diff options
147 files changed, 3914 insertions, 2046 deletions
diff --git a/.gitmodules b/.gitmodules index 08d7aea901..ddad6f6c9a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,11 +1,11 @@ [submodule "kubernetes/aai"] - path = kubernetes/aai - url = ../aai/oom - branch = master - ignore = dirty + path = kubernetes/aai + url = ../aai/oom + branch = frankfurt + ignore = dirty [submodule "kubernetes/robot"] - path = kubernetes/robot - url = ../testsuite/oom - branch = . - ignore = dirty -
\ No newline at end of file + path = kubernetes/robot + url = ../testsuite/oom + branch = frankfurt + ignore = dirty + diff --git a/docs/index.rst b/docs/index.rst index c8048d142e..c933a726fb 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -16,3 +16,4 @@ OOM Documentation Repository oom_cloud_setup_guide.rst release-notes.rst oom_setup_kubernetes_rancher.rst + oom_setup_ingress_controller.rst diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 552950b225..9cf11c5b26 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -30,9 +30,11 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | certInitializer | Yes | No | No | kubernetes/common/certInitializer/resources | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates | - +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ - | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 565c43f467..364f14e923 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -193,6 +193,10 @@ All override files may be customized (or replaced by other overrides) as per nee `onap-all.yaml` Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file. +`onap-all-ingress-nginx-vhost.yaml` + Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer. + Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature. + `environment.yaml` Includes configuration values specific to the deployment environment. diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst new file mode 100644 index 0000000000..a4abc2b390 --- /dev/null +++ b/docs/oom_setup_ingress_controller.rst @@ -0,0 +1,159 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2020, Samsung Electronics + +.. Links +.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements +.. _kubectl Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/ +.. _Kubernetes documentation for emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/ +.. _http://cd.onap.info:30223/mso/logging/debug: http://cd.onap.info:30223/mso/logging/debug +.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474 +.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md + +.. figure:: oomLogoV2-medium.png + :align: right + +.. _onap-on-kubernetes-with-rancher: + + +Ingress controller setup on HA Kubernetes Cluster +################################################# + +This guide provides instruction how to setup experimental ingress controller feature. +For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE) +to deploy and manage our Kubernetes Cluster and ingress controller + +.. contents:: + :depth: 1 + :local: +.. + +The result at the end of this tutorial will be: + +#. Customization of the cluster.yaml file for ingress controller support + +#. Installation and configuration test DNS server for ingress host resolution on testing machines + +#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service + +#. Instalation and configuration NGINX ingress controller + +#. Additional info howto deploy onap with services exposed via Ingress controller + +Customize cluster.yml file +=========================== +Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing: + +.. code-block:: yaml + <...> + restore: + restore: false + snapshot_name: "" + ingress: + provider: none + dns: + provider: coredns + upstreamnameservers: + - <custer_dns_ip>:31555 + +Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node. + +For external load balacer purposes minimum one of the worker node should be configured with external IP +address accessible outside the cluster. It can be done using the following example node configuration: + +.. code-block:: yaml + <...> + - address: <external_ip> + internal_address: <internal_ip> + port: "22" + role: + - worker + hostname_override: "onap-worker-0" + user: ubuntu + ssh_key_path: "~/.ssh/id_rsa" + <...> + +Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required + + + +DNS server configuration and instalation +======================== +DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it +resolves all subdomain related to the onap cluster to the load balancer IP. +Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. +Adding many entries into the configuration files on testing machines is quite problematic and error prone. +The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. + +DNS server has automatic instalation and configuration script, so instalation is quite easy:: + + > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing + + > ./deploy\_dns.sh + +After DNS deploy you need to setup DNS entry on the target testing machine. +Because DNS listen on non standard port configuration require iptables rules +on the target machine. Please follow the configuation proposed by the deploy scripts +Example output depends on the IP address and example output looks like bellow:: + + + DNS server already deployed: + 1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 + 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine + + +MetalLB Load Balancer instalation and configuration +==================================================== + +By default pure Kubernetes cluster requires external load balancer if we want to expose +external port using LoadBalancer settings. For this purpose MetalLB can be used. +Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster. + +MetalLB Load balanancer can be easily installed using automatic install script:: + + > cd kubernetes/contrib/metallb-loadbalancer-inst + + > ./install-metallb-on-cluster.sh + + +Configuration NGINX ingress controller +======================================= + +After installation DNS server and ingress controller we can install and configure ingress controller. +It can be done using the following commands:: + + > cd kubernetes/contrib/ingress-nginx-post-inst + + > kubectl apply -f nginx_ingress_cluster_config.yaml + + > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml + +After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service +with external IP address:: + + > kubectl get svc -n ingress-nginx + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h + ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h + + +ONAP with ingress exposed services +===================================== +If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script:: + > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml + +Ingress also can be enabled on any onap setup override using following code: + +.. code-block:: yaml + <...> + #ingress virtualhost based configuration + global: + <...> + ingress: + enabled: true + diff --git a/kubernetes/Makefile b/kubernetes/Makefile index 7150f10c1f..faa96df811 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -28,9 +28,9 @@ endif SUBMODS := robot aai EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS) -HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART) +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(SUBMODS) $(PARENT_CHART) -.PHONY: $(EXCLUDES) $(HELM_CHARTS) $(SUBMODS) +.PHONY: $(EXCLUDES) $(HELM_CHARTS) all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml index eb785e2d9b..309a9f38c6 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,23 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.global.aaf.cass.replicas }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - name: fix-permission @@ -37,47 +29,38 @@ spec: args: - -c - | - chmod -R 775 /opt/app/aaf/status chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /var/lib/cassandra chown -R 1000:1000 /var/lib/cassandra image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - mountPath: /var/lib/cassandra name: aaf-cass-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 30m + memory: 100Mi containers: - name: {{ include "common.name" . }} - image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}} + image: {{ include "common.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-cass"] - ports: - - name: storage - containerPort: {{.Values.global.aaf.cass.storage_port}} - - name: ssl-storage - containerPort: {{.Values.global.aaf.cass.ssl_storage_port}} - - name: native-trans - containerPort: {{.Values.global.aaf.cass.native_trans_port}} - - name: rpc - containerPort: {{.Values.global.aaf.cass.rpc_port}} + ports: {{ include "common.containerPorts" . | nindent 10 }} env: - name: CASSANDRA_CLUSTER_NAME - value: {{.Values.global.aaf.cass.cluster_name}} + value: {{ .Values.config.cluster_name }} - name: CASSANDRA_DC - value: {{.Values.global.aaf.cass.dc}} + value: {{ .Values.config.dc }} - name: CQLSH value: "/opt/cassandra/bin/cqlsh" - name: HEAP_NEWSIZE - value: {{.Values.global.aaf.cass.heap_new_size}} + value: {{ .Values.config.heap_new_size }} - name: MAX_HEAP_SIZE - value: {{.Values.global.aaf.cass.max_heap_size}} + value: {{ .Values.config.max_heap_size }} - name: MY_POD_NAME valueFrom: fieldRef: @@ -93,44 +76,36 @@ spec: volumeMounts: - mountPath: /var/lib/cassandra name: aaf-cass-vol - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - mountPath: /etc/localtime name: localtime readOnly: true {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{.Values.global.aaf.cass.native_trans_port}} + port: tcp-cql initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{.Values.global.aaf.cass.native_trans_port}} + port: tcp-cql initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} volumes: - name: localtime hostPath: path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - name: aaf-cass-vol {{- if .Values.persistence.enabled }} persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-data + claimName: {{ include "common.fullname" . }} {{- else }} emptyDir: {} {{- end }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml index 0f0a30585b..187e9b75de 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,27 +15,4 @@ # limitations under the License. */}} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ include "common.release" . }} - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-data" -{{- end -}} -{{- end -}} +{{ include "common.PV" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml index 3cc43560e4..e56c98751c 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,26 +15,4 @@ # limitations under the License. */}} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" .}}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} +{{ include "common.PVC" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml index d5c615f55d..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,38 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -# annotations: -# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: {{ .Values.service.type }} - ports: - - name: storage - protocol: TCP - port: {{.Values.global.aaf.cass.storage_port}} - containerPort: {{.Values.global.aaf.cass.storage_port}} - - name: ssl-storage - protocol: TCP - port: {{.Values.global.aaf.cass.ssl_storage_port}} - containerPort: {{.Values.global.aaf.cass.ssl_storage_port}} - - name: native-trans - protocol: TCP - port: {{.Values.global.aaf.cass.native_trans_port}} - containerPort: {{.Values.global.aaf.cass.native_trans_port}} - - name: rpc - protocol: TCP - port: {{.Values.global.aaf.cass.rpc_port}} - containerPort: {{.Values.global.aaf.cass.rpc_port}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - clusterIP: None +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/values.yaml b/kubernetes/aaf/charts/aaf-cass/values.yaml index 9f6ec565f4..3d9f21e297 100644 --- a/kubernetes/aaf/charts/aaf-cass/values.yaml +++ b/kubernetes/aaf/charts/aaf-cass/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ flavor: small # Application configuration defaults. ################################################################# # application configuration -config: {} +replicaCount: 1 nodeSelector: {} @@ -32,6 +32,15 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: tcp-cql + +image: onap/aaf/aaf_cass:2.1.20 + +config: + cluster_name: osaaf + heap_new_size: 512M + max_heap_size: 1024M + dc: dc1 readiness: initialDelaySeconds: 5 @@ -40,39 +49,36 @@ readiness: service: name: aaf-cass type: ClusterIP - portName: aaf-cass - #targetPort - internalPort: 7000 - #port - externalPort: 7000 - - internalPort2: 7001 - externalPort2: 7001 - internalPort3: 9042 - externalPort3: 9042 - internalPort4: 9160 - externalPort4: 9160 + ports: + - name: tcp-intra + port: 7000 + - name: tls + port: 7001 + - name: tcp-cql + port: 9042 + - name: tcp-thrift + port: 9160 ingress: enabled: false # Configure resource requests and limits resources: - small: - limits: - cpu: 2100m - memory: 1792Mi - requests: - cpu: 30m - memory: 1280Mi - large: - limits: - cpu: 4 - memory: 12000Mi - requests: - cpu: 40m - memory: 9000Mi - unlimited: {} + small: + limits: + cpu: 2100m + memory: 1792Mi + requests: + cpu: 30m + memory: 1280Mi + large: + limits: + cpu: 4 + memory: 12000Mi + requests: + cpu: 40m + memory: 9000Mi + unlimited: {} persistence: enabled: true diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml index b823acd3d5..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.cm.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.cm.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.cm.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml index 28462f2edf..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.cm.internal_port }} - nodePort: {{ .Values.global.aaf.cm.public_port }} - name: aaf-cm - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index 37d6c5e2c5..c391369db6 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -19,6 +19,13 @@ flavor: small # Application configuration defaults. ################################################################# # application image +replicaCount: 1 + +binary: cm + +sequence_order: + - service + - locate nodeSelector: {} @@ -26,24 +33,25 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-cm type: ClusterIP - portName: aaf-cm - #targetPort - internalPort: 8150 - #port - externalPort: 8150 + ports: + - name: api + protocol: http + port: 8150 ingress: enabled: false @@ -56,18 +64,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 400m - memory: 300Mi - requests: - cpu: 1m - memory: 200Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 600Mi - unlimited: {} + small: + limits: + cpu: 400m + memory: 300Mi + requests: + cpu: 1m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 600Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml index 2e8e41e637..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.fs.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml index b81635f74d..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.fs.internal_port }} - nodePort: {{ .Values.global.aaf.fs.public_port }} - name: aaf-hello - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml index 4b12bd0deb..6ddc07278b 100644 --- a/kubernetes/aaf/charts/aaf-fs/values.yaml +++ b/kubernetes/aaf/charts/aaf-fs/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,13 @@ flavor: small # application image pullPolicy: Always +replicaCount: 1 + +binary: fs + +sequence_order: + - service + - locate nodeSelector: {} @@ -33,19 +40,20 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-fs type: ClusterIP - portName: aaf-fs - #targetPort - internalPort: 8096 - #port - externalPort: 8096 + ports: + - name: api + port: 8096 + protocol: http ingress: enabled: false @@ -58,18 +66,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 200m - memory: 110Mi - requests: - cpu: 1m - memory: 80Mi - large: - limits: - cpu: 500m - memory: 700Mi - requests: - cpu: 100m - memory: 400Mi - unlimited: {} + small: + limits: + cpu: 200m + memory: 110Mi + requests: + cpu: 1m + memory: 80Mi + large: + limits: + cpu: 500m + memory: 700Mi + requests: + cpu: 100m + memory: 400Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml index cbf68aad37..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.gui.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-gui aaf-locate && exec bin/gui"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.gui.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.gui.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml index 7dc4468598..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.gui.internal_port }} - nodePort: {{ .Values.global.aaf.gui.public_port }} - name: aaf-gui - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml index 8811b3300a..f418fd5b41 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -20,6 +20,13 @@ flavor: small # application image pullPolicy: Always +replicaCount: 1 + +binary: gui + +sequence_order: + - service + - locate nodeSelector: {} @@ -27,25 +34,26 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: gui readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: gui service: name: aaf-gui type: NodePort - portName: aaf-gui - #targetPort - internalPort: 8200 - #port - externalPort: 8200 - nodePort: 51 + ports: + - name: gui + protocol: http + port: 8200 + nodePort: 51 ingress: enabled: false @@ -58,18 +66,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 200m - memory: 280Mi - requests: - cpu: 1m - memory: 170Mi - large: - limits: - cpu: 200m - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - unlimited: {} + small: + limits: + cpu: 200m + memory: 280Mi + requests: + cpu: 1m + memory: 170Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml deleted file mode 100644 index d2b4f0c76f..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if ne 0 (int .Values.global.aaf.hello.replicas) }} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -######### -## ============LICENSE_START==================================================== -## org.onap.aaf -## =========================================================================== -## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -## =========================================================================== -## Licensed under the Apache License, Version 2.0 (the "License"); -## you may not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, -## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. -## ============LICENSE_END==================================================== -## - -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-hello-pv - namespace: {{ include "common.namespace" . }} - labels: - app: {{ .Chart.Name }}-hello - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ include "common.release" . }} - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-data" -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml deleted file mode 100644 index fc148f63d6..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if ne 0 (int .Values.global.aaf.hello.replicas) }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -######### -## ============LICENSE_START==================================================== -## org.onap.aaf -## =========================================================================== -## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -## =========================================================================== -## Licensed under the Apache License, Version 2.0 (the "License"); -## you may not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, -## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. -## ============LICENSE_END==================================================== -## -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-hello-pvc - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.config.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.config.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml index 1e120bd0ad..891b829f43 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,112 +12,49 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.global.aaf.hello.replicas }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-hello-vol - {{- if and .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-hello-pvc - {{- else }} - emptyDir: {} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: - - name: fix-permission - command: ["/bin/sh","-c","chmod -R 775 /opt/app/osaaf/local && chown -R 1000:1000 /opt/app/osaaf"] - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf/local" - name: aaf-hello-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/agent.sh"] -# command: ["bash","-c","cd /opt/app/aaf_config && echo Sleeping && sleep 480"] -# command: ["bash","-c","chown 1000:1000 /opt/app/osaaf && cd /opt/app/aaf_config && sleep 480"] - volumeMounts: - - mountPath: "/opt/app/osaaf/local" - name: aaf-hello-vol - env: - - name: APP_FQI - value: "{{ .Values.aaf_init.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" -# This should the APP's FQDN to be put in Locator -# This MUST match what is entered for AAF Certificate Artifacts - - name: aaf_locator_fqdn - value: "{{.Values.aaf_init.fqdn}}" -# Hello specific. Clients don't don't need this, unless Registering with AAF Locator -# This should be the APP's PUBLIC FQDN, if applicable - - name: aaf_locator_public_fqdn - value: "{{.Values.aaf_init.locator_public_fqdn}}" - - name: LATITUDE - value: "{{ .Values.aaf_init.cadi_latitude }}" - - name: LONGITUDE - value: "{{ .Values.aaf_init.cadi_longitude }}" -# Note: We want to put this in Secrets or at LEAST ConfigMaps - - name: "DEPLOY_FQI" - value: "deployer@people.osaaf.org" -# Note: want to put this on Nodes, evenutally - - name: "DEPLOY_PASSWORD" - value: "demo123456!" + initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} # CONTAINER Definition containers: - name: {{ include "common.name" . }} command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] - image: {{ .Values.global.repository }}/{{.Values.service.image }} + image: {{ .Values.global.repository }}/{{.Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf/local" - name: aaf-hello-vol + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.port }} + port: {{ .Values.liveness.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{- end }} readinessProbe: tcpSocket: - port: {{ .Values.service.port }} + port: {{ .Values.readiness.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml new file mode 100644 index 0000000000..f8c32e0670 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml index 5ba4f68be9..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.port }} - nodePort: {{ .Values.service.public_port }} - name: aaf-hello - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml index 0400dcc1fd..aeb659082d 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/charts/aaf-hello/values.yaml @@ -12,6 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +global: + aafEnabled: true flavor: small @@ -22,47 +24,58 @@ flavor: small aaf_init: # You might want this in your own app. For AAF, we store in global # replicas: 1 - image: onap/aaf/aaf_agent:2.1.20 - fqi: "aaf@aaf.osaaf.org" + fqi: aaf@aaf.osaaf.org # This MUST match what is put in AAF's "Artifact" for Certificates - fqdn: "aaf-hello" + fqdn: aaf-hello # What is put in Locator for External Access - locator_public_fqdn: "aaf.osaaf.org" - app_ns: "org.osaaf.aaf" - deploy_fqi: "deployer@people.osaaf.org" + public_fqdn: aaf.osaaf.org cadi_latitude: "38.0" cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds + permission_user: 1000 + permission_group: 999 -service: - image: onap/aaf/aaf_hello:2.1.20 - port: "8130" - public_port: "31119" +replicaCount: 0 -persistence: - enabled: false - #existingClaim: - # You will want "Reatan" in non-Hello Example. - volumeReclaimPolicy: Delete - accessMode: ReadWriteMany - size: 40M - mountPath: /dockerdata-nfs - mountSubPath: aaf/hello +image: onap/aaf/aaf_hello:2.1.20 + +service: + name: aaf-hello + type: ClusterIP + ports: + - name: api + protocol: http + port: 8130 nodeSelector: {} affinity: {} +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aaf_init.aafDeployFqi }}' + password: '{{ .Values.aaf_init.aafDeployPass }}' + passwordPolicy: required + # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api ingress: enabled: false @@ -75,18 +88,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 10m - memory: 200Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 20m - memory: 500Mi - unlimited: {} + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 20m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml index cc7f19176f..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.locate.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.locate.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.locate.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml index 8aead90d29..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.locate.internal_port }} - nodePort: {{ .Values.global.aaf.locate.public_port }} - name: aaf-locate - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index 9209b9d027..47b2f205e5 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -18,6 +18,12 @@ flavor: small # Application configuration defaults. ################################################################# # application image +replicaCount: 1 + +binary: locate + +sequence_order: + - service nodeSelector: {} @@ -25,24 +31,25 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-locate type: ClusterIP - portName: aaf-locate - #targetPort - internalPort: 8095 - #port - externalPort: 31111 + ports: + - name: api + protocol: http + port: 8095 ingress: enabled: false @@ -55,18 +62,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 100m - memory: 320Mi - requests: - cpu: 1m - memory: 210Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 500Mi - unlimited: {} + small: + limits: + cpu: 100m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml index 6ce3abd241..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.oauth.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.oauth.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.oauth.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml index 52c2d10568..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.oauth.internal_port }} - nodePort: {{ .Values.global.aaf.oauth.public_port }} - name: aaf-oauth - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml index c25327ce03..7604b86393 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml @@ -19,30 +19,40 @@ flavor: small # Application configuration defaults. ################################################################# # application image + +replicaCount: 1 + +binary: oauth + +sequence_order: + - service + - locate + nodeSelector: {} affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-oauth type: ClusterIP - portName: aaf-oauth - #targetPort - internalPort: 8140 - #port - externalPort: 8140 + ports: + - name: api + protocol: http + port: 8140 ingress: enabled: false @@ -55,18 +65,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 40m - memory: 320Mi - requests: - cpu: 1m - memory: 210Mi - large: - limits: - cpu: 400m - memory: 600Mi - requests: - cpu: 40m - memory: 200Mi - unlimited: {} + small: + limits: + cpu: 40m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 600Mi + requests: + cpu: 40m + memory: 200Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml index 555f4ac815..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,135 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.service.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config nc aaf-cass.