--- a/lib/db_ido/commanddbobject.cpp
+++ b/lib/db_ido/commanddbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/commanddbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/commanddbobject.hpp b/lib/db_ido/commanddbobject.hpp
index 18534e423..6d227472b 100644
--- a/lib/db_ido/commanddbobject.hpp
+++ b/lib/db_ido/commanddbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMMANDDBOBJECT_H
 #define COMMANDDBOBJECT_H
diff --git a/lib/db_ido/db_ido-itl.conf b/lib/db_ido/db_ido-itl.conf
index e6958234a..e2c42c3d0 100644
--- a/lib/db_ido/db_ido-itl.conf
+++ b/lib/db_ido/db_ido-itl.conf
@@ -1,27 +1,8 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 System.assert(Internal.run_with_activation_context(function() {
-	var _Internal = Internal.clone()
-
-	template CheckCommand "ido-check-command" use (_Internal) {
-		execute = _Internal.IdoCheck
+	template CheckCommand "ido-check-command" use (checkFunc = Internal.IdoCheck) {
+		execute = checkFunc
 	}
 
 	object CheckCommand "ido" {
diff --git a/lib/db_ido/dbconnection.cpp b/lib/db_ido/dbconnection.cpp
index 30f602d56..0ae9a80ca 100644
--- a/lib/db_ido/dbconnection.cpp
+++ b/lib/db_ido/dbconnection.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbconnection.hpp"
 #include "db_ido/dbconnection-ti.cpp"
@@ -149,6 +132,11 @@ void DbConnection::InsertRuntimeVariable(const String& key, const Value& value)
 
 void DbConnection::UpdateProgramStatus()
 {
+	IcingaApplication::Ptr icingaApplication = IcingaApplication::GetInstance();
+
+	if (!icingaApplication)
+		return;
+
 	Log(LogNotice, "DbConnection")
 		<< "Updating programstatus table.";
 
@@ -166,18 +154,18 @@ void DbConnection::UpdateProgramStatus()
 		{ "status_update_time", DbValue::FromTimestamp(Utility::GetTime()) },
 		{ "program_start_time", DbValue::FromTimestamp(Application::GetStartTime()) },
 		{ "is_currently_running", 1 },
-		{ "endpoint_name", IcingaApplication::GetInstance()->GetNodeName() },
+		{ "endpoint_name", icingaApplication->GetNodeName() },
 		{ "process_id", Utility::GetPid() },
 		{ "daemon_mode", 1 },
 		{ "last_command_check", DbValue::FromTimestamp(Utility::GetTime()) },
-		{ "notifications_enabled", (IcingaApplication::GetInstance()->GetEnableNotifications() ? 1 : 0) },
-		{ "active_host_checks_enabled", (IcingaApplication::GetInstance()->GetEnableHostChecks() ? 1 : 0) },
+		{ "notifications_enabled", (icingaApplication->GetEnableNotifications() ? 1 : 0) },
+		{ "active_host_checks_enabled", (icingaApplication->GetEnableHostChecks() ? 1 : 0) },
 		{ "passive_host_checks_enabled", 1 },
-		{ "active_service_checks_enabled", (IcingaApplication::GetInstance()->GetEnableServiceChecks() ? 1 : 0) },
+		{ "active_service_checks_enabled", (icingaApplication->GetEnableServiceChecks() ? 1 : 0) },
 		{ "passive_service_checks_enabled", 1 },
-		{ "event_handlers_enabled", (IcingaApplication::GetInstance()->GetEnableEventHandlers() ? 1 : 0) },
-		{ "flap_detection_enabled", (IcingaApplication::GetInstance()->GetEnableFlapping() ? 1 : 0) },
-		{ "process_performance_data", (IcingaApplication::GetInstance()->GetEnablePerfdata() ? 1 : 0) }
+		{ "event_handlers_enabled", (icingaApplication->GetEnableEventHandlers() ? 1 : 0) },
+		{ "flap_detection_enabled", (icingaApplication->GetEnableFlapping() ? 1 : 0) },
+		{ "process_performance_data", (icingaApplication->GetEnablePerfdata() ? 1 : 0) }
 	});
 
 	query1.WhereCriteria = new Dictionary({
@@ -392,7 +380,26 @@ bool DbConnection::GetStatusUpdate(const DbObject::Ptr& dbobj) const
 
 void DbConnection::UpdateObject(const ConfigObject::Ptr& object)
 {
-	if (!GetConnected() || Application::IsShuttingDown())
+	bool isShuttingDown = Application::IsShuttingDown();
+	bool isRestarting = Application::IsRestarting();
+
+#ifdef I2_DEBUG
+	if (isShuttingDown || isRestarting) {
+		//Log(LogDebug, "DbConnection")
+		//	<< "Updating object '" << object->GetName() << "' \t\t active '" << Convert::ToLong(object->IsActive())
+		//	<< "' shutting down '" << Convert::ToLong(isShuttingDown) << "' restarting '" << Convert::ToLong(isRestarting) << "'.";
+	}
+#endif /* I2_DEBUG */
+
+	/* Wait until a database connection is established on reconnect. */
+	if (!GetConnected())
+		return;
+
+	/* Don't update inactive objects during shutdown/reload/restart.
+	 * They would be marked as deleted. This gets triggered with ConfigObject::StopObjects().
+	 * During startup/reconnect this is fine, the handler is not active there.
+	 */
+	if (isShuttingDown || isRestarting)
 		return;
 
 	DbObject::Ptr dbobj = DbObject::GetOrCreateByObject(object);
@@ -419,7 +426,10 @@ void DbConnection::UpdateObject(const ConfigObject::Ptr& object)
 				dbobj->SendConfigUpdateLight();
 			}
 		} else if (!active) {
-			/* Deactivate the deleted object no matter
+			/* This may happen on reload/restart actions too
+			 * and is blocked above already.
+			 *
+			 * Deactivate the deleted object no matter
 			 * which state it had in the database.
 			 */
 			DeactivateObject(dbobj);
@@ -452,8 +462,8 @@ void DbConnection::ValidateFailoverTimeout(const Lazy<double>& lvalue, const Val
 {
 	ObjectImpl<DbConnection>::ValidateFailoverTimeout(lvalue, utils);
 
-	if (lvalue() < 60)
-		BOOST_THROW_EXCEPTION(ValidationError(this, { "failover_timeout" }, "Failover timeout minimum is 60s."));
+	if (lvalue() < 30)
+		BOOST_THROW_EXCEPTION(ValidationError(this, { "failover_timeout" }, "Failover timeout minimum is 30s."));
 }
 
 void DbConnection::ValidateCategories(const Lazy<Array::Ptr>& lvalue, const ValidationUtils& utils)
diff --git a/lib/db_ido/dbconnection.hpp b/lib/db_ido/dbconnection.hpp
index 20ea9324f..3cb049f64 100644
--- a/lib/db_ido/dbconnection.hpp
+++ b/lib/db_ido/dbconnection.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DBCONNECTION_H
 #define DBCONNECTION_H
diff --git a/lib/db_ido/dbconnection.ti b/lib/db_ido/dbconnection.ti
index 2f6e60d02..ad02b4094 100644
--- a/lib/db_ido/dbconnection.ti
+++ b/lib/db_ido/dbconnection.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbquery.hpp"
 #include "base/configobject.hpp"
@@ -59,9 +42,11 @@ abstract class DbConnection : ConfigObject
 	};
 
 	[config] double failover_timeout {
-		default {{{ return 60; }}}
+		default {{{ return 30; }}}
 	};
 
+	[state, no_user_modify] double last_failover;
+
 	[no_user_modify] String schema_version;
 	[no_user_modify] bool connected;
 	[no_user_modify] bool should_connect {
diff --git a/lib/db_ido/dbevents.cpp b/lib/db_ido/dbevents.cpp
index 97709793b..68bef4f8a 100644
--- a/lib/db_ido/dbevents.cpp
+++ b/lib/db_ido/dbevents.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbevents.hpp"
 #include "db_ido/dbtype.hpp"
@@ -73,7 +56,7 @@ void DbEvents::StaticInitialize()
 	Checkable::OnStateChange.connect(std::bind(&DbEvents::AddStateChangeHistory, _1, _2, _3));
 
 	Checkable::OnNewCheckResult.connect(std::bind(&DbEvents::AddCheckResultLogHistory, _1, _2));
-	Checkable::OnNotificationSentToUser.connect(std::bind(&DbEvents::AddNotificationSentLogHistory, _1, _2, _3, _4, _5, _6, _7));
+	Checkable::OnNotificationSentToUser.connect(std::bind(&DbEvents::AddNotificationSentLogHistory, _1, _2, _3, _4, _5, _6, _7, _8));
 	Checkable::OnFlappingChanged.connect(std::bind(&DbEvents::AddFlappingChangedLogHistory, _1));
 	Checkable::OnEnableFlappingChanged.connect(std::bind(&DbEvents::AddEnableFlappingChangedLogHistory, _1));
 	Downtime::OnDowntimeTriggered.connect(std::bind(&DbEvents::AddTriggerDowntimeLogHistory, _1));
@@ -197,13 +180,7 @@ void DbEvents::ReachabilityChangedHandler(const Checkable::Ptr& checkable, const
 	if (cr->GetState() == ServiceOK)
 		is_reachable = 1;
 
-	Log(LogDebug, "DbEvents")
-		<< "Updating reachability for checkable '" << checkable->GetName() << "': " << (is_reachable ? "" : "not" ) << " reachable for " << children.size() << " children.";
-
 	for (const Checkable::Ptr& child : children) {
-		Log(LogDebug, "DbEvents")
-			<< "Updating reachability for checkable '" << child->GetName() << "': " << (is_reachable ? "" : "not" ) << " reachable.";
-
 		Host::Ptr host;
 		Service::Ptr service;
 		tie(host, service) = GetHostService(child);
@@ -339,7 +316,6 @@ void DbEvents::AddCommentInternal(std::vector<DbQuery>& queries, const Comment::
 	else if (checkable->GetReflectionType() == Service::TypeInstance)
 		commentType = 1;
 	else {
-		Log(LogDebug, "DbEvents", "unknown object type for adding comment.");
 		return;
 	}
 
@@ -475,7 +451,6 @@ void DbEvents::AddDowntimeInternal(std::vector<DbQuery>& queries, const Downtime
 	else if (checkable->GetReflectionType() == Service::TypeInstance)
 		downtimeType = 1;
 	else {
-		Log(LogDebug, "DbEvents", "unknown object type for adding downtime.");
 		return;
 	}
 
@@ -731,9 +706,6 @@ void DbEvents::TriggerDowntime(const Downtime::Ptr& downtime)
 void DbEvents::AddAcknowledgementHistory(const Checkable::Ptr& checkable, const String& author, const String& comment,
 	AcknowledgementType type, bool notify, double expiry)
 {
-	Log(LogDebug, "DbEvents")
-		<< "add acknowledgement history for '" << checkable->GetName() << "'";
-
 	std::pair<unsigned long, unsigned long> timeBag = ConvertTimestamp(Utility::GetTime());
 
 	DbQuery query1;
@@ -775,17 +747,11 @@ void DbEvents::AddAcknowledgementHistory(const Checkable::Ptr& checkable, const
 
 void DbEvents::AddAcknowledgement(const Checkable::Ptr& checkable, AcknowledgementType type)
 {
-	Log(LogDebug, "DbEvents")
-		<< "add acknowledgement for '" << checkable->GetName() << "'";
-
 	AddAcknowledgementInternal(checkable, type, true);
 }
 
 void DbEvents::RemoveAcknowledgement(const Checkable::Ptr& checkable)
 {
-	Log(LogDebug, "DbEvents")
-		<< "remove acknowledgement for '" << checkable->GetName() << "'";
-
 	AddAcknowledgementInternal(checkable, AcknowledgementNone, false);
 }
 
@@ -825,9 +791,6 @@ void DbEvents::AddAcknowledgementInternal(const Checkable::Ptr& checkable, Ackno
 void DbEvents::AddNotificationHistory(const Notification::Ptr& notification, const Checkable::Ptr& checkable, const std::set<User::Ptr>& users, NotificationType type,
 	const CheckResult::Ptr& cr, const String& author, const String& text)
 {
-	Log(LogDebug, "DbEvents")
-		<< "add notification history for '" << checkable->GetName() << "'";
-
 	/* start and end happen at the same time */
 	std::pair<unsigned long, unsigned long> timeBag = ConvertTimestamp(Utility::GetTime());
 
@@ -875,9 +838,6 @@ void DbEvents::AddNotificationHistory(const Notification::Ptr& notification, con
 	std::vector<DbQuery> queries;
 
 	for (const User::Ptr& user : users) {
-		Log(LogDebug, "DbEvents")
-			<< "add contact notification history for service '" << checkable->GetName() << "' and user '" << user->GetName() << "'.";
-
 		DbQuery query2;
 		query2.Table = "contactnotifications";
 		query2.Type = DbQueryInsert;
@@ -902,9 +862,6 @@ void DbEvents::AddNotificationHistory(const Notification::Ptr& notification, con
 /* statehistory */
 void DbEvents::AddStateChangeHistory(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, StateType type)
 {
-	Log(LogDebug, "DbEvents")
-		<< "add state change history for '" << checkable->GetName() << "'";
-
 	double ts = cr->GetExecutionEnd();
 	std::pair<unsigned long, unsigned long> timeBag = ConvertTimestamp(ts);
 
@@ -1104,7 +1061,7 @@ void DbEvents::AddRemoveDowntimeLogHistory(const Downtime::Ptr& downtime)
 }
 
 void DbEvents::AddNotificationSentLogHistory(const Notification::Ptr& notification, const Checkable::Ptr& checkable, const User::Ptr& user,
-	NotificationType notification_type, const CheckResult::Ptr& cr,
+	NotificationType notification_type, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
 	const String& author, const String& comment_text)
 {
 	CheckCommand::Ptr commandObj = checkable->GetCheckCommand();
@@ -1114,7 +1071,7 @@ void DbEvents::AddNotificationSentLogHistory(const Notification::Ptr& notificati
 	if (commandObj)
 		checkCommandName = commandObj->GetName();
 
-	String notificationTypeStr = Notification::NotificationTypeToString(notification_type);
+	String notificationTypeStr = Notification::NotificationTypeToStringCompat(notification_type); //TODO: Change that to our own types.
 
 	String author_comment = "";
 	if (notification_type == NotificationCustom || notification_type == NotificationAcknowledgement) {
@@ -1227,9 +1184,6 @@ void DbEvents::AddEnableFlappingChangedLogHistory(const Checkable::Ptr& checkabl
 
 void DbEvents::AddLogHistory(const Checkable::Ptr& checkable, const String& buffer, LogEntryType type)
 {
-	Log(LogDebug, "DbEvents")
-		<< "add log entry history for '" << checkable->GetName() << "'";
-
 	std::pair<unsigned long, unsigned long> timeBag = ConvertTimestamp(Utility::GetTime());
 
 	DbQuery query1;
@@ -1260,9 +1214,6 @@ void DbEvents::AddLogHistory(const Checkable::Ptr& checkable, const String& buff
 /* flappinghistory */
 void DbEvents::AddFlappingChangedHistory(const Checkable::Ptr& checkable)
 {
-	Log(LogDebug, "DbEvents")
-		<< "add flapping history for '" << checkable->GetName() << "'";
-
 	std::pair<unsigned long, unsigned long> timeBag = ConvertTimestamp(Utility::GetTime());
 
 	DbQuery query1;
@@ -1308,9 +1259,6 @@ void DbEvents::AddEnableFlappingChangedHistory(const Checkable::Ptr& checkable)
 	if (!checkable->GetEnableFlapping())
 		return;
 
-	Log(LogDebug, "DbEvents")
-		<< "add flapping history for '" << checkable->GetName() << "'";
-
 	std::pair<unsigned long, unsigned long> timeBag = ConvertTimestamp(Utility::GetTime());
 
 	DbQuery query1;
@@ -1352,9 +1300,6 @@ void DbEvents::AddCheckableCheckHistory(const Checkable::Ptr& checkable, const C
 	if (!cr)
 		return;
 
-	Log(LogDebug, "DbEvents")
-		<< "add checkable check history for '" << checkable->GetName() << "'";
-
 	Host::Ptr host;
 	Service::Ptr service;
 	tie(host, service) = GetHostService(checkable);
@@ -1412,9 +1357,6 @@ void DbEvents::AddCheckableCheckHistory(const Checkable::Ptr& checkable, const C
 /* eventhandlers */
 void DbEvents::AddEventHandlerHistory(const Checkable::Ptr& checkable)
 {
-	Log(LogDebug, "DbEvents")
-		<< "add eventhandler history for '" << checkable->GetName() << "'";
-
 	DbQuery query1;
 	query1.Table = "eventhandlers";
 	query1.Type = DbQueryInsert;
@@ -1458,8 +1400,6 @@ void DbEvents::AddEventHandlerHistory(const Checkable::Ptr& checkable)
 /* externalcommands */
 void DbEvents::AddExternalCommandHistory(double time, const String& command, const std::vector<String>& arguments)
 {
-	Log(LogDebug, "DbEvents", "add external command history");
-
 	DbQuery query1;
 	query1.Table = "externalcommands";
 	query1.Type = DbQueryInsert;
diff --git a/lib/db_ido/dbevents.hpp b/lib/db_ido/dbevents.hpp
index 3e27d2960..6e620ddfa 100644
--- a/lib/db_ido/dbevents.hpp
+++ b/lib/db_ido/dbevents.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DBEVENTS_H
 #define DBEVENTS_H
@@ -111,8 +94,8 @@ public:
 	static void AddTriggerDowntimeLogHistory(const Downtime::Ptr& downtime);
 	static void AddRemoveDowntimeLogHistory(const Downtime::Ptr& downtime);
 	static void AddNotificationSentLogHistory(const Notification::Ptr& notification, const Checkable::Ptr& checkable,
-		const User::Ptr& user, NotificationType notification_type, const CheckResult::Ptr& cr, const String& author,
-		const String& comment_text);
+		const User::Ptr& user, NotificationType notification_type, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
+		const String& author, const String& comment_text);
 
 	static void AddFlappingChangedLogHistory(const Checkable::Ptr& checkable);
 	static void AddEnableFlappingChangedLogHistory(const Checkable::Ptr& checkable);
diff --git a/lib/db_ido/dbobject.cpp b/lib/db_ido/dbobject.cpp
index 9ab72ec1d..c48739ede 100644
--- a/lib/db_ido/dbobject.cpp
+++ b/lib/db_ido/dbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/dbobject.hpp b/lib/db_ido/dbobject.hpp
index a90170d74..21c23504c 100644
--- a/lib/db_ido/dbobject.hpp
+++ b/lib/db_ido/dbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DBOBJECT_H
 #define DBOBJECT_H
diff --git a/lib/db_ido/dbquery.cpp b/lib/db_ido/dbquery.cpp
index cd3656c1f..01196a537 100644
--- a/lib/db_ido/dbquery.cpp
+++ b/lib/db_ido/dbquery.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbquery.hpp"
 #include "base/initialize.hpp"
@@ -29,22 +12,22 @@ std::map<String, int> DbQuery::m_CategoryFilterMap;
 
 void DbQuery::StaticInitialize()
 {
-	ScriptGlobal::Set("DbCatConfig", DbCatConfig);
-	ScriptGlobal::Set("DbCatState", DbCatState);
-	ScriptGlobal::Set("DbCatAcknowledgement", DbCatAcknowledgement);
-	ScriptGlobal::Set("DbCatComment", DbCatComment);
-	ScriptGlobal::Set("DbCatDowntime", DbCatDowntime);
-	ScriptGlobal::Set("DbCatEventHandler", DbCatEventHandler);
-	ScriptGlobal::Set("DbCatExternalCommand", DbCatExternalCommand);
-	ScriptGlobal::Set("DbCatFlapping", DbCatFlapping);
-	ScriptGlobal::Set("DbCatCheck", DbCatCheck);
-	ScriptGlobal::Set("DbCatLog", DbCatLog);
-	ScriptGlobal::Set("DbCatNotification", DbCatNotification);
-	ScriptGlobal::Set("DbCatProgramStatus", DbCatProgramStatus);
-	ScriptGlobal::Set("DbCatRetention", DbCatRetention);
-	ScriptGlobal::Set("DbCatStateHistory", DbCatStateHistory);
+	ScriptGlobal::Set("Icinga.DbCatConfig", DbCatConfig, true);
+	ScriptGlobal::Set("Icinga.DbCatState", DbCatState, true);
+	ScriptGlobal::Set("Icinga.DbCatAcknowledgement", DbCatAcknowledgement, true);
+	ScriptGlobal::Set("Icinga.DbCatComment", DbCatComment, true);
+	ScriptGlobal::Set("Icinga.DbCatDowntime", DbCatDowntime, true);
+	ScriptGlobal::Set("Icinga.DbCatEventHandler", DbCatEventHandler, true);
+	ScriptGlobal::Set("Icinga.DbCatExternalCommand", DbCatExternalCommand, true);
+	ScriptGlobal::Set("Icinga.DbCatFlapping", DbCatFlapping, true);
+	ScriptGlobal::Set("Icinga.DbCatCheck", DbCatCheck, true);
+	ScriptGlobal::Set("Icinga.DbCatLog", DbCatLog, true);
+	ScriptGlobal::Set("Icinga.DbCatNotification", DbCatNotification, true);
+	ScriptGlobal::Set("Icinga.DbCatProgramStatus", DbCatProgramStatus, true);
+	ScriptGlobal::Set("Icinga.DbCatRetention", DbCatRetention, true);
+	ScriptGlobal::Set("Icinga.DbCatStateHistory", DbCatStateHistory, true);
 
-	ScriptGlobal::Set("DbCatEverything", DbCatEverything);
+	ScriptGlobal::Set("Icinga.DbCatEverything", DbCatEverything, true);
 
 	m_CategoryFilterMap["DbCatConfig"] = DbCatConfig;
 	m_CategoryFilterMap["DbCatState"] = DbCatState;
diff --git a/lib/db_ido/dbquery.hpp b/lib/db_ido/dbquery.hpp
index fe1220681..fecb2e346 100644
--- a/lib/db_ido/dbquery.hpp
+++ b/lib/db_ido/dbquery.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DBQUERY_H
 #define DBQUERY_H
diff --git a/lib/db_ido/dbreference.cpp b/lib/db_ido/dbreference.cpp
index f2eba39bf..e8f13c0d7 100644
--- a/lib/db_ido/dbreference.cpp
+++ b/lib/db_ido/dbreference.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "dbreference.hpp"
 
diff --git a/lib/db_ido/dbreference.hpp b/lib/db_ido/dbreference.hpp
index eef22157a..70edf9a90 100644
--- a/lib/db_ido/dbreference.hpp
+++ b/lib/db_ido/dbreference.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DBREFERENCE_H
 #define DBREFERENCE_H
diff --git a/lib/db_ido/dbtype.cpp b/lib/db_ido/dbtype.cpp
index 65b56896b..0870490cb 100644
--- a/lib/db_ido/dbtype.cpp
+++ b/lib/db_ido/dbtype.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbtype.hpp"
 #include "db_ido/dbconnection.hpp"
diff --git a/lib/db_ido/dbtype.hpp b/lib/db_ido/dbtype.hpp
index ad6f3f957..a667ecc6e 100644
--- a/lib/db_ido/dbtype.hpp
+++ b/lib/db_ido/dbtype.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DBTYPE_H
 #define DBTYPE_H
diff --git a/lib/db_ido/dbvalue.cpp b/lib/db_ido/dbvalue.cpp
index a626e59fe..e1e3e6c69 100644
--- a/lib/db_ido/dbvalue.cpp
+++ b/lib/db_ido/dbvalue.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbvalue.hpp"
 
@@ -33,11 +16,6 @@ Value DbValue::FromTimestamp(const Value& ts)
 	return new DbValue(DbValueTimestamp, ts);
 }
 
-Value DbValue::FromTimestampNow()
-{
-	return new DbValue(DbValueTimestampNow, Empty);
-}
-
 Value DbValue::FromValue(const Value& value)
 {
 	return value;
@@ -57,15 +35,6 @@ bool DbValue::IsTimestamp(const Value& value)
 	return dbv->GetType() == DbValueTimestamp;
 }
 
-bool DbValue::IsTimestampNow(const Value& value)
-{
-	if (!value.IsObjectType<DbValue>())
-		return false;
-
-	DbValue::Ptr dbv = value;
-	return dbv->GetType() == DbValueTimestampNow;
-}
-
 bool DbValue::IsObjectInsertID(const Value& value)
 {
 	if (!value.IsObjectType<DbValue>())
diff --git a/lib/db_ido/dbvalue.hpp b/lib/db_ido/dbvalue.hpp
index fcb985409..cb59e3ad4 100644
--- a/lib/db_ido/dbvalue.hpp
+++ b/lib/db_ido/dbvalue.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DBVALUE_H
 #define DBVALUE_H
@@ -30,7 +13,6 @@ namespace icinga
 enum DbValueType
 {
 	DbValueTimestamp,
-	DbValueTimestampNow,
 	DbValueObjectInsertID
 };
 
@@ -47,12 +29,10 @@ public:
 	DbValue(DbValueType type, Value value);
 
 	static Value FromTimestamp(const Value& ts);
-	static Value FromTimestampNow();
 	static Value FromValue(const Value& value);
 	static Value FromObjectInsertID(const Value& value);
 
 	static bool IsTimestamp(const Value& value);
-	static bool IsTimestampNow(const Value& value);
 	static bool IsObjectInsertID(const Value& value);
 
 	static Value ExtractValue(const Value& value);
diff --git a/lib/db_ido/endpointdbobject.cpp b/lib/db_ido/endpointdbobject.cpp
index ed9b27fb3..ad343cfa0 100644
--- a/lib/db_ido/endpointdbobject.cpp
+++ b/lib/db_ido/endpointdbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/endpointdbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/endpointdbobject.hpp b/lib/db_ido/endpointdbobject.hpp
index e2edb4b6f..e4fba360f 100644
--- a/lib/db_ido/endpointdbobject.hpp
+++ b/lib/db_ido/endpointdbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ENDPOINTDBOBJECT_H
 #define ENDPOINTDBOBJECT_H
diff --git a/lib/db_ido/hostdbobject.cpp b/lib/db_ido/hostdbobject.cpp
index 808ecf640..18be0bd52 100644
--- a/lib/db_ido/hostdbobject.cpp
+++ b/lib/db_ido/hostdbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/hostdbobject.hpp"
 #include "db_ido/hostgroupdbobject.hpp"
@@ -107,7 +90,7 @@ Dictionary::Ptr HostDbObject::GetStatusFields() const
 
 	int currentState = host->GetState();
 
-	if (currentState != HostUp && !host->IsReachable())
+	if (currentState != HostUp && !host->GetLastReachable())
 		currentState = 2; /* hardcoded compat state */
 
 	fields->Set("current_state", currentState);
@@ -139,7 +122,7 @@ Dictionary::Ptr HostDbObject::GetStatusFields() const
 	fields->Set("normal_check_interval", host->GetCheckInterval() / 60.0);
 	fields->Set("retry_check_interval", host->GetRetryInterval() / 60.0);
 	fields->Set("check_timeperiod_object_id", host->GetCheckPeriod());
-	fields->Set("is_reachable", host->IsReachable());
+	fields->Set("is_reachable", host->GetLastReachable());
 	fields->Set("original_attributes", JsonEncode(host->GetOriginalAttributes()));
 
 	fields->Set("current_notification_number", CompatUtility::GetCheckableNotificationNotificationNumber(host));
diff --git a/lib/db_ido/hostdbobject.hpp b/lib/db_ido/hostdbobject.hpp
index 6d5afc7ac..9fff10ad5 100644
--- a/lib/db_ido/hostdbobject.hpp
+++ b/lib/db_ido/hostdbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HOSTDBOBJECT_H
 #define HOSTDBOBJECT_H
diff --git a/lib/db_ido/hostgroupdbobject.cpp b/lib/db_ido/hostgroupdbobject.cpp
index 13ee82783..cef6aa2c5 100644
--- a/lib/db_ido/hostgroupdbobject.cpp
+++ b/lib/db_ido/hostgroupdbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/hostgroupdbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/hostgroupdbobject.hpp b/lib/db_ido/hostgroupdbobject.hpp
index dc7016959..9c48f2995 100644
--- a/lib/db_ido/hostgroupdbobject.hpp
+++ b/lib/db_ido/hostgroupdbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HOSTGROUPDBOBJECT_H
 #define HOSTGROUPDBOBJECT_H
diff --git a/lib/db_ido/i2-db_ido.hpp b/lib/db_ido/i2-db_ido.hpp
index 959fb9fbc..1da9fdcf8 100644
--- a/lib/db_ido/i2-db_ido.hpp
+++ b/lib/db_ido/i2-db_ido.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2DB_IDO_H
 #define I2DB_IDO_H
diff --git a/lib/db_ido/idochecktask.cpp b/lib/db_ido/idochecktask.cpp
index 544c2cefb..8a9536dc3 100644
--- a/lib/db_ido/idochecktask.cpp
+++ b/lib/db_ido/idochecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/idochecktask.hpp"
 #include "icinga/host.hpp"
@@ -32,7 +15,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, IdoCheck, &IdoCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, IdoCheck, &IdoCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void IdoCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -156,6 +139,12 @@ void IdoCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult
 		cr->SetState(ServiceOK);
 	}
 
+	if (conn->GetEnableHa()) {
+		double failoverTs = conn->GetLastFailover();
+
+		msgbuf << " Last failover: " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", failoverTs) << ".";
+	}
+
 	/* Check whether the thresholds have been defined and match. */
 	if (missingQueriesCritical.IsEmpty() && qps < queriesCritical) {
 		msgbuf << " " << qps << " queries/s lower than critical threshold (" << queriesCritical << " queries/s).";
diff --git a/lib/db_ido/idochecktask.hpp b/lib/db_ido/idochecktask.hpp
index 8f73b36cd..5868c3867 100644
--- a/lib/db_ido/idochecktask.hpp
+++ b/lib/db_ido/idochecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef IDOCHECKTASK_H
 #define IDOCHECKTASK_H
diff --git a/lib/db_ido/servicedbobject.cpp b/lib/db_ido/servicedbobject.cpp
index 2d80f526b..ac1f78897 100644
--- a/lib/db_ido/servicedbobject.cpp
+++ b/lib/db_ido/servicedbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/servicedbobject.hpp"
 #include "db_ido/servicegroupdbobject.hpp"
@@ -136,7 +119,7 @@ Dictionary::Ptr ServiceDbObject::GetStatusFields() const
 	fields->Set("normal_check_interval", service->GetCheckInterval() / 60.0);
 	fields->Set("retry_check_interval", service->GetRetryInterval() / 60.0);
 	fields->Set("check_timeperiod_object_id", service->GetCheckPeriod());
-	fields->Set("is_reachable", service->IsReachable());
+	fields->Set("is_reachable", service->GetLastReachable());
 	fields->Set("original_attributes", JsonEncode(service->GetOriginalAttributes()));
 
 	fields->Set("current_notification_number", CompatUtility::GetCheckableNotificationNotificationNumber(service));
@@ -200,9 +183,6 @@ void ServiceDbObject::OnConfigUpdateHeavy()
 	DbObject::OnMultipleQueries(queries);
 
 	/* service dependencies */
-	Log(LogDebug, "ServiceDbObject")
-		<< "service dependencies for '" << service->GetName() << "'";
-
 	queries.clear();
 
 	DbQuery query2;
@@ -250,9 +230,6 @@ void ServiceDbObject::OnConfigUpdateHeavy()
 	DbObject::OnMultipleQueries(queries);
 
 	/* service contacts, contactgroups */
-	Log(LogDebug, "ServiceDbObject")
-		<< "service contacts: " << service->GetName();
-
 	queries.clear();
 
 	DbQuery query3;
@@ -265,9 +242,6 @@ void ServiceDbObject::OnConfigUpdateHeavy()
 	queries.emplace_back(std::move(query3));
 
 	for (const User::Ptr& user : CompatUtility::GetCheckableNotificationUsers(service)) {
-		Log(LogDebug, "ServiceDbObject")
-			<< "service contacts: " << user->GetName();
-
 		DbQuery query_contact;
 		query_contact.Table = GetType()->GetTable() + "_contacts";
 		query_contact.Type = DbQueryInsert;
@@ -283,9 +257,6 @@ void ServiceDbObject::OnConfigUpdateHeavy()
 
 	DbObject::OnMultipleQueries(queries);
 
-	Log(LogDebug, "ServiceDbObject")
-		<< "service contactgroups: " << service->GetName();
-
 	queries.clear();
 
 	DbQuery query4;
@@ -298,9 +269,6 @@ void ServiceDbObject::OnConfigUpdateHeavy()
 	queries.emplace_back(std::move(query4));
 
 	for (const UserGroup::Ptr& usergroup : CompatUtility::GetCheckableNotificationUserGroups(service)) {
-		Log(LogDebug, "ServiceDbObject")
-			<< "service contactgroups: " << usergroup->GetName();
-
 		DbQuery query_contact;
 		query_contact.Table = GetType()->GetTable() + "_contactgroups";
 		query_contact.Type = DbQueryInsert;
diff --git a/lib/db_ido/servicedbobject.hpp b/lib/db_ido/servicedbobject.hpp
index b88bbbd86..19824be70 100644
--- a/lib/db_ido/servicedbobject.hpp
+++ b/lib/db_ido/servicedbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SERVICEDBOBJECT_H
 #define SERVICEDBOBJECT_H
diff --git a/lib/db_ido/servicegroupdbobject.cpp b/lib/db_ido/servicegroupdbobject.cpp
index 085e76f7f..ea4d40c32 100644
--- a/lib/db_ido/servicegroupdbobject.cpp
+++ b/lib/db_ido/servicegroupdbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/servicegroupdbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/servicegroupdbobject.hpp b/lib/db_ido/servicegroupdbobject.hpp
index c62516352..7f0d6c15a 100644
--- a/lib/db_ido/servicegroupdbobject.hpp
+++ b/lib/db_ido/servicegroupdbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SERVICEGROUPDBOBJECT_H
 #define SERVICEGROUPDBOBJECT_H
diff --git a/lib/db_ido/timeperioddbobject.cpp b/lib/db_ido/timeperioddbobject.cpp
index a53ae5c2a..98997f527 100644
--- a/lib/db_ido/timeperioddbobject.cpp
+++ b/lib/db_ido/timeperioddbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/timeperioddbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/timeperioddbobject.hpp b/lib/db_ido/timeperioddbobject.hpp
index f40a024f3..e3cc13cb7 100644
--- a/lib/db_ido/timeperioddbobject.hpp
+++ b/lib/db_ido/timeperioddbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TIMEPERIODDBOBJECT_H
 #define TIMEPERIODDBOBJECT_H
diff --git a/lib/db_ido/userdbobject.cpp b/lib/db_ido/userdbobject.cpp
index 2078d57cc..f0d80b604 100644
--- a/lib/db_ido/userdbobject.cpp
+++ b/lib/db_ido/userdbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/userdbobject.hpp"
 #include "db_ido/usergroupdbobject.hpp"
diff --git a/lib/db_ido/userdbobject.hpp b/lib/db_ido/userdbobject.hpp
index fa2be5198..e0f36c5fb 100644
--- a/lib/db_ido/userdbobject.hpp
+++ b/lib/db_ido/userdbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef USERDBOBJECT_H
 #define USERDBOBJECT_H
diff --git a/lib/db_ido/usergroupdbobject.cpp b/lib/db_ido/usergroupdbobject.cpp
index 2a8458f94..23b3581a7 100644
--- a/lib/db_ido/usergroupdbobject.cpp
+++ b/lib/db_ido/usergroupdbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/usergroupdbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/usergroupdbobject.hpp b/lib/db_ido/usergroupdbobject.hpp
index ec2330627..9469823ab 100644
--- a/lib/db_ido/usergroupdbobject.hpp
+++ b/lib/db_ido/usergroupdbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef USERGROUPDBOBJECT_H
 #define USERGROUPDBOBJECT_H
diff --git a/lib/db_ido/zonedbobject.cpp b/lib/db_ido/zonedbobject.cpp
index 1c462d7e9..b8ad0c196 100644
--- a/lib/db_ido/zonedbobject.cpp
+++ b/lib/db_ido/zonedbobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/zonedbobject.hpp"
 #include "db_ido/dbtype.hpp"
diff --git a/lib/db_ido/zonedbobject.hpp b/lib/db_ido/zonedbobject.hpp
index ac051ab6c..3901c81b3 100644
--- a/lib/db_ido/zonedbobject.hpp
+++ b/lib/db_ido/zonedbobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ZONEDBOBJECT_H
 #define ZONEDBOBJECT_H
diff --git a/lib/db_ido_mysql/CMakeLists.txt b/lib/db_ido_mysql/CMakeLists.txt
index 1587cbf19..70cb90db1 100644
--- a/lib/db_ido_mysql/CMakeLists.txt
+++ b/lib/db_ido_mysql/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(idomysqlconnection.ti idomysqlconnection-ti.cpp idomysqlconnection-ti.hpp)
 
@@ -38,7 +23,7 @@ set_target_properties (
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/ido-mysql.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install(
diff --git a/lib/db_ido_mysql/idomysqlconnection.cpp b/lib/db_ido_mysql/idomysqlconnection.cpp
index 9c8fd7b41..5dbaba071 100644
--- a/lib/db_ido_mysql/idomysqlconnection.cpp
+++ b/lib/db_ido_mysql/idomysqlconnection.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido_mysql/idomysqlconnection.hpp"
 #include "db_ido_mysql/idomysqlconnection-ti.cpp"
@@ -30,7 +13,6 @@
 #include "base/configtype.hpp"
 #include "base/exception.hpp"
 #include "base/statsfunction.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <utility>
 
 using namespace icinga;
@@ -82,8 +64,6 @@ void IdoMysqlConnection::StatsFunc(const Dictionary::Ptr& status, const Array::P
 
 void IdoMysqlConnection::Resume()
 {
-	DbConnection::Resume();
-
 	Log(LogInformation, "IdoMysqlConnection")
 		<< "'" << GetName() << "' resumed.";
 
@@ -91,6 +71,9 @@ void IdoMysqlConnection::Resume()
 
 	m_QueryQueue.SetExceptionCallback(std::bind(&IdoMysqlConnection::ExceptionHandler, this, _1));
 
+	/* Immediately try to connect on Resume() without timer. */
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::Reconnect, this), PriorityImmediate);
+
 	m_TxTimer = new Timer();
 	m_TxTimer->SetInterval(1);
 	m_TxTimer->OnTimerExpired.connect(std::bind(&IdoMysqlConnection::TxTimerHandler, this));
@@ -100,27 +83,35 @@ void IdoMysqlConnection::Resume()
 	m_ReconnectTimer->SetInterval(10);
 	m_ReconnectTimer->OnTimerExpired.connect(std::bind(&IdoMysqlConnection::ReconnectTimerHandler, this));
 	m_ReconnectTimer->Start();
-	m_ReconnectTimer->Reschedule(0);
+
+	/* Start with queries after connect. */
+	DbConnection::Resume();
 
 	ASSERT(m_Mysql->thread_safe());
 }
 
 void IdoMysqlConnection::Pause()
 {
-	Log(LogInformation, "IdoMysqlConnection")
-		<< "'" << GetName() << "' paused.";
-
-	m_ReconnectTimer.reset();
+	Log(LogDebug, "IdoMysqlConnection")
+		<< "Attempting to pause '" << GetName() << "'.";
 
 	DbConnection::Pause();
 
+	m_ReconnectTimer.reset();
+
 #ifdef I2_DEBUG /* I2_DEBUG */
 	Log(LogDebug, "IdoMysqlConnection")
 		<< "Rescheduling disconnect task.";
 #endif /* I2_DEBUG */
 
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::Disconnect, this), PriorityHigh);
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::Disconnect, this), PriorityLow);
+
+	/* Work on remaining tasks but never delete the threads, for HA resuming later. */
 	m_QueryQueue.Join();
+
+	Log(LogInformation, "IdoMysqlConnection")
+		<< "'" << GetName() << "' paused.";
+
 }
 
 void IdoMysqlConnection::ExceptionHandler(boost::exception_ptr exp)
@@ -153,6 +144,9 @@ void IdoMysqlConnection::Disconnect()
 	m_Mysql->close(&m_Connection);
 
 	SetConnected(false);
+
+	Log(LogInformation, "IdoMysqlConnection")
+		<< "Disconnected from '" << GetName() << "' database '" << GetDatabase() << "'.";
 }
 
 void IdoMysqlConnection::TxTimerHandler()
@@ -162,13 +156,16 @@ void IdoMysqlConnection::TxTimerHandler()
 
 void IdoMysqlConnection::NewTransaction()
 {
+	if (IsPaused())
+		return;
+
 #ifdef I2_DEBUG /* I2_DEBUG */
 	Log(LogDebug, "IdoMysqlConnection")
 		<< "Scheduling new transaction and finishing async queries.";
 #endif /* I2_DEBUG */
 
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::InternalNewTransaction, this), PriorityHigh);
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::FinishAsyncQueries, this), PriorityHigh);
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::InternalNewTransaction, this), PriorityNormal);
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::FinishAsyncQueries, this), PriorityNormal);
 }
 
 void IdoMysqlConnection::InternalNewTransaction()
@@ -189,7 +186,8 @@ void IdoMysqlConnection::ReconnectTimerHandler()
 		<< "Scheduling reconnect task.";
 #endif /* I2_DEBUG */
 
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::Reconnect, this), PriorityLow);
+	/* Only allow Reconnect events with high priority. */
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::Reconnect, this), PriorityImmediate);
 }
 
 void IdoMysqlConnection::Reconnect()
@@ -207,6 +205,7 @@ void IdoMysqlConnection::Reconnect()
 
 	bool reconnect = false;
 
+	/* Ensure to close old connections first. */
 	if (GetConnected()) {
 		/* Check if we're really still connected */
 		if (m_Mysql->ping(&m_Connection) == 0)
@@ -217,6 +216,9 @@ void IdoMysqlConnection::Reconnect()
 		reconnect = true;
 	}
 
+	Log(LogDebug, "IdoMysqlConnection")
+		<< "Reconnect: Clearing ID cache.";
+
 	ClearIDCache();
 
 	String ihost, isocket_path, iuser, ipasswd, idb;
@@ -271,6 +273,9 @@ void IdoMysqlConnection::Reconnect()
 		BOOST_THROW_EXCEPTION(std::runtime_error(m_Mysql->error(&m_Connection)));
 	}
 
+	Log(LogNotice, "IdoMysqlConnection")
+		<< "Reconnect: '" << GetName() << "' is now connected to database '" << GetDatabase() << "'.";
+
 	SetConnected(true);
 
 	IdoMysqlResult result = Query("SELECT @@global.max_allowed_packet AS max_allowed_packet");
@@ -311,7 +316,7 @@ void IdoMysqlConnection::Reconnect()
 		Log(LogCritical, "IdoMysqlConnection")
 			<< "Schema version '" << version << "' does not match the required version '"
 			<< IDO_COMPAT_SCHEMA_VERSION << "' (or newer)! Please check the upgrade documentation at "
-			<< "https://docs.icinga.com/icinga2/latest/doc/module/icinga2/chapter/upgrading-icinga-2#upgrading-mysql-db";
+			<< "https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#upgrading-mysql-db";
 
 		BOOST_THROW_EXCEPTION(std::runtime_error("Schema version mismatch."));
 	}
@@ -356,12 +361,16 @@ void IdoMysqlConnection::Reconnect()
 			else
 				status_update_time = 0;
 
-			double status_update_age = Utility::GetTime() - status_update_time;
+			double now = Utility::GetTime();
 
-			Log(LogNotice, "IdoMysqlConnection")
-				<< "Last update by '" << endpoint_name << "' was " << status_update_age << "s ago.";
+			double status_update_age = now - status_update_time;
+			double failoverTimeout = GetFailoverTimeout();
+
+			if (status_update_age < failoverTimeout) {
+				Log(LogInformation, "IdoMysqlConnection")
+					<< "Last update by endpoint '" << endpoint_name << "' was "
+					<< status_update_age << "s ago (< failover timeout of " << failoverTimeout << "s). Retrying.";
 
-			if (status_update_age < GetFailoverTimeout()) {
 				m_Mysql->close(&m_Connection);
 				SetConnected(false);
 				SetShouldConnect(false);
@@ -379,9 +388,15 @@ void IdoMysqlConnection::Reconnect()
 
 				return;
 			}
+
+			SetLastFailover(now);
+
+			Log(LogInformation, "IdoMysqlConnection")
+				<< "Last update by endpoint '" << endpoint_name << "' was "
+				<< status_update_age << "s ago. Taking over '" << GetName() << "' in HA zone '" << Zone::GetLocalZone()->GetName() << "'.";
 		}
 
-		Log(LogNotice, "IdoMysqlConnection", "Enabling IDO connection.");
+		Log(LogNotice, "IdoMysqlConnection", "Enabling IDO connection in HA zone.");
 	}
 
 	Log(LogInformation, "IdoMysqlConnection")
@@ -448,9 +463,9 @@ void IdoMysqlConnection::Reconnect()
 		<< "Scheduling session table clear and finish connect task.";
 #endif /* I2_DEBUG */
 
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::ClearTablesBySession, this), PriorityLow);
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::ClearTablesBySession, this), PriorityNormal);
 
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::FinishConnect, this, startTime), PriorityLow);
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::FinishConnect, this, startTime), PriorityNormal);
 }
 
 void IdoMysqlConnection::FinishConnect(double startTime)
@@ -463,7 +478,8 @@ void IdoMysqlConnection::FinishConnect(double startTime)
 	FinishAsyncQueries();
 
 	Log(LogInformation, "IdoMysqlConnection")
-		<< "Finished reconnecting to MySQL IDO database in " << std::setw(2) << Utility::GetTime() - startTime << " second(s).";
+		<< "Finished reconnecting to '" << GetName() << "' database '" << GetDatabase() << "' in "
+		<< std::setw(2) << Utility::GetTime() - startTime << " second(s).";
 
 	Query("COMMIT");
 	Query("BEGIN");
@@ -519,11 +535,12 @@ void IdoMysqlConnection::FinishAsyncQueries()
 
 			size_t size_query = aq.Query.GetLength() + 1;
 
-			if (num_bytes + size_query > m_MaxPacketSize - 512)
-				break;
+			if (count > 0) {
+				if (num_bytes + size_query > m_MaxPacketSize - 512)
+					break;
 
-			if (count > 0)
 				querybuf << ";";
+			}
 
 			IncreaseQueryCount();
 			count++;
@@ -714,18 +731,24 @@ void IdoMysqlConnection::DiscardRows(const IdoMysqlResult& result)
 
 void IdoMysqlConnection::ActivateObject(const DbObject::Ptr& dbobj)
 {
+	if (IsPaused())
+		return;
+
 #ifdef I2_DEBUG /* I2_DEBUG */
 	Log(LogDebug, "IdoMysqlConnection")
 		<< "Scheduling object activation task for '" << dbobj->GetName1() << "!" << dbobj->GetName2() << "'.";
 #endif /* I2_DEBUG */
 
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::InternalActivateObject, this, dbobj), PriorityLow);
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::InternalActivateObject, this, dbobj), PriorityNormal);
 }
 
 void IdoMysqlConnection::InternalActivateObject(const DbObject::Ptr& dbobj)
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused())
+		return;
+
 	if (!GetConnected())
 		return;
 
@@ -753,18 +776,24 @@ void IdoMysqlConnection::InternalActivateObject(const DbObject::Ptr& dbobj)
 
 void IdoMysqlConnection::DeactivateObject(const DbObject::Ptr& dbobj)
 {
+	if (IsPaused())
+		return;
+
 #ifdef I2_DEBUG /* I2_DEBUG */
 	Log(LogDebug, "IdoMysqlConnection")
 		<< "Scheduling object deactivation task for '" << dbobj->GetName1() << "!" << dbobj->GetName2() << "'.";
 #endif /* I2_DEBUG */
 
-	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::InternalDeactivateObject, this, dbobj), PriorityLow);
+	m_QueryQueue.Enqueue(std::bind(&IdoMysqlConnection::InternalDeactivateObject, this, dbobj), PriorityNormal);
 }
 
 void IdoMysqlConnection::InternalDeactivateObject(const DbObject::Ptr& dbobj)
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused())
+		return;
+
 	if (!GetConnected())
 		return;
 
@@ -830,8 +859,6 @@ bool IdoMysqlConnection::FieldToEscapedString(const String& key, const Value& va
 		std::ostringstream msgbuf;
 		msgbuf << "FROM_UNIXTIME(" << ts << ")";
 		*result = Value(msgbuf.str());
-	} else if (DbValue::IsTimestampNow(value)) {
-		*result = "NOW()";
 	} else if (DbValue::IsObjectInsertID(value)) {
 		auto id = static_cast<long>(rawvalue);
 
@@ -856,6 +883,9 @@ bool IdoMysqlConnection::FieldToEscapedString(const String& key, const Value& va
 
 void IdoMysqlConnection::ExecuteQuery(const DbQuery& query)
 {
+	if (IsPaused())
+		return;
+
 	ASSERT(query.Category != DbCatInvalid);
 
 #ifdef I2_DEBUG /* I2_DEBUG */
@@ -868,6 +898,9 @@ void IdoMysqlConnection::ExecuteQuery(const DbQuery& query)
 
 void IdoMysqlConnection::ExecuteMultipleQueries(const std::vector<DbQuery>& queries)
 {
+	if (IsPaused())
+		return;
+
 	if (queries.empty())
 		return;
 
@@ -915,6 +948,9 @@ void IdoMysqlConnection::InternalExecuteMultipleQueries(const std::vector<DbQuer
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused())
+		return;
+
 	if (!GetConnected())
 		return;
 
@@ -943,6 +979,9 @@ void IdoMysqlConnection::InternalExecuteQuery(const DbQuery& query, int typeOver
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused())
+		return;
+
 	if (!GetConnected())
 		return;
 
@@ -1130,6 +1169,9 @@ void IdoMysqlConnection::FinishExecuteQuery(const DbQuery& query, int type, bool
 
 void IdoMysqlConnection::CleanUpExecuteQuery(const String& table, const String& time_column, double max_age)
 {
+	if (IsPaused())
+		return;
+
 #ifdef I2_DEBUG /* I2_DEBUG */
 		Log(LogDebug, "IdoMysqlConnection")
 			<< "Rescheduling cleanup query for table '" << table << "' and column '"
@@ -1143,6 +1185,9 @@ void IdoMysqlConnection::InternalCleanUpExecuteQuery(const String& table, const
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused())
+		return;
+
 	if (!GetConnected())
 		return;
 
diff --git a/lib/db_ido_mysql/idomysqlconnection.hpp b/lib/db_ido_mysql/idomysqlconnection.hpp
index 0a13bb73a..748243a4c 100644
--- a/lib/db_ido_mysql/idomysqlconnection.hpp
+++ b/lib/db_ido_mysql/idomysqlconnection.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef IDOMYSQLCONNECTION_H
 #define IDOMYSQLCONNECTION_H
diff --git a/lib/db_ido_mysql/idomysqlconnection.ti b/lib/db_ido_mysql/idomysqlconnection.ti
index 8a70d5668..ad5139703 100644
--- a/lib/db_ido_mysql/idomysqlconnection.ti
+++ b/lib/db_ido_mysql/idomysqlconnection.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbconnection.hpp"
 
diff --git a/lib/db_ido_mysql/schema/mysql.sql b/lib/db_ido_mysql/schema/mysql.sql
index 414acb10a..7f1cce3ca 100644
--- a/lib/db_ido_mysql/schema/mysql.sql
+++ b/lib/db_ido_mysql/schema/mysql.sql
@@ -2,7 +2,7 @@
 -- mysql.sql
 -- DB definition for IDO MySQL
 --
--- Copyright (c) 2009-2018 Icinga Development Team (https://www.icinga.com/)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- -- --------------------------------------------------------
 
@@ -692,8 +692,7 @@ CREATE TABLE IF NOT EXISTS icinga_hosts (
   z_3d double  default '0',
   config_hash varchar(64) DEFAULT NULL,
   PRIMARY KEY  (host_id),
-  UNIQUE KEY instance_id (instance_id,config_type,host_object_id),
-  KEY host_object_id (host_object_id)
+  UNIQUE KEY instance_id (instance_id,config_type,host_object_id)
 ) ENGINE=InnoDB  COMMENT='Host definitions';
 
 -- --------------------------------------------------------
@@ -1181,8 +1180,7 @@ CREATE TABLE IF NOT EXISTS icinga_services (
   icon_image_alt TEXT character set latin1,
   config_hash varchar(64) DEFAULT NULL,
   PRIMARY KEY  (service_id),
-  UNIQUE KEY instance_id (instance_id,config_type,service_object_id),
-  KEY service_object_id (service_object_id)
+  UNIQUE KEY instance_id (instance_id,config_type,service_object_id)
 ) ENGINE=InnoDB  COMMENT='Service definitions';
 
 -- --------------------------------------------------------
@@ -1463,10 +1461,8 @@ ALTER TABLE icinga_systemcommands ADD COLUMN endpoint_object_id bigint default N
 -- EXTERNALCOMMANDS => entry_time
 
 -- instance_id
-CREATE INDEX systemcommands_i_id_idx on icinga_systemcommands(instance_id);
 CREATE INDEX servicechecks_i_id_idx on icinga_servicechecks(instance_id);
 CREATE INDEX hostchecks_i_id_idx on icinga_hostchecks(instance_id);
-CREATE INDEX eventhandlers_i_id_idx on icinga_eventhandlers(instance_id);
 CREATE INDEX externalcommands_i_id_idx on icinga_externalcommands(instance_id);
 
 -- time
@@ -1481,40 +1477,22 @@ CREATE INDEX externalcommands_time_id_idx on icinga_externalcommands(entry_time)
 -- instance_id only
 
 -- realtime data
-CREATE INDEX programstatus_i_id_idx on icinga_programstatus(instance_id);
 CREATE INDEX hoststatus_i_id_idx on icinga_hoststatus(instance_id);
 CREATE INDEX servicestatus_i_id_idx on icinga_servicestatus(instance_id);
 CREATE INDEX contactstatus_i_id_idx on icinga_contactstatus(instance_id);
-CREATE INDEX comments_i_id_idx on icinga_comments(instance_id);
-CREATE INDEX scheduleddowntime_i_id_idx on icinga_scheduleddowntime(instance_id);
-CREATE INDEX runtimevariables_i_id_idx on icinga_runtimevariables(instance_id);
 CREATE INDEX customvariablestatus_i_id_idx on icinga_customvariablestatus(instance_id);
 
 -- config data
-CREATE INDEX configfiles_i_id_idx on icinga_configfiles(instance_id);
 CREATE INDEX configfilevariables_i_id_idx on icinga_configfilevariables(instance_id);
 CREATE INDEX customvariables_i_id_idx on icinga_customvariables(instance_id);
-CREATE INDEX commands_i_id_idx on icinga_commands(instance_id);
-CREATE INDEX timeperiods_i_id_idx on icinga_timeperiods(instance_id);
 CREATE INDEX timeperiod_timeranges_i_id_idx on icinga_timeperiod_timeranges(instance_id);
-CREATE INDEX contactgroups_i_id_idx on icinga_contactgroups(instance_id);
 CREATE INDEX contactgroup_members_i_id_idx on icinga_contactgroup_members(instance_id);
-CREATE INDEX hostgroups_i_id_idx on icinga_hostgroups(instance_id);
 CREATE INDEX hostgroup_members_i_id_idx on icinga_hostgroup_members(instance_id);
-CREATE INDEX servicegroups_i_id_idx on icinga_servicegroups(instance_id);
 CREATE INDEX servicegroup_members_i_id_idx on icinga_servicegroup_members(instance_id);
-CREATE INDEX hostesc_i_id_idx on icinga_hostescalations(instance_id);
-CREATE INDEX hostesc_contacts_i_id_idx on icinga_hostescalation_contacts(instance_id);
-CREATE INDEX serviceesc_i_id_idx on icinga_serviceescalations(instance_id);
-CREATE INDEX serviceesc_contacts_i_id_idx on icinga_serviceescalation_contacts(instance_id);
-CREATE INDEX hostdependencies_i_id_idx on icinga_hostdependencies(instance_id);
-CREATE INDEX contacts_i_id_idx on icinga_contacts(instance_id);
 CREATE INDEX contact_addresses_i_id_idx on icinga_contact_addresses(instance_id);
 CREATE INDEX contact_notifcommands_i_id_idx on icinga_contact_notificationcommands(instance_id);
-CREATE INDEX hosts_i_id_idx on icinga_hosts(instance_id);
 CREATE INDEX host_parenthosts_i_id_idx on icinga_host_parenthosts(instance_id);
 CREATE INDEX host_contacts_i_id_idx on icinga_host_contacts(instance_id);
-CREATE INDEX services_i_id_idx on icinga_services(instance_id);
 CREATE INDEX service_contacts_i_id_idx on icinga_service_contacts(instance_id);
 CREATE INDEX service_contactgroups_i_id_idx on icinga_service_contactgroups(instance_id);
 CREATE INDEX host_contactgroups_i_id_idx on icinga_host_contactgroups(instance_id);
@@ -1574,7 +1552,6 @@ CREATE INDEX hostchks_h_obj_id_idx on icinga_hostchecks(host_object_id);
 CREATE INDEX servicechks_s_obj_id_idx on icinga_servicechecks(service_object_id);
 
 -- objects
-CREATE INDEX objects_objtype_id_idx ON icinga_objects(objecttype_id);
 CREATE INDEX objects_name1_idx ON icinga_objects(name1);
 CREATE INDEX objects_name2_idx ON icinga_objects(name2);
 CREATE INDEX objects_inst_id_idx ON icinga_objects(instance_id);
@@ -1643,10 +1620,6 @@ CREATE INDEX sla_idx_obj ON icinga_objects (objecttype_id, is_active, name1);
 -- #4985
 CREATE INDEX commenthistory_delete_idx ON icinga_commenthistory (instance_id, comment_time, internal_comment_id);
 
--- #10070
-CREATE INDEX idx_comments_object_id on icinga_comments(object_id);
-CREATE INDEX idx_scheduleddowntime_object_id on icinga_scheduleddowntime(object_id);
-
 -- #10066
 CREATE INDEX idx_endpoints_object_id on icinga_endpoints(endpoint_object_id);
 CREATE INDEX idx_endpointstatus_object_id on icinga_endpointstatus(endpoint_object_id);
@@ -1668,7 +1641,6 @@ CREATE INDEX idx_downtimes_session_del ON icinga_scheduleddowntime (instance_id,
 CREATE INDEX idx_statehistory_cleanup on icinga_statehistory(instance_id, state_time);
 
 -- #12435
-CREATE INDEX idx_customvariables_object_id on icinga_customvariables(object_id);
 CREATE INDEX idx_contactgroup_members_object_id on icinga_contactgroup_members(contact_object_id);
 CREATE INDEX idx_hostgroup_members_object_id on icinga_hostgroup_members(host_object_id);
 CREATE INDEX idx_servicegroup_members_object_id on icinga_servicegroup_members(service_object_id);
diff --git a/lib/db_ido_mysql/schema/upgrade/2.0.2.sql b/lib/db_ido_mysql/schema/upgrade/2.0.2.sql
index fb8834a22..c622ae9a6 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.0.2.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.0.2.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.0.2
 --
 -- -----------------------------------------
--- Copyright (c) 2014 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.1.0.sql b/lib/db_ido_mysql/schema/upgrade/2.1.0.sql
index 244463829..7bbed721b 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.1.0.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.1.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.1.0
 --
 -- -----------------------------------------
--- Copyright (c) 2014 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.11.0.sql b/lib/db_ido_mysql/schema/upgrade/2.11.0.sql
new file mode 100644
index 000000000..bafa93f7a
--- /dev/null
+++ b/lib/db_ido_mysql/schema/upgrade/2.11.0.sql
@@ -0,0 +1,89 @@
+-- -----------------------------------------
+-- upgrade path for Icinga 2.11.0
+--
+-- -----------------------------------------
+-- Copyright (c) 2019 Icinga Development Team (https://icinga.com/)
+--
+-- Please check https://docs.icinga.com for upgrading information!
+-- -----------------------------------------
+
+SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
+
+-- --------------------------------------------------------
+-- Helper functions and procedures for DROP INDEX IF EXISTS
+-- --------------------------------------------------------
+
+DELIMITER //
+DROP FUNCTION IF EXISTS ido_index_exists //
+CREATE FUNCTION ido_index_exists(
+  f_table_name varchar(64),
+  f_index_name varchar(64)
+)
+  RETURNS BOOL
+  DETERMINISTIC
+  READS SQL DATA
+  BEGIN
+    DECLARE index_exists BOOL DEFAULT FALSE;
+    SELECT EXISTS (
+        SELECT 1
+        FROM information_schema.statistics
+        WHERE table_schema = SCHEMA()
+              AND table_name = f_table_name
+              AND index_name = f_index_name
+    ) INTO index_exists;
+    RETURN index_exists;
+  END //
+
+DROP PROCEDURE IF EXISTS ido_drop_index_if_exists //
+CREATE PROCEDURE ido_drop_index_if_exists (
+  IN p_table_name varchar(64),
+  IN p_index_name varchar(64)
+)
+  DETERMINISTIC
+  MODIFIES SQL DATA
+  BEGIN
+    IF ido_index_exists(p_table_name, p_index_name)
+    THEN
+      SET @ido_drop_index_sql = CONCAT('ALTER TABLE `', SCHEMA(), '`.`', p_table_name, '` DROP INDEX `', p_index_name, '`');
+      PREPARE stmt FROM @ido_drop_index_sql;
+      EXECUTE stmt;
+      DEALLOCATE PREPARE stmt;
+      SET @ido_drop_index_sql = NULL;
+    END IF;
+  END //
+DELIMITER ;
+
+CALL ido_drop_index_if_exists('icinga_commands', 'commands_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_comments', 'idx_comments_object_id');
+CALL ido_drop_index_if_exists('icinga_comments', 'comments_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_configfiles', 'configfiles_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_contactgroups', 'contactgroups_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_contacts', 'contacts_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_customvariables', 'idx_customvariables_object_id');
+CALL ido_drop_index_if_exists('icinga_eventhandlers', 'eventhandlers_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_hostdependencies', 'hostdependencies_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_hostescalations', 'hostesc_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_hostescalation_contacts', 'hostesc_contacts_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_hostgroups', 'hostgroups_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_hosts', 'host_object_id');
+CALL ido_drop_index_if_exists('icinga_hosts', 'hosts_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_objects', 'objects_objtype_id_idx');
+CALL ido_drop_index_if_exists('icinga_programstatus', 'programstatus_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_runtimevariables', 'runtimevariables_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_scheduleddowntime', 'scheduleddowntime_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_scheduleddowntime', 'idx_scheduleddowntime_object_id');
+CALL ido_drop_index_if_exists('icinga_serviceescalations', 'serviceesc_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_serviceescalation_contacts', 'serviceesc_contacts_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_servicegroups', 'servicegroups_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_services', 'services_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_services', 'service_object_id');
+CALL ido_drop_index_if_exists('icinga_systemcommands', 'systemcommands_i_id_idx');
+CALL ido_drop_index_if_exists('icinga_timeperiods', 'timeperiods_i_id_idx');
+
+DROP FUNCTION ido_index_exists;
+DROP PROCEDURE ido_drop_index_if_exists;
+
+-- -----------------------------------------
+-- set dbversion (same as 2.11.0)
+-- -----------------------------------------
+INSERT INTO icinga_dbversion (name, version, create_time, modify_time) VALUES ('idoutils', '1.15.0', NOW(), NOW()) ON DUPLICATE KEY UPDATE version='1.15.0', modify_time=NOW();
diff --git a/lib/db_ido_mysql/schema/upgrade/2.2.0.sql b/lib/db_ido_mysql/schema/upgrade/2.2.0.sql
index 040c6ee3d..22a611531 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.2.0.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.2.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.2.0
 --
 -- -----------------------------------------
--- Copyright (c) 2014 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.3.0.sql b/lib/db_ido_mysql/schema/upgrade/2.3.0.sql
index 2c43d5844..f2fe463b1 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.3.0.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.3.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.3.0
 --
 -- -----------------------------------------
--- Copyright (c) 2015 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.4.0.sql b/lib/db_ido_mysql/schema/upgrade/2.4.0.sql
index 1064b7088..f6803f715 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.4.0.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.4.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.4.0
 --
 -- -----------------------------------------
--- Copyright (c) 2015 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.5.0.sql b/lib/db_ido_mysql/schema/upgrade/2.5.0.sql
index 79090cf64..d5714a0cb 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.5.0.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.5.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.5.0
 --
 -- -----------------------------------------
--- Copyright (c) 2016 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.6.0.sql b/lib/db_ido_mysql/schema/upgrade/2.6.0.sql
index fbf354452..33dd780b3 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.6.0.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.6.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.6.0
 --
 -- -----------------------------------------
--- Copyright (c) 2016 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.8.0.sql b/lib/db_ido_mysql/schema/upgrade/2.8.0.sql
index db546d007..8d511a757 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.8.0.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.8.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.8.0
 --
 -- -----------------------------------------
--- Copyright (c) 2017 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_mysql/schema/upgrade/2.8.1.sql b/lib/db_ido_mysql/schema/upgrade/2.8.1.sql
index 4bf943e10..98f851143 100644
--- a/lib/db_ido_mysql/schema/upgrade/2.8.1.sql
+++ b/lib/db_ido_mysql/schema/upgrade/2.8.1.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.8.1 (fix for fresh 2.8.0 installation only)
 --
 -- -----------------------------------------
--- Copyright (c) 2018 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/CMakeLists.txt b/lib/db_ido_pgsql/CMakeLists.txt
index 35f15fab5..e081a6278 100644
--- a/lib/db_ido_pgsql/CMakeLists.txt
+++ b/lib/db_ido_pgsql/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(idopgsqlconnection.ti idopgsqlconnection-ti.cpp idopgsqlconnection-ti.hpp)
 
@@ -38,7 +23,7 @@ set_target_properties (
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/ido-pgsql.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install(
diff --git a/lib/db_ido_pgsql/idopgsqlconnection.cpp b/lib/db_ido_pgsql/idopgsqlconnection.cpp
index 9771d4027..e458e0d63 100644
--- a/lib/db_ido_pgsql/idopgsqlconnection.cpp
+++ b/lib/db_ido_pgsql/idopgsqlconnection.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido_pgsql/idopgsqlconnection.hpp"
 #include "db_ido_pgsql/idopgsqlconnection-ti.cpp"
@@ -31,7 +14,6 @@
 #include "base/exception.hpp"
 #include "base/context.hpp"
 #include "base/statsfunction.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <utility>
 
 using namespace icinga;
@@ -89,8 +71,6 @@ void IdoPgsqlConnection::StatsFunc(const Dictionary::Ptr& status, const Array::P
 
 void IdoPgsqlConnection::Resume()
 {
-	DbConnection::Resume();
-
 	Log(LogInformation, "IdoPgsqlConnection")
 		<< "'" << GetName() << "' resumed.";
 
@@ -98,6 +78,9 @@ void IdoPgsqlConnection::Resume()
 
 	m_QueryQueue.SetExceptionCallback(std::bind(&IdoPgsqlConnection::ExceptionHandler, this, _1));
 
+	/* Immediately try to connect on Resume() without timer. */
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::Reconnect, this), PriorityImmediate);
+
 	m_TxTimer = new Timer();
 	m_TxTimer->SetInterval(1);
 	m_TxTimer->OnTimerExpired.connect(std::bind(&IdoPgsqlConnection::TxTimerHandler, this));
@@ -107,22 +90,26 @@ void IdoPgsqlConnection::Resume()
 	m_ReconnectTimer->SetInterval(10);
 	m_ReconnectTimer->OnTimerExpired.connect(std::bind(&IdoPgsqlConnection::ReconnectTimerHandler, this));
 	m_ReconnectTimer->Start();
-	m_ReconnectTimer->Reschedule(0);
+
+	/* Start with queries after connect. */
+	DbConnection::Resume();
 
 	ASSERT(m_Pgsql->isthreadsafe());
 }
 
 void IdoPgsqlConnection::Pause()
 {
-	Log(LogInformation, "IdoPgsqlConnection")
-		<< "'" << GetName() << "' paused.";
+	DbConnection::Pause();
 
 	m_ReconnectTimer.reset();
 
-	DbConnection::Pause();
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::Disconnect, this), PriorityLow);
 
-	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::Disconnect, this), PriorityHigh);
+	/* Work on remaining tasks but never delete the threads, for HA resuming later. */
 	m_QueryQueue.Join();
+
+	Log(LogInformation, "IdoPgsqlConnection")
+		<< "'" << GetName() << "' paused.";
 }
 
 void IdoPgsqlConnection::ExceptionHandler(boost::exception_ptr exp)
@@ -154,6 +141,9 @@ void IdoPgsqlConnection::Disconnect()
 
 	m_Pgsql->finish(m_Connection);
 	SetConnected(false);
+
+	Log(LogInformation, "IdoPgsqlConnection")
+		<< "Disconnected from '" << GetName() << "' database '" << GetDatabase() << "'.";
 }
 
 void IdoPgsqlConnection::TxTimerHandler()
@@ -163,7 +153,10 @@ void IdoPgsqlConnection::TxTimerHandler()
 
 void IdoPgsqlConnection::NewTransaction()
 {
-	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalNewTransaction, this), PriorityHigh, true);
+	if (IsPaused())
+		return;
+
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalNewTransaction, this), PriorityNormal, true);
 }
 
 void IdoPgsqlConnection::InternalNewTransaction()
@@ -179,7 +172,8 @@ void IdoPgsqlConnection::InternalNewTransaction()
 
 void IdoPgsqlConnection::ReconnectTimerHandler()
 {
-	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::Reconnect, this), PriorityLow);
+	/* Only allow Reconnect events with high priority. */
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::Reconnect, this), PriorityHigh);
 }
 
 void IdoPgsqlConnection::Reconnect()
@@ -294,7 +288,7 @@ void IdoPgsqlConnection::Reconnect()
 		Log(LogCritical, "IdoPgsqlConnection")
 			<< "Schema version '" << version << "' does not match the required version '"
 			<< IDO_COMPAT_SCHEMA_VERSION << "' (or newer)! Please check the upgrade documentation at "
-			<< "https://docs.icinga.com/icinga2/latest/doc/module/icinga2/chapter/upgrading-icinga-2#upgrading-postgresql-db";
+			<< "https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#upgrading-postgresql-db";
 
 		BOOST_THROW_EXCEPTION(std::runtime_error("Schema version mismatch."));
 	}
@@ -336,12 +330,16 @@ void IdoPgsqlConnection::Reconnect()
 			else
 				status_update_time = 0;
 
-			double status_update_age = Utility::GetTime() - status_update_time;
+			double now = Utility::GetTime();
 
-			Log(LogNotice, "IdoPgsqlConnection")
-				<< "Last update by '" << endpoint_name << "' was " << status_update_age << "s ago.";
+			double status_update_age = now - status_update_time;
+			double failoverTimeout = GetFailoverTimeout();
 
 			if (status_update_age < GetFailoverTimeout()) {
+				Log(LogInformation, "IdoPgsqlConnection")
+					<< "Last update by endpoint '" << endpoint_name << "' was "
+					<< status_update_age << "s ago (< failover timeout of " << failoverTimeout << "s). Retrying.";
+
 				m_Pgsql->finish(m_Connection);
 				SetConnected(false);
 				SetShouldConnect(false);
@@ -359,6 +357,12 @@ void IdoPgsqlConnection::Reconnect()
 
 				return;
 			}
+
+			SetLastFailover(now);
+
+			Log(LogInformation, "IdoPgsqlConnection")
+				<< "Last update by endpoint '" << endpoint_name << "' was "
+				<< status_update_age << "s ago. Taking over '" << GetName() << "' in HA zone '" << Zone::GetLocalZone()->GetName() << "'.";
 		}
 
 		Log(LogNotice, "IdoPgsqlConnection", "Enabling IDO connection.");
@@ -422,9 +426,9 @@ void IdoPgsqlConnection::Reconnect()
 
 	UpdateAllObjects();
 
-	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::ClearTablesBySession, this), PriorityLow);
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::ClearTablesBySession, this), PriorityNormal);
 
-	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::FinishConnect, this, startTime), PriorityLow);
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::FinishConnect, this, startTime), PriorityNormal);
 }
 
 void IdoPgsqlConnection::FinishConnect(double startTime)
@@ -435,7 +439,8 @@ void IdoPgsqlConnection::FinishConnect(double startTime)
 		return;
 
 	Log(LogInformation, "IdoPgsqlConnection")
-		<< "Finished reconnecting to PostgreSQL IDO database in " << std::setw(2) << Utility::GetTime() - startTime << " second(s).";
+		<< "Finished reconnecting to '" << GetName() << "' database '" << GetDatabase() << "' in "
+		<< std::setw(2) << Utility::GetTime() - startTime << " second(s).";
 
 	Query("COMMIT");
 	Query("BEGIN");
@@ -569,7 +574,10 @@ Dictionary::Ptr IdoPgsqlConnection::FetchRow(const IdoPgsqlResult& result, int r
 
 void IdoPgsqlConnection::ActivateObject(const DbObject::Ptr& dbobj)
 {
-	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalActivateObject, this, dbobj), PriorityLow);
+	if (IsPaused())
+		return;
+
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalActivateObject, this, dbobj), PriorityNormal);
 }
 
 void IdoPgsqlConnection::InternalActivateObject(const DbObject::Ptr& dbobj)
@@ -603,7 +611,10 @@ void IdoPgsqlConnection::InternalActivateObject(const DbObject::Ptr& dbobj)
 
 void IdoPgsqlConnection::DeactivateObject(const DbObject::Ptr& dbobj)
 {
-	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalDeactivateObject, this, dbobj), PriorityLow);
+	if (IsPaused())
+		return;
+
+	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalDeactivateObject, this, dbobj), PriorityNormal);
 }
 
 void IdoPgsqlConnection::InternalDeactivateObject(const DbObject::Ptr& dbobj)
@@ -675,8 +686,6 @@ bool IdoPgsqlConnection::FieldToEscapedString(const String& key, const Value& va
 		std::ostringstream msgbuf;
 		msgbuf << "TO_TIMESTAMP(" << ts << ") AT TIME ZONE 'UTC'";
 		*result = Value(msgbuf.str());
-	} else if (DbValue::IsTimestampNow(value)) {
-		*result = "NOW()";
 	} else if (DbValue::IsObjectInsertID(value)) {
 		auto id = static_cast<long>(rawvalue);
 
@@ -701,6 +710,9 @@ bool IdoPgsqlConnection::FieldToEscapedString(const String& key, const Value& va
 
 void IdoPgsqlConnection::ExecuteQuery(const DbQuery& query)
 {
+	if (IsPaused())
+		return;
+
 	ASSERT(query.Category != DbCatInvalid);
 
 	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalExecuteQuery, this, query, -1), query.Priority, true);
@@ -708,6 +720,9 @@ void IdoPgsqlConnection::ExecuteQuery(const DbQuery& query)
 
 void IdoPgsqlConnection::ExecuteMultipleQueries(const std::vector<DbQuery>& queries)
 {
+	if (IsPaused())
+		return;
+
 	if (queries.empty())
 		return;
 
@@ -750,6 +765,9 @@ void IdoPgsqlConnection::InternalExecuteMultipleQueries(const std::vector<DbQuer
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused())
+		return;
+
 	if (!GetConnected())
 		return;
 
@@ -771,6 +789,9 @@ void IdoPgsqlConnection::InternalExecuteQuery(const DbQuery& query, int typeOver
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused())
+		return;
+
 	if (!GetConnected())
 		return;
 
@@ -935,6 +956,9 @@ void IdoPgsqlConnection::InternalExecuteQuery(const DbQuery& query, int typeOver
 
 void IdoPgsqlConnection::CleanUpExecuteQuery(const String& table, const String& time_column, double max_age)
 {
+	if (IsPaused())
+		return;
+
 	m_QueryQueue.Enqueue(std::bind(&IdoPgsqlConnection::InternalCleanUpExecuteQuery, this, table, time_column, max_age), PriorityLow, true);
 }
 
@@ -947,7 +971,7 @@ void IdoPgsqlConnection::InternalCleanUpExecuteQuery(const String& table, const
 
 	Query("DELETE FROM " + GetTablePrefix() + table + " WHERE instance_id = " +
 		Convert::ToString(static_cast<long>(m_InstanceID)) + " AND " + time_column +
-		" < TO_TIMESTAMP(" + Convert::ToString(static_cast<long>(max_age)) + ")");
+		" < TO_TIMESTAMP(" + Convert::ToString(static_cast<long>(max_age)) + ") AT TIME ZONE 'UTC'");
 }
 
 void IdoPgsqlConnection::FillIDCache(const DbType::Ptr& type)
diff --git a/lib/db_ido_pgsql/idopgsqlconnection.hpp b/lib/db_ido_pgsql/idopgsqlconnection.hpp
index 3b1dc2649..83e4d3f9f 100644
--- a/lib/db_ido_pgsql/idopgsqlconnection.hpp
+++ b/lib/db_ido_pgsql/idopgsqlconnection.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef IDOPGSQLCONNECTION_H
 #define IDOPGSQLCONNECTION_H
diff --git a/lib/db_ido_pgsql/idopgsqlconnection.ti b/lib/db_ido_pgsql/idopgsqlconnection.ti
index ef7cf6ccb..90ca84ecd 100644
--- a/lib/db_ido_pgsql/idopgsqlconnection.ti
+++ b/lib/db_ido_pgsql/idopgsqlconnection.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "db_ido/dbconnection.hpp"
 
diff --git a/lib/db_ido_pgsql/schema/pgsql.sql b/lib/db_ido_pgsql/schema/pgsql.sql
index d491051ed..242b6db5c 100644
--- a/lib/db_ido_pgsql/schema/pgsql.sql
+++ b/lib/db_ido_pgsql/schema/pgsql.sql
@@ -2,7 +2,7 @@
 -- pgsql.sql
 -- DB definition for IDO Postgresql
 --
--- Copyright (c) 2009-2018 Icinga Development Team (https://www.icinga.com/)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- --------------------------------------------------------
 
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.0.2.sql b/lib/db_ido_pgsql/schema/upgrade/2.0.2.sql
index 39d738650..60710efd3 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.0.2.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.0.2.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.0.2
 --
 -- -----------------------------------------
--- Copyright (c) 2014 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.1.0.sql b/lib/db_ido_pgsql/schema/upgrade/2.1.0.sql
index 8efc9cc81..a32ecea51 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.1.0.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.1.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.1.0
 --
 -- -----------------------------------------
--- Copyright (c) 2014 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.2.0.sql b/lib/db_ido_pgsql/schema/upgrade/2.2.0.sql
index f9d5501a5..d105a34be 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.2.0.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.2.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.2.0
 --
 -- -----------------------------------------
--- Copyright (c) 2014 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.3.0.sql b/lib/db_ido_pgsql/schema/upgrade/2.3.0.sql
index 445deda23..91764de64 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.3.0.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.3.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.3.0
 --
 -- -----------------------------------------
--- Copyright (c) 2015 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.4.0.sql b/lib/db_ido_pgsql/schema/upgrade/2.4.0.sql
index 35d8dad2f..4a6e45eb9 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.4.0.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.4.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.4.0
 --
 -- -----------------------------------------
--- Copyright (c) 2015 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.5.0.sql b/lib/db_ido_pgsql/schema/upgrade/2.5.0.sql
index c9d4c2f7e..063a812d6 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.5.0.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.5.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.5.0
 --
 -- -----------------------------------------
--- Copyright (c) 2016 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.6.0.sql b/lib/db_ido_pgsql/schema/upgrade/2.6.0.sql
index 229e9f106..aa538a62d 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.6.0.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.6.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.6.0
 --
 -- -----------------------------------------
--- Copyright (c) 2016 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.8.0.sql b/lib/db_ido_pgsql/schema/upgrade/2.8.0.sql
index cae9b6699..31ab3246b 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.8.0.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.8.0.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.8.0
 --
 -- -----------------------------------------
--- Copyright (c) 2017 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/db_ido_pgsql/schema/upgrade/2.8.1.sql b/lib/db_ido_pgsql/schema/upgrade/2.8.1.sql
index 0ee92f659..05202c03d 100644
--- a/lib/db_ido_pgsql/schema/upgrade/2.8.1.sql
+++ b/lib/db_ido_pgsql/schema/upgrade/2.8.1.sql
@@ -2,7 +2,7 @@
 -- upgrade path for Icinga 2.8.1 (fix for fresh 2.8.0 installation only)
 --
 -- -----------------------------------------
--- Copyright (c) 2018 Icinga Development Team (https://www.icinga.com)
+-- Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 --
 -- Please check https://docs.icinga.com for upgrading information!
 -- -----------------------------------------
diff --git a/lib/icinga/CMakeLists.txt b/lib/icinga/CMakeLists.txt
index 6f9f14d7e..00951609b 100644
--- a/lib/icinga/CMakeLists.txt
+++ b/lib/icinga/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(checkable.ti checkable-ti.cpp checkable-ti.hpp)
 mkclass_target(checkcommand.ti checkcommand-ti.cpp checkcommand-ti.hpp)
@@ -28,6 +13,7 @@ mkclass_target(host.ti host-ti.cpp host-ti.hpp)
 mkclass_target(icingaapplication.ti icingaapplication-ti.cpp icingaapplication-ti.hpp)
 mkclass_target(customvarobject.ti customvarobject-ti.cpp customvarobject-ti.hpp)
 mkclass_target(notificationcommand.ti notificationcommand-ti.cpp notificationcommand-ti.hpp)
+mkclass_target(notificationresult.ti notificationresult-ti.cpp notificationresult-ti.hpp)
 mkclass_target(notification.ti notification-ti.cpp notification-ti.hpp)
 mkclass_target(scheduleddowntime.ti scheduleddowntime-ti.cpp scheduleddowntime-ti.hpp)
 mkclass_target(servicegroup.ti servicegroup-ti.cpp servicegroup-ti.hpp)
@@ -66,6 +52,7 @@ set(icinga_SOURCES
   macroresolver.hpp
   notification.cpp notification.hpp notification-ti.hpp notification-apply.cpp
   notificationcommand.cpp notificationcommand.hpp notificationcommand-ti.hpp
+  notificationresult.cpp notificationresult.hpp notificationresult-ti.hpp
   objectutils.cpp objectutils.hpp
   pluginutility.cpp pluginutility.hpp
   scheduleddowntime.cpp scheduleddowntime.hpp scheduleddowntime-ti.hpp scheduleddowntime-apply.cpp
diff --git a/lib/icinga/apiactions.cpp b/lib/icinga/apiactions.cpp
index 2a373eb1c..757b37eca 100644
--- a/lib/icinga/apiactions.cpp
+++ b/lib/icinga/apiactions.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/apiactions.hpp"
 #include "icinga/service.hpp"
@@ -258,7 +241,7 @@ Dictionary::Ptr ApiActions::RemoveAcknowledgement(const ConfigObject::Ptr& objec
 
 	if (!checkable)
 		return ApiActions::CreateResult(404,
-			"Cannot remove acknowlegement for non-existent checkable object "
+			"Cannot remove acknowledgement for non-existent checkable object "
 			+ object->GetName() + ".");
 
 	checkable->ClearAcknowledgement();
@@ -355,6 +338,19 @@ Dictionary::Ptr ApiActions::ScheduleDowntime(const ConfigObject::Ptr& object,
 	double startTime = HttpUtility::GetLastParameter(params, "start_time");
 	double endTime = HttpUtility::GetLastParameter(params, "end_time");
 
+	Host::Ptr host;
+	Service::Ptr service;
+	tie(host, service) = GetHostService(checkable);
+
+	DowntimeChildOptions childOptions = DowntimeNoChildren;
+	if (params->Contains("child_options")) {
+		try {
+			childOptions = Downtime::ChildOptionsFromValue(HttpUtility::GetLastParameter(params, "child_options"));
+		} catch (const std::exception&) {
+			return ApiActions::CreateResult(400, "Option 'child_options' provided an invalid value.");
+		}
+	}
+
 	String downtimeName = Downtime::AddDowntime(checkable, author, comment, startTime, endTime,
 		fixed, triggerName, duration);
 
@@ -365,39 +361,90 @@ Dictionary::Ptr ApiActions::ScheduleDowntime(const ConfigObject::Ptr& object,
 		{ "legacy_id", downtime->GetLegacyId() }
 	});
 
-	/* Schedule downtime for all child objects. */
-	int childOptions = 0;
-	if (params->Contains("child_options"))
-		childOptions = HttpUtility::GetLastParameter(params, "child_options");
+	/* Schedule downtime for all services for the host type. */
+	bool allServices = false;
 
-	if (childOptions > 0) {
-		/* '1' schedules child downtimes triggered by the parent downtime.
-		 * '2' schedules non-triggered downtimes for all children.
+	if (params->Contains("all_services"))
+		allServices = HttpUtility::GetLastParameter(params, "all_services");
+
+	if (allServices && !service) {
+		ArrayData serviceDowntimes;
+
+		for (const Service::Ptr& hostService : host->GetServices()) {
+			Log(LogNotice, "ApiActions")
+				<< "Creating downtime for service " << hostService->GetName() << " on host " << host->GetName();
+
+			String serviceDowntimeName = Downtime::AddDowntime(hostService, author, comment, startTime, endTime,
+				fixed, triggerName, duration);
+
+			Downtime::Ptr serviceDowntime = Downtime::GetByName(serviceDowntimeName);
+
+			serviceDowntimes.push_back(new Dictionary({
+				{ "name", serviceDowntimeName },
+				{ "legacy_id", serviceDowntime->GetLegacyId() }
+			}));
+		}
+
+		additional->Set("service_downtimes", new Array(std::move(serviceDowntimes)));
+	}
+
+	/* Schedule downtime for all child objects. */
+	if (childOptions != DowntimeNoChildren) {
+		/* 'DowntimeTriggeredChildren' schedules child downtimes triggered by the parent downtime.
+		 * 'DowntimeNonTriggeredChildren' schedules non-triggered downtimes for all children.
 		 */
-		if (childOptions == 1)
+		if (childOptions == DowntimeTriggeredChildren)
 			triggerName = downtimeName;
 
-		Log(LogCritical, "ApiActions")
+		Log(LogNotice, "ApiActions")
 			<< "Processing child options " << childOptions << " for downtime " << downtimeName;
 
 		ArrayData childDowntimes;
 
 		for (const Checkable::Ptr& child : checkable->GetAllChildren()) {
-			Log(LogCritical, "ApiActions")
+			Log(LogNotice, "ApiActions")
 				<< "Scheduling downtime for child object " << child->GetName();
 
 			String childDowntimeName = Downtime::AddDowntime(child, author, comment, startTime, endTime,
 				fixed, triggerName, duration);
 
-			Log(LogCritical, "ApiActions")
+			Log(LogNotice, "ApiActions")
 				<< "Add child downtime '" << childDowntimeName << "'.";
 
 			Downtime::Ptr childDowntime = Downtime::GetByName(childDowntimeName);
 
-			childDowntimes.push_back(new Dictionary({
+			Dictionary::Ptr childAdditional = new Dictionary({
 				{ "name", childDowntimeName },
 				{ "legacy_id", childDowntime->GetLegacyId() }
-			}));
+			});
+
+			/* For a host, also schedule all service downtimes if requested. */
+			Host::Ptr childHost;
+			Service::Ptr childService;
+			tie(childHost, childService) = GetHostService(child);
+
+			if (allServices && !childService) {
+				ArrayData childServiceDowntimes;
+
+				for (const Service::Ptr& hostService : host->GetServices()) {
+					Log(LogNotice, "ApiActions")
+						<< "Creating downtime for service " << hostService->GetName() << " on child host " << host->GetName();
+
+					String serviceDowntimeName = Downtime::AddDowntime(hostService, author, comment, startTime, endTime,
+						fixed, triggerName, duration);
+
+					Downtime::Ptr serviceDowntime = Downtime::GetByName(serviceDowntimeName);
+
+					childServiceDowntimes.push_back(new Dictionary({
+						{ "name", serviceDowntimeName },
+						{ "legacy_id", serviceDowntime->GetLegacyId() }
+					}));
+				}
+
+				childAdditional->Set("service_downtimes", new Array(std::move(childServiceDowntimes)));
+			}
+
+			childDowntimes.push_back(childAdditional);
 		}
 
 		additional->Set("child_downtimes", new Array(std::move(childDowntimes)));
diff --git a/lib/icinga/apiactions.hpp b/lib/icinga/apiactions.hpp
index 0b13bb546..c2c8b6188 100644
--- a/lib/icinga/apiactions.hpp
+++ b/lib/icinga/apiactions.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APIACTIONS_H
 #define APIACTIONS_H
diff --git a/lib/icinga/apievents.cpp b/lib/icinga/apievents.cpp
index 7041890df..73eef3e48 100644
--- a/lib/icinga/apievents.cpp
+++ b/lib/icinga/apievents.cpp
@@ -1,24 +1,8 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/apievents.hpp"
 #include "icinga/service.hpp"
+#include "icinga/notificationcommand.hpp"
 #include "remote/eventqueue.hpp"
 #include "base/initialize.hpp"
 #include "base/serializer.hpp"
@@ -51,8 +35,9 @@ void ApiEvents::StaticInitialize()
 void ApiEvents::CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, const MessageOrigin::Ptr& origin)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("CheckResult");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::CheckResult));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'CheckResult'.");
@@ -74,13 +59,16 @@ void ApiEvents::CheckResultHandler(const Checkable::Ptr& checkable, const CheckR
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::StateChangeHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, StateType type, const MessageOrigin::Ptr& origin)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("StateChange");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::StateChange));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'StateChange'.");
@@ -104,6 +92,8 @@ void ApiEvents::StateChangeHandler(const Checkable::Ptr& checkable, const CheckR
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::NotificationSentToAllUsersHandler(const Notification::Ptr& notification,
@@ -111,8 +101,9 @@ void ApiEvents::NotificationSentToAllUsersHandler(const Notification::Ptr& notif
 	const CheckResult::Ptr& cr, const String& author, const String& text, const MessageOrigin::Ptr& origin)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("Notification");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::Notification));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'Notification'.");
@@ -129,6 +120,11 @@ void ApiEvents::NotificationSentToAllUsersHandler(const Notification::Ptr& notif
 	if (service)
 		result->Set("service", service->GetShortName());
 
+	NotificationCommand::Ptr command = notification->GetCommand();
+
+	if (command)
+		result->Set("command", command->GetName());
+
 	ArrayData userNames;
 
 	for (const User::Ptr& user : users) {
@@ -136,7 +132,7 @@ void ApiEvents::NotificationSentToAllUsersHandler(const Notification::Ptr& notif
 	}
 
 	result->Set("users", new Array(std::move(userNames)));
-	result->Set("notification_type", Notification::NotificationTypeToString(type));
+	result->Set("notification_type", Notification::NotificationTypeToStringCompat(type)); //TODO: Change this to our own types.
 	result->Set("author", author);
 	result->Set("text", text);
 	result->Set("check_result", Serialize(cr));
@@ -144,13 +140,16 @@ void ApiEvents::NotificationSentToAllUsersHandler(const Notification::Ptr& notif
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::FlappingChangedHandler(const Checkable::Ptr& checkable, const MessageOrigin::Ptr& origin)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("Flapping");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::Flapping));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'Flapping'.");
@@ -177,6 +176,8 @@ void ApiEvents::FlappingChangedHandler(const Checkable::Ptr& checkable, const Me
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::AcknowledgementSetHandler(const Checkable::Ptr& checkable,
@@ -184,8 +185,9 @@ void ApiEvents::AcknowledgementSetHandler(const Checkable::Ptr& checkable,
 	bool notify, bool persistent, double expiry, const MessageOrigin::Ptr& origin)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("AcknowledgementSet");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::AcknowledgementSet));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'AcknowledgementSet'.");
@@ -215,13 +217,16 @@ void ApiEvents::AcknowledgementSetHandler(const Checkable::Ptr& checkable,
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::AcknowledgementClearedHandler(const Checkable::Ptr& checkable, const MessageOrigin::Ptr& origin)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("AcknowledgementCleared");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::AcknowledgementCleared));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'AcknowledgementCleared'.");
@@ -246,13 +251,16 @@ void ApiEvents::AcknowledgementClearedHandler(const Checkable::Ptr& checkable, c
 	}
 
 	result->Set("acknowledgement_type", AcknowledgementNone);
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::CommentAddedHandler(const Comment::Ptr& comment)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("CommentAdded");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::CommentAdded));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'CommentAdded'.");
@@ -266,13 +274,16 @@ void ApiEvents::CommentAddedHandler(const Comment::Ptr& comment)
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::CommentRemovedHandler(const Comment::Ptr& comment)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("CommentRemoved");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::CommentRemoved));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'CommentRemoved'.");
@@ -286,13 +297,16 @@ void ApiEvents::CommentRemovedHandler(const Comment::Ptr& comment)
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::DowntimeAddedHandler(const Downtime::Ptr& downtime)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("DowntimeAdded");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::DowntimeAdded));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'DowntimeAdded'.");
@@ -306,13 +320,16 @@ void ApiEvents::DowntimeAddedHandler(const Downtime::Ptr& downtime)
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::DowntimeRemovedHandler(const Downtime::Ptr& downtime)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("DowntimeRemoved");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::DowntimeRemoved));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'DowntimeRemoved'.");
@@ -326,13 +343,16 @@ void ApiEvents::DowntimeRemovedHandler(const Downtime::Ptr& downtime)
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::DowntimeStartedHandler(const Downtime::Ptr& downtime)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("DowntimeStarted");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::DowntimeStarted));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'DowntimeStarted'.");
@@ -346,13 +366,16 @@ void ApiEvents::DowntimeStartedHandler(const Downtime::Ptr& downtime)
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
 
 void ApiEvents::DowntimeTriggeredHandler(const Downtime::Ptr& downtime)
 {
 	std::vector<EventQueue::Ptr> queues = EventQueue::GetQueuesForType("DowntimeTriggered");
+	auto inboxes (EventsRouter::GetInstance().GetInboxes(EventType::DowntimeTriggered));
 
-	if (queues.empty())
+	if (queues.empty() && !inboxes)
 		return;
 
 	Log(LogDebug, "ApiEvents", "Processing event type 'DowntimeTriggered'.");
@@ -366,4 +389,6 @@ void ApiEvents::DowntimeTriggeredHandler(const Downtime::Ptr& downtime)
 	for (const EventQueue::Ptr& queue : queues) {
 		queue->ProcessEvent(result);
 	}
+
+	inboxes.Push(std::move(result));
 }
diff --git a/lib/icinga/apievents.hpp b/lib/icinga/apievents.hpp
index 41c909a99..e4dcc7835 100644
--- a/lib/icinga/apievents.hpp
+++ b/lib/icinga/apievents.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APIEVENTS_H
 #define APIEVENTS_H
diff --git a/lib/icinga/checkable-check.cpp b/lib/icinga/checkable-check.cpp
index 719611aba..02bc8fc91 100644
--- a/lib/icinga/checkable-check.cpp
+++ b/lib/icinga/checkable-check.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
 #include "icinga/service.hpp"
@@ -40,6 +23,8 @@ boost::signals2::signal<void (const Checkable::Ptr&, const CheckResult::Ptr&, st
 boost::signals2::signal<void (const Checkable::Ptr&, NotificationType, const CheckResult::Ptr&, const String&, const String&, const MessageOrigin::Ptr&)> Checkable::OnNotificationsRequested;
 boost::signals2::signal<void (const Checkable::Ptr&)> Checkable::OnNextCheckUpdated;
 
+Atomic<uint_fast64_t> Checkable::CurrentConcurrentChecks (0);
+
 boost::mutex Checkable::m_StatsMutex;
 int Checkable::m_PendingChecks = 0;
 boost::condition_variable Checkable::m_PendingChecksCV;
@@ -79,9 +64,18 @@ void Checkable::UpdateNextCheck(const MessageOrigin::Ptr& origin)
 	if (interval > 1)
 		adj = fmod(now * 100 + GetSchedulingOffset(), interval * 100) / 100.0;
 
-	adj = std::min(0.5 + fmod(GetSchedulingOffset(), interval * 5) / 100.0, adj);
+	if (adj != 0.0)
+		adj = std::min(0.5 + fmod(GetSchedulingOffset(), interval * 5) / 100.0, adj);
 
-	SetNextCheck(now - adj + interval, false, origin);
+	double nextCheck = now - adj + interval;
+	double lastCheck = GetLastCheck();
+
+	Log(LogDebug, "Checkable")
+		<< "Update checkable '" << GetName() << "' with check interval '" << GetCheckInterval()
+		<< "' from last check time at " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", (lastCheck < 0 ? 0 : lastCheck))
+		<< " (" << GetLastCheck() << ") to next check time at " << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", nextCheck) << " (" << nextCheck << ").";
+
+	SetNextCheck(nextCheck, false, origin);
 }
 
 bool Checkable::HasBeenChecked() const
@@ -161,9 +155,34 @@ void Checkable::ProcessCheckResult(const CheckResult::Ptr& cr, const MessageOrig
 	long old_attempt = GetCheckAttempt();
 	bool recovery = false;
 
-	/* Ignore check results older than the current one. */
-	if (old_cr && cr->GetExecutionStart() < old_cr->GetExecutionStart())
-		return;
+	/* When we have an check result already (not after fresh start),
+	 * prevent to accept old check results and allow overrides for
+	 * CRs happened in the future.
+	 */
+	if (old_cr) {
+		double currentCRTimestamp = old_cr->GetExecutionStart();
+		double newCRTimestamp = cr->GetExecutionStart();
+
+		/* Our current timestamp may be from the future (wrong server time adjusted again). Allow overrides here. */
+		if (currentCRTimestamp > now) {
+			/* our current CR is from the future, let the new CR override it. */
+			Log(LogDebug, "Checkable")
+				<< std::fixed << std::setprecision(6) << "Processing check result for checkable '" << GetName() << "' from "
+				<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", newCRTimestamp) << " (" << newCRTimestamp
+				<< "). Overriding since ours is from the future at "
+				<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", currentCRTimestamp) << " (" << currentCRTimestamp << ").";
+		} else {
+			/* Current timestamp is from the past, but the new timestamp is even more in the past. Skip it. */
+			if (newCRTimestamp < currentCRTimestamp) {
+				Log(LogDebug, "Checkable")
+					<< std::fixed << std::setprecision(6) << "Skipping check result for checkable '" << GetName() << "' from "
+					<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", newCRTimestamp) << " (" << newCRTimestamp
+					<< "). It is in the past compared to ours at "
+					<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", currentCRTimestamp) << " (" << currentCRTimestamp << ").";
+				return;
+			}
+		}
+	}
 
 	/* The ExecuteCheck function already sets the old state, but we need to do it again
 	 * in case this was a passive check result. */
@@ -239,6 +258,9 @@ void Checkable::ProcessCheckResult(const CheckResult::Ptr& cr, const MessageOrig
 	else
 		stateChange = (Host::CalculateState(old_state) != Host::CalculateState(new_state));
 
+	/* Store the current last state change for the next iteration. */
+	SetPreviousStateChange(GetLastStateChange());
+
 	if (stateChange) {
 		SetLastStateChange(now);
 
@@ -253,8 +275,13 @@ void Checkable::ProcessCheckResult(const CheckResult::Ptr& cr, const MessageOrig
 			if (parent.get() == this)
 				continue;
 
-			ObjectLock olock(parent);
-			parent->SetNextCheck(Utility::GetTime());
+			if (!parent->GetEnableActiveChecks())
+				continue;
+
+			if (parent->GetNextCheck() >= now + parent->GetRetryInterval()) {
+				ObjectLock olock(parent);
+				parent->SetNextCheck(now);
+			}
 		}
 	}
 
@@ -284,15 +311,14 @@ void Checkable::ProcessCheckResult(const CheckResult::Ptr& cr, const MessageOrig
 	bool in_downtime = IsInDowntime();
 
 	bool send_notification = false;
+	bool suppress_notification = !notification_reachable || in_downtime || IsAcknowledged();
 
-	if (notification_reachable && !in_downtime && !IsAcknowledged()) {
-		/* Send notifications whether when a hard state change occured. */
-		if (hardChange && !(old_stateType == StateTypeSoft && IsStateOK(new_state)))
-			send_notification = true;
-		/* Or if the checkable is volatile and in a HARD state. */
-		else if (is_volatile && GetStateType() == StateTypeHard)
-			send_notification = true;
-	}
+	/* Send notifications whether when a hard state change occurred. */
+	if (hardChange && !(old_stateType == StateTypeSoft && IsStateOK(new_state)))
+		send_notification = true;
+	/* Or if the checkable is volatile and in a HARD state. */
+	else if (is_volatile && GetStateType() == StateTypeHard)
+		send_notification = true;
 
 	if (IsStateOK(old_state) && old_stateType == StateTypeSoft)
 		send_notification = false; /* Don't send notifications for SOFT-OK -> HARD-OK. */
@@ -380,21 +406,33 @@ void Checkable::ProcessCheckResult(const CheckResult::Ptr& cr, const MessageOrig
 		(is_volatile && !(IsStateOK(old_state) && IsStateOK(new_state))))
 		ExecuteEventHandler();
 
+	int suppressed_types = 0;
+
 	/* Flapping start/end notifications */
-	if (!in_downtime && !was_flapping && is_flapping) {
+	if (!was_flapping && is_flapping) {
 		/* FlappingStart notifications happen on state changes, not in downtimes */
-		if (!IsPaused())
-			OnNotificationsRequested(this, NotificationFlappingStart, cr, "", "", nullptr);
+		if (!IsPaused()) {
+			if (in_downtime) {
+				suppressed_types |= NotificationFlappingStart;
+			} else {
+				OnNotificationsRequested(this, NotificationFlappingStart, cr, "", "", nullptr);
+			}
+		}
 
 		Log(LogNotice, "Checkable")
 			<< "Flapping Start: Checkable '" << GetName() << "' started flapping (Current flapping value "
 			<< GetFlappingCurrent() << "% > high threshold " << GetFlappingThresholdHigh() << "%).";
 
 		NotifyFlapping(origin);
-	} else if (!in_downtime && was_flapping && !is_flapping) {
+	} else if (was_flapping && !is_flapping) {
 		/* FlappingEnd notifications are independent from state changes, must not happen in downtine */
-		if (!IsPaused())
-			OnNotificationsRequested(this, NotificationFlappingEnd, cr, "", "", nullptr);
+		if (!IsPaused()) {
+			if (in_downtime) {
+				suppressed_types |= NotificationFlappingEnd;
+			} else {
+				OnNotificationsRequested(this, NotificationFlappingEnd, cr, "", "", nullptr);
+			}
+		}
 
 		Log(LogNotice, "Checkable")
 			<< "Flapping Stop: Checkable '" << GetName() << "' stopped flapping (Current flapping value "
@@ -404,8 +442,35 @@ void Checkable::ProcessCheckResult(const CheckResult::Ptr& cr, const MessageOrig
 	}
 
 	if (send_notification && !is_flapping) {
-		if (!IsPaused())
-			OnNotificationsRequested(this, recovery ? NotificationRecovery : NotificationProblem, cr, "", "", nullptr);
+		if (!IsPaused()) {
+			if (suppress_notification) {
+				suppressed_types |= (recovery ? NotificationRecovery : NotificationProblem);
+			} else {
+				OnNotificationsRequested(this, recovery ? NotificationRecovery : NotificationProblem, cr, "", "", nullptr);
+			}
+		}
+	}
+
+	if (suppressed_types) {
+		/* If some notifications were suppressed, but just because of e.g. a downtime,
+		 * stash them into a notification types bitmask for maybe re-sending later.
+		 */
+
+		ObjectLock olock (this);
+		int suppressed_types_before (GetSuppressedNotifications());
+		int suppressed_types_after (suppressed_types_before | suppressed_types);
+
+		for (int conflict : {NotificationProblem | NotificationRecovery, NotificationFlappingStart | NotificationFlappingEnd}) {
+			/* E.g. problem and recovery notifications neutralize each other. */
+
+			if ((suppressed_types_after & conflict) == conflict) {
+				suppressed_types_after &= ~conflict;
+			}
+		}
+
+		if (suppressed_types_after != suppressed_types_before) {
+			SetSuppressedNotifications(suppressed_types_after);
+		}
 	}
 }
 
@@ -431,6 +496,12 @@ void Checkable::ExecuteCheck()
 	double scheduled_start = GetNextCheck();
 	double before_check = Utility::GetTime();
 
+	/* This calls SetNextCheck() which updates the CheckerComponent's idle/pending
+	 * queues and ensures that checks are not fired multiple times. ProcessCheckResult()
+	 * is called too late. See #6421.
+	 */
+	UpdateNextCheck();
+
 	bool reachable = IsReachable();
 
 	{
diff --git a/lib/icinga/checkable-comment.cpp b/lib/icinga/checkable-comment.cpp
index 25b828ca3..b2184e1ff 100644
--- a/lib/icinga/checkable-comment.cpp
+++ b/lib/icinga/checkable-comment.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/service.hpp"
 #include "remote/configobjectutility.hpp"
diff --git a/lib/icinga/checkable-dependency.cpp b/lib/icinga/checkable-dependency.cpp
index 2b6b50f91..10e39ab58 100644
--- a/lib/icinga/checkable-dependency.cpp
+++ b/lib/icinga/checkable-dependency.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/service.hpp"
 #include "icinga/dependency.hpp"
@@ -61,9 +44,12 @@ std::vector<Dependency::Ptr> Checkable::GetReverseDependencies() const
 
 bool Checkable::IsReachable(DependencyType dt, Dependency::Ptr *failedDependency, int rstack) const
 {
-	if (rstack > 20) {
+	/* Anything greater than 256 causes recursion bus errors. */
+	int limit = 256;
+
+	if (rstack > limit) {
 		Log(LogWarning, "Checkable")
-			<< "Too many nested dependencies for service '" << GetName() << "': Dependency failed.";
+			<< "Too many nested dependencies (>" << limit << ") for checkable '" << GetName() << "': Dependency failed.";
 
 		return false;
 	}
diff --git a/lib/icinga/checkable-downtime.cpp b/lib/icinga/checkable-downtime.cpp
index 3222986da..dcc1539a8 100644
--- a/lib/icinga/checkable-downtime.cpp
+++ b/lib/icinga/checkable-downtime.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/service.hpp"
 #include "base/configtype.hpp"
diff --git a/lib/icinga/checkable-event.cpp b/lib/icinga/checkable-event.cpp
index 494b14cac..91b2a443d 100644
--- a/lib/icinga/checkable-event.cpp
+++ b/lib/icinga/checkable-event.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
 #include "icinga/eventcommand.hpp"
diff --git a/lib/icinga/checkable-flapping.cpp b/lib/icinga/checkable-flapping.cpp
index 9efd5f38e..d0c8f8ec0 100644
--- a/lib/icinga/checkable-flapping.cpp
+++ b/lib/icinga/checkable-flapping.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
 #include "icinga/icingaapplication.hpp"
diff --git a/lib/icinga/checkable-notification.cpp b/lib/icinga/checkable-notification.cpp
index 021b3f964..9aac0e7a4 100644
--- a/lib/icinga/checkable-notification.cpp
+++ b/lib/icinga/checkable-notification.cpp
@@ -1,29 +1,16 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
+#include "icinga/host.hpp"
 #include "icinga/icingaapplication.hpp"
+#include "icinga/service.hpp"
+#include "base/dictionary.hpp"
 #include "base/objectlock.hpp"
 #include "base/logger.hpp"
 #include "base/exception.hpp"
 #include "base/context.hpp"
 #include "base/convert.hpp"
+#include "remote/apilistener.hpp"
 
 using namespace icinga;
 
@@ -31,8 +18,8 @@ boost::signals2::signal<void (const Notification::Ptr&, const Checkable::Ptr&, c
 	const NotificationType&, const CheckResult::Ptr&, const String&, const String&,
 	const MessageOrigin::Ptr&)> Checkable::OnNotificationSentToAllUsers;
 boost::signals2::signal<void (const Notification::Ptr&, const Checkable::Ptr&, const User::Ptr&,
-	const NotificationType&, const CheckResult::Ptr&, const String&, const String&, const String&,
-	const MessageOrigin::Ptr&)> Checkable::OnNotificationSentToUser;
+	const NotificationType&, const CheckResult::Ptr&, const NotificationResult::Ptr&, const String&,
+	const String&, const String&, const MessageOrigin::Ptr&)> Checkable::OnNotificationSentToUser;
 
 void Checkable::ResetNotificationNumbers()
 {
@@ -44,7 +31,9 @@ void Checkable::ResetNotificationNumbers()
 
 void Checkable::SendNotifications(NotificationType type, const CheckResult::Ptr& cr, const String& author, const String& text)
 {
-	CONTEXT("Sending notifications for object '" + GetName() + "'");
+	String checkableName = GetName();
+
+	CONTEXT("Sending notifications for object '" + checkableName + "'");
 
 	bool force = GetForceNextNotification();
 
@@ -53,31 +42,70 @@ void Checkable::SendNotifications(NotificationType type, const CheckResult::Ptr&
 	if (!IcingaApplication::GetInstance()->GetEnableNotifications() || !GetEnableNotifications()) {
 		if (!force) {
 			Log(LogInformation, "Checkable")
-				<< "Notifications are disabled for service '" << GetName() << "'.";
+				<< "Notifications are disabled for checkable '" << checkableName << "'.";
 			return;
 		}
 	}
 
-	Log(LogInformation, "Checkable")
-		<< "Checking for configured notifications for object '" << GetName() << "'";
-
 	std::set<Notification::Ptr> notifications = GetNotifications();
 
-	if (notifications.empty())
-		Log(LogInformation, "Checkable")
-			<< "Checkable '" << GetName() << "' does not have any notifications.";
+	String notificationTypeName = Notification::NotificationTypeToString(type);
 
-	Log(LogDebug, "Checkable")
-		<< "Checkable '" << GetName() << "' has " << notifications.size() << " notification(s).";
+	// Bail early if there are no notifications.
+	if (notifications.empty()) {
+		Log(LogNotice, "Checkable")
+			<< "Skipping checkable '" << checkableName << "' which doesn't have any notification objects configured.";
+		return;
+	}
+
+	Log(LogInformation, "Checkable")
+		<< "Checkable '" << checkableName << "' has " << notifications.size()
+		<< " notification(s). Checking filters for type '" << notificationTypeName << "', sends will be logged.";
 
 	for (const Notification::Ptr& notification : notifications) {
-		try {
-			if (!notification->IsPaused())
-				notification->BeginExecuteNotification(type, cr, force, false, author, text);
-		} catch (const std::exception& ex) {
-			Log(LogWarning, "Checkable")
-				<< "Exception occured during notification for service '"
-				<< GetName() << "': " << DiagnosticInformation(ex);
+		// Re-send stashed notifications from cold startup.
+		if (ApiListener::UpdatedObjectAuthority()) {
+			try {
+				if (!notification->IsPaused()) {
+					auto stashedNotifications (notification->GetStashedNotifications());
+
+					if (stashedNotifications->GetLength()) {
+						Log(LogNotice, "Notification")
+							<< "Notification '" << notification->GetName() << "': there are some stashed notifications. Stashing notification to preserve order.";
+
+						stashedNotifications->Add(new Dictionary({
+							{"type", type},
+							{"cr", cr},
+							{"force", force},
+							{"reminder", false},
+							{"author", author},
+							{"text", text}
+						}));
+					} else {
+						notification->BeginExecuteNotification(type, cr, force, false, author, text);
+					}
+				} else {
+					Log(LogNotice, "Notification")
+						<< "Notification '" << notification->GetName() << "': HA cluster active, this endpoint does not have the authority (paused=true). Skipping.";
+				}
+			} catch (const std::exception& ex) {
+				Log(LogWarning, "Checkable")
+					<< "Exception occurred during notification '" << notification->GetName() << "' for checkable '"
+					<< GetName() << "': " << DiagnosticInformation(ex, false);
+			}
+		} else {
+			// Cold startup phase. Stash notification for later.
+			Log(LogNotice, "Notification")
+				<< "Notification '" << notification->GetName() << "': object authority hasn't been updated, yet. Stashing notification.";
+
+			notification->GetStashedNotifications()->Add(new Dictionary({
+				{"type", type},
+				{"cr", cr},
+				{"force", force},
+				{"reminder", false},
+				{"author", author},
+				{"text", text}
+			}));
 		}
 	}
 }
@@ -99,3 +127,117 @@ void Checkable::UnregisterNotification(const Notification::Ptr& notification)
 	boost::mutex::scoped_lock lock(m_NotificationMutex);
 	m_Notifications.erase(notification);
 }
+
+static void FireSuppressedNotifications(Checkable* checkable)
+{
+	if (!checkable->IsActive())
+		return;
+
+	if (checkable->IsPaused())
+		return;
+
+	if (!checkable->GetEnableNotifications())
+		return;
+
+	int suppressed_types (checkable->GetSuppressedNotifications());
+	if (!suppressed_types)
+		return;
+
+	int subtract = 0;
+
+	for (auto type : {NotificationProblem, NotificationRecovery, NotificationFlappingStart, NotificationFlappingEnd}) {
+		if (suppressed_types & type) {
+			bool still_applies;
+			auto cr (checkable->GetLastCheckResult());
+
+			switch (type) {
+				case NotificationProblem:
+					still_applies = cr && !checkable->IsStateOK(cr->GetState()) && checkable->GetStateType() == StateTypeHard;
+					break;
+				case NotificationRecovery:
+					still_applies = cr && checkable->IsStateOK(cr->GetState());
+					break;
+				case NotificationFlappingStart:
+					still_applies = checkable->IsFlapping();
+					break;
+				case NotificationFlappingEnd:
+					still_applies = !checkable->IsFlapping();
+					break;
+				default:
+					break;
+			}
+
+			if (still_applies) {
+				bool still_suppressed;
+
+				switch (type) {
+					case NotificationProblem:
+						/* Fall through. */
+					case NotificationRecovery:
+						still_suppressed = !checkable->IsReachable(DependencyNotification) || checkable->IsInDowntime() || checkable->IsAcknowledged();
+						break;
+					case NotificationFlappingStart:
+						/* Fall through. */
+					case NotificationFlappingEnd:
+						still_suppressed = checkable->IsInDowntime();
+						break;
+					default:
+						break;
+				}
+
+				if (!still_suppressed && checkable->GetEnableActiveChecks()) {
+					/* If e.g. the downtime just ended, but the service is still not ok, we would re-send the stashed problem notification.
+					 * But if the next check result recovers the service soon, we would send a recovery notification soon after the problem one.
+					 * This is not desired, especially for lots of services at once.
+					 * Because of that if there's likely to be a check result soon,
+					 * we delay the re-sending of the stashed notification until the next check.
+					 * That check either doesn't change anything and we finally re-send the stashed problem notification
+					 * or recovers the service and we drop the stashed notification. */
+
+					/* One minute unless the check interval is too short so the next check will always run during the next minute. */
+					auto threshold (checkable->GetCheckInterval() - 10);
+
+					if (threshold > 60)
+						threshold = 60;
+					else if (threshold < 0)
+						threshold = 0;
+
+					still_suppressed = checkable->GetNextCheck() <= Utility::GetTime() + threshold;
+				}
+
+				if (!still_suppressed) {
+					Checkable::OnNotificationsRequested(checkable, type, cr, "", "", nullptr);
+
+					subtract |= type;
+				}
+			} else {
+				subtract |= type;
+			}
+		}
+	}
+
+	if (subtract) {
+		ObjectLock olock (checkable);
+
+		int suppressed_types_before (checkable->GetSuppressedNotifications());
+		int suppressed_types_after (suppressed_types_before & ~subtract);
+
+		if (suppressed_types_after != suppressed_types_before) {
+			checkable->SetSuppressedNotifications(suppressed_types_after);
+		}
+	}
+}
+
+/**
+ * Re-sends all notifications previously suppressed by e.g. downtimes if the notification reason still applies.
+ */
+void Checkable::FireSuppressedNotifications(const Timer * const&)
+{
+	for (auto& host : ConfigType::GetObjectsByType<Host>()) {
+		::FireSuppressedNotifications(host.get());
+	}
+
+	for (auto& service : ConfigType::GetObjectsByType<Service>()) {
+		::FireSuppressedNotifications(service.get());
+	}
+}
diff --git a/lib/icinga/checkable-script.cpp b/lib/icinga/checkable-script.cpp
index 532fb58dd..4a0d1d805 100644
--- a/lib/icinga/checkable-script.cpp
+++ b/lib/icinga/checkable-script.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
 #include "base/configobject.hpp"
diff --git a/lib/icinga/checkable.cpp b/lib/icinga/checkable.cpp
index fe52e37ef..55bbfeb16 100644
--- a/lib/icinga/checkable.cpp
+++ b/lib/icinga/checkable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
 #include "icinga/checkable-ti.cpp"
@@ -24,6 +7,8 @@
 #include "base/objectlock.hpp"
 #include "base/utility.hpp"
 #include "base/exception.hpp"
+#include "base/timer.hpp"
+#include <boost/thread/once.hpp>
 
 using namespace icinga;
 
@@ -33,6 +18,8 @@ INITIALIZE_ONCE(&Checkable::StaticInitialize);
 boost::signals2::signal<void (const Checkable::Ptr&, const String&, const String&, AcknowledgementType, bool, bool, double, const MessageOrigin::Ptr&)> Checkable::OnAcknowledgementSet;
 boost::signals2::signal<void (const Checkable::Ptr&, const MessageOrigin::Ptr&)> Checkable::OnAcknowledgementCleared;
 
+static Timer::Ptr l_CheckablesFireSuppressedNotifications;
+
 void Checkable::StaticInitialize()
 {
 	/* fixed downtime start */
@@ -57,14 +44,16 @@ void Checkable::OnAllConfigLoaded()
 	if (endpoint) {
 		Zone::Ptr checkableZone = static_pointer_cast<Zone>(GetZone());
 
-		if (!checkableZone)
-			checkableZone = Zone::GetLocalZone();
+		if (checkableZone) {
+			Zone::Ptr cmdZone = endpoint->GetZone();
 
-		Zone::Ptr cmdZone = endpoint->GetZone();
-
-		if (checkableZone && cmdZone != checkableZone && cmdZone->GetParent() != checkableZone) {
+			if (cmdZone != checkableZone && cmdZone->GetParent() != checkableZone) {
+				BOOST_THROW_EXCEPTION(ValidationError(this, { "command_endpoint" },
+					"Command endpoint must be in zone '" + checkableZone->GetName() + "' or in a direct child zone thereof."));
+			}
+		} else {
 			BOOST_THROW_EXCEPTION(ValidationError(this, { "command_endpoint" },
-				"Command endpoint must be in zone '" + checkableZone->GetName() + "' or in a direct child zone thereof."));
+				"Command endpoint must not be set."));
 		}
 	}
 }
@@ -80,6 +69,15 @@ void Checkable::Start(bool runtimeCreated)
 	}
 
 	ObjectImpl<Checkable>::Start(runtimeCreated);
+
+	static boost::once_flag once = BOOST_ONCE_INIT;
+
+	boost::call_once(once, []() {
+		l_CheckablesFireSuppressedNotifications = new Timer();
+		l_CheckablesFireSuppressedNotifications->SetInterval(5);
+		l_CheckablesFireSuppressedNotifications->OnTimerExpired.connect(&Checkable::FireSuppressedNotifications);
+		l_CheckablesFireSuppressedNotifications->Start();
+	});
 }
 
 void Checkable::AddGroup(const String& name)
@@ -132,6 +130,9 @@ void Checkable::AcknowledgeProblem(const String& author, const String& comment,
 	if (notify && !IsPaused())
 		OnNotificationsRequested(this, NotificationAcknowledgement, GetLastCheckResult(), author, comment, nullptr);
 
+	Log(LogInformation, "Checkable")
+		<< "Acknowledgement set for checkable '" << GetName() << "'.";
+
 	OnAcknowledgementSet(this, author, comment, type, notify, persistent, expiry, origin);
 }
 
@@ -140,6 +141,9 @@ void Checkable::ClearAcknowledgement(const MessageOrigin::Ptr& origin)
 	SetAcknowledgementRaw(AcknowledgementNone);
 	SetAcknowledgementExpiry(0);
 
+	Log(LogInformation, "Checkable")
+		<< "Acknowledgement cleared for checkable '" << GetName() << "'.";
+
 	OnAcknowledgementCleared(this, origin);
 }
 
@@ -154,6 +158,16 @@ int Checkable::GetSeverity() const
 	return 0;
 }
 
+bool Checkable::GetProblem() const
+{
+	return !IsStateOK(GetStateRaw());
+}
+
+bool Checkable::GetHandled() const
+{
+	return GetProblem() && (IsInDowntime() || IsAcknowledged());
+}
+
 void Checkable::NotifyFixedDowntimeStart(const Downtime::Ptr& downtime)
 {
 	if (!downtime->GetFixed())
@@ -198,6 +212,14 @@ void Checkable::ValidateCheckInterval(const Lazy<double>& lvalue, const Validati
 		BOOST_THROW_EXCEPTION(ValidationError(this, { "check_interval" }, "Interval must be greater than 0."));
 }
 
+void Checkable::ValidateRetryInterval(const Lazy<double>& lvalue, const ValidationUtils& utils)
+{
+	ObjectImpl<Checkable>::ValidateRetryInterval(lvalue, utils);
+
+	if (lvalue() <= 0)
+		BOOST_THROW_EXCEPTION(ValidationError(this, { "retry_interval" }, "Interval must be greater than 0."));
+}
+
 void Checkable::ValidateMaxCheckAttempts(const Lazy<int>& lvalue, const ValidationUtils& utils)
 {
 	ObjectImpl<Checkable>::ValidateMaxCheckAttempts(lvalue, utils);
diff --git a/lib/icinga/checkable.hpp b/lib/icinga/checkable.hpp
index a71487e54..caddd63f4 100644
--- a/lib/icinga/checkable.hpp
+++ b/lib/icinga/checkable.hpp
@@ -1,25 +1,10 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CHECKABLE_H
 #define CHECKABLE_H
 
+#include "base/atomic.hpp"
+#include "base/timer.hpp"
 #include "icinga/i2-icinga.hpp"
 #include "icinga/checkable-ti.hpp"
 #include "icinga/timeperiod.hpp"
@@ -28,6 +13,7 @@
 #include "icinga/downtime.hpp"
 #include "remote/endpoint.hpp"
 #include "remote/messageorigin.hpp"
+#include <cstdint>
 
 namespace icinga
 {
@@ -62,6 +48,7 @@ enum SeverityFlag
 {
 	SeverityFlagDowntime = 1,
 	SeverityFlagAcknowledgement = 2,
+	SeverityFlagHostDown = 4,
 	SeverityFlagUnhandled = 8,
 	SeverityFlagPending = 16,
 	SeverityFlagWarning = 32,
@@ -102,6 +89,8 @@ public:
 	void ClearAcknowledgement(const MessageOrigin::Ptr& origin = nullptr);
 
 	int GetSeverity() const override;
+	bool GetProblem() const override;
+	bool GetHandled() const override;
 
 	/* Checks */
 	intrusive_ptr<CheckCommand> GetCheckCommand() const;
@@ -113,7 +102,7 @@ public:
 	void UpdateNextCheck(const MessageOrigin::Ptr& origin = nullptr);
 
 	bool HasBeenChecked() const;
-	virtual bool IsStateOK(ServiceState state) = 0;
+	virtual bool IsStateOK(ServiceState state) const = 0;
 
 	double GetLastCheck() const final;
 
@@ -133,8 +122,8 @@ public:
 	static boost::signals2::signal<void (const Checkable::Ptr&, NotificationType, const CheckResult::Ptr&,
 		const String&, const String&, const MessageOrigin::Ptr&)> OnNotificationsRequested;
 	static boost::signals2::signal<void (const Notification::Ptr&, const Checkable::Ptr&, const User::Ptr&,
-		const NotificationType&, const CheckResult::Ptr&, const String&, const String&, const String&,
-		const MessageOrigin::Ptr&)> OnNotificationSentToUser;
+		const NotificationType&, const CheckResult::Ptr&, const NotificationResult::Ptr&, const String&,
+		const String&, const String&, const MessageOrigin::Ptr&)> OnNotificationSentToUser;
 	static boost::signals2::signal<void (const Notification::Ptr&, const Checkable::Ptr&, const std::set<User::Ptr>&,
 		const NotificationType&, const CheckResult::Ptr&, const String&,
 		const String&, const MessageOrigin::Ptr&)> OnNotificationSentToAllUsers;
@@ -144,6 +133,8 @@ public:
 	static boost::signals2::signal<void (const Checkable::Ptr&)> OnNextCheckUpdated;
 	static boost::signals2::signal<void (const Checkable::Ptr&)> OnEventCommandExecuted;
 
+	static Atomic<uint_fast64_t> CurrentConcurrentChecks;
+
 	/* Downtimes */
 	int GetDowntimeDepth() const final;
 
@@ -192,6 +183,7 @@ public:
 	std::vector<intrusive_ptr<Dependency> > GetReverseDependencies() const;
 
 	void ValidateCheckInterval(const Lazy<double>& lvalue, const ValidationUtils& value) final;
+	void ValidateRetryInterval(const Lazy<double>& lvalue, const ValidationUtils& value) final;
 	void ValidateMaxCheckAttempts(const Lazy<int>& lvalue, const ValidationUtils& value) final;
 
 	static void IncreasePendingChecks();
@@ -224,6 +216,8 @@ private:
 
 	static void NotifyDowntimeEnd(const Downtime::Ptr& downtime);
 
+	static void FireSuppressedNotifications(const Timer * const&);
+
 	/* Comments */
 	std::set<Comment::Ptr> m_Comments;
 	mutable boost::mutex m_CommentMutex;
diff --git a/lib/icinga/checkable.ti b/lib/icinga/checkable.ti
index d9918e7f8..7969d6f46 100644
--- a/lib/icinga/checkable.ti
+++ b/lib/icinga/checkable.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/icingaapplication.hpp"
 #include "icinga/customvarobject.hpp"
@@ -137,9 +120,18 @@ abstract class Checkable : CustomVarObject
 	};
 	[state] Timestamp last_state_unreachable;
 
+	[state] Timestamp previous_state_change {
+		default {{{ return Application::GetStartTime(); }}}
+	};
 	[no_storage] int severity {
 		get;
 	};
+	[no_storage] bool problem {
+		get;
+	};
+	[no_storage] bool handled {
+		get;
+	};
 
 	[state] bool force_next_check;
 	[state] int acknowledgement (AcknowledgementRaw) {
@@ -162,6 +154,9 @@ abstract class Checkable : CustomVarObject
 	[state, no_user_view, no_user_modify] int flapping_buffer;
 	[state, no_user_view, no_user_modify] int flapping_index;
 	[state, protected] bool flapping;
+	[state, no_user_view, no_user_modify] int suppressed_notifications {
+		default {{{ return 0; }}}
+	};
 
 	[config, navigation] name(Endpoint) command_endpoint (CommandEndpointRaw) {
 		navigate {{{
diff --git a/lib/icinga/checkcommand.cpp b/lib/icinga/checkcommand.cpp
index e32af3220..e0da41547 100644
--- a/lib/icinga/checkcommand.cpp
+++ b/lib/icinga/checkcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkcommand.hpp"
 #include "icinga/checkcommand-ti.cpp"
diff --git a/lib/icinga/checkcommand.hpp b/lib/icinga/checkcommand.hpp
index 471d6c2a1..6eb6119a3 100644
--- a/lib/icinga/checkcommand.hpp
+++ b/lib/icinga/checkcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CHECKCOMMAND_H
 #define CHECKCOMMAND_H
diff --git a/lib/icinga/checkcommand.ti b/lib/icinga/checkcommand.ti
index bcc29526d..c211f0f68 100644
--- a/lib/icinga/checkcommand.ti
+++ b/lib/icinga/checkcommand.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/command.hpp"
 
diff --git a/lib/icinga/checkresult.cpp b/lib/icinga/checkresult.cpp
index 52b1bb5e3..cb445af6c 100644
--- a/lib/icinga/checkresult.cpp
+++ b/lib/icinga/checkresult.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkresult.hpp"
 #include "icinga/checkresult-ti.cpp"
@@ -26,13 +9,13 @@ using namespace icinga;
 REGISTER_TYPE(CheckResult);
 
 INITIALIZE_ONCE([]() {
-	ScriptGlobal::Set("ServiceOK", ServiceOK);
-	ScriptGlobal::Set("ServiceWarning", ServiceWarning);
-	ScriptGlobal::Set("ServiceCritical", ServiceCritical);
-	ScriptGlobal::Set("ServiceUnknown", ServiceUnknown);
+	ScriptGlobal::Set("Icinga.ServiceOK", ServiceOK, true);
+	ScriptGlobal::Set("Icinga.ServiceWarning", ServiceWarning, true);
+	ScriptGlobal::Set("Icinga.ServiceCritical", ServiceCritical, true);
+	ScriptGlobal::Set("Icinga.ServiceUnknown", ServiceUnknown, true);
 
-	ScriptGlobal::Set("HostUp", HostUp);
-	ScriptGlobal::Set("HostDown", HostDown);
+	ScriptGlobal::Set("Icinga.HostUp", HostUp, true);
+	ScriptGlobal::Set("Icinga.HostDown", HostDown, true);
 })
 
 double CheckResult::CalculateExecutionTime() const
diff --git a/lib/icinga/checkresult.hpp b/lib/icinga/checkresult.hpp
index 245b4ba32..ac54d6b0d 100644
--- a/lib/icinga/checkresult.hpp
+++ b/lib/icinga/checkresult.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CHECKRESULT_H
 #define CHECKRESULT_H
diff --git a/lib/icinga/checkresult.ti b/lib/icinga/checkresult.ti
index f95a4ed64..6fe49ae94 100644
--- a/lib/icinga/checkresult.ti
+++ b/lib/icinga/checkresult.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 library icinga;
 
diff --git a/lib/icinga/cib.cpp b/lib/icinga/cib.cpp
index e68df57ad..0cb6ef0d5 100644
--- a/lib/icinga/cib.cpp
+++ b/lib/icinga/cib.cpp
@@ -1,26 +1,10 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/cib.hpp"
 #include "icinga/host.hpp"
 #include "icinga/service.hpp"
 #include "icinga/clusterevents.hpp"
+#include "base/application.hpp"
 #include "base/objectlock.hpp"
 #include "base/utility.hpp"
 #include "base/perfdatavalue.hpp"
@@ -203,8 +187,6 @@ ServiceStatistics CIB::CalculateServiceStats()
 	for (const Service::Ptr& service : ConfigType::GetObjectsByType<Service>()) {
 		ObjectLock olock(service);
 
-		CheckResult::Ptr cr = service->GetLastCheckResult();
-
 		if (service->GetState() == ServiceOK)
 			ss.services_ok++;
 		if (service->GetState() == ServiceWarning)
@@ -214,8 +196,11 @@ ServiceStatistics CIB::CalculateServiceStats()
 		if (service->GetState() == ServiceUnknown)
 			ss.services_unknown++;
 
+		CheckResult::Ptr cr = service->GetLastCheckResult();
+
 		if (!cr)
 			ss.services_pending++;
+
 		if (!service->IsReachable())
 			ss.services_unreachable++;
 
@@ -225,6 +210,11 @@ ServiceStatistics CIB::CalculateServiceStats()
 			ss.services_in_downtime++;
 		if (service->IsAcknowledged())
 			ss.services_acknowledged++;
+
+		if (service->GetHandled())
+			ss.services_handled++;
+		if (service->GetProblem())
+			ss.services_problem++;
 	}
 
 	return ss;
@@ -254,6 +244,11 @@ HostStatistics CIB::CalculateHostStats()
 			hs.hosts_in_downtime++;
 		if (host->IsAcknowledged())
 			hs.hosts_acknowledged++;
+
+		if (host->GetHandled())
+			hs.hosts_handled++;
+		if (host->GetProblem())
+			hs.hosts_problem++;
 	}
 
 	return hs;
@@ -268,13 +263,13 @@ std::pair<Dictionary::Ptr, Array::Ptr> CIB::GetFeatureStats()
 	Dictionary::Ptr status = new Dictionary();
 	Array::Ptr perfdata = new Array();
 
-	Dictionary::Ptr statsFunctions = ScriptGlobal::Get("StatsFunctions", &Empty);
+	Namespace::Ptr statsFunctions = ScriptGlobal::Get("StatsFunctions", &Empty);
 
 	if (statsFunctions) {
 		ObjectLock olock(statsFunctions);
 
-		for (const Dictionary::Pair& kv : statsFunctions)
-			static_cast<Function::Ptr>(kv.second)->Invoke({ status, perfdata });
+		for (const Namespace::Pair& kv : statsFunctions)
+			static_cast<Function::Ptr>(kv.second->Get())->Invoke({ status, perfdata });
 	}
 
 	return std::make_pair(status, perfdata);
@@ -306,7 +301,10 @@ void CIB::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata) {
 	status->Set("active_service_checks_15min", GetActiveServiceChecksStatistics(60 * 15));
 	status->Set("passive_service_checks_15min", GetPassiveServiceChecksStatistics(60 * 15));
 
+	// Checker related stats
 	status->Set("remote_check_queue", ClusterEvents::GetCheckRequestQueueSize());
+	status->Set("current_pending_callbacks", Application::GetTP().GetPending());
+	status->Set("current_concurrent_checks", Checkable::CurrentConcurrentChecks.load());
 
 	CheckableCheckStatistics scs = CalculateServiceCheckStats();
 
@@ -328,6 +326,8 @@ void CIB::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata) {
 	status->Set("num_services_flapping", ss.services_flapping);
 	status->Set("num_services_in_downtime", ss.services_in_downtime);
 	status->Set("num_services_acknowledged", ss.services_acknowledged);
+	status->Set("num_services_handled", ss.services_handled);
+	status->Set("num_services_problem", ss.services_problem);
 
 	double uptime = Utility::GetTime() - Application::GetStartTime();
 	status->Set("uptime", uptime);
@@ -341,4 +341,6 @@ void CIB::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata) {
 	status->Set("num_hosts_flapping", hs.hosts_flapping);
 	status->Set("num_hosts_in_downtime", hs.hosts_in_downtime);
 	status->Set("num_hosts_acknowledged", hs.hosts_acknowledged);
+	status->Set("num_hosts_handled", hs.hosts_handled);
+	status->Set("num_hosts_problem", hs.hosts_problem);
 }
diff --git a/lib/icinga/cib.hpp b/lib/icinga/cib.hpp
index 09bcba5e1..2abbb4600 100644
--- a/lib/icinga/cib.hpp
+++ b/lib/icinga/cib.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CIB_H
 #define CIB_H
@@ -47,6 +30,8 @@ struct ServiceStatistics {
 	double services_flapping;
 	double services_in_downtime;
 	double services_acknowledged;
+	double services_handled;
+	double services_problem;
 };
 
 struct HostStatistics {
@@ -57,6 +42,8 @@ struct HostStatistics {
 	double hosts_flapping;
 	double hosts_in_downtime;
 	double hosts_acknowledged;
+	double hosts_handled;
+	double hosts_problem;
 };
 
 /**
diff --git a/lib/icinga/clusterevents-check.cpp b/lib/icinga/clusterevents-check.cpp
index 58d983eb8..dec1b7c12 100644
--- a/lib/icinga/clusterevents-check.cpp
+++ b/lib/icinga/clusterevents-check.cpp
@@ -1,24 +1,9 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/clusterevents.hpp"
+#include "icinga/icingaapplication.hpp"
 #include "remote/apilistener.hpp"
+#include "base/configuration.hpp"
 #include "base/serializer.hpp"
 #include "base/exception.hpp"
 #include <boost/thread/once.hpp>
@@ -37,6 +22,8 @@ void ClusterEvents::RemoteCheckThreadProc()
 {
 	Utility::SetThreadName("Remote Check Scheduler");
 
+	int maxConcurrentChecks = IcingaApplication::GetInstance()->GetMaxConcurrentChecks();
+
 	boost::mutex::scoped_lock lock(m_Mutex);
 
 	for(;;) {
@@ -44,7 +31,7 @@ void ClusterEvents::RemoteCheckThreadProc()
 			break;
 
 		lock.unlock();
-		Checkable::AquirePendingCheckSlot(Application::GetMaxConcurrentChecks());
+		Checkable::AquirePendingCheckSlot(maxConcurrentChecks);
 		lock.lock();
 
 		auto callback = m_CheckRequestQueue.front();
@@ -179,7 +166,7 @@ void ClusterEvents::ExecuteCheckFromQueue(const MessageOrigin::Ptr& origin, cons
 			CheckResult::Ptr cr = new CheckResult();
 			cr->SetState(ServiceUnknown);
 
-			String output = "Exception occured while checking '" + host->GetName() + "': " + DiagnosticInformation(ex);
+			String output = "Exception occurred while checking '" + host->GetName() + "': " + DiagnosticInformation(ex);
 			cr->SetOutput(output);
 
 			double now = Utility::GetTime();
@@ -222,4 +209,4 @@ void ClusterEvents::LogRemoteCheckQueueInformation() {
 		<< m_ChecksExecutedDuringInterval * 6 * 15 << "/15min" << ");";
 
 	m_ChecksExecutedDuringInterval = 0;
-}
\ No newline at end of file
+}
diff --git a/lib/icinga/clusterevents.cpp b/lib/icinga/clusterevents.cpp
index e892caabf..313adb1eb 100644
--- a/lib/icinga/clusterevents.cpp
+++ b/lib/icinga/clusterevents.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/clusterevents.hpp"
 #include "icinga/service.hpp"
@@ -41,6 +24,7 @@ INITIALIZE_ONCE(&ClusterEvents::StaticInitialize);
 
 REGISTER_APIFUNCTION(CheckResult, event, &ClusterEvents::CheckResultAPIHandler);
 REGISTER_APIFUNCTION(SetNextCheck, event, &ClusterEvents::NextCheckChangedAPIHandler);
+REGISTER_APIFUNCTION(SetSuppressedNotifications, event, &ClusterEvents::SuppressedNotificationsChangedAPIHandler);
 REGISTER_APIFUNCTION(SetNextNotification, event, &ClusterEvents::NextNotificationChangedAPIHandler);
 REGISTER_APIFUNCTION(SetForceNextCheck, event, &ClusterEvents::ForceNextCheckChangedAPIHandler);
 REGISTER_APIFUNCTION(SetForceNextNotification, event, &ClusterEvents::ForceNextNotificationChangedAPIHandler);
@@ -55,6 +39,7 @@ void ClusterEvents::StaticInitialize()
 {
 	Checkable::OnNewCheckResult.connect(&ClusterEvents::CheckResultHandler);
 	Checkable::OnNextCheckChanged.connect(&ClusterEvents::NextCheckChangedHandler);
+	Checkable::OnSuppressedNotificationsChanged.connect(&ClusterEvents::SuppressedNotificationsChangedHandler);
 	Notification::OnNextNotificationChanged.connect(&ClusterEvents::NextNotificationChangedHandler);
 	Checkable::OnForceNextCheckChanged.connect(&ClusterEvents::ForceNextCheckChangedHandler);
 	Checkable::OnForceNextNotificationChanged.connect(&ClusterEvents::ForceNextNotificationChangedHandler);
@@ -249,6 +234,68 @@ Value ClusterEvents::NextCheckChangedAPIHandler(const MessageOrigin::Ptr& origin
 	return Empty;
 }
 
+void ClusterEvents::SuppressedNotificationsChangedHandler(const Checkable::Ptr& checkable, const MessageOrigin::Ptr& origin)
+{
+	ApiListener::Ptr listener = ApiListener::GetInstance();
+
+	if (!listener)
+		return;
+
+	Host::Ptr host;
+	Service::Ptr service;
+	tie(host, service) = GetHostService(checkable);
+
+	Dictionary::Ptr params = new Dictionary();
+	params->Set("host", host->GetName());
+	if (service)
+		params->Set("service", service->GetShortName());
+	params->Set("suppressed_notifications", checkable->GetSuppressedNotifications());
+
+	Dictionary::Ptr message = new Dictionary();
+	message->Set("jsonrpc", "2.0");
+	message->Set("method", "event::SetSuppressedNotifications");
+	message->Set("params", params);
+
+	listener->RelayMessage(origin, checkable, message, true);
+}
+
+Value ClusterEvents::SuppressedNotificationsChangedAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
+{
+	Endpoint::Ptr endpoint = origin->FromClient->GetEndpoint();
+
+	if (!endpoint) {
+		Log(LogNotice, "ClusterEvents")
+			<< "Discarding 'suppressed notifications changed' message from '" << origin->FromClient->GetIdentity() << "': Invalid endpoint origin (client not allowed).";
+		return Empty;
+	}
+
+	Host::Ptr host = Host::GetByName(params->Get("host"));
+
+	if (!host)
+		return Empty;
+
+	Checkable::Ptr checkable;
+
+	if (params->Contains("service"))
+		checkable = host->GetServiceByShortName(params->Get("service"));
+	else
+		checkable = host;
+
+	if (!checkable)
+		return Empty;
+
+	if (origin->FromZone && !origin->FromZone->CanAccessObject(checkable)) {
+		Log(LogNotice, "ClusterEvents")
+			<< "Discarding 'suppressed notifications changed' message for checkable '" << checkable->GetName()
+			<< "' from '" << origin->FromClient->GetIdentity() << "': Unauthorized access.";
+		return Empty;
+	}
+
+	checkable->SetSuppressedNotifications(params->Get("suppressed_notifications"), false, origin);
+
+	return Empty;
+}
+
 void ClusterEvents::NextNotificationChangedHandler(const Notification::Ptr& notification, const MessageOrigin::Ptr& origin)
 {
 	ApiListener::Ptr listener = ApiListener::GetInstance();
@@ -445,6 +492,7 @@ void ClusterEvents::AcknowledgementSetHandler(const Checkable::Ptr& checkable,
 	params->Set("comment", comment);
 	params->Set("acktype", type);
 	params->Set("notify", notify);
+	params->Set("persistent", persistent);
 	params->Set("expiry", expiry);
 
 	Dictionary::Ptr message = new Dictionary();
@@ -640,7 +688,7 @@ Value ClusterEvents::SendNotificationsAPIHandler(const MessageOrigin::Ptr& origi
 }
 
 void ClusterEvents::NotificationSentUserHandler(const Notification::Ptr& notification, const Checkable::Ptr& checkable, const User::Ptr& user,
-	NotificationType notificationType, const CheckResult::Ptr& cr, const String& author, const String& commentText, const String& command,
+	NotificationType notificationType, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr, const String& author, const String& commentText, const String& command,
 	const MessageOrigin::Ptr& origin)
 {
 	ApiListener::Ptr listener = ApiListener::GetInstance();
@@ -660,6 +708,7 @@ void ClusterEvents::NotificationSentUserHandler(const Notification::Ptr& notific
 	params->Set("user", user->GetName());
 	params->Set("type", notificationType);
 	params->Set("cr", Serialize(cr));
+	params->Set("nr", Serialize(nr));
 	params->Set("author", author);
 	params->Set("text", commentText);
 	params->Set("command", command);
@@ -721,6 +770,14 @@ Value ClusterEvents::NotificationSentUserAPIHandler(const MessageOrigin::Ptr& or
 		}
 	}
 
+	NotificationResult::Ptr nr;
+	if (params->Contains("nr")) {
+		nr = new NotificationResult();
+		Dictionary::Ptr vnr = params->Get("nr");
+
+		Deserialize(nr, vnr, true);
+	}
+
 	NotificationType type = static_cast<NotificationType>(static_cast<int>(params->Get("type")));
 	String author = params->Get("author");
 	String text = params->Get("text");
@@ -737,7 +794,7 @@ Value ClusterEvents::NotificationSentUserAPIHandler(const MessageOrigin::Ptr& or
 
 	String command = params->Get("command");
 
-	Checkable::OnNotificationSentToUser(notification, checkable, user, type, cr, author, text, command, origin);
+	Checkable::OnNotificationSentToUser(notification, checkable, user, type, cr, nr, author, text, command, origin);
 
 	return Empty;
 }
diff --git a/lib/icinga/clusterevents.hpp b/lib/icinga/clusterevents.hpp
index 5b8acf78a..8dc6f48b9 100644
--- a/lib/icinga/clusterevents.hpp
+++ b/lib/icinga/clusterevents.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CLUSTEREVENTS_H
 #define CLUSTEREVENTS_H
@@ -43,6 +26,9 @@ public:
 	static void NextCheckChangedHandler(const Checkable::Ptr& checkable, const MessageOrigin::Ptr& origin);
 	static Value NextCheckChangedAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 
+	static void SuppressedNotificationsChangedHandler(const Checkable::Ptr& checkable, const MessageOrigin::Ptr& origin);
+	static Value SuppressedNotificationsChangedAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
+
 	static void NextNotificationChangedHandler(const Notification::Ptr& notification, const MessageOrigin::Ptr& origin);
 	static Value NextNotificationChangedAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 
@@ -68,7 +54,8 @@ public:
 	static Value SendNotificationsAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 
 	static void NotificationSentUserHandler(const Notification::Ptr& notification, const Checkable::Ptr& checkable, const User::Ptr& user,
-		NotificationType notificationType, const CheckResult::Ptr& cr, const String& author, const String& commentText, const String& command, const MessageOrigin::Ptr& origin);
+		NotificationType notificationType, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
+		const String& author, const String& commentText, const String& command, const MessageOrigin::Ptr& origin);
 	static Value NotificationSentUserAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 
 	static void NotificationSentToAllUsersHandler(const Notification::Ptr& notification, const Checkable::Ptr& checkable, const std::set<User::Ptr>& users,
diff --git a/lib/icinga/command.cpp b/lib/icinga/command.cpp
index 628ed301a..8e0f357e7 100644
--- a/lib/icinga/command.cpp
+++ b/lib/icinga/command.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/command.hpp"
 #include "icinga/command-ti.cpp"
diff --git a/lib/icinga/command.hpp b/lib/icinga/command.hpp
index fa1aa5c03..19bb05013 100644
--- a/lib/icinga/command.hpp
+++ b/lib/icinga/command.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMMAND_H
 #define COMMAND_H
diff --git a/lib/icinga/command.ti b/lib/icinga/command.ti
index 64b7482a8..5055ee3d5 100644
--- a/lib/icinga/command.ti
+++ b/lib/icinga/command.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 #include "base/function.hpp"
diff --git a/lib/icinga/comment.cpp b/lib/icinga/comment.cpp
index 9931b42bd..0945724ea 100644
--- a/lib/icinga/comment.cpp
+++ b/lib/icinga/comment.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/comment.hpp"
 #include "icinga/comment-ti.cpp"
diff --git a/lib/icinga/comment.hpp b/lib/icinga/comment.hpp
index d031b66de..166654d31 100644
--- a/lib/icinga/comment.hpp
+++ b/lib/icinga/comment.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMMENT_H
 #define COMMENT_H
diff --git a/lib/icinga/comment.ti b/lib/icinga/comment.ti
index 003fe0ff5..4bf667f31 100644
--- a/lib/icinga/comment.ti
+++ b/lib/icinga/comment.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/utility.hpp"
diff --git a/lib/icinga/compatutility.cpp b/lib/icinga/compatutility.cpp
index 3eb0dc573..305d3b247 100644
--- a/lib/icinga/compatutility.cpp
+++ b/lib/icinga/compatutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/compatutility.hpp"
 #include "icinga/checkcommand.hpp"
diff --git a/lib/icinga/compatutility.hpp b/lib/icinga/compatutility.hpp
index 388cdcb05..7b96fb308 100644
--- a/lib/icinga/compatutility.hpp
+++ b/lib/icinga/compatutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMPATUTILITY_H
 #define COMPATUTILITY_H
diff --git a/lib/icinga/customvarobject.cpp b/lib/icinga/customvarobject.cpp
index 2055dbd78..fc1fd27b4 100644
--- a/lib/icinga/customvarobject.cpp
+++ b/lib/icinga/customvarobject.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 #include "icinga/customvarobject-ti.cpp"
diff --git a/lib/icinga/customvarobject.hpp b/lib/icinga/customvarobject.hpp
index 84328bd7b..e10ef3245 100644
--- a/lib/icinga/customvarobject.hpp
+++ b/lib/icinga/customvarobject.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CUSTOMVAROBJECT_H
 #define CUSTOMVAROBJECT_H
diff --git a/lib/icinga/customvarobject.ti b/lib/icinga/customvarobject.ti
index 949c36498..18da48b00 100644
--- a/lib/icinga/customvarobject.ti
+++ b/lib/icinga/customvarobject.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
diff --git a/lib/icinga/dependency-apply.cpp b/lib/icinga/dependency-apply.cpp
index cc464aa7d..0f8eddc5b 100644
--- a/lib/icinga/dependency-apply.cpp
+++ b/lib/icinga/dependency-apply.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/dependency.hpp"
 #include "icinga/service.hpp"
diff --git a/lib/icinga/dependency.cpp b/lib/icinga/dependency.cpp
index 328a20e76..d2261cfe1 100644
--- a/lib/icinga/dependency.cpp
+++ b/lib/icinga/dependency.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/dependency.hpp"
 #include "icinga/dependency-ti.cpp"
diff --git a/lib/icinga/dependency.hpp b/lib/icinga/dependency.hpp
index b9db395c3..6a80d84f5 100644
--- a/lib/icinga/dependency.hpp
+++ b/lib/icinga/dependency.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DEPENDENCY_H
 #define DEPENDENCY_H
diff --git a/lib/icinga/dependency.ti b/lib/icinga/dependency.ti
index 66c215bda..62e6d8b31 100644
--- a/lib/icinga/dependency.ti
+++ b/lib/icinga/dependency.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 #include "icinga/checkable.hpp"
diff --git a/lib/icinga/downtime.cpp b/lib/icinga/downtime.cpp
index 8c3584a4b..f003bc746 100644
--- a/lib/icinga/downtime.cpp
+++ b/lib/icinga/downtime.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/downtime.hpp"
 #include "icinga/downtime-ti.cpp"
@@ -42,6 +25,15 @@ boost::signals2::signal<void (const Downtime::Ptr&)> Downtime::OnDowntimeTrigger
 
 REGISTER_TYPE(Downtime);
 
+INITIALIZE_ONCE(&Downtime::StaticInitialize);
+
+void Downtime::StaticInitialize()
+{
+	ScriptGlobal::Set("Icinga.DowntimeNoChildren", "DowntimeNoChildren", true);
+	ScriptGlobal::Set("Icinga.DowntimeTriggeredChildren", "DowntimeTriggeredChildren", true);
+	ScriptGlobal::Set("Icinga.DowntimeNonTriggeredChildren", "DowntimeNonTriggeredChildren", true);
+}
+
 String DowntimeNameComposer::MakeName(const String& shortName, const Object::Ptr& context) const
 {
 	Downtime::Ptr downtime = dynamic_pointer_cast<Downtime>(context);
@@ -201,8 +193,12 @@ bool Downtime::IsExpired() const
 
 bool Downtime::HasValidConfigOwner() const
 {
+	if (!ScheduledDowntime::AllConfigIsLoaded()) {
+		return true;
+	}
+
 	String configOwner = GetConfigOwner();
-	return configOwner.IsEmpty() || GetObject<ScheduledDowntime>(configOwner);
+	return configOwner.IsEmpty() || Zone::GetByName(GetAuthoritativeZone()) != Zone::GetLocalZone() || GetObject<ScheduledDowntime>(configOwner);
 }
 
 int Downtime::GetNextDowntimeID()
@@ -238,6 +234,14 @@ String Downtime::AddDowntime(const Checkable::Ptr& checkable, const String& auth
 	attrs->Set("config_owner", scheduledDowntime);
 	attrs->Set("entry_time", Utility::GetTime());
 
+	if (!scheduledDowntime.IsEmpty()) {
+		auto localZone (Zone::GetLocalZone());
+
+		if (localZone) {
+			attrs->Set("authoritative_zone", localZone->GetName());
+		}
+	}
+
 	Host::Ptr host;
 	Service::Ptr service;
 	tie(host, service) = GetHostService(checkable);
@@ -246,7 +250,23 @@ String Downtime::AddDowntime(const Checkable::Ptr& checkable, const String& auth
 	if (service)
 		attrs->Set("service_name", service->GetShortName());
 
-	String zone = checkable->GetZoneName();
+	String zone;
+
+	if (!scheduledDowntime.IsEmpty()) {
+		auto sdt (ScheduledDowntime::GetByName(scheduledDowntime));
+
+		if (sdt) {
+			auto sdtZone (sdt->GetZone());
+
+			if (sdtZone) {
+				zone = sdtZone->GetName();
+			}
+		}
+	}
+
+	if (zone.IsEmpty()) {
+		zone = checkable->GetZoneName();
+	}
 
 	if (!zone.IsEmpty())
 		attrs->Set("zone", zone);
@@ -278,10 +298,11 @@ String Downtime::AddDowntime(const Checkable::Ptr& checkable, const String& auth
 	if (!downtime)
 		BOOST_THROW_EXCEPTION(std::runtime_error("Could not create downtime object."));
 
-	Log(LogNotice, "Downtime")
+	Log(LogInformation, "Downtime")
 		<< "Added downtime '" << downtime->GetName()
 		<< "' between '" << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", startTime)
-		<< "' and '" << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", endTime) << "'.";
+		<< "' and '" << Utility::FormatDateTime("%Y-%m-%d %H:%M:%S", endTime) << "', author: '"
+		<< author << "', " << (fixed ? "fixed" : "flexible with " + Convert::ToString(duration) + "s duration");
 
 	return fullName;
 }
@@ -303,9 +324,6 @@ void Downtime::RemoveDowntime(const String& id, bool cancelled, bool expired, co
 
 	downtime->SetWasCancelled(cancelled);
 
-	Log(LogNotice, "Downtime")
-		<< "Removed downtime '" << downtime->GetName() << "' from object '" << downtime->GetCheckable()->GetName() << "'.";
-
 	Array::Ptr errors = new Array();
 
 	if (!ConfigObjectUtility::DeleteObject(downtime, false, errors, nullptr)) {
@@ -316,6 +334,21 @@ void Downtime::RemoveDowntime(const String& id, bool cancelled, bool expired, co
 
 		BOOST_THROW_EXCEPTION(std::runtime_error("Could not remove downtime."));
 	}
+
+	String reason;
+
+	if (expired) {
+		reason = "expired at " + Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", downtime->GetEndTime());
+	} else if (cancelled) {
+		reason = "cancelled by user";
+	} else {
+		reason = "<unknown>";
+	}
+
+	Log(LogInformation, "Downtime")
+		<< "Removed downtime '" << downtime->GetName() << "' from checkable '"
+		<< downtime->GetCheckable()->GetName() << "' (Reason: " << reason << ").";
+
 }
 
 bool Downtime::CanBeTriggered()
@@ -339,8 +372,10 @@ void Downtime::TriggerDowntime()
 	if (!CanBeTriggered())
 		return;
 
-	Log(LogNotice, "Downtime")
-		<< "Triggering downtime '" << GetName() << "'.";
+	Checkable::Ptr checkable = GetCheckable();
+
+	Log(LogInformation, "Downtime")
+		<< "Triggering downtime '" << GetName() << "' for checkable '" << checkable->GetName() << "'.";
 
 	if (GetTriggerTime() == 0)
 		SetTriggerTime(Utility::GetTime());
@@ -420,3 +455,20 @@ void Downtime::ValidateEndTime(const Lazy<Timestamp>& lvalue, const ValidationUt
 	if (lvalue() <= 0)
 		BOOST_THROW_EXCEPTION(ValidationError(this, { "end_time" }, "End time must be greater than 0."));
 }
+
+DowntimeChildOptions Downtime::ChildOptionsFromValue(const Value& options)
+{
+	if (options == "DowntimeNoChildren")
+		return DowntimeNoChildren;
+	else if (options == "DowntimeTriggeredChildren")
+		return DowntimeTriggeredChildren;
+	else if (options == "DowntimeNonTriggeredChildren")
+		return DowntimeNonTriggeredChildren;
+	else if (options.IsNumber()) {
+		int number = options;
+		if (number >= 0 && number <= 2)
+			return static_cast<DowntimeChildOptions>(number);
+	}
+
+	BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid child option specified"));
+}
diff --git a/lib/icinga/downtime.hpp b/lib/icinga/downtime.hpp
index 6d4ba0a21..c33d9017d 100644
--- a/lib/icinga/downtime.hpp
+++ b/lib/icinga/downtime.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DOWNTIME_H
 #define DOWNTIME_H
@@ -28,6 +11,13 @@
 namespace icinga
 {
 
+enum DowntimeChildOptions
+{
+	DowntimeNoChildren,
+	DowntimeTriggeredChildren,
+	DowntimeNonTriggeredChildren
+};
+
 /**
  * A downtime.
  *
@@ -51,6 +41,8 @@ public:
 	bool IsExpired() const;
 	bool HasValidConfigOwner() const;
 
+	static void StaticInitialize();
+
 	static int GetNextDowntimeID();
 
 	static String AddDowntime(const intrusive_ptr<Checkable>& checkable, const String& author,
@@ -65,6 +57,8 @@ public:
 
 	static String GetDowntimeIDFromLegacyID(int id);
 
+	static DowntimeChildOptions ChildOptionsFromValue(const Value& options);
+
 protected:
 	void OnAllConfigLoaded() override;
 	void Start(bool runtimeCreated) override;
diff --git a/lib/icinga/downtime.ti b/lib/icinga/downtime.ti
index 0cbc6738a..a55942fb0 100644
--- a/lib/icinga/downtime.ti
+++ b/lib/icinga/downtime.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/utility.hpp"
@@ -37,6 +20,8 @@ public:
 
 class Downtime : ConfigObject < DowntimeNameComposer
 {
+	activation_priority -10;
+
 	load_after Host;
 	load_after Service;
 
@@ -84,6 +69,7 @@ class Downtime : ConfigObject < DowntimeNameComposer
 	[state] int legacy_id;
 	[state] bool was_cancelled;
 	[config] String config_owner;
+	[config] String authoritative_zone;
 };
 
 }
diff --git a/lib/icinga/eventcommand.cpp b/lib/icinga/eventcommand.cpp
index a2a1cdc79..f9ab3be19 100644
--- a/lib/icinga/eventcommand.cpp
+++ b/lib/icinga/eventcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/eventcommand.hpp"
 #include "icinga/eventcommand-ti.cpp"
diff --git a/lib/icinga/eventcommand.hpp b/lib/icinga/eventcommand.hpp
index d971976a1..95bd1095a 100644
--- a/lib/icinga/eventcommand.hpp
+++ b/lib/icinga/eventcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EVENTCOMMAND_H
 #define EVENTCOMMAND_H
diff --git a/lib/icinga/eventcommand.ti b/lib/icinga/eventcommand.ti
index 10ee9d532..a166d1eb8 100644
--- a/lib/icinga/eventcommand.ti
+++ b/lib/icinga/eventcommand.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/command.hpp"
 
diff --git a/lib/icinga/externalcommandprocessor.cpp b/lib/icinga/externalcommandprocessor.cpp
index f117743fa..9f088ae67 100644
--- a/lib/icinga/externalcommandprocessor.cpp
+++ b/lib/icinga/externalcommandprocessor.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/externalcommandprocessor.hpp"
 #include "icinga/host.hpp"
diff --git a/lib/icinga/externalcommandprocessor.hpp b/lib/icinga/externalcommandprocessor.hpp
index 5aff98cb2..f7f0d75d6 100644
--- a/lib/icinga/externalcommandprocessor.hpp
+++ b/lib/icinga/externalcommandprocessor.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EXTERNALCOMMANDPROCESSOR_H
 #define EXTERNALCOMMANDPROCESSOR_H
diff --git a/lib/icinga/host.cpp b/lib/icinga/host.cpp
index 89c4131e6..9744eed46 100644
--- a/lib/icinga/host.cpp
+++ b/lib/icinga/host.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/host.hpp"
 #include "icinga/host-ti.cpp"
@@ -209,7 +192,7 @@ int Host::GetSeverity() const
 	return severity;
 }
 
-bool Host::IsStateOK(ServiceState state)
+bool Host::IsStateOK(ServiceState state) const
 {
 	return Host::CalculateState(state) == HostUp;
 }
diff --git a/lib/icinga/host.hpp b/lib/icinga/host.hpp
index cbd49d1db..237d8aaa1 100644
--- a/lib/icinga/host.hpp
+++ b/lib/icinga/host.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HOST_H
 #define HOST_H
@@ -56,7 +39,7 @@ public:
 	HostState GetLastHardState() const override;
 	int GetSeverity() const override;
 
-	bool IsStateOK(ServiceState state) override;
+	bool IsStateOK(ServiceState state) const override;
 	void SaveLastState(ServiceState state, double timestamp) override;
 
 	static HostState StateFromString(const String& state);
diff --git a/lib/icinga/host.ti b/lib/icinga/host.ti
index 04fc8f90f..03c606228 100644
--- a/lib/icinga/host.ti
+++ b/lib/icinga/host.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
 #include "icinga/customvarobject.hpp"
diff --git a/lib/icinga/hostgroup.cpp b/lib/icinga/hostgroup.cpp
index d0ca7b323..02dc6d7c9 100644
--- a/lib/icinga/hostgroup.cpp
+++ b/lib/icinga/hostgroup.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/hostgroup.hpp"
 #include "icinga/hostgroup-ti.cpp"
diff --git a/lib/icinga/hostgroup.hpp b/lib/icinga/hostgroup.hpp
index fb2564620..283930a23 100644
--- a/lib/icinga/hostgroup.hpp
+++ b/lib/icinga/hostgroup.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HOSTGROUP_H
 #define HOSTGROUP_H
diff --git a/lib/icinga/hostgroup.ti b/lib/icinga/hostgroup.ti
index 3ef1d0b91..a4404eafe 100644
--- a/lib/icinga/hostgroup.ti
+++ b/lib/icinga/hostgroup.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 
diff --git a/lib/icinga/i2-icinga.hpp b/lib/icinga/i2-icinga.hpp
index 80469b4bd..7163822da 100644
--- a/lib/icinga/i2-icinga.hpp
+++ b/lib/icinga/i2-icinga.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2ICINGA_H
 #define I2ICINGA_H
diff --git a/lib/icinga/icinga-itl.conf b/lib/icinga/icinga-itl.conf
index 6fcfaf518..22b688a7d 100644
--- a/lib/icinga/icinga-itl.conf
+++ b/lib/icinga/icinga-itl.conf
@@ -1,27 +1,8 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 System.assert(Internal.run_with_activation_context(function() {
-	var _Internal = Internal.clone()
-
-	template TimePeriod "legacy-timeperiod" use (_Internal) default {
-		update = _Internal.LegacyTimePeriod
+	template TimePeriod "legacy-timeperiod" use (LegacyTimePeriod = Internal.LegacyTimePeriod) default {
+		update = LegacyTimePeriod
 	}
 }))
 
diff --git a/lib/icinga/icingaapplication.cpp b/lib/icinga/icingaapplication.cpp
index 454c78d6d..451f009da 100644
--- a/lib/icinga/icingaapplication.cpp
+++ b/lib/icinga/icingaapplication.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/icingaapplication.hpp"
 #include "icinga/icingaapplication-ti.cpp"
@@ -41,10 +24,12 @@ using namespace icinga;
 static Timer::Ptr l_RetentionTimer;
 
 REGISTER_TYPE(IcingaApplication);
-INITIALIZE_ONCE(&IcingaApplication::StaticInitialize);
+/* Ensure that the priority is lower than the basic System namespace initialization in scriptframe.cpp. */
+INITIALIZE_ONCE_WITH_PRIORITY(&IcingaApplication::StaticInitialize, 50);
 
 void IcingaApplication::StaticInitialize()
 {
+	/* Pre-fill global constants, can be overridden with user input later in icinga-app/icinga.cpp. */
 	String node_name = Utility::GetFQDN();
 
 	if (node_name.IsEmpty()) {
@@ -59,9 +44,23 @@ void IcingaApplication::StaticInitialize()
 
 	ScriptGlobal::Set("NodeName", node_name);
 
-	ScriptGlobal::Set("ApplicationType", "IcingaApplication");
+	ScriptGlobal::Set("ReloadTimeout", 300);
+	ScriptGlobal::Set("MaxConcurrentChecks", 512);
 
-	ScriptGlobal::Set("ApplicationVersion", Application::GetAppVersion());
+	Namespace::Ptr systemNS = ScriptGlobal::Get("System");
+	/* Ensure that the System namespace is already initialized. Otherwise this is a programming error. */
+	VERIFY(systemNS);
+
+	systemNS->Set("ApplicationType", "IcingaApplication", true);
+	systemNS->Set("ApplicationVersion", Application::GetAppVersion(), true);
+
+	Namespace::Ptr globalNS = ScriptGlobal::GetGlobals();
+	VERIFY(globalNS);
+
+	auto icingaNSBehavior = new ConstNamespaceBehavior();
+	icingaNSBehavior->Freeze();
+	Namespace::Ptr icingaNS = new Namespace(icingaNSBehavior);
+	globalNS->SetAttribute("Icinga", std::make_shared<ConstEmbeddedNamespaceValue>(icingaNS));
 }
 
 REGISTER_STATSFUNCTION(IcingaApplication, &IcingaApplication::StatsFunc);
@@ -79,10 +78,10 @@ void IcingaApplication::StatsFunc(const Dictionary::Ptr& status, const Array::Pt
 			{ "enable_host_checks", icingaapplication->GetEnableHostChecks() },
 			{ "enable_service_checks", icingaapplication->GetEnableServiceChecks() },
 			{ "enable_perfdata", icingaapplication->GetEnablePerfdata() },
+			{ "environment", icingaapplication->GetEnvironment() },
 			{ "pid", Utility::GetPid() },
 			{ "program_start", Application::GetStartTime() },
-			{ "version", Application::GetAppVersion() },
-			{ "environment", ScriptGlobal::Get("Environment", &Empty) }
+			{ "version", Application::GetAppVersion() }
 		}));
 	}
 
@@ -156,13 +155,13 @@ static void PersistModAttrHelper(std::fstream& fp, ConfigObject::Ptr& previousOb
 
 void IcingaApplication::DumpProgramState()
 {
-	ConfigObject::DumpObjects(GetStatePath());
+	ConfigObject::DumpObjects(Configuration::StatePath);
 	DumpModifiedAttributes();
 }
 
 void IcingaApplication::DumpModifiedAttributes()
 {
-	String path = GetModAttrPath();
+	String path = Configuration::ModAttrPath;
 
 	std::fstream fp;
 	String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0644, fp);
@@ -179,16 +178,7 @@ void IcingaApplication::DumpModifiedAttributes()
 
 	fp.close();
 
-#ifdef _WIN32
-	_unlink(path.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempFilename.CStr(), path.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempFilename));
-	}
+	Utility::RenameFile(tempFilename, path);
 }
 
 IcingaApplication::Ptr IcingaApplication::GetInstance()
@@ -257,6 +247,12 @@ bool IcingaApplication::ResolveMacro(const String& macro, const CheckResult::Ptr
 		} else if (macro == "num_services_acknowledged") {
 			*result = ss.services_acknowledged;
 			return true;
+		} else if (macro == "num_services_handled") {
+			*result = ss.services_handled;
+			return true;
+		} else if (macro == "num_services_problem") {
+			*result = ss.services_problem;
+			return true;
 		}
 	}
 	else if (macro.Contains("num_hosts")) {
@@ -283,6 +279,12 @@ bool IcingaApplication::ResolveMacro(const String& macro, const CheckResult::Ptr
 		} else if (macro == "num_hosts_acknowledged") {
 			*result = hs.hosts_acknowledged;
 			return true;
+		} else if (macro == "num_hosts_handled") {
+			*result = hs.hosts_handled;
+			return true;
+		} else if (macro == "num_hosts_problem") {
+			*result = hs.hosts_problem;
+			return true;
 		}
 	}
 
@@ -294,6 +296,22 @@ String IcingaApplication::GetNodeName() const
 	return ScriptGlobal::Get("NodeName");
 }
 
+/* Intentionally kept here, since an agent may not have the CheckerComponent loaded. */
+int IcingaApplication::GetMaxConcurrentChecks() const
+{
+	return ScriptGlobal::Get("MaxConcurrentChecks");
+}
+
+String IcingaApplication::GetEnvironment() const
+{
+	return Application::GetAppEnvironment();
+}
+
+void IcingaApplication::SetEnvironment(const String& value, bool suppress_events, const Value& cookie)
+{
+	Application::SetAppEnvironment(value);
+}
+
 void IcingaApplication::ValidateVars(const Lazy<Dictionary::Ptr>& lvalue, const ValidationUtils& utils)
 {
 	MacroProcessor::ValidateCustomVars(this, lvalue());
diff --git a/lib/icinga/icingaapplication.hpp b/lib/icinga/icingaapplication.hpp
index 51216a02c..7888fa6ad 100644
--- a/lib/icinga/icingaapplication.hpp
+++ b/lib/icinga/icingaapplication.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ICINGAAPPLICATION_H
 #define ICINGAAPPLICATION_H
@@ -46,12 +29,15 @@ public:
 
 	static IcingaApplication::Ptr GetInstance();
 
-	String GetPidPath() const;
-
 	bool ResolveMacro(const String& macro, const CheckResult::Ptr& cr, Value *result) const override;
 
 	String GetNodeName() const;
 
+	int GetMaxConcurrentChecks() const;
+
+	String GetEnvironment() const override;
+	void SetEnvironment(const String& value, bool suppress_events = false, const Value& cookie = Empty) override;
+
 	void ValidateVars(const Lazy<Dictionary::Ptr>& lvalue, const ValidationUtils& utils) override;
 
 private:
diff --git a/lib/icinga/icingaapplication.ti b/lib/icinga/icingaapplication.ti
index 61d4ecd4c..1cdef7406 100644
--- a/lib/icinga/icingaapplication.ti
+++ b/lib/icinga/icingaapplication.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/application.hpp"
 
@@ -26,6 +9,14 @@ namespace icinga
 
 class IcingaApplication : Application
 {
+	activation_priority -50;
+
+	[config, no_storage, virtual] String environment {
+		get;
+		set;
+		default {{{ return Application::GetAppEnvironment(); }}}
+	};
+
 	[config] bool enable_notifications {
 		default {{{ return true; }}}
 	};
diff --git a/lib/icinga/legacytimeperiod.cpp b/lib/icinga/legacytimeperiod.cpp
index 5fe893035..560a588ec 100644
--- a/lib/icinga/legacytimeperiod.cpp
+++ b/lib/icinga/legacytimeperiod.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/legacytimeperiod.hpp"
 #include "base/function.hpp"
@@ -28,7 +11,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, LegacyTimePeriod, &LegacyTimePeriod::ScriptFunc, "tp:begin:end");
+REGISTER_FUNCTION_NONCONST(Internal, LegacyTimePeriod, &LegacyTimePeriod::ScriptFunc, "tp:begin:end");
 
 bool LegacyTimePeriod::IsInTimeRange(tm *begin, tm *end, int stride, tm *reference)
 {
@@ -42,7 +25,7 @@ bool LegacyTimePeriod::IsInTimeRange(tm *begin, tm *end, int stride, tm *referen
 
 	int daynumber = (tsref - tsbegin) / (24 * 60 * 60);
 
-	if (stride > 1 && daynumber % stride == 0)
+	if (stride > 1 && daynumber % stride > 0)
 		return false;
 
 	return true;
@@ -130,6 +113,13 @@ int LegacyTimePeriod::MonthFromString(const String& monthdef)
 		return -1;
 }
 
+boost::gregorian::date LegacyTimePeriod::GetEndOfMonthDay(int year, int month)
+{
+	boost::gregorian::date d(boost::gregorian::greg_year(year), boost::gregorian::greg_month(month), 1);
+
+	return d.end_of_month();
+}
+
 void LegacyTimePeriod::ParseTimeSpec(const String& timespec, tm *begin, tm *end, tm *reference)
 {
 	/* Let mktime() figure out whether we're in DST or not. */
@@ -187,10 +177,17 @@ void LegacyTimePeriod::ParseTimeSpec(const String& timespec, tm *begin, tm *end,
 			begin->tm_min = 0;
 			begin->tm_sec = 0;
 
-			/* Negative days are relative to the next month. */
+			/* day -X: Negative days are relative to the next month. */
 			if (mday < 0) {
-				begin->tm_mday = mday * -1 - 1;
-				begin->tm_mon++;
+				boost::gregorian::date d(GetEndOfMonthDay(reference->tm_year + 1900, mon + 1)); //TODO: Refactor this mess into full Boost.DateTime
+
+				//Depending on the number, we need to substract specific days (counting starts at 0).
+				d = d - boost::gregorian::days(mday * -1 - 1);
+
+				*begin = boost::gregorian::to_tm(d);
+				begin->tm_hour = 0;
+				begin->tm_min = 0;
+				begin->tm_sec = 0;
 			}
 		}
 
@@ -202,10 +199,20 @@ void LegacyTimePeriod::ParseTimeSpec(const String& timespec, tm *begin, tm *end,
 			end->tm_min = 0;
 			end->tm_sec = 0;
 
-			/* Negative days are relative to the next month. */
+			/* day -X: Negative days are relative to the next month. */
 			if (mday < 0) {
-				end->tm_mday = mday * -1 - 1;
-				end->tm_mon++;
+				boost::gregorian::date d(GetEndOfMonthDay(reference->tm_year + 1900, mon + 1)); //TODO: Refactor this mess into full Boost.DateTime
+
+				//Depending on the number, we need to substract specific days (counting starts at 0).
+				d = d - boost::gregorian::days(mday * -1 - 1);
+
+				// End date is one day in the future, starting 00:00:00
+				d = d + boost::gregorian::days(1);
+
+				*end = boost::gregorian::to_tm(d);
+				end->tm_hour = 0;
+				end->tm_min = 0;
+				end->tm_sec = 0;
 			}
 		}
 
@@ -359,7 +366,7 @@ void LegacyTimePeriod::ProcessTimeRangeRaw(const String& timerange, tm *referenc
 
 	if (begin->tm_hour * 3600 + begin->tm_min * 60 + begin->tm_sec >=
 		end->tm_hour * 3600 + end->tm_min * 60 + end->tm_sec)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Time period segment ends before it begins"));
+		end->tm_hour += 24;
 }
 
 Dictionary::Ptr LegacyTimePeriod::ProcessTimeRange(const String& timestamp, tm *reference)
@@ -388,6 +395,56 @@ void LegacyTimePeriod::ProcessTimeRanges(const String& timeranges, tm *reference
 	}
 }
 
+Dictionary::Ptr LegacyTimePeriod::FindRunningSegment(const String& daydef, const String& timeranges, tm *reference)
+{
+	tm begin, end, iter;
+	time_t tsend, tsiter, tsref;
+	int stride;
+
+	tsref = mktime(reference);
+
+	ParseTimeRange(daydef, &begin, &end, &stride, reference);
+
+	iter = begin;
+
+	tsend = mktime(&end);
+
+	do {
+		if (IsInTimeRange(&begin, &end, stride, &iter)) {
+			Array::Ptr segments = new Array();
+			ProcessTimeRanges(timeranges, &iter, segments);
+
+			Dictionary::Ptr bestSegment;
+			double bestEnd = 0.0;
+
+			ObjectLock olock(segments);
+			for (const Dictionary::Ptr& segment : segments) {
+				double begin = segment->Get("begin");
+				double end = segment->Get("end");
+
+				if (begin >= tsref || end < tsref)
+					continue;
+
+				if (!bestSegment || end > bestEnd) {
+					bestSegment = segment;
+					bestEnd = end;
+				}
+			}
+
+			if (bestSegment)
+				return bestSegment;
+		}
+
+		iter.tm_mday++;
+		iter.tm_hour = 0;
+		iter.tm_min = 0;
+		iter.tm_sec = 0;
+		tsiter = mktime(&iter);
+	} while (tsiter < tsend);
+
+	return nullptr;
+}
+
 Dictionary::Ptr LegacyTimePeriod::FindNextSegment(const String& daydef, const String& timeranges, tm *reference)
 {
 	tm begin, end, iter, ref;
diff --git a/lib/icinga/legacytimeperiod.hpp b/lib/icinga/legacytimeperiod.hpp
index 9bec5b68c..3f1a5cdb9 100644
--- a/lib/icinga/legacytimeperiod.hpp
+++ b/lib/icinga/legacytimeperiod.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LEGACYTIMEPERIOD_H
 #define LEGACYTIMEPERIOD_H
@@ -23,6 +6,7 @@
 #include "icinga/i2-icinga.hpp"
 #include "icinga/timeperiod.hpp"
 #include "base/dictionary.hpp"
+#include <boost/date_time/gregorian/gregorian.hpp>
 
 namespace icinga
 {
@@ -48,9 +32,12 @@ public:
 	static Dictionary::Ptr ProcessTimeRange(const String& timerange, tm *reference);
 	static void ProcessTimeRanges(const String& timeranges, tm *reference, const Array::Ptr& result);
 	static Dictionary::Ptr FindNextSegment(const String& daydef, const String& timeranges, tm *reference);
+	static Dictionary::Ptr FindRunningSegment(const String& daydef, const String& timeranges, tm *reference);
 
 private:
 	LegacyTimePeriod();
+
+	static boost::gregorian::date GetEndOfMonthDay(int year, int month);
 };
 
 }
diff --git a/lib/icinga/macroprocessor.cpp b/lib/icinga/macroprocessor.cpp
index d99f7649d..df1e41d17 100644
--- a/lib/icinga/macroprocessor.cpp
+++ b/lib/icinga/macroprocessor.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/macroprocessor.hpp"
 #include "icinga/macroresolver.hpp"
diff --git a/lib/icinga/macroprocessor.hpp b/lib/icinga/macroprocessor.hpp
index c7b3b5b36..1ff21efbf 100644
--- a/lib/icinga/macroprocessor.hpp
+++ b/lib/icinga/macroprocessor.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef MACROPROCESSOR_H
 #define MACROPROCESSOR_H
diff --git a/lib/icinga/macroresolver.hpp b/lib/icinga/macroresolver.hpp
index 33d3a97ae..ea29ce1e4 100644
--- a/lib/icinga/macroresolver.hpp
+++ b/lib/icinga/macroresolver.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef MACRORESOLVER_H
 #define MACRORESOLVER_H
diff --git a/lib/icinga/notification-apply.cpp b/lib/icinga/notification-apply.cpp
index 7f8f39dab..713bacea7 100644
--- a/lib/icinga/notification-apply.cpp
+++ b/lib/icinga/notification-apply.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/notification.hpp"
 #include "icinga/service.hpp"
diff --git a/lib/icinga/notification.cpp b/lib/icinga/notification.cpp
index 0e8d6dac2..df509c376 100644
--- a/lib/icinga/notification.cpp
+++ b/lib/icinga/notification.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/notification.hpp"
 #include "icinga/notification-ti.cpp"
@@ -29,6 +12,7 @@
 #include "base/exception.hpp"
 #include "base/initialize.hpp"
 #include "base/scriptglobal.hpp"
+#include <algorithm>
 
 using namespace icinga;
 
@@ -39,6 +23,7 @@ std::map<String, int> Notification::m_StateFilterMap;
 std::map<String, int> Notification::m_TypeFilterMap;
 
 boost::signals2::signal<void (const Notification::Ptr&, const MessageOrigin::Ptr&)> Notification::OnNextNotificationChanged;
+boost::signals2::signal<void (const Notification::Ptr&, const NotificationResult::Ptr&, const MessageOrigin::Ptr&)> Notification::OnNewNotificationResult;
 
 String NotificationNameComposer::MakeName(const String& shortName, const Object::Ptr& context) const
 {
@@ -79,22 +64,22 @@ Dictionary::Ptr NotificationNameComposer::ParseName(const String& name) const
 
 void Notification::StaticInitialize()
 {
-	ScriptGlobal::Set("OK", "OK");
-	ScriptGlobal::Set("Warning", "Warning");
-	ScriptGlobal::Set("Critical", "Critical");
-	ScriptGlobal::Set("Unknown", "Unknown");
-	ScriptGlobal::Set("Up", "Up");
-	ScriptGlobal::Set("Down", "Down");
+	ScriptGlobal::Set("Icinga.OK", "OK", true);
+	ScriptGlobal::Set("Icinga.Warning", "Warning", true);
+	ScriptGlobal::Set("Icinga.Critical", "Critical", true);
+	ScriptGlobal::Set("Icinga.Unknown", "Unknown", true);
+	ScriptGlobal::Set("Icinga.Up", "Up", true);
+	ScriptGlobal::Set("Icinga.Down", "Down", true);
 
-	ScriptGlobal::Set("DowntimeStart", "DowntimeStart");
-	ScriptGlobal::Set("DowntimeEnd", "DowntimeEnd");
-	ScriptGlobal::Set("DowntimeRemoved", "DowntimeRemoved");
-	ScriptGlobal::Set("Custom", "Custom");
-	ScriptGlobal::Set("Acknowledgement", "Acknowledgement");
-	ScriptGlobal::Set("Problem", "Problem");
-	ScriptGlobal::Set("Recovery", "Recovery");
-	ScriptGlobal::Set("FlappingStart", "FlappingStart");
-	ScriptGlobal::Set("FlappingEnd", "FlappingEnd");
+	ScriptGlobal::Set("Icinga.DowntimeStart", "DowntimeStart", true);
+	ScriptGlobal::Set("Icinga.DowntimeEnd", "DowntimeEnd", true);
+	ScriptGlobal::Set("Icinga.DowntimeRemoved", "DowntimeRemoved", true);
+	ScriptGlobal::Set("Icinga.Custom", "Custom", true);
+	ScriptGlobal::Set("Icinga.Acknowledgement", "Acknowledgement", true);
+	ScriptGlobal::Set("Icinga.Problem", "Problem", true);
+	ScriptGlobal::Set("Icinga.Recovery", "Recovery", true);
+	ScriptGlobal::Set("Icinga.FlappingStart", "FlappingStart", true);
+	ScriptGlobal::Set("Icinga.FlappingEnd", "FlappingEnd", true);
 
 	m_StateFilterMap["OK"] = StateFilterOK;
 	m_StateFilterMap["Warning"] = StateFilterWarning;
@@ -231,37 +216,15 @@ void Notification::ResetNotificationNumber()
 	SetNotificationNumber(0);
 }
 
-/* the upper case string used in all interfaces */
-String Notification::NotificationTypeToString(NotificationType type)
-{
-	switch (type) {
-		case NotificationDowntimeStart:
-			return "DOWNTIMESTART";
-		case NotificationDowntimeEnd:
-			return "DOWNTIMEEND";
-		case NotificationDowntimeRemoved:
-			return "DOWNTIMECANCELLED";
-		case NotificationCustom:
-			return "CUSTOM";
-		case NotificationAcknowledgement:
-			return "ACKNOWLEDGEMENT";
-		case NotificationProblem:
-			return "PROBLEM";
-		case NotificationRecovery:
-			return "RECOVERY";
-		case NotificationFlappingStart:
-			return "FLAPPINGSTART";
-		case NotificationFlappingEnd:
-			return "FLAPPINGEND";
-		default:
-			return "UNKNOWN_NOTIFICATION";
-	}
-}
-
 void Notification::BeginExecuteNotification(NotificationType type, const CheckResult::Ptr& cr, bool force, bool reminder, const String& author, const String& text)
 {
+	String notificationName = GetName();
+	String notificationTypeName = NotificationTypeToString(type);
+
 	Log(LogNotice, "Notification")
-		<< "Attempting to send " << (reminder ? "reminder " : " ") << "notifications for notification object '" << GetName() << "'.";
+		<< "Attempting to send " << (reminder ? "reminder " : "")
+		<< "notifications of type '" << notificationTypeName
+		<< "' for notification object '" << notificationName << "'.";
 
 	Checkable::Ptr checkable = GetCheckable();
 
@@ -270,7 +233,7 @@ void Notification::BeginExecuteNotification(NotificationType type, const CheckRe
 
 		if (tp && !tp->IsInside(Utility::GetTime())) {
 			Log(LogNotice, "Notification")
-				<< "Not sending " << (reminder ? "reminder " : " ") << "notifications for notification object '" << GetName()
+				<< "Not sending " << (reminder ? "reminder " : "") << "notifications for notification object '" << notificationName
 				<< "': not in timeperiod '" << tp->GetName() << "'";
 			return;
 		}
@@ -284,23 +247,21 @@ void Notification::BeginExecuteNotification(NotificationType type, const CheckRe
 
 			if (timesBegin != Empty && timesBegin >= 0 && now < checkable->GetLastHardStateChange() + timesBegin) {
 				Log(LogNotice, "Notification")
-					<< "Not sending " << (reminder ? "reminder " : " ") << "notifications for notification object '" << GetName()
-					<< "': before specified begin time (" << Utility::FormatDuration(timesBegin) << ")";
+					<< "Not sending " << (reminder ? "reminder " : "") << "notifications for notification object '"
+					<< notificationName << "': before specified begin time (" << Utility::FormatDuration(timesBegin) << ")";
 
 				/* we need to adjust the next notification time
-				 * to now + begin delaying the first notification
+				 * delaying the first notification
 				 */
-				double nextProposedNotification = now + timesBegin + 1.0;
-				if (GetNextNotification() > nextProposedNotification)
-					SetNextNotification(nextProposedNotification);
+				SetNextNotification(checkable->GetLastHardStateChange() + timesBegin + 1.0);
 
 				return;
 			}
 
 			if (timesEnd != Empty && timesEnd >= 0 && now > checkable->GetLastHardStateChange() + timesEnd) {
 				Log(LogNotice, "Notification")
-					<< "Not sending " << (reminder ? "reminder " : " ") << "notifications for notification object '" << GetName()
-					<< "': after specified end time (" << Utility::FormatDuration(timesEnd) << ")";
+					<< "Not sending " << (reminder ? "reminder " : "") << "notifications for notification object '"
+					<< notificationName << "': after specified end time (" << Utility::FormatDuration(timesEnd) << ")";
 				return;
 			}
 		}
@@ -308,15 +269,26 @@ void Notification::BeginExecuteNotification(NotificationType type, const CheckRe
 		unsigned long ftype = type;
 
 		Log(LogDebug, "Notification")
-			<< "Type '" << NotificationTypeToStringInternal(type)
+			<< "Type '" << NotificationTypeToString(type)
 			<< "', TypeFilter: " << NotificationFilterToString(GetTypeFilter(), GetTypeFilterMap())
 			<< " (FType=" << ftype << ", TypeFilter=" << GetTypeFilter() << ")";
 
 		if (!(ftype & GetTypeFilter())) {
 			Log(LogNotice, "Notification")
-				<< "Not sending " << (reminder ? "reminder " : " ") << "notifications for notification object '" << GetName() << "': type '"
-				<< NotificationTypeToStringInternal(type) << "' does not match type filter: "
+				<< "Not sending " << (reminder ? "reminder " : "") << "notifications for notification object '"
+				<< notificationName << "': type '"
+				<< NotificationTypeToString(type) << "' does not match type filter: "
 				<< NotificationFilterToString(GetTypeFilter(), GetTypeFilterMap()) << ".";
+
+			/* Ensure to reset no_more_notifications on Recovery notifications,
+			 * even if the admin did not configure them in the filter.
+			 */
+			{
+				ObjectLock olock(this);
+				if (type == NotificationRecovery && GetInterval() <= 0)
+					SetNoMoreNotifications(false);
+			}
+
 			return;
 		}
 
@@ -343,14 +315,16 @@ void Notification::BeginExecuteNotification(NotificationType type, const CheckRe
 
 			if (!(fstate & GetStateFilter())) {
 				Log(LogNotice, "Notification")
-					<< "Not sending " << (reminder ? "reminder " : " ") << "notifications for notification object '" << GetName() << "': state '" << stateStr
+					<< "Not sending " << (reminder ? "reminder " : "") << "notifications for notification object '"
+					<< notificationName << "': state '" << stateStr
 					<< "' does not match state filter: " << NotificationFilterToString(GetStateFilter(), GetStateFilterMap()) << ".";
 				return;
 			}
 		}
 	} else {
 		Log(LogNotice, "Notification")
-			<< "Not checking " << (reminder ? "reminder " : " ") << "notification filters for notification object '" << GetName() << "': Notification was forced.";
+			<< "Not checking " << (reminder ? "reminder " : "") << "notification filters for notification object '"
+			<< notificationName << "': Notification was forced.";
 	}
 
 	{
@@ -390,28 +364,40 @@ void Notification::BeginExecuteNotification(NotificationType type, const CheckRe
 
 		if (!user->GetEnableNotifications()) {
 			Log(LogNotice, "Notification")
-				<< "Disabled notifications for user '" << userName << "'. Not sending notification.";
+				<< "Notification object '" << notificationName << "': Disabled notifications for user '"
+				<< userName << "'. Not sending notification.";
 			continue;
 		}
 
 		if (!CheckNotificationUserFilters(type, user, force, reminder)) {
 			Log(LogNotice, "Notification")
-				<< "Notification filters for user '" << userName << "' not matched. Not sending notification.";
+				<< "Notification object '" << notificationName << "': Filters for user '" << userName << "' not matched. Not sending notification.";
 			continue;
 		}
 
 		/* on recovery, check if user was notified before */
 		if (type == NotificationRecovery) {
-			if (!notifiedProblemUsers->Contains(userName)) {
+			if (!notifiedProblemUsers->Contains(userName) && (NotificationProblem & user->GetTypeFilter())) {
 				Log(LogNotice, "Notification")
-					<< "We did not notify user '" << userName << "' for a problem before. Not sending recovery notification.";
+					<< "Notification object '" << notificationName << "': We did not notify user '" << userName
+					<< "' (Problem types enabled) for a problem before. Not sending Recovery notification.";
+				continue;
+			}
+		}
+
+		/* on acknowledgement, check if user was notified before */
+		if (type == NotificationAcknowledgement) {
+			if (!notifiedProblemUsers->Contains(userName) && (NotificationProblem & user->GetTypeFilter())) {
+				Log(LogNotice, "Notification")
+					<< "Notification object '" << notificationName << "': We did not notify user '" << userName
+					<< "' (Problem types enabled) for a problem before. Not sending acknowledgement notification.";
 				continue;
 			}
 		}
 
 		Log(LogInformation, "Notification")
-			<< "Sending " << (reminder ? "reminder " : "") << "'" << NotificationTypeToStringInternal(type) << "' notification '"
-			<< GetName() << "' for user '" << userName << "'";
+			<< "Sending " << (reminder ? "reminder " : "") << "'" << NotificationTypeToString(type) << "' notification '"
+			<< notificationName << "' for user '" << userName << "'";
 
 		Utility::QueueAsyncCallback(std::bind(&Notification::ExecuteNotificationHelper, this, type, user, cr, force, author, text));
 
@@ -433,13 +419,16 @@ void Notification::BeginExecuteNotification(NotificationType type, const CheckRe
 
 bool Notification::CheckNotificationUserFilters(NotificationType type, const User::Ptr& user, bool force, bool reminder)
 {
+	String notificationName = GetName();
+	String userName = user->GetName();
+
 	if (!force) {
 		TimePeriod::Ptr tp = user->GetPeriod();
 
 		if (tp && !tp->IsInside(Utility::GetTime())) {
 			Log(LogNotice, "Notification")
-				<< "Not sending " << (reminder ? "reminder " : " ") << "notifications for notification object '"
-				<< GetName() << " and user '" << user->GetName()
+				<< "Not sending " << (reminder ? "reminder " : "") << "notifications for notification object '"
+				<< notificationName << " and user '" << userName
 				<< "': user period not in timeperiod '" << tp->GetName() << "'";
 			return false;
 		}
@@ -447,16 +436,17 @@ bool Notification::CheckNotificationUserFilters(NotificationType type, const Use
 		unsigned long ftype = type;
 
 		Log(LogDebug, "Notification")
-			<< "User notification, Type '" << NotificationTypeToStringInternal(type)
+			<< "User '" << userName << "' notification '" << notificationName
+			<< "', Type '" << NotificationTypeToString(type)
 			<< "', TypeFilter: " << NotificationFilterToString(user->GetTypeFilter(), GetTypeFilterMap())
 			<< " (FType=" << ftype << ", TypeFilter=" << GetTypeFilter() << ")";
 
 
 		if (!(ftype & user->GetTypeFilter())) {
 			Log(LogNotice, "Notification")
-				<< "Not sending " << (reminder ? "reminder " : " ") << "notifications for notification object '"
-				<< GetName() << " and user '" << user->GetName() << "': type '"
-				<< NotificationTypeToStringInternal(type) << "' does not match type filter: "
+				<< "Not sending " << (reminder ? "reminder " : "") << "notifications for notification object '"
+				<< notificationName << " and user '" << userName << "': type '"
+				<< NotificationTypeToString(type) << "' does not match type filter: "
 				<< NotificationFilterToString(user->GetTypeFilter(), GetTypeFilterMap()) << ".";
 			return false;
 		}
@@ -480,22 +470,23 @@ bool Notification::CheckNotificationUserFilters(NotificationType type, const Use
 			}
 
 			Log(LogDebug, "Notification")
-				<< "User notification, State '" << stateStr << "', StateFilter: "
+				<< "User '" << userName << "' notification '" << notificationName
+				<< "', State '" << stateStr << "', StateFilter: "
 				<< NotificationFilterToString(user->GetStateFilter(), GetStateFilterMap())
 				<< " (FState=" << fstate << ", StateFilter=" << user->GetStateFilter() << ")";
 
 			if (!(fstate & user->GetStateFilter())) {
 				Log(LogNotice, "Notification")
-					<< "Not " << (reminder ? "reminder " : " ") << "sending notifications for notification object '"
-					<< GetName() << " and user '" << user->GetName() << "': state '" << stateStr
+					<< "Not " << (reminder ? "reminder " : "") << "sending notifications for notification object '"
+					<< notificationName << " and user '" << userName << "': state '" << stateStr
 					<< "' does not match state filter: " << NotificationFilterToString(user->GetStateFilter(), GetStateFilterMap()) << ".";
 				return false;
 			}
 		}
 	} else {
 		Log(LogNotice, "Notification")
-			<< "Not checking " << (reminder ? "reminder " : " ") << "notification filters for notification object '"
-			<< GetName() << "' and user '" << user->GetName() << "': Notification was forced.";
+			<< "Not checking " << (reminder ? "reminder " : "") << "notification filters for notification object '"
+			<< notificationName << "' and user '" << userName << "': Notification was forced.";
 	}
 
 	return true;
@@ -503,32 +494,74 @@ bool Notification::CheckNotificationUserFilters(NotificationType type, const Use
 
 void Notification::ExecuteNotificationHelper(NotificationType type, const User::Ptr& user, const CheckResult::Ptr& cr, bool force, const String& author, const String& text)
 {
+	String notificationName = GetName();
+	String userName = user->GetName();
+	String checkableName = GetCheckable()->GetName();
+
+	NotificationCommand::Ptr command = GetCommand();
+
+	if (!command) {
+		Log(LogDebug, "Notification")
+			<< "No command found for notification '" << notificationName << "'. Skipping execution.";
+		return;
+	}
+
+	String commandName = command->GetName();
+
 	try {
-		NotificationCommand::Ptr command = GetCommand();
+		NotificationResult::Ptr nr = new NotificationResult();
 
-		if (!command) {
-			Log(LogDebug, "Notification")
-				<< "No command found for notification '" << GetName() << "'. Skipping execution.";
-			return;
-		}
+		nr->SetExecutionStart(Utility::GetTime());
 
-		command->Execute(this, user, cr, type, author, text);
+		command->Execute(this, user, cr, nr, type, author, text);
 
 		/* required by compatlogger */
-		Service::OnNotificationSentToUser(this, GetCheckable(), user, type, cr, author, text, command->GetName(), nullptr);
+		Checkable::OnNotificationSentToUser(this, GetCheckable(), user, type, cr, nr, author, text, command->GetName(), nullptr);
 
 		Log(LogInformation, "Notification")
-			<< "Completed sending '" << NotificationTypeToStringInternal(type)
-			<< "' notification '" << GetName()
-			<< "' for checkable '" << GetCheckable()->GetName()
-			<< "' and user '" << user->GetName() << "'.";
+			<< "Completed sending '" << NotificationTypeToString(type)
+			<< "' notification '" << notificationName
+			<< "' for checkable '" << checkableName
+			<< "' and user '" << userName << "' using command '" << commandName << "'.";
 	} catch (const std::exception& ex) {
 		Log(LogWarning, "Notification")
-			<< "Exception occured during notification for checkable '"
-			<< GetCheckable()->GetName() << "': " << DiagnosticInformation(ex);
+			<< "Exception occurred during notification '" << notificationName
+			<< "' for checkable '" << checkableName
+			<< "' and user '" << userName << "' using command '" << commandName << "': "
+			<< DiagnosticInformation(ex, false);
 	}
 }
 
+void Notification::ProcessNotificationResult(const NotificationResult::Ptr& nr, const MessageOrigin::Ptr& origin)
+{
+	if (!nr)
+		return;
+
+	double now = Utility::GetTime();
+
+	if (nr->GetExecutionStart() == 0)
+		nr->SetExecutionStart(now);
+
+	if (nr->GetExecutionEnd() == 0)
+		nr->SetExecutionEnd(now);
+
+	/* Determine the execution endpoint from a locally executed check. */
+	if (!origin || origin->IsLocal())
+		nr->SetExecutionEndpoint(IcingaApplication::GetInstance()->GetNodeName());
+
+	if (!IsActive())
+		return;
+
+	{
+		ObjectLock olock(this);
+
+		SetLastNotificationResult(nr);
+	}
+
+	/* Notify cluster, API and feature events. */
+	OnNewNotificationResult(this, nr, origin);
+}
+
 int icinga::ServiceStateToFilter(ServiceState state)
 {
 	switch (state) {
@@ -570,30 +603,51 @@ String Notification::NotificationFilterToString(int filter, const std::map<Strin
 	return Utility::NaturalJoin(sFilters);
 }
 
-/* internal for logging */
-String Notification::NotificationTypeToStringInternal(NotificationType type)
+/*
+ * Main interface to translate NotificationType values into strings.
+ */
+String Notification::NotificationTypeToString(NotificationType type)
+{
+	auto typeMap = Notification::m_TypeFilterMap;
+
+	auto it = std::find_if(typeMap.begin(), typeMap.end(),
+		[&type](const std::pair<String, int>& p) {
+			return p.second == type;
+	});
+
+	if (it == typeMap.end())
+		return Empty;
+
+	return it->first;
+}
+
+
+/*
+ * Compat interface used in external features.
+ */
+String Notification::NotificationTypeToStringCompat(NotificationType type)
 {
 	switch (type) {
 		case NotificationDowntimeStart:
-			return "DowntimeStart";
+			return "DOWNTIMESTART";
 		case NotificationDowntimeEnd:
-			return "DowntimeEnd";
+			return "DOWNTIMEEND";
 		case NotificationDowntimeRemoved:
-			return "DowntimeRemoved";
+			return "DOWNTIMECANCELLED";
 		case NotificationCustom:
-			return "Custom";
+			return "CUSTOM";
 		case NotificationAcknowledgement:
-			return "Acknowledgement";
+			return "ACKNOWLEDGEMENT";
 		case NotificationProblem:
-			return "Problem";
+			return "PROBLEM";
 		case NotificationRecovery:
-			return "Recovery";
+			return "RECOVERY";
 		case NotificationFlappingStart:
-			return "FlappingStart";
+			return "FLAPPINGSTART";
 		case NotificationFlappingEnd:
-			return "FlappingEnd";
+			return "FLAPPINGEND";
 		default:
-			return Empty;
+			return "UNKNOWN_NOTIFICATION";
 	}
 }
 
@@ -664,6 +718,35 @@ void Notification::ValidateTypes(const Lazy<Array::Ptr>& lvalue, const Validatio
 		BOOST_THROW_EXCEPTION(ValidationError(this, { "types" }, "Type filter is invalid."));
 }
 
+void Notification::ValidateTimes(const Lazy<Dictionary::Ptr>& lvalue, const ValidationUtils& utils)
+{
+	ObjectImpl<Notification>::ValidateTimes(lvalue, utils);
+
+	Dictionary::Ptr times = lvalue();
+
+	if (!times)
+		return;
+
+	double begin;
+	double end;
+
+	try {
+		begin = Convert::ToDouble(times->Get("begin"));
+	} catch (const std::exception&) {
+		BOOST_THROW_EXCEPTION(ValidationError(this, { "times" }, "'begin' is invalid, must be duration or number." ));
+	}
+
+	try {
+		end = Convert::ToDouble(times->Get("end"));
+	} catch (const std::exception&) {
+		BOOST_THROW_EXCEPTION(ValidationError(this, { "times" }, "'end' is invalid, must be duration or number." ));
+	}
+
+	/* Also solve logical errors where begin > end. */
+	if (begin > 0 && end > 0 && begin > end)
+		BOOST_THROW_EXCEPTION(ValidationError(this, { "times" }, "'begin' must be smaller than 'end'."));
+}
+
 Endpoint::Ptr Notification::GetCommandEndpoint() const
 {
 	return Endpoint::GetByName(GetCommandEndpointRaw());
diff --git a/lib/icinga/notification.hpp b/lib/icinga/notification.hpp
index 47dd9d52d..5fcb6fd2a 100644
--- a/lib/icinga/notification.hpp
+++ b/lib/icinga/notification.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NOTIFICATION_H
 #define NOTIFICATION_H
@@ -27,6 +10,7 @@
 #include "icinga/usergroup.hpp"
 #include "icinga/timeperiod.hpp"
 #include "icinga/checkresult.hpp"
+#include "icinga/notificationresult.hpp"
 #include "remote/endpoint.hpp"
 #include "remote/messageorigin.hpp"
 #include "base/array.hpp"
@@ -99,15 +83,25 @@ public:
 
 	Endpoint::Ptr GetCommandEndpoint() const;
 
+	void ProcessNotificationResult(const NotificationResult::Ptr& nr, const MessageOrigin::Ptr& origin = nullptr);
+
+	// Logging, etc.
 	static String NotificationTypeToString(NotificationType type);
+	// Compat, used for notifications, etc.
+	static String NotificationTypeToStringCompat(NotificationType type);
 	static String NotificationFilterToString(int filter, const std::map<String, int>& filterMap);
 
+	static String NotificationServiceStateToString(ServiceState state);
+	static String NotificationHostStateToString(HostState state);
+
 	static boost::signals2::signal<void (const Notification::Ptr&, const MessageOrigin::Ptr&)> OnNextNotificationChanged;
+	static boost::signals2::signal<void (const Notification::Ptr&, const NotificationResult::Ptr&, const MessageOrigin::Ptr&)> OnNewNotificationResult;
 
 	void Validate(int types, const ValidationUtils& utils) override;
 
 	void ValidateStates(const Lazy<Array::Ptr>& lvalue, const ValidationUtils& utils) override;
 	void ValidateTypes(const Lazy<Array::Ptr>& lvalue, const ValidationUtils& utils) override;
+	void ValidateTimes(const Lazy<Dictionary::Ptr>& lvalue, const ValidationUtils& utils) override;
 
 	static void EvaluateApplyRules(const intrusive_ptr<Host>& host);
 	static void EvaluateApplyRules(const intrusive_ptr<Service>& service);
@@ -131,10 +125,6 @@ private:
 	static bool EvaluateApplyRuleInstance(const intrusive_ptr<Checkable>& checkable, const String& name, ScriptFrame& frame, const ApplyRule& rule);
 	static bool EvaluateApplyRule(const intrusive_ptr<Checkable>& checkable, const ApplyRule& rule);
 
-	static String NotificationTypeToStringInternal(NotificationType type);
-	static String NotificationServiceStateToString(ServiceState state);
-	static String NotificationHostStateToString(HostState state);
-
 	static std::map<String, int> m_StateFilterMap;
 	static std::map<String, int> m_TypeFilterMap;
 };
diff --git a/lib/icinga/notification.ti b/lib/icinga/notification.ti
index d11f1b377..0212a144a 100644
--- a/lib/icinga/notification.ti
+++ b/lib/icinga/notification.ti
@@ -1,23 +1,8 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
+#include "icinga/notificationresult.hpp"
+#include "base/array.hpp"
 #impl_include "icinga/notificationcommand.hpp"
 #impl_include "icinga/service.hpp"
 
@@ -33,6 +18,7 @@ public:
 	virtual String MakeName(const String& shortName, const Object::Ptr& context) const;
 	virtual Dictionary::Ptr ParseName(const String& name) const;
 };
+
 }}}
 
 class Notification : CustomVarObject < NotificationNameComposer
@@ -94,10 +80,15 @@ class Notification : CustomVarObject < NotificationNameComposer
 		default {{{ return false; }}}
 	};
 
+	[state, no_user_view, no_user_modify] Array::Ptr stashed_notifications {
+		default {{{ return new Array(); }}}
+	};
+
 	[state] Timestamp last_notification;
 	[state] Timestamp next_notification;
 	[state] int notification_number;
 	[state] Timestamp last_problem_notification;
+	[state] NotificationResult::Ptr last_notification_result;
 
 	[config, navigation] name(Endpoint) command_endpoint (CommandEndpointRaw) {
 		navigate {{{
diff --git a/lib/icinga/notificationcommand.cpp b/lib/icinga/notificationcommand.cpp
index 46dc7c086..dc9edb4f3 100644
--- a/lib/icinga/notificationcommand.cpp
+++ b/lib/icinga/notificationcommand.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/notificationcommand.hpp"
 #include "icinga/notificationcommand-ti.cpp"
@@ -25,14 +8,15 @@ using namespace icinga;
 REGISTER_TYPE(NotificationCommand);
 
 Dictionary::Ptr NotificationCommand::Execute(const Notification::Ptr& notification,
-	const User::Ptr& user, const CheckResult::Ptr& cr, const NotificationType& type,
-	const String& author, const String& comment, const Dictionary::Ptr& resolvedMacros,
-	bool useResolvedMacros)
+	const User::Ptr& user, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
+	const NotificationType& type, const String& author, const String& comment,
+	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
 {
 	return GetExecute()->Invoke({
 		notification,
 		user,
 		cr,
+		nr,
 		type,
 		author,
 		comment,
diff --git a/lib/icinga/notificationcommand.hpp b/lib/icinga/notificationcommand.hpp
index 10079250e..0c76a0142 100644
--- a/lib/icinga/notificationcommand.hpp
+++ b/lib/icinga/notificationcommand.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NOTIFICATIONCOMMAND_H
 #define NOTIFICATIONCOMMAND_H
@@ -40,8 +23,8 @@ public:
 	DECLARE_OBJECTNAME(NotificationCommand);
 
 	virtual Dictionary::Ptr Execute(const intrusive_ptr<Notification>& notification,
-		const User::Ptr& user, const CheckResult::Ptr& cr, const NotificationType& type,
-		const String& author, const String& comment,
+		const User::Ptr& user, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
+		const NotificationType& type, const String& author, const String& comment,
 		const Dictionary::Ptr& resolvedMacros = nullptr,
 		bool useResolvedMacros = false);
 };
diff --git a/lib/icinga/notificationcommand.ti b/lib/icinga/notificationcommand.ti
index 3749c0613..51207a362 100644
--- a/lib/icinga/notificationcommand.ti
+++ b/lib/icinga/notificationcommand.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/command.hpp"
 
diff --git a/lib/icinga/notificationresult.cpp b/lib/icinga/notificationresult.cpp
new file mode 100644
index 000000000..d57ad4bb0
--- /dev/null
+++ b/lib/icinga/notificationresult.cpp
@@ -0,0 +1,13 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "icinga/notificationresult.hpp"
+#include "icinga/notificationresult-ti.cpp"
+
+using namespace icinga;
+
+REGISTER_TYPE(NotificationResult);
+
+double NotificationResult::CalculateExecutionTime() const
+{
+	return GetExecutionEnd() - GetExecutionStart();
+}
diff --git a/lib/icinga/notificationresult.hpp b/lib/icinga/notificationresult.hpp
new file mode 100644
index 000000000..bb7049f18
--- /dev/null
+++ b/lib/icinga/notificationresult.hpp
@@ -0,0 +1,27 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef NOTIFICATIONRESULT_H
+#define NOTIFICATIONRESULT_H
+
+#include "icinga/i2-icinga.hpp"
+#include "icinga/notificationresult-ti.hpp"
+
+namespace icinga
+{
+
+/**
+ * A notification result.
+ *
+ * @ingroup icinga
+ */
+class NotificationResult final : public ObjectImpl<NotificationResult>
+{
+public:
+	DECLARE_OBJECT(NotificationResult);
+
+	double CalculateExecutionTime() const;
+};
+
+}
+
+#endif /* NOTIFICATIONRESULT_H */
diff --git a/lib/icinga/notificationresult.ti b/lib/icinga/notificationresult.ti
new file mode 100644
index 000000000..0b77c938f
--- /dev/null
+++ b/lib/icinga/notificationresult.ti
@@ -0,0 +1,24 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+library icinga;
+
+namespace icinga
+{
+
+class NotificationResult
+{
+	[state] Timestamp execution_start;
+	[state] Timestamp execution_end;
+
+	[state] Value command;
+	[state] int exit_status;
+	[state] String output;
+
+	[state] bool active {
+		default {{{ return true; }}}
+	};
+
+	[state] String execution_endpoint;
+};
+
+}
diff --git a/lib/icinga/objectutils.cpp b/lib/icinga/objectutils.cpp
index f41143037..559ca4328 100644
--- a/lib/icinga/objectutils.cpp
+++ b/lib/icinga/objectutils.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/objectutils.hpp"
 #include "icinga/host.hpp"
@@ -29,17 +12,17 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(System, get_host, &Host::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_service, &ObjectUtils::GetService, "host:name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_services, &ObjectUtils::GetServices, "host");
-REGISTER_SCRIPTFUNCTION_NS(System, get_user, &User::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_check_command, &CheckCommand::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_event_command, &EventCommand::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_notification_command, &NotificationCommand::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_host_group, &HostGroup::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_service_group, &ServiceGroup::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_user_group, &UserGroup::GetByName, "name");
-REGISTER_SCRIPTFUNCTION_NS(System, get_time_period, &TimePeriod::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_host, &Host::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_service, &ObjectUtils::GetService, "host:name");
+REGISTER_FUNCTION(Icinga, get_services, &ObjectUtils::GetServices, "host");
+REGISTER_FUNCTION(Icinga, get_user, &User::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_check_command, &CheckCommand::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_event_command, &EventCommand::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_notification_command, &NotificationCommand::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_host_group, &HostGroup::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_service_group, &ServiceGroup::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_user_group, &UserGroup::GetByName, "name");
+REGISTER_FUNCTION(Icinga, get_time_period, &TimePeriod::GetByName, "name");
 
 Service::Ptr ObjectUtils::GetService(const Value& host, const String& name)
 {
diff --git a/lib/icinga/objectutils.hpp b/lib/icinga/objectutils.hpp
index 60a77646f..42e295342 100644
--- a/lib/icinga/objectutils.hpp
+++ b/lib/icinga/objectutils.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECTUTILS_H
 #define OBJECTUTILS_H
diff --git a/lib/icinga/pluginutility.cpp b/lib/icinga/pluginutility.cpp
index 0dcc70997..d19399870 100644
--- a/lib/icinga/pluginutility.cpp
+++ b/lib/icinga/pluginutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/pluginutility.hpp"
 #include "icinga/macroprocessor.hpp"
@@ -32,7 +15,7 @@ using namespace icinga;
 
 void PluginUtility::ExecuteCommand(const Command::Ptr& commandObj, const Checkable::Ptr& checkable,
 	const CheckResult::Ptr& cr, const MacroProcessor::ResolverList& macroResolvers,
-	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros,
+	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros, int timeout,
 	const std::function<void(const Value& commandLine, const ProcessResult&)>& callback)
 {
 	Value raw_command = commandObj->GetCommandLine();
@@ -70,10 +53,17 @@ void PluginUtility::ExecuteCommand(const Command::Ptr& commandObj, const Checkab
 		for (const Dictionary::Pair& kv : env) {
 			String name = kv.second;
 
+			String missingMacro;
 			Value value = MacroProcessor::ResolveMacros(name, macroResolvers, cr,
-				nullptr, MacroProcessor::EscapeCallback(), resolvedMacros,
+				&missingMacro, MacroProcessor::EscapeCallback(), resolvedMacros,
 				useResolvedMacros);
 
+#ifdef I2_DEBUG
+			if (!missingMacro.IsEmpty())
+				Log(LogDebug, "PluginUtility")
+					<< "Macro '" << name << "' is not defined.";
+#endif /* I2_DEBUG */
+
 			if (value.IsObjectType<Array>())
 				value = Utility::Join(value, ';');
 
@@ -86,11 +76,7 @@ void PluginUtility::ExecuteCommand(const Command::Ptr& commandObj, const Checkab
 
 	Process::Ptr process = new Process(Process::PrepareCommand(command), envMacros);
 
-	if (checkable->GetCheckTimeout().IsEmpty())
-		process->SetTimeout(commandObj->GetTimeout());
-	else
-		process->SetTimeout(checkable->GetCheckTimeout());
-
+	process->SetTimeout(timeout);
 	process->SetAdjustPriority(true);
 
 	process->Run(std::bind(callback, command, _1));
diff --git a/lib/icinga/pluginutility.hpp b/lib/icinga/pluginutility.hpp
index 756ad9d97..0ea56e2c5 100644
--- a/lib/icinga/pluginutility.hpp
+++ b/lib/icinga/pluginutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PLUGINUTILITY_H
 #define PLUGINUTILITY_H
@@ -41,7 +24,7 @@ class PluginUtility
 public:
 	static void ExecuteCommand(const Command::Ptr& commandObj, const Checkable::Ptr& checkable,
 		const CheckResult::Ptr& cr, const MacroProcessor::ResolverList& macroResolvers,
-		const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros,
+		const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros, int timeout,
 		const std::function<void(const Value& commandLine, const ProcessResult&)>& callback = std::function<void(const Value& commandLine, const ProcessResult&)>());
 
 	static ServiceState ExitStatusToState(int exitStatus);
diff --git a/lib/icinga/scheduleddowntime-apply.cpp b/lib/icinga/scheduleddowntime-apply.cpp
index 3909f6fc0..770688cd4 100644
--- a/lib/icinga/scheduleddowntime-apply.cpp
+++ b/lib/icinga/scheduleddowntime-apply.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/scheduleddowntime.hpp"
 #include "icinga/service.hpp"
diff --git a/lib/icinga/scheduleddowntime.cpp b/lib/icinga/scheduleddowntime.cpp
index 6a715fc40..6642841f4 100644
--- a/lib/icinga/scheduleddowntime.cpp
+++ b/lib/icinga/scheduleddowntime.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/scheduleddowntime.hpp"
 #include "icinga/scheduleddowntime-ti.cpp"
@@ -80,6 +63,8 @@ void ScheduledDowntime::OnAllConfigLoaded()
 
 	if (!GetCheckable())
 		BOOST_THROW_EXCEPTION(ScriptError("ScheduledDowntime '" + GetName() + "' references a host/service which doesn't exist.", GetDebugInfo()));
+
+	m_AllConfigLoaded.store(true);
 }
 
 void ScheduledDowntime::Start(bool runtimeCreated)
@@ -95,13 +80,14 @@ void ScheduledDowntime::Start(bool runtimeCreated)
 		l_Timer->Start();
 	});
 
-	Utility::QueueAsyncCallback(std::bind(&ScheduledDowntime::CreateNextDowntime, this));
+	if (!IsPaused())
+		Utility::QueueAsyncCallback(std::bind(&ScheduledDowntime::CreateNextDowntime, this));
 }
 
 void ScheduledDowntime::TimerProc()
 {
 	for (const ScheduledDowntime::Ptr& sd : ConfigType::GetObjectsByType<ScheduledDowntime>()) {
-		if (sd->IsActive())
+		if (sd->IsActive() && !sd->IsPaused())
 			sd->CreateNextDowntime();
 	}
 }
@@ -116,6 +102,67 @@ Checkable::Ptr ScheduledDowntime::GetCheckable() const
 		return host->GetServiceByShortName(GetServiceName());
 }
 
+std::pair<double, double> ScheduledDowntime::FindRunningSegment(double minEnd)
+{
+	time_t refts = Utility::GetTime();
+	tm reference = Utility::LocalTime(refts);
+
+	Log(LogDebug, "ScheduledDowntime")
+	    << "Finding running scheduled downtime segment for time " << refts
+	    << " (minEnd " << (minEnd > 0 ? Utility::FormatDateTime("%c", minEnd) : "-") << ")";
+
+	Dictionary::Ptr ranges = GetRanges();
+
+	if (!ranges)
+		return std::make_pair(0, 0);
+
+	Array::Ptr segments = new Array();
+
+	Dictionary::Ptr bestSegment;
+	double bestBegin = 0.0, bestEnd = 0.0;
+	double now = Utility::GetTime();
+
+	ObjectLock olock(ranges);
+
+	/* Find the longest lasting (and longer than minEnd, if given) segment that's already running */  
+	for (const Dictionary::Pair& kv : ranges) {
+		Log(LogDebug, "ScheduledDowntime")
+		    << "Evaluating (running?) segment: " << kv.first << ": " << kv.second;
+
+		Dictionary::Ptr segment = LegacyTimePeriod::FindRunningSegment(kv.first, kv.second, &reference);
+
+		if (!segment)
+			continue;
+
+		double begin = segment->Get("begin");
+		double end = segment->Get("end");
+
+		Log(LogDebug, "ScheduledDowntime")
+		    << "Considering (running?) segment: " << Utility::FormatDateTime("%c", begin) << " -> " << Utility::FormatDateTime("%c", end);
+
+		if (begin >= now || end < now) {
+			Log(LogDebug, "ScheduledDowntime") << "not running.";
+			continue;
+		}
+		if (minEnd && end <= minEnd) {
+			Log(LogDebug, "ScheduledDowntime") << "ending too early.";
+			continue;
+		}
+
+		if (!bestSegment || end > bestEnd) {
+			Log(LogDebug, "ScheduledDowntime") << "(best match yet)";
+			bestSegment = segment;
+			bestBegin = begin;
+			bestEnd = end;
+		}
+	}
+
+	if (bestSegment)
+		return std::make_pair(bestBegin, bestEnd);
+
+	return std::make_pair(0, 0);
+}
+
 std::pair<double, double> ScheduledDowntime::FindNextSegment()
 {
 	time_t refts = Utility::GetTime();
@@ -132,42 +179,62 @@ std::pair<double, double> ScheduledDowntime::FindNextSegment()
 	Array::Ptr segments = new Array();
 
 	Dictionary::Ptr bestSegment;
-	double bestBegin;
+	double bestBegin = 0.0, bestEnd = 0.0;
 	double now = Utility::GetTime();
 
 	ObjectLock olock(ranges);
+
+	/* Find the segment starting earliest */
 	for (const Dictionary::Pair& kv : ranges) {
 		Log(LogDebug, "ScheduledDowntime")
-			<< "Evaluating segment: " << kv.first << ": " << kv.second << " at ";
+			<< "Evaluating segment: " << kv.first << ": " << kv.second;
 
 		Dictionary::Ptr segment = LegacyTimePeriod::FindNextSegment(kv.first, kv.second, &reference);
 
 		if (!segment)
 			continue;
 
-		Log(LogDebug, "ScheduledDowntime")
-			<< "Considering segment: " << Utility::FormatDateTime("%c", segment->Get("begin")) << " -> " << Utility::FormatDateTime("%c", segment->Get("end"));
-
 		double begin = segment->Get("begin");
+		double end = segment->Get("end");
 
-		if (begin < now)
+		Log(LogDebug, "ScheduledDowntime")
+			<< "Considering segment: " << Utility::FormatDateTime("%c", begin) << " -> " << Utility::FormatDateTime("%c", end);
+
+		if (begin < now) {
+			Log(LogDebug, "ScheduledDowntime") << "already running.";
 			continue;
+		}
 
 		if (!bestSegment || begin < bestBegin) {
+			Log(LogDebug, "ScheduledDowntime") << "(best match yet)";
 			bestSegment = segment;
 			bestBegin = begin;
+			bestEnd = end;
 		}
 	}
 
 	if (bestSegment)
-		return std::make_pair(bestSegment->Get("begin"), bestSegment->Get("end"));
-	else
-		return std::make_pair(0, 0);
+		return std::make_pair(bestBegin, bestEnd);
+
+	return std::make_pair(0, 0);
 }
 
 void ScheduledDowntime::CreateNextDowntime()
 {
+	/* HA enabled zones. */
+	if (IsActive() && IsPaused()) {
+		Log(LogNotice, "Checkable")
+			<< "Skipping downtime creation for HA-paused Scheduled Downtime object '" << GetName() << "'";
+		return;
+	}
+
+	double minEnd = 0;
+
 	for (const Downtime::Ptr& downtime : GetCheckable()->GetDowntimes()) {
+		double end = downtime->GetEndTime();
+		if (end > minEnd)
+			minEnd = end;
+
 		if (downtime->GetScheduledBy() != GetName() ||
 			downtime->GetStartTime() < Utility::GetTime())
 			continue;
@@ -179,21 +246,42 @@ void ScheduledDowntime::CreateNextDowntime()
 	Log(LogDebug, "ScheduledDowntime")
 		<< "Creating new Downtime for ScheduledDowntime \"" << GetName() << "\"";
 
-	std::pair<double, double> segment = FindNextSegment();
-
+	std::pair<double, double> segment = FindRunningSegment(minEnd);
 	if (segment.first == 0 && segment.second == 0) {
-		tm reference = Utility::LocalTime(Utility::GetTime());
-		reference.tm_mday++;
-		reference.tm_hour = 0;
-		reference.tm_min = 0;
-		reference.tm_sec = 0;
-
-		return;
+		segment = FindNextSegment();
+		if (segment.first == 0 && segment.second == 0)
+			return;
 	}
 
-	Downtime::AddDowntime(GetCheckable(), GetAuthor(), GetComment(),
+	String downtimeName = Downtime::AddDowntime(GetCheckable(), GetAuthor(), GetComment(),
 		segment.first, segment.second,
 		GetFixed(), String(), GetDuration(), GetName(), GetName());
+
+	Downtime::Ptr downtime = Downtime::GetByName(downtimeName);
+
+	int childOptions = Downtime::ChildOptionsFromValue(GetChildOptions());
+	if (childOptions > 0) {
+		/* 'DowntimeTriggeredChildren' schedules child downtimes triggered by the parent downtime.
+		 * 'DowntimeNonTriggeredChildren' schedules non-triggered downtimes for all children.
+		 */
+		String triggerName;
+		if (childOptions == 1)
+			triggerName = downtimeName;
+
+		Log(LogNotice, "ScheduledDowntime")
+				<< "Processing child options " << childOptions << " for downtime " << downtimeName;
+
+		for (const Checkable::Ptr& child : GetCheckable()->GetAllChildren()) {
+			Log(LogNotice, "ScheduledDowntime")
+				<< "Scheduling downtime for child object " << child->GetName();
+
+			String childDowntimeName = Downtime::AddDowntime(child, GetAuthor(), GetComment(),
+				segment.first, segment.second, GetFixed(), triggerName, GetDuration(), GetName(), GetName());
+
+			Log(LogNotice, "ScheduledDowntime")
+				<< "Add child downtime '" << childDowntimeName << "'.";
+		}
+	}
 }
 
 void ScheduledDowntime::ValidateRanges(const Lazy<Dictionary::Ptr>& lvalue, const ValidationUtils& utils)
@@ -226,3 +314,20 @@ void ScheduledDowntime::ValidateRanges(const Lazy<Dictionary::Ptr>& lvalue, cons
 	}
 }
 
+void ScheduledDowntime::ValidateChildOptions(const Lazy<Value>& lvalue, const ValidationUtils& utils)
+{
+	ObjectImpl<ScheduledDowntime>::ValidateChildOptions(lvalue, utils);
+
+	try {
+		Downtime::ChildOptionsFromValue(lvalue());
+	} catch (const std::exception&) {
+		BOOST_THROW_EXCEPTION(ValidationError(this, { "child_options" }, "Invalid child_options specified"));
+	}
+}
+
+bool ScheduledDowntime::AllConfigIsLoaded()
+{
+	return m_AllConfigLoaded.load();
+}
+
+std::atomic<bool> ScheduledDowntime::m_AllConfigLoaded (false);
diff --git a/lib/icinga/scheduleddowntime.hpp b/lib/icinga/scheduleddowntime.hpp
index 86138fa04..90e12d240 100644
--- a/lib/icinga/scheduleddowntime.hpp
+++ b/lib/icinga/scheduleddowntime.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SCHEDULEDDOWNTIME_H
 #define SCHEDULEDDOWNTIME_H
@@ -23,6 +6,7 @@
 #include "icinga/i2-icinga.hpp"
 #include "icinga/scheduleddowntime-ti.hpp"
 #include "icinga/checkable.hpp"
+#include <atomic>
 
 namespace icinga
 {
@@ -47,8 +31,10 @@ public:
 
 	static void EvaluateApplyRules(const intrusive_ptr<Host>& host);
 	static void EvaluateApplyRules(const intrusive_ptr<Service>& service);
+	static bool AllConfigIsLoaded();
 
 	void ValidateRanges(const Lazy<Dictionary::Ptr>& lvalue, const ValidationUtils& utils) override;
+	void ValidateChildOptions(const Lazy<Value>& lvalue, const ValidationUtils& utils) override;
 
 protected:
 	void OnAllConfigLoaded() override;
@@ -57,9 +43,12 @@ protected:
 private:
 	static void TimerProc();
 
