diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..09ef4492d31885663f87fedc96665809908d36f8
--- /dev/null
+++ b/test/integration/default/controls/config_spec.rb
@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+# Prepare platform "finger" and base path to file comparison directory
+platform_finger = "#{platform[:name]}-#{platform[:release].split('.')[0]}"
+comparison_files_dir = '/tmp/kitchen/srv/salt/comparison_files'
+
+# Default values for `control 'Tomcat main config'`
+main_config_file = '/etc/sysconfig/tomcat'
+# Default values for `control 'Tomcat Catalina temp dir'`
+catalina_tmpdir = '/var/cache/tomcat/temp'
+catalina_tmpdir_user_and_group = 'tomcat'
+# Default values for `control 'Tomcat `server.xml` config'`
+conf_dir = '/etc/tomcat'
+server_xml_user_and_group = 'tomcat'
+
+# Override by platform
+case platform[:family]
+when 'debian'
+  main_config_file = '/etc/default/tomcat8'
+  catalina_tmpdir = '/var/cache/tomcat8/temp'
+  catalina_tmpdir_user_and_group = 'tomcat8'
+  conf_dir = '/etc/tomcat8'
+  server_xml_user_and_group = 'tomcat8'
+  case platform_finger
+  when 'debian-10'
+    main_config_file = '/etc/default/tomcat9'
+    catalina_tmpdir = '/var/cache/tomcat9/temp'
+    catalina_tmpdir_user_and_group = 'tomcat'
+    conf_dir = '/etc/tomcat9'
+    server_xml_user_and_group = 'tomcat'
+  when 'debian-9'
+  when 'debian-8'
+    main_config_file = '/etc/default/tomcat7'
+    catalina_tmpdir = '/var/cache/tomcat7/temp'
+    catalina_tmpdir_user_and_group = 'tomcat7'
+    conf_dir = '/etc/tomcat7'
+    server_xml_user_and_group = 'tomcat7'
+  when 'ubuntu-18'
+  when 'ubuntu-16'
+  end
+when 'redhat'
+  case platform_finger
+  when 'centos-8'
+  when 'centos-7'
+  when 'centos-6'
+  when 'amazon-2'
+  when 'amazon-2018'
+  end
+when 'fedora'
+  case platform_finger
+  when 'fedora-31'
+  when 'fedora-30'
+  end
+when 'suse'
+  case platform_finger
+  when 'opensuse-15'
+    server_xml_user_and_group = 'root'
+  end
+when 'linux'
+  case platform_finger
+  when 'arch-5'
+  end
+end
+
+control 'Tomcat main config' do
+  title 'should contain the lines'
+
+  # Prepare comparison file
+  main_config_path = "#{comparison_files_dir}/main_config/#{platform_finger}"
+  main_config = file(main_config_path).content
+
+  describe file(main_config_file) do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') { should include main_config }
+  end
+end
+
+control 'Tomcat Catalina temp dir' do
+  title 'should be prepared with the settings'
+
+  describe file(catalina_tmpdir) do
+    it { should be_directory }
+    it { should be_owned_by catalina_tmpdir_user_and_group }
+    it { should be_grouped_into catalina_tmpdir_user_and_group }
+    its('mode') { should cmp '0755' }
+  end
+end
+
+control 'Tomcat `server.xml` config' do
+  title 'should contain the lines'
+
+  server_xml_file = "#{conf_dir}/server.xml"
+  server_xml_path = "#{comparison_files_dir}/server_xml/#{platform_finger}.xml"
+  server_xml = file(server_xml_path).content
+  # Need the hostname to be used for `tomcat.cluster`
+  server_xml = server_xml.gsub(
+    'HOSTNAME_PLACEHOLDER',
+    file('/etc/hostname').content.chomp
+  )
+
+  describe file(server_xml_file) do
+    it { should be_file }
+    it { should be_owned_by server_xml_user_and_group }
+    it { should be_grouped_into server_xml_user_and_group }
+    its('mode') { should cmp '0644' }
+    unless %w[debian-9].include?(platform_finger)
+      its('content') { should include server_xml }
+    end
+  end
+end
diff --git a/test/integration/default/controls/packages_spec.rb b/test/integration/default/controls/packages_spec.rb
index 2a93d78ea169c11a89929e6b58be60d703130864..800a43c8fe7b6e84615f542aa892517fd6a6b860 100644
--- a/test/integration/default/controls/packages_spec.rb
+++ b/test/integration/default/controls/packages_spec.rb
@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+# Prepare platform "finger"
+platform_finger = "#{platform[:name]}-#{platform[:release].split('.')[0]}"
+
 control 'Tomcat packages' do
   title 'should be installed'
 
@@ -7,11 +10,13 @@ control 'Tomcat packages' do
   packages =
     case platform[:family]
     when 'debian'
-      case platform[:release]