{{ .Release.Namespace }} 9042 sleep 15 remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"] - image: {{.Values.global.repository}}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: cm_always_ignore_ips - value: "true" - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-service* && echo $HOSTNAME >> aaf-service.hosts"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.service.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.service.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-service/templates/service.yaml index e02c685549..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.service.internal_port }} - nodePort: {{ .Values.global.aaf.service.public_port }} - name: aaf-service - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml index 1eb5bb2523..c2d96032cc 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/charts/aaf-service/values.yaml @@ -20,30 +20,38 @@ flavor: small ################################################################# # application image +replicaCount: 1 + +binary: service + +sequence_order: + - cass + nodeSelector: {} affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-service - type: NodePort - portName: aaf-service - #targetPort - internalPort: 8100 - #port - externalPort: 31110 + type: ClusterIP + ports: + - name: api + port: 8100 + protocol: http ingress: enabled: false @@ -56,18 +64,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 250m - memory: 360Mi - requests: - cpu: 10m - memory: 250Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 300Mi - unlimited: {} + small: + limits: + cpu: 250m + memory: 360Mi + requests: + cpu: 10m + memory: 250Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 300Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml index 5ade9a81d6..8d1faf7e32 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml @@ -18,15 +18,8 @@ apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml index c816b16914..23fe79d716 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -18,21 +18,11 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-init - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: backoffLimit: 2 template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never containers: @@ -58,19 +48,17 @@ spec: - name: {{ include "common.fullname" . }}-tpmconfig mountPath: "/abrmd/cred/" readOnly: true - resources: -{{ toYaml .Values.resources | indent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} + resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + resources: {{ include "common.resources" . | nindent 10 }} volumes: - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml index 0beda0fefc..c624ccfc4d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml @@ -16,24 +16,15 @@ {{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} serviceName: template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" @@ -50,6 +41,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" name: {{ include "common.name" . }} @@ -66,8 +64,7 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} @@ -76,8 +73,7 @@ spec: {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml index dc5176127a..99176fcdf6 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml @@ -18,15 +18,8 @@ apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml index 3d248eef51..fb48c7df4a 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml @@ -18,22 +18,12 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} serviceName: template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never initContainers: @@ -52,6 +42,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{ else }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -69,6 +66,13 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-data mountPath: /distcenter/data + resources: + limits: + cpu: 1 + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -82,15 +86,12 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-data mountPath: /distcenter/data - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime @@ -98,7 +99,7 @@ spec: path: /etc/localtime - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-data + claimName: {{ include "common.release" . }}-aaf-sshsm imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml index 00005a58b1..bf0ef74be2 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml @@ -15,28 +15,5 @@ */}} {{- if .Values.global.distcenter.enabled -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} +{{ include "common.PV" . }} {{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml index ede08205b5..a13b7f353b 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml @@ -15,27 +15,5 @@ */}} {{- if .Values.global.distcenter.enabled -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} +{{ include "common.PVC" . }} {{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml index a67760c368..a64f483d74 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml @@ -18,22 +18,11 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} - serviceName: template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never initContainers: @@ -51,6 +40,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.tpm.enabled }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -66,6 +62,13 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-dbus mountPath: /var/run/dbus + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -98,8 +101,7 @@ spec: - name: {{ include "common.fullname" . }}-secrets mountPath: /testca/secrets readOnly: true - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} @@ -108,8 +110,7 @@ spec: {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime @@ -117,7 +118,7 @@ spec: path: /etc/localtime - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-data + claimName: {{ include "common.release" . }}-aaf-sshsm - name: {{ include "common.fullname" . }}-dbus persistentVolumeClaim: claimName: {{ include "common.release" . }}-aaf-sshsm-dbus diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml index 3b50792473..b566b11458 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml @@ -14,27 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-data -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dataMountSubPath }} -{{- end -}} -{{- end -}} +{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml index e76baa2d36..b3e7f9fabd 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml @@ -14,27 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-dbus - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-dbus -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-dbus" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dbusMountSubPath }} -{{- end -}} -{{- end -}} +{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml index 2a5fc98bfa..b8971cc03c 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml @@ -14,26 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} +{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml index cf223670b5..7297d6f81d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml @@ -14,30 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-dbus - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-dbus" -{{- else }} - storageClassName: {{ include "common.storageClass" . }} -{{- end }} -{{- end -}} +{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/values.yaml index 55d38a094c..5600213e11 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/values.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/values.yaml @@ -32,12 +32,20 @@ global: persistence: enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - dataMountSubPath: sshsm/data - dbusMountSubPath: sshsm/dbus + data: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/data + dbus: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/dbus + + # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/templates/_deployment.tpl b/kubernetes/aaf/templates/_deployment.tpl new file mode 100644 index 0000000000..bf6931a8e3 --- /dev/null +++ b/kubernetes/aaf/templates/_deployment.tpl @@ -0,0 +1,67 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.deployment" -}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: {{ include "aaf.initContainers" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + workingDir: /opt/app/aaf + command: ["bin/{{ .Values.binary }}"] + image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{.Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-config-vol + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end -}} diff --git a/kubernetes/aaf/templates/_initContainers.tpl b/kubernetes/aaf/templates/_initContainers.tpl new file mode 100644 index 0000000000..43c511fd6d --- /dev/null +++ b/kubernetes/aaf/templates/_initContainers.tpl @@ -0,0 +1,122 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.permissionFixer" -}} +- name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R 1000:1000 /opt/app/aaf + chown -R 1000:1000 /opt/app/osaaf + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.podConfiguration" }} +- name: {{ include "common.name" . }}-config-container + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + args: + - -c + - | + cd /opt/app/aaf_config + bin/agent.sh + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + env: + - name: aaf_env + value: "{{ .Values.global.aaf.aaf_env }}" + - name: cadi_latitude + value: "{{ .Values.global.aaf.cadi_latitude }}" + - name: cadi_longitude + value: "{{ .Values.global.aaf.cadi_longitude }}" + - name: cadi_x509_issuers + value: "{{ .Values.global.aaf.cadi_x509_issuers }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_release + value: "{{ .Values.global.aaf.aaf_release }}" + - name: aaf_locator_container_ns + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: aaf_locator_public_fqdn + value: "{{.Values.global.aaf.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.global.aaf.aaf_locator_name}}" + - name: aaf_locator_name_oom + value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" + - name: CASSANDRA_CLUSTER + value: "aaf-cass.{{ .Release.Namespace }}" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.initContainers" -}} +initContainers: +{{ include "aaf.permissionFixer" . }} +{{- if .Values.sequence_order }} +- name: {{ include "common.name" . }}-aaf-readiness + command: + - /root/ready.py + args: + {{- range $container := .Values.sequence_order }} + - --container-name + - aaf-{{ $container}} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} +{{ include "aaf.podConfiguration" . }} +{{- end }} diff --git a/kubernetes/aaf/templates/pv-config.yaml b/kubernetes/aaf/templates/pv-config.yaml deleted file mode 100644 index 5ed3e62aeb..0000000000 --- a/kubernetes/aaf/templates/pv-config.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }}-config - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.config.size}} - accessModes: - - {{ .Values.persistence.config.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.persistence.config.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.config.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-config" -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/templates/pv-status.yaml b/kubernetes/aaf/templates/pv-status.yaml deleted file mode 100644 index d8f5980b9b..0000000000 --- a/kubernetes/aaf/templates/pv-status.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-status - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }}-status - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.status.size}} - accessModes: - - {{ .Values.persistence.status.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.status.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.persistence.status.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.status.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-status" -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/templates/pvc-config.yaml b/kubernetes/aaf/templates/pvc-config.yaml deleted file mode 100644 index dc71dceff1..0000000000 --- a/kubernetes/aaf/templates/pvc-config.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.config.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.config.size }} -{{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-config" -{{- else }} - storageClassName: {{ include "common.storageClass" . }} -{{- end }} -{{- end -}} diff --git a/kubernetes/aaf/templates/pvc-status.yaml b/kubernetes/aaf/templates/pvc-status.yaml deleted file mode 100644 index 3cda088fba..0000000000 --- a/kubernetes/aaf/templates/pvc-status.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-status - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.status.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.status.size }} -{{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-status" -{{- else }} - storageClassName: {{ include "common.storageClass" . }} -{{- end }} -{{- end -}} diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 5a1c5f2709..bedf243639 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -29,7 +29,7 @@ global: loggingImage: beats/filebeat:5.5.0 # BusyBox image busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:latest + busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM @@ -58,50 +58,19 @@ global: config: image: onap/aaf/aaf_config:2.1.20 - cass: - replicas: 1 - image: onap/aaf/aaf_cass:2.1.20 - fqdn: "aaf-cass" - cluster_name: "osaaf" - heap_new_size: "512M" - max_heap_size: "1024M" - storage_port: 7000 - ssl_storage_port: 7001 - native_trans_port: 9042 - rpc_port: 9160 - dc: "dc1" + service: - replicas: 1 fqdn: "aaf-service" internal_port: 8100 public_port: 31110 locate: - replicas: 1 fqdn: "aaf-locate" internal_port: 8095 public_port: 31111 oauth: - replicas: 1 - fqdn: "aaf0oauth" + fqdn: "aaf-oauth" internal_port: 8140 public_port: 31112 - gui: - replicas: 1 - fqdn: "aaf-gui" - internal_port: 8200 - public_port: 31113 - cm: - replicas: 1 - fqdn: "aaf-cm" - internal_port: 8150 - public_port: 31114 - fs: - replicas: 1 - fqdn: "aaf-fs" - internal_port: 8096 - public_port: 31115 - hello: - replicas: 0 # Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml @@ -138,35 +107,6 @@ ingress: config: ssl: "none" -## Persist data to a persitent volume -persistence: - enabled: true - config: - #existingClaim: - volumeReclaimPolicy: Delete - accessMode: ReadWriteMany - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: "config" - logs: - #existingClaim: - volumeReclaimPolicy: Retain - accessMode: ReadWriteMany - size: 2Gi - mountPath: "/mnt/data/aaf/logs" - status: - volumeReclaimPolicy: Delete - accessMode: ReadWriteMany - size: 2M - mountPath: /dockerdata-nfs - mountSubPath: "status" - cass: - #existingClaim: - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Gi - mountPath: /dockerdata-nfs - mountSubPath: "cass" - +persistence: {} resources: {} diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 2d6141ab8bd7bfe58f5da0483e578032226e7eb +Subproject d687fd0c9efe31e93287da11e3e390984a5fb6c diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties index 978dead538..542645683e 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties @@ -34,7 +34,7 @@ appc.demo.threads.poolsize.max=2 appc.demo.provider.user={{.Values.config.odlUser}} appc.demo.provider.pass={{.Values.config.odlPassword}} appc.demo.provider.url=http://localhost:8181/restconf/operations/appc-provider -appc.provider.vfodl.url=http://{{.Values.config.odlUser|urlquery}}:{{.Values.config.odlPassword|urlquery}}@{{.Values.service.name}}:{{.Values.service.externalPort}}/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/stream-count:stream-count/streams/ +appc.provider.vfodl.url=http://{{.Values.config.odlUser|urlquery}}:{{.Values.config.odlPassword|urlquery}}@localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/stream-count:stream-count/streams/ # The properties right below are needed to properly call the Master DG to serve demo purposes appc.service.logic.module.name=APPC diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 6cd3c2b554..f120f12072 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.1 +image: onap/ccsdk-blueprintsprocessor:0.7.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 3f9fb87e13..2bc84bd299 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.1 +image: onap/ccsdk-commandexecutor:0.7.2 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/charts/cds-py-executor/Chart.yaml new file mode 100755 index 0000000000..41b43c34a3 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP CDS Py Executor +name: cds-py-executor +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/charts/cds-py-executor/requirements.yaml new file mode 100755 index 0000000000..676fe8f6b2 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml new file mode 100755 index 0000000000..f9c3377dd8 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml @@ -0,0 +1,90 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + command: + - bash + args: + - '-c' + - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh' + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + env: + - name: APP_PORT + value: {{ .Values.config.appPort }} + - name: AUTH_TYPE + value: {{ .Values.config.authType }} + - name: API_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} + - name: LOG_FILE + value: {{ .Values.config.logFile }} + - name: ARTIFACT_MANAGER_PORT + value: {{ .Values.config.artifactManagerPort }} + - name: ARTIFACT_MANAGER_SERVER_LOG_FILE + value: {{ .Values.config.artifactManagerLogFile }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: {{ .Values.persistence.deployedBlueprint }} + name: {{ include "common.fullname" . }}-blueprints + resources: +{{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + # Py executor shares the blueprintsprocessor storage (for now) to + # share uploaded CBA files. In the future it will be deprecated + # when all parts of the CDS will make use of Artifact Manager + - name: {{ include "common.fullname" . }}-blueprints + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-cds-blueprints + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml new file mode 100644 index 0000000000..c36607b172 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml new file mode 100755 index 0000000000..1267791b6c --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml new file mode 100755 index 0000000000..206ae10a75 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/values.yaml @@ -0,0 +1,120 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific lan`guage governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # image repositories + repository: nexus3.onap.org:10001 + + # readiness check + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + # image pull policy + pullPolicy: Always + + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/ccsdk-py-executor:0.7.2 +pullPolicy: Always + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + port: 50052 + initialDelaySeconds: 20 + periodSeconds: 20 + timeoutSeconds: 20 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + port: 50052 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 20 + +service: + type: ClusterIP + ports: + - port: 50052 + name: executor-grpc + - port: 50053 + name: manager-grpc + +secrets: + - uid: api-credentials + externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}' + type: basicAuth + login: '{{ .Values.config.apiUsername }}' + password: '{{ .Values.config.apiPassword }}' + passwordPolicy: required + +config: + # the api credentials below are used to authenticate communication with blueprint + # processor API. Py executor in this context is a client of the blueprint processor + apiUsername: ccsdkapps + apiPassword: ccsdkapps + env: + appPort: 50052 + authType: tls-auth + logFile: /dev/stdout + artifactManagerPort: 50053 + artifactManagerLogFile: /dev/stdout + +persistence: + enabled: true + mountSubPath: cds/blueprints/deploy + deployedBlueprint: /opt/app/onap/blueprints/deploy + +ingress: + enabled: false + +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index b9c329a124..c784a82ba1 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.1 +image: onap/ccsdk-sdclistener:0.7.2 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 0dcf7feefd..d084307bbb 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.1 +image: onap/ccsdk-cds-ui-server:0.7.2 pullPolicy: Always # application configuration diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 5bd503e0ff..941c2f84df 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -20,7 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets COMMON_CHARTS_DIR := common EXCLUDES := -HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -49,4 +49,4 @@ clean: @rm -f *tgz */charts/*tgz @rm -rf $(PACKAGE_DIR) %: - @:
\ No newline at end of file + @: diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml index bab2c4befc..90e6621aa3 100644 --- a/kubernetes/common/cassandra/requirements.yaml +++ b/kubernetes/common/cassandra/requirements.yaml @@ -16,4 +16,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml new file mode 100644 index 0000000000..3b20045b1f --- /dev/null +++ b/kubernetes/common/certInitializer/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to obtain certificates in onap +name: certInitializer +version: 6.0.0 diff --git a/kubernetes/common/certInitializer/requirements.yaml b/kubernetes/common/certInitializer/requirements.yaml new file mode 100644 index 0000000000..237f1d1354 --- /dev/null +++ b/kubernetes/common/certInitializer/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 new file mode 100644 index 0000000000..71b6782c58 --- /dev/null +++ b/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 @@ -0,0 +1,30 @@ +MIIGFAIBAzCCBdoGCSqGSIb3DQEHAaCCBcsEggXHMIIFwzCCBb8GCSqGSIb3DQEHBqCCBbAw +ggWsAgEAMIIFpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIIYleh/TibnoCAggAgIIF +eGle/QhuHZkU5OjTo1L4MUbBFMGEu2hFNjqzYC3fuvfSIdMUxVZ1vQspIPNiPs1+WZ/lB9vZ +vBkQZ6AyBNTqZlHk5vv1tNyLksZCMRWlPLB/GF8becTuawuC2+IJajmuN5aLG9Fsx9G+bKQ6 +fO/VUq4urhuOEhKtft2wVUrQON0GnDcUemj/OLE6jMWrNlrxVdCqqII8xs5yGr/qfIRtpIVx +NZOAJdlKGZcc47wIG+lXHDeibH4rtObOLSk6mY9bjQ7Omp6HsshOaFDsx/ZWiG1+H7ZRDSSK +v5qWpr5xEhBM66TufMi0Tn8XNUsjkKCar25acH1odQQIQLhpFcqDyKaqFQM/60fvH4CTQ1SA +7vhpfUx9y7t2cEIg8lDEhhOUSRIVr+iw0zhoknPxJLfPuhRDzVKm8KxADCVjVR29K9nBgIrF +IVQ4gW0RRmCcHqBPVoakWs0BdTzhMwWtnxTLkpSLZoMkoi/8wfw7SDhaV4G6qXXqvDVaWbwR +nqpZWeQBRDSqOEmsPuLzq2J1Ls/v9J5ZQpeqyyYinGCjUUlC+fE6nhCrNsHeWTOlmBUyh/kA +WDAx1LgctqTwgIpPrJzkjPCfIuJyO7lhHFyBK8j/8NwMUgA5zBismhtQ3kQ3GBmTCm1cFkdz +AR4cV30244Oe3GmJG8ZUWiTjIuq2Eo4ISUR1h50uXlCja9n9n964wPJkNJyHyUa5cqz/EAkM +vzeL0VNW7Jpym3gRxNLqYILFBjZnhC7R9RhHciHYwIEEMj9WywDE6hDZqFReI6N3ZQNIWnHt +Je6e1YFwduGWnQFnL33XZi7ZqVY9Pr7mwu9c/LaCUuwDwy2rtAY50cnpp9CfbIp3oD33sfNe +LMmCcEkRvl/BNMtifnWnsaiCCoUZxLe6d8JWudu4r8M+bdoIkqoIUSyhuIsjjKnYAE/wmZvy +nphgC9tN1g5rY5CxqEQXyGvaD/lRgxpchKqwFFF89dEU27llLPneRSiIpth/pnip104N7H/+ +I5RaHNfaiNTUGLJSqmewCPCKritGJogqaBCj8oiI8uGovQZEYd8kgaDao8FCrpOFaHFhlUxd +fltyOZImAQ4cLEywj9VZFz/AriV+FZWe0VS1A6pBCknwZJBBJPKSQ4fAoDwAWmQsiHRE6h/N +OcD9zh4XqnCgy2f07SOPBf8AnLoe9XJXVm5T6xG8ZwfrmtDYk9Ze2VTxFJsolcaz/58JqSe3 +2mc3nuQqhZEzP7bWoD68ekykfbm2qJcC82fxYKkooNJ1T/Aagh+Vxsc8t/ubAEAKzz4fXZY5 +hO2zuk3AIn6WkwKZwoHfuCXXH1o3vlGsQx59N2kvifNUZf5ZzSbHIB8Hefckh0W9FMYE99de +lKdv5H4BSIiZ4v7r/0AkiV0M6WJOdogkEBIBcE81URAI6uwBuq2vUMyhIlekvmGlfV1+70jR +T22rjPiaswc8+GqDoI1kRrEwHHYT8O2JLBkSBv9A6LkCJPNt2bepPnJM7OyShQ0srmwdZOpY +0YcDZwbWVQNPZqtvZJl860mMisXO9MRIBS1udkL2SgzWYNpgGJN/vaRgjQiDyN9B4x8a+5sx +7fCLzmcxHeP7eYBkmH4guPCRr8VZboQanShKje3iS6ukKI15aD9FnzGn3TwrMyLTqzvBZSct +yM5Ew7cwUe67OKAXATaLc3AK5OBAqyLGMsi5Q1C8Hd/zqu6tQ/aRUpqfocRIIVrO+zEVfPfA +DOTtA7y6FHY00J2WwOkmZ9CkUWURFadA1+w3oIvlAxMDTfvEstOfvIs5TJalPRjsQYFW2875 +9IQ01SN7jFYKGWzGfsdtDrEJC3157J9Kjy56QUNgYKVaYe0V26Olwir3mAGH4dSaQMVsMDEw +ITAJBgUrDgMCGgUABBTxE9oEHuqG7KvR83sl8JdO+A6MxAQIwdEAxeLiamcCAggA + diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 new file mode 100644 index 0000000000..17b051268f --- /dev/null +++ b/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 @@ -0,0 +1,2186 @@ +/u3+7QAAAAIAAABrAAAAAgAYdmVyaXNpZ25jbGFzczJnMmNhIFtqZGtdAAABVsJJxYQABVgu +NTA5AAADBzCCAwMwggJsAhEAuS9gzIifoXpGCbhbcGyKrzANBgkqhkiG9w0BAQUFADCBwTEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQLEzNDbGFzcyAy +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxOjA4BgNVBAsT +MShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAd +BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswHhcNOTgwNTE4MDAwMDAwWhcNMjgwODAx +MjM1OTU5WjCBwTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYD +VQQLEzNDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg +dXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAKeIASF0LOcaA/CY4Zc8DyEI8Zzbl+ma/MIEBhO+X1LIzB4sElYs +uAFpLMyZH62wlq55BPITOcF7mLoILOjChBMsqmnpCfTHqQKkQsIjT0rY8A6i+zFsyeZvmScH +9eb0THiebetGhvq5hslU8rLEr9RGHFrJFTD/DWz1LQ5tzn93AgMBAAEwDQYJKoZIhvcNAQEF +BQADgYEAci75f9HxcfvEnvbFXlGKQJi4aPibHIPY4p29/+2h5mbqLwn0ytfqpSuV9iRghk1E +LoOlxC2g0654aW9y2myuCPBjkjfmu8QwF613zEk1qs/Yj9G+txiWR3NqVCI0ZC22FptZW7RR +WTqzCxT0Et9noPStMmResUZyJ4wSe8VEtK4AAAACABlkaWdpY2VydGFzc3VyZWRpZGczIFtq +ZGtdAAABVsJI3zgABVguNTA5AAACSjCCAkYwggHNoAMCAQICEAuhWvod36C1SUSvzSSgbOww +CgYIKoZIzj0EAwMwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG +A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBS +b290IEczMB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFowZTELMAkGA1UEBhMCVVMx +FTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIG +A1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEGee8rERl7c24P1j7jbFXqUQtBRXy7wv/EHSftWJSX2Z+H+XcG0V5C8zGUwqdjV0C2alZ +3gJa9pUqDo04SopJxrzGAzgHX1Xafglu4n9e0EUgD1l2ENagJPAt3jbybCk5o0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUy9C9qeGYBVGhTTeig3nO +jR0q5IQwCgYIKoZIzj0EAwMDZwAwZAIwJaSBRQJrEkt1dE/II+Nw8nVy3nyJ8M+RcmGeXhCS +WVa5g8cQ5zjpWCY2fdXkNIY5AjB8NlPwMOViYzqZ4rajO5s0+h7aEJJxXpETp92kbpLMMtb1 +IWbHL+qWY2plRZKVAbQAAAACAB12ZXJpc2lnbnVuaXZlcnNhbHJvb3RjYSBbamRrXQAAAVbC +SX1uAAVYLjUwOQAABL0wggS5MIIDoaADAgECAhBAGsRkIbMTIQMOu+QSGsUdMA0GCSqGSIb3 +DQEBCwUAMIG9MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV +BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVu +aXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMjAwMDAwMFoX +DTM3MTIwMTIzNTk1OVowgb0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j +LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDgg +VmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE4MDYGA1UEAxMvVmVy +aVNpZ24gVW5pdmVyc2FsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYTdesQE022LXFZv/WFqMIyPWYI6R15CYg3rmWBk4 +jMX25WSFtKJx++29udrNTQC0yC1zpcdpcZUfOTyyRAec6A76TUrEId8pYY8yImGCxYcfbox8 +XxYgUUTRcE9X6uMc48x57ljYDsKzRZPALOeaFyt7ADd6QTN44TPi8xAaf4csvvb190Li5b+H +YolfAEvfxd3kdUQyQToecW5pywt1RgjRytIrldDP+7lAa2SMV038ExF5hO1eVPY0nwgB8xAl +BhdK2vEdemZrmGBmpNnv0i6C8fDvCepEyRVq4gNuM9Osn1UAx/YIapS5X9zgM/GEYPlbJxG0 +/Bbyu1ZqgCWNAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +bQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XT +GoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5n +aWYwHQYDVR0OBBYEFLZ3+mlIR59TEtXC6gcydgfRlwcZMA0GCSqGSIb3DQEBCwUAA4IBAQBK ++PiwA+YsZ3vklHdjzG5M+X0ODdzIuTW5cE9j+iT6bIOMR507Y/Oa+XYylZGxd7ysmr6x5DEh +xoGVVloOscLUsaZZrPFjy7hMHVmQSu+QFigfWq4Q+4FQOAxszPE9w/Vj47PjIckkOen9FWZG +9BsR0E1zo31G+T3tqF9i1PE/+OB0VysYnYG0xCjalJelcOusHb4HEfDV293ljPDVMrCD5lfi +j7++oaq/PR211Djq17BcOk9qP4/AZmxjqunZpBb0gdGVFA59zZU02dKPcHOBe5x+vZhh2EWH +mJDF64YwxjW/8P/DVYiDS+8FkgZx8riYk7fszYJh8TjmT5eYKlqNAAAAAgAbZGlnaWNlcnR0 +cnVzdGVkcm9vdGc0IFtqZGtdAAABVsJJT9kABVguNTA5AAAFlDCCBZAwggN4oAMCAQICEAWb +G1eejiEy4jkHvad3dVwwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoT +DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGln +aUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFow +YjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp +Z2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLh +Kac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZ +VXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs0 +6wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcva +k17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8 +IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9 +WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz +2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOk +GLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnf +fEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOzX44LS +cV1kTN8uZz/nupiuHA9PMA0GCSqGSIb3DQEBDAUAA4ICAQC7Ydl9qWy+F8SRG8OhogCN42Ro +D1bPd65w+f2aSpm5yXhcDAxf5OYUKVYLNkldRGPgrZyWGGYbIw09eelta9ZU+NI8wUNArh1Q +9VL8kDu7mJlpa8fBp6hopCfcnfknrjCFufZnTTo+j1k5IlNE68hdA8rtUHp9YiEKgMhzZtGg +BWBf6KW0p6+o9201nHxaitaiOJnzeIv0TdIgC94E7oybR4FyDcAUMu8wWS6u4HHyVuRql2+S +UG2WjWh6mrI2FHoG8iS5CRFQ1wixuIl6hCNhQinlo82iIEHX0Zxk2eomoYsU10wZslBBcT0/ +TXAjhgxK3IHSzDKUhA0ICZccT8DuayB0MNLgOTQQhSEVAQjoVTLecUnZKBdQTea+TdF1rNDK ++0G4Q6Wq08MFRE8sNpvi+uJFuCNTbAZvZ1V/RrVMP24oWnkm0qSoYpfSHuLtSou8G/1HSg3f +Z2Z+sltB0Dvk9Dv0BGPp78JUAFGgiirJznjM1eqHBBizzq9JiK/zkpm2s+ZhD9KFAOdQGuQb +lZ0ZobmcsZuxAB7v0A9PQmzJCrzuQ/o6caXITSalNf2JXbyFYh0y0qArVO2aV8Hb+hDPGbeL +ShuPAbYnlVPotoltW7xo1CPoi1GiVvnwpoCg1h6zvA8PU3UpquoTd+TejIEhrQcQRxGthz0H +0XW8z/NmfgAAAAIAGHZlcmlzaWduY2xhc3MxZzNjYSBbamRrXQAAAVbCSfnFAAVYLjUwOQAA +BB4wggQaMIIDAgIRAItbdVaEVIULAM+vOEjOsaQwDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 +c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMSBQdWJsaWMgUHJp +bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2 +MDcxNjIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf +MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVy +aVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YTUubT5p9jzBHic3j3cbBMW2Xrd +JFFmwMcmWQ2sBgjClNEzH/CDNR9uG8jeqm4VTlQn78RtGuwL4w7wRKVXx0BYHqNHH3HsYPZt +lMgYOe3+QhhW3+RMSRB4TgF2NWMSNt1mvAEENqNVaNWiNgmsqyEmVAatP8oU4KzKrQYdleL4 +nfHgYP/Cf3UrTMza/oeZIeq6/j5U19JZeNs8bs+gEwAauCeh5L5nlsqgxbOc3cl1nuswml+j +zdmueBk/I+lc2ym9rVXIG1SMY/bopurHNxJcoykeAtnbHzu01w9WR4EVBEqvgyfRxViIwd32 +qqejGNpoqm0RUeG/ZWuflnbRPQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCrZo3Xs7rHmrbm +VdAF8Z8xjVqq2apGJg9x7aWtU1ZiAUcqROn+P3QLE5u59E0bstFfsrbSiFyzn83L1KfZYJWE +OvjBNx1hyuewxeWR2lSmrDGBrpfezQisuMCXgH9ucqTnaROVZR/Ekzz9eY8E1D5P6veezs1n +fE9lAv+RhVRzx/8294Yt7NBeT/8Rn3IG1rga8UwNJmXiRIAex5/j3egK2uylIIBpaKFPfuFr +zwdB+oOOvDjdsC4RsWuyQsyavPlIInlKGQ+yHD4gdNlqw77yKHgTVnlPbVDqG7C1V7E3Zlgj +89wP3wqHxO+GBdU4FGCZo0veBpZxLPLbth+k7z/uAAAAAgAXaWRlbnRydXN0cHVibGljY2Eg +W2pka10AAAFWwkjoQQAFWC41MDkAAAVqMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAA +AjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSow +KAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1 +MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7ekosMSqMjbCpwzFr +qHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6Hi9e28tzQa68ALBK +K0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdY +WuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3Lv +dYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZ +ZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn +ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctsc +vG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKi +q3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQAB +o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43Hgntin +QtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiH +VIyqZJnYWv6IAcVYpZmxI1Qjt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4J +aj0z8yGa5hV+rVHVDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0f +b7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqy +mm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4DfWN88uieW4oA0beOY +02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5+bl53B/N66+rDt0b20XkeucC +4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0 +s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dx +VJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLat +t8o+Ae+cAAAAAgAadXRudXNlcmZpcnN0b2JqZWN0Y2EgW2pka10AAAFWwkkumAAFWC41MDkA +AARqMIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCBlTEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwG +A1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0 +cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3QtT2JqZWN0MB4XDTk5MDcwOTE4MzEy +MFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UE +BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8G +A1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0 +LU9iamVjdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZUR +nicPHxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLOKqJd +hwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo5hy485RjiGpq +/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+pKvEHDHd17bR5PDv3xaP +slKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehbkkj7RwvCbNqtMoNB86XlQXD9ZZBt ++vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUCAwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDsw +OTA3oDWgM4YxaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0 +LmNybDApBgNVHSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZI +hvcNAQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujwNTX0 +0CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXBmMiKVl0+7kNO +PmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU4U3GDZlDAQ0Slox4nb9Q +orFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK581OtbLUrohKqGU8J2l7nk8aOFAj+ +8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyRUh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8gA +AAACABlnZW90cnVzdHVuaXZlcnNhbGNhIFtqZGtdAAABVsJJG3gABVguNTA5AAAFbDCCBWgw +ggNQoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl +b1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTAeFw0wNDAzMDQw +NTAwMDBaFw0yOTAzMDQwNTAwMDBaMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVz +dCBJbmMuMR4wHAYDVQQDExVHZW9UcnVzdCBVbml2ZXJzYWwgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCmFVWgo8bgH4ydIVDXwb4rW7WknqHZcli9ABtMv2HJFB1FgqvG +HYDWPesQnDqvbST4vHEBngb1fF8ewQ5VyoOaWTCuGcswSJXtIjeN9EqacmY+rZXA4BYA4BAf +KzEO15RU00IzoDQdHkV23U/KGDfshRV6GQj81cec8PKpLhCpkuY9WD2pFmg8L3UhGH8od6Xh +YRe3pun4Hpnbc270CqIhbO7aqoWSZq/2emuC2roiCDUPz0LxNfpq7n4rJcw6EeRtr3Oydh2t +0LJ4ZxqkORxRC2dWg/04XQ3O3fC7K5Yf3nsyUv0du7UGobIhXqXWlWh/8Jme3EUIPufSCQ01 +lN2ATlOX17UJRCBkFhcDAkxTDWje1apyTZNtgg7bnL3PtPNcXVR6aQmW1tsRwY11qLTPOcjO +PLwkfOZiyuG9fae9V2UL5P4l7bZpENwoGka9AR3Ql7XhmDvAN2TWPZTuC+H1KK4LVr9xiyMp +QY6GxUtSe9hxqx+KFaY7g1rXWAFRxkxB2X/YQWdyoijfYIOpnsh7/FNzcln1k3oXdg7O9+Vc +2QtVNKKqW7VqVOcTylfsl230XgYvRYtY1CMWkuQWbihjWTDfUAGcY4kan9sXlIJwN8MknppH +1lrKTqhpiXIfkWzbfp4brccfc90sTxll/X+TQBAu0vDtPJ4uKD5pJjPFewIDAQABo2MwYTAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTauy6qsAy4iCZRdFxtA9PA2I961jAfBgNVHSME +GDAWgBTauy6qsAy4iCZRdFxtA9PA2I961jAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF +BQADggIBADF45se137iUQMlxxKg17EYdwoXzKFiGsAv8jrI5j0RVq2SEXGmp0Jo4PPrlHzXl +ROOAeZRopLvEnz3hNM0wRotUK5Wl7/c/mYT9NebPMcbcar+n1yMI4Zhew1oIdqmmr3cvt2C9 +REZq75f/c5XBjuiT+/0xt+xXERFFmzDxGog5wU88pwDVx/yrbYAicKUM4F0EKQL7y6CR0XzW +w35Q1Z1YvkE467l1PBXZm8lKg1nA2lP9M7s2GJuFDxXd7i2sdpO52QGNSBCo+/U4hvHbCsa9 +hKMjQd7Wd2+F1IUcUOCuUYq6jT524rnKJ/Jfn+9uWQ0G2CsXpNJ8a7tfFBpIjxpM57NHHI5M +RSsg7kjf590Jjhio2kCNkiYRU2FzXeu958RNKTdh66w5LWcuFtb1AIOFocx/dsR95LdLZu8D +RWBptgxSlpKEXqajtaQ+K9nM2BtHqvJE2k/5A+jwFMs/84Pe0MFU47foCjdNiyBZAzAZoSzI +vREf367JSsXzJ2Zmhqxokf/Z5lMcD4tcaWUKJsgeNMNdUXvXqZwGoTbd1YmUvNnkLQxeCWwI +l3yjPXyT/z+hFKfPtV3r29scxHbfiLm9RQWVG678RmpMr0jjzq4P0n7r5mycT4FqemSsuz7V +58t2LsWnSMFckA/LyD/65jLhjRtvpOaO2PkpSIrOc/4sAAAAAgAaZGlnaWNlcnRnbG9iYWxy +b290ZzMgW2pka10AAAFWwkkPcwAFWC41MDkAAAJDMIICPzCCAcWgAwIBAgIQBVVWvPJepDU1 +w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg +SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i +YWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT +AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6OYwwX7Adw +9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp +Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj ++Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqp +isXRAL34VOKa5Vt8sycXAAAAAgAcZGV1dHNjaGV0ZWxla29tcm9vdGNhMiBbamRrXQAAAVbC +SSebAAVYLjUwOQAAA6MwggOfMIICh6ADAgECAgEmMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNV +BAYTAkRFMRwwGgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVT +ZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAe +Fw05OTA3MDkxMjExMDBaFw0xOTA3MDkyMzU5MDBaMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQK +ExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVy +MSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKsLozXgiykUsRSFrzwQ5DlvNV1Krt3qYY2VSfRvZKMaYGakqUAi +hNnUpeV4kw5oAa25TVw6ztO4qEJA38+juoJZapIbrBya2ggrJSf5aSNH8eDrLHqb9RMC0H40 +fMKePABZq/XaDPUyPCusUNrWw96DlMqoDJkyDghIVltq+9rhWFgBSV9yQTwVBgGOXa2quJO0 +zZ7rp+hqLVI02zrvXHVR2tvzMfnucZgyxFQVRAz5m1Xtrd8YCKCjhopJ7lMFjxlM1d5YeZvS +ahxCq8XVp89oD5bk4WGYdmHIkXzWPgDikVCH4Z0K5q2X0h3GOn3LvNoDNNWOWwH1age3FrZu +Sn8CAwEAAaNCMEAwHQYDVR0OBBYEFDHDeRu69VPXF+CJei0XbAqzK50zMA8GA1UdEwQIMAYB +Af8CAQUwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCUZFmtOWTnKesT/lrD +ixNXyAQk8HR3wGDjZ/vpiaaDv5aCfG7Uwz3vnoBuuym0mHqxO1TrORdHfhqOC/wfMVkxBLLO +F/Msx2I2VeIi2IlVtJhIqmT61hw22ER4WlojOleX9XowT66fakxLK46gA+M+4KnU0nvSs6ji +cjytnv+AWeSbRbT2O7DNORmYMuXqIWGQ5DEhjjSx9y81SoUQ2ueKNyG+WWPg8oWIMVPUVBSF +cHn0LgZ3J3UvH7iK+f7Futg25IPs52W3v2Na80avgZQ31EGM1iPWHs/1aBtEY6Jauqc1WaHl +cAWbDiNXmZQKbbo5YyiGkvMYhNj70c8FVmRXAAAAAgAWZW50cnVzdHJvb3RjYWVjMSBbamRr +XQAAAVbCSWH7AAVYLjUwOQAAAv0wggL5MIICgKADAgECAg0Apot5KQAAAABQ0JH5MAoGCCqG +SM49BAMDMIG/MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UE +CxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIg +RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTMwMQYDVQQDEypFbnRy +dXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBFQzEwHhcNMTIxMjE4MTUyNTM2 +WhcNMzcxMjE4MTU1NTM2WjCBvzELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIElu +Yy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT +MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEG +A1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMHYwEAYH +KoZIzj0CAQYFK4EEACIDYgAEhBPJ0LptQXvibNDrVV9mAhok9FuJaUfjuMJ98fICxZ+g9lvV +iwYZhk9TEG0HJCehoPjVRxlhTH3KkyfqdAzvb5YJ/mPscF02rWd3rsmdfFVEOqJjUR/142LU +qUcHPswgo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +t2PnGt2N6QimVYOk4GpQQWURQkkwCgYIKoZIzj0EAwMDZwAwZAIwYXnY5UJH3xyuU5kXtm8c +feG/EZTRA4h15I2JpIp3Rt5tYe8C9fu138z+Tv/+qeanAjBbmdeFNwa1ewj96yeLSpT54fqn +jiYI6HySaG1z2G8mrCECuJm3JkFbJWCu0Ega7gYAAAACABRzZWNvbXNjcm9vdGNhMSBbamRr +XQAAAVbCSXcNAAVYLjUwOQAAA14wggNaMIICQqADAgECAgEAMA0GCSqGSIb3DQEBBQUAMFAx +CzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3Vy +aXR5IENvbW11bmljYXRpb24gUm9vdENBMTAeFw0wMzA5MzAwNDIwNDlaFw0yMzA5MzAwNDIw +NDlaMFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsT +HlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALOz/n/TbbHvFnxXpQxtdoovS79k+0zuivDzKXz1/+4q4OnpultkIpqabyw6 +JmlRBZkm3NUcanHGmn0end18bMaMZ2dKPvhxsBknqQkMppW/S4wM+lWYO9joIqFLcTh5rJeS +abOJfuohaAaYFJaH0mE2vG0nVp5X7sDAVv0yz6TZjsIj142o89glrJfkcDj0tjq0nTuXJkOj +obxJWXJMIzCHAVj2Tr4caFZmr81BXcizTSpVRqsf2h7iQD3bzX25koCcN90MlmSd3CL3ZIvf +Yd4VlFIVoH1SyUuoIcnGse3Lw5Vg0Q/wq3D438tNfuzW+qvZvX9U8qXpefrZ1nYkKHMCAwEA +AaM/MD0wHQYDVR0OBBYEFKBzSZlo3IVbZeObKC9Xn70zvAdIMAsGA1UdDwQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBoQKmou+RPXXmzBbUXs2AT68aSXeDR +02r++76bbb/HBW1ZIMQc8LfahFgCY/pIFu9PpQv3SpjyP54brUdrY84IR+tSP3icr02u+NVP +z5qYKhBBOVLE3dmbDu+TAa6yLspoQiRCbLCzOj7N6dpIxBXL6fkHD5JQSYrdMZdfyek3qjtZ +ZZeUMsmznz46YljFSa1iDnGlMqovxol2Q0ATE2c9olQlEMvxOvLZ+ttJVrum/qdBNcPgiGHJ +iMffNhAimFnqsEr7VhZzbqxN9yKhT60dei1FJ+UwwV7y2hPLJUJRlUcDjGwhzHRC7VP/M4uP +D1cBFi/Ppu7JcCIUvf2+bAsDAAAAAgAUZ2xvYmFsc2lnbnIyY2EgW2pka10AAAFWwkmAowAF +WC41MDkAAAO+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24x +EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBM +MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2ln +bjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe ++3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTos +vNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnT +lEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpR +l4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCBmTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IHV2ccHsBqBt5Z +tJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9y +b290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0B +AQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbB +uOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yi +PqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7 +9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRu +JQ/7TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLgAAAAIA +FGlkZW50cnVzdGRzdHgzIFtqZGtdAAABVsJI1HsABVguNTA5AAADTjCCA0owggIyoAMCAQIC +EESvsIDWoye6iTA5hi74QGswDQYJKoZIhvcNAQEFBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBT +aWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0wMDA5MzAy +MTEyMTlaFw0yMTA5MzAxNDAxMTVaMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRy +dXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDfr+mXUAiDV7TMYmX2kILsx9MsazDKW+zZw33HQMEYFIvg6DN2SSrjPyFJ +k6xODq8+SMtl7vzTIQ9l0irZMo+M5fd3sBJ7tZXAiaOpuu1zLnoMBjKDon6KFDDNEaDhKji5 +eQox/VC9gGXft1Fjg8jiiGHqS2GB7FJruaLiSxoon0ijngzaCY4+Fy4e3SDfW8YqiqsuvXCt +xQsaJZB0csV7aqs01jCJ/+VoE3tUC8jWruxanJIePWSzjMbfv8lBcOwWctUm7DhVOUPQ/P0Y +XEDxl+vVmpuNHbraJbnG2N/BFQI6q9pu8T4u9VwInDzWg2nkEJsZKrYpV+PlPZuf8AJdAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEp7Gk +eyxx+tvhS5B1/8QVYIWJEDANBgkqhkiG9w0BAQUFAAOCAQEAoxosmxcAXKke7ihmNzq/g8c/ +S8MJoJUgXePZWUTSPg0+vYpLoHQfzhCCnHQaHX6YGt3LE0uzIETkkenM/H2l22rl/ub94E7d +twA6tXBJr/Ll6wLx0QKLGcuUOl5IxBgeWBlfHgJa8Azxsa2p3FmGi27pkfWGyvq5ZjOqWVvO +4qcWc0fLK8yZsDdIz+NWS/XPDwxyMofG8ES7U3JtQ/UmSJpSZ7dYq/5ndnF42w2iVhQTOSQx +haKoAlowR+HdUAe8AgmQAOtkY2CbFryIyRLm0n2Ri/k9Mo1ltOl8sVd26sW2KDm/FWUcyPZ3 +lmoKjXcL2JELBI4H2ym2Cu6dgjU1EAAAAAIAEWNvbW9kb2VjY2NhIFtqZGtdAAABVsJKBzwA +BVguNTA5AAACjTCCAokwggIPoAMCAQICEB9Hr6piAHBQVEwBnptjmSowCgYIKoZIzj0EAwMw +gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT +B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8g +RUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMwNjAwMDAwMFoXDTM4MDExODIz +NTk1OVowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJD +T01PRE8gRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEA0d7L3XJghWF+3XkkRbUq2KZ9T5SCwbOQQB/l+EKJDwdAQTuPdKNCZcM4HXk+vt3iir1 +A2BLNosWIxatCXH0SvQoULT+iBxuP2wvLwlZW6VbCzOZ4sM9iflqLO+y0wbpo0IwQDAdBgNV +HQ4EFgQUdXGnGUgZvJ2d6kFH35TESHeZ03kwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAO8DW3qst3gKcreI3/+1RhQJCvqg5n0IxhqHvRio +c70mymAMnc6Zn89cDzDhvhQx6gIwFPSTPEmnM3qQRkezY30Tm063bxg3gFP+3SDgNZo20ccB +uebc3fP/HSw6FlfZkjnWAAAAAgAcYmFsdGltb3JlY29kZXNpZ25pbmdjYSBbamRrXQAAAVbC +STqyAAVYLjUwOQAAA6owggOmMIICjqADAgECAgQCAAC/MA0GCSqGSIb3DQEBBQUAMGcxCzAJ +BgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxLzAt +BgNVBAMTJkJhbHRpbW9yZSBDeWJlclRydXN0IENvZGUgU2lnbmluZyBSb290MB4XDTAwMDUx +NzE0MDEwMFoXDTI1MDUxNzIzNTkwMFowZzELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRp +bW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEvMC0GA1UEAxMmQmFsdGltb3JlIEN5YmVyVHJ1 +c3QgQ29kZSBTaWduaW5nIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI +cZoYEo562/ma/EGv2PL0CY6tP/5nNzzaySZQsbE+y+hOcwDystzzxUb7Ce8Yls6n4JyEXSAO +eqCqNov6KLZ4LrPs6EfzBPCQI7Tqr+VTuAX3R10rhvGnpMY7NbbSDVJB1/SSdeGiClBWh76X +C3szhRC5KBjuM+pIEddbkUd2ItTuz13nqE4cnZaR3Zy9dAmocmGqsCE68T0sA1YJ0sHcw7XH +VDer5iaiskZxc8oRiO6852T30BEac0BayEksD7fvkH9ogAQ4CxsPO9T1oLPCjuE0tICZbZ52 +1JIpQLGV0jekZxJ/4GK7rjXFmTaCRLjmeBgzYXGTWy2Nn3iVguttAgMBAAGjWjBYMBMGA1Ud +JQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBTIQTRcFRUE5UDy0auabySSeodCWjASBgNVHRMB +Af8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAUnSqlUsi +jMc9lqT+Xfovtbzr8AvpVjgd0W0Nobxoi/DFgKUkNP3ylhgRhqE29TfnVEDVZB/DX3BCay05 +x55SBc7nanLSjXI/R1CDq8eNJcmw46dTFpWmalPqGJ2PeKl3dxr5tJdHWYgnKLXK4S7XPg6i +DbgiRAPj0WOwQTqh9aQt93YeBFSZeDJA1yt8TbqmnLB5bge+jOzu1zhpW8EMVmif/uvR4ciI ++fLNf76FtERnAFA+9CYDZOp3fehePhw3R8jW6qTzNjyXwjlyBZQZJcPXN0EPwR+Hiv2qvumx +ZFfk25Khz+FJ6DsfkRNaw4/ZJVhJgEcPxgOurOO/t8CqKgAAAAIAE2VudHJ1c3QyMDQ4Y2Eg +W2pka10AAAFWwknWHgAFWC41MDkAAAQuMIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0B +AQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5l +dC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChj +KSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3MjQxNDE1 +MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0 +L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMp +IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18 +EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr +hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoV +ve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQij +MfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xG +Y4+WZiT6QBshJ8rmcnPyT/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv +3h8Dj1csHsm7mhpElesYT6YfzX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89 +vqbllRrDtRnDvV5bu/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBC +bJPKVt7+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVEAAAACABhhZGR0cnVzdGV4dGVybmFsY2EgW2pka10AAAFWwkm7JgAF +WC41MDkAAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJT +RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU +UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUz +MDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRy +dXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UE +AxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+Vt +UFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYape +FI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+7 +10LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3 +ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB +3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTLVBqhc6RxMG8x +CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3Qg +RXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJv +b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl +j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w +/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4T +Dea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0 +cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTY +ghdae9C8x49OhgQAAAACABtnbG9iYWxzaWduZWNjcm9vdGNhcjQgW2pka10AAAFWwkj3UwAF +WC41MDkAAAHlMIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIw +UDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9i +YWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAz +MTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQK +EwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO +/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +HQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGg +E6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe ++pTsewv4n4QAAAACABR1c2VydHJ1c3Ryc2FjYSBbamRrXQAAAVbCSfZpAAVYLjUwOQAABeIw +ggXeMIIDxqADAgECAhAB/W0w/KPKUagbvGQONQMtMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAc +BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBaFw0zODAxMTgyMzU5NTla +MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5 +IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRy +dXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAIASZRc2DsPbCLPQrFcNdu3NJ9NMrVCDYeKqIE0JLWQJ3M6Jn8w9qez2z8Hc +8dOx1ns3KBErR9o5xrw6GbRfpr19naNjQrZ28qk7K5H44m/Q7BYgkAk+4uh0yRi0kdRiZNt/ +owbxiBhqkCI8vP4T8IcUe/bkH47U5FHGEWdGCFHLhhRUP7wz/n5snP8WnRi9UY41pqdmyHJn +2yFmsdSbeAPAUDrozPDcvJ5M/q8FljUfV1q3/875PbcstvZU3cjnEjpNrkyKt1yatLcgPcp/ +IjSufjtoZgFE5wFORlObM2D3lL5TN5BzQ/Myw1Pv26r+dE5px2uMYJPexMcM3+EyrsyTO1F4 +lWeL7j1W/gzQaQ8bD/MlJmszbfduR/pzQ+V+DqVmsSl8MoRjVYnEDcGTVDAZE6zTfTen6106 +bDVc20HXEtqpSQvf2ICKCZNijrVmzyWIzYS4sT+kOQ/ZAp7rEkyVfPNrBaleFoPMuGfi6BOd +zFuC00yz7Vv/3uVzrCM7LQC/NVV0CUnYSVgaf5I25lGSDvMmfRxNF7zJ7EMm0L9BX0CpRET0 +medXh55QH1dUqD79dGMvsVBlCeZYQi5DGky08CVHWfoEHpPUJkZKUIGy3r54t/xnFeHJV4Qe +D2PW6WK61l9VLupcxigIBCU5uA4rqfJMlxwHPw1S9e3vL4IPAgMBAAGjQjBAMB0GA1UdDgQW +BBRTeb9aqitKz1SA4dibwJ3ysgNmyzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQwFAAOCAgEAXNR8Dc/3AX1BmWUMc8VSn8v4z5kGfxvaQxWfngJVV5YU +8VI8J4eUKO0fOgE3onb8U1DAhJvGa066jCFPoo5VYpHzaRXYvIjjxKoL/e+o6UtVKgYgbVV4 +KRnuXzBcSyQRVf8kmm5eKivuC02ff/cBOJQUlUMHCftgqe4cqxKMoJpep5hqWW2LPwj7yNFF +rxgVZJASD3MoLsXiJE78WOzw9EX+IrPrL47S2UVhBcGXb6h2co+LjDavvw0FznGN5qZvH2ym +cWLF2NCDcgzxZxGJDJwTTHI037zVcd+qcd3huWyMPBJdZdq9VxK2Q2v/5d5NZhFRz5mu7Be2 +6HGRjN5J/t01caIVJ5Qcz2HjJrtvo2clIV3m3R0LLmgbO4Kv7INnhdSYUXSxuZmAif9/eBlc +eUpgLpJArkw3KizJx2LIDl33NlvK4CUlAbTdGgecdwA/0NzV7D3U+rs/zIXWb3+pLd+5Avf1 +l5q1NdrDZ7CHSqkoniOO/1wna+GwT/MH7gAu1FmHy1JBler0R9fuZEFVfI1ZApXdYp3Cue5a +KHSEpZu3kMcMB9/1iTZ0MtYowbCwC+CcTMMc1vzjabVHRoEvooKr02NEcMSN/y0zuq2Pe7Vw +iK4+Gc9AKNj8yJC7XZki9VLmWMUfiDFD7ogd18aOPENqHacY3n09FvFi+cqQqP0AAAACAB1k +aWdpY2VydGFzc3VyZWRpZHJvb3RjYSBbamRrXQAAAVbCSMVlAAVYLjUwOQAAA7swggO3MIIC +n6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi +BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0z +MTExMTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX +BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg +Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5 +cRKlrtwmlIiq9M71IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+Y +MjZ2zN7dPKii72r7IfJSYd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nY +Lxj+KA+zp4PWw25EwGE1lhb+WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGY +M2wi6YfQMlqiuhOCEe05F52ZOnKh5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSS +plazvbKX7aqn8LfFqD+VFtD/oZbrCF8Yd08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXroq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQY +MBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQCiDrzf4u3w43Jz +emSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwSTFjk0z2DSUVYlzVpGqhH6lbGeasS +2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJs13rsgkq6ybteL59PyvztyY1 +bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLxvlBnt2y98/Efaww2BxZ/ +N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76jRslbWyPpbdhAbHS +oyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyAAAAAgAaZGlnaWNlcnRnbG9iYWxyb290 +ZzIgW2pka10AAAFWwkkSawAFWC41MDkAAAOSMIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSx +HQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg +SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i +YWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT +AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJkTx65qsGGmvP +rC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO3Xss0r0u +pS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ +8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM +UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQID +AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJU +IBiV5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9 +PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvH +RAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7j +itralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MU +ReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0D +khvld1927jyNxF1WW6LZZm6zNTflMrYAAAACACFhY3RhbGlzYXV0aGVudGljYXRpb25yb290 +Y2EgW2pka10AAAFWwklGyAAFWC41MDkAAAW/MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJ +KoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpB +Y3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNh +dGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUy +MDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJwkg4CsIcoBh/ +kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZaby/ARH6j +DuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9 +E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+loce +PGX2oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8 +Pu2Fbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w +6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf +1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEX +MLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEA +AaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8w +HwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqG +SIb3DQEBCwUAA4ICAQALe3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07 +GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a +2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4VSM0R +FbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9jpwlCCRT8AKnC +gHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyXX04fkZT6/iyj2HYauE2y +OE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo2qN8xcL4dJIEG4aspCJT +QLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+ +tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZv +Beyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZ +VEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlgAAAAIAGWRpZ2ljZXJ0 +YXNzdXJlZGlkZzIgW2pka10AAAFWwkjlOQAFWC41MDkAAAOaMIIDljCCAn6gAwIBAgIQC5Mc +OtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM +RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdp +Q2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAw +WjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH +35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i +89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfc +gnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o +76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3s +LPr4/m3wOnyqi+RnlTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgGGMB0GA1UdDgQWBBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEA +yqVVjOPIQW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQ +RI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHd +DrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdS +VR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwoIhNzbM8m9Yop5wAAAAIAF3N3aXNzY29t +cm9vdGV2Y2EyIFtqZGtdAAABVsJJmWYABVguNTA5AAAF5DCCBeAwggPIoAMCAQICEQDy+mTi +dGPTjf0QHQQfdspYMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhT +d2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEeMBwGA1UE +AxMVU3dpc3Njb20gUm9vdCBFViBDQSAyMB4XDTExMDYyNDA5NDUwOFoXDTMxMDYyNTA4NDUw +OFowZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFs +IENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE9x0vV+pXbPdwXWOwcVIJYEQoM6N6 +Tgr62Opsi1EWGlWuVCbEzEUHQU8QeX9x0npOPzhOswDGlcpbzcEqg9cnHzEOIxa3JcsctLmA +Ml4anZPx6DxgLKdeVxlYUV68LFYLuNjvi4K0PLjCJKgTx6AhNht6Vykopy6/cSWQ80SDaVCk +5OEbYhmUCaPzw7zv9L3s2xOdz51ICVJnwDcpER770hGnhRh0eeRPhRTrUjfisUXYzA1Df64T +0msrP6fC4qhtdltDn760nbMmhjsff+Xy6GYoFiXQS5c4p+TPCdE2wwu+2jtEWI2+8Z4Jaz7z +Mscrh8bsXpz2h2WtMynEL4nZucvJA537bJRRlxAbhgsaGz/2An571MVRZCid9dOsg4GI03S0 +WZ3B62EzWkXRyznQBmpTYB2v9vtpvGrcAc+9+Y/ZvVvBOl+O2g9LqZudKihrGgp8PKsiC+V3 +LXH2gjWBrvh7gebq/qz0Gpt0XOiPJPZdnUbELNIeKyFqgydnVUqk48gyl2aQctrj1GQuX+Oh +avZg1Oc1zcrEaI3XccjTJDNzsWz5auEo21/GPei+VeY3G+0k2Q8Zj19jGFhQgVFlb/KffmoE +5zQkcbp2S1geGb0VYEWqDBJAAZ0Q4sc4B3IKZcC2uyUp2haeizWLYe3lcVeDtTxxn+NPv34e +gZ9BlwIDAQABo4GGMIGDMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSEEFjAUMBIGB2CFdAFTAgIG +B2CFdAFTAgIwEgYDVR0TAQH/BAgwBgEB/wIBAzAdBgNVHQ4EFgQURdmlgW49iE2NcdJGwW5F +HvPEgJ0wHwYDVR0jBBgwFoAURdmlgW49iE2NcdJGwW5FHvPEgJ0wDQYJKoZIhvcNAQELBQAD +ggIBAJQ6cwafUkswXNT+sVwl+deOb/WHZJ/tFI64BI4oS4+qe445tNlY9nuhNQqhnYr3Y+Xr +vTmC1ON6LW/fEzy6/n5WmAvzVJ/NRE5uPOE+Fb8GJp3k8JC21MKeMC4f78d6xFDH6nvaUMt6 +JssAtFqrtZMfgImEBJWNjX8Jk7/UqKjkY23ZZOS4KVoIv1DhhA9Ve18IIhv1vZkeFPbO9FgQ +grMKPRnBv1urqpnY8jG95Thm3FgFx+1jGi4Kl3yHkyuyiuPx7BjldbYph+fcixp+tNjJ04oX +bH0pRL6KqvV+Oi5oMZO5atqa4NvpLqWEzRwKuEoI+ZzxYSaYk7d7ZuyRXt1RP9tzD60EWAnd +BAKVCj7Tdt+mEB6APejNpGTRM8eSx+JOROMJyU7CXYcOEp6/D8kFEN56o7E88j+lqid5rTF9 +H/38GWnF3bk/fM3GtMIwHn5uktd/YXZaj+uVTbwRbiF8WTeZ0Aa8+QZtMhal2Wmo4dw8gB5g +UdzXVCEeymJ3T/rYj7MrOg14csloQVpHSsKj6xrXCqs8MlXIChGc33TW8EAVHci5j7U2xa/4 +IrjKHfPWthkPn2Flaup0yHyPw09dZYIf2Q2J2nVy++/xR2cTs8jRGYgnJpqZeX8e5Cw/e+7x +3k2LlpfD1T98GyPtpLMdFnJDSyDhWX7C6K0mv6L3AAAAAgAXc3dpc3NzaWduZ29sZGcyY2Eg +W2pka10AAAFWwknSxwAFWC41MDkAAAW+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqG +SIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNV +BAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgz +MDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +r+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/876LQwB8CJEoTlo8j +E+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5CjCA12UNNhPqE21Is +8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCW +s2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIr +fKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTy +sybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je88 +3WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kge +DrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0j +BBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAs +BggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcN +AQEFBQADggIBACe645R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5 ++OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiH +SycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yvGPUqUfA5hJeVbG4b +wyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a77KwPJ+HbBIrZXAVUjEaJM9v +MSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJkvC24JdVUorgG6q2SpCSgwYa1 +ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/G +lHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8j +s1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+AC +OzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJAAAAAgAVZW50cnVzdHJvb3Rj +YWcyIFtqZGtdAAABVsJJAHAABVguNTA5AAAEQjCCBD4wggMmoAMCAQICBEpTjCgwDQYJKoZI +hvcNAQELBQAwgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYD +VQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAw +OSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVu +dHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA5MDcwNzE3MjU1 +NFoXDTMwMTIwNzE3NTU1NFowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ +bmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQL +EzAoYykgMjAwOSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw +BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoS2ctueDGvimekwAad26jK4lUEaydphTlhy +z/72gnm/c2EGCqUn2LNf00VOHHLWTjLycooP94MZ0GqAgABFHrDH55q/ElcnHKNoLwqHvWpr +Dl5l8xx31dSFjXAhtLMy54ui1YY5ArG40kfO5MlJxDun3vtUfVe+8OhuwnmyOgtV4lCYFjIT +XC94VsHClLPyWuQnmp8k18bs0JslguPMwsRFxYyXegZrKhGfqQpuSDtv29QRGUL3jwe/9VNf +nD70FyzmaaxOMkxid+q36OW7NLwZi66cUee3frVTsTMi5W3PcDwa+uKbZ7aD9I2lr2JMTeBY +rGQ0EgP4to2UYySkcQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUanImetAe733nO2lR1GyNn5ASZqswDQYJKoZIhvcNAQELBQADggEBAHmf +HZbGtnk/Io2H04cDBGBqa5ouWYlzEaxD0fUT/405K8DyvU9wjKkv6hfEC1Se1BuWmDM8qK1i +ogB2q1lpbgYdfsS5RI2YrxLUYdsKGUZH8+v3Y8FABUCl0rf0tZo2v6mIdogEVQQrnId/Gjc8 +fi2lGtjUiV7Kvaw9bNhtr9Xzdg/NO4g4Ip1sk5rEPb+CG2U/pg9dqvzlshXKta3GvD3QhOjq +BnKwTTkyeL8+EZwLpJ2aIfPwmwsweNvB3IdD/rxjmsrFwhzJx43/OxJYCOa2Pex6LE77g5bO +DDxph1RzpHPCk/9REKwVVAHY/AWxiaF/dIOaSdfcTnuKSG+LRfYAAAACABdxdW92YWRpc3Jv +b3RjYTJnMyBbamRrXQAAAVbCSdyOAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhREVzQkW4GJ +mzXyzrgrO1unJvB1KDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQ +UXVvVmFkaXMgTGltaXRlZDEeMBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAyIEczMB4XDTEy +MDExMjE4NTkzMloXDTQyMDExMjE4NTkzMlowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1 +b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKGuJbIBGNxXiD9G6/mv4usjceKa0WFmIV+qrydR +5W4bFtQtfVCwU3e9eDpg4mQCm3yGm9Yajq3/HxV/1ZUeEsvmFIQEwd82sxafiuPJ25g0ztgz +FyhG/KfJ8NK01U0Jckn58ofjqdp9oX1rsjolqW1SRKz4vm773KZzkZBhpgMUIPLnh6OIra2g +jP+mCyVSJecWAdXLuDWBDKM78OHh/FpdzoBxbfhJqz47urjXgAH7petbs8VeYCoxoK836CA6 +n6gyLAzMCR3Tno5dvEyY7sUaaHvsU6bpFDWj382AnwxI+xz08b9KuPrVjHFKxx+t/kGas4Nd +8oRW76VXQ84prYyrVb/E+1sB3SMhoVgAjsPQahPtE+MSK4DcZ+aVss0eIm4q+EHU8soUB42K +VRLGafW4hmgvU16w0qohwZjmMONnVcebbqwZqFWmRQbQIzrb62VdKhER8DtPym30NMRx5P8A +WvZcriNghXPx5BCxJa7VkrsTwQzgOdq0OVe1qzWqciE7gzXnMd96IW64Mgh9HTKRFUpics/j +d6G81REbdgFnCOBBC8PrFW74pBnZoquv4idSVisCiiwUJPm/QgK/JsjGj+BuOH1TLeXtmLOV +Y2h/+TX034jFYDWSwHxpHGGVFtDr3guvPgQQRWVYUDivSPJZthbyPA2QAsZwLgGtPBXXAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTt5292 +Wr9g7ElbxqV3u3IWcZvEPTANBgkqhkiG9w0BAQsFAAOCAgEAkd+AP0MJfnHC9+uziI/hUbK8 +PXX5KF3IvJmbe12q5crhCvfostOf3WcxfroBqsdqQTuQ1AhcsmBqkPDIzgNi+Yvt+24q3AZN +PCkPiRaKWExID+iEYeo8cqZ35EKuiKNDWHl+rsqlUw2pPXC9IBlhpGw4/EMy4cFH//js8REi +MpacwvZbaZZ7IAxDQZpb9lkZiN5ViDdRC3hcCh6jQv3HnYgPwPJ4AiRUk6+Jh4jJSoAd6tBu +PmEuNrs1DieW/WY0O2Fyc/EWXEcGVEkAelgSsArvhf2xuDN1apMcEuZgXm8df8kfI8uEYZ8e +gkT5X61iVSSaUpjtUeehfpc65i8fEdpTgCyFnqs1ENsiX2rFXpdT8jICCTCjWPANAdVyxrF8 +aXvD9TZFzGFuXkyUxV6u6A5ei7/3zeDtoQ4bM+5UGP4Pvu9+hGtD43CY2111sg1ZB4UVIznW +8d+pJg/WSMezpiL1MzdalUefe7oYFW//1hRkg0nSCmch2w81Y2AoIuOxlYPNhabdLw/nZ1Ju +uy+FfPVKc+fFPsC9IRIFP/y3A0kCW8gl5uJUOPV5h4wdU7JOhXsGOMcs+Piwco0l5XdS9AMc +SKZQX4ggMG7ygkOrPZeE51P7IcFPDyKahrhZKvZHPRmILeiF4Z7shQhqsWw0yR3sSCs7eO1m +xI55aYPef4wAAAACACN1dG51c2VyZmlyc3RjbGllbnRhdXRoZW1haWxjYSBbamRrXQAAAVbC +SOI3AAVYLjUwOQAABKYwggSiMIIDiqADAgECAhBEvgyLUAAktBHTNiUlZ8mJMA0GCSqGSIb3 +DQEBBQUAMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr +ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6 +Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0 +aGVudGljYXRpb24gYW5kIEVtYWlsMB4XDTk5MDcwOTE3Mjg1MFoXDTE5MDcwOTE3MzY1OFow +ga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx +HjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51 +c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNh +dGlvbiBhbmQgRW1haWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOYWk8n2r +QTtiRjeuzcFgdbw5ZflKGkeiucxIzGqY1U01GbmkQuXOSeKKLx580jEHx060g2SdLinVomTE +hb2FUTV5pE5okHsceqSSqBfymBXyk8zJpDKVuwxPML2YoAuL5W4bokb6eLyib6tZXqUvz8ra +baov66yhs2qqty5nNYt54R5piOLmRs2gpeq+C852OnoOm+r82idbPXMfIuZIYcZM82mxqC4b +ttQxICy8goqOpA6l14lD/BZarx1x1xFZ2rqHDa/68+HC8KTFZ4zW1lQ63gqkugN3s2XI/R7T +dGKqGMpokx6hhX71R2XL+E1XKHTSNP8wtu72YjAUjCzrAgMBAAGjgbkwgbYwCwYDVR0PBAQD +AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59MFgG +A1UdHwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0 +LUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEAsW1hXaYaf3yrSuQw/FNvJSTGyu3iMVwr +Du7uYVVvBD7POd7FG0mU5OsgTLTmnlAuctmN9aqjs0raVhxgl4DcgqKtSr2KK/8LCbTG1yAE +ReTNgAG6uituzqrXkv7kr+v0Jh0WKn9sMJU3LzMSrH/dx9ERjFGYstCjkdCt9p+eg5MeHUK4 +Rq9rZvCbf+rjAwLlAlHBqtU1nXJAA4m6MR3FEGhSnt+ihcVcCKZ45lNPsei30xSek6bDZOOs +fnHNvJ/pAxvM++msMcGvfBV0ApnDskemwjJh18dvSCRRJ6HVh1Xye4+YPRae7nW2+NCO8vPG +rihbp/DzNhf8wwXTygNKVAAAAAIAE3NlY3VyZXRydXN0Y2EgW2pka10AAAFWwkjajAAFWC41 +MDkAAAO8MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNV +BAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDEL +MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQD +Ew5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWV +zfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6 +pkjGnx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgU +XPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPe +Zqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEE +AYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +QjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1 +cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQAD +ggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+ +DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr +5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUF +dAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEAAAACABpjYW1l +cmZpcm1hY2hhbWJlcnNjYSBbamRrXQAAAVbCSeX0AAVYLjUwOQAAB1MwggdPMIIFN6ADAgEC +AgkAo9pCfqSxrtowDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJl +c3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwHhcNMDgwODAxMTIy +OTUwWhcNMzgwNzMxMTIyOTUwWjCBrjELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAo +c2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQ +BgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBTLkEuMSkwJwYDVQQD +EyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAK8Ay3A3K4BaSjpseJR9o38aH/Y11b3byw1Ecj4mspBSumM7KFhvpbNt +lKbz3WQMVfb25/IiIoBe4WLGtinhgWzyv+V9MmpUoDIZWf4fi9c9YIaFJG/jEbN3PiCWNSFr +swjZcC5k94SSU9YOsJCKiuOHjQbTvZAO4pmhG4YO2poKuwthUAZS8Z5/duzLD9AeDc+ZMD0c +xEUQWKzW0+jX5erFAQd31lHmA3+KSKVNaHW56byeThlx9TJLnG1gGQv7zJ113L8mzY+TeDl5 +c14lDspc63cSB8tkQUdyk6tQw+sJdmQ00jm3dhEJDXZFxKmuPWqvtX1lL5RYEOxcfK9+4rYY +2dCbTlpJ36lmC8w8xnh8p5wd486OU74F3mAPa+Ua2z/j4SHJKcHx6wecUhsBRFE8eyXXxOVS +VF0lB8oWILit5EHuegj+mW+DppECsGw2VWrnffWW5sqB1pfxlIPp7bCxaxJpHqz7XanFmOm0 +W1h6vj2iRDpjWdQLJd4bT73lAZ7N0inVnxcZCm+/DJDTCV/Z44o1zHlaTRk3krfEwa2v9Hkk +mrIBC7GvXJbzgDL7XD2Y8aA/St6+r5Qu2VWaF25gnWNsuGPJroFcGDXgkLu+PE83Irl+68+e +dyGmPTiB+0jaMT0r44n10LW9fuBQxBKJsyOaEDGF265v7zgzGHYRAgMBAAGjggFsMIIBaDAS +BgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBT5JKwPsrX4ecD6YIgbxNlNAp4XGTCB4wYD +VR0jBIHbMIHYgBT5JKwPsrX4ecD6YIgbxNlNAp4XGaGBtKSBsTCBrjELMAkGA1UEBhMCRVUx +QzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJt +YS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm +aXJtYSBTLkEuMSkwJwYDVQQDEyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwOIIJ +AKPaQn6ksa7aMA4GA1UdDwEB/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEF +BQcCARYcaHR0cDovL3BvbGljeS5jYW1lcmZpcm1hLmNvbTANBgkqhkiG9w0BAQUFAAOCAgEA +kBKvIjXCoznwLt7ptel4fEi+P31Fkl7p2rEZ/BY8n7RbZp5q58O5XYjoD63PIw/eJTpezE+l +wbUtrCTSWAfeos9phGAz6BANE6kj0IXljnumnj1yE3Iz9ap9xmMfCPT+AX8kzyssVAne4itt +ksY5TxbqPH56RtRFakao63WCVqeroHxoEzP2nTDwbyc5JCMqkP2QKTXyk980pcb3+O+MD2JK +fK7T9VT4jbaaVocWgjozq1oiCPeCuuou4EeatLVFowU72dwuRUA76tx/6Dvr0ewm2DWkMMU6 +rFees3alIHv5HkoFYgGmKHVgl5INbj5NN0MNkhWcGCLNUZmgKRo8X4oyM1swx4kvR5gPowPG +9vGs3zLw2YEa5Jy99oAU8NEsuYX12KOxyKUh5RwTl+4Ovd8pqe80U1vT5GoThAa2MgLEUq4i +0tyyIUIa2kDwKcnsCgxc4tC6zEjTNwrMEgqKebA9A39pS/Q0IH2zNOqOS2T1Pv2zI2cVDQS4 +8C3BCVE8smwV8KUj14N05OUuyf6YJ0LGq8aesNBbOKWbUN5+GJi1RTv2ebTo9xp7BoP70Iva +u8e9GKsIbzyAa0A/GRm6ZYrmvtVc0zbX70BSJGA4ZwQx7I/zgsbeuVXzOzGRWty1CBWtdiUK +DXsuh+IMpga8JhBtN53s3XiMfIDF8Nl3SNAAAAACABdnZW90cnVzdHByaW1hcnljYSBbamRr +XQAAAVbCSTGaAAVYLjUwOQAAA4AwggN8MIICZKADAgECAhAYrLVq/Wm2FTpjbK/a+sShMA0G +CSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEw +LwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2 +MTEyNzAwMDAwMFoXDTM2MDcxNjIzNTk1OVowWDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl +b1RydXN0IEluYy4xMTAvBgNVBAMTKEdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+uBV7/9R8fWetg2R7 +yEJTLd/2hAggYdYBWWqcRBGv73b9lX7OYTC7eoNfAr0BZsruFY1voTCcvaGFnpQ681aIADHP +2O5qlgLZ7QOM+3Vt5+q4VRYFFpr04F6xiMBkhVwVTYjHt7rgdemtBT2dx4lI4LsoyAPhMJNk +XlLAWXAiNVeIivGVCoPXvDFzATTt70Zx4GsCqDVya5ebZuDLHHlf2BoEaB5HAuadYOI2lwHf +zjWS375nx213WTuPndaQFZS8QjQQwTn5sSc+ftaKdcWyr5bTot6b5Ji+feHpga22b/zXDtrg +NLANGnfn4wiY71j6nIS3Nq/C36zS9BAGcHE1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQs1VBBlxWL8I82YVtK+2vZmckzkjANBgkqhkiG +9w0BAQUFAAOCAQEAWnB/LN23NE/1hlGpJr5LuKrxcQ3cYceg6jQeencPBDXoJ49skL+RFiRG +PkpOzisW1QtSHfwfZ6ICRTFPzvP6A6d5nVNq2dpjOviA19OZ4aXhvtRVcZg1Or6T6q6tQrKQ +b+D8IU01YzOJSdabTsrH504JAPfax++ZYpl3tpUiXoqgq/S4eJjKOBmZyXKeeM1LrK8ZoHMS +LfzCQbqBkdoWWjG3+bRxgBJImXJzWllTwWNSM+2nydI5AnD64LFCZimqm1HtMFQiFF/Zqx3B +5JTw+PUr9+rKeEbWuJH9pg0rGhQBPoDwQqCVB15tzcxLpEWNqxLos95a5aB86A8iHVrpWQAA +AAIAGWlkZW50cnVzdGNvbW1lcmNpYWwgW2pka10AAAFWwknvngAFWC41MDkAAAVkMIIFYDCC +A0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS +b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS +b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9R +YYKyqU+PZ4ldhNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYof +WjK9ouuU+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40 +yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKI +anoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5 +S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrf +Yi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT +7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNk +K2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqx +C0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQADggIBAA2u +kDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH6oi6mYtQlNeCgN9h +CQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pgghstO8OEPVeK +lh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qntozo00Fl7 +2u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzl +VYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX +feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU4 +7/rokTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA +2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4 +LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HAAAAAgAbdGhhd3RlcHJpbWFyeXJvb3RjYWczIFtq +ZGtdAAABVsJJIX8ABVguNTA5AAAELjCCBCowggMSoAMCAQICEGABl7dGp+q0tJrWSy/3kPsw +DQYJKoZIhvcNAQELBQAwga4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x +KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhj +KSAyMDA4IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MSQwIgYDVQQD +Ext0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzMwHhcNMDgwNDAyMDAwMDAwWhcNMzcxMjAx +MjM1OTU5WjCBrjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UE +CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDgg +dGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0 +ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALK/Jyz729hb3Xh7G553ZoHLPrx8rvOmJ5o0o2gxcTgzYuTzcWZ5sallo6WL1Y9gLT9CzKpr +MsAjyyxB3eTf/GGc4nOyIpURQxhfxLYfV2wKBVgiyDZMOnyl0c+Gr4inRAITdHFzCkJZAvgb +FGtC329fumuCop1b50q9HgFy20t06Dt/f30fBLQmm+C0WqxHPVW417AmUigBMUBm2NkkvfYq +2OwhSVyb9nrpf1U1fpZrjZOTJ8uSu+qsQMCfwviAz130WtzOdIamPmwLU8q9ks4ZBnLmDFw4 +accE1rxszlv292ic3CUVSIih6an4mJzg89UxKGERbGeWjTmZy8JFJDkCAwEAAaNCMEAwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFK1sqpRgnO3k//o+CnQr +YwP3tlm/MA0GCSqGSIb3DQEBCwUAA4IBAQAaQNiVZawJkonGOfQQ5akOZlNdeN76JJG750RR +38YWNArvakRR6isHigN6w+s/CixSFqArQ7klkD9wqTMlbUUaKDsnz6rDKUIb3ztMwDM0W0GI +v2srZa8o77L1w6pmzntW7rfIy2fByZwaGLjEw0kD8WAOUM1GxfN3efe2FeA428cvKKAMP3cm +dNklEtox2hoe3ClBkSI8aae7AvK2XCcDifQG6pvkcoLjoQnB6QAZ0z7UcGu6caaqWK70u+ls +tu+HzJu7/znmVmHTCqfEXExgewV3Jnq/2AdSLGL3cGPZObxvHMJ53HYpr87FLGQEXog2bjHU +QBpiNDY/NQGurGOgAAAAAgAVYnV5cGFzc2NsYXNzM2NhIFtqZGtdAAABVsJJKpsABVguNTA5 +AAAFXTCCBVkwggNBoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAb +BgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMg +Um9vdCBDQTAeFw0xMDEwMjYwODI4NThaFw00MDEwMjYwODI4NThaME4xCzAJBgNVBAYTAk5P +MR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFz +cyAzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCl2gqVFlDjlfJe +nXYxBjJ6m/EQdrgAmrVSNs0kR7CfGGS8mvb61XnYkGJMIi/eOD3W4KjpHCzbeBHpjmhRFXLH +8zOH5KBdC1zgVwcqMPXNxDd3KE0Ykea/1VL9cS1wPufGxIrj8CgL9HaYoYuHVbI6E/y3Pic3 +jiLjqE8q72C7Pbc5ww4BR5ldEk/bQ/pXoe35nb4RRyZbE5irXRaKsDccV51F/4iWNr+7ygd7 +b4dj19AyatZdbAzxs2454msxLjkAJxTeOMDsGWaGEuidchYTZFLHqTcc/YIw7YQYHfSuXP9w +EwDrsfUzekvWVfgFjUtpsPWzKDZcFMRRc01rC/E0B9sXOdfcKHtr9Z/zLsFPFyoQ88zK6Ov9 +a6sump8tgm4E1FIBky09hvx+/N/vQh2ma++5IMb3vaCnlf2n5okk2MyMNGziIy/ZEhohuVWR +bwuReRkMrUCIC3DietIO2GhIu4ITORBY6dgqB8YS21jb0jtVEEcFFWdifhhjpkY/CQ5UMl6/ +DWJ6J++A6NvZSwZaN1ol0AgSd9RvCVCXPcgdw9+MRTBWxtNkq2bzwF6WnMPE78N8a4s6eX+z +Sc894omfoDBLhbmclCR5j31rqUVoDyvQ8docy2m4yklibcjQY2LdYA9Yqo+hvAWlZqLPG3ay +hGSxTDlSwDC68IxLArC2twIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRH +uM3/5W/u+LLsL04O+SWwjjxrwzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIB +AAAgI0E1BJDCQGJg7+I1TNc/rOI0kLihb3b6FhakSDcs6ZDC8jz4Cp/YgeW7W9olLKSnVXEk +MvbIC/K8aviTrLIHwl+f28zIiqq+am/hSRDMMdeAu7vI2KIOZFfqovXCqTEV0iBq7PwiASjP +hriAHqnMEaU88hazR5380oAhxMvQR3BBocqDGQgsbfJdd5yKFBPUNhyS8OUGN9ym5pCbOI9c +axtGhkNCXz4BB1NUXWV994pzoZpUWh8pQxQnwoUPtYh7GjuUtx1gp7Wc5ylpV1qbk3pDMBsD +12LIQKaq/GTkSteRUwGoIIhunF9EuctggTTsb9N92khf67SQvC2pHAusHNWiaCCABNb8sY8v +u0oxDUqGHOviNikm9drYxPJ1Yc9+rnZjSnpAZZOH+B6AjIblhtaPDvxTLGDoFmEaoj5De805 +YFRq9fKJJgFog0iiM+jJBJGyETQRPurQQxkfA5OQDP9RPVf0QW7hy6C+68ljzW3M5Pg2qmid +7b1dl3BEDbYONdzhDF27oFGUy34W6xEvo5JFyExx2bzJmVJXRi9Qz701afQ9Fc4GpSwPPvaB +upS7w7u/ZXjShnn/STsagwzw3njsyPJNTBregin4wVra7e7mJ17oRdCdHFGoaKtE49CLauP4 +O7vcTddk8lG+5qqrWukx7ga8c78TYgqfx7mXAAAAAgATdmVyaXNpZ250c2FjYSBbamRrXQAA +AVbCSZyAAAVYLjUwOQAAArQwggKwMIICGaADAgECAhBnyOHo474cvfyRO46mI4dJMA0GCSqG +SIb3DQEBBQUAMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYD +VQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRUaGF3dGUgQ2Vy +dGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBDQTAeFw05NzAxMDEw +MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy +biBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQL +ExRUaGF3dGUgQ2VydGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBD +QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1itYeGFFhlPqNHtRnO2w5i4YDv7gX6gn +07TJ4HxZThYOc1RgwX/2ny7pOoUkFTzbRwRjw57ElBpa30x689lDHTwQenkl25D+8FHnMNZB +AP2fKN95vpS7nbYU4yOF16lB4EykebArGovy+DuKPkWscZIAtJBBmPtf7fq3Lor4iDcCAwEA +AaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBL6aoXgQX7eQoxn8VB +9FZUq+nC5ZeOGP6RyQw+JmTJoUwnZKe9AZNVcW4XTzncG9xJNRA5I//Km8jPZj/cTBrUgQZC +Uh/hJrEWF7rmcHIxROhOjVvk0/nQ448lZDHnKvgYiDYaUsUNQTUbabcm9RfMwRleS3xc4oOA +kfov+5q3FgAAAAIAGHZlcmlzaWduY2xhc3MzZzRjYSBbamRrXQAAAVbCSVjwAAVYLjUwOQAA +A4gwggOEMIIDCqADAgECAhAvgP4jjA4iD0hnEiiRh6yzMAoGCCqGSM49BAMDMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1 +dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy +aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNDAeFw0wNzExMDUwMDAwMDBaFw0z +ODAxMTgyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x +HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZl +cmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +NDB2MBAGByqGSM49AgEGBSuBBAAiA2IABKdWenxS2mSbDi1c2F6skj3+AeYZSj0UA0v6YCcg +2YOJafpUxpoYXlUqZN4G9o1KO60QPGU9kIgEieAwYbOuXQGne958sr7KZWEAhq7aj3vQia1N +HVmaQbG8R4DcnmLD+aOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBt +BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMa +hqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdp +ZjAdBgNVHQ4EFgQUsxaR/e6mbuS1LkmPh3iBgOzlsbUwCgYIKoZIzj0EAwMDaAAwZQIwZiEM +GCZgWjh7VkLgp/w2hFGRICx2TUM9xB2EI9Cs1nw1Bs7Nab2QDdtsSEIdDqpCAjEAnD1IOSM5 +WBoVEllqnu/VWbIdUiyZcc3HKd8bKmF7cdHe88DlDTpKqi2n2IYq3S4QAAAAAgAbYmFsdGlt +b3JlY3liZXJ0cnVzdGNhIFtqZGtdAAABVsJJQLYABVguNTA5AAADezCCA3cwggJfoAMCAQIC +BAIAALkwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3Qg +Um9vdDAeFw0wMDA1MTIxODQ2MDBaFw0yNTA1MTIyMzU5MDBaMFoxCzAJBgNVBAYTAklFMRIw +EAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRp +bW9yZSBDeWJlclRydXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj +BLsiq5g9V+gmcpq1edQp4uHolYCxsONbjispmmTfoV3tsAkFbdsoLs5iomL+tIjaEus46yGd +wEErAVJ7iHfTHI/HurmItWoJ53PoEUCn0czKYo0t5Y8LplDSqFDDKOr1qyWHipqWHKlnuD8M +1ff5UhMvwhvVcHDwj8ASygbLmuHZyjN6d9b47LnxaERCSBPSwMKkrl5g/ramBfy03QdZAtRZ +GJhj9aVj4JAMfV2yBnrzherr1AOuXoQ+X/8V7Wm8+Tk2cnXPd1JN88mQLLk95ckjUz8fJJgh +XAeZKb3GOuznboY6a5d0YzO9aBgx8HiNdr/8no5dKoanTZDcJxo5AgMBAAGjRTBDMB0GA1Ud +DgQWBBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB +/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAhQxdjuRvUWhCBaDdu08nJYQDvfdk/S3XMOOk +EBfr2ikptnk/dvYZEyO4EAr5WKTUYXC9BGFqEooX1Qq9xbwwfNbpDCWNhkBP7MyjfjjGNxFP +7d1oMY5M0rMBdO6+dV4HSBp/cP8WXITAeYW4Bf1/vmURow/AArT4Ujc5BNWpMXoYv6Aq9BKZ +96NFguM8XvWdnrXInnwuyKSeTggUS239cG1rGmO9ZOYft87w8p8uuxu38lCIc5LC4uMWjZoy +AquOGN3pEBHufjWrkK8+MJR60DM9p2UP9fyOnmLPR0QsAV27HbUy0kfSOC7Q/oHcMmoete48 +1fzngR0ZwyRC6mM5qQAAAAIAG2d0ZWN5YmVydHJ1c3RnbG9iYWxjYSBbamRrXQAAAVbCSXQD +AAVYLjUwOQAAAl4wggJaMIIBwwICAaUwDQYJKoZIhvcNAQEEBQAwdTELMAkGA1UEBhMCVVMx +GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29s +dXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw05 +ODA4MTMwMDI5MDBaFw0xODA4MTMyMzU5MDBaMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9H +VEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5j +LjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAJUPoLbwUJzoeseIzd0XDi6wlNAbPQ72lMCKlMcGyJCXyLhkGnp+bDxT +4Tcoc2B/spdTB59T+W1YlNKvjW2IZ4Dm7bKVz3IxyqUccrpcAudkQuf5qSzWOg2sjUKqJAE5 +5pw/AYVXDViHRfjThaqTaSaFcEiAPxIVx3m0HwUvO2KZAgMBAAEwDQYJKoZIhvcNAQEEBQAD +gYEAbesbCele2VHbZyJhpCo8SHfjoHym3nOiFAOFPfurDjDFgxYzgRMInns0Tt9AyHTXuX3c +9HZVfZtjVBjp8OrzXLHZi0IeucCVTrr61eJ89Whhv47sBZdfW7DXo4U0xCSnDQ+Vk+/LlNie +H51chW3Hqq5PHyK1zZWtuqfM+asLen8AAAACABpsdXh0cnVzdGdsb2JhbHJvb3RjYSBbamRr +XQAAAVbCScIfAAVYLjUwOQAAA2gwggNkMIICTKADAgECAgILuDANBgkqhkiG9w0BAQsFADBE +MQswCQYDVQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1 +c3QgR2xvYmFsIFJvb3QwHhcNMTEwMzE3MDk1MTM3WhcNMjEwMzE3MDk1MTM3WjBEMQswCQYD +VQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1c3QgR2xv +YmFsIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyf6dA8CLKDPbrsfHL +DpVXQHWvoD8+zuyqMlfmGbFnQ5haa3yzuPp4nKqmhLJgG4BBzmPNHxcImaT17z4Sx0ywV5pc +eEB4/EWN2pFn3DpRuW1z5rc5jnY6tB8F9WlV+ZPPeIhKvqqb13tHW0YETIIWpjX2/HTf1rSv +2OK1JxF0WaLCZixoCuGYiIg8igV1FOO4rvMIhJtqwT8xGK8npUubpP15Md6YPQ5hyoeYwfiK +MJz6PjPVpcQDB+H3lnQYACc4J9ErqqrhQUWLb/Elwtyil5XHQhQzXXmEI2rnZcBXoNhdqWMB +57Dki+j4xWO45Wx0kD3Hd/wrunnppMYSeKf/AgMBAAGjYDBeMAwGA1UdEwQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFBcVhYkJLySHbz8dG+TylnmDSBPOMB0GA1UdDgQW +BBQXFYWJCS8kh28/HRvk8pZ5g0gTzjANBgkqhkiG9w0BAQsFAAOCAQEAWvAc0NRQz0F+5rid +fcNw0F42/26Oei/eSBHVNC48t0XCVCWn4cEeN4O2lK62RUgD6pW+65xqtDdcHy7Ta4KBQ1sK +PxFVY6z6fAgCN6A8OQQz/pcyyFLl2SVNsMbuaB9wqnPOVwPcfQoNM/LSWt8KbDvMEVGXGqQh +ooU1AteAItKEsvjAqmi/1euqwwuroXwr9/U7h+FUV+wFJO95Qk7zi2if5G7LgpnJzCrcU8If +cIOrIQ9WtEj/3wcis4z5HaYE3y0DNrndb/4xiGb/bG1ENK8Idz4m0nL0u0dWkzyYY+Ezu5kj +krWDeegdn2etYtaJ1vb8J94yJ8uE2neFIaESIQAAAAIACm9uYXB0ZXN0Y2EAAAFi1TGi6wAF +WC41MDkAAAVCMIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAM +BgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUxNDE1 +MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQsw +CQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMA5pkgRs7NhGG4e +w5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7XGie7RYDQK9NmAFF3gruE+6X7wvJ +iChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUnH8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRC +XijMt5e9h8XoZY/fKkKcZZUsWNCMpTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWi +YPqT6o8EvGcgjNqjlZx7NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6 +jIfBkv8PZbXg2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPz +DIZYwYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDdApcU +itz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqMP3UWYQyqDXSx +lUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6aFXftS/G4ZVIVZ/LfT1i +s4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DYPdAQOCoajfSvFjqslQ/cPRi/MRCu +079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0GA1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rt +STAfBgNVHSMEGDAWgBRTVTPyS+vQUbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq +/kawNd6IbiMzL87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsg +bmi97j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBxc94Z +c3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvfjySF5FCNET94 +oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2RtOXDt93ifY1uhoEtEyk +n4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25hPsBTkZA5hpa/rA+mKv6Af4VBViYr +8cz4dZCsFChuioVebe9ighrfjB//qKepFjPFCyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyi +mUcTtTMv42bfYD88RKakqSFXE9G+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHw +dmC36BhoghzR1jpX751AcZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4 +mr8WIcSE3mtRZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LX +aRwXdYYAAAACABh2ZXJpc2lnbmNsYXNzM2cyY2EgW2pka10AAAFWwklq1AAFWC41MDkAAAMG +MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYT +AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5 +OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow +gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh +c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYD +VQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 +MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXX +wc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg013gfqLptQ5GVj0VXXn7F+8qk +BOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFFN +zb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzo +KQm5EWR0zLVznxxIqbxhAe7iF6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcm +eQD2+A2iMzAo1KpYoJ2daZH9AAAAAgAiY2FtZXJmaXJtYWNoYW1iZXJzY29tbWVyY2VjYSBb +amRrXQAAAVbCSUnSAAVYLjUwOQAABMEwggS9MIIDpaADAgECAgEAMA0GCSqGSIb3DQEBBQUA +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBBODI3NDMy +ODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIwIAYDVQQDExlDaGFt +YmVycyBvZiBDb21tZXJjZSBSb290MB4XDTAzMDkzMDE2MTM0M1oXDTM3MDkzMDE2MTM0NFow +fzELMAkGA1UEBhMCRVUxJzAlBgNVBAoTHkFDIENhbWVyZmlybWEgU0EgQ0lGIEE4Mjc0MzI4 +NzEjMCEGA1UECxMaaHR0cDovL3d3dy5jaGFtYmVyc2lnbi5vcmcxIjAgBgNVBAMTGUNoYW1i +ZXJzIG9mIENvbW1lcmNlIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3 +NlXlpV0YMODaiVSR/MjHUvgvUNnvsXVzZUd9G1u6dcX8oYgk+i/tyghKOVTEUXq12mDqODyB +ssvxu9mRIz9IAXB1qQUqrR9x88lUPR0GakA+swyF7lwbecJixLg2jjVdAQwjBEc1qptgTqBm +PcsmCpxAofRdmL9xq6UAaCrtg3oPohS11CKzgLA8DFpRaS1YGI/tmZ7xruKV5vZHqNYMD7BY +WNvDZjeem5FUMzfSlBxqSMnJ8qXapQwj9yMOnDJVXnGchAVRmi395k4qNFreykA3ZwxUIVV3 +2goMzJeugNyUNkr0Ps42Ex5T5KxOOgXs265ynDiL0Dk7iQo+d/51AgEDo4IBRDCCAUAwEgYD +VR0TAQH/BAgwBgEB/wIBDDA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNoYW1iZXJz +aWduLm9yZy9jaGFtYmVyc3Jvb3QuY3JsMB0GA1UdDgQWBBTjlPWxTenboSlbV4tNdgZ24dGi +ijAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCcGA1UdEQQgMB6BHGNoYW1i +ZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwJwYDVR0SBCAwHoEcY2hhbWJlcnNyb290QGNoYW1i +ZXJzaWduLm9yZzBYBgNVHSAEUTBPME0GCysGAQQBgYcuCgMBMD4wPAYIKwYBBQUHAgEWMGh0 +dHA6Ly9jcHMuY2hhbWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc3Jvb3QuaHRtbDANBgkqhkiG +9w0BAQUFAAOCAQEADEGXwhqGwCJ8n/uQ8xrRA7HvE/khXwSc2smljSdsloeRvkGQAXKT5x59 +X/aJxl2nQAk9rElFRdwujTBosgm6+8MvzLoL3z93e0Z9OhIkjpaPPAUKb9KUKB1tDMAuiCLV +2M8dE8fwSNfXBafPx0eeOzw0yIBP1BS7/A1Q9/qz7EJfqd1tyPR1z3vBciaxARxcLP16TrQB +xQVXuec8qgXZiOkHRkHO70GBrljfg6Kuytd3H+cAPJ1vjuQyCR1NeDR4NDyUmybtT3HGGXq9 +ICJIWv5LfQO351i+xjJOdB5o3ahoW7M+7mJ92YDoCnV6t+60ZZohkOCq0Ji8OLVzPIv43AAA +AAIAFHNvbmVyYWNsYXNzMmNhIFtqZGtdAAABVsJJllIABVguNTA5AAADJDCCAyAwggIIoAMC +AQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZ +MBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 +NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBD +bGFzczIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoW +N/xIvb1/gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05d +fBsm03V57eaE41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO +7N05lU6DBn/nSUDIxQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50C +ldG2uXE6aQg/D7ThQseI9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY +6LST6nVEawRgIHFXh53zvqCQIz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8w +EQYDVR0OBAoECEqgqliE0148MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H ++RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ +6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3WNEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuD +wyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+chdQYH2BK0ISBwQnGB2jyaNr6mWw1qbJof +kXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuoLp0UWgV1t+zXY+K6NbYECJHo2p2c +9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzfTAAAAAIAHWFmZmlybXRydXN0 +bmV0d29ya2luZ2NhIFtqZGtdAAABVsJI60QABVguNTA5AAADUDCCA0wwggI0oAMCAQICCHxP +BDkc1JktMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U +cnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzAeFw0xMDAxMjkxNDA4MjRa +Fw0zMDEyMzExNDA4MjRaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEf +MB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALSEzDMXLmuUbGthUqDro895lEzllICZy1VkRGWPZ2TiBuNcN0n2L5uEhB4t +8mCdME7MhIXiLM8env42qzN3NUTYNZYaPTboeg7Y1UehammL2fy7Oq55WtX01nG7mpAja5q3 +iHSHDB5fuZ4t+qtTK9y7dj6TTAgIjB6iIxzUaq0iupkBLm1ly74kZlUkS0BEsRvX4cKFwN4Q +Pz3tuPzx8SNT3L9ll2/Z+UBxjX29ldTOvqBeJyPe/abQJg4AKes8RvA9YL8/UNLcJkFRnhQ3 +QgSjcFeoG4ftLfp77owK46lmiRnLQfndRDZhz+J3Rsh99vSSgTb92zTxcn7zDBa9tBUCAwEA +AaNCMEAwHQYDVR0OBBYEFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJV7IWeqjC/dbZm5s0wpy0MhRN +p6Tf7L6nvvhD25E3zrQyLlBVGjVOdkNxIO+Td04VcC6Hw8EdbdzLtSfULFbRUlM6RNJzyMQb +BWVaYpKc7kGNMdvnNOpZIdUBetdkuGQ5zcntr+1LA0inoJkBgNxlozauZVlIT4JLyGXxVx3l +WS4KP2zY0fXlCbRsVAAK4BVNh3Vtt1iWWt1t0gCg9JtIvsM3pLo24HyHhZcaFaLeLqJbva8Y ++ZBQzXBZ+CdnR8vHoAc6fdEsXWwZOma1ff2Rb4KxvgiT2xRH8aI3x0WePMd3r2Sok9/2aYOC +YPJJQjTtWgBUhRwWNpIMXPqmrb/bAAAAAgAgdHRlbGVzZWNnbG9iYWxyb290Y2xhc3MzY2Eg +W2pka10AAAFWwklM0gAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsF +ADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZp +Y2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQt +VGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNl +cnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMM +HFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK9tPPcPRStdiT +BONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuh +dfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Z +f3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GC +ahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGw +UgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtw +n5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqm +JQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMi +vgkeGj5asuRrDFR6fUNOuImle9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7 +PHi4b6HQDWSieB4pTpPDpFQUWwAAAAIAE3hyYW1wZ2xvYmFsY2EgW2pka10AAAFWwkle/wAF +WC41MDkAAAQ0MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUF +ADCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIG +A1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9i +YWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUz +NzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBH +bG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbi +m1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt +2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4qEHM +PJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRaJSKNNCyy9mgd +Em3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvryxS3T/dRlAgMBAAGj +gZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0 +dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEw +DQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc +/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYg +oyxtqZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9N +mXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9 +aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJ +ybQDJbwAAAACABlnZW90cnVzdHByaW1hcnljYWczIFtqZGtdAAABVsJJzGIABVguNTA5AAAE +AjCCA/4wggLmoAMCAQICEBWsbpQZsnlLQfYnqcMYDx8wDQYJKoZIhvcNAQELBQAwgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAwOCBH +ZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1Ry +dXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw0wODA0MDIwMDAw +MDBaFw0zNzEyMDEyMzU5NTlaMIGYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg +SW5jLjE5MDcGA1UECxMwKGMpIDIwMDggR2VvVHJ1c3QgSW5jLiAtIEZvciBhdXRob3JpemVk +IHVzZSBvbmx5MTYwNAYDVQQDEy1HZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4l5iWB0zVzky +M/rry4eMp9RK3QaI6mSOMZilOJAemM8uYyvwRrxEsomhwCgMSXAhlZ9kwKaTEgJlJobGpYnw ++teEoHCvTxqXPwZE1cnrchB95DEo+xxh5igHRHOSImmnA4hsnWPIUtqYJ+cITHA+tMkSwcVn +g10z8wMR7GrQU+LRujZglIC7YWNsWxd+30CUHqsNwiEocIj/1iZsbGAEJU5Vfn3vv5RI3rcd +3XCNBV+IpZvywu7q0UBBbWI4HVYGxQNHUSAZ/HsQCw5irnZVv193vj5JAVM9mCUDdiRaHbTb +iep55bazOz+6TChBfwasao7B0PYFHX3mQobjpdVHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEecqOoU4DHRzca9sxW5Q+PzB/LTANBgkq +hkiG9w0BAQsFAAOCAQEALcUTz1aAe3p4vZ+uLJnn79rflF4JaafnbmiMvXK+R6kOlxK4SvFk +0znfJTTUwc1OgfAPBMQkszSWxqaqMN9oYXPX+Y6Fie8OXpUoSionjxCOLnyGxAKe2gx3ZQ5E +DZL9/bMWNvoRDR2MDgeJailW93L03RWcdzVmV6sTU9iOwUDF1xMWWnLHt2kBxHqxgwFofY1B +oZQYwSVc/PD+gwKHfA0Nzy4IXEpADT7sgWHmJNvK4A4tB7I+VtyN9UGFB0ibDAvLST997Lf9 +y41niRqr7bseowAICBcqglwxXUaKLQ+Gm3TZRfvUQLF6qmgthrKZIuHBK8ec+PNfqIIS6xkR +LQAAAAIAHWNhbWVyZmlybWFjaGFtYmVyc2lnbmNhIFtqZGtdAAABVsJJ36oABVguNTA5AAAH +TTCCB0kwggUxoAMCAQICCQDJzdPp1X0jzjANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMC +RVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm +aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2Ft +ZXJmaXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgw +HhcNMDgwODAxMTIzMTQwWhcNMzgwNzMxMTIzMTQwWjCBrDELMAkGA1UEBhMCRVUxQzBBBgNV +BAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20v +YWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBT +LkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDA31bT5DqbdkW0E9v/wbYZizdBGJVSR+sXnSmIjjVs +BjIuR2LzSQS/fUQ2sXHMvVoJc9XZhUT/kVcl3142jnDRXHFDHdna71zS+xu9OrXLraPMRKcN +riEVP7l6W5J12KQSOIkZireA0uIyb1ackdaIEAuzdGSSdGDz9s8YT2CyI9DHO85hS5mPwgzQ +QLKY3A2oTqO5Cq5goK1FUmO6Zr1o4Pm+GqiBux5BeHXTwf4AVbCHVOgnkDUdTDOtl/yXLpiE +vyzJo7/RmBEU7WP4ypiIWBeZ7UUDl348hh6IjL7ykYSPZTTYAEx9tzEXWil6ChgkMKM3tXqp +AX0m1vkOjlnx/RsztSk7FztBtiHd1MA9pZ+fH0NQybu8bHqXmO7NjB/7nFGui3C9J59xwGus +fZBm6NddOg2w1cKN1cidncFt0NC/UeTj+MM4Nq7Wp3Xmr4RDXZOSDGoH3jsdmCLWrME126Og +Jf9ytXYd3m3pLGYsUoTQRZLOHOXlMx3cB1NUo6qCO5o3L9zdoGTp5t29rvxkhR08p8kG3oT/ +a+hrGjzForNC+4sJPl8IUsdixNQFcb/EZOT4oYPoPhKbqB7UNk0vcfaNKPaDqRPSYcGRu0jA +NI9BjEtM22kS/1CUnCCDWXPtfKHy8f3d90nTQ1igVmPKPT3lNVZZ6Q7KIMwrS5MpDwIDAQAB +o4IBajCCAWYwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQUuQnKnB7b02w6a67tVPFb +kwY1Ll4wgeEGA1UdIwSB2TCB1oAUuQnKnB7b02w6a67tVPFbkwY1Ll6hgbKkga8wgawxCzAJ +BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3 +LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoT +EkFDIENhbWVyZmlybWEgUy5BLjEnMCUGA1UEAxMeR2xvYmFsIENoYW1iZXJzaWduIFJvb3Qg +LSAyMDA4ggkAyc3T6dV9I84wDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAq +MCgGCCsGAQUFBwIBFhxodHRwOi8vcG9saWN5LmNhbWVyZmlybWEuY29tMA0GCSqGSIb3DQEB +BQUAA4ICAQCAiH9w3pIo2QWURv+QV6nxL98aDWv6fA4cSSR5J9hGqm8pWVKIcBLq3T31m1NU +b+FgoqgJuezrWXzGNfHcGOnxZ+WvukXgCd7KRA/CFw53kUV6M19flixoi8FHj5ibPcDsy/XV +gpKENdG+NjhWcjFbRy2qF6RjUesKAa1/7HWey6Ef8X8SsbnkZH9n1iMq9Lg5XZjoIafhvT1C +GnSacK9obFBdSc//+w5d5ixH14E6WQC1c2tjIPYxRQg5DvRwfkBwWj/Qa0KpdD0oLwJtdXKV +CY1IY8bGI1eSk141wY35CvcsnWIc9q183aYxHraxx36FJvqkarXaYzDR75M3smYvfQX357dL +mJQ1wNk6KcGdslAzHUqpWqbJA+/t9Oeoboq0V4TrpD/Q7qqqh1tj6JPia6jUuHJ4axvtOeRd +y5uqh9VPTgD+2WqfPDEPKAIBfZjop7CiZJ55+EjyFanM5shE6z94mfJ7cT488ZinxRgSP+a7 +KDNC6UUKfG3yhnkvxYIZfQmJfLJUdoiu3sHzzOFu2zHWk66ZoO8lanOYiVs6LhOIHr/AkpQ0 +G+Mnt4seb0L/5+k3m1AdLaL5Au7LWFg6cbxo46rBrxwoH6LcI2U/gequmdPYMM8TDU8VyYS8 +p0gt+DAjd9hGS3lt9oztOn9gEXj06Zuu1VTAdIDRC0KfwQAAAAIAG3RoYXd0ZXByaW1hcnly +b290Y2FnMiBbamRrXQAAAVbCSSSHAAVYLjUwOQAAAowwggKIMIICDaADAgECAhA1/CZc2YRP +yT0mPVebrtdWMAoGCCqGSM49BAMDMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcyMB4XDTA3 +MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0 +aGF3dGUsIEluYy4xODA2BgNVBAsTLyhjKSAyMDA3IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRo +b3JpemVkIHVzZSBvbmx5MSQwIgYDVQQDExt0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzIw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAASi1ZyCe5Wd8VJ4h/6KFr8F5t+jAk8NB8YAUboMAlIt +IqRCOcT+j+rJwb7UTf+fep7isXyaraeGCXOH0eea43qlqm77urNwwGeIojXUo5qx/a3C7zH6 +qLnz+wjGkdH7KZWjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud +DgQWBBSa2AAwAOdrf4UY7ou2zooM+BHhuzAKBggqhkjOPQQDAwNpADBmAjEA3fjgV0dbp+YK +w731gIqXNQ0biTxUhncoyqH0ed615jiw8GVwjH8CVMK//9ihPtnPAjEAxI2U/NxT0tydeBYf +FTMjU1LjWjFdncquvRMpRA0nW6jnaJwS91g/LnICV6OPoRQuAAAAAgAlZXF1aWZheHNlY3Vy +ZWdsb2JhbGVidXNpbmVzc2NhMSBbamRrXQAAAVbCSRhzAAVYLjUwOQAAApYwggKSMIIB+6AD +AgECAgMMNRcwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlm +YXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l +c3MgQ0EtMTAeFw05OTA2MjEwNDAwMDBaFw0yMDA2MjIwNDAwMDBaMFoxCzAJBgNVBAYTAlVT +MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4IFNlY3Vy +ZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALrn +F5ACZbE0VTxJwlHV36fRN4/R54FzQVJgm52hFyZ4rcex6CaUMrXeM406L9vymnpac5ijXOn7 +inMbXOfDv4Bszan01ivA9/mZqmOisUcCD9TkUToSPGyKWlSEcNvBxZDPckXLqFnAzTOdP6OW +64UzIRw+Hj5gbnacZ4XFyMNhAgMBAAGjZjBkMB8GA1UdIwQYMBaAFL6ooHRyUGtEt8kj2Puo +/7NXa2hsMB0GA1UdDgQWBBS+qKB0clBrRLfJI9j7qP+zV2tobDAPBgNVHRMBAf8EBTADAQH/ +MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOBgQCcszOjP2Ihxhj4bG0RJOx9 +p5kMB33tiBUw0c0K2eYHNUaTStZFJ7gowdhIrCMlc7QYGgsYiq6hiWRtDeFn+uDZ7REja6iW +Ew9vjwoy5FxcmyOvkvSTAmq85obVs7P9yLt8a14rx0NuCPUCa/nSnrotqxsIpzm9CmJYzN+0 +IMUBrQAAAAIAGHZlcmlzaWduY2xhc3MyZzNjYSBbamRrXQAAAVbCSb5mAAVYLjUwOQAABB0w +ggQZMIIDAQIQYXDLSYxfmEUp57Cm2VBbejANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMC +VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO +ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp +emVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAxMDAwMDAwWhcNMzYwNzE2 +MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD +VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBD +bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvCg3C1SzbZ7kt5ZQn3aW+4LBNj7NhVjzW +fMP0zT6Gy6KI4uHYpGnFteK/waZHUF5GOYvVlrq1bxS/EM4nE54FR5sxehPYH9nTAjeLrSxH +8I6BBqcNMAzr9zwPIB3cckbupQLIW8PJVmlMxRjBkXsL1RMAm7zvw0g+RmAghSrVkLbNi6DM +Mt23/UBVslAcVq7MjXdNxyBNpzF272iSipAeCIFWsq1po1LQyxzEIz0fmf5M6BZjjsYIjvYx +9tL65XbdtRySo0nNzQHNaM2pabqj6x0NnKQgpsGgxdFGTBdt0qxmP5aM4ITUNv8iWcX5EWCo +XwR98hr2JUJhD8RKuD6JAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBADQmFTzAjU1DSR296SGS +12act97FuNDkXV92IsAm+YQ6OvmMtfvsYPHozgSwyN2nA48w85jfpOakMd/THAtG3HIgP67u +BTykMz8LOaxweHNLmSvfMMJUsKg7VaH+FijNQr10boDbJ0SnzkRd1BuQmA0eQpSxACwE0HSj +AgUiY2PNg7X7wW1ia2l1/V1wQbn1v3zfvsEycyIhi1iBexWRerrjZEiwf/s2JdqV0PEkFBfd +GIBrRiM5VPWOYgkEHZSQppvmJeJCRaq4kK2+CI+pC0IYlM9yOeGxQ+Aoz7fnWmwTa0mz/+MY +fImLM12sM9en+do6VclYEPmq71q2z0tL3yoAAAACABR1c2VydHJ1c3RlY2NjYSBbamRrXQAA +AVbCSekZAAVYLjUwOQAAApMwggKPMIICFaADAgECAhBci5nFWpTF0nFW3s2JgMwmMAoGCCqG +SM49BAMDMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxML +SmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMl +VVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBa +Fw0zODAxMTgyMzU5NTlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEU +MBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEu +MCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqG +SM49AgEGBSuBBAAiA2IABBqsVFqp+Wgj53rVJG9TxlrYS6vG1bbR5nNxrt2c1gxh/dugiQO4 +BRTsV87uXT/iIbPO99SKeeCjg34tl9BhxPGZ3CWRY6t/MKO0cOLHoTOc878uXFOxX7N9Mn+K +NON5eaNCMEAwHQYDVR0OBBYEFDrhCYbUzxnClnZ0SXbc4DXGY2OaMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMDZnoRYI3OSXAEEdTr7hYwHP +O6pCEWSgnZQ5AhF5XHsd+mS57hZCs7+KwgnE7OSxTQIxAOkqYUeMUkpLThhw9tZE1m71g7pt +WL0k2VZI6u/EokaBiGo6RtGpm03JYdrRXVdqGAAAAAIAHmNlcnRwbHVzY2xhc3MzcHByaW1h +cnljYSBbamRrXQAAAVbCSWTqAAVYLjUwOQAAA5kwggOVMIICfaADAgECAhEAv1zbtvIcbsBN +63oCOzboeTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBs +dXMxHDAaBgNVBAMTE0NsYXNzIDNQIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcxMDAwWhcNMTkw +NzA2MjM1OTU5WjA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxHDAaBgNVBAMT +E0NsYXNzIDNQIFByaW1hcnkgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr +N//rYJtBeGn1SViw3h9xaaYr465Qxqm8k+kgvuTEE4JW7/BDMgnKm3UDj3xP4eBPdp4LrWR6 +FDqanb8vFgtlHKnunLzjGmXLT4XqklZ1ZtZVQO/7zNY4P6sc70KNGYn2t5WGwqcd6fcp8SrZ +ZXn8K/WOyhp3fp7orPlmv0X76BOdX7Zz5X17jvsSdF0fBl6FG6ZeGEQAurzTbtFSDgat6+61 +tMG7vOs4D0gikcdv0rhyO7p/wI1st7xHcyEqhf+s1iiiGdWXajq5rG1F7OZNw9uoXcVdgpis +Slqq5isIDBB0vGL2OkkEZthRHCam2HWfnL+uYFE9XLyiT3uJZ81TAgMBAAGjgY0wgYowDwYD +VR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFIbh4YFxv2oS8QryAeTI+0DO +aICJMBEGCWCGSAGG+EIBAQQEAwIAATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmNl +cnRwbHVzLmNvbS9DUkwvY2xhc3MzUC5jcmwwDQYJKoZIhvcNAQEFBQADggEBACWq4SJAwqSA +PLeiXZmNH3pCNThmFxHfva/8FRGYGTPmBUKEVKhL67Cd2zfaFlJAEXRov+nJshCEtx1EAHkn +HPVYBhcYMjW2MJdjxqY5G8juRhdixS7nCqOaijBjc6oUpU0KqHKT8EkREJB8GH2oIAXEwno1 +uhxaCuAueMiIsc9XAew94gYTNMCo3PqAgAXuBXa9nSvInVBva8VAUIT9XR3mkJwQ06TGuSga +3rX4CnCqzt5QPQOA29iIxUgG5ANz3RbONtblm+p32rKWtWWnBF0jrveTsl6KUWRf2s+MPUFb +3vmj6Sp8RxAf9jI8fnDp36HVLg2xGkW0vBLtKBfpHgIAAAACABlzd2lzc3NpZ25zaWx2ZXJn +MmNhIFtqZGtdAAABVsJI0YEABVguNTA5AAAFwTCCBb0wggOloAMCAQICCE8b1C9Uuy9LMA0G +CSqGSIb3DQEBBQUAMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAf +BgNVBAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjAeFw0wNjEwMjUwODMyNDZaFw0zNjEw +MjUwODMyNDZaMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAfBgNV +BAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAMTxh3/TeDH3OMn4w5lDvMf3vDfnTnG6S4+lcx1cbpiuA1euODdDLxc9H8jOaBDB +eK4ZAysQ+ix5g/bouWi5VfIERKc5+fwEix7xok0n+WF7urflohO262E+0GzR5vv6Xu0dtJ6g +NVuhksvwSZL+hQoFPubZC+JPu9yVN/yR6TI1ItEfOk4nhZ2wFZQy2mENR01gQq6SR+iDWlBY +6YqLuV2h3N2ZSh82Z7tI5IO2N+tIOq8PZ48XB+gEyu9qMYfUwLb5lHF7Z2S4tpFKQntlLjBq +DPWQ7pXm8s2C7NmhSuz2skvlRYXmbXiTBC6cgm02qcQxZB+Ggwsq9DUKeMlVz0GwR+kwn5m+ +YagGhLkoel842RupOLCDf3PBwztIKoIPIZu4zKg1w4Qbg7M+vqSVaQE6iQB4BNnJ9JkZq1Z+ +W4uGORWRpBAsCTKAYLOTwCq2GAudfo1J8hBKf/nVRi8ZkqOZpyasu4w85g68Rwfcc1HxcGQv +CPm0Rx0wbETqKTeFkmhmvIM4/ns5LtNQ8B/7XmC2qab6J0Hxmxhy8vWEdErJZ8RUrkhk34zR +brAd4QePCB6ZnHHpTNil90cSH3TRUZ6G88KiI0ALc9tLpudzBozBoOnBWaxG+uYv+M9xnEZt +ucQVjTh5A0VI78Rd1wjuhzkihrIND1hD93GpSC796tYfAgMBAAGjgawwgakwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBegzcHkQbY6WzvLRZ29HMKY+oZY +MB8GA1UdIwQYMBaAFBegzcHkQbY6WzvLRZ29HMKY+oZYMEYGA1UdIAQ/MD0wOwYJYIV0AVkB +AwEBMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0G +CSqGSIb3DQEBBQUAA4ICAQBzxoHgJ9ItD+CVMOKaQX9QLF9fYmGphmppGAx0SdZdhOpBUhhv +WK1QViBqxr0oaViR3JERNak6HbwapWCe2B9/RZFp2X67eHLBBg8qzo+FcGGsoM0LuDkpVoQy +Toa7PcQq2dcfcu7+UaEiQbFxAmMagrBiq15XEh/fy911oMBdeZCMG+BQ5t4x/ph7cF+lkNit ++AK2b9Ng3UBLIsU9rTp6nxoaR5F5M7qC3DJpA5ZuH0vwcf7jZ3Kgsb9ci+T6mSLHhLkbjSOX +P+0l4M9lu/VhBO/dHrJaQSJaoZ9dLOhbyW2pDAx4qmDGVo8BWgxovGkZecQffpcFv8XpJFFe +1NVLU+3ZI1o2A2WjwQOtQTDzRhuFkK9ltdWx5BZbeHUdl3ptWakqj3vew4eJEJlJc3jIPb1R +NXQq1fF+aRsquzu9JbiaWj1yYZBmh+4M1k3UEXQLav4LA/yjVVeJ/krLrlsXBcjyjSMxUzjS +LWo/grmNCGr3XkF0bsMRfgesKWCRPzjKVxANvTAvx6XmQaDargWHmqCkZWxMCQyJurjTucCT +ijD6jeWaaxUBTmeq2mJWPoQIZtLENn2nPhD8iODUgOUAvarzTgajemr5YnLjCU/rmw4BI/Gf +u3zc3GwRlyWy8rRjFNIGKmeMg/XO6gfYmmoe7OQKuypM6wlgOc7KYtgubgAAAAIAGmFmZmly +bXRydXN0cHJlbWl1bWNhIFtqZGtdAAABVsJJ8v0ABVguNTA5AAAFSjCCBUYwggMuoAMCAQIC +CG2MFEaxpgruMA0GCSqGSIb3DQEBDAUAMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZp +cm1UcnVzdDEcMBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTAeFw0xMDAxMjkxNDEwMzZa +Fw00MDEyMzExNDEwMzZaMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEc +MBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAMQS36lf/kHd3fWfiuP2rOE8eJq82PB/eqAzKtyNIFuuLW/nk9k2cGpoz45Ro4Vb +ZwSgECRvXSiCwZdX2EgpE7bhvpFN34UMUxiaHiSiT4/wooULy/Qpf9KkWO4mTcmqqHua2fo4 +3kRXFeX4jMjZSOINFicdHsiDhSW3uqpVQcwDIkstkY2L5omvZsfp/yvpPKza0rPD4Wicifh6 +AFbe9FWVbPu6ZN1ii98LdzLrYswmmpu7qmKDTLQGejDIKb/tBk2XuRzEMSvVX7xTEhecmVcp +ZndhITEHLiVJnRjy7vMrcYy1ujkHSXf87y6SkAWNLS93e+9DvzW7mtj5c6cs8tBX7ihOJl+P +kGgJL7j43AbpLpo+UafRIsQKpzhIbLP5/32rhlfjutaFeHe6Q+pIf/bYviNtHr/RNmxYXPHu +pBlUGvUD0nbm4Yy9PLPTSEviyPh/kqh2RpxCZT6kHsEHA1pGLbiX87fVslUh77rcTACX+xSV +JzO/6ENHRtIImRZgO5p+0ubtOOrsAR48SFZJCcdMNwCeiA7Ac+FvZulyRzA+EOULA8maQgBs +xZR+YcSK33+CGgtZxFkyd7O8YGlWOf20Bnss1mQ22b1I7YQffqUijyq4QvSCt9RTkHhOLRr9 +gW9E1zsBdJZC4ADiLmvqxe5yrLu//uqqqPjc9rJ5irZnAgMBAAGjQjBAMB0GA1UdDgQWBBSd +wGemDCLZJvVFq6ZlUhEn2EWsYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAN +BgkqhkiG9w0BAQwFAAOCAgEAs1dNEGJOOuSs6rgcrzIjyLNJWlGcdiiNeapXRhfV9VL2t0To +CES/GITSC4DNxRL9AFUFYYdB3LUknjzE2Mj7cJ4veJaDIDbefA9pE4ildTaYCKbG36zO41jW +tz7euvPrNEDYooH1eD8v1aX82aLUXgQOF63+QfDlsnL6RIIzQugtWPdWjGI/ukKwnAxcfi5l +JlxTTwCyeH6hDZktjbgdjqLEsP1g0DCkjsgEYqnE7TXeepftDjheki+TcKWpnG+nfRMdfsYI +SLFeZ+tRCCXp5iVrUimRnNI5cwhX3pkGtFudEAbhwgCouBxKAgoU0MFByvuMNSF9gjjyqVSR +GTWTlG1qOsWy0LuJhpPom8kPOqd6uKHweEb6/Dcv5YqE89/+BNmhaKAvJOIJlQbVlcrhJJbr +fPaTBbvtc+kt0XU51+ck29hOX0OPntAUOb9VcEiZVzG0nO5KmAOWMB9gBu4bI/6BYCMaR2KF +pcwZNIBvs6wa45/we0it1QHZZ7apcpPqLWa1srjkPTyy70yM6usHv6s1mlWGvBimtahetINs +a2lA05/c8cNpa7nhbQn08apQdgp6fXoXoVWWQpkxCd1gEY0FMH7mjkbRnRTaxxfkBZaMxCS1 +G88UB7JA+KOeQYa8BNBrlsgqgDT9v+8Go91YxYU9Po/+ningtrgJaBkcGEMAAAACABJnbG9i +YWxzaWduY2EgW2pka10AAAFWwkmJ6wAFWC41MDkAAAN5MIIDdTCCAl2gAwIBAgILBAAAAAAB +FUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNp +Z24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBD +QTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9i +YWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j +40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH +oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb +Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvy +JBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FG +qkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAN +BgkqhkiG9w0BAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLbl +CKOzyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38Nf +lNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5p +LGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq +4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJ +KSZp4AAAAAIAFWR0cnVzdGNsYXNzM2NhMiBbamRrXQAAAVbCSTSeAAVYLjUwOQAABDcwggQz +MIIDG6ADAgECAgMJg/MwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCREUxFTATBgNVBAoM +DEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAyMDA5 +MB4XDTA5MTEwNTA4MzU1OFoXDTI5MTEwNTA4MzU1OFowTTELMAkGA1UEBhMCREUxFTATBgNV +BAoMDEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAy +MDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07JKz3pH73WbI/o6L9ZQRYk1 +OsZr2/7bAGio4AMRHTdQCJ9NSmiUNbNT0ZRjpyBWr95ReOwqPfNISFA+Ct9GVYsnbcMQTQ2R +UkPYh+BdTja1IcpfOUAEX1t+zKPGK6lAHtk2hNZI85IeNEYgJMGkUY5KGu9QP2ldGX9Fw8cB +j1HJI+hyrrS8Vgl/Esscsa8pkArJVcwP07Qa7Uc1WkrtnHMEIdCqvQwTtQDKJmzEawyUWpWU +2lCa8f+lK2YxpMk4oN8dH7gJLvOn6GdSq5Uf4EY+2KTDylrFMYDoSJqflGn+Gd3Yc3yBypbe +ju2zMgVlhDTm5v1XELVfdr8vsBANxQIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQU/doUxJ8w3iG9HkI5/KtjI0ng8YQwDgYDVR0PAQH/BAQDAgEGMIHTBgNVHR8E +gcswgcgwgYCgfqB8hnpsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1Ql +MjBSb290JTIwQ2xhc3MlMjAzJTIwQ0ElMjAyJTIwMjAwOSxPPUQtVHJ1c3QlMjBHbWJILEM9 +REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDBDoEGgP4Y9aHR0cDovL3d3dy5kLXRydXN0 +Lm5ldC9jcmwvZC10cnVzdF9yb290X2NsYXNzXzNfY2FfMl8yMDA5LmNybDANBgkqhkiG9w0B +AQsFAAOCAQEAf5fbMMjfpJx9IXqAcM4UEmmIFJVgRAGssukwT5tQwmbYfo0wtXAx6eJpx/Nw +2yAVhtAN8L6sAXWEzn6fTb+3YDuc88od4l5o2KOdl+VAYNI2If7QtLgX2nSjf9TfsJgCrG9r +aywlJHKhZe4lWuXmMufy36tJ+vOQaSPbBNnnXFj8ZdSXvsz8LgrMJSo1BPhgkRV1PUH/Ix8Z +yGzrglMEpuRMIk2NjLrOW3PsZFRQbdGcVftpwzbDjLw8haZrCiYN4JOYYK5+xiSXimFfkY5m +kgmHNs2Lmy0+9lHUUNRZKL2D8swoe1OGbdgmiHDX6pHNPrnKwJBuWsZedGXXXP6j4gAAAAIA +HWFmZmlybXRydXN0Y29tbWVyY2lhbGNhIFtqZGtdAAABVsJJei8ABVguNTA5AAADUDCCA0ww +ggI0oAMCAQICCHd3BicmqbF8MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRQwEgYD +VQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDAeFw0x +MDAxMjkxNDA2MDZaFw0zMDEyMzExNDA2MDZaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtB +ZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAPYbT2cHK6EV9QYiyx8BsuNzRQZESSy7SSUU1s7Dt6ss +T8ZBMpRX+hKnWw7ijx8ehhmnqrUtuV8NisKvhTV5Mi27HGI38rFbSj3KzXFf6UK+lOjI3vki +SGTG5avGK22tBfD61QvPmuXwUKSLO0elI1t6evgzP7jvmZfjIMHWKInPlPu5Re3jQBcR1HTw +CzHiKyZqm0xXrqwgPrpFegXzvZtpFa59TiBjxDV2OgcCyTf9x0fu6PF2HXMV8pektch6edlC +qit/XP7OJk+jZoE1r0S6VB4cMDJlneY8k15QTnrjOtRuzBr7+dI3riQqq1cDIigNSXV/tyja +db+O49wOeTECAwEAAaNCMEAwHQYDVR0OBBYEFJ2TxlOLXsqvP58eD+WZlbwk9pSPMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBYrPQEDs3A +Df8K/dS6Fl8pvXtomVhJ0rQdN01/J31GBl1DxoYuPnOyJn1Pk6m2xCqaqyGXFLHejNOriRXY +ayTU8Rau2KRc1H9Rju0YAbGTY728+GGAmp6xzkJw4ql9BiV9J6H+b+yzHiTa40tVGgA7NbQ7 +2dddMP2BE4nywgYr7WfEjslDslxrFYkCvGL8TvK1M6qyb9MKolDj9jvoLkTC22Y4qTNWSPFt +GzONDYw/YDed08ptfjR+DZ9ydosbn3L9UjVBRQKWLxyymnNJIbFJR0VHtO9qNBHJTZrMWbfW +Ap5aTmW1lK4b3ymwFvG/AJ4HOhdktQS1IyGZCpU7l3zvAAAAAgALb2xkYWFpaW50ZXIAAAFi +32LqHgAFWC41MDkAAAWpMIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUA +MIG9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQ +BgNVBAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVD +T01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3 +DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNloXDTIxMTEy +NzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWlu +c3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQD +DCFPcGVuRUNPTVAgc2ltcGxlZGVtbyBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNp +bXBsZWRlbW9Ab3BlbmVjb21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALr4rivKQuRkYNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz +6Ej7PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv5kQ9 +uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmVotXM4tT1dxyJ +xFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoIvoKvoh3uZ5gEhGV8yfJx +k1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQSWimWtOi4e8CAwEAAaOBtTCBsjAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9 +tsaJhM9HE5wwcAYDVR0gBGkwZzBlBgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRy +dXN0IHRoaXMgY2VydCB0aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUg +aW50ZXJlc3RlZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4a +ZP/7IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNXn4Op +NkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8XUTuzEQQ3gUS +yVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs2KMQzorJ1ZNQf523yUTg +hbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwaSxGSiAgeLbwAUCvPNl27zr6k6+7T +cNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwEzGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5U +rclU1vK+dnuiKE2X4rKuBTRYRFR/km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BA +SKqgNdoT/SKBXqxgYlCbo+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQU +wwnSrSfihh2Tj0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO +0k1tqbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLoz/Rd ++SKtlrfbAAAAAgAbdGhhd3RlcHJlbWl1bXNlcnZlcmNhIFtqZGtdAAABVsJIy3MABVguNTA5 +AAADOjCCAzYwggKfoAMCAQICEDYSIpbF4zilIKHSX0zXCVQwDQYJKoZIhvcNAQEFBQAwgc4x +CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93 +bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp +b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD +QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05NjA4MDEw +MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIHOMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy +biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5n +IGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQD +ExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2Vy +dmVyQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqB +QWKPOO5JBFXW0O8cG5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn +0LoNkgYUc9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH +jfRCTedAnRw3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +ZZCsiA9W2eYwNNQmx9BQ8ZLea9Q5iAkixqZjgwP3mXfYsuUYuF1j89Rz+2ycmXjxS3h9GSTD +KwKE+Lwi2Yoi16D8ceyRhyDxuOyx5VWArD1SyDkOwvDABU/WgnWMvV/S3HaaBRLJr3LD3CV+ +pE2OF6Xgh3/hmlrhYNxkIzxCLk0AAAACABRzZWNvbWV2cm9vdGNhMSBbamRrXQAAAVbCSf1E +AAVYLjUwOQAAA4EwggN9MIICZaADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNVBAYT +AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSowKAYDVQQLEyFT +ZWN1cml0eSBDb21tdW5pY2F0aW9uIEVWIFJvb3RDQTEwHhcNMDcwNjA2MDIxMjMyWhcNMzcw +NjA2MDIxMjMyWjBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVt +cyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0Ex +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/sV5sk4P6cukJ5qYiK+oDg9Qcp +Q+qOCjQ2jRz6p7U5eP+Xdfcv5KprBIREyqbiaI79VVBiD6RxDs4HOC1ChVCtPJZvi9WiDs/e +SYk91mQuOOUebLVXip7vSA7NemkWh0S1kOQGna6hBJdYee8gSoJrjCK/7B8P6YRx7fEO5LgY +E8xWNl3Rmh5RazluYHaINAvzs9Gwncph4mQdwUYHuGPdHjNls44JVVI9tb3/B+utYVUYLKlp +mEqqQMUzFGV0APmR3q8DSMVAVNwPhJBoIMWSltwu5QJFqsBfVPht6knPXWxLr++awlZcxjVW +QmowX8Kr9uI9P7PJEY8xTNefSQIDAQABo0IwQDAdBgNVHQ4EFgQUNUr1Ta8/14I4rKtxZRd1 +jJ1Vk+YwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBAKiH6ez4QGddw8Fmx0BLl/yHE5BaxO+gyl+Lt6e38da1ZLeKs7gbzNr7rGaIQc7o/OTb +Hoim7SdQGwIwJEZ5/gSHcJdAc9HAwVcZmmmlJ5mrnWKE9lHBLMkjFdgot6slE7VG4YYC/yaM +xIiSHVb+GWfyVeSAo2ucq3fhUXENINsQmtu9dnkHd5korZpe2rFPRCw1jqWWx/2D8FjGedaY +fKiN/oY+BxaS4XvnHewzdn5CLkqF+ZGJaIQDgaWbmr7jN8VUq1Y7GC1BpAz4QtuZoOByb7td +4RZPUwpk+U70v05UvXhsiOq/nBMkwnBpon8PyDytCMmwmECjKueIg+13j3QAAAACABh2ZXJp +c2lnbmNsYXNzMWcyY2EgW2pka10AAAFWwkoD9QAFWC41MDkAAAMGMIIDAjCCAmsCEEzH6qqY +PnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W +ZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j +LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO +ZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJp +bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBW +ZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq0Lq+Fi24 +g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYKVdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS +65bdqlk/AVNtmU/t5eIqWpDBucSmFc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U0 +3EGI6glAvnOSPWvndQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534V +njty637rXC0Jh9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJ +W2uluIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68DzFc +6PLZAAAAAgARY29tb2RvYWFhY2EgW2pka10AAAFWwkmpEwAFWC41MDkAAAQ2MIIEMjCCAxqg +AwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRl +ciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGlt +aXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu +Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQx +ITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDF +cCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRP +n2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf04 +9vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7v +n5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kC +AwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21v +ZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu +Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUFAAOC +AQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1QGE8mTgHj5rCl +7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1a +wg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz +7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C12yxow+ev+to +51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbgAAAAIAGWdlb3Ry +dXN0cHJpbWFyeWNhZzIgW2pka10AAAFWwknPogAFWC41MDkAAAKyMIICrjCCAjWgAwIBAgIQ +PLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMCVVMxFjAUBgNVBAoT +DUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVow +gZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT +LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqG +SM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8l +L33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/W +YC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVf +NVdRVfslsq0DafwBo/q+EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HT +RqjySkwCY/tsXzjbLkGTqQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bW +tsuRBmOiBuczrD6ogRLQy7rQkgu2npaqBA+KAAAAAgAUZ2xvYmFsc2lnbnIzY2EgW2pka10A +AAFWwklt3gAFWC41MDkAAANjMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcN +AQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds +b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMK +R2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+Fggkbh +UqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ +ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7 +v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+u +IEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEA +AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7lgAJ +QayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdB +j+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NX +Sb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o +2HLO02JQZR7rkpeDMdmztcpHWD9fAAAAAgAZdGhhd3RlcHJpbWFyeXJvb3RjYSBbamRrXQAA +AVbCSY0HAAVYLjUwOQAABCQwggQgMIIDCKADAgECAhA0TtVXINXt7En0L8432yttMA0GCSqG +SIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYD +VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw +NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhh +d3RlIFByaW1hcnkgUm9vdCBDQTAeFw0wNjExMTcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIGp +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAwNiB0aGF3dGUsIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhhd3RlIFByaW1hcnkg +Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKyg8PuAWdScx6TPnaFZ +cwkQRQwNLG5o8WxbSGhJWTf8CzMZwnd/zBAtlTQc5utNCacc0rjJlzYCt4nUJF8GwMxElJSN +AmJv61rdEY0omlyEkBB6Db10Zi9qOKDi1VRE6x0Hnwe6b+7p/U4LKfU+hKAB8Zyr+Bx+iaTo +odhxZQ2jUXvuvNIiYA25W53fuvxRWwuvmLLpLukE6GKH3ivI107BTGQe3c+HWLpKT8poBx0c +nUrG1S+RzHxxchzFwGfrMv3JklyU2oXAm79TfSsJ9IydkR+XalLL3gk2pHfYe4dQRNU+bilp ++zlJJh4JpYB7QC3r6CeFyf5h/X7mfJcd1Z0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHtbRc+vzst6/TGSGmq280brV0hQMA0GCSqGSIb3 +DQEBBQUAA4IBAQB5EcBLs5G2/PDpZ9QNbkW+VeiT0s4DP+3aJbAdV8seOnagTOxQduhkcgyk +qfG4i9bWh4S7MuVBEcB32bNgnesb1dFuRESppgHsVWIdd7hcjkhJfJw7VxGsrXM3ji94XJBo +R9lgYOb8Bz0iIBfE9xbpxNhy+chzfN8WLxWpPv1qJ7ah61q6mB/V401kCp0TyGG69Tkch7q4 +vXsif/b+rEB55awQbz2PG3l2i8Q3syEYhOU2AOtjIJm56f4zBLtByMEC+URjIJ6BzkLT1j8s +dtNjnFndj6bhDqAuQfculUfPvP0z8/YLYX5+kSuBR8InMO6nEF03j1w5K+QE8HuNVoxoAAAA +AgAVcXVvdmFkaXNyb290Y2EzIFtqZGtdAAABVsJJBmkABVguNTA5AAAGoTCCBp0wggSFoAMC +AQICAgXGMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp +cyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwHhcNMDYxMTI0MTkxMTIz +WhcNMzExMTI0MTkwNjQ0WjBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGlt +aXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMgUm9vdCBDQSAzMIICIjANBgkqhkiG9w0BAQEFAAOC +Ag8AMIICCgKCAgEAzFdCFlSc5pjT003u/u3Hn0M5SmWz6BaINNsNWZF0z5K4BECtAksxq7yN +kWjYIA4aAeIae04XXeKKtz+ZGs3rYavCZaYft7e9t4/8/XCPC6BnvgGiWc9x5g8pdv+xVnlF +Kx+eelTooyk1aKQBTw+kLjfvG7/jjxCocqtYV+dUhsjJ81vaLNpdjm48oz7a+4Ll3fJcsgUz +b4o2ztATTv+/Sgw0TKbDIb1QBFXrsbud+0UeZBXeVQGMAna1y6E/Qmm8L71oQxZWiSo3YZH9 +pq5OwMsUZZQ3S5IG7wTQyJyI2wt7ga+xPSrEZTp4tu7cgLHS05mcOu5rWmuzjbfVzpzCvqVL +Lxaxnmg7Bm+ufZ/43uzMKaeYoyVDL+/xXybhiE34Xm7X2RRuGTNppzuEiZPEU1UToVF4QPi4 +yaLue7pSQoOeFO0FUlpZVqeX/J0/CinY3E+RDhO83pWk34uZvqybM4jvtYGvG8YiU8j2x+6X +FLDFfHhSyPDObndghKbpKnYg7VgBFzCT6RqL4HNj2WqSlElOtK1KhcSjIjD8Ce1oInOmiAxV +IVjF4TqfKt3K4ZDg2XOrbIC46Atkk6CcjBn/s9IM7JEmh4qzouFwjywK5c1taFHr2j8Ff4sy +5hNca/5fQOIiyLS0ZE/Wun1IPqhpDNe7hnHJc7g/O50lS9r/QOsCAwEAAaOCAZUwggGRMA8G +A1UdEwEB/wQFMAMBAf8wgeEGA1UdIASB2TCB1jCB0wYJKwYBBAG+WAADMIHFMIGTBggrBgEF +BQcCAjCBhhqBg0FueSB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjb25zdGl0dXRlcyBhY2Nl +cHRhbmNlIG9mIHRoZSBRdW9WYWRpcyBSb290IENBIDMgQ2VydGlmaWNhdGUgUG9saWN5IC8g +Q2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQuMC0GCCsGAQUFBwIBFiFodHRwOi8v +d3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9jcHMwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTywBPg +gkM+++4vZzKWNVzbuMsC0DBuBgNVHSMEZzBlgBTywBPggkM+++4vZzKWNVzbuMsC0KFJpEcw +RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1 +b1ZhZGlzIFJvb3QgQ0EgM4ICBcYwDQYJKoZIhvcNAQEFBQADggIBAE+toCxM+sDyb/dmVasj +NO7nKdrDW7awg9nQ0OIh+/NgpztdYFMnopv2CCIq57+gcuWcJGoxsZB6J9uEEYknpndaONe/ +rIb87l2DvAbG0XdrD20kL0t6bKcHlsrjhJ+tiIsdqxaNW2YX2Rb0i4DS3fiydsP8OBOqDN5C +aStu8zzrgCfb9aZEDZ9aVVkL1Q1SSMWun/IvgMXqMlA1EpcuweH/8SOIUTif8mZWducPUZel +UgxNSVGVNj2/oksMEB2GmUyq83IRk+Tq9pvaqF2nTbeeAq5zAMjaIwPo+eoZdGIAlMsiIL6U +p1m1gmq+mXl6qfJKJFL3dP26TuaoHQJusQ2ARMGu0yM3X7uFfCuSLuh+pYvdmeG/J28tXap7 +h/4K3Uv8jvUm5G5wQm4z7DGee5PB5MlpGj3Aa04ibe6rWE3G0EHBK+pPEode60XYbPWYAtOg +2FWKBpkZoqB30TCerMx17oP1sGI5z2xX4kzSkQsOdSgbmr/9GkPxynf7O49huGkoFkIEXnAq +HCHYj+G9I1stdECS2WMZDXPdabxiR7zgdCuy632+QRu1wEbFoSLLX07BKJLeGLrVKii7EYsX +k5iZYJRcI89aJ5deCwUGkzceO2k266meYR2PMtqODNZ0PnsJJNoBd0fEO800jJn1yuElYTOy +WRvibtc3V7YNqRLaAAAAAgAXc3RhcmZpZWxkY2xhc3MyY2EgW2pka10AAAFWwklDvgAFWC41 +MDkAAAQTMIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcN +MzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hu +b2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWt +DBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1Mv +nsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSH +o9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe +35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/X7fR +zt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRbVazc1xDCDqmI56Fs +pGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIElu +Yy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqb +AYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA +2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq +4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtel +ttQKbfi3QBFGmh95DmK/D5fs4C8fF5QAAAACABdzdGFyZmllbGRyb290ZzJjYSBbamRrXQAA +AVbCSZA1AAVYLjUwOQAAA+EwggPdMIICxaADAgECAgEAMA0GCSqGSIb3DQEBCwUAMIGPMQsw +CQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMG +A1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UEAxMpU3RhcmZpZWxk +IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMDkwOTAxMDAwMDAwWhcNMzcx +MjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcT +ClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAw +BgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve3BA/z2j/wCsW9bn0jZnXniorcDYVYYw0e2 +18o9NS6JQ/ehaZveihr9EyCctEl3MilW/bnsjN0i+nLcJ2GX7vZahOxuGbmJLNyEW9V0+2tf +xYmlEFKJRlX0uHUc5n/kVK5L+FVyVwIZ+BdxWeseKAd0xZ1Ivmy09KSw82Q3eZLA7EZef+Ft +U0xir80fC2O7Op37/HkAmGF0zyaCQGPzsnJqGQ2ZytQOdcw3+4uJwVnxYn9fs19lMPint012 +Wh52XjTA6JZWmYqz8H+kzb3cMjF8kc/gXxH4a6pJXNGZlNGi42NbCXa1VmLhS3QdltQm1AgE +WdCYDg7m3vzD7B+Q8QIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUfAwyH6fZMH/EfWijYqihzqsHWycwDQYJKoZIhvcNAQELBQADggEBABFZ ++iVPA2+UmTuaH4KFOdR2BZRe4SiTbWJdCcKgqNSwdTjxNGqd5J+KhiZR5izRxi1ulSBKkgHs +uIpnezHiZy6MlQMmLkOdSjH2DrUMu7fiN38iugCjDntS+2u7O8TTeVFOzZD0ZwcZyDxGeg0B +fcVY523mhTAXmiTEEOAE9+Dyf9SqCv9CHTftlOVkWRIgdzjTMj44gXWWc/poj7HLzh/F7Pqc +fs9+sfEHLbb8v8qkv9CXBUq86hgoApC9VHgJIXHT0X0d2RawqWE90AoAIvzHe8sJZEULO0CB +9318MvWYyliOfSrukFlzZPk2dF4lofVmBS5/ORWpKvtQi46FafQAAAACABZ2ZXJpc2lnbmNs +YXNzM2NhIFtqZGtdAAABVsJJHnsABVguNTA5AAACQDCCAjwwggGlAhA8kTHLH/bQGw6auNBE +vxK+MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg +SW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp +bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma +AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57GaIMtTpYXn +Pb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAQclKpBRQZ +MghB8MVrCsx+DyEZzeRn3F+pG+bK6HOdItiYbnMDYZHFfLBFQG5EnY2wsZZ0YS0NqUXSpJIq +1pp1l24/U/1FmWAdqCtM+V6nCdh1MNfSZWA9Z9ZIVXVpP5H1SAtHaSJpgpa+ycg4hkp6LHMZ +SGlOa3xlvw/8cM6IkAAAAAIAHWFmZmlybXRydXN0cHJlbWl1bWVjY2NhIFtqZGtdAAABVsJJ +pesABVguNTA5AAACAjCCAf4wggGFoAMCAQICCHSXJYrHP3pUMAoGCCqGSM49BAMDMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3Qg +UHJlbWl1bSBFQ0MwHhcNMTAwMTI5MTQyMDI0WhcNNDAxMjMxMTQyMDI0WjBFMQswCQYDVQQG +EwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3QxIDAeBgNVBAMMF0FmZmlybVRydXN0IFByZW1p +dW0gRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDTBeGxWdA9CheTW3OjySesoVHM1i85wm +XAc95VT6o9bMEur0FF/ojhmrLy5I5qwYQ3is0DfDvbLNLOZH4hrmY7g9Li94xE/b9A+kaExV +cmuVHU4YQpV4zDc8keKbZSspo0IwQDAdBgNVHQ4EFgQUmq8pesARNTUmUTAAw2r+QNWu1jww +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwFwnz +h4hQWq/IwEK/R1/1bGqG4MQndOQ4U9cFfxs048Yvs8oJPDed1+e4RvH9oeJxAjBCWYdD1FHf +utMJMlrOiH5XPZxfQmv1By218IKT+VlvrmT6WOWLHuNjvrWBzW8CjHkAAAACABZ2ZXJpc2ln +bmNsYXNzMWNhIFtqZGtdAAABVsJJPbYABVguNTA5AAACQDCCAjwwggGlAhA/aR6BnPCaSvNz +/7lIouTdMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln +biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYT +AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaE +GIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7 +NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBYFSk5 +PHej2lwlA3xg+u4JmTwnEHDIDAnms4fPCuIYljVizL+bJ3mJX8nECfTOtR3fKr3l24acaCXl +MHy2iRX+Z9Gt4VCsPHxiS4+6hNcSFRsfyl0PwVKUKhGZ2nvPDDYT1TXcEBlZ6pTBAL91j9n6 +/XYE22K7kGoD2UY12fh8WwAAAAIAFmdlb3RydXN0Z2xvYmFsY2EgW2pka10AAAFWwkmTQgAF +WC41MDkAAANYMIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYT +AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwg +Q0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQG +A1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM ++KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlC +GDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Q +lz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+ +OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKc +eeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAepho +jYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjANBgkq +hkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57QzxpeR+nBsqTP3UEa +BU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4d0iXrKYgjy6m +yQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/ +IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0z +X5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm +MwAAAAIAH2VxdWlmYXhzZWN1cmVlYnVzaW5lc3NjYTEgW2pka10AAAFWwkjXiAAFWC41MDkA +AAKHMIICgzCCAeygAwIBAgICWeMwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxHDAa +BgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXggU2VjdXJlIGVC +dXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIwMDYyMjA0MDAwMFowUzELMAkGA1UE +BhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXgg +U2VjdXJlIGVCdXNpbmVzcyBDQS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOLxm8 +F7d33pOpX1oNF080GgyY9CLZWdTEaEbwtDXFhQMgxq9FpSFRRUHrFlg2Mm/iUGJk+f1RnKok +2fSdgyqHCiHTEjg0bI0Ablqg2ULuGiGV+VJMVVrFDzhPRvpt+C411h186+LwsHWAyKkTrL6I +7zpuq18qOGICsBJ7/o+mAwIDAQABo2YwZDAfBgNVHSMEGDAWgBRKeDJSEdtZFjZe38EUNkBq +R3xMoTAdBgNVHQ4EFgQUSngyUhHbWRY2Xt/BFDZAakd8TKEwDwYDVR0TAQH/BAUwAwEB/zAR +BglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEFBQADgYEAHKcbomcF4NP6lEGulFSDWLCy +bLS2r85gp3byARQCjMJC4gA/ObfY02Mvuy0ipZCdw17C6sJCrMtn2/CxO5C4SCVOy/EdUKvV +LTLPgtf1Nt1p4a9DjZ2F8qXmdXis4MAUOjfb6ROctB8qsSs6Rkb5u2NbT0jDQ1wVXl3PFz0M +524AAAACABVzd2lzc2NvbXJvb3RjYTIgW2pka10AAAFWwkkMcAAFWC41MDkAAAXdMIIF2TCC +A8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJj +aDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy +dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0z +MTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UE +CxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9v +dCBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nb +eHCOFvErjw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r +0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3 +aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX +6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5Q +QQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhx +LKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq9 +6G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyq +W/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGD +Ymy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q +VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYwFDASBgdg +hXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0OBBYEFE0mICKJS9PV +pAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8TwuMA0GCSqGSIb3 +DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsOv2LwnN+e +e6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82Yq +Zh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz +o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBf +GWcsa0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT +woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0 +QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED +6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/ +wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++ +dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5wSsSnqaeG8XmDtkx2QAAAAIAEGFvbHJvb3RjYTIg +W2pka10AAAFWwkm0pAAFWC41MDkAAAWoMIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUF +ADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UE +AxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAy +MDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft +ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMxB +RR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC206B89enfHG8dWOgXeMHDEjs +JcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1 +m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxs +RZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCA +OVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0 +gBe4lL8BPeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67 +Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9W6Wa +6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZo2C7HK2JNDJiuEMh +BnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3+L5DwYcRlJ4jbBeKuIonDFRH +8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFE1FwWg4u3OpaaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31 +IqEjFNeeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7Pm +G2tZTiLMubekJcmnxPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIyl +vfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc +obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ +1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLz +JsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMADjMSW7yV5TKQqLPGbIOtd+6L +fn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh1NolNscIWC2hp1GvMApJ9aZp +hwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZ +urGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ov +XYO8h5Ns3CRRFgQlZvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uR +uMRUvAawRY8mkaKO/qkAAAACABVlcXVpZmF4c2VjdXJlY2EgW2pka10AAAFWwkkDbQAFWC41 +MDkAAAMkMIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNh +dGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRp +ZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6g +mi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0B +CezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLj +UA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQG +EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0 +MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYD +VR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8wGgYJKoZIhvZ9B0EA +BA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961zgK5F7WF0bnj4JXM +JTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IW +UrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 +AAAAAgAVZ29kYWRkeWNsYXNzMmNhIFtqZGtdAAABVsJJ7FwABVguNTA5AAAEBDCCBAAwggLo +oAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBH +byBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0wNDA2MjkxNzA2MjBaFw0zNDA2MjkxNzA2MjBaMGMxCzAJ +BgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsT +KEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQDendfqVxhJoVvr119Ihuq+3f/k72cc9GVos1dxoF53u+2b +SelwgD1WGGMIb9ryzNA/fwJUIlQQ2LKB1MB1PUt/x3fDPnirGgO1IGsvaiuxxYh+xLsesMHY +RSdvqjdY94cm19gt9qkXtx9yNk6mFz9lmJLbKm5dov6I4Avef+WNFeHryzrV4hKiEy3Yjq9f +Ej2gCAUItlylZTgERZkeo2BgdMVBpXJiG2LFH29fGkK+AlFlqK4jGGr8eAOpTX+Aw/qrWvyh +QKTKGRb+ssjvXnMN7ne9mvZ5mLyxB2eiFQ3doFjGRHsKPmIoX7pBB1NYzxF+OHTF+P+1aZCP +hHTqlxuvAgEDo4HAMIG9MB0GA1UdDgQWBBTSxLDSkdRMEXGzYcs9of7dqGrU4zCBjQYDVR0j +BIGFMIGCgBTSxLDSkdRMEXGzYcs9of7dqGrU46FnpGUwYzELMAkGA1UEBhMCVVMxITAfBgNV +BAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4IBAQAyS/Oyyj6R/BLGoQeMjnegMwYUXJAeGPcIpj0KGfmHgBFuaeSWFzD/NJFjcjju +zBwBox2UKKQx9nrEVNf25TFYA6LMzmLblEVztb9FySS11YICrSN5aY24tk3Oz0zKMyPoHIiq +nYtBbhbJIOWJns072nD3fpkmIBRUJatuc4XmmyGdCmyCDqj4wgz6EB5slu+HDcQPYYut7oMr +lfiOkoRyOesg6oPtg82Xbgi8604mtnMr5NP2TP4mceJhEXRK/1cahw91SC7PUWkXoAISYZXV +0UCyEEzuxKwQQ6alngrVlWKaDc+IgsUyDOQrn0XmDZ8onLG5KlpXrTcPrx1/272fAAAAAgAV +Z29kYWRkeXJvb3RnMmNhIFtqZGtdAAABVsJKCpgABVguNTA5AAADyTCCA8UwggKtoAMCAQIC +AQAwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMw +EQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0wOTA5MDEw +MDAwMDBaFw0zNzEyMzEyMzU5NTlaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9u +YTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAv +BgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE +8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB/zzFnWAOVF75fk1tnRO +qY2CE+S2P6kDg/qivooVan/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4 ++gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4w +CjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo/brHonIgBfZ/U+dtTbWCdvyznWKu4X0b8zsQb +AzwJ60kxXGlGs+BHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG +MB0GA1UdDgQWBBQ6moUHEGcotu/2vQVBbiDBlNoP3jANBgkqhkiG9w0BAQsFAAOCAQEAmdtd +edX5l1lnA2HxfjsGMXUtoSCOT2WHtPemnLzY6S/Q21ruz3SMc7Q4QtoFe/gCdbj9pbHXrvbX +3hPLUxB+ikbRl/q3LisRq5CwJ4D56J9a6Tefq+TfbLOFF5092SRPeZE11l8E64CDq5oCLbUQ +9NiQxwRzQO1yJaCpn+yeq2gSmVfGjxI6CaS9RP0GFTfBm+Qyo+046Nhk8yx+FPwC6p/N/wdo +F9sikDgteo3RVPFp418zyno9ewrjyn9fOeXidbrFdhgzzizwL0yt97Hnzk+oxJtKVAbFf33V +CA/iHP5+F7isXvbUFrJDCQxN9qdrtJmEZcp6iOLiRL5c9+oc9QAAAAIAGHZlcmlzaWduY2xh +c3MzZzVjYSBbamRrXQAAAVbCSVLhAAVYLjUwOQAABNcwggTTMIIDu6ADAgECAhAY2tGeJn3o +u0ohWM3MaztKMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy +aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsT +MShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD +BgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkgLSBHNTAeFw0wNjExMDgwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1 +dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy +aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJ +XSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuP +G5/r9aGRwjNJ2ENjalJL0o/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl +9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLH +j9UESeSNY0eIPGmDy/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU/n3O4MwrPXT80h5aK7lPoJRUC +AwEAAaOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcB +DARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq +1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E +FgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAJMkSjBfYs/YGpgv +PercmS29d/aleSI47MSnoHgSrWIORXBkxeeXZi2YCX5fr9bMKGXyAaoIGkfe+fl8kloIaSAN +2T5tbjwNbtjmBpFAGLn4we3f20Gq4JYgyc1kFTiByZTuooQpCxNvjtsM3SUC26SLGUTSQXoF +aUpYT2DKfoJqCwKqJRc5tdt/54RlKpWKvYbeXoEWgy0QzN79qIIqbSgfDQvE5ecaJhnh9BFv +ELWV/OdCBTLbzp1RXii2noXTW++lfUVAco63DmsOBvszNUhxuJ0ni8RlXw2GdpxEevaVXPZd +MggzpFS2GD9oXPJCSoU4VINf0egs8qwR1qjtY2oAAAACABVxdW92YWRpc3Jvb3RjYTIgW2pk +a10AAAFWwkkJcwAFWC41MDkAAAW7MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAw +RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1 +b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJ +BgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRp +cyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCaGMpLlA0ALa8D +KYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg +5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtm +UIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeV +ikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQ +Q7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3Fsvb +zSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5h +YIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xF +SkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQli +BJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQD +AgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwz +JQTU7tD2A8QZRtGUa6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExp +bWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQAD +ggIBAD4KFk2fBluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAX +INzng/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/n +JrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acv +vFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0Q +ADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO661V6bYCZ +JPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYm +Yjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh +8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GB +UzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t ++Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0uAAAAAgAOY2VydHVtY2EgW2pka10AAAFW +wkj6UwAFWC41MDkAAAMQMIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJ +BgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1 +bSBDQTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRsw +GQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBc +saD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVj +hNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZf +ECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT +7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lv +zs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC +AQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQaTOs9 +qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvgGrZgFCds +MneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/0Ycn +eeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS +qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscwAAAAIAG3N3aXNz +c2lnbnBsYXRpbnVtZzJjYSBbamRrXQAAAVbCSM56AAVYLjUwOQAABcUwggXBMIIDqaADAgEC +AghOsgBnDANdTzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp +c3NTaWduIEFHMSMwIQYDVQQDExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjAeFw0wNjEw +MjUwODM2MDBaFw0zNjEwMjUwODM2MDBaMEkxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lz +c1NpZ24gQUcxIzAhBgNVBAMTGlN3aXNzU2lnbiBQbGF0aW51bSBDQSAtIEcyMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyt+iAuLa+PwHFrHeYKrellxkH8cvfs9n+kRC1nZj +la7rr3IgikVHhmJ4htYgOSb0rqP9I+elnLUiIRm3N5MiwFCcgnvU1QREXMu0wp+SviTYe2ci +4mlf5QV41IfZcXAzJVO0hzspkCg2mlVEMGikg5d/DR6cdv8VnWCXAI2KhQPsgL7qLG4QUZLM +ftWjM9jWSd5YKq/2FutLe5Ayl7m6nVjx+FdJBB6iXQZw3XHb+d2LmhuMzz2jTc7LfPa7nKD6 +Cc4jYrLpDR/iciiPn6xoIH1vO6iFMQl/C8foZenjeA4JZzCLNIL7XeDMnYFtYu4IHgQsTpvs +/qlPX/1peO8JH6G0v/rz75AeTAWLHup6kXrD1+X7MLxsGxBYmPcaX9ApMgMTRk1haoVMUnQv +Bh97EeKEl8aZ821/12eDfhNo2HEoWtjO3egQFJr+bSOHbo5acDzVjQkAp6q8sDE3bciEFB5b +vUVjIGtLdIy92zoOwc9aFo+lmPJ2ibITEjsLd3esu+U8KUqScsphGiteTOKDdHf6NUh6hU2N +mlPE33jKl5FIK0UrAfccGqLtGLoKvYP6b7yNV5M71NSmzh7xoLHOq/0rKJpPG9fDctukxL9d +TPXde5Zp7miA5ueYuja3/m7tK70g+GUZ2lUJfiXc/mFicvl+GALvY7TQ+6/lO2OMZ48CAwEA +AaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUK/M +B4cVR284xbRl0d6VqunfnMwwHwYDVR0jBBgwFoAUUK/MB4cVR284xbRl0d6VqunfnMwwRgYD +VR0gBD8wPTA7BglghXQBWQEBAQEwLjAsBggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnku +c3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAAiFpvUWDPxEGsFj4PlVRgj8cBxC +KJaOt8XBQXVOCXF55W2WykuliGDQMHS4ygjctDCeQAcWa2WVdwGupLc1C4HacRWpdBc4e1jK ++S/7wGV2jVsBuX3egj1kuL4UdKMKVNMslRgXNfVRaz+PopZhOXhrS+WmoPhT31EQk2LngC/i +0eC8jjZGdzPsuPuOmiyJTTERDyaeBLu3BI0L8rn8Wp07FrcvyJir/opQWS6jO/wpXYvBS8ni +ihMdsb+7Qh1S3U7YFF4QxjEH73En9xs5CdyC6ouzlYZe/fXaXTGm4DG2lOZESXTFFuX3HwNh +KMXIyxKgQkv5a4gIjbQyGPN1n8R/AE8FlZyjFwLDs1ObqiA5KStm+p2vXrOS0rWm4Rr5LUFp +gRS0tLXtiT3O+6mdNUJEsRwUc4HPKgE1mjHVLY9thN+ATVfjP8WEddqJxjC764/LIgigrqrx +A2w6S00JpQ5yxlZrIUJOIyUUaK52CnwMB3Bk+Zov9gU5JsYMjxl/Q15u9FsVL9thXeZnLz8I +lPlgtJgx2nTxhJNxTV/7YFjR+8TBbYmiuyAfnXGRyzKbEz0+fZJSNaySlKLTGMJ8x+qvdgUW +3Wcnwn4cByIh80AKGzQHRBPChGqO3xlav3/rHeIaONFcr0eSa4C1MKXJjdirMYEf38JmN9OT +qYWGeWXSAAAAAgAYY2h1bmdod2FlcGtpcm9vdGNhIFtqZGtdAAABVsJJ2VIABVguNTA5AAAF +tDCCBbAwggOYoAMCAQICEBXIvWVHXK+4lwBe5AbSvJ0wDQYJKoZIhvcNAQEFBQAwXjELMAkG +A1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBMdGQuMSowKAYDVQQL +DCFlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMjIwMDIzMTI3WhcN +MzQxMjIwMDIzMTI3WjBeMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNv +bSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOElD+6N24gzdWfNrR99Ok5tndMv +FPNjdMsBIWo36oRQB0smWwlDbCGeasjVA/VgaY/M8CLkH+f3aiIxtywV8uD+AGpD/4dlxrUa +wadMbSJwIYox8pd0iQkSJhyeytkSopU82ulnvwigZOPWQrdF75f09vXXtUoVAlh9mFhLYLzN +1w2aEzNT0WH5etXXeLOaM/cAhs4dTZQ4r6jseFFwilwQg1Eh9xE9NIZe5UjNl4GCNUwZ7GX2 +a8UFoe5HE9azISeUEArZJDu6vkQTRjA/lzzY19dq7js44yvUlw65G+cHSX83Kvl3eM9U7VtG +naOADpFDwdZbXxS6n6aNJEdAWb9yOLI2bDf/mdFdDlkKq2n3wLIERXpUAK6+U/a15+H4PKMx +0qn+IVJkxaZn8HUHBpQUgVXGJ+QBjxfBanHXvkv7lFh9fhEzsUL3YmwY1s8JaD5/bPYej2Kt +pWPbCacfIkJBHm+Zij7X+T9AenmwpQGS0p09CBWlEAEtszJ2qJUNs3qa+wcQeBFv4Y/Hug8l +GnQq5RyYQZnfIYfolQZqCrNqR3Zl9jrPj2IXGXsKKM0a0oMeIccsv77/YWi3Zxu7eE2Nzmfl +5MGOtyNm4p2QdTSYqTYripqUuZ3szIqx+CWJXFq2L4wfbXkkp1Jow4Q14maNYw4lTdUZsuZ5 +N6cinVQxAgMBAAGjajBoMB0GA1UdDgQWBBQeDPe2Z/LhkiYJRcBVOS53P0JKojAMBgNVHRME +BTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQURbDCxwpWfO5b +eAyV+RhTwaYc2BAwDQYJKoZIhvcNAQEFBQADggIBAAmzg1NZAT6VSbnxgbr5diAjtSdgdNRq +mTRebABT2Z/yprEkB0RqKsaljngS6EfZWBsTKl55m58KKmemJT8GaVZzw4pmSPspgVd0Bsqc +6ijoOGcmK/HVtT9lk/g2XY6NjUAghxnq7yfAPbQ5DyV7aFB0VZwMWX1aPUGUJVII4EcsFTEZ +1b8HVca7ErWX9F+DhbpxwdlsgRF2Cgqwv4KX9+o9+vrsLakolDtW3dJRLq7AvQgVjHdSNJbW +m6zTHY5hDzV7m645aQtiYEAgNo+v+zbuLQhKHbi/m1z46qUboHOm2Phu4DMEX2iqJ4ft2cGQ +nO2942o1r2PfqxjZuubpSupQig9hkx7iLRniMJQ1kl0OtgevGYCPR5BRSy5N3YXi0gpSChea +/BqwUALlAaNjNyFMRMSbUZkRDnOcBo9ULqcoXkQ5h1YtN72FRJThDEssnMOShTRhyw+4m0pD +Uv40On246SncdqnIMPgUcYDGHjZIdCJBXIeC6Bhxi0GJROd+WFuouI0T6adsw0ftsxqdYq6N +guqUnt1ZEMOt3eJN4zHVx+zo8rD+kh4WChr82fP4J7bJvh20bGSQf/TkxFvXN65CDt2kGm98 +iFTFFm7hemgu+Dq/DaQ8iTt4p05jgwQhCGeN8oJJ0Fv9sc0Pg4TUPiCF90o9K5z9KgoJTeqB ++BGcAAAAAgAXcXVvdmFkaXNyb290Y2EzZzMgW2pka10AAAFWwknI3wAFWC41MDkAAAVkMIIF +YDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlz +IFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBS +b290IENBIDMgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJen +MioKVjZ/aEzHs286IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIy +C0TeytuMrKNuFoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBD +GzXRU7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1A +dHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+Idp +sQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIh +sUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzweyuxwHApw0BiLTtIadwjPEjrewl5 +qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtr +dQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+ +IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc +64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQADggIB +ADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3pxKGmPc+FSkNrV +vjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzSt/Ac5IYp +8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQTXlm +66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du +DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nx +oGibIh6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBC +H/MyJnmDhPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG +2vd+DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlop +NLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWV +jUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0AAAAAgAUcXVvdmFkaXNyb290Y2EgW2pka10A +AAFWwkmfoAAFWC41MDkAAAXUMIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/ +MQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8x +CzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1 +lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVR +HnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1V +Nk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sg +QUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4wPQYI +KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y +ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAAB +MIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENl +cnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4g +YXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp +ZmljYXRpb24gcHJhY3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGlj +eS4wIgYIKwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGE +pIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQL +ExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG +9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+Np +GA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIg +R13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDW +XcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOKSnQ2+QAA +AAIAFmFkZHRydXN0Y2xhc3MxY2EgW2pka10AAAFWwkj9XAAFWC41MDkAAAQcMIIEGDCCAwCg +AwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1 +c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVz +dCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw +CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU +UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUG +W2ulCDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0 +/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi +56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5 +mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/ +Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsG +A1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tER +CSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAb +BgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAx +IENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X7f1y +FqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz43J8KiOavD7/ +KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MYeDdXL+gzB2ffHsdrKpV2 +ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xrmYbvP33zGDLKe8bj +q2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6 +tkD9xOQ14R0WHNC8K47WcdkAAAACACNkaWdpY2VydGhpZ2hhc3N1cmFuY2VldnJvb3RjYSBb +amRrXQAAAVbCSRVuAAVYLjUwOQAAA8kwggPFMIICraADAgECAhACrFwmagtAm48LefKuRiV3 +MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx +GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNz +dXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBsMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJtnEq +w9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGRfmO2 +q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQW3cxG42zxyRF +mqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0BBNc +oXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGhJR6H +XRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUsT7DaQP4v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7DaQP4 +v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdshR/gq +Z6q/GDJ2QBBXwYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYeaJGT2 +imbM3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34yl6L +MYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jIdhKRVfJIadi8 +KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgSnDycv578gFybY83sR6ol +J2egN/MAgn1U16n46S4To3foH0oAAAACABdxdW92YWRpc3Jvb3RjYTFnMyBbamRrXQAAAVbC +SeLKAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhR4WF8urSwZS+M3BzU0Eyi1ltRlkzANBgkq +hkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEe +MBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAxIEczMB4XDTEyMDExMjE3Mjc0NFoXDTQyMDEx +MjE3Mjc0NFowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAKC+UBCO6fJsQLQEnIW5McrcLeQRqQQ8G1XB51gwHSS0w++F3ows4cE934LmT61H +h2zsW0nBStW7j+yHrH+CmobsPQOZUgHSNZ6s2vBTyWY81KwCAdok0zuoAkavpBzj+HNYdrf2 +DpANtfDPzPr5xkzlw4YwCo0XfjXrxd+7DpzAjYfjiDiFZ/o+x6vgE5wFGJjPk/WxkrT8I9PP +1cQnSeCePJsIo4tdKiHg/DmqU9p9fs8aCVO8XQUEz6FKj4t2gg2h+NLHFHdbkDYHgZs+BvpS +XmPFpgD+pelSG1K1kjlyAwlivbBgFm6m3SXCA2bd8wTRQOJOi4b0b+WDoCeEXgTB9ZC9MD3E +76hpvDibpKSW0WLaacABlq7LxFE06gyq/yGOWY9KXORhmqfS6Sp4jVE9OhXuolmOqVzexfmQ +IuWIRXHdkZlsep89PZh8Xva+FmigXq4LI/xaD6oidi3JoRAd5NNEI5CIn8Yq5tf1mrNYHi8w +iQgbVKK1mCPsCHcclV1h0cuJnF+iSpGa7yGqSRYIqL1hKDHJdK2F9tnFsYvR5RAyTV+LIDo8 +SR8zhVkN28sJdUNpc/trcX3w38RMfcajLsiVectzoo5OTST7XuQEvnIbpictSVqZetdcCSC3 +f5S5T/ENHF6IQhsRt+eR255s9GrfjAaYA63MKO+lR/NTAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSjl9bzXqIQ4atFnzwXZDzuAXCczDAN +BgkqhkiG9w0BAQsFAAOCAgEAGPpbdfw+esdfd8fK389fwxLEQF3UMqq4atfVFRVGmCOl5pBb +GJlM461Co4IxNojN6fvEBJZIiwHHjQHPWzMGlkZmdB1P7cG2ubQNYcxjftcud4yWHCojaGuF +V3ZwMxP+4U+mI3cY+hqM6L1lyc8/9MkX3OvHvMAELi1GL2lmwxuP/uw+08qUv3YKJQ2pewIc +qdA7XwvAgTo9ZOG/py1OvU3E2CnGIhjQxaxyAoI/qjqiOiKXMd0IY8N1FLlgKC1baOAWqWaC +I1H161PYMZt76bedS+uIFs/5XTiKSTCP7fHrGfR3GjEYTWdUbC9vZfnbPewh7F709IvKYGVU +0XFk9Pmmo4EzNjNx8KR4X06tgyHeNEmN6FmsnfJ2WjbyE/Sv4AnHYSps9+CdrruGSihvLu60 +ec2QM8Ozdvr18GydAZD6npD2nHLPR9rDH+Q1IFPyVNHfYYOmAuIlON6FMi1ec5BSXULEzj1L +4fkZhB3VolDMQftBFMO91slao2NmAoC9BTo7R5zsACZM9YhRv6gjfxgHsAvtiyahZNNhSutc +n96zr2cDsx/dbV1paGmrXjrsfGm8xzuFTp4VubQVT8OVeljXyWzpbLnzKWNetCzwLT3tWmXg +qVtAwkiZgW2eHwYqPBK0iw+boiTwpo3WeuBLtmSWY5WEwkrNHC4khzNg5cMAAAACAB1jZXJ0 +cGx1c2NsYXNzMnByaW1hcnljYSBbamRrXQAAAVbCSYPHAAVYLjUwOQAAA5YwggOSMIICeqAD +AgECAhEAhb1L89ja42n2lNdfw6VEIzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGUjER +MA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTAeFw05OTA3 +MDcxNzA1MDBaFw0xOTA3MDYyMzU5NTlaMD0xCzAJBgNVBAYTAkZSMREwDwYDVQQKEwhDZXJ0 +cGx1czEbMBkGA1UEAxMSQ2xhc3MgMiBQcmltYXJ5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA3FCW0BL4NdIIeHq2UnD9b+7PuRHLXXfh7Ol+BI3WzG9zQ1dgrDMKROwD +XxyAJJHlqJFWEoL34Cv0265hLokQjWtsurMCvdU2xUg3I+LwWjdSMxcS4tFgTb4vQRHj9hcl +DIuRwBuZe5lWDa/u0rxHV+N5SXs0iSckhN6x7OlYTv5O31q+Qa2sCMUYDu/SU+5s0J0SARON +3IBi95WpRIhKcU5gVZ7bIxl5VgcMP2MLXLDivn4V/JQzWEE4dMThj4vfJqwftYs7t0NZa7Ak +pm2Qi8Ry6l0zmLfL3l5775TxGz7KySHBxZgCqqL2W3eb9X6WVTQcZ2nA8ULjR6z8KBxmVQID +AQABo4GMMIGJMA8GA1UdEwQIMAYBAf8CAQowCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTjcy3f +yw4oDN7ds6TKebiOu+gwiTARBglghkgBhvhCAQEEBAMCAQYwNwYDVR0fBDAwLjAsoCqgKIYm +aHR0cDovL3d3dy5jZXJ0cGx1cy5jb20vQ1JML2NsYXNzMi5jcmwwDQYJKoZIhvcNAQEFBQAD +ggEBAKdUz4hEGcvf1H8A31YzYrX3UQGQ68M/0YhE6SRd7+cUvSC3mjwA/m2f25Dc1/Ri1otw +XeflBEipaHzJ8ULzbH/FenwdUYi60go+J13eLVFO0xNkaeQu49PnmwmZpuCVm84a13++PM5S +sxEVwQ8XzQO7nCUVuqJ2ifwG8RjQk0sOfIK3pfT2X/7tQKadhHQ5udwehRbaKRuGIwDJu4l+ +boCIHi8UtAMkqDJvA5pHLDC+VsanQgJwG+pA2LoFA3AHpJb//UgzCuHcpYGQm03dfefnss1c +yGqV+KX2jcRdeAi+ewbWSc8ZNlAjLgjmngVNRxjVFumx1rYQ1buXv6KOtFQAAAACABBhb2xy +b290Y2ExIFtqZGtdAAABVsJJt/MABVguNTA5AAADqDCCA6QwggKMoAMCAQICAQEwDQYJKoZI +hvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4x +NjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +MTAeFw0wMjA1MjgwNjAwMDBaFw0zNzExMTkyMDQzMDBaMGMxCzAJBgNVBAYTAlVTMRwwGgYD +VQQKExNBbWVyaWNhIE9ubGluZSBJbmMuMTYwNAYDVQQDEy1BbWVyaWNhIE9ubGluZSBSb290 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCoL+ikaQYDR8PpKpj/GaJwmsZQsn6l32hNG3wPtpdofS2mi5fpZIbJo++ghr9gZZxL +VIjCSMVKOb8U41lV5Rm0dMi0BTlcFqXilQXgEq5Zi6IzaFgcptQVt9if19xxq36av5uOMw8i +/R8u5wc272I5xd3LuiUUI94Mxj08zoII5mY+2lE7FjqjBX+g3IfVnPxyqaB9eOS3MVUeZbvU +YbAhYO0QMnLFkiUe+JBKGHhH334wNz5QG9sc02uahlMHsO+sBnj4hJn+IY1MgLYMgvZmcHka +00+jz/HPRrBLDz7diGK4jKkJKDt6x5fhHuX0n8DAriSgyKHZD9Z7JoJpMj2nAgMBAAGjYzBh +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFACt2aP2efZudKl/Mz2BF9dMzzPeMB8GA1Ud +IwQYMBaAFACt2aP2efZudKl/Mz2BF9dMzzPeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B +AQUFAAOCAQEAfIrRHxg3guC4sKPtVpXIYmGcBaLNwmImYc0QFtfMtGU00BGKraipBWbvdPNt +X52Zr/aL++tSsgWYom8qxVS9Jb1frsiG6kYswbO9welJcBgWlwgTjCDgGy46R8se5AAwlVv0 +RaPAGrABTqu9wCNuYz+ASsUH7dzib8fBYvHjctYEyHRnC/qIq6EByG/wFK/Smc1Rk37tLjjH +vc5GUD1y43klnZuIKxAg3aW4Mp+N4CnfIXSGgtsvgjDGxzWGs/mWX0bbDEX981DDb8bDSK1G +puEnRwodDpu2wnd/Y/LgfRq+/ODf18enbLD5rro8/XS0EehYDYC806iAOpntdcxGewAAAAIA +EWNvbW9kb3JzYWNhIFtqZGtdAAABVsJIyGkABVguNTA5AAAF3DCCBdgwggPAoAMCAQICEEyq ++crbY2/gH/dO2FsDhp0wDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQI +ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E +TyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MB4XDTEwMDExOTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYUxCzAJBgNVBAYTAkdCMRsw +GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoT +EUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTd +xc9EZ3SZKzejfSNwAHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+ +XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr +ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8 +MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7Sr +mNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/vOldxJuvRZnio1oktLqpVj3P +b6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT8dm74YlguIwoVqwUHZwK53Hrzw7dPamW +oUi9PPevtQ0iTMARgexWO/bTouJbt7IEIlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31Bq +VUa/oKMoYX9w0MOiqiwhqkfOKJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKI +f6MzOi5cHkERgWPOGHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09 +XiidnMy/s1Hap0flhFMCAwEAAaNCMEAwHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLU +MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQAK +8dVGhLeuUbtssk1BFACTTJzL5cBUz6AljgL5/bCiDfUgmDwTLaxWorDWfhGS6S66ni6acrG9 +GURsYTWimrQWEmlajOHXPqQa6C8D9K5hHRAbKqSLesX+BabhwNbI/p6ujyu6PZn42HMJWEZu +ppz01yfTldo3g3Ic03PgokeZAzhd1Ul5ACkcx+ybIBwHJGlXeLI5/DqEoLWcfI2/LpNiJ7c5 +2hcYrr08CWj/hJs81dYLA+NXnhT30etPyL2HI7e2SUN5hVy665ILocboaKhMFrEamQroUyyS +u6EJGHUMZah7yyO3GsIohcMb/9ArYu+kewmRmGeMFAHNaAZqYyF1A4CIim6BxoXyqaQt5/Sl +JBBHg8rN9I15WLEGm+caKtmdAdeUfe0DSsrw2+ipAT71VpnJHo5JPbvlCbngT0mSPRaCQMzM +WcbmOu0SLmk8bJWx/aode3+Gvh4OMkb7+xOPdX9Mi0tGY/4ANEBwwcO5od2mcOIEs0G86YCR +6mSceuEiA6mcbm8OZU9sh4de826g+XWlm0DoU7InnUq5wHchjf+H8t68jO8X37dJC9HybjAL +Gg5Odu0R/PXpVrJ9v8dtCpOMpdDAth2+Ok6UotdubAvCinz6IPPE5OXNDajLkZKxfIXstRRp +Zg6C583OyC2mUX8hwTVThQZKXZ+tuxtfdAAAAAIAFWtleW5lY3Rpc3Jvb3RjYSBbamRrXQAA +AVbCSa4jAAVYLjUwOQAAA+kwggPlMIICzaADAgECAhIRIbwnbFVHr1hO79TO1imyooUwDQYJ +KoZIhvcNAQELBQAwTDELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUtFWU5FQ1RJUzENMAsGA1UE +CxMEUk9PVDEaMBgGA1UEAxMRS0VZTkVDVElTIFJPT1QgQ0EwHhcNMDkwNTI2MDAwMDAwWhcN +MjAwNTI2MDAwMDAwWjBMMQswCQYDVQQGEwJGUjESMBAGA1UEChMJS0VZTkVDVElTMQ0wCwYD +VQQLEwRST09UMRowGAYDVQQDExFLRVlORUNUSVMgUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMb9sxeFoa0mG5VpNSE9pIj63ttgNkAXacIUY/u42cJ0FTcunNAg +zWmNhDKihUwUtJvyJbNUKoM/Lb4P8ztk0f+gUO93TztO4T8LZIWaulh+0sNi02QlotSylzx3 +XWMqM5L8zYINm1SVh/W164zNW9HKMC/JiEa1zQ0RtBiP7tGhPl0V6CjP38OQm2zM0QxFd7M6 +64qQHemvZGqJe6k9Q3T65GciofvcTcT1YsnKJbTJgGAzqd17oAK/liUKXslfKXu0F4GLbYEZ +0NmDXAWPQWkaaUOAn6iv4OmMkYsnK6ImYM0P8qSjAoOOGIHCF4pDFflt8x0QpFqcRGEjIXrY ++9ECAwEAAaOBwDCBvTASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIBBjBXBgNV +HR8EUDBOMEygSqBIhkZodHRwOi8vdHJ1c3RjZW50ZXItY3JsLmNlcnRpZmljYXQyLmNvbS9L +ZXluZWN0aXMvS0VZTkVDVElTX1JPT1RfQ0EuY3JsMB0GA1UdDgQWBBTvtyOX0KiRf6bPpiHA +NJ/Md0Hh0DAfBgNVHSMEGDAWgBTvtyOX0KiRf6bPpiHANJ/Md0Hh0DANBgkqhkiG9w0BAQsF +AAOCAQEAGjFpmULC5UCFop+Sw2PUjyE5qBkh/nr8w01A8yvoS6xbTFmTxtx+C698X5WFa73H +b7rBvvjGOmdLk8YFaT4kLfAbkcY+P+xCGJNsAySKbvkgZyt8bas0ySoiMw3XfY/u0jZkQsg1 +mm4ZYcuNZ/Bop9AkBebDF7pFrnxDtYB4A00gcwX8QxCdNWlCdZQlgiumO5AY3sGpr/Mtlb+V +p88Yl+FZ4qKvGhZhDfcTcVOTN/08rwAdbIsUr0aWjLZSfMwtTs3h6UsK7pr+epjnKbob2hy6 +3GvNBA4mQKnrczz+UKgRJ1W9245L708Y7RX/vYaYZu6aJXE0bFDxslHLZp1NKQAAAAIAFWJ1 +eXBhc3NjbGFzczJjYSBbamRrXQAAAVbCSTesAAVYLjUwOQAABV0wggVZMIIDQaADAgECAgEC +MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4 +MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwHhcNMTAxMDI2MDgz +ODAzWhcNNDAxMDI2MDgzODAzWjBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBB +Uy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA18de98EH1Hf7QyH09PVp5O4yAdujhh/kWQ2653WD +UuvqHGEVSLsdB8qMrrDclp3qw2CShoIoc5xWBv9LZPAMKjdJteXPDHzu8Uq7czBl89Uvg7Z+ +4+f1nqtg+dPxnZJ0iuQclqxbgOm19DGHo1H8x36hb45Td9SXwVUzkj4YL3XUrYZJy5WvVAZs +2AYTjVv/4SYZWcAkuoFxeZBEUGgklF+4sxHxKUFho0HLIzbVwfEyUBBOf/SGk+yE0468S79c +AU4HPdwUipQKpOpz+wtR6BMHGPoO8SvRVBV9POH3tBlCZ2Jed+CiVey22WkX1TqvRO1KxZ7k +eid85XXXqssl599rCtsPTZNOqKDNey7yWQFqtw24B4F+izgbOOYKV5k97iHoo/UMFt2L7DSO +nCocABUXjWiD0nCfGAjNEWjVyWtSzcRGj9y189hXcx7plDkEv9PeON60U+xpHKJ+xI/kG3Ct +8qL5+/cWZGZpn0lRouIVGGcGSn/VbLVNszPgYetdvumYDzLXHUs8LloBUpEJ8t/qjdgGQGOq +EeT+wzeeFFI/9OLM8mGT0f1na9dSrr9oq0BDoFc1U3jwU/hhQgdkxtdvm0w4DWOsYq82i6Jz +Cg31Ib10qk3qcgNJ28dfHWJjx/3dkewz7vVttG4waN7I1iawdV57tAcgmKF2MrhNbE8CAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYB34GKSgvVGnPO690zD3rijrTkw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBTXyH1urA6UjkskrBsAMnvziDv +BvKWnumkdH96Fvy39bb7FRs/q6bAcl0QsXHuvE/jrawDbS5xLq/E462jvQwRp7T/SrJ7EBAf +p1dBssCu9CxZ1kcQiPMhUSkwymCGr0arHe06W7CU3kTjQQiiwewd1v1PttZH0BQLyubKtXt3 +fkEfXoPHtow5lrA/loFBb2CQ4uj5+yJx2X2zPUa/tISvkBwPjxJqr+/uHnquAkqKFyt2/qxU +iSQsTz+2sqdOjKiRl/spxntcLbnLZra3qFsSUYW1CX5ieHD+qWpgth0OeQz9yuokgHLDlz/y +d6tDIgrH67YMhIIsgGtBigjA66Vr35kSy4rVXoAMkeAmCDZIxfo4ETX/JYMt8nq/2v2O/qXL +RSwfxIhTrncO2Zp2xY4sHaO61ewyrsCqrPfRek3r1AfiSPcijrCkn2rOjrKyYPSjItAj65Ra +emndD79AV6xrWVDZo5nhbv6NAXknIxXekp17CU1a50tIMFoY5gpt5o/g0rvm33xuIYLBaDlN +tJhYZmLMSpBew/onBLF5FXSZzL6tIN4mYBzrVlGmo+rkoz+n/2Hc8VpNbDIjQ+6sqO7uShIJ +PF1xwr55+sKHaB0L/VxpzAbQmn1UmSrJORoZr0sqQ/NjXVpY4i/jHeSp1tAK0J6/14EJ8cnH +Jg2smBZWoAAAAAIAFHNlY29tc2Nyb290Y2EyIFtqZGtdAAABVsJJcO4ABVguNTA5AAADezCC +A3cwggJfoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT +HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11 +bmljYXRpb24gUm9vdENBMjAeFw0wOTA1MjkwNTAwMzlaFw0yOTA1MjkwNTAwMzlaMF0xCzAJ +BgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTIwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDQFTlSsVKzusVZgsRdUq46Q2WAS8fylrzbNpfWpmSMqF7w4woc99+X +PUuu9l3sIbVBq825fnafvvk+NjSgO8H2MRFFdJM9V4DF+YmZyuWratS12kGQEMHW1kKJwr/0 +OBKVTFQF9zbkRYN7FGXW3AxN0d5+DKs7xBW+OlamWm92aVKpernI62qaXVLQLQprNRYJEITQ +aso6BgA3R+R+V08/i+tnuIiqxb5TVbKRxH25sIUZBngu22Ea+oX1SpGh5xbVjqI535S4cB8o +P4v8QF5jgzyDKhqZa8/eWWo7/G8W1x/9ShDrToIWOqwnDFPxrdUksGsDUMEtPBbdRDQnGnX7 +AgMBAAGjQjBAMB0GA1UdDgQWBBQKhal3ZQWYfECB+A+XLDjxCuw8zzAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATDqjRKy5RbHHk37ICwpC +32TqHO5ZbAi6iV9qykqVnnqPB8XaRXKCcQ460sxvp7ShI7v2JJ/LF/6Mps7C0tvMjfxx/AMp +wWxdM19ktmU7iW8Ydnj13KJIHxk/jpPr8foX7s1O4wQSVdbl5N37PgV84h1exqe8l09oOvXp +LgpDtq9XXGJofLf9o4qEoKxivisJhzTwagG7mylWPP4AN88jbPFOqrZ0RhJske401eyakedE +vpAxctVJAvYC5fQf63zZllWp/+yK+ZlH/zVaAqoEy4pbh3Epkb2ktHoNvZr1VyMAByEXP0o5 +0QVJC6e2N4GlXYyqM16BKHynfSfrAK6NNwAAAAIACm9sZGFhaXJvb3QAAAFi32KkWwAFWC41 +MDkAAAZFMIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNVBAoMCU9w +ZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVDT01QIHNpbXBs +ZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3DQEJARYYc2lt +cGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNVoXDTI2MTEyNjIxMTQyNVow +gb0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAG +A1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNP +TVAgc2ltcGxlZGVtbyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcN +AQkBFhhzaW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOsAdnZAuhe +Yrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs947MAuiqpPojPwDDb +9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlKeCTLW+bZKeaKoWdkFxyyzykO +oMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m +5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfNGib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j +79E/OZkfk/9V3Hvfy78Ss9H5uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCf +Q6Bwd0Nm48KrJkTeySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUX +jsHIj7Gv2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI +vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2lG8n50YSX +b0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQFQD3oWZUOVE81Qc9WSfcyqwww +DQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pjp1R9+Q766Qhzh4EN9RFCsktCcf4pB23l +PtFhMhIZJP5eZKLB4MUIvtmleU+DmOWfjcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6V +Ud9vbGH66ElIg9nP7XWAE6h5DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4w +yEEPQlpU2AewZqOUp0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYI +eNssLnv6FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE +a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6ygL5Oyvr +j8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5BRyx7BswcTEtZHWHx +D/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJAp9D+WmTJ9PdpDjiwCXCkMD3 +QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOdgxFK9q1vjhm02FAABIa+kL10CKPuRdlE +/GsWl03WKMeT5bY3MTO3odsNXhKWA19hwUAp0gnljuFHPX7jWwruZ1eD8mQvAAAAAgARZW50 +cnVzdGV2Y2EgW2pka10AAAFWwkjuQgAFWC41MDkAAASVMIIEkTCCA3mgAwIBAgIERWtQVDAN +BgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4x +OTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVy +ZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEy +NzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYD +VQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2Ux +HzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWI +sMn/MYszA9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQ +gFA/CYqEAOwwCj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KK +jbHjKYD+JXGIrb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+ +5pPi94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCB +rTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEy +NzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD ++4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsI +VjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8Zynty +TtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47Rg +xRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72D +QnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM +++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m0vdX +cDazv/wor3ElhVsT/h5/WrQ8AAAAAgAYdmVyaXNpZ25jbGFzczNnM2NhIFtqZGtdAAABVsJJ +W+wABVguNTA5AAAEHjCCBBowggMCAhEAm34GSaM+YrnV7pBIcSnvVzANBgkqhkiG9w0BAQUF +ADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5j +LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAx +MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT +aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEo +YykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYD +VQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLupxS/HgfGh5v +GzdzvfjJa5QSME/wNkf10JEK9RfIpWHBFkBN+4phkOV2IMERBn2rLG6m9RFBjvotrSphWaRn +JkzQ6LxSW3AgBFjResmkabyDF2StBYu80FjOjYz16/BCSQudlydnMm7hrpMVHHC8IE0vGN6S +iOhshVcRGul+4yYRVKJFllWDyjCJ6NzYo+0qgD9/eWVXPhUgZggvlZO/qkcvqEaX8BLi/sIK +K1Hmdua3RrfiDabMqMNMWVWJ5uhTXBzqnfBiFgunyV8M8N7Cds6v92ry+kGmojMUyeV6Y9Oe +YjfVhWWeDuZTJHQbXh0SU1vHLOeDSTsVropouVeXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB +ABEUlsGrkgj3Py/Jsv7kWp9k3tshT4aZNHY2V93QFS/FrX8VHzdicz7U51/OFwPbNfor265g +CV8eX49uuws96loTHgxgb7XAtSMiLgcLy6l0y0e7HcHXpWvML9JC/Undp4nPU7raAFoov4Lf ++LoTHVCGgv2OMI8pRrAePTXaOGIWGEqt5rZRbN6vYusB0B4k/nqPEhoSaLj7ZpkUFEVcrueu +aReBK1o3yV4q9MbioVxUm6ZUAM/w8cHHmDAaOzYW26Nu6v2tssLa7wJHE4rA8bMxrU8c4U+c +rw8Mnfd4Ddj0NVaA2rdtF4+dHoFk4f7FRbqta7kKek5PS4TuS/F93REAAAACABxjZXJ0dW10 +cnVzdGVkbmV0d29ya2NhIFtqZGtdAAABVsJJZ94ABVguNTA5AAADvzCCA7swggKjoAMCAQIC +AwREwDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMB4XDTA4MTAyMjEyMDcz +N1oXDTI5MTIzMTEyMDczN1owfjELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVj +aG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eTEiMCAGA1UEAxMZQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAOP7faNyusLwyRSH9WsBTuFuQAe6bSddf/dbLbNax1Ffq6QypmGH +tm4PhtIwApf412lXoRg5XWpkecYBWaw8MUo4fNIE0kso6CBfOweizE1z2/OuT8dW1Vqnlon6 +86to1COGWSfPCSe8rG5ygxwwct/gounS4XR1Gb0qnnsVVAQb10M5rVUoxeIau/TA5K44STPM +doWfOUXSpJ7yEoxR+HzkLX/1rF/rFp+xLdG6zJFCd0wlyZA4b9vwzPuOHpdZPtVgTuYFKO1J +eRNLukjbL/ly0znK/h/YNHL1tEDPMQHD7N4RLRddH7hQ0V4Zp2neBzMoylCV+adUy1SGUEWp ++UkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCHbNywf/JPbFze27kLzi +hDdGdfcwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCmqK0izgE9pqP/YtBI +nYtecrB4ROPcHK8J/SNI+r0qxLlVBLUQo40n3guCY9Du3gw3eUFbIrKwmkFcpnDg1NB3yyPT +AOBsVi/haQ0N2aq/IYFQ2QalqP+VN9Cq/uKz9ZktRYSK5UIJ13QCL/eJ2JnpvCfUR426DUYc +d88UpBy5pDHEnCh0AzT/MxkmpekNdLc+l8Z26CeWo2bd4a7yQVvKmFaDc3DkhhrSMUG6L74t +E1p2b07oToEOP1sDIqASvmZYEUrLA8S0KiotlhfgOVS8SNN2J52aLQamyew50qvbn5oLJwI1 +KbFAlef56JxViBlG1rc09X7OOZrZOPFR908sAAAAAgAcdXRudXNlcmZpcnN0aGFyZHdhcmVj +YSBbamRrXQAAAVbCSPFHAAVYLjUwOQAABHgwggR0MIIDXKADAgECAhBEvgyLUAAktBHTNir+ +ZQr9MA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNV +BAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAf +BgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEfMB0GA1UEAxMWVVROLVVTRVJGaXJz +dC1IYXJkd2FyZTAeFw05OTA3MDkxODEwNDJaFw0xOTA3MDkxODE5MjJaMIGXMQswCQYDVQQG +EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNv +bTEfMB0GA1UEAxMWVVROLVVTRVJGaXJzdC1IYXJkd2FyZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALH3wzg/tKh/zzmCUWfQbZ/S/1jz558r7A2JVJm5OJkW9+AheUjCu2F0 +EpYdPGpy1TwQZzo57SsTzWbrlQkzpGyXsejG7MF1eZxGXo2r0Gr9uSpVFxBUsxnwmvbxsV22 +p2374HEXa6KI+wDf/hoxdwyaAXqxMuMrAQc4bsOlXiO8RZt7UMHJMI/b5St601v7M0AeoNWY +F7yLh8OJ012gjrKqqvaOaYgGxfqJIfMInWkuCTObKQ1GD4zMSTSwaVG9+QbNaK1mTLw+rGG9 +CogOyN897nwETJ0KXmuR1u7H7SiNq02HiXPQbqTQHhaLFOF2RAN/Y6zkzUmcxZL0qzKhSFsC +AwEAAaOBuTCBtjALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoXJf +JhsomEOVXQc31YWWnUvSw0UwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1 +c3QuY29tL1VUTi1VU0VSRmlyc3QtSGFyZHdhcmUuY3JsMDEGA1UdJQQqMCgGCCsGAQUFBwMB +BggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMA0GCSqGSIb3DQEBBQUAA4IBAQBHGQ/e +dMaZl6/8rShedY7rLWfuTnsr1wz/9t7LVaIK4UxUZZNga58SnK1egyzrWq7A5C30AGMduMBs +8s9Ju02TbwamCiKySWIITv/IyBSyiBZd5wHkEpXlRTSzi2m9z7SFj3VRnn06ODoUSBLG+6c7 +Go0NgkAH6AQIkKGJyxlQ38ocAbwdBBl7EHaXO+6QkMrEDh8WbnXvM/jTb1seluPgdHd0e4qi +bi3ddtY5MILwq5xS8irHr0lefsdo5YKByGon+SeIKtVYUJUf8DscV7t9FDliK5rJlJIqoyIM +/4kmfV8jK0fXFR2pap5RDSpRnoH51DtecBJ/EDKcHrud+GaoAAAAAgAXZHRydXN0Y2xhc3Mz +Y2EyZXYgW2pka10AAAFWwkoAlwAFWC41MDkAAARHMIIEQzCCAyugAwIBAgIDCYP0MA0GCSqG +SIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZa +Fw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgx +KjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpnljgJ9hBO +lSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHhzRnp7hhP +TFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T7WYx +g4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pu +re3511H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxi +EyoZLsyvcop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGB +hn9sZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0 +aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2Ny +bC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUA +A4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt +77JLvyAoJUnRpjZ3NOhk31KxEcdzes05nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23P +b0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR +10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2B +iYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1AAAAAgAbZ2xv +YmFsc2lnbmVjY3Jvb3RjYXI1IFtqZGtdAAABVsJI9FEABVguNTA5AAACIjCCAh4wggGkoAMC +AQICEWBZSeAmLrtV+Qp3inH5SthsMAoGCCqGSM49BAMDMFAxJDAiBgNVBAsTG0dsb2JhbFNp +Z24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xv +YmFsU2lnbjAeFw0xMjExMTMwMDAwMDBaFw0zODAxMTkwMzE0MDdaMFAxJDAiBgNVBAsTG0ds +b2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE +AxMKR2xvYmFsU2lnbjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEdFDpb7fV2/6TnRIfifC7bV +ex6SOkhZHPBiMS3Aeij+Gqdcs7bMl+dF1Fj60XdtQ6LAh2U0Ch963es8M6HFnU2kb0GVOH/J +HoTr0Z5JkoeUhww6hUpmn51Zk02XYQaGSqNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFD3mKUib6gfKIURKJt5u3tKD0J9ZMAoGCCqGSM49BAMDA2gA +MGUCMQDlaRLJbtvGMboJQeGX+Pv9muJ9EsntfGTTywUli1bZoOdeXU4Lg5xbdimgCSYhamIC +MHHStY9c6jvheAmFqHWSO8hc/UjvDXQiqAjibsVJzscMvKdhafH3O+Eqy/kr82aQNwAAAAIA +H3N0YXJmaWVsZHNlcnZpY2Vzcm9vdGcyY2EgW2pka10AAAFWwkmiwgAFWC41MDkAAAPzMIID +7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo +bm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVow +gZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl +MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFy +ZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgP +fTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTr +z/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9 +rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66DQO4M99H +67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUc +dUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaE +d2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/he +yNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1zqwub +dQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDPfUYd/x7H +4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jzaYyWf/Wi3 +MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6AAAAAgAgdHRlbGVzZWNnbG9i +YWxyb290Y2xhc3MyY2EgW2pka10AAAFWwklV9AAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIB +ATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBF +bnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0 +MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVt +cyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqv +NK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/ +9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVs +qXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHm +BiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+G +PgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsf +dOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxh +I+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA +5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWE +yS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lDfMjI +q2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6FuwgAAAAIAGWFkZHRydXN0cXVhbGlm +aWVkY2EgW2pka10AAAFWwkmxZwAFWC41MDkAAAQiMIIEHjCCAwagAwIBAgIBATANBgkqhkiG +9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsT +FEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0Eg +Um9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQw +EgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh +BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx64r1EW7t +Tw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3KP0q +6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o +L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLE +O+GRwVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QID +AQABo4HUMIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr +pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU +cnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SC +AQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8F +tzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRv +xdlu3rsEQmr49lx95dr6h+sNNVJn0J6XdgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q +8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw +3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/w +MLH/S5noxqEAAAACABpkaWdpY2VydGdsb2JhbHJvb3RjYSBbamRrXQAAAVbCSYbZAAVYLjUw +OQAAA7MwggOvMIICl6ADAgECAhAIO+BWkEJGsaF1aslZkcdKMA0GCSqGSIb3DQEBBQUAMGEx +CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp +Y2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTA2MTExMDAw +MDAwMFoXDTMxMTExMDAwMDAwMFowYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0 +IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xv +YmFsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiO+ERct6opNOj +V6pQoo8Ld5DJoqXuEs6WWwEJIMwBk6dOMLdT90PEaQBXneKNIt2HBkAAgQnOzhuDv9/NO3FG +4tZmxwWzdicWj3ueHpV97rdIowja1q96DDkGZX9KXR+8F/irvu4o13R/eniZWYVoblwjMku/ +TsDoWm3jcL93EL/8AfaF2ahEEFgyqXUY1dGivkfiJ2r0mjP4SQhgi9RftDqEv6GqSkx9Ps9P +X2x2XqBLN5Ge3CLmbc4UGo5qy/7NsxRkF8dbKZ4yv/Lu+tMLQtSrt0Ey2gzU7/iB1buNWD+1 +G+hJKKJw2jEE3feyFvJMCk4HqO1KPV61f6OQw68nAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB +hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAfBgNV +HSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQUFAAOCAQEAy5w3qkgT +Egr63UScT1Kw9N+uBPV5eQijJBj8SyuEwC251cf+9MEfWMu4bZx6dOeYKasRteNwoKHNTIiZ +k4yRcOKrDxy+k6n/Y9XkB2DTo7+dWwnx1Y7jU/SOY/o/p9u0Zt9iZtbRbkGN8i216ndKn51Y +4itZwEAj7S0ogkU+eVSSJpjggEioN+/w1nlgFt6s6A7NbqxEFzgvSdrhRT4quTZTzzpQBvcu +6MRXSWxhIRjVBK14PCw6gGun668VFOnYicG5OGzikWyK/2S5dyVXMMAbJKPh3OnfR3y1tCQI +BTDsLb0Lv0W/ULmp8+uYARKtyIjGmDRfjQo8xunVlZVt3udPoMwa+5HNtuCXcGFXXPQXABoM + diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml new file mode 100644 index 0000000000..0e0f339e11 --- /dev/null +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -0,0 +1,163 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + + + +{{- define "common.certInitializer._aafConfigVolumeName" -}} + {{ include "common.fullname" . }}-aaf-config +{{- end -}} + +{{- define "common.certInitializer._aafAddConfigVolumeName" -}} + {{ print "aaf-add-config" }} +{{- end -}} + +{{/* + common templates to enable cert initialization for applictaions + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.certInitializer.initContainer" . | nindent XX }} + + containers: + volumeMounts: + {{- include "common.certInitializer.volumeMount" . | nindent XX }} + volumes: + {{- include "common.certInitializer.volume" . | nindent XX}} +*/}} +{{- define "common.certInitializer._initContainer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $initName := default "certInitializer" -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.name" $dot }}-aaf-readiness + image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" $dot }}-aaf-config + image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + volumeMounts: + - mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} + - mountPath: /opt/app/aaf_config/cert/truststoreONAPall.jks.b64 + name: aaf-agent-certs + subPath: truststoreONAPall.jks.b64 + - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64 + name: aaf-agent-certs + subPath: truststoreONAP.p12.b64 +{{- if $initRoot.aaf_add_config }} + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh +{{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh +{{- if $initRoot.aaf_add_config }} + /opt/app/aaf_config/bin/aaf-add-config.sh +{{- end }} + env: + - name: APP_FQI + value: "{{ $initRoot.