From 3d7f6a35ad2ab1e335b3beeb52d278bfd355a791 Mon Sep 17 00:00:00 2001 From: Prasanna Santhanam Date: Fri, 13 Jul 2012 10:49:49 -0700 Subject: [PATCH 01/29] CS-15560 : Improve HVM logging of hosts When a host is not considered for deployment because it has disabled HVM, then call that out in the logs for debugging. Signed-off-by: Nitin Mehta --- .../agent/manager/allocator/impl/FirstFitAllocator.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java b/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java index 0f163cc6e7a..27892316469 100755 --- a/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java +++ b/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java @@ -285,6 +285,7 @@ public class FirstFitAllocator implements HostAllocator { String templateGuestOSCategory = getTemplateGuestOSCategory(template); List prioritizedHosts = new ArrayList(); + List noHvmHosts = new ArrayList(); // If a template requires HVM and a host doesn't support HVM, remove it from consideration List hostsToCheck = new ArrayList(); @@ -292,12 +293,19 @@ public class FirstFitAllocator implements HostAllocator { for (HostVO host : hosts) { if (hostSupportsHVM(host)) { hostsToCheck.add(host); + } else { + noHvmHosts.add(host); } } } else { hostsToCheck.addAll(hosts); } + if (s_logger.isDebugEnabled()) { + if (noHvmHosts.size() > 0) { + s_logger.debug("Not considering hosts: " + noHvmHosts + " to deploy template: " + template +" as they are not HVM enabled"); + } + } // If a host is tagged with the same guest OS category as the template, move it to a high priority list // If a host is tagged with a different guest OS category than the template, move it to a low priority list List highPriorityHosts = new ArrayList(); From 7a5efcc2e8abf17d4d57d2cf889097f6b1960800 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Fri, 13 Jul 2012 15:56:51 -0700 Subject: [PATCH 02/29] CS-15579 - perform check when account/domainId is passed to list call by the regular user --- server/src/com/cloud/user/AccountManagerImpl.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 2338f05adca..e66b886839d 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -2146,7 +2146,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List permittedAccounts, Ternary domainIdRecursiveListProject, + public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List + permittedAccounts, Ternary domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) { Long domainId = domainIdRecursiveListProject.first(); @@ -2172,6 +2173,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } if (userAccount != null) { + checkAccess(caller, null, false, userAccount); + //check permissions permittedAccounts.add(userAccount.getId()); } else { throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domainId); From 829acf6e27b6f000d72715fedd69e885a1537501 Mon Sep 17 00:00:00 2001 From: anthony Date: Thu, 12 Jul 2012 11:16:03 -0700 Subject: [PATCH 03/29] CS-15551 : if 'xen.check.hvm' is false, don't check template hvm in allocator --- .../agent/manager/allocator/impl/FirstFitAllocator.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java b/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java index 27892316469..ac2e92b665f 100755 --- a/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java +++ b/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java @@ -81,6 +81,7 @@ public class FirstFitAllocator implements HostAllocator { @Inject VMInstanceDao _vmInstanceDao = null; @Inject ResourceManager _resourceMgr; float _factor = 1; + boolean _checkHvm = true; protected String _allocationAlgorithm = "random"; @Inject CapacityManager _capacityMgr; @@ -343,6 +344,9 @@ public class FirstFitAllocator implements HostAllocator { } protected boolean hostSupportsHVM(HostVO host) { + if ( !