-      when /^10/
+      case platform_finger
+      when 'debian-10'
         %w[tomcat9 haveged]
-      else
+      when 'debian-9', 'ubuntu-18', 'ubuntu-16'
         %w[tomcat8 haveged]
+      when 'debian-8'
+        %w[tomcat7 haveged]
       end
     when 'redhat', 'fedora', 'suse'
       %w[tomcat]
diff --git a/test/integration/default/controls/services_spec.rb b/test/integration/default/controls/services_spec.rb
index 32b814de24a832fbbcd02f9eb36f9738d885a0f0..942367cefbf9c7d80bc296a0d0a826748b8f2404 100644
--- a/test/integration/default/controls/services_spec.rb
+++ b/test/integration/default/controls/services_spec.rb
@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+# Prepare platform "finger"
+platform_finger = "#{platform[:name]}-#{platform[:release].split('.')[0]}"
+
 control 'Tomcat services' do
   impact 0.5
   title 'should be installed, enabled and running'
@@ -8,11 +11,13 @@ control 'Tomcat services' do
   services =
     case platform[:family]
     when 'debian'
-      case platform[:release]
-      when /^10/
+      case platform_finger
+      when 'debian-10'
         %w[tomcat9 haveged]
-      else
+      when 'debian-9', 'ubuntu-18', 'ubuntu-16'
         %w[tomcat8 haveged]
+      when 'debian-8'
+        %w[tomcat7 haveged]
       end
     when 'redhat', 'fedora', 'suse'
       %w[tomcat]
diff --git a/test/integration/default/controls/yaml_dump_spec.rb b/test/integration/default/controls/yaml_dump_spec.rb
index d2e65f151ab78892db073db16b1fbe6302e37a48..22181d89bb9058351630b0937655951f5dd56cff 100644
--- a/test/integration/default/controls/yaml_dump_spec.rb
+++ b/test/integration/default/controls/yaml_dump_spec.rb
@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+# Prepare platform "finger"
+platform_finger = "#{platform[:name]}-#{platform[:release].split('.')[0]}"
+
 control 'Tomcat `map.jinja` YAML dump' do
   title 'should contain the lines'
 
@@ -7,8 +10,8 @@ control 'Tomcat `map.jinja` YAML dump' do
   yaml_dump +=
     case platform[:family]
     when 'debian'
-      case platform[:release]
-      when /^10/
+      case platform_finger
+      when 'debian-10'
         conf_dir = '/etc/tomcat9'
         group = 'tomcat'
         main_config = '/etc/default/tomcat9'
@@ -21,20 +24,7 @@ control 'Tomcat `map.jinja` YAML dump' do
         catalina_home = '/usr/share/tomcat9'
         catalina_pid = '/var/run/tomcat9.pid'
         catalina_tmpdir = '/var/cache/tomcat9/temp'
-      when /^8/
-        conf_dir = '/etc/tomcat7'
-        group = 'tomcat7'
-        main_config = '/etc/default/tomcat7'
-        manager_pkg = 'tomcat7-admin'
-        pkg = 'tomcat7'
-        service = 'tomcat7'
-        user = 'tomcat7'
-        ver = 7
-        catalina_base = '/var/lib/tomcat7'
-        catalina_home = '/usr/share/tomcat7'
-        catalina_pid = '/var/run/tomcat7.pid'
-        catalina_tmpdir = '/var/cache/tomcat7/temp'
-      else
+      when 'debian-9', 'ubuntu-18', 'ubuntu-16'
         conf_dir = '/etc/tomcat8'
         group = 'tomcat8'
         main_config = '/etc/default/tomcat8'
@@ -47,6 +37,19 @@ control 'Tomcat `map.jinja` YAML dump' do
         catalina_home = '/usr/share/tomcat8'
         catalina_pid = '/var/run/tomcat8.pid'
         catalina_tmpdir = '/var/cache/tomcat8/temp'
+      when 'debian-8'
+        conf_dir = '/etc/tomcat7'
+        group = 'tomcat7'
+        main_config = '/etc/default/tomcat7'
+        manager_pkg = 'tomcat7-admin'
+        pkg = 'tomcat7'
+        service = 'tomcat7'
+        user = 'tomcat7'
+        ver = 7
+        catalina_base = '/var/lib/tomcat7'
+        catalina_home = '/usr/share/tomcat7'
+        catalina_pid = '/var/run/tomcat7.pid'
+        catalina_tmpdir = '/var/cache/tomcat7/temp'
       end
       <<~YAML_DUMP.chomp
         arch: amd64
diff --git a/test/salt/comparison_files/main_config/amazon-2 b/test/salt/comparison_files/main_config/amazon-2
new file mode 100644
index 0000000000000000000000000000000000000000..0f4c78f24348cec8a59b676fa867c3089e3209e9
--- /dev/null
+++ b/test/salt/comparison_files/main_config/amazon-2
@@ -0,0 +1,67 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# # Modify the values passed to the tomcat pillar instead.