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ $dot.Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ $initRoot.fqdn }}" + - name: aaf_locator_app_ns + value: "{{ $initRoot.app_ns }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, eventually + - name: cadi_longitude + value: "{{ default "52.3" $initRoot.cadi_longitude }}" + - name: cadi_latitude + value: "{{ default "13.2" $initRoot.cadi_latitude }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ $initRoot.public_fqdn | default "" }}" +{{- end -}} + +{{- define "common.certInitializer._volumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +- mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} +{{- end -}} + +{{- define "common.certInitializer._volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} + emptyDir: + medium: Memory +{{- if $initRoot.aaf_add_config }} +- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + configMap: + name: {{ include "common.fullname" $subchartDot }}-add-config + defaultMode: 0700 +- name: aaf-agent-certs + configMap: + name: {{ include "common.fullname" $subchartDot }}-certs + defaultMode: 0700 + +{{- end -}} +{{- end -}} + +{{- define "common.certInitializer.initContainer" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{ include "common.certInitializer._initContainer" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumeMount" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumeMount" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumes" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumes" . }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index fe099b140d..a89a33152b 100644 --- a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -1,6 +1,5 @@ -{{ if .Values.global.aafEnabled }} {{/* -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,14 +14,19 @@ # limitations under the License. */}} -{{- if .Values.aafConfig.addconfig -}} +{{ if .Values.aaf_add_config }} apiVersion: v1 kind: ConfigMap -{{- $suffix := "aaf-add-config" }} +{{- $suffix := "add-config" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} -{{- end -}} + aaf-add-config.sh: | + {{ tpl .Values.aaf_add_config . | indent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "certs" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/common/certInitializer/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml new file mode 100644 index 0000000000..b55ba5e2f3 --- /dev/null +++ b/kubernetes/common/certInitializer/values.yaml @@ -0,0 +1,42 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + aafEnabled: true + +pullPolicy: Always + +secrets: + - uid: deployer-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafDeployFqi }}' + password: '{{ .Values.aafDeployPass }}' + passwordPolicy: required + +aafDeployFqi: "changeme" +fqdn: "" +app_ns: "org.osaaf.aaf" +fqi: "" +fqi_namespace: "" +public_fqdn: "aaf.osaaf.org" +aafDeployFqi: "deployer@people.osaaf.org" +aafDeployPass: demo123456! +cadi_latitude: "38.0" +cadi_longitude: "-72.0" +aaf_add_config: "" +mountPath: "/opt/app/osaaf" diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index 0c78cc11b9..e90f8aea5d 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -76,6 +76,13 @@ fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi - name: {{ include "common.name" $dot }}-aaf-config image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} @@ -121,6 +128,13 @@ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator - name: aaf_locator_public_fqdn value: "{{ $aafRoot.public_fqdn | default "" }}" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end -}} {{- end -}} diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml index 7d56bf28ef..4735901dfa 100644 --- a/kubernetes/common/dgbuilder/requirements.yaml +++ b/kubernetes/common/dgbuilder/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../common' diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml index ff65593469..e9a5a5f61a 100644 --- a/kubernetes/common/elasticsearch/components/curator/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml index 6a61926e9e..a1f72ffc60 100644 --- a/kubernetes/common/elasticsearch/components/data/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml index 6a61926e9e..a1f72ffc60 100644 --- a/kubernetes/common/elasticsearch/components/master/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml index 84fa71c6e6..8a02fef7b7 100644 --- a/kubernetes/common/elasticsearch/requirements.yaml +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -15,7 +15,7 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' - name: master version: ~6.x-0 repository: 'file://components/master' @@ -27,4 +27,3 @@ dependencies: version: ~6.x-0 repository: 'file://components/curator' condition: elasticsearch.curator.enabled,curator.enabled - diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml index facbc4434e..e90e615d73 100644 --- a/kubernetes/common/etcd/requirements.yaml +++ b/kubernetes/common/etcd/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/mongo/requirements.yaml b/kubernetes/common/mongo/requirements.yaml index f99477141f..6ba617e990 100644 --- a/kubernetes/common/mongo/requirements.yaml +++ b/kubernetes/common/mongo/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/music/charts/music-cassandra/requirements.yaml b/kubernetes/common/music/charts/music-cassandra/requirements.yaml index 38536fcd78..0a80d654d0 100644 --- a/kubernetes/common/music/charts/music-cassandra/requirements.yaml +++ b/kubernetes/common/music/charts/music-cassandra/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml index a7089ea6b3..1c428d214e 100644 --- a/kubernetes/common/music/requirements.yaml +++ b/kubernetes/common/music/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml index 8152196ab5..8c2277c210 100644 --- a/kubernetes/common/network-name-gen/requirements.yaml +++ b/kubernetes/common/network-name-gen/requirements.yaml @@ -15,12 +15,12 @@ dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
- name: mariadb-galera
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-galera'
condition: global.mariadbGalera.localCluster
- name: mariadb-init
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-init'
condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 0defa97c26..a9f2a5bbd4 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -73,7 +73,7 @@ mariadb-init: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-apps-ms-neng:0.6.3 +image: onap/ccsdk-apps-ms-neng:0.7.1 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/common/postgres/requirements.yaml b/kubernetes/common/postgres/requirements.yaml index 76afd96b98..6f898b6171 100644 --- a/kubernetes/common/postgres/requirements.yaml +++ b/kubernetes/common/postgres/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 5fcd916989..a9cac8beac 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -107,7 +107,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index 59f64bd99c..3f5b1b4336 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -69,10 +69,10 @@ DB.host: {{ .Values.postgres.service.name2 }} #DB.schema: {{ .Values.postgres.config.pgDatabase }} # postgres user name -#DB.user: {{ .Values.postgres.config.pgUserName }} +DB.user: ${PG_USER} # postgres user password -DB.cred: {{ .Values.postgres.config.pgUserPassword }} +DB.cred: ${PG_PASSWORD} ##################################################### diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index ea2720f9ce..a957acee9e 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -23,6 +23,25 @@ spec: spec: {{- if or .Values.global.aafEnabled .Values.PG.enabled }} initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.name" . }}-config-input + - mountPath: /config + name: {{ include "common.name" . }}-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-aaf-readiness command: @@ -155,10 +174,13 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.name" . }}-config + - name: {{ include "common.name" . }}-config-input configMap: name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-aaf-config-vol emptyDir: {} + - name: {{ include "common.name" . }}-config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml index e15a152a21..25f5e7ad60 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml @@ -28,3 +28,5 @@ type: Opaque data: aaf-deploy-password: {{ index .Values.aafConfig.aafDeployPass | b64enc | quote }} {{- end }} +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 3a18787826..d975dbaad2 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -22,6 +22,22 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dmaap-bc-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-dmaap-bc-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dmaap-bc-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate ################################################################# # Application configuration defaults. @@ -114,9 +130,8 @@ postgres: config: pgUserName: dmaap_admin pgDatabase: dmaap - pgPrimaryPassword: onapdemodb - pgUserPassword: onapdemodb - pgRootPassword: onapdemodb + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName persistence: mountSubPath: dbc/data mountInitPath: dbc diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 5c32d9950d..8b44e160ba 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -144,6 +144,7 @@ service: type: NodePort name: dmaap-dr-node useNodePortExt: true + both_tls_and_plain: true annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" ports: diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml index 3c7b1d3a65..f0bfedb43a 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/k8s:0.5.0 +image: onap/multicloud/k8s:0.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml index 4bd4fd863e..7ce343627a 100644 --- a/kubernetes/nbi/requirements.yaml +++ b/kubernetes/nbi/requirements.yaml @@ -20,6 +20,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' - name: mongo version: ~6.x-0 repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 1b4195c733..22dd4a1ded 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: name: {{ include "common.fullname" . }} spec: {{- if .Values.global.aafEnabled }} - initContainers: {{ include "common.aaf-config" . | nindent 6 }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- end }} containers: - name: {{ include "common.name" . }} @@ -49,11 +49,11 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0) + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ - -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \ + -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \ -Dserver.ssl.key-store-type=PKCS12 \ - -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \ + -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \ -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ -Djavax.net.ssl.trustStoreType=jks\ -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" @@ -122,7 +122,7 @@ spec: value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -148,7 +148,7 @@ spec: # name: esr-server-logs # - mountPath: /usr/share/filebeat/data # name: esr-server-filebeat - volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 6381d83e27..4fe092e603 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -36,7 +36,8 @@ global: ################################################################# # AAF part ################################################################# -aafConfig: +certInitializer: + nameOverride: nbi-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret @@ -45,13 +46,16 @@ aafConfig: public_fqdn: nbi.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +aafConfig: permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds - ################################################################# # Secrets metaconfig @@ -63,12 +67,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' password: '{{ .Values.config.db.userPassword }}' - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required subChartsOnly: enabled: true diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 0126c6e06b..3552b2e2f6 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -82,7 +82,7 @@ ingress: # Default installation values to be overridden server: - jvmOpts: -server -Xms1024m -Xmx2048m + jvmOpts: -server -XshowSettings:vm aaf: enabled: "false" diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties index f2c2cd7765..c7e4ad197e 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD} +javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 9ac5d68a89..bd126b810b 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} @@ -45,6 +45,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} - name: API_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: pdpxconfig @@ -59,11 +63,6 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] - env: - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 8d18fd0dbd..01bc0dab93 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -32,7 +32,7 @@ global: # application image repository: nexus3.onap.org:10001 -image: onap/portal-app:3.2.0 +image: onap/portal-app:3.2.1 pullPolicy: Always #AAF local config diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index 13b319c76a..7502e9322a 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -78,7 +78,7 @@ update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7ML /* Replace spaces with underscores for role names to match AAF role names */ -UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y'; +UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999); /* diff --git a/kubernetes/robot b/kubernetes/robot -Subproject c81062626b69160145baac5e6a5d670cb67211f +Subproject 1bc31c7d76408bdf2267bf72bf3b1b1e18e2367 diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index e0af28fd86..a0e9b539e6 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.4 -backendInitImage: onap/sdc-backend-init:1.6.4 +image: onap/sdc-backend:1.6.5 +backendInitImage: onap/sdc-backend-init:1.6.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index 6c63927cf5..3cef2cf49e 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.4 -cassandraInitImage: onap/sdc-cassandra-init:1.6.4 +image: onap/sdc-cassandra:1.6.5 +cassandraInitImage: onap/sdc-cassandra-init:1.6.5 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index e5d41eb897..8754d0fc87 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.4 +image: onap/sdc-frontend:1.6.5 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 4cfebbf72f..0471c031a6 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.4 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4 +image: onap/sdc-onboard-backend:1.6.5 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 8bab2c84ea..05793d4f5b 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.4 -configInitImage: onap/workflow-init:1.6.4 +image: onap/sdc-workflow-backend:1.7.0 +configInitImage: onap/sdc-workflow-init:1.7.0 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 359c33ab61..aaa7795709 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.4 +image: onap/sdc-workflow-frontend:1.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile index d634a8c506..e4b5dda95d 100644 --- a/kubernetes/sdnc/Makefile +++ b/kubernetes/sdnc/Makefile @@ -18,8 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets -EXCLUDES := -HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) +EXCLUDES := dist resources templates charts +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -48,4 +48,4 @@ clean: @rm -f *tgz */charts/*tgz @rm -rf $(PACKAGE_DIR) %: - @:
\ No newline at end of file + @: diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties index eff236a962..6d5afef190 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties index 944b63f4c2..fcb56e08c3 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties index b670d436c0..a03871d428 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 AFT_DME2_EP_READ_TIMEOUT_MS=50000 sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=$(ODL_USER} +sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 51f7afeeb5..bcbad0d68e 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.1 +image: onap/sdnc-dmaap-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index c08e53a84a..d0455d5647 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.1 +image: onap/sdnc-ansible-server-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 2fa7071827..71ebb69819 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.1 +image: onap/admportal-sdnc-image:1.8.2 config: dbFabricDB: mysql dbFabricUser: admin diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index a02a38531c..7a19b12865 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.1 +image: onap/sdnc-ueb-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile new file mode 100644 index 0000000000..4e737638a6 --- /dev/null +++ b/kubernetes/sdnc/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# FIXME OOM-765 +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdnc/sdnc-prom/Chart.yaml b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml index 54fb337f04..54fb337f04 100644 --- a/kubernetes/sdnc/sdnc-prom/Chart.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml diff --git a/kubernetes/sdnc/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml index e4c7240290..e4c7240290 100644 --- a/kubernetes/sdnc/sdnc-prom/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh index fb24653129..fb24653129 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh index 8dd84bd3ea..8dd84bd3ea 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh index c93ba24bd7..c93ba24bd7 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster index bdfa1a440b..bdfa1a440b 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch index 209352c4e3..209352c4e3 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover index e78b7eeee3..e78b7eeee3 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor index 0042ac368a..0042ac368a 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh index f13196e7e8..f13196e7e8 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/config.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json index 54f95c140c..54f95c140c 100644 --- a/kubernetes/sdnc/sdnc-prom/resources/config/config.json +++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json index ea8ceccc0c..ea8ceccc0c 100644 --- a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json +++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json diff --git a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml index 927bb1e5be..927bb1e5be 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml diff --git a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml index 7492b5501e..7492b5501e 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml diff --git a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml index bef2d6a85f..bef2d6a85f 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml diff --git a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml index 9933852f16..9933852f16 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml diff --git a/kubernetes/sdnc/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml index 7216e81abf..7216e81abf 100644 --- a/kubernetes/sdnc/sdnc-prom/values.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml index 087ed30055..cd39425073 100644 --- a/kubernetes/sdnc/templates/configmap.yaml +++ b/kubernetes/sdnc/templates/configmap.yaml @@ -78,3 +78,16 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }} + +{{ if .Values.global.aafEnabled }} +{{- if .Values.aafConfig.addconfig -}} +--- +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "aaf-add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1 +{{- end -}} +{{- end -}} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 4511ca9125..58ca866fca 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -92,54 +92,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness {{ if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-aaf - image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs - command: - - bash - - -c - - | - /opt/app/aaf_config/bin/agent.sh && - cd /opt/app/osaaf/local && - /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1 - env: - - name: APP_FQI - value: "{{ .Values.aaf_init.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:8095" - - name: aaf_locator_container - value: "oom" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aaf_init.fqdn }}" - - name: aaf_locator_app_ns - value: "{{ .Values.aaf_init.app_ns }}" - - name: DEPLOY_FQI - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }} - - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }} - - name: cadi_longitude - value: "{{ .Values.aaf_init.cadi_longitude }}" - - name: cadi_latitude - value: "{{ .Values.aaf_init.cadi_latitude }}" +{{ include "common.aaf-config" . | indent 6 }} {{ end }} - name: {{ include "common.name" . }}-chown image: "busybox" @@ -147,8 +100,9 @@ spec: volumeMounts: - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs +{{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volume-mountpath" . | indent 10 }} +{{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -197,6 +151,9 @@ spec: - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" volumeMounts: + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volume-mountpath" . | indent 10 }} + {{- end }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -237,8 +194,6 @@ spec: name: {{ include "common.fullname" . }}-data - mountPath: /var/log/onap name: logs - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs - mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml name: properties subPath: akka.conf @@ -298,17 +253,13 @@ spec: - name: properties emptyDir: medium: Memory - - name: {{ include "common.fullname" . }}-certs - {{ if .Values.certpersistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-certs - {{ else }} - emptyDir: {} - {{ end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} {{ else }} + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volumes" . | indent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index f0d70e2c33..96ea6e33fd 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -24,6 +24,7 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafAgentImage: onap/aaf/aaf_agent:2.1.15 persistence: mountPath: /dockerdata-nfs aafEnabled: true @@ -69,7 +70,7 @@ secrets: password: '{{ .Values.config.odlPassword }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required - - uid: aaf-creds + - uid: &aaf_secret_uid aaf-creds type: basicAuth externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' login: '{{ .Values.aaf_init.deploy_fqi }}' @@ -118,7 +119,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.1 +image: onap/sdnc-image:1.8.2 # flag to enable debugging - application support required @@ -194,6 +195,20 @@ config: numberGGLogFiles: 10 # dependency / sub-chart configuration +aafConfig: + addconfig: true + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "sdnc.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + secret_uid: *aaf_secret_uid + credsPath: /opt/app/osaaf/local + aaf_init: agentImage: onap/aaf/aaf_agent:2.1.15 app_ns: "org.osaaf.aaf" diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml new file mode 100644 index 0000000000..6bd4e1c8eb --- /dev/null +++ b/kubernetes/vnfsdk/resources/config/configuration.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2017 Huawei Technologies Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE configuration +PUBLIC "//mybatis.org//DTD Config 3.0//EN" +"http://mybatis.org/dtd/mybatis-3-config.dtd"> +<configuration> + <environments default="development"> + <environment id="development"> + <transactionManager type="JDBC" /> + <dataSource type="UNPOOLED"> + <property name="driver" value="org.postgresql.Driver" /> + <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" /> + <property name="username" value="${PG_USER}" /> + <property name="password" value="${PG_PASSWORD}" /> + </dataSource> + </environment> + </environments> + <mappers> + <mapper resource="mybatis/sql/MarketplaceMapper.xml" /> + </mappers> +</configuration> diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml index 44d5f41f15..0c39e6e685 100644 --- a/kubernetes/vnfsdk/templates/configmap.yaml +++ b/kubernetes/vnfsdk/templates/configmap.yaml @@ -23,4 +23,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/marketplace_tables_postgres.sql").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml index bd187db286..3f4d6c43eb 100644 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ b/kubernetes/vnfsdk/templates/deployment.yaml @@ -35,6 +35,25 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: init-data-input + - mountPath: /config + name: init-data + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name @@ -54,9 +73,10 @@ spec: name: {{ include "common.name" . }} resources: {{ include "common.resources" . | indent 12 }} - env: - - name: POSTGRES_SERVICE_HOST - value: "$(VNFSDK_DBSET_SERVICE_HOST)" + volumes: + - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml + name: init-data + subPath: configuration.xml readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -64,3 +84,10 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + volumes: + - name: init-data-input + configMap: + name: {{ include "common.fullname" . }} + - name: init-data + emptyDir: + medium: Memory diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml index 2ec7b95772..1d0dd29f59 100644 --- a/kubernetes/vnfsdk/templates/job.yaml +++ b/kubernetes/vnfsdk/templates/job.yaml @@ -51,13 +51,15 @@ spec: image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: + - name: PGUSER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - name: PGPASSWORD - value: "{{ .Values.postgres.config.pgUserPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} command: - /bin/sh - -c - | - psql -U {{ .Values.postgres.config.pgUserName }} -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql + psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql volumeMounts: - name: init-data mountPath: /aaa/init/marketplace_tables_postgres.sql diff --git a/kubernetes/vnfsdk/templates/secrets.yaml b/kubernetes/vnfsdk/templates/secrets.yaml new file mode 100644 index 0000000000..b143034d8f --- /dev/null +++ b/kubernetes/vnfsdk/templates/secrets.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 28dea47cfc..82bef2d4eb 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -22,6 +22,22 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate ################################################################# # Application configuration defaults. @@ -50,9 +66,8 @@ postgres: config: pgUserName: postgres pgDatabase: postgres - pgPrimaryPassword: postgres - pgUserPassword: postgres - pgRootPassword: postgres + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName # flag to enable debugging - application support required debugEnabled: false |