_checkHvm ) { + return true; + } // Determine host capabilities String caps = host.getCapabilities(); @@ -411,6 +415,8 @@ public class FirstFitAllocator implements HostAllocator { if (allocationAlgorithm != null) { _allocationAlgorithm = allocationAlgorithm; } + String value = configs.get("xen.check.hvm"); + _checkHvm = value == null ? true : Boolean.parseBoolean(value); } return true; } From 5611723b13d90521e37ac11119df444fde086406 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Sat, 14 Jul 2012 11:45:40 -0400 Subject: [PATCH 04/29] updating mailing list references --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 93a37b1ecdc..4a15a077363 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,8 @@ http://cloudstack.org/download.html * XCP ## Mailing lists -[Announcement Mailing List](https://lists.sourceforge.net/lists/listinfo/cloudstack-announce) -[Development Mailing List](https://lists.sourceforge.net/mailman/listinfo/cloudstack-devel) -[Users Mailing list](https://lists.sourceforge.net/mailman/listinfo/cloudstack-users) -[Commits mailing list](https://lists.sourceforge.net/mailman/listinfo/cloudstack-commits) +[Development Mailing List](mailto:cloudstack-dev-subscribe@incubator.apache.org) +[Users Mailing list](mailto:cloudstack-users-subscribe@incubator.apache.org) +[Commits mailing list](mailto:cloudstack-commits-subscribe@incubator.apache.org) From b627f5a85bb0d44f247a46b14d1df91a079d823d Mon Sep 17 00:00:00 2001 From: Edison Su Date: Mon, 16 Jul 2012 10:27:51 -0700 Subject: [PATCH 05/29] Simplifying the process of running the simulator. * ant run-simulator - will seed the simulator jar and start CS * ant run-marvin -Dmarvin.config="/path/config/file" - will * configure a cloudstack as per the given configuration. marvin.config - defaults to a two host simulator in an advanced zone You can then connect your debugger over localhost:8787 or use the CS ui at localhost:8080/client for testing. From: Prasanna Santhanam(Prasanna.Santhanam@citrix.com) --- build/build-marvin.xml | 12 ++ build/build-tests.xml | 27 ++- build/simulator.properties | 11 ++ tools/marvin/marvin/sandbox/README.txt | 15 +- .../sandbox/demo/simulator/simulator.cfg | 159 ++++++++++++++++++ tools/marvin/marvin/sandbox/run-marvin.sh | 66 ++++++++ .../marvin/marvin/sandbox/testSetupSuccess.py | 81 +++++++++ 7 files changed, 368 insertions(+), 3 deletions(-) create mode 100644 build/simulator.properties create mode 100644 tools/marvin/marvin/sandbox/demo/simulator/simulator.cfg create mode 100644 tools/marvin/marvin/sandbox/run-marvin.sh create mode 100644 tools/marvin/marvin/sandbox/testSetupSuccess.py diff --git a/build/build-marvin.xml b/build/build-marvin.xml index 687eb5cd976..daa77b91301 100644 --- a/build/build-marvin.xml +++ b/build/build-marvin.xml @@ -56,4 +56,16 @@ + + + + + + + + + + + + diff --git a/build/build-tests.xml b/build/build-tests.xml index fdffe326bab..e8649f2e487 100755 --- a/build/build-tests.xml +++ b/build/build-tests.xml @@ -49,6 +49,10 @@ + + + + @@ -98,12 +102,33 @@ - + + + + + + + + + + + + + + + + + + + + + + diff --git a/build/simulator.properties b/build/simulator.properties new file mode 100644 index 00000000000..80fe90dc35a --- /dev/null +++ b/build/simulator.properties @@ -0,0 +1,11 @@ +DBUSER=cloud +DBPW=cloud +MSLOG=vmops.log +APISERVERLOG=api.log +DBHOST=localhost +DBROOTPW= +AGENTLOGDIR=logs +AGENTLOG=logs/agent.log +MSMNTDIR=/mnt +COMPONENTS-SPEC=components-simulator.xml +AWSAPILOG=awsapi.log diff --git a/tools/marvin/marvin/sandbox/README.txt b/tools/marvin/marvin/sandbox/README.txt index 7efc190baf6..55c5cd390c7 100644 --- a/tools/marvin/marvin/sandbox/README.txt +++ b/tools/marvin/marvin/sandbox/README.txt @@ -3,12 +3,12 @@ Welcome to the marvin sandbox In here you should find a few common