summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.pre-commit-config.yaml18
-rw-r--r--TOSCA/ONAP_TOSCA/onap_tosca.yaml18
-rw-r--r--docs/environments_onap_demo.yaml2
-rw-r--r--docs/helm-search.txt83
-rw-r--r--docs/oom_cloud_setup_guide.rst9
-rw-r--r--docs/oom_developer_guide.rst7
-rw-r--r--docs/oom_quickstart_guide.rst20
-rw-r--r--docs/oom_setup_ingress_controller.rst4
-rw-r--r--docs/oom_setup_kubernetes_rancher.rst5
-rw-r--r--docs/oom_setup_paas.rst2
-rw-r--r--docs/oom_user_guide.rst31
-rw-r--r--docs/release-notes-beijing.rst10
-rw-r--r--docs/release-notes-casablanca.rst2
-rw-r--r--docs/release-notes-dublin.rst2
-rw-r--r--docs/release-notes-elalto.rst2
-rw-r--r--docs/release-notes-honolulu.rst162
-rw-r--r--docs/release-notes.rst78
-rw-r--r--docs/requirements-docs.txt23
-rw-r--r--docs/slave_nfs_node.sh2
-rw-r--r--docs/spelling_wordlist.txt10
-rw-r--r--kubernetes/a1policymanagement/requirements.yaml3
-rw-r--r--kubernetes/a1policymanagement/templates/statefulset.yaml1
-rw-r--r--kubernetes/a1policymanagement/values.yaml10
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat2
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/application.properties14
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/logback.xml20
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json382
-rw-r--r--kubernetes/aai/components/aai-babel/templates/service.yaml4
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml4
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties10
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/application.properties22
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml28
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml58
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml25
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml6
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml8
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml10
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/service.yaml5
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml24
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml10
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties25
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties8
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/application.properties19
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml23
-rw-r--r--kubernetes/aai/components/aai-resources/templates/service.yaml4
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml24
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties10
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/application.properties5
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml28
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/service.yaml7
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml10
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties4
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/service.yaml6
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml2
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties10
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/application.properties20
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/logback.xml10
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml23
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/job.yaml14
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/service.yaml6
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml21
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg2
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy.cfg47
-rw-r--r--kubernetes/aai/templates/deployment.yaml8
-rw-r--r--kubernetes/aai/templates/service.yaml14
-rw-r--r--kubernetes/aai/values.yaml17
-rw-r--r--kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config26
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh3
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh4
-rw-r--r--kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties4
-rw-r--r--kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties14
-rw-r--r--kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties4
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh3
-rw-r--r--kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties4
-rw-r--r--kubernetes/appc/templates/statefulset.yaml2
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/requirements.yaml4
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties3
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml8
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/values.yaml42
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/templates/deployment.yaml6
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/templates/service.yaml8
-rw-r--r--kubernetes/cds/components/cds-command-executor/templates/servicemonitor.yaml (renamed from kubernetes/esr/Chart.yaml)12
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/values.yaml22
-rwxr-xr-xkubernetes/cds/components/cds-py-executor/values.yaml2
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/values.yaml2
-rw-r--r--kubernetes/cds/components/cds-ui/values.yaml2
-rw-r--r--kubernetes/cli/requirements.yaml3
-rw-r--r--kubernetes/cli/templates/deployment.yaml1
-rw-r--r--kubernetes/cli/values.yaml6
-rw-r--r--kubernetes/common/cassandra/resources/config/docker-entrypoint.sh6
-rw-r--r--kubernetes/common/cassandra/resources/restore.sh88
-rwxr-xr-xkubernetes/common/cert-wrapper/resources/import-custom-certs.sh22
-rw-r--r--kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b644891
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml3
-rw-r--r--kubernetes/common/certInitializer/templates/job.yaml4
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml2
-rw-r--r--kubernetes/common/common/templates/_affinities.tpl4
-rw-r--r--kubernetes/common/common/templates/_dmaapProvisioning.tpl2
-rw-r--r--kubernetes/common/common/templates/_secret.tpl11
-rw-r--r--kubernetes/common/common/templates/_service.tpl26
-rw-r--r--kubernetes/common/common/templates/_serviceMesh.tpl12
-rw-r--r--kubernetes/common/common/templates/_serviceMonitor.tpl166
-rw-r--r--kubernetes/common/dgbuilder/values.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/servicemonitor.yaml38
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml23
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml20
-rwxr-xr-xkubernetes/common/mariadb-init/resources/config/db_init.sh4
-rwxr-xr-xkubernetes/common/music/resources/config/startup.sh4
-rw-r--r--kubernetes/common/network-name-gen/values.yaml2
-rw-r--r--kubernetes/common/postgres/configs/setup.sql6
-rw-r--r--kubernetes/common/roles-wrapper/templates/role.yaml16
-rw-r--r--kubernetes/common/timescaledb/.helmignore (renamed from kubernetes/esr/components/esr-gui/.helmignore)1
-rw-r--r--kubernetes/common/timescaledb/Chart.yaml23
-rw-r--r--kubernetes/common/timescaledb/requirements.yaml (renamed from kubernetes/esr/components/esr-gui/requirements.yaml)21
-rw-r--r--kubernetes/common/timescaledb/resources/init/init-schema.sh28
-rw-r--r--kubernetes/common/timescaledb/templates/configmap-init.yaml (renamed from kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml)41
-rw-r--r--kubernetes/common/timescaledb/templates/pv.yaml (renamed from kubernetes/esr/values.yaml)27
-rw-r--r--kubernetes/common/timescaledb/templates/secrets.yaml21
-rw-r--r--kubernetes/common/timescaledb/templates/service.yaml21
-rw-r--r--kubernetes/common/timescaledb/templates/statefulset.yaml87
-rw-r--r--kubernetes/common/timescaledb/values.yaml128
-rwxr-xr-xkubernetes/config/prepull_docker.sh6
-rw-r--r--kubernetes/consul/Makefile (renamed from kubernetes/esr/Makefile)2
-rw-r--r--kubernetes/consul/components/Makefile (renamed from kubernetes/esr/components/Makefile)2
-rw-r--r--kubernetes/consul/components/consul-server/requirements.yaml6
-rw-r--r--kubernetes/consul/components/consul-server/templates/statefulset.yaml1
-rw-r--r--kubernetes/consul/components/consul-server/values.yaml6
-rw-r--r--kubernetes/consul/requirements.yaml5
-rw-r--r--kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem2
-rw-r--r--kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem2
-rw-r--r--kubernetes/consul/templates/deployment.yaml1
-rw-r--r--kubernetes/consul/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/awx/requirements.yaml3
-rw-r--r--kubernetes/contrib/components/awx/templates/statefulset.yaml2
-rwxr-xr-xkubernetes/contrib/components/awx/values.yaml6
-rw-r--r--kubernetes/contrib/components/ejbca/requirements.yaml6
-rwxr-xr-xkubernetes/contrib/components/ejbca/resources/ejbca-config.sh26
-rw-r--r--kubernetes/contrib/components/ejbca/templates/deployment.yaml3
-rw-r--r--kubernetes/contrib/components/ejbca/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml4
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-app/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml6
-rw-r--r--kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md8
-rwxr-xr-xkubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh89
-rwxr-xr-xkubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh48
-rwxr-xr-xkubernetes/contrib/tools/check-for-staging-images.sh2
-rwxr-xr-xkubernetes/contrib/tools/rke/rke_setup.sh3
-rw-r--r--kubernetes/cps/components/cps-core/resources/config/application-helm.yml62
-rw-r--r--kubernetes/cps/components/cps-core/templates/deployment.yaml11
-rw-r--r--kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml23
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml81
-rw-r--r--kubernetes/cps/components/cps-temporal/.helmignore (renamed from kubernetes/esr/.helmignore)2
-rw-r--r--kubernetes/cps/components/cps-temporal/Chart.yaml22
-rw-r--r--kubernetes/cps/components/cps-temporal/requirements.yaml34
-rw-r--r--kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml42
-rw-r--r--kubernetes/cps/components/cps-temporal/resources/config/logback.xml44
-rw-r--r--kubernetes/cps/components/cps-temporal/templates/configmap.yaml24
-rw-r--r--kubernetes/cps/components/cps-temporal/templates/deployment.yaml113
-rw-r--r--kubernetes/cps/components/cps-temporal/templates/ingress.yaml21
-rw-r--r--kubernetes/cps/components/cps-temporal/templates/secrets.yaml22
-rw-r--r--kubernetes/cps/components/cps-temporal/templates/service.yaml21
-rw-r--r--kubernetes/cps/components/cps-temporal/templates/serviceMonitor.yaml23
-rw-r--r--kubernetes/cps/components/cps-temporal/values.yaml186
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/.helmignore22
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/Chart.yaml (renamed from kubernetes/cps/README.md)22
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/requirements.yaml (renamed from kubernetes/esr/components/esr-server/requirements.yaml)18
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml57
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/configmap.yaml24
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml116
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/ingress.yaml21
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/secrets.yaml21
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/service.yaml21
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml23
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/values.yaml180
-rw-r--r--kubernetes/cps/requirements.yaml10
-rw-r--r--kubernetes/cps/templates/secrets.yaml21
-rwxr-xr-xkubernetes/cps/values.yaml33
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl22
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl3
-rw-r--r--kubernetes/dcaegen2-services/components/Makefile8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/job.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml10
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/Chart.yaml23
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml33
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/configmap.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/deployment.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/secret.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/service.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml124
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/Chart.yaml22
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml33
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/configmap.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/deployment.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/secret.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/service.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml154
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/Chart.yaml22
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml36
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/configmap.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/deployment.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/secret.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/service.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml181
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml10
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml13
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml15
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml12
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml12
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/values.yaml17
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml10
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml22
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml33
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml153
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml10
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml18
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml16
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/job.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml11
-rw-r--r--kubernetes/dcaegen2-services/requirements.yaml16
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/5gcNrm.yaml16
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/FileDataReportingMnS.yaml2
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/comDefs.yaml2
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/faultMnS.yaml10
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/genericNrm.yaml22
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/nrNrm.yaml28
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/perfMnS.yaml2
-rw-r--r--kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/sliceNrm.yaml12
-rw-r--r--kubernetes/dcaegen2-services/values.yaml8
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml18
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/README.md14
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml11
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml8
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json60
-rwxr-xr-xkubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml7
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml8
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml8
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml8
-rw-r--r--kubernetes/dcaegen2/values.yaml4
-rw-r--r--kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-designtool/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml8
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/README.md2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml9
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml44
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml5
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml8
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml46
-rw-r--r--kubernetes/esr/components/esr-gui/templates/NOTES.txt29
-rw-r--r--kubernetes/esr/components/esr-gui/templates/deployment.yaml102
-rw-r--r--kubernetes/esr/components/esr-gui/templates/service.yaml46
-rw-r--r--kubernetes/esr/components/esr-gui/values.yaml73
-rw-r--r--kubernetes/esr/components/esr-server/resources/config/logback.xml144
-rw-r--r--kubernetes/esr/components/esr-server/templates/NOTES.txt30
-rw-r--r--kubernetes/esr/components/esr-server/templates/configmap.yaml42
-rw-r--r--kubernetes/esr/components/esr-server/templates/deployment.yaml137
-rw-r--r--kubernetes/esr/components/esr-server/templates/service.yaml55
-rw-r--r--kubernetes/esr/components/esr-server/values.yaml91
-rw-r--r--kubernetes/esr/requirements.yaml23
-rwxr-xr-xkubernetes/helm/plugins/deploy/deploy.sh30
-rw-r--r--kubernetes/helm/plugins/deploy/plugin.yaml4
-rw-r--r--kubernetes/helm/plugins/undeploy/plugin.yaml4
-rwxr-xr-xkubernetes/helm/plugins/undeploy/undeploy.sh6
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml3
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml1
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/values.yaml8
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml3
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml1
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/values.yaml8
-rw-r--r--kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf6
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml3
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml2
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml4
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/values.yaml8
-rwxr-xr-xkubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh17
-rw-r--r--kubernetes/msb/components/msb-discovery/resources/config/logback.xml4
-rw-r--r--kubernetes/msb/components/msb-discovery/values.yaml2
-rw-r--r--kubernetes/msb/components/msb-eag/resources/config/logback.xml4
-rw-r--r--kubernetes/msb/components/msb-eag/values.yaml2
-rw-r--r--kubernetes/msb/components/msb-iag/resources/config/logback.xml4
-rw-r--r--kubernetes/msb/components/msb-iag/values.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/values.yaml4
-rw-r--r--kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml2
-rw-r--r--kubernetes/multicloud/values.yaml4
-rwxr-xr-xkubernetes/onap/requirements.yaml4
-rw-r--r--kubernetes/onap/resources/environments/core-onap.yaml2
-rw-r--r--kubernetes/onap/resources/environments/dev.yaml2
-rw-r--r--kubernetes/onap/resources/environments/disable-allcharts.yaml2
-rw-r--r--kubernetes/onap/resources/environments/minimal-onap.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/sm-onap.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/healthy.sh2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml5
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml1
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml20
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml25
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json6
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json3
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/config.json66
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/resources/config/config.json3
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml22
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/requirements.yaml31
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml61
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml103
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml32
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml113
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml (renamed from kubernetes/esr/components/esr-server/Chart.yaml)9
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml21
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml140
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml22
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml31
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml79
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml103
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml38
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml131
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml21
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml21
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml154
-rw-r--r--kubernetes/policy/components/policy-clamp-fe/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-distribution/resources/config/config.json31
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf8
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties45
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml8
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-gui/Chart.yaml22
-rw-r--r--kubernetes/policy/components/policy-gui/requirements.yaml28
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/default.conf32
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml (renamed from kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml)27
-rw-r--r--kubernetes/policy/components/policy-gui/templates/NOTES.txt38
-rw-r--r--kubernetes/policy/components/policy-gui/templates/configmap.yaml34
-rw-r--r--kubernetes/policy/components/policy-gui/templates/deployment.yaml109
-rw-r--r--kubernetes/policy/components/policy-gui/templates/ingress.yaml21
-rw-r--r--kubernetes/policy/components/policy-gui/templates/secrets.yaml21
-rw-r--r--kubernetes/policy/components/policy-gui/templates/service.yaml46
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml156
-rwxr-xr-xkubernetes/policy/components/policy-pap/resources/config/config.json14
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/resources/config/config.json11
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml2
-rwxr-xr-xkubernetes/policy/requirements.yaml13
-rwxr-xr-xkubernetes/policy/resources/config/db.sh7
-rw-r--r--kubernetes/policy/resources/config/db_migrator_policy_init.sh (renamed from kubernetes/esr/components/esr-gui/Chart.yaml)16
-rwxr-xr-xkubernetes/policy/templates/configmap.yaml3
-rwxr-xr-xkubernetes/policy/templates/job.yaml30
-rwxr-xr-xkubernetes/policy/values.yaml28
-rwxr-xr-xkubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties2
-rw-r--r--kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml516
-rwxr-xr-xkubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties26
-rw-r--r--kubernetes/portal/components/portal-app/resources/server/web.xml234
-rw-r--r--kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal_single.cql4
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh554
-rwxr-xr-xkubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties2
-rwxr-xr-xkubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties8
-rwxr-xr-xkubernetes/robot/demo-k8s.sh253
-rwxr-xr-xkubernetes/robot/ete-k8s.sh2
-rwxr-xr-xkubernetes/robot/eteHelm-k8s.sh2
-rwxr-xr-xkubernetes/robot/instantiate-k8s.sh2
-rw-r--r--kubernetes/robot/resources/config/eteshare/config/robot_properties.py4
-rw-r--r--kubernetes/robot/resources/config/lighttpd/ssl/README.TXT2
-rwxr-xr-xkubernetes/robot/scripts/etescript/hvves-etescript.sh36
-rwxr-xr-xkubernetes/robot/scripts/etescript/security-etescript.sh20
-rwxr-xr-xkubernetes/robot/scripts/etescript/vnfsdk-etescript.sh2
-rw-r--r--kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml6
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/components/sdc-helm-validator/values.yaml2
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml6
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/values.yaml8
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml3
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/values.yaml8
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/requirements.yaml3
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh4
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/values.yaml6
-rw-r--r--kubernetes/sdnc/components/sdnc-web/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/sdnc-web/values.yaml8
-rw-r--r--kubernetes/sdnc/components/ueb-listener/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/ueb-listener/values.yaml8
-rw-r--r--kubernetes/sdnc/requirements.yaml5
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/createLinks.sh7
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/installSdncDb.sh7
-rw-r--r--kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg2
-rw-r--r--kubernetes/sdnc/resources/config/conf/setenv2
-rwxr-xr-xkubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster10
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml1
-rw-r--r--kubernetes/sdnc/values.yaml10
-rw-r--r--kubernetes/sniro-emulator/templates/NOTES.txt2
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/values.yaml5
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/values.yaml5
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml3
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/values.yaml4
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh2
-rwxr-xr-xkubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh2
-rw-r--r--kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql6
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/values.yaml5
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/values.yaml5
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/values.yaml5
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml2
-rwxr-xr-xkubernetes/so/requirements.yaml3
-rwxr-xr-xkubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh6
-rwxr-xr-xkubernetes/so/resources/config/log/logback.apihandler-infra.xml44
-rwxr-xr-xkubernetes/so/resources/config/log/logback.appc.xml44
-rwxr-xr-xkubernetes/so/resources/config/log/logback.asdc.xml44
-rwxr-xr-xkubernetes/so/resources/config/log/logback.bpmn.xml2
-rwxr-xr-xkubernetes/so/resources/config/log/logback.msorequestsdbadapter.xml44
-rwxr-xr-xkubernetes/so/resources/config/log/logback.network.xml46
-rwxr-xr-xkubernetes/so/resources/config/log/logback.sdnc.xml42
-rwxr-xr-xkubernetes/so/resources/config/log/logback.tenant.xml46
-rwxr-xr-xkubernetes/so/resources/config/log/logback.vfc.xml44
-rwxr-xr-xkubernetes/so/resources/config/log/logback.vnf.xml46
-rwxr-xr-xkubernetes/so/templates/NOTES.txt4
-rwxr-xr-xkubernetes/so/values.yaml26
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml4
-rw-r--r--kubernetes/uui/values.yaml2
-rw-r--r--kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml2
-rw-r--r--kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml4
-rw-r--r--kubernetes/vfc/components/vfc-nslcm/values.yaml25
-rw-r--r--kubernetes/vfc/components/vfc-redis/values.yaml2
-rw-r--r--kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/components/vfc-vnflcm/values.yaml25
-rw-r--r--kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/components/vfc-vnfmgr/values.yaml24
-rw-r--r--kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/components/vfc-vnfres/values.yaml25
-rw-r--r--kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml2
-rw-r--r--kubernetes/vfc/requirements.yaml1
-rw-r--r--kubernetes/vfc/values.yaml39
-rw-r--r--kubernetes/vid/resources/config/log/vid/logback.xml40
-rw-r--r--tox.ini33
542 files changed, 11301 insertions, 5563 deletions
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000000..6bfce7af6c
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,18 @@
+---
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.0.1
+ hooks:
+ - id: trailing-whitespace
+ #exclude: '^ordmodels/'
+ - repo: https://github.com/jorisroovers/gitlint
+ rev: v0.15.1
+ hooks:
+ - id: gitlint
+ stages: [commit-msg]
+ - repo: https://github.com/Lucas-C/pre-commit-hooks
+ rev: v1.1.10
+ hooks:
+ - id: remove-tabs
+ stages: [commit]
+ exclude: '^(.git/|docs/make.bat|.*/Makefile$)'
diff --git a/TOSCA/ONAP_TOSCA/onap_tosca.yaml b/TOSCA/ONAP_TOSCA/onap_tosca.yaml
index a48f4bc246..e63901d35f 100644
--- a/TOSCA/ONAP_TOSCA/onap_tosca.yaml
+++ b/TOSCA/ONAP_TOSCA/onap_tosca.yaml
@@ -50,7 +50,7 @@ node_templates:
chart-version: { get_input: chart-version }
namespace: { get_input: namespace }
stable-repo-url: { get_input: stable-repo-url}
- config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "appc": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "esr": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vid": {"enabled": false}, "vnfsdk": {"enabled": false} }'
+ config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "appc": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vid": {"enabled": false}, "vnfsdk": {"enabled": false} }'
aaf:
type: onap.nodes.component
@@ -179,20 +179,6 @@ node_templates:
- type: cloudify.relationships.connected_to
target: onap_env
- esr:
- type: onap.nodes.component
- properties:
- tiller-server-ip: { get_input: tiller-server-ip }
- tiller-server-port: { get_input: tiller-server-port }
- component-name: esr
- chart-repo-url: { get_input: chart-repo-url }
- chart-version: { get_input: chart-version }
- namespace: { get_input: namespace }
- stable-repo-url: { get_input: stable-repo-url}
- relationships:
- - type: cloudify.relationships.connected_to
- target: onap_env
-
log:
type: onap.nodes.component
properties:
@@ -429,4 +415,4 @@ node_templates:
stable-repo-url: { get_input: stable-repo-url}
relationships:
- type: cloudify.relationships.connected_to
- target: onap_env \ No newline at end of file
+ target: onap_env
diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml
index 9862ceab6c..8b697cbda2 100644
--- a/docs/environments_onap_demo.yaml
+++ b/docs/environments_onap_demo.yaml
@@ -48,8 +48,6 @@ cps:
enabled: false
dcaegen2:
enabled: false
-esr:
- enabled: false
log:
enabled: false
message-router:
diff --git a/docs/helm-search.txt b/docs/helm-search.txt
index 4d23cc0c4f..66fddcf869 100644
--- a/docs/helm-search.txt
+++ b/docs/helm-search.txt
@@ -1,42 +1,41 @@
-NAME CHART VERSION APP VERSION DESCRIPTION
-local/onap 8.0.0 Honolulu Open Network Automation Platform (ONAP)
-local/aaf 8.0.0 ONAP Application Authorization Framework
-local/aai 8.0.0 ONAP Active and Available Inventory
-local/appc 8.0.0 Application Controller
-local/cassandra 8.0.0 ONAP cassandra
-local/cds 8.0.0 ONAP Controller Design Studio (CDS)
-local/clamp 8.0.0 ONAP Clamp
-local/cli 8.0.0 ONAP Command Line Interface
-local/common 8.0.0 Common templates for inclusion in other charts
-local/consul 8.0.0 ONAP Consul Agent
-local/contrib 8.0.0 ONAP optional tools
-local/cps 8.0.0 ONAP Configuration Persistene Service (CPS)
-local/dcaegen2 8.0.0 ONAP DCAE Gen2
-local/dgbuilder 8.0.0 D.G. Builder application
-local/dmaap 8.0.0 ONAP DMaaP components
-local/esr 8.0.0 ONAP External System Register
-local/log 8.0.0 ONAP Logging ElasticStack
-local/mariadb-galera 8.0.0 Chart for MariaDB Galera cluster
-local/mongo 8.0.0 MongoDB Server
-local/msb 8.0.0 ONAP MicroServices Bus
-local/multicloud 8.0.0 ONAP multicloud broker
-local/music 8.0.0 MUSIC - Multi-site State Coordination Service
-local/mysql 8.0.0 MySQL Server
-local/nbi 8.0.0 ONAP Northbound Interface
-local/network-name-gen 8.0.0 Name Generation Micro Service
-local/nfs-provisioner 8.0.0 NFS provisioner
-local/oof 8.0.0 ONAP Optimization Framework
-local/policy 8.0.0 ONAP Policy Administration Point
-local/pomba 8.0.0 ONAP Post Orchestration Model Based Audit
-local/portal 8.0.0 ONAP Web Portal
-local/postgres 8.0.0 ONAP Postgres Server
-local/robot 8.0.0 A helm Chart for kubernetes-ONAP Robot
-local/sdc 8.0.0 Service Design and Creation Umbrella Helm charts
-local/sdnc 8.0.0 SDN Controller
-local/sdnc-prom 8.0.0 ONAP SDNC Policy Driven Ownership Management
-local/sniro-emulator 8.0.0 ONAP Mock Sniro Emulator
-local/so 8.0.0 ONAP Service Orchestrator
-local/uui 8.0.0 ONAP uui
-local/vfc 8.0.0 ONAP Virtual Function Controller (VF-C)
-local/vid 8.0.0 ONAP Virtual Infrastructure Deployment
-local/vnfsdk 8.0.0 ONAP VNF SDK
+NAME CHART VERSION APP VERSION DESCRIPTION
+local/onap 8.0.0 Honolulu Open Network Automation Platform (ONAP)
+local/aaf 8.0.0 ONAP Application Authorization Framework
+local/aai 8.0.0 ONAP Active and Available Inventory
+local/appc 8.0.0 Application Controller
+local/cassandra 8.0.0 ONAP cassandra
+local/cds 8.0.0 ONAP Controller Design Studio (CDS)
+local/clamp 8.0.0 ONAP Clamp
+local/cli 8.0.0 ONAP Command Line Interface
+local/common 8.0.0 Common templates for inclusion in other charts
+local/consul 8.0.0 ONAP Consul Agent
+local/contrib 8.0.0 ONAP optional tools
+local/cps 8.0.0 ONAP Configuration Persistene Service (CPS)
+local/dcaegen2 8.0.0 ONAP DCAE Gen2
+local/dgbuilder 8.0.0 D.G. Builder application
+local/dmaap 8.0.0 ONAP DMaaP components
+local/log 8.0.0 ONAP Logging ElasticStack
+local/mariadb-galera 8.0.0 Chart for MariaDB Galera cluster
+local/mongo 8.0.0 MongoDB Server
+local/msb 8.0.0 ONAP MicroServices Bus
+local/multicloud 8.0.0 ONAP multicloud broker
+local/music 8.0.0 MUSIC - Multi-site State Coordination Service
+local/mysql 8.0.0 MySQL Server
+local/nbi 8.0.0 ONAP Northbound Interface
+local/network-name-gen 8.0.0 Name Generation Micro Service
+local/nfs-provisioner 8.0.0 NFS provisioner
+local/oof 8.0.0 ONAP Optimization Framework
+local/policy 8.0.0 ONAP Policy Administration Point
+local/pomba 8.0.0 ONAP Post Orchestration Model Based Audit
+local/portal 8.0.0 ONAP Web Portal
+local/postgres 8.0.0 ONAP Postgres Server
+local/robot 8.0.0 A helm Chart for kubernetes-ONAP Robot
+local/sdc 8.0.0 Service Design and Creation Umbrella Helm charts
+local/sdnc 8.0.0 SDN Controller
+local/sdnc-prom 8.0.0 ONAP SDNC Policy Driven Ownership Management
+local/sniro-emulator 8.0.0 ONAP Mock Sniro Emulator
+local/so 8.0.0 ONAP Service Orchestrator
+local/uui 8.0.0 ONAP uui
+local/vfc 8.0.0 ONAP Virtual Function Controller (VF-C)
+local/vid 8.0.0 ONAP Virtual Infrastructure Deployment
+local/vnfsdk 8.0.0 ONAP VNF SDK
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst
index 033ba43fe4..adebcba487 100644
--- a/docs/oom_cloud_setup_guide.rst
+++ b/docs/oom_cloud_setup_guide.rst
@@ -80,10 +80,11 @@ components that are needed will drastically reduce the requirements.
===== ===== ====== ====================
.. note::
- Kubernetes supports a maximum of 110 pods per node - configurable in the --max-pods=n setting off the
- "additional kubelet flags" box in the kubernetes template window described in 'ONAP Development - 110 pod limit Wiki'
- - this limit does not need to be modified . The use of many small
- nodes is preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
+ Kubernetes supports a maximum of 110 pods per node - configurable in the
+ --max-pods=n setting off the "additional kubelet flags" box in the kubernetes
+ template window described in 'ONAP Development - 110 pod limit Wiki'
+ - this limit does not need to be modified . The use of many small nodes is
+ preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
Subsets of ONAP may still be deployed on a single node.
Cloud Installation
diff --git a/docs/oom_developer_guide.rst b/docs/oom_developer_guide.rst
index 3d8cdb1128..552aea25a7 100644
--- a/docs/oom_developer_guide.rst
+++ b/docs/oom_developer_guide.rst
@@ -126,9 +126,10 @@ The top level of the ONAP charts is shown below:
└── configs
The common section of charts consists of a set of templates that assist with
-parameter substitution (`_name.tpl`, `_namespace.tpl` and others) and a set of charts
-for components used throughout ONAP. When the common components are used by other charts they
-are instantiated each time or we can deploy a shared instances for several components.
+parameter substitution (`_name.tpl`, `_namespace.tpl` and others) and a set of
+charts for components used throughout ONAP. When the common components are used
+by other charts they are instantiated each time or we can deploy a shared
+instances for several components.
All of the ONAP components have charts that follow the pattern shown below:
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index d573c94bb0..67b5794b83 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -50,8 +50,8 @@ an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file
to suit your deployment with items like the OpenStack tenant information.
.. note::
- Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in
- the `oom/kubernetes/onap/resources/overrides/` directory.
+ Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`)
+ can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
a. You may want to selectively enable or disable ONAP components by changing
@@ -62,14 +62,15 @@ to suit your deployment with items like the OpenStack tenant information.
the Robot Helm charts or Robot section of `openstack.yaml`
- c. Encrypt the OpenStack password using the java based script for SO Helm charts
- or SO section of `openstack.yaml`.
+ c. Encrypt the OpenStack password using the java based script for SO Helm
+ charts or SO section of `openstack.yaml`.
d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm
charts or use an override file to replace them.
- e. Add in the command line a value for the global master password (global.masterPassword).
+ e. Add in the command line a value for the global master password
+ (global.masterPassword).
@@ -245,9 +246,11 @@ for use::
> kubectl get pods -n onap -o=wide
.. note::
- While all pods may be in a Running state, it is not a guarantee that all components are running fine.
+ While all pods may be in a Running state, it is not a guarantee that all
+ components are running fine.
- Launch the healthcheck tests using Robot to verify that the components are healthy::
+ Launch the healthcheck tests using Robot to verify that the components are
+ healthy::
> ~/oom/kubernetes/robot/ete-k8s.sh onap health
@@ -256,4 +259,5 @@ for use::
> helm undeploy dev
-More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
+More examples of using the deploy and undeploy plugins can be found here:
+https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst
index e49c72a2e4..cb385da141 100644
--- a/docs/oom_setup_ingress_controller.rst
+++ b/docs/oom_setup_ingress_controller.rst
@@ -139,8 +139,8 @@ MetalLB Load balancer can be easily installed using automatic install script::
> ./install-metallb-on-cluster.sh
-Configuration Ngninx ingress controller
-=======================================
+Configuration Nginx ingress controller
+======================================
After installation DNS server and ingress controller we can install and
configure ingress controller.
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index eea46c0e51..6272f83238 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -276,7 +276,8 @@ Download and install RKE on a VM, desktop or laptop.
Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v1.0.6
.. note::
- There are several ways to install RKE. Further parts of this documentation assumes that you have rke command available.
+ There are several ways to install RKE. Further parts of this documentation
+ assumes that you have rke command available.
If you don't know how to install RKE you may follow the below steps:
* chmod +x ./rke_linux-amd64
@@ -427,7 +428,7 @@ share a common, distributed filesystem. In this tutorial, we will setup an
NFS Master, and configure all Worker nodes a Kubernetes cluster to play
the role of NFS slaves.
-It is recommneded that a separate VM, outside of the kubernetes
+It is recommended that a separate VM, outside of the kubernetes
cluster, be used. This is to ensure that the NFS Master does not compete for
resources with Kubernetes Control Plane or Worker Nodes.
diff --git a/docs/oom_setup_paas.rst b/docs/oom_setup_paas.rst
index 845fd473e0..6b7b9c3bab 100644
--- a/docs/oom_setup_paas.rst
+++ b/docs/oom_setup_paas.rst
@@ -16,7 +16,7 @@ Starting from Honolulu release, Cert-Manager and Prometheus Stack are a part
of k8s PaaS for ONAP operations and can be installed to provide
additional functionality for ONAP engineers.
-The versions of PaaS compoents that are supported by OOM are as follows:
+The versions of PaaS components that are supported by OOM are as follows:
.. table:: ONAP PaaS components
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index 3a707e25ea..3212fd319d 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -444,23 +444,24 @@ the portal and then simply access now the new ssl-encrypted URL:
| Alternatives Considered:
- - Kubernetes port forwarding was considered but discarded as it would require
- the end user to run a script that opens up port forwarding tunnels to each of
- the pods that provides a portal application widget.
+ - Kubernetes port forwarding was considered but discarded as it would
+ require the end user to run a script that opens up port forwarding tunnels
+ to each of the pods that provides a portal application widget.
- Reverting to a VNC server similar to what was deployed in the Amsterdam
- release was also considered but there were many issues with resolution, lack
- of volume mount, /etc/hosts dynamic update, file upload that were a tall order
- to solve in time for the Beijing release.
+ release was also considered but there were many issues with resolution,
+ lack of volume mount, /etc/hosts dynamic update, file upload that were
+ a tall order to solve in time for the Beijing release.
Observations:
- - If you are not using floating IPs in your Kubernetes deployment and directly attaching
- a public IP address (i.e. by using your public provider network) to your K8S Node
- VMs' network interface, then the output of 'kubectl -n onap get services | grep "portal-app"'
+ - If you are not using floating IPs in your Kubernetes deployment and
+ directly attaching a public IP address (i.e. by using your public provider
+ network) to your K8S Node VMs' network interface, then the output of
+ 'kubectl -n onap get services | grep "portal-app"'
will show your public IP instead of the private network's IP. Therefore,
- you can grab this public IP directly (as compared to trying to find the floating
- IP first) and map this IP in /etc/hosts.
+ you can grab this public IP directly (as compared to trying to find the
+ floating IP first) and map this IP in /etc/hosts.
.. figure:: oomLogoV2-Monitor.png
:align: right
@@ -569,7 +570,7 @@ Below is the example for the same::
Here the Name column shows the RELEASE NAME, In our case we want to try the
scale operation on cassandra, thus the RELEASE NAME would be dev-cassandra.
-Now we need to obtain the chart name for casssandra. Use the below
+Now we need to obtain the chart name for cassandra. Use the below
command to get the chart name::
> helm search cassandra
@@ -584,15 +585,15 @@ Below is the example for the same::
local/sdc-cs 8.0.0 ONAP Service Design and Creation Cassandra
Here the Name column shows the chart name. As we want to try the scale
-operation for cassandra, thus the correponding chart name is local/cassandra
+operation for cassandra, thus the corresponding chart name is local/cassandra
Now we have both the command's arguments, thus we can perform the
-scale opeartion for cassandra as follows::
+scale operation for cassandra as follows::
> helm upgrade dev-cassandra local/cassandra --set replicaCount=3
-Using this command we can scale up or scale down the cassadra db instances.
+Using this command we can scale up or scale down the cassandra db instances.
The ONAP components use Kubernetes provided facilities to build clustered,
diff --git a/docs/release-notes-beijing.rst b/docs/release-notes-beijing.rst
index 1172a086d2..84f86c100d 100644
--- a/docs/release-notes-beijing.rst
+++ b/docs/release-notes-beijing.rst
@@ -231,7 +231,7 @@ Bug
* [`OOM-514 <https://jira.onap.org/browse/OOM-514>`_] - Readiness prob fails sometimes even though the relevant pods are running
* [`OOM-539 <https://jira.onap.org/browse/OOM-539>`_] - Kube2MSB registrator doesn't support https REST service registration
* [`OOM-570 <https://jira.onap.org/browse/OOM-570>`_] - Wrong value is assigned to kube2msb AUTH_TOKEN environment variable
-* [`OOM-574 <https://jira.onap.org/browse/OOM-574>`_] - OOM configuration for robot doesnt copy heat templatese in dockerdata-nfs
+* [`OOM-574 <https://jira.onap.org/browse/OOM-574>`_] - OOM configuration for robot does not copy heat templatese in dockerdata-nfs
* [`OOM-577 <https://jira.onap.org/browse/OOM-577>`_] - Incorrect evaluation of bash command in yaml template file (portal-vnc-dep.yaml)
* [`OOM-578 <https://jira.onap.org/browse/OOM-578>`_] - Hard coded token in oom/kubernetes/kube2msb/values.yaml file
* [`OOM-589 <https://jira.onap.org/browse/OOM-589>`_] - Can not acces CLI in vnc-portal
@@ -299,7 +299,7 @@ Bug
* [`OOM-913 <https://jira.onap.org/browse/OOM-913>`_] - Consul agent pod is failing
* [`OOM-916 <https://jira.onap.org/browse/OOM-916>`_] - Used to fix testing issues related to usability
* [`OOM-918 <https://jira.onap.org/browse/OOM-918>`_] - Policy - incorrect configmap mount causes base.conf to disappear
-* [`OOM-920 <https://jira.onap.org/browse/OOM-920>`_] - Issue with CLAMP configuation
+* [`OOM-920 <https://jira.onap.org/browse/OOM-920>`_] - Issue with CLAMP configuration
* [`OOM-921 <https://jira.onap.org/browse/OOM-921>`_] - align onap/values.yaml and onap/resources/environments/dev.yaml - different /dockerdata-nfs
* [`OOM-926 <https://jira.onap.org/browse/OOM-926>`_] - Disable clustering for APP-C out-of-the-box
* [`OOM-927 <https://jira.onap.org/browse/OOM-927>`_] - Need a production grade configuration override file of ONAP deployment
@@ -316,7 +316,7 @@ Bug
* [`OOM-948 <https://jira.onap.org/browse/OOM-948>`_] - make vfc got an error
* [`OOM-951 <https://jira.onap.org/browse/OOM-951>`_] - Update APPC charts based on on changes for ccsdk and Nitrogen ODL
* [`OOM-953 <https://jira.onap.org/browse/OOM-953>`_] - switch aai haproxy/hbase repo from hub.docker.com to nexus3
-* [`OOM-958 <https://jira.onap.org/browse/OOM-958>`_] - SDC-be deployment missing environment paramter
+* [`OOM-958 <https://jira.onap.org/browse/OOM-958>`_] - SDC-be deployment missing environment parameter
* [`OOM-964 <https://jira.onap.org/browse/OOM-964>`_] - SDC Healthcheck failure on sdc-be and sdc-kb containers down
* [`OOM-968 <https://jira.onap.org/browse/OOM-968>`_] - warning on default deployment values.yaml
* [`OOM-969 <https://jira.onap.org/browse/OOM-969>`_] - oomk8s images have no Dockerfile's
@@ -330,7 +330,7 @@ Bug
* [`OOM-993 <https://jira.onap.org/browse/OOM-993>`_] - AAI model-loader.properties not in sync with project file
* [`OOM-994 <https://jira.onap.org/browse/OOM-994>`_] - DCAE cloudify controller docker image 1.1.0 N/A - use 1.2.0/1.3.0
* [`OOM-1003 <https://jira.onap.org/browse/OOM-1003>`_] - dcae-cloudify-manager chart references obsolete image version
-* [`OOM-1004 <https://jira.onap.org/browse/OOM-1004>`_] - aai-resources constantly fails due to cassanda hostname
+* [`OOM-1004 <https://jira.onap.org/browse/OOM-1004>`_] - aai-resources constantly fails due to cassandra hostname
* [`OOM-1005 <https://jira.onap.org/browse/OOM-1005>`_] - AAI Widgets not loading due to duplicate volumes
* [`OOM-1007 <https://jira.onap.org/browse/OOM-1007>`_] - Update dcae robot health check config
* [`OOM-1008 <https://jira.onap.org/browse/OOM-1008>`_] - Set default consul server replica count to 1
@@ -366,7 +366,7 @@ Bug
* [`OOM-1068 <https://jira.onap.org/browse/OOM-1068>`_] - Update SO with new AAI cert
* [`OOM-1076 <https://jira.onap.org/browse/OOM-1076>`_] - some charts still using readiness check image from amsterdam 1.x
* [`OOM-1077 <https://jira.onap.org/browse/OOM-1077>`_] - AAI resources and traversal deployment failure on non-rancher envs
-* [`OOM-1079 <https://jira.onap.org/browse/OOM-1079>`_] - Robot charts dont allow over ride of pub_key, dcae_collector_ip and dcae_collector_port
+* [`OOM-1079 <https://jira.onap.org/browse/OOM-1079>`_] - Robot charts do not allow over ride of pub_key, dcae_collector_ip and dcae_collector_port
* [`OOM-1081 <https://jira.onap.org/browse/OOM-1081>`_] - Remove component 'mock' from TOSCA deployment
* [`OOM-1082 <https://jira.onap.org/browse/OOM-1082>`_] - Wrong pv location of dcae postgres
* [`OOM-1085 <https://jira.onap.org/browse/OOM-1085>`_] - appc hostname is incorrect in url
diff --git a/docs/release-notes-casablanca.rst b/docs/release-notes-casablanca.rst
index 6a6a196b6b..6b857309aa 100644
--- a/docs/release-notes-casablanca.rst
+++ b/docs/release-notes-casablanca.rst
@@ -30,7 +30,7 @@ areas:
class provisioner
* CPU and Memory limits in Helm Charts to improve Pod placement based on
- resource availablity in Kubernetes Cluster
+ resource availability in Kubernetes Cluster
* Support of Node Selectors for Pod placement
diff --git a/docs/release-notes-dublin.rst b/docs/release-notes-dublin.rst
index 1974756ea3..7a32297210 100644
--- a/docs/release-notes-dublin.rst
+++ b/docs/release-notes-dublin.rst
@@ -27,7 +27,7 @@ Summary
**Platform Resiliency**
-* Documenation of a Highly-Available Kubernetes Cluster Deployment
+* Documentation of a Highly-Available Kubernetes Cluster Deployment
* Availability of a Default Storage Class Provisioner for improved Persistent
Storage resiliency
* Availability of a CNI reference integration for Multi-site support
diff --git a/docs/release-notes-elalto.rst b/docs/release-notes-elalto.rst
index bbbf271a5f..b4059028e5 100644
--- a/docs/release-notes-elalto.rst
+++ b/docs/release-notes-elalto.rst
@@ -26,7 +26,7 @@ Version 5.0.1 (El Alto Release)
Summary
-------
-The focus of this release was on maintanence and as such no new features were
+The focus of this release was on maintenance and as such no new features were
delivered.
A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726
diff --git a/docs/release-notes-honolulu.rst b/docs/release-notes-honolulu.rst
new file mode 100644
index 0000000000..59f40ec0fa
--- /dev/null
+++ b/docs/release-notes-honolulu.rst
@@ -0,0 +1,162 @@
+.. This work is licensed under a Creative Commons Attribution 4.0
+ International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ONAP Project and its contributors
+.. _release_notes_honolulu:
+
+:orphan:
+
+*************************************
+ONAP Operations Manager Release Notes
+*************************************
+
+Previous Release Notes
+======================
+
+- :ref:`Guilin <release_notes_guilin>`
+- :ref:`Frankfurt <release_notes_frankfurt>`
+- :ref:`El Alto <release_notes_elalto>`
+- :ref:`Dublin <release_notes_dublin>`
+- :ref:`Casablanca <release_notes_casablanca>`
+- :ref:`Beijing <release_notes_beijing>`
+- :ref:`Amsterdam <release_notes_amsterdam>`
+
+Abstract
+========
+
+This document provides the release notes for the Honolulu release.
+
+Summary
+=======
+
+The focus of this release is to strengthen the foundation of OOM installer.
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------+
+| **Docker images** | N/A |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | Honolulu |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | 2021/04/29 |
+| | |
++--------------------------------------+--------------------------------------+
+
+New features
+------------
+
+* Kubernetes support for version up to 1.20
+* Helm support for version up to 3.5
+* Limits are set for most of the components
+* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack
+* CMPv2 external issuer implemented which extends Cert-Manager with ability to
+ enroll X.509 certificates from CMPv2 servers
+* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual
+ Stack
+* Bump version of common PostgreSQL and ElasticSearch
+* Move to automatic certificates retrieval for 80% of the components
+* Consistent retrieval of docker images, with ability to configure proxy for
+ the 4 repositories used by ONAP
+
+**Bug fixes**
+
+A list of issues resolved in this release can be found here:
+https://jira.onap.org/projects/OOM/versions/11073
+
+major issues solved:
+
+* Better handling of persistence on PostgreSQL
+* Better Ingress templating
+* Better Service templating
+
+**Known Issues**
+
+- `OOM-2554 <https://jira.onap.org/browse/OOM-2554>`_ Common pods have java 8
+- `OOM-2435 <https://jira.onap.org/browse/OOM-2435>`_ SDNC karaf shell:
+ log:list: Error executing command: Unrecognized configuration
+- `OOM-2629 <https://jira.onap.org/browse/OOM-2629>`_ NetBox demo entry setup
+ not complete
+- `OOM-2706 <https://jira.onap.org/browse/OOM-2706>`_ CDS Blueprint Processor
+ does not work with local DB
+- `OOM-2713 <https://jira.onap.org/browse/OOM-2713>`_ Problem on onboarding
+ custom cert to SDNC ONAP during deployment
+- `OOM-2698 <https://jira.onap.org/browse/OOM-2698>`_ SO helm override fails in
+ for value with multi-level replacement
+- `OOM-2697 <https://jira.onap.org/browse/OOM-2697>`_ SO with local MariaDB
+ deployment fails
+- `OOM-2538 <https://jira.onap.org/browse/OOM-2538>`_ strange error with
+ CertInitializer template
+- `OOM-2547 <https://jira.onap.org/browse/OOM-2547>`_ Health Check failures
+ seen after bringing down/up control plane & worker node VM instances on which
+ ONAP hosted
+- `OOM-2699 <https://jira.onap.org/browse/OOM-2699>`_ SO so-mariadb
+ readinessCheck fails for local MariaDB instance
+- `OOM-2705 <https://jira.onap.org/browse/OOM-2705>`_ SDNC DB installation fails
+ on local MariaDB instance
+- `OOM-2603 <https://jira.onap.org/browse/OOM-2603>`_ [SDNC] allign password for
+ scaleoutUser/restconfUser/odlUser
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+
+OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
+"compiled" into Helm package. see step 6 in
+:doc:`quickstart guide <oom_quickstart_guide>`.
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :doc:`Project Description <oom_project_description>`
+- :doc:`Cloud Setup Guide <oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <oom_setup_ingress_controller>`
+- :doc:`Developer Guide <oom_developer_guide>`
+- :doc:`Hardcoded Certificates <oom_hardcoded_certificates>`
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+Known Vulnerabilities
+---------------------
+
+- Hard coded password used for all OOM deployments
+ [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
+
+Workarounds
+-----------
+
+- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
+ Workaround is to generate a password with "short" strength or pregenerate
+ passwords without single quote in it. Default deployment is using "short"
+ password generation for mariadb.
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+References
+==========
+
+For more information on the ONAP Frankfurt release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index ae0ea457f5..bb9c2e888c 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -11,6 +11,7 @@ ONAP Operations Manager Release Notes
Previous Release Notes
======================
+- :ref:`Honolulu <release_notes_honolulu>`
- :ref:`Guilin <release_notes_guilin>`
- :ref:`Frankfurt <release_notes_frankfurt>`
- :ref:`El Alto <release_notes_elalto>`
@@ -22,12 +23,12 @@ Previous Release Notes
Abstract
========
-This document provides the release notes for the Honolulu release.
+This document provides the release notes for the Istanbul release.
Summary
=======
-The focus of this release is to strengthen the foundation of OOM installer.
+
Release Data
============
@@ -39,66 +40,25 @@ Release Data
| **Docker images** | N/A |
| | |
+--------------------------------------+--------------------------------------+
-| **Release designation** | Honolulu |
+| **Release designation** | Istanbul |
| | |
+--------------------------------------+--------------------------------------+
-| **Release date** | 2021/04/29 |
+| **Release date** | |
| | |
+--------------------------------------+--------------------------------------+
New features
------------
-* Kubernetes support for version up to 1.20
-* Helm support for version up to 3.5
-* Limits are set for most of the components
-* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack
-* CMPv2 external issuer implemented which extends Cert-Manager with ability to
- enroll X.509 certificates from CMPv2 servers
-* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual
- Stack
-* Bump version of common PostgreSQL and ElasticSearch
-* Move to automatic certificates retrieval for 80% of the components
-* Consistent retrieval of docker images, with ability to configure proxy for
- the 4 repositories used by ONAP
**Bug fixes**
A list of issues resolved in this release can be found here:
-https://jira.onap.org/projects/OOM/versions/11073
-
-major issues solved:
+https://jira.onap.org/projects/OOM/versions/11074
-* Better handling of persistence on PostgreSQL
-* Better Ingress templating
-* Better Service templating
**Known Issues**
-- `OOM-2554 <https://jira.onap.org/browse/OOM-2554>`_ Common pods have java 8
-- `OOM-2435 <https://jira.onap.org/browse/OOM-2435>`_ SDNC karaf shell:
- log:list: Error executing command: Unrecognized configuration
-- `OOM-2629 <https://jira.onap.org/browse/OOM-2629>`_ NetBox demo entry setup
- not complete
-- `OOM-2706 <https://jira.onap.org/browse/OOM-2706>`_ CDS Blueprint Processor
- does not work with local DB
-- `OOM-2713 <https://jira.onap.org/browse/OOM-2713>`_ Problem on onboarding
- custom cert to SDNC ONAP during deployment
-- `OOM-2698 <https://jira.onap.org/browse/OOM-2698>`_ SO helm override fails in
- for value with multi-level replacement
-- `OOM-2697 <https://jira.onap.org/browse/OOM-2697>`_ SO with local MariaDB
- deployment fails
-- `OOM-2538 <https://jira.onap.org/browse/OOM-2538>`_ strange error with
- CertInitializer template
-- `OOM-2547 <https://jira.onap.org/browse/OOM-2547>`_ Health Check failures
- seen after bringing down/up control plane & worker node VM instances on which
- ONAP hosted
-- `OOM-2699 <https://jira.onap.org/browse/OOM-2699>`_ SO so-mariadb
- readinessCheck fails for local MariaDB instance
-- `OOM-2705 <https://jira.onap.org/browse/OOM-2705>`_ SDNC DB installation fails
- on local MariaDB instance
-- `OOM-2603 <https://jira.onap.org/browse/OOM-2603>`_ [SDNC] allign password for
- scaleoutUser/restconfUser/odlUser
Deliverables
------------
@@ -126,17 +86,27 @@ Known Limitations, Issues and Workarounds
Known Vulnerabilities
---------------------
-- Hard coded password used for all OOM deployments
- [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
-- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
Workarounds
-----------
-- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
- Workaround is to generate a password with "short" strenght or pregenerate
- passwords without single quote in it. Default deployment is using "short"
- password generation for mariadb.
+- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_
+ Because of *updateEndpoint* property added to *cmpv2issuer* CRD
+ it is impossible to upgrade platform component from Honolulu to Istanbul
+ release without manual steps. Actions that should be performed:
+
+ #. Update the CRD definition::
+
+ > kubectl -n onap apply -f oom/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
+ #. Upgrade the component::
+
+ > helm -n onap upgrade dev-platform oom/kubernetes/platform
+ #. Make sure that *cmpv2issuer* contains correct value for
+ *spec.updateEndpoint*. The value should be: *v1/certificate-update*.
+ If it's not, edit the resource::
+
+ > kubectl -n onap edit cmpv2issuer cmpv2-issuer-onap
+
Security Notes
--------------
@@ -146,7 +116,7 @@ Security Notes
References
==========
-For more information on the ONAP Frankfurt release, please see:
+For more information on the ONAP Istanbul release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt
index 1c1895acf6..edffc4b5d7 100644
--- a/docs/requirements-docs.txt
+++ b/docs/requirements-docs.txt
@@ -1,16 +1,9 @@
-tox
-Sphinx
-doc8
-docutils
-setuptools
-six
-sphinx_rtd_theme>=0.4.3
-sphinxcontrib-blockdiag
+lfdocs-conf~=0.7.5
+funcparserlib~=1.0.0a0
+sphinxcontrib.blockdiag~=2.0.0
sphinxcontrib-needs<0.6.0
-sphinxcontrib-nwdiag
-sphinxcontrib-redoc
-sphinxcontrib-seqdiag
-sphinxcontrib-swaggerdoc
-sphinxcontrib-plantuml
-sphinx_bootstrap_theme
-lfdocs-conf
+sphinxcontrib.plantuml~=0.21
+sphinxcontrib.nwdiag~=2.0.0
+sphinxcontrib-seqdiag~=2.0.0
+sphinxcontrib-swaggerdoc~=0.1.7
+sphinx-rtd-theme~=1.0.0
diff --git a/docs/slave_nfs_node.sh b/docs/slave_nfs_node.sh
index fb2e230b7a..1035ff5ad6 100644
--- a/docs/slave_nfs_node.sh
+++ b/docs/slave_nfs_node.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
usage () {
echo "Usage:"
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index c860d4aa00..5140ec258f 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -1,5 +1,6 @@
AAF
AAI
+ACL
adaptor
Adaptor
adaptors
@@ -59,6 +60,7 @@ Fcaps
Financials
geocoder
Gerrit
+Git
Github
graphSON
guestOS
@@ -141,6 +143,7 @@ Junit
JUnit
Junits
JUnits
+Karaf
keypair
Keypair
keypairs
@@ -155,6 +158,7 @@ keytool
keyValue
Kibana
Kibibytes
+kubectl
Kubernetes
LF
lifecycle
@@ -173,6 +177,7 @@ macAddress
MacAddress
macOS
Malware
+MariaDB
metadata
Metadata
microservice
@@ -217,14 +222,18 @@ onboarding
Onboarding
online
OOF
+oom
OOM
OpenDaylight
+OpenFlow
openo
OpenO
Opensource
Openstack
OpenStack
OSS
+ovs
+ovsdb
Pandoc
partitionKey
Partitionkey
@@ -272,6 +281,7 @@ refactored
Refactored
registrator
Registrator
+releng
repo
Repo
repos
diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml
index ba5f5d5ea3..401f2e3c9f 100644
--- a/kubernetes/a1policymanagement/requirements.yaml
+++ b/kubernetes/a1policymanagement/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml
index 54ee1515bc..1d25f31e7f 100644
--- a/kubernetes/a1policymanagement/templates/statefulset.yaml
+++ b/kubernetes/a1policymanagement/templates/statefulset.yaml
@@ -106,6 +106,7 @@ spec:
- name: {{ include "common.fullname" . }}
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 4768349736..07d12343a8 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -21,7 +21,7 @@
global:
nodePortPrefix: 302
persistence: {}
-
+
secrets:
- uid: controller-secret
type: basicAuth
@@ -63,7 +63,7 @@ certInitializer:
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.1.3
+image: onap/ccsdk-oran-a1policymanagementservice:1.2.1
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
@@ -159,4 +159,8 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: nonrtric/policymanagementservice
-
+#Pods Service Account
+serviceAccount:
+ nameOverride: a1policymanagement
+ roles:
+ - read
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 84bd723aad..298274ed0f 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -62,7 +62,7 @@ so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|roo
so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
+so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
tester1@test.portal.onap.org|tester1|aaf|/||mailto:|org.onap.portal.test|root|30||@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties
new file mode 100644
index 0000000000..21ed6cd9ee
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties
@@ -0,0 +1,14 @@
+server.port=9516
+{{ if ( include "common.needTLS" .) }}
+server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+server.ssl.client-auth=need
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
+
+server.servlet.context-path=/services/babel-service
+
+logging.config=${CONFIG_HOME}/logback.xml
+
+tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json
diff --git a/kubernetes/aai/components/aai-babel/resources/config/logback.xml b/kubernetes/aai/components/aai-babel/resources/config/logback.xml
index 878d8c05d0..c29da77d84 100644
--- a/kubernetes/aai/components/aai-babel/resources/config/logback.xml
+++ b/kubernetes/aai/components/aai-babel/resources/config/logback.xml
@@ -28,20 +28,20 @@
<property name="debugLogName" value="debug" />
<property name="errorLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
<property name="auditLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
<property name="metricsLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- ============================================================================ -->
<appender name="EELF"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${generalLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
@@ -66,7 +66,7 @@
from other components, or it can be eliminated to record these events as part of the application root log. -->
<appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
@@ -83,7 +83,7 @@
</appender>
<appender name="EELFMetrics"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
@@ -101,7 +101,7 @@
</appender>
<appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>
${logDirectory}/${debugLogName}.log
</file>
@@ -119,9 +119,9 @@
<!-- allow only events with a level below INFO, that is TRACE and DEBUG -->
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
<evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>
- e.level.toInt() &lt; INFO.toInt()
- </expression>
+ <expression>
+ e.level.toInt() &lt; INFO.toInt()
+ </expression>
</evaluator>
<OnMismatch>DENY</OnMismatch>
<OnMatch>NEUTRAL</OnMatch>
diff --git a/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json
index fa3a9c9952..65798e1972 100644
--- a/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json
+++ b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json
@@ -1,193 +1,193 @@
{
- "instanceGroupTypes": [
- "org.openecomp.groups.NetworkCollection",
- "org.openecomp.groups.VfcInstanceGroup",
- "org.openecomp.groups.ResourceInstanceGroup"
- ],
- "widgetTypes": [
- {
- "type": "SERVICE",
- "name": "service-instance",
- "deleteFlag": true,
- "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9",
- "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4"
- },
- {
- "type": "VF",
- "name": "generic-vnf",
- "deleteFlag": true,
- "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9",
- "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c"
- },
- {
- "type": "VFC",
- "name": "vnfc",
- "deleteFlag": true,
- "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec",
- "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766"
- },
- {
- "type": "VSERVER",
- "name": "vserver",
- "deleteFlag": true,
- "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53",
- "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7"
- },
- {
- "type": "VOLUME",
- "name": "volume",
- "deleteFlag": true,
- "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d",
- "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42"
- },
- {
- "type": "FLAVOR",
- "name": "flavor",
- "deleteFlag": false,
- "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b",
- "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f"
- },
- {
- "type": "TENANT",
- "name": "tenant",
- "deleteFlag": false,
- "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545",
- "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6"
- },
- {
- "type": "VOLUME_GROUP",
- "name": "volume-group",
- "deleteFlag": true,
- "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79",
- "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd"
- },
- {
- "type": "LINT",
- "name": "l-interface",
- "deleteFlag": true,
- "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a",
- "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060"
- },
- {
- "type": "L3_NET",
- "name": "l3-network",
- "deleteFlag": true,
- "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1",
- "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a"
- },
- {
- "type": "VFMODULE",
- "name": "vf-module",
- "deleteFlag": true,
- "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a",
- "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5"
- },
- {
- "type": "IMAGE",
- "name": "image",
- "deleteFlag": false,
- "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932",
- "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90"
- },
- {
- "type": "OAM_NETWORK",
- "name": "oam-network",
- "deleteFlag": true,
- "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79",
- "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35"
- },
- {
- "type": "ALLOTTED_RESOURCE",
- "name": "allotted-resource",
- "deleteFlag": true,
- "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564",
- "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381"
- },
- {
- "type": "TUNNEL_XCONNECT",
- "name": "tunnel-xconnect",
- "deleteFlag": true,
- "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5",
- "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8"
- },
- {
- "type": "CONFIGURATION",
- "name": "configuration",
- "deleteFlag": true,
- "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b",
- "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf"
- },
- {
- "type": "CR",
- "name": "cr",
- "deleteFlag": true,
- "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d",
- "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23"
- },
- {
- "type": "INSTANCE_GROUP",
- "name": "instance-group",
- "deleteFlag": true,
- "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128",
- "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd"
- },
- {
- "type": "PNF",
- "name": "pnf",
- "deleteFlag": true,
- "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687",
- "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a"
- }
- ],
- "widgetMappings": [
- {
- "prefix": "org.openecomp.resource.vfc",
- "type": "widget",
- "widget": "VSERVER",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.cp",
- "type": "widget",
- "widget": "LINT",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.cp",
- "type": "widget",
- "widget": "LINT",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.vl",
- "widget": "L3_NET",
- "deleteFlag": false
- },
- {
- "prefix": "org.openecomp.resource.vf",
- "widget": "VF",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.groups.vfmodule",
- "widget": "VFMODULE",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.groups.VfModule",
- "widget": "VFMODULE",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
- "type": "widget",
- "widget": "VOLUME",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.pnf",
- "widget": "PNF",
- "deleteFlag": true
- }
- ]
+ "instanceGroupTypes": [
+ "org.openecomp.groups.NetworkCollection",
+ "org.openecomp.groups.VfcInstanceGroup",
+ "org.openecomp.groups.ResourceInstanceGroup"
+ ],
+ "widgetTypes": [
+ {
+ "type": "SERVICE",
+ "name": "service-instance",
+ "deleteFlag": true,
+ "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9",
+ "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4"
+ },
+ {
+ "type": "VF",
+ "name": "generic-vnf",
+ "deleteFlag": true,
+ "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9",
+ "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c"
+ },
+ {
+ "type": "VFC",
+ "name": "vnfc",
+ "deleteFlag": true,
+ "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec",
+ "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766"
+ },
+ {
+ "type": "VSERVER",
+ "name": "vserver",
+ "deleteFlag": true,
+ "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53",
+ "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7"
+ },
+ {
+ "type": "VOLUME",
+ "name": "volume",
+ "deleteFlag": true,
+ "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d",
+ "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42"
+ },
+ {
+ "type": "FLAVOR",
+ "name": "flavor",
+ "deleteFlag": false,
+ "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b",
+ "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f"
+ },
+ {
+ "type": "TENANT",
+ "name": "tenant",
+ "deleteFlag": false,
+ "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545",
+ "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6"
+ },
+ {
+ "type": "VOLUME_GROUP",
+ "name": "volume-group",
+ "deleteFlag": true,
+ "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79",
+ "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd"
+ },
+ {
+ "type": "LINT",
+ "name": "l-interface",
+ "deleteFlag": true,
+ "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a",
+ "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060"
+ },
+ {
+ "type": "L3_NET",
+ "name": "l3-network",
+ "deleteFlag": true,
+ "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1",
+ "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a"
+ },
+ {
+ "type": "VFMODULE",
+ "name": "vf-module",
+ "deleteFlag": true,
+ "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a",
+ "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5"
+ },
+ {
+ "type": "IMAGE",
+ "name": "image",
+ "deleteFlag": false,
+ "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932",
+ "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90"
+ },
+ {
+ "type": "OAM_NETWORK",
+ "name": "oam-network",
+ "deleteFlag": true,
+ "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79",
+ "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35"
+ },
+ {
+ "type": "ALLOTTED_RESOURCE",
+ "name": "allotted-resource",
+ "deleteFlag": true,
+ "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564",
+ "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381"
+ },
+ {
+ "type": "TUNNEL_XCONNECT",
+ "name": "tunnel-xconnect",
+ "deleteFlag": true,
+ "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5",
+ "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8"
+ },
+ {
+ "type": "CONFIGURATION",
+ "name": "configuration",
+ "deleteFlag": true,
+ "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b",
+ "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf"
+ },
+ {
+ "type": "CR",
+ "name": "cr",
+ "deleteFlag": true,
+ "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d",
+ "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23"
+ },
+ {
+ "type": "INSTANCE_GROUP",
+ "name": "instance-group",
+ "deleteFlag": true,
+ "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128",
+ "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd"
+ },
+ {
+ "type": "PNF",
+ "name": "pnf",
+ "deleteFlag": true,
+ "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687",
+ "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a"
+ }
+ ],
+ "widgetMappings": [
+ {
+ "prefix": "org.openecomp.resource.vfc",
+ "type": "widget",
+ "widget": "VSERVER",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vl",
+ "widget": "L3_NET",
+ "deleteFlag": false
+ },
+ {
+ "prefix": "org.openecomp.resource.vf",
+ "widget": "VF",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.vfmodule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.VfModule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
+ "type": "widget",
+ "widget": "VOLUME",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.pnf",
+ "widget": "PNF",
+ "deleteFlag": true
+ }
+ ]
}
diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml
index db54ce14f2..87a29db457 100644
--- a/kubernetes/aai/components/aai-babel/templates/service.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/service.yaml
@@ -32,11 +32,11 @@ spec:
{{- if eq .Values.service.type "NodePort" }}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else }}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end }}
selector:
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 4a2246793e..14a2993c2a 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -24,7 +24,7 @@ global: {}
#################################################################
# application image
-image: onap/babel:1.8.0
+image: onap/babel:1.9.1
flavor: small
flavorOverride: small
@@ -55,7 +55,7 @@ readiness:
service:
type: NodePort
- portName: babel
+ portName: http
externalPort: 9516
internalPort: 9516
nodePort: 79
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
index e62ba07bfd..512e906b00 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
@@ -24,20 +24,28 @@ aai.config.checktime=1000
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 8cefebc825..367e9038cd 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -33,7 +33,7 @@ server.servlet.context-path=/
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.config.profiles.active }}
+spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -48,6 +48,7 @@ server.local.startpath=aai-graphadmin/src/main/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
@@ -55,11 +56,15 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
@@ -91,23 +96,28 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.rdbmsname=aai_relational
-aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+
aperture.service.base.url=http://localhost:8457/aai/aperture
+{{ if ( include "common.needTLS" .) }}
aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.service.timeout-in-milliseconds=300000
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml
index c84cb5a62f..449ea3032c 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml
@@ -20,22 +20,22 @@
*/}}
-->
<configuration>
- <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
- <appender name="ACCESS"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
- </encoder>
- </appender>
- <appender-ref ref="ACCESS" />
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
</configuration>
-<!--
+<!--
%a - Remote IP address
%A - Local IP address
%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml
index 7f055cf51f..95b8140e0b 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml
@@ -27,13 +27,13 @@
<property name="AJSC_HOME" value="${AJSC_HOME:-.}"/>
<property name="logDirectory" value="${AJSC_HOME}/logs"/>
<!-- Old patterns
- <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
<property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
- -->
+ -->
<property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
<property name="p_lvl" value="%level"/>
<property name="p_log" value="%logger"/>
@@ -55,8 +55,8 @@
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>
- %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
- </pattern>
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ </pattern>
</encoder>
</appender>
<appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
@@ -65,8 +65,7 @@
<fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
</encoder>
</appender>
<appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
@@ -77,8 +76,7 @@
<appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/rest/metrics.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${metricPattern}</pattern>
@@ -128,7 +126,7 @@
<file>${logDirectory}/rest/audit.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ </fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${auditPattern}</pattern>
@@ -147,8 +145,7 @@
</filter>
<file>${logDirectory}/rest/translog.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${transLogPattern}</pattern>
@@ -165,8 +162,7 @@
</filter>
<File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${"errorPattern"}</pattern>
@@ -195,8 +191,7 @@
</filter>
<File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
@@ -211,7 +206,7 @@
<File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ </fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${metricPattern}</pattern>
@@ -224,7 +219,7 @@
<file>${logDirectory}/external/external.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ </fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
@@ -749,8 +744,7 @@
<logger name="ajsc.UserDefinedJarService" level="WARN"/>
<logger name="ajsc.UserDefinedBeansDefService" level="WARN"/>
<logger name="ajsc.LoggingConfigurationService" level="WARN"/>
- <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
- logging) -->
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet logging) -->
<logger name="org.codehaus.groovy" level="WARN"/>
<logger name="com.att.scamper" level="WARN"/>
<logger name="ajsc.utils" level="WARN"/>
@@ -770,8 +764,7 @@
<logger name="org.apache.commons" level="WARN"/>
<logger name="org.apache.coyote" level="WARN"/>
<logger name="org.apache.jasper" level="WARN"/>
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. May aid in troubleshooting) -->
<logger name="org.apache.camel" level="WARN"/>
<logger name="org.apache.cxf" level="WARN"/>
<logger name="org.apache.camel.processor.interceptor" level="WARN"/>
@@ -789,11 +782,9 @@
<!-- logback jms appenders & loggers definition starts here -->
<appender name="auditLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
<filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
- <file>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log
- </file>
+ <file>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>9</maxIndex>
</rollingPolicy>
@@ -806,11 +797,9 @@
</appender>
<appender name="perfLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
<filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
- <file>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log
- </file>
+ <file>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>9</maxIndex>
</rollingPolicy>
@@ -827,8 +816,7 @@
</filter>
<file>${logDirectory}/auth/auth.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 791bf61004..610290061f 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -32,6 +32,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
@@ -45,6 +51,7 @@ spec:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
hostname: aai-graphadmin
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ if .Values.global.initContainers.enabled }}
initContainers:
- command:
@@ -89,6 +96,10 @@ spec:
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
@@ -125,6 +136,18 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -187,4 +210,4 @@ spec:
{{ end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index 154ad30c1a..0cdce11395 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -80,8 +80,10 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 79144680b4..7c078e9236 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -80,8 +80,10 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - createDBSchema.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh createDBSchema.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
@@ -149,5 +151,5 @@ spec:
{{ end }}
restartPolicy: Never
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
{{ end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 4b100dd97b..9b4be4e4c7 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -130,7 +130,9 @@ spec:
command:
- /bin/bash
- -c
- - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges
+ - |
+ bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
@@ -248,8 +250,10 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
index 2f7aaa960d..85165e2dc4 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -35,17 +35,16 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 03d034bf05..cdbef0dd8a 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -61,6 +61,7 @@ global: # global defaults
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will
@@ -77,11 +78,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -118,20 +119,30 @@ global: # global defaults
# application image
-image: onap/aai-graphadmin:1.8.0
+image: onap/aai-graphadmin:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
# Configuration for the graphadmin deployment
config:
# Specify the profiles for the graphadmin microservice
profiles:
- active: "dmaap,one-way-ssl"
+ # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
+ # serviceMesh.tls is set to tru
+ active: dmaap #,one-way-ssl"
# Specifies the timeout limit for the REST API requests
timeout:
@@ -200,10 +211,11 @@ readiness:
service:
type: ClusterIP
# REST API port for the graphadmin microservice
- portName: aai-graphadmin-8449
+ portName: http
internalPort: 8449
- portName2: aai-graphadmin-5005
+ portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
index 3c12026407..cd36e799d6 100644
--- a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
@@ -27,7 +27,7 @@
<property name="debugLogName" value="debug" />
<property name="errorLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
<property name="auditMetricPattern" value="%m%n" />
<property name="logDirectory" value="${logDir}/${componentName}" />
@@ -47,7 +47,7 @@
log -->
<appender name="EELF"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${generalLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
@@ -67,7 +67,7 @@
</appender>
<appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
@@ -83,7 +83,7 @@
</appender>
<appender name="EELFMetrics"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
@@ -99,7 +99,7 @@
</appender>
<appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
index 772fa0da1b..41b855490a 100644
--- a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
@@ -16,13 +16,19 @@
# Model Loader Distribution Client Configuration
*/}}
ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
+{{ if ( include "common.needTLS" .) }}
ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
-ml.distribution.CONSUMER_GROUP=aai-ml-group
-ml.distribution.CONSUMER_ID=aai-ml
-ml.distribution.ENVIRONMENT_NAME=AUTO
+ml.distribution.ASDC_USE_HTTPS=true
ml.distribution.KEYSTORE_PASSWORD=
ml.distribution.KEYSTORE_FILE=asdc-client.jks
ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+{{ else }}
+ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
+ml.distribution.ASDC_USE_HTTPS=false
+{{ end }}
+ml.distribution.CONSUMER_GROUP=aai-ml-group
+ml.distribution.CONSUMER_ID=aai-ml
+ml.distribution.ENVIRONMENT_NAME=AUTO
ml.distribution.POLLING_INTERVAL=30
ml.distribution.POLLING_TIMEOUT=20
ml.distribution.USER=aai
@@ -30,19 +36,26 @@ ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR
ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}}
# Model Loader AAI REST Client Configuration
+{{ if ( include "common.needTLS" .) }}
ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443
+ml.aai.KEYSTORE_FILE=aai-os-cert.p12
+ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+{{ else }}
+ml.aai.BASE_URL=http://aai.{{.Release.Namespace}}:8080
+{{ end }}
ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/
ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/
ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images
-ml.aai.KEYSTORE_FILE=aai-os-cert.p12
-ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+
ml.aai.AUTH_USER=ModelLoader
ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw
# Model Loader Babel REST Client Configuration\r
-ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516
+ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516
ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
+{{ if ( include "common.needTLS" .) }}
ml.babel.KEYSTORE_FILE=babel-client-cert.p12
ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
ml.babel.TRUSTSTORE_FILE=tomcat_keystore
ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+{{ end }}
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index 5da0e5736f..96780757c0 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -21,7 +21,7 @@ global: # global defaults
# application image
-image: onap/model-loader:1.8.0
+image: onap/model-loader:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -50,11 +50,11 @@ readiness:
service:
type: NodePort
- portName: aai-modelloader
+ portName: http
externalPort: 8080
internalPort: 8080
nodePort: 10
- portName2: aai-modelloader-ssl
+ portName2: https
externalPort2: 8443
internalPort2: 8443
nodePort2: 29
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
index 0d51326f3b..2e6fd25c2b 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
@@ -38,9 +38,15 @@ aai.config.checktime=1000
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
{{ if .Values.global.config.basic.auth.enabled }}
aai.tools.enableBasicAuth=true
@@ -48,10 +54,12 @@ aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties
index 70ebd3ac54..78a07f2a0f 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties
@@ -27,9 +27,9 @@ spring.jersey.type=filter
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -44,6 +44,7 @@ server.local.startpath=aai-resources/src/main/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8447
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
@@ -51,11 +52,15 @@ server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIn
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
@@ -87,13 +92,15 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" ( include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 501a706f47..fd4b1c3dc1 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -29,6 +29,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
@@ -72,6 +78,7 @@ spec:
{{- end }}
spec:
hostname: aai-resources
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
@@ -125,6 +132,10 @@ spec:
value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
value: {{ .Values.certInitializer.truststorePassword }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
@@ -173,6 +184,18 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index e4f84a963d..46118461d1 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -30,13 +30,13 @@ spec:
{{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
{{- end }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index c2658a5503..42692dd544 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -33,6 +33,8 @@ global: # global defaults
migration:
enabled: false
+ aafEnabled: false
+
config:
# Specifies that the cluster connected to a dynamic
# cluster being spinned up by kubernetes deployment
@@ -49,7 +51,8 @@ global: # global defaults
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth #,keycloak
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
+ active: production,dmaap #,aaf-auth
# Notification event specific properties
notification:
@@ -74,11 +77,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -154,13 +157,21 @@ certInitializer:
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-resources:1.8.2
+image: onap/aai-resources:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
# Configuration for the resources deployment
config:
@@ -216,10 +227,11 @@ readiness:
service:
type: ClusterIP
- portName: aai-resources-8447
+ portName: http
internalPort: 8447
- portName2: aai-resources-5005
+ portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
index b107cd4f3a..b0ed0e89a0 100644
--- a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
@@ -19,20 +19,28 @@
# ============LICENSE_END=========================================================
*/}}
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties
index 499fa96cd5..ad700dce6e 100644
--- a/kubernetes/aai/components/aai-schema-service/config/application.properties
+++ b/kubernetes/aai/components/aai-schema-service/config/application.properties
@@ -37,6 +37,7 @@ server.local.startpath=aai-schema-service/src/main/resources/
server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties
server.port=8452
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
@@ -44,6 +45,10 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
schema.configuration.location=N/A
schema.source.name={{ .Values.global.config.schema.source.name }}
diff --git a/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml
index c2099d6b77..d062835849 100644
--- a/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml
+++ b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml
@@ -20,22 +20,22 @@
-->
*/}}
<configuration>
- <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
- <appender name="ACCESS"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
- </encoder>
- </appender>
- <appender-ref ref="ACCESS" />
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
</configuration>
{{/*
-<!--
+<!--
%a - Remote IP address
%A - Local IP address
%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
index 66dfd493dd..b54b6be644 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/service.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
@@ -30,17 +30,16 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index e7479b8818..252df407c1 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -40,11 +40,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v23
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -74,7 +74,7 @@ global: # global defaults
- aai_keystore
# application image
-image: onap/aai-schema-service:1.8.6
+image: onap/aai-schema-service:1.9.2
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
@@ -99,9 +99,9 @@ readiness:
service:
type: ClusterIP
- portName: aai-schema-service-8452
+ portName: http
internalPort: 8452
- portName2: aai-schema-service-5005
+ portName2: tcp-5005
internalPort2: 5005
ingress:
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
index fe8bd16fa1..ee1341751f 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
@@ -18,12 +18,15 @@ oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
+{{ if ( include "common.needTLS" .) }}
oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD}
-
+{{ else }}
+oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/
+{{ end }}
# Schema Service need this variable for the time being
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
index 3c6bd4e1ad..8bd4494a2b 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
@@ -15,6 +15,7 @@
*/}}
resources.hostname=aai
+{{ if ( include "common.needTLS" .) }}
resources.port=8443
resources.authType=SSL_BASIC
resources.basicAuthUserName=aai@aai.onap.org
@@ -23,3 +24,7 @@ resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIni
resources.trust-store-password=${TRUSTSTORE_PASSWORD}
resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
resources.client-cert-password=${KEYSTORE_PASSWORD}
+{{ else }}
+resources.port=8080
+resources.authType=HTTP_NOAUTH
+{{ end }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
index 2e2351ad95..422e7ce150 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
@@ -13,8 +13,13 @@
# limitations under the License.
server.port=8000
+{{ if ( include "common.needTLS" .) }}
server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
index 120f8ac114..90cb00069e 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
@@ -22,14 +22,16 @@ spring.mvc.favicon.enabled=false
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy
+spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,{{ ( eq "true" ( include "common.needTLS" .)) | ternary "ssl" "http" }}
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
+{{ if ( include "common.needTLS" .) }}
searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
searchservice.client-cert-password=${KEYSTORE_PASSWORD}
searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 7d0dfe39e2..7c09dcd228 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -39,6 +39,7 @@ spec:
name: {{ include "common.name" . }}
spec:
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if ( include "common.needTLS" .) }}
- command:
- sh
args:
@@ -66,6 +67,7 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+ {{- end }}
- command:
- /app/ready.py
args:
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
index 4633472a3b..457b3576a0 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
@@ -30,11 +30,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 420517f8f0..342df7a5d5 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -113,7 +113,7 @@ readiness:
service:
type: NodePort
- portName: aai-sparky-be
+ portName: http
internalPort: 8000
nodePort: 20
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
index 843a90bbcd..b8a2b5fe03 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
@@ -28,20 +28,28 @@ aai.config.checktime=1000
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{else}}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
index a5e92c5a61..24a5241fe2 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -27,9 +27,8 @@ spring.jersey.type=filter
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -44,6 +43,7 @@ server.local.startpath=aai-traversal/src/main/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8446
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
@@ -51,11 +51,15 @@ server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIn
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
@@ -89,14 +93,16 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
schema.service.custom.queries.endpoint=stored-queries
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml
index 96bb197519..ca9d35bb10 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml
+++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml
@@ -30,10 +30,10 @@
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/logs" />
<!-- Old patterns
- <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
<property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
-->
<property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}" />
@@ -57,7 +57,7 @@
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>
- %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
</pattern>
</encoder>
</appender>
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index 037f811f44..277fb4bfbb 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -29,6 +29,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
@@ -91,6 +97,7 @@ spec:
{{- end }}
spec:
hostname: aai-traversal
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- /app/ready.py
@@ -144,6 +151,10 @@ spec:
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
@@ -194,6 +205,18 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
index 2eac7fe722..42f0f47bb0 100644
--- a/kubernetes/aai/components/aai-traversal/templates/job.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -69,10 +69,16 @@ spec:
- bash
- "-c"
- |
- set -x
- if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
- until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
- bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+ set -x
+ if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
+ {{- if (include "common.needTLS" .) }}
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
+ bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+ {{- else }}
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done;
+ bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{- end }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml
index fad857bb41..b54b6be644 100644
--- a/kubernetes/aai/components/aai-traversal/templates/service.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml
@@ -30,16 +30,16 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 297de15308..70f3e9e6a7 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -59,7 +59,7 @@ global: # global defaults
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth #,keycloak
+ active: production,dmaap #,aaf-auth ,keycloak
# Notification event specific properties
notification:
@@ -84,11 +84,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -140,11 +140,19 @@ certInitializer:
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-traversal:1.8.0
+image: onap/aai-traversal:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
api_list:
- 11
@@ -241,10 +249,11 @@ readiness:
service:
type: ClusterIP
- portName: aai-traversal-8446
+ portName: http
internalPort: 8446
- portName2: aai-traversal-5005
+ portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
index e605e1886f..9fa6d2ee9b 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -106,7 +106,7 @@ frontend IST_8443
#######################
-#DEFAULT BACKEND 847###
+#DEFAULT BACKEND 8447##
#######################
backend IST_Default_8447
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index c8f3670349..1db4addb5a 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -35,7 +35,9 @@ defaults
log global
mode http
option httplog
+{{- if ( include "common.needTLS" .) }}
option ssl-hello-chk
+{{- end }}
option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
default-server init-addr none
# option dontlognull
@@ -58,6 +60,37 @@ defaults
timeout http-keep-alive 30000
+frontend IST_8080
+ mode http
+ bind 0.0.0.0:8080
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto http
+ reqadd X-Forwarded-Proto:\ http
+ reqadd X-Forwarded-Port:\ 8080
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+ default_backend IST_Default_8447
+
+{{- if ( include "common.needTLS" .) }}
frontend IST_8443
mode http
bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
@@ -88,6 +121,7 @@ frontend IST_8443
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
+{{- end }}
#######################
#ACLS FOR PORT 8446####
@@ -103,17 +137,19 @@ frontend IST_8443
default_backend IST_Default_8447
-
#######################
-#DEFAULT BACKEND 847###
+#DEFAULT BACKEND 8447##
#######################
backend IST_Default_8447
balance roundrobin
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+{{- if ( include "common.needTLS" .) }}
server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
-
+{{- else }}
+ server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+{{- end }}
#######################
# BACKEND 8446#########
@@ -123,5 +159,8 @@ backend IST_AAI_8446
balance roundrobin
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+{{- if ( include "common.needTLS" .) }}
server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
-
+{{- else }}
+ server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
+{{- end }}
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 4b08d10e45..80fcebbef7 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -78,20 +78,22 @@ spec:
{{- include "common.certInitializer.volumeMount" . | nindent 8 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPlainPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
httpGet:
path: /aai/util/echo
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ #scheme: HTTPS
+ scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
httpHeaders:
- name: X-FromAppId
value: OOM_ReadinessCheck
diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml
index a9b3af9301..d93bfc9fd3 100644
--- a/kubernetes/aai/templates/service.yaml
+++ b/kubernetes/aai/templates/service.yaml
@@ -26,16 +26,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort .Values.service.externalPlainPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ {{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- end }}
type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 1cb297078e..1122d63dab 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -202,8 +202,9 @@ global: # global defaults
passwd: AAI
# Active spring profiles for the resources microservice
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
profiles:
- active: production,dmaap,aaf-auth
+ active: production,dmaap #,aaf-auth
# Notification event specific properties
notification:
@@ -213,6 +214,7 @@ global: # global defaults
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
@@ -228,11 +230,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v23
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -359,13 +361,16 @@ readiness:
service:
type: NodePort
- portName: aai-ssl
+ portName: http
externalPort: 8443
internalPort: 8443
nodePort: 33
# POLICY hotfix - Note this must be temporary
# See https://jira.onap.org/browse/POLICY-510
aaiServiceClusterIp:
+ externalPlainPort: 80
+ internalPlainPort: 8080
+ nodeport: 33
ingress:
enabled: false
@@ -373,8 +378,8 @@ ingress:
- baseaddr: "aai.api"
name: "aai"
port: 8443
- config:
- ssl: "redirect"
+ config:
+ ssl: "redirect"
resources:
small:
diff --git a/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config b/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config
index dc0859985e..090aa557f5 100644
--- a/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config
+++ b/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config
@@ -15,26 +15,26 @@
*/}}
# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
+ip: 0.0.0.0
+port: {{.Values.service.internalPort}}
# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
+tls: no
+auth: no
# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
+priv: provide_privated_key.pem
+pub: provide_public_key.pem
# Mysql
-host: {{.Values.config.mariadbGaleraSVCName}}
+host: {{.Values.config.mariadbGaleraSVCName}}
# Playbooks
-from_files: yes
-ansible_path: /opt/onap/ccsdk/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
+from_files: yes
+ansible_path: /opt/onap/ccsdk/Playbooks
+ansible_inv: Ansible_inventory
+ansible_temp: PlaybooksTemp
+timeout_seconds: 60
# Blocking on GetResults
-getresults_block: yes
+getresults_block: yes
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
index f2675b0404..424074aa8c 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
@@ -1,4 +1,5 @@
-#!/bin/bash -x
+#!/bin/sh -x
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index 97df772ba7..789f1b38a1 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -1,6 +1,6 @@
-#!/bin/bash -x
-{{/*
+#!/bin/sh -x
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties
index bf5432163c..24b10bcb89 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties
@@ -9,9 +9,9 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
index 9fa4625049..3b7f02d6f7 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
@@ -22,9 +22,9 @@
###
*/}}
-### ###
+### ###
### Properties for demo ###
-### ###
+### ###
appc.demo.poolMembers=message-router.{{.Release.Namespace}}:3904
appc.demo.topic.read=APPC-CL
appc.demo.topic.write=APPC-CL
@@ -53,9 +53,9 @@ org.onap.appc.db.user.sdnctl=${SDNC_DB_USER}
org.onap.appc.db.pass.sdnctl=${SDNC_DB_PASSWD}
-### ###
+### ###
### OpenStack credentials (these properties also are used in appc-rest-adapter-bundle, appc-chef-adapter-bundle, appc-iaas-adapter-bundle) ###
-### ###
+### ###
provider1.type={{.Values.config.openStackType}}
provider1.name={{.Values.config.openStackName}}
provider1.identity={{.Values.config.openStackKeyStoneUrl}}
@@ -64,11 +64,11 @@ provider1.tenant1.domain={{.Values.config.openStackDomain}}
provider1.tenant1.userid={{.Values.config.openStackUserName}}
provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}
-### ###
-### Properties that are not covered or being replaced from default.properties files. Default value for DMaaP IP is 10.0.11.1:3904 ###
+### ###
+### Properties that are not covered or being replaced from default.properties files. Default value for DMaaP IP is 10.0.11.1:3904 ###
### which is what the Master HEAT Template to instantiate OpenECOMP is pointing to (version R1). All other default values are ###
### left there since these are pre-defined as part of APP-C/OpenECOMP default instantiation with Master HEAT Template ###
-### ###
+### ###
# Property below is valid in appc-command-executor-core, appc-license-manager-core, appc-lifecycle-management-core,
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties
index 1a2b1f6508..0592f8b06f 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties
@@ -8,9 +8,9 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
index 29761a0200..7257d186e6 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
{{/*
###
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties
index 9e76b27acf..fb56680a1d 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties
@@ -9,9 +9,9 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml
index 208315495b..d67e1687ba 100644
--- a/kubernetes/appc/templates/statefulset.yaml
+++ b/kubernetes/appc/templates/statefulset.yaml
@@ -203,7 +203,7 @@ spec:
subPath: org.onap.appc.keyfile
resources:
{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
+ {{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
index 7a3a920087..baf1a760ab 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
@@ -22,3 +22,7 @@ dependencies:
- name: serviceAccount
version: ~8.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
index a3d32a9a03..ea799e2119 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
@@ -159,3 +159,6 @@ management.endpoint.health.show-details=always
blueprintprocessor.k8s.plugin.username=unused
blueprintprocessor.k8s.plugin.password=unused
blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/
+
+#Workflow audit store configuration
+blueprintsprocessor.workflow.self-service-api.audit.storeEnable={{ .Values.workflow.storeEnabled }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index fd5265d2ce..d92f09a4c8 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- sh
args:
@@ -113,6 +113,8 @@ spec:
value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterName }}
+ - name: AAF_CREDSPATH
+ value: {{ .Values.certInitializer.credsPath }}
- name: CLUSTER_NODE_ID
valueFrom:
fieldRef:
@@ -157,7 +159,7 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -191,7 +193,7 @@ spec:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index 71f934fbe5..dc2002877a 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -31,6 +31,17 @@ global:
sdncOamService: sdnc-oam
sdncOamPort: 8282
+ #AAF is enabled by default
+ #aafEnabled: true
+
+ #enable importCustomCerts to add custom CA to blueprint processor pod
+ #importCustomCertsEnabled: true
+
+ #use below configmap to add custom CA certificates
+ #certificates with *.pem will be added to JAVA truststore $JAVA_HOME/lib/security/cacerts in the pod
+ #certificates with *.crt will be added to /etc/ssl/certs/ca-certificates.crt in the pod
+ #customCertsConfigMap: onap-cds-blueprints-processor-configmap
+
#################################################################
# Secrets metaconfig
#################################################################
@@ -48,10 +59,35 @@ secrets:
passwordPolicy: required
#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: cds-blueprints-processor-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: sdnc-cds
+ fqi: sdnc-cds@sdnc-cds.onap.org
+ public_fqdn: sdnc-cds.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.sdnc-cds
+ #enable below if we need custom CA to be added to blueprint processor pod
+ #importCustomCertsEnabled: true
+ #truststoreMountpath: /opt/onap/cds
+ #truststoreOutputFileName: truststoreONAPall.jks
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.1.4
+image: onap/ccsdk-blueprintsprocessor:1.2.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -184,3 +220,7 @@ serviceAccount:
nameOverride: cds-blueprints-processor
roles:
- read
+
+# workflow store flag
+workflow:
+ storeEnabled: false
diff --git a/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
index 523339ca70..3ce24e2e84 100755
--- a/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
@@ -47,6 +47,12 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.metrics.serviceMonitor.enabled }}
+ - name: PROMETHEUS_METRICS_ENABLED
+ value: {{ .Values.metrics.serviceMonitor.enabled | quote }}
+ - name: PROMETHEUS_PORT
+ value: {{ .Values.service.metrics.internalPort | quote }}
+ {{ end }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
diff --git a/kubernetes/cds/components/cds-command-executor/templates/service.yaml b/kubernetes/cds/components/cds-command-executor/templates/service.yaml
index 2301902f56..7540728ee9 100755
--- a/kubernetes/cds/components/cds-command-executor/templates/service.yaml
+++ b/kubernetes/cds/components/cds-command-executor/templates/service.yaml
@@ -34,6 +34,14 @@ spec:
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
{{- end}}
name: {{ .Values.service.grpc.portName | default "grpc" }}
+ {{- if .Values.metrics.serviceMonitor.enabled }}
+ - port: {{ .Values.service.metrics.externalPort }}
+ targetPort: {{ .Values.service.metrics.internalPort }}
+ {{- if eq .Values.service.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.metrics.portName | default "metrics" }}
+ {{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }} \ No newline at end of file
diff --git a/kubernetes/esr/Chart.yaml b/kubernetes/cds/components/cds-command-executor/templates/servicemonitor.yaml
index 79b287505e..101b24a8a2 100644
--- a/kubernetes/esr/Chart.yaml
+++ b/kubernetes/cds/components/cds-command-executor/templates/servicemonitor.yaml
@@ -1,5 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+{{/*
+# Copyright © 2021 Bitnami, Orange, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,8 +12,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-description: ONAP External System Register
-name: esr
-version: 8.0.0
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml
index 12a7fe9b40..0f7b55632a 100755
--- a/kubernetes/cds/components/cds-command-executor/values.yaml
+++ b/kubernetes/cds/components/cds-command-executor/values.yaml
@@ -32,7 +32,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.1.4
+image: onap/ccsdk-commandexecutor:1.2.0
pullPolicy: Always
# application configuration
@@ -66,6 +66,10 @@ service:
portName: command-executor-grpc
internalPort: 50051
externalPort: 50051
+ metrics:
+ portName: command-executor-metrics
+ internalPort: 10005
+ externalPort: 10005
persistence:
enabled: true
@@ -97,3 +101,19 @@ serviceAccount:
nameOverride: cds-command-executor
roles:
- read
+
+metrics:
+ serviceMonitor:
+ enabled: false
+ port: command-executor-metrics
+ path: /actuator/prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ .Release.Name }}'
+ heritage: '{{ .Release.Service }}'
diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml
index b7338f88aa..c7a2734a8b 100755
--- a/kubernetes/cds/components/cds-py-executor/values.yaml
+++ b/kubernetes/cds/components/cds-py-executor/values.yaml
@@ -30,7 +30,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.1.4
+image: onap/ccsdk-py-executor:1.2.0
pullPolicy: Always
# default number of instances
diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index 4a67317298..fd15bd0ecc 100644
--- a/kubernetes/cds/components/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -29,7 +29,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.1.4
+image: onap/ccsdk-sdclistener:1.2.0
name: sdc-listener
pullPolicy: Always
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index e91e999259..f579cc358d 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -44,7 +44,7 @@ certInitializer:
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.1.4
+image: onap/ccsdk-cds-ui-server:1.2.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml
index e2ce84d0a3..2394a6700d 100644
--- a/kubernetes/cli/requirements.yaml
+++ b/kubernetes/cli/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 735308754f..0a3f967eee 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -75,6 +75,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: lighttpd
configMap:
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index 4dcee4568c..28d227645a 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -126,3 +126,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cli
+ roles:
+ - read
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index c01d7c6d57..4dcebc8883 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
set -e
@@ -71,7 +71,7 @@ if [ "$1" = 'cassandra' ]; then
start_rpc \
authenticator \
; do
- var="CASSANDRA_${yaml^^}"
+ var="CASSANDRA_$(echo $yaml | tr '[:lower:]' '[:upper:]')"
# eval presents no security issue here because of limited possible values of var
eval val=\$$var
if [ "$val" ]; then
@@ -81,7 +81,7 @@ if [ "$1" = 'cassandra' ]; then
done
for rackdc in dc rack; do
- var="CASSANDRA_${rackdc^^}"
+ var="CASSANDRA_$(echo $rackdc | tr '[:lower:]' '[:upper:]')"
# eval presents no security issue here because of limited possible values of var
eval val=\$$var
if [ "$val" ]; then
diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh
index 7f271d262f..0df2d79fc6 100644
--- a/kubernetes/common/cassandra/resources/restore.sh
+++ b/kubernetes/common/cassandra/resources/restore.sh
@@ -20,25 +20,25 @@ find_target_table_name ()
print_usage ()
{
- echo "NAME"
- echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
- echo "SYNOPSIS"
- echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]"
- echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name"
- echo "DESCRIPTION"
- echo " --base_db_dir, -b"
- echo " Location of running Cassandra database"
- echo " --snapshot_dir, -s"
- echo " Snapshot location of Cassandra database taken by Nuvo/Cain"
- echo " --keyspace, -k"
- echo " Name of the keyspace to restore"
- echo "EXAMPLE"
- echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567"
- exit
+ echo "NAME"
+ echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
+ echo "SYNOPSIS"
+ echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]"
+ echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name"
+ echo "DESCRIPTION"
+ echo " --base_db_dir, -b"
+ echo " Location of running Cassandra database"
+ echo " --snapshot_dir, -s"
+ echo " Snapshot location of Cassandra database taken by Nuvo/Cain"
+ echo " --keyspace, -k"
+ echo " Name of the keyspace to restore"
+ echo "EXAMPLE"
+ echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567"
+ exit
}
if [ $# -eq 0 ]
then
- print_usage
+ print_usage
fi
while [ $# -gt 0 ]
@@ -47,40 +47,40 @@ key="$1"
shift
case $key in
- -h|--help)
- print_usage
- ;;
- -b|--base_db_dir)
- base_db_dir="$1"
- shift
- ;;
- -s|--snapshot_dir)
- ss_dir="$1"
- shift
- ;;
- -k|--keyspace)
- keyspace_name="$1"
- ;;
- -t|--tag)
- tag_name="$1"
- ;;
- --default)
- DEFAULT=YES
- shift
- ;;
- *)
- # unknown option
- ;;
+ -h|--help)
+ print_usage
+ ;;
+ -b|--base_db_dir)
+ base_db_dir="$1"
+ shift
+ ;;
+ -s|--snapshot_dir)
+ ss_dir="$1"
+ shift
+ ;;
+ -k|--keyspace)
+ keyspace_name="$1"
+ ;;
+ -t|--tag)
+ tag_name="$1"
+ ;;
+ --default)
+ DEFAULT=YES
+ shift
+ ;;
+ *)
+ # unknown option
+ ;;
esac
done
# Validate inputs
if [ "$base_db_dir" = "" ] || [ "$ss_dir" = "" ] || [ "$keyspace_name" = "" ]
then
- echo ""
- echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
- echo ""
- print_usage
+ echo ""
+ echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
+ echo ""
+ print_usage
fi
# Remove commit logs from current data dir
diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index 6df7505e7b..fa3de03ece 100755
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -22,6 +22,7 @@ WORK_DIR=${WORK_DIR:-/updatedTruststore}
ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+SSL_WORKDIR=${SSL_WORKDIR:-/usr/local/share/ca-certificates}
mkdir -p $WORK_DIR
@@ -37,10 +38,10 @@ for f in $CERTS_DIR/*; do
# Dont use onap truststore when aaf is disabled
continue
fi
- if [ ${f: -3} = ".sh" ]; then
+ if echo $f | grep '\.sh$' >/dev/null; then
continue
fi
- if [ ${f: -4} = ".b64" ]
+ if echo $f | grep '\.b64$' >/dev/null; then
then
base64 -d $f > $WORK_DIR/`basename $f .b64`
else
@@ -49,8 +50,7 @@ for f in $CERTS_DIR/*; do
done
for f in $MORE_CERTS_DIR/*; do
- if [ ${f: -4} == ".pem" ]
- then
+ if echo $f | grep '\.pem$' >/dev/null; then
cp $f $WORK_DIR/.
fi
done
@@ -67,7 +67,7 @@ fi
# Import Custom Certificates
for f in $WORK_DIR/*; do
- if [ ${f: -4} = ".pem" ]; then
+ if echo $f | grep '\.pem$' >/dev/null; then
echo "importing certificate: $f"
keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
if [ $? != 0 ]; then
@@ -76,3 +76,15 @@ for f in $WORK_DIR/*; do
fi
fi
done
+
+# Import certificates to Linux SSL Truststore
+cp $CERTS_DIR/*.crt $SSL_WORKDIR/.
