From afb1e2a536aecbbf0a90155749a23eb2de54f223 Mon Sep 17 00:00:00 2001 From: Mahendra Raghuwanshi Date: Thu, 3 May 2018 12:15:03 +0000 Subject: [PATCH] AAF Charts -PS3-MK -renaming charts to remove hyphen -refactoring service name configuration. It wasn't quite correct the way it was. It was taking the chart name as the service name and not using the values.yaml from the top level chart as intended. -Jonathan asked to name the main app service "aaf-service and cassandra to "aaf-cass" as this is what is in the cert -squashed https://gerrit.onap.org/r/#/c/45923/1 into this commit. -updated robot to the latest settings Robot tests are failing but all pods come up. I think this can be merged and the AAF team investigate the robot health issue in a running system -PS4-MK -reverting sms changes and taking the latest from master -removing repository from the global section of the aaf values. -this was causing all images to be pulled from nexus3.onap.org which was failing to pull images that come from docker hub. There is supposed to be a proxy through nexus3 to dockerhub but maybe we are missing something. -PS5-MK -removing nodeports from non gui related charts. There are conflicts -PS6-Kiran -Adding imagepullsecrets for aaf-sms-vault subchart -updated image repository to pull from nexus3 -tested and works now and should fix the pull errors -PS7-Kiran -Previous patch picked up a couple of unintended changes -Reverting them -PS8-MK -removing names from identities -using https for robot test Issue-ID: OOM-930 Change-Id: I98f40ef5af03dda73aebf12f6fa48d928915ab34 Signed-off-by: Mahendra Raghuwanshi Add Beijing CQLs into OOM Issue-ID: AAF-114 Change-Id: I2c2d46738ba0885c41f710997d4b212b6ce4d2de Signed-off-by: Instrumental Signed-off-by: Mandeep Khinda Signed-off-by: Kiran Kamineni --- kubernetes/aaf/.helmignore | 21 + kubernetes/aaf/charts/aaf-cm/.helmignore | 21 + kubernetes/aaf/charts/aaf-cm/Chart.yaml | 18 + kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt | 19 + .../aaf/charts/aaf-cm/templates/deployment.yaml | 114 +++++ .../aaf/{ => charts/aaf-cm}/templates/service.yaml | 4 +- kubernetes/aaf/charts/aaf-cm/values.yaml | 86 ++++ .../aaf-cs/resources/config/aaf-cs-data/ecomp.cql | 169 ------- .../resources/config/aaf-cs-data/identities.dat | 7 - .../resources/config/aaf-cs-data/identities.idx | Bin 56 -> 0 bytes .../aaf-cs/resources/config/aaf-cs-data/init.cql | 112 +++-- .../resources/config/aaf-cs-data/keyspace.cql | 11 + .../aaf-cs/resources/config/aaf-cs-data/osaaf.cql | 122 +++++ .../resources/config/aaf-cs-data/temp_identity.cql | 8 + kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt | 19 + .../aaf/charts/aaf-cs/templates/deployment.yaml | 36 +- .../aaf/charts/aaf-cs/templates/service.yaml | 18 +- kubernetes/aaf/charts/aaf-cs/values.yaml | 5 +- kubernetes/aaf/charts/aaf-fs/.helmignore | 21 + kubernetes/aaf/charts/aaf-fs/Chart.yaml | 18 + kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt | 19 + .../aaf/charts/aaf-fs/templates/deployment.yaml | 114 +++++ .../aaf/charts/aaf-fs/templates/service.yaml | 41 ++ kubernetes/aaf/charts/aaf-fs/values.yaml | 86 ++++ kubernetes/aaf/charts/aaf-gui/.helmignore | 21 + kubernetes/aaf/charts/aaf-gui/Chart.yaml | 18 + kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt | 19 + .../aaf/charts/aaf-gui/templates/deployment.yaml | 114 +++++ .../aaf/charts/aaf-gui/templates/service.yaml | 41 ++ kubernetes/aaf/charts/aaf-gui/values.yaml | 87 ++++ kubernetes/aaf/charts/aaf-hello/.helmignore | 21 + kubernetes/aaf/charts/aaf-hello/Chart.yaml | 18 + .../aaf/charts/aaf-hello/templates/NOTES.txt | 19 + .../aaf/charts/aaf-hello/templates/deployment.yaml | 114 +++++ .../aaf/charts/aaf-hello/templates/service.yaml | 41 ++ kubernetes/aaf/charts/aaf-hello/values.yaml | 86 ++++ kubernetes/aaf/charts/aaf-locate/.helmignore | 21 + kubernetes/aaf/charts/aaf-locate/Chart.yaml | 18 + .../aaf/charts/aaf-locate/templates/NOTES.txt | 19 + .../aaf-locate}/templates/deployment.yaml | 43 +- .../aaf/charts/aaf-locate/templates/service.yaml | 41 ++ kubernetes/aaf/charts/aaf-locate/values.yaml | 90 ++++ kubernetes/aaf/charts/aaf-oauth/.helmignore | 21 + kubernetes/aaf/charts/aaf-oauth/Chart.yaml | 18 + .../aaf/charts/aaf-oauth/templates/NOTES.txt | 19 + .../aaf/charts/aaf-oauth/templates/deployment.yaml | 114 +++++ .../aaf/charts/aaf-oauth/templates/service.yaml | 41 ++ kubernetes/aaf/charts/aaf-oauth/values.yaml | 86 ++++ kubernetes/aaf/charts/aaf-service/Chart.yaml | 18 + .../charts/aaf-service/templates/deployment.yaml | 114 +++++ .../aaf/charts/aaf-service/templates/service.yaml | 41 ++ kubernetes/aaf/charts/aaf-service/values.yaml | 87 ++++ .../aaf-sms-vault/templates/statefulset.yaml | 3 +- .../aaf-sms/charts/aaf-sms-vault/values.yaml | 6 +- kubernetes/aaf/requirements.yaml | 19 +- .../aaf/resources/config/aaf-data/identities.dat | 9 - kubernetes/aaf/resources/config/backup/backup.sh | 32 ++ kubernetes/aaf/resources/config/backup/cbackup.sh | 8 + .../aaf/resources/config/data/identities.dat | 27 ++ .../resources/config/data/sample.identities.dat | 27 ++ .../aaf/resources/config/etc/org.osaaf.cm.props | 14 + .../resources/config/etc/org.osaaf.common.props | 29 ++ .../aaf/resources/config/etc/org.osaaf.fs.props | 10 + .../aaf/resources/config/etc/org.osaaf.gui.props | 31 ++ .../aaf/resources/config/etc/org.osaaf.hello.props | 8 + .../resources/config/etc/org.osaaf.locate.props | 8 + .../aaf/resources/config/etc/org.osaaf.log4j.props | 51 ++ .../aaf/resources/config/etc/org.osaaf.oauth.props | 8 + .../aaf/resources/config/etc/org.osaaf.orgs.props | 11 + .../resources/config/etc/org.osaaf.service.props | 8 + .../resources/config/local/org.osaaf.aaf.cm.p12 | Bin 0 -> 2818 bytes .../resources/config/local/org.osaaf.aaf.keyfile | 27 ++ .../aaf/resources/config/local/org.osaaf.aaf.p12 | Bin 0 -> 4140 bytes .../aaf/resources/config/local/org.osaaf.aaf.props | 17 + .../resources/config/local/org.osaaf.aaf.trust.p12 | Bin 0 -> 4180 bytes ...af.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 | Bin 0 -> 4140 bytes .../config/local/org.osaaf.cassandra.props | 29 ++ .../resources/config/local/org.osaaf.cm.ca.props | 11 + .../config/local/org.osaaf.location.props | 12 + .../aaf/resources/config/public/AAF_RootCA.cer | 31 ++ kubernetes/aaf/resources/config/public/aaf_2_0.xsd | 527 +++++++++++++++++++++ .../config/public/iframe_denied_test.html | 10 + .../aaf/resources/config/public/truststoreONAP.p12 | Bin 0 -> 4180 bytes .../resources/config/public/truststoreONAPall.jks | Bin 0 -> 117990 bytes kubernetes/aaf/templates/configmap.yaml | 39 +- kubernetes/aaf/templates/job.yaml | 132 ++++++ kubernetes/aaf/templates/pv.yaml | 37 ++ kubernetes/aaf/templates/pvc.yaml | 48 ++ kubernetes/aaf/templates/secrets.yaml | 47 ++ kubernetes/aaf/values.yaml | 55 ++- .../config/integration_robot_properties.py | 8 +- .../config/eteshare/config/vm_properties.py | 6 +- 92 files changed, 3523 insertions(+), 301 deletions(-) create mode 100644 kubernetes/aaf/.helmignore create mode 100644 kubernetes/aaf/charts/aaf-cm/.helmignore create mode 100644 kubernetes/aaf/charts/aaf-cm/Chart.yaml create mode 100644 kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt create mode 100644 kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml rename kubernetes/aaf/{ => charts/aaf-cm}/templates/service.yaml (94%) create mode 100644 kubernetes/aaf/charts/aaf-cm/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql delete mode 100644 kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat delete mode 100644 kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx create mode 100644 kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql create mode 100644 kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql create mode 100644 kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql create mode 100644 kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt create mode 100644 kubernetes/aaf/charts/aaf-fs/.helmignore create mode 100644 kubernetes/aaf/charts/aaf-fs/Chart.yaml create mode 100644 kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt create mode 100644 kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml create mode 100644 kubernetes/aaf/charts/aaf-fs/templates/service.yaml create mode 100644 kubernetes/aaf/charts/aaf-fs/values.yaml create mode 100644 kubernetes/aaf/charts/aaf-gui/.helmignore create mode 100644 kubernetes/aaf/charts/aaf-gui/Chart.yaml create mode 100644 kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt create mode 100644 kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml create mode 100644 kubernetes/aaf/charts/aaf-gui/templates/service.yaml create mode 100644 kubernetes/aaf/charts/aaf-gui/values.yaml create mode 100644 kubernetes/aaf/charts/aaf-hello/.helmignore create mode 100644 kubernetes/aaf/charts/aaf-hello/Chart.yaml create mode 100644 kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt create mode 100644 kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml create mode 100644 kubernetes/aaf/charts/aaf-hello/templates/service.yaml create mode 100644 kubernetes/aaf/charts/aaf-hello/values.yaml create mode 100644 kubernetes/aaf/charts/aaf-locate/.helmignore create mode 100644 kubernetes/aaf/charts/aaf-locate/Chart.yaml create mode 100644 kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt rename kubernetes/aaf/{ => charts/aaf-locate}/templates/deployment.yaml (71%) create mode 100644 kubernetes/aaf/charts/aaf-locate/templates/service.yaml create mode 100644 kubernetes/aaf/charts/aaf-locate/values.yaml create mode 100644 kubernetes/aaf/charts/aaf-oauth/.helmignore create mode 100644 kubernetes/aaf/charts/aaf-oauth/Chart.yaml create mode 100644 kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt create mode 100644 kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml create mode 100644 kubernetes/aaf/charts/aaf-oauth/templates/service.yaml create mode 100644 kubernetes/aaf/charts/aaf-oauth/values.yaml create mode 100644 kubernetes/aaf/charts/aaf-service/Chart.yaml create mode 100644 kubernetes/aaf/charts/aaf-service/templates/deployment.yaml create mode 100644 kubernetes/aaf/charts/aaf-service/templates/service.yaml create mode 100644 kubernetes/aaf/charts/aaf-service/values.yaml delete mode 100644 kubernetes/aaf/resources/config/aaf-data/identities.dat create mode 100644 kubernetes/aaf/resources/config/backup/backup.sh create mode 100644 kubernetes/aaf/resources/config/backup/cbackup.sh create mode 100644 kubernetes/aaf/resources/config/data/identities.dat create mode 100644 kubernetes/aaf/resources/config/data/sample.identities.dat create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.cm.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.common.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.fs.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.gui.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.hello.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.locate.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props create mode 100644 kubernetes/aaf/resources/config/etc/org.osaaf.service.props create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.aaf.props create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props create mode 100644 kubernetes/aaf/resources/config/local/org.osaaf.location.props create mode 100644 kubernetes/aaf/resources/config/public/AAF_RootCA.cer create mode 100644 kubernetes/aaf/resources/config/public/aaf_2_0.xsd create mode 100644 kubernetes/aaf/resources/config/public/iframe_denied_test.html create mode 100644 kubernetes/aaf/resources/config/public/truststoreONAP.p12 create mode 100644 kubernetes/aaf/resources/config/public/truststoreONAPall.jks create mode 100644 kubernetes/aaf/templates/job.yaml create mode 100644 kubernetes/aaf/templates/pv.yaml create mode 100644 kubernetes/aaf/templates/pvc.yaml create mode 100644 kubernetes/aaf/templates/secrets.yaml diff --git a/kubernetes/aaf/.helmignore b/kubernetes/aaf/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-cm/.helmignore b/kubernetes/aaf/charts/aaf-cm/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cm/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-cm/Chart.yaml b/kubernetes/aaf/charts/aaf-cm/Chart.yaml new file mode 100644 index 0000000000..00832d69e4 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Certificate Manager +name: aaf-cm +version: 2.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml new file mode 100644 index 0000000000..652e2ac040 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/job_complete.py + args: + - -j + - {{ .Release.Name }}-aaf-create-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + - command: + - /root/ready.py + args: + - --container-name + - aaf-cs + - --container-name + - aaf-locate + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - env: + - name: CASSANDRA_CLUSTER + value: cassandra_container + name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/cm/bin/cm >> /opt/app/osaaf/logs/cm/stdout`date -I` 2>> /opt/app/osaaf/logs/cm/stderr`date -I`"] + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-persistent-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-persistent-vol + {{- if .Values.global.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-pvc + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/templates/service.yaml b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml similarity index 94% rename from kubernetes/aaf/templates/service.yaml rename to kubernetes/aaf/charts/aaf-cm/templates/service.yaml index 587e07a821..281aa1cc8d 100644 --- a/kubernetes/aaf/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml @@ -29,11 +29,11 @@ spec: #Example internal target port if required #targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml new file mode 100644 index 0000000000..75b1a7b564 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -0,0 +1,86 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/aaf_cm:2.1.0-SNAPSHOT +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aaf-cm + type: ClusterIP + portName: aaf-cm + #targetPort + internalPort: 8150 + #port + externalPort: 8150 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql deleted file mode 100644 index 6fddf65001..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql +++ /dev/null @@ -1,169 +0,0 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - -//INSERT INTO role(ns, name, perms, description) -// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) -VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat deleted file mode 100644 index 98bf99a3d1..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat +++ /dev/null @@ -1,7 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx deleted file mode 100644 index 78fc0a569376325b76d64ed42c428f1876448beb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 56 zcmZRb{4bJ$fnhr9@24$5nt?6w{UZhjCIJwE##v-#H(x I02JQ{0Or*Z00000 diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql index 81700f830c..c06e5ee952 100644 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql @@ -1,35 +1,6 @@ -// For Developer Machine single instance -// -CREATE KEYSPACE authz -WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; -// -// From Ravi, 6-17-2014. User for DEVL->TEST -// -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; -// -// PROD -// -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; -// -// create user authz with password '' superuser; -// grant all on keyspace authz to authz; -// -// For TEST (aaf_test) -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; -// -// DEVL -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; -// -// TEST / PERF -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; -// -// IST -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', -// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; -// -// with 6 localized with ccm -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; -// + +// Table Initialization +// First make sure the keyspace exists. USE authz; @@ -51,12 +22,6 @@ CREATE TABLE ns ( ); CREATE INDEX ns_parent on ns(parent); - -// Oct 2015, not performant. Made Owner and Attrib first class Roles, -// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. -// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) -// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces -// as having certain tools, like SWM, etc. CREATE TABLE ns_attrib ( ns varchar, key varchar, @@ -125,10 +90,10 @@ CREATE INDEX cert_id ON cert(id); CREATE INDEX cert_x500 ON cert(x500); CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, + user text, + type int, + last timestamp, + checksum int, PRIMARY KEY (user,type) ); @@ -155,14 +120,16 @@ CREATE TABLE artifact ( sponsor text, ca text, dir text, - appName text, os_user text, + ns text, notify text, expires timestamp, - renewDays int, + renewDays int, + sans Set, PRIMARY KEY (mechid,machine) ); CREATE INDEX artifact_machine ON artifact(machine); +CREATE INDEX artifact_ns ON artifact(ns); // // Non-Critical Table functions @@ -216,6 +183,7 @@ CREATE TABLE approval ( status varchar, // approval status. pending, approved, denied memo varchar, // Text for Approval to know what's going on operation varchar, // List operation to perform + last_notified timestamp, // Timestamp for the last time approver was notified PRIMARY KEY(id) ); CREATE INDEX