deployment models of CloudStack that you can configure with properties files to suit your own deployment. One deployment -model for each of - advanced zone, basic zone and a demo are given. +model for each of - advanced zone, basic zone and a simulator demo are given. $ ls - basic/ advanced/ -demo/ +simulator/ Each property file is divided into logical sections and should be familiar to those who have deployed CloudStack before. Once you have your properties file @@ -17,3 +17,14 @@ python script provided in the respective folder. The demo files are from the tutorial for testing with python that can be found on the wiki.cloudstack.org + +A common deployment model of a simulator.cfg that can be used for debugging is +included. This will configure an advanced zone with simulators that can be used +for debugging purposes when you do not have hardware to debug with. + +To do this: +$ cd cloudstack-oss/ +$ ant run-simulator #This will start up the mgmt server with the simulator seeded + +## In another shell +$ ant run-simulator diff --git a/tools/marvin/marvin/sandbox/demo/simulator/simulator.cfg b/tools/marvin/marvin/sandbox/demo/simulator/simulator.cfg new file mode 100644 index 00000000000..7816e19762d --- /dev/null +++ b/tools/marvin/marvin/sandbox/demo/simulator/simulator.cfg @@ -0,0 +1,159 @@ +{ + "zones": [ + { + "name": "Sandbox-simulator", + "guestcidraddress": "10.1.1.0/24", + "providers": [ + { + "broadcastdomainrange": "ZONE", + "name": "VirtualRouter" + } + ], + "dns1": "10.147.28.6", + "vlan": "100-200", + "ipranges": [ + { + "startip": "10.147.31.2", + "endip": "10.147.31.200", + "netmask": "255.255.255.0", + "vlan": "31", + "gateway": "10.147.31.1" + } + ], + "networktype": "Advanced", + "pods": [ + { + "endip": "10.147.29.200", + "name": "POD0", + "startip": "10.147.29.2", + "netmask": "255.255.255.0", + "clusters": [ + { + "clustername": "C0", + "hypervisor": "simulator", + "hosts": [ + { + "username": "root", + "url": "http://sim/c0/h0", + "password": "password" + }, + { + "username": "root", + "url": "http://sim/c0/h1", + "password": "password" + } + ], + "clustertype": "CloudManaged", + "primaryStorages": [ + { + "url": "nfs://10.147.28.6:/export/home/sandbox/primary", + "name": "PS0" + } + ] + } + ], + "gateway": "10.147.29.1" + } + ], + "internaldns1": "10.147.28.6", + "secondaryStorages": [ + { + "url": "nfs://10.147.28.6:/export/home/sandbox/secondary" + } + ] + } + ], + "dbSvr": { + "dbSvr": "localhost", + "passwd": "cloud", + "db": "cloud", + "port": 3306, + "user": "cloud" + }, + "logger": [ + { + "name": "TestClient", + "file": "/var/log/testclient.log" + }, + { + "name": "TestCase", + "file": "/var/log/testcase.log" + } + ], + "globalConfig": [ + { + "name": "storage.cleanup.interval", + "value": "300" + }, + { + "name": "vm.op.wait.interval", + "value": "5" + }, + { + "name": "default.page.size", + "value": "10000" + }, + { + "name": "instance.name", + "value": "QA" + }, + { + "name": "workers", + "value": "10" + }, + { + "name": "use.user.concentrated.pod.allocation", + "value": "false" + }, + { + "name": "account.cleanup.interval", + "value": "600" + }, + { + "name": "guest.domain.suffix", + "value": "sandbox.simulator" + }, + { + "name": "expunge.delay", + "value": "60" + }, + { + "name": "network.gc.wait", + "value": "60" + }, + { + "name": "network.gc.interval", + "value": "60" + }, + { + "name": "vm.allocation.algorithm", + "value": "random" + }, + { + "name": "expunge.interval", + "value": "60" + }, + { + "name": "expunge.workers", + "value": "3" + }, + { + "name": "check.pod.cidrs", + "value": "true" + }, + { + "name": "secstorage.allowed.internal.sites", + "value": "10.147.28.0/24" + }, + { + "name": "direct.agent.load.size", + "value": "1000" + } + ], + "mgtSvr": [ + { + "mgtSvrIp": "localhost", + "port": 8096 + } + ] +} diff --git a/tools/marvin/marvin/sandbox/run-marvin.sh b/tools/marvin/marvin/sandbox/run-marvin.sh new file mode 100644 index 00000000000..015a43b5648 --- /dev/null +++ b/tools/marvin/marvin/sandbox/run-marvin.