+
+# Service-specific configuration file for tomcat. This will be sourced by
+# the SysV init script after the global configuration file
+# /etc/tomcat/tomcat.conf, thus allowing values to be overridden in
+# a per-service manner.
+#
+# NEVER change the init script itself. To change values for all services make
+# your changes in /etc/tomcat/tomcat.conf
+#
+# To change values for a specific service make your edits here.
+# To create a new service create a link from /etc/init.d/<your new service> to
+# /etc/init.d/tomcat (do not copy the init script) and make a copy of the
+# /etc/sysconfig/tomcat file to /etc/sysconfig/<your new service> and change
+# the property values so the two services won't conflict. Register the new
+# service in the system as usual (see chkconfig and similars).
+#
+
+# Where your java installation lives
+JAVA_HOME=/usr/lib/jvm/jre
+
+CATALINA_BASE="/usr/share/tomcat"
+
+CATALINA_HOME="/usr/share/tomcat"
+
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+CATALINA_PID="/var/run/tomcat.pid"
+
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+#if CLASSPATH is defined in JAVA_OPTS it may no longer munge with the default CLASSPATH
+#replace and customize if necessary
+#CLASSPATH=/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib64"
+
+# What user should run tomcat
+TOMCAT_USER=tomcat
+
+# What group should run tomcat
+TOMCAT_GROUP=tomcat
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+
+# Time to wait in seconds, before killing process
+#SHUTDOWN_WAIT="30"
+
+# Whether to annoy the user with "attempting to shut down" messages or not
+#SHUTDOWN_VERBOSE="false"
+
+# Connector port is 8080 for this tomcat instance
+#CONNECTOR_PORT="8080"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
diff --git a/test/salt/comparison_files/main_config/centos-7 b/test/salt/comparison_files/main_config/centos-7
new file mode 100644
index 0000000000000000000000000000000000000000..0f4c78f24348cec8a59b676fa867c3089e3209e9
--- /dev/null
+++ b/test/salt/comparison_files/main_config/centos-7
@@ -0,0 +1,67 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# # Modify the values passed to the tomcat pillar instead.
+
+# Service-specific configuration file for tomcat. This will be sourced by
+# the SysV init script after the global configuration file
+# /etc/tomcat/tomcat.conf, thus allowing values to be overridden in
+# a per-service manner.
+#
+# NEVER change the init script itself. To change values for all services make
+# your changes in /etc/tomcat/tomcat.conf
+#
+# To change values for a specific service make your edits here.
+# To create a new service create a link from /etc/init.d/<your new service> to
+# /etc/init.d/tomcat (do not copy the init script) and make a copy of the
+# /etc/sysconfig/tomcat file to /etc/sysconfig/<your new service> and change
+# the property values so the two services won't conflict. Register the new
+# service in the system as usual (see chkconfig and similars).
+#
+
+# Where your java installation lives
+JAVA_HOME=/usr/lib/jvm/jre
+
+CATALINA_BASE="/usr/share/tomcat"
+
+CATALINA_HOME="/usr/share/tomcat"
+
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+CATALINA_PID="/var/run/tomcat.pid"
+
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+#if CLASSPATH is defined in JAVA_OPTS it may no longer munge with the default CLASSPATH
+#replace and customize if necessary
+#CLASSPATH=/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib64"
+
+# What user should run tomcat
+TOMCAT_USER=tomcat
+
+# What group should run tomcat
+TOMCAT_GROUP=tomcat
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+
+# Time to wait in seconds, before killing process
+#SHUTDOWN_WAIT="30"
+
+# Whether to annoy the user with "attempting to shut down" messages or not
+#SHUTDOWN_VERBOSE="false"
+
+# Connector port is 8080 for this tomcat instance
+#CONNECTOR_PORT="8080"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
diff --git a/test/salt/comparison_files/main_config/debian-10 b/test/salt/comparison_files/main_config/debian-10
new file mode 100644
index 0000000000000000000000000000000000000000..a63ac75939708179e0f7445b2fbfd228035f7239
--- /dev/null
+++ b/test/salt/comparison_files/main_config/debian-10
@@ -0,0 +1,58 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# Modify the values in the tomcat pillar instead.