+	std::pair<double, double> FindRunningSegment(double minEnd = 0);
 	std::pair<double, double> FindNextSegment();
 	void CreateNextDowntime();
 
+	static std::atomic<bool> m_AllConfigLoaded;
+
 	static bool EvaluateApplyRuleInstance(const Checkable::Ptr& checkable, const String& name, ScriptFrame& frame, const ApplyRule& rule);
 	static bool EvaluateApplyRule(const Checkable::Ptr& checkable, const ApplyRule& rule);
 };
diff --git a/lib/icinga/scheduleddowntime.ti b/lib/icinga/scheduleddowntime.ti
index e119eaa11..7dfb8bf39 100644
--- a/lib/icinga/scheduleddowntime.ti
+++ b/lib/icinga/scheduleddowntime.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 #impl_include "icinga/service.hpp"
@@ -77,6 +60,10 @@ class ScheduledDowntime : CustomVarObject < ScheduledDowntimeNameComposer
 		default {{{ return true; }}}
 	};
 
+	[config] Value child_options {
+	    default {{{ return "DowntimeNoChildren"; }}}
+	};
+
 	[config, required] Dictionary::Ptr ranges;
 };
 
diff --git a/lib/icinga/service-apply.cpp b/lib/icinga/service-apply.cpp
index 4e9f78a66..6479aac52 100644
--- a/lib/icinga/service-apply.cpp
+++ b/lib/icinga/service-apply.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/service.hpp"
 #include "config/configitembuilder.hpp"
diff --git a/lib/icinga/service.cpp b/lib/icinga/service.cpp
index ffbbedd2d..e420b64c3 100644
--- a/lib/icinga/service.cpp
+++ b/lib/icinga/service.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/service.hpp"
 #include "icinga/service-ti.cpp"
@@ -142,6 +125,8 @@ int Service::GetSeverity() const
 		severity |= SeverityFlagDowntime;
 	else if (IsAcknowledged())
 		severity |= SeverityFlagAcknowledgement;
+	else if (m_Host && m_Host->GetProblem())
+		severity |= SeverityFlagHostDown;
 	else
 		severity |= SeverityFlagUnhandled;
 
@@ -150,7 +135,12 @@ int Service::GetSeverity() const
 	return severity;
 }
 
-bool Service::IsStateOK(ServiceState state)
+bool Service::GetHandled() const
+{
+	return Checkable::GetHandled() || (m_Host && m_Host->GetProblem());
+}
+
+bool Service::IsStateOK(ServiceState state) const
 {
 	return state == ServiceOK;
 }
diff --git a/lib/icinga/service.hpp b/lib/icinga/service.hpp
index 8fb45d684..0e6e4d8d3 100644
--- a/lib/icinga/service.hpp
+++ b/lib/icinga/service.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SERVICE_H
 #define SERVICE_H
@@ -46,10 +29,11 @@ public:
 
 	Host::Ptr GetHost() const override;
 	int GetSeverity() const override;
+	bool GetHandled() const override;
 
 	bool ResolveMacro(const String& macro, const CheckResult::Ptr& cr, Value *result) const override;
 
-	bool IsStateOK(ServiceState state) override;
+	bool IsStateOK(ServiceState state) const override;
 	void SaveLastState(ServiceState state, double timestamp) override;
 
 	static ServiceState StateFromString(const String& state);
diff --git a/lib/icinga/service.ti b/lib/icinga/service.ti
index 0d30978ca..bab1ebc8f 100644
--- a/lib/icinga/service.ti
+++ b/lib/icinga/service.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/checkable.hpp"
 #include "icinga/host.hpp"
diff --git a/lib/icinga/servicegroup.cpp b/lib/icinga/servicegroup.cpp
index 2b99f4214..45d953f63 100644
--- a/lib/icinga/servicegroup.cpp
+++ b/lib/icinga/servicegroup.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/servicegroup.hpp"
 #include "icinga/servicegroup-ti.cpp"
diff --git a/lib/icinga/servicegroup.hpp b/lib/icinga/servicegroup.hpp
index 9a8d49a7b..a4fe132fb 100644
--- a/lib/icinga/servicegroup.hpp
+++ b/lib/icinga/servicegroup.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SERVICEGROUP_H
 #define SERVICEGROUP_H
diff --git a/lib/icinga/servicegroup.ti b/lib/icinga/servicegroup.ti
index 1111c4b35..69f300508 100644
--- a/lib/icinga/servicegroup.ti
+++ b/lib/icinga/servicegroup.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 
diff --git a/lib/icinga/timeperiod.cpp b/lib/icinga/timeperiod.cpp
index 97183223e..27b92d550 100644
--- a/lib/icinga/timeperiod.cpp
+++ b/lib/icinga/timeperiod.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/timeperiod.hpp"
 #include "icinga/timeperiod-ti.cpp"
@@ -142,12 +125,12 @@ void TimePeriod::RemoveSegment(double begin, double end)
 	for (const Dictionary::Ptr& segment : segments) {
 		/* Fully contained in the specified range? */
 		if (segment->Get("begin") >= begin && segment->Get("end") <= end)
+			// Don't add the old segment, because the segment is fully contained into our range
 			continue;
 
 		/* Not overlapping at all? */
 		if (segment->Get("end") < begin || segment->Get("begin") > end) {
 			newSegments->Add(segment);
-
 			continue;
 		}
 
@@ -162,6 +145,8 @@ void TimePeriod::RemoveSegment(double begin, double end)
 				{ "begin", end },
 				{ "end", segment->Get("end") }
 			}));
+			// Don't add the old segment, because we have now two new segments and a gap between
+			continue;
 		}
 
 		/* Adjust the begin/end timestamps so as to not overlap with the specified range. */
@@ -235,7 +220,10 @@ void TimePeriod::Merge(const TimePeriod::Ptr& timeperiod, bool include)
 
 void TimePeriod::UpdateRegion(double begin, double end, bool clearExisting)
 {
-	if (!clearExisting) {
+	if (clearExisting) {
+		ObjectLock olock(this);
+		SetSegments(new Array());
+	} else {
 		if (begin < GetValidEnd())
 			begin = GetValidEnd();
 
@@ -359,6 +347,8 @@ void TimePeriod::UpdateTimerHandler()
 
 void TimePeriod::Dump()
 {
+	ObjectLock olock(this);
+
 	Array::Ptr segments = GetSegments();
 
 	Log(LogDebug, "TimePeriod")
diff --git a/lib/icinga/timeperiod.hpp b/lib/icinga/timeperiod.hpp
index a641d40cb..a5a2f73fa 100644
--- a/lib/icinga/timeperiod.hpp
+++ b/lib/icinga/timeperiod.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TIMEPERIOD_H
 #define TIMEPERIOD_H
diff --git a/lib/icinga/timeperiod.ti b/lib/icinga/timeperiod.ti
index f7e2576f4..27365988e 100644
--- a/lib/icinga/timeperiod.ti
+++ b/lib/icinga/timeperiod.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 #include "base/function.hpp"
diff --git a/lib/icinga/user.cpp b/lib/icinga/user.cpp
index 2d72d7373..f55a36aaa 100644
--- a/lib/icinga/user.cpp
+++ b/lib/icinga/user.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/user.hpp"
 #include "icinga/user-ti.cpp"
diff --git a/lib/icinga/user.hpp b/lib/icinga/user.hpp
index 57a007799..f91aefd08 100644
--- a/lib/icinga/user.hpp
+++ b/lib/icinga/user.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef USER_H
 #define USER_H
diff --git a/lib/icinga/user.ti b/lib/icinga/user.ti
index 74034a212..450d95358 100644
--- a/lib/icinga/user.ti
+++ b/lib/icinga/user.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 #include "base/array.hpp"
diff --git a/lib/icinga/usergroup.cpp b/lib/icinga/usergroup.cpp
index 8f2a4e7fc..913882d1c 100644
--- a/lib/icinga/usergroup.cpp
+++ b/lib/icinga/usergroup.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/usergroup.hpp"
 #include "icinga/usergroup-ti.cpp"
diff --git a/lib/icinga/usergroup.hpp b/lib/icinga/usergroup.hpp
index 9bf02a4e8..169f29c10 100644
--- a/lib/icinga/usergroup.hpp
+++ b/lib/icinga/usergroup.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef USERGROUP_H
 #define USERGROUP_H
diff --git a/lib/icinga/usergroup.ti b/lib/icinga/usergroup.ti
index d51b5e7e1..311932171 100644
--- a/lib/icinga/usergroup.ti
+++ b/lib/icinga/usergroup.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/customvarobject.hpp"
 
diff --git a/lib/livestatus/CMakeLists.txt b/lib/livestatus/CMakeLists.txt
index e93e2624b..d49f9f5e1 100644
--- a/lib/livestatus/CMakeLists.txt
+++ b/lib/livestatus/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(livestatuslistener.ti livestatuslistener-ti.cpp livestatuslistener-ti.hpp)
 
@@ -72,9 +57,9 @@ set_target_properties (
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/livestatus.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_RUNDIR}/icinga2/cmd\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_INITRUNDIR}/cmd\")")
 
 set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "${CPACK_NSIS_EXTRA_INSTALL_COMMANDS}" PARENT_SCOPE)
diff --git a/lib/livestatus/aggregator.cpp b/lib/livestatus/aggregator.cpp
index 1cc4b9762..a809b073f 100644
--- a/lib/livestatus/aggregator.cpp
+++ b/lib/livestatus/aggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/aggregator.hpp"
 
diff --git a/lib/livestatus/aggregator.hpp b/lib/livestatus/aggregator.hpp
index 28aa60355..1c0f7781e 100644
--- a/lib/livestatus/aggregator.hpp
+++ b/lib/livestatus/aggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef AGGREGATOR_H
 #define AGGREGATOR_H
diff --git a/lib/livestatus/andfilter.cpp b/lib/livestatus/andfilter.cpp
index 66b46766b..98525806f 100644
--- a/lib/livestatus/andfilter.cpp
+++ b/lib/livestatus/andfilter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/andfilter.hpp"
 
diff --git a/lib/livestatus/andfilter.hpp b/lib/livestatus/andfilter.hpp
index cdbd21752..8192bf72e 100644
--- a/lib/livestatus/andfilter.hpp
+++ b/lib/livestatus/andfilter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ANDFILTER_H
 #define ANDFILTER_H
diff --git a/lib/livestatus/attributefilter.cpp b/lib/livestatus/attributefilter.cpp
index 35ed40cf7..50d7244eb 100644
--- a/lib/livestatus/attributefilter.cpp
+++ b/lib/livestatus/attributefilter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/attributefilter.hpp"
 #include "base/convert.hpp"
diff --git a/lib/livestatus/attributefilter.hpp b/lib/livestatus/attributefilter.hpp
index f8220eaad..18bd8431e 100644
--- a/lib/livestatus/attributefilter.hpp
+++ b/lib/livestatus/attributefilter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ATTRIBUTEFILTER_H
 #define ATTRIBUTEFILTER_H
diff --git a/lib/livestatus/avgaggregator.cpp b/lib/livestatus/avgaggregator.cpp
index 592aadb1c..35701f313 100644
--- a/lib/livestatus/avgaggregator.cpp
+++ b/lib/livestatus/avgaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/avgaggregator.hpp"
 
diff --git a/lib/livestatus/avgaggregator.hpp b/lib/livestatus/avgaggregator.hpp
index 664134832..11bd9f380 100644
--- a/lib/livestatus/avgaggregator.hpp
+++ b/lib/livestatus/avgaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef AVGAGGREGATOR_H
 #define AVGAGGREGATOR_H
diff --git a/lib/livestatus/column.cpp b/lib/livestatus/column.cpp
index 8cdd4eacf..c915b3df3 100644
--- a/lib/livestatus/column.cpp
+++ b/lib/livestatus/column.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/column.hpp"
 
diff --git a/lib/livestatus/column.hpp b/lib/livestatus/column.hpp
index 4cc132ab7..264cca746 100644
--- a/lib/livestatus/column.hpp
+++ b/lib/livestatus/column.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COLUMN_H
 #define COLUMN_H
diff --git a/lib/livestatus/combinerfilter.cpp b/lib/livestatus/combinerfilter.cpp
index 0657b8397..36a8328b7 100644
--- a/lib/livestatus/combinerfilter.cpp
+++ b/lib/livestatus/combinerfilter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/combinerfilter.hpp"
 
diff --git a/lib/livestatus/combinerfilter.hpp b/lib/livestatus/combinerfilter.hpp
index 56b7e9b90..49b8b611d 100644
--- a/lib/livestatus/combinerfilter.hpp
+++ b/lib/livestatus/combinerfilter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMBINERFILTER_H
 #define COMBINERFILTER_H
diff --git a/lib/livestatus/commandstable.cpp b/lib/livestatus/commandstable.cpp
index a26ae91a2..3a777d231 100644
--- a/lib/livestatus/commandstable.cpp
+++ b/lib/livestatus/commandstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/commandstable.hpp"
 #include "icinga/icingaapplication.hpp"
diff --git a/lib/livestatus/commandstable.hpp b/lib/livestatus/commandstable.hpp
index 3589f969f..cd2d91521 100644
--- a/lib/livestatus/commandstable.hpp
+++ b/lib/livestatus/commandstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMMANDSTABLE_H
 #define COMMANDSTABLE_H
diff --git a/lib/livestatus/commentstable.cpp b/lib/livestatus/commentstable.cpp
index ca75eb259..3676ac3ac 100644
--- a/lib/livestatus/commentstable.cpp
+++ b/lib/livestatus/commentstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/commentstable.hpp"
 #include "livestatus/hoststable.hpp"
@@ -23,7 +6,6 @@
 #include "icinga/service.hpp"
 #include "base/configtype.hpp"
 #include "base/objectlock.hpp"
-#include <boost/tuple/tuple.hpp>
 
 using namespace icinga;
 
diff --git a/lib/livestatus/commentstable.hpp b/lib/livestatus/commentstable.hpp
index f6dbf7dc8..b46e155f3 100644
--- a/lib/livestatus/commentstable.hpp
+++ b/lib/livestatus/commentstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COMMENTSTABLE_H
 #define COMMENTSTABLE_H
diff --git a/lib/livestatus/contactgroupstable.cpp b/lib/livestatus/contactgroupstable.cpp
index 2be78ffad..b4d6853d5 100644
--- a/lib/livestatus/contactgroupstable.cpp
+++ b/lib/livestatus/contactgroupstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/contactgroupstable.hpp"
 #include "icinga/usergroup.hpp"
diff --git a/lib/livestatus/contactgroupstable.hpp b/lib/livestatus/contactgroupstable.hpp
index f8e46390d..a57f5c3b3 100644
--- a/lib/livestatus/contactgroupstable.hpp
+++ b/lib/livestatus/contactgroupstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONTACTGROUPSTABLE_H
 #define CONTACTGROUPSTABLE_H
diff --git a/lib/livestatus/contactstable.cpp b/lib/livestatus/contactstable.cpp
index 62030aae6..d6a04c41d 100644
--- a/lib/livestatus/contactstable.cpp
+++ b/lib/livestatus/contactstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/contactstable.hpp"
 #include "icinga/user.hpp"
@@ -25,7 +8,6 @@
 #include "base/objectlock.hpp"
 #include "base/json.hpp"
 #include "base/utility.hpp"
-#include <boost/tuple/tuple.hpp>
 
 using namespace icinga;
 
diff --git a/lib/livestatus/contactstable.hpp b/lib/livestatus/contactstable.hpp
index 4c4816c0c..0bd2679ed 100644
--- a/lib/livestatus/contactstable.hpp
+++ b/lib/livestatus/contactstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONTACTSTABLE_H
 #define CONTACTSTABLE_H
diff --git a/lib/livestatus/countaggregator.cpp b/lib/livestatus/countaggregator.cpp
index 11ceb96ff..b8a7238f3 100644
--- a/lib/livestatus/countaggregator.cpp
+++ b/lib/livestatus/countaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/countaggregator.hpp"
 
diff --git a/lib/livestatus/countaggregator.hpp b/lib/livestatus/countaggregator.hpp
index 5b4d19588..22d498395 100644
--- a/lib/livestatus/countaggregator.hpp
+++ b/lib/livestatus/countaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef COUNTAGGREGATOR_H
 #define COUNTAGGREGATOR_H
diff --git a/lib/livestatus/downtimestable.cpp b/lib/livestatus/downtimestable.cpp
index 008a391ac..b3eb121f9 100644
--- a/lib/livestatus/downtimestable.cpp
+++ b/lib/livestatus/downtimestable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/downtimestable.hpp"
 #include "livestatus/hoststable.hpp"
@@ -23,7 +6,6 @@
 #include "icinga/service.hpp"
 #include "base/configtype.hpp"
 #include "base/objectlock.hpp"
-#include <boost/tuple/tuple.hpp>
 
 using namespace icinga;
 
diff --git a/lib/livestatus/downtimestable.hpp b/lib/livestatus/downtimestable.hpp
index 9b3ca2a96..4b5c909f1 100644
--- a/lib/livestatus/downtimestable.hpp
+++ b/lib/livestatus/downtimestable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DOWNTIMESTABLE_H
 #define DOWNTIMESTABLE_H
diff --git a/lib/livestatus/endpointstable.cpp b/lib/livestatus/endpointstable.cpp
index 260916fa6..3d407eb3e 100644
--- a/lib/livestatus/endpointstable.cpp
+++ b/lib/livestatus/endpointstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/endpointstable.hpp"
 #include "icinga/host.hpp"
@@ -27,7 +10,6 @@
 #include "base/objectlock.hpp"
 #include "base/convert.hpp"
 #include "base/utility.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <boost/algorithm/string/replace.hpp>
 
 using namespace icinga;
diff --git a/lib/livestatus/endpointstable.hpp b/lib/livestatus/endpointstable.hpp
index ced85cfe5..7d011eff6 100644
--- a/lib/livestatus/endpointstable.hpp
+++ b/lib/livestatus/endpointstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ENDPOINTSTABLE_H
 #define ENDPOINTSTABLE_H
diff --git a/lib/livestatus/filter.hpp b/lib/livestatus/filter.hpp
index 2febc8db3..b9a01c860 100644
--- a/lib/livestatus/filter.hpp
+++ b/lib/livestatus/filter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FILTER_H
 #define FILTER_H
diff --git a/lib/livestatus/historytable.hpp b/lib/livestatus/historytable.hpp
index 9d032e617..f1178573a 100644
--- a/lib/livestatus/historytable.hpp
+++ b/lib/livestatus/historytable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HISTORYTABLE_H
 #define HISTORYTABLE_H
diff --git a/lib/livestatus/hostgroupstable.cpp b/lib/livestatus/hostgroupstable.cpp
index a4ab713a3..984eddb08 100644
--- a/lib/livestatus/hostgroupstable.cpp
+++ b/lib/livestatus/hostgroupstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/hostgroupstable.hpp"
 #include "icinga/hostgroup.hpp"
diff --git a/lib/livestatus/hostgroupstable.hpp b/lib/livestatus/hostgroupstable.hpp
index 91d2847a1..cc5039fac 100644
--- a/lib/livestatus/hostgroupstable.hpp
+++ b/lib/livestatus/hostgroupstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HOSTGROUPSTABLE_H
 #define HOSTGROUPSTABLE_H
diff --git a/lib/livestatus/hoststable.cpp b/lib/livestatus/hoststable.cpp
index d46b88535..9ecc45a40 100644
--- a/lib/livestatus/hoststable.cpp
+++ b/lib/livestatus/hoststable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/hoststable.hpp"
 #include "livestatus/hostgroupstable.hpp"
@@ -35,7 +18,6 @@
 #include "base/json.hpp"
 #include "base/convert.hpp"
 #include "base/utility.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <boost/algorithm/string/replace.hpp>
 
 using namespace icinga;
@@ -789,7 +771,7 @@ Value HostsTable::CheckIntervalAccessor(const Value& row)
 	if (!host)
 		return Empty;
 
-	return host->GetCheckInterval() / 60.0;
+	return host->GetCheckInterval() / LIVESTATUS_INTERVAL_LENGTH;
 }
 
 Value HostsTable::RetryIntervalAccessor(const Value& row)
@@ -799,7 +781,7 @@ Value HostsTable::RetryIntervalAccessor(const Value& row)
 	if (!host)
 		return Empty;
 
-	return host->GetRetryInterval() / 60.0;
+	return host->GetRetryInterval() / LIVESTATUS_INTERVAL_LENGTH;
 }
 
 Value HostsTable::NotificationIntervalAccessor(const Value& row)
diff --git a/lib/livestatus/hoststable.hpp b/lib/livestatus/hoststable.hpp
index 9a08bec0c..9386183ce 100644
--- a/lib/livestatus/hoststable.hpp
+++ b/lib/livestatus/hoststable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HOSTSTABLE_H
 #define HOSTSTABLE_H
diff --git a/lib/livestatus/i2-livestatus.hpp b/lib/livestatus/i2-livestatus.hpp
index 7e7acf1fe..3375d9795 100644
--- a/lib/livestatus/i2-livestatus.hpp
+++ b/lib/livestatus/i2-livestatus.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2LIVESTATUS_H
 #define I2LIVESTATUS_H
diff --git a/lib/livestatus/invavgaggregator.cpp b/lib/livestatus/invavgaggregator.cpp
index 82ed69f70..33cf85cd7 100644
--- a/lib/livestatus/invavgaggregator.cpp
+++ b/lib/livestatus/invavgaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/invavgaggregator.hpp"
 
diff --git a/lib/livestatus/invavgaggregator.hpp b/lib/livestatus/invavgaggregator.hpp
index d8e43d6aa..9282b37de 100644
--- a/lib/livestatus/invavgaggregator.hpp
+++ b/lib/livestatus/invavgaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef INVAVGAGGREGATOR_H
 #define INVAVGAGGREGATOR_H
diff --git a/lib/livestatus/invsumaggregator.cpp b/lib/livestatus/invsumaggregator.cpp
index dc6eac69c..c955667fc 100644
--- a/lib/livestatus/invsumaggregator.cpp
+++ b/lib/livestatus/invsumaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/invsumaggregator.hpp"
 
diff --git a/lib/livestatus/invsumaggregator.hpp b/lib/livestatus/invsumaggregator.hpp
index 709928fd1..f7de7be82 100644
--- a/lib/livestatus/invsumaggregator.hpp
+++ b/lib/livestatus/invsumaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef INVSUMAGGREGATOR_H
 #define INVSUMAGGREGATOR_H
diff --git a/lib/livestatus/livestatuslistener.cpp b/lib/livestatus/livestatuslistener.cpp
index 31cdebf4c..8344a187e 100644
--- a/lib/livestatus/livestatuslistener.cpp
+++ b/lib/livestatus/livestatuslistener.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/livestatuslistener.hpp"
 #include "livestatus/livestatuslistener-ti.cpp"
diff --git a/lib/livestatus/livestatuslistener.hpp b/lib/livestatus/livestatuslistener.hpp
index 56fd96c65..dc739f6f1 100644
--- a/lib/livestatus/livestatuslistener.hpp
+++ b/lib/livestatus/livestatuslistener.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LIVESTATUSLISTENER_H
 #define LIVESTATUSLISTENER_H
diff --git a/lib/livestatus/livestatuslistener.ti b/lib/livestatus/livestatuslistener.ti
index 0742a6fb5..31482cff1 100644
--- a/lib/livestatus/livestatuslistener.ti
+++ b/lib/livestatus/livestatuslistener.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/application.hpp"
@@ -32,7 +15,7 @@ class LivestatusListener : ConfigObject {
 		default {{{ return "unix"; }}}
 	};
 	[config] String socket_path {
-		default {{{ return Application::GetRunDir() + "/icinga2/cmd/livestatus"; }}}
+		default {{{ return Configuration::InitRunDir + "/cmd/livestatus"; }}}
 	};
 	[config] String bind_host {
 		default {{{ return "127.0.0.1"; }}}
@@ -41,7 +24,7 @@ class LivestatusListener : ConfigObject {
 		default {{{ return "6558"; }}}
 	};
 	[config] String compat_log_path {
-		default {{{ return Application::GetLocalStateDir() + "/log/icinga2/compat"; }}}
+		default {{{ return Configuration::LogDir + "/compat"; }}}
 	};
 };
 
diff --git a/lib/livestatus/livestatuslogutility.cpp b/lib/livestatus/livestatuslogutility.cpp
index 91db16253..f598d5852 100644
--- a/lib/livestatus/livestatuslogutility.cpp
+++ b/lib/livestatus/livestatuslogutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/livestatuslogutility.hpp"
 #include "icinga/service.hpp"
@@ -27,7 +10,6 @@
 #include "base/utility.hpp"
 #include "base/convert.hpp"
 #include "base/logger.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/algorithm/string/replace.hpp>
 #include <boost/algorithm/string/predicate.hpp>
diff --git a/lib/livestatus/livestatuslogutility.hpp b/lib/livestatus/livestatuslogutility.hpp
index c2d934433..66d11548f 100644
--- a/lib/livestatus/livestatuslogutility.hpp
+++ b/lib/livestatus/livestatuslogutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LIVESTATUSLOGUTILITY_H
 #define LIVESTATUSLOGUTILITY_H
diff --git a/lib/livestatus/livestatusquery.cpp b/lib/livestatus/livestatusquery.cpp
index 376176918..04d01f51f 100644
--- a/lib/livestatus/livestatusquery.cpp
+++ b/lib/livestatus/livestatusquery.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/livestatusquery.hpp"
 #include "livestatus/countaggregator.hpp"
diff --git a/lib/livestatus/livestatusquery.hpp b/lib/livestatus/livestatusquery.hpp
index d8583eb40..910cc162e 100644
--- a/lib/livestatus/livestatusquery.hpp
+++ b/lib/livestatus/livestatusquery.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LIVESTATUSQUERY_H
 #define LIVESTATUSQUERY_H
diff --git a/lib/livestatus/logtable.cpp b/lib/livestatus/logtable.cpp
index 034dbb770..ed21b722e 100644
--- a/lib/livestatus/logtable.cpp
+++ b/lib/livestatus/logtable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/logtable.hpp"
 #include "livestatus/livestatuslogutility.hpp"
@@ -36,7 +19,6 @@
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/objectlock.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/algorithm/string/replace.hpp>
 #include <boost/algorithm/string/predicate.hpp>
diff --git a/lib/livestatus/logtable.hpp b/lib/livestatus/logtable.hpp
index aab3e1f0e..33c2e33e1 100644
--- a/lib/livestatus/logtable.hpp
+++ b/lib/livestatus/logtable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef LOGTABLE_H
 #define LOGTABLE_H
diff --git a/lib/livestatus/maxaggregator.cpp b/lib/livestatus/maxaggregator.cpp
index a2265430b..375d24b60 100644
--- a/lib/livestatus/maxaggregator.cpp
+++ b/lib/livestatus/maxaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/maxaggregator.hpp"
 
diff --git a/lib/livestatus/maxaggregator.hpp b/lib/livestatus/maxaggregator.hpp
index 3207159f1..5bff5f964 100644
--- a/lib/livestatus/maxaggregator.hpp
+++ b/lib/livestatus/maxaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef MAXAGGREGATOR_H
 #define MAXAGGREGATOR_H
diff --git a/lib/livestatus/minaggregator.cpp b/lib/livestatus/minaggregator.cpp
index bf4390230..06cb76e22 100644
--- a/lib/livestatus/minaggregator.cpp
+++ b/lib/livestatus/minaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/minaggregator.hpp"
 
diff --git a/lib/livestatus/minaggregator.hpp b/lib/livestatus/minaggregator.hpp
index 76be4d10e..71a9d89a0 100644
--- a/lib/livestatus/minaggregator.hpp
+++ b/lib/livestatus/minaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef MINAGGREGATOR_H
 #define MINAGGREGATOR_H
diff --git a/lib/livestatus/negatefilter.cpp b/lib/livestatus/negatefilter.cpp
index 8a8f341c6..60202b4b1 100644
--- a/lib/livestatus/negatefilter.cpp
+++ b/lib/livestatus/negatefilter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/negatefilter.hpp"
 
diff --git a/lib/livestatus/negatefilter.hpp b/lib/livestatus/negatefilter.hpp
index 4a88f35e4..c08943ca8 100644
--- a/lib/livestatus/negatefilter.hpp
+++ b/lib/livestatus/negatefilter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NEGATEFILTER_H
 #define NEGATEFILTER_H
diff --git a/lib/livestatus/orfilter.cpp b/lib/livestatus/orfilter.cpp
index 14da7b7a2..6cc446cae 100644
--- a/lib/livestatus/orfilter.cpp
+++ b/lib/livestatus/orfilter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/orfilter.hpp"
 
diff --git a/lib/livestatus/orfilter.hpp b/lib/livestatus/orfilter.hpp
index d37f2e09f..df855c1a9 100644
--- a/lib/livestatus/orfilter.hpp
+++ b/lib/livestatus/orfilter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ORFILTER_H
 #define ORFILTER_H
diff --git a/lib/livestatus/servicegroupstable.cpp b/lib/livestatus/servicegroupstable.cpp
index 1d98bfd50..38d6d0502 100644
--- a/lib/livestatus/servicegroupstable.cpp
+++ b/lib/livestatus/servicegroupstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/servicegroupstable.hpp"
 #include "icinga/servicegroup.hpp"
diff --git a/lib/livestatus/servicegroupstable.hpp b/lib/livestatus/servicegroupstable.hpp
index 4f97f8a4e..b3c60c493 100644
--- a/lib/livestatus/servicegroupstable.hpp
+++ b/lib/livestatus/servicegroupstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SERVICEGROUPSTABLE_H
 #define SERVICEGROUPSTABLE_H
diff --git a/lib/livestatus/servicestable.cpp b/lib/livestatus/servicestable.cpp
index dce09bf57..e8906f71a 100644
--- a/lib/livestatus/servicestable.cpp
+++ b/lib/livestatus/servicestable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/servicestable.hpp"
 #include "livestatus/hoststable.hpp"
@@ -37,7 +20,6 @@
 #include "base/json.hpp"
 #include "base/convert.hpp"
 #include "base/utility.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <boost/algorithm/string/replace.hpp>
 
 using namespace icinga;
@@ -810,7 +792,7 @@ Value ServicesTable::CheckIntervalAccessor(const Value& row)
 	if (!service)
 		return Empty;
 
-	return service->GetCheckInterval() / 60.0;
+	return service->GetCheckInterval() / LIVESTATUS_INTERVAL_LENGTH;
 }
 
 Value ServicesTable::RetryIntervalAccessor(const Value& row)
@@ -820,7 +802,7 @@ Value ServicesTable::RetryIntervalAccessor(const Value& row)
 	if (!service)
 		return Empty;
 
-	return service->GetRetryInterval() / 60.0;
+	return service->GetRetryInterval() / LIVESTATUS_INTERVAL_LENGTH;
 }
 
 Value ServicesTable::NotificationIntervalAccessor(const Value& row)
diff --git a/lib/livestatus/servicestable.hpp b/lib/livestatus/servicestable.hpp
index 17ff49a3a..56d5ae541 100644
--- a/lib/livestatus/servicestable.hpp
+++ b/lib/livestatus/servicestable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SERVICESTABLE_H
 #define SERVICESTABLE_H
diff --git a/lib/livestatus/statehisttable.cpp b/lib/livestatus/statehisttable.cpp
index bb402580c..e68d45dd9 100644
--- a/lib/livestatus/statehisttable.cpp
+++ b/lib/livestatus/statehisttable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/statehisttable.hpp"
 #include "livestatus/livestatuslogutility.hpp"
@@ -36,7 +19,6 @@
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/objectlock.hpp"
-#include <boost/tuple/tuple.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/algorithm/string/replace.hpp>
 #include <boost/algorithm/string/predicate.hpp>
diff --git a/lib/livestatus/statehisttable.hpp b/lib/livestatus/statehisttable.hpp
index 5ef4027e7..9233fd559 100644
--- a/lib/livestatus/statehisttable.hpp
+++ b/lib/livestatus/statehisttable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STATEHISTTABLE_H
 #define STATEHISTTABLE_H
diff --git a/lib/livestatus/statustable.cpp b/lib/livestatus/statustable.cpp
index ec0b62103..f6a6daf16 100644
--- a/lib/livestatus/statustable.cpp
+++ b/lib/livestatus/statustable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/statustable.hpp"
 #include "livestatus/livestatuslistener.hpp"
@@ -84,7 +67,7 @@ void StatusTable::AddColumns(Table *table, const String& prefix,
 	table->AddColumn(prefix + "program_start", Column(&StatusTable::ProgramStartAccessor, objectAccessor));
 	table->AddColumn(prefix + "last_command_check", Column(&Table::ZeroAccessor, objectAccessor));
 	table->AddColumn(prefix + "last_log_rotation", Column(&Table::ZeroAccessor, objectAccessor));
-	table->AddColumn(prefix + "interval_length", Column(&Table::ZeroAccessor, objectAccessor));
+	table->AddColumn(prefix + "interval_length", Column(&StatusTable::IntervalLengthAccessor, objectAccessor));
 	table->AddColumn(prefix + "num_hosts", Column(&StatusTable::NumHostsAccessor, objectAccessor));
 	table->AddColumn(prefix + "num_services", Column(&StatusTable::NumServicesAccessor, objectAccessor));
 	table->AddColumn(prefix + "program_version", Column(&StatusTable::ProgramVersionAccessor, objectAccessor));
@@ -204,6 +187,11 @@ Value StatusTable::ProgramStartAccessor(const Value&)
 	return static_cast<long>(Application::GetStartTime());
 }
 
+Value StatusTable::IntervalLengthAccessor(const Value&)
+{
+	return LIVESTATUS_INTERVAL_LENGTH;
+}
+
 Value StatusTable::NumHostsAccessor(const Value&)
 {
 	return ConfigType::Get<Host>()->GetObjectCount();
diff --git a/lib/livestatus/statustable.hpp b/lib/livestatus/statustable.hpp
index 9edc9e3b8..2fba249ef 100644
--- a/lib/livestatus/statustable.hpp
+++ b/lib/livestatus/statustable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STATUSTABLE_H
 #define STATUSTABLE_H
@@ -62,6 +45,7 @@ protected:
 	static Value EnableFlapDetectionAccessor(const Value& row);
 	static Value ProcessPerformanceDataAccessor(const Value& row);
 	static Value ProgramStartAccessor(const Value& row);
+	static Value IntervalLengthAccessor(const Value& row);
 	static Value NumHostsAccessor(const Value& row);
 	static Value NumServicesAccessor(const Value& row);
 	static Value ProgramVersionAccessor(const Value& row);
diff --git a/lib/livestatus/stdaggregator.cpp b/lib/livestatus/stdaggregator.cpp
index 8d3876e02..99c3a8e65 100644
--- a/lib/livestatus/stdaggregator.cpp
+++ b/lib/livestatus/stdaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/stdaggregator.hpp"
 #include <math.h>
diff --git a/lib/livestatus/stdaggregator.hpp b/lib/livestatus/stdaggregator.hpp
index e7b0509eb..3680fe734 100644
--- a/lib/livestatus/stdaggregator.hpp
+++ b/lib/livestatus/stdaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STDAGGREGATOR_H
 #define STDAGGREGATOR_H
diff --git a/lib/livestatus/sumaggregator.cpp b/lib/livestatus/sumaggregator.cpp
index 50d124f05..fc4b62e24 100644
--- a/lib/livestatus/sumaggregator.cpp
+++ b/lib/livestatus/sumaggregator.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/sumaggregator.hpp"
 
diff --git a/lib/livestatus/sumaggregator.hpp b/lib/livestatus/sumaggregator.hpp
index 030d15761..23f22fb71 100644
--- a/lib/livestatus/sumaggregator.hpp
+++ b/lib/livestatus/sumaggregator.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef SUMAGGREGATOR_H
 #define SUMAGGREGATOR_H
diff --git a/lib/livestatus/table.cpp b/lib/livestatus/table.cpp
index c1990f274..ac8d1745c 100644
--- a/lib/livestatus/table.cpp
+++ b/lib/livestatus/table.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/table.hpp"
 #include "livestatus/statustable.hpp"
@@ -37,7 +20,6 @@
 #include "base/array.hpp"
 #include "base/dictionary.hpp"
 #include <boost/algorithm/string/case_conv.hpp>
-#include <boost/tuple/tuple.hpp>
 
 using namespace icinga;
 
diff --git a/lib/livestatus/table.hpp b/lib/livestatus/table.hpp
index 5a3094e05..fa3fc2a65 100644
--- a/lib/livestatus/table.hpp
+++ b/lib/livestatus/table.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TABLE_H
 #define TABLE_H
@@ -29,6 +12,9 @@
 namespace icinga
 {
 
+// Well, don't ask.
+#define LIVESTATUS_INTERVAL_LENGTH 60.0
+
 struct LivestatusRowValue {
 	Value Row;
 	LivestatusGroupByType GroupByType;
diff --git a/lib/livestatus/timeperiodstable.cpp b/lib/livestatus/timeperiodstable.cpp
index bb1329511..5797d93ee 100644
--- a/lib/livestatus/timeperiodstable.cpp
+++ b/lib/livestatus/timeperiodstable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/timeperiodstable.hpp"
 #include "icinga/icingaapplication.hpp"
diff --git a/lib/livestatus/timeperiodstable.hpp b/lib/livestatus/timeperiodstable.hpp
index ee05cc4e3..31cef93dc 100644
--- a/lib/livestatus/timeperiodstable.hpp
+++ b/lib/livestatus/timeperiodstable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TIMEPERIODSTABLE_H
 #define TIMEPERIODSTABLE_H
diff --git a/lib/livestatus/zonestable.cpp b/lib/livestatus/zonestable.cpp
index b755862be..d86cc7256 100644
--- a/lib/livestatus/zonestable.cpp
+++ b/lib/livestatus/zonestable.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/zonestable.hpp"
 #include "remote/zone.hpp"
diff --git a/lib/livestatus/zonestable.hpp b/lib/livestatus/zonestable.hpp
index 7c223da48..fb03488fb 100644
--- a/lib/livestatus/zonestable.hpp
+++ b/lib/livestatus/zonestable.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ZONESTABLE_H
 #define ZONESTABLE_H
diff --git a/lib/methods/CMakeLists.txt b/lib/methods/CMakeLists.txt
index 353189369..9fde9fddb 100644
--- a/lib/methods/CMakeLists.txt
+++ b/lib/methods/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkembedconfig_target(methods-itl.conf methods-itl.cpp)
 
@@ -31,6 +16,7 @@ set(methods_SOURCES
   pluginnotificationtask.cpp pluginnotificationtask.hpp
   randomchecktask.cpp randomchecktask.hpp
   timeperiodtask.cpp timeperiodtask.hpp
+  sleepchecktask.cpp sleepchecktask.hpp
 )
 
 if(ICINGA2_UNITY_BUILD)
diff --git a/lib/methods/clusterchecktask.cpp b/lib/methods/clusterchecktask.cpp
index 7473eb1ad..a9be0414d 100644
--- a/lib/methods/clusterchecktask.cpp
+++ b/lib/methods/clusterchecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/clusterchecktask.hpp"
 #include "remote/apilistener.hpp"
@@ -23,6 +6,7 @@
 #include "icinga/cib.hpp"
 #include "icinga/service.hpp"
 #include "icinga/icingaapplication.hpp"
+#include "icinga/checkcommand.hpp"
 #include "base/application.hpp"
 #include "base/objectlock.hpp"
 #include "base/convert.hpp"
@@ -33,7 +17,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, ClusterCheck, &ClusterCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, ClusterCheck, &ClusterCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void ClusterCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -44,6 +28,9 @@ void ClusterCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRe
 	if (resolvedMacros && !useResolvedMacros)
 		return;
 
+	CheckCommand::Ptr command = checkable->GetCheckCommand();
+	cr->SetCommand(command->GetName());
+
 	ApiListener::Ptr listener = ApiListener::GetInstance();
 
 	if (!listener) {
diff --git a/lib/methods/clusterchecktask.hpp b/lib/methods/clusterchecktask.hpp
index ecdf5d6db..16ee8a53c 100644
--- a/lib/methods/clusterchecktask.hpp
+++ b/lib/methods/clusterchecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CLUSTERCHECKTASK_H
 #define CLUSTERCHECKTASK_H
diff --git a/lib/methods/clusterzonechecktask.cpp b/lib/methods/clusterzonechecktask.cpp
index 76a6fb2b2..c955b7dd9 100644
--- a/lib/methods/clusterzonechecktask.cpp
+++ b/lib/methods/clusterzonechecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/clusterzonechecktask.hpp"
 #include "icinga/checkcommand.hpp"
@@ -29,7 +12,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, ClusterZoneCheck, &ClusterZoneCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, ClusterZoneCheck, &ClusterZoneCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void ClusterZoneCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -46,8 +29,8 @@ void ClusterZoneCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const Che
 		return;
 	}
 
-	CheckCommand::Ptr commandObj = checkable->GetCheckCommand();
-	Value raw_command = commandObj->GetCommandLine();
+	CheckCommand::Ptr command = checkable->GetCheckCommand();
+	Value raw_command = command->GetCommandLine();
 
 	Host::Ptr host;
 	Service::Ptr service;
@@ -57,7 +40,7 @@ void ClusterZoneCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const Che
 	if (service)
 		resolvers.emplace_back("service", service);
 	resolvers.emplace_back("host", host);
-	resolvers.emplace_back("command", commandObj);
+	resolvers.emplace_back("command", command);
 	resolvers.emplace_back("icinga", IcingaApplication::GetInstance());
 
 	String zoneName = MacroProcessor::ResolveMacros("$cluster_zone$", resolvers, checkable->GetLastCheckResult(),
@@ -75,6 +58,8 @@ void ClusterZoneCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const Che
 	if (resolvedMacros && !useResolvedMacros)
 		return;
 
+	cr->SetCommand(command->GetName());
+
 	if (zoneName.IsEmpty()) {
 		cr->SetOutput("Macro 'cluster_zone' must be set.");
 		cr->SetState(ServiceUnknown);
@@ -122,23 +107,23 @@ void ClusterZoneCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const Che
 		bytesReceivedPerSecond += endpoint->GetBytesReceivedPerSecond();
 	}
 
-	if (!connected) {
-		cr->SetState(ServiceCritical);
-		cr->SetOutput("Zone '" + zoneName + "' is not connected. Log lag: " + Utility::FormatDuration(zoneLag));
-	} else {
+	if (connected) {
 		cr->SetState(ServiceOK);
 		cr->SetOutput("Zone '" + zoneName + "' is connected. Log lag: " + Utility::FormatDuration(zoneLag));
-	}
 
-	/* Check whether the thresholds have been resolved and compare them */
-	if (missingLagCritical.IsEmpty() && zoneLag > lagCritical) {
+		/* Check whether the thresholds have been resolved and compare them */
+		if (missingLagCritical.IsEmpty() && zoneLag > lagCritical) {
+			cr->SetState(ServiceCritical);
+			cr->SetOutput("Zone '" + zoneName + "' is connected. Log lag: " + Utility::FormatDuration(zoneLag)
+				+ " greater than critical threshold: " + Utility::FormatDuration(lagCritical));
+		} else if (missingLagWarning.IsEmpty() && zoneLag > lagWarning) {
+			cr->SetState(ServiceWarning);
+			cr->SetOutput("Zone '" + zoneName + "' is connected. Log lag: " + Utility::FormatDuration(zoneLag)
+				+ " greater than warning threshold: " + Utility::FormatDuration(lagWarning));
+		}
+	} else {
 		cr->SetState(ServiceCritical);
-		cr->SetOutput("Zone '" + zoneName + "' is connected. Log lag: " + Utility::FormatDuration(zoneLag)
-			+ " greater than critical threshold: " + Utility::FormatDuration(lagCritical));
-	} else if (missingLagWarning.IsEmpty() && zoneLag > lagWarning) {
-		cr->SetState(ServiceWarning);
-		cr->SetOutput("Zone '" + zoneName + "' is connected. Log lag: " + Utility::FormatDuration(zoneLag)
-			+ " greater than warning threshold: " + Utility::FormatDuration(lagWarning));
+		cr->SetOutput("Zone '" + zoneName + "' is not connected. Log lag: " + Utility::FormatDuration(zoneLag));
 	}
 
 	cr->SetPerformanceData(new Array({
diff --git a/lib/methods/clusterzonechecktask.hpp b/lib/methods/clusterzonechecktask.hpp
index d3c2f392b..2af442c4c 100644
--- a/lib/methods/clusterzonechecktask.hpp
+++ b/lib/methods/clusterzonechecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CLUSTERZONECHECKTASK_H
 #define CLUSTERZONECHECKTASK_H
diff --git a/lib/methods/dummychecktask.cpp b/lib/methods/dummychecktask.cpp
index 516cc23ea..e42754f31 100644
--- a/lib/methods/dummychecktask.cpp
+++ b/lib/methods/dummychecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef _WIN32
 #	include <stdlib.h>
@@ -31,7 +14,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, DummyCheck, &DummyCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, DummyCheck, &DummyCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void DummyCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -39,7 +22,7 @@ void DummyCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResu
 	REQUIRE_NOT_NULL(checkable);
 	REQUIRE_NOT_NULL(cr);
 
-	CheckCommand::Ptr commandObj = checkable->GetCheckCommand();
+	CheckCommand::Ptr command = checkable->GetCheckCommand();
 
 	Host::Ptr host;
 	Service::Ptr service;
@@ -49,7 +32,7 @@ void DummyCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResu
 	if (service)
 		resolvers.emplace_back("service", service);
 	resolvers.emplace_back("host", host);
-	resolvers.emplace_back("command", commandObj);
+	resolvers.emplace_back("command", command);
 	resolvers.emplace_back("icinga", IcingaApplication::GetInstance());
 
 	int dummyState = MacroProcessor::ResolveMacros("$dummy_state$", resolvers, checkable->GetLastCheckResult(),
@@ -72,6 +55,7 @@ void DummyCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResu
 	cr->SetExitStatus(dummyState);
 	cr->SetExecutionStart(now);
 	cr->SetExecutionEnd(now);
+	cr->SetCommand(command->GetName());
 
 	checkable->ProcessCheckResult(cr);
 }
diff --git a/lib/methods/dummychecktask.hpp b/lib/methods/dummychecktask.hpp
index 83fd476cf..621bbfb9f 100644
--- a/lib/methods/dummychecktask.hpp
+++ b/lib/methods/dummychecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DUMMYCHECKTASK_H
 #define DUMMYCHECKTASK_H
diff --git a/lib/methods/exceptionchecktask.cpp b/lib/methods/exceptionchecktask.cpp
index cb5ce76df..5ce3a9262 100644
--- a/lib/methods/exceptionchecktask.cpp
+++ b/lib/methods/exceptionchecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef _WIN32
 #	include <stdlib.h>
@@ -29,7 +12,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, ExceptionCheck, &ExceptionCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, ExceptionCheck, &ExceptionCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void ExceptionCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
diff --git a/lib/methods/exceptionchecktask.hpp b/lib/methods/exceptionchecktask.hpp
index 99fc0a5c2..09db1045f 100644
--- a/lib/methods/exceptionchecktask.hpp
+++ b/lib/methods/exceptionchecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EXCEPTIONCHECKTASK_H
 #define EXCEPTIONCHECKTASK_H
diff --git a/lib/methods/i2-methods.hpp b/lib/methods/i2-methods.hpp
index e3543bb04..ffd800259 100644
--- a/lib/methods/i2-methods.hpp
+++ b/lib/methods/i2-methods.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2METHODS_H
 #define I2METHODS_H
diff --git a/lib/methods/icingachecktask.cpp b/lib/methods/icingachecktask.cpp
index 3f4d299da..3f46fba81 100644
--- a/lib/methods/icingachecktask.cpp
+++ b/lib/methods/icingachecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/icingachecktask.hpp"
 #include "icinga/cib.hpp"
@@ -25,6 +8,7 @@
 #include "icinga/icingaapplication.hpp"
 #include "icinga/clusterevents.hpp"
 #include "icinga/checkable.hpp"
+#include "remote/apilistener.hpp"
 #include "base/application.hpp"
 #include "base/objectlock.hpp"
 #include "base/utility.hpp"
@@ -34,7 +18,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, IcingaCheck, &IcingaCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, IcingaCheck, &IcingaCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void IcingaCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -42,7 +26,7 @@ void IcingaCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 	REQUIRE_NOT_NULL(checkable);
 	REQUIRE_NOT_NULL(cr);
 
-	CheckCommand::Ptr commandObj = checkable->GetCheckCommand();
+	CheckCommand::Ptr command = checkable->GetCheckCommand();
 
 	Host::Ptr host;
 	Service::Ptr service;
@@ -52,7 +36,7 @@ void IcingaCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 	if (service)
 		resolvers.emplace_back("service", service);
 	resolvers.emplace_back("host", host);
-	resolvers.emplace_back("command", commandObj);
+	resolvers.emplace_back("command", command);
 	resolvers.emplace_back("icinga", IcingaApplication::GetInstance());
 
 	String missingIcingaMinVersion;
@@ -91,7 +75,8 @@ void IcingaCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 	perfdata->Add(new PerfdataValue("active_service_checks_15min", CIB::GetActiveServiceChecksStatistics(60 * 15)));
 	perfdata->Add(new PerfdataValue("passive_service_checks_15min", CIB::GetPassiveServiceChecksStatistics(60 * 15)));
 
-	perfdata->Add(new PerfdataValue("current_concurrent_checks", Checkable::GetPendingChecks()));
+	perfdata->Add(new PerfdataValue("current_pending_callbacks", Application::GetTP().GetPending()));
+	perfdata->Add(new PerfdataValue("current_concurrent_checks", Checkable::CurrentConcurrentChecks.load()));
 	perfdata->Add(new PerfdataValue("remote_check_queue", ClusterEvents::GetCheckRequestQueueSize()));
 
 	CheckableCheckStatistics scs = CIB::CalculateServiceCheckStats();
@@ -114,6 +99,8 @@ void IcingaCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 	perfdata->Add(new PerfdataValue("num_services_flapping", ss.services_flapping));
 	perfdata->Add(new PerfdataValue("num_services_in_downtime", ss.services_in_downtime));
 	perfdata->Add(new PerfdataValue("num_services_acknowledged", ss.services_acknowledged));
+	perfdata->Add(new PerfdataValue("num_services_handled", ss.services_handled));
+	perfdata->Add(new PerfdataValue("num_services_problem", ss.services_problem));
 
 	double uptime = Utility::GetTime() - Application::GetStartTime();
 	perfdata->Add(new PerfdataValue("uptime", uptime));
@@ -127,6 +114,8 @@ void IcingaCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 	perfdata->Add(new PerfdataValue("num_hosts_flapping", hs.hosts_flapping));
 	perfdata->Add(new PerfdataValue("num_hosts_in_downtime", hs.hosts_in_downtime));
 	perfdata->Add(new PerfdataValue("num_hosts_acknowledged", hs.hosts_acknowledged));
+	perfdata->Add(new PerfdataValue("num_hosts_handled", hs.hosts_handled));
+	perfdata->Add(new PerfdataValue("num_hosts_problem", hs.hosts_problem));
 
 	std::vector<Endpoint::Ptr> endpoints = ConfigType::GetObjectsByType<Endpoint>();
 
@@ -174,15 +163,30 @@ void IcingaCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 		cr->SetState(ServiceWarning);
 	}
 
-	/* Return an error if the version is less than specified (optional). */
-	String parsedAppVersion = appVersion.SubStr(1,5);
+	/* Indicate a warning when the last synced config caused a stage validation error. */
+	ApiListener::Ptr listener = ApiListener::GetInstance();
 
+	if (listener) {
+		Dictionary::Ptr validationResult = listener->GetLastFailedZonesStageValidation();
+
+		if (validationResult) {
+			output += "; Last zone sync stage validation failed at "
+				+ Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", validationResult->Get("ts"));
+
+			cr->SetState(ServiceWarning);
+		}
+	}
+
+	String parsedAppVersion = Utility::ParseVersion(appVersion);
+
+	/* Return an error if the version is less than specified (optional). */
 	if (missingIcingaMinVersion.IsEmpty() && !icingaMinVersion.IsEmpty() && Utility::CompareVersion(icingaMinVersion, parsedAppVersion) < 0) {
 		output += "; Minimum version " + icingaMinVersion + " is not installed.";
 		cr->SetState(ServiceCritical);
 	}
 
 	cr->SetOutput(output);
+	cr->SetCommand(command->GetName());
 
 	checkable->ProcessCheckResult(cr);
 }
diff --git a/lib/methods/icingachecktask.hpp b/lib/methods/icingachecktask.hpp
index 24f9f232f..93def628d 100644
--- a/lib/methods/icingachecktask.hpp
+++ b/lib/methods/icingachecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ICINGACHECKTASK_H
 #define ICINGACHECKTASK_H
diff --git a/lib/methods/methods-itl.conf b/lib/methods/methods-itl.conf
index a45439ccd..f9126f7ca 100644
--- a/lib/methods/methods-itl.conf
+++ b/lib/methods/methods-itl.conf
@@ -1,85 +1,64 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 System.assert(Internal.run_with_activation_context(function() {
-	var _Internal = Internal.clone()
-
-	template CheckCommand "icinga-check-command" use (_Internal) {
-		execute = _Internal.IcingaCheck
+	template CheckCommand "icinga-check-command" use (IcingaCheck = Internal.IcingaCheck) {
+		execute = IcingaCheck
 
 		vars.icinga_min_version = ""
 	}
 
-	template CheckCommand "cluster-check-command" use (_Internal) {
-		execute = _Internal.ClusterCheck
+	template CheckCommand "cluster-check-command" use (ClusterCheck = Internal.ClusterCheck) {
+		execute = ClusterCheck
 	}
 
-	template CheckCommand "cluster-zone-check-command" use (_Internal) {
-		execute = _Internal.ClusterZoneCheck
+	template CheckCommand "cluster-zone-check-command" use (ClusterZoneCheck = Internal.ClusterZoneCheck) {
+		execute = ClusterZoneCheck
 	}
 
-	template CheckCommand "plugin-check-command" use (_Internal) default {
-		execute = _Internal.PluginCheck
+	template CheckCommand "plugin-check-command" use (PluginCheck = Internal.PluginCheck) default {
+		execute = PluginCheck
 	}
 
-	template CheckCommand "clr-check-command" use (_Internal) {
-		if (_Internal.ClrCheck) {
-			execute = _Internal.ClrCheck
-		} else {
-			execute = _Internal.NullCheck
-		}
+	template NotificationCommand "plugin-notification-command" use (PluginNotification = Internal.PluginNotification) default {
+		execute = PluginNotification
 	}
 
-	template NotificationCommand "plugin-notification-command" use (_Internal) default {
-		execute = _Internal.PluginNotification
+	template EventCommand "plugin-event-command" use (PluginEvent = Internal.PluginEvent) default {
+		execute = PluginEvent
 	}
 
-	template EventCommand "plugin-event-command" use (_Internal) default {
-		execute = _Internal.PluginEvent
+	template CheckCommand "dummy-check-command" use (DummyCheck = Internal.DummyCheck) {
+		execute = DummyCheck
 	}
 
-	template CheckCommand "dummy-check-command" use (_Internal) {
-		execute = _Internal.DummyCheck
+	template CheckCommand "random-check-command" use (RandomCheck = Internal.RandomCheck) {
+		execute = RandomCheck
 	}
 
-	template CheckCommand "random-check-command" use (_Internal) {
-		execute = _Internal.RandomCheck
+	template CheckCommand "exception-check-command" use (ExceptionCheck = Internal.ExceptionCheck) {
+		execute = ExceptionCheck
 	}
 
-	template CheckCommand "exception-check-command" use (_Internal) {
-		execute = _Internal.ExceptionCheck
+	template CheckCommand "null-check-command" use (NullCheck = Internal.NullCheck) {
+		execute = NullCheck
 	}
 
-	template CheckCommand "null-check-command" use (_Internal) {
-		execute = _Internal.NullCheck
+	template EventCommand "null-event-command" use (NullEvent = Internal.NullEvent) {
+		execute = NullEvent
 	}
 
-	template EventCommand "null-event-command" use (_Internal) {
-		execute = _Internal.NullEvent
+	template TimePeriod "empty-timeperiod" use (EmptyTimePeriod = Internal.EmptyTimePeriod) {
+		update = EmptyTimePeriod
 	}
 
-	template TimePeriod "empty-timeperiod" use (_Internal) {
-		update = _Internal.EmptyTimePeriod
+	template TimePeriod "even-minutes-timeperiod" use (EvenMinutesTimePeriod = Internal.EvenMinutesTimePeriod) {
+		update = EvenMinutesTimePeriod
 	}
 
-	template TimePeriod "even-minutes-timeperiod" use (_Internal) {
-		update = _Internal.EvenMinutesTimePeriod
+	template CheckCommand "sleep-check-command" use (SleepCheck = Internal.SleepCheck) {
+	    execute = SleepCheck
+
+	    vars.sleep_time = 1s
 	}
 }))
 
@@ -97,7 +76,8 @@ var methods = [
 	"NullCheck",
 	"NullEvent",
 	"EmptyTimePeriod",
-	"EvenMinutesTimePeriod"
+	"EvenMinutesTimePeriod",
+	"SleepCheck"
 ]
 
 for (method in methods) {
diff --git a/lib/methods/nullchecktask.cpp b/lib/methods/nullchecktask.cpp
index df99c338e..b56087b2e 100644
--- a/lib/methods/nullchecktask.cpp
+++ b/lib/methods/nullchecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef _WIN32
 #	include <stdlib.h>
@@ -30,7 +13,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, NullCheck, &NullCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, NullCheck, &NullCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void NullCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
diff --git a/lib/methods/nullchecktask.hpp b/lib/methods/nullchecktask.hpp
index cf41c3e75..954cf8d61 100644
--- a/lib/methods/nullchecktask.hpp
+++ b/lib/methods/nullchecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NULLCHECKTASK_H
 #define NULLCHECKTASK_H
diff --git a/lib/methods/nulleventtask.cpp b/lib/methods/nulleventtask.cpp
index e515d31e8..0755a4d01 100644
--- a/lib/methods/nulleventtask.cpp
+++ b/lib/methods/nulleventtask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/nulleventtask.hpp"
 #include "base/function.hpp"
@@ -23,7 +6,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, NullEvent, &NullEventTask::ScriptFunc, "checkable:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, NullEvent, &NullEventTask::ScriptFunc, "checkable:resolvedMacros:useResolvedMacros");
 
 void NullEventTask::ScriptFunc(const Checkable::Ptr& checkable, const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
 {
diff --git a/lib/methods/nulleventtask.hpp b/lib/methods/nulleventtask.hpp
index aac040a6f..153470f3e 100644
--- a/lib/methods/nulleventtask.hpp
+++ b/lib/methods/nulleventtask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NULLEVENTTASK_H
 #define NULLEVENTTASK_H
diff --git a/lib/methods/pluginchecktask.cpp b/lib/methods/pluginchecktask.cpp
index b98eec4a7..212d7447c 100644
--- a/lib/methods/pluginchecktask.cpp
+++ b/lib/methods/pluginchecktask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/pluginchecktask.hpp"
 #include "icinga/pluginutility.hpp"
@@ -31,7 +14,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, PluginCheck,  &PluginCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, PluginCheck,  &PluginCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void PluginCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -52,16 +35,24 @@ void PluginCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 	resolvers.emplace_back("command", commandObj);
 	resolvers.emplace_back("icinga", IcingaApplication::GetInstance());
 
+	int timeout = commandObj->GetTimeout();
+
+	if (!checkable->GetCheckTimeout().IsEmpty())
+		timeout = checkable->GetCheckTimeout();
+
 	PluginUtility::ExecuteCommand(commandObj, checkable, checkable->GetLastCheckResult(),
-		resolvers, resolvedMacros, useResolvedMacros,
+		resolvers, resolvedMacros, useResolvedMacros, timeout,
 		std::bind(&PluginCheckTask::ProcessFinishedHandler, checkable, cr, _1, _2));
 
-	if (!resolvedMacros || useResolvedMacros)
+	if (!resolvedMacros || useResolvedMacros) {
+		Checkable::CurrentConcurrentChecks.fetch_add(1);
 		Checkable::IncreasePendingChecks();
+	}
 }
 
 void PluginCheckTask::ProcessFinishedHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, const Value& commandLine, const ProcessResult& pr)
 {
+	Checkable::CurrentConcurrentChecks.fetch_sub(1);
 	Checkable::DecreasePendingChecks();
 
 	if (pr.ExitStatus > 3) {
diff --git a/lib/methods/pluginchecktask.hpp b/lib/methods/pluginchecktask.hpp
index 19c10b4ff..a4fc3a385 100644
--- a/lib/methods/pluginchecktask.hpp
+++ b/lib/methods/pluginchecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PLUGINCHECKTASK_H
 #define PLUGINCHECKTASK_H
diff --git a/lib/methods/plugineventtask.cpp b/lib/methods/plugineventtask.cpp
index 11774c7e2..b2bb466b8 100644
--- a/lib/methods/plugineventtask.cpp
+++ b/lib/methods/plugineventtask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/plugineventtask.hpp"
 #include "icinga/eventcommand.hpp"
@@ -31,7 +14,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, PluginEvent, &PluginEventTask::ScriptFunc, "checkable:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, PluginEvent, &PluginEventTask::ScriptFunc, "checkable:resolvedMacros:useResolvedMacros");
 
 void PluginEventTask::ScriptFunc(const Checkable::Ptr& checkable,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -51,8 +34,10 @@ void PluginEventTask::ScriptFunc(const Checkable::Ptr& checkable,
 	resolvers.emplace_back("command", commandObj);
 	resolvers.emplace_back("icinga", IcingaApplication::GetInstance());
 
+	int timeout = commandObj->GetTimeout();
+
 	PluginUtility::ExecuteCommand(commandObj, checkable, checkable->GetLastCheckResult(),
-		resolvers, resolvedMacros, useResolvedMacros,
+		resolvers, resolvedMacros, useResolvedMacros, timeout,
 		std::bind(&PluginEventTask::ProcessFinishedHandler, checkable, _1, _2));
 }
 
diff --git a/lib/methods/plugineventtask.hpp b/lib/methods/plugineventtask.hpp
index 0739bd13f..8908a82d3 100644
--- a/lib/methods/plugineventtask.hpp
+++ b/lib/methods/plugineventtask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PLUGINEVENTTASK_H
 #define PLUGINEVENTTASK_H
diff --git a/lib/methods/pluginnotificationtask.cpp b/lib/methods/pluginnotificationtask.cpp
index c33d29e55..ab84e726a 100644
--- a/lib/methods/pluginnotificationtask.cpp
+++ b/lib/methods/pluginnotificationtask.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/pluginnotificationtask.hpp"
 #include "icinga/notification.hpp"
@@ -32,12 +15,12 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, PluginNotification, &PluginNotificationTask::ScriptFunc, "notification:user:cr:itype:author:comment:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, PluginNotification, &PluginNotificationTask::ScriptFunc, "notification:user:cr:nr:itype:author:comment:resolvedMacros:useResolvedMacros");
 
 void PluginNotificationTask::ScriptFunc(const Notification::Ptr& notification,
-	const User::Ptr& user, const CheckResult::Ptr& cr, int itype,
-	const String& author, const String& comment, const Dictionary::Ptr& resolvedMacros,
-	bool useResolvedMacros)
+	const User::Ptr& user, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
+	int itype, const String& author, const String& comment,
+	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
 {
 	REQUIRE_NOT_NULL(notification);
 	REQUIRE_NOT_NULL(user);
@@ -49,7 +32,7 @@ void PluginNotificationTask::ScriptFunc(const Notification::Ptr& notification,
 	Checkable::Ptr checkable = notification->GetCheckable();
 
 	Dictionary::Ptr notificationExtra = new Dictionary({
-		{ "type", Notification::NotificationTypeToString(type) },
+		{ "type", Notification::NotificationTypeToStringCompat(type) }, //TODO: Change that to our types.
 		{ "author", author },
 		{ "comment", comment }
 	});
@@ -68,18 +51,32 @@ void PluginNotificationTask::ScriptFunc(const Notification::Ptr& notification,
 	resolvers.emplace_back("command", commandObj);
 	resolvers.emplace_back("icinga", IcingaApplication::GetInstance());
 
+	int timeout = commandObj->GetTimeout();
+
 	PluginUtility::ExecuteCommand(commandObj, checkable, cr, resolvers,
-		resolvedMacros, useResolvedMacros,
-		std::bind(&PluginNotificationTask::ProcessFinishedHandler, checkable, _1, _2));
+		resolvedMacros, useResolvedMacros, timeout,
+		std::bind(&PluginNotificationTask::ProcessFinishedHandler, checkable, notification, nr, _1, _2));
 }
 
-void PluginNotificationTask::ProcessFinishedHandler(const Checkable::Ptr& checkable, const Value& commandLine, const ProcessResult& pr)
+void PluginNotificationTask::ProcessFinishedHandler(const Checkable::Ptr& checkable,
+	const Notification::Ptr& notification, const NotificationResult::Ptr& nr, const Value& commandLine, const ProcessResult& pr)
 {
 	if (pr.ExitStatus != 0) {
 		Process::Arguments parguments = Process::PrepareCommand(commandLine);
 		Log(LogWarning, "PluginNotificationTask")
-			<< "Notification command for object '" << checkable->GetName() << "' (PID: " << pr.PID
+			<< "Notification command for checkable '" << checkable->GetName()
+			<< "' and notification '" << notification->GetName() << "' (PID: " << pr.PID
 			<< ", arguments: " << Process::PrettyPrintArguments(parguments) << ") terminated with exit code "
 			<< pr.ExitStatus << ", output: " << pr.Output;
 	}
+
+	String output = pr.Output.Trim();
+
+	nr->SetCommand(commandLine);
+	nr->SetOutput(output);
+	nr->SetExitStatus(pr.ExitStatus);
+	nr->SetExecutionStart(pr.ExecutionStart);
+	nr->SetExecutionEnd(pr.ExecutionEnd);
+
+	notification->ProcessNotificationResult(nr);
 }
diff --git a/lib/methods/pluginnotificationtask.hpp b/lib/methods/pluginnotificationtask.hpp
index 3fe7db757..6a741b73b 100644
--- a/lib/methods/pluginnotificationtask.hpp
+++ b/lib/methods/pluginnotificationtask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PLUGINNOTIFICATIONTASK_H
 #define PLUGINNOTIFICATIONTASK_H
@@ -37,14 +20,15 @@ class PluginNotificationTask
 {
 public:
 	static void ScriptFunc(const Notification::Ptr& notification,
-		const User::Ptr& user, const CheckResult::Ptr& cr, int itype,
-		const String& author, const String& comment,
+		const User::Ptr& user, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
+		int itype, const String& author, const String& comment,
 		const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros);
 
 private:
 	PluginNotificationTask();
 
 	static void ProcessFinishedHandler(const Checkable::Ptr& checkable,
+		const Notification::Ptr& notification, const NotificationResult::Ptr& nr,
 		const Value& commandLine, const ProcessResult& pr);
 };
 
diff --git a/lib/methods/randomchecktask.cpp b/lib/methods/randomchecktask.cpp
index bdf2d54d4..ddda9879b 100644
--- a/lib/methods/randomchecktask.cpp
+++ b/lib/methods/randomchecktask.cpp
@@ -1,27 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef _WIN32
 #	include <stdlib.h>
 #endif /* _WIN32 */
 #include "methods/randomchecktask.hpp"
 #include "icinga/icingaapplication.hpp"
+#include "icinga/checkcommand.hpp"
 #include "base/utility.hpp"
 #include "base/perfdatavalue.hpp"
 #include "base/function.hpp"
@@ -29,7 +13,7 @@
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, RandomCheck, &RandomCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+REGISTER_FUNCTION_NONCONST(Internal, RandomCheck, &RandomCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
 
 void RandomCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
 	const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
@@ -61,5 +45,8 @@ void RandomCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes
 
 	cr->SetState(static_cast<ServiceState>(Utility::Random() % 4));
 
+	CheckCommand::Ptr command = checkable->GetCheckCommand();
+	cr->SetCommand(command->GetName());
+
 	checkable->ProcessCheckResult(cr);
 }
diff --git a/lib/methods/randomchecktask.hpp b/lib/methods/randomchecktask.hpp
index 29b67cda3..00ce663dc 100644
--- a/lib/methods/randomchecktask.hpp
+++ b/lib/methods/randomchecktask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef RANDOMCHECKTASK_H
 #define RANDOMCHECKTASK_H
diff --git a/lib/methods/sleepchecktask.cpp b/lib/methods/sleepchecktask.cpp
new file mode 100644
index 000000000..47f735c36
--- /dev/null
+++ b/lib/methods/sleepchecktask.cpp
@@ -0,0 +1,54 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "methods/sleepchecktask.hpp"
+#include "icinga/icingaapplication.hpp"
+#include "icinga/pluginutility.hpp"
+#include "base/utility.hpp"
+#include "base/convert.hpp"
+#include "base/function.hpp"
+#include "base/logger.hpp"
+
+using namespace icinga;
+
+REGISTER_FUNCTION_NONCONST(Internal, SleepCheck, &SleepCheckTask::ScriptFunc, "checkable:cr:resolvedMacros:useResolvedMacros");
+
+void SleepCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
+        const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros)
+{
+    REQUIRE_NOT_NULL(checkable);
+    REQUIRE_NOT_NULL(cr);
+
+    CheckCommand::Ptr commandObj = checkable->GetCheckCommand();
+
+    Host::Ptr host;
+    Service::Ptr service;
+    tie(host, service) = GetHostService(checkable);
+
+    MacroProcessor::ResolverList resolvers;
+    if (service)
+        resolvers.emplace_back("service", service);
+    resolvers.emplace_back("host", host);
+    resolvers.emplace_back("command", commandObj);
+    resolvers.emplace_back("icinga", IcingaApplication::GetInstance());
+
+    double sleepTime = MacroProcessor::ResolveMacros("$sleep_time$", resolvers, checkable->GetLastCheckResult(),
+            nullptr, MacroProcessor::EscapeCallback(), resolvedMacros, useResolvedMacros);
+
+    if (resolvedMacros && !useResolvedMacros)
+        return;
+
+    Utility::Sleep(sleepTime);
+
+    String output = "Slept for " + Convert::ToString(sleepTime) + " seconds.";
+
+    double now = Utility::GetTime();
+
+    cr->SetOutput(output);
+    cr->SetExecutionStart(now);
+    cr->SetExecutionEnd(now);
+
+    CheckCommand::Ptr command = checkable->GetCheckCommand();
+    cr->SetCommand(command->GetName());
+
+    checkable->ProcessCheckResult(cr);
+}
\ No newline at end of file
diff --git a/lib/methods/sleepchecktask.hpp b/lib/methods/sleepchecktask.hpp
new file mode 100644
index 000000000..b104f60da
--- /dev/null
+++ b/lib/methods/sleepchecktask.hpp
@@ -0,0 +1,30 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#ifndef SLEEPCHECKTASK_H
+#define SLEEPCHECKTASK_H
+
+#include "methods/i2-methods.hpp"
+#include "icinga/service.hpp"
+#include "base/dictionary.hpp"
+
+namespace icinga
+{
+
+/**
+ * Test class for additional check types. Implements the "sleep" check type.
+ *
+ * @ingroup methods
+ */
+class SleepCheckTask
+{
+public:
+    static void ScriptFunc(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr,
+            const Dictionary::Ptr& resolvedMacros, bool useResolvedMacros);
+
+private:
+    SleepCheckTask();
+};
+
+}
+
+#endif /* SLEEPCHECKTASK_H */
\ No newline at end of file
diff --git a/lib/methods/timeperiodtask.cpp b/lib/methods/timeperiodtask.cpp
index 152139e38..bb3f1bb00 100644
--- a/lib/methods/timeperiodtask.cpp
+++ b/lib/methods/timeperiodtask.cpp
@@ -1,29 +1,12 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "methods/timeperiodtask.hpp"
 #include "base/function.hpp"
 
 using namespace icinga;
 
-REGISTER_SCRIPTFUNCTION_NS(Internal, EmptyTimePeriod, &TimePeriodTask::EmptyTimePeriodUpdate, "tp:begin:end");
-REGISTER_SCRIPTFUNCTION_NS(Internal, EvenMinutesTimePeriod, &TimePeriodTask::EvenMinutesTimePeriodUpdate, "tp:begin:end");
+REGISTER_FUNCTION_NONCONST(Internal, EmptyTimePeriod, &TimePeriodTask::EmptyTimePeriodUpdate, "tp:begin:end");
+REGISTER_FUNCTION_NONCONST(Internal, EvenMinutesTimePeriod, &TimePeriodTask::EvenMinutesTimePeriodUpdate, "tp:begin:end");
 
 Array::Ptr TimePeriodTask::EmptyTimePeriodUpdate(const TimePeriod::Ptr& tp, double, double)
 {
diff --git a/lib/methods/timeperiodtask.hpp b/lib/methods/timeperiodtask.hpp
index 2bfe7eac4..0dff1c668 100644
--- a/lib/methods/timeperiodtask.hpp
+++ b/lib/methods/timeperiodtask.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TIMEPERIODTASK_H
 #define TIMEPERIODTASK_H
diff --git a/lib/mysql_shim/CMakeLists.txt b/lib/mysql_shim/CMakeLists.txt
index 1bc2db28f..fc7dbeec3 100644
--- a/lib/mysql_shim/CMakeLists.txt
+++ b/lib/mysql_shim/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 include_directories(${MYSQL_INCLUDE_DIR})
 
diff --git a/lib/mysql_shim/mysqlinterface.cpp b/lib/mysql_shim/mysqlinterface.cpp
index b9d9af1ab..aadefda47 100644
--- a/lib/mysql_shim/mysqlinterface.cpp
+++ b/lib/mysql_shim/mysqlinterface.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "mysql_shim/mysqlinterface.hpp"
 
@@ -109,7 +92,7 @@ struct MysqlInterfaceImpl final : public MysqlInterface
 		return mysql_real_escape_string(mysql, to, from, length);
 	}
 
-	my_bool ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher) const override
+	bool ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher) const override
 	{
 		return mysql_ssl_set(mysql, key, cert, ca, capath, cipher);
 	}
diff --git a/lib/mysql_shim/mysqlinterface.hpp b/lib/mysql_shim/mysqlinterface.hpp
index dc2b3f109..1ac63868c 100644
--- a/lib/mysql_shim/mysqlinterface.hpp
+++ b/lib/mysql_shim/mysqlinterface.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef MYSQLINTERFACE_H
 #define MYSQLINTERFACE_H
@@ -52,7 +35,7 @@ struct MysqlInterface
 	virtual MYSQL *real_connect(MYSQL *mysql, const char *host, const char *user, const char *passwd,
 		const char *db, unsigned int port, const char *unix_socket, unsigned long clientflag) const = 0;
 	virtual unsigned long real_escape_string(MYSQL *mysql, char *to, const char *from, unsigned long length) const = 0;
-	virtual my_bool ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher) const = 0;
+	virtual bool ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher) const = 0;
 	virtual MYSQL_RES *store_result(MYSQL *mysql) const = 0;
 	virtual unsigned int thread_safe() const = 0;
 
diff --git a/lib/notification/CMakeLists.txt b/lib/notification/CMakeLists.txt
index 6c5940b9a..783b4fae9 100644
--- a/lib/notification/CMakeLists.txt
+++ b/lib/notification/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(notificationcomponent.ti notificationcomponent-ti.cpp notificationcomponent-ti.hpp)
 
@@ -36,14 +21,14 @@ set_target_properties (
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/notification.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 if(NOT WIN32)
-  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SYSCONFDIR}/icinga2/features-enabled\")")
-  install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ../features-available/notification.conf \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SYSCONFDIR}/icinga2/features-enabled/notification.conf\")")
+  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_CONFIGDIR}/features-enabled\")")
+  install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ../features-available/notification.conf \"\$ENV{DESTDIR}${ICINGA2_FULL_CONFIGDIR}/features-enabled/notification.conf\")")
 else()
-  install_if_not_exists(${PROJECT_SOURCE_DIR}/etc/icinga2/features-enabled/notification.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-enabled)
+  install_if_not_exists(${PROJECT_SOURCE_DIR}/etc/icinga2/features-enabled/notification.conf ${ICINGA2_CONFIGDIR}/features-enabled)
 endif()
 
 set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "${CPACK_NSIS_EXTRA_INSTALL_COMMANDS}" PARENT_SCOPE)
diff --git a/lib/notification/notificationcomponent.cpp b/lib/notification/notificationcomponent.cpp
index 3d7fbc60b..aa9601201 100644
--- a/lib/notification/notificationcomponent.cpp
+++ b/lib/notification/notificationcomponent.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "notification/notificationcomponent.hpp"
 #include "notification/notificationcomponent-ti.cpp"
@@ -27,6 +10,7 @@
 #include "base/utility.hpp"
 #include "base/exception.hpp"
 #include "base/statsfunction.hpp"
+#include "remote/apilistener.hpp"
 
 using namespace icinga;
 
@@ -81,26 +65,87 @@ void NotificationComponent::NotificationTimerHandler()
 {
 	double now = Utility::GetTime();
 
+	/* Function already checks whether 'api' feature is enabled. */
+	Endpoint::Ptr myEndpoint = Endpoint::GetLocalEndpoint();
+
 	for (const Notification::Ptr& notification : ConfigType::GetObjectsByType<Notification>()) {
 		if (!notification->IsActive())
 			continue;
 
-		if (notification->IsPaused() && GetEnableHA())
-			continue;
+		String notificationName = notification->GetName();
+		bool updatedObjectAuthority = ApiListener::UpdatedObjectAuthority();
+
+		/* Skip notification if paused, in a cluster setup & HA feature is enabled. */
+		if (notification->IsPaused()) {
+			if (updatedObjectAuthority) {
+				auto stashedNotifications (notification->GetStashedNotifications());
+				ObjectLock olock(stashedNotifications);
+
+				if (stashedNotifications->GetLength()) {
+					Log(LogNotice, "NotificationComponent")
+						<< "Notification '" << notificationName << "': HA cluster active, this endpoint does not have the authority. Dropping all stashed notifications.";
+
+					stashedNotifications->Clear();
+				}
+			}
+
+			if (myEndpoint && GetEnableHA()) {
+				Log(LogNotice, "NotificationComponent")
+					<< "Reminder notification '" << notificationName << "': HA cluster active, this endpoint does not have the authority (paused=true). Skipping.";
+				continue;
+			}
+		}
 
 		Checkable::Ptr checkable = notification->GetCheckable();
 
 		if (!IcingaApplication::GetInstance()->GetEnableNotifications() || !checkable->GetEnableNotifications())
 			continue;
 
-		if (notification->GetInterval() <= 0 && notification->GetNoMoreNotifications())
+		bool reachable = checkable->IsReachable(DependencyNotification);
+
+		if (reachable) {
+			Array::Ptr unstashedNotifications = new Array();
+
+			{
+				auto stashedNotifications (notification->GetStashedNotifications());
+				ObjectLock olock(stashedNotifications);
+
+				stashedNotifications->CopyTo(unstashedNotifications);
+				stashedNotifications->Clear();
+			}
+
+			ObjectLock olock(unstashedNotifications);
+
+			for (Dictionary::Ptr unstashedNotification : unstashedNotifications) {
+				try {
+					Log(LogNotice, "NotificationComponent")
+						<< "Attempting to send stashed notification '" << notificationName << "'.";
+
+					notification->BeginExecuteNotification(
+						(NotificationType)(int)unstashedNotification->Get("type"),
+						(CheckResult::Ptr)unstashedNotification->Get("cr"),
+						(bool)unstashedNotification->Get("force"),
+						(bool)unstashedNotification->Get("reminder"),
+						(String)unstashedNotification->Get("author"),
+						(String)unstashedNotification->Get("text")
+					);
+				} catch (const std::exception& ex) {
+					Log(LogWarning, "NotificationComponent")
+						<< "Exception occurred during notification for object '"
+						<< notificationName << "': " << DiagnosticInformation(ex, false);
+				}
+			}
+		}
+
+		if (notification->GetInterval() <= 0 && notification->GetNoMoreNotifications()) {
+			Log(LogNotice, "NotificationComponent")
+				<< "Reminder notification '" << notificationName << "': Notification was sent out once and interval=0 disables reminder notifications.";
 			continue;
+		}
 
 		if (notification->GetNextNotification() > now)
 			continue;
 
-		bool reachable = checkable->IsReachable(DependencyNotification);
-
 		{
 			ObjectLock olock(notification);
 			notification->SetNextNotification(Utility::GetTime() + notification->GetInterval());
@@ -116,22 +161,24 @@ void NotificationComponent::NotificationTimerHandler()
 			if (checkable->GetStateType() == StateTypeSoft)
 				continue;
 
+			/* Don't send reminder notifications for OK/Up states. */
 			if ((service && service->GetState() == ServiceOK) || (!service && host->GetState() == HostUp))
 				continue;
 
+			/* Skip in runtime filters. */
 			if (!reachable || checkable->IsInDowntime() || checkable->IsAcknowledged() || checkable->IsFlapping())
 				continue;
 		}
 
 		try {
 			Log(LogNotice, "NotificationComponent")
-				<< "Attempting to send reminder notification '" << notification->GetName() << "'";
+				<< "Attempting to send reminder notification '" << notificationName << "'.";
 
 			notification->BeginExecuteNotification(NotificationProblem, checkable->GetLastCheckResult(), false, true);
 		} catch (const std::exception& ex) {
 			Log(LogWarning, "NotificationComponent")
-				<< "Exception occured during notification for object '"
-				<< GetName() << "': " << DiagnosticInformation(ex);
+				<< "Exception occurred during notification for object '"
+				<< notificationName << "': " << DiagnosticInformation(ex, false);
 		}
 	}
 }
diff --git a/lib/notification/notificationcomponent.hpp b/lib/notification/notificationcomponent.hpp
index 39bb220f2..09434e21a 100644
--- a/lib/notification/notificationcomponent.hpp
+++ b/lib/notification/notificationcomponent.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef NOTIFICATIONCOMPONENT_H
 #define NOTIFICATIONCOMPONENT_H
diff --git a/lib/notification/notificationcomponent.ti b/lib/notification/notificationcomponent.ti
index 547528d1e..13af13691 100644
--- a/lib/notification/notificationcomponent.ti
+++ b/lib/notification/notificationcomponent.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
@@ -26,7 +9,7 @@ namespace icinga
 
 class NotificationComponent : ConfigObject
 {
-	activation_priority 100;
+	activation_priority 200;
 
 	[config] bool enable_ha (EnableHA) {
 		default {{{ return true; }}}
diff --git a/lib/perfdata/CMakeLists.txt b/lib/perfdata/CMakeLists.txt
index 7b0780414..c7fba5851 100644
--- a/lib/perfdata/CMakeLists.txt
+++ b/lib/perfdata/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(gelfwriter.ti gelfwriter-ti.cpp gelfwriter-ti.hpp)
 mkclass_target(graphitewriter.ti graphitewriter-ti.cpp graphitewriter-ti.hpp)
@@ -46,35 +31,35 @@ set_target_properties (
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/gelf.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/graphite.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/influxdb.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/elasticsearch.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/opentsdb.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
 install_if_not_exists(
   ${PROJECT_SOURCE_DIR}/etc/icinga2/features-available/perfdata.conf
-  ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/features-available
+  ${ICINGA2_CONFIGDIR}/features-available
 )
 
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/spool/icinga2/perfdata\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/spool/icinga2/tmp\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_SPOOLDIR}/perfdata\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_SPOOLDIR}/tmp\")")
 
 set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "${CPACK_NSIS_EXTRA_INSTALL_COMMANDS}" PARENT_SCOPE)
diff --git a/lib/perfdata/elasticsearchwriter.cpp b/lib/perfdata/elasticsearchwriter.cpp
index 2e8ffa515..7798ad8dc 100644
--- a/lib/perfdata/elasticsearchwriter.cpp
+++ b/lib/perfdata/elasticsearchwriter.cpp
@@ -1,30 +1,14 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "perfdata/elasticsearchwriter.hpp"
 #include "perfdata/elasticsearchwriter-ti.cpp"
 #include "remote/url.hpp"
-#include "remote/httprequest.hpp"
-#include "remote/httpresponse.hpp"
 #include "icinga/compatutility.hpp"
 #include "icinga/service.hpp"
 #include "icinga/checkcommand.hpp"
+#include "base/application.hpp"
+#include "base/defer.hpp"
+#include "base/io-engine.hpp"
 #include "base/tcpsocket.hpp"
 #include "base/stream.hpp"
 #include "base/base64.hpp"
@@ -35,7 +19,19 @@
 #include "base/exception.hpp"
 #include "base/statsfunction.hpp"
 #include <boost/algorithm/string.hpp>
+#include <boost/asio/ssl/context.hpp>
+#include <boost/beast/core/flat_buffer.hpp>
+#include <boost/beast/http/field.hpp>
+#include <boost/beast/http/message.hpp>
+#include <boost/beast/http/parser.hpp>
+#include <boost/beast/http/read.hpp>
+#include <boost/beast/http/status.hpp>
+#include <boost/beast/http/string_body.hpp>
+#include <boost/beast/http/verb.hpp>
+#include <boost/beast/http/write.hpp>
 #include <boost/scoped_array.hpp>
+#include <memory>
+#include <string>
 #include <utility>
 
 using namespace icinga;
@@ -49,6 +45,15 @@ void ElasticsearchWriter::OnConfigLoaded()
 	ObjectImpl<ElasticsearchWriter>::OnConfigLoaded();
 
 	m_WorkQueue.SetName("ElasticsearchWriter, " + GetName());
+
+	if (!GetEnableHa()) {
+		Log(LogDebug, "ElasticsearchWriter")
+			<< "HA functionality disabled. Won't pause connection: " << GetName();
+
+		SetHAMode(HARunEverywhere);
+	} else {
+		SetHAMode(HARunOnce);
+	}
 }
 
 void ElasticsearchWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata)
@@ -71,14 +76,14 @@ void ElasticsearchWriter::StatsFunc(const Dictionary::Ptr& status, const Array::
 	status->Set("elasticsearchwriter", new Dictionary(std::move(nodes)));
 }
 
-void ElasticsearchWriter::Start(bool runtimeCreated)
+void ElasticsearchWriter::Resume()
 {
-	ObjectImpl<ElasticsearchWriter>::Start(runtimeCreated);
+	ObjectImpl<ElasticsearchWriter>::Resume();
 
 	m_EventPrefix = "icinga2.event.";
 
 	Log(LogInformation, "ElasticsearchWriter")
-		<< "'" << GetName() << "' started.";
+		<< "'" << GetName() << "' resumed.";
 
 	m_WorkQueue.SetExceptionCallback(std::bind(&ElasticsearchWriter::ExceptionHandler, this, _1));
 
@@ -95,14 +100,17 @@ void ElasticsearchWriter::Start(bool runtimeCreated)
 	Checkable::OnNotificationSentToAllUsers.connect(std::bind(&ElasticsearchWriter::NotificationSentToAllUsersHandler, this, _1, _2, _3, _4, _5, _6, _7));
 }
 
-void ElasticsearchWriter::Stop(bool runtimeRemoved)
+/* Pause is equivalent to Stop, but with HA capabilities to resume at runtime. */
+void ElasticsearchWriter::Pause()
 {
-	Log(LogInformation, "ElasticsearchWriter")
-		<< "'" << GetName() << "' stopped.";
-
+	Flush();
 	m_WorkQueue.Join();
+	Flush();
 
-	ObjectImpl<ElasticsearchWriter>::Stop(runtimeRemoved);
+	Log(LogInformation, "ElasticsearchWriter")
+		<< "'" << GetName() << "' paused.";
+
+	ObjectImpl<ElasticsearchWriter>::Pause();
 }
 
 void ElasticsearchWriter::AddCheckResult(const Dictionary::Ptr& fields, const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
@@ -131,6 +139,8 @@ void ElasticsearchWriter::AddCheckResult(const Dictionary::Ptr& fields, const Ch
 
 	Array::Ptr perfdata = cr->GetPerformanceData();
 
+	CheckCommand::Ptr checkCommand = checkable->GetCheckCommand();
+
 	if (perfdata) {
 		ObjectLock olock(perfdata);
 		for (const Value& val : perfdata) {
@@ -143,8 +153,9 @@ void ElasticsearchWriter::AddCheckResult(const Dictionary::Ptr& fields, const Ch
 					pdv = PerfdataValue::Parse(val);
 				} catch (const std::exception&) {
 					Log(LogWarning, "ElasticsearchWriter")
-						<< "Ignoring invalid perfdata value: '" << val << "' for object '"
-						<< checkable->GetName() << "'.";
+						<< "Ignoring invalid perfdata for checkable '"
+						<< checkable->GetName() << "' and command '"
+						<< checkCommand->GetName() << "' with value: " << val;
 					continue;
 				}
 			}
@@ -176,6 +187,9 @@ void ElasticsearchWriter::AddCheckResult(const Dictionary::Ptr& fields, const Ch
 
 void ElasticsearchWriter::CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&ElasticsearchWriter::InternalCheckResultHandler, this, checkable, cr));
 }
 
@@ -225,11 +239,14 @@ void ElasticsearchWriter::InternalCheckResultHandler(const Checkable::Ptr& check
 		ts = cr->GetExecutionEnd();
 	}
 
-	Enqueue("checkresult", fields, ts);
+	Enqueue(checkable, "checkresult", fields, ts);
 }
 
 void ElasticsearchWriter::StateChangeHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, StateType type)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&ElasticsearchWriter::StateChangeHandlerInternal, this, checkable, cr, type));
 }
 
@@ -272,13 +289,16 @@ void ElasticsearchWriter::StateChangeHandlerInternal(const Checkable::Ptr& check
 		ts = cr->GetExecutionEnd();
 	}
 
-	Enqueue("statechange", fields, ts);
+	Enqueue(checkable, "statechange", fields, ts);
 }
 
 void ElasticsearchWriter::NotificationSentToAllUsersHandler(const Notification::Ptr& notification,
 	const Checkable::Ptr& checkable, const std::set<User::Ptr>& users, NotificationType type,
 	const CheckResult::Ptr& cr, const String& author, const String& text)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&ElasticsearchWriter::NotificationSentToAllUsersHandlerInternal, this,
 		notification, checkable, users, type, cr, author, text));
 }
@@ -298,7 +318,7 @@ void ElasticsearchWriter::NotificationSentToAllUsersHandlerInternal(const Notifi
 	Service::Ptr service;
 	tie(host, service) = GetHostService(checkable);
 
-	String notificationTypeString = Notification::NotificationTypeToString(type);
+	String notificationTypeString = Notification::NotificationTypeToStringCompat(type); //TODO: Change that to our own types.
 
 	Dictionary::Ptr fields = new Dictionary();
 
@@ -338,10 +358,11 @@ void ElasticsearchWriter::NotificationSentToAllUsersHandlerInternal(const Notifi
 		ts = cr->GetExecutionEnd();
 	}
 
-	Enqueue("notification", fields, ts);
+	Enqueue(checkable, "notification", fields, ts);
 }
 
-void ElasticsearchWriter::Enqueue(const String& type, const Dictionary::Ptr& fields, double ts)
+void ElasticsearchWriter::Enqueue(const Checkable::Ptr& checkable, const String& type,
+	const Dictionary::Ptr& fields, double ts)
 {
 	/* Atomically buffer the data point. */
 	boost::mutex::scoped_lock lock(m_DataBufferMutex);
@@ -360,7 +381,7 @@ void ElasticsearchWriter::Enqueue(const String& type, const Dictionary::Ptr& fie
 	String fieldsBody = JsonEncode(fields);
 
 	Log(LogDebug, "ElasticsearchWriter")
-		<< "Add to fields to message list: '" << fieldsBody << "'.";
+		<< "Checkable '" << checkable->GetName() << "' adds to metric list: '" << fieldsBody << "'.";
 
 	m_DataBuffer.emplace_back(indexBody + fieldsBody);
 
@@ -389,6 +410,10 @@ void ElasticsearchWriter::FlushTimeout()
 
 void ElasticsearchWriter::Flush()
 {
+	/* Flush can be called from 1) Timeout 2) Threshold 3) on shutdown/reload. */
+	if (m_DataBuffer.empty())
+		return;
+
 	/* Ensure you hold a lock against m_DataBuffer so that things
 	 * don't go missing after creating the body and clearing the buffer.
 	 */
@@ -405,6 +430,9 @@ void ElasticsearchWriter::Flush()
 
 void ElasticsearchWriter::SendRequest(const String& body)
 {
+	namespace beast = boost::beast;
+	namespace http = beast::http;
+
 	Url::Ptr url = new Url();
 
 	url->SetScheme(GetEnableTls() ? "https" : "http");
@@ -428,58 +456,84 @@ void ElasticsearchWriter::SendRequest(const String& body)
 
 	url->SetPath(path);
 
-	Stream::Ptr stream = Connect();
-	HttpRequest req(stream);
+	OptionalTlsStream stream;
+
+	try {
+		stream = Connect();
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "ElasticsearchWriter")
+			<< "Flush failed, cannot connect to Elasticsearch: " << DiagnosticInformation(ex, false);
+		return;
+	}
+
+	Defer s ([&stream]() {
+		if (stream.first) {
+			stream.first->next_layer().shutdown();
+		}
+	});
+
+	http::request<http::string_body> request (http::verb::post, std::string(url->Format(true)), 10);
+
+	request.set(http::field::user_agent, "Icinga/" + Application::GetAppVersion());
+	request.set(http::field::host, url->GetHost() + ":" + url->GetPort());
 
 	/* Specify required headers by Elasticsearch. */
-	req.AddHeader("Accept", "application/json");
-	req.AddHeader("Content-Type", "application/json");
+	request.set(http::field::accept, "application/json");
+
+	/* Use application/x-ndjson for bulk streams. While ES
+	 * is able to handle application/json, the newline separator
+	 * causes problems with Logstash (#6609).
+	 */
+	request.set(http::field::content_type, "application/x-ndjson");
 
 	/* Send authentication if configured. */
 	String username = GetUsername();
 	String password = GetPassword();
 
 	if (!username.IsEmpty() && !password.IsEmpty())
-		req.AddHeader("Authorization", "Basic " + Base64::Encode(username + ":" + password));
+		request.set(http::field::authorization, "Basic " + Base64::Encode(username + ":" + password));
 
-	req.RequestMethod = "POST";
-	req.RequestUrl = url;
+	request.body() = body;
+	request.set(http::field::content_length, request.body().size());
 
 	/* Don't log the request body to debug log, this is already done above. */
 	Log(LogDebug, "ElasticsearchWriter")
-		<< "Sending " << req.RequestMethod << " request" << ((!username.IsEmpty() && !password.IsEmpty()) ? " with basic auth" : "" )
+		<< "Sending " << request.method_string() << " request" << ((!username.IsEmpty() && !password.IsEmpty()) ? " with basic auth" : "" )
 		<< " to '" << url->Format() << "'.";
 
 	try {
-		req.WriteBody(body.CStr(), body.GetLength());
-		req.Finish();
-	} catch (const std::exception& ex) {
+		if (stream.first) {
+			http::write(*stream.first, request);
+			stream.first->flush();
+		} else {
+			http::write(*stream.second, request);
+			stream.second->flush();
+		}
+	} catch (const std::exception&) {
 		Log(LogWarning, "ElasticsearchWriter")
 			<< "Cannot write to HTTP API on host '" << GetHost() << "' port '" << GetPort() << "'.";
-		throw ex;
+		throw;
 	}
 
-	HttpResponse resp(stream, req);
-	StreamReadContext context;
+	http::parser<false, http::string_body> parser;
+	beast::flat_buffer buf;
 
 	try {
-		resp.Parse(context, true);
-		while (resp.Parse(context, true) && !resp.Complete)
-			; /* Do nothing */
+		if (stream.first) {
+			http::read(*stream.first, buf, parser);
+		} else {
+			http::read(*stream.second, buf, parser);
+		}
 	} catch (const std::exception& ex) {
 		Log(LogWarning, "ElasticsearchWriter")
 			<< "Failed to parse HTTP response from host '" << GetHost() << "' port '" << GetPort() << "': " << DiagnosticInformation(ex, false);
-		throw ex;
+		throw;
 	}
 
-	if (!resp.Complete) {
-		Log(LogWarning, "ElasticsearchWriter")
-			<< "Failed to read a complete HTTP response from the Elasticsearch server.";
-		return;
-	}
+	auto& response (parser.get());
 
-	if (resp.StatusCode > 299) {
-		if (resp.StatusCode == 401) {
+	if (response.result_int() > 299) {
+		if (response.result() == http::status::unauthorized) {
 			/* More verbose error logging with Elasticsearch is hidden behind a proxy. */
 			if (!username.IsEmpty() && !password.IsEmpty()) {
 				Log(LogCritical, "ElasticsearchWriter")
@@ -493,80 +547,83 @@ void ElasticsearchWriter::SendRequest(const String& body)
 			return;
 		}
 
-		Log(LogWarning, "ElasticsearchWriter")
-			<< "Unexpected response code " << resp.StatusCode;
+		std::ostringstream msgbuf;
+		msgbuf << "Unexpected response code " << response.result_int() << " from URL '" << url->Format() << "'";
 
-		String contentType = resp.Headers->Get("content-type");
+		auto& contentType (response[http::field::content_type]);
 
-		if (contentType != "application/json") {
-			Log(LogWarning, "ElasticsearchWriter")
-				<< "Unexpected Content-Type: " << contentType;
-			return;
+		if (contentType != "application/json" && contentType != "application/json; charset=utf-8") {
+			msgbuf << "; Unexpected Content-Type: '" << contentType << "'";
 		}
 
-		size_t responseSize = resp.GetBodySize();
-		boost::scoped_array<char> buffer(new char[responseSize + 1]);
-		resp.ReadBody(buffer.get(), responseSize);
-		buffer.get()[responseSize] = '\0';
+		auto& body (response.body());
+
+#ifdef I2_DEBUG
+		msgbuf << "; Response body: '" << body << "'";
+#endif /* I2_DEBUG */
 
 		Dictionary::Ptr jsonResponse;
+
 		try {
-			jsonResponse = JsonDecode(buffer.get());
+			jsonResponse = JsonDecode(body);
 		} catch (...) {
 			Log(LogWarning, "ElasticsearchWriter")
-				<< "Unable to parse JSON response:\n" << buffer.get();
+				<< "Unable to parse JSON response:\n" << body;
 			return;
 		}
 
 		String error = jsonResponse->Get("error");
 
 		Log(LogCritical, "ElasticsearchWriter")
-			<< "Elasticsearch error message:\n" << error;
-
-		return;
+			<< "Error: '" << error << "'. " << msgbuf.str();
 	}
 }
 
-Stream::Ptr ElasticsearchWriter::Connect()
+OptionalTlsStream ElasticsearchWriter::Connect()
 {
-	TcpSocket::Ptr socket = new TcpSocket();
-
 	Log(LogNotice, "ElasticsearchWriter")
 		<< "Connecting to Elasticsearch on host '" << GetHost() << "' port '" << GetPort() << "'.";
 
-	try {
-		socket->Connect(GetHost(), GetPort());
-	} catch (const std::exception& ex) {
-		Log(LogWarning, "ElasticsearchWriter")
-			<< "Can't connect to Elasticsearch on host '" << GetHost() << "' port '" << GetPort() << "'.";
-		throw ex;
-	}
+	OptionalTlsStream stream;
+	bool tls = GetEnableTls();
 
-	if (GetEnableTls()) {
-		std::shared_ptr<SSL_CTX> sslContext;
+	if (tls) {
+		std::shared_ptr<boost::asio::ssl::context> sslContext;
 
 		try {
-			sslContext = MakeSSLContext(GetCertPath(), GetKeyPath(), GetCaPath());
-		} catch (const std::exception& ex) {
+			sslContext = MakeAsioSslContext(GetCertPath(), GetKeyPath(), GetCaPath());
+		} catch (const std::exception&) {
 			Log(LogWarning, "ElasticsearchWriter")
 				<< "Unable to create SSL context.";
-			throw ex;
+			throw;
 		}
 
-		TlsStream::Ptr tlsStream = new TlsStream(socket, GetHost(), RoleClient, sslContext);
+		stream.first = std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext(), *sslContext, GetHost());
+	} else {
+		stream.second = std::make_shared<AsioTcpStream>(IoEngine::Get().GetIoContext());
+	}
+
+	try {
+		icinga::Connect(tls ? stream.first->lowest_layer() : stream.second->lowest_layer(), GetHost(), GetPort());
+	} catch (const std::exception&) {
+		Log(LogWarning, "ElasticsearchWriter")
+			<< "Can't connect to Elasticsearch on host '" << GetHost() << "' port '" << GetPort() << "'.";
+		throw;
+	}
+
+	if (tls) {
+		auto& tlsStream (stream.first->next_layer());
 
 		try {
-			tlsStream->Handshake();
-		} catch (const std::exception& ex) {
+			tlsStream.handshake(tlsStream.client);
+		} catch (const std::exception&) {
 			Log(LogWarning, "ElasticsearchWriter")
 				<< "TLS handshake with host '" << GetHost() << "' on port " << GetPort() << " failed.";
-			throw ex;
+			throw;
 		}
-
-		return tlsStream;
-	} else {
-		return new NetworkStream(socket);
 	}
+
+	return std::move(stream);
 }
 
 void ElasticsearchWriter::AssertOnWorkQueue()
diff --git a/lib/perfdata/elasticsearchwriter.hpp b/lib/perfdata/elasticsearchwriter.hpp
index e28ad4a7c..45658f574 100644
--- a/lib/perfdata/elasticsearchwriter.hpp
+++ b/lib/perfdata/elasticsearchwriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ELASTICSEARCHWRITER_H
 #define ELASTICSEARCHWRITER_H
@@ -25,6 +8,7 @@
 #include "base/configobject.hpp"
 #include "base/workqueue.hpp"
 #include "base/timer.hpp"
+#include "base/tlsstream.hpp"
 
 namespace icinga
 {
@@ -41,8 +25,8 @@ public:
 
 protected:
 	void OnConfigLoaded() override;
-	void Start(bool runtimeCreated) override;
-	void Stop(bool runtimeRemoved) override;
+	void Resume() override;
+	void Pause() override;
 
 private:
 	String m_EventPrefix;
@@ -64,9 +48,10 @@ private:
 		const Checkable::Ptr& checkable, const std::set<User::Ptr>& users, NotificationType type,
 		const CheckResult::Ptr& cr, const String& author, const String& text);
 
-	void Enqueue(const String& type, const Dictionary::Ptr& fields, double ts);
+	void Enqueue(const Checkable::Ptr& checkable, const String& type,
+		const Dictionary::Ptr& fields, double ts);
 
-	Stream::Ptr Connect();
+	OptionalTlsStream Connect();
 	void AssertOnWorkQueue();
 	void ExceptionHandler(boost::exception_ptr exp);
 	void FlushTimeout();
diff --git a/lib/perfdata/elasticsearchwriter.ti b/lib/perfdata/elasticsearchwriter.ti
index 2bbdd9d6a..87a7ea321 100644
--- a/lib/perfdata/elasticsearchwriter.ti
+++ b/lib/perfdata/elasticsearchwriter.ti
@@ -1,3 +1,5 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
 #include "base/configobject.hpp"
 
 library perfdata;
@@ -37,6 +39,9 @@ class ElasticsearchWriter : ConfigObject
 	[config] int flush_threshold {
 		default {{{ return 1024; }}}
 	};
+	[config] bool enable_ha {
+		default {{{ return false; }}}
+	};
 };
 
 }
diff --git a/lib/perfdata/gelfwriter.cpp b/lib/perfdata/gelfwriter.cpp
index e6b43e09f..c778a3813 100644
--- a/lib/perfdata/gelfwriter.cpp
+++ b/lib/perfdata/gelfwriter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "perfdata/gelfwriter.hpp"
 #include "perfdata/gelfwriter-ti.cpp"
@@ -39,6 +22,11 @@
 #include "base/statsfunction.hpp"
 #include <boost/algorithm/string/replace.hpp>
 #include <utility>
+#include "base/io-engine.hpp"
+#include <boost/asio/write.hpp>
+#include <boost/asio/buffer.hpp>
+#include <boost/system/error_code.hpp>
+#include <boost/asio/error.hpp>
 
 using namespace icinga;
 
@@ -51,6 +39,15 @@ void GelfWriter::OnConfigLoaded()
 	ObjectImpl<GelfWriter>::OnConfigLoaded();
 
 	m_WorkQueue.SetName("GelfWriter, " + GetName());
+
+	if (!GetEnableHa()) {
+		Log(LogDebug, "GelfWriter")
+			<< "HA functionality disabled. Won't pause connection: " << GetName();
+
+		SetHAMode(HARunEverywhere);
+	} else {
+		SetHAMode(HARunOnce);
+	}
 }
 
 void GelfWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata)
@@ -75,12 +72,12 @@ void GelfWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perf
 	status->Set("gelfwriter", new Dictionary(std::move(nodes)));
 }
 
-void GelfWriter::Start(bool runtimeCreated)
+void GelfWriter::Resume()
 {
-	ObjectImpl<GelfWriter>::Start(runtimeCreated);
+	ObjectImpl<GelfWriter>::Resume();
 
 	Log(LogInformation, "GelfWriter")
-		<< "'" << GetName() << "' started.";
+		<< "'" << GetName() << "' resumed.";
 
 	/* Register exception handler for WQ tasks. */
 	m_WorkQueue.SetExceptionCallback(std::bind(&GelfWriter::ExceptionHandler, this, _1));
@@ -94,18 +91,32 @@ void GelfWriter::Start(bool runtimeCreated)
 
 	/* Register event handlers. */
 	Checkable::OnNewCheckResult.connect(std::bind(&GelfWriter::CheckResultHandler, this, _1, _2));
-	Checkable::OnNotificationSentToUser.connect(std::bind(&GelfWriter::NotificationToUserHandler, this, _1, _2, _3, _4, _5, _6, _7, _8));
+	Checkable::OnNotificationSentToUser.connect(std::bind(&GelfWriter::NotificationToUserHandler, this, _1, _2, _3, _4, _5, _6, _7, _8, _9));
 	Checkable::OnStateChange.connect(std::bind(&GelfWriter::StateChangeHandler, this, _1, _2, _3));
 }
 
-void GelfWriter::Stop(bool runtimeRemoved)
+/* Pause is equivalent to Stop, but with HA capabilities to resume at runtime. */
+void GelfWriter::Pause()
 {
-	Log(LogInformation, "GelfWriter")
-		<< "'" << GetName() << "' stopped.";
+	m_ReconnectTimer.reset();
+
+	try {
+		ReconnectInternal();
+	} catch (const std::exception&) {
+		Log(LogInformation, "GelfWriter")
+			<< "'" << GetName() << "' paused. Unable to connect, not flushing buffers. Data may be lost on reload.";
+
+		ObjectImpl<GelfWriter>::Pause();
+		return;
+	}
 
 	m_WorkQueue.Join();
+	DisconnectInternal();
 
-	ObjectImpl<GelfWriter>::Stop(runtimeRemoved);
+	Log(LogInformation, "GelfWriter")
+		<< "'" << GetName() << "' paused.";
+
+	ObjectImpl<GelfWriter>::Pause();
 }
 
 void GelfWriter::AssertOnWorkQueue()
@@ -120,17 +131,23 @@ void GelfWriter::ExceptionHandler(boost::exception_ptr exp)
 	Log(LogDebug, "GelfWriter")
 		<< "Exception during Graylog Gelf operation: " << DiagnosticInformation(std::move(exp));
 
-	if (GetConnected()) {
-		m_Stream->Close();
-
-		SetConnected(false);
-	}
+	DisconnectInternal();
 }
 
 void GelfWriter::Reconnect()
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused()) {
+		SetConnected(false);
+		return;
+	}
+
+	ReconnectInternal();
+}
+
+void GelfWriter::ReconnectInternal()
+{
 	double startTime = Utility::GetTime();
 
 	CONTEXT("Reconnecting to Graylog Gelf '" + GetName() + "'");
@@ -140,20 +157,46 @@ void GelfWriter::Reconnect()
 	if (GetConnected())
 		return;
 
-	TcpSocket::Ptr socket = new TcpSocket();
-
 	Log(LogNotice, "GelfWriter")
 		<< "Reconnecting to Graylog Gelf on host '" << GetHost() << "' port '" << GetPort() << "'.";
 
-	try {
-		socket->Connect(GetHost(), GetPort());
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "GelfWriter")
-			<< "Can't connect to Graylog Gelf on host '" << GetHost() << "' port '" << GetPort() << "'.";
-		throw ex;
+	bool ssl = GetEnableTls();
+
+	if (ssl) {
+		std::shared_ptr<boost::asio::ssl::context> sslContext;
+
+		try {
+			sslContext = MakeAsioSslContext(GetCertPath(), GetKeyPath(), GetCaPath());
+		} catch (const std::exception& ex) {
+			Log(LogWarning, "GelfWriter")
+				<< "Unable to create SSL context.";
+			throw;
+		}
+
+		m_Stream.first = std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext(), *sslContext, GetHost());
+	} else {
+		m_Stream.second = std::make_shared<AsioTcpStream>(IoEngine::Get().GetIoContext());
 	}
 
-	m_Stream = new NetworkStream(socket);
+	try {
+		icinga::Connect(ssl ? m_Stream.first->lowest_layer() : m_Stream.second->lowest_layer(), GetHost(), GetPort());
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "GelfWriter")
+			<< "Can't connect to Graylog Gelf on host '" << GetHost() << "' port '" << GetPort() << ".'";
+		throw;
+	}
+
+	if (ssl) {
+		auto& tlsStream (m_Stream.first->next_layer());
+
+		try {
+			tlsStream.handshake(tlsStream.client);
+		} catch (const std::exception& ex) {
+			Log(LogWarning, "GelfWriter")
+				<< "TLS handshake with host '" << GetHost() << " failed.'";
+			throw;
+		}
+	}
 
 	SetConnected(true);
 
@@ -170,16 +213,37 @@ void GelfWriter::Disconnect()
 {
 	AssertOnWorkQueue();
 
+	DisconnectInternal();
+}
+
+void GelfWriter::DisconnectInternal()
+{
 	if (!GetConnected())
 		return;
 
-	m_Stream->Close();
+	if (m_Stream.first) {
+		boost::system::error_code ec;
+		m_Stream.first->next_layer().shutdown(ec);
+
+		// https://stackoverflow.com/a/25703699
+		// As long as the error code's category is not an SSL category, then the protocol was securely shutdown
+		if (ec.category() == boost::asio::error::get_ssl_category()) {
+			Log(LogCritical, "GelfWriter")
+				<< "TLS shutdown with host '" << GetHost() << "' could not be done securely.";
+		}
+	} else if (m_Stream.second) {
+		m_Stream.second->close();
+	}
 
 	SetConnected(false);
+
 }
 
 void GelfWriter::CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&GelfWriter::CheckResultHandlerInternal, this, checkable, cr));
 }
 
@@ -217,10 +281,10 @@ void GelfWriter::CheckResultHandlerInternal(const Checkable::Ptr& checkable, con
 
 	fields->Set("_reachable", checkable->IsReachable());
 
-	CheckCommand::Ptr commandObj = checkable->GetCheckCommand();
+	CheckCommand::Ptr checkCommand = checkable->GetCheckCommand();
 
-	if (commandObj)
-		fields->Set("_check_command", commandObj->GetName());
+	if (checkCommand)
+		fields->Set("_check_command", checkCommand->GetName());
 
 	double ts = Utility::GetTime();
 
@@ -248,8 +312,9 @@ void GelfWriter::CheckResultHandlerInternal(const Checkable::Ptr& checkable, con
 						pdv = PerfdataValue::Parse(val);
 					} catch (const std::exception&) {
 						Log(LogWarning, "GelfWriter")
-							<< "Ignoring invalid perfdata value: '" << val << "' for object '"
-							<< checkable->GetName() << "'.";
+							<< "Ignoring invalid perfdata for checkable '"
+							<< checkable->GetName() << "' and command '"
+							<< checkCommand->GetName() << "' with value: " << val;
 						continue;
 					}
 				}
@@ -277,19 +342,22 @@ void GelfWriter::CheckResultHandlerInternal(const Checkable::Ptr& checkable, con
 		}
 	}
 
-	SendLogMessage(ComposeGelfMessage(fields, GetSource(), ts));
+	SendLogMessage(checkable, ComposeGelfMessage(fields, GetSource(), ts));
 }
 
 void GelfWriter::NotificationToUserHandler(const Notification::Ptr& notification, const Checkable::Ptr& checkable,
-	const User::Ptr& user, NotificationType notificationType, CheckResult::Ptr const& cr,
+	const User::Ptr& user, NotificationType notificationType, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
 	const String& author, const String& commentText, const String& commandName)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&GelfWriter::NotificationToUserHandlerInternal, this,
-		notification, checkable, user, notificationType, cr, author, commentText, commandName));
+		notification, checkable, user, notificationType, cr, nr, author, commentText, commandName));
 }
 
 void GelfWriter::NotificationToUserHandlerInternal(const Notification::Ptr& notification, const Checkable::Ptr& checkable,
-	const User::Ptr& user, NotificationType notificationType, CheckResult::Ptr const& cr,
+	const User::Ptr& user, NotificationType notificationType, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
 	const String& author, const String& commentText, const String& commandName)
 {
 	AssertOnWorkQueue();
@@ -303,7 +371,7 @@ void GelfWriter::NotificationToUserHandlerInternal(const Notification::Ptr& noti
 	Service::Ptr service;
 	tie(host, service) = GetHostService(checkable);
 
-	String notificationTypeString = Notification::NotificationTypeToString(notificationType);
+	String notificationTypeString = Notification::NotificationTypeToStringCompat(notificationType); //TODO: Change that to our own types.
 
 	String authorComment = "";
 
@@ -343,11 +411,14 @@ void GelfWriter::NotificationToUserHandlerInternal(const Notification::Ptr& noti
 	if (commandObj)
 		fields->Set("_check_command", commandObj->GetName());
 
-	SendLogMessage(ComposeGelfMessage(fields, GetSource(), ts));
+	SendLogMessage(checkable, ComposeGelfMessage(fields, GetSource(), ts));
 }
 
 void GelfWriter::StateChangeHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, StateType type)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&GelfWriter::StateChangeHandlerInternal, this, checkable, cr, type));
 }
 
@@ -396,7 +467,7 @@ void GelfWriter::StateChangeHandlerInternal(const Checkable::Ptr& checkable, con
 		ts = cr->GetExecutionEnd();
 	}
 
-	SendLogMessage(ComposeGelfMessage(fields, GetSource(), ts));
+	SendLogMessage(checkable, ComposeGelfMessage(fields, GetSource(), ts));
 }
 
 String GelfWriter::ComposeGelfMessage(const Dictionary::Ptr& fields, const String& source, double ts)
@@ -408,7 +479,7 @@ String GelfWriter::ComposeGelfMessage(const Dictionary::Ptr& fields, const Strin
 	return JsonEncode(fields);
 }
 
-void GelfWriter::SendLogMessage(const String& gelfMessage)
+void GelfWriter::SendLogMessage(const Checkable::Ptr& checkable, const String& gelfMessage)
 {
 	std::ostringstream msgbuf;
 	msgbuf << gelfMessage;
@@ -423,9 +494,15 @@ void GelfWriter::SendLogMessage(const String& gelfMessage)
 
 	try {
 		Log(LogDebug, "GelfWriter")
-			<< "Sending '" << log << "'.";
+			<< "Checkable '" << checkable->GetName() << "' sending message '" << log << "'.";
 
-		m_Stream->Write(log.CStr(), log.GetLength());
+		if (m_Stream.first) {
+			boost::asio::write(*m_Stream.first, boost::asio::buffer(msgbuf.str()));
+			m_Stream.first->flush();
+		} else {
+			boost::asio::write(*m_Stream.second, boost::asio::buffer(msgbuf.str()));
+			m_Stream.second->flush();
+		}
 	} catch (const std::exception& ex) {
 		Log(LogCritical, "GelfWriter")
 			<< "Cannot write to TCP socket on host '" << GetHost() << "' port '" << GetPort() << "'.";
diff --git a/lib/perfdata/gelfwriter.hpp b/lib/perfdata/gelfwriter.hpp
index 0948ecdd7..f729c0c5c 100644
--- a/lib/perfdata/gelfwriter.hpp
+++ b/lib/perfdata/gelfwriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef GELFWRITER_H
 #define GELFWRITER_H
@@ -46,11 +29,11 @@ public:
 
 protected:
 	void OnConfigLoaded() override;
-	void Start(bool runtimeCreated) override;
-	void Stop(bool runtimeRemoved) override;
+	void Resume() override;
+	void Pause() override;
 
 private:
-	Stream::Ptr m_Stream;
+	OptionalTlsStream m_Stream;
 	WorkQueue m_WorkQueue{10000000, 1};
 
 	Timer::Ptr m_ReconnectTimer;
@@ -58,21 +41,23 @@ private:
 	void CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
 	void CheckResultHandlerInternal(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
 	void NotificationToUserHandler(const Notification::Ptr& notification, const Checkable::Ptr& checkable,
-		const User::Ptr& user, NotificationType notificationType, const CheckResult::Ptr& cr,
+		const User::Ptr& user, NotificationType notificationType, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
 		const String& author, const String& commentText, const String& commandName);
 	void NotificationToUserHandlerInternal(const Notification::Ptr& notification, const Checkable::Ptr& checkable,
-		const User::Ptr& user, NotificationType notification_type, const CheckResult::Ptr& cr,
+		const User::Ptr& user, NotificationType notification_type, const CheckResult::Ptr& cr, const NotificationResult::Ptr& nr,
 		const String& author, const String& comment_text, const String& command_name);
 	void StateChangeHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, StateType type);
 	void StateChangeHandlerInternal(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr, StateType type);
 
 	String ComposeGelfMessage(const Dictionary::Ptr& fields, const String& source, double ts);
-	void SendLogMessage(const String& gelfMessage);
+	void SendLogMessage(const Checkable::Ptr& checkable, const String& gelfMessage);
 
 	void ReconnectTimerHandler();
 
 	void Disconnect();
+	void DisconnectInternal();
 	void Reconnect();
+	void ReconnectInternal();
 
 	void AssertOnWorkQueue();
 
diff --git a/lib/perfdata/gelfwriter.ti b/lib/perfdata/gelfwriter.ti
index facc94a6d..2176fd877 100644
--- a/lib/perfdata/gelfwriter.ti
+++ b/lib/perfdata/gelfwriter.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
@@ -45,6 +28,15 @@ class GelfWriter : ConfigObject
 	[no_user_modify] bool should_connect {
 		default {{{ return true; }}}
 	};
+	[config] bool enable_ha {
+		default {{{ return false; }}}
+	};
+    [config] bool enable_tls {
+        default {{{ return false; }}}
+    };
+    [config] String ca_path;
+    [config] String cert_path;
+    [config] String key_path;
 };
 
 }
diff --git a/lib/perfdata/graphitewriter.cpp b/lib/perfdata/graphitewriter.cpp
index d878cf953..642926f66 100644
--- a/lib/perfdata/graphitewriter.cpp
+++ b/lib/perfdata/graphitewriter.cpp
@@ -1,25 +1,9 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "perfdata/graphitewriter.hpp"
 #include "perfdata/graphitewriter-ti.cpp"
 #include "icinga/service.hpp"
+#include "icinga/checkcommand.hpp"
 #include "icinga/macroprocessor.hpp"
 #include "icinga/icingaapplication.hpp"
 #include "base/tcpsocket.hpp"
@@ -44,13 +28,31 @@ REGISTER_TYPE(GraphiteWriter);
 
 REGISTER_STATSFUNCTION(GraphiteWriter, &GraphiteWriter::StatsFunc);
 
+/*
+ * Enable HA capabilities once the config object is loaded.
+ */
 void GraphiteWriter::OnConfigLoaded()
 {
 	ObjectImpl<GraphiteWriter>::OnConfigLoaded();
 
 	m_WorkQueue.SetName("GraphiteWriter, " + GetName());
+
+	if (!GetEnableHa()) {
+		Log(LogDebug, "GraphiteWriter")
+			<< "HA functionality disabled. Won't pause connection: " << GetName();
+
+		SetHAMode(HARunEverywhere);
+	} else {
+		SetHAMode(HARunOnce);
+	}
 }
 
+/**
+ * Feature stats interface
+ *
+ * @param status Key value pairs for feature stats
+ * @param perfdata Array of PerfdataValue objects
+ */
 void GraphiteWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata)
 {
 	DictionaryData nodes;
@@ -72,12 +74,15 @@ void GraphiteWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr&
 	status->Set("graphitewriter", new Dictionary(std::move(nodes)));
 }
 
-void GraphiteWriter::Start(bool runtimeCreated)
+/**
+ * Resume is equivalent to Start, but with HA capabilities to resume at runtime.
+ */
+void GraphiteWriter::Resume()
 {
-	ObjectImpl<GraphiteWriter>::Start(runtimeCreated);
+	ObjectImpl<GraphiteWriter>::Resume();
 
 	Log(LogInformation, "GraphiteWriter")
-		<< "'" << GetName() << "' started.";
+		<< "'" << GetName() << "' resumed.";
 
 	/* Register exception handler for WQ tasks. */
 	m_WorkQueue.SetExceptionCallback(std::bind(&GraphiteWriter::ExceptionHandler, this, _1));
@@ -93,21 +98,47 @@ void GraphiteWriter::Start(bool runtimeCreated)
 	Checkable::OnNewCheckResult.connect(std::bind(&GraphiteWriter::CheckResultHandler, this, _1, _2));
 }
 
-void GraphiteWriter::Stop(bool runtimeRemoved)
+/**
+ * Pause is equivalent to Stop, but with HA capabilities to resume at runtime.
+ */
+void GraphiteWriter::Pause()
 {
-	Log(LogInformation, "GraphiteWriter")
-		<< "'" << GetName() << "' stopped.";
+	m_ReconnectTimer.reset();
+
+	try {
+		ReconnectInternal();
+	} catch (const std::exception&) {
+		Log(LogInformation, "GraphiteWriter")
+			<< "'" << GetName() << "' paused. Unable to connect, not flushing buffers. Data may be lost on reload.";
+
+		ObjectImpl<GraphiteWriter>::Pause();
+		return;
+	}
 
 	m_WorkQueue.Join();
+	DisconnectInternal();
 
-	ObjectImpl<GraphiteWriter>::Stop(runtimeRemoved);
+	Log(LogInformation, "GraphiteWriter")
+		<< "'" << GetName() << "' paused.";
+
+	ObjectImpl<GraphiteWriter>::Pause();
 }
 
+/**
+ * Check if method is called inside the WQ thread.
+ */
 void GraphiteWriter::AssertOnWorkQueue()
 {
 	ASSERT(m_WorkQueue.IsWorkerThread());
 }
 
+/**
+ * Exception handler for the WQ.
+ *
+ * Closes the connection if connected.
+ *
+ * @param exp Exception pointer
+ */
 void GraphiteWriter::ExceptionHandler(boost::exception_ptr exp)
 {
 	Log(LogCritical, "GraphiteWriter", "Exception during Graphite operation: Verify that your backend is operational!");
@@ -116,16 +147,34 @@ void GraphiteWriter::ExceptionHandler(boost::exception_ptr exp)
 		<< "Exception during Graphite operation: " << DiagnosticInformation(std::move(exp));
 
 	if (GetConnected()) {
-		m_Stream->Close();
+		m_Stream->close();
 
 		SetConnected(false);
 	}
 }
 
+/**
+ * Reconnect method, stops when the feature is paused in HA zones.
+ *
+ * Called inside the WQ.
+ */
 void GraphiteWriter::Reconnect()
 {
 	AssertOnWorkQueue();
 
+	if (IsPaused()) {
+		SetConnected(false);
+		return;
+	}
+
+	ReconnectInternal();
+}
+
+/**
+ * Reconnect method, connects to a TCP Stream
+ */
+void GraphiteWriter::ReconnectInternal()
+{
 	double startTime = Utility::GetTime();
 
 	CONTEXT("Reconnecting to Graphite '" + GetName() + "'");
@@ -135,20 +184,17 @@ void GraphiteWriter::Reconnect()
 	if (GetConnected())
 		return;
 
-	TcpSocket::Ptr socket = new TcpSocket();
-
 	Log(LogNotice, "GraphiteWriter")
 		<< "Reconnecting to Graphite on host '" << GetHost() << "' port '" << GetPort() << "'.";
 
-	try {
-		socket->Connect(GetHost(), GetPort());
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "GraphiteWriter")
-			<< "Can't connect to Graphite on host '" << GetHost() << "' port '" << GetPort() << "'.";
-		throw ex;
-	}
+	m_Stream = std::make_shared<AsioTcpStream>(IoEngine::Get().GetIoContext());
 
-	m_Stream = new NetworkStream(socket);
+	try {
+		icinga::Connect(m_Stream->lowest_layer(), GetHost(), GetPort());
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "GraphiteWriter")
+			<< "Can't connect to Graphite on host '" << GetHost() << "' port '" << GetPort() << ".'";
+	}
 
 	SetConnected(true);
 
@@ -156,34 +202,78 @@ void GraphiteWriter::Reconnect()
 		<< "Finished reconnecting to Graphite in " << std::setw(2) << Utility::GetTime() - startTime << " second(s).";
 }
 
+/**
+ * Reconnect handler called by the timer.
+ *
+ * Enqueues a reconnect task into the WQ.
+ */
 void GraphiteWriter::ReconnectTimerHandler()
 {
-	m_WorkQueue.Enqueue(std::bind(&GraphiteWriter::Reconnect, this), PriorityNormal);
+	if (IsPaused())
+		return;
+
+	m_WorkQueue.Enqueue(std::bind(&GraphiteWriter::Reconnect, this), PriorityHigh);
 }
 
+/**
+ * Disconnect the stream.
+ *
+ * Called inside the WQ.
+ */
 void GraphiteWriter::Disconnect()
 {
 	AssertOnWorkQueue();
 
+	DisconnectInternal();
+}
+
+/**
+ * Disconnect the stream.
+ *
+ * Called outside the WQ.
+ */
+void GraphiteWriter::DisconnectInternal()
+{
 	if (!GetConnected())
 		return;
 
-	m_Stream->Close();
+	m_Stream->close();
 
 	SetConnected(false);
 }
 
+/**
+ * Check result event handler, checks whether feature is not paused in HA setups.
+ *
+ * @param checkable Host/Service object
+ * @param cr Check result including performance data
+ */
 void GraphiteWriter::CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&GraphiteWriter::CheckResultHandlerInternal, this, checkable, cr));
 }
 
+/**
+ * Check result event handler, prepares metadata and perfdata values and calls Send*()
+ *
+ * Called inside the WQ.
+ *
+ * @param checkable Host/Service object
+ * @param cr Check result including performance data
+ */
 void GraphiteWriter::CheckResultHandlerInternal(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
 {
 	AssertOnWorkQueue();
 
 	CONTEXT("Processing check result for '" + checkable->GetName() + "'");
 
+	/* TODO: Deal with missing connection here. Needs refactoring
+	 * into parsing the actual performance data and then putting it
+	 * into a queue for re-inserting. */
+
 	if (!IcingaApplication::GetInstance()->GetEnablePerfdata() || !checkable->GetEnablePerfdata())
 		return;
 
@@ -212,31 +302,41 @@ void GraphiteWriter::CheckResultHandlerInternal(const Checkable::Ptr& checkable,
 
 	if (GetEnableSendMetadata()) {
 		if (service) {
-			SendMetric(prefixMetadata, "state", service->GetState(), ts);
+			SendMetric(checkable, prefixMetadata, "state", service->GetState(), ts);
 		} else {
-			SendMetric(prefixMetadata, "state", host->GetState(), ts);
+			SendMetric(checkable, prefixMetadata, "state", host->GetState(), ts);
 		}
 
-		SendMetric(prefixMetadata, "current_attempt", checkable->GetCheckAttempt(), ts);
-		SendMetric(prefixMetadata, "max_check_attempts", checkable->GetMaxCheckAttempts(), ts);
-		SendMetric(prefixMetadata, "state_type", checkable->GetStateType(), ts);
-		SendMetric(prefixMetadata, "reachable", checkable->IsReachable(), ts);
-		SendMetric(prefixMetadata, "downtime_depth", checkable->GetDowntimeDepth(), ts);
-		SendMetric(prefixMetadata, "acknowledgement", checkable->GetAcknowledgement(), ts);
-		SendMetric(prefixMetadata, "latency", cr->CalculateLatency(), ts);
-		SendMetric(prefixMetadata, "execution_time", cr->CalculateExecutionTime(), ts);
+		SendMetric(checkable, prefixMetadata, "current_attempt", checkable->GetCheckAttempt(), ts);
+		SendMetric(checkable, prefixMetadata, "max_check_attempts", checkable->GetMaxCheckAttempts(), ts);
+		SendMetric(checkable, prefixMetadata, "state_type", checkable->GetStateType(), ts);
+		SendMetric(checkable, prefixMetadata, "reachable", checkable->IsReachable(), ts);
+		SendMetric(checkable, prefixMetadata, "downtime_depth", checkable->GetDowntimeDepth(), ts);
+		SendMetric(checkable, prefixMetadata, "acknowledgement", checkable->GetAcknowledgement(), ts);
+		SendMetric(checkable, prefixMetadata, "latency", cr->CalculateLatency(), ts);
+		SendMetric(checkable, prefixMetadata, "execution_time", cr->CalculateExecutionTime(), ts);
 	}
 
-	SendPerfdata(prefixPerfdata, cr, ts);
+	SendPerfdata(checkable, prefixPerfdata, cr, ts);
 }
 
-void GraphiteWriter::SendPerfdata(const String& prefix, const CheckResult::Ptr& cr, double ts)
+/**
+ * Parse performance data from check result and call SendMetric()
+ *
+ * @param checkable Host/service object
+ * @param prefix Metric prefix string
+ * @param cr Check result including performance data
+ * @param ts Timestamp when the check result was created
+ */
+void GraphiteWriter::SendPerfdata(const Checkable::Ptr& checkable, const String& prefix, const CheckResult::Ptr& cr, double ts)
 {
 	Array::Ptr perfdata = cr->GetPerformanceData();
 
 	if (!perfdata)
 		return;
 
+	CheckCommand::Ptr checkCommand = checkable->GetCheckCommand();
+
 	ObjectLock olock(perfdata);
 	for (const Value& val : perfdata) {
 		PerfdataValue::Ptr pdv;
@@ -248,47 +348,60 @@ void GraphiteWriter::SendPerfdata(const String& prefix, const CheckResult::Ptr&
 				pdv = PerfdataValue::Parse(val);
 			} catch (const std::exception&) {
 				Log(LogWarning, "GraphiteWriter")
-					<< "Ignoring invalid perfdata value: " << val;
+					<< "Ignoring invalid perfdata for checkable '"
+					<< checkable->GetName() << "' and command '"
+					<< checkCommand->GetName() << "' with value: " << val;
 				continue;
 			}
 		}
 
 		String escapedKey = EscapeMetricLabel(pdv->GetLabel());
 
-		SendMetric(prefix, escapedKey + ".value", pdv->GetValue(), ts);
+		SendMetric(checkable, prefix, escapedKey + ".value", pdv->GetValue(), ts);
 
 		if (GetEnableSendThresholds()) {
 			if (pdv->GetCrit())
-				SendMetric(prefix, escapedKey + ".crit", pdv->GetCrit(), ts);
+				SendMetric(checkable, prefix, escapedKey + ".crit", pdv->GetCrit(), ts);
 			if (pdv->GetWarn())
-				SendMetric(prefix, escapedKey + ".warn", pdv->GetWarn(), ts);
+				SendMetric(checkable, prefix, escapedKey + ".warn", pdv->GetWarn(), ts);
 			if (pdv->GetMin())
-				SendMetric(prefix, escapedKey + ".min", pdv->GetMin(), ts);
+				SendMetric(checkable, prefix, escapedKey + ".min", pdv->GetMin(), ts);
 			if (pdv->GetMax())
-				SendMetric(prefix, escapedKey + ".max", pdv->GetMax(), ts);
+				SendMetric(checkable, prefix, escapedKey + ".max", pdv->GetMax(), ts);
 		}
 	}
 }
 
-void GraphiteWriter::SendMetric(const String& prefix, const String& name, double value, double ts)
+/**
+ * Computes metric data and sends to Graphite
+ *
+ * @param checkable Host/service object
+ * @param prefix Computed metric prefix string
+ * @param name Metric name
+ * @param value Metric value
+ * @param ts Timestamp when the check result was created
+ */
+void GraphiteWriter::SendMetric(const Checkable::Ptr& checkable, const String& prefix, const String& name, double value, double ts)
 {
+	namespace asio = boost::asio;
+
 	std::ostringstream msgbuf;
 	msgbuf << prefix << "." << name << " " << Convert::ToString(value) << " " << static_cast<long>(ts);
 
 	Log(LogDebug, "GraphiteWriter")
-		<< "Add to metric list:'" << msgbuf.str() << "'.";
+		<< "Checkable '" << checkable->GetName() << "' adds to metric list: '" << msgbuf.str() << "'.";
 
 	// do not send \n to debug log
 	msgbuf << "\n";
-	String metric = msgbuf.str();
 
-	ObjectLock olock(this);
+	boost::mutex::scoped_lock lock(m_StreamMutex);
 
 	if (!GetConnected())
 		return;
 
 	try {
-		m_Stream->Write(metric.CStr(), metric.GetLength());
+		asio::write(*m_Stream, asio::buffer(msgbuf.str()));
+		m_Stream->flush();
 	} catch (const std::exception& ex) {
 		Log(LogCritical, "GraphiteWriter")
 			<< "Cannot write to TCP socket on host '" << GetHost() << "' port '" << GetPort() << "'.";
@@ -297,6 +410,14 @@ void GraphiteWriter::SendMetric(const String& prefix, const String& name, double
 	}
 }
 
+/**
+ * Escape metric tree elements
+ *
+ * Dots are not allowed, e.g. in host names
+ *
+ * @param str Metric part name
+ * @return Escape string
+ */
 String GraphiteWriter::EscapeMetric(const String& str)
 {
 	String result = str;
@@ -310,6 +431,14 @@ String GraphiteWriter::EscapeMetric(const String& str)
 	return result;
 }
 
+/**
+ * Escape metric label
+ *
+ * Dots are allowed - users can create trees from perfdata labels
+ *
+ * @param str Metric label name
+ * @return Escaped string
+ */
 String GraphiteWriter::EscapeMetricLabel(const String& str)
 {
 	String result = str;
@@ -323,6 +452,12 @@ String GraphiteWriter::EscapeMetricLabel(const String& str)
 	return result;
 }
 
+/**
+ * Escape macro metrics found via host/service name templates
+ *
+ * @param value Array or string with macro metric names
+ * @return Escaped string. Arrays are joined with dots.
+ */
 Value GraphiteWriter::EscapeMacroMetric(const Value& value)
 {
 	if (value.IsObjectType<Array>()) {
@@ -339,6 +474,12 @@ Value GraphiteWriter::EscapeMacroMetric(const Value& value)
 		return EscapeMetric(value);
 }
 
+/**
+ * Validate the configuration setting 'host_name_template'
+ *
+ * @param lvalue String containing runtime macros.
+ * @param utils Helper, unused
+ */
 void GraphiteWriter::ValidateHostNameTemplate(const Lazy<String>& lvalue, const ValidationUtils& utils)
 {
 	ObjectImpl<GraphiteWriter>::ValidateHostNameTemplate(lvalue, utils);
@@ -347,6 +488,12 @@ void GraphiteWriter::ValidateHostNameTemplate(const Lazy<String>& lvalue, const
 		BOOST_THROW_EXCEPTION(ValidationError(this, { "host_name_template" }, "Closing $ not found in macro format string '" + lvalue() + "'."));
 }
 
+/**
+ * Validate the configuration setting 'service_name_template'
+ *
+ * @param lvalue String containing runtime macros.
+ * @param utils Helper, unused
+ */
 void GraphiteWriter::ValidateServiceNameTemplate(const Lazy<String>& lvalue, const ValidationUtils& utils)
 {
 	ObjectImpl<GraphiteWriter>::ValidateServiceNameTemplate(lvalue, utils);
diff --git a/lib/perfdata/graphitewriter.hpp b/lib/perfdata/graphitewriter.hpp
index 86a517f96..42f741cee 100644
--- a/lib/perfdata/graphitewriter.hpp
+++ b/lib/perfdata/graphitewriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef GRAPHITEWRITER_H
 #define GRAPHITEWRITER_H
@@ -27,6 +10,7 @@
 #include "base/timer.hpp"
 #include "base/workqueue.hpp"
 #include <fstream>
+#include <boost/thread/mutex.hpp>
 
 namespace icinga
 {
@@ -49,19 +33,20 @@ public:
 
 protected:
 	void OnConfigLoaded() override;
-	void Start(bool runtimeCreated) override;
-	void Stop(bool runtimeRemoved) override;
+	void Resume() override;
+	void Pause() override;
 
 private:
-	Stream::Ptr m_Stream;
+	std::shared_ptr<AsioTcpStream> m_Stream;
+	boost::mutex m_StreamMutex;
 	WorkQueue m_WorkQueue{10000000, 1};
 
 	Timer::Ptr m_ReconnectTimer;
 
 	void CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
 	void CheckResultHandlerInternal(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
-	void SendMetric(const String& prefix, const String& name, double value, double ts);
-	void SendPerfdata(const String& prefix, const CheckResult::Ptr& cr, double ts);
+	void SendMetric(const Checkable::Ptr& checkable, const String& prefix, const String& name, double value, double ts);
+	void SendPerfdata(const Checkable::Ptr& checkable, const String& prefix, const CheckResult::Ptr& cr, double ts);
 	static String EscapeMetric(const String& str);
 	static String EscapeMetricLabel(const String& str);
 	static Value EscapeMacroMetric(const Value& value);
@@ -69,7 +54,9 @@ private:
 	void ReconnectTimerHandler();
 
 	void Disconnect();
+	void DisconnectInternal();
 	void Reconnect();
+	void ReconnectInternal();
 
 	void AssertOnWorkQueue();
 
diff --git a/lib/perfdata/graphitewriter.ti b/lib/perfdata/graphitewriter.ti
index ca04959f5..c8db0673b 100644
--- a/lib/perfdata/graphitewriter.ti
+++ b/lib/perfdata/graphitewriter.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
@@ -47,6 +30,9 @@ class GraphiteWriter : ConfigObject
 	[no_user_modify] bool should_connect {
 		default {{{ return true; }}}
 	};
+	[config] bool enable_ha {
+		default {{{ return false; }}}
+	};
 };
 
 }
diff --git a/lib/perfdata/influxdbwriter.cpp b/lib/perfdata/influxdbwriter.cpp
index 8a3fe97b1..1e02e5213 100644
--- a/lib/perfdata/influxdbwriter.cpp
+++ b/lib/perfdata/influxdbwriter.cpp
@@ -1,31 +1,15 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "perfdata/influxdbwriter.hpp"
 #include "perfdata/influxdbwriter-ti.cpp"
 #include "remote/url.hpp"
-#include "remote/httprequest.hpp"
-#include "remote/httpresponse.hpp"
 #include "icinga/service.hpp"
 #include "icinga/macroprocessor.hpp"
 #include "icinga/icingaapplication.hpp"
 #include "icinga/checkcommand.hpp"
+#include "base/application.hpp"
+#include "base/defer.hpp"
+#include "base/io-engine.hpp"
 #include "base/tcpsocket.hpp"
 #include "base/configtype.hpp"
 #include "base/objectlock.hpp"
@@ -41,9 +25,21 @@
 #include "base/tlsutility.hpp"
 #include <boost/algorithm/string.hpp>
 #include <boost/algorithm/string/replace.hpp>
+#include <boost/asio/ssl/context.hpp>
+#include <boost/beast/core/flat_buffer.hpp>
+#include <boost/beast/http/field.hpp>
+#include <boost/beast/http/message.hpp>
+#include <boost/beast/http/parser.hpp>
+#include <boost/beast/http/read.hpp>
+#include <boost/beast/http/status.hpp>
+#include <boost/beast/http/string_body.hpp>
+#include <boost/beast/http/verb.hpp>
+#include <boost/beast/http/write.hpp>
 #include <boost/math/special_functions/fpclassify.hpp>
 #include <boost/regex.hpp>
 #include <boost/scoped_array.hpp>
+#include <memory>
+#include <string>
 #include <utility>
 
 using namespace icinga;
@@ -75,6 +71,15 @@ void InfluxdbWriter::OnConfigLoaded()
 	ObjectImpl<InfluxdbWriter>::OnConfigLoaded();
 
 	m_WorkQueue.SetName("InfluxdbWriter, " + GetName());
+
+	if (!GetEnableHa()) {
+		Log(LogDebug, "InfluxdbWriter")
+			<< "HA functionality disabled. Won't pause connection: " << GetName();
+
+		SetHAMode(HARunEverywhere);
+	} else {
+		SetHAMode(HARunOnce);
+	}
 }
 
 void InfluxdbWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata)
@@ -100,12 +105,12 @@ void InfluxdbWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr&
 	status->Set("influxdbwriter", new Dictionary(std::move(nodes)));
 }
 
-void InfluxdbWriter::Start(bool runtimeCreated)
+void InfluxdbWriter::Resume()
 {
-	ObjectImpl<InfluxdbWriter>::Start(runtimeCreated);
+	ObjectImpl<InfluxdbWriter>::Resume();
 
 	Log(LogInformation, "InfluxdbWriter")
-		<< "'" << GetName() << "' started.";
+		<< "'" << GetName() << "' resumed.";
 
 	/* Register exception handler for WQ tasks. */
 	m_WorkQueue.SetExceptionCallback(std::bind(&InfluxdbWriter::ExceptionHandler, this, _1));
@@ -121,14 +126,31 @@ void InfluxdbWriter::Start(bool runtimeCreated)
 	Checkable::OnNewCheckResult.connect(std::bind(&InfluxdbWriter::CheckResultHandler, this, _1, _2));
 }
 
-void InfluxdbWriter::Stop(bool runtimeRemoved)
+/* Pause is equivalent to Stop, but with HA capabilities to resume at runtime. */
+void InfluxdbWriter::Pause()
 {
-	Log(LogInformation, "InfluxdbWriter")
-		<< "'" << GetName() << "' stopped.";
+	/* Force a flush. */
+	Log(LogDebug, "InfluxdbWriter")
+		<< "Flushing pending data buffers.";
+
+	Flush();
+
+	/* Work on the missing tasks. TODO: Find a way to cache them on disk. */
+	Log(LogDebug, "InfluxdbWriter")
+		<< "Joining existing WQ tasks.";
 
 	m_WorkQueue.Join();
 
-	ObjectImpl<InfluxdbWriter>::Stop(runtimeRemoved);
+	/* Flush again after the WQ tasks have filled the data buffer. */
+	Log(LogDebug, "InfluxdbWriter")
+		<< "Flushing data buffers from WQ tasks.";
+
+	Flush();
+
+	Log(LogInformation, "InfluxdbWriter")
+		<< "'" << GetName() << "' paused.";
+
+	ObjectImpl<InfluxdbWriter>::Pause();
 }
 
 void InfluxdbWriter::AssertOnWorkQueue()
@@ -146,48 +168,58 @@ void InfluxdbWriter::ExceptionHandler(boost::exception_ptr exp)
 	//TODO: Close the connection, if we keep it open.
 }
 
-Stream::Ptr InfluxdbWriter::Connect()
+OptionalTlsStream InfluxdbWriter::Connect()
 {
-	TcpSocket::Ptr socket = new TcpSocket();
-
 	Log(LogNotice, "InfluxdbWriter")
 		<< "Reconnecting to InfluxDB on host '" << GetHost() << "' port '" << GetPort() << "'.";
 
-	try {
-		socket->Connect(GetHost(), GetPort());
-	} catch (const std::exception& ex) {
-		Log(LogWarning, "InfluxdbWriter")
-			<< "Can't connect to InfluxDB on host '" << GetHost() << "' port '" << GetPort() << "'.";
-		throw ex;
-	}
+	OptionalTlsStream stream;
+	bool ssl = GetSslEnable();
+
+	if (ssl) {
+		std::shared_ptr<boost::asio::ssl::context> sslContext;
 
-	if (GetSslEnable()) {
-		std::shared_ptr<SSL_CTX> sslContext;
 		try {
-			sslContext = MakeSSLContext(GetSslCert(), GetSslKey(), GetSslCaCert());
+			sslContext = MakeAsioSslContext(GetSslCert(), GetSslKey(), GetSslCaCert());
 		} catch (const std::exception& ex) {
 			Log(LogWarning, "InfluxdbWriter")
 				<< "Unable to create SSL context.";
-			throw ex;
+			throw;
 		}
 
-		TlsStream::Ptr tlsStream = new TlsStream(socket, GetHost(), RoleClient, sslContext);
+		stream.first = std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext(), *sslContext, GetHost());
+	} else {
+		stream.second = std::make_shared<AsioTcpStream>(IoEngine::Get().GetIoContext());
+	}
+
+	try {
+		icinga::Connect(ssl ? stream.first->lowest_layer() : stream.second->lowest_layer(), GetHost(), GetPort());
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "InfluxdbWriter")
+			<< "Can't connect to InfluxDB on host '" << GetHost() << "' port '" << GetPort() << "'.";
+		throw;
+	}
+
+	if (ssl) {
+		auto& tlsStream (stream.first->next_layer());
+
 		try {
-			tlsStream->Handshake();
+			tlsStream.handshake(tlsStream.client);
 		} catch (const std::exception& ex) {
 			Log(LogWarning, "InfluxdbWriter")
 				<< "TLS handshake with host '" << GetHost() << "' failed.";
-			throw ex;
+			throw;
 		}
-
-		return tlsStream;
-	} else {
-		return new NetworkStream(socket);
 	}
+
+	return std::move(stream);
 }
 
 void InfluxdbWriter::CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
 {
+	if (IsPaused())
+		return;
+
 	m_WorkQueue.Enqueue(std::bind(&InfluxdbWriter::CheckResultHandlerWQ, this, checkable, cr), PriorityLow);
 }
 
@@ -216,24 +248,32 @@ void InfluxdbWriter::CheckResultHandlerWQ(const Checkable::Ptr& checkable, const
 
 	// Clone the template and perform an in-place macro expansion of measurement and tag values
 	Dictionary::Ptr tmpl_clean = service ? GetServiceTemplate() : GetHostTemplate();
-	Dictionary::Ptr tmpl = static_pointer_cast<Dictionary>(tmpl_clean->Clone());
+	Dictionary::Ptr tmpl = static_pointer_cast<Dictionary>(tmpl_clean->ShallowClone());
 	tmpl->Set("measurement", MacroProcessor::ResolveMacros(tmpl->Get("measurement"), resolvers, cr));
 
-	Dictionary::Ptr tags = tmpl->Get("tags");
-	if (tags) {
-		ObjectLock olock(tags);
-		for (const Dictionary::Pair& pair : tags) {
-			String missing_macro;
-			Value value = MacroProcessor::ResolveMacros(pair.second, resolvers, cr, &missing_macro);
+	Dictionary::Ptr tagsClean = tmpl->Get("tags");
+	if (tagsClean) {
+		Dictionary::Ptr tags = new Dictionary();
 
-			if (!missing_macro.IsEmpty())
-				continue;
+		{
+			ObjectLock olock(tagsClean);
+			for (const Dictionary::Pair& pair : tagsClean) {
+				String missing_macro;
+				Value value = MacroProcessor::ResolveMacros(pair.second, resolvers, cr, &missing_macro);
 
-			tags->Set(pair.first, value);
+				if (missing_macro.IsEmpty()) {
+					tags->Set(pair.first, value);
+				}
+			}
 		}
+
+		tmpl->Set("tags", tags);
 	}
 
+	CheckCommand::Ptr checkCommand = checkable->GetCheckCommand();
+
 	Array::Ptr perfdata = cr->GetPerformanceData();
+
 	if (perfdata) {
 		ObjectLock olock(perfdata);
 		for (const Value& val : perfdata) {
@@ -246,7 +286,9 @@ void InfluxdbWriter::CheckResultHandlerWQ(const Checkable::Ptr& checkable, const
 					pdv = PerfdataValue::Parse(val);
 				} catch (const std::exception&) {
 					Log(LogWarning, "InfluxdbWriter")
-						<< "Ignoring invalid perfdata value: " << val;
+						<< "Ignoring invalid perfdata for checkable '"
+						<< checkable->GetName() << "' and command '"
+						<< checkCommand->GetName() << "' with value: " << val;
 					continue;
 				}
 			}
@@ -268,7 +310,7 @@ void InfluxdbWriter::CheckResultHandlerWQ(const Checkable::Ptr& checkable, const
 				fields->Set("unit", pdv->GetUnit());
 			}
 
-			SendMetric(tmpl, pdv->GetLabel(), fields, ts);
+			SendMetric(checkable, tmpl, pdv->GetLabel(), fields, ts);
 		}
 	}
 
@@ -293,7 +335,7 @@ void InfluxdbWriter::CheckResultHandlerWQ(const Checkable::Ptr& checkable, const
 		fields->Set("latency", cr->CalculateLatency());
 		fields->Set("execution_time", cr->CalculateExecutionTime());
 
-		SendMetric(tmpl, Empty, fields, ts);
+		SendMetric(checkable, tmpl, Empty, fields, ts);
 	}
 }
 
@@ -336,7 +378,8 @@ String InfluxdbWriter::EscapeValue(const Value& value)
 	return value;
 }
 
-void InfluxdbWriter::SendMetric(const Dictionary::Ptr& tmpl, const String& label, const Dictionary::Ptr& fields, double ts)
+void InfluxdbWriter::SendMetric(const Checkable::Ptr& checkable, const Dictionary::Ptr& tmpl,
+	const String& label, const Dictionary::Ptr& fields, double ts)
 {
 	std::ostringstream msgbuf;
 	msgbuf << EscapeKeyOrTagValue(tmpl->Get("measurement"));
@@ -374,10 +417,8 @@ void InfluxdbWriter::SendMetric(const Dictionary::Ptr& tmpl, const String& label
 
 	msgbuf << " " <<  static_cast<unsigned long>(ts);
 
-#ifdef I2_DEBUG
 	Log(LogDebug, "InfluxdbWriter")
-		<< "Add to metric list: '" << msgbuf.str() << "'.";
-#endif /* I2_DEBUG */
+		<< "Checkable '" << checkable->GetName() << "' adds to metric list:'" << msgbuf.str() << "'.";
 
 	// Buffer the data point
 	m_DataBuffer.emplace_back(msgbuf.str());
@@ -404,10 +445,6 @@ void InfluxdbWriter::FlushTimeoutWQ()
 {
 	AssertOnWorkQueue();
 
-	// Flush if there are any data available
-	if (m_DataBuffer.empty())
-		return;
-
 	Log(LogDebug, "InfluxdbWriter")
 		<< "Timer expired writing " << m_DataBuffer.size() << " data points";
 
@@ -416,13 +453,34 @@ void InfluxdbWriter::FlushTimeoutWQ()
 
 void InfluxdbWriter::Flush()
 {
+	namespace beast = boost::beast;
+	namespace http = beast::http;
+
+	/* Flush can be called from 1) Timeout 2) Threshold 3) on shutdown/reload. */
+	if (m_DataBuffer.empty())
+		return;
+
+	Log(LogDebug, "InfluxdbWriter")
+		<< "Flushing data buffer to InfluxDB.";
+
 	String body = boost::algorithm::join(m_DataBuffer, "\n");
 	m_DataBuffer.clear();
 
-	Stream::Ptr stream = Connect();
+	OptionalTlsStream stream;
 
-	if (!stream)
+	try {
+		stream = Connect();
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "InfluxDbWriter")
+			<< "Flush failed, cannot connect to InfluxDB: " << DiagnosticInformation(ex, false);
 		return;
+	}
+
+	Defer s ([&stream]() {
+		if (stream.first) {
+			stream.first->next_layer().shutdown();
+		}
+	});
 
 	Url::Ptr url = new Url();
 	url->SetScheme(GetSslEnable() ? "https" : "http");
@@ -440,59 +498,64 @@ void InfluxdbWriter::Flush()
 	if (!GetPassword().IsEmpty())
 		url->AddQueryElement("p", GetPassword());
 
-	HttpRequest req(stream);
-	req.RequestMethod = "POST";
-	req.RequestUrl = url;
+	http::request<http::string_body> request (http::verb::post, std::string(url->Format(true)), 10);
+
+	request.set(http::field::user_agent, "Icinga/" + Application::GetAppVersion());
+	request.set(http::field::host, url->GetHost() + ":" + url->GetPort());
+
+	request.body() = body;
+	request.set(http::field::content_length, request.body().size());
 
 	try {
-		req.WriteBody(body.CStr(), body.GetLength());
-		req.Finish();
+		if (stream.first) {
+			http::write(*stream.first, request);
+			stream.first->flush();
+		} else {
+			http::write(*stream.second, request);
+			stream.second->flush();
+		}
 	} catch (const std::exception& ex) {
 		Log(LogWarning, "InfluxdbWriter")
 			<< "Cannot write to TCP socket on host '" << GetHost() << "' port '" << GetPort() << "'.";
-		throw ex;
+		throw;
 	}
 
-	HttpResponse resp(stream, req);
-	StreamReadContext context;
+	http::parser<false, http::string_body> parser;
+	beast::flat_buffer buf;
 
 	try {
-		while (resp.Parse(context, true) && !resp.Complete)
-			; /* Do nothing */
+		if (stream.first) {
+			http::read(*stream.first, buf, parser);
+		} else {
+			http::read(*stream.second, buf, parser);
+		}
 	} catch (const std::exception& ex) {
 		Log(LogWarning, "InfluxdbWriter")
 			<< "Failed to parse HTTP response from host '" << GetHost() << "' port '" << GetPort() << "': " << DiagnosticInformation(ex);
-		throw ex;
+		throw;
 	}
 
-	if (!resp.Complete) {
-		Log(LogWarning, "InfluxdbWriter")
-			<< "Failed to read a complete HTTP response from the InfluxDB server.";
-		return;
-	}
+	auto& response (parser.get());
 
-	if (resp.StatusCode != 204) {
+	if (response.result() != http::status::no_content) {
 		Log(LogWarning, "InfluxdbWriter")
-			<< "Unexpected response code: " << resp.StatusCode;
+			<< "Unexpected response code: " << response.result();
 
-		String contentType = resp.Headers->Get("content-type");
+		auto& contentType (response[http::field::content_type]);
 		if (contentType != "application/json") {
 			Log(LogWarning, "InfluxdbWriter")
 				<< "Unexpected Content-Type: " << contentType;
 			return;
 		}
 
-		size_t responseSize = resp.GetBodySize();
-		boost::scoped_array<char> buffer(new char[responseSize + 1]);
-		resp.ReadBody(buffer.get(), responseSize);
-		buffer.get()[responseSize] = '\0';
-
 		Dictionary::Ptr jsonResponse;
+		auto& body (response.body());
+
 		try {
-			jsonResponse = JsonDecode(buffer.get());
+			jsonResponse = JsonDecode(body);
 		} catch (...) {
 			Log(LogWarning, "InfluxdbWriter")
-				<< "Unable to parse JSON response:\n" << buffer.get();
+				<< "Unable to parse JSON response:\n" << body;
 			return;
 		}
 
@@ -500,8 +563,6 @@ void InfluxdbWriter::Flush()
 
 		Log(LogCritical, "InfluxdbWriter")
 			<< "InfluxDB error message:\n" << error;
-
-		return;
 	}
 }
 
diff --git a/lib/perfdata/influxdbwriter.hpp b/lib/perfdata/influxdbwriter.hpp
index 4d3e8037a..1f7ab8309 100644
--- a/lib/perfdata/influxdbwriter.hpp
+++ b/lib/perfdata/influxdbwriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef INFLUXDBWRITER_H
 #define INFLUXDBWRITER_H
@@ -25,6 +8,7 @@
 #include "base/configobject.hpp"
 #include "base/tcpsocket.hpp"
 #include "base/timer.hpp"
+#include "base/tlsstream.hpp"
 #include "base/workqueue.hpp"
 #include <fstream>
 
@@ -49,8 +33,8 @@ public:
 
 protected:
 	void OnConfigLoaded() override;
-	void Start(bool runtimeCreated) override;
-	void Stop(bool runtimeRemoved) override;
+	void Resume() override;
+	void Pause() override;
 
 private:
 	WorkQueue m_WorkQueue{10000000, 1};
@@ -59,7 +43,8 @@ private:
 
 	void CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
 	void CheckResultHandlerWQ(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
-	void SendMetric(const Dictionary::Ptr& tmpl, const String& label, const Dictionary::Ptr& fields, double ts);
+	void SendMetric(const Checkable::Ptr& checkable, const Dictionary::Ptr& tmpl,
+		const String& label, const Dictionary::Ptr& fields, double ts);
 	void FlushTimeout();
 	void FlushTimeoutWQ();
 	void Flush();
@@ -67,7 +52,7 @@ private:
 	static String EscapeKeyOrTagValue(const String& str);
 	static String EscapeValue(const Value& value);
 
-	Stream::Ptr Connect();
+	OptionalTlsStream Connect();
 
 	void AssertOnWorkQueue();
 
diff --git a/lib/perfdata/influxdbwriter.ti b/lib/perfdata/influxdbwriter.ti
index 5ff116754..377c911ba 100644
--- a/lib/perfdata/influxdbwriter.ti
+++ b/lib/perfdata/influxdbwriter.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
@@ -88,6 +71,9 @@ class InfluxdbWriter : ConfigObject
 	[config] int flush_threshold {
 		default {{{ return 1024; }}}
 	};
+	[config] bool enable_ha {
+		default {{{ return false; }}}
+	};
 };
 
 validator InfluxdbWriter {
diff --git a/lib/perfdata/opentsdbwriter.cpp b/lib/perfdata/opentsdbwriter.cpp
index c55529ffa..b936b3083 100644
--- a/lib/perfdata/opentsdbwriter.cpp
+++ b/lib/perfdata/opentsdbwriter.cpp
@@ -1,25 +1,9 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "perfdata/opentsdbwriter.hpp"
 #include "perfdata/opentsdbwriter-ti.cpp"
 #include "icinga/service.hpp"
+#include "icinga/checkcommand.hpp"
 #include "icinga/macroprocessor.hpp"
 #include "icinga/icingaapplication.hpp"
 #include "icinga/compatutility.hpp"
@@ -44,23 +28,50 @@ REGISTER_TYPE(OpenTsdbWriter);
 
 REGISTER_STATSFUNCTION(OpenTsdbWriter, &OpenTsdbWriter::StatsFunc);
 
+/*
+ * Enable HA capabilities once the config object is loaded.
+ */
+void OpenTsdbWriter::OnConfigLoaded()
+{
+	ObjectImpl<OpenTsdbWriter>::OnConfigLoaded();
+
+	if (!GetEnableHa()) {
+		Log(LogDebug, "OpenTsdbWriter")
+			<< "HA functionality disabled. Won't pause connection: " << GetName();
+
+		SetHAMode(HARunEverywhere);
+	} else {
+		SetHAMode(HARunOnce);
+	}
+}
+
+/**
+ * Feature stats interface
+ *
+ * @param status Key value pairs for feature stats
+ */
 void OpenTsdbWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr&)
 {
 	DictionaryData nodes;
 
 	for (const OpenTsdbWriter::Ptr& opentsdbwriter : ConfigType::GetObjectsByType<OpenTsdbWriter>()) {
-		nodes.emplace_back(opentsdbwriter->GetName(), 1); //add more stats
+		nodes.emplace_back(opentsdbwriter->GetName(), new Dictionary({
+			{ "connected", opentsdbwriter->GetConnected() }
+		}));
 	}
 
 	status->Set("opentsdbwriter", new Dictionary(std::move(nodes)));
 }
 
-void OpenTsdbWriter::Start(bool runtimeCreated)
+/**
+ * Resume is equivalent to Start, but with HA capabilities to resume at runtime.
+ */
+void OpenTsdbWriter::Resume()
 {
-	ObjectImpl<OpenTsdbWriter>::Start(runtimeCreated);
+	ObjectImpl<OpenTsdbWriter>::Resume();
 
 	Log(LogInformation, "OpentsdbWriter")
-		<< "'" << GetName() << "' started.";
+		<< "'" << GetName() << "' resumed.";
 
 	m_ReconnectTimer = new Timer();
 	m_ReconnectTimer->SetInterval(10);
@@ -71,37 +82,69 @@ void OpenTsdbWriter::Start(bool runtimeCreated)
 	Service::OnNewCheckResult.connect(std::bind(&OpenTsdbWriter::CheckResultHandler, this, _1, _2));
 }
 
-void OpenTsdbWriter::Stop(bool runtimeRemoved)
+/**
+ * Pause is equivalent to Stop, but with HA capabilities to resume at runtime.
+ */
+void OpenTsdbWriter::Pause()
 {
-	Log(LogInformation, "OpentsdbWriter")
-		<< "'" << GetName() << "' stopped.";
+	m_ReconnectTimer.reset();
 
-	ObjectImpl<OpenTsdbWriter>::Stop(runtimeRemoved);
+	Log(LogInformation, "OpentsdbWriter")
+		<< "'" << GetName() << "' paused.";
+
+	m_Stream->close();
+
+	SetConnected(false);
+
+	ObjectImpl<OpenTsdbWriter>::Pause();
 }
 
+/**
+ * Reconnect handler called by the timer.
+ * Handles TLS
+ */
 void OpenTsdbWriter::ReconnectTimerHandler()
 {
-	if (m_Stream)
+	if (IsPaused())
 		return;
 
-	TcpSocket::Ptr socket = new TcpSocket();
+	SetShouldConnect(true);
+
+	if (GetConnected())
+		return;
 
 	Log(LogNotice, "OpenTsdbWriter")
 		<< "Reconnect to OpenTSDB TSD on host '" << GetHost() << "' port '" << GetPort() << "'.";
 
+	/*
+	 * We're using telnet as input method. Future PRs may change this into using the HTTP API.
+	 * http://opentsdb.net/docs/build/html/user_guide/writing/index.html#telnet
+	 */
+
+	m_Stream = std::make_shared<AsioTcpStream>(IoEngine::Get().GetIoContext());
+
 	try {
-		socket->Connect(GetHost(), GetPort());
-	} catch (std::exception&) {
-		Log(LogCritical, "OpenTsdbWriter")
-			<< "Can't connect to OpenTSDB TSD on host '" << GetHost() << "' port '" << GetPort() << "'.";
-		return;
+		icinga::Connect(m_Stream->lowest_layer(), GetHost(), GetPort());
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "OpenTsdbWriter")
+			<< "Can't connect to OpenTSDB on host '" << GetHost() << "' port '" << GetPort() << ".'";
 	}
 
-	m_Stream = new NetworkStream(socket);
+	SetConnected(true);
 }
 
+/**
+ * Registered check result handler processing data.
+ * Calculates tags from the config.
+ *
+ * @param checkable Host/service object
+ * @param cr Check result
+ */
 void OpenTsdbWriter::CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
 {
+	if (IsPaused())
+		return;
+
 	CONTEXT("Processing check result for '" + checkable->GetName() + "'");
 
 	if (!IcingaApplication::GetInstance()->GetEnablePerfdata() || !checkable->GetEnablePerfdata())
@@ -128,18 +171,18 @@ void OpenTsdbWriter::CheckResultHandler(const Checkable::Ptr& checkable, const C
 		String escaped_serviceName = EscapeMetric(serviceName);
 		metric = "icinga.service." + escaped_serviceName;
 
-		SendMetric(metric + ".state", tags, service->GetState(), ts);
+		SendMetric(checkable, metric + ".state", tags, service->GetState(), ts);
 	} else {
 		metric = "icinga.host";
-		SendMetric(metric + ".state", tags, host->GetState(), ts);
+		SendMetric(checkable, metric + ".state", tags, host->GetState(), ts);
 	}
 
-	SendMetric(metric + ".state_type", tags, checkable->GetStateType(), ts);
-	SendMetric(metric + ".reachable", tags, checkable->IsReachable(), ts);
-	SendMetric(metric + ".downtime_depth", tags, checkable->GetDowntimeDepth(), ts);
-	SendMetric(metric + ".acknowledgement", tags, checkable->GetAcknowledgement(), ts);
+	SendMetric(checkable, metric + ".state_type", tags, checkable->GetStateType(), ts);
+	SendMetric(checkable, metric + ".reachable", tags, checkable->IsReachable(), ts);
+	SendMetric(checkable, metric + ".downtime_depth", tags, checkable->GetDowntimeDepth(), ts);
+	SendMetric(checkable, metric + ".acknowledgement", tags, checkable->GetAcknowledgement(), ts);
 
-	SendPerfdata(metric, tags, cr, ts);
+	SendPerfdata(checkable, metric, tags, cr, ts);
 
 	metric = "icinga.check";
 
@@ -152,19 +195,31 @@ void OpenTsdbWriter::CheckResultHandler(const Checkable::Ptr& checkable, const C
 		tags["type"] = "host";
 	}
 
-	SendMetric(metric + ".current_attempt", tags, checkable->GetCheckAttempt(), ts);
-	SendMetric(metric + ".max_check_attempts", tags, checkable->GetMaxCheckAttempts(), ts);
-	SendMetric(metric + ".latency", tags, cr->CalculateLatency(), ts);
-	SendMetric(metric + ".execution_time", tags, cr->CalculateExecutionTime(), ts);
+	SendMetric(checkable, metric + ".current_attempt", tags, checkable->GetCheckAttempt(), ts);
+	SendMetric(checkable, metric + ".max_check_attempts", tags, checkable->GetMaxCheckAttempts(), ts);
+	SendMetric(checkable, metric + ".latency", tags, cr->CalculateLatency(), ts);
+	SendMetric(checkable, metric + ".execution_time", tags, cr->CalculateExecutionTime(), ts);
 }
 
-void OpenTsdbWriter::SendPerfdata(const String& metric, const std::map<String, String>& tags, const CheckResult::Ptr& cr, double ts)
+/**
+ * Parse and send performance data metrics to OpenTSDB
+ *
+ * @param checkable Host/service object
+ * @param metric Full metric name
+ * @param tags Tag key pairs
+ * @param cr Check result containing performance data
+ * @param ts Timestamp when the check result was received
+ */
+void OpenTsdbWriter::SendPerfdata(const Checkable::Ptr& checkable, const String& metric,
+	const std::map<String, String>& tags, const CheckResult::Ptr& cr, double ts)
 {
 	Array::Ptr perfdata = cr->GetPerformanceData();
 
 	if (!perfdata)
 		return;
 
+	CheckCommand::Ptr checkCommand = checkable->GetCheckCommand();
+
 	ObjectLock olock(perfdata);
 	for (const Value& val : perfdata) {
 		PerfdataValue::Ptr pdv;
@@ -176,7 +231,9 @@ void OpenTsdbWriter::SendPerfdata(const String& metric, const std::map<String, S
 				pdv = PerfdataValue::Parse(val);
 			} catch (const std::exception&) {
 				Log(LogWarning, "OpenTsdbWriter")
-					<< "Ignoring invalid perfdata value: " << val;
+					<< "Ignoring invalid perfdata for checkable '"
+					<< checkable->GetName() << "' and command '"
+					<< checkCommand->GetName() << "' with value: " << val;
 				continue;
 			}
 		}
@@ -184,36 +241,47 @@ void OpenTsdbWriter::SendPerfdata(const String& metric, const std::map<String, S
 		String escaped_key = EscapeMetric(pdv->GetLabel());
 		boost::algorithm::replace_all(escaped_key, "::", ".");
 
-		SendMetric(metric + "." + escaped_key, tags, pdv->GetValue(), ts);
+		SendMetric(checkable, metric + "." + escaped_key, tags, pdv->GetValue(), ts);
 
 		if (pdv->GetCrit())
-			SendMetric(metric + "." + escaped_key + "_crit", tags, pdv->GetCrit(), ts);
+			SendMetric(checkable, metric + "." + escaped_key + "_crit", tags, pdv->GetCrit(), ts);
 		if (pdv->GetWarn())
-			SendMetric(metric + "." + escaped_key + "_warn", tags, pdv->GetWarn(), ts);
+			SendMetric(checkable, metric + "." + escaped_key + "_warn", tags, pdv->GetWarn(), ts);
 		if (pdv->GetMin())
-			SendMetric(metric + "." + escaped_key + "_min", tags, pdv->GetMin(), ts);
+			SendMetric(checkable, metric + "." + escaped_key + "_min", tags, pdv->GetMin(), ts);
 		if (pdv->GetMax())
-			SendMetric(metric + "." + escaped_key + "_max", tags, pdv->GetMax(), ts);
+			SendMetric(checkable, metric + "." + escaped_key + "_max", tags, pdv->GetMax(), ts);
 	}
 }
 
-void OpenTsdbWriter::SendMetric(const String& metric, const std::map<String, String>& tags, double value, double ts)
+/**
+ * Send given metric to OpenTSDB
+ *
+ * @param checkable Host/service object
+ * @param metric Full metric name
+ * @param tags Tag key pairs
+ * @param value Floating point metric value
+ * @param ts Timestamp where the metric was received from the check result
+ */
+void OpenTsdbWriter::SendMetric(const Checkable::Ptr& checkable, const String& metric,
+	const std::map<String, String>& tags, double value, double ts)
 {
 	String tags_string = "";
+
 	for (const Dictionary::Pair& tag : tags) {
 		tags_string += " " + tag.first + "=" + Convert::ToString(tag.second);
 	}
 
 	std::ostringstream msgbuf;
 	/*
-	 * must be (http://opentsdb.net/docs/build/html/user_guide/writing.html)
+	 * must be (http://opentsdb.net/docs/build/html/user_guide/query/timeseries.html)
 	 * put <metric> <timestamp> <value> <tagk1=tagv1[ tagk2=tagv2 ...tagkN=tagvN]>
 	 * "tags" must include at least one tag, we use "host=HOSTNAME"
 	 */
 	msgbuf << "put " << metric << " " << static_cast<long>(ts) << " " << Convert::ToString(value) << " " << tags_string;
 
 	Log(LogDebug, "OpenTsdbWriter")
-		<< "Add to metric list:'" << msgbuf.str() << "'.";
+		<< "Checkable '" << checkable->GetName() << "' adds to metric list: '" << msgbuf.str() << "'.";
 
 	/* do not send \n to debug log */
 	msgbuf << "\n";
@@ -221,21 +289,27 @@ void OpenTsdbWriter::SendMetric(const String& metric, const std::map<String, Str
 
 	ObjectLock olock(this);
 
-	if (!m_Stream)
+	if (!GetConnected())
 		return;
 
 	try {
-		m_Stream->Write(put.CStr(), put.GetLength());
+		Log(LogDebug, "OpenTsdbWriter")
+			<< "Checkable '" << checkable->GetName() << "' sending message '" << put << "'.";
+
+		boost::asio::write(*m_Stream, boost::asio::buffer(msgbuf.str()));
+		m_Stream->flush();
 	} catch (const std::exception& ex) {
 		Log(LogCritical, "OpenTsdbWriter")
-			<< "Cannot write to OpenTSDB TSD on host '" << GetHost() << "' port '" << GetPort() + "'.";
-
-		m_Stream.reset();
+			<< "Cannot write to TCP socket on host '" << GetHost() << "' port '" << GetPort() << "'.";
 	}
 }
 
-/* for metric and tag name rules, see
- * http://opentsdb.net/docs/build/html/user_guide/writing.html#metrics-and-tags
+/**
+ * Escape tags for OpenTSDB
+ * http://opentsdb.net/docs/build/html/user_guide/query/timeseries.html#precisions-on-metrics-and-tags
+ *
+ * @param str Tag name
+ * @return Escaped tag
  */
 String OpenTsdbWriter::EscapeTag(const String& str)
 {
@@ -247,6 +321,13 @@ String OpenTsdbWriter::EscapeTag(const String& str)
 	return result;
 }
 
+/**
+ * Escape metric name for OpenTSDB
+ * http://opentsdb.net/docs/build/html/user_guide/query/timeseries.html#precisions-on-metrics-and-tags
+ *
+ * @param str Metric name
+ * @return Escaped metric
+ */
 String OpenTsdbWriter::EscapeMetric(const String& str)
 {
 	String result = str;
diff --git a/lib/perfdata/opentsdbwriter.hpp b/lib/perfdata/opentsdbwriter.hpp
index f368918e6..bf0fc8eb1 100644
--- a/lib/perfdata/opentsdbwriter.hpp
+++ b/lib/perfdata/opentsdbwriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OPENTSDBWRITER_H
 #define OPENTSDBWRITER_H
@@ -44,17 +27,20 @@ public:
 	static void StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata);
 
 protected:
-	void Start(bool runtimeCreated) override;
-	void Stop(bool runtimeRemoved) override;
+	void OnConfigLoaded() override;
+	void Resume() override;
+	void Pause() override;
 
 private:
-	Stream::Ptr m_Stream;
+	std::shared_ptr<AsioTcpStream> m_Stream;
 
 	Timer::Ptr m_ReconnectTimer;
 
 	void CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
-	void SendMetric(const String& metric, const std::map<String, String>& tags, double value, double ts);
-	void SendPerfdata(const String& metric, const std::map<String, String>& tags, const CheckResult::Ptr& cr, double ts);
+	void SendMetric(const Checkable::Ptr& checkable, const String& metric,
+		const std::map<String, String>& tags, double value, double ts);
+	void SendPerfdata(const Checkable::Ptr& checkable, const String& metric,
+		const std::map<String, String>& tags, const CheckResult::Ptr& cr, double ts);
 	static String EscapeTag(const String& str);
 	static String EscapeMetric(const String& str);
 
diff --git a/lib/perfdata/opentsdbwriter.ti b/lib/perfdata/opentsdbwriter.ti
index ea9455b9e..de19a1eac 100644
--- a/lib/perfdata/opentsdbwriter.ti
+++ b/lib/perfdata/opentsdbwriter.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
  
 #include "base/configobject.hpp"
 
@@ -34,6 +17,14 @@ class OpenTsdbWriter : ConfigObject
 	[config] String port {
 		default {{{ return "4242"; }}}
 	};
+	[config] bool enable_ha {
+		default {{{ return false; }}}
+	};
+
+	[no_user_modify] bool connected;
+	[no_user_modify] bool should_connect {
+		default {{{ return true; }}}
+	};
 };
 
 }
diff --git a/lib/perfdata/perfdatawriter.cpp b/lib/perfdata/perfdatawriter.cpp
index 0d2f979be..91a220612 100644
--- a/lib/perfdata/perfdatawriter.cpp
+++ b/lib/perfdata/perfdatawriter.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "perfdata/perfdatawriter.hpp"
 #include "perfdata/perfdatawriter-ti.cpp"
@@ -38,6 +21,20 @@ REGISTER_TYPE(PerfdataWriter);
 
 REGISTER_STATSFUNCTION(PerfdataWriter, &PerfdataWriter::StatsFunc);
 
+void PerfdataWriter::OnConfigLoaded()
+{
+	ObjectImpl<PerfdataWriter>::OnConfigLoaded();
+
+	if (!GetEnableHa()) {
+		Log(LogDebug, "PerfdataWriter")
+			<< "HA functionality disabled. Won't pause connection: " << GetName();
+
+		SetHAMode(HARunEverywhere);
+	} else {
+		SetHAMode(HARunOnce);
+	}
+}
+
 void PerfdataWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr&)
 {
 	DictionaryData nodes;
@@ -49,12 +46,12 @@ void PerfdataWriter::StatsFunc(const Dictionary::Ptr& status, const Array::Ptr&)
 	status->Set("perfdatawriter", new Dictionary(std::move(nodes)));
 }
 
-void PerfdataWriter::Start(bool runtimeCreated)
+void PerfdataWriter::Resume()
 {
-	ObjectImpl<PerfdataWriter>::Start(runtimeCreated);
+	ObjectImpl<PerfdataWriter>::Resume();
 
 	Log(LogInformation, "PerfdataWriter")
-		<< "'" << GetName() << "' started.";
+		<< "'" << GetName() << "' resumed.";
 
 	Checkable::OnNewCheckResult.connect(std::bind(&PerfdataWriter::CheckResultHandler, this, _1, _2));
 
@@ -67,12 +64,22 @@ void PerfdataWriter::Start(bool runtimeCreated)
 	RotateFile(m_HostOutputFile, GetHostTempPath(), GetHostPerfdataPath());
 }
 
-void PerfdataWriter::Stop(bool runtimeRemoved)
+void PerfdataWriter::Pause()
 {
-	Log(LogInformation, "PerfdataWriter")
-		<< "'" << GetName() << "' stopped.";
+	m_RotationTimer.reset();
 
-	ObjectImpl<PerfdataWriter>::Stop(runtimeRemoved);
+#ifdef I2_DEBUG
+	//m_HostOutputFile << "\n# Pause the feature" << "\n\n";
+	//m_ServiceOutputFile << "\n# Pause the feature" << "\n\n";
+#endif /* I2_DEBUG */
+
+	/* Force a rotation closing the file stream. */
+	RotateAllFiles();
+
+	Log(LogInformation, "PerfdataWriter")
+		<< "'" << GetName() << "' paused.";
+
+	ObjectImpl<PerfdataWriter>::Pause();
 }
 
 Value PerfdataWriter::EscapeMacroMetric(const Value& value)
@@ -85,6 +92,9 @@ Value PerfdataWriter::EscapeMacroMetric(const Value& value)
 
 void PerfdataWriter::CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr)
 {
+	if (IsPaused())
+		return;
+
 	CONTEXT("Writing performance data for object '" + checkable->GetName() + "'");
 
 	if (!IcingaApplication::GetInstance()->GetEnablePerfdata() || !checkable->GetEnablePerfdata())
@@ -108,7 +118,8 @@ void PerfdataWriter::CheckResultHandler(const Checkable::Ptr& checkable, const C
 		String line = MacroProcessor::ResolveMacros(GetServiceFormatTemplate(), resolvers, cr, nullptr, &PerfdataWriter::EscapeMacroMetric);
 
 		{
-			ObjectLock olock(this);
+			boost::mutex::scoped_lock lock(m_StreamMutex);
+
 			if (!m_ServiceOutputFile.good())
 				return;
 
@@ -118,7 +129,8 @@ void PerfdataWriter::CheckResultHandler(const Checkable::Ptr& checkable, const C
 		String line = MacroProcessor::ResolveMacros(GetHostFormatTemplate(), resolvers, cr, nullptr, &PerfdataWriter::EscapeMacroMetric);
 
 		{
-			ObjectLock olock(this);
+			boost::mutex::scoped_lock lock(m_StreamMutex);
+
 			if (!m_HostOutputFile.good())
 				return;
 
@@ -129,30 +141,41 @@ void PerfdataWriter::CheckResultHandler(const Checkable::Ptr& checkable, const C
 
 void PerfdataWriter::RotateFile(std::ofstream& output, const String& temp_path, const String& perfdata_path)
 {
-	ObjectLock olock(this);
+	Log(LogDebug, "PerfdataWriter")
+		<< "Rotating perfdata files.";
+
+	boost::mutex::scoped_lock lock(m_StreamMutex);
 
 	if (output.good()) {
 		output.close();
 
 		if (Utility::PathExists(temp_path)) {
 			String finalFile = perfdata_path + "." + Convert::ToString((long)Utility::GetTime());
-			if (rename(temp_path.CStr(), finalFile.CStr()) < 0) {
-				BOOST_THROW_EXCEPTION(posix_error()
-					<< boost::errinfo_api_function("rename")
-					<< boost::errinfo_errno(errno)
-					<< boost::errinfo_file_name(temp_path));
-			}
+
+			Log(LogDebug, "PerfdataWriter")
+				<< "Closed output file and renaming into '" << finalFile << "'.";
+
+			Utility::RenameFile(temp_path, finalFile);
 		}
 	}
 
 	output.open(temp_path.CStr());
 
-	if (!output.good())
+	if (!output.good()) {
 		Log(LogWarning, "PerfdataWriter")
 			<< "Could not open perfdata file '" << temp_path << "' for writing. Perfdata will be lost.";
+	}
 }
 
 void PerfdataWriter::RotationTimerHandler()
+{
+	if (IsPaused())
+		return;
+
+	RotateAllFiles();
+}
+
+void PerfdataWriter::RotateAllFiles()
 {
 	RotateFile(m_ServiceOutputFile, GetServiceTempPath(), GetServicePerfdataPath());
 	RotateFile(m_HostOutputFile, GetHostTempPath(), GetHostPerfdataPath());
diff --git a/lib/perfdata/perfdatawriter.hpp b/lib/perfdata/perfdatawriter.hpp
index 3e0306950..5b6e51ea4 100644
--- a/lib/perfdata/perfdatawriter.hpp
+++ b/lib/perfdata/perfdatawriter.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PERFDATAWRITER_H
 #define PERFDATAWRITER_H
@@ -46,18 +29,21 @@ public:
 	void ValidateServiceFormatTemplate(const Lazy<String>& lvalue, const ValidationUtils& utils) override;
 
 protected:
-	void Start(bool runtimeCreated) override;
-	void Stop(bool runtimeRemoved) override;
+	void OnConfigLoaded() override;
+	void Resume() override;
+	void Pause() override;
 
 private:
+	Timer::Ptr m_RotationTimer;
+	std::ofstream m_ServiceOutputFile;
+	std::ofstream m_HostOutputFile;
+	boost::mutex m_StreamMutex;
+
 	void CheckResultHandler(const Checkable::Ptr& checkable, const CheckResult::Ptr& cr);
 	static Value EscapeMacroMetric(const Value& value);
 
-	Timer::Ptr m_RotationTimer;
 	void RotationTimerHandler();
-
-	std::ofstream m_ServiceOutputFile;
-	std::ofstream m_HostOutputFile;
+	void RotateAllFiles();
 	void RotateFile(std::ofstream& output, const String& temp_path, const String& perfdata_path);
 };
 
diff --git a/lib/perfdata/perfdatawriter.ti b/lib/perfdata/perfdatawriter.ti
index c0988f339..d6d99e8d3 100644
--- a/lib/perfdata/perfdatawriter.ti
+++ b/lib/perfdata/perfdatawriter.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/application.hpp"
@@ -30,16 +13,16 @@ class PerfdataWriter : ConfigObject
 	activation_priority 100;
 
 	[config] String host_perfdata_path {
-		default {{{ return Application::GetLocalStateDir() + "/spool/icinga2/perfdata/host-perfdata"; }}}
+		default {{{ return Configuration::SpoolDir + "/perfdata/host-perfdata"; }}}
 	};
 	[config] String service_perfdata_path {
-		default {{{ return Application::GetLocalStateDir() + "/spool/icinga2/perfdata/service-perfdata"; }}}
+		default {{{ return Configuration::SpoolDir + "/perfdata/service-perfdata"; }}}
 	};
 	[config] String host_temp_path {
-		default {{{ return Application::GetLocalStateDir() + "/spool/icinga2/tmp/host-perfdata"; }}}
+		default {{{ return Configuration::SpoolDir + "/tmp/host-perfdata"; }}}
 	};
 	[config] String service_temp_path {
-		default {{{ return Application::GetLocalStateDir() + "/spool/icinga2/tmp/service-perfdata"; }}}
+		default {{{ return Configuration::SpoolDir + "/tmp/service-perfdata"; }}}
 	};
 	[config] String host_format_template {
 		default {{{
@@ -70,6 +53,9 @@ class PerfdataWriter : ConfigObject
 	[config] double rotation_interval {
 		default {{{ return 30; }}}
 	};
+	[config] bool enable_ha {
+		default {{{ return false; }}}
+	};
 };
 
 }
diff --git a/lib/pgsql_shim/CMakeLists.txt b/lib/pgsql_shim/CMakeLists.txt
index 35f4c5cc4..327b64a9d 100644
--- a/lib/pgsql_shim/CMakeLists.txt
+++ b/lib/pgsql_shim/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 link_directories(${PostgreSQL_LIBRARY_DIRS})
 include_directories(${PostgreSQL_INCLUDE_DIRS})
diff --git a/lib/pgsql_shim/pgsqlinterface.cpp b/lib/pgsql_shim/pgsqlinterface.cpp
index b5b3ef351..95b6e7d02 100644
--- a/lib/pgsql_shim/pgsqlinterface.cpp
+++ b/lib/pgsql_shim/pgsqlinterface.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "pgsql_shim/pgsqlinterface.hpp"
 
diff --git a/lib/pgsql_shim/pgsqlinterface.hpp b/lib/pgsql_shim/pgsqlinterface.hpp
index 49148080b..2fe33033c 100644
--- a/lib/pgsql_shim/pgsqlinterface.hpp
+++ b/lib/pgsql_shim/pgsqlinterface.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PGSQLINTERFACE_H
 #define PGSQLINTERFACE_H
diff --git a/lib/remote/CMakeLists.txt b/lib/remote/CMakeLists.txt
index bb9593c56..2c5a0326a 100644
--- a/lib/remote/CMakeLists.txt
+++ b/lib/remote/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 mkclass_target(apilistener.ti apilistener-ti.cpp apilistener-ti.hpp)
 mkclass_target(apiuser.ti apiuser-ti.cpp apiuser-ti.hpp)
@@ -24,11 +9,10 @@ set(remote_SOURCES
   i2-remote.hpp
   actionshandler.cpp actionshandler.hpp
   apiaction.cpp apiaction.hpp
-  apiclient.cpp apiclient.hpp
   apifunction.cpp apifunction.hpp
   apilistener.cpp apilistener.hpp apilistener-ti.hpp apilistener-configsync.cpp apilistener-filesync.cpp
+  apilistener-authority.cpp
   apiuser.cpp apiuser.hpp apiuser-ti.hpp
-  authority.cpp
   configfileshandler.cpp configfileshandler.hpp
   configobjectutility.cpp configobjectutility.hpp
   configpackageshandler.cpp configpackageshandler.hpp
@@ -41,11 +25,7 @@ set(remote_SOURCES
   eventqueue.cpp eventqueue.hpp
   eventshandler.cpp eventshandler.hpp
   filterutility.cpp filterutility.hpp
-  httpchunkedencoding.cpp httpchunkedencoding.hpp
-  httpclientconnection.cpp httpclientconnection.hpp
   httphandler.cpp httphandler.hpp
-  httprequest.cpp httprequest.hpp
-  httpresponse.cpp httpresponse.hpp
   httpserverconnection.cpp httpserverconnection.hpp
   httputility.cpp httputility.hpp
   infohandler.cpp infohandler.hpp
@@ -76,10 +56,11 @@ set_target_properties (
   FOLDER Lib
 )
 
-#install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/icinga2/api\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/icinga2/api/log\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/icinga2/api/zones\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/icinga2/certs\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/icinga2/certificate-requests\")")
+#install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_DATADIR}/api\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_DATADIR}/api/log\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_DATADIR}/api/zones\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_DATADIR}/api/zones-stage\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_DATADIR}/certs\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ICINGA2_FULL_DATADIR}/certificate-requests\")")
 
 
diff --git a/lib/remote/actionshandler.cpp b/lib/remote/actionshandler.cpp
index be95ce6c8..7b61cd5b9 100644
--- a/lib/remote/actionshandler.cpp
+++ b/lib/remote/actionshandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/actionshandler.hpp"
 #include "remote/httputility.hpp"
@@ -29,15 +12,26 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/actions", ActionsHandler);
 
-bool ActionsHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool ActionsHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() != 3)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() != 3)
 		return false;
 
-	if (request.RequestMethod != "POST")
+	if (request.method() != http::verb::post)
 		return false;
 
-	String actionName = request.RequestUrl->GetPath()[2];
+	String actionName = url->GetPath()[2];
 
 	ApiAction::Ptr action = ApiAction::GetByName(actionName);
 
@@ -98,17 +92,15 @@ bool ActionsHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& reques
 	}
 
 	int statusCode = 500;
-	String statusMessage = "No action executed successfully";
 
 	for (const Dictionary::Ptr& res : results) {
 		if (res->Contains("code") && res->Get("code") == 200) {
 			statusCode = 200;
-			statusMessage = "OK";
 			break;
 		}
 	}
 
-	response.SetStatus(statusCode, statusMessage);
+	response.result(statusCode);
 
 	Dictionary::Ptr result = new Dictionary({
 		{ "results", new Array(std::move(results)) }
diff --git a/lib/remote/actionshandler.hpp b/lib/remote/actionshandler.hpp
index dd5ab9032..c2465cf7e 100644
--- a/lib/remote/actionshandler.hpp
+++ b/lib/remote/actionshandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ACTIONSHANDLER_H
 #define ACTIONSHANDLER_H
@@ -30,8 +13,16 @@ class ActionsHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(ActionsHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/apiaction.cpp b/lib/remote/apiaction.cpp
index a2ad15737..4da91f0d5 100644
--- a/lib/remote/apiaction.cpp
+++ b/lib/remote/apiaction.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/apiaction.hpp"
 #include "base/singleton.hpp"
diff --git a/lib/remote/apiaction.hpp b/lib/remote/apiaction.hpp
index 96f8b4480..6492449bd 100644
--- a/lib/remote/apiaction.hpp
+++ b/lib/remote/apiaction.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APIACTION_H
 #define APIACTION_H
diff --git a/lib/remote/apiclient.cpp b/lib/remote/apiclient.cpp
deleted file mode 100644
index b0d0a63da..000000000
--- a/lib/remote/apiclient.cpp
+++ /dev/null
@@ -1,368 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "remote/apiclient.hpp"
-#include "base/base64.hpp"
-#include "base/json.hpp"
-#include "base/logger.hpp"
-#include "base/exception.hpp"
-#include "base/convert.hpp"
-
-using namespace icinga;
-
-ApiClient::ApiClient(const String& host, const String& port,
-	String user, String password)
-	: m_Connection(new HttpClientConnection(host, port, true)), m_User(std::move(user)), m_Password(std::move(password))
-{
-	m_Connection->Start();
-}
-
-void ApiClient::GetTypes(const TypesCompletionCallback& callback) const
-{
-	Url::Ptr url = new Url();
-	url->SetScheme("https");
-	url->SetHost(m_Connection->GetHost());
-	url->SetPort(m_Connection->GetPort());
-	url->SetPath({ "v1", "types" });
-
-	try {
-		std::shared_ptr<HttpRequest> req = m_Connection->NewRequest();
-		req->RequestMethod = "GET";
-		req->RequestUrl = url;
-		req->AddHeader("Authorization", "Basic " + Base64::Encode(m_User + ":" + m_Password));
-		req->AddHeader("Accept", "application/json");
-		m_Connection->SubmitRequest(req, std::bind(TypesHttpCompletionCallback, _1, _2, callback));
-	} catch (const std::exception&) {
-		callback(boost::current_exception(), std::vector<ApiType::Ptr>());
-	}
-}
-
-void ApiClient::TypesHttpCompletionCallback(HttpRequest& request, HttpResponse& response,
-	const TypesCompletionCallback& callback)
-{
-	Dictionary::Ptr result;
-
-	String body;
-	char buffer[1024];
-	size_t count;
-
-	while ((count = response.ReadBody(buffer, sizeof(buffer))) > 0)
-		body += String(buffer, buffer + count);
-
-	try {
-		if (response.StatusCode < 200 || response.StatusCode > 299) {
-			std::string message = "HTTP request failed; Code: " + Convert::ToString(response.StatusCode) + "; Body: " + body;
-
-			BOOST_THROW_EXCEPTION(ScriptError(message));
-		}
-
-		std::vector<ApiType::Ptr> types;
-
-		result = JsonDecode(body);
-
-		Array::Ptr results = result->Get("results");
-
-		ObjectLock olock(results);
-		for (const Dictionary::Ptr typeInfo : results)
-		{
-			ApiType::Ptr type = new ApiType();
-			type->Abstract = typeInfo->Get("abstract");
-			type->BaseName = typeInfo->Get("base");
-			type->Name = typeInfo->Get("name");
-			type->PluralName = typeInfo->Get("plural_name");
-			// TODO: attributes
-			types.emplace_back(std::move(type));
-		}
-
-		callback(boost::exception_ptr(), types);
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "ApiClient")
-			<< "Error while decoding response: " << DiagnosticInformation(ex);
-		callback(boost::current_exception(), std::vector<ApiType::Ptr>());
-	}
-
-}
-
-void ApiClient::GetObjects(const String& pluralType, const ObjectsCompletionCallback& callback,
-	const std::vector<String>& names, const std::vector<String>& attrs, const std::vector<String>& joins, bool all_joins) const
-{
-	Url::Ptr url = new Url();
-	url->SetScheme("https");
-	url->SetHost(m_Connection->GetHost());
-	url->SetPort(m_Connection->GetPort());
-	url->SetPath({ "v1", "objects", pluralType });
-
-	std::map<String, std::vector<String> > params;
-
-	for (const String& name : names) {
-		params[pluralType.ToLower()].push_back(name);
-	}
-
-	for (const String& attr : attrs) {
-		params["attrs"].push_back(attr);
-	}
-
-	for (const String& join : joins) {
-		params["joins"].push_back(join);
-	}
-
-	params["all_joins"].emplace_back(all_joins ? "1" : "0");
-
-	url->SetQuery(params);
-
-	try {
-		std::shared_ptr<HttpRequest> req = m_Connection->NewRequest();
-		req->RequestMethod = "GET";
-		req->RequestUrl = url;
-		req->AddHeader("Authorization", "Basic " + Base64::Encode(m_User + ":" + m_Password));
-		req->AddHeader("Accept", "application/json");
-		m_Connection->SubmitRequest(req, std::bind(ObjectsHttpCompletionCallback, _1, _2, callback));
-	} catch (const std::exception&) {
-		callback(boost::current_exception(), std::vector<ApiObject::Ptr>());
-	}
-}
-
-void ApiClient::ObjectsHttpCompletionCallback(HttpRequest& request,
-	HttpResponse& response, const ObjectsCompletionCallback& callback)
-{
-	Dictionary::Ptr result;
-
-	String body;
-	char buffer[1024];
-	size_t count;
-
-	while ((count = response.ReadBody(buffer, sizeof(buffer))) > 0)
-		body += String(buffer, buffer + count);
-
-	try {
-		if (response.StatusCode < 200 || response.StatusCode > 299) {
-			std::string message = "HTTP request failed; Code: " + Convert::ToString(response.StatusCode) + "; Body: " + body;
-
-			BOOST_THROW_EXCEPTION(ScriptError(message));
-		}
-
-		std::vector<ApiObject::Ptr> objects;
-
-		result = JsonDecode(body);
-
-		Array::Ptr results = result->Get("results");
-
-		if (results) {
-			ObjectLock olock(results);
-			for (const Dictionary::Ptr objectInfo : results) {
-				ApiObject::Ptr object = new ApiObject();
-
-				object->Name = objectInfo->Get("name");
-				object->Type = objectInfo->Get("type");
-
-				Dictionary::Ptr attrs = objectInfo->Get("attrs");
-
-				if (attrs) {
-					ObjectLock olock(attrs);
-					for (const Dictionary::Pair& kv : attrs) {
-						object->Attrs[object->Type.ToLower() + "." + kv.first] = kv.second;
-					}
-				}
-
-				Dictionary::Ptr joins = objectInfo->Get("joins");
-
-				if (joins) {
-					ObjectLock olock(joins);
-					for (const Dictionary::Pair& kv : joins) {
-						Dictionary::Ptr attrs = kv.second;
-
-						if (attrs) {
-							ObjectLock olock(attrs);
-							for (const Dictionary::Pair& kv2 : attrs) {
-								object->Attrs[kv.first + "." + kv2.first] = kv2.second;
-							}
-						}
-					}
-				}
-
-				Array::Ptr used_by = objectInfo->Get("used_by");
-
-				if (used_by) {
-					ObjectLock olock(used_by);
-					for (const Dictionary::Ptr& refInfo : used_by) {
-						ApiObjectReference ref;
-						ref.Name = refInfo->Get("name");
-						ref.Type = refInfo->Get("type");
-						object->UsedBy.emplace_back(std::move(ref));
-					}
-				}
-
-				objects.push_back(object);
-			}
-		}
-
-		callback(boost::exception_ptr(), objects);
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "ApiClient")
-			<< "Error while decoding response: " << DiagnosticInformation(ex);
-		callback(boost::current_exception(), std::vector<ApiObject::Ptr>());
-	}
-}
-
-void ApiClient::ExecuteScript(const String& session, const String& command, bool sandboxed,
-	const ExecuteScriptCompletionCallback& callback) const
-{
-	Url::Ptr url = new Url();
-	url->SetScheme("https");
-	url->SetHost(m_Connection->GetHost());
-	url->SetPort(m_Connection->GetPort());
-	url->SetPath({ "v1", "console", "execute-script" });
-
-	std::map<String, std::vector<String> > params;
-	params["session"].push_back(session);
-	params["command"].push_back(command);
-	params["sandboxed"].emplace_back(sandboxed ? "1" : "0");
-	url->SetQuery(params);
-
-	try {
-		std::shared_ptr<HttpRequest> req = m_Connection->NewRequest();
-		req->RequestMethod = "POST";
-		req->RequestUrl = url;
-		req->AddHeader("Authorization", "Basic " + Base64::Encode(m_User + ":" + m_Password));
-		req->AddHeader("Accept", "application/json");
-		m_Connection->SubmitRequest(req, std::bind(ExecuteScriptHttpCompletionCallback, _1, _2, callback));
-	} catch (const std::exception&) {
-		callback(boost::current_exception(), Empty);
-	}
-}
-
-void ApiClient::ExecuteScriptHttpCompletionCallback(HttpRequest& request,
-	HttpResponse& response, const ExecuteScriptCompletionCallback& callback)
-{
-	Dictionary::Ptr result;
-
-	String body;
-	char buffer[1024];
-	size_t count;
-
-	while ((count = response.ReadBody(buffer, sizeof(buffer))) > 0)
-		body += String(buffer, buffer + count);
-
-	try {
-		if (response.StatusCode < 200 || response.StatusCode > 299) {
-			std::string message = "HTTP request failed; Code: " + Convert::ToString(response.StatusCode) + "; Body: " + body;
-
-			BOOST_THROW_EXCEPTION(ScriptError(message));
-		}
-
-		result = JsonDecode(body);
-
-		Array::Ptr results = result->Get("results");
-		Value result;
-		String errorMessage = "Unexpected result from API.";
-
-		if (results && results->GetLength() > 0) {
-			Dictionary::Ptr resultInfo = results->Get(0);
-			errorMessage = resultInfo->Get("status");
-
-			if (resultInfo->Get("code") >= 200 && resultInfo->Get("code") <= 299) {
-				result = resultInfo->Get("result");
-			} else {
-				DebugInfo di;
-				Dictionary::Ptr debugInfo = resultInfo->Get("debug_info");
-				if (debugInfo) {
-					di.Path = debugInfo->Get("path");
-					di.FirstLine = debugInfo->Get("first_line");
-					di.FirstColumn = debugInfo->Get("first_column");
-					di.LastLine = debugInfo->Get("last_line");
-					di.LastColumn = debugInfo->Get("last_column");
-				}
-				bool incompleteExpression = resultInfo->Get("incomplete_expression");
-				BOOST_THROW_EXCEPTION(ScriptError(errorMessage, di, incompleteExpression));
-			}
-		}
-
-		callback(boost::exception_ptr(), result);
-	} catch (const std::exception&) {
-		callback(boost::current_exception(), Empty);
-	}
-}
-
-void ApiClient::AutocompleteScript(const String& session, const String& command, bool sandboxed,
-	const AutocompleteScriptCompletionCallback& callback) const
-{
-	Url::Ptr url = new Url();
-	url->SetScheme("https");
-	url->SetHost(m_Connection->GetHost());
-	url->SetPort(m_Connection->GetPort());
-	url->SetPath({ "v1", "console", "auto-complete-script" });
-
-	std::map<String, std::vector<String> > params;
-	params["session"].push_back(session);
-	params["command"].push_back(command);
-	params["sandboxed"].emplace_back(sandboxed ? "1" : "0");
-	url->SetQuery(params);
-
-	try {
-		std::shared_ptr<HttpRequest> req = m_Connection->NewRequest();
-		req->RequestMethod = "POST";
-		req->RequestUrl = url;
-		req->AddHeader("Authorization", "Basic " + Base64::Encode(m_User + ":" + m_Password));
-		req->AddHeader("Accept", "application/json");
-		m_Connection->SubmitRequest(req, std::bind(AutocompleteScriptHttpCompletionCallback, _1, _2, callback));
-	} catch (const std::exception&) {
-		callback(boost::current_exception(), nullptr);
-	}
-}
-
-void ApiClient::AutocompleteScriptHttpCompletionCallback(HttpRequest& request,
-	HttpResponse& response, const AutocompleteScriptCompletionCallback& callback)
-{
-	Dictionary::Ptr result;
-
-	String body;
-	char buffer[1024];
-	size_t count;
-
-	while ((count = response.ReadBody(buffer, sizeof(buffer))) > 0)
-		body += String(buffer, buffer + count);
-
-	try {
-		if (response.StatusCode < 200 || response.StatusCode > 299) {
-			std::string message = "HTTP request failed; Code: " + Convert::ToString(response.StatusCode) + "; Body: " + body;
-
-			BOOST_THROW_EXCEPTION(ScriptError(message));
-		}
-
-		result = JsonDecode(body);
-
-		Array::Ptr results = result->Get("results");
-		Array::Ptr suggestions;
-		String errorMessage = "Unexpected result from API.";
-
-		if (results && results->GetLength() > 0) {
-			Dictionary::Ptr resultInfo = results->Get(0);
-			errorMessage = resultInfo->Get("status");
-
-			if (resultInfo->Get("code") >= 200 && resultInfo->Get("code") <= 299)
-				suggestions = resultInfo->Get("suggestions");
-			else
-				BOOST_THROW_EXCEPTION(ScriptError(errorMessage));
-		}
-
-		callback(boost::exception_ptr(), suggestions);
-	} catch (const std::exception&) {
-		callback(boost::current_exception(), nullptr);
-	}
-}
diff --git a/lib/remote/apiclient.hpp b/lib/remote/apiclient.hpp
deleted file mode 100644
index 7507765a0..000000000
--- a/lib/remote/apiclient.hpp
+++ /dev/null
@@ -1,129 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef APICLIENT_H
-#define APICLIENT_H
-
-#include "remote/httpclientconnection.hpp"
-#include "base/value.hpp"
-#include "base/exception.hpp"
-#include <vector>
-
-namespace icinga
-{
-
-struct ApiFieldAttributes
-{
-public:
-	bool Config;
-	bool Navigation;
-	bool NoUserModify;
-	bool NouserView;
-	bool Required;
-	bool State;
-};
-
-class ApiType;
-
-struct ApiField
-{
-public:
-	String Name;
-	int ID;
-	int ArrayRank;
-	ApiFieldAttributes FieldAttributes;
-	String TypeName;
-	intrusive_ptr<ApiType> Type;
-};
-
-class ApiType final : public Object
-{
-public:
-	DECLARE_PTR_TYPEDEFS(ApiType);
-
-	String Name;
-	String PluralName;
-	String BaseName;
-	ApiType::Ptr Base;
-	bool Abstract;
-	std::map<String, ApiField> Fields;
-	std::vector<String> PrototypeKeys;
-};
-
-struct ApiObjectReference
-{
-public:
-	String Name;
-	String Type;
-};
-
-struct ApiObject : public Object
-{
-public:
-	DECLARE_PTR_TYPEDEFS(ApiObject);
-
-	String Name;
-	String Type;
-	std::map<String, Value> Attrs;
-	std::vector<ApiObjectReference> UsedBy;
-};
-
-class ApiClient : public Object
-{
-public:
-	DECLARE_PTR_TYPEDEFS(ApiClient);
-
-	ApiClient(const String& host, const String& port,
-		String user, String password);
-
-	typedef std::function<void(boost::exception_ptr, const std::vector<ApiType::Ptr>&)> TypesCompletionCallback;
-	void GetTypes(const TypesCompletionCallback& callback) const;
-
-	typedef std::function<void(boost::exception_ptr, const std::vector<ApiObject::Ptr>&)> ObjectsCompletionCallback;
-	void GetObjects(const String& pluralType, const ObjectsCompletionCallback& callback,
-		const std::vector<String>& names = std::vector<String>(),
-		const std::vector<String>& attrs = std::vector<String>(),
-		const std::vector<String>& joins = std::vector<String>(), bool all_joins = false) const;
-
-	typedef std::function<void(boost::exception_ptr, const Value&)> ExecuteScriptCompletionCallback;
-	void ExecuteScript(const String& session, const String& command, bool sandboxed,
-		const ExecuteScriptCompletionCallback& callback) const;
-
-	typedef std::function<void(boost::exception_ptr, const Array::Ptr&)> AutocompleteScriptCompletionCallback;
-	void AutocompleteScript(const String& session, const String& command, bool sandboxed,
-		const AutocompleteScriptCompletionCallback& callback) const;
-
-private:
-	HttpClientConnection::Ptr m_Connection;
-	String m_User;
-	String m_Password;
-
-	static void TypesHttpCompletionCallback(HttpRequest& request,
-		HttpResponse& response, const TypesCompletionCallback& callback);
-	static void ObjectsHttpCompletionCallback(HttpRequest& request,
-		HttpResponse& response, const ObjectsCompletionCallback& callback);
-	static void ExecuteScriptHttpCompletionCallback(HttpRequest& request,
-		HttpResponse& response, const ExecuteScriptCompletionCallback& callback);
-	static void AutocompleteScriptHttpCompletionCallback(HttpRequest& request,
-		HttpResponse& response, const AutocompleteScriptCompletionCallback& callback);
-};
-
-}
-
-#endif /* APICLIENT_H */
diff --git a/lib/remote/apifunction.cpp b/lib/remote/apifunction.cpp
index b549bef29..5b855cc43 100644
--- a/lib/remote/apifunction.cpp
+++ b/lib/remote/apifunction.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/apifunction.hpp"
 #include "base/singleton.hpp"
diff --git a/lib/remote/apifunction.hpp b/lib/remote/apifunction.hpp
index 8e41040ab..048b83c58 100644
--- a/lib/remote/apifunction.hpp
+++ b/lib/remote/apifunction.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APIFUNCTION_H
 #define APIFUNCTION_H
diff --git a/lib/remote/apilistener-authority.cpp b/lib/remote/apilistener-authority.cpp
new file mode 100644
index 000000000..d5fe5120c
--- /dev/null
+++ b/lib/remote/apilistener-authority.cpp
@@ -0,0 +1,84 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "remote/zone.hpp"
+#include "remote/apilistener.hpp"
+#include "base/configtype.hpp"
+#include "base/utility.hpp"
+#include "base/convert.hpp"
+
+using namespace icinga;
+
+std::atomic<bool> ApiListener::m_UpdatedObjectAuthority (false);
+
+void ApiListener::UpdateObjectAuthority()
+{
+	/* Always run this, even if there is no 'api' feature enabled. */
+	if (auto listener = ApiListener::GetInstance()) {
+		Log(LogNotice, "ApiListener")
+			<< "Updating object authority for objects at endpoint '" << listener->GetIdentity() << "'.";
+	} else {
+		Log(LogNotice, "ApiListener")
+			<< "Updating object authority for local objects.";
+	}
+
+	Zone::Ptr my_zone = Zone::GetLocalZone();
+
+	std::vector<Endpoint::Ptr> endpoints;
+	Endpoint::Ptr my_endpoint;
+
+	if (my_zone) {
+		my_endpoint = Endpoint::GetLocalEndpoint();
+
+		int num_total = 0;
+
+		for (const Endpoint::Ptr& endpoint : my_zone->GetEndpoints()) {
+			num_total++;
+
+			if (endpoint != my_endpoint && !endpoint->GetConnected())
+				continue;
+
+			endpoints.push_back(endpoint);
+		}
+
+		double mainTime = Application::GetMainTime();
+
+		/* 30 seconds cold startup, don't update any authority to give the secondary endpoint time to reconnect. */
+		if (num_total > 1 && endpoints.size() <= 1 && (mainTime == 0 || Utility::GetTime() - mainTime < 30))
+			return;
+
+		std::sort(endpoints.begin(), endpoints.end(),
+			[](const ConfigObject::Ptr& a, const ConfigObject::Ptr& b) {
+				return a->GetName() < b->GetName();
+			}
+		);
+	}
+
+	for (const Type::Ptr& type : Type::GetAllTypes()) {
+		auto *dtype = dynamic_cast<ConfigType *>(type.get());
+
+		if (!dtype)
+			continue;
+
+		for (const ConfigObject::Ptr& object : dtype->GetObjects()) {
+			if (!object->IsActive() || object->GetHAMode() != HARunOnce)
+				continue;
+
+			bool authority;
+
+			if (!my_zone)
+				authority = true;
+			else
+				authority = endpoints[Utility::SDBM(object->GetName()) % endpoints.size()] == my_endpoint;
+
+#ifdef I2_DEBUG
+// 			//Enable on demand, causes heavy logging on each run.
+//			Log(LogDebug, "ApiListener")
+//				<< "Setting authority '" << Convert::ToString(authority) << "' for object '" << object->GetName() << "' of type '" << object->GetReflectionType()->GetName() << "'.";
+#endif /* I2_DEBUG */
+
+			object->SetAuthority(authority);
+		}
+	}
+
+	m_UpdatedObjectAuthority.store(true);
+}
diff --git a/lib/remote/apilistener-configsync.cpp b/lib/remote/apilistener-configsync.cpp
index 12c91065e..4a55c2883 100644
--- a/lib/remote/apilistener-configsync.cpp
+++ b/lib/remote/apilistener-configsync.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/apilistener.hpp"
 #include "remote/apifunction.hpp"
@@ -56,7 +39,7 @@ void ApiListener::ConfigUpdateObjectHandler(const ConfigObject::Ptr& object, con
 Value ApiListener::ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
 {
 	Log(LogNotice, "ApiListener")
-		<< "Received update for object: " << JsonEncode(params);
+		<< "Received config update for object: " << JsonEncode(params);
 
 	/* check permissions */
 	ApiListener::Ptr listener = ApiListener::GetInstance();
@@ -69,26 +52,32 @@ Value ApiListener::ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin
 
 	Endpoint::Ptr endpoint = origin->FromClient->GetEndpoint();
 
+	String identity = origin->FromClient->GetIdentity();
+
 	/* discard messages if the client is not configured on this node */
 	if (!endpoint) {
 		Log(LogNotice, "ApiListener")
-			<< "Discarding 'config update object' message from '" << origin->FromClient->GetIdentity() << "': Invalid endpoint origin (client not allowed).";
+			<< "Discarding 'config update object' message from '" << identity << "': Invalid endpoint origin (client not allowed).";
 		return Empty;
 	}
 
+	Zone::Ptr endpointZone = endpoint->GetZone();
+
 	/* discard messages if the sender is in a child zone */
-	if (!Zone::GetLocalZone()->IsChildOf(endpoint->GetZone())) {
+	if (!Zone::GetLocalZone()->IsChildOf(endpointZone)) {
 		Log(LogNotice, "ApiListener")
-			<< "Discarding 'config update object' message from '"
-			<< origin->FromClient->GetIdentity() << "' for object '"
-			<< objName << "' of type '" << objType << "'. Sender is in a child zone.";
+			<< "Discarding 'config update object' message"
+			<< " from '" << identity << "' (endpoint: '" << endpoint->GetName() << "', zone: '" << endpointZone->GetName() << "')"
+			<< " for object '" << objName << "' of type '" << objType << "'. Sender is in a child zone.";
 		return Empty;
 	}
 
 	/* ignore messages if the endpoint does not accept config */
 	if (!listener->GetAcceptConfig()) {
 		Log(LogWarning, "ApiListener")
-			<< "Ignoring config update from '" << origin->FromClient->GetIdentity() << "' for object '" << objName << "' of type '" << objType << "'. '" << listener->GetName() << "' does not accept config.";
+			<< "Ignoring config update"
+			<< " from '" << identity << "' (endpoint: '" << endpoint->GetName() << "', zone: '" << endpointZone->GetName() << "')"
+			<< " for object '" << objName << "' of type '" << objType << "'. '" << listener->GetName() << "' does not accept config.";
 		return Empty;
 	}
 
@@ -99,6 +88,7 @@ Value ApiListener::ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin
 	auto *ctype = dynamic_cast<ConfigType *>(ptype.get());
 
 	if (!ctype) {
+		// This never happens with icinga cluster endpoints, only with development errors.
 		Log(LogCritical, "ApiListener")
 			<< "Config type '" << objType << "' does not exist.";
 		return Empty;
@@ -116,7 +106,11 @@ Value ApiListener::ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin
 		/* object does not exist, create it through the API */
 		Array::Ptr errors = new Array();
 
-		if (!ConfigObjectUtility::CreateObject(ptype, objName, config, errors, nullptr)) {
+		/*
+		 * Create the config object through our internal API.
+		 * IMPORTANT: Pass the origin to prevent cluster sync loops.
+		 */
+		if (!ConfigObjectUtility::CreateObject(ptype, objName, config, errors, nullptr, origin)) {
 			Log(LogCritical, "ApiListener")
 				<< "Could not create object '" << objName << "':";
 
@@ -143,7 +137,9 @@ Value ApiListener::ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin
 	/* update object attributes if version was changed or if this is a new object */
 	if (newObject || objVersion <= object->GetVersion()) {
 		Log(LogNotice, "ApiListener")
-			<< "Discarding config update for object '" << object->GetName()
+			<< "Discarding config update"
+			<< " from '" << identity << "' (endpoint: '" << endpoint->GetName() << "', zone: '" << endpointZone->GetName() << "')"
+			<< " for object '" << object->GetName()
 			<< "': Object version " << std::fixed << object->GetVersion()
 			<< " is more recent than the received version " << std::fixed << objVersion << ".";
 
@@ -151,7 +147,9 @@ Value ApiListener::ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin
 	}
 
 	Log(LogNotice, "ApiListener")
-		<< "Processing config update for object '" << object->GetName()
+		<< "Processing config update"
+		<< " from '" << identity << "' (endpoint: '" << endpoint->GetName() << "', zone: '" << endpointZone->GetName() << "')"
+		<< " for object '" << object->GetName()
 		<< "': Object version " << object->GetVersion()
 		<< " is older than the received version " << objVersion << ".";
 
@@ -199,7 +197,7 @@ Value ApiListener::ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin
 Value ApiListener::ConfigDeleteObjectAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
 {
 	Log(LogNotice, "ApiListener")
-		<< "Received update for object: " << JsonEncode(params);
+		<< "Received config delete for object: " << JsonEncode(params);
 
 	/* check permissions */
 	ApiListener::Ptr listener = ApiListener::GetInstance();
@@ -207,55 +205,75 @@ Value ApiListener::ConfigDeleteObjectAPIHandler(const MessageOrigin::Ptr& origin
 	if (!listener)
 		return Empty;
 
-	if (!listener->GetAcceptConfig()) {
-		Log(LogWarning, "ApiListener")
-			<< "Ignoring config update. '" << listener->GetName() << "' does not accept config.";
-		return Empty;
-	}
+	String objType = params->Get("type");
+	String objName = params->Get("name");
 
 	Endpoint::Ptr endpoint = origin->FromClient->GetEndpoint();
 
+	String identity = origin->FromClient->GetIdentity();
+
 	if (!endpoint) {
 		Log(LogNotice, "ApiListener")
-			<< "Discarding 'config update object' message from '" << origin->FromClient->GetIdentity() << "': Invalid endpoint origin (client not allowed).";
+			<< "Discarding 'config delete object' message from '" << identity << "': Invalid endpoint origin (client not allowed).";
 		return Empty;
 	}
 
+	Zone::Ptr endpointZone = endpoint->GetZone();
+
 	/* discard messages if the sender is in a child zone */
-	if (!Zone::GetLocalZone()->IsChildOf(endpoint->GetZone())) {
+	if (!Zone::GetLocalZone()->IsChildOf(endpointZone)) {
+		Log(LogNotice, "ApiListener")
+			<< "Discarding 'config delete object' message"
+			<< " from '" << identity << "' (endpoint: '" << endpoint->GetName() << "', zone: '" << endpointZone->GetName() << "')"
+			<< " for object '" << objName << "' of type '" << objType << "'. Sender is in a child zone.";
+		return Empty;
+	}
+
+	if (!listener->GetAcceptConfig()) {
 		Log(LogWarning, "ApiListener")
-			<< "Discarding 'config update object' message from '"
-			<< origin->FromClient->GetIdentity() << "'.";
+			<< "Ignoring config delete"
+			<< " from '" << identity << "' (endpoint: '" << endpoint->GetName() << "', zone: '" << endpointZone->GetName() << "')"
+			<< " for object '" << objName << "' of type '" << objType << "'. '" << listener->GetName() << "' does not accept config.";
 		return Empty;
 	}
 
 	/* delete the object */
-	Type::Ptr ptype = Type::GetByName(params->Get("type"));
+	Type::Ptr ptype = Type::GetByName(objType);
 	auto *ctype = dynamic_cast<ConfigType *>(ptype.get());
 
 	if (!ctype) {
+		// This never happens with icinga cluster endpoints, only with development errors.
 		Log(LogCritical, "ApiListener")
-			<< "Config type '" << params->Get("type") << "' does not exist.";
+			<< "Config type '" << objType << "' does not exist.";
 		return Empty;
 	}
 
-	ConfigObject::Ptr object = ctype->GetObject(params->Get("name"));
+	ConfigObject::Ptr object = ctype->GetObject(objName);
 
 	if (!object) {
 		Log(LogNotice, "ApiListener")
-			<< "Could not delete non-existent object '" << params->Get("name") << "' with type '" << params->Get("type") << "'.";
+			<< "Could not delete non-existent object '" << objName << "' with type '" << params->Get("type") << "'.";
 		return Empty;
 	}
 
 	if (object->GetPackage() != "_api") {
 		Log(LogCritical, "ApiListener")
-			<< "Could not delete object '" << object->GetName() << "': Not created by the API.";
+			<< "Could not delete object '" << objName << "': Not created by the API.";
 		return Empty;
 	}
 
+	Log(LogNotice, "ApiListener")
+		<< "Processing config delete"
+		<< " from '" << identity << "' (endpoint: '" << endpoint->GetName() << "', zone: '" << endpointZone->GetName() << "')"
+		<< " for object '" << object->GetName() << "'.";
+
 	Array::Ptr errors = new Array();
 
-	if (!ConfigObjectUtility::DeleteObject(object, true, errors, nullptr)) {
+	/*
+	 * Delete the config object through our internal API.
+	 * IMPORTANT: Pass the origin to prevent cluster sync loops.
+	 */
+	if (!ConfigObjectUtility::DeleteObject(object, true, errors, nullptr, origin)) {
 		Log(LogCritical, "ApiListener", "Could not delete object:");
 
 		ObjectLock olock(errors);
@@ -299,7 +317,15 @@ void ApiListener::UpdateConfigObject(const ConfigObject::Ptr& object, const Mess
 	params->Set("version", object->GetVersion());
 
 	if (object->GetPackage() == "_api") {
-		String file = ConfigObjectUtility::GetObjectConfigPath(object->GetReflectionType(), object->GetName());
+		String file;
+
+		try {
+			file = ConfigObjectUtility::GetObjectConfigPath(object->GetReflectionType(), object->GetName());
+		} catch (const std::exception& ex) {
+			Log(LogNotice, "ApiListener")
+				<< "Cannot sync object '" << object->GetName() << "': " << ex.what();
+			return;
+		}
 
 		std::ifstream fp(file.CStr(), std::ifstream::binary);
 		if (!fp)
@@ -340,7 +366,7 @@ void ApiListener::UpdateConfigObject(const ConfigObject::Ptr& object, const Mess
 #endif /* I2_DEBUG */
 
 	if (client)
-		JsonRpc::SendMessage(client->GetStream(), message);
+		client->SendMessage(message);
 	else {
 		Zone::Ptr target = static_pointer_cast<Zone>(object->GetZone());
 
@@ -390,7 +416,7 @@ void ApiListener::DeleteConfigObject(const ConfigObject::Ptr& object, const Mess
 #endif /* I2_DEBUG */
 
 	if (client)
-		JsonRpc::SendMessage(client->GetStream(), message);
+		client->SendMessage(message);
 	else {
 		Zone::Ptr target = static_pointer_cast<Zone>(object->GetZone());
 
diff --git a/lib/remote/apilistener-filesync.cpp b/lib/remote/apilistener-filesync.cpp
index 30a79a35f..4aa381c43 100644
--- a/lib/remote/apilistener-filesync.cpp
+++ b/lib/remote/apilistener-filesync.cpp
@@ -1,29 +1,16 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/apilistener.hpp"
 #include "remote/apifunction.hpp"
 #include "config/configcompiler.hpp"
+#include "base/tlsutility.hpp"
+#include "base/json.hpp"
 #include "base/configtype.hpp"
 #include "base/logger.hpp"
 #include "base/convert.hpp"
+#include "base/application.hpp"
 #include "base/exception.hpp"
+#include "base/utility.hpp"
 #include <fstream>
 #include <iomanip>
 
@@ -31,233 +18,202 @@ using namespace icinga;
 
 REGISTER_APIFUNCTION(Update, config, &ApiListener::ConfigUpdateHandler);
 
-void ApiListener::ConfigGlobHandler(ConfigDirInformation& config, const String& path, const String& file)
-{
-	CONTEXT("Creating config update for file '" + file + "'");
+boost::mutex ApiListener::m_ConfigSyncStageLock;
 