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +usage() { + printf "Usage: %s:\n + [-m mgmt-server ] \n + [-c config-file ] \n + [-d db node url ]\n" $(basename $0) >&2 +} + +failed() { + exit $1 +} + +#defaults +FMT=$(date +"%d_%I_%Y_%s") +MGMT_SVR="localhost" +CONFIG="demo/simulator/simulator-smoke.cfg" +DB_SVR="localhost" + +while getopts 'd:m:c:' OPTION +do + case $OPTION in + d) dflag=1 + DB_SVR="$OPTARG" + ;; + m) mflag=1 + MGMT_SVR="$OPTARG" + ;; + c) cflag=1 + CONFIG="$OPTARG" + ;; + ?) usage + failed 2 + ;; + esac +done + +$(mysql -uroot -Dcloud -h$MGMT_SVR -s -N -r -e"update configuration set value='8096' where name='integration.api.port'") +version_tuple=$(python -c 'import sys; print(sys.version_info[:2])') + +if [[ $version_tuple == "(2, 7)" ]] +then + python -m marvin.deployAndRun -c $CONFIG -t /tmp/t.log -r /tmp/r.log -d /tmp + sleep 60 + python -m marvin.deployAndRun -c $CONFIG -t /tmp/t.log -r /tmp/r.log -f testSetupSuccess.py -l + cat /tmp/r.log + echo "Done" +else + echo "Python version 2.7 not detected on system. Aborting" +fi diff --git a/tools/marvin/marvin/sandbox/testSetupSuccess.py b/tools/marvin/marvin/sandbox/testSetupSuccess.py new file mode 100644 index 00000000000..8a0034cfa9b --- /dev/null +++ b/tools/marvin/marvin/sandbox/testSetupSuccess.py @@ -0,0 +1,81 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +import marvin +import unittest +from marvin.cloudstackTestCase import * +from marvin.cloudstackAPI import * +from time import sleep as delay + +class TestSetupSuccess(cloudstackTestCase): + """ + Test to verify if the cloudstack is ready to launch tests upon + 1. Verify that system VMs are up and running in all zones + 2. Verify that built-in templates are Ready in all zones + """ + @classmethod + def setUpClass(cls): + cls.apiClient = super(TestSetupSuccess, cls).getClsTestClient().getApiClient() + + zones = listZones.listZonesCmd() + cls.zones_list = cls.apiClient.listZones(zones) + cls.retry = 50 + + def test_systemVmReady(self): + """ + system VMs need to be ready and Running for each zone in cloudstack + """ + for z in self.zones_list: + retry = self.retry + while retry != 0: + self.debug("looking for system VMs in zone: %s, %s"%(z.id, z.name)) + sysvms = listSystemVms.listSystemVmsCmd() + sysvms.zoneid = z.id + sysvms.state = 'Running' + sysvms_list = self.apiClient.listSystemVms(sysvms) + if sysvms_list is not None and len(sysvms_list) == 2: + assert len(sysvms_list) == 2 + self.debug("found %d system VMs running {%s}"%(len(sysvms_list), sysvms_list)) + break + retry = retry - 1 + delay(60) #wait a minute for retry + self.assertNotEqual(retry, 0, "system VMs not Running in zone %s"%z.name) + + def test_templateBuiltInReady(self): + """ + built-in templates CentOS to be ready + """ + for z in self.zones_list: + retry = self.retry + while retry != 0: + self.debug("Looking for at least one ready builtin template") + templates = listTemplates.listTemplatesCmd() + templates.templatefilter = 'featured' + templates.listall = 'true' + templates_list = self.apiClient.listTemplates(templates) + if templates_list is not None: + builtins = [tmpl for tmpl in templates_list if tmpl.templatetype == 'BUILTIN' and tmpl.isready == True] + if len(builtins) > 0: + self.debug("Found %d builtins ready for use %s"%(len(builtins), builtins)) + break + retry = retry - 1 + delay(60) #wait a minute for retry + self.assertNotEqual(retry, 0, "builtIn templates not ready in zone %s"%z.name) + + @classmethod + def tearDownClass(cls): + pass From