+cp $MORE_CERTS_DIR/*.crt $SSL_WORKDIR/.
+update-ca-certificates
+if [ $? != 0 ]
+ then
+ echo "failed importing certificates"
+ exit 1
+ else
+ cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
+fi \ No newline at end of file
diff --git a/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
index 17b051268f..4a92325b19 100644
--- a/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
+++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
@@ -1,208 +1,595 @@
-/u3+7QAAAAIAAABrAAAAAgAYdmVyaXNpZ25jbGFzczJnMmNhIFtqZGtdAAABVsJJxYQABVgu
-NTA5AAADBzCCAwMwggJsAhEAuS9gzIifoXpGCbhbcGyKrzANBgkqhkiG9w0BAQUFADCBwTEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQLEzNDbGFzcyAy
-IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxOjA4BgNVBAsT
-MShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAd
-BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswHhcNOTgwNTE4MDAwMDAwWhcNMjgwODAx
-MjM1OTU5WjCBwTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYD
-VQQLEzNDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
-RzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAKeIASF0LOcaA/CY4Zc8DyEI8Zzbl+ma/MIEBhO+X1LIzB4sElYs
-uAFpLMyZH62wlq55BPITOcF7mLoILOjChBMsqmnpCfTHqQKkQsIjT0rY8A6i+zFsyeZvmScH
-9eb0THiebetGhvq5hslU8rLEr9RGHFrJFTD/DWz1LQ5tzn93AgMBAAEwDQYJKoZIhvcNAQEF
-BQADgYEAci75f9HxcfvEnvbFXlGKQJi4aPibHIPY4p29/+2h5mbqLwn0ytfqpSuV9iRghk1E
-LoOlxC2g0654aW9y2myuCPBjkjfmu8QwF613zEk1qs/Yj9G+txiWR3NqVCI0ZC22FptZW7RR
-WTqzCxT0Et9noPStMmResUZyJ4wSe8VEtK4AAAACABlkaWdpY2VydGFzc3VyZWRpZGczIFtq
-ZGtdAAABVsJI3zgABVguNTA5AAACSjCCAkYwggHNoAMCAQICEAuhWvod36C1SUSvzSSgbOww
-CgYIKoZIzj0EAwMwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
-A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBS
-b290IEczMB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFowZTELMAkGA1UEBhMCVVMx
-FTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIG
-A1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID
-YgAEGee8rERl7c24P1j7jbFXqUQtBRXy7wv/EHSftWJSX2Z+H+XcG0V5C8zGUwqdjV0C2alZ
-3gJa9pUqDo04SopJxrzGAzgHX1Xafglu4n9e0EUgD1l2ENagJPAt3jbybCk5o0IwQDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUy9C9qeGYBVGhTTeig3nO
-jR0q5IQwCgYIKoZIzj0EAwMDZwAwZAIwJaSBRQJrEkt1dE/II+Nw8nVy3nyJ8M+RcmGeXhCS
-WVa5g8cQ5zjpWCY2fdXkNIY5AjB8NlPwMOViYzqZ4rajO5s0+h7aEJJxXpETp92kbpLMMtb1
-IWbHL+qWY2plRZKVAbQAAAACAB12ZXJpc2lnbnVuaXZlcnNhbHJvb3RjYSBbamRrXQAAAVbC
-SX1uAAVYLjUwOQAABL0wggS5MIIDoaADAgECAhBAGsRkIbMTIQMOu+QSGsUdMA0GCSqGSIb3
-DQEBCwUAMIG9MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVu
-aXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMjAwMDAwMFoX
-DTM3MTIwMTIzNTk1OVowgb0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j
-LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDgg
-VmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE4MDYGA1UEAxMvVmVy
-aVNpZ24gVW5pdmVyc2FsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYTdesQE022LXFZv/WFqMIyPWYI6R15CYg3rmWBk4
-jMX25WSFtKJx++29udrNTQC0yC1zpcdpcZUfOTyyRAec6A76TUrEId8pYY8yImGCxYcfbox8
-XxYgUUTRcE9X6uMc48x57ljYDsKzRZPALOeaFyt7ADd6QTN44TPi8xAaf4csvvb190Li5b+H
-YolfAEvfxd3kdUQyQToecW5pywt1RgjRytIrldDP+7lAa2SMV038ExF5hO1eVPY0nwgB8xAl
-BhdK2vEdemZrmGBmpNnv0i6C8fDvCepEyRVq4gNuM9Osn1UAx/YIapS5X9zgM/GEYPlbJxG0
-/Bbyu1ZqgCWNAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-bQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XT
-GoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5n
-aWYwHQYDVR0OBBYEFLZ3+mlIR59TEtXC6gcydgfRlwcZMA0GCSqGSIb3DQEBCwUAA4IBAQBK
-+PiwA+YsZ3vklHdjzG5M+X0ODdzIuTW5cE9j+iT6bIOMR507Y/Oa+XYylZGxd7ysmr6x5DEh
-xoGVVloOscLUsaZZrPFjy7hMHVmQSu+QFigfWq4Q+4FQOAxszPE9w/Vj47PjIckkOen9FWZG
-9BsR0E1zo31G+T3tqF9i1PE/+OB0VysYnYG0xCjalJelcOusHb4HEfDV293ljPDVMrCD5lfi
-j7++oaq/PR211Djq17BcOk9qP4/AZmxjqunZpBb0gdGVFA59zZU02dKPcHOBe5x+vZhh2EWH
-mJDF64YwxjW/8P/DVYiDS+8FkgZx8riYk7fszYJh8TjmT5eYKlqNAAAAAgAbZGlnaWNlcnR0
-cnVzdGVkcm9vdGc0IFtqZGtdAAABVsJJT9kABVguNTA5AAAFlDCCBZAwggN4oAMCAQICEAWb
-G1eejiEy4jkHvad3dVwwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoT
-DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGln
-aUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFow
-YjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp
-Z2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLh
-Kac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZ
-VXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs0
-6wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcva
-k17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8
-IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9
-WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz
-2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOk
-GLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnf
-fEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEA
-AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOzX44LS
-cV1kTN8uZz/nupiuHA9PMA0GCSqGSIb3DQEBDAUAA4ICAQC7Ydl9qWy+F8SRG8OhogCN42Ro
-D1bPd65w+f2aSpm5yXhcDAxf5OYUKVYLNkldRGPgrZyWGGYbIw09eelta9ZU+NI8wUNArh1Q
-9VL8kDu7mJlpa8fBp6hopCfcnfknrjCFufZnTTo+j1k5IlNE68hdA8rtUHp9YiEKgMhzZtGg
-BWBf6KW0p6+o9201nHxaitaiOJnzeIv0TdIgC94E7oybR4FyDcAUMu8wWS6u4HHyVuRql2+S
-UG2WjWh6mrI2FHoG8iS5CRFQ1wixuIl6hCNhQinlo82iIEHX0Zxk2eomoYsU10wZslBBcT0/
-TXAjhgxK3IHSzDKUhA0ICZccT8DuayB0MNLgOTQQhSEVAQjoVTLecUnZKBdQTea+TdF1rNDK
-+0G4Q6Wq08MFRE8sNpvi+uJFuCNTbAZvZ1V/RrVMP24oWnkm0qSoYpfSHuLtSou8G/1HSg3f
-Z2Z+sltB0Dvk9Dv0BGPp78JUAFGgiirJznjM1eqHBBizzq9JiK/zkpm2s+ZhD9KFAOdQGuQb
-lZ0ZobmcsZuxAB7v0A9PQmzJCrzuQ/o6caXITSalNf2JXbyFYh0y0qArVO2aV8Hb+hDPGbeL
-ShuPAbYnlVPotoltW7xo1CPoi1GiVvnwpoCg1h6zvA8PU3UpquoTd+TejIEhrQcQRxGthz0H
-0XW8z/NmfgAAAAIAGHZlcmlzaWduY2xhc3MxZzNjYSBbamRrXQAAAVbCSfnFAAVYLjUwOQAA
-BB4wggQaMIIDAgIRAItbdVaEVIULAM+vOEjOsaQwDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNV
-BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
-c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0
-aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMSBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2
-MDcxNjIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf
-MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVy
-aVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
-Z24gQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcz
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YTUubT5p9jzBHic3j3cbBMW2Xrd
-JFFmwMcmWQ2sBgjClNEzH/CDNR9uG8jeqm4VTlQn78RtGuwL4w7wRKVXx0BYHqNHH3HsYPZt
-lMgYOe3+QhhW3+RMSRB4TgF2NWMSNt1mvAEENqNVaNWiNgmsqyEmVAatP8oU4KzKrQYdleL4
-nfHgYP/Cf3UrTMza/oeZIeq6/j5U19JZeNs8bs+gEwAauCeh5L5nlsqgxbOc3cl1nuswml+j
-zdmueBk/I+lc2ym9rVXIG1SMY/bopurHNxJcoykeAtnbHzu01w9WR4EVBEqvgyfRxViIwd32
-qqejGNpoqm0RUeG/ZWuflnbRPQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCrZo3Xs7rHmrbm
-VdAF8Z8xjVqq2apGJg9x7aWtU1ZiAUcqROn+P3QLE5u59E0bstFfsrbSiFyzn83L1KfZYJWE
-OvjBNx1hyuewxeWR2lSmrDGBrpfezQisuMCXgH9ucqTnaROVZR/Ekzz9eY8E1D5P6veezs1n
-fE9lAv+RhVRzx/8294Yt7NBeT/8Rn3IG1rga8UwNJmXiRIAex5/j3egK2uylIIBpaKFPfuFr
-zwdB+oOOvDjdsC4RsWuyQsyavPlIInlKGQ+yHD4gdNlqw77yKHgTVnlPbVDqG7C1V7E3Zlgj
-89wP3wqHxO+GBdU4FGCZo0veBpZxLPLbth+k7z/uAAAAAgAXaWRlbnRydXN0cHVibGljY2Eg
-W2pka10AAAFWwkjoQQAFWC41MDkAAAVqMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAA
-AjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSow
-KAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1
-MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0
-MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7ekosMSqMjbCpwzFr
-qHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6Hi9e28tzQa68ALBK
-K0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdY
-WuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3Lv
-dYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZ
-ZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
-ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V
-GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctsc
-vG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKi
-q3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQAB
-o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43Hgntin
-QtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiH
-VIyqZJnYWv6IAcVYpZmxI1Qjt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4J
-aj0z8yGa5hV+rVHVDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0f
-b7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G
-lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqy
-mm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4DfWN88uieW4oA0beOY
-02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5+bl53B/N66+rDt0b20XkeucC
-4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0
-s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dx
-VJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLat
-t8o+Ae+cAAAAAgAadXRudXNlcmZpcnN0b2JqZWN0Y2EgW2pka10AAAFWwkkumAAFWC41MDkA
-AARqMIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCBlTEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwG
-A1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0
-cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3QtT2JqZWN0MB4XDTk5MDcwOTE4MzEy
-MFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UE
-BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8G
-A1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0
-LU9iamVjdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZUR
-nicPHxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLOKqJd
-hwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo5hy485RjiGpq
-/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+pKvEHDHd17bR5PDv3xaP
-slKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehbkkj7RwvCbNqtMoNB86XlQXD9ZZBt
-+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUCAwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYD
-VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDsw
-OTA3oDWgM4YxaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0
-LmNybDApBgNVHSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZI
-hvcNAQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujwNTX0
-0CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXBmMiKVl0+7kNO
-PmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU4U3GDZlDAQ0Slox4nb9Q
-orFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK581OtbLUrohKqGU8J2l7nk8aOFAj+
-8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyRUh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8gA
-AAACABlnZW90cnVzdHVuaXZlcnNhbGNhIFtqZGtdAAABVsJJG3gABVguNTA5AAAFbDCCBWgw
-ggNQoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl
-b1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTAeFw0wNDAzMDQw
-NTAwMDBaFw0yOTAzMDQwNTAwMDBaMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVz
-dCBJbmMuMR4wHAYDVQQDExVHZW9UcnVzdCBVbml2ZXJzYWwgQ0EwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCmFVWgo8bgH4ydIVDXwb4rW7WknqHZcli9ABtMv2HJFB1FgqvG
-HYDWPesQnDqvbST4vHEBngb1fF8ewQ5VyoOaWTCuGcswSJXtIjeN9EqacmY+rZXA4BYA4BAf
-KzEO15RU00IzoDQdHkV23U/KGDfshRV6GQj81cec8PKpLhCpkuY9WD2pFmg8L3UhGH8od6Xh
-YRe3pun4Hpnbc270CqIhbO7aqoWSZq/2emuC2roiCDUPz0LxNfpq7n4rJcw6EeRtr3Oydh2t
-0LJ4ZxqkORxRC2dWg/04XQ3O3fC7K5Yf3nsyUv0du7UGobIhXqXWlWh/8Jme3EUIPufSCQ01
-lN2ATlOX17UJRCBkFhcDAkxTDWje1apyTZNtgg7bnL3PtPNcXVR6aQmW1tsRwY11qLTPOcjO
-PLwkfOZiyuG9fae9V2UL5P4l7bZpENwoGka9AR3Ql7XhmDvAN2TWPZTuC+H1KK4LVr9xiyMp
-QY6GxUtSe9hxqx+KFaY7g1rXWAFRxkxB2X/YQWdyoijfYIOpnsh7/FNzcln1k3oXdg7O9+Vc
-2QtVNKKqW7VqVOcTylfsl230XgYvRYtY1CMWkuQWbihjWTDfUAGcY4kan9sXlIJwN8MknppH
-1lrKTqhpiXIfkWzbfp4brccfc90sTxll/X+TQBAu0vDtPJ4uKD5pJjPFewIDAQABo2MwYTAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTauy6qsAy4iCZRdFxtA9PA2I961jAfBgNVHSME
-GDAWgBTauy6qsAy4iCZRdFxtA9PA2I961jAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF
-BQADggIBADF45se137iUQMlxxKg17EYdwoXzKFiGsAv8jrI5j0RVq2SEXGmp0Jo4PPrlHzXl
-ROOAeZRopLvEnz3hNM0wRotUK5Wl7/c/mYT9NebPMcbcar+n1yMI4Zhew1oIdqmmr3cvt2C9
-REZq75f/c5XBjuiT+/0xt+xXERFFmzDxGog5wU88pwDVx/yrbYAicKUM4F0EKQL7y6CR0XzW
-w35Q1Z1YvkE467l1PBXZm8lKg1nA2lP9M7s2GJuFDxXd7i2sdpO52QGNSBCo+/U4hvHbCsa9
-hKMjQd7Wd2+F1IUcUOCuUYq6jT524rnKJ/Jfn+9uWQ0G2CsXpNJ8a7tfFBpIjxpM57NHHI5M
-RSsg7kjf590Jjhio2kCNkiYRU2FzXeu958RNKTdh66w5LWcuFtb1AIOFocx/dsR95LdLZu8D
-RWBptgxSlpKEXqajtaQ+K9nM2BtHqvJE2k/5A+jwFMs/84Pe0MFU47foCjdNiyBZAzAZoSzI
-vREf367JSsXzJ2Zmhqxokf/Z5lMcD4tcaWUKJsgeNMNdUXvXqZwGoTbd1YmUvNnkLQxeCWwI
-l3yjPXyT/z+hFKfPtV3r29scxHbfiLm9RQWVG678RmpMr0jjzq4P0n7r5mycT4FqemSsuz7V
-58t2LsWnSMFckA/LyD/65jLhjRtvpOaO2PkpSIrOc/4sAAAAAgAaZGlnaWNlcnRnbG9iYWxy
-b290ZzMgW2pka10AAAFWwkkPcwAFWC41MDkAAAJDMIICPzCCAcWgAwIBAgIQBVVWvPJepDU1
-w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
-SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
-YWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT
-AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
-IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID
-YgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6OYwwX7Adw
-9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
-Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj
-+Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqp
-isXRAL34VOKa5Vt8sycXAAAAAgAcZGV1dHNjaGV0ZWxla29tcm9vdGNhMiBbamRrXQAAAVbC
-SSebAAVYLjUwOQAAA6MwggOfMIICh6ADAgECAgEmMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNV
-BAYTAkRFMRwwGgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVT
-ZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAe
-Fw05OTA3MDkxMjExMDBaFw0xOTA3MDkyMzU5MDBaMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQK
-ExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVy
-MSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKsLozXgiykUsRSFrzwQ5DlvNV1Krt3qYY2VSfRvZKMaYGakqUAi
-hNnUpeV4kw5oAa25TVw6ztO4qEJA38+juoJZapIbrBya2ggrJSf5aSNH8eDrLHqb9RMC0H40
-fMKePABZq/XaDPUyPCusUNrWw96DlMqoDJkyDghIVltq+9rhWFgBSV9yQTwVBgGOXa2quJO0
-zZ7rp+hqLVI02zrvXHVR2tvzMfnucZgyxFQVRAz5m1Xtrd8YCKCjhopJ7lMFjxlM1d5YeZvS
-ahxCq8XVp89oD5bk4WGYdmHIkXzWPgDikVCH4Z0K5q2X0h3GOn3LvNoDNNWOWwH1age3FrZu
-Sn8CAwEAAaNCMEAwHQYDVR0OBBYEFDHDeRu69VPXF+CJei0XbAqzK50zMA8GA1UdEwQIMAYB
-Af8CAQUwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCUZFmtOWTnKesT/lrD
-ixNXyAQk8HR3wGDjZ/vpiaaDv5aCfG7Uwz3vnoBuuym0mHqxO1TrORdHfhqOC/wfMVkxBLLO
-F/Msx2I2VeIi2IlVtJhIqmT61hw22ER4WlojOleX9XowT66fakxLK46gA+M+4KnU0nvSs6ji
-cjytnv+AWeSbRbT2O7DNORmYMuXqIWGQ5DEhjjSx9y81SoUQ2ueKNyG+WWPg8oWIMVPUVBSF
-cHn0LgZ3J3UvH7iK+f7Futg25IPs52W3v2Na80avgZQ31EGM1iPWHs/1aBtEY6Jauqc1WaHl
-cAWbDiNXmZQKbbo5YyiGkvMYhNj70c8FVmRXAAAAAgAWZW50cnVzdHJvb3RjYWVjMSBbamRr
-XQAAAVbCSWH7AAVYLjUwOQAAAv0wggL5MIICgKADAgECAg0Apot5KQAAAABQ0JH5MAoGCCqG
+/u3+7QAAAAIAAACBAAAAAgAXZGlnaWNlcnRhc3N1cmVkaWRyb290Y2EAAAF8EFmtSAAFWC41
+MDkAAAO7MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln
+aWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYx
+MTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
+aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy
+dCBBc3N1cmVkIElEIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt
+DhXO5EOAXLGH87dg+XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qP
+kKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5
+a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5
+yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4GA1Ud
+DwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd
+823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOC
+AQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lF
+WJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJ
+Kusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5Q
+Z7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8gAAAAIAFWFuZnNl
+Y3VyZXNlcnZlcnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAABfMwggXvMIID16ADAgECAggN0+O8
+bPlrsTANBgkqhkiG9w0BAQsFADCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF
+UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYDVQQLEwtB
+TkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTAeFw0xOTA5
+MDQxMDAwMzhaFw0zOTA4MzAxMDAwMzhaMIGEMRIwEAYDVQQFEwlHNjMyODc1MTAxCzAJBgNV
+BAYTAkVTMScwJQYDVQQKEx5BTkYgQXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xFDASBgNV
+BAsTC0FORiBDQSBSYWl6MSIwIAYDVQQDExlBTkYgU2VjdXJlIFNlcnZlciBSb290IENBMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2+trK+ZkVJWCkKNypBkBnZwLgV9zSbqn
+rPMETnuWC+wR4FumHM4b0g2DHCu4nh1+RTJgDwfpd1h+n2rIYU62JsFMjf9M7zSyH2XYuXj1
+ralxue9PWB2l3nQgl6HtaEzekhdLvKv/ZZqe+0fZV3LzCaGudkQTbpwtRDm8+cc7pFg9Qb20
+wkmjyA3Sly8HZVIAp27Ir2js9BSWtlcfVsM5nytt5PM+9jVk2gwcoYRLL0tL4iwknW2TQOu1
+I44yym9F06iJex7PHvpbQ4vNzagPasoMXrmeR4/w2bYKC1hlFzO5I+R3GX3LSi6Se08vEHex
+jS9onGLM4FD47JGnVExXCdV2Y8XoZR7ubWrPCZ36fE+tYAj9VpkPFSx7qYCrjGGPSgd2Qt49
+9N2yJDNbuLWjRMmsf3c8HSPsgqmm4sgGTAL+rFyZmQsvEIqm9H/Vh3QNWUlF9vBxXDkp1r9K
+I4v1XwFj0odzKLVLCvX4q4IsfnMlMh0LYwoXgQD/tnZe57SxQMohu9WAUeVIUmcs0mGJBw0P
+zkJ3wERznERQoNsQCi2VHIGv5BzlFB7xNkEBAi99c6feQsxM6YkNVvefkdQDxmzJj9vYHOBA
+mF1mmZiAbi3/AcXOy0YfrALGQ+auooQ8xU4ePW3JFEzjLkG7yjm/NjwqGapBh06lzksyed2Q
+SX8CAwEAAaNjMGEwHwYDVR0jBBgwFoAUnF/QbGOjX5PKk5gIrYyHpSxcwTcwHQYDVR0OBBYE
+FJxf0Gxjo1+TypOYCK2Mh6UsXME3MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4ICAQBOHrmKxqCYP27DacBqXElSrMsrXXg4wdVUhJ+T8IcZPSxm
+iesNQvzM8HWFP4v0gF155RdnvTWC4vI8jn1bNstagAAp8s4rLPGPqm0Fk2xyx1br31AjKOVF
+ED3oZ6OvDlUPkAli70tZovZT8cA15C/BJL15L04gIjv9GiCwpA4scO10P7gTlQZRyOiHJsqk
+W2oWIZLdc2CeEBjePIHq6BjDfInyi1A+vRHiFQOoNn0zAWxIFdeIkJkExczmB/S89JDtE+Lq
+i8OPozMPwSlME07aFVZxc3KCUPaaM3yisagaNHRlXM7R66tT4BqA2Oo6SeQmMJvlHIqoqRUy
+hpmSChAjVhLg9s5M4ru+242ScwFmL2I+snInRTbtTVbjl5n/OjU+pVRKUllLYNvu/ngRf0rc
+FHlgtmtkA9sVg+GivvYjl1DwCTM2p3GWJfO5Qn3bOD8sWKzoQuEO2NM7TC6C6YMuazHZ3UeG
+T22XkS5P4ihxNRbR8nP+JSsHRyRjJ8j49tlr/BIxVgjAU0KvnNAzfvwG8DFEAxTxWOryag2p
+EbKDvsUavwfqWdyjiDXvnHYyPE0GIs4V5d2e2I/a3tLEOeUXgc84R+t/iG1ZG9+fQhSufs+o
+sGZl2jevn6o96ii23tUxWBaCW+q7GXUCcxrKSBohk5AKjpOEp307IxiSiaCNrAAAAAIAFWFm
+ZmlybXRydXN0Y29tbWVyY2lhbAAAAXwQWa1IAAVYLjUwOQAAA1AwggNMMIICNKADAgECAgh3
+dwYnJqmxfDANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJt
+VHJ1c3QxHzAdBgNVBAMMFkFmZmlybVRydXN0IENvbW1lcmNpYWwwHhcNMTAwMTI5MTQwNjA2
+WhcNMzAxMjMxMTQwNjA2WjBEMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3Qx
+HzAdBgNVBAMMFkFmZmlybVRydXN0IENvbW1lcmNpYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD2G09nByuhFfUGIssfAbLjc0UGREksu0klFNbOw7erLE/GQTKUV/oSp1sO
+4o8fHoYZp6q1LblfDYrCr4U1eTItuxxiN/KxW0o9ys1xX+lCvpToyN75IkhkxuWrxittrQXw
++tULz5rl8FCkiztHpSNbenr4Mz+475mX4yDB1iiJz5T7uUXt40AXEdR08Asx4ismaptMV66s
+ID66RXoF872baRWufU4gY8Q1djoHAsk3/cdH7ujxdh1zFfKXpLXIennZQqorf1z+ziZPo2aB
+Na9EulQeHDAyZZ3mPJNeUE564zrUbswa+/nSN64kKqtXAyIoDUl1f7co2nW/juPcDnkxAgMB
+AAGjQjBAMB0GA1UdDgQWBBSdk8ZTi17Krz+fHg/lmZW8JPaUjzAPBgNVHRMBAf8EBTADAQH/
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAWKz0BA7NwA3/Cv3UuhZfKb17
+aJlYSdK0HTdNfyd9RgZdQ8aGLj5zsiZ9T5OptsQqmqshlxSx3ozTq4kV2Gsk1PEWrtikXNR/
+UY7tGAGxk2O9vPhhgJqesc5CcOKpfQYlfSeh/m/ssx4k2uNLVRoAOzW0O9nXXTD9gROJ8sIG
+K+1nxI7JQ7JcaxWJArxi/E7ytTOqsm/TCqJQ4/Y76C5EwttmOKkzVkjxbRszjQ2MP2A3ndPK
+bX40fg2fcnaLG59y/VI1QUUCli8csppzSSGxSUdFR7TvajQRyU2azFm31gKeWk5ltZSuG98p
+sBbxvwCeBzoXZLUEtSMhmQqVO5d87wAAAAIALHRydXN0d2F2ZWdsb2JhbGVjY3AyNTZjZXJ0
+aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAACZDCCAmAwggIHoAMCAQICDA1q
+Xwg/KFw+UZXfXTAKBggqhkjOPQQDAjCBkTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlu
+b2lzMRAwDgYDVQQHEwdDaGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIElu
+Yy4xOjA4BgNVBAMTMVRydXN0d2F2ZSBHbG9iYWwgRUNDIFAyNTYgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMTcwODIzMTkzNTEwWhcNNDIwODIzMTkzNTEwWjCBkTELMAkGA1UEBhMC
+VVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMSEwHwYDVQQKExhUcnVz
+dHdhdmUgSG9sZGluZ3MsIEluYy4xOjA4BgNVBAMTMVRydXN0d2F2ZSBHbG9iYWwgRUNDIFAy
+NTYgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR+
++2zmI+NzMgjKYOZTnLp0jRiweJBSgN04wEod0ajMk6SXBjjKDRVixo4BKmWdqt80kS6BweQz
+kjHE/Qk6pj+to0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0O
+BBYEFKNBBqyQbdFK63WlShCZs7Ghi0r3MAoGCCqGSM49BAMCA0cAMEQCIAfmVNoOoFqyrhGf
+h8W2/2neJb74oLcI80TOKt8IIQw3AiAtJgOgBb1r0fZc+GXMhm2znDRIY4QJxY13GuLMnOF0
+ewAAAAIAGXQtdGVsZXNlY2dsb2JhbHJvb3RjbGFzczMAAAF8EFmtSAAFWC41MDkAAAPHMIID
+wzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVt
+cyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMw
+HhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNV
+BAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lz
+dGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNz
+IDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4
+t/zN8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyT
+PWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMz
+VNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNz
+kQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIx
+O0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsF
+AAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp
+4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3
+wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT91Q+
+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuImle9eiPZaGzPIm
+NC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWwAAAAIAGXQt
+dGVsZXNlY2dsb2JhbHJvb3RjbGFzczIAAAF8EFmtSAAFWC41MDkAAAPHMIIDwzCCAqugAwIB
+AgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVt
+cyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAx
+MTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVz
+dCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nz
+HoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTN
+uUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzp
+esVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfF
+mPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14
+np+GPgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOi
+YQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q
+/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO
+4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lD
+fMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6FuwgAAAAIAH2NvbW9kb2VjY2Nl
+cnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAKNMIICiTCCAg+gAwIBAgIQ
+H0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
+EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RP
+IENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZ
+BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlIL
+Bs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8v
+CVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nT
+eTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA
+7wNbeqy3eApyt4jf/7VGFAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8
+SaczepBGR7NjfRObTrdvGDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdYAAAACABRzd2lz
+c3NpZ25zaWx2ZXJjYS1nMgAAAXwQWa1IAAVYLjUwOQAABcEwggW9MIIDpaADAgECAghPG9Qv
+VLsvSzANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWdu
+IEFHMSEwHwYDVQQDExhTd2lzc1NpZ24gU2lsdmVyIENBIC0gRzIwHhcNMDYxMDI1MDgzMjQ2
+WhcNMzYxMDI1MDgzMjQ2WjBHMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFH
+MSEwHwYDVQQDExhTd2lzc1NpZ24gU2lsdmVyIENBIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDE8Yd/03gx9zjJ+MOZQ7zH97w3505xukuPpXMdXG6YrgNXrjg3Qy8X
+PR/IzmgQwXiuGQMrEPoseYP26LlouVXyBESnOfn8BIse8aJNJ/lhe7q35aITtuthPtBs0eb7
++l7tHbSeoDVboZLL8EmS/oUKBT7m2QviT7vclTf8kekyNSLRHzpOJ4WdsBWUMtphDUdNYEKu
+kkfog1pQWOmKi7ldodzdmUofNme7SOSDtjfrSDqvD2ePFwfoBMrvajGH1MC2+ZRxe2dkuLaR
+SkJ7ZS4wagz1kO6V5vLNguzZoUrs9rJL5UWF5m14kwQunIJtNqnEMWQfhoMLKvQ1CnjJVc9B
+sEfpMJ+ZvmGoBoS5KHpfONkbqTiwg39zwcM7SCqCDyGbuMyoNcOEG4OzPr6klWkBOokAeATZ
+yfSZGatWfluLhjkVkaQQLAkygGCzk8AqthgLnX6NSfIQSn/51UYvGZKjmacmrLuMPOYOvEcH
+3HNR8XBkLwj5tEcdMGxE6ik3hZJoZryDOP57OS7TUPAf+15gtqmm+idB8ZsYcvL1hHRKyWfE
+VK5IZN+M0W6wHeEHjwgemZxx6UzYpfdHEh900VGehvPCoiNAC3PbS6bncwaMwaDpwVmsRvrm
+L/jPcZxGbbnEFY04eQNFSO/EXdcI7oc5IoayDQ9YQ/dxqUgu/erWHwIDAQABo4GsMIGpMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXoM3B5EG2Ols7y0Wd
+vRzCmPqGWDAfBgNVHSMEGDAWgBQXoM3B5EG2Ols7y0WdvRzCmPqGWDBGBgNVHSAEPzA9MDsG
+CWCFdAFZAQMBATAuMCwGCCsGAQUFBwIBFiBodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24u
+Y29tLzANBgkqhkiG9w0BAQUFAAOCAgEAc8aB4CfSLQ/glTDimkF/UCxfX2JhqYZqaRgMdEnW
+XYTqQVIYb1itUFYgasa9KGlYkdyRETWpOh28GqVgntgff0WRadl+u3hywQYPKs6PhXBhrKDN
+C7g5KVaEMk6Guz3EKtnXH3Lu/lGhIkGxcQJjGoKwYqteVxIf38vddaDAXXmQjBvgUObeMf6Y
+e3BfpZDYrfgCtm/TYN1ASyLFPa06ep8aGkeReTO6gtwyaQOWbh9L8HH+42dyoLG/XIvk+pki
+x4S5G40jlz/tJeDPZbv1YQTv3R6yWkEiWqGfXSzoW8ltqQwMeKpgxlaPAVoMaLxpGXnEH36X
+Bb/F6SRRXtTVS1Pt2SNaNgNlo8EDrUEw80YbhZCvZbXVseQWW3h1HZd6bVmpKo973sOHiRCZ
+SXN4yD29UTV0KtXxfmkbKrs7vSW4mlo9cmGQZofuDNZN1BF0C2r+CwP8o1VXif5Ky65bFwXI
+8o0jMVM40i1qP4K5jQhq915BdG7DEX4HrClgkT84ylcQDb0wL8el5kGg2q4Fh5qgpGVsTAkM
+ibq407nAk4ow+o3lmmsVAU5nqtpiVj6ECGbSxDZ9pz4Q/Ijg1IDlAL2q804Go3pq+WJy4wlP
+65sOASPxn7t83NxsEZclsvK0YxTSBipnjIP1zuoH2JpqHuzkCrsqTOsJYDnOymLYLm4AAAAC
+AA1jYWRpc2lncm9vdHIyAAABfBBZrUgABVguNTA5AAAFbTCCBWkwggNRoAMCAQICCQCSuIjb
+sIrBYzANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2
+YTETMBEGA1UEChMKRGlzaWcgYS5zLjEZMBcGA1UEAxMQQ0EgRGlzaWcgUm9vdCBSMjAeFw0x
+MjA3MTkwOTE1MzBaFw00MjA3MTkwOTE1MzBaMFIxCzAJBgNVBAYTAlNLMRMwEQYDVQQHEwpC
+cmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNpZyBSb290
+IFIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoqPEAAnWhV0tbRT2wsNznjXC
+cVV+gfurRlDgwXxJeOareVg82v98HJ/YlwJ4PmtBBOlBvb4DLEX2L2TUq12jRz1km+lomsbM
+Gz+6vrKLNAIumFUZ/Ixvql/aTM5NAyGj2NI0k1aWy0wMABY8XxrNyMdspq3TMae86OXhZtbS
++wO0QWXJEK4OBWPGgGppMP3S7pDvDSffn5Vz9OEl2mwW3kE4NOqL/NHoBBRhLUF+rMd3TstR
+VPtekhgbBFpoxsnE+rcToJi3ESu31lfMfJ4X0csl/oZOJC5WDHhNngESpiunAWVufGIdhITf
+6sBrtaUqlYPDUxEMcx0LskaQ0UI6zkBula3/xpStbpeEjn1vnoqADUltc+J7kh7D88Hz6y4F
+b9kbzzd2BMi0WuQXp8vddh/QGXboLAWz1pw02JbcYYeRBeRECDPB2rkIZdSusjYN67o4ugzl
+m57rjWbdmc/WiUH2BJKKKSltazoc53V9AnEO88DnvcsZ3Z1gssJmYLaxBO7J5oa5mmZAqOcR
+7YFFA4v2Z1nowQYRvd3PgAJPZUB4XEdQyJvmH4F75ESoW4Wa4t5a1cf5OkRmS+QyVHzkbJyz
+Dj0XorI0EtZ+sqhJu9F6KEC+ohYf3+Q3HxFz+5AKZUOiDXz4BgFVM32wDbj09a6lQld8NhGM
+e17EA52MeZ0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFLWZ+K+wlPXjINYKrc5OVqQubkLtMA0GCSqGSIb3DQEBCwUAA4ICAQAmBl5w52Uz
+yIJu2ZwXOht6ZrIB9ng7aV4v6v9O+SjDmCphTLQkEop9bREU95y1yua8nieOTBnIqb16wNc2
+Dm2Fcm6oxqJt9vpzY3+8bnkIHJ2KnxqKU6bYu9k1VbERxakDs1Y7uYSTIl5+wfYSUovqLGe8
+/jZM9bjP0bNJkjvTKQ6ZG5b3Ybg7xCu2eGy0I2/w/dOyXnUfmZWorPba4cUxe/vRRrPSvGe0
+YlS6CfdjsJOimvnpUi6LYBKr/PVgVu8QXIvEGkLcg1tkDsu1vNZPwXw8bo0Tbft76zDQ3E2v
+xdW2pUxbccnoMb7oOAZIoRri6tLeEjlYGv+ADoJ15rfJB2wO7/848ZhxxLd/DhXQJWm9Ip0r
+7QX2Rkes7cDw1Dvi7O6WW5ATTh5WOuuw75a7liMRuvJDhnRklcgodd8dNbrSN4M4Uzg2O89s
+6flrDtD7BOhPd9dlAXiGDHo+IWLxf2NxDMmfRNuoJ6J1vm6BPtfA6xuYD3BcNLKKzMCFGOtu
+erP3WqEHv6lCkvNgIpfkFKEHm052wI59/aQlx0ft/x9zrMzDpelvCo6bZcJQhbWjoFMSzFWH
+YfOBrhBGYb1EIbjCPXTPfiQ1+hwHDps9IsrvMS+MrBK970Ao/Clnn7ITT2YkxFMZ6R4pFe/m
+bbB/LWf982wbdUaj5UoX6aTXCwAAAAIADXNlY3VyZXRydXN0Y2EAAAF8EFmtSAAFWC41MDkA
+AAO8MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQsw
+CQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMT
+DlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5T
+ZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2
+FI7CT8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjG
+nx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLI
+XgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2
+pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvN
+U3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEEAYI3
+FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQjK2
+FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1cmV0
+cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEB
+ADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh
+/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fii
+u1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvn
+ZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR3ItH
+uuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEAAAACAAlhY2N2cmFp
+ejEAAAF8EFmtSAAFWC41MDkAAAfXMIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcN
+AQEFBQAwQjESMBAGA1UEAwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQK
+DARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIx
+EjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUNDVjEL
+MAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCbqau/YUqXry+X
+Zpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoYHtiP2Ra8EEg2XPBjs5Ba
+XCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0RGy9ocLLA76MPhMAhN9K
+SMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvY
+vEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MC
+QvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9w
+rqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2
+x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
+5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN
+285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOs
+OxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUF
+BzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRv
+cy9yYWl6YWNjdjEuY3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1Ud
+DgQWBBTSh7Tj3zcnk1X2VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaA
+FNKHtOPfNyeTVfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCC
+ASIGCCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0
+AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAo
+AEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQBy
+AHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQAcgDzAG4AaQBjAGEALAAgAEMASQBG
+ACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMAIABlAG4AIABoAHQAdABwADoALwAv
+AHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVz
+L2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5l
+cy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEFBQAD
+ggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70ER9m+27Up
+2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxNYEAZ
+SUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
+nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt
+3OAJTS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4n
+Qeit2hW3sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBg
+vgW1m54ERL5hI6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG
+7szAh1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+Y
+J5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSk
+VrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7AAAAAgAhZW50cnVzdHJvb3RjZXJ0aWZp
+Y2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAAElTCCBJEwggN5oAMCAQICBEVrUFQw
+DQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
+MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZl
+cmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1
+c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjEx
+MjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcG
+A1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNl
+MR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJv
+b3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCV
+iLDJ/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr/4JLya0+3kzb
+kIBQPwmKhADsMAo9GM37/SpZmiOVFyxFnh9uQ3ltDFyY/kinxSNHXF79bucetPZoRdGGg1ui
+io2x4ymA/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ/brLNq1bw5VHHKenp/kN19HYDZgbtZJsIR
+/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAw
+ga0wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjEx
+MjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdL
+Q/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4b
+CFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7
+ck7UsdvQlvtUWhksDAj3sryFqJ1/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0
+YMUc8CJEjXFHrMgayembmgBgE/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9
+g0JzUouqu6cpz/VkHApN0byqrJ8q0P9/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKr
+jPvr/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO/NatLR7rtoLkDh174EdZtL3
+V3A2s7/8KK9xJYVbE/4ef1q0PAAAAAIAHGlkZW50cnVzdHB1YmxpY3NlY3RvcnJvb3RjYTEA
+AAF8EFmtSAAFWC41MDkAAAVqMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkq
+hkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQD
+EyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN
+MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYD
+VQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7ekosMSqMjbCpwzFrqHd2hCa2
+rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6Hi9e28tzQa68ALBKK0CyrOE7
+S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qr
+ng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMb
+XcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGw
+yj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy
+9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyhLrXH
+Fub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
+iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaO
+ReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFr
+lJPrw6PRFKMwDQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnY
+Wv6IAcVYpZmxI1Qjt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa
+5hV+rVHVDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9
+TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBh
+Hfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1Jf
+PFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+
+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/Gnw
+U2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nz
+fxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCd
+Uyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c
+AAAAAgAkZW50cnVzdC5uZXRwcmVtaXVtMjA0OHNlY3VyZXNlcnZlcmNhAAABfBBZrUgABVgu
+NTA5AAAELjCCBCowggMSoAMCAQICBDhj3vgwDQYJKoZIhvcNAQEFBQAwgbQxFDASBgNVBAoT
+C0VudHJ1c3QubmV0MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvQ1BTXzIwNDggaW5jb3Jw
+LiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5l
+dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAoMjA0OCkwHhcNOTkxMjI0MTc1MDUxWhcNMjkwNzI0MTQxNTEyWjCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAu
+IGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0
+IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+ICgyMDQ4KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1NS6kShrLqoyAHFRZk
+KitL0b8LSk2O7YB2pWe3eEDAc0LIaMDbUyvdXrh2mDWTixqdfBM6Dh9btx7P5SQUHrGBqY19
+uMxrSwPxAgzcq6VAJAB/dJShnQgps4gL9Yd3nVXN5MN+12pkq4UUhpVblzJQbz3IumYM4/y9
+uEnBdolJGf3AqL2Jo2cvxp+8cRlguC3pLMmQdmZ7lOKveNZlU1081pyyzykD+S+kULLUSM4F
+MlWK/bJkTA7kmAd123/fuQhVYIUwKfl7SKRphuM1Px6GXXp6Fb3vAI4VIlQXAJAmk7wOSWiR
+v/hH052VQsEOTd9vJs/DGCFiZkNw1tXAB+ECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMA0GCSqGSIb3
+DQEBBQUAA4IBAQA7m49WmzDnU5l8enmnTZfXGZWQ+wYfyjN8RmOPlmYk+kAbISfK5nJz8k/+
+MZn9yAxMaFPGgIITmPq2rdpdPfHObvYVEZSCDO4/la8Rqw/XL94fA49XLB7Ju5oaRJXrGE+m
+H819VxAvmwQJWoS1btgdOuHWntFseV55HBTF49BMkztlPO3fPb6m5ZUaw7UZw71eW7v/I+9o
+GcsSkydcAy1vMNAethqs3lr30aqoJ6b+eYHEeZkzV7oSsKngQmyTylbe/m2ECwiLfo3q15gh
+xvPnPHkvXpzRTBWN4ewiN8yaQwuX3ICQjbNnm29ICBVWz7/xK3xemnbpWZDFfIM1EWVRAAAA
+AgAOc2VjdXJlZ2xvYmFsY2EAAAF8EFmtSAAFWC41MDkAAAPAMIIDvDCCAqSgAwIBAgIQB1Yi
+pOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
+U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcN
+MDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
+U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
+bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJ
+wB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz
++kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgb
+EplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmk
+MDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3Js
+MBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8
+QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCN
+i5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxq
+VVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xcf8LDmBxrThaA63p4ZUWiABqvDA1VZDRI
+uJK58bRQKfJPIx/abKwfROHdI3hRW8cWAAAAAgAgbmV0bG9ja2FyYW55KGNsYXNzZ29sZClm
+dGFuc3R2bnkAAAF8EFmtSAAFWC41MDkAAAQZMIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqG
+SIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoM
+DE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZp
+Y2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkg
+RsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCBpzEL
+MAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRMb2NrIEtmdC4x
+NzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6c8OtdHbD
+oW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBF
+HjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaae
+VtAkH3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8f
+xmRGILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr
++UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcN
+AQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2Ik
+gYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY
+0fsFskZ1FSNqb4VjMIDw1Z4fKRzCbLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+
+pRVjodSVh/GeufOJ8z2FuLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aUL
+NmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7EAAAAC
+ABN0ZWxpYXNvbmVyYXJvb3RjYXYxAAABfBBZrUgABVguNTA5AAAFPDCCBTgwggMgoAMCAQIC
+EQCVvhag9y5G8Xs5gnL6i82WMA0GCSqGSIb3DQEBBQUAMDcxFDASBgNVBAoMC1RlbGlhU29u
+ZXJhMR8wHQYDVQQDDBZUZWxpYVNvbmVyYSBSb290IENBIHYxMB4XDTA3MTAxODEyMDA1MFoX
+DTMyMTAxODEyMDA1MFowNzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlh
+U29uZXJhIFJvb3QgQ0EgdjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCvusn
+8CGj82kmVX6dxVUWkVz97yG/U4B6LdKRjGMx8Owk8MOl0nJ8EG30N7fl5nx56oy1gouuSLas
+ANxldewqTV/Bh/UgZSuBqEc+iSOVMBaQf+hXB0jnGa6/RWexNxsGKv7e+ax9g/teuuSPl2e+
+S46NZAdXOFVpNDY9E0jvT+LTZh6kzxq3XjYz1LQGvRgB/XeEUABF9Yxd6CO8fv414e1Qe6kw
+jRnTCY5oZ12/PJcYU7spYsXKXnLBx5bU2y2gtB9pA+zq4lDxDDzwrPNTLfAc9e1sOTlzgBbI
+UrAjzeA+3N08R6C7NYrimGiLvuW/cu7S+qXtEu38mBipJnbcKEsQIBzTfxZ3Le1vgPdJu1MF
+u11ox9TIdRY/iVqL9xdH1Ezx0ol5Pk09mKhh3joe0vheA+DByRyM041N05U2szdfY2ObMxTw
+LSZrU3yJjDLCbuw9IQA5yaFo4lCDLrA6K/M2oKwv5G9hwlEJOT6LU7m7Z9rcU7l2WTadQ+Ug
+4D0yYIUiUbfHM7vdFS+keKYHe4FGNgSG3Xk1x5UsO7CjFzXlcx+0XFnv2uoQZXt60H+fs7Qq
+Nztwi5tbuSu37LJREpdTKVrU8BIQ3E8CuxKSL2LUP2lDfA3W/Fh1AYidWBZL3rqQ/0cBiQZq
+9l+ykGqzAqYCiL+zR34q2dX6aHg1TQIDAQABoz8wPTAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcNAQEFBQAD
+ggIBAL7kXGJOJPQMCP/w0wxo5JNJIj9EJ2+7bd6DZs6ozA389ZoG5XcUkeudQXuZKoTl//wh
+wV3w5B9Xt3WpoV8CJv/Xx/dO3k/49xxGwHpPQCwiNfAZsdBrZyywqODAQDc19oRcXOOvQnj+
+p8kNUOoNhHb2Ue+DU8Z6/w5WSS6PetYM5idU400KYHJizZEH1qW/yJlr7cQZ5qtMETjFbzHi
+bknIP3aAJgMmKeA29vYgU+MXcDQXnWNoHmvsw02GuBMwL11GDUdD1RuqWQ65XI0GSK10h1/H
+/DFUQRPixyEOnuAeDeHAe0OFkMWKWMZlCnhX8sYjDwHZIEveD/uShXUqXHONbXslkcruRa4G
+SwDM07FZUNo6iDspQ0ZelytUzlNvjUrnlvq/cQ5Ci3z9KKDQSMraxIFMu6JzkybI6wzWJoi2
+wCTPu71b63V96QiOhjMseXcJaaWJ/LNwkId2j9Miu0LOvXMLICYq0Js9cB4kbM2HdqkXlrfP
+DZL7jhipmEnRnv5gRHIhuRntwvUx8TlIiJAkdVQWrc70+GkUZDn7o7i6cEDHJxy/xFZT+mNl
+0PMcDhb1a4ZYTRjU5A2OpZ1bkdx2JFA/xir72bectdbm0NnoGYsVcUitt+rYWYjUkL8Ws9np
+rFlhVMgcusrByuG5IEyPOpOJpaDMv9P2daR1lm1WAAAAAgA0YXV0b3JpZGFkZGVjZXJ0aWZp
+Y2FjaW9uZmlybWFwcm9mZXNpb25hbGNpZmE2MjYzNDA2OAAAAXwQWa1IAAVYLjUwOQAABhgw
+ggYUMIID/KADAgECAghT7Dvu+7JIXzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJFUzFC
+MEAGA1UEAww5QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24gRmlybWFwcm9mZXNpb25hbCBD
+SUYgQTYyNjM0MDY4MB4XDTA5MDUyMDA4MzgxNVoXDTMwMTIzMTA4MzgxNVowUTELMAkGA1UE
+BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVz
+aW9uYWwgQ0lGIEE2MjYzNDA2ODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMqW
+a47q+PvxojXgf0za4MNS1322EMgCXrNDKsRParLKHF0omngRGmlZV6+1IELkiw/m31umA5Iv
+9RHkYtcycTjZBAxxqz1Rfg8H32MFXOm/lG/BKYLAtNpRsME8u603SlzK8Us2DiSrv8OEd/2o
+UPSx58Yv0i1ZjXoKTpZpUgKqNpjs/PoUgww3H8mSN3/XgS3lxLngPjT+Z/Q+ZtHT9EDPXmI0
+D3AGPiAYWs73chslbJN0FJOjc7EOqocQI1lfIAUZR+1ojpISyl381iuykjwgz+FfryC+oHZ/
+duXsGoZhMz7ne7Q/oA+Oorlqb7mHJm9BbIimUP1qYwv1kxYbGY+y7ZubyZD1AQzfGT0PPjgj
+yS+PDNEC/htV1k7QjTyvT6Tz/q8q0wWdeQihy1cxtJzIkLJn9BgWkzr8R9jReJYxH7orDF9d
+ma1jiVokIHbY3/2rTqYiqp1e5ieKfWgpo+eKuNoRuxctmZ0TJEb3xeLYn45/x490bVqy6HL1
+rO4kEK0vFNr/LZpGcUe+Qt+7Adv0f9MojzFZW9PJAqa0Uspul/tDxQgmb4r0u/2fKKoN1UXz
+Ezod2MB4j0FnPB6UZK57C8Xo2QGIORqXhmRB1TuHDG76D8a9SBS/OU3UnkG2j5YdY5aT2ZUG
+eDFonjcGO4CJRWE5I8cbRKMV5Rz4kjC7AgMBAAGjge8wgewwEgYDVR0TAQH/BAgwBgEB/wIB
+ATAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFGXN66s1HgA+ftV0wBy0c0cOGmQvMIGmBgNV
+HSAEgZ4wgZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9m
+ZXNpb25hbC5jb20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEA
+IABCAG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEA
+NzANBgkqhkiG9w0BAQUFAAOCAgEAF32g+bTdxcXrrUsktaECq92liEqyD1VLK1eMO+Ux3f7E
+MvHnW2SWNjIY7KUyd9fjRLbAESqAuT1qbnyb0638w9aj5mQpfNHhOB6CK/8nZa/7FhXELnGE
+5bX/+qRHvWQyu/YlhKInQvUgsMITEBHNEBW6QpAq0kThlibrMUgS/SrayQbPdB6pS9WHKPl5
+NJI+LkTo9o9PjzU/JbM53GMqkGsgX8RSEk6XLCqsnZfeSPKjZtvC0oOVpmanniUP6QszkWUK
+WsPZVBLdr8NODh8mXg3cs43s1YFw3tJPJAXzbE71TElmjdH/0gslQUj+UYTGQq+ABM/QfmRJ
+5PLfouyxTMAqHee0sWWixLzxmPSqcAdjtLjaO0z6QCIwWxGm8AUOxgIDSKuGm4Xd293qonaA
+c331nATERY3nuRyLnurXddFysd51ROdCfeJXa33cmbw9gyjqgJONxUxlwXCBuDj8QzGy9gM0
+R7Ks+yIGyx7dF0ccX2a50xqi2hGxpLwjyeS+h/+5lLb4XSBK1F/nvWh7ZfIVHtI6qS3p2Gsk
+rJdYREetWRjxIWVw3s40YKhA8fM8pMMoI4z+JzNDQKAXPOvqO7BypqO5SkteFkj0srzIjJLF
+nZ+scja8NIA0a6mLksC4F+3sdlP1JAGMsyLoS3xVxp36oxS7ZYVubk8Sfgo8nZUAAAACAA5h
+Y3JhaXpmbm10LXJjbQAAAXwQWa1IAAVYLjUwOQAABYcwggWDMIIDa6ADAgECAg9dk40wZzbI
+Bh0ax1SEaQcwDQYJKoZIhvcNAQELBQAwOzELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
+UkNNMRkwFwYDVQQLDBBBQyBSQUlaIEZOTVQtUkNNMB4XDTA4MTAyOTE1NTk1NloXDTMwMDEw
+MTAwMDAwMFowOzELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMRkwFwYDVQQLDBBB
+QyBSQUlaIEZOTVQtUkNNMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAunGAekyG
+bn/IE23Axn0cAJePLAwjuxCaQKkat4eI+JtWavvme46Lko6nJV1ZEds2LrdRFx+pCB8EFyRY
+qjdKGN/lOdRX/dfBLJEBkeIi1APAWPx3R+yPPnRDuqw0jU04dmeOsMhvMDNYcVy09Wtu1AFQ
+uBN+bEqjSdEgGe68wCkYZafe/u/dCpAh5xpnkkIQmF9PMLw+HEW0ENdoQBTAQPrndxd65guP
+ZVs82ZpS27W9nkbPPeuRBQLAlrJ2TE0QljuS+px/D5nfviM1RR4CXP61qJuZJdpe8yLDOfXk
+Ki7Txh/EbKrFHGoBBUov0sXBqDQmXWal0gIh+Ri3BvVOmW+oq0xR6M9QGMV3yDkJLEmSMpmo
+uxcXebBaxeajxFllRzWDXqnoNQuZu+TNIMabSgY5tWj8IrruVYwrTurzseP8tpma1UL6cU0I
+z4ceanF9+dO06aVxgXvCTkeWpfZ2haMoj+mAboFTpW1fuEj5wvk2pi5J/7iWwowHs5uIWPzr
+GxzeLXDil5IwoYnjvFWoJ9ZL7ZCti/pjJVktqDXdypczvOXNx53R7O9eDkqQBiZjrbnZNS0H
+unZlLKxXj330B5TXgQKWXaMHSdV60Ff5G+dTRnWqsHlCy2hxCOlgvTlpzvSvw1ZAx61Sognk
+b4ZHih/rKCddgyCvBMlsVpqLRvUCAwEAAaOBgzCBgDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQU933F/cTomht3ZKf1HaDMv4dgmm0wPgYDVR0gBDcwNTAz
+BgRVHSAAMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2RwY3MvMA0G
+CSqGSIb3DQEBCwUAA4ICAQAHkErf8yNO8MOcUWWbnCKiigyF83Mpa03+AeKpDGMBvwRnpZ2Y
+X/0BE/rsmmLphv62YtJuTJT7wHVFfGUM+LI3z6wPz41v+Rn3j+we8nCe8Mq477f/djd2W/Zu
+iPOvYjIikw06ao4UZgwtU3RXZR7Vst0jgTulZiMnZwmP4XeqQ81lUQjtUVj+5jn5y0eEpBXx
+druk7qQ7xF/vsjOWERi3yWW+GOGjpNz6GPnTvBObOXo0utNB+/oyiiq3K4YLaYM4vs2KLgtw
+rY0mku4e9QErCtnWl5tu4KgZHDohiwweQK0D591mfvW5IA0D6Jb5gkXUOeCgAF3XmOZ9nmdz
+w5oq96uLoToU7zS8Ug6JmJoEQIQdfkVpk1fO6874UHxPHG4EQ5v51jsjGOnqjtFNRo3xO+Rq
+yrr7I7eb+pkBKVpYWi3j+dRtDiatwW40vDL4DAX6ZaPbOzeDIunW3HIz/V3yIL12PCPaKPf5
+G+tZZNXcX3J+IPzNibWQZ01iej9OrR3DOf569CgW30H2SIAF1w9ReawQq9TsA2bmarC6MZJC
+QGq+OtNy4Wo3VbysHZW3aWHyQ5F05qDTCiRGoQiv1tpFGZbUUx1bhHnwwPdH74uPxQaunUxi
+nf9GBPjTybYQJUB1/haqyUpghi+67zB35FTiuISZWICqE4tROk9I9ou2swAAAAIAE2dkY2F0
+cnVzdGF1dGhyNXJvb3QAAAF8EFmtSAAFWC41MDkAAAWMMIIFiDCCA3CgAwIBAgIIfQmX/vBH
+6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcg
+Q0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVU
+SCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMC
+Q04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQu
+MR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQsAlFR
+wxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
+OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9
+cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfm
+iJqwTTQJ9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+
+ahsmUPI2JgaQxXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7
+ng/Wi64HtloPzgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLM
+c3GkL30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHe
+uLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZ
+xw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0O
+BBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfgp8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9
+nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueB
+ihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/
+HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR
+8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svgIHZ6
+uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io2c9Si1vIY9RC
+PqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ8s1uV9JiDnxX
+k7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv/EhOdJhC
+rylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaAp
+JUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0gAAAAIA
+Cml6ZW5wZS5jb20AAAF8EFmtSAAFWC41MDkAAAX1MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/h
+y/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBF
+IFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgy
+NzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6
+ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq
+scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaOxdgmlOHZ
+SOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU+zydcsC8
+Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXCPCDF
+YbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
+OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieF
+UCbKF7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUb
+Qc/hhqfK0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnv
+mfzAuU8Lhij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB
+QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1ua
+D7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNv
+baSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZp
+dG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJy
+YW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAxMCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0G
+CSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHz
+P7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56
+awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwoJNu0FXWu
+DYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lwLDXWrzY0tM07+DKo
+7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5aTfLnnhqBbTFMXiJ
+7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5nXJQY6aYWwa9
+SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQ
+yVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy
+2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
+WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxwAAAAIAGm9pc3Rl
+d2lzZWtleWdsb2JhbHJvb3RnY2NhAAABfBBZrUgABVguNTA5AAACbTCCAmkwggHvoAMCAQIC
+ECEqVgyu2gyrQEW/K6ItOuowCgYIKoZIzj0EAwMwbTELMAkGA1UEBhMCQ0gxEDAOBgNVBAoT
+B1dJU2VLZXkxIjAgBgNVBAsTGU9JU1RFIEZvdW5kYXRpb24gRW5kb3JzZWQxKDAmBgNVBAMT
+H09JU1RFIFdJU2VLZXkgR2xvYmFsIFJvb3QgR0MgQ0EwHhcNMTcwNTA5MDk0ODM0WhcNNDIw
+NTA5MDk1ODMzWjBtMQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZ
+T0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i
+YWwgUm9vdCBHQyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzpUMDGD3IYvNjxurOJ4nlK
+oxana1Qk21H/6vQJJMMLIp/LaieCgQ3SwK8x5HSCbsol2Yx1nfHb0JqiSyF+FqdjkNI51LGH
+eF8Ylg9QGzU3D2rG3NkTTaSOkDfmvVsxkaNUMFIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFEiHFKzjw56QYDrXyonu062MtFBmMBAGCSsGAQQBgjcVAQQD
+AgEAMAoGCCqGSM49BAMDA2gAMGUCMCbHaVvc1eey58gMjIzD3XmMG2PVyVKUTk2CSnMesoCE
+qSXATFptSSlgeBPifkjrZAIxANs0IDII/5pJAraI3hSvXWyZcY0aP4vX4KI2hhwHgjp2U/3C
+ou3ve7CAT1gPS1M5vQAAAAIAHWUtdHVncmFjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZ
+rUgABVguNTA5AAAGTzCCBkswggQzoAMCAQICCGpoPpxRm8tTMA0GCSqGSIb3DQEBCwUAMIGy
+MQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcg
+QmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1F
+LVR1Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1UdWdyYSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xMzAzMDUxMjA5NDhaFw0yMzAzMDMxMjA5NDhaMIGyMQsw
+CQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcgQmls
+acWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1FLVR1
+Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1UdWdyYSBDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOL1P5MFUR6F
+YlReegv1GAeDrn6vfPfUimulY0M5uUv3w8ZkiT2ULlSAUjk5B0tL3YUHdofMvy+VTMx9pz28
+Rw+YcPiMhR50jpJtG0DRmQ27dW7IqWuawIQxr8pDy+srNOiPl2sBm9UOSgiqW5J0hUPTgK6h
+iFuus+peyxaad0TIofZUaM7ej5crultAAgxkF8C1k83h8RNmzgx579GRKKtfoBJSMHMZjo/h
+jAeiw7tK8OofFajuJcykRvgbIu+zDkO6LCS4xSxc1Bz4XWS9w5NeKKc/J/GOHtMqUAWjVdnL
+5zlTwJiejFRiiyaw932NfOTGnmZCVYJH57JYjWb3B3wuNuZQHD/bQyTFv4ZHebN5HPda9BPs
+bPg/4lkfle5CPrmtqDKFSZdG/ksxj1rLrXRHH+mRt98oBCKg1A9d4nlP6myFhr2ops7k+sPh
+s67ePFHuyxN8AX+EDl1RlJ4TDLYupUz5OXA2b5bKLgxEVcXK+l0Co9/WZIxaswEKqbUKRxf/
+75FAKo6hRjoxmOUR/My7SVaK/LnQYZpvZWzmw8s+dUn+j6fiicVn151GE04xdjsks54RZYar
+f+8d1Pi856xaXLdaR1xVzlW0InFbWwvwz9ygYWTqqddoCmOn4A0/oK/TqtJ+71Gg5lErVZIV
+F1PLt2YOZkz4+XVMkOcScMdFAgMBAAGjYzBhMB0GA1UdDgQWBBQu49uySdCcVHlc+icq/sxO
+0uhOVDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFC7j27JJ0JxUeVz6Jyr+zE7S6E5U
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEABTc69E23ReJFdSSPtndS6BzY
+EJNl8/JZBqQ+HinsXdHQq3zgCpBIeO1OmAOZ/ihgkR0wHbhjfKjmNbX602F25tYHS8ppmrKE
+eneTRRcVnyTQmBMS/7ugLv1OTIf4zlyqmBsF4ABGSoKApTOLKNztONPf5T7p/vtZ3WGET9JU
+lhNhEz6PgGm+k0e1NUPSWrs9XO+zQkfNO1UTBrAJ2/1j9jqICplvfuHOG1NqRGYjUQh7vFtS
+ov0GNzhAYY9KlriQN/hmx3iQABUui61RNVMHqGtorvlOPAcmzQgFcMw5P3a9pdNnJgGGplPS
+YDt8Q39ViryVGsEoOUwfQ9KR9HJZirlW/D+0ndpwnHZajENQ7o4wck3f/0n3xqln2W2sAhHi
+OhYlp1gIy29TQZxIOEdoM9HXx4/UdCHUwwWQev/OloixFSldI6vQYKEST970F80y5cm/yEOt
+/S6O8a/i9Jj6Eh8g2MCnDIXFkPQ7LZYmsSy+TKvrsdKKydt4Ew8eCZ1tjwCfAtrB+h96egnE
+SuaIKpefiYv9N19fOs44WYZLr3ELtNjycE+fMhPjsKdX5draQ8uENPIoxOpt9CrvwWt22vt+
+u4U80lPCTb5x4UXR/SNnDRN1+89lZyKdrrAJ0Qn/HTS//iOXN9I5+j0NBgu02zujq29cHbZ+
+6LOCNO0GXCQAAAACAA9xdW92YWRpc3Jvb3RjYTMAAAF8EFmtSAAFWC41MDkAAAahMIIGnTCC
+BIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1
+b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
+OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
+cyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0C
+SzGrvI2RaNggDhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2
+/7FWeUUrH556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJ
+Kjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XO
+nMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROh
+UXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJT
+yPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgi
+c6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUeva
+PwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCC
+AZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0aXR1dGVz
+IGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0aWZpY2F0ZSBQb2xp
+Y3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYBBQUHAgEWIWh0
+dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
+FPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQ
+oUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
+AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv
+92ZVqyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4
+E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ2
+5w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCU
+yyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8n
+by1dqnuH/grdS/yO9SbkbnBCbjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs
+9ZgC06DYVYoGmRmioHfRMJ6szHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgW
+QgRecCocIdiP4b0jWy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUq
+KLsRixeTmJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEtoAAAACAA9xdW92YWRpc3Jvb3RjYTIAAAF8EFmtSAAFWC41MDkA
+AAW7MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAX
+BgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAe
+Fw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQK
+ExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXz
+L4GtMh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrG
+sxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/
++NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF
+60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR
+1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69
+ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIizPtGo/KPaHbDRsSNU30R2
+be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOhD7osFRXql7PSorW+8oyWHhqP
+HWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR
+2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwID
+AQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8
+SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcw
+RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
+b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
+Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3Z
+RPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5
++vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zs
+l0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0u
+RY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gN
+NWQjrLhVoQPRTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+
+XIWDmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEU
+GW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJ
+ONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnE
+UhAFZdWCEOrCMc0uAAAAAgAlZW50cnVzdHJvb3RjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWVj
+MQAAAXwQWa1IAAVYLjUwOQAAAv0wggL5MIICgKADAgECAg0Apot5KQAAAABQ0JH5MAoGCCqG
SM49BAMDMIG/MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UE
CxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTMwMQYDVQQDEypFbnRy
@@ -216,1971 +603,2131 @@ iwYZhk9TEG0HJCehoPjVRxlhTH3KkyfqdAzvb5YJ/mPscF02rWd3rsmdfFVEOqJjUR/142LU
qUcHPswgo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
t2PnGt2N6QimVYOk4GpQQWURQkkwCgYIKoZIzj0EAwMDZwAwZAIwYXnY5UJH3xyuU5kXtm8c
feG/EZTRA4h15I2JpIp3Rt5tYe8C9fu138z+Tv/+qeanAjBbmdeFNwa1ewj96yeLSpT54fqn
-jiYI6HySaG1z2G8mrCECuJm3JkFbJWCu0Ega7gYAAAACABRzZWNvbXNjcm9vdGNhMSBbamRr
-XQAAAVbCSXcNAAVYLjUwOQAAA14wggNaMIICQqADAgECAgEAMA0GCSqGSIb3DQEBBQUAMFAx
-CzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3Vy
-aXR5IENvbW11bmljYXRpb24gUm9vdENBMTAeFw0wMzA5MzAwNDIwNDlaFw0yMzA5MzAwNDIw
-NDlaMFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsT
-HlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALOz/n/TbbHvFnxXpQxtdoovS79k+0zuivDzKXz1/+4q4OnpultkIpqabyw6
-JmlRBZkm3NUcanHGmn0end18bMaMZ2dKPvhxsBknqQkMppW/S4wM+lWYO9joIqFLcTh5rJeS
-abOJfuohaAaYFJaH0mE2vG0nVp5X7sDAVv0yz6TZjsIj142o89glrJfkcDj0tjq0nTuXJkOj
-obxJWXJMIzCHAVj2Tr4caFZmr81BXcizTSpVRqsf2h7iQD3bzX25koCcN90MlmSd3CL3ZIvf
-Yd4VlFIVoH1SyUuoIcnGse3Lw5Vg0Q/wq3D438tNfuzW+qvZvX9U8qXpefrZ1nYkKHMCAwEA
-AaM/MD0wHQYDVR0OBBYEFKBzSZlo3IVbZeObKC9Xn70zvAdIMAsGA1UdDwQEAwIBBjAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBoQKmou+RPXXmzBbUXs2AT68aSXeDR
-02r++76bbb/HBW1ZIMQc8LfahFgCY/pIFu9PpQv3SpjyP54brUdrY84IR+tSP3icr02u+NVP
-z5qYKhBBOVLE3dmbDu+TAa6yLspoQiRCbLCzOj7N6dpIxBXL6fkHD5JQSYrdMZdfyek3qjtZ
-ZZeUMsmznz46YljFSa1iDnGlMqovxol2Q0ATE2c9olQlEMvxOvLZ+ttJVrum/qdBNcPgiGHJ
-iMffNhAimFnqsEr7VhZzbqxN9yKhT60dei1FJ+UwwV7y2hPLJUJRlUcDjGwhzHRC7VP/M4uP
-D1cBFi/Ppu7JcCIUvf2+bAsDAAAAAgAUZ2xvYmFsc2lnbnIyY2EgW2pka10AAAFWwkmAowAF
-WC41MDkAAAO+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEg
-MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24x
-EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBM
-MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2ln
-bjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe
-+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTos
-vNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnT
-lEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpR
-l4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCBmTAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IHV2ccHsBqBt5Z
-tJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9y
-b290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0B
-AQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbB
-uOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yi
-PqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
-9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRu
-JQ/7TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLgAAAAIA
-FGlkZW50cnVzdGRzdHgzIFtqZGtdAAABVsJI1HsABVguNTA5AAADTjCCA0owggIyoAMCAQIC
-EESvsIDWoye6iTA5hi74QGswDQYJKoZIhvcNAQEFBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBT
-aWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0wMDA5MzAy
-MTEyMTlaFw0yMTA5MzAxNDAxMTVaMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRy
-dXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDfr+mXUAiDV7TMYmX2kILsx9MsazDKW+zZw33HQMEYFIvg6DN2SSrjPyFJ
-k6xODq8+SMtl7vzTIQ9l0irZMo+M5fd3sBJ7tZXAiaOpuu1zLnoMBjKDon6KFDDNEaDhKji5
-eQox/VC9gGXft1Fjg8jiiGHqS2GB7FJruaLiSxoon0ijngzaCY4+Fy4e3SDfW8YqiqsuvXCt
-xQsaJZB0csV7aqs01jCJ/+VoE3tUC8jWruxanJIePWSzjMbfv8lBcOwWctUm7DhVOUPQ/P0Y
-XEDxl+vVmpuNHbraJbnG2N/BFQI6q9pu8T4u9VwInDzWg2nkEJsZKrYpV+PlPZuf8AJdAgMB
-AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEp7Gk
-eyxx+tvhS5B1/8QVYIWJEDANBgkqhkiG9w0BAQUFAAOCAQEAoxosmxcAXKke7ihmNzq/g8c/
-S8MJoJUgXePZWUTSPg0+vYpLoHQfzhCCnHQaHX6YGt3LE0uzIETkkenM/H2l22rl/ub94E7d
-twA6tXBJr/Ll6wLx0QKLGcuUOl5IxBgeWBlfHgJa8Azxsa2p3FmGi27pkfWGyvq5ZjOqWVvO
-4qcWc0fLK8yZsDdIz+NWS/XPDwxyMofG8ES7U3JtQ/UmSJpSZ7dYq/5ndnF42w2iVhQTOSQx
-haKoAlowR+HdUAe8AgmQAOtkY2CbFryIyRLm0n2Ri/k9Mo1ltOl8sVd26sW2KDm/FWUcyPZ3
-lmoKjXcL2JELBI4H2ym2Cu6dgjU1EAAAAAIAEWNvbW9kb2VjY2NhIFtqZGtdAAABVsJKBzwA
-BVguNTA5AAACjTCCAokwggIPoAMCAQICEB9Hr6piAHBQVEwBnptjmSowCgYIKoZIzj0EAwMw
-gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
-B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8g
-RUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMwNjAwMDAwMFoXDTM4MDExODIz
-NTk1OVowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
-BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJD
-T01PRE8gRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACID
-YgAEA0d7L3XJghWF+3XkkRbUq2KZ9T5SCwbOQQB/l+EKJDwdAQTuPdKNCZcM4HXk+vt3iir1
-A2BLNosWIxatCXH0SvQoULT+iBxuP2wvLwlZW6VbCzOZ4sM9iflqLO+y0wbpo0IwQDAdBgNV
-HQ4EFgQUdXGnGUgZvJ2d6kFH35TESHeZ03kwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
-MAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAO8DW3qst3gKcreI3/+1RhQJCvqg5n0IxhqHvRio
-c70mymAMnc6Zn89cDzDhvhQx6gIwFPSTPEmnM3qQRkezY30Tm063bxg3gFP+3SDgNZo20ccB
-uebc3fP/HSw6FlfZkjnWAAAAAgAcYmFsdGltb3JlY29kZXNpZ25pbmdjYSBbamRrXQAAAVbC
-STqyAAVYLjUwOQAAA6owggOmMIICjqADAgECAgQCAAC/MA0GCSqGSIb3DQEBBQUAMGcxCzAJ
-BgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxLzAt
-BgNVBAMTJkJhbHRpbW9yZSBDeWJlclRydXN0IENvZGUgU2lnbmluZyBSb290MB4XDTAwMDUx
-NzE0MDEwMFoXDTI1MDUxNzIzNTkwMFowZzELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRp
-bW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEvMC0GA1UEAxMmQmFsdGltb3JlIEN5YmVyVHJ1
-c3QgQ29kZSBTaWduaW5nIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI
-cZoYEo562/ma/EGv2PL0CY6tP/5nNzzaySZQsbE+y+hOcwDystzzxUb7Ce8Yls6n4JyEXSAO
-eqCqNov6KLZ4LrPs6EfzBPCQI7Tqr+VTuAX3R10rhvGnpMY7NbbSDVJB1/SSdeGiClBWh76X
-C3szhRC5KBjuM+pIEddbkUd2ItTuz13nqE4cnZaR3Zy9dAmocmGqsCE68T0sA1YJ0sHcw7XH
-VDer5iaiskZxc8oRiO6852T30BEac0BayEksD7fvkH9ogAQ4CxsPO9T1oLPCjuE0tICZbZ52
-1JIpQLGV0jekZxJ/4GK7rjXFmTaCRLjmeBgzYXGTWy2Nn3iVguttAgMBAAGjWjBYMBMGA1Ud
-JQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBTIQTRcFRUE5UDy0auabySSeodCWjASBgNVHRMB
-Af8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAUnSqlUsi
-jMc9lqT+Xfovtbzr8AvpVjgd0W0Nobxoi/DFgKUkNP3ylhgRhqE29TfnVEDVZB/DX3BCay05
-x55SBc7nanLSjXI/R1CDq8eNJcmw46dTFpWmalPqGJ2PeKl3dxr5tJdHWYgnKLXK4S7XPg6i
-DbgiRAPj0WOwQTqh9aQt93YeBFSZeDJA1yt8TbqmnLB5bge+jOzu1zhpW8EMVmif/uvR4ciI
-+fLNf76FtERnAFA+9CYDZOp3fehePhw3R8jW6qTzNjyXwjlyBZQZJcPXN0EPwR+Hiv2qvumx
-ZFfk25Khz+FJ6DsfkRNaw4/ZJVhJgEcPxgOurOO/t8CqKgAAAAIAE2VudHJ1c3QyMDQ4Y2Eg
-W2pka10AAAFWwknWHgAFWC41MDkAAAQuMIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0B
-AQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5l
-dC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChj
-KSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3MjQxNDE1
-MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0
-L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMp
-IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18
-EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
-hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
-XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoV
-ve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQij
-MfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xG
-Y4+WZiT6QBshJ8rmcnPyT/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv
-3h8Dj1csHsm7mhpElesYT6YfzX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89
-vqbllRrDtRnDvV5bu/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBC
-bJPKVt7+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
-fF6adulZkMV8gzURZVEAAAACABhhZGR0cnVzdGV4dGVybmFsY2EgW2pka10AAAFWwkm7JgAF
-WC41MDkAAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU
-UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUz
-MDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRy
-dXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UE
-AxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+Vt
-UFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYape
-FI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+7
-10LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3
-ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB
-3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQDAgEGMA8GA1Ud
-EwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTLVBqhc6RxMG8x
-CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3Qg
-RXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJv
-b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
-j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w
-/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4T
-Dea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0
-cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTY
-ghdae9C8x49OhgQAAAACABtnbG9iYWxzaWduZWNjcm9vdGNhcjQgW2pka10AAAFWwkj3UwAF
-WC41MDkAAAHlMIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIw
-UDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9i
-YWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAz
-MTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQK
-EwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0D
-AQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO
-/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGg
-E6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe
-+pTsewv4n4QAAAACABR1c2VydHJ1c3Ryc2FjYSBbamRrXQAAAVbCSfZpAAVYLjUwOQAABeIw
-ggXeMIIDxqADAgECAhAB/W0w/KPKUagbvGQONQMtMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYD
-VQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAc
-BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBaFw0zODAxMTgyMzU5NTla
-MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5
-IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRy
-dXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBAIASZRc2DsPbCLPQrFcNdu3NJ9NMrVCDYeKqIE0JLWQJ3M6Jn8w9qez2z8Hc
-8dOx1ns3KBErR9o5xrw6GbRfpr19naNjQrZ28qk7K5H44m/Q7BYgkAk+4uh0yRi0kdRiZNt/
-owbxiBhqkCI8vP4T8IcUe/bkH47U5FHGEWdGCFHLhhRUP7wz/n5snP8WnRi9UY41pqdmyHJn
-2yFmsdSbeAPAUDrozPDcvJ5M/q8FljUfV1q3/875PbcstvZU3cjnEjpNrkyKt1yatLcgPcp/
-IjSufjtoZgFE5wFORlObM2D3lL5TN5BzQ/Myw1Pv26r+dE5px2uMYJPexMcM3+EyrsyTO1F4
-lWeL7j1W/gzQaQ8bD/MlJmszbfduR/pzQ+V+DqVmsSl8MoRjVYnEDcGTVDAZE6zTfTen6106
-bDVc20HXEtqpSQvf2ICKCZNijrVmzyWIzYS4sT+kOQ/ZAp7rEkyVfPNrBaleFoPMuGfi6BOd
-zFuC00yz7Vv/3uVzrCM7LQC/NVV0CUnYSVgaf5I25lGSDvMmfRxNF7zJ7EMm0L9BX0CpRET0
-medXh55QH1dUqD79dGMvsVBlCeZYQi5DGky08CVHWfoEHpPUJkZKUIGy3r54t/xnFeHJV4Qe
-D2PW6WK61l9VLupcxigIBCU5uA4rqfJMlxwHPw1S9e3vL4IPAgMBAAGjQjBAMB0GA1UdDgQW
-BBRTeb9aqitKz1SA4dibwJ3ysgNmyzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQwFAAOCAgEAXNR8Dc/3AX1BmWUMc8VSn8v4z5kGfxvaQxWfngJVV5YU
-8VI8J4eUKO0fOgE3onb8U1DAhJvGa066jCFPoo5VYpHzaRXYvIjjxKoL/e+o6UtVKgYgbVV4
-KRnuXzBcSyQRVf8kmm5eKivuC02ff/cBOJQUlUMHCftgqe4cqxKMoJpep5hqWW2LPwj7yNFF
-rxgVZJASD3MoLsXiJE78WOzw9EX+IrPrL47S2UVhBcGXb6h2co+LjDavvw0FznGN5qZvH2ym
-cWLF2NCDcgzxZxGJDJwTTHI037zVcd+qcd3huWyMPBJdZdq9VxK2Q2v/5d5NZhFRz5mu7Be2
-6HGRjN5J/t01caIVJ5Qcz2HjJrtvo2clIV3m3R0LLmgbO4Kv7INnhdSYUXSxuZmAif9/eBlc
-eUpgLpJArkw3KizJx2LIDl33NlvK4CUlAbTdGgecdwA/0NzV7D3U+rs/zIXWb3+pLd+5Avf1
-l5q1NdrDZ7CHSqkoniOO/1wna+GwT/MH7gAu1FmHy1JBler0R9fuZEFVfI1ZApXdYp3Cue5a
-KHSEpZu3kMcMB9/1iTZ0MtYowbCwC+CcTMMc1vzjabVHRoEvooKr02NEcMSN/y0zuq2Pe7Vw
-iK4+Gc9AKNj8yJC7XZki9VLmWMUfiDFD7ogd18aOPENqHacY3n09FvFi+cqQqP0AAAACAB1k
-aWdpY2VydGFzc3VyZWRpZHJvb3RjYSBbamRrXQAAAVbCSMVlAAVYLjUwOQAAA7swggO3MIIC
-n6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi
-BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0z
-MTExMTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX
-BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg
-Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5
-cRKlrtwmlIiq9M71IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+Y
-MjZ2zN7dPKii72r7IfJSYd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nY
-Lxj+KA+zp4PWw25EwGE1lhb+WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGY
-M2wi6YfQMlqiuhOCEe05F52ZOnKh5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSS
-plazvbKX7aqn8LfFqD+VFtD/oZbrCF8Yd08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8G
-A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXroq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQY
-MBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQCiDrzf4u3w43Jz
-emSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwSTFjk0z2DSUVYlzVpGqhH6lbGeasS
-2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJs13rsgkq6ybteL59PyvztyY1
-bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLxvlBnt2y98/Efaww2BxZ/
-N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76jRslbWyPpbdhAbHS
-oyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyAAAAAgAaZGlnaWNlcnRnbG9iYWxyb290
-ZzIgW2pka10AAAFWwkkSawAFWC41MDkAAAOSMIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSx
-HQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
-SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
-YWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT
-AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
-IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJkTx65qsGGmvP
-rC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO3Xss0r0u
-pS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ
-8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
-UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQID
-AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJU
-IBiV5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9
-PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvH
-RAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7j
-itralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MU
-ReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0D
-khvld1927jyNxF1WW6LZZm6zNTflMrYAAAACACFhY3RhbGlzYXV0aGVudGljYXRpb25yb290
-Y2EgW2pka10AAAFWwklGyAAFWC41MDkAAAW/MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJ
-KoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpB
-Y3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNh
-dGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UE
-BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUy
-MDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJwkg4CsIcoBh/
-kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZaby/ARH6j
-DuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9
-E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
-YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+loce
-PGX2oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8
-Pu2Fbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w
-6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf
-1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEX
-MLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEA
-AaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8w
-HwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBCwUAA4ICAQALe3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07
-GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a
-2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4VSM0R
-FbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9jpwlCCRT8AKnC
-gHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyXX04fkZT6/iyj2HYauE2y
-OE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo2qN8xcL4dJIEG4aspCJT
-QLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+
-tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZv
-Beyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZ
-VEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlgAAAAIAGWRpZ2ljZXJ0
-YXNzdXJlZGlkZzIgW2pka10AAAFWwkjlOQAFWC41MDkAAAOaMIIDljCCAn6gAwIBAgIQC5Mc
-OtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
-RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdp
-Q2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAw
-WjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
-ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
-35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i
-89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfc
-gnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o
-76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3s
-LPr4/m3wOnyqi+RnlTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMB0GA1UdDgQWBBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEA
-yqVVjOPIQW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I
-0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQ
-RI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHd
-DrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdS
-VR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwoIhNzbM8m9Yop5wAAAAIAF3N3aXNzY29t
-cm9vdGV2Y2EyIFtqZGtdAAABVsJJmWYABVguNTA5AAAF5DCCBeAwggPIoAMCAQICEQDy+mTi
-dGPTjf0QHQQfdspYMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhT
-d2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEeMBwGA1UE
-AxMVU3dpc3Njb20gUm9vdCBFViBDQSAyMB4XDTExMDYyNDA5NDUwOFoXDTMxMDYyNTA4NDUw
-OFowZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFs
-IENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIw
-ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE9x0vV+pXbPdwXWOwcVIJYEQoM6N6
-Tgr62Opsi1EWGlWuVCbEzEUHQU8QeX9x0npOPzhOswDGlcpbzcEqg9cnHzEOIxa3JcsctLmA
-Ml4anZPx6DxgLKdeVxlYUV68LFYLuNjvi4K0PLjCJKgTx6AhNht6Vykopy6/cSWQ80SDaVCk
-5OEbYhmUCaPzw7zv9L3s2xOdz51ICVJnwDcpER770hGnhRh0eeRPhRTrUjfisUXYzA1Df64T
-0msrP6fC4qhtdltDn760nbMmhjsff+Xy6GYoFiXQS5c4p+TPCdE2wwu+2jtEWI2+8Z4Jaz7z
-Mscrh8bsXpz2h2WtMynEL4nZucvJA537bJRRlxAbhgsaGz/2An571MVRZCid9dOsg4GI03S0
-WZ3B62EzWkXRyznQBmpTYB2v9vtpvGrcAc+9+Y/ZvVvBOl+O2g9LqZudKihrGgp8PKsiC+V3
-LXH2gjWBrvh7gebq/qz0Gpt0XOiPJPZdnUbELNIeKyFqgydnVUqk48gyl2aQctrj1GQuX+Oh
-avZg1Oc1zcrEaI3XccjTJDNzsWz5auEo21/GPei+VeY3G+0k2Q8Zj19jGFhQgVFlb/KffmoE
-5zQkcbp2S1geGb0VYEWqDBJAAZ0Q4sc4B3IKZcC2uyUp2haeizWLYe3lcVeDtTxxn+NPv34e
-gZ9BlwIDAQABo4GGMIGDMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSEEFjAUMBIGB2CFdAFTAgIG
-B2CFdAFTAgIwEgYDVR0TAQH/BAgwBgEB/wIBAzAdBgNVHQ4EFgQURdmlgW49iE2NcdJGwW5F
-HvPEgJ0wHwYDVR0jBBgwFoAURdmlgW49iE2NcdJGwW5FHvPEgJ0wDQYJKoZIhvcNAQELBQAD
-ggIBAJQ6cwafUkswXNT+sVwl+deOb/WHZJ/tFI64BI4oS4+qe445tNlY9nuhNQqhnYr3Y+Xr
-vTmC1ON6LW/fEzy6/n5WmAvzVJ/NRE5uPOE+Fb8GJp3k8JC21MKeMC4f78d6xFDH6nvaUMt6
-JssAtFqrtZMfgImEBJWNjX8Jk7/UqKjkY23ZZOS4KVoIv1DhhA9Ve18IIhv1vZkeFPbO9FgQ
-grMKPRnBv1urqpnY8jG95Thm3FgFx+1jGi4Kl3yHkyuyiuPx7BjldbYph+fcixp+tNjJ04oX
-bH0pRL6KqvV+Oi5oMZO5atqa4NvpLqWEzRwKuEoI+ZzxYSaYk7d7ZuyRXt1RP9tzD60EWAnd
-BAKVCj7Tdt+mEB6APejNpGTRM8eSx+JOROMJyU7CXYcOEp6/D8kFEN56o7E88j+lqid5rTF9
-H/38GWnF3bk/fM3GtMIwHn5uktd/YXZaj+uVTbwRbiF8WTeZ0Aa8+QZtMhal2Wmo4dw8gB5g
-UdzXVCEeymJ3T/rYj7MrOg14csloQVpHSsKj6xrXCqs8MlXIChGc33TW8EAVHci5j7U2xa/4
-IrjKHfPWthkPn2Flaup0yHyPw09dZYIf2Q2J2nVy++/xR2cTs8jRGYgnJpqZeX8e5Cw/e+7x
-3k2LlpfD1T98GyPtpLMdFnJDSyDhWX7C6K0mv6L3AAAAAgAXc3dpc3NzaWduZ29sZGcyY2Eg
-W2pka10AAAFWwknSxwAFWC41MDkAAAW+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqG
-SIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNV
-BAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgz
-MDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
-d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
-r+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/876LQwB8CJEoTlo8j
-E+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5CjCA12UNNhPqE21Is
-8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCW
-s2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIr
-fKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTy
-sybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
-jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
-FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je88
-3WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kge
-DrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYw
-DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0j
-BBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAs
-BggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcN
-AQEFBQADggIBACe645R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5
-+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
-O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiH
-SycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yvGPUqUfA5hJeVbG4b
-wyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a77KwPJ+HbBIrZXAVUjEaJM9v
-MSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJkvC24JdVUorgG6q2SpCSgwYa1
-ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/G
-lHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8j
-s1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+AC
-OzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJAAAAAgAVZW50cnVzdHJvb3Rj
-YWcyIFtqZGtdAAABVsJJAHAABVguNTA5AAAEQjCCBD4wggMmoAMCAQICBEpTjCgwDQYJKoZI
-hvcNAQELBQAwgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYD
-VQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAw
-OSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVu
-dHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA5MDcwNzE3MjU1
-NFoXDTMwMTIwNzE3NTU1NFowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
+jiYI6HySaG1z2G8mrCECuJm3JkFbJWCu0Ega7gYAAAACABpvaXN0ZXdpc2VrZXlnbG9iYWxy
+b290Z2JjYQAAAXwQWa1IAAVYLjUwOQAAA7kwggO1MIICnaADAgECAhB2sSBSdPCFh0az+CMa
+9sLAMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIw
+IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNl
+S2V5IEdsb2JhbCBSb290IEdCIENBMB4XDTE0MTIwMTE1MDAzMloXDTM5MTIwMTE1MTAzMVow
+bTELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxIjAgBgNVBAsTGU9JU1RFIEZvdW5k
+YXRpb24gRW5kb3JzZWQxKDAmBgNVBAMTH09JU1RFIFdJU2VLZXkgR2xvYmFsIFJvb3QgR0Ig
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYF7ccSiQq1pexyuIe+30475j1
+sjmYTie4EV170iWUiIIVJmobMbuoWyEhK9gPTp9a8bFa5HnWMiMr4VPMmUVce0+tvL+HSgtL
+l1qo9kjsfXsNzSEG354V/UGKSLcg9KF6G1fUXVD/umfYI5kfyD/j3v9vW3exa264yWT34cpB
+Rg4pcdC5I/zJgV9O92/fv4Stc2S7t0KOafbUdh1+nae4V4pRZ3LX1Ki4lVRAcwP26vTr/ihC
+dz+dIxuytj2AFAdMLk/31QoWDb1mQzd+I0N5w0CG9Uwp2o6arQ2lBIeIHoXj6VPVm8iLA2N4
+6+AZSm67L2szZFiTrWm/jxvvgkjHAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBQ1D8g2Y17io+z5O2YVzlFS45GaPTAQBgkrBgEEAYI3FQEEAwIB
+ADANBgkqhkiG9w0BAQsFAAOCAQEAQEz7h7KZgZB+ncWwsCbNiHsrMo1uuCFxWJd9rjcUrz7n
+95riffZxmJkEqkN0eKPjSWE+c4xNlOD5ccS2Fg5TeB/WoocvAjmBKTyvFZghMP4okACM0eHL
++l7I/fgQRjuieEKRF3RVCt5QZ01m0af//dnAtaijis5m9Q9DzacrV3tjRmqqLlLY9O3hba0p
+kHhIuuEjqqOJ7LWrlsC0S6Idl5568m5Acd9o8WVNznwF31NlqaXwsZcEcBVGA5jU0r9UtKBY
+fVJv2lYmYtTY24kxbxzwIsLTYhw1zUxpFVQakJje6x5fynfHy449Q2mcmljQJDvfG0CWfjWt
+gcdOcbqIEwAAAAIAJW5hdmVyZ2xvYmFscm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8
+EFmtSAAFWC41MDkAAAWmMIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJ
+KoZIhvcNAQEMBQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBM
+QVRGT1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYT
+AktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwp
+TkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gv
+QnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtS
+AuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/
+6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABI
+qKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8ObtoqvC8M
+C3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3zVHbOUzoB
+ppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53BA0K6
+lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
+cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv
+8ejyYhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0Iw
+QDAdBgNVHQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7g
+yKoNqo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3c
+vuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblT
+mXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW
+4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAY
+l3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzy
+qkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmW
+Ncf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0
+kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF
+4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul9XXe
+ifdyAAAAAgAJZ3Rzcm9vdHI0AAABfBBZrUgABVguNTA5AAACDjCCAgowggGRoAMCAQICEG5H
+qciLlLbouzsq2KKywZkwCgYIKoZIzj0EAwMwRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdv
+b2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MB4XDTE2MDYy
+MjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2ds
+ZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8FhzubeRr1r1WEYNa5A3XP3iZEwWus8
+7oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019eWIZlD6GEZQbR3IvJx3PIjGov5cSr0R2K
+o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgEzW63T/
+STaj1dj8tT7FavCUHYwwCgYIKoZIzj0EAwMDZwAwZAIwalBSdAjEcNyeUHQh6I16IcNPlm4V
+0SI1YS36CDfuGW2t27LMfQc09WAZLLU02W8gAjADcbG6o2ALhu2aCGqVaJ/is+GTZHxek6bf
+eS2NheOUzyNdcczysE3W/pnIlKl1ouMAAAACAAlndHNyb290cjMAAAF8EFmtSAAFWC41MDkA
+AAIQMIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQswCQYD
+VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxML
+R1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQG
+EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RT
+IFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uF
+xh1MJ7x/JlFyb+Kf1qPKzEUURout736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSW
+RQmx1WyRRK2EE46ajA2ADDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA
+gFukfCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWS
+dIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhdAAAAAgAUZGln
+aWNlcnRnbG9iYWxyb290ZzMAAAF8EFmtSAAFWC41MDkAAAJDMIICPzCCAcWgAwIBAgIQBVVW
+vPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
+aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2Vy
+dCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJ
+BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2Vy
+dC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF
+K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
+YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0Iw
+QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiu
+NkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vm
+iI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9O
+jIgrqJqpisXRAL34VOKa5Vt8sycXAAAAAgAJZ3Rzcm9vdHIyAAABfBBZrUgABVguNTA5AAAF
+XjCCBVowggNCoAMCAQICEG5HqcZas+cgxTCaP2hS8m8wDQYJKoZIhvcNAQEMBQAwRzELMAkG
+A1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMT
+C0dUUyBSb290IFIyMB4XDTE2MDYyMjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UE
+BhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dU
+UyBSb290IFIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzt79pvvs7BQ0PAcG
+WmxZ9xk13ffBnVWq0807pJNy7wr6bZ328IWAW6FIUp85xbfuKKzvy3ZoFLnfrQFsmR/EIh2f
+/nJ34Cxbr+QEv09yoBo0mOg5aOyVJXt2oeZpuYUZvYmM/q3tNupzvP+D4st9wdLOSrONBZ6L
+SZPfwVvQbl7wLjAugvz6vLQXCkjliJvFm2vesMq0A/Da9JC4ZWT3XEyt6H5mXpnXuMI+yNAT
+na3u5EV7iVX3ih9iUoQSs8JAl+OKH0eRpnRa0vixYygQuLMJuFZ3QKImmHnG/t8l7j7loH/U
+YQ9RSzw/jNrhcHTYwmih+cEM6aHif7tVPHYG7mpOzJKIME2avU8LSJqEtZij1ftzwVdh3ShW
+dROuh47nDFEJEHWITLyN+Xs81CJIHyrc62u7RLHLM3EyRq+tSvGM6HQ6rOcaInOA0jD3JULH
+Ijs7Eq2WLsbDdgeqILc1SVfpkknodhZyMWcrln6Ko8eUViK/akt+ASGyIzLf5JpEbVlbXfUA
+oBybxniXjZD/m8iqtK8RUTle2ftnrdVbEZ0ymhu91bpbpcnLJWlTVSdc4Mo2y4hh+x630Mvu
+FvvTpkzekqXU4t/1BlTeLp1LtJMwqoHO3RrcUXMNT3Dp5bYWIRl5suaJC3VkytWrvAnBGKH/
+1FShhTz9FCQDsofTpLcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFLv/yo4jn0+ZytviaKalFScXHtkOMA0GCSqGSIb3DQEBDAUAA4ICAQC2
+afCmd/6e7guBreHAqcf5NR1AgqvmBLTfy/cdD4PwfhNNjYzu4zMiwzn8QN9uQUtCU74WiPHS
+OF7EaJkcmFKTjOdo7Rtqc3oFQE1/ZTvWWPHOg0dg4/+XqZxgdxhVtX4Ik8/Q9jxnAxVhCfmB
+efXsU6SfyY8Bi3PEd3bcg6L1DEkaqHbekptk+LMsxSfTB8AIgKSYkuMBlgKqAu6PO8XRbQoz
+MHN4uU9UFr8LB6GkXObLyVyEjw/gFXcsfiZ+2sRL26cWdwewzXXockLWlYSdhoPy5JDNCUfU
+iwNw2lrGA0L07Tei8BtQVEsO2ITeGSiZgUeuCRs/SNHDb+KwYBf17iMCpdoAW22Qq+6i6Rs7
+6cdEJ0WOa5/1pIS8d/lrl6w+UUWiEabMhe4KaPI+UDh6JGIeFyA3bWpNtwmbyfykWPW2+5xO
+GLuVAuehrZsH7jZrJNI5hsGTg1DSgUaoX2JXLLtsZIgIbu8TVF/dLcRnY9PPiTe/nSD0+3qD
+m6AegQBQwuQMIllSEO1DVocA+BRSpx2Lk4yiTUZ/J8ZxmyTe5NqGiw1+ayDBwJ7hZdhqo6bo
+hYs6BwgcuvWPVZoYdX7l7IFm0SFzoTVEC4A9W5xebyoXltGDI4hmbeaG4nAyL1Ii58jnf8Qs
+YF0vw6+eRQXDhAK3/SwIUk+C3aPw1IYJAgAAAAIAEnN3aXNzc2lnbmdvbGRjYS1nMgAAAXwQ
+Wa1IAAVYLjUwOQAABb4wggW6MIIDoqADAgECAgkAu0AcQ/VeT7AwDQYJKoZIhvcNAQEFBQAw
+RTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEfMB0GA1UEAxMWU3dpc3NT
+aWduIEdvbGQgQ0EgLSBHMjAeFw0wNjEwMjUwODMwMzVaFw0zNjEwMjUwODMwMzVaMEUxCzAJ
+BgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBH
+b2xkIENBIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv5O5+iyQOEm6p
+UC0WRDuSklzKuF2EkkITKrxlV4JAPlckzVCLJSq3b/zvotDAHwIkShOWjyMT5ihYAKNHxwan
+hCMru72WK39VzIvBVx8OYmUP3T1WinParn5tuoEcfkKMIDXZQ02E+oTbUizzDid3C2u/ES9y
+eJ8u2D7mGDdaKnL52mKQkpXKH5zpszwry/MBE79az8G1CmC93bWZZFO4oJazb+Imd5GM4GIQ
+Ap80D6TVkjNR3r6NuoR6YDxq258r7N7eAT9uTeVQhsu0r+1EQMXKWoza0it8qO6+puUKqg6l
+3wVSt1XHIl0yapeXYxPbydt5NnuFOkrFUon5JOedd6mC/1UcpXFpK9ECJPKzJtRr2gRV5cEK
+x20wN5Aq5J4UM14WF1XFW7XLNImS8Z0mj6EH1MayeFDbDAwLfAuMQde56d2MiPejTbIyzNgX
+2s23zmad1P1e/72XPil1536nYlivJTSlQcc9vA1QygMDDwhaH5VzeGK/r3IUaQ6l5QMOeI4m
+KELwBwtiIBBnOUb6qQPMBDh6Zu8gg7WMSlaOkQD8jlyC3oigw+Jobn2N7zzdZfRdrFHvJICu
+qlaXb/mtfdphP5h3PKWRthyMJtplogltweJU47nKTEyAj3d7YJoe37bySB4Ouk5UbZjg4aIa
+ondQz8RjkuxHGZ3r5mvOwQIDAQABo4GsMIGpMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRbJXuWpGVRfrg588B4Zl7oOufw7jAfBgNVHSMEGDAWgBRbJXuW
+pGVRfrg588B4Zl7oOufw7jBGBgNVHSAEPzA9MDsGCWCFdAFZAQIBATAuMCwGCCsGAQUFBwIB
+FiBodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29tLzANBgkqhkiG9w0BAQUFAAOCAgEA
+J7rjlHzxrsDeF+bl2NX1VLCD9LvNXgV7T591Zq886FZ+/HJ4OAPZK2IbALn46WDNzM5RisdQ
+MW7hSn4YL2lZtj1kgSvjg4TmIoeOfeDuAplhuB70uCuIEhaEwjGTOJYxprk7Uz/DJJNWW2mS
+7MXBuzgA4+wXqbjcx3wBg58yR7pSIjQdMnoJVqd8JTapPUvawIJvCrsSyIdLJxH5Hi3Hkz+e
+218ma1LZLorxFMZEjRWpt7+93qYa7q4t+0h3F/677K8Y9SpR8DmEl5VsbhvDK8R0YHklsAon
+399e0jnPRX1CS9+zLB7Fxl3KVTqgnGmaj9rvsrA8n4dsEitlcBVSMRokz28xI1AfjE+PI8N0
+QWMcVagU3T7gUVDP8RswVg6SsIKF2IPLImS8Lbgl1VSiuAbqrZKkJKDBhrVKE2pHzy4LVpVU
+y86a22q0prLbQQiGJ3f3aqBCbAs4ztd1UDKSwt8rMCJI0NVBOCVdpOldn8aUddBF/TCXQ4+Q
+qwrHhnNgSmkt3qV41wbaap5LPnc6IBMiAdC/aJ5jYGs1TQttuqE9wJPgfyOzVa1yJU5G+dIW
+77BkwQGe6cqgapgOz9hg8i9JuORC4Tg1FvTIbk/3gVbouqO+I6+u/W8D4AI7MHb6G21BzwGx
+6bjJZvTbJvM6pHTySSRbybDQV8H6Pnrhl8kAAAACABVjb21vZG9hYWFzZXJ2aWNlc3Jvb3QA
+AAF8EFmtSAAFWC41MDkAAAQ2MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQsw
+CQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
+b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEa
+MBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBT
+ZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSO
+vkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70
+VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5
+YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4
+qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W
+8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
+BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2
+aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNl
+cnZpY2VzLmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMym
+trwUSWgEdujm7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHC
+v8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8
+tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIs
+gtRqAEFQ8TmDn5XpNpaYbgAAAAIAFGRpZ2ljZXJ0Z2xvYmFscm9vdGcyAAABfBBZrUgABVgu
+NTA5AAADkjCCA44wggJ2oAMCAQICEAM68eanEamguyhksR0J+uUwDQYJKoZIhvcNAQELBQAw
+YTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp
+Z2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgRzIwHhcNMTMwODAx
+MTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl
+cnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBH
+bG9iYWwgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs3zTTce2vJ
+smiQrUp1/0a6IQoIjfUZVMn7iNvzrvI6iZE8euarBhprz6wt6F4JJES6Ypp+1qOofuBUdSAF
+rFC3nGMabDDc2h8Zsdce3v3X4MuUgzeu7B9DTt17LNK9LqUv5Km4rTrUmaS2JembawBgkmD/
+TyFJGPdnkKthBpyP8rrptOmSMmu181foXRvNjB2rlQSVSfM1LZbjSW3dd+P7SUu0rFUHqY+V
+s7Qju0xtRfD2qbKVMLT9TFWMJ0pXFHyCnc1zktMWSgYMjFDRjx4Jvheh5iHK/YPlELyDpQrE
+Zyj2cxQUPUZ2w4cUiSE0Ta8PRQymSaG6u5zFsTODKYUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFE4iVCAYlebjbuYP+vq5Eu0GF485MA0G
+CSqGSIb3DQEBCwUAA4IBAQBgZyiUbw5IY+sx3epnGNWJfTzFi0p/6b7bKxffsF9zdyoyEzmB
+Z0KEI/JFZzXsiL/4j7BhDDSkriBMhMbb+DXhdtnfpkK7x0QIhn82dCRa2mwNFFk1vfJJ3bYf
+ybMNRyo9mS+7XLu11CDhmV9TRhXbaJvw8zDVPjHijYSe44ra2pY+NROlX/D5cFBwR0ERVxlO
+wI+uBsSVExcvGyWfdfKxjpmhbxOxQXH+iCrITxAgVdfzFEXl4ET06oeVMpMO/lNG+iyd/4si
+uUvZCUWk3qS4mljdG31Sn45ZQ4iBpJ4m1W+t3Q3GN33tA5Ib5Xdfdu48jcRdVlui2WZuszU3
+5TK2AAAAAgAJZ3Rzcm9vdHIxAAABfBBZrUgABVguNTA5AAAFXjCCBVowggNCoAMCAQICEG5H
+qcVLRwwN7DPQibkc9OEwDQYJKoZIhvcNAQEMBQAwRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
+GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMB4XDTE2
+MDYyMjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdv
+b2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63ladAPKH9gvl9MgaCcfb2
+jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape
+62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6
+z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogr
+FZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8Upmv
+MrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB
+0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6
+TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy/BBj
+FFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDg
+fg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEA
+AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOSvKyZx
+GitIJ4UvUmYs7/CJE3E+MA0GCSqGSIb3DQEBDAUAA4ICAQA4lgruPbSWHl/vnZwLM58r4Mr9
+0o4KH0F0pXyqhNTl8h7mN1IynAvRYR2/KMG2RCk1dXeYsnzZvXSsimjjqTEJKQFgc+NHfFOo
+kEon70vXn5PngjbOmmgMgufP1BAWb18OmVz2H3F97+97L37qNtaXcAsV7tdcVmozpeNJOAy4
+ffuNhaSxWV70auHdofZkRK7mUYMhZsYRPvPOR+6cKB8l2v+sZpXdNQ9c7yAsYv2RuqnM/Fqc
+k4GDKZdKfFpytDnQt3fLef1pOpI37W44ZUZ+6WC9eYiXXzgS9O6vW4LIhtXhmW2MBPJ2ukn2
+bultHl+g7yeCdkD4ptNYXA8sQtpCxnuINMfB2EWbwT7FYR3ZY1BJ9jSFauAYxW5Hq0FCKZv2
+YA3SMdNjmCOTWgCBSLTvzYrNyc+Z7tmeqjbhaEtxSRQ2KDo9Hc6ajyXmgHFhK7V7zPklFoHh
+MV+ho34WpJwWapcYvXZypQueHTbmL6EvvnCRD6jm2vjEkkBsJX57swncshetgETwaKWPlHX/
+dFroqAJ8DAniqUsLoIULYrnvoTGS++/2UQSJbOipdKG7F7O1/UkPfDzsgxggQ07Vk7q0NLEf
+FjYfDOZkORZM3OD+HcipYj1A6srFNAK0romIMzXcLBNz2Cfx0HLudTsi3phoZlvxxmNHVRy6
+pQhRdaZIJQAAAAIAC2RzdHJvb3RjYXgzAAABfBBZrUgABVguNTA5AAADTjCCA0owggIyoAMC
+AQICEESvsIDWoye6iTA5hi74QGswDQYJKoZIhvcNAQEFBQAwPzEkMCIGA1UEChMbRGlnaXRh
+bCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0wMDA5
+MzAyMTEyMTlaFw0yMTA5MzAxNDAxMTVaMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJl
+IFRydXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDfr+mXUAiDV7TMYmX2kILsx9MsazDKW+zZw33HQMEYFIvg6DN2SSrj
+PyFJk6xODq8+SMtl7vzTIQ9l0irZMo+M5fd3sBJ7tZXAiaOpuu1zLnoMBjKDon6KFDDNEaDh
+Kji5eQox/VC9gGXft1Fjg8jiiGHqS2GB7FJruaLiSxoon0ijngzaCY4+Fy4e3SDfW8Yqiqsu
+vXCtxQsaJZB0csV7aqs01jCJ/+VoE3tUC8jWruxanJIePWSzjMbfv8lBcOwWctUm7DhVOUPQ
+/P0YXEDxl+vVmpuNHbraJbnG2N/BFQI6q9pu8T4u9VwInDzWg2nkEJsZKrYpV+PlPZuf8AJd
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTE
+p7Gkeyxx+tvhS5B1/8QVYIWJEDANBgkqhkiG9w0BAQUFAAOCAQEAoxosmxcAXKke7ihmNzq/
+g8c/S8MJoJUgXePZWUTSPg0+vYpLoHQfzhCCnHQaHX6YGt3LE0uzIETkkenM/H2l22rl/ub9
+4E7dtwA6tXBJr/Ll6wLx0QKLGcuUOl5IxBgeWBlfHgJa8Azxsa2p3FmGi27pkfWGyvq5ZjOq
+WVvO4qcWc0fLK8yZsDdIz+NWS/XPDwxyMofG8ES7U3JtQ/UmSJpSZ7dYq/5ndnF42w2iVhQT
+OSQxhaKoAlowR+HdUAe8AgmQAOtkY2CbFryIyRLm0n2Ri/k9Mo1ltOl8sVd26sW2KDm/FWUc
+yPZ3lmoKjXcL2JELBI4H2ym2Cu6dgjU1EAAAAAIACGNlcnRpZ25hAAABfBBZrUgABVguNTA5
+AAADrDCCA6gwggKQoAMCAQICCQD+3OMBD8lI/zANBgkqhkiG9w0BAQUFADA0MQswCQYDVQQG
+EwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0aWduYTAeFw0wNzA2Mjkx
+NTEzMDVaFw0yNzA2MjkxNTEzMDVaMDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90
+aXMxETAPBgNVBAMMCENlcnRpZ25hMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+yGjxydbWszR1JoIe7LS+6lzhJu0RR2HhonwWeEAh5GCeWshj4cSxlpL/GG1pI+ErYvfd4jYv
+kQe5SM8O7Hm2LOc0S3AIJaM8hxsZ8oEHDziQGdMR/oa08tFeHh6WzYBszjsxk7byoNCplRJ9
+pZrMa8iEVoozqeciFVMW8MwX7Fdf6aIKmAne41+cb9xI44ULFVqmup+sSOMJsvf0Mt5eNL4c
+eF1CW84OIo9NkNd9MhizCyxqv44/FBGJIA53FLU9lAiH9yUe1bJgAOxvKiglbio+GGMXJT8+
+RCAW9ibIJa4FSrTnYyzzjBZTflz7ERoIwUZinyK48cKNadz6OlgG3wIDAQABo4G8MIG5MA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBrt/kE5kLQkWb4B8lLVRfZaOdwRMGQGA1UdIwRd
+MFuAFBrt/kE5kLQkWb4B8lLVRfZaOdwRoTikNjA0MQswCQYDVQQGEwJGUjESMBAGA1UECgwJ
+RGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0aWduYYIJAP7c4wEPyUj/MA4GA1UdDwEB/wQEAwIB
+BjARBglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEFBQADggEBAIUDHpJx9kKv4aNhnuvz
+wA/ypdTalebWvmg2PX5uH0yK79EPIW1epVJjzhL47yrab+s3/hMCx8s7PiJr2mEuf9RyPd0w
+4R5MQBmMD9ec0YMwe5hZ3H3GuQwpTKEzoutnOmWE05bi7XZFcI+1K975I9ZJbjwUtcafNR5Q
+0MGPanBEAmLLrh1oQaeqV+hTqgfSBvbVFAYLkQN1LGxytWGVmg2LuQ3n9d9Uzd7m2NYJCJdj
+5cEusLdEJsAmwK9VMJ471TYqGQT0XB7/zyy3/9D9h0AR1REju0jAIamkKC39FfiwTiv0MFsh
+/BGRNL5B73udl3X/l5XAllgv6rtG17vk2S4AAAACAB1kaWdpY2VydGhpZ2hhc3N1cmFuY2Vl
+dnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAAA8kwggPFMIICraADAgECAhACrFwmagtAm48LefKu
+RiV3MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
+bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2gg
+QXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln
+aWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJ
+tnEqw9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGR
+fmO2q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQW3cxG42z
+xyRFmqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0
+BBNcoXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGh
+JR6HXRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUsT7DaQP4v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7D
+aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdsh
+R/gqZ6q/GDJ2QBBXwYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYea
+JGT2imbM3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34
+yl6LMYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jIdhKRVfJI
+adi8KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgSnDycv578gFybY83s
+R6olJ2egN/MAgn1U16n46S4To3foH0oAAAACACJ1c2VydHJ1c3Ryc2FjZXJ0aWZpY2F0aW9u
+YXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAAF4jCCBd4wggPGoAMCAQICEAH9bTD8o8pRqBu8
+ZA41Ay0wDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVy
+c2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3
+b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
+DTEwMDIwMTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+EwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJU
+UlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw12
+7c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
+tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQfjtTkUcYR
+Z0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9X
+Wrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND
+8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND
+5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjN
+hLixP6Q5D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
+WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMa
+TLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
+HAc/DVL17e8vgg8CAwEAAaNCMEAwHQYDVR0OBBYEFFN5v1qqK0rPVIDh2JvAnfKyA2bLMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQBc1HwN
+z/cBfUGZZQxzxVKfy/jPmQZ/G9pDFZ+eAlVXlhTxUjwnh5Qo7R86ATeidvxTUMCEm8ZrTrqM
+IU+ijlVikfNpFdi8iOPEqgv976jpS1UqBiBtVXgpGe5fMFxLJBFV/ySabl4qK+4LTZ9/9wE4
+lBSVQwcJ+2Cp7hyrEoygml6nmGpZbYs/CPvI0UWvGBVkkBIPcyguxeIkTvxY7PD0Rf4is+sv
+jtLZRWEFwZdvqHZyj4uMNq+/DQXOcY3mpm8fbKZxYsXY0INyDPFnEYkMnBNMcjTfvNVx36px
+3eG5bIw8El1l2r1XErZDa//l3k1mEVHPma7sF7bocZGM3kn+3TVxohUnlBzPYeMmu2+jZyUh
+XebdHQsuaBs7gq/sg2eF1JhRdLG5mYCJ/394GVx5SmAukkCuTDcqLMnHYsgOXfc2W8rgJSUB
+tN0aB5x3AD/Q3NXsPdT6uz/MhdZvf6kt37kC9/WXmrU12sNnsIdKqSieI47/XCdr4bBP8wfu
+AC7UWYfLUkGV6vRH1+5kQVV8jVkCld1incK57loodISlm7eQxwwH3/WJNnQy1ijBsLAL4JxM
+wxzW/ONptUdGgS+igqvTY0RwxI3/LTO6rY97tXCIrj4Zz0Ao2PzIkLtdmSL1UuZYxR+IMUPu
+iB3Xxo48Q2odpxjefT0W8WL5ypCo/QAAAAIADmNlcnRzaWducm9vdGNhAAABfBBZrUgABVgu
+NTA5AAADPDCCAzgwggIgoAMCAQICBiAGBRZwAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQG
+EwJSTzERMA8GA1UEChMIY2VydFNJR04xGTAXBgNVBAsTEGNlcnRTSUdOIFJPT1QgQ0EwHhcN
+MDYwNzA0MTcyMDA0WhcNMzEwNzA0MTcyMDA0WjA7MQswCQYDVQQGEwJSTzERMA8GA1UEChMI
+Y2VydFNJR04xGTAXBgNVBAsTEGNlcnRTSUdOIFJPT1QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC3M7l+yCVKjrXbtCgbqleQ6NEi02S605Po1KyGYUBqYFdoVIRNvGpU
+AgX/35uaKq5dB49Kwyh/7/sr+nnxx63wEFMkkItmyaiIq69aowDpvrpG7ltzeywXgoFeYiyh
+AmWzvcUrAH7E/AMzVw3t4vrOXUXWOM01trLB0JyBSqrksgFcHY9fmcSxrduIIeuQCIKA8zCj
+Q+aQgq5VKEntW9epEDgO/o9MW5tG6kH1sAh0w9CIM7Z813Tf3ITRQw51OaElQCjqeMsOLC45
+nYyLbhYcLyaCEOLjZZQKBMBe911b+BDi0Lp6S/veNwAAGlso49Kccz4yh5ihyVEv196sM7NP
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTg
+jJvbJUmz8XyG1rJChwvQa6DZ5DANBgkqhkiG9w0BAQUFAAOCAQEAPtIciS41/Ph13eZ/ZYj0
+ckzJLNcyTvPdGXlHvY47W5MPUEkkE2sUBnLvCdOhoeNAhMnnGDJ0PEhuD59L1Pce05OGZFSX
+Y3JQ1VXP+iCTAqKbwyOTThZVdqBweW3NIR/PLy28GeOIMfhZGoEJyJemdMdgxFvMV46ydf0b
+AgnbWW9yk2n3MUHWiDi/h7K9Fnn5quS+iCXdYScjHLUxBwQ2tBqQvaB0cVCJbbwU4w+GrvGr
+PsegCcyjSNHg22TnkrXPr3JDcIv5w4Q8E6p+kptXU5P6cMKRDjH5m2dd6ZY4Xl+zc06IFWfe
+nnYQYiC+VWmVQwA5TfbusFpOSURUWF9CgwAAAAIADWFtYXpvbnJvb3RjYTQAAAF8EFmtSAAF
+WC41MDkAAAH2MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQD
+AzA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9v
+dCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMx
+DzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9
+pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvou
+XKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzpl
+bszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0r
+z2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRM
+StuW1KyLa2tJElMzrdfkviT8tQp21KW8EAAAAAIAEGNlcnRzaWducm9vdGNhZzIAAAF8EFmt
+SAAFWC41MDkAAAVLMIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEEx
+CzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g
+Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYT
+AlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBH
+MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszu
+Y5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tb
+AMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwo
+Ue+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV
+07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2Ypx
+JM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P
+rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiFDsGJ6x9n
+xUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf95xhszWYijqy
+7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlcz8sFWkz6
+GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERLiohE
+nMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
+DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILV
+AzOBywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa
+8gWmr4UCb6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl
+qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGz
+cgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFty
+DGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZb
+bFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q
+1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdY
+aXHmgwo38oZJar55CJD2AhZkPuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxE
+y9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/N
+tBde17MXQRBdJ3NghVdJIgcAAAACAA1hbWF6b25yb290Y2EzAAABfBBZrUgABVguNTA5AAAB
+ujCCAbYwggFboAMCAQICEwZsn9V0lzZmPzsLmtnonnYD8kowCgYIKoZIzj0EAwIwOTELMAkG
+A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzAe
+Fw0xNTA1MjYwMDAwMDBaFw00MDA1MjYwMDAwMDBaMDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQK
+EwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDMwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQpl6fGQX/ADZvoARtWxvJSpbotshLo0i7X+snF2KptH3OBOzuYazl8M6XFToaO
+gBdoYkVXfURYHbM35WcI62beo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjAdBgNVHQ4EFgQUq7bb1waeN6wwhgeRcMecxBmxeMAwCgYIKoZIzj0EAwIDSQAwRgIhAOCF
+kqMXt435Kwalk6wamGhhcvrhodD7HHhgpkOZxbjEAiEAnALv8ZScs5b568Yq+LYs/jqQFBbX
+jGMkSBzfMH3VaDsAAAACAA1hbWF6b25yb290Y2EyAAABfBBZrUgABVguNTA5AAAFRTCCBUEw
+ggMpoAMCAQICEwZsn9KWNYafCg/lhnj4Wya7ijcwDQYJKoZIhvcNAQEMBQAwOTELMAkGA1UE
+BhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjAeFw0x
+NTA1MjYwMDAwMDBaFw00MDA1MjYwMDAwMDBaMDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZB
+bWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCtlp8tnEpMSoF5UZnsistrYFETvE1tBvywCI3dGRBqxyYMNdjAbyCE6ZSx
+m4UDw1vbSujI+JB22VtP40zoBjZNzJqsPQyQK5LUBhlgrDdEeYWBgq1aN+ANzJ2mTFJ26kOd
+twTRUPZV4NXSpkmF6Tfpyn6uXJVNSJo/riBabYiV2TS4UhpDkLC/bAW5tni36tDkOjwSU2L/
+SvJ7vjUFqRI04/NkdGIsPQBJWij+MkS7h91lJwJxO9pK9x/azfchVZBPD+yuguGfa9lF07vw
+X4ftPCw5hto/3uxyVet5o63b3XywuhzO/N5PNXbPD/h4H2o2UUYnYVvpns/wolV9fCWKby+0
+xc+ELiv9DVEQbPtfG7wbfsWuO5gBMZL/C1f0mrK5V+mr7w120fDu9M6Gp+Bu6bRpod9p9jPG
+aS6XE56lh7BXEIE3yVOzu3/2ktGc0Bj0km7ag0+mY5lMpfte7yFkeiBfbGSFFcs36WIMCyoW
+3AEuMto+S/WeOvYXQJTvnpEIhvq+Y6haM+zLdEOV+WxpUjbHKW/8VQNcH/ufvUfr50lHlQtO
+iSIJSeD1YR7xvy6Kcm6AWf9XOvl1MqNOX+ztKGLZTXPyzIEXYO3N69zbp8rFfgK98lQIVP20
+LQksF1RKmNFU4VFnCNLtbn5vP9ItgVkpZsuQOZURHnQn/t3rrwIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUsAzwTDD0BVgCSP0z5VKvS4Tj
+ZlIwDQYJKoZIhvcNAQEMBQADggIBAKqogI8OeKPgotTN5vWYejvqAAOwlw6TvFqo9iyMcoep
+sfx/c/1jcXilh1nPMOENELITWm2C9WrmgJ+gBQto5Edrx2rftv13MnLlGPoJ9KCTLF3SjHWF
+dmWQDAN5tzEjY614gwmGaITK//nPJpqSeefNS8XnYacXy/OpEpOTa6foL1OSxGBYsMwCURhb
+hY1iWWO2rbTemvsm9wAnwF1VN3SZyVB/41kuROMsJe7sTDJ3tJ8a6UtdIMXa/RyHFsZD6NS7
+JppFcF6pCzdT4kZ7J/3gRvKJt8xCtssoJm7Zpck6yEETYPdQjBWusm0aFRpXeOaSKtllkII/
+bAKvrhI6J5Y2BNcdooBjqZvx5bq0fBSwTsmxH3RfOPZR6pv6LKIR1KktJxpFsa+yTnENwFhG
+1mkGy1PLs/5rQc1Bfn1MD3xyeXpZzV5KDqybqZhzeXy09My5uAcMsnRcuMdviKGQp/Sq+b9n
+OvQaFWIet5++PbEpr2ehEvJYEBlTAzAbuBqJ9py9lwOOownzHYsh8bTf5BzRn2UCBupc1hOz
+hO+ipVyMdymnaMBrrkDSqLTqzfCNSzicGZobKFS4iZDvynWBPh7yZCTHGK9O/0eeB/Y1ZaTT
+Clb/9RdkbO+oIiVJk7bfABfaWH5d7sUbsNHRXyEQx/nzugIKJwfF8dbH0+D7CWBsAAAAAgAU
+dHJ1c3Rjb3Jyb290Y2VydGNhLTIAAAF8EFmtSAAFWC41MDkAAAYzMIIGLzCCBBegAwIBAgII
+JaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5h
+bWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMu
+IGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0G
+A1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzEx
+NzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h
+bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQL
+DB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJv
+b3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQ
+dsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5W
+oD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2
+YVpHI7TYabS3OtB0PAx1oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbI
+XvRR/u8OYzo7cbrPb1nKDOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFap
+RBF37120Hapeaz6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTC
+HWKF3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7
++ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4
+Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8bo
+Xg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh8N0JqSDIvgmk0H5Ew7IwSjiqqewY
+mgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5Yww
+YrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWy
+OrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89Ni
+qpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL/V9l
+FDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3S6xZ
+hBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw
+PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRiv
+h7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JML
+iI+h2IYURpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8
+hAs/hCBcNANExdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQgu
+LvqcAFLTxWYp5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/
+D1Fu1uwJAAAAAgANYW1hem9ucm9vdGNhMQAAAXwQWa1IAAVYLjUwOQAAA0UwggNBMIICKaAD
+AgECAhMGbJ/Pmb+MCjni8HiKQ+aWNlvKMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNVBAYTAlVT
+MQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDEwHhcNMTUwNTI2
+MDAwMDAwWhcNMzgwMTE3MDAwMDAwWjA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9u
+MRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAsniAccp41eNxr0eAUHR9btjXiHb0mWj3WCFg+XSEAS+sAi2G06BDek6ypNA2ugG+
+jdtIyAcXNkz07ogjxz7rN/W1GfhJaLDe17l2OB1hnqT+gjal5UpW5EXh+f20Fvp02pybNTkv
++rAgUAZsetCAsqb5r+xHGY9QOAfcooc5WPi61an5SGcwlu6UeF5viaNRwDCGZqFFZrpU66PD
+kflI3P/R6DAtfS10cDXXiCT3nsRZbrtzhxfyMkYouEP6tx2qyrTynyQOLUv3cVxeaf/qlQLL
+OIquUDhv2/stYhvFxx5U4XfgZ8gPnIcj1j9AIH8ggMSATD47JCaOBK5smsiqDQIDAQABo0Iw
+QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUhBjMhTTsvAyU
+lC4IWZzHshBOCggwDQYJKoZIhvcNAQELBQADggEBAJjyN1pBkKEaxXZRKCA2Iw6u5ii7qviU
+rkikMH8b/CSNS7TIoZf2tvF6cMhTk8wIKOOYJc8jpPneIdN8hQmtTpp1OsILaol4dkRHGGVs
+jUGOO3+ay/S1p1DXBSw36ANLrelhoAJu9fLwxbLtW7fc+pRcd54TpX9SrZXy+JM73otcW8pa
+UltgrxT3S++j+59AlW0xVPxC08dGHyOt2Q9IcJrZdXhx0XJDNHVuV1nCAlwmYCnPIxkWjohD
+pdTkywj7IxFD6EMpcmKhqV1eCNSQrrjYzhTC0FXyhvbEk0N3ZmHAuehB15d4YANuSnKupdF9
+uhCehmwbirlZM/jrxJC+8bkAAAACABR0cnVzdGNvcnJvb3RjZXJ0Y2EtMQAAAXwQWa1IAAVY
+LjUwOQAABDQwggQwMIIDGKADAgECAgkA2pvscfMDsBkwDQYJKoZIhvcNAQELBQAwgaQxCzAJ
+BgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYD
+VQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENl
+cnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMTAe
+Fw0xNjAyMDQxMjMyMTZaFw0yOTEyMzExNzIzMTZaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UE
+CAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lz
+dGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/jreV4sImEmszGcdAWAqrWaqNAKP8gMdQe47UICa6MhLYI1RJJRAi
+mJ1G0sHJnk4bLiwOOPMaJWgcploF5h6LSL+YlnQ+acrptXilBrzVAF4JCvInelL8LdWx6rSJ
+YSTzGhPbqc9S7Qwkurme7H4AdPqTrWwpkq5RtLvTV7+z86iNnPQkSyrWmZ70nv7AfkI65wuV
+U9q3aA6QTPtwP49KLJTzJt1jaamU2BBOxUcIkJkbF025bG7vYJURjiGAtb2gc9jQsnfERepa
+Jvtmdnb4Bh9hbQ9VxYO3EFZyBgel87EaAwVkDp1aitaGcBsk3v4oiivQarD8eqLcsnkOi2UP
+AgMBAAGjYzBhMB0GA1UdDgQWBBTua0k8ej8N47EJt4rIqxmfczNQ5zAfBgNVHSMEGDAWgBTu
+a0k8ej8N47EJt4rIqxmfczNQ5zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAQEAJRjUkY8T7o8eHRFT2i1EKRmgHmsxnk0Onq09XEFvlSskoXmY
+Ojg2+7tmnkj/kJDvPdS4m7SHdT8gm85yz6FVwU1kohkGoQczDAsp5fHqq6PstQp0kMd9cvLX
+XJ+R75GLt9ztZqLPjmY7vJ86AuAn3RaYwJXUCqTkgZp1lDWckF+INwatWZUKsNFn0xnKiecy
+WjYcPoKoWpO+xtBkkbbP2bYYz9t+0mWjpsSOFzHB+35229OF41iyd3p2O2wvUBzn2/ZneR/1
+gpWaB6cUr4/cKCFnCdLWTVocGRyOd1zDlCQ9MmtLftR4lIO+N03OX8ceTjzgiTOVCw+lMtY8
+WnksGQAAAAIAJHNzbC5jb21yb290Y2VydGlmaWNhdGlvbmF1dGhvcml0eWVjYwAAAXwQWa1I
+AAVYLjUwOQAAApEwggKNMIICFKADAgECAgh15t/LwWhbqDAKBggqhkjOPQQDAjB8MQswCQYD
+VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NT
+TCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IEVDQzAeFw0xNjAyMTIxODE0MDNaFw00MTAyMTIxODE0MDNaMHwxCzAJBgNVBAYT
+AlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENv
+cnBvcmF0aW9uMTEwLwYDVQQDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERW6pUMSmIzaeXyiNF8uWImQ/3HqOHcwI
+s6JxJLqOSbkEG0eWWKstlcjtngg1yCfriYxTWOtiiv7wWw9rMVJjQTuJzezsto0Z0zQH3LvG
+Bn/CRZXsy3+oI+AJ6YH680fTo2MwYTAdBgNVHQ4EFgQUgtGFczDnNQTTjgKS++Wk0cQh6M0w
+DwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSC0YVzMOc1BNOOApL75aTRxCHozTAOBgNV
+HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDZwAwZAIwb+frWRGkYM9hsJZ77QX5LxOR3O3l/FBr
+EUZGsxwhAGK7vsPn6M0HmfkNC11yPsSqAjAfvLoL4jAk+3xtgFUKmT6ADTPlZqOzo7ul1YuP
+CSymXX7i8AcIaG3SfGluX9/lamUAAAACACRzc2wuY29tcm9vdGNlcnRpZmljYXRpb25hdXRo
+b3JpdHlyc2EAAAF8EFmtSAAFWC41MDkAAAXhMIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJ
+KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdI
+b3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEy
+MTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0
+b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/CFp4LZsNW
+lJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI
+7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
+oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9
+aqkpk8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq
+/LrFYD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyA
+KoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijn
+ALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVp
+y8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpm
+pnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkH
+ovV6fVJTEpKV7jiAJQ2mWTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9
+UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7
+Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8e
+EdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgsPgoh
+yC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/q5R4ZJjT9ijd
+h9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0cuAjJ3dctpDqhiVAq+8z
+D8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxjMxW3IwiPxg+NQVrdjsW5
+j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7Ut
+gYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFO
+t3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6
+VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA
+8ShYIc2wBlX7Jz9TkHCpBB5XJ7kAAAACABpkLXRydXN0cm9vdGNsYXNzM2NhMmV2MjAwOQAA
+AXwQWa1IAAVYLjUwOQAABEcwggRDMIIDK6ADAgECAgMJg/QwDQYJKoZIhvcNAQELBQAwUDEL
+MAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEqMCgGA1UEAwwhRC1UUlVTVCBS
+b290IENsYXNzIDMgQ0EgMiBFViAyMDA5MB4XDTA5MTEwNTA4NTA0NloXDTI5MTEwNTA4NTA0
+NlowUDELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEqMCgGA1UEAwwhRC1U
+UlVTVCBSb290IENsYXNzIDMgQ0EgMiBFViAyMDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAmfGENHC6L7cwoI69fATPvmK8mf2Cl9J6CmeWOAn2EE6VInOZjdoVLecF/Blz
+IreOmAC8PD2soWz71nklS63wzGTaiD4puA8J0zTdM/Vi0eHNGenuGE9MWK7iHtYMWxVa2Dq4
+xBhkHuMzsrWJd04Mv9mUaxOXbxKj/pmpBMwV7GBoNu0Ie7f1v5PtZjGDjMZxNIdOF+qvi5GN
+HFZBriI3XjfyHdnRLQ0vaVGnvmamijoqvccaseEU8L46HbnPW7Fq/rSxRiCi+x47cO+TmH2M
+c5byxe+FcK0pJvweBD4coNgPy1KDYnzui1OVkKlXouphBdj5TcQn+m6t7fnXUfdrpQIDAQAB
+o4IBJDCCASAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU05SKTGITKhkuzK9yin0215oc
+3GcwDgYDVR0PAQH/BAQDAgEGMIHdBgNVHR8EgdUwgdIwgYeggYSggYGGf2xkYXA6Ly9kaXJl
+Y3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3QlMjBDbGFzcyUyMDMlMjBDQSUy
+MDIlMjBFViUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2Nh
+dGlvbmxpc3QwRqBEoEKGQGh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9v
+dF9jbGFzc18zX2NhXzJfZXZfMjAwOS5jcmwwDQYJKoZIhvcNAQELBQADggEBADTte1o8pJSI
+7xoRdQcvs/48+h5RJuuH9ine4PHUxiQJ6cHPVRu0MNnOGv4GUaYVpC3vsku/ICglSdGmNnc0
+6GTfUrERx3N6zTmewq2McSHyWmuv3zxOVa+yhGUUibl3yyoxvs+jbc9vSJQyRm/ncYygpoQZ
+NwfyA0UJK4Z1fN9faVcA227YpnIiS1DUdZhW37cY/0NDUK56RHvweVHXQz2n04HT8MlPudrG
+l4bQgsPkQm3+sOJkTg4m50A0JrUIidcIY2M4J3UeM+puqN2fmU90TYGJgEvdmpcpXC++gUG5
+jP/qfWAGns3XPdMuoxW8qOYm5W/D3LgDIeqfFvEsVLUAAAACACRuZXR3b3Jrc29sdXRpb25z
+Y2VydGlmaWNhdGVhdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAPqMIID5jCCAs6gAwIBAgIQ
+V8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEhMB8GA1UE
+ChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9u
+cyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5
+WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAw
+LgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7ME
+L7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6
+UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4
+Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLR
+fbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7
+azCPL0YCorEMIuDTAgMBAAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadM
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0
+dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRo
+b3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZ
+ZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKA
+v6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH/nxxH2szJGoeBfcFaMBq
+EssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3HtvwKeI8lN3s2Berq4o2jUsbzRF0ybh
+3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe
+2MPr+8ukYEywVaCge1eyAAAAAgAVYWZmaXJtdHJ1c3RuZXR3b3JraW5nAAABfBBZrUgABVgu
+NTA5AAADUDCCA0wwggI0oAMCAQICCHxPBDkc1JktMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0
+d29ya2luZzAeFw0xMDAxMjkxNDA4MjRaFw0zMDEyMzExNDA4MjRaMEQxCzAJBgNVBAYTAlVT
+MRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2lu
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSEzDMXLmuUbGthUqDro895lEzl
+lICZy1VkRGWPZ2TiBuNcN0n2L5uEhB4t8mCdME7MhIXiLM8env42qzN3NUTYNZYaPTboeg7Y
+1UehammL2fy7Oq55WtX01nG7mpAja5q3iHSHDB5fuZ4t+qtTK9y7dj6TTAgIjB6iIxzUaq0i
+upkBLm1ly74kZlUkS0BEsRvX4cKFwN4QPz3tuPzx8SNT3L9ll2/Z+UBxjX29ldTOvqBeJyPe
+/abQJg4AKes8RvA9YL8/UNLcJkFRnhQ3QgSjcFeoG4ftLfp77owK46lmiRnLQfndRDZhz+J3
+Rsh99vSSgTb92zTxcn7zDBa9tBUCAwEAAaNCMEAwHQYDVR0OBBYEFAcf0uec2sJuokC0sHpQ
+EFB0xMi9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA
+A4IBAQCJV7IWeqjC/dbZm5s0wpy0MhRNp6Tf7L6nvvhD25E3zrQyLlBVGjVOdkNxIO+Td04V
+cC6Hw8EdbdzLtSfULFbRUlM6RNJzyMQbBWVaYpKc7kGNMdvnNOpZIdUBetdkuGQ5zcntr+1L
+A0inoJkBgNxlozauZVlIT4JLyGXxVx3lWS4KP2zY0fXlCbRsVAAK4BVNh3Vtt1iWWt1t0gCg
+9JtIvsM3pLo24HyHhZcaFaLeLqJbva8Y+ZBQzXBZ+CdnR8vHoAc6fdEsXWwZOma1ff2Rb4Kx
+vgiT2xRH8aI3x0WePMd3r2Sok9/2aYOCYPJJQjTtWgBUhRwWNpIMXPqmrb/bAAAAAgATZ2xv
+YmFsc2lnbnJvb3RjYS1yNgAAAXwQWa1IAAVYLjUwOQAABYcwggWDMIIDa6ADAgECAg5F5rsD
+gzPDhWVI5v9FUTANBgkqhkiG9w0BAQwFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3Qg
+Q0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0x
+NDEyMTAwMDAwMDBaFw0zNDEyMTAwMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v
+dCBDQSAtIFI2MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlQfoc8pm+ewUyns89w0I8bRFCyyCtEjG
+61s8roO4QZIzFKRvf+kqzMawiGvFtonRxrL/FM5RFCHsSt0bWsbWh+5NOhUG7WRmC5KAykTe
+c5RO86eJf094YwjIElBtQmYvTbl5KE1SGooagLcZgQ5+xIq8ZEwhHENo1z08isWyZtWQmrcx
+BsW+4m0yBqYe+bnrqqO4v76CY1DQ8BiJ3+QPefXqoh8q0nAue+e8k7ttU+JIfIwQBzj/ZrJ3
+YX7g6ow8qrSk9vOVShIHbf2MsonP0KBhd8hYdLDUIzr3XTrKotudCd5dRC2Q8YHNV5L6frxQ
+BGM032uTGL5rNrI55KwkNrfw77YcE1eTtt6y+OKFt3OiuDWqRfLgnTahb1SK8XJWbi6IxVFC
+RBWU7qPFOJabTk5aC0fzBjZJdzC8cTflpuwhCHX85mEWP3fV2ZGXhAps1AJNdMAU7f05+4Py
+XhShBLAL6f7uj+FuC7IIs2FmCWqxBjplllnA8DX9ydoojRoRh3CBCqiadR2eOoYFAJ7bgNYl
++dwFnidZTHY5W+r5paHYgw/R/98wEfmFzzNI9cptZBQselhP00sIScWVZBpjDnk99bOMylit
+nEJFeW4OhxlcVLFltr+Mm9wT6Q1vuC7cZ27JixG1hBSKABlwg3mRl5HUGie/Nx4yB9gUYzwo
+TK8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH8H/IZ1Og
+MA0GCSqGSIb3DQEBDAUAA4ICAQCDJe3o0f2VUs2ewASgkWnmXNCE3tytok/oR3jWZZipW6g8
+h3wCitFutxZz5l/AVJjVdL7BzeIRka0jGD3d4XJElrSVXsB7jpl4FkMTVlezorM7tXfcQHKs
+o+ubNT6xCCGh58RDN3kyvrXnnCxMvEMpmY4w06wh4OMd+tgHM3ZUACIquU0gLnBo2uVT/INc
+053y/0QMRGby0uO9RgAabQK6JV2NoTFR3VRGHE3bmZbvGhwEXKYV73jgef5d2z6qTFX9mhWp
+b+Gm+99wMOnD7kJG7cKTBYn6fWN7P9BxgXwA6JiuDng0wyX7rwqfIGvdOxOPEoziQRpIenOg
+d2nHtlx/gsge/lgbKCuobK1ebcAF0nu364D+JTf+AptorEJdw+71zNzwUHXSNmmc5nsE324G
+abbeCglIWYfrexRgemSqaUPvkcdM7BjdbO9TLYyZ4V7ycj7PVMi9Z+ykD0xF/9O5MCMHTI8Q
+v4aW2ZlatJlXHKTMuxWJU7osBQ/kxJ4ZsRg01Uyduu33H68klQR4qAO77oHl2l98i0qhkHQl
+p7M+S8gsVr3HyO844lyS8Hn3nIS6dC1hASB+ftHyTwdZX4stQ1LrRgyU4fVmR3l31VRbH60k
+N8tFWk6gREjI2LCZxRWECfbWSUnAZbjmGnFuoKjxguhFPmzWAtcKZ4MFWsmkEAAAAAIAFmds
+b2JhbHNpZ25lY2Nyb290Y2EtcjUAAAF8EFmtSAAFWC41MDkAAAIiMIICHjCCAaSgAwIBAgIR
+YFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBF
+Q0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxT
+aWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFs
+U2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpH
+bG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
+SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvR
+nkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIx
+AOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1
+j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3AAAAAgAWZ2xv
+YmFsc2lnbmVjY3Jvb3RjYS1yNAAAAXwQWa1IAAVYLjUwOQAAAeUwggHhMIIBh6ADAgECAhEq
+OKQclgoE3kKyKKUL6DSYAjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVD
+QyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNp
+Z24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxT
+aWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5
+BwkWymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74z
+yTyjhNUwCgYIKoZIzj0EAwIDSAAwRQIhANySoaATps8DsObEIZeQ+hRXLQPs7jzTbsqobHa8
+ot67AiAnqIUnNZtWxqPyR9K3bhsCABeqZ6YVkd76lOx7C/ifhAAAAAIADXN6YWZpcnJvb3Rj
+YTIAAAF8EFmtSAAFWC41MDkAAAN2MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk
+1uQwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpi
+YSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEw
+MTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFq
+b3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIgUk9PVCBDQTIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvNQLXOYeeWyrSh2gwisPq1
+e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/
+ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05
+YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHM
+yAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRn
+vDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
+AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/
+cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1
+zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrV
+FdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrK
+jSoS75ftwjCkySp6+/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztwAAAAIAE2dsb2Jh
+bHNpZ25yb290Y2EtcjMAAAF8EFmtSAAFWC41MDkAAANjMIIDXzCCAkegAwIBAgILBAAAAAAB
+IVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0g
+UjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4
+MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0Eg
+LSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJD
+x7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpi
+Lx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
+rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSS
+aGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPa
+bumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvA
+UKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s
+bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBd
+RoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQit
+Chws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlh
+LxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fAAAAAgATZ2xvYmFsc2lnbnJv
+b3RjYS1yMgAAAXwQWa1IAAVYLjUwOQAAA74wggO6MIICoqADAgECAgsEAAAAAAEPhibmDTAN
+BgkqhkiG9w0BAQUFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0wNjEyMTUwODAwMDBa
+Fw0yMTEyMTUwODAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMw
+EQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4hVJsL03+EcPoSs8u/h1/Gf4bTsjBc
+1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtKpspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoH
+L7Qed7+KD7UCfBuWuMW5Oiy81hK561l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN
+8LgtyyHK1WxbfeGgKYSh+dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2
+G/YZeoXgbfJhE4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLK
+A8KbjwIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSb4gdXZxwewGoG3lm0mi3f3BmGLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3Js
+Lmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjIuY3JsMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSa
+Ld/cGYYuMA0GCSqGSIb3DQEBBQUAA4IBAQCZgVOHHGiXhpHs4Eq4RAurgawnT9bBuBxDeLMM
+mvzqLDxuYRtNSyn1nwUdJsG46YMAYkW2qQiTuakzSxiawviHiE7b3XE0GsFU2kY/4NMqq21U
+IvU6Ys0gb7opidfdke7TXKI+oVtB9d/lZEMt6dU5q9Ki37eL0MCAGRxFwC2M6PgtpHRWScUF
+tU8V3m5EeDmHqH6783kYkbv0b53B8Iw1jF0B+8Ntue9EbXlGMX4K/qmCwf/vq24gxFDJX51N
+mxeMDOUByaBBanNT+qVQtG4lD/tMGPT9UtmOabHoEQ/eiNj7HUn3qt6VzyB4wmAS2yVAjGr8
+fkI4QGQS956B4ZMuAAAAAgAKb25hcHRlc3RjYQAAAXw8eG62AAVYLjUwOQAABUIwggU+MIID
+JqADAgECAgkAnq7twKfOtZ0wDQYJKoZIhvcNAQELBQAwLDEOMAwGA1UECwwFT1NBQUYxDTAL
+BgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMB4XDTE4MDQwNTE0MTUyOFoXDTM4MDMzMTE0MTUy
+OFowLDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwDmmSBGzs2EYbh7Dkmi6HJhqSBhTIVobXbX7
++HyptJ23SFVC/nr4QDjVirtcaJ7tFgNAr02YAUXeCu4T7pfvC8mIKGn4LJ3uwUydvrm5aHER
+3FZMzYEkWuB/NScfxkLGBoKjdcfg/OUpHLYtBAkQkQLCX9FmZEJeKMy3l72Hxehlj98qQpxl
+lSxY0IylOjbrrCO8D0xcuZ2BF5GPT6+sKOs2rL6G3AkPO2iIdaJg+pPqjwS8ZyCM2qOVnHs1
+Q1/wx8sMHKooXr7BFse/UYqOff9WKN3jkW/yuLJFhE6IVqe9tXqMh8GS/w9lteDZUNaxiyCn
+w0C8zEr6JXxw74KTeUEjYY49lsISqk9VNhstTPqxzMCUJfBCg/MMhljBhrd5H+BgtjWA/aIR
+Uc5FqDdss9qn1lfkTwNmTNM1OOi+8uTwpoKZ9xpQwmwG0N0ClxSK3PXRydHJlzWxfeATV/cO
+nNAzq30Lmw5XJGENxKsqqrBv2bRKzThcBL0Wyow/dRZhDKoNdLGVQBhpfz3a7yZXWHGe3aCN
+vbZGWhcwzpOi8zexKslLTAf6XWfOd3poVd+1L8bhlUhVn8t9PWKzhK2jI9ZkLDDCXLXPyolD
+/OGKnk2BlPFDDiaLvDDfkNg90BA4KhqN9K8WOqyVD9w9GL8xEK7Tv2F5Vvl9CefNW2ekVBEC
+AwEAAaNjMGEwHQYDVR0OBBYEFFNVM/JL69BRscF4msEoMXvv6u1JMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBCwUAA4ICAQA/H8hor3ifTbA/GmdhPL4tUsjHB2r+RrA13ohuIzMvzvOY0wOY
+dwZt+hEKPw6SG6CBf0vHX8KSGleKa5ixk4VCLluWv+76/iYhuyBuaL3uP5xQcM/TMvJy9K/E
+oe3LnUvCZpf1rjCQmXnMFTg7Wx38f21ZwSbAnf2W0qgEoHFz3hlzeIybnK1FYaP7SsrMsMBc
+RamhnlsTk8slq4DpQMLEMt+zcXCFtLu4OCDFi9+PJIXkUI0RP3ign6byztV4e+hryI8Yq9es
+ip13tcMeeokmVUqvub1LR8xvIQHxyLZG05cO33eJ9jW6GgS0TKSfh2oFKnx7O80yfChd1g8O
+9N324IAV5YUtWt4EBbF3bmE+wFORkDmGlr+sD6Yq/oB/hUFWJivxzPh1kKwUKG6KhV5t72KC
+Gt+MH/+op6kWM8ULKPMo3W7Qkqb/bH85GrGRM40byne4PCgg7KKZRxO1My/jZt9gPzxEpqSp
+IVcT0b5nQuVooAGp+Mrj2j+2wCn5zkug2ViWUqGd607dAB2tofB2YLfoGGiCHNHWOlfvnUBx
+mfZUfdDhcrKnTVwk0Ikiu5r4D5vHrOHdHJbrMgiRtEJsRP5QP7iavxYhxITea1FlWWeFQM7j
+P3/9YoxXPBL1GHz+S6zOsYUjUpCjNcIcutx7dg/pFhl8553v0tdpHBd1hgAAAAIAD2Vtc2ln
+bnJvb3RjYS1jMQAAAXwQWa1IAAVYLjUwOQAAA3cwggNzMIICW6ADAgECAgsArs8AusTPMvhD
+sjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEU
+MBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290IENBIC0gQzEwHhcN
+MTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMK
+ZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290
+IENBIC0gQzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP66m58ZkFzNgoIUrz
+czRRhFYQ9aBPLBLj+hOaJ9DP+XkadF8deTn8W/hwjuCSUvfkJflUg9kd08hahT9ex7YH7j7A
+zpqvrFZCKjklcNa/tXs2raz2c9zN1x2Kg6X7K5AVN2scJkfcOylWk2qzwWo6nT31wZc4WAWL
+HBHj5LS4XYUdg/54XwtFaBhIpUZzNDv+D8h2u8cY8wXRhvOF7ee52TKtVYjOpraRsE+sfhUj
+lvY/8CA0Ft4KxsQERXl/p/2+0qmlr5zFIyr3PCFsva+PTsU6svM0EvzfgBpJpNSplfeeiV6i
+iayUy6hom6+KZSfNie7djLVrKXBDoGkL5LkPAgMBAAGjQjBAMB0GA1UdDgQWBBT+oeBwHioD
+OVJaQr5ckYV6GKpNtTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAwkpW+hUheyii6eUd+/gtxDmWQUw7JyzEbBgVgMasr0dZLyYL4zaw7zv+
+Q5dJMpkSFVvfESn/q1P4u8F4D6ycU69XvWiMPWkz8KOgI2M7ZGciRK3VcctWKniSo08SMTY2
+4t7+AMSjYA8nraCwirU2elKhvSf0ICdi6E2UJBPkCgTpPKsuyEMJSsZhBOVJNH7TxMj1D8Cq
+6bpUXvNjK09PUNT+uXuZjD3ALrwCK9PEQOSKBzEem84mmRP7EeqaIgwRGcdeG4FQMMiWEm7n
+y0F/kTuiR7dUgBvcAMyakOrDw1AGYgwwwBVIp6hZfOGuIqLiCnoP+mKrUkzh8d/KvoMNQgAA
+AAIAEmVtc2lnbmVjY3Jvb3RjYS1jMwAAAXwQWa1IAAVYLjUwOQAAAi8wggIrMIIBsaADAgEC
+Agp7cbaCVrgSfJyoMAoGCCqGSM49BAMDMFoxCzAJBgNVBAYTAlVTMRMwEQYDVQQLEwplbVNp
+Z24gUEtJMRQwEgYDVQQKEwtlTXVkaHJhIEluYzEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290
+IENBIC0gQzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBaMQswCQYDVQQGEwJV
+UzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMT
+F2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/aVhrnsm
+EB3ptyIwrgb0gbOxQnGVObzTUuOvr/nylzWSNkYOh5WNuTla6bvf0P7IB0E8u1Vvg6Nq+2Kw
+gYkCcH1IxUrj6SJUIk2Tu0IMr3ecI6Z912ERzmXH+H/+9fKpo0IwQDAdBgNVHQ4EFgQU+1pI
+0IAgQPKo6QAHaRl3p+bD9M8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI
+KoZIzj0EAwMDaAAwZQIxALTYLwKJ/bZMYrpDThOEcrWu3Rze1rXcVo9YQFot3iBMIoPKk6h+
+7hJAx9aHT/jfhQIwHBRk5HyWgxGcsNFaYUumD0nTAPyh/OSl/3+t1zDQx3d/voEHVTBQIBT1
+VzgKqDFRAAAAAgAPZ2xvYmFsdHJ1c3QyMDIwAAABfBBZrUgABVguNTA5AAAFhjCCBYIwggNq
+oAMCAQICC1pLvVr7T4pb+mXlMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkFUMSMwIQYD
+VQQKExplLWNvbW1lcmNlIG1vbml0b3JpbmcgR21iSDEZMBcGA1UEAxMQR0xPQkFMVFJVU1Qg
+MjAyMDAeFw0yMDAyMTAwMDAwMDBaFw00MDA2MTAwMDAwMDBaME0xCzAJBgNVBAYTAkFUMSMw
+IQYDVQQKExplLWNvbW1lcmNlIG1vbml0b3JpbmcgR21iSDEZMBcGA1UEAxMQR0xPQkFMVFJV
+U1QgMjAyMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK4uVq0bHO/2lY+gdxsr
+02OPhE1Fog+fW0WrWXtRNPnsi4p4xd1rr73E35NFHr+ROAuuDhbnQXP427vRuFHgy4M7czhu
+d4oPWWMmzacqzlT7uOLAfEfOYHw/snPywBm2ipKHNQ2QKKLkFQRjPrqv7nxezKaLULI490Fj
+ys7/aY9oDpU25cy5jAnKS90xkJbIzB/9VpY0244c6iy+hS5j3aqpldP9KZUT8MiYk9ktFkeQ
+EYOiOiKiKFei6/7AjCigpn3nKkI7goBjpWMfGcx8smaowtNtN2/ifgZR2UWEHxLOJFJkhQtI
+gE6HsSIiMKrrrr7gAuBA6LBCgANRqrR+qkTXQ2HzomsWiUmko6QrigLEePRoisHkejaxbxuW
+G3dJjdTJBnKPz1Pj3BeFIErcmCfTkSYrRx5pB6/eouTk1GsLs1581CSARylpO27orP1A69jt
+cXEr8uhYHetBlyLFH9Q50CePh+MY9OCpRg31dDqCLtBuLJGjMVw7Rup7BBBWXoAd9aVl6IL8
+4geMYkX1IN5GcIahvJPTHnSmbLAs9wMMiAzL1HJThrxgRvOYasLxv0P5cCB3yjdBeVVSY41b
+Ep/FaMSInazyMKu3ozGXZ62PFw9sx3PtJJRryIOa0Jo3SQSrsRbIbElJLauh0IyS8kFKeSEl
+22PXtpynfkJp+zpjAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MB0GA1UdDgQWBBTcLh/RYTd55KvV1bMScWg9amicIjAfBgNVHSMEGDAWgBTcLh/RYTd55KvV
+1bMScWg9amicIjANBgkqhkiG9w0BAQsFAAOCAgEAkfBCAmhA7sNowFQv3+xiw8OeiqAxKKqD
+jqRWlhIQhla6l3LSVDB8rRnVHWhv+xRC2I0O87XRpeMCQl7c6EZYBzUCMOC8dErBQyr/2xrQ
+sK9sw/3Ls/V/bQMuWVadLS01jLLWQxcskgrLXeiMD0twQ9CC/6jMv6SUwL6HvYrjk3vGj5sW
+nSdlvHrFQoJsXAfQqcGIYETpmIUWX/iPygEQziXD+WAboMWXw9MsiDGivTDs0NDAEvHBOePl
+9fjWSt00zftvwU/jAItW4pL3KLJCd3IjZ8c/ERWyxAMFvrsRewq/qG7n/1hDz5tnoIAHth3K
+rW3qQRF+LXST+8K8vlFExe9oJSeA48ig1BLs2aU3HTd8tJHK2tSxloHvaFx2EEmvfqU3gLEc
+Ur0zgUyP+d1l2RTNiiVY9OLFg6UJkNRsFGO1QN/rwPzEWH4NFBaHVCduVuRwhLhsMhJ+gjFD
+vtfdfKGtrtarIBLvCsMQjEmWNdwLdV6xT9VPNA4RIAd1Q0XpoxHarKOZwrZ5J+K578ji9jUp
+enT6xX+CBWKmCuposnlHBm7yV6gVM8b3eEo9Qntrfv73RurR647viGhb6MHZcX79ZO//Z0eI
+WCUvPoYHvfuo5YKorKXTaUPNMYhJhFOSwLE5GzmDATDE8qn60AO9cjdgVh82fL05kfVtDb97
+15IAAAACABNidXlwYXNzY2xhc3Mzcm9vdGNhAAABfBBZrUgABVguNTA5AAAFXTCCBVkwggNB
+oAMCAQICAQIwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBh
+c3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTAeFw0x
+MDEwMjYwODI4NThaFw00MDEwMjYwODI4NThaME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRC
+dXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAzIFJvb3QgQ0Ew
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCl2gqVFlDjlfJenXYxBjJ6m/EQdrgA
+mrVSNs0kR7CfGGS8mvb61XnYkGJMIi/eOD3W4KjpHCzbeBHpjmhRFXLH8zOH5KBdC1zgVwcq
+MPXNxDd3KE0Ykea/1VL9cS1wPufGxIrj8CgL9HaYoYuHVbI6E/y3Pic3jiLjqE8q72C7Pbc5
+ww4BR5ldEk/bQ/pXoe35nb4RRyZbE5irXRaKsDccV51F/4iWNr+7ygd7b4dj19AyatZdbAzx
+s2454msxLjkAJxTeOMDsGWaGEuidchYTZFLHqTcc/YIw7YQYHfSuXP9wEwDrsfUzekvWVfgF
+jUtpsPWzKDZcFMRRc01rC/E0B9sXOdfcKHtr9Z/zLsFPFyoQ88zK6Ov9a6sump8tgm4E1FIB
+ky09hvx+/N/vQh2ma++5IMb3vaCnlf2n5okk2MyMNGziIy/ZEhohuVWRbwuReRkMrUCIC3Di
+etIO2GhIu4ITORBY6dgqB8YS21jb0jtVEEcFFWdifhhjpkY/CQ5UMl6/DWJ6J++A6NvZSwZa
+N1ol0AgSd9RvCVCXPcgdw9+MRTBWxtNkq2bzwF6WnMPE78N8a4s6eX+zSc894omfoDBLhbmc
+lCR5j31rqUVoDyvQ8docy2m4yklibcjQY2LdYA9Yqo+hvAWlZqLPG3ayhGSxTDlSwDC68IxL
+ArC2twIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHuM3/5W/u+LLsL04O
++SWwjjxrwzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAAgI0E1BJDCQGJg
+7+I1TNc/rOI0kLihb3b6FhakSDcs6ZDC8jz4Cp/YgeW7W9olLKSnVXEkMvbIC/K8aviTrLIH
+wl+f28zIiqq+am/hSRDMMdeAu7vI2KIOZFfqovXCqTEV0iBq7PwiASjPhriAHqnMEaU88haz
+R5380oAhxMvQR3BBocqDGQgsbfJdd5yKFBPUNhyS8OUGN9ym5pCbOI9caxtGhkNCXz4BB1NU
+XWV994pzoZpUWh8pQxQnwoUPtYh7GjuUtx1gp7Wc5ylpV1qbk3pDMBsD12LIQKaq/GTkSteR
+UwGoIIhunF9EuctggTTsb9N92khf67SQvC2pHAusHNWiaCCABNb8sY8vu0oxDUqGHOviNikm
+9drYxPJ1Yc9+rnZjSnpAZZOH+B6AjIblhtaPDvxTLGDoFmEaoj5De805YFRq9fKJJgFog0ii
+M+jJBJGyETQRPurQQxkfA5OQDP9RPVf0QW7hy6C+68ljzW3M5Pg2qmid7b1dl3BEDbYONdzh
+DF27oFGUy34W6xEvo5JFyExx2bzJmVJXRi9Qz701afQ9Fc4GpSwPPvaBupS7w7u/ZXjShnn/
+STsagwzw3njsyPJNTBregin4wVra7e7mJ17oRdCdHFGoaKtE49CLauP4O7vcTddk8lG+5qqr
+Wukx7ga8c78TYgqfx7mXAAAAAgAfY29tb2RvcnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eQAA
+AXwQWa1IAAVYLjUwOQAABdwwggXYMIIDwKADAgECAhBMqvnK22Nv4B/3TthbA4adMA0GCSqG
+SIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
+MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UE
+AxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAxMTkwMDAwMDBa
+Fw0zODAxMTgyMzU5NTlaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5j
+aGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEr
+MCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoq
+Eo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu/xGXx/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ
+1+z9DfqcbPrfsIL0FH75vsSmL09/mX+1/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTa
+Q2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg/DKWUSe8Z8PKLrZr6kbHxyCgsR9l
+3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNX
+QTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q/0lYvvCo//S4rek3+7q49As6
++ehDQh6J2ITLE/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206Li
+W7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF/cNDDoqosIapHziic
+BkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3
+MVw6akfgw3lZ1iAar/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGj
+QjBAMB0GA1UdDgQWBBS7r34CPfqm8TyEjq3uOJjs2TIy1DAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEACvHVRoS3rlG7bLJNQRQAk0ycy+XA
+VM+gJY4C+f2wog31IJg8Ey2sVqKw1n4Rkukuup4umnKxvRlEbGE1opq0FhJpWozh1z6kGugv
+A/SuYR0QGyqki3rF/gWm4cDWyP6ero8ruj2Z+NhzCVhGbqac9Ncn05XaN4NyHNNz4KJHmQM4
+XdVJeQApHMfsmyAcByRpV3iyOfw6hKC1nHyNvy6TYie3OdoXGK69PAlo/4SbPNXWCwPjV54U
+99HrT8i9hyO3tklDeYVcuuuSC6HG6GioTBaxGpkK6FMskruhCRh1DGWoe8sjtxrCKIXDG//Q
+K2LvpHsJkZhnjBQBzWgGamMhdQOAiIpugcaF8qmkLef0pSQQR4PKzfSNeVixBpvnGirZnQHX
+lH3tA0rK8NvoqQE+9VaZyR6OST275Qm54E9Jkj0WgkDMzFnG5jrtEi5pPGyVsf2qHXt/hr4e
+DjJG+/sTj3V/TItLRmP+ADRAcMHDuaHdpnDiBLNBvOmAkepknHrhIgOpnG5vDmVPbIeHXvNu
+oPl1pZtA6FOyJ51KucB3IY3/h/LevIzvF9+3SQvR8m4wCxoOTnbtEfz16Vayfb/HbQqTjKXQ
+wLYdvjpOlKLXbmwLwop8+iDzxOTlzQ2oy5GSsXyF7LUUaWYOgufNzsgtplF/IcE1U4UGSl2f
+rbsbX3QAAAACAA5jZXJ0dW1lYy0zODRjYQAAAXwQWa1IAAVYLjUwOQAAAmkwggJlMIIB66AD
+AgECAhB4jydcgRJSIKUE0C3dunP0MAoGCCqGSM49BAMDMHQxCzAJBgNVBAYTAlBMMSEwHwYD
+VQQKExhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTEZMBcGA1UEAxMQQ2VydHVtIEVDLTM4NCBDQTAeFw0xODAzMjYw
+NzI0NTRaFw00MzAzMjYwNzI0NTRaMHQxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28g
+RGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eTEZMBcGA1UEAxMQQ2VydHVtIEVDLTM4NCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BMQojqsYW2q+bmQ3Y+TN7Ks698yhuA6CSdeGKZ+hlPLjYHiYgXgGTfLsmg5XYIOftOYXLxqz
+XQJbiSM8whEFKqeIExjzUITXvTQsJ4lV/85M59+mHyjE8FTDuXy3U63rwqNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUjQZmdCR2OvOJ97zWvUd9L7wQX0swDgYDVR0PAQH/BAQD
+AgEGMAoGCCqGSM49BAMDA2gAMGUCMANVLabmGMR878lQbsEnD5yHr27VGwgYvZIpwe+UkXjS
+OhxViWLlGwkeumRr8Xa01AIxALRChJn/q+ee+5GXJ13csFswcc5eOBpq2SXn6vdhklb46to2
+wodlli5yJS9/38MTyQAAAAIAHHNlY3VyaXR5Y29tbXVuaWNhdGlvbnJvb3RjYTIAAAF8EFmt
+SAAFWC41MDkAAAN7MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQG
+EwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUy
+OTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMg
+Q08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2
+l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq
+1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjr
+appdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVK
+kaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
+awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5csOPEK7DzP
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBM
+OqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEju/Ykn8sX
+/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+
+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
+tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0
+eg29mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03AAAAAgARc3RhcmZpZWxk
+Y2xhc3MyY2EAAAF8EFmtSAAFWC41MDkAAAQTMIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0B
+AQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywg
+SW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMG
+A1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxk
+IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IB
+DQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E
+8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH
+838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZ
+GD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
+F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgED
+o4HFMIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/
+X7fRzt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJm
+aWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhi
+v45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsg
+Gh1o+Re49L2L7ShZ3U0WixeDyLJlxy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMt
+lb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNzi
+PTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5QAAAACABthY3Rh
+bGlzYXV0aGVudGljYXRpb25yb290Y2EAAAF8EFmtSAAFWC41MDkAAAW/MIIFuzCCA6OgAwIB
+AgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1p
+bGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0
+YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjEx
+MjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
+IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBS
+b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv
+UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx
+4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZU
+j5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekci
+RDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmS
+Bp+Z07/T6k9QnBn+locePGX2oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqE
+guNTVHnd25zS8gebLra8Pu2Fbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeIC
+rHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1
+fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn
+fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7jPKxwV2d
+pAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7YnzezhwlMkCAjbQMA8G
+A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwDgYDVR0P
+AQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyIWOYdiPcUZEim2FgKDk8T
+Nd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lS
+cWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a
+2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANA
+TIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX
+X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
+2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0
+Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+k
+QSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2
+sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXh
+lgAAAAIAJXRydXN0d2F2ZWdsb2JhbGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAF
+WC41MDkAAAXeMIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGI
+MQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAf
+BgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEds
+b2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMx
+OTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0No
+aWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1
+c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+C
+Y66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzD
+Bcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz81Ws2
+5kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW80OzfpgZdNmc
+c9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+OsIgbrv4Fo7NDKm0
+G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40Cz7PFNm73bZQ
+mq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49
+DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9ja
+JXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj
+ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB
+/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm
++J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEb
+K9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCq
+RieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtK
+YdkNy1GTKv0WBpanI5ojSP5RvbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90
+lZvkWx3SD92YHJtZuSPTMaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrq
+l5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDF
+QdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jC
+J3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mc
+gn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTKyeC2nOnOcXHebD8WpHkA
+AAACAApjZmNhZXZyb290AAABfBBZrUgABVguNTA5AAAFkTCCBY0wggN1oAMCAQICBBhKzNYw
+DQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFuY2lh
+bCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEVMBMGA1UEAwwMQ0ZDQSBFViBST09UMB4XDTEy
+MDgwODAzMDcwMVoXDTI5MTIzMTAzMDcwMVowVjELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0No
+aW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEVMBMGA1UEAwwMQ0ZDQSBF
+ViBST09UMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA111rzRA/HwVZ1QVNN7EO
+7JgrjhUd+pNLF4IhcRBS11FkcBbCVWlNjhVtn78MG8Lgo2fWDKzPIq6vd1QqS0yKU1J6w+4u
+3rNxJcHpXT3uoS+j9yo8ySMdaqsdoafx8+yg1UTPFc9yLx1jl+iZ+f2TpFSATFLUUqsuSd+Q
+zbhfvj/eocpNINQl6IQpU7exiB//+tqQnwqpLUE/sfEYKe4WWSw0SRqoBteoiNIDcnoy4upo
+TW4slmV7yln68uLd7jAs+8xGrMRj629/Nis0cxKUf9/MJp7xcl1QZVmPabOHXjJvwxiKtZWP
+sHo33lpFO8c24e9n0TnTl1tzYhlILYccBvt0mCBJc/AF0huxoKO3G3DTiGm5WtY49GLcJYt4
+v/jofrhcyZVPX6ctuSBrz2vd9Q30grf0smYuECj2l1p7lhaPARktbG5/OVgGZIMBg4PDTZLd
+MsaHpDfpFs6qLWivCoFlOnDBm61NbVTKKi1LhRuzgOZwRQ1rXjXwfzu4nOQEcIkSJZPaCpki
+YGpjYE52BphOvYOtHViKJYXSx2UeLY7G37bG4X+KBCEVKXTwPpyQnQwu8Yo+WqoMCR7H1Tyj
+7ZfDHjT6OPkIDuPAXSuD0VZqybaoVFMueDJnPYJ/dND74bYFYLlw244L+RNYb3FgEFIQucFB
+Ce9yH2cxeP+WBY0CAwEAAaNjMGEwHwYDVR0jBBgwFoAU4/4t/SjQC7W6tqLEvwaqBYyT+y8w
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOP+Lf0o0Au1urai
+xL8GqgWMk/svMA0GCSqGSIb3DQEBCwUAA4ICAQAlxrpr64fL3oI5lj3wRKdrhHMD3p0rT7og
+f7x4ss+XsBuc89d5LvVIttL7F4jm03o/7VMT0OIvannLACMo5h43VzWJhMJ2TzQ2rWfDzkEG
+iMX37tgauNYLf1D/k6oXS4zs7VJgsqQG6k7r9GsZ/ev1GuAlKprcx0E298h0BYQ5lTnWCzuk
+J/oI2Fwe+ARgUhEoKAP/71NmAKVKNBZmfP0JpK6eZxpvQQtrBhObj4ZxBbQvjYlmMyl2VJoR
++Cf6sj+R4M4NG/MwGq2/Il0b078lBU3hkhp/mZ88RJPK1EBJbICH1wQ6wzJSNQ5W+KXdfcSL
+DREfU8seshe2aHda4NTLyAeu9Toujje30AFLQyl3jDmXj4Ja+FHliaAY52h/XQou+6NHDj2m
+I3rGAcePyF6/bYBWvookujPqn+EyEZ7x0k+A9htArzieEVB5cxISzeZsnSyIcjwwgQaRIupZ
+rdoZLiLCjbmMh+BmvHMjXyFkY4BI9aA8GD2UyEhBHUC6Xv7+VjmhyM9enhlkRhDaF5G3BYCs
+i5mSfeei2AcLNifnSHlgisPXE1z4ckDfSsvPmQAKAAsRldpWRQOICp9n0NV5saiNQG0NwnpA
++vNfZEeSy1O5u1nOT/3QFVMB2N/r2eZ279AjuzupebPVAinNiaOWD0o1505CwHXNB8/mLOt7
+LgAAAAIAFWRpZ2ljZXJ0dHJ1c3RlZHJvb3RnNAAAAXwQWa1IAAVYLjUwOQAABZQwggWQMIID
+eKADAgECAhAFmxtXno4hMuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAf
+BgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0zODAx
+MTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV
+BAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBH
+NDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL/mkHNo3rvkXUo8MCIwaTPswqcl
+LskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/G
+nhWlfr6fqVcWWVVyr2iTcMKyunWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O
+7F5OyJP4IWGbNOsFxl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13j
+rclPXuU15zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
+MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3JFxG
+j2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3cAORFJYm2mkQZ
+K37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqxYxhElRp2Yn72gLD76GSm
+M9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0viastkF13nqsX40/ybzTQRESW+UQ
+UOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS31
+2amyHeUbAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1Ud
+DgQWBBTs1+OC0nFdZEzfLmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfE
+kRvDoaIAjeNkaA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvW
+VPjSPMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK7VB6
+fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eBcg3AFDLvMFku
+ruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp5aPNoiBB19GcZNnqJqGL
+FNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msgdDDS4Dk0EIUhFQEI6FUy3nFJ2SgX
+UE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vriRbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i
+7UqLvBv9R0oN32dmfrJbQdA75PQ79ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPm
+YQ/ShQDnUBrkG5WdGaG5nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1Tt
+mlfB2/oQzxm3i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyB
+Ia0HEEcRrYc9B9F1vM/zZn4AAAACACRlbnRydXN0cm9vdGNlcnRpZmljYXRpb25hdXRob3Jp
+dHktZzQAAAF8EFmtSAAFWC41MDkAAAZPMIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVl
+rVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
bmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQL
-EzAoYykgMjAwOSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
-BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoS2ctueDGvimekwAad26jK4lUEaydphTlhy
-z/72gnm/c2EGCqUn2LNf00VOHHLWTjLycooP94MZ0GqAgABFHrDH55q/ElcnHKNoLwqHvWpr
-Dl5l8xx31dSFjXAhtLMy54ui1YY5ArG40kfO5MlJxDun3vtUfVe+8OhuwnmyOgtV4lCYFjIT
-XC94VsHClLPyWuQnmp8k18bs0JslguPMwsRFxYyXegZrKhGfqQpuSDtv29QRGUL3jwe/9VNf
-nD70FyzmaaxOMkxid+q36OW7NLwZi66cUee3frVTsTMi5W3PcDwa+uKbZ7aD9I2lr2JMTeBY
-rGQ0EgP4to2UYySkcQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUanImetAe733nO2lR1GyNn5ASZqswDQYJKoZIhvcNAQELBQADggEBAHmf
-HZbGtnk/Io2H04cDBGBqa5ouWYlzEaxD0fUT/405K8DyvU9wjKkv6hfEC1Se1BuWmDM8qK1i
-ogB2q1lpbgYdfsS5RI2YrxLUYdsKGUZH8+v3Y8FABUCl0rf0tZo2v6mIdogEVQQrnId/Gjc8
-fi2lGtjUiV7Kvaw9bNhtr9Xzdg/NO4g4Ip1sk5rEPb+CG2U/pg9dqvzlshXKta3GvD3QhOjq
-BnKwTTkyeL8+EZwLpJ2aIfPwmwsweNvB3IdD/rxjmsrFwhzJx43/OxJYCOa2Pex6LE77g5bO
-DDxph1RzpHPCk/9REKwVVAHY/AWxiaF/dIOaSdfcTnuKSG+LRfYAAAACABdxdW92YWRpc3Jv
-b3RjYTJnMyBbamRrXQAAAVbCSdyOAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhREVzQkW4GJ
-mzXyzrgrO1unJvB1KDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQ
-UXVvVmFkaXMgTGltaXRlZDEeMBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAyIEczMB4XDTEy
-MDExMjE4NTkzMloXDTQyMDExMjE4NTkzMlowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1
-b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKGuJbIBGNxXiD9G6/mv4usjceKa0WFmIV+qrydR
-5W4bFtQtfVCwU3e9eDpg4mQCm3yGm9Yajq3/HxV/1ZUeEsvmFIQEwd82sxafiuPJ25g0ztgz
-FyhG/KfJ8NK01U0Jckn58ofjqdp9oX1rsjolqW1SRKz4vm773KZzkZBhpgMUIPLnh6OIra2g
-jP+mCyVSJecWAdXLuDWBDKM78OHh/FpdzoBxbfhJqz47urjXgAH7petbs8VeYCoxoK836CA6
-n6gyLAzMCR3Tno5dvEyY7sUaaHvsU6bpFDWj382AnwxI+xz08b9KuPrVjHFKxx+t/kGas4Nd
-8oRW76VXQ84prYyrVb/E+1sB3SMhoVgAjsPQahPtE+MSK4DcZ+aVss0eIm4q+EHU8soUB42K
-VRLGafW4hmgvU16w0qohwZjmMONnVcebbqwZqFWmRQbQIzrb62VdKhER8DtPym30NMRx5P8A
-WvZcriNghXPx5BCxJa7VkrsTwQzgOdq0OVe1qzWqciE7gzXnMd96IW64Mgh9HTKRFUpics/j
-d6G81REbdgFnCOBBC8PrFW74pBnZoquv4idSVisCiiwUJPm/QgK/JsjGj+BuOH1TLeXtmLOV
-Y2h/+TX034jFYDWSwHxpHGGVFtDr3guvPgQQRWVYUDivSPJZthbyPA2QAsZwLgGtPBXXAgMB
-AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTt5292
-Wr9g7ElbxqV3u3IWcZvEPTANBgkqhkiG9w0BAQsFAAOCAgEAkd+AP0MJfnHC9+uziI/hUbK8
-PXX5KF3IvJmbe12q5crhCvfostOf3WcxfroBqsdqQTuQ1AhcsmBqkPDIzgNi+Yvt+24q3AZN
-PCkPiRaKWExID+iEYeo8cqZ35EKuiKNDWHl+rsqlUw2pPXC9IBlhpGw4/EMy4cFH//js8REi
-MpacwvZbaZZ7IAxDQZpb9lkZiN5ViDdRC3hcCh6jQv3HnYgPwPJ4AiRUk6+Jh4jJSoAd6tBu
-PmEuNrs1DieW/WY0O2Fyc/EWXEcGVEkAelgSsArvhf2xuDN1apMcEuZgXm8df8kfI8uEYZ8e
-gkT5X61iVSSaUpjtUeehfpc65i8fEdpTgCyFnqs1ENsiX2rFXpdT8jICCTCjWPANAdVyxrF8
-aXvD9TZFzGFuXkyUxV6u6A5ei7/3zeDtoQ4bM+5UGP4Pvu9+hGtD43CY2111sg1ZB4UVIznW
-8d+pJg/WSMezpiL1MzdalUefe7oYFW//1hRkg0nSCmch2w81Y2AoIuOxlYPNhabdLw/nZ1Ju
-uy+FfPVKc+fFPsC9IRIFP/y3A0kCW8gl5uJUOPV5h4wdU7JOhXsGOMcs+Piwco0l5XdS9AMc
-SKZQX4ggMG7ygkOrPZeE51P7IcFPDyKahrhZKvZHPRmILeiF4Z7shQhqsWw0yR3sSCs7eO1m
-xI55aYPef4wAAAACACN1dG51c2VyZmlyc3RjbGllbnRhdXRoZW1haWxjYSBbamRrXQAAAVbC
-SOI3AAVYLjUwOQAABKYwggSiMIIDiqADAgECAhBEvgyLUAAktBHTNiUlZ8mJMA0GCSqGSIb3
-DQEBBQUAMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr
-ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6
-Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
-aGVudGljYXRpb24gYW5kIEVtYWlsMB4XDTk5MDcwOTE3Mjg1MFoXDTE5MDcwOTE3MzY1OFow
-ga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
-HjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51
-c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNh
-dGlvbiBhbmQgRW1haWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOYWk8n2r
-QTtiRjeuzcFgdbw5ZflKGkeiucxIzGqY1U01GbmkQuXOSeKKLx580jEHx060g2SdLinVomTE
-hb2FUTV5pE5okHsceqSSqBfymBXyk8zJpDKVuwxPML2YoAuL5W4bokb6eLyib6tZXqUvz8ra
-baov66yhs2qqty5nNYt54R5piOLmRs2gpeq+C852OnoOm+r82idbPXMfIuZIYcZM82mxqC4b
-ttQxICy8goqOpA6l14lD/BZarx1x1xFZ2rqHDa/68+HC8KTFZ4zW1lQ63gqkugN3s2XI/R7T
-dGKqGMpokx6hhX71R2XL+E1XKHTSNP8wtu72YjAUjCzrAgMBAAGjgbkwgbYwCwYDVR0PBAQD
-AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59MFgG
-A1UdHwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0
-LUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMC
-BggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEAsW1hXaYaf3yrSuQw/FNvJSTGyu3iMVwr
-Du7uYVVvBD7POd7FG0mU5OsgTLTmnlAuctmN9aqjs0raVhxgl4DcgqKtSr2KK/8LCbTG1yAE
-ReTNgAG6uituzqrXkv7kr+v0Jh0WKn9sMJU3LzMSrH/dx9ERjFGYstCjkdCt9p+eg5MeHUK4
-Rq9rZvCbf+rjAwLlAlHBqtU1nXJAA4m6MR3FEGhSnt+ihcVcCKZ45lNPsei30xSek6bDZOOs
-fnHNvJ/pAxvM++msMcGvfBV0ApnDskemwjJh18dvSCRRJ6HVh1Xye4+YPRae7nW2+NCO8vPG
-rihbp/DzNhf8wwXTygNKVAAAAAIAE3NlY3VyZXRydXN0Y2EgW2pka10AAAFWwkjajAAFWC41
-MDkAAAO8MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
-MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNV
-BAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDEL
-MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQD
-Ew5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWV
-zfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6
-pkjGnx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgU
-XPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPe
-Zqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
-8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEE
-AYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
-QjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1
-cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQAD
-ggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+
-DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr
-5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUF
-dAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
-3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEAAAACABpjYW1l
-cmZpcm1hY2hhbWJlcnNjYSBbamRrXQAAAVbCSeX0AAVYLjUwOQAAB1MwggdPMIIFN6ADAgEC
-AgkAo9pCfqSxrtowDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN
-YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJl
-c3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp
-MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwHhcNMDgwODAxMTIy
-OTUwWhcNMzgwNzMxMTIyOTUwWjCBrjELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAo
-c2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQ
-BgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBTLkEuMSkwJwYDVQQD
-EyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAK8Ay3A3K4BaSjpseJR9o38aH/Y11b3byw1Ecj4mspBSumM7KFhvpbNt
-lKbz3WQMVfb25/IiIoBe4WLGtinhgWzyv+V9MmpUoDIZWf4fi9c9YIaFJG/jEbN3PiCWNSFr
-swjZcC5k94SSU9YOsJCKiuOHjQbTvZAO4pmhG4YO2poKuwthUAZS8Z5/duzLD9AeDc+ZMD0c
-xEUQWKzW0+jX5erFAQd31lHmA3+KSKVNaHW56byeThlx9TJLnG1gGQv7zJ113L8mzY+TeDl5
-c14lDspc63cSB8tkQUdyk6tQw+sJdmQ00jm3dhEJDXZFxKmuPWqvtX1lL5RYEOxcfK9+4rYY
-2dCbTlpJ36lmC8w8xnh8p5wd486OU74F3mAPa+Ua2z/j4SHJKcHx6wecUhsBRFE8eyXXxOVS
-VF0lB8oWILit5EHuegj+mW+DppECsGw2VWrnffWW5sqB1pfxlIPp7bCxaxJpHqz7XanFmOm0
-W1h6vj2iRDpjWdQLJd4bT73lAZ7N0inVnxcZCm+/DJDTCV/Z44o1zHlaTRk3krfEwa2v9Hkk
-mrIBC7GvXJbzgDL7XD2Y8aA/St6+r5Qu2VWaF25gnWNsuGPJroFcGDXgkLu+PE83Irl+68+e
-dyGmPTiB+0jaMT0r44n10LW9fuBQxBKJsyOaEDGF265v7zgzGHYRAgMBAAGjggFsMIIBaDAS
-BgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBT5JKwPsrX4ecD6YIgbxNlNAp4XGTCB4wYD
-VR0jBIHbMIHYgBT5JKwPsrX4ecD6YIgbxNlNAp4XGaGBtKSBsTCBrjELMAkGA1UEBhMCRVUx
-QzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJt
-YS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
-aXJtYSBTLkEuMSkwJwYDVQQDEyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwOIIJ
-AKPaQn6ksa7aMA4GA1UdDwEB/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEF
-BQcCARYcaHR0cDovL3BvbGljeS5jYW1lcmZpcm1hLmNvbTANBgkqhkiG9w0BAQUFAAOCAgEA
-kBKvIjXCoznwLt7ptel4fEi+P31Fkl7p2rEZ/BY8n7RbZp5q58O5XYjoD63PIw/eJTpezE+l
-wbUtrCTSWAfeos9phGAz6BANE6kj0IXljnumnj1yE3Iz9ap9xmMfCPT+AX8kzyssVAne4itt
-ksY5TxbqPH56RtRFakao63WCVqeroHxoEzP2nTDwbyc5JCMqkP2QKTXyk980pcb3+O+MD2JK
-fK7T9VT4jbaaVocWgjozq1oiCPeCuuou4EeatLVFowU72dwuRUA76tx/6Dvr0ewm2DWkMMU6
-rFees3alIHv5HkoFYgGmKHVgl5INbj5NN0MNkhWcGCLNUZmgKRo8X4oyM1swx4kvR5gPowPG
-9vGs3zLw2YEa5Jy99oAU8NEsuYX12KOxyKUh5RwTl+4Ovd8pqe80U1vT5GoThAa2MgLEUq4i
-0tyyIUIa2kDwKcnsCgxc4tC6zEjTNwrMEgqKebA9A39pS/Q0IH2zNOqOS2T1Pv2zI2cVDQS4
-8C3BCVE8smwV8KUj14N05OUuyf6YJ0LGq8aesNBbOKWbUN5+GJi1RTv2ebTo9xp7BoP70Iva
-u8e9GKsIbzyAa0A/GRm6ZYrmvtVc0zbX70BSJGA4ZwQx7I/zgsbeuVXzOzGRWty1CBWtdiUK
-DXsuh+IMpga8JhBtN53s3XiMfIDF8Nl3SNAAAAACABdnZW90cnVzdHByaW1hcnljYSBbamRr
-XQAAAVbCSTGaAAVYLjUwOQAAA4AwggN8MIICZKADAgECAhAYrLVq/Wm2FTpjbK/a+sShMA0G
-CSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEw
-LwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2
-MTEyNzAwMDAwMFoXDTM2MDcxNjIzNTk1OVowWDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl
-b1RydXN0IEluYy4xMTAvBgNVBAMTKEdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+uBV7/9R8fWetg2R7
-yEJTLd/2hAggYdYBWWqcRBGv73b9lX7OYTC7eoNfAr0BZsruFY1voTCcvaGFnpQ681aIADHP
-2O5qlgLZ7QOM+3Vt5+q4VRYFFpr04F6xiMBkhVwVTYjHt7rgdemtBT2dx4lI4LsoyAPhMJNk
-XlLAWXAiNVeIivGVCoPXvDFzATTt70Zx4GsCqDVya5ebZuDLHHlf2BoEaB5HAuadYOI2lwHf
-zjWS375nx213WTuPndaQFZS8QjQQwTn5sSc+ftaKdcWyr5bTot6b5Ji+feHpga22b/zXDtrg
-NLANGnfn4wiY71j6nIS3Nq/C36zS9BAGcHE1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQs1VBBlxWL8I82YVtK+2vZmckzkjANBgkqhkiG
-9w0BAQUFAAOCAQEAWnB/LN23NE/1hlGpJr5LuKrxcQ3cYceg6jQeencPBDXoJ49skL+RFiRG
-PkpOzisW1QtSHfwfZ6ICRTFPzvP6A6d5nVNq2dpjOviA19OZ4aXhvtRVcZg1Or6T6q6tQrKQ
-b+D8IU01YzOJSdabTsrH504JAPfax++ZYpl3tpUiXoqgq/S4eJjKOBmZyXKeeM1LrK8ZoHMS
-LfzCQbqBkdoWWjG3+bRxgBJImXJzWllTwWNSM+2nydI5AnD64LFCZimqm1HtMFQiFF/Zqx3B
-5JTw+PUr9+rKeEbWuJH9pg0rGhQBPoDwQqCVB15tzcxLpEWNqxLos95a5aB86A8iHVrpWQAA
-AAIAGWlkZW50cnVzdGNvbW1lcmNpYWwgW2pka10AAAFWwknvngAFWC41MDkAAAVkMIIFYDCC
-A0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJV
-UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
-b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJV
-UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
-b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9R
-YYKyqU+PZ4ldhNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYof
-WjK9ouuU+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
-S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40
-yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKI
-anoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5
-S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrf
-Yi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT
-7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNk
-K2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqx
-C0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQADggIBAA2u
-kDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH6oi6mYtQlNeCgN9h
-CQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pgghstO8OEPVeK
-lh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qntozo00Fl7
-2u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzl
-VYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
-feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU4
-7/rokTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
-4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA
-2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4
-LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HAAAAAgAbdGhhd3RlcHJpbWFyeXJvb3RjYWczIFtq
-ZGtdAAABVsJJIX8ABVguNTA5AAAELjCCBCowggMSoAMCAQICEGABl7dGp+q0tJrWSy/3kPsw
-DQYJKoZIhvcNAQELBQAwga4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
-KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhj
-KSAyMDA4IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MSQwIgYDVQQD
-Ext0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzMwHhcNMDgwNDAyMDAwMDAwWhcNMzcxMjAx
-MjM1OTU5WjCBrjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UE
-CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDgg
-dGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0
-ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ALK/Jyz729hb3Xh7G553ZoHLPrx8rvOmJ5o0o2gxcTgzYuTzcWZ5sallo6WL1Y9gLT9CzKpr
-MsAjyyxB3eTf/GGc4nOyIpURQxhfxLYfV2wKBVgiyDZMOnyl0c+Gr4inRAITdHFzCkJZAvgb
-FGtC329fumuCop1b50q9HgFy20t06Dt/f30fBLQmm+C0WqxHPVW417AmUigBMUBm2NkkvfYq
-2OwhSVyb9nrpf1U1fpZrjZOTJ8uSu+qsQMCfwviAz130WtzOdIamPmwLU8q9ks4ZBnLmDFw4
-accE1rxszlv292ic3CUVSIih6an4mJzg89UxKGERbGeWjTmZy8JFJDkCAwEAAaNCMEAwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFK1sqpRgnO3k//o+CnQr
-YwP3tlm/MA0GCSqGSIb3DQEBCwUAA4IBAQAaQNiVZawJkonGOfQQ5akOZlNdeN76JJG750RR
-38YWNArvakRR6isHigN6w+s/CixSFqArQ7klkD9wqTMlbUUaKDsnz6rDKUIb3ztMwDM0W0GI
-v2srZa8o77L1w6pmzntW7rfIy2fByZwaGLjEw0kD8WAOUM1GxfN3efe2FeA428cvKKAMP3cm
-dNklEtox2hoe3ClBkSI8aae7AvK2XCcDifQG6pvkcoLjoQnB6QAZ0z7UcGu6caaqWK70u+ls
-tu+HzJu7/znmVmHTCqfEXExgewV3Jnq/2AdSLGL3cGPZObxvHMJ53HYpr87FLGQEXog2bjHU
-QBpiNDY/NQGurGOgAAAAAgAVYnV5cGFzc2NsYXNzM2NhIFtqZGtdAAABVsJJKpsABVguNTA5
-AAAFXTCCBVkwggNBoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAb
-BgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMg
-Um9vdCBDQTAeFw0xMDEwMjYwODI4NThaFw00MDEwMjYwODI4NThaME4xCzAJBgNVBAYTAk5P
-MR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFz
-cyAzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCl2gqVFlDjlfJe
-nXYxBjJ6m/EQdrgAmrVSNs0kR7CfGGS8mvb61XnYkGJMIi/eOD3W4KjpHCzbeBHpjmhRFXLH
-8zOH5KBdC1zgVwcqMPXNxDd3KE0Ykea/1VL9cS1wPufGxIrj8CgL9HaYoYuHVbI6E/y3Pic3
-jiLjqE8q72C7Pbc5ww4BR5ldEk/bQ/pXoe35nb4RRyZbE5irXRaKsDccV51F/4iWNr+7ygd7
-b4dj19AyatZdbAzxs2454msxLjkAJxTeOMDsGWaGEuidchYTZFLHqTcc/YIw7YQYHfSuXP9w
-EwDrsfUzekvWVfgFjUtpsPWzKDZcFMRRc01rC/E0B9sXOdfcKHtr9Z/zLsFPFyoQ88zK6Ov9
-a6sump8tgm4E1FIBky09hvx+/N/vQh2ma++5IMb3vaCnlf2n5okk2MyMNGziIy/ZEhohuVWR
-bwuReRkMrUCIC3DietIO2GhIu4ITORBY6dgqB8YS21jb0jtVEEcFFWdifhhjpkY/CQ5UMl6/
-DWJ6J++A6NvZSwZaN1ol0AgSd9RvCVCXPcgdw9+MRTBWxtNkq2bzwF6WnMPE78N8a4s6eX+z
-Sc894omfoDBLhbmclCR5j31rqUVoDyvQ8docy2m4yklibcjQY2LdYA9Yqo+hvAWlZqLPG3ay
-hGSxTDlSwDC68IxLArC2twIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRH
-uM3/5W/u+LLsL04O+SWwjjxrwzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIB
-AAAgI0E1BJDCQGJg7+I1TNc/rOI0kLihb3b6FhakSDcs6ZDC8jz4Cp/YgeW7W9olLKSnVXEk
-MvbIC/K8aviTrLIHwl+f28zIiqq+am/hSRDMMdeAu7vI2KIOZFfqovXCqTEV0iBq7PwiASjP
-hriAHqnMEaU88hazR5380oAhxMvQR3BBocqDGQgsbfJdd5yKFBPUNhyS8OUGN9ym5pCbOI9c
-axtGhkNCXz4BB1NUXWV994pzoZpUWh8pQxQnwoUPtYh7GjuUtx1gp7Wc5ylpV1qbk3pDMBsD
-12LIQKaq/GTkSteRUwGoIIhunF9EuctggTTsb9N92khf67SQvC2pHAusHNWiaCCABNb8sY8v
-u0oxDUqGHOviNikm9drYxPJ1Yc9+rnZjSnpAZZOH+B6AjIblhtaPDvxTLGDoFmEaoj5De805
-YFRq9fKJJgFog0iiM+jJBJGyETQRPurQQxkfA5OQDP9RPVf0QW7hy6C+68ljzW3M5Pg2qmid
-7b1dl3BEDbYONdzhDF27oFGUy34W6xEvo5JFyExx2bzJmVJXRi9Qz701afQ9Fc4GpSwPPvaB
-upS7w7u/ZXjShnn/STsagwzw3njsyPJNTBregin4wVra7e7mJ17oRdCdHFGoaKtE49CLauP4
-O7vcTddk8lG+5qqrWukx7ga8c78TYgqfx7mXAAAAAgATdmVyaXNpZ250c2FjYSBbamRrXQAA
-AVbCSZyAAAVYLjUwOQAAArQwggKwMIICGaADAgECAhBnyOHo474cvfyRO46mI4dJMA0GCSqG
-SIb3DQEBBQUAMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYD
-VQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRUaGF3dGUgQ2Vy
-dGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBDQTAeFw05NzAxMDEw
-MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
-biBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQL
-ExRUaGF3dGUgQ2VydGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBD
-QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1itYeGFFhlPqNHtRnO2w5i4YDv7gX6gn
-07TJ4HxZThYOc1RgwX/2ny7pOoUkFTzbRwRjw57ElBpa30x689lDHTwQenkl25D+8FHnMNZB
-AP2fKN95vpS7nbYU4yOF16lB4EykebArGovy+DuKPkWscZIAtJBBmPtf7fq3Lor4iDcCAwEA
-AaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBL6aoXgQX7eQoxn8VB
-9FZUq+nC5ZeOGP6RyQw+JmTJoUwnZKe9AZNVcW4XTzncG9xJNRA5I//Km8jPZj/cTBrUgQZC
-Uh/hJrEWF7rmcHIxROhOjVvk0/nQ448lZDHnKvgYiDYaUsUNQTUbabcm9RfMwRleS3xc4oOA
-kfov+5q3FgAAAAIAGHZlcmlzaWduY2xhc3MzZzRjYSBbamRrXQAAAVbCSVjwAAVYLjUwOQAA
-A4gwggOEMIIDCqADAgECAhAvgP4jjA4iD0hnEiiRh6yzMAoGCCqGSM49BAMDMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
-dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
-dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNDAeFw0wNzExMDUwMDAwMDBaFw0z
-ODAxMTgyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x
-HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZl
-cmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
-NDB2MBAGByqGSM49AgEGBSuBBAAiA2IABKdWenxS2mSbDi1c2F6skj3+AeYZSj0UA0v6YCcg
-2YOJafpUxpoYXlUqZN4G9o1KO60QPGU9kIgEieAwYbOuXQGne958sr7KZWEAhq7aj3vQia1N
-HVmaQbG8R4DcnmLD+aOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBt
-BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMa
-hqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdp
-ZjAdBgNVHQ4EFgQUsxaR/e6mbuS1LkmPh3iBgOzlsbUwCgYIKoZIzj0EAwMDaAAwZQIwZiEM
-GCZgWjh7VkLgp/w2hFGRICx2TUM9xB2EI9Cs1nw1Bs7Nab2QDdtsSEIdDqpCAjEAnD1IOSM5
-WBoVEllqnu/VWbIdUiyZcc3HKd8bKmF7cdHe88DlDTpKqi2n2IYq3S4QAAAAAgAbYmFsdGlt
-b3JlY3liZXJ0cnVzdGNhIFtqZGtdAAABVsJJQLYABVguNTA5AAADezCCA3cwggJfoAMCAQIC
-BAIAALkwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3Qg
-Um9vdDAeFw0wMDA1MTIxODQ2MDBaFw0yNTA1MTIyMzU5MDBaMFoxCzAJBgNVBAYTAklFMRIw
-EAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRp
-bW9yZSBDeWJlclRydXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj
-BLsiq5g9V+gmcpq1edQp4uHolYCxsONbjispmmTfoV3tsAkFbdsoLs5iomL+tIjaEus46yGd
-wEErAVJ7iHfTHI/HurmItWoJ53PoEUCn0czKYo0t5Y8LplDSqFDDKOr1qyWHipqWHKlnuD8M
-1ff5UhMvwhvVcHDwj8ASygbLmuHZyjN6d9b47LnxaERCSBPSwMKkrl5g/ramBfy03QdZAtRZ
-GJhj9aVj4JAMfV2yBnrzherr1AOuXoQ+X/8V7Wm8+Tk2cnXPd1JN88mQLLk95ckjUz8fJJgh
-XAeZKb3GOuznboY6a5d0YzO9aBgx8HiNdr/8no5dKoanTZDcJxo5AgMBAAGjRTBDMB0GA1Ud
-DgQWBBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB
-/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAhQxdjuRvUWhCBaDdu08nJYQDvfdk/S3XMOOk
-EBfr2ikptnk/dvYZEyO4EAr5WKTUYXC9BGFqEooX1Qq9xbwwfNbpDCWNhkBP7MyjfjjGNxFP
-7d1oMY5M0rMBdO6+dV4HSBp/cP8WXITAeYW4Bf1/vmURow/AArT4Ujc5BNWpMXoYv6Aq9BKZ
-96NFguM8XvWdnrXInnwuyKSeTggUS239cG1rGmO9ZOYft87w8p8uuxu38lCIc5LC4uMWjZoy
-AquOGN3pEBHufjWrkK8+MJR60DM9p2UP9fyOnmLPR0QsAV27HbUy0kfSOC7Q/oHcMmoete48
-1fzngR0ZwyRC6mM5qQAAAAIAG2d0ZWN5YmVydHJ1c3RnbG9iYWxjYSBbamRrXQAAAVbCSXQD
-AAVYLjUwOQAAAl4wggJaMIIBwwICAaUwDQYJKoZIhvcNAQEEBQAwdTELMAkGA1UEBhMCVVMx
-GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29s
-dXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw05
-ODA4MTMwMDI5MDBaFw0xODA4MTMyMzU5MDBaMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9H
-VEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5j
-LjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJUPoLbwUJzoeseIzd0XDi6wlNAbPQ72lMCKlMcGyJCXyLhkGnp+bDxT
-4Tcoc2B/spdTB59T+W1YlNKvjW2IZ4Dm7bKVz3IxyqUccrpcAudkQuf5qSzWOg2sjUKqJAE5
-5pw/AYVXDViHRfjThaqTaSaFcEiAPxIVx3m0HwUvO2KZAgMBAAEwDQYJKoZIhvcNAQEEBQAD
-gYEAbesbCele2VHbZyJhpCo8SHfjoHym3nOiFAOFPfurDjDFgxYzgRMInns0Tt9AyHTXuX3c
-9HZVfZtjVBjp8OrzXLHZi0IeucCVTrr61eJ89Whhv47sBZdfW7DXo4U0xCSnDQ+Vk+/LlNie
-H51chW3Hqq5PHyK1zZWtuqfM+asLen8AAAACABpsdXh0cnVzdGdsb2JhbHJvb3RjYSBbamRr
-XQAAAVbCScIfAAVYLjUwOQAAA2gwggNkMIICTKADAgECAgILuDANBgkqhkiG9w0BAQsFADBE
-MQswCQYDVQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1
-c3QgR2xvYmFsIFJvb3QwHhcNMTEwMzE3MDk1MTM3WhcNMjEwMzE3MDk1MTM3WjBEMQswCQYD
-VQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1c3QgR2xv
-YmFsIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyf6dA8CLKDPbrsfHL
-DpVXQHWvoD8+zuyqMlfmGbFnQ5haa3yzuPp4nKqmhLJgG4BBzmPNHxcImaT17z4Sx0ywV5pc
-eEB4/EWN2pFn3DpRuW1z5rc5jnY6tB8F9WlV+ZPPeIhKvqqb13tHW0YETIIWpjX2/HTf1rSv
-2OK1JxF0WaLCZixoCuGYiIg8igV1FOO4rvMIhJtqwT8xGK8npUubpP15Md6YPQ5hyoeYwfiK
-MJz6PjPVpcQDB+H3lnQYACc4J9ErqqrhQUWLb/Elwtyil5XHQhQzXXmEI2rnZcBXoNhdqWMB
-57Dki+j4xWO45Wx0kD3Hd/wrunnppMYSeKf/AgMBAAGjYDBeMAwGA1UdEwQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFBcVhYkJLySHbz8dG+TylnmDSBPOMB0GA1UdDgQW
-BBQXFYWJCS8kh28/HRvk8pZ5g0gTzjANBgkqhkiG9w0BAQsFAAOCAQEAWvAc0NRQz0F+5rid
-fcNw0F42/26Oei/eSBHVNC48t0XCVCWn4cEeN4O2lK62RUgD6pW+65xqtDdcHy7Ta4KBQ1sK
-PxFVY6z6fAgCN6A8OQQz/pcyyFLl2SVNsMbuaB9wqnPOVwPcfQoNM/LSWt8KbDvMEVGXGqQh
-ooU1AteAItKEsvjAqmi/1euqwwuroXwr9/U7h+FUV+wFJO95Qk7zi2if5G7LgpnJzCrcU8If
-cIOrIQ9WtEj/3wcis4z5HaYE3y0DNrndb/4xiGb/bG1ENK8Idz4m0nL0u0dWkzyYY+Ezu5kj
-krWDeegdn2etYtaJ1vb8J94yJ8uE2neFIaESIQAAAAIACm9uYXB0ZXN0Y2EAAAFi1TGi6wAF
-WC41MDkAAAVCMIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAM
-BgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUxNDE1
-MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQsw
-CQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMA5pkgRs7NhGG4e
-w5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7XGie7RYDQK9NmAFF3gruE+6X7wvJ
-iChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUnH8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRC
-XijMt5e9h8XoZY/fKkKcZZUsWNCMpTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWi
-YPqT6o8EvGcgjNqjlZx7NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6
-jIfBkv8PZbXg2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPz
-DIZYwYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDdApcU
-itz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqMP3UWYQyqDXSx
-lUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6aFXftS/G4ZVIVZ/LfT1i
-s4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DYPdAQOCoajfSvFjqslQ/cPRi/MRCu
-079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0GA1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rt
-STAfBgNVHSMEGDAWgBRTVTPyS+vQUbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4G
-A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq
-/kawNd6IbiMzL87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsg
-bmi97j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBxc94Z
-c3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvfjySF5FCNET94
-oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2RtOXDt93ifY1uhoEtEyk
-n4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25hPsBTkZA5hpa/rA+mKv6Af4VBViYr
-8cz4dZCsFChuioVebe9ighrfjB//qKepFjPFCyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyi
-mUcTtTMv42bfYD88RKakqSFXE9G+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHw
-dmC36BhoghzR1jpX751AcZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4
-mr8WIcSE3mtRZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LX
-aRwXdYYAAAACABh2ZXJpc2lnbmNsYXNzM2cyY2EgW2pka10AAAFWwklq1AAFWC41MDkAAAMG
-MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYT
-AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5
-OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZW
-ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYD
-VQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXX
-wc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg013gfqLptQ5GVj0VXXn7F+8qk
-BOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFFN
-zb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzo
-KQm5EWR0zLVznxxIqbxhAe7iF6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcm
-eQD2+A2iMzAo1KpYoJ2daZH9AAAAAgAiY2FtZXJmaXJtYWNoYW1iZXJzY29tbWVyY2VjYSBb
-amRrXQAAAVbCSUnSAAVYLjUwOQAABMEwggS9MIIDpaADAgECAgEAMA0GCSqGSIb3DQEBBQUA
-MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBBODI3NDMy
-ODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIwIAYDVQQDExlDaGFt
-YmVycyBvZiBDb21tZXJjZSBSb290MB4XDTAzMDkzMDE2MTM0M1oXDTM3MDkzMDE2MTM0NFow
-fzELMAkGA1UEBhMCRVUxJzAlBgNVBAoTHkFDIENhbWVyZmlybWEgU0EgQ0lGIEE4Mjc0MzI4
-NzEjMCEGA1UECxMaaHR0cDovL3d3dy5jaGFtYmVyc2lnbi5vcmcxIjAgBgNVBAMTGUNoYW1i
-ZXJzIG9mIENvbW1lcmNlIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3
-NlXlpV0YMODaiVSR/MjHUvgvUNnvsXVzZUd9G1u6dcX8oYgk+i/tyghKOVTEUXq12mDqODyB
-ssvxu9mRIz9IAXB1qQUqrR9x88lUPR0GakA+swyF7lwbecJixLg2jjVdAQwjBEc1qptgTqBm
-PcsmCpxAofRdmL9xq6UAaCrtg3oPohS11CKzgLA8DFpRaS1YGI/tmZ7xruKV5vZHqNYMD7BY
-WNvDZjeem5FUMzfSlBxqSMnJ8qXapQwj9yMOnDJVXnGchAVRmi395k4qNFreykA3ZwxUIVV3
-2goMzJeugNyUNkr0Ps42Ex5T5KxOOgXs265ynDiL0Dk7iQo+d/51AgEDo4IBRDCCAUAwEgYD
-VR0TAQH/BAgwBgEB/wIBDDA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNoYW1iZXJz
-aWduLm9yZy9jaGFtYmVyc3Jvb3QuY3JsMB0GA1UdDgQWBBTjlPWxTenboSlbV4tNdgZ24dGi
-ijAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCcGA1UdEQQgMB6BHGNoYW1i
-ZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwJwYDVR0SBCAwHoEcY2hhbWJlcnNyb290QGNoYW1i
-ZXJzaWduLm9yZzBYBgNVHSAEUTBPME0GCysGAQQBgYcuCgMBMD4wPAYIKwYBBQUHAgEWMGh0
-dHA6Ly9jcHMuY2hhbWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc3Jvb3QuaHRtbDANBgkqhkiG
-9w0BAQUFAAOCAQEADEGXwhqGwCJ8n/uQ8xrRA7HvE/khXwSc2smljSdsloeRvkGQAXKT5x59
-X/aJxl2nQAk9rElFRdwujTBosgm6+8MvzLoL3z93e0Z9OhIkjpaPPAUKb9KUKB1tDMAuiCLV
-2M8dE8fwSNfXBafPx0eeOzw0yIBP1BS7/A1Q9/qz7EJfqd1tyPR1z3vBciaxARxcLP16TrQB
-xQVXuec8qgXZiOkHRkHO70GBrljfg6Kuytd3H+cAPJ1vjuQyCR1NeDR4NDyUmybtT3HGGXq9
-ICJIWv5LfQO351i+xjJOdB5o3ahoW7M+7mJ92YDoCnV6t+60ZZohkOCq0Ji8OLVzPIv43AAA
-AAIAFHNvbmVyYWNsYXNzMmNhIFtqZGtdAAABVsJJllIABVguNTA5AAADJDCCAyAwggIIoAMC
-AQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZ
-MBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5
-NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBD
-bGFzczIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoW
-N/xIvb1/gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05d
-fBsm03V57eaE41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO
-7N05lU6DBn/nSUDIxQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50C
-ldG2uXE6aQg/D7ThQseI9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY
-6LST6nVEawRgIHFXh53zvqCQIz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8w
-EQYDVR0OBAoECEqgqliE0148MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H
-+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ
-6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3WNEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuD
-wyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+chdQYH2BK0ISBwQnGB2jyaNr6mWw1qbJof
-kXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuoLp0UWgV1t+zXY+K6NbYECJHo2p2c
-9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzfTAAAAAIAHWFmZmlybXRydXN0
-bmV0d29ya2luZ2NhIFtqZGtdAAABVsJI60QABVguNTA5AAADUDCCA0wwggI0oAMCAQICCHxP
-BDkc1JktMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
-cnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzAeFw0xMDAxMjkxNDA4MjRa
-Fw0zMDEyMzExNDA4MjRaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEf
-MB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALSEzDMXLmuUbGthUqDro895lEzllICZy1VkRGWPZ2TiBuNcN0n2L5uEhB4t
-8mCdME7MhIXiLM8env42qzN3NUTYNZYaPTboeg7Y1UehammL2fy7Oq55WtX01nG7mpAja5q3
-iHSHDB5fuZ4t+qtTK9y7dj6TTAgIjB6iIxzUaq0iupkBLm1ly74kZlUkS0BEsRvX4cKFwN4Q
-Pz3tuPzx8SNT3L9ll2/Z+UBxjX29ldTOvqBeJyPe/abQJg4AKes8RvA9YL8/UNLcJkFRnhQ3
-QgSjcFeoG4ftLfp77owK46lmiRnLQfndRDZhz+J3Rsh99vSSgTb92zTxcn7zDBa9tBUCAwEA
-AaNCMEAwHQYDVR0OBBYEFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJV7IWeqjC/dbZm5s0wpy0MhRN
-p6Tf7L6nvvhD25E3zrQyLlBVGjVOdkNxIO+Td04VcC6Hw8EdbdzLtSfULFbRUlM6RNJzyMQb
-BWVaYpKc7kGNMdvnNOpZIdUBetdkuGQ5zcntr+1LA0inoJkBgNxlozauZVlIT4JLyGXxVx3l
-WS4KP2zY0fXlCbRsVAAK4BVNh3Vtt1iWWt1t0gCg9JtIvsM3pLo24HyHhZcaFaLeLqJbva8Y
-+ZBQzXBZ+CdnR8vHoAc6fdEsXWwZOma1ff2Rb4KxvgiT2xRH8aI3x0WePMd3r2Sok9/2aYOC
-YPJJQjTtWgBUhRwWNpIMXPqmrb/bAAAAAgAgdHRlbGVzZWNnbG9iYWxyb290Y2xhc3MzY2Eg
-W2pka10AAAFWwklM0gAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsF
-ADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZp
-Y2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQt
-VGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1
-OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNl
-cnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMM
-HFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK9tPPcPRStdiT
-BONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuh
-dfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Z
-f3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
-0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj
-QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GC
-ahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGw
-UgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtw
-n5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqm
-JQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMi
-vgkeGj5asuRrDFR6fUNOuImle9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7
-PHi4b6HQDWSieB4pTpPDpFQUWwAAAAIAE3hyYW1wZ2xvYmFsY2EgW2pka10AAAFWwkle/wAF
-WC41MDkAAAQ0MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUF
-ADCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIG
-A1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9i
-YWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUz
-NzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
-MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBH
-bG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbi
-m1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt
-2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4qEHM
-PJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRaJSKNNCyy9mgd
-Em3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvryxS3T/dRlAgMBAAGj
-gZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB
-Af8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0
-dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEw
-DQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
-/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYg
-oyxtqZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9N
-mXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9
-aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJ
-ybQDJbwAAAACABlnZW90cnVzdHByaW1hcnljYWczIFtqZGtdAAABVsJJzGIABVguNTA5AAAE
-AjCCA/4wggLmoAMCAQICEBWsbpQZsnlLQfYnqcMYDx8wDQYJKoZIhvcNAQELBQAwgZgxCzAJ
-BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAwOCBH
-ZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1Ry
-dXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw0wODA0MDIwMDAw
-MDBaFw0zNzEyMDEyMzU5NTlaMIGYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
-SW5jLjE5MDcGA1UECxMwKGMpIDIwMDggR2VvVHJ1c3QgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MTYwNAYDVQQDEy1HZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4l5iWB0zVzky
-M/rry4eMp9RK3QaI6mSOMZilOJAemM8uYyvwRrxEsomhwCgMSXAhlZ9kwKaTEgJlJobGpYnw
-+teEoHCvTxqXPwZE1cnrchB95DEo+xxh5igHRHOSImmnA4hsnWPIUtqYJ+cITHA+tMkSwcVn
-g10z8wMR7GrQU+LRujZglIC7YWNsWxd+30CUHqsNwiEocIj/1iZsbGAEJU5Vfn3vv5RI3rcd
-3XCNBV+IpZvywu7q0UBBbWI4HVYGxQNHUSAZ/HsQCw5irnZVv193vj5JAVM9mCUDdiRaHbTb
-iep55bazOz+6TChBfwasao7B0PYFHX3mQobjpdVHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEecqOoU4DHRzca9sxW5Q+PzB/LTANBgkq
-hkiG9w0BAQsFAAOCAQEALcUTz1aAe3p4vZ+uLJnn79rflF4JaafnbmiMvXK+R6kOlxK4SvFk
-0znfJTTUwc1OgfAPBMQkszSWxqaqMN9oYXPX+Y6Fie8OXpUoSionjxCOLnyGxAKe2gx3ZQ5E
-DZL9/bMWNvoRDR2MDgeJailW93L03RWcdzVmV6sTU9iOwUDF1xMWWnLHt2kBxHqxgwFofY1B
-oZQYwSVc/PD+gwKHfA0Nzy4IXEpADT7sgWHmJNvK4A4tB7I+VtyN9UGFB0ibDAvLST997Lf9
-y41niRqr7bseowAICBcqglwxXUaKLQ+Gm3TZRfvUQLF6qmgthrKZIuHBK8ec+PNfqIIS6xkR
-LQAAAAIAHWNhbWVyZmlybWFjaGFtYmVyc2lnbmNhIFtqZGtdAAABVsJJ36oABVguNTA5AAAH
-TTCCB0kwggUxoAMCAQICCQDJzdPp1X0jzjANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMC
-RVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
-aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2Ft
-ZXJmaXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgw
-HhcNMDgwODAxMTIzMTQwWhcNMzgwNzMxMTIzMTQwWjCBrDELMAkGA1UEBhMCRVUxQzBBBgNV
-BAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20v
-YWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBT
-LkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQDA31bT5DqbdkW0E9v/wbYZizdBGJVSR+sXnSmIjjVs
-BjIuR2LzSQS/fUQ2sXHMvVoJc9XZhUT/kVcl3142jnDRXHFDHdna71zS+xu9OrXLraPMRKcN
-riEVP7l6W5J12KQSOIkZireA0uIyb1ackdaIEAuzdGSSdGDz9s8YT2CyI9DHO85hS5mPwgzQ
-QLKY3A2oTqO5Cq5goK1FUmO6Zr1o4Pm+GqiBux5BeHXTwf4AVbCHVOgnkDUdTDOtl/yXLpiE
-vyzJo7/RmBEU7WP4ypiIWBeZ7UUDl348hh6IjL7ykYSPZTTYAEx9tzEXWil6ChgkMKM3tXqp
-AX0m1vkOjlnx/RsztSk7FztBtiHd1MA9pZ+fH0NQybu8bHqXmO7NjB/7nFGui3C9J59xwGus
-fZBm6NddOg2w1cKN1cidncFt0NC/UeTj+MM4Nq7Wp3Xmr4RDXZOSDGoH3jsdmCLWrME126Og
-Jf9ytXYd3m3pLGYsUoTQRZLOHOXlMx3cB1NUo6qCO5o3L9zdoGTp5t29rvxkhR08p8kG3oT/
-a+hrGjzForNC+4sJPl8IUsdixNQFcb/EZOT4oYPoPhKbqB7UNk0vcfaNKPaDqRPSYcGRu0jA
-NI9BjEtM22kS/1CUnCCDWXPtfKHy8f3d90nTQ1igVmPKPT3lNVZZ6Q7KIMwrS5MpDwIDAQAB
-o4IBajCCAWYwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQUuQnKnB7b02w6a67tVPFb
-kwY1Ll4wgeEGA1UdIwSB2TCB1oAUuQnKnB7b02w6a67tVPFbkwY1Ll6hgbKkga8wgawxCzAJ
-BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3
-LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoT
-EkFDIENhbWVyZmlybWEgUy5BLjEnMCUGA1UEAxMeR2xvYmFsIENoYW1iZXJzaWduIFJvb3Qg
-LSAyMDA4ggkAyc3T6dV9I84wDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAq
-MCgGCCsGAQUFBwIBFhxodHRwOi8vcG9saWN5LmNhbWVyZmlybWEuY29tMA0GCSqGSIb3DQEB
-BQUAA4ICAQCAiH9w3pIo2QWURv+QV6nxL98aDWv6fA4cSSR5J9hGqm8pWVKIcBLq3T31m1NU
-b+FgoqgJuezrWXzGNfHcGOnxZ+WvukXgCd7KRA/CFw53kUV6M19flixoi8FHj5ibPcDsy/XV
-gpKENdG+NjhWcjFbRy2qF6RjUesKAa1/7HWey6Ef8X8SsbnkZH9n1iMq9Lg5XZjoIafhvT1C
-GnSacK9obFBdSc//+w5d5ixH14E6WQC1c2tjIPYxRQg5DvRwfkBwWj/Qa0KpdD0oLwJtdXKV
-CY1IY8bGI1eSk141wY35CvcsnWIc9q183aYxHraxx36FJvqkarXaYzDR75M3smYvfQX357dL
-mJQ1wNk6KcGdslAzHUqpWqbJA+/t9Oeoboq0V4TrpD/Q7qqqh1tj6JPia6jUuHJ4axvtOeRd
-y5uqh9VPTgD+2WqfPDEPKAIBfZjop7CiZJ55+EjyFanM5shE6z94mfJ7cT488ZinxRgSP+a7
-KDNC6UUKfG3yhnkvxYIZfQmJfLJUdoiu3sHzzOFu2zHWk66ZoO8lanOYiVs6LhOIHr/AkpQ0
-G+Mnt4seb0L/5+k3m1AdLaL5Au7LWFg6cbxo46rBrxwoH6LcI2U/gequmdPYMM8TDU8VyYS8
-p0gt+DAjd9hGS3lt9oztOn9gEXj06Zuu1VTAdIDRC0KfwQAAAAIAG3RoYXd0ZXByaW1hcnly
-b290Y2FnMiBbamRrXQAAAVbCSSSHAAVYLjUwOQAAAowwggKIMIICDaADAgECAhA1/CZc2YRP
-yT0mPVebrtdWMAoGCCqGSM49BAMDMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
-LCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
-ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcyMB4XDTA3
-MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0
-aGF3dGUsIEluYy4xODA2BgNVBAsTLyhjKSAyMDA3IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRo
-b3JpemVkIHVzZSBvbmx5MSQwIgYDVQQDExt0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzIw
-djAQBgcqhkjOPQIBBgUrgQQAIgNiAASi1ZyCe5Wd8VJ4h/6KFr8F5t+jAk8NB8YAUboMAlIt
-IqRCOcT+j+rJwb7UTf+fep7isXyaraeGCXOH0eea43qlqm77urNwwGeIojXUo5qx/a3C7zH6
-qLnz+wjGkdH7KZWjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
-DgQWBBSa2AAwAOdrf4UY7ou2zooM+BHhuzAKBggqhkjOPQQDAwNpADBmAjEA3fjgV0dbp+YK
-w731gIqXNQ0biTxUhncoyqH0ed615jiw8GVwjH8CVMK//9ihPtnPAjEAxI2U/NxT0tydeBYf
-FTMjU1LjWjFdncquvRMpRA0nW6jnaJwS91g/LnICV6OPoRQuAAAAAgAlZXF1aWZheHNlY3Vy
-ZWdsb2JhbGVidXNpbmVzc2NhMSBbamRrXQAAAVbCSRhzAAVYLjUwOQAAApYwggKSMIIB+6AD
-AgECAgMMNRcwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlm
-YXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
-c3MgQ0EtMTAeFw05OTA2MjEwNDAwMDBaFw0yMDA2MjIwNDAwMDBaMFoxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4IFNlY3Vy
-ZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALrn
-F5ACZbE0VTxJwlHV36fRN4/R54FzQVJgm52hFyZ4rcex6CaUMrXeM406L9vymnpac5ijXOn7
-inMbXOfDv4Bszan01ivA9/mZqmOisUcCD9TkUToSPGyKWlSEcNvBxZDPckXLqFnAzTOdP6OW
-64UzIRw+Hj5gbnacZ4XFyMNhAgMBAAGjZjBkMB8GA1UdIwQYMBaAFL6ooHRyUGtEt8kj2Puo
-/7NXa2hsMB0GA1UdDgQWBBS+qKB0clBrRLfJI9j7qP+zV2tobDAPBgNVHRMBAf8EBTADAQH/
-MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOBgQCcszOjP2Ihxhj4bG0RJOx9
-p5kMB33tiBUw0c0K2eYHNUaTStZFJ7gowdhIrCMlc7QYGgsYiq6hiWRtDeFn+uDZ7REja6iW
-Ew9vjwoy5FxcmyOvkvSTAmq85obVs7P9yLt8a14rx0NuCPUCa/nSnrotqxsIpzm9CmJYzN+0
-IMUBrQAAAAIAGHZlcmlzaWduY2xhc3MyZzNjYSBbamRrXQAAAVbCSb5mAAVYLjUwOQAABB0w
-ggQZMIIDAQIQYXDLSYxfmEUp57Cm2VBbejANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMC
-VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAxMDAwMDAwWhcNMzYwNzE2
-MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD
-VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2ln
-biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBD
-bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvCg3C1SzbZ7kt5ZQn3aW+4LBNj7NhVjzW
-fMP0zT6Gy6KI4uHYpGnFteK/waZHUF5GOYvVlrq1bxS/EM4nE54FR5sxehPYH9nTAjeLrSxH
-8I6BBqcNMAzr9zwPIB3cckbupQLIW8PJVmlMxRjBkXsL1RMAm7zvw0g+RmAghSrVkLbNi6DM
-Mt23/UBVslAcVq7MjXdNxyBNpzF272iSipAeCIFWsq1po1LQyxzEIz0fmf5M6BZjjsYIjvYx
-9tL65XbdtRySo0nNzQHNaM2pabqj6x0NnKQgpsGgxdFGTBdt0qxmP5aM4ITUNv8iWcX5EWCo
-XwR98hr2JUJhD8RKuD6JAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBADQmFTzAjU1DSR296SGS
-12act97FuNDkXV92IsAm+YQ6OvmMtfvsYPHozgSwyN2nA48w85jfpOakMd/THAtG3HIgP67u
-BTykMz8LOaxweHNLmSvfMMJUsKg7VaH+FijNQr10boDbJ0SnzkRd1BuQmA0eQpSxACwE0HSj
-AgUiY2PNg7X7wW1ia2l1/V1wQbn1v3zfvsEycyIhi1iBexWRerrjZEiwf/s2JdqV0PEkFBfd
-GIBrRiM5VPWOYgkEHZSQppvmJeJCRaq4kK2+CI+pC0IYlM9yOeGxQ+Aoz7fnWmwTa0mz/+MY
-fImLM12sM9en+do6VclYEPmq71q2z0tL3yoAAAACABR1c2VydHJ1c3RlY2NjYSBbamRrXQAA
-AVbCSekZAAVYLjUwOQAAApMwggKPMIICFaADAgECAhBci5nFWpTF0nFW3s2JgMwmMAoGCCqG
-SM49BAMDMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxML
-SmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMl
-VVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBa
-Fw0zODAxMTgyMzU5NTlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEU
-MBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEu
-MCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqG
-SM49AgEGBSuBBAAiA2IABBqsVFqp+Wgj53rVJG9TxlrYS6vG1bbR5nNxrt2c1gxh/dugiQO4
-BRTsV87uXT/iIbPO99SKeeCjg34tl9BhxPGZ3CWRY6t/MKO0cOLHoTOc878uXFOxX7N9Mn+K
-NON5eaNCMEAwHQYDVR0OBBYEFDrhCYbUzxnClnZ0SXbc4DXGY2OaMA4GA1UdDwEB/wQEAwIB
-BjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMDZnoRYI3OSXAEEdTr7hYwHP
-O6pCEWSgnZQ5AhF5XHsd+mS57hZCs7+KwgnE7OSxTQIxAOkqYUeMUkpLThhw9tZE1m71g7pt
-WL0k2VZI6u/EokaBiGo6RtGpm03JYdrRXVdqGAAAAAIAHmNlcnRwbHVzY2xhc3MzcHByaW1h
-cnljYSBbamRrXQAAAVbCSWTqAAVYLjUwOQAAA5kwggOVMIICfaADAgECAhEAv1zbtvIcbsBN
-63oCOzboeTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBs
-dXMxHDAaBgNVBAMTE0NsYXNzIDNQIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcxMDAwWhcNMTkw
-NzA2MjM1OTU5WjA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxHDAaBgNVBAMT
-E0NsYXNzIDNQIFByaW1hcnkgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr
-N//rYJtBeGn1SViw3h9xaaYr465Qxqm8k+kgvuTEE4JW7/BDMgnKm3UDj3xP4eBPdp4LrWR6
-FDqanb8vFgtlHKnunLzjGmXLT4XqklZ1ZtZVQO/7zNY4P6sc70KNGYn2t5WGwqcd6fcp8SrZ
-ZXn8K/WOyhp3fp7orPlmv0X76BOdX7Zz5X17jvsSdF0fBl6FG6ZeGEQAurzTbtFSDgat6+61
-tMG7vOs4D0gikcdv0rhyO7p/wI1st7xHcyEqhf+s1iiiGdWXajq5rG1F7OZNw9uoXcVdgpis
-Slqq5isIDBB0vGL2OkkEZthRHCam2HWfnL+uYFE9XLyiT3uJZ81TAgMBAAGjgY0wgYowDwYD
-VR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFIbh4YFxv2oS8QryAeTI+0DO
-aICJMBEGCWCGSAGG+EIBAQQEAwIAATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmNl
-cnRwbHVzLmNvbS9DUkwvY2xhc3MzUC5jcmwwDQYJKoZIhvcNAQEFBQADggEBACWq4SJAwqSA
-PLeiXZmNH3pCNThmFxHfva/8FRGYGTPmBUKEVKhL67Cd2zfaFlJAEXRov+nJshCEtx1EAHkn
-HPVYBhcYMjW2MJdjxqY5G8juRhdixS7nCqOaijBjc6oUpU0KqHKT8EkREJB8GH2oIAXEwno1
-uhxaCuAueMiIsc9XAew94gYTNMCo3PqAgAXuBXa9nSvInVBva8VAUIT9XR3mkJwQ06TGuSga
-3rX4CnCqzt5QPQOA29iIxUgG5ANz3RbONtblm+p32rKWtWWnBF0jrveTsl6KUWRf2s+MPUFb
-3vmj6Sp8RxAf9jI8fnDp36HVLg2xGkW0vBLtKBfpHgIAAAACABlzd2lzc3NpZ25zaWx2ZXJn
-MmNhIFtqZGtdAAABVsJI0YEABVguNTA5AAAFwTCCBb0wggOloAMCAQICCE8b1C9Uuy9LMA0G
-CSqGSIb3DQEBBQUAMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAf
-BgNVBAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjAeFw0wNjEwMjUwODMyNDZaFw0zNjEw
-MjUwODMyNDZaMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAfBgNV
-BAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAMTxh3/TeDH3OMn4w5lDvMf3vDfnTnG6S4+lcx1cbpiuA1euODdDLxc9H8jOaBDB
-eK4ZAysQ+ix5g/bouWi5VfIERKc5+fwEix7xok0n+WF7urflohO262E+0GzR5vv6Xu0dtJ6g
-NVuhksvwSZL+hQoFPubZC+JPu9yVN/yR6TI1ItEfOk4nhZ2wFZQy2mENR01gQq6SR+iDWlBY
-6YqLuV2h3N2ZSh82Z7tI5IO2N+tIOq8PZ48XB+gEyu9qMYfUwLb5lHF7Z2S4tpFKQntlLjBq
-DPWQ7pXm8s2C7NmhSuz2skvlRYXmbXiTBC6cgm02qcQxZB+Ggwsq9DUKeMlVz0GwR+kwn5m+
-YagGhLkoel842RupOLCDf3PBwztIKoIPIZu4zKg1w4Qbg7M+vqSVaQE6iQB4BNnJ9JkZq1Z+
-W4uGORWRpBAsCTKAYLOTwCq2GAudfo1J8hBKf/nVRi8ZkqOZpyasu4w85g68Rwfcc1HxcGQv
-CPm0Rx0wbETqKTeFkmhmvIM4/ns5LtNQ8B/7XmC2qab6J0Hxmxhy8vWEdErJZ8RUrkhk34zR
-brAd4QePCB6ZnHHpTNil90cSH3TRUZ6G88KiI0ALc9tLpudzBozBoOnBWaxG+uYv+M9xnEZt
-ucQVjTh5A0VI78Rd1wjuhzkihrIND1hD93GpSC796tYfAgMBAAGjgawwgakwDgYDVR0PAQH/
-BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBegzcHkQbY6WzvLRZ29HMKY+oZY
-MB8GA1UdIwQYMBaAFBegzcHkQbY6WzvLRZ29HMKY+oZYMEYGA1UdIAQ/MD0wOwYJYIV0AVkB
-AwEBMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0G
-CSqGSIb3DQEBBQUAA4ICAQBzxoHgJ9ItD+CVMOKaQX9QLF9fYmGphmppGAx0SdZdhOpBUhhv
-WK1QViBqxr0oaViR3JERNak6HbwapWCe2B9/RZFp2X67eHLBBg8qzo+FcGGsoM0LuDkpVoQy
-Toa7PcQq2dcfcu7+UaEiQbFxAmMagrBiq15XEh/fy911oMBdeZCMG+BQ5t4x/ph7cF+lkNit
-+AK2b9Ng3UBLIsU9rTp6nxoaR5F5M7qC3DJpA5ZuH0vwcf7jZ3Kgsb9ci+T6mSLHhLkbjSOX
-P+0l4M9lu/VhBO/dHrJaQSJaoZ9dLOhbyW2pDAx4qmDGVo8BWgxovGkZecQffpcFv8XpJFFe
-1NVLU+3ZI1o2A2WjwQOtQTDzRhuFkK9ltdWx5BZbeHUdl3ptWakqj3vew4eJEJlJc3jIPb1R
-NXQq1fF+aRsquzu9JbiaWj1yYZBmh+4M1k3UEXQLav4LA/yjVVeJ/krLrlsXBcjyjSMxUzjS
-LWo/grmNCGr3XkF0bsMRfgesKWCRPzjKVxANvTAvx6XmQaDargWHmqCkZWxMCQyJurjTucCT
-ijD6jeWaaxUBTmeq2mJWPoQIZtLENn2nPhD8iODUgOUAvarzTgajemr5YnLjCU/rmw4BI/Gf
-u3zc3GwRlyWy8rRjFNIGKmeMg/XO6gfYmmoe7OQKuypM6wlgOc7KYtgubgAAAAIAGmFmZmly
-bXRydXN0cHJlbWl1bWNhIFtqZGtdAAABVsJJ8v0ABVguNTA5AAAFSjCCBUYwggMuoAMCAQIC
-CG2MFEaxpgruMA0GCSqGSIb3DQEBDAUAMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZp
-cm1UcnVzdDEcMBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTAeFw0xMDAxMjkxNDEwMzZa
-Fw00MDEyMzExNDEwMzZaMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEc
-MBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAMQS36lf/kHd3fWfiuP2rOE8eJq82PB/eqAzKtyNIFuuLW/nk9k2cGpoz45Ro4Vb
-ZwSgECRvXSiCwZdX2EgpE7bhvpFN34UMUxiaHiSiT4/wooULy/Qpf9KkWO4mTcmqqHua2fo4
-3kRXFeX4jMjZSOINFicdHsiDhSW3uqpVQcwDIkstkY2L5omvZsfp/yvpPKza0rPD4Wicifh6
-AFbe9FWVbPu6ZN1ii98LdzLrYswmmpu7qmKDTLQGejDIKb/tBk2XuRzEMSvVX7xTEhecmVcp
-ZndhITEHLiVJnRjy7vMrcYy1ujkHSXf87y6SkAWNLS93e+9DvzW7mtj5c6cs8tBX7ihOJl+P
-kGgJL7j43AbpLpo+UafRIsQKpzhIbLP5/32rhlfjutaFeHe6Q+pIf/bYviNtHr/RNmxYXPHu
-pBlUGvUD0nbm4Yy9PLPTSEviyPh/kqh2RpxCZT6kHsEHA1pGLbiX87fVslUh77rcTACX+xSV
-JzO/6ENHRtIImRZgO5p+0ubtOOrsAR48SFZJCcdMNwCeiA7Ac+FvZulyRzA+EOULA8maQgBs
-xZR+YcSK33+CGgtZxFkyd7O8YGlWOf20Bnss1mQ22b1I7YQffqUijyq4QvSCt9RTkHhOLRr9
-gW9E1zsBdJZC4ADiLmvqxe5yrLu//uqqqPjc9rJ5irZnAgMBAAGjQjBAMB0GA1UdDgQWBBSd
-wGemDCLZJvVFq6ZlUhEn2EWsYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAN
-BgkqhkiG9w0BAQwFAAOCAgEAs1dNEGJOOuSs6rgcrzIjyLNJWlGcdiiNeapXRhfV9VL2t0To
-CES/GITSC4DNxRL9AFUFYYdB3LUknjzE2Mj7cJ4veJaDIDbefA9pE4ildTaYCKbG36zO41jW
-tz7euvPrNEDYooH1eD8v1aX82aLUXgQOF63+QfDlsnL6RIIzQugtWPdWjGI/ukKwnAxcfi5l
-JlxTTwCyeH6hDZktjbgdjqLEsP1g0DCkjsgEYqnE7TXeepftDjheki+TcKWpnG+nfRMdfsYI
-SLFeZ+tRCCXp5iVrUimRnNI5cwhX3pkGtFudEAbhwgCouBxKAgoU0MFByvuMNSF9gjjyqVSR
-GTWTlG1qOsWy0LuJhpPom8kPOqd6uKHweEb6/Dcv5YqE89/+BNmhaKAvJOIJlQbVlcrhJJbr
-fPaTBbvtc+kt0XU51+ck29hOX0OPntAUOb9VcEiZVzG0nO5KmAOWMB9gBu4bI/6BYCMaR2KF
-pcwZNIBvs6wa45/we0it1QHZZ7apcpPqLWa1srjkPTyy70yM6usHv6s1mlWGvBimtahetINs
-a2lA05/c8cNpa7nhbQn08apQdgp6fXoXoVWWQpkxCd1gEY0FMH7mjkbRnRTaxxfkBZaMxCS1
-G88UB7JA+KOeQYa8BNBrlsgqgDT9v+8Go91YxYU9Po/+ningtrgJaBkcGEMAAAACABJnbG9i
-YWxzaWduY2EgW2pka10AAAFWwkmJ6wAFWC41MDkAAAN5MIIDdTCCAl2gAwIBAgILBAAAAAAB
-FUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNp
-Z24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBD
-QTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYD
-VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9i
-YWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j
-40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
-oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
-Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvy
-JBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FG
-qkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQE
-AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAN
-BgkqhkiG9w0BAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLbl
-CKOzyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38Nf
-lNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5p
-LGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq
-4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJ
-KSZp4AAAAAIAFWR0cnVzdGNsYXNzM2NhMiBbamRrXQAAAVbCSTSeAAVYLjUwOQAABDcwggQz
-MIIDG6ADAgECAgMJg/MwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCREUxFTATBgNVBAoM
-DEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAyMDA5
-MB4XDTA5MTEwNTA4MzU1OFoXDTI5MTEwNTA4MzU1OFowTTELMAkGA1UEBhMCREUxFTATBgNV
-BAoMDEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAy
-MDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07JKz3pH73WbI/o6L9ZQRYk1
-OsZr2/7bAGio4AMRHTdQCJ9NSmiUNbNT0ZRjpyBWr95ReOwqPfNISFA+Ct9GVYsnbcMQTQ2R
-UkPYh+BdTja1IcpfOUAEX1t+zKPGK6lAHtk2hNZI85IeNEYgJMGkUY5KGu9QP2ldGX9Fw8cB
-j1HJI+hyrrS8Vgl/Esscsa8pkArJVcwP07Qa7Uc1WkrtnHMEIdCqvQwTtQDKJmzEawyUWpWU
-2lCa8f+lK2YxpMk4oN8dH7gJLvOn6GdSq5Uf4EY+2KTDylrFMYDoSJqflGn+Gd3Yc3yBypbe
-ju2zMgVlhDTm5v1XELVfdr8vsBANxQIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAd
-BgNVHQ4EFgQU/doUxJ8w3iG9HkI5/KtjI0ng8YQwDgYDVR0PAQH/BAQDAgEGMIHTBgNVHR8E
-gcswgcgwgYCgfqB8hnpsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1Ql
-MjBSb290JTIwQ2xhc3MlMjAzJTIwQ0ElMjAyJTIwMjAwOSxPPUQtVHJ1c3QlMjBHbWJILEM9
-REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDBDoEGgP4Y9aHR0cDovL3d3dy5kLXRydXN0
-Lm5ldC9jcmwvZC10cnVzdF9yb290X2NsYXNzXzNfY2FfMl8yMDA5LmNybDANBgkqhkiG9w0B
-AQsFAAOCAQEAf5fbMMjfpJx9IXqAcM4UEmmIFJVgRAGssukwT5tQwmbYfo0wtXAx6eJpx/Nw
-2yAVhtAN8L6sAXWEzn6fTb+3YDuc88od4l5o2KOdl+VAYNI2If7QtLgX2nSjf9TfsJgCrG9r
-aywlJHKhZe4lWuXmMufy36tJ+vOQaSPbBNnnXFj8ZdSXvsz8LgrMJSo1BPhgkRV1PUH/Ix8Z
-yGzrglMEpuRMIk2NjLrOW3PsZFRQbdGcVftpwzbDjLw8haZrCiYN4JOYYK5+xiSXimFfkY5m
-kgmHNs2Lmy0+9lHUUNRZKL2D8swoe1OGbdgmiHDX6pHNPrnKwJBuWsZedGXXXP6j4gAAAAIA
-HWFmZmlybXRydXN0Y29tbWVyY2lhbGNhIFtqZGtdAAABVsJJei8ABVguNTA5AAADUDCCA0ww
-ggI0oAMCAQICCHd3BicmqbF8MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRQwEgYD
-VQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDAeFw0x
-MDAxMjkxNDA2MDZaFw0zMDEyMzExNDA2MDZaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtB
-ZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAPYbT2cHK6EV9QYiyx8BsuNzRQZESSy7SSUU1s7Dt6ss
-T8ZBMpRX+hKnWw7ijx8ehhmnqrUtuV8NisKvhTV5Mi27HGI38rFbSj3KzXFf6UK+lOjI3vki
-SGTG5avGK22tBfD61QvPmuXwUKSLO0elI1t6evgzP7jvmZfjIMHWKInPlPu5Re3jQBcR1HTw
-CzHiKyZqm0xXrqwgPrpFegXzvZtpFa59TiBjxDV2OgcCyTf9x0fu6PF2HXMV8pektch6edlC
-qit/XP7OJk+jZoE1r0S6VB4cMDJlneY8k15QTnrjOtRuzBr7+dI3riQqq1cDIigNSXV/tyja
-db+O49wOeTECAwEAAaNCMEAwHQYDVR0OBBYEFJ2TxlOLXsqvP58eD+WZlbwk9pSPMA8GA1Ud
-EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBYrPQEDs3A
-Df8K/dS6Fl8pvXtomVhJ0rQdN01/J31GBl1DxoYuPnOyJn1Pk6m2xCqaqyGXFLHejNOriRXY
-ayTU8Rau2KRc1H9Rju0YAbGTY728+GGAmp6xzkJw4ql9BiV9J6H+b+yzHiTa40tVGgA7NbQ7
-2dddMP2BE4nywgYr7WfEjslDslxrFYkCvGL8TvK1M6qyb9MKolDj9jvoLkTC22Y4qTNWSPFt
-GzONDYw/YDed08ptfjR+DZ9ydosbn3L9UjVBRQKWLxyymnNJIbFJR0VHtO9qNBHJTZrMWbfW
-Ap5aTmW1lK4b3ymwFvG/AJ4HOhdktQS1IyGZCpU7l3zvAAAAAgALb2xkYWFpaW50ZXIAAAFi
-32LqHgAFWC41MDkAAAWpMIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUA
-MIG9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQ
-BgNVBAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVD
-T01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3
-DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNloXDTIxMTEy
-NzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWlu
-c3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQD
-DCFPcGVuRUNPTVAgc2ltcGxlZGVtbyBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNp
-bXBsZWRlbW9Ab3BlbmVjb21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ALr4rivKQuRkYNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz
-6Ej7PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv5kQ9
-uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmVotXM4tT1dxyJ
-xFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoIvoKvoh3uZ5gEhGV8yfJx
-k1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQSWimWtOi4e8CAwEAAaOBtTCBsjAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9
-tsaJhM9HE5wwcAYDVR0gBGkwZzBlBgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRy
-dXN0IHRoaXMgY2VydCB0aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUg
-aW50ZXJlc3RlZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4a
-ZP/7IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNXn4Op
-NkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8XUTuzEQQ3gUS
-yVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs2KMQzorJ1ZNQf523yUTg
-hbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwaSxGSiAgeLbwAUCvPNl27zr6k6+7T
-cNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwEzGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5U
-rclU1vK+dnuiKE2X4rKuBTRYRFR/km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BA
-SKqgNdoT/SKBXqxgYlCbo+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQU
-wwnSrSfihh2Tj0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO
-0k1tqbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLoz/Rd
-+SKtlrfbAAAAAgAbdGhhd3RlcHJlbWl1bXNlcnZlcmNhIFtqZGtdAAABVsJIy3MABVguNTA5
-AAADOjCCAzYwggKfoAMCAQICEDYSIpbF4zilIKHSX0zXCVQwDQYJKoZIhvcNAQEFBQAwgc4x
-CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93
-bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05NjA4MDEw
-MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIHOMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
-biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5n
-IGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQD
-ExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2Vy
-dmVyQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqB
-QWKPOO5JBFXW0O8cG5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn
-0LoNkgYUc9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
-jfRCTedAnRw3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-ZZCsiA9W2eYwNNQmx9BQ8ZLea9Q5iAkixqZjgwP3mXfYsuUYuF1j89Rz+2ycmXjxS3h9GSTD
-KwKE+Lwi2Yoi16D8ceyRhyDxuOyx5VWArD1SyDkOwvDABU/WgnWMvV/S3HaaBRLJr3LD3CV+
-pE2OF6Xgh3/hmlrhYNxkIzxCLk0AAAACABRzZWNvbWV2cm9vdGNhMSBbamRrXQAAAVbCSf1E
-AAVYLjUwOQAAA4EwggN9MIICZaADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNVBAYT
-AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSowKAYDVQQLEyFT
-ZWN1cml0eSBDb21tdW5pY2F0aW9uIEVWIFJvb3RDQTEwHhcNMDcwNjA2MDIxMjMyWhcNMzcw
-NjA2MDIxMjMyWjBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVt
-cyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0Ex
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/sV5sk4P6cukJ5qYiK+oDg9Qcp
-Q+qOCjQ2jRz6p7U5eP+Xdfcv5KprBIREyqbiaI79VVBiD6RxDs4HOC1ChVCtPJZvi9WiDs/e
-SYk91mQuOOUebLVXip7vSA7NemkWh0S1kOQGna6hBJdYee8gSoJrjCK/7B8P6YRx7fEO5LgY
-E8xWNl3Rmh5RazluYHaINAvzs9Gwncph4mQdwUYHuGPdHjNls44JVVI9tb3/B+utYVUYLKlp
-mEqqQMUzFGV0APmR3q8DSMVAVNwPhJBoIMWSltwu5QJFqsBfVPht6knPXWxLr++awlZcxjVW
-QmowX8Kr9uI9P7PJEY8xTNefSQIDAQABo0IwQDAdBgNVHQ4EFgQUNUr1Ta8/14I4rKtxZRd1
-jJ1Vk+YwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-ggEBAKiH6ez4QGddw8Fmx0BLl/yHE5BaxO+gyl+Lt6e38da1ZLeKs7gbzNr7rGaIQc7o/OTb
-Hoim7SdQGwIwJEZ5/gSHcJdAc9HAwVcZmmmlJ5mrnWKE9lHBLMkjFdgot6slE7VG4YYC/yaM
-xIiSHVb+GWfyVeSAo2ucq3fhUXENINsQmtu9dnkHd5korZpe2rFPRCw1jqWWx/2D8FjGedaY
-fKiN/oY+BxaS4XvnHewzdn5CLkqF+ZGJaIQDgaWbmr7jN8VUq1Y7GC1BpAz4QtuZoOByb7td
-4RZPUwpk+U70v05UvXhsiOq/nBMkwnBpon8PyDytCMmwmECjKueIg+13j3QAAAACABh2ZXJp
-c2lnbmNsYXNzMWcyY2EgW2pka10AAAFWwkoD9QAFWC41MDkAAAMGMIIDAjCCAmsCEEzH6qqY
-PnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBW
-ZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJp
-U2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq0Lq+Fi24
-g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYKVdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS
-65bdqlk/AVNtmU/t5eIqWpDBucSmFc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U0
-3EGI6glAvnOSPWvndQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534V
-njty637rXC0Jh9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJ
-W2uluIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68DzFc
-6PLZAAAAAgARY29tb2RvYWFhY2EgW2pka10AAAFWwkmpEwAFWC41MDkAAAQ2MIIEMjCCAxqg
-AwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRl
-ciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGlt
-aXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
-MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu
-Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQx
-ITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDF
-cCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRP
-n2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf04
-9vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7v
-n5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kC
-AwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21v
-ZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
-Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUFAAOC
-AQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1QGE8mTgHj5rCl
-7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1a
-wg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz
-7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C12yxow+ev+to
-51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbgAAAAIAGWdlb3Ry
-dXN0cHJpbWFyeWNhZzIgW2pka10AAAFWwknPogAFWC41MDkAAAKyMIICrjCCAjWgAwIBAgIQ
-PLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
-DUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3Ig
-YXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVow
-gZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
-MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
-LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqG
-SM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8l
-L33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/W
-YC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVf
-NVdRVfslsq0DafwBo/q+EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HT
-RqjySkwCY/tsXzjbLkGTqQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bW
-tsuRBmOiBuczrD6ogRLQy7rQkgu2npaqBA+KAAAAAgAUZ2xvYmFsc2lnbnIzY2EgW2pka10A
-AAFWwklt3gAFWC41MDkAAANjMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcN
-AQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds
-b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
-MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMK
-R2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+Fggkbh
-UqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+
-ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7
-v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+u
-IEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEA
-AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
-LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7lgAJ
-QayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
-EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdB
-j+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NX
-Sb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o
-2HLO02JQZR7rkpeDMdmztcpHWD9fAAAAAgAZdGhhd3RlcHJpbWFyeXJvb3RjYSBbamRrXQAA
-AVbCSY0HAAVYLjUwOQAABCQwggQgMIIDCKADAgECAhA0TtVXINXt7En0L8432yttMA0GCSqG
-SIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYD
-VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
-NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhh
-d3RlIFByaW1hcnkgUm9vdCBDQTAeFw0wNjExMTcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIGp
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZp
-Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAwNiB0aGF3dGUsIElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhhd3RlIFByaW1hcnkg
-Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKyg8PuAWdScx6TPnaFZ
-cwkQRQwNLG5o8WxbSGhJWTf8CzMZwnd/zBAtlTQc5utNCacc0rjJlzYCt4nUJF8GwMxElJSN
-AmJv61rdEY0omlyEkBB6Db10Zi9qOKDi1VRE6x0Hnwe6b+7p/U4LKfU+hKAB8Zyr+Bx+iaTo
-odhxZQ2jUXvuvNIiYA25W53fuvxRWwuvmLLpLukE6GKH3ivI107BTGQe3c+HWLpKT8poBx0c
-nUrG1S+RzHxxchzFwGfrMv3JklyU2oXAm79TfSsJ9IydkR+XalLL3gk2pHfYe4dQRNU+bilp
-+zlJJh4JpYB7QC3r6CeFyf5h/X7mfJcd1Z0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHtbRc+vzst6/TGSGmq280brV0hQMA0GCSqGSIb3
-DQEBBQUAA4IBAQB5EcBLs5G2/PDpZ9QNbkW+VeiT0s4DP+3aJbAdV8seOnagTOxQduhkcgyk
-qfG4i9bWh4S7MuVBEcB32bNgnesb1dFuRESppgHsVWIdd7hcjkhJfJw7VxGsrXM3ji94XJBo
-R9lgYOb8Bz0iIBfE9xbpxNhy+chzfN8WLxWpPv1qJ7ah61q6mB/V401kCp0TyGG69Tkch7q4
-vXsif/b+rEB55awQbz2PG3l2i8Q3syEYhOU2AOtjIJm56f4zBLtByMEC+URjIJ6BzkLT1j8s
-dtNjnFndj6bhDqAuQfculUfPvP0z8/YLYX5+kSuBR8InMO6nEF03j1w5K+QE8HuNVoxoAAAA
-AgAVcXVvdmFkaXNyb290Y2EzIFtqZGtdAAABVsJJBmkABVguNTA5AAAGoTCCBp0wggSFoAMC
-AQICAgXGMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
-cyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwHhcNMDYxMTI0MTkxMTIz
-WhcNMzExMTI0MTkwNjQ0WjBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGlt
-aXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMgUm9vdCBDQSAzMIICIjANBgkqhkiG9w0BAQEFAAOC
-Ag8AMIICCgKCAgEAzFdCFlSc5pjT003u/u3Hn0M5SmWz6BaINNsNWZF0z5K4BECtAksxq7yN
-kWjYIA4aAeIae04XXeKKtz+ZGs3rYavCZaYft7e9t4/8/XCPC6BnvgGiWc9x5g8pdv+xVnlF
-Kx+eelTooyk1aKQBTw+kLjfvG7/jjxCocqtYV+dUhsjJ81vaLNpdjm48oz7a+4Ll3fJcsgUz
-b4o2ztATTv+/Sgw0TKbDIb1QBFXrsbud+0UeZBXeVQGMAna1y6E/Qmm8L71oQxZWiSo3YZH9
-pq5OwMsUZZQ3S5IG7wTQyJyI2wt7ga+xPSrEZTp4tu7cgLHS05mcOu5rWmuzjbfVzpzCvqVL
-Lxaxnmg7Bm+ufZ/43uzMKaeYoyVDL+/xXybhiE34Xm7X2RRuGTNppzuEiZPEU1UToVF4QPi4
-yaLue7pSQoOeFO0FUlpZVqeX/J0/CinY3E+RDhO83pWk34uZvqybM4jvtYGvG8YiU8j2x+6X
-FLDFfHhSyPDObndghKbpKnYg7VgBFzCT6RqL4HNj2WqSlElOtK1KhcSjIjD8Ce1oInOmiAxV
-IVjF4TqfKt3K4ZDg2XOrbIC46Atkk6CcjBn/s9IM7JEmh4qzouFwjywK5c1taFHr2j8Ff4sy
-5hNca/5fQOIiyLS0ZE/Wun1IPqhpDNe7hnHJc7g/O50lS9r/QOsCAwEAAaOCAZUwggGRMA8G
-A1UdEwEB/wQFMAMBAf8wgeEGA1UdIASB2TCB1jCB0wYJKwYBBAG+WAADMIHFMIGTBggrBgEF
-BQcCAjCBhhqBg0FueSB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjb25zdGl0dXRlcyBhY2Nl
-cHRhbmNlIG9mIHRoZSBRdW9WYWRpcyBSb290IENBIDMgQ2VydGlmaWNhdGUgUG9saWN5IC8g
-Q2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQuMC0GCCsGAQUFBwIBFiFodHRwOi8v
-d3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9jcHMwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTywBPg
-gkM+++4vZzKWNVzbuMsC0DBuBgNVHSMEZzBlgBTywBPggkM+++4vZzKWNVzbuMsC0KFJpEcw
-RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
-b1ZhZGlzIFJvb3QgQ0EgM4ICBcYwDQYJKoZIhvcNAQEFBQADggIBAE+toCxM+sDyb/dmVasj
-NO7nKdrDW7awg9nQ0OIh+/NgpztdYFMnopv2CCIq57+gcuWcJGoxsZB6J9uEEYknpndaONe/
-rIb87l2DvAbG0XdrD20kL0t6bKcHlsrjhJ+tiIsdqxaNW2YX2Rb0i4DS3fiydsP8OBOqDN5C
-aStu8zzrgCfb9aZEDZ9aVVkL1Q1SSMWun/IvgMXqMlA1EpcuweH/8SOIUTif8mZWducPUZel
-UgxNSVGVNj2/oksMEB2GmUyq83IRk+Tq9pvaqF2nTbeeAq5zAMjaIwPo+eoZdGIAlMsiIL6U
-p1m1gmq+mXl6qfJKJFL3dP26TuaoHQJusQ2ARMGu0yM3X7uFfCuSLuh+pYvdmeG/J28tXap7
-h/4K3Uv8jvUm5G5wQm4z7DGee5PB5MlpGj3Aa04ibe6rWE3G0EHBK+pPEode60XYbPWYAtOg
-2FWKBpkZoqB30TCerMx17oP1sGI5z2xX4kzSkQsOdSgbmr/9GkPxynf7O49huGkoFkIEXnAq
-HCHYj+G9I1stdECS2WMZDXPdabxiR7zgdCuy632+QRu1wEbFoSLLX07BKJLeGLrVKii7EYsX
-k5iZYJRcI89aJ5deCwUGkzceO2k266meYR2PMtqODNZ0PnsJJNoBd0fEO800jJn1yuElYTOy
-WRvibtc3V7YNqRLaAAAAAgAXc3RhcmZpZWxkY2xhc3MyY2EgW2pka10AAAFWwklDvgAFWC41
-MDkAAAQTMIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcN
-MzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hu
-b2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWt
-DBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1Mv
-nsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSH
-o9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe
-35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/X7fR
-zt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRbVazc1xDCDqmI56Fs
-pGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIElu
-Yy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqb
-AYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA
-2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq
-4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtel
-ttQKbfi3QBFGmh95DmK/D5fs4C8fF5QAAAACABdzdGFyZmllbGRyb290ZzJjYSBbamRrXQAA
-AVbCSZA1AAVYLjUwOQAAA+EwggPdMIICxaADAgECAgEAMA0GCSqGSIb3DQEBCwUAMIGPMQsw
-CQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMG
-A1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UEAxMpU3RhcmZpZWxk
-IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMDkwOTAxMDAwMDAwWhcNMzcx
-MjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcT
-ClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAw
-BgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve3BA/z2j/wCsW9bn0jZnXniorcDYVYYw0e2
-18o9NS6JQ/ehaZveihr9EyCctEl3MilW/bnsjN0i+nLcJ2GX7vZahOxuGbmJLNyEW9V0+2tf
-xYmlEFKJRlX0uHUc5n/kVK5L+FVyVwIZ+BdxWeseKAd0xZ1Ivmy09KSw82Q3eZLA7EZef+Ft
-U0xir80fC2O7Op37/HkAmGF0zyaCQGPzsnJqGQ2ZytQOdcw3+4uJwVnxYn9fs19lMPint012
-Wh52XjTA6JZWmYqz8H+kzb3cMjF8kc/gXxH4a6pJXNGZlNGi42NbCXa1VmLhS3QdltQm1AgE
-WdCYDg7m3vzD7B+Q8QIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAdBgNVHQ4EFgQUfAwyH6fZMH/EfWijYqihzqsHWycwDQYJKoZIhvcNAQELBQADggEBABFZ
-+iVPA2+UmTuaH4KFOdR2BZRe4SiTbWJdCcKgqNSwdTjxNGqd5J+KhiZR5izRxi1ulSBKkgHs
-uIpnezHiZy6MlQMmLkOdSjH2DrUMu7fiN38iugCjDntS+2u7O8TTeVFOzZD0ZwcZyDxGeg0B
-fcVY523mhTAXmiTEEOAE9+Dyf9SqCv9CHTftlOVkWRIgdzjTMj44gXWWc/poj7HLzh/F7Pqc
-fs9+sfEHLbb8v8qkv9CXBUq86hgoApC9VHgJIXHT0X0d2RawqWE90AoAIvzHe8sJZEULO0CB
-9318MvWYyliOfSrukFlzZPk2dF4lofVmBS5/ORWpKvtQi46FafQAAAACABZ2ZXJpc2lnbmNs
-YXNzM2NhIFtqZGtdAAABVsJJHnsABVguNTA5AAACQDCCAjwwggGlAhA8kTHLH/bQGw6auNBE
-vxK+MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg
-SW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57GaIMtTpYXn
-Pb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAQclKpBRQZ
-MghB8MVrCsx+DyEZzeRn3F+pG+bK6HOdItiYbnMDYZHFfLBFQG5EnY2wsZZ0YS0NqUXSpJIq
-1pp1l24/U/1FmWAdqCtM+V6nCdh1MNfSZWA9Z9ZIVXVpP5H1SAtHaSJpgpa+ycg4hkp6LHMZ
-SGlOa3xlvw/8cM6IkAAAAAIAHWFmZmlybXRydXN0cHJlbWl1bWVjY2NhIFtqZGtdAAABVsJJ
-pesABVguNTA5AAACAjCCAf4wggGFoAMCAQICCHSXJYrHP3pUMAoGCCqGSM49BAMDMEUxCzAJ
-BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3Qg
-UHJlbWl1bSBFQ0MwHhcNMTAwMTI5MTQyMDI0WhcNNDAxMjMxMTQyMDI0WjBFMQswCQYDVQQG
-EwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3QxIDAeBgNVBAMMF0FmZmlybVRydXN0IFByZW1p
-dW0gRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDTBeGxWdA9CheTW3OjySesoVHM1i85wm
-XAc95VT6o9bMEur0FF/ojhmrLy5I5qwYQ3is0DfDvbLNLOZH4hrmY7g9Li94xE/b9A+kaExV
-cmuVHU4YQpV4zDc8keKbZSspo0IwQDAdBgNVHQ4EFgQUmq8pesARNTUmUTAAw2r+QNWu1jww
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwFwnz
-h4hQWq/IwEK/R1/1bGqG4MQndOQ4U9cFfxs048Yvs8oJPDed1+e4RvH9oeJxAjBCWYdD1FHf
-utMJMlrOiH5XPZxfQmv1By218IKT+VlvrmT6WOWLHuNjvrWBzW8CjHkAAAACABZ2ZXJpc2ln
-bmNsYXNzMWNhIFtqZGtdAAABVsJJPbYABVguNTA5AAACQDCCAjwwggGlAhA/aR6BnPCaSvNz
-/7lIouTdMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYT
-AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaE
-GIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7
-NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBYFSk5
-PHej2lwlA3xg+u4JmTwnEHDIDAnms4fPCuIYljVizL+bJ3mJX8nECfTOtR3fKr3l24acaCXl
-MHy2iRX+Z9Gt4VCsPHxiS4+6hNcSFRsfyl0PwVKUKhGZ2nvPDDYT1TXcEBlZ6pTBAL91j9n6
-/XYE22K7kGoD2UY12fh8WwAAAAIAFmdlb3RydXN0Z2xvYmFsY2EgW2pka10AAAFWwkmTQgAF
-WC41MDkAAANYMIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYT
-AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwg
-Q0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQG
-A1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM
-+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlC
-GDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Q
-lz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+
-OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKc
-eeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAepho
-jYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjANBgkq
-hkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57QzxpeR+nBsqTP3UEa
-BU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4d0iXrKYgjy6m
-yQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/
-IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0z
-X5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
-MwAAAAIAH2VxdWlmYXhzZWN1cmVlYnVzaW5lc3NjYTEgW2pka10AAAFWwkjXiAAFWC41MDkA
-AAKHMIICgzCCAeygAwIBAgICWeMwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxHDAa
-BgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXggU2VjdXJlIGVC
-dXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIwMDYyMjA0MDAwMFowUzELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXgg
-U2VjdXJlIGVCdXNpbmVzcyBDQS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOLxm8
-F7d33pOpX1oNF080GgyY9CLZWdTEaEbwtDXFhQMgxq9FpSFRRUHrFlg2Mm/iUGJk+f1RnKok
-2fSdgyqHCiHTEjg0bI0Ablqg2ULuGiGV+VJMVVrFDzhPRvpt+C411h186+LwsHWAyKkTrL6I
-7zpuq18qOGICsBJ7/o+mAwIDAQABo2YwZDAfBgNVHSMEGDAWgBRKeDJSEdtZFjZe38EUNkBq
-R3xMoTAdBgNVHQ4EFgQUSngyUhHbWRY2Xt/BFDZAakd8TKEwDwYDVR0TAQH/BAUwAwEB/zAR
-BglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEFBQADgYEAHKcbomcF4NP6lEGulFSDWLCy
-bLS2r85gp3byARQCjMJC4gA/ObfY02Mvuy0ipZCdw17C6sJCrMtn2/CxO5C4SCVOy/EdUKvV
-LTLPgtf1Nt1p4a9DjZ2F8qXmdXis4MAUOjfb6ROctB8qsSs6Rkb5u2NbT0jDQ1wVXl3PFz0M
-524AAAACABVzd2lzc2NvbXJvb3RjYTIgW2pka10AAAFWwkkMcAAFWC41MDkAAAXdMIIF2TCC
-A8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJj
-aDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy
-dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0z
-MTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UE
-CxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9v
-dCBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nb
-eHCOFvErjw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r
-0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3
-aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX
-6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5Q
-QQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhx
-LKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq9
-6G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyq
-W/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGD
-Ymy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q
-VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYwFDASBgdg
-hXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0OBBYEFE0mICKJS9PV
-pAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8TwuMA0GCSqGSIb3
-DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsOv2LwnN+e
-e6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82Yq
-Zh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz
-o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBf
-GWcsa0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT
-woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0
-QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED
-6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/
-wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++
-dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5wSsSnqaeG8XmDtkx2QAAAAIAEGFvbHJvb3RjYTIg
-W2pka10AAAFWwkm0pAAFWC41MDkAAAWoMIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUF
-ADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UE
-AxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAy
-MDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMxB
-RR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC206B89enfHG8dWOgXeMHDEjs
-JcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1
-m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxs
-RZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCA
-OVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0
-gBe4lL8BPeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
-Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9W6Wa
-6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZo2C7HK2JNDJiuEMh
-BnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3+L5DwYcRlJ4jbBeKuIonDFRH
-8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFE1FwWg4u3OpaaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31
-IqEjFNeeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7Pm
-G2tZTiLMubekJcmnxPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIyl
-vfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
-obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ
-1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLz
-JsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMADjMSW7yV5TKQqLPGbIOtd+6L
-fn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh1NolNscIWC2hp1GvMApJ9aZp
-hwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZ
-urGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ov
-XYO8h5Ns3CRRFgQlZvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uR
-uMRUvAawRY8mkaKO/qkAAAACABVlcXVpZmF4c2VjdXJlY2EgW2pka10AAAFWwkkDbQAFWC41
-MDkAAAMkMIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
-UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNh
-dGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UE
-BhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRp
-ZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6g
-mi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0B
-CezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLj
-UA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQG
-EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
-aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0
-MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYD
-VR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8wGgYJKoZIhvZ9B0EA
-BA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961zgK5F7WF0bnj4JXM
-JTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IW
-UrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-AAAAAgAVZ29kYWRkeWNsYXNzMmNhIFtqZGtdAAABVsJJ7FwABVguNTA5AAAEBDCCBAAwggLo
-oAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBH
-byBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTAeFw0wNDA2MjkxNzA2MjBaFw0zNDA2MjkxNzA2MjBaMGMxCzAJ
-BgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsT
-KEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQDendfqVxhJoVvr119Ihuq+3f/k72cc9GVos1dxoF53u+2b
-SelwgD1WGGMIb9ryzNA/fwJUIlQQ2LKB1MB1PUt/x3fDPnirGgO1IGsvaiuxxYh+xLsesMHY
-RSdvqjdY94cm19gt9qkXtx9yNk6mFz9lmJLbKm5dov6I4Avef+WNFeHryzrV4hKiEy3Yjq9f
-Ej2gCAUItlylZTgERZkeo2BgdMVBpXJiG2LFH29fGkK+AlFlqK4jGGr8eAOpTX+Aw/qrWvyh
-QKTKGRb+ssjvXnMN7ne9mvZ5mLyxB2eiFQ3doFjGRHsKPmIoX7pBB1NYzxF+OHTF+P+1aZCP
-hHTqlxuvAgEDo4HAMIG9MB0GA1UdDgQWBBTSxLDSkdRMEXGzYcs9of7dqGrU4zCBjQYDVR0j
-BIGFMIGCgBTSxLDSkdRMEXGzYcs9of7dqGrU46FnpGUwYzELMAkGA1UEBhMCVVMxITAfBgNV
-BAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
-MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4IBAQAyS/Oyyj6R/BLGoQeMjnegMwYUXJAeGPcIpj0KGfmHgBFuaeSWFzD/NJFjcjju
-zBwBox2UKKQx9nrEVNf25TFYA6LMzmLblEVztb9FySS11YICrSN5aY24tk3Oz0zKMyPoHIiq
-nYtBbhbJIOWJns072nD3fpkmIBRUJatuc4XmmyGdCmyCDqj4wgz6EB5slu+HDcQPYYut7oMr
-lfiOkoRyOesg6oPtg82Xbgi8604mtnMr5NP2TP4mceJhEXRK/1cahw91SC7PUWkXoAISYZXV
-0UCyEEzuxKwQQ6alngrVlWKaDc+IgsUyDOQrn0XmDZ8onLG5KlpXrTcPrx1/272fAAAAAgAV
-Z29kYWRkeXJvb3RnMmNhIFtqZGtdAAABVsJKCpgABVguNTA5AAADyTCCA8UwggKtoAMCAQIC
-AQAwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMw
-EQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
-AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0wOTA5MDEw
-MDAwMDBaFw0zNzEyMzEyMzU5NTlaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9u
-YTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAv
-BgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE
-8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB/zzFnWAOVF75fk1tnRO
-qY2CE+S2P6kDg/qivooVan/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4
-+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4w
-CjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo/brHonIgBfZ/U+dtTbWCdvyznWKu4X0b8zsQb
-AzwJ60kxXGlGs+BHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MB0GA1UdDgQWBBQ6moUHEGcotu/2vQVBbiDBlNoP3jANBgkqhkiG9w0BAQsFAAOCAQEAmdtd
-edX5l1lnA2HxfjsGMXUtoSCOT2WHtPemnLzY6S/Q21ruz3SMc7Q4QtoFe/gCdbj9pbHXrvbX
-3hPLUxB+ikbRl/q3LisRq5CwJ4D56J9a6Tefq+TfbLOFF5092SRPeZE11l8E64CDq5oCLbUQ
-9NiQxwRzQO1yJaCpn+yeq2gSmVfGjxI6CaS9RP0GFTfBm+Qyo+046Nhk8yx+FPwC6p/N/wdo
-F9sikDgteo3RVPFp418zyno9ewrjyn9fOeXidbrFdhgzzizwL0yt97Hnzk+oxJtKVAbFf33V
-CA/iHP5+F7isXvbUFrJDCQxN9qdrtJmEZcp6iOLiRL5c9+oc9QAAAAIAGHZlcmlzaWduY2xh
-c3MzZzVjYSBbamRrXQAAAVbCSVLhAAVYLjUwOQAABNcwggTTMIIDu6ADAgECAhAY2tGeJn3o
-u0ohWM3MaztKMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy
-aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsT
-MShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkgLSBHNTAeFw0wNjExMDgwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
-dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
-dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJ
-XSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuP
-G5/r9aGRwjNJ2ENjalJL0o/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl
-9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLH
-j9UESeSNY0eIPGmDy/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU/n3O4MwrPXT80h5aK7lPoJRUC
-AwEAAaOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcB
-DARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq
-1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E
-FgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAJMkSjBfYs/YGpgv
-PercmS29d/aleSI47MSnoHgSrWIORXBkxeeXZi2YCX5fr9bMKGXyAaoIGkfe+fl8kloIaSAN
-2T5tbjwNbtjmBpFAGLn4we3f20Gq4JYgyc1kFTiByZTuooQpCxNvjtsM3SUC26SLGUTSQXoF
-aUpYT2DKfoJqCwKqJRc5tdt/54RlKpWKvYbeXoEWgy0QzN79qIIqbSgfDQvE5ecaJhnh9BFv
-ELWV/OdCBTLbzp1RXii2noXTW++lfUVAco63DmsOBvszNUhxuJ0ni8RlXw2GdpxEevaVXPZd
-MggzpFS2GD9oXPJCSoU4VINf0egs8qwR1qjtY2oAAAACABVxdW92YWRpc3Jvb3RjYTIgW2pk
-a10AAAFWwkkJcwAFWC41MDkAAAW7MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAw
-RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
-b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJ
-BgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRp
-cyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCaGMpLlA0ALa8D
-KYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg
-5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtm
-UIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeV
-ikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQ
-Q7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3Fsvb
-zSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5h
-YIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
-D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xF
-SkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQli
-BJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQD
-AgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwz
-JQTU7tD2A8QZRtGUa6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExp
-bWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQAD
-ggIBAD4KFk2fBluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAX
-INzng/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/n
-JrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acv
-vFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0Q
-ADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO661V6bYCZ
-JPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYm
-Yjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh
-8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GB
-UzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t
-+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0uAAAAAgAOY2VydHVtY2EgW2pka10AAAFW
-wkj6UwAFWC41MDkAAAMQMIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJ
-BgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1
-bSBDQTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRsw
-GQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBc
-saD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVj
-hNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZf
-ECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT
-7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lv
-zs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
-AQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQaTOs9
-qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvgGrZgFCds
-MneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/0Ycn
-eeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS
-qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscwAAAAIAG3N3aXNz
-c2lnbnBsYXRpbnVtZzJjYSBbamRrXQAAAVbCSM56AAVYLjUwOQAABcUwggXBMIIDqaADAgEC
-AghOsgBnDANdTzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
-c3NTaWduIEFHMSMwIQYDVQQDExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjAeFw0wNjEw
-MjUwODM2MDBaFw0zNjEwMjUwODM2MDBaMEkxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lz
-c1NpZ24gQUcxIzAhBgNVBAMTGlN3aXNzU2lnbiBQbGF0aW51bSBDQSAtIEcyMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyt+iAuLa+PwHFrHeYKrellxkH8cvfs9n+kRC1nZj
-la7rr3IgikVHhmJ4htYgOSb0rqP9I+elnLUiIRm3N5MiwFCcgnvU1QREXMu0wp+SviTYe2ci
-4mlf5QV41IfZcXAzJVO0hzspkCg2mlVEMGikg5d/DR6cdv8VnWCXAI2KhQPsgL7qLG4QUZLM
-ftWjM9jWSd5YKq/2FutLe5Ayl7m6nVjx+FdJBB6iXQZw3XHb+d2LmhuMzz2jTc7LfPa7nKD6
-Cc4jYrLpDR/iciiPn6xoIH1vO6iFMQl/C8foZenjeA4JZzCLNIL7XeDMnYFtYu4IHgQsTpvs
-/qlPX/1peO8JH6G0v/rz75AeTAWLHup6kXrD1+X7MLxsGxBYmPcaX9ApMgMTRk1haoVMUnQv
-Bh97EeKEl8aZ821/12eDfhNo2HEoWtjO3egQFJr+bSOHbo5acDzVjQkAp6q8sDE3bciEFB5b
-vUVjIGtLdIy92zoOwc9aFo+lmPJ2ibITEjsLd3esu+U8KUqScsphGiteTOKDdHf6NUh6hU2N
-mlPE33jKl5FIK0UrAfccGqLtGLoKvYP6b7yNV5M71NSmzh7xoLHOq/0rKJpPG9fDctukxL9d
-TPXde5Zp7miA5ueYuja3/m7tK70g+GUZ2lUJfiXc/mFicvl+GALvY7TQ+6/lO2OMZ48CAwEA
-AaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUK/M
-B4cVR284xbRl0d6VqunfnMwwHwYDVR0jBBgwFoAUUK/MB4cVR284xbRl0d6VqunfnMwwRgYD
-VR0gBD8wPTA7BglghXQBWQEBAQEwLjAsBggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnku
-c3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAAiFpvUWDPxEGsFj4PlVRgj8cBxC
-KJaOt8XBQXVOCXF55W2WykuliGDQMHS4ygjctDCeQAcWa2WVdwGupLc1C4HacRWpdBc4e1jK
-+S/7wGV2jVsBuX3egj1kuL4UdKMKVNMslRgXNfVRaz+PopZhOXhrS+WmoPhT31EQk2LngC/i
-0eC8jjZGdzPsuPuOmiyJTTERDyaeBLu3BI0L8rn8Wp07FrcvyJir/opQWS6jO/wpXYvBS8ni
-ihMdsb+7Qh1S3U7YFF4QxjEH73En9xs5CdyC6ouzlYZe/fXaXTGm4DG2lOZESXTFFuX3HwNh
-KMXIyxKgQkv5a4gIjbQyGPN1n8R/AE8FlZyjFwLDs1ObqiA5KStm+p2vXrOS0rWm4Rr5LUFp
-gRS0tLXtiT3O+6mdNUJEsRwUc4HPKgE1mjHVLY9thN+ATVfjP8WEddqJxjC764/LIgigrqrx
-A2w6S00JpQ5yxlZrIUJOIyUUaK52CnwMB3Bk+Zov9gU5JsYMjxl/Q15u9FsVL9thXeZnLz8I
-lPlgtJgx2nTxhJNxTV/7YFjR+8TBbYmiuyAfnXGRyzKbEz0+fZJSNaySlKLTGMJ8x+qvdgUW
-3Wcnwn4cByIh80AKGzQHRBPChGqO3xlav3/rHeIaONFcr0eSa4C1MKXJjdirMYEf38JmN9OT
-qYWGeWXSAAAAAgAYY2h1bmdod2FlcGtpcm9vdGNhIFtqZGtdAAABVsJJ2VIABVguNTA5AAAF
-tDCCBbAwggOYoAMCAQICEBXIvWVHXK+4lwBe5AbSvJ0wDQYJKoZIhvcNAQEFBQAwXjELMAkG
-A1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBMdGQuMSowKAYDVQQL
-DCFlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMjIwMDIzMTI3WhcN
-MzQxMjIwMDIzMTI3WjBeMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNv
-bSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOElD+6N24gzdWfNrR99Ok5tndMv
-FPNjdMsBIWo36oRQB0smWwlDbCGeasjVA/VgaY/M8CLkH+f3aiIxtywV8uD+AGpD/4dlxrUa
-wadMbSJwIYox8pd0iQkSJhyeytkSopU82ulnvwigZOPWQrdF75f09vXXtUoVAlh9mFhLYLzN
-1w2aEzNT0WH5etXXeLOaM/cAhs4dTZQ4r6jseFFwilwQg1Eh9xE9NIZe5UjNl4GCNUwZ7GX2
-a8UFoe5HE9azISeUEArZJDu6vkQTRjA/lzzY19dq7js44yvUlw65G+cHSX83Kvl3eM9U7VtG
-naOADpFDwdZbXxS6n6aNJEdAWb9yOLI2bDf/mdFdDlkKq2n3wLIERXpUAK6+U/a15+H4PKMx
-0qn+IVJkxaZn8HUHBpQUgVXGJ+QBjxfBanHXvkv7lFh9fhEzsUL3YmwY1s8JaD5/bPYej2Kt
-pWPbCacfIkJBHm+Zij7X+T9AenmwpQGS0p09CBWlEAEtszJ2qJUNs3qa+wcQeBFv4Y/Hug8l
-GnQq5RyYQZnfIYfolQZqCrNqR3Zl9jrPj2IXGXsKKM0a0oMeIccsv77/YWi3Zxu7eE2Nzmfl
-5MGOtyNm4p2QdTSYqTYripqUuZ3szIqx+CWJXFq2L4wfbXkkp1Jow4Q14maNYw4lTdUZsuZ5
-N6cinVQxAgMBAAGjajBoMB0GA1UdDgQWBBQeDPe2Z/LhkiYJRcBVOS53P0JKojAMBgNVHRME
-BTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQURbDCxwpWfO5b
-eAyV+RhTwaYc2BAwDQYJKoZIhvcNAQEFBQADggIBAAmzg1NZAT6VSbnxgbr5diAjtSdgdNRq
-mTRebABT2Z/yprEkB0RqKsaljngS6EfZWBsTKl55m58KKmemJT8GaVZzw4pmSPspgVd0Bsqc
-6ijoOGcmK/HVtT9lk/g2XY6NjUAghxnq7yfAPbQ5DyV7aFB0VZwMWX1aPUGUJVII4EcsFTEZ
-1b8HVca7ErWX9F+DhbpxwdlsgRF2Cgqwv4KX9+o9+vrsLakolDtW3dJRLq7AvQgVjHdSNJbW
-m6zTHY5hDzV7m645aQtiYEAgNo+v+zbuLQhKHbi/m1z46qUboHOm2Phu4DMEX2iqJ4ft2cGQ
-nO2942o1r2PfqxjZuubpSupQig9hkx7iLRniMJQ1kl0OtgevGYCPR5BRSy5N3YXi0gpSChea
-/BqwUALlAaNjNyFMRMSbUZkRDnOcBo9ULqcoXkQ5h1YtN72FRJThDEssnMOShTRhyw+4m0pD
-Uv40On246SncdqnIMPgUcYDGHjZIdCJBXIeC6Bhxi0GJROd+WFuouI0T6adsw0ftsxqdYq6N
-guqUnt1ZEMOt3eJN4zHVx+zo8rD+kh4WChr82fP4J7bJvh20bGSQf/TkxFvXN65CDt2kGm98
-iFTFFm7hemgu+Dq/DaQ8iTt4p05jgwQhCGeN8oJJ0Fv9sc0Pg4TUPiCF90o9K5z9KgoJTeqB
-+BGcAAAAAgAXcXVvdmFkaXNyb290Y2EzZzMgW2pka10AAAFWwknI3wAFWC41MDkAAAVkMIIF
-YDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
-A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlz
-IFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNV
-BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBS
-b290IENBIDMgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJen
-MioKVjZ/aEzHs286IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIy
-C0TeytuMrKNuFoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBD
-GzXRU7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1A
-dHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+Idp
-sQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIh
-sUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzweyuxwHApw0BiLTtIadwjPEjrewl5
-qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtr
-dQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+
-IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc
-64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQADggIB
-ADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3pxKGmPc+FSkNrV
-vjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzSt/Ac5IYp
-8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQTXlm
-66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
-DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nx
-oGibIh6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBC
-H/MyJnmDhPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG
-2vd+DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlop
-NLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWV
-jUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0AAAAAgAUcXVvdmFkaXNyb290Y2EgW2pka10A
-AAFWwkmfoAAFWC41MDkAAAXUMIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/
-MQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9v
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8x
-CzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1
-lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVR
-HnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1V
-Nk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sg
-QUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
-xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4wPQYI
-KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
-ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAAB
-MIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENl
-cnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4g
-YXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp
-ZmljYXRpb24gcHJhY3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGlj
-eS4wIgYIKwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
-KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGE
-pIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQL
-ExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
-9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+Np
-GA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIg
-R13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDW
-XcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
-xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOKSnQ2+QAA
-AAIAFmFkZHRydXN0Y2xhc3MxY2EgW2pka10AAAFWwkj9XAAFWC41MDkAAAQcMIIEGDCCAwCg
-AwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1
-c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVz
-dCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw
-CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUG
-W2ulCDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0
-/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi
-56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5
-mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/
-Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsG
-A1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tER
-CSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAb
-BgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAx
-IENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X7f1y
-FqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz43J8KiOavD7/
-KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MYeDdXL+gzB2ffHsdrKpV2
-ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xrmYbvP33zGDLKe8bj
-q2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6
-tkD9xOQ14R0WHNC8K47WcdkAAAACACNkaWdpY2VydGhpZ2hhc3N1cmFuY2VldnJvb3RjYSBb
-amRrXQAAAVbCSRVuAAVYLjUwOQAAA8kwggPFMIICraADAgECAhACrFwmagtAm48LefKuRiV3
-MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx
-GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNz
-dXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBsMQsw
-CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
-cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJtnEq
-w9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGRfmO2
-q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQW3cxG42zxyRF
-mqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0BBNc
-oXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGhJR6H
-XRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUsT7DaQP4v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7DaQP4
-v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdshR/gq
-Z6q/GDJ2QBBXwYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYeaJGT2
-imbM3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34yl6L
-MYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jIdhKRVfJIadi8
-KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgSnDycv578gFybY83sR6ol
-J2egN/MAgn1U16n46S4To3foH0oAAAACABdxdW92YWRpc3Jvb3RjYTFnMyBbamRrXQAAAVbC
-SeLKAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhR4WF8urSwZS+M3BzU0Eyi1ltRlkzANBgkq
-hkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEe
-MBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAxIEczMB4XDTEyMDExMjE3Mjc0NFoXDTQyMDEx
-MjE3Mjc0NFowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
-BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAKC+UBCO6fJsQLQEnIW5McrcLeQRqQQ8G1XB51gwHSS0w++F3ows4cE934LmT61H
-h2zsW0nBStW7j+yHrH+CmobsPQOZUgHSNZ6s2vBTyWY81KwCAdok0zuoAkavpBzj+HNYdrf2
-DpANtfDPzPr5xkzlw4YwCo0XfjXrxd+7DpzAjYfjiDiFZ/o+x6vgE5wFGJjPk/WxkrT8I9PP
-1cQnSeCePJsIo4tdKiHg/DmqU9p9fs8aCVO8XQUEz6FKj4t2gg2h+NLHFHdbkDYHgZs+BvpS
-XmPFpgD+pelSG1K1kjlyAwlivbBgFm6m3SXCA2bd8wTRQOJOi4b0b+WDoCeEXgTB9ZC9MD3E
-76hpvDibpKSW0WLaacABlq7LxFE06gyq/yGOWY9KXORhmqfS6Sp4jVE9OhXuolmOqVzexfmQ
-IuWIRXHdkZlsep89PZh8Xva+FmigXq4LI/xaD6oidi3JoRAd5NNEI5CIn8Yq5tf1mrNYHi8w
-iQgbVKK1mCPsCHcclV1h0cuJnF+iSpGa7yGqSRYIqL1hKDHJdK2F9tnFsYvR5RAyTV+LIDo8
-SR8zhVkN28sJdUNpc/trcX3w38RMfcajLsiVectzoo5OTST7XuQEvnIbpictSVqZetdcCSC3
-f5S5T/ENHF6IQhsRt+eR255s9GrfjAaYA63MKO+lR/NTAgMBAAGjQjBAMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSjl9bzXqIQ4atFnzwXZDzuAXCczDAN
-BgkqhkiG9w0BAQsFAAOCAgEAGPpbdfw+esdfd8fK389fwxLEQF3UMqq4atfVFRVGmCOl5pBb
-GJlM461Co4IxNojN6fvEBJZIiwHHjQHPWzMGlkZmdB1P7cG2ubQNYcxjftcud4yWHCojaGuF
-V3ZwMxP+4U+mI3cY+hqM6L1lyc8/9MkX3OvHvMAELi1GL2lmwxuP/uw+08qUv3YKJQ2pewIc
-qdA7XwvAgTo9ZOG/py1OvU3E2CnGIhjQxaxyAoI/qjqiOiKXMd0IY8N1FLlgKC1baOAWqWaC
-I1H161PYMZt76bedS+uIFs/5XTiKSTCP7fHrGfR3GjEYTWdUbC9vZfnbPewh7F709IvKYGVU
-0XFk9Pmmo4EzNjNx8KR4X06tgyHeNEmN6FmsnfJ2WjbyE/Sv4AnHYSps9+CdrruGSihvLu60
-ec2QM8Ozdvr18GydAZD6npD2nHLPR9rDH+Q1IFPyVNHfYYOmAuIlON6FMi1ec5BSXULEzj1L
-4fkZhB3VolDMQftBFMO91slao2NmAoC9BTo7R5zsACZM9YhRv6gjfxgHsAvtiyahZNNhSutc
-n96zr2cDsx/dbV1paGmrXjrsfGm8xzuFTp4VubQVT8OVeljXyWzpbLnzKWNetCzwLT3tWmXg
-qVtAwkiZgW2eHwYqPBK0iw+boiTwpo3WeuBLtmSWY5WEwkrNHC4khzNg5cMAAAACAB1jZXJ0
-cGx1c2NsYXNzMnByaW1hcnljYSBbamRrXQAAAVbCSYPHAAVYLjUwOQAAA5YwggOSMIICeqAD
-AgECAhEAhb1L89ja42n2lNdfw6VEIzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGUjER
-MA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTAeFw05OTA3
-MDcxNzA1MDBaFw0xOTA3MDYyMzU5NTlaMD0xCzAJBgNVBAYTAkZSMREwDwYDVQQKEwhDZXJ0
-cGx1czEbMBkGA1UEAxMSQ2xhc3MgMiBQcmltYXJ5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA3FCW0BL4NdIIeHq2UnD9b+7PuRHLXXfh7Ol+BI3WzG9zQ1dgrDMKROwD
-XxyAJJHlqJFWEoL34Cv0265hLokQjWtsurMCvdU2xUg3I+LwWjdSMxcS4tFgTb4vQRHj9hcl
-DIuRwBuZe5lWDa/u0rxHV+N5SXs0iSckhN6x7OlYTv5O31q+Qa2sCMUYDu/SU+5s0J0SARON
-3IBi95WpRIhKcU5gVZ7bIxl5VgcMP2MLXLDivn4V/JQzWEE4dMThj4vfJqwftYs7t0NZa7Ak
-pm2Qi8Ry6l0zmLfL3l5775TxGz7KySHBxZgCqqL2W3eb9X6WVTQcZ2nA8ULjR6z8KBxmVQID
-AQABo4GMMIGJMA8GA1UdEwQIMAYBAf8CAQowCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTjcy3f
-yw4oDN7ds6TKebiOu+gwiTARBglghkgBhvhCAQEEBAMCAQYwNwYDVR0fBDAwLjAsoCqgKIYm
-aHR0cDovL3d3dy5jZXJ0cGx1cy5jb20vQ1JML2NsYXNzMi5jcmwwDQYJKoZIhvcNAQEFBQAD
-ggEBAKdUz4hEGcvf1H8A31YzYrX3UQGQ68M/0YhE6SRd7+cUvSC3mjwA/m2f25Dc1/Ri1otw
-XeflBEipaHzJ8ULzbH/FenwdUYi60go+J13eLVFO0xNkaeQu49PnmwmZpuCVm84a13++PM5S
-sxEVwQ8XzQO7nCUVuqJ2ifwG8RjQk0sOfIK3pfT2X/7tQKadhHQ5udwehRbaKRuGIwDJu4l+
-boCIHi8UtAMkqDJvA5pHLDC+VsanQgJwG+pA2LoFA3AHpJb//UgzCuHcpYGQm03dfefnss1c
-yGqV+KX2jcRdeAi+ewbWSc8ZNlAjLgjmngVNRxjVFumx1rYQ1buXv6KOtFQAAAACABBhb2xy
-b290Y2ExIFtqZGtdAAABVsJJt/MABVguNTA5AAADqDCCA6QwggKMoAMCAQICAQEwDQYJKoZI
-hvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4x
-NjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-MTAeFw0wMjA1MjgwNjAwMDBaFw0zNzExMTkyMDQzMDBaMGMxCzAJBgNVBAYTAlVTMRwwGgYD
-VQQKExNBbWVyaWNhIE9ubGluZSBJbmMuMTYwNAYDVQQDEy1BbWVyaWNhIE9ubGluZSBSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCoL+ikaQYDR8PpKpj/GaJwmsZQsn6l32hNG3wPtpdofS2mi5fpZIbJo++ghr9gZZxL
-VIjCSMVKOb8U41lV5Rm0dMi0BTlcFqXilQXgEq5Zi6IzaFgcptQVt9if19xxq36av5uOMw8i
-/R8u5wc272I5xd3LuiUUI94Mxj08zoII5mY+2lE7FjqjBX+g3IfVnPxyqaB9eOS3MVUeZbvU
-YbAhYO0QMnLFkiUe+JBKGHhH334wNz5QG9sc02uahlMHsO+sBnj4hJn+IY1MgLYMgvZmcHka
-00+jz/HPRrBLDz7diGK4jKkJKDt6x5fhHuX0n8DAriSgyKHZD9Z7JoJpMj2nAgMBAAGjYzBh
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFACt2aP2efZudKl/Mz2BF9dMzzPeMB8GA1Ud
-IwQYMBaAFACt2aP2efZudKl/Mz2BF9dMzzPeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B
-AQUFAAOCAQEAfIrRHxg3guC4sKPtVpXIYmGcBaLNwmImYc0QFtfMtGU00BGKraipBWbvdPNt
-X52Zr/aL++tSsgWYom8qxVS9Jb1frsiG6kYswbO9welJcBgWlwgTjCDgGy46R8se5AAwlVv0
-RaPAGrABTqu9wCNuYz+ASsUH7dzib8fBYvHjctYEyHRnC/qIq6EByG/wFK/Smc1Rk37tLjjH
-vc5GUD1y43klnZuIKxAg3aW4Mp+N4CnfIXSGgtsvgjDGxzWGs/mWX0bbDEX981DDb8bDSK1G
-puEnRwodDpu2wnd/Y/LgfRq+/ODf18enbLD5rro8/XS0EehYDYC806iAOpntdcxGewAAAAIA
-EWNvbW9kb3JzYWNhIFtqZGtdAAABVsJIyGkABVguNTA5AAAF3DCCBdgwggPAoAMCAQICEEyq
-+crbY2/gH/dO2FsDhp0wDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQI
-ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E
-TyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTEwMDExOTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYUxCzAJBgNVBAYTAkdCMRsw
-GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoT
-EUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTd
-xc9EZ3SZKzejfSNwAHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+
-XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
-ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8
-MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7Sr
-mNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/vOldxJuvRZnio1oktLqpVj3P
-b6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT8dm74YlguIwoVqwUHZwK53Hrzw7dPamW
-oUi9PPevtQ0iTMARgexWO/bTouJbt7IEIlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31Bq
-VUa/oKMoYX9w0MOiqiwhqkfOKJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKI
-f6MzOi5cHkERgWPOGHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09
-XiidnMy/s1Hap0flhFMCAwEAAaNCMEAwHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLU
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQAK
-8dVGhLeuUbtssk1BFACTTJzL5cBUz6AljgL5/bCiDfUgmDwTLaxWorDWfhGS6S66ni6acrG9
-GURsYTWimrQWEmlajOHXPqQa6C8D9K5hHRAbKqSLesX+BabhwNbI/p6ujyu6PZn42HMJWEZu
-ppz01yfTldo3g3Ic03PgokeZAzhd1Ul5ACkcx+ybIBwHJGlXeLI5/DqEoLWcfI2/LpNiJ7c5
-2hcYrr08CWj/hJs81dYLA+NXnhT30etPyL2HI7e2SUN5hVy665ILocboaKhMFrEamQroUyyS
-u6EJGHUMZah7yyO3GsIohcMb/9ArYu+kewmRmGeMFAHNaAZqYyF1A4CIim6BxoXyqaQt5/Sl
-JBBHg8rN9I15WLEGm+caKtmdAdeUfe0DSsrw2+ipAT71VpnJHo5JPbvlCbngT0mSPRaCQMzM
-WcbmOu0SLmk8bJWx/aode3+Gvh4OMkb7+xOPdX9Mi0tGY/4ANEBwwcO5od2mcOIEs0G86YCR
-6mSceuEiA6mcbm8OZU9sh4de826g+XWlm0DoU7InnUq5wHchjf+H8t68jO8X37dJC9HybjAL
-Gg5Odu0R/PXpVrJ9v8dtCpOMpdDAth2+Ok6UotdubAvCinz6IPPE5OXNDajLkZKxfIXstRRp
-Zg6C583OyC2mUX8hwTVThQZKXZ+tuxtfdAAAAAIAFWtleW5lY3Rpc3Jvb3RjYSBbamRrXQAA
-AVbCSa4jAAVYLjUwOQAAA+kwggPlMIICzaADAgECAhIRIbwnbFVHr1hO79TO1imyooUwDQYJ
-KoZIhvcNAQELBQAwTDELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUtFWU5FQ1RJUzENMAsGA1UE
-CxMEUk9PVDEaMBgGA1UEAxMRS0VZTkVDVElTIFJPT1QgQ0EwHhcNMDkwNTI2MDAwMDAwWhcN
-MjAwNTI2MDAwMDAwWjBMMQswCQYDVQQGEwJGUjESMBAGA1UEChMJS0VZTkVDVElTMQ0wCwYD
-VQQLEwRST09UMRowGAYDVQQDExFLRVlORUNUSVMgUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMb9sxeFoa0mG5VpNSE9pIj63ttgNkAXacIUY/u42cJ0FTcunNAg
-zWmNhDKihUwUtJvyJbNUKoM/Lb4P8ztk0f+gUO93TztO4T8LZIWaulh+0sNi02QlotSylzx3
-XWMqM5L8zYINm1SVh/W164zNW9HKMC/JiEa1zQ0RtBiP7tGhPl0V6CjP38OQm2zM0QxFd7M6
-64qQHemvZGqJe6k9Q3T65GciofvcTcT1YsnKJbTJgGAzqd17oAK/liUKXslfKXu0F4GLbYEZ
-0NmDXAWPQWkaaUOAn6iv4OmMkYsnK6ImYM0P8qSjAoOOGIHCF4pDFflt8x0QpFqcRGEjIXrY
-+9ECAwEAAaOBwDCBvTASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIBBjBXBgNV
-HR8EUDBOMEygSqBIhkZodHRwOi8vdHJ1c3RjZW50ZXItY3JsLmNlcnRpZmljYXQyLmNvbS9L
-ZXluZWN0aXMvS0VZTkVDVElTX1JPT1RfQ0EuY3JsMB0GA1UdDgQWBBTvtyOX0KiRf6bPpiHA
-NJ/Md0Hh0DAfBgNVHSMEGDAWgBTvtyOX0KiRf6bPpiHANJ/Md0Hh0DANBgkqhkiG9w0BAQsF
-AAOCAQEAGjFpmULC5UCFop+Sw2PUjyE5qBkh/nr8w01A8yvoS6xbTFmTxtx+C698X5WFa73H
-b7rBvvjGOmdLk8YFaT4kLfAbkcY+P+xCGJNsAySKbvkgZyt8bas0ySoiMw3XfY/u0jZkQsg1
-mm4ZYcuNZ/Bop9AkBebDF7pFrnxDtYB4A00gcwX8QxCdNWlCdZQlgiumO5AY3sGpr/Mtlb+V
-p88Yl+FZ4qKvGhZhDfcTcVOTN/08rwAdbIsUr0aWjLZSfMwtTs3h6UsK7pr+epjnKbob2hy6
-3GvNBA4mQKnrczz+UKgRJ1W9245L708Y7RX/vYaYZu6aJXE0bFDxslHLZp1NKQAAAAIAFWJ1
-eXBhc3NjbGFzczJjYSBbamRrXQAAAVbCSTesAAVYLjUwOQAABV0wggVZMIIDQaADAgECAgEC
-MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4
-MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwHhcNMTAxMDI2MDgz
-ODAzWhcNNDAxMDI2MDgzODAzWjBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBB
-Uy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA18de98EH1Hf7QyH09PVp5O4yAdujhh/kWQ2653WD
-UuvqHGEVSLsdB8qMrrDclp3qw2CShoIoc5xWBv9LZPAMKjdJteXPDHzu8Uq7czBl89Uvg7Z+
-4+f1nqtg+dPxnZJ0iuQclqxbgOm19DGHo1H8x36hb45Td9SXwVUzkj4YL3XUrYZJy5WvVAZs
-2AYTjVv/4SYZWcAkuoFxeZBEUGgklF+4sxHxKUFho0HLIzbVwfEyUBBOf/SGk+yE0468S79c
-AU4HPdwUipQKpOpz+wtR6BMHGPoO8SvRVBV9POH3tBlCZ2Jed+CiVey22WkX1TqvRO1KxZ7k
-eid85XXXqssl599rCtsPTZNOqKDNey7yWQFqtw24B4F+izgbOOYKV5k97iHoo/UMFt2L7DSO
-nCocABUXjWiD0nCfGAjNEWjVyWtSzcRGj9y189hXcx7plDkEv9PeON60U+xpHKJ+xI/kG3Ct
-8qL5+/cWZGZpn0lRouIVGGcGSn/VbLVNszPgYetdvumYDzLXHUs8LloBUpEJ8t/qjdgGQGOq
-EeT+wzeeFFI/9OLM8mGT0f1na9dSrr9oq0BDoFc1U3jwU/hhQgdkxtdvm0w4DWOsYq82i6Jz
-Cg31Ib10qk3qcgNJ28dfHWJjx/3dkewz7vVttG4waN7I1iawdV57tAcgmKF2MrhNbE8CAwEA
-AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYB34GKSgvVGnPO690zD3rijrTkw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBTXyH1urA6UjkskrBsAMnvziDv
-BvKWnumkdH96Fvy39bb7FRs/q6bAcl0QsXHuvE/jrawDbS5xLq/E462jvQwRp7T/SrJ7EBAf
-p1dBssCu9CxZ1kcQiPMhUSkwymCGr0arHe06W7CU3kTjQQiiwewd1v1PttZH0BQLyubKtXt3
-fkEfXoPHtow5lrA/loFBb2CQ4uj5+yJx2X2zPUa/tISvkBwPjxJqr+/uHnquAkqKFyt2/qxU
-iSQsTz+2sqdOjKiRl/spxntcLbnLZra3qFsSUYW1CX5ieHD+qWpgth0OeQz9yuokgHLDlz/y
-d6tDIgrH67YMhIIsgGtBigjA66Vr35kSy4rVXoAMkeAmCDZIxfo4ETX/JYMt8nq/2v2O/qXL
-RSwfxIhTrncO2Zp2xY4sHaO61ewyrsCqrPfRek3r1AfiSPcijrCkn2rOjrKyYPSjItAj65Ra
-emndD79AV6xrWVDZo5nhbv6NAXknIxXekp17CU1a50tIMFoY5gpt5o/g0rvm33xuIYLBaDlN
-tJhYZmLMSpBew/onBLF5FXSZzL6tIN4mYBzrVlGmo+rkoz+n/2Hc8VpNbDIjQ+6sqO7uShIJ
-PF1xwr55+sKHaB0L/VxpzAbQmn1UmSrJORoZr0sqQ/NjXVpY4i/jHeSp1tAK0J6/14EJ8cnH
-Jg2smBZWoAAAAAIAFHNlY29tc2Nyb290Y2EyIFtqZGtdAAABVsJJcO4ABVguNTA5AAADezCC
-A3cwggJfoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT
-HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11
-bmljYXRpb24gUm9vdENBMjAeFw0wOTA1MjkwNTAwMzlaFw0yOTA1MjkwNTAwMzlaMF0xCzAJ
-BgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYD
-VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTIwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDQFTlSsVKzusVZgsRdUq46Q2WAS8fylrzbNpfWpmSMqF7w4woc99+X
-PUuu9l3sIbVBq825fnafvvk+NjSgO8H2MRFFdJM9V4DF+YmZyuWratS12kGQEMHW1kKJwr/0
-OBKVTFQF9zbkRYN7FGXW3AxN0d5+DKs7xBW+OlamWm92aVKpernI62qaXVLQLQprNRYJEITQ
-aso6BgA3R+R+V08/i+tnuIiqxb5TVbKRxH25sIUZBngu22Ea+oX1SpGh5xbVjqI535S4cB8o
-P4v8QF5jgzyDKhqZa8/eWWo7/G8W1x/9ShDrToIWOqwnDFPxrdUksGsDUMEtPBbdRDQnGnX7
-AgMBAAGjQjBAMB0GA1UdDgQWBBQKhal3ZQWYfECB+A+XLDjxCuw8zzAOBgNVHQ8BAf8EBAMC
-AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATDqjRKy5RbHHk37ICwpC
-32TqHO5ZbAi6iV9qykqVnnqPB8XaRXKCcQ460sxvp7ShI7v2JJ/LF/6Mps7C0tvMjfxx/AMp
-wWxdM19ktmU7iW8Ydnj13KJIHxk/jpPr8foX7s1O4wQSVdbl5N37PgV84h1exqe8l09oOvXp
-LgpDtq9XXGJofLf9o4qEoKxivisJhzTwagG7mylWPP4AN88jbPFOqrZ0RhJske401eyakedE
-vpAxctVJAvYC5fQf63zZllWp/+yK+ZlH/zVaAqoEy4pbh3Epkb2ktHoNvZr1VyMAByEXP0o5
-0QVJC6e2N4GlXYyqM16BKHynfSfrAK6NNwAAAAIACm9sZGFhaXJvb3QAAAFi32KkWwAFWC41
-MDkAAAZFMIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNVBAoMCU9w
-ZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVDT01QIHNpbXBs
-ZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3DQEJARYYc2lt
-cGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNVoXDTI2MTEyNjIxMTQyNVow
-gb0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAG
-A1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNP
-TVAgc2ltcGxlZGVtbyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcN
-AQkBFhhzaW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOsAdnZAuhe
-Yrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs947MAuiqpPojPwDDb
-9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlKeCTLW+bZKeaKoWdkFxyyzykO
-oMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m
-5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfNGib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j
-79E/OZkfk/9V3Hvfy78Ss9H5uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCf
-Q6Bwd0Nm48KrJkTeySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUX
-jsHIj7Gv2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI
-vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2lG8n50YSX
-b0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0IwQDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQFQD3oWZUOVE81Qc9WSfcyqwww
-DQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pjp1R9+Q766Qhzh4EN9RFCsktCcf4pB23l
-PtFhMhIZJP5eZKLB4MUIvtmleU+DmOWfjcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6V
-Ud9vbGH66ElIg9nP7XWAE6h5DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4w
-yEEPQlpU2AewZqOUp0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYI
-eNssLnv6FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE
-a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6ygL5Oyvr
-j8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5BRyx7BswcTEtZHWHx
-D/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJAp9D+WmTJ9PdpDjiwCXCkMD3
-QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOdgxFK9q1vjhm02FAABIa+kL10CKPuRdlE
-/GsWl03WKMeT5bY3MTO3odsNXhKWA19hwUAp0gnljuFHPX7jWwruZ1eD8mQvAAAAAgARZW50
-cnVzdGV2Y2EgW2pka10AAAFWwkjuQgAFWC41MDkAAASVMIIEkTCCA3mgAwIBAgIERWtQVDAN
-BgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4x
-OTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVy
-ZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVz
-dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEy
-NzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYD
-VQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2Ux
-HzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWI
-sMn/MYszA9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQ
-gFA/CYqEAOwwCj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KK
-jbHjKYD+JXGIrb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+
-5pPi94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCB
-rTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEy
-NzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD
-+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsI
-VjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8Zynty
-TtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47Rg
-xRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72D
-QnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM
-++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m0vdX
-cDazv/wor3ElhVsT/h5/WrQ8AAAAAgAYdmVyaXNpZ25jbGFzczNnM2NhIFtqZGtdAAABVsJJ
-W+wABVguNTA5AAAEHjCCBBowggMCAhEAm34GSaM+YrnV7pBIcSnvVzANBgkqhkiG9w0BAQUF
-ADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
-ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
-IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAx
-MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
-aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEo
-YykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYD
-VQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLupxS/HgfGh5v
-GzdzvfjJa5QSME/wNkf10JEK9RfIpWHBFkBN+4phkOV2IMERBn2rLG6m9RFBjvotrSphWaRn
-JkzQ6LxSW3AgBFjResmkabyDF2StBYu80FjOjYz16/BCSQudlydnMm7hrpMVHHC8IE0vGN6S
-iOhshVcRGul+4yYRVKJFllWDyjCJ6NzYo+0qgD9/eWVXPhUgZggvlZO/qkcvqEaX8BLi/sIK
-K1Hmdua3RrfiDabMqMNMWVWJ5uhTXBzqnfBiFgunyV8M8N7Cds6v92ry+kGmojMUyeV6Y9Oe
-YjfVhWWeDuZTJHQbXh0SU1vHLOeDSTsVropouVeXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
-ABEUlsGrkgj3Py/Jsv7kWp9k3tshT4aZNHY2V93QFS/FrX8VHzdicz7U51/OFwPbNfor265g
-CV8eX49uuws96loTHgxgb7XAtSMiLgcLy6l0y0e7HcHXpWvML9JC/Undp4nPU7raAFoov4Lf
-+LoTHVCGgv2OMI8pRrAePTXaOGIWGEqt5rZRbN6vYusB0B4k/nqPEhoSaLj7ZpkUFEVcrueu
-aReBK1o3yV4q9MbioVxUm6ZUAM/w8cHHmDAaOzYW26Nu6v2tssLa7wJHE4rA8bMxrU8c4U+c
-rw8Mnfd4Ddj0NVaA2rdtF4+dHoFk4f7FRbqta7kKek5PS4TuS/F93REAAAACABxjZXJ0dW10
-cnVzdGVkbmV0d29ya2NhIFtqZGtdAAABVsJJZ94ABVguNTA5AAADvzCCA7swggKjoAMCAQIC
-AwREwDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
-ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMB4XDTA4MTAyMjEyMDcz
-N1oXDTI5MTIzMTEyMDczN1owfjELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVj
-aG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTEiMCAGA1UEAxMZQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAOP7faNyusLwyRSH9WsBTuFuQAe6bSddf/dbLbNax1Ffq6QypmGH
-tm4PhtIwApf412lXoRg5XWpkecYBWaw8MUo4fNIE0kso6CBfOweizE1z2/OuT8dW1Vqnlon6
-86to1COGWSfPCSe8rG5ygxwwct/gounS4XR1Gb0qnnsVVAQb10M5rVUoxeIau/TA5K44STPM
-doWfOUXSpJ7yEoxR+HzkLX/1rF/rFp+xLdG6zJFCd0wlyZA4b9vwzPuOHpdZPtVgTuYFKO1J
-eRNLukjbL/ly0znK/h/YNHL1tEDPMQHD7N4RLRddH7hQ0V4Zp2neBzMoylCV+adUy1SGUEWp
-+UkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCHbNywf/JPbFze27kLzi
-hDdGdfcwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCmqK0izgE9pqP/YtBI
-nYtecrB4ROPcHK8J/SNI+r0qxLlVBLUQo40n3guCY9Du3gw3eUFbIrKwmkFcpnDg1NB3yyPT
-AOBsVi/haQ0N2aq/IYFQ2QalqP+VN9Cq/uKz9ZktRYSK5UIJ13QCL/eJ2JnpvCfUR426DUYc
-d88UpBy5pDHEnCh0AzT/MxkmpekNdLc+l8Z26CeWo2bd4a7yQVvKmFaDc3DkhhrSMUG6L74t
-E1p2b07oToEOP1sDIqASvmZYEUrLA8S0KiotlhfgOVS8SNN2J52aLQamyew50qvbn5oLJwI1
-KbFAlef56JxViBlG1rc09X7OOZrZOPFR908sAAAAAgAcdXRudXNlcmZpcnN0aGFyZHdhcmVj
-YSBbamRrXQAAAVbCSPFHAAVYLjUwOQAABHgwggR0MIIDXKADAgECAhBEvgyLUAAktBHTNir+
-ZQr9MA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNV
-BAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAf
-BgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEfMB0GA1UEAxMWVVROLVVTRVJGaXJz
-dC1IYXJkd2FyZTAeFw05OTA3MDkxODEwNDJaFw0xOTA3MDkxODE5MjJaMIGXMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVU
-aGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNv
-bTEfMB0GA1UEAxMWVVROLVVTRVJGaXJzdC1IYXJkd2FyZTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBALH3wzg/tKh/zzmCUWfQbZ/S/1jz558r7A2JVJm5OJkW9+AheUjCu2F0
-EpYdPGpy1TwQZzo57SsTzWbrlQkzpGyXsejG7MF1eZxGXo2r0Gr9uSpVFxBUsxnwmvbxsV22
-p2374HEXa6KI+wDf/hoxdwyaAXqxMuMrAQc4bsOlXiO8RZt7UMHJMI/b5St601v7M0AeoNWY
-F7yLh8OJ012gjrKqqvaOaYgGxfqJIfMInWkuCTObKQ1GD4zMSTSwaVG9+QbNaK1mTLw+rGG9
-CogOyN897nwETJ0KXmuR1u7H7SiNq02HiXPQbqTQHhaLFOF2RAN/Y6zkzUmcxZL0qzKhSFsC
-AwEAAaOBuTCBtjALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoXJf
-JhsomEOVXQc31YWWnUvSw0UwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1
-c3QuY29tL1VUTi1VU0VSRmlyc3QtSGFyZHdhcmUuY3JsMDEGA1UdJQQqMCgGCCsGAQUFBwMB
-BggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMA0GCSqGSIb3DQEBBQUAA4IBAQBHGQ/e
-dMaZl6/8rShedY7rLWfuTnsr1wz/9t7LVaIK4UxUZZNga58SnK1egyzrWq7A5C30AGMduMBs
-8s9Ju02TbwamCiKySWIITv/IyBSyiBZd5wHkEpXlRTSzi2m9z7SFj3VRnn06ODoUSBLG+6c7
-Go0NgkAH6AQIkKGJyxlQ38ocAbwdBBl7EHaXO+6QkMrEDh8WbnXvM/jTb1seluPgdHd0e4qi
-bi3ddtY5MILwq5xS8irHr0lefsdo5YKByGon+SeIKtVYUJUf8DscV7t9FDliK5rJlJIqoyIM
-/4kmfV8jK0fXFR2pap5RDSpRnoH51DtecBJ/EDKcHrud+GaoAAAAAgAXZHRydXN0Y2xhc3Mz
-Y2EyZXYgW2pka10AAAFWwkoAlwAFWC41MDkAAARHMIIEQzCCAyugAwIBAgIDCYP0MA0GCSqG
-SIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV
-BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZa
-Fw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgx
-KjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpnljgJ9hBO
-lSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHhzRnp7hhP
-TFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T7WYx
-g4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
-sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pu
-re3511H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxi
-EyoZLsyvcop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGB
-hn9sZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh
-c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0
-aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2Ny
-bC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUA
-A4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt
-77JLvyAoJUnRpjZ3NOhk31KxEcdzes05nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23P
-b0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR
-10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2B
-iYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1AAAAAgAbZ2xv
-YmFsc2lnbmVjY3Jvb3RjYXI1IFtqZGtdAAABVsJI9FEABVguNTA5AAACIjCCAh4wggGkoAMC
-AQICEWBZSeAmLrtV+Qp3inH5SthsMAoGCCqGSM49BAMDMFAxJDAiBgNVBAsTG0dsb2JhbFNp
-Z24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xv
-YmFsU2lnbjAeFw0xMjExMTMwMDAwMDBaFw0zODAxMTkwMzE0MDdaMFAxJDAiBgNVBAsTG0ds
-b2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE
-AxMKR2xvYmFsU2lnbjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEdFDpb7fV2/6TnRIfifC7bV
-ex6SOkhZHPBiMS3Aeij+Gqdcs7bMl+dF1Fj60XdtQ6LAh2U0Ch963es8M6HFnU2kb0GVOH/J
-HoTr0Z5JkoeUhww6hUpmn51Zk02XYQaGSqNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
-/wQFMAMBAf8wHQYDVR0OBBYEFD3mKUib6gfKIURKJt5u3tKD0J9ZMAoGCCqGSM49BAMDA2gA
-MGUCMQDlaRLJbtvGMboJQeGX+Pv9muJ9EsntfGTTywUli1bZoOdeXU4Lg5xbdimgCSYhamIC
-MHHStY9c6jvheAmFqHWSO8hc/UjvDXQiqAjibsVJzscMvKdhafH3O+Eqy/kr82aQNwAAAAIA
-H3N0YXJmaWVsZHNlcnZpY2Vzcm9vdGcyY2EgW2pka10AAAFWwkmiwgAFWC41MDkAAAPzMIID
-7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
-B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
-bm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRp
-ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVow
-gZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
-MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFy
-ZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgP
-fTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTr
-z/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9
-rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66DQO4M99H
-67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUc
-dUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-HQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaE
-d2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/he
-yNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1zqwub
-dQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDPfUYd/x7H
-4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jzaYyWf/Wi3
-MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6AAAAAgAgdHRlbGVzZWNnbG9i
-YWxyb290Y2xhc3MyY2EgW2pka10AAAFWwklV9AAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIB
-ATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBF
-bnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
-ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0
-MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVt
-cyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
-ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqv
-NK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/
-9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVs
-qXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHm
-BiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+G
-PgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
-A1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsf
-dOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxh
-I+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA
-5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWE
-yS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lDfMjI
-q2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6FuwgAAAAIAGWFkZHRydXN0cXVhbGlm
-aWVkY2EgW2pka10AAAFWwkmxZwAFWC41MDkAAAQiMIIEHjCCAwagAwIBAgIBATANBgkqhkiG
-9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsT
-FEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0Eg
-Um9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQw
-EgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
-BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx64r1EW7t
-Tw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3KP0q
-6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o
-L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLE
-O+GRwVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QID
-AQABo4HUMIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYw
-DwYDVR0TAQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
-pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
-cnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SC
-AQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8F
-tzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRv
-xdlu3rsEQmr49lx95dr6h+sNNVJn0J6XdgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q
-8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw
-3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/w
-MLH/S5noxqEAAAACABpkaWdpY2VydGdsb2JhbHJvb3RjYSBbamRrXQAAAVbCSYbZAAVYLjUw
-OQAAA7MwggOvMIICl6ADAgECAhAIO+BWkEJGsaF1aslZkcdKMA0GCSqGSIb3DQEBBQUAMGEx
-CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
-Y2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTA2MTExMDAw
-MDAwMFoXDTMxMTExMDAwMDAwMFowYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0
-IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xv
-YmFsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiO+ERct6opNOj
-V6pQoo8Ld5DJoqXuEs6WWwEJIMwBk6dOMLdT90PEaQBXneKNIt2HBkAAgQnOzhuDv9/NO3FG
-4tZmxwWzdicWj3ueHpV97rdIowja1q96DDkGZX9KXR+8F/irvu4o13R/eniZWYVoblwjMku/
-TsDoWm3jcL93EL/8AfaF2ahEEFgyqXUY1dGivkfiJ2r0mjP4SQhgi9RftDqEv6GqSkx9Ps9P
-X2x2XqBLN5Ge3CLmbc4UGo5qy/7NsxRkF8dbKZ4yv/Lu+tMLQtSrt0Ey2gzU7/iB1buNWD+1
-G+hJKKJw2jEE3feyFvJMCk4HqO1KPV61f6OQw68nAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
-hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAfBgNV
-HSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQUFAAOCAQEAy5w3qkgT
-Egr63UScT1Kw9N+uBPV5eQijJBj8SyuEwC251cf+9MEfWMu4bZx6dOeYKasRteNwoKHNTIiZ
-k4yRcOKrDxy+k6n/Y9XkB2DTo7+dWwnx1Y7jU/SOY/o/p9u0Zt9iZtbRbkGN8i216ndKn51Y
-4itZwEAj7S0ogkU+eVSSJpjggEioN+/w1nlgFt6s6A7NbqxEFzgvSdrhRT4quTZTzzpQBvcu
-6MRXSWxhIRjVBK14PCw6gGun668VFOnYicG5OGzikWyK/2S5dyVXMMAbJKPh3OnfR3y1tCQI
-BTDsLb0Lv0W/ULmp8+uYARKtyIjGmDRfjQo8xunVlZVt3udPoMwa+5HNtuCXcGFXXPQXABoM
-
+EzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
+BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MB4XDTE1
+MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1F
+bnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1z
+MTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSX
+bcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
+3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j
+5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHG
+VK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3R
+XRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbm
+Zwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsj
+dXJ8ITzI9vF01Bx7owVV7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM
+6Nyfh3+9nEg2XpWjDrk4JFX8dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0
+LhyIRyk0X+IyqJwlN4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15d
+Wf10hkNjc0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sP
+DORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTSGwv2LFPSypBLhmb8
+qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGrhFV0d4QEJ1JrhkzO3bll/9bG
+Xp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19y
+IqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7
+bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDt
+C3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkv
+FMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol
+IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G+TaU
+33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
+kcpG2om3PVODLAgfi49T3f+sHwAAAAIAF2NlcnR1bXRydXN0ZWRuZXR3b3JrY2EyAAABfBBZ
+rUgABVguNTA5AAAF1jCCBdIwggO6oAMCAQICECHW0EpPJQ/JMjf8ql4SjekwDQYJKoZIhvcN
+AQENBQAwgYAxCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBT
+LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJDAiBgNVBAMT
+G0NlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EgMjAiGA8yMDExMTAwNjA4Mzk1NloYDzIwNDYx
+MDA2MDgzOTU2WjCBgDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9n
+aWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG
+A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAvfl4+ObVgAxknYYblmRnPyI6HnUBfe/7XGeMycxca6mR5rlC5SBLm9qb
+e7mZXdmbgEvXhEArJ9PoujC7Pgkap0mV7ytAJMKXx6fumyXvqAoAl4Vaqp3cKcniNQfrcE1K
+1sGzVrihQTib0fsxf4/gX+GxPw+OFklg1waNGPmqJhCrKtPQ0WeNG0a+RzDVLnLRxWPa52N5
+RH5LYySJhi40PylMUosqp8DikSiJucBb+R3Z5yet/5oCl8HGUJKbAiy9qbk0WQq/hEr/3/6z
+n+vZnuCYI+yma3cWKtvMrTscpIfcRnNeGWJoRVfkkIJCu0LW8GHgwaM9ZqNd9BjuiMmNF0Up
+mTJ1AjHuKSbIawLmtWJFfzcVWiNoidQ+3k4nsPBADLxNF8tNorMe0AZa3faTz1d1mfX6hhpn
+eLO/lv403L3nUlbls+V1e9dBkQXcXWnjlQ1DufyDljmVe2yAWk8TcsbXfSl6RLpSpCrVQUYJ
+IP4ioLZbMI28iQzV13D4h1L92u+sUS4Hs07+0AnacO+Y+lbmbdu1V0vc5SwlFcieLnhO+Nqc
+noYsylfzGuXIkosagpZ6w7xQEmnYDlpGizrrJvojybawgb5CAKT41v4wLsfSRvbljnX98sy5
+0IdbzAYQYLuDNbdeZ95H7JlI8aShFf6tjGKOOVVPORa5sWOd/7cCAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUtqFUOQLDoD+Oirz61PgcptE6Dv0wDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQBxpQ7O5Om/PzjViVrEAmH7TMUUFy2LT1NrEBf8ZYTH
+EEmQ3tvHJpOIJm9w1gJeOaD3j6uWtaUTXIEUbQ6BghEbik7GT6XdYh5E3wlZ9Ft3CzfpiyDG
++ApOLlgc6zPQz4Zgydr7gC+eTGCEeD0hZNb7QR8YD+fJdXG9vVzeNIc+QbAO9rnWPwkTlhQv
+3podWrlWzjU6sF9wTV7jKfEjKHJZtqvCjGYmHHcsJnY1iyinaaD5O/Uj3YUQdMmQA1aR56+6
+R9QSlxEi46JJlGznt5RLui2k2jOLTKZE/1o8xh1k2LUx5KY8eqhXC9vtYRrL8c5zd2Okh29M
+UTjW5F/Hn7aBKuSFSHlYXjv42wKCZ8E528N0Sz02Hvkpk4hoW6hEGSHwp+iBDSzokza0N7LK
+sBsmepolH5qagJ5LKj/7o5r+czJxwp7GcuGKaCfx5A+0xEylYZP4lxAHKjAlqbnIcbjvaMwt
+fvXgfg+CqG+2umyDQ3fNipIXoZ5beBY9ReIzct3hZsqZ08nFJv0NaARGrrbZm4y+Gb6xxvIZ
+41wCyizYb0oH2ck12kB18sSnGW+eQhCYdeaVi2C87cUS14rO1ZhcVpYDxe53BjX/z+TuPxNh
+7tvaLYXwza6dshgJRcOSoXIX/Ee2oAss8cTeQ2gIal878HZj+8wGLKbG4g61ub4kjwAAAAIA
+JGVudHJ1c3Ryb290Y2VydGlmaWNhdGlvbmF1dGhvcml0eS1nMgAAAXwQWa1IAAVYLjUwOQAA
+BEIwggQ+MIIDJqADAgECAgRKU4woMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
+ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRo
+b3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkgLSBHMjAeFw0wOTA3MDcxNzI1NTRaFw0zMDEyMDcxNzU1NTRaMIG+MQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRy
+dXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
+IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKK
+D/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJH
+zuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLE
+RcWMl3oGayoRn6kKbkg7b9vUERlC948Hv/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHn
+t361U7EzIuVtz3A8Gvrim2e2g/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaNCMEAwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGpyJnrQHu995ztpUdRs
+jZ+QEmarMA0GCSqGSIb3DQEBCwUAA4IBAQB5nx2WxrZ5PyKNh9OHAwRgamuaLlmJcxGsQ9H1
+E/+NOSvA8r1PcIypL+oXxAtUntQblpgzPKitYqIAdqtZaW4GHX7EuUSNmK8S1GHbChlGR/Pr
+92PBQAVApdK39LWaNr+piHaIBFUEK5yHfxo3PH4tpRrY1Ileyr2sPWzYba/V83YPzTuIOCKd
+bJOaxD2/ghtlP6YPXar85bIVyrWtxrw90ITo6gZysE05Mni/PhGcC6SdmiHz8JsLMHjbwdyH
+Q/68Y5rKxcIcyceN/zsSWAjmtj3seixO+4OWzgw8aYdUc6RzwpP/URCsFVQB2PwFsYmhf3SD
+mknX3E57ikhvi0X2AAAAAgA0aGVsbGVuaWNhY2FkZW1pY2FuZHJlc2VhcmNoaW5zdGl0dXRp
+b25zZWNjcm9vdGNhMjAxNQAAAXwQWa1IAAVYLjUwOQAAAscwggLDMIICSqADAgECAgEAMAoG
+CCqGSM49BAMCMIGqMQswCQYDVQQGEwJHUjEPMA0GA1UEBxMGQXRoZW5zMUQwQgYDVQQKEztI
+ZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENlcnQuIEF1dGhv
+cml0eTFEMEIGA1UEAxM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
+aW9ucyBFQ0MgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAzNzEyWhcNNDAwNjMwMTAzNzEyWjCB
+qjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh
+ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNV
+BAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv
+b3RDQSAyMDE1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkqBB6EuChFzi+DERmYZkTgklL51B
+LwquNU90lbJRZGuNa+Y/cJXwBURHpnI4UHaVAlqOriie+S1Ome8sSG9MJSno0XFb3x3BdTe0
+1/p7ekKcagpWWnxpC6qACSRsfsFGo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAdBgNVHQ4EFgQUtCILgpkkAQ6cu+QO/b/7lyCTmSowCgYIKoZIzj0EAwIDZwAwZAIw
+Z84WYjiirGJFp6mVJMAaJ5wyO8DA1bqp5/gEQ1OF7lIh3p31JYM+nlhLL9dnEw4hAjAF4XUB
+3mjtKh9NTAkIDexLrWQXKOd1zkVlciEXyyJBDowTmDiaVG2byuJ86gJYIpEAAAACAB50d2Nh
+cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAN/MIIDezCCAmOg
+AwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO
+LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
+EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU
+V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQ
+QeFEAcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XL
+fJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH
+9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2Rg
+XbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMB
+AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsm
+jd6LWvJPelSDGRjjCDWmujANBgkqhkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6w
+QT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1
+KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5s
+H62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvnaspH
+YcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZYiesZSLX0zzG
+5Y6yU8xJzrww/nsOM5D77dIUkR8HrwAAAAIAEHR3Y2FnbG9iYWxyb290Y2EAAAF8EFmtSAAF
+WC41MDkAAAVFMIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMC
+VFcxEjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdD
+QSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJ
+BgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNV
+BAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPS
+nIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWR
+zvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2G
+b3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJ
+Tibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2yKsi
+2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCilaLOz9qC5wc0
+GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/pyJV/v1WRBXrPPRXA
+b94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxnkjMdwLfS7JLI
+vgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MG
+z19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
+cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqS
+pqsnLhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vP
+NOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2d
+KAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3
+Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r
+7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXI
+RfmswZ/ZuepiiI7E8UuDEq3mi4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWS
+sT2RTyaGvWZzJBPqpK5jwa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVf
+P5VhK8E7zeWzaGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer
+/qmyKwbQBM0AAAACABFnbG9iYWxzaWducm9vdHI0NgAAAXwQWa1IAAVYLjUwOQAABV4wggVa
+MIIDQqADAgECAhIR0ru51yMYnkBfCp0t0N8lZ9EwDQYJKoZIhvcNAQEMBQAwRjELMAkGA1UE
+BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24g
+Um9vdCBSNDYwHhcNMTkwMzIwMDAwMDAwWhcNNDYwMzIwMDAwMDAwWjBGMQswCQYDVQQGEwJC
+RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEcMBoGA1UEAxMTR2xvYmFsU2lnbiBSb290
+IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKysdDLos2Xluu1DJh2miQ1F
+uimIsqQdY93TwSwJV4k5oVXpZzR3DG7kVR1SJdITa17hHam3fYkyXw2enyx6Y2BAH6awtniP
+mVSWCFiu5Aa8YgUCFr+vqCMDtpQPvG5swsvVprsM6fbBAvsh3mbdF6t0Qu/wdC8l9OprVVuQ
+253fXocKQPutGWv798pgiN7awY/WrtV/1DyD7tcWTINFM2sn0IbQHC1r86t98YWp9SjSre/z
+hEsch/wTozpyoloRK9YncSftgS1tZoGSh7QbWHrMPwr6Rk9NeFz4K0jjBITLXfa0arNl/EKe
+USYjIMs9FPmB7WUWAE8aZJdmCM+Me+MrwJ35FPIb8VZqFr8shYXNeDia60JqAjQYgxdOlFb4
+toK185bdPfO+fyB3PnsZI2ss1HJzQ1d94PjXaU8XNgT5wJBgN0Xe5gzYdI2unKJtdF1Cvgb1
+2WRuAhCsibBMOwdNQH4kxYqYgnmOpKeCII0j+idxyd/GQXSgTfaRFtxGjF8pYzFZcQzYb8K2
+Mn375l1Tpn4V/Lt1fF3s+PYXHOzHaxnL83vwKwel2Wx5VHZsnRymbg7peQyoI2qj3xswMZ+x
+VHv+astmqtxl0KKeSpoHIWuBj9vEWfreIsAEnOOqWzaT6D29eqGdC3axC8ed/c+YqAbC+Cqj
+oYOgtyVypQLjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G
+A1UdDgQWBBQDXKtzgYeozLCm1ZTiNpZJ/wWZLDANBgkqhkiG9w0BAQwFAAOCAgEAfHjs9gIs
+u1t+kitdOdy+2B2iQjNN+e+kKjtEaR6s2UWjTjyn2CRRslQck07E73uThWAm6glI4PW7x+lo
+0rtqMXHMea4RqPCZ/eUfvC+ozFfrdsQhpkdTVU1ovwWk7tcmq2LaQzdL4sa15bKDGTrH09tN
+ngh68+7PPmL7rOhgzNHHoVyDRcRFzPMXaxTJBAI+0iSmeekezqLnwVkVnx3iS5o+n3YILWvY
+ulcU2oPq/oxV6dBOqcx3MbFEEXpcsT7TFEUVGGIkE9LLTc5cg8E28hC1DohtuOFWn4nelmY5
+R2Qsbk2uYnu/YHQZuFaskqwWMu2taFX+mLrTNN70yWHDDob2S4Rg7g17tTJYeZFVLIFDs3Qf
+eqolnh3XoYu5zUIuBKRmg02JNbZsqDZKeSF4ItBCvNFAMZChvgTPymft9fCA02DJgyoiBdAH
+O1K/DJ6qK/m75h+PJbqFjRceAv5dUARXz/4tvO9cwBqrtp8kxt9zaEiQLBT0P1Ia5NLLFMNh
+ac/i+RjFujOfFKMEXblx97WU2PYzwVrBNIt8m92TOucTonBhn6+P69jFdfgzZtR0Zzo3d5zn
+3aQPdkNmikPyn/sMQnhj0eIPb3vUoT10l4W3SDlB1iD80Dqz+uhvxIq6cTe+i5exeDFPs+e2
+AxPOVJ2uJVnMfzVfCPdARTF4KnoAAAACABdiYWx0aW1vcmVjeWJlcnRydXN0cm9vdAAAAXwQ
+Wa1IAAVYLjUwOQAAA3swggN3MIICX6ADAgECAgQCAAC5MA0GCSqGSIb3DQEBBQUAMFoxCzAJ
+BgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAg
+BgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMDAwNTEyMTg0NjAwWhcNMjUw
+NTEyMjM1OTAwWjBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQL
+EwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowS7IquYPVfoJnKatXnUKeLh6JWAsbDjW44r
+KZpk36Fd7bAJBW3bKC7OYqJi/rSI2hLrOOshncBBKwFSe4h30xyPx7q5iLVqCedz6BFAp9HM
+ymKNLeWPC6ZQ0qhQwyjq9aslh4qalhypZ7g/DNX3+VITL8Ib1XBw8I/AEsoGy5rh2cozenfW
++Oy58WhEQkgT0sDCpK5eYP62pgX8tN0HWQLUWRiYY/WlY+CQDH1dsgZ684Xq69QDrl6EPl//
+Fe1pvPk5NnJ1z3dSTfPJkCy5PeXJI1M/HySYIVwHmSm9xjrs526GOmuXdGMzvWgYMfB4jXa/
+/J6OXSqGp02Q3CcaOQIDAQABo0UwQzAdBgNVHQ4EFgQU5Z1ZMIJHWMys+ghUNoZ7OrUETfAw
+EgYDVR0TAQH/BAgwBgEB/wIBAzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEB
+AIUMXY7kb1FoQgWg3btPJyWEA733ZP0t1zDjpBAX69opKbZ5P3b2GRMjuBAK+Vik1GFwvQRh
+ahKKF9UKvcW8MHzW6QwljYZAT+zMo344xjcRT+3daDGOTNKzAXTuvnVeB0gaf3D/FlyEwHmF
+uAX9f75lEaMPwAK0+FI3OQTVqTF6GL+gKvQSmfejRYLjPF71nZ61yJ58Lsiknk4IFEtt/XBt
+axpjvWTmH7fO8PKfLrsbt/JQiHOSwuLjFo2aMgKrjhjd6RAR7n41q5CvPjCUetAzPadlD/X8
+jp5iz0dELAFdux21MtJH0jgu0P6B3DJqHrXuPNX854EdGcMkQupjOakAAAACABNidXlwYXNz
+Y2xhc3Mycm9vdGNhAAABfBBZrUgABVguNTA5AAAFXTCCBVkwggNBoAMCAQICAQIwDQYJKoZI
+hvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3
+MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTAeFw0xMDEwMjYwODM4MDNaFw00
+MDEwMjYwODM4MDNaME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2
+MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDXx173wQfUd/tDIfT09Wnk7jIB26OGH+RZDbrndYNS6+ocYRVI
+ux0HyoyusNyWnerDYJKGgihznFYG/0tk8AwqN0m15c8MfO7xSrtzMGXz1S+Dtn7j5/Weq2D5
+0/GdknSK5ByWrFuA6bX0MYejUfzHfqFvjlN31JfBVTOSPhgvddSthknLla9UBmzYBhONW//h
+JhlZwCS6gXF5kERQaCSUX7izEfEpQWGjQcsjNtXB8TJQEE5/9IaT7ITTjrxLv1wBTgc93BSK
+lAqk6nP7C1HoEwcY+g7xK9FUFX084fe0GUJnYl534KJV7LbZaRfVOq9E7UrFnuR6J3zlddeq
+yyXn32sK2w9Nk06ooM17LvJZAWq3DbgHgX6LOBs45gpXmT3uIeij9QwW3YvsNI6cKhwAFReN
+aIPScJ8YCM0RaNXJa1LNxEaP3LXz2FdzHumUOQS/09443rRT7Gkcon7Ej+QbcK3yovn79xZk
+ZmmfSVGi4hUYZwZKf9VstU2zM+Bh612+6ZgPMtcdSzwuWgFSkQny3+qN2AZAY6oR5P7DN54U
+Uj/04szyYZPR/Wdr11Kuv2irQEOgVzVTePBT+GFCB2TG12+bTDgNY6xirzaLonMKDfUhvXSq
+TepyA0nbx18dYmPH/d2R7DPu9W20bjBo3sjWJrB1Xnu0ByCYoXYyuE1sTwIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTJgHfgYpKC9Uac87r3TMPeuKOtOTAOBgNVHQ8B
+Af8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAFNfIfW6sDpSOSySsGwAye/OIO8G8pae6aR0
+f3oW/Lf1tvsVGz+rpsByXRCxce68T+OtrANtLnEur8TjraO9DBGntP9KsnsQEB+nV0GywK70
+LFnWRxCI8yFRKTDKYIavRqsd7TpbsJTeRONBCKLB7B3W/U+21kfQFAvK5sq1e3d+QR9eg8e2
+jDmWsD+WgUFvYJDi6Pn7InHZfbM9Rr+0hK+QHA+PEmqv7+4eeq4CSooXK3b+rFSJJCxPP7ay
+p06MqJGX+ynGe1wtuctmtreoWxJRhbUJfmJ4cP6pamC2HQ55DP3K6iSAcsOXP/J3q0MiCsfr
+tgyEgiyAa0GKCMDrpWvfmRLLitVegAyR4CYINkjF+jgRNf8lgy3yer/a/Y7+pctFLB/EiFOu
+dw7ZmnbFjiwdo7rV7DKuwKqs99F6TevUB+JI9yKOsKSfas6OsrJg9KMi0CPrlFp6ad0Pv0BX
+rGtZUNmjmeFu/o0BeScjFd6SnXsJTVrnS0gwWhjmCm3mj+DSu+bffG4hgsFoOU20mFhmYsxK
+kF7D+icEsXkVdJnMvq0g3iZgHOtWUaaj6uSjP6f/YdzxWk1sMiND7qyo7u5KEgk8XXHCvnn6
+wodoHQv9XGnMBtCafVSZKsk5GhmvSypD82NdWljiL+Md5KnW0ArQnr/XgQnxyccmDayYFlag
+AAAAAgAXZGlnaWNlcnRhc3N1cmVkaWRyb290ZzMAAAF8EFmtSAAFWC41MDkAAAJKMIICRjCC
+Ac2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJVUzEV
+MBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
+VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgw
+MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
+VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8Q
+dJ+1YlJfZn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q
+RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFF
+AmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJj
+OpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv6pZjamVFkpUBtAAAAAIAFmNlcnR1bXRy
+dXN0ZWRuZXR3b3JrY2EAAAF8EFmtSAAFWC41MDkAAAO/MIIDuzCCAqOgAwIBAgIDBETAMA0G
+CSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xv
+Z2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAg
+BgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkx
+MjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dp
+ZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYD
+VQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
+l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZ
+J88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKk
+nvISjFH4fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv
++XLTOcr+H9g0cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE
+49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+Fp
+DQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmk
+McScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhO
+gQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/no
+nFWIGUbWtzT1fs45mtk48VH3TywAAAACABdkaWdpY2VydGFzc3VyZWRpZHJvb3RnMgAAAXwQ
+Wa1IAAVYLjUwOQAAA5owggOWMIICfqADAgECAhALkxw61jln6mcjv8OvmvRLMA0GCSqGSIb3
+DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT
+EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYD
+VQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMT
+G0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANnnKC9SPzZySYiTNPP4ah4xVICfrVRBtUfflqjUr4AtuQrPdf2JpX0k+uMiDCu8
+lRcLM78ZTUEGkAC9DE0Q/ge15xxuIlUxZZe90xfSHmLz2+psUIw/hAyWz7fLA+DKbaEUTBuJ
+3e0AsFJ8r5FssTgT0ekSCMAAsBwrEdp3cDabrs55h9yCcOYJdHBVaa+jaJ+/3bZ5s/KdcClV
+9Kv/lWHzyUBvHdG+k7vTiCq7nb9yWlZxOz/U89EK/ijvo+7Zma8D049gt/KSobG9iYkfMM3D
+pi5iM64WAndEWueBCjynRC55uD8EvFygh+Ebr1GOzews+vj+bfA6fKqL5GeVMY0CAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFM7DSrmZVfK4
+22C/qX69VrWXNqfWMA0GCSqGSIb3DQEBCwUAA4IBAQDKpVWM48hBbmknp3UR7zyGNm/SncZ4
+OB1plqKSaS44bJt9BNSJpbExN4rJIcyrbM2LHJrWv0jSMmbBisDzLzrvwOPUkYbRUOMD23N3
+b0o5U+3eJse1fa8rQtF1YuNKKwLHUEvgaeKWbA5EZhBEj60F6/h5rKYb6Dc0nVPJYaqiUq9K
+cBaGwjrIsRNwNtjP7vQKNNVbTP0HnKK62QFyXPNNwd0OsRwNxGO+rfQU+4nsokEOTMzIV0DQ
+bgOqzQyOiZmZbPA8MK8432+8o74pICerdP8TInjel1JVHoO1VCAD7q7AT1beN8zDf6oEJ7vT
+d7hi2xd8nCgiE3Nszyb1iinnAAAAAgAKaXNyZ3Jvb3R4MQAAAXwQWa1IAAVYLjUwOQAABW8w
+ggVrMIIDU6ADAgECAhEAghDPsNJA41lEY+C7Y4KLADANBgkqhkiG9w0BAQsFADBPMQswCQYD
+VQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTAT
+BgNVBAMTDElTUkcgUm9vdCBYMTAeFw0xNTA2MDQxMTA0MzhaFw0zNTA2MDQxMTA0MzhaME8x
+CzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91
+cDEVMBMGA1UEAxMMSVNSRyBSb290IFgxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAregkc/QUN/ObnitXKByHvty33ziQjG485legePd1wqL+9Wpu9gBPKNveaIZsRJO2sWP9
+FBJrvx/S6jGbIX7RMzy6SPXded+zuP8S8SGaS8GKhnFpSmZmbI9+PHC/rSkiBvPkwOaAruJL
+j7eZfpQDn9NHl3yZSCNT6DiuTwpvgy7RSVeMgHS22i/QOI17A3AhG3XyMDz6j67d2mOr6xZP
+wo4RS37PC+j/tXcu9LJ7SuBMEiUMcI0DKaDhUyTsE9nuGb8Qs0qMP4mjYVHerIcHlPRjcewu
+4m9bmIHhiVw0eWx27zuQYnnm26SaLybF0BDhDt7ZEI4W+7f3qPfH5QIHmI82CJXn4jeWDTZ1
+nvsOcrEdm7wD+UkF2IHdBbQq1kHprAF2lQoP2N/VvRIfNS8oF2zSmMGoCWR3bkc3us6sWV5o
+nX9y1onFBkEpPlk+3Sb1JMkRp1qjTEAfRqGZtac6UW6GO559cqcSBXhZ7T5ReBULA4+N0C8F
+sj57ShxLcwUS/Mbq4FATfEOTdLPKdOeOHwEI0DDUW3E2tAe6wTAwXEi3gjuYpn1giqKjKYLM
+ur2DBBuigwNBodYF8RvCtvCofIY7RqhIKojcdpp2vx9qpT0Zj+s482TeyCsNCij/99viFULU
+ItAnXeF5/hjncIitTubZizrG3SdRbv+8ZPUzQ08CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26ZtuMA0GCSqG
+SIb3DQEBCwUAA4ICAQBVH1ipvLKoUNAMsdgaaSAnKQisYXVcim74guVpL9X2Vku5uHMQWdMh
+l37nTHH7stJgrTmoC+oXIVaF8VAOWevO4FnpuskV74adj4SA9uTpkZDcF5tiG0XwZpXSfG/C
+6jvvH8/L1q4n8amwyK79fX6a+iIE6//Zf+qRKyKxFw6P8oo0W1jY/AHJVLm4JsyKiDOJTC2E
+PILf7pZXBbosu/fEt8dOO4K+Mcgic3OS0cKApDk5EDMjgkw8n4ayVZgdvimGjCKbnuJrO1c6
+gnBN3AnHicsKB01s6F2Oye/Oq8e7tStORdZK0CbM5XLKCGqlleMVofek7cksX6X7/6woAi6+
+13u743F7kBbTB15GU3w3B0KM08SWnNWZtSrglRqASK5MOQfOzEekUpUrurj7rdIzU33lHU1t
+1aGxx0Jv5kAnNVyjKLcHjeeNM5DnI5/7UJx5bEbVtBWzlm5+mwyWOrhSLT/WW+H7CMKE/iSo
+o4narGrhGCqxqENhW9Mf3DuNdvIt6I113xczbD1T+3vLQV//3KLQYTjhlrisXYs313XVM8CZ
+Ea6dQcFydYS+AkFCX2ckSJTRmye+Bz+5uE+BdFHherftnSPivuDVKAQTPDEDnt16bI/GBxjG
+f95Hjj8ongQGz6VUNHe97Imb6RdD31vbX/6OHleizUCdfmIi2t4YJwAAAAIAGXVjYWV4dGVu
+ZGVkdmFsaWRhdGlvbnJvb3QAAAF8EFmtSAAFWC41MDkAAAVeMIIFWjCCA0KgAwIBAgIQT9Ir
+j/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwI
+VW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUw
+MzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5p
+VHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog
+D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
+Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r
+3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJ
+Hx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1
+kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhT
+A8ykADNkUVkLo4KRel7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fV
+UbGAIAEBtHoIppB/TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfb
+lLkWU41Gsx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs
+1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQAB
+o0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsa
+GvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAURap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZL
+cpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8
+dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC7
+8zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliR
+n+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj
+2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWOvpaQXUJX
+xPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOcGMyNm43s
+Set1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSidjzU
+LZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
+dhh2n1axAAAAAgAGZWMtYWNjAAABfBBZrUgABVguNTA5AAAFWjCCBVYwggQ+oAMCAQICEO4r
+PevUId4UqGKsBPPdxAEwDQYJKoZIhvcNAQEFBQAwgfMxCzAJBgNVBAYTAkVTMTswOQYDVQQK
+EzJBZ2VuY2lhIENhdGFsYW5hIGRlIENlcnRpZmljYWNpbyAoTklGIFEtMDgwMTE3Ni1JKTEo
+MCYGA1UECxMfU2VydmVpcyBQdWJsaWNzIGRlIENlcnRpZmljYWNpbzE1MDMGA1UECxMsVmVn
+ZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwgKGMpMDMxNTAzBgNVBAsTLEpl
+cmFycXVpYSBFbnRpdGF0cyBkZSBDZXJ0aWZpY2FjaW8gQ2F0YWxhbmVzMQ8wDQYDVQQDEwZF
+Qy1BQ0MwHhcNMDMwMTA3MjMwMDAwWhcNMzEwMTA3MjI1OTU5WjCB8zELMAkGA1UEBhMCRVMx
+OzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0wODAx
+MTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD
+VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMG
+A1UECxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzAN
+BgNVBAMTBkVDLUFDQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMix0/il0KV
+iEeDQPYdF/ODcyQeUfOYisOSuP9AkAVwh2DJAKm1lGUZIhUXwkNsZkSaDQQ+OW+lS3qqY7eK
+RJ3ZY5GEZuAoD7pC426O9xQnk2nukQ6jXw6x62aick8SE4Zlej7bTwf0pwlg2jpCmceyf7MW
+lRzH+TS1lIXVmV6gSKB+5xdluKJ1uB7z5UJ9r+3zikhkXYIUk9jA5P+zUHLydvazXUJQedCU
+PmsMAL7Yaw5OKuw+0syCohhlMxN3nppdGhPYw9s9yJd67nDtp+Z823HPLZRi323W9Ti+P6WF
+Chm4qNgJdUJwxOrvyw7INKgSIpgMuBOUtkvs8NCQ5ycCAwEAAaOB4zCB4DAdBgNVHREEFjAU
+gRJlY19hY2NAY2F0Y2VydC5uZXQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFKDDi0SqN6VFv5eAWtHxeKKb6V2NMH8GA1UdIAR4MHYwdAYLKwYBBAH1eAED
+AQowZTAsBggrBgEFBQcCARYgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwwNQYI
+KwYBBQUHAgIwKRonVmVnZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwgMA0G
+CSqGSIb3DQEBBQUAA4IBAQCgSFuCAfZNSLg5VTWcgHpTmdVa/7FxO8w5CZRe1trvvgFbXdMe
+2P19T82gQeA0k7/L4oacN5KQVhzc6ykF5cSexzXfigzNxSFD6aqI5TXAGUJjWgJepEgYOoVv
+3J28P52cwYe4emEI6XcLf3Cret3ZlyxkHoW/vHSWocN6EuwMGm6DDDzockaf+0jVXpfmsaH4
+5O9GJZScidtpOL7sXA5Wx2VR5VCIiL9C1Ss95fm6ni6zyvRzkgILvkxm6yD+ucu1mX/mthP6
+yktN2e5TRgY7xk6tk1qBfmwqS2oFRYzyIaQxkIdsZZydpWCVOlJ/9dGrCG7z7lv5iD1+uG9u
+A+RCAAAAAgAmc3NsLmNvbWV2cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHllY2MAAAF8EFmt
+SAAFWC41MDkAAAKYMIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkG
+A1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T
+U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYD
+VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NT
+TCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNvbSBFViBSb290IENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCC
+ogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1
+OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG2
+2XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX
+5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZytRrJPOw
+PYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mmm7I1HrrW9zzR
+HM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSgAAAAIAFGRpZ2ljZXJ0Z2xvYmFscm9vdGNh
+AAABfBBZrUgABVguNTA5AAADszCCA68wggKXoAMCAQICEAg74FaQQkaxoXVqyVmRx0owDQYJ
+KoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
+A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3Qg
+Q0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBhMQswCQYDVQQGEwJVUzEVMBMG
+A1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQD
+ExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOI74RFy3qik06NXqlCijwt3kMmipe4SzpZbAQkgzAGTp04wt1P3Q8RpAFed4o0i3YcG
+QACBCc7OG4O/3807cUbi1mbHBbN2JxaPe54elX3ut0ijCNrWr3oMOQZlf0pdH7wX+Ku+7ijX
+dH96eJlZhWhuXCMyS79OwOhabeNwv3cQv/wB9oXZqEQQWDKpdRjV0aK+R+InavSaM/hJCGCL
+1F+0OoS/oapKTH0+z09fbHZeoEs3kZ7cIuZtzhQajmrL/s2zFGQXx1spnjK/8u760wtC1Ku3
+QTLaDNTv+IHVu41YP7Ub6EkoonDaMQTd97IW8kwKTgeo7Uo9XrV/o5DDrycCAwEAAaNjMGEw
+DgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAPeUDVW0Uy7ZvCj
+4hsbw5eyPdFVMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
+BQUAA4IBAQDLnDeqSBMSCvrdRJxPUrD0364E9Xl5CKMkGPxLK4TALbnVx/70wR9Yy7htnHp0
+55gpqxG143Cgoc1MiJmTjJFw4qsPHL6Tqf9j1eQHYNOjv51bCfHVjuNT9I5j+j+n27Rm32Jm
+1tFuQY3yLbXqd0qfnVjiK1nAQCPtLSiCRT55VJImmOCASKg37/DWeWAW3qzoDs1urEQXOC9J
+2uFFPiq5NlPPOlAG9y7oxFdJbGEhGNUErXg8LDqAa6frrxUU6diJwbk4bOKRbIr/ZLl3JVcw
+wBsko+Hc6d9HfLW0JAgFMOwtvQu/Rb9Quanz65gBEq3IiMaYNF+NCjzG6dWVlW3eAAAAAgAY
+ZC10cnVzdHJvb3RjbGFzczNjYTIyMDA5AAABfBBZrUgABVguNTA5AAAENzCCBDMwggMboAMC
+AQICAwmD8zANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1UcnVz
+dCBHbWJIMScwJQYDVQQDDB5ELVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyIDIwMDkwHhcNMDkx
+MTA1MDgzNTU4WhcNMjkxMTA1MDgzNTU4WjBNMQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1U
+cnVzdCBHbWJIMScwJQYDVQQDDB5ELVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyIDIwMDkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTskrPekfvdZsj+jov1lBFiTU6xmvb/tsA
+aKjgAxEdN1AIn01KaJQ1s1PRlGOnIFav3lF47Co980hIUD4K30ZViydtwxBNDZFSQ9iH4F1O
+NrUhyl85QARfW37Mo8YrqUAe2TaE1kjzkh40RiAkwaRRjkoa71A/aV0Zf0XDxwGPUckj6HKu
+tLxWCX8SyxyxrymQCslVzA/TtBrtRzVaSu2ccwQh0Kq9DBO1AMombMRrDJRalZTaUJrx/6Ur
+ZjGkyTig3x0fuAku86foZ1KrlR/gRj7YpMPKWsUxgOhImp+Uaf4Z3dhzfIHKlt6O7bMyBWWE
+NObm/VcQtV92vy+wEA3FAgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBT92hTEnzDeIb0eQjn8q2MjSeDxhDAOBgNVHQ8BAf8EBAMCAQYwgdMGA1UdHwSByzCByDCB
+gKB+oHyGemxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3Ql
+MjBDbGFzcyUyMDMlMjBDQSUyMDIlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0
+aWZpY2F0ZXJldm9jYXRpb25saXN0MEOgQaA/hj1odHRwOi8vd3d3LmQtdHJ1c3QubmV0L2Ny
+bC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yXzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IB
+AQB/l9swyN+knH0heoBwzhQSaYgUlWBEAayy6TBPm1DCZth+jTC1cDHp4mnH83DbIBWG0A3w
+vqwBdYTOfp9Nv7dgO5zzyh3iXmjYo52X5UBg0jYh/tC0uBfadKN/1N+wmAKsb2trLCUkcqFl
+7iVa5eYy5/Lfq0n685BpI9sE2edcWPxl1Je+zPwuCswlKjUE+GCRFXU9Qf8jHxnIbOuCUwSm
+5EwiTY2Mus5bc+xkVFBt0ZxV+2nDNsOMvDyFpmsKJg3gk5hgrn7GJJeKYV+RjmaSCYc2zYub
+LT72UdRQ1FkovYPyzCh7U4Zt2CaIcNfqkc0+ucrAkG5axl50Zddc/qPiAAAAAgAsc3RhcmZp
+ZWxkc2VydmljZXNyb290Y2VydGlmaWNhdGVhdXRob3JpdHktZzIAAAF8EFmtSAAFWC41MDkA
+AAPzMIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAO
+BgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVs
+ZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290
+IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290
+dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQD
+EzJTdGFyZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58g
+E20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpW
+riu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYA
+cMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66
+DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8
+viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IB
+AQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSd
+HynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdBy
+Pq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDP
+fUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
+YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6AAAAAgAOY2VydGln
+bmFyb290Y2EAAAF8EFmtSAAFWC41MDkAAAZfMIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZB
+bcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3Rp
+czEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9v
+dCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIw
+EAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAXBgNV
+BAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDN
+GDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgXstmzy9YXUnIo
+245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyzKNAT8kxO
+AkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJ
+hFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
+XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQw
+FsWq4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBB
+e3YzIoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1
+VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10
+TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDa
+xIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1Ud
+IwQYMBaAFBiHVuBud+4kNTxOc5of1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsG
+AQUFBwIBFiNodHRwczovL3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBk
+MC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+g
+LYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkqhkiG
+9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L6btdPrtcPbEo
+/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRGHVyH41neQtGbqH6mid2P
+HMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq7q89w1DTj18zeTyGqHNF
+kIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6p
+K0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hik
+LyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHb
+ugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3
+zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
+aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LO
+PNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0AAAACABNhdG9zdHJ1c3Rl
+ZHJvb3QyMDExAAABfBBZrUgABVguNTA5AAADezCCA3cwggJfoAMCAQICCFwzy2IsX7MyMA0G
+CSqGSIb3DQEBCwUAMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UE
+CgwEQXRvczELMAkGA1UEBhMCREUwHhcNMTEwNzA3MTQ1ODMwWhcNMzAxMjMxMjM1OTU5WjA8
+MR4wHAYDVQQDDBVBdG9zIFRydXN0ZWRSb290IDIwMTExDTALBgNVBAoMBEF0b3MxCzAJBgNV
+BAYTAkRFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYU7l28qOy47z6bzKTW+
+zxisPqrZ+E2gPhpHubya3/L+zD5H6HqWwiSONfSpDPyC/W3BcmInvepr6+eKzFQ+kFDPgNSV
+++i1gtQUxbapVSVX27FQ9rBgZFl6ac8Dt28Nvso+b3Ry6qowKnNivkmRYcgR/g4DKvdqINwC
+FQ1eFWr844LBtcWdZAlso1mYByfHG5YrYXRxbEPx9zWJEOCe7FWhNyKihwQFLEd9tBy5Yilm
+KMq34ZP1pJQDmblwhbXmSOqNUPzZ3sxvBw7dC3KdgDAWB5U/KA79xXVPU9Z0mrQkLo4Ckc92
+xZseVXSceCGx8C3xC5/C1ZYYH/BUInqMBwIDAQABo30wezAdBgNVHQ4EFgQUp6UGsSymCWDu
+0ZfpcK68Oxls2yEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSnpQaxLKYJYO7Rl+lw
+rrw7GWzbITAYBgNVHSAEETAPMA0GCysGAQQBsC0DBAEBMA4GA1UdDwEB/wQEAwIBhjANBgkq
+hkiG9w0BAQsFAAOCAQEAJnc025RIhipBnSw+BpBgxIysC1S4H7l70wc55Po+e7I9Tu2fI72X
+82tc7+79QKbfoZOhCoas7yDQeQG9ePcZ2CQxNAQBproVmsMn3NhPD8wYY/+ZDw6Ra3UW4SH8
+2CbHR7emz1hycX664U2VRzvJr22htMHsifa0Dzi14mTcJc+m2+uaXJmhxQje/eba1dZaRQzE
+t8K1FO+0Ef8OFbX19dvGvetap/BWIqk8ZVTGFai9hp7Ng5ZoenGBieEL4eoRG2gIzGme7J5B
+nkQyJnrihwpxPevkWqTS28XNxt5gf7nzT0SS7yq3GD6nGdkLfbE3QUKwumAd8v4JEbDwh3un
+nQAAAAIAE2NlcnR1bXRydXN0ZWRyb290Y2EAAAF8EFmtSAAFWC41MDkAAAXEMIIFwDCCA6ig
+AwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQGEwJQTDEh
+MB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew
+HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UE
+ChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EG
+ze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVc
+JdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4p
+Z1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2J
+u7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfj
+vqm6f1bxJAPXsiEodg42MEx51UGamqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87
+Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkE
+th2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZ
+Ru0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQv3y1
+zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6Tsd2tTVItQID
+AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1vALTn04uSNn5YFSqxLNP
++jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QALLtA/vBzVtVRJHlpr
+9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0E
+TsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc6
+4vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyq
+OhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA
+4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9
+NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+ysh
+zWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugD
+Q5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v
+40URFWkIsr4WOZckbxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyR
+VJ12AMXDuDjbAAAAAgAaaWRlbnRydXN0Y29tbWVyY2lhbHJvb3RjYTEAAAF8EFmtSAAFWC41
+MDkAAAVkMIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3Qg
+Q29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBK
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3Qg
+Q29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn
+UBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZsh
+q0PirK1ehm7zCYofWjK9ouuU+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN
+2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9
+t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
+T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCLvYf5jysj
+CiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjKVsk9+w8YfYs7wRPC
+TY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzVWYfCP04MXFL0PfdSgvHq
+o6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAgxGds8AgDelWAf0ZO
+lqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6
+aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcN
+AQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqa
+s6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cnd
+JZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7v
+mrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0
+jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpC
+dNTDd1lzzY9GvlU47/rokTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyq
+orkqG5w2gXjtw+hG4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0
+K+l+J6fZmUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
+7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HAAAAAgAbc3RhYXRkZXJuZWRl
+cmxhbmRlbmV2cm9vdGNhAAABfBBZrUgABVguNTA5AAAFdDCCBXAwggNYoAMCAQICBACYlo0w
+DQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRl
+cmxhbmRlbjEpMCcGA1UEAwwgU3RhYXQgZGVyIE5lZGVybGFuZGVuIEVWIFJvb3QgQ0EwHhcN
+MTAxMjA4MTExOTI5WhcNMjIxMjA4MTExMDI4WjBYMQswCQYDVQQGEwJOTDEeMBwGA1UECgwV
+U3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+RVYgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOPHfon5JEs60jOD
+NSxp7NwJpONRqCUrebgIPeCRuoSFxoWkyubJLlOkySQe/VVmcV0sxWBoBLfZwlImOIik1jtA
+psLNP82Yk7NUFFiWVdVQ/oatpGN/XIf2juYnkmcXkgIDLNzWZnTt3Wf/wWGNY08Pm20XMCbv
+q9IfEKD5xX8WaYEDR+0eaI1yoU2yJsa6bF9t1q/RsROOqa3zXml1Jhg+QSshf+6LXQcGnUPE
+KQor/Co+hss8gzr5yQ3axZnivHhBM3bhvy9d5aSYUAwV3eD6nH84aNCypnqn0TG9fopYJ0Oz
+ujOR06eYFVya5tMPddn8QZiXPqol24+SLrB7DF/xY6k3+Zt1aUwoJiXa1fIScEVV499zXjf1
+IWyQjjVaydMj69PAvnisQihYZqVGbXAC1xD5S1T8XYZKh89/ykWsEVq1IFGNL4hHlznAz7rA
+QgFAmUghC2un0v2W1dG+Rp1J4AumoCJOONDBPDC8cI8sdczQxYxROz2UCGQmYX25w2WPFJwh
+0Kr9F3IDj72bjOZeU565ne+Cu+G84nJBWyGU00U3lNHfCTld5yOqmh3KbagKhoWKgr5CB9by
+OIJz2odb5TzTnj6nO570A7P58X0TdAL/u6Hl+gB5HKZmQYhcYFemLgnEuv2az6cfQMO7zFoK
+VUs7OHZRuGOLhJQW5lbzAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBT+qwCQmJ4k/KnMGor7J7i/MG6oOzANBgkqhkiG9w0BAQsFAAOCAgEA
+z3csbla+TrO2hACUq0fJDdJ2x4afHQfTtrS7CHivadILSd4zxaytwogCfQa3NQLBYMm/xOiU
+3tTTqRMlWv5uoq59Bdx982zwfqaN7tnXzlgX6KkprnNIh+ebym4poWRfGRP3rgYQ/1HGm01V
+JU+TmRABU3XxE87HpkFB0r+IpX9F/Ky4pbUzDILE+wf2auUlhF8GysGGORHbWM13OyzCTA9e
+muPwqz5hG1AkwsD08RnwESm2pRgCm9djTHCMR6MDQ1y5XUagDW//WY6+3Z9yw1sr34xbzuUM
+RmySsgqjTFRCGBUSGL3a/Lp0bv/BtqBk2KlfVa6fXGp2lthzZ4f7TX9c7mnKcxD7iqn9nr02
+OElJh/QOFPDph7g/p096Wo551JPku2hShKxs6fOYcFVyMvk0qytJtc0gYuQ6emdjq5bcba6X
+7PyfdlaILmbPW7bJpLDXBbrhJy+TuyYqopOwG/OOvh1Ao7k2jz6CGhpeiOpQ+Fnig0YpC+NE
+XOGVtmmQmhRvl66Bz2jvmZq+tefhf/j6E0cWTMxtCEDni3hvUIJEUD9mBoqrQ4RWSg8gLYYO
+9dLb0nqKS82l6E7xXiYlAVkjoH7S9n4hV9cnvBVXTKRGweCDHgxMTR9PBhni+aj0OoKhsnlD
+edatb3onkAOk6iSHP9m92enyX1BJHO7s1y4AAAACACV0dWJpdGFra2FtdXNtc3Nsa29rc2Vy
+dGlmaWthc2ktc3VydW0xAAABfBBZrUgABVguNTA5AAAEZzCCBGMwggNLoAMCAQICAQEwDQYJ
+KoZIhvcNAQELBQAwgdIxCzAJBgNVBAYTAlRSMRgwFgYDVQQHEw9HZWJ6ZSAtIEtvY2FlbGkx
+QjBABgNVBAoTOVR1cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmFzdGlybWEgS3Vy
+dW11IC0gVFVCSVRBSzEtMCsGA1UECxMkS2FtdSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkgLSBL
+YW11IFNNMTYwNAYDVQQDEy1UVUJJVEFLIEthbXUgU00gU1NMIEtvayBTZXJ0aWZpa2FzaSAt
+IFN1cnVtIDEwHhcNMTMxMTI1MDgyNTU1WhcNNDMxMDI1MDgyNTU1WjCB0jELMAkGA1UEBhMC
+VFIxGDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNl
+bCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRL
+YW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsg
+S2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3VydW0gMTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK91MDOqu2vTmSwSN4TZjXuXgNNu5/+bUJU+kJVWQtcZfCaEjZL6
+AR06D+JkOLeMvOiI+Yskqy6j9TfkQI4YJXmDdR87/2yoxcZW+LTtikSjq2xM/B3Q3O9ovc/k
+qs7wVfeiNNSDazd8HML+tQPsV868tLXF7QAPUzcqTfRPDIP7hs/L/oxOvYf5p4shV5x63wNn
+iSydl2GnELhVkH8OLSc4dN/n/dpOEuNNFSICyODg/A+titfJVFDMOw/KFoCE0FFWw45Wf4ki
+My/mhQq9pagbNt7T3CxtO8cTvVkjLOblpPfYC+3qkEBEqJW7k9XQgDS2RngOHwCTRuHu6fns
+TxcCAwEAAaNCMEAwHQYDVR0OBBYEFGU/x4qGxjzdPFRcNfg67VIMR1fIMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqP+HxMo6u4ZhcS17P
+ax5qCdIiqRLHXld9c1ZkgIR6k+QJuRDNnyon4QB3vkjINaiBn+S4LMl/DrDSSzdd6rnVC140
+vfRzKcPtJhWcfghTiliN0Eso38Gz3yDz+ePjOt/MnJTYTk/Daxe393LorWYztSVTq+D4TKmd
+/fINuq652arGa/mTu66ruJc8Axq6Q8aWuUVyOLOnoZY9kXt+wCFTTIft8gtUlVGT1SKlDYrx
+kw4+VA6w2MlO3PIxMlbqZPnqtZ0WZkJy83/TsTFD/KSOF/FtI6uUZvit+w8IbiYtfxcHCbKM
++1DAn5aNz7b9AJ1aFJq/AkT1wcKfIl6iD6HjAAAAAgANdHJ1c3Rjb3JlY2EtMQAAAXwQWa1I
+AAVYLjUwOQAABCQwggQgMIIDCKADAgECAgkAhIIsXxxi0EAwDQYJKoZIhvcNAQELBQAwgZwx
+CzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw
+IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y
+IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwHhcNMTYw
+MjA0MTIzMjMzWhcNMjkxMjMxMTcyODA3WjCBnDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBh
+bmFtYTEUMBIGA1UEBwwLUGFuYW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMg
+Uy4gZGUgUi5MLjEnMCUGA1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5UcnVzdENvciBFQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AM+P4BG1n6h2dtvfD1Tvc2Mpgq1HxqNr7f5fM/hDUekaM5ExF6B0xNSnAeaykj5qne0O+XSY
+QNM/A4AGgkDoseKnUacdgyZrq976F5Er2MasHrGeGQHVl6bqDbfEVR8nfNII1XYfKRWHQDnd
+OEURddCapzTgv83IUh25R34NuLvGDPZzVxZafkORH1U6xm1EBKqcqZynTIkXg66jBF5SgIse
+EiURGdcMfX0xREHq26+wHO+B0CzFmiGbPe1CO1Am8uzOcWEGYiFUTn/BnT5/IIyAyyrYl2LI
+gzORfbCiWg9X6DvM8iWy1Hwv7E3GoToVeue2XTX19khKNkVm1LqYWMECAwEAAaNjMGEwHQYD
+VR0OBBYEFESeSPXMbUjUoEt//lkkL4OXmZqGMB8GA1UdIwQYMBaAFESeSPXMbUjUoEt//lkk
+L4OXmZqGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
+A4IBAQAFPjVcFXCbycdzYW9yK9TCj/JDXQLOxJS5lBGDZ13iZ2x1dr+7DKo2xq1Hk2PcHn7W
+3i7+6RkyOAN/FPYAcyxZsSEG4fusGJUMo/+ZlvcrJ5vVJMwd3cE64JhEsMTkPnexc6lkLPYc
+AXw/XUWFwIXnJY+V3BfzPJ8abrDK4x0q6Uxj+iRhYtbafrYcbPUCHdQq3VWQ6yoRRzwuXnSy
+giKlfVMfRewnkX3nIhbowGg22MbxT4BEMvnh0dEdqt6oq5wEr60gDmSYTaVrwEhYlmlN3AeM
+UZOi358PPYtgtIKNqghOYkXg+QvS4OA8W95ccSclwuYDgYsQU+PHVaK0n9fmAAAAAgAPZW1z
+aWducm9vdGNhLWcxAAABfBBZrUgABVguNTA5AAADmDCCA5QwggJ8oAMCAQICCjH15GIMbFjt
+1tgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UEBhMCSU4xEzARBgNVBAsTCmVtU2lnbiBQS0kx
+JTAjBgNVBAoTHGVNdWRocmEgVGVjaG5vbG9naWVzIExpbWl0ZWQxHDAaBgNVBAMTE2VtU2ln
+biBSb290IENBIC0gRzEwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBnMQswCQYD
+VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s
+b2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJNLu+lmiu6dW9U0k9AbHsPnnrhkM39jeGi0zS5xddeb
+IMZNKby2aGCK9yGaVjVa83a92M2a/5NWS6VZBqGTNCndFjR1TvKBtMeWTq0ZFVJK/jxwdXDN
+ryurFZozPKqzi6rNQ/316nD/7c8RO5TOTjIW0yNAKnezrzwBLGztmSyL2U5pmLL3j0GwMnhh
+1g1fw/qiQJIdXBfmcD4156K3wmLiq6Q4TLU5NW/qA2n6OlRohW3W8i9DVR6RDQ7Y1WqkltET
+PCx4UOg6ktIXVuU1GkAcPo0s7TnfQuCDQXTfo83ChmBIaONpC1QAi+R2aSENeU40CF4Uwsyx
+t63XfHCKx4UCAwEAAaNCMEAwHQYDVR0OBBYEFPvvDYaesOPdqbnxIRd/PvzwdysaMA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBZ//KM9Yd9
+cT2jnxtb0dr405xrNr2bqWHr3hYsdD2e5nXa17qnvEIX5z2R6+V93T6c8c+SrGxIzMIiP2k7
+xbYVL6M1xmgqHFevOe+N0DXDGAx7AFYczYsZdN6+DxLg0KqhPwI0sXDOnRjWCAMJRu5g4H62
+xEkEUX1wYLyqsv95cnqmHT1fKvjK4v05t0e5637fBCOv+pwGB+n7Y5OAQLXGbAoxKM4Mn8+z
+IzWAQY1sxDd7gS+AoUBChenZOI3ooVPNAb9p6FoG8kULkPqu4b+d8q5XPKWuslb0i2VA6f0x
+gSz0OQnY7muntKYdFaWY9wGB2IV981FccYjeuswfgH5KAAAAAgAPdWNhZ2xvYmFsZzJyb290
+AAABfBBZrUgABVguNTA5AAAFSjCCBUYwggMuoAMCAQICEF3fsdpao+1dvlplIGUDkO8wDQYJ
+KoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQ04xETAPBgNVBAoMCFVuaVRydXN0MRswGQYDVQQD
+DBJVQ0EgR2xvYmFsIEcyIFJvb3QwHhcNMTYwMzExMDAwMDAwWhcNNDAxMjMxMDAwMDAwWjA9
+MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwg
+RzIgUm9vdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXmK2987yYFJ6OBJNpv
+ywH5mZqpMsIih2FBkTvLw2gbBsVMqSvBZxciHSvt+SmJk6J4vZJroKMNon7Kk7Om0Yw11XX5
+F/bPRcXleux3k6CPI64OGgN/vtTQ7S57q0YjW/8s5lR6lMAqFfDJjbB6OyTh12jiMTwGM0a2
+VBGmpS8iVCpYDQEC8foVUWdswPrXtht/0VaILxo6jTu7ghHgRwDQUoer+4Z+DyRrQJ00Z7yN
+xy2Gb3k+jqk8F0t/sJnjsHFg3Av1ZMPOQ7xtcbnS3idbiujYxq7hWX3PKC01uJVWGvGyWEu3
+EjfIfLPtS4DhjfoyI7Zvt0iVCLFEToWMOgJUIC/fv1dPOzqQIdfBJjVUIOzHP0fs71q/S3rB
+rTsXUFxi2A9LStwr+m68c5LN7MdQ6EGW16l+bdjpHY+KtblYkrpKkisMVv2A6wjwXiluGxwM
+r4+Tia3bvaOeIcqJGezftcMa6xb+eDZM1m7QPhcckBdrJrr7ei+/ERwYDi1zA4+g5TWgWuJM
+dR1x4Tk4U3hAzIOT1wqenVuPiuTl4EjkSLJHzU4qdSp78iL2yb4JkZZXeoiIrO5wrPncKeMM
+HDsSTkTWp06wJsjz2RqXkWjq741GBtJWRViaPAwPg7gFJcM5zzukNIm3eRIvR8XnqZdp/KZ3
+Z7Xfe/F6ZRXkYVZlAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBSBxIzM9eQw/6UMCF+MFWchdAHf3zANBgkqhkiG9w0BAQsFAAOCAgEAE2Ui
+9Y4rrUTky/+5aObDgEg9BHv6Iy967Tbass5t9uae5V9Yj8s3MqHIZbauOD01Gz68O7YE0Lz5
+SfWb94XFNrbLvPjIOdXkXwe9FVSXdMrK7U+6umR2n4G4hEVJTI1vouuxzNHDlNpEwubi6hjo
+oh8nBbrX5dapzd3vdpiNAA7NG/oDt46AWA4nP1L7lKLKXmXJ1oTauTVx8ybAT3fmgSfSdzua
+FG959PbQ4dOUutBXUb0nBQ3B/cgSMO5vjRErCJ3U1L+ARRSaiETaMOq0p+Pu71uC1T7WrXiS
+21w889it+rhrf8Q2KLYCFYpULJywF3OO0DejFDyYlQAMKQVbnklJsV/H48vPJ2WONRe3V8gw
+2UFbuRS26MIPlDGnlJjMauu14Sf1EKgB6I4SYuiIzLV/RpfAmxBmOBo2Rl8iaD3fycYTJ6tT
+BqyiPIYGZW+xfrEpRJqjuklpKGmP1+VfrQSGZG8aoAzFCGLOgKPQ8+xo3r4zxxdbf4DETEyx
+poSKwzu4Cc0UgboY41RXNv7bL3xHoTozyPlYO0RPscoCiQSWKGjFS7gmibvWMy9Q1f6aiboY
+MpJUxlvgnfle5Q0im/ba4sghsmIhqoZAsi5k01/I434RZ0UfBf7jou+zqLPzfY/4DB8iHy1w
+tLgBNHYwAOUjeKdW11AfivsG9cIZ8NAAAAACABJlbXNpZ25lY2Nyb290Y2EtZzMAAAF8EFmt
+SAAFWC41MDkAAAJSMIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQsw
+CQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo
+bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcN
+MTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMK
+ZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4G
+A1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQj
+pQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyz
+dc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQW
+BBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB
+CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD+JbNR6iC
+8hZVdyR+EhCVBCyjAAAAAgAbc2VjdXJpdHljb21tdW5pY2F0aW9ucm9vdGNhAAABfBBZrUgA
+BVguNTA5AAADXjCCA1owggJCoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMC
+SlAxGDAWBgNVBAoTD1NFQ09NIFRydXN0Lm5ldDEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVu
+aWNhdGlvbiBSb290Q0ExMB4XDTAzMDkzMDA0MjA0OVoXDTIzMDkzMDA0MjA0OVowUDELMAkG
+A1UEBhMCSlAxGDAWBgNVBAoTD1NFQ09NIFRydXN0Lm5ldDEnMCUGA1UECxMeU2VjdXJpdHkg
+Q29tbXVuaWNhdGlvbiBSb290Q0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+s7P+f9Ntse8WfFelDG12ii9Lv2T7TO6K8PMpfPX/7irg6em6W2QimppvLDomaVEFmSbc1Rxq
+ccaafR6d3XxsxoxnZ0o++HGwGSepCQymlb9LjAz6VZg72OgioUtxOHmsl5Jps4l+6iFoBpgU
+lofSYTa8bSdWnlfuwMBW/TLPpNmOwiPXjajz2CWsl+RwOPS2OrSdO5cmQ6OhvElZckwjMIcB