-	Log(LogNotice, "ApiListener")
-		<< "Creating config update for file '" << file << "'.";
-
-	std::ifstream fp(file.CStr(), std::ifstream::binary);
-	if (!fp)
-		return;
-
-	String content((std::istreambuf_iterator<char>(fp)), std::istreambuf_iterator<char>());
-
-	Dictionary::Ptr update;
-
-	if (Utility::Match("*.conf", file))
-		update = config.UpdateV1;
-	else
-		update = config.UpdateV2;
-
-	update->Set(file.SubStr(path.GetLength()), content);
-}
-
-Dictionary::Ptr ApiListener::MergeConfigUpdate(const ConfigDirInformation& config)
-{
-	Dictionary::Ptr result = new Dictionary();
-
-	if (config.UpdateV1)
-		config.UpdateV1->CopyTo(result);
-
-	if (config.UpdateV2)
-		config.UpdateV2->CopyTo(result);
-
-	return result;
-}
-
-ConfigDirInformation ApiListener::LoadConfigDir(const String& dir)
-{
-	ConfigDirInformation config;
-	config.UpdateV1 = new Dictionary();
-	config.UpdateV2 = new Dictionary();
-	Utility::GlobRecursive(dir, "*", std::bind(&ApiListener::ConfigGlobHandler, std::ref(config), dir, _1), GlobFile);
-	return config;
-}
-
-bool ApiListener::UpdateConfigDir(const ConfigDirInformation& oldConfigInfo, const ConfigDirInformation& newConfigInfo, const String& configDir, bool authoritative)
-{
-	bool configChange = false;
-
-	Dictionary::Ptr oldConfig = MergeConfigUpdate(oldConfigInfo);
-	Dictionary::Ptr newConfig = MergeConfigUpdate(newConfigInfo);
-
-	double oldTimestamp;
-
-	if (!oldConfig->Contains("/.timestamp"))
-		oldTimestamp = 0;
-	else
-		oldTimestamp = oldConfig->Get("/.timestamp");
-
-	double newTimestamp;
-
-	if (!newConfig->Contains("/.timestamp"))
-		newTimestamp = Utility::GetTime();
-	else
-		newTimestamp = newConfig->Get("/.timestamp");
-
-	/* skip update if our configuration files are more recent */
-	if (oldTimestamp >= newTimestamp) {
-		Log(LogNotice, "ApiListener")
-			<< "Our configuration is more recent than the received configuration update."
-			<< " Ignoring configuration file update for path '" << configDir << "'. Current timestamp '"
-			<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", oldTimestamp) << "' ("
-			<< std::fixed << std::setprecision(6) << oldTimestamp
-			<< ") >= received timestamp '"
-			<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", newTimestamp) << "' ("
-			<< newTimestamp << ").";
-		return false;
-	}
-
-	size_t numBytes = 0;
-
-	{
-		ObjectLock olock(newConfig);
-		for (const Dictionary::Pair& kv : newConfig) {
-			if (oldConfig->Get(kv.first) != kv.second) {
-				if (!Utility::Match("*/.timestamp", kv.first))
-					configChange = true;
-
-				String path = configDir + "/" + kv.first;
-				Log(LogInformation, "ApiListener")
-					<< "Updating configuration file: " << path;
-
-				/* Sync string content only. */
-				String content = kv.second;
-
-				/* Generate a directory tree (zones/1/2/3 might not exist yet). */
-				Utility::MkDirP(Utility::DirName(path), 0755);
-				std::ofstream fp(path.CStr(), std::ofstream::out | std::ostream::binary | std::ostream::trunc);
-				fp << content;
-				fp.close();
-
-				numBytes += content.GetLength();
-			}
-		}
-	}
-
-	Log(LogInformation, "ApiListener")
-		<< "Applying configuration file update for path '" << configDir << "' (" << numBytes << " Bytes). Received timestamp '"
-		<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", newTimestamp) << "' ("
-		<< std::fixed << std::setprecision(6) << newTimestamp
-		<< "), Current timestamp '"
-		<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", oldTimestamp) << "' ("
-		<< oldTimestamp << ").";
-
-	ObjectLock xlock(oldConfig);
-	for (const Dictionary::Pair& kv : oldConfig) {
-		if (!newConfig->Contains(kv.first)) {
-			configChange = true;
-
-			String path = configDir + "/" + kv.first;
-			(void) unlink(path.CStr());
-		}
-	}
-
-	String tsPath = configDir + "/.timestamp";
-	if (!Utility::PathExists(tsPath)) {
-		std::ofstream fp(tsPath.CStr(), std::ofstream::out | std::ostream::trunc);
-		fp << std::fixed << newTimestamp;
-		fp.close();
-	}
-
-	if (authoritative) {
-		String authPath = configDir + "/.authoritative";
-		if (!Utility::PathExists(authPath)) {
-			std::ofstream fp(authPath.CStr(), std::ofstream::out | std::ostream::trunc);
-			fp.close();
-		}
-	}
-
-	return configChange;
-}
-
-void ApiListener::SyncZoneDir(const Zone::Ptr& zone) const
-{
-	ConfigDirInformation newConfigInfo;
-	newConfigInfo.UpdateV1 = new Dictionary();
-	newConfigInfo.UpdateV2 = new Dictionary();
-
-	for (const ZoneFragment& zf : ConfigCompiler::GetZoneDirs(zone->GetName())) {
-		ConfigDirInformation newConfigPart = LoadConfigDir(zf.Path);
-
-		{
-			ObjectLock olock(newConfigPart.UpdateV1);
-			for (const Dictionary::Pair& kv : newConfigPart.UpdateV1) {
-				newConfigInfo.UpdateV1->Set("/" + zf.Tag + kv.first, kv.second);
-			}
-		}
-
-		{
-			ObjectLock olock(newConfigPart.UpdateV2);
-			for (const Dictionary::Pair& kv : newConfigPart.UpdateV2) {
-				newConfigInfo.UpdateV2->Set("/" + zf.Tag + kv.first, kv.second);
-			}
-		}
-	}
-
-	int sumUpdates = newConfigInfo.UpdateV1->GetLength() + newConfigInfo.UpdateV2->GetLength();
-
-	if (sumUpdates == 0)
-		return;
-
-	String oldDir = Application::GetLocalStateDir() + "/lib/icinga2/api/zones/" + zone->GetName();
-
-	Log(LogInformation, "ApiListener")
-		<< "Copying " << sumUpdates << " zone configuration files for zone '" << zone->GetName() << "' to '" << oldDir << "'.";
-
-	Utility::MkDirP(oldDir, 0700);
-
-	ConfigDirInformation oldConfigInfo = LoadConfigDir(oldDir);
-
-	UpdateConfigDir(oldConfigInfo, newConfigInfo, oldDir, true);
-}
-
-void ApiListener::SyncZoneDirs() const
+/**
+ * Entrypoint for updating all authoritative configs from /etc/zones.d, packages, etc.
+ * into var/lib/icinga2/api/zones
+ */
+void ApiListener::SyncLocalZoneDirs() const
 {
 	for (const Zone::Ptr& zone : ConfigType::GetObjectsByType<Zone>()) {
 		try {
-			SyncZoneDir(zone);
+			SyncLocalZoneDir(zone);
 		} catch (const std::exception&) {
 			continue;
 		}
 	}
 }
 
+/**
+ * Sync a zone directory where we have an authoritative copy (zones.d, packages, etc.)
+ *
+ * This function collects the registered zone config dirs from
+ * the config compiler and reads the file content into the config
+ * information structure.
+ *
+ * Returns early when there are no updates.
+ *
+ * @param zone Pointer to the zone object being synced.
+ */
+void ApiListener::SyncLocalZoneDir(const Zone::Ptr& zone) const
+{
+	if (!zone)
+		return;
+
+	ConfigDirInformation newConfigInfo;
+	newConfigInfo.UpdateV1 = new Dictionary();
+	newConfigInfo.UpdateV2 = new Dictionary();
+	newConfigInfo.Checksums = new Dictionary();
+
+	String zoneName = zone->GetName();
+
+	// Load registered zone paths, e.g. '_etc', '_api' and user packages.
+	for (const ZoneFragment& zf : ConfigCompiler::GetZoneDirs(zoneName)) {
+		ConfigDirInformation newConfigPart = LoadConfigDir(zf.Path);
+
+		// Config files '*.conf'.
+		{
+			ObjectLock olock(newConfigPart.UpdateV1);
+			for (const Dictionary::Pair& kv : newConfigPart.UpdateV1) {
+				String path = "/" + zf.Tag + kv.first;
+
+				newConfigInfo.UpdateV1->Set(path, kv.second);
+				newConfigInfo.Checksums->Set(path, GetChecksum(kv.second));
+			}
+		}
+
+		// Meta files.
+		{
+			ObjectLock olock(newConfigPart.UpdateV2);
+			for (const Dictionary::Pair& kv : newConfigPart.UpdateV2) {
+				String path = "/" + zf.Tag + kv.first;
+
+				newConfigInfo.UpdateV2->Set(path, kv.second);
+				newConfigInfo.Checksums->Set(path, GetChecksum(kv.second));
+			}
+		}
+	}
+
+	size_t sumUpdates = newConfigInfo.UpdateV1->GetLength() + newConfigInfo.UpdateV2->GetLength();
+
+	// Return early if there are no updates.
+	if (sumUpdates == 0)
+		return;
+
+	String productionZonesDir = GetApiZonesDir() + zoneName;
+
+	Log(LogInformation, "ApiListener")
+		<< "Copying " << sumUpdates << " zone configuration files for zone '" << zoneName << "' to '" << productionZonesDir << "'.";
+
+	// Purge files to allow deletion via zones.d.
+	if (Utility::PathExists(productionZonesDir))
+		Utility::RemoveDirRecursive(productionZonesDir);
+
+	Utility::MkDirP(productionZonesDir, 0700);
+
+	// Copy content and add additional meta data.
+	size_t numBytes = 0;
+
+	/* Note: We cannot simply copy directories here.
+	 *
+	 * Zone directories are registered from everywhere and we already
+	 * have read their content into memory with LoadConfigDir().
+	 */
+	Dictionary::Ptr newConfig = MergeConfigUpdate(newConfigInfo);
+
+	{
+		ObjectLock olock(newConfig);
+
+		for (const Dictionary::Pair& kv : newConfig) {
+			String dst = productionZonesDir + "/" + kv.first;
+
+			Utility::MkDirP(Utility::DirName(dst), 0755);
+
+			Log(LogInformation, "ApiListener")
+				<< "Updating configuration file: " << dst;
+
+			String content = kv.second;
+
+			std::ofstream fp(dst.CStr(), std::ofstream::out | std::ostream::binary | std::ostream::trunc);
+
+			fp << content;
+			fp.close();
+
+			numBytes += content.GetLength();
+		}
+	}
+
+	// Additional metadata.
+	String tsPath = productionZonesDir + "/.timestamp";
+
+	if (!Utility::PathExists(tsPath)) {
+		std::ofstream fp(tsPath.CStr(), std::ofstream::out | std::ostream::trunc);
+
+		fp << std::fixed << Utility::GetTime();
+		fp.close();
+	}
+
+	String authPath = productionZonesDir + "/.authoritative";
+
+	if (!Utility::PathExists(authPath)) {
+		std::ofstream fp(authPath.CStr(), std::ofstream::out | std::ostream::trunc);
+		fp.close();
+	}
+
+	// Checksums.
+	String checksumsPath = productionZonesDir + "/.checksums";
+
+	if (Utility::PathExists(checksumsPath))
+		Utility::Remove(checksumsPath);
+
+	std::ofstream fp(checksumsPath.CStr(), std::ofstream::out | std::ostream::trunc);
+
+	fp << std::fixed << JsonEncode(newConfigInfo.Checksums);
+	fp.close();
+
+	Log(LogNotice, "ApiListener")
+		<< "Updated meta data for cluster config sync. Checksum: '" << checksumsPath
+		<< "', timestamp: '" << tsPath << "', auth: '" << authPath << "'.";
+}
+
+/**
+ * Entrypoint for sending a file based config update to a cluster client.
+ * This includes security checks for zone relations.
+ * Loads the zone config files where this client belongs to
+ * and sends the 'config::Update' JSON-RPC message.
+ *
+ * @param aclient Connected JSON-RPC client.
+ */
 void ApiListener::SendConfigUpdate(const JsonRpcConnection::Ptr& aclient)
 {
 	Endpoint::Ptr endpoint = aclient->GetEndpoint();
 	ASSERT(endpoint);
 
-	Zone::Ptr azone = endpoint->GetZone();
-	Zone::Ptr lzone = Zone::GetLocalZone();
+	Zone::Ptr clientZone = endpoint->GetZone();
+	Zone::Ptr localZone = Zone::GetLocalZone();
 
-	/* don't try to send config updates to our master */
-	if (!azone->IsChildOf(lzone))
+	// Don't send config updates to parent zones
+	if (!clientZone->IsChildOf(localZone))
 		return;
 
 	Dictionary::Ptr configUpdateV1 = new Dictionary();
 	Dictionary::Ptr configUpdateV2 = new Dictionary();
+	Dictionary::Ptr configUpdateChecksums = new Dictionary(); // new since 2.11
 
-	String zonesDir = Application::GetLocalStateDir() + "/lib/icinga2/api/zones";
+	String zonesDir = GetApiZonesDir();
 
 	for (const Zone::Ptr& zone : ConfigType::GetObjectsByType<Zone>()) {
-		String zoneDir = zonesDir + "/" + zone->GetName();
+		String zoneName = zone->GetName();
+		String zoneDir = zonesDir + zoneName;
 
-		if (!zone->IsChildOf(azone) && !zone->IsGlobal())
+		// Only sync child and global zones.
+		if (!zone->IsChildOf(clientZone) && !zone->IsGlobal())
 			continue;
 
+		// Zone was configured, but there's no configuration directory.
 		if (!Utility::PathExists(zoneDir))
 			continue;
 
 		Log(LogInformation, "ApiListener")
 			<< "Syncing configuration files for " << (zone->IsGlobal() ? "global " : "")
-			<< "zone '" << zone->GetName() << "' to endpoint '" << endpoint->GetName() << "'.";
+			<< "zone '" << zoneName << "' to endpoint '" << endpoint->GetName() << "'.";
 
-		ConfigDirInformation config = LoadConfigDir(zonesDir + "/" + zone->GetName());
-		configUpdateV1->Set(zone->GetName(), config.UpdateV1);
-		configUpdateV2->Set(zone->GetName(), config.UpdateV2);
+		ConfigDirInformation config = LoadConfigDir(zoneDir);
+
+		configUpdateV1->Set(zoneName, config.UpdateV1);
+		configUpdateV2->Set(zoneName, config.UpdateV2);
+		configUpdateChecksums->Set(zoneName, config.Checksums); // new since 2.11
 	}
 
 	Dictionary::Ptr message = new Dictionary({
@@ -265,15 +221,29 @@ void ApiListener::SendConfigUpdate(const JsonRpcConnection::Ptr& aclient)
 		{ "method", "config::Update" },
 		{ "params", new Dictionary({
 			{ "update", configUpdateV1 },
-			{ "update_v2", configUpdateV2 }
+			{ "update_v2", configUpdateV2 },	// Since 2.4.2.
+			{ "checksums", configUpdateChecksums } 	// Since 2.11.0.
 		}) }
 	});
 
 	aclient->SendMessage(message);
 }
 
+/**
+ * Registered handler when a new config::Update message is received.
+ *
+ * Checks destination and permissions first, locks the transaction and analyses the update.
+ * The newly received configuration is not copied to production immediately,
+ * but into the staging directory first.
+ * Last, the async validation and restart is triggered.
+ *
+ * @param origin Where this message came from.
+ * @param params Message parameters including the config updates.
+ * @returns Empty, required by the interface.
+ */
 Value ApiListener::ConfigUpdateHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
 {
+	// Verify permissions and trust relationship.
 	if (!origin->FromClient->GetEndpoint() || (origin->FromZone && !Zone::GetLocalZone()->IsChildOf(origin->FromZone)))
 		return Empty;
 
@@ -290,52 +260,586 @@ Value ApiListener::ConfigUpdateHandler(const MessageOrigin::Ptr& origin, const D
 		return Empty;
 	}
 
-	Log(LogInformation, "ApiListener")
-		<< "Applying config update from endpoint '" << origin->FromClient->GetEndpoint()->GetName()
-		<< "' of zone '" << GetFromZoneName(origin->FromZone) << "'.";
+	/* Only one transaction is allowed, concurrent message handlers need to wait.
+	 * This affects two parent endpoints sending the config in the same moment.
+	 */
+	boost::mutex::scoped_lock lock(m_ConfigSyncStageLock);
 
+	String apiZonesStageDir = GetApiZonesStageDir();
+	String fromEndpointName = origin->FromClient->GetEndpoint()->GetName();
+	String fromZoneName = GetFromZoneName(origin->FromZone);
+
+	Log(LogInformation, "ApiListener")
+		<< "Applying config update from endpoint '" << fromEndpointName
+		<< "' of zone '" << fromZoneName << "'.";
+
+	// Config files.
 	Dictionary::Ptr updateV1 = params->Get("update");
+	// Meta data files: .timestamp, etc.
 	Dictionary::Ptr updateV2 = params->Get("update_v2");
 
+	// New since 2.11.0.
+	Dictionary::Ptr checksums;
+
+	if (params->Contains("checksums"))
+		checksums = params->Get("checksums");
+
 	bool configChange = false;
 
+	// Keep track of the relative config paths for later validation and copying. TODO: Find a better algorithm.
+	std::vector<String> relativePaths;
+
+	/*
+	 * We can and must safely purge the staging directory, as the difference is taken between
+	 * runtime production config and newly received configuration.
+	 * This is needed to not mix deleted/changed content between received and stage
+	 * config.
+	 */
+	if (Utility::PathExists(apiZonesStageDir))
+		Utility::RemoveDirRecursive(apiZonesStageDir);
+
+	Utility::MkDirP(apiZonesStageDir, 0700);
+
+	// Analyse and process the update.
+	size_t count = 0;
+
 	ObjectLock olock(updateV1);
+
 	for (const Dictionary::Pair& kv : updateV1) {
-		Zone::Ptr zone = Zone::GetByName(kv.first);
+
+		// Check for the configured zones.
+		String zoneName = kv.first;
+		Zone::Ptr zone = Zone::GetByName(zoneName);
 
 		if (!zone) {
 			Log(LogWarning, "ApiListener")
-				<< "Ignoring config update for unknown zone '" << kv.first << "'.";
+				<< "Ignoring config update from endpoint '" << fromEndpointName
+				<< "' for unknown zone '" << zoneName << "'.";
+
 			continue;
 		}
 
-		if (ConfigCompiler::HasZoneConfigAuthority(kv.first)) {
-			Log(LogWarning, "ApiListener")
-				<< "Ignoring config update for zone '" << kv.first << "' because we have an authoritative version of the zone's config.";
+		// Ignore updates where we have an authoritive copy in etc/zones.d, packages, etc.
+		if (ConfigCompiler::HasZoneConfigAuthority(zoneName)) {
+			Log(LogInformation, "ApiListener")
+				<< "Ignoring config update from endpoint '" << fromEndpointName
+				<< "' for zone '" << zoneName << "' because we have an authoritative version of the zone's config.";
+
 			continue;
 		}
 
-		String oldDir = Application::GetLocalStateDir() + "/lib/icinga2/api/zones/" + zone->GetName();
+		// Put the received configuration into our stage directory.
+		String productionConfigZoneDir = GetApiZonesDir() + zoneName;
+		String stageConfigZoneDir = GetApiZonesStageDir() + zoneName;
 
-		Utility::MkDirP(oldDir, 0700);
+		Utility::MkDirP(productionConfigZoneDir, 0700);
+		Utility::MkDirP(stageConfigZoneDir, 0700);
 
+		// Merge the config information.
 		ConfigDirInformation newConfigInfo;
 		newConfigInfo.UpdateV1 = kv.second;
 
+		// Load metadata.
 		if (updateV2)
 			newConfigInfo.UpdateV2 = updateV2->Get(kv.first);
 
-		Dictionary::Ptr newConfig = kv.second;
-		ConfigDirInformation oldConfigInfo = LoadConfigDir(oldDir);
+		// Load checksums. New since 2.11.
+		if (checksums)
+			newConfigInfo.Checksums = checksums->Get(kv.first);
 
-		if (UpdateConfigDir(oldConfigInfo, newConfigInfo, oldDir, false))
-			configChange = true;
+		// Load the current production config details.
+		ConfigDirInformation productionConfigInfo = LoadConfigDir(productionConfigZoneDir);
+
+		// Merge updateV1 and updateV2
+		Dictionary::Ptr productionConfig = MergeConfigUpdate(productionConfigInfo);
+		Dictionary::Ptr newConfig = MergeConfigUpdate(newConfigInfo);
+
+		/* If we have received 'checksums' via cluster message, go for it.
+		 * Otherwise do the old timestamp dance for versions < 2.11.
+		 */
+		if (checksums) {
+			Log(LogInformation, "ApiListener")
+				<< "Received configuration for zone '" << zoneName << "' from endpoint '"
+				<< fromEndpointName << "'. Comparing the checksums.";
+
+			// TODO: Do this earlier in hello-handshakes?
+			if (CheckConfigChange(productionConfigInfo, newConfigInfo))
+				configChange = true;
+
+		} else {
+			/* Fallback to timestamp handling when the parent endpoint didn't send checks.
+			 * This can happen when the satellite is 2.11 and the master is 2.10.
+			 *
+			 * TODO: Deprecate and remove this behaviour in 2.13+.
+			 */
+
+			Log(LogWarning, "ApiListener")
+				<< "Received configuration update without checksums from parent endpoint "
+				<< fromEndpointName << ". This behaviour is deprecated. Please upgrade the parent endpoint to 2.11+";
+
+			double productionTimestamp;
+
+			if (!productionConfig->Contains("/.timestamp"))
+				productionTimestamp = 0;
+			else
+				productionTimestamp = productionConfig->Get("/.timestamp");
+
+			double newTimestamp;
+
+			if (!newConfig->Contains("/.timestamp"))
+				newTimestamp = Utility::GetTime();
+			else
+				newTimestamp = newConfig->Get("/.timestamp");
+
+			// Skip update if our configuration files are more recent.
+			if (productionTimestamp >= newTimestamp) {
+
+				Log(LogInformation, "ApiListener")
+					<< "Our configuration is more recent than the received configuration update."
+					<< " Ignoring configuration file update for path '" << stageConfigZoneDir << "'. Current timestamp '"
+					<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", productionTimestamp) << "' ("
+					<< std::fixed << std::setprecision(6) << productionTimestamp
+					<< ") >= received timestamp '"
+					<< Utility::FormatDateTime("%Y-%m-%d %H:%M:%S %z", newTimestamp) << "' ("
+					<< newTimestamp << ").";
+
+			} else {
+				configChange = true;
+			}
+
+			// Keep another hack when there's a timestamp file missing.
+			{
+				ObjectLock olock(newConfig);
+
+				for (const Dictionary::Pair &kv : newConfig) {
+
+					// This is super expensive with a string content comparison.
+					if (productionConfig->Get(kv.first) != kv.second) {
+						if (!Utility::Match("*/.timestamp", kv.first))
+							configChange = true;
+					}
+				}
+			}
+
+			// Update the .timestamp file.
+			String tsPath = stageConfigZoneDir + "/.timestamp";
+			if (!Utility::PathExists(tsPath)) {
+				std::ofstream fp(tsPath.CStr(), std::ofstream::out | std::ostream::trunc);
+				fp << std::fixed << newTimestamp;
+				fp.close();
+			}
+		}
+
+		// Dump the received configuration for this zone into the stage directory.
+		size_t numBytes = 0;
+
+		{
+			ObjectLock olock(newConfig);
+
+			for (const Dictionary::Pair& kv : newConfig) {
+
+				/* Store the relative config file path for later validation and activation.
+				 * IMPORTANT: Store this prior to any filters.
+				 * */
+				relativePaths.push_back(zoneName + "/" + kv.first);
+
+				String path = stageConfigZoneDir + "/" + kv.first;
+
+				if (Utility::Match("*.conf", path)) {
+					Log(LogInformation, "ApiListener")
+						<< "Stage: Updating received configuration file '" << path << "' for zone '" << zoneName << "'.";
+				}
+
+				// Sync string content only.
+				String content = kv.second;
+
+				// Generate a directory tree (zones/1/2/3 might not exist yet).
+				Utility::MkDirP(Utility::DirName(path), 0755);
+
+				// Write the content to file.
+				std::ofstream fp(path.CStr(), std::ofstream::out | std::ostream::binary | std::ostream::trunc);
+				fp << content;
+				fp.close();
+
+				numBytes += content.GetLength();
+			}
+		}
+
+		Log(LogInformation, "ApiListener")
+			<< "Applying configuration file update for path '" << stageConfigZoneDir << "' ("
+			<< numBytes << " Bytes).";
+
+		// If the update removes a path, delete it on disk and signal a config change.
+		{
+			ObjectLock xlock(productionConfig);
+
+			for (const Dictionary::Pair& kv : productionConfig) {
+				if (!newConfig->Contains(kv.first)) {
+					configChange = true;
+
+					String path = stageConfigZoneDir + "/" + kv.first;
+					Utility::Remove(path);
+				}
+			}
+		}
+
+		count++;
 	}
 
+	/*
+	 * We have processed all configuration files and stored them in the staging directory.
+	 *
+	 * We need to store them locally for later analysis. A config change means
+	 * that we will validate the configuration in a separate process sandbox,
+	 * and only copy the configuration to production when everything is ok.
+	 *
+	 * A successful validation also triggers the final restart.
+	 */
 	if (configChange) {
-		Log(LogInformation, "ApiListener", "Restarting after configuration change.");
-		Application::RequestRestart();
+		Log(LogInformation, "ApiListener")
+			<< "Received configuration updates (" << count << ") from endpoint '" << fromEndpointName
+			<< "' are different to production, triggering validation and reload.";
+		AsyncTryActivateZonesStage(relativePaths);
+	} else {
+		Log(LogInformation, "ApiListener")
+			<< "Received configuration updates (" << count << ") from endpoint '" << fromEndpointName
+			<< "' are equal to production, not triggering reload.";
 	}
 
 	return Empty;
 }
+
+/**
+ * Callback for stage config validation.
+ * When validation was successful, the configuration is copied from
+ * stage to production and a restart is triggered.
+ * On failure, there's no restart and this is logged.
+ *
+ * @param pr Result of the validation process.
+ * @param relativePaths Collected paths including the zone name, which are copied from stage to current directories.
+ */
+void ApiListener::TryActivateZonesStageCallback(const ProcessResult& pr,
+	const std::vector<String>& relativePaths)
+{
+	String apiZonesDir = GetApiZonesDir();
+	String apiZonesStageDir = GetApiZonesStageDir();
+
+	String logFile = apiZonesStageDir + "/startup.log";
+	std::ofstream fpLog(logFile.CStr(), std::ofstream::out | std::ostream::binary | std::ostream::trunc);
+	fpLog << pr.Output;
+	fpLog.close();
+
+	String statusFile = apiZonesStageDir + "/status";
+	std::ofstream fpStatus(statusFile.CStr(), std::ofstream::out | std::ostream::binary | std::ostream::trunc);
+	fpStatus << pr.ExitStatus;
+	fpStatus.close();
+
+	// Validation went fine, copy stage and reload.
+	if (pr.ExitStatus == 0) {
+		Log(LogInformation, "ApiListener")
+			<< "Config validation for stage '" << apiZonesStageDir << "' was OK, replacing into '" << apiZonesDir << "' and triggering reload.";
+
+		// Purge production before copying stage.
+		if (Utility::PathExists(apiZonesDir))
+			Utility::RemoveDirRecursive(apiZonesDir);
+
+		Utility::MkDirP(apiZonesDir, 0700);
+
+		// Copy all synced configuration files from stage to production.
+		for (const String& path : relativePaths) {
+			if (!Utility::PathExists(apiZonesStageDir + path))
+				continue;
+
+			Log(LogInformation, "ApiListener")
+				<< "Copying file '" << path << "' from config sync staging to production zones directory.";
+
+			String stagePath = apiZonesStageDir + path;
+			String currentPath = apiZonesDir + path;
+
+			Utility::MkDirP(Utility::DirName(currentPath), 0700);
+
+			Utility::CopyFile(stagePath, currentPath);
+		}
+
+		// Clear any failed deployment before
+		ApiListener::Ptr listener = ApiListener::GetInstance();
+
+		if (listener)
+			listener->ClearLastFailedZonesStageValidation();
+
+		Application::RequestRestart();
+
+		// All good, return early.
+		return;
+	}
+
+	// Error case.
+	Log(LogCritical, "ApiListener")
+		<< "Config validation failed for staged cluster config sync in '" << apiZonesStageDir
+		<< "'. Aborting. Logs: '" << logFile << "'";
+
+	ApiListener::Ptr listener = ApiListener::GetInstance();
+
+	if (listener)
+		listener->UpdateLastFailedZonesStageValidation(pr.Output);
+}
+
+/**
+ * Spawns a new validation process and waits for its output.
+ * Sets 'System.ZonesStageVarDir' to override the config validation zone dirs with our current stage.
+ *
+ * @param relativePaths Required for later file operations in the callback. Provides the zone name plus path in a list.
+ */
+void ApiListener::AsyncTryActivateZonesStage(const std::vector<String>& relativePaths)
+{
+	VERIFY(Application::GetArgC() >= 1);
+
+	/* Inherit parent process args. */
+	Array::Ptr args = new Array({
+		Application::GetExePath(Application::GetArgV()[0]),
+	});
+
+	for (int i = 1; i < Application::GetArgC(); i++) {
+		String argV = Application::GetArgV()[i];
+
+		if (argV == "-d" || argV == "--daemonize")
+			continue;
+
+		args->Add(argV);
+	}
+
+	args->Add("--validate");
+
+	// Set the ZonesStageDir. This creates our own local chroot without any additional automated zone includes.
+	args->Add("--define");
+	args->Add("System.ZonesStageVarDir=" + GetApiZonesStageDir());
+
+	Process::Ptr process = new Process(Process::PrepareCommand(args));
+	process->SetTimeout(Application::GetReloadTimeout());
+	process->Run(std::bind(&TryActivateZonesStageCallback, _1, relativePaths));
+}
+
+/**
+ * Update the structure from the last failed validation output.
+ * Uses the current timestamp.
+ *
+ * @param log The process output from the config validation.
+ */
+void ApiListener::UpdateLastFailedZonesStageValidation(const String& log)
+{
+	Dictionary::Ptr lastFailedZonesStageValidation = new Dictionary({
+		{ "log", log },
+		{ "ts", Utility::GetTime() }
+	});
+
+	SetLastFailedZonesStageValidation(lastFailedZonesStageValidation);
+}
+
+/**
+ * Clear the structure for the last failed reload.
+ *
+ */
+void ApiListener::ClearLastFailedZonesStageValidation()
+{
+	SetLastFailedZonesStageValidation(Dictionary::Ptr());
+}
+
+/**
+ * Generate a config checksum.
+ *
+ * @param content String content used for generating the checksum.
+ * @returns The checksum as string.
+ */
+String ApiListener::GetChecksum(const String& content)
+{
+	return SHA256(content);
+}
+
+bool ApiListener::CheckConfigChange(const ConfigDirInformation& oldConfig, const ConfigDirInformation& newConfig)
+{
+	Dictionary::Ptr oldChecksums = oldConfig.Checksums;
+	Dictionary::Ptr newChecksums = newConfig.Checksums;
+
+	// TODO: Figure out whether normal users need this for debugging.
+	Log(LogDebug, "ApiListener")
+		<< "Checking for config change between stage and production. Old (" << oldChecksums->GetLength() << "): '"
+		<< JsonEncode(oldChecksums)
+		<< "' vs. new (" << newChecksums->GetLength() << "): '"
+		<< JsonEncode(newChecksums) << "'.";
+
+	/* Since internal files are synced here too, we can not depend on length.
+	 * So we need to go through both checksum sets to cover the cases"everything is new" and "everything was deleted".
+	 */
+	{
+		ObjectLock olock(oldChecksums);
+		for (const Dictionary::Pair& kv : oldChecksums) {
+			String path = kv.first;
+			String oldChecksum = kv.second;
+
+			/* Ignore internal files, especially .timestamp and .checksums.
+			 *
+			 * If we don't, this results in "always change" restart loops.
+			 */
+			if (Utility::Match("/.*", path)) {
+				Log(LogDebug, "ApiListener")
+					<< "Ignoring old internal file '" << path << "'.";
+
+				continue;
+			}
+
+			Log(LogDebug, "ApiListener")
+				<< "Checking " << path << " for old checksum: " << oldChecksum << ".";
+
+			// Check if key exists first for more verbose logging.
+			// Note: Don't do this later on.
+			if (!newChecksums->Contains(path)) {
+				Log(LogDebug, "ApiListener")
+					<< "File '" << path << "' was deleted by remote.";
+
+				return true;
+			}
+
+			String newChecksum = newChecksums->Get(path);
+
+			if (newChecksum != kv.second) {
+				Log(LogDebug, "ApiListener")
+					<< "Path '" << path << "' doesn't match old checksum '"
+					<< oldChecksum << "' with new checksum '" << newChecksum << "'.";
+
+				return true;
+			}
+		}
+	}
+
+	{
+		ObjectLock olock(newChecksums);
+		for (const Dictionary::Pair& kv : newChecksums) {
+			String path = kv.first;
+			String newChecksum = kv.second;
+
+			/* Ignore internal files, especially .timestamp and .checksums.
+			 *
+			 * If we don't, this results in "always change" restart loops.
+			 */
+			if (Utility::Match("/.*", path)) {
+				Log(LogDebug, "ApiListener")
+					<< "Ignoring new internal file '" << path << "'.";
+
+				continue;
+			}
+
+			Log(LogDebug, "ApiListener")
+				<< "Checking " << path << " for new checksum: " << newChecksum << ".";
+
+			// Check if the checksum exists, checksums in both sets have already been compared
+			if (!oldChecksums->Contains(path)) {
+				Log(LogDebug, "ApiListener")
+					<< "File '" << path << "' was added by remote.";
+
+				return true;
+			}
+		}
+	}
+
+	return false;
+}
+
+/**
+ * Load the given config dir and read their file content into the config structure.
+ *
+ * @param dir Path to the config directory.
+ * @returns ConfigDirInformation structure.
+ */
+ConfigDirInformation ApiListener::LoadConfigDir(const String& dir)
+{
+	ConfigDirInformation config;
+	config.UpdateV1 = new Dictionary();
+	config.UpdateV2 = new Dictionary();
+	config.Checksums = new Dictionary();
+
+	Utility::GlobRecursive(dir, "*", std::bind(&ApiListener::ConfigGlobHandler, std::ref(config), dir, _1), GlobFile);
+	return config;
+}
+
+/**
+ * Read the given file and store it in the config information structure.
+ * Callback function for Glob().
+ *
+ * @param config Reference to the config information object.
+ * @param path File path.
+ * @param file Full file name.
+ */
+void ApiListener::ConfigGlobHandler(ConfigDirInformation& config, const String& path, const String& file)
+{
+	// Avoid loading the authoritative marker for syncs at all cost.
+	if (Utility::BaseName(file) == ".authoritative")
+		return;
+
+	CONTEXT("Creating config update for file '" + file + "'");
+
+	Log(LogNotice, "ApiListener")
+		<< "Creating config update for file '" << file << "'.";
+
+	std::ifstream fp(file.CStr(), std::ifstream::binary);
+	if (!fp)
+		return;
+
+	String content((std::istreambuf_iterator<char>(fp)), std::istreambuf_iterator<char>());
+
+	Dictionary::Ptr update;
+	String relativePath = file.SubStr(path.GetLength());
+
+	/*
+	 * 'update' messages contain conf files. 'update_v2' syncs everything else (.timestamp).
+	 *
+	 * **Keep this intact to stay compatible with older clients.**
+	 */
+	String sanitizedContent = Utility::ValidateUTF8(content);
+
+	if (Utility::Match("*.conf", file)) {
+		update = config.UpdateV1;
+
+		// Configuration files should be automatically sanitized with UTF8.
+		update->Set(relativePath, sanitizedContent);
+	} else {
+		update = config.UpdateV2;
+
+		/*
+		 * Ensure that only valid UTF8 content is being read for the cluster config sync.
+		 * Binary files are not supported when wrapped into JSON encoded messages.
+		 * Rationale: https://github.com/Icinga/icinga2/issues/7382
+		 */
+		if (content != sanitizedContent) {
+			Log(LogCritical, "ApiListener")
+				<< "Ignoring file '" << file << "' for cluster config sync: Does not contain valid UTF8. Binary files are not supported.";
+			return;
+		}
+
+		update->Set(relativePath, content);
+	}
+
+	/* Calculate a checksum for each file (and a global one later).
+	 *
+	 * IMPORTANT: Ignore the .authoritative file above, this must not be synced.
+	 * */
+	config.Checksums->Set(relativePath, GetChecksum(content));
+}
+
+/**
+ * Compatibility helper for merging config update v1 and v2 into a global result.
+ *
+ * @param config Config information structure.
+ * @returns Dictionary which holds the merged information.
+ */
+Dictionary::Ptr ApiListener::MergeConfigUpdate(const ConfigDirInformation& config)
+{
+	Dictionary::Ptr result = new Dictionary();
+
+	if (config.UpdateV1)
+		config.UpdateV1->CopyTo(result);
+
+	if (config.UpdateV2)
+		config.UpdateV2->CopyTo(result);
+
+	return result;
+}
diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index d7e01da67..81385e6da 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/apilistener.hpp"
 #include "remote/apilistener-ti.cpp"
@@ -23,7 +6,11 @@
 #include "remote/endpoint.hpp"
 #include "remote/jsonrpc.hpp"
 #include "remote/apifunction.hpp"
+#include "remote/configpackageutility.hpp"
+#include "remote/configobjectutility.hpp"
 #include "base/convert.hpp"
+#include "base/defer.hpp"
+#include "base/io-engine.hpp"
 #include "base/netstring.hpp"
 #include "base/json.hpp"
 #include "base/configtype.hpp"
@@ -35,7 +22,20 @@
 #include "base/context.hpp"
 #include "base/statsfunction.hpp"
 #include "base/exception.hpp"
+#include "base/tcpsocket.hpp"
+#include <boost/asio/buffer.hpp>
+#include <boost/asio/ip/tcp.hpp>
+#include <boost/asio/spawn.hpp>
+#include <boost/asio/ssl/context.hpp>
+#include <boost/system/error_code.hpp>
+#include <climits>
 #include <fstream>
+#include <memory>
+#include <openssl/ssl.h>
+#include <openssl/tls1.h>
+#include <openssl/x509.h>
+#include <sstream>
+#include <utility>
 
 using namespace icinga;
 
@@ -56,22 +56,32 @@ ApiListener::ApiListener()
 
 String ApiListener::GetApiDir()
 {
-	return Application::GetLocalStateDir() + "/lib/icinga2/api/";
+	return Configuration::DataDir + "/api/";
+}
+
+String ApiListener::GetApiZonesDir()
+{
+	return GetApiDir() + "zones/";
+}
+
+String ApiListener::GetApiZonesStageDir()
+{
+	return GetApiDir() + "zones-stage/";
 }
 
 String ApiListener::GetCertsDir()
 {
-	return Application::GetLocalStateDir() + "/lib/icinga2/certs/";
+	return Configuration::DataDir + "/certs/";
 }
 
 String ApiListener::GetCaDir()
 {
-	return Application::GetLocalStateDir() + "/lib/icinga2/ca/";
+	return Configuration::DataDir + "/ca/";
 }
 
 String ApiListener::GetCertificateRequestsDir()
 {
-	return Application::GetLocalStateDir() + "/lib/icinga2/certificate-requests/";
+	return Configuration::DataDir + "/certificate-requests/";
 }
 
 String ApiListener::GetDefaultCertPath()
@@ -89,6 +99,16 @@ String ApiListener::GetDefaultCaPath()
 	return GetCertsDir() + "/ca.crt";
 }
 
+double ApiListener::GetTlsHandshakeTimeout() const
+{
+	return Configuration::TlsHandshakeTimeout;
+}
+
+void ApiListener::SetTlsHandshakeTimeout(double value, bool suppress_events, const Value& cookie)
+{
+	Configuration::TlsHandshakeTimeout = value;
+}
+
 void ApiListener::CopyCertificateFile(const String& oldCertPath, const String& newCertPath)
 {
 	struct stat st1, st2;
@@ -123,9 +143,15 @@ void ApiListener::OnConfigLoaded()
 	CopyCertificateFile(oldCaPath, defaultCaPath);
 
 	if (!oldCertPath.IsEmpty() && !oldKeyPath.IsEmpty() && !oldCaPath.IsEmpty()) {
-		Log(LogWarning, "ApiListener", "Please read the upgrading documentation for v2.8: https://www.icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/");
+		Log(LogWarning, "ApiListener", "Please read the upgrading documentation for v2.8: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/");
 	}
 
+	/* Create the internal API object storage. */
+	ConfigObjectUtility::CreateStorage();
+
+	/* Cache API packages and their active stage name. */
+	UpdateActivePackageStagesCache();
+
 	/* set up SSL context */
 	std::shared_ptr<X509> cert;
 	try {
@@ -150,10 +176,12 @@ void ApiListener::OnConfigLoaded()
 
 void ApiListener::UpdateSSLContext()
 {
-	std::shared_ptr<SSL_CTX> context;
+	namespace ssl = boost::asio::ssl;
+
+	std::shared_ptr<ssl::context> context;
 
 	try {
-		context = MakeSSLContext(GetDefaultCertPath(), GetDefaultKeyPath(), GetDefaultCaPath());
+		context = MakeAsioSslContext(GetDefaultCertPath(), GetDefaultKeyPath(), GetDefaultCaPath());
 	} catch (const std::exception&) {
 		BOOST_THROW_EXCEPTION(ScriptError("Cannot make SSL context for cert path: '"
 			+ GetDefaultCertPath() + "' key path: '" + GetDefaultKeyPath() + "' ca path: '" + GetDefaultCaPath() + "'.", GetDebugInfo()));
@@ -214,13 +242,12 @@ void ApiListener::Start(bool runtimeCreated)
 	Log(LogInformation, "ApiListener")
 		<< "'" << GetName() << "' started.";
 
-	SyncZoneDirs();
+	SyncLocalZoneDirs();
 
 	ObjectImpl<ApiListener>::Start(runtimeCreated);
 
 	{
 		boost::mutex::scoped_lock lock(m_LogLock);
-		RotateLogFile();
 		OpenLogFile();
 	}
 
@@ -239,13 +266,17 @@ void ApiListener::Start(bool runtimeCreated)
 
 	m_ReconnectTimer = new Timer();
 	m_ReconnectTimer->OnTimerExpired.connect(std::bind(&ApiListener::ApiReconnectTimerHandler, this));
-	m_ReconnectTimer->SetInterval(60);
+	m_ReconnectTimer->SetInterval(10);
 	m_ReconnectTimer->Start();
 	m_ReconnectTimer->Reschedule(0);
 
+	/* Keep this in relative sync with the cold startup in UpdateObjectAuthority() and the reconnect interval above.
+	 * Previous: 60s reconnect, 30s OA, 60s cold startup.
+	 * Now: 10s reconnect, 10s OA, 30s cold startup. 
+	 */
 	m_AuthorityTimer = new Timer();
 	m_AuthorityTimer->OnTimerExpired.connect(std::bind(&ApiListener::UpdateObjectAuthority));
-	m_AuthorityTimer->SetInterval(30);
+	m_AuthorityTimer->SetInterval(10);
 	m_AuthorityTimer->Start();
 
 	m_CleanupCertificateRequestsTimer = new Timer();
@@ -254,6 +285,11 @@ void ApiListener::Start(bool runtimeCreated)
 	m_CleanupCertificateRequestsTimer->Start();
 	m_CleanupCertificateRequestsTimer->Reschedule(0);
 
+	m_ApiPackageIntegrityTimer = new Timer();
+	m_ApiPackageIntegrityTimer->OnTimerExpired.connect(std::bind(&ApiListener::CheckApiPackageIntegrity, this));
+	m_ApiPackageIntegrityTimer->SetInterval(300);
+	m_ApiPackageIntegrityTimer->Start();
+
 	OnMasterChanged(true);
 }
 
@@ -264,8 +300,13 @@ void ApiListener::Stop(bool runtimeDeleted)
 	Log(LogInformation, "ApiListener")
 		<< "'" << GetName() << "' stopped.";
 
-	boost::mutex::scoped_lock lock(m_LogLock);
-	CloseLogFile();
+	{
+		boost::mutex::scoped_lock lock(m_LogLock);
+		CloseLogFile();
+		RotateLogFile();
+	}
+
+	RemoveStatusFile();
 }
 
 ApiListener::Ptr ApiListener::GetInstance()
@@ -309,49 +350,95 @@ bool ApiListener::IsMaster() const
  */
 bool ApiListener::AddListener(const String& node, const String& service)
 {
+	namespace asio = boost::asio;
+	namespace ip = asio::ip;
+	using ip::tcp;
+
 	ObjectLock olock(this);
 
-	std::shared_ptr<SSL_CTX> sslContext = m_SSLContext;
+	auto sslContext (m_SSLContext);
 
 	if (!sslContext) {
 		Log(LogCritical, "ApiListener", "SSL context is required for AddListener()");
 		return false;
 	}
 
-	Log(LogInformation, "ApiListener")
-		<< "Adding new listener on port '" << service << "'";
-
-	TcpSocket::Ptr server = new TcpSocket();
+	auto& io (IoEngine::Get().GetIoContext());
+	auto acceptor (std::make_shared<tcp::acceptor>(io));
 
 	try {
-		server->Bind(node, service, AF_UNSPEC);
-	} catch (const std::exception&) {
+		tcp::resolver resolver (io);
+		tcp::resolver::query query (node, service, tcp::resolver::query::passive);
+
+		auto result (resolver.resolve(query));
+		auto current (result.begin());
+
+		for (;;) {
+			try {
+				acceptor->open(current->endpoint().protocol());
+
+				{
+					auto fd (acceptor->native_handle());
+
+					const int optFalse = 0;
+					setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, reinterpret_cast<const char *>(&optFalse), sizeof(optFalse));
+
+					const int optTrue = 1;
+					setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, reinterpret_cast<const char *>(&optTrue), sizeof(optTrue));
+#ifndef _WIN32
+					setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, reinterpret_cast<const char *>(&optTrue), sizeof(optTrue));
+#endif /* _WIN32 */
+				}
+
+				acceptor->bind(current->endpoint());
+
+				break;
+			} catch (const std::exception&) {
+				if (++current == result.end()) {
+					throw;
+				}
+
+				if (acceptor->is_open()) {
+					acceptor->close();
+				}
+			}
+		}
+	} catch (const std::exception& ex) {
 		Log(LogCritical, "ApiListener")
-			<< "Cannot bind TCP socket for host '" << node << "' on port '" << service << "'.";
+			<< "Cannot bind TCP socket for host '" << node << "' on port '" << service << "': " << ex.what();
 		return false;
 	}
 
-	std::thread thread(std::bind(&ApiListener::ListenerThreadProc, this, server));
-	thread.detach();
+	acceptor->listen(INT_MAX);
 
-	m_Servers.insert(server);
+	auto localEndpoint (acceptor->local_endpoint());
+
+	Log(LogInformation, "ApiListener")
+		<< "Started new listener on '[" << localEndpoint.address() << "]:" << localEndpoint.port() << "'";
+
+	IoEngine::SpawnCoroutine(io, [this, acceptor, sslContext](asio::yield_context yc) { ListenerCoroutineProc(yc, acceptor, sslContext); });
+
+	UpdateStatusFile(localEndpoint);
 
 	return true;
 }
 
-void ApiListener::ListenerThreadProc(const Socket::Ptr& server)
+void ApiListener::ListenerCoroutineProc(boost::asio::yield_context yc, const std::shared_ptr<boost::asio::ip::tcp::acceptor>& server, const std::shared_ptr<boost::asio::ssl::context>& sslContext)
 {
-	Utility::SetThreadName("API Listener");
+	namespace asio = boost::asio;
 
-	server->Listen();
+	auto& io (IoEngine::Get().GetIoContext());
 
 	for (;;) {
 		try {
-			Socket::Ptr client = server->Accept();
-			std::thread thread(std::bind(&ApiListener::NewClientHandler, this, client, String(), RoleServer));
-			thread.detach();
-		} catch (const std::exception&) {
-			Log(LogCritical, "ApiListener", "Cannot accept new connection.");
+			auto sslConn (std::make_shared<AsioTlsStream>(io, *sslContext));
+
+			server->async_accept(sslConn->lowest_layer(), yc);
+
+			IoEngine::SpawnCoroutine(io, [this, sslConn](asio::yield_context yc) { NewClientHandler(yc, sslConn, String(), RoleServer); });
+		} catch (const std::exception& ex) {
+			Log(LogCritical, "ApiListener")
+				<< "Cannot accept new connection: " << ex.what();
 		}
 	}
 }
@@ -363,55 +450,48 @@ void ApiListener::ListenerThreadProc(const Socket::Ptr& server)
  */
 void ApiListener::AddConnection(const Endpoint::Ptr& endpoint)
 {
-	{
-		ObjectLock olock(this);
+	namespace asio = boost::asio;
+	using asio::ip::tcp;
 
-		std::shared_ptr<SSL_CTX> sslContext = m_SSLContext;
+	auto sslContext (m_SSLContext);
 
-		if (!sslContext) {
-			Log(LogCritical, "ApiListener", "SSL context is required for AddConnection()");
-			return;
+	if (!sslContext) {
+		Log(LogCritical, "ApiListener", "SSL context is required for AddConnection()");
+		return;
+	}
+
+	auto& io (IoEngine::Get().GetIoContext());
+
+	IoEngine::SpawnCoroutine(io, [this, endpoint, &io, sslContext](asio::yield_context yc) {
+		String host = endpoint->GetHost();
+		String port = endpoint->GetPort();
+
+		Log(LogInformation, "ApiListener")
+			<< "Reconnecting to endpoint '" << endpoint->GetName() << "' via host '" << host << "' and port '" << port << "'";
+
+		try {
+			auto sslConn (std::make_shared<AsioTlsStream>(io, *sslContext, endpoint->GetName()));
+
+			Connect(sslConn->lowest_layer(), host, port, yc);
+
+			NewClientHandler(yc, sslConn, endpoint->GetName(), RoleClient);
+
+			endpoint->SetConnecting(false);
+			Log(LogInformation, "ApiListener")
+				<< "Finished reconnecting to endpoint '" << endpoint->GetName() << "' via host '" << host << "' and port '" << port << "'";
+		} catch (const std::exception& ex) {
+			endpoint->SetConnecting(false);
+
+			Log(LogCritical, "ApiListener")
+				<< "Cannot connect to host '" << host << "' on port '" << port << "': " << ex.what();
 		}
-	}
-
-	String host = endpoint->GetHost();
-	String port = endpoint->GetPort();
-
-	Log(LogInformation, "ApiListener")
-		<< "Reconnecting to endpoint '" << endpoint->GetName() << "' via host '" << host << "' and port '" << port << "'";
-
-	TcpSocket::Ptr client = new TcpSocket();
-
-	String serverName = endpoint->GetName();
-
-	String env = ScriptGlobal::Get("Environment", &Empty);
-	if (env != "" && env != "production")
-		serverName += ":" + env;
-
-	try {
-		endpoint->SetConnecting(true);
-		client->Connect(host, port);
-		NewClientHandler(client, serverName, RoleClient);
-		endpoint->SetConnecting(false);
-	} catch (const std::exception& ex) {
-		endpoint->SetConnecting(false);
-		client->Close();
-
-		std::ostringstream info;
-		info << "Cannot connect to host '" << host << "' on port '" << port << "'";
-		Log(LogCritical, "ApiListener", info.str());
-		Log(LogDebug, "ApiListener")
-			<< info.str() << "\n" << DiagnosticInformation(ex);
-	}
-
-	Log(LogInformation, "ApiListener")
-		<< "Finished reconnecting to endpoint '" << endpoint->GetName() << "' via host '" << host << "' and port '" << port << "'";
+	});
 }
 
-void ApiListener::NewClientHandler(const Socket::Ptr& client, const String& hostname, ConnectionRole role)
+void ApiListener::NewClientHandler(boost::asio::yield_context yc, const std::shared_ptr<AsioTlsStream>& client, const String& hostname, ConnectionRole role)
 {
 	try {
-		NewClientHandlerInternal(client, hostname, role);
+		NewClientHandlerInternal(yc, client, hostname, role);
 	} catch (const std::exception& ex) {
 		Log(LogCritical, "ApiListener")
 			<< "Exception while handling new API client connection: " << DiagnosticInformation(ex, false);
@@ -426,46 +506,70 @@ void ApiListener::NewClientHandler(const Socket::Ptr& client, const String& host
  *
  * @param client The new client.
  */
-void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const String& hostname, ConnectionRole role)
+void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const std::shared_ptr<AsioTlsStream>& client, const String& hostname, ConnectionRole role)
 {
-	CONTEXT("Handling new API client connection");
+	namespace asio = boost::asio;
+	namespace ssl = asio::ssl;
 
 	String conninfo;
 
-	if (role == RoleClient)
-		conninfo = "to";
-	else
-		conninfo = "from";
-
-	conninfo += " " + client->GetPeerAddress();
-
-	TlsStream::Ptr tlsStream;
-
 	{
-		ObjectLock olock(this);
-		try {
-			tlsStream = new TlsStream(client, hostname, role, m_SSLContext);
-		} catch (const std::exception&) {
-			Log(LogCritical, "ApiListener")
-				<< "Cannot create TLS stream from client connection (" << conninfo << ")";
-			return;
+		std::ostringstream conninfo_;
+
+		if (role == RoleClient) {
+			conninfo_ << "to";
+		} else {
+			conninfo_ << "from";
 		}
+
+		auto endpoint (client->lowest_layer().remote_endpoint());
+
+		conninfo_ << " [" << endpoint.address() << "]:" << endpoint.port();
+
+		conninfo = conninfo_.str();
 	}
 
-	try {
-		tlsStream->Handshake();
-	} catch (const std::exception&) {
+	auto& sslConn (client->next_layer());
+
+	boost::system::error_code ec;
+
+	sslConn.async_handshake(role == RoleClient ? sslConn.client : sslConn.server, yc[ec]);
+
+	if (ec) {
+		// https://github.com/boostorg/beast/issues/915
+		// Google Chrome 73+ seems not close the connection properly, https://stackoverflow.com/questions/56272906/how-to-fix-certificate-unknown-error-from-chrome-v73
+		if (ec == asio::ssl::error::stream_truncated) {
+			Log(LogNotice, "ApiListener")
+				<< "TLS stream was truncated, ignoring connection from " << conninfo;
+			return;
+		}
+
 		Log(LogCritical, "ApiListener")
-			<< "Client TLS handshake failed (" << conninfo << ")";
+			<< "Client TLS handshake failed (" << conninfo << "): " << ec.message();
 		return;
 	}
 
-	std::shared_ptr<X509> cert = tlsStream->GetPeerCertificate();
+	bool willBeShutDown = false;
+
+	Defer shutDownIfNeeded ([&sslConn, &willBeShutDown, &yc]() {
+		if (!willBeShutDown) {
+			// Ignore the error, but do not throw an exception being swallowed at all cost.
+			// https://github.com/Icinga/icinga2/issues/7351
+			boost::system::error_code ec;
+			sslConn.async_shutdown(yc[ec]);
+		}
+	});
+
+	std::shared_ptr<X509> cert (sslConn.GetPeerCertificate());
+	bool verify_ok = false;
 	String identity;
 	Endpoint::Ptr endpoint;
-	bool verify_ok = false;
 
 	if (cert) {
+		verify_ok = sslConn.IsVerifyOK();
+
+		String verifyError = sslConn.GetVerifyError();
+
 		try {
 			identity = GetCertificateCN(cert);
 		} catch (const std::exception&) {
@@ -474,7 +578,6 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 			return;
 		}
 
-		verify_ok = tlsStream->IsVerifyOK();
 		if (!hostname.IsEmpty()) {
 			if (identity != hostname) {
 				Log(LogWarning, "ApiListener")
@@ -484,22 +587,22 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 			} else if (!verify_ok) {
 				Log(LogWarning, "ApiListener")
 					<< "Certificate validation failed for endpoint '" << hostname
-					<< "': " << tlsStream->GetVerifyError();
+					<< "': " << verifyError;
 			}
 		}
 
-		if (verify_ok)
+		if (verify_ok) {
 			endpoint = Endpoint::GetByName(identity);
+		}
 
-		{
-			Log log(LogInformation, "ApiListener");
+		Log log(LogInformation, "ApiListener");
 
-			log << "New client connection for identity '" << identity << "' " << conninfo;
+		log << "New client connection for identity '" << identity << "' " << conninfo;
 
-			if (!verify_ok)
-				log << " (certificate validation failed: " << tlsStream->GetVerifyError() << ")";
-			else if (!endpoint)
-				log << " (no Endpoint object found for identity)";
+		if (!verify_ok) {
+			log << " (certificate validation failed: " << verifyError << ")";
+		} else if (!endpoint) {
+			log << " (no Endpoint object found for identity)";
 		}
 	} else {
 		Log(LogInformation, "ApiListener")
@@ -509,62 +612,85 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 	ClientType ctype;
 
 	if (role == RoleClient) {
-		Dictionary::Ptr message = new Dictionary({
+		JsonRpc::SendMessage(client, new Dictionary({
 			{ "jsonrpc", "2.0" },
 			{ "method", "icinga::Hello" },
 			{ "params", new Dictionary() }
-		});
+		}), yc);
+
+		client->async_flush(yc);
 
-		JsonRpc::SendMessage(tlsStream, message);
 		ctype = ClientJsonRpc;
 	} else {
-		tlsStream->WaitForData(10);
+		{
+			boost::system::error_code ec;
 
-		if (!tlsStream->IsDataAvailable()) {
-			if (identity.IsEmpty())
-				Log(LogInformation, "ApiListener")
-					<< "No data received on new API connection. "
-					<< "Ensure that the remote endpoints are properly configured in a cluster setup.";
-			else
-				Log(LogWarning, "ApiListener")
-					<< "No data received on new API connection for identity '" << identity << "'. "
-					<< "Ensure that the remote endpoints are properly configured in a cluster setup.";
-			return;
+			if (client->async_fill(yc[ec]) == 0u) {
+				if (identity.IsEmpty()) {
+					Log(LogInformation, "ApiListener")
+						<< "No data received on new API connection " << conninfo << ". "
+						<< "Ensure that the remote endpoints are properly configured in a cluster setup.";
+				} else {
+					Log(LogWarning, "ApiListener")
+						<< "No data received on new API connection " << conninfo << " for identity '" << identity << "'. "
+						<< "Ensure that the remote endpoints are properly configured in a cluster setup.";
+				}
+
+				return;
+			}
 		}
 
-		char firstByte;
-		tlsStream->Peek(&firstByte, 1, false);
+		char firstByte = 0;
 
-		if (firstByte >= '0' && firstByte <= '9')
+		{
+			asio::mutable_buffer firstByteBuf (&firstByte, 1);
+			client->peek(firstByteBuf);
+		}
+
+		if (firstByte >= '0' && firstByte <= '9') {
 			ctype = ClientJsonRpc;
-		else
+		} else {
 			ctype = ClientHttp;
+		}
 	}
 
 	if (ctype == ClientJsonRpc) {
 		Log(LogNotice, "ApiListener", "New JSON-RPC client");
 
-		JsonRpcConnection::Ptr aclient = new JsonRpcConnection(identity, verify_ok, tlsStream, role);
-		aclient->Start();
+		JsonRpcConnection::Ptr aclient = new JsonRpcConnection(identity, verify_ok, client, role);
 
 		if (endpoint) {
 			bool needSync = !endpoint->GetConnected();
 
 			endpoint->AddClient(aclient);
 
-			m_SyncQueue.Enqueue(std::bind(&ApiListener::SyncClient, this, aclient, endpoint, needSync));
-		} else {
-			if (!AddAnonymousClient(aclient)) {
-				Log(LogNotice, "ApiListener", "Ignoring anonymous JSON-RPC connection. Max connections exceeded.");
-				aclient->Disconnect();
-			}
+			IoEngine::SpawnCoroutine(IoEngine::Get().GetIoContext(), [this, aclient, endpoint, needSync](asio::yield_context yc) {
+				CpuBoundWork syncClient (yc);
+
+				SyncClient(aclient, endpoint, needSync);
+			});
+
+		} else if (!AddAnonymousClient(aclient)) {
+			Log(LogNotice, "ApiListener")
+				<< "Ignoring anonymous JSON-RPC connection " << conninfo
+				<< ". Max connections (" << GetMaxAnonymousClients() << ") exceeded.";
+
+			aclient = nullptr;
+		}
+
+		if (aclient) {
+			aclient->Start();
+
+			willBeShutDown = true;
 		}
 	} else {
 		Log(LogNotice, "ApiListener", "New HTTP client");
 
-		HttpServerConnection::Ptr aclient = new HttpServerConnection(identity, verify_ok, tlsStream);
-		aclient->Start();
+		HttpServerConnection::Ptr aclient = new HttpServerConnection(identity, verify_ok, client);
 		AddHttpClient(aclient);
+		aclient->Start();
+
+		willBeShutDown = true;
 	}
 }
 
@@ -653,11 +779,19 @@ void ApiListener::ApiTimerHandler()
 
 	for (int ts : files) {
 		bool need = false;
+		auto localZone (GetLocalEndpoint()->GetZone());
 
 		for (const Endpoint::Ptr& endpoint : ConfigType::GetObjectsByType<Endpoint>()) {
 			if (endpoint == GetLocalEndpoint())
 				continue;
 
+			auto zone (endpoint->GetZone());
+
+			/* only care for endpoints in a) the same zone b) our parent zone c) immediate child zones */
+			if (!(zone == localZone || zone == localZone->GetParent() || zone->GetParent() == localZone)) {
+				continue;
+			}
+
 			if (endpoint->GetLogDuration() >= 0 && ts < now - endpoint->GetLogDuration())
 				continue;
 
@@ -700,10 +834,11 @@ void ApiListener::ApiTimerHandler()
 		}
 
 		for (const JsonRpcConnection::Ptr& client : endpoint->GetClients()) {
-			if (client->GetTimestamp() != maxTs)
-				client->Disconnect();
-			else
+			if (client->GetTimestamp() == maxTs) {
 				client->SendMessage(lmessage);
+			} else {
+				client->Disconnect();
+			}
 		}
 
 		Log(LogNotice, "ApiListener")
@@ -761,8 +896,10 @@ void ApiListener::ApiReconnectTimerHandler()
 				continue;
 			}
 
-			std::thread thread(std::bind(&ApiListener::AddConnection, this, endpoint));
-			thread.detach();
+			/* Set connecting state to prevent duplicated queue inserts later. */
+			endpoint->SetConnecting(true);
+
+			AddConnection(endpoint);
 		}
 	}
 
@@ -873,21 +1010,21 @@ void ApiListener::SyncSendMessage(const Endpoint::Ptr& endpoint, const Dictionar
 	}
 }
 
-bool ApiListener::RelayMessageOne(const Zone::Ptr& targetZone, const MessageOrigin::Ptr& origin, const Dictionary::Ptr& message, const Endpoint::Ptr& currentMaster)
+bool ApiListener::RelayMessageOne(const Zone::Ptr& targetZone, const MessageOrigin::Ptr& origin, const Dictionary::Ptr& message, const Endpoint::Ptr& currentZoneMaster)
 {
 	ASSERT(targetZone);
 
-	Zone::Ptr myZone = Zone::GetLocalZone();
+	Zone::Ptr localZone = Zone::GetLocalZone();
 
-	/* only relay the message to a) the same zone, b) the parent zone and c) direct child zones. Exception is a global zone. */
+	/* only relay the message to a) the same local zone, b) the parent zone and c) direct child zones. Exception is a global zone. */
 	if (!targetZone->GetGlobal() &&
-		targetZone != myZone &&
-		targetZone != myZone->GetParent() &&
-		targetZone->GetParent() != myZone) {
+		targetZone != localZone &&
+		targetZone != localZone->GetParent() &&
+		targetZone->GetParent() != localZone) {
 		return true;
 	}
 
-	Endpoint::Ptr myEndpoint = GetLocalEndpoint();
+	Endpoint::Ptr localEndpoint = GetLocalEndpoint();
 
 	std::vector<Endpoint::Ptr> skippedEndpoints;
 
@@ -896,11 +1033,11 @@ bool ApiListener::RelayMessageOne(const Zone::Ptr& targetZone, const MessageOrig
 	std::set<Endpoint::Ptr> targetEndpoints;
 
 	if (targetZone->GetGlobal()) {
-		targetEndpoints = myZone->GetEndpoints();
+		targetEndpoints = localZone->GetEndpoints();
 
 		for (const Zone::Ptr& zone : ConfigType::GetObjectsByType<Zone>()) {
 			/* Fetch immediate child zone members */
-			if (zone->GetParent() == myZone) {
+			if (zone->GetParent() == localZone) {
 				std::set<Endpoint::Ptr> endpoints = zone->GetEndpoints();
 				targetEndpoints.insert(endpoints.begin(), endpoints.end());
 			}
@@ -909,16 +1046,16 @@ bool ApiListener::RelayMessageOne(const Zone::Ptr& targetZone, const MessageOrig
 		targetEndpoints = targetZone->GetEndpoints();
 	}
 
-	for (const Endpoint::Ptr& endpoint : targetEndpoints) {
-		/* don't relay messages to ourselves */
-		if (endpoint == GetLocalEndpoint())
+	for (const Endpoint::Ptr& targetEndpoint : targetEndpoints) {
+		/* Don't relay messages to ourselves. */
+		if (targetEndpoint == localEndpoint)
 			continue;
 
 		log_needed = true;
 
-		/* don't relay messages to disconnected endpoints */
-		if (!endpoint->GetConnected()) {
-			if (targetZone == myZone)
+		/* Don't relay messages to disconnected endpoints. */
+		if (!targetEndpoint->GetConnected()) {
+			if (targetZone == localZone)
 				log_done = false;
 
 			continue;
@@ -926,40 +1063,54 @@ bool ApiListener::RelayMessageOne(const Zone::Ptr& targetZone, const MessageOrig
 
 		log_done = true;
 
-		/* don't relay the message to the zone through more than one endpoint unless this is our own zone */
-		if (relayed && targetZone != myZone) {
-			skippedEndpoints.push_back(endpoint);
+		/* Don't relay the message to the zone through more than one endpoint unless this is our own zone.
+		 * 'relayed' is set to true on success below, enabling the checks in the second iteration.
+		 */
+		if (relayed && targetZone != localZone) {
+			skippedEndpoints.push_back(targetEndpoint);
 			continue;
 		}
 
-		/* don't relay messages back to the endpoint which we got the message from */
-		if (origin && origin->FromClient && endpoint == origin->FromClient->GetEndpoint()) {
-			skippedEndpoints.push_back(endpoint);
+		/* Don't relay messages back to the endpoint which we got the message from. */
+		if (origin && origin->FromClient && targetEndpoint == origin->FromClient->GetEndpoint()) {
+			skippedEndpoints.push_back(targetEndpoint);
 			continue;
 		}
 
-		/* don't relay messages back to the zone which we got the message from */
+		/* Don't relay messages back to the zone which we got the message from. */
 		if (origin && origin->FromZone && targetZone == origin->FromZone) {
-			skippedEndpoints.push_back(endpoint);
+			skippedEndpoints.push_back(targetEndpoint);
 			continue;
 		}
 
-		/* only relay message to the master if we're not currently the master */
-		if (currentMaster != myEndpoint && currentMaster != endpoint) {
-			skippedEndpoints.push_back(endpoint);
+		/* Only relay message to the zone master if we're not currently the zone master.
+		 * e1 is zone master, e2 and e3 are zone members.
+		 *
+		 * Message is sent from e2 or e3:
+		 *   !isMaster == true
+		 *   targetEndpoint e1 is zone master -> send the message
+		 *   targetEndpoint e3 is not zone master -> skip it, avoid routing loops
+		 *
+		 * Message is sent from e1:
+		 *   !isMaster == false -> send the messages to e2 and e3 being the zone routing master.
+		 */
+		bool isMaster = (currentZoneMaster == localEndpoint);
+
+		if (!isMaster && targetEndpoint != currentZoneMaster) {
+			skippedEndpoints.push_back(targetEndpoint);
 			continue;
 		}
 
 		relayed = true;
 
-		SyncSendMessage(endpoint, message);
+		SyncSendMessage(targetEndpoint, message);
 	}
 
 	if (!skippedEndpoints.empty()) {
 		double ts = message->Get("ts");
 
-		for (const Endpoint::Ptr& endpoint : skippedEndpoints)
-			endpoint->SetLocalLogPosition(ts);
+		for (const Endpoint::Ptr& skippedEndpoint : skippedEndpoints)
+			skippedEndpoint->SetLocalLogPosition(ts);
 	}
 
 	return !log_needed || log_done;
@@ -993,7 +1144,7 @@ void ApiListener::SyncRelayMessage(const MessageOrigin::Ptr& origin,
 
 	bool need_log = !RelayMessageOne(target_zone, origin, message, master);
 
-	for (const Zone::Ptr& zone : target_zone->GetAllParents()) {
+	for (const Zone::Ptr& zone : target_zone->GetAllParentsRaw()) {
 		if (!RelayMessageOne(zone, origin, message, master))
 			need_log = true;
 	}
@@ -1042,7 +1193,12 @@ void ApiListener::RotateLogFile()
 
 	String oldpath = GetApiDir() + "log/current";
 	String newpath = GetApiDir() + "log/" + Convert::ToString(static_cast<int>(ts)+1);
-	(void) rename(oldpath.CStr(), newpath.CStr());
+
+	// If the log is being rotated more than once per second,
+	// don't overwrite the previous one, but silently deny rotation.
+	if (!Utility::PathExists(newpath)) {
+		(void) rename(oldpath.CStr(), newpath.CStr());
+	}
 }
 
 void ApiListener::LogGlobHandler(std::vector<int>& files, const String& file)
@@ -1095,7 +1251,6 @@ void ApiListener::ReplayLog(const JsonRpcConnection::Ptr& client)
 		boost::mutex::scoped_lock lock(m_LogLock);
 
 		CloseLogFile();
-		RotateLogFile();
 
 		if (count == -1 || count > 50000) {
 			OpenLogFile();
@@ -1110,16 +1265,21 @@ void ApiListener::ReplayLog(const JsonRpcConnection::Ptr& client)
 		Utility::Glob(GetApiDir() + "log/*", std::bind(&ApiListener::LogGlobHandler, std::ref(files), _1), GlobFile);
 		std::sort(files.begin(), files.end());
 
+		std::vector<std::pair<int, String>> allFiles;
+
 		for (int ts : files) {
-			String path = GetApiDir() + "log/" + Convert::ToString(ts);
+			if (ts >= peer_ts) {
+				allFiles.emplace_back(ts, GetApiDir() + "log/" + Convert::ToString(ts));
+			}
+		}
 
-			if (ts < peer_ts)
-				continue;
+		allFiles.emplace_back(Utility::GetTime() + 1, GetApiDir() + "log/current");
 
+		for (auto& file : allFiles) {
 			Log(LogNotice, "ApiListener")
-				<< "Replaying log: " << path;
+				<< "Replaying log: " << file.second;
 
-			auto *fp = new std::fstream(path.CStr(), std::fstream::in | std::fstream::binary);
+			auto *fp = new std::fstream(file.second.CStr(), std::fstream::in | std::fstream::binary);
 			StdioStream::Ptr logStream = new StdioStream(fp, true);
 
 			String message;
@@ -1139,7 +1299,7 @@ void ApiListener::ReplayLog(const JsonRpcConnection::Ptr& client)
 					pmessage = JsonDecode(message);
 				} catch (const std::exception&) {
 					Log(LogWarning, "ApiListener")
-						<< "Unexpected end-of-file for cluster log: " << path;
+						<< "Unexpected end-of-file for cluster log: " << file.second;
 
 					/* Log files may be incomplete or corrupted. This is perfectly OK. */
 					break;
@@ -1161,8 +1321,7 @@ void ApiListener::ReplayLog(const JsonRpcConnection::Ptr& client)
 				}
 
 				try  {
-					size_t bytesSent = NetString::WriteStringToStream(client->GetStream(), pmessage->Get("message"));
-					endpoint->AddMessageSent(bytesSent);
+					client->SendRawMessage(pmessage->Get("message"));
 					count++;
 				} catch (const std::exception& ex) {
 					Log(LogWarning, "ApiListener")
@@ -1176,8 +1335,8 @@ void ApiListener::ReplayLog(const JsonRpcConnection::Ptr& client)
 
 				peer_ts = pmessage->Get("timestamp");
 
-				if (ts > logpos_ts + 10) {
-					logpos_ts = ts;
+				if (file.first > logpos_ts + 10) {
+					logpos_ts = file.first;
 
 					Dictionary::Ptr lmessage = new Dictionary({
 						{ "jsonrpc", "2.0" },
@@ -1187,8 +1346,7 @@ void ApiListener::ReplayLog(const JsonRpcConnection::Ptr& client)
 						}) }
 					});
 
-					size_t bytesSent = JsonRpc::SendMessage(client->GetStream(), lmessage);
-					endpoint->AddMessageSent(bytesSent);
+					client->SendMessage(lmessage);
 				}
 			}
 
@@ -1199,9 +1357,10 @@ void ApiListener::ReplayLog(const JsonRpcConnection::Ptr& client)
 			Log(LogInformation, "ApiListener")
 				<< "Replayed " << count << " messages.";
 		}
-
-		Log(LogNotice, "ApiListener")
-			<< "Replayed " << count << " messages.";
+		else {
+			Log(LogNotice, "ApiListener")
+				<< "Replayed " << count << " messages.";
+		}
 
 		if (last_sync) {
 			{
@@ -1304,10 +1463,8 @@ std::pair<Dictionary::Ptr, Dictionary::Ptr> ApiListener::GetStatus()
 	}
 
 	/* connection stats */
-	size_t jsonRpcClients = GetAnonymousClients().size();
+	size_t jsonRpcAnonymousClients = GetAnonymousClients().size();
 	size_t httpClients = GetHttpClients().size();
-	size_t workQueueItems = JsonRpcConnection::GetWorkQueueLength();
-	size_t workQueueCount = JsonRpcConnection::GetWorkQueueCount();
 	size_t syncQueueItems = m_SyncQueue.GetLength();
 	size_t relayQueueItems = m_RelayQueue.GetLength();
 	double workQueueItemRate = JsonRpcConnection::GetWorkQueueRate();
@@ -1325,9 +1482,7 @@ std::pair<Dictionary::Ptr, Dictionary::Ptr> ApiListener::GetStatus()
 		{ "zones", connectedZones },
 
 		{ "json_rpc", new Dictionary({
-			{ "clients", jsonRpcClients },
-			{ "work_queue_items", workQueueItems },
-			{ "work_queue_count", workQueueCount },
+			{ "anonymous_clients", jsonRpcAnonymousClients },
 			{ "sync_queue_items", syncQueueItems },
 			{ "relay_queue_items", relayQueueItems },
 			{ "work_queue_item_rate", workQueueItemRate },
@@ -1345,10 +1500,8 @@ std::pair<Dictionary::Ptr, Dictionary::Ptr> ApiListener::GetStatus()
 	perfdata->Set("num_conn_endpoints", Convert::ToDouble(allConnectedEndpoints->GetLength()));
 	perfdata->Set("num_not_conn_endpoints", Convert::ToDouble(allNotConnectedEndpoints->GetLength()));
 
-	perfdata->Set("num_json_rpc_clients", jsonRpcClients);
+	perfdata->Set("num_json_rpc_anonymous_clients", jsonRpcAnonymousClients);
 	perfdata->Set("num_http_clients", httpClients);
-	perfdata->Set("num_json_rpc_work_queue_items", workQueueItems);
-	perfdata->Set("num_json_rpc_work_queue_count", workQueueCount);
 	perfdata->Set("num_json_rpc_sync_queue_items", syncQueueItems);
 	perfdata->Set("num_json_rpc_relay_queue_items", relayQueueItems);
 
@@ -1373,7 +1526,8 @@ double ApiListener::CalculateZoneLag(const Endpoint::Ptr& endpoint)
 bool ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient)
 {
 	boost::mutex::scoped_lock lock(m_AnonymousClientsLock);
-	if (m_AnonymousClients.size() > 25)
+
+	if (GetMaxAnonymousClients() >= 0 && (long)m_AnonymousClients.size() + 1 > (long)GetMaxAnonymousClients())
 		return false;
 
 	m_AnonymousClients.insert(aclient);
@@ -1420,25 +1574,102 @@ Endpoint::Ptr ApiListener::GetLocalEndpoint() const
 	return m_LocalEndpoint;
 }
 
+void ApiListener::UpdateActivePackageStagesCache()
+{
+	boost::mutex::scoped_lock lock(m_ActivePackageStagesLock);
+
+	for (auto package : ConfigPackageUtility::GetPackages()) {
+		String activeStage;
+
+		try {
+			activeStage = ConfigPackageUtility::GetActiveStageFromFile(package);
+		} catch (const std::exception& ex) {
+			Log(LogCritical, "ApiListener")
+				<< ex.what();
+			continue;
+		}
+
+		Log(LogNotice, "ApiListener")
+			<< "Updating cache: Config package '" << package << "' has active stage '" << activeStage << "'.";
+
+		m_ActivePackageStages[package] = activeStage;
+	}
+}
+
+void ApiListener::CheckApiPackageIntegrity()
+{
+	boost::mutex::scoped_lock lock(m_ActivePackageStagesLock);
+
+	for (auto package : ConfigPackageUtility::GetPackages()) {
+		String activeStage;
+		try {
+			activeStage = ConfigPackageUtility::GetActiveStageFromFile(package);
+		} catch (const std::exception& ex) {
+			/* An error means that the stage is broken, try to repair it. */
+			auto it = m_ActivePackageStages.find(package);
+
+			if (it == m_ActivePackageStages.end())
+				continue;
+
+			String activeStageCached = it->second;
+
+			Log(LogInformation, "ApiListener")
+				<< "Repairing broken API config package '" << package
+				<< "', setting active stage '" << activeStageCached << "'.";
+
+			ConfigPackageUtility::SetActiveStageToFile(package, activeStageCached);
+		}
+	}
+}
+
+void ApiListener::SetActivePackageStage(const String& package, const String& stage)
+{
+	boost::mutex::scoped_lock lock(m_ActivePackageStagesLock);
+	m_ActivePackageStages[package] = stage;
+}
+
+String ApiListener::GetActivePackageStage(const String& package)
+{
+	boost::mutex::scoped_lock lock(m_ActivePackageStagesLock);
+
+	if (m_ActivePackageStages.find(package) == m_ActivePackageStages.end())
+		BOOST_THROW_EXCEPTION(ScriptError("Package " + package + " has no active stage."));
+
+	return m_ActivePackageStages[package];
+}
+
+void ApiListener::RemoveActivePackageStage(const String& package)
+{
+	/* This is the rare occassion when a package has been deleted. */
+	boost::mutex::scoped_lock lock(m_ActivePackageStagesLock);
+
+	auto it = m_ActivePackageStages.find(package);
+
+	if (it == m_ActivePackageStages.end())
+		return;
+
+	m_ActivePackageStages.erase(it);
+}
+
 void ApiListener::ValidateTlsProtocolmin(const Lazy<String>& lvalue, const ValidationUtils& utils)
 {
 	ObjectImpl<ApiListener>::ValidateTlsProtocolmin(lvalue, utils);
 
-	if (lvalue() != SSL_TXT_TLSV1
-#ifdef SSL_TXT_TLSV1_1
-		&& lvalue() != SSL_TXT_TLSV1_1 &&
-		lvalue() != SSL_TXT_TLSV1_2
-#endif /* SSL_TXT_TLSV1_1 */
-		) {
-		String message = "Invalid TLS version. Must be one of '" SSL_TXT_TLSV1 "'";
-#ifdef SSL_TXT_TLSV1_1
-		message += ", '" SSL_TXT_TLSV1_1 "' or '" SSL_TXT_TLSV1_2 "'";
-#endif /* SSL_TXT_TLSV1_1 */
+	if (lvalue() != SSL_TXT_TLSV1_2) {
+		String message = "Invalid TLS version. Must be '" SSL_TXT_TLSV1_2 "'";
 
 		BOOST_THROW_EXCEPTION(ValidationError(this, { "tls_protocolmin" }, message));
 	}
 }
 
+void ApiListener::ValidateTlsHandshakeTimeout(const Lazy<double>& lvalue, const ValidationUtils& utils)
+{
+	ObjectImpl<ApiListener>::ValidateTlsHandshakeTimeout(lvalue, utils);
+
+	if (lvalue() <= 0)
+		BOOST_THROW_EXCEPTION(ValidationError(this, { "tls_handshake_timeout" }, "Value must be greater than 0."));
+}
+
 bool ApiListener::IsHACluster()
 {
 	Zone::Ptr zone = Zone::GetLocalZone();
@@ -1465,3 +1696,20 @@ String ApiListener::GetFromZoneName(const Zone::Ptr& fromZone)
 
 	return fromZoneName;
 }
+
+void ApiListener::UpdateStatusFile(boost::asio::ip::tcp::endpoint localEndpoint)
+{
+	String path = Configuration::CacheDir + "/api-state.json";
+
+	Utility::SaveJsonFile(path, 0644, new Dictionary({
+		{"host", String(localEndpoint.address().to_string())},
+		{"port", localEndpoint.port()}
+	}));
+}
+
+void ApiListener::RemoveStatusFile()
+{
+	String path = Configuration::CacheDir + "/api-state.json";
+
+	Utility::Remove(path);
+}
diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp
index b3894992a..ecbeed415 100644
--- a/lib/remote/apilistener.hpp
+++ b/lib/remote/apilistener.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APILISTENER_H
 #define APILISTENER_H
@@ -26,10 +9,16 @@
 #include "remote/endpoint.hpp"
 #include "remote/messageorigin.hpp"
 #include "base/configobject.hpp"
+#include "base/process.hpp"
 #include "base/timer.hpp"
 #include "base/workqueue.hpp"
 #include "base/tcpsocket.hpp"
 #include "base/tlsstream.hpp"
+#include "base/threadpool.hpp"
+#include <atomic>
+#include <boost/asio/ip/tcp.hpp>
+#include <boost/asio/spawn.hpp>
+#include <boost/asio/ssl/context.hpp>
 #include <set>
 
 namespace icinga
@@ -44,6 +33,7 @@ struct ConfigDirInformation
 {
 	Dictionary::Ptr UpdateV1;
 	Dictionary::Ptr UpdateV2;
+	Dictionary::Ptr Checksums;
 };
 
 /**
@@ -60,6 +50,8 @@ public:
 	ApiListener();
 
 	static String GetApiDir();
+	static String GetApiZonesDir();
+	static String GetApiZonesStageDir();
 	static String GetCertsDir();
 	static String GetCaDir();
 	static String GetCertificateRequestsDir();
@@ -97,6 +89,11 @@ public:
 	static Value ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 	static Value ConfigDeleteObjectAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 
+	/* API config packages */
+	void SetActivePackageStage(const String& package, const String& stage);
+	String GetActivePackageStage(const String& package);
+	void RemoveActivePackageStage(const String& package);
+
 	static Value HelloAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 
 	static void UpdateObjectAuthority();
@@ -108,6 +105,15 @@ public:
 	static String GetDefaultKeyPath();
 	static String GetDefaultCaPath();
 
+	static inline
+	bool UpdatedObjectAuthority()
+	{
+		return m_UpdatedObjectAuthority.load();
+	}
+
+	double GetTlsHandshakeTimeout() const override;
+	void SetTlsHandshakeTimeout(double value, bool suppress_events, const Value& cookie) override;
+
 protected:
 	void OnConfigLoaded() override;
 	void OnAllConfigLoaded() override;
@@ -115,10 +121,10 @@ protected:
 	void Stop(bool runtimeDeleted) override;
 
 	void ValidateTlsProtocolmin(const Lazy<String>& lvalue, const ValidationUtils& utils) override;
+	void ValidateTlsHandshakeTimeout(const Lazy<double>& lvalue, const ValidationUtils& utils) override;
 
 private:
-	std::shared_ptr<SSL_CTX> m_SSLContext;
-	std::set<TcpSocket::Ptr> m_Servers;
+	std::shared_ptr<boost::asio::ssl::context> m_SSLContext;
 
 	mutable boost::mutex m_AnonymousClientsLock;
 	mutable boost::mutex m_HttpClientsLock;
@@ -129,20 +135,24 @@ private:
 	Timer::Ptr m_ReconnectTimer;
 	Timer::Ptr m_AuthorityTimer;
 	Timer::Ptr m_CleanupCertificateRequestsTimer;
+	Timer::Ptr m_ApiPackageIntegrityTimer;
+
 	Endpoint::Ptr m_LocalEndpoint;
 
 	static ApiListener::Ptr m_Instance;
+	static std::atomic<bool> m_UpdatedObjectAuthority;
 
 	void ApiTimerHandler();
 	void ApiReconnectTimerHandler();
 	void CleanupCertificateRequestsTimerHandler();
+	void CheckApiPackageIntegrity();
 
 	bool AddListener(const String& node, const String& service);
 	void AddConnection(const Endpoint::Ptr& endpoint);
 
-	void NewClientHandler(const Socket::Ptr& client, const String& hostname, ConnectionRole role);
-	void NewClientHandlerInternal(const Socket::Ptr& client, const String& hostname, ConnectionRole role);
-	void ListenerThreadProc(const Socket::Ptr& server);
+	void NewClientHandler(boost::asio::yield_context yc, const std::shared_ptr<AsioTlsStream>& client, const String& hostname, ConnectionRole role);
+	void NewClientHandlerInternal(boost::asio::yield_context yc, const std::shared_ptr<AsioTlsStream>& client, const String& hostname, ConnectionRole role);
+	void ListenerCoroutineProc(boost::asio::yield_context yc, const std::shared_ptr<boost::asio::ip::tcp::acceptor>& server, const std::shared_ptr<boost::asio::ssl::context>& sslContext);
 
 	WorkQueue m_RelayQueue;
 	WorkQueue m_SyncQueue{0, 4};
@@ -151,7 +161,7 @@ private:
 	Stream::Ptr m_LogFile;
 	size_t m_LogMessageCount{0};
 
-	bool RelayMessageOne(const Zone::Ptr& zone, const MessageOrigin::Ptr& origin, const Dictionary::Ptr& message, const Endpoint::Ptr& currentMaster);
+	bool RelayMessageOne(const Zone::Ptr& zone, const MessageOrigin::Ptr& origin, const Dictionary::Ptr& message, const Endpoint::Ptr& currentZoneMaster);
 	void SyncRelayMessage(const MessageOrigin::Ptr& origin, const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log);
 	void PersistMessage(const Dictionary::Ptr& message, const ConfigObject::Ptr& secobj);
 
@@ -163,17 +173,32 @@ private:
 
 	static void CopyCertificateFile(const String& oldCertPath, const String& newCertPath);
 
+	void UpdateStatusFile(boost::asio::ip::tcp::endpoint localEndpoint);
+	void RemoveStatusFile();
+
 	/* filesync */
-	static ConfigDirInformation LoadConfigDir(const String& dir);
-	static Dictionary::Ptr MergeConfigUpdate(const ConfigDirInformation& config);
-	static bool UpdateConfigDir(const ConfigDirInformation& oldConfig, const ConfigDirInformation& newConfig, const String& configDir, bool authoritative);
+	static boost::mutex m_ConfigSyncStageLock;
 
-	void SyncZoneDirs() const;
-	void SyncZoneDir(const Zone::Ptr& zone) const;
+	void SyncLocalZoneDirs() const;
+	void SyncLocalZoneDir(const Zone::Ptr& zone) const;
 
-	static void ConfigGlobHandler(ConfigDirInformation& config, const String& path, const String& file);
 	void SendConfigUpdate(const JsonRpcConnection::Ptr& aclient);
 
+	static Dictionary::Ptr MergeConfigUpdate(const ConfigDirInformation& config);
+
+	static ConfigDirInformation LoadConfigDir(const String& dir);
+	static void ConfigGlobHandler(ConfigDirInformation& config, const String& path, const String& file);
+
+	static void TryActivateZonesStageCallback(const ProcessResult& pr,
+		const std::vector<String>& relativePaths);
+	static void AsyncTryActivateZonesStage(const std::vector<String>& relativePaths);
+
+	static String GetChecksum(const String& content);
+	static bool CheckConfigChange(const ConfigDirInformation& oldConfig, const ConfigDirInformation& newConfig);
+
+	void UpdateLastFailedZonesStageValidation(const String& log);
+	void ClearLastFailedZonesStageValidation();
+
 	/* configsync */
 	void UpdateConfigObject(const ConfigObject::Ptr& object, const MessageOrigin::Ptr& origin,
 		const JsonRpcConnection::Ptr& client = nullptr);
@@ -182,6 +207,12 @@ private:
 	void SendRuntimeConfigObjects(const JsonRpcConnection::Ptr& aclient);
 
 	void SyncClient(const JsonRpcConnection::Ptr& aclient, const Endpoint::Ptr& endpoint, bool needSync);
+
+	/* API Config Packages */
+	mutable boost::mutex m_ActivePackageStagesLock;
+	std::map<String, String> m_ActivePackageStages;
+
+	void UpdateActivePackageStagesCache();
 };
 
 }
diff --git a/lib/remote/apilistener.ti b/lib/remote/apilistener.ti
index e04fa0185..ede50b606 100644
--- a/lib/remote/apilistener.ti
+++ b/lib/remote/apilistener.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/i2-remote.hpp"
 #include "base/configobject.hpp"
@@ -35,19 +18,30 @@ class ApiListener : ConfigObject
 	[config, deprecated] String ca_path;
 	[config] String crl_path;
 	[config] String cipher_list {
-		default {{{ return "ALL:!LOW:!WEAK:!MEDIUM:!EXP:!NULL"; }}}
+		default {{{ return "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256"; }}}
 	};
 	[config] String tls_protocolmin {
-		default {{{ return "TLSv1"; }}}
+		default {{{ return "TLSv1.2"; }}}
 	};
 
-	[config] String bind_host;
+	[config] String bind_host {
+		default {{{ return Configuration::ApiBindHost; }}}
+	};
 	[config] String bind_port {
-		default {{{ return "5665"; }}}
+		default {{{ return Configuration::ApiBindPort; }}}
 	};
 
 	[config] bool accept_config;
 	[config] bool accept_commands;
+	[config] int max_anonymous_clients {
+		default {{{ return -1; }}}
+	};
+
+	[config] double tls_handshake_timeout {
+		get;
+		set;
+		default {{{ return Configuration::TlsHandshakeTimeout; }}}
+	};
 
 	[config] String ticket_salt;
 
@@ -60,6 +54,8 @@ class ApiListener : ConfigObject
 	[state, no_user_modify] Timestamp log_message_timestamp;
 
 	[no_user_modify] String identity;
+
+	[state, no_user_modify] Dictionary::Ptr last_failed_zones_stage_validation;
 };
 
 }
diff --git a/lib/remote/apiuser.cpp b/lib/remote/apiuser.cpp
index 02a6efc07..2959d895c 100644
--- a/lib/remote/apiuser.cpp
+++ b/lib/remote/apiuser.cpp
@@ -1,44 +1,16 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/apiuser.hpp"
 #include "remote/apiuser-ti.cpp"
 #include "base/configtype.hpp"
 #include "base/base64.hpp"
 #include "base/tlsutility.hpp"
+#include "base/utility.hpp"
 
 using namespace icinga;
 
 REGISTER_TYPE(ApiUser);
 
-void ApiUser::OnConfigLoaded(void)
-{
-	ObjectImpl<ApiUser>::OnConfigLoaded();
-
-	if (GetPasswordHash().IsEmpty()) {
-		String hashedPassword =	CreateHashedPasswordString(GetPassword(), RandomString(8), 5);
-		VERIFY(hashedPassword != String());
-		SetPasswordHash(hashedPassword);
-		SetPassword("********");
-	}
-}
-
 ApiUser::Ptr ApiUser::GetByClientCN(const String& cn)
 {
 	for (const ApiUser::Ptr& user : ConfigType::GetObjectsByType<ApiUser>()) {
@@ -75,31 +47,9 @@ ApiUser::Ptr ApiUser::GetByAuthHeader(const String& auth_header)
 	 */
 	if (!user || password.IsEmpty())
 		return nullptr;
-	else if (user && user->GetPassword() != password) {
-		Dictionary::Ptr passwordDict = user->GetPasswordDict();
-		if (!passwordDict || !ComparePassword(passwordDict->Get("password"), password, passwordDict->Get("salt")))
-			return nullptr;
-	}
+	else if (user && !Utility::ComparePasswords(password, user->GetPassword()))
+		return nullptr;
 
 	return user;
 }
 
-Dictionary::Ptr ApiUser::GetPasswordDict(void) const
-{
-	String password = GetPasswordHash();
-	if (password.IsEmpty() || password[0] != '$')
-		return nullptr;
-
-	String::SizeType saltBegin = password.FindFirstOf('$', 1);
-	String::SizeType passwordBegin = password.FindFirstOf('$', saltBegin+1);
-
-	if (saltBegin == String::NPos || saltBegin == 1 || passwordBegin == String::NPos)
-		return nullptr;
-
-	Dictionary::Ptr passwordDict = new Dictionary();
-	passwordDict->Set("algorithm", password.SubStr(1, saltBegin - 1));
-	passwordDict->Set("salt", password.SubStr(saltBegin + 1, passwordBegin - saltBegin - 1));
-	passwordDict->Set("password", password.SubStr(passwordBegin + 1));
-
-	return passwordDict;
-}
diff --git a/lib/remote/apiuser.hpp b/lib/remote/apiuser.hpp
index 44cb84df7..fc132eee8 100644
--- a/lib/remote/apiuser.hpp
+++ b/lib/remote/apiuser.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef APIUSER_H
 #define APIUSER_H
@@ -35,12 +18,8 @@ public:
 	DECLARE_OBJECT(ApiUser);
 	DECLARE_OBJECTNAME(ApiUser);
 
-	virtual void OnConfigLoaded(void) override;
-
 	static ApiUser::Ptr GetByClientCN(const String& cn);
 	static ApiUser::Ptr GetByAuthHeader(const String& auth_header);
-
-	Dictionary::Ptr GetPasswordDict(void) const;
 };
 
 }
diff --git a/lib/remote/apiuser.ti b/lib/remote/apiuser.ti
index a767f833a..85fc764f6 100644
--- a/lib/remote/apiuser.ti
+++ b/lib/remote/apiuser.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 #include "base/function.hpp"
@@ -29,7 +12,7 @@ class ApiUser : ConfigObject
 {
 	/* No show config */
 	[no_user_view, no_user_modify] String password;
-	[config, no_user_view] String password_hash;
+	[deprecated, config, no_user_view] String password_hash;
 	[config] String client_cn (ClientCN);
 	[config] array(Value) permissions;
 };
diff --git a/lib/remote/authority.cpp b/lib/remote/authority.cpp
deleted file mode 100644
index 0be53b156..000000000
--- a/lib/remote/authority.cpp
+++ /dev/null
@@ -1,80 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "remote/zone.hpp"
-#include "remote/apilistener.hpp"
-#include "base/configtype.hpp"
-#include "base/utility.hpp"
-
-using namespace icinga;
-
-void ApiListener::UpdateObjectAuthority()
-{
-	Zone::Ptr my_zone = Zone::GetLocalZone();
-
-	std::vector<Endpoint::Ptr> endpoints;
-	Endpoint::Ptr my_endpoint;
-
-	if (my_zone) {
-		my_endpoint = Endpoint::GetLocalEndpoint();
-
-		int num_total = 0;
-
-		for (const Endpoint::Ptr& endpoint : my_zone->GetEndpoints()) {
-			num_total++;
-
-			if (endpoint != my_endpoint && !endpoint->GetConnected())
-				continue;
-
-			endpoints.push_back(endpoint);
-		}
-
-		double mainTime = Application::GetMainTime();
-
-		if (num_total > 1 && endpoints.size() <= 1 && (mainTime == 0 || Utility::GetTime() - mainTime < 60))
-			return;
-
-		std::sort(endpoints.begin(), endpoints.end(),
-			[](const ConfigObject::Ptr& a, const ConfigObject::Ptr& b) {
-				return a->GetName() < b->GetName();
-			}
-		);
-	}
-
-	for (const Type::Ptr& type : Type::GetAllTypes()) {
-		auto *dtype = dynamic_cast<ConfigType *>(type.get());
-
-		if (!dtype)
-			continue;
-
-		for (const ConfigObject::Ptr& object : dtype->GetObjects()) {
-			if (!object->IsActive() || object->GetHAMode() != HARunOnce)
-				continue;
-
-			bool authority;
-
-			if (!my_zone)
-				authority = true;
-			else
-				authority = endpoints[Utility::SDBM(object->GetName()) % endpoints.size()] == my_endpoint;
-
-			object->SetAuthority(authority);
-		}
-	}
-}
diff --git a/lib/remote/configfileshandler.cpp b/lib/remote/configfileshandler.cpp
index 49703ae00..d714f4d86 100644
--- a/lib/remote/configfileshandler.cpp
+++ b/lib/remote/configfileshandler.cpp
@@ -1,27 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/configfileshandler.hpp"
 #include "remote/configpackageutility.hpp"
 #include "remote/httputility.hpp"
 #include "remote/filterutility.hpp"
 #include "base/exception.hpp"
+#include "base/utility.hpp"
 #include <boost/algorithm/string/join.hpp>
 #include <fstream>
 
@@ -29,12 +13,23 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/config/files", ConfigFilesHandler);
 
-bool ConfigFilesHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool ConfigFilesHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestMethod != "GET")
+	namespace http = boost::beast::http;
+
+	if (request.method() != http::verb::get)
 		return false;
 
-	const std::vector<String>& urlPath = request.RequestUrl->GetPath();
+	const std::vector<String>& urlPath = url->GetPath();
 
 	if (urlPath.size() >= 4)
 		params->Set("package", urlPath[3]);
@@ -47,7 +42,7 @@ bool ConfigFilesHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& re
 		params->Set("path", boost::algorithm::join(tmpPath, "/"));
 	}
 
-	if (request.Headers->Get("accept") == "application/json") {
+	if (request[http::field::accept] == "application/json") {
 		HttpUtility::SendJsonError(response, params, 400, "Invalid Accept header. Either remove the Accept header or set it to 'application/octet-stream'.");
 		return true;
 	}
@@ -86,9 +81,10 @@ bool ConfigFilesHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& re
 		fp.exceptions(std::ifstream::badbit);
 
 		String content((std::istreambuf_iterator<char>(fp)), std::istreambuf_iterator<char>());
-		response.SetStatus(200, "OK");
-		response.AddHeader("Content-Type", "application/octet-stream");
-		response.WriteBody(content.CStr(), content.GetLength());
+		response.result(http::status::ok);
+		response.set(http::field::content_type, "application/octet-stream");
+		response.body() = content;
+		response.set(http::field::content_length, response.body().size());
 	} catch (const std::exception& ex) {
 		HttpUtility::SendJsonError(response, params, 500, "Could not read file.",
 			DiagnosticInformation(ex));
diff --git a/lib/remote/configfileshandler.hpp b/lib/remote/configfileshandler.hpp
index 8551aeb9d..ea48b1ef4 100644
--- a/lib/remote/configfileshandler.hpp
+++ b/lib/remote/configfileshandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGFILESHANDLER_H
 #define CONFIGFILESHANDLER_H
@@ -30,8 +13,16 @@ class ConfigFilesHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(ConfigFilesHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/configobjectutility.cpp b/lib/remote/configobjectutility.cpp
index ea58ba79d..3bc67910c 100644
--- a/lib/remote/configobjectutility.cpp
+++ b/lib/remote/configobjectutility.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/configobjectutility.hpp"
 #include "remote/configpackageutility.hpp"
@@ -25,15 +8,23 @@
 #include "base/configwriter.hpp"
 #include "base/exception.hpp"
 #include "base/dependencygraph.hpp"
+#include "base/utility.hpp"
 #include <boost/algorithm/string/case_conv.hpp>
+#include <boost/filesystem.hpp>
+#include <boost/system/error_code.hpp>
 #include <fstream>
 
 using namespace icinga;
 
 String ConfigObjectUtility::GetConfigDir()
 {
-	return ConfigPackageUtility::GetPackageDir() + "/_api/" +
-		ConfigPackageUtility::GetActiveStage("_api");
+	String prefix = ConfigPackageUtility::GetPackageDir() + "/_api/";
+	String activeStage = ConfigPackageUtility::GetActiveStage("_api");
+
+	if (activeStage.IsEmpty())
+		RepairPackage("_api");
+
+	return prefix + activeStage;
 }
 
 String ConfigObjectUtility::GetObjectConfigPath(const Type::Ptr& type, const String& fullName)
@@ -41,10 +32,69 @@ String ConfigObjectUtility::GetObjectConfigPath(const Type::Ptr& type, const Str
 	String typeDir = type->GetPluralName();
 	boost::algorithm::to_lower(typeDir);
 
-	return GetConfigDir() + "/conf.d/" + typeDir +
+	/* This may throw an exception the caller above must handle. */
+	String prefix = GetConfigDir();
+
+	return prefix + "/conf.d/" + typeDir +
 		"/" + EscapeName(fullName) + ".conf";
 }
 
+void ConfigObjectUtility::RepairPackage(const String& package)
+{
+	/* Try to fix the active stage, whenever we find a directory in there.
+	 * This automatically heals packages < 2.11 which remained broken.
+	 */
+	String dir = ConfigPackageUtility::GetPackageDir() + "/" + package + "/";
+
+	namespace fs = boost::filesystem;
+
+	/* Use iterators to workaround VS builds on Windows. */
+	fs::path path(dir.Begin(), dir.End());
+
+	fs::recursive_directory_iterator end;
+
+	String foundActiveStage;
+
+	for (fs::recursive_directory_iterator it(path); it != end; it++) {
+		boost::system::error_code ec;
+
+		const fs::path d = *it;
+		if (fs::is_directory(d, ec)) {
+			/* Extract the relative directory name. */
+			foundActiveStage = d.stem().string();
+
+			break; // Use the first found directory.
+		}
+	}
+
+	if (!foundActiveStage.IsEmpty()) {
+		Log(LogInformation, "ConfigObjectUtility")
+			<< "Repairing config package '" << package << "' with stage '" << foundActiveStage << "'.";
+
+		ConfigPackageUtility::ActivateStage(package, foundActiveStage);
+	} else {
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Cannot repair package '" + package + "', please check the troubleshooting docs."));
+	}
+}
+
+void ConfigObjectUtility::CreateStorage()
+{
+	boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticPackageMutex());
+
+	/* For now, we only use _api as our creation target. */
+	String package = "_api";
+
+	if (!ConfigPackageUtility::PackageExists(package)) {
+		Log(LogNotice, "ConfigObjectUtility")
+			<< "Package " << package << " doesn't exist yet, creating it.";
+
+		ConfigPackageUtility::CreatePackage(package);
+
+		String stage = ConfigPackageUtility::CreateStage(package);
+		ConfigPackageUtility::ActivateStage(package, stage);
+	}
+}
+
 String ConfigObjectUtility::EscapeName(const String& name)
 {
 	return Utility::EscapeString(name, "<>:\"/\\|?*", true);
@@ -98,17 +148,9 @@ String ConfigObjectUtility::CreateObjectConfig(const Type::Ptr& type, const Stri
 }
 
 bool ConfigObjectUtility::CreateObject(const Type::Ptr& type, const String& fullName,
-	const String& config, const Array::Ptr& errors, const Array::Ptr& diagnosticInformation)
+	const String& config, const Array::Ptr& errors, const Array::Ptr& diagnosticInformation, const Value& cookie)
 {
-	{
-		boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticMutex());
-		if (!ConfigPackageUtility::PackageExists("_api")) {
-			ConfigPackageUtility::CreatePackage("_api");
-
-			String stage = ConfigPackageUtility::CreateStage("_api");
-			ConfigPackageUtility::ActivateStage("_api", stage);
-		}
-	}
+	CreateStorage();
 
 	ConfigItem::Ptr item = ConfigItem::GetByTypeAndName(type, fullName);
 
@@ -117,14 +159,17 @@ bool ConfigObjectUtility::CreateObject(const Type::Ptr& type, const String& full
 		return false;
 	}
 
-	String path = GetObjectConfigPath(type, fullName);
-	Utility::MkDirP(Utility::DirName(path), 0700);
+	String path;
 
-	if (Utility::PathExists(path)) {
-		errors->Add("Cannot create object '" + fullName + "'. Configuration file '" + path + "' already exists.");
+	try {
+		path = GetObjectConfigPath(type, fullName);
+	} catch (const std::exception& ex) {
+		errors->Add("Config package broken: " + DiagnosticInformation(ex, false));
 		return false;
 	}
 
+	Utility::MkDirP(Utility::DirName(path), 0700);
+
 	std::ofstream fp(path.CStr(), std::ofstream::out | std::ostream::trunc);
 	fp << config;
 	fp.close();
@@ -139,16 +184,20 @@ bool ConfigObjectUtility::CreateObject(const Type::Ptr& type, const String& full
 		expr.reset();
 
 		WorkQueue upq;
+		upq.SetName("ConfigObjectUtility::CreateObject");
+
 		std::vector<ConfigItem::Ptr> newItems;
 
-		if (!ConfigItem::CommitItems(ascope.GetContext(), upq, newItems) || !ConfigItem::ActivateItems(upq, newItems, true)) {
+		/*
+		 * Disable logging for object creation, but do so ourselves later on.
+		 * Duplicate the error handling for better logging and debugging here.
+		 */
+		if (!ConfigItem::CommitItems(ascope.GetContext(), upq, newItems, true)) {
 			if (errors) {
-				if (unlink(path.CStr()) < 0 && errno != ENOENT) {
-					BOOST_THROW_EXCEPTION(posix_error()
-						<< boost::errinfo_api_function("unlink")
-						<< boost::errinfo_errno(errno)
-						<< boost::errinfo_file_name(path));
-				}
+				Log(LogNotice, "ConfigObjectUtility")
+					<< "Failed to commit config item '" << fullName << "'. Aborting and emoving config path '" << path << "'.";
+
+				Utility::Remove(path);
 
 				for (const boost::exception_ptr& ex : upq.GetExceptions()) {
 					errors->Add(DiagnosticInformation(ex, false));
@@ -161,15 +210,51 @@ bool ConfigObjectUtility::CreateObject(const Type::Ptr& type, const String& full
 			return false;
 		}
 
-		ApiListener::UpdateObjectAuthority();
-	} catch (const std::exception& ex) {
-		if (unlink(path.CStr()) < 0 && errno != ENOENT) {
-			BOOST_THROW_EXCEPTION(posix_error()
-				<< boost::errinfo_api_function("unlink")
-				<< boost::errinfo_errno(errno)
-				<< boost::errinfo_file_name(path));
+		/*
+		 * Activate the config object.
+		 * uq, items, runtimeCreated, silent, withModAttrs, cookie
+		 * IMPORTANT: Forward the cookie aka origin in order to prevent sync loops in the same zone!
+		 */
+		if (!ConfigItem::ActivateItems(upq, newItems, true, true, false, cookie)) {
+			if (errors) {
+				Log(LogNotice, "ConfigObjectUtility")
+					<< "Failed to activate config object '" << fullName << "'. Aborting and emoving config path '" << path << "'.";
+
+				Utility::Remove(path);
+
+				for (const boost::exception_ptr& ex : upq.GetExceptions()) {
+					errors->Add(DiagnosticInformation(ex, false));
+
+					if (diagnosticInformation)
+						diagnosticInformation->Add(DiagnosticInformation(ex));
+				}
+			}
+
+			return false;
 		}
 
+		/* if (type != Comment::TypeInstance && type != Downtime::TypeInstance)
+		 * Does not work since this would require libicinga, which has a dependency on libremote
+		 * Would work if these libs were static.
+		 */
+		if (type->GetName() != "Comment" && type->GetName() != "Downtime")
+			ApiListener::UpdateObjectAuthority();
+
+		// At this stage we should have a config object already. If not, it was ignored before.
+		auto *ctype = dynamic_cast<ConfigType *>(type.get());
+		ConfigObject::Ptr obj = ctype->GetObject(fullName);
+
+		if (obj) {
+			Log(LogInformation, "ConfigObjectUtility")
+				<< "Created and activated object '" << fullName << "' of type '" << type->GetName() << "'.";
+		} else {
+			Log(LogNotice, "ConfigObjectUtility")
+				<< "Object '" << fullName << "' was not created but ignored due to errors.";
+		}
+
+	} catch (const std::exception& ex) {
+		Utility::Remove(path);
+
 		if (errors)
 			errors->Add(DiagnosticInformation(ex, false));
 
@@ -183,7 +268,7 @@ bool ConfigObjectUtility::CreateObject(const Type::Ptr& type, const String& full
 }
 
 bool ConfigObjectUtility::DeleteObjectHelper(const ConfigObject::Ptr& object, bool cascade,
-	const Array::Ptr& errors, const Array::Ptr& diagnosticInformation)
+	const Array::Ptr& errors, const Array::Ptr& diagnosticInformation, const Value& cookie)
 {
 	std::vector<Object::Ptr> parents = DependencyGraph::GetParents(object);
 
@@ -207,7 +292,7 @@ bool ConfigObjectUtility::DeleteObjectHelper(const ConfigObject::Ptr& object, bo
 		if (!parentObj)
 			continue;
 
-		DeleteObjectHelper(parentObj, cascade, errors, diagnosticInformation);
+		DeleteObjectHelper(parentObj, cascade, errors, diagnosticInformation, cookie);
 	}
 
 	ConfigItem::Ptr item = ConfigItem::GetByTypeAndName(type, name);
@@ -215,8 +300,13 @@ bool ConfigObjectUtility::DeleteObjectHelper(const ConfigObject::Ptr& object, bo
 	try {
 		/* mark this object for cluster delete event */
 		object->SetExtension("ConfigObjectDeleted", true);
-		/* triggers signal for DB IDO and other interfaces */
-		object->Deactivate(true);
+
+		/*
+		 * Trigger deactivation signal for DB IDO and runtime object delections.
+		 * IMPORTANT: Specify the cookie aka origin in order to prevent sync loops
+		 * in the same zone!
+		 */
+		object->Deactivate(true, cookie);
 
 		if (item)
 			item->Unregister();
@@ -233,21 +323,25 @@ bool ConfigObjectUtility::DeleteObjectHelper(const ConfigObject::Ptr& object, bo
 		return false;
 	}
 
-	String path = GetObjectConfigPath(object->GetReflectionType(), name);
+	String path;
 
-	if (Utility::PathExists(path)) {
-		if (unlink(path.CStr()) < 0 && errno != ENOENT) {
-			BOOST_THROW_EXCEPTION(posix_error()
-				<< boost::errinfo_api_function("unlink")
-				<< boost::errinfo_errno(errno)
-				<< boost::errinfo_file_name(path));
-		}
+	try {
+		path = GetObjectConfigPath(object->GetReflectionType(), name);
+	} catch (const std::exception& ex) {
+		errors->Add("Config package broken: " + DiagnosticInformation(ex, false));
+		return false;
 	}
 
+	Utility::Remove(path);
+
+	Log(LogInformation, "ConfigObjectUtility")
+		<< "Deleted object '" << name << "' of type '" << type->GetName() << "'.";
+
 	return true;
 }
 
-bool ConfigObjectUtility::DeleteObject(const ConfigObject::Ptr& object, bool cascade, const Array::Ptr& errors, const Array::Ptr& diagnosticInformation)
+bool ConfigObjectUtility::DeleteObject(const ConfigObject::Ptr& object, bool cascade, const Array::Ptr& errors,
+	const Array::Ptr& diagnosticInformation, const Value& cookie)
 {
 	if (object->GetPackage() != "_api") {
 		if (errors)
@@ -256,5 +350,5 @@ bool ConfigObjectUtility::DeleteObject(const ConfigObject::Ptr& object, bool cas
 		return false;
 	}
 
-	return DeleteObjectHelper(object, cascade, errors, diagnosticInformation);
+	return DeleteObjectHelper(object, cascade, errors, diagnosticInformation, cookie);
 }
diff --git a/lib/remote/configobjectutility.hpp b/lib/remote/configobjectutility.hpp
index 472af3c83..f383a211b 100644
--- a/lib/remote/configobjectutility.hpp
+++ b/lib/remote/configobjectutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGOBJECTUTILITY_H
 #define CONFIGOBJECTUTILITY_H
@@ -40,20 +23,22 @@ class ConfigObjectUtility
 public:
 	static String GetConfigDir();
 	static String GetObjectConfigPath(const Type::Ptr& type, const String& fullName);
+	static void RepairPackage(const String& package);
+	static void CreateStorage();
 
 	static String CreateObjectConfig(const Type::Ptr& type, const String& fullName,
 		bool ignoreOnError, const Array::Ptr& templates, const Dictionary::Ptr& attrs);
 
 	static bool CreateObject(const Type::Ptr& type, const String& fullName,
-		const String& config, const Array::Ptr& errors, const Array::Ptr& diagnosticInformation);
+		const String& config, const Array::Ptr& errors, const Array::Ptr& diagnosticInformation, const Value& cookie = Empty);
 
 	static bool DeleteObject(const ConfigObject::Ptr& object, bool cascade, const Array::Ptr& errors,
-		const Array::Ptr& diagnosticInformation);
+		const Array::Ptr& diagnosticInformation, const Value& cookie = Empty);
 
 private:
 	static String EscapeName(const String& name);
 	static bool DeleteObjectHelper(const ConfigObject::Ptr& object, bool cascade, const Array::Ptr& errors,
-		const Array::Ptr& diagnosticInformation);
+		const Array::Ptr& diagnosticInformation, const Value& cookie = Empty);
 };
 
 }
diff --git a/lib/remote/configpackageshandler.cpp b/lib/remote/configpackageshandler.cpp
index 8ad25d0cb..c1b1a1076 100644
--- a/lib/remote/configpackageshandler.cpp
+++ b/lib/remote/configpackageshandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/configpackageshandler.hpp"
 #include "remote/configpackageutility.hpp"
@@ -27,25 +10,44 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/config/packages", ConfigPackagesHandler);
 
-bool ConfigPackagesHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool ConfigPackagesHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() > 4)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() > 4)
 		return false;
 
-	if (request.RequestMethod == "GET")
-		HandleGet(user, request, response, params);
-	else if (request.RequestMethod == "POST")
-		HandlePost(user, request, response, params);
-	else if (request.RequestMethod == "DELETE")
-		HandleDelete(user, request, response, params);
+	if (request.method() == http::verb::get)
+		HandleGet(user, request, url, response, params);
+	else if (request.method() == http::verb::post)
+		HandlePost(user, request, url, response, params);
+	else if (request.method() == http::verb::delete_)
+		HandleDelete(user, request, url, response, params);
 	else
 		return false;
 
 	return true;
 }
 
-void ConfigPackagesHandler::HandleGet(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+void ConfigPackagesHandler::HandleGet(
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params
+)
 {
+	namespace http = boost::beast::http;
+
 	FilterUtility::CheckPermission(user, "config/query");
 
 	std::vector<String> packages;
@@ -61,12 +63,19 @@ void ConfigPackagesHandler::HandleGet(const ApiUser::Ptr& user, HttpRequest& req
 	ArrayData results;
 
 	{
-		boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticMutex());
+		boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticPackageMutex());
+
 		for (const String& package : packages) {
+			String activeStage;
+
+			try {
+				activeStage = ConfigPackageUtility::GetActiveStage(package);
+			} catch (const std::exception&) { } /* Should never happen. */
+
 			results.emplace_back(new Dictionary({
 				{ "name", package },
 				{ "stages", Array::FromVector(ConfigPackageUtility::GetStages(package)) },
-				{ "active-stage", ConfigPackageUtility::GetActiveStage(package) }
+				{ "active-stage", activeStage }
 			}));
 		}
 	}
@@ -75,16 +84,24 @@ void ConfigPackagesHandler::HandleGet(const ApiUser::Ptr& user, HttpRequest& req
 		{ "results", new Array(std::move(results)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 }
 
-void ConfigPackagesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+void ConfigPackagesHandler::HandlePost(
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params
+)
 {
+	namespace http = boost::beast::http;
+
 	FilterUtility::CheckPermission(user, "config/modify");
 
-	if (request.RequestUrl->GetPath().size() >= 4)
-		params->Set("package", request.RequestUrl->GetPath()[3]);
+	if (url->GetPath().size() >= 4)
+		params->Set("package", url->GetPath()[3]);
 
 	String packageName = HttpUtility::GetLastParameter(params, "package");
 
@@ -94,7 +111,8 @@ void ConfigPackagesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& re
 	}
 
 	try {
-		boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticMutex());
+		boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticPackageMutex());
+
 		ConfigPackageUtility::CreatePackage(packageName);
 	} catch (const std::exception& ex) {
 		HttpUtility::SendJsonError(response, params, 500, "Could not create package '" + packageName + "'.",
@@ -112,16 +130,24 @@ void ConfigPackagesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& re
 		{ "results", new Array({ result1 }) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 }
 
-void ConfigPackagesHandler::HandleDelete(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+void ConfigPackagesHandler::HandleDelete(
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params
+)
 {
+	namespace http = boost::beast::http;
+
 	FilterUtility::CheckPermission(user, "config/modify");
 
-	if (request.RequestUrl->GetPath().size() >= 4)
-		params->Set("package", request.RequestUrl->GetPath()[3]);
+	if (url->GetPath().size() >= 4)
+		params->Set("package", url->GetPath()[3]);
 
 	String packageName = HttpUtility::GetLastParameter(params, "package");
 
@@ -148,6 +174,6 @@ void ConfigPackagesHandler::HandleDelete(const ApiUser::Ptr& user, HttpRequest&
 		{ "results", new Array({ result1 }) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 }
diff --git a/lib/remote/configpackageshandler.hpp b/lib/remote/configpackageshandler.hpp
index 4663fbf18..0a05ea10a 100644
--- a/lib/remote/configpackageshandler.hpp
+++ b/lib/remote/configpackageshandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGMODULESHANDLER_H
 #define CONFIGMODULESHANDLER_H
@@ -30,16 +13,39 @@ class ConfigPackagesHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(ConfigPackagesHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 
 private:
-	void HandleGet(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params);
-	void HandlePost(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params);
-	void HandleDelete(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params);
+	void HandleGet(
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params
+	);
+	void HandlePost(
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params
+	);
+	void HandleDelete(
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params
+	);
 
 };
 
diff --git a/lib/remote/configpackageutility.cpp b/lib/remote/configpackageutility.cpp
index 56ed57f7b..ac877d16c 100644
--- a/lib/remote/configpackageutility.cpp
+++ b/lib/remote/configpackageutility.cpp
@@ -1,23 +1,7 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/configpackageutility.hpp"
+#include "remote/apilistener.hpp"
 #include "base/application.hpp"
 #include "base/exception.hpp"
 #include "base/utility.hpp"
@@ -30,7 +14,7 @@ using namespace icinga;
 
 String ConfigPackageUtility::GetPackageDir()
 {
-	return Application::GetLocalStateDir() + "/lib/icinga2/api/packages";
+	return Configuration::DataDir + "/api/packages";
 }
 
 void ConfigPackageUtility::CreatePackage(const String& name)
@@ -51,6 +35,14 @@ void ConfigPackageUtility::DeletePackage(const String& name)
 	if (!Utility::PathExists(path))
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Package does not exist."));
 
+	ApiListener::Ptr listener = ApiListener::GetInstance();
+
+	/* config packages without API make no sense. */
+	if (!listener)
+		BOOST_THROW_EXCEPTION(std::invalid_argument("No ApiListener instance configured."));
+
+	listener->RemoveActivePackageStage(name);
+
 	Utility::RemoveDirRecursive(path);
 	Application::RequestRestart();
 }
@@ -174,10 +166,7 @@ void ConfigPackageUtility::WriteStageConfig(const String& packageName, const Str
 
 void ConfigPackageUtility::ActivateStage(const String& packageName, const String& stageName)
 {
-	String activeStagePath = GetPackageDir() + "/" + packageName + "/active-stage";
-	std::ofstream fpActiveStage(activeStagePath.CStr(), std::ofstream::out | std::ostream::binary | std::ostream::trunc);
-	fpActiveStage << stageName;
-	fpActiveStage.close();
+	SetActiveStage(packageName, stageName);
 
 	WritePackageConfig(packageName);
 }
@@ -197,7 +186,8 @@ void ConfigPackageUtility::TryActivateStageCallback(const ProcessResult& pr, con
 	/* validation went fine, activate stage and reload */
 	if (pr.ExitStatus == 0) {
 		{
-			boost::mutex::scoped_lock lock(GetStaticMutex());
+			boost::mutex::scoped_lock lock(GetStaticPackageMutex());
+
 			ActivateStage(packageName, stageName);
 		}
 
@@ -217,14 +207,25 @@ void ConfigPackageUtility::AsyncTryActivateStage(const String& packageName, cons
 	// prepare arguments
 	Array::Ptr args = new Array({
 		Application::GetExePath(Application::GetArgV()[0]),
-		"daemon",
-		"--validate",
-		"--define",
-		"ActiveStageOverride=" + packageName + ":" + stageName
 	});
 
+	// copy all arguments of parent process
+	for (int i = 1; i < Application::GetArgC(); i++) {
+		String argV = Application::GetArgV()[i];
+
+		if (argV == "-d" || argV == "--daemonize")
+			continue;
+
+		args->Add(argV);
+	}
+
+	// add arguments for validation
+	args->Add("--validate");
+	args->Add("--define");
+	args->Add("ActiveStageOverride=" + packageName + ":" + stageName);
+
 	Process::Ptr process = new Process(Process::PrepareCommand(args));
-	process->SetTimeout(300);
+	process->SetTimeout(Application::GetReloadTimeout());
 	process->Run(std::bind(&TryActivateStageCallback, _1, packageName, stageName, reload));
 }
 
@@ -248,8 +249,11 @@ std::vector<String> ConfigPackageUtility::GetStages(const String& packageName)
 	return stages;
 }
 
-String ConfigPackageUtility::GetActiveStage(const String& packageName)
+String ConfigPackageUtility::GetActiveStageFromFile(const String& packageName)
 {
+	/* Lock the transaction, reading this only happens on startup or when something really is broken. */
+	boost::mutex::scoped_lock lock(GetStaticActiveStageMutex());
+
 	String path = GetPackageDir() + "/" + packageName + "/active-stage";
 
 	std::ifstream fp;
@@ -261,11 +265,63 @@ String ConfigPackageUtility::GetActiveStage(const String& packageName)
 	fp.close();
 
 	if (fp.fail())
-		return "";
+		return ""; /* Don't use exceptions here. The caller must deal with empty stages at this point. Happens on initial package creation for example. */
 
 	return stage.Trim();
 }
 
+void ConfigPackageUtility::SetActiveStageToFile(const String& packageName, const String& stageName)
+{
+	boost::mutex::scoped_lock lock(GetStaticActiveStageMutex());
+
+	String activeStagePath = GetPackageDir() + "/" + packageName + "/active-stage";
+
+	std::ofstream fpActiveStage(activeStagePath.CStr(), std::ofstream::out | std::ostream::binary | std::ostream::trunc); //TODO: fstream exceptions
+	fpActiveStage << stageName;
+	fpActiveStage.close();
+}
+
+String ConfigPackageUtility::GetActiveStage(const String& packageName)
+{
+	String activeStage;
+
+	ApiListener::Ptr listener = ApiListener::GetInstance();
+
+	/* If we don't have an API feature, just use the file storage without caching this.
+	 * This happens when ScheduledDowntime objects generate Downtime objects.
+	 * TODO: Make the API a first class citizen.
+	 */
+	if (!listener)
+		return GetActiveStageFromFile(packageName);
+
+	/* First use runtime state. */
+	try {
+		activeStage = listener->GetActivePackageStage(packageName);
+	} catch (const std::exception& ex) {
+		/* Fallback to reading the file, happens on restarts. */
+		activeStage = GetActiveStageFromFile(packageName);
+
+		/* When we've read something, correct memory. */
+		if (!activeStage.IsEmpty())
+			listener->SetActivePackageStage(packageName, activeStage);
+	}
+
+	return activeStage;
+}
+
+void ConfigPackageUtility::SetActiveStage(const String& packageName, const String& stageName)
+{
+	/* Update the marker on disk for restarts. */
+	SetActiveStageToFile(packageName, stageName);
+
+	ApiListener::Ptr listener = ApiListener::GetInstance();
+
+	/* No API, no caching. */
+	if (!listener)
+		return;
+
+	listener->SetActivePackageStage(packageName, stageName);
+}
 
 std::vector<std::pair<String, bool> > ConfigPackageUtility::GetFiles(const String& packageName, const String& stageName)
 {
@@ -326,7 +382,13 @@ bool ConfigPackageUtility::ValidateName(const String& name)
 	return (!boost::regex_search(name.GetData(), what, expr));
 }
 
-boost::mutex& ConfigPackageUtility::GetStaticMutex()
+boost::mutex& ConfigPackageUtility::GetStaticPackageMutex()
+{
+	static boost::mutex mutex;
+	return mutex;
+}
+
+boost::mutex& ConfigPackageUtility::GetStaticActiveStageMutex()
 {
 	static boost::mutex mutex;
 	return mutex;
diff --git a/lib/remote/configpackageutility.hpp b/lib/remote/configpackageutility.hpp
index bea1a5a51..9f105794c 100644
--- a/lib/remote/configpackageutility.hpp
+++ b/lib/remote/configpackageutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGMODULEUTILITY_H
 #define CONFIGMODULEUTILITY_H
@@ -49,7 +32,10 @@ public:
 	static String CreateStage(const String& packageName, const Dictionary::Ptr& files = nullptr);
 	static void DeleteStage(const String& packageName, const String& stageName);
 	static std::vector<String> GetStages(const String& packageName);
+	static String GetActiveStageFromFile(const String& packageName);
 	static String GetActiveStage(const String& packageName);
+	static void SetActiveStage(const String& packageName, const String& stageName);
+	static void SetActiveStageToFile(const String& packageName, const String& stageName);
 	static void ActivateStage(const String& packageName, const String& stageName);
 	static void AsyncTryActivateStage(const String& packageName, const String& stageName, bool reload);
 
@@ -58,7 +44,8 @@ public:
 	static bool ContainsDotDot(const String& path);
 	static bool ValidateName(const String& name);
 
-	static boost::mutex& GetStaticMutex();
+	static boost::mutex& GetStaticPackageMutex();
+	static boost::mutex& GetStaticActiveStageMutex();
 
 private:
 	static void CollectDirNames(const String& path, std::vector<String>& dirs);
diff --git a/lib/remote/configstageshandler.cpp b/lib/remote/configstageshandler.cpp
index 673e134a9..2730ac37b 100644
--- a/lib/remote/configstageshandler.cpp
+++ b/lib/remote/configstageshandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/configstageshandler.hpp"
 #include "remote/configpackageutility.hpp"
@@ -28,32 +11,51 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/config/stages", ConfigStagesHandler);
 
-bool ConfigStagesHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool ConfigStagesHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() > 5)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() > 5)
 		return false;
 
-	if (request.RequestMethod == "GET")
-		HandleGet(user, request, response, params);
-	else if (request.RequestMethod == "POST")
-		HandlePost(user, request, response, params);
-	else if (request.RequestMethod == "DELETE")
-		HandleDelete(user, request, response, params);
+	if (request.method() == http::verb::get)
+		HandleGet(user, request, url, response, params);
+	else if (request.method() == http::verb::post)
+		HandlePost(user, request, url, response, params);
+	else if (request.method() == http::verb::delete_)
+		HandleDelete(user, request, url, response, params);
 	else
 		return false;
 
 	return true;
 }
 
-void ConfigStagesHandler::HandleGet(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+void ConfigStagesHandler::HandleGet(
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params
+)
 {
+	namespace http = boost::beast::http;
+
 	FilterUtility::CheckPermission(user, "config/query");
 
-	if (request.RequestUrl->GetPath().size() >= 4)
-		params->Set("package", request.RequestUrl->GetPath()[3]);
+	if (url->GetPath().size() >= 4)
+		params->Set("package", url->GetPath()[3]);
 
-	if (request.RequestUrl->GetPath().size() >= 5)
-		params->Set("stage", request.RequestUrl->GetPath()[4]);
+	if (url->GetPath().size() >= 5)
+		params->Set("stage", url->GetPath()[4]);
 
 	String packageName = HttpUtility::GetLastParameter(params, "package");
 	String stageName = HttpUtility::GetLastParameter(params, "stage");
@@ -81,16 +83,24 @@ void ConfigStagesHandler::HandleGet(const ApiUser::Ptr& user, HttpRequest& reque
 		{ "results", new Array(std::move(results)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 }
 
-void ConfigStagesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+void ConfigStagesHandler::HandlePost(
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params
+)
 {
+	namespace http = boost::beast::http;
+
 	FilterUtility::CheckPermission(user, "config/modify");
 
-	if (request.RequestUrl->GetPath().size() >= 4)
-		params->Set("package", request.RequestUrl->GetPath()[3]);
+	if (url->GetPath().size() >= 4)
+		params->Set("package", url->GetPath()[3]);
 
 	String packageName = HttpUtility::GetLastParameter(params, "package");
 
@@ -110,7 +120,8 @@ void ConfigStagesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& requ
 		if (!files)
 			BOOST_THROW_EXCEPTION(std::invalid_argument("Parameter 'files' must be specified."));
 
-		boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticMutex());
+		boost::mutex::scoped_lock lock(ConfigPackageUtility::GetStaticPackageMutex());
+
 		stageName = ConfigPackageUtility::CreateStage(packageName, files);
 
 		/* validate the config. on success, activate stage and reload */
@@ -140,19 +151,27 @@ void ConfigStagesHandler::HandlePost(const ApiUser::Ptr& user, HttpRequest& requ
 		{ "results", new Array({ result1 }) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 }
 
-void ConfigStagesHandler::HandleDelete(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+void ConfigStagesHandler::HandleDelete(
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params
+)
 {
+	namespace http = boost::beast::http;
+
 	FilterUtility::CheckPermission(user, "config/modify");
 
-	if (request.RequestUrl->GetPath().size() >= 4)
-		params->Set("package", request.RequestUrl->GetPath()[3]);
+	if (url->GetPath().size() >= 4)
+		params->Set("package", url->GetPath()[3]);
 
-	if (request.RequestUrl->GetPath().size() >= 5)
-		params->Set("stage", request.RequestUrl->GetPath()[4]);
+	if (url->GetPath().size() >= 5)
+		params->Set("stage", url->GetPath()[4]);
 
 	String packageName = HttpUtility::GetLastParameter(params, "package");
 	String stageName = HttpUtility::GetLastParameter(params, "stage");
@@ -182,7 +201,7 @@ void ConfigStagesHandler::HandleDelete(const ApiUser::Ptr& user, HttpRequest& re
 		{ "results", new Array({ result1 }) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 }
 
diff --git a/lib/remote/configstageshandler.hpp b/lib/remote/configstageshandler.hpp
index 159856e51..c6d644366 100644
--- a/lib/remote/configstageshandler.hpp
+++ b/lib/remote/configstageshandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONFIGSTAGESHANDLER_H
 #define CONFIGSTAGESHANDLER_H
@@ -30,16 +13,39 @@ class ConfigStagesHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(ConfigStagesHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 
 private:
-	void HandleGet(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params);
-	void HandlePost(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params);
-	void HandleDelete(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params);
+	void HandleGet(
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params
+	);
+	void HandlePost(
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params
+	);
+	void HandleDelete(
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params
+	);
 
 };
 
diff --git a/lib/remote/consolehandler.cpp b/lib/remote/consolehandler.cpp
index 5c5af049d..e836f8844 100644
--- a/lib/remote/consolehandler.cpp
+++ b/lib/remote/consolehandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/consolehandler.hpp"
 #include "remote/httputility.hpp"
@@ -27,7 +10,9 @@
 #include "base/logger.hpp"
 #include "base/serializer.hpp"
 #include "base/timer.hpp"
+#include "base/namespace.hpp"
 #include "base/initialize.hpp"
+#include "base/utility.hpp"
 #include <boost/thread/once.hpp>
 #include <set>
 
@@ -69,17 +54,28 @@ static void EnsureFrameCleanupTimer()
 	});
 }
 
-bool ConsoleHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool ConsoleHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() != 3)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() != 3)
 		return false;
 
-	if (request.RequestMethod != "POST")
+	if (request.method() != http::verb::post)
 		return false;
 
 	QueryDescription qd;
 
-	String methodName = request.RequestUrl->GetPath()[2];
+	String methodName = url->GetPath()[2];
 
 	FilterUtility::CheckPermission(user, "console");
 
@@ -101,9 +97,12 @@ bool ConsoleHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& reques
 	return true;
 }
 
-bool ConsoleHandler::ExecuteScriptHelper(HttpRequest& request, HttpResponse& response,
+bool ConsoleHandler::ExecuteScriptHelper(boost::beast::http::request<boost::beast::http::string_body>& request,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
 	const Dictionary::Ptr& params, const String& command, const String& session, bool sandboxed)
 {
+	namespace http = boost::beast::http;
+
 	Log(LogNotice, "Console")
 		<< "Executing expression: " << command;
 
@@ -167,15 +166,18 @@ bool ConsoleHandler::ExecuteScriptHelper(HttpRequest& request, HttpResponse& res
 		{ "results", new Array({ resultInfo }) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
 }
 
-bool ConsoleHandler::AutocompleteScriptHelper(HttpRequest& request, HttpResponse& response,
+bool ConsoleHandler::AutocompleteScriptHelper(boost::beast::http::request<boost::beast::http::string_body>& request,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
 	const Dictionary::Ptr& params, const String& command, const String& session, bool sandboxed)
 {
+	namespace http = boost::beast::http;
+
 	Log(LogInformation, "Console")
 		<< "Auto-completing expression: " << command;
 
@@ -203,7 +205,7 @@ bool ConsoleHandler::AutocompleteScriptHelper(HttpRequest& request, HttpResponse
 		{ "results", new Array({ result1 }) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
@@ -233,6 +235,15 @@ static void AddSuggestions(std::vector<String>& matches, const String& word, con
 		}
 	}
 
+	if (value.IsObjectType<Namespace>()) {
+		Namespace::Ptr ns = value;
+
+		ObjectLock olock(ns);
+		for (const Namespace::Pair& kv : ns) {
+			AddSuggestion(matches, word, prefix + kv.first);
+		}
+	}
+
 	if (withFields) {
 		Type::Ptr type = value.GetReflectionType();
 
@@ -275,18 +286,17 @@ std::vector<String> ConsoleHandler::GetAutocompletionSuggestions(const String& w
 
 	{
 		ObjectLock olock(ScriptGlobal::GetGlobals());
-		for (const Dictionary::Pair& kv : ScriptGlobal::GetGlobals()) {
+		for (const Namespace::Pair& kv : ScriptGlobal::GetGlobals()) {
 			AddSuggestion(matches, word, kv.first);
 		}
 	}
 
-	{
-		Array::Ptr imports = ScriptFrame::GetImports();
-		ObjectLock olock(imports);
-		for (const Value& import : imports) {
-			AddSuggestions(matches, word, "", false, import);
-		}
-	}
+	Namespace::Ptr systemNS = ScriptGlobal::Get("System");
+
+	AddSuggestions(matches, word, "", false, systemNS);
+	AddSuggestions(matches, word, "", true, systemNS->Get("Configuration"));
+	AddSuggestions(matches, word, "", false, ScriptGlobal::Get("Types"));
+	AddSuggestions(matches, word, "", false, ScriptGlobal::Get("Icinga"));
 
 	String::SizeType cperiod = word.RFind(".");
 
diff --git a/lib/remote/consolehandler.hpp b/lib/remote/consolehandler.hpp
index 762cb83d4..df0d77d01 100644
--- a/lib/remote/consolehandler.hpp
+++ b/lib/remote/consolehandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CONSOLEHANDLER_H
 #define CONSOLEHANDLER_H
@@ -39,15 +22,25 @@ class ConsoleHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(ConsoleHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 
 	static std::vector<String> GetAutocompletionSuggestions(const String& word, ScriptFrame& frame);
 
 private:
-	static bool ExecuteScriptHelper(HttpRequest& request, HttpResponse& response,
+	static bool ExecuteScriptHelper(boost::beast::http::request<boost::beast::http::string_body>& request,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
 		const Dictionary::Ptr& params, const String& command, const String& session, bool sandboxed);
-	static bool AutocompleteScriptHelper(HttpRequest& request, HttpResponse& response,
+	static bool AutocompleteScriptHelper(boost::beast::http::request<boost::beast::http::string_body>& request,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
 		const Dictionary::Ptr& params, const String& command, const String& session, bool sandboxed);
 
 };
diff --git a/lib/remote/createobjecthandler.cpp b/lib/remote/createobjecthandler.cpp
index a365ed664..c01b23641 100644
--- a/lib/remote/createobjecthandler.cpp
+++ b/lib/remote/createobjecthandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/createobjecthandler.hpp"
 #include "remote/configobjectutility.hpp"
@@ -31,15 +14,26 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/objects", CreateObjectHandler);
 
-bool CreateObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool CreateObjectHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() != 4)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() != 4)
 		return false;
 
-	if (request.RequestMethod != "PUT")
+	if (request.method() != http::verb::put)
 		return false;
 
-	Type::Ptr type = FilterUtility::TypeFromPluralName(request.RequestUrl->GetPath()[2]);
+	Type::Ptr type = FilterUtility::TypeFromPluralName(url->GetPath()[2]);
 
 	if (!type) {
 		HttpUtility::SendJsonError(response, params, 400, "Invalid type specified.");
@@ -48,7 +42,7 @@ bool CreateObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 
 	FilterUtility::CheckPermission(user, "objects/create/" + type->GetName());
 
-	String name = request.RequestUrl->GetPath()[3];
+	String name = url->GetPath()[3];
 	Array::Ptr templates = params->Get("templates");
 	Dictionary::Ptr attrs = params->Get("attrs");
 
@@ -116,7 +110,7 @@ bool CreateObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 		result1->Set("code", 500);
 		result1->Set("status", "Object could not be created.");
 
-		response.SetStatus(500, "Object could not be created");
+		response.result(http::status::internal_server_error);
 		HttpUtility::SendJsonBody(response, params, result);
 
 		return true;
@@ -130,7 +124,7 @@ bool CreateObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 		if (verbose)
 			result1->Set("diagnostic_information", diagnosticInformation);
 
-		response.SetStatus(500, "Object could not be created");
+		response.result(http::status::internal_server_error);
 		HttpUtility::SendJsonBody(response, params, result);
 
 		return true;
@@ -146,7 +140,7 @@ bool CreateObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 	else if (!obj && ignoreOnError)
 		result1->Set("status", "Object was not created but 'ignore_on_error' was set to true");
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
diff --git a/lib/remote/createobjecthandler.hpp b/lib/remote/createobjecthandler.hpp
index 12dc12377..4bcf21b55 100644
--- a/lib/remote/createobjecthandler.hpp
+++ b/lib/remote/createobjecthandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CREATEOBJECTHANDLER_H
 #define CREATEOBJECTHANDLER_H
@@ -30,8 +13,16 @@ class CreateObjectHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(CreateObjectHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/deleteobjecthandler.cpp b/lib/remote/deleteobjecthandler.cpp
index 0d4053df3..2edb0e455 100644
--- a/lib/remote/deleteobjecthandler.cpp
+++ b/lib/remote/deleteobjecthandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/deleteobjecthandler.hpp"
 #include "remote/configobjectutility.hpp"
@@ -31,15 +14,26 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/objects", DeleteObjectHandler);
 
-bool DeleteObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool DeleteObjectHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() < 3 || request.RequestUrl->GetPath().size() > 4)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() < 3 || url->GetPath().size() > 4)
 		return false;
 
-	if (request.RequestMethod != "DELETE")
+	if (request.method() != http::verb::delete_)
 		return false;
 
-	Type::Ptr type = FilterUtility::TypeFromPluralName(request.RequestUrl->GetPath()[2]);
+	Type::Ptr type = FilterUtility::TypeFromPluralName(url->GetPath()[2]);
 
 	if (!type) {
 		HttpUtility::SendJsonError(response, params, 400, "Invalid type specified.");
@@ -52,10 +46,10 @@ bool DeleteObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 
 	params->Set("type", type->GetName());
 
-	if (request.RequestUrl->GetPath().size() >= 4) {
+	if (url->GetPath().size() >= 4) {
 		String attr = type->GetName();
 		boost::algorithm::to_lower(attr);
-		params->Set(attr, request.RequestUrl->GetPath()[3]);
+		params->Set(attr, url->GetPath()[3]);
 	}
 
 	std::vector<Value> objs;
@@ -110,9 +104,9 @@ bool DeleteObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 	});
 
 	if (!success)
-		response.SetStatus(500, "One or more objects could not be deleted");
+		response.result(http::status::internal_server_error);
 	else
-		response.SetStatus(200, "OK");
+		response.result(http::status::ok);
 
 	HttpUtility::SendJsonBody(response, params, result);
 
diff --git a/lib/remote/deleteobjecthandler.hpp b/lib/remote/deleteobjecthandler.hpp
index 77e68ea5b..19a46e475 100644
--- a/lib/remote/deleteobjecthandler.hpp
+++ b/lib/remote/deleteobjecthandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef DELETEOBJECTHANDLER_H
 #define DELETEOBJECTHANDLER_H
@@ -30,8 +13,16 @@ class DeleteObjectHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(DeleteObjectHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/endpoint.cpp b/lib/remote/endpoint.cpp
index 2b2fb655b..155532d5a 100644
--- a/lib/remote/endpoint.cpp
+++ b/lib/remote/endpoint.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/endpoint.hpp"
 #include "remote/endpoint-ti.cpp"
diff --git a/lib/remote/endpoint.hpp b/lib/remote/endpoint.hpp
index 41aea0270..7c490514d 100644
--- a/lib/remote/endpoint.hpp
+++ b/lib/remote/endpoint.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ENDPOINT_H
 #define ENDPOINT_H
diff --git a/lib/remote/endpoint.ti b/lib/remote/endpoint.ti
index 079782053..1c3b654d1 100644
--- a/lib/remote/endpoint.ti
+++ b/lib/remote/endpoint.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
diff --git a/lib/remote/eventqueue.cpp b/lib/remote/eventqueue.cpp
index 5f3b01a2f..5b6219c10 100644
--- a/lib/remote/eventqueue.cpp
+++ b/lib/remote/eventqueue.cpp
@@ -1,26 +1,17 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
+#include "config/configcompiler.hpp"
 #include "remote/eventqueue.hpp"
 #include "remote/filterutility.hpp"
+#include "base/io-engine.hpp"
 #include "base/singleton.hpp"
 #include "base/logger.hpp"
+#include "base/utility.hpp"
+#include <boost/asio/spawn.hpp>
+#include <boost/date_time/posix_time/posix_time_duration.hpp>
+#include <boost/date_time/posix_time/ptime.hpp>
+#include <boost/system/error_code.hpp>
+#include <utility>
 
 using namespace icinga;
 
@@ -37,7 +28,8 @@ bool EventQueue::CanProcessEvent(const String& type) const
 
 void EventQueue::ProcessEvent(const Dictionary::Ptr& event)
 {
-	ScriptFrame frame(true);
+	Namespace::Ptr frameNS = new Namespace();
+	ScriptFrame frame(true, frameNS);
 	frame.Sandboxed = true;
 
 	try {
@@ -65,6 +57,10 @@ void EventQueue::AddClient(void *client)
 
 	auto result = m_Events.insert(std::make_pair(client, std::deque<Dictionary::Ptr>()));
 	ASSERT(result.second);
+
+#ifndef I2_DEBUG
+	(void)result;
+#endif /* I2_DEBUG */
 }
 
 void EventQueue::RemoveClient(void *client)
@@ -94,25 +90,6 @@ void EventQueue::SetFilter(std::unique_ptr<Expression> filter)
 	m_Filter.swap(filter);
 }
 
-Dictionary::Ptr EventQueue::WaitForEvent(void *client, double timeout)
-{
-	boost::mutex::scoped_lock lock(m_Mutex);
-
-	for (;;) {
-		auto it = m_Events.find(client);
-		ASSERT(it != m_Events.end());
-
-		if (!it->second.empty()) {
-			Dictionary::Ptr result = *it->second.begin();
-			it->second.pop_front();
-			return result;
-		}
-
-		if (!m_CV.timed_wait(lock, boost::posix_time::milliseconds(long(timeout * 1000))))
-			return nullptr;
-	}
-}
-
 std::vector<EventQueue::Ptr> EventQueue::GetQueuesForType(const String& type)
 {
 	EventQueueRegistry::ItemMap queues = EventQueueRegistry::GetInstance()->GetItems();
@@ -147,3 +124,208 @@ EventQueueRegistry *EventQueueRegistry::GetInstance()
 {
 	return Singleton<EventQueueRegistry>::GetInstance();
 }
+
+std::mutex EventsInbox::m_FiltersMutex;
+std::map<String, EventsInbox::Filter> EventsInbox::m_Filters ({{"", EventsInbox::Filter{1, nullptr}}});
+
+EventsRouter EventsRouter::m_Instance;
+
+EventsInbox::EventsInbox(String filter, const String& filterSource)
+	: m_Timer(IoEngine::Get().GetIoContext())
+{
+	std::unique_lock<std::mutex> lock (m_FiltersMutex);
+	m_Filter = m_Filters.find(filter);
+
+	if (m_Filter == m_Filters.end()) {
+		lock.unlock();
+
+		auto expr (ConfigCompiler::CompileText(filterSource, filter));
+
+		lock.lock();
+
+		m_Filter = m_Filters.find(filter);
+
+		if (m_Filter == m_Filters.end()) {
+			m_Filter = m_Filters.emplace(std::move(filter), Filter{1, std::shared_ptr<Expression>(expr.release())}).first;
+		} else {
+			++m_Filter->second.Refs;
+		}
+	} else {
+		++m_Filter->second.Refs;
+	}
+}
+
+EventsInbox::~EventsInbox()
+{
+	std::unique_lock<std::mutex> lock (m_FiltersMutex);
+
+	if (!--m_Filter->second.Refs) {
+		m_Filters.erase(m_Filter);
+	}
+}
+
+const std::shared_ptr<Expression>& EventsInbox::GetFilter()
+{
+	return m_Filter->second.Expr;
+}
+
+void EventsInbox::Push(Dictionary::Ptr event)
+{
+	std::unique_lock<std::mutex> lock (m_Mutex);
+
+	m_Queue.emplace(std::move(event));
+	m_Timer.expires_at(boost::posix_time::neg_infin);
+}
+
+Dictionary::Ptr EventsInbox::Shift(boost::asio::yield_context yc, double timeout)
+{
+	std::unique_lock<std::mutex> lock (m_Mutex, std::defer_lock);
+
+	m_Timer.expires_at(boost::posix_time::neg_infin);
+
+	{
+		boost::system::error_code ec;
+
+		while (!lock.try_lock()) {
+			m_Timer.async_wait(yc[ec]);
+		}
+	}
+
+	if (m_Queue.empty()) {
+		m_Timer.expires_from_now(boost::posix_time::milliseconds((unsigned long)(timeout * 1000.0)));
+		lock.unlock();
+
+		{
+			boost::system::error_code ec;
+			m_Timer.async_wait(yc[ec]);
+
+			while (!lock.try_lock()) {
+				m_Timer.async_wait(yc[ec]);
+			}
+		}
+
+		if (m_Queue.empty()) {
+			return nullptr;
+		}
+	}
+
+	auto event (std::move(m_Queue.front()));
+	m_Queue.pop();
+	return std::move(event);
+}
+
+EventsSubscriber::EventsSubscriber(std::set<EventType> types, String filter, const String& filterSource)
+	: m_Types(std::move(types)), m_Inbox(new EventsInbox(std::move(filter), filterSource))
+{
+	EventsRouter::GetInstance().Subscribe(m_Types, m_Inbox);
+}
+
+EventsSubscriber::~EventsSubscriber()
+{
+	EventsRouter::GetInstance().Unsubscribe(m_Types, m_Inbox);
+}
+
+const EventsInbox::Ptr& EventsSubscriber::GetInbox()
+{
+	return m_Inbox;
+}
+
+EventsFilter::EventsFilter(std::map<std::shared_ptr<Expression>, std::set<EventsInbox::Ptr>> inboxes)
+	: m_Inboxes(std::move(inboxes))
+{
+}
+
+EventsFilter::operator bool()
+{
+	return !m_Inboxes.empty();
+}
+
+void EventsFilter::Push(Dictionary::Ptr event)
+{
+	for (auto& perFilter : m_Inboxes) {
+		if (perFilter.first) {
+			ScriptFrame frame(true, new Namespace());
+			frame.Sandboxed = true;
+
+			try {
+				if (!FilterUtility::EvaluateFilter(frame, perFilter.first.get(), event, "event")) {
+					continue;
+				}
+			} catch (const std::exception& ex) {
+				Log(LogWarning, "EventQueue")
+					<< "Error occurred while evaluating event filter for queue: " << DiagnosticInformation(ex);
+				continue;
+			}
+		}
+
+		for (auto& inbox : perFilter.second) {
+			inbox->Push(event);
+		}
+	}
+}
+
+EventsRouter& EventsRouter::GetInstance()
+{
+	return m_Instance;
+}
+
+void EventsRouter::Subscribe(const std::set<EventType>& types, const EventsInbox::Ptr& inbox)
+{
+	const auto& filter (inbox->GetFilter());
+	std::unique_lock<std::mutex> lock (m_Mutex);
+
+	for (auto type : types) {
+		auto perType (m_Subscribers.find(type));
+
+		if (perType == m_Subscribers.end()) {
+			perType = m_Subscribers.emplace(type, decltype(perType->second)()).first;
+		}
+
+		auto perFilter (perType->second.find(filter));
+
+		if (perFilter == perType->second.end()) {
+			perFilter = perType->second.emplace(filter, decltype(perFilter->second)()).first;
+		}
+
+		perFilter->second.emplace(inbox);
+	}
+}
+
+void EventsRouter::Unsubscribe(const std::set<EventType>& types, const EventsInbox::Ptr& inbox)
+{
+	const auto& filter (inbox->GetFilter());
+	std::unique_lock<std::mutex> lock (m_Mutex);
+
+	for (auto type : types) {
+		auto perType (m_Subscribers.find(type));
+
+		if (perType != m_Subscribers.end()) {
+			auto perFilter (perType->second.find(filter));
+
+			if (perFilter != perType->second.end()) {
+				perFilter->second.erase(inbox);
+
+				if (perFilter->second.empty()) {
+					perType->second.erase(perFilter);
+				}
+			}
+
+			if (perType->second.empty()) {
+				m_Subscribers.erase(perType);
+			}
+		}
+	}
+}
+
+EventsFilter EventsRouter::GetInboxes(EventType type)
+{
+	std::unique_lock<std::mutex> lock (m_Mutex);
+
+	auto perType (m_Subscribers.find(type));
+
+	if (perType == m_Subscribers.end()) {
+		return EventsFilter({});
+	}
+
+	return EventsFilter(perType->second);
+}
diff --git a/lib/remote/eventqueue.hpp b/lib/remote/eventqueue.hpp
index 56fe23c6f..ec389929a 100644
--- a/lib/remote/eventqueue.hpp
+++ b/lib/remote/eventqueue.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EVENTQUEUE_H
 #define EVENTQUEUE_H
@@ -23,11 +6,17 @@
 #include "remote/httphandler.hpp"
 #include "base/object.hpp"
 #include "config/expression.hpp"
+#include <boost/asio/deadline_timer.hpp>
+#include <boost/asio/spawn.hpp>
 #include <boost/thread/mutex.hpp>
 #include <boost/thread/condition_variable.hpp>
+#include <cstddef>
+#include <cstdint>
+#include <mutex>
 #include <set>
 #include <map>
 #include <deque>
+#include <queue>
 
 namespace icinga
 {
@@ -47,8 +36,6 @@ public:
 	void SetTypes(const std::set<String>& types);
 	void SetFilter(std::unique_ptr<Expression> filter);
 
-	Dictionary::Ptr WaitForEvent(void *client, double timeout = 5);
-
 	static std::vector<EventQueue::Ptr> GetQueuesForType(const String& type);
 	static void UnregisterIfUnused(const String& name, const EventQueue::Ptr& queue);
 
@@ -79,6 +66,108 @@ public:
 	static EventQueueRegistry *GetInstance();
 };
 
+enum class EventType : uint_fast8_t
+{
+	AcknowledgementCleared,
+	AcknowledgementSet,
+	CheckResult,
+	CommentAdded,
+	CommentRemoved,
+	DowntimeAdded,
+	DowntimeRemoved,
+	DowntimeStarted,
+	DowntimeTriggered,
+	Flapping,
+	Notification,
+	StateChange
+};
+
+class EventsInbox : public Object
+{
+public:
+	DECLARE_PTR_TYPEDEFS(EventsInbox);
+
+	EventsInbox(String filter, const String& filterSource);
+	EventsInbox(const EventsInbox&) = delete;
+	EventsInbox(EventsInbox&&) = delete;
+	EventsInbox& operator=(const EventsInbox&) = delete;
+	EventsInbox& operator=(EventsInbox&&) = delete;
+	~EventsInbox();
+
+	const std::shared_ptr<Expression>& GetFilter();
+
+	void Push(Dictionary::Ptr event);
+	Dictionary::Ptr Shift(boost::asio::yield_context yc, double timeout = 5);
+
+private:
+	struct Filter
+	{
+		std::size_t Refs;
+		std::shared_ptr<Expression> Expr;
+	};
+
+	static std::mutex m_FiltersMutex;
+	static std::map<String, Filter> m_Filters;
+
+	std::mutex m_Mutex;
+	decltype(m_Filters.begin()) m_Filter;
+	std::queue<Dictionary::Ptr> m_Queue;
+	boost::asio::deadline_timer m_Timer;
+};
+
+class EventsSubscriber
+{
+public:
+	EventsSubscriber(std::set<EventType> types, String filter, const String& filterSource);
+	EventsSubscriber(const EventsSubscriber&) = delete;
+	EventsSubscriber(EventsSubscriber&&) = delete;
+	EventsSubscriber& operator=(const EventsSubscriber&) = delete;
+	EventsSubscriber& operator=(EventsSubscriber&&) = delete;
+	~EventsSubscriber();
+
+	const EventsInbox::Ptr& GetInbox();
+
+private:
+	std::set<EventType> m_Types;
+	EventsInbox::Ptr m_Inbox;
+};
+
+class EventsFilter
+{
+public:
+	EventsFilter(std::map<std::shared_ptr<Expression>, std::set<EventsInbox::Ptr>> inboxes);
+
+	operator bool();
+
+	void Push(Dictionary::Ptr event);
+
+private:
+	std::map<std::shared_ptr<Expression>, std::set<EventsInbox::Ptr>> m_Inboxes;
+};
+
+class EventsRouter
+{
+public:
+	static EventsRouter& GetInstance();
+
+	void Subscribe(const std::set<EventType>& types, const EventsInbox::Ptr& inbox);
+	void Unsubscribe(const std::set<EventType>& types, const EventsInbox::Ptr& inbox);
+	EventsFilter GetInboxes(EventType type);
+
+private:
+	static EventsRouter m_Instance;
+
+	EventsRouter() = default;
+	EventsRouter(const EventsRouter&) = delete;
+	EventsRouter(EventsRouter&&) = delete;
+	EventsRouter& operator=(const EventsRouter&) = delete;
+	EventsRouter& operator=(EventsRouter&&) = delete;
+	~EventsRouter() = default;
+
+	std::mutex m_Mutex;
+	std::map<EventType, std::map<std::shared_ptr<Expression>, std::set<EventsInbox::Ptr>>> m_Subscribers;
+};
+
 }
 
 #endif /* EVENTQUEUE_H */
diff --git a/lib/remote/eventshandler.cpp b/lib/remote/eventshandler.cpp
index bfdca28dc..e92b14a2d 100644
--- a/lib/remote/eventshandler.cpp
+++ b/lib/remote/eventshandler.cpp
@@ -1,44 +1,62 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/eventshandler.hpp"
 #include "remote/httputility.hpp"
 #include "remote/filterutility.hpp"
 #include "config/configcompiler.hpp"
 #include "config/expression.hpp"
+#include "base/defer.hpp"
+#include "base/io-engine.hpp"
 #include "base/objectlock.hpp"
 #include "base/json.hpp"
+#include <boost/asio/buffer.hpp>
+#include <boost/asio/write.hpp>
 #include <boost/algorithm/string/replace.hpp>
+#include <map>
+#include <set>
 
 using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/events", EventsHandler);
 
-bool EventsHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+const std::map<String, EventType> l_EventTypes ({
+	{"AcknowledgementCleared", EventType::AcknowledgementCleared},
+	{"AcknowledgementSet", EventType::AcknowledgementSet},
+	{"CheckResult", EventType::CheckResult},
+	{"CommentAdded", EventType::CommentAdded},
+	{"CommentRemoved", EventType::CommentRemoved},
+	{"DowntimeAdded", EventType::DowntimeAdded},
+	{"DowntimeRemoved", EventType::DowntimeRemoved},
+	{"DowntimeStarted", EventType::DowntimeStarted},
+	{"DowntimeTriggered", EventType::DowntimeTriggered},
+	{"Flapping", EventType::Flapping},
+	{"Notification", EventType::Notification},
+	{"StateChange", EventType::StateChange}
+});
+
+const String l_ApiQuery ("<API query>");
+
+bool EventsHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() != 2)
+	namespace asio = boost::asio;
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() != 2)
 		return false;
 
-	if (request.RequestMethod != "POST")
+	if (request.method() != http::verb::post)
 		return false;
 
-	if (request.ProtocolVersion == HttpVersion10) {
+	if (request.version() == 10) {
 		HttpUtility::SendJsonError(response, params, 400, "HTTP/1.0 not supported for event streams.");
 		return true;
 	}
@@ -64,53 +82,53 @@ bool EventsHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request
 		return true;
 	}
 
-	String filter = HttpUtility::GetLastParameter(params, "filter");
+	std::set<EventType> eventTypes;
 
-	std::unique_ptr<Expression> ufilter;
+	{
+		ObjectLock olock(types);
+		for (const String& type : types) {
+			auto typeId (l_EventTypes.find(type));
 
-	if (!filter.IsEmpty())
-		ufilter = ConfigCompiler::CompileText("<API query>", filter);
-
-	/* create a new queue or update an existing one */
-	EventQueue::Ptr queue = EventQueue::GetByName(queueName);
-
-	if (!queue) {
-		queue = new EventQueue(queueName);
-		EventQueue::Register(queueName, queue);
+			if (typeId != l_EventTypes.end()) {
+				eventTypes.emplace(typeId->second);
+			}
+		}
 	}
 
-	queue->SetTypes(types->ToSet<String>());
-	queue->SetFilter(std::move(ufilter));
+	EventsSubscriber subscriber (std::move(eventTypes), HttpUtility::GetLastParameter(params, "filter"), l_ApiQuery);
 
-	queue->AddClient(&request);
+	server.StartStreaming();
 
-	response.SetStatus(200, "OK");
-	response.AddHeader("Content-Type", "application/json");
+	response.result(http::status::ok);
+	response.set(http::field::content_type, "application/json");
+
+	IoBoundWorkSlot dontLockTheIoThread (yc);
+
+	http::async_write(stream, response, yc);
+	stream.async_flush(yc);
+
+	asio::const_buffer newLine ("\n", 1);
 
 	for (;;) {
-		Dictionary::Ptr result = queue->WaitForEvent(&request);
+		auto event (subscriber.GetInbox()->Shift(yc));
 
-		if (!response.IsPeerConnected()) {
-			queue->RemoveClient(&request);
-			EventQueue::UnregisterIfUnused(queueName, queue);
+		if (event) {
+			CpuBoundWork buildingResponse (yc);
+
+			String body = JsonEncode(event);
+
+			boost::algorithm::replace_all(body, "\n", "");
+
+			asio::const_buffer payload (body.CStr(), body.GetLength());
+
+			buildingResponse.Done();
+
+			asio::async_write(stream, payload, yc);
+			asio::async_write(stream, newLine, yc);
+			stream.async_flush(yc);
+		} else if (server.Disconnected()) {
 			return true;
 		}
-
-		if (!result)
-			continue;
-
-		String body = JsonEncode(result);
-
-		boost::algorithm::replace_all(body, "\n", "");
-
-		try {
-			response.WriteBody(body.CStr(), body.GetLength());
-			response.WriteBody("\n", 1);
-		} catch (const std::exception&) {
-			queue->RemoveClient(&request);
-			EventQueue::UnregisterIfUnused(queueName, queue);
-			throw;
-		}
 	}
 }
 
diff --git a/lib/remote/eventshandler.hpp b/lib/remote/eventshandler.hpp
index 0e89972e9..c823415d3 100644
--- a/lib/remote/eventshandler.hpp
+++ b/lib/remote/eventshandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EVENTSHANDLER_H
 #define EVENTSHANDLER_H
@@ -31,8 +14,16 @@ class EventsHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(EventsHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/filterutility.cpp b/lib/remote/filterutility.cpp
index f17c5e3d4..40498f306 100644
--- a/lib/remote/filterutility.cpp
+++ b/lib/remote/filterutility.cpp
@@ -1,29 +1,14 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/filterutility.hpp"
 #include "remote/httputility.hpp"
 #include "config/configcompiler.hpp"
 #include "config/expression.hpp"
+#include "base/namespace.hpp"
 #include "base/json.hpp"
 #include "base/configtype.hpp"
 #include "base/logger.hpp"
+#include "base/utility.hpp"
 #include <boost/algorithm/string/case_conv.hpp>
 
 using namespace icinga;
@@ -95,16 +80,22 @@ bool FilterUtility::EvaluateFilter(ScriptFrame& frame, Expression *filter,
 	else
 		varName = variableName;
 
-	Dictionary::Ptr vars;
+	Namespace::Ptr frameNS;
 
 	if (frame.Self.IsEmpty()) {
-		vars = new Dictionary();
-		frame.Self = vars;
-	} else
-		vars = frame.Self;
+		frameNS = new Namespace();
+		frame.Self = frameNS;
+	} else {
+		/* Enforce a namespace object for 'frame.self'. */
+		ASSERT(frame.Self.IsObjectType<Namespace>());
 
-	vars->Set("obj", target);
-	vars->Set(varName, target);
+		frameNS = frame.Self;
+
+		ASSERT(frameNS != ScriptGlobal::GetGlobals());
+	}
+
+	frameNS->Set("obj", target);
+	frameNS->Set(varName, target);
 
 	for (int fid = 0; fid < type->GetFieldCount(); fid++) {
 		Field field = type->GetFieldInfo(fid);
@@ -115,9 +106,9 @@ bool FilterUtility::EvaluateFilter(ScriptFrame& frame, Expression *filter,
 		Object::Ptr joinedObj = target->NavigateField(fid);
 
 		if (field.NavigationName)
-			vars->Set(field.NavigationName, joinedObj);
+			frameNS->Set(field.NavigationName, joinedObj);
 		else
-			vars->Set(field.Name, joinedObj);
+			frameNS->Set(field.Name, joinedObj);
 	}
 
 	return Convert::ToBool(filter->Evaluate(frame));
@@ -126,8 +117,11 @@ bool FilterUtility::EvaluateFilter(ScriptFrame& frame, Expression *filter,
 static void FilteredAddTarget(ScriptFrame& permissionFrame, Expression *permissionFilter,
 	ScriptFrame& frame, Expression *ufilter, std::vector<Value>& result, const String& variableName, const Object::Ptr& target)
 {
-	if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target, variableName) && FilterUtility::EvaluateFilter(frame, ufilter, target, variableName))
-		result.emplace_back(target);
+	if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target, variableName)) {
+		if (FilterUtility::EvaluateFilter(frame, ufilter, target, variableName)) {
+			result.emplace_back(std::move(target));
+		}
+	}
 }
 
 void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
@@ -163,7 +157,7 @@ void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& perm
 
 			if (filter && permissionFilter) {
 				std::vector<std::unique_ptr<Expression> > args;
-				args.emplace_back(new GetScopeExpression(ScopeLocal));
+				args.emplace_back(new GetScopeExpression(ScopeThis));
 				std::unique_ptr<Expression> indexer{new IndexerExpression(std::unique_ptr<Expression>(MakeLiteral(filter)), std::unique_ptr<Expression>(MakeLiteral("call")))};
 				FunctionCallExpression *fexpr = new FunctionCallExpression(std::move(indexer), std::move(args));
 
@@ -197,7 +191,8 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 	Expression *permissionFilter;
 	CheckPermission(user, qd.Permission, &permissionFilter);
 
-	ScriptFrame permissionFrame(true);
+	Namespace::Ptr permissionFrameNS = new Namespace();
+	ScriptFrame permissionFrame(false, permissionFrameNS);
 
 	for (const String& type : qd.Types) {
 		String attr = type;
@@ -206,7 +201,7 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 		if (attr == "type")
 			attr = "name";
 
-		if (query->Contains(attr)) {
+		if (query && query->Contains(attr)) {
 			String name = HttpUtility::GetLastParameter(query, attr);
 			Object::Ptr target = provider->GetTargetByName(type, name);
 
@@ -219,7 +214,7 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 		attr = provider->GetPluralName(type);
 		boost::algorithm::to_lower(attr);
 
-		if (query->Contains(attr)) {
+		if (query && query->Contains(attr)) {
 			Array::Ptr names = query->Get(attr);
 			if (names) {
 				ObjectLock olock(names);
@@ -235,7 +230,7 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 		}
 	}
 
-	if (query->Contains("filter") || result.empty()) {
+	if ((query && query->Contains("filter")) || result.empty()) {
 		if (!query->Contains("type"))
 			BOOST_THROW_EXCEPTION(std::invalid_argument("Type must be specified when using a filter."));
 
@@ -247,30 +242,33 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 		if (qd.Types.find(type) == qd.Types.end())
 			BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid type specified for this query."));
 
-		ScriptFrame frame(true);
+		Namespace::Ptr frameNS = new Namespace();
+		ScriptFrame frame(false, frameNS);
 		frame.Sandboxed = true;
-		Dictionary::Ptr uvars = new Dictionary();
-
-		std::unique_ptr<Expression> ufilter;
 
 		if (query->Contains("filter")) {
 			String filter = HttpUtility::GetLastParameter(query, "filter");
-			ufilter = ConfigCompiler::CompileText("<API query>", filter);
-		}
+			std::unique_ptr<Expression> ufilter = ConfigCompiler::CompileText("<API query>", filter);
 
-		Dictionary::Ptr filter_vars = query->Get("filter_vars");
-		if (filter_vars) {
-			ObjectLock olock(filter_vars);
-			for (const Dictionary::Pair& kv : filter_vars) {
-				uvars->Set(kv.first, kv.second);
+			Dictionary::Ptr filter_vars = query->Get("filter_vars");
+			if (filter_vars) {
+				ObjectLock olock(filter_vars);
+				for (const Dictionary::Pair& kv : filter_vars) {
+					frameNS->Set(kv.first, kv.second);
+				}
 			}
+
+			provider->FindTargets(type, std::bind(&FilteredAddTarget,
+				std::ref(permissionFrame), permissionFilter,
+				std::ref(frame), &*ufilter, std::ref(result), variableName, _1));
+		} else {
+			/* Ensure to pass a nullptr as filter expression.
+			 * GCC 8.1.1 on F28 causes problems, see GH #6533.
+			 */
+			provider->FindTargets(type, std::bind(&FilteredAddTarget,
+				std::ref(permissionFrame), permissionFilter,
+				std::ref(frame), nullptr, std::ref(result), variableName, _1));
 		}
-
-		frame.Self = uvars;
-
-		provider->FindTargets(type, std::bind(&FilteredAddTarget,
-			std::ref(permissionFrame), permissionFilter,
-			std::ref(frame), &*ufilter, std::ref(result), variableName, _1));
 	}
 
 	return result;
diff --git a/lib/remote/filterutility.hpp b/lib/remote/filterutility.hpp
index e2c69dfc3..70e5b7e6f 100644
--- a/lib/remote/filterutility.hpp
+++ b/lib/remote/filterutility.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef FILTERUTILITY_H
 #define FILTERUTILITY_H
diff --git a/lib/remote/httpchunkedencoding.cpp b/lib/remote/httpchunkedencoding.cpp
deleted file mode 100644
index 9981749c2..000000000
--- a/lib/remote/httpchunkedencoding.cpp
+++ /dev/null
@@ -1,83 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "remote/httpchunkedencoding.hpp"
-#include <sstream>
-
-using namespace icinga;
-
-StreamReadStatus HttpChunkedEncoding::ReadChunkFromStream(const Stream::Ptr& stream,
-	char **data, size_t *size, ChunkReadContext& context, bool may_wait)
-{
-	if (context.LengthIndicator == -1) {
-		String line;
-		StreamReadStatus status = stream->ReadLine(&line, context.StreamContext, may_wait);
-		may_wait = false;
-
-		if (status != StatusNewItem)
-			return status;
-
-		std::stringstream msgbuf;
-		msgbuf << std::hex << line;
-		msgbuf >> context.LengthIndicator;
-
-		if (context.LengthIndicator < 0)
-			BOOST_THROW_EXCEPTION(std::invalid_argument("HTTP chunk length must not be negative."));
-	}
-
-	StreamReadContext& scontext = context.StreamContext;
-	if (scontext.Eof)
-		return StatusEof;
-
-	if (scontext.MustRead) {
-		if (!scontext.FillFromStream(stream, may_wait)) {
-			scontext.Eof = true;
-			return StatusEof;
-		}
-
-		scontext.MustRead = false;
-	}
-
-	size_t NewlineLength = context.LengthIndicator ? 2 : 0;
-
-	if (scontext.Size < (size_t)context.LengthIndicator + NewlineLength) {
-		scontext.MustRead = true;
-		return StatusNeedData;
-	}
-
-	*data = new char[context.LengthIndicator];
-	*size = context.LengthIndicator;
-	memcpy(*data, scontext.Buffer, context.LengthIndicator);
-
-	scontext.DropData(context.LengthIndicator + NewlineLength);
-	context.LengthIndicator = -1;
-
-	return StatusNewItem;
-}
-
-void HttpChunkedEncoding::WriteChunkToStream(const Stream::Ptr& stream, const char *data, size_t count)
-{
-	std::ostringstream msgbuf;
-	msgbuf << std::hex << count << "\r\n";
-	String lengthIndicator = msgbuf.str();
-	stream->Write(lengthIndicator.CStr(), lengthIndicator.GetLength());
-	stream->Write(data, count);
-	if (count > 0)
-		stream->Write("\r\n", 2);
-}
diff --git a/lib/remote/httpchunkedencoding.hpp b/lib/remote/httpchunkedencoding.hpp
deleted file mode 100644
index c0a658c99..000000000
--- a/lib/remote/httpchunkedencoding.hpp
+++ /dev/null
@@ -1,54 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef HTTPCHUNKEDENCODING_H
-#define HTTPCHUNKEDENCODING_H
-
-#include "remote/i2-remote.hpp"
-#include "base/stream.hpp"
-
-namespace icinga
-{
-
-struct ChunkReadContext
-{
-	StreamReadContext& StreamContext;
-	int LengthIndicator;
-
-	ChunkReadContext(StreamReadContext& scontext)
-		: StreamContext(scontext), LengthIndicator(-1)
-	{ }
-};
-
-/**
- * HTTP chunked encoding.
- *
- * @ingroup remote
- */
-struct HttpChunkedEncoding
-{
-	static StreamReadStatus ReadChunkFromStream(const Stream::Ptr& stream,
-		char **data, size_t *size, ChunkReadContext& ccontext, bool may_wait = false);
-	static void WriteChunkToStream(const Stream::Ptr& stream, const char *data, size_t count);
-
-};
-
-}
-
-#endif /* HTTPCHUNKEDENCODING_H */
diff --git a/lib/remote/httpclientconnection.cpp b/lib/remote/httpclientconnection.cpp
deleted file mode 100644
index 28d6e50fa..000000000
--- a/lib/remote/httpclientconnection.cpp
+++ /dev/null
@@ -1,176 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "remote/httpclientconnection.hpp"
-#include "base/configtype.hpp"
-#include "base/objectlock.hpp"
-#include "base/base64.hpp"
-#include "base/utility.hpp"
-#include "base/logger.hpp"
-#include "base/exception.hpp"
-#include "base/convert.hpp"
-#include "base/tcpsocket.hpp"
-#include "base/tlsstream.hpp"
-#include "base/networkstream.hpp"
-
-using namespace icinga;
-
-HttpClientConnection::HttpClientConnection(String host, String port, bool tls)
-	: m_Host(std::move(host)), m_Port(std::move(port)), m_Tls(tls)
-{ }
-
-void HttpClientConnection::Start()
-{
-	/* Nothing to do here atm. */
-}
-
-void HttpClientConnection::Reconnect()
-{
-	if (m_Stream)
-		m_Stream->Close();
-
-	m_Context.~StreamReadContext();
-	new (&m_Context) StreamReadContext();
-
-	m_Requests.clear();
-	m_CurrentResponse.reset();
-
-	TcpSocket::Ptr socket = new TcpSocket();
-	socket->Connect(m_Host, m_Port);
-
-	if (m_Tls)
-		m_Stream = new TlsStream(socket, m_Host, RoleClient);
-	else
-		ASSERT(!"Non-TLS HTTP connections not supported.");
-		/* m_Stream = new NetworkStream(socket);
-		 * -- does not currently work because the NetworkStream class doesn't support async I/O
-		 */
-
-	/* the stream holds an owning reference to this object through the callback we're registering here */
-	m_Stream->RegisterDataHandler(std::bind(&HttpClientConnection::DataAvailableHandler, HttpClientConnection::Ptr(this), _1));
-	if (m_Stream->IsDataAvailable())
-		DataAvailableHandler(m_Stream);
-}
-
-Stream::Ptr HttpClientConnection::GetStream() const
-{
-	return m_Stream;
-}
-
-String HttpClientConnection::GetHost() const
-{
-	return m_Host;
-}
-
-String HttpClientConnection::GetPort() const
-{
-	return m_Port;
-}
-
-bool HttpClientConnection::GetTls() const
-{
-	return m_Tls;
-}
-
-void HttpClientConnection::Disconnect()
-{
-	Log(LogDebug, "HttpClientConnection", "Http client disconnected");
-
-	m_Stream->Shutdown();
-}
-
-bool HttpClientConnection::ProcessMessage()
-{
-	bool res;
-
-	if (m_Requests.empty()) {
-		m_Stream->Close();
-		return false;
-	}
-
-	const std::pair<std::shared_ptr<HttpRequest>, HttpCompletionCallback>& currentRequest = *m_Requests.begin();
-	HttpRequest& request = *currentRequest.first.get();
-	const HttpCompletionCallback& callback = currentRequest.second;
-
-	if (!m_CurrentResponse)
-		m_CurrentResponse = std::make_shared<HttpResponse>(m_Stream, request);
-
-	std::shared_ptr<HttpResponse> currentResponse = m_CurrentResponse;
-	HttpResponse& response = *currentResponse.get();
-
-	try {
-		res = response.Parse(m_Context, false);
-	} catch (const std::exception&) {
-		callback(request, response);
-
-		m_Stream->Shutdown();
-		return false;
-	}
-
-	if (response.Complete) {
-		callback(request, response);
-
-		m_Requests.pop_front();
-		m_CurrentResponse.reset();
-
-		return true;
-	}
-
-	return res;
-}
-
-void HttpClientConnection::DataAvailableHandler(const Stream::Ptr& stream)
-{
-	ASSERT(stream == m_Stream);
-
-	bool close = false;
-
-	if (!m_Stream->IsEof()) {
-		boost::mutex::scoped_lock lock(m_DataHandlerMutex);
-
-		try {
-			while (ProcessMessage())
-				; /* empty loop body */
-		} catch (const std::exception& ex) {
-			Log(LogWarning, "HttpClientConnection")
-				<< "Error while reading Http response: " << DiagnosticInformation(ex);
-
-			close = true;
-			Disconnect();
-		}
-	} else
-		close = true;
-
-	if (close)
-		m_Stream->Close();
-}
-
-std::shared_ptr<HttpRequest> HttpClientConnection::NewRequest()
-{
-	Reconnect();
-	return std::make_shared<HttpRequest>(m_Stream);
-}
-
-void HttpClientConnection::SubmitRequest(const std::shared_ptr<HttpRequest>& request,
-	const HttpCompletionCallback& callback)
-{
-	m_Requests.emplace_back(request, callback);
-	request->Finish();
-}
-
diff --git a/lib/remote/httpclientconnection.hpp b/lib/remote/httpclientconnection.hpp
deleted file mode 100644
index 752c40c22..000000000
--- a/lib/remote/httpclientconnection.hpp
+++ /dev/null
@@ -1,78 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef HTTPCLIENTCONNECTION_H
-#define HTTPCLIENTCONNECTION_H
-
-#include "remote/httprequest.hpp"
-#include "remote/httpresponse.hpp"
-#include "base/stream.hpp"
-#include "base/timer.hpp"
-#include <deque>
-
-namespace icinga
-{
-
-/**
- * An HTTP client connection.
- *
- * @ingroup remote
- */
-class HttpClientConnection final : public Object
-{
-public:
-	DECLARE_PTR_TYPEDEFS(HttpClientConnection);
-
-	HttpClientConnection(String host, String port, bool tls = true);
-
-	void Start();
-
-	Stream::Ptr GetStream() const;
-	String GetHost() const;
-	String GetPort() const;
-	bool GetTls() const;
-
-	void Disconnect();
-
-	std::shared_ptr<HttpRequest> NewRequest();
-
-	typedef std::function<void(HttpRequest&, HttpResponse&)> HttpCompletionCallback;
-	void SubmitRequest(const std::shared_ptr<HttpRequest>& request, const HttpCompletionCallback& callback);
-
-private:
-	String m_Host;
-	String m_Port;
-	bool m_Tls;
-	Stream::Ptr m_Stream;
-	std::deque<std::pair<std::shared_ptr<HttpRequest>, HttpCompletionCallback> > m_Requests;
-	std::shared_ptr<HttpResponse> m_CurrentResponse;
-	boost::mutex m_DataHandlerMutex;
-
-	StreamReadContext m_Context;
-
-	void Reconnect();
-	bool ProcessMessage();
-	void DataAvailableHandler(const Stream::Ptr& stream);
-
-	void ProcessMessageAsync(HttpRequest& request);
-};
-
-}
-
-#endif /* HTTPCLIENTCONNECTION_H */
diff --git a/lib/remote/httphandler.cpp b/lib/remote/httphandler.cpp
index e8fa64427..78e09d2ad 100644
--- a/lib/remote/httphandler.cpp
+++ b/lib/remote/httphandler.cpp
@@ -1,27 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/httphandler.hpp"
 #include "remote/httputility.hpp"
 #include "base/singleton.hpp"
 #include "base/exception.hpp"
 #include <boost/algorithm/string/join.hpp>
+#include <boost/beast/http.hpp>
 
 using namespace icinga;
 
@@ -61,11 +45,20 @@ void HttpHandler::Register(const Url::Ptr& url, const HttpHandler::Ptr& handler)
 	handlers->Add(handler);
 }
 
-void HttpHandler::ProcessRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response)
+void HttpHandler::ProcessRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
 	Dictionary::Ptr node = m_UrlTree;
 	std::vector<HttpHandler::Ptr> handlers;
-	const std::vector<String>& path = request.RequestUrl->GetPath();
+
+	Url::Ptr url = new Url(request.target().to_string());
+	auto& path (url->GetPath());
 
 	for (std::vector<String>::size_type i = 0; i <= path.size(); i++) {
 		Array::Ptr current_handlers = node->Get("handlers");
@@ -98,7 +91,7 @@ void HttpHandler::ProcessRequest(const ApiUser::Ptr& user, HttpRequest& request,
 	Dictionary::Ptr params;
 
 	try {
-		params = HttpUtility::FetchRequestParameters(request);
+		params = HttpUtility::FetchRequestParameters(url, request.body());
 	} catch (const std::exception& ex) {
 		HttpUtility::SendJsonError(response, params, 400, "Invalid request body: " + DiagnosticInformation(ex, false));
 		return;
@@ -106,16 +99,15 @@ void HttpHandler::ProcessRequest(const ApiUser::Ptr& user, HttpRequest& request,
 
 	bool processed = false;
 	for (const HttpHandler::Ptr& handler : handlers) {
-		if (handler->HandleRequest(user, request, response, params)) {
+		if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) {
 			processed = true;
 			break;
 		}
 	}
 
 	if (!processed) {
-		String path = boost::algorithm::join(request.RequestUrl->GetPath(), "/");
-		HttpUtility::SendJsonError(response, params, 404, "The requested path '" + path +
-				"' could not be found or the request method is not valid for this path.");
+		HttpUtility::SendJsonError(response, params, 404, "The requested path '" + boost::algorithm::join(path, "/") +
+			"' could not be found or the request method is not valid for this path.");
 		return;
 	}
 }
diff --git a/lib/remote/httphandler.hpp b/lib/remote/httphandler.hpp
index c06c4030b..a6a730255 100644
--- a/lib/remote/httphandler.hpp
+++ b/lib/remote/httphandler.hpp
@@ -1,30 +1,17 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HTTPHANDLER_H
 #define HTTPHANDLER_H
 
 #include "remote/i2-remote.hpp"
-#include "remote/httpresponse.hpp"
+#include "remote/url.hpp"
+#include "remote/httpserverconnection.hpp"
 #include "remote/apiuser.hpp"
 #include "base/registry.hpp"
+#include "base/tlsstream.hpp"
 #include <vector>
+#include <boost/asio/spawn.hpp>
+#include <boost/beast/http.hpp>
 
 namespace icinga
 {
@@ -39,10 +26,26 @@ class HttpHandler : public Object
 public:
 	DECLARE_PTR_TYPEDEFS(HttpHandler);
 
-	virtual bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params) = 0;
+	virtual bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) = 0;
 
 	static void Register(const Url::Ptr& url, const HttpHandler::Ptr& handler);
-	static void ProcessRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response);
+	static void ProcessRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	);
 
 private:
 	static Dictionary::Ptr m_UrlTree;
diff --git a/lib/remote/httprequest.cpp b/lib/remote/httprequest.cpp
deleted file mode 100644
index f698b2101..000000000
--- a/lib/remote/httprequest.cpp
+++ /dev/null
@@ -1,265 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "remote/httprequest.hpp"
-#include "base/logger.hpp"
-#include "base/application.hpp"
-#include "base/convert.hpp"
-
-using namespace icinga;
-
-HttpRequest::HttpRequest(Stream::Ptr stream)
-	: CompleteHeaders(false),
-	CompleteHeaderCheck(false),
-	CompleteBody(false),
-	ProtocolVersion(HttpVersion11),
-	Headers(new Dictionary()),
-	m_Stream(std::move(stream)),
-	m_State(HttpRequestStart)
-{ }
-
-bool HttpRequest::ParseHeaders(StreamReadContext& src, bool may_wait)
-{
-	if (!m_Stream)
-		return false;
-
-	if (m_State != HttpRequestStart && m_State != HttpRequestHeaders)
-		BOOST_THROW_EXCEPTION(std::runtime_error("Invalid HTTP state"));
-
-	String line;
-	StreamReadStatus srs = m_Stream->ReadLine(&line, src, may_wait);
-
-	if (srs != StatusNewItem) {
-		if (src.Size > 8 * 1024)
-			BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
-
-		return false;
-	}
-
-	if (line.GetLength() > 8 * 1024) {
-#ifdef I2_DEBUG /* I2_DEBUG */
-		Log(LogDebug, "HttpRequest")
-			<< "Header size: " << line.GetLength() << " content: '" << line << "'.";
-#endif /* I2_DEBUG */
-
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
-	}
-
-	if (m_State == HttpRequestStart) {
-		/* ignore trailing new-lines */
-		if (line == "")
-			return true;
-
-		std::vector<String> tokens = line.Split(" ");
-		Log(LogDebug, "HttpRequest")
-			<< "line: " << line << ", tokens: " << tokens.size();
-		if (tokens.size() != 3)
-			BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid HTTP request"));
-
-		RequestMethod = tokens[0];
-		RequestUrl = new class Url(tokens[1]);
-
-		if (tokens[2] == "HTTP/1.0")
-			ProtocolVersion = HttpVersion10;
-		else if (tokens[2] == "HTTP/1.1") {
-			ProtocolVersion = HttpVersion11;
-		} else
-			BOOST_THROW_EXCEPTION(std::invalid_argument("Unsupported HTTP version"));
-
-		m_State = HttpRequestHeaders;
-		return true;
-	} else { // m_State = HttpRequestHeaders
-		if (line == "") {
-			m_State = HttpRequestBody;
-			CompleteHeaders = true;
-			return true;
-
-		} else {
-			if (Headers->GetLength() > 128)
-				BOOST_THROW_EXCEPTION(std::invalid_argument("Maximum number of HTTP request headers exceeded"));
-
-			String::SizeType pos = line.FindFirstOf(":");
-			if (pos == String::NPos)
-				BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid HTTP request"));
-
-			String key = line.SubStr(0, pos).ToLower().Trim();
-			String value = line.SubStr(pos + 1).Trim();
-			Headers->Set(key, value);
-
-			if (key == "x-http-method-override")
-				RequestMethod = value;
-
-			return true;
-		}
-	}
-}
-
-bool HttpRequest::ParseBody(StreamReadContext& src, bool may_wait)
-{
-	if (!m_Stream)
-		return false;
-
-	if (m_State != HttpRequestBody)
-		BOOST_THROW_EXCEPTION(std::runtime_error("Invalid HTTP state"));
-
-	/* we're done if the request doesn't contain a message body */
-	if (!Headers->Contains("content-length") && !Headers->Contains("transfer-encoding")) {
-		CompleteBody = true;
-		return true;
-	} else if (!m_Body)
-		m_Body = new FIFO();
-
-	if (Headers->Get("transfer-encoding") == "chunked") {
-		if (!m_ChunkContext)
-			m_ChunkContext = std::make_shared<ChunkReadContext>(std::ref(src));
-
-		char *data;
-		size_t size;
-		StreamReadStatus srs = HttpChunkedEncoding::ReadChunkFromStream(m_Stream, &data, &size, *m_ChunkContext.get(), may_wait);
-
-		if (srs != StatusNewItem)
-			return false;
-
-		m_Body->Write(data, size);
-
-		delete [] data;
-
-		if (size == 0) {
-			CompleteBody = true;
-			return false;
-		} else
-			return true;
-	}
-
-	if (src.Eof)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Unexpected EOF in HTTP body"));
-
-	if (src.MustRead) {
-		if (!src.FillFromStream(m_Stream, false)) {
-			src.Eof = true;
-			BOOST_THROW_EXCEPTION(std::invalid_argument("Unexpected EOF in HTTP body"));
-		}
-
-		src.MustRead = false;
-	}
-
-	long length_indicator_signed = Convert::ToLong(Headers->Get("content-length"));
-
-	if (length_indicator_signed < 0)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Content-Length must not be negative."));
-
-	size_t length_indicator = length_indicator_signed;
-
-	if (src.Size < length_indicator) {
-		src.MustRead = true;
-		return false;
-	}
-
-	m_Body->Write(src.Buffer, length_indicator);
-	src.DropData(length_indicator);
-	CompleteBody = true;
-	return true;
-}
-
-size_t HttpRequest::ReadBody(char *data, size_t count)
-{
-	if (!m_Body)
-		return 0;
-	else
-		return m_Body->Read(data, count, true);
-}
-
-void HttpRequest::AddHeader(const String& key, const String& value)
-{
-	ASSERT(m_State == HttpRequestStart || m_State == HttpRequestHeaders);
-	Headers->Set(key.ToLower(), value);
-}
-
-void HttpRequest::FinishHeaders()
-{
-	if (m_State == HttpRequestStart) {
-		String rqline = RequestMethod + " " + RequestUrl->Format(true) + " HTTP/1." + (ProtocolVersion == HttpVersion10 ? "0" : "1") + "\n";
-		m_Stream->Write(rqline.CStr(), rqline.GetLength());
-		m_State = HttpRequestHeaders;
-	}
-
-	if (m_State == HttpRequestHeaders) {
-		AddHeader("User-Agent", "Icinga/" + Application::GetAppVersion());
-
-		if (ProtocolVersion == HttpVersion11) {
-			AddHeader("Transfer-Encoding", "chunked");
-			if (!Headers->Contains("Host"))
-				AddHeader("Host", RequestUrl->GetHost() + ":" + RequestUrl->GetPort());
-		}
-
-		ObjectLock olock(Headers);
-		for (const Dictionary::Pair& kv : Headers)
-		{
-			String header = kv.first + ": " + kv.second + "\n";
-			m_Stream->Write(header.CStr(), header.GetLength());
-		}
-
-		m_Stream->Write("\n", 1);
-
-		m_State = HttpRequestBody;
-	}
-}
-
-void HttpRequest::WriteBody(const char *data, size_t count)
-{
-	ASSERT(m_State == HttpRequestStart || m_State == HttpRequestHeaders || m_State == HttpRequestBody);
-
-	if (ProtocolVersion == HttpVersion10) {
-		if (!m_Body)
-			m_Body = new FIFO();
-
-		m_Body->Write(data, count);
-	} else {
-		FinishHeaders();
-
-		HttpChunkedEncoding::WriteChunkToStream(m_Stream, data, count);
-	}
-}
-
-void HttpRequest::Finish()
-{
-	ASSERT(m_State != HttpRequestEnd);
-
-	if (ProtocolVersion == HttpVersion10) {
-		if (m_Body)
-			AddHeader("Content-Length", Convert::ToString(m_Body->GetAvailableBytes()));
-
-		FinishHeaders();
-
-		while (m_Body && m_Body->IsDataAvailable()) {
-			char buffer[1024];
-			size_t rc = m_Body->Read(buffer, sizeof(buffer), true);
-			m_Stream->Write(buffer, rc);
-		}
-	} else {
-		if (m_State == HttpRequestStart || m_State == HttpRequestHeaders)
-			FinishHeaders();
-
-		WriteBody(nullptr, 0);
-		m_Stream->Write("\r\n", 2);
-	}
-
-	m_State = HttpRequestEnd;
-}
-
diff --git a/lib/remote/httprequest.hpp b/lib/remote/httprequest.hpp
deleted file mode 100644
index 14e0677cd..000000000
--- a/lib/remote/httprequest.hpp
+++ /dev/null
@@ -1,86 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef HTTPREQUEST_H
-#define HTTPREQUEST_H
-
-#include "remote/i2-remote.hpp"
-#include "remote/httpchunkedencoding.hpp"
-#include "remote/url.hpp"
-#include "base/stream.hpp"
-#include "base/fifo.hpp"
-#include "base/dictionary.hpp"
-
-namespace icinga
-{
-
-enum HttpVersion
-{
-	HttpVersion10,
-	HttpVersion11
-};
-
-enum HttpRequestState
-{
-	HttpRequestStart,
-	HttpRequestHeaders,
-	HttpRequestBody,
-	HttpRequestEnd
-};
-
-/**
- * An HTTP request.
- *
- * @ingroup remote
- */
-struct HttpRequest
-{
-public:
-	bool CompleteHeaders;
-	bool CompleteHeaderCheck;
-	bool CompleteBody;
-
-	String RequestMethod;
-	Url::Ptr RequestUrl;
-	HttpVersion ProtocolVersion;
-
-	Dictionary::Ptr Headers;
-
-	HttpRequest(Stream::Ptr stream);
-
-	bool ParseHeaders(StreamReadContext& src, bool may_wait);
-	bool ParseBody(StreamReadContext& src, bool may_wait);
-	size_t ReadBody(char *data, size_t count);
-
-	void AddHeader(const String& key, const String& value);
-	void WriteBody(const char *data, size_t count);
-	void Finish();
-
-private:
-	Stream::Ptr m_Stream;
-	std::shared_ptr<ChunkReadContext> m_ChunkContext;
-	HttpRequestState m_State;
-	FIFO::Ptr m_Body;
-
-	void FinishHeaders();
-};
-
-}
-
-#endif /* HTTPREQUEST_H */
diff --git a/lib/remote/httpresponse.cpp b/lib/remote/httpresponse.cpp
deleted file mode 100644
index 45ac25c81..000000000
--- a/lib/remote/httpresponse.cpp
+++ /dev/null
@@ -1,270 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "remote/httpresponse.hpp"
-#include "remote/httpchunkedencoding.hpp"
-#include "base/logger.hpp"
-#include "base/application.hpp"
-#include "base/convert.hpp"
-
-using namespace icinga;
-
-HttpResponse::HttpResponse(Stream::Ptr stream, const HttpRequest& request)
-	: Complete(false), m_State(HttpResponseStart), m_Request(&request), m_Stream(std::move(stream))
-{ }
-
-void HttpResponse::SetStatus(int code, const String& message)
-{
-	ASSERT(code >= 100 && code <= 599);
-	ASSERT(!message.IsEmpty());
-
-	if (m_State != HttpResponseStart) {
-		Log(LogWarning, "HttpResponse", "Tried to set Http response status after headers had already been sent.");
-		return;
-	}
-
-	String status = "HTTP/";
-
-	if (m_Request->ProtocolVersion == HttpVersion10)
-		status += "1.0";
-	else
-		status += "1.1";
-
-	status += " " + Convert::ToString(code) + " " + message + "\r\n";
-
-	m_Stream->Write(status.CStr(), status.GetLength());
-
-	m_State = HttpResponseHeaders;
-}
-
-void HttpResponse::AddHeader(const String& key, const String& value)
-{
-	m_Headers.emplace_back(key + ": " + value + "\r\n");
-}
-
-void HttpResponse::FinishHeaders()
-{
-	if (m_State == HttpResponseHeaders) {
-		if (m_Request->ProtocolVersion == HttpVersion11)
-			AddHeader("Transfer-Encoding", "chunked");
-
-		AddHeader("Server", "Icinga/" + Application::GetAppVersion());
-
-		for (const String& header : m_Headers)
-			m_Stream->Write(header.CStr(), header.GetLength());
-
-		m_Stream->Write("\r\n", 2);
-		m_State = HttpResponseBody;
-	}
-}
-
-void HttpResponse::WriteBody(const char *data, size_t count)
-{
-	ASSERT(m_State == HttpResponseHeaders || m_State == HttpResponseBody);
-
-	if (m_Request->ProtocolVersion == HttpVersion10) {
-		if (!m_Body)
-			m_Body = new FIFO();
-
-		m_Body->Write(data, count);
-	} else {
-		FinishHeaders();
-
-		HttpChunkedEncoding::WriteChunkToStream(m_Stream, data, count);
-	}
-}
-
-void HttpResponse::Finish()
-{
-	ASSERT(m_State != HttpResponseEnd);
-
-	if (m_Request->ProtocolVersion == HttpVersion10) {
-		if (m_Body)
-			AddHeader("Content-Length", Convert::ToString(m_Body->GetAvailableBytes()));
-
-		FinishHeaders();
-
-		while (m_Body && m_Body->IsDataAvailable()) {
-			char buffer[1024];
-			size_t rc = m_Body->Read(buffer, sizeof(buffer), true);
-			m_Stream->Write(buffer, rc);
-		}
-	} else {
-		WriteBody(nullptr, 0);
-		m_Stream->Write("\r\n", 2);
-	}
-
-	m_State = HttpResponseEnd;
-
-	if (m_Request->ProtocolVersion == HttpVersion10 || m_Request->Headers->Get("connection") == "close")
-		m_Stream->Shutdown();
-}
-
-bool HttpResponse::Parse(StreamReadContext& src, bool may_wait)
-{
-	if (m_State != HttpResponseBody) {
-		String line;
-		StreamReadStatus srs = m_Stream->ReadLine(&line, src, may_wait);
-
-		if (srs != StatusNewItem)
-			return false;
-
-		if (m_State == HttpResponseStart) {
-			/* ignore trailing new-lines */
-			if (line == "")
-				return true;
-
-			std::vector<String> tokens = line.Split(" ");
-			Log(LogDebug, "HttpRequest")
-				<< "line: " << line << ", tokens: " << tokens.size();
-			if (tokens.size() < 2)
-				BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid HTTP response (Status line)"));
-
-			if (tokens[0] == "HTTP/1.0")
-				ProtocolVersion = HttpVersion10;
-			else if (tokens[0] == "HTTP/1.1") {
-				ProtocolVersion = HttpVersion11;
-			} else
-				BOOST_THROW_EXCEPTION(std::invalid_argument("Unsupported HTTP version"));
-
-			StatusCode = Convert::ToLong(tokens[1]);
-
-			if (tokens.size() >= 3)
-				StatusMessage = tokens[2]; // TODO: Join tokens[2..end]
-
-			m_State = HttpResponseHeaders;
-		} else if (m_State == HttpResponseHeaders) {
-			if (!Headers)
-				Headers = new Dictionary();
-
-			if (line == "") {
-				m_State = HttpResponseBody;
-				m_Body = new FIFO();
-
-				return true;
-
-			} else {
-				String::SizeType pos = line.FindFirstOf(":");
-				if (pos == String::NPos)
-					BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid HTTP request"));
-				String key = line.SubStr(0, pos).ToLower().Trim();
-
-				String value = line.SubStr(pos + 1).Trim();
-				Headers->Set(key, value);
-			}
-		} else {
-			VERIFY(!"Invalid HTTP request state.");
-		}
-	} else if (m_State == HttpResponseBody) {
-		if (Headers->Get("transfer-encoding") == "chunked") {
-			if (!m_ChunkContext)
-				m_ChunkContext = std::make_shared<ChunkReadContext>(std::ref(src));
-
-			char *data;
-			size_t size;
-			StreamReadStatus srs = HttpChunkedEncoding::ReadChunkFromStream(m_Stream, &data, &size, *m_ChunkContext.get(), may_wait);
-
-			if (srs != StatusNewItem)
-				return false;
-
-			Log(LogNotice, "HttpResponse")
-				<< "Read " << size << " bytes";
-
-			m_Body->Write(data, size);
-
-			delete[] data;
-
-			if (size == 0) {
-				Complete = true;
-				return true;
-			}
-		} else {
-			bool hasLengthIndicator = false;
-			size_t lengthIndicator = 0;
-			Value contentLengthHeader;
-
-			if (Headers->Get("content-length", &contentLengthHeader)) {
-				hasLengthIndicator = true;
-				lengthIndicator = Convert::ToLong(contentLengthHeader);
-			}
-
-			if (!hasLengthIndicator && ProtocolVersion != HttpVersion10 && !Headers->Contains("transfer-encoding")) {
-				Complete = true;
-				return true;
-			}
-
-			if (hasLengthIndicator && src.Eof)
-				BOOST_THROW_EXCEPTION(std::invalid_argument("Unexpected EOF in HTTP body"));
-
-			if (src.MustRead) {
-				if (!src.FillFromStream(m_Stream, may_wait))
-					src.Eof = true;
-
-				src.MustRead = false;
-			}
-
-			if (!hasLengthIndicator)
-				lengthIndicator = src.Size;
-
-			if (src.Size < lengthIndicator) {
-				src.MustRead = true;
-				return may_wait;
-			}
-
-			m_Body->Write(src.Buffer, lengthIndicator);
-			src.DropData(lengthIndicator);
-
-			if (!hasLengthIndicator && !src.Eof) {
-				src.MustRead = true;
-				return may_wait;
-			}
-
-			Complete = true;
-			return true;
-		}
-	}
-
-	return true;
-}
-
-size_t HttpResponse::ReadBody(char *data, size_t count)
-{
-	if (!m_Body)
-		return 0;
-	else
-		return m_Body->Read(data, count, true);
-}
-
-size_t HttpResponse::GetBodySize() const
-{
-	if (!m_Body)
-		return 0;
-	else
-		return m_Body->GetAvailableBytes();
-}
-
-bool HttpResponse::IsPeerConnected() const
-{
-	return !m_Stream->IsEof();
-}
-
-void HttpResponse::RebindRequest(const HttpRequest& request)
-{
-	m_Request = &request;
-}
diff --git a/lib/remote/httpresponse.hpp b/lib/remote/httpresponse.hpp
deleted file mode 100644
index 5021bbbde..000000000
--- a/lib/remote/httpresponse.hpp
+++ /dev/null
@@ -1,83 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#ifndef HTTPRESPONSE_H
-#define HTTPRESPONSE_H
-
-#include "remote/httprequest.hpp"
-#include "base/stream.hpp"
-#include "base/fifo.hpp"
-#include <vector>
-
-namespace icinga
-{
-
-enum HttpResponseState
-{
-	HttpResponseStart,
-	HttpResponseHeaders,
-	HttpResponseBody,
-	HttpResponseEnd
-};
-
-/**
- * An HTTP response.
- *
- * @ingroup remote
- */
-struct HttpResponse
-{
-public:
-	bool Complete;
-
-	HttpVersion ProtocolVersion;
-	int StatusCode;
-	String StatusMessage;
-
-	Dictionary::Ptr Headers;
-
-	HttpResponse(Stream::Ptr stream, const HttpRequest& request);
-
-	bool Parse(StreamReadContext& src, bool may_wait);
-	size_t ReadBody(char *data, size_t count);
-	size_t GetBodySize() const;
-
-	void SetStatus(int code, const String& message);
-	void AddHeader(const String& key, const String& value);
-	void WriteBody(const char *data, size_t count);
-	void Finish();
-
-	bool IsPeerConnected() const;
-
-	void RebindRequest(const HttpRequest& request);
-
-private:
-	HttpResponseState m_State;
-	std::shared_ptr<ChunkReadContext> m_ChunkContext;
-	const HttpRequest *m_Request;
-	Stream::Ptr m_Stream;
-	FIFO::Ptr m_Body;
-	std::vector<String> m_Headers;
-
-	void FinishHeaders();
-};
-
-}
-
-#endif /* HTTPRESPONSE_H */
diff --git a/lib/remote/httpserverconnection.cpp b/lib/remote/httpserverconnection.cpp
index 6e8ea1c58..cdbcc7c57 100644
--- a/lib/remote/httpserverconnection.cpp
+++ b/lib/remote/httpserverconnection.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/httpserverconnection.hpp"
 #include "remote/httphandler.hpp"
@@ -23,296 +6,195 @@
 #include "remote/apilistener.hpp"
 #include "remote/apifunction.hpp"
 #include "remote/jsonrpc.hpp"
+#include "base/application.hpp"
 #include "base/base64.hpp"
 #include "base/convert.hpp"
 #include "base/configtype.hpp"
+#include "base/defer.hpp"
 #include "base/exception.hpp"
+#include "base/io-engine.hpp"
 #include "base/logger.hpp"
 #include "base/objectlock.hpp"
 #include "base/timer.hpp"
+#include "base/tlsstream.hpp"
 #include "base/utility.hpp"
+#include <limits>
+#include <memory>
+#include <stdexcept>
+#include <boost/asio/error.hpp>
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/spawn.hpp>
+#include <boost/beast/core.hpp>
+#include <boost/beast/http.hpp>
+#include <boost/system/error_code.hpp>
+#include <boost/system/system_error.hpp>
 #include <boost/thread/once.hpp>
 
 using namespace icinga;
 
-static boost::once_flag l_HttpServerConnectionOnceFlag = BOOST_ONCE_INIT;
-static Timer::Ptr l_HttpServerConnectionTimeoutTimer;
+auto const l_ServerHeader ("Icinga/" + Application::GetAppVersion());
 
-HttpServerConnection::HttpServerConnection(const String& identity, bool authenticated, const TlsStream::Ptr& stream)
-	: m_Stream(stream), m_Seen(Utility::GetTime()), m_CurrentRequest(stream), m_PendingRequests(0)
+HttpServerConnection::HttpServerConnection(const String& identity, bool authenticated, const std::shared_ptr<AsioTlsStream>& stream)
+	: HttpServerConnection(identity, authenticated, stream, IoEngine::Get().GetIoContext())
 {
-	boost::call_once(l_HttpServerConnectionOnceFlag, &HttpServerConnection::StaticInitialize);
-
-	m_RequestQueue.SetName("HttpServerConnection");
-
-	if (authenticated)
-		m_ApiUser = ApiUser::GetByClientCN(identity);
 }
 
-void HttpServerConnection::StaticInitialize()
+HttpServerConnection::HttpServerConnection(const String& identity, bool authenticated, const std::shared_ptr<AsioTlsStream>& stream, boost::asio::io_context& io)
+	: m_Stream(stream), m_Seen(Utility::GetTime()), m_IoStrand(io), m_ShuttingDown(false), m_HasStartedStreaming(false),
+	m_CheckLivenessTimer(io)
 {
-	l_HttpServerConnectionTimeoutTimer = new Timer();
-	l_HttpServerConnectionTimeoutTimer->OnTimerExpired.connect(std::bind(&HttpServerConnection::TimeoutTimerHandler));
-	l_HttpServerConnectionTimeoutTimer->SetInterval(5);
-	l_HttpServerConnectionTimeoutTimer->Start();
+	if (authenticated) {
+		m_ApiUser = ApiUser::GetByClientCN(identity);
+	}
+
+	{
+		std::ostringstream address;
+		auto endpoint (stream->lowest_layer().remote_endpoint());
+
+		address << '[' << endpoint.address() << "]:" << endpoint.port();
+
+		m_PeerAddress = address.str();
+	}
 }
 
 void HttpServerConnection::Start()
 {
-	/* the stream holds an owning reference to this object through the callback we're registering here */
-	m_Stream->RegisterDataHandler(std::bind(&HttpServerConnection::DataAvailableHandler, HttpServerConnection::Ptr(this)));
-	if (m_Stream->IsDataAvailable())
-		DataAvailableHandler();
-}
+	namespace asio = boost::asio;
 
-ApiUser::Ptr HttpServerConnection::GetApiUser() const
-{
-	return m_ApiUser;
-}
+	HttpServerConnection::Ptr keepAlive (this);
 
-TlsStream::Ptr HttpServerConnection::GetStream() const
-{
-	return m_Stream;
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) { ProcessMessages(yc); });
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) { CheckLiveness(yc); });
 }
 
 void HttpServerConnection::Disconnect()
 {
-	boost::mutex::scoped_try_lock lock(m_DataHandlerMutex);
-	if (!lock.owns_lock()) {
-		Log(LogInformation, "HttpServerConnection", "Unable to disconnect Http client, I/O thread busy");
-		return;
-	}
+	namespace asio = boost::asio;
 
-	Log(LogDebug, "HttpServerConnection", "Http client disconnected");
+	HttpServerConnection::Ptr keepAlive (this);
 
-	ApiListener::Ptr listener = ApiListener::GetInstance();
-	listener->RemoveHttpClient(this);
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) {
+		if (!m_ShuttingDown) {
+			m_ShuttingDown = true;
 
-	m_CurrentRequest.~HttpRequest();
-	new (&m_CurrentRequest) HttpRequest(nullptr);
+			Log(LogInformation, "HttpServerConnection")
+				<< "HTTP client disconnected (from " << m_PeerAddress << ")";
 
-	m_Stream->Close();
-}
+			/*
+			 * Do not swallow exceptions in a coroutine.
+			 * https://github.com/Icinga/icinga2/issues/7351
+			 * We must not catch `detail::forced_unwind exception` as
+			 * this is used for unwinding the stack.
+			 *
+			 * Just use the error_code dummy here.
+			 */
+			boost::system::error_code ec;
 
-bool HttpServerConnection::ProcessMessage()
-{
-	bool res;
-	HttpResponse response(m_Stream, m_CurrentRequest);
+			m_CheckLivenessTimer.cancel();
 
-	if (!m_CurrentRequest.CompleteHeaders) {
-		try {
-			res = m_CurrentRequest.ParseHeaders(m_Context, false);
-		} catch (const std::invalid_argument& ex) {
-			response.SetStatus(400, "Bad Request");
-			String msg = String("<h1>Bad Request</h1><p><pre>") + ex.what() + "</pre></p>";
-			response.WriteBody(msg.CStr(), msg.GetLength());
-			response.Finish();
+			m_Stream->lowest_layer().cancel(ec);
 
-			m_CurrentRequest.~HttpRequest();
-			new (&m_CurrentRequest) HttpRequest(m_Stream);
+			m_Stream->next_layer().async_shutdown(yc[ec]);
 
-			m_Stream->Shutdown();
+			m_Stream->lowest_layer().shutdown(m_Stream->lowest_layer().shutdown_both, ec);
 
-			return false;
-		} catch (const std::exception& ex) {
-			response.SetStatus(500, "Internal Server Error");
-			String msg = "<h1>Internal Server Error</h1><p><pre>" + DiagnosticInformation(ex) + "</pre></p>";
-			response.WriteBody(msg.CStr(), msg.GetLength());
-			response.Finish();
+			auto listener (ApiListener::GetInstance());
 
-			m_CurrentRequest.~HttpRequest();
-			new (&m_CurrentRequest) HttpRequest(m_Stream);
+			if (listener) {
+				CpuBoundWork removeHttpClient (yc);
 
-			m_Stream->Shutdown();
-
-			return false;
-		}
-		return res;
-	}
-
-	if (!m_CurrentRequest.CompleteHeaderCheck) {
-		m_CurrentRequest.CompleteHeaderCheck = true;
-		if (!ManageHeaders(response)) {
-			m_CurrentRequest.~HttpRequest();
-			new (&m_CurrentRequest) HttpRequest(m_Stream);
-
-			m_Stream->Shutdown();
-
-			return false;
-		}
-	}
-
-	if (!m_CurrentRequest.CompleteBody) {
-		try {
-			res = m_CurrentRequest.ParseBody(m_Context, false);
-		} catch (const std::invalid_argument& ex) {
-			response.SetStatus(400, "Bad Request");
-			String msg = String("<h1>Bad Request</h1><p><pre>") + ex.what() + "</pre></p>";
-			response.WriteBody(msg.CStr(), msg.GetLength());
-			response.Finish();
-
-			m_CurrentRequest.~HttpRequest();
-			new (&m_CurrentRequest) HttpRequest(m_Stream);
-
-			m_Stream->Shutdown();
-
-			return false;
-		} catch (const std::exception& ex) {
-			response.SetStatus(500, "Internal Server Error");
-			String msg = "<h1>Internal Server Error</h1><p><pre>" + DiagnosticInformation(ex) + "</pre></p>";
-			response.WriteBody(msg.CStr(), msg.GetLength());
-			response.Finish();
-
-			m_CurrentRequest.~HttpRequest();
-			new (&m_CurrentRequest) HttpRequest(m_Stream);
-
-			m_Stream->Shutdown();
-
-			return false;
-		}
-		return res;
-	}
-
-	m_RequestQueue.Enqueue(std::bind(&HttpServerConnection::ProcessMessageAsync,
-		HttpServerConnection::Ptr(this), m_CurrentRequest, response, m_AuthenticatedUser));
-
-	m_Seen = Utility::GetTime();
-	m_PendingRequests++;
-
-	m_CurrentRequest.~HttpRequest();
-	new (&m_CurrentRequest) HttpRequest(m_Stream);
-
-	return false;
-}
-
-bool HttpServerConnection::ManageHeaders(HttpResponse& response)
-{
-	if (m_CurrentRequest.Headers->Get("expect") == "100-continue") {
-		String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n";
-		m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength());
-	}
-
-	/* client_cn matched. */
-	if (m_ApiUser)
-		m_AuthenticatedUser = m_ApiUser;
-	else
-		m_AuthenticatedUser = ApiUser::GetByAuthHeader(m_CurrentRequest.Headers->Get("authorization"));
-
-	String requestUrl = m_CurrentRequest.RequestUrl->Format();
-
-	Socket::Ptr socket = m_Stream->GetSocket();
-
-	Log(LogInformation, "HttpServerConnection")
-		<< "Request: " << m_CurrentRequest.RequestMethod << " " << requestUrl
-		<< " (from " << (socket ? socket->GetPeerAddress() : "<unkown>")
-		<< ", user: " << (m_AuthenticatedUser ? m_AuthenticatedUser->GetName() : "<unauthenticated>") << ")";
-
-	ApiListener::Ptr listener = ApiListener::GetInstance();
-
-	if (!listener)
-		return false;
-
-	Array::Ptr headerAllowOrigin = listener->GetAccessControlAllowOrigin();
-
-	if (headerAllowOrigin && headerAllowOrigin->GetLength() != 0) {
-		String origin = m_CurrentRequest.Headers->Get("origin");
-		{
-			ObjectLock olock(headerAllowOrigin);
-
-			for (const String& allowedOrigin : headerAllowOrigin) {
-				if (allowedOrigin == origin)
-					response.AddHeader("Access-Control-Allow-Origin", origin);
+				listener->RemoveHttpClient(this);
 			}
 		}
+	});
+}
 
-		response.AddHeader("Access-Control-Allow-Credentials", "true");
+void HttpServerConnection::StartStreaming()
+{
+	namespace asio = boost::asio;
 
-		String accessControlRequestMethodHeader = m_CurrentRequest.Headers->Get("access-control-request-method");
+	m_HasStartedStreaming = true;
 
-		if (m_CurrentRequest.RequestMethod == "OPTIONS" && !accessControlRequestMethodHeader.IsEmpty()) {
-			response.SetStatus(200, "OK");
+	HttpServerConnection::Ptr keepAlive (this);
 
-			response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
-			response.AddHeader("Access-Control-Allow-Headers", "Authorization, X-HTTP-Method-Override");
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) {
+		if (!m_ShuttingDown) {
+			char buf[128];
+			asio::mutable_buffer readBuf (buf, 128);
+			boost::system::error_code ec;
 
-			String msg = "Preflight OK";
-			response.WriteBody(msg.CStr(), msg.GetLength());
+			do {
+				m_Stream->async_read_some(readBuf, yc[ec]);
+			} while (!ec);
 
-			response.Finish();
+			Disconnect();
+		}
+	});
+}
+
+bool HttpServerConnection::Disconnected()
+{
+	return m_ShuttingDown;
+}
+
+static inline
+bool EnsureValidHeaders(
+	AsioTlsStream& stream,
+	boost::beast::flat_buffer& buf,
+	boost::beast::http::parser<true, boost::beast::http::string_body>& parser,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	bool& shuttingDown,
+	boost::asio::yield_context& yc
+)
+{
+	namespace http = boost::beast::http;
+
+	if (shuttingDown)
+		return false;
+
+	bool httpError = false;
+	String errorMsg;
+
+	boost::system::error_code ec;
+
+	http::async_read_header(stream, buf, parser, yc[ec]);
+
+	if (ec) {
+		if (ec == boost::asio::error::operation_aborted)
 			return false;
+
+		errorMsg = ec.message();
+		httpError = true;
+	} else {
+		switch (parser.get().version()) {
+		case 10:
+		case 11:
+			break;
+		default:
+			errorMsg = "Unsupported HTTP version";
 		}
 	}
 
-	if (m_CurrentRequest.RequestMethod != "GET" && m_CurrentRequest.Headers->Get("accept") != "application/json") {
-		response.SetStatus(400, "Wrong Accept header");
-		response.AddHeader("Content-Type", "text/html");
-		String msg = "<h1>Accept header is missing or not set to 'application/json'.</h1>";
-		response.WriteBody(msg.CStr(), msg.GetLength());
-		response.Finish();
-		return false;
-	}
+	if (!errorMsg.IsEmpty() || httpError) {
+		response.result(http::status::bad_request);
 
-	if (!m_AuthenticatedUser) {
-		Log(LogWarning, "HttpServerConnection")
-			<< "Unauthorized request: " << m_CurrentRequest.RequestMethod << " " << requestUrl;
-
-		response.SetStatus(401, "Unauthorized");
-		response.AddHeader("WWW-Authenticate", "Basic realm=\"Icinga 2\"");
-
-		if (m_CurrentRequest.Headers->Get("accept") == "application/json") {
-			Dictionary::Ptr result = new Dictionary({
-				{ "error", 401 },
-				{ "status", "Unauthorized. Please check your user credentials." }
-			});
-
-			HttpUtility::SendJsonBody(response, nullptr, result);
+		if (!httpError && parser.get()[http::field::accept] == "application/json") {
+			HttpUtility::SendJsonBody(response, nullptr, new Dictionary({
+				{ "error", 400 },
+				{ "status", String("Bad Request: ") + errorMsg }
+			}));
 		} else {
-			response.AddHeader("Content-Type", "text/html");
-			String msg = "<h1>Unauthorized. Please check your user credentials.</h1>";
-			response.WriteBody(msg.CStr(), msg.GetLength());
+			response.set(http::field::content_type, "text/html");
+			response.body() = String("<h1>Bad Request</h1><p><pre>") + errorMsg + "</pre></p>";
+			response.set(http::field::content_length, response.body().size());
 		}
 
-		response.Finish();
-		return false;
-	}
+		response.set(http::field::connection, "close");
 
-	static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
-	size_t maxSize = defaultContentLengthLimit;
+		boost::system::error_code ec;
 
-	Array::Ptr permissions = m_AuthenticatedUser->GetPermissions();
-
-	if (permissions) {
-		ObjectLock olock(permissions);
-
-		for (const Value& permissionInfo : permissions) {
-			String permission;
-
-			if (permissionInfo.IsObjectType<Dictionary>())
-				permission = static_cast<Dictionary::Ptr>(permissionInfo)->Get("permission");
-			else
-				permission = permissionInfo;
-
-			static std::vector<std::pair<String, size_t>> specialContentLengthLimits {
-				  { "config/modify", 512 * 1024 * 1024 }
-			};
-
-			for (const auto& limitInfo : specialContentLengthLimits) {
-				if (limitInfo.second <= maxSize)
-					continue;
-
-				if (Utility::Match(permission, limitInfo.first))
-					maxSize = limitInfo.second;
-			}
-		}
-	}
-
-	size_t contentLength = m_CurrentRequest.Headers->Get("content-length");
-
-	if (contentLength > maxSize) {
-		response.SetStatus(400, "Bad Request");
-		String msg = String("<h1>Content length exceeded maximum</h1>");
-		response.WriteBody(msg.CStr(), msg.GetLength());
-		response.Finish();
+		http::async_write(stream, response, yc[ec]);
+		stream.async_flush(yc[ec]);
 
 		return false;
 	}
@@ -320,65 +202,404 @@ bool HttpServerConnection::ManageHeaders(HttpResponse& response)
 	return true;
 }
 
-void HttpServerConnection::ProcessMessageAsync(HttpRequest& request, HttpResponse& response, const ApiUser::Ptr& user)
+static inline
+void HandleExpect100(
+	AsioTlsStream& stream,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	boost::asio::yield_context& yc
+)
 {
-	response.RebindRequest(request);
+	namespace http = boost::beast::http;
 
-	try {
-		HttpHandler::ProcessRequest(user, request, response);
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "HttpServerConnection")
-			<< "Unhandled exception while processing Http request: " << DiagnosticInformation(ex);
-		HttpUtility::SendJsonError(response, nullptr, 503, "Unhandled exception" , DiagnosticInformation(ex));
+	if (request[http::field::expect] == "100-continue") {
+		http::response<http::string_body> response;
+
+		response.result(http::status::continue_);
+
+		boost::system::error_code ec;
+
+		http::async_write(stream, response, yc[ec]);
+		stream.async_flush(yc[ec]);
 	}
-
-	response.Finish();
-	m_PendingRequests--;
-	m_Stream->SetCorked(false);
 }
 
-void HttpServerConnection::DataAvailableHandler()
+static inline
+bool HandleAccessControl(
+	AsioTlsStream& stream,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	boost::asio::yield_context& yc
+)
 {
-	bool close = false;
+	namespace http = boost::beast::http;
 
-	if (!m_Stream->IsEof()) {
-		boost::mutex::scoped_lock lock(m_DataHandlerMutex);
+	auto listener (ApiListener::GetInstance());
 
-		m_Stream->SetCorked(true);
+	if (listener) {
+		auto headerAllowOrigin (listener->GetAccessControlAllowOrigin());
 
-		try {
-			while (ProcessMessage())
-				; /* empty loop body */
-		} catch (const std::exception& ex) {
-			Log(LogWarning, "HttpServerConnection")
-				<< "Error while reading Http request: " << DiagnosticInformation(ex);
+		if (headerAllowOrigin) {
+			CpuBoundWork allowOriginHeader (yc);
 
-			close = true;
+			auto allowedOrigins (headerAllowOrigin->ToSet<String>());
+
+			if (!allowedOrigins.empty()) {
+				auto& origin (request[http::field::origin]);
+
+				if (allowedOrigins.find(origin.to_string()) != allowedOrigins.end()) {
+					response.set(http::field::access_control_allow_origin, origin);
+				}
+
+				allowOriginHeader.Done();
+
+				response.set(http::field::access_control_allow_credentials, "true");
+
+				if (request.method() == http::verb::options && !request[http::field::access_control_request_method].empty()) {
+					response.result(http::status::ok);
+					response.set(http::field::access_control_allow_methods, "GET, POST, PUT, DELETE");
+					response.set(http::field::access_control_allow_headers, "Authorization, X-HTTP-Method-Override");
+					response.body() = "Preflight OK";
+					response.set(http::field::content_length, response.body().size());
+					response.set(http::field::connection, "close");
+
+					boost::system::error_code ec;
+
+					http::async_write(stream, response, yc[ec]);
+					stream.async_flush(yc[ec]);
+
+					return false;
+				}
+			}
+		}
+	}
+
+	return true;
+}
+
+static inline
+bool EnsureAcceptHeader(
+	AsioTlsStream& stream,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	boost::asio::yield_context& yc
+)
+{
+	namespace http = boost::beast::http;
+
+	if (request.method() != http::verb::get && request[http::field::accept] != "application/json") {
+		response.result(http::status::bad_request);
+		response.set(http::field::content_type, "text/html");
+		response.body() = "<h1>Accept header is missing or not set to 'application/json'.</h1>";
+		response.set(http::field::content_length, response.body().size());
+		response.set(http::field::connection, "close");
+
+		boost::system::error_code ec;
+
+		http::async_write(stream, response, yc[ec]);
+		stream.async_flush(yc[ec]);
+
+		return false;
+	}
+
+	return true;
+}
+
+static inline
+bool EnsureAuthenticatedUser(
+	AsioTlsStream& stream,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	ApiUser::Ptr& authenticatedUser,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	boost::asio::yield_context& yc
+)
+{
+	namespace http = boost::beast::http;
+
+	if (!authenticatedUser) {
+		Log(LogWarning, "HttpServerConnection")
+			<< "Unauthorized request: " << request.method_string() << ' ' << request.target();
+
+		response.result(http::status::unauthorized);
+		response.set(http::field::www_authenticate, "Basic realm=\"Icinga 2\"");
+		response.set(http::field::connection, "close");
+
+		if (request[http::field::accept] == "application/json") {
+			HttpUtility::SendJsonBody(response, nullptr, new Dictionary({
+				{ "error", 401 },
+				{ "status", "Unauthorized. Please check your user credentials." }
+			}));
+		} else {
+			response.set(http::field::content_type, "text/html");
+			response.body() = "<h1>Unauthorized. Please check your user credentials.</h1>";
+			response.set(http::field::content_length, response.body().size());
 		}
 
-		m_RequestQueue.Enqueue(std::bind(&Stream::SetCorked, m_Stream, false));
-	} else
-		close = true;
+		boost::system::error_code ec;
 
-	if (close)
-		Disconnect();
+		http::async_write(stream, response, yc[ec]);
+		stream.async_flush(yc[ec]);
+
+		return false;
+	}
+
+	return true;
 }
 