appr_approver_idx ON approval(approver); @@ -223,6 +191,19 @@ CREATE INDEX appr_user_idx ON approval(user); CREATE INDEX appr_ticket_idx ON approval(ticket); CREATE INDEX appr_status_idx ON approval(status); +CREATE TABLE approved ( + id timeuuid, // unique Key + user varchar, // the user who needs to be approved + approver varchar, // user approving + type varchar, // approver types i.e. Supervisor, Owner + status varchar, // approval status. pending, approved, denied + memo varchar, // Text for Approval to know what's going on + operation varchar, // List operation to perform + PRIMARY KEY(id) + ); +CREATE INDEX approved_approver_idx ON approved(approver); +CREATE INDEX approved_user_idx ON approved(user); + CREATE TABLE delegate ( user varchar, delegate varchar, @@ -231,6 +212,49 @@ CREATE TABLE delegate ( ); CREATE INDEX delg_delg_idx ON delegate(delegate); +// OAuth Tokens +CREATE TABLE oauth_token ( + id text, // Reference + client_id text, // Creating Client ID + user text, // User requesting + active boolean, // Active or not + type int, // Type of Token + refresh text, // Refresh Token + expires timestamp, // Expiration time/Date (signed long) + exp_sec bigint, // Seconds from Jan 1, 1970 + content text, // Content of Token + scopes Set, // Scopes + state text, // Context string (Optional) + req_ip text, // Requesting IP (for logging purpose) + PRIMARY KEY(id) +) with default_time_to_live = 21600; // 6 hours +CREATE INDEX oauth_token_user_idx ON oauth_token(user); + +CREATE TABLE locate ( + name text, // Component/Server name + hostname text, // FQDN of Service/Component + port int, // Port of Service + major int, // Version, Major + minor int, // Version, Minor + patch int, // Version, Patch + pkg int, // Version, Package (if available) + latitude float, // Latitude + longitude float, // Longitude + protocol text, // Protocol (i.e. http https) + subprotocol set, // Accepted SubProtocols, ie. TLS1.1 for https + port_key uuid, // Key into locate_ports + PRIMARY KEY(name,hostname,port) +) with default_time_to_live = 1200; // 20 mins + +CREATE TABLE locate_ports ( + id uuid, // Id into locate + port int, // SubPort + name text, // Name of Other Port + protocol text, // Protocol of Other (i.e. JMX, DEBUG) + subprotocol set, // Accepted sub protocols or versions + PRIMARY KEY(id, port) +) with default_time_to_live = 1200; // 20 mins; + // // Used by authz-batch processes to ensure only 1 runs at a time // diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql new file mode 100644 index 0000000000..52dc5ea77e --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql @@ -0,0 +1,11 @@ +// For Developer Machine single instance +// CREATE KEYSPACE authz +// WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; +// +// + +// Example of Network Topology, with Datacenter dc1 & dc2 +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; +// Out of the box Docker Cassandra comes with "datacenter1", one instance +CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' }; +// diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql new file mode 100644 index 0000000000..e7385ab69d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql @@ -0,0 +1,122 @@ +USE authz; + +// Create 'org' root NS +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org','Root Namespace','.',1,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Org Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Org Write Access'); + +// Create Root pass +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('initial@osaaf.org','org.osaaf',1,0x008c5926ca861023c1d2a36653fd88e2,'2099-12-31') using TTL 14400; + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('initial@osaaf.org','org.admin','2099-12-31','org','admin') using TTL 14400; + + +// Create org.osaaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf','OSAAF Namespace','org',2,2); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access'); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access'); + +// Create org.osaaf.aaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400; + + +// ONAP Specific Entities +// ONAP initial env Namespace +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap','ONAP','org',2,2); + +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','read',{ + 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor' + },'Portal Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins'); + +// DEMO ID (OPS) +insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// ADMIN +insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// DESIGNER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer'); + +// TESTER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester'); + +// OPS +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops'); + +// GOVERNOR +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor'); + diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql new file mode 100644 index 0000000000..5e7cfe1741 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql @@ -0,0 +1,8 @@ +USE authz; + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.admin','2099-12-31','org','admin') ; + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') ; + diff --git a/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml index 15e574f511..4253d2fb71 100644 --- a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml @@ -24,14 +24,11 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: metadata: labels: app: {{ include "common.name" . }} - name: {{ .Release.Name }} + release: {{ .Release.Name }} spec: hostname: {{ include "common.name" . }} containers: @@ -39,24 +36,45 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} + ports: + - containerPort: {{ .Values.service.externalPort }} + - containerPort: {{ .Values.service.externalPort2 }} + - containerPort: {{ .Values.service.externalPort3 }} + - containerPort: {{ .Values.service.externalPort4 }} volumeMounts: - mountPath: /data name: aaf-cs-data + - mountPath: /etc/localtime + name: localtime + readOnly: true # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.internalPort3 }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.internalPort3 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - > + /bin/sleep 30; + cd /data/; + cqlsh -u root -p root -f keyspace.cql ; + cqlsh -u root -p root -f init.cql ; + cqlsh -u root -p root -f osaaf.cql ; + cqlsh -u root -p root -f temp_identity.cql + resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -66,8 +84,10 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + - name: localtime + hostPath: + path: /etc/localtime - name: aaf-cs-data secret: secretName: {{ include "common.fullname" . }} diff --git a/kubernetes/aaf/charts/aaf-cs/templates/service.yaml b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml index 2e4a619a20..b1716e4936 100644 --- a/kubernetes/aaf/charts/aaf-cs/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml @@ -22,6 +22,8 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +# annotations: +# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: type: {{ .Values.service.type }} ports: @@ -30,29 +32,29 @@ spec: #Example internal target port if required #targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} - port: {{ .Values.service.externalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.name }}2 + name: {{ .Values.service.portName }}2 - port: {{ .Values.service.externalPort3 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.name }}3 + name: {{ .Values.service.portName }}3 - port: {{ .Values.service.externalPort4 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - name: {{ .Values.service.name }}4 + name: {{ .Values.service.portName }}4 {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name }}2 + name: {{ .Values.service.portName }}2 - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.name }}3 + name: {{ .Values.service.portName }}3 - port: {{ .Values.service.externalPort4 }} targetPort: {{ .Values.service.internalPort4 }} - name: {{ .Values.service.name }}4 + name: {{ .Values.service.portName }}4 {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aaf/charts/aaf-cs/values.yaml b/kubernetes/aaf/charts/aaf-cs/values.yaml index 89b83cd169..83bc972fd8 100644 --- a/kubernetes/aaf/charts/aaf-cs/values.yaml +++ b/kubernetes/aaf/charts/aaf-cs/values.yaml @@ -25,7 +25,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: library/cassandra:2.1.17 +image: library/cassandra:3.11 pullPolicy: Always # flag to enable debugging - application support required @@ -54,8 +54,9 @@ readiness: periodSeconds: 10 service: + name: aaf-cass type: ClusterIP - name: aaf-cs + portName: aaf-cs #targetPort internalPort: 7000 #port diff --git a/kubernetes/aaf/charts/aaf-fs/.helmignore b/kubernetes/aaf/charts/aaf-fs/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-fs/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-fs/Chart.yaml b/kubernetes/aaf/charts/aaf-fs/Chart.yaml new file mode 100644 index 0000000000..6b0fdcb6fd --- /dev/null +++ b/kubernetes/aaf/charts/aaf-fs/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF File Server +name: aaf-fs +version: 2.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml new file mode 100644 index 0000000000..0bbd6a5a36 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/job_complete.py + args: + - -j + - {{ .Release.Name }}-aaf-create-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + - command: + - /root/ready.py + args: + - --container-name + - aaf-cs + - --container-name + - aaf-locate + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - env: + - name: CASSANDRA_CLUSTER + value: cassandra_container + name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash","-c","echo hello >> /opt/app/osaaf/logs/fs/stdout`date -I`;ln -s /opt/app/osaaf/data /data;/opt/app/aaf/fs/bin/fs >> /opt/app/osaaf/logs/fs/stdout`date -I` 2>> /opt/app/osaaf/logs/fs/stderr`date -I`"] + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-persistent-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-persistent-vol + {{- if .Values.global.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-pvc + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml new file mode 100644 index 0000000000..281aa1cc8d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml @@ -0,0 +1,41 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + #Example internal target port if required + #targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml new file mode 100644 index 0000000000..be0f53d566 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-fs/values.yaml @@ -0,0 +1,86 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/aaf_fs:2.1.0-SNAPSHOT +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aaf-fs + type: ClusterIP + portName: aaf-fs + #targetPort + internalPort: 8096 + #port + externalPort: 8096 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/aaf-gui/.helmignore b/kubernetes/aaf/charts/aaf-gui/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-gui/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-gui/Chart.yaml b/kubernetes/aaf/charts/aaf-gui/Chart.yaml new file mode 100644 index 0000000000..d0aea0b0e0 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-gui/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF GUI +name: aaf-gui +version: 2.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml new file mode 100644 index 0000000000..ee503caceb --- /dev/null +++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/job_complete.py + args: + - -j + - {{ .Release.Name }}-aaf-create-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + - command: + - /root/ready.py + args: + - --container-name + - aaf-cs + - --container-name + - aaf-locate + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - env: + - name: CASSANDRA_CLUSTER + value: cassandra_container + name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/gui/bin/gui >> /opt/app/osaaf/logs/gui/stdout`date -I` 2>> /opt/app/osaaf/logs/gui/stderr`date -I`"] + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-persistent-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-persistent-vol + {{- if .Values.global.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-pvc + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml new file mode 100644 index 0000000000..281aa1cc8d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml @@ -0,0 +1,41 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + #Example internal target port if required + #targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml new file mode 100644 index 0000000000..02c572fe88 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/aaf_gui:2.1.0-SNAPSHOT +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aaf-gui + type: NodePort + portName: aaf-gui + #targetPort + internalPort: 8200 + #port + externalPort: 8200 + nodePort: 51 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/aaf-hello/.helmignore b/kubernetes/aaf/charts/aaf-hello/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-hello/Chart.yaml b/kubernetes/aaf/charts/aaf-hello/Chart.yaml new file mode 100644 index 0000000000..c4029ba80f --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Hello +name: aaf-hello +version: 2.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml new file mode 100644 index 0000000000..b47d878f25 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/job_complete.py + args: + - -j + - {{ .Release.Name }}-aaf-create-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + - command: + - /root/ready.py + args: + - --container-name + - aaf-cs + - --container-name + - aaf-locate + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - env: + - name: CASSANDRA_CLUSTER + value: cassandra_container + name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/hello/bin/hello >> /opt/app/osaaf/logs/hello/stdout`date -I` 2>> /opt/app/osaaf/logs/hello/stderr`date -I`"] + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-persistent-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-persistent-vol + {{- if .Values.global.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-pvc + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml new file mode 100644 index 0000000000..281aa1cc8d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml @@ -0,0 +1,41 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + #Example internal target port if required + #targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml new file mode 100644 index 0000000000..ad95b071c1 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/values.yaml @@ -0,0 +1,86 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/aaf_hello:2.1.0-SNAPSHOT +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aaf-hello + type: ClusterIP + portName: aaf-hello + #targetPort + internalPort: 8130 + #port + externalPort: 8130 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/aaf-locate/.helmignore b/kubernetes/aaf/charts/aaf-locate/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-locate/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-locate/Chart.yaml b/kubernetes/aaf/charts/aaf-locate/Chart.yaml new file mode 100644 index 0000000000..db50ec392a --- /dev/null +++ b/kubernetes/aaf/charts/aaf-locate/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Locate +name: aaf-locate +version: 2.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml similarity index 71% rename from kubernetes/aaf/templates/deployment.yaml rename to kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml index 2a4e7d2348..de5a46ec5b 100644 --- a/kubernetes/aaf/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml @@ -24,16 +24,27 @@ metadata: namespace: {{ include "common.namespace" . }} spec: replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: metadata: labels: app: {{ include "common.name" . }} - name: {{ include "common.fullname" . }} + release: {{ .Release.Name }} spec: initContainers: + - command: + - /root/job_complete.py + args: + - -j + - {{ .Release.Name }}-aaf-create-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete - command: - /root/ready.py args: @@ -52,12 +63,16 @@ spec: - env: - name: CASSANDRA_CLUSTER value: cassandra_container + name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/locate/bin/locate >> /opt/app/osaaf/logs/locate/stdout`date -I` 2>> /opt/app/osaaf/logs/locate/stderr`date -I`"] volumeMounts: - - mountPath: /data - name: aaf-data - name: {{ include "common.name" . }} + - mountPath: /opt/app/osaaf + name: aaf-persistent-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} @@ -82,10 +97,16 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: - - name: aaf-data - configMap: - name: {{ include "common.fullname" . }} + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-persistent-vol + {{- if .Values.global.