+
+# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
+# default of tomcat8.
+TOMCAT9_USER=tomcat
+
+# Run Tomcat as this group ID. Not setting this or leaving it blank will use
+# the default of tomcat8.
+TOMCAT9_GROUP=tomcat
+
+# The home directory of the Java development kit (JDK). You need at least
+# JDK version 7. If JAVA_HOME is not set, some common directories for
+# OpenJDK and the Oracle JDK are tried.
+JAVA_HOME=/usr/lib/jvm/default-java
+
+CATALINA_BASE="/var/lib/tomcat9"
+CATALINA_HOME="/usr/share/tomcat9"
+CATALINA_TMPDIR="/var/cache/tomcat9/temp"
+CATALINA_PID="/var/run/tomcat9.pid"
+
+
+# You may pass JVM startup parameters to Java here. If unset, the default
+# options will be: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
+#
+# Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved
+# response time). If you use that option and you run Tomcat on a machine with
+# exactly one CPU chip that contains one or two cores, you should also add
+# the "-XX:+CMSIncrementalMode" option.
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+# To enable remote debugging uncomment the following line.
+# You will then be able to use a java debugger on port 8000.
+#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
+
+# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
+# compilers that are accepted by Ant's build.compiler property.
+JSP_COMPILER=javac
+
+
+# Use the Java security manager? (yes/no, default: no)
+TOMCAT9_SECURITY=no
+
+
+# Number of days to keep logfiles in /var/log/tomcat8. Default is 14 days.
+#LOGFILE_DAYS=14
+# Whether to compress logfiles older than today's
+#LOGFILE_COMPRESS=1
+
+# Location of the JVM temporary directory
+# WARNING: This directory will be destroyed and recreated at every startup !
+JVM_TMP=/tmp/tomcat
+
+
+# If you run Tomcat on port numbers that are all higher than 1023, then you
+# do not need authbind.  It is used for binding Tomcat to lower port numbers.
+# (yes/no, default: no)
+AUTHBIND=no
diff --git a/test/salt/comparison_files/main_config/debian-8 b/test/salt/comparison_files/main_config/debian-8
new file mode 100644
index 0000000000000000000000000000000000000000..21953294ab6ee82df87055197f9ac2fc65c65c7f
--- /dev/null
+++ b/test/salt/comparison_files/main_config/debian-8
@@ -0,0 +1,60 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# Modify the values in the tomcat pillar instead.
+
+# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
+# default of tomcat8.
+TOMCAT7_USER=tomcat7
+
+# Run Tomcat as this group ID. Not setting this or leaving it blank will use
+# the default of tomcat8.
+TOMCAT7_GROUP=tomcat7
+
+# The home directory of the Java development kit (JDK). You need at least
+# JDK version 7. If JAVA_HOME is not set, some common directories for
+# OpenJDK and the Oracle JDK are tried.
+JAVA_HOME=/usr/lib/jvm/default-java
+
+CATALINA_BASE="/var/lib/tomcat7"
+CATALINA_HOME="/usr/share/tomcat7"
+CATALINA_TMPDIR="/var/cache/tomcat7/temp"
+CATALINA_PID="/var/run/tomcat7.pid"
+
+
+# You may pass JVM startup parameters to Java here. If unset, the default
+# options will be: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
+#
+# Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved
+# response time). If you use that option and you run Tomcat on a machine with
+# exactly one CPU chip that contains one or two cores, you should also add
+# the "-XX:+CMSIncrementalMode" option.
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+# To enable remote debugging uncomment the following line.
+# You will then be able to use a java debugger on port 8000.
+#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
+
+# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
+# compilers that are accepted by Ant's build.compiler property.
+JSP_COMPILER=javac
+
+
+# Use the Java security manager? (yes/no, default: no)
+TOMCAT7_SECURITY=no
+
+
+# Number of days to keep logfiles in /var/log/tomcat8. Default is 14 days.
+#LOGFILE_DAYS=14
+# Whether to compress logfiles older than today's
+#LOGFILE_COMPRESS=1
+
+# Location of the JVM temporary directory
+# WARNING: This directory will be destroyed and recreated at every startup !
+JVM_TMP=/tmp/tomcat
+
+
+# If you run Tomcat on port numbers that are all higher than 1023, then you
+# do not need authbind.  It is used for binding Tomcat to lower port numbers.
+# (yes/no, default: no)
+AUTHBIND=no
+
+
diff --git a/test/salt/comparison_files/main_config/debian-9 b/test/salt/comparison_files/main_config/debian-9
new file mode 100644
index 0000000000000000000000000000000000000000..7ac21445df05400c9a91698af0fc21e766efdb5d
--- /dev/null
+++ b/test/salt/comparison_files/main_config/debian-9
@@ -0,0 +1,58 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# Modify the values in the tomcat pillar instead.