+WPZOvhxoVmavzUFdyLNNKlVGqx/aHuJAPdvNfbmSgJw33QyWZJ3cIvdki99h3hWUUhWgfVLJ
+S6ghycax7cvDlWDRD/CrcPjfy01+7Nb6q9m9f1Typel5+tnWdiQocwIDAQABoz8wPTAdBgNV
+HQ4EFgQUoHNJmWjchVtl45soL1efvTO8B0gwCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADggEBAGhAqai75E9debMFtRezYBPrxpJd4NHTav77vpttv8cF
+bVkgxBzwt9qEWAJj+kgW70+lC/dKmPI/nhutR2tjzghH61I/eJyvTa741U/PmpgqEEE5UsTd
+2ZsO75MBrrIuymhCJEJssLM6Ps3p2kjEFcvp+QcPklBJit0xl1/J6TeqO1lll5QyybOfPjpi
+WMVJrWIOcaUyqi/GiXZDQBMTZz2iVCUQy/E68tn620lWu6b+p0E1w+CIYcmIx982ECKYWeqw
+SvtWFnNurE33IqFPrR16LUUn5TDBXvLaE8slQlGVRwOMbCHMdELtU/8zi48PVwEWL8+m7slw
+IhS9/b5sCwMAAAACABxjb21vZG9jZXJ0aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVgu
+NTA5AAAEITCCBB0wggMFoAMCAQICEE6BLYqCZeALAu4+NQJG5T0wDQYJKoZIhvcNAQEFBQAw
+gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
+B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYDVQQDEx5DT01PRE8g
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5
+WjCBgTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9E
+TyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANBAi4ty45Eb91HBG1QEmNOpv8Hmil07h/u7iM4N4y8/BpbwoilQma7bO6FXsHRRcc3t
+QpFNQf6pyNhqhndEu1lml1BetNQscETP2jeVQmk8MMRxs1LwIU2h2Lo5fByeoySd8oMWmKoW
+fEObFVu3rjSR/tRiJhhGmj/rwfnxkFfrrHoNi9tyMGpm1eBGo3DcaNn/BEiJd9616ftnbUHp
+vDm9MtliAvGxqD1uN5ziL+LToiaLxrhVQ4jhIz6l0iQ5akerANShs6kl/g0/px2601HBC6Ta
+rDjvVVAkBWVGkzRPLY2txtQhGdKOygVhcQdzR+WKGRK9BE3OTpylSKy7JvcCAwEAAaOBjjCB
+izAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAD6Y
+npv2G+nXObd4rh1yGEnTh+RDgus/yar1qLXvVXwhUmX51Q3hbPQ+jJNzkS4CxE4HcW/Ajzhh
+CKgegQrALyAvQYuR3EhFvPHG3rp2azPIAC0xRkzt553PiJT/M8BW6CSGJrjYODjfKmvdEszH
+P0cXTKLCBpYJ1tv+PzxGQd9Y4lYPPDvBHJM12ThSrO7I7C4wTpQ1tCQfS3hp2vICOMyVUpPw
+cCVZnCBnxO75i1dh9JJ2fT+EjVW36OWs1fH1GVamWvuQHK+T6+Uc1GeXXQQOvguDpheDuTAS
+oMUzFQW5DfvHBXbj2EqN/DQXo8YhKL4wRTEex3i+WGE4rDviAWUAAAACABF4cmFtcGdsb2Jh
+bGNhcm9vdAAAAXwQWa1IAAVYLjUwOQAABDQwggQwMIIDGKADAgECAhBQlGzsGOrVnE3Vl+91
+j6CtMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzEeMBwGA1UECxMVd3d3LnhyYW1w
+c2VjdXJpdHkuY29tMSQwIgYDVQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMxLTAr
+BgNVBAMTJFhSYW1wIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDExMDEx
+NzE0MDRaFw0zNTAxMDEwNTM3MTlaMIGCMQswCQYDVQQGEwJVUzEeMBwGA1UECxMVd3d3Lnhy
+YW1wc2VjdXJpdHkuY29tMSQwIgYDVQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMx
+LTArBgNVBAMTJFhSYW1wIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJgkHr0VtLrfx4ylJ7Y4C2nztk6oLC4hHVxE3yFd
+fiN0/l5+tEq3pq0fruAGFuKbW9lndGtdgI8pnYYb2ZwNmG12EChY5GWwf0qYeZ/gwzF+gCu1
+jMBAOxGG0MuihjZgpNUwgm3ZbtAPEgQzl19PYVrw5PmRq+cdO7zoz/RrLTR84khhHI7zYUTM
+b6BKqZSwTdrnqTR6cjioQcw8lBF968imjLeGy8ozO9k9N4v7ej6GLOdz1wpXrGSbGev0DwQI
+iqwDFxlk9FolIo00LLL2aB0SbdOKHhTaxI+m4iOF1XoNvWrg6ezsF7tCG2eqJe1FgyH8wcl8
+1WI++vLFLdP91GUCAwEAAaOBnzCBnDATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMC
+AYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxk+iPQZjhAmczmLkBKyNXLXpthswNgYD
+VR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC54cmFtcHNlY3VyaXR5LmNvbS9YR0NBLmNybDAQ
+BgkrBgEEAYI3FQEEAwIBATANBgkqhkiG9w0BAQUFAAOCAQEAkRU5AwEbZ/tKHPkKYFuh2k2X
+YvkkUyfXgmROkC7DSRsrmtz8qHhnNfEd8BG9t0jjEPYN3z/SybaqVaRIugLb3lkuFVs7nRZ9
+R9c36l9NdhI2ux/XoYEERiCjLG2pngF+PynOAJPf/cmSc4mJZJ7nK+QckSzSuc59zm8xmdPm
+vtIekPAJFHlcI6tN0tohH02ZeZ3hzyefEJsciA2wimRBMbgObJAkpJtccY+6u34cG9tqgA8h
+vOnbprdA9LKLqbHk75oa0D1pme6oKKPhPLPwshGcz3xA5t3nQ32i2Dq1qY3yNJnE1BDhBv0J
+hBA77sRM9OwnfELCdHyCignJtAMlvAAAAAIAEXF1b3ZhZGlzcm9vdGNhM2czAAABfBBZrUgA
+BVguNTA5AAAFZDCCBWAwggNIoAMCAQICFC71mwIop9t6/9Wjqe69A6DPEmodMA0GCSqGSIb3
+DQEBCwUAMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYD
+VQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwHhcNMTIwMTEyMjAyNjMyWhcNNDIwMTEyMjAy
+NjMyWjBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEeMBwGA1UE
+AxMVUXVvVmFkaXMgUm9vdCBDQSAzIEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAs8sOEGeO6hSXpzIqClY2f2hMx7NvOiMUkf8Zf6XKrO6zdp166Ysbq2sx2/oLU0yvxaUa
+eTyKTP+s3yXeTtmCMgtE3srbjKyjbhaDO6ZkSzKJ+xYWOH7rQ+LTdErCYgpzCt1Js1fSsAqF
+nXE83qPLwDLzATkgQxs10VOzse7Fk2mCPha1KEah3uqJCe1DuAVGiob1WUe+G28BIRC5/anS
+KMoQOQnKEzbPnK2tQHR5KwI/NP/6IGl90+5h9bqz5zDQNyOGcmFFKUhZaG93pi6BvgdNb6/O
+xEUTkRRwBo8fn/iHabEO78OJGevqHGH8emyK3NYDC54muhLd1FQ5qyajM+p1gdotzQ9P5APR
+7xWXG2uQxQKQk2YCIbFH3ouaSoC5VY+1oi/A1jNn2n7Ep7QEROtH++ZYufcM8HsrscBwKcNA
+Yi07SGncIzxI63sJealt2qgwmM+AcgOIpltGrnJ5fAgDIWWut+EcpbEqojHeZgT3wHTocd7/
+PVnMliYSi4WVVxqra3ULRD0RKDx7Ybfij2dP5ew8TGCAaVc4HgFbjVXox9/AzHcjNEl1fPaY
+Eest3u1BLhQFAn/g/iDrNecRrCLOVz3eyTBtEAOFzfH/jBa1wbI+iGxgf5BPlff2La0BOQcE
++nWAfb9JUO3vycR8HOuAftu20N0T/snTnNeyl6kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMYX0Lyo6gJD8hsGmV0rkCC515zkMA0GCSqG
+SIb3DQEBCwUAA4ICAQA0YdlWtRKHVU3dozUxRrukB3K8X2Fi6KX7CzexPLaz+imdfwL1pMmo
+k7d6cShpj3PhUpDa1b465bd2alaAId9d5uk6nuU+9qJpxyoKsBhH3CBwfVKjPll8wbrJyBVA
+Ycpy1nCs0rfwHOSGKfDO72hj0LUgihVhmn6GmLTJwnb7zLowFsyjYcZ0E+Vr76MV6gP+E4tk
+5NPB0uiE+0nREE15Zuuq/fSNMR5wFK3c3mcTTIEVYby32ZF3cRmBYLvwWKW1nAv3jyJVJ8BL
+AW07mQ3UHZtjZy/Q7g3KZryUT6at7fzuY6xXP2Ulz7KGj9AI/7h2FG7e5Sfsq3i1U7m2P+gg
++dKovmFGyoeMhPP58aBomyIegSabEASRccAGH9yg07lWp+OYLX+Dnd+MK5wyjjKU8AE8Iiqf
+Q8Iuw5g5Bzh7/F4AQh/zMiZ5g4T25fDBURLACx4EIwxUpUwvScVK0bZuYA1r/GuLhSRkt4kO
+qyVHWzzPfkm9x+kKxtr3fg4XCNNIl9BxkvAPOT40ahx92PIirrtp9DO0pkhV0Q8OJujstgst
+p4U1zf1ZyJ/RzT5aKTS5PYTOsWXUWZGRVnUhwXee+XrhYJ3TrQQY9HzrXpOPU0oiKfhIKz5N
+hqxbf8sGmVlg2FhllY1E0fd/fid/fa6A9QdMtj6ccVSZBEv9WPmY9AAAAAIAEnNlY3VyZXNp
+Z25yb290Y2ExMQAAAXwQWa1IAAVYLjUwOQAAA3EwggNtMIICVaADAgECAgEBMA0GCSqGSIb3
+DQEBBQUAMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RDQTExMB4XDTA5MDQwODA0
+NTY0N1oXDTI5MDQwODA0NTY0N1owWDELMAkGA1UEBhMCSlAxKzApBgNVBAoTIkphcGFuIENl
+cnRpZmljYXRpb24gU2VydmljZXMsIEluYy4xHDAaBgNVBAMTE1NlY3VyZVNpZ24gUm9vdENB
+MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD9d6qlHJAFO8tMmzOLWhRFpOeQ
+FtHfV9IhEKQX/d+s1h+n5Nt89+zfuAPalFj9XXJ8jD9fAWd0FZbjAjyH267LAY7C82bGhUX0
+AsY6tWKyr/qcv6Tm1IAwmPMNtpOPqdTYNvKw/IrKLKEVM5Ux2sAb8u5imYZjP7/dkyqDqHa5
+Ex+3zk5ChY8i5y4a8pUJsgW1RE53oSC9qfJOCn1QrfUFDUVPRnH9KD5T+wTYLddlHUob+s87
+sDGaNW7IiwbTAJHylAhlTLE0BgB6ieLwxwNZz9XW6Kcys+aYQIbFzScSi8x7zrcRPGJgByM+
+K0BulIAJbbazb3dvNQhQ+wKHxT6JAgMBAAGjQjBAMB0GA1UdDgQWBBRb+E1PsqWG1DrS8WOa
+oL4J9le33jAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAOCAQEAoKE4FmYup1YfIZwG+h3tuSLFOCbYTk/so3953kYhoYd3jwcImrKkxa8PMpgLfGYp
+tpt9JVJJQ6tMLituenCvFg7jAmz7QuYYnUXYVcjoO93n4fQuCxw0XGxYSvuMiFBflRy/7asi
+tWWzhbqeD7it5XobilA6Hb0NvHtUUAu5Qq9VoBiBrWWZ777knL/EhatBslRv3CXN7XjijgyN
+CUndY3taaZYCIai9UlnpfTXLyFLKf4H+2WvT9xHtJd/45/mk+nKXhFMNpdAyGFF2WRRsD+vs
+X4CMdUODw4WY/0yeLQ3kd4OTTrWWB4soE5uMGY1BJ0lA7t7mI0Q53KEi1roD8gAAAAIAEmFm
+ZmlybXRydXN0cHJlbWl1bQAAAXwQWa1IAAVYLjUwOQAABUowggVGMIIDLqADAgECAghtjBRG
+saYK7jANBgkqhkiG9w0BAQwFADBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1
+c3QxHDAaBgNVBAMME0FmZmlybVRydXN0IFByZW1pdW0wHhcNMTAwMTI5MTQxMDM2WhcNNDAx
+MjMxMTQxMDM2WjBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3QxHDAaBgNV
+BAMME0FmZmlybVRydXN0IFByZW1pdW0wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQDEEt+pX/5B3d31n4rj9qzhPHiavNjwf3qgMyrcjSBbri1v55PZNnBqaM+OUaOFW2cEoBAk
+b10ogsGXV9hIKRO24b6RTd+FDFMYmh4kok+P8KKFC8v0KX/SpFjuJk3Jqqh7mtn6ON5EVxXl
++IzI2UjiDRYnHR7Ig4Ult7qqVUHMAyJLLZGNi+aJr2bH6f8r6Tys2tKzw+FonIn4egBW3vRV
+lWz7umTdYovfC3cy62LMJpqbu6pig0y0BnowyCm/7QZNl7kcxDEr1V+8UxIXnJlXKWZ3YSEx
+By4lSZ0Y8u7zK3GMtbo5B0l3/O8ukpAFjS0vd3vvQ781u5rY+XOnLPLQV+4oTiZfj5BoCS+4
++NwG6S6aPlGn0SLECqc4SGyz+f99q4ZX47rWhXh3ukPqSH/22L4jbR6/0TZsWFzx7qQZVBr1
+A9J25uGMvTyz00hL4sj4f5KodkacQmU+pB7BBwNaRi24l/O31bJVIe+63EwAl/sUlSczv+hD
+R0bSCJkWYDuaftLm7Tjq7AEePEhWSQnHTDcAnogOwHPhb2bpckcwPhDlCwPJmkIAbMWUfmHE
+it9/ghoLWcRZMnezvGBpVjn9tAZ7LNZkNtm9SO2EH36lIo8quEL0grfUU5B4Ti0a/YFvRNc7
+AXSWQuAA4i5r6sXucqy7v/7qqqj43PayeYq2ZwIDAQABo0IwQDAdBgNVHQ4EFgQUncBnpgwi
+2Sb1RaumZVIRJ9hFrGMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
+hvcNAQEMBQADggIBALNXTRBiTjrkrOq4HK8yI8izSVpRnHYojXmqV0YX1fVS9rdE6AhEvxiE
+0guAzcUS/QBVBWGHQdy1JJ48xNjI+3CeL3iWgyA23nwPaROIpXU2mAimxt+szuNY1rc+3rrz
+6zRA2KKB9Xg/L9Wl/Nmi1F4EDhet/kHw5bJy+kSCM0LoLVj3VoxiP7pCsJwMXH4uZSZcU08A
+snh+oQ2ZLY24HY6ixLD9YNAwpI7IBGKpxO013nqX7Q44XpIvk3ClqZxvp30THX7GCEixXmfr
+UQgl6eYla1IpkZzSOXMIV96ZBrRbnRAG4cIAqLgcSgIKFNDBQcr7jDUhfYI48qlUkRk1k5Rt
+ajrFstC7iYaT6JvJDzqnerih8HhG+vw3L+WKhPPf/gTZoWigLyTiCZUG1ZXK4SSW63z2kwW7
+7XPpLdF1OdfnJNvYTl9Dj57QFDm/VXBImVcxtJzuSpgDljAfYAbuGyP+gWAjGkdihaXMGTSA
+b7OsGuOf8HtIrdUB2We2qXKT6i1mtbK45D08su9MjOrrB7+rNZpVhrwYprWoXrSDbGtpQNOf
+3PHDaWu54W0J9PGqUHYKen16F6FVlkKZMQndYBGNBTB+5o5G0Z0U2scX5AWWjMQktRvPFAey
+QPijnkGGvATQa5bIKoA0/b/vBqPdWMWFPT6P/p4p4La4CWgZHBhDAAAAAgAQZ2xvYmFsc2ln
+bnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAAA3kwggN1MIICXaADAgECAgsEAAAAAAEVS1rDlDAN
+BgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
+YTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTk4
+MDkwMTEyMDAwMFoXDTI4MDEyODEyMDAwMFowVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEds
+b2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24g
+Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoO5pmNzqPjT4p++/GL
+gyVr6kgf8SqwuZURBL3wY9HiZ2bPHN3PG0gr7o2JjpqvKYBlq+nHLRLLqxxMcAehPQowzRWN
+T/jd1IxQFRzvUO7ELvf86VLykX3gbdU1MI5eQ3PyQenVauOyiTpWOThvBjyIaVsqTcWnVLhs
+icyb+TzK5f2J9RI8kniW1tx0bpNEYdGNx0aydQ6G6BmK1W1s1XgWlaLpyAo46/IkE09zVJMT
+hTobvB40tYsFjLl3i7HbHyCRqwlTbpDOezd0uXBHkSJRYxZ5rrGuQSYIyBkr0UaqSNZkKteD
+NP8sKsFsGUNKB4Xn03z2IWjv6vJSn3+TkM8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3
+DQEBBQUAA4IBAQDWc+d8T3bQjb/suqK+NMUoMrV8/GycLCu9CZ5Tv2teqhFItuUIo7PKPWFN
+00YJsz7DoONjVRvyuu+tOeFDuTij5i+KJjvvoFBW+cYK/TjNxAtwUZSXmATfw1+U1RXJFEGc
+xF11ZBUN/1Uw7IaP/w3vLLljRvaq/N+8af0uEkhkmuCV8KbvKY8BsRW1DB2l/mksaSR4HrOn
+HHFi7srIl6wXXYrC+EeGbirEVjGV0GeJhSv5bKZdRp0MqoLkmVHdcLfbVj1h5GrhXNb2/j3e
+QcwHrmNSv1NT9Cvpx/2294JfhdJBGNuBswQcxR+kgG8VIMneDIgKHdZmVeL8SMkpJmngAAAA
+AgARcXVvdmFkaXNyb290Y2EyZzMAAAF8EFmtSAAFWC41MDkAAAVkMIIFYDCCA0igAwIBAgIU
+RFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCQk0xGTAX
+BgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBH
+MzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYD
+VQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
+ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rj
+yduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy
+54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAq
+MaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscf
+rf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB
+1PLKFAeNilUSxmn1uIZoL1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt
+9DTEceT/AFr2XK4jYIVz8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0y
+kRVKYnLP43ehvNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9
+Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4B
+rTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E
+FgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQADggIBAJHfgD9DCX5xwvfr
+s4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66AarHakE7kNQIXLJgapDwyM4DYvmL
+7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHB
+R//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeI
+yUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/J
+HyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jw
+DQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtddbIN
+WQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWDzYWm
+3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
+JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd
+7EgrO3jtZsSOeWmD3n+MAAAAAgAVYWZmaXJtdHJ1c3RwcmVtaXVtZWNjAAABfBBZrUgABVgu
+NTA5AAACAjCCAf4wggGFoAMCAQICCHSXJYrHP3pUMAoGCCqGSM49BAMDMEUxCzAJBgNVBAYT
+AlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1
+bSBFQ0MwHhcNMTAwMTI5MTQyMDI0WhcNNDAxMjMxMTQyMDI0WjBFMQswCQYDVQQGEwJVUzEU
+MBIGA1UECgwLQWZmaXJtVHJ1c3QxIDAeBgNVBAMMF0FmZmlybVRydXN0IFByZW1pdW0gRUND
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDTBeGxWdA9CheTW3OjySesoVHM1i85wmXAc95VT6
+o9bMEur0FF/ojhmrLy5I5qwYQ3is0DfDvbLNLOZH4hrmY7g9Li94xE/b9A+kaExVcmuVHU4Y
+QpV4zDc8keKbZSspo0IwQDAdBgNVHQ4EFgQUmq8pesARNTUmUTAAw2r+QNWu1jwwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwFwnzh4hQWq/I
+wEK/R1/1bGqG4MQndOQ4U9cFfxs048Yvs8oJPDed1+e4RvH9oeJxAjBCWYdD1FHfutMJMlrO
+iH5XPZxfQmv1By218IKT+VlvrmT6WOWLHuNjvrWBzW8CjHkAAAACABNob25na29uZ3Bvc3Ry
+b290Y2EzAAABfBBZrUgABVguNTA5AAAF0zCCBc8wggO3oAMCAQICFAgWX4pMpewAyZNA38TG
+riO4HFqkMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
+bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UE
+AxMXSG9uZ2tvbmcgUG9zdCBSb290IENBIDMwHhcNMTcwNjAzMDIyOTQ2WhcNNDIwNjAzMDIy
+OTQ2WjBvMQswCQYDVQQGEwJISzESMBAGA1UECBMJSG9uZyBLb25nMRIwEAYDVQQHEwlIb25n
+IEtvbmcxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs4jX6s4PIE6+5tYD
+be5Z/MJX3ylooYMOPmjHaFicHGBLiUMMudQVsu7BTnXptafv5ek1meTMHOdLX40zMCAzU9mm
+u9U+E47pH4dJrVAtUMoYvgFYohNwlruJiFaAXPi9LDzhTFeIu9O5le/Lx/baMXQopuZUifVB
+McrlJhrNguBw2jspu9UD9Zm6VfVk0WAOs4lJuIovBdKERSh8j2hQEnj8C7VTy8KYHISjnrC+
+I6Ta3MgrHtpuRR6JmNr5AC4G6Qw7cNVQJYiZy81zYPfV/zVnxaG8XqvNSrhF68hoHg0NFEYS
+49JkYopCmLy0xggI+P2oTGScdgG9L6lsMw/YPyi4PGkBQoZ+acHJBsrlekZl6cLWUEEuP7fk
+7WzXvyYBEaIWKUprNAaQ7BPStvtqdtI87fDWLd3hFeyjmy8syT4r5Gk7/3IlsTaGW8d/a4tV
+G0rFIGE9rstQ4Qg6vrCPY0FTMAhZPJgdd7pjkXrKEFBgv/DXvJWHj5fF/pdqAZSjfFuFHSo5
+OtBUodE5cZ39Ifm1e/Di4AKPbpYkJSygHiyoxImn7+2ZBi+2CkxP26LMNxqvR4Util/ENDRM
+AP0Yk2cT0TfmSLSLBsVXexmGCnnLAMlSr0L/N4/hox56PVCrYwbnFbU/tkU3lDexfvJIw3/F
+df6XjUWPGqcacigaQA8CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHwYDVR0jBBgwFoAUF53NHovWOStw01zUoLgfsAD8xWEwHQYDVR0OBBYEFBedzR6L1jkr
+cNNc1KC4H7AA/MVhMA0GCSqGSIb3DQEBCwUAA4ICAQBW1Xtu5iIB0kKbGNUO12YjXOP+oMeS
+0umUrUuixuwSfHTVSNJZFJnA67nR6/RIMFutp1dzmanT5bfRLlkkWNxoLi5i2GrkcAstIFAg
+pDKV0QCYu9P99zLySa7GeuBHvm7Oy6NyOi1pXcvI6EU51PpCwRFMd12S+2r/WETl64Ger6CZ
+rb6pAWbLOB0830Mf9E1utLoXRvx9/YeBeWoNMw/6L/gUuYCzXU2ql+H55BjF+NU4jCY8/fIo
+4u5aSYgs33k9jp6QPL1BSjrdW/aatM4/JTB/Mn2iA5TQ3HqhUt5uk40YJv1VrL2Pm9LPr+eG
+LMsfCW+jb6mE1HO/TaF0G04jYPLMDqp/pJxMJaiyZjs4/9mUMPZyhL5oVRAPxnMsFmmTB/6x
+Re27olVqsNq1SgIlJ4XXt7eGRBaJbIArPpepnNV+VUzG3kUQHOrpO58DU+7uegECFnjU6MK+
+RnaIEz8iu0gSHVIAtAJ+IRoenCX08z1eHtIc+bMttvc3XMbLIU6w95lHGIXBK7pVrgbq0Aey
+3KvQgpZ1ztJQ/pnnzy+f53bRYSr7Ibsx0KqfR6SyIsoWOlBXxFtDZ8VlYgNJAetD2dj4nq3P
+sWMORfSgWiybLcWmwK2oR/QnTDgNLhtJO1L06IiDK1Qo1PI1UrQyg2JpZAyRnJ+X6nQW/R8R
+Bpqb9AAAAAIAEmUtc3ppZ25vcm9vdGNhMjAxNwAAAXwQWa1IAAVYLjUwOQAAAkQwggJAMIIB
+5aADAgECAgwBVEjvIf2XWQ31BAowCgYIKoZIzj0EAwIwcTELMAkGA1UEBhMCSFUxETAPBgNV
+BAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0y
+MzU4NDQ5NzEeMBwGA1UEAwwVZS1Temlnbm8gUm9vdCBDQSAyMDE3MB4XDTE3MDgyMjEyMDcw
+NloXDTQyMDgyMjEyMDcwNlowcTELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRYw
+FAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4NDQ5NzEeMBwGA1UE
+AwwVZS1Temlnbm8gUm9vdCBDQSAyMDE3MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEltw9
+itiwe2/GJ75EkLGzVhV7jkMkfRqEWe5jaLLGXofQFUgeqJCtvVOi2t46kKZgX2gytYZB34db
+LHvF/nx62qNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FIcRFQjRqsF4DLGvzsbJkO+/MATAMB8GA1UdIwQYMBaAFIcRFQjRqsF4DLGvzsbJkO+/MATA
+MAoGCCqGSM49BAMCA0kAMEYCIQC1V93XilULNuGGRPrU2WiNuNwjiooN1C996nPsv01sqAIh
+AMultBL657Xoz36T/PM1j29OWny0vE6y/HKqW1n559wxAAAAAgAfYWNyYWl6Zm5tdC1yY21z
+ZXJ2aWRvcmVzc2VndXJvcwAAAXwQWa1IAAVYLjUwOQAAAnIwggJuMIIB86ADAgECAhBi9jJs
+5cTjaFwbYt2cLp2VMAoGCCqGSM49BAMDMHgxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1U
+LVJDTTEOMAwGA1UECwwFQ2VyZXMxGDAWBgNVBGEMD1ZBVEVTLVEyODI2MDA0SjEsMCoGA1UE
+AwwjQUMgUkFJWiBGTk1ULVJDTSBTRVJWSURPUkVTIFNFR1VST1MwHhcNMTgxMjIwMDkzNzMz
+WhcNNDMxMjIwMDkzNzMzWjB4MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAM
+BgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJB
+SVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
+9rpXU8jKq982SlIh5JfSg2ee8GVR0F6Hx0exWfJXR5sAApNEF2nbQsexsjoYDrRdjLNmXaE0
++TYsSdvzRvyzRGlEE2b918X9rzZNzgNNB3HPr2oF0qJDWgpSbwEDTo6Lo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUAbkv778RhmDyT9BBbqtzH+fS
+bkkwCgYIKoZIzj0EAwMDaQAwZgIxAK5K4ytAw3QR8pWtFiPeTgwa5l2lJF5rRHv8OOJPy5xF
+FxFMFCcmVTl1SgPME5CfkgIxAPpKbGCIc/PuuJhiqc4rwtmKpnAxHa+wlEzrT8bj0fNipzz/
+ky4HXEkBZ2kSAnK/5wAAAAIAEXF1b3ZhZGlzcm9vdGNhMWczAAABfBBZrUgABVguNTA5AAAF
+ZDCCBWAwggNIoAMCAQICFHhYXy6tLBlL4zcHNTQTKLWW1GWTMA0GCSqGSIb3DQEBCwUAMEgx
+CzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9W
+YWRpcyBSb290IENBIDEgRzMwHhcNMTIwMTEyMTcyNzQ0WhcNNDIwMTEyMTcyNzQ0WjBIMQsw
+CQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEeMBwGA1UEAxMVUXVvVmFk
+aXMgUm9vdCBDQSAxIEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoL5QEI7p
+8mxAtASchbkxytwt5BGpBDwbVcHnWDAdJLTD74XejCzhwT3fguZPrUeHbOxbScFK1buP7Ies
+f4Kahuw9A5lSAdI1nqza8FPJZjzUrAIB2iTTO6gCRq+kHOP4c1h2t/YOkA218M/M+vnGTOXD
+hjAKjRd+NevF37sOnMCNh+OIOIVn+j7Hq+ATnAUYmM+T9bGStPwj08/VxCdJ4J48mwiji10q
+IeD8OapT2n1+zxoJU7xdBQTPoUqPi3aCDaH40scUd1uQNgeBmz4G+lJeY8WmAP6l6VIbUrWS
+OXIDCWK9sGAWbqbdJcIDZt3zBNFA4k6LhvRv5YOgJ4ReBMH1kL0wPcTvqGm8OJukpJbRYtpp
+wAGWrsvEUTTqDKr/IY5Zj0pc5GGap9LpKniNUT06Fe6iWY6pXN7F+ZAi5YhFcd2RmWx6nz09
+mHxe9r4WaKBergsj/FoPqiJ2LcmhEB3k00QjkIifxirm1/Was1geLzCJCBtUorWYI+wIdxyV
+XWHRy4mcX6JKkZrvIapJFgiovWEoMcl0rYX22cWxi9HlEDJNX4sgOjxJHzOFWQ3bywl1Q2lz
++2txffDfxEx9xqMuyJV5y3Oijk5NJPte5AS+chumJy1JWpl611wJILd/lLlP8Q0cXohCGxG3
+55Hbnmz0at+MBpgDrcwo76VH81MCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAQYwHQYDVR0OBBYEFKOX1vNeohDhq0WfPBdkPO4BcJzMMA0GCSqGSIb3DQEBCwUA
+A4ICAQAY+lt1/D56x193x8rfz1/DEsRAXdQyqrhq19UVFUaYI6XmkFsYmUzjrUKjgjE2iM3p
++8QElkiLAceNAc9bMwaWRmZ0HU/twba5tA1hzGN+1y53jJYcKiNoa4VXdnAzE/7hT6Yjdxj6
+GozovWXJzz/0yRfc68e8wAQuLUYvaWbDG4/+7D7TypS/dgolDal7Ahyp0DtfC8CBOj1k4b+n
+LU69TcTYKcYiGNDFrHICgj+qOqI6Ipcx3Qhjw3UUuWAoLVto4BapZoIjUfXrU9gxm3vpt51L
+64gWz/ldOIpJMI/t8esZ9HcaMRhNZ1RsL29l+ds97CHsXvT0i8pgZVTRcWT0+aajgTM2M3Hw
+pHhfTq2DId40SY3oWayd8nZaNvIT9K/gCcdhKmz34J2uu4ZKKG8u7rR5zZAzw7N2+vXwbJ0B
+kPqekPaccs9H2sMf5DUgU/JU0d9hg6YC4iU43oUyLV5zkFJdQsTOPUvh+RmEHdWiUMxB+0EU
+w73WyVqjY2YCgL0FOjtHnOwAJkz1iFG/qCN/GAewC+2LJqFk02FK61yf3rOvZwOzH91tXWlo
+aateOux8abzHO4VOnhW5tBVPw5V6WNfJbOlsufMpY160LPAtPe1aZeCpW0DCSJmBbZ4fBio8
+ErSLD5uiJPCmjdZ64Eu2ZJZjlYTCSs0cLiSHM2DlwwAAAAIAE2hvbmdrb25ncG9zdHJvb3Rj
+YTEAAAF8EFmtSAAFWC41MDkAAAM0MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAw
+RzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+b25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzEL
+MAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25n
+IFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP84tulm
+AknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQjVrhVcNQhrkpJsLj2aDx
+aQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqrauh0ssJlXI6/fMN4hM2e
+Fvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDV
+yAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3
+v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8E
+CDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9le
+gYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
+l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5
+LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZv
+RZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti
+/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbiAmvZWgAAAAIAInVzZXJ0cnVzdGVjY2NlcnRp
+ZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAKTMIICjzCCAhWgAwIBAgIQXIuZ
+xVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5l
+dyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNU
+IE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg
+VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2Eur
+xtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCj
+tHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
+xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBl
+AjA2Z6EWCNzklwBBHU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDp
+KmFHjFJKS04YcPbWRNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1XahgAAAACABRj
+eWJlcnRydXN0Z2xvYmFscm9vdAAAAXwQWa1IAAVYLjUwOQAAA6UwggOhMIICiaADAgECAgsE
+AAAAAAEPhaotSDANBgkqhkiG9w0BAQUFADA7MRgwFgYDVQQKEw9DeWJlcnRydXN0LCBJbmMx
+HzAdBgNVBAMTFkN5YmVydHJ1c3QgR2xvYmFsIFJvb3QwHhcNMDYxMjE1MDgwMDAwWhcNMjEx
+MjE1MDgwMDAwWjA7MRgwFgYDVQQKEw9DeWJlcnRydXN0LCBJbmMxHzAdBgNVBAMTFkN5YmVy
+dHJ1c3QgR2xvYmFsIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4yLy9
+FFBmE//w03nsI/K3GseOhfESc6YZqhDbnKJldFp3PlF9VvbcI7bU7V9YsTdN1UkObvVqh9bS
+jNInxuL/Np+YZaATTsYqZJvVkBLPFAb0O+PUKL7oDvirTkiUbY6VMRBc7aItvdU6bbIcu2DA
+RksB9UmufkaK0HSNoQwCzu7854+4a2bzf0QAv2YlFCvdEDAdB5Y/TfZruI+3ewylOOveR9vV
+XTn8iKfz1yp08ehaojufULqmjEU1wlBlldxjgu/dv3dNnGLJY3MW0CkPSalI8LOqt2zFpzA5
+QF2uxOJdJlPwzhwjCGGolBm6BGJA7B84cHcSBnGnMBhdJSelAgMBAAGjgaUwgaIwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLYIew16zKwgTIZWMl7Pq26F
+LXBXMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly93d3cyLnB1YmxpYy10cnVzdC5jb20vY3Js
+L2N0L2N0cm9vdC5jcmwwHwYDVR0jBBgwFoAUtgh7DXrMrCBMhlYyXs+rboUtcFcwDQYJKoZI
+hvcNAQEFBQADggEBAFbvCiOgVE6Vl8n4idpFwdSjACX0HxOrt6OFWGnCMK3YFYot48nNgVr4
+cyNap3wF8/0iOw7RBsTbNkxzBI7lsCLkxfMupdkj47hOSiCnbgIknyJgZ3uLHXIJxTFc6Xmf
+gEc9raELBxQ9R/8DaRoMC0TnYyWnf7LJuHaE7SP2fQerRX7T37O/6Yq2zaiiZytS1bdl8DlM
+Y6CReZNSD1Tdg7uf0Y+nU3PDy/8w7HwEuNhEH5NfcQkit24+6hwDTp0aIGH7gTfsXvwKRavX
+5xdV0KDqYJum9uOMWynCBmAUnS2XTKmTFZ1hxAFfSNZYvVYxEk4RyCHgsxGRZdu0pog4zlUA
+AAACAChtaWNyb3NvZnRyc2Fyb290Y2VydGlmaWNhdGVhdXRob3JpdHkyMDE3AAABfBBZrUgA
+BVguNTA5AAAFrDCCBagwggOQoAMCAQICEB7Tlwlf2LSzR3Aeqr5/RbMwDQYJKoZIhvcNAQEM
+BQAwZTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQG
+A1UEAxMtTWljcm9zb2Z0IFJTQSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4X
+DTE5MTIxODIyNTEyMloXDTQyMDcxODIzMDAyM1owZTELMAkGA1UEBhMCVVMxHjAcBgNVBAoT
+FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMtTWljcm9zb2Z0IFJTQSBSb290IENl
+cnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAylu+lDOMKZWRFgqVvUdiwYnzmTbfRpDJpe14am9HkWj4J2dQMx2hpvvg5UOjhAJXAV2c
+SECCUxC8v8c7aJC2gi3l9GXQzG0ZzJX5e6xKlK0O3ktDHYcHkhOQgINkNTkE/OXpbLO2H1CU
+OGVQXBdGubaFtRy1F+jWRZ3YsiawysRwSq5gpN2z2ez8O9VXcrw/yMmy3ktr+CNsA8AFvZXH
+zXM7ZoBk4xqsLvlHBfIGtptz9XgzW8eh+ycqobSakYyR0zqCPnZAtM1SYVFwKD/FxVryyYxJ
+uxRbTcj/Z01MEpat9f54qJeH1/1eIIDcoUsi+9SJrbrOR5dHVXuPRchnKISVHGgw7+9J4DV7
+ZOeYsJTaTYU7PlXEKK9X854T20Ynnx6iXkSDpKXK1ROzSz/E48LmhmGkUjC5eiBPbw84U8sz
+DBMrj9aavSrILbEcfUtRykfRSCdyXYfr1UXmSGWdr1KQuluiGGVXEp9oudQVa5TEaSKY9DPg
+7flRjkFQyTRPdpCs/DjB2OF7uePjlOFGacsOClBrE7qsDzdatxK1kIEeVq5XIobZydLR11Hj
+qzvGVf0eDtN0CtHaquppuJcoj0jEB/hSQzr0ylU1LLCmasCc+fKB4RJqwEXZZ7PO/yOiiQpU
+1BS5KqjX7PmrzSVYMnmPkFuYOcQIBsGsfw49AKUCAwEAAaNUMFIwDgYDVR0PAQH/BAQDAgGG
+MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAnLWX+GsnCPGsM548DZ6b+7TbIjMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBDAUAA4ICAQCsrz5dwhGWiY6j55LWlxW4E6KmQi4C
+zRYFWSfKIOi6uOga7E2ol1auZUOxjwCbUs1VzVM5bWJMiw1bfC5Ev4MQj/NTgoDDTzrHbhE/
+5uMWkYT7bYR/NHStiafOudfXn4Rkkr6Voa0JUzPd7grqSlGOb1WrurWURq6Mf9iiUCVlYIBG
+2zMErmy1mHRUJdyT5PjjVRU9uG3DCqQSwWmFbt9k8VOZ4Up1IJ2VD+TW3APxWRjoR4myV1qU
+tqnYFysXSeV2y8FWmTo3sf9pLJGRk+HfTKM3dk2hn/htHh3T+uz79EUdE23P91nlIidyK4bz
+V7sw7SRN3H1Wu6Oz+DR5icHg8gJh96b8D7scFwuuQdl8vSej/S460ZOUsXMdJIuvWyCJrbdn
+Znn1OsamljP+U5LIRrERkcaZf4/J1mYxIEEQhy0M1sGvNJjKZIP7E1fRwfA8eoylwf2VIaBx
+wZNncRLqj4gKaRlkmSNW+6wqLnC+ZsQMhO/li/OTAfhqkJNnS7Joo7Vij+k/jHo7Xg/njLjG
+fO83/XTiyE8zcuGUOW29Eq++DE5wfBtvjbMyk3NEFm3o9PfglYCPll04pPSr3gowh5PYTQBx
+YkUnSzpChFt/ZbdnNFItnBZrqqjYe6NCTHHHDMo+g+Sm77cBMF5Ro3n1cGmmQUQPhrAskcY9
+6q4PhAAAAAIAD2dvZGFkZHljbGFzczJjYQAAAXwQWa1IAAVYLjUwOQAABAQwggQAMIIC6KAD
+AgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28g
+RGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYD
+VQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhH
+byBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0B
+AQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3/5O9nHPRlaLNXcaBed7vtm0np
+cIA9VhhjCG/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUn
+b6o3WPeHJtfYLfapF7cfcjZOphc/ZZiS2ypuXaL+iOAL3n/ljRXh68s61eISohMt2I6vXxI9
+oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq/HgDqU1/gMP6q1r8oUCk
+yhkW/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj/tWmQj4R0
+6pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSB
+hTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQK
+ExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw/zSRY3I47swc
+AaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2L
+QW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4
+jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFA
+shBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nwAAAAIAGm1p
+Y3Jvc2VjZS1zemlnbm9yb290Y2EyMDA5AAABfBBZrUgABVguNTA5AAAEDjCCBAowggLyoAMC
+AQICCQDCfkMETkc/GTANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCSFUxETAPBgNVBAcM
+CEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMScwJQYDVQQDDB5NaWNyb3NlYyBl
+LVN6aWdubyBSb290IENBIDIwMDkxHzAdBgkqhkiG9w0BCQEWEGluZm9AZS1zemlnbm8uaHUw
+HhcNMDkwNjE2MTEzMDE4WhcNMjkxMjMwMTEzMDE4WjCBgjELMAkGA1UEBhMCSFUxETAPBgNV
+BAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMScwJQYDVQQDDB5NaWNyb3Nl
+YyBlLVN6aWdubyBSb290IENBIDIwMDkxHzAdBgkqhkiG9w0BCQEWEGluZm9AZS1zemlnbm8u
+aHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp+I/zY63ahtin4EL7z5Hepib4
+maVjcK2brsozQH1tlm6hDkTu4ROdlEJSmr11hXQsqA4dk7YYt4wsqM/7XHG52uz+6H6P5C8d
+sqh1h9i3oeU7z5lKRtCDGX3AoRIclW1K9NjHpU0zLoU5QHV+FHyAEphQx0FnuKCAYVSmbE4f
+4J0OB+nJujPn/sBVKCwCgKcZ9Z7cVVMDl3sHSP+Z+zeKJMRZzFAQY46qqRqwhBqG+V+7sVBu
+pNEKzNVxfh+nG3z1U24iX8sr5tR8Xa7WwsZM5QUB2e1X/MEjefz6yCSDlfO1alEB0HfW6RKh
++RqD+4IbubCX9HYGM0NJoP8Ltfq1AgMBAAGjgYAwfjAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUyw/G30JDzD3LtUgjoRp6piq7NGgwHwYDVR0jBBgwFoAU
+yw/G30JDzD3LtUgjoRp6piq7NGgwGwYDVR0RBBQwEoEQaW5mb0BlLXN6aWduby5odTANBgkq
+hkiG9w0BAQsFAAOCAQEAydEOXi7VzLN8Psv8Pf8NKJWTBMi/2s15uEOQ8KS+7/LvIZi81NRd
+BvbuQuwwbKCqqcrxr4r6Pwtzaj7qLkB+H65UYXnrLgg31yPzjJ++HbHhpHXboOJUFLG6HCmk
+GPYSuqIUFOMxNchA/7fgBXZXwRxZ8vi/5O0lYlyE8H5+H7O++bchEcwDAVZwpxCSHhs0gR6t
+nBrDBDztAmHWHgbzXzqH8ivxRYflPazRx1eEvWuu3Nj5thticAs9NslC8jLXemHm0ts9z8ip
+yZvc21hE1284r39406OtGnW6HME2fI8ebRzDdUauNQWm9lw9Ie5W8MmCIi16VKtww30iZYJw
+lgAAAAIAMWhlbGxlbmljYWNhZGVtaWNhbmRyZXNlYXJjaGluc3RpdHV0aW9uc3Jvb3RjYTIw
+MTUAAAF8EFmtSAAFWC41MDkAAAYPMIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCB
+pjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh
+ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
+BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENB
+IDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkGA1UEBhMCR1Ix
+DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh
+cmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFj
+YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/
+TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL
+0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQ
+Ze104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
+FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4
+vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn
+6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g
++IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+O
+AXqlD3pk9Q0Yh9muiNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZ
+SRm2Ekax+0VVFqmjZaycBw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJ
+vXVdctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVs
+yIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc
+2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO0
+4wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY
+4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK0
+7/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEV
+vo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI
+/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evI
+IVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHKe7iG
+2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9qp/UsQu0y
+rbYhnr68AAAAAgAobWljcm9zb2Z0ZWNjcm9vdGNlcnRpZmljYXRlYXV0aG9yaXR5MjAxNwAA
+AXwQWa1IAAVYLjUwOQAAAl0wggJZMIIB36ADAgECAhBm8j2vh96LsUrqDFcxAcLsMAoGCCqG
+SM49BAMDMGUxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x
+NjA0BgNVBAMTLU1pY3Jvc29mdCBFQ0MgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAx
+NzAeFw0xOTEyMTgyMzA2NDVaFw00MjA3MTgyMzE2MDRaMGUxCzAJBgNVBAYTAlVTMR4wHAYD
+VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBFQ0MgUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzB2MBAGByqGSM49AgEGBSuBBAAiA2IABNS8
+PQJCdUETI82ABIYCUS9qqIFiC2XM9sqdHm9KZlGiA9mdkfq2FrGMbt58zdt5pi/Ou85xL+Wl
+qyjsYwRmmfj68pMQBeGBKELjxmj05huEYEqJr+15DzvO8fZE9QF4wKNUMFIwDgYDVR0PAQH/
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMjLmXJwUgz45r6yBFcpKs9CEO01
+MBAGCSsGAQQBgjcVAQQDAgEAMAoGCCqGSM49BAMDA2gAMGUCMFjyTeoM+V9e7mApyzry29Yy
+hBk/fNUvwrHMk65Quwkyxsbtfsk2lBLkaIUGohvQLwIxAJnpFrQO+lZI1KQwFpF421SMZQGK
+51BmwjG3Obq4GiIHTvxrVBYg/yu150wMTaZPcwAAAAIAMWhlbGxlbmljYWNhZGVtaWNhbmRy
+ZXNlYXJjaGluc3RpdHV0aW9uc3Jvb3RjYTIwMTEAAAF8EFmtSAAFWC41MDkAAAQ1MIIEMTCC
+AxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoTO0hl
+bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y
+aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRp
+b25zIFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJ
+BgNVBAYTAkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5z
+dGl0dXRpb25zIENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMg
+YW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTD
+N9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOd
+OFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0Hjz
+DQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DI
+Cto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyN
+h+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU
+ppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVk
+dTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
+A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p6z0GW5k6
+x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8TqBTnbI6nOulnJEW
+tk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD/md9zU1jZ/rz
+AxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N7yLcZnuE
+vUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4AAAAAgAiZ29k
+YWRkeXJvb3RjZXJ0aWZpY2F0ZWF1dGhvcml0eS1nMgAAAXwQWa1IAAVYLjUwOQAAA8kwggPF
+MIICraADAgECAgEAMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
+QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIElu
+Yy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIw
+HhcNMDkwOTAxMDAwMDAwWhcNMzcxMjMxMjM1OTU5WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29t
+LCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAt
+IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3FiCPH6WTT3G8kYo/eASVjp
+IoMTpsUgQwE7hPHmhUmfJ+r2hBtOoLTbcJjHMgGxBT4HTu70+k8vWTAi56sZVmvigAf88xZ1
+gDlRe+X5NbZ0TqmNghPktj+pA4P6or6KFWp/3gvDthkUBcrqw6gElDtGfDIN8wBmIsiNaW02
+jBEYt9OyHGC0OPoCjM7T3UYH3go+6118yHz7sCtTpJJiaVElBWEaRIGMLKlDliPfrDqBmg4p
+xRyp6V0etp6eMAo5zvGIgPtLXcwy7IViQyU0AlYnAZG0O3AqP26x6JyIAX2f1PnbU21gnb8s
+51iruF9G/M7EGwM8CetJMVxpRrPgRwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wDQYJKoZIhvcNAQEL
+BQADggEBAJnbXXnV+ZdZZwNh8X47BjF1LaEgjk9lh7T3ppy82Okv0Nta7s90jHO0OELaBXv4
+AnW4/aWx1672194Ty1MQfopG0Zf6ty4rEauQsCeA+eifWuk3n6vk32yzhRedPdkkT3mRNdZf
+BOuAg6uaAi21EPTYkMcEc0DtciWgqZ/snqtoEplXxo8SOgmkvUT9BhU3wZvkMqPtOOjYZPMs
+fhT8Auqfzf8HaBfbIpA4LXqN0VTxaeNfM8p6PXsK48p/Xznl4nW6xXYYM84s8C9Mrfex585P
+qMSbSlQGxX991QgP4hz+fhe4rF721BayQwkMTfana7SZhGXKeoji4kS+XPfqHPUAAAACAB5l
+cGtpcm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAW0MIIFsDCC
+A5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJU
+VzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAw
+MjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwg
+THRkLjEqMCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEh
+ajfqhFAHSyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh
+ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PR
+Yfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT
+1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB
+1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTF
+pmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8i
+QkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhB
+md8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2bi
+nZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC
+AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQFMAMBAf8w
+OQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLHClZ87lt4DJX5GFPB
+phzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B01GqZNF5sAFPZ
+n/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr
+8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsS
+tZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
+NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWv
+Y9+rGNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB
+o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjp
+Kdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQ
+w63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6
+aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZwAAAAC
+ACx0cnVzdHdhdmVnbG9iYWxlY2NwMzg0Y2VydGlmaWNhdGlvbmF1dGhvcml0eQAAAXwQWa1I
+AAVYLjUwOQAAAqEwggKdMIICJKADAgECAgwIvYWXbJknpIBoRzswCgYIKoZIzj0EAwMwgZEx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzEhMB8G
+A1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMTowOAYDVQQDEzFUcnVzdHdhdmUgR2xv
+YmFsIEVDQyBQMzg0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE3MDgyMzE5MzY0M1oX
+DTQyMDgyMzE5MzY0M1owgZExCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4G
+A1UEBxMHQ2hpY2FnbzEhMB8GA1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMTowOAYD
+VQQDEzFUcnVzdHdhdmUgR2xvYmFsIEVDQyBQMzg0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEa9oNdTUIMUcFrkWZVfEREy5K+BAxI6N+g9N/KAg6
+Jho6z5eCH4C3JwmP0Y4wxAqbDqxYBKv3Nn2UI6SbCoqLq+v9OSVm8V7+jK6NQXmdCWDOKKnT
+im3z1kXU8piEOGWgo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD
+VR0OBBYEFFWphInSwTK9GMtspgdOyOedvoKQMAoGCCqGSM49BAMDA2cAMGQCMDcBkpdFEn6g
+8z6tGTpy3fRQkwMSvkTST0GkjJydH6P2wpLnSBT+TpulkVeuxjdyuwIwZyUKsQxe7qljkm/l
+kAv+ZiLKR/2KMfeD/nq/EL4YKx6P9ikelFnvjiE3y1GYpW5LAAAAAgARZ2xvYmFsc2lnbnJv
+b3RlNDYAAAF8EFmtSAAFWC41MDkAAAIPMIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQd
+mOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
+LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2
+MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex
+HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASc
+DrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjqR+q+soArzfwoDdus
+vKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCjQjBAMA4GA1UdDwEB
+/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRLgLWi5h+xEk8b
+lTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMM
+A/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAez
+NIm8BZ/3Hobui3AAAAACACRzdGFyZmllbGRyb290Y2VydGlmaWNhdGVhdXRob3JpdHktZzIA
+AAF8EFmtSAAFWC41MDkAAAPhMIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzEL
+MAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAj
+BgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3
+MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw
+MAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNH
+ttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtr
+X8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/h
+bVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbUJtQI
+BFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQAR
+WfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB
+7LiKZ3sx4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoN
+AX3FWOdt5oUwF5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6
+nH7PfrHxBy22/L/KpL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztA
+gfd9fDL1mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0AAAAAgAoc3NsLmNvbWV2
+cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHlyc2FyMgAAAXwQWa1IAAVYLjUwOQAABe8wggXr
+MIID06ADAgECAghWtinNNLx49jANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRp
+b24xNzA1BgNVBAMMLlNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBS
+U0EgUjIwHhcNMTcwNTMxMTgxNDM3WhcNNDIwNTMwMTgxNDM3WjCBgjELMAkGA1UEBhMCVVMx
+DjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9y
+YXRpb24xNzA1BgNVBAMMLlNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSBSU0EgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCPNmVA4dZNwNe06Uba
+a+ozR81M+X19vr0tPfDbeOGGpdm6CVdo7Vc+oNAIQYPnKEEkH+NyFdABGvtecCOyy58548/F
+TsaSbSbGe7uz2iedCobpgTcF/vBxcezDHOljohcUne8bZ9OFVQIC1knJzFrhsfdvMp/J1DuI
+Qaicvcur2217CR+iTHKQ2isI/M88VM5nD6jPXZYZC8Tjcuut0X0dJ++S6xC/W+s7r8+A3cHS
+lgRben6kqTw4dqRijqA5Xup3z10AWY9mLD4HoqMFJhFpl+qFtw+WC0vIQOFQui6Ky/cPmiLn
+f5o3E83yTRNrIdHAzCLyoUb2RGmcymE1BwBv1mEIEeq6uPbps2DlTbnsnxRmyVdY282HafiK
+hhIDR79mE3asd300JIWDzdeqnJAanyEsf3i3ZLjY6Kb0eLNVy4TSMsR4rqOPYd3OCFOt7Ij8
+FeSaDeafGnfOTI+4FBU9YpyGOAYAZhLkWXZaU8ACmKIQK2hEe455zjNKdqpbgRYbtYrY0AB7
+XmK0CdaGYw6mBZVJuiiLiJOyNBzYpFVutxzQ3plVOyP0IuD5KWYm7CBQd9tKC4++5QJgcEFe
+1K5QOSIUJsuyO3N0VUcHeYE5qDATROUEiq6WEyVCD7lTxJv8zeQc3jz6q9YGSh9nppgwHN0s
+29wYlVdmxv9ci1b1dwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFPlg
+u9Tj1TT2uPUGgCWnc9tGaaieMB0GA1UdDgQWBBT5YLvU49U09rj1BoAlp3PbRmmonjAOBgNV
+HQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAFazjssKnUmOv6TEkbtmFwVRmHX75VAs
+ep7xFPqr04o+/5Epj2OL2LSpVAENvpOGL/lKbcde9Vf5ylUcEr5HDzbF32q323XCRyV/ufFj
++GgtVQTR8o2wpM+8PF4feOeloCBwsATFt/dyp94iDb0zJUaMZJIm4z4uY5bam4w9+BgJ1wPM
+fYaC4MoEB1FQ1/+S1Qzv2oafmdfrt69o4jkmlLpot7+D0+p6Zz1iZ64l5XLo4uTsrhL2Sys8
+n+mwQPM4VLP9t2jI2saPUTyy+5HcHOebneG3DXKP4qTEqXj56xSsxkMFwmU5KBgCw4KynQW+
+Ze2WX2V0PPsJNS57nBP9Gw9dx22BOlYPzDvhrwIvIqxGykY8oBxM1kS0Xi5cFWYJ4SYp/sZS
+Ybqxc//DDJzlbGqUPxTKQBaVhPNZqaxfTGGTbdE7zKKVDCKmZ2dELrnZ0opBs2YLWvt9I6Xy
+GrD/3puDlC7RP9+St5GvBTtlx6Bssc1iEsOQG+MlzjS8b3d2sRDD9wUawNavdGJIF3eSaZBh
+HN6VgHRUjxgcw/MD0L+kQ3WGUxh6Ci4JHDafkf2CiiJL0Q5QJd3LAwwXyYMACE41TYqL7fAC
+lGYsRH/LlSeWF60JMKy2cRduixf2HAnULTuYpXHTVBPZYPP1S2ZP+vHuIBKNtKxXsUVjoax2
+qcL7CnxeFrtkDGW4gmo4NgQZjJ1bHLk=
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index f3ba8a24e0..32bba457ee 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -174,6 +174,9 @@
- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
name: updated-truststore
subPath: {{ $initRoot.truststoreOutputFileName }}
+- mountPath: /etc/ssl/certs/ca-certificates.crt
+ name: updated-truststore
+ subPath: ca-certificates.crt
{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml
index 331a58c310..2acb423511 100644
--- a/kubernetes/common/certInitializer/templates/job.yaml
+++ b/kubernetes/common/certInitializer/templates/job.yaml
@@ -20,12 +20,13 @@ kind: Job
{{- $suffix := "set-tls-secret" }}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
spec:
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }}
containers:
- - name: create tls secret
+ - name: create-tls-secret
command:
- /ingress/onboard.sh
image: {{ include "repositoryGenerator.image.kubectl" . }}
@@ -41,4 +42,5 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-ingress
defaultMode: 0777
+ restartPolicy: Never
{{- end}}
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 02595b348d..4b8438ace2 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -35,5 +35,5 @@ global:
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
diff --git a/kubernetes/common/common/templates/_affinities.tpl b/kubernetes/common/common/templates/_affinities.tpl
index f0802be29d..bf7ae497ca 100644
--- a/kubernetes/common/common/templates/_affinities.tpl
+++ b/kubernetes/common/common/templates/_affinities.tpl
@@ -23,7 +23,7 @@ Return a soft nodeAffinity definition
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
+ - key: {{ .key }}
operator: In
values:
{{- range .values }}
@@ -40,7 +40,7 @@ Return a hard nodeAffinity definition
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
+ - key: {{ .key }}
operator: In
values:
{{- range .values }}
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
index 704bd06a49..d28494aacd 100644
--- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -142,7 +142,7 @@
cd /opt/app/config/cache
for file in $(ls feed*); do
NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | grep -w "feedlog" | cut -d '"' -f4)"
export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)"
done
for file in $(ls drpub*); do
diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl
index 2490debffb..9d284de500 100644
--- a/kubernetes/common/common/templates/_secret.tpl
+++ b/kubernetes/common/common/templates/_secret.tpl
@@ -193,7 +193,7 @@ type: Opaque
{{- $entry := dict }}
{{- $uid := tpl (default "" $secret.uid) $global }}
{{- $keys := keys $secret }}
- {{- range $key := (without $keys "annotations" "filePaths" )}}
+ {{- range $key := (without $keys "annotations" "filePaths" "envs" )}}
{{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
{{- end }}
{{- if $secret.annotations }}
@@ -213,12 +213,21 @@ type: Opaque
{{- $_ := set $entry "filePaths" $secret.filePaths }}
{{- end }}
{{- end }}
+ {{- if $secret.envs }}
+ {{- $envsCache := (list) }}
+ {{- range $env := $secret.envs }}
+ {{- $tplValue := tpl (default "" $env.value) $global }}
+ {{- $envsCache = append $envsCache (dict "name" $env.name "policy" $env.policy "value" $tplValue) }}
+ {{- end }}
+ {{- $_ := set $entry "envs" $envsCache }}
+ {{- end }}
{{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
{{- $_ := set $entry "realName" $realName }}
{{- $_ := set $secretCache $uid $entry }}
{{- end }}
{{- $_ := set $global.Values "_secretsCache" $secretCache }}
{{- end }}
+
{{- end -}}
{{/*
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 8489cc5021..a488e0d5fa 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -13,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{/*
Resolve the name of a chart's service.
@@ -122,6 +121,11 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent
{{- if (include "common.needTLS" $dot) }}
- port: {{ $port.port }}
targetPort: {{ $port.name }}
+{{- if $port.l4_protocol }}
+ protocol: {{ $port.l4_protocol }}
+{{- else }}
+ protocol: TCP
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%ss-%s" $port.port_protocol $port.name }}
{{- else }}
@@ -133,6 +137,11 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent
{{- else }}
- port: {{ default $port.port $port.plain_port }}
targetPort: {{ $port.name }}
+{{- if $port.plain_port_l4_protocol }}
+ protocol: {{ $port.plain_port_l4_protocol }}
+{{- else }}
+ protocol: {{ default "TCP" $port.l4_protocol }}
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%s-%s" $port.port_protocol $port.name }}
{{- else }}
@@ -143,6 +152,11 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent
{{- if (eq $serviceType "ClusterIP") }}
- port: {{ $port.plain_port }}
targetPort: {{ $port.name }}-plain
+{{- if $port.plain_l4_port_protocol }}
+ protocol: {{ $port.plain_port_l4_protocol }}
+{{- else }}
+ protocol: {{ default "TCP" $port.l4_protocol }}
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%s-%s" $port.port_protocol $port.name }}
{{- else }}
@@ -309,6 +323,16 @@ true
{{- end }}
{{- end -}}
+{{/*
+ generate needed scheme:
+ - https if needTLS
+ - http if not
+*/}}
+
+{{- define "common.scheme" -}}
+ {{- ternary "https" "http" (eq "true" (include "common.needTLS" .)) }}
+{{- end -}}
+
{{- define "common.port.buildCache" -}}
{{- $global := . }}
{{- if not $global.Values._DmaapDrNodePortsCache }}
diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl
index 4457762754..d4fc182b34 100644
--- a/kubernetes/common/common/templates/_serviceMesh.tpl
+++ b/kubernetes/common/common/templates/_serviceMesh.tpl
@@ -25,3 +25,15 @@ true
{{- end -}}
{{- end -}}
{{- end -}}
+
+{{- define "common.serviceMesh.killSidecar" -}}
+{{- if (include "common.onServiceMesh" .) }}
+RCODE="$?";
+echo "*** script finished with exit code $RCODE" ;
+echo "*** killing service mesh sidecar" ;
+curl -sf -X POST http://127.0.0.1:15020/quitquitquit ;
+echo "" ;
+echo "*** exiting with script exit code" ;
+exit "$RCODE"
+{{- end }}
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_serviceMonitor.tpl b/kubernetes/common/common/templates/_serviceMonitor.tpl
new file mode 100644
index 0000000000..eb6c047c2f
--- /dev/null
+++ b/kubernetes/common/common/templates/_serviceMonitor.tpl
@@ -0,0 +1,166 @@
+{{/*
+# Copyright © 2021 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ Resolve the name of a chart's serviceMonitor.
+
+ The default will be the chart name (or $dot.Values.nameOverride if set).
+ And the use of .Values.metrics.serviceMonitor.name overrides all.
+
+ - .Values.metrics.serviceMonitor.name: override default serviceMonitor (ie. chart) name
+ Example values file addition:
+ metrics:
+ serviceMonitor:
+ enabled: true
+ port: blueprints-processor-http
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /metrics
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # interval: 60s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
+*/}}
+{{/*
+ Expand the serviceMonitor name for a chart.
+*/}}
+{{- define "common.serviceMonitorName" -}}
+ {{- $name := default .Chart.Name .Values.nameOverride -}}
+ {{- default $name .Values.metrics.serviceMonitor.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Define the metadata of serviceMonitor
+ The function takes from one to four arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : a string which will be added at the end of the name (with a '-').
+ - .annotations: the annotations to add
+ - .labels : labels to add
+ Usage example:
+ {{ include "common.serviceMonitorMetadata" ( dict "suffix" "myService" "dot" .) }}
+ {{ include "common.serviceMonitorMetadata" ( dict "annotations" .Values.metrics.serviceMonitor.annotation "dot" .) }}
+*/}}
+
+{{- define "common.serviceMonitorMetadata" -}}
+{{- $dot := default . .dot -}}
+{{- $annotations := default "" .annotations -}}
+{{- $labels := default (dict) .labels -}}
+{{- if $annotations -}}
+annotations:
+{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }}
+{{- end }}
+name: {{ include "common.serviceMonitorName" $dot }}
+{{- if $dot.Values.metrics.serviceMonitor.namespace }}
+namespace: {{ $dot.Values.metrics.serviceMonitor.namespace }}
+{{- else }}
+namespace: {{ include "common.namespace" $dot }}
+{{- end }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
+{{- end -}}
+
+{{/*
+ Create service monitor template
+*/}}
+{{- define "common.serviceMonitor" -}}
+{{- $dot := default . .dot -}}
+{{- $labels := default (dict) .labels -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+{{- include "common.serviceMonitorMetadata" $dot | nindent 2 }}
+spec:
+ endpoints:
+ - path: {{ default "/metrics" $dot.Values.metrics.serviceMonitor.path }}
+ {{- if $dot.Values.metrics.serviceMonitor.port }}
+ port: {{ $dot.Values.metrics.serviceMonitor.port }}
+ {{- else if $dot.Values.metrics.serviceMonitor.targetPort }}
+ targetPort: {{ $dot.Values.metrics.serviceMonitor.targetPort }}
+ {{- else }}
+ port: metrics
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.basicAuth.enabled }}
+ basicAuth:
+ username:
+ key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretUserKey }}
+ name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }}
+ password:
+ key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretPasswordKey }}
+ name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.interval }}
+ interval: {{ $dot.Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ $dot.Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.relabelings "context" $dot) | nindent 6 }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.metricRelabelings "context" $dot) | nindent 6 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ include "common.namespace" $dot }}
+ selector:
+ {{- if $dot.Values.metrics.serviceMonitor.selector }}
+ matchLabels: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.selector "context" $dot) | nindent 6 }}
+ {{- else }}
+ matchLabels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 6 }}
+ {{- end }}
+{{- end -}}
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index 0f91bbd882..681c6afc4f 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -69,7 +69,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.1.1
+image: onap/ccsdk-dgbuilder-image:1.2.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
index 6c3b41f5a5..6d1ed40e13 100644
--- a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
+++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2020 Bitnami, Orange
+# Copyright © 2021 Bitnami, Orange, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,38 +14,6 @@
# limitations under the License.
*/}}
-{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: {{ template "common.fullname" . }}
- {{- if .Values.metrics.serviceMonitor.namespace }}
- namespace: {{ .Values.metrics.serviceMonitor.namespace }}
- {{- else }}
- namespace: {{ include "common.namespace" . }}
- {{- end }}
- labels: {{- include "common.labels" . | nindent 4 }}
- {{- range $key, $value := .Values.metrics.serviceMonitor.selector }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
-spec:
- selector:
- matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
- endpoints:
- - port: metrics
- {{- if .Values.metrics.serviceMonitor.interval }}
- interval: {{ .Values.metrics.serviceMonitor.interval }}
- {{- end }}
- {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
- scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
- {{- end }}
- {{- if .Values.metrics.serviceMonitor.relabelings }}
- relabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
- {{- end }}
- {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
- metricRelabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
- {{- end }}
- namespaceSelector:
- matchNames:
- - {{ .Release.Namespace }}
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 7b0d90a9aa..bb3af76115 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -1,5 +1,6 @@
{{/*
-# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs
+# Copyright © 2018,2021 Bell Canada
# Copyright © 2019 Samsung Electronics
# Copyright © 2019-2020 Orange
# Copyright © 2020 Bitnami
@@ -202,14 +203,20 @@ spec:
httpGet:
path: /metrics
port: metrics
- initialDelaySeconds: 30
- timeoutSeconds: 5
+ initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /metrics
port: metrics
- initialDelaySeconds: 5
- timeoutSeconds: 1
+ initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
{{ include "common.containerSecurityContext" . | indent 10 | trim }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
@@ -223,7 +230,7 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
{{- if .Values.affinity }}
- affinity: {{- include "common.tplvalues" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+ affinity: {{- include "common.tplValue" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
@@ -231,10 +238,10 @@ spec:
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
- nodeSelector: {{- include "common.tplvalues" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ nodeSelector: {{- include "common.tplValue" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
- tolerations: {{- include "common.tplvalues" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
{{- end }}
volumes:
- name: previous-boot
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index ed9977acd9..bc9273f41f 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs
+# Copyright © 2018,2021 Bell Canada
# Copyright © 2019 Samsung Electronics
# Copyright © 2020 Bitnami, Orange
#
@@ -560,6 +561,23 @@ metrics:
requests:
cpu: 0.5
memory: 256Mi
+ ## MariaDB Galera metrics container's liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
## MySQL Prometheus exporter service parameters
##
service:
diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh
index f130bb5118..df7c336405 100755
--- a/kubernetes/common/mariadb-init/resources/config/db_init.sh
+++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh
@@ -21,8 +21,8 @@
set -e
while read DB ; do
- USER_VAR="MYSQL_USER_${DB^^}"
- PASS_VAR="MYSQL_PASSWORD_${DB^^}"
+ USER_VAR="MYSQL_USER_$(echo $DB | tr '[:lower:]' '[:upper:]')"
+ PASS_VAR="MYSQL_PASSWORD_$(echo $DB | tr '[:lower:]' '[:upper:]')"
{{/*
# USER=${!USER_VAR}
# PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
diff --git a/kubernetes/common/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh
index e3cee36f1f..eb84b084d0 100755
--- a/kubernetes/common/music/resources/config/startup.sh
+++ b/kubernetes/common/music/resources/config/startup.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
{{/*
-#
# ============LICENSE_START==========================================
# org.onap.music
# ===================================================================
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index daf29ccca9..c1717c3d24 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -74,7 +74,7 @@ mariadb-init:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.1.1
+image: onap/ccsdk-apps-ms-neng:1.2.0
pullPolicy: IfNotPresent
# application configuration
diff --git a/kubernetes/common/postgres/configs/setup.sql b/kubernetes/common/postgres/configs/setup.sql
index f60b473242..b564e4cec1 100644
--- a/kubernetes/common/postgres/configs/setup.sql
+++ b/kubernetes/common/postgres/configs/setup.sql
@@ -32,9 +32,9 @@ CREATE EXTENSION IF NOT EXISTS pgaudit;
CREATE SCHEMA IF NOT EXISTS "${PG_USER}";
CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable (
- name varchar(30) PRIMARY KEY,
- value varchar(50) NOT NULL,
- updatedt timestamp NOT NULL
+ name varchar(30) PRIMARY KEY,
+ value varchar(50) NOT NULL,
+ updatedt timestamp NOT NULL
);
INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now());
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml
index e2a84b4151..0be6c7bbd6 100644
--- a/kubernetes/common/roles-wrapper/templates/role.yaml
+++ b/kubernetes/common/roles-wrapper/templates/role.yaml
@@ -32,6 +32,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -52,6 +53,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -59,6 +61,7 @@ rules:
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
@@ -68,6 +71,7 @@ rules:
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
@@ -76,6 +80,8 @@ rules:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
@@ -85,7 +91,8 @@ rules:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
@@ -95,6 +102,13 @@ rules:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself
diff --git a/kubernetes/esr/components/esr-gui/.helmignore b/kubernetes/common/timescaledb/.helmignore
index f0c1319444..50af031725 100644
--- a/kubernetes/esr/components/esr-gui/.helmignore
+++ b/kubernetes/common/timescaledb/.helmignore
@@ -19,3 +19,4 @@
.project
.idea/
*.tmproj
+.vscode/
diff --git a/kubernetes/common/timescaledb/Chart.yaml b/kubernetes/common/timescaledb/Chart.yaml
new file mode 100644
index 0000000000..7aeafa01f2
--- /dev/null
+++ b/kubernetes/common/timescaledb/Chart.yaml
@@ -0,0 +1,23 @@
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+appVersion: "1.0"
+description: ONAP timescaledb
+name: timescaledb
+version: 8.0.0
diff --git a/kubernetes/esr/components/esr-gui/requirements.yaml b/kubernetes/common/timescaledb/requirements.yaml
index 343812db25..de0c414c19 100644
--- a/kubernetes/esr/components/esr-gui/requirements.yaml
+++ b/kubernetes/common/timescaledb/requirements.yaml
@@ -1,25 +1,28 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+
# http://www.apache.org/licenses/LICENSE-2.0
-#
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
dependencies:
- name: common
version: ~8.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- - name: repositoryGenerator
+ - name: serviceAccount
version: ~8.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/timescaledb/resources/init/init-schema.sh b/kubernetes/common/timescaledb/resources/init/init-schema.sh
new file mode 100644
index 0000000000..9cc0f5ff9f
--- /dev/null
+++ b/kubernetes/common/timescaledb/resources/init/init-schema.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -e
+set echo on;
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+ CREATE USER $DB_USERNAME WITH PASSWORD '$DB_PASSWORD';
+ CREATE SCHEMA $POSTGRES_DB;
+ GRANT ALL PRIVILEGES ON SCHEMA $POSTGRES_DB TO $DB_USERNAME;
+ CREATE EXTENSION IF NOT EXISTS timescaledb WITH SCHEMA $POSTGRES_DB;
+EOSQL
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/common/timescaledb/templates/configmap-init.yaml
index bc689cc68f..82c1de6255 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
+++ b/kubernetes/common/timescaledb/templates/configmap-init.yaml
@@ -1,38 +1,33 @@
-{{ if .Values.global.cmpv2Enabled }}
-
+{{/*
# ============LICENSE_START=======================================================
-# Copyright (c) 2020 Nokia
+# Copyright (c) 2021 Bell Canada.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
-kind: Service
+kind: ConfigMap
metadata:
- annotations:
- prometheus.io/port: "8443"
- prometheus.io/scheme: https
- prometheus.io/scrape: "true"
- labels:
- control-plane: controller-manager
- name: {{ .Values.service.name }}
+ name: {{ include "common.fullname" . }}-init
namespace: {{ include "common.namespace" . }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.ports.name }}
- port: {{ .Values.service.ports.port }}
- targetPort: {{ .Values.service.ports.targetPort }}
- selector:
- control-plane: controller-manager
-{{ end }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ init-schema.sh: |-
+{{ .Files.Get "resources/init/init-schema.sh" | indent 4}}
diff --git a/kubernetes/esr/values.yaml b/kubernetes/common/timescaledb/templates/pv.yaml
index 5b2f776dfe..f99b5f3562 100644
--- a/kubernetes/esr/values.yaml
+++ b/kubernetes/common/timescaledb/templates/pv.yaml
@@ -1,26 +1,21 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+
# http://www.apache.org/licenses/LICENSE-2.0
-#
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-esr-gui:
- enabled: true \ No newline at end of file
+{{ include "common.PV" . }}
diff --git a/kubernetes/common/timescaledb/templates/secrets.yaml b/kubernetes/common/timescaledb/templates/secrets.yaml
new file mode 100644
index 0000000000..c888d48b6c
--- /dev/null
+++ b/kubernetes/common/timescaledb/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/timescaledb/templates/service.yaml b/kubernetes/common/timescaledb/templates/service.yaml
new file mode 100644
index 0000000000..c205ff4889
--- /dev/null
+++ b/kubernetes/common/timescaledb/templates/service.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
new file mode 100644
index 0000000000..0bd7d30478
--- /dev/null
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -0,0 +1,87 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ {{ include "common.podSecurityContext" . | indent 10 | trim}}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ exec:
+ command: ["psql", "-w", "-U", "{{ .Values.config.pgRootUserName }}", "-c", "select 1"]
+ initialDelaySeconds: 5
+ periodSeconds: 60
+ readinessProbe:
+ exec:
+ command: ["psql", "-w", "-U", "{{ .Values.config.pgRootUserName }}", "-c", "select 1"]
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 14 }}
+ - name: POSTGRES_DB
+ value: {{ .Values.config.pgDatabase }}
+ - name: POSTGRES_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "login") | indent 14 }}
+ - name: POSTGRES_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "password") | indent 14 }}
+ - name: PGDATA
+ value: /var/lib/postgresql/data/pgdata
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-init
+ mountPath: /docker-entrypoint-initdb.d
+ - name: {{ include "common.fullname" . }}
+ mountPath: /var/lib/postgresql/data
+ volumes:
+ - name: {{ include "common.fullname" . }}-init
+ configMap:
+ name: {{ include "common.fullname" . }}-init
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+ volumeClaimTemplates:
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
+{{- end }}
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
new file mode 100644
index 0000000000..258f516ff0
--- /dev/null
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -0,0 +1,128 @@
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+replicaCount: 1
+global:
+ persistence: {}
+
+#################################################################
+# Secrets.
+##############################################################
+image: timescale/timescaledb:2.1.1-pg13
+
+pullPolicy: Always
+containerPorts: 5432
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ nameOverride: timescaledb
+ roles:
+ - read
+
+securityContext:
+ # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
+ user_id: 70
+ group_id: 70
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+service:
+ type: ClusterIP
+ name: timescaledb
+ ports:
+ - name: tcp-timescaledb
+ port: 5432
+
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+
+config:
+ pgUserName: timescaledb
+ pgRootUserName: postgres
+ pgDatabase: timescaledb
+
+secrets:
+ - uid: root-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ login: '{{ .Values.config.pgRootUserName }}'
+ password: '{{ .Values.config.pgRootpassword }}'
+ - uid: user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+
diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh
index 590d651f87..596ace6ad5 100755
--- a/kubernetes/config/prepull_docker.sh
+++ b/kubernetes/config/prepull_docker.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#function to provide help
#desc: this function provide help menu
@@ -102,7 +102,7 @@ do
for line in `parse_yaml $filename`
do
#skiping commented line
- if [ "${line:0:1}" != '#' ]; then
+ if echo "$line" | grep -v '^#' >/dev/null; then
#find all image subtag inside converted values.yaml file's lines
if echo $line | grep -q $IMAGE_TEXT ; then
#find imageName inside line
@@ -110,7 +110,7 @@ do
#remove attional prefix and postfix
imageNameFinal=`echo "$imageName" | sed -e 's/^"//' -e 's/"$//' `
- #check if line contain Version as a subtag in lines if yes then call docker pull with version
+ #check if line contain Version as a subtag in lines if yes then call docker pull with version
if echo $line | grep -q $IMAGE_VERSION_TEXT ; then
echo docker pull "$imageNameWithVersion":"$imageNameFinal"
docker pull $imageNameWithVersion:$imageNameFinal &
diff --git a/kubernetes/esr/Makefile b/kubernetes/consul/Makefile
index 4c79718d02..92102d2dfc 100644
--- a/kubernetes/esr/Makefile
+++ b/kubernetes/consul/Makefile
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/esr/components/Makefile b/kubernetes/consul/components/Makefile
index bf267b7720..e9159f32a9 100644
--- a/kubernetes/esr/components/Makefile
+++ b/kubernetes/consul/components/Makefile
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/consul/components/consul-server/requirements.yaml b/kubernetes/consul/components/consul-server/requirements.yaml
index 7afdbc936e..e43236def8 100644
--- a/kubernetes/consul/components/consul-server/requirements.yaml
+++ b/kubernetes/consul/components/consul-server/requirements.yaml
@@ -20,3 +20,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/consul/components/consul-server/templates/statefulset.yaml b/kubernetes/consul/components/consul-server/templates/statefulset.yaml
index 16fda3a510..8e872b9c87 100644
--- a/kubernetes/consul/components/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/components/consul-server/templates/statefulset.yaml
@@ -74,3 +74,4 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/consul/components/consul-server/values.yaml b/kubernetes/consul/components/consul-server/values.yaml
index 48a26effd7..d4e649444a 100644
--- a/kubernetes/consul/components/consul-server/values.yaml
+++ b/kubernetes/consul/components/consul-server/values.yaml
@@ -92,3 +92,9 @@ securityContext:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul-server
+ roles:
+ - read
diff --git a/kubernetes/consul/requirements.yaml b/kubernetes/consul/requirements.yaml
index 4d43035d04..1312294f29 100644
--- a/kubernetes/consul/requirements.yaml
+++ b/kubernetes/consul/requirements.yaml
@@ -26,4 +26,7 @@ dependencies:
- name: consul-server
version: ~8.x-0
repository: 'file://components/consul-server'
- condition: cds-command-executor.enabled
+ condition: consul-server.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem
index 5696aa3570..b842710c11 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem
+++ b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem
@@ -1,6 +1,6 @@
Bag Attributes
friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
+ localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
subject=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
issuer=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
-----BEGIN CERTIFICATE-----
diff --git a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem
index c7e386e55f..95de561981 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem
+++ b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem
@@ -1,6 +1,6 @@
Bag Attributes
friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
+ localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCbEKYweVNHsWR1
diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml
index 31546abd49..c5d12a4693 100644
--- a/kubernetes/consul/templates/deployment.yaml
+++ b/kubernetes/consul/templates/deployment.yaml
@@ -83,6 +83,7 @@ spec:
- mountPath: /consul/certs
name: consul-agent-certs-config
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: consul-agent-config-dir
emptyDir: {}
diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml
index 0f5d2861cc..e2aa181efb 100644
--- a/kubernetes/consul/values.yaml
+++ b/kubernetes/consul/values.yaml
@@ -109,3 +109,9 @@ securityContext:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml
index d6f5f56197..b7c4d1e7f8 100755
--- a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml
+++ b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
index c0c6b914fb..3b4dad55ec 100755
--- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
@@ -74,6 +74,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
index a7234caceb..4cf03b2482 100755
--- a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
+++ b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
@@ -80,3 +80,9 @@ service:
externalPort: 5432
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: awx-postgres
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/awx/requirements.yaml b/kubernetes/contrib/components/awx/requirements.yaml
index b015bd1216..222db3890e 100755
--- a/kubernetes/contrib/components/awx/requirements.yaml
+++ b/kubernetes/contrib/components/awx/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: awx-postgres
version: ~8.x-0
repository: 'file://components/awx-postgres'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/templates/statefulset.yaml
index 1f2c093742..9910aa4634 100644
--- a/kubernetes/contrib/components/awx/templates/statefulset.yaml
+++ b/kubernetes/contrib/components/awx/templates/statefulset.yaml
@@ -180,7 +180,7 @@ spec:
cpu: 500m
memory: 1Gi
serviceAccount: {{ include "common.fullname" . }}
- serviceAccountName: {{ include "common.fullname" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index 02642fd3fd..0a247c5743 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -109,3 +109,9 @@ service:
externalPort: 5672
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: awx
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml
index 31db08aa3a..284108c256 100644
--- a/kubernetes/contrib/components/ejbca/requirements.yaml
+++ b/kubernetes/contrib/components/ejbca/requirements.yaml
@@ -26,3 +26,9 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
index ad10240b94..94c95d6c30 100755
--- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
waitForEjbcaToStart() {
until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
@@ -8,16 +8,31 @@ waitForEjbcaToStart() {
}
configureEjbca() {
+ ejbca.sh ca init \
+ --caname ManagementCA \
+ --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
+ --tokenType soft \
+ --keyspec 3072 \
+ --keytype RSA \
+ -v 3652 \
+ --policy null \
+ -s SHA256WithRSA \
+ -type "x509"
ejbca.sh config cmp addalias --alias cmpRA
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
- ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate'
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA'
+ ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true
#Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
#Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
#ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
+ caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p')
+ ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject"
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
@@ -27,6 +42,13 @@ configureEjbca() {
ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
ejbca.sh config cmp dumpalias --alias cmp
ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+ #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
+ ejbca.sh roles addrole "Certificate Update Admin"
+ ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
+ ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}"
}
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 46f7d3521c..6bd5b259ea 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -61,6 +61,8 @@ spec:
env:
- name: INITIAL_ADMIN
value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+ - name: NO_CREATE_CA
+ value: "true"
- name: DATABASE_JDBC_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
- name: DATABASE_USER
@@ -92,6 +94,7 @@ spec:
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
name: "{{ include "common.fullname" . }}-config-script"
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
index 57d1e7848e..52e0e750a0 100644
--- a/kubernetes/contrib/components/ejbca/values.yaml
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -124,3 +124,9 @@ resources:
cpu: 20m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: ejbca
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml
index 50ff87c18b..1b6f2d7c93 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml b/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml
index c23e29a11d..05bbfc7738 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml
+++ b/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml
@@ -1,8 +1,8 @@
-external-key:
+external-key:
description: "The external-key uniquely identify the resources to a service within ONAP."
filterable: true
label: ONAP external key
- on_objects:
+ on_objects:
- ipam.models.IPAddress
required: true
type: text
diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml
index f1209cdb56..302166fcd6 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml
@@ -138,6 +138,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml
index 92f97c2620..27cd811ec1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml
@@ -112,3 +112,9 @@ readiness:
periodSeconds: 10
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-app
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml
index 50ff87c18b..1b6f2d7c93 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml
index 7bdf46f252..2d115f74bf 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml
@@ -61,6 +61,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml
index de131d30d0..a7d0dadbf1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml
@@ -81,3 +81,9 @@ service:
nodePort: 20
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-nginx
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml
index 50ff87c18b..1b6f2d7c93 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml
index 2caddeba49..8e05524fd1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml
@@ -64,6 +64,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml
index 572e23d53c..7e0a324aa1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml
@@ -80,3 +80,9 @@ service:
externalPort: 5432
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-postgres
+ roles:
+ - read
diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md
index dced68d7c6..72f522a000 100644
--- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md
+++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md
@@ -14,10 +14,10 @@ See post deploy info
1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke)
~~~yaml
dns:
- provider: coredns
- upstreamnameservers:
- - <cluster_ip>:31555
+ provider: coredns
+ upstreamnameservers:
+ - <cluster_ip>:31555
~~~
2. You can edit coredns configuration with command:
- kubectl -n kube-system edit configmap coredns
+ kubectl -n kube-system edit configmap coredns
diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
index 163877deca..3c66feeb46 100755
--- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
+++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
@@ -1,4 +1,4 @@
-#!/bin/bash -e
+#!/bin/sh -e
# Copyright 2020 Samsung Electronics Co., Ltd.
#
@@ -24,23 +24,24 @@ SPATH="$( dirname "$( which "$0" )" )"
usage() {
cat << ==usage
$0 [cluster_domain] [lb_ip] [helm_chart_args] ...