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-pvc + {{- else }} + emptyDir: {} + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml new file mode 100644 index 0000000000..281aa1cc8d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml @@ -0,0 +1,41 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + #Example internal target port if required + #targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml new file mode 100644 index 0000000000..fbed947ca0 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -0,0 +1,90 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.0 + +# If mountPath is over NFS (e.g. /dockerdata-nfs is NFS mounted between the nodes), uncomment following lines. +# persistence: +# mountPath: /dockerdata + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/aaf_locate:2.1.0-SNAPSHOT +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aaf-locate + type: ClusterIP + portName: aaf-locate + #targetPort + internalPort: 8095 + #port + externalPort: 8095 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/aaf-oauth/.helmignore b/kubernetes/aaf/charts/aaf-oauth/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-oauth/Chart.yaml b/kubernetes/aaf/charts/aaf-oauth/Chart.yaml new file mode 100644 index 0000000000..bcb135b1e0 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF OAuth +name: aaf-oauth +version: 2.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml new file mode 100644 index 0000000000..00d6ee0e59 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/job_complete.py + args: + - -j + - {{ .Release.Name }}-aaf-create-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + - command: + - /root/ready.py + args: + - --container-name + - aaf-cs + - --container-name + - aaf-locate + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - env: + - name: CASSANDRA_CLUSTER + value: cassandra_container + name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/oauth/bin/oauth >> /opt/app/osaaf/logs/oauth/stdout`date -I` 2>> /opt/app/osaaf/logs/oauth/stderr`date -I`"] + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-persistent-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-persistent-vol + {{- if .Values.global.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-pvc + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml new file mode 100644 index 0000000000..281aa1cc8d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml @@ -0,0 +1,41 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + #Example internal target port if required + #targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml new file mode 100644 index 0000000000..43116965be --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml @@ -0,0 +1,86 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/aaf_oauth:2.1.0-SNAPSHOT +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aaf-oauth + type: ClusterIP + portName: aaf-oauth + #targetPort + internalPort: 8140 + #port + externalPort: 8140 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/aaf-service/Chart.yaml b/kubernetes/aaf/charts/aaf-service/Chart.yaml new file mode 100644 index 0000000000..3461f1add1 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-service/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Service +name: aaf-service +version: 2.0.0 diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml new file mode 100644 index 0000000000..9fd6eba534 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/job_complete.py + args: + - -j + - {{ .Release.Name }}-aaf-create-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + - command: + - /root/ready.py + args: + - --container-name + - aaf-cs + - --container-name + - aaf-locate + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - env: + - name: CASSANDRA_CLUSTER + value: cassandra_container + name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/service/bin/service >> /opt/app/osaaf/logs/service/stdout`date -I` 2>> /opt/app/osaaf/logs/service/stderr`date -I`"] + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-persistent-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-persistent-vol + {{- if .Values.global.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-pvc + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-service/templates/service.yaml new file mode 100644 index 0000000000..281aa1cc8d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-service/templates/service.yaml @@ -0,0 +1,41 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + #Example internal target port if required + #targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml new file mode 100644 index 0000000000..33c1644154 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-service/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/aaf_service:2.1.0-SNAPSHOT +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aaf-service + type: NodePort + portName: aaf-service + #targetPort + internalPort: 8100 + #port + externalPort: 8100 + nodePort: 50 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml index 26f03044ac..ddfc7c61d0 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml @@ -75,4 +75,5 @@ spec: - name: localtime hostPath: path: /etc/localtime - + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml index 07b8c33226..53e7286583 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml @@ -21,10 +21,10 @@ global: persistence: {} # application image -repository: docker.io +repository: nexus3.onap.org:10001 image: - consul: consul:1.0.6 - vault: vault:0.10.0 + consul: library/consul:1.0.6 + vault: library/vault:0.10.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/aaf/requirements.yaml b/kubernetes/aaf/requirements.yaml index fb4321ded6..1e8f788318 100644 --- a/kubernetes/aaf/requirements.yaml +++ b/kubernetes/aaf/requirements.yaml @@ -1,7 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + dependencies: - name: common version: ~2.0.0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' + repository: '@local' \ No newline at end of file diff --git a/kubernetes/aaf/resources/config/aaf-data/identities.dat b/kubernetes/aaf/resources/config/aaf-data/identities.dat deleted file mode 100644 index 95eb51d1be..0000000000 --- a/kubernetes/aaf/resources/config/aaf-data/identities.dat +++ /dev/null @@ -1,9 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl -m99751|ID of AAF|||||a|bdevl -m99501|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/backup/backup.sh b/kubernetes/aaf/resources/config/backup/backup.sh new file mode 100644 index 0000000000..1359d3de83 --- /dev/null +++ b/kubernetes/aaf/resources/config/backup/backup.sh @@ -0,0 +1,32 @@ +# BEGIN Store prev +BD=/opt/app/osaaf/backup +if [ -e "$BD/6day" ]; then + rm -Rf $BD/6day +fi + +PREV=$BD/6day +for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do + if [ -e "$D" ]; then + mv "$D" "$PREV" + fi + PREV="$D" +done + +if [ -e "$BD/today" ]; then + if [ -e "$BD/backup.log" ]; then + mv $BD/backup.log $BD/today + fi + gzip $BD/today/* + mv $BD/today $BD/yesterday +fi + +mkdir $BD/today + +# END Store prev +date +docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup" +docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh +# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh" +docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh +docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today +date diff --git a/kubernetes/aaf/resources/config/backup/cbackup.sh b/kubernetes/aaf/resources/config/backup/cbackup.sh new file mode 100644 index 0000000000..9c91d0c670 --- /dev/null +++ b/kubernetes/aaf/resources/config/backup/cbackup.sh @@ -0,0 +1,8 @@ +cd /opt/app/cass_backup +DATA="ns role perm ns_attrib user_role cred cert x509 delegate approval approved future notify artifact health history" +PWD=cassandra +CQLSH="cqlsh -u cassandra -k authz -p $PWD" +for T in $DATA ; do + echo "Creating $T.dat" + $CQLSH -e "COPY authz.$T TO '$T.dat' WITH DELIMITER='|'" +done diff --git a/kubernetes/aaf/resources/config/data/identities.dat b/kubernetes/aaf/resources/config/data/identities.dat new file mode 100644 index 0000000000..39d18a12b9 --- /dev/null +++ b/kubernetes/aaf/resources/config/data/identities.dat @@ -0,0 +1,27 @@ +# +# Sample Identities.dat +# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with +# out-of-the-box tire-kicking, or even for Small companies +# +# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing +# batch feeds, as is appropriate for your company. +# +# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split +# out AppIDs, choose your own status indicators, or whatever you use. +# 0 - unique ID +# 1 - full name +# 2 - first name +# 3 - last name +# 4 - phone +# 5 - official email +# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company +# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) +# + +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/data/sample.identities.dat b/kubernetes/aaf/resources/config/data/sample.identities.dat new file mode 100644 index 0000000000..39d18a12b9 --- /dev/null +++ b/kubernetes/aaf/resources/config/data/sample.identities.dat @@ -0,0 +1,27 @@ +# +# Sample Identities.dat +# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with +# out-of-the-box tire-kicking, or even for Small companies +# +# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing +# batch feeds, as is appropriate for your company. +# +# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split +# out AppIDs, choose your own status indicators, or whatever you use. +# 0 - unique ID +# 1 - full name +# 2 - first name +# 3 - last name +# 4 - phone +# 5 - official email +# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company +# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) +# + +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props b/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props new file mode 100644 index 0000000000..d634cfeb37 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props @@ -0,0 +1,14 @@ +## +## org.osaaf.cm.props +## AAF Certificate Manager properties +## Note: Link to CA Properties in "local" dir +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props +aaf_component=AAF_NS.cm:2.1.0.0 +port=8150 +cadi_registration_hostname={{.Values.config.cmServiceName}} +#Certman +cm_public_dir=/opt/app/osaaf/public +cm_trust_cas=AAF_RootCA.cer + + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.common.props b/kubernetes/aaf/resources/config/etc/org.osaaf.common.props new file mode 100644 index 0000000000..8b75e709d4 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.common.props @@ -0,0 +1,29 @@ +############################################################ +# Common properties for all AAF Components +# on 2018-03-02 06:59.628-0500 +############################################################ +# Pull in Global Coordinates and Certificate Information +aaf_root_ns=org.osaaf.aaf +aaf_trust_perm=org.osaaf.aaf|org.onap|trust + +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.props +cadi_protocols=TLSv1.1,TLSv1.2 + +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 +cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login + +# Standard for this App/Machine +aaf_env=DEV +aaf_data_dir=/opt/app/osaaf/data +cadi_loglevel=DEBUG + +# Domain Support (which will accept) +aaf_domain_support=.com:.org + +# Basic Auth +aaf_default_realm=people.osaaf.org + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props new file mode 100644 index 0000000000..d499f97f56 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props @@ -0,0 +1,10 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props +aaf_component=AAF_NS.fs:2.1.0.0 +port=8096 +cadi_registration_hostname={{.Values.config.fsServiceName}} + +aaf_public_dir=/opt/app/osaaf/public diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props b/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props new file mode 100644 index 0000000000..86b3aa6467 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props @@ -0,0 +1,31 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props +aaf_component=AAF_NS.gui:2.1.0.0 +port=8200 +cadi_registration_hostname={{.Values.config.guiServiceName}} + +aaf_gui_title=AAF +aaf_gui_copyright=(c) 2018 AT&T Intellectual Property. All rights reserved. +aaf_gui_theme=theme/onap +cadi_loginpage_url=https://AAF_LOCATE_URL/com.att.aaf.gui:2.0/login + +# GUI URLS and Help URLS +cm_url=https://{{.Values.config.cmServiceName}}:8150 +gw_url=https://{{.Values.config.locateServiceName}}:8095 +fs_url=http://{{.Values.config.fsServiceName}}:8096 + +aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding +aaf_url.cuigui=https://wiki.web.att.com/display/aaf/Using+the+Command+Prompt + +aaf_url.aaf_help=https://wiki.onap.org/display/DW/Application+Authorization+Framework+Documentation +aaf_url.aaf_help.sub=Bootstrapping+AAF,Installation+Guide +aaf_url.aaf_help.sub.Bootstrapping+AAF=https://wiki.onap.org/display/DW/Bootstrapping+AAF +aaf_url.aaf_help.sub.Installation+Guide=https://wiki.onap.org/display/DW/AAF+Installation+Guide +#aaf_url.cadi_help= +aaf_url.tools=AAF+Projects,AAF+Jira,AAF+Calendar +aaf_url.tool=AAF+Jira=https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF&view=detail&selectedIssue=AAF-134 +aaf_url.tool.AAF+Projects=https://gerrit.onap.org/r/#/admin/projects/?filter=aaf%2F +aaf_url.tool.AAF+Calendar=https://wiki.onap.org/pages/viewpage.action?pageId=6587439 diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props b/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props new file mode 100644 index 0000000000..d832aaf7e0 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props +aaf_component=AAF_NS.hello:2.1.0.0 +port=8130 +cadi_registration_hostname={{.Values.config.helloServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props b/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props new file mode 100644 index 0000000000..47a174ed44 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props +aaf_component=AAF_NS.locator:2.1.0.0 +port=8095 +cadi_registration_hostname={{.Values.config.locateServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props b/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props new file mode 100644 index 0000000000..9f10802821 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props @@ -0,0 +1,51 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender +log4j.appender.INIT.File=${LOG4J_FILENAME_init} +log4j.appender.INIT.DatePattern='.'yyyy-MM-dd +log4j.appender.INIT.layout=org.apache.log4j.PatternLayout +log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n + +log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender +log4j.appender.SRVR.File=${LOG4J_FILENAME_service} +log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd +log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout +log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n + +log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender +log4j.appender.AUDIT.File=${LOG4J_FILENAME_audit} +log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd +log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout +log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n + +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n + +# General Apache libraries +log4j.rootLogger=WARN.SRVR +log4j.logger.org.apache=WARN,SRVR +log4j.logger.com.datastax=WARN,SRVR +log4j.logger.init=INFO,INIT +log4j.logger.service=${LOGGING_LEVEL},SRVR +log4j.logger.audit=INFO,AUDIT +# Additional configs, not cauth with Root Logger +log4j.logger.io.netty=INFO,SRVR +log4j.logger.org.eclipse=INFO,SRVR + + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props b/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props new file mode 100644 index 0000000000..82e80c716a --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props +aaf_component=AAF_NS.oauth:2.1.0.0 +port=8140 +cadi_registration_hostname={{.Values.config.oauthServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props new file mode 100644 index 0000000000..66bfd2fad3 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props @@ -0,0 +1,11 @@ +# +# Define Organizations for use in some of the components. Not all use them +# +Organization.org.osaaf=org.onap.aaf.org.DefaultOrg +org.osaaf.mailHost=smtp.mail.att.com +org.osaaf.mailFrom=DL-aaf-support@aaf.att.com +org.osaaf.default=true +org.osaaf.also_supports=org.osaaf.people + + + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.service.props b/kubernetes/aaf/resources/config/etc/org.osaaf.service.props new file mode 100644 index 0000000000..ff3e0b5c33 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.service.props @@ -0,0 +1,8 @@ +## +## org.osaaf.service +## AAF Service Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props +aaf_component=AAF_NS.service:2.1.0.0 +port=8100 +cadi_registration_hostname={{.Values.config.serviceServiceName}} diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 new file mode 100644 index 0000000000000000000000000000000000000000..63aedd256025d80e76cbf38295256c0508b0c05d GIT binary patch literal 2818 zcmY+EcQ_l27RHH0h#EzUs8zlqsMvdtP6V1+ABnjYLZrss2H(oRE^rJM)>Hm zsWw^_YOA8O2)%lrd%t_X=RD_}=Xu|A-amhEG~^UOO9w|o+UOZ!DMl$jm}$YZL^Pxd zh=!D($;EIqDCi#+$Q6hNIiAVLv$mmU`p?%n2rYn!1|GrDzyr7#J>P=E(^zDL1qn++u8hp(L}Req`>f5oh2{^7V;h;@I#R=-4yStU zj$830f2|i$krp%;UccRwBQr|NeiJ8Dil$6HSGqa7-ftGmWg1Roh%!i#`k!!GZP zWHf(bMjeGc!ANrD>v}iQ_&>kbrS_s6n;}NLWa__7x()+xfKKA%{Ac5+p-!qF^b`^TU z)%iXJ=$5b?8n(JeP0;lc&JCr79|aAwc)i>dPGVy-hKa?4 zFPs0}TgK0*MB)lQUr&h%Xg2+-?Bqot_0PiqxD}n@HpyHAX%qllWg-?GWjhv{4h^e<3)aZ@T=8_5Jq78|`NYfD1b??jMR{mH_Q9YdLG@Tk_n@lrQ^2qdYnOGDdsJ8}T6tsIo ze}J(_wQ3fZ=e8*ii(dVNQeLQ83^S?si(fG)v&Io8>p4}o18wrYj1|wVYaKe&Eheao zC*MmK6GORnu6rUt}^HGlCuKkWw2a8^|ORqeVry;qeD8I znEDqfb|Inpb#uQo8iiAAyrFJ7H}uSJ)cf;=gu9Y#PGcMaO=WeYWvWa$Q=1WUKd!D8%yT3Y&xle@IqtzKdEADC7G z^CdANP17-5VPEaJj!B4w=h)yb1LD&AfKW+qH5L`YKjPX${8Hcaci-2{5t#4Fv*x8M z1G7YMs1t@S-50rMCQmks*QyDX5V`z0dTs{KoJb36O1k`z(DS+R%ldX~e}bXC7r&-X zMb;bY0_|8Q(d=UWI9ZD2ey8Zo)$N3a(PjQ2d=j-r{!UdEF|4Ws(tCGwkZm*53`UNT z?athYX;&C2hHEv*mmnMGam8tqNa8Z~R8mG(rYy_G1V@@-?s1c(wsJO7 z1X_ozZK6|Ogkh#cE}o9~Nhy(*Q3hqRNB(rG(CiMuED>+2kMIPH*s4nF23~cMF@y{K zO-e>i8BTt78uzpEqH(41qzU}@bpQX83o@KQc3a=TTY@qQvhoUwDoSv;l9I|9Rwe$< z0n-!Fpi5^GH-MJrY@Pp~L;DZR(*MTnnuPY(lX&cTuEm=r7(Eu&sR|wVZ_Fm3fwQiY z@|`+b85wTuI4=SGvVL-51WaO5xdJh(FwOUfbqmiVb+U1*?YT`6&sR?g>Pn_PNb1<7 zl0~1qR!F&dS!