-void HttpServerConnection::CheckLiveness()
+static inline
+bool EnsureValidBody(
+	AsioTlsStream& stream,
+	boost::beast::flat_buffer& buf,
+	boost::beast::http::parser<true, boost::beast::http::string_body>& parser,
+	ApiUser::Ptr& authenticatedUser,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	bool& shuttingDown,
+	boost::asio::yield_context& yc
+)
 {
-	if (m_Seen < Utility::GetTime() - 10 && m_PendingRequests == 0) {
-		Log(LogInformation, "HttpServerConnection")
-			<<  "No messages for Http connection have been received in the last 10 seconds.";
-		Disconnect();
+	namespace http = boost::beast::http;
+
+	{
+		size_t maxSize = 1024 * 1024;
+		Array::Ptr permissions = authenticatedUser->GetPermissions();
+
+		if (permissions) {
+			CpuBoundWork evalPermissions (yc);
+
+			ObjectLock olock(permissions);
+
+			for (const Value& permissionInfo : permissions) {
+				String permission;
+
+				if (permissionInfo.IsObjectType<Dictionary>()) {
+					permission = static_cast<Dictionary::Ptr>(permissionInfo)->Get("permission");
+				} else {
+					permission = permissionInfo;
+				}
+
+				static std::vector<std::pair<String, size_t>> specialContentLengthLimits {
+					 { "config/modify", 512 * 1024 * 1024 }
+				};
+
+				for (const auto& limitInfo : specialContentLengthLimits) {
+					if (limitInfo.second <= maxSize) {
+						continue;
+					}
+
+					if (Utility::Match(permission, limitInfo.first)) {
+						maxSize = limitInfo.second;
+					}
+				}
+			}
+		}
+
+		parser.body_limit(maxSize);
+	}
+
+	if (shuttingDown)
+		return false;
+
+	boost::system::error_code ec;
+
+	http::async_read(stream, buf, parser, yc[ec]);
+
+	if (ec) {
+		if (ec == boost::asio::error::operation_aborted)
+			return false;
+
+		/**
+		 * Unfortunately there's no way to tell an HTTP protocol error
+		 * from an error on a lower layer:
+		 *
+		 * <https://github.com/boostorg/beast/issues/643>
+		 */
+
+		response.result(http::status::bad_request);
+
+		if (parser.get()[http::field::accept] == "application/json") {
+			HttpUtility::SendJsonBody(response, nullptr, new Dictionary({
+				{ "error", 400 },
+				{ "status", String("Bad Request: ") + ec.message() }
+			}));
+		} else {
+			response.set(http::field::content_type, "text/html");
+			response.body() = String("<h1>Bad Request</h1><p><pre>") + ec.message() + "</pre></p>";
+			response.set(http::field::content_length, response.body().size());
+		}
+
+		response.set(http::field::connection, "close");
+
+		http::async_write(stream, response, yc[ec]);
+		stream.async_flush(yc[ec]);
+
+		return false;
+	}
+
+	return true;
+}
+
+static inline
+bool ProcessRequest(
+	AsioTlsStream& stream,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	ApiUser::Ptr& authenticatedUser,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	HttpServerConnection& server,
+	bool& hasStartedStreaming,
+	boost::asio::yield_context& yc
+)
+{
+	namespace http = boost::beast::http;
+
+	try {
+		CpuBoundWork handlingRequest (yc);
+
+		HttpHandler::ProcessRequest(stream, authenticatedUser, request, response, yc, server);
+	} catch (const std::exception& ex) {
+		if (hasStartedStreaming) {
+			return false;
+		}
+
+		auto sysErr (dynamic_cast<const boost::system::system_error*>(&ex));
+
+		if (sysErr && sysErr->code() == boost::asio::error::operation_aborted) {
+			throw;
+		}
+
+		http::response<http::string_body> response;
+
+		HttpUtility::SendJsonError(response, nullptr, 500, "Unhandled exception" , DiagnosticInformation(ex));
+
+		boost::system::error_code ec;
+
+		http::async_write(stream, response, yc[ec]);
+		stream.async_flush(yc[ec]);
+
+		return true;
+	}
+
+	if (hasStartedStreaming) {
+		return false;
+	}
+
+	boost::system::error_code ec;
+
+	http::async_write(stream, response, yc[ec]);
+	stream.async_flush(yc[ec]);
+
+	return true;
+}
+
+void HttpServerConnection::ProcessMessages(boost::asio::yield_context yc)
+{
+	namespace beast = boost::beast;
+	namespace http = beast::http;
+
+	try {
+		/* Do not reset the buffer in the state machine.
+		 * EnsureValidHeaders already reads from the stream into the buffer,
+		 * EnsureValidBody continues. ProcessRequest() actually handles the request
+		 * and needs the full buffer.
+		 */
+		beast::flat_buffer buf;
+
+		for (;;) {
+			m_Seen = Utility::GetTime();
+
+			http::parser<true, http::string_body> parser;
+			http::response<http::string_body> response;
+
+			parser.header_limit(1024 * 1024);
+			parser.body_limit(-1);
+
+			response.set(http::field::server, l_ServerHeader);
+
+			if (!EnsureValidHeaders(*m_Stream, buf, parser, response, m_ShuttingDown, yc)) {
+				break;
+			}
+
+			m_Seen = Utility::GetTime();
+
+			auto& request (parser.get());
+
+			{
+				auto method (http::string_to_verb(request["X-Http-Method-Override"]));
+
+				if (method != http::verb::unknown) {
+					request.method(method);
+				}
+			}
+
+			HandleExpect100(*m_Stream, request, yc);
+
+			auto authenticatedUser (m_ApiUser);
+
+			if (!authenticatedUser) {
+				CpuBoundWork fetchingAuthenticatedUser (yc);
+
+				authenticatedUser = ApiUser::GetByAuthHeader(request[http::field::authorization].to_string());
+			}
+
+			Log(LogInformation, "HttpServerConnection")
+				<< "Request: " << request.method_string() << ' ' << request.target()
+				<< " (from " << m_PeerAddress
+				<< "), user: " << (authenticatedUser ? authenticatedUser->GetName() : "<unauthenticated>")
+				<< ", agent: " << request[http::field::user_agent] << ")."; //operator[] - Returns the value for a field, or "" if it does not exist.
+
+
+			if (!HandleAccessControl(*m_Stream, request, response, yc)) {
+				break;
+			}
+
+			if (!EnsureAcceptHeader(*m_Stream, request, response, yc)) {
+				break;
+			}
+
+			if (!EnsureAuthenticatedUser(*m_Stream, request, authenticatedUser, response, yc)) {
+				break;
+			}
+
+			if (!EnsureValidBody(*m_Stream, buf, parser, authenticatedUser, response, m_ShuttingDown, yc)) {
+				break;
+			}
+
+			m_Seen = std::numeric_limits<decltype(m_Seen)>::max();
+
+			if (!ProcessRequest(*m_Stream, request, authenticatedUser, response, *this, m_HasStartedStreaming, yc)) {
+				break;
+			}
+
+			if (request.version() != 11 || request[http::field::connection] == "close") {
+				break;
+			}
+		}
+	} catch (const std::exception& ex) {
+		if (!m_ShuttingDown) {
+			Log(LogCritical, "HttpServerConnection")
+				<< "Unhandled exception while processing HTTP request: " << ex.what();
+		}
+	}
+
+	Disconnect();
+}
+
+void HttpServerConnection::CheckLiveness(boost::asio::yield_context yc)
+{
+	boost::system::error_code ec;
+
+	for (;;) {
+		m_CheckLivenessTimer.expires_from_now(boost::posix_time::seconds(5));
+		m_CheckLivenessTimer.async_wait(yc[ec]);
+
+		if (m_ShuttingDown) {
+			break;
+		}
+
+		if (m_Seen < Utility::GetTime() - 10) {
+			Log(LogInformation, "HttpServerConnection")
+				<<  "No messages for HTTP connection have been received in the last 10 seconds.";
+
+			Disconnect();
+			break;
+		}
 	}
 }
-
-void HttpServerConnection::TimeoutTimerHandler()
-{
-	ApiListener::Ptr listener = ApiListener::GetInstance();
-
-	for (const HttpServerConnection::Ptr& client : listener->GetHttpClients()) {
-		client->CheckLiveness();
-	}
-}
-
diff --git a/lib/remote/httpserverconnection.hpp b/lib/remote/httpserverconnection.hpp
index 5f959b8a0..43851e76e 100644
--- a/lib/remote/httpserverconnection.hpp
+++ b/lib/remote/httpserverconnection.hpp
@@ -1,30 +1,16 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HTTPSERVERCONNECTION_H
 #define HTTPSERVERCONNECTION_H
 
-#include "remote/httprequest.hpp"
-#include "remote/httpresponse.hpp"
 #include "remote/apiuser.hpp"
+#include "base/string.hpp"
 #include "base/tlsstream.hpp"
-#include "base/workqueue.hpp"
+#include <memory>
+#include <boost/asio/deadline_timer.hpp>
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/io_context_strand.hpp>
+#include <boost/asio/spawn.hpp>
 
 namespace icinga
 {
@@ -39,38 +25,28 @@ class HttpServerConnection final : public Object
 public:
 	DECLARE_PTR_TYPEDEFS(HttpServerConnection);
 
-	HttpServerConnection(const String& identity, bool authenticated, const TlsStream::Ptr& stream);
+	HttpServerConnection(const String& identity, bool authenticated, const std::shared_ptr<AsioTlsStream>& stream);
 
 	void Start();
-
-	ApiUser::Ptr GetApiUser() const;
-	bool IsAuthenticated() const;
-	TlsStream::Ptr GetStream() const;
-
 	void Disconnect();
+	void StartStreaming();
+
+	bool Disconnected();
 
 private:
 	ApiUser::Ptr m_ApiUser;
-	ApiUser::Ptr m_AuthenticatedUser;
-	TlsStream::Ptr m_Stream;
+	std::shared_ptr<AsioTlsStream> m_Stream;
 	double m_Seen;
-	HttpRequest m_CurrentRequest;
-	boost::mutex m_DataHandlerMutex;
-	WorkQueue m_RequestQueue;
-	int m_PendingRequests;
+	String m_PeerAddress;
+	boost::asio::io_context::strand m_IoStrand;
+	bool m_ShuttingDown;
+	bool m_HasStartedStreaming;
+	boost::asio::deadline_timer m_CheckLivenessTimer;
 
-	StreamReadContext m_Context;
+	HttpServerConnection(const String& identity, bool authenticated, const std::shared_ptr<AsioTlsStream>& stream, boost::asio::io_context& io);
 
-	bool ProcessMessage();
-	void DataAvailableHandler();
-
-	static void StaticInitialize();
-	static void TimeoutTimerHandler();
-	void CheckLiveness();
-
-	bool ManageHeaders(HttpResponse& response);
-
-	void ProcessMessageAsync(HttpRequest& request, HttpResponse& response, const ApiUser::Ptr&);
+	void ProcessMessages(boost::asio::yield_context yc);
+	void CheckLiveness(boost::asio::yield_context yc);
 };
 
 }
diff --git a/lib/remote/httputility.cpp b/lib/remote/httputility.cpp
index 2788a03b2..91902ba50 100644
--- a/lib/remote/httputility.cpp
+++ b/lib/remote/httputility.cpp
@@ -1,72 +1,42 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/httputility.hpp"
+#include "remote/url.hpp"
 #include "base/json.hpp"
 #include "base/logger.hpp"
+#include <map>
+#include <string>
+#include <vector>
+#include <boost/beast/http.hpp>
 
 using namespace icinga;
 
-Dictionary::Ptr HttpUtility::FetchRequestParameters(HttpRequest& request)
+Dictionary::Ptr HttpUtility::FetchRequestParameters(const Url::Ptr& url, const std::string& body)
 {
 	Dictionary::Ptr result;
 
-	String body;
-	char buffer[1024];
-	size_t count;
-
-	while ((count = request.ReadBody(buffer, sizeof(buffer))) > 0)
-		body += String(buffer, buffer + count);
-
-	if (!body.IsEmpty()) {
-#ifdef I2_DEBUG
+	if (!body.empty()) {
 		Log(LogDebug, "HttpUtility")
-			<< "Request body: '" << body << "'";
-#endif /* I2_DEBUG */
+			<< "Request body: '" << body << '\'';
+
 		result = JsonDecode(body);
 	}
 
 	if (!result)
 		result = new Dictionary();
 
-	typedef std::pair<String, std::vector<String> > kv_pair;
-	for (const kv_pair& kv : request.RequestUrl->GetQuery()) {
+	std::map<String, std::vector<String>> query;
+	for (const auto& kv : url->GetQuery()) {
+		query[kv.first].emplace_back(kv.second);
+	}
+
+	for (auto& kv : query) {
 		result->Set(kv.first, Array::FromVector(kv.second));
 	}
 
 	return result;
 }
 
-void HttpUtility::SendJsonBody(HttpResponse& response, const Dictionary::Ptr& params, const Value& val)
-{
-	response.AddHeader("Content-Type", "application/json");
-
-	bool prettyPrint = false;
-
-	if (params)
-		prettyPrint = GetLastParameter(params, "pretty");
-
-	String body = JsonEncode(val, prettyPrint);
-
-	response.WriteBody(body.CStr(), body.GetLength());
-}
-
 Value HttpUtility::GetLastParameter(const Dictionary::Ptr& params, const String& key)
 {
 	Value varr = params->Get(key);
@@ -82,54 +52,29 @@ Value HttpUtility::GetLastParameter(const Dictionary::Ptr& params, const String&
 		return arr->Get(arr->GetLength() - 1);
 }
 
-void HttpUtility::SendJsonError(HttpResponse& response, const Dictionary::Ptr& params,
-	int code, const String& info, const String& diagnosticInformation)
+void HttpUtility::SendJsonBody(boost::beast::http::response<boost::beast::http::string_body>& response, const Dictionary::Ptr& params, const Value& val)
 {
-	Dictionary::Ptr result = new Dictionary();
-	response.SetStatus(code, HttpUtility::GetErrorNameByCode(code));
-	result->Set("error", code);
+	namespace http = boost::beast::http;
 
-	bool verbose = false;
+	response.set(http::field::content_type, "application/json");
+	response.body() = JsonEncode(val, params && GetLastParameter(params, "pretty"));
+	response.set(http::field::content_length, response.body().size());
+}
 
-	if (params)
-		verbose = HttpUtility::GetLastParameter(params, "verbose");
+void HttpUtility::SendJsonError(boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params, int code, const String& info, const String& diagnosticInformation)
+{
+	Dictionary::Ptr result = new Dictionary({ { "error", code } });
 
-	if (!info.IsEmpty())
+	if (!info.IsEmpty()) {
 		result->Set("status", info);
-
-	if (verbose) {
-		if (!diagnosticInformation.IsEmpty())
-			result->Set("diagnostic_information", diagnosticInformation);
 	}
 
+	if (params && HttpUtility::GetLastParameter(params, "verbose") && !diagnosticInformation.IsEmpty()) {
+		result->Set("diagnostic_information", diagnosticInformation);
+	}
+
+	response.result(code);
+
 	HttpUtility::SendJsonBody(response, params, result);
 }
-
-String HttpUtility::GetErrorNameByCode(const int code)
-{
-	switch(code) {
-		case 200:
-			return "OK";
-		case 201:
-			return "Created";
-		case 204:
-			return "No Content";
-		case 304:
-			return "Not Modified";
-		case 400:
-			return "Bad Request";
-		case 401:
-			return "Unauthorized";
-		case 403:
-			return "Forbidden";
-		case 404:
-			return "Not Found";
-		case 409:
-			return "Conflict";
-		case 500:
-			return "Internal Server Error";
-		default:
-			return "Unknown Error Code";
-	}
-}
-
diff --git a/lib/remote/httputility.hpp b/lib/remote/httputility.hpp
index 2bc3690d8..6465b4af9 100644
--- a/lib/remote/httputility.hpp
+++ b/lib/remote/httputility.hpp
@@ -1,28 +1,12 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef HTTPUTILITY_H
 #define HTTPUTILITY_H
 
-#include "remote/httprequest.hpp"
-#include "remote/httpresponse.hpp"
+#include "remote/url.hpp"
 #include "base/dictionary.hpp"
+#include <boost/beast/http.hpp>
+#include <string>
 
 namespace icinga
 {
@@ -36,15 +20,12 @@ class HttpUtility
 {
 
 public:
-	static Dictionary::Ptr FetchRequestParameters(HttpRequest& request);
-	static void SendJsonBody(HttpResponse& response, const Dictionary::Ptr& params, const Value& val);
+	static Dictionary::Ptr FetchRequestParameters(const Url::Ptr& url, const std::string& body);
 	static Value GetLastParameter(const Dictionary::Ptr& params, const String& key);
-	static void SendJsonError(HttpResponse& response, const Dictionary::Ptr& params, const int code,
+
+	static void SendJsonBody(boost::beast::http::response<boost::beast::http::string_body>& response, const Dictionary::Ptr& params, const Value& val);
+	static void SendJsonError(boost::beast::http::response<boost::beast::http::string_body>& response, const Dictionary::Ptr& params, const int code,
 		const String& verbose = String(), const String& diagnosticInformation = String());
-
-private:
-	static String GetErrorNameByCode(int code);
-
 };
 
 }
diff --git a/lib/remote/i2-remote.hpp b/lib/remote/i2-remote.hpp
index 292e8f2e0..5755befdb 100644
--- a/lib/remote/i2-remote.hpp
+++ b/lib/remote/i2-remote.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef I2REMOTE_H
 #define I2REMOTE_H
diff --git a/lib/remote/infohandler.cpp b/lib/remote/infohandler.cpp
index 5336c84cf..18c18c0e0 100644
--- a/lib/remote/infohandler.cpp
+++ b/lib/remote/infohandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/infohandler.hpp"
 #include "remote/httputility.hpp"
@@ -25,24 +8,35 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/", InfoHandler);
 
-bool InfoHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool InfoHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() > 2)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() > 2)
 		return false;
 
-	if (request.RequestMethod != "GET")
+	if (request.method() != http::verb::get)
 		return false;
 
-	if (request.RequestUrl->GetPath().empty()) {
-		response.SetStatus(302, "Found");
-		response.AddHeader("Location", "/v1");
+	if (url->GetPath().empty()) {
+		response.result(http::status::found);
+		response.set(http::field::location, "/v1");
 		return true;
 	}
 
-	if (request.RequestUrl->GetPath()[0] != "v1" || request.RequestUrl->GetPath().size() != 1)
+	if (url->GetPath()[0] != "v1" || url->GetPath().size() != 1)
 		return false;
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 
 	std::vector<String> permInfo;
 	Array::Ptr permissions = user->GetPermissions();
@@ -66,12 +60,12 @@ bool InfoHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
 		}
 	}
 
-	if (request.Headers->Get("accept") == "application/json") {
+	if (request[http::field::accept] == "application/json") {
 		Dictionary::Ptr result1 = new Dictionary({
 			{ "user", user->GetName() },
 			{ "permissions", Array::FromVector(permInfo) },
 			{ "version", Application::GetAppVersion() },
-			{ "info", "More information about API requests is available in the documentation at https://docs.icinga.com/icinga2/latest." }
+			{ "info", "More information about API requests is available in the documentation at https://icinga.com/docs/icinga2/latest/" }
 		});
 
 		Dictionary::Ptr result = new Dictionary({
@@ -80,7 +74,7 @@ bool InfoHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
 
 		HttpUtility::SendJsonBody(response, params, result);
 	} else {
-		response.AddHeader("Content-Type", "text/html");
+		response.set(http::field::content_type, "text/html");
 
 		String body = "<html><head><title>Icinga 2</title></head><h1>Hello from Icinga 2 (Version: " + Application::GetAppVersion() + ")!</h1>";
 		body += "<p>You are authenticated as <b>" + user->GetName() + "</b>. ";
@@ -96,8 +90,9 @@ bool InfoHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
 		} else
 			body += "Your user does not have any permissions.</p>";
 
-		body += R"(<p>More information about API requests is available in the <a href="https://docs.icinga.com/icinga2/latest" target="_blank">documentation</a>.</p></html>)";
-		response.WriteBody(body.CStr(), body.GetLength());
+		body += R"(<p>More information about API requests is available in the <a href="https://icinga.com/docs/icinga2/latest/" target="_blank">documentation</a>.</p></html>)";
+		response.body() = body;
+		response.set(http::field::content_length, response.body().size());
 	}
 
 	return true;
diff --git a/lib/remote/infohandler.hpp b/lib/remote/infohandler.hpp
index f99eab5c8..e1fe98314 100644
--- a/lib/remote/infohandler.hpp
+++ b/lib/remote/infohandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef INFOHANDLER_H
 #define INFOHANDLER_H
@@ -30,8 +13,16 @@ class InfoHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(InfoHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/jsonrpc.cpp b/lib/remote/jsonrpc.cpp
index fa6c3df00..d17b5780f 100644
--- a/lib/remote/jsonrpc.cpp
+++ b/lib/remote/jsonrpc.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/jsonrpc.hpp"
 #include "base/netstring.hpp"
@@ -23,11 +6,20 @@
 #include "base/console.hpp"
 #include "base/scriptglobal.hpp"
 #include "base/convert.hpp"
+#include "base/tlsstream.hpp"
 #include <iostream>
+#include <memory>
+#include <utility>
+#include <boost/asio/spawn.hpp>
 
 using namespace icinga;
 
 #ifdef I2_DEBUG
+/**
+ * Determine whether the developer wants to see raw JSON messages.
+ *
+ * @return Internal.DebugJsonRpc boolean
+ */
 static bool GetDebugJsonRpcCached()
 {
 	static int debugJsonRpc = -1;
@@ -37,7 +29,7 @@ static bool GetDebugJsonRpcCached()
 
 	debugJsonRpc = false;
 
-	Dictionary::Ptr internal = ScriptGlobal::Get("Internal", &Empty);
+	Namespace::Ptr internal = ScriptGlobal::Get("Internal", &Empty);
 
 	if (!internal)
 		return false;
@@ -60,7 +52,7 @@ static bool GetDebugJsonRpcCached()
  *
  * @return The amount of bytes sent.
  */
-size_t JsonRpc::SendMessage(const Stream::Ptr& stream, const Dictionary::Ptr& message)
+size_t JsonRpc::SendMessage(const std::shared_ptr<AsioTlsStream>& stream, const Dictionary::Ptr& message)
 {
 	String json = JsonEncode(message);
 
@@ -72,24 +64,86 @@ size_t JsonRpc::SendMessage(const Stream::Ptr& stream, const Dictionary::Ptr& me
 	return NetString::WriteStringToStream(stream, json);
 }
 
-StreamReadStatus JsonRpc::ReadMessage(const Stream::Ptr& stream, String *message, StreamReadContext& src, bool may_wait, ssize_t maxMessageLength)
+/**
+ * Sends a message to the connected peer and returns the bytes sent.
+ *
+ * @param message The message.
+ *
+ * @return The amount of bytes sent.
+ */
+size_t JsonRpc::SendMessage(const std::shared_ptr<AsioTlsStream>& stream, const Dictionary::Ptr& message, boost::asio::yield_context yc)
 {
-	String jsonString;
-	StreamReadStatus srs = NetString::ReadStringFromStream(stream, &jsonString, src, may_wait, maxMessageLength);
+	return JsonRpc::SendRawMessage(stream, JsonEncode(message), yc);
+}
 
-	if (srs != StatusNewItem)
-		return srs;
+ /**
+  * Sends a raw message to the connected peer.
+  *
+  * @param stream ASIO TLS Stream
+  * @param json message
+  * @param yc Yield context required for ASIO
+  *
+  * @return bytes sent
+  */
+size_t JsonRpc::SendRawMessage(const std::shared_ptr<AsioTlsStream>& stream, const String& json, boost::asio::yield_context yc)
+{
+#ifdef I2_DEBUG
+	if (GetDebugJsonRpcCached())
+		std::cerr << ConsoleColorTag(Console_ForegroundBlue) << ">> " << json << ConsoleColorTag(Console_Normal) << "\n";
+#endif /* I2_DEBUG */
 
-	*message = jsonString;
+	return NetString::WriteStringToStream(stream, json, yc);
+}
+
+/**
+ * Reads a message from the connected peer.
+ *
+ * @param stream ASIO TLS Stream
+ * @param maxMessageLength maximum size of bytes read.
+ *
+ * @return A JSON string
+ */
+
+String JsonRpc::ReadMessage(const std::shared_ptr<AsioTlsStream>& stream, ssize_t maxMessageLength)
+{
+	String jsonString = NetString::ReadStringFromStream(stream, maxMessageLength);
 
 #ifdef I2_DEBUG
 	if (GetDebugJsonRpcCached())
 		std::cerr << ConsoleColorTag(Console_ForegroundBlue) << "<< " << jsonString << ConsoleColorTag(Console_Normal) << "\n";
 #endif /* I2_DEBUG */
 
-	return StatusNewItem;
+	return std::move(jsonString);
 }
 
+/**
+ * Reads a message from the connected peer.
+ *
+ * @param stream ASIO TLS Stream
+ * @param yc Yield Context for ASIO
+ * @param maxMessageLength maximum size of bytes read.
+ *
+ * @return A JSON string
+ */
+String JsonRpc::ReadMessage(const std::shared_ptr<AsioTlsStream>& stream, boost::asio::yield_context yc, ssize_t maxMessageLength)
+{
+	String jsonString = NetString::ReadStringFromStream(stream, yc, maxMessageLength);
+
+#ifdef I2_DEBUG
+	if (GetDebugJsonRpcCached())
+		std::cerr << ConsoleColorTag(Console_ForegroundBlue) << "<< " << jsonString << ConsoleColorTag(Console_Normal) << "\n";
+#endif /* I2_DEBUG */
+
+	return std::move(jsonString);
+}
+
+/**
+ * Decode message, enforce a Dictionary
+ *
+ * @param message JSON string
+ *
+ * @return Dictionary ptr
+ */
 Dictionary::Ptr JsonRpc::DecodeMessage(const String& message)
 {
 	Value value = JsonDecode(message);
diff --git a/lib/remote/jsonrpc.hpp b/lib/remote/jsonrpc.hpp
index e7d2a05ea..cc4cc7b6d 100644
--- a/lib/remote/jsonrpc.hpp
+++ b/lib/remote/jsonrpc.hpp
@@ -1,28 +1,14 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef JSONRPC_H
 #define JSONRPC_H
 
 #include "base/stream.hpp"
 #include "base/dictionary.hpp"
+#include "base/tlsstream.hpp"
 #include "remote/i2-remote.hpp"
+#include <memory>
+#include <boost/asio/spawn.hpp>
 
 namespace icinga
 {
@@ -35,8 +21,13 @@ namespace icinga
 class JsonRpc
 {
 public:
-	static size_t SendMessage(const Stream::Ptr& stream, const Dictionary::Ptr& message);
-	static StreamReadStatus ReadMessage(const Stream::Ptr& stream, String *message, StreamReadContext& src, bool may_wait = false, ssize_t maxMessageLength = -1);
+	static size_t SendMessage(const std::shared_ptr<AsioTlsStream>& stream, const Dictionary::Ptr& message);
+	static size_t SendMessage(const std::shared_ptr<AsioTlsStream>& stream, const Dictionary::Ptr& message, boost::asio::yield_context yc);
+	static size_t SendRawMessage(const std::shared_ptr<AsioTlsStream>& stream, const String& json, boost::asio::yield_context yc);
+
+	static String ReadMessage(const std::shared_ptr<AsioTlsStream>& stream, ssize_t maxMessageLength = -1);
+	static String ReadMessage(const std::shared_ptr<AsioTlsStream>& stream, boost::asio::yield_context yc, ssize_t maxMessageLength = -1);
+
 	static Dictionary::Ptr DecodeMessage(const String& message);
 
 private:
diff --git a/lib/remote/jsonrpcconnection-heartbeat.cpp b/lib/remote/jsonrpcconnection-heartbeat.cpp
index 12b0d0c53..993877e4e 100644
--- a/lib/remote/jsonrpcconnection-heartbeat.cpp
+++ b/lib/remote/jsonrpcconnection-heartbeat.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/jsonrpcconnection.hpp"
 #include "remote/messageorigin.hpp"
@@ -24,34 +7,42 @@
 #include "base/configtype.hpp"
 #include "base/logger.hpp"
 #include "base/utility.hpp"
+#include <boost/asio/spawn.hpp>
+#include <boost/date_time/posix_time/posix_time_duration.hpp>
+#include <boost/system/system_error.hpp>
 
 using namespace icinga;
 
 REGISTER_APIFUNCTION(Heartbeat, event, &JsonRpcConnection::HeartbeatAPIHandler);
 
-void JsonRpcConnection::HeartbeatTimerHandler()
+void JsonRpcConnection::HandleAndWriteHeartbeats(boost::asio::yield_context yc)
 {
-	for (const Endpoint::Ptr& endpoint : ConfigType::GetObjectsByType<Endpoint>()) {
-		for (const JsonRpcConnection::Ptr& client : endpoint->GetClients()) {
-			if (client->m_NextHeartbeat != 0 && client->m_NextHeartbeat < Utility::GetTime()) {
-				Log(LogWarning, "JsonRpcConnection")
-					<< "Client for endpoint '" << endpoint->GetName() << "' has requested "
-					<< "heartbeat message but hasn't responded in time. Closing connection.";
+	boost::system::error_code ec;
 
-				client->Disconnect();
-				continue;
-			}
+	for (;;) {
+		m_HeartbeatTimer.expires_from_now(boost::posix_time::seconds(10));
+		m_HeartbeatTimer.async_wait(yc[ec]);
 
-			Dictionary::Ptr request = new Dictionary({
-				{ "jsonrpc", "2.0" },
-				{ "method", "event::Heartbeat" },
-				{ "params", new Dictionary({
-					{ "timeout", 120 }
-				}) }
-			});
-
-			client->SendMessage(request);
+		if (m_ShuttingDown) {
+			break;
 		}
+
+		if (m_NextHeartbeat != 0 && m_NextHeartbeat < Utility::GetTime()) {
+			Log(LogWarning, "JsonRpcConnection")
+				<< "Client for endpoint '" << m_Endpoint->GetName() << "' has requested "
+				<< "heartbeat message but hasn't responded in time. Closing connection.";
+
+			Disconnect();
+			break;
+		}
+
+		SendMessageInternal(new Dictionary({
+			{ "jsonrpc", "2.0" },
+			{ "method", "event::Heartbeat" },
+			{ "params", new Dictionary({
+				{ "timeout", 120 }
+			}) }
+		}));
 	}
 }
 
@@ -61,7 +52,6 @@ Value JsonRpcConnection::HeartbeatAPIHandler(const MessageOrigin::Ptr& origin, c
 
 	if (!vtimeout.IsEmpty()) {
 		origin->FromClient->m_NextHeartbeat = Utility::GetTime() + vtimeout;
-		origin->FromClient->m_HeartbeatTimeout = vtimeout;
 	}
 
 	return Empty;
diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
index 6c867400c..c538bb1de 100644
--- a/lib/remote/jsonrpcconnection-pki.cpp
+++ b/lib/remote/jsonrpcconnection-pki.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/jsonrpcconnection.hpp"
 #include "remote/apilistener.hpp"
@@ -30,6 +13,8 @@
 #include <boost/thread/once.hpp>
 #include <boost/regex.hpp>
 #include <fstream>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
 
 using namespace icinga;
 
@@ -47,10 +32,21 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 	Dictionary::Ptr result = new Dictionary();
 
 	/* Use the presented client certificate if not provided. */
-	if (certText.IsEmpty())
-		cert = origin->FromClient->GetStream()->GetPeerCertificate();
-	else
+	if (certText.IsEmpty()) {
+		auto stream (origin->FromClient->GetStream());
+		cert = stream->next_layer().GetPeerCertificate();
+	} else {
 		cert = StringToCertificate(certText);
+	}
+
+	if (!cert) {
+		Log(LogWarning, "JsonRpcConnection") << "No certificate or CSR received";
+
+		result->Set("status_code", 1);
+		result->Set("error", "No certificate or CSR received.");
+
+		return result;
+	}
 
 	ApiListener::Ptr listener = ApiListener::GetInstance();
 	std::shared_ptr<X509> cacert = GetX509Certificate(listener->GetDefaultCaPath());
@@ -129,10 +125,16 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 				{ "method", "pki::UpdateCertificate" },
 				{ "params", result }
 			});
-			JsonRpc::SendMessage(client->GetStream(), message);
+			client->SendMessage(message);
 
 			return result;
 		}
+	} else if (Utility::PathExists(requestDir + "/" + certFingerprint + ".removed")) {
+		Log(LogInformation, "JsonRpcConnection")
+			<< "Certificate for CN " << cn << " has been removed. Ignoring signing request.";
+		result->Set("status_code", 1);
+		result->Set("error", "Ticket for CN " + cn + " declined by administrator.");
+		return result;
 	}
 
 	std::shared_ptr<X509> newcert;
@@ -152,14 +154,32 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 
 		ticket = params->Get("ticket");
 
-		/* Auto-signing is disabled by either a) no TicketSalt
-		 * or b) the client did not include a ticket in its request.
-		 */
-		if (salt.IsEmpty() || ticket.IsEmpty())
+		// Auto-signing is disabled: Client did not include a ticket in its request.
+		if (ticket.IsEmpty()) {
+			Log(LogNotice, "JsonRpcConnection")
+				<< "Certificate request for CN '" << cn
+				<< "': No ticket included, skipping auto-signing and waiting for on-demand signing approval.";
+
 			goto delayed_request;
+		}
+
+		// Auto-signing is disabled: no TicketSalt
+		if (salt.IsEmpty()) {
+			Log(LogNotice, "JsonRpcConnection")
+				<< "Certificate request for CN '" << cn
+				<< "': This instance is the signing master for the Icinga CA."
+				<< " The 'ticket_salt' attribute in the 'api' feature is not set."
+				<< " Not signing the request. Please check the docs.";
+
+			goto delayed_request;
+		}
 
 		String realTicket = PBKDF2_SHA1(cn, salt, 50000);
 
+		Log(LogDebug, "JsonRpcConnection")
+			<< "Certificate request for CN '" << cn << "': Comparing received ticket '"
+			<< ticket << "' with calculated ticket '" << realTicket << "'.";
+
 		if (ticket != realTicket) {
 			Log(LogWarning, "JsonRpcConnection")
 				<< "Ticket '" << ticket << "' for CN '" << cn << "' is invalid.";
@@ -200,7 +220,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 		{ "method", "pki::UpdateCertificate" },
 		{ "params", result }
 	});
-	JsonRpc::SendMessage(client->GetStream(), message);
+	client->SendMessage(message);
 
 	return result;
 
@@ -263,7 +283,7 @@ void JsonRpcConnection::SendCertificateRequest(const JsonRpcConnection::Ptr& acl
 	 * or b) the local zone and all parents.
 	 */
 	if (aclient)
-		JsonRpc::SendMessage(aclient->GetStream(), message);
+		aclient->SendMessage(message);
 	else
 		listener->RelayMessage(origin, Zone::GetLocalZone(), message, false);
 }
@@ -338,16 +358,7 @@ Value UpdateCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionar
 	cafp << ca;
 	cafp.close();
 
-#ifdef _WIN32
-	_unlink(caPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempCaPath.CStr(), caPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempCaPath));
-	}
+	Utility::RenameFile(tempCaPath, caPath);
 
 	/* Update signed certificate. */
 	String certPath = listener->GetDefaultCertPath();
@@ -360,26 +371,12 @@ Value UpdateCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionar
 	certfp << cert;
 	certfp.close();
 
-#ifdef _WIN32
-	_unlink(certPath.CStr());
-#endif /* _WIN32 */
-
-	if (rename(tempCertPath.CStr(), certPath.CStr()) < 0) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("rename")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(tempCertPath));
-	}
+	Utility::RenameFile(tempCertPath, certPath);
 
 	/* Remove ticket for successful signing request. */
 	String ticketPath = ApiListener::GetCertsDir() + "/ticket";
 
-	if (unlink(ticketPath.CStr()) < 0 && errno != ENOENT) {
-		BOOST_THROW_EXCEPTION(posix_error()
-			<< boost::errinfo_api_function("unlink")
-			<< boost::errinfo_errno(errno)
-			<< boost::errinfo_file_name(ticketPath));
-	}
+	Utility::Remove(ticketPath);
 
 	/* Update the certificates at runtime and reconnect all endpoints. */
 	Log(LogInformation, "JsonRpcConnection")
diff --git a/lib/remote/jsonrpcconnection.cpp b/lib/remote/jsonrpcconnection.cpp
index 259679edc..b6d1d41e6 100644
--- a/lib/remote/jsonrpcconnection.cpp
+++ b/lib/remote/jsonrpcconnection.cpp
@@ -1,32 +1,25 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/jsonrpcconnection.hpp"
 #include "remote/apilistener.hpp"
 #include "remote/apifunction.hpp"
 #include "remote/jsonrpc.hpp"
+#include "base/defer.hpp"
 #include "base/configtype.hpp"
+#include "base/io-engine.hpp"
+#include "base/json.hpp"
 #include "base/objectlock.hpp"
 #include "base/utility.hpp"
 #include "base/logger.hpp"
 #include "base/exception.hpp"
 #include "base/convert.hpp"
+#include "base/tlsstream.hpp"
+#include <memory>
+#include <utility>
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/spawn.hpp>
+#include <boost/date_time/posix_time/posix_time_duration.hpp>
+#include <boost/system/system_error.hpp>
 #include <boost/thread/once.hpp>
 
 using namespace icinga;
@@ -34,50 +27,115 @@ using namespace icinga;
 static Value SetLogPositionHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
 REGISTER_APIFUNCTION(SetLogPosition, log, &SetLogPositionHandler);
 
-static boost::once_flag l_JsonRpcConnectionOnceFlag = BOOST_ONCE_INIT;
-static Timer::Ptr l_JsonRpcConnectionTimeoutTimer;
-static WorkQueue *l_JsonRpcConnectionWorkQueues;
-static size_t l_JsonRpcConnectionWorkQueueCount;
-static int l_JsonRpcConnectionNextID;
-static Timer::Ptr l_HeartbeatTimer;
+static RingBuffer l_TaskStats (15 * 60);
 
 JsonRpcConnection::JsonRpcConnection(const String& identity, bool authenticated,
-	TlsStream::Ptr stream, ConnectionRole role)
-	: m_ID(l_JsonRpcConnectionNextID++), m_Identity(identity), m_Authenticated(authenticated), m_Stream(std::move(stream)),
-	m_Role(role), m_Timestamp(Utility::GetTime()), m_Seen(Utility::GetTime()), m_NextHeartbeat(0), m_HeartbeatTimeout(0)
+	const std::shared_ptr<AsioTlsStream>& stream, ConnectionRole role)
+	: JsonRpcConnection(identity, authenticated, stream, role, IoEngine::Get().GetIoContext())
 {
-	boost::call_once(l_JsonRpcConnectionOnceFlag, &JsonRpcConnection::StaticInitialize);
+}
 
+JsonRpcConnection::JsonRpcConnection(const String& identity, bool authenticated,
+	const std::shared_ptr<AsioTlsStream>& stream, ConnectionRole role, boost::asio::io_context& io)
+	: m_Identity(identity), m_Authenticated(authenticated), m_Stream(stream), m_Role(role),
+	m_Timestamp(Utility::GetTime()), m_Seen(Utility::GetTime()), m_NextHeartbeat(0), m_IoStrand(io),
+	m_OutgoingMessagesQueued(io), m_WriterDone(io), m_ShuttingDown(false),
+	m_CheckLivenessTimer(io), m_HeartbeatTimer(io)
+{
 	if (authenticated)
 		m_Endpoint = Endpoint::GetByName(identity);
 }
 
-void JsonRpcConnection::StaticInitialize()
-{
-	l_JsonRpcConnectionTimeoutTimer = new Timer();
-	l_JsonRpcConnectionTimeoutTimer->OnTimerExpired.connect(std::bind(&JsonRpcConnection::TimeoutTimerHandler));
-	l_JsonRpcConnectionTimeoutTimer->SetInterval(15);
-	l_JsonRpcConnectionTimeoutTimer->Start();
-
-	l_JsonRpcConnectionWorkQueueCount = Application::GetConcurrency();
-	l_JsonRpcConnectionWorkQueues = new WorkQueue[l_JsonRpcConnectionWorkQueueCount];
-
-	for (size_t i = 0; i < l_JsonRpcConnectionWorkQueueCount; i++) {
-		l_JsonRpcConnectionWorkQueues[i].SetName("JsonRpcConnection, #" + Convert::ToString(i));
-	}
-
-	l_HeartbeatTimer = new Timer();
-	l_HeartbeatTimer->OnTimerExpired.connect(std::bind(&JsonRpcConnection::HeartbeatTimerHandler));
-	l_HeartbeatTimer->SetInterval(10);
-	l_HeartbeatTimer->Start();
-}
-
 void JsonRpcConnection::Start()
 {
-	/* the stream holds an owning reference to this object through the callback we're registering here */
-	m_Stream->RegisterDataHandler(std::bind(&JsonRpcConnection::DataAvailableHandler, JsonRpcConnection::Ptr(this)));
-	if (m_Stream->IsDataAvailable())
-		DataAvailableHandler();
+	namespace asio = boost::asio;
+
+	JsonRpcConnection::Ptr keepAlive (this);
+
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) { HandleIncomingMessages(yc); });
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) { WriteOutgoingMessages(yc); });
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) { HandleAndWriteHeartbeats(yc); });
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) { CheckLiveness(yc); });
+}
+
+void JsonRpcConnection::HandleIncomingMessages(boost::asio::yield_context yc)
+{
+	for (;;) {
+		String message;
+
+		try {
+			message = JsonRpc::ReadMessage(m_Stream, yc, m_Endpoint ? -1 : 1024 * 1024);
+		} catch (const std::exception& ex) {
+			if (!m_ShuttingDown) {
+				Log(LogNotice, "JsonRpcConnection")
+					<< "Error while reading JSON-RPC message for identity '" << m_Identity
+					<< "': " << DiagnosticInformation(ex);
+			}
+
+			break;
+		}
+
+		m_Seen = Utility::GetTime();
+
+		try {
+			CpuBoundWork handleMessage (yc);
+
+			MessageHandler(message);
+		} catch (const std::exception& ex) {
+			if (!m_ShuttingDown) {
+				Log(LogWarning, "JsonRpcConnection")
+					<< "Error while processing JSON-RPC message for identity '" << m_Identity
+					<< "': " << DiagnosticInformation(ex);
+			}
+
+			break;
+		}
+
+		CpuBoundWork taskStats (yc);
+
+		l_TaskStats.InsertValue(Utility::GetTime(), 1);
+	}
+
+	Disconnect();
+}
+
+void JsonRpcConnection::WriteOutgoingMessages(boost::asio::yield_context yc)
+{
+	Defer signalWriterDone ([this]() { m_WriterDone.Set(); });
+
+	do {
+		m_OutgoingMessagesQueued.Wait(yc);
+
+		auto queue (std::move(m_OutgoingMessagesQueue));
+
+		m_OutgoingMessagesQueue.clear();
+		m_OutgoingMessagesQueued.Clear();
+
+		if (!queue.empty()) {
+			try {
+				for (auto& message : queue) {
+					size_t bytesSent = JsonRpc::SendRawMessage(m_Stream, message, yc);
+
+					if (m_Endpoint) {
+						m_Endpoint->AddMessageSent(bytesSent);
+					}
+				}
+
+				m_Stream->async_flush(yc);
+			} catch (const std::exception& ex) {
+				if (!m_ShuttingDown) {
+					std::ostringstream info;
+					info << "Error while sending JSON-RPC message for identity '" << m_Identity << "'";
+					Log(LogWarning, "JsonRpcConnection")
+						<< info.str() << "\n" << DiagnosticInformation(ex);
+				}
+
+				break;
+			}
+		}
+	} while (!m_ShuttingDown);
+
+	Disconnect();
 }
 
 double JsonRpcConnection::GetTimestamp() const
@@ -100,7 +158,7 @@ Endpoint::Ptr JsonRpcConnection::GetEndpoint() const
 	return m_Endpoint;
 }
 
-TlsStream::Ptr JsonRpcConnection::GetStream() const
+std::shared_ptr<AsioTlsStream> JsonRpcConnection::GetStream() const
 {
 	return m_Stream;
 }
@@ -112,69 +170,76 @@ ConnectionRole JsonRpcConnection::GetRole() const
 
 void JsonRpcConnection::SendMessage(const Dictionary::Ptr& message)
 {
-	try {
-		ObjectLock olock(m_Stream);
+	m_IoStrand.post([this, message]() { SendMessageInternal(message); });
+}
 
-		if (m_Stream->IsEof())
-			return;
+void JsonRpcConnection::SendRawMessage(const String& message)
+{
+	m_IoStrand.post([this, message]() {
+		m_OutgoingMessagesQueue.emplace_back(message);
+		m_OutgoingMessagesQueued.Set();
+	});
+}
 
-		size_t bytesSent = JsonRpc::SendMessage(m_Stream, message);
-
-		if (m_Endpoint)
-			m_Endpoint->AddMessageSent(bytesSent);
-
-	} catch (const std::exception& ex) {
-		std::ostringstream info;
-		info << "Error while sending JSON-RPC message for identity '" << m_Identity << "'";
-		Log(LogWarning, "JsonRpcConnection")
-			<< info.str() << "\n" << DiagnosticInformation(ex);
-
-		Disconnect();
-	}
+void JsonRpcConnection::SendMessageInternal(const Dictionary::Ptr& message)
+{
+	m_OutgoingMessagesQueue.emplace_back(JsonEncode(message));
+	m_OutgoingMessagesQueued.Set();
 }
 
 void JsonRpcConnection::Disconnect()
 {
-	Log(LogWarning, "JsonRpcConnection")
-		<< "API client disconnected for identity '" << m_Identity << "'";
+	namespace asio = boost::asio;
 
-	m_Stream->Close();
+	JsonRpcConnection::Ptr keepAlive (this);
 
-	if (m_Endpoint)
-		m_Endpoint->RemoveClient(this);
-	else {
-		ApiListener::Ptr listener = ApiListener::GetInstance();
-		listener->RemoveAnonymousClient(this);
-	}
-}
+	IoEngine::SpawnCoroutine(m_IoStrand, [this, keepAlive](asio::yield_context yc) {
+		if (!m_ShuttingDown) {
+			m_ShuttingDown = true;
 
-void JsonRpcConnection::MessageHandlerWrapper(const String& jsonString)
-{
-	if (m_Stream->IsEof())
-		return;
+			Log(LogWarning, "JsonRpcConnection")
+				<< "API client disconnected for identity '" << m_Identity << "'";
 
-	try {
-		MessageHandler(jsonString);
-	} catch (const std::exception& ex) {
-		Log(LogWarning, "JsonRpcConnection")
-			<< "Error while reading JSON-RPC message for identity '" << m_Identity
-			<< "': " << DiagnosticInformation(ex);
+			{
+				CpuBoundWork removeClient (yc);
 
-		Disconnect();
+				if (m_Endpoint) {
+					m_Endpoint->RemoveClient(this);
+				} else {
+					ApiListener::GetInstance()->RemoveAnonymousClient(this);
+				}
+			}
 
-		return;
-	}
+			m_OutgoingMessagesQueued.Set();
+
+			m_WriterDone.Wait(yc);
+
+			/*
+			 * Do not swallow exceptions in a coroutine.
+			 * https://github.com/Icinga/icinga2/issues/7351
+			 * We must not catch `detail::forced_unwind exception` as
+			 * this is used for unwinding the stack.
+			 *
+			 * Just use the error_code dummy here.
+			 */
+			boost::system::error_code ec;
+
+			m_CheckLivenessTimer.cancel();
+			m_HeartbeatTimer.cancel();
+
+			m_Stream->lowest_layer().cancel(ec);
+
+			m_Stream->next_layer().async_shutdown(yc[ec]);
+
+			m_Stream->lowest_layer().shutdown(m_Stream->lowest_layer().shutdown_both, ec);
+		}
+	});
 }
 
 void JsonRpcConnection::MessageHandler(const String& jsonString)
 {
 	Dictionary::Ptr message = JsonRpc::DecodeMessage(jsonString);
 
-	m_Seen = Utility::GetTime();
-
-	if (m_HeartbeatTimeout != 0)
-		m_NextHeartbeat = Utility::GetTime() + m_HeartbeatTimeout;
-
 	if (m_Endpoint && message->Contains("ts")) {
 		double ts = message->Get("ts");
 
@@ -214,7 +279,7 @@ void JsonRpcConnection::MessageHandler(const String& jsonString)
 	String method = vmethod;
 
 	Log(LogNotice, "JsonRpcConnection")
-		<< "Received '" << method << "' message from '" << m_Identity << "'";
+		<< "Received '" << method << "' message from identity '" << m_Identity << "'.";
 
 	Dictionary::Ptr resultMessage = new Dictionary();
 
@@ -242,62 +307,11 @@ void JsonRpcConnection::MessageHandler(const String& jsonString)
 	if (message->Contains("id")) {
 		resultMessage->Set("jsonrpc", "2.0");
 		resultMessage->Set("id", message->Get("id"));
-		SendMessage(resultMessage);
+
+		SendMessageInternal(resultMessage);
 	}
 }
 
-bool JsonRpcConnection::ProcessMessage()
-{
-	ssize_t maxMessageLength = 64 * 1024;
-
-	if (m_Endpoint)
-		maxMessageLength = -1; /* no limit */
-
-	String message;
-
-	StreamReadStatus srs = JsonRpc::ReadMessage(m_Stream, &message, m_Context, false, maxMessageLength);
-
-	if (srs != StatusNewItem)
-		return false;
-
-	l_JsonRpcConnectionWorkQueues[m_ID % l_JsonRpcConnectionWorkQueueCount].Enqueue(std::bind(&JsonRpcConnection::MessageHandlerWrapper, JsonRpcConnection::Ptr(this), message));
-
-	return true;
-}
-
-void JsonRpcConnection::DataAvailableHandler()
-{
-	bool close = false;
-
-	if (!m_Stream)
-		return;
-
-	if (!m_Stream->IsEof()) {
-		boost::mutex::scoped_lock lock(m_DataHandlerMutex);
-
-		m_Stream->SetCorked(true);
-
-		try {
-			while (ProcessMessage())
-				; /* empty loop body */
-		} catch (const std::exception& ex) {
-			Log(LogWarning, "JsonRpcConnection")
-				<< "Error while reading JSON-RPC message for identity '" << m_Identity
-				<< "': " << DiagnosticInformation(ex);
-
-			Disconnect();
-
-			return;
-		}
-
-		l_JsonRpcConnectionWorkQueues[m_ID % l_JsonRpcConnectionWorkQueueCount].Enqueue(std::bind(&Stream::SetCorked, m_Stream, false));
-	} else
-		close = true;
-
-	if (close)
-		Disconnect();
-}
-
 Value SetLogPositionHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
 {
 	double log_position = params->Get("log_position");
@@ -312,57 +326,29 @@ Value SetLogPositionHandler(const MessageOrigin::Ptr& origin, const Dictionary::
 	return Empty;
 }
 
-void JsonRpcConnection::CheckLiveness()
+void JsonRpcConnection::CheckLiveness(boost::asio::yield_context yc)
 {
-	if (m_Seen < Utility::GetTime() - 60 && (!m_Endpoint || !m_Endpoint->GetSyncing())) {
-		Log(LogInformation, "JsonRpcConnection")
-			<<  "No messages for identity '" << m_Identity << "' have been received in the last 60 seconds.";
-		Disconnect();
-	}
-}
+	boost::system::error_code ec;
 
-void JsonRpcConnection::TimeoutTimerHandler()
-{
-	ApiListener::Ptr listener = ApiListener::GetInstance();
+	for (;;) {
+		m_CheckLivenessTimer.expires_from_now(boost::posix_time::seconds(30));
+		m_CheckLivenessTimer.async_wait(yc[ec]);
 
-	for (const JsonRpcConnection::Ptr& client : listener->GetAnonymousClients()) {
-		client->CheckLiveness();
-	}
+		if (m_ShuttingDown) {
+			break;
+		}
 
-	for (const Endpoint::Ptr& endpoint : ConfigType::GetObjectsByType<Endpoint>()) {
-		for (const JsonRpcConnection::Ptr& client : endpoint->GetClients()) {
-			client->CheckLiveness();
+		if (m_Seen < Utility::GetTime() - 60 && (!m_Endpoint || !m_Endpoint->GetSyncing())) {
+			Log(LogInformation, "JsonRpcConnection")
+				<<  "No messages for identity '" << m_Identity << "' have been received in the last 60 seconds.";
+
+			Disconnect();
+			break;
 		}
 	}
 }
 
-size_t JsonRpcConnection::GetWorkQueueCount()
-{
-	return l_JsonRpcConnectionWorkQueueCount;
-}
-
-size_t JsonRpcConnection::GetWorkQueueLength()
-{
-	size_t itemCount = 0;
-
-	for (size_t i = 0; i < GetWorkQueueCount(); i++)
-		itemCount += l_JsonRpcConnectionWorkQueues[i].GetLength();
-
-	return itemCount;
-}
-
 double JsonRpcConnection::GetWorkQueueRate()
 {
-	double rate = 0.0;
-	size_t count = GetWorkQueueCount();
-
-	/* If this is a standalone environment, we don't have any queues. */
-	if (count == 0)
-		return 0.0;
-
-	for (size_t i = 0; i < count; i++)
-		rate += l_JsonRpcConnectionWorkQueues[i].GetTaskCount(60) / 60.0;
-
-	return rate / count;
+	return l_TaskStats.UpdateAndGetValues(Utility::GetTime(), 60) / 60.0;
 }
-
diff --git a/lib/remote/jsonrpcconnection.hpp b/lib/remote/jsonrpcconnection.hpp
index db97f6fee..0fbf6c605 100644
--- a/lib/remote/jsonrpcconnection.hpp
+++ b/lib/remote/jsonrpcconnection.hpp
@@ -1,30 +1,19 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef JSONRPCCONNECTION_H
 #define JSONRPCCONNECTION_H
 
 #include "remote/i2-remote.hpp"
 #include "remote/endpoint.hpp"
+#include "base/io-engine.hpp"
 #include "base/tlsstream.hpp"
 #include "base/timer.hpp"
 #include "base/workqueue.hpp"
+#include <memory>
+#include <vector>
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/io_context_strand.hpp>
+#include <boost/asio/spawn.hpp>
 
 namespace icinga
 {
@@ -53,7 +42,7 @@ class JsonRpcConnection final : public Object
 public:
 	DECLARE_PTR_TYPEDEFS(JsonRpcConnection);
 
-	JsonRpcConnection(const String& identity, bool authenticated, TlsStream::Ptr stream, ConnectionRole role);
+	JsonRpcConnection(const String& identity, bool authenticated, const std::shared_ptr<AsioTlsStream>& stream, ConnectionRole role);
 
 	void Start();
 
@@ -61,47 +50,49 @@ public:
 	String GetIdentity() const;
 	bool IsAuthenticated() const;
 	Endpoint::Ptr GetEndpoint() const;
-	TlsStream::Ptr GetStream() const;
+	std::shared_ptr<AsioTlsStream> GetStream() const;
 	ConnectionRole GetRole() const;
 
 	void Disconnect();
 
 	void SendMessage(const Dictionary::Ptr& request);
+	void SendRawMessage(const String& request);
 
-	static void HeartbeatTimerHandler();
 	static Value HeartbeatAPIHandler(const intrusive_ptr<MessageOrigin>& origin, const Dictionary::Ptr& params);
 
-	static size_t GetWorkQueueCount();
-	static size_t GetWorkQueueLength();
 	static double GetWorkQueueRate();
 
 	static void SendCertificateRequest(const JsonRpcConnection::Ptr& aclient, const intrusive_ptr<MessageOrigin>& origin, const String& path);
 
 private:
-	int m_ID;
 	String m_Identity;
 	bool m_Authenticated;
 	Endpoint::Ptr m_Endpoint;
-	TlsStream::Ptr m_Stream;
+	std::shared_ptr<AsioTlsStream> m_Stream;
 	ConnectionRole m_Role;
 	double m_Timestamp;
 	double m_Seen;
 	double m_NextHeartbeat;
-	double m_HeartbeatTimeout;
-	boost::mutex m_DataHandlerMutex;
+	boost::asio::io_context::strand m_IoStrand;
+	std::vector<String> m_OutgoingMessagesQueue;
+	AsioConditionVariable m_OutgoingMessagesQueued;
+	AsioConditionVariable m_WriterDone;
+	bool m_ShuttingDown;
+	boost::asio::deadline_timer m_CheckLivenessTimer, m_HeartbeatTimer;
 
-	StreamReadContext m_Context;
+	JsonRpcConnection(const String& identity, bool authenticated, const std::shared_ptr<AsioTlsStream>& stream, ConnectionRole role, boost::asio::io_context& io);
+
+	void HandleIncomingMessages(boost::asio::yield_context yc);
+	void WriteOutgoingMessages(boost::asio::yield_context yc);
+	void HandleAndWriteHeartbeats(boost::asio::yield_context yc);
+	void CheckLiveness(boost::asio::yield_context yc);
 
 	bool ProcessMessage();
-	void MessageHandlerWrapper(const String& jsonString);
 	void MessageHandler(const String& jsonString);
-	void DataAvailableHandler();
-
-	static void StaticInitialize();
-	static void TimeoutTimerHandler();
-	void CheckLiveness();
 
 	void CertificateRequestResponseHandler(const Dictionary::Ptr& message);
+
+	void SendMessageInternal(const Dictionary::Ptr& request);
 };
 
 }
diff --git a/lib/remote/messageorigin.cpp b/lib/remote/messageorigin.cpp
index 184038497..7de0ca7a4 100644
--- a/lib/remote/messageorigin.cpp
+++ b/lib/remote/messageorigin.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/messageorigin.hpp"
 
diff --git a/lib/remote/messageorigin.hpp b/lib/remote/messageorigin.hpp
index 71be262fe..8a91ecc46 100644
--- a/lib/remote/messageorigin.hpp
+++ b/lib/remote/messageorigin.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef MESSAGEORIGIN_H
 #define MESSAGEORIGIN_H
diff --git a/lib/remote/modifyobjecthandler.cpp b/lib/remote/modifyobjecthandler.cpp
index c08d1dee2..3f360fe30 100644
--- a/lib/remote/modifyobjecthandler.cpp
+++ b/lib/remote/modifyobjecthandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/modifyobjecthandler.hpp"
 #include "remote/httputility.hpp"
@@ -29,15 +12,26 @@ using namespace icinga;
 
 REGISTER_URLHANDLER("/v1/objects", ModifyObjectHandler);
 
-bool ModifyObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool ModifyObjectHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() < 3 || request.RequestUrl->GetPath().size() > 4)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() < 3 || url->GetPath().size() > 4)
 		return false;
 
-	if (request.RequestMethod != "POST")
+	if (request.method() != http::verb::post)
 		return false;
 
-	Type::Ptr type = FilterUtility::TypeFromPluralName(request.RequestUrl->GetPath()[2]);
+	Type::Ptr type = FilterUtility::TypeFromPluralName(url->GetPath()[2]);
 
 	if (!type) {
 		HttpUtility::SendJsonError(response, params, 400, "Invalid type specified.");
@@ -50,10 +44,10 @@ bool ModifyObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 
 	params->Set("type", type->GetName());
 
-	if (request.RequestUrl->GetPath().size() >= 4) {
+	if (url->GetPath().size() >= 4) {
 		String attr = type->GetName();
 		boost::algorithm::to_lower(attr);
-		params->Set(attr, request.RequestUrl->GetPath()[3]);
+		params->Set(attr, url->GetPath()[3]);
 	}
 
 	std::vector<Value> objs;
@@ -118,7 +112,7 @@ bool ModifyObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
 		{ "results", new Array(std::move(results)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
diff --git a/lib/remote/modifyobjecthandler.hpp b/lib/remote/modifyobjecthandler.hpp
index c5583ac44..f4693013f 100644
--- a/lib/remote/modifyobjecthandler.hpp
+++ b/lib/remote/modifyobjecthandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef MODIFYOBJECTHANDLER_H
 #define MODIFYOBJECTHANDLER_H
@@ -30,8 +13,16 @@ class ModifyObjectHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(ModifyObjectHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/objectqueryhandler.cpp b/lib/remote/objectqueryhandler.cpp
index 490b50dad..3f827037c 100644
--- a/lib/remote/objectqueryhandler.cpp
+++ b/lib/remote/objectqueryhandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/objectqueryhandler.hpp"
 #include "remote/httputility.hpp"
@@ -104,15 +87,26 @@ Dictionary::Ptr ObjectQueryHandler::SerializeObjectAttrs(const Object::Ptr& obje
 	return new Dictionary(std::move(resultAttrs));
 }
 
-bool ObjectQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool ObjectQueryHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() < 3 || request.RequestUrl->GetPath().size() > 4)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() < 3 || url->GetPath().size() > 4)
 		return false;
 
-	if (request.RequestMethod != "GET")
+	if (request.method() != http::verb::get)
 		return false;
 
-	Type::Ptr type = FilterUtility::TypeFromPluralName(request.RequestUrl->GetPath()[2]);
+	Type::Ptr type = FilterUtility::TypeFromPluralName(url->GetPath()[2]);
 
 	if (!type) {
 		HttpUtility::SendJsonError(response, params, 400, "Invalid type specified.");
@@ -153,10 +147,10 @@ bool ObjectQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& re
 
 	params->Set("type", type->GetName());
 
-	if (request.RequestUrl->GetPath().size() >= 4) {
+	if (url->GetPath().size() >= 4) {
 		String attr = type->GetName();
 		boost::algorithm::to_lower(attr);
-		params->Set(attr, request.RequestUrl->GetPath()[3]);
+		params->Set(attr, url->GetPath()[3]);
 	}
 
 	std::vector<Value> objs;
@@ -282,7 +276,7 @@ bool ObjectQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& re
 		{ "results", new Array(std::move(results)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
diff --git a/lib/remote/objectqueryhandler.hpp b/lib/remote/objectqueryhandler.hpp
index acefdb63b..691b2cfcf 100644
--- a/lib/remote/objectqueryhandler.hpp
+++ b/lib/remote/objectqueryhandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef OBJECTQUERYHANDLER_H
 #define OBJECTQUERYHANDLER_H
@@ -30,8 +13,16 @@ class ObjectQueryHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(ObjectQueryHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 
 private:
 	static Dictionary::Ptr SerializeObjectAttrs(const Object::Ptr& object, const String& attrPrefix,
diff --git a/lib/remote/pkiutility.cpp b/lib/remote/pkiutility.cpp
index 20d9ca6c2..a95e3554c 100644
--- a/lib/remote/pkiutility.cpp
+++ b/lib/remote/pkiutility.cpp
@@ -1,26 +1,12 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/pkiutility.hpp"
 #include "remote/apilistener.hpp"
+#include "base/defer.hpp"
+#include "base/io-engine.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
+#include "base/tcpsocket.hpp"
 #include "base/tlsutility.hpp"
 #include "base/console.hpp"
 #include "base/tlsstream.hpp"
@@ -31,6 +17,8 @@
 #include "remote/jsonrpc.hpp"
 #include <fstream>
 #include <iostream>
+#include <boost/asio/ssl/context.hpp>
+#include <boost/filesystem/path.hpp>
 
 using namespace icinga;
 
@@ -41,7 +29,7 @@ int PkiUtility::NewCa()
 	String caKeyFile = caDir + "/ca.key";
 
 	if (Utility::PathExists(caCertFile) && Utility::PathExists(caKeyFile)) {
-		Log(LogCritical, "cli")
+		Log(LogWarning, "cli")
 			<< "CA files '" << caCertFile << "' and '" << caKeyFile << "' already exist.";
 		return 1;
 	}
@@ -66,7 +54,7 @@ int PkiUtility::NewCert(const String& cn, const String& keyfile, const String& c
 
 int PkiUtility::SignCsr(const String& csrfile, const String& certfile)
 {
-	char errbuf[120];
+	char errbuf[256];
 
 	InitializeOpenSSL();
 
@@ -93,22 +81,10 @@ int PkiUtility::SignCsr(const String& csrfile, const String& certfile)
 
 std::shared_ptr<X509> PkiUtility::FetchCert(const String& host, const String& port)
 {
-	TcpSocket::Ptr client = new TcpSocket();
+	std::shared_ptr<boost::asio::ssl::context> sslContext;
 
 	try {
-		client->Connect(host, port);
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "pki")
-			<< "Cannot connect to host '" << host << "' on port '" << port << "'";
-		Log(LogDebug, "pki")
-			<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
-		return std::shared_ptr<X509>();
-	}
-
-	std::shared_ptr<SSL_CTX> sslContext;
-
-	try {
-		sslContext = MakeSSLContext();
+		sslContext = MakeAsioSslContext();
 	} catch (const std::exception& ex) {
 		Log(LogCritical, "pki")
 			<< "Cannot make SSL context.";
@@ -117,17 +93,31 @@ std::shared_ptr<X509> PkiUtility::FetchCert(const String& host, const String& po
 		return std::shared_ptr<X509>();
 	}
 
-	TlsStream::Ptr stream = new TlsStream(client, host, RoleClient, sslContext);
+	auto stream (std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext(), *sslContext, host));
 
 	try {
-		stream->Handshake();
+		Connect(stream->lowest_layer(), host, port);
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "pki")
+			<< "Cannot connect to host '" << host << "' on port '" << port << "'";
+		Log(LogDebug, "pki")
+			<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
+		return std::shared_ptr<X509>();
+	}
+
+	auto& sslConn (stream->next_layer());
+
+	try {
+		sslConn.handshake(sslConn.client);
 	} catch (const std::exception& ex) {
 		Log(LogCritical, "pki")
 			<< "Client TLS handshake failed. (" << ex.what() << ")";
 		return std::shared_ptr<X509>();
 	}
 
-	return stream->GetPeerCertificate();
+	Defer shutdown ([&sslConn]() { sslConn.shutdown(); });
+
+	return sslConn.GetPeerCertificate();
 }
 
 int PkiUtility::WriteCert(const std::shared_ptr<X509>& cert, const String& trustedfile)
@@ -159,22 +149,10 @@ int PkiUtility::GenTicket(const String& cn, const String& salt, std::ostream& ti
 int PkiUtility::RequestCertificate(const String& host, const String& port, const String& keyfile,
 	const String& certfile, const String& cafile, const std::shared_ptr<X509>& trustedCert, const String& ticket)
 {
-	TcpSocket::Ptr client = new TcpSocket();
+	std::shared_ptr<boost::asio::ssl::context> sslContext;
 
 	try {
-		client->Connect(host, port);
-	} catch (const std::exception& ex) {
-		Log(LogCritical, "cli")
-			<< "Cannot connect to host '" << host << "' on port '" << port << "'";
-		Log(LogDebug, "cli")
-			<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
-		return 1;
-	}
-
-	std::shared_ptr<SSL_CTX> sslContext;
-
-	try {
-		sslContext = MakeSSLContext(certfile, keyfile);
+		sslContext = MakeAsioSslContext(certfile, keyfile);
 	} catch (const std::exception& ex) {
 		Log(LogCritical, "cli")
 			<< "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "'.";
@@ -183,16 +161,31 @@ int PkiUtility::RequestCertificate(const String& host, const String& port, const
 		return 1;
 	}
 
-	TlsStream::Ptr stream = new TlsStream(client, host, RoleClient, sslContext);
+	auto stream (std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext(), *sslContext, host));
 
 	try {
-		stream->Handshake();
-	} catch (const std::exception&) {
-		Log(LogCritical, "cli", "Client TLS handshake failed.");
+		Connect(stream->lowest_layer(), host, port);
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "cli")
+			<< "Cannot connect to host '" << host << "' on port '" << port << "'";
+		Log(LogDebug, "cli")
+			<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
 		return 1;
 	}
 
-	std::shared_ptr<X509> peerCert = stream->GetPeerCertificate();
+	auto& sslConn (stream->next_layer());
+
+	try {
+		sslConn.handshake(sslConn.client);
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "cli")
+			<< "Client TLS handshake failed: " << DiagnosticInformation(ex, false);
+		return 1;
+	}
+
+	Defer shutdown ([&sslConn]() { sslConn.shutdown(); });
+
+	auto peerCert (sslConn.GetPeerCertificate());
 
 	if (X509_cmp(peerCert.get(), trustedCert.get())) {
 		Log(LogCritical, "cli", "Peer certificate does not match trusted certificate.");
@@ -212,36 +205,32 @@ int PkiUtility::RequestCertificate(const String& host, const String& port, const
 		{ "params", params }
 	});
 
-	JsonRpc::SendMessage(stream, request);
-
-	String jsonString;
 	Dictionary::Ptr response;
-	StreamReadContext src;
 
-	for (;;) {
-		StreamReadStatus srs = JsonRpc::ReadMessage(stream, &jsonString, src);
+	try {
+		JsonRpc::SendMessage(stream, request);
+		stream->flush();
 
-		if (srs == StatusEof)
-			break;
+		for (;;) {
+			response = JsonRpc::DecodeMessage(JsonRpc::ReadMessage(stream));
 
-		if (srs != StatusNewItem)
-			continue;
-
-		response = JsonRpc::DecodeMessage(jsonString);
-
-		if (response && response->Contains("error")) {
-			Log(LogCritical, "cli", "Could not fetch valid response. Please check the master log (notice or debug).");
+			if (response && response->Contains("error")) {
+				Log(LogCritical, "cli", "Could not fetch valid response. Please check the master log (notice or debug).");
 #ifdef I2_DEBUG
-			/* we shouldn't expose master errors to the user in production environments */
-			Log(LogCritical, "cli", response->Get("error"));
+				/* we shouldn't expose master errors to the user in production environments */
+				Log(LogCritical, "cli", response->Get("error"));
 #endif /* I2_DEBUG */
-			return 1;
+				return 1;
+			}
+
+			if (response && (response->Get("id") != msgid))
+				continue;
+
+			break;
 		}
-
-		if (response && (response->Get("id") != msgid))
-			continue;
-
-		break;
+	} catch (...) {
+		Log(LogCritical, "cli", "Could not fetch valid response. Please check the master log.");
+		return 1;
 	}
 
 	if (!response) {
@@ -380,8 +369,9 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String&
 
 	Dictionary::Ptr result = new Dictionary();
 
-	String fingerprint = Utility::BaseName(requestFile);
-	fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
+	namespace fs = boost::filesystem;
+	fs::path file(requestFile.Begin(), requestFile.End());
+	String fingerprint = file.stem().string();
 
 	String certRequestText = request->Get("cert_request");
 	result->Set("cert_request", certRequestText);
@@ -426,14 +416,19 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String&
 	requests->Set(fingerprint, result);
 }
 
-Dictionary::Ptr PkiUtility::GetCertificateRequests()
+Dictionary::Ptr PkiUtility::GetCertificateRequests(bool removed)
 {
 	Dictionary::Ptr requests = new Dictionary();
 
 	String requestDir = ApiListener::GetCertificateRequestsDir();
+	String ext = "json";
+
+	if (removed)
+		ext = "removed";
 
 	if (Utility::PathExists(requestDir))
-		Utility::Glob(requestDir + "/*.json", std::bind(&CollectRequestHandler, requests, _1), GlobFile);
+		Utility::Glob(requestDir + "/*." + ext, std::bind(&CollectRequestHandler, requests, _1), GlobFile);
 
 	return requests;
 }
+
diff --git a/lib/remote/pkiutility.hpp b/lib/remote/pkiutility.hpp
index 500b7be69..50d47e01a 100644
--- a/lib/remote/pkiutility.hpp
+++ b/lib/remote/pkiutility.hpp
@@ -1,29 +1,14 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef PKIUTILITY_H
 #define PKIUTILITY_H
 
 #include "remote/i2-remote.hpp"
+#include "base/exception.hpp"
 #include "base/dictionary.hpp"
 #include "base/string.hpp"
 #include <openssl/x509v3.h>
+#include <memory>
 
 namespace icinga
 {
@@ -44,7 +29,7 @@ public:
 		const String& certfile, const String& cafile, const std::shared_ptr<X509>& trustedcert,
 		const String& ticket = String());
 	static String GetCertificateInformation(const std::shared_ptr<X509>& certificate);
-	static Dictionary::Ptr GetCertificateRequests();
+	static Dictionary::Ptr GetCertificateRequests(bool removed = false);
 
 private:
 	PkiUtility();
diff --git a/lib/remote/statushandler.cpp b/lib/remote/statushandler.cpp
index b2a9fca10..1f3f61899 100644
--- a/lib/remote/statushandler.cpp
+++ b/lib/remote/statushandler.cpp
@@ -1,27 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/statushandler.hpp"
 #include "remote/httputility.hpp"
 #include "remote/filterutility.hpp"
 #include "base/serializer.hpp"
 #include "base/statsfunction.hpp"
+#include "base/namespace.hpp"
 
 using namespace icinga;
 
@@ -35,24 +19,29 @@ public:
 	void FindTargets(const String& type,
 		const std::function<void (const Value&)>& addTarget) const override
 	{
-		Dictionary::Ptr statsFunctions = ScriptGlobal::Get("StatsFunctions", &Empty);
+		Namespace::Ptr statsFunctions = ScriptGlobal::Get("StatsFunctions", &Empty);
 
 		if (statsFunctions) {
 			ObjectLock olock(statsFunctions);
 
-			for (const Dictionary::Pair& kv : statsFunctions)
+			for (const Namespace::Pair& kv : statsFunctions)
 				addTarget(GetTargetByName("Status", kv.first));
 		}
 	}
 
 	Value GetTargetByName(const String& type, const String& name) const override
 	{
-		Dictionary::Ptr statsFunctions = ScriptGlobal::Get("StatsFunctions", &Empty);
+		Namespace::Ptr statsFunctions = ScriptGlobal::Get("StatsFunctions", &Empty);
 
 		if (!statsFunctions)
 			BOOST_THROW_EXCEPTION(std::invalid_argument("No status functions are available."));
 
-		Function::Ptr func = statsFunctions->Get(name);
+		Value vfunc;
+
+		if (!statsFunctions->Get(name, &vfunc))
+			BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid status function name."));
+
+		Function::Ptr func = vfunc;
 
 		if (!func)
 			BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid status function name."));
@@ -79,12 +68,23 @@ public:
 	}
 };
 
-bool StatusHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool StatusHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() > 3)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() > 3)
 		return false;
 
-	if (request.RequestMethod != "GET")
+	if (request.method() != http::verb::get)
 		return false;
 
 	QueryDescription qd;
@@ -94,8 +94,8 @@ bool StatusHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request
 
 	params->Set("type", "Status");
 
-	if (request.RequestUrl->GetPath().size() >= 3)
-		params->Set("status", request.RequestUrl->GetPath()[2]);
+	if (url->GetPath().size() >= 3)
+		params->Set("status", url->GetPath()[2]);
 
 	std::vector<Value> objs;
 
@@ -112,7 +112,7 @@ bool StatusHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request
 		{ "results", new Array(std::move(objs)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
diff --git a/lib/remote/statushandler.hpp b/lib/remote/statushandler.hpp
index 7dfa8380e..c722ab3e2 100644
--- a/lib/remote/statushandler.hpp
+++ b/lib/remote/statushandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef STATUSHANDLER_H
 #define STATUSHANDLER_H
@@ -30,8 +13,16 @@ class StatusHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(StatusHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/templatequeryhandler.cpp b/lib/remote/templatequeryhandler.cpp
index 153c887e5..e70dafb65 100644
--- a/lib/remote/templatequeryhandler.cpp
+++ b/lib/remote/templatequeryhandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/templatequeryhandler.hpp"
 #include "remote/httputility.hpp"
@@ -92,15 +75,26 @@ public:
 	}
 };
 
-bool TemplateQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool TemplateQueryHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() < 3 || request.RequestUrl->GetPath().size() > 4)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() < 3 || url->GetPath().size() > 4)
 		return false;
 
-	if (request.RequestMethod != "GET")
+	if (request.method() != http::verb::get)
 		return false;
 
-	Type::Ptr type = FilterUtility::TypeFromPluralName(request.RequestUrl->GetPath()[2]);
+	Type::Ptr type = FilterUtility::TypeFromPluralName(url->GetPath()[2]);
 
 	if (!type) {
 		HttpUtility::SendJsonError(response, params, 400, "Invalid type specified.");
@@ -114,10 +108,10 @@ bool TemplateQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest&
 
 	params->Set("type", type->GetName());
 
-	if (request.RequestUrl->GetPath().size() >= 4) {
+	if (url->GetPath().size() >= 4) {
 		String attr = type->GetName();
 		boost::algorithm::to_lower(attr);
-		params->Set(attr, request.RequestUrl->GetPath()[3]);
+		params->Set(attr, url->GetPath()[3]);
 	}
 
 	std::vector<Value> objs;
@@ -135,7 +129,7 @@ bool TemplateQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest&
 		{ "results", new Array(std::move(objs)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
diff --git a/lib/remote/templatequeryhandler.hpp b/lib/remote/templatequeryhandler.hpp
index a70188b2a..503bc8560 100644
--- a/lib/remote/templatequeryhandler.hpp
+++ b/lib/remote/templatequeryhandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TEMPLATEQUERYHANDLER_H
 #define TEMPLATEQUERYHANDLER_H
@@ -30,8 +13,16 @@ class TemplateQueryHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(TemplateQueryHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/typequeryhandler.cpp b/lib/remote/typequeryhandler.cpp
index fe4703f60..4e8265398 100644
--- a/lib/remote/typequeryhandler.cpp
+++ b/lib/remote/typequeryhandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/typequeryhandler.hpp"
 #include "remote/httputility.hpp"
@@ -63,12 +46,23 @@ public:
 	}
 };
 
-bool TypeQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool TypeQueryHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() > 3)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() > 3)
 		return false;
 
-	if (request.RequestMethod != "GET")
+	if (request.method() != http::verb::get)
 		return false;
 
 	QueryDescription qd;
@@ -81,8 +75,8 @@ bool TypeQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& requ
 
 	params->Set("type", "Type");
 
-	if (request.RequestUrl->GetPath().size() >= 3)
-		params->Set("name", request.RequestUrl->GetPath()[2]);
+	if (url->GetPath().size() >= 3)
+		params->Set("name", url->GetPath()[2]);
 
 	std::vector<Value> objs;
 
@@ -155,7 +149,7 @@ bool TypeQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& requ
 		{ "results", new Array(std::move(results)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
diff --git a/lib/remote/typequeryhandler.hpp b/lib/remote/typequeryhandler.hpp
index 11e533efd..5489cb232 100644
--- a/lib/remote/typequeryhandler.hpp
+++ b/lib/remote/typequeryhandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef TYPEQUERYHANDLER_H
 #define TYPEQUERYHANDLER_H
@@ -30,8 +13,16 @@ class TypeQueryHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(TypeQueryHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/url-characters.hpp b/lib/remote/url-characters.hpp
index 5e1c722b0..3cc492198 100644
--- a/lib/remote/url-characters.hpp
+++ b/lib/remote/url-characters.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef URL_CHARACTERS_H
 #define URL_CHARACTERS_H
diff --git a/lib/remote/url.cpp b/lib/remote/url.cpp
index f6c84ece1..e87628eed 100644
--- a/lib/remote/url.cpp
+++ b/lib/remote/url.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/array.hpp"
 #include "base/utility.hpp"
@@ -138,33 +121,11 @@ const std::vector<String>& Url::GetPath() const
 	return m_Path;
 }
 
-const std::map<String, std::vector<String> >& Url::GetQuery() const
+const std::vector<std::pair<String, String>>& Url::GetQuery() const
 {
 	return m_Query;
 }
 
-String Url::GetQueryElement(const String& name) const
-{
-	auto it = m_Query.find(name);
-
-	if (it == m_Query.end())
-		return String();
-
-	return it->second.back();
-}
-
-const std::vector<String>& Url::GetQueryElements(const String& name) const
-{
-	auto it = m_Query.find(name);
-
-	if (it == m_Query.end()) {
-		static std::vector<String> emptyVector;
-		return emptyVector;
-	}
-
-	return it->second;
-}
-
 String Url::GetFragment() const
 {
 	return m_Fragment;
@@ -200,7 +161,7 @@ void Url::SetPath(const std::vector<String>& path)
 	m_Path = path;
 }
 
-void Url::SetQuery(const std::map<String, std::vector<String> >& query)
+void Url::SetQuery(const std::vector<std::pair<String, String>>& query)
 {
 	m_Query = query;
 }
@@ -212,16 +173,7 @@ void Url::SetArrayFormatUseBrackets(bool useBrackets)
 
 void Url::AddQueryElement(const String& name, const String& value)
 {
-	auto it = m_Query.find(name);
-	if (it == m_Query.end()) {
-		m_Query[name] = std::vector<String> { value };
-	} else
-		m_Query[name].push_back(value);
-}
-
-void Url::SetQueryElements(const String& name, const std::vector<String>& values)
-{
-	m_Query[name] = values;
+	m_Query.emplace_back(name, value);
 }
 
 void Url::SetFragment(const String& fragment) {
@@ -255,38 +207,16 @@ String Url::Format(bool onlyPathAndQuery, bool printCredentials) const
 	if (!m_Query.empty()) {
 		typedef std::pair<String, std::vector<String> > kv_pair;
 
-		for (const kv_pair& kv : m_Query) {
+		for (const auto& kv : m_Query) {
 			String key = Utility::EscapeString(kv.first, ACQUERY_ENCODE, false);
 			if (param.IsEmpty())
 				param = "?";
 			else
 				param += "&";
 
-			// Just one (or one empty) value
-			if (kv.second.size() == 1) {
-				param += key;
-				param += kv.second[0].IsEmpty() ?
-					String() : "=" + Utility::EscapeString(kv.second[0], ACQUERY_ENCODE, false);
-				continue;
-			}
-
-			// Array
-			String temp;
-			for (const String& s : kv.second) {
-				if (!temp.IsEmpty())
-					temp += "&";
-
-				temp += key;
-
-				if (m_ArrayFormatUseBrackets) {
-					if (kv.second.size() > 1)
-						temp += "[]";
-				}
-
-				if (!s.IsEmpty())
-					temp += "=" + Utility::EscapeString(s, ACQUERY_ENCODE, false);
-			}
-			param += temp;
+			param += key;
+			param += kv.second.IsEmpty() ?
+				String() : "=" + Utility::EscapeString(kv.second, ACQUERY_ENCODE, false);
 		}
 	}
 
@@ -408,14 +338,7 @@ bool Url::ParseQuery(const String& query)
 		if (!ValidateToken(key, ACQUERY))
 			return false;
 
-		key = Utility::UnescapeString(key);
-
-		auto it = m_Query.find(key);
-
-		if (it == m_Query.end()) {
-			m_Query[key] = std::vector<String> { std::move(value) };
-		} else
-			m_Query[key].emplace_back(std::move(value));
+		m_Query.emplace_back(Utility::UnescapeString(key), std::move(value));
 	}
 
 	return true;
diff --git a/lib/remote/url.hpp b/lib/remote/url.hpp
index 20386980c..6012b2f3e 100644
--- a/lib/remote/url.hpp
+++ b/lib/remote/url.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef URL_H
 #define URL_H
@@ -26,6 +9,7 @@
 #include "base/array.hpp"
 #include "base/value.hpp"
 #include <map>
+#include <utility>
 #include <vector>
 
 namespace icinga
@@ -53,9 +37,7 @@ public:
 	String GetHost() const;
 	String GetPort() const;
 	const std::vector<String>& GetPath() const;
-	const std::map<String, std::vector<String> >& GetQuery() const;
-	String GetQueryElement(const String& name) const;
-	const std::vector<String>& GetQueryElements(const String& name) const;
+	const std::vector<std::pair<String, String>>& GetQuery() const;
 	String GetFragment() const;
 
 	void SetScheme(const String& scheme);
@@ -64,11 +46,10 @@ public:
 	void SetHost(const String& host);
 	void SetPort(const String& port);
 	void SetPath(const std::vector<String>& path);
-	void SetQuery(const std::map<String, std::vector<String> >& query);
+	void SetQuery(const std::vector<std::pair<String, String>>& query);
 	void SetArrayFormatUseBrackets(bool useBrackets = true);
 
 	void AddQueryElement(const String& name, const String& query);
-	void SetQueryElements(const String& name, const std::vector<String>& query);
 	void SetFragment(const String& fragment);
 
 private:
@@ -78,7 +59,7 @@ private:
 	String m_Host;
 	String m_Port;
 	std::vector<String> m_Path;
-	std::map<String, std::vector<String> > m_Query;
+	std::vector<std::pair<String, String>> m_Query;
 	bool m_ArrayFormatUseBrackets;
 	String m_Fragment;
 
diff --git a/lib/remote/variablequeryhandler.cpp b/lib/remote/variablequeryhandler.cpp
index 4a36fc8ce..aef896e6f 100644
--- a/lib/remote/variablequeryhandler.cpp
+++ b/lib/remote/variablequeryhandler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/variablequeryhandler.hpp"
 #include "remote/httputility.hpp"
@@ -24,6 +7,7 @@
 #include "base/scriptglobal.hpp"
 #include "base/logger.hpp"
 #include "base/serializer.hpp"
+#include "base/namespace.hpp"
 #include <set>
 
 using namespace icinga;
@@ -48,10 +32,10 @@ public:
 		const std::function<void (const Value&)>& addTarget) const override
 	{
 		{
-			Dictionary::Ptr globals = ScriptGlobal::GetGlobals();
+			Namespace::Ptr globals = ScriptGlobal::GetGlobals();
 			ObjectLock olock(globals);
-			for (const Dictionary::Pair& kv : globals) {
-				addTarget(GetTargetForVar(kv.first, kv.second));
+			for (const Namespace::Pair& kv : globals) {
+				addTarget(GetTargetForVar(kv.first, kv.second->Get()));
 			}
 		}
 	}
@@ -72,12 +56,23 @@ public:
 	}
 };
 
-bool VariableQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
+bool VariableQueryHandler::HandleRequest(
+	AsioTlsStream& stream,
+	const ApiUser::Ptr& user,
+	boost::beast::http::request<boost::beast::http::string_body>& request,
+	const Url::Ptr& url,
+	boost::beast::http::response<boost::beast::http::string_body>& response,
+	const Dictionary::Ptr& params,
+	boost::asio::yield_context& yc,
+	HttpServerConnection& server
+)
 {
-	if (request.RequestUrl->GetPath().size() > 3)
+	namespace http = boost::beast::http;
+
+	if (url->GetPath().size() > 3)
 		return false;
 
-	if (request.RequestMethod != "GET")
+	if (request.method() != http::verb::get)
 		return false;
 
 	QueryDescription qd;
@@ -87,8 +82,8 @@ bool VariableQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest&
 
 	params->Set("type", "Variable");
 
-	if (request.RequestUrl->GetPath().size() >= 3)
-		params->Set("variable", request.RequestUrl->GetPath()[2]);
+	if (url->GetPath().size() >= 3)
+		params->Set("variable", url->GetPath()[2]);
 
 	std::vector<Value> objs;
 
@@ -115,7 +110,7 @@ bool VariableQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest&
 		{ "results", new Array(std::move(results)) }
 	});
 
-	response.SetStatus(200, "OK");
+	response.result(http::status::ok);
 	HttpUtility::SendJsonBody(response, params, result);
 
 	return true;
diff --git a/lib/remote/variablequeryhandler.hpp b/lib/remote/variablequeryhandler.hpp
index 6ce4dacc1..48e73be35 100644
--- a/lib/remote/variablequeryhandler.hpp
+++ b/lib/remote/variablequeryhandler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef VARIABLEQUERYHANDLER_H
 #define VARIABLEQUERYHANDLER_H
@@ -30,8 +13,16 @@ class VariableQueryHandler final : public HttpHandler
 public:
 	DECLARE_PTR_TYPEDEFS(VariableQueryHandler);
 
-	bool HandleRequest(const ApiUser::Ptr& user, HttpRequest& request,
-		HttpResponse& response, const Dictionary::Ptr& params) override;
+	bool HandleRequest(
+		AsioTlsStream& stream,
+		const ApiUser::Ptr& user,
+		boost::beast::http::request<boost::beast::http::string_body>& request,
+		const Url::Ptr& url,
+		boost::beast::http::response<boost::beast::http::string_body>& response,
+		const Dictionary::Ptr& params,
+		boost::asio::yield_context& yc,
+		HttpServerConnection& server
+	) override;
 };
 
 }
diff --git a/lib/remote/zone.cpp b/lib/remote/zone.cpp
index ea6e007bd..5ae1468c1 100644
--- a/lib/remote/zone.cpp
+++ b/lib/remote/zone.cpp
@@ -1,25 +1,9 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "remote/zone.hpp"
 #include "remote/zone-ti.cpp"
 #include "remote/jsonrpcconnection.hpp"
+#include "base/array.hpp"
 #include "base/objectlock.hpp"
 #include "base/logger.hpp"
 
@@ -33,6 +17,9 @@ void Zone::OnAllConfigLoaded()
 
 	m_Parent = Zone::GetByName(GetParentRaw());
 
+	if (m_Parent && m_Parent->IsGlobal())
+		BOOST_THROW_EXCEPTION(ScriptError("Zone '" + GetName() + "' can not have a global zone as parent.", GetDebugInfo()));
+
 	Zone::Ptr zone = m_Parent;
 	int levels = 0;
 
@@ -86,11 +73,21 @@ std::set<Endpoint::Ptr> Zone::GetEndpoints() const
 	return result;
 }
 
-std::vector<Zone::Ptr> Zone::GetAllParents() const
+std::vector<Zone::Ptr> Zone::GetAllParentsRaw() const
 {
 	return m_AllParents;
 }
 
+Array::Ptr Zone::GetAllParents() const
+{
+	auto result (new Array);
+
+	for (auto& parent : m_AllParents)
+		result->Add(parent->GetName());
+
+	return result;
+}
+
 bool Zone::CanAccessObject(const ConfigObject::Ptr& object)
 {
 	Zone::Ptr object_zone;
diff --git a/lib/remote/zone.hpp b/lib/remote/zone.hpp
index 6193dc026..897b18e96 100644
--- a/lib/remote/zone.hpp
+++ b/lib/remote/zone.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ZONE_H
 #define ZONE_H
@@ -40,7 +23,8 @@ public:
 
 	Zone::Ptr GetParent() const;
 	std::set<Endpoint::Ptr> GetEndpoints() const;
-	std::vector<Zone::Ptr> GetAllParents() const;
+	std::vector<Zone::Ptr> GetAllParentsRaw() const;
+	Array::Ptr GetAllParents() const override;
 
 	bool CanAccessObject(const ConfigObject::Ptr& object);
 	bool IsChildOf(const Zone::Ptr& zone);
diff --git a/lib/remote/zone.ti b/lib/remote/zone.ti
index ad7bb8d50..53fd4e609 100644
--- a/lib/remote/zone.ti
+++ b/lib/remote/zone.ti
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/configobject.hpp"
 
@@ -34,6 +17,9 @@ class Zone : ConfigObject
 
 	[config] array(name(Endpoint)) endpoints (EndpointsRaw);
 	[config] bool global;
+	[no_user_modify, no_storage] array(Value) all_parents {
+		get;
+	};
 };
 
 }
diff --git a/mkdocs.yml b/mkdocs.yml
index 8fa7bcfec..aaee8d5c7 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -3,9 +3,9 @@ docs_dir: doc
 dev_addr: 0.0.0.0:8000
 pages:
   - 'About Icinga 2': '01-about.md'
-  - 'Getting Started': '02-getting-started.md'
+  - 'Installation': '02-installation.md'
   - 'Monitoring Basics': '03-monitoring-basics.md'
-  - 'Configuring Icinga 2': '04-configuring-icinga-2.md'
+  - 'Configuration': '04-configuration.md'
   - 'Service Monitoring': '05-service-monitoring.md'
   - 'Distributed Monitoring': '06-distributed-monitoring.md'
   - 'Agent Based Monitoring': '07-agent-based-monitoring.md'
diff --git a/plugins/CMakeLists.txt b/plugins/CMakeLists.txt
index c908a89e4..27fddecff 100644
--- a/plugins/CMakeLists.txt
+++ b/plugins/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 add_executable(check_nscp_api
   check_nscp_api.cpp
@@ -24,7 +9,6 @@ add_executable(check_nscp_api
 target_link_libraries(check_nscp_api ${base_DEPS})
 set_target_properties (
   check_nscp_api PROPERTIES
-  INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR}/icinga2
   DEFINE_SYMBOL I2_PLUGINS_BUILD
   FOLDER Plugins)
 
@@ -47,7 +31,6 @@ if (WIN32)
 
   set_target_properties(
     thresholds PROPERTIES
-    INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR}/icinga2
     FOLDER Plugins
   )
 
@@ -65,7 +48,6 @@ if (WIN32)
 
     set_target_properties(
       ${check_OUT} PROPERTIES
-      INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR}/icinga2
       DEFINE_SYMBOL I2_PLUGINS_BUILD
       FOLDER Plugins
     )
diff --git a/plugins/README.md b/plugins/README.md
deleted file mode 100644
index f524f31ab..000000000
--- a/plugins/README.md
+++ /dev/null
@@ -1,51 +0,0 @@
-## Icinga 2 plugins for Windows
-
-This collection of plugins is intended to provide basic functionality checks on windows machines.  
-They (mostly) conform to the [nagios developer guidelines](https://nagios-plugins.org/doc/guidelines.html), 
-returning adequate exit codes and printing a pertinent string with performance data.
-
-
-### Intallation
-
-The plugins are installed as part of Icinga 2.
-
-
-### Requirements
-
-- Boost 1.41.0
-- Windows Vista, Windows Server 2008 or newer
-
-
-### Usage
-
-Call a plugin with the "--help" option to receive information about its usage.  
-Most of them don't need any parameters to but all of them have a -w (warning) and -c (critical) option. 
-Those accept, if not otherwise specified, value or percentage based thresholds or threshold ranges.  
-
-A few examples:  
-*./check_command.exe -w 12 -c !60%*  
-Adds a warning threshold of 12 and an inversed critical threshold of 60%  
-
-*./check_command.exe -w ![20%-80%] -c [0%-40%]*  
-The warning threshold is outside of 20% to 80% and the critical threshold is the range from 0% to 40%.  
-A critical state always overwrites a warning state, meaning the check would be critical with a value of 30%.
-
-
-### License
-
-Icinga 2  
-Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-
-This program is free software; you can redistribute it and/or  
-modify it under the tems of the GNU General Public License  
-as published by the Free Software Foundation; either version 2  
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,  
-but WITHOUT ANY WARRANTY; without even the implied warranty of  
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License  
- along with this program; if not, write to the Free Software Foundation  
- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
diff --git a/plugins/check_disk.cpp b/plugins/check_disk.cpp
index b0e898f54..ac475b560 100644
--- a/plugins/check_disk.cpp
+++ b/plugins/check_disk.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -382,7 +365,7 @@ static int printOutput(printInfoStruct& printInfo, std::vector<drive>& vDrives)
 			wsDrives.push_back(it->name + L" " + removeZero(it->free) + L" " + unit + L" (" +
 				removeZero(std::round(it->free / it->cap * 100.0)) + L"%); ");
 
-			wsPerf.push_back(L" " + it->name + L"=" + removeZero(it->free) + unit + L";" +
+			wsPerf.push_back(L" '" + it->name + L"'=" + removeZero(it->free) + unit + L";" +
 				printInfo.warn.pString(it->cap) + L";" + printInfo.crit.pString(it->cap) + L";0;"
 				+ removeZero(it->cap));
 
diff --git a/plugins/check_load.cpp b/plugins/check_load.cpp
index 81f2ecfdf..563c34788 100644
--- a/plugins/check_load.cpp
+++ b/plugins/check_load.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -171,7 +154,7 @@ static int printOutput(printInfoStruct& printInfo)
 		break;
 	}
 
-	std::wcout << " " << printInfo.load << L"% | load=" << printInfo.load << L"%;"
+	std::wcout << " " << printInfo.load << L"% | 'load'=" << printInfo.load << L"%;"
 		<< printInfo.warn.pString() << L";"
 		<< printInfo.crit.pString() << L";0;100" << '\n';
 
diff --git a/plugins/check_memory.cpp b/plugins/check_memory.cpp
index 46c65649e..146144532 100644
--- a/plugins/check_memory.cpp
+++ b/plugins/check_memory.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -150,7 +133,11 @@ static int parseArguments(int ac, WCHAR ** av, po::variables_map& vm, printInfoS
 		}
 	}
 
-	printInfo.showUsed = vm.count("show-used") > 0;
+	if (vm.count("show-used")) {
+		printInfo.showUsed = true;
+		printInfo.warn.legal = true;
+		printInfo.crit.legal = true;
+	}
 
 	return -1;
 }
@@ -160,7 +147,7 @@ static int printOutput(printInfoStruct& printInfo)
 	if (l_Debug)
 		std::wcout << L"Constructing output string" << '\n';
 
-	state state;
+	state state = OK;
 
 	std::wcout << L"MEMORY ";
 
@@ -171,25 +158,22 @@ static int printOutput(printInfoStruct& printInfo)
 	else
 		currentValue = printInfo.tRam - printInfo.aRam;
 
-	if (printInfo.warn.rend(currentValue, printInfo.tRam)) {
+	if (printInfo.warn.rend(currentValue, printInfo.tRam))
 		state = WARNING;
-		std::wcout << L"WARNING";
-	} else if (printInfo.crit.rend(currentValue, printInfo.tRam)) {
+
+	if (printInfo.crit.rend(currentValue, printInfo.tRam))
 		state = CRITICAL;
-		std::wcout << L"CRITICAL";
-	} else {
-		state = OK;
-		std::wcout << L"OK";
-	}
+
+	std::wcout << stateToString(state);
 
 	if (!printInfo.showUsed)
 		std::wcout << " - " << printInfo.percentFree << L"% free";
 	else
 		std::wcout << " - " << 100 - printInfo.percentFree << L"% used";
 
-	std::wcout << "| memory=" << currentValue << BunitStr(printInfo.unit) << L";"
+	std::wcout << "| 'memory'=" << currentValue << BunitStr(printInfo.unit) << L";"
 		<< printInfo.warn.pString(printInfo.tRam) << L";" << printInfo.crit.pString(printInfo.tRam)
-		<< L";0;" << printInfo.tRam;
+		<< L";0;" << printInfo.tRam << '\n';
 
 	return state;
 }
diff --git a/plugins/check_network.cpp b/plugins/check_network.cpp
index e17d7b503..e21607a09 100644
--- a/plugins/check_network.cpp
+++ b/plugins/check_network.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #define WIN32_LEAN_AND_MEAN
 
@@ -120,11 +103,6 @@ static int parseArguments(int ac, WCHAR **av, po::variables_map& vm, printInfoSt
 			L"warn is VALUE is inside the range spanned by THR1 and THR2\n\n"
 			L"-w ![THR1-THR2]\n"
 			L"warn if VALUE is outside the range spanned by THR1 and THR2\n\n"
-			L"-w THRESHOLD%%\n"
-			L"if the plugin accepts percentage based thresholds those will be used.\n"
-			L"Does nothing if the plugin does not accept percentages, or only uses\n"
-			L"percentage thresholds. Ranges can be used with \"%%\", but both range values need\n"
-			L"to end with a percentage sign.\n\n"
 			L"All of these options work with the critical threshold \"-c\" too."
 			, progName);
 		std::cout << '\n';
@@ -190,7 +168,7 @@ static int printOutput(printInfoStruct& printInfo, const std::vector<nInterface>
 			continue;
 		} else {
 			boost::algorithm::replace_all(wsFriendlyName, "'", "''");
-			tss << L"\'" << wsFriendlyName << L"_in\'=" << it->BytesInSec << L"B \'" << wsFriendlyName << L"_out\'=" << it->BytesOutSec << L"B ";
+			tss << L"'" << wsFriendlyName << L"_in'=" << it->BytesInSec << L"B '" << wsFriendlyName << L"_out'=" << it->BytesOutSec << L"B ";
 		}
 	}
 
@@ -214,7 +192,8 @@ static int printOutput(printInfoStruct& printInfo, const std::vector<nInterface>
 	}
 
 	std::wcout << " " << tIn + tOut << L"B/s | "
-		<< L"network=" << tIn + tOut << L"B;" << printInfo.warn.pString() << L";" << printInfo.crit.pString() << L";" << L"0; "
+		<< L"'network'=" << tIn + tOut << L"B;" << printInfo.warn.pString() << L";" << printInfo.crit.pString() << L";" << L"0; "
+		<< L"'network_in'=" << tIn << L"B 'network_out'=" << tOut << L"B "
 		<< tss.str() << '\n';
 
 	return state;
diff --git a/plugins/check_nscp_api.cpp b/plugins/check_nscp_api.cpp
index 333b217ab..1339ccbac 100644
--- a/plugins/check_nscp_api.cpp
+++ b/plugins/check_nscp_api.cpp
@@ -1,33 +1,31 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
-#define VERSION "1.0.1"
+#include "icinga-version.h" /* include VERSION */
 
-#include "remote/httpclientconnection.hpp"
-#include "remote/httprequest.hpp"
-#include "remote/url-characters.hpp"
+// ensure to include base first
+#include "base/i2-base.hpp"
 #include "base/application.hpp"
 #include "base/json.hpp"
 #include "base/string.hpp"
+#include "base/logger.hpp"
 #include "base/exception.hpp"
+#include "base/utility.hpp"
+#include "base/defer.hpp"
+#include "base/io-engine.hpp"
+#include "base/stream.hpp"
+#include "base/tcpsocket.hpp" /* include global icinga::Connect */
+#include "base/tlsstream.hpp"
+#include "base/base64.hpp"
+#include "remote/url.hpp"
+#include <remote/url-characters.hpp>
 #include <boost/program_options.hpp>
 #include <boost/algorithm/string/split.hpp>
+#include <boost/range/algorithm/remove_if.hpp>
+#include <boost/asio/buffer.hpp>
+#include <boost/asio/ssl/context.hpp>
+#include <boost/beast.hpp>
+#include <cstddef>
+#include <cstring>
 #include <iostream>
 
 using namespace icinga;
@@ -35,96 +33,17 @@ namespace po = boost::program_options;
 
 static bool l_Debug;
 
-/*
- * This function is called by an 'HttpRequest' once the server answers. After doing a short check on the 'response' it
- * decodes it to a Dictionary and then tells 'QueryEndpoint()' that it's done
- */
-static void ResultHttpCompletionCallback(const HttpRequest& request, HttpResponse& response, bool& ready,
-	boost::condition_variable& cv, boost::mutex& mtx, Dictionary::Ptr& result)
-{
-	String body;
-	char buffer[1024];
-	size_t count;
-
-	while ((count = response.ReadBody(buffer, sizeof(buffer))) > 0)
-		body += String(buffer, buffer + count);
-
-	if (l_Debug) {
-		std::cout << "Received answer\n"
-			<< "\tHTTP code: " << response.StatusCode << "\n"
-			<< "\tHTTP message: '" << response.StatusMessage << "'\n"
-			<< "\tHTTP body: '" << body << "'.\n";
-	}
-
-	// Only try to decode the body if the 'HttpRequest' was successful
-	if (response.StatusCode != 200)
-		result = Dictionary::Ptr();
-	else
-		result = JsonDecode(body);
-
-	// Unlock our mutex, set ready and notify 'QueryEndpoint()'
-	boost::mutex::scoped_lock lock(mtx);
-	ready = true;
-	cv.notify_all();
-}
-
-/*
- * This function takes all the information required to query an nscp instance on
- * 'host':'port' with 'password'. The String 'endpoint' contains the specific
- * query name and all the arguments formatted as an URL.
- */
-static Dictionary::Ptr QueryEndpoint(const String& host, const String& port, const String& password,
-	const String& endpoint)
-{
-	HttpClientConnection::Ptr m_Connection = new HttpClientConnection(host, port, true);
-
-	try {
-		bool ready = false;
-		boost::condition_variable cv;
-		boost::mutex mtx;
-		Dictionary::Ptr result;
-		std::shared_ptr<HttpRequest> req = m_Connection->NewRequest();
-		req->RequestMethod = "GET";
-
-		// Url() will call Utillity::UnescapeString() which will thrown an exception if it finds a lonely %
-		req->RequestUrl = new Url(endpoint);
-
-		// NSClient++ uses `time=1m&time=5m` instead of `time[]=1m&time[]=5m`
-		req->RequestUrl->SetArrayFormatUseBrackets(false);
-
-		req->AddHeader("password", password);
-		if (l_Debug)
-			std::cout << "Sending request to 'https://" << host << ":" << port << req->RequestUrl->Format(false, false) << "'\n";
-
-		// Submits the request. The 'ResultHttpCompletionCallback' is called once the HttpRequest receives an answer,
-		// which then sets 'ready' to true
-		m_Connection->SubmitRequest(req, std::bind(ResultHttpCompletionCallback, _1, _2,
-			boost::ref(ready), boost::ref(cv), boost::ref(mtx), boost::ref(result)));
-
-		// We need to spinlock here because our 'HttpRequest' works asynchronous
-		boost::mutex::scoped_lock lock(mtx);
-		while (!ready) {
-			cv.wait(lock);
-		}
-
-		return result;
-	}
-	catch (const std::exception& ex) {
-		// Exceptions should only happen in extreme edge cases we can't recover from
-		std::cout << "Caught exception: " << DiagnosticInformation(ex, false) << '\n';
-		return Dictionary::Ptr();
-	}
-}
-
-/*
- * Takes a Dictionary 'result' and constructs an icinga compliant output string.
- * If 'result' is not in the expected format it returns 3 ("UNKNOWN") and prints an informative, icinga compliant,
- * output string.
+/**
+ * Prints an Icinga plugin API compliant output, including error handling.
+ *
+ * @param result
+ *
+ * @return Status code for exit()
  */
 static int FormatOutput(const Dictionary::Ptr& result)
 {
 	if (!result) {
-		std::cout << "UNKNOWN: No data received.\n";
+		std::cerr << "UNKNOWN: No data received.\n";
 		return 3;
 	}
 
@@ -133,54 +52,59 @@ static int FormatOutput(const Dictionary::Ptr& result)
 
 	Array::Ptr payloads = result->Get("payload");
 	if (!payloads) {
-		std::cout << "UNKNOWN: Answer format error: Answer is missing 'payload'.\n";
+		std::cerr << "UNKNOWN: Answer format error: Answer is missing 'payload'.\n";
 		return 3;
 	}
 
 	if (payloads->GetLength() == 0) {
-		std::cout << "UNKNOWN: Answer format error: 'payload' was empty.\n";
+		std::cerr << "UNKNOWN: Answer format error: 'payload' was empty.\n";
 		return 3;
 	}
 
 	if (payloads->GetLength() > 1) {
-		std::cout << "UNKNOWN: Answer format error: Multiple payloads are not supported.";
+		std::cerr << "UNKNOWN: Answer format error: Multiple payloads are not supported.";
 		return 3;
 	}
 
 	Dictionary::Ptr payload;
+
 	try {
 		payload = payloads->Get(0);
 	} catch (const std::exception&) {
-		std::cout << "UNKNOWN: Answer format error: 'payload' was not a Dictionary.\n";
+		std::cerr << "UNKNOWN: Answer format error: 'payload' was not a Dictionary.\n";
 		return 3;
 	}
 
 	Array::Ptr lines;
+
 	try {
 		lines = payload->Get("lines");
 	} catch (const std::exception&) {
-		std::cout << "UNKNOWN: Answer format error: 'payload' is missing 'lines'.\n";
+		std::cerr << "UNKNOWN: Answer format error: 'payload' is missing 'lines'.\n";
 		return 3;
 	}
 
 	if (!lines) {
-		std::cout << "UNKNOWN: Answer format error: 'lines' is Null.\n";
+		std::cerr << "UNKNOWN: Answer format error: 'lines' is Null.\n";
 		return 3;
 	}
 
 	std::stringstream ssout;
+
 	ObjectLock olock(lines);
 
 	for (const Value& vline : lines) {
 		Dictionary::Ptr line;
+
 		try {
 			line = vline;
 		} catch (const std::exception&) {
-			std::cout << "UNKNOWN: Answer format error: 'lines' entry was not a Dictionary.\n";
+			std::cerr << "UNKNOWN: Answer format error: 'lines' entry was not a Dictionary.\n";
 			return 3;
 		}
+
 		if (!line) {
-			std::cout << "UNKNOWN: Answer format error: 'lines' entry was Null.\n";
+			std::cerr << "UNKNOWN: Answer format error: 'lines' entry was Null.\n";
 			return 3;
 		}
 
@@ -192,11 +116,17 @@ static int FormatOutput(const Dictionary::Ptr& result)
 		}
 
 		Array::Ptr perfs = line->Get("perf");
+
 		ObjectLock olock(perfs);
 
 		for (const Dictionary::Ptr& perf : perfs) {
 			ssout << "'" << perf->Get("alias") << "'=";
-			Dictionary::Ptr values = perf->Contains("int_value") ? perf->Get("int_value") : perf->Get("float_value");
+
+			Dictionary::Ptr values = perf->Get("float_value");
+
+			if (perf->Contains("int_value"))
+				values = perf->Get("int_value");
+
 			ssout << values->Get("value") << values->Get("unit") << ';' << values->Get("warning") << ';' << values->Get("critical");
 
 			if (values->Contains("minimum") || values->Contains("maximum")) {
@@ -215,24 +145,283 @@ static int FormatOutput(const Dictionary::Ptr& result)
 		ssout << '\n';
 	}
 
-	//TODO: Fix
-	String state = static_cast<String>(payload->Get("result")).ToUpper();
-	int creturn = state == "OK" ? 0 :
-		state == "WARNING" ? 1 :
-		state == "CRITICAL" ? 2 :
-		state == "UNKNOWN" ? 3 : 4;
+	std::map<String, unsigned int> stateMap = {
+		{ "OK", 0 },
+		{ "WARNING", 1},
+		{ "CRITICAL", 2},
+		{ "UNKNOWN", 3}
+	};
 
-	if (creturn == 4) {
-		std::cout << "check_nscp UNKNOWN Answer format error: 'result' was not a known state.\n";
+	String state = static_cast<String>(payload->Get("result")).ToUpper();
+
+	auto it = stateMap.find(state);
+
+	if (it == stateMap.end()) {
+		std::cerr << "UNKNOWN Answer format error: 'result' was not a known state.\n";
 		return 3;
 	}
 
 	std::cout << ssout.rdbuf();
-	return creturn;
+
+	return it->second;
 }
 
-/*
- *  Process arguments, initialize environment and shut down gracefully.
+/**
+ * Connects to host:port and performs a TLS shandshake
+ *
+ * @param host To connect to.
+ * @param port To connect to.
+ *
+ * @returns AsioTlsStream pointer for future HTTP connections.
+ */
+static std::shared_ptr<AsioTlsStream> Connect(const String& host, const String& port)
+{
+	std::shared_ptr<boost::asio::ssl::context> sslContext;
+
+	try {
+		sslContext = MakeAsioSslContext(Empty, Empty, Empty); //TODO: Add support for cert, key, ca parameters
+	} catch(const std::exception& ex) {
+		Log(LogCritical, "DebugConsole")
+			<< "Cannot make SSL context: " << ex.what();
+		throw;
+	}
+
+	std::shared_ptr<AsioTlsStream> stream = std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext(), *sslContext, host);
+
+	try {
+		icinga::Connect(stream->lowest_layer(), host, port);
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "DebugConsole")
+			<< "Cannot connect to REST API on host '" << host << "' port '" << port << "': " << ex.what();
+		throw;
+	}
+
+	auto& tlsStream (stream->next_layer());
+
+	try {
+		tlsStream.handshake(tlsStream.client);
+	} catch (const std::exception& ex) {
+		Log(LogWarning, "DebugConsole")
+			<< "TLS handshake with host '" << host << "' failed: " << ex.what();
+		throw;
+	}
+
+	return std::move(stream);
+}
+
+static const char l_ReasonToInject[2] = {' ', 'X'};
+
+template<class MutableBufferSequence>
+static inline
+boost::asio::mutable_buffer GetFirstNonZeroBuffer(const MutableBufferSequence& mbs)
+{
+	namespace asio = boost::asio;
+
+	auto end (asio::buffer_sequence_end(mbs));
+
+	for (auto current (asio::buffer_sequence_begin(mbs)); current != end; ++current) {
+		asio::mutable_buffer buf (*current);
+
+		if (buf.size() > 0u) {
+			return std::move(buf);
+		}
+	}
+
+	return {};
+}
+
+/**
+ * Workaround for <https://github.com/mickem/nscp/issues/610>.
+ */
+template<class SyncReadStream>
+class HttpResponseReasonInjector
+{
+public:
+	inline HttpResponseReasonInjector(SyncReadStream& stream)
+		: m_Stream(stream), m_ReasonHasBeenInjected(false), m_StashedData(nullptr)
+	{
+	}
+
+	HttpResponseReasonInjector(const HttpResponseReasonInjector&) = delete;
+	HttpResponseReasonInjector(HttpResponseReasonInjector&&) = delete;
+	HttpResponseReasonInjector& operator=(const HttpResponseReasonInjector&) = delete;
+	HttpResponseReasonInjector& operator=(HttpResponseReasonInjector&&) = delete;
+
+	template<class MutableBufferSequence>
+	size_t read_some(const MutableBufferSequence& mbs)
+	{
+		boost::system::error_code ec;
+		size_t amount = read_some(mbs, ec);
+
+		if (ec) {
+			throw boost::system::system_error(ec);
+		}
+
+		return amount;
+	}
+
+	template<class MutableBufferSequence>
+	size_t read_some(const MutableBufferSequence& mbs, boost::system::error_code& ec)
+	{
+		auto mb (GetFirstNonZeroBuffer(mbs));
+
+		if (m_StashedData) {
+			size_t amount = 0;
+			auto end ((char*)mb.data() + mb.size());
+
+			for (auto current ((char*)mb.data()); current < end; ++current) {
+				*current = *m_StashedData;
+
+				++m_StashedData;
+				++amount;
+
+				if (m_StashedData == (char*)m_StashedDataBuf + (sizeof(m_StashedDataBuf) / sizeof(m_StashedDataBuf[0]))) {
+					m_StashedData = nullptr;
+					break;
+				}
+			}
+
+			return amount;
+		}
+
+		size_t amount = m_Stream.read_some(mb, ec);
+
+		if (!ec && !m_ReasonHasBeenInjected) {
+			auto end ((char*)mb.data() + amount);
+
+			for (auto current ((char*)mb.data()); current < end; ++current) {
+				if (*current == '\r') {
+					auto last (end - 1);
+
+					for (size_t i = sizeof(l_ReasonToInject) / sizeof(l_ReasonToInject[0]); i;) {
+						m_StashedDataBuf[--i] = *last;
+
+						if (last > current) {
+							memmove(current + 1, current, last - current);
+						}
+
+						*current = l_ReasonToInject[i];
+					}
+
+					m_ReasonHasBeenInjected = true;
+					m_StashedData = m_StashedDataBuf;
+
+					break;
+				}
+			}
+		}
+
+		return amount;
+	}
+
+private:
+	SyncReadStream& m_Stream;
+	bool m_ReasonHasBeenInjected;
+	char m_StashedDataBuf[sizeof(l_ReasonToInject) / sizeof(l_ReasonToInject[0])];
+	char* m_StashedData;
+};
+
+/**
+ * Queries the given endpoint and host:port and retrieves data.
+ *
+ * @param host To connect to.
+ * @param port To connect to.
+ * @param password For auth header (required).
+ * @param endpoint Caller must construct the full endpoint including the command query.
+ *
+ * @return Dictionary de-serialized from JSON data.
+ */
+
+static Dictionary::Ptr FetchData(const String& host, const String& port, const String& password,
+	const String& endpoint)
+{
+	namespace beast = boost::beast;
+	namespace http = beast::http;
+
+	std::shared_ptr<AsioTlsStream> tlsStream;
+
+	try {
+		tlsStream = Connect(host, port);
+	} catch (const std::exception& ex) {
+		std::cerr << "Connection error: " << ex.what();
+		throw ex;
+	}
+
+	Url::Ptr url;
+
+	try {
+		url = new Url(endpoint);
+	} catch (const std::exception& ex) {
+		std::cerr << "URL error: " << ex.what();
+		throw ex;
+	}
+
+	url->SetScheme("https");
+	url->SetHost(host);
+	url->SetPort(port);
+
+	// NSClient++ uses `time=1m&time=5m` instead of `time[]=1m&time[]=5m`
+	url->SetArrayFormatUseBrackets(false);
+
+	http::request<http::string_body> request (http::verb::get, std::string(url->Format(true)), 10);
+
+	request.set(http::field::user_agent, "Icinga/check_nscp_api/" + String(VERSION));
+	request.set(http::field::host, host + ":" + port);
+
+	request.set(http::field::accept, "application/json");
+	request.set("password", password);
+
+	if (l_Debug) {
+		std::cout << "Sending request to " << url->Format(false, false) << "'.\n";
+	}
+
+	try {
+		http::write(*tlsStream, request);
+		tlsStream->flush();
+	} catch (const std::exception& ex) {
+		std::cerr << "Cannot write HTTP request to REST API at URL '" << url->Format(false, false) << "': " << ex.what();
+		throw ex;
+	}
+
+	beast::flat_buffer buffer;
+	http::parser<false, http::string_body> p;
+
+	try {
+		HttpResponseReasonInjector<decltype(*tlsStream)> reasonInjector (*tlsStream);
+		http::read(reasonInjector, buffer, p);
+	} catch (const std::exception &ex) {
+		BOOST_THROW_EXCEPTION(ScriptError(String("Error reading HTTP response data: ") + ex.what()));
+	}
+
+	String body (std::move(p.get().body()));
+
+	if (l_Debug)
+		std::cout << "Received body from NSCP: '" << body << "'." << std::endl;
+
+	// Add some rudimentary error handling.
+	if (body.IsEmpty()) {
+		String message = "No body received. Ensure that connection parameters are good and check the NSCP logs.";
+		BOOST_THROW_EXCEPTION(ScriptError(message));
+	}
+
+	Dictionary::Ptr jsonResponse;
+
+	try {
+		jsonResponse = JsonDecode(body);
+	} catch (const std::exception& ex) {
+		String message = "Cannot parse JSON response body '" + body + "', error: " + ex.what();
+		BOOST_THROW_EXCEPTION(ScriptError(message));
+	}
+
+	return jsonResponse;
+}
+
+/**
+ * Main function
+ *
+ * @param argc
+ * @param argv
+ * @return exit code
  */
 int main(int argc, char **argv)
 {
@@ -282,6 +471,12 @@ int main(int argc, char **argv)
 
 	l_Debug = vm.count("debug") > 0;
 
+	// Initialize logger
+	if (l_Debug)
+		Logger::SetConsoleLogSeverity(LogDebug);
+	else
+		Logger::SetConsoleLogSeverity(LogWarning);
+
 	// Create the URL string and escape certain characters since Url() follows RFC 3986
 	String endpoint = "/query/" + vm["query"].as<std::string>();
 	if (!vm.count("arguments"))
@@ -301,11 +496,15 @@ int main(int argc, char **argv)
 		}
 	}
 
-	// This needs to happen for HttpRequest to work
-	Application::InitializeBase();
+	Dictionary::Ptr result;
 
-	Dictionary::Ptr result = QueryEndpoint(vm["host"].as<std::string>(), vm["port"].as<std::string>(),
-		vm["password"].as<std::string>(), endpoint);
+	try {
+		result = FetchData(vm["host"].as<std::string>(), vm["port"].as<std::string>(),
+		   vm["password"].as<std::string>(), endpoint);
+	} catch (const std::exception& ex) {
+		std::cerr << "UNKNOWN - " << ex.what();
+		exit(3);
+	}
 
 	// Application::Exit() is the clean way to exit after calling InitializeBase()
 	Application::Exit(FormatOutput(result));
diff --git a/plugins/check_perfmon.cpp b/plugins/check_perfmon.cpp
index 7e415f1cd..0f94b12dc 100644
--- a/plugins/check_perfmon.cpp
+++ b/plugins/check_perfmon.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -297,7 +280,11 @@ bool QueryPerfData(printInfoStruct& pI)
 	if (FAILED(status))
 		goto die;
 
-	status = PdhAddCounter(hQuery, pI.wsFullPath.c_str(), NULL, &hCounter);
+	status = PdhAddEnglishCounter(hQuery, pI.wsFullPath.c_str(), NULL, &hCounter);
+
+	if (FAILED(status))
+		status = PdhAddCounter(hQuery, pI.wsFullPath.c_str(), NULL, &hCounter);
+
 	if (FAILED(status))
 		goto die;
 
@@ -330,7 +317,7 @@ bool QueryPerfData(printInfoStruct& pI)
 		pI.dValue = pDisplayValues[0].FmtValue.longValue;
 		break;
 	case (PDH_FMT_LARGE):
-		pI.dValue = pDisplayValues[0].FmtValue.largeValue;
+		pI.dValue = (double) pDisplayValues[0].FmtValue.largeValue;
 		break;
 	default:
 		pI.dValue = pDisplayValues[0].FmtValue.doubleValue;
@@ -352,26 +339,27 @@ static int printOutput(const po::variables_map& vm, printInfoStruct& pi)
 	std::wstringstream wssPerfData;
 
 	if (vm.count("perf-syntax"))
-		wssPerfData << "\"" << vm["perf-syntax"].as<std::wstring>() << "\"=";
+		wssPerfData << "'" << vm["perf-syntax"].as<std::wstring>() << "'=";
 	else
-		wssPerfData << "\"" << pi.wsFullPath << "\"=";
+		wssPerfData << "'" << pi.wsFullPath << "'=";
 
 	wssPerfData << pi.dValue << ';' << pi.tWarn.pString() << ';' << pi.tCrit.pString() << ";;";
 
 	if (pi.tCrit.rend(pi.dValue)) {
-		std::wcout << "PERFMON CRITICAL \"" << (vm.count("perf-syntax") ? vm["perf-syntax"].as<std::wstring>() : pi.wsFullPath)
-			<< "\" = " << pi.dValue << " | " << wssPerfData.str() << '\n';
+		std::wcout << "PERFMON CRITICAL for '" << (vm.count("perf-syntax") ? vm["perf-syntax"].as<std::wstring>() : pi.wsFullPath)
+			<< "' = " << pi.dValue << " | " << wssPerfData.str() << "\n";
 		return 2;
 	}
 
 	if (pi.tWarn.rend(pi.dValue)) {
-		std::wcout << "PERFMON WARNING \"" << (vm.count("perf-syntax") ? vm["perf-syntax"].as<std::wstring>() : pi.wsFullPath)
-			<< "\" = " << pi.dValue << " | " << wssPerfData.str() << '\n';
+		std::wcout << "PERFMON WARNING for '" << (vm.count("perf-syntax") ? vm["perf-syntax"].as<std::wstring>() : pi.wsFullPath)
+			<< "' = " << pi.dValue << " | " << wssPerfData.str() << "\n";
 		return 1;
 	}
 
-	std::wcout << "PERFMON OK \"" << (vm.count("perf-syntax") ? vm["perf-syntax"].as<std::wstring>() : pi.wsFullPath)
-		<< "\" = " << pi.dValue << " | " << wssPerfData.str() << '\n';
+	std::wcout << "PERFMON OK for '" << (vm.count("perf-syntax") ? vm["perf-syntax"].as<std::wstring>() : pi.wsFullPath)
+		<< "' = " << pi.dValue << " | " << wssPerfData.str() << "\n";
+
 	return 0;
 }
 
diff --git a/plugins/check_ping.cpp b/plugins/check_ping.cpp
index 8be087a8f..c918d9272 100644
--- a/plugins/check_ping.cpp
+++ b/plugins/check_ping.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN //else winsock will be included with windows.h and conflict with winsock2
@@ -264,7 +247,7 @@ static bool resolveHostname(const std::wstring& hostname, bool ipv6, std::wstrin
 	DWORD ret = GetAddrInfoW(hostname.c_str(), NULL, &hints, &result);
 
 	if (ret) {
-		std::cout << "Failed to resolve hostname. Winsock Error Code: " << ret << '\n';
+		std::wcout << L"Failed to resolve hostname. Error " << ret << L": " << formatErrorInfo(ret) << L"\n";
 		return false;
 	}
 
@@ -362,7 +345,7 @@ static int check_ping4(const printInfoStruct& pi, response& response)
 		QueryPerformanceCounter(&timer2);
 
 		if (((timer2.QuadPart - timer1.QuadPart) * 1000 / frequency.QuadPart) < pi.timeout)
-			Sleep(pi.timeout - ((timer2.QuadPart - timer1.QuadPart) * 1000 / frequency.QuadPart));
+			Sleep((DWORD) (pi.timeout - ((timer2.QuadPart - timer1.QuadPart) * 1000 / frequency.QuadPart)));
 	} while (--num);
 
 	if (l_Debug)
@@ -417,82 +400,80 @@ static int check_ping6(const printInfoStruct& pi, response& response)
 
 	HANDLE hIcmp = Icmp6CreateFile();
 	if (hIcmp == INVALID_HANDLE_VALUE) {
-		goto die;
+		printErrorInfo(GetLastError());
+
+		if (hIcmp)
+			IcmpCloseHandle(hIcmp);
+
+		if (repBuf)
+			delete reinterpret_cast<BYTE *>(repBuf);
+
+		return 3;
+	} else {
+		IP_OPTION_INFORMATION ipInfo = { 30, 0, 0, 0, NULL };
+
+		LARGE_INTEGER frequency;
+		QueryPerformanceFrequency(&frequency);
+
+		do {
+			LARGE_INTEGER timer1;
+			QueryPerformanceCounter(&timer1);
+
+			if (l_Debug)
+				std::wcout << L"Sending Icmp echo" << '\n';
+
+			if (!Icmp6SendEcho2(hIcmp, NULL, NULL, NULL, &ipSource6, &ipDest6,
+				NULL, 0, &ipInfo, repBuf, dwRepSize, pi.timeout)) {
+				response.dropped++;
+				if (l_Debug)
+					std::wcout << L"Dropped: Response was 0" << '\n';
+				continue;
+			}
+
+			if (l_Debug)
+				std::wcout << "Ping recieved" << '\n';
+
+			Icmp6ParseReplies(repBuf, dwRepSize);
+
+			ICMPV6_ECHO_REPLY *pEchoReply = static_cast<ICMPV6_ECHO_REPLY *>(repBuf);
+
+			if (pEchoReply->Status != IP_SUCCESS) {
+				response.dropped++;
+				if (l_Debug)
+					std::wcout << L"Dropped: echo reply status " << pEchoReply->Status << '\n';
+				continue;
+			}
+
+			rtt += pEchoReply->RoundTripTime;
+
+			if (l_Debug)
+				std::wcout << L"Recorded rtt of " << pEchoReply->RoundTripTime << '\n';
+
+			if (response.pMin == 0 || pEchoReply->RoundTripTime < response.pMin)
+				response.pMin = pEchoReply->RoundTripTime;
+			else if (pEchoReply->RoundTripTime > response.pMax)
+				response.pMax = pEchoReply->RoundTripTime;
+
+			LARGE_INTEGER timer2;
+			QueryPerformanceCounter(&timer2);
+
+			if (((timer2.QuadPart - timer1.QuadPart) * 1000 / frequency.QuadPart) < pi.timeout)
+				Sleep((DWORD) (pi.timeout - ((timer2.QuadPart - timer1.QuadPart) * 1000 / frequency.QuadPart)));
+		} while (--num);
+
+		if (l_Debug)
+			std::wcout << L"All pings sent. Cleaning up and returning" << '\n';
+
+		if (hIcmp)
+			IcmpCloseHandle(hIcmp);
+
+		if (repBuf)
+			delete reinterpret_cast<BYTE *>(repBuf);
+
+		response.avg = ((double)rtt / pi.num);
+
+		return -1;
 	}
-
-	IP_OPTION_INFORMATION ipInfo = { 30, 0, 0, 0, NULL };
-
-	LARGE_INTEGER frequency;
-	QueryPerformanceFrequency(&frequency);
-
-	do {
-		LARGE_INTEGER timer1;
-		QueryPerformanceCounter(&timer1);
-
-		if (l_Debug)
-			std::wcout << L"Sending Icmp echo" << '\n';
-
-		if (!Icmp6SendEcho2(hIcmp, NULL, NULL, NULL, &ipSource6, &ipDest6,
-			NULL, 0, &ipInfo, repBuf, dwRepSize, pi.timeout)) {
-			response.dropped++;
-			if (l_Debug)
-				std::wcout << L"Dropped: Response was 0" << '\n';
-			continue;
-		}
-
-		if (l_Debug)
-			std::wcout << "Ping recieved" << '\n';
-
-		Icmp6ParseReplies(repBuf, dwRepSize);
-
-		ICMPV6_ECHO_REPLY *pEchoReply = static_cast<ICMPV6_ECHO_REPLY *>(repBuf);
-
-		if (pEchoReply->Status != IP_SUCCESS) {
-			response.dropped++;
-			if (l_Debug)
-				std::wcout << L"Dropped: echo reply status " << pEchoReply->Status << '\n';
-			continue;
-		}
-
-		rtt += pEchoReply->RoundTripTime;
-
-		if (l_Debug)
-			std::wcout << L"Recorded rtt of " << pEchoReply->RoundTripTime << '\n';
-
-		if (response.pMin == 0 || pEchoReply->RoundTripTime < response.pMin)
-			response.pMin = pEchoReply->RoundTripTime;
-		else if (pEchoReply->RoundTripTime > response.pMax)
-			response.pMax = pEchoReply->RoundTripTime;
-
-		LARGE_INTEGER timer2;
-		QueryPerformanceCounter(&timer2);
-
-		if (((timer2.QuadPart - timer1.QuadPart) * 1000 / frequency.QuadPart) < pi.timeout)
-			Sleep(pi.timeout - ((timer2.QuadPart - timer1.QuadPart) * 1000 / frequency.QuadPart));
-	} while (--num);
-
-	if (l_Debug)
-		std::wcout << L"All pings sent. Cleaning up and returning" << '\n';
-
-	if (hIcmp)
-		IcmpCloseHandle(hIcmp);
-
-	if (repBuf)
-		delete reinterpret_cast<BYTE *>(repBuf);
-
-	response.avg = ((double)rtt / pi.num);
-
-	return -1;
-die:
-	printErrorInfo(GetLastError());
-
-	if (hIcmp)
-		IcmpCloseHandle(hIcmp);
-
-	if (repBuf)
-		delete reinterpret_cast<BYTE *>(repBuf);
-
-	return 3;
 }
 
 int wmain(int argc, WCHAR **argv)
diff --git a/plugins/check_procs.cpp b/plugins/check_procs.cpp
index ee7fd3261..44e2483ef 100644
--- a/plugins/check_procs.cpp
+++ b/plugins/check_procs.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
diff --git a/plugins/check_service.cpp b/plugins/check_service.cpp
index e6e12d74e..cd0cf1462 100644
--- a/plugins/check_service.cpp
+++ b/plugins/check_service.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -60,8 +43,10 @@ static int parseArguments(int ac, WCHAR **av, po::variables_map& vm, printInfoSt
 			parser
 			.options(desc)
 			.style(
-			po::command_line_style::unix_style |
-			po::command_line_style::allow_long_disguise)
+			po::command_line_style::unix_style &
+			~po::command_line_style::allow_guessing |
+			po::command_line_style::allow_long_disguise
+			)
 			.run(),
 			vm);
 		vm.notify();
@@ -124,7 +109,7 @@ static int printOutput(const printInfoStruct& printInfo)
 	state state = OK;
 
 	if (!printInfo.ServiceState) {
-		std::wcout << L"SERVICE CRITICAL NOTFOUND | service=" << printInfo.ServiceState << ";;;1;7" << '\n';
+		std::wcout << L"SERVICE CRITICAL NOT FOUND | 'service'=" << printInfo.ServiceState << ";;;1;7" << '\n';
 		return 3;
 	}
 
@@ -133,13 +118,13 @@ static int printOutput(const printInfoStruct& printInfo)
 
 	switch (state) {
 	case OK:
-		std::wcout << L"SERVICE \"" << printInfo.service << "\" OK RUNNING | service=4;;;1;7" << '\n';
+		std::wcout << L"SERVICE \"" << printInfo.service << "\" OK RUNNING | 'service'=4;;;1;7" << '\n';
 		break;
 	case WARNING:
-		std::wcout << L"SERVICE \"" << printInfo.service << "\" WARNING NOT RUNNING | service=" << printInfo.ServiceState << ";;;1;7" << '\n';
+		std::wcout << L"SERVICE \"" << printInfo.service << "\" WARNING NOT RUNNING | 'service'=" << printInfo.ServiceState << ";;;1;7" << '\n';
 		break;
 	case CRITICAL:
-		std::wcout << L"SERVICE \"" << printInfo.service << "\" CRITICAL NOT RUNNING | service=" << printInfo.ServiceState << ";;;1;7" << '\n';
+		std::wcout << L"SERVICE \"" << printInfo.service << "\" CRITICAL NOT RUNNING | 'service'=" << printInfo.ServiceState << ";;;1;7" << '\n';
 		break;
 	}
 
@@ -184,7 +169,7 @@ static std::wstring getServiceByDescription(const std::wstring& description)
 	EnumServicesStatus(hSCM, SERVICE_WIN32 | SERVICE_DRIVER, SERVICE_STATE_ALL, lpServices, pcbBytesNeeded,
 		&pcbBytesNeeded, &lpServicesReturned, &lpResumeHandle);
 
-	for (int index = 0; index < lpServicesReturned; index++) {
+	for (decltype(lpServicesReturned) index = 0; index < lpServicesReturned; index++) {
 		LPWSTR lpCurrent = lpServices[index].lpServiceName;
 
 		if (l_Debug) {
diff --git a/plugins/check_swap.cpp b/plugins/check_swap.cpp
index d405a094f..dc08f3b3b 100644
--- a/plugins/check_swap.cpp
+++ b/plugins/check_swap.cpp
@@ -1,27 +1,11 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
 #include <iostream>
 #include <shlwapi.h>
-#include <winbase.h>
+#include <Psapi.h>
+#include <vector>
 
 #define VERSION 1.0
 
@@ -35,10 +19,29 @@ struct printInfoStruct
 	double aSwap;
 	double percentFree;
 	Bunit unit = BunitMB;
+	bool showUsed;
+};
+
+struct pageFileInfo
+{
+	SIZE_T totalSwap;
+	SIZE_T availableSpwap;
 };
 
 static bool l_Debug;
 
+BOOL EnumPageFilesProc(LPVOID pContext, PENUM_PAGE_FILE_INFORMATION pPageFileInfo, LPCWSTR lpFilename) {
+	std::vector<pageFileInfo>* pageFile = static_cast<std::vector<pageFileInfo>*>(pContext);
+	SYSTEM_INFO systemInfo;
+
+	GetSystemInfo(&systemInfo);
+
+	// pPageFileInfo output is in pages, we need to multiply it by the page size
+	pageFile->push_back({ pPageFileInfo->TotalSize * systemInfo.dwPageSize, (pPageFileInfo->TotalSize - pPageFileInfo->TotalInUse) * systemInfo.dwPageSize });
+
+	return TRUE;
+}
+
 static int parseArguments(int ac, WCHAR **av, po::variables_map& vm, printInfoStruct& printInfo)
 {
 	WCHAR namePath[MAX_PATH];
@@ -54,6 +57,7 @@ static int parseArguments(int ac, WCHAR **av, po::variables_map& vm, printInfoSt
 		("warning,w", po::wvalue<std::wstring>(), "Warning threshold")
 		("critical,c", po::wvalue<std::wstring>(), "Critical threshold")
 		("unit,u", po::wvalue<std::wstring>(), "The unit to use for display (default MB)")
+		("show-used,U", "Show used swap instead of the free swap")
 		;
 
 	po::wcommand_line_parser parser(ac, av);
@@ -148,6 +152,12 @@ static int parseArguments(int ac, WCHAR **av, po::variables_map& vm, printInfoSt
 		}
 	}
 
+	if (vm.count("show-used")) {
+		printInfo.showUsed = true;
+		printInfo.warn.legal = true;
+		printInfo.crit.legal = true;
+	}
+
 	return -1;
 }
 
@@ -158,46 +168,55 @@ static int printOutput(printInfoStruct& printInfo)
 
 	state state = OK;
 
-	if (printInfo.warn.rend(printInfo.aSwap, printInfo.tSwap))
+	std::wcout << L"SWAP ";
+
+	double currentValue;
+
+	if (!printInfo.showUsed)
+		currentValue = printInfo.aSwap;
+	else
+		currentValue = printInfo.tSwap - printInfo.aSwap;
+
+	if (printInfo.warn.rend(currentValue, printInfo.tSwap))
 		state = WARNING;
 
-	if (printInfo.crit.rend(printInfo.aSwap, printInfo.tSwap))
+	if (printInfo.crit.rend(currentValue, printInfo.tSwap))
 		state = CRITICAL;
 
-	switch (state) {
-	case OK:
-		std::wcout << L"SWAP OK - " << printInfo.percentFree << L"% free | swap=" << printInfo.aSwap << BunitStr(printInfo.unit) << L";"
-			<< printInfo.warn.pString(printInfo.tSwap) << L";" << printInfo.crit.pString(printInfo.tSwap)
-			<< L";0;" << printInfo.tSwap << '\n';
-		break;
-	case WARNING:
-		std::wcout << L"SWAP WARNING - " << printInfo.percentFree << L"% free | swap=" << printInfo.aSwap << BunitStr(printInfo.unit) << L";"
-			<< printInfo.warn.pString(printInfo.tSwap) << L";" << printInfo.crit.pString(printInfo.tSwap)
-			<< L";0;" << printInfo.tSwap << '\n';
-		break;
-	case CRITICAL:
-		std::wcout << L"SWAP CRITICAL - " << printInfo.percentFree << L"% free | swap=" << printInfo.aSwap << BunitStr(printInfo.unit) << L";"
-			<< printInfo.warn.pString(printInfo.tSwap) << L";" << printInfo.crit.pString(printInfo.tSwap)
-			<< L";0;" << printInfo.tSwap << '\n';
-		break;
-	}
+	std::wcout << stateToString(state) << " - ";
+
+	if (!printInfo.showUsed)
+		std::wcout << printInfo.percentFree << L"% free ";
+	else
+		std::wcout << 100 - printInfo.percentFree << L"% used ";
+
+	std::wcout << "| 'swap'=" << currentValue << BunitStr(printInfo.unit) << L";"
+		<< printInfo.warn.pString(printInfo.tSwap) << L";" << printInfo.crit.pString(printInfo.tSwap)
+		<< L";0;" << printInfo.tSwap << '\n';
 
 	return state;
 }
 
 static int check_swap(printInfoStruct& printInfo)
 {
-	MEMORYSTATUSEX MemBuf;
-	MemBuf.dwLength = sizeof(MemBuf);
+	// Needs explicit cast: http://msinilo.pl/blog2/post/p1348/
+	PENUM_PAGE_FILE_CALLBACKW pageFileCallback = (PENUM_PAGE_FILE_CALLBACKW)EnumPageFilesProc;
+	std::vector<pageFileInfo> pageFiles;
 
-	if (!GlobalMemoryStatusEx(&MemBuf)) {
+	if(!EnumPageFilesW(pageFileCallback, &pageFiles)) {
 		printErrorInfo();
 		return 3;
 	}
 
-	printInfo.tSwap = round(MemBuf.ullTotalPageFile / pow(1024.0, printInfo.unit));
-	printInfo.aSwap = round(MemBuf.ullAvailPageFile / pow(1024.0, printInfo.unit));
-	printInfo.percentFree = 100.0 * MemBuf.ullAvailPageFile / MemBuf.ullTotalPageFile;
+	for (int i = 0; i < pageFiles.size(); i++) {
+		printInfo.tSwap += round(pageFiles.at(i).totalSwap / pow(1024.0, printInfo.unit));
+		printInfo.aSwap += round(pageFiles.at(i).availableSpwap / pow(1024.0, printInfo.unit));
+	}
+
+	if (printInfo.aSwap > 0 && printInfo.tSwap > 0)
+		printInfo.percentFree = 100.0 * printInfo.aSwap / printInfo.tSwap;
+	else
+		printInfo.percentFree = 0;
 
 	return -1;
 }
diff --git a/plugins/check_update.cpp b/plugins/check_update.cpp
index 31d98e44b..2711d9330 100644
--- a/plugins/check_update.cpp
+++ b/plugins/check_update.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -33,11 +16,11 @@ namespace po = boost::program_options;
 
 struct printInfoStruct
 {
-	bool warn{false};
-	bool crit{false};
+	int warn{0};
+	int crit{0};
 	LONG numUpdates{0};
-	bool important{false};
-	bool reboot{false};
+	bool ignoreReboot{false};
+	int reboot{0};
 	bool careForCanRequest{false};
 };
 
@@ -55,9 +38,10 @@ static int parseArguments(int ac, WCHAR **av, po::variables_map& vm, printInfoSt
 		("help,h", "Print help message and exit")
 		("version,V", "Print version and exit")
 		("debug,d", "Verbose/Debug output")
-		("warning,w", "Warn if there are important updates available")
-		("critical,c", "Critical if there are important updates that require a reboot")
+		("warning,w", po::value<int>(), "Number of updates to trigger a warning.")
+		("critical,c", po::value<int>(), "Number of updates to trigger a critical.")
 		("possible-reboot", "Treat \"update may need reboot\" as \"update needs reboot\"")
+		("no-reboot-critical", "Do not automatically return critical if an update requiring reboot is present.")
 		;
 
 	po::wcommand_line_parser parser(ac, av);
@@ -87,36 +71,37 @@ static int parseArguments(int ac, WCHAR **av, po::variables_map& vm, printInfoSt
 			L"\nAfter some time, it will then output a string like this one:\n\n"
 			L"\tUPDATE WARNING 8 | updates=8;1;1;0\n\n"
 			L"\"UPDATE\" being the type of the check, \"WARNING\" the returned status\n"
-			L"and \"8\" is the number of important updates updates.\n"
+			L"and \"8\" is the number of important updates.\n"
 			L"The performance data is found behind the \"|\", in order:\n"
 			L"returned value, warning threshold, critical threshold, minimal value and,\n"
-			L"if applicable, the maximal value. Performance data will only be displayed when\n"
-			L"you set at least one threshold\n\n"
+			L"if applicable, the maximal value.\n\n"
 			L"An update counts as important when it is part of the Security- or\n"
 			L"CriticalUpdates group.\n"
 			L"Consult the msdn on WSUS Classification GUIDs for more information.\n"
 			L"%s' exit codes denote the following:\n"
 			L" 0\tOK,\n\tNo Thresholds were broken or the programs check part was not executed\n"
 			L" 1\tWARNING,\n\tThe warning, but not the critical threshold was broken\n"
-			L" 2\tCRITICAL,\n\tThe critical threshold was broken\n"
+			L" 2\tCRITICAL,\n\tThe critical threshold was broken or an update required reboot.\n"
 			L" 3\tUNKNOWN, \n\tThe program experienced an internal or input error\n\n"
-			L"%s works different from other plugins in that you do not set thresholds\n"
-			L"but only activate them. Using \"-w\" triggers warning state if there are not\n"
-			L"installed and non-optional updates. \"-c\" triggers critical if there are\n"
-			L"non-optional updates that require a reboot.\n"
+			L"If a warning threshold is set but not a critical threshold, the critical\n"
+			L"threshold will be set to one greater than the set warning threshold.\n\n"
 			L"The \"possible-reboot\" option is not recommended since this true for nearly\n"
 			L"every update."
-			, progName, progName);
+			, progName);
 		std::cout << '\n';
 		return 0;
 	} if (vm.count("version")) {
 		std::cout << "Version: " << VERSION << '\n';
 		return 0;
 	}
-
-	printInfo.warn = vm.count("warning") > 0;
-	printInfo.crit = vm.count("critical") > 0;
+	if(vm.count("warning"))
+		printInfo.warn = vm["warning"].as<int>();
+	if (vm.count("critical"))
+		printInfo.crit = vm["critical"].as<int>();
+	else if (vm.count("warning"))
+		printInfo.crit = printInfo.warn + 1;
 	printInfo.careForCanRequest = vm.count("possible-reboot") > 0;
+	printInfo.ignoreReboot = vm.count("no-reboot-critical") > 0;
 
 	l_Debug = vm.count("debug") > 0;
 
@@ -131,10 +116,10 @@ static int printOutput(const printInfoStruct& printInfo)
 	state state = OK;
 	std::wstring output = L"UPDATE ";
 
-	if (printInfo.important)
+	if (printInfo.numUpdates >= printInfo.warn && printInfo.warn)
 		state = WARNING;
 
-	if (printInfo.reboot)
+	if ((printInfo.reboot && !printInfo.ignoreReboot) || (printInfo.numUpdates >= printInfo.crit && printInfo.crit))
 		state = CRITICAL;
 
 	switch (state) {
@@ -148,8 +133,13 @@ static int printOutput(const printInfoStruct& printInfo)
 		output.append(L"CRITICAL ");
 		break;
 	}
-
-	std::wcout << output << printInfo.numUpdates << L" | update=" << printInfo.numUpdates << L";"
+	output.append(std::to_wstring(printInfo.numUpdates));
+	if (printInfo.reboot) {
+		output.append(L"; ");
+		output.append(std::to_wstring(printInfo.reboot));
+		output.append(L" NEED REBOOT ");
+	}
+	std::wcout << output << L" | 'update'=" << printInfo.numUpdates << L";"
 		<< printInfo.warn << L";" << printInfo.crit << L";0;" << '\n';
 
 	return state;
@@ -214,15 +204,16 @@ static int check_update(printInfoStruct& printInfo)
 		pUpdate->get_InstallationBehavior(&pIbehav);
 		pIbehav->get_RebootBehavior(&updateReboot);
 		if (updateReboot == irbAlwaysRequiresReboot) {
-			printInfo.reboot = true;
+			printInfo.reboot++;
 			if (l_Debug)
 				std::wcout << L"It requires reboot" << '\n';
 			continue;
 		}
-		if (printInfo.careForCanRequest && updateReboot == irbCanRequestReboot)
+		if (printInfo.careForCanRequest && updateReboot == irbCanRequestReboot) {
 			if (l_Debug)
 				std::wcout << L"It requires reboot" << '\n';
-		printInfo.reboot = true;
+			printInfo.reboot++;
+		}
 	}
 
 	if (l_Debug)
diff --git a/plugins/check_uptime.cpp b/plugins/check_uptime.cpp
index 038625ade..93d540af2 100644
--- a/plugins/check_uptime.cpp
+++ b/plugins/check_uptime.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -33,6 +16,7 @@ struct printInfoStruct
 	threshold warn;
 	threshold crit;
 	long long time;
+	long long timeInSeconds;
 	Tunit unit;
 };
 
@@ -159,26 +143,26 @@ static int printOutput(printInfoStruct& printInfo)
 
 	state state = OK;
 
-	if (printInfo.warn.rend(printInfo.time))
+	if (printInfo.warn.rend((double) printInfo.time))
 		state = WARNING;
-	if (printInfo.crit.rend(printInfo.time))
+	if (printInfo.crit.rend((double) printInfo.time))
 		state = CRITICAL;
 
 	switch (state) {
 	case OK:
-		std::wcout << L"UPTIME OK " << printInfo.time << TunitStr(printInfo.unit) << L" | uptime=" << printInfo.time
-			<< TunitStr(printInfo.unit) << L";" << printInfo.warn.pString() << L";"
-			<< printInfo.crit.pString() << L";0;" << '\n';
+		std::wcout << L"UPTIME OK " << printInfo.time << TunitStr(printInfo.unit) << L" | 'uptime'=" << printInfo.timeInSeconds
+			<< "s" << L";" << printInfo.warn.toSeconds(printInfo.unit).pString() << L";"
+			<< printInfo.crit.toSeconds(printInfo.unit).pString() << L";0;" << '\n';
 		break;
 	case WARNING:
-		std::wcout << L"UPTIME WARNING " << printInfo.time << TunitStr(printInfo.unit) << L" | uptime=" << printInfo.time
-			<< TunitStr(printInfo.unit) << L";" << printInfo.warn.pString() << L";"
-			<< printInfo.crit.pString() << L";0;" << '\n';
+		std::wcout << L"UPTIME WARNING " << printInfo.time << TunitStr(printInfo.unit) << L" | 'uptime'=" << printInfo.timeInSeconds
+			<< "s" << L";" << printInfo.warn.toSeconds(printInfo.unit).pString() << L";"
+			<< printInfo.crit.toSeconds(printInfo.unit).pString() << L";0;" << '\n';
 		break;
 	case CRITICAL:
-		std::wcout << L"UPTIME CRITICAL " << printInfo.time << TunitStr(printInfo.unit) << L" | uptime=" << printInfo.time
-			<< TunitStr(printInfo.unit) << L";" << printInfo.warn.pString() << L";"
-			<< printInfo.crit.pString() << L";0;" << '\n';
+		std::wcout << L"UPTIME CRITICAL " << printInfo.time << TunitStr(printInfo.unit) << L" | 'uptime'=" << printInfo.timeInSeconds
+			<< "s" << L";" << printInfo.warn.toSeconds(printInfo.unit).pString() << L";"
+			<< printInfo.crit.toSeconds(printInfo.unit).pString() << L";0;" << '\n';
 		break;
 	}
 
@@ -209,6 +193,9 @@ static void getUptime(printInfoStruct& printInfo)
 		printInfo.time = uptime.count();
 		break;
 	}
+
+	// For the Performance Data we need the time in seconds
+	printInfo.timeInSeconds = boost::chrono::duration_cast<boost::chrono::seconds>(uptime).count();
 }
 
 int wmain(int argc, WCHAR **argv)
diff --git a/plugins/check_users.cpp b/plugins/check_users.cpp
index 993a40027..9193551db 100644
--- a/plugins/check_users.cpp
+++ b/plugins/check_users.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/program_options.hpp>
@@ -151,15 +134,15 @@ static int printOutput(printInfoStruct& printInfo)
 
 	switch (state) {
 	case OK:
-		std::wcout << L"USERS OK " << printInfo.users << L" User(s) logged in | users=" << printInfo.users << L";"
+		std::wcout << L"USERS OK " << printInfo.users << L" User(s) logged in | 'users'=" << printInfo.users << L";"
 			<< printInfo.warn.pString() << L";" << printInfo.crit.pString() << L";0;" << '\n';
 		break;
 	case WARNING:
-		std::wcout << L"USERS WARNING " << printInfo.users << L" User(s) logged in | users=" << printInfo.users << L";"
+		std::wcout << L"USERS WARNING " << printInfo.users << L" User(s) logged in | 'users'=" << printInfo.users << L";"
 			<< printInfo.warn.pString() << L";" << printInfo.crit.pString() << L";0;" << '\n';
 		break;
 	case CRITICAL:
-		std::wcout << L"USERS CRITICAL " << printInfo.users << L" User(s) logged in | users=" << printInfo.users << L";"
+		std::wcout << L"USERS CRITICAL " << printInfo.users << L" User(s) logged in | 'users'=" << printInfo.users << L";"
 			<< printInfo.warn.pString() << L";" << printInfo.crit.pString() << L";0;" << '\n';
 		break;
 	}
diff --git a/plugins/thresholds.cpp b/plugins/thresholds.cpp
index f80e7d634..bdd67ee95 100644
--- a/plugins/thresholds.cpp
+++ b/plugins/thresholds.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "plugins/thresholds.hpp"
 #include <boost/algorithm/string.hpp>
@@ -28,6 +11,13 @@ threshold::threshold()
 	: set(false)
 {}
 
+threshold::threshold(const double v, const double c, bool l , bool p ) {
+	lower = v;
+	upper = c;
+	legal = l;
+	perc = p;
+}
+
 threshold::threshold(const std::wstring& stri)
 {
 	if (stri.empty())
@@ -126,6 +116,35 @@ std::wstring threshold::pString(const double max)
 	return s;
 }
 
+threshold threshold::toSeconds(const Tunit& fromUnit) {
+	if (!set)
+		return *this;
+
+	double lowerAbs = lower;
+	double upperAbs = upper;
+
+	switch (fromUnit) {
+	case TunitMS:
+		lowerAbs = lowerAbs / 1000;
+		upperAbs = upperAbs / 1000;
+		break;
+	case TunitS:
+		lowerAbs = lowerAbs ;
+		upperAbs = upperAbs ;
+		break;
+	case TunitM:
+		lowerAbs = lowerAbs * 60;
+		upperAbs = upperAbs * 60;
+		break;
+	case TunitH:
+		lowerAbs = lowerAbs * 60 * 60;
+		upperAbs = upperAbs * 60 * 60;
+		break;
+	}
+
+	return threshold(lowerAbs, upperAbs, legal, perc);
+}
+
 std::wstring removeZero(double val)
 {
 	std::wstring ret = boost::lexical_cast<std::wstring>(val);
@@ -223,7 +242,35 @@ void printErrorInfo(unsigned long err)
 	LPWSTR mBuf = NULL;
 	if (!FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
 		NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPWSTR)&mBuf, 0, NULL))
-			std::wcout << "Failed to format error message, last error was: " << err << '\n';
-	else
+		std::wcout << "Failed to format error message, last error was: " << err << '\n';
+	else {
+		boost::trim_right(std::wstring(mBuf));
 		std::wcout << mBuf << std::endl;
+	}
 }
+
+std::wstring formatErrorInfo(unsigned long err) {
+	std::wostringstream out;
+	if (!err)
+		err = GetLastError();
+	LPWSTR mBuf = NULL;
+	if (!FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
+		NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPWSTR)&mBuf, 0, NULL))
+		out << "Failed to format error message, last error was: " << err;
+	else {
+		std::wstring tempOut = std::wstring(mBuf);
+		boost::trim_right(tempOut);
+		out << tempOut;
+	}
+
+	return out.str();
+}
+
+std::wstring stateToString(const state& state) {
+	switch (state) {
+		case OK: return L"OK";
+		case WARNING: return L"WARNING";
+		case CRITICAL: return L"CRITICAL";
+		default: return L"UNKNOWN";
+	}
+}
\ No newline at end of file
diff --git a/plugins/thresholds.hpp b/plugins/thresholds.hpp
index 1a63e5a4d..4c47ddb7d 100644
--- a/plugins/thresholds.hpp
+++ b/plugins/thresholds.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef THRESHOLDS_H
 #define THRESHOLDS_H
@@ -62,6 +45,7 @@ public:
 	// returns a printable string of the threshold
 	std::wstring pString(const double max = 100.0);
 
+	threshold toSeconds(const Tunit& fromUnit);
 };
 
 std::wstring removeZero(double);
@@ -73,5 +57,8 @@ Tunit parseTUnit(const std::wstring&);
 std::wstring TunitStr(const Tunit&);
 
 void printErrorInfo(unsigned long err = 0);
+std::wstring formatErrorInfo(unsigned long err);
+
+std::wstring stateToString(const state&);
 
 #endif /* THRESHOLDS_H */
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 29a16646f..bfcd83ffd 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 include(BoostTestTargets)
 
@@ -28,6 +13,7 @@ set(base_test_SOURCES
   base-match.cpp
   base-netstring.cpp
   base-object.cpp
+  base-object-packer.cpp
   base-serialize.cpp
   base-shellescape.cpp
   base-stacktrace.cpp
@@ -35,6 +21,7 @@ set(base_test_SOURCES
   base-string.cpp
   base-timer.cpp
   base-type.cpp
+  base-utility.cpp
   base-value.cpp
   config-ops.cpp
   icinga-checkresult.cpp
@@ -43,7 +30,6 @@ set(base_test_SOURCES
   icinga-notification.cpp
   icinga-perfdata.cpp
   remote-url.cpp
-  remote-user.cpp
   ${base_OBJS}
   $<TARGET_OBJECTS:config>
   $<TARGET_OBJECTS:remote>
@@ -73,6 +59,8 @@ add_boost_test(base
     base_convert/tostring
     base_convert/tobool
     base_dictionary/construct
+    base_dictionary/initializer1
+    base_dictionary/initializer2
     base_dictionary/get1
     base_dictionary/get2
     base_dictionary/foreach
@@ -81,7 +69,16 @@ add_boost_test(base
     base_dictionary/json
     base_fifo/construct
     base_fifo/io
+    base_json/encode
+    base_json/decode
     base_json/invalid1
+    base_object_packer/pack_null
+    base_object_packer/pack_false
+    base_object_packer/pack_true
+    base_object_packer/pack_number
+    base_object_packer/pack_string
+    base_object_packer/pack_array
+    base_object_packer/pack_object
     base_match/tolong
     base_netstring/netstring
     base_object/construct
@@ -111,6 +108,11 @@ add_boost_test(base
     base_type/assign
     base_type/byname
     base_type/instantiate
+    base_utility/parse_version
+    base_utility/compare_version
+    base_utility/comparepasswords_works
+    base_utility/comparepasswords_issafe
+    base_utility/validateutf8
     base_value/scalar
     base_value/convert
     base_value/format
@@ -124,10 +126,12 @@ add_boost_test(base
     icinga_checkresult/service_3attempts
     icinga_checkresult/host_flapping_notification
     icinga_checkresult/service_flapping_notification
+    icinga_notification/strings
     icinga_notification/state_filter
     icinga_notification/type_filter
     icinga_macros/simple
     icinga_legacytimeperiod/simple
+    icinga_legacytimeperiod/advanced
     icinga_perfdata/empty
     icinga_perfdata/simple
     icinga_perfdata/quotes
@@ -142,7 +146,6 @@ add_boost_test(base
     remote_url/get_and_set
     remote_url/format
     remote_url/illegal_legal_strings
-    api_user/password
 )
 
 if(ICINGA2_WITH_LIVESTATUS)
diff --git a/test/base-array.cpp b/test/base-array.cpp
index 74bbd692c..33e54e8f1 100644
--- a/test/base-array.cpp
+++ b/test/base-array.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/array.hpp"
 #include "base/objectlock.hpp"
diff --git a/test/base-base64.cpp b/test/base-base64.cpp
index eb9c2af01..f9e6aece7 100644
--- a/test/base-base64.cpp
+++ b/test/base-base64.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/base64.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/base-convert.cpp b/test/base-convert.cpp
index 5f32cc392..17805ea5c 100644
--- a/test/base-convert.cpp
+++ b/test/base-convert.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/convert.hpp"
 #include "base/object.hpp"
@@ -33,6 +16,8 @@ BOOST_AUTO_TEST_CASE(tolong)
 	BOOST_CHECK_THROW(Convert::ToLong("7a"), boost::exception);
 
 	BOOST_CHECK(Convert::ToLong(Value(-7)) == -7);
+
+	BOOST_CHECK(Convert::ToLong(3.141386593) == 3);
 }
 
 BOOST_AUTO_TEST_CASE(todouble)
diff --git a/test/base-dictionary.cpp b/test/base-dictionary.cpp
index 92146c879..cd074e1a9 100644
--- a/test/base-dictionary.cpp
+++ b/test/base-dictionary.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/dictionary.hpp"
 #include "base/objectlock.hpp"
@@ -32,6 +15,28 @@ BOOST_AUTO_TEST_CASE(construct)
 	BOOST_CHECK(dictionary);
 }
 
+BOOST_AUTO_TEST_CASE(initializer1)
+{
+	DictionaryData dict;
+
+	dict.emplace_back("test1", "Gin-o-clock");
+
+	Dictionary::Ptr dictionary = new Dictionary(std::move(dict));
+
+	Value test1;
+	test1 = dictionary->Get("test1");
+	BOOST_CHECK(test1 == "Gin-o-clock");
+}
+
+BOOST_AUTO_TEST_CASE(initializer2)
+{
+	Dictionary::Ptr dictionary = new Dictionary({ {"test1", "Gin-for-the-win"} });
+
+	Value test1;
+	test1 = dictionary->Get("test1");
+	BOOST_CHECK(test1 == "Gin-for-the-win");
+}
+
 BOOST_AUTO_TEST_CASE(get1)
 {
 	Dictionary::Ptr dictionary = new Dictionary();
diff --git a/test/base-fifo.cpp b/test/base-fifo.cpp
index eb67cdda4..5ecf1ac7d 100644
--- a/test/base-fifo.cpp
+++ b/test/base-fifo.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/fifo.hpp"
 #include "base/objectlock.hpp"
diff --git a/test/base-json.cpp b/test/base-json.cpp
index e7054c776..271d4f771 100644
--- a/test/base-json.cpp
+++ b/test/base-json.cpp
@@ -1,31 +1,99 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/dictionary.hpp"
+#include "base/namespace.hpp"
+#include "base/array.hpp"
 #include "base/objectlock.hpp"
 #include "base/json.hpp"
+#include <boost/algorithm/string/replace.hpp>
 #include <BoostTestTargetConfig.h>
 
 using namespace icinga;
 
 BOOST_AUTO_TEST_SUITE(base_json)
 
+BOOST_AUTO_TEST_CASE(encode)
+{
+	Dictionary::Ptr input (new Dictionary({
+		{ "array", new Array({ new Namespace() }) },
+		{ "false", false },
+		{ "float", -1.25 },
+		{ "int", -42 },
+		{ "null", Value() },
+		{ "string", "LF\nTAB\tAUml\xC3\xA4Ill\xC3" },
+		{ "true", true },
+		{ "uint", 23u }
+	}));
+
+	String output (R"EOF({
+    "array": [
+        {}
+    ],
+    "false": false,
+    "float": -1.25,
+    "int": -42.0,
+    "null": null,
+    "string": "LF\nTAB\tAUml\u00e4Ill\ufffd",
+    "true": true,
+    "uint": 23.0
+})EOF");
+
+	BOOST_CHECK(JsonEncode(input, true) == output);
+
+	boost::algorithm::replace_all(output, " ", "");
+	boost::algorithm::replace_all(output, "\n", "");
+
+	BOOST_CHECK(JsonEncode(input, false) == output);
+}
+
+BOOST_AUTO_TEST_CASE(decode)
+{
+	String input (R"EOF({
+    "array": [
+        {}
+    ],
+    "false": false,
+    "float": -1.25,
+    "int": -42.0,
+    "null": null,
+    "string": "LF\nTAB\tAUmlIll",
+    "true": true,
+    "uint": 23.0
+})EOF");
+
+	boost::algorithm::replace_all(input, "AUml", "AUml\xC3\xA4");
+	boost::algorithm::replace_all(input, "Ill", "Ill\xC3");
+
+	auto output ((Dictionary::Ptr)JsonDecode(input));
+	BOOST_CHECK(output->GetKeys() == std::vector<String>({"array", "false", "float", "int", "null", "string", "true", "uint"}));
+
+	auto array ((Array::Ptr)output->Get("array"));
+	BOOST_CHECK(array->GetLength() == 1u);
+
+	auto array0 ((Dictionary::Ptr)array->Get(0));
+	BOOST_CHECK(array0->GetKeys() == std::vector<String>());
+
+	auto fAlse (output->Get("false"));
+	BOOST_CHECK(fAlse.IsBoolean() && !fAlse.ToBool());
+
+	auto fLoat (output->Get("float"));
+	BOOST_CHECK(fLoat.IsNumber() && fLoat.Get<double>() == -1.25);
+
+	auto iNt (output->Get("int"));
+	BOOST_CHECK(iNt.IsNumber() && iNt.Get<double>() == -42.0);
+
+	BOOST_CHECK(output->Get("null").IsEmpty());
+
+	auto string (output->Get("string"));
+	BOOST_CHECK(string.IsString() && string.Get<String>() == "LF\nTAB\tAUml\xC3\xA4Ill\xEF\xBF\xBD");
+
+	auto tRue (output->Get("true"));
+	BOOST_CHECK(tRue.IsBoolean() && tRue.ToBool());
+
+	auto uint (output->Get("uint"));
+	BOOST_CHECK(uint.IsNumber() && uint.Get<double>() == 23.0);
+}
+
 BOOST_AUTO_TEST_CASE(invalid1)
 {
 	BOOST_CHECK_THROW(JsonDecode("\"1.7"), std::exception);
diff --git a/test/base-match.cpp b/test/base-match.cpp
index 5c3b44dfc..7fad3cba8 100644
--- a/test/base-match.cpp
+++ b/test/base-match.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/utility.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/base-netstring.cpp b/test/base-netstring.cpp
index 8e477fcc0..faa7eb56f 100644
--- a/test/base-netstring.cpp
+++ b/test/base-netstring.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/netstring.hpp"
 #include "base/fifo.hpp"
diff --git a/test/base-object-packer.cpp b/test/base-object-packer.cpp
new file mode 100644
index 000000000..b84705d14
--- /dev/null
+++ b/test/base-object-packer.cpp
@@ -0,0 +1,264 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/object-packer.hpp"
+#include "base/value.hpp"
+#include "base/string.hpp"
+#include "base/array.hpp"
+#include "base/dictionary.hpp"
+#include <BoostTestTargetConfig.h>
+#include <climits>
+#include <initializer_list>
+#include <iomanip>
+#include <sstream>
+
+using namespace icinga;
+
+#if CHAR_MIN != 0
+union CharU2SConverter
+{
+	CharU2SConverter()
+	{
+		s = 0;
+	}
+
+	unsigned char u;
+	signed char s;
+};
+#endif
+
+/**
+ * Avoid implementation-defined overflows during unsigned to signed casts
+ */
+static inline char UIntToByte(unsigned i)
+{
+#if CHAR_MIN == 0
+	return i;
+#else
+	CharU2SConverter converter;
+
+	converter.u = i;
+	return converter.s;
+#endif
+}
+
+#if CHAR_MIN != 0
+union CharS2UConverter
+{
+	CharS2UConverter()
+	{
+		u = 0;
+	}
+
+	unsigned char u;
+	signed char s;
+};
+#endif
+
+/**
+ * Avoid implementation-defined underflows during signed to unsigned casts
+ */
+static inline unsigned ByteToUInt(char c)
+{
+#if CHAR_MIN == 0
+	return c;
+#else
+	CharS2UConverter converter;
+
+	converter.s = c;
+	return converter.u;
+#endif
+}
+
+/**
+ * Compare the expected output with the actual output
+ */
+static inline bool ComparePackObjectResult(const String& actualOutput, const std::initializer_list<int>& out)
+{
+	if (actualOutput.GetLength() != out.size())
+		return false;
+
+	auto actualOutputPos = actualOutput.Begin();
+	for (auto byte : out) {
+		if (*actualOutputPos != UIntToByte(byte))
+			return false;
+
+		++actualOutputPos;
+	}
+
+	return true;
+}
+
+/**
+ * Pack the given input and compare with the expected output
+ */
+static inline bool AssertPackObjectResult(Value in, std::initializer_list<int> out)
+{
+	auto actualOutput = PackObject(in);
+	bool equal = ComparePackObjectResult(actualOutput, out);
+
+	if (!equal) {
+		std::ostringstream buf;
+		buf << std::setw(2) << std::setfill('0') << std::setbase(16);
+
+		buf << "--- ";
+		for (int c : out) {
+			buf << c;
+		}
+		buf << std::endl;
+
+		buf << "+++ ";
+		for (char c : actualOutput) {
+			buf << ByteToUInt(c);
+		}
+		buf << std::endl;
+
+		BOOST_TEST_MESSAGE(buf.str());
+	}
+
+	return equal;
+}
+
+BOOST_AUTO_TEST_SUITE(base_object_packer)
+
+BOOST_AUTO_TEST_CASE(pack_null)
+{
+	BOOST_CHECK(AssertPackObjectResult(Empty, {0}));
+}
+
+BOOST_AUTO_TEST_CASE(pack_false)
+{
+	BOOST_CHECK(AssertPackObjectResult(false, {1}));
+}
+
+BOOST_AUTO_TEST_CASE(pack_true)
+{
+	BOOST_CHECK(AssertPackObjectResult(true, {2}));
+}
+
+BOOST_AUTO_TEST_CASE(pack_number)
+{
+	BOOST_CHECK(AssertPackObjectResult(42.125, {
+		// type
+		3,
+		// IEEE 754
+		64, 69, 16, 0, 0, 0, 0, 0
+	}));
+}
+
+BOOST_AUTO_TEST_CASE(pack_string)
+{
+	BOOST_CHECK(AssertPackObjectResult(
+		String(
+			// ASCII (1 to 127)
+			"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+			"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+			"\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
+			"\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
+			"\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
+			"\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
+			"\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
+			"\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
+   			// some keyboard-independent non-ASCII unicode characters
+			"áéíóú"
+		),
+		{
+			// type
+			4,
+			// length
+			0, 0, 0, 0, 0, 0, 0, 137,
+			// ASCII
+			1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+			16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+			32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
+			48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
+			64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
+			80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95,
+			96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111,
+			112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127,
+			// UTF-8
+			195, 161, 195, 169, 195, 173, 195, 179, 195, 186
+		}
+	));
+}
+
+BOOST_AUTO_TEST_CASE(pack_array)
+{
+	BOOST_CHECK(AssertPackObjectResult(
+		(Array::Ptr)new Array({Empty, false, true, 42.125, "foobar"}),
+		{
+			// type
+			5,
+			// length
+			0, 0, 0, 0, 0, 0, 0, 5,
+			// Empty
+			0,
+			// false
+			1,
+			// true
+			2,
+			// 42.125
+			3,
+			64, 69, 16, 0, 0, 0, 0, 0,
+			// "foobar"
+			4,
+			0, 0, 0, 0, 0, 0, 0, 6,
+			102, 111, 111, 98, 97, 114
+		}
+	));
+}
+
+BOOST_AUTO_TEST_CASE(pack_object)
+{
+	BOOST_CHECK(AssertPackObjectResult(
+		(Dictionary::Ptr)new Dictionary({
+			{"null", Empty},
+			{"false", false},
+			{"true", true},
+			{"42.125", 42.125},
+			{"foobar", "foobar"},
+			{"[]", (Array::Ptr)new Array()}
+		}),
+		{
+			// type
+			6,
+			// length
+			0, 0, 0, 0, 0, 0, 0, 6,
+			// "42.125"
+			0, 0, 0, 0, 0, 0, 0, 6,
+			52, 50, 46, 49, 50, 53,
+			// 42.125
+			3,
+			64, 69, 16, 0, 0, 0, 0, 0,
+			// "[]"
+			0, 0, 0, 0, 0, 0, 0, 2,
+			91, 93,
+			// (Array::Ptr)new Array()
+			5,
+			0, 0, 0, 0, 0, 0, 0, 0,
+			// "false"
+			0, 0, 0, 0, 0, 0, 0, 5,
+			102, 97, 108, 115, 101,
+			// false
+			1,
+			// "foobar"
+			0, 0, 0, 0, 0, 0, 0, 6,
+			102, 111, 111, 98, 97, 114,
+			// "foobar"
+			4,
+			0, 0, 0, 0, 0, 0, 0, 6,
+			102, 111, 111, 98, 97, 114,
+			// "null"
+			0, 0, 0, 0, 0, 0, 0, 4,
+			110, 117, 108, 108,
+			// Empty
+			0,
+			// "true"
+			0, 0, 0, 0, 0, 0, 0, 4,
+			116, 114, 117, 101,
+			// true
+			2
+		}
+	));
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/test/base-object.cpp b/test/base-object.cpp
index e81c5bb38..fb3c2b3d6 100644
--- a/test/base-object.cpp
+++ b/test/base-object.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/object.hpp"
 #include "base/value.hpp"
diff --git a/test/base-serialize.cpp b/test/base-serialize.cpp
index 7f7d21523..3293f86ab 100644
--- a/test/base-serialize.cpp
+++ b/test/base-serialize.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/perfdatavalue.hpp"
 #include "base/dictionary.hpp"
diff --git a/test/base-shellescape.cpp b/test/base-shellescape.cpp
index 51754465c..1eb0eaef5 100644
--- a/test/base-shellescape.cpp
+++ b/test/base-shellescape.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/utility.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/base-stacktrace.cpp b/test/base-stacktrace.cpp
index cad4903c9..349c2364a 100644
--- a/test/base-stacktrace.cpp
+++ b/test/base-stacktrace.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/stacktrace.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/base-stream.cpp b/test/base-stream.cpp
index 79d70a850..34a93a2bf 100644
--- a/test/base-stream.cpp
+++ b/test/base-stream.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/stdiostream.hpp"
 #include "base/string.hpp"
diff --git a/test/base-string.cpp b/test/base-string.cpp
index 5d790bbcb..835b1a643 100644
--- a/test/base-string.cpp
+++ b/test/base-string.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/string.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/base-timer.cpp b/test/base-timer.cpp
index 2cbd519b2..d3a4a0040 100644
--- a/test/base-timer.cpp
+++ b/test/base-timer.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/timer.hpp"
 #include "base/utility.hpp"
@@ -39,16 +22,17 @@ BOOST_AUTO_TEST_CASE(interval)
 	BOOST_CHECK(timer->GetInterval() == 1.5);
 }
 
-static void Callback(int *counter)
+int counter = 0;
+
+static void Callback(const Timer * const&)
 {
-	(*counter)++;
+	counter++;
 }
 
 BOOST_AUTO_TEST_CASE(invoke)
 {
-	int counter;
 	Timer::Ptr timer = new Timer();
-	timer->OnTimerExpired.connect(std::bind(&Callback, &counter));
+	timer->OnTimerExpired.connect(&Callback);
 	timer->SetInterval(1);
 
 	counter = 0;
@@ -61,9 +45,8 @@ BOOST_AUTO_TEST_CASE(invoke)
 
 BOOST_AUTO_TEST_CASE(scope)
 {
-	int counter;
 	Timer::Ptr timer = new Timer();
-	timer->OnTimerExpired.connect(std::bind(&Callback, &counter));
+	timer->OnTimerExpired.connect(&Callback);
 	timer->SetInterval(1);
 
 	counter = 0;
diff --git a/test/base-type.cpp b/test/base-type.cpp
index 9013f9f7c..21bcf439d 100644
--- a/test/base-type.cpp
+++ b/test/base-type.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/perfdatavalue.hpp"
 #include "base/dictionary.hpp"
diff --git a/test/base-utility.cpp b/test/base-utility.cpp
new file mode 100644
index 000000000..e25179229
--- /dev/null
+++ b/test/base-utility.cpp
@@ -0,0 +1,78 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "base/utility.hpp"
+#include <chrono>
+#include <BoostTestTargetConfig.h>
+
+using namespace icinga;
+
+BOOST_AUTO_TEST_SUITE(base_utility)
+
+BOOST_AUTO_TEST_CASE(parse_version)
+{
+	BOOST_CHECK(Utility::ParseVersion("2.11.0-0.rc1.1") == "2.11.0");
+	BOOST_CHECK(Utility::ParseVersion("v2.10.5") == "2.10.5");
+	BOOST_CHECK(Utility::ParseVersion("r2.11.1") == "2.11.1");
+	BOOST_CHECK(Utility::ParseVersion("v2.11.0-rc1-58-g7c1f716da") == "2.11.0");
+
+	BOOST_CHECK(Utility::ParseVersion("v2.11butactually3.0") == "v2.11butactually3.0");
+}
+
+BOOST_AUTO_TEST_CASE(compare_version)
+{
+	BOOST_CHECK(Utility::CompareVersion("2.10.5", Utility::ParseVersion("v2.10.4")) < 0);
+	BOOST_CHECK(Utility::CompareVersion("2.11.0", Utility::ParseVersion("2.11.0-0")) == 0);
+	BOOST_CHECK(Utility::CompareVersion("2.10.5", Utility::ParseVersion("2.11.0-0.rc1.1")) > 0);
+}
+
+BOOST_AUTO_TEST_CASE(comparepasswords_works)
+{
+	BOOST_CHECK(Utility::ComparePasswords("", ""));
+
+	BOOST_CHECK(!Utility::ComparePasswords("x", ""));
+	BOOST_CHECK(!Utility::ComparePasswords("", "x"));
+
+	BOOST_CHECK(Utility::ComparePasswords("x", "x"));
+	BOOST_CHECK(!Utility::ComparePasswords("x", "y"));
+
+	BOOST_CHECK(Utility::ComparePasswords("abcd", "abcd"));
+	BOOST_CHECK(!Utility::ComparePasswords("abc", "abcd"));
+	BOOST_CHECK(!Utility::ComparePasswords("abcde", "abcd"));
+}
+
+BOOST_AUTO_TEST_CASE(comparepasswords_issafe)
+{
+	using std::chrono::duration_cast;
+	using std::chrono::microseconds;
+	using std::chrono::steady_clock;
+
+	String a, b;
+
+	a.Append(200000001, 'a');
+	b.Append(200000002, 'b');
+
+	auto start1 (steady_clock::now());
+
+	Utility::ComparePasswords(a, a);
+
+	auto duration1 (steady_clock::now() - start1);
+
+	auto start2 (steady_clock::now());
+
+	Utility::ComparePasswords(a, b);
+
+	auto duration2 (steady_clock::now() - start2);
+
+	double diff = (double)duration_cast<microseconds>(duration1).count() / (double)duration_cast<microseconds>(duration2).count();
+	BOOST_WARN(0.9 <= diff && diff <= 1.1);
+}
+
+BOOST_AUTO_TEST_CASE(validateutf8)
+{
+	BOOST_CHECK(Utility::ValidateUTF8("") == "");
+	BOOST_CHECK(Utility::ValidateUTF8("a") == "a");
+	BOOST_CHECK(Utility::ValidateUTF8("\xC3") == "\xEF\xBF\xBD");
+	BOOST_CHECK(Utility::ValidateUTF8("\xC3\xA4") == "\xC3\xA4");
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/test/base-value.cpp b/test/base-value.cpp
index f47f37d84..950290e12 100644
--- a/test/base-value.cpp
+++ b/test/base-value.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/value.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/config-ops.cpp b/test/config-ops.cpp
index c47ab0305..dfbef2530 100644
--- a/test/config-ops.cpp
+++ b/test/config-ops.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/configcompiler.hpp"
 #include "base/exception.hpp"
diff --git a/test/icinga-checkable-fixture.cpp b/test/icinga-checkable-fixture.cpp
index 3743fd382..67fab1be2 100644
--- a/test/icinga-checkable-fixture.cpp
+++ b/test/icinga-checkable-fixture.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.org/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/daemonutility.hpp"
 #include "base/application.hpp"
diff --git a/test/icinga-checkable-flapping.cpp b/test/icinga-checkable-flapping.cpp
index 256c7b517..bc3056425 100644
--- a/test/icinga-checkable-flapping.cpp
+++ b/test/icinga-checkable-flapping.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.org/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/host.hpp"
 #include <bitset>
diff --git a/test/icinga-checkresult.cpp b/test/icinga-checkresult.cpp
index fb024ce31..7db7fffb3 100644
--- a/test/icinga-checkresult.cpp
+++ b/test/icinga-checkresult.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/host.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/icinga-legacytimeperiod.cpp b/test/icinga-legacytimeperiod.cpp
index f178934c9..c7eb51b06 100644
--- a/test/icinga-legacytimeperiod.cpp
+++ b/test/icinga-legacytimeperiod.cpp
@@ -1,23 +1,12 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.org/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
+#include "base/utility.hpp"
 #include "icinga/legacytimeperiod.hpp"
+#include <boost/date_time/posix_time/posix_time.hpp>
+#include <boost/date_time/posix_time/ptime.hpp>
+#include <boost/date_time/posix_time/posix_time_duration.hpp>
+#include <boost/date_time/gregorian/conversion.hpp>
+#include <boost/date_time/date.hpp>
 #include <BoostTestTargetConfig.h>
 
 using namespace icinga;
@@ -60,47 +49,230 @@ BOOST_GLOBAL_FIXTURE(GlobalTimezoneFixture);
 
 BOOST_AUTO_TEST_CASE(simple)
 {
-	tm beg, end, ref;
+	tm tm_beg, tm_end, tm_ref;
+	String timestamp;
+	boost::posix_time::ptime begin;
+	boost::posix_time::ptime end;
+	boost::posix_time::ptime expectedBegin;
+	boost::posix_time::ptime expectedEnd;
 
+	//-----------------------------------------------------
 	// check parsing of "YYYY-MM-DD" specs
-	LegacyTimePeriod::ParseTimeSpec("2016-01-01", &beg, &end, &ref);
-	BOOST_CHECK_EQUAL(mktime(&beg), (time_t) 1451606400);
-	BOOST_CHECK_EQUAL(mktime(&end), (time_t) 1451692800);
+	timestamp = "2016-01-01";
 
-	LegacyTimePeriod::ParseTimeSpec("2015-12-31", &beg, &end, &ref);
-	BOOST_CHECK_EQUAL(mktime(&beg), (time_t) 1451520000);
-	BOOST_CHECK_EQUAL(mktime(&end), (time_t) 1451606400);
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2016, 1, 1), boost::posix_time::time_duration(0, 0, 0));
 
-	BOOST_CHECK_THROW(LegacyTimePeriod::ParseTimeSpec("2015-12-32", &beg, &end, &ref),
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2016, 1, 2), boost::posix_time::time_duration(0, 0, 0));
+
+	// Run test
+	LegacyTimePeriod::ParseTimeSpec(timestamp, &tm_beg, &tm_end, &tm_ref);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	timestamp = "2015-12-31";
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2015, 12, 31), boost::posix_time::time_duration(0, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2016, 1, 1), boost::posix_time::time_duration(0, 0, 0));
+
+	// Run test
+	LegacyTimePeriod::ParseTimeSpec(timestamp, &tm_beg, &tm_end, &tm_ref);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	// Break things forcefully
+	BOOST_CHECK_THROW(LegacyTimePeriod::ParseTimeSpec("2015-12-32", &tm_beg, &tm_end, &tm_ref),
 	    std::invalid_argument);
 
-	BOOST_CHECK_THROW(LegacyTimePeriod::ParseTimeSpec("2015-28-01", &beg, &end, &ref),
+	BOOST_CHECK_THROW(LegacyTimePeriod::ParseTimeSpec("2015-28-01", &tm_beg, &tm_end, &tm_ref),
 	    std::invalid_argument);
 
+	//-----------------------------------------------------
 	// check parsing of "day X" and "day -X" specs
-	ref.tm_year = 2016 - 1900;
-	ref.tm_mon = 1;
-	LegacyTimePeriod::ParseTimeSpec("day 2", &beg, &end, &ref);
-	BOOST_CHECK_EQUAL(mktime(&beg), (time_t) 1454371200); // 2016-02-02
-	BOOST_CHECK_EQUAL(mktime(&end), (time_t) 1454457600); // 2016-02-03
+	timestamp = "day 2";
+	tm_ref.tm_year = 2016 - 1900;
+	tm_ref.tm_mon = 2 - 1;
 
-	ref.tm_year = 2018 - 1900;
-	ref.tm_mon = 11;
-	LegacyTimePeriod::ParseTimeSpec("day 31", &beg, &end, &ref);
-	BOOST_CHECK_EQUAL(mktime(&beg), (time_t) 1546214400); // 2018-12-31
-	BOOST_CHECK_EQUAL(mktime(&end), (time_t) 1546300800); // 2019-01-01
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2016, 2, 2), boost::posix_time::time_duration(0, 0, 0));
 
-	ref.tm_year = 2012 - 1900;
-	ref.tm_mon = 6;
-	LegacyTimePeriod::ParseTimeSpec("day -1", &beg, &end, &ref);
-	BOOST_CHECK_EQUAL(mktime(&beg), (time_t) 1343692800); // 2012-07-31
-	BOOST_CHECK_EQUAL(mktime(&end), (time_t) 1343779200); // 2012-08-01
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2016, 2, 3), boost::posix_time::time_duration(0, 0, 0));
 
-	ref.tm_year = 2016 - 1900; // leap year
-	ref.tm_mon = 1;
-	LegacyTimePeriod::ParseTimeSpec("day -1", &beg, &end, &ref);
-	BOOST_CHECK_EQUAL(mktime(&beg), (time_t) 1456704000); // 2016-02-29
-	BOOST_CHECK_EQUAL(mktime(&end), (time_t) 1456790400); // 2016-03-01
+	// Run Tests
+	LegacyTimePeriod::ParseTimeSpec(timestamp, &tm_beg, &tm_end, &tm_ref);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	timestamp = "day 31";
+	tm_ref.tm_year = 2018 - 1900;
+	tm_ref.tm_mon = 12 - 1;
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2018, 12, 31), boost::posix_time::time_duration(0, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2019, 1, 1), boost::posix_time::time_duration(0, 0, 0));
+
+	// Run Tests
+	LegacyTimePeriod::ParseTimeSpec(timestamp, &tm_beg, &tm_end, &tm_ref);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	// Last day of the month
+	timestamp = "day -1";
+	tm_ref.tm_year = 2012 - 1900;
+	tm_ref.tm_mon = 7 - 1;
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2012, 7, 31), boost::posix_time::time_duration(0, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2012, 8, 1), boost::posix_time::time_duration(0, 0, 0));
+
+	// Run Tests
+	LegacyTimePeriod::ParseTimeSpec(timestamp, &tm_beg, &tm_end, &tm_ref);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	// Third last day of the month
+	timestamp = "day -3";
+	tm_ref.tm_year = 2019 - 1900;
+	tm_ref.tm_mon = 7 - 1;
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2019, 7, 29), boost::posix_time::time_duration(0, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2019, 7, 30), boost::posix_time::time_duration(0, 0, 0));
+
+	// Run Tests
+	LegacyTimePeriod::ParseTimeSpec(timestamp, &tm_beg, &tm_end, &tm_ref);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	// Leap year with the last day of the month
+	timestamp = "day -1";
+	tm_ref.tm_year = 2016 - 1900; // leap year
+	tm_ref.tm_mon = 2 - 1;
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2016, 2, 29), boost::posix_time::time_duration(0, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2016, 3, 1), boost::posix_time::time_duration(0, 0, 0));
+
+	// Run Tests
+	LegacyTimePeriod::ParseTimeSpec("day -1", &tm_beg, &tm_end, &tm_ref);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+}
+
+BOOST_AUTO_TEST_CASE(advanced)
+{
+	tm tm_beg, tm_end, tm_ref;
+	String timestamp;
+	boost::posix_time::ptime begin;
+	boost::posix_time::ptime end;
+	boost::posix_time::ptime expectedBegin;
+	boost::posix_time::ptime expectedEnd;
+
+	//-----------------------------------------------------
+	// 2019-05-06 where Icinga celebrates 10 years #monitoringlove
+	// 2019-05-06 22:00:00 - 2019-05-07 06:00:00
+	timestamp = "22:00-06:00";
+	tm_ref.tm_year = 2019 - 1900;
+	tm_ref.tm_mon = 5 - 1;
+	tm_ref.tm_mday = 6;
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2019, 5, 6), boost::posix_time::time_duration(22, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2019, 5, 7), boost::posix_time::time_duration(6, 0, 0));
+
+	// Run test
+	LegacyTimePeriod::ProcessTimeRangeRaw(timestamp, &tm_ref, &tm_beg, &tm_end);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	// 2019-05-06 Icinga is unleashed.
+	// 09:00:00 - 17:00:00
+	timestamp = "09:00-17:00";
+	tm_ref.tm_year = 2009 - 1900;
+	tm_ref.tm_mon = 5 - 1;
+	tm_ref.tm_mday = 6;
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2009, 5, 6), boost::posix_time::time_duration(9, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2009, 5, 6), boost::posix_time::time_duration(17, 0, 0));
+
+	// Run test
+	LegacyTimePeriod::ProcessTimeRangeRaw(timestamp, &tm_ref, &tm_beg, &tm_end);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
+
+	//-----------------------------------------------------
+	// At our first Icinga Camp in SFO 2014 at GitHub HQ, we partied all night long with an overflow.
+	// 2014-09-24 09:00:00 - 2014-09-25 06:00:00
+	timestamp = "09:00-30:00";
+	tm_ref.tm_year = 2014 - 1900;
+	tm_ref.tm_mon = 9 - 1;
+	tm_ref.tm_mday = 24;
+
+	expectedBegin = boost::posix_time::ptime(boost::gregorian::date(2014, 9, 24), boost::posix_time::time_duration(9, 0, 0));
+
+	expectedEnd = boost::posix_time::ptime(boost::gregorian::date(2014, 9, 25), boost::posix_time::time_duration(6, 0, 0));
+
+	// Run test
+	LegacyTimePeriod::ProcessTimeRangeRaw(timestamp, &tm_ref, &tm_beg, &tm_end);
+
+	// Compare times
+	begin = boost::posix_time::ptime_from_tm(tm_beg);
+	end = boost::posix_time::ptime_from_tm(tm_end);
+
+	BOOST_CHECK_EQUAL(begin, expectedBegin);
+	BOOST_CHECK_EQUAL(end, expectedEnd);
 }
 
 BOOST_AUTO_TEST_SUITE_END()
diff --git a/test/icinga-macros.cpp b/test/icinga-macros.cpp
index 94f067600..e7c789c40 100644
--- a/test/icinga-macros.cpp
+++ b/test/icinga-macros.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/macroprocessor.hpp"
 #include <BoostTestTargetConfig.h>
diff --git a/test/icinga-notification.cpp b/test/icinga-notification.cpp
index 09373a952..5cf3f49e8 100644
--- a/test/icinga-notification.cpp
+++ b/test/icinga-notification.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icinga/notification.hpp"
 #include <BoostTestTargetConfig.h>
@@ -25,6 +8,21 @@ using namespace icinga;
 
 BOOST_AUTO_TEST_SUITE(icinga_notification)
 
+BOOST_AUTO_TEST_CASE(strings)
+{
+	// States
+	BOOST_CHECK("OK" == Notification::NotificationServiceStateToString(ServiceOK));
+	BOOST_CHECK("Critical" == Notification::NotificationServiceStateToString(ServiceCritical));
+	BOOST_CHECK("Up" == Notification::NotificationHostStateToString(HostUp));
+
+	// Types
+	BOOST_CHECK("DowntimeStart" == Notification::NotificationTypeToString(NotificationDowntimeStart));
+	BOOST_CHECK("Problem" == Notification::NotificationTypeToString(NotificationProblem));
+
+	// Compat
+	BOOST_CHECK("DOWNTIMECANCELLED" == Notification::NotificationTypeToStringCompat(NotificationDowntimeRemoved));
+}
+
 BOOST_AUTO_TEST_CASE(state_filter)
 {
 	unsigned long fstate;
diff --git a/test/icinga-perfdata.cpp b/test/icinga-perfdata.cpp
index bdd5ca281..b0fa1ee98 100644
--- a/test/icinga-perfdata.cpp
+++ b/test/icinga-perfdata.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/perfdatavalue.hpp"
 #include "icinga/pluginutility.hpp"
diff --git a/test/icingaapplication-fixture.cpp b/test/icingaapplication-fixture.cpp
index bb3b1c710..80fa4bfd8 100644
--- a/test/icingaapplication-fixture.cpp
+++ b/test/icingaapplication-fixture.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
-* Icinga 2                                                                   *
-* Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
-*                                                                            *
-* This program is free software; you can redistribute it and/or              *
-* modify it under the terms of the GNU General Public License                *
-* as published by the Free Software Foundation; either version 2             *
-* of the License, or (at your option) any later version.                     *
-*                                                                            *
-* This program is distributed in the hope that it will be useful,            *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of             *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
-* GNU General Public License for more details.                               *
-*                                                                            *
-* You should have received a copy of the GNU General Public License          *
-* along with this program; if not, write to the Free Software Foundation     *
-* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
-******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "icingaapplication-fixture.hpp"
 
diff --git a/test/icingaapplication-fixture.hpp b/test/icingaapplication-fixture.hpp
index d79836b8b..23f4c9c81 100644
--- a/test/icingaapplication-fixture.hpp
+++ b/test/icingaapplication-fixture.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
-* Icinga 2                                                                   *
-* Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
-*                                                                            *
-* This program is free software; you can redistribute it and/or              *
-* modify it under the terms of the GNU General Public License                *
-* as published by the Free Software Foundation; either version 2             *
-* of the License, or (at your option) any later version.                     *
-*                                                                            *
-* This program is distributed in the hope that it will be useful,            *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of             *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
-* GNU General Public License for more details.                               *
-*                                                                            *
-* You should have received a copy of the GNU General Public License          *
-* along with this program; if not, write to the Free Software Foundation     *
-* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
-******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef ICINGAAPPLICATION_FIXTURE_H
 #define ICINGAAPPLICATION_FIXTURE_H
diff --git a/test/livestatus-fixture.cpp b/test/livestatus-fixture.cpp
index c016ffe95..aaa0e073a 100644
--- a/test/livestatus-fixture.cpp
+++ b/test/livestatus-fixture.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "config/configcompiler.hpp"
 #include "config/configitem.hpp"
diff --git a/test/livestatus.cpp b/test/livestatus.cpp
index bb74ffc30..6aafa3be3 100644
--- a/test/livestatus.cpp
+++ b/test/livestatus.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "livestatus/livestatusquery.hpp"
 #include "base/application.hpp"
diff --git a/test/remote-url.cpp b/test/remote-url.cpp
index 60df7c130..36b79894e 100644
--- a/test/remote-url.cpp
+++ b/test/remote-url.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "base/array.hpp"
 #include "remote/url.hpp"
@@ -53,31 +36,50 @@ BOOST_AUTO_TEST_CASE(get_and_set)
 
 	BOOST_CHECK(url->Format(false, true) == "ftp://Horst:Seehofer@koenigreich.bayern:1918/path/to/m%C3%BCnchen");
 
-	std::map<String, std::vector<String> > m;
-	std::vector<String> v1 { "hip", "hip", "hurra" };
-	std::vector<String> v2 { "äü^ä+#ül-" };
-	std::vector<String> v3 { "1", "2" };
-	m.insert(std::make_pair("shout", v1));
-	m.insert(std::make_pair("sonderzeichen", v2));
-	url->SetQuery(m);
-	url->SetQueryElements("count", v3);
+	url->SetQuery({
+		{"shout", "hip"},
+		{"shout", "hip"},
+		{"shout", "hurra"},
+		{"sonderzeichen", "äü^ä+#ül-"}
+	});
 	url->AddQueryElement("count", "3");
 
-	std::map<String, std::vector<String> > mn = url->GetQuery();
-	BOOST_CHECK(mn["shout"][0] == v1[0]);
-	BOOST_CHECK(mn["sonderzeichen"][0] == v2[0]);
-	BOOST_CHECK(mn["count"][2] == "3");
+	auto mn (url->GetQuery());
+
+	BOOST_CHECK(mn.size() == 5);
+
+	BOOST_CHECK(mn[0].first == "shout");
+	BOOST_CHECK(mn[0].second == "hip");
+
+	BOOST_CHECK(mn[1].first == "shout");
+	BOOST_CHECK(mn[1].second == "hip");
+
+	BOOST_CHECK(mn[2].first == "shout");
+	BOOST_CHECK(mn[2].second == "hurra");
+
+	BOOST_CHECK(mn[3].first == "sonderzeichen");
+	BOOST_CHECK(mn[3].second == "äü^ä+#ül-");
+
+	BOOST_CHECK(mn[4].first == "count");
+	BOOST_CHECK(mn[4].second == "3");
 }
 
 BOOST_AUTO_TEST_CASE(parameters)
 {
-	Url::Ptr url = new Url("https://icinga.com/hya/?rain=karl&rair=robert&foo[]=bar");
+	Url::Ptr url = new Url("https://icinga.com/hya/?rair=robert&rain=karl&foo[]=bar");
 
-	BOOST_CHECK(url->GetQueryElement("rair") == "robert");
-	BOOST_CHECK(url->GetQueryElement("rain") == "karl");
-	std::vector<String> test = url->GetQueryElements("foo");
-	BOOST_CHECK(test.size() == 1);
-	BOOST_CHECK(test[0] == "bar");
+	auto query (url->GetQuery());
+
+	BOOST_CHECK(query.size() == 3);
+
+	BOOST_CHECK(query[0].first == "rair");
+	BOOST_CHECK(query[0].second == "robert");
+
+	BOOST_CHECK(query[1].first == "rain");
+	BOOST_CHECK(query[1].second == "karl");
+
+	BOOST_CHECK(query[2].first == "foo");
+	BOOST_CHECK(query[2].second == "bar");
 }
 
 BOOST_AUTO_TEST_CASE(format)
diff --git a/test/remote-user.cpp b/test/remote-user.cpp
deleted file mode 100644
index f43816a19..000000000
--- a/test/remote-user.cpp
+++ /dev/null
@@ -1,50 +0,0 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
-
-#include "remote/apiuser.hpp"
-#include "base/tlsutility.hpp"
-#include <BoostTestTargetConfig.h>
-
-#include <iostream>
-
-using namespace icinga;
-
-BOOST_AUTO_TEST_SUITE(api_user)
-
-BOOST_AUTO_TEST_CASE(password)
-{
-	ApiUser::Ptr user = new ApiUser();
-	String passwd = RandomString(16);
-	String salt = RandomString(8);
-	user->SetPasswordHash(CreateHashedPasswordString(passwd, salt));
-	user->OnConfigLoaded();
-	user->OnAllConfigLoaded();
-	user->Start();
-
-	BOOST_CHECK(user->GetPasswordHash() != passwd);
-
-	Dictionary::Ptr passwdd = user->GetPasswordDict();
-
-	BOOST_CHECK(passwdd);
-	BOOST_CHECK(passwdd->Get("salt") == salt);
-	BOOST_CHECK(ComparePassword(passwdd->Get("password"), passwd, salt));
-	BOOST_CHECK(!ComparePassword(passwdd->Get("password"), "wrong password uwu!", salt));
-}
-
-BOOST_AUTO_TEST_SUITE_END()
diff --git a/test/test-runner.cpp b/test/test-runner.cpp
index 4ed6aa30a..fac41ea70 100644
--- a/test/test-runner.cpp
+++ b/test/test-runner.cpp
@@ -1,22 +1,21 @@
-/******************************************************************************
-* Icinga 2                                                                   *
-* Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
-*                                                                            *
-* This program is free software; you can redistribute it and/or              *
-* modify it under the terms of the GNU General Public License                *
-* as published by the Free Software Foundation; either version 2             *
-* of the License, or (at your option) any later version.                     *
-*                                                                            *
-* This program is distributed in the hope that it will be useful,            *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of             *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
-* GNU General Public License for more details.                               *
-*                                                                            *
-* You should have received a copy of the GNU General Public License          *
-* along with this program; if not, write to the Free Software Foundation     *
-* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
-******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
-#define BOOST_TEST_MAIN
+#define BOOST_TEST_MODULE icinga2
+#define BOOST_TEST_NO_MAIN
+#define BOOST_TEST_ALTERNATIVE_INIT_API
 
 #include <BoostTestTargetConfig.h>
+#include <boost/test/unit_test.hpp>
+#include <cstdlib>
+
+int BOOST_TEST_CALL_DECL
+main(int argc, char **argv)
+{
+	std::_Exit(boost::unit_test::unit_test_main(init_unit_test, argc, argv));
+	return EXIT_FAILURE;
+}
+
+#ifdef _WIN32
+#include <boost/test/impl/unit_test_main.ipp>
+#include <boost/test/impl/framework.ipp>
+#endif /* _WIN32 */
diff --git a/third-party/CMakeLists.txt b/third-party/CMakeLists.txt
index 7ccccb5f9..fea750f1d 100644
--- a/third-party/CMakeLists.txt
+++ b/third-party/CMakeLists.txt
@@ -1,26 +1,7 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 add_subdirectory(mmatch)
 
-if(NOT YAJL_FOUND)
-  add_subdirectory(yajl)
-endif()
-
 if(UNIX OR CYGWIN)
   add_subdirectory(execvpe)
 endif()
diff --git a/third-party/cmake/FindMySQL.cmake b/third-party/cmake/FindMySQL.cmake
index 201a98259..d3a6e7f2a 100644
--- a/third-party/cmake/FindMySQL.cmake
+++ b/third-party/cmake/FindMySQL.cmake
@@ -36,15 +36,21 @@ FIND_PATH(MYSQL_INCLUDE_DIR mysql.h
   $ENV{MYSQL_DIR}/include
   /usr/include/mysql
   /usr/local/include/mysql
+  /usr/include/mariadb
+  /usr/local/include/mariadb
   /opt/mysql/mysql/include
   /opt/mysql/mysql/include/mysql
   /opt/mysql/include
+  /opt/mariadb/include/mysql
   /opt/local/include/mysql5
   /usr/local/mysql/include
   /usr/local/mysql/include/mysql
   ${_macports_include_dirs}
   $ENV{ProgramFiles}/MySQL/*/include
-  $ENV{SystemDrive}/MySQL/*/include)
+  $ENV{SystemDrive}/MySQL/*/include
+  $ENV{ProgramFiles}/MariaDB*/include/mysql
+  $ENV{SystemDrive}/MariaDB*/include/mysql
+)
 