+
+# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
+# default of tomcat8.
+TOMCAT8_USER=tomcat8
+
+# Run Tomcat as this group ID. Not setting this or leaving it blank will use
+# the default of tomcat8.
+TOMCAT8_GROUP=tomcat8
+
+# The home directory of the Java development kit (JDK). You need at least
+# JDK version 7. If JAVA_HOME is not set, some common directories for
+# OpenJDK and the Oracle JDK are tried.
+JAVA_HOME=/usr/lib/jvm/default-java
+
+CATALINA_BASE="/var/lib/tomcat8"
+CATALINA_HOME="/usr/share/tomcat8"
+CATALINA_TMPDIR="/var/cache/tomcat8/temp"
+CATALINA_PID="/var/run/tomcat8.pid"
+
+
+# You may pass JVM startup parameters to Java here. If unset, the default
+# options will be: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
+#
+# Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved
+# response time). If you use that option and you run Tomcat on a machine with
+# exactly one CPU chip that contains one or two cores, you should also add
+# the "-XX:+CMSIncrementalMode" option.
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+# To enable remote debugging uncomment the following line.
+# You will then be able to use a java debugger on port 8000.
+#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
+
+# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
+# compilers that are accepted by Ant's build.compiler property.
+JSP_COMPILER=javac
+
+
+# Use the Java security manager? (yes/no, default: no)
+TOMCAT8_SECURITY=no
+
+
+# Number of days to keep logfiles in /var/log/tomcat8. Default is 14 days.
+#LOGFILE_DAYS=14
+# Whether to compress logfiles older than today's
+#LOGFILE_COMPRESS=1
+
+# Location of the JVM temporary directory
+# WARNING: This directory will be destroyed and recreated at every startup !
+JVM_TMP=/tmp/tomcat
+
+
+# If you run Tomcat on port numbers that are all higher than 1023, then you
+# do not need authbind.  It is used for binding Tomcat to lower port numbers.
+# (yes/no, default: no)
+AUTHBIND=no
diff --git a/test/salt/comparison_files/main_config/fedora-31 b/test/salt/comparison_files/main_config/fedora-31
new file mode 100644
index 0000000000000000000000000000000000000000..0f4c78f24348cec8a59b676fa867c3089e3209e9
--- /dev/null
+++ b/test/salt/comparison_files/main_config/fedora-31
@@ -0,0 +1,67 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# # Modify the values passed to the tomcat pillar instead.
+
+# Service-specific configuration file for tomcat. This will be sourced by
+# the SysV init script after the global configuration file
+# /etc/tomcat/tomcat.conf, thus allowing values to be overridden in
+# a per-service manner.
+#
+# NEVER change the init script itself. To change values for all services make
+# your changes in /etc/tomcat/tomcat.conf
+#
+# To change values for a specific service make your edits here.
+# To create a new service create a link from /etc/init.d/<your new service> to
+# /etc/init.d/tomcat (do not copy the init script) and make a copy of the
+# /etc/sysconfig/tomcat file to /etc/sysconfig/<your new service> and change
+# the property values so the two services won't conflict. Register the new
+# service in the system as usual (see chkconfig and similars).
+#
+
+# Where your java installation lives
+JAVA_HOME=/usr/lib/jvm/jre
+
+CATALINA_BASE="/usr/share/tomcat"
+
+CATALINA_HOME="/usr/share/tomcat"
+
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+CATALINA_PID="/var/run/tomcat.pid"
+
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+#if CLASSPATH is defined in JAVA_OPTS it may no longer munge with the default CLASSPATH
+#replace and customize if necessary
+#CLASSPATH=/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib64"
+
+# What user should run tomcat
+TOMCAT_USER=tomcat
+
+# What group should run tomcat
+TOMCAT_GROUP=tomcat
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+
+# Time to wait in seconds, before killing process
+#SHUTDOWN_WAIT="30"
+
+# Whether to annoy the user with "attempting to shut down" messages or not
+#SHUTDOWN_VERBOSE="false"
+
+# Connector port is 8080 for this tomcat instance
+#CONNECTOR_PORT="8080"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
diff --git a/test/salt/comparison_files/main_config/opensuse-15 b/test/salt/comparison_files/main_config/opensuse-15
new file mode 100644
index 0000000000000000000000000000000000000000..0f4c78f24348cec8a59b676fa867c3089e3209e9
--- /dev/null
+++ b/test/salt/comparison_files/main_config/opensuse-15
@@ -0,0 +1,67 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# # Modify the values passed to the tomcat pillar instead.