{z-HaVcX;kr)WM!2O;@T<~Y>k-9PBQ-`9)PgW8Vr1rYsav#znq8Ar zlX-ReJhc;V-nfCL2Xy)xM#@d)P%IsOk9G5|F6I&Ps|#ClRt8uA;p(W5o>)i zx8aJ+gqYB8dmmnLMD9nZ1;4(rt*2*vY0r7W0>~boq~cJ(|FizP(~-~O#}?_G9#)~j z>h^~Qm{B4V!j}Hi%)Ihns66LKb~DGQ!9Yxd>78flqzi6in#^@>k2i9VMU!uVG5MN= zOjU_HO|Vku!0GF`eQ`tcmG3T?McYX3_!)@3w`x_1d(ftTfiF3Jt|mCTBAR2Jz~Q;R z-hFY@nF_M>InVU&XH*fM;x1R{|D;TDO-w?WN0%#l$4nx@gjS_BzGXNASv-uCQlSzo zQ;kM{82o;BuvoUBz-Ua4lHfErV($nXDPIlez@HaDZyP0 z|zsd8zW9^mxSaM8V09u)>KUMgK{E>0OyJKDg`n{7Be?j!W+foizUxyP4DBFAM01 zco_nM`OQ6^wtng`yEhRuM!M53#FNIE`pBQAsa`d;;0|NCfNoFnYYQ)BkU1ZDOz7kE zOq4v>9y5j2pcykC<%phW-8Xg5P!;wplhP!)2*gWR7`Pg2V{DzA!Y|KJyA%quDpb@k0TLodCyR6L}l zm7ivuP#QAQP1+*Ge9LmOYK?CHOzf$U^{SH>-f#LbCVCib^-diQQfhas_*#M*qv0BGAvhyFNP>k9 z00q$iIm@Mujfy4R>nWvHjd|u@DlDp?UO-O2y3Zr4M0+<9)eSJ%^CD{cRciNdH2w<> C<0@YO literal 0 HcmV?d00001 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile new file mode 100644 index 0000000000..7206ad9325 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile @@ -0,0 +1,27 @@ +rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0 +sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng +tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF +Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz +AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb +yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By +qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL +y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco +6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj +4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz +-KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f +Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC +kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR +PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3 +YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg +yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN +jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_ +biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1 +ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My +c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf +GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE +G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw +BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS +acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d +QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_ +2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im +3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a \ No newline at end of file diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f40a7556dad00281f8cc75c49891b83c493bbbf2 GIT binary patch literal 4140 zcmY+Gbx;%xx5gJ(YKa8|k?yVq>0E)OB?JYeU67IvL6KNs=@3C+Q9|hs3CX2<>Fy3G z3Bg6+`p$g!zTcfQC+0b4&Y#cxAP5RxTpTK+wOEJT4C4ZQUm_|>~G%D6aEEH>QhC;d|3vH1~@F{VT_18fdA209Tmfxwp4f(wg ze*gUL*}*wa5YYk?XboSX!(3Vdc@!}j39qZ+^65ywI;xUFrkoIWZaHY*B#ty$<`l_% zrvmk(77;wI#bfDX4#8henOq@&0iE(0s{6AozjYmQ4YoVT0~slW49~qHPTU3-{JVH4 z+FJ@%5AJq?alPflMT*h;bilf$hUE~KMQ1egK|&|hV z23<_Ak2;m!9bn=@A?W(!ts}en>K<}VMLDi$q9^p@WR401nou7WBc7$XEpL&-t%Olp zf`5q!@g?(gQ$#-6qO+2mhbeMT2z>c2FXF#c zDI#NnpS}Lz#c&7nhcJ;hWqi5XE3WGuf!2I^gF58w!>=g_`qgo~7G^4kMfd2i$i<7I ztgqUPUW(GU8Brv!5p zkvO$YcYbs=^_a82Y>dl#L_7L~w*TyMP!OD8+p56xNo?9pos2j#EgrWxu2V(Mq$G}P zrqq^|>-QLdQSnn}TWA~?$826Q&T_~JqW$0$=Dc8(u)nBj6VdXott%w32n2D-u z?J?C7c--VZs~4KefkA;9egpe@F8Sb^6r*13aNAlYPBDj?YN~oA4z(>(b7KS6X=v&6 z!DF7V@=md_)Y*d>2gR{(lJQVlv%9-A77i<5leNg_bAc4N>Zgrp`6`nqFA7CZ4#w%b zzwvF#!PrZQH#mZUL)5>%g~8LfV9V`2F9t=B3|Kpq-7i5_Yw ze60v5nq6l0wdN2)Y_-STYnR=nk!`^ z-`?{-?Md7E^QJ}2rX5Iow{UvjgB33znc9!8f>cw3SKhFyNl6-~E<}8< ze<0bAZcZ)eIc{6O*ZS+56lu#QU#A7^6}aAdHgp5G5v*XpmJZ5vEr@tQtDjse!WLA= zZf?uhmx;{YMmS0x`p`)?`pT3LUtZXqjCg|H8%9Z-{wZJ@iJ|S})uc%2=u)i=L}3)1 zmJ#_^)cnwrHlAgQh;C_&{c;J}3>$DL-HRD2#|%C7Zm=YxjB zs)`!w4Q;~IyDKfiCb%i{>__An@@j4&l09Uup!!lN8fDF!vA34&rj>wYZC}%GO;vbUOL| zpmNY%Tt*$H^cw@3f41@_6W%Q>o|xfouQla9;*e<8V`QSCX8CHg>meHAS+xJ1r?}TT$my6o=Y@v*o+*le|uS{}N@PC-=c&cuGWj z8(jz`cD1{7GvsB9NDJ-Jud1-uFM9O=eJ>!2X?+l!z#cK@@9rTu0l;m2(bq&T z8-)rL%|F7(BNNfa=j6_zUAUo^Xc zjOavfY`59_y6S39S@<6E&x$pxg44PM(`kc z#vGf8lWqdaI&g2nzD&>#YC#*N$9oY#xqk9U*AUFytqT3n1j|cano958k{I>PZ@goW z(EwKoy7CyGB_}TeDVu`UzxPUBr>XjDmaGmOpz6+MDRwsW#+dE_PwXZgtlJC^=H`92 z3$2gIxCuNJ4dpGW6y{A^Cs+^s-mBhS7jK+ZD!KF5c(&A2rH%8YhCmjc{7AQvylgl* zyRbldz(hLdm{7WN*C*92dUx2MWk zI1ME8iPhdX_rpIme;^3_;Qs>0Yy`ds5P|RVS9biHb_68+Uyk1|E~vtkehJ>u7H^mzlczuBb!^5?h$PSj@#DxtZA&OiP(tl0 zaY^2?A1=!bE8)~W!~er{n4c;~LCtGAP571+p(!6JD-+4E9yBpzU%#ps<58SxT~1_d zi6?0_o(E;?*53&ql+H74VxJ>eh)l3`JAD#Rj0>808WrX?!Fey;vEv|>T_A&EAN6cp zz*|)Jo`JQqDKO9IGJ%Y4Yv7^T3Wk4uc>kB>;qdGLwjmL3M9*R#JR<6~5f0@vVMa%< ztd-RW3SrX?AHJkAQrxX%40`K>W!zj7_vywo*7i@bl@V9d(8&r2yj9UJAvK1go2t*3 zDDhOt=yTo4p$XAE&vAl2P{`TDS^7PisU?zDWx4|Z^E`%%ci=@Nm#B*5H1B5M)MQck zhg^3m=Gq&BLBk(70RxTGOZit{ZdKP;y%E<~StkzRUQYaPA_ zex5u-`dTngqM+mq#Ak2V*3CRQ$N({VEsBS-Z`Xn+I4l_NMh;A4qZXQ?xY}TruLM3yobxQ?lOXmZvNovv`xa-RpXREiUQ%v~hrB}!3ur%J6t=4{M z+S==v2KJp^uleLko0t(wba$R?t(E3F_8m*`E)2$_xK^ytk@sc9co$>x%$8XRPTPZr zWV|xn-YGts2byq6Iqe?voN+71`jpC#rqt;fH?2~0b5Z%7vy8^eYwze^RIOXA*0#W) zjUu5x6IFPfK5pxWW$oVnF+1uIChe9vjy9v0qhmC2)vwWNw{(`oGd|J?#TdDU@SqF) zl@b{G@Flgkl}!dA?NhJCE&X*b7kpIibH@mK<~k+slNyzUk&08(1d84Xn5@1-fE^7d z9fGFT9^T_pkKSZ*uP@*v)iR)`|b#DV@W4R5P(jlUjSr4gJG1(T>V_XVc6x3($&_;$A$nc!%APfK^$7KHpC7{4m literal 0 HcmV?d00001 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props new file mode 100644 index 0000000000..37a9d62711 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by jg1555 +# on 2018-02-21T10:28:08.909-0600 +# @copyright 2016, AT&T +############################################################ +cm_url=https://{{.Values.config.cmServiceName}}:8150 +#hostname=aaf.osaaf.org +aaf_env=DEV +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile +cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 +cadi_keystore_password=enc:fDY3WPPqHCMQaZdox2UfpRoEq6b9wUqS-aepo0NiqEFa2t7uYHBdxfQAuEwj9Lwb +#cadi_key_password=enc: +cadi_alias=aaf-authz@aaf.osaaf.org +cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12 +cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d01e8569ab666627d172c0ad3d1d64232e46b66b GIT binary patch literal 4180 zcmY*bcQhN0w+~{3n$_?l_K29V_uh>XLG4Xr)hen(L$smxmbP|jQG3^{(W*`C(JHlR z>{;sdd(M0B``)?do_o*dbMO80em-z41Co@4431?0Q-FkV2DnpN5=xRhECVGF%kUSb zzlLKe=>MfC@~{*DIF|g9l;ods{4YZShfq-e_k|lI6mU8qRi#Cc&l>j#A1NsnARJ5n zRYr|}I6A&`sceT?c~Xa%Qbsb4mtYh?xCzb8K&L6GhHf=>&gvf6leiVj4~+d#hkv5q z8m~kW5py*Q9I%Lxwb2C4!w1Wxp$Xlm0ztJ>!K2d1I`h>LbosRGj~__%E)SeI<~JGItgPSs$rzmTm4cL`pe&v2UZ5?w z&6YK&Aw!efgZAhlP|}s!5N?-QCv)}F@v=3KAo=yl@VU{%>Y&*pE-B5L7%b<&^zV_3 z*prmhWd!WvN+D*@ZD%`fd-7t0$6Jt?Xcu#5w>%WLDsb3P|QOIg5QVRTZWshVo zs7m)Zb?9W4KzPlx7O?S5%G~9LQi=o2>9?|0UA&y0H5pz32yC0Gj;B*q5h6Nb%|yFT ztgKI4!r33oEWR!(84BbH?o{k4mV1O46ZW0^_*DGDlZV?Y!|nNTxK_NmFmL+-B+NIs zC&o_6;~|J0O1Og}wP*7={TAfPThp4k8g3Y5;PN~Pj@5`uM$&?w%mg0T2(}-VTn@rG zn`rc-ZrakBQ6}nFQ{KsSs?{H~=*L6Vw8mZ!ab_$qL_@P86(5US)oU6aSDLZ+GIM?+ zi`vs(>P9LLNp64;llG);)is#I(m9-U5NlUNf?hrhWuGZNvTU<9m z$UknB88IbR&@Ht+H#?Opc8EQxGd!U>=JY9^Hgo6jckV2JnX#{IX)0X3~h(~-$B5vFmBz%j}~_s=tkn!Vk|;(Y(-EQyfczCmg^}M+R{dJJ=9`*tVpJF z8N}Ec7qT(;2)^J8mYhKH=k9-9mW3PG?-uLH-2<|Ch|H{i2scsgr2W|#G%3Bsn_mZW3L=zbq-|cqXFw8 z^i;Gg-jf*idx-L$nuL6v;qW{2-NBKf4|$ARB zYU_DNZc6Dl*r+BeUbA^=<^QC}1#{$f#TcX|rk-by9Q85qwN?8-uUe<92FD4DYaUCl zgxQhoO?=KZqv{plOOrfO0-m-fbNwS|@aqZLdX;+pSH=Y7+f1>PmSckYeH2Gx@=m^i z=L?BF^;Wb~4RFd&Z6p1ht7bo#Z~LV3s9+{KTC*t_H^w3~`~I2Vk;}$KLw7;p#`3Yx z$0yUJ?sisLuckd_c;W@i6NG8M&&Dfpx&^UB#Sd%8N{D$s2RI9Ub}1{rj0fE3Uydzg zkvtJK%C&Fc=ry0HF0*ms-%HFb1)5vduRh9^oMZ2EqKX2I;C z`WBPbZmd@Mq5K*krT5S`YQPHIvc0sd*U!vija2rzcwrGY(_{_PI)uJ?nbMQysUcizjeq*gp}Gp496(xdIun(bCB$ zhF8r@s1}(3Yj=mn)JvCK_^CniMhr}KKwH3_SFv&Jsca5QZH9V;=A_vrbxgcw%<{YD z9#5WK+@3uGAKpY$WPKw5N+*U+NzeyvpCJl%Lc~Z|`jxt|YnO{+VXR>AvP?a90*1vF z0SrNj7vt$u78!)<(`-68MlBz~;8@Vc|9Sj*SkNpG3!3~3kNwRd3Y!0s0csM`zohS9 z(Ch!H1KB_7fQU;enR~B2^N%|GT{rkubzHx;c--#wi!V0Od9&S9l0`LLF201dAa5-> zMWc3if44g+{8KTcoGtg&_8v_)I%nC(|AVumB<4+J9}i~X>8hYvtOAE>n(gcRfZeJx z5~n^=%>D6imGfwR(?hcE zi)dJrS{YbovxTpnfcp3>Z_m}~aGOHkRlJ08N|$OvCRunDJ#i=msfdspb^ml0a>?=j zmo!${9zg0~?$RS{#P;A8!o$OGs*X-T->l&7W3Iw+wpsbt>TCGQ{XAGTtz0K_2DJ?-owu8g43Avvy0;=A<@5 z@91#)0S&`UXeKkR+DzrlF_Q8f9|~araXCSPCa}_oVWgF;2FF>ZMXdMppKS)>LzLsq!l) zg%$&{N#-dJX{$FTS!+Z2eGg`j2O}V*qTv@O-Wlr+)OnV-FoC7orhy$jn_{Xa;q~ed z`}r$iY#ZbB??$Ke*cpkue&Am>K)05NXn_W=#^1>pEJcmne^6o^^0|k8J+d;>pl^$B zRzzis_Dj!Ff+r$7@0!h+oXsJ^e#2VaB0QWU{f;cL-{hf`KPKH7Yn)H)4wLmAsmApb zjZBt6di=JIUk5kT{AAECkgo_8TD&WTqp!GriML(p=!K(yB2wLC(kPhc-+B$uL|xo| z8&Mbl`HiGG+@u`*HLyJ$XXM*=5VINMEj6`0CW^X#pv}z0tvinY(de3aeo^XFQ2P`S ze5-M_TE|iJ2bz}U=F0I`OG(?U+b^Eu^mh%8Bm%g(Tq9OeJDbGn^i^=bDCW28f+*Ab ztSl+lr|E`Sb5D;LTJGUS-G&Q>C3-V;jGp;~7;O}BZ?$ih?h>7(t_oHup`65qRQyDL zmfP6tlM~gBnStP7cRzo948vkI3zF*lV;tMWONl;G4x#UOo5b23#yFmN&EGOTE2gJ3 zes*5Hg_GJzVjeHbe1g(j9}p&KKJ({Ob1WUCr!Hj00y4AIzeRl57mst#W@6O`xvXEi z3kapSLLV|a_=k5z7>d&c)#*;UKp7kc6DCz&|2ha!zWt7|3|J-VsPMVFGJRU@qc7j# z=stKnr$llw^b#C$&9t${ciSKhbPSpQ!L)80aNo!*6)3@Iq&Tc*SbNeQw6j!qlglga z8zhSVM|uOBl0*nan= z91{h?9bCle^C7pN29}U~r-x*4>Xw{QP4CA*0=aD~<$leTYBmNi=RjZJZ`{wvlLmPt z-K*g8i1{!8x09j&vfBV0c|RfP!?N$nq(xWj$N;3y=$-QmuQp)t>G?Trzu4goK~sqX zjaKj4H1^jrJl4zw=g7g&E6Pp_md`%8+9aMke#C86=9#2DxdXR#^ss6g6c5WmK`?)! zcc*QUf)lo=|J>b>P*PW`DT;UOUl(?SRbaD?!~;}ojg*n93jY4#JfRPqW9+y015yoP z#p0-9RUXl>l&XVh_w;C1v$^(NxI|Tm{X|e+d1m0b&#GOdwXU|JbXgIIG?_ZYe*24e#X-16b48r3MbWLq0wF%h0Rve7GJDhRRqWJA#seqB zreFLIN1c|=szULwtpTMk(8!=K@o7oPNSo|#@;$3ttOS%&Oh1&DBm0TU4t9PWo$Z43 zTx*MrJYc(6oZO@txanrW0caj=c=$7GHyu0wo6B15L<(h#hIuIwJS>DQd$L#`QMaq` z;adpXjEP~E2*;bj5(kCa4!0$^avPKTJjr|z{lW}Z_hJ5H&yyq4+g!BBng@VWx{3<2 z+(W$TJEy9koC;%?xX;Ggjr@#?TX({32MpR(=pSYb3R1K=?7jM^49~1JNfgGv_vl40 zut^*AQada;Jq2v=99OFM8wU=yZPEI8VHfzs%H{K^tt#FGvmnC=cC?yh62$hMW(_}$ zS;4X7m4NmI8D0R1@&u@CE;}C{H>5g)zs5&#I6T~Avi}mr7DzX?R2~!Zd6n5kmJKf!{{p!wVEWG)qO25n(?hkrn zz#j%mTxL3y{}j=|{mve4Ff#-o!}+^lCJj*=hpqYjanX0JXP>iUv6-1}vxT$Y@MSh5P3Mu}*Mgw_T_sMK z*U|CDyCa*+KYWv4|V_R|wBa;|rJQ(0V_`H*+BrUUo1ljA;o`2WA?6^(*R$goQ5t1H-W(9Z2 z4X8z}7!z?!N$V=GUeG literal 0 HcmV?d00001 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f40a7556dad00281f8cc75c49891b83c493bbbf2 GIT binary patch literal 4140 zcmY+Gbx;%xx5gJ(YKa8|k?yVq>0E)OB?JYeU67IvL6KNs=@3C+Q9|hs3CX2<>Fy3G z3Bg6+`p$g!zTcfQC+0b4&Y#cxAP5RxTpTK+wOEJT4C4ZQUm_|>~G%D6aEEH>QhC;d|3vH1~@F{VT_18fdA209Tmfxwp4f(wg ze*gUL*}*wa5YYk?XboSX!(3Vdc@!}j39qZ+^65ywI;xUFrkoIWZaHY*B#ty$<`l_% zrvmk(77;wI#bfDX4#8henOq@&0iE(0s{6AozjYmQ4YoVT0~slW49~qHPTU3-{JVH4 z+FJ@%5AJq?alPflMT*h;bilf$hUE~KMQ1egK|&|hV z23<_Ak2;m!9bn=@A?W(!ts}en>K<}VMLDi$q9^p@WR401nou7WBc7$XEpL&-t%Olp zf`5q!@g?(gQ$#-6qO+2mhbeMT2z>c2FXF#c zDI#NnpS}Lz#c&7nhcJ;hWqi5XE3WGuf!2I^gF58w!>=g_`qgo~7G^4kMfd2i$i<7I ztgqUPUW(GU8Brv!5p zkvO$YcYbs=^_a82Y>dl#L_7L~w*TyMP!OD8+p56xNo?9pos2j#EgrWxu2V(Mq$G}P zrqq^|>-QLdQSnn}TWA~?$826Q&T_~JqW$0$=Dc8(u)nBj6VdXott%w32n2D-u z?J?C7c--VZs~4KefkA;9egpe@F8Sb^6r*13aNAlYPBDj?YN~oA4z(>(b7KS6X=v&6 z!DF7V@=md_)Y*d>2gR{(lJQVlv%9-A77i<5leNg_bAc4N>Zgrp`6`nqFA7CZ4#w%b zzwvF#!PrZQH#mZUL)5>%g~8LfV9V`2F9t=B3|Kpq-7i5_Yw ze60v5nq6l0wdN2)Y_-STYnR=nk!`^ z-`?{-?Md7E^QJ}2rX5Iow{UvjgB33znc9!8f>cw3SKhFyNl6-~E<}8< ze<0bAZcZ)eIc{6O*ZS+56lu#QU#A7^6}aAdHgp5G5v*XpmJZ5vEr@tQtDjse!WLA= zZf?uhmx;{YMmS0x`p`)?`pT3LUtZXqjCg|H8%9Z-{wZJ@iJ|S})uc%2=u)i=L}3)1 zmJ#_^)cnwrHlAgQh;C_&{c;J}3>$DL-HRD2#|%C7Zm=YxjB zs)`!w4Q;~IyDKfiCb%i{>__An@@j4&l09Uup!!lN8fDF!vA34&rj>wYZC}%GO;vbUOL| zpmNY%Tt*$H^cw@3f41@_6W%Q>o|xfouQla9;*e<8V`QSCX8CHg>meHAS+xJ1r?}TT$my6o=Y@v*o+*le|uS{}N@PC-=c&cuGWj z8(jz`cD1{7GvsB9NDJ-Jud1-uFM9O=eJ>!2X?+l!z#cK@@9rTu0l;m2(bq&T z8-)rL%|F7(BNNfa=j6_zUAUo^Xc zjOavfY`59_y6S39S@<6E&x$pxg44PM(`kc z#vGf8lWqdaI&g2nzD&>#YC#*N$9oY#xqk9U*AUFytqT3n1j|cano958k{I>PZ@goW z(EwKoy7CyGB_}TeDVu`UzxPUBr>XjDmaGmOpz6+MDRwsW#+dE_PwXZgtlJC^=H`92 z3$2gIxCuNJ4dpGW6y{A^Cs+^s-mBhS7jK+ZD!KF5c(&A2rH%8YhCmjc{7AQvylgl* zyRbldz(hLdm{7WN*C*92dUx2MWk zI1ME8iPhdX_rpIme;^3_;Qs>0Yy`ds5P|RVS9biHb_68+Uyk1|E~vtkehJ>u7H^mzlczuBb!^5?h$PSj@#DxtZA&OiP(tl0 zaY^2?A1=!bE8)~W!~er{n4c;~LCtGAP571+p(!6JD-+4E9yBpzU%#ps<58SxT~1_d zi6?0_o(E;?*53&ql+H74VxJ>eh)l3`JAD#Rj0>808WrX?!Fey;vEv|>T_A&EAN6cp zz*|)Jo`JQqDKO9IGJ%Y4Yv7^T3Wk4uc>kB>;qdGLwjmL3M9*R#JR<6~5f0@vVMa%< ztd-RW3SrX?AHJkAQrxX%40`K>W!zj7_vywo*7i@bl@V9d(8&r2yj9UJAvK1go2t*3 zDDhOt=yTo4p$XAE&vAl2P{`TDS^7PisU?zDWx4|Z^E`%%ci=@Nm#B*5H1B5M)MQck zhg^3m=Gq&BLBk(70RxTGOZit{ZdKP;y%E<~StkzRUQYaPA_ zex5u-`dTngqM+mq#Ak2V*3CRQ$N({VEsBS-Z`Xn+I4l_NMh;A4qZXQ?xY}TruLM3yobxQ?lOXmZvNovv`xa-RpXREiUQ%v~hrB}!3ur%J6t=4{M z+S==v2KJp^uleLko0t(wba$R?t(E3F_8m*`E)2$_xK^ytk@sc9co$>x%$8XRPTPZr zWV|xn-YGts2byq6Iqe?voN+71`jpC#rqt;fH?2~0b5Z%7vy8^eYwze^RIOXA*0#W) zjUu5x6IFPfK5pxWW$oVnF+1uIChe9vjy9v0qhmC2)vwWNw{(`oGd|J?#TdDU@SqF) zl@b{G@Flgkl}!dA?NhJCE&X*b7kpIibH@mK<~k+slNyzUk&08(1d84Xn5@1-fE^7d z9fGFT9^T_pkKSZ*uP@*v)iR)`|b#DV@W4R5P(jlUjSr4gJG1(T>V_XVc6x3($&_;$A$nc!%APfK^$7KHpC7{4m literal 0 HcmV?d00001 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props b/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props new file mode 100644 index 0000000000..17f238b851 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props @@ -0,0 +1,29 @@ +############################################################ +# Cassandra properties for AAF Components needing +# on 2018-03-02 06:59.628-0500 +############################################################ +# LOCAL Cassandra +cassandra.clusters={{.Values.config.csServiceName}} +cassandra.clusters.port=9042 +#need this to be fully qualified name when REAL AAF integration +cassandra.clusters.user=cassandra +cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV + +# Name for exception that has happened in the past +cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" + +# Example Consistency Settings for Clusters with at least instances +#cassandra.writeConsistency.ns=LOCAL_QUORUM +#cassandra.writeConsistency.perm=LOCAL_QUORUM +#cassandra.writeConsistency.role=LOCAL_QUORUM +#cassandra.writeConsistency.user_role=LOCAL_QUORUM +#cassandra.writeConsistency.cred=LOCAL_QUORUM +#cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM + +# Consistency Settings when Single Instance +cassandra.writeConsistency.ns=ONE +cassandra.writeConsistency.perm=ONE +cassandra.writeConsistency.role=ONE +cassandra.writeConsistency.user_role=ONE +cassandra.writeConsistency.cred=ONE +cassandra.writeConsistency.ns_attrib=ONE diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props b/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props new file mode 100644 index 0000000000..8843705cbb --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props @@ -0,0 +1,11 @@ +## +## org.osaaf.cm.ca.props +## Properties to access Certifiate Authority +## + +#Certman +cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc:asFEWMNqjH7GktBLb9EGl6L1zfS2qMH5ZS5Zd90KVT5B9ZyRsqx7Gb73YllO8Hyw +cm_ca.local.idDomains=org.osaaf +cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US +cm_ca.local.perm_type=org.osaaf.aaf.ca + diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.location.props b/kubernetes/aaf/resources/config/local/org.osaaf.location.props new file mode 100644 index 0000000000..fd52d6db11 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.location.props @@ -0,0 +1,12 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +#cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org +cadi_trust_masks=10.12.6/24 +aaf_locate_url=https://{{.Values.config.locateServiceName}}:8095 diff --git a/kubernetes/aaf/resources/config/public/AAF_RootCA.cer b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer new file mode 100644 index 0000000000..e9a50d7ea0 --- /dev/null +++ b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/resources/config/public/aaf_2_0.xsd b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd new file mode 100644 index 0000000000..59d4331b22 --- /dev/null +++ b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd @@ -0,0 +1,527 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/kubernetes/aaf/resources/config/public/iframe_denied_test.html b/kubernetes/aaf/resources/config/public/iframe_denied_test.html new file mode 100644 index 0000000000..613e9c70c1 --- /dev/null +++ b/kubernetes/aaf/resources/config/public/iframe_denied_test.html @@ -0,0 +1,10 @@ + + + + + + + + diff --git a/kubernetes/aaf/resources/config/public/truststoreONAP.p12 b/kubernetes/aaf/resources/config/public/truststoreONAP.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d01e8569ab666627d172c0ad3d1d64232e46b66b GIT binary patch literal 4180 zcmY*bcQhN0w+~{3n$_?l_K29V_uh>XLG4Xr)hen(L$smxmbP|jQG3^{(W*`C(JHlR z>{;sdd(M0B``)?do_o*dbMO80em-z41Co@4431?0Q-FkV2DnpN5=xRhECVGF%kUSb zzlLKe=>MfC@~{*DIF|g9l;ods{4YZShfq-e_k|lI6mU8qRi#Cc&l>j#A1NsnARJ5n zRYr|}I6A&`sceT?c~Xa%Qbsb4mtYh?xCzb8K&L6GhHf=>&gvf6leiVj4~+d#hkv5q z8m~kW5py*Q9I%Lxwb2C4!w1Wxp$Xlm0ztJ>!K2d1I`h>LbosRGj~__%E)SeI<~JGItgPSs$rzmTm4cL`pe&v2UZ5?w z&6YK&Aw!efgZAhlP|}s!5N?-QCv)}F@v=3KAo=yl@VU{%>Y&*pE-B5L7%b<&^zV_3 z*prmhWd!WvN+D*@ZD%`fd-7t0$6Jt?Xcu#5w>%WLDsb3P|QOIg5QVRTZWshVo zs7m)Zb?9W4KzPlx7O?S5%G~9LQi=o2>9?|0UA&y0H5pz32yC0Gj;B*q5h6Nb%|yFT ztgKI4!r33oEWR!(84BbH?o{k4mV1O46ZW0^_*DGDlZV?Y!