 UNSET(_macports_include_dirs)
 
diff --git a/third-party/execvpe/CMakeLists.txt b/third-party/execvpe/CMakeLists.txt
index 4be31bc1b..4dda40a93 100644
--- a/third-party/execvpe/CMakeLists.txt
+++ b/third-party/execvpe/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 set(execvpe_SOURCES
   execvpe.c execvpe.h
diff --git a/third-party/execvpe/execvpe.h b/third-party/execvpe/execvpe.h
index c2230cad7..5e32d66b6 100644
--- a/third-party/execvpe/execvpe.h
+++ b/third-party/execvpe/execvpe.h
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef EXECVPE_H
 #define EXECVPE_H
diff --git a/third-party/mmatch/CMakeLists.txt b/third-party/mmatch/CMakeLists.txt
index 70bb6f1c2..f48e0739f 100644
--- a/third-party/mmatch/CMakeLists.txt
+++ b/third-party/mmatch/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 set(mmatch_SOURCES
   mmatch.c mmatch.h
diff --git a/third-party/nlohmann_json/LICENSE b/third-party/nlohmann_json/LICENSE
new file mode 100644
index 000000000..8b0f7002e
--- /dev/null
+++ b/third-party/nlohmann_json/LICENSE
@@ -0,0 +1,21 @@
+MIT License 
+
+Copyright (c) 2013-2018 Niels Lohmann
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/third-party/nlohmann_json/json.hpp b/third-party/nlohmann_json/json.hpp
new file mode 100644
index 000000000..c9af0bed3
--- /dev/null
+++ b/third-party/nlohmann_json/json.hpp
@@ -0,0 +1,20406 @@
+/*
+    __ _____ _____ _____
+ __|  |   __|     |   | |  JSON for Modern C++
+|  |  |__   |  |  | | | |  version 3.5.0
+|_____|_____|_____|_|___|  https://github.com/nlohmann/json
+
+Licensed under the MIT License <http://opensource.org/licenses/MIT>.
+SPDX-License-Identifier: MIT
+Copyright (c) 2013-2018 Niels Lohmann <http://nlohmann.me>.
+
+Permission is hereby  granted, free of charge, to any  person obtaining a copy
+of this software and associated  documentation files (the "Software"), to deal
+in the Software  without restriction, including without  limitation the rights
+to  use, copy,  modify, merge,  publish, distribute,  sublicense, and/or  sell
+copies  of  the Software,  and  to  permit persons  to  whom  the Software  is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE  IS PROVIDED "AS  IS", WITHOUT WARRANTY  OF ANY KIND,  EXPRESS OR
+IMPLIED,  INCLUDING BUT  NOT  LIMITED TO  THE  WARRANTIES OF  MERCHANTABILITY,
+FITNESS FOR  A PARTICULAR PURPOSE AND  NONINFRINGEMENT. IN NO EVENT  SHALL THE
+AUTHORS  OR COPYRIGHT  HOLDERS  BE  LIABLE FOR  ANY  CLAIM,  DAMAGES OR  OTHER
+LIABILITY, WHETHER IN AN ACTION OF  CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE  OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*/
+
+#ifndef NLOHMANN_JSON_HPP
+#define NLOHMANN_JSON_HPP
+
+#define NLOHMANN_JSON_VERSION_MAJOR 3
+#define NLOHMANN_JSON_VERSION_MINOR 5
+#define NLOHMANN_JSON_VERSION_PATCH 0
+
+#include <algorithm> // all_of, find, for_each
+#include <cassert> // assert
+#include <ciso646> // and, not, or
+#include <cstddef> // nullptr_t, ptrdiff_t, size_t
+#include <functional> // hash, less
+#include <initializer_list> // initializer_list
+#include <iosfwd> // istream, ostream
+#include <iterator> // random_access_iterator_tag
+#include <numeric> // accumulate
+#include <string> // string, stoi, to_string
+#include <utility> // declval, forward, move, pair, swap
+
+// #include <nlohmann/json_fwd.hpp>
+#ifndef NLOHMANN_JSON_FWD_HPP
+#define NLOHMANN_JSON_FWD_HPP
+
+#include <cstdint> // int64_t, uint64_t
+#include <map> // map
+#include <memory> // allocator
+#include <string> // string
+#include <vector> // vector
+
+/*!
+@brief namespace for Niels Lohmann
+@see https://github.com/nlohmann
+@since version 1.0.0
+*/
+namespace nlohmann
+{
+/*!
+@brief default JSONSerializer template argument
+
+This serializer ignores the template arguments and uses ADL
+([argument-dependent lookup](https://en.cppreference.com/w/cpp/language/adl))
+for serialization.
+*/
+template<typename T = void, typename SFINAE = void>
+struct adl_serializer;
+
+template<template<typename U, typename V, typename... Args> class ObjectType =
+         std::map,
+         template<typename U, typename... Args> class ArrayType = std::vector,
+         class StringType = std::string, class BooleanType = bool,
+         class NumberIntegerType = std::int64_t,
+         class NumberUnsignedType = std::uint64_t,
+         class NumberFloatType = double,
+         template<typename U> class AllocatorType = std::allocator,
+         template<typename T, typename SFINAE = void> class JSONSerializer =
+         adl_serializer>
+class basic_json;
+
+/*!
+@brief JSON Pointer
+
+A JSON pointer defines a string syntax for identifying a specific value
+within a JSON document. It can be used with functions `at` and
+`operator[]`. Furthermore, JSON pointers are the base for JSON patches.
+
+@sa [RFC 6901](https://tools.ietf.org/html/rfc6901)
+
+@since version 2.0.0
+*/
+template<typename BasicJsonType>
+class json_pointer;
+
+/*!
+@brief default JSON class
+
+This type is the default specialization of the @ref basic_json class which
+uses the standard template types.
+
+@since version 1.0.0
+*/
+using json = basic_json<>;
+}  // namespace nlohmann
+
+#endif
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+
+// This file contains all internal macro definitions
+// You MUST include macro_unscope.hpp at the end of json.hpp to undef all of them
+
+// exclude unsupported compilers
+#if !defined(JSON_SKIP_UNSUPPORTED_COMPILER_CHECK)
+    #if defined(__clang__)
+        #if (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) < 30400
+            #error "unsupported Clang version - see https://github.com/nlohmann/json#supported-compilers"
+        #endif
+    #elif defined(__GNUC__) && !(defined(__ICC) || defined(__INTEL_COMPILER))
+        #if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) < 40800
+            #error "unsupported GCC version - see https://github.com/nlohmann/json#supported-compilers"
+        #endif
+    #endif
+#endif
+
+// disable float-equal warnings on GCC/clang
+#if defined(__clang__) || defined(__GNUC__) || defined(__GNUG__)
+    #pragma GCC diagnostic push
+    #pragma GCC diagnostic ignored "-Wfloat-equal"
+#endif
+
+// disable documentation warnings on clang
+#if defined(__clang__)
+    #pragma GCC diagnostic push
+    #pragma GCC diagnostic ignored "-Wdocumentation"
+#endif
+
+// allow for portable deprecation warnings
+#if defined(__clang__) || defined(__GNUC__) || defined(__GNUG__)
+    #define JSON_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER)
+    #define JSON_DEPRECATED __declspec(deprecated)
+#else
+    #define JSON_DEPRECATED
+#endif
+
+// allow to disable exceptions
+#if (defined(__cpp_exceptions) || defined(__EXCEPTIONS) || defined(_CPPUNWIND)) && !defined(JSON_NOEXCEPTION)
+    #define JSON_THROW(exception) throw exception
+    #define JSON_TRY try
+    #define JSON_CATCH(exception) catch(exception)
+    #define JSON_INTERNAL_CATCH(exception) catch(exception)
+#else
+    #define JSON_THROW(exception) std::abort()
+    #define JSON_TRY if(true)
+    #define JSON_CATCH(exception) if(false)
+    #define JSON_INTERNAL_CATCH(exception) if(false)
+#endif
+
+// override exception macros
+#if defined(JSON_THROW_USER)
+    #undef JSON_THROW
+    #define JSON_THROW JSON_THROW_USER
+#endif
+#if defined(JSON_TRY_USER)
+    #undef JSON_TRY
+    #define JSON_TRY JSON_TRY_USER
+#endif
+#if defined(JSON_CATCH_USER)
+    #undef JSON_CATCH
+    #define JSON_CATCH JSON_CATCH_USER
+    #undef JSON_INTERNAL_CATCH
+    #define JSON_INTERNAL_CATCH JSON_CATCH_USER
+#endif
+#if defined(JSON_INTERNAL_CATCH_USER)
+    #undef JSON_INTERNAL_CATCH
+    #define JSON_INTERNAL_CATCH JSON_INTERNAL_CATCH_USER
+#endif
+
+// manual branch prediction
+#if defined(__clang__) || defined(__GNUC__) || defined(__GNUG__)
+    #define JSON_LIKELY(x)      __builtin_expect(!!(x), 1)
+    #define JSON_UNLIKELY(x)    __builtin_expect(!!(x), 0)
+#else
+    #define JSON_LIKELY(x)      x
+    #define JSON_UNLIKELY(x)    x
+#endif
+
+// C++ language standard detection
+#if (defined(__cplusplus) && __cplusplus >= 201703L) || (defined(_HAS_CXX17) && _HAS_CXX17 == 1) // fix for issue #464
+    #define JSON_HAS_CPP_17
+    #define JSON_HAS_CPP_14
+#elif (defined(__cplusplus) && __cplusplus >= 201402L) || (defined(_HAS_CXX14) && _HAS_CXX14 == 1)
+    #define JSON_HAS_CPP_14
+#endif
+
+/*!
+@brief macro to briefly define a mapping between an enum and JSON
+@def NLOHMANN_JSON_SERIALIZE_ENUM
+@since version 3.4.0
+*/
+#define NLOHMANN_JSON_SERIALIZE_ENUM(ENUM_TYPE, ...)                                           \
+    template<typename BasicJsonType>                                                           \
+    inline void to_json(BasicJsonType& j, const ENUM_TYPE& e)                                  \
+    {                                                                                          \
+        static_assert(std::is_enum<ENUM_TYPE>::value, #ENUM_TYPE " must be an enum!");         \
+        static const std::pair<ENUM_TYPE, BasicJsonType> m[] = __VA_ARGS__;                    \
+        auto it = std::find_if(std::begin(m), std::end(m),                                     \
+                               [e](const std::pair<ENUM_TYPE, BasicJsonType>& ej_pair) -> bool \
+        {                                                                                      \
+            return ej_pair.first == e;                                                         \
+        });                                                                                    \
+        j = ((it != std::end(m)) ? it : std::begin(m))->second;                                \
+    }                                                                                          \
+    template<typename BasicJsonType>                                                           \
+    inline void from_json(const BasicJsonType& j, ENUM_TYPE& e)                                \
+    {                                                                                          \
+        static_assert(std::is_enum<ENUM_TYPE>::value, #ENUM_TYPE " must be an enum!");         \
+        static const std::pair<ENUM_TYPE, BasicJsonType> m[] = __VA_ARGS__;                    \
+        auto it = std::find_if(std::begin(m), std::end(m),                                     \
+                               [j](const std::pair<ENUM_TYPE, BasicJsonType>& ej_pair) -> bool \
+        {                                                                                      \
+            return ej_pair.second == j;                                                        \
+        });                                                                                    \
+        e = ((it != std::end(m)) ? it : std::begin(m))->first;                                 \
+    }
+
+// Ugly macros to avoid uglier copy-paste when specializing basic_json. They
+// may be removed in the future once the class is split.
+
+#define NLOHMANN_BASIC_JSON_TPL_DECLARATION                                \
+    template<template<typename, typename, typename...> class ObjectType,   \
+             template<typename, typename...> class ArrayType,              \
+             class StringType, class BooleanType, class NumberIntegerType, \
+             class NumberUnsignedType, class NumberFloatType,              \
+             template<typename> class AllocatorType,                       \
+             template<typename, typename = void> class JSONSerializer>
+
+#define NLOHMANN_BASIC_JSON_TPL                                            \
+    basic_json<ObjectType, ArrayType, StringType, BooleanType,             \
+    NumberIntegerType, NumberUnsignedType, NumberFloatType,                \
+    AllocatorType, JSONSerializer>
+
+// #include <nlohmann/detail/meta/cpp_future.hpp>
+
+
+#include <ciso646> // not
+#include <cstddef> // size_t
+#include <type_traits> // conditional, enable_if, false_type, integral_constant, is_constructible, is_integral, is_same, remove_cv, remove_reference, true_type
+
+namespace nlohmann
+{
+namespace detail
+{
+// alias templates to reduce boilerplate
+template<bool B, typename T = void>
+using enable_if_t = typename std::enable_if<B, T>::type;
+
+template<typename T>
+using uncvref_t = typename std::remove_cv<typename std::remove_reference<T>::type>::type;
+
+// implementation of C++14 index_sequence and affiliates
+// source: https://stackoverflow.com/a/32223343
+template<std::size_t... Ints>
+struct index_sequence
+{
+    using type = index_sequence;
+    using value_type = std::size_t;
+    static constexpr std::size_t size() noexcept
+    {
+        return sizeof...(Ints);
+    }
+};
+
+template<class Sequence1, class Sequence2>
+struct merge_and_renumber;
+
+template<std::size_t... I1, std::size_t... I2>
+struct merge_and_renumber<index_sequence<I1...>, index_sequence<I2...>>
+        : index_sequence < I1..., (sizeof...(I1) + I2)... > {};
+
+template<std::size_t N>
+struct make_index_sequence
+    : merge_and_renumber < typename make_index_sequence < N / 2 >::type,
+      typename make_index_sequence < N - N / 2 >::type > {};
+
+template<> struct make_index_sequence<0> : index_sequence<> {};
+template<> struct make_index_sequence<1> : index_sequence<0> {};
+
+template<typename... Ts>
+using index_sequence_for = make_index_sequence<sizeof...(Ts)>;
+
+// dispatch utility (taken from ranges-v3)
+template<unsigned N> struct priority_tag : priority_tag < N - 1 > {};
+template<> struct priority_tag<0> {};
+
+// taken from ranges-v3
+template<typename T>
+struct static_const
+{
+    static constexpr T value{};
+};
+
+template<typename T>
+constexpr T static_const<T>::value;
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/meta/type_traits.hpp>
+
+
+#include <ciso646> // not
+#include <limits> // numeric_limits
+#include <type_traits> // false_type, is_constructible, is_integral, is_same, true_type
+#include <utility> // declval
+
+// #include <nlohmann/json_fwd.hpp>
+
+// #include <nlohmann/detail/iterators/iterator_traits.hpp>
+
+
+#include <iterator> // random_access_iterator_tag
+
+// #include <nlohmann/detail/meta/void_t.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+template <typename ...Ts> struct make_void
+{
+    using type = void;
+};
+template <typename ...Ts> using void_t = typename make_void<Ts...>::type;
+} // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/meta/cpp_future.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+template <typename It, typename = void>
+struct iterator_types {};
+
+template <typename It>
+struct iterator_types <
+    It,
+    void_t<typename It::difference_type, typename It::value_type, typename It::pointer,
+    typename It::reference, typename It::iterator_category >>
+{
+    using difference_type = typename It::difference_type;
+    using value_type = typename It::value_type;
+    using pointer = typename It::pointer;
+    using reference = typename It::reference;
+    using iterator_category = typename It::iterator_category;
+};
+
+// This is required as some compilers implement std::iterator_traits in a way that
+// doesn't work with SFINAE. See https://github.com/nlohmann/json/issues/1341.
+template <typename T, typename = void>
+struct iterator_traits
+{
+};
+
+template <typename T>
+struct iterator_traits < T, enable_if_t < !std::is_pointer<T>::value >>
+            : iterator_types<T>
+{
+};
+
+template <typename T>
+struct iterator_traits<T*, enable_if_t<std::is_object<T>::value>>
+{
+    using iterator_category = std::random_access_iterator_tag;
+    using value_type = T;
+    using difference_type = ptrdiff_t;
+    using pointer = T*;
+    using reference = T&;
+};
+}
+}
+
+// #include <nlohmann/detail/meta/cpp_future.hpp>
+
+// #include <nlohmann/detail/meta/detected.hpp>
+
+
+#include <type_traits>
+
+// #include <nlohmann/detail/meta/void_t.hpp>
+
+
+// http://en.cppreference.com/w/cpp/experimental/is_detected
+namespace nlohmann
+{
+namespace detail
+{
+struct nonesuch
+{
+    nonesuch() = delete;
+    ~nonesuch() = delete;
+    nonesuch(nonesuch const&) = delete;
+    void operator=(nonesuch const&) = delete;
+};
+
+template <class Default,
+          class AlwaysVoid,
+          template <class...> class Op,
+          class... Args>
+struct detector
+{
+    using value_t = std::false_type;
+    using type = Default;
+};
+
+template <class Default, template <class...> class Op, class... Args>
+struct detector<Default, void_t<Op<Args...>>, Op, Args...>
+{
+    using value_t = std::true_type;
+    using type = Op<Args...>;
+};
+
+template <template <class...> class Op, class... Args>
+using is_detected = typename detector<nonesuch, void, Op, Args...>::value_t;
+
+template <template <class...> class Op, class... Args>
+using detected_t = typename detector<nonesuch, void, Op, Args...>::type;
+
+template <class Default, template <class...> class Op, class... Args>
+using detected_or = detector<Default, void, Op, Args...>;
+
+template <class Default, template <class...> class Op, class... Args>
+using detected_or_t = typename detected_or<Default, Op, Args...>::type;
+
+template <class Expected, template <class...> class Op, class... Args>
+using is_detected_exact = std::is_same<Expected, detected_t<Op, Args...>>;
+
+template <class To, template <class...> class Op, class... Args>
+using is_detected_convertible =
+    std::is_convertible<detected_t<Op, Args...>, To>;
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+
+namespace nlohmann
+{
+/*!
+@brief detail namespace with internal helper functions
+
+This namespace collects functions that should not be exposed,
+implementations of some @ref basic_json methods, and meta-programming helpers.
+
+@since version 2.1.0
+*/
+namespace detail
+{
+/////////////
+// helpers //
+/////////////
+
+// Note to maintainers:
+//
+// Every trait in this file expects a non CV-qualified type.
+// The only exceptions are in the 'aliases for detected' section
+// (i.e. those of the form: decltype(T::member_function(std::declval<T>())))
+//
+// In this case, T has to be properly CV-qualified to constraint the function arguments
+// (e.g. to_json(BasicJsonType&, const T&))
+
+template<typename> struct is_basic_json : std::false_type {};
+
+NLOHMANN_BASIC_JSON_TPL_DECLARATION
+struct is_basic_json<NLOHMANN_BASIC_JSON_TPL> : std::true_type {};
+
+//////////////////////////
+// aliases for detected //
+//////////////////////////
+
+template <typename T>
+using mapped_type_t = typename T::mapped_type;
+
+template <typename T>
+using key_type_t = typename T::key_type;
+
+template <typename T>
+using value_type_t = typename T::value_type;
+
+template <typename T>
+using difference_type_t = typename T::difference_type;
+
+template <typename T>
+using pointer_t = typename T::pointer;
+
+template <typename T>
+using reference_t = typename T::reference;
+
+template <typename T>
+using iterator_category_t = typename T::iterator_category;
+
+template <typename T>
+using iterator_t = typename T::iterator;
+
+template <typename T, typename... Args>
+using to_json_function = decltype(T::to_json(std::declval<Args>()...));
+
+template <typename T, typename... Args>
+using from_json_function = decltype(T::from_json(std::declval<Args>()...));
+
+template <typename T, typename U>
+using get_template_function = decltype(std::declval<T>().template get<U>());
+
+// trait checking if JSONSerializer<T>::from_json(json const&, udt&) exists
+template <typename BasicJsonType, typename T, typename = void>
+struct has_from_json : std::false_type {};
+
+template <typename BasicJsonType, typename T>
+struct has_from_json<BasicJsonType, T,
+           enable_if_t<not is_basic_json<T>::value>>
+{
+    using serializer = typename BasicJsonType::template json_serializer<T, void>;
+
+    static constexpr bool value =
+        is_detected_exact<void, from_json_function, serializer,
+        const BasicJsonType&, T&>::value;
+};
+
+// This trait checks if JSONSerializer<T>::from_json(json const&) exists
+// this overload is used for non-default-constructible user-defined-types
+template <typename BasicJsonType, typename T, typename = void>
+struct has_non_default_from_json : std::false_type {};
+
+template<typename BasicJsonType, typename T>
+struct has_non_default_from_json<BasicJsonType, T, enable_if_t<not is_basic_json<T>::value>>
+{
+    using serializer = typename BasicJsonType::template json_serializer<T, void>;
+
+    static constexpr bool value =
+        is_detected_exact<T, from_json_function, serializer,
+        const BasicJsonType&>::value;
+};
+
+// This trait checks if BasicJsonType::json_serializer<T>::to_json exists
+// Do not evaluate the trait when T is a basic_json type, to avoid template instantiation infinite recursion.
+template <typename BasicJsonType, typename T, typename = void>
+struct has_to_json : std::false_type {};
+
+template <typename BasicJsonType, typename T>
+struct has_to_json<BasicJsonType, T, enable_if_t<not is_basic_json<T>::value>>
+{
+    using serializer = typename BasicJsonType::template json_serializer<T, void>;
+
+    static constexpr bool value =
+        is_detected_exact<void, to_json_function, serializer, BasicJsonType&,
+        T>::value;
+};
+
+
+///////////////////
+// is_ functions //
+///////////////////
+
+template <typename T, typename = void>
+struct is_iterator_traits : std::false_type {};
+
+template <typename T>
+struct is_iterator_traits<iterator_traits<T>>
+{
+  private:
+    using traits = iterator_traits<T>;
+
+  public:
+    static constexpr auto value =
+        is_detected<value_type_t, traits>::value &&
+        is_detected<difference_type_t, traits>::value &&
+        is_detected<pointer_t, traits>::value &&
+        is_detected<iterator_category_t, traits>::value &&
+        is_detected<reference_t, traits>::value;
+};
+
+// source: https://stackoverflow.com/a/37193089/4116453
+
+template <typename T, typename = void>
+struct is_complete_type : std::false_type {};
+
+template <typename T>
+struct is_complete_type<T, decltype(void(sizeof(T)))> : std::true_type {};
+
+template <typename BasicJsonType, typename CompatibleObjectType,
+          typename = void>
+struct is_compatible_object_type_impl : std::false_type {};
+
+template <typename BasicJsonType, typename CompatibleObjectType>
+struct is_compatible_object_type_impl <
+    BasicJsonType, CompatibleObjectType,
+    enable_if_t<is_detected<mapped_type_t, CompatibleObjectType>::value and
+    is_detected<key_type_t, CompatibleObjectType>::value >>
+{
+
+    using object_t = typename BasicJsonType::object_t;
+
+    // macOS's is_constructible does not play well with nonesuch...
+    static constexpr bool value =
+        std::is_constructible<typename object_t::key_type,
+        typename CompatibleObjectType::key_type>::value and
+        std::is_constructible<typename object_t::mapped_type,
+        typename CompatibleObjectType::mapped_type>::value;
+};
+
+template <typename BasicJsonType, typename CompatibleObjectType>
+struct is_compatible_object_type
+    : is_compatible_object_type_impl<BasicJsonType, CompatibleObjectType> {};
+
+template <typename BasicJsonType, typename ConstructibleObjectType,
+          typename = void>
+struct is_constructible_object_type_impl : std::false_type {};
+
+template <typename BasicJsonType, typename ConstructibleObjectType>
+struct is_constructible_object_type_impl <
+    BasicJsonType, ConstructibleObjectType,
+    enable_if_t<is_detected<mapped_type_t, ConstructibleObjectType>::value and
+    is_detected<key_type_t, ConstructibleObjectType>::value >>
+{
+    using object_t = typename BasicJsonType::object_t;
+
+    static constexpr bool value =
+        (std::is_constructible<typename ConstructibleObjectType::key_type, typename object_t::key_type>::value and
+         std::is_same<typename object_t::mapped_type, typename ConstructibleObjectType::mapped_type>::value) or
+        (has_from_json<BasicJsonType, typename ConstructibleObjectType::mapped_type>::value or
+         has_non_default_from_json<BasicJsonType, typename ConstructibleObjectType::mapped_type >::value);
+};
+
+template <typename BasicJsonType, typename ConstructibleObjectType>
+struct is_constructible_object_type
+    : is_constructible_object_type_impl<BasicJsonType,
+      ConstructibleObjectType> {};
+
+template <typename BasicJsonType, typename CompatibleStringType,
+          typename = void>
+struct is_compatible_string_type_impl : std::false_type {};
+
+template <typename BasicJsonType, typename CompatibleStringType>
+struct is_compatible_string_type_impl <
+    BasicJsonType, CompatibleStringType,
+    enable_if_t<is_detected_exact<typename BasicJsonType::string_t::value_type,
+    value_type_t, CompatibleStringType>::value >>
+{
+    static constexpr auto value =
+        std::is_constructible<typename BasicJsonType::string_t, CompatibleStringType>::value;
+};
+
+template <typename BasicJsonType, typename ConstructibleStringType>
+struct is_compatible_string_type
+    : is_compatible_string_type_impl<BasicJsonType, ConstructibleStringType> {};
+
+template <typename BasicJsonType, typename ConstructibleStringType,
+          typename = void>
+struct is_constructible_string_type_impl : std::false_type {};
+
+template <typename BasicJsonType, typename ConstructibleStringType>
+struct is_constructible_string_type_impl <
+    BasicJsonType, ConstructibleStringType,
+    enable_if_t<is_detected_exact<typename BasicJsonType::string_t::value_type,
+    value_type_t, ConstructibleStringType>::value >>
+{
+    static constexpr auto value =
+        std::is_constructible<ConstructibleStringType,
+        typename BasicJsonType::string_t>::value;
+};
+
+template <typename BasicJsonType, typename ConstructibleStringType>
+struct is_constructible_string_type
+    : is_constructible_string_type_impl<BasicJsonType, ConstructibleStringType> {};
+
+template <typename BasicJsonType, typename CompatibleArrayType, typename = void>
+struct is_compatible_array_type_impl : std::false_type {};
+
+template <typename BasicJsonType, typename CompatibleArrayType>
+struct is_compatible_array_type_impl <
+    BasicJsonType, CompatibleArrayType,
+    enable_if_t<is_detected<value_type_t, CompatibleArrayType>::value and
+    is_detected<iterator_t, CompatibleArrayType>::value and
+// This is needed because json_reverse_iterator has a ::iterator type...
+// Therefore it is detected as a CompatibleArrayType.
+// The real fix would be to have an Iterable concept.
+    not is_iterator_traits<
+    iterator_traits<CompatibleArrayType>>::value >>
+{
+    static constexpr bool value =
+        std::is_constructible<BasicJsonType,
+        typename CompatibleArrayType::value_type>::value;
+};
+
+template <typename BasicJsonType, typename CompatibleArrayType>
+struct is_compatible_array_type
+    : is_compatible_array_type_impl<BasicJsonType, CompatibleArrayType> {};
+
+template <typename BasicJsonType, typename ConstructibleArrayType, typename = void>
+struct is_constructible_array_type_impl : std::false_type {};
+
+template <typename BasicJsonType, typename ConstructibleArrayType>
+struct is_constructible_array_type_impl <
+    BasicJsonType, ConstructibleArrayType,
+    enable_if_t<std::is_same<ConstructibleArrayType,
+    typename BasicJsonType::value_type>::value >>
+            : std::true_type {};
+
+template <typename BasicJsonType, typename ConstructibleArrayType>
+struct is_constructible_array_type_impl <
+    BasicJsonType, ConstructibleArrayType,
+    enable_if_t<not std::is_same<ConstructibleArrayType,
+    typename BasicJsonType::value_type>::value and
+    is_detected<value_type_t, ConstructibleArrayType>::value and
+    is_detected<iterator_t, ConstructibleArrayType>::value and
+    is_complete_type<
+    detected_t<value_type_t, ConstructibleArrayType>>::value >>
+{
+    static constexpr bool value =
+        // This is needed because json_reverse_iterator has a ::iterator type,
+        // furthermore, std::back_insert_iterator (and other iterators) have a base class `iterator`...
+        // Therefore it is detected as a ConstructibleArrayType.
+        // The real fix would be to have an Iterable concept.
+        not is_iterator_traits <
+        iterator_traits<ConstructibleArrayType >>::value and
+
+        (std::is_same<typename ConstructibleArrayType::value_type, typename BasicJsonType::array_t::value_type>::value or
+         has_from_json<BasicJsonType,
+         typename ConstructibleArrayType::value_type>::value or
+         has_non_default_from_json <
+         BasicJsonType, typename ConstructibleArrayType::value_type >::value);
+};
+
+template <typename BasicJsonType, typename ConstructibleArrayType>
+struct is_constructible_array_type
+    : is_constructible_array_type_impl<BasicJsonType, ConstructibleArrayType> {};
+
+template <typename RealIntegerType, typename CompatibleNumberIntegerType,
+          typename = void>
+struct is_compatible_integer_type_impl : std::false_type {};
+
+template <typename RealIntegerType, typename CompatibleNumberIntegerType>
+struct is_compatible_integer_type_impl <
+    RealIntegerType, CompatibleNumberIntegerType,
+    enable_if_t<std::is_integral<RealIntegerType>::value and
+    std::is_integral<CompatibleNumberIntegerType>::value and
+    not std::is_same<bool, CompatibleNumberIntegerType>::value >>
+{
+    // is there an assert somewhere on overflows?
+    using RealLimits = std::numeric_limits<RealIntegerType>;
+    using CompatibleLimits = std::numeric_limits<CompatibleNumberIntegerType>;
+
+    static constexpr auto value =
+        std::is_constructible<RealIntegerType,
+        CompatibleNumberIntegerType>::value and
+        CompatibleLimits::is_integer and
+        RealLimits::is_signed == CompatibleLimits::is_signed;
+};
+
+template <typename RealIntegerType, typename CompatibleNumberIntegerType>
+struct is_compatible_integer_type
+    : is_compatible_integer_type_impl<RealIntegerType,
+      CompatibleNumberIntegerType> {};
+
+template <typename BasicJsonType, typename CompatibleType, typename = void>
+struct is_compatible_type_impl: std::false_type {};
+
+template <typename BasicJsonType, typename CompatibleType>
+struct is_compatible_type_impl <
+    BasicJsonType, CompatibleType,
+    enable_if_t<is_complete_type<CompatibleType>::value >>
+{
+    static constexpr bool value =
+        has_to_json<BasicJsonType, CompatibleType>::value;
+};
+
+template <typename BasicJsonType, typename CompatibleType>
+struct is_compatible_type
+    : is_compatible_type_impl<BasicJsonType, CompatibleType> {};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+
+#include <exception> // exception
+#include <stdexcept> // runtime_error
+#include <string> // to_string
+
+// #include <nlohmann/detail/input/position_t.hpp>
+
+
+#include <cstddef> // size_t
+
+namespace nlohmann
+{
+namespace detail
+{
+/// struct to capture the start position of the current token
+struct position_t
+{
+    /// the total number of characters read
+    std::size_t chars_read_total = 0;
+    /// the number of characters read in the current line
+    std::size_t chars_read_current_line = 0;
+    /// the number of lines read
+    std::size_t lines_read = 0;
+
+    /// conversion to size_t to preserve SAX interface
+    constexpr operator size_t() const
+    {
+        return chars_read_total;
+    }
+};
+
+}
+}
+
+
+namespace nlohmann
+{
+namespace detail
+{
+////////////////
+// exceptions //
+////////////////
+
+/*!
+@brief general exception of the @ref basic_json class
+
+This class is an extension of `std::exception` objects with a member @a id for
+exception ids. It is used as the base class for all exceptions thrown by the
+@ref basic_json class. This class can hence be used as "wildcard" to catch
+exceptions.
+
+Subclasses:
+- @ref parse_error for exceptions indicating a parse error
+- @ref invalid_iterator for exceptions indicating errors with iterators
+- @ref type_error for exceptions indicating executing a member function with
+                  a wrong type
+- @ref out_of_range for exceptions indicating access out of the defined range
+- @ref other_error for exceptions indicating other library errors
+
+@internal
+@note To have nothrow-copy-constructible exceptions, we internally use
+      `std::runtime_error` which can cope with arbitrary-length error messages.
+      Intermediate strings are built with static functions and then passed to
+      the actual constructor.
+@endinternal
+
+@liveexample{The following code shows how arbitrary library exceptions can be
+caught.,exception}
+
+@since version 3.0.0
+*/
+class exception : public std::exception
+{
+  public:
+    /// returns the explanatory string
+    const char* what() const noexcept override
+    {
+        return m.what();
+    }
+
+    /// the id of the exception
+    const int id;
+
+  protected:
+    exception(int id_, const char* what_arg) : id(id_), m(what_arg) {}
+
+    static std::string name(const std::string& ename, int id_)
+    {
+        return "[json.exception." + ename + "." + std::to_string(id_) + "] ";
+    }
+
+  private:
+    /// an exception object as storage for error messages
+    std::runtime_error m;
+};
+
+/*!
+@brief exception indicating a parse error
+
+This exception is thrown by the library when a parse error occurs. Parse errors
+can occur during the deserialization of JSON text, CBOR, MessagePack, as well
+as when using JSON Patch.
+
+Member @a byte holds the byte index of the last read character in the input
+file.
+
+Exceptions have ids 1xx.
+
+name / id                      | example message | description
+------------------------------ | --------------- | -------------------------
+json.exception.parse_error.101 | parse error at 2: unexpected end of input; expected string literal | This error indicates a syntax error while deserializing a JSON text. The error message describes that an unexpected token (character) was encountered, and the member @a byte indicates the error position.
+json.exception.parse_error.102 | parse error at 14: missing or wrong low surrogate | JSON uses the `\uxxxx` format to describe Unicode characters. Code points above above 0xFFFF are split into two `\uxxxx` entries ("surrogate pairs"). This error indicates that the surrogate pair is incomplete or contains an invalid code point.
+json.exception.parse_error.103 | parse error: code points above 0x10FFFF are invalid | Unicode supports code points up to 0x10FFFF. Code points above 0x10FFFF are invalid.
+json.exception.parse_error.104 | parse error: JSON patch must be an array of objects | [RFC 6902](https://tools.ietf.org/html/rfc6902) requires a JSON Patch document to be a JSON document that represents an array of objects.
+json.exception.parse_error.105 | parse error: operation must have string member 'op' | An operation of a JSON Patch document must contain exactly one "op" member, whose value indicates the operation to perform. Its value must be one of "add", "remove", "replace", "move", "copy", or "test"; other values are errors.
+json.exception.parse_error.106 | parse error: array index '01' must not begin with '0' | An array index in a JSON Pointer ([RFC 6901](https://tools.ietf.org/html/rfc6901)) may be `0` or any number without a leading `0`.
+json.exception.parse_error.107 | parse error: JSON pointer must be empty or begin with '/' - was: 'foo' | A JSON Pointer must be a Unicode string containing a sequence of zero or more reference tokens, each prefixed by a `/` character.
+json.exception.parse_error.108 | parse error: escape character '~' must be followed with '0' or '1' | In a JSON Pointer, only `~0` and `~1` are valid escape sequences.
+json.exception.parse_error.109 | parse error: array index 'one' is not a number | A JSON Pointer array index must be a number.
+json.exception.parse_error.110 | parse error at 1: cannot read 2 bytes from vector | When parsing CBOR or MessagePack, the byte vector ends before the complete value has been read.
+json.exception.parse_error.112 | parse error at 1: error reading CBOR; last byte: 0xF8 | Not all types of CBOR or MessagePack are supported. This exception occurs if an unsupported byte was read.
+json.exception.parse_error.113 | parse error at 2: expected a CBOR string; last byte: 0x98 | While parsing a map key, a value that is not a string has been read.
+json.exception.parse_error.114 | parse error: Unsupported BSON record type 0x0F | The parsing of the corresponding BSON record type is not implemented (yet).
+
+@note For an input with n bytes, 1 is the index of the first character and n+1
+      is the index of the terminating null byte or the end of file. This also
+      holds true when reading a byte vector (CBOR or MessagePack).
+
+@liveexample{The following code shows how a `parse_error` exception can be
+caught.,parse_error}
+
+@sa @ref exception for the base class of the library exceptions
+@sa @ref invalid_iterator for exceptions indicating errors with iterators
+@sa @ref type_error for exceptions indicating executing a member function with
+                    a wrong type
+@sa @ref out_of_range for exceptions indicating access out of the defined range
+@sa @ref other_error for exceptions indicating other library errors
+
+@since version 3.0.0
+*/
+class parse_error : public exception
+{
+  public:
+    /*!
+    @brief create a parse error exception
+    @param[in] id_       the id of the exception
+    @param[in] position  the position where the error occurred (or with
+                         chars_read_total=0 if the position cannot be
+                         determined)
+    @param[in] what_arg  the explanatory string
+    @return parse_error object
+    */
+    static parse_error create(int id_, const position_t& pos, const std::string& what_arg)
+    {
+        std::string w = exception::name("parse_error", id_) + "parse error" +
+                        position_string(pos) + ": " + what_arg;
+        return parse_error(id_, pos.chars_read_total, w.c_str());
+    }
+
+    static parse_error create(int id_, std::size_t byte_, const std::string& what_arg)
+    {
+        std::string w = exception::name("parse_error", id_) + "parse error" +
+                        (byte_ != 0 ? (" at byte " + std::to_string(byte_)) : "") +
+                        ": " + what_arg;
+        return parse_error(id_, byte_, w.c_str());
+    }
+
+    /*!
+    @brief byte index of the parse error
+
+    The byte index of the last read character in the input file.
+
+    @note For an input with n bytes, 1 is the index of the first character and
+          n+1 is the index of the terminating null byte or the end of file.
+          This also holds true when reading a byte vector (CBOR or MessagePack).
+    */
+    const std::size_t byte;
+
+  private:
+    parse_error(int id_, std::size_t byte_, const char* what_arg)
+        : exception(id_, what_arg), byte(byte_) {}
+
+    static std::string position_string(const position_t& pos)
+    {
+        return " at line " + std::to_string(pos.lines_read + 1) +
+               ", column " + std::to_string(pos.chars_read_current_line);
+    }
+};
+
+/*!
+@brief exception indicating errors with iterators
+
+This exception is thrown if iterators passed to a library function do not match
+the expected semantics.
+
+Exceptions have ids 2xx.
+
+name / id                           | example message | description
+----------------------------------- | --------------- | -------------------------
+json.exception.invalid_iterator.201 | iterators are not compatible | The iterators passed to constructor @ref basic_json(InputIT first, InputIT last) are not compatible, meaning they do not belong to the same container. Therefore, the range (@a first, @a last) is invalid.
+json.exception.invalid_iterator.202 | iterator does not fit current value | In an erase or insert function, the passed iterator @a pos does not belong to the JSON value for which the function was called. It hence does not define a valid position for the deletion/insertion.
+json.exception.invalid_iterator.203 | iterators do not fit current value | Either iterator passed to function @ref erase(IteratorType first, IteratorType last) does not belong to the JSON value from which values shall be erased. It hence does not define a valid range to delete values from.
+json.exception.invalid_iterator.204 | iterators out of range | When an iterator range for a primitive type (number, boolean, or string) is passed to a constructor or an erase function, this range has to be exactly (@ref begin(), @ref end()), because this is the only way the single stored value is expressed. All other ranges are invalid.
+json.exception.invalid_iterator.205 | iterator out of range | When an iterator for a primitive type (number, boolean, or string) is passed to an erase function, the iterator has to be the @ref begin() iterator, because it is the only way to address the stored value. All other iterators are invalid.
+json.exception.invalid_iterator.206 | cannot construct with iterators from null | The iterators passed to constructor @ref basic_json(InputIT first, InputIT last) belong to a JSON null value and hence to not define a valid range.
+json.exception.invalid_iterator.207 | cannot use key() for non-object iterators | The key() member function can only be used on iterators belonging to a JSON object, because other types do not have a concept of a key.
+json.exception.invalid_iterator.208 | cannot use operator[] for object iterators | The operator[] to specify a concrete offset cannot be used on iterators belonging to a JSON object, because JSON objects are unordered.
+json.exception.invalid_iterator.209 | cannot use offsets with object iterators | The offset operators (+, -, +=, -=) cannot be used on iterators belonging to a JSON object, because JSON objects are unordered.
+json.exception.invalid_iterator.210 | iterators do not fit | The iterator range passed to the insert function are not compatible, meaning they do not belong to the same container. Therefore, the range (@a first, @a last) is invalid.
+json.exception.invalid_iterator.211 | passed iterators may not belong to container | The iterator range passed to the insert function must not be a subrange of the container to insert to.
+json.exception.invalid_iterator.212 | cannot compare iterators of different containers | When two iterators are compared, they must belong to the same container.
+json.exception.invalid_iterator.213 | cannot compare order of object iterators | The order of object iterators cannot be compared, because JSON objects are unordered.
+json.exception.invalid_iterator.214 | cannot get value | Cannot get value for iterator: Either the iterator belongs to a null value or it is an iterator to a primitive type (number, boolean, or string), but the iterator is different to @ref begin().
+
+@liveexample{The following code shows how an `invalid_iterator` exception can be
+caught.,invalid_iterator}
+
+@sa @ref exception for the base class of the library exceptions
+@sa @ref parse_error for exceptions indicating a parse error
+@sa @ref type_error for exceptions indicating executing a member function with
+                    a wrong type
+@sa @ref out_of_range for exceptions indicating access out of the defined range
+@sa @ref other_error for exceptions indicating other library errors
+
+@since version 3.0.0
+*/
+class invalid_iterator : public exception
+{
+  public:
+    static invalid_iterator create(int id_, const std::string& what_arg)
+    {
+        std::string w = exception::name("invalid_iterator", id_) + what_arg;
+        return invalid_iterator(id_, w.c_str());
+    }
+
+  private:
+    invalid_iterator(int id_, const char* what_arg)
+        : exception(id_, what_arg) {}
+};
+
+/*!
+@brief exception indicating executing a member function with a wrong type
+
+This exception is thrown in case of a type error; that is, a library function is
+executed on a JSON value whose type does not match the expected semantics.
+
+Exceptions have ids 3xx.
+
+name / id                     | example message | description
+----------------------------- | --------------- | -------------------------
+json.exception.type_error.301 | cannot create object from initializer list | To create an object from an initializer list, the initializer list must consist only of a list of pairs whose first element is a string. When this constraint is violated, an array is created instead.
+json.exception.type_error.302 | type must be object, but is array | During implicit or explicit value conversion, the JSON type must be compatible to the target type. For instance, a JSON string can only be converted into string types, but not into numbers or boolean types.
+json.exception.type_error.303 | incompatible ReferenceType for get_ref, actual type is object | To retrieve a reference to a value stored in a @ref basic_json object with @ref get_ref, the type of the reference must match the value type. For instance, for a JSON array, the @a ReferenceType must be @ref array_t&.
+json.exception.type_error.304 | cannot use at() with string | The @ref at() member functions can only be executed for certain JSON types.
+json.exception.type_error.305 | cannot use operator[] with string | The @ref operator[] member functions can only be executed for certain JSON types.
+json.exception.type_error.306 | cannot use value() with string | The @ref value() member functions can only be executed for certain JSON types.
+json.exception.type_error.307 | cannot use erase() with string | The @ref erase() member functions can only be executed for certain JSON types.
+json.exception.type_error.308 | cannot use push_back() with string | The @ref push_back() and @ref operator+= member functions can only be executed for certain JSON types.
+json.exception.type_error.309 | cannot use insert() with | The @ref insert() member functions can only be executed for certain JSON types.
+json.exception.type_error.310 | cannot use swap() with number | The @ref swap() member functions can only be executed for certain JSON types.
+json.exception.type_error.311 | cannot use emplace_back() with string | The @ref emplace_back() member function can only be executed for certain JSON types.
+json.exception.type_error.312 | cannot use update() with string | The @ref update() member functions can only be executed for certain JSON types.
+json.exception.type_error.313 | invalid value to unflatten | The @ref unflatten function converts an object whose keys are JSON Pointers back into an arbitrary nested JSON value. The JSON Pointers must not overlap, because then the resulting value would not be well defined.
+json.exception.type_error.314 | only objects can be unflattened | The @ref unflatten function only works for an object whose keys are JSON Pointers.
+json.exception.type_error.315 | values in object must be primitive | The @ref unflatten function only works for an object whose keys are JSON Pointers and whose values are primitive.
+json.exception.type_error.316 | invalid UTF-8 byte at index 10: 0x7E | The @ref dump function only works with UTF-8 encoded strings; that is, if you assign a `std::string` to a JSON value, make sure it is UTF-8 encoded. |
+json.exception.type_error.317 | JSON value cannot be serialized to requested format | The dynamic type of the object cannot be represented in the requested serialization format (e.g. a raw `true` or `null` JSON object cannot be serialized to BSON) |
+
+@liveexample{The following code shows how a `type_error` exception can be
+caught.,type_error}
+
+@sa @ref exception for the base class of the library exceptions
+@sa @ref parse_error for exceptions indicating a parse error
+@sa @ref invalid_iterator for exceptions indicating errors with iterators
+@sa @ref out_of_range for exceptions indicating access out of the defined range
+@sa @ref other_error for exceptions indicating other library errors
+
+@since version 3.0.0
+*/
+class type_error : public exception
+{
+  public:
+    static type_error create(int id_, const std::string& what_arg)
+    {
+        std::string w = exception::name("type_error", id_) + what_arg;
+        return type_error(id_, w.c_str());
+    }
+
+  private:
+    type_error(int id_, const char* what_arg) : exception(id_, what_arg) {}
+};
+
+/*!
+@brief exception indicating access out of the defined range
+
+This exception is thrown in case a library function is called on an input
+parameter that exceeds the expected range, for instance in case of array
+indices or nonexisting object keys.
+
+Exceptions have ids 4xx.
+
+name / id                       | example message | description
+------------------------------- | --------------- | -------------------------
+json.exception.out_of_range.401 | array index 3 is out of range | The provided array index @a i is larger than @a size-1.
+json.exception.out_of_range.402 | array index '-' (3) is out of range | The special array index `-` in a JSON Pointer never describes a valid element of the array, but the index past the end. That is, it can only be used to add elements at this position, but not to read it.
+json.exception.out_of_range.403 | key 'foo' not found | The provided key was not found in the JSON object.
+json.exception.out_of_range.404 | unresolved reference token 'foo' | A reference token in a JSON Pointer could not be resolved.
+json.exception.out_of_range.405 | JSON pointer has no parent | The JSON Patch operations 'remove' and 'add' can not be applied to the root element of the JSON value.
+json.exception.out_of_range.406 | number overflow parsing '10E1000' | A parsed number could not be stored as without changing it to NaN or INF.
+json.exception.out_of_range.407 | number overflow serializing '9223372036854775808' | UBJSON and BSON only support integer numbers up to 9223372036854775807. |
+json.exception.out_of_range.408 | excessive array size: 8658170730974374167 | The size (following `#`) of an UBJSON array or object exceeds the maximal capacity. |
+json.exception.out_of_range.409 | BSON key cannot contain code point U+0000 (at byte 2) | Key identifiers to be serialized to BSON cannot contain code point U+0000, since the key is stored as zero-terminated c-string |
+
+@liveexample{The following code shows how an `out_of_range` exception can be
+caught.,out_of_range}
+
+@sa @ref exception for the base class of the library exceptions
+@sa @ref parse_error for exceptions indicating a parse error
+@sa @ref invalid_iterator for exceptions indicating errors with iterators
+@sa @ref type_error for exceptions indicating executing a member function with
+                    a wrong type
+@sa @ref other_error for exceptions indicating other library errors
+
+@since version 3.0.0
+*/
+class out_of_range : public exception
+{
+  public:
+    static out_of_range create(int id_, const std::string& what_arg)
+    {
+        std::string w = exception::name("out_of_range", id_) + what_arg;
+        return out_of_range(id_, w.c_str());
+    }
+
+  private:
+    out_of_range(int id_, const char* what_arg) : exception(id_, what_arg) {}
+};
+
+/*!
+@brief exception indicating other library errors
+
+This exception is thrown in case of errors that cannot be classified with the
+other exception types.
+
+Exceptions have ids 5xx.
+
+name / id                      | example message | description
+------------------------------ | --------------- | -------------------------
+json.exception.other_error.501 | unsuccessful: {"op":"test","path":"/baz", "value":"bar"} | A JSON Patch operation 'test' failed. The unsuccessful operation is also printed.
+
+@sa @ref exception for the base class of the library exceptions
+@sa @ref parse_error for exceptions indicating a parse error
+@sa @ref invalid_iterator for exceptions indicating errors with iterators
+@sa @ref type_error for exceptions indicating executing a member function with
+                    a wrong type
+@sa @ref out_of_range for exceptions indicating access out of the defined range
+
+@liveexample{The following code shows how an `other_error` exception can be
+caught.,other_error}
+
+@since version 3.0.0
+*/
+class other_error : public exception
+{
+  public:
+    static other_error create(int id_, const std::string& what_arg)
+    {
+        std::string w = exception::name("other_error", id_) + what_arg;
+        return other_error(id_, w.c_str());
+    }
+
+  private:
+    other_error(int id_, const char* what_arg) : exception(id_, what_arg) {}
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/value_t.hpp>
+
+
+#include <array> // array
+#include <ciso646> // and
+#include <cstddef> // size_t
+#include <cstdint> // uint8_t
+
+namespace nlohmann
+{
+namespace detail
+{
+///////////////////////////
+// JSON type enumeration //
+///////////////////////////
+
+/*!
+@brief the JSON type enumeration
+
+This enumeration collects the different JSON types. It is internally used to
+distinguish the stored values, and the functions @ref basic_json::is_null(),
+@ref basic_json::is_object(), @ref basic_json::is_array(),
+@ref basic_json::is_string(), @ref basic_json::is_boolean(),
+@ref basic_json::is_number() (with @ref basic_json::is_number_integer(),
+@ref basic_json::is_number_unsigned(), and @ref basic_json::is_number_float()),
+@ref basic_json::is_discarded(), @ref basic_json::is_primitive(), and
+@ref basic_json::is_structured() rely on it.
+
+@note There are three enumeration entries (number_integer, number_unsigned, and
+number_float), because the library distinguishes these three types for numbers:
+@ref basic_json::number_unsigned_t is used for unsigned integers,
+@ref basic_json::number_integer_t is used for signed integers, and
+@ref basic_json::number_float_t is used for floating-point numbers or to
+approximate integers which do not fit in the limits of their respective type.
+
+@sa @ref basic_json::basic_json(const value_t value_type) -- create a JSON
+value with the default value for a given type
+
+@since version 1.0.0
+*/
+enum class value_t : std::uint8_t
+{
+    null,             ///< null value
+    object,           ///< object (unordered set of name/value pairs)
+    array,            ///< array (ordered collection of values)
+    string,           ///< string value
+    boolean,          ///< boolean value
+    number_integer,   ///< number value (signed integer)
+    number_unsigned,  ///< number value (unsigned integer)
+    number_float,     ///< number value (floating-point)
+    discarded         ///< discarded by the the parser callback function
+};
+
+/*!
+@brief comparison operator for JSON types
+
+Returns an ordering that is similar to Python:
+- order: null < boolean < number < object < array < string
+- furthermore, each type is not smaller than itself
+- discarded values are not comparable
+
+@since version 1.0.0
+*/
+inline bool operator<(const value_t lhs, const value_t rhs) noexcept
+{
+    static constexpr std::array<std::uint8_t, 8> order = {{
+            0 /* null */, 3 /* object */, 4 /* array */, 5 /* string */,
+            1 /* boolean */, 2 /* integer */, 2 /* unsigned */, 2 /* float */
+        }
+    };
+
+    const auto l_index = static_cast<std::size_t>(lhs);
+    const auto r_index = static_cast<std::size_t>(rhs);
+    return l_index < order.size() and r_index < order.size() and order[l_index] < order[r_index];
+}
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/conversions/from_json.hpp>
+
+
+#include <algorithm> // transform
+#include <array> // array
+#include <ciso646> // and, not
+#include <forward_list> // forward_list
+#include <iterator> // inserter, front_inserter, end
+#include <map> // map
+#include <string> // string
+#include <tuple> // tuple, make_tuple
+#include <type_traits> // is_arithmetic, is_same, is_enum, underlying_type, is_convertible
+#include <unordered_map> // unordered_map
+#include <utility> // pair, declval
+#include <valarray> // valarray
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+// #include <nlohmann/detail/meta/cpp_future.hpp>
+
+// #include <nlohmann/detail/meta/type_traits.hpp>
+
+// #include <nlohmann/detail/value_t.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+template<typename BasicJsonType>
+void from_json(const BasicJsonType& j, typename std::nullptr_t& n)
+{
+    if (JSON_UNLIKELY(not j.is_null()))
+    {
+        JSON_THROW(type_error::create(302, "type must be null, but is " + std::string(j.type_name())));
+    }
+    n = nullptr;
+}
+
+// overloads for basic_json template parameters
+template<typename BasicJsonType, typename ArithmeticType,
+         enable_if_t<std::is_arithmetic<ArithmeticType>::value and
+                     not std::is_same<ArithmeticType, typename BasicJsonType::boolean_t>::value,
+                     int> = 0>
+void get_arithmetic_value(const BasicJsonType& j, ArithmeticType& val)
+{
+    switch (static_cast<value_t>(j))
+    {
+        case value_t::number_unsigned:
+        {
+            val = static_cast<ArithmeticType>(*j.template get_ptr<const typename BasicJsonType::number_unsigned_t*>());
+            break;
+        }
+        case value_t::number_integer:
+        {
+            val = static_cast<ArithmeticType>(*j.template get_ptr<const typename BasicJsonType::number_integer_t*>());
+            break;
+        }
+        case value_t::number_float:
+        {
+            val = static_cast<ArithmeticType>(*j.template get_ptr<const typename BasicJsonType::number_float_t*>());
+            break;
+        }
+
+        default:
+            JSON_THROW(type_error::create(302, "type must be number, but is " + std::string(j.type_name())));
+    }
+}
+
+template<typename BasicJsonType>
+void from_json(const BasicJsonType& j, typename BasicJsonType::boolean_t& b)
+{
+    if (JSON_UNLIKELY(not j.is_boolean()))
+    {
+        JSON_THROW(type_error::create(302, "type must be boolean, but is " + std::string(j.type_name())));
+    }
+    b = *j.template get_ptr<const typename BasicJsonType::boolean_t*>();
+}
+
+template<typename BasicJsonType>
+void from_json(const BasicJsonType& j, typename BasicJsonType::string_t& s)
+{
+    if (JSON_UNLIKELY(not j.is_string()))
+    {
+        JSON_THROW(type_error::create(302, "type must be string, but is " + std::string(j.type_name())));
+    }
+    s = *j.template get_ptr<const typename BasicJsonType::string_t*>();
+}
+
+template <
+    typename BasicJsonType, typename ConstructibleStringType,
+    enable_if_t <
+        is_constructible_string_type<BasicJsonType, ConstructibleStringType>::value and
+        not std::is_same<typename BasicJsonType::string_t,
+                         ConstructibleStringType>::value,
+        int > = 0 >
+void from_json(const BasicJsonType& j, ConstructibleStringType& s)
+{
+    if (JSON_UNLIKELY(not j.is_string()))
+    {
+        JSON_THROW(type_error::create(302, "type must be string, but is " + std::string(j.type_name())));
+    }
+
+    s = *j.template get_ptr<const typename BasicJsonType::string_t*>();
+}
+
+template<typename BasicJsonType>
+void from_json(const BasicJsonType& j, typename BasicJsonType::number_float_t& val)
+{
+    get_arithmetic_value(j, val);
+}
+
+template<typename BasicJsonType>
+void from_json(const BasicJsonType& j, typename BasicJsonType::number_unsigned_t& val)
+{
+    get_arithmetic_value(j, val);
+}
+
+template<typename BasicJsonType>
+void from_json(const BasicJsonType& j, typename BasicJsonType::number_integer_t& val)
+{
+    get_arithmetic_value(j, val);
+}
+
+template<typename BasicJsonType, typename EnumType,
+         enable_if_t<std::is_enum<EnumType>::value, int> = 0>
+void from_json(const BasicJsonType& j, EnumType& e)
+{
+    typename std::underlying_type<EnumType>::type val;
+    get_arithmetic_value(j, val);
+    e = static_cast<EnumType>(val);
+}
+
+// forward_list doesn't have an insert method
+template<typename BasicJsonType, typename T, typename Allocator,
+         enable_if_t<std::is_convertible<BasicJsonType, T>::value, int> = 0>
+void from_json(const BasicJsonType& j, std::forward_list<T, Allocator>& l)
+{
+    if (JSON_UNLIKELY(not j.is_array()))
+    {
+        JSON_THROW(type_error::create(302, "type must be array, but is " + std::string(j.type_name())));
+    }
+    std::transform(j.rbegin(), j.rend(),
+                   std::front_inserter(l), [](const BasicJsonType & i)
+    {
+        return i.template get<T>();
+    });
+}
+
+// valarray doesn't have an insert method
+template<typename BasicJsonType, typename T,
+         enable_if_t<std::is_convertible<BasicJsonType, T>::value, int> = 0>
+void from_json(const BasicJsonType& j, std::valarray<T>& l)
+{
+    if (JSON_UNLIKELY(not j.is_array()))
+    {
+        JSON_THROW(type_error::create(302, "type must be array, but is " + std::string(j.type_name())));
+    }
+    l.resize(j.size());
+    std::copy(j.m_value.array->begin(), j.m_value.array->end(), std::begin(l));
+}
+
+template<typename BasicJsonType>
+void from_json_array_impl(const BasicJsonType& j, typename BasicJsonType::array_t& arr, priority_tag<3> /*unused*/)
+{
+    arr = *j.template get_ptr<const typename BasicJsonType::array_t*>();
+}
+
+template <typename BasicJsonType, typename T, std::size_t N>
+auto from_json_array_impl(const BasicJsonType& j, std::array<T, N>& arr,
+                          priority_tag<2> /*unused*/)
+-> decltype(j.template get<T>(), void())
+{
+    for (std::size_t i = 0; i < N; ++i)
+    {
+        arr[i] = j.at(i).template get<T>();
+    }
+}
+
+template<typename BasicJsonType, typename ConstructibleArrayType>
+auto from_json_array_impl(const BasicJsonType& j, ConstructibleArrayType& arr, priority_tag<1> /*unused*/)
+-> decltype(
+    arr.reserve(std::declval<typename ConstructibleArrayType::size_type>()),
+    j.template get<typename ConstructibleArrayType::value_type>(),
+    void())
+{
+    using std::end;
+
+    arr.reserve(j.size());
+    std::transform(j.begin(), j.end(),
+                   std::inserter(arr, end(arr)), [](const BasicJsonType & i)
+    {
+        // get<BasicJsonType>() returns *this, this won't call a from_json
+        // method when value_type is BasicJsonType
+        return i.template get<typename ConstructibleArrayType::value_type>();
+    });
+}
+
+template <typename BasicJsonType, typename ConstructibleArrayType>
+void from_json_array_impl(const BasicJsonType& j, ConstructibleArrayType& arr,
+                          priority_tag<0> /*unused*/)
+{
+    using std::end;
+
+    std::transform(
+        j.begin(), j.end(), std::inserter(arr, end(arr)),
+        [](const BasicJsonType & i)
+    {
+        // get<BasicJsonType>() returns *this, this won't call a from_json
+        // method when value_type is BasicJsonType
+        return i.template get<typename ConstructibleArrayType::value_type>();
+    });
+}
+
+template <typename BasicJsonType, typename ConstructibleArrayType,
+          enable_if_t <
+              is_constructible_array_type<BasicJsonType, ConstructibleArrayType>::value and
+              not is_constructible_object_type<BasicJsonType, ConstructibleArrayType>::value and
+              not is_constructible_string_type<BasicJsonType, ConstructibleArrayType>::value and
+              not is_basic_json<ConstructibleArrayType>::value,
+              int > = 0 >
+
+auto from_json(const BasicJsonType& j, ConstructibleArrayType& arr)
+-> decltype(from_json_array_impl(j, arr, priority_tag<3> {}),
+j.template get<typename ConstructibleArrayType::value_type>(),
+void())
+{
+    if (JSON_UNLIKELY(not j.is_array()))
+    {
+        JSON_THROW(type_error::create(302, "type must be array, but is " +
+                                      std::string(j.type_name())));
+    }
+
+    from_json_array_impl(j, arr, priority_tag<3> {});
+}
+
+template<typename BasicJsonType, typename ConstructibleObjectType,
+         enable_if_t<is_constructible_object_type<BasicJsonType, ConstructibleObjectType>::value, int> = 0>
+void from_json(const BasicJsonType& j, ConstructibleObjectType& obj)
+{
+    if (JSON_UNLIKELY(not j.is_object()))
+    {
+        JSON_THROW(type_error::create(302, "type must be object, but is " + std::string(j.type_name())));
+    }
+
+    auto inner_object = j.template get_ptr<const typename BasicJsonType::object_t*>();
+    using value_type = typename ConstructibleObjectType::value_type;
+    std::transform(
+        inner_object->begin(), inner_object->end(),
+        std::inserter(obj, obj.begin()),
+        [](typename BasicJsonType::object_t::value_type const & p)
+    {
+        return value_type(p.first, p.second.template get<typename ConstructibleObjectType::mapped_type>());
+    });
+}
+
+// overload for arithmetic types, not chosen for basic_json template arguments
+// (BooleanType, etc..); note: Is it really necessary to provide explicit
+// overloads for boolean_t etc. in case of a custom BooleanType which is not
+// an arithmetic type?
+template<typename BasicJsonType, typename ArithmeticType,
+         enable_if_t <
+             std::is_arithmetic<ArithmeticType>::value and
+             not std::is_same<ArithmeticType, typename BasicJsonType::number_unsigned_t>::value and
+             not std::is_same<ArithmeticType, typename BasicJsonType::number_integer_t>::value and
+             not std::is_same<ArithmeticType, typename BasicJsonType::number_float_t>::value and
+             not std::is_same<ArithmeticType, typename BasicJsonType::boolean_t>::value,
+             int> = 0>
+void from_json(const BasicJsonType& j, ArithmeticType& val)
+{
+    switch (static_cast<value_t>(j))
+    {
+        case value_t::number_unsigned:
+        {
+            val = static_cast<ArithmeticType>(*j.template get_ptr<const typename BasicJsonType::number_unsigned_t*>());
+            break;
+        }
+        case value_t::number_integer:
+        {
+            val = static_cast<ArithmeticType>(*j.template get_ptr<const typename BasicJsonType::number_integer_t*>());
+            break;
+        }
+        case value_t::number_float:
+        {
+            val = static_cast<ArithmeticType>(*j.template get_ptr<const typename BasicJsonType::number_float_t*>());
+            break;
+        }
+        case value_t::boolean:
+        {
+            val = static_cast<ArithmeticType>(*j.template get_ptr<const typename BasicJsonType::boolean_t*>());
+            break;
+        }
+
+        default:
+            JSON_THROW(type_error::create(302, "type must be number, but is " + std::string(j.type_name())));
+    }
+}
+
+template<typename BasicJsonType, typename A1, typename A2>
+void from_json(const BasicJsonType& j, std::pair<A1, A2>& p)
+{
+    p = {j.at(0).template get<A1>(), j.at(1).template get<A2>()};
+}
+
+template<typename BasicJsonType, typename Tuple, std::size_t... Idx>
+void from_json_tuple_impl(const BasicJsonType& j, Tuple& t, index_sequence<Idx...> /*unused*/)
+{
+    t = std::make_tuple(j.at(Idx).template get<typename std::tuple_element<Idx, Tuple>::type>()...);
+}
+
+template<typename BasicJsonType, typename... Args>
+void from_json(const BasicJsonType& j, std::tuple<Args...>& t)
+{
+    from_json_tuple_impl(j, t, index_sequence_for<Args...> {});
+}
+
+template <typename BasicJsonType, typename Key, typename Value, typename Compare, typename Allocator,
+          typename = enable_if_t<not std::is_constructible<
+                                     typename BasicJsonType::string_t, Key>::value>>
+void from_json(const BasicJsonType& j, std::map<Key, Value, Compare, Allocator>& m)
+{
+    if (JSON_UNLIKELY(not j.is_array()))
+    {
+        JSON_THROW(type_error::create(302, "type must be array, but is " + std::string(j.type_name())));
+    }
+    for (const auto& p : j)
+    {
+        if (JSON_UNLIKELY(not p.is_array()))
+        {
+            JSON_THROW(type_error::create(302, "type must be array, but is " + std::string(p.type_name())));
+        }
+        m.emplace(p.at(0).template get<Key>(), p.at(1).template get<Value>());
+    }
+}
+
+template <typename BasicJsonType, typename Key, typename Value, typename Hash, typename KeyEqual, typename Allocator,
+          typename = enable_if_t<not std::is_constructible<
+                                     typename BasicJsonType::string_t, Key>::value>>
+void from_json(const BasicJsonType& j, std::unordered_map<Key, Value, Hash, KeyEqual, Allocator>& m)
+{
+    if (JSON_UNLIKELY(not j.is_array()))
+    {
+        JSON_THROW(type_error::create(302, "type must be array, but is " + std::string(j.type_name())));
+    }
+    for (const auto& p : j)
+    {
+        if (JSON_UNLIKELY(not p.is_array()))
+        {
+            JSON_THROW(type_error::create(302, "type must be array, but is " + std::string(p.type_name())));
+        }
+        m.emplace(p.at(0).template get<Key>(), p.at(1).template get<Value>());
+    }
+}
+
+struct from_json_fn
+{
+    template<typename BasicJsonType, typename T>
+    auto operator()(const BasicJsonType& j, T& val) const
+    noexcept(noexcept(from_json(j, val)))
+    -> decltype(from_json(j, val), void())
+    {
+        return from_json(j, val);
+    }
+};
+}  // namespace detail
+
+/// namespace to hold default `from_json` function
+/// to see why this is required:
+/// http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2015/n4381.html
+namespace
+{
+constexpr const auto& from_json = detail::static_const<detail::from_json_fn>::value;
+} // namespace
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/conversions/to_json.hpp>
+
+
+#include <ciso646> // or, and, not
+#include <iterator> // begin, end
+#include <tuple> // tuple, get
+#include <type_traits> // is_same, is_constructible, is_floating_point, is_enum, underlying_type
+#include <utility> // move, forward, declval, pair
+#include <valarray> // valarray
+#include <vector> // vector
+
+// #include <nlohmann/detail/meta/cpp_future.hpp>
+
+// #include <nlohmann/detail/meta/type_traits.hpp>
+
+// #include <nlohmann/detail/value_t.hpp>
+
+// #include <nlohmann/detail/iterators/iteration_proxy.hpp>
+
+
+#include <cstddef> // size_t
+#include <string> // string, to_string
+#include <iterator> // input_iterator_tag
+#include <tuple> // tuple_size, get, tuple_element
+
+// #include <nlohmann/detail/value_t.hpp>
+
+// #include <nlohmann/detail/meta/type_traits.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+template <typename IteratorType> class iteration_proxy_value
+{
+  public:
+    using difference_type = std::ptrdiff_t;
+    using value_type = iteration_proxy_value;
+    using pointer = value_type * ;
+    using reference = value_type & ;
+    using iterator_category = std::input_iterator_tag;
+
+  private:
+    /// the iterator
+    IteratorType anchor;
+    /// an index for arrays (used to create key names)
+    std::size_t array_index = 0;
+    /// last stringified array index
+    mutable std::size_t array_index_last = 0;
+    /// a string representation of the array index
+    mutable std::string array_index_str = "0";
+    /// an empty string (to return a reference for primitive values)
+    const std::string empty_str = "";
+
+  public:
+    explicit iteration_proxy_value(IteratorType it) noexcept : anchor(it) {}
+
+    /// dereference operator (needed for range-based for)
+    iteration_proxy_value& operator*()
+    {
+        return *this;
+    }
+
+    /// increment operator (needed for range-based for)
+    iteration_proxy_value& operator++()
+    {
+        ++anchor;
+        ++array_index;
+
+        return *this;
+    }
+
+    /// equality operator (needed for InputIterator)
+    bool operator==(const iteration_proxy_value& o) const noexcept
+    {
+        return anchor == o.anchor;
+    }
+
+    /// inequality operator (needed for range-based for)
+    bool operator!=(const iteration_proxy_value& o) const noexcept
+    {
+        return anchor != o.anchor;
+    }
+
+    /// return key of the iterator
+    const std::string& key() const
+    {
+        assert(anchor.m_object != nullptr);
+
+        switch (anchor.m_object->type())
+        {
+            // use integer array index as key
+            case value_t::array:
+            {
+                if (array_index != array_index_last)
+                {
+                    array_index_str = std::to_string(array_index);
+                    array_index_last = array_index;
+                }
+                return array_index_str;
+            }
+
+            // use key from the object
+            case value_t::object:
+                return anchor.key();
+
+            // use an empty key for all primitive types
+            default:
+                return empty_str;
+        }
+    }
+
+    /// return value of the iterator
+    typename IteratorType::reference value() const
+    {
+        return anchor.value();
+    }
+};
+
+/// proxy class for the items() function
+template<typename IteratorType> class iteration_proxy
+{
+  private:
+    /// the container to iterate
+    typename IteratorType::reference container;
+
+  public:
+    /// construct iteration proxy from a container
+    explicit iteration_proxy(typename IteratorType::reference cont) noexcept
+        : container(cont) {}
+
+    /// return iterator begin (needed for range-based for)
+    iteration_proxy_value<IteratorType> begin() noexcept
+    {
+        return iteration_proxy_value<IteratorType>(container.begin());
+    }
+
+    /// return iterator end (needed for range-based for)
+    iteration_proxy_value<IteratorType> end() noexcept
+    {
+        return iteration_proxy_value<IteratorType>(container.end());
+    }
+};
+// Structured Bindings Support
+// For further reference see https://blog.tartanllama.xyz/structured-bindings/
+// And see https://github.com/nlohmann/json/pull/1391
+template <std::size_t N, typename IteratorType, enable_if_t<N == 0, int> = 0>
+auto get(const nlohmann::detail::iteration_proxy_value<IteratorType>& i) -> decltype(i.key())
+{
+    return i.key();
+}
+// Structured Bindings Support
+// For further reference see https://blog.tartanllama.xyz/structured-bindings/
+// And see https://github.com/nlohmann/json/pull/1391
+template <std::size_t N, typename IteratorType, enable_if_t<N == 1, int> = 0>
+auto get(const nlohmann::detail::iteration_proxy_value<IteratorType>& i) -> decltype(i.value())
+{
+    return i.value();
+}
+}  // namespace detail
+}  // namespace nlohmann
+
+// The Addition to the STD Namespace is required to add
+// Structured Bindings Support to the iteration_proxy_value class
+// For further reference see https://blog.tartanllama.xyz/structured-bindings/
+// And see https://github.com/nlohmann/json/pull/1391
+namespace std
+{
+template <typename IteratorType>
+class tuple_size<::nlohmann::detail::iteration_proxy_value<IteratorType>>
+            : public std::integral_constant<std::size_t, 2> {};
+
+template <std::size_t N, typename IteratorType>
+class tuple_element<N, ::nlohmann::detail::iteration_proxy_value<IteratorType >>
+{
+  public:
+    using type = decltype(
+                     get<N>(std::declval <
+                            ::nlohmann::detail::iteration_proxy_value<IteratorType >> ()));
+};
+}
+
+namespace nlohmann
+{
+namespace detail
+{
+//////////////////
+// constructors //
+//////////////////
+
+template<value_t> struct external_constructor;
+
+template<>
+struct external_constructor<value_t::boolean>
+{
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, typename BasicJsonType::boolean_t b) noexcept
+    {
+        j.m_type = value_t::boolean;
+        j.m_value = b;
+        j.assert_invariant();
+    }
+};
+
+template<>
+struct external_constructor<value_t::string>
+{
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, const typename BasicJsonType::string_t& s)
+    {
+        j.m_type = value_t::string;
+        j.m_value = s;
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, typename BasicJsonType::string_t&& s)
+    {
+        j.m_type = value_t::string;
+        j.m_value = std::move(s);
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType, typename CompatibleStringType,
+             enable_if_t<not std::is_same<CompatibleStringType, typename BasicJsonType::string_t>::value,
+                         int> = 0>
+    static void construct(BasicJsonType& j, const CompatibleStringType& str)
+    {
+        j.m_type = value_t::string;
+        j.m_value.string = j.template create<typename BasicJsonType::string_t>(str);
+        j.assert_invariant();
+    }
+};
+
+template<>
+struct external_constructor<value_t::number_float>
+{
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, typename BasicJsonType::number_float_t val) noexcept
+    {
+        j.m_type = value_t::number_float;
+        j.m_value = val;
+        j.assert_invariant();
+    }
+};
+
+template<>
+struct external_constructor<value_t::number_unsigned>
+{
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, typename BasicJsonType::number_unsigned_t val) noexcept
+    {
+        j.m_type = value_t::number_unsigned;
+        j.m_value = val;
+        j.assert_invariant();
+    }
+};
+
+template<>
+struct external_constructor<value_t::number_integer>
+{
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, typename BasicJsonType::number_integer_t val) noexcept
+    {
+        j.m_type = value_t::number_integer;
+        j.m_value = val;
+        j.assert_invariant();
+    }
+};
+
+template<>
+struct external_constructor<value_t::array>
+{
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, const typename BasicJsonType::array_t& arr)
+    {
+        j.m_type = value_t::array;
+        j.m_value = arr;
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, typename BasicJsonType::array_t&& arr)
+    {
+        j.m_type = value_t::array;
+        j.m_value = std::move(arr);
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType, typename CompatibleArrayType,
+             enable_if_t<not std::is_same<CompatibleArrayType, typename BasicJsonType::array_t>::value,
+                         int> = 0>
+    static void construct(BasicJsonType& j, const CompatibleArrayType& arr)
+    {
+        using std::begin;
+        using std::end;
+        j.m_type = value_t::array;
+        j.m_value.array = j.template create<typename BasicJsonType::array_t>(begin(arr), end(arr));
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, const std::vector<bool>& arr)
+    {
+        j.m_type = value_t::array;
+        j.m_value = value_t::array;
+        j.m_value.array->reserve(arr.size());
+        for (const bool x : arr)
+        {
+            j.m_value.array->push_back(x);
+        }
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType, typename T,
+             enable_if_t<std::is_convertible<T, BasicJsonType>::value, int> = 0>
+    static void construct(BasicJsonType& j, const std::valarray<T>& arr)
+    {
+        j.m_type = value_t::array;
+        j.m_value = value_t::array;
+        j.m_value.array->resize(arr.size());
+        std::copy(std::begin(arr), std::end(arr), j.m_value.array->begin());
+        j.assert_invariant();
+    }
+};
+
+template<>
+struct external_constructor<value_t::object>
+{
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, const typename BasicJsonType::object_t& obj)
+    {
+        j.m_type = value_t::object;
+        j.m_value = obj;
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType>
+    static void construct(BasicJsonType& j, typename BasicJsonType::object_t&& obj)
+    {
+        j.m_type = value_t::object;
+        j.m_value = std::move(obj);
+        j.assert_invariant();
+    }
+
+    template<typename BasicJsonType, typename CompatibleObjectType,
+             enable_if_t<not std::is_same<CompatibleObjectType, typename BasicJsonType::object_t>::value, int> = 0>
+    static void construct(BasicJsonType& j, const CompatibleObjectType& obj)
+    {
+        using std::begin;
+        using std::end;
+
+        j.m_type = value_t::object;
+        j.m_value.object = j.template create<typename BasicJsonType::object_t>(begin(obj), end(obj));
+        j.assert_invariant();
+    }
+};
+
+/////////////
+// to_json //
+/////////////
+
+template<typename BasicJsonType, typename T,
+         enable_if_t<std::is_same<T, typename BasicJsonType::boolean_t>::value, int> = 0>
+void to_json(BasicJsonType& j, T b) noexcept
+{
+    external_constructor<value_t::boolean>::construct(j, b);
+}
+
+template<typename BasicJsonType, typename CompatibleString,
+         enable_if_t<std::is_constructible<typename BasicJsonType::string_t, CompatibleString>::value, int> = 0>
+void to_json(BasicJsonType& j, const CompatibleString& s)
+{
+    external_constructor<value_t::string>::construct(j, s);
+}
+
+template<typename BasicJsonType>
+void to_json(BasicJsonType& j, typename BasicJsonType::string_t&& s)
+{
+    external_constructor<value_t::string>::construct(j, std::move(s));
+}
+
+template<typename BasicJsonType, typename FloatType,
+         enable_if_t<std::is_floating_point<FloatType>::value, int> = 0>
+void to_json(BasicJsonType& j, FloatType val) noexcept
+{
+    external_constructor<value_t::number_float>::construct(j, static_cast<typename BasicJsonType::number_float_t>(val));
+}
+
+template<typename BasicJsonType, typename CompatibleNumberUnsignedType,
+         enable_if_t<is_compatible_integer_type<typename BasicJsonType::number_unsigned_t, CompatibleNumberUnsignedType>::value, int> = 0>
+void to_json(BasicJsonType& j, CompatibleNumberUnsignedType val) noexcept
+{
+    external_constructor<value_t::number_unsigned>::construct(j, static_cast<typename BasicJsonType::number_unsigned_t>(val));
+}
+
+template<typename BasicJsonType, typename CompatibleNumberIntegerType,
+         enable_if_t<is_compatible_integer_type<typename BasicJsonType::number_integer_t, CompatibleNumberIntegerType>::value, int> = 0>
+void to_json(BasicJsonType& j, CompatibleNumberIntegerType val) noexcept
+{
+    external_constructor<value_t::number_integer>::construct(j, static_cast<typename BasicJsonType::number_integer_t>(val));
+}
+
+template<typename BasicJsonType, typename EnumType,
+         enable_if_t<std::is_enum<EnumType>::value, int> = 0>
+void to_json(BasicJsonType& j, EnumType e) noexcept
+{
+    using underlying_type = typename std::underlying_type<EnumType>::type;
+    external_constructor<value_t::number_integer>::construct(j, static_cast<underlying_type>(e));
+}
+
+template<typename BasicJsonType>
+void to_json(BasicJsonType& j, const std::vector<bool>& e)
+{
+    external_constructor<value_t::array>::construct(j, e);
+}
+
+template <typename BasicJsonType, typename CompatibleArrayType,
+          enable_if_t<is_compatible_array_type<BasicJsonType,
+                      CompatibleArrayType>::value and
+                      not is_compatible_object_type<
+                          BasicJsonType, CompatibleArrayType>::value and
+                      not is_compatible_string_type<BasicJsonType, CompatibleArrayType>::value and
+                      not is_basic_json<CompatibleArrayType>::value,
+                      int> = 0>
+void to_json(BasicJsonType& j, const CompatibleArrayType& arr)
+{
+    external_constructor<value_t::array>::construct(j, arr);
+}
+
+template<typename BasicJsonType, typename T,
+         enable_if_t<std::is_convertible<T, BasicJsonType>::value, int> = 0>
+void to_json(BasicJsonType& j, const std::valarray<T>& arr)
+{
+    external_constructor<value_t::array>::construct(j, std::move(arr));
+}
+
+template<typename BasicJsonType>
+void to_json(BasicJsonType& j, typename BasicJsonType::array_t&& arr)
+{
+    external_constructor<value_t::array>::construct(j, std::move(arr));
+}
+
+template<typename BasicJsonType, typename CompatibleObjectType,
+         enable_if_t<is_compatible_object_type<BasicJsonType, CompatibleObjectType>::value and not is_basic_json<CompatibleObjectType>::value, int> = 0>
+void to_json(BasicJsonType& j, const CompatibleObjectType& obj)
+{
+    external_constructor<value_t::object>::construct(j, obj);
+}
+
+template<typename BasicJsonType>
+void to_json(BasicJsonType& j, typename BasicJsonType::object_t&& obj)
+{
+    external_constructor<value_t::object>::construct(j, std::move(obj));
+}
+
+template <
+    typename BasicJsonType, typename T, std::size_t N,
+    enable_if_t<not std::is_constructible<typename BasicJsonType::string_t,
+                const T(&)[N]>::value,
+                int> = 0 >
+void to_json(BasicJsonType& j, const T(&arr)[N])
+{
+    external_constructor<value_t::array>::construct(j, arr);
+}
+
+template<typename BasicJsonType, typename... Args>
+void to_json(BasicJsonType& j, const std::pair<Args...>& p)
+{
+    j = { p.first, p.second };
+}
+
+// for https://github.com/nlohmann/json/pull/1134
+template < typename BasicJsonType, typename T,
+           enable_if_t<std::is_same<T, iteration_proxy_value<typename BasicJsonType::iterator>>::value, int> = 0>
+void to_json(BasicJsonType& j, const T& b)
+{
+    j = { {b.key(), b.value()} };
+}
+
+template<typename BasicJsonType, typename Tuple, std::size_t... Idx>
+void to_json_tuple_impl(BasicJsonType& j, const Tuple& t, index_sequence<Idx...> /*unused*/)
+{
+    j = { std::get<Idx>(t)... };
+}
+
+template<typename BasicJsonType, typename... Args>
+void to_json(BasicJsonType& j, const std::tuple<Args...>& t)
+{
+    to_json_tuple_impl(j, t, index_sequence_for<Args...> {});
+}
+
+struct to_json_fn
+{
+    template<typename BasicJsonType, typename T>
+    auto operator()(BasicJsonType& j, T&& val) const noexcept(noexcept(to_json(j, std::forward<T>(val))))
+    -> decltype(to_json(j, std::forward<T>(val)), void())
+    {
+        return to_json(j, std::forward<T>(val));
+    }
+};
+}  // namespace detail
+
+/// namespace to hold default `to_json` function
+namespace
+{
+constexpr const auto& to_json = detail::static_const<detail::to_json_fn>::value;
+} // namespace
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/input/input_adapters.hpp>
+
+
+#include <cassert> // assert
+#include <cstddef> // size_t
+#include <cstring> // strlen
+#include <istream> // istream
+#include <iterator> // begin, end, iterator_traits, random_access_iterator_tag, distance, next
+#include <memory> // shared_ptr, make_shared, addressof
+#include <numeric> // accumulate
+#include <string> // string, char_traits
+#include <type_traits> // enable_if, is_base_of, is_pointer, is_integral, remove_pointer
+#include <utility> // pair, declval
+#include <cstdio> //FILE *
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+/// the supported input formats
+enum class input_format_t { json, cbor, msgpack, ubjson, bson };
+
+////////////////////
+// input adapters //
+////////////////////
+
+/*!
+@brief abstract input adapter interface
+
+Produces a stream of std::char_traits<char>::int_type characters from a
+std::istream, a buffer, or some other input type. Accepts the return of
+exactly one non-EOF character for future input. The int_type characters
+returned consist of all valid char values as positive values (typically
+unsigned char), plus an EOF value outside that range, specified by the value
+of the function std::char_traits<char>::eof(). This value is typically -1, but
+could be any arbitrary value which is not a valid char value.
+*/
+struct input_adapter_protocol
+{
+    /// get a character [0,255] or std::char_traits<char>::eof().
+    virtual std::char_traits<char>::int_type get_character() = 0;
+    virtual ~input_adapter_protocol() = default;
+};
+
+/// a type to simplify interfaces
+using input_adapter_t = std::shared_ptr<input_adapter_protocol>;
+
+/*!
+Input adapter for stdio file access. This adapter read only 1 byte and do not use any
+ buffer. This adapter is a very low level adapter.
+*/
+class file_input_adapter : public input_adapter_protocol
+{
+  public:
+    explicit file_input_adapter(std::FILE* f)  noexcept
+        : m_file(f)
+    {}
+
+    std::char_traits<char>::int_type get_character() noexcept override
+    {
+        return std::fgetc(m_file);
+    }
+  private:
+    /// the file pointer to read from
+    std::FILE* m_file;
+};
+
+
+/*!
+Input adapter for a (caching) istream. Ignores a UFT Byte Order Mark at
+beginning of input. Does not support changing the underlying std::streambuf
+in mid-input. Maintains underlying std::istream and std::streambuf to support
+subsequent use of standard std::istream operations to process any input
+characters following those used in parsing the JSON input.  Clears the
+std::istream flags; any input errors (e.g., EOF) will be detected by the first
+subsequent call for input from the std::istream.
+*/
+class input_stream_adapter : public input_adapter_protocol
+{
+  public:
+    ~input_stream_adapter() override
+    {
+        // clear stream flags; we use underlying streambuf I/O, do not
+        // maintain ifstream flags, except eof
+        is.clear(is.rdstate() & std::ios::eofbit);
+    }
+
+    explicit input_stream_adapter(std::istream& i)
+        : is(i), sb(*i.rdbuf())
+    {}
+
+    // delete because of pointer members
+    input_stream_adapter(const input_stream_adapter&) = delete;
+    input_stream_adapter& operator=(input_stream_adapter&) = delete;
+    input_stream_adapter(input_stream_adapter&&) = delete;
+    input_stream_adapter& operator=(input_stream_adapter&&) = delete;
+
+    // std::istream/std::streambuf use std::char_traits<char>::to_int_type, to
+    // ensure that std::char_traits<char>::eof() and the character 0xFF do not
+    // end up as the same value, eg. 0xFFFFFFFF.
+    std::char_traits<char>::int_type get_character() override
+    {
+        auto res = sb.sbumpc();
+        // set eof manually, as we don't use the istream interface.
+        if (res == EOF)
+        {
+            is.clear(is.rdstate() | std::ios::eofbit);
+        }
+        return res;
+    }
+
+  private:
+    /// the associated input stream
+    std::istream& is;
+    std::streambuf& sb;
+};
+
+/// input adapter for buffer input
+class input_buffer_adapter : public input_adapter_protocol
+{
+  public:
+    input_buffer_adapter(const char* b, const std::size_t l) noexcept
+        : cursor(b), limit(b + l)
+    {}
+
+    // delete because of pointer members
+    input_buffer_adapter(const input_buffer_adapter&) = delete;
+    input_buffer_adapter& operator=(input_buffer_adapter&) = delete;
+    input_buffer_adapter(input_buffer_adapter&&) = delete;
+    input_buffer_adapter& operator=(input_buffer_adapter&&) = delete;
+    ~input_buffer_adapter() override = default;
+
+    std::char_traits<char>::int_type get_character() noexcept override
+    {
+        if (JSON_LIKELY(cursor < limit))
+        {
+            return std::char_traits<char>::to_int_type(*(cursor++));
+        }
+
+        return std::char_traits<char>::eof();
+    }
+
+  private:
+    /// pointer to the current character
+    const char* cursor;
+    /// pointer past the last character
+    const char* const limit;
+};
+
+template<typename WideStringType, size_t T>
+struct wide_string_input_helper
+{
+    // UTF-32
+    static void fill_buffer(const WideStringType& str, size_t& current_wchar, std::array<std::char_traits<char>::int_type, 4>& utf8_bytes, size_t& utf8_bytes_index, size_t& utf8_bytes_filled)
+    {
+        utf8_bytes_index = 0;
+
+        if (current_wchar == str.size())
+        {
+            utf8_bytes[0] = std::char_traits<char>::eof();
+            utf8_bytes_filled = 1;
+        }
+        else
+        {
+            // get the current character
+            const auto wc = static_cast<int>(str[current_wchar++]);
+
+            // UTF-32 to UTF-8 encoding
+            if (wc < 0x80)
+            {
+                utf8_bytes[0] = wc;
+                utf8_bytes_filled = 1;
+            }
+            else if (wc <= 0x7FF)
+            {
+                utf8_bytes[0] = 0xC0 | ((wc >> 6) & 0x1F);
+                utf8_bytes[1] = 0x80 | (wc & 0x3F);
+                utf8_bytes_filled = 2;
+            }
+            else if (wc <= 0xFFFF)
+            {
+                utf8_bytes[0] = 0xE0 | ((wc >> 12) & 0x0F);
+                utf8_bytes[1] = 0x80 | ((wc >> 6) & 0x3F);
+                utf8_bytes[2] = 0x80 | (wc & 0x3F);
+                utf8_bytes_filled = 3;
+            }
+            else if (wc <= 0x10FFFF)
+            {
+                utf8_bytes[0] = 0xF0 | ((wc >> 18) & 0x07);
+                utf8_bytes[1] = 0x80 | ((wc >> 12) & 0x3F);
+                utf8_bytes[2] = 0x80 | ((wc >> 6) & 0x3F);
+                utf8_bytes[3] = 0x80 | (wc & 0x3F);
+                utf8_bytes_filled = 4;
+            }
+            else
+            {
+                // unknown character
+                utf8_bytes[0] = wc;
+                utf8_bytes_filled = 1;
+            }
+        }
+    }
+};
+
+template<typename WideStringType>
+struct wide_string_input_helper<WideStringType, 2>
+{
+    // UTF-16
+    static void fill_buffer(const WideStringType& str, size_t& current_wchar, std::array<std::char_traits<char>::int_type, 4>& utf8_bytes, size_t& utf8_bytes_index, size_t& utf8_bytes_filled)
+    {
+        utf8_bytes_index = 0;
+
+        if (current_wchar == str.size())
+        {
+            utf8_bytes[0] = std::char_traits<char>::eof();
+            utf8_bytes_filled = 1;
+        }
+        else
+        {
+            // get the current character
+            const auto wc = static_cast<int>(str[current_wchar++]);
+
+            // UTF-16 to UTF-8 encoding
+            if (wc < 0x80)
+            {
+                utf8_bytes[0] = wc;
+                utf8_bytes_filled = 1;
+            }
+            else if (wc <= 0x7FF)
+            {
+                utf8_bytes[0] = 0xC0 | ((wc >> 6));
+                utf8_bytes[1] = 0x80 | (wc & 0x3F);
+                utf8_bytes_filled = 2;
+            }
+            else if (0xD800 > wc or wc >= 0xE000)
+            {
+                utf8_bytes[0] = 0xE0 | ((wc >> 12));
+                utf8_bytes[1] = 0x80 | ((wc >> 6) & 0x3F);
+                utf8_bytes[2] = 0x80 | (wc & 0x3F);
+                utf8_bytes_filled = 3;
+            }
+            else
+            {
+                if (current_wchar < str.size())
+                {
+                    const auto wc2 = static_cast<int>(str[current_wchar++]);
+                    const int charcode = 0x10000 + (((wc & 0x3FF) << 10) | (wc2 & 0x3FF));
+                    utf8_bytes[0] = 0xf0 | (charcode >> 18);
+                    utf8_bytes[1] = 0x80 | ((charcode >> 12) & 0x3F);
+                    utf8_bytes[2] = 0x80 | ((charcode >> 6) & 0x3F);
+                    utf8_bytes[3] = 0x80 | (charcode & 0x3F);
+                    utf8_bytes_filled = 4;
+                }
+                else
+                {
+                    // unknown character
+                    ++current_wchar;
+                    utf8_bytes[0] = wc;
+                    utf8_bytes_filled = 1;
+                }
+            }
+        }
+    }
+};
+
+template<typename WideStringType>
+class wide_string_input_adapter : public input_adapter_protocol
+{
+  public:
+    explicit wide_string_input_adapter(const WideStringType& w)  noexcept
+        : str(w)
+    {}
+
+    std::char_traits<char>::int_type get_character() noexcept override
+    {
+        // check if buffer needs to be filled
+        if (utf8_bytes_index == utf8_bytes_filled)
+        {
+            fill_buffer<sizeof(typename WideStringType::value_type)>();
+
+            assert(utf8_bytes_filled > 0);
+            assert(utf8_bytes_index == 0);
+        }
+
+        // use buffer
+        assert(utf8_bytes_filled > 0);
+        assert(utf8_bytes_index < utf8_bytes_filled);
+        return utf8_bytes[utf8_bytes_index++];
+    }
+
+  private:
+    template<size_t T>
+    void fill_buffer()
+    {
+        wide_string_input_helper<WideStringType, T>::fill_buffer(str, current_wchar, utf8_bytes, utf8_bytes_index, utf8_bytes_filled);
+    }
+
+    /// the wstring to process
+    const WideStringType& str;
+
+    /// index of the current wchar in str
+    std::size_t current_wchar = 0;
+
+    /// a buffer for UTF-8 bytes
+    std::array<std::char_traits<char>::int_type, 4> utf8_bytes = {{0, 0, 0, 0}};
+
+    /// index to the utf8_codes array for the next valid byte
+    std::size_t utf8_bytes_index = 0;
+    /// number of valid bytes in the utf8_codes array
+    std::size_t utf8_bytes_filled = 0;
+};
+
+class input_adapter
+{
+  public:
+    // native support
+    input_adapter(std::FILE* file)
+        : ia(std::make_shared<file_input_adapter>(file)) {}
+    /// input adapter for input stream
+    input_adapter(std::istream& i)
+        : ia(std::make_shared<input_stream_adapter>(i)) {}
+
+    /// input adapter for input stream
+    input_adapter(std::istream&& i)
+        : ia(std::make_shared<input_stream_adapter>(i)) {}
+
+    input_adapter(const std::wstring& ws)
+        : ia(std::make_shared<wide_string_input_adapter<std::wstring>>(ws)) {}
+
+    input_adapter(const std::u16string& ws)
+        : ia(std::make_shared<wide_string_input_adapter<std::u16string>>(ws)) {}
+
+    input_adapter(const std::u32string& ws)
+        : ia(std::make_shared<wide_string_input_adapter<std::u32string>>(ws)) {}
+
+    /// input adapter for buffer
+    template<typename CharT,
+             typename std::enable_if<
+                 std::is_pointer<CharT>::value and
+                 std::is_integral<typename std::remove_pointer<CharT>::type>::value and
+                 sizeof(typename std::remove_pointer<CharT>::type) == 1,
+                 int>::type = 0>
+    input_adapter(CharT b, std::size_t l)
+        : ia(std::make_shared<input_buffer_adapter>(reinterpret_cast<const char*>(b), l)) {}
+
+    // derived support
+
+    /// input adapter for string literal
+    template<typename CharT,
+             typename std::enable_if<
+                 std::is_pointer<CharT>::value and
+                 std::is_integral<typename std::remove_pointer<CharT>::type>::value and
+                 sizeof(typename std::remove_pointer<CharT>::type) == 1,
+                 int>::type = 0>
+    input_adapter(CharT b)
+        : input_adapter(reinterpret_cast<const char*>(b),
+                        std::strlen(reinterpret_cast<const char*>(b))) {}
+
+    /// input adapter for iterator range with contiguous storage
+    template<class IteratorType,
+             typename std::enable_if<
+                 std::is_same<typename iterator_traits<IteratorType>::iterator_category, std::random_access_iterator_tag>::value,
+                 int>::type = 0>
+    input_adapter(IteratorType first, IteratorType last)
+    {
+#ifndef NDEBUG
+        // assertion to check that the iterator range is indeed contiguous,
+        // see http://stackoverflow.com/a/35008842/266378 for more discussion
+        const auto is_contiguous = std::accumulate(
+                                       first, last, std::pair<bool, int>(true, 0),
+                                       [&first](std::pair<bool, int> res, decltype(*first) val)
+        {
+            res.first &= (val == *(std::next(std::addressof(*first), res.second++)));
+            return res;
+        }).first;
+        assert(is_contiguous);
+#endif
+
+        // assertion to check that each element is 1 byte long
+        static_assert(
+            sizeof(typename iterator_traits<IteratorType>::value_type) == 1,
+            "each element in the iterator range must have the size of 1 byte");
+
+        const auto len = static_cast<size_t>(std::distance(first, last));
+        if (JSON_LIKELY(len > 0))
+        {
+            // there is at least one element: use the address of first
+            ia = std::make_shared<input_buffer_adapter>(reinterpret_cast<const char*>(&(*first)), len);
+        }
+        else
+        {
+            // the address of first cannot be used: use nullptr
+            ia = std::make_shared<input_buffer_adapter>(nullptr, len);
+        }
+    }
+
+    /// input adapter for array
+    template<class T, std::size_t N>
+    input_adapter(T (&array)[N])
+        : input_adapter(std::begin(array), std::end(array)) {}
+
+    /// input adapter for contiguous container
+    template<class ContiguousContainer, typename
+             std::enable_if<not std::is_pointer<ContiguousContainer>::value and
+                            std::is_base_of<std::random_access_iterator_tag, typename iterator_traits<decltype(std::begin(std::declval<ContiguousContainer const>()))>::iterator_category>::value,
+                            int>::type = 0>
+    input_adapter(const ContiguousContainer& c)
+        : input_adapter(std::begin(c), std::end(c)) {}
+
+    operator input_adapter_t()
+    {
+        return ia;
+    }
+
+  private:
+    /// the actual adapter
+    input_adapter_t ia = nullptr;
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/input/lexer.hpp>
+
+
+#include <clocale> // localeconv
+#include <cstddef> // size_t
+#include <cstdlib> // strtof, strtod, strtold, strtoll, strtoull
+#include <cstdio> // snprintf
+#include <initializer_list> // initializer_list
+#include <string> // char_traits, string
+#include <vector> // vector
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+// #include <nlohmann/detail/input/input_adapters.hpp>
+
+// #include <nlohmann/detail/input/position_t.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+///////////
+// lexer //
+///////////
+
+/*!
+@brief lexical analysis
+
+This class organizes the lexical analysis during JSON deserialization.
+*/
+template<typename BasicJsonType>
+class lexer
+{
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+
+  public:
+    /// token types for the parser
+    enum class token_type
+    {
+        uninitialized,    ///< indicating the scanner is uninitialized
+        literal_true,     ///< the `true` literal
+        literal_false,    ///< the `false` literal
+        literal_null,     ///< the `null` literal
+        value_string,     ///< a string -- use get_string() for actual value
+        value_unsigned,   ///< an unsigned integer -- use get_number_unsigned() for actual value
+        value_integer,    ///< a signed integer -- use get_number_integer() for actual value
+        value_float,      ///< an floating point number -- use get_number_float() for actual value
+        begin_array,      ///< the character for array begin `[`
+        begin_object,     ///< the character for object begin `{`
+        end_array,        ///< the character for array end `]`
+        end_object,       ///< the character for object end `}`
+        name_separator,   ///< the name separator `:`
+        value_separator,  ///< the value separator `,`
+        parse_error,      ///< indicating a parse error
+        end_of_input,     ///< indicating the end of the input buffer
+        literal_or_value  ///< a literal or the begin of a value (only for diagnostics)
+    };
+
+    /// return name of values of type token_type (only used for errors)
+    static const char* token_type_name(const token_type t) noexcept
+    {
+        switch (t)
+        {
+            case token_type::uninitialized:
+                return "<uninitialized>";
+            case token_type::literal_true:
+                return "true literal";
+            case token_type::literal_false:
+                return "false literal";
+            case token_type::literal_null:
+                return "null literal";
+            case token_type::value_string:
+                return "string literal";
+            case lexer::token_type::value_unsigned:
+            case lexer::token_type::value_integer:
+            case lexer::token_type::value_float:
+                return "number literal";
+            case token_type::begin_array:
+                return "'['";
+            case token_type::begin_object:
+                return "'{'";
+            case token_type::end_array:
+                return "']'";
+            case token_type::end_object:
+                return "'}'";
+            case token_type::name_separator:
+                return "':'";
+            case token_type::value_separator:
+                return "','";
+            case token_type::parse_error:
+                return "<parse error>";
+            case token_type::end_of_input:
+                return "end of input";
+            case token_type::literal_or_value:
+                return "'[', '{', or a literal";
+            // LCOV_EXCL_START
+            default: // catch non-enum values
+                return "unknown token";
+                // LCOV_EXCL_STOP
+        }
+    }
+
+    explicit lexer(detail::input_adapter_t&& adapter)
+        : ia(std::move(adapter)), decimal_point_char(get_decimal_point()) {}
+
+    // delete because of pointer members
+    lexer(const lexer&) = delete;
+    lexer(lexer&&) = delete;
+    lexer& operator=(lexer&) = delete;
+    lexer& operator=(lexer&&) = delete;
+    ~lexer() = default;
+
+  private:
+    /////////////////////
+    // locales
+    /////////////////////
+
+    /// return the locale-dependent decimal point
+    static char get_decimal_point() noexcept
+    {
+        const auto loc = localeconv();
+        assert(loc != nullptr);
+        return (loc->decimal_point == nullptr) ? '.' : *(loc->decimal_point);
+    }
+
+    /////////////////////
+    // scan functions
+    /////////////////////
+
+    /*!
+    @brief get codepoint from 4 hex characters following `\u`
+
+    For input "\u c1 c2 c3 c4" the codepoint is:
+      (c1 * 0x1000) + (c2 * 0x0100) + (c3 * 0x0010) + c4
+    = (c1 << 12) + (c2 << 8) + (c3 << 4) + (c4 << 0)
+
+    Furthermore, the possible characters '0'..'9', 'A'..'F', and 'a'..'f'
+    must be converted to the integers 0x0..0x9, 0xA..0xF, 0xA..0xF, resp. The
+    conversion is done by subtracting the offset (0x30, 0x37, and 0x57)
+    between the ASCII value of the character and the desired integer value.
+
+    @return codepoint (0x0000..0xFFFF) or -1 in case of an error (e.g. EOF or
+            non-hex character)
+    */
+    int get_codepoint()
+    {
+        // this function only makes sense after reading `\u`
+        assert(current == 'u');
+        int codepoint = 0;
+
+        const auto factors = { 12, 8, 4, 0 };
+        for (const auto factor : factors)
+        {
+            get();
+
+            if (current >= '0' and current <= '9')
+            {
+                codepoint += ((current - 0x30) << factor);
+            }
+            else if (current >= 'A' and current <= 'F')
+            {
+                codepoint += ((current - 0x37) << factor);
+            }
+            else if (current >= 'a' and current <= 'f')
+            {
+                codepoint += ((current - 0x57) << factor);
+            }
+            else
+            {
+                return -1;
+            }
+        }
+
+        assert(0x0000 <= codepoint and codepoint <= 0xFFFF);
+        return codepoint;
+    }
+
+    /*!
+    @brief check if the next byte(s) are inside a given range
+
+    Adds the current byte and, for each passed range, reads a new byte and
+    checks if it is inside the range. If a violation was detected, set up an
+    error message and return false. Otherwise, return true.
+
+    @param[in] ranges  list of integers; interpreted as list of pairs of
+                       inclusive lower and upper bound, respectively
+
+    @pre The passed list @a ranges must have 2, 4, or 6 elements; that is,
+         1, 2, or 3 pairs. This precondition is enforced by an assertion.
+
+    @return true if and only if no range violation was detected
+    */
+    bool next_byte_in_range(std::initializer_list<int> ranges)
+    {
+        assert(ranges.size() == 2 or ranges.size() == 4 or ranges.size() == 6);
+        add(current);
+
+        for (auto range = ranges.begin(); range != ranges.end(); ++range)
+        {
+            get();
+            if (JSON_LIKELY(*range <= current and current <= *(++range)))
+            {
+                add(current);
+            }
+            else
+            {
+                error_message = "invalid string: ill-formed UTF-8 byte";
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /*!
+    @brief scan a string literal
+
+    This function scans a string according to Sect. 7 of RFC 7159. While
+    scanning, bytes are escaped and copied into buffer token_buffer. Then the
+    function returns successfully, token_buffer is *not* null-terminated (as it
+    may contain \0 bytes), and token_buffer.size() is the number of bytes in the
+    string.
+
+    @return token_type::value_string if string could be successfully scanned,
+            token_type::parse_error otherwise
+
+    @note In case of errors, variable error_message contains a textual
+          description.
+    */
+    token_type scan_string()
+    {
+        // reset token_buffer (ignore opening quote)
+        reset();
+
+        // we entered the function by reading an open quote
+        assert(current == '\"');
+
+        while (true)
+        {
+            // get next character
+            switch (get())
+            {
+                // end of file while parsing string
+                case std::char_traits<char>::eof():
+                {
+                    error_message = "invalid string: missing closing quote";
+                    return token_type::parse_error;
+                }
+
+                // closing quote
+                case '\"':
+                {
+                    return token_type::value_string;
+                }
+
+                // escapes
+                case '\\':
+                {
+                    switch (get())
+                    {
+                        // quotation mark
+                        case '\"':
+                            add('\"');
+                            break;
+                        // reverse solidus
+                        case '\\':
+                            add('\\');
+                            break;
+                        // solidus
+                        case '/':
+                            add('/');
+                            break;
+                        // backspace
+                        case 'b':
+                            add('\b');
+                            break;
+                        // form feed
+                        case 'f':
+                            add('\f');
+                            break;
+                        // line feed
+                        case 'n':
+                            add('\n');
+                            break;
+                        // carriage return
+                        case 'r':
+                            add('\r');
+                            break;
+                        // tab
+                        case 't':
+                            add('\t');
+                            break;
+
+                        // unicode escapes
+                        case 'u':
+                        {
+                            const int codepoint1 = get_codepoint();
+                            int codepoint = codepoint1; // start with codepoint1
+
+                            if (JSON_UNLIKELY(codepoint1 == -1))
+                            {
+                                error_message = "invalid string: '\\u' must be followed by 4 hex digits";
+                                return token_type::parse_error;
+                            }
+
+                            // check if code point is a high surrogate
+                            if (0xD800 <= codepoint1 and codepoint1 <= 0xDBFF)
+                            {
+                                // expect next \uxxxx entry
+                                if (JSON_LIKELY(get() == '\\' and get() == 'u'))
+                                {
+                                    const int codepoint2 = get_codepoint();
+
+                                    if (JSON_UNLIKELY(codepoint2 == -1))
+                                    {
+                                        error_message = "invalid string: '\\u' must be followed by 4 hex digits";
+                                        return token_type::parse_error;
+                                    }
+
+                                    // check if codepoint2 is a low surrogate
+                                    if (JSON_LIKELY(0xDC00 <= codepoint2 and codepoint2 <= 0xDFFF))
+                                    {
+                                        // overwrite codepoint
+                                        codepoint =
+                                            // high surrogate occupies the most significant 22 bits
+                                            (codepoint1 << 10)
+                                            // low surrogate occupies the least significant 15 bits
+                                            + codepoint2
+                                            // there is still the 0xD800, 0xDC00 and 0x10000 noise
+                                            // in the result so we have to subtract with:
+                                            // (0xD800 << 10) + DC00 - 0x10000 = 0x35FDC00
+                                            - 0x35FDC00;
+                                    }
+                                    else
+                                    {
+                                        error_message = "invalid string: surrogate U+DC00..U+DFFF must be followed by U+DC00..U+DFFF";
+                                        return token_type::parse_error;
+                                    }
+                                }
+                                else
+                                {
+                                    error_message = "invalid string: surrogate U+DC00..U+DFFF must be followed by U+DC00..U+DFFF";
+                                    return token_type::parse_error;
+                                }
+                            }
+                            else
+                            {
+                                if (JSON_UNLIKELY(0xDC00 <= codepoint1 and codepoint1 <= 0xDFFF))
+                                {
+                                    error_message = "invalid string: surrogate U+DC00..U+DFFF must follow U+D800..U+DBFF";
+                                    return token_type::parse_error;
+                                }
+                            }
+
+                            // result of the above calculation yields a proper codepoint
+                            assert(0x00 <= codepoint and codepoint <= 0x10FFFF);
+
+                            // translate codepoint into bytes
+                            if (codepoint < 0x80)
+                            {
+                                // 1-byte characters: 0xxxxxxx (ASCII)
+                                add(codepoint);
+                            }
+                            else if (codepoint <= 0x7FF)
+                            {
+                                // 2-byte characters: 110xxxxx 10xxxxxx
+                                add(0xC0 | (codepoint >> 6));
+                                add(0x80 | (codepoint & 0x3F));
+                            }
+                            else if (codepoint <= 0xFFFF)
+                            {
+                                // 3-byte characters: 1110xxxx 10xxxxxx 10xxxxxx
+                                add(0xE0 | (codepoint >> 12));
+                                add(0x80 | ((codepoint >> 6) & 0x3F));
+                                add(0x80 | (codepoint & 0x3F));
+                            }
+                            else
+                            {
+                                // 4-byte characters: 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+                                add(0xF0 | (codepoint >> 18));
+                                add(0x80 | ((codepoint >> 12) & 0x3F));
+                                add(0x80 | ((codepoint >> 6) & 0x3F));
+                                add(0x80 | (codepoint & 0x3F));
+                            }
+
+                            break;
+                        }
+
+                        // other characters after escape
+                        default:
+                            error_message = "invalid string: forbidden character after backslash";
+                            return token_type::parse_error;
+                    }
+
+                    break;
+                }
+
+                // invalid control characters
+                case 0x00:
+                {
+                    error_message = "invalid string: control character U+0000 (NUL) must be escaped to \\u0000";
+                    return token_type::parse_error;
+                }
+
+                case 0x01:
+                {
+                    error_message = "invalid string: control character U+0001 (SOH) must be escaped to \\u0001";
+                    return token_type::parse_error;
+                }
+
+                case 0x02:
+                {
+                    error_message = "invalid string: control character U+0002 (STX) must be escaped to \\u0002";
+                    return token_type::parse_error;
+                }
+
+                case 0x03:
+                {
+                    error_message = "invalid string: control character U+0003 (ETX) must be escaped to \\u0003";
+                    return token_type::parse_error;
+                }
+
+                case 0x04:
+                {
+                    error_message = "invalid string: control character U+0004 (EOT) must be escaped to \\u0004";
+                    return token_type::parse_error;
+                }
+
+                case 0x05:
+                {
+                    error_message = "invalid string: control character U+0005 (ENQ) must be escaped to \\u0005";
+                    return token_type::parse_error;
+                }
+
+                case 0x06:
+                {
+                    error_message = "invalid string: control character U+0006 (ACK) must be escaped to \\u0006";
+                    return token_type::parse_error;
+                }
+
+                case 0x07:
+                {
+                    error_message = "invalid string: control character U+0007 (BEL) must be escaped to \\u0007";
+                    return token_type::parse_error;
+                }
+
+                case 0x08:
+                {
+                    error_message = "invalid string: control character U+0008 (BS) must be escaped to \\u0008 or \\b";
+                    return token_type::parse_error;
+                }
+
+                case 0x09:
+                {
+                    error_message = "invalid string: control character U+0009 (HT) must be escaped to \\u0009 or \\t";
+                    return token_type::parse_error;
+                }
+
+                case 0x0A:
+                {
+                    error_message = "invalid string: control character U+000A (LF) must be escaped to \\u000A or \\n";
+                    return token_type::parse_error;
+                }
+
+                case 0x0B:
+                {
+                    error_message = "invalid string: control character U+000B (VT) must be escaped to \\u000B";
+                    return token_type::parse_error;
+                }
+
+                case 0x0C:
+                {
+                    error_message = "invalid string: control character U+000C (FF) must be escaped to \\u000C or \\f";
+                    return token_type::parse_error;
+                }
+
+                case 0x0D:
+                {
+                    error_message = "invalid string: control character U+000D (CR) must be escaped to \\u000D or \\r";
+                    return token_type::parse_error;
+                }
+
+                case 0x0E:
+                {
+                    error_message = "invalid string: control character U+000E (SO) must be escaped to \\u000E";
+                    return token_type::parse_error;
+                }
+
+                case 0x0F:
+                {
+                    error_message = "invalid string: control character U+000F (SI) must be escaped to \\u000F";
+                    return token_type::parse_error;
+                }
+
+                case 0x10:
+                {
+                    error_message = "invalid string: control character U+0010 (DLE) must be escaped to \\u0010";
+                    return token_type::parse_error;
+                }
+
+                case 0x11:
+                {
+                    error_message = "invalid string: control character U+0011 (DC1) must be escaped to \\u0011";
+                    return token_type::parse_error;
+                }
+
+                case 0x12:
+                {
+                    error_message = "invalid string: control character U+0012 (DC2) must be escaped to \\u0012";
+                    return token_type::parse_error;
+                }
+
+                case 0x13:
+                {
+                    error_message = "invalid string: control character U+0013 (DC3) must be escaped to \\u0013";
+                    return token_type::parse_error;
+                }
+
+                case 0x14:
+                {
+                    error_message = "invalid string: control character U+0014 (DC4) must be escaped to \\u0014";
+                    return token_type::parse_error;
+                }
+
+                case 0x15:
+                {
+                    error_message = "invalid string: control character U+0015 (NAK) must be escaped to \\u0015";
+                    return token_type::parse_error;
+                }
+
+                case 0x16:
+                {
+                    error_message = "invalid string: control character U+0016 (SYN) must be escaped to \\u0016";
+                    return token_type::parse_error;
+                }
+
+                case 0x17:
+                {
+                    error_message = "invalid string: control character U+0017 (ETB) must be escaped to \\u0017";
+                    return token_type::parse_error;
+                }
+
+                case 0x18:
+                {
+                    error_message = "invalid string: control character U+0018 (CAN) must be escaped to \\u0018";
+                    return token_type::parse_error;
+                }
+
+                case 0x19:
+                {
+                    error_message = "invalid string: control character U+0019 (EM) must be escaped to \\u0019";
+                    return token_type::parse_error;
+                }
+
+                case 0x1A:
+                {
+                    error_message = "invalid string: control character U+001A (SUB) must be escaped to \\u001A";
+                    return token_type::parse_error;
+                }
+
+                case 0x1B:
+                {
+                    error_message = "invalid string: control character U+001B (ESC) must be escaped to \\u001B";
+                    return token_type::parse_error;
+                }
+
+                case 0x1C:
+                {
+                    error_message = "invalid string: control character U+001C (FS) must be escaped to \\u001C";
+                    return token_type::parse_error;
+                }
+
+                case 0x1D:
+                {
+                    error_message = "invalid string: control character U+001D (GS) must be escaped to \\u001D";
+                    return token_type::parse_error;
+                }
+
+                case 0x1E:
+                {
+                    error_message = "invalid string: control character U+001E (RS) must be escaped to \\u001E";
+                    return token_type::parse_error;
+                }
+
+                case 0x1F:
+                {
+                    error_message = "invalid string: control character U+001F (US) must be escaped to \\u001F";
+                    return token_type::parse_error;
+                }
+
+                // U+0020..U+007F (except U+0022 (quote) and U+005C (backspace))
+                case 0x20:
+                case 0x21:
+                case 0x23:
+                case 0x24:
+                case 0x25:
+                case 0x26:
+                case 0x27:
+                case 0x28:
+                case 0x29:
+                case 0x2A:
+                case 0x2B:
+                case 0x2C:
+                case 0x2D:
+                case 0x2E:
+                case 0x2F:
+                case 0x30:
+                case 0x31:
+                case 0x32:
+                case 0x33:
+                case 0x34:
+                case 0x35:
+                case 0x36:
+                case 0x37:
+                case 0x38:
+                case 0x39:
+                case 0x3A:
+                case 0x3B:
+                case 0x3C:
+                case 0x3D:
+                case 0x3E:
+                case 0x3F:
+                case 0x40:
+                case 0x41:
+                case 0x42:
+                case 0x43:
+                case 0x44:
+                case 0x45:
+                case 0x46:
+                case 0x47:
+                case 0x48:
+                case 0x49:
+                case 0x4A:
+                case 0x4B:
+                case 0x4C:
+                case 0x4D:
+                case 0x4E:
+                case 0x4F:
+                case 0x50:
+                case 0x51:
+                case 0x52:
+                case 0x53:
+                case 0x54:
+                case 0x55:
+                case 0x56:
+                case 0x57:
+                case 0x58:
+                case 0x59:
+                case 0x5A:
+                case 0x5B:
+                case 0x5D:
+                case 0x5E:
+                case 0x5F:
+                case 0x60:
+                case 0x61:
+                case 0x62:
+                case 0x63:
+                case 0x64:
+                case 0x65:
+                case 0x66:
+                case 0x67:
+                case 0x68:
+                case 0x69:
+                case 0x6A:
+                case 0x6B:
+                case 0x6C:
+                case 0x6D:
+                case 0x6E:
+                case 0x6F:
+                case 0x70:
+                case 0x71:
+                case 0x72:
+                case 0x73:
+                case 0x74:
+                case 0x75:
+                case 0x76:
+                case 0x77:
+                case 0x78:
+                case 0x79:
+                case 0x7A:
+                case 0x7B:
+                case 0x7C:
+                case 0x7D:
+                case 0x7E:
+                case 0x7F:
+                {
+                    add(current);
+                    break;
+                }
+
+                // U+0080..U+07FF: bytes C2..DF 80..BF
+                case 0xC2:
+                case 0xC3:
+                case 0xC4:
+                case 0xC5:
+                case 0xC6:
+                case 0xC7:
+                case 0xC8:
+                case 0xC9:
+                case 0xCA:
+                case 0xCB:
+                case 0xCC:
+                case 0xCD:
+                case 0xCE:
+                case 0xCF:
+                case 0xD0:
+                case 0xD1:
+                case 0xD2:
+                case 0xD3:
+                case 0xD4:
+                case 0xD5:
+                case 0xD6:
+                case 0xD7:
+                case 0xD8:
+                case 0xD9:
+                case 0xDA:
+                case 0xDB:
+                case 0xDC:
+                case 0xDD:
+                case 0xDE:
+                case 0xDF:
+                {
+                    if (JSON_UNLIKELY(not next_byte_in_range({0x80, 0xBF})))
+                    {
+                        return token_type::parse_error;
+                    }
+                    break;
+                }
+
+                // U+0800..U+0FFF: bytes E0 A0..BF 80..BF
+                case 0xE0:
+                {
+                    if (JSON_UNLIKELY(not (next_byte_in_range({0xA0, 0xBF, 0x80, 0xBF}))))
+                    {
+                        return token_type::parse_error;
+                    }
+                    break;
+                }
+
+                // U+1000..U+CFFF: bytes E1..EC 80..BF 80..BF
+                // U+E000..U+FFFF: bytes EE..EF 80..BF 80..BF
+                case 0xE1:
+                case 0xE2:
+                case 0xE3:
+                case 0xE4:
+                case 0xE5:
+                case 0xE6:
+                case 0xE7:
+                case 0xE8:
+                case 0xE9:
+                case 0xEA:
+                case 0xEB:
+                case 0xEC:
+                case 0xEE:
+                case 0xEF:
+                {
+                    if (JSON_UNLIKELY(not (next_byte_in_range({0x80, 0xBF, 0x80, 0xBF}))))
+                    {
+                        return token_type::parse_error;
+                    }
+                    break;
+                }
+
+                // U+D000..U+D7FF: bytes ED 80..9F 80..BF
+                case 0xED:
+                {
+                    if (JSON_UNLIKELY(not (next_byte_in_range({0x80, 0x9F, 0x80, 0xBF}))))
+                    {
+                        return token_type::parse_error;
+                    }
+                    break;
+                }
+
+                // U+10000..U+3FFFF F0 90..BF 80..BF 80..BF
+                case 0xF0:
+                {
+                    if (JSON_UNLIKELY(not (next_byte_in_range({0x90, 0xBF, 0x80, 0xBF, 0x80, 0xBF}))))
+                    {
+                        return token_type::parse_error;
+                    }
+                    break;
+                }
+
+                // U+40000..U+FFFFF F1..F3 80..BF 80..BF 80..BF
+                case 0xF1:
+                case 0xF2:
+                case 0xF3:
+                {
+                    if (JSON_UNLIKELY(not (next_byte_in_range({0x80, 0xBF, 0x80, 0xBF, 0x80, 0xBF}))))
+                    {
+                        return token_type::parse_error;
+                    }
+                    break;
+                }
+
+                // U+100000..U+10FFFF F4 80..8F 80..BF 80..BF
+                case 0xF4:
+                {
+                    if (JSON_UNLIKELY(not (next_byte_in_range({0x80, 0x8F, 0x80, 0xBF, 0x80, 0xBF}))))
+                    {
+                        return token_type::parse_error;
+                    }
+                    break;
+                }
+
+                // remaining bytes (80..C1 and F5..FF) are ill-formed
+                default:
+                {
+                    error_message = "invalid string: ill-formed UTF-8 byte";
+                    return token_type::parse_error;
+                }
+            }
+        }
+    }
+
+    static void strtof(float& f, const char* str, char** endptr) noexcept
+    {
+        f = std::strtof(str, endptr);
+    }
+
+    static void strtof(double& f, const char* str, char** endptr) noexcept
+    {
+        f = std::strtod(str, endptr);
+    }
+
+    static void strtof(long double& f, const char* str, char** endptr) noexcept
+    {
+        f = std::strtold(str, endptr);
+    }
+
+    /*!
+    @brief scan a number literal
+
+    This function scans a string according to Sect. 6 of RFC 7159.
+
+    The function is realized with a deterministic finite state machine derived
+    from the grammar described in RFC 7159. Starting in state "init", the
+    input is read and used to determined the next state. Only state "done"
+    accepts the number. State "error" is a trap state to model errors. In the
+    table below, "anything" means any character but the ones listed before.
+
+    state    | 0        | 1-9      | e E      | +       | -       | .        | anything
+    ---------|----------|----------|----------|---------|---------|----------|-----------
+    init     | zero     | any1     | [error]  | [error] | minus   | [error]  | [error]
+    minus    | zero     | any1     | [error]  | [error] | [error] | [error]  | [error]
+    zero     | done     | done     | exponent | done    | done    | decimal1 | done
+    any1     | any1     | any1     | exponent | done    | done    | decimal1 | done
+    decimal1 | decimal2 | [error]  | [error]  | [error] | [error] | [error]  | [error]
+    decimal2 | decimal2 | decimal2 | exponent | done    | done    | done     | done
+    exponent | any2     | any2     | [error]  | sign    | sign    | [error]  | [error]
+    sign     | any2     | any2     | [error]  | [error] | [error] | [error]  | [error]
+    any2     | any2     | any2     | done     | done    | done    | done     | done
+
+    The state machine is realized with one label per state (prefixed with
+    "scan_number_") and `goto` statements between them. The state machine
+    contains cycles, but any cycle can be left when EOF is read. Therefore,
+    the function is guaranteed to terminate.
+
+    During scanning, the read bytes are stored in token_buffer. This string is
+    then converted to a signed integer, an unsigned integer, or a
+    floating-point number.
+
+    @return token_type::value_unsigned, token_type::value_integer, or
+            token_type::value_float if number could be successfully scanned,
+            token_type::parse_error otherwise
+
+    @note The scanner is independent of the current locale. Internally, the
+          locale's decimal point is used instead of `.` to work with the
+          locale-dependent converters.
+    */
+    token_type scan_number()  // lgtm [cpp/use-of-goto]
+    {
+        // reset token_buffer to store the number's bytes
+        reset();
+
+        // the type of the parsed number; initially set to unsigned; will be
+        // changed if minus sign, decimal point or exponent is read
+        token_type number_type = token_type::value_unsigned;
+
+        // state (init): we just found out we need to scan a number
+        switch (current)
+        {
+            case '-':
+            {
+                add(current);
+                goto scan_number_minus;
+            }
+
+            case '0':
+            {
+                add(current);
+                goto scan_number_zero;
+            }
+
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_any1;
+            }
+
+            // LCOV_EXCL_START
+            default:
+            {
+                // all other characters are rejected outside scan_number()
+                assert(false);
+            }
+                // LCOV_EXCL_STOP
+        }
+
+scan_number_minus:
+        // state: we just parsed a leading minus sign
+        number_type = token_type::value_integer;
+        switch (get())
+        {
+            case '0':
+            {
+                add(current);
+                goto scan_number_zero;
+            }
+
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_any1;
+            }
+
+            default:
+            {
+                error_message = "invalid number; expected digit after '-'";
+                return token_type::parse_error;
+            }
+        }
+
+scan_number_zero:
+        // state: we just parse a zero (maybe with a leading minus sign)
+        switch (get())
+        {
+            case '.':
+            {
+                add(decimal_point_char);
+                goto scan_number_decimal1;
+            }
+
+            case 'e':
+            case 'E':
+            {
+                add(current);
+                goto scan_number_exponent;
+            }
+
+            default:
+                goto scan_number_done;
+        }
+
+scan_number_any1:
+        // state: we just parsed a number 0-9 (maybe with a leading minus sign)
+        switch (get())
+        {
+            case '0':
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_any1;
+            }
+
+            case '.':
+            {
+                add(decimal_point_char);
+                goto scan_number_decimal1;
+            }
+
+            case 'e':
+            case 'E':
+            {
+                add(current);
+                goto scan_number_exponent;
+            }
+
+            default:
+                goto scan_number_done;
+        }
+
+scan_number_decimal1:
+        // state: we just parsed a decimal point
+        number_type = token_type::value_float;
+        switch (get())
+        {
+            case '0':
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_decimal2;
+            }
+
+            default:
+            {
+                error_message = "invalid number; expected digit after '.'";
+                return token_type::parse_error;
+            }
+        }
+
+scan_number_decimal2:
+        // we just parsed at least one number after a decimal point
+        switch (get())
+        {
+            case '0':
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_decimal2;
+            }
+
+            case 'e':
+            case 'E':
+            {
+                add(current);
+                goto scan_number_exponent;
+            }
+
+            default:
+                goto scan_number_done;
+        }
+
+scan_number_exponent:
+        // we just parsed an exponent
+        number_type = token_type::value_float;
+        switch (get())
+        {
+            case '+':
+            case '-':
+            {
+                add(current);
+                goto scan_number_sign;
+            }
+
+            case '0':
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_any2;
+            }
+
+            default:
+            {
+                error_message =
+                    "invalid number; expected '+', '-', or digit after exponent";
+                return token_type::parse_error;
+            }
+        }
+
+scan_number_sign:
+        // we just parsed an exponent sign
+        switch (get())
+        {
+            case '0':
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_any2;
+            }
+
+            default:
+            {
+                error_message = "invalid number; expected digit after exponent sign";
+                return token_type::parse_error;
+            }
+        }
+
+scan_number_any2:
+        // we just parsed a number after the exponent or exponent sign
+        switch (get())
+        {
+            case '0':
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+            {
+                add(current);
+                goto scan_number_any2;
+            }
+
+            default:
+                goto scan_number_done;
+        }
+
+scan_number_done:
+        // unget the character after the number (we only read it to know that
+        // we are done scanning a number)
+        unget();
+
+        char* endptr = nullptr;
+        errno = 0;
+
+        // try to parse integers first and fall back to floats
+        if (number_type == token_type::value_unsigned)
+        {
+            const auto x = std::strtoull(token_buffer.data(), &endptr, 10);
+
+            // we checked the number format before
+            assert(endptr == token_buffer.data() + token_buffer.size());
+
+            if (errno == 0)
+            {
+                value_unsigned = static_cast<number_unsigned_t>(x);
+                if (value_unsigned == x)
+                {
+                    return token_type::value_unsigned;
+                }
+            }
+        }
+        else if (number_type == token_type::value_integer)
+        {
+            const auto x = std::strtoll(token_buffer.data(), &endptr, 10);
+
+            // we checked the number format before
+            assert(endptr == token_buffer.data() + token_buffer.size());
+
+            if (errno == 0)
+            {
+                value_integer = static_cast<number_integer_t>(x);
+                if (value_integer == x)
+                {
+                    return token_type::value_integer;
+                }
+            }
+        }
+
+        // this code is reached if we parse a floating-point number or if an
+        // integer conversion above failed
+        strtof(value_float, token_buffer.data(), &endptr);
+
+        // we checked the number format before
+        assert(endptr == token_buffer.data() + token_buffer.size());
+
+        return token_type::value_float;
+    }
+
+    /*!
+    @param[in] literal_text  the literal text to expect
+    @param[in] length        the length of the passed literal text
+    @param[in] return_type   the token type to return on success
+    */
+    token_type scan_literal(const char* literal_text, const std::size_t length,
+                            token_type return_type)
+    {
+        assert(current == literal_text[0]);
+        for (std::size_t i = 1; i < length; ++i)
+        {
+            if (JSON_UNLIKELY(get() != literal_text[i]))
+            {
+                error_message = "invalid literal";
+                return token_type::parse_error;
+            }
+        }
+        return return_type;
+    }
+
+    /////////////////////
+    // input management
+    /////////////////////
+
+    /// reset token_buffer; current character is beginning of token
+    void reset() noexcept
+    {
+        token_buffer.clear();
+        token_string.clear();
+        token_string.push_back(std::char_traits<char>::to_char_type(current));
+    }
+
+    /*
+    @brief get next character from the input
+
+    This function provides the interface to the used input adapter. It does
+    not throw in case the input reached EOF, but returns a
+    `std::char_traits<char>::eof()` in that case.  Stores the scanned characters
+    for use in error messages.
+
+    @return character read from the input
+    */
+    std::char_traits<char>::int_type get()
+    {
+        ++position.chars_read_total;
+        ++position.chars_read_current_line;
+
+        if (next_unget)
+        {
+            // just reset the next_unget variable and work with current
+            next_unget = false;
+        }
+        else
+        {
+            current = ia->get_character();
+        }
+
+        if (JSON_LIKELY(current != std::char_traits<char>::eof()))
+        {
+            token_string.push_back(std::char_traits<char>::to_char_type(current));
+        }
+
+        if (current == '\n')
+        {
+            ++position.lines_read;
+            ++position.chars_read_current_line = 0;
+        }
+
+        return current;
+    }
+
+    /*!
+    @brief unget current character (read it again on next get)
+
+    We implement unget by setting variable next_unget to true. The input is not
+    changed - we just simulate ungetting by modifying chars_read_total,
+    chars_read_current_line, and token_string. The next call to get() will
+    behave as if the unget character is read again.
+    */
+    void unget()
+    {
+        next_unget = true;
+
+        --position.chars_read_total;
+
+        // in case we "unget" a newline, we have to also decrement the lines_read
+        if (position.chars_read_current_line == 0)
+        {
+            if (position.lines_read > 0)
+            {
+                --position.lines_read;
+            }
+        }
+        else
+        {
+            --position.chars_read_current_line;
+        }
+
+        if (JSON_LIKELY(current != std::char_traits<char>::eof()))
+        {
+            assert(token_string.size() != 0);
+            token_string.pop_back();
+        }
+    }
+
+    /// add a character to token_buffer
+    void add(int c)
+    {
+        token_buffer.push_back(std::char_traits<char>::to_char_type(c));
+    }
+
+  public:
+    /////////////////////
+    // value getters
+    /////////////////////
+
+    /// return integer value
+    constexpr number_integer_t get_number_integer() const noexcept
+    {
+        return value_integer;
+    }
+
+    /// return unsigned integer value
+    constexpr number_unsigned_t get_number_unsigned() const noexcept
+    {
+        return value_unsigned;
+    }
+
+    /// return floating-point value
+    constexpr number_float_t get_number_float() const noexcept
+    {
+        return value_float;
+    }
+
+    /// return current string value (implicitly resets the token; useful only once)
+    string_t& get_string()
+    {
+        return token_buffer;
+    }
+
+    /////////////////////
+    // diagnostics
+    /////////////////////
+
+    /// return position of last read token
+    constexpr position_t get_position() const noexcept
+    {
+        return position;
+    }
+
+    /// return the last read token (for errors only).  Will never contain EOF
+    /// (an arbitrary value that is not a valid char value, often -1), because
+    /// 255 may legitimately occur.  May contain NUL, which should be escaped.
+    std::string get_token_string() const
+    {
+        // escape control characters
+        std::string result;
+        for (const auto c : token_string)
+        {
+            if ('\x00' <= c and c <= '\x1F')
+            {
+                // escape control characters
+                char cs[9];
+                (std::snprintf)(cs, 9, "<U+%.4X>", static_cast<unsigned char>(c));
+                result += cs;
+            }
+            else
+            {
+                // add character as is
+                result.push_back(c);
+            }
+        }
+
+        return result;
+    }
+
+    /// return syntax error message
+    constexpr const char* get_error_message() const noexcept
+    {
+        return error_message;
+    }
+
+    /////////////////////
+    // actual scanner
+    /////////////////////
+
+    /*!
+    @brief skip the UTF-8 byte order mark
+    @return true iff there is no BOM or the correct BOM has been skipped
+    */
+    bool skip_bom()
+    {
+        if (get() == 0xEF)
+        {
+            // check if we completely parse the BOM
+            return get() == 0xBB and get() == 0xBF;
+        }
+
+        // the first character is not the beginning of the BOM; unget it to
+        // process is later
+        unget();
+        return true;
+    }
+
+    token_type scan()
+    {
+        // initially, skip the BOM
+        if (position.chars_read_total == 0 and not skip_bom())
+        {
+            error_message = "invalid BOM; must be 0xEF 0xBB 0xBF if given";
+            return token_type::parse_error;
+        }
+
+        // read next character and ignore whitespace
+        do
+        {
+            get();
+        }
+        while (current == ' ' or current == '\t' or current == '\n' or current == '\r');
+
+        switch (current)
+        {
+            // structural characters
+            case '[':
+                return token_type::begin_array;
+            case ']':
+                return token_type::end_array;
+            case '{':
+                return token_type::begin_object;
+            case '}':
+                return token_type::end_object;
+            case ':':
+                return token_type::name_separator;
+            case ',':
+                return token_type::value_separator;
+
+            // literals
+            case 't':
+                return scan_literal("true", 4, token_type::literal_true);
+            case 'f':
+                return scan_literal("false", 5, token_type::literal_false);
+            case 'n':
+                return scan_literal("null", 4, token_type::literal_null);
+
+            // string
+            case '\"':
+                return scan_string();
+
+            // number
+            case '-':
+            case '0':
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+                return scan_number();
+
+            // end of input (the null byte is needed when parsing from
+            // string literals)
+            case '\0':
+            case std::char_traits<char>::eof():
+                return token_type::end_of_input;
+
+            // error
+            default:
+                error_message = "invalid literal";
+                return token_type::parse_error;
+        }
+    }
+
+  private:
+    /// input adapter
+    detail::input_adapter_t ia = nullptr;
+
+    /// the current character
+    std::char_traits<char>::int_type current = std::char_traits<char>::eof();
+
+    /// whether the next get() call should just return current
+    bool next_unget = false;
+
+    /// the start position of the current token
+    position_t position;
+
+    /// raw input token string (for error messages)
+    std::vector<char> token_string {};
+
+    /// buffer for variable-length tokens (numbers, strings)
+    string_t token_buffer {};
+
+    /// a description of occurred lexer errors
+    const char* error_message = "";
+
+    // number values
+    number_integer_t value_integer = 0;
+    number_unsigned_t value_unsigned = 0;
+    number_float_t value_float = 0;
+
+    /// the decimal point
+    const char decimal_point_char = '.';
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/input/parser.hpp>
+
+
+#include <cassert> // assert
+#include <cmath> // isfinite
+#include <cstdint> // uint8_t
+#include <functional> // function
+#include <string> // string
+#include <utility> // move
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+// #include <nlohmann/detail/meta/is_sax.hpp>
+
+
+#include <cstdint> // size_t
+#include <utility> // declval
+
+// #include <nlohmann/detail/meta/detected.hpp>
+
+// #include <nlohmann/detail/meta/type_traits.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+template <typename T>
+using null_function_t = decltype(std::declval<T&>().null());
+
+template <typename T>
+using boolean_function_t =
+    decltype(std::declval<T&>().boolean(std::declval<bool>()));
+
+template <typename T, typename Integer>
+using number_integer_function_t =
+    decltype(std::declval<T&>().number_integer(std::declval<Integer>()));
+
+template <typename T, typename Unsigned>
+using number_unsigned_function_t =
+    decltype(std::declval<T&>().number_unsigned(std::declval<Unsigned>()));
+
+template <typename T, typename Float, typename String>
+using number_float_function_t = decltype(std::declval<T&>().number_float(
+                                    std::declval<Float>(), std::declval<const String&>()));
+
+template <typename T, typename String>
+using string_function_t =
+    decltype(std::declval<T&>().string(std::declval<String&>()));
+
+template <typename T>
+using start_object_function_t =
+    decltype(std::declval<T&>().start_object(std::declval<std::size_t>()));
+
+template <typename T, typename String>
+using key_function_t =
+    decltype(std::declval<T&>().key(std::declval<String&>()));
+
+template <typename T>
+using end_object_function_t = decltype(std::declval<T&>().end_object());
+
+template <typename T>
+using start_array_function_t =
+    decltype(std::declval<T&>().start_array(std::declval<std::size_t>()));
+
+template <typename T>
+using end_array_function_t = decltype(std::declval<T&>().end_array());
+
+template <typename T, typename Exception>
+using parse_error_function_t = decltype(std::declval<T&>().parse_error(
+        std::declval<std::size_t>(), std::declval<const std::string&>(),
+        std::declval<const Exception&>()));
+
+template <typename SAX, typename BasicJsonType>
+struct is_sax
+{
+  private:
+    static_assert(is_basic_json<BasicJsonType>::value,
+                  "BasicJsonType must be of type basic_json<...>");
+
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+    using exception_t = typename BasicJsonType::exception;
+
+  public:
+    static constexpr bool value =
+        is_detected_exact<bool, null_function_t, SAX>::value &&
+        is_detected_exact<bool, boolean_function_t, SAX>::value &&
+        is_detected_exact<bool, number_integer_function_t, SAX,
+        number_integer_t>::value &&
+        is_detected_exact<bool, number_unsigned_function_t, SAX,
+        number_unsigned_t>::value &&
+        is_detected_exact<bool, number_float_function_t, SAX, number_float_t,
+        string_t>::value &&
+        is_detected_exact<bool, string_function_t, SAX, string_t>::value &&
+        is_detected_exact<bool, start_object_function_t, SAX>::value &&
+        is_detected_exact<bool, key_function_t, SAX, string_t>::value &&
+        is_detected_exact<bool, end_object_function_t, SAX>::value &&
+        is_detected_exact<bool, start_array_function_t, SAX>::value &&
+        is_detected_exact<bool, end_array_function_t, SAX>::value &&
+        is_detected_exact<bool, parse_error_function_t, SAX, exception_t>::value;
+};
+
+template <typename SAX, typename BasicJsonType>
+struct is_sax_static_asserts
+{
+  private:
+    static_assert(is_basic_json<BasicJsonType>::value,
+                  "BasicJsonType must be of type basic_json<...>");
+
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+    using exception_t = typename BasicJsonType::exception;
+
+  public:
+    static_assert(is_detected_exact<bool, null_function_t, SAX>::value,
+                  "Missing/invalid function: bool null()");
+    static_assert(is_detected_exact<bool, boolean_function_t, SAX>::value,
+                  "Missing/invalid function: bool boolean(bool)");
+    static_assert(is_detected_exact<bool, boolean_function_t, SAX>::value,
+                  "Missing/invalid function: bool boolean(bool)");
+    static_assert(
+        is_detected_exact<bool, number_integer_function_t, SAX,
+        number_integer_t>::value,
+        "Missing/invalid function: bool number_integer(number_integer_t)");
+    static_assert(
+        is_detected_exact<bool, number_unsigned_function_t, SAX,
+        number_unsigned_t>::value,
+        "Missing/invalid function: bool number_unsigned(number_unsigned_t)");
+    static_assert(is_detected_exact<bool, number_float_function_t, SAX,
+                  number_float_t, string_t>::value,
+                  "Missing/invalid function: bool number_float(number_float_t, const string_t&)");
+    static_assert(
+        is_detected_exact<bool, string_function_t, SAX, string_t>::value,
+        "Missing/invalid function: bool string(string_t&)");
+    static_assert(is_detected_exact<bool, start_object_function_t, SAX>::value,
+                  "Missing/invalid function: bool start_object(std::size_t)");
+    static_assert(is_detected_exact<bool, key_function_t, SAX, string_t>::value,
+                  "Missing/invalid function: bool key(string_t&)");
+    static_assert(is_detected_exact<bool, end_object_function_t, SAX>::value,
+                  "Missing/invalid function: bool end_object()");
+    static_assert(is_detected_exact<bool, start_array_function_t, SAX>::value,
+                  "Missing/invalid function: bool start_array(std::size_t)");
+    static_assert(is_detected_exact<bool, end_array_function_t, SAX>::value,
+                  "Missing/invalid function: bool end_array()");
+    static_assert(
+        is_detected_exact<bool, parse_error_function_t, SAX, exception_t>::value,
+        "Missing/invalid function: bool parse_error(std::size_t, const "
+        "std::string&, const exception&)");
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/input/input_adapters.hpp>
+
+// #include <nlohmann/detail/input/json_sax.hpp>
+
+
+#include <cstddef>
+#include <string>
+#include <vector>
+
+// #include <nlohmann/detail/input/parser.hpp>
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+
+namespace nlohmann
+{
+
+/*!
+@brief SAX interface
+
+This class describes the SAX interface used by @ref nlohmann::json::sax_parse.
+Each function is called in different situations while the input is parsed. The
+boolean return value informs the parser whether to continue processing the
+input.
+*/
+template<typename BasicJsonType>
+struct json_sax
+{
+    /// type for (signed) integers
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    /// type for unsigned integers
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    /// type for floating-point numbers
+    using number_float_t = typename BasicJsonType::number_float_t;
+    /// type for strings
+    using string_t = typename BasicJsonType::string_t;
+
+    /*!
+    @brief a null value was read
+    @return whether parsing should proceed
+    */
+    virtual bool null() = 0;
+
+    /*!
+    @brief a boolean value was read
+    @param[in] val  boolean value
+    @return whether parsing should proceed
+    */
+    virtual bool boolean(bool val) = 0;
+
+    /*!
+    @brief an integer number was read
+    @param[in] val  integer value
+    @return whether parsing should proceed
+    */
+    virtual bool number_integer(number_integer_t val) = 0;
+
+    /*!
+    @brief an unsigned integer number was read
+    @param[in] val  unsigned integer value
+    @return whether parsing should proceed
+    */
+    virtual bool number_unsigned(number_unsigned_t val) = 0;
+
+    /*!
+    @brief an floating-point number was read
+    @param[in] val  floating-point value
+    @param[in] s    raw token value
+    @return whether parsing should proceed
+    */
+    virtual bool number_float(number_float_t val, const string_t& s) = 0;
+
+    /*!
+    @brief a string was read
+    @param[in] val  string value
+    @return whether parsing should proceed
+    @note It is safe to move the passed string.
+    */
+    virtual bool string(string_t& val) = 0;
+
+    /*!
+    @brief the beginning of an object was read
+    @param[in] elements  number of object elements or -1 if unknown
+    @return whether parsing should proceed
+    @note binary formats may report the number of elements
+    */
+    virtual bool start_object(std::size_t elements) = 0;
+
+    /*!
+    @brief an object key was read
+    @param[in] val  object key
+    @return whether parsing should proceed
+    @note It is safe to move the passed string.
+    */
+    virtual bool key(string_t& val) = 0;
+
+    /*!
+    @brief the end of an object was read
+    @return whether parsing should proceed
+    */
+    virtual bool end_object() = 0;
+
+    /*!
+    @brief the beginning of an array was read
+    @param[in] elements  number of array elements or -1 if unknown
+    @return whether parsing should proceed
+    @note binary formats may report the number of elements
+    */
+    virtual bool start_array(std::size_t elements) = 0;
+
+    /*!
+    @brief the end of an array was read
+    @return whether parsing should proceed
+    */
+    virtual bool end_array() = 0;
+
+    /*!
+    @brief a parse error occurred
+    @param[in] position    the position in the input where the error occurs
+    @param[in] last_token  the last read token
+    @param[in] ex          an exception object describing the error
+    @return whether parsing should proceed (must return false)
+    */
+    virtual bool parse_error(std::size_t position,
+                             const std::string& last_token,
+                             const detail::exception& ex) = 0;
+
+    virtual ~json_sax() = default;
+};
+
+
+namespace detail
+{
+/*!
+@brief SAX implementation to create a JSON value from SAX events
+
+This class implements the @ref json_sax interface and processes the SAX events
+to create a JSON value which makes it basically a DOM parser. The structure or
+hierarchy of the JSON value is managed by the stack `ref_stack` which contains
+a pointer to the respective array or object for each recursion depth.
+
+After successful parsing, the value that is passed by reference to the
+constructor contains the parsed value.
+
+@tparam BasicJsonType  the JSON type
+*/
+template<typename BasicJsonType>
+class json_sax_dom_parser
+{
+  public:
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+
+    /*!
+    @param[in, out] r  reference to a JSON value that is manipulated while
+                       parsing
+    @param[in] allow_exceptions_  whether parse errors yield exceptions
+    */
+    explicit json_sax_dom_parser(BasicJsonType& r, const bool allow_exceptions_ = true)
+        : root(r), allow_exceptions(allow_exceptions_)
+    {}
+
+    bool null()
+    {
+        handle_value(nullptr);
+        return true;
+    }
+
+    bool boolean(bool val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool number_integer(number_integer_t val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool number_unsigned(number_unsigned_t val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool number_float(number_float_t val, const string_t& /*unused*/)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool string(string_t& val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool start_object(std::size_t len)
+    {
+        ref_stack.push_back(handle_value(BasicJsonType::value_t::object));
+
+        if (JSON_UNLIKELY(len != std::size_t(-1) and len > ref_stack.back()->max_size()))
+        {
+            JSON_THROW(out_of_range::create(408,
+                                            "excessive object size: " + std::to_string(len)));
+        }
+
+        return true;
+    }
+
+    bool key(string_t& val)
+    {
+        // add null at given key and store the reference for later
+        object_element = &(ref_stack.back()->m_value.object->operator[](val));
+        return true;
+    }
+
+    bool end_object()
+    {
+        ref_stack.pop_back();
+        return true;
+    }
+
+    bool start_array(std::size_t len)
+    {
+        ref_stack.push_back(handle_value(BasicJsonType::value_t::array));
+
+        if (JSON_UNLIKELY(len != std::size_t(-1) and len > ref_stack.back()->max_size()))
+        {
+            JSON_THROW(out_of_range::create(408,
+                                            "excessive array size: " + std::to_string(len)));
+        }
+
+        return true;
+    }
+
+    bool end_array()
+    {
+        ref_stack.pop_back();
+        return true;
+    }
+
+    bool parse_error(std::size_t /*unused*/, const std::string& /*unused*/,
+                     const detail::exception& ex)
+    {
+        errored = true;
+        if (allow_exceptions)
+        {
+            // determine the proper exception type from the id
+            switch ((ex.id / 100) % 100)
+            {
+                case 1:
+                    JSON_THROW(*reinterpret_cast<const detail::parse_error*>(&ex));
+                case 4:
+                    JSON_THROW(*reinterpret_cast<const detail::out_of_range*>(&ex));
+                // LCOV_EXCL_START
+                case 2:
+                    JSON_THROW(*reinterpret_cast<const detail::invalid_iterator*>(&ex));
+                case 3:
+                    JSON_THROW(*reinterpret_cast<const detail::type_error*>(&ex));
+                case 5:
+                    JSON_THROW(*reinterpret_cast<const detail::other_error*>(&ex));
+                default:
+                    assert(false);
+                    // LCOV_EXCL_STOP
+            }
+        }
+        return false;
+    }
+
+    constexpr bool is_errored() const
+    {
+        return errored;
+    }
+
+  private:
+    /*!
+    @invariant If the ref stack is empty, then the passed value will be the new
+               root.
+    @invariant If the ref stack contains a value, then it is an array or an
+               object to which we can add elements
+    */
+    template<typename Value>
+    BasicJsonType* handle_value(Value&& v)
+    {
+        if (ref_stack.empty())
+        {
+            root = BasicJsonType(std::forward<Value>(v));
+            return &root;
+        }
+
+        assert(ref_stack.back()->is_array() or ref_stack.back()->is_object());
+
+        if (ref_stack.back()->is_array())
+        {
+            ref_stack.back()->m_value.array->emplace_back(std::forward<Value>(v));
+            return &(ref_stack.back()->m_value.array->back());
+        }
+        else
+        {
+            assert(object_element);
+            *object_element = BasicJsonType(std::forward<Value>(v));
+            return object_element;
+        }
+    }
+
+    /// the parsed JSON value
+    BasicJsonType& root;
+    /// stack to model hierarchy of values
+    std::vector<BasicJsonType*> ref_stack;
+    /// helper to hold the reference for the next object element
+    BasicJsonType* object_element = nullptr;
+    /// whether a syntax error occurred
+    bool errored = false;
+    /// whether to throw exceptions in case of errors
+    const bool allow_exceptions = true;
+};
+
+template<typename BasicJsonType>
+class json_sax_dom_callback_parser
+{
+  public:
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+    using parser_callback_t = typename BasicJsonType::parser_callback_t;
+    using parse_event_t = typename BasicJsonType::parse_event_t;
+
+    json_sax_dom_callback_parser(BasicJsonType& r,
+                                 const parser_callback_t cb,
+                                 const bool allow_exceptions_ = true)
+        : root(r), callback(cb), allow_exceptions(allow_exceptions_)
+    {
+        keep_stack.push_back(true);
+    }
+
+    bool null()
+    {
+        handle_value(nullptr);
+        return true;
+    }
+
+    bool boolean(bool val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool number_integer(number_integer_t val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool number_unsigned(number_unsigned_t val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool number_float(number_float_t val, const string_t& /*unused*/)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool string(string_t& val)
+    {
+        handle_value(val);
+        return true;
+    }
+
+    bool start_object(std::size_t len)
+    {
+        // check callback for object start
+        const bool keep = callback(static_cast<int>(ref_stack.size()), parse_event_t::object_start, discarded);
+        keep_stack.push_back(keep);
+
+        auto val = handle_value(BasicJsonType::value_t::object, true);
+        ref_stack.push_back(val.second);
+
+        // check object limit
+        if (ref_stack.back())
+        {
+            if (JSON_UNLIKELY(len != std::size_t(-1) and len > ref_stack.back()->max_size()))
+            {
+                JSON_THROW(out_of_range::create(408,
+                                                "excessive object size: " + std::to_string(len)));
+            }
+        }
+
+        return true;
+    }
+
+    bool key(string_t& val)
+    {
+        BasicJsonType k = BasicJsonType(val);
+
+        // check callback for key
+        const bool keep = callback(static_cast<int>(ref_stack.size()), parse_event_t::key, k);
+        key_keep_stack.push_back(keep);
+
+        // add discarded value at given key and store the reference for later
+        if (keep and ref_stack.back())
+        {
+            object_element = &(ref_stack.back()->m_value.object->operator[](val) = discarded);
+        }
+
+        return true;
+    }
+
+    bool end_object()
+    {
+        if (ref_stack.back())
+        {
+            if (not callback(static_cast<int>(ref_stack.size()) - 1, parse_event_t::object_end, *ref_stack.back()))
+            {
+                // discard object
+                *ref_stack.back() = discarded;
+            }
+        }
+
+        assert(not ref_stack.empty());
+        assert(not keep_stack.empty());
+        ref_stack.pop_back();
+        keep_stack.pop_back();
+
+        if (not ref_stack.empty() and ref_stack.back())
+        {
+            // remove discarded value
+            if (ref_stack.back()->is_object())
+            {
+                for (auto it = ref_stack.back()->begin(); it != ref_stack.back()->end(); ++it)
+                {
+                    if (it->is_discarded())
+                    {
+                        ref_stack.back()->erase(it);
+                        break;
+                    }
+                }
+            }
+        }
+
+        return true;
+    }
+
+    bool start_array(std::size_t len)
+    {
+        const bool keep = callback(static_cast<int>(ref_stack.size()), parse_event_t::array_start, discarded);
+        keep_stack.push_back(keep);
+
+        auto val = handle_value(BasicJsonType::value_t::array, true);
+        ref_stack.push_back(val.second);
+
+        // check array limit
+        if (ref_stack.back())
+        {
+            if (JSON_UNLIKELY(len != std::size_t(-1) and len > ref_stack.back()->max_size()))
+            {
+                JSON_THROW(out_of_range::create(408,
+                                                "excessive array size: " + std::to_string(len)));
+            }
+        }
+
+        return true;
+    }
+
+    bool end_array()
+    {
+        bool keep = true;
+
+        if (ref_stack.back())
+        {
+            keep = callback(static_cast<int>(ref_stack.size()) - 1, parse_event_t::array_end, *ref_stack.back());
+            if (not keep)
+            {
+                // discard array
+                *ref_stack.back() = discarded;
+            }
+        }
+
+        assert(not ref_stack.empty());
+        assert(not keep_stack.empty());
+        ref_stack.pop_back();
+        keep_stack.pop_back();
+
+        // remove discarded value
+        if (not keep and not ref_stack.empty())
+        {
+            if (ref_stack.back()->is_array())
+            {
+                ref_stack.back()->m_value.array->pop_back();
+            }
+        }
+
+        return true;
+    }
+
+    bool parse_error(std::size_t /*unused*/, const std::string& /*unused*/,
+                     const detail::exception& ex)
+    {
+        errored = true;
+        if (allow_exceptions)
+        {
+            // determine the proper exception type from the id
+            switch ((ex.id / 100) % 100)
+            {
+                case 1:
+                    JSON_THROW(*reinterpret_cast<const detail::parse_error*>(&ex));
+                case 4:
+                    JSON_THROW(*reinterpret_cast<const detail::out_of_range*>(&ex));
+                // LCOV_EXCL_START
+                case 2:
+                    JSON_THROW(*reinterpret_cast<const detail::invalid_iterator*>(&ex));
+                case 3:
+                    JSON_THROW(*reinterpret_cast<const detail::type_error*>(&ex));
+                case 5:
+                    JSON_THROW(*reinterpret_cast<const detail::other_error*>(&ex));
+                default:
+                    assert(false);
+                    // LCOV_EXCL_STOP
+            }
+        }
+        return false;
+    }
+
+    constexpr bool is_errored() const
+    {
+        return errored;
+    }
+
+  private:
+    /*!
+    @param[in] v  value to add to the JSON value we build during parsing
+    @param[in] skip_callback  whether we should skip calling the callback
+               function; this is required after start_array() and
+               start_object() SAX events, because otherwise we would call the
+               callback function with an empty array or object, respectively.
+
+    @invariant If the ref stack is empty, then the passed value will be the new
+               root.
+    @invariant If the ref stack contains a value, then it is an array or an
+               object to which we can add elements
+
+    @return pair of boolean (whether value should be kept) and pointer (to the
+            passed value in the ref_stack hierarchy; nullptr if not kept)
+    */
+    template<typename Value>
+    std::pair<bool, BasicJsonType*> handle_value(Value&& v, const bool skip_callback = false)
+    {
+        assert(not keep_stack.empty());
+
+        // do not handle this value if we know it would be added to a discarded
+        // container
+        if (not keep_stack.back())
+        {
+            return {false, nullptr};
+        }
+
+        // create value
+        auto value = BasicJsonType(std::forward<Value>(v));
+
+        // check callback
+        const bool keep = skip_callback or callback(static_cast<int>(ref_stack.size()), parse_event_t::value, value);
+
+        // do not handle this value if we just learnt it shall be discarded
+        if (not keep)
+        {
+            return {false, nullptr};
+        }
+
+        if (ref_stack.empty())
+        {
+            root = std::move(value);
+            return {true, &root};
+        }
+
+        // skip this value if we already decided to skip the parent
+        // (https://github.com/nlohmann/json/issues/971#issuecomment-413678360)
+        if (not ref_stack.back())
+        {
+            return {false, nullptr};
+        }
+
+        // we now only expect arrays and objects
+        assert(ref_stack.back()->is_array() or ref_stack.back()->is_object());
+
+        if (ref_stack.back()->is_array())
+        {
+            ref_stack.back()->m_value.array->push_back(std::move(value));
+            return {true, &(ref_stack.back()->m_value.array->back())};
+        }
+        else
+        {
+            // check if we should store an element for the current key
+            assert(not key_keep_stack.empty());
+            const bool store_element = key_keep_stack.back();
+            key_keep_stack.pop_back();
+
+            if (not store_element)
+            {
+                return {false, nullptr};
+            }
+
+            assert(object_element);
+            *object_element = std::move(value);
+            return {true, object_element};
+        }
+    }
+
+    /// the parsed JSON value
+    BasicJsonType& root;
+    /// stack to model hierarchy of values
+    std::vector<BasicJsonType*> ref_stack;
+    /// stack to manage which values to keep
+    std::vector<bool> keep_stack;
+    /// stack to manage which object keys to keep
+    std::vector<bool> key_keep_stack;
+    /// helper to hold the reference for the next object element
+    BasicJsonType* object_element = nullptr;
+    /// whether a syntax error occurred
+    bool errored = false;
+    /// callback function
+    const parser_callback_t callback = nullptr;
+    /// whether to throw exceptions in case of errors
+    const bool allow_exceptions = true;
+    /// a discarded value for the callback
+    BasicJsonType discarded = BasicJsonType::value_t::discarded;
+};
+
+template<typename BasicJsonType>
+class json_sax_acceptor
+{
+  public:
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+
+    bool null()
+    {
+        return true;
+    }
+
+    bool boolean(bool /*unused*/)
+    {
+        return true;
+    }
+
+    bool number_integer(number_integer_t /*unused*/)
+    {
+        return true;
+    }
+
+    bool number_unsigned(number_unsigned_t /*unused*/)
+    {
+        return true;
+    }
+
+    bool number_float(number_float_t /*unused*/, const string_t& /*unused*/)
+    {
+        return true;
+    }
+
+    bool string(string_t& /*unused*/)
+    {
+        return true;
+    }
+
+    bool start_object(std::size_t  /*unused*/ = std::size_t(-1))
+    {
+        return true;
+    }
+
+    bool key(string_t& /*unused*/)
+    {
+        return true;
+    }
+
+    bool end_object()
+    {
+        return true;
+    }
+
+    bool start_array(std::size_t  /*unused*/ = std::size_t(-1))
+    {
+        return true;
+    }
+
+    bool end_array()
+    {
+        return true;
+    }
+
+    bool parse_error(std::size_t /*unused*/, const std::string& /*unused*/, const detail::exception& /*unused*/)
+    {
+        return false;
+    }
+};
+}  // namespace detail
+
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/input/lexer.hpp>
+
+// #include <nlohmann/detail/value_t.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+////////////
+// parser //
+////////////
+
+/*!
+@brief syntax analysis
+
+This class implements a recursive decent parser.
+*/
+template<typename BasicJsonType>
+class parser
+{
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+    using lexer_t = lexer<BasicJsonType>;
+    using token_type = typename lexer_t::token_type;
+
+  public:
+    enum class parse_event_t : uint8_t
+    {
+        /// the parser read `{` and started to process a JSON object
+        object_start,
+        /// the parser read `}` and finished processing a JSON object
+        object_end,
+        /// the parser read `[` and started to process a JSON array
+        array_start,
+        /// the parser read `]` and finished processing a JSON array
+        array_end,
+        /// the parser read a key of a value in an object
+        key,
+        /// the parser finished reading a JSON value
+        value
+    };
+
+    using parser_callback_t =
+        std::function<bool(int depth, parse_event_t event, BasicJsonType& parsed)>;
+
+    /// a parser reading from an input adapter
+    explicit parser(detail::input_adapter_t&& adapter,
+                    const parser_callback_t cb = nullptr,
+                    const bool allow_exceptions_ = true)
+        : callback(cb), m_lexer(std::move(adapter)), allow_exceptions(allow_exceptions_)
+    {
+        // read first token
+        get_token();
+    }
+
+    /*!
+    @brief public parser interface
+
+    @param[in] strict      whether to expect the last token to be EOF
+    @param[in,out] result  parsed JSON value
+
+    @throw parse_error.101 in case of an unexpected token
+    @throw parse_error.102 if to_unicode fails or surrogate error
+    @throw parse_error.103 if to_unicode fails
+    */
+    void parse(const bool strict, BasicJsonType& result)
+    {
+        if (callback)
+        {
+            json_sax_dom_callback_parser<BasicJsonType> sdp(result, callback, allow_exceptions);
+            sax_parse_internal(&sdp);
+            result.assert_invariant();
+
+            // in strict mode, input must be completely read
+            if (strict and (get_token() != token_type::end_of_input))
+            {
+                sdp.parse_error(m_lexer.get_position(),
+                                m_lexer.get_token_string(),
+                                parse_error::create(101, m_lexer.get_position(),
+                                                    exception_message(token_type::end_of_input, "value")));
+            }
+
+            // in case of an error, return discarded value
+            if (sdp.is_errored())
+            {
+                result = value_t::discarded;
+                return;
+            }
+
+            // set top-level value to null if it was discarded by the callback
+            // function
+            if (result.is_discarded())
+            {
+                result = nullptr;
+            }
+        }
+        else
+        {
+            json_sax_dom_parser<BasicJsonType> sdp(result, allow_exceptions);
+            sax_parse_internal(&sdp);
+            result.assert_invariant();
+
+            // in strict mode, input must be completely read
+            if (strict and (get_token() != token_type::end_of_input))
+            {
+                sdp.parse_error(m_lexer.get_position(),
+                                m_lexer.get_token_string(),
+                                parse_error::create(101, m_lexer.get_position(),
+                                                    exception_message(token_type::end_of_input, "value")));
+            }
+
+            // in case of an error, return discarded value
+            if (sdp.is_errored())
+            {
+                result = value_t::discarded;
+                return;
+            }
+        }
+    }
+
+    /*!
+    @brief public accept interface
+
+    @param[in] strict  whether to expect the last token to be EOF
+    @return whether the input is a proper JSON text
+    */
+    bool accept(const bool strict = true)
+    {
+        json_sax_acceptor<BasicJsonType> sax_acceptor;
+        return sax_parse(&sax_acceptor, strict);
+    }
+
+    template <typename SAX>
+    bool sax_parse(SAX* sax, const bool strict = true)
+    {
+        (void)detail::is_sax_static_asserts<SAX, BasicJsonType> {};
+        const bool result = sax_parse_internal(sax);
+
+        // strict mode: next byte must be EOF
+        if (result and strict and (get_token() != token_type::end_of_input))
+        {
+            return sax->parse_error(m_lexer.get_position(),
+                                    m_lexer.get_token_string(),
+                                    parse_error::create(101, m_lexer.get_position(),
+                                            exception_message(token_type::end_of_input, "value")));
+        }
+
+        return result;
+    }
+
+  private:
+    template <typename SAX>
+    bool sax_parse_internal(SAX* sax)
+    {
+        // stack to remember the hierarchy of structured values we are parsing
+        // true = array; false = object
+        std::vector<bool> states;
+        // value to avoid a goto (see comment where set to true)
+        bool skip_to_state_evaluation = false;
+
+        while (true)
+        {
+            if (not skip_to_state_evaluation)
+            {
+                // invariant: get_token() was called before each iteration
+                switch (last_token)
+                {
+                    case token_type::begin_object:
+                    {
+                        if (JSON_UNLIKELY(not sax->start_object(std::size_t(-1))))
+                        {
+                            return false;
+                        }
+
+                        // closing } -> we are done
+                        if (get_token() == token_type::end_object)
+                        {
+                            if (JSON_UNLIKELY(not sax->end_object()))
+                            {
+                                return false;
+                            }
+                            break;
+                        }
+
+                        // parse key
+                        if (JSON_UNLIKELY(last_token != token_type::value_string))
+                        {
+                            return sax->parse_error(m_lexer.get_position(),
+                                                    m_lexer.get_token_string(),
+                                                    parse_error::create(101, m_lexer.get_position(),
+                                                            exception_message(token_type::value_string, "object key")));
+                        }
+                        if (JSON_UNLIKELY(not sax->key(m_lexer.get_string())))
+                        {
+                            return false;
+                        }
+
+                        // parse separator (:)
+                        if (JSON_UNLIKELY(get_token() != token_type::name_separator))
+                        {
+                            return sax->parse_error(m_lexer.get_position(),
+                                                    m_lexer.get_token_string(),
+                                                    parse_error::create(101, m_lexer.get_position(),
+                                                            exception_message(token_type::name_separator, "object separator")));
+                        }
+
+                        // remember we are now inside an object
+                        states.push_back(false);
+
+                        // parse values
+                        get_token();
+                        continue;
+                    }
+
+                    case token_type::begin_array:
+                    {
+                        if (JSON_UNLIKELY(not sax->start_array(std::size_t(-1))))
+                        {
+                            return false;
+                        }
+
+                        // closing ] -> we are done
+                        if (get_token() == token_type::end_array)
+                        {
+                            if (JSON_UNLIKELY(not sax->end_array()))
+                            {
+                                return false;
+                            }
+                            break;
+                        }
+
+                        // remember we are now inside an array
+                        states.push_back(true);
+
+                        // parse values (no need to call get_token)
+                        continue;
+                    }
+
+                    case token_type::value_float:
+                    {
+                        const auto res = m_lexer.get_number_float();
+
+                        if (JSON_UNLIKELY(not std::isfinite(res)))
+                        {
+                            return sax->parse_error(m_lexer.get_position(),
+                                                    m_lexer.get_token_string(),
+                                                    out_of_range::create(406, "number overflow parsing '" + m_lexer.get_token_string() + "'"));
+                        }
+                        else
+                        {
+                            if (JSON_UNLIKELY(not sax->number_float(res, m_lexer.get_string())))
+                            {
+                                return false;
+                            }
+                            break;
+                        }
+                    }
+
+                    case token_type::literal_false:
+                    {
+                        if (JSON_UNLIKELY(not sax->boolean(false)))
+                        {
+                            return false;
+                        }
+                        break;
+                    }
+
+                    case token_type::literal_null:
+                    {
+                        if (JSON_UNLIKELY(not sax->null()))
+                        {
+                            return false;
+                        }
+                        break;
+                    }
+
+                    case token_type::literal_true:
+                    {
+                        if (JSON_UNLIKELY(not sax->boolean(true)))
+                        {
+                            return false;
+                        }
+                        break;
+                    }
+
+                    case token_type::value_integer:
+                    {
+                        if (JSON_UNLIKELY(not sax->number_integer(m_lexer.get_number_integer())))
+                        {
+                            return false;
+                        }
+                        break;
+                    }
+
+                    case token_type::value_string:
+                    {
+                        if (JSON_UNLIKELY(not sax->string(m_lexer.get_string())))
+                        {
+                            return false;
+                        }
+                        break;
+                    }
+
+                    case token_type::value_unsigned:
+                    {
+                        if (JSON_UNLIKELY(not sax->number_unsigned(m_lexer.get_number_unsigned())))
+                        {
+                            return false;
+                        }
+                        break;
+                    }
+
+                    case token_type::parse_error:
+                    {
+                        // using "uninitialized" to avoid "expected" message
+                        return sax->parse_error(m_lexer.get_position(),
+                                                m_lexer.get_token_string(),
+                                                parse_error::create(101, m_lexer.get_position(),
+                                                        exception_message(token_type::uninitialized, "value")));
+                    }
+
+                    default: // the last token was unexpected
+                    {
+                        return sax->parse_error(m_lexer.get_position(),
+                                                m_lexer.get_token_string(),
+                                                parse_error::create(101, m_lexer.get_position(),
+                                                        exception_message(token_type::literal_or_value, "value")));
+                    }
+                }
+            }
+            else
+            {
+                skip_to_state_evaluation = false;
+            }
+
+            // we reached this line after we successfully parsed a value
+            if (states.empty())
+            {
+                // empty stack: we reached the end of the hierarchy: done
+                return true;
+            }
+            else
+            {
+                if (states.back())  // array
+                {
+                    // comma -> next value
+                    if (get_token() == token_type::value_separator)
+                    {
+                        // parse a new value
+                        get_token();
+                        continue;
+                    }
+
+                    // closing ]
+                    if (JSON_LIKELY(last_token == token_type::end_array))
+                    {
+                        if (JSON_UNLIKELY(not sax->end_array()))
+                        {
+                            return false;
+                        }
+
+                        // We are done with this array. Before we can parse a
+                        // new value, we need to evaluate the new state first.
+                        // By setting skip_to_state_evaluation to false, we
+                        // are effectively jumping to the beginning of this if.
+                        assert(not states.empty());
+                        states.pop_back();
+                        skip_to_state_evaluation = true;
+                        continue;
+                    }
+                    else
+                    {
+                        return sax->parse_error(m_lexer.get_position(),
+                                                m_lexer.get_token_string(),
+                                                parse_error::create(101, m_lexer.get_position(),
+                                                        exception_message(token_type::end_array, "array")));
+                    }
+                }
+                else  // object
+                {
+                    // comma -> next value
+                    if (get_token() == token_type::value_separator)
+                    {
+                        // parse key
+                        if (JSON_UNLIKELY(get_token() != token_type::value_string))
+                        {
+                            return sax->parse_error(m_lexer.get_position(),
+                                                    m_lexer.get_token_string(),
+                                                    parse_error::create(101, m_lexer.get_position(),
+                                                            exception_message(token_type::value_string, "object key")));
+                        }
+                        else
+                        {
+                            if (JSON_UNLIKELY(not sax->key(m_lexer.get_string())))
+                            {
+                                return false;
+                            }
+                        }
+
+                        // parse separator (:)
+                        if (JSON_UNLIKELY(get_token() != token_type::name_separator))
+                        {
+                            return sax->parse_error(m_lexer.get_position(),
+                                                    m_lexer.get_token_string(),
+                                                    parse_error::create(101, m_lexer.get_position(),
+                                                            exception_message(token_type::name_separator, "object separator")));
+                        }
+
+                        // parse values
+                        get_token();
+                        continue;
+                    }
+
+                    // closing }
+                    if (JSON_LIKELY(last_token == token_type::end_object))
+                    {
+                        if (JSON_UNLIKELY(not sax->end_object()))
+                        {
+                            return false;
+                        }
+
+                        // We are done with this object. Before we can parse a
+                        // new value, we need to evaluate the new state first.
+                        // By setting skip_to_state_evaluation to false, we
+                        // are effectively jumping to the beginning of this if.
+                        assert(not states.empty());
+                        states.pop_back();
+                        skip_to_state_evaluation = true;
+                        continue;
+                    }
+                    else
+                    {
+                        return sax->parse_error(m_lexer.get_position(),
+                                                m_lexer.get_token_string(),
+                                                parse_error::create(101, m_lexer.get_position(),
+                                                        exception_message(token_type::end_object, "object")));
+                    }
+                }
+            }
+        }
+    }
+
+    /// get next token from lexer
+    token_type get_token()
+    {
+        return (last_token = m_lexer.scan());
+    }
+
+    std::string exception_message(const token_type expected, const std::string& context)
+    {
+        std::string error_msg = "syntax error ";
+
+        if (not context.empty())
+        {
+            error_msg += "while parsing " + context + " ";
+        }
+
+        error_msg += "- ";
+
+        if (last_token == token_type::parse_error)
+        {
+            error_msg += std::string(m_lexer.get_error_message()) + "; last read: '" +
+                         m_lexer.get_token_string() + "'";
+        }
+        else
+        {
+            error_msg += "unexpected " + std::string(lexer_t::token_type_name(last_token));
+        }
+
+        if (expected != token_type::uninitialized)
+        {
+            error_msg += "; expected " + std::string(lexer_t::token_type_name(expected));
+        }
+
+        return error_msg;
+    }
+
+  private:
+    /// callback function
+    const parser_callback_t callback = nullptr;
+    /// the type of the last read token
+    token_type last_token = token_type::uninitialized;
+    /// the lexer
+    lexer_t m_lexer;
+    /// whether to throw exceptions in case of errors
+    const bool allow_exceptions = true;
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/iterators/primitive_iterator.hpp>
+
+
+#include <cstddef> // ptrdiff_t
+#include <limits>  // numeric_limits
+
+namespace nlohmann
+{
+namespace detail
+{
+/*
+@brief an iterator for primitive JSON types
+
+This class models an iterator for primitive JSON types (boolean, number,
+string). It's only purpose is to allow the iterator/const_iterator classes
+to "iterate" over primitive values. Internally, the iterator is modeled by
+a `difference_type` variable. Value begin_value (`0`) models the begin,
+end_value (`1`) models past the end.
+*/
+class primitive_iterator_t
+{
+  private:
+    using difference_type = std::ptrdiff_t;
+    static constexpr difference_type begin_value = 0;
+    static constexpr difference_type end_value = begin_value + 1;
+
+    /// iterator as signed integer type
+    difference_type m_it = (std::numeric_limits<std::ptrdiff_t>::min)();
+
+  public:
+    constexpr difference_type get_value() const noexcept
+    {
+        return m_it;
+    }
+
+    /// set iterator to a defined beginning
+    void set_begin() noexcept
+    {
+        m_it = begin_value;
+    }
+
+    /// set iterator to a defined past the end
+    void set_end() noexcept
+    {
+        m_it = end_value;
+    }
+
+    /// return whether the iterator can be dereferenced
+    constexpr bool is_begin() const noexcept
+    {
+        return m_it == begin_value;
+    }
+
+    /// return whether the iterator is at end
+    constexpr bool is_end() const noexcept
+    {
+        return m_it == end_value;
+    }
+
+    friend constexpr bool operator==(primitive_iterator_t lhs, primitive_iterator_t rhs) noexcept
+    {
+        return lhs.m_it == rhs.m_it;
+    }
+
+    friend constexpr bool operator<(primitive_iterator_t lhs, primitive_iterator_t rhs) noexcept
+    {
+        return lhs.m_it < rhs.m_it;
+    }
+
+    primitive_iterator_t operator+(difference_type n) noexcept
+    {
+        auto result = *this;
+        result += n;
+        return result;
+    }
+
+    friend constexpr difference_type operator-(primitive_iterator_t lhs, primitive_iterator_t rhs) noexcept
+    {
+        return lhs.m_it - rhs.m_it;
+    }
+
+    primitive_iterator_t& operator++() noexcept
+    {
+        ++m_it;
+        return *this;
+    }
+
+    primitive_iterator_t const operator++(int) noexcept
+    {
+        auto result = *this;
+        ++m_it;
+        return result;
+    }
+
+    primitive_iterator_t& operator--() noexcept
+    {
+        --m_it;
+        return *this;
+    }
+
+    primitive_iterator_t const operator--(int) noexcept
+    {
+        auto result = *this;
+        --m_it;
+        return result;
+    }
+
+    primitive_iterator_t& operator+=(difference_type n) noexcept
+    {
+        m_it += n;
+        return *this;
+    }
+
+    primitive_iterator_t& operator-=(difference_type n) noexcept
+    {
+        m_it -= n;
+        return *this;
+    }
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/iterators/internal_iterator.hpp>
+
+
+// #include <nlohmann/detail/iterators/primitive_iterator.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+/*!
+@brief an iterator value
+
+@note This structure could easily be a union, but MSVC currently does not allow
+unions members with complex constructors, see https://github.com/nlohmann/json/pull/105.
+*/
+template<typename BasicJsonType> struct internal_iterator
+{
+    /// iterator for JSON objects
+    typename BasicJsonType::object_t::iterator object_iterator {};
+    /// iterator for JSON arrays
+    typename BasicJsonType::array_t::iterator array_iterator {};
+    /// generic iterator for all other types
+    primitive_iterator_t primitive_iterator {};
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/iterators/iter_impl.hpp>
+
+
+#include <ciso646> // not
+#include <iterator> // iterator, random_access_iterator_tag, bidirectional_iterator_tag, advance, next
+#include <type_traits> // conditional, is_const, remove_const
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+// #include <nlohmann/detail/iterators/internal_iterator.hpp>
+
+// #include <nlohmann/detail/iterators/primitive_iterator.hpp>
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+// #include <nlohmann/detail/meta/cpp_future.hpp>
+
+// #include <nlohmann/detail/value_t.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+// forward declare, to be able to friend it later on
+template<typename IteratorType> class iteration_proxy;
+template<typename IteratorType> class iteration_proxy_value;
+
+/*!
+@brief a template for a bidirectional iterator for the @ref basic_json class
+This class implements a both iterators (iterator and const_iterator) for the
+@ref basic_json class.
+@note An iterator is called *initialized* when a pointer to a JSON value has
+      been set (e.g., by a constructor or a copy assignment). If the iterator is
+      default-constructed, it is *uninitialized* and most methods are undefined.
+      **The library uses assertions to detect calls on uninitialized iterators.**
+@requirement The class satisfies the following concept requirements:
+-
+[BidirectionalIterator](https://en.cppreference.com/w/cpp/named_req/BidirectionalIterator):
+  The iterator that can be moved can be moved in both directions (i.e.
+  incremented and decremented).
+@since version 1.0.0, simplified in version 2.0.9, change to bidirectional
+       iterators in version 3.0.0 (see https://github.com/nlohmann/json/issues/593)
+*/
+template<typename BasicJsonType>
+class iter_impl
+{
+    /// allow basic_json to access private members
+    friend iter_impl<typename std::conditional<std::is_const<BasicJsonType>::value, typename std::remove_const<BasicJsonType>::type, const BasicJsonType>::type>;
+    friend BasicJsonType;
+    friend iteration_proxy<iter_impl>;
+    friend iteration_proxy_value<iter_impl>;
+
+    using object_t = typename BasicJsonType::object_t;
+    using array_t = typename BasicJsonType::array_t;
+    // make sure BasicJsonType is basic_json or const basic_json
+    static_assert(is_basic_json<typename std::remove_const<BasicJsonType>::type>::value,
+                  "iter_impl only accepts (const) basic_json");
+
+  public:
+
+    /// The std::iterator class template (used as a base class to provide typedefs) is deprecated in C++17.
+    /// The C++ Standard has never required user-defined iterators to derive from std::iterator.
+    /// A user-defined iterator should provide publicly accessible typedefs named
+    /// iterator_category, value_type, difference_type, pointer, and reference.
+    /// Note that value_type is required to be non-const, even for constant iterators.
+    using iterator_category = std::bidirectional_iterator_tag;
+
+    /// the type of the values when the iterator is dereferenced
+    using value_type = typename BasicJsonType::value_type;
+    /// a type to represent differences between iterators
+    using difference_type = typename BasicJsonType::difference_type;
+    /// defines a pointer to the type iterated over (value_type)
+    using pointer = typename std::conditional<std::is_const<BasicJsonType>::value,
+          typename BasicJsonType::const_pointer,
+          typename BasicJsonType::pointer>::type;
+    /// defines a reference to the type iterated over (value_type)
+    using reference =
+        typename std::conditional<std::is_const<BasicJsonType>::value,
+        typename BasicJsonType::const_reference,
+        typename BasicJsonType::reference>::type;
+
+    /// default constructor
+    iter_impl() = default;
+
+    /*!
+    @brief constructor for a given JSON instance
+    @param[in] object  pointer to a JSON object for this iterator
+    @pre object != nullptr
+    @post The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    explicit iter_impl(pointer object) noexcept : m_object(object)
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+            {
+                m_it.object_iterator = typename object_t::iterator();
+                break;
+            }
+
+            case value_t::array:
+            {
+                m_it.array_iterator = typename array_t::iterator();
+                break;
+            }
+
+            default:
+            {
+                m_it.primitive_iterator = primitive_iterator_t();
+                break;
+            }
+        }
+    }
+
+    /*!
+    @note The conventional copy constructor and copy assignment are implicitly
+          defined. Combined with the following converting constructor and
+          assignment, they support: (1) copy from iterator to iterator, (2)
+          copy from const iterator to const iterator, and (3) conversion from
+          iterator to const iterator. However conversion from const iterator
+          to iterator is not defined.
+    */
+
+    /*!
+    @brief converting constructor
+    @param[in] other  non-const iterator to copy from
+    @note It is not checked whether @a other is initialized.
+    */
+    iter_impl(const iter_impl<typename std::remove_const<BasicJsonType>::type>& other) noexcept
+        : m_object(other.m_object), m_it(other.m_it) {}
+
+    /*!
+    @brief converting assignment
+    @param[in,out] other  non-const iterator to copy from
+    @return const/non-const iterator
+    @note It is not checked whether @a other is initialized.
+    */
+    iter_impl& operator=(const iter_impl<typename std::remove_const<BasicJsonType>::type>& other) noexcept
+    {
+        m_object = other.m_object;
+        m_it = other.m_it;
+        return *this;
+    }
+
+  private:
+    /*!
+    @brief set the iterator to the first value
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    void set_begin() noexcept
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+            {
+                m_it.object_iterator = m_object->m_value.object->begin();
+                break;
+            }
+
+            case value_t::array:
+            {
+                m_it.array_iterator = m_object->m_value.array->begin();
+                break;
+            }
+
+            case value_t::null:
+            {
+                // set to end so begin()==end() is true: null is empty
+                m_it.primitive_iterator.set_end();
+                break;
+            }
+
+            default:
+            {
+                m_it.primitive_iterator.set_begin();
+                break;
+            }
+        }
+    }
+
+    /*!
+    @brief set the iterator past the last value
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    void set_end() noexcept
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+            {
+                m_it.object_iterator = m_object->m_value.object->end();
+                break;
+            }
+
+            case value_t::array:
+            {
+                m_it.array_iterator = m_object->m_value.array->end();
+                break;
+            }
+
+            default:
+            {
+                m_it.primitive_iterator.set_end();
+                break;
+            }
+        }
+    }
+
+  public:
+    /*!
+    @brief return a reference to the value pointed to by the iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    reference operator*() const
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+            {
+                assert(m_it.object_iterator != m_object->m_value.object->end());
+                return m_it.object_iterator->second;
+            }
+
+            case value_t::array:
+            {
+                assert(m_it.array_iterator != m_object->m_value.array->end());
+                return *m_it.array_iterator;
+            }
+
+            case value_t::null:
+                JSON_THROW(invalid_iterator::create(214, "cannot get value"));
+
+            default:
+            {
+                if (JSON_LIKELY(m_it.primitive_iterator.is_begin()))
+                {
+                    return *m_object;
+                }
+
+                JSON_THROW(invalid_iterator::create(214, "cannot get value"));
+            }
+        }
+    }
+
+    /*!
+    @brief dereference the iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    pointer operator->() const
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+            {
+                assert(m_it.object_iterator != m_object->m_value.object->end());
+                return &(m_it.object_iterator->second);
+            }
+
+            case value_t::array:
+            {
+                assert(m_it.array_iterator != m_object->m_value.array->end());
+                return &*m_it.array_iterator;
+            }
+
+            default:
+            {
+                if (JSON_LIKELY(m_it.primitive_iterator.is_begin()))
+                {
+                    return m_object;
+                }
+
+                JSON_THROW(invalid_iterator::create(214, "cannot get value"));
+            }
+        }
+    }
+
+    /*!
+    @brief post-increment (it++)
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl const operator++(int)
+    {
+        auto result = *this;
+        ++(*this);
+        return result;
+    }
+
+    /*!
+    @brief pre-increment (++it)
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl& operator++()
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+            {
+                std::advance(m_it.object_iterator, 1);
+                break;
+            }
+
+            case value_t::array:
+            {
+                std::advance(m_it.array_iterator, 1);
+                break;
+            }
+
+            default:
+            {
+                ++m_it.primitive_iterator;
+                break;
+            }
+        }
+
+        return *this;
+    }
+
+    /*!
+    @brief post-decrement (it--)
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl const operator--(int)
+    {
+        auto result = *this;
+        --(*this);
+        return result;
+    }
+
+    /*!
+    @brief pre-decrement (--it)
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl& operator--()
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+            {
+                std::advance(m_it.object_iterator, -1);
+                break;
+            }
+
+            case value_t::array:
+            {
+                std::advance(m_it.array_iterator, -1);
+                break;
+            }
+
+            default:
+            {
+                --m_it.primitive_iterator;
+                break;
+            }
+        }
+
+        return *this;
+    }
+
+    /*!
+    @brief  comparison: equal
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    bool operator==(const iter_impl& other) const
+    {
+        // if objects are not the same, the comparison is undefined
+        if (JSON_UNLIKELY(m_object != other.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(212, "cannot compare iterators of different containers"));
+        }
+
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+                return (m_it.object_iterator == other.m_it.object_iterator);
+
+            case value_t::array:
+                return (m_it.array_iterator == other.m_it.array_iterator);
+
+            default:
+                return (m_it.primitive_iterator == other.m_it.primitive_iterator);
+        }
+    }
+
+    /*!
+    @brief  comparison: not equal
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    bool operator!=(const iter_impl& other) const
+    {
+        return not operator==(other);
+    }
+
+    /*!
+    @brief  comparison: smaller
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    bool operator<(const iter_impl& other) const
+    {
+        // if objects are not the same, the comparison is undefined
+        if (JSON_UNLIKELY(m_object != other.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(212, "cannot compare iterators of different containers"));
+        }
+
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+                JSON_THROW(invalid_iterator::create(213, "cannot compare order of object iterators"));
+
+            case value_t::array:
+                return (m_it.array_iterator < other.m_it.array_iterator);
+
+            default:
+                return (m_it.primitive_iterator < other.m_it.primitive_iterator);
+        }
+    }
+
+    /*!
+    @brief  comparison: less than or equal
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    bool operator<=(const iter_impl& other) const
+    {
+        return not other.operator < (*this);
+    }
+
+    /*!
+    @brief  comparison: greater than
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    bool operator>(const iter_impl& other) const
+    {
+        return not operator<=(other);
+    }
+
+    /*!
+    @brief  comparison: greater than or equal
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    bool operator>=(const iter_impl& other) const
+    {
+        return not operator<(other);
+    }
+
+    /*!
+    @brief  add to iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl& operator+=(difference_type i)
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+                JSON_THROW(invalid_iterator::create(209, "cannot use offsets with object iterators"));
+
+            case value_t::array:
+            {
+                std::advance(m_it.array_iterator, i);
+                break;
+            }
+
+            default:
+            {
+                m_it.primitive_iterator += i;
+                break;
+            }
+        }
+
+        return *this;
+    }
+
+    /*!
+    @brief  subtract from iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl& operator-=(difference_type i)
+    {
+        return operator+=(-i);
+    }
+
+    /*!
+    @brief  add to iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl operator+(difference_type i) const
+    {
+        auto result = *this;
+        result += i;
+        return result;
+    }
+
+    /*!
+    @brief  addition of distance and iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    friend iter_impl operator+(difference_type i, const iter_impl& it)
+    {
+        auto result = it;
+        result += i;
+        return result;
+    }
+
+    /*!
+    @brief  subtract from iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    iter_impl operator-(difference_type i) const
+    {
+        auto result = *this;
+        result -= i;
+        return result;
+    }
+
+    /*!
+    @brief  return difference
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    difference_type operator-(const iter_impl& other) const
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+                JSON_THROW(invalid_iterator::create(209, "cannot use offsets with object iterators"));
+
+            case value_t::array:
+                return m_it.array_iterator - other.m_it.array_iterator;
+
+            default:
+                return m_it.primitive_iterator - other.m_it.primitive_iterator;
+        }
+    }
+
+    /*!
+    @brief  access to successor
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    reference operator[](difference_type n) const
+    {
+        assert(m_object != nullptr);
+
+        switch (m_object->m_type)
+        {
+            case value_t::object:
+                JSON_THROW(invalid_iterator::create(208, "cannot use operator[] for object iterators"));
+
+            case value_t::array:
+                return *std::next(m_it.array_iterator, n);
+
+            case value_t::null:
+                JSON_THROW(invalid_iterator::create(214, "cannot get value"));
+
+            default:
+            {
+                if (JSON_LIKELY(m_it.primitive_iterator.get_value() == -n))
+                {
+                    return *m_object;
+                }
+
+                JSON_THROW(invalid_iterator::create(214, "cannot get value"));
+            }
+        }
+    }
+
+    /*!
+    @brief  return the key of an object iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    const typename object_t::key_type& key() const
+    {
+        assert(m_object != nullptr);
+
+        if (JSON_LIKELY(m_object->is_object()))
+        {
+            return m_it.object_iterator->first;
+        }
+
+        JSON_THROW(invalid_iterator::create(207, "cannot use key() for non-object iterators"));
+    }
+
+    /*!
+    @brief  return the value of an iterator
+    @pre The iterator is initialized; i.e. `m_object != nullptr`.
+    */
+    reference value() const
+    {
+        return operator*();
+    }
+
+  private:
+    /// associated JSON instance
+    pointer m_object = nullptr;
+    /// the actual iterator of the associated instance
+    internal_iterator<typename std::remove_const<BasicJsonType>::type> m_it;
+};
+}  // namespace detail
+} // namespace nlohmann
+// #include <nlohmann/detail/iterators/iteration_proxy.hpp>
+
+// #include <nlohmann/detail/iterators/json_reverse_iterator.hpp>
+
+
+#include <cstddef> // ptrdiff_t
+#include <iterator> // reverse_iterator
+#include <utility> // declval
+
+namespace nlohmann
+{
+namespace detail
+{
+//////////////////////
+// reverse_iterator //
+//////////////////////
+
+/*!
+@brief a template for a reverse iterator class
+
+@tparam Base the base iterator type to reverse. Valid types are @ref
+iterator (to create @ref reverse_iterator) and @ref const_iterator (to
+create @ref const_reverse_iterator).
+
+@requirement The class satisfies the following concept requirements:
+-
+[BidirectionalIterator](https://en.cppreference.com/w/cpp/named_req/BidirectionalIterator):
+  The iterator that can be moved can be moved in both directions (i.e.
+  incremented and decremented).
+- [OutputIterator](https://en.cppreference.com/w/cpp/named_req/OutputIterator):
+  It is possible to write to the pointed-to element (only if @a Base is
+  @ref iterator).
+
+@since version 1.0.0
+*/
+template<typename Base>
+class json_reverse_iterator : public std::reverse_iterator<Base>
+{
+  public:
+    using difference_type = std::ptrdiff_t;
+    /// shortcut to the reverse iterator adapter
+    using base_iterator = std::reverse_iterator<Base>;
+    /// the reference type for the pointed-to element
+    using reference = typename Base::reference;
+
+    /// create reverse iterator from iterator
+    explicit json_reverse_iterator(const typename base_iterator::iterator_type& it) noexcept
+        : base_iterator(it) {}
+
+    /// create reverse iterator from base class
+    explicit json_reverse_iterator(const base_iterator& it) noexcept : base_iterator(it) {}
+
+    /// post-increment (it++)
+    json_reverse_iterator const operator++(int)
+    {
+        return static_cast<json_reverse_iterator>(base_iterator::operator++(1));
+    }
+
+    /// pre-increment (++it)
+    json_reverse_iterator& operator++()
+    {
+        return static_cast<json_reverse_iterator&>(base_iterator::operator++());
+    }
+
+    /// post-decrement (it--)
+    json_reverse_iterator const operator--(int)
+    {
+        return static_cast<json_reverse_iterator>(base_iterator::operator--(1));
+    }
+
+    /// pre-decrement (--it)
+    json_reverse_iterator& operator--()
+    {
+        return static_cast<json_reverse_iterator&>(base_iterator::operator--());
+    }
+
+    /// add to iterator
+    json_reverse_iterator& operator+=(difference_type i)
+    {
+        return static_cast<json_reverse_iterator&>(base_iterator::operator+=(i));
+    }
+
+    /// add to iterator
+    json_reverse_iterator operator+(difference_type i) const
+    {
+        return static_cast<json_reverse_iterator>(base_iterator::operator+(i));
+    }
+
+    /// subtract from iterator
+    json_reverse_iterator operator-(difference_type i) const
+    {
+        return static_cast<json_reverse_iterator>(base_iterator::operator-(i));
+    }
+
+    /// return difference
+    difference_type operator-(const json_reverse_iterator& other) const
+    {
+        return base_iterator(*this) - base_iterator(other);
+    }
+
+    /// access to successor
+    reference operator[](difference_type n) const
+    {
+        return *(this->operator+(n));
+    }
+
+    /// return the key of an object iterator
+    auto key() const -> decltype(std::declval<Base>().key())
+    {
+        auto it = --this->base();
+        return it.key();
+    }
+
+    /// return the value of an iterator
+    reference value() const
+    {
+        auto it = --this->base();
+        return it.operator * ();
+    }
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/output/output_adapters.hpp>
+
+
+#include <algorithm> // copy
+#include <cstddef> // size_t
+#include <ios> // streamsize
+#include <iterator> // back_inserter
+#include <memory> // shared_ptr, make_shared
+#include <ostream> // basic_ostream
+#include <string> // basic_string
+#include <vector> // vector
+
+namespace nlohmann
+{
+namespace detail
+{
+/// abstract output adapter interface
+template<typename CharType> struct output_adapter_protocol
+{
+    virtual void write_character(CharType c) = 0;
+    virtual void write_characters(const CharType* s, std::size_t length) = 0;
+    virtual ~output_adapter_protocol() = default;
+};
+
+/// a type to simplify interfaces
+template<typename CharType>
+using output_adapter_t = std::shared_ptr<output_adapter_protocol<CharType>>;
+
+/// output adapter for byte vectors
+template<typename CharType>
+class output_vector_adapter : public output_adapter_protocol<CharType>
+{
+  public:
+    explicit output_vector_adapter(std::vector<CharType>& vec) noexcept
+        : v(vec)
+    {}
+
+    void write_character(CharType c) override
+    {
+        v.push_back(c);
+    }
+
+    void write_characters(const CharType* s, std::size_t length) override
+    {
+        std::copy(s, s + length, std::back_inserter(v));
+    }
+
+  private:
+    std::vector<CharType>& v;
+};
+
+/// output adapter for output streams
+template<typename CharType>
+class output_stream_adapter : public output_adapter_protocol<CharType>
+{
+  public:
+    explicit output_stream_adapter(std::basic_ostream<CharType>& s) noexcept
+        : stream(s)
+    {}
+
+    void write_character(CharType c) override
+    {
+        stream.put(c);
+    }
+
+    void write_characters(const CharType* s, std::size_t length) override
+    {
+        stream.write(s, static_cast<std::streamsize>(length));
+    }
+
+  private:
+    std::basic_ostream<CharType>& stream;
+};
+
+/// output adapter for basic_string
+template<typename CharType, typename StringType = std::basic_string<CharType>>
+class output_string_adapter : public output_adapter_protocol<CharType>
+{
+  public:
+    explicit output_string_adapter(StringType& s) noexcept
+        : str(s)
+    {}
+
+    void write_character(CharType c) override
+    {
+        str.push_back(c);
+    }
+
+    void write_characters(const CharType* s, std::size_t length) override
+    {
+        str.append(s, length);
+    }
+
+  private:
+    StringType& str;
+};
+
+template<typename CharType, typename StringType = std::basic_string<CharType>>
+class output_adapter
+{
+  public:
+    output_adapter(std::vector<CharType>& vec)
+        : oa(std::make_shared<output_vector_adapter<CharType>>(vec)) {}
+
+    output_adapter(std::basic_ostream<CharType>& s)
+        : oa(std::make_shared<output_stream_adapter<CharType>>(s)) {}
+
+    output_adapter(StringType& s)
+        : oa(std::make_shared<output_string_adapter<CharType, StringType>>(s)) {}
+
+    operator output_adapter_t<CharType>()
+    {
+        return oa;
+    }
+
+  private:
+    output_adapter_t<CharType> oa = nullptr;
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/input/binary_reader.hpp>
+
+
+#include <algorithm> // generate_n
+#include <array> // array
+#include <cassert> // assert
+#include <cmath> // ldexp
+#include <cstddef> // size_t
+#include <cstdint> // uint8_t, uint16_t, uint32_t, uint64_t
+#include <cstdio> // snprintf
+#include <cstring> // memcpy
+#include <iterator> // back_inserter
+#include <limits> // numeric_limits
+#include <string> // char_traits, string
+#include <utility> // make_pair, move
+
+// #include <nlohmann/detail/input/input_adapters.hpp>
+
+// #include <nlohmann/detail/input/json_sax.hpp>
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+// #include <nlohmann/detail/meta/is_sax.hpp>
+
+// #include <nlohmann/detail/value_t.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+///////////////////
+// binary reader //
+///////////////////
+
+/*!
+@brief deserialization of CBOR, MessagePack, and UBJSON values
+*/
+template<typename BasicJsonType, typename SAX = json_sax_dom_parser<BasicJsonType>>
+class binary_reader
+{
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using string_t = typename BasicJsonType::string_t;
+    using json_sax_t = SAX;
+
+  public:
+    /*!
+    @brief create a binary reader
+
+    @param[in] adapter  input adapter to read from
+    */
+    explicit binary_reader(input_adapter_t adapter) : ia(std::move(adapter))
+    {
+        (void)detail::is_sax_static_asserts<SAX, BasicJsonType> {};
+        assert(ia);
+    }
+
+    /*!
+    @param[in] format  the binary format to parse
+    @param[in] sax_    a SAX event processor
+    @param[in] strict  whether to expect the input to be consumed completed
+
+    @return
+    */
+    bool sax_parse(const input_format_t format,
+                   json_sax_t* sax_,
+                   const bool strict = true)
+    {
+        sax = sax_;
+        bool result = false;
+
+        switch (format)
+        {
+            case input_format_t::bson:
+                result = parse_bson_internal();
+                break;
+
+            case input_format_t::cbor:
+                result = parse_cbor_internal();
+                break;
+
+            case input_format_t::msgpack:
+                result = parse_msgpack_internal();
+                break;
+
+            case input_format_t::ubjson:
+                result = parse_ubjson_internal();
+                break;
+
+            // LCOV_EXCL_START
+            default:
+                assert(false);
+                // LCOV_EXCL_STOP
+        }
+
+        // strict mode: next byte must be EOF
+        if (result and strict)
+        {
+            if (format == input_format_t::ubjson)
+            {
+                get_ignore_noop();
+            }
+            else
+            {
+                get();
+            }
+
+            if (JSON_UNLIKELY(current != std::char_traits<char>::eof()))
+            {
+                return sax->parse_error(chars_read, get_token_string(),
+                                        parse_error::create(110, chars_read, exception_message(format, "expected end of input; last byte: 0x" + get_token_string(), "value")));
+            }
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief determine system byte order
+
+    @return true if and only if system's byte order is little endian
+
+    @note from http://stackoverflow.com/a/1001328/266378
+    */
+    static constexpr bool little_endianess(int num = 1) noexcept
+    {
+        return (*reinterpret_cast<char*>(&num) == 1);
+    }
+
+  private:
+    //////////
+    // BSON //
+    //////////
+
+    /*!
+    @brief Reads in a BSON-object and passes it to the SAX-parser.
+    @return whether a valid BSON-value was passed to the SAX parser
+    */
+    bool parse_bson_internal()
+    {
+        std::int32_t document_size;
+        get_number<std::int32_t, true>(input_format_t::bson, document_size);
+
+        if (JSON_UNLIKELY(not sax->start_object(std::size_t(-1))))
+        {
+            return false;
+        }
+
+        if (JSON_UNLIKELY(not parse_bson_element_list(/*is_array*/false)))
+        {
+            return false;
+        }
+
+        return sax->end_object();
+    }
+
+    /*!
+    @brief Parses a C-style string from the BSON input.
+    @param[in, out] result  A reference to the string variable where the read
+                            string is to be stored.
+    @return `true` if the \x00-byte indicating the end of the string was
+             encountered before the EOF; false` indicates an unexpected EOF.
+    */
+    bool get_bson_cstr(string_t& result)
+    {
+        auto out = std::back_inserter(result);
+        while (true)
+        {
+            get();
+            if (JSON_UNLIKELY(not unexpect_eof(input_format_t::bson, "cstring")))
+            {
+                return false;
+            }
+            if (current == 0x00)
+            {
+                return true;
+            }
+            *out++ = static_cast<char>(current);
+        }
+
+        return true;
+    }
+
+    /*!
+    @brief Parses a zero-terminated string of length @a len from the BSON
+           input.
+    @param[in] len  The length (including the zero-byte at the end) of the
+                    string to be read.
+    @param[in, out] result  A reference to the string variable where the read
+                            string is to be stored.
+    @tparam NumberType The type of the length @a len
+    @pre len >= 1
+    @return `true` if the string was successfully parsed
+    */
+    template<typename NumberType>
+    bool get_bson_string(const NumberType len, string_t& result)
+    {
+        if (JSON_UNLIKELY(len < 1))
+        {
+            auto last_token = get_token_string();
+            return sax->parse_error(chars_read, last_token, parse_error::create(112, chars_read, exception_message(input_format_t::bson, "string length must be at least 1, is " + std::to_string(len), "string")));
+        }
+
+        return get_string(input_format_t::bson, len - static_cast<NumberType>(1), result) and get() != std::char_traits<char>::eof();
+    }
+
+    /*!
+    @brief Read a BSON document element of the given @a element_type.
+    @param[in] element_type The BSON element type, c.f. http://bsonspec.org/spec.html
+    @param[in] element_type_parse_position The position in the input stream,
+               where the `element_type` was read.
+    @warning Not all BSON element types are supported yet. An unsupported
+             @a element_type will give rise to a parse_error.114:
+             Unsupported BSON record type 0x...
+    @return whether a valid BSON-object/array was passed to the SAX parser
+    */
+    bool parse_bson_element_internal(const int element_type,
+                                     const std::size_t element_type_parse_position)
+    {
+        switch (element_type)
+        {
+            case 0x01: // double
+            {
+                double number;
+                return get_number<double, true>(input_format_t::bson, number) and sax->number_float(static_cast<number_float_t>(number), "");
+            }
+
+            case 0x02: // string
+            {
+                std::int32_t len;
+                string_t value;
+                return get_number<std::int32_t, true>(input_format_t::bson, len) and get_bson_string(len, value) and sax->string(value);
+            }
+
+            case 0x03: // object
+            {
+                return parse_bson_internal();
+            }
+
+            case 0x04: // array
+            {
+                return parse_bson_array();
+            }
+
+            case 0x08: // boolean
+            {
+                return sax->boolean(get() != 0);
+            }
+
+            case 0x0A: // null
+            {
+                return sax->null();
+            }
+
+            case 0x10: // int32
+            {
+                std::int32_t value;
+                return get_number<std::int32_t, true>(input_format_t::bson, value) and sax->number_integer(value);
+            }
+
+            case 0x12: // int64
+            {
+                std::int64_t value;
+                return get_number<std::int64_t, true>(input_format_t::bson, value) and sax->number_integer(value);
+            }
+
+            default: // anything else not supported (yet)
+            {
+                char cr[3];
+                (std::snprintf)(cr, sizeof(cr), "%.2hhX", static_cast<unsigned char>(element_type));
+                return sax->parse_error(element_type_parse_position, std::string(cr), parse_error::create(114, element_type_parse_position, "Unsupported BSON record type 0x" + std::string(cr)));
+            }
+        }
+    }
+
+    /*!
+    @brief Read a BSON element list (as specified in the BSON-spec)
+
+    The same binary layout is used for objects and arrays, hence it must be
+    indicated with the argument @a is_array which one is expected
+    (true --> array, false --> object).
+
+    @param[in] is_array Determines if the element list being read is to be
+                        treated as an object (@a is_array == false), or as an
+                        array (@a is_array == true).
+    @return whether a valid BSON-object/array was passed to the SAX parser
+    */
+    bool parse_bson_element_list(const bool is_array)
+    {
+        string_t key;
+        while (int element_type = get())
+        {
+            if (JSON_UNLIKELY(not unexpect_eof(input_format_t::bson, "element list")))
+            {
+                return false;
+            }
+
+            const std::size_t element_type_parse_position = chars_read;
+            if (JSON_UNLIKELY(not get_bson_cstr(key)))
+            {
+                return false;
+            }
+
+            if (not is_array)
+            {
+                if (not sax->key(key))
+                {
+                    return false;
+                }
+            }
+
+            if (JSON_UNLIKELY(not parse_bson_element_internal(element_type, element_type_parse_position)))
+            {
+                return false;
+            }
+
+            // get_bson_cstr only appends
+            key.clear();
+        }
+
+        return true;
+    }
+
+    /*!
+    @brief Reads an array from the BSON input and passes it to the SAX-parser.
+    @return whether a valid BSON-array was passed to the SAX parser
+    */
+    bool parse_bson_array()
+    {
+        std::int32_t document_size;
+        get_number<std::int32_t, true>(input_format_t::bson, document_size);
+
+        if (JSON_UNLIKELY(not sax->start_array(std::size_t(-1))))
+        {
+            return false;
+        }
+
+        if (JSON_UNLIKELY(not parse_bson_element_list(/*is_array*/true)))
+        {
+            return false;
+        }
+
+        return sax->end_array();
+    }
+
+    //////////
+    // CBOR //
+    //////////
+
+    /*!
+    @param[in] get_char  whether a new character should be retrieved from the
+                         input (true, default) or whether the last read
+                         character should be considered instead
+
+    @return whether a valid CBOR value was passed to the SAX parser
+    */
+    bool parse_cbor_internal(const bool get_char = true)
+    {
+        switch (get_char ? get() : current)
+        {
+            // EOF
+            case std::char_traits<char>::eof():
+                return unexpect_eof(input_format_t::cbor, "value");
+
+            // Integer 0x00..0x17 (0..23)
+            case 0x00:
+            case 0x01:
+            case 0x02:
+            case 0x03:
+            case 0x04:
+            case 0x05:
+            case 0x06:
+            case 0x07:
+            case 0x08:
+            case 0x09:
+            case 0x0A:
+            case 0x0B:
+            case 0x0C:
+            case 0x0D:
+            case 0x0E:
+            case 0x0F:
+            case 0x10:
+            case 0x11:
+            case 0x12:
+            case 0x13:
+            case 0x14:
+            case 0x15:
+            case 0x16:
+            case 0x17:
+                return sax->number_unsigned(static_cast<number_unsigned_t>(current));
+
+            case 0x18: // Unsigned integer (one-byte uint8_t follows)
+            {
+                uint8_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_unsigned(number);
+            }
+
+            case 0x19: // Unsigned integer (two-byte uint16_t follows)
+            {
+                uint16_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_unsigned(number);
+            }
+
+            case 0x1A: // Unsigned integer (four-byte uint32_t follows)
+            {
+                uint32_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_unsigned(number);
+            }
+
+            case 0x1B: // Unsigned integer (eight-byte uint64_t follows)
+            {
+                uint64_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_unsigned(number);
+            }
+
+            // Negative integer -1-0x00..-1-0x17 (-1..-24)
+            case 0x20:
+            case 0x21:
+            case 0x22:
+            case 0x23:
+            case 0x24:
+            case 0x25:
+            case 0x26:
+            case 0x27:
+            case 0x28:
+            case 0x29:
+            case 0x2A:
+            case 0x2B:
+            case 0x2C:
+            case 0x2D:
+            case 0x2E:
+            case 0x2F:
+            case 0x30:
+            case 0x31:
+            case 0x32:
+            case 0x33:
+            case 0x34:
+            case 0x35:
+            case 0x36:
+            case 0x37:
+                return sax->number_integer(static_cast<int8_t>(0x20 - 1 - current));
+
+            case 0x38: // Negative integer (one-byte uint8_t follows)
+            {
+                uint8_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_integer(static_cast<number_integer_t>(-1) - number);
+            }
+
+            case 0x39: // Negative integer -1-n (two-byte uint16_t follows)
+            {
+                uint16_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_integer(static_cast<number_integer_t>(-1) - number);
+            }
+
+            case 0x3A: // Negative integer -1-n (four-byte uint32_t follows)
+            {
+                uint32_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_integer(static_cast<number_integer_t>(-1) - number);
+            }
+
+            case 0x3B: // Negative integer -1-n (eight-byte uint64_t follows)
+            {
+                uint64_t number;
+                return get_number(input_format_t::cbor, number) and sax->number_integer(static_cast<number_integer_t>(-1)
+                        - static_cast<number_integer_t>(number));
+            }
+
+            // UTF-8 string (0x00..0x17 bytes follow)
+            case 0x60:
+            case 0x61:
+            case 0x62:
+            case 0x63:
+            case 0x64:
+            case 0x65:
+            case 0x66:
+            case 0x67:
+            case 0x68:
+            case 0x69:
+            case 0x6A:
+            case 0x6B:
+            case 0x6C:
+            case 0x6D:
+            case 0x6E:
+            case 0x6F:
+            case 0x70:
+            case 0x71:
+            case 0x72:
+            case 0x73:
+            case 0x74:
+            case 0x75:
+            case 0x76:
+            case 0x77:
+            case 0x78: // UTF-8 string (one-byte uint8_t for n follows)
+            case 0x79: // UTF-8 string (two-byte uint16_t for n follow)
+            case 0x7A: // UTF-8 string (four-byte uint32_t for n follow)
+            case 0x7B: // UTF-8 string (eight-byte uint64_t for n follow)
+            case 0x7F: // UTF-8 string (indefinite length)
+            {
+                string_t s;
+                return get_cbor_string(s) and sax->string(s);
+            }
+
+            // array (0x00..0x17 data items follow)
+            case 0x80:
+            case 0x81:
+            case 0x82:
+            case 0x83:
+            case 0x84:
+            case 0x85:
+            case 0x86:
+            case 0x87:
+            case 0x88:
+            case 0x89:
+            case 0x8A:
+            case 0x8B:
+            case 0x8C:
+            case 0x8D:
+            case 0x8E:
+            case 0x8F:
+            case 0x90:
+            case 0x91:
+            case 0x92:
+            case 0x93:
+            case 0x94:
+            case 0x95:
+            case 0x96:
+            case 0x97:
+                return get_cbor_array(static_cast<std::size_t>(current & 0x1F));
+
+            case 0x98: // array (one-byte uint8_t for n follows)
+            {
+                uint8_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_array(static_cast<std::size_t>(len));
+            }
+
+            case 0x99: // array (two-byte uint16_t for n follow)
+            {
+                uint16_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_array(static_cast<std::size_t>(len));
+            }
+
+            case 0x9A: // array (four-byte uint32_t for n follow)
+            {
+                uint32_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_array(static_cast<std::size_t>(len));
+            }
+
+            case 0x9B: // array (eight-byte uint64_t for n follow)
+            {
+                uint64_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_array(static_cast<std::size_t>(len));
+            }
+
+            case 0x9F: // array (indefinite length)
+                return get_cbor_array(std::size_t(-1));
+
+            // map (0x00..0x17 pairs of data items follow)
+            case 0xA0:
+            case 0xA1:
+            case 0xA2:
+            case 0xA3:
+            case 0xA4:
+            case 0xA5:
+            case 0xA6:
+            case 0xA7:
+            case 0xA8:
+            case 0xA9:
+            case 0xAA:
+            case 0xAB:
+            case 0xAC:
+            case 0xAD:
+            case 0xAE:
+            case 0xAF:
+            case 0xB0:
+            case 0xB1:
+            case 0xB2:
+            case 0xB3:
+            case 0xB4:
+            case 0xB5:
+            case 0xB6:
+            case 0xB7:
+                return get_cbor_object(static_cast<std::size_t>(current & 0x1F));
+
+            case 0xB8: // map (one-byte uint8_t for n follows)
+            {
+                uint8_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_object(static_cast<std::size_t>(len));
+            }
+
+            case 0xB9: // map (two-byte uint16_t for n follow)
+            {
+                uint16_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_object(static_cast<std::size_t>(len));
+            }
+
+            case 0xBA: // map (four-byte uint32_t for n follow)
+            {
+                uint32_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_object(static_cast<std::size_t>(len));
+            }
+
+            case 0xBB: // map (eight-byte uint64_t for n follow)
+            {
+                uint64_t len;
+                return get_number(input_format_t::cbor, len) and get_cbor_object(static_cast<std::size_t>(len));
+            }
+
+            case 0xBF: // map (indefinite length)
+                return get_cbor_object(std::size_t(-1));
+
+            case 0xF4: // false
+                return sax->boolean(false);
+
+            case 0xF5: // true
+                return sax->boolean(true);
+
+            case 0xF6: // null
+                return sax->null();
+
+            case 0xF9: // Half-Precision Float (two-byte IEEE 754)
+            {
+                const int byte1_raw = get();
+                if (JSON_UNLIKELY(not unexpect_eof(input_format_t::cbor, "number")))
+                {
+                    return false;
+                }
+                const int byte2_raw = get();
+                if (JSON_UNLIKELY(not unexpect_eof(input_format_t::cbor, "number")))
+                {
+                    return false;
+                }
+
+                const auto byte1 = static_cast<unsigned char>(byte1_raw);
+                const auto byte2 = static_cast<unsigned char>(byte2_raw);
+
+                // code from RFC 7049, Appendix D, Figure 3:
+                // As half-precision floating-point numbers were only added
+                // to IEEE 754 in 2008, today's programming platforms often
+                // still only have limited support for them. It is very
+                // easy to include at least decoding support for them even
+                // without such support. An example of a small decoder for
+                // half-precision floating-point numbers in the C language
+                // is shown in Fig. 3.
+                const int half = (byte1 << 8) + byte2;
+                const double val = [&half]
+                {
+                    const int exp = (half >> 10) & 0x1F;
+                    const int mant = half & 0x3FF;
+                    assert(0 <= exp and exp <= 32);
+                    assert(0 <= mant and mant <= 1024);
+                    switch (exp)
+                    {
+                        case 0:
+                            return std::ldexp(mant, -24);
+                        case 31:
+                            return (mant == 0)
+                            ? std::numeric_limits<double>::infinity()
+                            : std::numeric_limits<double>::quiet_NaN();
+                        default:
+                            return std::ldexp(mant + 1024, exp - 25);
+                    }
+                }();
+                return sax->number_float((half & 0x8000) != 0
+                                         ? static_cast<number_float_t>(-val)
+                                         : static_cast<number_float_t>(val), "");
+            }
+
+            case 0xFA: // Single-Precision Float (four-byte IEEE 754)
+            {
+                float number;
+                return get_number(input_format_t::cbor, number) and sax->number_float(static_cast<number_float_t>(number), "");
+            }
+
+            case 0xFB: // Double-Precision Float (eight-byte IEEE 754)
+            {
+                double number;
+                return get_number(input_format_t::cbor, number) and sax->number_float(static_cast<number_float_t>(number), "");
+            }
+
+            default: // anything else (0xFF is handled inside the other types)
+            {
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(112, chars_read, exception_message(input_format_t::cbor, "invalid byte: 0x" + last_token, "value")));
+            }
+        }
+    }
+
+    /*!
+    @brief reads a CBOR string
+
+    This function first reads starting bytes to determine the expected
+    string length and then copies this number of bytes into a string.
+    Additionally, CBOR's strings with indefinite lengths are supported.
+
+    @param[out] result  created string
+
+    @return whether string creation completed
+    */
+    bool get_cbor_string(string_t& result)
+    {
+        if (JSON_UNLIKELY(not unexpect_eof(input_format_t::cbor, "string")))
+        {
+            return false;
+        }
+
+        switch (current)
+        {
+            // UTF-8 string (0x00..0x17 bytes follow)
+            case 0x60:
+            case 0x61:
+            case 0x62:
+            case 0x63:
+            case 0x64:
+            case 0x65:
+            case 0x66:
+            case 0x67:
+            case 0x68:
+            case 0x69:
+            case 0x6A:
+            case 0x6B:
+            case 0x6C:
+            case 0x6D:
+            case 0x6E:
+            case 0x6F:
+            case 0x70:
+            case 0x71:
+            case 0x72:
+            case 0x73:
+            case 0x74:
+            case 0x75:
+            case 0x76:
+            case 0x77:
+            {
+                return get_string(input_format_t::cbor, current & 0x1F, result);
+            }
+
+            case 0x78: // UTF-8 string (one-byte uint8_t for n follows)
+            {
+                uint8_t len;
+                return get_number(input_format_t::cbor, len) and get_string(input_format_t::cbor, len, result);
+            }
+
+            case 0x79: // UTF-8 string (two-byte uint16_t for n follow)
+            {
+                uint16_t len;
+                return get_number(input_format_t::cbor, len) and get_string(input_format_t::cbor, len, result);
+            }
+
+            case 0x7A: // UTF-8 string (four-byte uint32_t for n follow)
+            {
+                uint32_t len;
+                return get_number(input_format_t::cbor, len) and get_string(input_format_t::cbor, len, result);
+            }
+
+            case 0x7B: // UTF-8 string (eight-byte uint64_t for n follow)
+            {
+                uint64_t len;
+                return get_number(input_format_t::cbor, len) and get_string(input_format_t::cbor, len, result);
+            }
+
+            case 0x7F: // UTF-8 string (indefinite length)
+            {
+                while (get() != 0xFF)
+                {
+                    string_t chunk;
+                    if (not get_cbor_string(chunk))
+                    {
+                        return false;
+                    }
+                    result.append(chunk);
+                }
+                return true;
+            }
+
+            default:
+            {
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(113, chars_read, exception_message(input_format_t::cbor, "expected length specification (0x60-0x7B) or indefinite string type (0x7F); last byte: 0x" + last_token, "string")));
+            }
+        }
+    }
+
+    /*!
+    @param[in] len  the length of the array or std::size_t(-1) for an
+                    array of indefinite size
+    @return whether array creation completed
+    */
+    bool get_cbor_array(const std::size_t len)
+    {
+        if (JSON_UNLIKELY(not sax->start_array(len)))
+        {
+            return false;
+        }
+
+        if (len != std::size_t(-1))
+        {
+            for (std::size_t i = 0; i < len; ++i)
+            {
+                if (JSON_UNLIKELY(not parse_cbor_internal()))
+                {
+                    return false;
+                }
+            }
+        }
+        else
+        {
+            while (get() != 0xFF)
+            {
+                if (JSON_UNLIKELY(not parse_cbor_internal(false)))
+                {
+                    return false;
+                }
+            }
+        }
+
+        return sax->end_array();
+    }
+
+    /*!
+    @param[in] len  the length of the object or std::size_t(-1) for an
+                    object of indefinite size
+    @return whether object creation completed
+    */
+    bool get_cbor_object(const std::size_t len)
+    {
+        if (not JSON_UNLIKELY(sax->start_object(len)))
+        {
+            return false;
+        }
+
+        string_t key;
+        if (len != std::size_t(-1))
+        {
+            for (std::size_t i = 0; i < len; ++i)
+            {
+                get();
+                if (JSON_UNLIKELY(not get_cbor_string(key) or not sax->key(key)))
+                {
+                    return false;
+                }
+
+                if (JSON_UNLIKELY(not parse_cbor_internal()))
+                {
+                    return false;
+                }
+                key.clear();
+            }
+        }
+        else
+        {
+            while (get() != 0xFF)
+            {
+                if (JSON_UNLIKELY(not get_cbor_string(key) or not sax->key(key)))
+                {
+                    return false;
+                }
+
+                if (JSON_UNLIKELY(not parse_cbor_internal()))
+                {
+                    return false;
+                }
+                key.clear();
+            }
+        }
+
+        return sax->end_object();
+    }
+
+    /////////////
+    // MsgPack //
+    /////////////
+
+    /*!
+    @return whether a valid MessagePack value was passed to the SAX parser
+    */
+    bool parse_msgpack_internal()
+    {
+        switch (get())
+        {
+            // EOF
+            case std::char_traits<char>::eof():
+                return unexpect_eof(input_format_t::msgpack, "value");
+
+            // positive fixint
+            case 0x00:
+            case 0x01:
+            case 0x02:
+            case 0x03:
+            case 0x04:
+            case 0x05:
+            case 0x06:
+            case 0x07:
+            case 0x08:
+            case 0x09:
+            case 0x0A:
+            case 0x0B:
+            case 0x0C:
+            case 0x0D:
+            case 0x0E:
+            case 0x0F:
+            case 0x10:
+            case 0x11:
+            case 0x12:
+            case 0x13:
+            case 0x14:
+            case 0x15:
+            case 0x16:
+            case 0x17:
+            case 0x18:
+            case 0x19:
+            case 0x1A:
+            case 0x1B:
+            case 0x1C:
+            case 0x1D:
+            case 0x1E:
+            case 0x1F:
+            case 0x20:
+            case 0x21:
+            case 0x22:
+            case 0x23:
+            case 0x24:
+            case 0x25:
+            case 0x26:
+            case 0x27:
+            case 0x28:
+            case 0x29:
+            case 0x2A:
+            case 0x2B:
+            case 0x2C:
+            case 0x2D:
+            case 0x2E:
+            case 0x2F:
+            case 0x30:
+            case 0x31:
+            case 0x32:
+            case 0x33:
+            case 0x34:
+            case 0x35:
+            case 0x36:
+            case 0x37:
+            case 0x38:
+            case 0x39:
+            case 0x3A:
+            case 0x3B:
+            case 0x3C:
+            case 0x3D:
+            case 0x3E:
+            case 0x3F:
+            case 0x40:
+            case 0x41:
+            case 0x42:
+            case 0x43:
+            case 0x44:
+            case 0x45:
+            case 0x46:
+            case 0x47:
+            case 0x48:
+            case 0x49:
+            case 0x4A:
+            case 0x4B:
+            case 0x4C:
+            case 0x4D:
+            case 0x4E:
+            case 0x4F:
+            case 0x50:
+            case 0x51:
+            case 0x52:
+            case 0x53:
+            case 0x54:
+            case 0x55:
+            case 0x56:
+            case 0x57:
+            case 0x58:
+            case 0x59:
+            case 0x5A:
+            case 0x5B:
+            case 0x5C:
+            case 0x5D:
+            case 0x5E:
+            case 0x5F:
+            case 0x60:
+            case 0x61:
+            case 0x62:
+            case 0x63:
+            case 0x64:
+            case 0x65:
+            case 0x66:
+            case 0x67:
+            case 0x68:
+            case 0x69:
+            case 0x6A:
+            case 0x6B:
+            case 0x6C:
+            case 0x6D:
+            case 0x6E:
+            case 0x6F:
+            case 0x70:
+            case 0x71:
+            case 0x72:
+            case 0x73:
+            case 0x74:
+            case 0x75:
+            case 0x76:
+            case 0x77:
+            case 0x78:
+            case 0x79:
+            case 0x7A:
+            case 0x7B:
+            case 0x7C:
+            case 0x7D:
+            case 0x7E:
+            case 0x7F:
+                return sax->number_unsigned(static_cast<number_unsigned_t>(current));
+
+            // fixmap
+            case 0x80:
+            case 0x81:
+            case 0x82:
+            case 0x83:
+            case 0x84:
+            case 0x85:
+            case 0x86:
+            case 0x87:
+            case 0x88:
+            case 0x89:
+            case 0x8A:
+            case 0x8B:
+            case 0x8C:
+            case 0x8D:
+            case 0x8E:
+            case 0x8F:
+                return get_msgpack_object(static_cast<std::size_t>(current & 0x0F));
+
+            // fixarray
+            case 0x90:
+            case 0x91:
+            case 0x92:
+            case 0x93:
+            case 0x94:
+            case 0x95:
+            case 0x96:
+            case 0x97:
+            case 0x98:
+            case 0x99:
+            case 0x9A:
+            case 0x9B:
+            case 0x9C:
+            case 0x9D:
+            case 0x9E:
+            case 0x9F:
+                return get_msgpack_array(static_cast<std::size_t>(current & 0x0F));
+
+            // fixstr
+            case 0xA0:
+            case 0xA1:
+            case 0xA2:
+            case 0xA3:
+            case 0xA4:
+            case 0xA5:
+            case 0xA6:
+            case 0xA7:
+            case 0xA8:
+            case 0xA9:
+            case 0xAA:
+            case 0xAB:
+            case 0xAC:
+            case 0xAD:
+            case 0xAE:
+            case 0xAF:
+            case 0xB0:
+            case 0xB1:
+            case 0xB2:
+            case 0xB3:
+            case 0xB4:
+            case 0xB5:
+            case 0xB6:
+            case 0xB7:
+            case 0xB8:
+            case 0xB9:
+            case 0xBA:
+            case 0xBB:
+            case 0xBC:
+            case 0xBD:
+            case 0xBE:
+            case 0xBF:
+            {
+                string_t s;
+                return get_msgpack_string(s) and sax->string(s);
+            }
+
+            case 0xC0: // nil
+                return sax->null();
+
+            case 0xC2: // false
+                return sax->boolean(false);
+
+            case 0xC3: // true
+                return sax->boolean(true);
+
+            case 0xCA: // float 32
+            {
+                float number;
+                return get_number(input_format_t::msgpack, number) and sax->number_float(static_cast<number_float_t>(number), "");
+            }
+
+            case 0xCB: // float 64
+            {
+                double number;
+                return get_number(input_format_t::msgpack, number) and sax->number_float(static_cast<number_float_t>(number), "");
+            }
+
+            case 0xCC: // uint 8
+            {
+                uint8_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_unsigned(number);
+            }
+
+            case 0xCD: // uint 16
+            {
+                uint16_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_unsigned(number);
+            }
+
+            case 0xCE: // uint 32
+            {
+                uint32_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_unsigned(number);
+            }
+
+            case 0xCF: // uint 64
+            {
+                uint64_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_unsigned(number);
+            }
+
+            case 0xD0: // int 8
+            {
+                int8_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_integer(number);
+            }
+
+            case 0xD1: // int 16
+            {
+                int16_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_integer(number);
+            }
+
+            case 0xD2: // int 32
+            {
+                int32_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_integer(number);
+            }
+
+            case 0xD3: // int 64
+            {
+                int64_t number;
+                return get_number(input_format_t::msgpack, number) and sax->number_integer(number);
+            }
+
+            case 0xD9: // str 8
+            case 0xDA: // str 16
+            case 0xDB: // str 32
+            {
+                string_t s;
+                return get_msgpack_string(s) and sax->string(s);
+            }
+
+            case 0xDC: // array 16
+            {
+                uint16_t len;
+                return get_number(input_format_t::msgpack, len) and get_msgpack_array(static_cast<std::size_t>(len));
+            }
+
+            case 0xDD: // array 32
+            {
+                uint32_t len;
+                return get_number(input_format_t::msgpack, len) and get_msgpack_array(static_cast<std::size_t>(len));
+            }
+
+            case 0xDE: // map 16
+            {
+                uint16_t len;
+                return get_number(input_format_t::msgpack, len) and get_msgpack_object(static_cast<std::size_t>(len));
+            }
+
+            case 0xDF: // map 32
+            {
+                uint32_t len;
+                return get_number(input_format_t::msgpack, len) and get_msgpack_object(static_cast<std::size_t>(len));
+            }
+
+            // negative fixint
+            case 0xE0:
+            case 0xE1:
+            case 0xE2:
+            case 0xE3:
+            case 0xE4:
+            case 0xE5:
+            case 0xE6:
+            case 0xE7:
+            case 0xE8:
+            case 0xE9:
+            case 0xEA:
+            case 0xEB:
+            case 0xEC:
+            case 0xED:
+            case 0xEE:
+            case 0xEF:
+            case 0xF0:
+            case 0xF1:
+            case 0xF2:
+            case 0xF3:
+            case 0xF4:
+            case 0xF5:
+            case 0xF6:
+            case 0xF7:
+            case 0xF8:
+            case 0xF9:
+            case 0xFA:
+            case 0xFB:
+            case 0xFC:
+            case 0xFD:
+            case 0xFE:
+            case 0xFF:
+                return sax->number_integer(static_cast<int8_t>(current));
+
+            default: // anything else
+            {
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(112, chars_read, exception_message(input_format_t::msgpack, "invalid byte: 0x" + last_token, "value")));
+            }
+        }
+    }
+
+    /*!
+    @brief reads a MessagePack string
+
+    This function first reads starting bytes to determine the expected
+    string length and then copies this number of bytes into a string.
+
+    @param[out] result  created string
+
+    @return whether string creation completed
+    */
+    bool get_msgpack_string(string_t& result)
+    {
+        if (JSON_UNLIKELY(not unexpect_eof(input_format_t::msgpack, "string")))
+        {
+            return false;
+        }
+
+        switch (current)
+        {
+            // fixstr
+            case 0xA0:
+            case 0xA1:
+            case 0xA2:
+            case 0xA3:
+            case 0xA4:
+            case 0xA5:
+            case 0xA6:
+            case 0xA7:
+            case 0xA8:
+            case 0xA9:
+            case 0xAA:
+            case 0xAB:
+            case 0xAC:
+            case 0xAD:
+            case 0xAE:
+            case 0xAF:
+            case 0xB0:
+            case 0xB1:
+            case 0xB2:
+            case 0xB3:
+            case 0xB4:
+            case 0xB5:
+            case 0xB6:
+            case 0xB7:
+            case 0xB8:
+            case 0xB9:
+            case 0xBA:
+            case 0xBB:
+            case 0xBC:
+            case 0xBD:
+            case 0xBE:
+            case 0xBF:
+            {
+                return get_string(input_format_t::msgpack, current & 0x1F, result);
+            }
+
+            case 0xD9: // str 8
+            {
+                uint8_t len;
+                return get_number(input_format_t::msgpack, len) and get_string(input_format_t::msgpack, len, result);
+            }
+
+            case 0xDA: // str 16
+            {
+                uint16_t len;
+                return get_number(input_format_t::msgpack, len) and get_string(input_format_t::msgpack, len, result);
+            }
+
+            case 0xDB: // str 32
+            {
+                uint32_t len;
+                return get_number(input_format_t::msgpack, len) and get_string(input_format_t::msgpack, len, result);
+            }
+
+            default:
+            {
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(113, chars_read, exception_message(input_format_t::msgpack, "expected length specification (0xA0-0xBF, 0xD9-0xDB); last byte: 0x" + last_token, "string")));
+            }
+        }
+    }
+
+    /*!
+    @param[in] len  the length of the array
+    @return whether array creation completed
+    */
+    bool get_msgpack_array(const std::size_t len)
+    {
+        if (JSON_UNLIKELY(not sax->start_array(len)))
+        {
+            return false;
+        }
+
+        for (std::size_t i = 0; i < len; ++i)
+        {
+            if (JSON_UNLIKELY(not parse_msgpack_internal()))
+            {
+                return false;
+            }
+        }
+
+        return sax->end_array();
+    }
+
+    /*!
+    @param[in] len  the length of the object
+    @return whether object creation completed
+    */
+    bool get_msgpack_object(const std::size_t len)
+    {
+        if (JSON_UNLIKELY(not sax->start_object(len)))
+        {
+            return false;
+        }
+
+        string_t key;
+        for (std::size_t i = 0; i < len; ++i)
+        {
+            get();
+            if (JSON_UNLIKELY(not get_msgpack_string(key) or not sax->key(key)))
+            {
+                return false;
+            }
+
+            if (JSON_UNLIKELY(not parse_msgpack_internal()))
+            {
+                return false;
+            }
+            key.clear();
+        }
+
+        return sax->end_object();
+    }
+
+    ////////////
+    // UBJSON //
+    ////////////
+
+    /*!
+    @param[in] get_char  whether a new character should be retrieved from the
+                         input (true, default) or whether the last read
+                         character should be considered instead
+
+    @return whether a valid UBJSON value was passed to the SAX parser
+    */
+    bool parse_ubjson_internal(const bool get_char = true)
+    {
+        return get_ubjson_value(get_char ? get_ignore_noop() : current);
+    }
+
+    /*!
+    @brief reads a UBJSON string
+
+    This function is either called after reading the 'S' byte explicitly
+    indicating a string, or in case of an object key where the 'S' byte can be
+    left out.
+
+    @param[out] result   created string
+    @param[in] get_char  whether a new character should be retrieved from the
+                         input (true, default) or whether the last read
+                         character should be considered instead
+
+    @return whether string creation completed
+    */
+    bool get_ubjson_string(string_t& result, const bool get_char = true)
+    {
+        if (get_char)
+        {
+            get();  // TODO: may we ignore N here?
+        }
+
+        if (JSON_UNLIKELY(not unexpect_eof(input_format_t::ubjson, "value")))
+        {
+            return false;
+        }
+
+        switch (current)
+        {
+            case 'U':
+            {
+                uint8_t len;
+                return get_number(input_format_t::ubjson, len) and get_string(input_format_t::ubjson, len, result);
+            }
+
+            case 'i':
+            {
+                int8_t len;
+                return get_number(input_format_t::ubjson, len) and get_string(input_format_t::ubjson, len, result);
+            }
+
+            case 'I':
+            {
+                int16_t len;
+                return get_number(input_format_t::ubjson, len) and get_string(input_format_t::ubjson, len, result);
+            }
+
+            case 'l':
+            {
+                int32_t len;
+                return get_number(input_format_t::ubjson, len) and get_string(input_format_t::ubjson, len, result);
+            }
+
+            case 'L':
+            {
+                int64_t len;
+                return get_number(input_format_t::ubjson, len) and get_string(input_format_t::ubjson, len, result);
+            }
+
+            default:
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(113, chars_read, exception_message(input_format_t::ubjson, "expected length type specification (U, i, I, l, L); last byte: 0x" + last_token, "string")));
+        }
+    }
+
+    /*!
+    @param[out] result  determined size
+    @return whether size determination completed
+    */
+    bool get_ubjson_size_value(std::size_t& result)
+    {
+        switch (get_ignore_noop())
+        {
+            case 'U':
+            {
+                uint8_t number;
+                if (JSON_UNLIKELY(not get_number(input_format_t::ubjson, number)))
+                {
+                    return false;
+                }
+                result = static_cast<std::size_t>(number);
+                return true;
+            }
+
+            case 'i':
+            {
+                int8_t number;
+                if (JSON_UNLIKELY(not get_number(input_format_t::ubjson, number)))
+                {
+                    return false;
+                }
+                result = static_cast<std::size_t>(number);
+                return true;
+            }
+
+            case 'I':
+            {
+                int16_t number;
+                if (JSON_UNLIKELY(not get_number(input_format_t::ubjson, number)))
+                {
+                    return false;
+                }
+                result = static_cast<std::size_t>(number);
+                return true;
+            }
+
+            case 'l':
+            {
+                int32_t number;
+                if (JSON_UNLIKELY(not get_number(input_format_t::ubjson, number)))
+                {
+                    return false;
+                }
+                result = static_cast<std::size_t>(number);
+                return true;
+            }
+
+            case 'L':
+            {
+                int64_t number;
+                if (JSON_UNLIKELY(not get_number(input_format_t::ubjson, number)))
+                {
+                    return false;
+                }
+                result = static_cast<std::size_t>(number);
+                return true;
+            }
+
+            default:
+            {
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(113, chars_read, exception_message(input_format_t::ubjson, "expected length type specification (U, i, I, l, L) after '#'; last byte: 0x" + last_token, "size")));
+            }
+        }
+    }
+
+    /*!
+    @brief determine the type and size for a container
+
+    In the optimized UBJSON format, a type and a size can be provided to allow
+    for a more compact representation.
+
+    @param[out] result  pair of the size and the type
+
+    @return whether pair creation completed
+    */
+    bool get_ubjson_size_type(std::pair<std::size_t, int>& result)
+    {
+        result.first = string_t::npos; // size
+        result.second = 0; // type
+
+        get_ignore_noop();
+
+        if (current == '$')
+        {
+            result.second = get();  // must not ignore 'N', because 'N' maybe the type
+            if (JSON_UNLIKELY(not unexpect_eof(input_format_t::ubjson, "type")))
+            {
+                return false;
+            }
+
+            get_ignore_noop();
+            if (JSON_UNLIKELY(current != '#'))
+            {
+                if (JSON_UNLIKELY(not unexpect_eof(input_format_t::ubjson, "value")))
+                {
+                    return false;
+                }
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(112, chars_read, exception_message(input_format_t::ubjson, "expected '#' after type information; last byte: 0x" + last_token, "size")));
+            }
+
+            return get_ubjson_size_value(result.first);
+        }
+        else if (current == '#')
+        {
+            return get_ubjson_size_value(result.first);
+        }
+        return true;
+    }
+
+    /*!
+    @param prefix  the previously read or set type prefix
+    @return whether value creation completed
+    */
+    bool get_ubjson_value(const int prefix)
+    {
+        switch (prefix)
+        {
+            case std::char_traits<char>::eof():  // EOF
+                return unexpect_eof(input_format_t::ubjson, "value");
+
+            case 'T':  // true
+                return sax->boolean(true);
+            case 'F':  // false
+                return sax->boolean(false);
+
+            case 'Z':  // null
+                return sax->null();
+
+            case 'U':
+            {
+                uint8_t number;
+                return get_number(input_format_t::ubjson, number) and sax->number_unsigned(number);
+            }
+
+            case 'i':
+            {
+                int8_t number;
+                return get_number(input_format_t::ubjson, number) and sax->number_integer(number);
+            }
+
+            case 'I':
+            {
+                int16_t number;
+                return get_number(input_format_t::ubjson, number) and sax->number_integer(number);
+            }
+
+            case 'l':
+            {
+                int32_t number;
+                return get_number(input_format_t::ubjson, number) and sax->number_integer(number);
+            }
+
+            case 'L':
+            {
+                int64_t number;
+                return get_number(input_format_t::ubjson, number) and sax->number_integer(number);
+            }
+
+            case 'd':
+            {
+                float number;
+                return get_number(input_format_t::ubjson, number) and sax->number_float(static_cast<number_float_t>(number), "");
+            }
+
+            case 'D':
+            {
+                double number;
+                return get_number(input_format_t::ubjson, number) and sax->number_float(static_cast<number_float_t>(number), "");
+            }
+
+            case 'C':  // char
+            {
+                get();
+                if (JSON_UNLIKELY(not unexpect_eof(input_format_t::ubjson, "char")))
+                {
+                    return false;
+                }
+                if (JSON_UNLIKELY(current > 127))
+                {
+                    auto last_token = get_token_string();
+                    return sax->parse_error(chars_read, last_token, parse_error::create(113, chars_read, exception_message(input_format_t::ubjson, "byte after 'C' must be in range 0x00..0x7F; last byte: 0x" + last_token, "char")));
+                }
+                string_t s(1, static_cast<char>(current));
+                return sax->string(s);
+            }
+
+            case 'S':  // string
+            {
+                string_t s;
+                return get_ubjson_string(s) and sax->string(s);
+            }
+
+            case '[':  // array
+                return get_ubjson_array();
+
+            case '{':  // object
+                return get_ubjson_object();
+
+            default: // anything else
+            {
+                auto last_token = get_token_string();
+                return sax->parse_error(chars_read, last_token, parse_error::create(112, chars_read, exception_message(input_format_t::ubjson, "invalid byte: 0x" + last_token, "value")));
+            }
+        }
+    }
+
+    /*!
+    @return whether array creation completed
+    */
+    bool get_ubjson_array()
+    {
+        std::pair<std::size_t, int> size_and_type;
+        if (JSON_UNLIKELY(not get_ubjson_size_type(size_and_type)))
+        {
+            return false;
+        }
+
+        if (size_and_type.first != string_t::npos)
+        {
+            if (JSON_UNLIKELY(not sax->start_array(size_and_type.first)))
+            {
+                return false;
+            }
+
+            if (size_and_type.second != 0)
+            {
+                if (size_and_type.second != 'N')
+                {
+                    for (std::size_t i = 0; i < size_and_type.first; ++i)
+                    {
+                        if (JSON_UNLIKELY(not get_ubjson_value(size_and_type.second)))
+                        {
+                            return false;
+                        }
+                    }
+                }
+            }
+            else
+            {
+                for (std::size_t i = 0; i < size_and_type.first; ++i)
+                {
+                    if (JSON_UNLIKELY(not parse_ubjson_internal()))
+                    {
+                        return false;
+                    }
+                }
+            }
+        }
+        else
+        {
+            if (JSON_UNLIKELY(not sax->start_array(std::size_t(-1))))
+            {
+                return false;
+            }
+
+            while (current != ']')
+            {
+                if (JSON_UNLIKELY(not parse_ubjson_internal(false)))
+                {
+                    return false;
+                }
+                get_ignore_noop();
+            }
+        }
+
+        return sax->end_array();
+    }
+
+    /*!
+    @return whether object creation completed
+    */
+    bool get_ubjson_object()
+    {
+        std::pair<std::size_t, int> size_and_type;
+        if (JSON_UNLIKELY(not get_ubjson_size_type(size_and_type)))
+        {
+            return false;
+        }
+
+        string_t key;
+        if (size_and_type.first != string_t::npos)
+        {
+            if (JSON_UNLIKELY(not sax->start_object(size_and_type.first)))
+            {
+                return false;
+            }
+
+            if (size_and_type.second != 0)
+            {
+                for (std::size_t i = 0; i < size_and_type.first; ++i)
+                {
+                    if (JSON_UNLIKELY(not get_ubjson_string(key) or not sax->key(key)))
+                    {
+                        return false;
+                    }
+                    if (JSON_UNLIKELY(not get_ubjson_value(size_and_type.second)))
+                    {
+                        return false;
+                    }
+                    key.clear();
+                }
+            }
+            else
+            {
+                for (std::size_t i = 0; i < size_and_type.first; ++i)
+                {
+                    if (JSON_UNLIKELY(not get_ubjson_string(key) or not sax->key(key)))
+                    {
+                        return false;
+                    }
+                    if (JSON_UNLIKELY(not parse_ubjson_internal()))
+                    {
+                        return false;
+                    }
+                    key.clear();
+                }
+            }
+        }
+        else
+        {
+            if (JSON_UNLIKELY(not sax->start_object(std::size_t(-1))))
+            {
+                return false;
+            }
+
+            while (current != '}')
+            {
+                if (JSON_UNLIKELY(not get_ubjson_string(key, false) or not sax->key(key)))
+                {
+                    return false;
+                }
+                if (JSON_UNLIKELY(not parse_ubjson_internal()))
+                {
+                    return false;
+                }
+                get_ignore_noop();
+                key.clear();
+            }
+        }
+
+        return sax->end_object();
+    }
+
+    ///////////////////////
+    // Utility functions //
+    ///////////////////////
+
+    /*!
+    @brief get next character from the input
+
+    This function provides the interface to the used input adapter. It does
+    not throw in case the input reached EOF, but returns a -'ve valued
+    `std::char_traits<char>::eof()` in that case.
+
+    @return character read from the input
+    */
+    int get()
+    {
+        ++chars_read;
+        return (current = ia->get_character());
+    }
+
+    /*!
+    @return character read from the input after ignoring all 'N' entries
+    */
+    int get_ignore_noop()
+    {
+        do
+        {
+            get();
+        }
+        while (current == 'N');
+
+        return current;
+    }
+
+    /*
+    @brief read a number from the input
+
+    @tparam NumberType the type of the number
+    @param[in] format   the current format (for diagnostics)
+    @param[out] result  number of type @a NumberType
+
+    @return whether conversion completed
+
+    @note This function needs to respect the system's endianess, because
+          bytes in CBOR, MessagePack, and UBJSON are stored in network order
+          (big endian) and therefore need reordering on little endian systems.
+    */
+    template<typename NumberType, bool InputIsLittleEndian = false>
+    bool get_number(const input_format_t format, NumberType& result)
+    {
+        // step 1: read input into array with system's byte order
+        std::array<uint8_t, sizeof(NumberType)> vec;
+        for (std::size_t i = 0; i < sizeof(NumberType); ++i)
+        {
+            get();
+            if (JSON_UNLIKELY(not unexpect_eof(format, "number")))
+            {
+                return false;
+            }
+
+            // reverse byte order prior to conversion if necessary
+            if (is_little_endian && !InputIsLittleEndian)
+            {
+                vec[sizeof(NumberType) - i - 1] = static_cast<uint8_t>(current);
+            }
+            else
+            {
+                vec[i] = static_cast<uint8_t>(current); // LCOV_EXCL_LINE
+            }
+        }
+
+        // step 2: convert array into number of type T and return
+        std::memcpy(&result, vec.data(), sizeof(NumberType));
+        return true;
+    }
+
+    /*!
+    @brief create a string by reading characters from the input
+
+    @tparam NumberType the type of the number
+    @param[in] format the current format (for diagnostics)
+    @param[in] len number of characters to read
+    @param[out] result string created by reading @a len bytes
+
+    @return whether string creation completed
+
+    @note We can not reserve @a len bytes for the result, because @a len
+          may be too large. Usually, @ref unexpect_eof() detects the end of
+          the input before we run out of string memory.
+    */
+    template<typename NumberType>
+    bool get_string(const input_format_t format,
+                    const NumberType len,
+                    string_t& result)
+    {
+        bool success = true;
+        std::generate_n(std::back_inserter(result), len, [this, &success, &format]()
+        {
+            get();
+            if (JSON_UNLIKELY(not unexpect_eof(format, "string")))
+            {
+                success = false;
+            }
+            return static_cast<char>(current);
+        });
+        return success;
+    }
+
+    /*!
+    @param[in] format   the current format (for diagnostics)
+    @param[in] context  further context information (for diagnostics)
+    @return whether the last read character is not EOF
+    */
+    bool unexpect_eof(const input_format_t format, const char* context) const
+    {
+        if (JSON_UNLIKELY(current == std::char_traits<char>::eof()))
+        {
+            return sax->parse_error(chars_read, "<end of file>",
+                                    parse_error::create(110, chars_read, exception_message(format, "unexpected end of input", context)));
+        }
+        return true;
+    }
+
+    /*!
+    @return a string representation of the last read byte
+    */
+    std::string get_token_string() const
+    {
+        char cr[3];
+        (std::snprintf)(cr, 3, "%.2hhX", static_cast<unsigned char>(current));
+        return std::string{cr};
+    }
+
+    /*!
+    @param[in] format   the current format
+    @param[in] detail   a detailed error message
+    @param[in] context  further contect information
+    @return a message string to use in the parse_error exceptions
+    */
+    std::string exception_message(const input_format_t format,
+                                  const std::string& detail,
+                                  const std::string& context) const
+    {
+        std::string error_msg = "syntax error while parsing ";
+
+        switch (format)
+        {
+            case input_format_t::cbor:
+                error_msg += "CBOR";
+                break;
+
+            case input_format_t::msgpack:
+                error_msg += "MessagePack";
+                break;
+
+            case input_format_t::ubjson:
+                error_msg += "UBJSON";
+                break;
+
+            case input_format_t::bson:
+                error_msg += "BSON";
+                break;
+
+            // LCOV_EXCL_START
+            default:
+                assert(false);
+                // LCOV_EXCL_STOP
+        }
+
+        return error_msg + " " + context + ": " + detail;
+    }
+
+  private:
+    /// input adapter
+    input_adapter_t ia = nullptr;
+
+    /// the current character
+    int current = std::char_traits<char>::eof();
+
+    /// the number of characters read
+    std::size_t chars_read = 0;
+
+    /// whether we can assume little endianess
+    const bool is_little_endian = little_endianess();
+
+    /// the SAX parser
+    json_sax_t* sax = nullptr;
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/output/binary_writer.hpp>
+
+
+#include <algorithm> // reverse
+#include <array> // array
+#include <cstdint> // uint8_t, uint16_t, uint32_t, uint64_t
+#include <cstring> // memcpy
+#include <limits> // numeric_limits
+
+// #include <nlohmann/detail/input/binary_reader.hpp>
+
+// #include <nlohmann/detail/output/output_adapters.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+///////////////////
+// binary writer //
+///////////////////
+
+/*!
+@brief serialization to CBOR and MessagePack values
+*/
+template<typename BasicJsonType, typename CharType>
+class binary_writer
+{
+    using string_t = typename BasicJsonType::string_t;
+
+  public:
+    /*!
+    @brief create a binary writer
+
+    @param[in] adapter  output adapter to write to
+    */
+    explicit binary_writer(output_adapter_t<CharType> adapter) : oa(adapter)
+    {
+        assert(oa);
+    }
+
+    /*!
+    @param[in] j  JSON value to serialize
+    @pre       j.type() == value_t::object
+    */
+    void write_bson(const BasicJsonType& j)
+    {
+        switch (j.type())
+        {
+            case value_t::object:
+            {
+                write_bson_object(*j.m_value.object);
+                break;
+            }
+
+            default:
+            {
+                JSON_THROW(type_error::create(317, "to serialize to BSON, top-level type must be object, but is " + std::string(j.type_name())));
+            }
+        }
+    }
+
+    /*!
+    @param[in] j  JSON value to serialize
+    */
+    void write_cbor(const BasicJsonType& j)
+    {
+        switch (j.type())
+        {
+            case value_t::null:
+            {
+                oa->write_character(to_char_type(0xF6));
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                oa->write_character(j.m_value.boolean
+                                    ? to_char_type(0xF5)
+                                    : to_char_type(0xF4));
+                break;
+            }
+
+            case value_t::number_integer:
+            {
+                if (j.m_value.number_integer >= 0)
+                {
+                    // CBOR does not differentiate between positive signed
+                    // integers and unsigned integers. Therefore, we used the
+                    // code from the value_t::number_unsigned case here.
+                    if (j.m_value.number_integer <= 0x17)
+                    {
+                        write_number(static_cast<uint8_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_integer <= (std::numeric_limits<uint8_t>::max)())
+                    {
+                        oa->write_character(to_char_type(0x18));
+                        write_number(static_cast<uint8_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_integer <= (std::numeric_limits<uint16_t>::max)())
+                    {
+                        oa->write_character(to_char_type(0x19));
+                        write_number(static_cast<uint16_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_integer <= (std::numeric_limits<uint32_t>::max)())
+                    {
+                        oa->write_character(to_char_type(0x1A));
+                        write_number(static_cast<uint32_t>(j.m_value.number_integer));
+                    }
+                    else
+                    {
+                        oa->write_character(to_char_type(0x1B));
+                        write_number(static_cast<uint64_t>(j.m_value.number_integer));
+                    }
+                }
+                else
+                {
+                    // The conversions below encode the sign in the first
+                    // byte, and the value is converted to a positive number.
+                    const auto positive_number = -1 - j.m_value.number_integer;
+                    if (j.m_value.number_integer >= -24)
+                    {
+                        write_number(static_cast<uint8_t>(0x20 + positive_number));
+                    }
+                    else if (positive_number <= (std::numeric_limits<uint8_t>::max)())
+                    {
+                        oa->write_character(to_char_type(0x38));
+                        write_number(static_cast<uint8_t>(positive_number));
+                    }
+                    else if (positive_number <= (std::numeric_limits<uint16_t>::max)())
+                    {
+                        oa->write_character(to_char_type(0x39));
+                        write_number(static_cast<uint16_t>(positive_number));
+                    }
+                    else if (positive_number <= (std::numeric_limits<uint32_t>::max)())
+                    {
+                        oa->write_character(to_char_type(0x3A));
+                        write_number(static_cast<uint32_t>(positive_number));
+                    }
+                    else
+                    {
+                        oa->write_character(to_char_type(0x3B));
+                        write_number(static_cast<uint64_t>(positive_number));
+                    }
+                }
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                if (j.m_value.number_unsigned <= 0x17)
+                {
+                    write_number(static_cast<uint8_t>(j.m_value.number_unsigned));
+                }
+                else if (j.m_value.number_unsigned <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x18));
+                    write_number(static_cast<uint8_t>(j.m_value.number_unsigned));
+                }
+                else if (j.m_value.number_unsigned <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x19));
+                    write_number(static_cast<uint16_t>(j.m_value.number_unsigned));
+                }
+                else if (j.m_value.number_unsigned <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x1A));
+                    write_number(static_cast<uint32_t>(j.m_value.number_unsigned));
+                }
+                else
+                {
+                    oa->write_character(to_char_type(0x1B));
+                    write_number(static_cast<uint64_t>(j.m_value.number_unsigned));
+                }
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                oa->write_character(get_cbor_float_prefix(j.m_value.number_float));
+                write_number(j.m_value.number_float);
+                break;
+            }
+
+            case value_t::string:
+            {
+                // step 1: write control byte and the string length
+                const auto N = j.m_value.string->size();
+                if (N <= 0x17)
+                {
+                    write_number(static_cast<uint8_t>(0x60 + N));
+                }
+                else if (N <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x78));
+                    write_number(static_cast<uint8_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x79));
+                    write_number(static_cast<uint16_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x7A));
+                    write_number(static_cast<uint32_t>(N));
+                }
+                // LCOV_EXCL_START
+                else if (N <= (std::numeric_limits<uint64_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x7B));
+                    write_number(static_cast<uint64_t>(N));
+                }
+                // LCOV_EXCL_STOP
+
+                // step 2: write the string
+                oa->write_characters(
+                    reinterpret_cast<const CharType*>(j.m_value.string->c_str()),
+                    j.m_value.string->size());
+                break;
+            }
+
+            case value_t::array:
+            {
+                // step 1: write control byte and the array size
+                const auto N = j.m_value.array->size();
+                if (N <= 0x17)
+                {
+                    write_number(static_cast<uint8_t>(0x80 + N));
+                }
+                else if (N <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x98));
+                    write_number(static_cast<uint8_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x99));
+                    write_number(static_cast<uint16_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x9A));
+                    write_number(static_cast<uint32_t>(N));
+                }
+                // LCOV_EXCL_START
+                else if (N <= (std::numeric_limits<uint64_t>::max)())
+                {
+                    oa->write_character(to_char_type(0x9B));
+                    write_number(static_cast<uint64_t>(N));
+                }
+                // LCOV_EXCL_STOP
+
+                // step 2: write each element
+                for (const auto& el : *j.m_value.array)
+                {
+                    write_cbor(el);
+                }
+                break;
+            }
+
+            case value_t::object:
+            {
+                // step 1: write control byte and the object size
+                const auto N = j.m_value.object->size();
+                if (N <= 0x17)
+                {
+                    write_number(static_cast<uint8_t>(0xA0 + N));
+                }
+                else if (N <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    oa->write_character(to_char_type(0xB8));
+                    write_number(static_cast<uint8_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    oa->write_character(to_char_type(0xB9));
+                    write_number(static_cast<uint16_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    oa->write_character(to_char_type(0xBA));
+                    write_number(static_cast<uint32_t>(N));
+                }
+                // LCOV_EXCL_START
+                else if (N <= (std::numeric_limits<uint64_t>::max)())
+                {
+                    oa->write_character(to_char_type(0xBB));
+                    write_number(static_cast<uint64_t>(N));
+                }
+                // LCOV_EXCL_STOP
+
+                // step 2: write each element
+                for (const auto& el : *j.m_value.object)
+                {
+                    write_cbor(el.first);
+                    write_cbor(el.second);
+                }
+                break;
+            }
+
+            default:
+                break;
+        }
+    }
+
+    /*!
+    @param[in] j  JSON value to serialize
+    */
+    void write_msgpack(const BasicJsonType& j)
+    {
+        switch (j.type())
+        {
+            case value_t::null: // nil
+            {
+                oa->write_character(to_char_type(0xC0));
+                break;
+            }
+
+            case value_t::boolean: // true and false
+            {
+                oa->write_character(j.m_value.boolean
+                                    ? to_char_type(0xC3)
+                                    : to_char_type(0xC2));
+                break;
+            }
+
+            case value_t::number_integer:
+            {
+                if (j.m_value.number_integer >= 0)
+                {
+                    // MessagePack does not differentiate between positive
+                    // signed integers and unsigned integers. Therefore, we used
+                    // the code from the value_t::number_unsigned case here.
+                    if (j.m_value.number_unsigned < 128)
+                    {
+                        // positive fixnum
+                        write_number(static_cast<uint8_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_unsigned <= (std::numeric_limits<uint8_t>::max)())
+                    {
+                        // uint 8
+                        oa->write_character(to_char_type(0xCC));
+                        write_number(static_cast<uint8_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_unsigned <= (std::numeric_limits<uint16_t>::max)())
+                    {
+                        // uint 16
+                        oa->write_character(to_char_type(0xCD));
+                        write_number(static_cast<uint16_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_unsigned <= (std::numeric_limits<uint32_t>::max)())
+                    {
+                        // uint 32
+                        oa->write_character(to_char_type(0xCE));
+                        write_number(static_cast<uint32_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_unsigned <= (std::numeric_limits<uint64_t>::max)())
+                    {
+                        // uint 64
+                        oa->write_character(to_char_type(0xCF));
+                        write_number(static_cast<uint64_t>(j.m_value.number_integer));
+                    }
+                }
+                else
+                {
+                    if (j.m_value.number_integer >= -32)
+                    {
+                        // negative fixnum
+                        write_number(static_cast<int8_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_integer >= (std::numeric_limits<int8_t>::min)() and
+                             j.m_value.number_integer <= (std::numeric_limits<int8_t>::max)())
+                    {
+                        // int 8
+                        oa->write_character(to_char_type(0xD0));
+                        write_number(static_cast<int8_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_integer >= (std::numeric_limits<int16_t>::min)() and
+                             j.m_value.number_integer <= (std::numeric_limits<int16_t>::max)())
+                    {
+                        // int 16
+                        oa->write_character(to_char_type(0xD1));
+                        write_number(static_cast<int16_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_integer >= (std::numeric_limits<int32_t>::min)() and
+                             j.m_value.number_integer <= (std::numeric_limits<int32_t>::max)())
+                    {
+                        // int 32
+                        oa->write_character(to_char_type(0xD2));
+                        write_number(static_cast<int32_t>(j.m_value.number_integer));
+                    }
+                    else if (j.m_value.number_integer >= (std::numeric_limits<int64_t>::min)() and
+                             j.m_value.number_integer <= (std::numeric_limits<int64_t>::max)())
+                    {
+                        // int 64
+                        oa->write_character(to_char_type(0xD3));
+                        write_number(static_cast<int64_t>(j.m_value.number_integer));
+                    }
+                }
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                if (j.m_value.number_unsigned < 128)
+                {
+                    // positive fixnum
+                    write_number(static_cast<uint8_t>(j.m_value.number_integer));
+                }
+                else if (j.m_value.number_unsigned <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    // uint 8
+                    oa->write_character(to_char_type(0xCC));
+                    write_number(static_cast<uint8_t>(j.m_value.number_integer));
+                }
+                else if (j.m_value.number_unsigned <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    // uint 16
+                    oa->write_character(to_char_type(0xCD));
+                    write_number(static_cast<uint16_t>(j.m_value.number_integer));
+                }
+                else if (j.m_value.number_unsigned <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    // uint 32
+                    oa->write_character(to_char_type(0xCE));
+                    write_number(static_cast<uint32_t>(j.m_value.number_integer));
+                }
+                else if (j.m_value.number_unsigned <= (std::numeric_limits<uint64_t>::max)())
+                {
+                    // uint 64
+                    oa->write_character(to_char_type(0xCF));
+                    write_number(static_cast<uint64_t>(j.m_value.number_integer));
+                }
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                oa->write_character(get_msgpack_float_prefix(j.m_value.number_float));
+                write_number(j.m_value.number_float);
+                break;
+            }
+
+            case value_t::string:
+            {
+                // step 1: write control byte and the string length
+                const auto N = j.m_value.string->size();
+                if (N <= 31)
+                {
+                    // fixstr
+                    write_number(static_cast<uint8_t>(0xA0 | N));
+                }
+                else if (N <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    // str 8
+                    oa->write_character(to_char_type(0xD9));
+                    write_number(static_cast<uint8_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    // str 16
+                    oa->write_character(to_char_type(0xDA));
+                    write_number(static_cast<uint16_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    // str 32
+                    oa->write_character(to_char_type(0xDB));
+                    write_number(static_cast<uint32_t>(N));
+                }
+
+                // step 2: write the string
+                oa->write_characters(
+                    reinterpret_cast<const CharType*>(j.m_value.string->c_str()),
+                    j.m_value.string->size());
+                break;
+            }
+
+            case value_t::array:
+            {
+                // step 1: write control byte and the array size
+                const auto N = j.m_value.array->size();
+                if (N <= 15)
+                {
+                    // fixarray
+                    write_number(static_cast<uint8_t>(0x90 | N));
+                }
+                else if (N <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    // array 16
+                    oa->write_character(to_char_type(0xDC));
+                    write_number(static_cast<uint16_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    // array 32
+                    oa->write_character(to_char_type(0xDD));
+                    write_number(static_cast<uint32_t>(N));
+                }
+
+                // step 2: write each element
+                for (const auto& el : *j.m_value.array)
+                {
+                    write_msgpack(el);
+                }
+                break;
+            }
+
+            case value_t::object:
+            {
+                // step 1: write control byte and the object size
+                const auto N = j.m_value.object->size();
+                if (N <= 15)
+                {
+                    // fixmap
+                    write_number(static_cast<uint8_t>(0x80 | (N & 0xF)));
+                }
+                else if (N <= (std::numeric_limits<uint16_t>::max)())
+                {
+                    // map 16
+                    oa->write_character(to_char_type(0xDE));
+                    write_number(static_cast<uint16_t>(N));
+                }
+                else if (N <= (std::numeric_limits<uint32_t>::max)())
+                {
+                    // map 32
+                    oa->write_character(to_char_type(0xDF));
+                    write_number(static_cast<uint32_t>(N));
+                }
+
+                // step 2: write each element
+                for (const auto& el : *j.m_value.object)
+                {
+                    write_msgpack(el.first);
+                    write_msgpack(el.second);
+                }
+                break;
+            }
+
+            default:
+                break;
+        }
+    }
+
+    /*!
+    @param[in] j  JSON value to serialize
+    @param[in] use_count   whether to use '#' prefixes (optimized format)
+    @param[in] use_type    whether to use '$' prefixes (optimized format)
+    @param[in] add_prefix  whether prefixes need to be used for this value
+    */
+    void write_ubjson(const BasicJsonType& j, const bool use_count,
+                      const bool use_type, const bool add_prefix = true)
+    {
+        switch (j.type())
+        {
+            case value_t::null:
+            {
+                if (add_prefix)
+                {
+                    oa->write_character(to_char_type('Z'));
+                }
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                if (add_prefix)
+                {
+                    oa->write_character(j.m_value.boolean
+                                        ? to_char_type('T')
+                                        : to_char_type('F'));
+                }
+                break;
+            }
+
+            case value_t::number_integer:
+            {
+                write_number_with_ubjson_prefix(j.m_value.number_integer, add_prefix);
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                write_number_with_ubjson_prefix(j.m_value.number_unsigned, add_prefix);
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                write_number_with_ubjson_prefix(j.m_value.number_float, add_prefix);
+                break;
+            }
+
+            case value_t::string:
+            {
+                if (add_prefix)
+                {
+                    oa->write_character(to_char_type('S'));
+                }
+                write_number_with_ubjson_prefix(j.m_value.string->size(), true);
+                oa->write_characters(
+                    reinterpret_cast<const CharType*>(j.m_value.string->c_str()),
+                    j.m_value.string->size());
+                break;
+            }
+
+            case value_t::array:
+            {
+                if (add_prefix)
+                {
+                    oa->write_character(to_char_type('['));
+                }
+
+                bool prefix_required = true;
+                if (use_type and not j.m_value.array->empty())
+                {
+                    assert(use_count);
+                    const CharType first_prefix = ubjson_prefix(j.front());
+                    const bool same_prefix = std::all_of(j.begin() + 1, j.end(),
+                                                         [this, first_prefix](const BasicJsonType & v)
+                    {
+                        return ubjson_prefix(v) == first_prefix;
+                    });
+
+                    if (same_prefix)
+                    {
+                        prefix_required = false;
+                        oa->write_character(to_char_type('$'));
+                        oa->write_character(first_prefix);
+                    }
+                }
+
+                if (use_count)
+                {
+                    oa->write_character(to_char_type('#'));
+                    write_number_with_ubjson_prefix(j.m_value.array->size(), true);
+                }
+
+                for (const auto& el : *j.m_value.array)
+                {
+                    write_ubjson(el, use_count, use_type, prefix_required);
+                }
+
+                if (not use_count)
+                {
+                    oa->write_character(to_char_type(']'));
+                }
+
+                break;
+            }
+
+            case value_t::object:
+            {
+                if (add_prefix)
+                {
+                    oa->write_character(to_char_type('{'));
+                }
+
+                bool prefix_required = true;
+                if (use_type and not j.m_value.object->empty())
+                {
+                    assert(use_count);
+                    const CharType first_prefix = ubjson_prefix(j.front());
+                    const bool same_prefix = std::all_of(j.begin(), j.end(),
+                                                         [this, first_prefix](const BasicJsonType & v)
+                    {
+                        return ubjson_prefix(v) == first_prefix;
+                    });
+
+                    if (same_prefix)
+                    {
+                        prefix_required = false;
+                        oa->write_character(to_char_type('$'));
+                        oa->write_character(first_prefix);
+                    }
+                }
+
+                if (use_count)
+                {
+                    oa->write_character(to_char_type('#'));
+                    write_number_with_ubjson_prefix(j.m_value.object->size(), true);
+                }
+
+                for (const auto& el : *j.m_value.object)
+                {
+                    write_number_with_ubjson_prefix(el.first.size(), true);
+                    oa->write_characters(
+                        reinterpret_cast<const CharType*>(el.first.c_str()),
+                        el.first.size());
+                    write_ubjson(el.second, use_count, use_type, prefix_required);
+                }
+
+                if (not use_count)
+                {
+                    oa->write_character(to_char_type('}'));
+                }
+
+                break;
+            }
+
+            default:
+                break;
+        }
+    }
+
+  private:
+    //////////
+    // BSON //
+    //////////
+
+    /*!
+    @return The size of a BSON document entry header, including the id marker
+            and the entry name size (and its null-terminator).
+    */
+    static std::size_t calc_bson_entry_header_size(const string_t& name)
+    {
+        const auto it = name.find(static_cast<typename string_t::value_type>(0));
+        if (JSON_UNLIKELY(it != BasicJsonType::string_t::npos))
+        {
+            JSON_THROW(out_of_range::create(409,
+                                            "BSON key cannot contain code point U+0000 (at byte " + std::to_string(it) + ")"));
+        }
+
+        return /*id*/ 1ul + name.size() + /*zero-terminator*/1u;
+    }
+
+    /*!
+    @brief Writes the given @a element_type and @a name to the output adapter
+    */
+    void write_bson_entry_header(const string_t& name,
+                                 const std::uint8_t element_type)
+    {
+        oa->write_character(to_char_type(element_type)); // boolean
+        oa->write_characters(
+            reinterpret_cast<const CharType*>(name.c_str()),
+            name.size() + 1u);
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and boolean value @a value
+    */
+    void write_bson_boolean(const string_t& name,
+                            const bool value)
+    {
+        write_bson_entry_header(name, 0x08);
+        oa->write_character(value ? to_char_type(0x01) : to_char_type(0x00));
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and double value @a value
+    */
+    void write_bson_double(const string_t& name,
+                           const double value)
+    {
+        write_bson_entry_header(name, 0x01);
+        write_number<double, true>(value);
+    }
+
+    /*!
+    @return The size of the BSON-encoded string in @a value
+    */
+    static std::size_t calc_bson_string_size(const string_t& value)
+    {
+        return sizeof(std::int32_t) + value.size() + 1ul;
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and string value @a value
+    */
+    void write_bson_string(const string_t& name,
+                           const string_t& value)
+    {
+        write_bson_entry_header(name, 0x02);
+
+        write_number<std::int32_t, true>(static_cast<std::int32_t>(value.size() + 1ul));
+        oa->write_characters(
+            reinterpret_cast<const CharType*>(value.c_str()),
+            value.size() + 1);
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and null value
+    */
+    void write_bson_null(const string_t& name)
+    {
+        write_bson_entry_header(name, 0x0A);
+    }
+
+    /*!
+    @return The size of the BSON-encoded integer @a value
+    */
+    static std::size_t calc_bson_integer_size(const std::int64_t value)
+    {
+        if ((std::numeric_limits<std::int32_t>::min)() <= value and value <= (std::numeric_limits<std::int32_t>::max)())
+        {
+            return sizeof(std::int32_t);
+        }
+        else
+        {
+            return sizeof(std::int64_t);
+        }
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and integer @a value
+    */
+    void write_bson_integer(const string_t& name,
+                            const std::int64_t value)
+    {
+        if ((std::numeric_limits<std::int32_t>::min)() <= value and value <= (std::numeric_limits<std::int32_t>::max)())
+        {
+            write_bson_entry_header(name, 0x10); // int32
+            write_number<std::int32_t, true>(static_cast<std::int32_t>(value));
+        }
+        else
+        {
+            write_bson_entry_header(name, 0x12); // int64
+            write_number<std::int64_t, true>(static_cast<std::int64_t>(value));
+        }
+    }
+
+    /*!
+    @return The size of the BSON-encoded unsigned integer in @a j
+    */
+    static constexpr std::size_t calc_bson_unsigned_size(const std::uint64_t value) noexcept
+    {
+        return (value <= static_cast<std::uint64_t>((std::numeric_limits<std::int32_t>::max)()))
+               ? sizeof(std::int32_t)
+               : sizeof(std::int64_t);
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and unsigned @a value
+    */
+    void write_bson_unsigned(const string_t& name,
+                             const std::uint64_t value)
+    {
+        if (value <= static_cast<std::uint64_t>((std::numeric_limits<std::int32_t>::max)()))
+        {
+            write_bson_entry_header(name, 0x10 /* int32 */);
+            write_number<std::int32_t, true>(static_cast<std::int32_t>(value));
+        }
+        else if (value <= static_cast<std::uint64_t>((std::numeric_limits<std::int64_t>::max)()))
+        {
+            write_bson_entry_header(name, 0x12 /* int64 */);
+            write_number<std::int64_t, true>(static_cast<std::int64_t>(value));
+        }
+        else
+        {
+            JSON_THROW(out_of_range::create(407, "integer number " + std::to_string(value) + " cannot be represented by BSON as it does not fit int64"));
+        }
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and object @a value
+    */
+    void write_bson_object_entry(const string_t& name,
+                                 const typename BasicJsonType::object_t& value)
+    {
+        write_bson_entry_header(name, 0x03); // object
+        write_bson_object(value);
+    }
+
+    /*!
+    @return The size of the BSON-encoded array @a value
+    */
+    static std::size_t calc_bson_array_size(const typename BasicJsonType::array_t& value)
+    {
+        std::size_t embedded_document_size = 0ul;
+        std::size_t array_index = 0ul;
+
+        for (const auto& el : value)
+        {
+            embedded_document_size += calc_bson_element_size(std::to_string(array_index++), el);
+        }
+
+        return sizeof(std::int32_t) + embedded_document_size + 1ul;
+    }
+
+    /*!
+    @brief Writes a BSON element with key @a name and array @a value
+    */
+    void write_bson_array(const string_t& name,
+                          const typename BasicJsonType::array_t& value)
+    {
+        write_bson_entry_header(name, 0x04); // array
+        write_number<std::int32_t, true>(static_cast<std::int32_t>(calc_bson_array_size(value)));
+
+        std::size_t array_index = 0ul;
+
+        for (const auto& el : value)
+        {
+            write_bson_element(std::to_string(array_index++), el);
+        }
+
+        oa->write_character(to_char_type(0x00));
+    }
+
+    /*!
+    @brief Calculates the size necessary to serialize the JSON value @a j with its @a name
+    @return The calculated size for the BSON document entry for @a j with the given @a name.
+    */
+    static std::size_t calc_bson_element_size(const string_t& name,
+            const BasicJsonType& j)
+    {
+        const auto header_size = calc_bson_entry_header_size(name);
+        switch (j.type())
+        {
+            case value_t::object:
+                return header_size + calc_bson_object_size(*j.m_value.object);
+
+            case value_t::array:
+                return header_size + calc_bson_array_size(*j.m_value.array);
+
+            case value_t::boolean:
+                return header_size + 1ul;
+
+            case value_t::number_float:
+                return header_size + 8ul;
+
+            case value_t::number_integer:
+                return header_size + calc_bson_integer_size(j.m_value.number_integer);
+
+            case value_t::number_unsigned:
+                return header_size + calc_bson_unsigned_size(j.m_value.number_unsigned);
+
+            case value_t::string:
+                return header_size + calc_bson_string_size(*j.m_value.string);
+
+            case value_t::null:
+                return header_size + 0ul;
+
+            // LCOV_EXCL_START
+            default:
+                assert(false);
+                return 0ul;
+                // LCOV_EXCL_STOP
+        };
+    }
+
+    /*!
+    @brief Serializes the JSON value @a j to BSON and associates it with the
+           key @a name.
+    @param name The name to associate with the JSON entity @a j within the
+                current BSON document
+    @return The size of the BSON entry
+    */
+    void write_bson_element(const string_t& name,
+                            const BasicJsonType& j)
+    {
+        switch (j.type())
+        {
+            case value_t::object:
+                return write_bson_object_entry(name, *j.m_value.object);
+
+            case value_t::array:
+                return write_bson_array(name, *j.m_value.array);
+
+            case value_t::boolean:
+                return write_bson_boolean(name, j.m_value.boolean);
+
+            case value_t::number_float:
+                return write_bson_double(name, j.m_value.number_float);
+
+            case value_t::number_integer:
+                return write_bson_integer(name, j.m_value.number_integer);
+
+            case value_t::number_unsigned:
+                return write_bson_unsigned(name, j.m_value.number_unsigned);
+
+            case value_t::string:
+                return write_bson_string(name, *j.m_value.string);
+
+            case value_t::null:
+                return write_bson_null(name);
+
+            // LCOV_EXCL_START
+            default:
+                assert(false);
+                return;
+                // LCOV_EXCL_STOP
+        };
+    }
+
+    /*!
+    @brief Calculates the size of the BSON serialization of the given
+           JSON-object @a j.
+    @param[in] j  JSON value to serialize
+    @pre       j.type() == value_t::object
+    */
+    static std::size_t calc_bson_object_size(const typename BasicJsonType::object_t& value)
+    {
+        std::size_t document_size = std::accumulate(value.begin(), value.end(), 0ul,
+                                    [](size_t result, const typename BasicJsonType::object_t::value_type & el)
+        {
+            return result += calc_bson_element_size(el.first, el.second);
+        });
+
+        return sizeof(std::int32_t) + document_size + 1ul;
+    }
+
+    /*!
+    @param[in] j  JSON value to serialize
+    @pre       j.type() == value_t::object
+    */
+    void write_bson_object(const typename BasicJsonType::object_t& value)
+    {
+        write_number<std::int32_t, true>(static_cast<std::int32_t>(calc_bson_object_size(value)));
+
+        for (const auto& el : value)
+        {
+            write_bson_element(el.first, el.second);
+        }
+
+        oa->write_character(to_char_type(0x00));
+    }
+
+    //////////
+    // CBOR //
+    //////////
+
+    static constexpr CharType get_cbor_float_prefix(float /*unused*/)
+    {
+        return to_char_type(0xFA);  // Single-Precision Float
+    }
+
+    static constexpr CharType get_cbor_float_prefix(double /*unused*/)
+    {
+        return to_char_type(0xFB);  // Double-Precision Float
+    }
+
+    /////////////
+    // MsgPack //
+    /////////////
+
+    static constexpr CharType get_msgpack_float_prefix(float /*unused*/)
+    {
+        return to_char_type(0xCA);  // float 32
+    }
+
+    static constexpr CharType get_msgpack_float_prefix(double /*unused*/)
+    {
+        return to_char_type(0xCB);  // float 64
+    }
+
+    ////////////
+    // UBJSON //
+    ////////////
+
+    // UBJSON: write number (floating point)
+    template<typename NumberType, typename std::enable_if<
+                 std::is_floating_point<NumberType>::value, int>::type = 0>
+    void write_number_with_ubjson_prefix(const NumberType n,
+                                         const bool add_prefix)
+    {
+        if (add_prefix)
+        {
+            oa->write_character(get_ubjson_float_prefix(n));
+        }
+        write_number(n);
+    }
+
+    // UBJSON: write number (unsigned integer)
+    template<typename NumberType, typename std::enable_if<
+                 std::is_unsigned<NumberType>::value, int>::type = 0>
+    void write_number_with_ubjson_prefix(const NumberType n,
+                                         const bool add_prefix)
+    {
+        if (n <= static_cast<uint64_t>((std::numeric_limits<int8_t>::max)()))
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('i'));  // int8
+            }
+            write_number(static_cast<uint8_t>(n));
+        }
+        else if (n <= (std::numeric_limits<uint8_t>::max)())
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('U'));  // uint8
+            }
+            write_number(static_cast<uint8_t>(n));
+        }
+        else if (n <= static_cast<uint64_t>((std::numeric_limits<int16_t>::max)()))
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('I'));  // int16
+            }
+            write_number(static_cast<int16_t>(n));
+        }
+        else if (n <= static_cast<uint64_t>((std::numeric_limits<int32_t>::max)()))
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('l'));  // int32
+            }
+            write_number(static_cast<int32_t>(n));
+        }
+        else if (n <= static_cast<uint64_t>((std::numeric_limits<int64_t>::max)()))
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('L'));  // int64
+            }
+            write_number(static_cast<int64_t>(n));
+        }
+        else
+        {
+            JSON_THROW(out_of_range::create(407, "integer number " + std::to_string(n) + " cannot be represented by UBJSON as it does not fit int64"));
+        }
+    }
+
+    // UBJSON: write number (signed integer)
+    template<typename NumberType, typename std::enable_if<
+                 std::is_signed<NumberType>::value and
+                 not std::is_floating_point<NumberType>::value, int>::type = 0>
+    void write_number_with_ubjson_prefix(const NumberType n,
+                                         const bool add_prefix)
+    {
+        if ((std::numeric_limits<int8_t>::min)() <= n and n <= (std::numeric_limits<int8_t>::max)())
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('i'));  // int8
+            }
+            write_number(static_cast<int8_t>(n));
+        }
+        else if (static_cast<int64_t>((std::numeric_limits<uint8_t>::min)()) <= n and n <= static_cast<int64_t>((std::numeric_limits<uint8_t>::max)()))
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('U'));  // uint8
+            }
+            write_number(static_cast<uint8_t>(n));
+        }
+        else if ((std::numeric_limits<int16_t>::min)() <= n and n <= (std::numeric_limits<int16_t>::max)())