+
+# Service-specific configuration file for tomcat. This will be sourced by
+# the SysV init script after the global configuration file
+# /etc/tomcat/tomcat.conf, thus allowing values to be overridden in
+# a per-service manner.
+#
+# NEVER change the init script itself. To change values for all services make
+# your changes in /etc/tomcat/tomcat.conf
+#
+# To change values for a specific service make your edits here.
+# To create a new service create a link from /etc/init.d/<your new service> to
+# /etc/init.d/tomcat (do not copy the init script) and make a copy of the
+# /etc/sysconfig/tomcat file to /etc/sysconfig/<your new service> and change
+# the property values so the two services won't conflict. Register the new
+# service in the system as usual (see chkconfig and similars).
+#
+
+# Where your java installation lives
+JAVA_HOME=/usr/lib/jvm/jre
+
+CATALINA_BASE="/usr/share/tomcat"
+
+CATALINA_HOME="/usr/share/tomcat"
+
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+CATALINA_PID="/var/run/tomcat.pid"
+
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+#if CLASSPATH is defined in JAVA_OPTS it may no longer munge with the default CLASSPATH
+#replace and customize if necessary
+#CLASSPATH=/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib64"
+
+# What user should run tomcat
+TOMCAT_USER=tomcat
+
+# What group should run tomcat
+TOMCAT_GROUP=tomcat
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+
+# Time to wait in seconds, before killing process
+#SHUTDOWN_WAIT="30"
+
+# Whether to annoy the user with "attempting to shut down" messages or not
+#SHUTDOWN_VERBOSE="false"
+
+# Connector port is 8080 for this tomcat instance
+#CONNECTOR_PORT="8080"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
diff --git a/test/salt/comparison_files/main_config/ubuntu-16 b/test/salt/comparison_files/main_config/ubuntu-16
new file mode 100644
index 0000000000000000000000000000000000000000..7ac21445df05400c9a91698af0fc21e766efdb5d
--- /dev/null
+++ b/test/salt/comparison_files/main_config/ubuntu-16
@@ -0,0 +1,58 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# Modify the values in the tomcat pillar instead.
+
+# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
+# default of tomcat8.
+TOMCAT8_USER=tomcat8
+
+# Run Tomcat as this group ID. Not setting this or leaving it blank will use
+# the default of tomcat8.
+TOMCAT8_GROUP=tomcat8
+
+# The home directory of the Java development kit (JDK). You need at least
+# JDK version 7. If JAVA_HOME is not set, some common directories for
+# OpenJDK and the Oracle JDK are tried.
+JAVA_HOME=/usr/lib/jvm/default-java
+
+CATALINA_BASE="/var/lib/tomcat8"
+CATALINA_HOME="/usr/share/tomcat8"
+CATALINA_TMPDIR="/var/cache/tomcat8/temp"
+CATALINA_PID="/var/run/tomcat8.pid"
+
+
+# You may pass JVM startup parameters to Java here. If unset, the default
+# options will be: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
+#
+# Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved
+# response time). If you use that option and you run Tomcat on a machine with
+# exactly one CPU chip that contains one or two cores, you should also add
+# the "-XX:+CMSIncrementalMode" option.
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+# To enable remote debugging uncomment the following line.
+# You will then be able to use a java debugger on port 8000.
+#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
+
+# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
+# compilers that are accepted by Ant's build.compiler property.
+JSP_COMPILER=javac
+
+
+# Use the Java security manager? (yes/no, default: no)
+TOMCAT8_SECURITY=no
+
+
+# Number of days to keep logfiles in /var/log/tomcat8. Default is 14 days.
+#LOGFILE_DAYS=14
+# Whether to compress logfiles older than today's
+#LOGFILE_COMPRESS=1
+
+# Location of the JVM temporary directory
+# WARNING: This directory will be destroyed and recreated at every startup !
+JVM_TMP=/tmp/tomcat
+
+
+# If you run Tomcat on port numbers that are all higher than 1023, then you
+# do not need authbind.  It is used for binding Tomcat to lower port numbers.
+# (yes/no, default: no)
+AUTHBIND=no
diff --git a/test/salt/comparison_files/main_config/ubuntu-18 b/test/salt/comparison_files/main_config/ubuntu-18
new file mode 100644
index 0000000000000000000000000000000000000000..7ac21445df05400c9a91698af0fc21e766efdb5d
--- /dev/null
+++ b/test/salt/comparison_files/main_config/ubuntu-18
@@ -0,0 +1,58 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# Modify the values in the tomcat pillar instead.
+
+# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
+# default of tomcat8.