|nNTxK_NmFmL+-B+NIs zC&o_6;~|J0O1Og}wP*7={TAfPThp4k8g3Y5;PN~Pj@5`uM$&?w%mg0T2(}-VTn@rG zn`rc-ZrakBQ6}nFQ{KsSs?{H~=*L6Vw8mZ!ab_$qL_@P86(5US)oU6aSDLZ+GIM?+ zi`vs(>P9LLNp64;llG);)is#I(m9-U5NlUNf?hrhWuGZNvTU<9m z$UknB88IbR&@Ht+H#?Opc8EQxGd!U>=JY9^Hgo6jckV2JnX#{IX)0X3~h(~-$B5vFmBz%j}~_s=tkn!Vk|;(Y(-EQyfczCmg^}M+R{dJJ=9`*tVpJF z8N}Ec7qT(;2)^J8mYhKH=k9-9mW3PG?-uLH-2<|Ch|H{i2scsgr2W|#G%3Bsn_mZW3L=zbq-|cqXFw8 z^i;Gg-jf*idx-L$nuL6v;qW{2-NBKf4|$ARB zYU_DNZc6Dl*r+BeUbA^=<^QC}1#{$f#TcX|rk-by9Q85qwN?8-uUe<92FD4DYaUCl zgxQhoO?=KZqv{plOOrfO0-m-fbNwS|@aqZLdX;+pSH=Y7+f1>PmSckYeH2Gx@=m^i z=L?BF^;Wb~4RFd&Z6p1ht7bo#Z~LV3s9+{KTC*t_H^w3~`~I2Vk;}$KLw7;p#`3Yx z$0yUJ?sisLuckd_c;W@i6NG8M&&Dfpx&^UB#Sd%8N{D$s2RI9Ub}1{rj0fE3Uydzg zkvtJK%C&Fc=ry0HF0*ms-%HFb1)5vduRh9^oMZ2EqKX2I;C z`WBPbZmd@Mq5K*krT5S`YQPHIvc0sd*U!vija2rzcwrGY(_{_PI)uJ?nbMQysUcizjeq*gp}Gp496(xdIun(bCB$ zhF8r@s1}(3Yj=mn)JvCK_^CniMhr}KKwH3_SFv&Jsca5QZH9V;=A_vrbxgcw%<{YD z9#5WK+@3uGAKpY$WPKw5N+*U+NzeyvpCJl%Lc~Z|`jxt|YnO{+VXR>AvP?a90*1vF z0SrNj7vt$u78!)<(`-68MlBz~;8@Vc|9Sj*SkNpG3!3~3kNwRd3Y!0s0csM`zohS9 z(Ch!H1KB_7fQU;enR~B2^N%|GT{rkubzHx;c--#wi!V0Od9&S9l0`LLF201dAa5-> zMWc3if44g+{8KTcoGtg&_8v_)I%nC(|AVumB<4+J9}i~X>8hYvtOAE>n(gcRfZeJx z5~n^=%>D6imGfwR(?hcE zi)dJrS{YbovxTpnfcp3>Z_m}~aGOHkRlJ08N|$OvCRunDJ#i=msfdspb^ml0a>?=j zmo!${9zg0~?$RS{#P;A8!o$OGs*X-T->l&7W3Iw+wpsbt>TCGQ{XAGTtz0K_2DJ?-owu8g43Avvy0;=A<@5 z@91#)0S&`UXeKkR+DzrlF_Q8f9|~araXCSPCa}_oVWgF;2FF>ZMXdMppKS)>LzLsq!l) zg%$&{N#-dJX{$FTS!+Z2eGg`j2O}V*qTv@O-Wlr+)OnV-FoC7orhy$jn_{Xa;q~ed z`}r$iY#ZbB??$Ke*cpkue&Am>K)05NXn_W=#^1>pEJcmne^6o^^0|k8J+d;>pl^$B zRzzis_Dj!Ff+r$7@0!h+oXsJ^e#2VaB0QWU{f;cL-{hf`KPKH7Yn)H)4wLmAsmApb zjZBt6di=JIUk5kT{AAECkgo_8TD&WTqp!GriML(p=!K(yB2wLC(kPhc-+B$uL|xo| z8&Mbl`HiGG+@u`*HLyJ$XXM*=5VINMEj6`0CW^X#pv}z0tvinY(de3aeo^XFQ2P`S ze5-M_TE|iJ2bz}U=F0I`OG(?U+b^Eu^mh%8Bm%g(Tq9OeJDbGn^i^=bDCW28f+*Ab ztSl+lr|E`Sb5D;LTJGUS-G&Q>C3-V;jGp;~7;O}BZ?$ih?h>7(t_oHup`65qRQyDL zmfP6tlM~gBnStP7cRzo948vkI3zF*lV;tMWONl;G4x#UOo5b23#yFmN&EGOTE2gJ3 zes*5Hg_GJzVjeHbe1g(j9}p&KKJ({Ob1WUCr!Hj00y4AIzeRl57mst#W@6O`xvXEi z3kapSLLV|a_=k5z7>d&c)#*;UKp7kc6DCz&|2ha!zWt7|3|J-VsPMVFGJRU@qc7j# z=stKnr$llw^b#C$&9t${ciSKhbPSpQ!L)80aNo!*6)3@Iq&Tc*SbNeQw6j!qlglga z8zhSVM|uOBl0*nan= z91{h?9bCle^C7pN29}U~r-x*4>Xw{QP4CA*0=aD~<$leTYBmNi=RjZJZ`{wvlLmPt z-K*g8i1{!8x09j&vfBV0c|RfP!?N$nq(xWj$N;3y=$-QmuQp)t>G?Trzu4goK~sqX zjaKj4H1^jrJl4zw=g7g&E6Pp_md`%8+9aMke#C86=9#2DxdXR#^ss6g6c5WmK`?)! zcc*QUf)lo=|J>b>P*PW`DT;UOUl(?SRbaD?!~;}ojg*n93jY4#JfRPqW9+y015yoP z#p0-9RUXl>l&XVh_w;C1v$^(NxI|Tm{X|e+d1m0b&#GOdwXU|JbXgIIG?_ZYe*24e#X-16b48r3MbWLq0wF%h0Rve7GJDhRRqWJA#seqB zreFLIN1c|=szULwtpTMk(8!=K@o7oPNSo|#@;$3ttOS%&Oh1&DBm0TU4t9PWo$Z43 zTx*MrJYc(6oZO@txanrW0caj=c=$7GHyu0wo6B15L<(h#hIuIwJS>DQd$L#`QMaq` z;adpXjEP~E2*;bj5(kCa4!0$^avPKTJjr|z{lW}Z_hJ5H&yyq4+g!BBng@VWx{3<2 z+(W$TJEy9koC;%?xX;Ggjr@#?TX({32MpR(=pSYb3R1K=?7jM^49~1JNfgGv_vl40 zut^*AQada;Jq2v=99OFM8wU=yZPEI8VHfzs%H{K^tt#FGvmnC=cC?yh62$hMW(_}$ zS;4X7m4NmI8D0R1@&u@CE;}C{H>5g)zs5&#I6T~Avi}mr7DzX?R2~!Zd6n5kmJKf!{{p!wVEWG)qO25n(?hkrn zz#j%mTxL3y{}j=|{mve4Ff#-o!}+^lCJj*=hpqYjanX0JXP>iUv6-1}vxT$Y@MSh5P3Mu}*Mgw_T_sMK z*U|CDyCa*+KYWv4|V_R|wBa;|rJQ(0V_`H*+BrUUo1ljA;o`2WA?6^(*R$goQ5t1H-W(9Z2 z4X8z}7!z?!N$V=GUeG literal 0 HcmV?d00001 diff --git a/kubernetes/aaf/resources/config/public/truststoreONAPall.jks b/kubernetes/aaf/resources/config/public/truststoreONAPall.jks new file mode 100644 index 0000000000000000000000000000000000000000..ff844b109d97cf4c452c1a275c50ca5e8acd59af GIT binary patch literal 117990 zcmdqJ1z1&U*ELLccc+xp-ZV%^halb3-JOD@grtO&G)i|%OP6#@r+|Qj0fOHG3_RyN z&v~Egf8X=J-{&P4tj*qg-J3PXm}8E6&UNwr;ynZe1QhUPb@iRV)x^=l$->Om$lAck ziOr17$bdrI(%4D|0s>O)wRC471gr)NCx{mU0vaCV4-F0Shq8vkgs5lL9|%d$^prrX z)3&#MQVK$aL%ba%74!)e5)u{`0_4{QMg}3mL94>RVMD1ZgYiMQmj_7LXllUul!5ax zQApbwv4HtOe3!pK#%342TmS_dg@TKrwS^Idf}@3vfuje7sEMPqg{g&+fwP63Erqa) zv$>t4g|i0*Gle7@m=DBr{c1415d#I7mzRg)_xA^$CSm7DVQ~F2PZMJb7bg=6J6mfH zFgb|y`n7mJUP7Vb=;Gu|ao@z*&CbyZM23&b%LC#B^MJ1YY2l-?@qlO(N)n#N`BjbV`H|&*u`}C4YSlT+?Pf zrJeyYCM-3kI!Ftqfh6+cvS%e8Fo)Q@Z4VP)Auw&d4#Z|Euy}`f+?@}VBl4PBUS|3L zE$a+y-Me9zLWi`8WIBX z=JJ5Rf(F**$nwQ!j6Ku|#& zLckDiHWrDQydSI+(m0DKSI-w?hQ&SHNB)N4oL+6Hq-XkweElu4xCin;moidngbvh9 zzUBgy*2nnUXc0UzPo%pVyP$dC^;BmcA=<9^=njihpliBfOlI6VU|!%lv}WMV76IJ_ zp#y&=Qfx@bZ!oYRXy6+N?eYQi%Lib93l((552R=?crZBq!%g|iiLi>9a@<(~9&aK@ zZ?6U3ylT*95FleH5KWGsIFuFEJr`&B9_m&5Ll?&duh4^`r;Y|`x)?EhHwuZTmC+V46VwF!ca=XMT^ryF?wvl$F?& z&}a>7SVWzqH!+5MN#0Gr$Kbyt@4utaKkzdUY5xH~^MJUn)7T7;`$eH|6l(3{2{4sUb0Kp_J>4=02l@d${!LEqT7I5w;YmV&TtAh z<(r09I5qX8e&o}s=)?fe4Glt`@Xn9x#*eGA9M0Z1)z1#fK~(iHJH6<(aEK@8<*yKf zf4+rwDksxHxyWD;#YSb|-x*A98}6ltN1-S-VlS`0y-Kn=;IXGMjrO`yJhqi-GZ~-p zAq2OlFuVIQ`^pgpkxwvF^T(4 zhD?^hpWqd#m4jqe6OqWks}=e@(6VMIu!>sy>ci5n2=}QxFl{m8fDnNdve+P0n zkPRFHBOIVv;2}|93_yCBIvLs^O^`ZB6%P>*AZ8}4W)`L(N)R~+9^fZ5Xec5WoT&9N zqM)LPNUQcCU(0bR0;Y$AEFc;@YIA32dp=fHYdbSLmLCwkq-0iCr>n;<-|13wTysi| z+o^?=WV$le#OrN%HdpwO1bD)mmlZ%Fa9JTCWIlf`gWg~=d$<ws{{)H_B;$zNRA;-8kgH5Mf|m#={-yZqwSw9v|5kC(sHEc#&7Unfhd z87;FPjYm(eRf2Kmr@(_^J@7%G{lsXsa+R|87Vo=rTvLf-V$5MVr)+PDF9PrL^bE&8 z2z_31R%awg^{eWjpN&g+VZT#E+6<3*Fflj39)2*vRu-_Kz7o~aoLSH!Kw3S{vprSz zfKT31D5}-e+Nj{&Ob*_$-$*Y8wpoheP z!N!67VWR=UbN^0wuqnjqX_1s{E4=Vcxo$2GZvL530Kzl;o$vnhoD0OqHCGY*%(+)u z640C1376w<6Yf8;27jnO69?2KaX7^7n zd@`;1dYK_tK%>w#d9dUmaUg03i2R5+hX-#*tt-KXw6MbCun%)|O>YvGUkP1_yekd& z#iQo*e04lcRmW2ESo_x%uUwKWo!H_=FvKue7X6Rl12>%S*f^{(qY&>=O!QKa8Zj`x z+10(@6Z@IcAcbQGwo7+co2YT8cWAJPtcu-+jj{(=}! z?F&`?h1sU&V4QB-K85t6lpSv@A%=F*aW|de1B)fI-)%vd(vr@3y^)_`HlIV+m?_U& zjj4hE>DB{@DC19U79p;Qt^%4mBCf%q2^OAG2TNI4#HPv4eGB)DYm+T{<@XJlL8=^S`buZl@m(k-;C`l_+7-&MR*U^*|C7qjTi)w^j z7CejeB7}My$AmGlwAV2dcEFu|j(Ajvi(axWLPookdL0ysR(9ouL1FT*C&l$rDZXZs zb+$%jl|MqFO*&b#U`-@tKAFj{AYCWECeHs*8|_Z5`j0y37|SlQm+sCVIDoRN+MFYxJFl#3T!=?zY@K^BlUjsbA zb)lYt)CM99>)C@@6v9&@&y8ocX*0ucrep~#6oefFgyih0gHUAN`i%~-#RZ}wASRH= zx9(X{IDI7rXX<15H*G|P>+6b<*C3D=3fC>U#p6_aP;N?AEw z5wD|GwuZAaQ}vOkmKCz4*Ycnp&B-%N7$sYIFB8^Cd@d=2x@czls6tzK_|Dq#onsiI zcl)nZAQUs6-0pqjJ}|Kz3`0=)rc^ql^e85&rgFmoee^NJrUKC#aeOLaX8rT>lyV5N z{b6)@5$j&0#y!zfK8F`QaayiZndn>)oABCHLQA&!Eqp^I1E zstL8xZZsdK-U?I9Qu}i7(l=w0tg;auUD<`9U>nhXU+|Fl`sLK$XYH5JROrQg6z0ZpPP@-O%?t zga3CaR=`o<{jWO;;vmuMEWrO$v0j@R;QzqXxGK$fdBGqM@c&0?#s%UAbN%!k{$KjA zf2U>V1IO#DzT{3H!MHzP5O`~ijW^>te@oG{wVPHGwFnO3b=(L$`9T0Dxh-+eLV+#r zeHFU>4jZCfB?z@#Wio* z2noZLt!h4z#f4Z@NJ*;#S1iar5*7v#it1Vue0^*k zb2cro<4wprV)@TKqF}}a<+nejy%{v~k~e|+_VlreQ};KnPeIJP!@Ba{Fw-63ChLek z$fDAktcdxNb*Hb+Zz0X@zM$~6Fwc~Kv}`p5FMJvh*~l|r#)4UHRUtBv-1tR`%0q?_ zy@EuL!geoZD1``sgkCB2sY2eh};g4~~9P_PqtTXAVq< zb2a2S`$BtHbb@bTY+`#Q3GJ_3!{69MYD@Sho4{HElF$@jll$K#ArhpBFJN(sQx8da zUB1;#M!Bqk<$fm=EWoF@@-GpkfiqrdJMe7~{WaVve?ImD=gKBV&VcQBrTs*ODZp3i zj|1>mxWL?;?CflpcFWDf|L)WMozSbHiu;-)Rk|f**ex^^h^HITNZ$WH_nVMkS?!Si#YiT7cKO<11fJ4078%sm90kqR-qtpOxY#kBRfE-9A3M{37`JFs#nQo4!$p{TKgd2NWPo-MNe^m zJVg$eUR^_LErK|?Fbx&u5Q&|aiWez?&PGbgpig#Dd8AaS zQ7pZX)hfVo-^F(pj-6PiXV$1oZm`G{JUFr-7>vQST%Y5)udh(i-}h2&iMzCr1Dls- zi`R55(X#+6@wujHkYMqLvOYmL^oIwS_qa2}Y##RKg*zNiR6pe!IKb^Pmom* zD390lg7s#moPcP7G|SR``0~NwC#nz8sIhYeVv42%-mcI)mU*{%2oqdUt)3WsY5ch7 zdT!4+&%pl~iA-CBButG}m6#-xrMeq$<8uLjOr%8(WLtGmYA8A~Pn^ou_S-Z8nnq>X z_Y;M@1)XFl&4ru=hHe`f(oI(RIo~TfpOBb)s)? zVf-<~IhTH0m1vg>qI5r`*Yi`K5QnuLao5NYEd|(*D3dpE9~CQ3pkloD7HN&zYfVO& z5T1O1MrmQ|Yk-E^S~t`wjiofu%r`L3!UMa&c}{Lu=WCuQAeYg1*JRYm>m+OjDPCw= zh}wo|$Pj$aJ6=kf3){!{i zb}fK?u--1)q?B%MrMtMx7E0Vne$xU=pd*LNkC#lS0FzviY-bXtq{puTLr>FcY5;yz zzvNO+l;=0;h+o+W4d%pjch6dS2MYJ`UDR0Qe?|9f#h1foHF38Uvco zk5NocJJ?uXB*LzJMmEF4>+-K-BmDBE-s3I#;7(~F+C1@`_?qV?)JnY0SBnE>3xjwU z4`f}{4IYxXd`)D^FkHw%(03J5i7}5f`dwQ-Jr0CI-8NzP);C}9c^x2iD5xR{qJ z^@wjq*_GUj|DBz`Z#5wRTTLoIwwmCv(Uc9Wohf7utV}3GfgK|-8HnVX!*Ny2O(;~A z#g$Z)RFzeJ?Dv4b7xBp01mBIEOKbh|Gh8K@D{q|?M0`#8II1f5nJ?c$;_~w`%U^xK zOP1&51#yFT!947M;Rvui`1>ITh@A`AG5TM+?!OaZZwmZ`va=1`3&0Sn@tA3J=;S1e zd@26spjH_J(hsa?r_COpUQq9=Dn1JwoLjB86$DQsQJ8ff&$PttNWut0y}6yG6AXj+ z5tK^sB%z{!>vTpPt}a99qcdS zMO7%pPGydVX2P?yEJI?6kP$6U$8*dXd(eM-#e(^IeM>t=>P!;(we@TBI#pOoLEO)nS5-#ZNwxqLA>%pDLA78#rw>_On~p=RW0{d=gf{#Agn08axk zT)qbl3>ApthjR%H{qrXTI3&Q$gn{(uMuLX<18lC`LUo3sjAL ztF`XVQ@-eIJJMs4?UB^7*xoweG~V7pa-f@0K2>6%W_?)NurRbSkJ=UQ(F|W%EbyShwwdz?9j(Q-%`~(;J}kM6;zPu zHFDqq8`c@tA1N1GS2Jc|6%fiJ&gyQ)c17YKTpWOW2{M8n%k_9qg+X7~PJBwmD~e&t zpk9CeREa!p5kJnUy|S&%0hR*7y$M^1G*564g1qO7oCwWK?5;rla|7jfZX$O7$xX1< zfN(SigrmZ>aD@EhjwDF@cP_#M;apM#5;m%&iQSb@yx!>k&OXrCxIZ8NwVfdyaXB;(}Ac$pK40>@$ z#r+GrNPQ;-b}*jvmD=3;+~@$A26y76N7ja>+82WYMq42F7RP3lG_p&Pf}p;W8^Ibze-z zoBJFjrM(qL5ZoL^MCFW|_r0&2Fjb8xMq!MH4-F-&jB36xQQ#;SYvYeL_q=JS>ga)v zil+tQv&lKkwg{KJsv+Ki;DG;}ZynI4mf~?l!5Jt@)92wMkPwC;bLm~MS+?RI(w5Bv56}x1GXMCoG%^b7n z7xe@3(|R6$Rd#aJJc;$hcSU>iY5lnKO$w{rg`*{|jj^t0R=N_dI7k868%`?dpnwLCfCx@S5t3KnDMo+ZtF3%24V;Xce6w*g%i9PDgo8UOC{T)G!1f zJYSsIzk0&&QZwjJ>;!m(VE2vg>czUayS)w_d7Qfvq^}iA%Bgm;EfVfEi?{% zV39wZ%)@`WPR_Y5w(9EzF$j_fQ(=sMvHwXZDe#!*0LpciW*@# zQMX+S!8QM7sT*spev_Dl<$l69r}(zWt=O}3aP6)-CZ>1_=mSv*Z<{=SF2qFl*Fqa# zD*G2GOFA$NP-p!aPe;5a+aD=Rq-rz^^X$~S@Z-*;^vVQiw$3V_vo~-Nq&!B)o!?_F za*eH@fsByC$U8gX3HmUH)YTN2O)b1I>1OwM{4t5bQi9;hsiz5(e6gfgrt^r-)HJBb{OPxu4P_Gaum=_< zNVGj<9PK)a52x~KPlU!b&a5$`=ptGpBzR>Dc*TAb%EZYXs@B<=ncYYOHbpX2EmEVepi;xT&cDP(dhj>LZ=&S%MrwO zIUAAFUl^pGym7im9s{YUSc_=_+m*ftOjsJ6>NAhZs|K+}le_#p!qNid$cc$S< z9r78n59R1VbF*Hx`%;n?YK}9lACE&E&9gnE%i5OlI#`1|Fox~a!xAeOJ?VE z377ByrjdmqL*u=!n^z0k90Ftl1%@bYJhT?Vk{My&tG#35CKsjR6ymjHJl}`o~h}Ts6wQ)pUn!?+>3F)l&-ET*veefacdV-?vhleoc zCFeis9D!*1tg@24uI*Jxhkq4yB*rE#&Q3<=Ce9|-CRTPf*DV!nH@6t+QhvrAbT%Lf z(t+3u{w@n>|3GITha0gbCJrV65namyY_ad>p-{O#5rweijb1br=F5ix|LA)&nke9J znK*)}L6p~lNA#zc|1g=@Zj>KvV8A^7S$ z8m}Fvj!en?wn0R^^s$|BHW9G@pMRGsaAy3)x_c~|Ib?CY+ylNhV|95VcNd4UU-@fV z#t;{gB+nu+($IaepqBiww8P|?a)J#t{D{Nrbs9f}X5q;!$_X1kW0At_WcxxuTwfka z5*r$Vl$y5X+3d202Bfr}qcA@%9Aud)nM9A?v^F962~0h{sR}q*|{U|mpz9> zwhk3sF_bSUs_%;z2@o=}gPut5DZ@q)%1$h3c%+P4l86*`PUH@mqd!|)Hb`_e=y~cj zDG0IhR3Ugd6=|b5VU)Cs&%3{I7Mf!sQXBHb622C%##YAXml5;JX92f+5WhN6p2A-W z^<>7kMyg~?W&fUyVGuxYKz|YxB5PdM=e$(N*C%HCs)%z$1MT*@CGeK=Z~x8lfO zoc7IEb1g-@>f@cVL0-Z{w)JgFgJ_^FA(Er~6Dz08V~p9&C)||Hnnp{9k3+!9<0?3h z?LCfJ;N0k3Sjp?2e7Wd+HO;jau)Aqe+hU}3BvI-Y$2~3_K1n@EHgsZ6EM}CY^(vQB zGjrV@HU*7ZJt+>!<`u6IeNfC1LE!Y+$PlcWvHBIR@xB|x*LXHD0^dZm!P!qlL!AR? z{sMgYULzV6;$@fz1Mn6Q3d2vo+$1KDU&{?_1I?|!B)|Bz8U4Mtl^#TU30h=qa%B?} zic2@)`&w9RO`KV+P0S3enE`OyI9<8~*Uto9_OV{JDpCCQRzMr8>Az@WWe0(;nc?>L zSNz-FDBz96MX&8>HZU8Q2h7RF2{;pg9Sw9yT^@2?9{xY@3I9bB48-moeq|&4aK(Cf zM^(=his;s{cBqBqYTaw^4~I~l=@}ojC&J(egXEPlY~XLvWoCSykR&va_3n$M+jd6T zw|je;2y{)>ExD+9aBfc!%&( zH6UlnQbE`RQ$+e^tbK1RH1L>S7m-{fDN#oSix~J0os+EjIOcr8&cd*e-$r&*iGGThz|R1}MwF_j_L^H&NlMfCY+S zUUm?OgAK&N3j{3N&BOnJGyYxXs;s>58M7(h$MaHufnwwOg!NvF@tN%2lY=7$uaj?k zx0l|%d!=nmm7HwH#7AqP2%ALvc7nvxp)1*&EOp+?x+~nwOh)jtLm44mJ|fD?_?CO& zD5t84cc!8=JZiwzXhWx#roPwOs&>vclrt0gntCcC z?`WE)C}GW>=eUNiD)mkRt!Q>;qqL@@EHx+?Qsd+OW)gEX)6zjf+A^G^lg!^f);3v9p=VW3Z(?tRm%3?~ z{RI?$pBuPJTjqE3^BUIVbv!CztMM!Kv3I&+be2ZOEHBQQQ*2tgVQn-iI!F#`X9G2$ zj83KS_T^t7f09W&6aorcNh_l_2$DNWLhjE?g)FIH z=`$C(C1PDx$tO7YZdR%TxBuN2c=Q+r=_m8x1ijvO+y!?uO%meRdMncf`3yBWrHc*G z9A2;$uy%#Iir&S>HWSEFp~2|?z;`%vIw!5x@bV&8n6rH;#Gp5%dyxx+Dp7O0Oy*1t z&&jq(?h{p}d@-pfvpC&4s7?297Q3HDL@{0xI^3Faz**$I@;COdD0Fp5Jl3I?d%gBl zI8Eox*2vJ;P`oaFE+;b_|1gu`oBa!l%>Wc%0Z`1kh9WY|Wx|3)52D>b{Ua!4!QZPF zWNiHFqUCZ7@Luk0!=AZ2g@owmTgOF#mxj8@yMQ;f>-UcTmUN zPuVwNt?j*>!4R1FWh_p*|CZrXipF{5iJ5^f+jK~bPEWg1iHmyrx0W)FS);?`&dRum zKN5OAUa~nfzz%tkz7&h3nD9jFO=;o8rvk(R{ie4wdW(+v`q;V~C9D~K7y zn8A=i7esTzqy80@R~qIrQ7}8QUHQ_N9gsi#pTB(Lzkqs@pK>sXc|y?B-6feiG2}wO zB0BlWwmK3~_ezxHuiH%gwg$v<_ZUvnVM%G*>fQxF7>d{ABgEF{v)>~~e*HN(FiSe9$3|7>C~c5-(AZHi?4;V-D) z2cUjANy2swbqul6GT+H;x>unf-XNCGcdh=2ccCAXAV}AfAkGHX6qkrMa0cd8epHus zEI;AM64 zgaGxb0Yj6I(f+&LV@y_{KJDF^cJJ=HZ3H-BOIz%&(zjQID5YbI?xU3oO7)xUeI27j zHyOP>!xk03{>iNj>tS_#YiM@6kkWEzBeWKdcMC?Cp;^WSO)h1tG)dJ@!kT5rl; zpsD?4B^S?0vY&Avsf=4{XjSdr$q+hxX- zd0TKzNP0fHJ+nlLa6_JciVPD8KgUpmw3q77$%%0VJxoCE+8NuK7#SJe9D9_3=l_X2 zs0aXap}-gVcifRnmKGR7*ej^WLZ+n{CEdO$*Fk=dZ%AKB5il``@G_wyU}H%-niv4Z z9)+BNEnqSMJ?xHPj4Q5&fyagicB+B;&KOJtBDl`Kn1D`}7n8q4qO66D1<>&hX1v<@ z1H4D7@4pil75!J!kyq)N2T;shm&y4mJztG?@%-!|{9m%pe^I7EOFm?E>Gj8beCD$D z6mPuHFzG~42^sE3R$zVB5G>C&_-rYT4@&u{bI?qUoi&v?y5}tg&7xzTtX?r#?;hpVadg~ z4k@>!F^|8`qc^7Zet4Dp(Au6wweCocwIPe&swHp`kxnx1lQ=f_9oxBQL62KOBwy?2t1j;pIlS_?gVQcnV1WWT({ET4e0w8m|1R@wPX)fmv zVSwr1mOoGe$m~YkN{fSk^}C7uIMojwh>VRS>S1W&c-;gC$b`#?g~q1+`9z9ezorlc z)_0Y4fCXOVmaE7F0aLZymuci$IC5Sd{xB*3v4#9y_UUm*CcujHocogeRk(Ee@E9?& zSm?rxn}4>KR-wFHuz%~m6U1S~+oMj2GsJy@XK!+so(Jkspm}B#aD|=H*SND(?rupQ z!5lNv(_ISWZaEx0)W`62sbjCy*4J@#!W z%qi`slCD(adqX;#dG|?DpFN#_-sFs!=V(w+M#=XJ`_Vq;zA!w<#OQa%PckZBM=ow!$DBHXQhBS z)nDl85$1S+iwm=U_i&^z+3r@1XRwGC2hfgs8s|gi6i@@%O00y9J)* zTp@EHMSP$t(2_om9-31jkhJ$n%=X5Q{J zCD=EcmX4zljzW?O0fpTWG`(f3xypF)FD;d~2~wln^WEHtzEmYhYKG9!SNAQmObMc8 zq1I7}L9dP&l?n4@p5!opawUUNNpfeqJH_ZF_v+>IG7nq$=J4IUDIN>$HWW4U^oyO5 z<(`l)hl4)NkE_JYAQS|TX`zj`-MqJS1xdIidnUJYj=1;}Uh_J_#u3uAPjL&Qw~+@w zIWK5_S8lAnHW!mQv@E@Khx{qFR(sS8jfS+ZBzhNgNzrOcZEL~pD|lmnw+R8KgXect zPm=vaH4F>TG<6$5Hr97k^B66B{v)dWs=zo`mjWs%8#W5bA2y|DSv z$hB+9hSqQ4kd^!8M|jr_SlxsE0EP0l@WtI*5I)XvnW+d2l_AI{!EULlgKO=NrYwyM zAL9hYYbUTN*a`H!GDTVa+Egdq<{BzZc;1@V6q;?u+LhkuK&W5G{En$N+ST-7+)AnY zq=~W)|K#(EAqMC#tT_r5<5F*6*;JpLR~XBpttG;{%=s+VBdF>>1~GhjD3xOow8|+& z7Nq0piQBXf5s6Esf)5c*8{3E`ZT__7v*cK6yht0G+@c-rP&)yop{c0-!5B{{aS9diPFBlv)aCQ#r}Y(<4_dVTv$5 z`V5Y|kKIecDC(K%t<$^2lyrR?j!uX27vQAx9u!$~HR)C#P&ohId5o=h9D_R#ep z!RcHbmW{n*!vB6zp!wx`JW+c!VSAIVcEdO7eRINotXR4S(9CwAVX_*cq6Mu_BL#VM zFE2d&Iy{ot)n8$i^j=y_h8k1J|c@7vAj#gJ&-Jl zobc8+I-=4n#ZC$VS8b@}1EZI2vgLec_yBt00_cV8nqL0g_hffNF(`}Q;2B|K^zsO00@bnhoFCaL4Swm+D}C68;1}u%)CqY zwcnFBTB8qEpHkPnSxCWTPsm}A^^Q$%l4*>64^6ZhHMDM{pf#Dm5U1r^Cha-L5`SLT z*TT)iOeXkLxY%B;`#@f3i!IH$uP0jNU6&rZdusAsezYQk0$rS_wBSrjg|}15_e)_b zUpmA+cc@g*N9x8-<$(`^%6pe*K}!%_C|f2^UC1XNIKB8Lec8gUVM=7mN^GsWc+W;y z&r!<(fxFVfBu6tNj{6e?E9&bQ$Jt>X$2pul@eZBa-nCVe9eYKC*kZN4jPs%pG^Ymj z7M2>+n6CKsO9Fxe@Rt0Zg8U+VasKKZGM#c9{_zL^=5YRsYRXcU z9@D&@q+UUP1{aemocMeu(8F(rOdAKDn#&}rY}&1%NZ49ZKR~hU3!A{^*N?Q=-M)A) zTC~0f54n4UQYNp+!XpK7HXbf0c8or&ef#MCp8Yuq?+yx-A`Ww86W&tWqJ+!lt>WEd zk*deB_84ZbQsFpd2*wya2NXpzJ&i^-8ZtW>Uvo8Mqi!@AJ@R;%i->x+&~iTNN&Cl- z;Y1>^isRxZ>A8lK=C~B1{7IW$O}D1=pW-`(2&oZ+c?hZ;(31yy(9$AVh?m0?1NzCq zAH-z4V4S2~_0hXOH{ttQvAi3QMbk?5K&L=rnMgCDB~y)woA$@odN|zJ9d$qG(u0PA zApT_)0_F9kQD|h~cynS~>XY(Mwt-v+T6mU$ukY;?n74UyNS-0VEQnOlzd+vNNQAmk zWkZ1!epp+`*u=k#YG7wm^rwFX*x4LEDi)-h&h?K6|72$a?ll;=CCYF0GSGnulquX= z{{v^#1Z4HkJD*(N{skHm9$Ewfrmo9lEXtY&EuDpzkOVrXBzc_|9ucq4sJuSt^Aq(p z^*17?PMM!fM81)=K~&f}p?&M7TqnpWm~jxw8?S#8PWqqjL8_EJEEca@x$AR=WP8@k z-pijIIC1mO4J`!$5{IIMcpH7>yH}`6lo#XZZa>Zsa3iQ~vu_1_CzHeG@kd8Q?Z4 zCLTYM6g)Qa^#lL4!2lKz({*y9xf&X{x=EChvhcq%Ux3OM*v0=nn0}cr|9h7DckRHw zSSI*fXzg>rBv+9-s_Xkfx-r>eg#d$<0tz`qW@E&+Z$i@t1oC%34z<1gFjhYKkeeQp zQF4~ItC5eeO7CTpcWSngNR8`Z{vF1rpI7XLckw8q5d~MaoO=nXo{k$D&-rA-eF!12 zjHcpmyudyP#(DU0jXZLEO|c8pOaei%KL|%fsFD5Rk@fR$c&P+UijkZzb4`03&E_ag z%g0mPp<5OBwgwK~Hm1p5l)^saBv;p}{r2XIKrK_vN0s@WO)NgS64@uU50a~DDFpg_ zs5nX<-7zn@wF{JC3v^=iBN|#OcAHPOlBZ6h>yOZ0n3gkmu>~5bhIXK~#j1b^v5UsM zxpQ}P_^de}%n46n&E`uZFHZYDL5wwwtTr8@2^kEmD;LV)MW2C6+rg5J_d2qI&DX^X z7^pK_*}_g8(Dombt$eTjZDHN1i24pQL<^^?Gotjgv<8t+4A+KY4B8Q`H;Ej6WACmg z?Qn~*-ramLvE!so_24uGa&?tF!Ezt8HA{!5bo zQryZOEm{SPGD9l9%hM^XsfQKNru~1a?f<0MZxs6gT(1Vj9*ldT4t;|37EUrjaq3h` z@BciM1m{CMD~g+*2BoV04CjLqKV5Jf{d;mgNbW4xugVIofhk>9_g{rm%4bEY8a_R; zz@2UkS?wr5KHtxKcTe>;9EFXlI|JdK9_YcnTbQcfZYA65-e%lGmP_~f1j!SJ6E6yn zc&4AfM^cCto{_AZn`o(N6DEXk)-xhrN`Pw|jfL(+&(gVa>;6}b-GgKC3#!T;*2vKr zaRb=41iL&}$EdJyuF@7%*f$Ol8!zq1tzSAAc1{lmIHG(o!wf}vjxFoRvDi4_uvp+Q zzg%w}&X1*IGTWq%RU>NkZGAz`6jO01sbm+wX3ODe_=5DsJf}kzE?peSkijZ#gI%^6 z4W-V;JSj4ZIq@C;(%k^F$K#2L&gJzVm8?pG3y-#(U{+A|hb^@`Ahik~-3eOS9s(BK3n88AisToyB+VsQ@D{-PVECmkI`8}{9gzO$_WgMywQH?#qfJYy z)8uDffNlVCLM>osrhm^1D4R>`_|p;>QS16&i4TCmnj3+3IV<*0+)wTM_y!jsAg(F@ z>V9g#(a*zwY8ii5k`$xizF8CXeNY~JRIC5R0qaG{TiUpgg5x(Q6uk5r`Y4}$XY+C6 z*$nur%jpB3Jb9argc5-785LdhWYa_W0XXpXNAyHCF4uvDdH%eteakb-LnVX7bc!kR zmGYSj0^?CEZM`oV1e}eMgPB}ktbE4Hcm&&s+r!ysrdbIt=+P^4118&T#aazGpW$6- zJ`Z!Xnfj1*50&v7vg2%;{%~Y8XP3KbFhwR%4I%YNdw~<#t*PDx53^}yy~6g#e9w!Y zn#AXrxpA5^Gl36wDS7NoRU!l_5%iJXqo;g!O&!1E5eZsZRm@AZ%BG5h_XW8JwVioF z@p!}EGN0`r=n=TdU-Q}Jc*E}&L(sn)cM#vnDm{+r_Xjg8hUMl`rXJb!p#L`R@Rv{c zJr1uth%B_m#g+F5tBy{d#&Ip598IU$)yzMClQ zrY+d0IJQSV#muNTpt<4(C>KEE$0JKK}Xm|aNc4)p28@ZVI84dKt<)nzG>o?JU zIkx{l-d=yzW&LmOocIqc;qOr1z&*(E_Mug8g?V(bjLSEPSCmKy5hsKyy=NhFMRUR*gW;rw@i6hyN1V*hR;6v`-B!<}?^PA4!skcDS5{Fs$l8b>e9W(i2UVTR zs)p0asN;C~rw%&BjN!?^p@b`pM3Esj<7aMA_MHc;V>AZ5K=00;SyUr}W6lv%dLkRNWa=xWCYmJJd$=P%$JzqoKTZt-pTOf(G z;Xy<7IK^_3p0Wh)oO#N@5okgXyb=+Zw)$jt_L(3j_6xm(FZK%dlERqkg!fycO5i%; zvGG}nY0_N|%OjIA?Xb&*9WFv{_sC;Vs7@W>h_5e+9d8H6v&EuaC`+6&rG5*es=qgb zD4w&BQ9Ub&o%yLq|Jl9PL# zt>y~Elm)9T>*yF&A%=Hv(g6U<~G8K0xnqHL0&VxsXT^bo8= zrnTkb`)pWyjho_9z=|?dhP#-rKWoGI7ayx_Si2^p}*RC&J9Evgh>0 zOHYcas?rjsf2v#*tOAW zpP=Z#b0hRyk9tZ{iE(xg46sDb-+o`~ZHlUAph%@kyehG}Dlp7xm^@dC)1#d^5K6oZ zqWzkYLhhFDuQ`@uD9gH6#s~#ORrb9B_uvHRGMOU7C7dn6>nD* z7nru!*eVkx6Z=_=as@1Ipl}~!dX>{lmau98wj~=by{CF`jeH6p4%IW>Sryfs=qm=X zp>e9sQhY{x9K1Rz&PEgLSzY?ZV%SR8=A&mHl{g5-0DNTp)^`yI- zz7IWm$YUSZ3kAhB{AV$9vpMfCU-3IH{x(i>MSQ?;Ch|ka;8y*Y(y}2M8>AthaEzs1 zPHP~c$zyXaa*~d}hXeQc30h9f-yve#ix$8fWjT&)H)5eSEi-Gjt7*mN)i226pow)+ zTF6Z;MhgyAa2U@%J86SE98?PS4pkmIho;ty*mbpl=f_6 z4$mvI_o{-r>WkyhcV+!@M&*ri5k(MjzCz@`_H~kHX}vpx`A}-x6RLG=haQqv!?~^1 ziOME6{+!pl;r8lB|5c_0z5C=(<4!M_vZq~%>f|bTonv5#gNkyfl<(FQUC6o)oyD=Wa;Ccq*{(<1 zX1t`$s$*&%VSId^Yu@t;lCj*{nY7L+esiz3o8|yQ7NX)&4RRRCQL924P5lzW0+;DG z?iV8sD#lE`bk+A_9+`X_V_vSm-{_MgOc^cg_L7%;J8d<6*whYox4`vLixpnRPIdR! z7!_7VOgb8FcUeWtvZDbF9h?uAQn=q?dtq?90i1KWxwjX+_&n6Q`mN<0&Jw%z3SLsvhavtoFcUTCm z5M?Bcn6qy7Tqz}QJc8f)+ixH`+pAiXW}BzC%-48S9;Vtes2&%7i#Isxy=zB0(j40` z7IM2GwZ&0O&EbyF_|XW`1^s^Z-b_*{^jMUB?O{x2c~fX8IcTu`C5s_@2_BT2nAWBr z5`V53i$|RhOyh%$;AP@c#mK>3rqj+9PahL6_@-xz8WOWjC7I<<3KD@hmIGf`!LA#T#Zk z^hG(C`$;e5K%wMiVo|5Q{2?