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('I'));  // int16
+            }
+            write_number(static_cast<int16_t>(n));
+        }
+        else if ((std::numeric_limits<int32_t>::min)() <= n and n <= (std::numeric_limits<int32_t>::max)())
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('l'));  // int32
+            }
+            write_number(static_cast<int32_t>(n));
+        }
+        else if ((std::numeric_limits<int64_t>::min)() <= n and n <= (std::numeric_limits<int64_t>::max)())
+        {
+            if (add_prefix)
+            {
+                oa->write_character(to_char_type('L'));  // int64
+            }
+            write_number(static_cast<int64_t>(n));
+        }
+        // LCOV_EXCL_START
+        else
+        {
+            JSON_THROW(out_of_range::create(407, "integer number " + std::to_string(n) + " cannot be represented by UBJSON as it does not fit int64"));
+        }
+        // LCOV_EXCL_STOP
+    }
+
+    /*!
+    @brief determine the type prefix of container values
+
+    @note This function does not need to be 100% accurate when it comes to
+          integer limits. In case a number exceeds the limits of int64_t,
+          this will be detected by a later call to function
+          write_number_with_ubjson_prefix. Therefore, we return 'L' for any
+          value that does not fit the previous limits.
+    */
+    CharType ubjson_prefix(const BasicJsonType& j) const noexcept
+    {
+        switch (j.type())
+        {
+            case value_t::null:
+                return 'Z';
+
+            case value_t::boolean:
+                return j.m_value.boolean ? 'T' : 'F';
+
+            case value_t::number_integer:
+            {
+                if ((std::numeric_limits<int8_t>::min)() <= j.m_value.number_integer and j.m_value.number_integer <= (std::numeric_limits<int8_t>::max)())
+                {
+                    return 'i';
+                }
+                if ((std::numeric_limits<uint8_t>::min)() <= j.m_value.number_integer and j.m_value.number_integer <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    return 'U';
+                }
+                if ((std::numeric_limits<int16_t>::min)() <= j.m_value.number_integer and j.m_value.number_integer <= (std::numeric_limits<int16_t>::max)())
+                {
+                    return 'I';
+                }
+                if ((std::numeric_limits<int32_t>::min)() <= j.m_value.number_integer and j.m_value.number_integer <= (std::numeric_limits<int32_t>::max)())
+                {
+                    return 'l';
+                }
+                // no check and assume int64_t (see note above)
+                return 'L';
+            }
+
+            case value_t::number_unsigned:
+            {
+                if (j.m_value.number_unsigned <= (std::numeric_limits<int8_t>::max)())
+                {
+                    return 'i';
+                }
+                if (j.m_value.number_unsigned <= (std::numeric_limits<uint8_t>::max)())
+                {
+                    return 'U';
+                }
+                if (j.m_value.number_unsigned <= (std::numeric_limits<int16_t>::max)())
+                {
+                    return 'I';
+                }
+                if (j.m_value.number_unsigned <= (std::numeric_limits<int32_t>::max)())
+                {
+                    return 'l';
+                }
+                // no check and assume int64_t (see note above)
+                return 'L';
+            }
+
+            case value_t::number_float:
+                return get_ubjson_float_prefix(j.m_value.number_float);
+
+            case value_t::string:
+                return 'S';
+
+            case value_t::array:
+                return '[';
+
+            case value_t::object:
+                return '{';
+
+            default:  // discarded values
+                return 'N';
+        }
+    }
+
+    static constexpr CharType get_ubjson_float_prefix(float /*unused*/)
+    {
+        return 'd';  // float 32
+    }
+
+    static constexpr CharType get_ubjson_float_prefix(double /*unused*/)
+    {
+        return 'D';  // float 64
+    }
+
+    ///////////////////////
+    // Utility functions //
+    ///////////////////////
+
+    /*
+    @brief write a number to output input
+    @param[in] n number of type @a NumberType
+    @tparam NumberType the type of the number
+    @tparam OutputIsLittleEndian Set to true if output data is
+                                 required to be little endian
+
+    @note This function needs to respect the system's endianess, because bytes
+          in CBOR, MessagePack, and UBJSON are stored in network order (big
+          endian) and therefore need reordering on little endian systems.
+    */
+    template<typename NumberType, bool OutputIsLittleEndian = false>
+    void write_number(const NumberType n)
+    {
+        // step 1: write number to array of length NumberType
+        std::array<CharType, sizeof(NumberType)> vec;
+        std::memcpy(vec.data(), &n, sizeof(NumberType));
+
+        // step 2: write array to output (with possible reordering)
+        if (is_little_endian and not OutputIsLittleEndian)
+        {
+            // reverse byte order prior to conversion if necessary
+            std::reverse(vec.begin(), vec.end());
+        }
+
+        oa->write_characters(vec.data(), sizeof(NumberType));
+    }
+
+  public:
+    // The following to_char_type functions are implement the conversion
+    // between uint8_t and CharType. In case CharType is not unsigned,
+    // such a conversion is required to allow values greater than 128.
+    // See <https://github.com/nlohmann/json/issues/1286> for a discussion.
+    template < typename C = CharType,
+               enable_if_t < std::is_signed<C>::value and std::is_signed<char>::value > * = nullptr >
+    static constexpr CharType to_char_type(std::uint8_t x) noexcept
+    {
+        return *reinterpret_cast<char*>(&x);
+    }
+
+    template < typename C = CharType,
+               enable_if_t < std::is_signed<C>::value and std::is_unsigned<char>::value > * = nullptr >
+    static CharType to_char_type(std::uint8_t x) noexcept
+    {
+        static_assert(sizeof(std::uint8_t) == sizeof(CharType), "size of CharType must be equal to std::uint8_t");
+        static_assert(std::is_pod<CharType>::value, "CharType must be POD");
+        CharType result;
+        std::memcpy(&result, &x, sizeof(x));
+        return result;
+    }
+
+    template<typename C = CharType,
+             enable_if_t<std::is_unsigned<C>::value>* = nullptr>
+    static constexpr CharType to_char_type(std::uint8_t x) noexcept
+    {
+        return x;
+    }
+
+    template < typename InputCharType, typename C = CharType,
+               enable_if_t <
+                   std::is_signed<C>::value and
+                   std::is_signed<char>::value and
+                   std::is_same<char, typename std::remove_cv<InputCharType>::type>::value
+                   > * = nullptr >
+    static constexpr CharType to_char_type(InputCharType x) noexcept
+    {
+        return x;
+    }
+
+  private:
+    /// whether we can assume little endianess
+    const bool is_little_endian = binary_reader<BasicJsonType>::little_endianess();
+
+    /// the output
+    output_adapter_t<CharType> oa = nullptr;
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/output/serializer.hpp>
+
+
+#include <algorithm> // reverse, remove, fill, find, none_of
+#include <array> // array
+#include <cassert> // assert
+#include <ciso646> // and, or
+#include <clocale> // localeconv, lconv
+#include <cmath> // labs, isfinite, isnan, signbit
+#include <cstddef> // size_t, ptrdiff_t
+#include <cstdint> // uint8_t
+#include <cstdio> // snprintf
+#include <limits> // numeric_limits
+#include <string> // string
+#include <type_traits> // is_same
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+// #include <nlohmann/detail/conversions/to_chars.hpp>
+
+
+#include <cassert> // assert
+#include <ciso646> // or, and, not
+#include <cmath>   // signbit, isfinite
+#include <cstdint> // intN_t, uintN_t
+#include <cstring> // memcpy, memmove
+
+namespace nlohmann
+{
+namespace detail
+{
+
+/*!
+@brief implements the Grisu2 algorithm for binary to decimal floating-point
+conversion.
+
+This implementation is a slightly modified version of the reference
+implementation which may be obtained from
+http://florian.loitsch.com/publications (bench.tar.gz).
+
+The code is distributed under the MIT license, Copyright (c) 2009 Florian Loitsch.
+
+For a detailed description of the algorithm see:
+
+[1] Loitsch, "Printing Floating-Point Numbers Quickly and Accurately with
+    Integers", Proceedings of the ACM SIGPLAN 2010 Conference on Programming
+    Language Design and Implementation, PLDI 2010
+[2] Burger, Dybvig, "Printing Floating-Point Numbers Quickly and Accurately",
+    Proceedings of the ACM SIGPLAN 1996 Conference on Programming Language
+    Design and Implementation, PLDI 1996
+*/
+namespace dtoa_impl
+{
+
+template <typename Target, typename Source>
+Target reinterpret_bits(const Source source)
+{
+    static_assert(sizeof(Target) == sizeof(Source), "size mismatch");
+
+    Target target;
+    std::memcpy(&target, &source, sizeof(Source));
+    return target;
+}
+
+struct diyfp // f * 2^e
+{
+    static constexpr int kPrecision = 64; // = q
+
+    uint64_t f = 0;
+    int e = 0;
+
+    constexpr diyfp(uint64_t f_, int e_) noexcept : f(f_), e(e_) {}
+
+    /*!
+    @brief returns x - y
+    @pre x.e == y.e and x.f >= y.f
+    */
+    static diyfp sub(const diyfp& x, const diyfp& y) noexcept
+    {
+        assert(x.e == y.e);
+        assert(x.f >= y.f);
+
+        return {x.f - y.f, x.e};
+    }
+
+    /*!
+    @brief returns x * y
+    @note The result is rounded. (Only the upper q bits are returned.)
+    */
+    static diyfp mul(const diyfp& x, const diyfp& y) noexcept
+    {
+        static_assert(kPrecision == 64, "internal error");
+
+        // Computes:
+        //  f = round((x.f * y.f) / 2^q)
+        //  e = x.e + y.e + q
+
+        // Emulate the 64-bit * 64-bit multiplication:
+        //
+        // p = u * v
+        //   = (u_lo + 2^32 u_hi) (v_lo + 2^32 v_hi)
+        //   = (u_lo v_lo         ) + 2^32 ((u_lo v_hi         ) + (u_hi v_lo         )) + 2^64 (u_hi v_hi         )
+        //   = (p0                ) + 2^32 ((p1                ) + (p2                )) + 2^64 (p3                )
+        //   = (p0_lo + 2^32 p0_hi) + 2^32 ((p1_lo + 2^32 p1_hi) + (p2_lo + 2^32 p2_hi)) + 2^64 (p3                )
+        //   = (p0_lo             ) + 2^32 (p0_hi + p1_lo + p2_lo                      ) + 2^64 (p1_hi + p2_hi + p3)
+        //   = (p0_lo             ) + 2^32 (Q                                          ) + 2^64 (H                 )
+        //   = (p0_lo             ) + 2^32 (Q_lo + 2^32 Q_hi                           ) + 2^64 (H                 )
+        //
+        // (Since Q might be larger than 2^32 - 1)
+        //
+        //   = (p0_lo + 2^32 Q_lo) + 2^64 (Q_hi + H)
+        //
+        // (Q_hi + H does not overflow a 64-bit int)
+        //
+        //   = p_lo + 2^64 p_hi
+
+        const uint64_t u_lo = x.f & 0xFFFFFFFF;
+        const uint64_t u_hi = x.f >> 32;
+        const uint64_t v_lo = y.f & 0xFFFFFFFF;
+        const uint64_t v_hi = y.f >> 32;
+
+        const uint64_t p0 = u_lo * v_lo;
+        const uint64_t p1 = u_lo * v_hi;
+        const uint64_t p2 = u_hi * v_lo;
+        const uint64_t p3 = u_hi * v_hi;
+
+        const uint64_t p0_hi = p0 >> 32;
+        const uint64_t p1_lo = p1 & 0xFFFFFFFF;
+        const uint64_t p1_hi = p1 >> 32;
+        const uint64_t p2_lo = p2 & 0xFFFFFFFF;
+        const uint64_t p2_hi = p2 >> 32;
+
+        uint64_t Q = p0_hi + p1_lo + p2_lo;
+
+        // The full product might now be computed as
+        //
+        // p_hi = p3 + p2_hi + p1_hi + (Q >> 32)
+        // p_lo = p0_lo + (Q << 32)
+        //
+        // But in this particular case here, the full p_lo is not required.
+        // Effectively we only need to add the highest bit in p_lo to p_hi (and
+        // Q_hi + 1 does not overflow).
+
+        Q += uint64_t{1} << (64 - 32 - 1); // round, ties up
+
+        const uint64_t h = p3 + p2_hi + p1_hi + (Q >> 32);
+
+        return {h, x.e + y.e + 64};
+    }
+
+    /*!
+    @brief normalize x such that the significand is >= 2^(q-1)
+    @pre x.f != 0
+    */
+    static diyfp normalize(diyfp x) noexcept
+    {
+        assert(x.f != 0);
+
+        while ((x.f >> 63) == 0)
+        {
+            x.f <<= 1;
+            x.e--;
+        }
+
+        return x;
+    }
+
+    /*!
+    @brief normalize x such that the result has the exponent E
+    @pre e >= x.e and the upper e - x.e bits of x.f must be zero.
+    */
+    static diyfp normalize_to(const diyfp& x, const int target_exponent) noexcept
+    {
+        const int delta = x.e - target_exponent;
+
+        assert(delta >= 0);
+        assert(((x.f << delta) >> delta) == x.f);
+
+        return {x.f << delta, target_exponent};
+    }
+};
+
+struct boundaries
+{
+    diyfp w;
+    diyfp minus;
+    diyfp plus;
+};
+
+/*!
+Compute the (normalized) diyfp representing the input number 'value' and its
+boundaries.
+
+@pre value must be finite and positive
+*/
+template <typename FloatType>
+boundaries compute_boundaries(FloatType value)
+{
+    assert(std::isfinite(value));
+    assert(value > 0);
+
+    // Convert the IEEE representation into a diyfp.
+    //
+    // If v is denormal:
+    //      value = 0.F * 2^(1 - bias) = (          F) * 2^(1 - bias - (p-1))
+    // If v is normalized:
+    //      value = 1.F * 2^(E - bias) = (2^(p-1) + F) * 2^(E - bias - (p-1))
+
+    static_assert(std::numeric_limits<FloatType>::is_iec559,
+                  "internal error: dtoa_short requires an IEEE-754 floating-point implementation");
+
+    constexpr int      kPrecision = std::numeric_limits<FloatType>::digits; // = p (includes the hidden bit)
+    constexpr int      kBias      = std::numeric_limits<FloatType>::max_exponent - 1 + (kPrecision - 1);
+    constexpr int      kMinExp    = 1 - kBias;
+    constexpr uint64_t kHiddenBit = uint64_t{1} << (kPrecision - 1); // = 2^(p-1)
+
+    using bits_type = typename std::conditional< kPrecision == 24, uint32_t, uint64_t >::type;
+
+    const uint64_t bits = reinterpret_bits<bits_type>(value);
+    const uint64_t E = bits >> (kPrecision - 1);
+    const uint64_t F = bits & (kHiddenBit - 1);
+
+    const bool is_denormal = (E == 0);
+    const diyfp v = is_denormal
+                    ? diyfp(F, kMinExp)
+                    : diyfp(F + kHiddenBit, static_cast<int>(E) - kBias);
+
+    // Compute the boundaries m- and m+ of the floating-point value
+    // v = f * 2^e.
+    //
+    // Determine v- and v+, the floating-point predecessor and successor if v,
+    // respectively.
+    //
+    //      v- = v - 2^e        if f != 2^(p-1) or e == e_min                (A)
+    //         = v - 2^(e-1)    if f == 2^(p-1) and e > e_min                (B)
+    //
+    //      v+ = v + 2^e
+    //
+    // Let m- = (v- + v) / 2 and m+ = (v + v+) / 2. All real numbers _strictly_
+    // between m- and m+ round to v, regardless of how the input rounding
+    // algorithm breaks ties.
+    //
+    //      ---+-------------+-------------+-------------+-------------+---  (A)
+    //         v-            m-            v             m+            v+
+    //
+    //      -----------------+------+------+-------------+-------------+---  (B)
+    //                       v-     m-     v             m+            v+
+
+    const bool lower_boundary_is_closer = (F == 0 and E > 1);
+    const diyfp m_plus = diyfp(2 * v.f + 1, v.e - 1);
+    const diyfp m_minus = lower_boundary_is_closer
+                          ? diyfp(4 * v.f - 1, v.e - 2)  // (B)
+                          : diyfp(2 * v.f - 1, v.e - 1); // (A)
+
+    // Determine the normalized w+ = m+.
+    const diyfp w_plus = diyfp::normalize(m_plus);
+
+    // Determine w- = m- such that e_(w-) = e_(w+).
+    const diyfp w_minus = diyfp::normalize_to(m_minus, w_plus.e);
+
+    return {diyfp::normalize(v), w_minus, w_plus};
+}
+
+// Given normalized diyfp w, Grisu needs to find a (normalized) cached
+// power-of-ten c, such that the exponent of the product c * w = f * 2^e lies
+// within a certain range [alpha, gamma] (Definition 3.2 from [1])
+//
+//      alpha <= e = e_c + e_w + q <= gamma
+//
+// or
+//
+//      f_c * f_w * 2^alpha <= f_c 2^(e_c) * f_w 2^(e_w) * 2^q
+//                          <= f_c * f_w * 2^gamma
+//
+// Since c and w are normalized, i.e. 2^(q-1) <= f < 2^q, this implies
+//
+//      2^(q-1) * 2^(q-1) * 2^alpha <= c * w * 2^q < 2^q * 2^q * 2^gamma
+//
+// or
+//
+//      2^(q - 2 + alpha) <= c * w < 2^(q + gamma)
+//
+// The choice of (alpha,gamma) determines the size of the table and the form of
+// the digit generation procedure. Using (alpha,gamma)=(-60,-32) works out well
+// in practice:
+//
+// The idea is to cut the number c * w = f * 2^e into two parts, which can be
+// processed independently: An integral part p1, and a fractional part p2:
+//
+//      f * 2^e = ( (f div 2^-e) * 2^-e + (f mod 2^-e) ) * 2^e
+//              = (f div 2^-e) + (f mod 2^-e) * 2^e
+//              = p1 + p2 * 2^e
+//
+// The conversion of p1 into decimal form requires a series of divisions and
+// modulos by (a power of) 10. These operations are faster for 32-bit than for
+// 64-bit integers, so p1 should ideally fit into a 32-bit integer. This can be
+// achieved by choosing
+//
+//      -e >= 32   or   e <= -32 := gamma
+//
+// In order to convert the fractional part
+//
+//      p2 * 2^e = p2 / 2^-e = d[-1] / 10^1 + d[-2] / 10^2 + ...
+//
+// into decimal form, the fraction is repeatedly multiplied by 10 and the digits
+// d[-i] are extracted in order:
+//
+//      (10 * p2) div 2^-e = d[-1]
+//      (10 * p2) mod 2^-e = d[-2] / 10^1 + ...
+//
+// The multiplication by 10 must not overflow. It is sufficient to choose
+//
+//      10 * p2 < 16 * p2 = 2^4 * p2 <= 2^64.
+//
+// Since p2 = f mod 2^-e < 2^-e,
+//
+//      -e <= 60   or   e >= -60 := alpha
+
+constexpr int kAlpha = -60;
+constexpr int kGamma = -32;
+
+struct cached_power // c = f * 2^e ~= 10^k
+{
+    uint64_t f;
+    int e;
+    int k;
+};
+
+/*!
+For a normalized diyfp w = f * 2^e, this function returns a (normalized) cached
+power-of-ten c = f_c * 2^e_c, such that the exponent of the product w * c
+satisfies (Definition 3.2 from [1])
+
+     alpha <= e_c + e + q <= gamma.
+*/
+inline cached_power get_cached_power_for_binary_exponent(int e)
+{
+    // Now
+    //
+    //      alpha <= e_c + e + q <= gamma                                    (1)
+    //      ==> f_c * 2^alpha <= c * 2^e * 2^q
+    //
+    // and since the c's are normalized, 2^(q-1) <= f_c,
+    //
+    //      ==> 2^(q - 1 + alpha) <= c * 2^(e + q)
+    //      ==> 2^(alpha - e - 1) <= c
+    //
+    // If c were an exakt power of ten, i.e. c = 10^k, one may determine k as
+    //
+    //      k = ceil( log_10( 2^(alpha - e - 1) ) )
+    //        = ceil( (alpha - e - 1) * log_10(2) )
+    //
+    // From the paper:
+    // "In theory the result of the procedure could be wrong since c is rounded,
+    //  and the computation itself is approximated [...]. In practice, however,
+    //  this simple function is sufficient."
+    //
+    // For IEEE double precision floating-point numbers converted into
+    // normalized diyfp's w = f * 2^e, with q = 64,
+    //
+    //      e >= -1022      (min IEEE exponent)
+    //           -52        (p - 1)
+    //           -52        (p - 1, possibly normalize denormal IEEE numbers)
+    //           -11        (normalize the diyfp)
+    //         = -1137
+    //
+    // and
+    //
+    //      e <= +1023      (max IEEE exponent)
+    //           -52        (p - 1)
+    //           -11        (normalize the diyfp)
+    //         = 960
+    //
+    // This binary exponent range [-1137,960] results in a decimal exponent
+    // range [-307,324]. One does not need to store a cached power for each
+    // k in this range. For each such k it suffices to find a cached power
+    // such that the exponent of the product lies in [alpha,gamma].
+    // This implies that the difference of the decimal exponents of adjacent
+    // table entries must be less than or equal to
+    //
+    //      floor( (gamma - alpha) * log_10(2) ) = 8.
+    //
+    // (A smaller distance gamma-alpha would require a larger table.)
+
+    // NB:
+    // Actually this function returns c, such that -60 <= e_c + e + 64 <= -34.
+
+    constexpr int kCachedPowersSize = 79;
+    constexpr int kCachedPowersMinDecExp = -300;
+    constexpr int kCachedPowersDecStep = 8;
+
+    static constexpr cached_power kCachedPowers[] =
+    {
+        { 0xAB70FE17C79AC6CA, -1060, -300 },
+        { 0xFF77B1FCBEBCDC4F, -1034, -292 },
+        { 0xBE5691EF416BD60C, -1007, -284 },
+        { 0x8DD01FAD907FFC3C,  -980, -276 },
+        { 0xD3515C2831559A83,  -954, -268 },
+        { 0x9D71AC8FADA6C9B5,  -927, -260 },
+        { 0xEA9C227723EE8BCB,  -901, -252 },
+        { 0xAECC49914078536D,  -874, -244 },
+        { 0x823C12795DB6CE57,  -847, -236 },
+        { 0xC21094364DFB5637,  -821, -228 },
+        { 0x9096EA6F3848984F,  -794, -220 },
+        { 0xD77485CB25823AC7,  -768, -212 },
+        { 0xA086CFCD97BF97F4,  -741, -204 },
+        { 0xEF340A98172AACE5,  -715, -196 },
+        { 0xB23867FB2A35B28E,  -688, -188 },
+        { 0x84C8D4DFD2C63F3B,  -661, -180 },
+        { 0xC5DD44271AD3CDBA,  -635, -172 },
+        { 0x936B9FCEBB25C996,  -608, -164 },
+        { 0xDBAC6C247D62A584,  -582, -156 },
+        { 0xA3AB66580D5FDAF6,  -555, -148 },
+        { 0xF3E2F893DEC3F126,  -529, -140 },
+        { 0xB5B5ADA8AAFF80B8,  -502, -132 },
+        { 0x87625F056C7C4A8B,  -475, -124 },
+        { 0xC9BCFF6034C13053,  -449, -116 },
+        { 0x964E858C91BA2655,  -422, -108 },
+        { 0xDFF9772470297EBD,  -396, -100 },
+        { 0xA6DFBD9FB8E5B88F,  -369,  -92 },
+        { 0xF8A95FCF88747D94,  -343,  -84 },
+        { 0xB94470938FA89BCF,  -316,  -76 },
+        { 0x8A08F0F8BF0F156B,  -289,  -68 },
+        { 0xCDB02555653131B6,  -263,  -60 },
+        { 0x993FE2C6D07B7FAC,  -236,  -52 },
+        { 0xE45C10C42A2B3B06,  -210,  -44 },
+        { 0xAA242499697392D3,  -183,  -36 },
+        { 0xFD87B5F28300CA0E,  -157,  -28 },
+        { 0xBCE5086492111AEB,  -130,  -20 },
+        { 0x8CBCCC096F5088CC,  -103,  -12 },
+        { 0xD1B71758E219652C,   -77,   -4 },
+        { 0x9C40000000000000,   -50,    4 },
+        { 0xE8D4A51000000000,   -24,   12 },
+        { 0xAD78EBC5AC620000,     3,   20 },
+        { 0x813F3978F8940984,    30,   28 },
+        { 0xC097CE7BC90715B3,    56,   36 },
+        { 0x8F7E32CE7BEA5C70,    83,   44 },
+        { 0xD5D238A4ABE98068,   109,   52 },
+        { 0x9F4F2726179A2245,   136,   60 },
+        { 0xED63A231D4C4FB27,   162,   68 },
+        { 0xB0DE65388CC8ADA8,   189,   76 },
+        { 0x83C7088E1AAB65DB,   216,   84 },
+        { 0xC45D1DF942711D9A,   242,   92 },
+        { 0x924D692CA61BE758,   269,  100 },
+        { 0xDA01EE641A708DEA,   295,  108 },
+        { 0xA26DA3999AEF774A,   322,  116 },
+        { 0xF209787BB47D6B85,   348,  124 },
+        { 0xB454E4A179DD1877,   375,  132 },
+        { 0x865B86925B9BC5C2,   402,  140 },
+        { 0xC83553C5C8965D3D,   428,  148 },
+        { 0x952AB45CFA97A0B3,   455,  156 },
+        { 0xDE469FBD99A05FE3,   481,  164 },
+        { 0xA59BC234DB398C25,   508,  172 },
+        { 0xF6C69A72A3989F5C,   534,  180 },
+        { 0xB7DCBF5354E9BECE,   561,  188 },
+        { 0x88FCF317F22241E2,   588,  196 },
+        { 0xCC20CE9BD35C78A5,   614,  204 },
+        { 0x98165AF37B2153DF,   641,  212 },
+        { 0xE2A0B5DC971F303A,   667,  220 },
+        { 0xA8D9D1535CE3B396,   694,  228 },
+        { 0xFB9B7CD9A4A7443C,   720,  236 },
+        { 0xBB764C4CA7A44410,   747,  244 },
+        { 0x8BAB8EEFB6409C1A,   774,  252 },
+        { 0xD01FEF10A657842C,   800,  260 },
+        { 0x9B10A4E5E9913129,   827,  268 },
+        { 0xE7109BFBA19C0C9D,   853,  276 },
+        { 0xAC2820D9623BF429,   880,  284 },
+        { 0x80444B5E7AA7CF85,   907,  292 },
+        { 0xBF21E44003ACDD2D,   933,  300 },
+        { 0x8E679C2F5E44FF8F,   960,  308 },
+        { 0xD433179D9C8CB841,   986,  316 },
+        { 0x9E19DB92B4E31BA9,  1013,  324 },
+    };
+
+    // This computation gives exactly the same results for k as
+    //      k = ceil((kAlpha - e - 1) * 0.30102999566398114)
+    // for |e| <= 1500, but doesn't require floating-point operations.
+    // NB: log_10(2) ~= 78913 / 2^18
+    assert(e >= -1500);
+    assert(e <=  1500);
+    const int f = kAlpha - e - 1;
+    const int k = (f * 78913) / (1 << 18) + static_cast<int>(f > 0);
+
+    const int index = (-kCachedPowersMinDecExp + k + (kCachedPowersDecStep - 1)) / kCachedPowersDecStep;
+    assert(index >= 0);
+    assert(index < kCachedPowersSize);
+    static_cast<void>(kCachedPowersSize); // Fix warning.
+
+    const cached_power cached = kCachedPowers[index];
+    assert(kAlpha <= cached.e + e + 64);
+    assert(kGamma >= cached.e + e + 64);
+
+    return cached;
+}
+
+/*!
+For n != 0, returns k, such that pow10 := 10^(k-1) <= n < 10^k.
+For n == 0, returns 1 and sets pow10 := 1.
+*/
+inline int find_largest_pow10(const uint32_t n, uint32_t& pow10)
+{
+    // LCOV_EXCL_START
+    if (n >= 1000000000)
+    {
+        pow10 = 1000000000;
+        return 10;
+    }
+    // LCOV_EXCL_STOP
+    else if (n >= 100000000)
+    {
+        pow10 = 100000000;
+        return  9;
+    }
+    else if (n >= 10000000)
+    {
+        pow10 = 10000000;
+        return  8;
+    }
+    else if (n >= 1000000)
+    {
+        pow10 = 1000000;
+        return  7;
+    }
+    else if (n >= 100000)
+    {
+        pow10 = 100000;
+        return  6;
+    }
+    else if (n >= 10000)
+    {
+        pow10 = 10000;
+        return  5;
+    }
+    else if (n >= 1000)
+    {
+        pow10 = 1000;
+        return  4;
+    }
+    else if (n >= 100)
+    {
+        pow10 = 100;
+        return  3;
+    }
+    else if (n >= 10)
+    {
+        pow10 = 10;
+        return  2;
+    }
+    else
+    {
+        pow10 = 1;
+        return 1;
+    }
+}
+
+inline void grisu2_round(char* buf, int len, uint64_t dist, uint64_t delta,
+                         uint64_t rest, uint64_t ten_k)
+{
+    assert(len >= 1);
+    assert(dist <= delta);
+    assert(rest <= delta);
+    assert(ten_k > 0);
+
+    //               <--------------------------- delta ---->
+    //                                  <---- dist --------->
+    // --------------[------------------+-------------------]--------------
+    //               M-                 w                   M+
+    //
+    //                                  ten_k
+    //                                <------>
+    //                                       <---- rest ---->
+    // --------------[------------------+----+--------------]--------------
+    //                                  w    V
+    //                                       = buf * 10^k
+    //
+    // ten_k represents a unit-in-the-last-place in the decimal representation
+    // stored in buf.
+    // Decrement buf by ten_k while this takes buf closer to w.
+
+    // The tests are written in this order to avoid overflow in unsigned
+    // integer arithmetic.
+
+    while (rest < dist
+            and delta - rest >= ten_k
+            and (rest + ten_k < dist or dist - rest > rest + ten_k - dist))
+    {
+        assert(buf[len - 1] != '0');
+        buf[len - 1]--;
+        rest += ten_k;
+    }
+}
+
+/*!
+Generates V = buffer * 10^decimal_exponent, such that M- <= V <= M+.
+M- and M+ must be normalized and share the same exponent -60 <= e <= -32.
+*/
+inline void grisu2_digit_gen(char* buffer, int& length, int& decimal_exponent,
+                             diyfp M_minus, diyfp w, diyfp M_plus)
+{
+    static_assert(kAlpha >= -60, "internal error");
+    static_assert(kGamma <= -32, "internal error");
+
+    // Generates the digits (and the exponent) of a decimal floating-point
+    // number V = buffer * 10^decimal_exponent in the range [M-, M+]. The diyfp's
+    // w, M- and M+ share the same exponent e, which satisfies alpha <= e <= gamma.
+    //
+    //               <--------------------------- delta ---->
+    //                                  <---- dist --------->
+    // --------------[------------------+-------------------]--------------
+    //               M-                 w                   M+
+    //
+    // Grisu2 generates the digits of M+ from left to right and stops as soon as
+    // V is in [M-,M+].
+
+    assert(M_plus.e >= kAlpha);
+    assert(M_plus.e <= kGamma);
+
+    uint64_t delta = diyfp::sub(M_plus, M_minus).f; // (significand of (M+ - M-), implicit exponent is e)
+    uint64_t dist  = diyfp::sub(M_plus, w      ).f; // (significand of (M+ - w ), implicit exponent is e)
+
+    // Split M+ = f * 2^e into two parts p1 and p2 (note: e < 0):
+    //
+    //      M+ = f * 2^e
+    //         = ((f div 2^-e) * 2^-e + (f mod 2^-e)) * 2^e
+    //         = ((p1        ) * 2^-e + (p2        )) * 2^e
+    //         = p1 + p2 * 2^e
+
+    const diyfp one(uint64_t{1} << -M_plus.e, M_plus.e);
+
+    auto p1 = static_cast<uint32_t>(M_plus.f >> -one.e); // p1 = f div 2^-e (Since -e >= 32, p1 fits into a 32-bit int.)
+    uint64_t p2 = M_plus.f & (one.f - 1);                    // p2 = f mod 2^-e
+
+    // 1)
+    //
+    // Generate the digits of the integral part p1 = d[n-1]...d[1]d[0]
+
+    assert(p1 > 0);
+
+    uint32_t pow10;
+    const int k = find_largest_pow10(p1, pow10);
+
+    //      10^(k-1) <= p1 < 10^k, pow10 = 10^(k-1)
+    //
+    //      p1 = (p1 div 10^(k-1)) * 10^(k-1) + (p1 mod 10^(k-1))
+    //         = (d[k-1]         ) * 10^(k-1) + (p1 mod 10^(k-1))
+    //
+    //      M+ = p1                                             + p2 * 2^e
+    //         = d[k-1] * 10^(k-1) + (p1 mod 10^(k-1))          + p2 * 2^e
+    //         = d[k-1] * 10^(k-1) + ((p1 mod 10^(k-1)) * 2^-e + p2) * 2^e
+    //         = d[k-1] * 10^(k-1) + (                         rest) * 2^e
+    //
+    // Now generate the digits d[n] of p1 from left to right (n = k-1,...,0)
+    //
+    //      p1 = d[k-1]...d[n] * 10^n + d[n-1]...d[0]
+    //
+    // but stop as soon as
+    //
+    //      rest * 2^e = (d[n-1]...d[0] * 2^-e + p2) * 2^e <= delta * 2^e
+
+    int n = k;
+    while (n > 0)
+    {
+        // Invariants:
+        //      M+ = buffer * 10^n + (p1 + p2 * 2^e)    (buffer = 0 for n = k)
+        //      pow10 = 10^(n-1) <= p1 < 10^n
+        //
+        const uint32_t d = p1 / pow10;  // d = p1 div 10^(n-1)
+        const uint32_t r = p1 % pow10;  // r = p1 mod 10^(n-1)
+        //
+        //      M+ = buffer * 10^n + (d * 10^(n-1) + r) + p2 * 2^e
+        //         = (buffer * 10 + d) * 10^(n-1) + (r + p2 * 2^e)
+        //
+        assert(d <= 9);
+        buffer[length++] = static_cast<char>('0' + d); // buffer := buffer * 10 + d
+        //
+        //      M+ = buffer * 10^(n-1) + (r + p2 * 2^e)
+        //
+        p1 = r;
+        n--;
+        //
+        //      M+ = buffer * 10^n + (p1 + p2 * 2^e)
+        //      pow10 = 10^n
+        //
+
+        // Now check if enough digits have been generated.
+        // Compute
+        //
+        //      p1 + p2 * 2^e = (p1 * 2^-e + p2) * 2^e = rest * 2^e
+        //
+        // Note:
+        // Since rest and delta share the same exponent e, it suffices to
+        // compare the significands.
+        const uint64_t rest = (uint64_t{p1} << -one.e) + p2;
+        if (rest <= delta)
+        {
+            // V = buffer * 10^n, with M- <= V <= M+.
+
+            decimal_exponent += n;
+
+            // We may now just stop. But instead look if the buffer could be
+            // decremented to bring V closer to w.
+            //
+            // pow10 = 10^n is now 1 ulp in the decimal representation V.
+            // The rounding procedure works with diyfp's with an implicit
+            // exponent of e.
+            //
+            //      10^n = (10^n * 2^-e) * 2^e = ulp * 2^e
+            //
+            const uint64_t ten_n = uint64_t{pow10} << -one.e;
+            grisu2_round(buffer, length, dist, delta, rest, ten_n);
+
+            return;
+        }
+
+        pow10 /= 10;
+        //
+        //      pow10 = 10^(n-1) <= p1 < 10^n
+        // Invariants restored.
+    }
+
+    // 2)
+    //
+    // The digits of the integral part have been generated:
+    //
+    //      M+ = d[k-1]...d[1]d[0] + p2 * 2^e
+    //         = buffer            + p2 * 2^e
+    //
+    // Now generate the digits of the fractional part p2 * 2^e.
+    //
+    // Note:
+    // No decimal point is generated: the exponent is adjusted instead.
+    //
+    // p2 actually represents the fraction
+    //
+    //      p2 * 2^e
+    //          = p2 / 2^-e
+    //          = d[-1] / 10^1 + d[-2] / 10^2 + ...
+    //
+    // Now generate the digits d[-m] of p1 from left to right (m = 1,2,...)
+    //
+    //      p2 * 2^e = d[-1]d[-2]...d[-m] * 10^-m
+    //                      + 10^-m * (d[-m-1] / 10^1 + d[-m-2] / 10^2 + ...)
+    //
+    // using
+    //
+    //      10^m * p2 = ((10^m * p2) div 2^-e) * 2^-e + ((10^m * p2) mod 2^-e)
+    //                = (                   d) * 2^-e + (                   r)
+    //
+    // or
+    //      10^m * p2 * 2^e = d + r * 2^e
+    //
+    // i.e.
+    //
+    //      M+ = buffer + p2 * 2^e
+    //         = buffer + 10^-m * (d + r * 2^e)
+    //         = (buffer * 10^m + d) * 10^-m + 10^-m * r * 2^e
+    //
+    // and stop as soon as 10^-m * r * 2^e <= delta * 2^e
+
+    assert(p2 > delta);
+
+    int m = 0;
+    for (;;)
+    {
+        // Invariant:
+        //      M+ = buffer * 10^-m + 10^-m * (d[-m-1] / 10 + d[-m-2] / 10^2 + ...) * 2^e
+        //         = buffer * 10^-m + 10^-m * (p2                                 ) * 2^e
+        //         = buffer * 10^-m + 10^-m * (1/10 * (10 * p2)                   ) * 2^e
+        //         = buffer * 10^-m + 10^-m * (1/10 * ((10*p2 div 2^-e) * 2^-e + (10*p2 mod 2^-e)) * 2^e
+        //
+        assert(p2 <= UINT64_MAX / 10);
+        p2 *= 10;
+        const uint64_t d = p2 >> -one.e;     // d = (10 * p2) div 2^-e
+        const uint64_t r = p2 & (one.f - 1); // r = (10 * p2) mod 2^-e
+        //
+        //      M+ = buffer * 10^-m + 10^-m * (1/10 * (d * 2^-e + r) * 2^e
+        //         = buffer * 10^-m + 10^-m * (1/10 * (d + r * 2^e))
+        //         = (buffer * 10 + d) * 10^(-m-1) + 10^(-m-1) * r * 2^e
+        //
+        assert(d <= 9);
+        buffer[length++] = static_cast<char>('0' + d); // buffer := buffer * 10 + d
+        //
+        //      M+ = buffer * 10^(-m-1) + 10^(-m-1) * r * 2^e
+        //
+        p2 = r;
+        m++;
+        //
+        //      M+ = buffer * 10^-m + 10^-m * p2 * 2^e
+        // Invariant restored.
+
+        // Check if enough digits have been generated.
+        //
+        //      10^-m * p2 * 2^e <= delta * 2^e
+        //              p2 * 2^e <= 10^m * delta * 2^e
+        //                    p2 <= 10^m * delta
+        delta *= 10;
+        dist  *= 10;
+        if (p2 <= delta)
+        {
+            break;
+        }
+    }
+
+    // V = buffer * 10^-m, with M- <= V <= M+.
+
+    decimal_exponent -= m;
+
+    // 1 ulp in the decimal representation is now 10^-m.
+    // Since delta and dist are now scaled by 10^m, we need to do the
+    // same with ulp in order to keep the units in sync.
+    //
+    //      10^m * 10^-m = 1 = 2^-e * 2^e = ten_m * 2^e
+    //
+    const uint64_t ten_m = one.f;
+    grisu2_round(buffer, length, dist, delta, p2, ten_m);
+
+    // By construction this algorithm generates the shortest possible decimal
+    // number (Loitsch, Theorem 6.2) which rounds back to w.
+    // For an input number of precision p, at least
+    //
+    //      N = 1 + ceil(p * log_10(2))
+    //
+    // decimal digits are sufficient to identify all binary floating-point
+    // numbers (Matula, "In-and-Out conversions").
+    // This implies that the algorithm does not produce more than N decimal
+    // digits.
+    //
+    //      N = 17 for p = 53 (IEEE double precision)
+    //      N = 9  for p = 24 (IEEE single precision)
+}
+
+/*!
+v = buf * 10^decimal_exponent
+len is the length of the buffer (number of decimal digits)
+The buffer must be large enough, i.e. >= max_digits10.
+*/
+inline void grisu2(char* buf, int& len, int& decimal_exponent,
+                   diyfp m_minus, diyfp v, diyfp m_plus)
+{
+    assert(m_plus.e == m_minus.e);
+    assert(m_plus.e == v.e);
+
+    //  --------(-----------------------+-----------------------)--------    (A)
+    //          m-                      v                       m+
+    //
+    //  --------------------(-----------+-----------------------)--------    (B)
+    //                      m-          v                       m+
+    //
+    // First scale v (and m- and m+) such that the exponent is in the range
+    // [alpha, gamma].
+
+    const cached_power cached = get_cached_power_for_binary_exponent(m_plus.e);
+
+    const diyfp c_minus_k(cached.f, cached.e); // = c ~= 10^-k
+
+    // The exponent of the products is = v.e + c_minus_k.e + q and is in the range [alpha,gamma]
+    const diyfp w       = diyfp::mul(v,       c_minus_k);
+    const diyfp w_minus = diyfp::mul(m_minus, c_minus_k);
+    const diyfp w_plus  = diyfp::mul(m_plus,  c_minus_k);
+
+    //  ----(---+---)---------------(---+---)---------------(---+---)----
+    //          w-                      w                       w+
+    //          = c*m-                  = c*v                   = c*m+
+    //
+    // diyfp::mul rounds its result and c_minus_k is approximated too. w, w- and
+    // w+ are now off by a small amount.
+    // In fact:
+    //
+    //      w - v * 10^k < 1 ulp
+    //
+    // To account for this inaccuracy, add resp. subtract 1 ulp.
+    //
+    //  --------+---[---------------(---+---)---------------]---+--------
+    //          w-  M-                  w                   M+  w+
+    //
+    // Now any number in [M-, M+] (bounds included) will round to w when input,
+    // regardless of how the input rounding algorithm breaks ties.
+    //
+    // And digit_gen generates the shortest possible such number in [M-, M+].
+    // Note that this does not mean that Grisu2 always generates the shortest
+    // possible number in the interval (m-, m+).
+    const diyfp M_minus(w_minus.f + 1, w_minus.e);
+    const diyfp M_plus (w_plus.f  - 1, w_plus.e );
+
+    decimal_exponent = -cached.k; // = -(-k) = k
+
+    grisu2_digit_gen(buf, len, decimal_exponent, M_minus, w, M_plus);
+}
+
+/*!
+v = buf * 10^decimal_exponent
+len is the length of the buffer (number of decimal digits)
+The buffer must be large enough, i.e. >= max_digits10.
+*/
+template <typename FloatType>
+void grisu2(char* buf, int& len, int& decimal_exponent, FloatType value)
+{
+    static_assert(diyfp::kPrecision >= std::numeric_limits<FloatType>::digits + 3,
+                  "internal error: not enough precision");
+
+    assert(std::isfinite(value));
+    assert(value > 0);
+
+    // If the neighbors (and boundaries) of 'value' are always computed for double-precision
+    // numbers, all float's can be recovered using strtod (and strtof). However, the resulting
+    // decimal representations are not exactly "short".
+    //
+    // The documentation for 'std::to_chars' (https://en.cppreference.com/w/cpp/utility/to_chars)
+    // says "value is converted to a string as if by std::sprintf in the default ("C") locale"
+    // and since sprintf promotes float's to double's, I think this is exactly what 'std::to_chars'
+    // does.
+    // On the other hand, the documentation for 'std::to_chars' requires that "parsing the
+    // representation using the corresponding std::from_chars function recovers value exactly". That
+    // indicates that single precision floating-point numbers should be recovered using
+    // 'std::strtof'.
+    //
+    // NB: If the neighbors are computed for single-precision numbers, there is a single float
+    //     (7.0385307e-26f) which can't be recovered using strtod. The resulting double precision
+    //     value is off by 1 ulp.
+#if 0
+    const boundaries w = compute_boundaries(static_cast<double>(value));
+#else
+    const boundaries w = compute_boundaries(value);
+#endif
+
+    grisu2(buf, len, decimal_exponent, w.minus, w.w, w.plus);
+}
+
+/*!
+@brief appends a decimal representation of e to buf
+@return a pointer to the element following the exponent.
+@pre -1000 < e < 1000
+*/
+inline char* append_exponent(char* buf, int e)
+{
+    assert(e > -1000);
+    assert(e <  1000);
+
+    if (e < 0)
+    {
+        e = -e;
+        *buf++ = '-';
+    }
+    else
+    {
+        *buf++ = '+';
+    }
+
+    auto k = static_cast<uint32_t>(e);
+    if (k < 10)
+    {
+        // Always print at least two digits in the exponent.
+        // This is for compatibility with printf("%g").
+        *buf++ = '0';
+        *buf++ = static_cast<char>('0' + k);
+    }
+    else if (k < 100)
+    {
+        *buf++ = static_cast<char>('0' + k / 10);
+        k %= 10;
+        *buf++ = static_cast<char>('0' + k);
+    }
+    else
+    {
+        *buf++ = static_cast<char>('0' + k / 100);
+        k %= 100;
+        *buf++ = static_cast<char>('0' + k / 10);
+        k %= 10;
+        *buf++ = static_cast<char>('0' + k);
+    }
+
+    return buf;
+}
+
+/*!
+@brief prettify v = buf * 10^decimal_exponent
+
+If v is in the range [10^min_exp, 10^max_exp) it will be printed in fixed-point
+notation. Otherwise it will be printed in exponential notation.
+
+@pre min_exp < 0
+@pre max_exp > 0
+*/
+inline char* format_buffer(char* buf, int len, int decimal_exponent,
+                           int min_exp, int max_exp)
+{
+    assert(min_exp < 0);
+    assert(max_exp > 0);
+
+    const int k = len;
+    const int n = len + decimal_exponent;
+
+    // v = buf * 10^(n-k)
+    // k is the length of the buffer (number of decimal digits)
+    // n is the position of the decimal point relative to the start of the buffer.
+
+    if (k <= n and n <= max_exp)
+    {
+        // digits[000]
+        // len <= max_exp + 2
+
+        std::memset(buf + k, '0', static_cast<size_t>(n - k));
+        // Make it look like a floating-point number (#362, #378)
+        buf[n + 0] = '.';
+        buf[n + 1] = '0';
+        return buf + (n + 2);
+    }
+
+    if (0 < n and n <= max_exp)
+    {
+        // dig.its
+        // len <= max_digits10 + 1
+
+        assert(k > n);
+
+        std::memmove(buf + (n + 1), buf + n, static_cast<size_t>(k - n));
+        buf[n] = '.';
+        return buf + (k + 1);
+    }
+
+    if (min_exp < n and n <= 0)
+    {
+        // 0.[000]digits
+        // len <= 2 + (-min_exp - 1) + max_digits10
+
+        std::memmove(buf + (2 + -n), buf, static_cast<size_t>(k));
+        buf[0] = '0';
+        buf[1] = '.';
+        std::memset(buf + 2, '0', static_cast<size_t>(-n));
+        return buf + (2 + (-n) + k);
+    }
+
+    if (k == 1)
+    {
+        // dE+123
+        // len <= 1 + 5
+
+        buf += 1;
+    }
+    else
+    {
+        // d.igitsE+123
+        // len <= max_digits10 + 1 + 5
+
+        std::memmove(buf + 2, buf + 1, static_cast<size_t>(k - 1));
+        buf[1] = '.';
+        buf += 1 + k;
+    }
+
+    *buf++ = 'e';
+    return append_exponent(buf, n - 1);
+}
+
+} // namespace dtoa_impl
+
+/*!
+@brief generates a decimal representation of the floating-point number value in [first, last).
+
+The format of the resulting decimal representation is similar to printf's %g
+format. Returns an iterator pointing past-the-end of the decimal representation.
+
+@note The input number must be finite, i.e. NaN's and Inf's are not supported.
+@note The buffer must be large enough.
+@note The result is NOT null-terminated.
+*/
+template <typename FloatType>
+char* to_chars(char* first, const char* last, FloatType value)
+{
+    static_cast<void>(last); // maybe unused - fix warning
+    assert(std::isfinite(value));
+
+    // Use signbit(value) instead of (value < 0) since signbit works for -0.
+    if (std::signbit(value))
+    {
+        value = -value;
+        *first++ = '-';
+    }
+
+    if (value == 0) // +-0
+    {
+        *first++ = '0';
+        // Make it look like a floating-point number (#362, #378)
+        *first++ = '.';
+        *first++ = '0';
+        return first;
+    }
+
+    assert(last - first >= std::numeric_limits<FloatType>::max_digits10);
+
+    // Compute v = buffer * 10^decimal_exponent.
+    // The decimal digits are stored in the buffer, which needs to be interpreted
+    // as an unsigned decimal integer.
+    // len is the length of the buffer, i.e. the number of decimal digits.
+    int len = 0;
+    int decimal_exponent = 0;
+    dtoa_impl::grisu2(first, len, decimal_exponent, value);
+
+    assert(len <= std::numeric_limits<FloatType>::max_digits10);
+
+    // Format the buffer like printf("%.*g", prec, value)
+    constexpr int kMinExp = -4;
+    // Use digits10 here to increase compatibility with version 2.
+    constexpr int kMaxExp = std::numeric_limits<FloatType>::digits10;
+
+    assert(last - first >= kMaxExp + 2);
+    assert(last - first >= 2 + (-kMinExp - 1) + std::numeric_limits<FloatType>::max_digits10);
+    assert(last - first >= std::numeric_limits<FloatType>::max_digits10 + 6);
+
+    return dtoa_impl::format_buffer(first, len, decimal_exponent, kMinExp, kMaxExp);
+}
+
+} // namespace detail
+} // namespace nlohmann
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+// #include <nlohmann/detail/meta/cpp_future.hpp>
+
+// #include <nlohmann/detail/output/binary_writer.hpp>
+
+// #include <nlohmann/detail/output/output_adapters.hpp>
+
+// #include <nlohmann/detail/value_t.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+///////////////////
+// serialization //
+///////////////////
+
+/// how to treat decoding errors
+enum class error_handler_t
+{
+    strict,  ///< throw a type_error exception in case of invalid UTF-8
+    replace, ///< replace invalid UTF-8 sequences with U+FFFD
+    ignore   ///< ignore invalid UTF-8 sequences
+};
+
+template<typename BasicJsonType>
+class serializer
+{
+    using string_t = typename BasicJsonType::string_t;
+    using number_float_t = typename BasicJsonType::number_float_t;
+    using number_integer_t = typename BasicJsonType::number_integer_t;
+    using number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+    static constexpr uint8_t UTF8_ACCEPT = 0;
+    static constexpr uint8_t UTF8_REJECT = 1;
+
+  public:
+    /*!
+    @param[in] s  output stream to serialize to
+    @param[in] ichar  indentation character to use
+    @param[in] error_handler_  how to react on decoding errors
+    */
+    serializer(output_adapter_t<char> s, const char ichar,
+               error_handler_t error_handler_ = error_handler_t::strict)
+        : o(std::move(s))
+        , loc(std::localeconv())
+        , thousands_sep(loc->thousands_sep == nullptr ? '\0' : * (loc->thousands_sep))
+        , decimal_point(loc->decimal_point == nullptr ? '\0' : * (loc->decimal_point))
+        , indent_char(ichar)
+        , indent_string(512, indent_char)
+        , error_handler(error_handler_)
+    {}
+
+    // delete because of pointer members
+    serializer(const serializer&) = delete;
+    serializer& operator=(const serializer&) = delete;
+    serializer(serializer&&) = delete;
+    serializer& operator=(serializer&&) = delete;
+    ~serializer() = default;
+
+    /*!
+    @brief internal implementation of the serialization function
+
+    This function is called by the public member function dump and organizes
+    the serialization internally. The indentation level is propagated as
+    additional parameter. In case of arrays and objects, the function is
+    called recursively.
+
+    - strings and object keys are escaped using `escape_string()`
+    - integer numbers are converted implicitly via `operator<<`
+    - floating-point numbers are converted to a string using `"%g"` format
+
+    @param[in] val             value to serialize
+    @param[in] pretty_print    whether the output shall be pretty-printed
+    @param[in] indent_step     the indent level
+    @param[in] current_indent  the current indent level (only used internally)
+    */
+    void dump(const BasicJsonType& val, const bool pretty_print,
+              const bool ensure_ascii,
+              const unsigned int indent_step,
+              const unsigned int current_indent = 0)
+    {
+        switch (val.m_type)
+        {
+            case value_t::object:
+            {
+                if (val.m_value.object->empty())
+                {
+                    o->write_characters("{}", 2);
+                    return;
+                }
+
+                if (pretty_print)
+                {
+                    o->write_characters("{\n", 2);
+
+                    // variable to hold indentation for recursive calls
+                    const auto new_indent = current_indent + indent_step;
+                    if (JSON_UNLIKELY(indent_string.size() < new_indent))
+                    {
+                        indent_string.resize(indent_string.size() * 2, ' ');
+                    }
+
+                    // first n-1 elements
+                    auto i = val.m_value.object->cbegin();
+                    for (std::size_t cnt = 0; cnt < val.m_value.object->size() - 1; ++cnt, ++i)
+                    {
+                        o->write_characters(indent_string.c_str(), new_indent);
+                        o->write_character('\"');
+                        dump_escaped(i->first, ensure_ascii);
+                        o->write_characters("\": ", 3);
+                        dump(i->second, true, ensure_ascii, indent_step, new_indent);
+                        o->write_characters(",\n", 2);
+                    }
+
+                    // last element
+                    assert(i != val.m_value.object->cend());
+                    assert(std::next(i) == val.m_value.object->cend());
+                    o->write_characters(indent_string.c_str(), new_indent);
+                    o->write_character('\"');
+                    dump_escaped(i->first, ensure_ascii);
+                    o->write_characters("\": ", 3);
+                    dump(i->second, true, ensure_ascii, indent_step, new_indent);
+
+                    o->write_character('\n');
+                    o->write_characters(indent_string.c_str(), current_indent);
+                    o->write_character('}');
+                }
+                else
+                {
+                    o->write_character('{');
+
+                    // first n-1 elements
+                    auto i = val.m_value.object->cbegin();
+                    for (std::size_t cnt = 0; cnt < val.m_value.object->size() - 1; ++cnt, ++i)
+                    {
+                        o->write_character('\"');
+                        dump_escaped(i->first, ensure_ascii);
+                        o->write_characters("\":", 2);
+                        dump(i->second, false, ensure_ascii, indent_step, current_indent);
+                        o->write_character(',');
+                    }
+
+                    // last element
+                    assert(i != val.m_value.object->cend());
+                    assert(std::next(i) == val.m_value.object->cend());
+                    o->write_character('\"');
+                    dump_escaped(i->first, ensure_ascii);
+                    o->write_characters("\":", 2);
+                    dump(i->second, false, ensure_ascii, indent_step, current_indent);
+
+                    o->write_character('}');
+                }
+
+                return;
+            }
+
+            case value_t::array:
+            {
+                if (val.m_value.array->empty())
+                {
+                    o->write_characters("[]", 2);
+                    return;
+                }
+
+                if (pretty_print)
+                {
+                    o->write_characters("[\n", 2);
+
+                    // variable to hold indentation for recursive calls
+                    const auto new_indent = current_indent + indent_step;
+                    if (JSON_UNLIKELY(indent_string.size() < new_indent))
+                    {
+                        indent_string.resize(indent_string.size() * 2, ' ');
+                    }
+
+                    // first n-1 elements
+                    for (auto i = val.m_value.array->cbegin();
+                            i != val.m_value.array->cend() - 1; ++i)
+                    {
+                        o->write_characters(indent_string.c_str(), new_indent);
+                        dump(*i, true, ensure_ascii, indent_step, new_indent);
+                        o->write_characters(",\n", 2);
+                    }
+
+                    // last element
+                    assert(not val.m_value.array->empty());
+                    o->write_characters(indent_string.c_str(), new_indent);
+                    dump(val.m_value.array->back(), true, ensure_ascii, indent_step, new_indent);
+
+                    o->write_character('\n');
+                    o->write_characters(indent_string.c_str(), current_indent);
+                    o->write_character(']');
+                }
+                else
+                {
+                    o->write_character('[');
+
+                    // first n-1 elements
+                    for (auto i = val.m_value.array->cbegin();
+                            i != val.m_value.array->cend() - 1; ++i)
+                    {
+                        dump(*i, false, ensure_ascii, indent_step, current_indent);
+                        o->write_character(',');
+                    }
+
+                    // last element
+                    assert(not val.m_value.array->empty());
+                    dump(val.m_value.array->back(), false, ensure_ascii, indent_step, current_indent);
+
+                    o->write_character(']');
+                }
+
+                return;
+            }
+
+            case value_t::string:
+            {
+                o->write_character('\"');
+                dump_escaped(*val.m_value.string, ensure_ascii);
+                o->write_character('\"');
+                return;
+            }
+
+            case value_t::boolean:
+            {
+                if (val.m_value.boolean)
+                {
+                    o->write_characters("true", 4);
+                }
+                else
+                {
+                    o->write_characters("false", 5);
+                }
+                return;
+            }
+
+            case value_t::number_integer:
+            {
+                dump_integer(val.m_value.number_integer);
+                return;
+            }
+
+            case value_t::number_unsigned:
+            {
+                dump_integer(val.m_value.number_unsigned);
+                return;
+            }
+
+            case value_t::number_float:
+            {
+                dump_float(val.m_value.number_float);
+                return;
+            }
+
+            case value_t::discarded:
+            {
+                o->write_characters("<discarded>", 11);
+                return;
+            }
+
+            case value_t::null:
+            {
+                o->write_characters("null", 4);
+                return;
+            }
+        }
+    }
+
+  private:
+    /*!
+    @brief dump escaped string
+
+    Escape a string by replacing certain special characters by a sequence of an
+    escape character (backslash) and another character and other control
+    characters by a sequence of "\u" followed by a four-digit hex
+    representation. The escaped string is written to output stream @a o.
+
+    @param[in] s  the string to escape
+    @param[in] ensure_ascii  whether to escape non-ASCII characters with
+                             \uXXXX sequences
+
+    @complexity Linear in the length of string @a s.
+    */
+    void dump_escaped(const string_t& s, const bool ensure_ascii)
+    {
+        uint32_t codepoint;
+        uint8_t state = UTF8_ACCEPT;
+        std::size_t bytes = 0;  // number of bytes written to string_buffer
+
+        // number of bytes written at the point of the last valid byte
+        std::size_t bytes_after_last_accept = 0;
+        std::size_t undumped_chars = 0;
+
+        for (std::size_t i = 0; i < s.size(); ++i)
+        {
+            const auto byte = static_cast<uint8_t>(s[i]);
+
+            switch (decode(state, codepoint, byte))
+            {
+                case UTF8_ACCEPT:  // decode found a new code point
+                {
+                    switch (codepoint)
+                    {
+                        case 0x08: // backspace
+                        {
+                            string_buffer[bytes++] = '\\';
+                            string_buffer[bytes++] = 'b';
+                            break;
+                        }
+
+                        case 0x09: // horizontal tab
+                        {
+                            string_buffer[bytes++] = '\\';
+                            string_buffer[bytes++] = 't';
+                            break;
+                        }
+
+                        case 0x0A: // newline
+                        {
+                            string_buffer[bytes++] = '\\';
+                            string_buffer[bytes++] = 'n';
+                            break;
+                        }
+
+                        case 0x0C: // formfeed
+                        {
+                            string_buffer[bytes++] = '\\';
+                            string_buffer[bytes++] = 'f';
+                            break;
+                        }
+
+                        case 0x0D: // carriage return
+                        {
+                            string_buffer[bytes++] = '\\';
+                            string_buffer[bytes++] = 'r';
+                            break;
+                        }
+
+                        case 0x22: // quotation mark
+                        {
+                            string_buffer[bytes++] = '\\';
+                            string_buffer[bytes++] = '\"';
+                            break;
+                        }
+
+                        case 0x5C: // reverse solidus
+                        {
+                            string_buffer[bytes++] = '\\';
+                            string_buffer[bytes++] = '\\';
+                            break;
+                        }
+
+                        default:
+                        {
+                            // escape control characters (0x00..0x1F) or, if
+                            // ensure_ascii parameter is used, non-ASCII characters
+                            if ((codepoint <= 0x1F) or (ensure_ascii and (codepoint >= 0x7F)))
+                            {
+                                if (codepoint <= 0xFFFF)
+                                {
+                                    (std::snprintf)(string_buffer.data() + bytes, 7, "\\u%04x",
+                                                    static_cast<uint16_t>(codepoint));
+                                    bytes += 6;
+                                }
+                                else
+                                {
+                                    (std::snprintf)(string_buffer.data() + bytes, 13, "\\u%04x\\u%04x",
+                                                    static_cast<uint16_t>(0xD7C0 + (codepoint >> 10)),
+                                                    static_cast<uint16_t>(0xDC00 + (codepoint & 0x3FF)));
+                                    bytes += 12;
+                                }
+                            }
+                            else
+                            {
+                                // copy byte to buffer (all previous bytes
+                                // been copied have in default case above)
+                                string_buffer[bytes++] = s[i];
+                            }
+                            break;
+                        }
+                    }
+
+                    // write buffer and reset index; there must be 13 bytes
+                    // left, as this is the maximal number of bytes to be
+                    // written ("\uxxxx\uxxxx\0") for one code point
+                    if (string_buffer.size() - bytes < 13)
+                    {
+                        o->write_characters(string_buffer.data(), bytes);
+                        bytes = 0;
+                    }
+
+                    // remember the byte position of this accept
+                    bytes_after_last_accept = bytes;
+                    undumped_chars = 0;
+                    break;
+                }
+
+                case UTF8_REJECT:  // decode found invalid UTF-8 byte
+                {
+                    switch (error_handler)
+                    {
+                        case error_handler_t::strict:
+                        {
+                            std::string sn(3, '\0');
+                            (std::snprintf)(&sn[0], sn.size(), "%.2X", byte);
+                            JSON_THROW(type_error::create(316, "invalid UTF-8 byte at index " + std::to_string(i) + ": 0x" + sn));
+                        }
+
+                        case error_handler_t::ignore:
+                        case error_handler_t::replace:
+                        {
+                            // in case we saw this character the first time, we
+                            // would like to read it again, because the byte
+                            // may be OK for itself, but just not OK for the
+                            // previous sequence
+                            if (undumped_chars > 0)
+                            {
+                                --i;
+                            }
+
+                            // reset length buffer to the last accepted index;
+                            // thus removing/ignoring the invalid characters
+                            bytes = bytes_after_last_accept;
+
+                            if (error_handler == error_handler_t::replace)
+                            {
+                                // add a replacement character
+                                if (ensure_ascii)
+                                {
+                                    string_buffer[bytes++] = '\\';
+                                    string_buffer[bytes++] = 'u';
+                                    string_buffer[bytes++] = 'f';
+                                    string_buffer[bytes++] = 'f';
+                                    string_buffer[bytes++] = 'f';
+                                    string_buffer[bytes++] = 'd';
+                                }
+                                else
+                                {
+                                    string_buffer[bytes++] = detail::binary_writer<BasicJsonType, char>::to_char_type('\xEF');
+                                    string_buffer[bytes++] = detail::binary_writer<BasicJsonType, char>::to_char_type('\xBF');
+                                    string_buffer[bytes++] = detail::binary_writer<BasicJsonType, char>::to_char_type('\xBD');
+                                }
+                                bytes_after_last_accept = bytes;
+                            }
+
+                            undumped_chars = 0;
+
+                            // continue processing the string
+                            state = UTF8_ACCEPT;
+                            break;
+                        }
+                    }
+                    break;
+                }
+
+                default:  // decode found yet incomplete multi-byte code point
+                {
+                    if (not ensure_ascii)
+                    {
+                        // code point will not be escaped - copy byte to buffer
+                        string_buffer[bytes++] = s[i];
+                    }
+                    ++undumped_chars;
+                    break;
+                }
+            }
+        }
+
+        // we finished processing the string
+        if (JSON_LIKELY(state == UTF8_ACCEPT))
+        {
+            // write buffer
+            if (bytes > 0)
+            {
+                o->write_characters(string_buffer.data(), bytes);
+            }
+        }
+        else
+        {
+            // we finish reading, but do not accept: string was incomplete
+            switch (error_handler)
+            {
+                case error_handler_t::strict:
+                {
+                    std::string sn(3, '\0');
+                    (std::snprintf)(&sn[0], sn.size(), "%.2X", static_cast<uint8_t>(s.back()));
+                    JSON_THROW(type_error::create(316, "incomplete UTF-8 string; last byte: 0x" + sn));
+                }
+
+                case error_handler_t::ignore:
+                {
+                    // write all accepted bytes
+                    o->write_characters(string_buffer.data(), bytes_after_last_accept);
+                    break;
+                }
+
+                case error_handler_t::replace:
+                {
+                    // write all accepted bytes
+                    o->write_characters(string_buffer.data(), bytes_after_last_accept);
+                    // add a replacement character
+                    if (ensure_ascii)
+                    {
+                        o->write_characters("\\ufffd", 6);
+                    }
+                    else
+                    {
+                        o->write_characters("\xEF\xBF\xBD", 3);
+                    }
+                    break;
+                }
+            }
+        }
+    }
+
+    /*!
+    @brief dump an integer
+
+    Dump a given integer to output stream @a o. Works internally with
+    @a number_buffer.
+
+    @param[in] x  integer number (signed or unsigned) to dump
+    @tparam NumberType either @a number_integer_t or @a number_unsigned_t
+    */
+    template<typename NumberType, detail::enable_if_t<
+                 std::is_same<NumberType, number_unsigned_t>::value or
+                 std::is_same<NumberType, number_integer_t>::value,
+                 int> = 0>
+    void dump_integer(NumberType x)
+    {
+        // special case for "0"
+        if (x == 0)
+        {
+            o->write_character('0');
+            return;
+        }
+
+        const bool is_negative = std::is_same<NumberType, number_integer_t>::value and not (x >= 0);  // see issue #755
+        std::size_t i = 0;
+
+        while (x != 0)
+        {
+            // spare 1 byte for '\0'
+            assert(i < number_buffer.size() - 1);
+
+            const auto digit = std::labs(static_cast<long>(x % 10));
+            number_buffer[i++] = static_cast<char>('0' + digit);
+            x /= 10;
+        }
+
+        if (is_negative)
+        {
+            // make sure there is capacity for the '-'
+            assert(i < number_buffer.size() - 2);
+            number_buffer[i++] = '-';
+        }
+
+        std::reverse(number_buffer.begin(), number_buffer.begin() + i);
+        o->write_characters(number_buffer.data(), i);
+    }
+
+    /*!
+    @brief dump a floating-point number
+
+    Dump a given floating-point number to output stream @a o. Works internally
+    with @a number_buffer.
+
+    @param[in] x  floating-point number to dump
+    */
+    void dump_float(number_float_t x)
+    {
+        // NaN / inf
+        if (not std::isfinite(x))
+        {
+            o->write_characters("null", 4);
+            return;
+        }
+
+        // If number_float_t is an IEEE-754 single or double precision number,
+        // use the Grisu2 algorithm to produce short numbers which are
+        // guaranteed to round-trip, using strtof and strtod, resp.
+        //
+        // NB: The test below works if <long double> == <double>.
+        static constexpr bool is_ieee_single_or_double
+            = (std::numeric_limits<number_float_t>::is_iec559 and std::numeric_limits<number_float_t>::digits == 24 and std::numeric_limits<number_float_t>::max_exponent == 128) or
+              (std::numeric_limits<number_float_t>::is_iec559 and std::numeric_limits<number_float_t>::digits == 53 and std::numeric_limits<number_float_t>::max_exponent == 1024);
+
+        dump_float(x, std::integral_constant<bool, is_ieee_single_or_double>());
+    }
+
+    void dump_float(number_float_t x, std::true_type /*is_ieee_single_or_double*/)
+    {
+        char* begin = number_buffer.data();
+        char* end = ::nlohmann::detail::to_chars(begin, begin + number_buffer.size(), x);
+
+        o->write_characters(begin, static_cast<size_t>(end - begin));
+    }
+
+    void dump_float(number_float_t x, std::false_type /*is_ieee_single_or_double*/)
+    {
+        // get number of digits for a float -> text -> float round-trip
+        static constexpr auto d = std::numeric_limits<number_float_t>::max_digits10;
+
+        // the actual conversion
+        std::ptrdiff_t len = (std::snprintf)(number_buffer.data(), number_buffer.size(), "%.*g", d, x);
+
+        // negative value indicates an error
+        assert(len > 0);
+        // check if buffer was large enough
+        assert(static_cast<std::size_t>(len) < number_buffer.size());
+
+        // erase thousands separator
+        if (thousands_sep != '\0')
+        {
+            const auto end = std::remove(number_buffer.begin(),
+                                         number_buffer.begin() + len, thousands_sep);
+            std::fill(end, number_buffer.end(), '\0');
+            assert((end - number_buffer.begin()) <= len);
+            len = (end - number_buffer.begin());
+        }
+
+        // convert decimal point to '.'
+        if (decimal_point != '\0' and decimal_point != '.')
+        {
+            const auto dec_pos = std::find(number_buffer.begin(), number_buffer.end(), decimal_point);
+            if (dec_pos != number_buffer.end())
+            {
+                *dec_pos = '.';
+            }
+        }
+
+        o->write_characters(number_buffer.data(), static_cast<std::size_t>(len));
+
+        // determine if need to append ".0"
+        const bool value_is_int_like =
+            std::none_of(number_buffer.begin(), number_buffer.begin() + len + 1,
+                         [](char c)
+        {
+            return (c == '.' or c == 'e');
+        });
+
+        if (value_is_int_like)
+        {
+            o->write_characters(".0", 2);
+        }
+    }
+
+    /*!
+    @brief check whether a string is UTF-8 encoded
+
+    The function checks each byte of a string whether it is UTF-8 encoded. The
+    result of the check is stored in the @a state parameter. The function must
+    be called initially with state 0 (accept). State 1 means the string must
+    be rejected, because the current byte is not allowed. If the string is
+    completely processed, but the state is non-zero, the string ended
+    prematurely; that is, the last byte indicated more bytes should have
+    followed.
+
+    @param[in,out] state  the state of the decoding
+    @param[in,out] codep  codepoint (valid only if resulting state is UTF8_ACCEPT)
+    @param[in] byte       next byte to decode
+    @return               new state
+
+    @note The function has been edited: a std::array is used.
+
+    @copyright Copyright (c) 2008-2009 Bjoern Hoehrmann <bjoern@hoehrmann.de>
+    @sa http://bjoern.hoehrmann.de/utf-8/decoder/dfa/
+    */
+    static uint8_t decode(uint8_t& state, uint32_t& codep, const uint8_t byte) noexcept
+    {
+        static const std::array<uint8_t, 400> utf8d =
+        {
+            {
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 00..1F
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 20..3F
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 40..5F
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 60..7F
+                1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, // 80..9F
+                7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, // A0..BF
+                8, 8, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, // C0..DF
+                0xA, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x4, 0x3, 0x3, // E0..EF
+                0xB, 0x6, 0x6, 0x6, 0x5, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, // F0..FF
+                0x0, 0x1, 0x2, 0x3, 0x5, 0x8, 0x7, 0x1, 0x1, 0x1, 0x4, 0x6, 0x1, 0x1, 0x1, 0x1, // s0..s0
+                1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, // s1..s2
+                1, 2, 1, 1, 1, 1, 1, 2, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, // s3..s4
+                1, 2, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, // s5..s6
+                1, 3, 1, 1, 1, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 // s7..s8
+            }
+        };
+
+        const uint8_t type = utf8d[byte];
+
+        codep = (state != UTF8_ACCEPT)
+                ? (byte & 0x3fu) | (codep << 6)
+                : static_cast<uint32_t>(0xff >> type) & (byte);
+
+        state = utf8d[256u + state * 16u + type];
+        return state;
+    }
+
+  private:
+    /// the output of the serializer
+    output_adapter_t<char> o = nullptr;
+
+    /// a (hopefully) large enough character buffer
+    std::array<char, 64> number_buffer{{}};
+
+    /// the locale
+    const std::lconv* loc = nullptr;
+    /// the locale's thousand separator character
+    const char thousands_sep = '\0';
+    /// the locale's decimal point character
+    const char decimal_point = '\0';
+
+    /// string buffer
+    std::array<char, 512> string_buffer{{}};
+
+    /// the indentation character
+    const char indent_char;
+    /// the indentation string
+    string_t indent_string;
+
+    /// error_handler how to react on decoding errors
+    const error_handler_t error_handler;
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/json_ref.hpp>
+
+
+#include <initializer_list>
+#include <utility>
+
+// #include <nlohmann/detail/meta/type_traits.hpp>
+
+
+namespace nlohmann
+{
+namespace detail
+{
+template<typename BasicJsonType>
+class json_ref
+{
+  public:
+    using value_type = BasicJsonType;
+
+    json_ref(value_type&& value)
+        : owned_value(std::move(value)), value_ref(&owned_value), is_rvalue(true)
+    {}
+
+    json_ref(const value_type& value)
+        : value_ref(const_cast<value_type*>(&value)), is_rvalue(false)
+    {}
+
+    json_ref(std::initializer_list<json_ref> init)
+        : owned_value(init), value_ref(&owned_value), is_rvalue(true)
+    {}
+
+    template <
+        class... Args,
+        enable_if_t<std::is_constructible<value_type, Args...>::value, int> = 0 >
+    json_ref(Args && ... args)
+        : owned_value(std::forward<Args>(args)...), value_ref(&owned_value),
+          is_rvalue(true) {}
+
+    // class should be movable only
+    json_ref(json_ref&&) = default;
+    json_ref(const json_ref&) = delete;
+    json_ref& operator=(const json_ref&) = delete;
+    json_ref& operator=(json_ref&&) = delete;
+    ~json_ref() = default;
+
+    value_type moved_or_copied() const
+    {
+        if (is_rvalue)
+        {
+            return std::move(*value_ref);
+        }
+        return *value_ref;
+    }
+
+    value_type const& operator*() const
+    {
+        return *static_cast<value_type const*>(value_ref);
+    }
+
+    value_type const* operator->() const
+    {
+        return static_cast<value_type const*>(value_ref);
+    }
+
+  private:
+    mutable value_type owned_value = nullptr;
+    value_type* value_ref = nullptr;
+    const bool is_rvalue;
+};
+}  // namespace detail
+}  // namespace nlohmann
+
+// #include <nlohmann/detail/json_pointer.hpp>
+
+
+#include <cassert> // assert
+#include <numeric> // accumulate
+#include <string> // string
+#include <vector> // vector
+
+// #include <nlohmann/detail/macro_scope.hpp>
+
+// #include <nlohmann/detail/exceptions.hpp>
+
+// #include <nlohmann/detail/value_t.hpp>
+
+
+namespace nlohmann
+{
+template<typename BasicJsonType>
+class json_pointer
+{
+    // allow basic_json to access private members
+    NLOHMANN_BASIC_JSON_TPL_DECLARATION
+    friend class basic_json;
+
+  public:
+    /*!
+    @brief create JSON pointer
+
+    Create a JSON pointer according to the syntax described in
+    [Section 3 of RFC6901](https://tools.ietf.org/html/rfc6901#section-3).
+
+    @param[in] s  string representing the JSON pointer; if omitted, the empty
+                  string is assumed which references the whole JSON value
+
+    @throw parse_error.107 if the given JSON pointer @a s is nonempty and does
+                           not begin with a slash (`/`); see example below
+
+    @throw parse_error.108 if a tilde (`~`) in the given JSON pointer @a s is
+    not followed by `0` (representing `~`) or `1` (representing `/`); see
+    example below
+
+    @liveexample{The example shows the construction several valid JSON pointers
+    as well as the exceptional behavior.,json_pointer}
+
+    @since version 2.0.0
+    */
+    explicit json_pointer(const std::string& s = "")
+        : reference_tokens(split(s))
+    {}
+
+    /*!
+    @brief return a string representation of the JSON pointer
+
+    @invariant For each JSON pointer `ptr`, it holds:
+    @code {.cpp}
+    ptr == json_pointer(ptr.to_string());
+    @endcode
+
+    @return a string representation of the JSON pointer
+
+    @liveexample{The example shows the result of `to_string`.,
+    json_pointer__to_string}
+
+    @since version 2.0.0
+    */
+    std::string to_string() const
+    {
+        return std::accumulate(reference_tokens.begin(), reference_tokens.end(),
+                               std::string{},
+                               [](const std::string & a, const std::string & b)
+        {
+            return a + "/" + escape(b);
+        });
+    }
+
+    /// @copydoc to_string()
+    operator std::string() const
+    {
+        return to_string();
+    }
+
+    /*!
+    @param[in] s  reference token to be converted into an array index
+
+    @return integer representation of @a s
+
+    @throw out_of_range.404 if string @a s could not be converted to an integer
+    */
+    static int array_index(const std::string& s)
+    {
+        std::size_t processed_chars = 0;
+        const int res = std::stoi(s, &processed_chars);
+
+        // check if the string was completely read
+        if (JSON_UNLIKELY(processed_chars != s.size()))
+        {
+            JSON_THROW(detail::out_of_range::create(404, "unresolved reference token '" + s + "'"));
+        }
+
+        return res;
+    }
+
+  private:
+    /*!
+    @brief remove and return last reference pointer
+    @throw out_of_range.405 if JSON pointer has no parent
+    */
+    std::string pop_back()
+    {
+        if (JSON_UNLIKELY(is_root()))
+        {
+            JSON_THROW(detail::out_of_range::create(405, "JSON pointer has no parent"));
+        }
+
+        auto last = reference_tokens.back();
+        reference_tokens.pop_back();
+        return last;
+    }
+
+    /// return whether pointer points to the root document
+    bool is_root() const noexcept
+    {
+        return reference_tokens.empty();
+    }
+
+    json_pointer top() const
+    {
+        if (JSON_UNLIKELY(is_root()))
+        {
+            JSON_THROW(detail::out_of_range::create(405, "JSON pointer has no parent"));
+        }
+
+        json_pointer result = *this;
+        result.reference_tokens = {reference_tokens[0]};
+        return result;
+    }
+
+    /*!
+    @brief create and return a reference to the pointed to value
+
+    @complexity Linear in the number of reference tokens.
+
+    @throw parse_error.109 if array index is not a number
+    @throw type_error.313 if value cannot be unflattened
+    */
+    BasicJsonType& get_and_create(BasicJsonType& j) const
+    {
+        using size_type = typename BasicJsonType::size_type;
+        auto result = &j;
+
+        // in case no reference tokens exist, return a reference to the JSON value
+        // j which will be overwritten by a primitive value
+        for (const auto& reference_token : reference_tokens)
+        {
+            switch (result->m_type)
+            {
+                case detail::value_t::null:
+                {
+                    if (reference_token == "0")
+                    {
+                        // start a new array if reference token is 0
+                        result = &result->operator[](0);
+                    }
+                    else
+                    {
+                        // start a new object otherwise
+                        result = &result->operator[](reference_token);
+                    }
+                    break;
+                }
+
+                case detail::value_t::object:
+                {
+                    // create an entry in the object
+                    result = &result->operator[](reference_token);
+                    break;
+                }
+
+                case detail::value_t::array:
+                {
+                    // create an entry in the array
+                    JSON_TRY
+                    {
+                        result = &result->operator[](static_cast<size_type>(array_index(reference_token)));
+                    }
+                    JSON_CATCH(std::invalid_argument&)
+                    {
+                        JSON_THROW(detail::parse_error::create(109, 0, "array index '" + reference_token + "' is not a number"));
+                    }
+                    break;
+                }
+
+                /*
+                The following code is only reached if there exists a reference
+                token _and_ the current value is primitive. In this case, we have
+                an error situation, because primitive values may only occur as
+                single value; that is, with an empty list of reference tokens.
+                */
+                default:
+                    JSON_THROW(detail::type_error::create(313, "invalid value to unflatten"));
+            }
+        }
+
+        return *result;
+    }
+
+    /*!
+    @brief return a reference to the pointed to value
+
+    @note This version does not throw if a value is not present, but tries to
+          create nested values instead. For instance, calling this function
+          with pointer `"/this/that"` on a null value is equivalent to calling
+          `operator[]("this").operator[]("that")` on that value, effectively
+          changing the null value to an object.
+
+    @param[in] ptr  a JSON value
+
+    @return reference to the JSON value pointed to by the JSON pointer
+
+    @complexity Linear in the length of the JSON pointer.
+
+    @throw parse_error.106   if an array index begins with '0'
+    @throw parse_error.109   if an array index was not a number
+    @throw out_of_range.404  if the JSON pointer can not be resolved
+    */
+    BasicJsonType& get_unchecked(BasicJsonType* ptr) const
+    {
+        using size_type = typename BasicJsonType::size_type;
+        for (const auto& reference_token : reference_tokens)
+        {
+            // convert null values to arrays or objects before continuing
+            if (ptr->m_type == detail::value_t::null)
+            {
+                // check if reference token is a number
+                const bool nums =
+                    std::all_of(reference_token.begin(), reference_token.end(),
+                                [](const char x)
+                {
+                    return (x >= '0' and x <= '9');
+                });
+
+                // change value to array for numbers or "-" or to object otherwise
+                *ptr = (nums or reference_token == "-")
+                       ? detail::value_t::array
+                       : detail::value_t::object;
+            }
+
+            switch (ptr->m_type)
+            {
+                case detail::value_t::object:
+                {
+                    // use unchecked object access
+                    ptr = &ptr->operator[](reference_token);
+                    break;
+                }
+
+                case detail::value_t::array:
+                {
+                    // error condition (cf. RFC 6901, Sect. 4)
+                    if (JSON_UNLIKELY(reference_token.size() > 1 and reference_token[0] == '0'))
+                    {
+                        JSON_THROW(detail::parse_error::create(106, 0,
+                                                               "array index '" + reference_token +
+                                                               "' must not begin with '0'"));
+                    }
+
+                    if (reference_token == "-")
+                    {
+                        // explicitly treat "-" as index beyond the end
+                        ptr = &ptr->operator[](ptr->m_value.array->size());
+                    }
+                    else
+                    {
+                        // convert array index to number; unchecked access
+                        JSON_TRY
+                        {
+                            ptr = &ptr->operator[](
+                                static_cast<size_type>(array_index(reference_token)));
+                        }
+                        JSON_CATCH(std::invalid_argument&)
+                        {
+                            JSON_THROW(detail::parse_error::create(109, 0, "array index '" + reference_token + "' is not a number"));
+                        }
+                    }
+                    break;
+                }
+
+                default:
+                    JSON_THROW(detail::out_of_range::create(404, "unresolved reference token '" + reference_token + "'"));
+            }
+        }
+
+        return *ptr;
+    }
+
+    /*!
+    @throw parse_error.106   if an array index begins with '0'
+    @throw parse_error.109   if an array index was not a number
+    @throw out_of_range.402  if the array index '-' is used
+    @throw out_of_range.404  if the JSON pointer can not be resolved
+    */
+    BasicJsonType& get_checked(BasicJsonType* ptr) const
+    {
+        using size_type = typename BasicJsonType::size_type;
+        for (const auto& reference_token : reference_tokens)
+        {
+            switch (ptr->m_type)
+            {
+                case detail::value_t::object:
+                {
+                    // note: at performs range check
+                    ptr = &ptr->at(reference_token);
+                    break;
+                }
+
+                case detail::value_t::array:
+                {
+                    if (JSON_UNLIKELY(reference_token == "-"))
+                    {
+                        // "-" always fails the range check
+                        JSON_THROW(detail::out_of_range::create(402,
+                                                                "array index '-' (" + std::to_string(ptr->m_value.array->size()) +
+                                                                ") is out of range"));
+                    }
+
+                    // error condition (cf. RFC 6901, Sect. 4)
+                    if (JSON_UNLIKELY(reference_token.size() > 1 and reference_token[0] == '0'))
+                    {
+                        JSON_THROW(detail::parse_error::create(106, 0,
+                                                               "array index '" + reference_token +
+                                                               "' must not begin with '0'"));
+                    }
+
+                    // note: at performs range check
+                    JSON_TRY
+                    {
+                        ptr = &ptr->at(static_cast<size_type>(array_index(reference_token)));
+                    }
+                    JSON_CATCH(std::invalid_argument&)
+                    {
+                        JSON_THROW(detail::parse_error::create(109, 0, "array index '" + reference_token + "' is not a number"));
+                    }
+                    break;
+                }
+
+                default:
+                    JSON_THROW(detail::out_of_range::create(404, "unresolved reference token '" + reference_token + "'"));
+            }
+        }
+
+        return *ptr;
+    }
+
+    /*!
+    @brief return a const reference to the pointed to value
+
+    @param[in] ptr  a JSON value
+
+    @return const reference to the JSON value pointed to by the JSON
+    pointer
+
+    @throw parse_error.106   if an array index begins with '0'
+    @throw parse_error.109   if an array index was not a number
+    @throw out_of_range.402  if the array index '-' is used
+    @throw out_of_range.404  if the JSON pointer can not be resolved
+    */
+    const BasicJsonType& get_unchecked(const BasicJsonType* ptr) const
+    {
+        using size_type = typename BasicJsonType::size_type;
+        for (const auto& reference_token : reference_tokens)
+        {
+            switch (ptr->m_type)
+            {
+                case detail::value_t::object:
+                {
+                    // use unchecked object access
+                    ptr = &ptr->operator[](reference_token);
+                    break;
+                }
+
+                case detail::value_t::array:
+                {
+                    if (JSON_UNLIKELY(reference_token == "-"))
+                    {
+                        // "-" cannot be used for const access
+                        JSON_THROW(detail::out_of_range::create(402,
+                                                                "array index '-' (" + std::to_string(ptr->m_value.array->size()) +
+                                                                ") is out of range"));
+                    }
+
+                    // error condition (cf. RFC 6901, Sect. 4)
+                    if (JSON_UNLIKELY(reference_token.size() > 1 and reference_token[0] == '0'))
+                    {
+                        JSON_THROW(detail::parse_error::create(106, 0,
+                                                               "array index '" + reference_token +
+                                                               "' must not begin with '0'"));
+                    }
+
+                    // use unchecked array access
+                    JSON_TRY
+                    {
+                        ptr = &ptr->operator[](
+                            static_cast<size_type>(array_index(reference_token)));
+                    }
+                    JSON_CATCH(std::invalid_argument&)
+                    {
+                        JSON_THROW(detail::parse_error::create(109, 0, "array index '" + reference_token + "' is not a number"));
+                    }
+                    break;
+                }
+
+                default:
+                    JSON_THROW(detail::out_of_range::create(404, "unresolved reference token '" + reference_token + "'"));
+            }
+        }
+
+        return *ptr;
+    }
+
+    /*!
+    @throw parse_error.106   if an array index begins with '0'
+    @throw parse_error.109   if an array index was not a number
+    @throw out_of_range.402  if the array index '-' is used
+    @throw out_of_range.404  if the JSON pointer can not be resolved
+    */
+    const BasicJsonType& get_checked(const BasicJsonType* ptr) const
+    {
+        using size_type = typename BasicJsonType::size_type;
+        for (const auto& reference_token : reference_tokens)
+        {
+            switch (ptr->m_type)
+            {
+                case detail::value_t::object:
+                {
+                    // note: at performs range check
+                    ptr = &ptr->at(reference_token);
+                    break;
+                }
+
+                case detail::value_t::array:
+                {
+                    if (JSON_UNLIKELY(reference_token == "-"))
+                    {
+                        // "-" always fails the range check
+                        JSON_THROW(detail::out_of_range::create(402,
+                                                                "array index '-' (" + std::to_string(ptr->m_value.array->size()) +
+                                                                ") is out of range"));
+                    }
+
+                    // error condition (cf. RFC 6901, Sect. 4)
+                    if (JSON_UNLIKELY(reference_token.size() > 1 and reference_token[0] == '0'))
+                    {
+                        JSON_THROW(detail::parse_error::create(106, 0,
+                                                               "array index '" + reference_token +
+                                                               "' must not begin with '0'"));
+                    }
+
+                    // note: at performs range check
+                    JSON_TRY
+                    {
+                        ptr = &ptr->at(static_cast<size_type>(array_index(reference_token)));
+                    }
+                    JSON_CATCH(std::invalid_argument&)
+                    {
+                        JSON_THROW(detail::parse_error::create(109, 0, "array index '" + reference_token + "' is not a number"));
+                    }
+                    break;
+                }
+
+                default:
+                    JSON_THROW(detail::out_of_range::create(404, "unresolved reference token '" + reference_token + "'"));
+            }
+        }
+
+        return *ptr;
+    }
+
+    /*!
+    @brief split the string input to reference tokens
+
+    @note This function is only called by the json_pointer constructor.
+          All exceptions below are documented there.
+
+    @throw parse_error.107  if the pointer is not empty or begins with '/'
+    @throw parse_error.108  if character '~' is not followed by '0' or '1'
+    */
+    static std::vector<std::string> split(const std::string& reference_string)
+    {
+        std::vector<std::string> result;
+
+        // special case: empty reference string -> no reference tokens
+        if (reference_string.empty())
+        {
+            return result;
+        }
+
+        // check if nonempty reference string begins with slash
+        if (JSON_UNLIKELY(reference_string[0] != '/'))
+        {
+            JSON_THROW(detail::parse_error::create(107, 1,
+                                                   "JSON pointer must be empty or begin with '/' - was: '" +
+                                                   reference_string + "'"));
+        }
+
+        // extract the reference tokens:
+        // - slash: position of the last read slash (or end of string)
+        // - start: position after the previous slash
+        for (
+            // search for the first slash after the first character
+            std::size_t slash = reference_string.find_first_of('/', 1),
+            // set the beginning of the first reference token
+            start = 1;
+            // we can stop if start == 0 (if slash == std::string::npos)
+            start != 0;
+            // set the beginning of the next reference token
+            // (will eventually be 0 if slash == std::string::npos)
+            start = (slash == std::string::npos) ? 0 : slash + 1,
+            // find next slash
+            slash = reference_string.find_first_of('/', start))
+        {
+            // use the text between the beginning of the reference token
+            // (start) and the last slash (slash).
+            auto reference_token = reference_string.substr(start, slash - start);
+
+            // check reference tokens are properly escaped
+            for (std::size_t pos = reference_token.find_first_of('~');
+                    pos != std::string::npos;
+                    pos = reference_token.find_first_of('~', pos + 1))
+            {
+                assert(reference_token[pos] == '~');
+
+                // ~ must be followed by 0 or 1
+                if (JSON_UNLIKELY(pos == reference_token.size() - 1 or
+                                  (reference_token[pos + 1] != '0' and
+                                   reference_token[pos + 1] != '1')))
+                {
+                    JSON_THROW(detail::parse_error::create(108, 0, "escape character '~' must be followed with '0' or '1'"));
+                }
+            }
+
+            // finally, store the reference token
+            unescape(reference_token);
+            result.push_back(reference_token);
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief replace all occurrences of a substring by another string
+
+    @param[in,out] s  the string to manipulate; changed so that all
+                   occurrences of @a f are replaced with @a t
+    @param[in]     f  the substring to replace with @a t
+    @param[in]     t  the string to replace @a f
+
+    @pre The search string @a f must not be empty. **This precondition is
+    enforced with an assertion.**
+
+    @since version 2.0.0
+    */
+    static void replace_substring(std::string& s, const std::string& f,
+                                  const std::string& t)
+    {
+        assert(not f.empty());
+        for (auto pos = s.find(f);                // find first occurrence of f
+                pos != std::string::npos;         // make sure f was found
+                s.replace(pos, f.size(), t),      // replace with t, and
+                pos = s.find(f, pos + t.size()))  // find next occurrence of f
+        {}
+    }
+
+    /// escape "~" to "~0" and "/" to "~1"
+    static std::string escape(std::string s)
+    {
+        replace_substring(s, "~", "~0");
+        replace_substring(s, "/", "~1");
+        return s;
+    }
+
+    /// unescape "~1" to tilde and "~0" to slash (order is important!)
+    static void unescape(std::string& s)
+    {
+        replace_substring(s, "~1", "/");
+        replace_substring(s, "~0", "~");
+    }
+
+    /*!
+    @param[in] reference_string  the reference string to the current value
+    @param[in] value             the value to consider
+    @param[in,out] result        the result object to insert values to
+
+    @note Empty objects or arrays are flattened to `null`.
+    */
+    static void flatten(const std::string& reference_string,
+                        const BasicJsonType& value,
+                        BasicJsonType& result)
+    {
+        switch (value.m_type)
+        {
+            case detail::value_t::array:
+            {
+                if (value.m_value.array->empty())
+                {
+                    // flatten empty array as null
+                    result[reference_string] = nullptr;
+                }
+                else
+                {
+                    // iterate array and use index as reference string
+                    for (std::size_t i = 0; i < value.m_value.array->size(); ++i)
+                    {
+                        flatten(reference_string + "/" + std::to_string(i),
+                                value.m_value.array->operator[](i), result);
+                    }
+                }
+                break;
+            }
+
+            case detail::value_t::object:
+            {
+                if (value.m_value.object->empty())
+                {
+                    // flatten empty object as null
+                    result[reference_string] = nullptr;
+                }
+                else
+                {
+                    // iterate object and use keys as reference string
+                    for (const auto& element : *value.m_value.object)
+                    {
+                        flatten(reference_string + "/" + escape(element.first), element.second, result);
+                    }
+                }
+                break;
+            }
+
+            default:
+            {
+                // add primitive value with its reference string
+                result[reference_string] = value;
+                break;
+            }
+        }
+    }
+
+    /*!
+    @param[in] value  flattened JSON
+
+    @return unflattened JSON
+
+    @throw parse_error.109 if array index is not a number
+    @throw type_error.314  if value is not an object
+    @throw type_error.315  if object values are not primitive
+    @throw type_error.313  if value cannot be unflattened
+    */
+    static BasicJsonType
+    unflatten(const BasicJsonType& value)
+    {
+        if (JSON_UNLIKELY(not value.is_object()))
+        {
+            JSON_THROW(detail::type_error::create(314, "only objects can be unflattened"));
+        }
+
+        BasicJsonType result;
+
+        // iterate the JSON object values
+        for (const auto& element : *value.m_value.object)
+        {
+            if (JSON_UNLIKELY(not element.second.is_primitive()))
+            {
+                JSON_THROW(detail::type_error::create(315, "values in object must be primitive"));
+            }
+
+            // assign value to reference pointed to by JSON pointer; Note that if
+            // the JSON pointer is "" (i.e., points to the whole value), function
+            // get_and_create returns a reference to result itself. An assignment
+            // will then create a primitive value.
+            json_pointer(element.first).get_and_create(result) = element.second;
+        }
+
+        return result;
+    }
+
+    friend bool operator==(json_pointer const& lhs,
+                           json_pointer const& rhs) noexcept
+    {
+        return (lhs.reference_tokens == rhs.reference_tokens);
+    }
+
+    friend bool operator!=(json_pointer const& lhs,
+                           json_pointer const& rhs) noexcept
+    {
+        return not (lhs == rhs);
+    }
+
+    /// the reference tokens
+    std::vector<std::string> reference_tokens;
+};
+}  // namespace nlohmann
+
+// #include <nlohmann/adl_serializer.hpp>
+
+
+#include <utility>
+
+// #include <nlohmann/detail/conversions/from_json.hpp>
+
+// #include <nlohmann/detail/conversions/to_json.hpp>
+
+
+namespace nlohmann
+{
+
+template<typename, typename>
+struct adl_serializer
+{
+    /*!
+    @brief convert a JSON value to any value type
+
+    This function is usually called by the `get()` function of the
+    @ref basic_json class (either explicit or via conversion operators).
+
+    @param[in] j        JSON value to read from
+    @param[in,out] val  value to write to
+    */
+    template<typename BasicJsonType, typename ValueType>
+    static auto from_json(BasicJsonType&& j, ValueType& val) noexcept(
+        noexcept(::nlohmann::from_json(std::forward<BasicJsonType>(j), val)))
+    -> decltype(::nlohmann::from_json(std::forward<BasicJsonType>(j), val), void())
+    {
+        ::nlohmann::from_json(std::forward<BasicJsonType>(j), val);
+    }
+
+    /*!
+    @brief convert any value type to a JSON value
+
+    This function is usually called by the constructors of the @ref basic_json
+    class.
+
+    @param[in,out] j  JSON value to write to
+    @param[in] val    value to read from
+    */
+    template <typename BasicJsonType, typename ValueType>
+    static auto to_json(BasicJsonType& j, ValueType&& val) noexcept(
+        noexcept(::nlohmann::to_json(j, std::forward<ValueType>(val))))
+    -> decltype(::nlohmann::to_json(j, std::forward<ValueType>(val)), void())
+    {
+        ::nlohmann::to_json(j, std::forward<ValueType>(val));
+    }
+};
+
+}  // namespace nlohmann
+
+
+/*!
+@brief namespace for Niels Lohmann
+@see https://github.com/nlohmann
+@since version 1.0.0
+*/
+namespace nlohmann
+{
+
+/*!
+@brief a class to store JSON values
+
+@tparam ObjectType type for JSON objects (`std::map` by default; will be used
+in @ref object_t)
+@tparam ArrayType type for JSON arrays (`std::vector` by default; will be used
+in @ref array_t)
+@tparam StringType type for JSON strings and object keys (`std::string` by
+default; will be used in @ref string_t)
+@tparam BooleanType type for JSON booleans (`bool` by default; will be used
+in @ref boolean_t)
+@tparam NumberIntegerType type for JSON integer numbers (`int64_t` by
+default; will be used in @ref number_integer_t)
+@tparam NumberUnsignedType type for JSON unsigned integer numbers (@c
+`uint64_t` by default; will be used in @ref number_unsigned_t)
+@tparam NumberFloatType type for JSON floating-point numbers (`double` by
+default; will be used in @ref number_float_t)
+@tparam AllocatorType type of the allocator to use (`std::allocator` by
+default)
+@tparam JSONSerializer the serializer to resolve internal calls to `to_json()`
+and `from_json()` (@ref adl_serializer by default)
+
+@requirement The class satisfies the following concept requirements:
+- Basic
+ - [DefaultConstructible](https://en.cppreference.com/w/cpp/named_req/DefaultConstructible):
+   JSON values can be default constructed. The result will be a JSON null
+   value.
+ - [MoveConstructible](https://en.cppreference.com/w/cpp/named_req/MoveConstructible):
+   A JSON value can be constructed from an rvalue argument.
+ - [CopyConstructible](https://en.cppreference.com/w/cpp/named_req/CopyConstructible):
+   A JSON value can be copy-constructed from an lvalue expression.
+ - [MoveAssignable](https://en.cppreference.com/w/cpp/named_req/MoveAssignable):
+   A JSON value van be assigned from an rvalue argument.
+ - [CopyAssignable](https://en.cppreference.com/w/cpp/named_req/CopyAssignable):
+   A JSON value can be copy-assigned from an lvalue expression.
+ - [Destructible](https://en.cppreference.com/w/cpp/named_req/Destructible):
+   JSON values can be destructed.
+- Layout
+ - [StandardLayoutType](https://en.cppreference.com/w/cpp/named_req/StandardLayoutType):
+   JSON values have
+   [standard layout](https://en.cppreference.com/w/cpp/language/data_members#Standard_layout):
+   All non-static data members are private and standard layout types, the
+   class has no virtual functions or (virtual) base classes.
+- Library-wide
+ - [EqualityComparable](https://en.cppreference.com/w/cpp/named_req/EqualityComparable):
+   JSON values can be compared with `==`, see @ref
+   operator==(const_reference,const_reference).
+ - [LessThanComparable](https://en.cppreference.com/w/cpp/named_req/LessThanComparable):
+   JSON values can be compared with `<`, see @ref
+   operator<(const_reference,const_reference).
+ - [Swappable](https://en.cppreference.com/w/cpp/named_req/Swappable):
+   Any JSON lvalue or rvalue of can be swapped with any lvalue or rvalue of
+   other compatible types, using unqualified function call @ref swap().
+ - [NullablePointer](https://en.cppreference.com/w/cpp/named_req/NullablePointer):
+   JSON values can be compared against `std::nullptr_t` objects which are used
+   to model the `null` value.
+- Container
+ - [Container](https://en.cppreference.com/w/cpp/named_req/Container):
+   JSON values can be used like STL containers and provide iterator access.
+ - [ReversibleContainer](https://en.cppreference.com/w/cpp/named_req/ReversibleContainer);
+   JSON values can be used like STL containers and provide reverse iterator
+   access.
+
+@invariant The member variables @a m_value and @a m_type have the following
+relationship:
+- If `m_type == value_t::object`, then `m_value.object != nullptr`.
+- If `m_type == value_t::array`, then `m_value.array != nullptr`.
+- If `m_type == value_t::string`, then `m_value.string != nullptr`.
+The invariants are checked by member function assert_invariant().
+
+@internal
+@note ObjectType trick from http://stackoverflow.com/a/9860911
+@endinternal
+
+@see [RFC 7159: The JavaScript Object Notation (JSON) Data Interchange
+Format](http://rfc7159.net/rfc7159)
+
+@since version 1.0.0
+
+@nosubgrouping
+*/
+NLOHMANN_BASIC_JSON_TPL_DECLARATION
+class basic_json
+{
+  private:
+    template<detail::value_t> friend struct detail::external_constructor;
+    friend ::nlohmann::json_pointer<basic_json>;
+    friend ::nlohmann::detail::parser<basic_json>;
+    friend ::nlohmann::detail::serializer<basic_json>;
+    template<typename BasicJsonType>
+    friend class ::nlohmann::detail::iter_impl;
+    template<typename BasicJsonType, typename CharType>
+    friend class ::nlohmann::detail::binary_writer;
+    template<typename BasicJsonType, typename SAX>
+    friend class ::nlohmann::detail::binary_reader;
+    template<typename BasicJsonType>
+    friend class ::nlohmann::detail::json_sax_dom_parser;
+    template<typename BasicJsonType>
+    friend class ::nlohmann::detail::json_sax_dom_callback_parser;
+
+    /// workaround type for MSVC
+    using basic_json_t = NLOHMANN_BASIC_JSON_TPL;
+
+    // convenience aliases for types residing in namespace detail;
+    using lexer = ::nlohmann::detail::lexer<basic_json>;
+    using parser = ::nlohmann::detail::parser<basic_json>;
+
+    using primitive_iterator_t = ::nlohmann::detail::primitive_iterator_t;
+    template<typename BasicJsonType>
+    using internal_iterator = ::nlohmann::detail::internal_iterator<BasicJsonType>;
+    template<typename BasicJsonType>
+    using iter_impl = ::nlohmann::detail::iter_impl<BasicJsonType>;
+    template<typename Iterator>
+    using iteration_proxy = ::nlohmann::detail::iteration_proxy<Iterator>;
+    template<typename Base> using json_reverse_iterator = ::nlohmann::detail::json_reverse_iterator<Base>;
+
+    template<typename CharType>
+    using output_adapter_t = ::nlohmann::detail::output_adapter_t<CharType>;
+
+    using binary_reader = ::nlohmann::detail::binary_reader<basic_json>;
+    template<typename CharType> using binary_writer = ::nlohmann::detail::binary_writer<basic_json, CharType>;
+
+    using serializer = ::nlohmann::detail::serializer<basic_json>;
+
+  public:
+    using value_t = detail::value_t;
+    /// JSON Pointer, see @ref nlohmann::json_pointer
+    using json_pointer = ::nlohmann::json_pointer<basic_json>;
+    template<typename T, typename SFINAE>
+    using json_serializer = JSONSerializer<T, SFINAE>;
+    /// how to treat decoding errors
+    using error_handler_t = detail::error_handler_t;
+    /// helper type for initializer lists of basic_json values
+    using initializer_list_t = std::initializer_list<detail::json_ref<basic_json>>;
+
+    using input_format_t = detail::input_format_t;
+    /// SAX interface type, see @ref nlohmann::json_sax
+    using json_sax_t = json_sax<basic_json>;
+
+    ////////////////
+    // exceptions //
+    ////////////////
+
+    /// @name exceptions
+    /// Classes to implement user-defined exceptions.
+    /// @{
+
+    /// @copydoc detail::exception
+    using exception = detail::exception;
+    /// @copydoc detail::parse_error
+    using parse_error = detail::parse_error;
+    /// @copydoc detail::invalid_iterator
+    using invalid_iterator = detail::invalid_iterator;
+    /// @copydoc detail::type_error
+    using type_error = detail::type_error;
+    /// @copydoc detail::out_of_range
+    using out_of_range = detail::out_of_range;
+    /// @copydoc detail::other_error
+    using other_error = detail::other_error;
+
+    /// @}
+
+
+    /////////////////////
+    // container types //
+    /////////////////////
+
+    /// @name container types
+    /// The canonic container types to use @ref basic_json like any other STL
+    /// container.
+    /// @{
+
+    /// the type of elements in a basic_json container
+    using value_type = basic_json;
+
+    /// the type of an element reference
+    using reference = value_type&;
+    /// the type of an element const reference
+    using const_reference = const value_type&;
+
+    /// a type to represent differences between iterators
+    using difference_type = std::ptrdiff_t;
+    /// a type to represent container sizes
+    using size_type = std::size_t;
+
+    /// the allocator type
+    using allocator_type = AllocatorType<basic_json>;
+
+    /// the type of an element pointer
+    using pointer = typename std::allocator_traits<allocator_type>::pointer;
+    /// the type of an element const pointer
+    using const_pointer = typename std::allocator_traits<allocator_type>::const_pointer;
+
+    /// an iterator for a basic_json container
+    using iterator = iter_impl<basic_json>;
+    /// a const iterator for a basic_json container
+    using const_iterator = iter_impl<const basic_json>;
+    /// a reverse iterator for a basic_json container
+    using reverse_iterator = json_reverse_iterator<typename basic_json::iterator>;
+    /// a const reverse iterator for a basic_json container
+    using const_reverse_iterator = json_reverse_iterator<typename basic_json::const_iterator>;
+
+    /// @}
+
+
+    /*!
+    @brief returns the allocator associated with the container
+    */
+    static allocator_type get_allocator()
+    {
+        return allocator_type();
+    }
+
+    /*!
+    @brief returns version information on the library
+
+    This function returns a JSON object with information about the library,
+    including the version number and information on the platform and compiler.
+
+    @return JSON object holding version information
+    key         | description
+    ----------- | ---------------
+    `compiler`  | Information on the used compiler. It is an object with the following keys: `c++` (the used C++ standard), `family` (the compiler family; possible values are `clang`, `icc`, `gcc`, `ilecpp`, `msvc`, `pgcpp`, `sunpro`, and `unknown`), and `version` (the compiler version).
+    `copyright` | The copyright line for the library as string.
+    `name`      | The name of the library as string.
+    `platform`  | The used platform as string. Possible values are `win32`, `linux`, `apple`, `unix`, and `unknown`.
+    `url`       | The URL of the project as string.
+    `version`   | The version of the library. It is an object with the following keys: `major`, `minor`, and `patch` as defined by [Semantic Versioning](http://semver.org), and `string` (the version string).
+
+    @liveexample{The following code shows an example output of the `meta()`
+    function.,meta}
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @complexity Constant.
+
+    @since 2.1.0
+    */
+    static basic_json meta()
+    {
+        basic_json result;
+
+        result["copyright"] = "(C) 2013-2017 Niels Lohmann";
+        result["name"] = "JSON for Modern C++";
+        result["url"] = "https://github.com/nlohmann/json";
+        result["version"]["string"] =
+            std::to_string(NLOHMANN_JSON_VERSION_MAJOR) + "." +
+            std::to_string(NLOHMANN_JSON_VERSION_MINOR) + "." +
+            std::to_string(NLOHMANN_JSON_VERSION_PATCH);
+        result["version"]["major"] = NLOHMANN_JSON_VERSION_MAJOR;
+        result["version"]["minor"] = NLOHMANN_JSON_VERSION_MINOR;
+        result["version"]["patch"] = NLOHMANN_JSON_VERSION_PATCH;
+
+#ifdef _WIN32
+        result["platform"] = "win32";
+#elif defined __linux__
+        result["platform"] = "linux";
+#elif defined __APPLE__
+        result["platform"] = "apple";
+#elif defined __unix__
+        result["platform"] = "unix";
+#else
+        result["platform"] = "unknown";
+#endif
+
+#if defined(__ICC) || defined(__INTEL_COMPILER)
+        result["compiler"] = {{"family", "icc"}, {"version", __INTEL_COMPILER}};
+#elif defined(__clang__)
+        result["compiler"] = {{"family", "clang"}, {"version", __clang_version__}};
+#elif defined(__GNUC__) || defined(__GNUG__)
+        result["compiler"] = {{"family", "gcc"}, {"version", std::to_string(__GNUC__) + "." + std::to_string(__GNUC_MINOR__) + "." + std::to_string(__GNUC_PATCHLEVEL__)}};
+#elif defined(__HP_cc) || defined(__HP_aCC)
+        result["compiler"] = "hp"
+#elif defined(__IBMCPP__)
+        result["compiler"] = {{"family", "ilecpp"}, {"version", __IBMCPP__}};
+#elif defined(_MSC_VER)
+        result["compiler"] = {{"family", "msvc"}, {"version", _MSC_VER}};
+#elif defined(__PGI)
+        result["compiler"] = {{"family", "pgcpp"}, {"version", __PGI}};
+#elif defined(__SUNPRO_CC)
+        result["compiler"] = {{"family", "sunpro"}, {"version", __SUNPRO_CC}};
+#else
+        result["compiler"] = {{"family", "unknown"}, {"version", "unknown"}};
+#endif
+
+#ifdef __cplusplus
+        result["compiler"]["c++"] = std::to_string(__cplusplus);
+#else
+        result["compiler"]["c++"] = "unknown";
+#endif
+        return result;
+    }
+
+
+    ///////////////////////////
+    // JSON value data types //
+    ///////////////////////////
+
+    /// @name JSON value data types
+    /// The data types to store a JSON value. These types are derived from
+    /// the template arguments passed to class @ref basic_json.
+    /// @{
+
+#if defined(JSON_HAS_CPP_14)
+    // Use transparent comparator if possible, combined with perfect forwarding
+    // on find() and count() calls prevents unnecessary string construction.
+    using object_comparator_t = std::less<>;
+#else
+    using object_comparator_t = std::less<StringType>;
+#endif
+
+    /*!
+    @brief a type for an object
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes JSON objects as follows:
+    > An object is an unordered collection of zero or more name/value pairs,
+    > where a name is a string and a value is a string, number, boolean, null,
+    > object, or array.
+
+    To store objects in C++, a type is defined by the template parameters
+    described below.
+
+    @tparam ObjectType  the container to store objects (e.g., `std::map` or
+    `std::unordered_map`)
+    @tparam StringType the type of the keys or names (e.g., `std::string`).
+    The comparison function `std::less<StringType>` is used to order elements
+    inside the container.
+    @tparam AllocatorType the allocator to use for objects (e.g.,
+    `std::allocator`)
+
+    #### Default type
+
+    With the default values for @a ObjectType (`std::map`), @a StringType
+    (`std::string`), and @a AllocatorType (`std::allocator`), the default
+    value for @a object_t is:
+
+    @code {.cpp}
+    std::map<
+      std::string, // key_type
+      basic_json, // value_type
+      std::less<std::string>, // key_compare
+      std::allocator<std::pair<const std::string, basic_json>> // allocator_type
+    >
+    @endcode
+
+    #### Behavior
+
+    The choice of @a object_t influences the behavior of the JSON class. With
+    the default type, objects have the following behavior:
+
+    - When all names are unique, objects will be interoperable in the sense
+      that all software implementations receiving that object will agree on
+      the name-value mappings.
+    - When the names within an object are not unique, it is unspecified which
+      one of the values for a given key will be chosen. For instance,
+      `{"key": 2, "key": 1}` could be equal to either `{"key": 1}` or
+      `{"key": 2}`.
+    - Internally, name/value pairs are stored in lexicographical order of the
+      names. Objects will also be serialized (see @ref dump) in this order.
+      For instance, `{"b": 1, "a": 2}` and `{"a": 2, "b": 1}` will be stored
+      and serialized as `{"a": 2, "b": 1}`.
+    - When comparing objects, the order of the name/value pairs is irrelevant.
+      This makes objects interoperable in the sense that they will not be
+      affected by these differences. For instance, `{"b": 1, "a": 2}` and
+      `{"a": 2, "b": 1}` will be treated as equal.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the maximum depth of nesting.
+
+    In this class, the object's limit of nesting is not explicitly constrained.
+    However, a maximum depth of nesting may be introduced by the compiler or
+    runtime environment. A theoretical limit can be queried by calling the
+    @ref max_size function of a JSON object.
+
+    #### Storage
+
+    Objects are stored as pointers in a @ref basic_json type. That is, for any
+    access to object values, a pointer of type `object_t*` must be
+    dereferenced.
+
+    @sa @ref array_t -- type for an array value
+
+    @since version 1.0.0
+
+    @note The order name/value pairs are added to the object is *not*
+    preserved by the library. Therefore, iterating an object may return
+    name/value pairs in a different order than they were originally stored. In
+    fact, keys will be traversed in alphabetical order as `std::map` with
+    `std::less` is used by default. Please note this behavior conforms to [RFC
+    7159](http://rfc7159.net/rfc7159), because any order implements the
+    specified "unordered" nature of JSON objects.
+    */
+    using object_t = ObjectType<StringType,
+          basic_json,
+          object_comparator_t,
+          AllocatorType<std::pair<const StringType,
+          basic_json>>>;
+
+    /*!
+    @brief a type for an array
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes JSON arrays as follows:
+    > An array is an ordered sequence of zero or more values.
+
+    To store objects in C++, a type is defined by the template parameters
+    explained below.
+
+    @tparam ArrayType  container type to store arrays (e.g., `std::vector` or
+    `std::list`)
+    @tparam AllocatorType allocator to use for arrays (e.g., `std::allocator`)
+
+    #### Default type
+
+    With the default values for @a ArrayType (`std::vector`) and @a
+    AllocatorType (`std::allocator`), the default value for @a array_t is:
+
+    @code {.cpp}
+    std::vector<
+      basic_json, // value_type
+      std::allocator<basic_json> // allocator_type
+    >
+    @endcode
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the maximum depth of nesting.
+
+    In this class, the array's limit of nesting is not explicitly constrained.
+    However, a maximum depth of nesting may be introduced by the compiler or
+    runtime environment. A theoretical limit can be queried by calling the
+    @ref max_size function of a JSON array.
+
+    #### Storage
+
+    Arrays are stored as pointers in a @ref basic_json type. That is, for any
+    access to array values, a pointer of type `array_t*` must be dereferenced.
+
+    @sa @ref object_t -- type for an object value
+
+    @since version 1.0.0
+    */
+    using array_t = ArrayType<basic_json, AllocatorType<basic_json>>;
+
+    /*!
+    @brief a type for a string
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes JSON strings as follows:
+    > A string is a sequence of zero or more Unicode characters.
+
+    To store objects in C++, a type is defined by the template parameter
+    described below. Unicode values are split by the JSON class into
+    byte-sized characters during deserialization.
+
+    @tparam StringType  the container to store strings (e.g., `std::string`).
+    Note this container is used for keys/names in objects, see @ref object_t.
+
+    #### Default type
+
+    With the default values for @a StringType (`std::string`), the default
+    value for @a string_t is:
+
+    @code {.cpp}
+    std::string
+    @endcode
+
+    #### Encoding
+
+    Strings are stored in UTF-8 encoding. Therefore, functions like
+    `std::string::size()` or `std::string::length()` return the number of
+    bytes in the string rather than the number of characters or glyphs.
+
+    #### String comparison
+
+    [RFC 7159](http://rfc7159.net/rfc7159) states:
+    > Software implementations are typically required to test names of object
+    > members for equality. Implementations that transform the textual
+    > representation into sequences of Unicode code units and then perform the
+    > comparison numerically, code unit by code unit, are interoperable in the
+    > sense that implementations will agree in all cases on equality or
+    > inequality of two strings. For example, implementations that compare
+    > strings with escaped characters unconverted may incorrectly find that
+    > `"a\\b"` and `"a\u005Cb"` are not equal.
+
+    This implementation is interoperable as it does compare strings code unit
+    by code unit.
+
+    #### Storage
+
+    String values are stored as pointers in a @ref basic_json type. That is,
+    for any access to string values, a pointer of type `string_t*` must be
+    dereferenced.
+
+    @since version 1.0.0
+    */
+    using string_t = StringType;
+
+    /*!
+    @brief a type for a boolean
+
+    [RFC 7159](http://rfc7159.net/rfc7159) implicitly describes a boolean as a
+    type which differentiates the two literals `true` and `false`.
+
+    To store objects in C++, a type is defined by the template parameter @a
+    BooleanType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a BooleanType (`bool`), the default value for
+    @a boolean_t is:
+
+    @code {.cpp}
+    bool
+    @endcode
+
+    #### Storage
+
+    Boolean values are stored directly inside a @ref basic_json type.
+
+    @since version 1.0.0
+    */
+    using boolean_t = BooleanType;
+
+    /*!
+    @brief a type for a number (integer)
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes numbers as follows:
+    > The representation of numbers is similar to that used in most
+    > programming languages. A number is represented in base 10 using decimal
+    > digits. It contains an integer component that may be prefixed with an
+    > optional minus sign, which may be followed by a fraction part and/or an
+    > exponent part. Leading zeros are not allowed. (...) Numeric values that
+    > cannot be represented in the grammar below (such as Infinity and NaN)
+    > are not permitted.
+
+    This description includes both integer and floating-point numbers.
+    However, C++ allows more precise storage if it is known whether the number
+    is a signed integer, an unsigned integer or a floating-point number.
+    Therefore, three different types, @ref number_integer_t, @ref
+    number_unsigned_t and @ref number_float_t are used.
+
+    To store integer numbers in C++, a type is defined by the template
+    parameter @a NumberIntegerType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a NumberIntegerType (`int64_t`), the default
+    value for @a number_integer_t is:
+
+    @code {.cpp}
+    int64_t
+    @endcode
+
+    #### Default behavior
+
+    - The restrictions about leading zeros is not enforced in C++. Instead,
+      leading zeros in integer literals lead to an interpretation as octal
+      number. Internally, the value will be stored as decimal number. For
+      instance, the C++ integer literal `010` will be serialized to `8`.
+      During deserialization, leading zeros yield an error.
+    - Not-a-number (NaN) values will be serialized to `null`.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the range and precision of numbers.
+
+    When the default type is used, the maximal integer number that can be
+    stored is `9223372036854775807` (INT64_MAX) and the minimal integer number
+    that can be stored is `-9223372036854775808` (INT64_MIN). Integer numbers
+    that are out of range will yield over/underflow when used in a
+    constructor. During deserialization, too large or small integer numbers
+    will be automatically be stored as @ref number_unsigned_t or @ref
+    number_float_t.
+
+    [RFC 7159](http://rfc7159.net/rfc7159) further states:
+    > Note that when such software is used, numbers that are integers and are
+    > in the range \f$[-2^{53}+1, 2^{53}-1]\f$ are interoperable in the sense
+    > that implementations will agree exactly on their numeric values.
+
+    As this range is a subrange of the exactly supported range [INT64_MIN,
+    INT64_MAX], this class's integer type is interoperable.
+
+    #### Storage
+
+    Integer number values are stored directly inside a @ref basic_json type.
+
+    @sa @ref number_float_t -- type for number values (floating-point)
+
+    @sa @ref number_unsigned_t -- type for number values (unsigned integer)
+
+    @since version 1.0.0
+    */
+    using number_integer_t = NumberIntegerType;
+
+    /*!
+    @brief a type for a number (unsigned)
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes numbers as follows:
+    > The representation of numbers is similar to that used in most
+    > programming languages. A number is represented in base 10 using decimal
+    > digits. It contains an integer component that may be prefixed with an
+    > optional minus sign, which may be followed by a fraction part and/or an
+    > exponent part. Leading zeros are not allowed. (...) Numeric values that
+    > cannot be represented in the grammar below (such as Infinity and NaN)
+    > are not permitted.
+
+    This description includes both integer and floating-point numbers.
+    However, C++ allows more precise storage if it is known whether the number
+    is a signed integer, an unsigned integer or a floating-point number.
+    Therefore, three different types, @ref number_integer_t, @ref
+    number_unsigned_t and @ref number_float_t are used.
+
+    To store unsigned integer numbers in C++, a type is defined by the
+    template parameter @a NumberUnsignedType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a NumberUnsignedType (`uint64_t`), the
+    default value for @a number_unsigned_t is:
+
+    @code {.cpp}
+    uint64_t
+    @endcode
+
+    #### Default behavior
+
+    - The restrictions about leading zeros is not enforced in C++. Instead,
+      leading zeros in integer literals lead to an interpretation as octal
+      number. Internally, the value will be stored as decimal number. For
+      instance, the C++ integer literal `010` will be serialized to `8`.
+      During deserialization, leading zeros yield an error.
+    - Not-a-number (NaN) values will be serialized to `null`.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the range and precision of numbers.
+
+    When the default type is used, the maximal integer number that can be
+    stored is `18446744073709551615` (UINT64_MAX) and the minimal integer
+    number that can be stored is `0`. Integer numbers that are out of range
+    will yield over/underflow when used in a constructor. During
+    deserialization, too large or small integer numbers will be automatically
+    be stored as @ref number_integer_t or @ref number_float_t.
+
+    [RFC 7159](http://rfc7159.net/rfc7159) further states:
+    > Note that when such software is used, numbers that are integers and are
+    > in the range \f$[-2^{53}+1, 2^{53}-1]\f$ are interoperable in the sense
+    > that implementations will agree exactly on their numeric values.
+
+    As this range is a subrange (when considered in conjunction with the
+    number_integer_t type) of the exactly supported range [0, UINT64_MAX],
+    this class's integer type is interoperable.
+
+    #### Storage
+
+    Integer number values are stored directly inside a @ref basic_json type.
+
+    @sa @ref number_float_t -- type for number values (floating-point)
+    @sa @ref number_integer_t -- type for number values (integer)
+
+    @since version 2.0.0
+    */
+    using number_unsigned_t = NumberUnsignedType;
+
+    /*!
+    @brief a type for a number (floating-point)
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes numbers as follows:
+    > The representation of numbers is similar to that used in most
+    > programming languages. A number is represented in base 10 using decimal
+    > digits. It contains an integer component that may be prefixed with an
+    > optional minus sign, which may be followed by a fraction part and/or an
+    > exponent part. Leading zeros are not allowed. (...) Numeric values that
+    > cannot be represented in the grammar below (such as Infinity and NaN)
+    > are not permitted.
+
+    This description includes both integer and floating-point numbers.
+    However, C++ allows more precise storage if it is known whether the number
+    is a signed integer, an unsigned integer or a floating-point number.
+    Therefore, three different types, @ref number_integer_t, @ref
+    number_unsigned_t and @ref number_float_t are used.
+
+    To store floating-point numbers in C++, a type is defined by the template
+    parameter @a NumberFloatType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a NumberFloatType (`double`), the default
+    value for @a number_float_t is:
+
+    @code {.cpp}
+    double
+    @endcode
+
+    #### Default behavior
+
+    - The restrictions about leading zeros is not enforced in C++. Instead,
+      leading zeros in floating-point literals will be ignored. Internally,
+      the value will be stored as decimal number. For instance, the C++
+      floating-point literal `01.2` will be serialized to `1.2`. During
+      deserialization, leading zeros yield an error.
+    - Not-a-number (NaN) values will be serialized to `null`.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) states:
+    > This specification allows implementations to set limits on the range and
+    > precision of numbers accepted. Since software that implements IEEE
+    > 754-2008 binary64 (double precision) numbers is generally available and
+    > widely used, good interoperability can be achieved by implementations
+    > that expect no more precision or range than these provide, in the sense
+    > that implementations will approximate JSON numbers within the expected
+    > precision.
+
+    This implementation does exactly follow this approach, as it uses double
+    precision floating-point numbers. Note values smaller than
+    `-1.79769313486232e+308` and values greater than `1.79769313486232e+308`
+    will be stored as NaN internally and be serialized to `null`.
+
+    #### Storage
+
+    Floating-point number values are stored directly inside a @ref basic_json
+    type.
+
+    @sa @ref number_integer_t -- type for number values (integer)
+
+    @sa @ref number_unsigned_t -- type for number values (unsigned integer)
+
+    @since version 1.0.0
+    */
+    using number_float_t = NumberFloatType;
+
+    /// @}
+
+  private:
+
+    /// helper for exception-safe object creation
+    template<typename T, typename... Args>
+    static T* create(Args&& ... args)
+    {
+        AllocatorType<T> alloc;
+        using AllocatorTraits = std::allocator_traits<AllocatorType<T>>;
+
+        auto deleter = [&](T * object)
+        {
+            AllocatorTraits::deallocate(alloc, object, 1);
+        };
+        std::unique_ptr<T, decltype(deleter)> object(AllocatorTraits::allocate(alloc, 1), deleter);
+        AllocatorTraits::construct(alloc, object.get(), std::forward<Args>(args)...);
+        assert(object != nullptr);
+        return object.release();
+    }
+
+    ////////////////////////
+    // JSON value storage //
+    ////////////////////////
+
+    /*!
+    @brief a JSON value
+
+    The actual storage for a JSON value of the @ref basic_json class. This
+    union combines the different storage types for the JSON value types
+    defined in @ref value_t.
+
+    JSON type | value_t type    | used type
+    --------- | --------------- | ------------------------
+    object    | object          | pointer to @ref object_t
+    array     | array           | pointer to @ref array_t
+    string    | string          | pointer to @ref string_t
+    boolean   | boolean         | @ref boolean_t
+    number    | number_integer  | @ref number_integer_t
+    number    | number_unsigned | @ref number_unsigned_t
+    number    | number_float    | @ref number_float_t
+    null      | null            | *no value is stored*
+
+    @note Variable-length types (objects, arrays, and strings) are stored as
+    pointers. The size of the union should not exceed 64 bits if the default
+    value types are used.
+
+    @since version 1.0.0
+    */
+    union json_value
+    {
+        /// object (stored with pointer to save storage)
+        object_t* object;
+        /// array (stored with pointer to save storage)
+        array_t* array;
+        /// string (stored with pointer to save storage)
+        string_t* string;
+        /// boolean
+        boolean_t boolean;
+        /// number (integer)
+        number_integer_t number_integer;
+        /// number (unsigned integer)
+        number_unsigned_t number_unsigned;
+        /// number (floating-point)
+        number_float_t number_float;
+
+        /// default constructor (for null values)
+        json_value() = default;
+        /// constructor for booleans
+        json_value(boolean_t v) noexcept : boolean(v) {}
+        /// constructor for numbers (integer)
+        json_value(number_integer_t v) noexcept : number_integer(v) {}
+        /// constructor for numbers (unsigned)
+        json_value(number_unsigned_t v) noexcept : number_unsigned(v) {}
+        /// constructor for numbers (floating-point)
+        json_value(number_float_t v) noexcept : number_float(v) {}
+        /// constructor for empty values of a given type
+        json_value(value_t t)
+        {
+            switch (t)
+            {
+                case value_t::object:
+                {
+                    object = create<object_t>();
+                    break;
+                }
+
+                case value_t::array:
+                {
+                    array = create<array_t>();
+                    break;
+                }
+
+                case value_t::string:
+                {
+                    string = create<string_t>("");
+                    break;
+                }
+
+                case value_t::boolean:
+                {
+                    boolean = boolean_t(false);
+                    break;
+                }
+
+                case value_t::number_integer:
+                {
+                    number_integer = number_integer_t(0);
+                    break;
+                }
+
+                case value_t::number_unsigned:
+                {
+                    number_unsigned = number_unsigned_t(0);
+                    break;
+                }
+
+                case value_t::number_float:
+                {
+                    number_float = number_float_t(0.0);
+                    break;
+                }
+
+                case value_t::null:
+                {
+                    object = nullptr;  // silence warning, see #821
+                    break;
+                }
+
+                default:
+                {
+                    object = nullptr;  // silence warning, see #821
+                    if (JSON_UNLIKELY(t == value_t::null))
+                    {
+                        JSON_THROW(other_error::create(500, "961c151d2e87f2686a955a9be24d316f1362bf21 3.5.0")); // LCOV_EXCL_LINE
+                    }
+                    break;
+                }
+            }
+        }
+
+        /// constructor for strings
+        json_value(const string_t& value)
+        {
+            string = create<string_t>(value);
+        }
+
+        /// constructor for rvalue strings
+        json_value(string_t&& value)
+        {
+            string = create<string_t>(std::move(value));
+        }
+
+        /// constructor for objects
+        json_value(const object_t& value)
+        {
+            object = create<object_t>(value);
+        }
+
+        /// constructor for rvalue objects
+        json_value(object_t&& value)
+        {
+            object = create<object_t>(std::move(value));
+        }
+
+        /// constructor for arrays
+        json_value(const array_t& value)
+        {
+            array = create<array_t>(value);
+        }
+
+        /// constructor for rvalue arrays
+        json_value(array_t&& value)
+        {
+            array = create<array_t>(std::move(value));
+        }
+
+        void destroy(value_t t) noexcept
+        {
+            switch (t)
+            {
+                case value_t::object:
+                {
+                    AllocatorType<object_t> alloc;
+                    std::allocator_traits<decltype(alloc)>::destroy(alloc, object);
+                    std::allocator_traits<decltype(alloc)>::deallocate(alloc, object, 1);
+                    break;
+                }
+
+                case value_t::array:
+                {
+                    AllocatorType<array_t> alloc;
+                    std::allocator_traits<decltype(alloc)>::destroy(alloc, array);
+                    std::allocator_traits<decltype(alloc)>::deallocate(alloc, array, 1);
+                    break;
+                }
+
+                case value_t::string:
+                {
+                    AllocatorType<string_t> alloc;
+                    std::allocator_traits<decltype(alloc)>::destroy(alloc, string);
+                    std::allocator_traits<decltype(alloc)>::deallocate(alloc, string, 1);
+                    break;
+                }
+
+                default:
+                {
+                    break;
+                }
+            }
+        }
+    };
+
+    /*!
+    @brief checks the class invariants
+
+    This function asserts the class invariants. It needs to be called at the
+    end of every constructor to make sure that created objects respect the
+    invariant. Furthermore, it has to be called each time the type of a JSON
+    value is changed, because the invariant expresses a relationship between
+    @a m_type and @a m_value.
+    */
+    void assert_invariant() const noexcept
+    {
+        assert(m_type != value_t::object or m_value.object != nullptr);
+        assert(m_type != value_t::array or m_value.array != nullptr);
+        assert(m_type != value_t::string or m_value.string != nullptr);
+    }
+
+  public:
+    //////////////////////////
+    // JSON parser callback //
+    //////////////////////////
+
+    /*!
+    @brief parser event types
+
+    The parser callback distinguishes the following events:
+    - `object_start`: the parser read `{` and started to process a JSON object
+    - `key`: the parser read a key of a value in an object
+    - `object_end`: the parser read `}` and finished processing a JSON object
+    - `array_start`: the parser read `[` and started to process a JSON array
+    - `array_end`: the parser read `]` and finished processing a JSON array
+    - `value`: the parser finished reading a JSON value
+
+    @image html callback_events.png "Example when certain parse events are triggered"
+
+    @sa @ref parser_callback_t for more information and examples
+    */
+    using parse_event_t = typename parser::parse_event_t;
+
+    /*!
+    @brief per-element parser callback type
+
+    With a parser callback function, the result of parsing a JSON text can be
+    influenced. When passed to @ref parse, it is called on certain events
+    (passed as @ref parse_event_t via parameter @a event) with a set recursion
+    depth @a depth and context JSON value @a parsed. The return value of the
+    callback function is a boolean indicating whether the element that emitted
+    the callback shall be kept or not.
+
+    We distinguish six scenarios (determined by the event type) in which the
+    callback function can be called. The following table describes the values
+    of the parameters @a depth, @a event, and @a parsed.
+
+    parameter @a event | description | parameter @a depth | parameter @a parsed
+    ------------------ | ----------- | ------------------ | -------------------
+    parse_event_t::object_start | the parser read `{` and started to process a JSON object | depth of the parent of the JSON object | a JSON value with type discarded
+    parse_event_t::key | the parser read a key of a value in an object | depth of the currently parsed JSON object | a JSON string containing the key
+    parse_event_t::object_end | the parser read `}` and finished processing a JSON object | depth of the parent of the JSON object | the parsed JSON object
+    parse_event_t::array_start | the parser read `[` and started to process a JSON array | depth of the parent of the JSON array | a JSON value with type discarded
+    parse_event_t::array_end | the parser read `]` and finished processing a JSON array | depth of the parent of the JSON array | the parsed JSON array
+    parse_event_t::value | the parser finished reading a JSON value | depth of the value | the parsed JSON value
+
+    @image html callback_events.png "Example when certain parse events are triggered"
+
+    Discarding a value (i.e., returning `false`) has different effects
+    depending on the context in which function was called:
+
+    - Discarded values in structured types are skipped. That is, the parser
+      will behave as if the discarded value was never read.
+    - In case a value outside a structured type is skipped, it is replaced
+      with `null`. This case happens if the top-level element is skipped.
+
+    @param[in] depth  the depth of the recursion during parsing
+
+    @param[in] event  an event of type parse_event_t indicating the context in
+    the callback function has been called
+
+    @param[in,out] parsed  the current intermediate parse result; note that
+    writing to this value has no effect for parse_event_t::key events
+
+    @return Whether the JSON value which called the function during parsing
+    should be kept (`true`) or not (`false`). In the latter case, it is either
+    skipped completely or replaced by an empty discarded object.
+
+    @sa @ref parse for examples
+
+    @since version 1.0.0
+    */
+    using parser_callback_t = typename parser::parser_callback_t;
+
+    //////////////////
+    // constructors //
+    //////////////////
+
+    /// @name constructors and destructors
+    /// Constructors of class @ref basic_json, copy/move constructor, copy
+    /// assignment, static functions creating objects, and the destructor.
+    /// @{
+
+    /*!
+    @brief create an empty value with a given type
+
+    Create an empty JSON value with a given type. The value will be default
+    initialized with an empty value which depends on the type:
+
+    Value type  | initial value
+    ----------- | -------------
+    null        | `null`
+    boolean     | `false`
+    string      | `""`
+    number      | `0`
+    object      | `{}`
+    array       | `[]`
+
+    @param[in] v  the type of the value to create
+
+    @complexity Constant.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @liveexample{The following code shows the constructor for different @ref
+    value_t values,basic_json__value_t}
+
+    @sa @ref clear() -- restores the postcondition of this constructor
+
+    @since version 1.0.0
+    */
+    basic_json(const value_t v)
+        : m_type(v), m_value(v)
+    {
+        assert_invariant();
+    }
+
+    /*!
+    @brief create a null object
+
+    Create a `null` JSON value. It either takes a null pointer as parameter
+    (explicitly creating `null`) or no parameter (implicitly creating `null`).
+    The passed null pointer itself is not read -- it is only used to choose
+    the right constructor.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this constructor never throws
+    exceptions.
+
+    @liveexample{The following code shows the constructor with and without a
+    null pointer parameter.,basic_json__nullptr_t}
+
+    @since version 1.0.0
+    */
+    basic_json(std::nullptr_t = nullptr) noexcept
+        : basic_json(value_t::null)
+    {
+        assert_invariant();
+    }
+
+    /*!
+    @brief create a JSON value
+
+    This is a "catch all" constructor for all compatible JSON types; that is,
+    types for which a `to_json()` method exists. The constructor forwards the
+    parameter @a val to that method (to `json_serializer<U>::to_json` method
+    with `U = uncvref_t<CompatibleType>`, to be exact).
+
+    Template type @a CompatibleType includes, but is not limited to, the
+    following types:
+    - **arrays**: @ref array_t and all kinds of compatible containers such as
+      `std::vector`, `std::deque`, `std::list`, `std::forward_list`,
+      `std::array`, `std::valarray`, `std::set`, `std::unordered_set`,
+      `std::multiset`, and `std::unordered_multiset` with a `value_type` from
+      which a @ref basic_json value can be constructed.
+    - **objects**: @ref object_t and all kinds of compatible associative
+      containers such as `std::map`, `std::unordered_map`, `std::multimap`,
+      and `std::unordered_multimap` with a `key_type` compatible to
+      @ref string_t and a `value_type` from which a @ref basic_json value can
+      be constructed.
+    - **strings**: @ref string_t, string literals, and all compatible string
+      containers can be used.
+    - **numbers**: @ref number_integer_t, @ref number_unsigned_t,
+      @ref number_float_t, and all convertible number types such as `int`,
+      `size_t`, `int64_t`, `float` or `double` can be used.
+    - **boolean**: @ref boolean_t / `bool` can be used.
+
+    See the examples below.
+
+    @tparam CompatibleType a type such that:
+    - @a CompatibleType is not derived from `std::istream`,
+    - @a CompatibleType is not @ref basic_json (to avoid hijacking copy/move
+         constructors),
+    - @a CompatibleType is not a different @ref basic_json type (i.e. with different template arguments)
+    - @a CompatibleType is not a @ref basic_json nested type (e.g.,
+         @ref json_pointer, @ref iterator, etc ...)
+    - @ref @ref json_serializer<U> has a
+         `to_json(basic_json_t&, CompatibleType&&)` method
+
+    @tparam U = `uncvref_t<CompatibleType>`
+
+    @param[in] val the value to be forwarded to the respective constructor
+
+    @complexity Usually linear in the size of the passed @a val, also
+                depending on the implementation of the called `to_json()`
+                method.
+
+    @exceptionsafety Depends on the called constructor. For types directly
+    supported by the library (i.e., all types for which no `to_json()` function
+    was provided), strong guarantee holds: if an exception is thrown, there are
+    no changes to any JSON value.
+
+    @liveexample{The following code shows the constructor with several
+    compatible types.,basic_json__CompatibleType}
+
+    @since version 2.1.0
+    */
+    template <typename CompatibleType,
+              typename U = detail::uncvref_t<CompatibleType>,
+              detail::enable_if_t<
+                  not detail::is_basic_json<U>::value and detail::is_compatible_type<basic_json_t, U>::value, int> = 0>
+    basic_json(CompatibleType && val) noexcept(noexcept(
+                JSONSerializer<U>::to_json(std::declval<basic_json_t&>(),
+                                           std::forward<CompatibleType>(val))))
+    {
+        JSONSerializer<U>::to_json(*this, std::forward<CompatibleType>(val));
+        assert_invariant();
+    }
+
+    /*!
+    @brief create a JSON value from an existing one
+
+    This is a constructor for existing @ref basic_json types.
+    It does not hijack copy/move constructors, since the parameter has different
+    template arguments than the current ones.
+
+    The constructor tries to convert the internal @ref m_value of the parameter.
+
+    @tparam BasicJsonType a type such that:
+    - @a BasicJsonType is a @ref basic_json type.
+    - @a BasicJsonType has different template arguments than @ref basic_json_t.
+
+    @param[in] val the @ref basic_json value to be converted.
+
+    @complexity Usually linear in the size of the passed @a val, also
+                depending on the implementation of the called `to_json()`
+                method.
+
+    @exceptionsafety Depends on the called constructor. For types directly
+    supported by the library (i.e., all types for which no `to_json()` function
+    was provided), strong guarantee holds: if an exception is thrown, there are
+    no changes to any JSON value.
+
+    @since version 3.2.0
+    */
+    template <typename BasicJsonType,
+              detail::enable_if_t<
+                  detail::is_basic_json<BasicJsonType>::value and not std::is_same<basic_json, BasicJsonType>::value, int> = 0>
+    basic_json(const BasicJsonType& val)
+    {
+        using other_boolean_t = typename BasicJsonType::boolean_t;
+        using other_number_float_t = typename BasicJsonType::number_float_t;
+        using other_number_integer_t = typename BasicJsonType::number_integer_t;
+        using other_number_unsigned_t = typename BasicJsonType::number_unsigned_t;
+        using other_string_t = typename BasicJsonType::string_t;
+        using other_object_t = typename BasicJsonType::object_t;
+        using other_array_t = typename BasicJsonType::array_t;
+
+        switch (val.type())
+        {
+            case value_t::boolean:
+                JSONSerializer<other_boolean_t>::to_json(*this, val.template get<other_boolean_t>());
+                break;
+            case value_t::number_float:
+                JSONSerializer<other_number_float_t>::to_json(*this, val.template get<other_number_float_t>());
+                break;
+            case value_t::number_integer:
+                JSONSerializer<other_number_integer_t>::to_json(*this, val.template get<other_number_integer_t>());
+                break;
+            case value_t::number_unsigned:
+                JSONSerializer<other_number_unsigned_t>::to_json(*this, val.template get<other_number_unsigned_t>());
+                break;
+            case value_t::string:
+                JSONSerializer<other_string_t>::to_json(*this, val.template get_ref<const other_string_t&>());
+                break;
+            case value_t::object:
+                JSONSerializer<other_object_t>::to_json(*this, val.template get_ref<const other_object_t&>());
+                break;
+            case value_t::array:
+                JSONSerializer<other_array_t>::to_json(*this, val.template get_ref<const other_array_t&>());
+                break;
+            case value_t::null:
+                *this = nullptr;
+                break;
+            case value_t::discarded:
+                m_type = value_t::discarded;
+                break;
+        }
+        assert_invariant();
+    }
+
+    /*!
+    @brief create a container (array or object) from an initializer list
+
+    Creates a JSON value of type array or object from the passed initializer
+    list @a init. In case @a type_deduction is `true` (default), the type of
+    the JSON value to be created is deducted from the initializer list @a init
+    according to the following rules:
+
+    1. If the list is empty, an empty JSON object value `{}` is created.
+    2. If the list consists of pairs whose first element is a string, a JSON
+       object value is created where the first elements of the pairs are
+       treated as keys and the second elements are as values.
+    3. In all other cases, an array is created.
+
+    The rules aim to create the best fit between a C++ initializer list and
+    JSON values. The rationale is as follows:
+
+    1. The empty initializer list is written as `{}` which is exactly an empty
+       JSON object.
+    2. C++ has no way of describing mapped types other than to list a list of
+       pairs. As JSON requires that keys must be of type string, rule 2 is the
+       weakest constraint one can pose on initializer lists to interpret them
+       as an object.
+    3. In all other cases, the initializer list could not be interpreted as
+       JSON object type, so interpreting it as JSON array type is safe.
+
+    With the rules described above, the following JSON values cannot be
+    expressed by an initializer list:
+
+    - the empty array (`[]`): use @ref array(initializer_list_t)
+      with an empty initializer list in this case
+    - arrays whose elements satisfy rule 2: use @ref
+      array(initializer_list_t) with the same initializer list
+      in this case
+
+    @note When used without parentheses around an empty initializer list, @ref
+    basic_json() is called instead of this function, yielding the JSON null
+    value.
+
+    @param[in] init  initializer list with JSON values
+
+    @param[in] type_deduction internal parameter; when set to `true`, the type
+    of the JSON value is deducted from the initializer list @a init; when set
+    to `false`, the type provided via @a manual_type is forced. This mode is
+    used by the functions @ref array(initializer_list_t) and
+    @ref object(initializer_list_t).
+
+    @param[in] manual_type internal parameter; when @a type_deduction is set
+    to `false`, the created JSON value will use the provided type (only @ref
+    value_t::array and @ref value_t::object are valid); when @a type_deduction
+    is set to `true`, this parameter has no effect
+
+    @throw type_error.301 if @a type_deduction is `false`, @a manual_type is
+    `value_t::object`, but @a init contains an element which is not a pair
+    whose first element is a string. In this case, the constructor could not
+    create an object. If @a type_deduction would have be `true`, an array
+    would have been created. See @ref object(initializer_list_t)
+    for an example.
+
+    @complexity Linear in the size of the initializer list @a init.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @liveexample{The example below shows how JSON values are created from
+    initializer lists.,basic_json__list_init_t}
+
+    @sa @ref array(initializer_list_t) -- create a JSON array
+    value from an initializer list
+    @sa @ref object(initializer_list_t) -- create a JSON object
+    value from an initializer list
+
+    @since version 1.0.0
+    */
+    basic_json(initializer_list_t init,
+               bool type_deduction = true,
+               value_t manual_type = value_t::array)
+    {
+        // check if each element is an array with two elements whose first
+        // element is a string
+        bool is_an_object = std::all_of(init.begin(), init.end(),
+                                        [](const detail::json_ref<basic_json>& element_ref)
+        {
+            return (element_ref->is_array() and element_ref->size() == 2 and (*element_ref)[0].is_string());
+        });
+
+        // adjust type if type deduction is not wanted
+        if (not type_deduction)
+        {
+            // if array is wanted, do not create an object though possible
+            if (manual_type == value_t::array)
+            {
+                is_an_object = false;
+            }
+
+            // if object is wanted but impossible, throw an exception
+            if (JSON_UNLIKELY(manual_type == value_t::object and not is_an_object))
+            {
+                JSON_THROW(type_error::create(301, "cannot create object from initializer list"));
+            }
+        }
+
+        if (is_an_object)
+        {
+            // the initializer list is a list of pairs -> create object
+            m_type = value_t::object;
+            m_value = value_t::object;
+
+            std::for_each(init.begin(), init.end(), [this](const detail::json_ref<basic_json>& element_ref)
+            {
+                auto element = element_ref.moved_or_copied();
+                m_value.object->emplace(
+                    std::move(*((*element.m_value.array)[0].m_value.string)),
+                    std::move((*element.m_value.array)[1]));
+            });
+        }
+        else
+        {
+            // the initializer list describes an array -> create array
+            m_type = value_t::array;
+            m_value.array = create<array_t>(init.begin(), init.end());
+        }
+
+        assert_invariant();
+    }
+
+    /*!
+    @brief explicitly create an array from an initializer list
+
+    Creates a JSON array value from a given initializer list. That is, given a
+    list of values `a, b, c`, creates the JSON value `[a, b, c]`. If the
+    initializer list is empty, the empty array `[]` is created.
+
+    @note This function is only needed to express two edge cases that cannot
+    be realized with the initializer list constructor (@ref
+    basic_json(initializer_list_t, bool, value_t)). These cases
+    are:
+    1. creating an array whose elements are all pairs whose first element is a
+    string -- in this case, the initializer list constructor would create an
+    object, taking the first elements as keys
+    2. creating an empty array -- passing the empty initializer list to the
+    initializer list constructor yields an empty object
+
+    @param[in] init  initializer list with JSON values to create an array from
+    (optional)
+
+    @return JSON array value
+
+    @complexity Linear in the size of @a init.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @liveexample{The following code shows an example for the `array`
+    function.,array}
+
+    @sa @ref basic_json(initializer_list_t, bool, value_t) --
+    create a JSON value from an initializer list
+    @sa @ref object(initializer_list_t) -- create a JSON object
+    value from an initializer list
+
+    @since version 1.0.0
+    */
+    static basic_json array(initializer_list_t init = {})
+    {
+        return basic_json(init, false, value_t::array);
+    }
+
+    /*!
+    @brief explicitly create an object from an initializer list
+
+    Creates a JSON object value from a given initializer list. The initializer
+    lists elements must be pairs, and their first elements must be strings. If
+    the initializer list is empty, the empty object `{}` is created.
+
+    @note This function is only added for symmetry reasons. In contrast to the
+    related function @ref array(initializer_list_t), there are
+    no cases which can only be expressed by this function. That is, any
+    initializer list @a init can also be passed to the initializer list
+    constructor @ref basic_json(initializer_list_t, bool, value_t).
+
+    @param[in] init  initializer list to create an object from (optional)
+
+    @return JSON object value
+
+    @throw type_error.301 if @a init is not a list of pairs whose first
+    elements are strings. In this case, no object can be created. When such a
+    value is passed to @ref basic_json(initializer_list_t, bool, value_t),
+    an array would have been created from the passed initializer list @a init.
+    See example below.
+
+    @complexity Linear in the size of @a init.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @liveexample{The following code shows an example for the `object`
+    function.,object}
+
+    @sa @ref basic_json(initializer_list_t, bool, value_t) --
+    create a JSON value from an initializer list
+    @sa @ref array(initializer_list_t) -- create a JSON array
+    value from an initializer list
+
+    @since version 1.0.0
+    */
+    static basic_json object(initializer_list_t init = {})
+    {
+        return basic_json(init, false, value_t::object);
+    }
+
+    /*!
+    @brief construct an array with count copies of given value
+
+    Constructs a JSON array value by creating @a cnt copies of a passed value.
+    In case @a cnt is `0`, an empty array is created.
+
+    @param[in] cnt  the number of JSON copies of @a val to create
+    @param[in] val  the JSON value to copy
+
+    @post `std::distance(begin(),end()) == cnt` holds.
+
+    @complexity Linear in @a cnt.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @liveexample{The following code shows examples for the @ref
+    basic_json(size_type\, const basic_json&)
+    constructor.,basic_json__size_type_basic_json}
+
+    @since version 1.0.0
+    */
+    basic_json(size_type cnt, const basic_json& val)
+        : m_type(value_t::array)
+    {
+        m_value.array = create<array_t>(cnt, val);
+        assert_invariant();
+    }
+
+    /*!
+    @brief construct a JSON container given an iterator range
+
+    Constructs the JSON value with the contents of the range `[first, last)`.
+    The semantics depends on the different types a JSON value can have:
+    - In case of a null type, invalid_iterator.206 is thrown.
+    - In case of other primitive types (number, boolean, or string), @a first
+      must be `begin()` and @a last must be `end()`. In this case, the value is
+      copied. Otherwise, invalid_iterator.204 is thrown.
+    - In case of structured types (array, object), the constructor behaves as
+      similar versions for `std::vector` or `std::map`; that is, a JSON array
+      or object is constructed from the values in the range.
+
+    @tparam InputIT an input iterator type (@ref iterator or @ref
+    const_iterator)
+
+    @param[in] first begin of the range to copy from (included)
+    @param[in] last end of the range to copy from (excluded)
+
+    @pre Iterators @a first and @a last must be initialized. **This
+         precondition is enforced with an assertion (see warning).** If
+         assertions are switched off, a violation of this precondition yields
+         undefined behavior.
+
+    @pre Range `[first, last)` is valid. Usually, this precondition cannot be
+         checked efficiently. Only certain edge cases are detected; see the
+         description of the exceptions below. A violation of this precondition
+         yields undefined behavior.
+
+    @warning A precondition is enforced with a runtime assertion that will
+             result in calling `std::abort` if this precondition is not met.
+             Assertions can be disabled by defining `NDEBUG` at compile time.
+             See https://en.cppreference.com/w/cpp/error/assert for more
+             information.
+
+    @throw invalid_iterator.201 if iterators @a first and @a last are not
+    compatible (i.e., do not belong to the same JSON value). In this case,
+    the range `[first, last)` is undefined.
+    @throw invalid_iterator.204 if iterators @a first and @a last belong to a
+    primitive type (number, boolean, or string), but @a first does not point
+    to the first element any more. In this case, the range `[first, last)` is
+    undefined. See example code below.
+    @throw invalid_iterator.206 if iterators @a first and @a last belong to a
+    null value. In this case, the range `[first, last)` is undefined.
+
+    @complexity Linear in distance between @a first and @a last.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @liveexample{The example below shows several ways to create JSON values by
+    specifying a subrange with iterators.,basic_json__InputIt_InputIt}
+
+    @since version 1.0.0
+    */
+    template<class InputIT, typename std::enable_if<
+                 std::is_same<InputIT, typename basic_json_t::iterator>::value or
+                 std::is_same<InputIT, typename basic_json_t::const_iterator>::value, int>::type = 0>
+    basic_json(InputIT first, InputIT last)
+    {
+        assert(first.m_object != nullptr);
+        assert(last.m_object != nullptr);
+
+        // make sure iterator fits the current value
+        if (JSON_UNLIKELY(first.m_object != last.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(201, "iterators are not compatible"));
+        }
+
+        // copy type from first iterator
+        m_type = first.m_object->m_type;
+
+        // check if iterator range is complete for primitive values
+        switch (m_type)
+        {
+            case value_t::boolean:
+            case value_t::number_float:
+            case value_t::number_integer:
+            case value_t::number_unsigned:
+            case value_t::string:
+            {
+                if (JSON_UNLIKELY(not first.m_it.primitive_iterator.is_begin()
+                                  or not last.m_it.primitive_iterator.is_end()))
+                {
+                    JSON_THROW(invalid_iterator::create(204, "iterators out of range"));
+                }
+                break;
+            }
+
+            default:
+                break;
+        }
+
+        switch (m_type)
+        {
+            case value_t::number_integer:
+            {
+                m_value.number_integer = first.m_object->m_value.number_integer;
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                m_value.number_unsigned = first.m_object->m_value.number_unsigned;
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                m_value.number_float = first.m_object->m_value.number_float;
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                m_value.boolean = first.m_object->m_value.boolean;
+                break;
+            }
+
+            case value_t::string:
+            {
+                m_value = *first.m_object->m_value.string;
+                break;
+            }
+
+            case value_t::object:
+            {
+                m_value.object = create<object_t>(first.m_it.object_iterator,
+                                                  last.m_it.object_iterator);
+                break;
+            }
+
+            case value_t::array:
+            {
+                m_value.array = create<array_t>(first.m_it.array_iterator,
+                                                last.m_it.array_iterator);
+                break;
+            }
+
+            default:
+                JSON_THROW(invalid_iterator::create(206, "cannot construct with iterators from " +
+                                                    std::string(first.m_object->type_name())));
+        }
+
+        assert_invariant();
+    }
+
+
+    ///////////////////////////////////////
+    // other constructors and destructor //
+    ///////////////////////////////////////
+
+    /// @private
+    basic_json(const detail::json_ref<basic_json>& ref)
+        : basic_json(ref.moved_or_copied())
+    {}
+
+    /*!
+    @brief copy constructor
+
+    Creates a copy of a given JSON value.
+
+    @param[in] other  the JSON value to copy
+
+    @post `*this == other`
+
+    @complexity Linear in the size of @a other.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes to any JSON value.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is linear.
+    - As postcondition, it holds: `other == basic_json(other)`.
+
+    @liveexample{The following code shows an example for the copy
+    constructor.,basic_json__basic_json}
+
+    @since version 1.0.0
+    */
+    basic_json(const basic_json& other)
+        : m_type(other.m_type)
+    {
+        // check of passed value is valid
+        other.assert_invariant();
+
+        switch (m_type)
+        {
+            case value_t::object:
+            {
+                m_value = *other.m_value.object;
+                break;
+            }
+
+            case value_t::array:
+            {
+                m_value = *other.m_value.array;
+                break;
+            }
+
+            case value_t::string:
+            {
+                m_value = *other.m_value.string;
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                m_value = other.m_value.boolean;
+                break;
+            }
+
+            case value_t::number_integer:
+            {
+                m_value = other.m_value.number_integer;
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                m_value = other.m_value.number_unsigned;
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                m_value = other.m_value.number_float;
+                break;
+            }
+
+            default:
+                break;
+        }
+
+        assert_invariant();
+    }
+
+    /*!
+    @brief move constructor
+
+    Move constructor. Constructs a JSON value with the contents of the given
+    value @a other using move semantics. It "steals" the resources from @a
+    other and leaves it as JSON null value.
+
+    @param[in,out] other  value to move to this object
+
+    @post `*this` has the same value as @a other before the call.
+    @post @a other is a JSON null value.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this constructor never throws
+    exceptions.
+
+    @requirement This function helps `basic_json` satisfying the
+    [MoveConstructible](https://en.cppreference.com/w/cpp/named_req/MoveConstructible)
+    requirements.
+
+    @liveexample{The code below shows the move constructor explicitly called
+    via std::move.,basic_json__moveconstructor}
+
+    @since version 1.0.0
+    */
+    basic_json(basic_json&& other) noexcept
+        : m_type(std::move(other.m_type)),
+          m_value(std::move(other.m_value))
+    {
+        // check that passed value is valid
+        other.assert_invariant();
+
+        // invalidate payload
+        other.m_type = value_t::null;
+        other.m_value = {};
+
+        assert_invariant();
+    }
+
+    /*!
+    @brief copy assignment
+
+    Copy assignment operator. Copies a JSON value via the "copy and swap"
+    strategy: It is expressed in terms of the copy constructor, destructor,
+    and the `swap()` member function.
+
+    @param[in] other  value to copy from
+
+    @complexity Linear.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is linear.
+
+    @liveexample{The code below shows and example for the copy assignment. It
+    creates a copy of value `a` which is then swapped with `b`. Finally\, the
+    copy of `a` (which is the null value after the swap) is
+    destroyed.,basic_json__copyassignment}
+
+    @since version 1.0.0
+    */
+    basic_json& operator=(basic_json other) noexcept (
+        std::is_nothrow_move_constructible<value_t>::value and
+        std::is_nothrow_move_assignable<value_t>::value and
+        std::is_nothrow_move_constructible<json_value>::value and
+        std::is_nothrow_move_assignable<json_value>::value
+    )
+    {
+        // check that passed value is valid
+        other.assert_invariant();
+
+        using std::swap;
+        swap(m_type, other.m_type);
+        swap(m_value, other.m_value);
+
+        assert_invariant();
+        return *this;
+    }
+
+    /*!
+    @brief destructor
+
+    Destroys the JSON value and frees all allocated memory.
+
+    @complexity Linear.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is linear.
+    - All stored elements are destroyed and all memory is freed.
+
+    @since version 1.0.0
+    */
+    ~basic_json() noexcept
+    {
+        assert_invariant();
+        m_value.destroy(m_type);
+    }
+
+    /// @}
+
+  public:
+    ///////////////////////
+    // object inspection //
+    ///////////////////////
+
+    /// @name object inspection
+    /// Functions to inspect the type of a JSON value.
+    /// @{
+
+    /*!
+    @brief serialization
+
+    Serialization function for JSON values. The function tries to mimic
+    Python's `json.dumps()` function, and currently supports its @a indent
+    and @a ensure_ascii parameters.
+
+    @param[in] indent If indent is nonnegative, then array elements and object
+    members will be pretty-printed with that indent level. An indent level of
+    `0` will only insert newlines. `-1` (the default) selects the most compact
+    representation.
+    @param[in] indent_char The character to use for indentation if @a indent is
+    greater than `0`. The default is ` ` (space).
+    @param[in] ensure_ascii If @a ensure_ascii is true, all non-ASCII characters
+    in the output are escaped with `\uXXXX` sequences, and the result consists
+    of ASCII characters only.
+    @param[in] error_handler  how to react on decoding errors; there are three
+    possible values: `strict` (throws and exception in case a decoding error
+    occurs; default), `replace` (replace invalid UTF-8 sequences with U+FFFD),
+    and `ignore` (ignore invalid UTF-8 sequences during serialization).
+
+    @return string containing the serialization of the JSON value
+
+    @throw type_error.316 if a string stored inside the JSON value is not
+                          UTF-8 encoded
+
+    @complexity Linear.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @liveexample{The following example shows the effect of different @a indent\,
+    @a indent_char\, and @a ensure_ascii parameters to the result of the
+    serialization.,dump}
+
+    @see https://docs.python.org/2/library/json.html#json.dump
+
+    @since version 1.0.0; indentation character @a indent_char, option
+           @a ensure_ascii and exceptions added in version 3.0.0; error
+           handlers added in version 3.4.0.
+    */
+    string_t dump(const int indent = -1,
+                  const char indent_char = ' ',
+                  const bool ensure_ascii = false,
+                  const error_handler_t error_handler = error_handler_t::strict) const
+    {
+        string_t result;
+        serializer s(detail::output_adapter<char, string_t>(result), indent_char, error_handler);
+
+        if (indent >= 0)
+        {
+            s.dump(*this, true, ensure_ascii, static_cast<unsigned int>(indent));
+        }
+        else
+        {
+            s.dump(*this, false, ensure_ascii, 0);
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief return the type of the JSON value (explicit)
+
+    Return the type of the JSON value as a value from the @ref value_t
+    enumeration.
+
+    @return the type of the JSON value
+            Value type                | return value
+            ------------------------- | -------------------------
+            null                      | value_t::null
+            boolean                   | value_t::boolean
+            string                    | value_t::string
+            number (integer)          | value_t::number_integer
+            number (unsigned integer) | value_t::number_unsigned
+            number (floating-point)   | value_t::number_float
+            object                    | value_t::object
+            array                     | value_t::array
+            discarded                 | value_t::discarded
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `type()` for all JSON
+    types.,type}
+
+    @sa @ref operator value_t() -- return the type of the JSON value (implicit)
+    @sa @ref type_name() -- return the type as string
+
+    @since version 1.0.0
+    */
+    constexpr value_t type() const noexcept
+    {
+        return m_type;
+    }
+
+    /*!
+    @brief return whether type is primitive
+
+    This function returns true if and only if the JSON type is primitive
+    (string, number, boolean, or null).
+
+    @return `true` if type is primitive (string, number, boolean, or null),
+    `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_primitive()` for all JSON
+    types.,is_primitive}
+
+    @sa @ref is_structured() -- returns whether JSON value is structured
+    @sa @ref is_null() -- returns whether JSON value is `null`
+    @sa @ref is_string() -- returns whether JSON value is a string
+    @sa @ref is_boolean() -- returns whether JSON value is a boolean
+    @sa @ref is_number() -- returns whether JSON value is a number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_primitive() const noexcept
+    {
+        return is_null() or is_string() or is_boolean() or is_number();
+    }
+
+    /*!
+    @brief return whether type is structured
+
+    This function returns true if and only if the JSON type is structured
+    (array or object).
+
+    @return `true` if type is structured (array or object), `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_structured()` for all JSON
+    types.,is_structured}
+
+    @sa @ref is_primitive() -- returns whether value is primitive
+    @sa @ref is_array() -- returns whether value is an array
+    @sa @ref is_object() -- returns whether value is an object
+
+    @since version 1.0.0
+    */
+    constexpr bool is_structured() const noexcept
+    {
+        return is_array() or is_object();
+    }
+
+    /*!
+    @brief return whether value is null
+
+    This function returns true if and only if the JSON value is null.
+
+    @return `true` if type is null, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_null()` for all JSON
+    types.,is_null}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_null() const noexcept
+    {
+        return (m_type == value_t::null);
+    }
+
+    /*!
+    @brief return whether value is a boolean
+
+    This function returns true if and only if the JSON value is a boolean.
+
+    @return `true` if type is boolean, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_boolean()` for all JSON
+    types.,is_boolean}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_boolean() const noexcept
+    {
+        return (m_type == value_t::boolean);
+    }
+
+    /*!
+    @brief return whether value is a number
+
+    This function returns true if and only if the JSON value is a number. This
+    includes both integer (signed and unsigned) and floating-point values.
+
+    @return `true` if type is number (regardless whether integer, unsigned
+    integer or floating-type), `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number()` for all JSON
+    types.,is_number}
+
+    @sa @ref is_number_integer() -- check if value is an integer or unsigned
+    integer number
+    @sa @ref is_number_unsigned() -- check if value is an unsigned integer
+    number
+    @sa @ref is_number_float() -- check if value is a floating-point number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_number() const noexcept
+    {
+        return is_number_integer() or is_number_float();
+    }
+
+    /*!
+    @brief return whether value is an integer number
+
+    This function returns true if and only if the JSON value is a signed or
+    unsigned integer number. This excludes floating-point values.
+
+    @return `true` if type is an integer or unsigned integer number, `false`
+    otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number_integer()` for all
+    JSON types.,is_number_integer}
+
+    @sa @ref is_number() -- check if value is a number
+    @sa @ref is_number_unsigned() -- check if value is an unsigned integer
+    number
+    @sa @ref is_number_float() -- check if value is a floating-point number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_number_integer() const noexcept
+    {
+        return (m_type == value_t::number_integer or m_type == value_t::number_unsigned);
+    }
+
+    /*!
+    @brief return whether value is an unsigned integer number
+
+    This function returns true if and only if the JSON value is an unsigned
+    integer number. This excludes floating-point and signed integer values.
+
+    @return `true` if type is an unsigned integer number, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number_unsigned()` for all
+    JSON types.,is_number_unsigned}
+
+    @sa @ref is_number() -- check if value is a number
+    @sa @ref is_number_integer() -- check if value is an integer or unsigned
+    integer number
+    @sa @ref is_number_float() -- check if value is a floating-point number
+
+    @since version 2.0.0
+    */
+    constexpr bool is_number_unsigned() const noexcept
+    {
+        return (m_type == value_t::number_unsigned);
+    }
+
+    /*!
+    @brief return whether value is a floating-point number
+
+    This function returns true if and only if the JSON value is a
+    floating-point number. This excludes signed and unsigned integer values.
+
+    @return `true` if type is a floating-point number, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number_float()` for all
+    JSON types.,is_number_float}
+
+    @sa @ref is_number() -- check if value is number
+    @sa @ref is_number_integer() -- check if value is an integer number
+    @sa @ref is_number_unsigned() -- check if value is an unsigned integer
+    number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_number_float() const noexcept
+    {
+        return (m_type == value_t::number_float);
+    }
+
+    /*!
+    @brief return whether value is an object
+
+    This function returns true if and only if the JSON value is an object.
+
+    @return `true` if type is object, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_object()` for all JSON
+    types.,is_object}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_object() const noexcept
+    {
+        return (m_type == value_t::object);
+    }
+
+    /*!
+    @brief return whether value is an array
+
+    This function returns true if and only if the JSON value is an array.
+
+    @return `true` if type is array, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_array()` for all JSON
+    types.,is_array}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_array() const noexcept
+    {
+        return (m_type == value_t::array);
+    }
+
+    /*!
+    @brief return whether value is a string
+
+    This function returns true if and only if the JSON value is a string.
+
+    @return `true` if type is string, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_string()` for all JSON
+    types.,is_string}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_string() const noexcept
+    {
+        return (m_type == value_t::string);
+    }
+
+    /*!
+    @brief return whether value is discarded
+
+    This function returns true if and only if the JSON value was discarded
+    during parsing with a callback function (see @ref parser_callback_t).
+
+    @note This function will always be `false` for JSON values after parsing.
+    That is, discarded values can only occur during parsing, but will be
+    removed when inside a structured value or replaced by null in other cases.
+
+    @return `true` if type is discarded, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_discarded()` for all JSON
+    types.,is_discarded}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_discarded() const noexcept
+    {
+        return (m_type == value_t::discarded);
+    }
+
+    /*!
+    @brief return the type of the JSON value (implicit)
+
+    Implicitly return the type of the JSON value as a value from the @ref
+    value_t enumeration.
+
+    @return the type of the JSON value
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies the @ref value_t operator for
+    all JSON types.,operator__value_t}
+
+    @sa @ref type() -- return the type of the JSON value (explicit)
+    @sa @ref type_name() -- return the type as string
+
+    @since version 1.0.0
+    */
+    constexpr operator value_t() const noexcept
+    {
+        return m_type;
+    }
+
+    /// @}
+
+  private:
+    //////////////////
+    // value access //
+    //////////////////
+
+    /// get a boolean (explicit)
+    boolean_t get_impl(boolean_t* /*unused*/) const
+    {
+        if (JSON_LIKELY(is_boolean()))
+        {
+            return m_value.boolean;
+        }
+
+        JSON_THROW(type_error::create(302, "type must be boolean, but is " + std::string(type_name())));
+    }
+
+    /// get a pointer to the value (object)
+    object_t* get_impl_ptr(object_t* /*unused*/) noexcept
+    {
+        return is_object() ? m_value.object : nullptr;
+    }
+
+    /// get a pointer to the value (object)
+    constexpr const object_t* get_impl_ptr(const object_t* /*unused*/) const noexcept
+    {
+        return is_object() ? m_value.object : nullptr;
+    }
+
+    /// get a pointer to the value (array)
+    array_t* get_impl_ptr(array_t* /*unused*/) noexcept
+    {
+        return is_array() ? m_value.array : nullptr;
+    }
+
+    /// get a pointer to the value (array)
+    constexpr const array_t* get_impl_ptr(const array_t* /*unused*/) const noexcept
+    {
+        return is_array() ? m_value.array : nullptr;
+    }
+
+    /// get a pointer to the value (string)
+    string_t* get_impl_ptr(string_t* /*unused*/) noexcept
+    {
+        return is_string() ? m_value.string : nullptr;
+    }
+
+    /// get a pointer to the value (string)
+    constexpr const string_t* get_impl_ptr(const string_t* /*unused*/) const noexcept
+    {
+        return is_string() ? m_value.string : nullptr;
+    }
+
+    /// get a pointer to the value (boolean)
+    boolean_t* get_impl_ptr(boolean_t* /*unused*/) noexcept
+    {
+        return is_boolean() ? &m_value.boolean : nullptr;
+    }
+
+    /// get a pointer to the value (boolean)
+    constexpr const boolean_t* get_impl_ptr(const boolean_t* /*unused*/) const noexcept
+    {
+        return is_boolean() ? &m_value.boolean : nullptr;
+    }
+
+    /// get a pointer to the value (integer number)
+    number_integer_t* get_impl_ptr(number_integer_t* /*unused*/) noexcept
+    {
+        return is_number_integer() ? &m_value.number_integer : nullptr;
+    }
+
+    /// get a pointer to the value (integer number)
+    constexpr const number_integer_t* get_impl_ptr(const number_integer_t* /*unused*/) const noexcept
+    {
+        return is_number_integer() ? &m_value.number_integer : nullptr;
+    }
+
+    /// get a pointer to the value (unsigned number)
+    number_unsigned_t* get_impl_ptr(number_unsigned_t* /*unused*/) noexcept
+    {
+        return is_number_unsigned() ? &m_value.number_unsigned : nullptr;
+    }
+
+    /// get a pointer to the value (unsigned number)
+    constexpr const number_unsigned_t* get_impl_ptr(const number_unsigned_t* /*unused*/) const noexcept
+    {
+        return is_number_unsigned() ? &m_value.number_unsigned : nullptr;
+    }
+
+    /// get a pointer to the value (floating-point number)
+    number_float_t* get_impl_ptr(number_float_t* /*unused*/) noexcept
+    {
+        return is_number_float() ? &m_value.number_float : nullptr;
+    }
+
+    /// get a pointer to the value (floating-point number)
+    constexpr const number_float_t* get_impl_ptr(const number_float_t* /*unused*/) const noexcept
+    {
+        return is_number_float() ? &m_value.number_float : nullptr;
+    }
+
+    /*!
+    @brief helper function to implement get_ref()
+
+    This function helps to implement get_ref() without code duplication for
+    const and non-const overloads
+
+    @tparam ThisType will be deduced as `basic_json` or `const basic_json`
+
+    @throw type_error.303 if ReferenceType does not match underlying value
+    type of the current JSON
+    */
+    template<typename ReferenceType, typename ThisType>
+    static ReferenceType get_ref_impl(ThisType& obj)
+    {
+        // delegate the call to get_ptr<>()
+        auto ptr = obj.template get_ptr<typename std::add_pointer<ReferenceType>::type>();
+
+        if (JSON_LIKELY(ptr != nullptr))
+        {
+            return *ptr;
+        }
+
+        JSON_THROW(type_error::create(303, "incompatible ReferenceType for get_ref, actual type is " + std::string(obj.type_name())));
+    }
+
+  public:
+    /// @name value access
+    /// Direct access to the stored value of a JSON value.
+    /// @{
+
+    /*!
+    @brief get special-case overload
+
+    This overloads avoids a lot of template boilerplate, it can be seen as the
+    identity method
+
+    @tparam BasicJsonType == @ref basic_json
+
+    @return a copy of *this
+
+    @complexity Constant.
+
+    @since version 2.1.0
+    */
+    template<typename BasicJsonType, detail::enable_if_t<
+                 std::is_same<typename std::remove_const<BasicJsonType>::type, basic_json_t>::value,
+                 int> = 0>
+    basic_json get() const
+    {
+        return *this;
+    }
+
+    /*!
+    @brief get special-case overload
+
+    This overloads converts the current @ref basic_json in a different
+    @ref basic_json type
+
+    @tparam BasicJsonType == @ref basic_json
+
+    @return a copy of *this, converted into @tparam BasicJsonType
+
+    @complexity Depending on the implementation of the called `from_json()`
+                method.
+
+    @since version 3.2.0
+    */
+    template<typename BasicJsonType, detail::enable_if_t<
+                 not std::is_same<BasicJsonType, basic_json>::value and
+                 detail::is_basic_json<BasicJsonType>::value, int> = 0>
+    BasicJsonType get() const
+    {
+        return *this;
+    }
+
+    /*!
+    @brief get a value (explicit)
+
+    Explicit type conversion between the JSON value and a compatible value
+    which is [CopyConstructible](https://en.cppreference.com/w/cpp/named_req/CopyConstructible)
+    and [DefaultConstructible](https://en.cppreference.com/w/cpp/named_req/DefaultConstructible).
+    The value is converted by calling the @ref json_serializer<ValueType>
+    `from_json()` method.
+
+    The function is equivalent to executing
+    @code {.cpp}
+    ValueType ret;
+    JSONSerializer<ValueType>::from_json(*this, ret);
+    return ret;
+    @endcode
+
+    This overloads is chosen if:
+    - @a ValueType is not @ref basic_json,
+    - @ref json_serializer<ValueType> has a `from_json()` method of the form
+      `void from_json(const basic_json&, ValueType&)`, and
+    - @ref json_serializer<ValueType> does not have a `from_json()` method of
+      the form `ValueType from_json(const basic_json&)`
+
+    @tparam ValueTypeCV the provided value type
+    @tparam ValueType the returned value type
+
+    @return copy of the JSON value, converted to @a ValueType
+
+    @throw what @ref json_serializer<ValueType> `from_json()` method throws
+
+    @liveexample{The example below shows several conversions from JSON values
+    to other types. There a few things to note: (1) Floating-point numbers can
+    be converted to integers\, (2) A JSON array can be converted to a standard
+    `std::vector<short>`\, (3) A JSON object can be converted to C++
+    associative containers such as `std::unordered_map<std::string\,
+    json>`.,get__ValueType_const}
+
+    @since version 2.1.0
+    */
+    template<typename ValueTypeCV, typename ValueType = detail::uncvref_t<ValueTypeCV>,
+             detail::enable_if_t <
+                 not detail::is_basic_json<ValueType>::value and
+                 detail::has_from_json<basic_json_t, ValueType>::value and
+                 not detail::has_non_default_from_json<basic_json_t, ValueType>::value,
+                 int> = 0>
+    ValueType get() const noexcept(noexcept(
+                                       JSONSerializer<ValueType>::from_json(std::declval<const basic_json_t&>(), std::declval<ValueType&>())))
+    {
+        // we cannot static_assert on ValueTypeCV being non-const, because
+        // there is support for get<const basic_json_t>(), which is why we
+        // still need the uncvref
+        static_assert(not std::is_reference<ValueTypeCV>::value,
+                      "get() cannot be used with reference types, you might want to use get_ref()");
+        static_assert(std::is_default_constructible<ValueType>::value,
+                      "types must be DefaultConstructible when used with get()");
+
+        ValueType ret;
+        JSONSerializer<ValueType>::from_json(*this, ret);
+        return ret;
+    }
+
+    /*!
+    @brief get a value (explicit); special case
+
+    Explicit type conversion between the JSON value and a compatible value
+    which is **not** [CopyConstructible](https://en.cppreference.com/w/cpp/named_req/CopyConstructible)
+    and **not** [DefaultConstructible](https://en.cppreference.com/w/cpp/named_req/DefaultConstructible).
+    The value is converted by calling the @ref json_serializer<ValueType>
+    `from_json()` method.
+
+    The function is equivalent to executing
+    @code {.cpp}
+    return JSONSerializer<ValueTypeCV>::from_json(*this);
+    @endcode
+
+    This overloads is chosen if:
+    - @a ValueType is not @ref basic_json and
+    - @ref json_serializer<ValueType> has a `from_json()` method of the form
+      `ValueType from_json(const basic_json&)`
+
+    @note If @ref json_serializer<ValueType> has both overloads of
+    `from_json()`, this one is chosen.
+
+    @tparam ValueTypeCV the provided value type
+    @tparam ValueType the returned value type
+
+    @return copy of the JSON value, converted to @a ValueType
+
+    @throw what @ref json_serializer<ValueType> `from_json()` method throws
+
+    @since version 2.1.0
+    */
+    template<typename ValueTypeCV, typename ValueType = detail::uncvref_t<ValueTypeCV>,
+             detail::enable_if_t<not std::is_same<basic_json_t, ValueType>::value and
+                                 detail::has_non_default_from_json<basic_json_t, ValueType>::value,
+                                 int> = 0>
+    ValueType get() const noexcept(noexcept(
+                                       JSONSerializer<ValueTypeCV>::from_json(std::declval<const basic_json_t&>())))
+    {
+        static_assert(not std::is_reference<ValueTypeCV>::value,
+                      "get() cannot be used with reference types, you might want to use get_ref()");
+        return JSONSerializer<ValueTypeCV>::from_json(*this);
+    }
+
+    /*!
+    @brief get a value (explicit)
+
+    Explicit type conversion between the JSON value and a compatible value.
+    The value is filled into the input parameter by calling the @ref json_serializer<ValueType>
+    `from_json()` method.
+
+    The function is equivalent to executing
+    @code {.cpp}
+    ValueType v;
+    JSONSerializer<ValueType>::from_json(*this, v);
+    @endcode
+
+    This overloads is chosen if:
+    - @a ValueType is not @ref basic_json,
+    - @ref json_serializer<ValueType> has a `from_json()` method of the form
+      `void from_json(const basic_json&, ValueType&)`, and
+
+    @tparam ValueType the input parameter type.
+
+    @return the input parameter, allowing chaining calls.
+
+    @throw what @ref json_serializer<ValueType> `from_json()` method throws
+
+    @liveexample{The example below shows several conversions from JSON values
+    to other types. There a few things to note: (1) Floating-point numbers can
+    be converted to integers\, (2) A JSON array can be converted to a standard
+    `std::vector<short>`\, (3) A JSON object can be converted to C++
+    associative containers such as `std::unordered_map<std::string\,
+    json>`.,get_to}
+
+    @since version 3.3.0
+    */
+    template<typename ValueType,
+             detail::enable_if_t <
+                 not detail::is_basic_json<ValueType>::value and
+                 detail::has_from_json<basic_json_t, ValueType>::value,
+                 int> = 0>
+    ValueType & get_to(ValueType& v) const noexcept(noexcept(
+                JSONSerializer<ValueType>::from_json(std::declval<const basic_json_t&>(), v)))
+    {
+        JSONSerializer<ValueType>::from_json(*this, v);
+        return v;
+    }
+
+
+    /*!
+    @brief get a pointer value (implicit)
+
+    Implicit pointer access to the internally stored JSON value. No copies are
+    made.
+
+    @warning Writing data to the pointee of the result yields an undefined
+    state.
+
+    @tparam PointerType pointer type; must be a pointer to @ref array_t, @ref
+    object_t, @ref string_t, @ref boolean_t, @ref number_integer_t,
+    @ref number_unsigned_t, or @ref number_float_t. Enforced by a static
+    assertion.
+
+    @return pointer to the internally stored JSON value if the requested
+    pointer type @a PointerType fits to the JSON value; `nullptr` otherwise
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how pointers to internal values of a
+    JSON value can be requested. Note that no type conversions are made and a
+    `nullptr` is returned if the value and the requested pointer type does not
+    match.,get_ptr}
+
+    @since version 1.0.0
+    */
+    template<typename PointerType, typename std::enable_if<
+                 std::is_pointer<PointerType>::value, int>::type = 0>
+    auto get_ptr() noexcept -> decltype(std::declval<basic_json_t&>().get_impl_ptr(std::declval<PointerType>()))
+    {
+        // delegate the call to get_impl_ptr<>()
+        return get_impl_ptr(static_cast<PointerType>(nullptr));
+    }
+
+    /*!
+    @brief get a pointer value (implicit)
+    @copydoc get_ptr()
+    */
+    template<typename PointerType, typename std::enable_if<
+                 std::is_pointer<PointerType>::value and
+                 std::is_const<typename std::remove_pointer<PointerType>::type>::value, int>::type = 0>
+    constexpr auto get_ptr() const noexcept -> decltype(std::declval<const basic_json_t&>().get_impl_ptr(std::declval<PointerType>()))
+    {
+        // delegate the call to get_impl_ptr<>() const
+        return get_impl_ptr(static_cast<PointerType>(nullptr));
+    }
+
+    /*!
+    @brief get a pointer value (explicit)
+
+    Explicit pointer access to the internally stored JSON value. No copies are
+    made.
+
+    @warning The pointer becomes invalid if the underlying JSON object
+    changes.
+
+    @tparam PointerType pointer type; must be a pointer to @ref array_t, @ref
+    object_t, @ref string_t, @ref boolean_t, @ref number_integer_t,
+    @ref number_unsigned_t, or @ref number_float_t.
+
+    @return pointer to the internally stored JSON value if the requested
+    pointer type @a PointerType fits to the JSON value; `nullptr` otherwise
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how pointers to internal values of a
+    JSON value can be requested. Note that no type conversions are made and a
+    `nullptr` is returned if the value and the requested pointer type does not
+    match.,get__PointerType}
+
+    @sa @ref get_ptr() for explicit pointer-member access
+
+    @since version 1.0.0
+    */
+    template<typename PointerType, typename std::enable_if<
+                 std::is_pointer<PointerType>::value, int>::type = 0>
+    auto get() noexcept -> decltype(std::declval<basic_json_t&>().template get_ptr<PointerType>())
+    {
+        // delegate the call to get_ptr
+        return get_ptr<PointerType>();
+    }
+
+    /*!
+    @brief get a pointer value (explicit)
+    @copydoc get()
+    */
+    template<typename PointerType, typename std::enable_if<
+                 std::is_pointer<PointerType>::value, int>::type = 0>
+    constexpr auto get() const noexcept -> decltype(std::declval<const basic_json_t&>().template get_ptr<PointerType>())
+    {
+        // delegate the call to get_ptr
+        return get_ptr<PointerType>();
+    }
+
+    /*!
+    @brief get a reference value (implicit)
+
+    Implicit reference access to the internally stored JSON value. No copies
+    are made.
+
+    @warning Writing data to the referee of the result yields an undefined
+    state.
+
+    @tparam ReferenceType reference type; must be a reference to @ref array_t,
+    @ref object_t, @ref string_t, @ref boolean_t, @ref number_integer_t, or
+    @ref number_float_t. Enforced by static assertion.
+
+    @return reference to the internally stored JSON value if the requested
+    reference type @a ReferenceType fits to the JSON value; throws
+    type_error.303 otherwise
+
+    @throw type_error.303 in case passed type @a ReferenceType is incompatible
+    with the stored JSON value; see example below
+
+    @complexity Constant.
+
+    @liveexample{The example shows several calls to `get_ref()`.,get_ref}
+
+    @since version 1.1.0
+    */
+    template<typename ReferenceType, typename std::enable_if<
+                 std::is_reference<ReferenceType>::value, int>::type = 0>
+    ReferenceType get_ref()
+    {
+        // delegate call to get_ref_impl
+        return get_ref_impl<ReferenceType>(*this);
+    }
+
+    /*!
+    @brief get a reference value (implicit)
+    @copydoc get_ref()
+    */
+    template<typename ReferenceType, typename std::enable_if<
+                 std::is_reference<ReferenceType>::value and
+                 std::is_const<typename std::remove_reference<ReferenceType>::type>::value, int>::type = 0>
+    ReferenceType get_ref() const
+    {
+        // delegate call to get_ref_impl
+        return get_ref_impl<ReferenceType>(*this);
+    }
+
+    /*!
+    @brief get a value (implicit)
+
+    Implicit type conversion between the JSON value and a compatible value.
+    The call is realized by calling @ref get() const.
+
+    @tparam ValueType non-pointer type compatible to the JSON value, for
+    instance `int` for JSON integer numbers, `bool` for JSON booleans, or
+    `std::vector` types for JSON arrays. The character type of @ref string_t
+    as well as an initializer list of this type is excluded to avoid
+    ambiguities as these types implicitly convert to `std::string`.
+
+    @return copy of the JSON value, converted to type @a ValueType
+
+    @throw type_error.302 in case passed type @a ValueType is incompatible
+    to the JSON value type (e.g., the JSON value is of type boolean, but a
+    string is requested); see example below
+
+    @complexity Linear in the size of the JSON value.
+
+    @liveexample{The example below shows several conversions from JSON values
+    to other types. There a few things to note: (1) Floating-point numbers can
+    be converted to integers\, (2) A JSON array can be converted to a standard
+    `std::vector<short>`\, (3) A JSON object can be converted to C++
+    associative containers such as `std::unordered_map<std::string\,
+    json>`.,operator__ValueType}
+
+    @since version 1.0.0
+    */
+    template < typename ValueType, typename std::enable_if <
+                   not std::is_pointer<ValueType>::value and
+                   not std::is_same<ValueType, detail::json_ref<basic_json>>::value and
+                   not std::is_same<ValueType, typename string_t::value_type>::value and
+                   not detail::is_basic_json<ValueType>::value
+
+#ifndef _MSC_VER  // fix for issue #167 operator<< ambiguity under VS2015
+                   and not std::is_same<ValueType, std::initializer_list<typename string_t::value_type>>::value
+#if defined(JSON_HAS_CPP_17) && defined(_MSC_VER) and _MSC_VER <= 1914
+                   and not std::is_same<ValueType, typename std::string_view>::value
+#endif
+#endif
+                   and detail::is_detected<detail::get_template_function, const basic_json_t&, ValueType>::value
+                   , int >::type = 0 >
+    operator ValueType() const
+    {
+        // delegate the call to get<>() const
+        return get<ValueType>();
+    }
+
+    /// @}
+
+
+    ////////////////////
+    // element access //
+    ////////////////////
+
+    /// @name element access
+    /// Access to the JSON value.
+    /// @{
+
+    /*!
+    @brief access specified array element with bounds checking
+
+    Returns a reference to the element at specified location @a idx, with
+    bounds checking.
+
+    @param[in] idx  index of the element to access
+
+    @return reference to the element at index @a idx
+
+    @throw type_error.304 if the JSON value is not an array; in this case,
+    calling `at` with an index makes no sense. See example below.
+    @throw out_of_range.401 if the index @a idx is out of range of the array;
+    that is, `idx >= size()`. See example below.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Constant.
+
+    @since version 1.0.0
+
+    @liveexample{The example below shows how array elements can be read and
+    written using `at()`. It also demonstrates the different exceptions that
+    can be thrown.,at__size_type}
+    */
+    reference at(size_type idx)
+    {
+        // at only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            JSON_TRY
+            {
+                return m_value.array->at(idx);
+            }
+            JSON_CATCH (std::out_of_range&)
+            {
+                // create better exception explanation
+                JSON_THROW(out_of_range::create(401, "array index " + std::to_string(idx) + " is out of range"));
+            }
+        }
+        else
+        {
+            JSON_THROW(type_error::create(304, "cannot use at() with " + std::string(type_name())));
+        }
+    }
+
+    /*!
+    @brief access specified array element with bounds checking
+
+    Returns a const reference to the element at specified location @a idx,
+    with bounds checking.
+
+    @param[in] idx  index of the element to access
+
+    @return const reference to the element at index @a idx
+
+    @throw type_error.304 if the JSON value is not an array; in this case,
+    calling `at` with an index makes no sense. See example below.
+    @throw out_of_range.401 if the index @a idx is out of range of the array;
+    that is, `idx >= size()`. See example below.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Constant.
+
+    @since version 1.0.0
+
+    @liveexample{The example below shows how array elements can be read using
+    `at()`. It also demonstrates the different exceptions that can be thrown.,
+    at__size_type_const}
+    */
+    const_reference at(size_type idx) const
+    {
+        // at only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            JSON_TRY
+            {
+                return m_value.array->at(idx);
+            }
+            JSON_CATCH (std::out_of_range&)
+            {
+                // create better exception explanation
+                JSON_THROW(out_of_range::create(401, "array index " + std::to_string(idx) + " is out of range"));
+            }
+        }
+        else
+        {
+            JSON_THROW(type_error::create(304, "cannot use at() with " + std::string(type_name())));
+        }
+    }
+
+    /*!
+    @brief access specified object element with bounds checking
+
+    Returns a reference to the element at with specified key @a key, with
+    bounds checking.
+
+    @param[in] key  key of the element to access
+
+    @return reference to the element at key @a key
+
+    @throw type_error.304 if the JSON value is not an object; in this case,
+    calling `at` with a key makes no sense. See example below.
+    @throw out_of_range.403 if the key @a key is is not stored in the object;
+    that is, `find(key) == end()`. See example below.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Logarithmic in the size of the container.
+
+    @sa @ref operator[](const typename object_t::key_type&) for unchecked
+    access by reference
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+
+    @liveexample{The example below shows how object elements can be read and
+    written using `at()`. It also demonstrates the different exceptions that
+    can be thrown.,at__object_t_key_type}
+    */
+    reference at(const typename object_t::key_type& key)
+    {
+        // at only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            JSON_TRY
+            {
+                return m_value.object->at(key);
+            }
+            JSON_CATCH (std::out_of_range&)
+            {
+                // create better exception explanation
+                JSON_THROW(out_of_range::create(403, "key '" + key + "' not found"));
+            }
+        }
+        else
+        {
+            JSON_THROW(type_error::create(304, "cannot use at() with " + std::string(type_name())));
+        }
+    }
+
+    /*!
+    @brief access specified object element with bounds checking
+
+    Returns a const reference to the element at with specified key @a key,
+    with bounds checking.
+
+    @param[in] key  key of the element to access
+
+    @return const reference to the element at key @a key
+
+    @throw type_error.304 if the JSON value is not an object; in this case,
+    calling `at` with a key makes no sense. See example below.
+    @throw out_of_range.403 if the key @a key is is not stored in the object;
+    that is, `find(key) == end()`. See example below.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Logarithmic in the size of the container.
+
+    @sa @ref operator[](const typename object_t::key_type&) for unchecked
+    access by reference
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+
+    @liveexample{The example below shows how object elements can be read using
+    `at()`. It also demonstrates the different exceptions that can be thrown.,
+    at__object_t_key_type_const}
+    */
+    const_reference at(const typename object_t::key_type& key) const
+    {
+        // at only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            JSON_TRY
+            {
+                return m_value.object->at(key);
+            }
+            JSON_CATCH (std::out_of_range&)
+            {
+                // create better exception explanation
+                JSON_THROW(out_of_range::create(403, "key '" + key + "' not found"));
+            }
+        }
+        else
+        {
+            JSON_THROW(type_error::create(304, "cannot use at() with " + std::string(type_name())));
+        }
+    }
+
+    /*!
+    @brief access specified array element
+
+    Returns a reference to the element at specified location @a idx.
+
+    @note If @a idx is beyond the range of the array (i.e., `idx >= size()`),
+    then the array is silently filled up with `null` values to make `idx` a
+    valid reference to the last stored element.
+
+    @param[in] idx  index of the element to access
+
+    @return reference to the element at index @a idx
+
+    @throw type_error.305 if the JSON value is not an array or null; in that
+    cases, using the [] operator with an index makes no sense.
+
+    @complexity Constant if @a idx is in the range of the array. Otherwise
+    linear in `idx - size()`.
+
+    @liveexample{The example below shows how array elements can be read and
+    written using `[]` operator. Note the addition of `null`
+    values.,operatorarray__size_type}
+
+    @since version 1.0.0
+    */
+    reference operator[](size_type idx)
+    {
+        // implicitly convert null value to an empty array
+        if (is_null())
+        {
+            m_type = value_t::array;
+            m_value.array = create<array_t>();
+            assert_invariant();
+        }
+
+        // operator[] only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            // fill up array with null values if given idx is outside range
+            if (idx >= m_value.array->size())
+            {
+                m_value.array->insert(m_value.array->end(),
+                                      idx - m_value.array->size() + 1,
+                                      basic_json());
+            }
+
+            return m_value.array->operator[](idx);
+        }
+
+        JSON_THROW(type_error::create(305, "cannot use operator[] with a numeric argument with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief access specified array element
+
+    Returns a const reference to the element at specified location @a idx.
+
+    @param[in] idx  index of the element to access
+
+    @return const reference to the element at index @a idx
+
+    @throw type_error.305 if the JSON value is not an array; in that case,
+    using the [] operator with an index makes no sense.
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how array elements can be read using
+    the `[]` operator.,operatorarray__size_type_const}
+
+    @since version 1.0.0
+    */
+    const_reference operator[](size_type idx) const
+    {
+        // const operator[] only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            return m_value.array->operator[](idx);
+        }
+
+        JSON_THROW(type_error::create(305, "cannot use operator[] with a numeric argument with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief access specified object element
+
+    Returns a reference to the element at with specified key @a key.
+
+    @note If @a key is not found in the object, then it is silently added to
+    the object and filled with a `null` value to make `key` a valid reference.
+    In case the value was `null` before, it is converted to an object.
+
+    @param[in] key  key of the element to access
+
+    @return reference to the element at key @a key
+
+    @throw type_error.305 if the JSON value is not an object or null; in that
+    cases, using the [] operator with a key makes no sense.
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read and
+    written using the `[]` operator.,operatorarray__key_type}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    reference operator[](const typename object_t::key_type& key)
+    {
+        // implicitly convert null value to an empty object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value.object = create<object_t>();
+            assert_invariant();
+        }
+
+        // operator[] only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            return m_value.object->operator[](key);
+        }
+
+        JSON_THROW(type_error::create(305, "cannot use operator[] with a string argument with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief read-only access specified object element
+
+    Returns a const reference to the element at with specified key @a key. No
+    bounds checking is performed.
+
+    @warning If the element with key @a key does not exist, the behavior is
+    undefined.
+
+    @param[in] key  key of the element to access
+
+    @return const reference to the element at key @a key
+
+    @pre The element with key @a key must exist. **This precondition is
+         enforced with an assertion.**
+
+    @throw type_error.305 if the JSON value is not an object; in that case,
+    using the [] operator with a key makes no sense.
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read using
+    the `[]` operator.,operatorarray__key_type_const}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    const_reference operator[](const typename object_t::key_type& key) const
+    {
+        // const operator[] only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            assert(m_value.object->find(key) != m_value.object->end());
+            return m_value.object->find(key)->second;
+        }
+
+        JSON_THROW(type_error::create(305, "cannot use operator[] with a string argument with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief access specified object element
+
+    Returns a reference to the element at with specified key @a key.
+
+    @note If @a key is not found in the object, then it is silently added to
+    the object and filled with a `null` value to make `key` a valid reference.
+    In case the value was `null` before, it is converted to an object.
+
+    @param[in] key  key of the element to access
+
+    @return reference to the element at key @a key
+
+    @throw type_error.305 if the JSON value is not an object or null; in that
+    cases, using the [] operator with a key makes no sense.
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read and
+    written using the `[]` operator.,operatorarray__key_type}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.1.0
+    */
+    template<typename T>
+    reference operator[](T* key)
+    {
+        // implicitly convert null to object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value = value_t::object;
+            assert_invariant();
+        }
+
+        // at only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            return m_value.object->operator[](key);
+        }
+
+        JSON_THROW(type_error::create(305, "cannot use operator[] with a string argument with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief read-only access specified object element
+
+    Returns a const reference to the element at with specified key @a key. No
+    bounds checking is performed.
+
+    @warning If the element with key @a key does not exist, the behavior is
+    undefined.
+
+    @param[in] key  key of the element to access
+
+    @return const reference to the element at key @a key
+
+    @pre The element with key @a key must exist. **This precondition is
+         enforced with an assertion.**
+
+    @throw type_error.305 if the JSON value is not an object; in that case,
+    using the [] operator with a key makes no sense.
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read using
+    the `[]` operator.,operatorarray__key_type_const}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.1.0
+    */
+    template<typename T>
+    const_reference operator[](T* key) const
+    {
+        // at only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            assert(m_value.object->find(key) != m_value.object->end());
+            return m_value.object->find(key)->second;
+        }
+
+        JSON_THROW(type_error::create(305, "cannot use operator[] with a string argument with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief access specified object element with default value
+
+    Returns either a copy of an object's element at the specified key @a key
+    or a given default value if no element with key @a key exists.
+
+    The function is basically equivalent to executing
+    @code {.cpp}
+    try {
+        return at(key);
+    } catch(out_of_range) {
+        return default_value;
+    }
+    @endcode
+
+    @note Unlike @ref at(const typename object_t::key_type&), this function
+    does not throw if the given key @a key was not found.
+
+    @note Unlike @ref operator[](const typename object_t::key_type& key), this
+    function does not implicitly add an element to the position defined by @a
+    key. This function is furthermore also applicable to const objects.
+
+    @param[in] key  key of the element to access
+    @param[in] default_value  the value to return if @a key is not found
+
+    @tparam ValueType type compatible to JSON values, for instance `int` for
+    JSON integer numbers, `bool` for JSON booleans, or `std::vector` types for
+    JSON arrays. Note the type of the expected value at @a key and the default
+    value @a default_value must be compatible.
+
+    @return copy of the element at key @a key or @a default_value if @a key
+    is not found
+
+    @throw type_error.306 if the JSON value is not an object; in that case,
+    using `value()` with a key makes no sense.
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be queried
+    with a default value.,basic_json__value}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref operator[](const typename object_t::key_type&) for unchecked
+    access by reference
+
+    @since version 1.0.0
+    */
+    template<class ValueType, typename std::enable_if<
+                 std::is_convertible<basic_json_t, ValueType>::value, int>::type = 0>
+    ValueType value(const typename object_t::key_type& key, const ValueType& default_value) const
+    {
+        // at only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            // if key is found, return value and given default value otherwise
+            const auto it = find(key);
+            if (it != end())
+            {
+                return *it;
+            }
+
+            return default_value;
+        }
+
+        JSON_THROW(type_error::create(306, "cannot use value() with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief overload for a default value of type const char*
+    @copydoc basic_json::value(const typename object_t::key_type&, const ValueType&) const
+    */
+    string_t value(const typename object_t::key_type& key, const char* default_value) const
+    {
+        return value(key, string_t(default_value));
+    }
+
+    /*!
+    @brief access specified object element via JSON Pointer with default value
+
+    Returns either a copy of an object's element at the specified key @a key
+    or a given default value if no element with key @a key exists.
+
+    The function is basically equivalent to executing
+    @code {.cpp}
+    try {
+        return at(ptr);
+    } catch(out_of_range) {
+        return default_value;
+    }
+    @endcode
+
+    @note Unlike @ref at(const json_pointer&), this function does not throw
+    if the given key @a key was not found.
+
+    @param[in] ptr  a JSON pointer to the element to access
+    @param[in] default_value  the value to return if @a ptr found no value
+
+    @tparam ValueType type compatible to JSON values, for instance `int` for
+    JSON integer numbers, `bool` for JSON booleans, or `std::vector` types for
+    JSON arrays. Note the type of the expected value at @a key and the default
+    value @a default_value must be compatible.
+
+    @return copy of the element at key @a key or @a default_value if @a key
+    is not found
+
+    @throw type_error.306 if the JSON value is not an object; in that case,
+    using `value()` with a key makes no sense.
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be queried
+    with a default value.,basic_json__value_ptr}
+
+    @sa @ref operator[](const json_pointer&) for unchecked access by reference
+
+    @since version 2.0.2
+    */
+    template<class ValueType, typename std::enable_if<
+                 std::is_convertible<basic_json_t, ValueType>::value, int>::type = 0>
+    ValueType value(const json_pointer& ptr, const ValueType& default_value) const
+    {
+        // at only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            // if pointer resolves a value, return it or use default value
+            JSON_TRY
+            {
+                return ptr.get_checked(this);
+            }
+            JSON_INTERNAL_CATCH (out_of_range&)
+            {
+                return default_value;
+            }
+        }
+
+        JSON_THROW(type_error::create(306, "cannot use value() with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief overload for a default value of type const char*
+    @copydoc basic_json::value(const json_pointer&, ValueType) const
+    */
+    string_t value(const json_pointer& ptr, const char* default_value) const
+    {
+        return value(ptr, string_t(default_value));
+    }
+
+    /*!
+    @brief access the first element
+
+    Returns a reference to the first element in the container. For a JSON
+    container `c`, the expression `c.front()` is equivalent to `*c.begin()`.
+
+    @return In case of a structured type (array or object), a reference to the
+    first element is returned. In case of number, string, or boolean values, a
+    reference to the value is returned.
+
+    @complexity Constant.
+
+    @pre The JSON value must not be `null` (would throw `std::out_of_range`)
+    or an empty array or object (undefined behavior, **guarded by
+    assertions**).
+    @post The JSON value remains unchanged.
+
+    @throw invalid_iterator.214 when called on `null` value
+
+    @liveexample{The following code shows an example for `front()`.,front}
+
+    @sa @ref back() -- access the last element
+
+    @since version 1.0.0
+    */
+    reference front()
+    {
+        return *begin();
+    }
+
+    /*!
+    @copydoc basic_json::front()
+    */
+    const_reference front() const
+    {
+        return *cbegin();
+    }
+
+    /*!
+    @brief access the last element
+
+    Returns a reference to the last element in the container. For a JSON
+    container `c`, the expression `c.back()` is equivalent to
+    @code {.cpp}
+    auto tmp = c.end();
+    --tmp;
+    return *tmp;
+    @endcode
+
+    @return In case of a structured type (array or object), a reference to the
+    last element is returned. In case of number, string, or boolean values, a
+    reference to the value is returned.
+
+    @complexity Constant.
+
+    @pre The JSON value must not be `null` (would throw `std::out_of_range`)
+    or an empty array or object (undefined behavior, **guarded by
+    assertions**).
+    @post The JSON value remains unchanged.
+
+    @throw invalid_iterator.214 when called on a `null` value. See example
+    below.
+
+    @liveexample{The following code shows an example for `back()`.,back}
+
+    @sa @ref front() -- access the first element
+
+    @since version 1.0.0
+    */
+    reference back()
+    {
+        auto tmp = end();
+        --tmp;
+        return *tmp;
+    }
+
+    /*!
+    @copydoc basic_json::back()
+    */
+    const_reference back() const
+    {
+        auto tmp = cend();
+        --tmp;
+        return *tmp;
+    }
+
+    /*!
+    @brief remove element given an iterator
+
+    Removes the element specified by iterator @a pos. The iterator @a pos must
+    be valid and dereferenceable. Thus the `end()` iterator (which is valid,
+    but is not dereferenceable) cannot be used as a value for @a pos.
+
+    If called on a primitive type other than `null`, the resulting JSON value
+    will be `null`.
+
+    @param[in] pos iterator to the element to remove
+    @return Iterator following the last removed element. If the iterator @a
+    pos refers to the last element, the `end()` iterator is returned.
+
+    @tparam IteratorType an @ref iterator or @ref const_iterator
+
+    @post Invalidates iterators and references at or after the point of the
+    erase, including the `end()` iterator.
+
+    @throw type_error.307 if called on a `null` value; example: `"cannot use
+    erase() with null"`
+    @throw invalid_iterator.202 if called on an iterator which does not belong
+    to the current JSON value; example: `"iterator does not fit current
+    value"`
+    @throw invalid_iterator.205 if called on a primitive type with invalid
+    iterator (i.e., any iterator which is not `begin()`); example: `"iterator
+    out of range"`
+
+    @complexity The complexity depends on the type:
+    - objects: amortized constant
+    - arrays: linear in distance between @a pos and the end of the container
+    - strings: linear in the length of the string
+    - other types: constant
+
+    @liveexample{The example shows the result of `erase()` for different JSON
+    types.,erase__IteratorType}
+
+    @sa @ref erase(IteratorType, IteratorType) -- removes the elements in
+    the given range
+    @sa @ref erase(const typename object_t::key_type&) -- removes the element
+    from an object at the given key
+    @sa @ref erase(const size_type) -- removes the element from an array at
+    the given index
+
+    @since version 1.0.0
+    */
+    template<class IteratorType, typename std::enable_if<
+                 std::is_same<IteratorType, typename basic_json_t::iterator>::value or
+                 std::is_same<IteratorType, typename basic_json_t::const_iterator>::value, int>::type
+             = 0>
+    IteratorType erase(IteratorType pos)
+    {
+        // make sure iterator fits the current value
+        if (JSON_UNLIKELY(this != pos.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(202, "iterator does not fit current value"));
+        }
+
+        IteratorType result = end();
+
+        switch (m_type)
+        {
+            case value_t::boolean:
+            case value_t::number_float:
+            case value_t::number_integer:
+            case value_t::number_unsigned:
+            case value_t::string:
+            {
+                if (JSON_UNLIKELY(not pos.m_it.primitive_iterator.is_begin()))
+                {
+                    JSON_THROW(invalid_iterator::create(205, "iterator out of range"));
+                }
+
+                if (is_string())
+                {
+                    AllocatorType<string_t> alloc;
+                    std::allocator_traits<decltype(alloc)>::destroy(alloc, m_value.string);
+                    std::allocator_traits<decltype(alloc)>::deallocate(alloc, m_value.string, 1);
+                    m_value.string = nullptr;
+                }
+
+                m_type = value_t::null;
+                assert_invariant();
+                break;
+            }
+
+            case value_t::object:
+            {
+                result.m_it.object_iterator = m_value.object->erase(pos.m_it.object_iterator);
+                break;
+            }
+
+            case value_t::array:
+            {
+                result.m_it.array_iterator = m_value.array->erase(pos.m_it.array_iterator);
+                break;
+            }
+
+            default:
+                JSON_THROW(type_error::create(307, "cannot use erase() with " + std::string(type_name())));
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief remove elements given an iterator range
+
+    Removes the element specified by the range `[first; last)`. The iterator
+    @a first does not need to be dereferenceable if `first == last`: erasing
+    an empty range is a no-op.
+
+    If called on a primitive type other than `null`, the resulting JSON value
+    will be `null`.
+
+    @param[in] first iterator to the beginning of the range to remove
+    @param[in] last iterator past the end of the range to remove
+    @return Iterator following the last removed element. If the iterator @a
+    second refers to the last element, the `end()` iterator is returned.
+
+    @tparam IteratorType an @ref iterator or @ref const_iterator
+
+    @post Invalidates iterators and references at or after the point of the
+    erase, including the `end()` iterator.
+
+    @throw type_error.307 if called on a `null` value; example: `"cannot use
+    erase() with null"`
+    @throw invalid_iterator.203 if called on iterators which does not belong
+    to the current JSON value; example: `"iterators do not fit current value"`
+    @throw invalid_iterator.204 if called on a primitive type with invalid
+    iterators (i.e., if `first != begin()` and `last != end()`); example:
+    `"iterators out of range"`
+
+    @complexity The complexity depends on the type:
+    - objects: `log(size()) + std::distance(first, last)`
+    - arrays: linear in the distance between @a first and @a last, plus linear
+      in the distance between @a last and end of the container
+    - strings: linear in the length of the string
+    - other types: constant
+
+    @liveexample{The example shows the result of `erase()` for different JSON
+    types.,erase__IteratorType_IteratorType}
+
+    @sa @ref erase(IteratorType) -- removes the element at a given position
+    @sa @ref erase(const typename object_t::key_type&) -- removes the element
+    from an object at the given key
+    @sa @ref erase(const size_type) -- removes the element from an array at
+    the given index
+
+    @since version 1.0.0
+    */
+    template<class IteratorType, typename std::enable_if<
+                 std::is_same<IteratorType, typename basic_json_t::iterator>::value or
+                 std::is_same<IteratorType, typename basic_json_t::const_iterator>::value, int>::type
+             = 0>
+    IteratorType erase(IteratorType first, IteratorType last)
+    {
+        // make sure iterator fits the current value
+        if (JSON_UNLIKELY(this != first.m_object or this != last.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(203, "iterators do not fit current value"));
+        }
+
+        IteratorType result = end();
+
+        switch (m_type)
+        {
+            case value_t::boolean:
+            case value_t::number_float:
+            case value_t::number_integer:
+            case value_t::number_unsigned:
+            case value_t::string:
+            {
+                if (JSON_LIKELY(not first.m_it.primitive_iterator.is_begin()
+                                or not last.m_it.primitive_iterator.is_end()))
+                {
+                    JSON_THROW(invalid_iterator::create(204, "iterators out of range"));
+                }
+
+                if (is_string())
+                {
+                    AllocatorType<string_t> alloc;
+                    std::allocator_traits<decltype(alloc)>::destroy(alloc, m_value.string);
+                    std::allocator_traits<decltype(alloc)>::deallocate(alloc, m_value.string, 1);
+                    m_value.string = nullptr;
+                }
+
+                m_type = value_t::null;
+                assert_invariant();
+                break;
+            }
+
+            case value_t::object:
+            {
+                result.m_it.object_iterator = m_value.object->erase(first.m_it.object_iterator,
+                                              last.m_it.object_iterator);
+                break;
+            }
+
+            case value_t::array:
+            {
+                result.m_it.array_iterator = m_value.array->erase(first.m_it.array_iterator,
+                                             last.m_it.array_iterator);
+                break;
+            }
+
+            default:
+                JSON_THROW(type_error::create(307, "cannot use erase() with " + std::string(type_name())));
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief remove element from a JSON object given a key
+
+    Removes elements from a JSON object with the key value @a key.
+
+    @param[in] key value of the elements to remove
+
+    @return Number of elements removed. If @a ObjectType is the default
+    `std::map` type, the return value will always be `0` (@a key was not
+    found) or `1` (@a key was found).
+
+    @post References and iterators to the erased elements are invalidated.
+    Other references and iterators are not affected.
+
+    @throw type_error.307 when called on a type other than JSON object;
+    example: `"cannot use erase() with null"`
+
+    @complexity `log(size()) + count(key)`
+
+    @liveexample{The example shows the effect of `erase()`.,erase__key_type}
+
+    @sa @ref erase(IteratorType) -- removes the element at a given position
+    @sa @ref erase(IteratorType, IteratorType) -- removes the elements in
+    the given range
+    @sa @ref erase(const size_type) -- removes the element from an array at
+    the given index
+
+    @since version 1.0.0
+    */
+    size_type erase(const typename object_t::key_type& key)
+    {
+        // this erase only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            return m_value.object->erase(key);
+        }
+
+        JSON_THROW(type_error::create(307, "cannot use erase() with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief remove element from a JSON array given an index
+
+    Removes element from a JSON array at the index @a idx.
+
+    @param[in] idx index of the element to remove
+
+    @throw type_error.307 when called on a type other than JSON object;
+    example: `"cannot use erase() with null"`
+    @throw out_of_range.401 when `idx >= size()`; example: `"array index 17
+    is out of range"`
+
+    @complexity Linear in distance between @a idx and the end of the container.
+
+    @liveexample{The example shows the effect of `erase()`.,erase__size_type}
+
+    @sa @ref erase(IteratorType) -- removes the element at a given position
+    @sa @ref erase(IteratorType, IteratorType) -- removes the elements in
+    the given range
+    @sa @ref erase(const typename object_t::key_type&) -- removes the element
+    from an object at the given key
+
+    @since version 1.0.0
+    */
+    void erase(const size_type idx)
+    {
+        // this erase only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            if (JSON_UNLIKELY(idx >= size()))
+            {
+                JSON_THROW(out_of_range::create(401, "array index " + std::to_string(idx) + " is out of range"));
+            }
+
+            m_value.array->erase(m_value.array->begin() + static_cast<difference_type>(idx));
+        }
+        else
+        {
+            JSON_THROW(type_error::create(307, "cannot use erase() with " + std::string(type_name())));
+        }
+    }
+
+    /// @}
+
+
+    ////////////
+    // lookup //
+    ////////////
+
+    /// @name lookup
+    /// @{
+
+    /*!
+    @brief find an element in a JSON object
+
+    Finds an element in a JSON object with key equivalent to @a key. If the
+    element is not found or the JSON value is not an object, end() is
+    returned.
+
+    @note This method always returns @ref end() when executed on a JSON type
+          that is not an object.
+
+    @param[in] key key value of the element to search for.
+
+    @return Iterator to an element with key equivalent to @a key. If no such
+    element is found or the JSON value is not an object, past-the-end (see
+    @ref end()) iterator is returned.
+
+    @complexity Logarithmic in the size of the JSON object.
+
+    @liveexample{The example shows how `find()` is used.,find__key_type}
+
+    @since version 1.0.0
+    */
+    template<typename KeyT>
+    iterator find(KeyT&& key)
+    {
+        auto result = end();
+
+        if (is_object())
+        {
+            result.m_it.object_iterator = m_value.object->find(std::forward<KeyT>(key));
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief find an element in a JSON object
+    @copydoc find(KeyT&&)
+    */
+    template<typename KeyT>
+    const_iterator find(KeyT&& key) const
+    {
+        auto result = cend();
+
+        if (is_object())
+        {
+            result.m_it.object_iterator = m_value.object->find(std::forward<KeyT>(key));
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief returns the number of occurrences of a key in a JSON object
+
+    Returns the number of elements with key @a key. If ObjectType is the
+    default `std::map` type, the return value will always be `0` (@a key was
+    not found) or `1` (@a key was found).
+
+    @note This method always returns `0` when executed on a JSON type that is
+          not an object.
+
+    @param[in] key key value of the element to count
+
+    @return Number of elements with key @a key. If the JSON value is not an
+    object, the return value will be `0`.
+
+    @complexity Logarithmic in the size of the JSON object.
+
+    @liveexample{The example shows how `count()` is used.,count}
+
+    @since version 1.0.0
+    */
+    template<typename KeyT>
+    size_type count(KeyT&& key) const
+    {
+        // return 0 for all nonobject types
+        return is_object() ? m_value.object->count(std::forward<KeyT>(key)) : 0;
+    }
+
+    /// @}
+
+
+    ///////////////
+    // iterators //
+    ///////////////
+
+    /// @name iterators
+    /// @{
+
+    /*!
+    @brief returns an iterator to the first element
+
+    Returns an iterator to the first element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return iterator to the first element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is constant.
+
+    @liveexample{The following code shows an example for `begin()`.,begin}
+
+    @sa @ref cbegin() -- returns a const iterator to the beginning
+    @sa @ref end() -- returns an iterator to the end
+    @sa @ref cend() -- returns a const iterator to the end
+
+    @since version 1.0.0
+    */
+    iterator begin() noexcept
+    {
+        iterator result(this);
+        result.set_begin();
+        return result;
+    }
+
+    /*!
+    @copydoc basic_json::cbegin()
+    */
+    const_iterator begin() const noexcept
+    {
+        return cbegin();
+    }
+
+    /*!
+    @brief returns a const iterator to the first element
+
+    Returns a const iterator to the first element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return const iterator to the first element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).begin()`.
+
+    @liveexample{The following code shows an example for `cbegin()`.,cbegin}
+
+    @sa @ref begin() -- returns an iterator to the beginning
+    @sa @ref end() -- returns an iterator to the end
+    @sa @ref cend() -- returns a const iterator to the end
+
+    @since version 1.0.0
+    */
+    const_iterator cbegin() const noexcept
+    {
+        const_iterator result(this);
+        result.set_begin();
+        return result;
+    }
+
+    /*!
+    @brief returns an iterator to one past the last element
+
+    Returns an iterator to one past the last element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return iterator one past the last element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is constant.
+
+    @liveexample{The following code shows an example for `end()`.,end}
+
+    @sa @ref cend() -- returns a const iterator to the end
+    @sa @ref begin() -- returns an iterator to the beginning
+    @sa @ref cbegin() -- returns a const iterator to the beginning
+
+    @since version 1.0.0
+    */
+    iterator end() noexcept
+    {
+        iterator result(this);
+        result.set_end();
+        return result;
+    }
+
+    /*!
+    @copydoc basic_json::cend()
+    */
+    const_iterator end() const noexcept
+    {
+        return cend();
+    }
+
+    /*!
+    @brief returns a const iterator to one past the last element
+
+    Returns a const iterator to one past the last element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return const iterator one past the last element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).end()`.
+
+    @liveexample{The following code shows an example for `cend()`.,cend}
+
+    @sa @ref end() -- returns an iterator to the end
+    @sa @ref begin() -- returns an iterator to the beginning
+    @sa @ref cbegin() -- returns a const iterator to the beginning
+
+    @since version 1.0.0
+    */
+    const_iterator cend() const noexcept
+    {
+        const_iterator result(this);
+        result.set_end();
+        return result;
+    }
+
+    /*!
+    @brief returns an iterator to the reverse-beginning
+
+    Returns an iterator to the reverse-beginning; that is, the last element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](https://en.cppreference.com/w/cpp/named_req/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `reverse_iterator(end())`.
+
+    @liveexample{The following code shows an example for `rbegin()`.,rbegin}
+
+    @sa @ref crbegin() -- returns a const reverse iterator to the beginning
+    @sa @ref rend() -- returns a reverse iterator to the end
+    @sa @ref crend() -- returns a const reverse iterator to the end
+
+    @since version 1.0.0
+    */
+    reverse_iterator rbegin() noexcept
+    {
+        return reverse_iterator(end());
+    }
+
+    /*!
+    @copydoc basic_json::crbegin()
+    */
+    const_reverse_iterator rbegin() const noexcept
+    {
+        return crbegin();
+    }
+
+    /*!
+    @brief returns an iterator to the reverse-end
+
+    Returns an iterator to the reverse-end; that is, one before the first
+    element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](https://en.cppreference.com/w/cpp/named_req/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `reverse_iterator(begin())`.
+
+    @liveexample{The following code shows an example for `rend()`.,rend}
+
+    @sa @ref crend() -- returns a const reverse iterator to the end
+    @sa @ref rbegin() -- returns a reverse iterator to the beginning
+    @sa @ref crbegin() -- returns a const reverse iterator to the beginning
+
+    @since version 1.0.0
+    */
+    reverse_iterator rend() noexcept
+    {
+        return reverse_iterator(begin());
+    }
+
+    /*!
+    @copydoc basic_json::crend()
+    */
+    const_reverse_iterator rend() const noexcept
+    {
+        return crend();
+    }
+
+    /*!
+    @brief returns a const reverse iterator to the last element
+
+    Returns a const iterator to the reverse-beginning; that is, the last
+    element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](https://en.cppreference.com/w/cpp/named_req/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).rbegin()`.
+
+    @liveexample{The following code shows an example for `crbegin()`.,crbegin}
+
+    @sa @ref rbegin() -- returns a reverse iterator to the beginning
+    @sa @ref rend() -- returns a reverse iterator to the end
+    @sa @ref crend() -- returns a const reverse iterator to the end
+
+    @since version 1.0.0
+    */
+    const_reverse_iterator crbegin() const noexcept
+    {
+        return const_reverse_iterator(cend());
+    }
+
+    /*!
+    @brief returns a const reverse iterator to one before the first
+
+    Returns a const reverse iterator to the reverse-end; that is, one before
+    the first element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](https://en.cppreference.com/w/cpp/named_req/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).rend()`.
+
+    @liveexample{The following code shows an example for `crend()`.,crend}
+
+    @sa @ref rend() -- returns a reverse iterator to the end
+    @sa @ref rbegin() -- returns a reverse iterator to the beginning
+    @sa @ref crbegin() -- returns a const reverse iterator to the beginning
+
+    @since version 1.0.0
+    */
+    const_reverse_iterator crend() const noexcept
+    {
+        return const_reverse_iterator(cbegin());
+    }
+
+  public:
+    /*!
+    @brief wrapper to access iterator member functions in range-based for
+
+    This function allows to access @ref iterator::key() and @ref
+    iterator::value() during range-based for loops. In these loops, a
+    reference to the JSON values is returned, so there is no access to the
+    underlying iterator.
+
+    For loop without iterator_wrapper:
+
+    @code{cpp}
+    for (auto it = j_object.begin(); it != j_object.end(); ++it)
+    {
+        std::cout << "key: " << it.key() << ", value:" << it.value() << '\n';
+    }
+    @endcode
+
+    Range-based for loop without iterator proxy:
+
+    @code{cpp}
+    for (auto it : j_object)
+    {
+        // "it" is of type json::reference and has no key() member
+        std::cout << "value: " << it << '\n';
+    }
+    @endcode
+
+    Range-based for loop with iterator proxy:
+
+    @code{cpp}
+    for (auto it : json::iterator_wrapper(j_object))
+    {
+        std::cout << "key: " << it.key() << ", value:" << it.value() << '\n';
+    }
+    @endcode
+
+    @note When iterating over an array, `key()` will return the index of the
+          element as string (see example).
+
+    @param[in] ref  reference to a JSON value
+    @return iteration proxy object wrapping @a ref with an interface to use in
+            range-based for loops
+
+    @liveexample{The following code shows how the wrapper is used,iterator_wrapper}
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Constant.
+
+    @note The name of this function is not yet final and may change in the
+    future.
+
+    @deprecated This stream operator is deprecated and will be removed in
+                future 4.0.0 of the library. Please use @ref items() instead;
+                that is, replace `json::iterator_wrapper(j)` with `j.items()`.
+    */
+    JSON_DEPRECATED
+    static iteration_proxy<iterator> iterator_wrapper(reference ref) noexcept
+    {
+        return ref.items();
+    }
+
+    /*!
+    @copydoc iterator_wrapper(reference)
+    */
+    JSON_DEPRECATED
+    static iteration_proxy<const_iterator> iterator_wrapper(const_reference ref) noexcept
+    {
+        return ref.items();
+    }
+
+    /*!
+    @brief helper to access iterator member functions in range-based for
+
+    This function allows to access @ref iterator::key() and @ref
+    iterator::value() during range-based for loops. In these loops, a
+    reference to the JSON values is returned, so there is no access to the
+    underlying iterator.
+
+    For loop without `items()` function:
+
+    @code{cpp}
+    for (auto it = j_object.begin(); it != j_object.end(); ++it)
+    {
+        std::cout << "key: " << it.key() << ", value:" << it.value() << '\n';
+    }
+    @endcode
+
+    Range-based for loop without `items()` function:
+
+    @code{cpp}
+    for (auto it : j_object)
+    {
+        // "it" is of type json::reference and has no key() member
+        std::cout << "value: " << it << '\n';
+    }
+    @endcode
+
+    Range-based for loop with `items()` function:
+
+    @code{cpp}
+    for (auto& el : j_object.items())
+    {
+        std::cout << "key: " << el.key() << ", value:" << el.value() << '\n';
+    }
+    @endcode
+
+    The `items()` function also allows to use
+    [structured bindings](https://en.cppreference.com/w/cpp/language/structured_binding)
+    (C++17):
+
+    @code{cpp}
+    for (auto& [key, val] : j_object.items())
+    {
+        std::cout << "key: " << key << ", value:" << val << '\n';
+    }
+    @endcode
+
+    @note When iterating over an array, `key()` will return the index of the
+          element as string (see example). For primitive types (e.g., numbers),
+          `key()` returns an empty string.
+
+    @return iteration proxy object wrapping @a ref with an interface to use in
+            range-based for loops
+
+    @liveexample{The following code shows how the function is used.,items}
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Constant.
+
+    @since version 3.1.0, structured bindings support since 3.5.0.
+    */
+    iteration_proxy<iterator> items() noexcept
+    {
+        return iteration_proxy<iterator>(*this);
+    }
+
+    /*!
+    @copydoc items()
+    */
+    iteration_proxy<const_iterator> items() const noexcept
+    {
+        return iteration_proxy<const_iterator>(*this);
+    }
+
+    /// @}
+
+
+    //////////////
+    // capacity //
+    //////////////
+
+    /// @name capacity
+    /// @{
+
+    /*!
+    @brief checks whether the container is empty.
+
+    Checks if a JSON value has no elements (i.e. whether its @ref size is `0`).
+
+    @return The return value depends on the different types and is
+            defined as follows:
+            Value type  | return value
+            ----------- | -------------
+            null        | `true`
+            boolean     | `false`
+            string      | `false`
+            number      | `false`
+            object      | result of function `object_t::empty()`
+            array       | result of function `array_t::empty()`
+
+    @liveexample{The following code uses `empty()` to check if a JSON
+    object contains any elements.,empty}
+
+    @complexity Constant, as long as @ref array_t and @ref object_t satisfy
+    the Container concept; that is, their `empty()` functions have constant
+    complexity.
+
+    @iterators No changes.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @note This function does not return whether a string stored as JSON value
+    is empty - it returns whether the JSON container itself is empty which is
+    false in the case of a string.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `begin() == end()`.
+
+    @sa @ref size() -- returns the number of elements
+
+    @since version 1.0.0
+    */
+    bool empty() const noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::null:
+            {
+                // null values are empty
+                return true;
+            }
+
+            case value_t::array:
+            {
+                // delegate call to array_t::empty()
+                return m_value.array->empty();
+            }
+
+            case value_t::object:
+            {
+                // delegate call to object_t::empty()
+                return m_value.object->empty();
+            }
+
+            default:
+            {
+                // all other types are nonempty
+                return false;
+            }
+        }
+    }
+
+    /*!
+    @brief returns the number of elements
+
+    Returns the number of elements in a JSON value.
+
+    @return The return value depends on the different types and is
+            defined as follows:
+            Value type  | return value
+            ----------- | -------------
+            null        | `0`
+            boolean     | `1`
+            string      | `1`
+            number      | `1`
+            object      | result of function object_t::size()
+            array       | result of function array_t::size()
+
+    @liveexample{The following code calls `size()` on the different value
+    types.,size}
+
+    @complexity Constant, as long as @ref array_t and @ref object_t satisfy
+    the Container concept; that is, their size() functions have constant
+    complexity.
+
+    @iterators No changes.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @note This function does not return the length of a string stored as JSON
+    value - it returns the number of elements in the JSON value which is 1 in
+    the case of a string.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `std::distance(begin(), end())`.
+
+    @sa @ref empty() -- checks whether the container is empty
+    @sa @ref max_size() -- returns the maximal number of elements
+
+    @since version 1.0.0
+    */
+    size_type size() const noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::null:
+            {
+                // null values are empty
+                return 0;
+            }
+
+            case value_t::array:
+            {
+                // delegate call to array_t::size()
+                return m_value.array->size();
+            }
+
+            case value_t::object:
+            {
+                // delegate call to object_t::size()
+                return m_value.object->size();
+            }
+
+            default:
+            {
+                // all other types have size 1
+                return 1;
+            }
+        }
+    }
+
+    /*!
+    @brief returns the maximum possible number of elements
+
+    Returns the maximum number of elements a JSON value is able to hold due to
+    system or library implementation limitations, i.e. `std::distance(begin(),
+    end())` for the JSON value.
+
+    @return The return value depends on the different types and is
+            defined as follows:
+            Value type  | return value
+            ----------- | -------------
+            null        | `0` (same as `size()`)
+            boolean     | `1` (same as `size()`)
+            string      | `1` (same as `size()`)
+            number      | `1` (same as `size()`)
+            object      | result of function `object_t::max_size()`
+            array       | result of function `array_t::max_size()`
+
+    @liveexample{The following code calls `max_size()` on the different value
+    types. Note the output is implementation specific.,max_size}
+
+    @complexity Constant, as long as @ref array_t and @ref object_t satisfy
+    the Container concept; that is, their `max_size()` functions have constant
+    complexity.
+
+    @iterators No changes.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](https://en.cppreference.com/w/cpp/named_req/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of returning `b.size()` where `b` is the largest
+      possible JSON value.
+
+    @sa @ref size() -- returns the number of elements
+
+    @since version 1.0.0
+    */
+    size_type max_size() const noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::array:
+            {
+                // delegate call to array_t::max_size()
+                return m_value.array->max_size();
+            }
+
+            case value_t::object:
+            {
+                // delegate call to object_t::max_size()
+                return m_value.object->max_size();
+            }
+
+            default:
+            {
+                // all other types have max_size() == size()
+                return size();
+            }
+        }
+    }
+
+    /// @}
+
+
+    ///////////////
+    // modifiers //
+    ///////////////
+
+    /// @name modifiers
+    /// @{
+
+    /*!
+    @brief clears the contents
+
+    Clears the content of a JSON value and resets it to the default value as
+    if @ref basic_json(value_t) would have been called with the current value
+    type from @ref type():
+
+    Value type  | initial value
+    ----------- | -------------
+    null        | `null`
+    boolean     | `false`
+    string      | `""`
+    number      | `0`
+    object      | `{}`
+    array       | `[]`
+
+    @post Has the same effect as calling
+    @code {.cpp}
+    *this = basic_json(type());
+    @endcode
+
+    @liveexample{The example below shows the effect of `clear()` to different
+    JSON types.,clear}
+
+    @complexity Linear in the size of the JSON value.
+
+    @iterators All iterators, pointers and references related to this container
+               are invalidated.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @sa @ref basic_json(value_t) -- constructor that creates an object with the
+        same value than calling `clear()`
+
+    @since version 1.0.0
+    */
+    void clear() noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::number_integer:
+            {
+                m_value.number_integer = 0;
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                m_value.number_unsigned = 0;
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                m_value.number_float = 0.0;
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                m_value.boolean = false;
+                break;
+            }
+
+            case value_t::string:
+            {
+                m_value.string->clear();
+                break;
+            }
+
+            case value_t::array:
+            {
+                m_value.array->clear();
+                break;
+            }
+
+            case value_t::object:
+            {
+                m_value.object->clear();
+                break;
+            }
+
+            default:
+                break;
+        }
+    }
+
+    /*!
+    @brief add an object to an array
+
+    Appends the given element @a val to the end of the JSON value. If the
+    function is called on a JSON null value, an empty array is created before
+    appending @a val.
+
+    @param[in] val the value to add to the JSON array
+
+    @throw type_error.308 when called on a type other than JSON array or
+    null; example: `"cannot use push_back() with number"`
+
+    @complexity Amortized constant.
+
+    @liveexample{The example shows how `push_back()` and `+=` can be used to
+    add elements to a JSON array. Note how the `null` value was silently
+    converted to a JSON array.,push_back}
+
+    @since version 1.0.0
+    */
+    void push_back(basic_json&& val)
+    {
+        // push_back only works for null objects or arrays
+        if (JSON_UNLIKELY(not(is_null() or is_array())))
+        {
+            JSON_THROW(type_error::create(308, "cannot use push_back() with " + std::string(type_name())));
+        }
+
+        // transform null object into an array
+        if (is_null())
+        {
+            m_type = value_t::array;
+            m_value = value_t::array;
+            assert_invariant();
+        }
+
+        // add element to array (move semantics)
+        m_value.array->push_back(std::move(val));
+        // invalidate object
+        val.m_type = value_t::null;
+    }
+
+    /*!
+    @brief add an object to an array
+    @copydoc push_back(basic_json&&)
+    */
+    reference operator+=(basic_json&& val)
+    {
+        push_back(std::move(val));
+        return *this;
+    }
+
+    /*!
+    @brief add an object to an array
+    @copydoc push_back(basic_json&&)
+    */
+    void push_back(const basic_json& val)
+    {
+        // push_back only works for null objects or arrays
+        if (JSON_UNLIKELY(not(is_null() or is_array())))
+        {
+            JSON_THROW(type_error::create(308, "cannot use push_back() with " + std::string(type_name())));
+        }
+
+        // transform null object into an array
+        if (is_null())
+        {
+            m_type = value_t::array;
+            m_value = value_t::array;
+            assert_invariant();
+        }
+
+        // add element to array
+        m_value.array->push_back(val);
+    }
+
+    /*!
+    @brief add an object to an array
+    @copydoc push_back(basic_json&&)
+    */
+    reference operator+=(const basic_json& val)
+    {
+        push_back(val);
+        return *this;
+    }
+
+    /*!
+    @brief add an object to an object
+
+    Inserts the given element @a val to the JSON object. If the function is
+    called on a JSON null value, an empty object is created before inserting
+    @a val.
+
+    @param[in] val the value to add to the JSON object
+
+    @throw type_error.308 when called on a type other than JSON object or
+    null; example: `"cannot use push_back() with number"`
+
+    @complexity Logarithmic in the size of the container, O(log(`size()`)).
+
+    @liveexample{The example shows how `push_back()` and `+=` can be used to
+    add elements to a JSON object. Note how the `null` value was silently
+    converted to a JSON object.,push_back__object_t__value}
+
+    @since version 1.0.0
+    */
+    void push_back(const typename object_t::value_type& val)
+    {
+        // push_back only works for null objects or objects
+        if (JSON_UNLIKELY(not(is_null() or is_object())))
+        {
+            JSON_THROW(type_error::create(308, "cannot use push_back() with " + std::string(type_name())));
+        }
+
+        // transform null object into an object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value = value_t::object;
+            assert_invariant();
+        }
+
+        // add element to array
+        m_value.object->insert(val);
+    }
+
+    /*!
+    @brief add an object to an object
+    @copydoc push_back(const typename object_t::value_type&)
+    */
+    reference operator+=(const typename object_t::value_type& val)
+    {
+        push_back(val);
+        return *this;
+    }
+
+    /*!
+    @brief add an object to an object
+
+    This function allows to use `push_back` with an initializer list. In case
+
+    1. the current value is an object,
+    2. the initializer list @a init contains only two elements, and
+    3. the first element of @a init is a string,
+
+    @a init is converted into an object element and added using
+    @ref push_back(const typename object_t::value_type&). Otherwise, @a init
+    is converted to a JSON value and added using @ref push_back(basic_json&&).
+
+    @param[in] init  an initializer list
+
+    @complexity Linear in the size of the initializer list @a init.
+
+    @note This function is required to resolve an ambiguous overload error,
+          because pairs like `{"key", "value"}` can be both interpreted as
+          `object_t::value_type` or `std::initializer_list<basic_json>`, see
+          https://github.com/nlohmann/json/issues/235 for more information.
+
+    @liveexample{The example shows how initializer lists are treated as
+    objects when possible.,push_back__initializer_list}
+    */
+    void push_back(initializer_list_t init)
+    {
+        if (is_object() and init.size() == 2 and (*init.begin())->is_string())
+        {
+            basic_json&& key = init.begin()->moved_or_copied();
+            push_back(typename object_t::value_type(
+                          std::move(key.get_ref<string_t&>()), (init.begin() + 1)->moved_or_copied()));
+        }
+        else
+        {
+            push_back(basic_json(init));
+        }
+    }
+
+    /*!
+    @brief add an object to an object
+    @copydoc push_back(initializer_list_t)
+    */
+    reference operator+=(initializer_list_t init)
+    {
+        push_back(init);
+        return *this;
+    }
+
+    /*!
+    @brief add an object to an array
+
+    Creates a JSON value from the passed parameters @a args to the end of the
+    JSON value. If the function is called on a JSON null value, an empty array
+    is created before appending the value created from @a args.
+
+    @param[in] args arguments to forward to a constructor of @ref basic_json
+    @tparam Args compatible types to create a @ref basic_json object
+
+    @throw type_error.311 when called on a type other than JSON array or
+    null; example: `"cannot use emplace_back() with number"`
+
+    @complexity Amortized constant.
+
+    @liveexample{The example shows how `push_back()` can be used to add
+    elements to a JSON array. Note how the `null` value was silently converted
+    to a JSON array.,emplace_back}
+
+    @since version 2.0.8
+    */
+    template<class... Args>
+    void emplace_back(Args&& ... args)
+    {
+        // emplace_back only works for null objects or arrays
+        if (JSON_UNLIKELY(not(is_null() or is_array())))
+        {
+            JSON_THROW(type_error::create(311, "cannot use emplace_back() with " + std::string(type_name())));
+        }
+
+        // transform null object into an array
+        if (is_null())
+        {
+            m_type = value_t::array;
+            m_value = value_t::array;
+            assert_invariant();
+        }
+
+        // add element to array (perfect forwarding)
+        m_value.array->emplace_back(std::forward<Args>(args)...);
+    }
+
+    /*!
+    @brief add an object to an object if key does not exist
+
+    Inserts a new element into a JSON object constructed in-place with the
+    given @a args if there is no element with the key in the container. If the
+    function is called on a JSON null value, an empty object is created before
+    appending the value created from @a args.
+
+    @param[in] args arguments to forward to a constructor of @ref basic_json
+    @tparam Args compatible types to create a @ref basic_json object
+
+    @return a pair consisting of an iterator to the inserted element, or the
+            already-existing element if no insertion happened, and a bool
+            denoting whether the insertion took place.
+
+    @throw type_error.311 when called on a type other than JSON object or
+    null; example: `"cannot use emplace() with number"`
+
+    @complexity Logarithmic in the size of the container, O(log(`size()`)).
+
+    @liveexample{The example shows how `emplace()` can be used to add elements
+    to a JSON object. Note how the `null` value was silently converted to a
+    JSON object. Further note how no value is added if there was already one
+    value stored with the same key.,emplace}
+
+    @since version 2.0.8
+    */
+    template<class... Args>
+    std::pair<iterator, bool> emplace(Args&& ... args)
+    {
+        // emplace only works for null objects or arrays
+        if (JSON_UNLIKELY(not(is_null() or is_object())))
+        {
+            JSON_THROW(type_error::create(311, "cannot use emplace() with " + std::string(type_name())));
+        }
+
+        // transform null object into an object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value = value_t::object;
+            assert_invariant();
+        }
+
+        // add element to array (perfect forwarding)
+        auto res = m_value.object->emplace(std::forward<Args>(args)...);
+        // create result iterator and set iterator to the result of emplace
+        auto it = begin();
+        it.m_it.object_iterator = res.first;
+
+        // return pair of iterator and boolean
+        return {it, res.second};
+    }
+
+    /// Helper for insertion of an iterator
+    /// @note: This uses std::distance to support GCC 4.8,
+    ///        see https://github.com/nlohmann/json/pull/1257
+    template<typename... Args>
+    iterator insert_iterator(const_iterator pos, Args&& ... args)
+    {
+        iterator result(this);
+        assert(m_value.array != nullptr);
+
+        auto insert_pos = std::distance(m_value.array->begin(), pos.m_it.array_iterator);
+        m_value.array->insert(pos.m_it.array_iterator, std::forward<Args>(args)...);
+        result.m_it.array_iterator = m_value.array->begin() + insert_pos;
+
+        // This could have been written as:
+        // result.m_it.array_iterator = m_value.array->insert(pos.m_it.array_iterator, cnt, val);
+        // but the return value of insert is missing in GCC 4.8, so it is written this way instead.
+
+        return result;
+    }
+
+    /*!
+    @brief inserts element
+
+    Inserts element @a val before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] val element to insert
+    @return iterator pointing to the inserted @a val.
+
+    @throw type_error.309 if called on JSON values other than arrays;
+    example: `"cannot use insert() with string"`
+    @throw invalid_iterator.202 if @a pos is not an iterator of *this;
+    example: `"iterator does not fit current value"`
+
+    @complexity Constant plus linear in the distance between @a pos and end of
+    the container.
+
+    @liveexample{The example shows how `insert()` is used.,insert}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, const basic_json& val)
+    {
+        // insert only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            // check if iterator pos fits to this JSON value
+            if (JSON_UNLIKELY(pos.m_object != this))
+            {
+                JSON_THROW(invalid_iterator::create(202, "iterator does not fit current value"));
+            }
+
+            // insert to array and return iterator
+            return insert_iterator(pos, val);
+        }
+
+        JSON_THROW(type_error::create(309, "cannot use insert() with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief inserts element
+    @copydoc insert(const_iterator, const basic_json&)
+    */
+    iterator insert(const_iterator pos, basic_json&& val)
+    {
+        return insert(pos, val);
+    }
+
+    /*!
+    @brief inserts elements
+
+    Inserts @a cnt copies of @a val before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] cnt number of copies of @a val to insert
+    @param[in] val element to insert
+    @return iterator pointing to the first element inserted, or @a pos if
+    `cnt==0`
+
+    @throw type_error.309 if called on JSON values other than arrays; example:
+    `"cannot use insert() with string"`
+    @throw invalid_iterator.202 if @a pos is not an iterator of *this;
+    example: `"iterator does not fit current value"`
+
+    @complexity Linear in @a cnt plus linear in the distance between @a pos
+    and end of the container.
+
+    @liveexample{The example shows how `insert()` is used.,insert__count}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, size_type cnt, const basic_json& val)
+    {
+        // insert only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            // check if iterator pos fits to this JSON value
+            if (JSON_UNLIKELY(pos.m_object != this))
+            {
+                JSON_THROW(invalid_iterator::create(202, "iterator does not fit current value"));
+            }
+
+            // insert to array and return iterator
+            return insert_iterator(pos, cnt, val);
+        }
+
+        JSON_THROW(type_error::create(309, "cannot use insert() with " + std::string(type_name())));
+    }
+
+    /*!
+    @brief inserts elements
+
+    Inserts elements from range `[first, last)` before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] first begin of the range of elements to insert
+    @param[in] last end of the range of elements to insert
+
+    @throw type_error.309 if called on JSON values other than arrays; example:
+    `"cannot use insert() with string"`
+    @throw invalid_iterator.202 if @a pos is not an iterator of *this;
+    example: `"iterator does not fit current value"`
+    @throw invalid_iterator.210 if @a first and @a last do not belong to the
+    same JSON value; example: `"iterators do not fit"`
+    @throw invalid_iterator.211 if @a first or @a last are iterators into
+    container for which insert is called; example: `"passed iterators may not
+    belong to container"`
+
+    @return iterator pointing to the first element inserted, or @a pos if
+    `first==last`
+
+    @complexity Linear in `std::distance(first, last)` plus linear in the
+    distance between @a pos and end of the container.
+
+    @liveexample{The example shows how `insert()` is used.,insert__range}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, const_iterator first, const_iterator last)
+    {
+        // insert only works for arrays
+        if (JSON_UNLIKELY(not is_array()))
+        {
+            JSON_THROW(type_error::create(309, "cannot use insert() with " + std::string(type_name())));
+        }
+
+        // check if iterator pos fits to this JSON value
+        if (JSON_UNLIKELY(pos.m_object != this))
+        {
+            JSON_THROW(invalid_iterator::create(202, "iterator does not fit current value"));
+        }
+
+        // check if range iterators belong to the same JSON object
+        if (JSON_UNLIKELY(first.m_object != last.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(210, "iterators do not fit"));
+        }
+
+        if (JSON_UNLIKELY(first.m_object == this))
+        {
+            JSON_THROW(invalid_iterator::create(211, "passed iterators may not belong to container"));
+        }
+
+        // insert to array and return iterator
+        return insert_iterator(pos, first.m_it.array_iterator, last.m_it.array_iterator);
+    }
+
+    /*!
+    @brief inserts elements
+
+    Inserts elements from initializer list @a ilist before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] ilist initializer list to insert the values from
+
+    @throw type_error.309 if called on JSON values other than arrays; example:
+    `"cannot use insert() with string"`
+    @throw invalid_iterator.202 if @a pos is not an iterator of *this;
+    example: `"iterator does not fit current value"`
+
+    @return iterator pointing to the first element inserted, or @a pos if
+    `ilist` is empty
+
+    @complexity Linear in `ilist.size()` plus linear in the distance between
+    @a pos and end of the container.
+
+    @liveexample{The example shows how `insert()` is used.,insert__ilist}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, initializer_list_t ilist)
+    {
+        // insert only works for arrays
+        if (JSON_UNLIKELY(not is_array()))
+        {
+            JSON_THROW(type_error::create(309, "cannot use insert() with " + std::string(type_name())));
+        }
+
+        // check if iterator pos fits to this JSON value
+        if (JSON_UNLIKELY(pos.m_object != this))
+        {
+            JSON_THROW(invalid_iterator::create(202, "iterator does not fit current value"));
+        }
+
+        // insert to array and return iterator
+        return insert_iterator(pos, ilist.begin(), ilist.end());
+    }
+
+    /*!
+    @brief inserts elements
+
+    Inserts elements from range `[first, last)`.
+
+    @param[in] first begin of the range of elements to insert
+    @param[in] last end of the range of elements to insert
+
+    @throw type_error.309 if called on JSON values other than objects; example:
+    `"cannot use insert() with string"`
+    @throw invalid_iterator.202 if iterator @a first or @a last does does not
+    point to an object; example: `"iterators first and last must point to
+    objects"`
+    @throw invalid_iterator.210 if @a first and @a last do not belong to the
+    same JSON value; example: `"iterators do not fit"`
+
+    @complexity Logarithmic: `O(N*log(size() + N))`, where `N` is the number
+    of elements to insert.
+
+    @liveexample{The example shows how `insert()` is used.,insert__range_object}
+
+    @since version 3.0.0
+    */
+    void insert(const_iterator first, const_iterator last)
+    {
+        // insert only works for objects
+        if (JSON_UNLIKELY(not is_object()))
+        {
+            JSON_THROW(type_error::create(309, "cannot use insert() with " + std::string(type_name())));
+        }
+
+        // check if range iterators belong to the same JSON object
+        if (JSON_UNLIKELY(first.m_object != last.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(210, "iterators do not fit"));
+        }
+
+        // passed iterators must belong to objects
+        if (JSON_UNLIKELY(not first.m_object->is_object()))
+        {
+            JSON_THROW(invalid_iterator::create(202, "iterators first and last must point to objects"));
+        }
+
+        m_value.object->insert(first.m_it.object_iterator, last.m_it.object_iterator);
+    }
+
+    /*!
+    @brief updates a JSON object from another object, overwriting existing keys
+
+    Inserts all values from JSON object @a j and overwrites existing keys.
+
+    @param[in] j  JSON object to read values from
+
+    @throw type_error.312 if called on JSON values other than objects; example:
+    `"cannot use update() with string"`
+
+    @complexity O(N*log(size() + N)), where N is the number of elements to
+                insert.
+
+    @liveexample{The example shows how `update()` is used.,update}
+
+    @sa https://docs.python.org/3.6/library/stdtypes.html#dict.update
+
+    @since version 3.0.0
+    */
+    void update(const_reference j)
+    {
+        // implicitly convert null value to an empty object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value.object = create<object_t>();
+            assert_invariant();
+        }
+
+        if (JSON_UNLIKELY(not is_object()))
+        {
+            JSON_THROW(type_error::create(312, "cannot use update() with " + std::string(type_name())));
+        }
+        if (JSON_UNLIKELY(not j.is_object()))
+        {
+            JSON_THROW(type_error::create(312, "cannot use update() with " + std::string(j.type_name())));
+        }
+
+        for (auto it = j.cbegin(); it != j.cend(); ++it)
+        {
+            m_value.object->operator[](it.key()) = it.value();
+        }
+    }
+
+    /*!
+    @brief updates a JSON object from another object, overwriting existing keys
+
+    Inserts all values from from range `[first, last)` and overwrites existing
+    keys.
+
+    @param[in] first begin of the range of elements to insert
+    @param[in] last end of the range of elements to insert
+
+    @throw type_error.312 if called on JSON values other than objects; example:
+    `"cannot use update() with string"`
+    @throw invalid_iterator.202 if iterator @a first or @a last does does not
+    point to an object; example: `"iterators first and last must point to
+    objects"`
+    @throw invalid_iterator.210 if @a first and @a last do not belong to the
+    same JSON value; example: `"iterators do not fit"`
+
+    @complexity O(N*log(size() + N)), where N is the number of elements to
+                insert.
+
+    @liveexample{The example shows how `update()` is used__range.,update}
+
+    @sa https://docs.python.org/3.6/library/stdtypes.html#dict.update
+
+    @since version 3.0.0
+    */
+    void update(const_iterator first, const_iterator last)
+    {
+        // implicitly convert null value to an empty object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value.object = create<object_t>();
+            assert_invariant();
+        }
+
+        if (JSON_UNLIKELY(not is_object()))
+        {
+            JSON_THROW(type_error::create(312, "cannot use update() with " + std::string(type_name())));
+        }
+
+        // check if range iterators belong to the same JSON object
+        if (JSON_UNLIKELY(first.m_object != last.m_object))
+        {
+            JSON_THROW(invalid_iterator::create(210, "iterators do not fit"));
+        }
+
+        // passed iterators must belong to objects
+        if (JSON_UNLIKELY(not first.m_object->is_object()
+                          or not last.m_object->is_object()))
+        {
+            JSON_THROW(invalid_iterator::create(202, "iterators first and last must point to objects"));
+        }
+
+        for (auto it = first; it != last; ++it)
+        {
+            m_value.object->operator[](it.key()) = it.value();
+        }
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of the JSON value with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other JSON value to exchange the contents with
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how JSON values can be swapped with
+    `swap()`.,swap__reference}
+
+    @since version 1.0.0
+    */
+    void swap(reference other) noexcept (
+        std::is_nothrow_move_constructible<value_t>::value and
+        std::is_nothrow_move_assignable<value_t>::value and
+        std::is_nothrow_move_constructible<json_value>::value and
+        std::is_nothrow_move_assignable<json_value>::value
+    )
+    {
+        std::swap(m_type, other.m_type);
+        std::swap(m_value, other.m_value);
+        assert_invariant();
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of a JSON array with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other array to exchange the contents with
+
+    @throw type_error.310 when JSON value is not an array; example: `"cannot
+    use swap() with string"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how arrays can be swapped with
+    `swap()`.,swap__array_t}
+
+    @since version 1.0.0
+    */
+    void swap(array_t& other)
+    {
+        // swap only works for arrays
+        if (JSON_LIKELY(is_array()))
+        {
+            std::swap(*(m_value.array), other);
+        }
+        else
+        {
+            JSON_THROW(type_error::create(310, "cannot use swap() with " + std::string(type_name())));
+        }
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of a JSON object with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other object to exchange the contents with
+
+    @throw type_error.310 when JSON value is not an object; example:
+    `"cannot use swap() with string"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how objects can be swapped with
+    `swap()`.,swap__object_t}
+
+    @since version 1.0.0
+    */
+    void swap(object_t& other)
+    {
+        // swap only works for objects
+        if (JSON_LIKELY(is_object()))
+        {
+            std::swap(*(m_value.object), other);
+        }
+        else
+        {
+            JSON_THROW(type_error::create(310, "cannot use swap() with " + std::string(type_name())));
+        }
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of a JSON string with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other string to exchange the contents with
+
+    @throw type_error.310 when JSON value is not a string; example: `"cannot
+    use swap() with boolean"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how strings can be swapped with
+    `swap()`.,swap__string_t}
+
+    @since version 1.0.0
+    */
+    void swap(string_t& other)
+    {
+        // swap only works for strings
+        if (JSON_LIKELY(is_string()))
+        {
+            std::swap(*(m_value.string), other);
+        }
+        else
+        {
+            JSON_THROW(type_error::create(310, "cannot use swap() with " + std::string(type_name())));
+        }
+    }
+
+    /// @}
+
+  public:
+    //////////////////////////////////////////
+    // lexicographical comparison operators //
+    //////////////////////////////////////////
+
+    /// @name lexicographical comparison operators
+    /// @{
+
+    /*!
+    @brief comparison: equal
+
+    Compares two JSON values for equality according to the following rules:
+    - Two JSON values are equal if (1) they are from the same type and (2)
+      their stored values are the same according to their respective
+      `operator==`.
+    - Integer and floating-point numbers are automatically converted before
+      comparison. Note than two NaN values are always treated as unequal.
+    - Two JSON null values are equal.
+
+    @note Floating-point inside JSON values numbers are compared with
+    `json::number_float_t::operator==` which is `double::operator==` by
+    default. To compare floating-point while respecting an epsilon, an alternative
+    [comparison function](https://github.com/mariokonrad/marnav/blob/master/src/marnav/math/floatingpoint.hpp#L34-#L39)
+    could be used, for instance
+    @code {.cpp}
+    template<typename T, typename = typename std::enable_if<std::is_floating_point<T>::value, T>::type>
+    inline bool is_same(T a, T b, T epsilon = std::numeric_limits<T>::epsilon()) noexcept
+    {
+        return std::abs(a - b) <= epsilon;
+    }
+    @endcode
+
+    @note NaN values never compare equal to themselves or to other NaN values.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether the values @a lhs and @a rhs are equal
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @complexity Linear.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__equal}
+
+    @since version 1.0.0
+    */
+    friend bool operator==(const_reference lhs, const_reference rhs) noexcept
+    {
+        const auto lhs_type = lhs.type();
+        const auto rhs_type = rhs.type();
+
+        if (lhs_type == rhs_type)
+        {
+            switch (lhs_type)
+            {
+                case value_t::array:
+                    return (*lhs.m_value.array == *rhs.m_value.array);
+
+                case value_t::object:
+                    return (*lhs.m_value.object == *rhs.m_value.object);
+
+                case value_t::null:
+                    return true;
+
+                case value_t::string:
+                    return (*lhs.m_value.string == *rhs.m_value.string);
+
+                case value_t::boolean:
+                    return (lhs.m_value.boolean == rhs.m_value.boolean);
+
+                case value_t::number_integer:
+                    return (lhs.m_value.number_integer == rhs.m_value.number_integer);
+
+                case value_t::number_unsigned:
+                    return (lhs.m_value.number_unsigned == rhs.m_value.number_unsigned);
+
+                case value_t::number_float:
+                    return (lhs.m_value.number_float == rhs.m_value.number_float);
+
+                default:
+                    return false;
+            }
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_float)
+        {
+            return (static_cast<number_float_t>(lhs.m_value.number_integer) == rhs.m_value.number_float);
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_integer)
+        {
+            return (lhs.m_value.number_float == static_cast<number_float_t>(rhs.m_value.number_integer));
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_float)
+        {
+            return (static_cast<number_float_t>(lhs.m_value.number_unsigned) == rhs.m_value.number_float);
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_unsigned)
+        {
+            return (lhs.m_value.number_float == static_cast<number_float_t>(rhs.m_value.number_unsigned));
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_integer)
+        {
+            return (static_cast<number_integer_t>(lhs.m_value.number_unsigned) == rhs.m_value.number_integer);
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_unsigned)
+        {
+            return (lhs.m_value.number_integer == static_cast<number_integer_t>(rhs.m_value.number_unsigned));
+        }
+
+        return false;
+    }
+
+    /*!
+    @brief comparison: equal
+    @copydoc operator==(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator==(const_reference lhs, const ScalarType rhs) noexcept
+    {
+        return (lhs == basic_json(rhs));
+    }
+
+    /*!
+    @brief comparison: equal
+    @copydoc operator==(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator==(const ScalarType lhs, const_reference rhs) noexcept
+    {
+        return (basic_json(lhs) == rhs);
+    }
+
+    /*!
+    @brief comparison: not equal
+
+    Compares two JSON values for inequality by calculating `not (lhs == rhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether the values @a lhs and @a rhs are not equal
+
+    @complexity Linear.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__notequal}
+
+    @since version 1.0.0
+    */
+    friend bool operator!=(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (lhs == rhs);
+    }
+
+    /*!
+    @brief comparison: not equal
+    @copydoc operator!=(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator!=(const_reference lhs, const ScalarType rhs) noexcept
+    {
+        return (lhs != basic_json(rhs));
+    }
+
+    /*!
+    @brief comparison: not equal
+    @copydoc operator!=(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator!=(const ScalarType lhs, const_reference rhs) noexcept
+    {
+        return (basic_json(lhs) != rhs);
+    }
+
+    /*!
+    @brief comparison: less than
+
+    Compares whether one JSON value @a lhs is less than another JSON value @a
+    rhs according to the following rules:
+    - If @a lhs and @a rhs have the same type, the values are compared using
+      the default `<` operator.
+    - Integer and floating-point numbers are automatically converted before
+      comparison
+    - In case @a lhs and @a rhs have different types, the values are ignored
+      and the order of the types is considered, see
+      @ref operator<(const value_t, const value_t).
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is less than @a rhs
+
+    @complexity Linear.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__less}
+
+    @since version 1.0.0
+    */
+    friend bool operator<(const_reference lhs, const_reference rhs) noexcept
+    {
+        const auto lhs_type = lhs.type();
+        const auto rhs_type = rhs.type();
+
+        if (lhs_type == rhs_type)
+        {
+            switch (lhs_type)
+            {
+                case value_t::array:
+                    return (*lhs.m_value.array) < (*rhs.m_value.array);
+
+                case value_t::object:
+                    return *lhs.m_value.object < *rhs.m_value.object;
+
+                case value_t::null:
+                    return false;
+
+                case value_t::string:
+                    return *lhs.m_value.string < *rhs.m_value.string;
+
+                case value_t::boolean:
+                    return lhs.m_value.boolean < rhs.m_value.boolean;
+
+                case value_t::number_integer:
+                    return lhs.m_value.number_integer < rhs.m_value.number_integer;
+
+                case value_t::number_unsigned:
+                    return lhs.m_value.number_unsigned < rhs.m_value.number_unsigned;
+
+                case value_t::number_float:
+                    return lhs.m_value.number_float < rhs.m_value.number_float;
+
+                default:
+                    return false;
+            }
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_float)
+        {
+            return static_cast<number_float_t>(lhs.m_value.number_integer) < rhs.m_value.number_float;
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_integer)
+        {
+            return lhs.m_value.number_float < static_cast<number_float_t>(rhs.m_value.number_integer);
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_float)
+        {
+            return static_cast<number_float_t>(lhs.m_value.number_unsigned) < rhs.m_value.number_float;
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_unsigned)
+        {
+            return lhs.m_value.number_float < static_cast<number_float_t>(rhs.m_value.number_unsigned);
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_unsigned)
+        {
+            return lhs.m_value.number_integer < static_cast<number_integer_t>(rhs.m_value.number_unsigned);
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_integer)
+        {
+            return static_cast<number_integer_t>(lhs.m_value.number_unsigned) < rhs.m_value.number_integer;
+        }
+
+        // We only reach this line if we cannot compare values. In that case,
+        // we compare types. Note we have to call the operator explicitly,
+        // because MSVC has problems otherwise.
+        return operator<(lhs_type, rhs_type);
+    }
+
+    /*!
+    @brief comparison: less than
+    @copydoc operator<(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator<(const_reference lhs, const ScalarType rhs) noexcept
+    {
+        return (lhs < basic_json(rhs));
+    }
+
+    /*!
+    @brief comparison: less than
+    @copydoc operator<(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator<(const ScalarType lhs, const_reference rhs) noexcept
+    {
+        return (basic_json(lhs) < rhs);
+    }
+
+    /*!
+    @brief comparison: less than or equal
+
+    Compares whether one JSON value @a lhs is less than or equal to another
+    JSON value by calculating `not (rhs < lhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is less than or equal to @a rhs
+
+    @complexity Linear.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__greater}
+
+    @since version 1.0.0
+    */
+    friend bool operator<=(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (rhs < lhs);
+    }
+
+    /*!
+    @brief comparison: less than or equal
+    @copydoc operator<=(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator<=(const_reference lhs, const ScalarType rhs) noexcept
+    {
+        return (lhs <= basic_json(rhs));
+    }
+
+    /*!
+    @brief comparison: less than or equal
+    @copydoc operator<=(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator<=(const ScalarType lhs, const_reference rhs) noexcept
+    {
+        return (basic_json(lhs) <= rhs);
+    }
+
+    /*!
+    @brief comparison: greater than
+
+    Compares whether one JSON value @a lhs is greater than another
+    JSON value by calculating `not (lhs <= rhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is greater than to @a rhs
+
+    @complexity Linear.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__lessequal}
+
+    @since version 1.0.0
+    */
+    friend bool operator>(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (lhs <= rhs);
+    }
+
+    /*!
+    @brief comparison: greater than
+    @copydoc operator>(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator>(const_reference lhs, const ScalarType rhs) noexcept
+    {
+        return (lhs > basic_json(rhs));
+    }
+
+    /*!
+    @brief comparison: greater than
+    @copydoc operator>(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator>(const ScalarType lhs, const_reference rhs) noexcept
+    {
+        return (basic_json(lhs) > rhs);
+    }
+
+    /*!
+    @brief comparison: greater than or equal
+
+    Compares whether one JSON value @a lhs is greater than or equal to another
+    JSON value by calculating `not (lhs < rhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is greater than or equal to @a rhs
+
+    @complexity Linear.
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__greaterequal}
+
+    @since version 1.0.0
+    */
+    friend bool operator>=(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (lhs < rhs);
+    }
+
+    /*!
+    @brief comparison: greater than or equal
+    @copydoc operator>=(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator>=(const_reference lhs, const ScalarType rhs) noexcept
+    {
+        return (lhs >= basic_json(rhs));
+    }
+
+    /*!
+    @brief comparison: greater than or equal
+    @copydoc operator>=(const_reference, const_reference)
+    */
+    template<typename ScalarType, typename std::enable_if<
+                 std::is_scalar<ScalarType>::value, int>::type = 0>
+    friend bool operator>=(const ScalarType lhs, const_reference rhs) noexcept
+    {
+        return (basic_json(lhs) >= rhs);
+    }
+
+    /// @}
+
+    ///////////////////
+    // serialization //
+    ///////////////////
+
+    /// @name serialization
+    /// @{
+
+    /*!
+    @brief serialize to stream
+
+    Serialize the given JSON value @a j to the output stream @a o. The JSON
+    value will be serialized using the @ref dump member function.
+
+    - The indentation of the output can be controlled with the member variable
+      `width` of the output stream @a o. For instance, using the manipulator
+      `std::setw(4)` on @a o sets the indentation level to `4` and the
+      serialization result is the same as calling `dump(4)`.
+
+    - The indentation character can be controlled with the member variable
+      `fill` of the output stream @a o. For instance, the manipulator
+      `std::setfill('\\t')` sets indentation to use a tab character rather than
+      the default space character.
+
+    @param[in,out] o  stream to serialize to
+    @param[in] j  JSON value to serialize
+
+    @return the stream @a o
+
+    @throw type_error.316 if a string stored inside the JSON value is not
+                          UTF-8 encoded
+
+    @complexity Linear.
+
+    @liveexample{The example below shows the serialization with different
+    parameters to `width` to adjust the indentation level.,operator_serialize}
+
+    @since version 1.0.0; indentation character added in version 3.0.0
+    */
+    friend std::ostream& operator<<(std::ostream& o, const basic_json& j)
+    {
+        // read width member and use it as indentation parameter if nonzero
+        const bool pretty_print = (o.width() > 0);
+        const auto indentation = (pretty_print ? o.width() : 0);
+
+        // reset width to 0 for subsequent calls to this stream
+        o.width(0);
+
+        // do the actual serialization
+        serializer s(detail::output_adapter<char>(o), o.fill());
+        s.dump(j, pretty_print, false, static_cast<unsigned int>(indentation));
+        return o;
+    }
+
+    /*!
+    @brief serialize to stream
+    @deprecated This stream operator is deprecated and will be removed in
+                future 4.0.0 of the library. Please use
+                @ref operator<<(std::ostream&, const basic_json&)
+                instead; that is, replace calls like `j >> o;` with `o << j;`.
+    @since version 1.0.0; deprecated since version 3.0.0
+    */
+    JSON_DEPRECATED
+    friend std::ostream& operator>>(const basic_json& j, std::ostream& o)
+    {
+        return o << j;
+    }
+
+    /// @}
+
+
+    /////////////////////
+    // deserialization //
+    /////////////////////
+
+    /// @name deserialization
+    /// @{
+
+    /*!
+    @brief deserialize from a compatible input
+
+    This function reads from a compatible input. Examples are:
+    - an array of 1-byte values
+    - strings with character/literal type with size of 1 byte
+    - input streams
+    - container with contiguous storage of 1-byte values. Compatible container
+      types include `std::vector`, `std::string`, `std::array`,
+      `std::valarray`, and `std::initializer_list`. Furthermore, C-style
+      arrays can be used with `std::begin()`/`std::end()`. User-defined
+      containers can be used as long as they implement random-access iterators
+      and a contiguous storage.
+
+    @pre Each element of the container has a size of 1 byte. Violating this
+    precondition yields undefined behavior. **This precondition is enforced
+    with a static assertion.**
+
+    @pre The container storage is contiguous. Violating this precondition
+    yields undefined behavior. **This precondition is enforced with an
+    assertion.**
+    @pre Each element of the container has a size of 1 byte. Violating this
+    precondition yields undefined behavior. **This precondition is enforced
+    with a static assertion.**
+
+    @warning There is no way to enforce all preconditions at compile-time. If
+             the function is called with a noncompliant container and with
+             assertions switched off, the behavior is undefined and will most
+             likely yield segmentation violation.
+
+    @param[in] i  input to read from
+    @param[in] cb  a parser callback function of type @ref parser_callback_t
+    which is used to control the deserialization by filtering unwanted values
+    (optional)
+    @param[in] allow_exceptions  whether to throw exceptions in case of a
+    parse error (optional, true by default)
+
+    @return result of the deserialization
+
+    @throw parse_error.101 if a parse error occurs; example: `""unexpected end
+    of input; expected string literal""`
+    @throw parse_error.102 if to_unicode fails or surrogate error
+    @throw parse_error.103 if to_unicode fails
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser. The complexity can be higher if the parser callback function
+    @a cb has a super-linear complexity.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below demonstrates the `parse()` function reading
+    from an array.,parse__array__parser_callback_t}
+
+    @liveexample{The example below demonstrates the `parse()` function with
+    and without callback function.,parse__string__parser_callback_t}
+
+    @liveexample{The example below demonstrates the `parse()` function with
+    and without callback function.,parse__istream__parser_callback_t}
+
+    @liveexample{The example below demonstrates the `parse()` function reading
+    from a contiguous container.,parse__contiguouscontainer__parser_callback_t}
+
+    @since version 2.0.3 (contiguous containers)
+    */
+    static basic_json parse(detail::input_adapter&& i,
+                            const parser_callback_t cb = nullptr,
+                            const bool allow_exceptions = true)
+    {
+        basic_json result;
+        parser(i, cb, allow_exceptions).parse(true, result);
+        return result;
+    }
+
+    static bool accept(detail::input_adapter&& i)
+    {
+        return parser(i).accept(true);
+    }
+
+    /*!
+    @brief generate SAX events
+
+    The SAX event lister must follow the interface of @ref json_sax.
+
+    This function reads from a compatible input. Examples are:
+    - an array of 1-byte values
+    - strings with character/literal type with size of 1 byte
+    - input streams
+    - container with contiguous storage of 1-byte values. Compatible container
+      types include `std::vector`, `std::string`, `std::array`,
+      `std::valarray`, and `std::initializer_list`. Furthermore, C-style
+      arrays can be used with `std::begin()`/`std::end()`. User-defined
+      containers can be used as long as they implement random-access iterators
+      and a contiguous storage.
+
+    @pre Each element of the container has a size of 1 byte. Violating this
+    precondition yields undefined behavior. **This precondition is enforced
+    with a static assertion.**
+
+    @pre The container storage is contiguous. Violating this precondition
+    yields undefined behavior. **This precondition is enforced with an
+    assertion.**
+    @pre Each element of the container has a size of 1 byte. Violating this
+    precondition yields undefined behavior. **This precondition is enforced
+    with a static assertion.**
+
+    @warning There is no way to enforce all preconditions at compile-time. If
+             the function is called with a noncompliant container and with
+             assertions switched off, the behavior is undefined and will most
+             likely yield segmentation violation.
+
+    @param[in] i  input to read from
+    @param[in,out] sax  SAX event listener
+    @param[in] format  the format to parse (JSON, CBOR, MessagePack, or UBJSON)
+    @param[in] strict  whether the input has to be consumed completely
+
+    @return return value of the last processed SAX event
+
+    @throw parse_error.101 if a parse error occurs; example: `""unexpected end
+    of input; expected string literal""`
+    @throw parse_error.102 if to_unicode fails or surrogate error
+    @throw parse_error.103 if to_unicode fails
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser. The complexity can be higher if the SAX consumer @a sax has
+    a super-linear complexity.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below demonstrates the `sax_parse()` function
+    reading from string and processing the events with a user-defined SAX
+    event consumer.,sax_parse}
+
+    @since version 3.2.0
+    */
+    template <typename SAX>
+    static bool sax_parse(detail::input_adapter&& i, SAX* sax,
+                          input_format_t format = input_format_t::json,
+                          const bool strict = true)
+    {
+        assert(sax);
+        switch (format)
+        {
+            case input_format_t::json:
+                return parser(std::move(i)).sax_parse(sax, strict);
+            default:
+                return detail::binary_reader<basic_json, SAX>(std::move(i)).sax_parse(format, sax, strict);
+        }
+    }
+
+    /*!
+    @brief deserialize from an iterator range with contiguous storage
+
+    This function reads from an iterator range of a container with contiguous
+    storage of 1-byte values. Compatible container types include
+    `std::vector`, `std::string`, `std::array`, `std::valarray`, and
+    `std::initializer_list`. Furthermore, C-style arrays can be used with
+    `std::begin()`/`std::end()`. User-defined containers can be used as long
+    as they implement random-access iterators and a contiguous storage.
+
+    @pre The iterator range is contiguous. Violating this precondition yields
+    undefined behavior. **This precondition is enforced with an assertion.**
+    @pre Each element in the range has a size of 1 byte. Violating this
+    precondition yields undefined behavior. **This precondition is enforced
+    with a static assertion.**
+
+    @warning There is no way to enforce all preconditions at compile-time. If
+             the function is called with noncompliant iterators and with
+             assertions switched off, the behavior is undefined and will most
+             likely yield segmentation violation.
+
+    @tparam IteratorType iterator of container with contiguous storage
+    @param[in] first  begin of the range to parse (included)
+    @param[in] last  end of the range to parse (excluded)
+    @param[in] cb  a parser callback function of type @ref parser_callback_t
+    which is used to control the deserialization by filtering unwanted values
+    (optional)
+    @param[in] allow_exceptions  whether to throw exceptions in case of a
+    parse error (optional, true by default)
+
+    @return result of the deserialization
+
+    @throw parse_error.101 in case of an unexpected token
+    @throw parse_error.102 if to_unicode fails or surrogate error
+    @throw parse_error.103 if to_unicode fails
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser. The complexity can be higher if the parser callback function
+    @a cb has a super-linear complexity.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below demonstrates the `parse()` function reading
+    from an iterator range.,parse__iteratortype__parser_callback_t}
+
+    @since version 2.0.3
+    */
+    template<class IteratorType, typename std::enable_if<
+                 std::is_base_of<
+                     std::random_access_iterator_tag,
+                     typename std::iterator_traits<IteratorType>::iterator_category>::value, int>::type = 0>
+    static basic_json parse(IteratorType first, IteratorType last,
+                            const parser_callback_t cb = nullptr,
+                            const bool allow_exceptions = true)
+    {
+        basic_json result;
+        parser(detail::input_adapter(first, last), cb, allow_exceptions).parse(true, result);
+        return result;
+    }
+
+    template<class IteratorType, typename std::enable_if<
+                 std::is_base_of<
+                     std::random_access_iterator_tag,
+                     typename std::iterator_traits<IteratorType>::iterator_category>::value, int>::type = 0>
+    static bool accept(IteratorType first, IteratorType last)
+    {
+        return parser(detail::input_adapter(first, last)).accept(true);
+    }
+
+    template<class IteratorType, class SAX, typename std::enable_if<
+                 std::is_base_of<
+                     std::random_access_iterator_tag,
+                     typename std::iterator_traits<IteratorType>::iterator_category>::value, int>::type = 0>
+    static bool sax_parse(IteratorType first, IteratorType last, SAX* sax)
+    {
+        return parser(detail::input_adapter(first, last)).sax_parse(sax);
+    }
+
+    /*!
+    @brief deserialize from stream
+    @deprecated This stream operator is deprecated and will be removed in
+                version 4.0.0 of the library. Please use
+                @ref operator>>(std::istream&, basic_json&)
+                instead; that is, replace calls like `j << i;` with `i >> j;`.
+    @since version 1.0.0; deprecated since version 3.0.0
+    */
+    JSON_DEPRECATED
+    friend std::istream& operator<<(basic_json& j, std::istream& i)
+    {
+        return operator>>(i, j);
+    }
+
+    /*!
+    @brief deserialize from stream
+
+    Deserializes an input stream to a JSON value.
+
+    @param[in,out] i  input stream to read a serialized JSON value from
+    @param[in,out] j  JSON value to write the deserialized input to
+
+    @throw parse_error.101 in case of an unexpected token
+    @throw parse_error.102 if to_unicode fails or surrogate error
+    @throw parse_error.103 if to_unicode fails
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below shows how a JSON value is constructed by
+    reading a serialization from a stream.,operator_deserialize}
+
+    @sa parse(std::istream&, const parser_callback_t) for a variant with a
+    parser callback function to filter values while parsing
+
+    @since version 1.0.0
+    */
+    friend std::istream& operator>>(std::istream& i, basic_json& j)
+    {
+        parser(detail::input_adapter(i)).parse(false, j);
+        return i;
+    }
+
+    /// @}
+
+    ///////////////////////////
+    // convenience functions //
+    ///////////////////////////
+
+    /*!
+    @brief return the type as string
+
+    Returns the type name as string to be used in error messages - usually to
+    indicate that a function was called on a wrong JSON type.
+
+    @return a string representation of a the @a m_type member:
+            Value type  | return value
+            ----------- | -------------
+            null        | `"null"`
+            boolean     | `"boolean"`
+            string      | `"string"`
+            number      | `"number"` (for all number types)
+            object      | `"object"`
+            array       | `"array"`
+            discarded   | `"discarded"`
+
+    @exceptionsafety No-throw guarantee: this function never throws exceptions.
+
+    @complexity Constant.
+
+    @liveexample{The following code exemplifies `type_name()` for all JSON
+    types.,type_name}
+
+    @sa @ref type() -- return the type of the JSON value
+    @sa @ref operator value_t() -- return the type of the JSON value (implicit)
+
+    @since version 1.0.0, public since 2.1.0, `const char*` and `noexcept`
+    since 3.0.0
+    */
+    const char* type_name() const noexcept
+    {
+        {
+            switch (m_type)
+            {
+                case value_t::null:
+                    return "null";
+                case value_t::object:
+                    return "object";
+                case value_t::array:
+                    return "array";
+                case value_t::string:
+                    return "string";
+                case value_t::boolean:
+                    return "boolean";
+                case value_t::discarded:
+                    return "discarded";
+                default:
+                    return "number";
+            }
+        }
+    }
+
+
+  private:
+    //////////////////////
+    // member variables //
+    //////////////////////
+
+    /// the type of the current element
+    value_t m_type = value_t::null;
+
+    /// the value of the current element
+    json_value m_value = {};
+
+    //////////////////////////////////////////
+    // binary serialization/deserialization //
+    //////////////////////////////////////////
+
+    /// @name binary serialization/deserialization support
+    /// @{
+
+  public:
+    /*!
+    @brief create a CBOR serialization of a given JSON value
+
+    Serializes a given JSON value @a j to a byte vector using the CBOR (Concise
+    Binary Object Representation) serialization format. CBOR is a binary
+    serialization format which aims to be more compact than JSON itself, yet
+    more efficient to parse.
+
+    The library uses the following mapping from JSON values types to
+    CBOR types according to the CBOR specification (RFC 7049):
+
+    JSON value type | value/range                                | CBOR type                          | first byte
+    --------------- | ------------------------------------------ | ---------------------------------- | ---------------
+    null            | `null`                                     | Null                               | 0xF6
+    boolean         | `true`                                     | True                               | 0xF5
+    boolean         | `false`                                    | False                              | 0xF4
+    number_integer  | -9223372036854775808..-2147483649          | Negative integer (8 bytes follow)  | 0x3B
+    number_integer  | -2147483648..-32769                        | Negative integer (4 bytes follow)  | 0x3A
+    number_integer  | -32768..-129                               | Negative integer (2 bytes follow)  | 0x39
+    number_integer  | -128..-25                                  | Negative integer (1 byte follow)   | 0x38
+    number_integer  | -24..-1                                    | Negative integer                   | 0x20..0x37
+    number_integer  | 0..23                                      | Integer                            | 0x00..0x17
+    number_integer  | 24..255                                    | Unsigned integer (1 byte follow)   | 0x18
+    number_integer  | 256..65535                                 | Unsigned integer (2 bytes follow)  | 0x19
+    number_integer  | 65536..4294967295                          | Unsigned integer (4 bytes follow)  | 0x1A
+    number_integer  | 4294967296..18446744073709551615           | Unsigned integer (8 bytes follow)  | 0x1B
+    number_unsigned | 0..23                                      | Integer                            | 0x00..0x17
+    number_unsigned | 24..255                                    | Unsigned integer (1 byte follow)   | 0x18
+    number_unsigned | 256..65535                                 | Unsigned integer (2 bytes follow)  | 0x19
+    number_unsigned | 65536..4294967295                          | Unsigned integer (4 bytes follow)  | 0x1A
+    number_unsigned | 4294967296..18446744073709551615           | Unsigned integer (8 bytes follow)  | 0x1B
+    number_float    | *any value*                                | Double-Precision Float             | 0xFB
+    string          | *length*: 0..23                            | UTF-8 string                       | 0x60..0x77
+    string          | *length*: 23..255                          | UTF-8 string (1 byte follow)       | 0x78
+    string          | *length*: 256..65535                       | UTF-8 string (2 bytes follow)      | 0x79
+    string          | *length*: 65536..4294967295                | UTF-8 string (4 bytes follow)      | 0x7A
+    string          | *length*: 4294967296..18446744073709551615 | UTF-8 string (8 bytes follow)      | 0x7B
+    array           | *size*: 0..23                              | array                              | 0x80..0x97
+    array           | *size*: 23..255                            | array (1 byte follow)              | 0x98
+    array           | *size*: 256..65535                         | array (2 bytes follow)             | 0x99
+    array           | *size*: 65536..4294967295                  | array (4 bytes follow)             | 0x9A
+    array           | *size*: 4294967296..18446744073709551615   | array (8 bytes follow)             | 0x9B
+    object          | *size*: 0..23                              | map                                | 0xA0..0xB7
+    object          | *size*: 23..255                            | map (1 byte follow)                | 0xB8
+    object          | *size*: 256..65535                         | map (2 bytes follow)               | 0xB9
+    object          | *size*: 65536..4294967295                  | map (4 bytes follow)               | 0xBA
+    object          | *size*: 4294967296..18446744073709551615   | map (8 bytes follow)               | 0xBB
+
+    @note The mapping is **complete** in the sense that any JSON value type
+          can be converted to a CBOR value.
+
+    @note If NaN or Infinity are stored inside a JSON number, they are
+          serialized properly. This behavior differs from the @ref dump()
+          function which serializes NaN or Infinity to `null`.
+
+    @note The following CBOR types are not used in the conversion:
+          - byte strings (0x40..0x5F)
+          - UTF-8 strings terminated by "break" (0x7F)
+          - arrays terminated by "break" (0x9F)
+          - maps terminated by "break" (0xBF)
+          - date/time (0xC0..0xC1)
+          - bignum (0xC2..0xC3)
+          - decimal fraction (0xC4)
+          - bigfloat (0xC5)
+          - tagged items (0xC6..0xD4, 0xD8..0xDB)
+          - expected conversions (0xD5..0xD7)
+          - simple values (0xE0..0xF3, 0xF8)
+          - undefined (0xF7)
+          - half and single-precision floats (0xF9-0xFA)
+          - break (0xFF)
+
+    @param[in] j  JSON value to serialize
+    @return MessagePack serialization as byte vector
+
+    @complexity Linear in the size of the JSON value @a j.
+
+    @liveexample{The example shows the serialization of a JSON value to a byte
+    vector in CBOR format.,to_cbor}
+
+    @sa http://cbor.io
+    @sa @ref from_cbor(detail::input_adapter&&, const bool, const bool) for the
+        analogous deserialization
+    @sa @ref to_msgpack(const basic_json&) for the related MessagePack format
+    @sa @ref to_ubjson(const basic_json&, const bool, const bool) for the
+             related UBJSON format
+
+    @since version 2.0.9
+    */
+    static std::vector<uint8_t> to_cbor(const basic_json& j)
+    {
+        std::vector<uint8_t> result;
+        to_cbor(j, result);
+        return result;
+    }
+
+    static void to_cbor(const basic_json& j, detail::output_adapter<uint8_t> o)
+    {
+        binary_writer<uint8_t>(o).write_cbor(j);
+    }
+
+    static void to_cbor(const basic_json& j, detail::output_adapter<char> o)
+    {
+        binary_writer<char>(o).write_cbor(j);
+    }
+
+    /*!
+    @brief create a MessagePack serialization of a given JSON value
+
+    Serializes a given JSON value @a j to a byte vector using the MessagePack
+    serialization format. MessagePack is a binary serialization format which
+    aims to be more compact than JSON itself, yet more efficient to parse.
+
+    The library uses the following mapping from JSON values types to