- [cluster_domain] Default value simpledemo.onap.org
- [lb_ip] Default value LoadBalancer IP
- [helm_chart_args] ... Optional arguments passed to helm install command
+ [cluster_domain] Default value simpledemo.onap.org
+ [lb_ip] Default value LoadBalancer IP
+ [helm_chart_args] ... Optional arguments passed to helm install command
$0 --help This message
$0 --info Display howto configure target machine
==usage
}
-target_machine_notice_info() {
+target_machine_notice_info()
+{
cat << ==infodeploy
Extra DNS server already deployed:
1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
==infodeploy
}
@@ -48,51 +49,51 @@ Extra DNS server already deployed:
list_node_with_external_addrs()
{
- local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- break
- fi
- done
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ break
+ fi
+ done
}
ingress_controller_ip() {
- local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
- if [ -z $metal_ns ]; then
- echo $CLUSTER_IP
- else
- list_node_with_external_addrs
- fi
+ local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
+ if [ -z $metal_ns ]; then
+ echo $CLUSTER_IP
+ else
+ list_node_with_external_addrs
+ fi
}
deploy() {
- local ingress_ip=$(ingress_controller_ip)
- initdir = $(pwd)
- cd $SPATH/bind9dns
- if [ $# -eq 0 ]; then
- local cl_domain="simpledemo.onap.org"
- else
- local cl_domain=$1
- shift
- fi
- if [ $# -ne 0 ]; then
- ingress_ip=$1
- shift
- fi
- helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
- cd $initdir
- target_machine_notice_info
+ local ingress_ip=$(ingress_controller_ip)
+ initdir = $(pwd)
+ cd $SPATH/bind9dns
+ if [ $# -eq 0 ]; then
+ local cl_domain="simpledemo.onap.org"
+ else
+ local cl_domain=$1
+ shift
+ fi
+ if [ $# -ne 0 ]; then
+ ingress_ip=$1
+ shift
+ fi
+ helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
+ cd $initdir
+ target_machine_notice_info
}
if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
-elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
+ usage
+elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then
+ usage
elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then
target_machine_notice_info
else
- deploy $@
+ deploy $@
fi
diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
index bf2bc121a7..c62e2a51bd 100755
--- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
+++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
@@ -1,4 +1,5 @@
-#!/bin/bash -e
+#!/bin/sh -e
+
#
# Copyright 2020 Samsung Electronics Co., Ltd.
#
@@ -15,7 +16,8 @@
# limitations under the License.
#
-usage() {
+usage()
+{
cat << ==usage
$0 Automatic configuration using external addresess from nodes
$0 --help This message
@@ -27,14 +29,14 @@ $0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges
find_nodes_with_external_addrs()
{
- local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- fi
- done
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ fi
+ done
}
generate_config_map()
@@ -56,32 +58,32 @@ CNFEOF
}
generate_config_from_single_addr() {
- generate_config_map "$1 - $1"
+ generate_config_map "$1 - $1"
}
install_metallb() {
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
- # Only when install
- kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
+ # Only when install
+ kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
}
automatic_configuration() {
- install_metallb
- generate_config_from_single_addr $(find_nodes_with_external_addrs)
+ install_metallb
+ generate_config_from_single_addr $(find_nodes_with_external_addrs)
}
manual_configuration() {
- install_metallb
- generate_config_map $@
+ install_metallb
+ generate_config_map $@
}
if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
+ usage
if [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
+ usage
elif [ $# -eq 0 ]; then
- automatic_configuration
+ automatic_configuration
else
- manual_configuration $@
+ manual_configuration $@
fi
diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh
index 543e918cfa..9705ee6ea8 100755
--- a/kubernetes/contrib/tools/check-for-staging-images.sh
+++ b/kubernetes/contrib/tools/check-for-staging-images.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2020 Samsung Electronics
#
diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh
index 2ee123b36a..a8938a96ee 100755
--- a/kubernetes/contrib/tools/rke/rke_setup.sh
+++ b/kubernetes/contrib/tools/rke/rke_setup.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
#############################################################################
# Copyright © 2019 Bell.
#
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index f181b82fec..0bc7d5bccb 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -16,25 +16,7 @@
# limitations under the License.
*/}}
-server:
- port: 8080
-
-rest:
- api:
- cps-base-path: /cps/api
- xnf-base-path: /cps-nf-proxy/api
-
spring:
- main:
- banner-mode: "off"
- jpa:
- ddl-auto: create
- open-in-view: false
- properties:
- hibernate:
- enable_lazy_load_no_trans: true
- dialect: org.hibernate.dialect.PostgreSQLDialect
-
datasource:
url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
username: ${DB_USERNAME}
@@ -42,46 +24,32 @@ spring:
driverClassName: org.postgresql.Driver
initialization-mode: always
- cache:
- type: caffeine
- cache-names: yangSchema
- caffeine:
- spec: maximumSize=10000,expireAfterAccess=10m
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/health/**,/manage/info,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
-
-# Actuator
-management:
- endpoints:
- web:
- base-path: /manage
- exposure:
- include: info,health,loggers
- endpoint:
- health:
- show-details: always
- # kubernetes probes: liveness and readiness
- probes:
- enabled: true
- loggers:
- enabled: true
-
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
logging:
level:
org:
springframework: {{ .Values.logging.level }}
+dmi:
+ auth:
+ username: ${DMI_USERNAME}
+ password: ${DMI_PASSWORD}
+
+{{- if .Values.config.eventPublisher }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
-
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
+
diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index 2047a39497..e6ee161feb 100644
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -21,6 +21,12 @@ kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
@@ -47,6 +53,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: CPS_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: DMI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..a49a662aed
--- /dev/null
+++ b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index ae8bccd2a8..4f788e7977 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -17,15 +17,15 @@
#################################################################
secrets:
- uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-core-pg-root-pass'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-core-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
- uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-core-pg-user-creds'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-core-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
@@ -35,6 +35,12 @@ secrets:
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Global configuration defaults.
@@ -47,8 +53,9 @@ global:
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/cps-and-nf-proxy:1.0.1
+image: onap/cps-and-ncmp:2.0.0
containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
service:
type: ClusterIP
@@ -56,6 +63,24 @@ service:
ports:
- name: &port http
port: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
pullPolicy: Always
# flag to enable debugging - application support required
@@ -91,13 +116,13 @@ liveness:
# in debugger so K8s doesn't restart unresponsive container
enabled: true
path: /manage/health
- port: *port
+ port: *mgt_port
readiness:
initialDelaySeconds: 15
periodSeconds: 15
path: /manage/health
- port: *port
+ port: *mgt_port
ingress:
enabled: true
@@ -130,13 +155,31 @@ config:
spring:
profile: helm
#appUserPassword:
-
+ dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+ eventPublisher:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
+ spring.kafka.producer.client-id: cps-core
+
+ additional:
+ notification.data-updated.enabled: true
+ notification.data-updated.topic: cps.data-updated-events
+ notification.data-updated.filters.enabled-dataspaces: ""
+ notification.async.enabled: false
+ notification.async.executor.core-pool-size: 2
+ notification.async.executor.max-pool-size: 1
+ notification.async.executor.queue-capacity: 500
+ notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
+ notification.async.executor.thread-name-prefix: Async-
+
logging:
level: INFO
path: /tmp
@@ -145,18 +188,18 @@ logging:
# Postgres overriding defaults in the postgres
#################################################################
postgres:
- nameOverride: &postgresName cps-postgres
+ nameOverride: &postgresName cps-core-postgres
service:
name: *postgresName
- name2: cps-pg-primary
- name3: cps-pg-replica
+ name2: cps-core-pg-primary
+ name3: cps-core-pg-replica
container:
name:
- primary: cps-pg-primary
- replica: cps-pg-replica
+ primary: cps-core-pg-primary
+ replica: cps-core-pg-replica
persistence:
- mountSubPath: cps/data
- mountInitPath: cps
+ mountSubPath: cps-core/data
+ mountInitPath: cps-core
config:
pgUserName: cps
pgDatabase: cpsdb
@@ -165,4 +208,10 @@ postgres:
readinessCheck:
wait_for:
- - cps-postgres
+ - *postgresName
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
diff --git a/kubernetes/esr/.helmignore b/kubernetes/cps/components/cps-temporal/.helmignore
index 7ddbad7ef4..80b47d2723 100644
--- a/kubernetes/esr/.helmignore
+++ b/kubernetes/cps/components/cps-temporal/.helmignore
@@ -19,4 +19,4 @@
.project
.idea/
*.tmproj
-components/
+components/ \ No newline at end of file
diff --git a/kubernetes/cps/components/cps-temporal/Chart.yaml b/kubernetes/cps/components/cps-temporal/Chart.yaml
new file mode 100644
index 0000000000..ab4bfe7e42
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Configuration Persistance Service (CPS) - Temporal
+name: cps-temporal
+version: 8.0.0
diff --git a/kubernetes/cps/components/cps-temporal/requirements.yaml b/kubernetes/cps/components/cps-temporal/requirements.yaml
new file mode 100644
index 0000000000..b2293db9af
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/requirements.yaml
@@ -0,0 +1,34 @@
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: timescaledb
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
new file mode 100644
index 0000000000..32ae51b51a
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
@@ -0,0 +1,42 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+spring:
+ datasource:
+ url: jdbc:postgresql://{{ .Values.timescaledb.service.name }}:5432/{{ .Values.timescaledb.config.pgDatabase }}
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+
+security:
+ auth:
+ username: ${APP_USERNAME}
+ password: ${APP_PASSWORD}
+
+# Event consumption properties (kafka)
+{{- if .Values.config.eventConsumption }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+# Additional properties
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
+
+# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/cps-temporal/resources/config/logback.xml b/kubernetes/cps/components/cps-temporal/resources/config/logback.xml
new file mode 100644
index 0000000000..a64a58664b
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/resources/config/logback.xml
@@ -0,0 +1,44 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <!-- Logger for cps classes -->
+ <logger name="org.onap.cps" level="info"/>
+
+ <!-- Logger for sql statements. Set to info to disable, debug to enable -->
+ <logger name="org.hibernate.SQL" level="info"/>
+
+ <!-- Logger for sql bindings. Set to info to disable, to trace to enable -->
+ <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="info"/>
+
+ <!-- Logger for hibernate statistics. Set to warn to disable, to info to enable -->
+ <logger name="org.hibernate.engine.internal.StatisticalLoggingSessionEventListener" level="warn"/>
+
+ <root level="info">
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration> \ No newline at end of file
diff --git a/kubernetes/cps/components/cps-temporal/templates/configmap.yaml b/kubernetes/cps/components/cps-temporal/templates/configmap.yaml
new file mode 100644
index 0000000000..6d9e30fe16
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/templates/configmap.yaml
@@ -0,0 +1,24 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
diff --git a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
new file mode 100644
index 0000000000..806e65a865
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
@@ -0,0 +1,113 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: APP_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: APP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: SPRING_PROFILES_ACTIVE
+ value: {{ .Values.config.spring.profile }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /app/resources/application-helm.yml
+ subPath: application-helm.yml
+ name: init-data
+ - mountPath: /app/resources/logback.xml
+ subPath: logback.xml
+ name: init-data
+ - mountPath: /tmp
+ name: init-temp
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
+ - name: init-temp
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
diff --git a/kubernetes/cps/components/cps-temporal/templates/ingress.yaml b/kubernetes/cps/components/cps-temporal/templates/ingress.yaml
new file mode 100644
index 0000000000..0dc4d1ae47
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/templates/ingress.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/cps/components/cps-temporal/templates/secrets.yaml b/kubernetes/cps/components/cps-temporal/templates/secrets.yaml
new file mode 100644
index 0000000000..2a492061a3
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/templates/secrets.yaml
@@ -0,0 +1,22 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/cps/components/cps-temporal/templates/service.yaml b/kubernetes/cps/components/cps-temporal/templates/service.yaml
new file mode 100644
index 0000000000..c205ff4889
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/templates/service.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/cps/components/cps-temporal/templates/serviceMonitor.yaml b/kubernetes/cps/components/cps-temporal/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..a49a662aed
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml
new file mode 100644
index 0000000000..da055d0242
--- /dev/null
+++ b/kubernetes/cps/components/cps-temporal/values.yaml
@@ -0,0 +1,186 @@
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+passwordStrengthOverride: basic
+global:
+ ingress:
+ virtualhost:
+ baseurl: "simpledemo.temporal.onap.org"
+
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-temporal-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.timescaledb.config.pgUserExternalSecret) .) (hasSuffix "cps-temporal-pg-user-creds" .Values.timescaledb.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.timescaledb.config.pgUserName }}'
+ password: '{{ .Values.timescaledb.config.pgUserPassword }}'
+ passwordPolicy: generate
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.appUserName }}'
+ password: '{{ .Values.config.appUserPassword }}'
+ passwordPolicy: generate
+
+image: onap/cps-temporal:1.0.0
+containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
+
+prometheus:
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: cps-temporal
+ ports:
+ - name: http
+ port: *svc_port
+ targetPort: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
+
+pullPolicy: IfNotPresent
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ path: /manage/health
+ port: *mgt_port
+
+readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 15
+ path: /manage/health
+ port: *mgt_port
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "cps-temporal"
+ path: "/"
+ name: "cps-temporal"
+ port: *svc_port
+
+serviceAccount:
+ nameOverride: cps-temporal
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+config:
+ # REST API basic authentication credentials (passsword is generated if not provided)
+ appUserName: cpstemporal
+ spring:
+ profile: helm
+ #appUserPassword:
+
+ # Event consumption (kafka) properties
+ # All Kafka properties must be in "key: value" format instead of yaml.
+ eventConsumption:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: PLAINTEXT
+ spring.kafka.consumer.group-id: cps-temporal-group
+ app.listener.data-updated.topic: cps.data-updated-events
+
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+logging:
+ level: INFO
+ path: /tmp
+
+timescaledb:
+ nameOverride: cps-temporal-db
+ container:
+ name: cps-temporal-db
+ name: cpstemporaldb
+ service:
+ name: cps-temporal-db
+ persistence:
+ mountSubPath: cps-temporal/data
+ mountInitPath: cps-temporal
+ config:
+ pgUserName: cpstemporaldb
+ pgDatabase: cpstemporaldb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ serviceAccount:
+ nameOverride: cps-temporal-db
+
+readinessCheck:
+ wait_for:
+ - cps-temporal-db
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1 \ No newline at end of file
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/.helmignore b/kubernetes/cps/components/ncmp-dmi-plugin/.helmignore
new file mode 100644
index 0000000000..80b47d2723
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/ \ No newline at end of file
diff --git a/kubernetes/cps/README.md b/kubernetes/cps/components/ncmp-dmi-plugin/Chart.yaml
index 876da2ca57..e99111d859 100644
--- a/kubernetes/cps/README.md
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/Chart.yaml
@@ -1,22 +1,22 @@
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright (C) 2021 Pantheon.tech
-#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#============LICENSE_END============================================
-
-# Helm Chart for CPS Applications
-
-ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services:
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
-1) cps-core - Configuration Persistence Service together with Nf Configuration Persistence Service \ No newline at end of file
+apiVersion: v1
+description: ONAP Configuration Persistance Service (CPS) - NCMP-DMI-Plugin
+name: ncmp-dmi-plugin
+version: 8.0.0
diff --git a/kubernetes/esr/components/esr-server/requirements.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/requirements.yaml
index 343812db25..d1fbdd3182 100644
--- a/kubernetes/esr/components/esr-server/requirements.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/requirements.yaml
@@ -1,6 +1,6 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -12,14 +12,20 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
dependencies:
- name: common
version: ~8.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
new file mode 100644
index 0000000000..2e5018807c
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
@@ -0,0 +1,57 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+dmi:
+ service:
+ name: {{ .Values.config.dmiServiceName }}
+
+cps-core:
+ baseUrl: {{ .Values.config.cpsCore.url }}
+ auth:
+ username: ${CPS_CORE_USERNAME}
+ password: ${CPS_CORE_PASSWORD}
+
+sdnc:
+ baseUrl: {{ .Values.config.sdnc.url }}
+ topologyId: {{ .Values.config.sdnc.topologyId }}
+ auth:
+ username: ${SDNC_USERNAME}
+ password: ${SDNC_PASSWORD}
+
+security:
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
+ auth:
+ username: ${DMI_PLUGIN_USERNAME}
+ password: ${DMI_PLUGIN_PASSWORD}
+
+logging:
+ level:
+ org:
+ springframework: {{ .Values.logging.level }}
+ onap:
+ cps: {{ .Values.logging.cps }}
+
+
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
+
+# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/configmap.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/configmap.yaml
new file mode 100644
index 0000000000..7e8a0058ec
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/configmap.yaml
@@ -0,0 +1,24 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
new file mode 100644
index 0000000000..3d154dba64
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
@@ -0,0 +1,116 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DMI_PLUGIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PLUGIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: SDNC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 12 }}
+ - name: SDNC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 12 }}
+ - name: CPS_CORE_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }}
+ - name: CPS_CORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: SPRING_PROFILES_ACTIVE
+ value: {{ .Values.config.spring.profile }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /app/resources/application-helm.yml
+ subPath: application-helm.yml
+ name: init-data
+ - mountPath: /tmp
+ name: init-temp
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
+ - name: init-temp
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/ingress.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/ingress.yaml
new file mode 100644
index 0000000000..b3d1cafe15
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/ingress.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/secrets.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/secrets.yaml
new file mode 100644
index 0000000000..84e279d928
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/service.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/service.yaml
new file mode 100644
index 0000000000..4825d55c12
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/service.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..a49a662aed
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
new file mode 100644
index 0000000000..3f40a79b84
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
@@ -0,0 +1,180 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Secrets.
+#################################################################
+secrets:
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.appUserName }}'
+ password: '{{ .Values.config.appUserPassword }}'
+ passwordPolicy: generate
+ - uid: sdnc-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.sdnc.username }}'
+ password: '{{ .Values.config.sdnc.password }}'
+ passwordPolicy: required
+ - uid: cps-core-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cpsCore.credsExternalSecret) . }}'
+ login: '{{ .Values.config.cpsCore.username }}'
+ password: '{{ .Values.config.cpsCore.password }}'
+ passwordPolicy: generate
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ ingress:
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+
+image: onap/ncmp-dmi-plugin:1.0.0
+containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
+
+prometheus:
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: &svc_name ncmp-dmi-plugin
+ ports:
+ - name: &port http
+ port: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
+
+pullPolicy: IfNotPresent
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ path: /manage/health
+ port: *mgt_port
+
+readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 15
+ path: /manage/health
+ port: *mgt_port
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "ncmp-dmi-plugin"
+ path: "/"
+ name: *svc_name
+ port: *svc_port
+
+serviceAccount:
+ nameOverride: ncmp-dmi-plugin
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+config:
+
+ # REST API basic authentication credentials (passsword is generated if not provided)
+ appUserName: ncmpuser
+ #appUserPassword:
+ spring:
+ profile: helm
+
+ dmiServiceName: http://*svc_name:*svc_port
+ sdnc:
+ url: http://sdnc:8181
+ username: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ topologyId: topology-netconf
+ cpsCore:
+ url: http://cps-core:8080
+ username: cpsuser
+ #password:
+
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format insead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+logging:
+ level: INFO
+ cps: DEBUG
+ path: /tmp
+
+readinessCheck:
+ wait_for:
+ - cps-core
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
diff --git a/kubernetes/cps/requirements.yaml b/kubernetes/cps/requirements.yaml
index 9d044dcd13..053723331a 100644
--- a/kubernetes/cps/requirements.yaml
+++ b/kubernetes/cps/requirements.yaml
@@ -19,4 +19,12 @@ dependencies:
- name: cps-core
version: ~8.x-0
repository: '@local'
- condition: cps-core.enabled \ No newline at end of file
+ condition: cps-core.enabled
+ - name: cps-temporal
+ version: ~8.x-0
+ repository: '@local'
+ condition: cps-temporal.enabled
+ - name: ncmp-dmi-plugin
+ version: ~8.x-0
+ repository: '@local'
+ condition: ncmp-dmi-plugin.enabled \ No newline at end of file
diff --git a/kubernetes/cps/templates/secrets.yaml b/kubernetes/cps/templates/secrets.yaml
new file mode 100644
index 0000000000..84e279d928
--- /dev/null
+++ b/kubernetes/cps/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index 87bba7f1da..6093fa72fa 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -15,14 +15,45 @@
#################################################################
# Global configuration defaults.
#################################################################
+secrets:
+ - uid: core-app-user-creds
+ name: &core-creds-secret '{{ include "common.release" . }}-cps-core-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.coreUserExternalSecret) . }}'
+ login: '{{ .Values.config.coreUserName }}'
+ password: '{{ .Values.config.coreUserPassword }}'
+ passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ name: &dmi-plugin-creds-secret '{{ include "common.release" . }}-cps-dmi-plugin-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
+
passwordStrengthOverride: basic
global:
ingress:
virtualhost:
baseurl: "simpledemo.onap.org"
-config: {}
+config:
+ coreUserName: cpsuser
+ dmiPluginUserName: dmiuser
# Enable all CPS components by default
cps-core:
enabled: true
+ config:
+ appUserExternalSecret: *core-creds-secret
+ dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
+
+cps-temporal:
+ enabled: true
+
+ncmp-dmi-plugin:
+ enabled: true
+ config:
+ appUserExternalSecret: *dmi-plugin-creds-secret
+ cpsCore:
+ credsExternalSecret: *core-creds-secret
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 2d68b38771..dd0bf4bd48 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -207,14 +207,27 @@ The sidecar is included if .Values.policies is set. The
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
on .Values.policies.duration and configuration retrieved is shared with
DCAE Microservice container by common volume. Policy can be retrieved based on
-list of policyID or filter
+list of policyID or filter. An optional policyRelease parameter can be specified
+to override the default policy helm release (used for retreiving the secret containing
+pdp username and password)
+
+Following is example policy config override
+
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ duration: 300
+ policyRelease: "onap"
+ policyID: |
+ '["onap.vfirewall.tca","onap.vdns.tca"]'
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
{{- $logDir := default "" .Values.logDirectory -}}
{{- $certDir := default "" .Values.certDirectory . -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
-{{- $policy := default "" .Values.policies -}}
+{{- $commonRelease := print (include "common.release" .) -}}
+{{- $policy := default dict .Values.policies -}}
+{{- $policyRls := default $commonRelease $policy.policyRelease -}}
{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
apiVersion: apps/v1
@@ -384,12 +397,12 @@ spec:
- name: POLICY_SYNC_PDP_USER
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: login
- name: POLICY_SYNC_PDP_PASS
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: password
- name: POLICY_SYNC_PDP_URL
value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
@@ -419,6 +432,7 @@ spec:
{{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl
index 6d52b2a087..f3c09161cc 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl
@@ -55,7 +55,8 @@ spec:
- name: dcae-config-delete
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /opt/app/delete_key.sh
args:
- - --delete-key
- {{ include "common.name" . }}
{{ end -}}
diff --git a/kubernetes/dcaegen2-services/components/Makefile b/kubernetes/dcaegen2-services/components/Makefile
index 98dfb97f8f..284f99de6b 100644
--- a/kubernetes/dcaegen2-services/components/Makefile
+++ b/kubernetes/dcaegen2-services/components/Makefile
@@ -26,7 +26,7 @@ HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-all: $(HELM_CHARTS)
+all: $(HELM_CHARTS) helm-repo-update
$(HELM_CHARTS):
@echo "\n[$@]"
@@ -50,5 +50,11 @@ clean:
@rm -f */requirements.lock
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
+
+helm-repo-update:
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @$(HELM_BIN) repo update
+endif
+
%:
@:
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/job.yaml
new file mode 100644
index 0000000000..c7722ea098
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/job.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
index 77dcaba761..572e812cf3 100644
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
@@ -49,13 +49,13 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.0
+image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -199,3 +199,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bbs-eventprocessor-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
index 9f1600ead3..540013e1db 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
@@ -30,4 +30,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index a768489771..2342470877 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -33,14 +33,14 @@ filebeatConfig:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.0
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -106,6 +106,12 @@ service:
plain_port: 8100
port_protocol: http
+# Environment variables
+applicationEnv:
+# Empty path forces DFC to use Consul configuration, which allows app runtime reconfiguration.
+# It's a workaround because DMAAP specific env variables are not available in main container.
+ CBS_CLIENT_CONFIG_PATH: ''
+
# Initial Application Configuration
applicationConfig:
dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12
@@ -142,7 +148,7 @@ applicationConfig:
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
@@ -178,3 +184,9 @@ resources:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datafile-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/Chart.yaml
new file mode 100644
index 0000000000..70f68cf0bb
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/Chart.yaml
@@ -0,0 +1,23 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE datalake-admin-ui helm chart
+name: dcae-datalake-admin-ui
+version: 8.0.0
+
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
new file mode 100644
index 0000000000..6412c80d48
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
@@ -0,0 +1,33 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/configmap.yaml
new file mode 100644
index 0000000000..26be310888
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/configmap.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/deployment.yaml
new file mode 100644
index 0000000000..02b5df8135
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/deployment.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/secret.yaml
new file mode 100644
index 0000000000..c4596e5b21
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/secret.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/service.yaml
new file mode 100644
index 0000000000..ba0283dda5
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/service.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
new file mode 100644
index 0000000000..0553b52265
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
@@ -0,0 +1,124 @@
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+
+################################aafcreds#################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.1
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/datalake-admin-ui
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/datalake-admin-ui/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
+ - dcae-datalake-feeder
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 1
+ path: /
+ scheme: HTTP
+ port: 8088
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dl-admin-ui
+ ports:
+ - name: http
+ port: 8088
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+# Initial Application Configuration
+applicationConfig:
+ FEEDER_ADDR: dl-feeder
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-admin-ui
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/Chart.yaml
new file mode 100644
index 0000000000..392db08ee3
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/Chart.yaml
@@ -0,0 +1,22 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE Datalake DES MS charts
+name: dcae-datalake-des
+version: 8.0.0
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
new file mode 100644
index 0000000000..e0ac99dc5c
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
@@ -0,0 +1,33 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/configmap.yaml
new file mode 100644
index 0000000000..26be310888
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/configmap.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/deployment.yaml
new file mode 100644
index 0000000000..02b5df8135
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/deployment.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/secret.yaml
new file mode 100644
index 0000000000..9d55a03d71
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/secret.yaml
@@ -0,0 +1,19 @@
+{{/*
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/service.yaml
new file mode 100644
index 0000000000..ba0283dda5
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/service.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
new file mode 100644
index 0000000000..9373e8256a
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
@@ -0,0 +1,154 @@
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#B
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ externalSecret: '{{ include "common.release" . }}-datalake-pg-user-creds'
+ type: basicAuth
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ passwordPolicy: required
+
+################################aafcreds#################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.datalake.exposure.service:1.1.1
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/datalake
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/datalake/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
+ - dcae-datalake-feeder
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 90
+ periodSeconds: 90
+ timeoutSeconds: 10
+ path: /datalake/v1/exposure
+ scheme: HTTP
+ port: 1681
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dl-des
+ ports:
+ - name: http
+ port: 1681
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+#postgres configuration
+postgres:
+ config:
+ pgUserName: datalake
+
+# Initial Application Configuration
+applicationConfig:
+ PRESTO_HOST: dl-presto
+ PRESTO_PORT: 9000
+ PRESTO_USER: user
+ PRESTO_PASSWORD: test
+ HOSTNAME: dl-des
+
+applicationEnv:
+ PG_HOST: dcae-datalake-pg-primary
+ PG_PORT: '5432'
+ PG_USER:
+ secretUid: *pgUserCredsSecretUid
+ key: login
+ PG_PASSWORD:
+ secretUid: *pgUserCredsSecretUid
+ key: password
+ PG_DB: datalake
+ PRESTO_HOST: dl-presto
+ PRESTO_PORT: '9000'
+ PRESTO_USER: user
+ PRESTO_PASSWORD: test
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-des
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/Chart.yaml
new file mode 100644
index 0000000000..1db95b84f9
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/Chart.yaml
@@ -0,0 +1,22 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE Datalake feeder MS charts
+name: dcae-datalake-feeder
+version: 8.0.0
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
new file mode 100644
index 0000000000..fded2cee84
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
@@ -0,0 +1,36 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/configmap.yaml
new file mode 100644
index 0000000000..26be310888
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/configmap.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/deployment.yaml
new file mode 100644
index 0000000000..02b5df8135
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/deployment.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/secret.yaml
new file mode 100644
index 0000000000..c4596e5b21
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/secret.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/service.yaml
new file mode 100644
index 0000000000..ba0283dda5
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/service.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
new file mode 100644
index 0000000000..2452dc8a18
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
@@ -0,0 +1,181 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-datalake-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "datalake-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.datalakefeeder:1.1.1
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/datalake
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/datalake/etc/certs
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+ - &postgresName dcae-datalake-postgres
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 90
+ periodSeconds: 90
+ timeoutSeconds: 10
+ path: /datalake/v1/topics
+ scheme: HTTP
+ port: 1680
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dl-feeder
+ ports:
+ - name: http
+ port: 1680
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+credentials:
+- name: PG_USER
+ uid: *pgUserCredsSecretUid
+ key: login
+- name: PG_PASSWORD
+ uid: *pgUserCredsSecretUid
+ key: password
+
+# Initial Application Configuration
+applicationConfig:
+ PG_HOST: dcae-datalake-pg-primary
+ PG_PORT: 5432
+ PG_USER: ${PG_USER}
+ PG_PASSWORD: ${PG_PASSWORD}
+ PG_DB: datalake
+ HOSTNAME: dcae-datalake-feeder
+ CONSUL_HOST: consul
+ CONFIG_BINDING_SERVICE: 30408
+
+applicationEnv:
+ PG_HOST: dcae-datalake-pg-primary
+ PG_PORT: '5432'
+ PG_USER:
+ secretUid: *pgUserCredsSecretUid
+ key: login
+ PG_PASSWORD:
+ secretUid: *pgUserCredsSecretUid
+ key: password
+ PG_DB: datalake
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#################################################################
+# Application configuration Overriding Defaults in the Postgres.
+#################################################################
+postgres:
+ nameOverride: *postgresName
+ service:
+ name: *postgresName
+ name2: dcae-datalake-pg-primary
+ name3: dcae-datalake-pg-replica
+ container:
+ name:
+ primary: dcae-datalake-pg-primary
+ replica: dcae-datalake-pg-replica
+ persistence:
+ mountSubPath: datalake/data
+ mountInitPath: datalake
+ config:
+ pgUserName: datalake
+ pgDatabase: datalake
+ pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-feeder
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
index 680c0d6711..ebfdcdb08c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
@@ -30,4 +30,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
index 9c9d3092cf..bbf815d658 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
@@ -50,13 +50,13 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.heartbeat:2.2.0
+image: onap/org.onap.dcaegen2.services.heartbeat:2.3.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -190,3 +190,9 @@ postgres:
pgUserName: heartbeat
pgDatabase: heartbeat
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-heartbeat
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
index d45745404d..9a2dc1aa29 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 2108d009e6..650ec03920 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -34,14 +34,14 @@ filebeatConfig:
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.0
+image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
@@ -178,6 +178,7 @@ applicationConfig:
applicationEnv:
JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml'
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
# Resource Limit flavor -By Default using small
flavor: small
@@ -198,3 +199,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-hv-ves-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
index 6b37d363b6..4239867c35 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
@@ -28,5 +28,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 026efd8851..5d8c6d59eb 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -43,13 +43,13 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.0
+image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -66,6 +66,11 @@ certDirectory: /opt/app/kpims/etc/cert/
tlsServer: true
enable_tls: true
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ policyID: |
+ '["com.Config_KPIMS_CONFIG_POLICY"]'
+
# Dependencies
readinessCheck:
wait_for:
@@ -154,3 +159,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-kpi-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
index aa6af35c5e..8ec60a7bd1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
@@ -65,3 +65,8 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ms-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
index 5e1b36e493..c39c2092ed 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common' \ No newline at end of file
+ repository: 'file://../../common/dcaegen2-services-common'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index 469c36648e..caae1c319e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -48,13 +48,13 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.0
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -160,7 +160,7 @@ applicationConfig:
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
@@ -216,3 +216,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pm-mapper
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
index 4dfc837bf8..44c366438c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
@@ -31,3 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
index 0e79e5e554..b9005f01b8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
@@ -50,13 +50,13 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:1.3.1
+image: onap/org.onap.dcaegen2.services.pmsh:1.3.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -192,4 +192,10 @@ postgres:
config:
pgUserName: pmsh
pgDatabase: pmsh
- pgUserExternalSecret: *pgUserCredsSecretName \ No newline at end of file
+ pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pmsh
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
index 80e79fe28e..37ffafe9ce 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index e94842821d..a7f62912b1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -33,13 +33,13 @@ filebeatConfig:
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
@@ -101,8 +101,6 @@ customEnvVars:
value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`"
# initial application configuration
-# Configuration used for in-app substitution must be defined as $${undefined}{<parameter>} under applicationConfig
-# inorder to get ${<parameter>} post envsubst (done part of dcae helm service-common templates)
applicationConfig:
dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json"
dmaap.dmaapConsumerConfiguration.consumerId: "c12"
@@ -120,7 +118,7 @@ applicationConfig:
aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true
aai.aaiClientConfiguration.aaiBasePath: "/aai/v23"
aai.aaiClientConfiguration.aaiPnfPath: "/network/pnfs/pnf"
- aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/$${undefined}{customer}/service-subscriptions/service-subscription/$${undefined}{serviceType}/service-instances/service-instance/$${undefined}{serviceInstanceId}"
+ aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/{{customer}}/service-subscriptions/service-subscription/{{serviceType}}/service-instances/service-instance/{{serviceInstanceId}}"
aai.aaiClientConfiguration.aaiHeaders:
X-FromAppId: "prh"
X-TransactionId: "9999"
@@ -148,6 +146,9 @@ applicationConfig:
dmaap_info:
topic_url: http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_PNFREG_OUTPUT
+applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
@@ -167,3 +168,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-prh
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index 17c3694c1d..ad29e33a90 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
@@ -44,7 +44,7 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
@@ -159,3 +159,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-restconf-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
index 9cab8e92e6..c6ccf13b56 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
@@ -31,4 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 6790541bd9..3300306668 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -50,13 +50,13 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.4
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.6
# Log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
@@ -210,3 +210,9 @@ postgres:
pgUserName: sliceanalysisms
pgDatabase: sliceanalysisms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-slice-analysis-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml
new file mode 100644
index 0000000000..23020db593
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml
@@ -0,0 +1,22 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE SNMPTrap Collector
+name: dcae-snmptrap-collector
+version: 8.0.0 \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
new file mode 100644
index 0000000000..e267e8931a
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
@@ -0,0 +1,33 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml
new file mode 100644
index 0000000000..a914446c99
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml
new file mode 100644
index 0000000000..0ad66b62a9
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml
new file mode 100644
index 0000000000..6b70356ca9
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml
new file mode 100644
index 0000000000..cf11d2a0c5
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
new file mode 100644
index 0000000000..266da24f7a
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
@@ -0,0 +1,153 @@
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.5
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /opt/app/snmptrap/logs
+
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+
+# Probe Configuration
+readiness:
+ type: exec
+ command:
+ - /opt/app/snmptrap/bin/snmptrapd.sh
+ - status
+
+# service configuration
+service:
+ type: NodePort
+ name: dcae-snmptrap-collector
+ ports:
+ - name: udp
+ port: 6162
+ l4_protocol: UDP # default to TCP if not set
+ port_protocol: udp #used in svn name
+ nodePort: 70
+ useNodePortExt: true
+
+# Initial Application Configuration
+applicationConfig:
+ StormWatchPolicy: ''
+ cache:
+ dns_cache_ttl_seconds: 60
+ services_calls: {}
+ snmptrapd:
+ version: '2.0.4'
+ title: ONAP SNMP Trap Receiver
+ sw_interval_in_seconds: 60
+ streams_publishes:
+ sec_fault_unsecure:
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP
+ type: message_router
+ aaf_password: null
+ aaf_username: null
+ files:
+ runtime_base_dir: "/opt/app/snmptrap"
+ log_dir: logs
+ data_dir: data
+ pid_dir: tmp
+ arriving_traps_log: snmptrapd_arriving_traps.log
+ snmptrapd_diag: snmptrapd_prog_diag.log
+ traps_stats_log: snmptrapd_stats.csv
+ perm_status_file: snmptrapd_status.log
+ eelf_base_dir: "/opt/app/snmptrap/logs"
+ eelf_error: error.log
+ eelf_debug: debug.log
+ eelf_audit: audit.log
+ eelf_metrics: metrics.log
+ roll_frequency: hour
+ minimum_severity_to_log: 3
+ protocols:
+ transport: udp
+ ipv4_interface: 0.0.0.0
+ ipv4_port: 6162
+ ipv6_interface: "::1"
+ ipv6_port: 6162
+ publisher:
+ http_milliseconds_timeout: 1500
+ http_retries: 3
+ http_milliseconds_between_retries: 750
+ http_primary_publisher: 'true'
+ http_peer_publisher: unavailable
+ max_traps_between_publishes: 10
+ max_milliseconds_between_publishes: 10000
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-snmptrap-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
index 3f52d6fce8..907f8f3d26 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
@@ -31,3 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 78c6144979..420814f6c2 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -50,13 +50,13 @@ secrets:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.son-handler:2.1.3
+image: onap/org.onap.dcaegen2.services.son-handler:2.1.4
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -242,3 +242,9 @@ postgres:
pgUserName: sonhms
pgDatabase: sonhms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-son-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
index 02a2a674c3..b1d9fb2332 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
@@ -26,3 +26,9 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
index a26c66366b..e7707dcdb0 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
@@ -34,14 +34,14 @@ filebeatConfig:
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
+image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
@@ -91,10 +91,10 @@ service:
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
#policies:
# duration: 300
+# policyRelease: "onap"
# policyID: |
-# '["onap.vfirewall.tca","abc"]'
-# filter: |
-# '["DCAE.Config_vfirewall_.*"]'
+# '["onap.vfirewall.tca","onap.vdns.tca"]'
+
aaiCreds:
user: DCAE
@@ -136,7 +136,7 @@ applicationConfig:
tca.aai.generic_vnf_path: aai/v11/network/generic-vnfs/generic-vnf
tca.aai.node_query_path: aai/v11/search/nodes-query
tca.aai.password: ${AAI_PASSWORD}
- tca.aai.url: http://aai
+ tca.aai.url: https://aai:8443
tca.aai.username: ${AAI_USERNAME}
tca.policy: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"vFirewallBroadcastPackets","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"LESS_OR_EQUAL","severity":"MAJOR","closedLoopEventStatus":"ONSET"},{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":700,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"Measurement_vGMUX","controlLoopSchemaType":"VNF","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"EQUAL","severity":"MAJOR","closedLoopEventStatus":"ABATED"},{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"GREATER","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]}]}'
tca.processing_batch_size: 10000
@@ -162,3 +162,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-tcagen2
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
index d45745404d..9a2dc1aa29 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 4050129f6a..f863ff8641 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -34,14 +34,14 @@ filebeatConfig:
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.0
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
@@ -104,6 +104,10 @@ service:
nodePort: 17
useNodePortExt: true
+# application environments
+applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+
# initial application configuration
applicationConfig:
collector.dmaap.streamid: fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurement=ves-measurement|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration|3GPP-FaultSupervision=ves-3gpp-fault-supervision|3GPP-Heartbeat=ves-3gpp-heartbeat|3GPP-Provisioning=ves-3gpp-provisioning|3GPP-PerformanceAssurance=ves-3gpp-performance-assurance
@@ -196,3 +200,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/job.yaml
new file mode 100644
index 0000000000..177cc03347
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/job.yaml
@@ -0,0 +1,19 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
index 67d97adf19..a7186a4d98 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
@@ -33,13 +33,13 @@ filebeatConfig:
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.2.0
+image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -169,7 +169,6 @@ applicationConfig:
topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP
type: message_router
-
# Resource Limit Flavor -By Default Using Small
flavor: small
@@ -190,3 +189,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-mapper
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/requirements.yaml b/kubernetes/dcaegen2-services/requirements.yaml
index d8d0639c5d..51368b686c 100644
--- a/kubernetes/dcaegen2-services/requirements.yaml
+++ b/kubernetes/dcaegen2-services/requirements.yaml
@@ -26,6 +26,18 @@ dependencies:
version: ~8.x-0
repository: '@local'
condition: dcae-datafile-collector.enabled
+ - name: dcae-datalake-admin-ui
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-datalake-admin-ui.enabled
+ - name: dcae-datalake-des
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-datalake-des.enabled
+ - name: dcae-datalake-feeder
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-datalake-feeder.enabled
- name: dcae-heartbeat
version: ~8.x-0
repository: '@local'
@@ -62,6 +74,10 @@ dependencies:
version: ~8.x-0
repository: '@local'
condition: dcae-slice-analysis-ms.enabled
+ - name: dcae-snmptrap-collector
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-snmptrap-collector.enabled
- name: dcae-son-handler
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/5gcNrm.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/5gcNrm.yaml
index eb40832285..16a01b44c8 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/5gcNrm.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/5gcNrm.yaml
@@ -486,7 +486,7 @@ components:
$ref: '#/components/schemas/SmfFunction-Multiple'
UpfFunction:
$ref: '#/components/schemas/UpfFunction-Multiple'
- N3iwfFunction:
+ N3iwfFunction:
$ref: '#/components/schemas/N3iwfFunction-Multiple'
PcfFunction:
$ref: '#/components/schemas/PcfFunction-Multiple'
@@ -520,7 +520,7 @@ components:
$ref: '#/components/schemas/Configurable5QISet-Multiple'
Dynamic5QISet:
$ref: '#/components/schemas/Dynamic5QISet-Multiple'
-
+
AmfFunction-Single:
allOf:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
@@ -1562,8 +1562,8 @@ components:
configurable5QIs:
type: array
items:
- $ref: '#/components/schemas/FiveQICharacteristics'
-
+ $ref: '#/components/schemas/FiveQICharacteristics'
+
Dynamic5QISet-Single:
allOf:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
@@ -1576,8 +1576,8 @@ components:
dynamic5QIs:
type: array
items:
- $ref: '#/components/schemas/FiveQICharacteristics'
-
+ $ref: '#/components/schemas/FiveQICharacteristics'
+
GtpUPathQoSMonitoringControl-Single:
allOf:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
@@ -1664,7 +1664,7 @@ components:
predefinedPccRules:
type: array
items:
- $ref: '#/components/schemas/PccRule'
+ $ref: '#/components/schemas/PccRule'
#-------- Definition of JSON arrays for name-contained IOCs ----------------------
@@ -1774,7 +1774,7 @@ components:
type: array
items:
$ref: '#/components/schemas/AmfRegion-Single'
-
+
EP_N2-Multiple:
type: array
items:
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/FileDataReportingMnS.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/FileDataReportingMnS.yaml
index 2d1a4fb16d..01ff52f92e 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/FileDataReportingMnS.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/FileDataReportingMnS.yaml
@@ -14,7 +14,7 @@ servers:
variables:
MnSRoot:
description: See subclause 4.4 of TS 32.158
- default: http://example.com/3GPPManagement
+ default: http://example.com/3GPPManagement
version:
description: Indicates the current version of the specification
default: 16.5.0
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/comDefs.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/comDefs.yaml
index fb6d7f4db9..0528135d2b 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/comDefs.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/comDefs.yaml
@@ -12,7 +12,7 @@ externalDocs:
paths: {}
components:
schemas:
-
+
Float:
type: number
format: float
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/faultMnS.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/faultMnS.yaml
index 7ccf280316..752ead6b1e 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/faultMnS.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/faultMnS.yaml
@@ -464,7 +464,7 @@ components:
schemas:
#---- Definition of AlarmRecord ----------------------------------------------------#
-
+
AlarmId:
type: string
AlarmType:
@@ -649,7 +649,7 @@ components:
type: string
#---- Definition of alarm notifications --------------------------------------------#
-
+
AlarmNotificationTypes:
type: string
enum:
@@ -721,7 +721,7 @@ components:
- perceivedSeverity
- serviceUser
- serviceProvider
- - securityAlarmDetector
+ - securityAlarmDetector
properties:
alarmId:
$ref: '#/components/schemas/AlarmId'
@@ -947,7 +947,7 @@ components:
$ref: '#/components/schemas/AlarmListAlignmentRequirement'
#---- Definition of query parameters -----------------------------------------------#
-
+
AlarmAckState:
type: string
enum:
@@ -957,7 +957,7 @@ components:
- ALL_ACTIVE_AND_UNACKNOWLEDGED_ALARMS
- ALL_CLEARED_AND_UNACKNOWLEDGED_ALARMS
- ALL_UNACKNOWLEDGED_ALARMS
-
+
#---- Definition of patch documents ------------------------------------------------#
MergePatchAcknowledgeAlarm:
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/genericNrm.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/genericNrm.yaml
index aedf3c4fb8..7e7576c90f 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/genericNrm.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/genericNrm.yaml
@@ -180,7 +180,7 @@ components:
enum:
- FILE_BASED_LOC_SET_BY_PRODUCER
- FILE_BASED_LOC_SET_BY_CONSUMER
- - STREAM_BASED
+ - STREAM_BASED
monitorGranularityPeriods:
type: array
items:
@@ -216,7 +216,7 @@ components:
type: integer
#-------- Definition of types used in Trace control NRM fragment------------------
-
+
tjJobType-Type:
type: string
description: Specifies whether the TraceJob represents only MDT, Logged MBSFN MDT, Trace or a combined Trace and MDT job. Applicable for Trace, MDT, RCEF and RLF reporting. See 3GPP TS 32.422 clause 5.9a for additional details.
@@ -657,7 +657,7 @@ components:
required:
- TargetIdType
- TargetIdValue
-
+
tjTriggeringEvent-Type:
type: object
description: Specifies when to start a Trace Recording Session and which message shall be recorded first, when to stop a Trace Recording Session and which message shall be recorded last respectively. See 3GPP TS 32.422 clause 5.1 for additional detials.
@@ -682,14 +682,14 @@ components:
required:
- NetworkElement
- EventBitmap
-
+
tjMDTAnonymizationOfData-Type:
description: Specifies level of MDT anonymization. For additional details see 3GPP TS 32.422 clause 5.10.12.
type: string
enum:
- NO_IDENTITY
- TAC_OF_IMEI
-
+
tjMDTAreaConfigurationForNeighCell-Type:
description: Used for logged NR MDT and defines the area for which UE is requested to perform measurement logging for neighbour cells which have list of frequencies. For additional details see 3GPP TS 32.422 clause 5.10.26.
type: array
@@ -700,12 +700,12 @@ components:
type: string
cell:
type: string
-
+
tjMDTAreaScope-Type:
description: defines the area in terms or Cells or Tracking Area/Routing Area/Location Area where the MDT data collection shall take place. For additional details see 3GPP TS 32.422 clause 5.10.2.
allOf:
- $ref: 'comDefs.yaml#/components/schemas/DnList'
-
+
tjMDTCollectionPeriodRrmLte-Type:
description: See details in 3GPP TS 32.422 clause 5.10.20.
type: string
@@ -737,7 +737,7 @@ components:
- 5120ms
- 10240ms
- 1min
-
+
tjMDTCollectionPeriodRrmNR-Type:
description: See details in 3GPP TS 32.422 clause 5.10.30.
type: string
@@ -764,7 +764,7 @@ components:
type: integer
minimum: 0
maximum: 97
- EventThresholdRSRQ:
+ EventThresholdRSRQ:
type: integer
minimum: 0
maximum: 34
@@ -846,7 +846,7 @@ components:
- 3600s
- 5400s
- 7200s
-
+
tjMDTLoggingInterval-Type:
description: See details in 3GPP TS 32.422 clause 5.10.8.
type: string
@@ -1183,7 +1183,7 @@ components:
tjJobType:
$ref: '#/components/schemas/tjJobType-Type'
tjListOfInterfaces:
- $ref: '#/components/schemas/tjListOfInterfaces-Type'
+ $ref: '#/components/schemas/tjListOfInterfaces-Type'
tjListOfNeTypes:
$ref: '#/components/schemas/tjListOfNeTypes-Type'
tjPLMNTarget:
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/nrNrm.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/nrNrm.yaml
index 3de2c63a6c..3ff7a21ec1 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/nrNrm.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/nrNrm.yaml
@@ -82,12 +82,12 @@ components:
GGnbIdList:
type: array
- items:
+ items:
$ref: '#/components/schemas/GGnbId'
GEnbIdList:
type: array
- items:
+ items:
$ref: '#/components/schemas/GEnbId'
NrPci:
@@ -408,7 +408,7 @@ components:
RSSetId:
type: integer
maximum: 4194303
-
+
RSSetType:
type: string
enum:
@@ -450,7 +450,7 @@ components:
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
RIMRSScrambleTimerMultiplier:
type: integer
RIMRSScrambleTimerOffset:
@@ -511,12 +511,12 @@ components:
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
enablenearfarIndicationRS2:
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
RimRSReportInfo:
type: object
@@ -531,7 +531,7 @@ components:
- RS1
- RS2
- RS1forEnoughMitigation
- - RS1forNotEnoughMitigation
+ - RS1forNotEnoughMitigation
RimRSReportConf:
type: object
@@ -540,7 +540,7 @@ components:
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
reportInterval:
type: integer
nrofRIMRSReportInfo:
@@ -1289,7 +1289,7 @@ components:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
- type: object
properties:
- attributes:
+ attributes:
type: object
properties:
dmroControl:
@@ -1758,7 +1758,7 @@ components:
type: array
items:
$ref: '#/components/schemas/ExternalNrCellCu-Single'
-
+
ExternalENBFunction-Multiple:
type: array
items:
@@ -1831,7 +1831,7 @@ components:
- $ref: '#/components/schemas/CommonBeamformingFunction-Single'
- $ref: '#/components/schemas/Beam-Single'
- $ref: '#/components/schemas/RRMPolicyRatio-Single'
-
+
- $ref: '#/components/schemas/NRCellRelation-Single'
- $ref: '#/components/schemas/EUtranCellRelation-Single'
- $ref: '#/components/schemas/NRFreqRelation-Single'
@@ -1844,10 +1844,10 @@ components:
- $ref: '#/components/schemas/DPCIConfigurationFunction-Single'
- $ref: '#/components/schemas/CPCIConfigurationFunction-Single'
- $ref: '#/components/schemas/CESManagementFunction-Single'
-
+
- $ref: '#/components/schemas/RimRSGlobal-Single'
- $ref: '#/components/schemas/RimRSSet-Single'
-
+
- $ref: '#/components/schemas/ExternalGnbDuFunction-Single'
- $ref: '#/components/schemas/ExternalGnbCuUpFunction-Single'
- $ref: '#/components/schemas/ExternalGnbCuCpFunction-Single'
@@ -1865,4 +1865,4 @@ components:
- $ref: '#/components/schemas/EP_NgU-Single'
- $ref: '#/components/schemas/EP_X2U-Single'
- $ref: '#/components/schemas/EP_S1U-Single'
-
+
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/perfMnS.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/perfMnS.yaml
index 1fd64a7d22..dec612785a 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/perfMnS.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/perfMnS.yaml
@@ -16,7 +16,7 @@ servers:
description: >-
The open API server of the performance threshold monitoring service is
located in the consumer side, see monitoringNotifTarget attribute of
- the IOC ThresholdMonitor defined in 3GPP TS 28.622 [11].
+ the IOC ThresholdMonitor defined in 3GPP TS 28.622 [11].
default: http://example.com/3GPPManagement
paths:
/notificationSink:
diff --git a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/sliceNrm.yaml b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/sliceNrm.yaml
index 1fa8d70ff3..9bf5319fc4 100644
--- a/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/sliceNrm.yaml
+++ b/kubernetes/dcaegen2-services/resources/external/schemas/sa91-rel16/sliceNrm.yaml
@@ -215,7 +215,7 @@ components:
ServiceProfile:
type: object
properties:
- serviceProfileId:
+ serviceProfileId:
type: string
plmnInfoList:
$ref: 'nrNrm.yaml#/components/schemas/PlmnInfoList'
@@ -296,7 +296,7 @@ components:
type: array
items:
$ref: '#/components/schemas/ServiceProfile'
-
+
SliceProfileList:
type: array
items:
@@ -379,14 +379,14 @@ components:
ipAddress:
$ref: '#/components/schemas/IpAddress'
logicInterfaceId:
- type: string
+ type: string
nextHopInfo:
- type: string
+ type: string
qosProfile:
- type: string
+ type: string
epApplicationRefs:
$ref: 'comDefs.yaml#/components/schemas/DnList'
-
+
#-------- Definition of JSON arrays for name-contained IOCs ----------------------
SubNetwork-Multiple:
type: array
diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml
index f620e126b2..eb0b9cc34d 100644
--- a/kubernetes/dcaegen2-services/values.yaml
+++ b/kubernetes/dcaegen2-services/values.yaml
@@ -20,6 +20,12 @@ dcae-bbs-eventprocessor-ms:
enabled: false
dcae-datafile-collector:
enabled: false
+dcae-datalake-admin-ui:
+ enabled: false
+dcae-datalake-des:
+ enabled: false
+dcae-datalake-feeder:
+ enabled: false
dcae-heartbeat:
enabled: false
dcae-hv-ves-collector:
@@ -38,6 +44,8 @@ dcae-restconf-collector:
enabled: false
dcae-slice-analysis-ms:
enabled: false
+dcae-snmptrap-collector:
+ enabled: false
dcae-son-handler:
enabled: false
dcae-tcagen2:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
index 353f4eaccb..b6eeb5bb45 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
@@ -32,3 +32,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index d95883ab09..4addb2b863 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -136,6 +136,7 @@ spec:
value: {{ .Values.dcae_ns | default "" }}
- name: ONAP_NAMESPACE
value: {{ include "common.namespace" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-dcae-inputs-input
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 433785685b..b012ee4942 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -24,7 +24,7 @@ global:
nodePortPrefix: 302
nodePortPrefixExt: 304
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
secrets:
- uid: pg-root-pass
@@ -104,16 +104,16 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.1
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.5
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.0
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1
# Resource Limit flavor -By Default using small
flavor: small
@@ -137,3 +137,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "onap"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bootstrap
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/README.md b/kubernetes/dcaegen2/components/dcae-cloudify-manager/README.md
index c995a62c09..fa2d597caa 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/README.md
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/README.md
@@ -18,15 +18,15 @@
# DCAE Cloudify Manager Chart
-This chart is used to deploy a containerized version of
+This chart is used to deploy a containerized version of
[Cloudify Manager](http://docs.getcloudify.org/4.3.0/intro/cloudify-manager/),
-the orchestration tool used by DCAE. DCAE uses Cloudify Manager ("CM") to
+the orchestration tool used by DCAE. DCAE uses Cloudify Manager ("CM") to
deploy the rest of the DCAE platform as well to deploy DCAE monitoring and
analytics services dynamically, in response to network events such as VNF startups.
-Deployment of CM is the first of two steps in deploying DCAE into ONAP. After this chart
-brings up CM, a second chart (the "bootstrap" chart) installs some plugin extensions onto CM
-and uses CM to deploy some DCAE components.
+Deployment of CM is the first of two steps in deploying DCAE into ONAP. After this chart
+brings up CM, a second chart (the "bootstrap" chart) installs some plugin extensions onto CM
+and uses CM to deploy some DCAE components.
## Prerequisites
The chart requires one Kubernetes secret to be available in the namespace where it is
@@ -37,10 +37,10 @@ being deployed:
## DCAE Namespace
DCAE will use CM deploy a number of containers into the ONAP Kubernetes cluster. In a production
environment, DCAE's dynamic deployment of monitoring and analytics services could result in dozens
-of containers being launched. This chart allows the configuration, through the `dcae_ns` property
+of containers being launched. This chart allows the configuration, through the `dcae_ns` property
in the `values.yaml` of a separate namespace used by CM when it needs to deploy containers into
Kubernetes. If `dcae_ns` is set, this chart will:
- - create the namespace.
+ - create the namespace.
- create the Docker registry key secret in the namespace.
- create some Kubernetes `Services` (of the `ExternalName` type) to map some addresses from the common namespace into the DCAE namespace.
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
index 413f997905..877839e40a 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: cmpv2Config
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index 204a3e27d7..f5fc9cac30 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -169,6 +169,7 @@ spec:
readOnly: true
securityContext:
privileged: True
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index 10fb4430ea..17ba5ec71e 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -24,7 +24,7 @@ global:
nodePortPrefix: 302
persistence: {}
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
repositoryCred:
user: docker
password: docker
@@ -53,7 +53,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.1
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
@@ -127,3 +127,10 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: dcae-cm/data
volumeReclaimPolicy: Retain
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-cloudify-manager
+ roles:
+ - create
+
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
index be5f059ed9..f2c5b021ba 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
index 65d0b36927..c7e1d70030 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
@@ -167,6 +167,7 @@ spec:
- name: {{ include "common.fullname" . }}-logs-i
mountPath: /var/log/onap/config-binding-service
{{ end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-fb-conf
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index 63f96044fa..719e73f43c 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -36,7 +36,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.4
pullPolicy: Always
# probe configuration parameters
@@ -91,3 +91,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-config-binding-service
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
index 2fe847961d..8759678489 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index e93f8d8fb9..dbb6c67580 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -161,6 +161,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 6640f78e9a..a083b519d6 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -119,3 +119,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-dashboard
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
index f19e4127c8..78bcd76a6d 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json
index a93c8c5bbe..a1a8b4a1f4 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json
@@ -1,32 +1,32 @@
{
- "appenders": {
- "out": {"type": "stdout"},
- "audit": {
- "type": "file",
- "filename": "log/audit.log",
- "maxLogSize": 10240000,
- "backups": 10,
- "layout": {
- "type": "messagePassThrough"
- }
- },
- "metrics": {
- "type": "file",
- "filename": "log/metrics.log",
- "maxLogSize": 10240000,
- "backups": 10,
- "layout": {
- "type": "messagePassThrough"
- }
- },
- "error": {"type": "stdout"},
- "debug": {"type": "stdout"}
- },
- "categories": {
- "default": {"appenders": ["out"], "level": "debug"},
- "audit": {"appenders": ["audit"], "level": "info"},
- "metrics": {"appenders": ["metrics"], "level": "info"},
- "error": {"appenders": ["error"], "level": "error"},
- "debug": {"appenders": ["debug"], "level": "debug"}
- }
+ "appenders": {
+ "out": {"type": "stdout"},
+ "audit": {
+ "type": "file",
+ "filename": "log/audit.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "metrics": {
+ "type": "file",
+ "filename": "log/metrics.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "error": {"type": "stdout"},
+ "debug": {"type": "stdout"}
+ },
+ "categories": {
+ "default": {"appenders": ["out"], "level": "debug"},
+ "audit": {"appenders": ["audit"], "level": "info"},
+ "metrics": {"appenders": ["metrics"], "level": "info"},
+ "error": {"appenders": ["error"], "level": "error"},
+ "debug": {"appenders": ["debug"], "level": "debug"}
+ }
} \ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
index 1b39dc6e2f..1ad42e02b2 100755
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
@@ -154,6 +154,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index 7b9431c46d..3435462c1d 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -21,7 +21,7 @@
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
secrets:
- uid: 'cm-pass'
@@ -91,3 +91,8 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+serviceAccount:
+ nameOverride: dcae-deployment-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
index 9514f41b86..641dfdf926 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
@@ -74,6 +74,7 @@ spec:
value: {{ include "common.release" . }}
- name: DEPLOY_LABEL
value: cfydeployment
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index 221e579943..1c6cff0657 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
@@ -67,3 +67,8 @@ resources:
# If empty, use the common namespace
# dcae_ns: "onap"
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
index 63ac56cca4..32d8b5b035 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index d25d63c361..7c3746a0a3 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
@@ -152,6 +152,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index 1bc13efc55..fe39269c27 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -110,3 +110,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-inventory-api
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
index f19e4127c8..78bcd76a6d 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
index 916c5f673f..b8c24355e6 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
@@ -145,6 +145,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index baeda67bdf..00ce47b451 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -22,7 +22,7 @@
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
secrets:
- uid: 'cm-pass'
type: password
@@ -92,3 +92,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-policy-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
index be5f059ed9..f2c5b021ba 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
index 7c55628f25..6c4e695228 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
@@ -106,6 +106,7 @@ spec:
value: "/opt/cert/cacert.pem"
- name: SCH_ARGS
value: "prod /opt/config.json"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-sch-config
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
index c363626666..8686db49ba 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
@@ -85,4 +85,10 @@ resources:
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae" \ No newline at end of file
+# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-servicechange-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
index 16f38f80a8..9a3009ddec 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
index f2826a77a0..1c6e3593ac 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: schema-map
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
index 2209feb729..873579ee97 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
@@ -64,4 +64,10 @@ resources:
requests:
cpu: 1
memory: 1Gi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-openapi-manager
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index 340c159a2f..17b077b987 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -21,7 +21,7 @@
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Secrets metaconfig
@@ -68,4 +68,4 @@ dcae-policy-handler:
dcae-servicechange-handler:
enabled: true
dcae-ves-openapi-manager:
- enabled: true \ No newline at end of file
+ enabled: true
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
index 0972e6b6b9..233f6e4651 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
index bd2766f6db..556ac90e02 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
@@ -84,5 +84,6 @@ spec:
value: {{ .Values.config.nifiJarsIndexURL }}
- name: NIFI_DCAE_DISTRIBUTOR_API_URL
value: {{ .Values.config.distributorAPIURL }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
index 74c7bdb223..86aad57b1b 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
@@ -90,3 +90,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-designtool
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
index 696b43a536..f36c2af002 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
@@ -72,5 +72,6 @@ spec:
- name : ONBOARDING_API_URL
value: {{ .Values.config.onboardingAPIURL }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
index 541f239d77..61ccfdef79 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
@@ -89,3 +89,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-distributor-api
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
index 40b0f3edc4..26f6586688 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
@@ -72,6 +72,7 @@ spec:
- mountPath: /www/data
name: genprocessor-data
readOnly: true
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: genprocessor-data
persistentVolumeClaim:
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
index 4b79525c83..81c5888f10 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
@@ -96,3 +96,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-genprocessor
+ roles:
+ - read
+
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
index 0eaa2296bb..f46dc5f287 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
@@ -58,6 +58,7 @@ spec:
value: {{ include "common.namespace" . }}
- name: HELM_RELEASE
value: {{ include "common.release" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
index 6a4fd542e7..bbc72a5b08 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
@@ -64,4 +64,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
index 90561ac231..53f1de59bc 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
@@ -69,6 +69,7 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
- name: NIFI_REGISTRY_DB_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: flow-storage
persistentVolumeClaim:
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
index 25b3b9e318..a0bbacc7ef 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
@@ -88,3 +88,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-nifi-registry
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
index 7416c8cf4f..9320cd04ca 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
index b795f6b736..5c7d1b6d0d 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
@@ -78,5 +78,6 @@ spec:
value: "5432"
- name: PG_DB_NAME
value: dcae_onboarding_db
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
index 9401bf5340..c36e9b7129 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -114,3 +114,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-onboarding-api
+ roles:
+ - read
+
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
index 42f596db1e..d5c37e9858 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
@@ -71,6 +71,7 @@ spec:
value: {{ .Values.config.bpResourcesCpuLimit }}
- name: BP_RESOURCES_MEMORY_LIMIT
value: {{ .Values.config.bpResourcesMemoryLimit }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 90bc0989d0..e54608b30e 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -35,7 +35,7 @@ config:
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0
importPostgres: plugin:pgaas?version=1.3.0
- importClamp: plugin:clamppolicyplugin?version=1.1.0
+ importClamp: plugin:clamppolicyplugin?version=1.1.1
importDMaaP: plugin:dmaap?version=>=1.5.1,<2.0.0
useDmaapPlugin: false
bpResourcesCpuLimit: 250m
@@ -93,3 +93,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-runtime-api
+ roles:
+ - read
+
diff --git a/kubernetes/dmaap/components/dmaap-bc/README.md b/kubernetes/dmaap/components/dmaap-bc/README.md
index a799fd44dd..a6115477ec 100644
--- a/kubernetes/dmaap/components/dmaap-bc/README.md
+++ b/kubernetes/dmaap/components/dmaap-bc/README.md
@@ -22,4 +22,4 @@ ONAP includes the following Kubernetes services available in ONAP Beijing Releas
# Service Dependencies
message-router depends on AAF
-dmaap-prov depends on AAF and Postgresql.
+dmaap-prov depends on AAF and Postgresql.
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
index 97ba957f4f..b7e9dceba7 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
@@ -28,3 +28,6 @@ dependencies:
- name: serviceAccount
version: ~8.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 1d0015ed7f..20030a79c8 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -103,4 +103,4 @@ AAFAction = publish
CadiEnabled = false
#
# AAF Props file path
-AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props
+AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index dfb435ce04..90db648028 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -23,7 +23,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -38,11 +38,10 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}-permission-fixer
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: {{ .Values.persistence.spool.path }}
name: {{ include "common.fullname" . }}-spool
- mountPath: {{ .Values.persistence.event.path }}
@@ -65,7 +64,7 @@ spec:
port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: {{ .Values.persistence.spool.path }}
name: {{ include "common.fullname" . }}-spool
- mountPath: {{ .Values.persistence.event.path }}
@@ -103,7 +102,7 @@ spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index ee231a0c06..ced70050a3 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -21,6 +21,25 @@ global:
aafEnabled: true
#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-dr-node-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: dmaap-dr-node
+ fqi: dmaap-dr-node@dmaap-dr.onap.org
+ public_fqdn: dmaap-dr.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -78,32 +97,9 @@ persistence:
app.kubernetes.io/component: event-logs
#################################################################
-# AAF part
-#################################################################
-aafConfig:
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: dmaap-dr-node
- fqi: dmaap-dr-node@dmaap-dr.onap.org
- public_fqdn: dmaap-dr.onap.org
- cadi_longitude: 0.0
- cadi_latitude: 0.0
- app_ns: org.osaaf.aaf
- permission_user: 1000
- permission_group: 1001
- secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds
- credsPath: /opt/app/osaaf/local
-
-#################################################################
# Secrets metaconfig
#################################################################
-secrets:
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
+secrets: {}
ingress:
enabled: false
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
index 65867f50af..3c25c94388 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
@@ -23,7 +23,10 @@ dependencies:
version: ~8.x-0
repository: '@local'
- name: mariadb-galera
- alias: mariadb
+ version: ~8.x-0
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
version: ~8.x-0
repository: '@local'
- name: certInitializer
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index a7472383e2..18ab41982a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -42,7 +42,7 @@ org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.db.name}}
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 61678961cc..a3051eee5d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -42,8 +42,8 @@ spec:
command:
- /app/ready.py
args:
- - --container-name
- - {{ .Values.config.dmaapDrDb.mariadbContName }}
+ - --job-name
+ - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
env:
- name: NAMESPACE
valueFrom:
@@ -81,9 +81,9 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 7564ccfc78..cf25468fe1 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -19,17 +19,23 @@ global:
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
persistence: {}
+ mariadbGalera: &mariadbGalera
+ #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: dmaap-dr-db-user-secret
- name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ - name: &dbUserSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-credentials'
+ uid: 'dmaap-dr-db-user-credentials'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.dmaapDrDb.userName }}'
- password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "dmaap-dr-db-user-credentials" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
#################################################################
# Application configuration defaults.
@@ -92,31 +98,29 @@ config:
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
- # dr-prov db configuration
- dmaapDrDb:
- mariadbServiceName: dmaap-dr-db
- mariadbServicePort: 3306
- mariadbContName: &dmaap-dr-db dmaap-dr-db
- userName: datarouter
-# userPassword: password
-# userCredentialsExternalSecret: some secret
-
# mariadb-galera configuration
-mariadb:
- name: *dmaap-dr-db
- nameOverride: *dmaap-dr-db
+mariadb-galera:
+ nameOverride: &dbServer dmaap-dr-db
replicaCount: 1
db:
- externalSecret: *dbSecretName
- name: datarouter
+ name: &mysqlDbName datarouter
+ user: datarouter
+ # password:
+ externalSecret: *dbUserSecretName
service:
- name: dmaap-dr-db
+ name: *dbServer
nfsprovisionerPrefix: dmaap-dr-db
persistence:
size: 1Gi
mountSubPath: data-router/dr-db-data
serviceAccount:
- nameOverride: *dmaap-dr-db
+ nameOverride: *dbServer
+
+mariadb-init:
+ config:
+ userCredentialsExternalSecret: *dbUserSecretName
+ mysqlDatabase: *mysqlDbName
+ nameOverride: dmaap-dr-mariadb-init
#################################################################
# AAF part
diff --git a/kubernetes/esr/components/esr-gui/templates/NOTES.txt b/kubernetes/esr/components/esr-gui/templates/NOTES.txt
deleted file mode 100644
index e2b067fde4..0000000000
--- a/kubernetes/esr/components/esr-gui/templates/NOTES.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/esr/components/esr-gui/templates/deployment.yaml b/kubernetes/esr/components/esr-gui/templates/deployment.yaml
deleted file mode 100644
index 74f933572f..0000000000
--- a/kubernetes/esr/components/esr-gui/templates/deployment.yaml
+++ /dev/null
@@ -1,102 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1001
- fsGroup: 1001
- initContainers:
- - command:
- - cp
- args:
- - -r
- - -T
- - /home/esr/tomcat
- - /opt/tomcat
- securityContext:
- privileged: true
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: create-tomcat-dir
- volumeMounts:
- - name: tomcat-workdir
- mountPath: /opt/tomcat
-
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: {{ tpl .Values.msbaddr . }}
- volumeMounts:
- - name: tomcat-workdir
- mountPath: /home/esr/tomcat/
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- volumes:
- - name: tomcat-workdir
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/esr/components/esr-gui/templates/service.yaml b/kubernetes/esr/components/esr-gui/templates/service.yaml
deleted file mode 100644
index b020257873..0000000000
--- a/kubernetes/esr/components/esr-gui/templates/service.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "aai-esr-gui",
- "version": "v1",
- "url": "/esr-gui",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"1",
- "path":"/iui/aai-esr-gui"
- }
- ]'
-spec:
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/esr/components/esr-gui/values.yaml b/kubernetes/esr/components/esr-gui/values.yaml
deleted file mode 100644
index 417ace5ab4..0000000000
--- a/kubernetes/esr/components/esr-gui/values.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/aai/esr-gui:1.4.0
-pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:443
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- name: esr-gui
- internalPort: 8080
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
diff --git a/kubernetes/esr/components/esr-server/resources/config/logback.xml b/kubernetes/esr/components/esr-server/resources/config/logback.xml
deleted file mode 100644
index fcc9f250d9..0000000000
--- a/kubernetes/esr/components/esr-server/resources/config/logback.xml
+++ /dev/null
@@ -1,144 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
-
- <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
- <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
-
- <property name="logDir" value="{{ .Values.log.logDir }}" />
- <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
-
- <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
-
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
-
- <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
- <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
-
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-
- <!-- Console (human-readable) logging -->
- <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
-
- <appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${auditPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
-
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${metricPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics"/>
- </appender>
-
- <appender name="EELFError"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>${errorPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError"/>
- </appender>
-
- <appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${consolePattern}</pattern>
- </encoder>
- </appender>
-
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
-
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
- <logger name="com.att.eelf.error" level="debug" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
-
- <root level="{{ .Values.log.root.level }}">
- <appender-ref ref="asyncEELFDebug" />
- <appender-ref ref="STDOUT" />
- </root>
-
-</configuration> \ No newline at end of file
diff --git a/kubernetes/esr/components/esr-server/templates/NOTES.txt b/kubernetes/esr/components/esr-server/templates/NOTES.txt
deleted file mode 100644
index 5da4ade3a5..0000000000
--- a/kubernetes/esr/components/esr-server/templates/NOTES.txt
+++ /dev/null
@@ -1,30 +0,0 @@
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/esr/components/esr-server/templates/configmap.yaml b/kubernetes/esr/components/esr-server/templates/configmap.yaml
deleted file mode 100644
index 6861a8bdf0..0000000000
--- a/kubernetes/esr/components/esr-server/templates/configmap.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-esr-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
diff --git a/kubernetes/esr/components/esr-server/templates/deployment.yaml b/kubernetes/esr/components/esr-server/templates/deployment.yaml
deleted file mode 100644
index 03bcaa09d4..0000000000
--- a/kubernetes/esr/components/esr-server/templates/deployment.yaml
+++ /dev/null
@@ -1,137 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1001
- fsGroup: 1001
- initContainers:
- - command:
- - cp
- args:
- - -r
- - -T
- - /home/esr/conf
- - /opt/conf
- securityContext:
- privileged: true
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: create-conf-dir
- volumeMounts:
- - name: conf-dir
- mountPath: /opt/conf
-
- containers:
- - name: {{ .Chart.Name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: {{ tpl .Values.msbaddr . }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /home/esr/works/logs
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /home/esr/conf
- name: conf-dir
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap/esr/esr-server
- - mountPath: /opt/ajsc/etc/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-esr-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: conf-dir
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/esr/components/esr-server/templates/service.yaml b/kubernetes/esr/components/esr-server/templates/service.yaml
deleted file mode 100644
index 9fb6e93a7b..0000000000
--- a/kubernetes/esr/components/esr-server/templates/service.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "aai-esr-server",
- "version": "v1",
- "url": "/api/aai-esr-server/v1",
- "protocol": "REST",
- "port": "{{.Values.service.internalPort}}",
- "enable_ssl": true,
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/esr/components/esr-server/values.yaml b/kubernetes/esr/components/esr-server/values.yaml
deleted file mode 100644
index a3fb6862a6..0000000000
--- a/kubernetes/esr/components/esr-server/values.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-subChartsOnly:
- enabled: true
-
-# application image
-image: onap/aai/esr-server:1.5.2
-pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:443
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: esr-server
- portName: esr-server
- externalPort: 9518
- internalPort: 9518
-
-ingress:
- enabled: false
-
-log:
- componentName: esr
- subcomponentName: esr-server
- debug: true
- scan:
- enabled: false
- logDir: /var/log/onap
- queueSize: 256
- root:
- level: INFO
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
diff --git a/kubernetes/esr/requirements.yaml b/kubernetes/esr/requirements.yaml
deleted file mode 100644
index a2bf902284..0000000000
--- a/kubernetes/esr/requirements.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: esr-gui
- version: ~8.x-0
- repository: 'file://components/esr-gui'
- condition: esr-gui.enabled
- - name: esr-server
- version: ~8.x-0
- repository: 'file://components/esr-server'
diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh
index 4fec3984db..5820e77521 100755
--- a/kubernetes/helm/plugins/deploy/deploy.sh
+++ b/kubernetes/helm/plugins/deploy/deploy.sh
@@ -22,13 +22,13 @@ You can specify the '--values'/'-f' flag multiple times. The priority will be gi
last (right-most) file specified. For example, if both myvalues.yaml and override.yaml
contained a key called 'Test', the value set in override.yaml would take precedence:
- $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml
+ $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml
You can specify the '--set' flag multiple times. The priority will be given to the
last (right-most) set specified. For example, if both 'bar' and 'newbar' values are
set for a key called 'foo', the 'newbar' value would take precedence:
- $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false
+ $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false
Usage:
helm deploy [RELEASE] [CHART] [flags]
@@ -89,16 +89,16 @@ resolve_deploy_flags() {
deploy() {
# validate params
- if [ -z "$1" ] || [ -z "$2" ]; then
+ if [ -z "$1" ] || [ -z "$2" ]; then
usage
- exit 0
+ exit 1
fi
RELEASE=$1
CHART_URL=$2
- FLAGS=${@:3}
- CHART_REPO="$(echo "$CHART_URL" |cut -d'/' -f1)"
- CHART_NAME="$(echo "$CHART_URL" |cut -d'/' -f2)"
+ FLAGS=$(echo ${@} | sed 's/^ *[^ ]* *[^ ]* *//')
+ CHART_REPO="$(echo "$CHART_URL" | cut -d'/' -f1)"
+ CHART_NAME="$(echo "$CHART_URL" | cut -d'/' -f2)"
if expr "$HELM_VER" : "v3\..*" ; then
CACHE_DIR=~/.local/share/helm/plugins/deploy/cache
else
@@ -123,7 +123,7 @@ deploy() {
fi
# determine if set-last-applied flag is enabled
SET_LAST_APPLIED="false"
- if expr"$FLAGS" : ".*--set-last-applied.*" ; then
+ if expr "$FLAGS" : ".*--set-last-applied.*" ; then
FLAGS="$(echo $FLAGS| sed -n 's/--set-last-applied//p')"
SET_LAST_APPLIED="true"
fi
@@ -242,17 +242,17 @@ deploy() {
else
echo "release \"${RELEASE}-${subchart}\" deployed"
fi
- # Add annotation last-applied-configuration if set-last-applied flag is set
+ # Add annotation last-applied-configuration if set-last-applied flag is set
if [ "$SET_LAST_APPLIED" = "true" ]; then
helm get manifest "${RELEASE}-${subchart}" \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
- > $LOG_FILE.log 2>&1
+ > $LOG_FILE.log 2>&1
fi
fi
- if [ "$DELAY" = "true" ]; then
- echo sleep 3m
- sleep 180
- fi
+ if [ "$DELAY" = "true" ]; then
+ echo sleep 3m
+ sleep 180
+ fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
@@ -287,7 +287,7 @@ case "${1:-"help"}" in
usage
;;
*)
- deploy $1 $2 ${@:3}
+ deploy $1 $2 $(echo ${@} | sed 's/^ *[^ ]* *[^ ]* *//')
;;
esac
diff --git a/kubernetes/helm/plugins/deploy/plugin.yaml b/kubernetes/helm/plugins/deploy/plugin.yaml
index fc7f7d0f88..533ffeea6f 100644
--- a/kubernetes/helm/plugins/deploy/plugin.yaml
+++ b/kubernetes/helm/plugins/deploy/plugin.yaml
@@ -1,7 +1,7 @@
name: "deploy"
version: "1.0.0"
-usage: "install (upgrade if release exists) parent chart and subcharts as separate
+usage: "install (upgrade if release exists) parent chart and subcharts as separate
but related releases"
-description: "install (upgrade if release exists) parent charty and all subcharts as separate
+description: "install (upgrade if release exists) parent charty and all subcharts as separate
but related releases"
command: "$HELM_PLUGIN_DIR/deploy.sh" \ No newline at end of file
diff --git a/kubernetes/helm/plugins/undeploy/plugin.yaml b/kubernetes/helm/plugins/undeploy/plugin.yaml
index 02999fd04c..22f8ad2997 100644
--- a/kubernetes/helm/plugins/undeploy/plugin.yaml
+++ b/kubernetes/helm/plugins/undeploy/plugin.yaml
@@ -1,7 +1,7 @@
name: "undeploy"
version: "1.0.0"
-usage: "delete parent chart and subcharts that were deployed as separate
+usage: "delete parent chart and subcharts that were deployed as separate
releases"
-description: "delete parent chart and subcharts that were deployed as separate
+description: "delete parent chart and subcharts that were deployed as separate
releases"
command: "$HELM_PLUGIN_DIR/undeploy.sh" \ No newline at end of file
diff --git a/kubernetes/helm/plugins/undeploy/undeploy.sh b/kubernetes/helm/plugins/undeploy/undeploy.sh
index 35fc4ca251..a3b0e3c623 100755
--- a/kubernetes/helm/plugins/undeploy/undeploy.sh
+++ b/kubernetes/helm/plugins/undeploy/undeploy.sh
@@ -29,9 +29,9 @@ undeploy() {
done
}
-if [ $# < 1 ]; then
+if [ -z "$1" ]; then
echo "Error: command 'undeploy' requires a release name"
- exit 0
+ exit 1
fi
case "${1:-"help"}" in
@@ -45,7 +45,7 @@ case "${1:-"help"}" in
usage
;;
*)
- undeploy $1 ${@:2}
+ undeploy $1 $(echo ${@} | sed 's/^ *[^ ]* *//')
;;
esac
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml
index 9366bd1e2b..ab839d0a5c 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: certInitializer
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
index fae06da475..45c268c6b6 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
@@ -115,6 +115,7 @@ spec:
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index f44faa1059..1bdf35da21 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -25,7 +25,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:1.3.3
+image: onap/holmes/engine-management:9.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
@@ -128,3 +128,9 @@ resources:
cpu: 250m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: holmes-engine-mgmt
+ roles:
+ - read
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml
index 9366bd1e2b..ab839d0a5c 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: certInitializer
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
index e03c6cbb9c..d757b75d68 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
@@ -114,6 +114,7 @@ spec:
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index 9e2b656150..6261b4ebd7 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -25,7 +25,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:1.3.3
+image: onap/holmes/rule-management:9.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
@@ -132,3 +132,9 @@ resources:
cpu: 500m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: holmes-rule-mgmt
+ roles:
+ - read
diff --git a/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf b/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf
index d6b0696b81..b224bf3173 100644
--- a/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf
+++ b/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf
@@ -92,14 +92,14 @@ filter {
if event.get("[mdcname]")
$num = event.get("[mdcname]").length
end
- if $num != 0
+ if $num != 0
until $i > $num do
if event.get("[mdcname]").at($i) and event.get("[mdcvalue]").at($i)
event.set(event.get("[mdcname]").at($i), event.get("[mdcvalue]").at($i))
end
$i=$i+1
end
- end
+ end
'
}
@@ -151,7 +151,7 @@ filter {
gsub => [
'message', ' = ', '=',
'message', '= ', '=null',
- 'message', '=\t', '=null ', #This null is followed by a tab
+ 'message', '=\t', '=null\t', #This null is followed by a tab
'message', '\t$', '\t'
]
}
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
index b9e4a44df1..6070b0c468 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
index 1a303ff7aa..8e28071ba6 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
@@ -138,7 +138,7 @@ spec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-etsicatalog
{{- if .Values.persistence.enabled }}
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml
index f424cc644e..20d3fd22ab 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml
@@ -44,7 +44,7 @@ metadata:
"enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
- {
+ {
"serviceName": "nsd",
"version": "v1",
"url": "/api/nsd/v1",
@@ -53,7 +53,7 @@ metadata:
"enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
- {
+ {
"serviceName": "vnfpkgm",
"version": "v1",
"url": "/api/vnfpkgm/v1",
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
index c9e24fc07b..3af4bae554 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
@@ -100,7 +100,7 @@ config:
# application image
flavor: small
-image: onap/modeling/etsicatalog:1.0.10
+image: onap/modeling/etsicatalog:1.0.11
pullPolicy: Always
#Istio sidecar injection policy
@@ -177,3 +177,9 @@ resources:
cpu: 200m
memory: 500Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: modeling-etsicatalog
+ roles:
+ - read
diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
index 0cd46167e4..18692d8afa 100755
--- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
+++ b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
@@ -1,16 +1,11 @@
+#!/bin/sh
+
#!/usr/bin/dumb-init /bin/sh
+# As of docker 1.13, using docker run --init achieves the same outcome than dumb-init.
+
set -e
set -x
-# Note above that we run dumb-init as PID 1 in order to reap zombie processes
-# as well as forward signals to all processes in its session. Normally, sh
-# wouldn't do either of these functions so we'd leak zombies as well as do
-# unclean termination of all our sub-processes.
-# As of docker 1.13, using docker run --init achieves the same outcome.
-
-# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
-# bind to and this will look up the IP and pass the proper -bind= option along
-# to Consul.
CONSUL_BIND=
if [ -n "$CONSUL_BIND_INTERFACE" ]; then
CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
@@ -48,12 +43,12 @@ CONSUL_CONFIG_DIR=/consul/config
# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some
# Consul configuration JSON without having to bind any volumes.
if [ -n "$CONSUL_LOCAL_CONFIG" ]; then
- echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
+ echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
fi
# If the user is trying to run Consul directly with some arguments, then
# pass them to Consul.
-if [ "${1:0:1}" = '-' ]; then
+if echo "$1" | grep '^-' >/dev/null; then
set -- consul "$@"
fi
diff --git a/kubernetes/msb/components/msb-discovery/resources/config/logback.xml b/kubernetes/msb/components/msb-discovery/resources/config/logback.xml
index 3781d96328..174a6c5f9b 100644
--- a/kubernetes/msb/components/msb-discovery/resources/config/logback.xml
+++ b/kubernetes/msb/components/msb-discovery/resources/config/logback.xml
@@ -57,7 +57,7 @@
<pattern>${auditPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFAudit" />
@@ -128,7 +128,7 @@
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
-
+
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml
index 994e84b722..f0eabde79f 100644
--- a/kubernetes/msb/components/msb-discovery/values.yaml
+++ b/kubernetes/msb/components/msb-discovery/values.yaml
@@ -21,7 +21,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_discovery:1.2.6
+image: onap/msb/msb_discovery:1.3.0
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/components/msb-eag/resources/config/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/logback.xml
index 6dc4443d6e..472d8ce735 100644
--- a/kubernetes/msb/components/msb-eag/resources/config/logback.xml
+++ b/kubernetes/msb/components/msb-eag/resources/config/logback.xml
@@ -57,7 +57,7 @@
<pattern>${auditPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFAudit" />
@@ -128,7 +128,7 @@
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
-
+
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index 3629eb43ec..ef36b13742 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/components/msb-iag/resources/config/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/logback.xml
index 65ff43485a..a93d4ec56f 100644
--- a/kubernetes/msb/components/msb-iag/resources/config/logback.xml
+++ b/kubernetes/msb/components/msb-iag/resources/config/logback.xml
@@ -57,7 +57,7 @@
<pattern>${auditPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFAudit" />
@@ -128,7 +128,7 @@
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
-
+
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index b95a11914d..4610232e7b 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index 307524c4fa..30319683a2 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -18,13 +18,13 @@
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.8.2
+image: onap/multicloud/k8s:0.9.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml
index da5156a93a..a21ec43d9b 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml
@@ -39,7 +39,7 @@ spec:
targetPort: {{ .Values.service.internalPort }}
{{- end}}
protocol: TCP
-{{- if .Values.service.meshpeer.enabled }}
+{{- if .Values.service.meshpeer.enabled }}
- name: {{ .Values.service.meshpeer.portName }}
port: {{ .Values.service.meshpeer.port }}
targetPort: {{ .Values.service.meshpeer.port }}
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 53729f9311..93d299e16f 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -18,7 +18,7 @@
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
prometheus:
enabled: false
persistence: {}
@@ -27,7 +27,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/framework:1.6.0
+image: onap/multicloud/framework:1.7.0
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index fa3efd3b40..61d4314be4 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -78,10 +78,6 @@ dependencies:
version: ~8.x-0
repository: '@local'
condition: dmaap.enabled
- - name: esr
- version: ~8.x-0
- repository: '@local'
- condition: esr.enabled
- name: log
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml
index 24678e6680..de448084ee 100644
--- a/kubernetes/onap/resources/environments/core-onap.yaml
+++ b/kubernetes/onap/resources/environments/core-onap.yaml
@@ -77,8 +77,6 @@ holmes:
enabled: false
dmaap:
enabled: true
-esr:
- enabled: false
log:
enabled: false
mariadb-galera:
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index df333455d8..b5951b25d2 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -81,8 +81,6 @@ holmes:
enabled: false
dmaap:
enabled: false
-esr:
- enabled: false
log:
enabled: false
log-logstash:
diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml
index af3c11a17e..0f93b94983 100644
--- a/kubernetes/onap/resources/environments/disable-allcharts.yaml
+++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml
@@ -51,8 +51,6 @@ holmes:
enabled: false
dmaap:
enabled: false
-esr:
- enabled: false
log:
enabled: false
sniro-emulator:
diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml
index 56ed2fef85..670a55ae8d 100644
--- a/kubernetes/onap/resources/environments/minimal-onap.yaml
+++ b/kubernetes/onap/resources/environments/minimal-onap.yaml
@@ -72,8 +72,6 @@ holmes:
enabled: false
dmaap:
enabled: true
-esr:
- enabled: false
log:
enabled: false
mariadb-galera:
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index 7f23899c98..8c9babb99a 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -104,8 +104,6 @@ holmes:
enabled: false
dmaap:
enabled: true
-esr:
- enabled: true
log:
enabled: true
sniro-emulator:
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
index f3358d007d..528cd2c687 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
@@ -46,8 +46,6 @@ holmes:
enabled: true
dmaap:
enabled: true
-esr:
- enabled: true
oof:
enabled: true
msb:
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index ad002cc385..91e0157aea 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -55,8 +55,6 @@ holmes:
enabled: true
dmaap:
enabled: true
-esr:
- enabled: true
oof:
enabled: true
msb:
diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml
index ca98011484..312fc4b65f 100644
--- a/kubernetes/onap/resources/overrides/sm-onap.yaml
+++ b/kubernetes/onap/resources/overrides/sm-onap.yaml
@@ -74,8 +74,6 @@ dcaegen2-services:
enabled: false
holmes:
enabled: false
-esr:
- enabled: false
log:
enabled: false
mariadb-galera:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 028b43aef2..133e59fb01 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -298,8 +298,6 @@ holmes:
enabled: false
dmaap:
enabled: false
-esr:
- enabled: false
# Today, "logging" chart that perform the central part of logging must also be
# enabled in order to make it work. So `logging.enabled` must have the same
# value than centralizedLoggingEnabled
diff --git a/kubernetes/oof/components/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
index 21296ff22a..5495e4271b 100755
--- a/kubernetes/oof/components/oof-has/resources/config/healthy.sh
+++ b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
{{/*
# Copyright © 2017 Amdocs, Bell Canada
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
index 0bc24afe86..e8418355d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
@@ -56,7 +56,10 @@ spec:
description: Path of health check endpoint.
type: string
certEndpoint:
- description: Path of cerfificate signing enpoint.
+ description: Path of cerfificate signing endpoint.
+ type: string
+ updateEndpoint:
+ description: Path of certificate update endpoint.
type: string
caName:
description: Name of the external CA server configured on CertService API side.