-TCZM^pbdsn1hkd6ct)0xs9E^FDk$@%?1m*9iywN{$IZA!mocyaP1ZWvE zadZW4ukZBZrai!IGk(1CTDpm=UG_#^gBc9sV&eeuasaakz@{+!9)wk8HKiTUTl{qLO>Wk5{XM5g9I-TCO4pYPs6gV?S*1>oeu*suOA`>NYZ|A=gdshxu3W z*S)@#huxh)$wlm`&Oo2b(&9i9eIyoOp^&q-Ol(LPhnRiT-nf6?juQ7ux%l(|s;Ey1_NW!3Q10uMJR4VS(e&o3)Joc*JLEp= zhg+ufcr?TJ5_odgh7d=%+L4=Q?}%wcG=E4#v=TgG>t+n@+SPsjG1#P-ouPv@bf&() z7drLKI!-YGgE$D8h*;<&)T4*vor=cvsV8Ga0e&H4&Q+SJZ94|+TH+)9yu)yo%KD_G zAI~frE#E>8HGPSiY0_@v(~F!%zn7nqdYj&g2+51TkP3O-joIO&Kc`>G=ZAh9+ZRR0 zL@CY>wxVu*)Jc`-U>YT3q_hm6GgFnxS?ys5{HQ;^$vN29VIDE% z&@*<6-KpIAi{&!?oL-l}R$@LO>7C5n+Tg&{N0mwUKxIU<_8s%xUYGlQEM z$q{L=yXK(&sFvR$Yek{Wmn0xdBa(e6yW>#ftX=HrdYEWB*_dLlXr7vBjT5hD9Ei^{B0d|fZMX0QPONw`+AU!5H-7Vd zkc@Pwnl&UYZ_B?Vh|>l~ld-xVTQ|{>31TAM>+$ST?Ah{~Q5^838GxwKDyfYp^$!n% zNsNl}Lx^vic>a9V$Y$Djwf>G4e4FA@5Sp6TLwE|p?33Xm4fMcjL;?KvHtmw) zly?U#Eol=@_ZS8YMyfvcu z*q4{doF%@&awc_gc9SVTXov{0UIzXw{gVL=pf~Pix)Z1OUP)-y3GD@p2Euz7s6<4; zao2?cbP|7ojiEf_H*7smdY0wIR}lK-J9I-)F*DoH`e4!LJ##Dh4}|iIX+2)B_>g|R zz_)n)zCp-)sJo^EMB;1vWXjLLRV!vYQLY)omfTyDD`ga}`3%m66*qs{;`!1Xzdwn- z(%h6PIZ3~vo5K0Km}+`n6nDoya}g~`nU36Tf+@rjepajpgwMD*egV|l%&@9^-{6PQ(xj$%_>rtK z2zh<{G%pwVG^uk^$eWOIH?Nu)*HKKCY)R9%W8(!)Th8Yjd%|T&v6-E<@t@;>#(J*z z1fcZ{7HB<#{?U4d0MR5&BzCN)P;qlFxQxI{-03mINy^eI{o#! zK~F@n?lzmK2MPWPny12%}+mY2#M9EHPT*-sNeFwHpN(_KKp64-7<|^+~Y+K`uvu&S@b*e^N>Qea%+kq12yHl;=-@{wI0um(R)At2o$Fw7Nh1b zz$(8~>!HwPwMd+W8A#-Q%M%; z4x~s>8|77Pk{6e92y)yMN4kuj>`3BgY=5vCZvTPfrJ#VKKXCkSx?8VNTASMIX`YFa zZ#~c9D|b`94c_(rkH4Yx-=1*qvhIlt=CaF{4-VmSW6*?z0*a09L@>sRv(NWWo9;}x_ zmWydQ|HcE~3rBZu=xKUGLWqXbP5q(4VWo&3MHbs78DBhR3(YzK;{f`VM?oJbLZf{a zKSHG#)RP?5(}!W=26eE+b3bJ%Xy8*3>ZFQ)pl$JF=XHA%H^j=$?V|d*9&gA;S*((c z$`tIxteyxD3caa0iv(n6UIp4AHevRL%F<$-kudhe3uVqeq_I+-W{UWP-7Ox4Q}nW} zWxjymV;SQYDYx6-ns&$9L)qypVnn3&9Q(cCqLSjs zCqmEz)F%~z!S5aoP#8Be)>BWa=G4P&y?ByGmE9gvD}!YzIl_eWAW?N-ICa*trl4w8 z1U`h;?XzXJs5KJz@RW-p>ywTJdJu)w=%ffYwQk;~ZdP}K%c#UxP?A_oYzbmdh?BmI z1>=0a`xM-aWu~m48!s6a1>|U(d8U!R6^9&>P2)3xSMiH}l+|i49I55+osHq{RT#HJ zW^VRpTPCB9ywg8mmabnFUE=1zJ?gbp_#E(HqcOLYvb^l89rPj;AISBb&_-kgvU0P& z&-7@P=8!kf`9PXVyRTwYz5QI!b1A70jP^J`D$TC~x4)-hAnbo(J&Y(&3@Qjw09)Brx=i-$>;8sq zhes7JlG?IjGA=8Y4zv4%_Kt+=1Fcos)GVs0?w!#z>cEx3jxLGUkCQy%tnOlD6(QP6 z@!8EzVBm{>j=9x#tnx5j@aQ(f2a8g9*87HTTQ4`(n%JB1Bg@j2)?fP8s#LO3tl5m% z^AnserP-qx^ORH2S&2T4-Qn5G3Sl^>~=wBVQ zDA+$PV&1ylg`}D}LHIP8jsN)z!yE|L5={$RIAY(f2Jxuma?A;XSw#GMl84)$joO7_ zh4aT=9@VCDwiSiBhQX-8(5Hv`5pePQGUgM!n+VtIZz&b9erHoYdFYBZ#23a*kzpO5 z+9l8yNN6HdfTmk~u~voCU;CoFSzt71V++o)LXL;ky-g4!9Vss(mHco&4GH8v+dda6 z_O00{wf}VoQD0BgcRoxF_z!ggJDv>kUmiUjM&`E&Rdvd9>WKfYgkFlH3i<8=wle&g zpYx+s>8Uw+uLvo-NQsjxcIn_^=W1YV;dBK!tiS8J%|-u099Uz3UFrjfBXxy1*y8H! zRN4XIX&eW`_4It&g*5vve?cIr8vrCK_j5)bA{M%mi`|3EtN!XrxfbL6^_DUa1G(gy ztUssY0rh)8Nhmi54_K}pkR7=`1pU`t>7VH4voh)`NW3}qFrjDy`WP;!ZI7C|0PrwYc-@FB?Opd55IEC5V3UofOA!GLZyx-~)CLO#1?7HEveK zO5bcU`|vxq+jRFX3j6lQY9{3n9Hq|=LRX4re4hDORq;|6*(i&bp0?V4nJaLLi!~^K z#wI&h56umG@gn>2_W~qpW$JZY$jO0vjsWCbzWt@83oYGYe+QdW=@LP{#`-CL$S?WZ z+SRZ1^zX7{mve29@n$_|Wk4Q8ARf<*)@{C@{P8t`xz~|GA4-yyV4bjm38gPlIDqE}LvO+IPDYDZq=nW^DXuPxyy zb|mL}1dJA1@FcgbXNC76W{ty0h{WqO%$q)rnft0(U#jsg>h{+xjNCv-0zIzXd&#iKF5<+-WEg#KxxYMJW{zJ z47!Agh9Y;l)PZIl?g2kaEL68W6XXkioT+O}`U?jA2~yXXw7YKSs@0~yBdy(?@7Cmq z>yXwZ@E1%1GCFY!{z761z78Fqx2wZqmXxZR1zgVPbbFgq(!6ww*ZP+bKW|ixXT3LL z@oj`G?y(f%i=BYisnWNM-R~WSHav^m{bGA}4o;5$4q7;FgvNa-w2dHxEq=!Ww^h-y zuv{?>58tx>d=-=;0s9s*e1kk|?h7&2rFO~hr#qi8C|IAScbsTjJoO?&786O;KGDPv zn^z0tQbKaqK_tl){o0cehW6^f9g0ddzC1iMtWU(Rt_X9I2#*B(TLvUsZ2l_0`Mm~$iVWdw-u~M1%XehYgJu}+6nX+vYbFlZZ zjMMsS!B;Khn6N?@FQKKOw0o&PEUR)KdxSnFR;iK?_JZT?VF2dAIYv>hxhWq(6G;^) zJ`5uR*&YOnl?WsSt*d+?Z&yI0NDZmiyn7-kfFH)V5xkVS6AW)zY0ch8ydy===e}#& z742d1Xx{HJ7?UY)DzzI~TL6?0oYl86u=u?_NNSnu7e2!P{lqXi06s_j$nD&aY^SC+ z>kGfR+`y9UWjDYXV2A&|Nw#x>*squ%vV&EqQ4-~#p7GPj&OeS&puirm?8@o8z%=hzy|-PJsfDvf0uhk~ai&elEej;0se<#)*G= z|IkpszWZCb_evWB-2wtX?-H3+(1nT}HC1>2?lOxGJ?h7g25NRNf+IZhuL-3SR=3IS z*L=uSWOAI2IxfzwmYI1#q@UzJ7nt)xrX>O>&qS!{o+5*hSRL|*Y;2^r9WI`F@@=(z z`-p}Z_pYBcD3Obq4YSnmea{<=$4bdnqq%XTFHW*DAH|api`L&Ow=&&N^V?d1hFXJC zYA>GT$Z!;f4sT>3evNLfoVkz_{8|UT!2N@YLgmKGaqP_af==U=QeTIm=B!Og*qghP)rG1CN{kLey`6 zn-))V^iM>)$pHaC`ysA{h;SSOz_3~t79Kzh9uV63ue;JeVL(Yl1eG5KKgmK@&so z*`SyasZYVZ=or7LI$P}BeVS^#h+wE9Ht(67M z2M+Ps7n(xx9{AIAjn2KYTbR%8h{Me`#*h_nCOKI@H<~vsbrkEJ~A6}id;w_298H{RL1fPV< zuHJ6?*?(o%UbQEFk%i&885U)& z!##)j`b}5Xv-9ic`@+OpV&&kC2ml5^R|^E_YGqT0{G1qjIsM_r8U;gximI3h*yz!J z-3Jcj>zxSSYy5mGg-@{-nM2lb@dS8~(Y%tY4 zw*2leS6{i1((FyHO24X+)1-cwd?Gzz*i^Y4`oy)Jm?Js5LrS z;!K8)dh_O8sE;gQJ0~zQumMk;u`w_*H?RRTN}PT(cj>jGU*>*G1r&Ho0dO+8uFM?) zB6mjAH?Oj6=1)8SZKIb^V-W+1ToQ^~SiEuu#*P-oWOPn|x+?%MjsTA!0~)LyO`M#_ z44lD&uh(}3{-geQ_s&m!6<90;5pGs4b~aXSuAf>#h*+2+fUwW6M*+$kMVMIbfM~C1 z44K%EM{w1fG0LGxr%Nv0{L)2jt^ii!2jUU?yNju<^pK{Z~<__3O@Xux%^Lf zpnvj_%OM8rx#<11WO%LJ6MS<02uM#jCR=6)P{bVtX{utC8;$trH0<)LZ4wF&-y0*V zot&&6P*C{mEg5##-B}8-K4@F>VYO7vX2sY1MjAOKpdS)UWw(M+?IuX}l!M%=8h+ZI z$@p{76P3596|oT!E1^+v<1MkM%PG$YLr`Z@5u1<<6ycOVW%{}944{pYpp2w|1c|;DHT`>?)TqU}S$^2xf&=mdN|=w13*Zm99((DXzrt zMLpHErmU(VPva9_?`H=@zY850>Wx3ANLx0vUIs(a`vV~;kTgwxerqxn!+v;Z+S=Sr&l?CYF zaV*9*wel-)Q8f5&k7T-$7YJ|%e36=A5ujfQKOU`Z@m*Bx!VIsbOhso2o-MQ6<7UHi z#kfN4KuBOz3#9qqWXq9nbf2G5m7-PEo_f4G*AFA?nwEpgyp0bESh=KZK!5oxDBztx z_TQcJETASYpz?p5?F8PywLjwp0+$a>28cYcgIM8UfNvo{mm>|Y^GZZNc&ojgwS|!f z)9+aJ2TX!-`DfrgoNe2=i4rU4+=}Nz0I-MPBK9IcCT*b2&ViJ?5fNynoY zQcB6bL%{zqf|X4h)DzAunT(bT-F@<@bb)n$I)Gp`z2(Fod;bkXL-6st+{)g3@--r? zq>rdA3wMh4*j2R0S1qxE;ObbRx|GW(#^$QXMG0nv_wV%WAR_B5k2VfUjdLLmVj@O( zR0u%(S;!u-llfG$Z$--*9}9l1rZmGrfvMkTY)4Syud>G3&!?Pv#;Eao!g%xmJSj#G_{8Gl3V}qc5Y8Gfh1$cqQ<5{Qg$LLiqTNCJ`T6Cw0a- zr}l)Esr0$cU|4oy4gFgalF1yc>9>Wcx3F=E2_e{a1sPhX7CnL(=uHgqkPZx zYohP40jSCI(L<;fNYnn0I8k=bKdf-@6%4X!#UsdKdcf7Z;oLt$HN$s_RZ^Pi;sBAy!*>KQ<|L9(A2RfpIg=n4hB=-rw3_wUxM}jm zWW0^VNoW>jM{nmjtE3h5eH-EOx~lx?c+Pyjq7$yho;+p4$IjmMG?!a#pMB9nmhj#G>f@CIH2ID2=>CY`OG>UWn}> zLIkN6YfH{{!r6un;?DQvv2us%8kH>h(7h+kEjtRVpfK6ndg@&&9VbvpQPYO>ZB(R& zQ45{*cVwmA`Q!D&C@xZFID0#CCKyy9%s6bF+MqP{^WLvj)v^0GGgFb;TXm~!6 zeC=2raxr}hs9c+*&rmHF44DQv;FLTVda1dO&SeY3b<)RHPO=$x+R z>|WWpWNQ!8sF2-g-s$z7W#36aAmMH$k_c+{H@PqqD-X7s8(En@N!4GnG}pnxU2*(Z zc>Gt`tXlp$D>t0$(g>=b%qws z{TS@qLF$$cx6xjRr>mT}+xMP2)8@QrHV;R+0t`#XNWC zV6#mh8?Pmzg-~|ymSfCgqY%m#8~&%6iHp+ri*p+85~gzoxbJpu+*_v66n7z+b_rJ+ zLJ!I?&>zq}OQMjAPX4gsccR@?HqBu+o8^U1_5TrHe{S6H~gvhl#E z8|JG4HXv@Yo1X+!>fHMm^J}O;6jyBR#}kwNEa{(=69_f@sgGJKhRr~TgDi!js8G+;om*}LqpfHsvq*PO+Ho6T_b(81KB zvdAPiKXNigpHWD3u-J3^BZiU3H}D)`+kg6uq4HdA;-B zjD(bj6^cV)IXgHZifTfg5@K74F4#S6vN#!#RFH*5S73fqC0(J*<85**txY8b>PZ*=Esca{A)oBnzDZ zhPBz#D4vvo4hbrr|0Uk{!n!y?KYe%g`?(;ZGrbY?=Q_>bgpR?L?vRiW1j6qUO-d1- zgm?2Cp|2I8nyTo!&!1DpHLZ&)Ep+3uBkoy>D{ax=ih%a)+!jJ)P{z%s7i*x76|yg4 zqqdPCpyQ(*Dek-@O1Qvx{}mg%wn$i;6}?G0-CoskXR+z9*MpBQdk4(g`_c*U>bp9n zp+D)PDh}Oyedy-#xejNMd$xy}E*n|MjmCMJ8gqtahJa-5jz}B@zeQma)IpsNEp+%1 z+*aDEW8lg&g!WAc{Bgkvd#gr=f?|!bqoz&ky1mfBw5IPoA08NtBNle)+}HPlb))fY zdv{Bj!SJ)a(KJu99Z`qJoa>$P;nxhtFnVE}wk#9E1cvOKLL87~rAFCcguyX%@vsL( zSB$KI|JaOf=0&9MUQfD%)dhm2nt-P!a^RmcxEP!?vD<_B>$h=;rLoSt~e;tDUtFQM@ zWG{aPF%egBCGkKn!<7Y&)idoAx@$c|YOONo5S3&_7M^i)>dE<}$Gcd=`xMOc+yZYG zpKlT|%(`Q2Mw=_)IQAT}g|24nBIzuu-?|Gr9_r$9qm#pn`_MM2{MCWcUU0p;D`I7z z4(Z4>`B`MBS`{zW#Y;h2u4syt=L&cC^qT};@^qp?N~Y*yD$I(Vt3TU4%V@=rq|wGo zF44t}sNf<}&ye^Y_LQ@&ssEOjU8vF2D68dLU2Eh|)wVp#RxC_B5VY9y+^=@yy2zT0C#Y*!w$dCI<3JB5vswWv6*rsLGX?ox7+vqJjB zerxtN&(s{9m(_9BAyd1;?YroQgZ&%ZU#&`*QnMHXZDA&qA>$bZLN0tS7WPDm3#|4U z$htqbWEUoWE&LEp^=|MnyY(_9^E4&_d4pP<9a5YJKJp9UFeLkB&oR_@=2A_8SUl(& zoA2)4>c*Vam>uI&LzjfbF*EeVGb*?zgn+8bs@H~M=t;ZhzcD*43#Y}UMLi0S={8}9 zpqM1kOWe8eSOWB*d)&Ch^zfD5)AY`+y-shdNL~-WYUvSy6dIFV4jE_~3 zggF}h=%*Q?0gL*6X+xXdQ6t0m`e+)(G0&P|^G$O`2wkg!j4SW+D8B+V?mw1=s;GPU zZ=mR!+)36CeP6Ttcv`i?ERT9dT@lT1)%lnD@V{xgfgqz4;ed(l5H{4`TjsbwB~-f1 z9$Wv+&h;D@H&2R-VKcVlfd3RR>s`QFllBZXLtdep0~PB@FVaD?Rc1zOegDg}2O-;S;a!`%cw{nglpMkVbLR~8@-ct-j2t8%kD_l@~VZ16c z6{iCEoGi>X{h@fnfPMh`j@`J=jMT&Jn%HK>A|j+xqRAX{GJlx27nL#0O)@MfG9g6U z%ba&;j%VI=9k>{b_?EdE$#@Ez#D|`e_&*L=3waxZdZEIgzkzE&kRvGOHN>N@YI%GR zP6KKFNGgYIqYoyo3WFU(aBEZypAvo^fkj>!gDQB^H#%_yl zlD#-e9V*A%60&Ynwo<}?FYY!5bM6y~-un*I&3!4#>i3uxM_M>6js$Rq;qn>K1Wy7Q z6Ph}k+DzQXLOi}p^AS8k-k*2h={=CUPcR>N=d@jGX7}R zG!eyJ91RU@T`jDwO<2%?PXn@Ch*)r{U?Tbx){(HVuU_~)miBXkDbT+2<84(78{jGi zHujgw|5pN8JX`>dUyCBLULIUCxc^pn8<2JLw+RUd)&)cXCGO!+0Ra$i={4L9BtlfS z*u9j}cPlnv)k#&q-R~reX_GgY3WtAI62_=Avnzo>YvI1< z;j|brKf0#}^=$07eWi8KTM>w_S#%2?tqDyTb=WJE!Ba&di}&+9D(DF!4^H_a1SLux zok5ysKvzw*S0ekcAZTDN=*@cuRsb|`v$C7Tw*z3m0F!RA zUW*((P%YW)SWAk=`xe)SEJ$PA_v}8cabXK&yqbgUZ3Uh=!Z~RUbRNp@{b{`;rb2V~ z2_^#IM3qUGXex1UH-4~pWD(zxkJ4TpKO0?%p*Ch&zk7-o#z~<38bySI(BdV{@$JEO zd_7rjo#jXVap%lmQeWbN*EinJ^?k)P%-DZt8yfq+7CCenz%+t@FT@{KnqO(4c_+8!H@eV{U_Rt`;ro1HhmzJIj7JGNj-P5a6ER{(R%d03>-6 zXE!@XD;8c5_vKF_VX^%1U%1GAp82cS;9q$#5+JcF4~GBekC6SOG>R^UKAz;cpmN~N`~(RI=_iPY#2=VBFLb+Oc%1yYu>x6 zwco@5BBX34#%nbEg&eVFsz_zCr2kx|Vdq(HKouyU{I3;Ve@1a^erCZSkzou#51;8~ zYlAdF>L4{-1R$qjX2NV{VG1G#k%Df)!P28bLlMAW$E=MLgp@`_TXl~3TTV#fF?iuK zfv9nRmUvj(nb|S9{(yOKEr6>N__fPVx~37;xN%=U7TB)VGD*jTx(E30tX0CJ$ID?ep$QWGZ#00vCgD6K!-+FVv4G&qg#G=evONkPr7K;L7 zw9^Hocqn-^2yiepEi?BfHLHk~8B!dEdhRR`-Zk)Ycr$A}kOb1YVX^<2IWyM+@qasK<}z3S zwxG+=GCBeS^j^wbowjT6Q6G&Y3QS|Y4F zZD0r&z8UN{jAC4iK`Kxjd#>0?w{=`X9U77Pl&Hw8UI=;e^O-Uha|hw1z5Ra7E6jel zfz+kxel}0Hx2HP|pUlNYrLe|cb>x-l>3^#$fW4@Be@hc;LK839=s4eKF&5cJw+hbl zFnDWw0=i5uNbuozoL!6NGagPymk~E*xx>C#h6aJPK1vlKQmSNfom(k)TDp06)@?(0 zt&*IL*jmi-SoYncT-z>yn*X~Yg>tcTv;;r=c>pSJEcUewz^|0l7%V-9SLF=x;;n^| z+y9&N{eNh1Ofa%;^s1ebxhQP*`z8fi>LBQr&&FRFr$8%t=(o3L?%V-dZ(L9Cu_)`& z5zjR8CJgLbU<@oVBW_P3w!CfzdB5F6rj7~`R@fQL_2us7!cf?KZ_W~Zf2Hl~ zwl~w8sW&fE9v)lP=BvGp6@gKU@dwhE!}|wWOihF@4-~_ko^&j);6|mgLX|}0z28K~ z_~^?~5?d|^O7I+I6DTx6JHCj{G#rr>XMoggBCcf}lN{q_8vPb9$7)GZ`;mY0Vm*Ku zzmrOI%ZR54yw4JvIhz>$GSn-5#oxDDXXsz%3Z(~_suoZ((Fp|wnSawxVSvny%MCjP zcGl|=zLKgEKz`=Bs_}Y+FZi8blcC5|?5tg!f!Ltak3IN$g#8~UUMaYP-TzAy<^gJ# zE_K*}kuTt?Yw+Pu6aK$+TmOy@CZc86?JK5lc=m)1y}ymhRFN=BD1dsB@G2sq2d+0Z zskh#kz|+^7UuB7l&Pm^|DoN#5mdcrpM#5NmluekK|A*bG#1Ti9{(K_GMjfbiW6|}q zB8IoTD5X)N#Z-_yAJT;&gVj+qLM2YegNx%WXoBsf{Dm-adOT`KVVU_1Q^0iak3Zif z^Rw9|MA+1uR+=@VFvz>hFXgt9?OibMl!FZ&EbyfS74-TME?WQ=e5Mz>{DN?=^HhV+ z+>xuAPnwY`-sb++p-$y=q$o+lt3>(6^T}oJV{?PH=pERkhuRfWxxwsRRD~#LiSc^_ z3GXsVGjxJ&dWy>wNGWQE5??eH4xW`DdHR7@B!RVyJ9yW)7W@2tL3WV-T9DA@!2SXB zeL>y7+CQL>>Tf>QWj;~-#;Uxpc4P4ReHZtuf?Fph1E!z83N#k>uh;)rWB|`%W8nhv zaIgR!8o)kr^YFjuD*v=2RQVMO?^E<6pKMot8bD1{7j`Mn77`rZDP~pwfM01QmaJvv zU0r|fo?cuKRHaYoFEVU2M0y)OCGU7o5VPlgg?g%vyRiF(MAS^2*&MG@gN@UNmpsv~ zyuh+Jwop5ZA8`+pX)R8h@{-iP2Xj9Vw}9j1!g=9sP5Ha!T3QTe&72NX26M!vk&k0xo+}GJ^P(*krCv2#cJfn>1(6*EsE;LXT$|C z3yjd54e#x~v4oj^x3&>yFNb#%q#1KOYLa{q&!23x#MYET`K0!d#|Ckh*$czB;crha zXy;jJ2ZCnYg2|s@l7meX(azSu-Wl-GjSPT9zu_cH&h{@;gasPDVQ(~iBS2)9?Y=4; zuFd$usA|8QM=M(crqGU@cJQZ>+LfzUgr`|<1884;OM8A2S z3Ug0JH0hXU?&3lVm&+wXO3WjE#QK=DhtwBFXK~7q@v;4WMr%WZxdX=BgZo1PR9cIE z9JHj}qTO(Txh_467i)Kj>KI`V(Bq&w9={Cx8q_I%1i0CIZInZ<`B^M%)?xA^v~nBVqluh$R5w+CZ>CFh&|lz z89*i~rqgR}$L(oTiir04{($cNN}Sz6eU(IzeAt7+mRirpq3ut;qnXq$PAk5xj3g`U z6mA}rIj8ov-wTZQ5TP`P7I@l$S*)PONyvErymIhW0`#gP}QjnP`XO)7FXC!*T@WU>%g?&_CFSK!8JfGMsco86vngg6PVef zQP*(De4icFQg=`5HfT6L=a8%NZlCP^Tj#oF!)~7DY74c@-Ajp5YFPt50*2K=FLEj0 z8Z&@8bZSTXfhM1&h)lVFgim6qG?C4qh1hojqv+gs38Ie5ad}G<(dGp3+E~!b#@h@$ z9-R3gtPg3M<*ELt3%wNkzIL!w)YuMWw?~yK+uc*!=~%q>wsxg|)8Y8r6aJFb{~e@4 z{;&#g8efRC*Sy?4ORhqQz|4TZl~K93=a%KSdlek>VYZZP%)^Jtq51IeQ-@vJvZ6w$b}fH;8n#a3?cXItb&8#Nq4UetKJyAlBv>& z47b`&63=iNHJS2;7Fo$bJ95ZRy><7-lTa7j!cRCF31DjO=VgUj!rt}v;u~W1rqg|k zhI;h=WYHgIEtpYj9tO73&DKEhl}cPJPsr1@QnZ4*-~9c8MIO-5e;Pb>i7myZvyBMW zv)MBYBv^P%`u%xf5iZ+nB)UVo_qL-?3cg$W@eowTu|*N~yVdj4k?rK9NMhBpF|U{| z=nL_S7vvR@t7E-sH4|Mk&xR~I?O&M@s(W?kY*;pXTH~qmvy5%|_YlM{p6$Epzudqx z4$+44IiuXV;5*va$`$sizrR7@VdN6NM}2nEl0V_z^Hxk{fE(8A!%Y$Ekwkac7c4 zGqbl(=|3~AD3?zAg>6+^P#S9i#y#-{bccE&jGuWr_`Y^4#95K0j|1HQ=P^G;^Y)1hYdtG zQLK@jkzo;cH57#6y4L(xC(n;om){LYdhC}0!L$P{$t{2p!boxyr|HXQn+gojAf^jH zJJL;Vb12D&Fu%L|$P+CGyLN)2+P{JySxd=+Q3Ee#Hzo5^*>d8C6Upaqk_0|fj{vzfCQL+Ed`{{FFIn13E$7I$5@_oBk!!eFl?99PP1&OW=NtsW`o z3g^1?CMV)A*<=hr5iCRsGUQYg5)uaJ41~A^?hzx#fB||@1Bh;ZyztM1AFK81M9lxd ziQr~tva4ohI3#dGWI!krA~YmO5O~__UJ=mG2eo(l(=?ck?45ppSaW9^>znKB5_&F| z7qUoF2SLay3h%5hv4;e2pey&V&d49aq|fx_N6}h84UKCRiG_5GUnlW-coN>NTPTbm zP%14UF~<}IGOt2t{L;xh*od?sM36X`5IQe zVV%Dib~WPPAtu4}Y*v&uV@n7@B+u3ato(a>kwe*@9Q^X11HlT`B9#p2QAX6{-i{>alg zFlE4Yva>aDGytc{{-6s_m4BffG!=k!WB^@&|ABVIfBZs0JU7tpp7f1`t_t|`f6C)P zW1(NYaFw)T{gJB$QnTzJpa+5#=s~^;kX#@B?|k$>MMYw7%W!1$@1s2J5kJS}x{zvV z@$+Zo;9IhLZdTL=O(gf&j#Y9}#5@lRrkw*hHAw72hxmJV^~Pa_@=JGf!6|F2(4yGv?uIXDEWC|BhjLR!=8qEfTE|4mGeE+N6^Wg(a&uUTv=^t zA9Xk#&f#s;#BaHXTfyj)IjDzb9JXf1QVK*+EzOY6c3wqA0QmT8k_zJzTu@;UVc=!5 zi#3AA_4seLBmXAZ|I?tfhC|PA9dXoUiKo-nb7(+2@n#Ee8OPYmKXc~~m*6&(Fnem6ndIhnnvL%y(nuOnYgw(e9wPh&+mUSPnEcPqQ zg7;Q{;UStx`EBClB@4e9j08yd&q3?RNFw0tf#Z?C>LQSFZ@l_*>@jc~;E)IiD1+bu z290vF{#2d242ggb|BJ5jPi9vWG{|FerGLVT2^}8)pfd8;AHij;90yoEx5~?)0xjit0oeHrE)icIpbA(QdEM1_8?$yG4^K0N$mk{n8+3CkB0jVX{!HYNkD zRHkZFvclq(gi}i$!LR1gg#>o%FFt*uRGDitNwS+h6LyI5X-S+IZq3%CrJVm-FiL|8 zac7(V-oAi-n~>tz9F2%lCN`HSOs>89bHdPF#&fTaj}cdjOvCX9M9$uea~g~+yWQ*c zIXQX~!1;BS{gb2bAu?`D4bGL>U5d?LhYD_yj;*K9blBzy*Hm~aqANOg^|t)gDu0gz z{H+y+t5@NAKJWPYb~-JMy(7Jb6*WqVCNsS~ehG9e0Czk74MhEQXz3W2zYBNyso^HSrf z)_a>Vi0q>@sn$-eyhhGN@6g~R0-T(ArX1~-a=f!x#UXpmQ(800fu8JJygqLjbgl7u zO>2F=#@Pi{w!+8HVoQF?;p&mdl8NJiBs63gZjiJ;}%S1xPy*~LWhad(t@|!sRRH%nW zCQ@Zo1@0YC?I62KBV3iHUzM$bNj*1E)dZvzfc|<;V6y}QnwJ*+vo!s`!%hB^{kOQp z?;BFsQI#!vx|aI1OjAwPzq}aQ7hT+T4||}Oma0lDha7P-K4O2QT>CB_X60UpgNO|M z{#^z&=(kdxi#*)B2Ri&h;?3~_1|{-CD6RWsv>K@5elP@~`BP7^Ib%nqy`H&zA+U0) zJRL4VU^q~j?8FwY56M4?r01E*WmBC#cO>{sfkPA)XXR(Q)@kWqL3OwgA`$i#-_IqK zl(do%(TPgC!DNv^wO4=K^tRB_pembF929SXpO-674(Zc6?y}n6cxU3whMG0~4CV)K z7Ps}Z?_=5{TZ@yGV7xoRKN(9`=2}0m>tNxNnZQnY(L->o`|$i$y*CQ!+eakT*Y^Jp zp+2}908tD5*_F>A&=Rv4Ph}gLJfZE|aQ{sf_OsmlfxuqEWXp_Gl}2k>?2BaDq;HUw z70M9xa;t>o&V;_NKI&QAr7qWbOFT2?(RY}1XE7vn9!3-GljekRuxv^>H4I7Ly`rS~ zz$!xftn`y|2bT9%H8A18y1@unGSVc0|I$x%AP&mjnx| z08PG^MK?d^h9hDTYA6G@19Y+g!X3by*DWnT3o#3z&~k|*&{$MgXZ=VX{)_T0Faodx z=Fh^y1?<}3Eu7=Bv=PL?21xn<%_;vKZt|ZHAeoA!1*fKQq33ZvZ5=m~#bKTNa|R}I zVjb}Xa$R3a=WlwxH8L*?UXYe8!r?BbX-}IuTj~18+{p+boK8ncwsA$L(^xgB@RLdQ z$Xe`V@%5*#ef&z84XEUsjon6G(b$gdZM&gE^hAZ z+-?#jG%Kdwm3Tyc(cb4hX()Jp@S1V_>x9V_0ss-afb{=8>7Qd=eI5JC(Dn+;em!EH2We$ zbcU#}{cJ`q$?%Lyg?1{?SU#4iQ<{)Ib?)N1yBWtP;(d&kmr^U}CnyU-V|{hSYI#zP zP_y%zOgP$n8Mr=@Q(RjQL?kwulOdjOIMSfqS>PM5pHU%g+2kv`%r{Neq& zm`~0--rAz51NM}z3G^knuLwctd>^~+AMMb3i*`7B2SygYgCbFR}x_i^~og zUZV^UW{3U;5Q`5#PzI;eHUYoNLssO3wx|;ijr1nUfO$sp4W0p@%%uPuxHuZ+m%;#8 zc>qw4zI+`C3-qfC?za>EO&i>`OyRGe_}K{eFJR}gYV<$Q828`z*8d5S=9cvgHHg{N zd05%bw+BKW7f#5$hYQ;>j%G>D=Z+;w9$_+~-@n%^UKRfA6&oDPu#ZP?0yFKODi9_K!HJJ`Z#ZK3EVI%c z6C143!izh_Q&{9fhgxSCbtz9J-*|^`+g|W__qCRGvj83TJ!s5L%R!Z;p*k-8#QQIS zQp{bvd-KAHq{XPOuG89wejTT=w$_KCmRGyyv)z;^Jy%0AYaa!x7y2Y^_tn<>Az=|4 zLmm=!xOQkMC31ojFAQWf!!lR3COx-CK^aIDfn;iES1K)%=hI>DJyxnKZwl4jrWNsp zE3u4j8T<@O;>b<&^=Jyk%>+#xHU9Lp5|`@;6O|+q4L;10 zPW_AHr&*kIH%?QHVl0)3=oaDjH(0n@j-53YkZqpj0g&cCQ6gE1_$}1hCm+uOphCP+ zQ3se2v}J`+1vmW+R;i|Y7SNdBD+JYNqV`3C;HA@0kb7l>d^T%Nd!x+42#Y_wB+Y?9 zK)|E-*Jjm`3}-?QPII1=I35))_bf7J3a&_@SZrbFOh4GuEAYRzL4e70?lVY!Z!-V| z(x0P~`J(TB16~f`43hzn5v&(}0}-P8^~m~|4`u&VhjAX3lw5Hb|IaA4E*l)sSft+q zm`my~;7$G&V;DOS!GKekOUAJCLy+J9uDA2IxR81Ek!8L#SBd9X(_dSv2_m>f@E<5k zZQy0lg+_B)!?7_-8ScrzH2H{gl{@q`Xdya{O$Ld7jnkl>*X4?~AJTRZBbl7q)*e14 zYT&EtEzRi@&qpo0jwAHK^KQJ$MD8`7FoN)!`@>6YcIxSIh80hX&Jzir3Y5cLnLo^NPiEW*Cw#$$(Os}i4B)3rA`e5lXHUPX;{Wn{G23=TFaEx$cz<>4wD z&v#jU8Yrfd5RYOBKX;QPnPR-8g>yP5llrS;l`F}d%{rqgqjKP&M0`K-$_hKl3@}8N zQ{;a$m78T|Hq&^0b+)1G#5jnAKffDpF7T_>niU~`dv>MhaRj2E9)fbGVcRIILsOga z@n&7px0@6_~ITnY{QM8`}3bBR_TH;^@MBchRZE@|ZVq!XZz#XR#-dVdl zr?X#VM#MBT)s1=t1XeiJ@2sQskoPg%N}xl(aIF52mOvlJ^pAa>T5q2Pdf>lDET#3qi~01o)FdQ$QzAVhRWl{gk+H&-5upn`)luK1@_ZaRP7e^ zvkMSkY;N4~?%>>+!C&7oTX|Y1v4A+&BaZ$G56vx3!joN3?;)dkM2l2Ra+*N%X7B!( ze|#Y4P$L(Qx+CjdDW)R4TqC6oB*;?VO_xW#S!6rD*UDck8~d7#Q__E`<<&`EyPm(; zARtQUoNE8n+*(mbX5i~Fn$9Yt)Ehs(I}lY)Rz~EXStSs7(LUMV6Smh98nhBEbQYjx zfwFONe1I4wZPd|0sS%%`%h?iji1dXq!;tuMsrPIiD`|Ck=e;1Bqg>0XDI?I(b^>>W zDT@#6mv=R{k`pp8iBXA>EXmG2jDCDluTEdc5 z!Dy|cyA{y~-esNMw4#tP1$l_GNz2Fltmw2*kUq(4`OmVAA9)-|@8T5pt#*lT2)U>1 zdN~O4?UBUfNQdeB)mi^1QuKyXg`4+H~Lgb>XLRhUPDaDMd!v z z6=rOMx@dN^F!=$K(yHJg7P?&w65F!2b{gf=_)iH?mi4Q_W0jSsT`#?@bQwCuY!UXM ztPY1C)iD(lA>{KmAQ@`*%|9n^hb%o`(?5e20g;}cGor>H!oV;jK)sd#sHQ+dVHnu= z%0%iVOVGW0mN%(**Ynrq{NFXK3*ZuY|9xEIUk>ZCk^lR{y60sVUS4pQ=R10l{U^f6 z|6je?zbn){MM8Zw#yD;Ef@vl3#_W^Eg=caxl?Lkk>K3=#@mu1&kjJnf((1Qcr3EGR$%E*}VyjT)(nP}6hC^I9_7ha_*~*$kJM3O$Tm2pr}5N^z(C5L3TE55{Mg@H4fj z0eYKktzg)>)A(h%pW~T0XmI$OqvXV7NE+6!$GxX&PHJc9|1KLZT&t1)BogX1amYi`U7b@F=<8cXzs#!Y~hdrTVPk zrdrk+F70d424~y*(>KKP`^9xeiDHvcNktROAsAr>opYdIDU6I>2UH!m*ce(_xSZ