+    MessagePack types according to the MessagePack specification:
+
+    JSON value type | value/range                       | MessagePack type | first byte
+    --------------- | --------------------------------- | ---------------- | ----------
+    null            | `null`                            | nil              | 0xC0
+    boolean         | `true`                            | true             | 0xC3
+    boolean         | `false`                           | false            | 0xC2
+    number_integer  | -9223372036854775808..-2147483649 | int64            | 0xD3
+    number_integer  | -2147483648..-32769               | int32            | 0xD2
+    number_integer  | -32768..-129                      | int16            | 0xD1
+    number_integer  | -128..-33                         | int8             | 0xD0
+    number_integer  | -32..-1                           | negative fixint  | 0xE0..0xFF
+    number_integer  | 0..127                            | positive fixint  | 0x00..0x7F
+    number_integer  | 128..255                          | uint 8           | 0xCC
+    number_integer  | 256..65535                        | uint 16          | 0xCD
+    number_integer  | 65536..4294967295                 | uint 32          | 0xCE
+    number_integer  | 4294967296..18446744073709551615  | uint 64          | 0xCF
+    number_unsigned | 0..127                            | positive fixint  | 0x00..0x7F
+    number_unsigned | 128..255                          | uint 8           | 0xCC
+    number_unsigned | 256..65535                        | uint 16          | 0xCD
+    number_unsigned | 65536..4294967295                 | uint 32          | 0xCE
+    number_unsigned | 4294967296..18446744073709551615  | uint 64          | 0xCF
+    number_float    | *any value*                       | float 64         | 0xCB
+    string          | *length*: 0..31                   | fixstr           | 0xA0..0xBF
+    string          | *length*: 32..255                 | str 8            | 0xD9
+    string          | *length*: 256..65535              | str 16           | 0xDA
+    string          | *length*: 65536..4294967295       | str 32           | 0xDB
+    array           | *size*: 0..15                     | fixarray         | 0x90..0x9F
+    array           | *size*: 16..65535                 | array 16         | 0xDC
+    array           | *size*: 65536..4294967295         | array 32         | 0xDD
+    object          | *size*: 0..15                     | fix map          | 0x80..0x8F
+    object          | *size*: 16..65535                 | map 16           | 0xDE
+    object          | *size*: 65536..4294967295         | map 32           | 0xDF
+
+    @note The mapping is **complete** in the sense that any JSON value type
+          can be converted to a MessagePack value.
+
+    @note The following values can **not** be converted to a MessagePack value:
+          - strings with more than 4294967295 bytes
+          - arrays with more than 4294967295 elements
+          - objects with more than 4294967295 elements
+
+    @note The following MessagePack types are not used in the conversion:
+          - bin 8 - bin 32 (0xC4..0xC6)
+          - ext 8 - ext 32 (0xC7..0xC9)
+          - float 32 (0xCA)
+          - fixext 1 - fixext 16 (0xD4..0xD8)
+
+    @note Any MessagePack output created @ref to_msgpack can be successfully
+          parsed by @ref from_msgpack.
+
+    @note If NaN or Infinity are stored inside a JSON number, they are
+          serialized properly. This behavior differs from the @ref dump()
+          function which serializes NaN or Infinity to `null`.
+
+    @param[in] j  JSON value to serialize
+    @return MessagePack serialization as byte vector
+
+    @complexity Linear in the size of the JSON value @a j.
+
+    @liveexample{The example shows the serialization of a JSON value to a byte
+    vector in MessagePack format.,to_msgpack}
+
+    @sa http://msgpack.org
+    @sa @ref from_msgpack for the analogous deserialization
+    @sa @ref to_cbor(const basic_json& for the related CBOR format
+    @sa @ref to_ubjson(const basic_json&, const bool, const bool) for the
+             related UBJSON format
+
+    @since version 2.0.9
+    */
+    static std::vector<uint8_t> to_msgpack(const basic_json& j)
+    {
+        std::vector<uint8_t> result;
+        to_msgpack(j, result);
+        return result;
+    }
+
+    static void to_msgpack(const basic_json& j, detail::output_adapter<uint8_t> o)
+    {
+        binary_writer<uint8_t>(o).write_msgpack(j);
+    }
+
+    static void to_msgpack(const basic_json& j, detail::output_adapter<char> o)
+    {
+        binary_writer<char>(o).write_msgpack(j);
+    }
+
+    /*!
+    @brief create a UBJSON serialization of a given JSON value
+
+    Serializes a given JSON value @a j to a byte vector using the UBJSON
+    (Universal Binary JSON) serialization format. UBJSON aims to be more compact
+    than JSON itself, yet more efficient to parse.
+
+    The library uses the following mapping from JSON values types to
+    UBJSON types according to the UBJSON specification:
+
+    JSON value type | value/range                       | UBJSON type | marker
+    --------------- | --------------------------------- | ----------- | ------
+    null            | `null`                            | null        | `Z`
+    boolean         | `true`                            | true        | `T`
+    boolean         | `false`                           | false       | `F`
+    number_integer  | -9223372036854775808..-2147483649 | int64       | `L`
+    number_integer  | -2147483648..-32769               | int32       | `l`
+    number_integer  | -32768..-129                      | int16       | `I`
+    number_integer  | -128..127                         | int8        | `i`
+    number_integer  | 128..255                          | uint8       | `U`
+    number_integer  | 256..32767                        | int16       | `I`
+    number_integer  | 32768..2147483647                 | int32       | `l`
+    number_integer  | 2147483648..9223372036854775807   | int64       | `L`
+    number_unsigned | 0..127                            | int8        | `i`
+    number_unsigned | 128..255                          | uint8       | `U`
+    number_unsigned | 256..32767                        | int16       | `I`
+    number_unsigned | 32768..2147483647                 | int32       | `l`
+    number_unsigned | 2147483648..9223372036854775807   | int64       | `L`
+    number_float    | *any value*                       | float64     | `D`
+    string          | *with shortest length indicator*  | string      | `S`
+    array           | *see notes on optimized format*   | array       | `[`
+    object          | *see notes on optimized format*   | map         | `{`
+
+    @note The mapping is **complete** in the sense that any JSON value type
+          can be converted to a UBJSON value.
+
+    @note The following values can **not** be converted to a UBJSON value:
+          - strings with more than 9223372036854775807 bytes (theoretical)
+          - unsigned integer numbers above 9223372036854775807
+
+    @note The following markers are not used in the conversion:
+          - `Z`: no-op values are not created.
+          - `C`: single-byte strings are serialized with `S` markers.
+
+    @note Any UBJSON output created @ref to_ubjson can be successfully parsed
+          by @ref from_ubjson.
+
+    @note If NaN or Infinity are stored inside a JSON number, they are
+          serialized properly. This behavior differs from the @ref dump()
+          function which serializes NaN or Infinity to `null`.
+
+    @note The optimized formats for containers are supported: Parameter
+          @a use_size adds size information to the beginning of a container and
+          removes the closing marker. Parameter @a use_type further checks
+          whether all elements of a container have the same type and adds the
+          type marker to the beginning of the container. The @a use_type
+          parameter must only be used together with @a use_size = true. Note
+          that @a use_size = true alone may result in larger representations -
+          the benefit of this parameter is that the receiving side is
+          immediately informed on the number of elements of the container.
+
+    @param[in] j  JSON value to serialize
+    @param[in] use_size  whether to add size annotations to container types
+    @param[in] use_type  whether to add type annotations to container types
+                         (must be combined with @a use_size = true)
+    @return UBJSON serialization as byte vector
+
+    @complexity Linear in the size of the JSON value @a j.
+
+    @liveexample{The example shows the serialization of a JSON value to a byte
+    vector in UBJSON format.,to_ubjson}
+
+    @sa http://ubjson.org
+    @sa @ref from_ubjson(detail::input_adapter&&, const bool, const bool) for the
+        analogous deserialization
+    @sa @ref to_cbor(const basic_json& for the related CBOR format
+    @sa @ref to_msgpack(const basic_json&) for the related MessagePack format
+
+    @since version 3.1.0
+    */
+    static std::vector<uint8_t> to_ubjson(const basic_json& j,
+                                          const bool use_size = false,
+                                          const bool use_type = false)
+    {
+        std::vector<uint8_t> result;
+        to_ubjson(j, result, use_size, use_type);
+        return result;
+    }
+
+    static void to_ubjson(const basic_json& j, detail::output_adapter<uint8_t> o,
+                          const bool use_size = false, const bool use_type = false)
+    {
+        binary_writer<uint8_t>(o).write_ubjson(j, use_size, use_type);
+    }
+
+    static void to_ubjson(const basic_json& j, detail::output_adapter<char> o,
+                          const bool use_size = false, const bool use_type = false)
+    {
+        binary_writer<char>(o).write_ubjson(j, use_size, use_type);
+    }
+
+
+    /*!
+    @brief Serializes the given JSON object `j` to BSON and returns a vector
+           containing the corresponding BSON-representation.
+
+    BSON (Binary JSON) is a binary format in which zero or more ordered key/value pairs are
+    stored as a single entity (a so-called document).
+
+    The library uses the following mapping from JSON values types to BSON types:
+
+    JSON value type | value/range                       | BSON type   | marker
+    --------------- | --------------------------------- | ----------- | ------
+    null            | `null`                            | null        | 0x0A
+    boolean         | `true`, `false`                   | boolean     | 0x08
+    number_integer  | -9223372036854775808..-2147483649 | int64       | 0x12
+    number_integer  | -2147483648..2147483647           | int32       | 0x10
+    number_integer  | 2147483648..9223372036854775807   | int64       | 0x12
+    number_unsigned | 0..2147483647                     | int32       | 0x10
+    number_unsigned | 2147483648..9223372036854775807   | int64       | 0x12
+    number_unsigned | 9223372036854775808..18446744073709551615| --   | --
+    number_float    | *any value*                       | double      | 0x01
+    string          | *any value*                       | string      | 0x02
+    array           | *any value*                       | document    | 0x04
+    object          | *any value*                       | document    | 0x03
+
+    @warning The mapping is **incomplete**, since only JSON-objects (and things
+    contained therein) can be serialized to BSON.
+    Also, integers larger than 9223372036854775807 cannot be serialized to BSON,
+    and the keys may not contain U+0000, since they are serialized a
+    zero-terminated c-strings.
+
+    @throw out_of_range.407  if `j.is_number_unsigned() && j.get<std::uint64_t>() > 9223372036854775807`
+    @throw out_of_range.409  if a key in `j` contains a NULL (U+0000)
+    @throw type_error.317    if `!j.is_object()`
+
+    @pre The input `j` is required to be an object: `j.is_object() == true`.
+
+    @note Any BSON output created via @ref to_bson can be successfully parsed
+          by @ref from_bson.
+
+    @param[in] j  JSON value to serialize
+    @return BSON serialization as byte vector
+
+    @complexity Linear in the size of the JSON value @a j.
+
+    @liveexample{The example shows the serialization of a JSON value to a byte
+    vector in BSON format.,to_bson}
+
+    @sa http://bsonspec.org/spec.html
+    @sa @ref from_bson(detail::input_adapter&&, const bool strict) for the
+        analogous deserialization
+    @sa @ref to_ubjson(const basic_json&, const bool, const bool) for the
+             related UBJSON format
+    @sa @ref to_cbor(const basic_json&) for the related CBOR format
+    @sa @ref to_msgpack(const basic_json&) for the related MessagePack format
+    */
+    static std::vector<uint8_t> to_bson(const basic_json& j)
+    {
+        std::vector<uint8_t> result;
+        to_bson(j, result);
+        return result;
+    }
+
+    /*!
+    @brief Serializes the given JSON object `j` to BSON and forwards the
+           corresponding BSON-representation to the given output_adapter `o`.
+    @param j The JSON object to convert to BSON.
+    @param o The output adapter that receives the binary BSON representation.
+    @pre The input `j` shall be an object: `j.is_object() == true`
+    @sa @ref to_bson(const basic_json&)
+    */
+    static void to_bson(const basic_json& j, detail::output_adapter<uint8_t> o)
+    {
+        binary_writer<uint8_t>(o).write_bson(j);
+    }
+
+    /*!
+    @copydoc to_bson(const basic_json&, detail::output_adapter<uint8_t>)
+    */
+    static void to_bson(const basic_json& j, detail::output_adapter<char> o)
+    {
+        binary_writer<char>(o).write_bson(j);
+    }
+
+
+    /*!
+    @brief create a JSON value from an input in CBOR format
+
+    Deserializes a given input @a i to a JSON value using the CBOR (Concise
+    Binary Object Representation) serialization format.
+
+    The library maps CBOR types to JSON value types as follows:
+
+    CBOR type              | JSON value type | first byte
+    ---------------------- | --------------- | ----------
+    Integer                | number_unsigned | 0x00..0x17
+    Unsigned integer       | number_unsigned | 0x18
+    Unsigned integer       | number_unsigned | 0x19
+    Unsigned integer       | number_unsigned | 0x1A
+    Unsigned integer       | number_unsigned | 0x1B
+    Negative integer       | number_integer  | 0x20..0x37
+    Negative integer       | number_integer  | 0x38
+    Negative integer       | number_integer  | 0x39
+    Negative integer       | number_integer  | 0x3A
+    Negative integer       | number_integer  | 0x3B
+    Negative integer       | number_integer  | 0x40..0x57
+    UTF-8 string           | string          | 0x60..0x77
+    UTF-8 string           | string          | 0x78
+    UTF-8 string           | string          | 0x79
+    UTF-8 string           | string          | 0x7A
+    UTF-8 string           | string          | 0x7B
+    UTF-8 string           | string          | 0x7F
+    array                  | array           | 0x80..0x97
+    array                  | array           | 0x98
+    array                  | array           | 0x99
+    array                  | array           | 0x9A
+    array                  | array           | 0x9B
+    array                  | array           | 0x9F
+    map                    | object          | 0xA0..0xB7
+    map                    | object          | 0xB8
+    map                    | object          | 0xB9
+    map                    | object          | 0xBA
+    map                    | object          | 0xBB
+    map                    | object          | 0xBF
+    False                  | `false`         | 0xF4
+    True                   | `true`          | 0xF5
+    Null                   | `null`          | 0xF6
+    Half-Precision Float   | number_float    | 0xF9
+    Single-Precision Float | number_float    | 0xFA
+    Double-Precision Float | number_float    | 0xFB
+
+    @warning The mapping is **incomplete** in the sense that not all CBOR
+             types can be converted to a JSON value. The following CBOR types
+             are not supported and will yield parse errors (parse_error.112):
+             - byte strings (0x40..0x5F)
+             - date/time (0xC0..0xC1)
+             - bignum (0xC2..0xC3)
+             - decimal fraction (0xC4)
+             - bigfloat (0xC5)
+             - tagged items (0xC6..0xD4, 0xD8..0xDB)
+             - expected conversions (0xD5..0xD7)
+             - simple values (0xE0..0xF3, 0xF8)
+             - undefined (0xF7)
+
+    @warning CBOR allows map keys of any type, whereas JSON only allows
+             strings as keys in object values. Therefore, CBOR maps with keys
+             other than UTF-8 strings are rejected (parse_error.113).
+
+    @note Any CBOR output created @ref to_cbor can be successfully parsed by
+          @ref from_cbor.
+
+    @param[in] i  an input in CBOR format convertible to an input adapter
+    @param[in] strict  whether to expect the input to be consumed until EOF
+                       (true by default)
+    @param[in] allow_exceptions  whether to throw exceptions in case of a
+    parse error (optional, true by default)
+
+    @return deserialized JSON value
+
+    @throw parse_error.110 if the given input ends prematurely or the end of
+    file was not reached when @a strict was set to true
+    @throw parse_error.112 if unsupported features from CBOR were
+    used in the given input @a v or if the input is not valid CBOR
+    @throw parse_error.113 if a string was expected as map key, but not found
+
+    @complexity Linear in the size of the input @a i.
+
+    @liveexample{The example shows the deserialization of a byte vector in CBOR
+    format to a JSON value.,from_cbor}
+
+    @sa http://cbor.io
+    @sa @ref to_cbor(const basic_json&) for the analogous serialization
+    @sa @ref from_msgpack(detail::input_adapter&&, const bool, const bool) for the
+        related MessagePack format
+    @sa @ref from_ubjson(detail::input_adapter&&, const bool, const bool) for the
+        related UBJSON format
+
+    @since version 2.0.9; parameter @a start_index since 2.1.1; changed to
+           consume input adapters, removed start_index parameter, and added
+           @a strict parameter since 3.0.0; added @a allow_exceptions parameter
+           since 3.2.0
+    */
+    static basic_json from_cbor(detail::input_adapter&& i,
+                                const bool strict = true,
+                                const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(i)).sax_parse(input_format_t::cbor, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+    /*!
+    @copydoc from_cbor(detail::input_adapter&&, const bool, const bool)
+    */
+    template<typename A1, typename A2,
+             detail::enable_if_t<std::is_constructible<detail::input_adapter, A1, A2>::value, int> = 0>
+    static basic_json from_cbor(A1 && a1, A2 && a2,
+                                const bool strict = true,
+                                const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(std::forward<A1>(a1), std::forward<A2>(a2))).sax_parse(input_format_t::cbor, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+    /*!
+    @brief create a JSON value from an input in MessagePack format
+
+    Deserializes a given input @a i to a JSON value using the MessagePack
+    serialization format.
+
+    The library maps MessagePack types to JSON value types as follows:
+
+    MessagePack type | JSON value type | first byte
+    ---------------- | --------------- | ----------
+    positive fixint  | number_unsigned | 0x00..0x7F
+    fixmap           | object          | 0x80..0x8F
+    fixarray         | array           | 0x90..0x9F
+    fixstr           | string          | 0xA0..0xBF
+    nil              | `null`          | 0xC0
+    false            | `false`         | 0xC2
+    true             | `true`          | 0xC3
+    float 32         | number_float    | 0xCA
+    float 64         | number_float    | 0xCB
+    uint 8           | number_unsigned | 0xCC
+    uint 16          | number_unsigned | 0xCD
+    uint 32          | number_unsigned | 0xCE
+    uint 64          | number_unsigned | 0xCF
+    int 8            | number_integer  | 0xD0
+    int 16           | number_integer  | 0xD1
+    int 32           | number_integer  | 0xD2
+    int 64           | number_integer  | 0xD3
+    str 8            | string          | 0xD9
+    str 16           | string          | 0xDA
+    str 32           | string          | 0xDB
+    array 16         | array           | 0xDC
+    array 32         | array           | 0xDD
+    map 16           | object          | 0xDE
+    map 32           | object          | 0xDF
+    negative fixint  | number_integer  | 0xE0-0xFF
+
+    @warning The mapping is **incomplete** in the sense that not all
+             MessagePack types can be converted to a JSON value. The following
+             MessagePack types are not supported and will yield parse errors:
+              - bin 8 - bin 32 (0xC4..0xC6)
+              - ext 8 - ext 32 (0xC7..0xC9)
+              - fixext 1 - fixext 16 (0xD4..0xD8)
+
+    @note Any MessagePack output created @ref to_msgpack can be successfully
+          parsed by @ref from_msgpack.
+
+    @param[in] i  an input in MessagePack format convertible to an input
+                  adapter
+    @param[in] strict  whether to expect the input to be consumed until EOF
+                       (true by default)
+    @param[in] allow_exceptions  whether to throw exceptions in case of a
+    parse error (optional, true by default)
+
+    @return deserialized JSON value
+
+    @throw parse_error.110 if the given input ends prematurely or the end of
+    file was not reached when @a strict was set to true
+    @throw parse_error.112 if unsupported features from MessagePack were
+    used in the given input @a i or if the input is not valid MessagePack
+    @throw parse_error.113 if a string was expected as map key, but not found
+
+    @complexity Linear in the size of the input @a i.
+
+    @liveexample{The example shows the deserialization of a byte vector in
+    MessagePack format to a JSON value.,from_msgpack}
+
+    @sa http://msgpack.org
+    @sa @ref to_msgpack(const basic_json&) for the analogous serialization
+    @sa @ref from_cbor(detail::input_adapter&&, const bool, const bool) for the
+        related CBOR format
+    @sa @ref from_ubjson(detail::input_adapter&&, const bool, const bool) for
+        the related UBJSON format
+    @sa @ref from_bson(detail::input_adapter&&, const bool, const bool) for
+        the related BSON format
+
+    @since version 2.0.9; parameter @a start_index since 2.1.1; changed to
+           consume input adapters, removed start_index parameter, and added
+           @a strict parameter since 3.0.0; added @a allow_exceptions parameter
+           since 3.2.0
+    */
+    static basic_json from_msgpack(detail::input_adapter&& i,
+                                   const bool strict = true,
+                                   const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(i)).sax_parse(input_format_t::msgpack, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+    /*!
+    @copydoc from_msgpack(detail::input_adapter&&, const bool, const bool)
+    */
+    template<typename A1, typename A2,
+             detail::enable_if_t<std::is_constructible<detail::input_adapter, A1, A2>::value, int> = 0>
+    static basic_json from_msgpack(A1 && a1, A2 && a2,
+                                   const bool strict = true,
+                                   const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(std::forward<A1>(a1), std::forward<A2>(a2))).sax_parse(input_format_t::msgpack, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+    /*!
+    @brief create a JSON value from an input in UBJSON format
+
+    Deserializes a given input @a i to a JSON value using the UBJSON (Universal
+    Binary JSON) serialization format.
+
+    The library maps UBJSON types to JSON value types as follows:
+
+    UBJSON type | JSON value type                         | marker
+    ----------- | --------------------------------------- | ------
+    no-op       | *no value, next value is read*          | `N`
+    null        | `null`                                  | `Z`
+    false       | `false`                                 | `F`
+    true        | `true`                                  | `T`
+    float32     | number_float                            | `d`
+    float64     | number_float                            | `D`
+    uint8       | number_unsigned                         | `U`
+    int8        | number_integer                          | `i`
+    int16       | number_integer                          | `I`
+    int32       | number_integer                          | `l`
+    int64       | number_integer                          | `L`
+    string      | string                                  | `S`
+    char        | string                                  | `C`
+    array       | array (optimized values are supported)  | `[`
+    object      | object (optimized values are supported) | `{`
+
+    @note The mapping is **complete** in the sense that any UBJSON value can
+          be converted to a JSON value.
+
+    @param[in] i  an input in UBJSON format convertible to an input adapter
+    @param[in] strict  whether to expect the input to be consumed until EOF
+                       (true by default)
+    @param[in] allow_exceptions  whether to throw exceptions in case of a
+    parse error (optional, true by default)
+
+    @return deserialized JSON value
+
+    @throw parse_error.110 if the given input ends prematurely or the end of
+    file was not reached when @a strict was set to true
+    @throw parse_error.112 if a parse error occurs
+    @throw parse_error.113 if a string could not be parsed successfully
+
+    @complexity Linear in the size of the input @a i.
+
+    @liveexample{The example shows the deserialization of a byte vector in
+    UBJSON format to a JSON value.,from_ubjson}
+
+    @sa http://ubjson.org
+    @sa @ref to_ubjson(const basic_json&, const bool, const bool) for the
+             analogous serialization
+    @sa @ref from_cbor(detail::input_adapter&&, const bool, const bool) for the
+        related CBOR format
+    @sa @ref from_msgpack(detail::input_adapter&&, const bool, const bool) for
+        the related MessagePack format
+    @sa @ref from_bson(detail::input_adapter&&, const bool, const bool) for
+        the related BSON format
+
+    @since version 3.1.0; added @a allow_exceptions parameter since 3.2.0
+    */
+    static basic_json from_ubjson(detail::input_adapter&& i,
+                                  const bool strict = true,
+                                  const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(i)).sax_parse(input_format_t::ubjson, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+    /*!
+    @copydoc from_ubjson(detail::input_adapter&&, const bool, const bool)
+    */
+    template<typename A1, typename A2,
+             detail::enable_if_t<std::is_constructible<detail::input_adapter, A1, A2>::value, int> = 0>
+    static basic_json from_ubjson(A1 && a1, A2 && a2,
+                                  const bool strict = true,
+                                  const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(std::forward<A1>(a1), std::forward<A2>(a2))).sax_parse(input_format_t::ubjson, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+    /*!
+    @brief Create a JSON value from an input in BSON format
+
+    Deserializes a given input @a i to a JSON value using the BSON (Binary JSON)
+    serialization format.
+
+    The library maps BSON record types to JSON value types as follows:
+
+    BSON type       | BSON marker byte | JSON value type
+    --------------- | ---------------- | ---------------------------
+    double          | 0x01             | number_float
+    string          | 0x02             | string
+    document        | 0x03             | object
+    array           | 0x04             | array
+    binary          | 0x05             | still unsupported
+    undefined       | 0x06             | still unsupported
+    ObjectId        | 0x07             | still unsupported
+    boolean         | 0x08             | boolean
+    UTC Date-Time   | 0x09             | still unsupported
+    null            | 0x0A             | null
+    Regular Expr.   | 0x0B             | still unsupported
+    DB Pointer      | 0x0C             | still unsupported
+    JavaScript Code | 0x0D             | still unsupported
+    Symbol          | 0x0E             | still unsupported
+    JavaScript Code | 0x0F             | still unsupported
+    int32           | 0x10             | number_integer
+    Timestamp       | 0x11             | still unsupported
+    128-bit decimal float | 0x13       | still unsupported
+    Max Key         | 0x7F             | still unsupported
+    Min Key         | 0xFF             | still unsupported
+
+    @warning The mapping is **incomplete**. The unsupported mappings
+             are indicated in the table above.
+
+    @param[in] i  an input in BSON format convertible to an input adapter
+    @param[in] strict  whether to expect the input to be consumed until EOF
+                       (true by default)
+    @param[in] allow_exceptions  whether to throw exceptions in case of a
+    parse error (optional, true by default)
+
+    @return deserialized JSON value
+
+    @throw parse_error.114 if an unsupported BSON record type is encountered
+
+    @complexity Linear in the size of the input @a i.
+
+    @liveexample{The example shows the deserialization of a byte vector in
+    BSON format to a JSON value.,from_bson}
+
+    @sa http://bsonspec.org/spec.html
+    @sa @ref to_bson(const basic_json&) for the analogous serialization
+    @sa @ref from_cbor(detail::input_adapter&&, const bool, const bool) for the
+        related CBOR format
+    @sa @ref from_msgpack(detail::input_adapter&&, const bool, const bool) for
+        the related MessagePack format
+    @sa @ref from_ubjson(detail::input_adapter&&, const bool, const bool) for the
+        related UBJSON format
+    */
+    static basic_json from_bson(detail::input_adapter&& i,
+                                const bool strict = true,
+                                const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(i)).sax_parse(input_format_t::bson, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+    /*!
+    @copydoc from_bson(detail::input_adapter&&, const bool, const bool)
+    */
+    template<typename A1, typename A2,
+             detail::enable_if_t<std::is_constructible<detail::input_adapter, A1, A2>::value, int> = 0>
+    static basic_json from_bson(A1 && a1, A2 && a2,
+                                const bool strict = true,
+                                const bool allow_exceptions = true)
+    {
+        basic_json result;
+        detail::json_sax_dom_parser<basic_json> sdp(result, allow_exceptions);
+        const bool res = binary_reader(detail::input_adapter(std::forward<A1>(a1), std::forward<A2>(a2))).sax_parse(input_format_t::bson, &sdp, strict);
+        return res ? result : basic_json(value_t::discarded);
+    }
+
+
+
+    /// @}
+
+    //////////////////////////
+    // JSON Pointer support //
+    //////////////////////////
+
+    /// @name JSON Pointer functions
+    /// @{
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Uses a JSON pointer to retrieve a reference to the respective JSON value.
+    No bound checking is performed. Similar to @ref operator[](const typename
+    object_t::key_type&), `null` values are created in arrays and objects if
+    necessary.
+
+    In particular:
+    - If the JSON pointer points to an object key that does not exist, it
+      is created an filled with a `null` value before a reference to it
+      is returned.
+    - If the JSON pointer points to an array index that does not exist, it
+      is created an filled with a `null` value before a reference to it
+      is returned. All indices between the current maximum and the given
+      index are also filled with `null`.
+    - The special value `-` is treated as a synonym for the index past the
+      end.
+
+    @param[in] ptr  a JSON pointer
+
+    @return reference to the element pointed to by @a ptr
+
+    @complexity Constant.
+
+    @throw parse_error.106   if an array index begins with '0'
+    @throw parse_error.109   if an array index was not a number
+    @throw out_of_range.404  if the JSON pointer can not be resolved
+
+    @liveexample{The behavior is shown in the example.,operatorjson_pointer}
+
+    @since version 2.0.0
+    */
+    reference operator[](const json_pointer& ptr)
+    {
+        return ptr.get_unchecked(this);
+    }
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Uses a JSON pointer to retrieve a reference to the respective JSON value.
+    No bound checking is performed. The function does not change the JSON
+    value; no `null` values are created. In particular, the the special value
+    `-` yields an exception.
+
+    @param[in] ptr  JSON pointer to the desired element
+
+    @return const reference to the element pointed to by @a ptr
+
+    @complexity Constant.
+
+    @throw parse_error.106   if an array index begins with '0'
+    @throw parse_error.109   if an array index was not a number
+    @throw out_of_range.402  if the array index '-' is used
+    @throw out_of_range.404  if the JSON pointer can not be resolved
+
+    @liveexample{The behavior is shown in the example.,operatorjson_pointer_const}
+
+    @since version 2.0.0
+    */
+    const_reference operator[](const json_pointer& ptr) const
+    {
+        return ptr.get_unchecked(this);
+    }
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Returns a reference to the element at with specified JSON pointer @a ptr,
+    with bounds checking.
+
+    @param[in] ptr  JSON pointer to the desired element
+
+    @return reference to the element pointed to by @a ptr
+
+    @throw parse_error.106 if an array index in the passed JSON pointer @a ptr
+    begins with '0'. See example below.
+
+    @throw parse_error.109 if an array index in the passed JSON pointer @a ptr
+    is not a number. See example below.
+
+    @throw out_of_range.401 if an array index in the passed JSON pointer @a ptr
+    is out of range. See example below.
+
+    @throw out_of_range.402 if the array index '-' is used in the passed JSON
+    pointer @a ptr. As `at` provides checked access (and no elements are
+    implicitly inserted), the index '-' is always invalid. See example below.
+
+    @throw out_of_range.403 if the JSON pointer describes a key of an object
+    which cannot be found. See example below.
+
+    @throw out_of_range.404 if the JSON pointer @a ptr can not be resolved.
+    See example below.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Constant.
+
+    @since version 2.0.0
+
+    @liveexample{The behavior is shown in the example.,at_json_pointer}
+    */
+    reference at(const json_pointer& ptr)
+    {
+        return ptr.get_checked(this);
+    }
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Returns a const reference to the element at with specified JSON pointer @a
+    ptr, with bounds checking.
+
+    @param[in] ptr  JSON pointer to the desired element
+
+    @return reference to the element pointed to by @a ptr
+
+    @throw parse_error.106 if an array index in the passed JSON pointer @a ptr
+    begins with '0'. See example below.
+
+    @throw parse_error.109 if an array index in the passed JSON pointer @a ptr
+    is not a number. See example below.
+
+    @throw out_of_range.401 if an array index in the passed JSON pointer @a ptr
+    is out of range. See example below.
+
+    @throw out_of_range.402 if the array index '-' is used in the passed JSON
+    pointer @a ptr. As `at` provides checked access (and no elements are
+    implicitly inserted), the index '-' is always invalid. See example below.
+
+    @throw out_of_range.403 if the JSON pointer describes a key of an object
+    which cannot be found. See example below.
+
+    @throw out_of_range.404 if the JSON pointer @a ptr can not be resolved.
+    See example below.
+
+    @exceptionsafety Strong guarantee: if an exception is thrown, there are no
+    changes in the JSON value.
+
+    @complexity Constant.
+
+    @since version 2.0.0
+
+    @liveexample{The behavior is shown in the example.,at_json_pointer_const}
+    */
+    const_reference at(const json_pointer& ptr) const
+    {
+        return ptr.get_checked(this);
+    }
+
+    /*!
+    @brief return flattened JSON value
+
+    The function creates a JSON object whose keys are JSON pointers (see [RFC
+    6901](https://tools.ietf.org/html/rfc6901)) and whose values are all
+    primitive. The original JSON value can be restored using the @ref
+    unflatten() function.
+
+    @return an object that maps JSON pointers to primitive values
+
+    @note Empty objects and arrays are flattened to `null` and will not be
+          reconstructed correctly by the @ref unflatten() function.
+
+    @complexity Linear in the size the JSON value.
+
+    @liveexample{The following code shows how a JSON object is flattened to an
+    object whose keys consist of JSON pointers.,flatten}
+
+    @sa @ref unflatten() for the reverse function
+
+    @since version 2.0.0
+    */
+    basic_json flatten() const
+    {
+        basic_json result(value_t::object);
+        json_pointer::flatten("", *this, result);
+        return result;
+    }
+
+    /*!
+    @brief unflatten a previously flattened JSON value
+
+    The function restores the arbitrary nesting of a JSON value that has been
+    flattened before using the @ref flatten() function. The JSON value must
+    meet certain constraints:
+    1. The value must be an object.
+    2. The keys must be JSON pointers (see
+       [RFC 6901](https://tools.ietf.org/html/rfc6901))
+    3. The mapped values must be primitive JSON types.
+
+    @return the original JSON from a flattened version
+
+    @note Empty objects and arrays are flattened by @ref flatten() to `null`
+          values and can not unflattened to their original type. Apart from
+          this example, for a JSON value `j`, the following is always true:
+          `j == j.flatten().unflatten()`.
+
+    @complexity Linear in the size the JSON value.
+
+    @throw type_error.314  if value is not an object
+    @throw type_error.315  if object values are not primitive
+
+    @liveexample{The following code shows how a flattened JSON object is
+    unflattened into the original nested JSON object.,unflatten}
+
+    @sa @ref flatten() for the reverse function
+
+    @since version 2.0.0
+    */
+    basic_json unflatten() const
+    {
+        return json_pointer::unflatten(*this);
+    }
+
+    /// @}
+
+    //////////////////////////
+    // JSON Patch functions //
+    //////////////////////////
+
+    /// @name JSON Patch functions
+    /// @{
+
+    /*!
+    @brief applies a JSON patch
+
+    [JSON Patch](http://jsonpatch.com) defines a JSON document structure for
+    expressing a sequence of operations to apply to a JSON) document. With
+    this function, a JSON Patch is applied to the current JSON value by
+    executing all operations from the patch.
+
+    @param[in] json_patch  JSON patch document
+    @return patched document
+
+    @note The application of a patch is atomic: Either all operations succeed
+          and the patched document is returned or an exception is thrown. In
+          any case, the original value is not changed: the patch is applied
+          to a copy of the value.
+
+    @throw parse_error.104 if the JSON patch does not consist of an array of
+    objects
+
+    @throw parse_error.105 if the JSON patch is malformed (e.g., mandatory
+    attributes are missing); example: `"operation add must have member path"`
+
+    @throw out_of_range.401 if an array index is out of range.
+
+    @throw out_of_range.403 if a JSON pointer inside the patch could not be
+    resolved successfully in the current JSON value; example: `"key baz not
+    found"`
+
+    @throw out_of_range.405 if JSON pointer has no parent ("add", "remove",
+    "move")
+
+    @throw other_error.501 if "test" operation was unsuccessful
+
+    @complexity Linear in the size of the JSON value and the length of the
+    JSON patch. As usually only a fraction of the JSON value is affected by
+    the patch, the complexity can usually be neglected.
+
+    @liveexample{The following code shows how a JSON patch is applied to a
+    value.,patch}
+
+    @sa @ref diff -- create a JSON patch by comparing two JSON values
+
+    @sa [RFC 6902 (JSON Patch)](https://tools.ietf.org/html/rfc6902)
+    @sa [RFC 6901 (JSON Pointer)](https://tools.ietf.org/html/rfc6901)
+
+    @since version 2.0.0
+    */
+    basic_json patch(const basic_json& json_patch) const
+    {
+        // make a working copy to apply the patch to
+        basic_json result = *this;
+
+        // the valid JSON Patch operations
+        enum class patch_operations {add, remove, replace, move, copy, test, invalid};
+
+        const auto get_op = [](const std::string & op)
+        {
+            if (op == "add")
+            {
+                return patch_operations::add;
+            }
+            if (op == "remove")
+            {
+                return patch_operations::remove;
+            }
+            if (op == "replace")
+            {
+                return patch_operations::replace;
+            }
+            if (op == "move")
+            {
+                return patch_operations::move;
+            }
+            if (op == "copy")
+            {
+                return patch_operations::copy;
+            }
+            if (op == "test")
+            {
+                return patch_operations::test;
+            }
+
+            return patch_operations::invalid;
+        };
+
+        // wrapper for "add" operation; add value at ptr
+        const auto operation_add = [&result](json_pointer & ptr, basic_json val)
+        {
+            // adding to the root of the target document means replacing it
+            if (ptr.is_root())
+            {
+                result = val;
+            }
+            else
+            {
+                // make sure the top element of the pointer exists
+                json_pointer top_pointer = ptr.top();
+                if (top_pointer != ptr)
+                {
+                    result.at(top_pointer);
+                }
+
+                // get reference to parent of JSON pointer ptr
+                const auto last_path = ptr.pop_back();
+                basic_json& parent = result[ptr];
+
+                switch (parent.m_type)
+                {
+                    case value_t::null:
+                    case value_t::object:
+                    {
+                        // use operator[] to add value
+                        parent[last_path] = val;
+                        break;
+                    }
+
+                    case value_t::array:
+                    {
+                        if (last_path == "-")
+                        {
+                            // special case: append to back
+                            parent.push_back(val);
+                        }
+                        else
+                        {
+                            const auto idx = json_pointer::array_index(last_path);
+                            if (JSON_UNLIKELY(static_cast<size_type>(idx) > parent.size()))
+                            {
+                                // avoid undefined behavior
+                                JSON_THROW(out_of_range::create(401, "array index " + std::to_string(idx) + " is out of range"));
+                            }
+
+                            // default case: insert add offset
+                            parent.insert(parent.begin() + static_cast<difference_type>(idx), val);
+                        }
+                        break;
+                    }
+
+                    // LCOV_EXCL_START
+                    default:
+                    {
+                        // if there exists a parent it cannot be primitive
+                        assert(false);
+                    }
+                        // LCOV_EXCL_STOP
+                }
+            }
+        };
+
+        // wrapper for "remove" operation; remove value at ptr
+        const auto operation_remove = [&result](json_pointer & ptr)
+        {
+            // get reference to parent of JSON pointer ptr
+            const auto last_path = ptr.pop_back();
+            basic_json& parent = result.at(ptr);
+
+            // remove child
+            if (parent.is_object())
+            {
+                // perform range check
+                auto it = parent.find(last_path);
+                if (JSON_LIKELY(it != parent.end()))
+                {
+                    parent.erase(it);
+                }
+                else
+                {
+                    JSON_THROW(out_of_range::create(403, "key '" + last_path + "' not found"));
+                }
+            }
+            else if (parent.is_array())
+            {
+                // note erase performs range check
+                parent.erase(static_cast<size_type>(json_pointer::array_index(last_path)));
+            }
+        };
+
+        // type check: top level value must be an array
+        if (JSON_UNLIKELY(not json_patch.is_array()))
+        {
+            JSON_THROW(parse_error::create(104, 0, "JSON patch must be an array of objects"));
+        }
+
+        // iterate and apply the operations
+        for (const auto& val : json_patch)
+        {
+            // wrapper to get a value for an operation
+            const auto get_value = [&val](const std::string & op,
+                                          const std::string & member,
+                                          bool string_type) -> basic_json &
+            {
+                // find value
+                auto it = val.m_value.object->find(member);
+
+                // context-sensitive error message
+                const auto error_msg = (op == "op") ? "operation" : "operation '" + op + "'";
+
+                // check if desired value is present
+                if (JSON_UNLIKELY(it == val.m_value.object->end()))
+                {
+                    JSON_THROW(parse_error::create(105, 0, error_msg + " must have member '" + member + "'"));
+                }
+
+                // check if result is of type string
+                if (JSON_UNLIKELY(string_type and not it->second.is_string()))
+                {
+                    JSON_THROW(parse_error::create(105, 0, error_msg + " must have string member '" + member + "'"));
+                }
+
+                // no error: return value
+                return it->second;
+            };
+
+            // type check: every element of the array must be an object
+            if (JSON_UNLIKELY(not val.is_object()))
+            {
+                JSON_THROW(parse_error::create(104, 0, "JSON patch must be an array of objects"));
+            }
+
+            // collect mandatory members
+            const std::string op = get_value("op", "op", true);
+            const std::string path = get_value(op, "path", true);
+            json_pointer ptr(path);
+
+            switch (get_op(op))
+            {
+                case patch_operations::add:
+                {
+                    operation_add(ptr, get_value("add", "value", false));
+                    break;
+                }
+
+                case patch_operations::remove:
+                {
+                    operation_remove(ptr);
+                    break;
+                }
+
+                case patch_operations::replace:
+                {
+                    // the "path" location must exist - use at()
+                    result.at(ptr) = get_value("replace", "value", false);
+                    break;
+                }
+
+                case patch_operations::move:
+                {
+                    const std::string from_path = get_value("move", "from", true);
+                    json_pointer from_ptr(from_path);
+
+                    // the "from" location must exist - use at()
+                    basic_json v = result.at(from_ptr);
+
+                    // The move operation is functionally identical to a
+                    // "remove" operation on the "from" location, followed
+                    // immediately by an "add" operation at the target
+                    // location with the value that was just removed.
+                    operation_remove(from_ptr);
+                    operation_add(ptr, v);
+                    break;
+                }
+
+                case patch_operations::copy:
+                {
+                    const std::string from_path = get_value("copy", "from", true);
+                    const json_pointer from_ptr(from_path);
+
+                    // the "from" location must exist - use at()
+                    basic_json v = result.at(from_ptr);
+
+                    // The copy is functionally identical to an "add"
+                    // operation at the target location using the value
+                    // specified in the "from" member.
+                    operation_add(ptr, v);
+                    break;
+                }
+
+                case patch_operations::test:
+                {
+                    bool success = false;
+                    JSON_TRY
+                    {
+                        // check if "value" matches the one at "path"
+                        // the "path" location must exist - use at()
+                        success = (result.at(ptr) == get_value("test", "value", false));
+                    }
+                    JSON_INTERNAL_CATCH (out_of_range&)
+                    {
+                        // ignore out of range errors: success remains false
+                    }
+
+                    // throw an exception if test fails
+                    if (JSON_UNLIKELY(not success))
+                    {
+                        JSON_THROW(other_error::create(501, "unsuccessful: " + val.dump()));
+                    }
+
+                    break;
+                }
+
+                case patch_operations::invalid:
+                {
+                    // op must be "add", "remove", "replace", "move", "copy", or
+                    // "test"
+                    JSON_THROW(parse_error::create(105, 0, "operation value '" + op + "' is invalid"));
+                }
+            }
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief creates a diff as a JSON patch
+
+    Creates a [JSON Patch](http://jsonpatch.com) so that value @a source can
+    be changed into the value @a target by calling @ref patch function.
+
+    @invariant For two JSON values @a source and @a target, the following code
+    yields always `true`:
+    @code {.cpp}
+    source.patch(diff(source, target)) == target;
+    @endcode
+
+    @note Currently, only `remove`, `add`, and `replace` operations are
+          generated.
+
+    @param[in] source  JSON value to compare from
+    @param[in] target  JSON value to compare against
+    @param[in] path    helper value to create JSON pointers
+
+    @return a JSON patch to convert the @a source to @a target
+
+    @complexity Linear in the lengths of @a source and @a target.
+
+    @liveexample{The following code shows how a JSON patch is created as a
+    diff for two JSON values.,diff}
+
+    @sa @ref patch -- apply a JSON patch
+    @sa @ref merge_patch -- apply a JSON Merge Patch
+
+    @sa [RFC 6902 (JSON Patch)](https://tools.ietf.org/html/rfc6902)
+
+    @since version 2.0.0
+    */
+    static basic_json diff(const basic_json& source, const basic_json& target,
+                           const std::string& path = "")
+    {
+        // the patch
+        basic_json result(value_t::array);
+
+        // if the values are the same, return empty patch
+        if (source == target)
+        {
+            return result;
+        }
+
+        if (source.type() != target.type())
+        {
+            // different types: replace value
+            result.push_back(
+            {
+                {"op", "replace"}, {"path", path}, {"value", target}
+            });
+        }
+        else
+        {
+            switch (source.type())
+            {
+                case value_t::array:
+                {
+                    // first pass: traverse common elements
+                    std::size_t i = 0;
+                    while (i < source.size() and i < target.size())
+                    {
+                        // recursive call to compare array values at index i
+                        auto temp_diff = diff(source[i], target[i], path + "/" + std::to_string(i));
+                        result.insert(result.end(), temp_diff.begin(), temp_diff.end());
+                        ++i;
+                    }
+
+                    // i now reached the end of at least one array
+                    // in a second pass, traverse the remaining elements
+
+                    // remove my remaining elements
+                    const auto end_index = static_cast<difference_type>(result.size());
+                    while (i < source.size())
+                    {
+                        // add operations in reverse order to avoid invalid
+                        // indices
+                        result.insert(result.begin() + end_index, object(
+                        {
+                            {"op", "remove"},
+                            {"path", path + "/" + std::to_string(i)}
+                        }));
+                        ++i;
+                    }
+
+                    // add other remaining elements
+                    while (i < target.size())
+                    {
+                        result.push_back(
+                        {
+                            {"op", "add"},
+                            {"path", path + "/" + std::to_string(i)},
+                            {"value", target[i]}
+                        });
+                        ++i;
+                    }
+
+                    break;
+                }
+
+                case value_t::object:
+                {
+                    // first pass: traverse this object's elements
+                    for (auto it = source.cbegin(); it != source.cend(); ++it)
+                    {
+                        // escape the key name to be used in a JSON patch
+                        const auto key = json_pointer::escape(it.key());
+
+                        if (target.find(it.key()) != target.end())
+                        {
+                            // recursive call to compare object values at key it
+                            auto temp_diff = diff(it.value(), target[it.key()], path + "/" + key);
+                            result.insert(result.end(), temp_diff.begin(), temp_diff.end());
+                        }
+                        else
+                        {
+                            // found a key that is not in o -> remove it
+                            result.push_back(object(
+                            {
+                                {"op", "remove"}, {"path", path + "/" + key}
+                            }));
+                        }
+                    }
+
+                    // second pass: traverse other object's elements
+                    for (auto it = target.cbegin(); it != target.cend(); ++it)
+                    {
+                        if (source.find(it.key()) == source.end())
+                        {
+                            // found a key that is not in this -> add it
+                            const auto key = json_pointer::escape(it.key());
+                            result.push_back(
+                            {
+                                {"op", "add"}, {"path", path + "/" + key},
+                                {"value", it.value()}
+                            });
+                        }
+                    }
+
+                    break;
+                }
+
+                default:
+                {
+                    // both primitive type: replace value
+                    result.push_back(
+                    {
+                        {"op", "replace"}, {"path", path}, {"value", target}
+                    });
+                    break;
+                }
+            }
+        }
+
+        return result;
+    }
+
+    /// @}
+
+    ////////////////////////////////
+    // JSON Merge Patch functions //
+    ////////////////////////////////
+
+    /// @name JSON Merge Patch functions
+    /// @{
+
+    /*!
+    @brief applies a JSON Merge Patch
+
+    The merge patch format is primarily intended for use with the HTTP PATCH
+    method as a means of describing a set of modifications to a target
+    resource's content. This function applies a merge patch to the current
+    JSON value.
+
+    The function implements the following algorithm from Section 2 of
+    [RFC 7396 (JSON Merge Patch)](https://tools.ietf.org/html/rfc7396):
+
+    ```
+    define MergePatch(Target, Patch):
+      if Patch is an Object:
+        if Target is not an Object:
+          Target = {} // Ignore the contents and set it to an empty Object
+        for each Name/Value pair in Patch:
+          if Value is null:
+            if Name exists in Target:
+              remove the Name/Value pair from Target
+          else:
+            Target[Name] = MergePatch(Target[Name], Value)
+        return Target
+      else:
+        return Patch
+    ```
+
+    Thereby, `Target` is the current object; that is, the patch is applied to
+    the current value.
+
+    @param[in] apply_patch  the patch to apply
+
+    @complexity Linear in the lengths of @a patch.
+
+    @liveexample{The following code shows how a JSON Merge Patch is applied to
+    a JSON document.,merge_patch}
+
+    @sa @ref patch -- apply a JSON patch
+    @sa [RFC 7396 (JSON Merge Patch)](https://tools.ietf.org/html/rfc7396)
+
+    @since version 3.0.0
+    */
+    void merge_patch(const basic_json& apply_patch)
+    {
+        if (apply_patch.is_object())
+        {
+            if (not is_object())
+            {
+                *this = object();
+            }
+            for (auto it = apply_patch.begin(); it != apply_patch.end(); ++it)
+            {
+                if (it.value().is_null())
+                {
+                    erase(it.key());
+                }
+                else
+                {
+                    operator[](it.key()).merge_patch(it.value());
+                }
+            }
+        }
+        else
+        {
+            *this = apply_patch;
+        }
+    }
+
+    /// @}
+};
+} // namespace nlohmann
+
+///////////////////////
+// nonmember support //
+///////////////////////
+
+// specialization of std::swap, and std::hash
+namespace std
+{
+
+/// hash value for JSON objects
+template<>
+struct hash<nlohmann::json>
+{
+    /*!
+    @brief return a hash value for a JSON object
+
+    @since version 1.0.0
+    */
+    std::size_t operator()(const nlohmann::json& j) const
+    {
+        // a naive hashing via the string representation
+        const auto& h = hash<nlohmann::json::string_t>();
+        return h(j.dump());
+    }
+};
+
+/// specialization for std::less<value_t>
+/// @note: do not remove the space after '<',
+///        see https://github.com/nlohmann/json/pull/679
+template<>
+struct less< ::nlohmann::detail::value_t>
+{
+    /*!
+    @brief compare two value_t enum values
+    @since version 3.0.0
+    */
+    bool operator()(nlohmann::detail::value_t lhs,
+                    nlohmann::detail::value_t rhs) const noexcept
+    {
+        return nlohmann::detail::operator<(lhs, rhs);
+    }
+};
+
+/*!
+@brief exchanges the values of two JSON objects
+
+@since version 1.0.0
+*/
+template<>
+inline void swap<nlohmann::json>(nlohmann::json& j1, nlohmann::json& j2) noexcept(
+    is_nothrow_move_constructible<nlohmann::json>::value and
+    is_nothrow_move_assignable<nlohmann::json>::value
+)
+{
+    j1.swap(j2);
+}
+
+} // namespace std
+
+/*!
+@brief user-defined string literal for JSON values
+
+This operator implements a user-defined string literal for JSON objects. It
+can be used by adding `"_json"` to a string literal and returns a JSON object
+if no parse error occurred.
+
+@param[in] s  a string representation of a JSON object
+@param[in] n  the length of string @a s
+@return a JSON object
+
+@since version 1.0.0
+*/
+inline nlohmann::json operator "" _json(const char* s, std::size_t n)
+{
+    return nlohmann::json::parse(s, s + n);
+}
+
+/*!
+@brief user-defined string literal for JSON pointer
+
+This operator implements a user-defined string literal for JSON Pointers. It
+can be used by adding `"_json_pointer"` to a string literal and returns a JSON pointer
+object if no parse error occurred.
+
+@param[in] s  a string representation of a JSON Pointer
+@param[in] n  the length of string @a s
+@return a JSON pointer object
+
+@since version 2.0.0
+*/
+inline nlohmann::json::json_pointer operator "" _json_pointer(const char* s, std::size_t n)
+{
+    return nlohmann::json::json_pointer(std::string(s, n));
+}
+
+// #include <nlohmann/detail/macro_unscope.hpp>
+
+
+// restore GCC/clang diagnostic settings
+#if defined(__clang__) || defined(__GNUC__) || defined(__GNUG__)
+    #pragma GCC diagnostic pop
+#endif
+#if defined(__clang__)
+    #pragma GCC diagnostic pop
+#endif
+
+// clean up
+#undef JSON_INTERNAL_CATCH
+#undef JSON_CATCH
+#undef JSON_THROW
+#undef JSON_TRY
+#undef JSON_LIKELY
+#undef JSON_UNLIKELY
+#undef JSON_DEPRECATED
+#undef JSON_HAS_CPP_14
+#undef JSON_HAS_CPP_17
+#undef NLOHMANN_BASIC_JSON_TPL_DECLARATION
+#undef NLOHMANN_BASIC_JSON_TPL
+
+
+#endif
diff --git a/third-party/socketpair/CMakeLists.txt b/third-party/socketpair/CMakeLists.txt
index 18f9dba79..89a38f703 100644
--- a/third-party/socketpair/CMakeLists.txt
+++ b/third-party/socketpair/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 set(socketpair_SOURCES
   socketpair.c socketpair.h
diff --git a/third-party/utf8cpp/.gitignore b/third-party/utf8cpp/.gitignore
new file mode 100644
index 000000000..488d51dd9
--- /dev/null
+++ b/third-party/utf8cpp/.gitignore
@@ -0,0 +1,4 @@
+# VS Code:
+.vscode/
+# Often used by CMake 
+build/
\ No newline at end of file
diff --git a/third-party/utf8cpp/CMakeLists.txt b/third-party/utf8cpp/CMakeLists.txt
new file mode 100644
index 000000000..55073cdaa
--- /dev/null
+++ b/third-party/utf8cpp/CMakeLists.txt
@@ -0,0 +1,43 @@
+cmake_minimum_required (VERSION 3.0.2)
+project (utf8cpp VERSION 2.3.6 LANGUAGES CXX)
+
+option(UTF8_TESTS "Enable tests for UTF8-CPP" On)
+option(UTF8_SAMPLES "Enable building samples for UTF8-CPP" On)
+
+add_library(utf8cpp INTERFACE)
+target_include_directories(utf8cpp INTERFACE
+	"$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/source>"
+	$<INSTALL_INTERFACE:include/utf8cpp>
+)
+add_library(utf8::cpp ALIAS utf8cpp)
+
+if(WIN32 AND NOT CYGWIN)
+    set(DEF_INSTALL_CMAKE_DIR CMake)
+else()
+    include(GNUInstallDirs) # define CMAKE_INSTALL_*
+    set(DEF_INSTALL_CMAKE_DIR ${CMAKE_INSTALL_LIBDIR}/cmake/utf8cpp)
+endif()
+
+install(DIRECTORY source/ DESTINATION include/utf8cpp)
+install(TARGETS utf8cpp EXPORT utf8cppConfig)
+install(EXPORT utf8cppConfig DESTINATION ${DEF_INSTALL_CMAKE_DIR})
+
+if(UTF8_SAMPLES)
+	add_executable(utf8reader ${PROJECT_SOURCE_DIR}/test_drivers/utf8reader/utf8reader.cpp)
+	add_executable(docsample ${PROJECT_SOURCE_DIR}/samples/docsample.cpp)
+
+	target_link_libraries(utf8reader PRIVATE utf8::cpp)
+	target_link_libraries(docsample PRIVATE utf8::cpp)
+endif()
+
+if(UTF8_TESTS)
+	add_executable(smoke ${PROJECT_SOURCE_DIR}/test_drivers/smoke_test/test.cpp)
+	add_executable(negative ${PROJECT_SOURCE_DIR}/test_drivers/negative/negative.cpp)
+
+	target_link_libraries(smoke PRIVATE utf8::cpp)
+	target_link_libraries(negative PRIVATE utf8::cpp)
+
+	enable_testing()
+	add_test(smoke_test smoke)
+	add_test(negative_test negative ${PROJECT_SOURCE_DIR}/test_data/negative/utf8_invalid.txt)
+endif()
diff --git a/third-party/utf8cpp/LICENSE b/third-party/utf8cpp/LICENSE
new file mode 100644
index 000000000..36b7cd93c
--- /dev/null
+++ b/third-party/utf8cpp/LICENSE
@@ -0,0 +1,23 @@
+Boost Software License - Version 1.0 - August 17th, 2003
+
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/third-party/utf8cpp/README.md b/third-party/utf8cpp/README.md
new file mode 100644
index 000000000..09996abc8
--- /dev/null
+++ b/third-party/utf8cpp/README.md
@@ -0,0 +1,1090 @@
+# UTF8-CPP: UTF-8 with C++ in a Portable Way
+
+
+## Introduction
+
+Many C++ developers miss an easy and portable way of handling Unicode encoded strings. The original C++ Standard (known as C++98 or C++03) is Unicode agnostic. C++11 provides some support for Unicode on core language and library level: u8, u, and U character and string literals, char16_t and char32_t character types, u16string and u32string library classes, and codecvt support for conversions between Unicode encoding forms. In the meantime, developers use third party libraries like ICU, OS specific capabilities, or simply roll out their own solutions.
+
+In order to easily handle UTF-8 encoded Unicode strings, I came up with a small, C++98 compatible generic library. For anybody used to work with STL algorithms and iterators, it should be easy and natural to use. The code is freely available for any purpose - check out the [license](./LICENSE). The library has been used a lot in the past ten years both in commercial and open-source projects and is considered feature-complete now. If you run into bugs or performance issues, please let me know and I'll do my best to address them.
+
+The purpose of this article is not to offer an introduction to Unicode in general, and UTF-8 in particular. If you are not familiar with Unicode, be sure to check out [Unicode Home Page](http://www.unicode.org/) or some other source of information for Unicode. Also, it is not my aim to advocate the use of UTF-8 encoded strings in C++ programs; if you want to handle UTF-8 encoded strings from C++, I am sure you have good reasons for it.
+
+## Examples of use
+
+### Introductionary Sample
+
+To illustrate the use of the library, let's start with a small but complete program that opens a file containing UTF-8 encoded text, reads it line by line, checks each line for invalid UTF-8 byte sequences, and converts it to UTF-16 encoding and back to UTF-8:
+
+```cpp
+#include <fstream>
+#include <iostream>
+#include <string>
+#include <vector>
+#include "utf8.h"
+using namespace std;
+int main(int argc, char** argv)
+{
+    if (argc != 2) {
+        cout << "\nUsage: docsample filename\n";
+        return 0;
+    }
+
+    const char* test_file_path = argv[1];
+    // Open the test file (contains UTF-8 encoded text)
+    ifstream fs8(test_file_path);
+    if (!fs8.is_open()) {
+    cout << "Could not open " << test_file_path << endl;
+    return 0;
+    }
+
+    unsigned line_count = 1;
+    string line;
+    // Play with all the lines in the file
+    while (getline(fs8, line)) {
+       // check for invalid utf-8 (for a simple yes/no check, there is also utf8::is_valid function)
+        string::iterator end_it = utf8::find_invalid(line.begin(), line.end());
+        if (end_it != line.end()) {
+            cout << "Invalid UTF-8 encoding detected at line " << line_count << "\n";
+            cout << "This part is fine: " << string(line.begin(), end_it) << "\n";
+        }
+
+        // Get the line length (at least for the valid part)
+        int length = utf8::distance(line.begin(), end_it);
+        cout << "Length of line " << line_count << " is " << length <<  "\n";
+
+        // Convert it to utf-16
+        vector<unsigned short> utf16line;
+        utf8::utf8to16(line.begin(), end_it, back_inserter(utf16line));
+
+        // And back to utf-8
+        string utf8line; 
+        utf8::utf16to8(utf16line.begin(), utf16line.end(), back_inserter(utf8line));
+
+        // Confirm that the conversion went OK:
+        if (utf8line != string(line.begin(), end_it))
+            cout << "Error in UTF-16 conversion at line: " << line_count << "\n";        
+
+        line_count++;
+    }
+    return 0;
+}
+```
+
+In the previous code sample, for each line we performed a detection of invalid UTF-8 sequences with `find_invalid`; the number of characters (more precisely - the number of Unicode code points, including the end of line and even BOM if there is one) in each line was determined with a use of `utf8::distance`; finally, we have converted each line to UTF-16 encoding with `utf8to16` and back to UTF-8 with `utf16to8`.
+
+### Checking if a file contains valid UTF-8 text
+
+Here is a function that checks whether the content of a file is valid UTF-8 encoded text without reading the content into the memory:
+
+```cpp
+bool valid_utf8_file(const char* file_name)
+{
+    ifstream ifs(file_name);
+    if (!ifs)
+        return false; // even better, throw here
+
+    istreambuf_iterator<char> it(ifs.rdbuf());
+    istreambuf_iterator<char> eos;
+
+    return utf8::is_valid(it, eos);
+}
+```
+
+Because the function `utf8::is_valid()` works with input iterators, we were able to pass an `istreambuf_iterator` to it and read the content of the file directly without loading it to the memory first.
+
+Note that other functions that take input iterator arguments can be used in a similar way. For instance, to read the content of a UTF-8 encoded text file and convert the text to UTF-16, just do something like:
+
+```cpp
+    utf8::utf8to16(it, eos, back_inserter(u16string));
+```
+
+### Ensure that a string contains valid UTF-8 text
+
+If we have some text that "probably" contains UTF-8 encoded text and we want to replace any invalid UTF-8 sequence with a replacement character, something like the following function may be used:
+
+```cpp
+void fix_utf8_string(std::string& str)
+{
+    std::string temp;
+    utf8::replace_invalid(str.begin(), str.end(), back_inserter(temp));
+    str = temp;
+}
+```
+
+The function will replace any invalid UTF-8 sequence with a Unicode replacement character. There is an overloaded function that enables the caller to supply their own replacement character.
+
+## Reference
+
+### Functions From utf8 Namespace
+
+#### utf8::append
+
+Available in version 1.0 and later.
+
+Encodes a 32 bit code point as a UTF-8 sequence of octets and appends the sequence to a UTF-8 string.
+
+```cpp
+template <typename octet_iterator>
+octet_iterator append(uint32_t cp, octet_iterator result);
+```
+
+`octet_iterator`: an output iterator.  
+`cp`: a 32 bit integer representing a code point to append to the sequence.  
+`result`: an output iterator to the place in the sequence where to append the code point.  
+Return value: an iterator pointing to the place after the newly appended sequence.
+
+Example of use:
+
+```cpp
+unsigned char u[5] = {0,0,0,0,0};
+unsigned char* end = append(0x0448, u);
+assert (u[0] == 0xd1 && u[1] == 0x88 && u[2] == 0 && u[3] == 0 && u[4] == 0);
+```
+
+Note that `append` does not allocate any memory - it is the burden of the caller to make sure there is enough memory allocated for the operation. To make things more interesting, `append` can add anywhere between 1 and 4 octets to the sequence. In practice, you would most often want to use `std::back_inserter` to ensure that the necessary memory is allocated.
+
+In case of an invalid code point, a `utf8::invalid_code_point` exception is thrown.
+
+#### utf8::next
+
+Available in version 1.0 and later.
+
+Given the iterator to the beginning of the UTF-8 sequence, it returns the code point and moves the iterator to the next position.
+
+```cpp
+template <typename octet_iterator> 
+uint32_t next(octet_iterator& it, octet_iterator end);
+```
+
+`octet_iterator`: an input iterator.  
+`it`: a reference to an iterator pointing to the beginning of an UTF-8 encoded code point. After the function returns, it is incremented to point to the beginning of the next code point.  
+`end`: end of the UTF-8 sequence to be processed. If `it` gets equal to `end` during the extraction of a code point, an `utf8::not_enough_room` exception is thrown.  
+Return value: the 32 bit representation of the processed UTF-8 code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+char* w = twochars;
+int cp = next(w, twochars + 6);
+assert (cp == 0x65e5);
+assert (w == twochars + 3);
+```
+
+This function is typically used to iterate through a UTF-8 encoded string.
+
+In case of an invalid UTF-8 seqence, a `utf8::invalid_utf8` exception is thrown.
+
+#### utf8::peek_next
+
+Available in version 2.1 and later.
+
+Given the iterator to the beginning of the UTF-8 sequence, it returns the code point for the following sequence without changing the value of the iterator.
+
+```cpp
+template <typename octet_iterator> 
+uint32_t peek_next(octet_iterator it, octet_iterator end);
+```
+
+
+`octet_iterator`: an input iterator.  
+`it`: an iterator pointing to the beginning of an UTF-8 encoded code point.  
+`end`: end of the UTF-8 sequence to be processed. If `it` gets equal to `end` during the extraction of a code point, an `utf8::not_enough_room` exception is thrown.  
+Return value: the 32 bit representation of the processed UTF-8 code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+char* w = twochars;
+int cp = peek_next(w, twochars + 6);
+assert (cp == 0x65e5);
+assert (w == twochars);
+```
+
+In case of an invalid UTF-8 seqence, a `utf8::invalid_utf8` exception is thrown.
+
+#### utf8::prior
+
+Available in version 1.02 and later.
+
+Given a reference to an iterator pointing to an octet in a UTF-8 sequence, it decreases the iterator until it hits the beginning of the previous UTF-8 encoded code point and returns the 32 bits representation of the code point.
+
+```cpp
+template <typename octet_iterator> 
+uint32_t prior(octet_iterator& it, octet_iterator start);
+```
+
+`octet_iterator`: a bidirectional iterator.  
+`it`: a reference pointing to an octet within a UTF-8 encoded string. After the function returns, it is decremented to point to the beginning of the previous code point.  
+`start`: an iterator to the beginning of the sequence where the search for the beginning of a code point is performed. It is a safety measure to prevent passing the beginning of the string in the search for a UTF-8 lead octet.  
+ Return value: the 32 bit representation of the previous code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+unsigned char* w = twochars + 3;
+int cp = prior (w, twochars);
+assert (cp == 0x65e5);
+assert (w == twochars);
+```
+
+This function has two purposes: one is two iterate backwards through a UTF-8 encoded string. Note that it is usually a better idea to iterate forward instead, since `utf8::next` is faster. The second purpose is to find a beginning of a UTF-8 sequence if we have a random position within a string. Note that in that case `utf8::prior` may not detect an invalid UTF-8 sequence in some scenarios: for instance if there are superfluous trail octets, it will just skip them.
+
+`it` will typically point to the beginning of a code point, and `start` will point to the beginning of the string to ensure we don't go backwards too far. `it` is decreased until it points to a lead UTF-8 octet, and then the UTF-8 sequence beginning with that octet is decoded to a 32 bit representation and returned.
+
+In case `start` is reached before a UTF-8 lead octet is hit, or if an invalid UTF-8 sequence is started by the lead octet, an `invalid_utf8` exception is thrown.
+
+In case `start` equals `it`, a `not_enough_room` exception is thrown.
+
+#### utf8::previous
+
+Deprecated in version 1.02 and later.
+
+Given a reference to an iterator pointing to an octet in a UTF-8 seqence, it decreases the iterator until it hits the beginning of the previous UTF-8 encoded code point and returns the 32 bits representation of the code point.
+
+```cpp
+template <typename octet_iterator> 
+uint32_t previous(octet_iterator& it, octet_iterator pass_start);
+```
+
+`octet_iterator`: a random access iterator.  
+`it`: a reference pointing to an octet within a UTF-8 encoded string. After the function returns, it is decremented to point to the beginning of the previous code point.  
+`pass_start`: an iterator to the point in the sequence where the search for the beginning of a code point is aborted if no result was reached. It is a safety measure to prevent passing the beginning of the string in the search for a UTF-8 lead octet.  
+Return value: the 32 bit representation of the previous code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+unsigned char* w = twochars + 3;
+int cp = previous (w, twochars - 1);
+assert (cp == 0x65e5);
+assert (w == twochars);
+```
+
+
+`utf8::previous` is deprecated, and `utf8::prior` should be used instead, although the existing code can continue using this function. The problem is the parameter `pass_start` that points to the position just before the beginning of the sequence. Standard containers don't have the concept of "pass start" and the function can not be used with their iterators.
+
+`it` will typically point to the beginning of a code point, and `pass_start` will point to the octet just before the beginning of the string to ensure we don't go backwards too far. `it` is decreased until it points to a lead UTF-8 octet, and then the UTF-8 sequence beginning with that octet is decoded to a 32 bit representation and returned.
+
+In case `pass_start` is reached before a UTF-8 lead octet is hit, or if an invalid UTF-8 sequence is started by the lead octet, an `invalid_utf8` exception is thrown
+
+#### utf8::advance
+Available in version 1.0 and later.
+
+Advances an iterator by the specified number of code points within an UTF-8 sequence.
+
+```cpp
+template <typename octet_iterator, typename distance_type> 
+void advance (octet_iterator& it, distance_type n, octet_iterator end);
+```
+
+`octet_iterator`: an input iterator.  
+`distance_type`: an integral type convertible to `octet_iterator`'s difference type.  
+`it`: a reference to an iterator pointing to the beginning of an UTF-8 encoded code point. After the function returns, it is incremented to point to the nth following code point.  
+`n`: a positive integer that shows how many code points we want to advance.  
+`end`: end of the UTF-8 sequence to be processed. If `it` gets equal to `end` during the extraction of a code point, an `utf8::not_enough_room` exception is thrown.  
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+unsigned char* w = twochars;
+advance (w, 2, twochars + 6);
+assert (w == twochars + 5);
+```
+
+This function works only "forward". In case of a negative `n`, there is no effect.
+
+In case of an invalid code point, a `utf8::invalid_code_point` exception is thrown.
+
+#### utf8::distance
+
+Available in version 1.0 and later.
+
+Given the iterators to two UTF-8 encoded code points in a seqence, returns the number of code points between them.
+
+```cpp
+template <typename octet_iterator> 
+typename std::iterator_traits<octet_iterator>::difference_type distance (octet_iterator first, octet_iterator last);
+```
+
+`octet_iterator`: an input iterator.  
+`first`: an iterator to a beginning of a UTF-8 encoded code point.  
+`last`: an iterator to a "post-end" of the last UTF-8 encoded code point in the sequence we are trying to determine the length. It can be the beginning of a new code point, or not.  
+ Return value the distance between the iterators, in code points.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+size_t dist = utf8::distance(twochars, twochars + 5);
+assert (dist == 2);
+```
+
+This function is used to find the length (in code points) of a UTF-8 encoded string. The reason it is called _distance_, rather than, say, _length_ is mainly because developers are used that _length_ is an O(1) function. Computing the length of an UTF-8 string is a linear operation, and it looked better to model it after `std::distance` algorithm.
+
+In case of an invalid UTF-8 seqence, a `utf8::invalid_utf8` exception is thrown. If `last` does not point to the past-of-end of a UTF-8 seqence, a `utf8::not_enough_room` exception is thrown.
+
+#### utf8::utf16to8
+
+Available in version 1.0 and later.
+
+Converts a UTF-16 encoded string to UTF-8.
+
+```cpp
+template <typename u16bit_iterator, typename octet_iterator>
+octet_iterator utf16to8 (u16bit_iterator start, u16bit_iterator end, octet_iterator result);
+```
+
+`u16bit_iterator`: an input iterator.  
+`octet_iterator`: an output iterator.  
+`start`: an iterator pointing to the beginning of the UTF-16 encoded string to convert.  
+`end`: an iterator pointing to pass-the-end of the UTF-16 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-8 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-8 string.
+
+Example of use:
+
+```cpp
+unsigned short utf16string[] = {0x41, 0x0448, 0x65e5, 0xd834, 0xdd1e};
+vector<unsigned char> utf8result;
+utf16to8(utf16string, utf16string + 5, back_inserter(utf8result));
+assert (utf8result.size() == 10);    
+```
+
+In case of invalid UTF-16 sequence, a `utf8::invalid_utf16` exception is thrown.
+
+#### utf8::utf8to16
+
+Available in version 1.0 and later.
+
+Converts an UTF-8 encoded string to UTF-16
+
+```cpp
+template <typename u16bit_iterator, typename octet_iterator>
+u16bit_iterator utf8to16 (octet_iterator start, octet_iterator end, u16bit_iterator result);
+```
+
+`octet_iterator`: an input iterator.  
+`u16bit_iterator`: an output iterator.  
+`start`: an iterator pointing to the beginning of the UTF-8 encoded string to convert. < br /> `end`: an iterator pointing to pass-the-end of the UTF-8 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-16 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-16 string.
+
+Example of use:
+
+```cpp
+char utf8_with_surrogates[] = "\xe6\x97\xa5\xd1\x88\xf0\x9d\x84\x9e";
+vector <unsigned short> utf16result;
+utf8to16(utf8_with_surrogates, utf8_with_surrogates + 9, back_inserter(utf16result));
+assert (utf16result.size() == 4);
+assert (utf16result[2] == 0xd834);
+assert (utf16result[3] == 0xdd1e);
+```
+
+In case of an invalid UTF-8 seqence, a `utf8::invalid_utf8` exception is thrown. If `end` does not point to the past-of-end of a UTF-8 seqence, a `utf8::not_enough_room` exception is thrown.
+
+#### utf8::utf32to8
+
+Available in version 1.0 and later.
+
+Converts a UTF-32 encoded string to UTF-8.
+
+```cpp
+template <typename octet_iterator, typename u32bit_iterator>
+octet_iterator utf32to8 (u32bit_iterator start, u32bit_iterator end, octet_iterator result);
+```
+
+`octet_iterator`: an output iterator.  
+`u32bit_iterator`: an input iterator.  
+`start`: an iterator pointing to the beginning of the UTF-32 encoded string to convert.  
+`end`: an iterator pointing to pass-the-end of the UTF-32 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-8 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-8 string.
+
+Example of use:
+
+```
+int utf32string[] = {0x448, 0x65E5, 0x10346, 0};
+vector<unsigned char> utf8result;
+utf32to8(utf32string, utf32string + 3, back_inserter(utf8result));
+assert (utf8result.size() == 9);
+```
+
+In case of invalid UTF-32 string, a `utf8::invalid_code_point` exception is thrown.
+
+#### utf8::utf8to32
+
+Available in version 1.0 and later.
+
+Converts a UTF-8 encoded string to UTF-32.
+
+```cpp
+template <typename octet_iterator, typename u32bit_iterator>
+u32bit_iterator utf8to32 (octet_iterator start, octet_iterator end, u32bit_iterator result);
+```
+
+`octet_iterator`: an input iterator.  
+`u32bit_iterator`: an output iterator.  
+`start`: an iterator pointing to the beginning of the UTF-8 encoded string to convert.  
+`end`: an iterator pointing to pass-the-end of the UTF-8 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-32 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-32 string.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+vector<int> utf32result;
+utf8to32(twochars, twochars + 5, back_inserter(utf32result));
+assert (utf32result.size() == 2);
+```
+
+In case of an invalid UTF-8 seqence, a `utf8::invalid_utf8` exception is thrown. If `end` does not point to the past-of-end of a UTF-8 seqence, a `utf8::not_enough_room` exception is thrown.
+
+#### utf8::find_invalid
+
+Available in version 1.0 and later.
+
+Detects an invalid sequence within a UTF-8 string.
+
+```cpp
+template <typename octet_iterator> 
+octet_iterator find_invalid(octet_iterator start, octet_iterator end);
+```
+
+`octet_iterator`: an input iterator.  
+`start`: an iterator pointing to the beginning of the UTF-8 string to test for validity.  
+`end`: an iterator pointing to pass-the-end of the UTF-8 string to test for validity.  
+Return value: an iterator pointing to the first invalid octet in the UTF-8 string. In case none were found, equals `end`.
+
+Example of use:
+
+```cpp
+char utf_invalid[] = "\xe6\x97\xa5\xd1\x88\xfa";
+char* invalid = find_invalid(utf_invalid, utf_invalid + 6);
+assert (invalid == utf_invalid + 5);
+```
+
+This function is typically used to make sure a UTF-8 string is valid before processing it with other functions. It is especially important to call it if before doing any of the _unchecked_ operations on it.
+
+#### utf8::is_valid
+
+Available in version 1.0 and later.
+
+Checks whether a sequence of octets is a valid UTF-8 string.
+
+```cpp
+template <typename octet_iterator> 
+bool is_valid(octet_iterator start, octet_iterator end);
+```
+
+`octet_iterator`: an input iterator.  
+`start`: an iterator pointing to the beginning of the UTF-8 string to test for validity.  
+`end`: an iterator pointing to pass-the-end of the UTF-8 string to test for validity.  
+Return value: `true` if the sequence is a valid UTF-8 string; `false` if not.
+
+Example of use:
+
+```cpp
+char utf_invalid[] = "\xe6\x97\xa5\xd1\x88\xfa";
+bool bvalid = is_valid(utf_invalid, utf_invalid + 6);
+assert (bvalid == false);
+```
+
+`is_valid` is a shorthand for `find_invalid(start, end) == end;`. You may want to use it to make sure that a byte seqence is a valid UTF-8 string without the need to know where it fails if it is not valid.
+
+#### utf8::replace_invalid
+
+Available in version 2.0 and later.
+
+Replaces all invalid UTF-8 sequences within a string with a replacement marker.
+
+```cpp
+template <typename octet_iterator, typename output_iterator>
+output_iterator replace_invalid(octet_iterator start, octet_iterator end, output_iterator out, uint32_t replacement);
+template <typename octet_iterator, typename output_iterator>
+output_iterator replace_invalid(octet_iterator start, octet_iterator end, output_iterator out);
+```
+
+`octet_iterator`: an input iterator.  
+`output_iterator`: an output iterator.  
+`start`: an iterator pointing to the beginning of the UTF-8 string to look for invalid UTF-8 sequences.  
+`end`: an iterator pointing to pass-the-end of the UTF-8 string to look for invalid UTF-8 sequences.  
+`out`: An output iterator to the range where the result of replacement is stored.  
+`replacement`: A Unicode code point for the replacement marker. The version without this parameter assumes the value `0xfffd`  
+Return value: An iterator pointing to the place after the UTF-8 string with replaced invalid sequences.
+
+Example of use:
+
+```cpp
+char invalid_sequence[] = "a\x80\xe0\xa0\xc0\xaf\xed\xa0\x80z";
+vector<char> replace_invalid_result;
+replace_invalid (invalid_sequence, invalid_sequence + sizeof(invalid_sequence), back_inserter(replace_invalid_result), '?');
+bvalid = is_valid(replace_invalid_result.begin(), replace_invalid_result.end());
+assert (bvalid);
+char* fixed_invalid_sequence = "a????z";
+assert (std::equal(replace_invalid_result.begin(), replace_invalid_result.end(), fixed_invalid_sequence));
+```
+
+`replace_invalid` does not perform in-place replacement of invalid sequences. Rather, it produces a copy of the original string with the invalid sequences replaced with a replacement marker. Therefore, `out` must not be in the `[start, end]` range.
+
+If `end` does not point to the past-of-end of a UTF-8 sequence, a `utf8::not_enough_room` exception is thrown.
+
+#### utf8::starts_with_bom
+
+Available in version 2.3 and later. Relaces deprecated `is_bom()` function.
+
+Checks whether an octet sequence starts with a UTF-8 byte order mark (BOM)
+
+```cpp
+template <typename octet_iterator> 
+bool starts_with_bom (octet_iterator it, octet_iterator end);
+```
+
+`octet_iterator`: an input iterator.  
+`it`: beginning of the octet sequence to check  
+`end`: pass-end of the sequence to check  
+Return value: `true` if the sequence starts with a UTF-8 byte order mark; `false` if not.
+
+Example of use:
+
+```cpp
+unsigned char byte_order_mark[] = {0xef, 0xbb, 0xbf};
+bool bbom = starts_with_bom(byte_order_mark, byte_order_mark + sizeof(byte_order_mark));
+assert (bbom == true);
+```
+
+The typical use of this function is to check the first three bytes of a file. If they form the UTF-8 BOM, we want to skip them before processing the actual UTF-8 encoded text.
+
+#### utf8::is_bom
+
+Available in version 1.0 and later. Deprecated in version 2.3\. `starts_with_bom()` should be used instead.
+
+Checks whether a sequence of three octets is a UTF-8 byte order mark (BOM)
+
+```cpp
+template <typename octet_iterator> 
+bool is_bom (octet_iterator it);  // Deprecated
+```
+
+`octet_iterator`: an input iterator.  
+`it`: beginning of the 3-octet sequence to check  
+Return value: `true` if the sequence is UTF-8 byte order mark; `false` if not.
+
+Example of use:
+
+```cpp
+unsigned char byte_order_mark[] = {0xef, 0xbb, 0xbf};
+bool bbom = is_bom(byte_order_mark);
+assert (bbom == true);
+```
+
+The typical use of this function is to check the first three bytes of a file. If they form the UTF-8 BOM, we want to skip them before processing the actual UTF-8 encoded text.
+
+If a sequence is shorter than three bytes, an invalid iterator will be dereferenced. Therefore, this function is deprecated in favor of `starts_with_bom()`that takes the end of sequence as an argument.
+
+### Types From utf8 Namespace
+
+#### utf8::exception
+
+Available in version 2.3 and later.
+
+Base class for the exceptions thrown by UTF CPP library functions.
+
+```cpp
+class exception : public std::exception {};
+```
+
+Example of use:
+
+```cpp
+try {
+  code_that_uses_utf_cpp_library();
+}
+catch(const utf8::exception& utfcpp_ex) {
+  cerr << utfcpp_ex.what();
+}
+```
+
+#### utf8::invalid_code_point
+
+Available in version 1.0 and later.
+
+Thrown by UTF8 CPP functions such as `advance` and `next` if an UTF-8 sequence represents and invalid code point.
+
+```cpp
+class invalid_code_point : public exception {
+public: 
+    uint32_t code_point() const;
+};
+```
+
+Member function `code_point()` can be used to determine the invalid code point that caused the exception to be thrown.
+
+#### utf8::invalid_utf8
+
+Available in version 1.0 and later.
+
+Thrown by UTF8 CPP functions such as `next` and `prior` if an invalid UTF-8 sequence is detected during decoding.
+
+```cpp
+class invalid_utf8 : public exception {
+public: 
+    uint8_t utf8_octet() const;
+};
+```
+
+Member function `utf8_octet()` can be used to determine the beginning of the byte sequence that caused the exception to be thrown.
+
+#### utf8::invalid_utf16
+
+Available in version 1.0 and later.
+
+Thrown by UTF8 CPP function `utf16to8` if an invalid UTF-16 sequence is detected during decoding.
+
+```cpp
+class invalid_utf16 : public exception {
+public: 
+    uint16_t utf16_word() const;
+};
+```
+
+Member function `utf16_word()` can be used to determine the UTF-16 code unit that caused the exception to be thrown.
+
+#### utf8::not_enough_room
+
+Available in version 1.0 and later.
+
+Thrown by UTF8 CPP functions such as `next` if the end of the decoded UTF-8 sequence was reached before the code point was decoded.
+
+```cpp
+class not_enough_room : public exception {};
+```
+
+#### utf8::iterator
+
+Available in version 2.0 and later.
+
+Adapts the underlying octet iterator to iterate over the sequence of code points, rather than raw octets.
+
+```cpp
+template <typename octet_iterator>
+class iterator;
+```
+
+##### Member functions
+
+`iterator();` the deafult constructor; the underlying octet_iterator is constructed with its default constructor. 
+`explicit iterator (const octet_iterator& octet_it, const octet_iterator& range_start, const octet_iterator& range_end);` a constructor that initializes the underlying octet_iterator with octet_it and sets the range in which the iterator is considered valid.
+`octet_iterator base () const;` returns the underlying octet_iterator.
+`uint32_t operator * () const;` decodes the utf-8 sequence the underlying octet_iterator is pointing to and returns the code point.
+`bool operator == (const iterator& rhs) const;` returns `true` if the two underlaying iterators are equal.
+`bool operator != (const iterator& rhs) const;` returns `true` if the two underlaying iterators are not equal.
+`iterator& operator ++ ();` the prefix increment - moves the iterator to the next UTF-8 encoded code point.
+`iterator operator ++ (int);` the postfix increment - moves the iterator to the next UTF-8 encoded code point and returns the current one.
+`iterator& operator -- ();` the prefix decrement - moves the iterator to the previous UTF-8 encoded code point.
+`iterator operator -- (int);` the postfix decrement - moves the iterator to the previous UTF-8 encoded code point and returns the current one.
+
+Example of use:
+
+```cpp
+char* threechars = "\xf0\x90\x8d\x86\xe6\x97\xa5\xd1\x88";
+utf8::iterator<char*> it(threechars, threechars, threechars + 9);
+utf8::iterator<char*> it2 = it;
+assert (it2 == it);
+assert (*it == 0x10346);
+assert (*(++it) == 0x65e5);
+assert ((*it++) == 0x65e5);
+assert (*it == 0x0448);
+assert (it != it2);
+utf8::iterator<char*> endit (threechars + 9, threechars, threechars + 9);  
+assert (++it == endit);
+assert (*(--it) == 0x0448);
+assert ((*it--) == 0x0448);
+assert (*it == 0x65e5);
+assert (--it == utf8::iterator<char*>(threechars, threechars, threechars + 9));
+assert (*it == 0x10346);
+```
+
+The purpose of `utf8::iterator` adapter is to enable easy iteration as well as the use of STL algorithms with UTF-8 encoded strings. Increment and decrement operators are implemented in terms of `utf8::next()` and `utf8::prior()` functions.
+
+Note that `utf8::iterator` adapter is a checked iterator. It operates on the range specified in the constructor; any attempt to go out of that range will result in an exception. Even the comparison operators require both iterator object to be constructed against the same range - otherwise an exception is thrown. Typically, the range will be determined by sequence container functions `begin` and `end`, i.e.:
+
+```cpp
+std::string s = "example";
+utf8::iterator i (s.begin(), s.begin(), s.end());
+```
+
+### Functions From utf8::unchecked Namespace
+
+#### utf8::unchecked::append
+
+Available in version 1.0 and later.
+
+Encodes a 32 bit code point as a UTF-8 sequence of octets and appends the sequence to a UTF-8 string.
+
+```cpp
+template <typename octet_iterator>
+octet_iterator append(uint32_t cp, octet_iterator result);
+```
+
+`cp`: A 32 bit integer representing a code point to append to the sequence.  
+`result`: An output iterator to the place in the sequence where to append the code point.  
+Return value: An iterator pointing to the place after the newly appended sequence.
+
+Example of use:
+
+```cpp
+unsigned char u[5] = {0,0,0,0,0};
+unsigned char* end = unchecked::append(0x0448, u);
+assert (u[0] == 0xd1 && u[1] == 0x88 && u[2] == 0 && u[3] == 0 && u[4] == 0);
+```
+
+This is a faster but less safe version of `utf8::append`. It does not check for validity of the supplied code point, and may produce an invalid UTF-8 sequence.
+
+#### utf8::unchecked::next
+
+Available in version 1.0 and later.
+
+Given the iterator to the beginning of a UTF-8 sequence, it returns the code point and moves the iterator to the next position.
+
+```cpp
+template <typename octet_iterator>
+uint32_t next(octet_iterator& it);
+```
+
+`it`: a reference to an iterator pointing to the beginning of an UTF-8 encoded code point. After the function returns, it is incremented to point to the beginning of the next code point.  
+ Return value: the 32 bit representation of the processed UTF-8 code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+char* w = twochars;
+int cp = unchecked::next(w);
+assert (cp == 0x65e5);
+assert (w == twochars + 3);
+```
+
+This is a faster but less safe version of `utf8::next`. It does not check for validity of the supplied UTF-8 sequence.
+
+#### utf8::unchecked::peek_next
+
+Available in version 2.1 and later.
+
+Given the iterator to the beginning of a UTF-8 sequence, it returns the code point.
+
+```cpp
+template <typename octet_iterator>
+uint32_t peek_next(octet_iterator it);
+```
+
+`it`: an iterator pointing to the beginning of an UTF-8 encoded code point.  
+Return value: the 32 bit representation of the processed UTF-8 code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+char* w = twochars;
+int cp = unchecked::peek_next(w);
+assert (cp == 0x65e5);
+assert (w == twochars);
+```
+
+This is a faster but less safe version of `utf8::peek_next`. It does not check for validity of the supplied UTF-8 sequence.
+
+#### utf8::unchecked::prior
+
+Available in version 1.02 and later.
+
+Given a reference to an iterator pointing to an octet in a UTF-8 seqence, it decreases the iterator until it hits the beginning of the previous UTF-8 encoded code point and returns the 32 bits representation of the code point.
+
+```cpp
+template <typename octet_iterator>
+uint32_t prior(octet_iterator& it);
+```
+
+`it`: a reference pointing to an octet within a UTF-8 encoded string. After the function returns, it is decremented to point to the beginning of the previous code point.  
+ Return value: the 32 bit representation of the previous code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+char* w = twochars + 3;
+int cp = unchecked::prior (w);
+assert (cp == 0x65e5);
+assert (w == twochars);
+```
+
+This is a faster but less safe version of `utf8::prior`. It does not check for validity of the supplied UTF-8 sequence and offers no boundary checking.
+
+#### utf8::unchecked::previous (deprecated, see utf8::unchecked::prior)
+
+Deprecated in version 1.02 and later.
+
+Given a reference to an iterator pointing to an octet in a UTF-8 seqence, it decreases the iterator until it hits the beginning of the previous UTF-8 encoded code point and returns the 32 bits representation of the code point.
+
+```cpp
+template <typename octet_iterator>
+uint32_t previous(octet_iterator& it);
+```
+
+`it`: a reference pointing to an octet within a UTF-8 encoded string. After the function returns, it is decremented to point to the beginning of the previous code point.  
+Return value: the 32 bit representation of the previous code point.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+char* w = twochars + 3;
+int cp = unchecked::previous (w);
+assert (cp == 0x65e5);
+assert (w == twochars);
+```
+
+The reason this function is deprecated is just the consistency with the "checked" versions, where `prior` should be used instead of `previous`. In fact, `unchecked::previous` behaves exactly the same as `unchecked::prior`
+
+This is a faster but less safe version of `utf8::previous`. It does not check for validity of the supplied UTF-8 sequence and offers no boundary checking.
+
+#### utf8::unchecked::advance
+
+Available in version 1.0 and later.
+
+Advances an iterator by the specified number of code points within an UTF-8 sequence.
+
+```cpp
+template <typename octet_iterator, typename distance_type>
+void advance (octet_iterator& it, distance_type n);
+```
+
+`it`: a reference to an iterator pointing to the beginning of an UTF-8 encoded code point. After the function returns, it is incremented to point to the nth following code point.  
+`n`: a positive integer that shows how many code points we want to advance.  
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+char* w = twochars;
+unchecked::advance (w, 2);
+assert (w == twochars + 5);
+```
+
+This function works only "forward". In case of a negative `n`, there is no effect.
+
+This is a faster but less safe version of `utf8::advance`. It does not check for validity of the supplied UTF-8 sequence and offers no boundary checking.
+
+#### utf8::unchecked::distance
+
+Available in version 1.0 and later.
+
+Given the iterators to two UTF-8 encoded code points in a seqence, returns the number of code points between them.
+
+```cpp
+template <typename octet_iterator>
+typename std::iterator_traits<octet_iterator>::difference_type distance (octet_iterator first, octet_iterator last);
+```
+
+`first`: an iterator to a beginning of a UTF-8 encoded code point.  
+`last`: an iterator to a "post-end" of the last UTF-8 encoded code point in the sequence we are trying to determine the length. It can be the beginning of a new code point, or not.  
+Return value: the distance between the iterators, in code points.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+size_t dist = utf8::unchecked::distance(twochars, twochars + 5);
+assert (dist == 2);
+```
+
+This is a faster but less safe version of `utf8::distance`. It does not check for validity of the supplied UTF-8 sequence.
+
+#### utf8::unchecked::utf16to8
+
+Available in version 1.0 and later.
+
+Converts a UTF-16 encoded string to UTF-8.
+
+```cpp
+template <typename u16bit_iterator, typename octet_iterator>
+octet_iterator utf16to8 (u16bit_iterator start, u16bit_iterator end, octet_iterator result);
+```
+
+`start`: an iterator pointing to the beginning of the UTF-16 encoded string to convert.  
+`end`: an iterator pointing to pass-the-end of the UTF-16 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-8 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-8 string.
+
+Example of use:
+
+```cpp
+unsigned short utf16string[] = {0x41, 0x0448, 0x65e5, 0xd834, 0xdd1e};
+vector<unsigned char> utf8result;
+unchecked::utf16to8(utf16string, utf16string + 5, back_inserter(utf8result));
+assert (utf8result.size() == 10);    
+```
+
+This is a faster but less safe version of `utf8::utf16to8`. It does not check for validity of the supplied UTF-16 sequence.
+
+#### utf8::unchecked::utf8to16
+
+Available in version 1.0 and later.
+
+Converts an UTF-8 encoded string to UTF-16
+
+```cpp
+template <typename u16bit_iterator, typename octet_iterator>
+u16bit_iterator utf8to16 (octet_iterator start, octet_iterator end, u16bit_iterator result);
+```
+
+`start`: an iterator pointing to the beginning of the UTF-8 encoded string to convert. < br /> `end`: an iterator pointing to pass-the-end of the UTF-8 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-16 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-16 string.
+
+Example of use:
+
+```cpp
+char utf8_with_surrogates[] = "\xe6\x97\xa5\xd1\x88\xf0\x9d\x84\x9e";
+vector <unsigned short> utf16result;
+unchecked::utf8to16(utf8_with_surrogates, utf8_with_surrogates + 9, back_inserter(utf16result));
+assert (utf16result.size() == 4);
+assert (utf16result[2] == 0xd834);
+assert (utf16result[3] == 0xdd1e);
+```
+
+This is a faster but less safe version of `utf8::utf8to16`. It does not check for validity of the supplied UTF-8 sequence.
+
+#### utf8::unchecked::utf32to8
+
+Available in version 1.0 and later.
+
+Converts a UTF-32 encoded string to UTF-8.
+
+```cpp
+template <typename octet_iterator, typename u32bit_iterator>
+octet_iterator utf32to8 (u32bit_iterator start, u32bit_iterator end, octet_iterator result);
+```
+
+`start`: an iterator pointing to the beginning of the UTF-32 encoded string to convert.  
+`end`: an iterator pointing to pass-the-end of the UTF-32 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-8 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-8 string.
+
+Example of use:
+
+```cpp
+int utf32string[] = {0x448, 0x65e5, 0x10346, 0};
+vector<unsigned char> utf8result;
+utf32to8(utf32string, utf32string + 3, back_inserter(utf8result));
+assert (utf8result.size() == 9);
+```
+
+This is a faster but less safe version of `utf8::utf32to8`. It does not check for validity of the supplied UTF-32 sequence.
+
+#### utf8::unchecked::utf8to32
+
+Available in version 1.0 and later.
+
+Converts a UTF-8 encoded string to UTF-32.
+
+```cpp
+template <typename octet_iterator, typename u32bit_iterator>
+u32bit_iterator utf8to32 (octet_iterator start, octet_iterator end, u32bit_iterator result);
+```
+
+`start`: an iterator pointing to the beginning of the UTF-8 encoded string to convert.  
+`end`: an iterator pointing to pass-the-end of the UTF-8 encoded string to convert.  
+`result`: an output iterator to the place in the UTF-32 string where to append the result of conversion.  
+Return value: An iterator pointing to the place after the appended UTF-32 string.
+
+Example of use:
+
+```cpp
+char* twochars = "\xe6\x97\xa5\xd1\x88";
+vector<int> utf32result;
+unchecked::utf8to32(twochars, twochars + 5, back_inserter(utf32result));
+assert (utf32result.size() == 2);
+```
+
+This is a faster but less safe version of `utf8::utf8to32`. It does not check for validity of the supplied UTF-8 sequence.
+
+### Types From utf8::unchecked Namespace
+
+#### utf8::iterator
+
+Available in version 2.0 and later.
+
+Adapts the underlying octet iterator to iterate over the sequence of code points, rather than raw octets.
+
+```cpp
+template <typename octet_iterator>
+class iterator;
+```
+
+##### Member functions
+
+`iterator();` the deafult constructor; the underlying octet_iterator is constructed with its default constructor.
+`explicit iterator (const octet_iterator& octet_it);` a constructor that initializes the underlying octet_iterator with `octet_it`
+`octet_iterator base () const;` returns the underlying octet_iterator.
+`uint32_t operator * () const;` decodes the utf-8 sequence the underlying octet_iterator is pointing to and returns the code point.
+`bool operator == (const iterator& rhs) const;` returns `true` if the two underlaying iterators are equal.
+`bool operator != (const iterator& rhs) const;` returns `true` if the two underlaying iterators are not equal.
+`iterator& operator ++ ();` the prefix increment - moves the iterator to the next UTF-8 encoded code point.
+`iterator operator ++ (int);` the postfix increment - moves the iterator to the next UTF-8 encoded code point and returns the current one.
+`iterator& operator -- ();` the prefix decrement - moves the iterator to the previous UTF-8 encoded code point.
+`iterator operator -- (int);` the postfix decrement - moves the iterator to the previous UTF-8 encoded code point and returns the current one.
+
+Example of use:
+
+```cpp
+char* threechars = "\xf0\x90\x8d\x86\xe6\x97\xa5\xd1\x88";
+utf8::unchecked::iterator<char*> un_it(threechars);
+utf8::unchecked::iterator<char*> un_it2 = un_it;
+assert (un_it2 == un_it);
+assert (*un_it == 0x10346);
+assert (*(++un_it) == 0x65e5);
+assert ((*un_it++) == 0x65e5);
+assert (*un_it == 0x0448);
+assert (un_it != un_it2);
+utf8::::unchecked::iterator<char*> un_endit (threechars + 9);  
+assert (++un_it == un_endit);
+assert (*(--un_it) == 0x0448);
+assert ((*un_it--) == 0x0448);
+assert (*un_it == 0x65e5);
+assert (--un_it == utf8::unchecked::iterator<char*>(threechars));
+assert (*un_it == 0x10346);
+```
+
+This is an unchecked version of `utf8::iterator`. It is faster in many cases, but offers no validity or range checks.
+
+## Points of interest
+
+#### Design goals and decisions
+
+The library was designed to be:
+
+1.  Generic: for better or worse, there are many C++ string classes out there, and the library should work with as many of them as possible.
+2.  Portable: the library should be portable both accross different platforms and compilers. The only non-portable code is a small section that declares unsigned integers of different sizes: three typedefs. They can be changed by the users of the library if they don't match their platform. The default setting should work for Windows (both 32 and 64 bit), and most 32 bit and 64 bit Unix derivatives. At this point I don't plan to use any post C++03 features, so the library should work even with pretty old compilers.
+3.  Lightweight: follow the "pay only for what you use" guideline.
+4.  Unintrusive: avoid forcing any particular design or even programming style on the user. This is a library, not a framework.
+
+#### Alternatives
+
+In case you want to look into other means of working with UTF-8 strings from C++, here is the list of solutions I am aware of:
+
+1.  [ICU Library](http://icu.sourceforge.net/). It is very powerful, complete, feature-rich, mature, and widely used. Also big, intrusive, non-generic, and doesn't play well with the Standard Library. I definitelly recommend looking at ICU even if you don't plan to use it.
+2.  C++11 language and library features. Still far from complete, and not easy to use.
+3.  [Glib::ustring](http://www.gtkmm.org/gtkmm2/docs/tutorial/html/ch03s04.html). A class specifically made to work with UTF-8 strings, and also feel like `std::string`. If you prefer to have yet another string class in your code, it may be worth a look. Be aware of the licensing issues, though.
+4.  Platform dependent solutions: Windows and POSIX have functions to convert strings from one encoding to another. That is only a subset of what my library offers, but if that is all you need it may be good enough.
+
+## Links
+
+1.  [The Unicode Consortium](http://www.unicode.org/).
+2.  [ICU Library](http://icu.sourceforge.net/).
+3.  [UTF-8 at Wikipedia](http://en.wikipedia.org/wiki/UTF-8)
+4.  [UTF-8 and Unicode FAQ for Unix/Linux](http://www.cl.cam.ac.uk/~mgk25/unicode.html)
diff --git a/third-party/utf8cpp/samples/docsample.cpp b/third-party/utf8cpp/samples/docsample.cpp
new file mode 100644
index 000000000..6f8953b99
--- /dev/null
+++ b/third-party/utf8cpp/samples/docsample.cpp
@@ -0,0 +1,52 @@
+#include "../source/utf8.h"
+#include <iostream>
+#include <fstream>
+#include <string>
+#include <vector>
+
+
+using namespace std;
+
+int main(int argc, char** argv)
+{
+    if (argc != 2) {
+        cout << "\nUsage: docsample filename\n";
+        return 0;
+    }
+    const char* test_file_path = argv[1];
+    // Open the test file (must be UTF-8 encoded)
+    ifstream fs8(test_file_path);
+    if (!fs8.is_open()) {
+    cout << "Could not open " << test_file_path << endl;
+    return 0;
+    }
+
+    unsigned line_count = 1;
+    string line;
+    // Play with all the lines in the file
+    while (getline(fs8, line)) {
+        // check for invalid utf-8 (for a simple yes/no check, there is also utf8::is_valid function)
+        string::iterator end_it = utf8::find_invalid(line.begin(), line.end());
+        if (end_it != line.end()) {
+            cout << "Invalid UTF-8 encoding detected at line " << line_count << "\n";
+            cout << "This part is fine: " << string(line.begin(), end_it) << "\n";
+        }
+        // Get the line length (at least for the valid part)
+        int length = utf8::distance(line.begin(), end_it);
+        cout << "Length of line " << line_count << " is " << length <<  "\n";
+
+        // Convert it to utf-16
+        vector<unsigned short> utf16line;
+        utf8::utf8to16(line.begin(), end_it, back_inserter(utf16line));
+        // And back to utf-8;
+        string utf8line; 
+        utf8::utf16to8(utf16line.begin(), utf16line.end(), back_inserter(utf8line));
+        // Confirm that the conversion went OK:
+        if (utf8line != string(line.begin(), end_it))
+            cout << "Error in UTF-16 conversion at line: " << line_count << "\n";        
+
+        line_count++;
+    } 
+
+    return 0;
+}
diff --git a/third-party/utf8cpp/source/utf8.h b/third-party/utf8cpp/source/utf8.h
new file mode 100644
index 000000000..82b13f59f
--- /dev/null
+++ b/third-party/utf8cpp/source/utf8.h
@@ -0,0 +1,34 @@
+// Copyright 2006 Nemanja Trifunovic
+
+/*
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+*/
+
+
+#ifndef UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731
+#define UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731
+
+#include "utf8/checked.h"
+#include "utf8/unchecked.h"
+
+#endif // header guard
diff --git a/third-party/utf8cpp/source/utf8/checked.h b/third-party/utf8cpp/source/utf8/checked.h
new file mode 100644
index 000000000..2aef5838d
--- /dev/null
+++ b/third-party/utf8cpp/source/utf8/checked.h
@@ -0,0 +1,327 @@
+// Copyright 2006-2016 Nemanja Trifunovic
+
+/*
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+*/
+
+
+#ifndef UTF8_FOR_CPP_CHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+#define UTF8_FOR_CPP_CHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+
+#include "core.h"
+#include <stdexcept>
+
+namespace utf8
+{
+    // Base for the exceptions that may be thrown from the library
+    class exception : public ::std::exception {
+    };
+
+    // Exceptions that may be thrown from the library functions.
+    class invalid_code_point : public exception {
+        uint32_t cp;
+    public:
+        invalid_code_point(uint32_t codepoint) : cp(codepoint) {}
+        virtual const char* what() const throw() { return "Invalid code point"; }
+        uint32_t code_point() const {return cp;}
+    };
+
+    class invalid_utf8 : public exception {
+        uint8_t u8;
+    public:
+        invalid_utf8 (uint8_t u) : u8(u) {}
+        virtual const char* what() const throw() { return "Invalid UTF-8"; }
+        uint8_t utf8_octet() const {return u8;}
+    };
+
+    class invalid_utf16 : public exception {
+        uint16_t u16;
+    public:
+        invalid_utf16 (uint16_t u) : u16(u) {}
+        virtual const char* what() const throw() { return "Invalid UTF-16"; }
+        uint16_t utf16_word() const {return u16;}
+    };
+
+    class not_enough_room : public exception {
+    public:
+        virtual const char* what() const throw() { return "Not enough space"; }
+    };
+
+    /// The library API - functions intended to be called by the users
+
+    template <typename octet_iterator>
+    octet_iterator append(uint32_t cp, octet_iterator result)
+    {
+        if (!utf8::internal::is_code_point_valid(cp))
+            throw invalid_code_point(cp);
+
+        if (cp < 0x80)                        // one octet
+            *(result++) = static_cast<uint8_t>(cp);
+        else if (cp < 0x800) {                // two octets
+            *(result++) = static_cast<uint8_t>((cp >> 6)            | 0xc0);
+            *(result++) = static_cast<uint8_t>((cp & 0x3f)          | 0x80);
+        }
+        else if (cp < 0x10000) {              // three octets
+            *(result++) = static_cast<uint8_t>((cp >> 12)           | 0xe0);
+            *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f)   | 0x80);
+            *(result++) = static_cast<uint8_t>((cp & 0x3f)          | 0x80);
+        }
+        else {                                // four octets
+            *(result++) = static_cast<uint8_t>((cp >> 18)           | 0xf0);
+            *(result++) = static_cast<uint8_t>(((cp >> 12) & 0x3f)  | 0x80);
+            *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f)   | 0x80);
+            *(result++) = static_cast<uint8_t>((cp & 0x3f)          | 0x80);
+        }
+        return result;
+    }
+
+    template <typename octet_iterator, typename output_iterator>
+    output_iterator replace_invalid(octet_iterator start, octet_iterator end, output_iterator out, uint32_t replacement)
+    {
+        while (start != end) {
+            octet_iterator sequence_start = start;
+            internal::utf_error err_code = utf8::internal::validate_next(start, end);
+            switch (err_code) {
+                case internal::UTF8_OK :
+                    for (octet_iterator it = sequence_start; it != start; ++it)
+                        *out++ = *it;
+                    break;
+                case internal::NOT_ENOUGH_ROOM:
+                    throw not_enough_room();
+                case internal::INVALID_LEAD:
+                    out = utf8::append (replacement, out);
+                    ++start;
+                    break;
+                case internal::INCOMPLETE_SEQUENCE:
+                case internal::OVERLONG_SEQUENCE:
+                case internal::INVALID_CODE_POINT:
+                    out = utf8::append (replacement, out);
+                    ++start;
+                    // just one replacement mark for the sequence
+                    while (start != end && utf8::internal::is_trail(*start))
+                        ++start;
+                    break;
+            }
+        }
+        return out;
+    }
+
+    template <typename octet_iterator, typename output_iterator>
+    inline output_iterator replace_invalid(octet_iterator start, octet_iterator end, output_iterator out)
+    {
+        static const uint32_t replacement_marker = utf8::internal::mask16(0xfffd);
+        return utf8::replace_invalid(start, end, out, replacement_marker);
+    }
+
+    template <typename octet_iterator>
+    uint32_t next(octet_iterator& it, octet_iterator end)
+    {
+        uint32_t cp = 0;
+        internal::utf_error err_code = utf8::internal::validate_next(it, end, cp);
+        switch (err_code) {
+            case internal::UTF8_OK :
+                break;
+            case internal::NOT_ENOUGH_ROOM :
+                throw not_enough_room();
+            case internal::INVALID_LEAD :
+            case internal::INCOMPLETE_SEQUENCE :
+            case internal::OVERLONG_SEQUENCE :
+                throw invalid_utf8(*it);
+            case internal::INVALID_CODE_POINT :
+                throw invalid_code_point(cp);
+        }
+        return cp;
+    }
+
+    template <typename octet_iterator>
+    uint32_t peek_next(octet_iterator it, octet_iterator end)
+    {
+        return utf8::next(it, end);
+    }
+
+    template <typename octet_iterator>
+    uint32_t prior(octet_iterator& it, octet_iterator start)
+    {
+        // can't do much if it == start
+        if (it == start)
+            throw not_enough_room();
+
+        octet_iterator end = it;
+        // Go back until we hit either a lead octet or start
+        while (utf8::internal::is_trail(*(--it)))
+            if (it == start)
+                throw invalid_utf8(*it); // error - no lead byte in the sequence
+        return utf8::peek_next(it, end);
+    }
+
+    /// Deprecated in versions that include "prior"
+    template <typename octet_iterator>
+    uint32_t previous(octet_iterator& it, octet_iterator pass_start)
+    {
+        octet_iterator end = it;
+        while (utf8::internal::is_trail(*(--it)))
+            if (it == pass_start)
+                throw invalid_utf8(*it); // error - no lead byte in the sequence
+        octet_iterator temp = it;
+        return utf8::next(temp, end);
+    }
+
+    template <typename octet_iterator, typename distance_type>
+    void advance (octet_iterator& it, distance_type n, octet_iterator end)
+    {
+        for (distance_type i = 0; i < n; ++i)
+            utf8::next(it, end);
+    }
+
+    template <typename octet_iterator>
+    typename std::iterator_traits<octet_iterator>::difference_type
+    distance (octet_iterator first, octet_iterator last)
+    {
+        typename std::iterator_traits<octet_iterator>::difference_type dist;
+        for (dist = 0; first < last; ++dist)
+            utf8::next(first, last);
+        return dist;
+    }
+
+    template <typename u16bit_iterator, typename octet_iterator>
+    octet_iterator utf16to8 (u16bit_iterator start, u16bit_iterator end, octet_iterator result)
+    {
+        while (start != end) {
+            uint32_t cp = utf8::internal::mask16(*start++);
+            // Take care of surrogate pairs first
+            if (utf8::internal::is_lead_surrogate(cp)) {
+                if (start != end) {
+                    uint32_t trail_surrogate = utf8::internal::mask16(*start++);
+                    if (utf8::internal::is_trail_surrogate(trail_surrogate))
+                        cp = (cp << 10) + trail_surrogate + internal::SURROGATE_OFFSET;
+                    else
+                        throw invalid_utf16(static_cast<uint16_t>(trail_surrogate));
+                }
+                else
+                    throw invalid_utf16(static_cast<uint16_t>(cp));
+
+            }
+            // Lone trail surrogate
+            else if (utf8::internal::is_trail_surrogate(cp))
+                throw invalid_utf16(static_cast<uint16_t>(cp));
+
+            result = utf8::append(cp, result);
+        }
+        return result;
+    }
+
+    template <typename u16bit_iterator, typename octet_iterator>
+    u16bit_iterator utf8to16 (octet_iterator start, octet_iterator end, u16bit_iterator result)
+    {
+        while (start < end) {
+            uint32_t cp = utf8::next(start, end);
+            if (cp > 0xffff) { //make a surrogate pair
+                *result++ = static_cast<uint16_t>((cp >> 10)   + internal::LEAD_OFFSET);
+                *result++ = static_cast<uint16_t>((cp & 0x3ff) + internal::TRAIL_SURROGATE_MIN);
+            }
+            else
+                *result++ = static_cast<uint16_t>(cp);
+        }
+        return result;
+    }
+
+    template <typename octet_iterator, typename u32bit_iterator>
+    octet_iterator utf32to8 (u32bit_iterator start, u32bit_iterator end, octet_iterator result)
+    {
+        while (start != end)
+            result = utf8::append(*(start++), result);
+
+        return result;
+    }
+
+    template <typename octet_iterator, typename u32bit_iterator>
+    u32bit_iterator utf8to32 (octet_iterator start, octet_iterator end, u32bit_iterator result)
+    {
+        while (start < end)
+            (*result++) = utf8::next(start, end);
+
+        return result;
+    }
+
+    // The iterator class
+    template <typename octet_iterator>
+    class iterator : public std::iterator <std::bidirectional_iterator_tag, uint32_t> {
+      octet_iterator it;
+      octet_iterator range_start;
+      octet_iterator range_end;
+      public:
+      iterator () {}
+      explicit iterator (const octet_iterator& octet_it,
+                         const octet_iterator& rangestart,
+                         const octet_iterator& rangeend) :
+               it(octet_it), range_start(rangestart), range_end(rangeend)
+      {
+          if (it < range_start || it > range_end)
+              throw std::out_of_range("Invalid utf-8 iterator position");
+      }
+      // the default "big three" are OK
+      octet_iterator base () const { return it; }
+      uint32_t operator * () const
+      {
+          octet_iterator temp = it;
+          return utf8::next(temp, range_end);
+      }
+      bool operator == (const iterator& rhs) const
+      {
+          if (range_start != rhs.range_start || range_end != rhs.range_end)
+              throw std::logic_error("Comparing utf-8 iterators defined with different ranges");
+          return (it == rhs.it);
+      }
+      bool operator != (const iterator& rhs) const
+      {
+          return !(operator == (rhs));
+      }
+      iterator& operator ++ ()
+      {
+          utf8::next(it, range_end);
+          return *this;
+      }
+      iterator operator ++ (int)
+      {
+          iterator temp = *this;
+          utf8::next(it, range_end);
+          return temp;
+      }
+      iterator& operator -- ()
+      {
+          utf8::prior(it, range_start);
+          return *this;
+      }
+      iterator operator -- (int)
+      {
+          iterator temp = *this;
+          utf8::prior(it, range_start);
+          return temp;
+      }
+    }; // class iterator
+
+} // namespace utf8
+
+#endif //header guard
+
+
diff --git a/third-party/utf8cpp/source/utf8/core.h b/third-party/utf8cpp/source/utf8/core.h
new file mode 100644
index 000000000..ae0f367db
--- /dev/null
+++ b/third-party/utf8cpp/source/utf8/core.h
@@ -0,0 +1,332 @@
+// Copyright 2006 Nemanja Trifunovic
+
+/*
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+*/
+
+
+#ifndef UTF8_FOR_CPP_CORE_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+#define UTF8_FOR_CPP_CORE_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+
+#include <iterator>
+
+namespace utf8
+{
+    // The typedefs for 8-bit, 16-bit and 32-bit unsigned integers
+    // You may need to change them to match your system.
+    // These typedefs have the same names as ones from cstdint, or boost/cstdint
+    typedef unsigned char   uint8_t;
+    typedef unsigned short  uint16_t;
+    typedef unsigned int    uint32_t;
+
+// Helper code - not intended to be directly called by the library users. May be changed at any time
+namespace internal
+{
+    // Unicode constants
+    // Leading (high) surrogates: 0xd800 - 0xdbff
+    // Trailing (low) surrogates: 0xdc00 - 0xdfff
+    const uint16_t LEAD_SURROGATE_MIN  = 0xd800u;
+    const uint16_t LEAD_SURROGATE_MAX  = 0xdbffu;
+    const uint16_t TRAIL_SURROGATE_MIN = 0xdc00u;
+    const uint16_t TRAIL_SURROGATE_MAX = 0xdfffu;
+    const uint16_t LEAD_OFFSET         = LEAD_SURROGATE_MIN - (0x10000 >> 10);
+    const uint32_t SURROGATE_OFFSET    = 0x10000u - (LEAD_SURROGATE_MIN << 10) - TRAIL_SURROGATE_MIN;
+
+    // Maximum valid value for a Unicode code point
+    const uint32_t CODE_POINT_MAX      = 0x0010ffffu;
+
+    template<typename octet_type>
+    inline uint8_t mask8(octet_type oc)
+    {
+        return static_cast<uint8_t>(0xff & oc);
+    }
+    template<typename u16_type>
+    inline uint16_t mask16(u16_type oc)
+    {
+        return static_cast<uint16_t>(0xffff & oc);
+    }
+    template<typename octet_type>
+    inline bool is_trail(octet_type oc)
+    {
+        return ((utf8::internal::mask8(oc) >> 6) == 0x2);
+    }
+
+    template <typename u16>
+    inline bool is_lead_surrogate(u16 cp)
+    {
+        return (cp >= LEAD_SURROGATE_MIN && cp <= LEAD_SURROGATE_MAX);
+    }
+
+    template <typename u16>
+    inline bool is_trail_surrogate(u16 cp)
+    {
+        return (cp >= TRAIL_SURROGATE_MIN && cp <= TRAIL_SURROGATE_MAX);
+    }
+
+    template <typename u16>
+    inline bool is_surrogate(u16 cp)
+    {
+        return (cp >= LEAD_SURROGATE_MIN && cp <= TRAIL_SURROGATE_MAX);
+    }
+
+    template <typename u32>
+    inline bool is_code_point_valid(u32 cp)
+    {
+        return (cp <= CODE_POINT_MAX && !utf8::internal::is_surrogate(cp));
+    }
+
+    template <typename octet_iterator>
+    inline typename std::iterator_traits<octet_iterator>::difference_type
+    sequence_length(octet_iterator lead_it)
+    {
+        uint8_t lead = utf8::internal::mask8(*lead_it);
+        if (lead < 0x80)
+            return 1;
+        else if ((lead >> 5) == 0x6)
+            return 2;
+        else if ((lead >> 4) == 0xe)
+            return 3;
+        else if ((lead >> 3) == 0x1e)
+            return 4;
+        else
+            return 0;
+    }
+
+    template <typename octet_difference_type>
+    inline bool is_overlong_sequence(uint32_t cp, octet_difference_type length)
+    {
+        if (cp < 0x80) {
+            if (length != 1) 
+                return true;
+        }
+        else if (cp < 0x800) {
+            if (length != 2) 
+                return true;
+        }
+        else if (cp < 0x10000) {
+            if (length != 3) 
+                return true;
+        }
+
+        return false;
+    }
+
+    enum utf_error {UTF8_OK, NOT_ENOUGH_ROOM, INVALID_LEAD, INCOMPLETE_SEQUENCE, OVERLONG_SEQUENCE, INVALID_CODE_POINT};
+
+    /// Helper for get_sequence_x
+    template <typename octet_iterator>
+    utf_error increase_safely(octet_iterator& it, octet_iterator end)
+    {
+        if (++it == end)
+            return NOT_ENOUGH_ROOM;
+
+        if (!utf8::internal::is_trail(*it))
+            return INCOMPLETE_SEQUENCE;
+        
+        return UTF8_OK;
+    }
+
+    #define UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(IT, END) {utf_error ret = increase_safely(IT, END); if (ret != UTF8_OK) return ret;}    
+
+    /// get_sequence_x functions decode utf-8 sequences of the length x
+    template <typename octet_iterator>
+    utf_error get_sequence_1(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end)
+            return NOT_ENOUGH_ROOM;
+
+        code_point = utf8::internal::mask8(*it);
+
+        return UTF8_OK;
+    }
+
+    template <typename octet_iterator>
+    utf_error get_sequence_2(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end) 
+            return NOT_ENOUGH_ROOM;
+        
+        code_point = utf8::internal::mask8(*it);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point = ((code_point << 6) & 0x7ff) + ((*it) & 0x3f);
+
+        return UTF8_OK;
+    }
+
+    template <typename octet_iterator>
+    utf_error get_sequence_3(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end)
+            return NOT_ENOUGH_ROOM;
+            
+        code_point = utf8::internal::mask8(*it);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point = ((code_point << 12) & 0xffff) + ((utf8::internal::mask8(*it) << 6) & 0xfff);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point += (*it) & 0x3f;
+
+        return UTF8_OK;
+    }
+
+    template <typename octet_iterator>
+    utf_error get_sequence_4(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end)
+           return NOT_ENOUGH_ROOM;
+
+        code_point = utf8::internal::mask8(*it);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point = ((code_point << 18) & 0x1fffff) + ((utf8::internal::mask8(*it) << 12) & 0x3ffff);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point += (utf8::internal::mask8(*it) << 6) & 0xfff;
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point += (*it) & 0x3f;
+
+        return UTF8_OK;
+    }
+
+    #undef UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR
+
+    template <typename octet_iterator>
+    utf_error validate_next(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+	if (it == end)
+            return NOT_ENOUGH_ROOM;
+
+        // Save the original value of it so we can go back in case of failure
+        // Of course, it does not make much sense with i.e. stream iterators
+        octet_iterator original_it = it;
+
+        uint32_t cp = 0;
+        // Determine the sequence length based on the lead octet
+        typedef typename std::iterator_traits<octet_iterator>::difference_type octet_difference_type;
+        const octet_difference_type length = utf8::internal::sequence_length(it);
+
+        // Get trail octets and calculate the code point
+        utf_error err = UTF8_OK;
+        switch (length) {
+            case 0: 
+                return INVALID_LEAD;
+            case 1:
+                err = utf8::internal::get_sequence_1(it, end, cp);
+                break;
+            case 2:
+                err = utf8::internal::get_sequence_2(it, end, cp);
+            break;
+            case 3:
+                err = utf8::internal::get_sequence_3(it, end, cp);
+            break;
+            case 4:
+                err = utf8::internal::get_sequence_4(it, end, cp);
+            break;
+        }
+
+        if (err == UTF8_OK) {
+            // Decoding succeeded. Now, security checks...
+            if (utf8::internal::is_code_point_valid(cp)) {
+                if (!utf8::internal::is_overlong_sequence(cp, length)){
+                    // Passed! Return here.
+                    code_point = cp;
+                    ++it;
+                    return UTF8_OK;
+                }
+                else
+                    err = OVERLONG_SEQUENCE;
+            }
+            else 
+                err = INVALID_CODE_POINT;
+        }
+
+        // Failure branch - restore the original value of the iterator
+        it = original_it;
+        return err;
+    }
+
+    template <typename octet_iterator>
+    inline utf_error validate_next(octet_iterator& it, octet_iterator end) {
+        uint32_t ignored;
+        return utf8::internal::validate_next(it, end, ignored);
+    }
+
+} // namespace internal
+
+    /// The library API - functions intended to be called by the users
+
+    // Byte order mark
+    const uint8_t bom[] = {0xef, 0xbb, 0xbf};
+
+    template <typename octet_iterator>
+    octet_iterator find_invalid(octet_iterator start, octet_iterator end)
+    {
+        octet_iterator result = start;
+        while (result != end) {
+            utf8::internal::utf_error err_code = utf8::internal::validate_next(result, end);
+            if (err_code != internal::UTF8_OK)
+                return result;
+        }
+        return result;
+    }
+
+    template <typename octet_iterator>
+    inline bool is_valid(octet_iterator start, octet_iterator end)
+    {
+        return (utf8::find_invalid(start, end) == end);
+    }
+
+    template <typename octet_iterator>
+    inline bool starts_with_bom (octet_iterator it, octet_iterator end)
+    {
+        return (
+            ((it != end) && (utf8::internal::mask8(*it++)) == bom[0]) &&
+            ((it != end) && (utf8::internal::mask8(*it++)) == bom[1]) &&
+            ((it != end) && (utf8::internal::mask8(*it))   == bom[2])
+           );
+    }
+	
+    //Deprecated in release 2.3 
+    template <typename octet_iterator>
+    inline bool is_bom (octet_iterator it)
+    {
+        return (
+            (utf8::internal::mask8(*it++)) == bom[0] &&
+            (utf8::internal::mask8(*it++)) == bom[1] &&
+            (utf8::internal::mask8(*it))   == bom[2]
+           );
+    }
+} // namespace utf8
+
+#endif // header guard
+
+
diff --git a/third-party/utf8cpp/source/utf8/unchecked.h b/third-party/utf8cpp/source/utf8/unchecked.h
new file mode 100644
index 000000000..cb2427166
--- /dev/null
+++ b/third-party/utf8cpp/source/utf8/unchecked.h
@@ -0,0 +1,228 @@
+// Copyright 2006 Nemanja Trifunovic
+
+/*
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+*/
+
+
+#ifndef UTF8_FOR_CPP_UNCHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+#define UTF8_FOR_CPP_UNCHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+
+#include "core.h"
+
+namespace utf8
+{
+    namespace unchecked 
+    {
+        template <typename octet_iterator>
+        octet_iterator append(uint32_t cp, octet_iterator result)
+        {
+            if (cp < 0x80)                        // one octet
+                *(result++) = static_cast<uint8_t>(cp);  
+            else if (cp < 0x800) {                // two octets
+                *(result++) = static_cast<uint8_t>((cp >> 6)          | 0xc0);
+                *(result++) = static_cast<uint8_t>((cp & 0x3f)        | 0x80);
+            }
+            else if (cp < 0x10000) {              // three octets
+                *(result++) = static_cast<uint8_t>((cp >> 12)         | 0xe0);
+                *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f) | 0x80);
+                *(result++) = static_cast<uint8_t>((cp & 0x3f)        | 0x80);
+            }
+            else {                                // four octets
+                *(result++) = static_cast<uint8_t>((cp >> 18)         | 0xf0);
+                *(result++) = static_cast<uint8_t>(((cp >> 12) & 0x3f)| 0x80);
+                *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f) | 0x80);
+                *(result++) = static_cast<uint8_t>((cp & 0x3f)        | 0x80);
+            }
+            return result;
+        }
+
+        template <typename octet_iterator>
+        uint32_t next(octet_iterator& it)
+        {
+            uint32_t cp = utf8::internal::mask8(*it);
+            typename std::iterator_traits<octet_iterator>::difference_type length = utf8::internal::sequence_length(it);
+            switch (length) {
+                case 1:
+                    break;
+                case 2:
+                    it++;
+                    cp = ((cp << 6) & 0x7ff) + ((*it) & 0x3f);
+                    break;
+                case 3:
+                    ++it; 
+                    cp = ((cp << 12) & 0xffff) + ((utf8::internal::mask8(*it) << 6) & 0xfff);
+                    ++it;
+                    cp += (*it) & 0x3f;
+                    break;
+                case 4:
+                    ++it;
+                    cp = ((cp << 18) & 0x1fffff) + ((utf8::internal::mask8(*it) << 12) & 0x3ffff);                
+                    ++it;
+                    cp += (utf8::internal::mask8(*it) << 6) & 0xfff;
+                    ++it;
+                    cp += (*it) & 0x3f; 
+                    break;
+            }
+            ++it;
+            return cp;        
+        }
+
+        template <typename octet_iterator>
+        uint32_t peek_next(octet_iterator it)
+        {
+            return utf8::unchecked::next(it);    
+        }
+
+        template <typename octet_iterator>
+        uint32_t prior(octet_iterator& it)
+        {
+            while (utf8::internal::is_trail(*(--it))) ;
+            octet_iterator temp = it;
+            return utf8::unchecked::next(temp);
+        }
+
+        // Deprecated in versions that include prior, but only for the sake of consistency (see utf8::previous)
+        template <typename octet_iterator>
+        inline uint32_t previous(octet_iterator& it)
+        {
+            return utf8::unchecked::prior(it);
+        }
+
+        template <typename octet_iterator, typename distance_type>
+        void advance (octet_iterator& it, distance_type n)
+        {
+            for (distance_type i = 0; i < n; ++i)
+                utf8::unchecked::next(it);
+        }
+
+        template <typename octet_iterator>
+        typename std::iterator_traits<octet_iterator>::difference_type
+        distance (octet_iterator first, octet_iterator last)
+        {
+            typename std::iterator_traits<octet_iterator>::difference_type dist;
+            for (dist = 0; first < last; ++dist) 
+                utf8::unchecked::next(first);
+            return dist;
+        }
+
+        template <typename u16bit_iterator, typename octet_iterator>
+        octet_iterator utf16to8 (u16bit_iterator start, u16bit_iterator end, octet_iterator result)
+        {       
+            while (start != end) {
+                uint32_t cp = utf8::internal::mask16(*start++);
+            // Take care of surrogate pairs first
+                if (utf8::internal::is_lead_surrogate(cp)) {
+                    uint32_t trail_surrogate = utf8::internal::mask16(*start++);
+                    cp = (cp << 10) + trail_surrogate + internal::SURROGATE_OFFSET;
+                }
+                result = utf8::unchecked::append(cp, result);
+            }
+            return result;         
+        }
+
+        template <typename u16bit_iterator, typename octet_iterator>
+        u16bit_iterator utf8to16 (octet_iterator start, octet_iterator end, u16bit_iterator result)
+        {
+            while (start < end) {
+                uint32_t cp = utf8::unchecked::next(start);
+                if (cp > 0xffff) { //make a surrogate pair
+                    *result++ = static_cast<uint16_t>((cp >> 10)   + internal::LEAD_OFFSET);
+                    *result++ = static_cast<uint16_t>((cp & 0x3ff) + internal::TRAIL_SURROGATE_MIN);
+                }
+                else
+                    *result++ = static_cast<uint16_t>(cp);
+            }
+            return result;
+        }
+
+        template <typename octet_iterator, typename u32bit_iterator>
+        octet_iterator utf32to8 (u32bit_iterator start, u32bit_iterator end, octet_iterator result)
+        {
+            while (start != end)
+                result = utf8::unchecked::append(*(start++), result);
+
+            return result;
+        }
+
+        template <typename octet_iterator, typename u32bit_iterator>
+        u32bit_iterator utf8to32 (octet_iterator start, octet_iterator end, u32bit_iterator result)
+        {
+            while (start < end)
+                (*result++) = utf8::unchecked::next(start);
+
+            return result;
+        }
+
+        // The iterator class
+        template <typename octet_iterator>
+          class iterator : public std::iterator <std::bidirectional_iterator_tag, uint32_t> { 
+            octet_iterator it;
+            public:
+            iterator () {}
+            explicit iterator (const octet_iterator& octet_it): it(octet_it) {}
+            // the default "big three" are OK
+            octet_iterator base () const { return it; }
+            uint32_t operator * () const
+            {
+                octet_iterator temp = it;
+                return utf8::unchecked::next(temp);
+            }
+            bool operator == (const iterator& rhs) const 
+            { 
+                return (it == rhs.it);
+            }
+            bool operator != (const iterator& rhs) const
+            {
+                return !(operator == (rhs));
+            }
+            iterator& operator ++ () 
+            {
+                ::std::advance(it, utf8::internal::sequence_length(it));
+                return *this;
+            }
+            iterator operator ++ (int)
+            {
+                iterator temp = *this;
+                ::std::advance(it, utf8::internal::sequence_length(it));
+                return temp;
+            }  
+            iterator& operator -- ()
+            {
+                utf8::unchecked::prior(it);
+                return *this;
+            }
+            iterator operator -- (int)
+            {
+                iterator temp = *this;
+                utf8::unchecked::prior(it);
+                return temp;
+            }
+          }; // class iterator
+
+    } // namespace utf8::unchecked
+} // namespace utf8 
+
+
+#endif // header guard
+
diff --git a/third-party/utf8cpp/test_data/negative/utf8_invalid.txt b/third-party/utf8cpp/test_data/negative/utf8_invalid.txt
new file mode 100644
index 000000000..ae8315932
Binary files /dev/null and b/third-party/utf8cpp/test_data/negative/utf8_invalid.txt differ
diff --git a/third-party/utf8cpp/test_data/utf8samples/UTF-8-demo.txt b/third-party/utf8cpp/test_data/utf8samples/UTF-8-demo.txt
new file mode 100644
index 000000000..4363f27bd
--- /dev/null
+++ b/third-party/utf8cpp/test_data/utf8samples/UTF-8-demo.txt
@@ -0,0 +1,212 @@
+
+UTF-8 encoded sample plain-text file
+‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
+
+Markus Kuhn [ˈmaʳkʊs kuːn] <http://www.cl.cam.ac.uk/~mgk25/> — 2002-07-25
+
+
+The ASCII compatible UTF-8 encoding used in this plain-text file
+is defined in Unicode, ISO 10646-1, and RFC 2279.
+
+
+Using Unicode/UTF-8, you can write in emails and source code things such as
+
+Mathematics and sciences:
+
+  ∮ E⋅da = Q,  n → ∞, ∑ f(i) = ∏ g(i),      ⎧⎡⎛┌─────┐⎞⎤⎫
+                                            ⎪⎢⎜│a²+b³ ⎟⎥⎪
+  ∀x∈ℝ: ⌈x⌉ = −⌊−x⌋, α ∧ ¬β = ¬(¬α ∨ β),    ⎪⎢⎜│───── ⎟⎥⎪
+                                            ⎪⎢⎜⎷ c₈   ⎟⎥⎪
+  ℕ ⊆ ℕ₀ ⊂ ℤ ⊂ ℚ ⊂ ℝ ⊂ ℂ,                   ⎨⎢⎜       ⎟⎥⎬
+                                            ⎪⎢⎜ ∞     ⎟⎥⎪
+  ⊥ < a ≠ b ≡ c ≤ d ≪ ⊤ ⇒ (⟦A⟧ ⇔ ⟪B⟫),      ⎪⎢⎜ ⎲     ⎟⎥⎪
+                                            ⎪⎢⎜ ⎳aⁱ-bⁱ⎟⎥⎪
+  2H₂ + O₂ ⇌ 2H₂O, R = 4.7 kΩ, ⌀ 200 mm     ⎩⎣⎝i=1    ⎠⎦⎭
+
+Linguistics and dictionaries:
+
+  ði ıntəˈnæʃənəl fəˈnɛtık əsoʊsiˈeıʃn
+  Y [ˈʏpsilɔn], Yen [jɛn], Yoga [ˈjoːgɑ]
+
+APL:
+
+  ((V⍳V)=⍳⍴V)/V←,V    ⌷←⍳→⍴∆∇⊃‾⍎⍕⌈
+
+Nicer typography in plain text files:
+
+  ╔══════════════════════════════════════════╗
+  ║                                          ║
+  ║   • ‘single’ and “double” quotes         ║
+  ║                                          ║
+  ║   • Curly apostrophes: “We’ve been here” ║
+  ║                                          ║
+  ║   • Latin-1 apostrophe and accents: '´`  ║
+  ║                                          ║
+  ║   • ‚deutsche‘ „Anführungszeichen“       ║
+  ║                                          ║
+  ║   • †, ‡, ‰, •, 3–4, —, −5/+5, ™, …      ║
+  ║                                          ║
+  ║   • ASCII safety test: 1lI|, 0OD, 8B     ║
+  ║                      ╭─────────╮         ║
+  ║   • the euro symbol: │ 14.95 € │         ║
+  ║                      ╰─────────╯         ║
+  ╚══════════════════════════════════════════╝
+
+Combining characters:
+
+  STARGΛ̊TE SG-1, a = v̇ = r̈, a⃑ ⊥ b⃑
+
+Greek (in Polytonic):
+
+  The Greek anthem:
+
+  Σὲ γνωρίζω ἀπὸ τὴν κόψη
+  τοῦ σπαθιοῦ τὴν τρομερή,
+  σὲ γνωρίζω ἀπὸ τὴν ὄψη
+  ποὺ μὲ βία μετράει τὴ γῆ.
+
+  ᾿Απ᾿ τὰ κόκκαλα βγαλμένη
+  τῶν ῾Ελλήνων τὰ ἱερά
+  καὶ σὰν πρῶτα ἀνδρειωμένη
+  χαῖρε, ὦ χαῖρε, ᾿Ελευθεριά!
+
+  From a speech of Demosthenes in the 4th century BC:
+
+  Οὐχὶ ταὐτὰ παρίσταταί μοι γιγνώσκειν, ὦ ἄνδρες ᾿Αθηναῖοι,
+  ὅταν τ᾿ εἰς τὰ πράγματα ἀποβλέψω καὶ ὅταν πρὸς τοὺς
+  λόγους οὓς ἀκούω· τοὺς μὲν γὰρ λόγους περὶ τοῦ
+  τιμωρήσασθαι Φίλιππον ὁρῶ γιγνομένους, τὰ δὲ πράγματ᾿
+  εἰς τοῦτο προήκοντα,  ὥσθ᾿ ὅπως μὴ πεισόμεθ᾿ αὐτοὶ
+  πρότερον κακῶς σκέψασθαι δέον. οὐδέν οὖν ἄλλο μοι δοκοῦσιν
+  οἱ τὰ τοιαῦτα λέγοντες ἢ τὴν ὑπόθεσιν, περὶ ἧς βουλεύεσθαι,
+  οὐχὶ τὴν οὖσαν παριστάντες ὑμῖν ἁμαρτάνειν. ἐγὼ δέ, ὅτι μέν
+  ποτ᾿ ἐξῆν τῇ πόλει καὶ τὰ αὑτῆς ἔχειν ἀσφαλῶς καὶ Φίλιππον
+  τιμωρήσασθαι, καὶ μάλ᾿ ἀκριβῶς οἶδα· ἐπ᾿ ἐμοῦ γάρ, οὐ πάλαι
+  γέγονεν ταῦτ᾿ ἀμφότερα· νῦν μέντοι πέπεισμαι τοῦθ᾿ ἱκανὸν
+  προλαβεῖν ἡμῖν εἶναι τὴν πρώτην, ὅπως τοὺς συμμάχους
+  σώσομεν. ἐὰν γὰρ τοῦτο βεβαίως ὑπάρξῃ, τότε καὶ περὶ τοῦ
+  τίνα τιμωρήσεταί τις καὶ ὃν τρόπον ἐξέσται σκοπεῖν· πρὶν δὲ
+  τὴν ἀρχὴν ὀρθῶς ὑποθέσθαι, μάταιον ἡγοῦμαι περὶ τῆς
+  τελευτῆς ὁντινοῦν ποιεῖσθαι λόγον.
+
+  Δημοσθένους, Γ´ ᾿Ολυνθιακὸς
+
+Georgian:
+
+  From a Unicode conference invitation:
+
+  გთხოვთ ახლავე გაიაროთ რეგისტრაცია Unicode-ის მეათე საერთაშორისო
+  კონფერენციაზე დასასწრებად, რომელიც გაიმართება 10-12 მარტს,
+  ქ. მაინცში, გერმანიაში. კონფერენცია შეჰკრებს ერთად მსოფლიოს
+  ექსპერტებს ისეთ დარგებში როგორიცაა ინტერნეტი და Unicode-ი,
+  ინტერნაციონალიზაცია და ლოკალიზაცია, Unicode-ის გამოყენება
+  ოპერაციულ სისტემებსა, და გამოყენებით პროგრამებში, შრიფტებში,
+  ტექსტების დამუშავებასა და მრავალენოვან კომპიუტერულ სისტემებში.
+
+Russian:
+
+  From a Unicode conference invitation:
+
+  Зарегистрируйтесь сейчас на Десятую Международную Конференцию по
+  Unicode, которая состоится 10-12 марта 1997 года в Майнце в Германии.
+  Конференция соберет широкий круг экспертов по  вопросам глобального
+  Интернета и Unicode, локализации и интернационализации, воплощению и
+  применению Unicode в различных операционных системах и программных
+  приложениях, шрифтах, верстке и многоязычных компьютерных системах.
+
+Thai (UCS Level 2):
+
+  Excerpt from a poetry on The Romance of The Three Kingdoms (a Chinese
+  classic 'San Gua'):
+
+  [----------------------------|------------------------]
+    ๏ แผ่นดินฮั่นเสื่อมโทรมแสนสังเวช  พระปกเกศกองบู๊กู้ขึ้นใหม่
+  สิบสองกษัตริย์ก่อนหน้าแลถัดไป       สององค์ไซร้โง่เขลาเบาปัญญา
+    ทรงนับถือขันทีเป็นที่พึ่ง           บ้านเมืองจึงวิปริตเป็นนักหนา
+  โฮจิ๋นเรียกทัพทั่วหัวเมืองมา         หมายจะฆ่ามดชั่วตัวสำคัญ
+    เหมือนขับไสไล่เสือจากเคหา      รับหมาป่าเข้ามาเลยอาสัญ
+  ฝ่ายอ้องอุ้นยุแยกให้แตกกัน          ใช้สาวนั้นเป็นชนวนชื่นชวนใจ
+    พลันลิฉุยกุยกีกลับก่อเหตุ          ช่างอาเพศจริงหนาฟ้าร้องไห้
+  ต้องรบราฆ่าฟันจนบรรลัย           ฤๅหาใครค้ำชูกู้บรรลังก์ ฯ
+
+  (The above is a two-column text. If combining characters are handled
+  correctly, the lines of the second column should be aligned with the
+  | character above.)
+
+Ethiopian:
+
+  Proverbs in the Amharic language:
+
+  ሰማይ አይታረስ ንጉሥ አይከሰስ።
+  ብላ ካለኝ እንደአባቴ በቆመጠኝ።
+  ጌጥ ያለቤቱ ቁምጥና ነው።
+  ደሀ በሕልሙ ቅቤ ባይጠጣ ንጣት በገደለው።
+  የአፍ ወለምታ በቅቤ አይታሽም።
+  አይጥ በበላ ዳዋ ተመታ።
+  ሲተረጉሙ ይደረግሙ።
+  ቀስ በቀስ፥ ዕንቁላል በእግሩ ይሄዳል።
+  ድር ቢያብር አንበሳ ያስር።
+  ሰው እንደቤቱ እንጅ እንደ ጉረቤቱ አይተዳደርም።
+  እግዜር የከፈተውን ጉሮሮ ሳይዘጋው አይድርም።
+  የጎረቤት ሌባ፥ ቢያዩት ይስቅ ባያዩት ያጠልቅ።
+  ሥራ ከመፍታት ልጄን ላፋታት።
+  ዓባይ ማደሪያ የለው፥ ግንድ ይዞ ይዞራል።
+  የእስላም አገሩ መካ የአሞራ አገሩ ዋርካ።
+  ተንጋሎ ቢተፉ ተመልሶ ባፉ።
+  ወዳጅህ ማር ቢሆን ጨርስህ አትላሰው።
+  እግርህን በፍራሽህ ልክ ዘርጋ።
+
+Runes:
+
+  ᚻᛖ ᚳᚹᚫᚦ ᚦᚫᛏ ᚻᛖ ᛒᚢᛞᛖ ᚩᚾ ᚦᚫᛗ ᛚᚪᚾᛞᛖ ᚾᚩᚱᚦᚹᛖᚪᚱᛞᚢᛗ ᚹᛁᚦ ᚦᚪ ᚹᛖᛥᚫ
+
+  (Old English, which transcribed into Latin reads 'He cwaeth that he
+  bude thaem lande northweardum with tha Westsae.' and means 'He said
+  that he lived in the northern land near the Western Sea.')
+
+Braille:
+
+  ⡌⠁⠧⠑ ⠼⠁⠒  ⡍⠜⠇⠑⠹⠰⠎ ⡣⠕⠌
+
+  ⡍⠜⠇⠑⠹ ⠺⠁⠎ ⠙⠑⠁⠙⠒ ⠞⠕ ⠃⠑⠛⠔ ⠺⠊⠹⠲ ⡹⠻⠑ ⠊⠎ ⠝⠕ ⠙⠳⠃⠞
+  ⠱⠁⠞⠑⠧⠻ ⠁⠃⠳⠞ ⠹⠁⠞⠲ ⡹⠑ ⠗⠑⠛⠊⠌⠻ ⠕⠋ ⠙⠊⠎ ⠃⠥⠗⠊⠁⠇ ⠺⠁⠎
+  ⠎⠊⠛⠝⠫ ⠃⠹ ⠹⠑ ⠊⠇⠻⠛⠹⠍⠁⠝⠂ ⠹⠑ ⠊⠇⠻⠅⠂ ⠹⠑ ⠥⠝⠙⠻⠞⠁⠅⠻⠂
+  ⠁⠝⠙ ⠹⠑ ⠡⠊⠑⠋ ⠍⠳⠗⠝⠻⠲ ⡎⠊⠗⠕⠕⠛⠑ ⠎⠊⠛⠝⠫ ⠊⠞⠲ ⡁⠝⠙
+  ⡎⠊⠗⠕⠕⠛⠑⠰⠎ ⠝⠁⠍⠑ ⠺⠁⠎ ⠛⠕⠕⠙ ⠥⠏⠕⠝ ⠰⡡⠁⠝⠛⠑⠂ ⠋⠕⠗ ⠁⠝⠹⠹⠔⠛ ⠙⠑
+  ⠡⠕⠎⠑ ⠞⠕ ⠏⠥⠞ ⠙⠊⠎ ⠙⠁⠝⠙ ⠞⠕⠲
+
+  ⡕⠇⠙ ⡍⠜⠇⠑⠹ ⠺⠁⠎ ⠁⠎ ⠙⠑⠁⠙ ⠁⠎ ⠁ ⠙⠕⠕⠗⠤⠝⠁⠊⠇⠲
+
+  ⡍⠔⠙⠖ ⡊ ⠙⠕⠝⠰⠞ ⠍⠑⠁⠝ ⠞⠕ ⠎⠁⠹ ⠹⠁⠞ ⡊ ⠅⠝⠪⠂ ⠕⠋ ⠍⠹
+  ⠪⠝ ⠅⠝⠪⠇⠫⠛⠑⠂ ⠱⠁⠞ ⠹⠻⠑ ⠊⠎ ⠏⠜⠞⠊⠊⠥⠇⠜⠇⠹ ⠙⠑⠁⠙ ⠁⠃⠳⠞
+  ⠁ ⠙⠕⠕⠗⠤⠝⠁⠊⠇⠲ ⡊ ⠍⠊⠣⠞ ⠙⠁⠧⠑ ⠃⠑⠲ ⠔⠊⠇⠔⠫⠂ ⠍⠹⠎⠑⠇⠋⠂ ⠞⠕
+  ⠗⠑⠛⠜⠙ ⠁ ⠊⠕⠋⠋⠔⠤⠝⠁⠊⠇ ⠁⠎ ⠹⠑ ⠙⠑⠁⠙⠑⠌ ⠏⠊⠑⠊⠑ ⠕⠋ ⠊⠗⠕⠝⠍⠕⠝⠛⠻⠹
+  ⠔ ⠹⠑ ⠞⠗⠁⠙⠑⠲ ⡃⠥⠞ ⠹⠑ ⠺⠊⠎⠙⠕⠍ ⠕⠋ ⠳⠗ ⠁⠝⠊⠑⠌⠕⠗⠎
+  ⠊⠎ ⠔ ⠹⠑ ⠎⠊⠍⠊⠇⠑⠆ ⠁⠝⠙ ⠍⠹ ⠥⠝⠙⠁⠇⠇⠪⠫ ⠙⠁⠝⠙⠎
+  ⠩⠁⠇⠇ ⠝⠕⠞ ⠙⠊⠌⠥⠗⠃ ⠊⠞⠂ ⠕⠗ ⠹⠑ ⡊⠳⠝⠞⠗⠹⠰⠎ ⠙⠕⠝⠑ ⠋⠕⠗⠲ ⡹⠳
+  ⠺⠊⠇⠇ ⠹⠻⠑⠋⠕⠗⠑ ⠏⠻⠍⠊⠞ ⠍⠑ ⠞⠕ ⠗⠑⠏⠑⠁⠞⠂ ⠑⠍⠏⠙⠁⠞⠊⠊⠁⠇⠇⠹⠂ ⠹⠁⠞
+  ⡍⠜⠇⠑⠹ ⠺⠁⠎ ⠁⠎ ⠙⠑⠁⠙ ⠁⠎ ⠁ ⠙⠕⠕⠗⠤⠝⠁⠊⠇⠲
+
+  (The first couple of paragraphs of "A Christmas Carol" by Dickens)
+
+Compact font selection example text:
+
+  ABCDEFGHIJKLMNOPQRSTUVWXYZ /0123456789
+  abcdefghijklmnopqrstuvwxyz £©µÀÆÖÞßéöÿ
+  –—‘“”„†•…‰™œŠŸž€ ΑΒΓΔΩαβγδω АБВГДабвгд
+  ∀∂∈ℝ∧∪≡∞ ↑↗↨↻⇣ ┐┼╔╘░►☺♀ fi�⑀₂ἠḂӥẄɐː⍎אԱა
+
+Greetings in various languages:
+
+  Hello world, Καλημέρα κόσμε, コンニチハ
+
+Box drawing alignment tests:                                          █
+                                                                      ▉
+  ╔══╦══╗  ┌──┬──┐  ╭──┬──╮  ╭──┬──╮  ┏━━┳━━┓  ┎┒┏┑   ╷  ╻ ┏┯┓ ┌┰┐    ▊ ╱╲╱╲╳╳╳
+  ║┌─╨─┐║  │╔═╧═╗│  │╒═╪═╕│  │╓─╁─╖│  ┃┌─╂─┐┃  ┗╃╄┙  ╶┼╴╺╋╸┠┼┨ ┝╋┥    ▋ ╲╱╲╱╳╳╳
+  ║│╲ ╱│║  │║   ║│  ││ │ ││  │║ ┃ ║│  ┃│ ╿ │┃  ┍╅╆┓   ╵  ╹ ┗┷┛ └┸┘    ▌ ╱╲╱╲╳╳╳
+  ╠╡ ╳ ╞╣  ├╢   ╟┤  ├┼─┼─┼┤  ├╫─╂─╫┤  ┣┿╾┼╼┿┫  ┕┛┖┚     ┌┄┄┐ ╎ ┏┅┅┓ ┋ ▍ ╲╱╲╱╳╳╳
+  ║│╱ ╲│║  │║   ║│  ││ │ ││  │║ ┃ ║│  ┃│ ╽ │┃  ░░▒▒▓▓██ ┊  ┆ ╎ ╏  ┇ ┋ ▎
+  ║└─╥─┘║  │╚═╤═╝│  │╘═╪═╛│  │╙─╀─╜│  ┃└─╂─┘┃  ░░▒▒▓▓██ ┊  ┆ ╎ ╏  ┇ ┋ ▏
+  ╚══╩══╝  └──┴──┘  ╰──┴──╯  ╰──┴──╯  ┗━━┻━━┛  ▗▄▖▛▀▜   └╌╌┘ ╎ ┗╍╍┛ ┋  ▁▂▃▄▅▆▇█
+                                               ▝▀▘▙▄▟
diff --git a/third-party/utf8cpp/test_data/utf8samples/Unicode_transcriptions.html b/third-party/utf8cpp/test_data/utf8samples/Unicode_transcriptions.html
new file mode 100644
index 000000000..69b29ffa5
--- /dev/null
+++ b/third-party/utf8cpp/test_data/utf8samples/Unicode_transcriptions.html
@@ -0,0 +1,167 @@
+? 	*Unicode Transcriptions* 	Notes <#Notes>
+
+Glyphs <http://www.macchiato.com/unicode/show.html> | Samples
+<http://www.macchiato.com/unicode/Unicode_transcriptions.html> | Charts
+<http://www.macchiato.com/unicode/charts.html> | UTF
+<http://www.macchiato.com/unicode/convert.html> | Forms
+<http://www-4.ibm.com/software/developer/library/utfencodingforms/> |
+Home <http://www.macchiato.com>.
+<http://member.linkexchange.com/cgi-bin/fc/fastcounter-login?750641>
+
+Name 	Text 	Image
+Arabic (Arabic) 	يونِكود 	?
+Arabic (Persian) 	یونی‌کُد 	/ ?/
+Armenian 	Յունիկօդ 	
+Bengali 	য়ূনিকোড 	
+Bopomofo 	ㄊㄨㄥ˅ ㄧˋ ㄇㄚ˅ 	
+ㄨㄢˋ ㄍㄨㄛˊ ㄇㄚ˅ 	
+Braille 	  	 
+Buhid 	  	 
+Canadian Aboriginal 	ᔫᗂᑰᑦ 	
+Cherokee 	ᏳᏂᎪᏛ 	
+Cypriot 	  	 
+Cyrillic (Russian) 	Юникод 	?
+Deseret (English) 	??????? 	
+Devanagari (Hindi) 	यूनिकोड 	?
+Ethiopic 	ዩኒኮድ 	
+Georgian 	უნიკოდი 	?
+Gothic 	  	 
+Greek 	Γιούνικοντ 	
+Gujarati 	યૂનિકોડ 	
+Gurmukhi 	ਯੂਨਿਕੋਡ 	
+Han (Chinese) 	统一码 	?
+統一碼 	?
+万国码 	?
+萬國碼 	?
+Hangul 	유니코드 	
+Hanunoo 	  	 
+Hebrew 	יוניקוד 	
+Hebrew (pointed) 	יוּנִיקוׁד 	
+Hebrew (Yiddish) 	יוניקאָד 	?
+Hiragana (Japanese) 	ゆにこおど 	 
+Katakana (Japanese) 	ユニコード 	?
+Kannada 	ಯೂನಿಕೋಡ್ 	
+Khmer 	យូនីគោដ 	
+Lao 	  	 
+Latin 	Unicode 	Unicode
+Latin (IPA <#English_Pronunciation>) 	ˈjunɪˌkoːd 	?
+Latin (Am. Dict. <#American_Dictionary>) 	Ūnĭcōde̽ 	?
+Limbu 	  	 
+Linear B 	  	 
+Malayalam 	യൂനികോഡ് 	
+Mongolian 	  	
+Myanmar 	  	
+Ogham 	ᚔᚒᚅᚔᚉᚑᚇ 	/ /
+Old Italic 	  	 
+Oriya 	ୟୂନିକୋଡ 	
+Osmanya 	  	 
+Runic (Anglo-Saxon) 	ᛡᚢᚾᛁᚳᚩᛞ 	
+Shavian 	  	 
+Sinhala 	යණනිකෞද් 	
+Syriac 	ܝܘܢܝܩܘܕ 	
+Tagbanwa 	  	 
+Tagalog 	  	 
+Tai Le 	  	 
+Tamil 	யூனிகோட் 	
+Telugu 	యూనికోడ్ 	
+Thaana 	  	
+Thai 	ยูนืโคด 	
+Tibetan (Dzongkha) 	ཨུ་ནི་ཀོཌྲ། 	
+Ugaritic 	  	 
+Yi 	  	
+
+
+      Notes:
+
+There are different ways to transcribe the word “Unicode”, depending on
+the language and script. In some cases there is only one language that
+customarily uses a given script; in others there are many languages. The
+goal here is at a minimum to collect at least one transcription for each
+script in a language customarily written in that script, with more
+languages if possible. If the transcription is the same for multiple
+languages in a script, then a single representative language is used.
+
+Still missing are transcriptions for the items above in RED (in at least
+one language). I would appreciate any other transcriptions, or
+corrections for the ones listed here. Send to mark3@macchiato.com
+<mailto:mark3@macchiato.com>, using the directions below:
+
+    * *Supplying Missing Items*
+          o Most Latin-script languages will follow the spelling, and
+            change the pronunciation. For any that would not, it would
+            be good to have the alternate spelling.
+          o For non-Latin scripts the goal is to match the English
+            pronunciation — /*not*/ spelling. Above is the IPA <#IPA>
+            (in phonemic transcription) that should be matched as
+            closely as possible (without sounding affected in the target
+            language)
+          o Text would be best in either the UTF-8 text, or the code
+            points in hex HTML. E.g. either of the following:
+                + "Юникод"
+                + "&#x042E;&#x043D;&#x0438;&#x043A;&#x043E;&#x0434;"
+                + Note: for / supplementary characters/
+                  <http://www.unicode.org/glossary/#supplementary_character>,
+                  there should be one hex number per code point, not two
+                  surrogates
+                  <http://www.unicode.org/glossary/#surrogate_code_point>:
+                      # &#x10000; /*not*/ &#xD800;&xDC00;
+          o If you have a good font, I'd also appreciate a GIF. It
+            should be *96 x 24* bits, with the text centered, in black
+            on white (plus grays if smoothed).
+    * *Other Comments*
+          o Because some browsers won't handle the text, both text and
+            GIF image are supplied. If you can’t read the text columns,
+            see Display Problems
+            <http://www.unicode.org/help/display_problems.html>.
+          o The Chinese versions (inc. Bopomofo) are translations, not
+            transcriptions, since "transcription in Chinese is pretty
+            lame" [J. Becker].
+          o There are other "translations" of Unicode that may be in
+            use, such as the Vietnamese "Thống Nhất Mã".
+          o For sample pages in different languages on the Unicode site,
+            see What is Unicode?
+            <http://www.unicode.org/unicode/standard/WhatIsUnicode.html>
+          o Americans are not generally used to IPA, and find a variety
+            of different systems in their dictionaries. This one leaves
+            the base letters as they are, and uses diacritics for
+            pronunciation.
+    * *Etymology of /Unicode/*
+          o Coined by J. Becker. Not related to previous usages, such as:
+                + A telegraphic code in which one word or set of letters
+                  represents a sentence or phrase; a telegram or message
+                  in this. (late 19th century, OED)
+          o According to my references, the prefix "uni" is directly
+            from Latin while the word "code" is through French.
+          o The original Indo-European apparently would have been
+            *oino-kau-do ("one strike give"): *kau apparently being
+            related to such English words as: hew, haggle, hoe, hag,
+            hay, hack, caudad, caudal, caudate, caudex, coda, codex,
+            codicil, coward, incus, and Kovač (personal name: "smith").
+                + I will leave the exact derivations to the exegetes,
+                  but I like the association with "haggle" myself.
+    * *Contributions*
+          o This draws on contributions or comments from:
+                + Dixon Au
+                + Joe Becker
+                + Maurice Bauhahn
+                + Abel Cheung
+                + Peter Constable
+                + Michael Everson
+                + Christopher John Fynn
+                + Michael Kaplan
+                + George Kiraz
+                + Abdul Malik
+                + Siva Nataraja
+                + Roozbeh Pournader
+                + Jonathan Rosenne
+                + Jungshik Shin
+
+------------------------------------------------------------------------
+	
+
+Terms of Use <http://www.macchiato.com/terms_of_use.html>. Last updated:
+MED - 04/20/2003 15:30:33.
+<http://member.linkexchange.com/cgi-bin/fc/fastcounter-login?750641>
+
+ 
+
diff --git a/third-party/utf8cpp/test_data/utf8samples/quickbrown.txt b/third-party/utf8cpp/test_data/utf8samples/quickbrown.txt
new file mode 100644
index 000000000..5db944343
--- /dev/null
+++ b/third-party/utf8cpp/test_data/utf8samples/quickbrown.txt
@@ -0,0 +1,126 @@
+Sentences that contain all letters commonly used in a language
+--------------------------------------------------------------
+
+Markus Kuhn <http://www.cl.cam.ac.uk/~mgk25/> -- 2001-09-02
+
+This file is UTF-8 encoded.
+
+
+Danish (da)
+---------
+
+  Quizdeltagerne spiste jordbær med fløde, mens cirkusklovnen
+  Wolther spillede på xylofon.
+  (= Quiz contestants were eating strawbery with cream while Wolther
+  the circus clown played on xylophone.)
+
+German (de)
+-----------
+
+  Falsches Üben von Xylophonmusik quält jeden größeren Zwerg
+  (= Wrongful practicing of xylophone music tortures every larger dwarf)
+
+  Zwölf Boxkämpfer jagten Eva quer über den Sylter Deich
+  (= Twelve boxing fighters hunted Eva across the dike of Sylt)
+
+  Heizölrückstoßabdämpfung
+  (= fuel oil recoil absorber)
+  (jqvwxy missing, but all non-ASCII letters in one word)
+
+English (en)
+------------
+
+  The quick brown fox jumps over the lazy dog
+
+Spanish (es)
+------------
+
+  El pingüino Wenceslao hizo kilómetros bajo exhaustiva lluvia y 
+  frío, añoraba a su querido cachorro.
+  (Contains every letter and every accent, but not every combination
+  of vowel + acute.)
+
+French (fr)
+-----------
+
+  Portez ce vieux whisky au juge blond qui fume sur son île intérieure, à
+  côté de l'alcôve ovoïde, où les bûches se consument dans l'âtre, ce
+  qui lui permet de penser à la cænogenèse de l'être dont il est question
+  dans la cause ambiguë entendue à Moÿ, dans un capharnaüm qui,
+  pense-t-il, diminue çà et là la qualité de son œuvre. 
+
+  l'île exiguë
+  Où l'obèse jury mûr
+  Fête l'haï volapük,
+  Âne ex aéquo au whist,
+  Ôtez ce vœu déçu.
+
+  Le cœur déçu mais l'âme plutôt naïve, Louÿs rêva de crapaüter en
+  canoë au delà des îles, près du mälström où brûlent les novæ.
+
+Irish Gaelic (ga)
+-----------------
+
+  D'fhuascail Íosa, Úrmhac na hÓighe Beannaithe, pór Éava agus Ádhaimh
+
+Hungarian (hu)
+--------------
+
+  Árvíztűrő tükörfúrógép
+  (= flood-proof mirror-drilling machine, only all non-ASCII letters)
+
+Icelandic (is)
+--------------
+
+  Kæmi ný öxi hér ykist þjófum nú bæði víl og ádrepa
+
+  Sævör grét áðan því úlpan var ónýt
+  (some ASCII letters missing)
+
+Japanese (jp)
+-------------
+
+  Hiragana: (Iroha)
+
+  いろはにほへとちりぬるを
+  わかよたれそつねならむ
+  うゐのおくやまけふこえて
+  あさきゆめみしゑひもせす
+
+  Katakana:
+
+  イロハニホヘト チリヌルヲ ワカヨタレソ ツネナラム
+  ウヰノオクヤマ ケフコエテ アサキユメミシ ヱヒモセスン
+
+Hebrew (iw)
+-----------
+
+  ? דג סקרן שט בים מאוכזב ולפתע מצא לו חברה איך הקליטה
+
+Polish (pl)
+-----------
+
+  Pchnąć w tę łódź jeża lub ośm skrzyń fig
+  (= To push a hedgehog or eight bins of figs in this boat)
+
+Russian (ru)
+------------
+
+  В чащах юга жил бы цитрус? Да, но фальшивый экземпляр!
+  (= Would a citrus live in the bushes of south? Yes, but only a fake one!)
+
+Thai (th)
+---------
+
+  [--------------------------|------------------------]
+  ๏ เป็นมนุษย์สุดประเสริฐเลิศคุณค่า  กว่าบรรดาฝูงสัตว์เดรัจฉาน
+  จงฝ่าฟันพัฒนาวิชาการ           อย่าล้างผลาญฤๅเข่นฆ่าบีฑาใคร
+  ไม่ถือโทษโกรธแช่งซัดฮึดฮัดด่า     หัดอภัยเหมือนกีฬาอัชฌาสัย
+  ปฏิบัติประพฤติกฎกำหนดใจ        พูดจาให้จ๊ะๆ จ๋าๆ น่าฟังเอย ฯ
+
+  [The copyright for the Thai example is owned by The Computer
+  Association of Thailand under the Royal Patronage of His Majesty the
+  King.]
+
+Please let me know if you find others! Special thanks to the people
+from all over the world who contributed these sentences.
diff --git a/third-party/utf8cpp/test_drivers/negative/negative.cpp b/third-party/utf8cpp/test_drivers/negative/negative.cpp
new file mode 100644
index 000000000..0f1015d0e
--- /dev/null
+++ b/third-party/utf8cpp/test_drivers/negative/negative.cpp
@@ -0,0 +1,53 @@
+#include "../../source/utf8.h"
+using namespace utf8;
+
+#include <string>
+#include <iostream>
+#include <fstream>
+#include <algorithm>
+using namespace std;
+
+const unsigned INVALID_LINES[] = { 75, 76, 83, 84, 85, 93, 102, 103, 105, 106, 107, 108, 109, 110, 114, 115, 116, 117, 124, 125, 130, 135, 140, 145, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 169, 175, 176, 177, 207, 208, 209, 210, 211, 220, 221, 222, 223, 224, 232, 233, 234, 235, 236, 247, 248, 249, 250, 251, 252, 253, 257, 258, 259, 260, 261, 262, 263, 264};
+const unsigned* INVALID_LINES_END = INVALID_LINES + sizeof(INVALID_LINES)/sizeof(unsigned);
+
+int main(int argc, char** argv)
+{
+    string test_file_path;
+    if (argc == 2) 
+        test_file_path = argv[1];
+    else {
+        cout << "Wrong number of arguments" << endl;
+        exit(0);
+    }
+    // Open the test file
+    ifstream fs8(test_file_path.c_str());
+    if (!fs8.is_open()) {
+        cout << "Could not open " << test_file_path << endl;
+        return 0;
+    }
+
+    // Read it line by line
+    unsigned int line_count = 0;
+    char byte;
+    while (!fs8.eof()) {
+        string line;
+        while ((byte = static_cast<char>(fs8.get())) != '\n' && !fs8.eof())
+            line.push_back(byte);
+
+        line_count++;
+        bool expected_valid = (find(INVALID_LINES, INVALID_LINES_END, line_count) == INVALID_LINES_END);
+        // Print out lines that contain unexpected invalid UTF-8
+        if (!is_valid(line.begin(), line.end())) {
+            if (expected_valid)    
+                cout << "Unexpected invalid utf-8 at line " << line_count << '\n';
+
+            // try fixing it:
+            string fixed_line;
+            replace_invalid(line.begin(), line.end(), back_inserter(fixed_line));
+            if (!is_valid(fixed_line.begin(), fixed_line.end()))
+                cout << "replace_invalid() resulted in an invalid utf-8 at line " << line_count << '\n';
+        }
+        else if (!expected_valid)
+            cout << "Invalid utf-8 NOT detected at line " << line_count << '\n';
+    }
+}
diff --git a/third-party/utf8cpp/test_drivers/smoke_test/test.cpp b/third-party/utf8cpp/test_drivers/smoke_test/test.cpp
new file mode 100644
index 000000000..4f9fb0485
--- /dev/null
+++ b/third-party/utf8cpp/test_drivers/smoke_test/test.cpp
@@ -0,0 +1,298 @@
+#include <cstring>
+#include <cassert>
+#include <vector>
+#include "../../source/utf8.h"
+using namespace utf8;
+using namespace std;
+
+int main()
+{
+    //append
+    unsigned char u[5] = {0,0,0,0,0};
+
+    append(0x0448, u);
+    assert (u[0] == 0xd1 && u[1] == 0x88 && u[2] == 0 && u[3] == 0 && u[4] == 0);
+
+    append(0x65e5, u);
+    assert (u[0] == 0xe6 && u[1] == 0x97 && u[2] == 0xa5 && u[3] == 0 && u[4] == 0);
+
+    append(0x3044, u);
+    assert (u[0] == 0xe3 && u[1] == 0x81 && u[2] == 0x84 && u[3] == 0 && u[4] == 0);
+
+    append(0x10346, u);
+    assert (u[0] == 0xf0 && u[1] == 0x90 && u[2] == 0x8d && u[3] == 0x86 && u[4] == 0);
+
+
+    //next
+    const char* twochars = "\xe6\x97\xa5\xd1\x88";
+    const char* w = twochars;
+    int cp = next(w, twochars + 6);
+    assert (cp == 0x65e5);
+    assert (w == twochars + 3);
+
+    const char* threechars = "\xf0\x90\x8d\x86\xe6\x97\xa5\xd1\x88";
+    w = threechars;
+    cp = next(w, threechars + 9);
+    assert (cp == 0x10346);
+    assert (w == threechars + 4);
+    cp = next(w, threechars + 9);
+    assert (cp == 0x65e5);
+    assert (w == threechars + 7);
+    cp = next(w, threechars + 9);
+    assert (cp == 0x0448);
+    assert (w == threechars + 9);
+
+    //peek_next
+    const char* const cw = twochars;
+    cp = peek_next(cw, cw + 6);
+    assert (cp == 0x65e5);
+    assert (cw == twochars);
+
+    //prior
+    w = twochars + 3;
+    cp = prior (w, twochars);
+    assert (cp == 0x65e5);
+    assert (w == twochars);
+
+    w = threechars + 9;
+    cp = prior(w, threechars);
+    assert (cp == 0x0448);
+    assert (w == threechars + 7);
+    cp = prior(w, threechars);
+    assert (cp == 0x65e5);
+    assert (w == threechars + 4);
+    cp = prior(w, threechars);
+    assert (cp == 0x10346);
+    assert (w == threechars); 
+
+    //previous (deprecated)
+    w = twochars + 3;
+    cp = previous (w, twochars - 1);
+    assert (cp == 0x65e5);
+    assert (w == twochars);
+
+    w = threechars + 9;
+    cp = previous(w, threechars - 1);
+    assert (cp == 0x0448);
+    assert (w == threechars + 7);
+    cp = previous(w, threechars -1);
+    assert (cp == 0x65e5);
+    assert (w == threechars + 4);
+    cp = previous(w, threechars - 1);
+    assert (cp == 0x10346);
+    assert (w == threechars); 
+
+    // advance
+    w = twochars;
+    advance (w, 2, twochars + 6);
+    assert (w == twochars + 5);
+
+    // distance
+    size_t dist = utf8::distance(twochars, twochars + 5);
+    assert (dist == 2);
+
+    // utf32to8
+    int utf32string[] = {0x448, 0x65E5, 0x10346, 0};
+    vector<char> utf8result;
+    utf32to8(utf32string, utf32string + 3, back_inserter(utf8result));
+    assert (utf8result.size() == 9);
+    // try it with the return value;
+    char* utf8_end = utf32to8(utf32string, utf32string + 3, &utf8result[0]);
+    assert (utf8_end == &utf8result[0] + 9);
+
+    //utf8to32
+    vector<int> utf32result;
+    utf8to32(twochars, twochars + 5, back_inserter(utf32result));
+    assert (utf32result.size() == 2);
+    // try it with the return value;
+    int* utf32_end = utf8to32(twochars, twochars + 5, &utf32result[0]);
+    assert (utf32_end == &utf32result[0] + 2);
+
+    //utf16to8
+    unsigned short utf16string[] = {0x41, 0x0448, 0x65e5, 0xd834, 0xdd1e};
+    utf8result.clear();
+    utf16to8(utf16string, utf16string + 5, back_inserter(utf8result));
+    assert (utf8result.size() == 10);
+    // try it with the return value;
+    utf8_end = utf16to8 (utf16string, utf16string + 5, &utf8result[0]);
+    assert (utf8_end == &utf8result[0] + 10);
+
+    //utf8to16
+    char utf8_with_surrogates[] = "\xe6\x97\xa5\xd1\x88\xf0\x9d\x84\x9e";
+    vector <unsigned short> utf16result;
+    utf8to16(utf8_with_surrogates, utf8_with_surrogates + 9, back_inserter(utf16result));
+    assert (utf16result.size() == 4);
+    assert (utf16result[2] == 0xd834);
+    assert (utf16result[3] == 0xdd1e);
+    // try it with the return value;
+    unsigned short* utf16_end = utf8to16 (utf8_with_surrogates, utf8_with_surrogates + 9, &utf16result[0]);
+    assert (utf16_end == &utf16result[0] + 4);
+
+    //find_invalid
+    char utf_invalid[] = "\xe6\x97\xa5\xd1\x88\xfa";
+    char* invalid = find_invalid(utf_invalid, utf_invalid + 6);
+    assert (invalid == utf_invalid + 5);
+
+    //is_valid
+    bool bvalid = is_valid(utf_invalid, utf_invalid + 6);
+    assert (bvalid == false);
+    bvalid = is_valid(utf8_with_surrogates, utf8_with_surrogates + 9);
+    assert (bvalid == true);
+
+    //starts_with_bom
+    unsigned char byte_order_mark[] = {0xef, 0xbb, 0xbf};
+    bool bbom = starts_with_bom(byte_order_mark, byte_order_mark + sizeof(byte_order_mark));
+    assert (bbom == true);
+	bool no_bbom = starts_with_bom(threechars, threechars + sizeof(threechars));
+	assert (no_bbom == false);
+
+    //is_bom
+	bool unsafe_bbom = is_bom(byte_order_mark);
+    assert (unsafe_bbom == true);
+
+    
+    //replace_invalid
+    char invalid_sequence[] = "a\x80\xe0\xa0\xc0\xaf\xed\xa0\x80z";
+    vector<char> replace_invalid_result;
+    replace_invalid (invalid_sequence, invalid_sequence + sizeof(invalid_sequence), std::back_inserter(replace_invalid_result), '?');
+    bvalid = is_valid(replace_invalid_result.begin(), replace_invalid_result.end());
+    assert (bvalid);
+    const char fixed_invalid_sequence[] = "a????z";
+    assert (sizeof(fixed_invalid_sequence) == replace_invalid_result.size());
+    assert (std::equal(replace_invalid_result.begin(), replace_invalid_result.begin() + sizeof(fixed_invalid_sequence), fixed_invalid_sequence));
+
+    // iterator
+    utf8::iterator<const char*> it(threechars, threechars, threechars + 9);
+    utf8::iterator<const char*> it2 = it;
+    assert (it2 == it);
+    assert (*it == 0x10346);
+    assert (*(++it) == 0x65e5);
+    assert ((*it++) == 0x65e5);
+    assert (*it == 0x0448);
+    assert (it != it2);
+    utf8::iterator<const char*> endit (threechars + 9, threechars, threechars + 9);  
+    assert (++it == endit);
+    assert (*(--it) == 0x0448);
+    assert ((*it--) == 0x0448);
+    assert (*it == 0x65e5);
+    assert (--it == utf8::iterator<const char*>(threechars, threechars, threechars + 9));
+    assert (*it == 0x10346);
+
+    //////////////////////////////////////////////////////////
+    //// Unchecked variants
+    //////////////////////////////////////////////////////////
+
+    //append
+    memset(u, 0, 5);
+    append(0x0448, u);
+    assert (u[0] == 0xd1 && u[1] == 0x88 && u[2] == 0 && u[3] == 0 && u[4] == 0);
+
+    append(0x65e5, u);
+    assert (u[0] == 0xe6 && u[1] == 0x97 && u[2] == 0xa5 && u[3] == 0 && u[4] == 0);
+
+    append(0x10346, u);
+    assert (u[0] == 0xf0 && u[1] == 0x90 && u[2] == 0x8d && u[3] == 0x86 && u[4] == 0);
+
+    //next
+    w = twochars;
+    cp = unchecked::next(w);
+    assert (cp == 0x65e5);
+    assert (w == twochars + 3);
+
+    w = threechars;
+    cp = unchecked::next(w);
+    assert (cp == 0x10346);
+    assert (w == threechars + 4);
+    cp = unchecked::next(w);
+    assert (cp == 0x65e5);
+    assert (w == threechars + 7);
+    cp = unchecked::next(w);
+    assert (cp == 0x0448);
+    assert (w == threechars + 9);
+
+    //peek_next
+    cp = unchecked::peek_next(cw);
+    assert (cp == 0x65e5);
+    assert (cw == twochars);
+
+
+    //previous (calls prior internally)
+
+    w = twochars + 3;
+    cp = unchecked::previous (w);
+    assert (cp == 0x65e5);
+    assert (w == twochars);
+
+    w = threechars + 9;
+    cp = unchecked::previous(w);
+    assert (cp == 0x0448);
+    assert (w == threechars + 7);
+    cp = unchecked::previous(w);
+    assert (cp == 0x65e5);
+    assert (w == threechars + 4);
+    cp = unchecked::previous(w);
+    assert (cp == 0x10346);
+    assert (w == threechars); 
+
+    // advance
+    w = twochars;
+    unchecked::advance (w, 2);
+    assert (w == twochars + 5);
+
+    // distance
+    dist = unchecked::distance(twochars, twochars + 5);
+    assert (dist == 2);
+
+    // utf32to8
+    utf8result.clear();
+    unchecked::utf32to8(utf32string, utf32string + 3, back_inserter(utf8result));
+    assert (utf8result.size() == 9);
+    // try it with the return value;
+    utf8_end = utf32to8(utf32string, utf32string + 3, &utf8result[0]);
+    assert(utf8_end == &utf8result[0] + 9);
+
+    //utf8to32
+    utf32result.clear();
+    unchecked::utf8to32(twochars, twochars + 5, back_inserter(utf32result));
+    assert (utf32result.size() == 2);
+    // try it with the return value;
+    utf32_end = utf8to32(twochars, twochars + 5, &utf32result[0]);
+    assert (utf32_end == &utf32result[0] + 2);
+
+    //utf16to8
+    utf8result.clear();
+    unchecked::utf16to8(utf16string, utf16string + 5, back_inserter(utf8result));
+    assert (utf8result.size() == 10);
+    // try it with the return value;
+    utf8_end = utf16to8 (utf16string, utf16string + 5, &utf8result[0]);
+    assert (utf8_end == &utf8result[0] + 10);
+
+    //utf8to16
+    utf16result.clear();
+    unchecked::utf8to16(utf8_with_surrogates, utf8_with_surrogates + 9, back_inserter(utf16result));
+    assert (utf16result.size() == 4);
+    assert (utf16result[2] == 0xd834);
+    assert (utf16result[3] == 0xdd1e);
+    // try it with the return value;
+    utf16_end = utf8to16 (utf8_with_surrogates, utf8_with_surrogates + 9, &utf16result[0]);
+    assert (utf16_end == &utf16result[0] + 4);
+    
+    // iterator
+    utf8::unchecked::iterator<const char*> un_it(threechars);
+    utf8::unchecked::iterator<const char*> un_it2 = un_it;
+    assert (un_it2 == un_it);
+    assert (*un_it == 0x10346);
+    assert (*(++un_it) == 0x65e5);
+    assert ((*un_it++) == 0x65e5);
+    assert (un_it != un_it2);
+    assert (*un_it == 0x0448);
+    utf8::unchecked::iterator<const char*> un_endit (threechars + 9);  
+    assert (++un_it == un_endit);
+    assert (*(--un_it) == 0x0448);
+    assert ((*un_it--) == 0x0448);
+    assert (*un_it == 0x65e5);
+    assert (--un_it == utf8::unchecked::iterator<const char*>(threechars));
+    assert (*un_it == 0x10346);
+}
+
+
diff --git a/third-party/utf8cpp/test_drivers/utf8reader/utf8reader.cpp b/third-party/utf8cpp/test_drivers/utf8reader/utf8reader.cpp
new file mode 100644
index 000000000..c88a5ee1b
--- /dev/null
+++ b/third-party/utf8cpp/test_drivers/utf8reader/utf8reader.cpp
@@ -0,0 +1,160 @@
+#include "../../source/utf8.h"
+using namespace utf8;
+
+#include <string>
+#include <iostream>
+#include <fstream>
+#include <vector>
+using namespace std;
+
+int main(int argc, char** argv)
+{
+    if (argc != 2) {
+        cout << "\nUsage: utfreader filename\n";
+        return 0;
+    }
+    const char* TEST_FILE_PATH = argv[1];
+    // Open the test file
+    ifstream fs8(TEST_FILE_PATH);
+    if (!fs8.is_open()) {
+    cout << "Could not open " << TEST_FILE_PATH << endl;
+    return 0;
+    }
+
+    // Read it line by line
+    unsigned int line_count = 0;
+    char byte;
+    while (!fs8.eof()) {
+        string line;
+        while ((byte = static_cast<char>(fs8.get())) != '\n' && !fs8.eof()) 
+            line.push_back(byte);
+
+        line_count++;
+	// Play around with each line and convert it to utf16
+        string::iterator line_start = line.begin();
+        string::iterator line_end   = line.end();
+        line_end = find_invalid(line_start, line_end);
+        if (line_end != line.end()) 
+            cout << "Line " << line_count << ": Invalid utf-8 at byte " << int(line.end() - line_end) << '\n';
+
+        // Convert it to utf-16 and write to the file
+        vector<unsigned short> utf16_line;
+        utf8to16(line_start, line_end, back_inserter(utf16_line));
+
+        // Back to utf-8 and compare it to the original line.
+        string back_to_utf8;
+        utf16to8(utf16_line.begin(), utf16_line.end(), back_inserter(back_to_utf8));
+        if (back_to_utf8.compare(string(line_start, line_end)) != 0) 
+            cout << "Line " << line_count << ": Conversion to UTF-16 and back failed" << '\n';
+
+        // Now, convert it to utf-32, back to utf-8 and compare
+        vector <unsigned> utf32_line;
+        utf8to32(line_start, line_end, back_inserter(utf32_line));
+        back_to_utf8.clear();
+        utf32to8(utf32_line.begin(), utf32_line.end(), back_inserter(back_to_utf8));
+        if (back_to_utf8.compare(string(line_start, line_end)) != 0) 
+            cout << "Line " << line_count << ": Conversion to UTF-32 and back failed" << '\n';
+
+        // Now, iterate and back
+        unsigned char_count = 0;
+        string::iterator it = line_start;
+        while (it != line_end) {
+            unsigned int next_cp = peek_next(it, line_end);
+            if (next(it, line_end) != next_cp)
+                cout << "Line " << line_count << ": Error: peek_next gave a different result than next" << '\n';
+            char_count++;
+        }
+        if (char_count != utf32_line.size())
+            cout << "Line " << line_count << ": Error in iterating with next - wrong number of characters" << '\n';
+
+        string::iterator adv_it = line_start;
+        utf8::advance(adv_it, char_count, line_end);
+        if (adv_it != line_end)
+            cout << "Line " << line_count << ": Error in advance function" << '\n';
+
+        if (string::size_type(utf8::distance(line_start, line_end)) != char_count)
+            cout << "Line " << line_count << ": Error in distance function" << '\n';
+
+        while (it != line_start) {
+            previous(it, line.rend().base());
+            char_count--;
+        }
+        if (char_count != 0)
+            cout << "Line " << line_count << ": Error in iterating with previous - wrong number of characters" << '\n';
+
+        // Try utf8::iterator
+        utf8::iterator<string::iterator> u8it(line_start, line_start, line_end);
+        if (!utf32_line.empty() && *u8it != utf32_line.at(0))
+          cout << "Line " << line_count << ": Error in utf::iterator * operator" << '\n'; 
+        if (std::distance(u8it, utf8::iterator<string::iterator>(line_end, line_start, line_end)) != static_cast<int>(utf32_line.size()))
+          cout << "Line " << line_count << ": Error in using utf::iterator with std::distance - wrong number of characters" << '\n';
+
+        std::advance(u8it, utf32_line.size());
+        if (u8it != utf8::iterator<string::iterator>(line_end, line_start, line_end))
+          cout << "Line " << line_count << ": Error in using utf::iterator with std::advance" << '\n';
+
+
+        //======================== Now, the unchecked versions ======================
+        // Convert it to utf-16 and compare to the checked version
+        vector<unsigned short> utf16_line_unchecked;
+        unchecked::utf8to16(line_start, line_end, back_inserter(utf16_line_unchecked));
+
+        if (utf16_line != utf16_line_unchecked)
+            cout << "Line " << line_count << ": Error in unchecked::utf8to16" << '\n';
+
+        // Back to utf-8 and compare it to the original line.
+        back_to_utf8.clear();
+        unchecked::utf16to8(utf16_line_unchecked.begin(), utf16_line_unchecked.end(), back_inserter(back_to_utf8));
+        if (back_to_utf8.compare(string(line_start, line_end)) != 0) 
+            cout << "Line " << line_count << ": Unchecked conversion to UTF-16 and back failed" << '\n';
+
+        // Now, convert it to utf-32, back to utf-8 and compare
+        vector <unsigned> utf32_line_unchecked;
+        unchecked::utf8to32(line_start, line_end, back_inserter(utf32_line_unchecked));
+        if (utf32_line != utf32_line_unchecked)
+            cout << "Line " << line_count << ": Error in unchecked::utf8to32" << '\n';
+
+        back_to_utf8.clear();
+        unchecked::utf32to8(utf32_line.begin(), utf32_line.end(), back_inserter(back_to_utf8));
+        if (back_to_utf8.compare(string(line_start, line_end)) != 0) 
+            cout << "Line " << line_count << ": Unchecked conversion to UTF-32 and back failed" << '\n';
+
+        // Now, iterate and back
+        char_count = 0;
+        it = line_start;
+        while (it != line_end) {
+            unsigned int next_cp = unchecked::peek_next(it); 
+            if (unchecked::next(it) != next_cp)
+              cout << "Line " << line_count << ": Error: unchecked::peek_next gave a different result than unchecked::next" << '\n';;
+            char_count++;
+        }
+        if (char_count != utf32_line.size())
+            cout << "Line " << line_count << ": Error in iterating with unchecked::next - wrong number of characters" << '\n';
+
+        adv_it = line_start;
+        utf8::unchecked::advance(adv_it, char_count);
+        if (adv_it != line_end)
+            cout << "Line " << line_count << ": Error in unchecked::advance function" << '\n';
+
+        if (string::size_type(utf8::unchecked::distance(line_start, line_end)) != char_count)
+            cout << "Line " << line_count << ": Error in unchecked::distance function" << '\n';
+
+        while (it != line_start) {
+            unchecked::previous(it);
+            char_count--;
+        }
+        if (char_count != 0)
+            cout << "Line " << line_count << ": Error in iterating with unchecked::previous - wrong number of characters" << '\n';
+
+        // Try utf8::unchecked::iterator
+        utf8::unchecked::iterator<string::iterator> un_u8it(line_start);
+        if (!utf32_line.empty() && *un_u8it != utf32_line.at(0))
+          cout << "Line " << line_count << ": Error in utf::unchecked::iterator * operator" << '\n'; 
+        if (std::distance(un_u8it, utf8::unchecked::iterator<string::iterator>(line_end)) != static_cast<int>(utf32_line.size()))
+          cout << "Line " << line_count << ": Error in using utf::unchecked::iterator with std::distance - wrong number of characters" << '\n';
+
+        std::advance(un_u8it, utf32_line.size());
+        if (un_u8it != utf8::unchecked::iterator<string::iterator>(line_end))
+          cout << "Line " << line_count << ": Error in using utf::unchecked::iterator with std::advance" << '\n';
+    }
+}
diff --git a/third-party/yajl/.gitignore b/third-party/yajl/.gitignore
deleted file mode 100644
index b0aff9afe..000000000
--- a/third-party/yajl/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-.DS_Store
-Makefile
-/build/
diff --git a/third-party/yajl/BUILDING b/third-party/yajl/BUILDING
deleted file mode 100644
index 8460ed4b4..000000000
--- a/third-party/yajl/BUILDING
+++ /dev/null
@@ -1,23 +0,0 @@
-Short story (If you already have ruby and cmake):
-
-./configure && make install
-
-When things go wrong:
-
-attain CMake (http://www.cmake.org) and ruby (http://ruby-lang.org) and
-try again.
-
-OR, attain CMake and build by hand:
-
-1. mkdir build
-2. cd build
-3. cmake ..
-4. make 
-5. build output left in yajl-X.Y.Z
-
-NOTE: for 64-bit systems where lib64 is used you can pass the cmake
-      variable LIB_SUFFIX to cause installation into the system's 'lib64'
-      directory.
-
-best,
-lloyd
diff --git a/third-party/yajl/BUILDING.win32 b/third-party/yajl/BUILDING.win32
deleted file mode 100644
index 6b35aa451..000000000
--- a/third-party/yajl/BUILDING.win32
+++ /dev/null
@@ -1,27 +0,0 @@
-YAJL has been successfully built using Visual Studio 8.  CMake, a
-build file generator, is used to build the software.  CMake supports
-several different build environments, so you may either build YAJL
-using the IDE via the following steps:
-
-1. acquire cmake (http://www.cmake.org)
-2. mkdir build
-3. cd build
-4. cmake ..
-5. devenv YetAnotherJSONParser.sln /project ALL_BUILD /build Release
-6. build output is left in build/yajl-X.Y.Z
-
-Or you can build from the command line using nmake:
-
-1. Click Start > Programs > Microsoft Visual Studio > Visual Studio
-Tools > Visual Studio Command Prompt -- for your version of Visual
-Studio, which will open a command prompt.  You may verify that the
-compiler is in your path by typing "cl /?" at the prompt.
-2. cd C:\path\to\yajl\source\
-3. mkdir build
-4. cd build
-5. cmake -G"NMake Makefiles" -DCMAKE_BUILD_TYPE=Release ..
-6. nmake
-7. nmake install
-
-Earlier versions of visual studio and other build generators haven't
-been thoroughly tested, but should work without any major issues.
diff --git a/third-party/yajl/CMakeLists.txt b/third-party/yajl/CMakeLists.txt
deleted file mode 100644
index 7440dab50..000000000
--- a/third-party/yajl/CMakeLists.txt
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
-
-PROJECT(YetAnotherJSONParser C)
-
-SET (YAJL_MAJOR 2)
-SET (YAJL_MINOR 1)
-SET (YAJL_MICRO 0)
-
-IF (WIN32)
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4")
-  ADD_DEFINITIONS(-DWIN32)
-
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /wd4996 /wd4255 /wd4130 /wd4100 /wd4711")
-  SET(CMAKE_C_FLAGS_DEBUG "/D DEBUG /Od /Z7")
-  SET(CMAKE_C_FLAGS_RELEASE "/D NDEBUG /O2")
-ELSE (WIN32)
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
-  IF(CMAKE_COMPILER_IS_GNUCC)
-    INCLUDE(CheckCCompilerFlag)
-    CHECK_C_COMPILER_FLAG(-fvisibility=hidden HAVE_GCC_VISIBILITY)
-    IF(HAVE_GCC_VISIBILITY)
-      SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden")
-    ENDIF(HAVE_GCC_VISIBILITY)
-  ENDIF(CMAKE_COMPILER_IS_GNUCC)
-  SET(CMAKE_C_FLAGS
-      "${CMAKE_C_FLAGS} -std=c99 -pedantic -Wpointer-arith -Wno-format-y2k -Wstrict-prototypes -Wmissing-declarations -Wnested-externs -Wextra	-Wundef -Wwrite-strings -Wold-style-definition -Wredundant-decls -Wno-unused-parameter -Wno-sign-compare -Wmissing-prototypes")
-
-  SET(CMAKE_C_FLAGS_DEBUG "-DDEBUG")
-  SET(CMAKE_C_FLAGS_RELEASE "-DNDEBUG -Wuninitialized")
-ENDIF (WIN32)
-
-ADD_SUBDIRECTORY(src)
diff --git a/third-party/yajl/COPYING b/third-party/yajl/COPYING
deleted file mode 100644
index 30be34901..000000000
--- a/third-party/yajl/COPYING
+++ /dev/null
@@ -1,13 +0,0 @@
-Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/third-party/yajl/ChangeLog b/third-party/yajl/ChangeLog
deleted file mode 100644
index 343f89469..000000000
--- a/third-party/yajl/ChangeLog
+++ /dev/null
@@ -1,189 +0,0 @@
-2.1.0
-     * @nonodename, @patperry - fixed some compiler warnings
-     * @yep, @emaste - documentation improvements
-     * @sgravrock - build fix for NetBSD (and whenever sh != bash)
-     * @rotty, @brimstone3, @lloyd - allow client to reset generator
-     * @sgravrock - remove bash dependencies
-     * @lloyd - add api tests
-     * @rflynn - remove ruby dependency
-     * @cloderic - nmake install works on windows
-     * @shahbag - build fix for qnx
-     * @breese - debugging improvements
-     * @lloyd - json_verify supports -s flag for stream processing
-     * @lloyd - json_reformat supports -s flag for stream processing
-
-2.0.4
-     * @jcekstrom - additional checking in integer parsing
-     * @jcekstrom - fix a bug in yajl_tree that would cause valid json integersto fail to parse
-     * @plaguemorin - fix a memory leak in yajl_tree (error strings were being leaked)
-     * @7AC - reset errno
-     * @ConradIrwin - include flags to reformatter to allow toggling of escape solidus option
-
-2.0.3
-     * John Stamp generation of a pkgconfig file at build time.
-     * @robzuber bugfix in yajl_tree_get()
-     * @lloyd - fix for compilation on 64 bit windows
-
-2.0.2
-     * lth fix typos in yajl_tree.h macros YAJL_IS_INTEGER and YAJL_IS_DOUBLE,
-	contributed by Artem S Vybornov.
-     * lth add #ifdef __cplusplus wrappers to yajl_tree to allow proper
-	usage from many populer C++ compilers.
-
-2.0.1
-     * lth generator flag to allow client to specify they want
-	escaped solidi '/'.  issue #28
-     * lth crash fix when yajl_parse() is never called. issue #27
-
-2.0.0
-     * lth YAJL is now ISC licensed: http://en.wikipedia.org/wiki/ISC_license
-     * lth 20-35% (osx and linux respectively) parsing performance
-	improvement attained by tweaking string scanning (idea: @michaelrhanson).
-     * Florian Forster & lth - yajl_tree interface introduced as a higher level
-	interface to the parser (eats JSON, poops a memory representation)
-     * lth require a C99 compiler
-     * lth integers are now represented with long long (64bit+) on all platforms.
-     * lth size_t now used throughout to represent buffer lengths, so you can
-	safely manage buffers greater than 4GB.
-     * gno semantic improvements to yajl's API regarding partial value parsing and
-	trailing garbage
-     * lth new configuration mechanism for yajl, see yajl_config() and
-	yajl_gen_config()
-     * gno more allocation checking in more places
-     * gno remove usage of strtol, replace with custom implementation that cares
-	not about your locale.
-     * lth yajl_parse_complete renamed to yajl_complete_parse.
-     * lth add a switch to validate utf8 strings as they are generated.
-     * lth tests are a lot quieter in their output.
-     * lth addition of a little in tree performance benchmark, `perftest` in
-	perf/perftest.c
-
-1.0.12
-     * Conrad Irwin - Parse null bytes correctly
-     * Mirek Rusin - fix LLVM warnings
-     * gno - Don't generate numbers for keys. closes #13
-     * lth - various win32 fixes, including build documentation improvements
-     * John Stamp - Don't export private symbols.
-     * John Stamp - Install yajl_version.h, not the template.
-     * John Stamp - Don't use -fPIC for static lib.  Cmake will automatically add it for the shared.
-     * lth 0 fix paths embedded in dylib upon installation on osx.  closes #11
-
-1.0.11
-     * lth remove -Wno-missing-field-initializers for greater gcc compat (3.4.6)
-
-1.0.10
-     * Brian Maher - yajl is now buildable without a c++ compiler present
-     * Brian Maher - fix header installation on OSX with cmake 2.8.0 installed
-     * lth & vitali - allow builder to specify alternate lib directory
-	for installation (i.e. lib64) 
-     * Vitali Lovich - yajl version number now programatically accessible
-     * lth - prevent cmake from embedding rpaths in binaries.  Static linking
-	makes this unneccesary.
-
-1.0.9
-     * lth - fix inverted logic causing yajl_gen_double() to always fail on
-	win32 (thanks to Fredrik Kihlander for the report) 
-
-1.0.8
-     * Randall E. Barker - move dllexport defnitions so dlls with proper
-	exports can again be generated on windows 
-     * lth - add yajl_get_bytes_consumed() which allows the client to
-	determine the offset as an error, as well as determine how
-	many bytes of an input buffer were consumed.
-     * lth - fixes to keep "error offset" up to date (like when the
-	client callback returns 0)
-     * Brian Maher - allow client to specify a printing function in
-       generation
-
-1.0.7
-     * lth fix win32 build (isinf and isnan)
-
-1.0.6
-     * lth fix several compiler warnings
-     * lth fix generation of invalid json from yajl_gen_double
-	(NaN is not JSON)
-     * jstamp support for combining short options in tools
-     * jstamp exit properly on errors from tools
-     * octo test success no longer depends on integer size
-     * max fix configure --prefix
-
-1.0.5
-     * lth several performance improvements related to function
-	inlinin'
-
-1.0.4
-     * lth fix broken utf8 validation for three & four byte represenations.
-	thanks to http://github.com/brianmario and
-	http://github.com/technoweenie
-
-1.0.3
-     * lth fix syntax error in cplusplus extern "C" statements for wider
-	compiler support
-
-1.0.2
-     * lth update doxygen documentation with new sample code, passing NULL
-	for allocation functions added in 1.0.0
-
-1.0.1
-     * lth resolve crash in json_reformatter due to incorrectly ordered
-	parameters.
-
-1.0.0
-     * lth add 'make install' rules, thaks to Andrei Soroker for the
-	contribution.
-     * lth client may override allocation routines at generator or parser
-	allocation time
-     * tjw add yajl_parse_complete routine to allow client to explicitly
-	specify end-of-input, solving the "lonely number" case, where
-	json text consists only of an element with no explicit syntactic
-	end.
-     * tjw many new test cases	
-     * tjw cleanup of code for symmetry and ease of reading
-     * lth integration of patches from Robert Varga which cleanup
-	compilation warnings on 64 bit linux
-
-0.4.0
-     * lth buffer overflow bug in yajl_gen_double s/%lf/%g/ - thanks to
-	Eric Bergstrome
-     * lth yajl_number callback to allow passthrough of arbitrary precision
-	numbers to client.  Thanks to Hatem Nassrat.
-     * lth yajl_integer now deals in long, instead of long long.  This
-	combined with yajl_number improves compiler compatibility while
-	maintaining precision.
-     * lth better ./configure && make experience (still requires cmake and
-	ruby)
-     * lth fix handling of special characters hex 0F and 1F in yajl_encode
-	(thanks to Robert Geiger)
-     * lth allow leading zeros in exponents (thanks to Hatem Nassrat)
-
-0.3.0
-     * lth doxygen documentation (html & man) generated as part of the
-	build
-     * lth many documentation updates.
-     * lth fix to work with older versions of cmake (don't use LOOSE_LOOP
-	constructs)
-     * lth work around different behavior of freebsd 4 scanf.  initialize
-	parameter to scanf to zero.
-     * lth all tests run 32x with ranging buffer sizes to stress stream
-        parsing
-     * lth yajl_test accepts -b option to allow read buffer size to be
-        set
-     * lth option to validate UTF8 added to parser (argument in
-        yajl_parser_cfg)
-     * lth fix buffer overrun when chunk ends inside \u escaped text
-     * lth support client cancelation
-
-0.2.2
-     * lth on windows build debug with C7 symbols and no pdb files.
-
-0.2.1
-     * fix yajl_reformat and yajl_verify to work on arbitrarily sized
-        inputs.
-     * fix win32 build break, clean up all errors and warnings.
-     * fix optimized build flags.
-
-0.2.0
-     * optionally support comments in input text
-
-0.1.0
-     * Initial release
diff --git a/third-party/yajl/README b/third-party/yajl/README
deleted file mode 100644
index ad6175923..000000000
--- a/third-party/yajl/README
+++ /dev/null
@@ -1,74 +0,0 @@
-**********************************************************************
-        This is YAJL 2.  For the legacy version of YAJL see
-              https://github.com/lloyd/yajl/tree/1.x
-**********************************************************************
-
-Welcome to Yet Another JSON Library (YAJL)
-
-## Why does the world need another C library for parsing JSON?  
-
-Good question.  In a review of current C JSON parsing libraries I was 
-unable to find one that satisfies my requirements.  Those are, 
-0. written in C
-1. portable
-2. robust -- as close to "crash proof" as possible
-3. data representation independent
-4. fast
-5. generates verbose, useful error messages including context of where
-   the error occurs in the input text.
-6. can parse JSON data off a stream, incrementally
-7. simple to use
-8. tiny
-
-Numbers 3, 5, 6, and 7 were particularly hard to find, and were what 
-caused me to ultimately create YAJL.  This document is a tour of some
-of the more important aspects of YAJL.
-
-## YAJL is Free.
-
-Permissive licensing means you can use it in open source and
-commercial products alike without any fees.  My request beyond the
-licensing is that if you find bugs drop me a email, or better yet,
-fork and fix.
-
-Porting YAJL should be trivial, the implementation is ANSI C.  If you
-port to new systems I'd love to hear of it and integrate your patches.
-
-## YAJL is data representation independent.
-
-BYODR!  Many JSON libraries impose a structure based data representation
-on you.  This is a benefit in some cases and a drawback in others.
-YAJL uses callbacks to remain agnostic of the in-memory representation.
-So if you wish to build up an in-memory representation, you may do so
-using YAJL, but you must bring the code that defines and populates the
-in memory structure.
-
-This also means that YAJL can be used by other (higher level) JSON
-libraries if so desired.
-
-## YAJL supports stream parsing
-
-This means you do not need to hold the whole JSON representation in
-textual form in memory.  This makes YAJL ideal for filtering projects,
-where you're converting YAJL from one form to another (i.e. XML).  The
-included JSON pretty printer is an example of such a filter program.
-
-## YAJL is fast
-
-Minimal memory copying is performed.  YAJL, when possible, returns
-pointers into the client provided text (i.e. for strings that have no
-embedded escape chars, hopefully the common case).  I've put a lot of
-effort into profiling and tuning performance, but I have ignored a
-couple possible performance improvements to keep the interface clean,
-small, and flexible.  My hope is that YAJL will perform comparably to
-the fastest JSON parser out there.
-
-YAJL should impose both minimal CPU and memory requirements on your
-application.
-
-## YAJL is tiny.
-
-Fat free.  No whip.
-
-enjoy,
-Lloyd - July, 2007 
diff --git a/third-party/yajl/TODO b/third-party/yajl/TODO
deleted file mode 100644
index 56c3dc080..000000000
--- a/third-party/yajl/TODO
+++ /dev/null
@@ -1,9 +0,0 @@
-* add a test for 0x1F bug
-* numeric overflow in integers and double
-* line and char offsets in the lexer and in error messages
-* testing:
-  a. the permuter
-  b. some performance comparison against json_checker.
-* investigate pull instead of push parsing
-* Handle memory allocation failures gracefully
-* cygwin/msys support on win32
diff --git a/third-party/yajl/src/CMakeLists.txt b/third-party/yajl/src/CMakeLists.txt
deleted file mode 100644
index be277d1b3..000000000
--- a/third-party/yajl/src/CMakeLists.txt
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-SET (SRCS yajl.c yajl_lex.c yajl_parser.c yajl_buf.c
-          yajl_encode.c yajl_gen.c yajl_alloc.c
-          yajl_tree.c yajl_version.c
-)
-SET (HDRS yajl_parser.h yajl_lex.h yajl_buf.h yajl_encode.h yajl_alloc.h)
-SET (PUB_HDRS api/yajl_parse.h api/yajl_gen.h api/yajl_common.h api/yajl_tree.h)
-
-# useful when fixing lexer bugs.
-#ADD_DEFINITIONS(-DYAJL_LEXER_DEBUG)
-
-# Ensure defined when building YAJL (as opposed to using it from
-# another project).  Used to ensure correct function export when
-# building win32 DLL.
-ADD_DEFINITIONS(-DYAJL_BUILD)
-
-# set up some paths
-SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../include/yajl)
-
-ADD_LIBRARY(yajl OBJECT ${SRCS} ${HDRS} ${PUB_HDRS})
-
-#### setup shared library version number
-SET_TARGET_PROPERTIES(yajl
-    PROPERTIES
-    FOLDER Lib
-)
-
-#### build up an sdk as a post build step
-
-# create some directories
-FILE(MAKE_DIRECTORY ${incDir})
-
-# generate build-time source
-CONFIGURE_FILE(api/yajl_version.h.cmake ${incDir}/yajl_version.h)
-
-# copy public headers to output directory
-FOREACH (header ${PUB_HDRS})
-  SET (header "${CMAKE_CURRENT_SOURCE_DIR}/${header}")
-
-  EXEC_PROGRAM(${CMAKE_COMMAND} ARGS -E copy_if_different \"${header}\" \"${incDir}\")
-ENDFOREACH (header ${PUB_HDRS})
-
-INCLUDE_DIRECTORIES(${incDir}/..)
diff --git a/third-party/yajl/src/api/yajl_common.h b/third-party/yajl/src/api/yajl_common.h
deleted file mode 100644
index 9596ef98d..000000000
--- a/third-party/yajl/src/api/yajl_common.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef __YAJL_COMMON_H__
-#define __YAJL_COMMON_H__
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define YAJL_MAX_DEPTH 128
-
-/* msft dll export gunk.  To build a DLL on windows, you
- * must define WIN32, YAJL_SHARED, and YAJL_BUILD.  To use a shared
- * DLL, you must define YAJL_SHARED and WIN32 */
-#if (defined(_WIN32) || defined(WIN32)) && defined(YAJL_SHARED)
-#  ifdef YAJL_BUILD
-#    define YAJL_API __declspec(dllexport)
-#  else
-#    define YAJL_API __declspec(dllimport)
-#  endif
-#else
-#  if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) >= 303
-#    define YAJL_API __attribute__ ((visibility("default")))
-#  else
-#    define YAJL_API
-#  endif
-#endif
-
-/** pointer to a malloc function, supporting client overriding memory
- *  allocation routines */
-typedef void * (*yajl_malloc_func)(void *ctx, size_t sz);
-
-/** pointer to a free function, supporting client overriding memory
- *  allocation routines */
-typedef void (*yajl_free_func)(void *ctx, void * ptr);
-
-/** pointer to a realloc function which can resize an allocation. */
-typedef void * (*yajl_realloc_func)(void *ctx, void * ptr, size_t sz);
-
-/** A structure which can be passed to yajl_*_alloc routines to allow the
- *  client to specify memory allocation functions to be used. */
-typedef struct
-{
-    /** pointer to a function that can allocate uninitialized memory */
-    yajl_malloc_func malloc;
-    /** pointer to a function that can resize memory allocations */
-    yajl_realloc_func realloc;
-    /** pointer to a function that can free memory allocated using
-     *  reallocFunction or mallocFunction */
-    yajl_free_func free;
-    /** a context pointer that will be passed to above allocation routines */
-    void * ctx;
-} yajl_alloc_funcs;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/third-party/yajl/src/api/yajl_gen.h b/third-party/yajl/src/api/yajl_gen.h
deleted file mode 100644
index ddd152729..000000000
--- a/third-party/yajl/src/api/yajl_gen.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/**
- * \file yajl_gen.h
- * Interface to YAJL's JSON generation facilities.
- */
-
-#include <yajl/yajl_common.h>
-
-#ifndef __YAJL_GEN_H__
-#define __YAJL_GEN_H__
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-    /** generator status codes */
-    typedef enum {
-        /** no error */
-        yajl_gen_status_ok = 0,
-        /** at a point where a map key is generated, a function other than
-         *  yajl_gen_string was called */
-        yajl_gen_keys_must_be_strings,
-        /** YAJL's maximum generation depth was exceeded.  see
-         *  YAJL_MAX_DEPTH */
-        yajl_max_depth_exceeded,
-        /** A generator function (yajl_gen_XXX) was called while in an error
-         *  state */
-        yajl_gen_in_error_state,
-        /** A complete JSON document has been generated */
-        yajl_gen_generation_complete,
-        /** yajl_gen_double was passed an invalid floating point value
-         *  (infinity or NaN). */
-        yajl_gen_invalid_number,
-        /** A print callback was passed in, so there is no internal
-         * buffer to get from */
-        yajl_gen_no_buf,
-        /** returned from yajl_gen_string() when the yajl_gen_validate_utf8
-         *  option is enabled and an invalid was passed by client code.
-         */
-        yajl_gen_invalid_string
-    } yajl_gen_status;
-
-    /** an opaque handle to a generator */
-    typedef struct yajl_gen_t * yajl_gen;
-
-    /** a callback used for "printing" the results. */
-    typedef void (*yajl_print_t)(void * ctx,
-                                 const char * str,
-                                 size_t len);
-
-    /** configuration parameters for the parser, these may be passed to
-     *  yajl_gen_config() along with option specific argument(s).  In general,
-     *  all configuration parameters default to *off*. */
-    typedef enum {
-        /** generate indented (beautiful) output */
-        yajl_gen_beautify = 0x01,
-        /**
-         * Set an indent string which is used when yajl_gen_beautify
-         * is enabled.  Maybe something like \\t or some number of
-         * spaces.  The default is four spaces ' '.
-         */
-        yajl_gen_indent_string = 0x02,
-        /**
-         * Set a function and context argument that should be used to
-         * output generated json.  the function should conform to the
-         * yajl_print_t prototype while the context argument is a
-         * void * of your choosing.
-         *
-         * example:
-         *   yajl_gen_config(g, yajl_gen_print_callback, myFunc, myVoidPtr);
-         */
-        yajl_gen_print_callback = 0x04,
-        /**
-         * Normally the generator does not validate that strings you
-         * pass to it via yajl_gen_string() are valid UTF8.  Enabling
-         * this option will cause it to do so.
-         */
-        yajl_gen_validate_utf8 = 0x08,
-        /**
-         * the forward solidus (slash or '/' in human) is not required to be
-         * escaped in json text.  By default, YAJL will not escape it in the
-         * iterest of saving bytes.  Setting this flag will cause YAJL to
-         * always escape '/' in generated JSON strings.
-         */
-        yajl_gen_escape_solidus = 0x10
-    } yajl_gen_option;
-
-    /** allow the modification of generator options subsequent to handle
-     *  allocation (via yajl_alloc)
-     *  \returns zero in case of errors, non-zero otherwise
-     */
-    YAJL_API int yajl_gen_config(yajl_gen g, yajl_gen_option opt, ...);
-
-    /** allocate a generator handle
-     *  \param allocFuncs an optional pointer to a structure which allows
-     *                    the client to overide the memory allocation
-     *                    used by yajl.  May be NULL, in which case
-     *                    malloc/free/realloc will be used.
-     *
-     *  \returns an allocated handle on success, NULL on failure (bad params)
-     */
-    YAJL_API yajl_gen yajl_gen_alloc(const yajl_alloc_funcs * allocFuncs);
-
-    /** free a generator handle */
-    YAJL_API void yajl_gen_free(yajl_gen handle);
-
-    YAJL_API yajl_gen_status yajl_gen_integer(yajl_gen hand, long long int number);
-    /** generate a floating point number.  number may not be infinity or
-     *  NaN, as these have no representation in JSON.  In these cases the
-     *  generator will return 'yajl_gen_invalid_number' */
-    YAJL_API yajl_gen_status yajl_gen_double(yajl_gen hand, double number);
-    YAJL_API yajl_gen_status yajl_gen_number(yajl_gen hand,
-                                             const char * num,
-                                             size_t len);
-    YAJL_API yajl_gen_status yajl_gen_string(yajl_gen hand,
-                                             const unsigned char * str,
-                                             size_t len);
-    YAJL_API yajl_gen_status yajl_gen_null(yajl_gen hand);
-    YAJL_API yajl_gen_status yajl_gen_bool(yajl_gen hand, int boolean);
-    YAJL_API yajl_gen_status yajl_gen_map_open(yajl_gen hand);
-    YAJL_API yajl_gen_status yajl_gen_map_close(yajl_gen hand);
-    YAJL_API yajl_gen_status yajl_gen_array_open(yajl_gen hand);
-    YAJL_API yajl_gen_status yajl_gen_array_close(yajl_gen hand);
-
-    /** access the null terminated generator buffer.  If incrementally
-     *  outputing JSON, one should call yajl_gen_clear to clear the
-     *  buffer.  This allows stream generation. */
-    YAJL_API yajl_gen_status yajl_gen_get_buf(yajl_gen hand,
-                                              const unsigned char ** buf,
-                                              size_t * len);
-
-    /** clear yajl's output buffer, but maintain all internal generation
-     *  state.  This function will not "reset" the generator state, and is
-     *  intended to enable incremental JSON outputing. */
-    YAJL_API void yajl_gen_clear(yajl_gen hand);
-
-    /** Reset the generator state.  Allows a client to generate multiple
-     *  json entities in a stream. The "sep" string will be inserted to
-     *  separate the previously generated entity from the current,
-     *  NULL means *no separation* of entites (clients beware, generating
-     *  multiple JSON numbers, for instance, will result in inscrutable
-     *  output) */
-    YAJL_API void yajl_gen_reset(yajl_gen hand, const char * sep);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/third-party/yajl/src/api/yajl_parse.h b/third-party/yajl/src/api/yajl_parse.h
deleted file mode 100644
index 1c25a60d5..000000000
--- a/third-party/yajl/src/api/yajl_parse.h
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/**
- * \file yajl_parse.h
- * Interface to YAJL's JSON stream parsing facilities.
- */
-
-#include <yajl/yajl_common.h>
-
-#ifndef __YAJL_PARSE_H__
-#define __YAJL_PARSE_H__
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-    /** error codes returned from this interface */
-    typedef enum {
-        /** no error was encountered */
-        yajl_status_ok,
-        /** a client callback returned zero, stopping the parse */
-        yajl_status_client_canceled,
-        /** An error occured during the parse.  Call yajl_get_error for
-         *  more information about the encountered error */
-        yajl_status_error
-    } yajl_status;
-
-    /** attain a human readable, english, string for an error */
-    YAJL_API const char * yajl_status_to_string(yajl_status code);
-
-    /** an opaque handle to a parser */
-    typedef struct yajl_handle_t * yajl_handle;
-
-    /** yajl is an event driven parser.  this means as json elements are
-     *  parsed, you are called back to do something with the data.  The
-     *  functions in this table indicate the various events for which
-     *  you will be called back.  Each callback accepts a "context"
-     *  pointer, this is a void * that is passed into the yajl_parse
-     *  function which the client code may use to pass around context.
-     *
-     *  All callbacks return an integer.  If non-zero, the parse will
-     *  continue.  If zero, the parse will be canceled and
-     *  yajl_status_client_canceled will be returned from the parse.
-     *
-     *  \attention {
-     *    A note about the handling of numbers:
-     *
-     *    yajl will only convert numbers that can be represented in a
-     *    double or a 64 bit (long long) int.  All other numbers will
-     *    be passed to the client in string form using the yajl_number
-     *    callback.  Furthermore, if yajl_number is not NULL, it will
-     *    always be used to return numbers, that is yajl_integer and
-     *    yajl_double will be ignored.  If yajl_number is NULL but one
-     *    of yajl_integer or yajl_double are defined, parsing of a
-     *    number larger than is representable in a double or 64 bit
-     *    integer will result in a parse error.
-     *  }
-     */
-    typedef struct {
-        int (* yajl_null)(void * ctx);
-        int (* yajl_boolean)(void * ctx, int boolVal);
-        int (* yajl_integer)(void * ctx, long long integerVal);
-        int (* yajl_double)(void * ctx, double doubleVal);
-        /** A callback which passes the string representation of the number
-         *  back to the client.  Will be used for all numbers when present */
-        int (* yajl_number)(void * ctx, const char * numberVal,
-                            size_t numberLen);
-
-        /** strings are returned as pointers into the JSON text when,
-         * possible, as a result, they are _not_ null padded */
-        int (* yajl_string)(void * ctx, const unsigned char * stringVal,
-                            size_t stringLen);
-
-        int (* yajl_start_map)(void * ctx);
-        int (* yajl_map_key)(void * ctx, const unsigned char * key,
-                             size_t stringLen);
-        int (* yajl_end_map)(void * ctx);
-
-        int (* yajl_start_array)(void * ctx);
-        int (* yajl_end_array)(void * ctx);
-    } yajl_callbacks;
-
-    /** allocate a parser handle
-     *  \param callbacks  a yajl callbacks structure specifying the
-     *                    functions to call when different JSON entities
-     *                    are encountered in the input text.  May be NULL,
-     *                    which is only useful for validation.
-     *  \param afs        memory allocation functions, may be NULL for to use
-     *                    C runtime library routines (malloc and friends) 
-     *  \param ctx        a context pointer that will be passed to callbacks.
-     */
-    YAJL_API yajl_handle yajl_alloc(const yajl_callbacks * callbacks,
-                                    yajl_alloc_funcs * afs,
-                                    void * ctx);
-
-
-    /** configuration parameters for the parser, these may be passed to
-     *  yajl_config() along with option specific argument(s).  In general,
-     *  all configuration parameters default to *off*. */
-    typedef enum {
-        /** Ignore javascript style comments present in
-         *  JSON input.  Non-standard, but rather fun
-         *  arguments: toggled off with integer zero, on otherwise.
-         *
-         *  example:
-         *    yajl_config(h, yajl_allow_comments, 1); // turn comment support on
-         */
-        yajl_allow_comments = 0x01,
-        /**
-         * When set the parser will verify that all strings in JSON input are
-         * valid UTF8 and will emit a parse error if this is not so.  When set,
-         * this option makes parsing slightly more expensive (~7% depending
-         * on processor and compiler in use)
-         *
-         * example:
-         *   yajl_config(h, yajl_dont_validate_strings, 1); // disable utf8 checking
-         */
-        yajl_dont_validate_strings     = 0x02,
-        /**
-         * By default, upon calls to yajl_complete_parse(), yajl will
-         * ensure the entire input text was consumed and will raise an error
-         * otherwise.  Enabling this flag will cause yajl to disable this
-         * check.  This can be useful when parsing json out of a that contains more
-         * than a single JSON document.
-         */
-        yajl_allow_trailing_garbage = 0x04,
-        /**
-         * Allow multiple values to be parsed by a single handle.  The
-         * entire text must be valid JSON, and values can be seperated
-         * by any kind of whitespace.  This flag will change the
-         * behavior of the parser, and cause it continue parsing after
-         * a value is parsed, rather than transitioning into a
-         * complete state.  This option can be useful when parsing multiple
-         * values from an input stream.
-         */
-        yajl_allow_multiple_values = 0x08,
-        /**
-         * When yajl_complete_parse() is called the parser will
-         * check that the top level value was completely consumed.  I.E.,
-         * if called whilst in the middle of parsing a value
-         * yajl will enter an error state (premature EOF).  Setting this
-         * flag suppresses that check and the corresponding error.
-         */
-        yajl_allow_partial_values = 0x10
-    } yajl_option;
-
-    /** allow the modification of parser options subsequent to handle
-     *  allocation (via yajl_alloc)
-     *  \returns zero in case of errors, non-zero otherwise
-     */
-    YAJL_API int yajl_config(yajl_handle h, yajl_option opt, ...);
-
-    /** free a parser handle */
-    YAJL_API void yajl_free(yajl_handle handle);
-
-    /** Parse some json!
-     *  \param hand - a handle to the json parser allocated with yajl_alloc
-     *  \param jsonText - a pointer to the UTF8 json text to be parsed
-     *  \param jsonTextLength - the length, in bytes, of input text
-     */
-    YAJL_API yajl_status yajl_parse(yajl_handle hand,
-                                    const unsigned char * jsonText,
-                                    size_t jsonTextLength);
-
-    /** Parse any remaining buffered json.
-     *  Since yajl is a stream-based parser, without an explicit end of
-     *  input, yajl sometimes can't decide if content at the end of the
-     *  stream is valid or not.  For example, if "1" has been fed in,
-     *  yajl can't know whether another digit is next or some character
-     *  that would terminate the integer token.
-     *
-     *  \param hand - a handle to the json parser allocated with yajl_alloc
-     */
-    YAJL_API yajl_status yajl_complete_parse(yajl_handle hand);
-
-    /** get an error string describing the state of the
-     *  parse.
-     *
-     *  If verbose is non-zero, the message will include the JSON
-     *  text where the error occured, along with an arrow pointing to
-     *  the specific char.
-     *
-     *  \returns A dynamically allocated string will be returned which should
-     *  be freed with yajl_free_error
-     */
-    YAJL_API unsigned char * yajl_get_error(yajl_handle hand, int verbose,
-                                            const unsigned char * jsonText,
-                                            size_t jsonTextLength);
-
-    /**
-     * get the amount of data consumed from the last chunk passed to YAJL.
-     *
-     * In the case of a successful parse this can help you understand if
-     * the entire buffer was consumed (which will allow you to handle
-     * "junk at end of input").
-     *
-     * In the event an error is encountered during parsing, this function
-     * affords the client a way to get the offset into the most recent
-     * chunk where the error occured.  0 will be returned if no error
-     * was encountered.
-     */
-    YAJL_API size_t yajl_get_bytes_consumed(yajl_handle hand);
-
-    /** free an error returned from yajl_get_error */
-    YAJL_API void yajl_free_error(yajl_handle hand, unsigned char * str);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/third-party/yajl/src/api/yajl_tree.h b/third-party/yajl/src/api/yajl_tree.h
deleted file mode 100644
index 1c1e06a58..000000000
--- a/third-party/yajl/src/api/yajl_tree.h
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
- * Copyright (c) 2010-2011  Florian Forster  <ff at octo.it>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/**
- * \file yajl_tree.h
- *
- * Parses JSON data and returns the data in tree form.
- *
- * \author Florian Forster
- * \date August 2010
- *
- * This interface makes quick parsing and extraction of
- * smallish JSON docs trivial:
- *
- * \include example/parse_config.c
- */
-
-#ifndef YAJL_TREE_H
-#define YAJL_TREE_H 1
-
-#include <yajl/yajl_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** possible data types that a yajl_val_s can hold */
-typedef enum {
-    yajl_t_string = 1,
-    yajl_t_number = 2,
-    yajl_t_object = 3,
-    yajl_t_array = 4,
-    yajl_t_true = 5,
-    yajl_t_false = 6,
-    yajl_t_null = 7,
-    /** The any type isn't valid for yajl_val_s.type, but can be
-     *  used as an argument to routines like yajl_tree_get().
-     */
-    yajl_t_any = 8
-} yajl_type;
-
-#define YAJL_NUMBER_INT_VALID    0x01
-#define YAJL_NUMBER_DOUBLE_VALID 0x02
-
-/** A pointer to a node in the parse tree */
-typedef struct yajl_val_s * yajl_val;
-
-/**
- * A JSON value representation capable of holding one of the seven
- * types above. For "string", "number", "object", and "array"
- * additional data is available in the union.  The "YAJL_IS_*"
- * and "YAJL_GET_*" macros below allow type checking and convenient
- * value extraction.
- */
-struct yajl_val_s
-{
-    /** Type of the value contained. Use the "YAJL_IS_*" macros to check for a
-     * specific type. */
-    yajl_type type;
-    /** Type-specific data. You may use the "YAJL_GET_*" macros to access these
-     * members. */
-    union
-    {
-        char * string;
-        struct {
-            long long i; /*< integer value, if representable. */
-            double  d;   /*< double value, if representable. */
-            char   *r;   /*< unparsed number in string form. */
-            /** Signals whether the \em i and \em d members are
-             * valid. See \c YAJL_NUMBER_INT_VALID and
-             * \c YAJL_NUMBER_DOUBLE_VALID. */
-            unsigned int flags;
-        } number;
-        struct {
-            const char **keys; /*< Array of keys */
-            yajl_val *values; /*< Array of values. */
-            size_t len; /*< Number of key-value-pairs. */
-        } object;
-        struct {
-            yajl_val *values; /*< Array of elements. */
-            size_t len; /*< Number of elements. */
-        } array;
-    } u;
-};
-
-/**
- * Parse a string.
- *
- * Parses an null-terminated string containing JSON data and returns a pointer
- * to the top-level value (root of the parse tree).
- *
- * \param input              Pointer to a null-terminated utf8 string containing
- *                           JSON data.
- * \param error_buffer       Pointer to a buffer in which an error message will
- *                           be stored if \em yajl_tree_parse fails, or
- *                           \c NULL. The buffer will be initialized before
- *                           parsing, so its content will be destroyed even if
- *                           \em yajl_tree_parse succeeds.
- * \param error_buffer_size  Size of the memory area pointed to by
- *                           \em error_buffer_size. If \em error_buffer_size is
- *                           \c NULL, this argument is ignored.
- *
- * \returns Pointer to the top-level value or \c NULL on error. The memory
- * pointed to must be freed using \em yajl_tree_free. In case of an error, a
- * null terminated message describing the error in more detail is stored in
- * \em error_buffer if it is not \c NULL.
- */
-YAJL_API yajl_val yajl_tree_parse (const char *input,
-                                   char *error_buffer, size_t error_buffer_size);
-
-
-/**
- * Free a parse tree returned by "yajl_tree_parse".
- *
- * \param v Pointer to a JSON value returned by "yajl_tree_parse". Passing NULL
- * is valid and results in a no-op.
- */
-YAJL_API void yajl_tree_free (yajl_val v);
-
-/**
- * Access a nested value inside a tree.
- *
- * \param parent the node under which you'd like to extract values.
- * \param path A null terminated array of strings, each the name of an object key
- * \param type the yajl_type of the object you seek, or yajl_t_any if any will do.
- *
- * \returns a pointer to the found value, or NULL if we came up empty.
- *
- * Future Ideas:  it'd be nice to move path to a string and implement support for
- * a teeny tiny micro language here, so you can extract array elements, do things
- * like .first and .last, even .length.  Inspiration from JSONPath and css selectors?
- * No it wouldn't be fast, but that's not what this API is about.
- */
-YAJL_API yajl_val yajl_tree_get(yajl_val parent, const char ** path, yajl_type type);
-
-/* Various convenience macros to check the type of a `yajl_val` */
-#define YAJL_IS_STRING(v) (((v) != NULL) && ((v)->type == yajl_t_string))
-#define YAJL_IS_NUMBER(v) (((v) != NULL) && ((v)->type == yajl_t_number))
-#define YAJL_IS_INTEGER(v) (YAJL_IS_NUMBER(v) && ((v)->u.number.flags & YAJL_NUMBER_INT_VALID))
-#define YAJL_IS_DOUBLE(v) (YAJL_IS_NUMBER(v) && ((v)->u.number.flags & YAJL_NUMBER_DOUBLE_VALID))
-#define YAJL_IS_OBJECT(v) (((v) != NULL) && ((v)->type == yajl_t_object))
-#define YAJL_IS_ARRAY(v)  (((v) != NULL) && ((v)->type == yajl_t_array ))
-#define YAJL_IS_TRUE(v)   (((v) != NULL) && ((v)->type == yajl_t_true  ))
-#define YAJL_IS_FALSE(v)  (((v) != NULL) && ((v)->type == yajl_t_false ))
-#define YAJL_IS_NULL(v)   (((v) != NULL) && ((v)->type == yajl_t_null  ))
-
-/** Given a yajl_val_string return a ptr to the bare string it contains,
- *  or NULL if the value is not a string. */
-#define YAJL_GET_STRING(v) (YAJL_IS_STRING(v) ? (v)->u.string : NULL)
-
-/** Get the string representation of a number.  You should check type first,
- *  perhaps using YAJL_IS_NUMBER */
-#define YAJL_GET_NUMBER(v) ((v)->u.number.r)
-
-/** Get the double representation of a number.  You should check type first,
- *  perhaps using YAJL_IS_DOUBLE */
-#define YAJL_GET_DOUBLE(v) ((v)->u.number.d)
-
-/** Get the 64bit (long long) integer representation of a number.  You should
- *  check type first, perhaps using YAJL_IS_INTEGER */
-#define YAJL_GET_INTEGER(v) ((v)->u.number.i)
-
-/** Get a pointer to a yajl_val_object or NULL if the value is not an object. */
-#define YAJL_GET_OBJECT(v) (YAJL_IS_OBJECT(v) ? &(v)->u.object : NULL)
-
-/** Get a pointer to a yajl_val_array or NULL if the value is not an object. */
-#define YAJL_GET_ARRAY(v)  (YAJL_IS_ARRAY(v)  ? &(v)->u.array  : NULL)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* YAJL_TREE_H */
diff --git a/third-party/yajl/src/api/yajl_version.h.cmake b/third-party/yajl/src/api/yajl_version.h.cmake
deleted file mode 100644
index 4262ff71f..000000000
--- a/third-party/yajl/src/api/yajl_version.h.cmake
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef YAJL_VERSION_H_
-#define YAJL_VERSION_H_
-
-#include <yajl/yajl_common.h>
-
-#define YAJL_MAJOR ${YAJL_MAJOR}
-#define YAJL_MINOR ${YAJL_MINOR}
-#define YAJL_MICRO ${YAJL_MICRO}
-
-#define YAJL_VERSION ((YAJL_MAJOR * 10000) + (YAJL_MINOR * 100) + YAJL_MICRO)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern int YAJL_API yajl_version(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* YAJL_VERSION_H_ */
-
diff --git a/third-party/yajl/src/yajl.c b/third-party/yajl/src/yajl.c
deleted file mode 100644
index d477893f1..000000000
--- a/third-party/yajl/src/yajl.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "api/yajl_parse.h"
-#include "yajl_lex.h"
-#include "yajl_parser.h"
-#include "yajl_alloc.h"
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <assert.h>
-
-const char *
-yajl_status_to_string(yajl_status stat)
-{
-    const char * statStr = "unknown";
-    switch (stat) {
-        case yajl_status_ok:
-            statStr = "ok, no error";
-            break;
-        case yajl_status_client_canceled:
-            statStr = "client canceled parse";
-            break;
-        case yajl_status_error:
-            statStr = "parse error";
-            break;
-    }
-    return statStr;
-}
-
-yajl_handle
-yajl_alloc(const yajl_callbacks * callbacks,
-           yajl_alloc_funcs * afs,
-           void * ctx)
-{
-    yajl_handle hand = NULL;
-    yajl_alloc_funcs afsBuffer;
-
-    /* first order of business is to set up memory allocation routines */
-    if (afs != NULL) {
-        if (afs->malloc == NULL || afs->realloc == NULL || afs->free == NULL)
-        {
-            return NULL;
-        }
-    } else {
-        yajl_set_default_alloc_funcs(&afsBuffer);
-        afs = &afsBuffer;
-    }
-
-    hand = (yajl_handle) YA_MALLOC(afs, sizeof(struct yajl_handle_t));
-
-    /* copy in pointers to allocation routines */
-    memcpy((void *) &(hand->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
-
-    hand->callbacks = callbacks;
-    hand->ctx = ctx;
-    hand->lexer = NULL; 
-    hand->bytesConsumed = 0;
-    hand->decodeBuf = yajl_buf_alloc(&(hand->alloc));
-    hand->flags	    = 0;
-    yajl_bs_init(hand->stateStack, &(hand->alloc));
-    yajl_bs_push(hand->stateStack, yajl_state_start);
-
-    return hand;
-}
-
-int
-yajl_config(yajl_handle h, yajl_option opt, ...)
-{
-    int rv = 1;
-    va_list ap;
-    va_start(ap, opt);
-
-    switch(opt) {
-        case yajl_allow_comments:
-        case yajl_dont_validate_strings:
-        case yajl_allow_trailing_garbage:
-        case yajl_allow_multiple_values:
-        case yajl_allow_partial_values:
-            if (va_arg(ap, int)) h->flags |= opt;
-            else h->flags &= ~opt;
-            break;
-        default:
-            rv = 0;
-    }
-    va_end(ap);
-
-    return rv;
-}
-
-void
-yajl_free(yajl_handle handle)
-{
-    yajl_bs_free(handle->stateStack);
-    yajl_buf_free(handle->decodeBuf);
-    if (handle->lexer) {
-        yajl_lex_free(handle->lexer);
-        handle->lexer = NULL;
-    }
-    YA_FREE(&(handle->alloc), handle);
-}
-
-yajl_status
-yajl_parse(yajl_handle hand, const unsigned char * jsonText,
-           size_t jsonTextLen)
-{
-    yajl_status status;
-
-    /* lazy allocation of the lexer */
-    if (hand->lexer == NULL) {
-        hand->lexer = yajl_lex_alloc(&(hand->alloc),
-                                     hand->flags & yajl_allow_comments,
-                                     !(hand->flags & yajl_dont_validate_strings));
-    }
-
-    status = yajl_do_parse(hand, jsonText, jsonTextLen);
-    return status;
-}
-
-
-yajl_status
-yajl_complete_parse(yajl_handle hand)
-{
-    /* The lexer is lazy allocated in the first call to parse.  if parse is
-     * never called, then no data was provided to parse at all.  This is a
-     * "premature EOF" error unless yajl_allow_partial_values is specified.
-     * allocating the lexer now is the simplest possible way to handle this
-     * case while preserving all the other semantics of the parser
-     * (multiple values, partial values, etc). */
-    if (hand->lexer == NULL) {
-        hand->lexer = yajl_lex_alloc(&(hand->alloc),
-                                     hand->flags & yajl_allow_comments,
-                                     !(hand->flags & yajl_dont_validate_strings));
-    }
-
-    return yajl_do_finish(hand);
-}
-
-unsigned char *
-yajl_get_error(yajl_handle hand, int verbose,
-               const unsigned char * jsonText, size_t jsonTextLen)
-{
-    return yajl_render_error_string(hand, jsonText, jsonTextLen, verbose);
-}
-
-size_t
-yajl_get_bytes_consumed(yajl_handle hand)
-{
-    if (!hand) return 0;
-    else return hand->bytesConsumed;
-}
-
-
-void
-yajl_free_error(yajl_handle hand, unsigned char * str)
-{
-    /* use memory allocation functions if set */
-    YA_FREE(&(hand->alloc), str);
-}
-
-/* XXX: add utility routines to parse from file */
diff --git a/third-party/yajl/src/yajl_alloc.c b/third-party/yajl/src/yajl_alloc.c
deleted file mode 100644
index 96ad1d330..000000000
--- a/third-party/yajl/src/yajl_alloc.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/**
- * \file yajl_alloc.h
- * default memory allocation routines for yajl which use malloc/realloc and
- * free
- */
-
-#include "yajl_alloc.h"
-#include <stdlib.h>
-
-static void * yajl_internal_malloc(void *ctx, size_t sz)
-{
-    (void)ctx;
-    return malloc(sz);
-}
-
-static void * yajl_internal_realloc(void *ctx, void * previous,
-                                    size_t sz)
-{
-    (void)ctx;
-    return realloc(previous, sz);
-}
-
-static void yajl_internal_free(void *ctx, void * ptr)
-{
-    (void)ctx;
-    free(ptr);
-}
-
-void yajl_set_default_alloc_funcs(yajl_alloc_funcs * yaf)
-{
-    yaf->malloc = yajl_internal_malloc;
-    yaf->free = yajl_internal_free;
-    yaf->realloc = yajl_internal_realloc;
-    yaf->ctx = NULL;
-}
-
diff --git a/third-party/yajl/src/yajl_alloc.h b/third-party/yajl/src/yajl_alloc.h
deleted file mode 100644
index 203c2f97b..000000000
--- a/third-party/yajl/src/yajl_alloc.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/**
- * \file yajl_alloc.h
- * default memory allocation routines for yajl which use malloc/realloc and
- * free
- */
-
-#ifndef __YAJL_ALLOC_H__
-#define __YAJL_ALLOC_H__
-
-#include "api/yajl_common.h"
-
-#define YA_MALLOC(afs, sz) (afs)->malloc((afs)->ctx, (sz))
-#define YA_FREE(afs, ptr) (afs)->free((afs)->ctx, (ptr))
-#define YA_REALLOC(afs, ptr, sz) (afs)->realloc((afs)->ctx, (ptr), (sz))
-
-void yajl_set_default_alloc_funcs(yajl_alloc_funcs * yaf);
-
-#endif
diff --git a/third-party/yajl/src/yajl_buf.c b/third-party/yajl/src/yajl_buf.c
deleted file mode 100644
index 1aeafde08..000000000
--- a/third-party/yajl/src/yajl_buf.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "yajl_buf.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define YAJL_BUF_INIT_SIZE 2048
-
-struct yajl_buf_t {
-    size_t len;
-    size_t used;
-    unsigned char * data;
-    yajl_alloc_funcs * alloc;
-};
-
-static
-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
-{
-    size_t need;
-    
-    assert(buf != NULL);
-
-    /* first call */
-    if (buf->data == NULL) {
-        buf->len = YAJL_BUF_INIT_SIZE;
-        buf->data = (unsigned char *) YA_MALLOC(buf->alloc, buf->len);
-        buf->data[0] = 0;
-    }
-
-    need = buf->len;
-
-    while (want >= (need - buf->used)) need <<= 1;
-
-    if (need != buf->len) {
-        buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
-        buf->len = need;
-    }
-}
-
-yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
-{
-    yajl_buf b = YA_MALLOC(alloc, sizeof(struct yajl_buf_t));
-    memset((void *) b, 0, sizeof(struct yajl_buf_t));
-    b->alloc = alloc;
-    return b;
-}
-
-void yajl_buf_free(yajl_buf buf)
-{
-    assert(buf != NULL);
-    if (buf->data) YA_FREE(buf->alloc, buf->data);
-    YA_FREE(buf->alloc, buf);
-}
-
-void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
-{
-    yajl_buf_ensure_available(buf, len);
-    if (len > 0) {
-        assert(data != NULL);
-        memcpy(buf->data + buf->used, data, len);
-        buf->used += len;
-        buf->data[buf->used] = 0;
-    }
-}
-
-void yajl_buf_clear(yajl_buf buf)
-{
-    buf->used = 0;
-    if (buf->data) buf->data[buf->used] = 0;
-}
-
-const unsigned char * yajl_buf_data(yajl_buf buf)
-{
-    return buf->data;
-}
-
-size_t yajl_buf_len(yajl_buf buf)
-{
-    return buf->used;
-}
-
-void
-yajl_buf_truncate(yajl_buf buf, size_t len)
-{
-    assert(len <= buf->used);
-    buf->used = len;
-}
diff --git a/third-party/yajl/src/yajl_buf.h b/third-party/yajl/src/yajl_buf.h
deleted file mode 100644
index a35824630..000000000
--- a/third-party/yajl/src/yajl_buf.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef __YAJL_BUF_H__
-#define __YAJL_BUF_H__
-
-#include "api/yajl_common.h"
-#include "yajl_alloc.h"
-
-/*
- * Implementation/performance notes.  If this were moved to a header
- * only implementation using #define's where possible we might be 
- * able to sqeeze a little performance out of the guy by killing function
- * call overhead.  YMMV.
- */
-
-/**
- * yajl_buf is a buffer with exponential growth.  the buffer ensures that
- * you are always null padded.
- */
-typedef struct yajl_buf_t * yajl_buf;
-
-/* allocate a new buffer */
-yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc);
-
-/* free the buffer */
-void yajl_buf_free(yajl_buf buf);
-
-/* append a number of bytes to the buffer */
-void yajl_buf_append(yajl_buf buf, const void * data, size_t len);
-
-/* empty the buffer */
-void yajl_buf_clear(yajl_buf buf);
-
-/* get a pointer to the beginning of the buffer */
-const unsigned char * yajl_buf_data(yajl_buf buf);
-
-/* get the length of the buffer */
-size_t yajl_buf_len(yajl_buf buf);
-
-/* truncate the buffer */
-void yajl_buf_truncate(yajl_buf buf, size_t len);
-
-#endif
diff --git a/third-party/yajl/src/yajl_bytestack.h b/third-party/yajl/src/yajl_bytestack.h
deleted file mode 100644
index 9ea7d151e..000000000
--- a/third-party/yajl/src/yajl_bytestack.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * A header only implementation of a simple stack of bytes, used in YAJL
- * to maintain parse state.
- */
-
-#ifndef __YAJL_BYTESTACK_H__
-#define __YAJL_BYTESTACK_H__
-
-#include "api/yajl_common.h"
-
-#define YAJL_BS_INC 128
-
-typedef struct yajl_bytestack_t
-{
-    unsigned char * stack;
-    size_t size;
-    size_t used;
-    yajl_alloc_funcs * yaf;
-} yajl_bytestack;
-
-/* initialize a bytestack */
-#define yajl_bs_init(obs, _yaf) {               \
-        (obs).stack = NULL;                     \
-        (obs).size = 0;                         \
-        (obs).used = 0;                         \
-        (obs).yaf = (_yaf);                     \
-    }                                           \
-
-
-/* initialize a bytestack */
-#define yajl_bs_free(obs)                 \
-    if ((obs).stack) (obs).yaf->free((obs).yaf->ctx, (obs).stack);
-
-#define yajl_bs_current(obs)               \
-    (assert((obs).used > 0), (obs).stack[(obs).used - 1])
-
-#define yajl_bs_push(obs, byte) {                       \
-    if (((obs).size - (obs).used) == 0) {               \
-        (obs).size += YAJL_BS_INC;                      \
-        (obs).stack = (obs).yaf->realloc((obs).yaf->ctx,\
-                                         (void *) (obs).stack, (obs).size);\
-    }                                                   \
-    (obs).stack[((obs).used)++] = (byte);               \
-}
-
-/* removes the top item of the stack, returns nothing */
-#define yajl_bs_pop(obs) { ((obs).used)--; }
-
-#define yajl_bs_set(obs, byte)                          \
-    (obs).stack[((obs).used) - 1] = (byte);
-
-
-#endif
diff --git a/third-party/yajl/src/yajl_encode.c b/third-party/yajl/src/yajl_encode.c
deleted file mode 100644
index fd0825818..000000000
--- a/third-party/yajl/src/yajl_encode.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "yajl_encode.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-static void CharToHex(unsigned char c, char * hexBuf)
-{
-    const char * hexchar = "0123456789ABCDEF";
-    hexBuf[0] = hexchar[c >> 4];
-    hexBuf[1] = hexchar[c & 0x0F];
-}
-
-void
-yajl_string_encode(const yajl_print_t print,
-                   void * ctx,
-                   const unsigned char * str,
-                   size_t len,
-                   int escape_solidus)
-{
-    size_t beg = 0;
-    size_t end = 0;
-    char hexBuf[7];
-    hexBuf[0] = '\\'; hexBuf[1] = 'u'; hexBuf[2] = '0'; hexBuf[3] = '0';
-    hexBuf[6] = 0;
-
-    while (end < len) {
-        const char * escaped = NULL;
-        switch (str[end]) {
-            case '\r': escaped = "\\r"; break;
-            case '\n': escaped = "\\n"; break;
-            case '\\': escaped = "\\\\"; break;
-            /* it is not required to escape a solidus in JSON:
-             * read sec. 2.5: http://www.ietf.org/rfc/rfc4627.txt
-             * specifically, this production from the grammar:
-             *   unescaped = %x20-21 / %x23-5B / %x5D-10FFFF
-             */
-            case '/': if (escape_solidus) escaped = "\\/"; break;
-            case '"': escaped = "\\\""; break;
-            case '\f': escaped = "\\f"; break;
-            case '\b': escaped = "\\b"; break;
-            case '\t': escaped = "\\t"; break;
-            default:
-                if ((unsigned char) str[end] < 32) {
-                    CharToHex(str[end], hexBuf + 4);
-                    escaped = hexBuf;
-                }
-                break;
-        }
-        if (escaped != NULL) {
-            print(ctx, (const char *) (str + beg), end - beg);
-            print(ctx, escaped, (unsigned int)strlen(escaped));
-            beg = ++end;
-        } else {
-            ++end;
-        }
-    }
-    print(ctx, (const char *) (str + beg), end - beg);
-}
-
-static void hexToDigit(unsigned int * val, const unsigned char * hex)
-{
-    unsigned int i;
-    for (i=0;i<4;i++) {
-        unsigned char c = hex[i];
-        if (c >= 'A') c = (c & ~0x20) - 7;
-        c -= '0';
-        assert(!(c & 0xF0));
-        *val = (*val << 4) | c;
-    }
-}
-
-static void Utf32toUtf8(unsigned int codepoint, char * utf8Buf) 
-{
-    if (codepoint < 0x80) {
-        utf8Buf[0] = (char) codepoint;
-        utf8Buf[1] = 0;
-    } else if (codepoint < 0x0800) {
-        utf8Buf[0] = (char) ((codepoint >> 6) | 0xC0);
-        utf8Buf[1] = (char) ((codepoint & 0x3F) | 0x80);
-        utf8Buf[2] = 0;
-    } else if (codepoint < 0x10000) {
-        utf8Buf[0] = (char) ((codepoint >> 12) | 0xE0);
-        utf8Buf[1] = (char) (((codepoint >> 6) & 0x3F) | 0x80);
-        utf8Buf[2] = (char) ((codepoint & 0x3F) | 0x80);
-        utf8Buf[3] = 0;
-    } else if (codepoint < 0x200000) {
-        utf8Buf[0] =(char)((codepoint >> 18) | 0xF0);
-        utf8Buf[1] =(char)(((codepoint >> 12) & 0x3F) | 0x80);
-        utf8Buf[2] =(char)(((codepoint >> 6) & 0x3F) | 0x80);
-        utf8Buf[3] =(char)((codepoint & 0x3F) | 0x80);
-        utf8Buf[4] = 0;
-    } else {
-        utf8Buf[0] = '?';
-        utf8Buf[1] = 0;
-    }
-}
-
-void yajl_string_decode(yajl_buf buf, const unsigned char * str,
-                        size_t len)
-{
-    size_t beg = 0;
-    size_t end = 0;    
-
-    while (end < len) {
-        if (str[end] == '\\') {
-            char utf8Buf[5];
-            const char * unescaped = "?";
-            yajl_buf_append(buf, str + beg, end - beg);
-            switch (str[++end]) {
-                case 'r': unescaped = "\r"; break;
-                case 'n': unescaped = "\n"; break;
-                case '\\': unescaped = "\\"; break;
-                case '/': unescaped = "/"; break;
-                case '"': unescaped = "\""; break;
-                case 'f': unescaped = "\f"; break;
-                case 'b': unescaped = "\b"; break;
-                case 't': unescaped = "\t"; break;
-                case 'u': {
-                    unsigned int codepoint = 0;
-                    hexToDigit(&codepoint, str + ++end);
-                    end+=3;
-                    /* check if this is a surrogate */
-                    if ((codepoint & 0xFC00) == 0xD800) {
-                        end++;
-                        if (str[end] == '\\' && str[end + 1] == 'u') {
-                            unsigned int surrogate = 0;
-                            hexToDigit(&surrogate, str + end + 2);
-                            codepoint =
-                                (((codepoint & 0x3F) << 10) | 
-                                 ((((codepoint >> 6) & 0xF) + 1) << 16) | 
-                                 (surrogate & 0x3FF));
-                            end += 5;
-                        } else {
-                            unescaped = "?";
-                            break;
-                        }
-                    }
-                    
-                    Utf32toUtf8(codepoint, utf8Buf);
-                    unescaped = utf8Buf;
-
-                    if (codepoint == 0) {
-                        yajl_buf_append(buf, unescaped, 1);
-                        beg = ++end;
-                        continue;
-                    }
-
-                    break;
-                }
-                default:
-                    assert("this should never happen" == NULL);
-            }
-            yajl_buf_append(buf, unescaped, (unsigned int)strlen(unescaped));
-            beg = ++end;
-        } else {
-            end++;
-        }
-    }
-    yajl_buf_append(buf, str + beg, end - beg);
-}
-
-#define ADV_PTR s++; if (!(len--)) return 0;
-
-int yajl_string_validate_utf8(const unsigned char * s, size_t len)
-{
-    if (!len) return 1;
-    if (!s) return 0;
-    
-    while (len--) {
-        /* single byte */
-        if (*s <= 0x7f) {
-            /* noop */
-        }
-        /* two byte */ 
-        else if ((*s >> 5) == 0x6) {
-            ADV_PTR;
-            if (!((*s >> 6) == 0x2)) return 0;
-        }
-        /* three byte */
-        else if ((*s >> 4) == 0x0e) {
-            ADV_PTR;
-            if (!((*s >> 6) == 0x2)) return 0;
-            ADV_PTR;
-            if (!((*s >> 6) == 0x2)) return 0;
-        }
-        /* four byte */        
-        else if ((*s >> 3) == 0x1e) {
-            ADV_PTR;
-            if (!((*s >> 6) == 0x2)) return 0;
-            ADV_PTR;
-            if (!((*s >> 6) == 0x2)) return 0;
-            ADV_PTR;
-            if (!((*s >> 6) == 0x2)) return 0;
-        } else {
-            return 0;
-        }
-        
-        s++;
-    }
-    
-    return 1;
-}
diff --git a/third-party/yajl/src/yajl_encode.h b/third-party/yajl/src/yajl_encode.h
deleted file mode 100644
index 853a1a701..000000000
--- a/third-party/yajl/src/yajl_encode.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef __YAJL_ENCODE_H__
-#define __YAJL_ENCODE_H__
-
-#include "yajl_buf.h"
-#include "api/yajl_gen.h"
-
-void yajl_string_encode(const yajl_print_t printer,
-                        void * ctx,
-                        const unsigned char * str,
-                        size_t length,
-                        int escape_solidus);
-
-void yajl_string_decode(yajl_buf buf, const unsigned char * str,
-                        size_t length);
-
-int yajl_string_validate_utf8(const unsigned char * s, size_t len);
-
-#endif
diff --git a/third-party/yajl/src/yajl_gen.c b/third-party/yajl/src/yajl_gen.c
deleted file mode 100644
index 0f5c68e87..000000000
--- a/third-party/yajl/src/yajl_gen.c
+++ /dev/null
@@ -1,362 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "api/yajl_gen.h"
-#include "yajl_buf.h"
-#include "yajl_encode.h"
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <math.h>
-#include <stdarg.h>
-
-typedef enum {
-    yajl_gen_start,
-    yajl_gen_map_start,
-    yajl_gen_map_key,
-    yajl_gen_map_val,
-    yajl_gen_array_start,
-    yajl_gen_in_array,
-    yajl_gen_complete,
-    yajl_gen_error
-} yajl_gen_state;
-
-struct yajl_gen_t
-{
-    unsigned int flags;
-    unsigned int depth;
-    const char * indentString;
-    yajl_gen_state state[YAJL_MAX_DEPTH];
-    yajl_print_t print;
-    void * ctx; /* yajl_buf */
-    /* memory allocation routines */
-    yajl_alloc_funcs alloc;
-};
-
-int
-yajl_gen_config(yajl_gen g, yajl_gen_option opt, ...)
-{
-    int rv = 1;
-    va_list ap;
-    va_start(ap, opt);
-
-    switch(opt) {
-        case yajl_gen_beautify:
-        case yajl_gen_validate_utf8:
-        case yajl_gen_escape_solidus:
-            if (va_arg(ap, int)) g->flags |= opt;
-            else g->flags &= ~opt;
-            break;
-        case yajl_gen_indent_string: {
-            const char *indent = va_arg(ap, const char *);
-            g->indentString = indent;
-            for (; *indent; indent++) {
-                if (*indent != '\n'
-                    && *indent != '\v'
-                    && *indent != '\f'
-                    && *indent != '\t'
-                    && *indent != '\r'
-                    && *indent != ' ')
-                {
-                    g->indentString = NULL;
-                    rv = 0;
-                }
-            }
-            break;
-        }
-        case yajl_gen_print_callback:
-            yajl_buf_free(g->ctx);
-            g->print = va_arg(ap, const yajl_print_t);
-            g->ctx = va_arg(ap, void *);
-            break;
-        default:
-            rv = 0;
-    }
-
-    va_end(ap);
-
-    return rv;
-}
-
-
-
-yajl_gen
-yajl_gen_alloc(const yajl_alloc_funcs * afs)
-{
-    yajl_gen g = NULL;
-    yajl_alloc_funcs afsBuffer;
-
-    /* first order of business is to set up memory allocation routines */
-    if (afs != NULL) {
-        if (afs->malloc == NULL || afs->realloc == NULL || afs->free == NULL)
-        {
-            return NULL;
-        }
-    } else {
-        yajl_set_default_alloc_funcs(&afsBuffer);
-        afs = &afsBuffer;
-    }
-
-    g = (yajl_gen) YA_MALLOC(afs, sizeof(struct yajl_gen_t));
-    if (!g) return NULL;
-
-    memset((void *) g, 0, sizeof(struct yajl_gen_t));
-    /* copy in pointers to allocation routines */
-    memcpy((void *) &(g->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
-
-    g->print = (yajl_print_t)&yajl_buf_append;
-    g->ctx = yajl_buf_alloc(&(g->alloc));
-    g->indentString = "    ";
-
-    return g;
-}
-
-void
-yajl_gen_reset(yajl_gen g, const char * sep)
-{
-    g->depth = 0;
-    memset((void *) &(g->state), 0, sizeof(g->state));
-    if (sep != NULL) g->print(g->ctx, sep, strlen(sep));
-}
-
-void
-yajl_gen_free(yajl_gen g)
-{
-    if (g->print == (yajl_print_t)&yajl_buf_append) yajl_buf_free((yajl_buf)g->ctx);
-    YA_FREE(&(g->alloc), g);
-}
-
-#define INSERT_SEP \
-    if (g->state[g->depth] == yajl_gen_map_key ||               \
-        g->state[g->depth] == yajl_gen_in_array) {              \
-        g->print(g->ctx, ",", 1);                               \
-        if ((g->flags & yajl_gen_beautify)) g->print(g->ctx, "\n", 1);               \
-    } else if (g->state[g->depth] == yajl_gen_map_val) {        \
-        g->print(g->ctx, ":", 1);                               \
-        if ((g->flags & yajl_gen_beautify)) g->print(g->ctx, " ", 1);                \
-   }
-
-#define INSERT_WHITESPACE                                               \
-    if ((g->flags & yajl_gen_beautify)) {                                                    \
-        if (g->state[g->depth] != yajl_gen_map_val) {                   \
-            unsigned int _i;                                            \
-            for (_i=0;_i<g->depth;_i++)                                 \
-                g->print(g->ctx,                                        \
-                         g->indentString,                               \
-                         (unsigned int)strlen(g->indentString));        \
-        }                                                               \
-    }
-
-#define ENSURE_NOT_KEY \
-    if (g->state[g->depth] == yajl_gen_map_key ||       \
-        g->state[g->depth] == yajl_gen_map_start)  {    \
-        return yajl_gen_keys_must_be_strings;           \
-    }                                                   \
-
-/* check that we're not complete, or in error state.  in a valid state
- * to be generating */
-#define ENSURE_VALID_STATE \
-    if (g->state[g->depth] == yajl_gen_error) {   \
-        return yajl_gen_in_error_state;\
-    } else if (g->state[g->depth] == yajl_gen_complete) {   \
-        return yajl_gen_generation_complete;                \
-    }
-
-#define INCREMENT_DEPTH \
-    if (++(g->depth) >= YAJL_MAX_DEPTH) return yajl_max_depth_exceeded;
-
-#define DECREMENT_DEPTH \
-  if (--(g->depth) >= YAJL_MAX_DEPTH) return yajl_gen_generation_complete;
-
-#define APPENDED_ATOM \
-    switch (g->state[g->depth]) {                   \
-        case yajl_gen_start:                        \
-            g->state[g->depth] = yajl_gen_complete; \
-            break;                                  \
-        case yajl_gen_map_start:                    \
-        case yajl_gen_map_key:                      \
-            g->state[g->depth] = yajl_gen_map_val;  \
-            break;                                  \
-        case yajl_gen_array_start:                  \
-            g->state[g->depth] = yajl_gen_in_array; \
-            break;                                  \
-        case yajl_gen_map_val:                      \
-            g->state[g->depth] = yajl_gen_map_key;  \
-            break;                                  \
-        default:                                    \
-            break;                                  \
-    }                                               \
-
-#define FINAL_NEWLINE                                        \
-    if ((g->flags & yajl_gen_beautify) && g->state[g->depth] == yajl_gen_complete) \
-        g->print(g->ctx, "\n", 1);
-
-yajl_gen_status
-yajl_gen_integer(yajl_gen g, long long int number)
-{
-    char i[32];
-    ENSURE_VALID_STATE; ENSURE_NOT_KEY; INSERT_SEP; INSERT_WHITESPACE;
-    sprintf(i, "%lld", number);
-    g->print(g->ctx, i, (unsigned int)strlen(i));
-    APPENDED_ATOM;
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-#if defined(_WIN32) || defined(WIN32)
-#include <float.h>
-#define isnan _isnan
-#define isinf !_finite
-#endif
-
-yajl_gen_status
-yajl_gen_double(yajl_gen g, double number)
-{
-    char i[32];
-    ENSURE_VALID_STATE; ENSURE_NOT_KEY;
-    if (isnan(number) || isinf(number)) return yajl_gen_invalid_number;
-    INSERT_SEP; INSERT_WHITESPACE;
-    sprintf(i, "%.20g", number);
-    if (strspn(i, "0123456789-") == strlen(i)) {
-        strcat(i, ".0");
-    }
-    g->print(g->ctx, i, (unsigned int)strlen(i));
-    APPENDED_ATOM;
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_number(yajl_gen g, const char * s, size_t l)
-{
-    ENSURE_VALID_STATE; ENSURE_NOT_KEY; INSERT_SEP; INSERT_WHITESPACE;
-    g->print(g->ctx, s, l);
-    APPENDED_ATOM;
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_string(yajl_gen g, const unsigned char * str,
-                size_t len)
-{
-    // if validation is enabled, check that the string is valid utf8
-    // XXX: This checking could be done a little faster, in the same pass as
-    // the string encoding
-    if (g->flags & yajl_gen_validate_utf8) {
-        if (!yajl_string_validate_utf8(str, len)) {
-            return yajl_gen_invalid_string;
-        }
-    }
-    ENSURE_VALID_STATE; INSERT_SEP; INSERT_WHITESPACE;
-    g->print(g->ctx, "\"", 1);
-    yajl_string_encode(g->print, g->ctx, str, len, g->flags & yajl_gen_escape_solidus);
-    g->print(g->ctx, "\"", 1);
-    APPENDED_ATOM;
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_null(yajl_gen g)
-{
-    ENSURE_VALID_STATE; ENSURE_NOT_KEY; INSERT_SEP; INSERT_WHITESPACE;
-    g->print(g->ctx, "null", strlen("null"));
-    APPENDED_ATOM;
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_bool(yajl_gen g, int boolean)
-{
-    const char * val = boolean ? "true" : "false";
-
-	ENSURE_VALID_STATE; ENSURE_NOT_KEY; INSERT_SEP; INSERT_WHITESPACE;
-    g->print(g->ctx, val, (unsigned int)strlen(val));
-    APPENDED_ATOM;
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_map_open(yajl_gen g)
-{
-    ENSURE_VALID_STATE; ENSURE_NOT_KEY; INSERT_SEP; INSERT_WHITESPACE;
-    INCREMENT_DEPTH;
-
-    g->state[g->depth] = yajl_gen_map_start;
-    g->print(g->ctx, "{", 1);
-    if ((g->flags & yajl_gen_beautify)) g->print(g->ctx, "\n", 1);
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_map_close(yajl_gen g)
-{
-    ENSURE_VALID_STATE;
-    DECREMENT_DEPTH;
-
-    if ((g->flags & yajl_gen_beautify)) g->print(g->ctx, "\n", 1);
-    APPENDED_ATOM;
-    INSERT_WHITESPACE;
-    g->print(g->ctx, "}", 1);
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_array_open(yajl_gen g)
-{
-    ENSURE_VALID_STATE; ENSURE_NOT_KEY; INSERT_SEP; INSERT_WHITESPACE;
-    INCREMENT_DEPTH;
-    g->state[g->depth] = yajl_gen_array_start;
-    g->print(g->ctx, "[", 1);
-    if ((g->flags & yajl_gen_beautify)) g->print(g->ctx, "\n", 1);
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_array_close(yajl_gen g)
-{
-    ENSURE_VALID_STATE;
-    DECREMENT_DEPTH;
-    if ((g->flags & yajl_gen_beautify)) g->print(g->ctx, "\n", 1);
-    APPENDED_ATOM;
-    INSERT_WHITESPACE;
-    g->print(g->ctx, "]", 1);
-    FINAL_NEWLINE;
-    return yajl_gen_status_ok;
-}
-
-yajl_gen_status
-yajl_gen_get_buf(yajl_gen g, const unsigned char ** buf,
-                 size_t * len)
-{
-    if (g->print != (yajl_print_t)&yajl_buf_append) return yajl_gen_no_buf;
-    *buf = yajl_buf_data((yajl_buf)g->ctx);
-    *len = yajl_buf_len((yajl_buf)g->ctx);
-    return yajl_gen_status_ok;
-}
-
-void
-yajl_gen_clear(yajl_gen g)
-{
-    if (g->print == (yajl_print_t)&yajl_buf_append) yajl_buf_clear((yajl_buf)g->ctx);
-}
diff --git a/third-party/yajl/src/yajl_lex.c b/third-party/yajl/src/yajl_lex.c
deleted file mode 100644
index 0b6f7ccfa..000000000
--- a/third-party/yajl/src/yajl_lex.c
+++ /dev/null
@@ -1,763 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "yajl_lex.h"
-#include "yajl_buf.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <assert.h>
-#include <string.h>
-
-#ifdef YAJL_LEXER_DEBUG
-static const char *
-tokToStr(yajl_tok tok)
-{
-    switch (tok) {
-        case yajl_tok_bool: return "bool";
-        case yajl_tok_colon: return "colon";
-        case yajl_tok_comma: return "comma";
-        case yajl_tok_eof: return "eof";
-        case yajl_tok_error: return "error";
-        case yajl_tok_left_brace: return "brace";
-        case yajl_tok_left_bracket: return "bracket";
-        case yajl_tok_null: return "null";
-        case yajl_tok_integer: return "integer";
-        case yajl_tok_double: return "double";
-        case yajl_tok_right_brace: return "brace";
-        case yajl_tok_right_bracket: return "bracket";
-        case yajl_tok_string: return "string";
-        case yajl_tok_string_with_escapes: return "string_with_escapes";
-    }
-    return "unknown";
-}
-#endif
-
-/* Impact of the stream parsing feature on the lexer:
- *
- * YAJL support stream parsing.  That is, the ability to parse the first
- * bits of a chunk of JSON before the last bits are available (still on
- * the network or disk).  This makes the lexer more complex.  The
- * responsibility of the lexer is to handle transparently the case where
- * a chunk boundary falls in the middle of a token.  This is
- * accomplished is via a buffer and a character reading abstraction.
- *
- * Overview of implementation
- *
- * When we lex to end of input string before end of token is hit, we
- * copy all of the input text composing the token into our lexBuf.
- *
- * Every time we read a character, we do so through the readChar function.
- * readChar's responsibility is to handle pulling all chars from the buffer
- * before pulling chars from input text
- */
-
-struct yajl_lexer_t {
-    /* the overal line and char offset into the data */
-    size_t lineOff;
-    size_t charOff;
-
-    /* error */
-    yajl_lex_error error;
-
-    /* a input buffer to handle the case where a token is spread over
-     * multiple chunks */
-    yajl_buf buf;
-
-    /* in the case where we have data in the lexBuf, bufOff holds
-     * the current offset into the lexBuf. */
-    size_t bufOff;
-
-    /* are we using the lex buf? */
-    unsigned int bufInUse;
-
-    /* shall we allow comments? */
-    unsigned int allowComments;
-
-    /* shall we validate utf8 inside strings? */
-    unsigned int validateUTF8;
-
-    yajl_alloc_funcs * alloc;
-};
-
-#define readChar(lxr, txt, off)                      \
-    (((lxr)->bufInUse && yajl_buf_len((lxr)->buf) && lxr->bufOff < yajl_buf_len((lxr)->buf)) ? \
-     (*((const unsigned char *) yajl_buf_data((lxr)->buf) + ((lxr)->bufOff)++)) : \
-     ((txt)[(*(off))++]))
-
-#define unreadChar(lxr, off) ((*(off) > 0) ? (*(off))-- : ((lxr)->bufOff--))
-
-yajl_lexer
-yajl_lex_alloc(yajl_alloc_funcs * alloc,
-               unsigned int allowComments, unsigned int validateUTF8)
-{
-    yajl_lexer lxr = (yajl_lexer) YA_MALLOC(alloc, sizeof(struct yajl_lexer_t));
-    memset((void *) lxr, 0, sizeof(struct yajl_lexer_t));
-    lxr->buf = yajl_buf_alloc(alloc);
-    lxr->allowComments = allowComments;
-    lxr->validateUTF8 = validateUTF8;
-    lxr->alloc = alloc;
-    return lxr;
-}
-
-void
-yajl_lex_free(yajl_lexer lxr)
-{
-    yajl_buf_free(lxr->buf);
-    YA_FREE(lxr->alloc, lxr);
-    return;
-}
-
-/* a lookup table which lets us quickly determine three things:
- * VEC - valid escaped control char
- * note.  the solidus '/' may be escaped or not.
- * IJC - invalid json char
- * VHC - valid hex char
- * NFP - needs further processing (from a string scanning perspective)
- * NUC - needs utf8 checking when enabled (from a string scanning perspective)
- */
-#define VEC 0x01
-#define IJC 0x02
-#define VHC 0x04
-#define NFP 0x08
-#define NUC 0x10
-
-static const char charLookupTable[256] =
-{
-/*00*/ IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    ,
-/*08*/ IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    ,
-/*10*/ IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    ,
-/*18*/ IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    , IJC    ,
-
-/*20*/ 0      , 0      , NFP|VEC|IJC, 0      , 0      , 0      , 0      , 0      ,
-/*28*/ 0      , 0      , 0      , 0      , 0      , 0      , 0      , VEC    ,
-/*30*/ VHC    , VHC    , VHC    , VHC    , VHC    , VHC    , VHC    , VHC    ,
-/*38*/ VHC    , VHC    , 0      , 0      , 0      , 0      , 0      , 0      ,
-
-/*40*/ 0      , VHC    , VHC    , VHC    , VHC    , VHC    , VHC    , 0      ,
-/*48*/ 0      , 0      , 0      , 0      , 0      , 0      , 0      , 0      ,
-/*50*/ 0      , 0      , 0      , 0      , 0      , 0      , 0      , 0      ,
-/*58*/ 0      , 0      , 0      , 0      , NFP|VEC|IJC, 0      , 0      , 0      ,
-
-/*60*/ 0      , VHC    , VEC|VHC, VHC    , VHC    , VHC    , VEC|VHC, 0      ,
-/*68*/ 0      , 0      , 0      , 0      , 0      , 0      , VEC    , 0      ,
-/*70*/ 0      , 0      , VEC    , 0      , VEC    , 0      , 0      , 0      ,
-/*78*/ 0      , 0      , 0      , 0      , 0      , 0      , 0      , 0      ,
-
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    ,
-       NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC    , NUC
-};
-
-/** process a variable length utf8 encoded codepoint.
- *
- *  returns:
- *    yajl_tok_string - if valid utf8 char was parsed and offset was
- *                      advanced
- *    yajl_tok_eof - if end of input was hit before validation could
- *                   complete
- *    yajl_tok_error - if invalid utf8 was encountered
- *
- *  NOTE: on error the offset will point to the first char of the
- *  invalid utf8 */
-#define UTF8_CHECK_EOF if (*offset >= jsonTextLen) { return yajl_tok_eof; }
-
-static yajl_tok
-yajl_lex_utf8_char(yajl_lexer lexer, const unsigned char * jsonText,
-                   size_t jsonTextLen, size_t * offset,
-                   unsigned char curChar)
-{
-    if (curChar <= 0x7f) {
-        /* single byte */
-        return yajl_tok_string;
-    } else if ((curChar >> 5) == 0x6) {
-        /* two byte */
-        UTF8_CHECK_EOF;
-        curChar = readChar(lexer, jsonText, offset);
-        if ((curChar >> 6) == 0x2) return yajl_tok_string;
-    } else if ((curChar >> 4) == 0x0e) {
-        /* three byte */
-        UTF8_CHECK_EOF;
-        curChar = readChar(lexer, jsonText, offset);
-        if ((curChar >> 6) == 0x2) {
-            UTF8_CHECK_EOF;
-            curChar = readChar(lexer, jsonText, offset);
-            if ((curChar >> 6) == 0x2) return yajl_tok_string;
-        }
-    } else if ((curChar >> 3) == 0x1e) {
-        /* four byte */
-        UTF8_CHECK_EOF;
-        curChar = readChar(lexer, jsonText, offset);
-        if ((curChar >> 6) == 0x2) {
-            UTF8_CHECK_EOF;
-            curChar = readChar(lexer, jsonText, offset);
-            if ((curChar >> 6) == 0x2) {
-                UTF8_CHECK_EOF;
-                curChar = readChar(lexer, jsonText, offset);
-                if ((curChar >> 6) == 0x2) return yajl_tok_string;
-            }
-        }
-    }
-
-    return yajl_tok_error;
-}
-
-/* lex a string.  input is the lexer, pointer to beginning of
- * json text, and start of string (offset).
- * a token is returned which has the following meanings:
- * yajl_tok_string: lex of string was successful.  offset points to
- *                  terminating '"'.
- * yajl_tok_eof: end of text was encountered before we could complete
- *               the lex.
- * yajl_tok_error: embedded in the string were unallowable chars.  offset
- *               points to the offending char
- */
-#define STR_CHECK_EOF \
-if (*offset >= jsonTextLen) { \
-   tok = yajl_tok_eof; \
-   goto finish_string_lex; \
-}
-
-/** scan a string for interesting characters that might need further
- *  review.  return the number of chars that are uninteresting and can
- *  be skipped.
- * (lth) hi world, any thoughts on how to make this routine faster? */
-static size_t
-yajl_string_scan(const unsigned char * buf, size_t len, int utf8check)
-{
-    unsigned char mask = IJC|NFP|(utf8check ? NUC : 0);
-    size_t skip = 0;
-    while (skip < len && !(charLookupTable[*buf] & mask))
-    {
-        skip++;
-        buf++;
-    }
-    return skip;
-}
-
-static yajl_tok
-yajl_lex_string(yajl_lexer lexer, const unsigned char * jsonText,
-                size_t jsonTextLen, size_t * offset)
-{
-    yajl_tok tok = yajl_tok_error;
-    int hasEscapes = 0;
-
-    for (;;) {
-        unsigned char curChar;
-
-        /* now jump into a faster scanning routine to skip as much
-         * of the buffers as possible */
-        {
-            const unsigned char * p;
-            size_t len;
-
-            if ((lexer->bufInUse && yajl_buf_len(lexer->buf) &&
-                 lexer->bufOff < yajl_buf_len(lexer->buf)))
-            {
-                p = ((const unsigned char *) yajl_buf_data(lexer->buf) +
-                     (lexer->bufOff));
-                len = yajl_buf_len(lexer->buf) - lexer->bufOff;
-                lexer->bufOff += yajl_string_scan(p, len, lexer->validateUTF8);
-            }
-            else if (*offset < jsonTextLen)
-            {
-                p = jsonText + *offset;
-                len = jsonTextLen - *offset;
-                *offset += yajl_string_scan(p, len, lexer->validateUTF8);
-            }
-        }
-
-        STR_CHECK_EOF;
-
-        curChar = readChar(lexer, jsonText, offset);
-
-        /* quote terminates */
-        if (curChar == '"') {
-            tok = yajl_tok_string;
-            break;
-        }
-        /* backslash escapes a set of control chars, */
-        else if (curChar == '\\') {
-            hasEscapes = 1;
-            STR_CHECK_EOF;
-
-            /* special case \u */
-            curChar = readChar(lexer, jsonText, offset);
-            if (curChar == 'u') {
-                unsigned int i = 0;
-
-                for (i=0;i<4;i++) {
-                    STR_CHECK_EOF;
-                    curChar = readChar(lexer, jsonText, offset);
-                    if (!(charLookupTable[curChar] & VHC)) {
-                        /* back up to offending char */
-                        unreadChar(lexer, offset);
-                        lexer->error = yajl_lex_string_invalid_hex_char;
-                        goto finish_string_lex;
-                    }
-                }
-            } else if (!(charLookupTable[curChar] & VEC)) {
-                /* back up to offending char */
-                unreadChar(lexer, offset);
-                lexer->error = yajl_lex_string_invalid_escaped_char;
-                goto finish_string_lex;
-            }
-        }
-        /* when not validating UTF8 it's a simple table lookup to determine
-         * if the present character is invalid */
-        else if(charLookupTable[curChar] & IJC) {
-            /* back up to offending char */
-            unreadChar(lexer, offset);
-            lexer->error = yajl_lex_string_invalid_json_char;
-            goto finish_string_lex;
-        }
-        /* when in validate UTF8 mode we need to do some extra work */
-        else if (lexer->validateUTF8) {
-            yajl_tok t = yajl_lex_utf8_char(lexer, jsonText, jsonTextLen,
-                                            offset, curChar);
-
-            if (t == yajl_tok_eof) {
-                tok = yajl_tok_eof;
-                goto finish_string_lex;
-            } else if (t == yajl_tok_error) {
-                lexer->error = yajl_lex_string_invalid_utf8;
-                goto finish_string_lex;
-            }
-        }
-        /* accept it, and move on */
-    }
-  finish_string_lex:
-    /* tell our buddy, the parser, wether he needs to process this string
-     * again */
-    if (hasEscapes && tok == yajl_tok_string) {
-        tok = yajl_tok_string_with_escapes;
-    }
-
-    return tok;
-}
-
-#define RETURN_IF_EOF if (*offset >= jsonTextLen) return yajl_tok_eof;
-
-static yajl_tok
-yajl_lex_number(yajl_lexer lexer, const unsigned char * jsonText,
-                size_t jsonTextLen, size_t * offset)
-{
-    /** XXX: numbers are the only entities in json that we must lex
-     *       _beyond_ in order to know that they are complete.  There
-     *       is an ambiguous case for integers at EOF. */
-
-    unsigned char c;
-
-    yajl_tok tok = yajl_tok_integer;
-
-    RETURN_IF_EOF;
-    c = readChar(lexer, jsonText, offset);
-
-    /* optional leading minus */
-    if (c == '-') {
-        RETURN_IF_EOF;
-        c = readChar(lexer, jsonText, offset);
-    }
-
-    /* a single zero, or a series of integers */
-    if (c == '0') {
-        RETURN_IF_EOF;
-        c = readChar(lexer, jsonText, offset);
-    } else if (c >= '1' && c <= '9') {
-        do {
-            RETURN_IF_EOF;
-            c = readChar(lexer, jsonText, offset);
-        } while (c >= '0' && c <= '9');
-    } else {
-        unreadChar(lexer, offset);
-        lexer->error = yajl_lex_missing_integer_after_minus;
-        return yajl_tok_error;
-    }
-
-    /* optional fraction (indicates this is floating point) */
-    if (c == '.') {
-        int numRd = 0;
-
-        RETURN_IF_EOF;
-        c = readChar(lexer, jsonText, offset);
-
-        while (c >= '0' && c <= '9') {
-            numRd++;
-            RETURN_IF_EOF;
-            c = readChar(lexer, jsonText, offset);
-        }
-
-        if (!numRd) {
-            unreadChar(lexer, offset);
-            lexer->error = yajl_lex_missing_integer_after_decimal;
-            return yajl_tok_error;
-        }
-        tok = yajl_tok_double;
-    }
-
-    /* optional exponent (indicates this is floating point) */
-    if (c == 'e' || c == 'E') {
-        RETURN_IF_EOF;
-        c = readChar(lexer, jsonText, offset);
-
-        /* optional sign */
-        if (c == '+' || c == '-') {
-            RETURN_IF_EOF;
-            c = readChar(lexer, jsonText, offset);
-        }
-
-        if (c >= '0' && c <= '9') {
-            do {
-                RETURN_IF_EOF;
-                c = readChar(lexer, jsonText, offset);
-            } while (c >= '0' && c <= '9');
-        } else {
-            unreadChar(lexer, offset);
-            lexer->error = yajl_lex_missing_integer_after_exponent;
-            return yajl_tok_error;
-        }
-        tok = yajl_tok_double;
-    }
-
-    /* we always go "one too far" */
-    unreadChar(lexer, offset);
-
-    return tok;
-}
-
-static yajl_tok
-yajl_lex_comment(yajl_lexer lexer, const unsigned char * jsonText,
-                 size_t jsonTextLen, size_t * offset)
-{
-    unsigned char c;
-
-    yajl_tok tok = yajl_tok_comment;
-
-    RETURN_IF_EOF;
-    c = readChar(lexer, jsonText, offset);
-
-    /* either slash or star expected */
-    if (c == '/') {
-        /* now we throw away until end of line */
-        do {
-            RETURN_IF_EOF;
-            c = readChar(lexer, jsonText, offset);
-        } while (c != '\n');
-    } else if (c == '*') {
-        /* now we throw away until end of comment */
-        for (;;) {
-            RETURN_IF_EOF;
-            c = readChar(lexer, jsonText, offset);
-            if (c == '*') {
-                RETURN_IF_EOF;
-                c = readChar(lexer, jsonText, offset);
-                if (c == '/') {
-                    break;
-                } else {
-                    unreadChar(lexer, offset);
-                }
-            }
-        }
-    } else {
-        lexer->error = yajl_lex_invalid_char;
-        tok = yajl_tok_error;
-    }
-
-    return tok;
-}
-
-yajl_tok
-yajl_lex_lex(yajl_lexer lexer, const unsigned char * jsonText,
-             size_t jsonTextLen, size_t * offset,
-             const unsigned char ** outBuf, size_t * outLen)
-{
-    yajl_tok tok = yajl_tok_error;
-    unsigned char c;
-    size_t startOffset = *offset;
-
-    *outBuf = NULL;
-    *outLen = 0;
-
-    for (;;) {
-        assert(*offset <= jsonTextLen);
-
-        if (*offset >= jsonTextLen) {
-            tok = yajl_tok_eof;
-            goto lexed;
-        }
-
-        c = readChar(lexer, jsonText, offset);
-
-        switch (c) {
-            case '{':
-                tok = yajl_tok_left_bracket;
-                goto lexed;
-            case '}':
-                tok = yajl_tok_right_bracket;
-                goto lexed;
-            case '[':
-                tok = yajl_tok_left_brace;
-                goto lexed;
-            case ']':
-                tok = yajl_tok_right_brace;
-                goto lexed;
-            case ',':
-                tok = yajl_tok_comma;
-                goto lexed;
-            case ':':
-                tok = yajl_tok_colon;
-                goto lexed;
-            case '\t': case '\n': case '\v': case '\f': case '\r': case ' ':
-                startOffset++;
-                break;
-            case 't': {
-                const char * want = "rue";
-                do {
-                    if (*offset >= jsonTextLen) {
-                        tok = yajl_tok_eof;
-                        goto lexed;
-                    }
-                    c = readChar(lexer, jsonText, offset);
-                    if (c != *want) {
-                        unreadChar(lexer, offset);
-                        lexer->error = yajl_lex_invalid_string;
-                        tok = yajl_tok_error;
-                        goto lexed;
-                    }
-                } while (*(++want));
-                tok = yajl_tok_bool;
-                goto lexed;
-            }
-            case 'f': {
-                const char * want = "alse";
-                do {
-                    if (*offset >= jsonTextLen) {
-                        tok = yajl_tok_eof;
-                        goto lexed;
-                    }
-                    c = readChar(lexer, jsonText, offset);
-                    if (c != *want) {
-                        unreadChar(lexer, offset);
-                        lexer->error = yajl_lex_invalid_string;
-                        tok = yajl_tok_error;
-                        goto lexed;
-                    }
-                } while (*(++want));
-                tok = yajl_tok_bool;
-                goto lexed;
-            }
-            case 'n': {
-                const char * want = "ull";
-                do {
-                    if (*offset >= jsonTextLen) {
-                        tok = yajl_tok_eof;
-                        goto lexed;
-                    }
-                    c = readChar(lexer, jsonText, offset);
-                    if (c != *want) {
-                        unreadChar(lexer, offset);
-                        lexer->error = yajl_lex_invalid_string;
-                        tok = yajl_tok_error;
-                        goto lexed;
-                    }
-                } while (*(++want));
-                tok = yajl_tok_null;
-                goto lexed;
-            }
-            case '"': {
-                tok = yajl_lex_string(lexer, (const unsigned char *) jsonText,
-                                      jsonTextLen, offset);
-                goto lexed;
-            }
-            case '-':
-            case '0': case '1': case '2': case '3': case '4':
-            case '5': case '6': case '7': case '8': case '9': {
-                /* integer parsing wants to start from the beginning */
-                unreadChar(lexer, offset);
-                tok = yajl_lex_number(lexer, (const unsigned char *) jsonText,
-                                      jsonTextLen, offset);
-                goto lexed;
-            }
-            case '/':
-                /* hey, look, a probable comment!  If comments are disabled
-                 * it's an error. */
-                if (!lexer->allowComments) {
-                    unreadChar(lexer, offset);
-                    lexer->error = yajl_lex_unallowed_comment;
-                    tok = yajl_tok_error;
-                    goto lexed;
-                }
-                /* if comments are enabled, then we should try to lex
-                 * the thing.  possible outcomes are
-                 * - successful lex (tok_comment, which means continue),
-                 * - malformed comment opening (slash not followed by
-                 *   '*' or '/') (tok_error)
-                 * - eof hit. (tok_eof) */
-                tok = yajl_lex_comment(lexer, (const unsigned char *) jsonText,
-                                       jsonTextLen, offset);
-                if (tok == yajl_tok_comment) {
-                    /* "error" is silly, but that's the initial
-                     * state of tok.  guilty until proven innocent. */
-                    tok = yajl_tok_error;
-                    yajl_buf_clear(lexer->buf);
-                    lexer->bufInUse = 0;
-                    startOffset = *offset;
-                    break;
-                }
-                /* hit error or eof, bail */
-                goto lexed;
-            default:
-                lexer->error = yajl_lex_invalid_char;
-                tok = yajl_tok_error;
-                goto lexed;
-        }
-    }
-
-
-  lexed:
-    /* need to append to buffer if the buffer is in use or
-     * if it's an EOF token */
-    if (tok == yajl_tok_eof || lexer->bufInUse) {
-        if (!lexer->bufInUse) yajl_buf_clear(lexer->buf);
-        lexer->bufInUse = 1;
-        yajl_buf_append(lexer->buf, jsonText + startOffset, *offset - startOffset);
-        lexer->bufOff = 0;
-
-        if (tok != yajl_tok_eof) {
-            *outBuf = yajl_buf_data(lexer->buf);
-            *outLen = yajl_buf_len(lexer->buf);
-            lexer->bufInUse = 0;
-        }
-    } else if (tok != yajl_tok_error) {
-        *outBuf = jsonText + startOffset;
-        *outLen = *offset - startOffset;
-    }
-
-    /* special case for strings. skip the quotes. */
-    if (tok == yajl_tok_string || tok == yajl_tok_string_with_escapes)
-    {
-        assert(*outLen >= 2);
-        (*outBuf)++;
-        *outLen -= 2;
-    }
-
-
-#ifdef YAJL_LEXER_DEBUG
-    if (tok == yajl_tok_error) {
-        printf("lexical error: %s\n",
-               yajl_lex_error_to_string(yajl_lex_get_error(lexer)));
-    } else if (tok == yajl_tok_eof) {
-        printf("EOF hit\n");
-    } else {
-        printf("lexed %s: '", tokToStr(tok));
-        fwrite(*outBuf, 1, *outLen, stdout);
-        printf("'\n");
-    }
-#endif
-
-    return tok;
-}
-
-const char *
-yajl_lex_error_to_string(yajl_lex_error error)
-{
-    switch (error) {
-        case yajl_lex_e_ok:
-            return "ok, no error";
-        case yajl_lex_string_invalid_utf8:
-            return "invalid bytes in UTF8 string.";
-        case yajl_lex_string_invalid_escaped_char:
-            return "inside a string, '\\' occurs before a character "
-                   "which it may not.";
-        case yajl_lex_string_invalid_json_char:
-            return "invalid character inside string.";
-        case yajl_lex_string_invalid_hex_char:
-            return "invalid (non-hex) character occurs after '\\u' inside "
-                   "string.";
-        case yajl_lex_invalid_char:
-            return "invalid char in json text.";
-        case yajl_lex_invalid_string:
-            return "invalid string in json text.";
-        case yajl_lex_missing_integer_after_exponent:
-            return "malformed number, a digit is required after the exponent.";
-        case yajl_lex_missing_integer_after_decimal:
-            return "malformed number, a digit is required after the "
-                   "decimal point.";
-        case yajl_lex_missing_integer_after_minus:
-            return "malformed number, a digit is required after the "
-                   "minus sign.";
-        case yajl_lex_unallowed_comment:
-            return "probable comment found in input text, comments are "
-                   "not enabled.";
-    }
-    return "unknown error code";
-}
-
-
-/** allows access to more specific information about the lexical
- *  error when yajl_lex_lex returns yajl_tok_error. */
-yajl_lex_error
-yajl_lex_get_error(yajl_lexer lexer)
-{
-    if (lexer == NULL) return (yajl_lex_error) -1;
-    return lexer->error;
-}
-
-size_t yajl_lex_current_line(yajl_lexer lexer)
-{
-    return lexer->lineOff;
-}
-
-size_t yajl_lex_current_char(yajl_lexer lexer)
-{
-    return lexer->charOff;
-}
-
-yajl_tok yajl_lex_peek(yajl_lexer lexer, const unsigned char * jsonText,
-                       size_t jsonTextLen, size_t offset)
-{
-    const unsigned char * outBuf;
-    size_t outLen;
-    size_t bufLen = yajl_buf_len(lexer->buf);
-    size_t bufOff = lexer->bufOff;
-    unsigned int bufInUse = lexer->bufInUse;
-    yajl_tok tok;
-
-    tok = yajl_lex_lex(lexer, jsonText, jsonTextLen, &offset,
-                       &outBuf, &outLen);
-
-    lexer->bufOff = bufOff;
-    lexer->bufInUse = bufInUse;
-    yajl_buf_truncate(lexer->buf, bufLen);
-
-    return tok;
-}
diff --git a/third-party/yajl/src/yajl_lex.h b/third-party/yajl/src/yajl_lex.h
deleted file mode 100644
index fd17c001d..000000000
--- a/third-party/yajl/src/yajl_lex.h
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef __YAJL_LEX_H__
-#define __YAJL_LEX_H__
-
-#include "api/yajl_common.h"
-
-typedef enum {
-    yajl_tok_bool,
-    yajl_tok_colon,
-    yajl_tok_comma,
-    yajl_tok_eof,
-    yajl_tok_error,
-    yajl_tok_left_brace,
-    yajl_tok_left_bracket,
-    yajl_tok_null,
-    yajl_tok_right_brace,
-    yajl_tok_right_bracket,
-
-    /* we differentiate between integers and doubles to allow the
-     * parser to interpret the number without re-scanning */
-    yajl_tok_integer,
-    yajl_tok_double,
-
-    /* we differentiate between strings which require further processing,
-     * and strings that do not */
-    yajl_tok_string,
-    yajl_tok_string_with_escapes,
-
-    /* comment tokens are not currently returned to the parser, ever */
-    yajl_tok_comment
-} yajl_tok;
-
-typedef struct yajl_lexer_t * yajl_lexer;
-
-yajl_lexer yajl_lex_alloc(yajl_alloc_funcs * alloc,
-                          unsigned int allowComments,
-                          unsigned int validateUTF8);
-
-void yajl_lex_free(yajl_lexer lexer);
-
-/**
- * run/continue a lex. "offset" is an input/output parameter.
- * It should be initialized to zero for a
- * new chunk of target text, and upon subsetquent calls with the same
- * target text should passed with the value of the previous invocation.
- *
- * the client may be interested in the value of offset when an error is
- * returned from the lexer.  This allows the client to render useful
- * error messages.
- *
- * When you pass the next chunk of data, context should be reinitialized
- * to zero.
- *
- * Finally, the output buffer is usually just a pointer into the jsonText,
- * however in cases where the entity being lexed spans multiple chunks,
- * the lexer will buffer the entity and the data returned will be
- * a pointer into that buffer.
- *
- * This behavior is abstracted from client code except for the performance
- * implications which require that the client choose a reasonable chunk
- * size to get adequate performance.
- */
-yajl_tok yajl_lex_lex(yajl_lexer lexer, const unsigned char * jsonText,
-                      size_t jsonTextLen, size_t * offset,
-                      const unsigned char ** outBuf, size_t * outLen);
-
-/** have a peek at the next token, but don't move the lexer forward */
-yajl_tok yajl_lex_peek(yajl_lexer lexer, const unsigned char * jsonText,
-                       size_t jsonTextLen, size_t offset);
-
-
-typedef enum {
-    yajl_lex_e_ok = 0,
-    yajl_lex_string_invalid_utf8,
-    yajl_lex_string_invalid_escaped_char,
-    yajl_lex_string_invalid_json_char,
-    yajl_lex_string_invalid_hex_char,
-    yajl_lex_invalid_char,
-    yajl_lex_invalid_string,
-    yajl_lex_missing_integer_after_decimal,
-    yajl_lex_missing_integer_after_exponent,
-    yajl_lex_missing_integer_after_minus,
-    yajl_lex_unallowed_comment
-} yajl_lex_error;
-
-const char * yajl_lex_error_to_string(yajl_lex_error error);
-
-/** allows access to more specific information about the lexical
- *  error when yajl_lex_lex returns yajl_tok_error. */
-yajl_lex_error yajl_lex_get_error(yajl_lexer lexer);
-
-/** get the current offset into the most recently lexed json string. */
-size_t yajl_lex_current_offset(yajl_lexer lexer);
-
-/** get the number of lines lexed by this lexer instance */
-size_t yajl_lex_current_line(yajl_lexer lexer);
-
-/** get the number of chars lexed by this lexer instance since the last
- *  \n or \r */
-size_t yajl_lex_current_char(yajl_lexer lexer);
-
-#endif
diff --git a/third-party/yajl/src/yajl_parser.c b/third-party/yajl/src/yajl_parser.c
deleted file mode 100644
index 1a528a640..000000000
--- a/third-party/yajl/src/yajl_parser.c
+++ /dev/null
@@ -1,498 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "api/yajl_parse.h"
-#include "yajl_lex.h"
-#include "yajl_parser.h"
-#include "yajl_encode.h"
-#include "yajl_bytestack.h"
-
-#include <stdlib.h>
-#include <limits.h>
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <math.h>
-
-#define MAX_VALUE_TO_MULTIPLY ((LLONG_MAX / 10) + (LLONG_MAX % 10))
-
- /* same semantics as strtol */
-long long
-yajl_parse_integer(const unsigned char *number, unsigned int length)
-{
-    long long ret  = 0;
-    long sign = 1;
-    const unsigned char *pos = number;
-    if (*pos == '-') { pos++; sign = -1; }
-    if (*pos == '+') { pos++; }
-
-    while (pos < number + length) {
-        if ( ret > MAX_VALUE_TO_MULTIPLY ) {
-            errno = ERANGE;
-            return sign == 1 ? LLONG_MAX : LLONG_MIN;
-        }
-        ret *= 10;
-        if (LLONG_MAX - ret < (*pos - '0')) {
-            errno = ERANGE;
-            return sign == 1 ? LLONG_MAX : LLONG_MIN;
-        }
-        if (*pos < '0' || *pos > '9') {
-            errno = ERANGE;
-            return sign == 1 ? LLONG_MAX : LLONG_MIN;
-        }
-        ret += (*pos++ - '0');
-    }
-
-    return sign * ret;
-}
-
-unsigned char *
-yajl_render_error_string(yajl_handle hand, const unsigned char * jsonText,
-                         size_t jsonTextLen, int verbose)
-{
-    size_t offset = hand->bytesConsumed;
-    unsigned char * str;
-    const char * errorType = NULL;
-    const char * errorText = NULL;
-    char text[72];
-    const char * arrow = "                     (right here) ------^\n";
-
-    if (yajl_bs_current(hand->stateStack) == yajl_state_parse_error) {
-        errorType = "parse";
-        errorText = hand->parseError;
-    } else if (yajl_bs_current(hand->stateStack) == yajl_state_lexical_error) {
-        errorType = "lexical";
-        errorText = yajl_lex_error_to_string(yajl_lex_get_error(hand->lexer));
-    } else {
-        errorType = "unknown";
-    }
-
-    {
-        size_t memneeded = 0;
-        memneeded += strlen(errorType);
-        memneeded += strlen(" error");
-        if (errorText != NULL) {
-            memneeded += strlen(": ");
-            memneeded += strlen(errorText);
-        }
-        str = (unsigned char *) YA_MALLOC(&(hand->alloc), memneeded + 2);
-        if (!str) return NULL;
-        str[0] = 0;
-        strcat((char *) str, errorType);
-        strcat((char *) str, " error");
-        if (errorText != NULL) {
-            strcat((char *) str, ": ");
-            strcat((char *) str, errorText);
-        }
-        strcat((char *) str, "\n");
-    }
-
-    /* now we append as many spaces as needed to make sure the error
-     * falls at char 41, if verbose was specified */
-    if (verbose) {
-        size_t start, end, i;
-        size_t spacesNeeded;
-
-        spacesNeeded = (offset < 30 ? 40 - offset : 10);
-        start = (offset >= 30 ? offset - 30 : 0);
-        end = (offset + 30 > jsonTextLen ? jsonTextLen : offset + 30);
-
-        for (i=0;i<spacesNeeded;i++) text[i] = ' ';
-
-        for (;start < end;start++, i++) {
-            if (jsonText[start] != '\n' && jsonText[start] != '\r')
-            {
-                text[i] = jsonText[start];
-            }
-            else
-            {
-                text[i] = ' ';
-            }
-        }
-        assert(i <= 71);
-        text[i++] = '\n';
-        text[i] = 0;
-        {
-            char * newStr = (char *)
-                YA_MALLOC(&(hand->alloc), (unsigned int)(strlen((char *) str) +
-                                                         strlen((char *) text) +
-                                                         strlen(arrow) + 1));
-            if (newStr) {
-                newStr[0] = 0;
-                strcat((char *) newStr, (char *) str);
-                strcat((char *) newStr, text);
-                strcat((char *) newStr, arrow);
-            }
-            YA_FREE(&(hand->alloc), str);
-            str = (unsigned char *) newStr;
-        }
-    }
-    return str;
-}
-
-/* check for client cancelation */
-#define _CC_CHK(x)                                                \
-    if (!(x)) {                                                   \
-        yajl_bs_set(hand->stateStack, yajl_state_parse_error);    \
-        hand->parseError =                                        \
-            "client cancelled parse via callback return value";   \
-        return yajl_status_client_canceled;                       \
-    }
-
-
-yajl_status
-yajl_do_finish(yajl_handle hand)
-{
-    yajl_status stat;
-    stat = yajl_do_parse(hand,(const unsigned char *) " ",1);
-
-    if (stat != yajl_status_ok) return stat;
-
-    switch(yajl_bs_current(hand->stateStack))
-    {
-        case yajl_state_parse_error:
-        case yajl_state_lexical_error:
-            return yajl_status_error;
-        case yajl_state_got_value:
-        case yajl_state_parse_complete:
-            return yajl_status_ok;
-        default:
-            if (!(hand->flags & yajl_allow_partial_values))
-            {
-                yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                hand->parseError = "premature EOF";
-                return yajl_status_error;
-            }
-            return yajl_status_ok;
-    }
-}
-
-yajl_status
-yajl_do_parse(yajl_handle hand, const unsigned char * jsonText,
-              size_t jsonTextLen)
-{
-    yajl_tok tok;
-    const unsigned char * buf;
-    size_t bufLen;
-    size_t * offset = &(hand->bytesConsumed);
-
-    *offset = 0;
-
-  around_again:
-    switch (yajl_bs_current(hand->stateStack)) {
-        case yajl_state_parse_complete:
-            if (hand->flags & yajl_allow_multiple_values) {
-                yajl_bs_set(hand->stateStack, yajl_state_got_value);
-                goto around_again;
-            }
-            if (!(hand->flags & yajl_allow_trailing_garbage)) {
-                if (*offset != jsonTextLen) {
-                    tok = yajl_lex_lex(hand->lexer, jsonText, jsonTextLen,
-                                       offset, &buf, &bufLen);
-                    if (tok != yajl_tok_eof) {
-                        yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                        hand->parseError = "trailing garbage";
-                    }
-                    goto around_again;
-                }
-            }
-            return yajl_status_ok;
-        case yajl_state_lexical_error:
-        case yajl_state_parse_error:
-            return yajl_status_error;
-        case yajl_state_start:
-        case yajl_state_got_value:
-        case yajl_state_map_need_val:
-        case yajl_state_array_need_val:
-        case yajl_state_array_start:  {
-            /* for arrays and maps, we advance the state for this
-             * depth, then push the state of the next depth.
-             * If an error occurs during the parsing of the nesting
-             * enitity, the state at this level will not matter.
-             * a state that needs pushing will be anything other
-             * than state_start */
-
-            yajl_state stateToPush = yajl_state_start;
-
-            tok = yajl_lex_lex(hand->lexer, jsonText, jsonTextLen,
-                               offset, &buf, &bufLen);
-
-            switch (tok) {
-                case yajl_tok_eof:
-                    return yajl_status_ok;
-                case yajl_tok_error:
-                    yajl_bs_set(hand->stateStack, yajl_state_lexical_error);
-                    goto around_again;
-                case yajl_tok_string:
-                    if (hand->callbacks && hand->callbacks->yajl_string) {
-                        _CC_CHK(hand->callbacks->yajl_string(hand->ctx,
-                                                             buf, bufLen));
-                    }
-                    break;
-                case yajl_tok_string_with_escapes:
-                    if (hand->callbacks && hand->callbacks->yajl_string) {
-                        yajl_buf_clear(hand->decodeBuf);
-                        yajl_string_decode(hand->decodeBuf, buf, bufLen);
-                        _CC_CHK(hand->callbacks->yajl_string(
-                                    hand->ctx, yajl_buf_data(hand->decodeBuf),
-                                    yajl_buf_len(hand->decodeBuf)));
-                    }
-                    break;
-                case yajl_tok_bool:
-                    if (hand->callbacks && hand->callbacks->yajl_boolean) {
-                        _CC_CHK(hand->callbacks->yajl_boolean(hand->ctx,
-                                                              *buf == 't'));
-                    }
-                    break;
-                case yajl_tok_null:
-                    if (hand->callbacks && hand->callbacks->yajl_null) {
-                        _CC_CHK(hand->callbacks->yajl_null(hand->ctx));
-                    }
-                    break;
-                case yajl_tok_left_bracket:
-                    if (hand->callbacks && hand->callbacks->yajl_start_map) {
-                        _CC_CHK(hand->callbacks->yajl_start_map(hand->ctx));
-                    }
-                    stateToPush = yajl_state_map_start;
-                    break;
-                case yajl_tok_left_brace:
-                    if (hand->callbacks && hand->callbacks->yajl_start_array) {
-                        _CC_CHK(hand->callbacks->yajl_start_array(hand->ctx));
-                    }
-                    stateToPush = yajl_state_array_start;
-                    break;
-                case yajl_tok_integer:
-                    if (hand->callbacks) {
-                        if (hand->callbacks->yajl_number) {
-                            _CC_CHK(hand->callbacks->yajl_number(
-                                        hand->ctx,(const char *) buf, bufLen));
-                        } else if (hand->callbacks->yajl_integer) {
-                            long long int i = 0;
-                            errno = 0;
-                            i = yajl_parse_integer(buf, bufLen);
-                            if ((i == LLONG_MIN || i == LLONG_MAX) &&
-                                errno == ERANGE)
-                            {
-                                yajl_bs_set(hand->stateStack,
-                                            yajl_state_parse_error);
-                                hand->parseError = "integer overflow" ;
-                                /* try to restore error offset */
-                                if (*offset >= bufLen) *offset -= bufLen;
-                                else *offset = 0;
-                                goto around_again;
-                            }
-                            _CC_CHK(hand->callbacks->yajl_integer(hand->ctx,
-                                                                  i));
-                        }
-                    }
-                    break;
-                case yajl_tok_double:
-                    if (hand->callbacks) {
-                        if (hand->callbacks->yajl_number) {
-                            _CC_CHK(hand->callbacks->yajl_number(
-                                        hand->ctx, (const char *) buf, bufLen));
-                        } else if (hand->callbacks->yajl_double) {
-                            double d = 0.0;
-                            yajl_buf_clear(hand->decodeBuf);
-                            yajl_buf_append(hand->decodeBuf, buf, bufLen);
-                            buf = yajl_buf_data(hand->decodeBuf);
-                            errno = 0;
-                            d = strtod((char *) buf, NULL);
-                            if ((d == HUGE_VAL || d == -HUGE_VAL) &&
-                                errno == ERANGE)
-                            {
-                                yajl_bs_set(hand->stateStack,
-                                            yajl_state_parse_error);
-                                hand->parseError = "numeric (floating point) "
-                                    "overflow";
-                                /* try to restore error offset */
-                                if (*offset >= bufLen) *offset -= bufLen;
-                                else *offset = 0;
-                                goto around_again;
-                            }
-                            _CC_CHK(hand->callbacks->yajl_double(hand->ctx,
-                                                                 d));
-                        }
-                    }
-                    break;
-                case yajl_tok_right_brace: {
-                    if (yajl_bs_current(hand->stateStack) ==
-                        yajl_state_array_start)
-                    {
-                        if (hand->callbacks &&
-                            hand->callbacks->yajl_end_array)
-                        {
-                            _CC_CHK(hand->callbacks->yajl_end_array(hand->ctx));
-                        }
-                        yajl_bs_pop(hand->stateStack);
-                        goto around_again;
-                    }
-                    /* intentional fall-through */
-                }
-                case yajl_tok_colon:
-                case yajl_tok_comma:
-                case yajl_tok_right_bracket:
-                    yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                    hand->parseError =
-                        "unallowed token at this point in JSON text";
-                    goto around_again;
-                default:
-                    yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                    hand->parseError = "invalid token, internal error";
-                    goto around_again;
-            }
-            /* got a value.  transition depends on the state we're in. */
-            {
-                yajl_state s = yajl_bs_current(hand->stateStack);
-                if (s == yajl_state_start || s == yajl_state_got_value) {
-                    yajl_bs_set(hand->stateStack, yajl_state_parse_complete);
-                } else if (s == yajl_state_map_need_val) {
-                    yajl_bs_set(hand->stateStack, yajl_state_map_got_val);
-                } else {
-                    yajl_bs_set(hand->stateStack, yajl_state_array_got_val);
-                }
-            }
-            if (stateToPush != yajl_state_start) {
-                yajl_bs_push(hand->stateStack, stateToPush);
-            }
-
-            goto around_again;
-        }
-        case yajl_state_map_start:
-        case yajl_state_map_need_key: {
-            /* only difference between these two states is that in
-             * start '}' is valid, whereas in need_key, we've parsed
-             * a comma, and a string key _must_ follow */
-            tok = yajl_lex_lex(hand->lexer, jsonText, jsonTextLen,
-                               offset, &buf, &bufLen);
-            switch (tok) {
-                case yajl_tok_eof:
-                    return yajl_status_ok;
-                case yajl_tok_error:
-                    yajl_bs_set(hand->stateStack, yajl_state_lexical_error);
-                    goto around_again;
-                case yajl_tok_string_with_escapes:
-                    if (hand->callbacks && hand->callbacks->yajl_map_key) {
-                        yajl_buf_clear(hand->decodeBuf);
-                        yajl_string_decode(hand->decodeBuf, buf, bufLen);
-                        buf = yajl_buf_data(hand->decodeBuf);
-                        bufLen = yajl_buf_len(hand->decodeBuf);
-                    }
-                    /* intentional fall-through */
-                case yajl_tok_string:
-                    if (hand->callbacks && hand->callbacks->yajl_map_key) {
-                        _CC_CHK(hand->callbacks->yajl_map_key(hand->ctx, buf,
-                                                              bufLen));
-                    }
-                    yajl_bs_set(hand->stateStack, yajl_state_map_sep);
-                    goto around_again;
-                case yajl_tok_right_bracket:
-                    if (yajl_bs_current(hand->stateStack) ==
-                        yajl_state_map_start)
-                    {
-                        if (hand->callbacks && hand->callbacks->yajl_end_map) {
-                            _CC_CHK(hand->callbacks->yajl_end_map(hand->ctx));
-                        }
-                        yajl_bs_pop(hand->stateStack);
-                        goto around_again;
-                    }
-                default:
-                    yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                    hand->parseError =
-                        "invalid object key (must be a string)"; 
-                    goto around_again;
-            }
-        }
-        case yajl_state_map_sep: {
-            tok = yajl_lex_lex(hand->lexer, jsonText, jsonTextLen,
-                               offset, &buf, &bufLen);
-            switch (tok) {
-                case yajl_tok_colon:
-                    yajl_bs_set(hand->stateStack, yajl_state_map_need_val);
-                    goto around_again;
-                case yajl_tok_eof:
-                    return yajl_status_ok;
-                case yajl_tok_error:
-                    yajl_bs_set(hand->stateStack, yajl_state_lexical_error);
-                    goto around_again;
-                default:
-                    yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                    hand->parseError = "object key and value must "
-                        "be separated by a colon (':')";
-                    goto around_again;
-            }
-        }
-        case yajl_state_map_got_val: {
-            tok = yajl_lex_lex(hand->lexer, jsonText, jsonTextLen,
-                               offset, &buf, &bufLen);
-            switch (tok) {
-                case yajl_tok_right_bracket:
-                    if (hand->callbacks && hand->callbacks->yajl_end_map) {
-                        _CC_CHK(hand->callbacks->yajl_end_map(hand->ctx));
-                    }
-                    yajl_bs_pop(hand->stateStack);
-                    goto around_again;
-                case yajl_tok_comma:
-                    yajl_bs_set(hand->stateStack, yajl_state_map_need_key);
-                    goto around_again;
-                case yajl_tok_eof:
-                    return yajl_status_ok;
-                case yajl_tok_error:
-                    yajl_bs_set(hand->stateStack, yajl_state_lexical_error);
-                    goto around_again;
-                default:
-                    yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                    hand->parseError = "after key and value, inside map, "
-                                       "I expect ',' or '}'";
-                    /* try to restore error offset */
-                    if (*offset >= bufLen) *offset -= bufLen;
-                    else *offset = 0;
-                    goto around_again;
-            }
-        }
-        case yajl_state_array_got_val: {
-            tok = yajl_lex_lex(hand->lexer, jsonText, jsonTextLen,
-                               offset, &buf, &bufLen);
-            switch (tok) {
-                case yajl_tok_right_brace:
-                    if (hand->callbacks && hand->callbacks->yajl_end_array) {
-                        _CC_CHK(hand->callbacks->yajl_end_array(hand->ctx));
-                    }
-                    yajl_bs_pop(hand->stateStack);
-                    goto around_again;
-                case yajl_tok_comma:
-                    yajl_bs_set(hand->stateStack, yajl_state_array_need_val);
-                    goto around_again;
-                case yajl_tok_eof:
-                    return yajl_status_ok;
-                case yajl_tok_error:
-                    yajl_bs_set(hand->stateStack, yajl_state_lexical_error);
-                    goto around_again;
-                default:
-                    yajl_bs_set(hand->stateStack, yajl_state_parse_error);
-                    hand->parseError =
-                        "after array element, I expect ',' or ']'";
-                    goto around_again;
-            }
-        }
-    }
-
-    abort();
-    return yajl_status_error;
-}
-
diff --git a/third-party/yajl/src/yajl_parser.h b/third-party/yajl/src/yajl_parser.h
deleted file mode 100644
index c79299a08..000000000
--- a/third-party/yajl/src/yajl_parser.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef __YAJL_PARSER_H__
-#define __YAJL_PARSER_H__
-
-#include "api/yajl_parse.h"
-#include "yajl_bytestack.h"
-#include "yajl_buf.h"
-#include "yajl_lex.h"
-
-
-typedef enum {
-    yajl_state_start = 0,
-    yajl_state_parse_complete,
-    yajl_state_parse_error,
-    yajl_state_lexical_error,
-    yajl_state_map_start,
-    yajl_state_map_sep,
-    yajl_state_map_need_val,
-    yajl_state_map_got_val,
-    yajl_state_map_need_key,
-    yajl_state_array_start,
-    yajl_state_array_got_val,
-    yajl_state_array_need_val,
-    yajl_state_got_value,
-} yajl_state;
-
-struct yajl_handle_t {
-    const yajl_callbacks * callbacks;
-    void * ctx;
-    yajl_lexer lexer;
-    const char * parseError;
-    /* the number of bytes consumed from the last client buffer,
-     * in the case of an error this will be an error offset, in the
-     * case of an error this can be used as the error offset */
-    size_t bytesConsumed;
-    /* temporary storage for decoded strings */
-    yajl_buf decodeBuf;
-    /* a stack of states.  access with yajl_state_XXX routines */
-    yajl_bytestack stateStack;
-    /* memory allocation routines */
-    yajl_alloc_funcs alloc;
-    /* bitfield */
-    unsigned int flags;
-};
-
-yajl_status
-yajl_do_parse(yajl_handle handle, const unsigned char * jsonText,
-              size_t jsonTextLen);
-
-yajl_status
-yajl_do_finish(yajl_handle handle);
-
-unsigned char *
-yajl_render_error_string(yajl_handle hand, const unsigned char * jsonText,
-                         size_t jsonTextLen, int verbose);
-
-/* A little built in integer parsing routine with the same semantics as strtol
- * that's unaffected by LOCALE. */
-long long
-yajl_parse_integer(const unsigned char *number, unsigned int length);
-
-
-#endif
diff --git a/third-party/yajl/src/yajl_tree.c b/third-party/yajl/src/yajl_tree.c
deleted file mode 100644
index 3d357a32c..000000000
--- a/third-party/yajl/src/yajl_tree.c
+++ /dev/null
@@ -1,503 +0,0 @@
-/*
- * Copyright (c) 2010-2011  Florian Forster  <ff at octo.it>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-
-#include "api/yajl_tree.h"
-#include "api/yajl_parse.h"
-
-#include "yajl_parser.h"
-
-#if defined(_WIN32) || defined(WIN32)
-#define snprintf sprintf_s
-#endif
-
-#define STATUS_CONTINUE 1
-#define STATUS_ABORT    0
-
-struct stack_elem_s;
-typedef struct stack_elem_s stack_elem_t;
-struct stack_elem_s
-{
-    char * key;
-    yajl_val value;
-    stack_elem_t *next;
-};
-
-struct context_s
-{
-    stack_elem_t *stack;
-    yajl_val root;
-    char *errbuf;
-    size_t errbuf_size;
-};
-typedef struct context_s context_t;
-
-#define RETURN_ERROR(ctx,retval,...) {                                  \
-        if ((ctx)->errbuf != NULL)                                      \
-            snprintf ((ctx)->errbuf, (ctx)->errbuf_size, __VA_ARGS__);  \
-        return (retval);                                                \
-    }
-
-static yajl_val value_alloc (yajl_type type)
-{
-    yajl_val v;
-
-    v = malloc (sizeof (*v));
-    if (v == NULL) return (NULL);
-    memset (v, 0, sizeof (*v));
-    v->type = type;
-
-    return (v);
-}
-
-static void yajl_object_free (yajl_val v)
-{
-    size_t i;
-
-    if (!YAJL_IS_OBJECT(v)) return;
-
-    for (i = 0; i < v->u.object.len; i++)
-    {
-        free((char *) v->u.object.keys[i]);
-        v->u.object.keys[i] = NULL;
-        yajl_tree_free (v->u.object.values[i]);
-        v->u.object.values[i] = NULL;
-    }
-
-    free((void*) v->u.object.keys);
-    free(v->u.object.values);
-    free(v);
-}
-
-static void yajl_array_free (yajl_val v)
-{
-    size_t i;
-
-    if (!YAJL_IS_ARRAY(v)) return;
-
-    for (i = 0; i < v->u.array.len; i++)
-    {
-        yajl_tree_free (v->u.array.values[i]);
-        v->u.array.values[i] = NULL;
-    }
-
-    free(v->u.array.values);
-    free(v);
-}
-
-/*
- * Parsing nested objects and arrays is implemented using a stack. When a new
- * object or array starts (a curly or a square opening bracket is read), an
- * appropriate value is pushed on the stack. When the end of the object is
- * reached (an appropriate closing bracket has been read), the value is popped
- * off the stack and added to the enclosing object using "context_add_value".
- */
-static int context_push(context_t *ctx, yajl_val v)
-{
-    stack_elem_t *stack;
-
-    stack = malloc (sizeof (*stack));
-    if (stack == NULL)
-        RETURN_ERROR (ctx, ENOMEM, "Out of memory");
-    memset (stack, 0, sizeof (*stack));
-
-    assert ((ctx->stack == NULL)
-            || YAJL_IS_OBJECT (v)
-            || YAJL_IS_ARRAY (v));
-
-    stack->value = v;
-    stack->next = ctx->stack;
-    ctx->stack = stack;
-
-    return (0);
-}
-
-static yajl_val context_pop(context_t *ctx)
-{
-    stack_elem_t *stack;
-    yajl_val v;
-
-    if (ctx->stack == NULL)
-        RETURN_ERROR (ctx, NULL, "context_pop: "
-                      "Bottom of stack reached prematurely");
-
-    stack = ctx->stack;
-    ctx->stack = stack->next;
-
-    v = stack->value;
-
-    free (stack);
-
-    return (v);
-}
-
-static int object_add_keyval(context_t *ctx,
-                             yajl_val obj, char *key, yajl_val value)
-{
-    const char **tmpk;
-    yajl_val *tmpv;
-
-    /* We're checking for NULL in "context_add_value" or its callers. */
-    assert (ctx != NULL);
-    assert (obj != NULL);
-    assert (key != NULL);
-    assert (value != NULL);
-
-    /* We're assuring that "obj" is an object in "context_add_value". */
-    assert(YAJL_IS_OBJECT(obj));
-
-    tmpk = realloc((void *) obj->u.object.keys, sizeof(*(obj->u.object.keys)) * (obj->u.object.len + 1));
-    if (tmpk == NULL)
-        RETURN_ERROR(ctx, ENOMEM, "Out of memory");
-    obj->u.object.keys = tmpk;
-
-    tmpv = realloc(obj->u.object.values, sizeof (*obj->u.object.values) * (obj->u.object.len + 1));
-    if (tmpv == NULL)
-        RETURN_ERROR(ctx, ENOMEM, "Out of memory");
-    obj->u.object.values = tmpv;
-
-    obj->u.object.keys[obj->u.object.len] = key;
-    obj->u.object.values[obj->u.object.len] = value;
-    obj->u.object.len++;
-
-    return (0);
-}
-
-static int array_add_value (context_t *ctx,
-                            yajl_val array, yajl_val value)
-{
-    yajl_val *tmp;
-
-    /* We're checking for NULL pointers in "context_add_value" or its
-     * callers. */
-    assert (ctx != NULL);
-    assert (array != NULL);
-    assert (value != NULL);
-
-    /* "context_add_value" will only call us with array values. */
-    assert(YAJL_IS_ARRAY(array));
-
-    tmp = realloc(array->u.array.values,
-                  sizeof(*(array->u.array.values)) * (array->u.array.len + 1));
-    if (tmp == NULL)
-        RETURN_ERROR(ctx, ENOMEM, "Out of memory");
-    array->u.array.values = tmp;
-    array->u.array.values[array->u.array.len] = value;
-    array->u.array.len++;
-
-    return 0;
-}
-
-/*
- * Add a value to the value on top of the stack or the "root" member in the
- * context if the end of the parsing process is reached.
- */
-static int context_add_value (context_t *ctx, yajl_val v)
-{
-    /* We're checking for NULL values in all the calling functions. */
-    assert (ctx != NULL);
-    assert (v != NULL);
-
-    /*
-     * There are three valid states in which this function may be called:
-     *   - There is no value on the stack => This is the only value. This is the
-     *     last step done when parsing a document. We assign the value to the
-     *     "root" member and return.
-     *   - The value on the stack is an object. In this case store the key on the
-     *     stack or, if the key has already been read, add key and value to the
-     *     object.
-     *   - The value on the stack is an array. In this case simply add the value
-     *     and return.
-     */
-    if (ctx->stack == NULL)
-    {
-        assert (ctx->root == NULL);
-        ctx->root = v;
-        return (0);
-    }
-    else if (YAJL_IS_OBJECT (ctx->stack->value))
-    {
-        if (ctx->stack->key == NULL)
-        {
-            if (!YAJL_IS_STRING (v))
-                RETURN_ERROR (ctx, EINVAL, "context_add_value: "
-                              "Object key is not a string (%#04x)",
-                              v->type);
-
-            ctx->stack->key = v->u.string;
-            v->u.string = NULL;
-            free(v);
-            return (0);
-        }
-        else /* if (ctx->key != NULL) */
-        {
-            char * key;
-
-            key = ctx->stack->key;
-            ctx->stack->key = NULL;
-            return (object_add_keyval (ctx, ctx->stack->value, key, v));
-        }
-    }
-    else if (YAJL_IS_ARRAY (ctx->stack->value))
-    {
-        return (array_add_value (ctx, ctx->stack->value, v));
-    }
-    else
-    {
-        RETURN_ERROR (ctx, EINVAL, "context_add_value: Cannot add value to "
-                      "a value of type %#04x (not a composite type)",
-                      ctx->stack->value->type);
-    }
-}
-
-static int handle_string (void *ctx,
-                          const unsigned char *string, size_t string_length)
-{
-    yajl_val v;
-
-    v = value_alloc (yajl_t_string);
-    if (v == NULL)
-        RETURN_ERROR ((context_t *) ctx, STATUS_ABORT, "Out of memory");
-
-    v->u.string = malloc (string_length + 1);
-    if (v->u.string == NULL)
-    {
-        free (v);
-        RETURN_ERROR ((context_t *) ctx, STATUS_ABORT, "Out of memory");
-    }
-    memcpy(v->u.string, string, string_length);
-    v->u.string[string_length] = 0;
-
-    return ((context_add_value (ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-static int handle_number (void *ctx, const char *string, size_t string_length)
-{
-    yajl_val v;
-    char *endptr;
-
-    v = value_alloc(yajl_t_number);
-    if (v == NULL)
-        RETURN_ERROR((context_t *) ctx, STATUS_ABORT, "Out of memory");
-
-    v->u.number.r = malloc(string_length + 1);
-    if (v->u.number.r == NULL)
-    {
-        free(v);
-        RETURN_ERROR((context_t *) ctx, STATUS_ABORT, "Out of memory");
-    }
-    memcpy(v->u.number.r, string, string_length);
-    v->u.number.r[string_length] = 0;
-
-    v->u.number.flags = 0;
-
-    errno = 0;
-    v->u.number.i = yajl_parse_integer((const unsigned char *) v->u.number.r,
-                                       strlen(v->u.number.r));
-    if (errno == 0)
-        v->u.number.flags |= YAJL_NUMBER_INT_VALID;
-
-    endptr = NULL;
-    errno = 0;
-    v->u.number.d = strtod(v->u.number.r, &endptr);
-    if ((errno == 0) && (endptr != NULL) && (*endptr == 0))
-        v->u.number.flags |= YAJL_NUMBER_DOUBLE_VALID;
-
-    return ((context_add_value(ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-static int handle_start_map (void *ctx)
-{
-    yajl_val v;
-
-    v = value_alloc(yajl_t_object);
-    if (v == NULL)
-        RETURN_ERROR ((context_t *) ctx, STATUS_ABORT, "Out of memory");
-
-    v->u.object.keys = NULL;
-    v->u.object.values = NULL;
-    v->u.object.len = 0;
-
-    return ((context_push (ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-static int handle_end_map (void *ctx)
-{
-    yajl_val v;
-
-    v = context_pop (ctx);
-    if (v == NULL)
-        return (STATUS_ABORT);
-
-    return ((context_add_value (ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-static int handle_start_array (void *ctx)
-{
-    yajl_val v;
-
-    v = value_alloc(yajl_t_array);
-    if (v == NULL)
-        RETURN_ERROR ((context_t *) ctx, STATUS_ABORT, "Out of memory");
-
-    v->u.array.values = NULL;
-    v->u.array.len = 0;
-
-    return ((context_push (ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-static int handle_end_array (void *ctx)
-{
-    yajl_val v;
-
-    v = context_pop (ctx);
-    if (v == NULL)
-        return (STATUS_ABORT);
-
-    return ((context_add_value (ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-static int handle_boolean (void *ctx, int boolean_value)
-{
-    yajl_val v;
-
-    v = value_alloc (boolean_value ? yajl_t_true : yajl_t_false);
-    if (v == NULL)
-        RETURN_ERROR ((context_t *) ctx, STATUS_ABORT, "Out of memory");
-
-    return ((context_add_value (ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-static int handle_null (void *ctx)
-{
-    yajl_val v;
-
-    v = value_alloc (yajl_t_null);
-    if (v == NULL)
-        RETURN_ERROR ((context_t *) ctx, STATUS_ABORT, "Out of memory");
-
-    return ((context_add_value (ctx, v) == 0) ? STATUS_CONTINUE : STATUS_ABORT);
-}
-
-/*
- * Public functions
- */
-yajl_val yajl_tree_parse (const char *input,
-                          char *error_buffer, size_t error_buffer_size)
-{
-    static const yajl_callbacks callbacks =
-        {
-            /* null        = */ handle_null,
-            /* boolean     = */ handle_boolean,
-            /* integer     = */ NULL,
-            /* double      = */ NULL,
-            /* number      = */ handle_number,
-            /* string      = */ handle_string,
-            /* start map   = */ handle_start_map,
-            /* map key     = */ handle_string,
-            /* end map     = */ handle_end_map,
-            /* start array = */ handle_start_array,
-            /* end array   = */ handle_end_array
-        };
-
-    yajl_handle handle;
-    yajl_status status;
-    char * internal_err_str;
-	context_t ctx = { NULL, NULL, NULL, 0 };
-
-	ctx.errbuf = error_buffer;
-	ctx.errbuf_size = error_buffer_size;
-
-    if (error_buffer != NULL)
-        memset (error_buffer, 0, error_buffer_size);
-
-    handle = yajl_alloc (&callbacks, NULL, &ctx);
-    yajl_config(handle, yajl_allow_comments, 1);
-
-    status = yajl_parse(handle,
-                        (unsigned char *) input,
-                        strlen (input));
-    status = yajl_complete_parse (handle);
-    if (status != yajl_status_ok) {
-        if (error_buffer != NULL && error_buffer_size > 0) {
-               internal_err_str = (char *) yajl_get_error(handle, 1,
-                     (const unsigned char *) input,
-                     strlen(input));
-             snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
-             YA_FREE(&(handle->alloc), internal_err_str);
-        }
-        yajl_free (handle);
-        return NULL;
-    }
-
-    yajl_free (handle);
-    return (ctx.root);
-}
-
-yajl_val yajl_tree_get(yajl_val n, const char ** path, yajl_type type)
-{
-    if (!path) return NULL;
-    while (n && *path) {
-        size_t i;
-        size_t len;
-
-        if (n->type != yajl_t_object) return NULL;
-        len = n->u.object.len;
-        for (i = 0; i < len; i++) {
-            if (!strcmp(*path, n->u.object.keys[i])) {
-                n = n->u.object.values[i];
-                break;
-            }
-        }
-        if (i == len) return NULL;
-        path++;
-    }
-    if (n && type != yajl_t_any && type != n->type) n = NULL;
-    return n;
-}
-
-void yajl_tree_free (yajl_val v)
-{
-    if (v == NULL) return;
-
-    if (YAJL_IS_STRING(v))
-    {
-        free(v->u.string);
-        free(v);
-    }
-    else if (YAJL_IS_NUMBER(v))
-    {
-        free(v->u.number.r);
-        free(v);
-    }
-    else if (YAJL_GET_OBJECT(v))
-    {
-        yajl_object_free(v);
-    }
-    else if (YAJL_GET_ARRAY(v))
-    {
-        yajl_array_free(v);
-    }
-    else /* if (yajl_t_true or yajl_t_false or yajl_t_null) */
-    {
-        free(v);
-    }
-}
diff --git a/third-party/yajl/src/yajl_version.c b/third-party/yajl/src/yajl_version.c
deleted file mode 100644
index 0671da722..000000000
--- a/third-party/yajl/src/yajl_version.c
+++ /dev/null
@@ -1,7 +0,0 @@
-#include <yajl/yajl_version.h>
-
-int yajl_version(void)
-{
-	return YAJL_VERSION;
-}
-
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
index b9867123e..e3a822edb 100644
--- a/tools/CMakeLists.txt
+++ b/tools/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 add_subdirectory(mkclass)
 add_subdirectory(mkembedconfig)
diff --git a/tools/debug/natvis/extension.vsixmanifest b/tools/debug/natvis/extension.vsixmanifest
index 4b8c6fcea..d870e89b1 100644
--- a/tools/debug/natvis/extension.vsixmanifest
+++ b/tools/debug/natvis/extension.vsixmanifest
@@ -1,6 +1,6 @@
 <PackageManifest Version="2.0.0" xmlns="http://schemas.microsoft.com/developer/vsx-schema/2011">
   <Metadata>
-    <Identity Id="Icinga2Visualizers.VS2013.D1DFF2F5-FB30-41FE-8EEF-0CEB97ABBC6B" Version="2.0.0" Language="en-US" Publisher="Icinga Development Team" />
+    <Identity Id="Icinga2Visualizers.VS2013.D1DFF2F5-FB30-41FE-8EEF-0CEB97ABBC6B" Version="2.0.0" Language="en-US" Publisher="Icinga GmbH" />
     <DisplayName>Icinga 2 Debugger Visualizers for Visual Studio</DisplayName>
     <Description xml:space="preserve">Icinga 2 Debugger Visualizers</Description>
   </Metadata>
diff --git a/tools/mkclass/CMakeLists.txt b/tools/mkclass/CMakeLists.txt
index 2e9c52812..1b97bdab9 100644
--- a/tools/mkclass/CMakeLists.txt
+++ b/tools/mkclass/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 find_package(BISON 2.3.0 REQUIRED)
 find_package(FLEX 2.5.31 REQUIRED)
diff --git a/tools/mkclass/class_lexer.ll b/tools/mkclass/class_lexer.ll
index 19c75b626..56f219a76 100644
--- a/tools/mkclass/class_lexer.ll
+++ b/tools/mkclass/class_lexer.ll
@@ -1,22 +1,5 @@
 %{
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "classcompiler.hpp"
 