+TOMCAT8_USER=tomcat8
+
+# Run Tomcat as this group ID. Not setting this or leaving it blank will use
+# the default of tomcat8.
+TOMCAT8_GROUP=tomcat8
+
+# The home directory of the Java development kit (JDK). You need at least
+# JDK version 7. If JAVA_HOME is not set, some common directories for
+# OpenJDK and the Oracle JDK are tried.
+JAVA_HOME=/usr/lib/jvm/default-java
+
+CATALINA_BASE="/var/lib/tomcat8"
+CATALINA_HOME="/usr/share/tomcat8"
+CATALINA_TMPDIR="/var/cache/tomcat8/temp"
+CATALINA_PID="/var/run/tomcat8.pid"
+
+
+# You may pass JVM startup parameters to Java here. If unset, the default
+# options will be: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
+#
+# Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved
+# response time). If you use that option and you run Tomcat on a machine with
+# exactly one CPU chip that contains one or two cores, you should also add
+# the "-XX:+CMSIncrementalMode" option.
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+# To enable remote debugging uncomment the following line.
+# You will then be able to use a java debugger on port 8000.
+#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
+
+# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
+# compilers that are accepted by Ant's build.compiler property.
+JSP_COMPILER=javac
+
+
+# Use the Java security manager? (yes/no, default: no)
+TOMCAT8_SECURITY=no
+
+
+# Number of days to keep logfiles in /var/log/tomcat8. Default is 14 days.
+#LOGFILE_DAYS=14
+# Whether to compress logfiles older than today's
+#LOGFILE_COMPRESS=1
+
+# Location of the JVM temporary directory
+# WARNING: This directory will be destroyed and recreated at every startup !
+JVM_TMP=/tmp/tomcat
+
+
+# If you run Tomcat on port numbers that are all higher than 1023, then you
+# do not need authbind.  It is used for binding Tomcat to lower port numbers.
+# (yes/no, default: no)
+AUTHBIND=no
diff --git a/test/salt/comparison_files/server_xml/amazon-2.xml b/test/salt/comparison_files/server_xml/amazon-2.xml
new file mode 100644
index 0000000000000000000000000000000000000000..fd7be24fd3e371b84375bc32eb2800dfd54d6824
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/amazon-2.xml
@@ -0,0 +1,173 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+  <Listener className="org.apache.catalina.core.JasperListener" />
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="HOSTNAME_PLACEHOLDER">
+    
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8">
+          <Manager className="org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/>
+              <Channel className="org.apache.catalina.tribes.group.GroupChannel">
+                  <Membership className="org.apache.catalina.tribes.membership.McastService" address="228.0.0.4" port="45564" frequency="500" dropTime="3000"/>
+                      <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
+                          <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
+                      </Sender>
+
+                      <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver" address="auto" port="4000" autoBind="100" selectorTimeout="5000" maxThreads="6"/>
+
+                      <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
+                      <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
+
+              </Channel>
+              <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=""/>
+              <Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
+              
+              
+              <ClusterListener className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/>
+              
+              <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
+      </Cluster>
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/centos-7.xml b/test/salt/comparison_files/server_xml/centos-7.xml
new file mode 100644
index 0000000000000000000000000000000000000000..fd7be24fd3e371b84375bc32eb2800dfd54d6824
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/centos-7.xml
@@ -0,0 +1,173 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+  <Listener className="org.apache.catalina.core.JasperListener" />
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="HOSTNAME_PLACEHOLDER">
+    
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8">
+          <Manager className="org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/>
+              <Channel className="org.apache.catalina.tribes.group.GroupChannel">
+                  <Membership className="org.apache.catalina.tribes.membership.McastService" address="228.0.0.4" port="45564" frequency="500" dropTime="3000"/>
+                      <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
+                          <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
+                      </Sender>
+
+                      <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver" address="auto" port="4000" autoBind="100" selectorTimeout="5000" maxThreads="6"/>
+
+                      <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
+                      <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
+
+              </Channel>
+              <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=""/>
+              <Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
+              
+              
+              <ClusterListener className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/>
+              
+              <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
+      </Cluster>
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/debian-10.xml b/test/salt/comparison_files/server_xml/debian-10.xml
new file mode 100644
index 0000000000000000000000000000000000000000..93757aecf565fa89af5a36344451d42a6f606e0d
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/debian-10.xml
@@ -0,0 +1,148 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/debian-8.xml b/test/salt/comparison_files/server_xml/debian-8.xml
new file mode 100644
index 0000000000000000000000000000000000000000..2e67370404a538bd9475fdc6258f852034220fe3
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/debian-8.xml
@@ -0,0 +1,173 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+  <Listener className="org.apache.catalina.core.JasperListener" />
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               sslProtocol="TLS"
+               maxThreads="150"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               secure="true"
+               enableLookups="false"
+               clientAuth="false"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               redirectPort="8443"
+               URIEncoding="UTF-8"
+               minSpareThreads="25"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               keystorePass="somerandomtext"
+               connectionTimeout="20000"
+               scheme="https"
+               maxHttpHeaderSize="8192"
+               port="8443"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="HOSTNAME_PLACEHOLDER">
+    
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8">
+          <Manager className="org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/>
+              <Channel className="org.apache.catalina.tribes.group.GroupChannel">
+                  <Membership className="org.apache.catalina.tribes.membership.McastService" address="228.0.0.4" port="45564" frequency="500" dropTime="3000"/>
+                      <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
+                          <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
+                      </Sender>
+
+                      <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver" address="auto" port="4000" autoBind="100" selectorTimeout="5000" maxThreads="6"/>
+
+                      <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
+                      <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
+
+              </Channel>
+              <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=""/>
+              <Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
+              
+              
+              <ClusterListener className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/>
+              
+              <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
+      </Cluster>
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path="u''"
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                fileDateFormat="yyyy-MM-dd-HH"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D"
+                className="org.apache.catalina.valves.AccessLogValve"
+                prefix="localhost_access_log."