lab z)~$(gShTHGJ#g#RJpH*h!Tv6JVPa(TvnN?6_^}}-02^Wq@P%_3+G$6mv}+}{4?C#O zy$-wIM{{+P2l<8m9NGb72;jXD0Sigq#Eo1QAbvOT_y)*;$3nh%fLsh{^nB|OAz|UD znwyZTsYocRDyyleeuHGNf~7TqUj>ateg2%Ii<2|Cgcv}`{%7gHOZ)~vMfSrJ{5-b* zKj&8eBE%ysQPnCuG^c#$IYwot(xEkRtGHvVdT7sN9L3;tIx`Hq78ZL`qkl_B zXz6-o|CiBlkA<9odrV1#25mbjGt_ZL#lE1N=k`mTS?uY1P0ZRV<$9GqY`)+}Xvk;<~S zo%Ag($TQQKVQG3M!+X;Z|!nP zlx2TO$@lY0Hh%woB}1nG`{4s%CHq{gWK4)A?dj@WV%ui94Ns_>Tx%Y`xC)TqmBlQn z%zDA=0R(yo;57%n^0(Lz8Vl?o{HSSN2>Zo~3d-~K4ZhS-zl0v+S6u(+V$ z`Utty*b|#CHKU0I7ukfka4Wt3Eul%TLeTqobr;idHR0{!zHuI*V&ZMlD1xxhH4lPc z<&&&`q1&OKH1RlL*pKcZbi4Oxt>n)!4d@N9qNIygLepo^9;-a5JljXG?q+Q76u4CbT^ZQ|d6Z-|x z3wcgU0yGW*PHPZTCeS(zzH!+&JjbA4u8(s*2{Gl{Ea#w6cExiv@h`z87+*_Wv`8WR zD)&BrO}0)-6q%vLZV>Nl!r|ewaaMzpj5_joiMqBV@eJFU-y!9shJ%cpim;!^Ar&|#e3Ze&i1o(z zDIkY!d*#VlN34ak!0g@?T0Wowxhb#&hsDucFmrVOKI|5(YeNP@SB9dURlBfa;HeJD zYHT{jNN&dqTEe-i10?&R{y9Yf==;+Xq3zOe%g|1Cet++r+v0%TqN<`^yRWdzU+7)OjA0iV}in7>flg%Qu^Jv@Pl zAl=E9yK!jXRadi;ja9v2AUJ3}w0eA``+?;7qfE}bS@FFeW#Z3*kYEK@Cy|#FUd}w= zK8agrF%ym)T3{<$!AL z4Qalo=w>l^@M|zV+m@^$qs`Tai4I<7# z0AHt;)|=Aw{^-}!YWoT}TLXy#Dg_&JA6P*0g+aK(Om=@tAt+YAcQ+!K7bh+kgAtMK zzJ6swGkrBaa>l(VnOzK7-@`FU7J~Sklzf_!my!IdX!TO?Gfql7_Qos-htH)*K-S{# z>9~X9%}whAc+R|dnMV{qk{#>nR~P0T-4NMH!*|@>4|JC8HfvKYlQy1@9I|~zvIrl8 zK$?>7uzq{u$rq_>WX?lMkAnAJWm5_xJ5Arpd*=if*^;^5a;HS{XqDw)z#(1I=0zJ$ z6pshAg!Fcs&KrcS5MGMl3RHAWu`dpV(#)st$H^{z+J7o@j+gnmWm%+}@9xcBiHru~ zSII}gnm?t|e>~w&GUouF)juI~?$qJ8aATMWec=IUDOJQ*kx@_2(4a8b(gGjFS!P@( z@V$sKzMW>NqB^-{M+2>eX5361CTAfZNj>2c{YMjIz7la3llNY_JGQ`~)Az>&*&CE( zzDBO)rBe@NlMj9=&_+M`hRkv6Oeu>(q}&0@h|vF;VX>~pHM05MS(nUa9go;Zq6Nj( zIo7jeFMGWwu@j{SP}O!L`m@5fDB1-|`8*#J5=zB+u-Ey|uvtJqv?aUs(c$c^nPX;o zlXk@NQ3^$8;0vNC$|Ru=)C&V9FZT^#wr5Ezv_vShvL5R&uHEgnDMUeWFVgQ&kAc)e zF|W5E@Mt5umjv6?zD}j2J34kt<-;VU78kThP78FY2xw1|C@A)+N!3{SGVWb>7m_4T zn>&T{FIPGEVMY0u4%>&h%qD_biC$U*2q>u1(bva5RWD4cS5&mm9@&Mz%ad zhCazr(+E40?Jc{D2ivt9MaindGt6WuE z3#0c}AR3DH?d7GGM>|J^Vzf zCF$le(o6c=8;JV6{XK>g%(mw)pU~h30^Huw#KywK=I8Kj_wRNg5N!Nvj*nua6`rIeA2iC`R#{+JhOmb>>t-rTig^Hl%zWY3s_vuRg`W8gJ{ygWTQf#NJE$ zex7Kgv>|O8;xlo$0!x6i5(b1sS?KRTRRyJ@KAFTll=MKOyp+wmWQYmG$}->b$4V;k+2fjkzWp zq(20b-Fre2LtiWU$-ib)CDvV@iSX3VPW;VHNau&53lK}pR`1)l97|p{oxLwAIGFid z;SpYaF$VfehL+K6mWM(yNwY6eoM)npd1FGN#OOZ)z60iQJ_28qYh=sLE4 z#Nz%ifSha28{Gmc^oa{sGD2R*d`bUX&G8z+xw^d#4&jMxzkPQhma!)%li8!XFlcyy zg7n9g3dbXHe|FI|Ce1JEk%mHbqR-M%wC^#S&}geDKvcNj%R)_IimD}v&Te~lsy_(I zjqZXmENuJ0Ip>-50gXpDo+ZKlNnyHOz7H13y$%HFa$U0xB?RjARcb3`y14XVUMB>N zxfHnPcQY{H7GFUW)Dp`=Az=@;i1Zvsa$fiG=h-b(jU(VpNVKu!Yp)o585W$dme!5V zm+x7d_0e7O=!BbPB|LC%{tRX^%RG~XY6yBO>+|$2*<|R4AToWpEh5S@KYdC#)AGL;jwX)3E(({PFG&$7h^v6T}UMqB|7o}B)gww>2#$DQ7JE4U6uHEq^q zH*&PovQ>GXSf?{GG$1}wX|mES!j!IFLCC4>5ipP&kwmN%Y|VUYq(-z`w_VD+DE5LU zXO$(K=H_;$qWWP6(kajDHe`FH#H3`H`BuHeF`RB}k@Pkl7h@dMuWF#p;Fzzd+l()a zBtI9O%-36-GGCK6PF;BLF>jkL2C^Kd3Wem!nFXT-l{;x=KCy%0R!>(_37$^)s{^TE zTlzM2)(3-TVL=Rs)_FRT87M{m%PC5;_BGS$0tU;Li`wI#&jjW~`rylql$%skJ~6C! zo>qVH*9#gJ!Jqc4gduJx%e`-hL*6}y5{g7JZmPC)BHc|#W3d3(859JL@%ePzMft$U z;HUmO#}EA<7;d25!w#4#(S?~pBL?hUHBT^BR_=;<0wX!!n(inl;!GFQHRr=O-=JwI zq`<@H_1CL2HQ;oZ4J>BKdycK=1+ev;ARczkb24~fQtrp$KYh8sGsTe#*#S?fZI?94 zBR-aKMTsy@z7DJDvuOzPf(2+y5^hC=$8xgfiJX-xLy1QD*Ap-`A~k}GgrdM}=oLz0}TC08k0 zmT+59$U=v}SE98OGDfMJa?P>qdA&NK@3mgy@~3pMNZo3E=p)YwKS*(E$$m(8g1J6e z)PRCj1<^xe-DZW7sP!OmN-=fk>k|f3*4%EM%y|;BT14i({53P>;s<04l7bVttvy=p ztoPTXQy(WyyZ0G2~Y|M1NI+=mtO%^eEfy)&`%?1Lm8Q|M_O%(Xf4*ppL_#Yei3s^mj z3gDB$C4Ark@Va9Z6A+gW0vB{GOf8HIfGIB%S3BT4KvQUK;p7Yw%M{5J3KqChV!L{6 zK&F@F@>tIixU}B6z38#)85!uY>47i!YvJu1+SWH|8q_tPo9=Vn^S*sQ_BD%8><9Yd zkR=uCAcZu=SEdv9qCi#ltm{h_oqP7v|kAYB6c?>&}ls?oohzSl#tq-#Er zlaaI{tUt_k{cP}gE#8!Kj_>IFvt+0eJ1Z+jYAVMplPzkkl~uNPyYs~|M|-grl+!Si z@3b{fOh%I$`%ajV`l#tSVGi`;a9jjLzEYAAbXjlstH9(f-=>g@imdCu>$GXCs%SHm zu6AtE%GDZK&mWX$g+zn8kdUljcCUjfDcnFWF4{C6F@)=NL>iOeXQffa(L1ya0lR&) zUMj&h6EvarZ{Ekf7JSju9BZr9q3dk&M*A#h>Dga@PsGJ_e2c(*Ew7_ zH@F)#h2`GAdYu1*Ib5;tif31IF%TE%yz+LLi=7|-pUmN2xys-9m(N5BX7CJIIQwuE zy=0ITZ=EFI#AO&?%1~pE_qWy*Gb(h5uqA37UCY0VwiH7~8cdL1RK@f{4>kPN(;!X{ zHl~-vhTOa5cVz{7UOVWmi#8^%b&o6n8M#l)`>I8bcmPUHPb(8*x+W3FTc+ z&jWU$+U=C2x8yD3v|$5@$1fy4ycNd79CiMP%(}!tW0`haqpXBnuuj4gcCR7L0;kMJ zp4_O7)0Gb%s+;??Q)+8%$CbnhXE!Ogs>{=3QnZM{SNp7=Mj^-4kMpT`ohm6Yh|MHp zl|MmOQQq?{->7XL;ql=xcNrCZu?92+Evk%*Zw>8~OH=gQ88i>pA6xwoSCWy?p%S6n z^Hk_DDf&vvgL2?p(TGwN5Q)6qIyJ-P-j^At^);pZgW za=tfwB;j<#I)a%6ohoR26cP%n+vrn^uP0%b&qa3#SP$Px(xidz3 zZ0>Q~Lw)S%8bS2f@l=^pL;~s|3vorNlg#yU87T>==i8PXnB8)zeRpccp&n_;n^Yy1 z5zW&*!`*3ucm&UfXIuqSMR`31>A}q;@9lFdM79I`tAT|Dc*GS5u?^=9-;;i~IoLv= z`0)hT;G-@!ctnWQ@}1#)#E0g;8l7Lmm3*DWKVBzn2VB(z@H_Tkx}I}$=K>;q9yXxb!Ui^X;0Hhe z^zsnoSNiQOU5JhTgYOS4vJ37oqg?;v`vZ$>nK*(&AWhbP|NZ=(W2rkRW9SiGHr9W0 zNP))Tb?1FdF&`s|-Tl^N>-?d9%AnjY*m*4jd_*Orkrc{3qvKyBZn5vJNgoUHnsU-| ziAvV%)1Ai6#oq599n43k*=4pTyjR5Yn9PAiNO}R~K+Ho`vy;>PU5MSPxIitvb#ub8 zKH{5q8pd}PPaZ>$W)(2atM?}jzrh$S4#30;!MmmZ%1rn{?gZU~?6JP3(S0}Kur@UY zv*IuWVf@wyHV;!Q!!hS~m3EKXV=a%ZS%eN;21*E4hUJbB8vUPUlWdtK!vvamckenR z+?~@)e{q7Muy|Dst0~Y{KYT-l?imjGAuog`nr3O7h}yGEe%~ z(4R*|bM8oMp2K< z!DBOq0k0oXg{x0iGnhZ#>*D-mWvlrrPI{gRx3S5xp~{&1KpeXj zak%uxQZPwEjQDazW7^K(W_`D)^HT6AS(rcz9xrwf?bz6DskcS(lDn@xV-;x~tlVyu z$Pdfe6h5ar23Y)It8ZJp8LlMgBaI@!($gZ)Of9V>g#3bng$$DKsD8*tvir%i{~@j=^<};$iz+o+sp4 z!+N*hAgW$nX6I8({a1Y8Ukk`ws=C5sA%gW}$W`s!Y`-xuBmGc|0f@j|tewGPFh)kK zv>+O=3q-~u14A4xVsWq||6N${N6++9SLU*Ietzn?n>_zzSA0IfWrd&V;?E%r7#AR< z2yT&|S9kzbu`5`eUo>d`|MrIe71VZ^i_0?N&8xeQru;+VG&=jQ?;auW>*+&LjY#2lTZ-u-n0&rsCVhc`W z!Nwz@ejXc%iJZf`!2lrOUpAnh#0Eq+>{ky#|NVFHckxKQ@1{l?)xueNov24)X!z0n zg?)HBvG>tP99&VvNBLE}?q8E!zOXD8S-}K~_v9^^N1v)G8lvYqp!LJ^Fo^~!mhwNe zix|sB8<>*`6BsvU=2;=NuF?p9v@MPH+S39zM7%0?87`wN3nod^W1C#o-zt)#X_E|n zJ<#F94%%`pK31PPm(EZssgf11t-fn02l8I!(6fvlgC%2<7D@P8qghgRlgemBHD!US zhOh7&r3PyFjD;4-vPHt}?ARvG5QlMdPobsTg;i(J17pp}+v6Y3Ft0#K6gBIq9@xB> z8PKu5^>jP+mAZBZr@E*mNbgng=OqE5%5KaU*4u9$%ls+P;gsE%dn)wCpQohQ!357G zGD9t4^|zYIZzazwi4GV<4#xQugsg8K2%G7&wwQJb-%2_O!HU&t+s^FKi>S%3*%_}g zt_iQKCF+|xE-?)i>0dipo+b^=`*1^%2ns|c>2U@VVxJ`JG}PRpL6BSqLIyK2k#bF9*f-4>M`P|2q;Ql}eSJ>cC^ zXiHOdr^*$?89Ae$JnTFT_^8?8F`n#Q5Oo$T2#*`T==F|dlil^6D6?$PVO*GbAhh3; zwA9A8-0iBx>NoM3L~>CMM5j|S7aZ+g>MY_as2~|1%71E-S8Z^&4t?L0jz#s#-Xhx< zy^FsTq5D~~a1Q;u(0~taG0x}K`ZJ21^%t0rEcE{Otmi8A?(NR^MahB=BMBG>0(@a{ zzskmg{Qj%7w5zF3t_hK5Z&snhv5e0HQfXxu$+=$4aaLkB=zDE>pbcz?SdgpR( z`@aNR;Ng!#g;vx~vqr|=$%5BRF7NK)Ji6()ac@JL2{B~c%0}ONrK~-c5=C2f@M*cu zUS~DZ^a4%->MV49r)zlCtU_xVmP;*U^J@29t0%Q#GbOpRjvwT+z9`hgjlAzNcJ_Mp zKqTG7NpmMQmEW>Fxw|c-en7%TV#$_5=&T-{ReNoB^4x4Nfi2F?*v`Pf;HN-RrV#79 zy}$rLBn%s{%Mo7gaKEyWfV{5ka8jb*+HMFa*Q6Xxz*SdrIRjfG^K%tK*2^v(JPN#u zfwiffqcJNX2p=3BBB5Xc8ys*i;9U5&g^dM}4Y7WU2T|}vL;#-N@6qEAcCYi60a!8i z2O=BX!(#{jyU>dMe|mF&w=XsdXMD0=82ZK~#aNBQ?VIAxzyQ?DVldRDOOFHME1?NMm% z&CLvK2LxwFCMrBO-%XB{47}0l+Vr-MlQBXU-q^&yS^8N)+@Zl^S8~OIxK7im4R=Fm z^^f6%SnpYLNHbGTc|L!>!KP^kzi(B0jLq=0rl@b+NY5#93O1#Hr=S^28RQ7!$>hr92xhxNx^uD2jSSAQv%p%qvXs7MA?MY6;B}d7!Qbg^0lJ=xSDtqx z{>AJ5uq`8~pFn*~Tl<=OH15?Qe!pL#t^G5EW?x=)J+_QFjO*I!md+*=y8d{SBEABR zJmlNeXHT}8>YY_Znoduy)pjaqeG1cu_0_L|mEHTi^Qx)sg>!HOUHs` zYbysdqtC-xtygIINGUC_5ydDhd)j;h*4%1{A#*Ci)|%TV)x{>ZFrSHL_!qQrIv!2# z+>r)dH-Wa^T)*zLnFgJ;z+IY&gCBEL2i2d?ScrkeIJ$yBQ%sShe-NwdJer-V(y&`- zzL0JE>Wy`I4*H{}4fA*EyJfp?8F=^*{i>{j-ZV0O5F)IpFk0F-Wb_}kgb-2O;SG5F zV4dq>@&y*_4?I0TwHpVrzxx@e3LuIu1HL#f6IT9;Ptr&bOJ^HYH+A&|TdjVc3Hh%w z-EfnCr`!RLQvTy4J^#iC@c-Of|BIOsobt6(XdJPXl8q2Y1Jo=&J<_$Eibllr*Acu^xh9a$hG^O~SwXbadpbHfwbf6a$A7S9e7rF$ z7M9I_OFE83ag%0#T%Wn&`hPkWjHAb?p`><9T~P{caRQlh)QG7zc6D_?n?Zn#p+LqD z@8qo^&PCK6X@!PTLb_IADQ&1VJw={ng#alH=9Aad1Z2aPQbl1PlDG4ffUz#v@lhdRPR59)6K1{(!tV z{xUpiGxvRYLmL5Gs2;Gqr7o8DCFte4rV2v#)#w1+RlogBHys%Z?|0}5uw<3lzZKJw zu#kS7@$EtAs}G*SeK%qlM!!cU zkM^_0&Ck7Ev~epL;RYJqCC=D0&I^27jx5aS$Ad4M_5~mo;n>&w8Ol`h_;8&fXGPG+ z`I?{SXRTK##4@w#uWR(afQdIZU*VzAcd2;n_B9TByNq1sq*NG3dI*ZufIzo4X}i>| z#yHipNv{QKJI(MI)p|kI0=E!)%62^>R4tP5rP%R^NOnU@bC5JgHVv4VqX;n{nvR-Iqe zK`@o&B8}|t?4XA?Ihn}@bc%bqFFduiwu7dNX6Kb?jb47CVO?}`?ct_M2h%c@^@~KK z;~5omGj+j$+5yh%t=;Bl{Zp@0iuz*1*FWk=Mn0JJ)TAY3A(?v(!7UQ=LEPqz3T@K8 zJu?_moHyYQpO4JlzL9&I$jQm|6JE+IGEcO(ObDe&#Ef70i`CH3qoSTC}B}%^nYQqN`x#(dB@03#&?r?I9Ry?%hdA!qWAK5UZo`Si1K^N!Hf6Eo$y^#!72hC%e+*w|x3zvMk4(2O7?=sU zlU{s4d@n3_Eo;KT1T{y=YpZ^kLLc?T-HiFV6Q#SzPm?Rwnb%>~3`6D^y57jQ+%_hi z9SG5^lU3+3hbJM_iR<%ra3pSTHrrqW=oYmTr-GW(npAuk5I;p`#E~UgD)-JI za^<>Bc!em6j|tk+Sse4q(2ycNx$h;+w6S(0sQb*|^xmp>63JM`53ll@7x~rA{O~GX zcO?d%_V;?8vc?lyR_{q}XhGDE!?S%7#|M_e95*Vg4yggS*f3~K{PgGD=uD`2f3+cNa9wj z9W5>6oqkgTv!v9CJDSB^JJwukQeS`d1YUrG9Ix#Q?t0sV<6)PR_dG5OPNCqb<&EmB z4XwIlvaz>v#z+}hT?Tdgyu=}OwGCbrzMs!ZggsVDFzf_kh&)^)+PEvP;|H#AL2MY2 zr@UA{V~2Su($xZWC~idl$gf{?WL${Rb;KzB&TLHHB3dT1$QR}ZQUmp;?0cV)4es5G zWAKxDbpy1OkD+gw z5IMGUc^Pm|8#n}UaRBl%|IlUrZls`3LljpveKmPxL~iTsL+4{LURjgMHQZ2+Y1BJ$ z&I9qaFv6u!w^)noqvFgb$k7NPmk7P&@pP8LYlKn=UvC%`zcR@qtEp+Ii8(p7k3r5f zYlO_cGvKg_PUrfyT-`&0f$Wi|>RJvRr+F@<0(vep_cl?}+Zc=j$6`&5cdEf%-FtVZ z7^ifiZTWKqr;hzsW_PtKVA<`$x%vmO``1qMMje zh(p7wpL>uyACb~nlExmoUFG+bsDnbK>vQK;685upZ+GRckNvi8`hj`t^seL|G$HXo z3G0Lr3rw$+)Q@DfGW^XJA2<8?mL zf&~^RZ(asFbUW1w-OQlAHT6|^gcQ7$WHr= zKtcbmDbsN!oywB6Jl6BZbRcHfjXXCko;OV;!6#cf0rhYlLvB{+HdHLPJgxKLANITr zd|VnDK~jtxb=MSc68BTY{o&bz3fI;X9;_miIZ+D++dck``!}Zd^TbgfYpLBq9z#`@ zZZCVh%W}W{J)0uuwIt@2#jiV*p-McDcTLq@-=QldJyAxHlTmuWCD4?83k8EDIOTTH zo+D<$^83$eQw2Ktay5^j%A6p&rYND;4&M_v8$u-ZQjj+$=HIFEw`@%D@GRVwrBeRl zd|D^JT0jD2TaJ2Pyrpb}l3VX(kT*j-^V+>95wj_aO*ibAbc(z}&X8trokZ``EZf?P z+Olu5KJrRvS?;zV6lk`Rr?A;7)|BfQ6lr02uW&6ycSB;rdOsOzBy&P794>_*JJW3l z^r)oIWh-F+nIZ3hwZ_uz;W%V87h0m!rc*+(ogTO2n=uBp7PPpcFuL~i#MdWc78@w< zGC2#!PZ|-RI?Yydl@SL0t98E1utc}lMt-nYQi8X%T&|t8D%?usLTfbbEe<6Me5kTfw z_A?+PrUp@-*K>ge=eJ9ctC|>@+uB*%nOT^869@+YwBXZ_vFLuBb`I?Yu;4#z{wKWG zWv!PBz=U(N^Rk|!HUXWY?}z^v@8oZ#)7ZMs)*bR-f=W>^jpzI2w!5J5Lxi%5kNNW+ ze{9W~8lA9ZP>DUJ$`uU!_-IXUbLEEkK5d?m*W3dA$F8R;ERT9%ArnYrOo@5(<&Lzf zonWXY&6AV%BREaC55AfwOL@V&uB=WQKu-6p-7q5fI2;7@neN@m_*yh1As zeFyT3zi@~EnSx))ee6G-lVzQ2`G4=D^#?lmDByegE>Zo5+AeH{P-wxoo2_wB6j&Hu94m0%#1Tr}xiTNR3?Wcx_543k? zA#9v$pI3)h1<0=!&`Q3#; zF9I3%EZ{=g|Kviz1uwstpMA(>mk0q1Uc}MD6OgX{R@s8bLQ*lZb9QzzHn2AN4_yuP zRabKnM_*|uiMTkM+ntL;e5YpM1&@dQNS?W`ww3oIsV^-F+-Q znc=aNT?1{Pj^8R({ia8NlQ~T6OO{32TsYw=7J2$}88jx#q5lD0l; z1#a3Bya;2Q3A{Vzd~BuH9`*!7IZRURQ>_c}s_(LD*{uULM-3=~13ZU28>F=G&g~h} zjn>aUSMeHA6){*bt0 zeCHau8_x)vAdjERL#HG2nDX9!vi8lR^m_yM%6H(Is!y7Fa+?N|U}fvy>VfLLoR1s>a2ZJ zSY}^doI?6z#fa!2i%;hc0T)0rTbxgR{z2-A)a$!HfD#6L0Y8v0Jb}XCk7Mm6`#ea5 zmRdU~-gK?;>K_+eaMSzQG2nr4E`kd*b>Ldy>CelG8#jpaBAj5p2qM`3O#lWsrr_lQ zW(I@qcN`igH73TwbwuA9)6J|eiiTrb$`Q;-4 zV;3+Sl?!393D^)sKDJvS_1#0iPVjo!Y(}q;Xtig}DT87n+13f#Ag91<9*lOf5O&VizX;$ zVU}Jk!54Ec8RTwlsCdn|Dz!woYE&!0%;MgrF#QQV*Zj7cqtycvd3@0a?tR?+aZ70? z40OLR2mnLKp3Rt?oHR-xh*rxp;jyxD{@*JBzt$nIa=cyi>+lfwLP8a_o^~~hHc9F2 zTU!P%wB2xC=23YA>r2G(wu7az2a%sUYV^}cnn3j*-IS08sbBiX zRM|bJuP>ytmuG*miT|>j`gbu@|7~vS-@bu=<)&5$nrw2^4VY4-9X^}Qy@=YVc@%sf zDGu$3hx(~xsQ-#nL1r424k}rni7m>rLG?iVkW{!dj4Y@5=bF4$wk@A=#tI6Aimt&$ zv6lEg<9HLpVHS$`8XI#-UP9f1%pL0f)QnUd-Ak@+BklHuH%uX3Sv73Wyg+sIEUZOa zIc8JSf90k$ap-vY-EyY1siD2~kG2p~_-|m?ccCDzR)!29E#W`pH0*0iyWtV0*WHHr zslSS3p1xsaIyl{&dIjWN9foseHdMN(Si?s22_SrfMp3dE|R*X6FmBZN+AvY7JHHNd(@WbmxP z)>z(i$X#vI&wI9ge>sd6{So!}hk(7(ytvNfZc%(r?2OW6$#`ako}Cb}7TgCKOp4oK zO!qxCN_V&PtcD??USJz&op}`n@5Em7sDE(VEPpKnAG<4$^XQz^~V$bkgamQrL$aN(NT@2Q%roE zLWsQ_<4$jwn0>?S(cl1~uGD%sw{4#4P#e&X2!kKn=Y|U zM-CI60^Gw@un!DhNllt5ct#*S-)U_bHRDs!d-esV-hkeA3bxP&&PT zBLoe`dhF|Lrp|{DOXu~ews-Y%9HfQXa_oBXh%BL|I&MjwB(7M6V=Ftj zh?tyXCDT+6_KeBu$dh=_hu$hN=(?Q#AAB4P^8vNIs?KB{&^PmBXS>|kDR2;?B!8lqyffNnF8T2}XL}GddB;(TQVLOr|YbrzEcePJxWvb4*(vngXv-@)b5oo~VB61J4`zMXZY z*!0Jzf9s9@M!^aH%SQ|jc8T+evdv%@Mvf9i$`VxrG@n&iKd*k;ub=O_3yBRC`AT#N zLWs9!V#J8$B@@My*o;=)SMOhmmh_rUe=NTlTPsa1-@8MiSUkqWHsJqepKI1)@u^r; zM$qn)RTuY?g=TC%?&)=`^yg&sI~ospuD>P(&3!*SOQ?g zi}vIH$J|$jRn>Og(hbrL(%m5qBHdB~(%oIs9nv7(EeI0Q4N}q_(k+eB&Dnr~KF@id z?>px`?{|K9T`cx;ueCSp9`~GM&N;?!O>}TpKOb6f0L=pa8L*MG+&{F4_^A}@qWi0R zt*+wuFEI@(AAY`D=0)$pj-qSC_)CrUPP7tmy&ohCEDElmv7xb@w%G%E_E#V7kFH-p zt@6kJ{64!25cjwXhZzA(Ex_fPnVs>@GxPS4m4WT<@IQ1H|5VD1c_!_fBD*#My>9c8 z*m(MtRT%m=>Tr0_{x`jJKu|6P%pr#xPuDOc3sS2^P?;Q=W+~w2FeNk{(oQ+JE~Q^j zy0#nc6%5y~Xqs{!=soHGSTcZO)cvVvt73_Vj&OdHW_01qDpvBwL^-|+V+BWU)g2ND zPjhOGHwLWAIFKWQUyD>*B8J0A2e%X!{B`paZ&X6QqUnsQdP`g_|4R92u^MXOb{Qb* zri{8CzJ*RDT&4AKvB`BqF083ay0#Q9sGKVZ^S4r zJ$EFXhU-?E_keew^Fy%`TT$numxoyRZB!x+FwV-8;mp&%6bE^F+16aS!H5k-v8vVj zxGf?KQAbMjvK^DsPbo$ z(3Ti1_mvO`8&Qd;Feq zOr6A%w;b=1(hMd;bIoGWme=-Azxn8x)hTXhzsce`Dpd-WAudT;jW(g551EgVrPRuR zrCd={RIbXqOxPurl0+yQkqq};r+jpUr~u;k>1?$%c;L%-rzkIf1}~pK+Ks;t2@`?= zA})Z16r`4)9k4tI@XsIq##RdQ0T@Y<5fHtW7#Yik$*`PTLiTF^#!dIzPX4ziJlM(a zXeJO~ASRd(**HCJjowPHYfL;24qNDu+^Vs7ovQNkY}gEvuy+bkxDc9jz9!G7x@5?U zBJewR6THR1seHBlH1gotd&E|?y&EkRk3PSwU>;FiQV?!KwCW&NR6?5GEK?8xa;LfK`Dq}_6P10@?87zO^Ekg(NuaqTOFAgX>K zrZJ)mlb|!ia2yCGld5WUNaU!6{=^4(n3wc?RIw;B}_SLUi+q z=M5paT{)*%o-G=b3xmyd#Ku385OpSDvX4wFJTcm!s!`PMSJxgPx0+&t7a6;mQ4zjlEj2vT;E>@zaufdq`n~)@cpE%Y zh{qwN{9OwgJ@8dcBDN!66{Ti7;Lb}8z)kvImCt}oOM4wmymhs%x7STqUxtJe-6m}V zB{;l6;6lDh3SI0N!zni>S}vXTAk-`NuU8_X8W-_W67+r{-{6l5414Kem;JKnTP;#W zlJZN>a<*5{%&tr#plWS7KB9+8FD$&CkYmbhCsBMHEuV0OWIAXGTS*8>pJZ z6{ptSo?n!EVpK;r0rPB5)w(Vy8)DQbF9iAv8=9pciYPM;vbs7^MP$B2L?UK=Pv5&D zuKM;9`M%GbMxBP^m-QSA-H-6<+Jhm(W-kd5x+${ysWxIdMF(On@uEmSb#%0}z=0Q% zwGG=3FH#vc^Qh(|ZVk9#=cS+utv*Um)SsiLXy~_$Ht-RpoZQq8DSq==FHKR2tjV&6 zjWHohs}A@5YZfM*Y5_tB8@LQLbK&-L$^nMC*E80tvz2VT^Usf}AxX(r>npCgLCUI5 z8wFYdkfKwG%`k$hgUI0&M84*iHG77nlW*Z+EklMmT6I$&x;ZSo`Yws7%b@+QQZXr^ z79;jL+kE2;f-gHqL>a`W6RE!g_}`uIJLBd5F!Z{c-2?!-p(#X-rVtmE1asLMj;V?? zQEyFEHfh(}wyz4YuzClj$}$?VmmlI>$n`(2c7K6~BX!YPK2IwTs1gz`_Q{D84asTv zhEAR2K;z7+WrpM#*P9qdZ?Mm z)V#q7G&b8D*6K_5cEP6*ty`x=o@yffAj?Q;f;U%*OucS;vItvBWDcCm_(a?vbDzv& z?Y+H3J|JsWVf2$so*bCZ?(L;~a}#aupoRh!x4)AED>b{`WrScb0))VftXdzl$`p}T z)?w!J-f=hB-MuuwU}W)IWpn9fVDp!ehz*LUXcr@wI4T%JT0anW#1&BO(J9g=olwfO z8E<8a8DPYYa*YEZX$6HH!l+ggxh60(FO%63dpo#>D=;`MuZl<;j%-x)O6{oFH8CaU z2du$fJ{fJIPe@+>Tw5Bm1|mV2p*q$g6JBI&EB zYPNa9pcI3A5R=Folx})J|4YCdvl$XubU=0fyzKMGTFS;mQFiZy!zM0qMy#`@FhXY3 zZW#s5i~fsnYmX}ptn^0`k=1Pq^$;aO;bf7SVb}S0sVUlTsp; zl|f$LqdFMt+~L3<4;6#-@4)`OkP3qW`910U;dT#;Lh?r%`m5v0-?%WUVMd{6{uCEUVQ9nm4K%7 z2L0QkIFqW6M#Q+iQYs9EviMxZ)Z@FlLN4u}HJ=YJKYzp-_@xQ;YN4~{J`wc>h6a!V z;P<*PkMDJ1(sk3dvo#si|Gi&6Bm7-!8KD0Y3}E-bc;^U*hX`oMLGpS8u%P+v?*I$n z7VsW{fq?>|(%+Ctbj|3DdiX=kgvcZ@0iq0Zd_>ylgV6MEU;e%S0UP2@Z{yevk{<{R za7#GgFPP~VbU{HNn*VtEZnI_Oe#*_ulevn1kQ$5%zoDAtg_vGaMtGpyC<~9uDBaZO zF++)#D@b#?eire&c{eXVjVOLFuvVIDCfwqodP^(@4CepL<#N{}6J4&t&~W7GG#8oj z2MR}?B2-81@pCEz@^tv~x3+4VR^Ort^#wK0FZU>o@-qXR_MG-)3LzcY?^l$erJlB) zp3~p;Hf^i@Tv1?PfZiq`z=~S`9w+^!x9N`%<@-D;3<~D0osftnf#B^`2t;fw?XA8S zA_3kVw=@qR6#V(}f1|AlkQCp=N#EO=?hgNqlm6e_#6NX3&819iDq)IcsBTSYiu!Lh z&fcu-8R8!58aooe>0Asx{rIS9Dhu_@ z>%axrIgiy)w8gC+&aoxrOcdJ5uwqSQo^&X1s7kdQeReRR1pF*5ExUI992*@Ro%Y9; zn%K`8L1gvwiij~yE?OL=&gi%sc_yRF3|^tPOA%lf?8o5c?TPw#=VTaW>;Fgos{f^CCMJo458b?xm&hF%kRf4? z>C6zQY7zLDCs4UOFj!{+o=6tPE3p_1H!P95Htf5-xWHL>(G=N?$IfjE6UVEJ%AlFO z{W{apLber6LR};kW8NU|iJgo?t1G4Y2PC_hiPv!h-=zfeTcCFltiDd|qJN*cEj)-p-yB7f8_DDPU{jLvn%xPGZuMNi*!KTlSPhXq` zRQ;ATS*0!Y%E+m9I`H}XRMWW()pp@C@YnG`Jg`MnT=B9i?L|OA4-yE$9_OlP?fUJYUG^m54yuj+?)sj$fIY$^gUB|1Hq-LPEWl zY1>anfRqK~1vzkJIhPd`pGE06y!!=m&{tNKv_W+yKsRLC_LC^=R(lKK-L*DPdaOY3wXc#Sm2cn>!Z- zqdjc~L70qwK>0~-a{c56{owS=-2uB0+j912Q{XPAAokT)Ii(Xt#}jiXJ@Sa|LBd0E z=T&snNCgokIg^XgwAddyn;YuYe`yR%GzOHpVT{`aYwxb*-Y!Zfi%LHCW>IE zbq*a;_-4GU$=vPC;{vnX?V-uBx@2G5?tsbMPxF;t^8HEamwuVNwj^-{h;|RRF{npN zxYzC&)rA_zqv#(5py8yB-c z3MH*?=V)nT`a>cU7KM>Qm-1F9`^mq-0rkJyAa#o;thZ?Z17O(bmbdvq<@`q+Q2$3h z>_5R$F$okDr88@)7Tmip5?sEvPerV)J-`;;>e63EjPW3ML zSy}jLjbc@4l|S;L4l_yji*ch2F;@>E z!1f|)R)AJ!IV-SkKxz-UcNc=U*n+nYCkpqEzw#8%+D9^D;o&~*u_M7EeDfLgx{yk) zGkgq8Y$a4zB#_(Kr{`Lvf!bZBJ*EgDWpqfO+0b?w70P{;FU_`^8D>D8k0l^BXjgun z6zv|C0MeRX#eXGDekVO37|egn(g4GOX)|bMsHdwks4yroD566fn`;~D(;FHaFaSbY z21p2SY6MUaY%tXD)e&s}!q70&)&WnGQBh197c4pkQgq_)lQ@7e0!z9dt%i3)I1aXV zzq@^>U*&U;5&gFxXSeIVGC&^)aGZk_Gcz*(u}1Hv8{d$KGid4zOk&5=^K8x}&^9<8 z=Qt6uZ@0Zoe}(*B2SLb6ul-A$0c||AyJqotFNOX-@H;4Mk-4)o*Ql3J#su)6dCe`j z;VmZDAR?b))||HN%un;bTZkp->eEAG_v(t?&Ge;&MX?NTT+Jsdhm?A)2FtdtUSErB%x9Mxb`#U5HIv>ZV z9jh}zF=s1OV)7ZO?LQOuV^{Fe99pN@FGL#8+tD?-4}X4)HvJ8;4E;+~61)yTELQ`@B;wf zS=l_gO$lK@yaD`NB4)QlG&~S(F(_rw*GFETiX^f8@SxHPC8p1UTyI1!E}@%Zp?fX#yC~K z%AUGO6?>Vy#=J%nd%_1`BygQsKaLw-7Z^MbHmA^{-kZ>B?R--o`Xute<8&Gcr7hXf zp{1w_#Kg-vU&v<(e68k1OEg=!sI@N9HikZAOpwHUc*jea)skgR4O657xHG>k!HrWe z+x?AewfK-D+hWsl_r6gz5Nb(|#Sbwtw9f)2#>yfDs?1Qn&CMRSoxbK9vOkJyjT{RK z9E{kWF`s+=QQtZ?7#{R0xk(khFlu`9+R63(R`CgX&vYLt_3Gn`#Iz;ZUQT&9(KUpI zu5t$mxiusdKO0?8um!Lu)C5={>vnG+S9ZNH_-ao&W7vYAtrb|tJCt{sHHB9)R7$Kc zFX&*t!#~;bfv8d*cb*k*Cc}}6afSA1b#?mF!p*AZ1gviQ4Rgk$S{gL8&A77R%!RS?`%o0rHr9kL(Le-EOMk>bVQeWA#uqMV8aD_V^?sp z{m)IH7|$Z7;KKFPKwCM33HU5R4S6`nuiaDwyEHC(wP%8v9Y+M2SfO>mqROp3YF?4GIz2eO;TnpNPur8@gJv=~_zDp{_0w{jF5w(dOmfB7 zuiP9qV_7^g2xh+coQ7UPR!?b4(HVa5z4|P8>G<4h&9%G>9@a+w)BzHbUnCapV!@m2 zjbg|((PJ%rSIsYEWhYD#@y|!utQC)=2w$DVIGvx;k_8yNU~tT3d&Mk=s9eOS9ky>$ zx`*j5uA%j&N(aXVSRi+6?Utgmxn}~&ks0vCXekh;^X3STm>g zDlf9m^2D4@ixFy&(p{@ec31{0$#mGU1K>{Aujoc1JRl>f@W$QM{CpBh*rE6~G|pHd zSGsg8lsw)(k2$IRl(ZI>3EVzz(B!0jz>T|DrTnB0?5=(9P8{up%#xw6YYcF}m{Ip{?ohF;btT%YQL1ZtX*$4Y4;62gH zU*&KHNQMUGj0wl>(;(K=D-bmUKQ|UgJ^Zj|e!4yNZMk%BJ~CW^3YN5m4698J5nO-F z8*%d^V;|ie&?D#qW?ud<#1lQ2{~6|jA_CAI4nS}o-iNuMz(52K5%M;&edsX!T=GZf z2Mh|bqJ^=uzMUn3ycHdRGl34$jN(kYAfK9tz9yy+`DLI;GTQ{t)ZyvJC?V1P)f&ORMy5lS!fZO z@G?T0W#&m@xL4rwD)ZQ9&<7JSKJfe!B_^h)myg_a(hS>n$TShj9zn@`%~qo553k-4 zI=0v)Rexu}(YW%4{vPq8^`5hR)z*-r~oM#~# zm6v`5K<|uTGqC-DliP%Ky#p(WN_Vf{39Gmdu+ofGPN|=WGNUR~Zhf}w?+Y9+z?q8W z!c(~iH2{tLS4ex%b8uIp0?3P2hxYG%L9HFwEfI_|E9cgXM?M!@g2 zyL5_Fr8|Vd)`;amf(wQ%xyAF&(2{nv?^>VHsvRd61g2KY#a#JgqS&=A6RhbnXLDfz zSIPPav}_2XPY26FJM{u~r4}l=8Ixm3{Rf-)fxce8nolIpP{)-n*T@9&@m4(}`au;a zcu)97PNjBCU^w5PByphvqj7v*{`?IJ9_ydBCiuc z((VzRHP^`}kwarkw0$HEAN*ujxuPqODdapAL(J)VtJ$Pd;~mfb*H1-F5Lmk@4bTXq zY1Xxa*xoH0oV)g`+u0T?Gl2fCg}wP7B#~&p^UpN|4j_nb&4fYo z@7EBN^amhAI8b$&KNphNgADP1ZzN32KzQFch<(>tb!U0@{QF(piY5M>SNq`|45+r> z#!C+m8UBrz`lpzwdp;9nY3lS661{Xz>)l+en%?71diMdtbHQih4!SW#Tg5g6K|&(_ zIWd`04~Z1iYJMRf(%C4K5-uK_{k18XenB8K%qf?pxd5}n=}@PvQfS6V_D3T z<6?8lRK>^WTM{l2OmQ`}DazkYmBhgCGu0uiX04~sW`h%PLI!xUr22bYkL!}t&!PK? zbv|ssKVGt-2u~|CB5IFl+84jXy{0X+^ASDwhim;TniJzpL z9X-Tj7o;WMxQ>JabB_r_A9oa^No$Iill`;nh^UFz=EMOOVK1$?$3mfj-oC3ZVPrG^ zDjKdI0}`L_92-Eonk)I!w2C%D*|JD9aF4L;|V^`S~{xJE~F`|-b}m-ZK2QBx$! z;7qjIOlP+>sY@Qsy2Kjq8hNgLiLZT9b#1Xj-9T`vk2R$T?M^y#t*v8o=8g%nr&~UF zQM}5f8)6v#J!bmvnh8HI?u86M6R~7(FV`QMi+Q&(pWORfCF^fb_&YOU;D3*qFqB{J z5jxzZAa;xH!kMBl)TI^fGm6--s`eIsdueEEr&aUVZi$>gfTg5ebvM*ZIYa7GNOV*E z7)Riu>?&4RuPJM^d^-$w7v=6V`io|Lhfr1E8n-!b9=+;DRJ$w~g%O$f9gR_eS|*?Lj(~%b+Tc8;SfeazxFUBE`;3;~*bBA1ykh4yPya=J3hOh$Qe0G9uK_Ax z)&WxjS_`>EF*40T)KJw#CHMen|WnsG`&!ZW$0^p4Jxoa`JiKmEa;$|>(U~KdA6+{)iygqxXAQ|ey5m9;5gt5+!C`?E zMEU4z5;l+ZvdLo$ZwZ@yNUc~T%G9%hA*U;JvVhU+@%%>vwvjjae*RAS!