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
index ae4ae81f02..52e35375d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -25,6 +25,7 @@ spec:
url: {{ .Values.cmpv2issuer.url }}
healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }}
certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }}
+ updateEndpoint: {{ .Values.cmpv2issuer.updateEndpoint }}
caName: {{ .Values.cmpv2issuer.caName }}
certSecretRef:
name: {{ .Values.cmpv2issuer.certSecretRef.name }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
index c5f289f2d9..c49762202b 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
-# Copyright (c) 2020 Nokia
+# Copyright (c) 2020-2021 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,24 +38,6 @@ spec:
initContainers:
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- - name: {{ .Values.deploymentProxy.name }}
- image: {{ .Values.deploymentProxy.image }}
- imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }}
- args:
- - --secure-listen-address=0.0.0.0:8443
- - --upstream=http://127.0.0.1:8080/
- - --logtostderr=true
- - --v=10
- ports:
- - containerPort: 8443
- name: https
- resources:
- limits:
- cpu: {{ .Values.deploymentProxy.resources.limits.cpu }}
- memory: {{ .Values.deploymentProxy.resources.limits.memory }}
- requests:
- cpu: {{ .Values.deploymentProxy.resources.requests.cpu }}
- memory: {{ .Values.deploymentProxy.resources.requests.memory }}
- name: provider
image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }}
imagePullPolicy: {{ .Values.deployment.pullPolicy }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index 55c4d0beac..2237811465 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+# Copyright © 2020-2021, Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,19 +25,10 @@ global:
namespace: onap
-# Service configuration
-service:
- name: oom-certservice-cmpv2issuer-metrics-service
- type: ClusterIP
- ports:
- name: https
- port: 8443
- targetPort: https
-
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
@@ -49,17 +40,6 @@ deployment:
requests:
cpu: 100m
memory: 64Mi
-deploymentProxy:
- name: kube-rbac-proxy
- image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
- pullPolicy: IfNotPresent
- resources:
- limits:
- cpu: 250m
- memory: 128Mi
- requests:
- cpu: 50m
- memory: 32Mi
readinessCheck:
wait_for:
- oom-cert-service
@@ -70,6 +50,7 @@ cmpv2issuer:
url: https://oom-cert-service:8443
healthcheckEndpoint: actuator/health
certEndpoint: v1/certificate
+ updateEndpoint: v1/certificate-update
caName: RA
certSecretRef:
name: oom-cert-service-client-tls-secret
diff --git a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
index 06e1087f60..5a967f0405 100644
--- a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
+++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
@@ -3,7 +3,7 @@
{
"caName": "CLIENT",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "CLIENT",
"authentication": {
"iak": "${CLIENT_IAK}",
@@ -13,7 +13,7 @@
{
"caName": "RA",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "RA",
"authentication": {
"iak": "${RA_IAK}",
@@ -21,4 +21,4 @@
}
}
]
-} \ No newline at end of file
+}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 2e149683d7..6cabde79da 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -34,7 +34,7 @@ service:
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0
pullPolicy: Always
replicaCount: 1
@@ -79,7 +79,7 @@ tls:
selfsigning:
name: &selfSigningIssuer cmpv2-selfsigning-issuer
ca:
- name: &caIssuer cmpv2-ca-issuer
+ name: &caIssuer cmpv2-issuer-onap
secret:
name: &caKeyPairSecret cmpv2-ca-key-pair
server:
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 66a42f0171..0c9d6a504f 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -5,7 +5,8 @@
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true
+ "https": true,
+ "prometheus": true
},
"pdpStatusParameters":{
"pdpGroup": "defaultGroup",
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
deleted file mode 100755
index d6bd17f65b..0000000000
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-{
- "javaProperties" : [
- ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
- ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"]
- ],
- "engineServiceParameters": {
- "name": "MyApexEngine",
- "version": "0.0.1",
- "id": 45,
- "instanceCount": 4,
- "deploymentPort": 12345,
- "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
- "engineParameters": {
- "executorParameters": {
- "JAVASCRIPT": {
- "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
- }
- }
- }
- },
- "eventOutputParameters": {
- "FirstProducer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- },
- "eventInputParameters": {
- "FirstConsumer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- }
-}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index eb6292a039..3983d932a0 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.5.2
+image: onap/policy-apex-pdp:2.6.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json
index 729eea87ff..ce59965521 100755
--- a/kubernetes/policy/components/policy-api/resources/config/config.json
+++ b/kubernetes/policy/components/policy-api/resources/config/config.json
@@ -25,7 +25,8 @@
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"databaseProviderParameters": {
"name": "PolicyProviderParameterGroup",
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 36eb5c4899..87ddd73adf 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -78,7 +78,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.4.2
+image: onap/policy-api:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml
new file mode 100644
index 0000000000..3bdcad623c
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop K8s Participant
+name: policy-clamp-cl-k8s-ppnt
+version: 8.0.0
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/requirements.yaml
new file mode 100644
index 0000000000..7878f91d48
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/requirements.yaml
@@ -0,0 +1,31 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
new file mode 100644
index 0000000000..6904e35bce
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -0,0 +1,61 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+security:
+ enable-csrf: false
+
+participant:
+ localChartDirectory: /home/policy/local-charts
+ infoFileName: CHART_INFO.json
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: K8sParticipant0
+ version: 1.0.0
+ participantType:
+ name: org.onap.k8s.controlloop.K8SControlLoopParticipant
+ version: 2.3.4
+ clampControlLoopTopics:
+ topicSources:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: true
+ topicSinks:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+
+server:
+ # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
+ # See springboot documentation.
+ port: 8083
+
+ \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml
new file mode 100644
index 0000000000..a09b4783c3
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml
new file mode 100644
index 0000000000..09cc8cd48f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml
new file mode 100644
index 0000000000..72a3d0ea27
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml
@@ -0,0 +1,113 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-k8s-ppnt-config
+ - mountPath: /config
+ name: cl-k8s-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-k8s-ppnt-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-k8s-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-k8s-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/esr/components/esr-server/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml
index 38a51cd771..f0f3c5e993 100644
--- a/kubernetes/esr/components/esr-server/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2018 Amdocs, Bell Canada
+{{/*
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,8 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-description: ONAP External System Register GUI
-name: esr-server
-version: 8.0.0
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml
new file mode 100644
index 0000000000..be2449f890
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml
new file mode 100644
index 0000000000..9d7e19d73d
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml
@@ -0,0 +1,140 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-k8s-ppnt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-k8s-ppnt:6.1.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-cl-k8s-ppnt
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 8083
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-k8s-ppnt
+ roles:
+ - create
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml
new file mode 100644
index 0000000000..b7c44d7c3b
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop Runtime
+name: policy-clamp-cl-runtime
+version: 8.0.0
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml
new file mode 100644
index 0000000000..7878f91d48
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml
@@ -0,0 +1,31 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml
new file mode 100644
index 0000000000..250e91213c
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml
@@ -0,0 +1,79 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: ${RUNTIME_USER}
+ password: ${RUNTIME_PASSWORD}
+ http:
+ converters:
+ preferred-json-mapper: gson
+
+security:
+ enable-csrf: false
+
+server:
+ port: 6969
+ servlet:
+ context-path: /onap/controlloop
+ error:
+ path: /error
+
+
+runtime:
+ supervisionScannerIntervalSec: 1000
+ participantClUpdateIntervalSec: 1000
+ participantClStateChangeIntervalSec: 1000
+ participantParameters:
+ heartBeatMs: 120000
+ maxMessageAgeMs: 600000
+ maxStatusWaitMs: 100000
+ updateParameters:
+ maxRetryCount: 3
+ maxWaitMs: 100000
+ databaseProviderParameters:
+ name: PolicyProviderParameterGroup
+ implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
+ databaseDriver: org.mariadb.jdbc.Driver
+ databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop
+ databaseUser: ${SQL_USER}
+ databasePassword: ${SQL_PASSWORD}
+ persistenceUnit: CommissioningMariaDb
+ topicParameterGroup:
+ topicSources:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+ fetchTimeout: 15000
+ topicSinks:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml
new file mode 100644
index 0000000000..43cea65306
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/policy-clamp-cl-runtime/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml
new file mode 100644
index 0000000000..66c096d439
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml
@@ -0,0 +1,38 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml
new file mode 100644
index 0000000000..92e5c9e6c8
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml
@@ -0,0 +1,131 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: RUNTIME_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
+ - name: RUNTIME_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-runtime-config
+ - mountPath: /config
+ name: cl-runtime-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/controlloop-runtime.sh /opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/controlloop-runtime.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-runtime-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-runtime-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-runtime-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml
new file mode 100644
index 0000000000..abbfa3fdba
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml
new file mode 100644
index 0000000000..be2449f890
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml
new file mode 100644
index 0000000000..4cf9e67c99
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml
@@ -0,0 +1,154 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: runtime-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-runtime-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-runtime:6.1.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ policyAppUserName: runtimeUser
+ policyAppUserPassword: none
+
+db:
+ user: policy_user
+ password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-cl-runtime
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 6969
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-runtime
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml
index a7c8d6defa..9e021c8d0e 100644
--- a/kubernetes/policy/components/policy-clamp-fe/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml
@@ -60,7 +60,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/policy-clamp-frontend:6.1.1
+image: onap/policy-clamp-frontend:6.1.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index ae31633843..615afc6351 100755
--- a/kubernetes/policy/components/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -2,6 +2,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,8 @@
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https":true
+ "https":true,
+ "prometheus": true
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
@@ -69,8 +71,8 @@
],
"consumerGroup": "policy-group",
"environmentName": "AUTO",
- "keystorePath": "null",
- "keystorePassword": "null",
+ "keyStorePath": "null",
+ "keyStorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
"isUseHttpsWithDmaap": true
@@ -91,18 +93,21 @@
"parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
"parameters":{
"apiParameters": {
- "hostName": "policy-api",
- "port": 6969,
- "userName": "${API_USER}",
- "password": "${API_PASSWORD}"
- },
+ "clientName": "policy-api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "useHttps": true
+ },
"papParameters": {
- "hostName": "policy-pap",
- "port": 6969,
- "userName": "${PAP_USER}",
- "password": "${PAP_PASSWORD}"
+ "clientName": "policy-pap",
+ "hostname": "policy-pap",
+ "port": 6969,
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}",
+ "useHttps": true
},
- "isHttps": true,
"deployPolicies": true
}
}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index fb6ef6e039..1614bd840e 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -67,7 +67,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.5.2
+image: onap/policy-distribution:2.6.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index ec8d119fa6..ff532ab5c1 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017-2018 Amdocs, Bell Canada.
# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,6 +41,7 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
SQL_HOST={{ .Values.db.name }}
+SQL_PORT=3306
# AAF
@@ -47,6 +49,11 @@ AAF={{.Values.aaf.enabled}}
AAF_NAMESPACE=org.onap.policy
AAF_HOST=aaf-locate.{{.Release.Namespace}}
+# HTTP Servers
+
+HTTP_SERVER_HTTPS=true
+PROMETHEUS=true
+
# PDP-D DMaaP configuration channel
PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
@@ -85,6 +92,7 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
DMAAP_SERVERS=message-router
+DMAAP_HTTPS=true
# AAI
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties
new file mode 100644
index 0000000000..c7cca2b03a
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties
@@ -0,0 +1,45 @@
+#
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+# system properties set within the application
+
+java.net.preferIPv4Stack=true
+
+# jmx
+
+com.sun.management.jmxremote.port=9991
+com.sun.management.jmxremote.authenticate=false
+com.sun.management.jmxremote.ssl=false
+
+# certs
+
+javax.net.ssl.trustStore=${envd:TRUSTSTORE:/opt/app/policy/etc/ssl/policy-truststore}
+javax.net.ssl.trustStorePassword=${envd:TRUSTSTORE_PASSWD}
+
+javax.net.ssl.keyStore=${envd:KEYSTORE}
+javax.net.ssl.keyStorePassword=${envd:KEYSTORE_PASSWD}
+
+# kie
+
+kie.maven.offline.force=${envd:REPOSITORY_OFFLINE:false}
+
+# symmetric key for sensitive configuration data
+
+engine.symm.key=${envd:SYMM_KEY}
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
index 7173d80e57..2fc08e4e5d 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
@@ -80,7 +80,7 @@
<maxHistory>30</maxHistory>
<totalSizeCap>10GB</totalSizeCap>
</rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
@@ -98,7 +98,7 @@
<maxHistory>30</maxHistory>
<totalSizeCap>10GB</totalSizeCap>
</rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
@@ -119,7 +119,7 @@
</appender>
<appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
@@ -130,7 +130,7 @@
</appender>
<appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 38d398998c..678cce74ee 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Copyright © 2017, 2021 Bell Canada
# Modifications Copyright © 2018-2021 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,7 +35,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.8.2
+image: onap/policy-pdpd-cl:1.9.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml
new file mode 100644
index 0000000000..58ece9943c
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy GUI
+name: policy-gui
+version: 8.0.0
diff --git a/kubernetes/policy/components/policy-gui/requirements.yaml b/kubernetes/policy/components/policy-gui/requirements.yaml
new file mode 100644
index 0000000000..c9b17cbd06
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/requirements.yaml
@@ -0,0 +1,28 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
new file mode 100644
index 0000000000..98417cd822
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/default.conf
@@ -0,0 +1,32 @@
+server {
+
+ listen 2443 default ssl;
+ ssl_protocols TLSv1.2;
+ {{ if .Values.global.aafEnabled }}
+ ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+ ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+ {{ else }}
+ ssl_certificate /etc/ssl/clamp.pem;
+ ssl_certificate_key /etc/ssl/clamp.key;
+ {{ end }}
+
+ ssl_verify_client optional_no_ca;
+ absolute_redirect off;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri $uri/ =404;
+ }
+
+ location /clamp/restservices/clds/ {
+ proxy_pass https://policy-clamp-be:8443/restservices/clds/;
+ proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
+ }
+
+ location = /50x.html {
+ root /var/lib/nginx/html;
+ }
+ error_page 500 502 503 504 /50x.html;
+ error_log /var/log/nginx/error.log warn;
+}
diff --git a/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml
index a60fb95795..0b3951726b 100644
--- a/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml
@@ -1,17 +1,21 @@
{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
@@ -26,7 +30,6 @@ filebeat.prospectors:
# Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
clean_inactive: 96h
-
# Name of the registry file. If a relative path is used, it is considered relative to the
# data path. Else full qualified file name.
#filebeat.registry_file: ${path.data}/registry
@@ -36,7 +39,7 @@ output.logstash:
#List of logstash server ip addresses with port number.
#But, in our case, this will be the loadbalancer IP address.
#For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
#If enable will do load balancing among availabe Logstash, automatically.
loadbalance: true
diff --git a/kubernetes/policy/components/policy-gui/templates/NOTES.txt b/kubernetes/policy/components/policy-gui/templates/NOTES.txt
new file mode 100644
index 0000000000..e44f333e11
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/NOTES.txt
@@ -0,0 +1,38 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit https://127.0.0.1:8443 to use your application"
+ kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
new file mode 100644
index 0000000000..4f600882e9
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
@@ -0,0 +1,34 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
new file mode 100644
index 0000000000..b67fa273de
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -0,0 +1,109 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - policy-clamp-be
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ containers:
+ # side car containers
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - mountPath: /etc/nginx/conf.d/default.conf
+ name: {{ include "common.fullname" . }}-config
+ subPath: default.conf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: default.conf
+ path: default.conf
+ - name: logs
+ emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-gui/templates/ingress.yaml b/kubernetes/policy/components/policy-gui/templates/ingress.yaml
new file mode 100644
index 0000000000..e3dd7cb0f6
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/ingress.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/secrets.yaml b/kubernetes/policy/components/policy-gui/templates/secrets.yaml
new file mode 100644
index 0000000000..2af7fae2d9
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml
new file mode 100644
index 0000000000..44e66b8680
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/service.yaml
@@ -0,0 +1,46 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
new file mode 100644
index 0000000000..460a83d9b2
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -0,0 +1,156 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 304
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "clamp.key"
+ clamp_pem: "clamp.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: policy-gui-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
+subChartsOnly:
+ enabled: true
+
+flavor: small
+
+# application image
+image: onap/policy-gui:2.1.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+ path: /var/log/nginx/
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+service:
+ type: NodePort
+ name: policy-gui
+ portName: policy-gui
+ internalPort: 2443
+ nodePort: 43
+
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "policygui.api"
+ name: "policygui"
+ port: 2443
+ config:
+ ssl: "redirect"
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 200Mi
+ requests:
+ cpu: 1m
+ memory: 50Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 50Mi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-gui
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json
index 0b30a27535..e5cbd22105 100755
--- a/kubernetes/policy/components/policy-pap/resources/config/config.json
+++ b/kubernetes/policy/components/policy-pap/resources/config/config.json
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,8 @@
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"pdpParameters": {
"heartBeatMs": 120000,
@@ -47,6 +49,7 @@
"databasePassword": "${SQL_PASSWORD}",
"persistenceUnit": "PolicyMariaDb"
},
+ "savePdpStatisticsInDb": true,
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
@@ -54,6 +57,15 @@
"useHttps": true,
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
+ },
+ {
+ "topic" : "POLICY-HEARTBEAT",
+ "effectiveTopic": "POLICY-PDP-PAP",
+ "consumerGroup": "policy-pap",
+ "servers" : [ "message-router" ],
+ "useHttps": true,
+ "fetchTimeout": 15000,
+ "topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 3c4c3e5ec6..c373e04cf2 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -92,7 +92,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.4.2
+image: onap/policy-pap:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index a626a046a5..19b4d9c03b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -27,17 +27,20 @@
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"policyApiParameters": {
- "host": "policy-api",
+ "hostname": "policy-api",
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "https": true,
+ "useHttps": true,
"aaf": false
},
- "applicationPath": "/opt/app/policy/pdpx/apps",
+ "applicationParameters": {
+ "applicationPath": "/opt/app/policy/pdpx/apps"
+ },
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 9eda53ee9b..91984cc81b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -83,7 +83,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.4.2
+image: onap/policy-xacml-pdp:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index c98d4fc7a8..0ba1535346 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -56,6 +57,18 @@ dependencies:
version: ~8.x-0
repository: 'file://components/policy-clamp-fe'
condition: policy-clamp-fe.enabled
+ - name: policy-clamp-cl-k8s-ppnt
+ version: ~8.x-0
+ repository: 'file://components/policy-clamp-cl-k8s-ppnt'
+ condition: policy-clamp-cl-k8s-ppnt.enabled
+ - name: policy-clamp-cl-runtime
+ version: ~8.x-0
+ repository: 'file://components/policy-clamp-cl-runtime'
+ condition: policy-clamp-cl-runtime.enabled
+ - name: policy-gui
+ version: ~8.x-0
+ repository: 'file://components/policy-gui'
+ condition: policy-gui.enabled
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 90c987984f..787ec0adbe 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -2,6 +2,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,10 +19,10 @@
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory
+for db in migration pooling policyadmin policyclamp operationshistory controlloop
do
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
done
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/kubernetes/esr/components/esr-gui/Chart.yaml b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
index 9f08c59485..d1cc108fec 100644
--- a/kubernetes/esr/components/esr-gui/Chart.yaml
+++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
@@ -1,5 +1,6 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+#!/bin/sh
+{{/*
+# Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,8 +13,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-apiVersion: v1
-description: ONAP External System Register GUI
-name: esr-gui
-version: 8.0.0
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
+exit $rc
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 7809c746bb..17558f86ea 100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,4 +27,4 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 72c94f30c5..d781a634ae 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -47,7 +48,6 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- containers:
- name: {{ include "common.release" . }}-policy-galera-config
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -71,6 +71,32 @@ spec:
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
+ containers:
+ - name: {{ include "common.release" . }}-policy-galera-db-migrator
+ image: {{ .Values.repository }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ resources:
+{{ include "common.resources" . }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -80,3 +106,5 @@ spec:
items:
- key: db.sh
path: db.sh
+ - key: db_migrator_policy_init.sh
+ path: db_migrator_policy_init.sh
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 92344dd2fe..29603690b8 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -44,6 +45,13 @@ secrets:
login: '{{ index .Values "mariadb-galera" "db" "user" }}'
password: '{{ index .Values "mariadb-galera" "db" "password" }}'
passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -69,10 +77,21 @@ policy-distribution:
policy-clamp-be:
enabled: true
db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
policy-clamp-fe:
enabled: true
+policy-clamp-cl-k8s-ppnt:
+ enabled: true
policy-nexus:
enabled: false
+policy-clamp-cl-runtime:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
+policy-gui:
+ enabled: true
#################################################################
# DB configuration defaults.
@@ -84,6 +103,11 @@ pullPolicy: Always
mariadb:
image: mariadb:10.5.8
+dbmigrator:
+ image: onap/policy-db-migrator:2.3.0
+ schema: policyadmin
+ policy_home: "/opt/app/policy"
+
subChartsOnly:
enabled: true
@@ -109,6 +133,10 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+config:
+ policyAppUserName: runtimeUser
+
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
db:
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
index 3dbf434322..7020a40bb4 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
@@ -44,7 +44,7 @@ account_admin_role_id = 999
restricted_app_role_id = 900
# Home Page index html
-home_page = /index.html
+home_page = /index.html
authentication_mechanism =DBAUTH
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
index e707e259ca..325da8e9e3 100644
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
@@ -4,7 +4,7 @@
ONAP Portal
===================================================================
Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright © 2018 Amdocs, Bell Canada
+ Modifications Copyright © 2018 Amdocs, Bell Canada
====================================================================
Unless otherwise specified, all software contained herein is licensed
under the Apache License, Version 2.0 (the “License”);
@@ -37,264 +37,264 @@
<!DOCTYPE xml>
<configuration scan="true" scanPeriod="3 seconds" debug="true">
- <!-- specify the component name -->
- <property name="componentName" value="onapportal"></property>
+ <!-- specify the component name -->
+ <property name="componentName" value="onapportal"></property>
- <!-- specify the application name -->
+ <!-- specify the application name -->
<property name="application_name" value="Portal"></property>
- <!-- specify the base path of the log directory -->
- <property name="logDirPrefix" value="/var/log/onap"></property>
-
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDirPrefix}/${componentName}" />
- <!-- Can easily relocate debug logs by modifying this path. -->
- <property name="debugLogDirectory" value="${logDirPrefix}/${componentName}" />
-
- <!-- log file names -->
- <property name="generalLogName" value="application" />
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <!-- These loggers are not used in code (yet). <property name="securityLogName"
- value="security" /> <property name="policyLogName" value="policy" /> <property
- name="performanceLogName" value="performance" /> <property name="serverLogName"
- value="server" /> -->
-
- <!-- ServerFQDN=Server, -->
- <property name="auditLoggerPattern"
- value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
-
- <property name="metricsLoggerPattern"
- value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
-
- <property name="errorLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
-
- <property name="defaultLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
-
- <!-- use %class so library logging calls yield their class name -->
- <property name="applicationLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />
-
- <!--
- <property name="defaultPattern"
- value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
- <property name="debugLoggerPattern"
- value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
- -->
- <!-- <property name="debugLoggerPattern" value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}|[%caller{3}]|%msg%n"
- /> -->
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${applicationLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
-
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
-
- <appender name="EELF"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${generalLogName}.log.%d{yyyy-MM-dd}.zip
- </fileNamePattern>
- <maxHistory>30</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${applicationLoggerPattern}</pattern>
- </encoder>
- <filter class="org.openecomp.portalapp.portal.utils.CustomLoggingFilter" />
- </appender>
-
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <!-- Class name is part of caller data -->
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender>
-
- <!-- EELF Security Appender. This appender is used to record security events
- to the security log file. Security events are separate from other loggers
- in EELF so that security log records can be captured and managed in a secure
- way separate from the other logs. This appender is set to never discard any
- events. -->
- <!-- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${securityLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip </fileNamePattern>
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>
- </appender> <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize> <discardingThreshold>0</discardingThreshold> <appender-ref
- ref="EELFSecurity" /> </appender> -->
-
- <!-- EELF Performance Appender. This appender is used to record performance
- records. -->
- <!-- <appender name="EELFPerformance" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${performanceLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip </fileNamePattern>
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy> <encoder> <outputPatternAsHeader>true</outputPatternAsHeader>
- <pattern>${defaultPattern}</pattern> </encoder> </appender> <appender name="asyncEELFPerformance"
- class="ch.qos.logback.classic.AsyncAppender"> <queueSize>256</queueSize>
- <appender-ref ref="EELFPerformance" /> </appender> -->
-
- <!-- EELF Server Appender. This appender is used to record Server related
- logging events. The Server logger and appender are specializations of the
- EELF application root logger and appender. This can be used to segregate
- Server events from other components, or it can be eliminated to record these
- events as part of the application root log. -->
- <!-- <appender name="EELFServer" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${serverLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip </fileNamePattern>
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>
- </appender> <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize> <appender-ref ref="EELFServer" /> </appender> -->
-
- <!-- EELF Policy Appender. This appender is used to record Policy engine
- related logging events. The Policy logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <!-- <appender name="EELFPolicy" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${policyLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip </fileNamePattern>
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>
- </appender> <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize> <appender-ref ref="EELFPolicy" /> </appender> -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine related
- logging events. The audit logger and appender are specializations of the
- EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
-
- <appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily roll over -->
- <fileNamePattern>${logDirectory}/${auditLogName}.log.%d{yyyy-MM-dd}.zip
- </fileNamePattern>
- <maxHistory>30</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${auditLoggerPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
-
- <appender name="EELFMetrics"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily roll over -->
- <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d{yyyy-MM-dd}.zip
- </fileNamePattern>
- <maxHistory>30</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${metricsLoggerPattern}</pattern>
- </encoder>
- </appender>
-
-
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
-
- <appender name="EELFError"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily roll over -->
- <fileNamePattern>${logDirectory}/${errorLogName}.log.%d{yyyy-MM-dd}.zip
- </fileNamePattern>
- <maxHistory>30</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${errorLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
-
- <appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${debugLogDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily roll over -->
- <fileNamePattern>${logDirectory}/${debugLogName}.log.%d{yyyy-MM-dd}.zip
- </fileNamePattern>
- <maxHistory>30</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${defaultLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
-
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf" level="info" additivity="false">
- <appender-ref ref="asyncEELF" />
- </logger>
-
- <!-- <logger name="com.att.eelf.security" level="info" additivity="false">
- <appender-ref ref="asyncEELFSecurity" /> </logger> <logger name="com.att.eelf.perf"
- level="info" additivity="false"> <appender-ref ref="asyncEELFPerformance"
- /> </logger> <logger name="com.att.eelf.server" level="info" additivity="false">
- <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"
- level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->
-
- <logger name="EELFAudit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
-
- <logger name="EELFMetrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
- <logger name="EELFError" level="info" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
-
- <logger name="com.att.eelf.debug" level="debug" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="asyncEELF" />
- <appender-ref ref="STDOUT" />
- </root>
+ <!-- specify the base path of the log directory -->
+ <property name="logDirPrefix" value="/var/log/onap"></property>
+
+ <!-- The directories where logs are written -->
+ <property name="logDirectory" value="${logDirPrefix}/${componentName}" />
+ <!-- Can easily relocate debug logs by modifying this path. -->
+ <property name="debugLogDirectory" value="${logDirPrefix}/${componentName}" />
+
+ <!-- log file names -->
+ <property name="generalLogName" value="application" />
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <!-- These loggers are not used in code (yet). <property name="securityLogName"
+ value="security" /> <property name="policyLogName" value="policy" /> <property
+ name="performanceLogName" value="performance" /> <property name="serverLogName"
+ value="server" /> -->
+
+ <!-- ServerFQDN=Server, -->
+ <property name="auditLoggerPattern"
+ value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+
+ <property name="metricsLoggerPattern"
+ value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+
+ <property name="errorLoggerPattern"
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+
+ <property name="defaultLoggerPattern"
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
+
+ <!-- use %class so library logging calls yield their class name -->
+ <property name="applicationLoggerPattern"
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />
+
+ <!--
+ <property name="defaultPattern"
+ value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
+ <property name="debugLoggerPattern"
+ value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
+ -->
+ <!-- <property name="debugLoggerPattern" value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}|[%caller{3}]|%msg%n"
+ /> -->
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+
+ <appender name="EELF"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily rollover -->
+ <fileNamePattern>${logDirectory}/${generalLogName}.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ <filter class="org.openecomp.portalapp.portal.utils.CustomLoggingFilter" />
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <!-- Class name is part of caller data -->
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- EELF Security Appender. This appender is used to record security events
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
+ events. -->
+ <!-- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${securityLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip </fileNamePattern>
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>
+ </appender> <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize> <discardingThreshold>0</discardingThreshold> <appender-ref
+ ref="EELFSecurity" /> </appender> -->
+
+ <!-- EELF Performance Appender. This appender is used to record performance
+ records. -->
+ <!-- <appender name="EELFPerformance" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${performanceLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip </fileNamePattern>
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy> <encoder> <outputPatternAsHeader>true</outputPatternAsHeader>
+ <pattern>${defaultPattern}</pattern> </encoder> </appender> <appender name="asyncEELFPerformance"
+ class="ch.qos.logback.classic.AsyncAppender"> <queueSize>256</queueSize>
+ <appender-ref ref="EELFPerformance" /> </appender> -->
+
+ <!-- EELF Server Appender. This appender is used to record Server related
+ logging events. The Server logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate
+ Server events from other components, or it can be eliminated to record these
+ events as part of the application root log. -->
+ <!-- <appender name="EELFServer" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${serverLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip </fileNamePattern>
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>
+ </appender> <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize> <appender-ref ref="EELFServer" /> </appender> -->
+
+ <!-- EELF Policy Appender. This appender is used to record Policy engine
+ related logging events. The Policy logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <!-- <appender name="EELFPolicy" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${policyLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip </fileNamePattern>
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>
+ </appender> <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize> <appender-ref ref="EELFPolicy" /> </appender> -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine related
+ logging events. The audit logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily roll over -->
+ <fileNamePattern>${logDirectory}/${auditLogName}.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily roll over -->
+ <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricsLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily roll over -->
+ <fileNamePattern>${logDirectory}/${errorLogName}.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError" />
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily roll over -->
+ <fileNamePattern>${logDirectory}/${debugLogName}.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${defaultLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ </logger>
+
+ <!-- <logger name="com.att.eelf.security" level="info" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" /> </logger> <logger name="com.att.eelf.perf"
+ level="info" additivity="false"> <appender-ref ref="asyncEELFPerformance"
+ /> </logger> <logger name="com.att.eelf.server" level="info" additivity="false">
+ <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"
+ level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->
+
+ <logger name="EELFAudit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="EELFMetrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <logger name="EELFError" level="info" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
+ </root>
</configuration>
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index d246a6b0b1..34c7f1dee0 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -45,20 +45,20 @@ application_user_id = 30000
post_default_role_id = 1
#Enable Fusion Mobile capabilities for the application
-mobile_enable = false
+mobile_enable = false
cache_config_file_path = /WEB-INF/conf/cache.ccf
cache_switch = 1
cache_load_on_startup = false
-user_name = fullName
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+user_name = fullName
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
#Cron Schedules
cron_site_name = one
log_cron = 0 * * * * ? *
-sessiontimeout_feed_cron = 0 0/5 * * * ? *
+sessiontimeout_feed_cron = 0 0/5 * * * ? *
#Front end URL
frontend_url = https://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/applicationsHome
@@ -69,22 +69,22 @@ frontend_url = https://{{.Values.global.portalHostName}}:{{.Val
# This value must be generated and updated at the time of
# the deployment.
# Online Unique UUID generator - https://www.uuidgenerator.net/
-instance_uuid = 90bc9497-10e6-49fe-916b-dcdfaa972383
+instance_uuid = 90bc9497-10e6-49fe-916b-dcdfaa972383
-elastic_search_url = http://
-contact_us_link = http://
-user_guide_link = http://
+elastic_search_url = http://
+contact_us_link = http://
+user_guide_link = http://
# Contact Us page properties
-ush_ticket_url = http://
-feedback_email_address = portal@lists.onap.org
-portal_info_url = https://
+ush_ticket_url = http://
+feedback_email_address = portal@lists.onap.org
+portal_info_url = https://
#Online user bar refresh interval, in seconds
-online_user_update_rate = 30
+online_user_update_rate = 30
#Online user bar refresh total duration, in seconds
-online_user_update_duration = 300
+online_user_update_duration = 300
#authenticate user server
authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/allUsers
diff --git a/kubernetes/portal/components/portal-app/resources/server/web.xml b/kubernetes/portal/components/portal-app/resources/server/web.xml
index 8f88e12666..7c4f2a7275 100644
--- a/kubernetes/portal/components/portal-app/resources/server/web.xml
+++ b/kubernetes/portal/components/portal-app/resources/server/web.xml
@@ -5,151 +5,151 @@
===================================================================
Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
===================================================================
-
+
Unless otherwise specified, all software contained herein is licensed
under the Apache License, Version 2.0 (the "License");
you may not use this software except in compliance with the License.
You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
+
Unless otherwise specified, all documentation contained herein is licensed
under the Creative Commons License, Attribution 4.0 Intl. (the "License");
you may not use this documentation except in compliance with the License.
You may obtain a copy of the License at
-
+
https://creativecommons.org/licenses/by/4.0/
-
+
Unless required by applicable law or agreed to in writing, documentation
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
+
============LICENSE_END============================================
-
-
+
+
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
- <display-name>fusion</display-name>
-
- <!--
- <context-param>
- <param-name>log4jConfigLocation</param-name>
- <param-value>/WEB-INF/conf/log4j.properties</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
- -->
-
- <!-- The Portal app can function on a HA cluster -->
- <distributable/>
-
- <!-- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/oid-context.xml</param-value>
- </context-param>
-
- <listener>
- <listener-class>
- org.springframework.web.context.ContextLoaderListener
- </listener-class>
- </listener> -->
-
-
- <listener>
- <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class>
- </listener>
- <!--
- <filter>
- <filter-name>springSessionRepositoryFilter</filter-name>
- <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSessionRepositoryFilter</filter-name>
- <url-pattern>/*</url-pattern>
- <dispatcher>REQUEST</dispatcher>
- <dispatcher>ERROR</dispatcher>
- </filter-mapping>
- -->
- <filter>
- <filter-name>CorsFilter</filter-name>
- <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
- <init-param>
- <param-name>cors.allowed.origins</param-name>
- <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value>
- </init-param>
- <init-param>
- <param-name>cors.allowed.methods</param-name>
- <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
- </init-param>
- <init-param>
- <param-name>cors.allowed.headers</param-name>
- <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
- </init-param>
- <init-param>
- <param-name>cors.exposed.headers</param-name>
- <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
- </init-param>
- <init-param>
- <param-name>cors.support.credentials</param-name>
- <param-value>true</param-value>
- </init-param>
- <init-param>
- <param-name>cors.preflight.maxage</param-name>
- <param-value>10</param-value>
- </init-param>
- </filter>
-
+ <display-name>fusion</display-name>
+
+ <!--
+ <context-param>
+ <param-name>log4jConfigLocation</param-name>
+ <param-value>/WEB-INF/conf/log4j.properties</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+ </listener>
+ -->
+
+ <!-- The Portal app can function on a HA cluster -->
+ <distributable/>
+
+ <!-- <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/oid-context.xml</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>
+ org.springframework.web.context.ContextLoaderListener
+ </listener-class>
+ </listener> -->
+
+
+ <listener>
+ <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class>
+ </listener>
+ <!--
+ <filter>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>ERROR</dispatcher>
+ </filter-mapping>
+ -->
+ <filter>
+ <filter-name>CorsFilter</filter-name>
+ <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+ <init-param>
+ <param-name>cors.allowed.origins</param-name>
+ <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.methods</param-name>
+ <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.headers</param-name>
+ <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.exposed.headers</param-name>
+ <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.support.credentials</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.preflight.maxage</param-name>
+ <param-value>10</param-value>
+ </init-param>
+ </filter>
+
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-
- <filter>
- <filter-name>SecurityXssFilter</filter-name>
- <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>SecurityXssFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-<!-- <filter> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> -->
-<!-- <init-param> -->
-<!-- <param-name>cadi_prop_files</param-name> -->
+
+ <filter>
+ <filter-name>SecurityXssFilter</filter-name>
+ <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>SecurityXssFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+<!-- <filter> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> -->
+<!-- <init-param> -->
+<!-- <param-name>cadi_prop_files</param-name> -->
<!-- Add Absolute path of cadi.properties -->
-<!-- <param-value>{Path}/cadi.properties -->
-<!-- </param-value> -->
-<!-- </init-param> -->
+<!-- <param-value>{Path}/cadi.properties -->
+<!-- </param-value> -->
+<!-- </init-param> -->
<!-- Add param values with comma delimited values -->
-<!-- <init-param> -->
-<!-- <param-name>include_url_endpoints</param-name> -->
-<!-- <param-value>/auxapi/*</param-value> -->
-<!-- </init-param> -->
-<!-- <init-param> -->
-<!-- <param-name>exclude_url_endpoints</param-name> -->
-<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> -->
-<!-- </init-param> -->
-<!-- </filter> -->
-<!-- <filter-mapping> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <url-pattern>/auxapi/v3/*</url-pattern> -->
-<!-- </filter-mapping> -->
-<!-- <filter-mapping> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <url-pattern>/auxapi/v4/*</url-pattern> -->
-
-<!-- </filter-mapping> -->
+<!-- <init-param> -->
+<!-- <param-name>include_url_endpoints</param-name> -->
+<!-- <param-value>/auxapi/*</param-value> -->
+<!-- </init-param> -->
+<!-- <init-param> -->
+<!-- <param-name>exclude_url_endpoints</param-name> -->
+<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> -->
+<!-- </init-param> -->
+<!-- </filter> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v3/*</url-pattern> -->
+<!-- </filter-mapping> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v4/*</url-pattern> -->
+
+<!-- </filter-mapping> -->
</web-app>
diff --git a/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal_single.cql b/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal_single.cql
index 7827727ebc..a9771bfa5d 100644
--- a/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal_single.cql
+++ b/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal_single.cql
@@ -19,7 +19,7 @@ CREATE KEYSPACE IF NOT EXISTS admin
'replication_factor': 1
}
AND DURABLE_WRITES = true;
-
+
CREATE TABLE IF NOT EXISTS admin.keyspace_master (
uuid uuid,
keyspace_name text,
@@ -86,7 +86,7 @@ CREATE TABLE portal.spring_session_attributes (
AND min_index_interval = 128
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';
-
+
CREATE KEYSPACE IF NOT EXISTS portalsdk
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index 3d5e13ff5a..a363ab3bb0 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -5,18 +5,18 @@ shopt -s nullglob
# logging functions
mysql_log() {
- local type="$1"; shift
- printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+ local type="$1"; shift
+ printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
}
mysql_note() {
- mysql_log Note "$@"
+ mysql_log Note "$@"
}
mysql_warn() {
- mysql_log Warn "$@" >&2
+ mysql_log Warn "$@" >&2
}
mysql_error() {
- mysql_log ERROR "$@" >&2
- exit 1
+ mysql_log ERROR "$@" >&2
+ exit 1
}
# usage: file_env VAR [DEFAULT]
@@ -24,170 +24,170 @@ mysql_error() {
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- mysql_error "Both $var and $fileVar are set (but are exclusive)"
- fi
- local val="$def"
- # val="${!var}"
- # val="$(< "${!fileVar}")"
- # eval replacement of the bashism equivalents above presents no security issue here
- # since var and fileVar variables contents are derived from the file_env() function arguments.
- # This method is only called inside this script with a limited number of possible values.
- if [ "${!var:-}" ]; then
- eval val=\$$var
- elif [ "${!fileVar:-}" ]; then
- val="$(< "$(eval echo "\$$fileVar")")"
- fi
- export "$var"="$val"
- unset "$fileVar"
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ mysql_error "Both $var and $fileVar are set (but are exclusive)"
+ fi
+ local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
+ if [ "${!var:-}" ]; then
+ eval val=\$$var
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "$(eval echo "\$$fileVar")")"
+ fi
+ export "$var"="$val"
+ unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
- # https://unix.stackexchange.com/a/215279
- [ "${#FUNCNAME[@]}" -ge 2 ] \
- && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
- && [ "${FUNCNAME[1]}" = 'source' ]
+ # https://unix.stackexchange.com/a/215279
+ [ "${#FUNCNAME[@]}" -ge 2 ] \
+ && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+ && [ "${FUNCNAME[1]}" = 'source' ]
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions
docker_process_init_files() {
- # mysql here for backwards compatibility "${mysql[@]}"
- mysql=( docker_process_sql )
-
- echo
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- mysql_note "$0: running $f"
- "$f"
- else
- mysql_note "$0: sourcing $f"
- . "$f"
- fi
- ;;
- *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
- *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
- *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
- *) mysql_warn "$0: ignoring $f" ;;
- esac
- echo
- done
+ # mysql here for backwards compatibility "${mysql[@]}"
+ mysql=( docker_process_sql )
+
+ echo
+ local f
+ for f; do
+ case "$f" in
+ *.sh)
+ # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+ # https://github.com/docker-library/postgres/pull/452
+ if [ -x "$f" ]; then
+ mysql_note "$0: running $f"
+ "$f"
+ else
+ mysql_note "$0: sourcing $f"
+ . "$f"
+ fi
+ ;;
+ *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+ *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+ *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+ *) mysql_warn "$0: ignoring $f" ;;
+ esac
+ echo
+ done
}
mysql_check_config() {
- local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
- fi
+ local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
+ fi
}
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
mysql_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
- # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+ | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
# Do a temporary startup of the MySQL server, for init purposes
docker_temp_server_start() {
- "$@" --skip-networking --socket="${SOCKET}" &
- mysql_note "Waiting for server startup"
- local i
- for i in {30..0}; do
- # only use the root password if the database has already been initializaed
- # so that it won't try to fill in a password file when it hasn't been set yet
- extraArgs=""
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- extraArgs=${extraArgs}" --dont-use-mysql-root-password"
- fi
- if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
- break
- fi
- sleep 1
- done
- if [ "$i" = 0 ]; then
- mysql_error "Unable to start server."
- fi
+ "$@" --skip-networking --socket="${SOCKET}" &
+ mysql_note "Waiting for server startup"
+ local i
+ for i in $(seq 30 -1 0); do
+ # only use the root password if the database has already been initializaed
+ # so that it won't try to fill in a password file when it hasn't been set yet
+ extraArgs=""
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ extraArgs=${extraArgs}" --dont-use-mysql-root-password"
+ fi
+ if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ mysql_error "Unable to start server."
+ fi
}
# Stop the server. When using a local socket file mysqladmin will block until
# the shutdown is complete.
docker_temp_server_stop() {
- if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
- mysql_error "Unable to shut down server."
- fi
+ if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
+ mysql_error "Unable to shut down server."
+ fi
}
# Verify that the minimally required password settings are set for new databases.
docker_verify_minimum_env() {
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
- fi
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
+ fi
}
# creates folders for the database
# also ensures permission for user mysql of run as root
docker_create_db_directories() {
- local user; user="$(id -u)"
+ local user; user="$(id -u)"
- # TODO other directories that are used by default? like /var/lib/mysql-files
- # see https://github.com/docker-library/mysql/issues/562
- mkdir -p "$DATADIR"
+ # TODO other directories that are used by default? like /var/lib/mysql-files
+ # see https://github.com/docker-library/mysql/issues/562
+ mkdir -p "$DATADIR"
- if [ "$user" = "0" ]; then
- # this will cause less disk access than `chown -R`
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- fi
+ if [ "$user" = "0" ]; then
+ # this will cause less disk access than `chown -R`
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ fi
}
# initializes the database directory
docker_init_database_dir() {
- mysql_note "Initializing database files"
- installArgs=" --datadir=$DATADIR --rpm "
- if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
- # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
- # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
- # (this flag doesn't exist in 10.0 and below)
- installArgs=${installArgs}" --auth-root-authentication-method=normal"
- fi
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db ${installArgs} "${@:2}"
- mysql_note "Database files initialized"
+ mysql_note "Initializing database files"
+ installArgs=" --datadir=$DATADIR --rpm "
+ if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+ # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+ # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+ # (this flag doesn't exist in 10.0 and below)
+ installArgs=${installArgs}" --auth-root-authentication-method=normal"
+ fi
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')"
+ mysql_note "Database files initialized"
}
# Loads various settings that are used elsewhere in the script
# This should be called after mysql_check_config, but before any other functions
docker_setup_env() {
- # Get config
- declare -g DATADIR SOCKET
- DATADIR="$(mysql_get_config 'datadir' "$@")"
- SOCKET="$(mysql_get_config 'socket' "$@")"
-
- # Initialize values that might be stored in a file
- file_env 'MYSQL_ROOT_HOST' '%'
- file_env 'MYSQL_DATABASE'
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- file_env 'MYSQL_ROOT_PASSWORD'
- file_env 'PORTAL_DB_TABLES'
-
- declare -g DATABASE_ALREADY_EXISTS
- if [ -d "$DATADIR/mysql" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
+ # Get config
+ declare -g DATADIR SOCKET
+ DATADIR="$(mysql_get_config 'datadir' "$@")"
+ SOCKET="$(mysql_get_config 'socket' "$@")"
+
+ # Initialize values that might be stored in a file
+ file_env 'MYSQL_ROOT_HOST' '%'
+ file_env 'MYSQL_DATABASE'
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ file_env 'MYSQL_ROOT_PASSWORD'
+ file_env 'PORTAL_DB_TABLES'
+
+ declare -g DATABASE_ALREADY_EXISTS
+ if [ -d "$DATADIR/mysql" ]; then
+ DATABASE_ALREADY_EXISTS='true'
+ fi
}
# Execute sql script, passed via stdin
@@ -195,178 +195,178 @@ docker_setup_env() {
# ie: docker_process_sql --database=mydb <<<'INSERT ...'
# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
docker_process_sql() {
- passfileArgs=""
- if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs=${passfileArgs}" $1"
- shift
- fi
- # args sent in can override this db, since they will be later in the command
- if [ -n "$MYSQL_DATABASE" ]; then
- set -- --database="$MYSQL_DATABASE" "$@"
- fi
-
- mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+ passfileArgs=""
+ if [ '--dont-use-mysql-root-password' = "$1" ]; then
+ passfileArgs=${passfileArgs}" $1"
+ shift
+ fi
+ # args sent in can override this db, since they will be later in the command
+ if [ -n "$MYSQL_DATABASE" ]; then
+ set -- --database="$MYSQL_DATABASE" "$@"
+ fi
+
+ mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
- # Load timezone info into database
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- {
- # Aria in 10.4+ is slow due to "transactional" (crash safety)
- # https://jira.mariadb.org/browse/MDEV-23326
- # https://github.com/docker-library/mariadb/issues/262
- local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
- done
-
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo \
- | sed 's/Local time zone must be set--see zic manual page/FCTY/'
-
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
- done
- } | docker_process_sql --dont-use-mysql-root-password --database=mysql
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
- fi
- # Generate random root password
- if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
- # Sets root password and creates root users for non-localhost hosts
- local rootCreate=
- # default root to listen for connections from anywhere
- if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
- docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
- -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
- DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
-
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- FLUSH PRIVILEGES ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- EOSQL
-
- # Creates a custom database and user if specified
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Creating database ${MYSQL_DATABASE}"
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql
- fi
-
- if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
- mysql_note "Creating user ${MYSQL_USER}"
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql
-
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
- echo "GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;" |docker_process_sql --database=mysql
- fi
-
- echo "FLUSH PRIVILEGES ;" |docker_process_sql --database=mysql
- fi
+ # Load timezone info into database
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ {
+ # Aria in 10.4+ is slow due to "transactional" (crash safety)
+ # https://jira.mariadb.org/browse/MDEV-23326
+ # https://github.com/docker-library/mariadb/issues/262
+ local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
+ done
+
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo \
+ | sed 's/Local time zone must be set--see zic manual page/FCTY/'
+
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
+ done
+ } | docker_process_sql --dont-use-mysql-root-password --database=mysql
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+ fi
+ # Generate random root password
+ if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+ # Sets root password and creates root users for non-localhost hosts
+ local rootCreate=
+ # default root to listen for connections from anywhere
+ if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+EOSQL
+ fi
+
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
+ docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+ -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+ DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
+
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ FLUSH PRIVILEGES ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+EOSQL
+
+ # Creates a custom database and user if specified
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Creating database ${MYSQL_DATABASE}"
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql
+ fi
+
+ if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
+ mysql_note "Creating user ${MYSQL_USER}"
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql
+
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
+ echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql
+ fi
+
+ echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql
+ fi
}
_mysql_passfile() {
- # echo the password to the "file" the client uses
- # the client command will use process substitution to create a file on the fly
- # ie: --defaults-extra-file=<( _mysql_passfile )
- if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
- cat <<-EOF
- [client]
- password="${MYSQL_ROOT_PASSWORD}"
- EOF
- fi
+ # echo the password to the "file" the client uses
+ # the client command will use process substitution to create a file on the fly
+ # ie: --defaults-extra-file=<( _mysql_passfile )
+ if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+ cat <<-EOF
+ [client]
+ password="${MYSQL_ROOT_PASSWORD}"
+EOF
+ fi
}
# check arguments for an option that would cause mysqld to stop
# return true if there is one
_mysql_want_help() {
- local arg
- for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
+ local arg
+ for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ return 0
+ ;;
+ esac
+ done
+ return 1
}
_main() {
- # if command starts with an option, prepend mysqld
- if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
- fi
-
- # skip setup if they aren't running mysqld or want an option that stops mysqld
- if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
- mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
-
- mysql_check_config "$@"
- # Load various environment variables
- docker_setup_env "$@"
- docker_create_db_directories
-
- # If container is started as root user, restart as dedicated mysql user
- if [ "$(id -u)" = "0" ]; then
- mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$0" "$@"
- fi
-
- # there's no database, so it needs to be initialized
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir "$@"
-
- mysql_note "Starting temporary server"
- docker_temp_server_start "$@"
- mysql_note "Temporary server started."
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
- do
- echo "Granting portal user ALL PRIVILEGES for table $i"
- echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- done
-
- mysql_note "Stopping temporary server"
- docker_temp_server_stop
- mysql_note "Temporary server stopped"
-
- echo
- mysql_note "MySQL init process done. Ready for start up."
- echo
- fi
- fi
- exec "$@"
+ # if command starts with an option, prepend mysqld
+ if echo "$1" | grep '^-' >/dev/null; then
+ set -- mysqld "$@"
+ fi
+
+ # skip setup if they aren't running mysqld or want an option that stops mysqld
+ if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+ mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
+
+ mysql_check_config "$@"
+ # Load various environment variables
+ docker_setup_env "$@"
+ docker_create_db_directories
+
+ # If container is started as root user, restart as dedicated mysql user
+ if [ "$(id -u)" = "0" ]; then
+ mysql_note "Switching to dedicated user 'mysql'"
+ exec gosu mysql "$0" "$@"
+ fi
+
+ # there's no database, so it needs to be initialized
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ docker_verify_minimum_env
+
+ # check dir permissions to reduce likelihood of half-initialized database
+ ls /docker-entrypoint-initdb.d/ > /dev/null
+
+ docker_init_database_dir "$@"
+
+ mysql_note "Starting temporary server"
+ docker_temp_server_start "$@"
+ mysql_note "Temporary server started."
+
+ docker_setup_db
+ docker_process_init_files /docker-entrypoint-initdb.d/*
+
+ for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+ do
+ echo "Granting portal user ALL PRIVILEGES for table $i"
+ echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ done
+
+ mysql_note "Stopping temporary server"
+ docker_temp_server_stop
+ mysql_note "Temporary server stopped"
+
+ echo
+ mysql_note "MySQL init process done. Ready for start up."
+ echo
+ fi
+ fi
+ exec "$@"
}
# If we are sourced from elsewhere, don't perform any further actions
if ! _is_sourced; then
- _main "$@"
+ _main "$@"
fi
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
index 4bb51c1a8a..4d26240be4 100755
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
@@ -59,4 +59,4 @@ ueb_app_mailbox_name = ECOMP-PORTAL-OUTBOX-APP1
# Use the special tag '{UUID}' to generate a unique one for each sdk-app server.
ueb_app_consumer_group_name = {UUID}
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index aad5044fbf..3873da13a9 100755
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -26,15 +26,15 @@ post_default_role_id = 16
clustered = true
#Enable Fusion Mobile capabilities for the application
-mobile_enable = false
+mobile_enable = false
# Cache config file is needed on the classpath
cache_config_file_path = /WEB-INF/classes/cache.ccf
cache_switch = 199
cache_load_on_startup = false
-user_name = fullName
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+user_name = fullName
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
##########################################################################
# The following properties MAY require changes by partner applications.
@@ -61,7 +61,7 @@ element_map_icon_path = app/fusionapp/icons/
#Cron Schedules
log_cron = 0 0/1 * * * ?;
mylogins_feed_cron = 0 0/60 * * * ?;
-#sessiontimeout_feed_cron = 0 * * * * ? *
+#sessiontimeout_feed_cron = 0 * * * * ? *
my_login_feed_output_dir = /tmp/MyLogins
# Link shown in Help menu
diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh
index 0d30557220..439390525f 100755
--- a/kubernetes/robot/demo-k8s.sh
+++ b/kubernetes/robot/demo-k8s.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
# Copyright (C) 2018 Amdocs, Bell Canada
# Modifications Copyright (C) 2019 Samsung
# Modifications Copyright (C) 2020 Nokia
@@ -19,46 +20,46 @@
#
usage ()
{
- echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
- echo " "
- echo " demo-k8s.sh <namespace> init"
- echo " - Execute both init_customer + distribute"
- echo " "
- echo " demo-k8s.sh <namespace> init_customer"
- echo " - Create demo customer (Demonstration) and services, etc."
- echo " "
- echo " demo-k8s.sh <namespace> distribute [<prefix>]"
- echo " - Distribute demo models (demoVFW and demoVLB)"
- echo " "
- echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
- echo " - Preload data for VNF for the <module_name>"
- echo " "
- echo " demo-k8s.sh <namespace> appc <module_name>"
- echo " - provide APPC with vFW module mount point for closed loop"
- echo " "
- echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]"
- echo " - Initialize robot after all ONAP VMs have started"
- echo " "
- echo " demo-k8s.sh <namespace> instantiateVFW"
- echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)"
- echo " "
- echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename"
- echo " - Instantiate vFW module using direct SO interface using previously distributed model "
+ echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
+ echo " "
+ echo " demo-k8s.sh <namespace> init"
+ echo " - Execute both init_customer + distribute"
+ echo " "
+ echo " demo-k8s.sh <namespace> init_customer"
+ echo " - Create demo customer (Demonstration) and services, etc."
+ echo " "
+ echo " demo-k8s.sh <namespace> distribute [<prefix>]"
+ echo " - Distribute demo models (demoVFW and demoVLB)"
+ echo " "
+ echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
+ echo " - Preload data for VNF for the <module_name>"
+ echo " "
+ echo " demo-k8s.sh <namespace> appc <module_name>"
+ echo " - provide APPC with vFW module mount point for closed loop"
+ echo " "
+ echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]"
+ echo " - Initialize robot after all ONAP VMs have started"
+ echo " "
+ echo " demo-k8s.sh <namespace> instantiateVFW"
+ echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)"
+ echo " "
+ echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename"
+ echo " - Instantiate vFW module using direct SO interface using previously distributed model "
echo " that is in /tmp/csar in robot container"
- echo " "
+ echo " "
echo " demo-k8s.sh <namespace> instantiateVLB_CDS"
echo " - Instantiate vLB module using CDS with a preloaded CBA "
echo " "
- echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
- echo " - Delete the module created by instantiateVFW"
- echo " "
- echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>"
+ echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
+ echo " - Delete the module created by instantiateVFW"
+ echo " "
+ echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>"
echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy "
echo " kicks in to modulate the rates back to medium"
- echo " "
- echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript"
- echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory"
- echo " "
+ echo " "
+ echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript"
+ echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory"
+ echo " "
}
# Check if execscript flag is used and drop it from input arguments
@@ -74,8 +75,8 @@ echo "Number of parameters:"
echo $#
if [ $# -lt 2 ];then
- usage
- exit
+ usage
+ exit
fi
NAMESPACE=$1
@@ -86,80 +87,80 @@ shift
##
while [ $# -gt 0 ]
do
- key="$1"
+ key="$1"
echo "KEY:"
echo $key
- case $key in
- init_robot)
- TAG="UpdateWebPage"
- echo "WEB Site Password for user 'test': "
- stty -echo
- read WEB_PASSWORD
- stty echo
- if [ "$WEB_PASSWORD" = "" ]; then
- echo ""
- echo "WEB Password is required for user 'test'"
- exit
- fi
- VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD"
- shift
- if [ $# -eq 2 ];then
- VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1"
- fi
- shift
- ;;
- init)
- TAG="InitDemo"
- shift
- ;;
- vescollector)
- TAG="vescollector"
- shift
- ;;
+ case $key in
+ init_robot)
+ TAG="UpdateWebPage"
+ echo "WEB Site Password for user 'test': "
+ stty -echo
+ read WEB_PASSWORD
+ stty echo
+ if [ "$WEB_PASSWORD" = "" ]; then
+ echo ""
+ echo "WEB Password is required for user 'test'"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD"
+ shift
+ if [ $# -eq 2 ];then
+ VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1"
+ fi
+ shift
+ ;;
+ init)
+ TAG="InitDemo"
+ shift
+ ;;
+ vescollector)
+ TAG="vescollector"
+ shift
+ ;;
distribute_vcpe)
- TAG="distributeVCPE"
- shift
- ;;
- init_customer)
- TAG="InitCustomer"
- shift
- ;;
- distribute)
- TAG="InitDistribution"
- shift
- if [ $# -eq 1 ];then
- VARIABLES="$VARIABLES -v DEMO_PREFIX:$1"
- fi
- shift
- ;;
- preload)
- TAG="PreloadDemo"
- shift
- if [ $# -ne 2 ];then
- echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
- exit
- fi
- VARIABLES="$VARIABLES -v VNF_NAME:$1"
- shift
- VARIABLES="$VARIABLES -v MODULE_NAME:$1"
- shift
- ;;
- appc)
- TAG="APPCMountPointDemo"
- shift
- if [ $# -ne 1 ];then
- echo "Usage: demo-k8s.sh <namespace> appc <module_name>"
- exit
- fi
- VARIABLES="$VARIABLES -v MODULE_NAME:$1"
- shift
- ;;
- instantiateVFW)
- TAG="instantiateVFW"
- VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
- shift
- ;;
+ TAG="distributeVCPE"
+ shift
+ ;;
+ init_customer)
+ TAG="InitCustomer"
+ shift
+ ;;
+ distribute)
+ TAG="InitDistribution"
+ shift
+ if [ $# -eq 1 ];then
+ VARIABLES="$VARIABLES -v DEMO_PREFIX:$1"
+ fi
+ shift
+ ;;
+ preload)
+ TAG="PreloadDemo"
+ shift
+ if [ $# -ne 2 ];then
+ echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v VNF_NAME:$1"
+ shift
+ VARIABLES="$VARIABLES -v MODULE_NAME:$1"
+ shift
+ ;;
+ appc)
+ TAG="APPCMountPointDemo"
+ shift
+ if [ $# -ne 1 ];then
+ echo "Usage: demo-k8s.sh <namespace> appc <module_name>"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v MODULE_NAME:$1"
+ shift
+ ;;
+ instantiateVFW)
+ TAG="instantiateVFW"
+ VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
+ shift
+ ;;
instantiateVFWdirectso)
TAG="instantiateVFWdirectso"
shift
@@ -175,21 +176,21 @@ do
VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
shift
;;
- deleteVNF)
- TAG="deleteVNF"
- shift
- if [ $# -ne 1 ];then
- echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
- exit
- fi
- VARFILE=$1.py
- VARIABLES="$VARIABLES -V /share/${VARFILE}"
- shift
- ;;
- cds)
- TAG="cds"
- shift
- ;;
+ deleteVNF)
+ TAG="deleteVNF"
+ shift
+ if [ $# -ne 1 ];then
+ echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
+ exit
+ fi
+ VARFILE=$1.py
+ VARIABLES="$VARIABLES -V /share/${VARFILE}"
+ shift
+ ;;
+ cds)
+ TAG="cds"
+ shift
+ ;;
distributeVFWNG)
TAG="distributeVFWNG"
shift
@@ -208,10 +209,10 @@ do
VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1"
shift
;;
- *)
- usage
- exit
- esac
+ *)
+ usage
+ exit
+ esac
done
set -x
diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh
index 01cf0922fa..4ef8f462f0 100755
--- a/kubernetes/robot/ete-k8s.sh
+++ b/kubernetes/robot/ete-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2018 Amdocs, Bell Canada
#
diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh
index 8b74da77f8..1b31c16e81 100755
--- a/kubernetes/robot/eteHelm-k8s.sh
+++ b/kubernetes/robot/eteHelm-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/robot/instantiate-k8s.sh b/kubernetes/robot/instantiate-k8s.sh
index 623870b9f3..aef812b143 100755
--- a/kubernetes/robot/instantiate-k8s.sh
+++ b/kubernetes/robot/instantiate-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright 2019 AT&T Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index 39448a72c5..ac663da769 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -128,8 +128,8 @@ GLOBAL_AAF_USERNAME = '{{ .Values.aafUsername }}'
GLOBAL_AAF_PASSWORD = '{{ .Values.aafPassword }}'
GLOBAL_AAF_AUTHENTICATION = [GLOBAL_AAF_USERNAME, GLOBAL_AAF_PASSWORD]
# aai info - everything is from the private oam network (also called onap private network)
-GLOBAL_AAI_SERVER_PROTOCOL = "https"
-GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" 8443) }}'
+GLOBAL_AAI_SERVER_PROTOCOL = '{{ include "common.scheme" . }}'
+GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" ( ternary 8443 80 (eq "true" (include "common.needTLS" . )))) }}'
GLOBAL_AAI_USERNAME = '{{ .Values.aaiUsername }}'
GLOBAL_AAI_PASSWORD = '{{ .Values.aaiPassword}}'
GLOBAL_AAI_AUTHENTICATION = [GLOBAL_AAI_USERNAME, GLOBAL_AAI_PASSWORD]
diff --git a/kubernetes/robot/resources/config/lighttpd/ssl/README.TXT b/kubernetes/robot/resources/config/lighttpd/ssl/README.TXT
index 4a56cb5dfa..fe43e0cc6f 100644
--- a/kubernetes/robot/resources/config/lighttpd/ssl/README.TXT
+++ b/kubernetes/robot/resources/config/lighttpd/ssl/README.TXT
@@ -5,7 +5,7 @@ You can replace them with your own if appropriate using this process or official
# create key and csr
openssl req -new -newkey rsa:2048 -nodes -keyout onap-robot.onap.key -out onap-robot.onap.csr
-# sign csr
+# sign csr
# 10 year self signed certificate
openssl x509 -req -days 3650 -in onap-robot.onap.csr -signkey onap-robot.onap.key -out onap-robot.onap.crt
diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
index b47051f7e2..16fec57b15 100755
--- a/kubernetes/robot/scripts/etescript/hvves-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2019 Nokia
#
@@ -24,46 +24,46 @@ HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:m
generate_ca_key_cert () {
- openssl genrsa -out $1/ca.key 2048
- openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
+ openssl genrsa -out $1/ca.key 2048
+ openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
}
generate_server_key_csr () {
- openssl genrsa -out $1/server.key 2048
- openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
+ openssl genrsa -out $1/server.key 2048
+ openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
}
generate_client_key_csr () {
- openssl genrsa -out $1/client.key 2048
- openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
+ openssl genrsa -out $1/client.key 2048
+ openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
}
sign_server_and_client_cert () {
- openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
- openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
+ openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
+ openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
}
create_pkcs12_ca_and_server () {
- openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
- openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
+ openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
+ openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
}
copy_server_certs_to_hvves () {
- for f in {ca.p12,server.p12}
- do
- kubectl cp $1/$f $2/$3:$4
- done
+ for f in ca.p12 server.p12
+ do
+ kubectl cp $1/$f $2/$3:$4
+ done
}
copy_client_certs_to_robot () {
- for f in {ca.pem,client.key,client.pem}
- do
+ for f in ca.pem client.key client.pem
+ do
kubectl cp $1/$f $2/$3:$4
done
}
cleanup () {
- rm -f $1/{ca,server,client}.???
+ rm -f $1/ca.??? $1/server.??? s$1/client.???
}
diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh
index 1cd911ca60..a114cf59ea 100755
--- a/kubernetes/robot/scripts/etescript/security-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/security-etescript.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/sh
# Copyright 2019 Samsung Electronics Co., Ltd.
#
@@ -25,29 +25,29 @@ TMPTPL='onap_security'
CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))'
FILTER="$(tr -d [:space:] <<TEMPLATE
{{range .items}}
- {{range.spec.ports}}
- {{if .nodePort}}
- {{.nodePort}}{{','}}{{.name}}{{'\n'}}
- {{end}}
- {{end}}
+ {{range.spec.ports}}
+ {{if .nodePort}}
+ {{.nodePort}}{{','}}{{.name}}{{'\n'}}
+ {{end}}
+ {{end}}
{{end}}
TEMPLATE)"
setup () {
- export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
+ export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
}
create_actual_nodeport_json () {
- kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
+ kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
}
copy_actual_nodeport_json_to_robot () {
- kubectl cp "$1" "$2/$3:$4"
+ kubectl cp "$1" "$2/$3:$4"
}
cleanup () {
- rm "$NODEPORTS_FILE"
+ rm "$NODEPORTS_FILE"
}
diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
index a93f109085..e23e5ed83b 100755
--- a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# SPDX-License-Identifier: Apache-2.0
diff --git a/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml
index 0f044d7646..28fd910d76 100644
--- a/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml
+++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml
@@ -92,10 +92,8 @@
<!-- Debug log -->
<appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
<file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
+ <!-- No need to deny audit messages - they are INFO only, will be denied anyway -->
+ <!-- Transaction messages filter - deny Transaction messages, there are some DEBUG level messages among them -->
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
<evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
<marker>TRANSACTION_MARKER</marker>
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index 070583bfc2..d769f628eb 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -35,8 +35,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.9.0
-backendInitImage: onap/sdc-backend-init:1.9.0
+image: onap/sdc-backend-all-plugins:1.9.3
+backendInitImage: onap/sdc-backend-init:1.9.3
pullPolicy: Always
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index fed4769202..223e023b28 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -38,8 +38,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.9.0
-cassandraInitImage: onap/sdc-cassandra-init:1.9.0
+image: onap/sdc-cassandra:1.9.3
+cassandraInitImage: onap/sdc-cassandra-init:1.9.3
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index e9b2eee8db..d563e80f42 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -47,7 +47,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.9.0
+image: onap/sdc-frontend:1.9.3
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml
index 5c5c5995b0..4cd4a76506 100644
--- a/kubernetes/sdc/components/sdc-helm-validator/values.yaml
+++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml
@@ -18,7 +18,7 @@
global:
pullPolicy: Always
-image: onap/org.onap.sdc.sdc-helm-validator:1.2.1
+image: onap/org.onap.sdc.sdc-helm-validator:1.2.2
containerPort: &svc_port 8080
config:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml
index 515076fe30..b537709925 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml
@@ -93,10 +93,8 @@
<!-- Debug log -->
<appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
<file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
+ <!-- No need to deny audit messages - they are INFO only, will be denied anyway -->
+ <!-- Transaction messages filter - deny Transaction messages, there are some DEBUG level messages among them -->
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
<evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
<marker>TRANSACTION_MARKER</marker>
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index aa7d535db3..1bce6b17af 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -59,8 +59,8 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.9.0
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0
+image: onap/sdc-onboard-backend:1.9.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
index bdf33d53ea..2c0b1081dd 100644
--- a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index ddc115dbbe..69b0fd3bb8 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -114,6 +114,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index c32a6a6230..95aba913a3 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.1.6
+image: onap/sdnc-dmaap-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -127,3 +127,9 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-dmaap-listener
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
index bdf33d53ea..2c0b1081dd 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
index 3cfb5257ca..51263cf410 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
@@ -67,7 +67,7 @@ spec:
containers:
- name: {{ include "common.name" . }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
+ args: ["-c", "cd /opt/ansible-server && ./startAnsibleServer.sh"]
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -101,6 +101,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index b8d59f96c9..7294dbccc7 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.1.6
+image: onap/sdnc-ansible-server-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -129,3 +129,9 @@ resources:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-ansible-server
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
index 3f33591953..1cc295e2c3 100644
--- a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
index fa76a9ee40..6d7ada618d 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
index 4cf61f518e..803434cf09 100644
--- a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
@@ -69,6 +69,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml
index d9afd1aab0..eb11d646b3 100644
--- a/kubernetes/sdnc/components/sdnc-prom/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml
@@ -94,3 +94,9 @@ ingress:
enabled: false
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-prom
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/sdnc-web/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/requirements.yaml
index 7e75730415..3d7968123b 100644
--- a/kubernetes/sdnc/components/sdnc-web/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
index f168997d3f..21416c9b5f 100644
--- a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
@@ -101,6 +101,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
index 8514641a1c..803488b054 100644
--- a/kubernetes/sdnc/components/sdnc-web/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -23,7 +23,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.1.6"
+image: "onap/sdnc-web-image:2.2.0"
pullPolicy: Always
config:
@@ -127,3 +127,9 @@ resources:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-web
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/ueb-listener/requirements.yaml b/kubernetes/sdnc/components/ueb-listener/requirements.yaml
index bdf33d53ea..2c0b1081dd 100644
--- a/kubernetes/sdnc/components/ueb-listener/requirements.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
index 911985fe2b..603f3a3f99 100644
--- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
@@ -101,6 +101,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index 5838809efe..b58154fd1a 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -55,7 +55,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.1.6
+image: onap/sdnc-ueb-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -137,3 +137,9 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-ueb-listener
+ roles:
+ - read
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index ac0e6ed868..f5f6226b06 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -1,3 +1,4 @@
+
# Copyright © 2017 Amdocs, Bell Canada,
# Copyright © 2020 highstreet technologies GmbH
# Copyright © 2021 Nokia
@@ -13,7 +14,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
dependencies:
- name: common
version: ~8.x-0
@@ -67,3 +67,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/resources/config/bin/createLinks.sh b/kubernetes/sdnc/resources/config/bin/createLinks.sh
index 52c40723f9..d8a2025bea 100755
--- a/kubernetes/sdnc/resources/config/bin/createLinks.sh
+++ b/kubernetes/sdnc/resources/config/bin/createLinks.sh
@@ -4,8 +4,7 @@
# ============LICENSE_START=======================================================
# ONAP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,7 +41,7 @@ then
if [ -d $JOURNAL_PATH ]
then
mv $JOURNAL_PATH/* $MDSAL_PATH/journal
- rm -f $JOURNAL_PATH
+ rm -f $JOURNAL_PATH
fi
ln -s $MDSAL_PATH/journal $JOURNAL_PATH
fi
@@ -52,7 +51,7 @@ then
if [ -d $SNAPSHOTS_PATH ]
then
mv $SNAPSHOTS_PATH/* $MDSAL_PATH/snapshots
- rm -f $SNAPSHOTS_PATH
+ rm -f $SNAPSHOTS_PATH
fi
ln -s $MDSAL_PATH/snapshots $SNAPSHOTS_PATH
fi
diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
index 42abf54444..2406a48c37 100755
--- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
+++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
@@ -1,12 +1,11 @@
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
###
# ============LICENSE_START=======================================================
# ONAP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg b/kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg
index 29dd0e54dd..95df4b84ad 100644
--- a/kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg
+++ b/kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg
@@ -96,7 +96,7 @@ operational.persistent=false
#sync-index-threshold=10
# Record new transaction allocation stack trace, useful for debugging. This makes the log include
-# the stack trace of the creator of the Tx when there is an exception when the transaction is submitted
+# the stack trace of the creator of the Tx when there is an exception when the transaction is submitted
# (e.g. for a failed validation). Defaults to false due to performance impact.
#transaction-debug-context-enabled=true
persistent-actor-restart-min-backoff-in-seconds={{.Values.config.odl.datastore.persistentActorRestartMinBackoffInSeconds}}
diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv
index 85af48ac1d..303c3168d7 100644
--- a/kubernetes/sdnc/resources/config/conf/setenv
+++ b/kubernetes/sdnc/resources/config/conf/setenv
@@ -33,7 +33,7 @@
#
#
-# The following section shows the possible configuration options for the default
+# The following section shows the possible configuration options for the default
# karaf scripts
#
# export JAVA_HOME # Location of Java installation
diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster b/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster
index ffd044854f..8b489e0ee4 100755
--- a/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster
+++ b/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster
@@ -26,10 +26,10 @@ fi
case $IS_PRIMARY_CLUSTER in
true|false)
- echo $IS_PRIMARY_CLUSTER
- ;;
+ echo $IS_PRIMARY_CLUSTER
+ ;;
*)
- echo "NOT CLUSTERED"
- exit 1
- ;;
+ echo "NOT CLUSTERED"
+ exit 1
+ ;;
esac
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 39407e3f5a..01d51a21f6 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -401,6 +401,7 @@ spec:
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 6ab96adde7..785435a478 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -206,7 +206,7 @@ certificates:
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.1.6
+image: onap/sdnc-image:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
@@ -577,7 +577,7 @@ persistence:
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/mdsal
daeximPath: /opt/opendaylight/mdsal/daexim
- journalPath: /opt/opendaylight/journal
+ journalPath: /opt/opendaylight/segmented-journal
snapshotsPath: /opt/opendaylight/snapshots
certpersistence:
@@ -625,3 +625,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc
+ roles:
+ - read
diff --git a/kubernetes/sniro-emulator/templates/NOTES.txt b/kubernetes/sniro-emulator/templates/NOTES.txt
index 409d59e470..c233cade6b 100644
--- a/kubernetes/sniro-emulator/templates/NOTES.txt
+++ b/kubernetes/sniro-emulator/templates/NOTES.txt
@@ -1,6 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 09ad91191d..405017c400 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -34,7 +34,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
@@ -62,7 +63,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.8.2
+image: onap/so/bpmn-infra:1.9.0
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index f3d6bdbcb9..c3b615147c 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -33,7 +33,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
@@ -61,7 +62,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.8.2
+image: onap/so/catalog-db-adapter:1.9.0
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
index 46793e7b75..c99465b690 100755
--- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
@@ -17,6 +17,7 @@
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ enabled: {{ .Values.global.aai.enabled }}
logging:
path: logs
spring:
@@ -29,6 +30,8 @@ server:
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
+multicloud:
+ endpoint: http://multicloud-k8s.{{ include "common.namespace" . }}:9015
mso:
site-name: localSite
logPath: ./logs/cnf-adapter
diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml
index f3d53c974c..b7e8dd9098 100755
--- a/kubernetes/so/components/so-cnf-adapter/values.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/values.yaml
@@ -26,6 +26,8 @@ global:
aaf:
auth:
header: ${AAF_AUTH}
+ aai:
+ enabled: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -74,7 +76,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnf-adapter:1.8.3
+image: onap/so/so-cnf-adapter:1.9.1
pullPolicy: Always
readinessCheck:
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
index 31b925576b..f32587f9c0 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
@@ -31,7 +31,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
index 7b88055078..33c4b32146 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
@@ -27,7 +27,7 @@ echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
prepare_password()
{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
DB_PASSWORD=`prepare_password $DB_PASSWORD`
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
index 5296748c50..069556f51c 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
@@ -27,7 +27,7 @@ echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
prepare_password()
{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql
index f2e1e9fc00..be94321a6f 100644
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql
@@ -978,9 +978,9 @@ create table ACT_HI_OP_LOG (
NEW_VALUE_ varchar(4000),
TENANT_ID_ varchar(64),
REMOVAL_TIME_ datetime(3),
- CATEGORY_ varchar(64),
- EXTERNAL_TASK_ID_ varchar(64),
- ANNOTATION_ varchar(4000),
+ CATEGORY_ varchar(64),
+ EXTERNAL_TASK_ID_ varchar(64),
+ ANNOTATION_ varchar(4000),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml
index 583f9ad3e8..09f61a5320 100755
--- a/kubernetes/so/components/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml
@@ -31,7 +31,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index ff0277bf14..82b4061f4b 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -31,7 +31,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
@@ -57,7 +58,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.8.2
+image: onap/so/openstack-adapter:1.9.0
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index 61ec26d1f6..9461974a13 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -31,7 +31,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
@@ -57,7 +58,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.8.2
+image: onap/so/request-db-adapter:1.9.0
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index 4b6eceecdd..9151468502 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -31,7 +31,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
@@ -57,7 +58,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.8.2
+image: onap/so/sdc-controller:1.9.0
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index 8f3565ed3e..b5352b09f9 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -72,7 +72,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.8.2
+image: onap/so/sdnc-adapter:1.9.0
pullPolicy: Always
org:
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 938a6f9d00..2417d2553c 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -34,11 +34,11 @@ certInitializer:
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
cadi_longitude: '0.0'
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index f2fc70c1f9..af95ab85ce 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -18,6 +18,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: readinessCheck
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
index 3a9ef84834..5bbd187b05 100755
--- a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
+++ b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
@@ -22,10 +22,10 @@ fi
#Start the chef-solo if mso-docker.json contains some data.
if [ -s /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json ]
then
- echo "mso-docker.json has some configuration, replay the recipes."
- chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
+ echo "mso-docker.json has some configuration, replay the recipes."
+ chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
else
- echo "mso-docker.json is empty, do not replay the recipes."
+ echo "mso-docker.json is empty, do not replay the recipes."
fi
JBOSS_PIDFILE=/tmp/jboss-standalone.pid
diff --git a/kubernetes/so/resources/config/log/logback.apihandler-infra.xml b/kubernetes/so/resources/config/log/logback.apihandler-infra.xml
index 3e0ea61ea6..6221c11477 100755
--- a/kubernetes/so/resources/config/log/logback.apihandler-infra.xml
+++ b/kubernetes/so/resources/config/log/logback.apihandler-infra.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="ApiHandlerInfra"></property>
@@ -29,15 +29,14 @@
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -64,18 +63,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -91,12 +89,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -109,14 +107,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -124,14 +122,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.appc.xml b/kubernetes/so/resources/config/log/logback.appc.xml
index 588f6f39d2..9b67ebf8e2 100755
--- a/kubernetes/so/resources/config/log/logback.appc.xml
+++ b/kubernetes/so/resources/config/log/logback.appc.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="AppCAdapter"></property>
@@ -28,15 +28,14 @@
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -63,18 +62,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -90,12 +88,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -108,14 +106,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -123,14 +121,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.asdc.xml b/kubernetes/so/resources/config/log/logback.asdc.xml
index b4879e017f..df8433a749 100755
--- a/kubernetes/so/resources/config/log/logback.asdc.xml
+++ b/kubernetes/so/resources/config/log/logback.asdc.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="ASDCController"></property>
@@ -28,15 +28,14 @@
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -63,18 +62,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -90,12 +88,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -108,14 +106,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -123,14 +121,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.bpmn.xml b/kubernetes/so/resources/config/log/logback.bpmn.xml
index 3bc3ca157b..99ba8556d6 100755
--- a/kubernetes/so/resources/config/log/logback.bpmn.xml
+++ b/kubernetes/so/resources/config/log/logback.bpmn.xml
@@ -18,7 +18,7 @@
<property name="errorPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
<property name="debugPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%msg%n" />
-
+
<property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
diff --git a/kubernetes/so/resources/config/log/logback.msorequestsdbadapter.xml b/kubernetes/so/resources/config/log/logback.msorequestsdbadapter.xml
index 64a5022aa6..07a6bc6b76 100755
--- a/kubernetes/so/resources/config/log/logback.msorequestsdbadapter.xml
+++ b/kubernetes/so/resources/config/log/logback.msorequestsdbadapter.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="RequestDB"></property>
@@ -28,15 +28,14 @@
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -63,18 +62,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -90,12 +88,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -108,14 +106,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -123,14 +121,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.network.xml b/kubernetes/so/resources/config/log/logback.network.xml
index 542a8f6f00..ea8211a55c 100755
--- a/kubernetes/so/resources/config/log/logback.network.xml
+++ b/kubernetes/so/resources/config/log/logback.network.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="NetworkAdapter"></property>
@@ -23,21 +23,20 @@
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
-
+
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -64,18 +63,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -91,12 +89,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -109,14 +107,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -124,14 +122,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.sdnc.xml b/kubernetes/so/resources/config/log/logback.sdnc.xml
index 1323a8961d..432c7fdcac 100755
--- a/kubernetes/so/resources/config/log/logback.sdnc.xml
+++ b/kubernetes/so/resources/config/log/logback.sdnc.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="SDNCAdapter"></property>
@@ -28,15 +28,15 @@
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
+ <!-- The EELFAppender is used to record events to the general application
log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -63,18 +63,18 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
%msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -90,12 +90,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -108,14 +108,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -123,14 +123,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.tenant.xml b/kubernetes/so/resources/config/log/logback.tenant.xml
index a25c182e97..3243f1dd26 100755
--- a/kubernetes/so/resources/config/log/logback.tenant.xml
+++ b/kubernetes/so/resources/config/log/logback.tenant.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="TenantAdapter"></property>
@@ -23,21 +23,20 @@
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
-
+
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -64,18 +63,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -91,12 +89,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -109,14 +107,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -124,14 +122,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.vfc.xml b/kubernetes/so/resources/config/log/logback.vfc.xml
index d0b66be5bb..3b8dea43b0 100755
--- a/kubernetes/so/resources/config/log/logback.vfc.xml
+++ b/kubernetes/so/resources/config/log/logback.vfc.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="vfcadapter"></property>
@@ -28,15 +28,14 @@
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -63,18 +62,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -90,12 +88,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -108,14 +106,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -123,14 +121,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/resources/config/log/logback.vnf.xml b/kubernetes/so/resources/config/log/logback.vnf.xml
index 32f6e69f81..97425ecc25 100755
--- a/kubernetes/so/resources/config/log/logback.vnf.xml
+++ b/kubernetes/so/resources/config/log/logback.vnf.xml
@@ -2,11 +2,11 @@
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="VnfAdapter"></property>
@@ -28,15 +28,14 @@
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
@@ -54,7 +53,7 @@
<appender-ref ref="EELFAudit" />
</appender>
-<appender name="EELFMetrics"
+ <appender name="EELFMetrics"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}${jboss.server.name}.log</file>
<rollingPolicy
@@ -63,18 +62,17 @@
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
@@ -90,12 +88,12 @@
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
@@ -108,14 +106,14 @@
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
@@ -123,14 +121,14 @@
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
diff --git a/kubernetes/so/templates/NOTES.txt b/kubernetes/so/templates/NOTES.txt
index 5b970635fa..79b711fefd 100755
--- a/kubernetes/so/templates/NOTES.txt
+++ b/kubernetes/so/templates/NOTES.txt
@@ -4,11 +4,11 @@
-- bpmn-infra
-- openstack-adapter
-- sdnc-adapter
--- vfc-adapter
+-- vfc-adapter
2. dependencies included in charts sub directory
-- db-secrets
-- ssl-secrets
-- catalog-db-adapter
-- request-db-adapter
4. Run the following helm command to deploy chart(s), remove --dry-run option
- helm upgrade -f ./helm/values.yaml --install --debug --dry-run so ./so
+ helm upgrade -f ./helm/values.yaml --install --debug --dry-run so ./so
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index f0bb7d1fe5..064415927f 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -63,7 +63,8 @@ global:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
@@ -150,6 +151,24 @@ aaf:
trustore: org.onap.so.trust.jks
#################################################################
+# AAF part for Ingress
+#################################################################
+certInitializer:
+ nameOverride: so-tls-cert
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs'
+
+#################################################################
# Application configuration defaults.
#################################################################
@@ -162,7 +181,7 @@ dbCreds:
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.8.2
+image: onap/so/api-handler-infra:1.9.0
server:
aaf:
@@ -262,7 +281,8 @@ ingress:
name: 'so'
port: 8080
config:
- ssl: 'none'
+ tls:
+ secret: '{{ include "common.release" . }}-so-ingress-certs'
mso:
adapters:
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index 71ad437634..980e462b47 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -17,7 +17,7 @@
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
-
+
subChartsOnly:
enabled: true
@@ -25,7 +25,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:4.0.1
+image: onap/usecase-ui-server:4.0.3
pullPolicy: Always
# application configuration
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 0fa4748e3d..ddac84eca3 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -24,7 +24,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/usecase-ui:4.0.1
+image: onap/usecase-ui:4.0.3
pullPolicy: Always
# application configuration
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
index ce52a3b0fe..dcdcef82ba 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
@@ -26,7 +26,7 @@ global:
# application image
flavor: small
-image: onap/vfc/gvnfmdriver:1.4.1
+image: onap/vfc/gvnfmdriver:1.4.3
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
index 40ca646e0f..17d8cc263e 100644
--- a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
diff --git a/kubernetes/vfc/components/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml
index 5854a370a2..be7820006c 100644
--- a/kubernetes/vfc/components/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/nslcm:1.4.3
+image: onap/vfc/nslcm:1.4.4
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,13 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-redis/values.yaml b/kubernetes/vfc/components/vfc-redis/values.yaml
index 6ea05d72a6..0bbb395938 100644
--- a/kubernetes/vfc/components/vfc-redis/values.yaml
+++ b/kubernetes/vfc/components/vfc-redis/values.yaml
@@ -24,7 +24,7 @@ global:
# application image
flavor: small
-image: onap/vfc/db:1.3.4
+image: onap/vfc/db:1.3.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
index b93d7af02b..75968b2ffe 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -58,7 +58,7 @@ spec:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
diff --git a/kubernetes/vfc/components/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml
index acdf006992..9098b4468b 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/vnflcm:1.4.1
+image: onap/vfc/vnflcm:1.4.2
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,13 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
index 9c8430c9fc..f9a8ba71f2 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -58,7 +58,7 @@ spec:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: REDIS_HOST
value: "{{ .Values.global.config.redisServiceName }}"
- name: REDIS_PORT
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
index aa327792b3..f8a5b28065 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/vnfmgr:1.4.0
+image: onap/vfc/vnfmgr:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,12 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
index 2577887523..06258a0d7e 100644
--- a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -58,7 +58,7 @@ spec:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: REDIS_HOST
value: "{{ .Values.global.config.redisServiceName }}"
- name: REDIS_PORT
diff --git a/kubernetes/vfc/components/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml
index 7683912aa2..74e5b21faf 100644
--- a/kubernetes/vfc/components/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/vnfres:1.3.9
+image: onap/vfc/vnfres:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,13 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
index 9edcfbf5e1..643c3fbd84 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
@@ -26,7 +26,7 @@ global:
# application image
flavor: small
-image: onap/vfc/ztevnfmdriver:1.4.0
+image: onap/vfc/ztevnfmdriver:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/requirements.yaml b/kubernetes/vfc/requirements.yaml
index ab3f4ae979..7f65b021f9 100644
--- a/kubernetes/vfc/requirements.yaml
+++ b/kubernetes/vfc/requirements.yaml
@@ -19,6 +19,7 @@ dependencies:
- name: mariadb-galera
version: ~8.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml
index 0560832a5f..64bd029bd1 100644
--- a/kubernetes/vfc/values.yaml
+++ b/kubernetes/vfc/values.yaml
@@ -26,42 +26,47 @@ global:
# we use this flag to determine who is responbile for serice registeration
# and it can reduce duplicate registration.
reg_to_msb_when_start: False
- mariadb_admin: root
+ mariadb_admin: &mariadbAdmin root
persistence:
mountPath: /dockerdata-nfs
+ mariadbGalera: &mariadbGalera
+ #This flag allows VFC to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
+ - uid: db-root-pass
name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "rootUser" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
-mariadb-galera:
+mariadb-galera: &localMariadb
rootUser:
+ user: *mariadbAdmin
+ # password:
externalSecret: *dbRootPassSecret
- nameOverride: &vfc-mariadb vfc-mariadb
+ nameOverride: &dbServer vfc-mariadb
nfsprovisionerPrefix: vfc
persistence:
mountSubPath: vfc/data
enabled: true
disableNfsProvisioner: true
serviceAccount:
- nameOverride: *vfc-mariadb
+ nameOverride: *dbServer
replicaCount: 1
-db: &dbConfig
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPasswordExternalSecret: *dbRootPassSecret
-
vfc-generic-vnfm-driver:
enabled: true
@@ -70,26 +75,22 @@ vfc-huawei-vnfm-driver:
vfc-nslcm:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-redis:
enabled: true
vfc-vnflcm:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-vnfmgr:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-vnfres:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
# sub-chart configuration
vfc-workflow:
diff --git a/kubernetes/vid/resources/config/log/vid/logback.xml b/kubernetes/vid/resources/config/log/vid/logback.xml
index 018cca8a43..17af1c990f 100644
--- a/kubernetes/vid/resources/config/log/vid/logback.xml
+++ b/kubernetes/vid/resources/config/log/vid/logback.xml
@@ -8,9 +8,9 @@
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -95,11 +95,11 @@
</appender>
<!-- EELF Security Appender. This appender is used to record security events
- to the security log file. Security events are separate from other loggers
- in EELF so that security log records can be captured and managed in a secure
- way separate from the other logs. This appender is set to never discard any
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
events. -->
- <!--
+ <!--
<appender name="EELFSecurity"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${securityLogName}.log</file>
@@ -118,14 +118,14 @@
<pattern>${defaultPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<discardingThreshold>0</discardingThreshold>
<appender-ref ref="EELFSecurity" />
</appender>
-->
- <!-- EELF Performance Appender. This appender is used to record performance
+ <!-- EELF Performance Appender. This appender is used to record performance
records. -->
<!--
<appender name="EELFPerformance"
@@ -152,10 +152,10 @@
<appender-ref ref="EELFPerformance" />
</appender>
-->
- <!-- EELF Server Appender. This appender is used to record Server related
- logging events. The Server logger and appender are specializations of the
- EELF application root logger and appender. This can be used to segregate Server
- events from other components, or it can be eliminated to record these events
+ <!-- EELF Server Appender. This appender is used to record Server related
+ logging events. The Server logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate Server
+ events from other components, or it can be eliminated to record these events
as part of the application root log. -->
<!--
<appender name="EELFServer"
@@ -181,10 +181,10 @@
<appender-ref ref="EELFServer" />
</appender>
-->
- <!-- EELF Policy Appender. This appender is used to record Policy engine
- related logging events. The Policy logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- EELF Policy Appender. This appender is used to record Policy engine
+ related logging events. The Policy logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
<!--
<appender name="EELFPolicy"
@@ -210,10 +210,10 @@
<appender-ref ref="EELFPolicy" />
</appender>
-->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
<appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
diff --git a/tox.ini b/tox.ini
index 01e9953617..efe3b38035 100644
--- a/tox.ini
+++ b/tox.ini
@@ -4,6 +4,8 @@ envlist =
docs,
docs-linkcheck,
gitlint,
+ checkbashisms,
+ pre-commit,
skipsdist=true
[doc8]
@@ -11,8 +13,9 @@ ignore-path-errors=docs/helm-search.txt;D001
[testenv:doc8]
deps = -rdocs/requirements-docs.txt
+ doc8
commands =
- doc8 docs/
+ - doc8 docs/
[testenv:docs]
deps = -rdocs/requirements-docs.txt
@@ -52,7 +55,7 @@ commands =
sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
|| (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
yum install devscripts-minimal )" >&2 && exit 1)'
- find . -not -path '*/\.*' -name *.sh -exec checkbashisms -f \{\} +
+ find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} +
[testenv:autopep8]
deps = autopep8
@@ -65,3 +68,29 @@ whitelist_externals = find
commands =
find kubernetes/ TOSCA/ docs/ -name *.py -exec pylint --max-line-length=120 --disable=missing-docstring --method-rgx="(([a-z_][a-zA-Z0-9_]{2,})|(_[a-z0-9_]*)|(__[a-zA-Z][a-zA-Z0-9_]+__))$" --variable-rgx="[a-zA-Z_][a-zA-Z0-9_]{1,30}$" --reports=y --score=y --output-format=colorized \{\} +
+[testenv:pre-commit-install]
+basepython = python3
+deps = pre-commit
+commands =
+ pre-commit install
+ pre-commit install --hook-type commit-msg
+
+[testenv:pre-commit-uninstall]
+basepython = python3
+deps = pre-commit
+commands =
+ pre-commit uninstall
+ pre-commit uninstall --hook-type commit-msg
+
+[testenv:pre-commit]
+basepython = python3
+deps = pre-commit
+passenv = HOME
+commands =
+ pre-commit run --all-files --show-diff-on-failure
+ pre-commit run gitlint --hook-stage commit-msg --commit-msg-filename .git/COMMIT_EDITMSG
+ # Gitlint only proposes a pre-commit configuration for the commit-msg stage but none for the commit stage.
+ # Its default arguments --passed and --msg-filename are different from CI recommandations.
+ # As a result, the line above is always skipped in jenkins CI since there cannot be a .git/COMMIT_EDITMSG file.
+ # A dedicated gitlint profile for CI is proposed above. Also to behave fine locally, this profile must have access
+ # to the HOME variable so that Gitlint can retrieve Git user settings.