diff --git a/tools/mkclass/class_parser.yy b/tools/mkclass/class_parser.yy
index 8f14ffc9d..0524b2d1c 100644
--- a/tools/mkclass/class_parser.yy
+++ b/tools/mkclass/class_parser.yy
@@ -1,22 +1,5 @@
 %{
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "classcompiler.hpp"
 #include <iostream>
diff --git a/tools/mkclass/classcompiler.cpp b/tools/mkclass/classcompiler.cpp
index 374c54d1c..fd30df8e1 100644
--- a/tools/mkclass/classcompiler.cpp
+++ b/tools/mkclass/classcompiler.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "classcompiler.hpp"
 #include <iostream>
@@ -568,7 +551,8 @@ void ClassCompiler::HandleClass(const Klass& klass, const ClassDebugInfo&)
 		<< "{" << std::endl;
 
 	for (const Field& field : klass.Fields) {
-		m_Impl << "\t" << "Set" << field.GetFriendlyName() << "(" << "GetDefault" << field.GetFriendlyName() << "(), true);" << std::endl;
+		if (!field.PureSetAccessor)
+			m_Impl << "\t" << "Set" << field.GetFriendlyName() << "(" << "GetDefault" << field.GetFriendlyName() << "(), true);" << std::endl;
 	}
 
 	m_Impl << "}" << std::endl << std::endl;
diff --git a/tools/mkclass/classcompiler.hpp b/tools/mkclass/classcompiler.hpp
index e2124645d..c05de11a7 100644
--- a/tools/mkclass/classcompiler.hpp
+++ b/tools/mkclass/classcompiler.hpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CLASSCOMPILER_H
 #define CLASSCOMPILER_H
diff --git a/tools/mkclass/mkclass.cpp b/tools/mkclass/mkclass.cpp
index 4fb3d177b..eb0d8f8ee 100644
--- a/tools/mkclass/mkclass.cpp
+++ b/tools/mkclass/mkclass.cpp
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "classcompiler.hpp"
 #include <iostream>
diff --git a/tools/mkembedconfig/CMakeLists.txt b/tools/mkembedconfig/CMakeLists.txt
index 4884ec0bd..90fe0ce71 100644
--- a/tools/mkembedconfig/CMakeLists.txt
+++ b/tools/mkembedconfig/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 set(mkembedconfig_SOURCES
   mkembedconfig.c
diff --git a/tools/mkembedconfig/mkembedconfig.c b/tools/mkembedconfig/mkembedconfig.c
index b948e70fa..ae2308719 100644
--- a/tools/mkembedconfig/mkembedconfig.c
+++ b/tools/mkembedconfig/mkembedconfig.c
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include <stdlib.h>
 #include <stdio.h>
diff --git a/tools/mkunity/CMakeLists.txt b/tools/mkunity/CMakeLists.txt
index 1a9ceb5a3..8fa0f20ac 100644
--- a/tools/mkunity/CMakeLists.txt
+++ b/tools/mkunity/CMakeLists.txt
@@ -1,19 +1,4 @@
-# Icinga 2
-# Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+
 
 define_property(
   SOURCE
diff --git a/tools/mkunity/mkunity.c b/tools/mkunity/mkunity.c
index e7568b150..cf36f605b 100644
--- a/tools/mkunity/mkunity.c
+++ b/tools/mkunity/mkunity.c
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include <stdlib.h>
 #include <stdio.h>
diff --git a/tools/selinux/icinga2.te b/tools/selinux/icinga2.te
index 19e99c69d..9440c7cec 100644
--- a/tools/selinux/icinga2.te
+++ b/tools/selinux/icinga2.te
@@ -1,4 +1,4 @@
-policy_module(icinga2, 0.1.6)
+policy_module(icinga2, 0.2.0)
 
 ########################################
 #
@@ -11,9 +11,28 @@ policy_module(icinga2, 0.1.6)
 ## </p>
 ## </desc>
 gen_tunable(icinga2_can_connect_all, false)
+
+## <desc>
+## <p>
+## Allow Apache to connect to Icinga 2 API
+## </p>
+## </desc>
 gen_tunable(httpd_can_connect_icinga2_api, true)
+
+## <desc>
+## <p>
+## Allow Apache to write into Icinga 2 Commandpipe
+## </p>
+## </desc>
 gen_tunable(httpd_can_write_icinga2_command, true)
 
+## <desc>
+## <p>
+## Allow Icinga 2 to run plugins via sudo
+## </p>
+## </desc>
+gen_tunable(icinga2_run_sudo, false)
+
 require {
 	type nagios_admin_plugin_t; type nagios_admin_plugin_exec_t;
 	type nagios_checkdisk_plugin_t; type nagios_checkdisk_plugin_exec_t;
@@ -24,7 +43,9 @@ require {
 	type nagios_eventhandler_plugin_t; type nagios_eventhandler_plugin_exec_t;
 	type nagios_openshift_plugin_t; type nagios_openshift_plugin_exec_t;
 	type httpd_t; type system_mail_t;
+	type devlog_t;
 	role staff_r;
+	attribute unreserved_port_type;
 }
 
 type icinga2_t;
@@ -64,6 +85,8 @@ type icinga2_tmp_t;
 files_tmp_file(icinga2_tmp_t)
 
 type icinga2_port_t;
+# There is no interface for unreserved_port_type
+typeattribute icinga2_port_t unreserved_port_type;
 corenet_port(icinga2_port_t)
 
 ########################################
@@ -122,6 +145,7 @@ corecmd_exec_bin(icinga2_t)
 
 kernel_read_system_state(icinga2_t)
 kernel_read_network_state(icinga2_t)
+kernel_dgram_send(icinga2_t)
 
 # should be moved to nagios_plugin_template in nagios.if
 icinga2_execstrans(nagios_admin_plugin_exec_t, nagios_admin_plugin_t)
@@ -178,6 +202,34 @@ tunable_policy(`icinga2_can_connect_all',`
 	corenet_tcp_connect_all_ports(icinga2_t)
 ')
 
+# This is for plugins requiring to be executed via sudo
+tunable_policy(`icinga2_run_sudo',`
+    allow icinga2_t self:capability { audit_write net_admin };
+    allow icinga2_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
+    allow icinga2_t devlog_t:sock_file write;
+
+    init_read_utmp(icinga2_t)
+
+    auth_domtrans_chkpwd(icinga2_t)
+    allow icinga2_t chkpwd_t:process { noatsecure rlimitinh siginh };
+
+    selinux_compute_access_vector(icinga2_t)
+
+    dbus_send_system_bus(icinga2_t)
+    dbus_stream_connect_system_dbusd(icinga2_t)
+    systemd_dbus_chat_logind(icinga2_t)
+    # Without this it works but is very slow
+    systemd_write_inherited_logind_sessions_pipes(icinga2_t)
+')
+
+optional_policy(`
+    tunable_policy(`icinga2_run_sudo',`
+        sudo_exec(icinga2_t)
+    ')
+')
+
+
+
 ########################################
 #
 # Icinga Webinterfaces
diff --git a/tools/syntax/nano/icinga2.nanorc b/tools/syntax/nano/icinga2.nanorc
index 9d0203709..cbc743b10 100644
--- a/tools/syntax/nano/icinga2.nanorc
+++ b/tools/syntax/nano/icinga2.nanorc
@@ -39,7 +39,7 @@ icolor red 		"(^|^\s+)(vars\.\w+)"
 icolor red 		"(^|^\s+)|(icinga2Keyword|template|const|import|include|include_recursive|var|function|return|to|use|locals|globals|this)\s+"
 
 ## Assign conditions
-icolor magenta 	"(assign|ignone)[ \t]+where"
+icolor magenta 	"(assign|ignore)[ \t]+where"
 
 ## Global functions
 icolor white 	"(regex|match|len|union|intersection|keys|string|number|bool|random|log|typeof|get_time|exit)"
diff --git a/tools/syntax/vim/syntax/icinga2.vim b/tools/syntax/vim/syntax/icinga2.vim
index d4953a2dd..0374c7b5a 100644
--- a/tools/syntax/vim/syntax/icinga2.vim
+++ b/tools/syntax/vim/syntax/icinga2.vim
@@ -1,8 +1,8 @@
 " Vim syntax file
 " Filename:		icinga2.vim
 " Language:		Icinga2 object configuration file
-" Author:		Carlos Cesario <carloscesario@gmail.com>
-" Version:		0.0.2
+" Author:		Carlos Cesario <carloscesario@gmail.com>, Michael Friedrich <michael.friedrich@icinga.com>
+" Version:		1.0.0
 " Based:		javascript.vim / nagios.vim
 
 " For version 5.x: Clear all syntax items
@@ -16,10 +16,12 @@ if !exists("main_syntax")
 	let main_syntax = 'icinga2'
 endif
 
-
 " case off
 syntax case ignore
 
+" ########################################
+" ### General settings
+
 " comments
 syn keyword		icinga2CommentTodo		TODO FIXME XXX TBD contained
 syn match		icinga2LineComment		"\/\/.*" contains=icinga2CommentTodo
@@ -32,9 +34,10 @@ syn region		icinga2Comment			start="/\*"  end="\*/" contains=icinga2CommentTodo
 " - single quotes '
 " - brackets <>
 
-syn region		StringD			start=+"+  end=+"\|$+
-syn region		StringS			start=+'+  end=+'\|$+
-syn match		angleBrackets	"<\w\+>"
+syn match		angleBrackets	"<.*>"
+syn region		macro		start=+\$+ end=+\$+ oneline
+syn region		StringD		start=+"+  end=+"\|$+ contains=macro
+syn region		StringS		start=+'+  end=+'\|$+ contains=macro
 
 
 " Braces and Parens definition
@@ -42,59 +45,84 @@ syn match		angleBrackets	"<\w\+>"
 
 syn match		Braces		"[{}\[\]]"
 syn match		Parens		"[()]"
+syn match 		Lambda		"{{}}"
 
 
-" objects types
-syn match		icinga2ObjDef		"object[ \t]\+\(hostgroup\|host\|servicegroup\|service\|usergroup\|user\)"
-syn match		icinga2ObjDef		"object[ \t]\+\(checkcommand\|notificationcommand\|eventcommand\|notification\)"
-syn match		icinga2Objdef		"object[ \t]\+\(timeperiod\|scheduleddowntime\|dependency\|perfdatawriter\)"
-syn match		icinga2ObjDef		"object[ \t]\+\(graphitewriter\|idomysqlconnection\|idomysqlconnection\)"
-syn match		icinga2ObjDef		"object[ \t]\+\(livestatuslistener\|statusdatawriter\|externalcommandlistener\)"
-syn match		icinga2ObjDef		"object[ \t]\+\(compatlogger\|checkresultreader\|checkcomponent\|notificationcomponent\)"
-syn match		icinga2ObjDef		"object[ \t]\+\(filelogger\|sysloglogger\|icingaapplication\|apilistener\|apiuser\|endpoint\|zone\)"
+" ########################################
+" ### Match objects, attributes and keywords
 
+" Object types
+syn keyword		icinga2ObjType		ApiListener ApiUser CheckCommand CheckerComponent
+syn keyword		icinga2ObjType		Comment Dependency Downtime ElasticsearchWriter
+syn keyword		icinga2ObjType		Endpoint EventCommand ExternalCommandListener
+syn keyword		icinga2ObjType		FileLogger GelfWriter GraphiteWriter Host HostGroup
+syn keyword		icinga2ObjType		IcingaApplication IdoMysqlConnection IdoPgsqlConnection
+syn keyword		icinga2ObjType		InfluxdbWriter LivestatusListener Notification NotificationCommand
+syn keyword		icinga2ObjType		NotificationComponent OpenTsdbWriter PerfdataWriter
+syn keyword		icinga2ObjType		ScheduledDowntime Service ServiceGroup SyslogLogger
+syn keyword		icinga2ObjType		TimePeriod User UserGroup Zone
 
-" apply def
+" Object/Template marker (simplified)
+syn match		icinga2ObjDef		"\(object\|template\)[ \t]\+.*"
+
+" Apply rules
 syn match		icinga2ApplyDef		"apply[ \t]\+\(Service\|Dependency\|Notification\|ScheduledDowntime\)"
 
 
-" objects attributes
-syn keyword		icinga2ObjAttr		contained	accept_commands accept_config action_url address address6 arguments author bind_host
+" Objects attributes
+"
+" find . -type f -name '*.ti' -exec sh -c 'grep config {}' \;
+" Don't add 'host', etc. from apply rules here, they should match icinga2ObjType instead.
+syn keyword		icinga2ObjAttr		contained	accept_commands accept_config access_control_allow_origin action_url address address6 arguments author bind_host
 syn keyword		icinga2ObjAttr		contained	bind_port ca_path categories cert_path check_command check_interval
-syn keyword		icinga2ObjAttr		contained	check_period child_host_name child_service_name cleanup client_cn command command_endpoint command_path
-syn keyword		icinga2ObjAttr		contained	comment compat_log_path crl_path database disable_checks disable_notifications
+syn keyword		icinga2ObjAttr		contained	check_period check_timeout child_host_name child_options child_service_name cipher_list
+syn keyword		icinga2ObjAttr		contained	cleanup client_cn command command_endpoint command_path
+syn keyword		icinga2ObjAttr		contained	comment compat_log_path concurrent_checks crl_path database disable_checks disable_notifications
 syn keyword		icinga2ObjAttr		contained	display_name duration email enable_active_checks enable_event_handlers enable_event_handler
 syn keyword		icinga2ObjAttr		contained	enable_flapping enable_ha enable_host_checks enable_notifications enable_passive_checks enable_perfdata
-syn keyword		icinga2ObjAttr		contained	enable_service_checks endpoints env event_command failover_timeout fixed flapping_threshold groups host
-syn keyword		icinga2ObjAttr		contained	host_format_template host_name host_name_template host_perfdata_path host_temp_path icon_image
-syn keyword		icinga2ObjAttr		contained	icon_image_alt instance_description instance_name interval key_path log_dir
-syn keyword		icinga2ObjAttr		contained	log_duration max_check_attempts methods name notes notes_url objects_path
+syn keyword		icinga2ObjAttr		contained	enable_send_metadata enable_send_perfdata enable_send_thresholds enable_tls enable_service_checks
+syn keyword		icinga2ObjAttr		contained	endpoints env event_command excludes failover_timeout fixed flapping_threshold_low flapping_threshold_high
+syn keyword		icinga2ObjAttr		contained	flush_interval flush_threshold global groups
+syn keyword		icinga2ObjAttr		contained	host_format_template host_name host_name_template host_perfdata_path host_temp_path host_template icon_image
+syn keyword		icinga2ObjAttr		contained	icon_image_alt ignore_soft_states includes index instance_description instance_name interval key_path log_dir
+syn keyword		icinga2ObjAttr		contained	log_duration max_anonymous_clients max_check_attempts methods name notes notes_url objects_path
 syn keyword		icinga2ObjAttr		contained	pager parent parent_host_name parent_service_name password path period permissions
-syn keyword		icinga2ObjAttr		contained	port ranges retry_interval rotation_interval rotation_method
-syn keyword		icinga2ObjAttr		contained	service_format_template service_name service_name_template service_perfdata_path service_temp_path
-syn keyword		icinga2ObjAttr		contained	severity socket_path socket_type spool_dir states status_path table_prefix
-syn keyword		icinga2ObjAttr		contained	timeout times types update_interval user user_groups users volatile zone
+syn keyword		icinga2ObjAttr		contained	port prefer_includes ranges retry_interval rotation_interval rotation_method
+syn keyword		icinga2ObjAttr		contained	service_format_template service_name service_name_template service_perfdata_path service_temp_path service_template
+syn keyword		icinga2ObjAttr		contained	severity socket_path socket_type source spool_dir
+syn keyword		icinga2ObjAttr		contained	ssl_ca ssl_capath ssl_ca_cert ssl_cert ssl_cipher ssl_enable ssl_mode ssl_key
+syn keyword		icinga2ObjAttr		contained	states status_path table_prefix ticket_salt
+syn keyword		icinga2ObjAttr		contained	timeout times tls_handshake_timeout tls_protocolmin
+syn keyword		icinga2ObjAttr		contained	types update_interval user user_groups username users volatile zone
 syn match		icinga2ObjAttr		contained	"\(vars.\w\+\)"
 
-
-" keywords
-syn keyword		icinga2Keyword		template const import include include_recursive var function return to use locals globals this
+" keywords: https://icinga.com/docs/icinga2/latest/doc/17-language-reference/#reserved-keywords
+syn keyword		icinga2Keyword		object template include include_recursive include_zones library
+syn keyword		icinga2Keyword		const var this globals locals use default ignore_on_error
+syn keyword		icinga2Keyword		current_filename current_line apply to where import assign
+syn keyword		icinga2Keyword		ignore function return in
 
 
 " Assign conditions
 syn match		icinga2AssignCond	contained	"\(assign[ \t]\+\where\|ignore[ \t]\+\where\)"
 
 
+" Documentation reference: https://icinga.com/docs/icinga2/latest/doc/18-library-reference/
+
 " Global functions
-syn keyword		icinga2GFunction	contained	regex match cidr_match len union intersection keys string
+syn keyword	icinga2GFunction	contained	regex match cidr_match range len union intersection keys string
 syn keyword 	icinga2GFunction 	contained	number bool random log typeof get_time parse_performance_data dirname
-syn keyword 	icinga2GFunction 	contained	basename escape_shell_arg escape_shell_cmd escape_create_process_arg exit
+syn keyword 	icinga2GFunction 	contained	basename path_exists glob glob_recursive
+syn keyword 	icinga2GFunction 	contained	escape_shell_arg escape_shell_cmd escape_create_process_arg sleep exit
+syn keyword 	icinga2GFunction 	contained	macro
 
 
 " Accessor Functions
-syn keyword 	icinga2AFunction 	contained	get_host get_service get_user get_check_command get_event_command get_notification_command
-syn keyword 	icinga2AFunction 	contained	get_host_group get_service_group get_user_group get_time_period
-
+syn keyword 	icinga2AFunction 	contained	get_check_command get_event_command get_notification_command
+syn keyword 	icinga2AFunction 	contained	get_host get_service get_services get_user
+syn keyword 	icinga2AFunction 	contained	get_host_group get_service_group get_user_group
+syn keyword 	icinga2AFunction 	contained	get_timeperiod
+syn keyword 	icinga2AFunction 	contained	get_object get_objects
 
 " Math functions
 syn match 	icinga2MathFunction 	contained	"\(Math.E\|Math.LN2\|Math.LN10\|Math.LOG2E\|Math.PI\|Math.SQRT1_2\|Math.SQRT2\)"
@@ -103,7 +131,13 @@ syn match 	icinga2MathFunction 	contained	"\(Math.exp\|Math.floor\|Math.isinf\|M
 syn match 	icinga2MathFunction  	contained 	"\(Math.pow\|Math.random\|Math.round\|Math.sign\|Math.sin\|Math.sqrt\|Math.tan\)"
 
 " Json functions
-syn match 	icinga2JsonFunction		contained	"\(Json.encode\|Json.decode\)"
+syn match 	icinga2JsonFunction	contained	"\(Json.encode\|Json.decode\)"
+
+" Number functions
+syn match	icinga2NumberFunction	contained	"\(\.to_string\)"
+
+" Boolean functions
+syn match	icinga2BoolFunction	contained	"\(\.to_string\)"
 
 " String functions
 syn match 	icinga2StrFunction	contained 	"\(\.find\)"
@@ -116,13 +150,25 @@ syn match 	icinga2StrFunction	contained 	"\(\.split\)"
 syn match 	icinga2StrFunction	contained 	"\(\.substr\)"
 syn match 	icinga2StrFunction	contained 	"\(\.to_string\)"
 syn match 	icinga2StrFunction	contained 	"\(\.reverse\)"
+syn match 	icinga2StrFunction	contained 	"\(\.trim\)"
 
-" Array and Dict  Functions
-syn match 	icinga2ArrFunction 	contained 	"\(\.clone\)"
+" Object functions
+syn match	icinga2ObjectFunction	contained	"\(\.clone\)"
+syn match	icinga2ObjectFunction	contained	"\(\.to_string\)"
+syn match	icinga2ObjectFunction	contained	"\(\.type\)"
+
+" Type functions
+syn match	icinga2TypeFunction	contained	"\(\.base\)"
+" needs an exception for 'vars'
+syn match	icinga2TypeFunction	contained	"\(^[vars]\.name\)"
+syn match	icinga2TypeFunction	contained	"\(\.prototype\)"
+
+" Array functions
 syn match 	icinga2ArrFunction 	contained 	"\(\.add(\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.clear\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.shallow_clone\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.contains\)"
+syn match 	icinga2ArrFunction 	contained 	"\(\.freeze\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.len\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.remove\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.set\)"
@@ -130,10 +176,31 @@ syn match 	icinga2ArrFunction 	contained 	"\(\.get\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.sort\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.join\)"
 syn match 	icinga2ArrFunction 	contained 	"\(\.reverse\)"
-syn match 	icinga2ArrFunction 	contained 	"\(\.keys\)"
-syn match 	icinga2ArrFunction 	contained 	"\(\.call\)"
-syn match 	icinga2ArrFunction 	contained 	"\(\.callv\)"
+syn match 	icinga2ArrFunction 	contained 	"\(\.map\)"
+syn match 	icinga2ArrFunction 	contained 	"\(\.reduce\)"
+syn match 	icinga2ArrFunction 	contained 	"\(\.filter\)"
+syn match 	icinga2ArrFunction 	contained 	"\(\.any\)"
+syn match 	icinga2ArrFunction 	contained 	"\(\.all\)"
 
+" Dictionary functions
+syn match 	icinga2DictFunction 	contained 	"\(\.shallow_clone\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.contains\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.freeze\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.len\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.remove\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.set\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.get\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.keys\)"
+syn match 	icinga2DictFunction 	contained 	"\(\.values\)"
+
+" Function functions
+syn match 	icinga2FuncFunction 	contained 	"\(\.call\)"
+syn match 	icinga2FuncFunction 	contained 	"\(\.callv\)"
+
+" DateTime functions
+syn match 	icinga2DTFunction 	contained 	"\(DateTime\)"
+syn match 	icinga2DTFunction 	contained 	"\(\.format\)"
+syn match 	icinga2DTFunction 	contained 	"\(\.to_string\)"
 
 " Conditional statements
 syn keyword 	icinga2Cond			if else
@@ -141,6 +208,17 @@ syn keyword 	icinga2Cond			if else
 " Loops
 syn keyword 	icinga2Loop			while for break continue
 
+" Exceptions
+syn keyword	icinga2Exception		throw try except
+
+" Debugger
+syn keyword 	icinga2Debugger			debugger
+
+" References
+syn keyword	icinga2Reference		& *
+" Namespace
+syn keyword	icinga2Namespace		namespace using
+
 " Operators
 syn  match         icinga2Operators "[ \t]\+\(\.\)\+"
 syn  match         icinga2Operators "[ \t]\+\(!\)\+"
@@ -174,59 +252,109 @@ syn  match         icinga2Operators "[ \t]\+\(-=\)\+"
 syn  match         icinga2Operators "[ \t]\+\(*=\)\+"
 syn  match         icinga2Operators "[ \t]\+\(/=\)\+"
 
-" global constats
-syn keyword 	icinga2Gconst		PrefixDir SysconfDir ZonesDir LocalStateDir RunDir PkgDataDir StatePath ObjectsPath
-syn keyword 	icinga2Gconst		PidPath NodeName ApplicationType UseVfork RunAsUser RunAsGroup PluginDir
-" global types 
-syn keyword 	icinga2Gconst		Number String Boolean Array Dictionary Value Object ConfigObject Command CheckResult
-syn keyword     icinga2Gconst           Checkable CustomVarObject DbConnection Type PerfdataValue Comment Downtime Logger Application
 
-" values type
+" ########################################
+" ### Global settings
+
+" Global constants
+" https://icinga.com/docs/icinga2/snapshot/doc/17-language-reference/#icinga-2-specific-constants
+
+" Path specific constants
+syn keyword 	icinga2PathConstant	CacheDir ConfigDir DataDir IncludeConfDir InitRunDir LocalStateDir LogDir ModAttrPath
+syn keyword	icinga2PathConstant	ObjectsPath PidPath PkgDataDir PrefixDir ProgramData RunDir SpoolDir StatePath SysconfDir
+syn keyword 	icinga2PathConstant	VarsPath ZonesDir
+
+" Global constants
+syn keyword 	icinga2GlobalConstant	Vars NodeName Environment RunAsUser RunAsGroup MaxConcurrentChecks ApiBindHost ApiBindPort EventEngine AttachDebugger
+
+" Application runtime constants
+syn keyword	icinga2GlobalConstant	PlatformName PlatformVersion PlatformKernel PlatformKernelVersion BuildCompilerName BuildCompilerVersion BuildHostName
+syn keyword	icinga2GlobalConstant	ApplicationVersion
+
+" User proposed constants
+syn keyword	icinga2UserConstant	PluginDir ContribPluginContribDir ManubulonPluginDir TicketSalt NodeName ZoneName
+
+" Global types
+syn keyword 	icinga2GlobalType	Number String Boolean Array Dictionary Value Object ConfigObject Command CheckResult
+syn keyword     icinga2GlobalType	Checkable CustomVarObject DbConnection Type PerfdataValue Comment Downtime Logger Application
+
+" Built-in Namespaces
+syn match	icinga2Namespace	contained "\(Icinga\.\|Internal\.\|System\.Configuration\.\|System\.\)"
+
+" Additional constants from Namespaces
+syn keyword	icinga2GlobalConstant	LogCritical LogDebug LogInformation LogNotice LogWarning MatchAll MatchAny
+" icinga2 console; keys(Icinga).join(" ")
+syn keyword 	icinga2GlobalConstant	Acknowledgement Critical Custom DbCatAcknowledgement DbCatCheck DbCatComment DbCatConfig DbCatDowntime DbCatEventHandler DbCatEverything DbCatExternalCommand DbCatFlapping DbCatLog DbCatNotification DbCatProgramStatus DbCatRetention DbCatState DbCatStateHistory Down DowntimeEnd DowntimeNoChildren DowntimeNonTriggeredChildren DowntimeRemoved DowntimeStart DowntimeTriggeredChildren FlappingEnd FlappingStart HostDown HostUp OK Problem Recovery ServiceCritical ServiceOK ServiceUnknown ServiceWarning Unknown Up Warning
+
+" Value types
+"syn match		valueNumber	"[0-9]*"
 syn keyword		valueBoolean		contained	true false
-syn keyword		valueNull			contained	null
+syn keyword		valueNull		contained	null
 
 
+" ########################################
+" ### Where to apply
 
-syn region		nagiosDefBody start='{' end='}'
-	\ contains=icinga2Comment, icinga2LineComment, StringD, Braces, Parens, icinga2ObjDef,
-	\ icinga2ApplyDef, icinga2ObjAttr, icinga2Keyword, icinga2Keyword, icinga2AssignCond,
-	\ icinga2Cond, icinga2Loop, icinga2Operators, icinga2GFunction, icinga2AFunction,
-	\ icinga2MathFunction, icinga2Gconst, icinga2JsonFunction, icinga2StrFunction,
-	\ icinga2ArrFunction, valueBoolean, valueNull
+syn region		icingaDefBody start='{' end='}'
+	\ contains=icinga2Comment, icinga2LineComment, StringS, StringD, macro, Braces, Parens, Lambda, icinga2ObjType, icinga2ObjDef,
+	\ icinga2ApplyDef, icinga2ObjAttr, icinga2Keyword, icinga2AssignCond,
+	\ icinga2Cond, icinga2Loop, icinga2Exception, icinga2Debugger, icinga2Operators, icinga2GFunction, icinga2AFunction,
+	\ icinga2MathFunction, icinga2GlobalConstant, icinga2PathConstant, icinga2UserConstant, icinga2Gconst, icinga2Namespace,
+	\ icinga2JsonFunction, icinga2NumberFunction, icinga2BoolFunction,
+	\ icinga2StrFunction, icinga2ObjectFunction, icinga2TypeFunction, icinga2ArrFunction, icinga2DictFunction,
+	\ icinga2DTFunction, valueNumber, valueBoolean, valueNull
 
 
-" Highlighting
+" ########################################
+" ### Highlighting
 hi link icinga2Comment				Comment
 hi link icinga2LineComment			Comment
 hi link icinga2CommentTodo			Todo
 
-hi link Braces						Function
-hi link Parens						Function
+hi link Braces					Function
+hi link Parens					Function
+hi link Lambda					Function
 
-hi link StringS						String
-hi link StringD						String
+hi link	macro					Underlined
+hi link StringS					String
+hi link StringD					String
 hi link angleBrackets				String
 
+hi link icinga2ObjType				Type
 hi link icinga2ObjDef				Statement
+
 hi link icinga2ApplyDef				Statement
 hi link icinga2ObjAttr				Define
 hi link	icinga2Keyword				Keyword
 
 hi link	icinga2AssignCond			Conditional
 
-hi link	icinga2Cond					Statement
-hi link	icinga2Loop					Statement
+hi link	icinga2Cond				Conditional
+hi link	icinga2Loop				Repeat
+hi link icinga2Exception			Conditional
+hi link icinga2Debugger				Debug
+
 hi link icinga2Operators			Operator
 
 hi link icinga2AFunction			Function
 hi link icinga2MathFunction			Function
 hi link icinga2GFunction			Function
 hi link icinga2JsonFunction			Function
+hi link icinga2NumberFunction			Function
+hi link icinga2BoolFunction			Function
 hi link icinga2StrFunction			Function
+hi link icinga2ObjectFunction			Function
+hi link icinga2TypeFunction			Function
 hi link icinga2ArrFunction			Function
+hi link icinga2DictFunction			Function
+hi link icinga2DTFunction			Function
 
-
+hi link icinga2GlobalConstant			Statement
+hi link icinga2PathConstant			Statement
+hi link icinga2UserConstant			Statement
 hi link icinga2Gconst				Statement
+hi link icinga2Namespace			Statement
 
+hi link valueNumber				Number
 hi link valueBoolean				Boolean
-hi link valueNull					Special
+hi link valueNull				Special
diff --git a/tools/win32/build.ps1 b/tools/win32/build.ps1
index 111071518..33346a91b 100644
--- a/tools/win32/build.ps1
+++ b/tools/win32/build.ps1
@@ -1,7 +1,15 @@
-[string]$pwd = Get-Location
+Set-PsDebug -Trace 1
 
-if (-not (Test-Path build)) {
-  Write-Host "Path '$pwd\build' does not exist!"
+if (-not (Test-Path env:ICINGA2_BUILDPATH)) {
+  $env:ICINGA2_BUILDPATH = '.\build'
+}
+
+if (-not (Test-Path env:CMAKE_BUILD_TYPE)) {
+  $env:CMAKE_BUILD_TYPE = 'RelWithDebInfo'
+}
+
+if (-not (Test-Path $env:ICINGA2_BUILDPATH)) {
+  Write-Host "Path '$env:ICINGA2_BUILDPATH' does not exist!"
   exit 1
 }
 
@@ -12,5 +20,8 @@ if (-not ($env:PATH -contains $env:CMAKE_PATH)) {
   $env:PATH = $env:CMAKE_PATH + ';' + $env:PATH
 }
 
-cmake.exe --build build --target PACKAGE --config RelWithDebInfo
-if ($lastexitcode -ne 0) { exit $lastexitcode }
\ No newline at end of file
+cmake.exe --build "$env:ICINGA2_BUILDPATH" --target ALL_BUILD --config $env:CMAKE_BUILD_TYPE
+if ($lastexitcode -ne 0) { exit $lastexitcode }
+
+cmake.exe --build "$env:ICINGA2_BUILDPATH" --target PACKAGE --config $env:CMAKE_BUILD_TYPE
+if ($lastexitcode -ne 0) { exit $lastexitcode }
diff --git a/tools/win32/configure-dev.ps1 b/tools/win32/configure-dev.ps1
new file mode 100644
index 000000000..c905ca9a0
--- /dev/null
+++ b/tools/win32/configure-dev.ps1
@@ -0,0 +1,71 @@
+Set-PsDebug -Trace 1
+
+# Specify default targets for VS 2019 for developers.
+
+if (-not (Test-Path env:ICINGA2_BUILDPATH)) {
+  $env:ICINGA2_BUILDPATH = '.\debug'
+}
+if (-not (Test-Path "$env:ICINGA2_BUILDPATH")) {
+  mkdir "$env:ICINGA2_BUILDPATH" | out-null
+}
+
+if (-not (Test-Path env:CMAKE_BUILD_TYPE)) {
+  $env:CMAKE_BUILD_TYPE = 'Debug'
+}
+if (-not (Test-Path env:ICINGA2_INSTALLPATH)) {
+  $env:ICINGA2_INSTALLPATH = 'C:\Program Files\Icinga2-debug'
+}
+if (-not (Test-Path env:CMAKE_PATH)) {
+  $env:CMAKE_PATH = 'C:\Program Files\CMake\bin'
+}
+if (-not ($env:PATH -contains $env:CMAKE_PATH)) {
+  $env:PATH = $env:CMAKE_PATH + ';' + $env:PATH
+}
+if (-not (Test-Path env:CMAKE_GENERATOR)) {
+  $env:CMAKE_GENERATOR = 'Visual Studio 16 2019'
+}
+if (-not (Test-Path env:CMAKE_GENERATOR_PLATFORM)) {
+  $env:CMAKE_GENERATOR_PLATFORM = 'x64'
+}
+if (-not (Test-Path env:OPENSSL_ROOT_DIR)) {
+  $env:OPENSSL_ROOT_DIR = 'c:\local\OpenSSL-Win64'
+}
+if (-not (Test-Path env:BOOST_ROOT)) {
+  $env:BOOST_ROOT = 'c:\local\boost_1_71_0'
+}
+if (-not (Test-Path env:BOOST_LIBRARYDIR)) {
+  $env:BOOST_LIBRARYDIR = 'c:\local\boost_1_71_0\lib64-msvc-14.2'
+}
+if (-not (Test-Path env:FLEX_BINARY)) {
+  $env:FLEX_BINARY = 'C:\ProgramData\chocolatey\bin\win_flex.exe'
+}
+if (-not (Test-Path env:BISON_BINARY)) {
+  $env:BISON_BINARY = 'C:\ProgramData\chocolatey\bin\win_bison.exe'
+}
+
+$sourcePath = Get-Location
+
+cd "$env:ICINGA2_BUILDPATH"
+
+# Invalidate cache in case something in the build environment changed
+if (Test-Path CMakeCache.txt) {
+  Remove-Item -Force CMakeCache.txt | Out-Null
+}
+
+& cmake.exe "$sourcePath" `
+  -DCMAKE_BUILD_TYPE="$env:CMAKE_BUILD_TYPE" `
+  -G "$env:CMAKE_GENERATOR" -A "$env:CMAKE_GENERATOR_PLATFORM" -DCPACK_GENERATOR=WIX `
+  -DCMAKE_INSTALL_PREFIX="$env:ICINGA2_INSTALLPATH" `
+  -DICINGA2_WITH_MYSQL=OFF -DICINGA2_WITH_PGSQL=OFF `
+  -DICINGA2_WITH_LIVESTATUS=OFF -DICINGA2_WITH_COMPAT=OFF `
+  -DOPENSSL_ROOT_DIR="$env:OPENSSL_ROOT_DIR" `
+  -DBOOST_LIBRARYDIR="$env:BOOST_LIBRARYDIR" `
+  -DBOOST_INCLUDEDIR="$env:BOOST_ROOT" `
+  -DFLEX_EXECUTABLE="$env:FLEX_BINARY" `
+  -DBISON_EXECUTABLE="$env:BISON_BINARY"
+
+cd "$sourcePath"
+
+if ($lastexitcode -ne 0) {
+  exit $lastexitcode
+}
diff --git a/tools/win32/configure.ps1 b/tools/win32/configure.ps1
index cdd66512f..63305e5dc 100644
--- a/tools/win32/configure.ps1
+++ b/tools/win32/configure.ps1
@@ -1,8 +1,14 @@
-if (-not (Test-Path build)) {
-  mkdir build
+Set-PsDebug -Trace 1
+
+if (-not (Test-Path env:ICINGA2_BUILDPATH)) {
+  $env:ICINGA2_BUILDPATH = '.\build'
 }
-if (-not (Test-Path install)) {
-  mkdir install
+
+if (-not (Test-Path env:CMAKE_BUILD_TYPE)) {
+  $env:CMAKE_BUILD_TYPE = 'RelWithDebInfo'
+}
+if (-not (Test-Path "$env:ICINGA2_BUILDPATH")) {
+  mkdir "$env:ICINGA2_BUILDPATH" | out-null
 }
 if (-not (Test-Path env:CMAKE_PATH)) {
   $env:CMAKE_PATH = 'C:\Program Files\CMake\bin'
@@ -10,20 +16,17 @@ if (-not (Test-Path env:CMAKE_PATH)) {
 if (-not ($env:PATH -contains $env:CMAKE_PATH)) {
   $env:PATH = $env:CMAKE_PATH + ';' + $env:PATH
 }
-
-[string]$pwd = Get-Location
-
 if (-not (Test-Path env:CMAKE_GENERATOR)) {
   $env:CMAKE_GENERATOR = 'Visual Studio 15 2017 Win64'
 }
 if (-not (Test-Path env:OPENSSL_ROOT_DIR)) {
-  $env:OPENSSL_ROOT_DIR = $pwd + '\vendor\OpenSSL'
+  $env:OPENSSL_ROOT_DIR = 'c:\local\OpenSSL_1_1_1b-Win64'
 }
 if (-not (Test-Path env:BOOST_ROOT)) {
-  $env:BOOST_ROOT = 'c:\local\boost_1_65_1'
+  $env:BOOST_ROOT = 'c:\local\boost_1_69_0-Win64'
 }
 if (-not (Test-Path env:BOOST_LIBRARYDIR)) {
-  $env:BOOST_LIBRARYDIR = 'c:\local\boost_1_65_1\lib64-msvc-14.1'
+  $env:BOOST_LIBRARYDIR = 'c:\local\boost_1_69_0-Win64\lib64-msvc-14.1'
 }
 if (-not (Test-Path env:FLEX_BINARY)) {
   $env:FLEX_BINARY = 'C:\ProgramData\chocolatey\bin\win_flex.exe'
@@ -32,22 +35,30 @@ if (-not (Test-Path env:BISON_BINARY)) {
   $env:BISON_BINARY = 'C:\ProgramData\chocolatey\bin\win_bison.exe'
 }
 
-cd build
+$sourcePath = Get-Location
 
-& cmake.exe .. `
-  -DCMAKE_BUILD_TYPE=RelWithDebInfo `
-  -G $env:CMAKE_GENERATOR -DCPACK_GENERATOR=WIX `
-  -DCMAKE_INSTALL_PREFIX="..\install" `
+cd "$env:ICINGA2_BUILDPATH"
+
+#-DCMAKE_INSTALL_PREFIX="C:\Program Files\Icinga2" `
+
+# Invalidate cache in case something in the build environment changed
+if (Test-Path CMakeCache.txt) {
+  Remove-Item -Force CMakeCache.txt | Out-Null
+}
+
+& cmake.exe "$sourcePath" `
+  -DCMAKE_BUILD_TYPE="$env:CMAKE_BUILD_TYPE" `
+  -G "$env:CMAKE_GENERATOR" -DCPACK_GENERATOR=WIX `
   -DICINGA2_WITH_MYSQL=OFF -DICINGA2_WITH_PGSQL=OFF `
+  -DICINGA2_WITH_LIVESTATUS=OFF -DICINGA2_WITH_COMPAT=OFF `
   -DOPENSSL_ROOT_DIR="$env:OPENSSL_ROOT_DIR" `
-  -DBOOST_ROOT="$env:BOOST_ROOT" `
   -DBOOST_LIBRARYDIR="$env:BOOST_LIBRARYDIR" `
+  -DBOOST_INCLUDEDIR="$env:BOOST_ROOT" `
   -DFLEX_EXECUTABLE="$env:FLEX_BINARY" `
   -DBISON_EXECUTABLE="$env:BISON_BINARY"
 
+cd "$sourcePath"
+
 if ($lastexitcode -ne 0) {
-  cd ..
   exit $lastexitcode
 }
-
-cd ..
diff --git a/tools/win32/download-openssl.ps1 b/tools/win32/download-openssl.ps1
deleted file mode 100644
index 1ebe348f9..000000000
--- a/tools/win32/download-openssl.ps1
+++ /dev/null
@@ -1,50 +0,0 @@
-[string]$pwd = Get-Location
-$OpenSSL_version = '1.1.0g-1'
-$OpenSSL_arch = 'x64'
-$OpenSSL_vcbuild = 'vc150'
-$OpenSSL_fileversion = $OpenSSL_version.Replace('.', '_').Split('-')[0]
-$OpenSSL_file = [string]::Format(
-  'openssl-{0}-binary-icinga-{1}-{2}.zip',
-  $OpenSSL_fileversion,
-  $OpenSSL_arch,
-  $OpenSSL_vcbuild
-)
-$OpenSSL_url = [string]::Format(
-  'https://github.com/Icinga/openssl-windows/releases/download/v{0}/{1}',
-  $OpenSSL_version,
-  $OpenSSL_file
-)
-
-$OpenSSL_zip_location = $pwd + '\vendor\' + $OpenSSL_file
-$vendor_path = $pwd + '\vendor'
-$OpenSSL_vendor_path = $vendor_path + '\OpenSSL'
-
-if (-not (Test-Path $vendor_path)) {
-  mkdir $vendor_path
-}
-
-if (Test-Path $OpenSSL_zip_location) {
-  Write-Output "OpenSSL archive available at $OpenSSL_zip_location"
-} else {
-  Write-Output "Downloading OpenSSL binary dist from $OpenSSL_url"
-
-  $progressPreference = 'silentlyContinue'
-  Invoke-WebRequest -Uri $OpenSSL_url -OutFile $OpenSSL_zip_location
-  if ($lastexitcode -ne 0){ exit $lastexitcode }
-  $progressPreference = 'Continue'
-  
-  if (Test-Path $OpenSSL_vendor_path) {
-    Remove-Item -Recurse $OpenSSL_vendor_path
-  }
-}
-
-if (-not (Test-Path $OpenSSL_vendor_path)) {
-  mkdir $OpenSSL_vendor_path
-
-  Write-Output "Extracting ZIP to $OpenSSL_vendor_path"
-  Add-Type -AssemblyName System.IO.Compression.FileSystem
-  [System.IO.Compression.ZipFile]::ExtractToDirectory($OpenSSL_zip_location, $OpenSSL_vendor_path)
-  if ($lastexitcode -ne 0){ exit $lastexitcode }  
-} else {
-  Write-Output "OpenSSL is already available at $OpenSSL_vendor_path"
-}
diff --git a/tools/win32/load-vsenv.ps1 b/tools/win32/load-vsenv.ps1
new file mode 100644
index 000000000..86fcf4fba
--- /dev/null
+++ b/tools/win32/load-vsenv.ps1
@@ -0,0 +1,58 @@
+# why that env handling, see
+# https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell#comment_44999171
+
+Set-PsDebug -Trace 1
+
+$SOURCE = Get-Location
+
+if (Test-Path env:ICINGA2_BUILDPATH) {
+  $BUILD = $env:ICINGA2_BUILDPATH
+} else {
+  $BUILD = "${SOURCE}\Build"
+}
+
+if (-not (Test-Path $BUILD)) {
+  mkdir $BUILD | Out-Null
+}
+
+if (Test-Path env:VS_INSTALL_PATH) {
+  $VSBASE = $env:VS_INSTALL_PATH
+} else {
+  $VSBASE = "C:\Program Files (x86)\Microsoft Visual Studio\2017"
+}
+
+if (Test-Path env:BITS) {
+  $bits = $env:BITS
+} else {
+  $bits = 64
+}
+
+# Execute vcvars in cmd and store env
+$vcvars_locations = @(
+  "${VSBASE}\BuildTools\VC\Auxiliary\Build\vcvars${bits}.bat",
+  "${VSBASE}\Community\VC\Auxiliary\Build\vcvars${bits}.bat"
+)
+
+$vcvars = $null
+foreach ($file in $vcvars_locations) {
+  if (Test-Path $file) {
+    $vcvars = $file
+    break
+  }
+}
+
+if ($vcvars -eq $null) {
+  throw "Could not get Build environment script at locations: ${vcvars_locations}"
+}
+
+cmd.exe /c "call `"${vcvars}`" && set > `"${BUILD}\vcvars.txt`""
+if ($LastExitCode -ne 0) {
+  throw "Could not load Build environment from: ${vcvars}"
+}
+
+# Load environment for PowerShell
+Get-Content "${BUILD}\vcvars.txt" | Foreach-Object {
+  if ($_ -match "^(VSCMD.*?)=(.*)$") {
+	Set-Content ("env:" + $matches[1]) $matches[2]
+  }
+}
diff --git a/tools/win32/test.ps1 b/tools/win32/test.ps1
index 913c82c58..d7ad90ce2 100644
--- a/tools/win32/test.ps1
+++ b/tools/win32/test.ps1
@@ -1,7 +1,17 @@
+Set-PsDebug -Trace 1
+
+if (-not (Test-Path env:ICINGA2_BUILDPATH)) {
+  $env:ICINGA2_BUILDPATH = 'build'
+}
+
+if (-not (Test-Path env:CMAKE_BUILD_TYPE)) {
+  $env:CMAKE_BUILD_TYPE = 'RelWithDebInfo'
+}
+
 [string]$pwd = Get-Location
 
-if (-not (Test-Path build)) {
-  Write-Host "Path '$pwd\build' does not exist!"
+if (-not (Test-Path $env:ICINGA2_BUILDPATH)) {
+  Write-Host "Path '$pwd\$env:ICINGA2_BUILDPATH' does not exist!"
   exit 1
 }
 
@@ -12,12 +22,12 @@ if (-not ($env:PATH -contains $env:CMAKE_PATH)) {
   $env:PATH = $env:CMAKE_PATH + ';' + $env:PATH
 }
 
-cd build
+cd "$env:ICINGA2_BUILDPATH"
 
-ctest.exe -C RelWithDebInfo -T test -O build/Test.xml --output-on-failure
+ctest.exe -C "${env:CMAKE_BUILD_TYPE}" -T test -O $env:ICINGA2_BUILDPATH/Test.xml --output-on-failure --log_level=all
 if ($lastexitcode -ne 0) {
   cd ..
   exit $lastexitcode
 }
 
-cd ..
\ No newline at end of file
+cd ..