*{@sscU3! zVQA#2t#4&&e4iXYRQ~xa_Y3vQ0jOUBK>hgd1R>g|27M8=;_5gcjTMOD`jkJ>U*iG# zD=0C3hj|z{Y=Q5W1jr_s-D=Pi2w2k55J=kT{gQ=;Bh-H`A@(obaqc)f7Dgrjg?1~4 z%XYgZJUnFhe|`Ob+9wuCAMJ)t2Qu3m_Pu}X#wl%{GD44fpljCyOlZQk>H8c~f=m@! zz>F}}Vk@ao+YTS*sv5L?2ng6C@rMe~neqzBn&$R!OXF{bSR1@Qhs%l<_h` z@@Pbu&m>&6je;n`4196ilM@pryIkzc)T40-H8@`&#XQ)k&KzG2DD0>Tr(}5|L<+Qw zt7@Xwrsal`h&)wkvSI)5#Ek7GVMrZ81*X9Gr1=Awkh20%QKS5E#h1lX?kvXP{A)rv zz4lzgulA4-(WqXE9po#(;TSC@))S2q7tzXY?num~&rWpAFvka=jd(rGj`72F-sk8} zL%)4Y^o$?hG9id};*9U9vr|b9aMW-L4-{GsA~0p4bPzNPO*Q9Ls29=(YzE*o#Ngwjq+==9^oKdSU>ykmJE&{34 z7}ke1C$_glDGJ}+zW~w>4@f(FxRXl5{lzFUXrX3B4mwA^XX2TE$T4t0fEiLj0)YVv z?F_U4iUwdsbx#}uG7|uYXh;PL1O$dERPwPC=7sC7>MOXIGferGT--^-KNjF!QVd<@ zBd-F?8zWZp&8zmzfq=MzT+43MB!NZ43`qWS+J0^+38bJ2RYy+PE97;N&&oI`R2oi6 zX)siVxukp$#xHDJgA7D3D7}>IAi9$`Dc0Ey$*8}LRq*M*IenrY78?4LAOLG~kGz?u zoZ}Ixi_vpC#bh`Yx0gKp(WG)v3nDaVj96n$kcu63$Q5yinm&HD)-9jSypSAVU`m?2 z<4!ht&d;}L^C_aaUd#^5(iJr~K%s>=%CW?bCl!w1g=s%xbxA7XFoxC9dP?vly!hhD zE-jQeUUgHF+UaHvPP%RG{?jXsV!gCfIw zu!3{l(;zuP@Ni+1&AGaUeP z5D4I~4#}65?zX=%_U1*epb*ZO+k6eZBTx-49OQqbBGQOs2~3DsbCo|#(T&If-Hq~O zAo>0Kr*=-%Abc!0=LE)XBfHv1wPjxz2HA-HZM20bMOBO}9dqft8X=`Di~HMzP$E&S zAi^J~ody_}BJ8!k#@gD%)xLB#3z``Rg-s=^MV=j1;3y!=V&1g(nxgG{B(nlKw1*al zV;a#867j|Wgs@a(E;v!#vqmwzB9p#(oY`>7z3pu|nBbPk#hP->3EWo~>e6N_%GRek zv|OUbGsN7YTQ1N}`Q}r34Dkb=HlTsIs=`G!POea(g!)BQi?}(ZRGEx(24E-6cI(!2 zH#{o6v1G`>elbee1*Z0}f;>nR+%DQxOW}qxtJ~a?TAs#A?D)W{p^EFB^Ub}E#4KX= zuE+66TeNdK{B)?`ARY_X1Y4|MkP3DDCnd}pt#%@udc(|x*fa2DmdYb1H%LtOrSjQ`)POm|=m*5_@42<+oP zB&btI5Y$X0ul%uC?l74}`}2zmq z3vCnh8YNh7Wu#?z-SvLzbzhZp zDw1JO!if~gnf4Fo`SWv-o>45!Bx?`C-tVmi`NnM*)C52&l|g-vcrjXXW$YhtJe4U+M8*2H@}7 zWq?_?KN@U)8*N~uW1zXmY0^J%`lp`IZ|C1d;*0!tP|p2e1|4uH_7GP*?scUOR_v0D1G%&CQs7u}Z(*0!$ z6=1M^+cHQ1<_(MlVBX;Y|Db>AWCAmIT`+i!{A@=+pA4Z-^}=4{n7#;l=&C+ z%b!o8K7o!Cfi^%?(@NXM4)Bw$t-bl*%4go0Rcc#V0aP-zbzC(WJDq#y zl``l*z<+rm#@h)_K!-LA3M{{#-ko1O0spff9+t2us6T(JpzxgFM-SHbrfX0X%%3mc zw{5PPdT8>?Ke9@<~W(cA$g|_oKbQf|nrD*yD=d1?CbMrLcEb1AiX-JT#w^&(? zB6@&I;s|-{2#NJssOw&-WQ{L6a3p4ng@xD^TVy9@eNGx?S4+yo?6oKMZQNRtVzv&$ z{`&E>6EE{UXdKPy0BOf@H3?&>u6mS*?pM+-dAi3u58eAZAD%lZq05Sjb8}$Qoa^cZxZILUfQt-#eGh4jsy&RzL~bP)b4vg7);rEJX`{5?8{lf|367 zpsV`noT(4yD>fzib!JGzdHhaOsu+i&aHXuThjQil@=yZ{G9%9N!B=&-FP`jQf2dq_ zs2d~Ff6I40Wbhug-Za5~kI(G@ld0RKW4S<2IOdeh__Lyq3r#HKjS7umR>$f_{!E6h z=SxBj!U1`OueFx1r}N&$3R-X7Mw${Ik^?5u{L!%mnsnQaG&BevvS#EC(Zo=*EM*uJ!`XToYi-PFr=t%eD#%|l#7^xX3Z-EIEh3M!15Cz;Y0soIX{$cw0 zqlkW2Gym0*2`H$4m#YK}*Zybk=AS^Pqj%MI?P9cUm6nz%cYf82ud9z#tkRmQbu602 zFcSv1MAJC;X=z*4hw#Dp?0kL|&XJkuaqek5_H6N9DN^qf@f>+%_T2+9bL&WV-O7So z&DLz+QyCrE#?$ugY4)gPh*hXaxHbxY#fzSouhHDC*IApSY@m4>IoY49Ix^yfmUWT{ zCB7{*2SR-bR#l6#B?}YJ&rc++uN~mU|2)@8?e!d%xY8KinmVpLjeC3_HUxUMk?kN0 z7>Zhk^~g(C#c2(_MYaHj7htPM<&>Vt-<&uCGeMAC$qlLkt6uGQ!{o6S!03H!GEk54 zZOI_T4^YQ`4oiUC%U@>!E6ZLj(Q^+vw^OFSZ~y*(Ey4e4Br4@?H3mIx5&<5KC&PvU z)Y$Z>TYsyF{p|_AZ+>?mfQt+^)Jvg?)X$QP64jCG0yJS|ullE#<(;g@R|%tmrxXJcN%W3`40`91+4}NWN{y3< zKc&7RqP7xPRuloa-|Q*3`_W4?9H%p)6My=$q>s+r(}aza&U4zW5zH8@1@)R14nj?? zs_hIWeh5u74Y|?vi7tDCV7A8!88u8>oH6`H$Wk++QuQYXV(Dda!_yR^1+o; z-fjvL`KKFnC|Qo{kH!Cv7$`Ytp@^!ID^JgJfkvp{R%*)qnGF z@&DUMK1PCvBp)Li6C1$D0U#ZCNAi6?{P&Q2cUSr+k}tjSIbztxzS+}quw=g)#_k!~ z6{LJHZXCsyFUkyfB;~Dpesdu-i!D6!-fJ@NMFPyWRmEDw$Lhkj0}4I76aBY&KojJE zhgnk#r@qQ}8E}slf&fpEjBw?F2p4DLE}z;eJ5(JbM8H>k9q2tj>yTV+^=E(y#c*fc zYM-w|NNx@dSPo?OGd$<*ELcEE2FHvacym-5Reni4GBDOgF1C=$odlH?tWHI^aLMsb ze#*^#02^AqUL724AVWMn*ufh<<8-(a)loI#38YsNFT}Z=hHiT<&~?s+9FAN?6o(Bc zv`#~b7P>|5Ea^v3gV_VHp{GmI!TyJqt3K)Ez8YXHM-dGSJZ*b<#`Ww;+1ar}I#b5Y zz_CR=ZL%zzaPMvi!&Jh>)mF3<-wtn3y$Y4(;Y8cbR0+#hn`=LdAX*I+vYw4hFmq1h z;fZ(EIBrBYO4lfYCBA(5=pB&*ZC3^&-pYs|aYSHR2i4ldQDT`gK0U*0C>({%ig@B} zC`a5Fb?u>^*U6fh;*p7agzv=Aq4FBEDHyx#-uoSYZZ8cUT18}%(hMfxU3n7Yl^axH0s&cY&<{ zW&8)2bT@tiDBED3tJ+`kI(KS1c6QGXXtpA^JyjoNdRJ{SF@}aF98a9H7NLrnAi4bh zS(Z2Blfb@>i#D)W(O}@tP~ZVoW{6l}13NsKotDa)a(L}tUH1t($BuuhV?&u~57*hCr7ZBY1 zK`u?$W-m@2y~U=tw9*YyZIhH8M3{r^g*G7GeD63jIf>#JXQ6ak?NMvAC}>rU7SQtz zyoqIxw&W)nlUz2cQY5wl(Fe}d*@MIw!gs!HVI4YRGh#{^Dwxq*>Yq*XY!hy493BRD zYw0TtS?e91rdl7buoB4cD-6wR`{aTwk+RSEG0|$+ zM#!l@YwPEcSUkh>#T(0f-phZ%kJ{QW-t{s|*8s$`0i2UdBzYT%O!6pDwkeO;0~4|Y zb|;uDLvKV|d`m5DuB_M)wCwS$xw^5Dae)TswySY{CzqdeDq2lBnoMhqv+_ij*@juo z0i~`+In7sEo}HKa3;C)~KZ+)JnWsL6pyEa@4}O%CN%A!}bliDCqEatbH^%p)cpoku zNdU9fYU>>)deUnyop4#1EgeTk4PJK};qr_dwq2HXggZ@Q?0AfNs@~G2Q1jfWZVCr|&@)2M54g zoef~3#d_CO1#s5^^eX-k2mZf&`+tg>W}e3mBA>DjL%njYl(V|B+#RSv>QQ%G+}>~p z3mxyZv=va&DrANc+y>Re^(2X0&5L}2?0vF8eK=jDP4^lx)YPoD45VS~NxLW;@zU3q zY;w#P$V)?7QjPTdNXy3uTv%R{llab+Zf__{UrW!w zY~+7m2-S{>us1BfYc`mI42%*wtz@au9qlrj zS(%^Ru5B?qc%H2AaYZm!m4J$A2}!PbL~xtUraE(cRnMG;%U<+19Nz9O!j|@UkawBK zs*XuV?y-t2xQ52f-<~at6kbx`8Yq5G)j}A&UVo31z@Qi)fPrs7fMI@5&VB_=%eJ)h zJqQ40uGzBeZl~(7x^;%v41emp0cPacZj-miU_>~_TZMr@L9CwnQ4gT`7tA^pC$hj1TdjOUfr1+(>VW3S27;c^h&XyopfD?>tSd4$miT9-_UR-5VY`V!(B=HMF%1Xu5>oWoz${$DZX|b zH8c2r=u?z9{=`6Cb+6qmJOlCRQOiL|@|Y|^6Gdnk8eeq0eFkEMv-xzg797+HGCTI> zN|YI9aVEzrB1vl2?aP-BeQKXfVor08L)+9}K{dKSjEfCmJ$X({2ep<8E+v9FhQ3ic zUWqtX7uS>-R<3ZjmVe0-F+R+wst$fFUw|wTXf|N^{!hvhG2Zbsf65X8GA9lu1{UW3 zkSq}+fa3k@;0f^U;0Z8b@C49xn@7K%Z43b_(z-zve}k22mDut8gL}@rkra;WqsllV zH`?6bxD7r3uB^Ru|0XT{WC?}9kD~4398IXpDvGOE<#wOS!8z2>bCzPj7m$lof-{+o zlyP%M(W)lXCT6S)+!LFU!k8ZsT|K7z0{LW5hogPArI zOlxi~B1!+0@%hoX3z@eu6VJW!c-BA2@&LX6oOSGUY+;x0!OY`@F(Em?Joj6I^tUJc znSuSyf_4oWdW^~Dy-;0}weuq8la6*WcxK;69Ww1cMD&T?a($LTq@eeC`QQe7b_eE~ zDG9~L!53R{AHd@?EvecS8b}*7i$3{p3e&WdHMDGqSz)5bL7{{YEa1>_iuB;G05Qa< z9tveOW0wF+7c?{zTj=t6inl}V%q&@Uw&;9YwiyTeWM>F_9$1h8{K@hwYVmMFpX?j= z9Xj^ThJNAaJT}Wtq$x>()QAMLIn_*Qp$nArgm(Vk)AZg99i6QHWoNOP!qadvF7u>KLFBj$~I^UX=oE6n_U)hx-tt-QO){o?QawhE9 z_X@k*E$Hvw@HV!;d&7%<`sH>9J_9JfO#)VR^Zka5DEaQJds^3W;qi&|q$;TYZ#{2t zfc@CZ@4<%rz$+f*UwOr&{KYFC1xY|gN=8ryut)zi%lpNie1A<&{-I_3Un+99`s{$+ z{O3F?JKzv7Tz2mo|NqN<{!@w;xvmg34D+J25T0bVeL&FAE`gdY%Z=Cy$huyBzU`a} zIb6a6@kK+Ll}(klN0-DSjJG_?C1BdSH%M`vhyJ`U=e%lXZ`N3xKckv{NiOqC_jYzD zwvL$CzJfnbHanj$@jgU#KWl8urI+zY@Tj;n6tHQ40~&w5WlA%$6CRI?THwCAY;if6 zw-QA%C19#kt$4NBQg2one1H&|xRPXMoN)R|ltF0h{USWKkk%zrtSouGVQV*CrRk<{ zXD2~=>0|vlQK;H%>HK{kVK(2b^L%u&n?cAU$Mm0_ok%d+#m2m>>;(e3&cQ*A(;=>Xtb%>WGlKiVX zcsv>uDapM}WwKLmMOJ+uq-eh)pt@pr5T5hgZ`{6N?|0ebw?8v6js8J9LHw0=dVqp} zg?iVA0rPE4*te=kw$AK>6hA7^8_DFJ)nKPi8%pL;&yH)5#U0S7%RQ{z;Vgx zn_iLZ8rnqnMu)tLV+sSasDT^W=*BmRdu$vQbXh4C^<-#E=2JreaaE<5fRmqE?N$_Q zM#s8Qo+NrHb^^@0JWW(x1~jHUoPM554{;UtM+(1IoSQ*voxN-q=*W1(5LDnkBM1{+ zLVHlpz#t2+4!`~UY}zk}IV6Z8KHYtXp-#%B5J_LKsXnIwPei-zfQom2onFre<~@1= zaL5W1nE zDdIKFj)b8%0sC|HA$u6}RbsG1`xXqa*a*@NJ4lyD8!tY%HFcW9ya~w}Y_7y>gu;$fog1k;Qghq{}XMltOsEWtGpkCxO&?AIvh>A zyIlayRNu)$A7GLA-T3rjY*$45E4JGJ>;kKR*skw>CqPCbtS2{96e(7g-W%;7r~HuV z_b@lRrOYHBYz2Va44DD(zAOhVA*3QLB%mNB|3d%^76nXBMn-}0yGRNs3ewM02yS2a z!H07I#3t{gChtdznT(Aemb2MPL&Lw%Vt{UlM#llDo=6sUaoXd53LaOn-*q(9$tl;M(ISjM>(6oI!6dpD;|X zj~GD$XlLdJc!=3AlLfVj37sb|hQ4QRcX~;;)mA(dK-Ts%c?0_k94XyrW6v3+86?xi z(?$J-zh`6j6<~lXr@jrXu8kSpZDw}gZ@_eyoJst6I_ZBt5}LPW+pJa^ztV zUOQj5Nev z%r|DBBtaHu1cubE<^?QWR7A}16K>(V!%y^{ePT_tz|!ssHT-Jyc8~;otreqIsK`~I z!t)iV6oD=Hr2t|ItMN1YXi{(LT&@Vrxt9Fm1KOCTn70F%af>QTnZ?-X+VCeR*79%I zuDFYV@XUfyi-luDD&<^zX{GxXHzZ(o6R(})zfjiVOySnfnD&7okUh=cvgN*ho`*!P z*f1R?u_uGMgLc#4A8)XmNNUYu_Waui*&c%wDaw0T(6M*20+iD36Jy=q7#p_2pRfR~ z4hRrc0MNkyy*Ll@Cki|iER>e{QHFwHS5)9@zu5c8-8Pt_iPqskc83&|%*3W_wrWNBdsEmZzks-r(EAEU#U@sTrtJl+>^cf0<~hPQ>LCR*H}1uga;#^D zIvS1(nTp$$pN%obIEw{$#M@I>oXK5R?I+&#kbaprg_(XN^+q}`z0ZYiUj^8t3cecB z%RQJKhkXr3DS>B~a6Rh?4t+Lwndmw$4>& zz32D~M*ay!01{nZlkljvgj0@#CaS~?sB5pEU=LzHHgzN0&chk~vg)Yv0u6_+Ah+2@ z9kJAUw_axXeIckhoi$x?+w%LY1~{a*G|bNw?I4q?CYkgCHFWh=7EGgn)pON+}@y-Fp+F&-sqmd#>x8_q;!V zy*Bs01J)dC&NaszlSx^mzNS#=VNpWL5q*!3K67KgMSVk&9+qn8Gvo&*_nl6QZH($k zF}%=DUa#E_aCwm;vg27QL5b44UXKy?CH~fDJJrl5$YA57?bH9-LXuhc}-(q*eg0p%JxUR71!S(F39Xt z##ZHL+q{XbsWJMVM>$Nj{z%u`dgeyEsCJpHj>=?S+PuSQ473+574Ga`nLfyhy36u1 zAYFnb6#J#PkE6{?bG{C@f;z4E6zfv&T9^#T#T&dhq=l>Y!gWgU~I_;Ov5KbFc zNDS)(ps*+4pc!5u@h@7JV1Mkoda0bsW#0!BppUN<5K&)fQmK2n0$s9!w%p1rObQy3 zENrwOYOvdeicO|&Zt4zcpef;KZ}08^&!Um(zV)&KS3zx(ok z^4NxP`P8b_YMZ)sf?nQJtKgR~50LNONp6|uP8lySdst+!wTMEpKbImTU$J-Z%dKZ( zrGt$RJhIykgt<9$1UmQFFs0lQg|q{@4ye6?yhXrrCMyCg2 zj-8KT={xQ2aTuD_n+rrb5_sI-{g5j|PAC$axW0XezcHw^2#2LP{`u3)kubdP0;xey zVM~g#760xk3yMU2rMA9_m2bmIUQ|ds?tVf)pqSK@1==(w|!=GSs`=lV<#z3w*!(OM$J|!X|)bgbLKZ0rrQ42BRc* z)g>1VMcmxX-r51MRhO&43JqD=$=m^K%PN-#qN1U=TH8C>nVXs0J6`I{!J@HU9Z2!> z*Z;KG6aoVfnc#hNXk=(Sf}fugbp);oMkps1M;A-*?mHX6TVm&BXJg}J=K`}N!9(tg zA?W}5^Zm&m><=7%i=1@OqYh6QR~{=YK{*U^SXaSzRd6BkN5*0?g%gLH$9PLs20b|m zvtnTKeDhe4wiFp#MQiQj2wKqzqCHmIdvXt5TmiJ@3H zVyFW&y}RvoGr}Bo8G4Wg<#E+P6dqfeXkqw=aEfiTQgJ#hq1K^_C{-m!h6n zn&Few4AEocbQ+m+(Y#f?g%<6O=C}Ob&yrPdcc;?vjQR0n- ziC=PLK4xx&Rcuct)#iu@UmAJhndS$dx&C&n+L41M{4=OqQPpy-88eN|pNog8IiQi- zd5Iq*REdMmjtd-X#zENe_G?KG@^yJ<(Sll)$mXQH}Q?*q^cB()_m2P_toRB z)ga-gOJfrE&;}1xOQ3HE-1@+S)Q0f@Zn50xAlK3{2qYBw5`L+U3MvhXD~%EFYeV95 zmztw$QY83{@)fvsiI;QePl@{uMnX~?rP3zC;?+8g!;&qUpK2;d(?zE|3{vBlpsIh* zOh>neC-f6%{|21DCMFQBu~XB{;6;U2bdoSMl)1!)v}E_$OVNG<2FQ+`qG%<86Pu>2 zkNRSvhTj3k;VP1Acp&;Nrg)9KxbrDJqWx##5o2~N!rP|?X1SdoyOG)^pL!_=r+&_k z=_Cm(eONvu6I#eDOW zAu$bEW-z9$Jjg!!8%o^v4UV$NF7-C4?WZ)xNMEw1neHInpJrn5ImEGw4W^DiM6S}P z3v7NYrtz?| zT;|ICxEAPon$=Xk&L@m})3qJXK9r+`7)AYJbX5>so~&FZLOj?FtIGjXe^v4xu$di=J1Fxe6Z)`_%lXYzR$I;gwiJNCu$H&pLw z&7}WGtyx@ylXoo32;l!x>@~5zBX$f6{7vNc${k|~>n2p7;KJJCTiuZIHlzT-EnB=4 z#c{gc#Lx9SY#a?wrqKa=b$)>hd18PO zaqaL<5i?cYGyRk~Bs8d+GQdm2fI=VPHx){5en}MrQT+A)ZUCaRnF56G((<^1u zU(d}9Vg#QX7U))Re$9Wn3PDo4;MIf&D3ImgWWQWofFT!n_wPk-}irL78NNJ1srAJIr_%B;QvqJgYDrAD|+F92Elf z1%x6*FnDyrpp#COgwG_EMeZQsWsjzxdMZ=cO(m^waN@8`R<~y*H4+xAmm3vRy+|K$ zO6?p`-qsRVrj{&Uq8jrFn~iWqNilo6tk!0%g-^rzwYRr_{EQ!Iz+_;v4ow&4=~Cjt ze!wU5BTgO+`T!@zO5QM*EPw6FEc}Xfl76~dhV>*9%eior2XCh)E||4}5QVnO~qD&>Lovzr8On zaTL;ey)x#7J5^ENuLoEFf4IxcJ|!4Z_n+d{<(h`KXmigQ%&ez4Y; z4DJ^+3z&PBvZQ~NK0I1K^WF%RD^v;CD%6*I#9|1aCa5O%aj?#G2wI{kBlts{k-#_I zx;meVDb#pg_su|3i_v{;C+^zzW4cOb>QFuGQ!;V3I#n&HR* z6e9vq3hS{v**syB#<7if8E5)U?ce^spum5V95WjqAK!miju|2Zz{dwpVE;^C z|3~DQ|5qONPYBrGl%aNfpPY!yk(kG|^+%uWBP@{e7Ps{7a01FM{;Q|Pop_>(M^VP{ zpFJo#F%kSqnH&msF~wpJnadfBb@DA~6oyw?)byMv;O>ri_vKr+1ml~P!$-Fa-+dGF zaCd!6ToyGmh1QbYVZI^}m&B=sLXnkV_OFN)yHIURqSXhBG?*H>QpuXZuR)P3A13m? zG6abDdzots<5E~4u_h(9mq@b~-AUQPS~%@OVN_l6SZcV_uz+4LQ1n7UM>BG1MO~j{ zEpy8R54Et*5N&I=%i~SuzRk{|SV1laPTyy5)3;eBJY%8eSr|*|x7~;hNU_xQdYP7k zWd(36qO2OVQy?DYZ_^zDCzv?Nouz*v?TfJX)tr9P%{H5zzNH+N#_7SWJu{5U+FkCC zOU`5BD*SHQ@C`ofG}j^HbcGSJA(>&ELo=$-nl3gOnvvtPj%QSqEQqN6#cuu5&7__0 zpV|(vj*6ei&J;!tsW(kQ>C&|a&HZS?CRGUwI*A3v(ch^e6XKfUHNhj0D_^QtwVSOp zS%)4byM5{%hed>C_58>p4F^X`zhb$<8b6Rxm#5Ew;d{@*6Mc=x1sYI8TiczzsURW& zZoKI{hqaUPny#r$7-{UNj_q2ua%GZv<&4T3Xqo%>(I>uhX$4F**yG1#k_DR0pLR<% zmD@I=cq=K(hiu4i`^{iN;DiL6F><#*_lV2@uLLZq{wt(d&R#(ZY&!rafXFdS-nnB0 z3n%$|lN->3Yi8xFO?Yu2q&^XFn=a}QFEgFIKuUuh&;sG%0P8vdE%gA2r;FkL`u+XMUKfx2 z@?4s_w)$|wcWt4S<{d;4o9t=t`S0s7*Xs7F8kXj>7Z``vJKP8x1;M2JcyF!!gn;j! zjhR;uv`(2In;ft2DBP$#-3o=F0AlWdqU-dx3gup{G2O!C$ir`?R`007bZCc=X)2s(B zZ~0!Il235D?AD16u|dE1GK*v__aB{Wg&#;j{E-Kw%)Gov|UnB3yR7q-#`l$L;%iF`sObJ)u8vQZQ6+0DEd+F8^f)8UO-G#)Q8J<6J@bTRz`r;qQ3J^QKNLVdK; zVx6}}N1rTdzZIx5iSV@OEQx2hG4>hP0q8JnXlLp(|et&73}KtDU4{8O{|Hv zjTu|l!%=BPDG)Sn>Z#`%;)0q(p`o8dumQH7< zqte1~(N~KmEg!68Xhsm;8E@d+eei}aeUf)ubzhn3+~(cg9DwR{7Yl0_S2ru5hTYTH z#rzkWm)VxSvU#}sfE(ck*uDO_&EJ%4LyJ~{x?P9)mYd9JbFMJ-hpDIh*kddZb2LBX1hs{>NKhGF{EaZdl2r zf;KK=f;TPs`Mxq@4_d4zA#>#0rBtu;t(av z8B4`)i4K1e`SxB;Y)whYUaWNlLib_ht#3$~)-1>zkLl6x+;})3%UNZu+IoO6XjN{Z z&>~!B+=>!`@oG+J!xv5=6UD$bVSJ z0P*GU*UUwkSI{s|G_uXc$|yGoW?I*+==j9^ z9m^jkazbstb*CSIzR{ z=jF$d!Rk3G6d;O04-!ROfkTRa64_6vGWVJUx`h;u(C4N{ioiyE{Ogw(Ql!{QWvKfpd5&*N{n4iVYWp4e?FT z&?K25o&<%oy@?DP_}>QJRYAK2ybS@NbM}NCKTh1AdU6YadLBiDy0%e7} z6$@nJXnMH16a3F#5}1)Ka@0JF^i)D?pL}GCo#KdN(dtR@#oD=R#_$sd ziZ5vo9m>BRyjR_~eR}Rc1VP^hiUlbCnf|QdLEyOq z{D2T~fS(-T*J8jocHm1&3;Y6@M@-7#Pk^^2fj7XDkV!&FQc48uoS)OVfE_^($Mcl2 zowchQ=uVDgj(C{pwYBj24FF)pdNDQx=e-RfJS0O7LsMfzc0+RyL+~|!FW0#waB+V1 z(G|>p6tPK!>5j-+dn$NHrb@FOzDGa%ar<4*ZRFL?Ax+{s(BvDUQv}rl+eH}h-kT#gv7=6Em*W%jq5TCiGq#t^Qg-= zVXwalMj6E@}!Z@N>WLjBtMfs|#bcXtm*JnbcNJHpL5QOLb# z)&)79bZ08&JBlUo0vVN%^^q*uzrr7dqw$BzS!8GGBr2vDBZSH2fi?C1xR3dBjTc&? zmwCK~`1+Ql9L=o5>}c?Cw$Anc1*{bm$Q*_Z>a#UgpTl$yTNAR_e9Diblk^2YtiG?l zW^eo9siUj=**CptErrI`+xr6Z4E+a;-z?(KbKK;BY82pho7q};&tmCIWK^pt-F<`>Be zzzc#bh1l#r4^zLm_1|+1|MM=3|Gl^Vr$u%QjsGRXfzrZm8)1rJY=n9>xk&#|HU+jl zJ^!m4euDe99=xWL+(t!@4fLS`YFKsr_redTCBl}iiPh5M=baZPn9-FS_g=|P)_)_? zs$i^l!&x6XqFE$rB28wo5xDy(Qd;YbIw#RdJ$Nd_4d;br7MvCTT&$=rshrY~M1sJw z);N??zuJb6Uj_ei3)_LzUYF4jwhjzqzyPQ8T;puKxjoDfQ$j((@@y!9tgnSq9>0C@ zvkgv`CUn^69COm^)wVIzlaJp7j!4~MPj(8Qg~5=O2(7nsZ8lpo7Axy}r!g1K+DlnO zGmx#LVU>N{#=!bglf+%r2tO1?lP}sI{+|Ttzgy=|W6Uswnk#{R4`Sqv$bD`vm$8GH z5d7P8hHT8qa~FhoTF(d&W?NDrIbs<1orHWaoZt=|oFEos&NiCqC9;|vaR{4_pc=xS zl^9y!tcA-YrypzoVeo3KvvuPyM|QWJgdo<|AaU< zA(FbCZs@$wVHe?Y*HYBS?r8Q>4Y7~Pl6jux49DS0V=S%&&%~W>nji}hg_|27Zw_$R&KDvGdkyS>vi}mO%W8iAi50y7R=fbPqVxhQeo^{@U`5b1 ztN{Gqi<&SLG)fKTOXeDoNHli=D$QNZDXt71;uT*eBhm1F9(?XJOPGT{bIFKY<{EN{2#c-6bxuGm?5t^a=7Tv@p`3$Yyow~h*K$lQL(cPdWL1zo=P6Pfq3vcrU74G5zpbH{rBCHrsJq2Pw{%E_U$ zeK@vbJo=oeKj@dXpqCCP8*HvID!JQ=3wMwGfnwGnWzl?~*3e*c_F8EIA#Y`gFRtRZ z`n;H@-(&YAiwjq7C6x<9nczii!89EkQ!Q~k26@|ZoA{K&QH9(!Uzlc$TBcU#F;O>c znSwT<&n=*JUgD>G(CJ8;Am-ap1Uu+H@)-&(IPf%&p}avI#p?J z7R*Iy%-Kwf;pj09i^E{eHQz4!Na9t;+BXaEA$_dE_d`t_`V2eoo4VcYkRd=z<6F-k zAbRGd8-trMfrGy1ji}vA84S-X_?VhTh@iGu!uQpyQnNUWy!H&@OwjbyFd<8c;Pw$m zfXAo7azbTz+F0x-4qXuYC%n}6b9Ohj17ZMkvtJFr+VaZq;Q;p&oa}=|_(z5h<|%vmw0C%zc{Z)?P5B7RYp%3#Ufyq#f9$5r^N2X zG&`fjN^gwSXGI!vwyCv**4e&y=UdhNr+XOU-i!Xk1H)SlbSDgJS+!M-a3v>uy>->k z8FG&9ZWHD>I#E9mwwCk1K{>Hmj)a*`pEh42DV2_8Ae?EhcD$S;WW~BA@8pZkTi$|8 zy*>V>G`E9ooHhI78II0zNaAF;uL95qHG6~^^9KPx|19<7{#((n`3P7q1?CevwYau$ zKA3YOJCx=l_HvDM!E$ixxzpH-Z)4d?ILbReI^-n%itX?^z(1AMuF-sA_1u61-+=;0 zt`VvDlA=wb_50ohG~K=iLHX~qFvJJ-Z*NIR%i znG4&|YQJtG`P&KJAzCAlnDZDoun5awvf5q6|G`#E@N!(nk4nL+^FcE-j$`+v!)!C0 zxXq6}eZS9BhvDn!TxyoXSt%ayi6Tk8&`Z{uy#6Psvrk3!j+kioe{btWX_4?w?S^7$%iZHet)a9t7h))9!VyHF0+HXm zAr5Yz8x(N9voLPa3t#I&ix=mUMV92Z(IAtDG&Nr7jmC#y?k{(byaoS9Y1;_FgK3%o__BnzuW)ZKEvB>IhDQ?^Vy8H%QtN zi_c8QJ|P;t&1=upL*5>XT~z-bYkDYBI9+EkXJRov;vg2Y!~AT`Q!YF6?gFDuhbYxo zX1X9LVK0rpXi`50$Q1ExZjE~x;mwwddUslUf_pL3}%J{=@2=wC}UJ+eq-B zFU+l|?NaS3jm6*AQ=zfSUq$q!avH{<2==UwB_-L + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: aaf/data + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py index f5df9fc32d..2235a31f71 100755 --- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py @@ -1,7 +1,8 @@ # aaf info - everything is from the private oam network (also called onap private network) -GLOBAL_AAF_SERVER = "http://aaf.{{include "common.namespace" .}}:8101" -GLOBAL_AAF_USERNAME = "dgl@openecomp.org" -GLOBAL_AAF_PASSWORD = "ecomp_admin" +GLOBAL_AAF_SERVER = "https://aaf-service.{{include "common.namespace" .}}:8100" +GLOBAL_AAF_USERNAME = "demo@people.osaaf.org" +GLOBAL_AAF_PASSWORD = "demo123456!" + # aai info - everything is from the private oam network (also called onap private network) GLOBAL_AAI_SERVER_PROTOCOL = "https" GLOBAL_AAI_SERVER_PORT = "8443" @@ -17,7 +18,6 @@ GLOBAL_APPC_PASSWORD = "admin" GLOBAL_ASDC_SERVER_PROTOCOL = "http" GLOBAL_ASDC_FE_PORT = "8181" GLOBAL_ASDC_BE_PORT = "8080" -GLOBAL_ASDC_BE_ONBOARD_PORT = "8081" GLOBAL_ASDC_BE_USERNAME = "beep" GLOBAL_ASDC_BE_PASSWORD = "boop" # clamp info - everything is from the private oam network (also called onap private network) diff --git a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py index 585555312c..7ce15db7ea 100755 --- a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py @@ -1,6 +1,6 @@ # File generated from /opt/config # -GLOBAL_INJECTED_AAF_IP_ADDR = "aaf.{{include "common.namespace" .}}" +GLOBAL_INJECTED_AAF_IP_ADDR = "aaf-service.{{include "common.namespace" .}}" GLOBAL_INJECTED_AAI1_IP_ADDR = "aai.{{include "common.namespace" .}}" GLOBAL_INJECTED_AAI2_IP_ADDR = "N/A" GLOBAL_INJECTED_APPC_IP_ADDR = "appc.{{include "common.namespace" .}}" @@ -39,7 +39,6 @@ GLOBAL_INJECTED_REGION = "{{ .Values.openStackRegion }}" GLOBAL_INJECTED_REMOTE_REPO = "http://gerrit.onap.org/r/testsuite/properties.git" GLOBAL_INJECTED_SCRIPT_VERSION = "{{ .Values.scriptVersion }}" GLOBAL_INJECTED_SDC_BE_IP_ADDR = "sdc-be.{{include "common.namespace" .}}" -GLOBAL_INJECTED_SDC_BE_ONBOARD_IP_ADDR = "sdc-onboarding-be.{{include "common.namespace" .}}" GLOBAL_INJECTED_SDC_FE_IP_ADDR = "sdc-fe.{{include "common.namespace" .}}" GLOBAL_INJECTED_SDC_IP_ADDR = "N/A" GLOBAL_INJECTED_SDNC_IP_ADDR = "sdnc.{{include "common.namespace" .}}" @@ -52,7 +51,7 @@ GLOBAL_INJECTED_VM_FLAVOR = "{{ .Values.openStackFlavourMedium }}" GLOBAL_INJECTED_VNFSDK_IP_ADDR = "refrepo.{{include "common.namespace" .}}" GLOBAL_INJECTED_PROPERTIES = { - "GLOBAL_INJECTED_AAF_IP_ADDR" : "aaf.{{include "common.namespace" .}}", + "GLOBAL_INJECTED_AAF_IP_ADDR" : "aaf-service.{{include "common.namespace" .}}", "GLOBAL_INJECTED_AAI1_IP_ADDR" : "aai.{{include "common.namespace" .}}", "GLOBAL_INJECTED_AAI2_IP_ADDR" : "N/A", "GLOBAL_INJECTED_APPC_IP_ADDR" : "appc.{{include "common.namespace" .}}", @@ -90,7 +89,6 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_REGION" : "{{ .Values.openStackRegion }}", "GLOBAL_INJECTED_REMOTE_REPO" : "http://gerrit.onap.org/r/testsuite/properties.git", "GLOBAL_INJECTED_SDC_BE_IP_ADDR" : "sdc-be.{{include "common.namespace" .}}", - "GLOBAL_INJECTED_SDC_BE_ONBOARD_IP_ADDR" : "sdc-onboarding-be.{{include "common.namespace" .}}", "GLOBAL_INJECTED_SDC_FE_IP_ADDR" : "sdc-fe.{{include "common.namespace" .}}", "GLOBAL_INJECTED_SDC_IP_ADDR" : "N/A", "GLOBAL_INJECTED_SCRIPT_VERSION" : "{{ .Values.scriptVersion }}", -- 2.16.6