+                directory="logs"
+                suffix=".log" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      <Host name="tomcat-server"
+            deployXML="false"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path="u''"
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/debian-9.xml b/test/salt/comparison_files/server_xml/debian-9.xml
new file mode 100644
index 0000000000000000000000000000000000000000..c2cbc2563736645b72abc3fee1765ec2b1fad207
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/debian-9.xml
@@ -0,0 +1,148 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               maxThreads="150"
+               URIEncoding="UTF-8"
+               minSpareThreads="25"
+               sslProtocol="TLS"
+               connectionTimeout="20000"
+               secure="true"
+               maxHttpHeaderSize="8192"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               redirectPort="8443"
+               acceptCount="100"
+               keystorePass="somerandomtext"
+               scheme="https"
+               enableLookups="false"
+               clientAuth="false"
+               disableUploadTimeout="true"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="example.net"
+            autoDeploy="true"
+            unpackWARs="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                directory="logs"
+                className="org.apache.catalina.valves.AccessLogValve"
+                prefix="localhost_access_log."
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D"
+                fileDateFormat="yyyy-MM-dd-HH" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      <Host name="tomcat-server"
+            autoDeploy="true"
+            unpackWARs="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/fedora-31.xml b/test/salt/comparison_files/server_xml/fedora-31.xml
new file mode 100644
index 0000000000000000000000000000000000000000..93757aecf565fa89af5a36344451d42a6f606e0d
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/fedora-31.xml
@@ -0,0 +1,148 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/opensuse-15.xml b/test/salt/comparison_files/server_xml/opensuse-15.xml
new file mode 100644
index 0000000000000000000000000000000000000000..ed7175b5c6f37ddf63fe08ce14bf9af9171b1d15
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/opensuse-15.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?><!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+--><!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+--><!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ --><Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector SSLEnabled="false" URIEncoding="UTF-8" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="/path/to/keystoreFile" keystorePass="somerandomtext" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" redirectPort="8443" scheme="https" secure="true" sslProtocol="TLS"/>
+    
+    
+    <Engine defaultHost="localhost" name="Catalina">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host autoDeploy="true" deployXML="false" name="tomcat-server" unpackWARs="true">
+            <Context debug="0" docBase="../webapps/myapp" path="" reloadable="true"/>
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host autoDeploy="true" name="example.net" unpackWARs="true">
+            <Context debug="0" docBase="../webapps/myapp2" path="" reloadable="true"/>
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" fileDateFormat="yyyy-MM-dd-HH" pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" prefix="localhost_access_log." suffix=".log"/>
+              <Valve className="org.apache.catalina.authenticator.SingleSignOn"/>
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
\ No newline at end of file
diff --git a/test/salt/comparison_files/server_xml/ubuntu-16.xml b/test/salt/comparison_files/server_xml/ubuntu-16.xml
new file mode 100644
index 0000000000000000000000000000000000000000..93757aecf565fa89af5a36344451d42a6f606e0d
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/ubuntu-16.xml
@@ -0,0 +1,148 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/ubuntu-18.xml b/test/salt/comparison_files/server_xml/ubuntu-18.xml
new file mode 100644
index 0000000000000000000000000000000000000000..93757aecf565fa89af5a36344451d42a6f606e0d
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/ubuntu-18.xml
@@ -0,0 +1,148 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>