e874fdb24c4e7c40076d6d470518d94016fa5798 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Mon, 16 Jul 2012 15:43:58 -0400 Subject: [PATCH 06/29] adding docs --- .../Author_Group/Apache/Author_Group.xml | 35 + .../Book_Info/Main_Book_Info/Book_Info.xml | 27 + docs/configs/Legal_Notice/Legal_Notice.xml | 35 + docs/configs/main/README.txt | 5 + docs/en-US/Author_Group.xml | 26 + docs/en-US/Book_Info.xml | 27 + docs/en-US/Common_Content/Legal_Notice.xml | 7 + .../LDAPserver-for-user-authentication.xml | 21 + docs/en-US/Preface.xml | 13 + docs/en-US/Revision_History.xml | 27 + docs/en-US/SSL-keystore-path-and-password.xml | 10 + docs/en-US/VPN-user-usage-record-format.xml | 17 + docs/en-US/about-pods.xml | 9 + docs/en-US/about-virtual-networks.xml | 12 + docs/en-US/about-working-with-vms.xml | 15 + docs/en-US/accept-membership-invite.xml | 17 + docs/en-US/accessing-vms.xml | 17 + docs/en-US/accounts-users-domains.xml | 35 + docs/en-US/accounts.xml | 9 + docs/en-US/acquire-new-ip-address.xml | 17 + docs/en-US/add-additional-guest-network.xml | 25 + docs/en-US/add-ingress-egress-rules.xml | 73 + docs/en-US/add-iso.xml | 74 + docs/en-US/add-load-balancer-rule.xml | 27 + docs/en-US/add-members-to-projects.xml | 14 + .../add-password-management-to-templates.xml | 14 + docs/en-US/add-projects-members-from-ui.xml | 18 + docs/en-US/add-security-group.xml | 20 + docs/en-US/added-API-commands.xml | 143 + .../en-US/added-cloudPlatform-error-codes.xml | 114 + ...ng-IP-addresses-for-the-public-network.xml | 26 + docs/en-US/admin-alerts.xml | 17 + docs/en-US/admin-guide.xml | 73 + docs/en-US/advanced-zone-configuration.xml | 9 + ...ed-zone-physical-network-configuration.xml | 10 + docs/en-US/alerts.xml | 31 + docs/en-US/allocators.xml | 9 + docs/en-US/api-reference.xml | 8 + docs/en-US/appendix-a-time-zones.xml | 124 + docs/en-US/asynchronous-commands-example.xml | 88 + docs/en-US/asynchronous-commands.xml | 15 + docs/en-US/attach-iso-to-vm.xml | 20 + docs/en-US/attaching-volume.xml | 25 + .../automatic-snapshot-creation-retention.xml | 18 + docs/en-US/basic-zone-configuration.xml | 128 + ...ic-zone-physical-network-configuration.xml | 10 + docs/en-US/best-practices-for-vms.xml | 6 + docs/en-US/best-practices-primary-storage.xml | 13 + .../best-practices-secondary-storage.xml | 14 + docs/en-US/best-practices-templates.xml | 9 + docs/en-US/best-practices-virtual-router.xml | 15 + ...e-console-proxy-ssl-certificate-domain.xml | 30 + docs/en-US/change-host-password.xml | 20 + ...ange-network-offering-on-guest-network.xml | 26 + .../change-to-behavior-of-list-commands.xml | 70 + docs/en-US/changing-root-password.xml | 32 + docs/en-US/changing-secondary-storage-ip.xml | 26 + .../changing-secondary-storage-servers.xml | 17 + .../changing-secondary-storage-serversp.xml | 17 + .../changing-service-offering-for-vm.xml | 30 + docs/en-US/changing-vm-name-os-group.xml | 36 + docs/en-US/cloud-infrastructure-concepts.xml | 9 + docs/en-US/cloud-infrastructure-overview.xml | 28 + docs/en-US/cloud_infrastructure_overview.xml | 21 + docs/en-US/cloudplatform-api.xml | 12 + docs/en-US/cloudstack-admin.xml | 12 + docs/en-US/cloudstack.ent | 4 + docs/en-US/cloudstack.xml | 16 + docs/en-US/cloudstack_admin.xml | 12 + docs/en-US/cloudstack_developers.xml | 12 + docs/en-US/cloudstack_features.xml | 42 + docs/en-US/cloudstack_installation.xml | 12 + docs/en-US/cloudstack_system_requirements.xml | 45 + docs/en-US/cloudstack_trial_installation.xml | 12 + docs/en-US/cloudstack_whatis.xml | 25 + docs/en-US/cluster-add.xml | 9 + docs/en-US/compatibility-matrix.xml | 97 + docs/en-US/compute-disk-service-offerings.xml | 29 + docs/en-US/concepts.xml | 11 + ...nfigure-guest-traffic-in-advanced-zone.xml | 31 + ...ure-public-traffic-in-an-advanced-zone.xml | 10 + docs/en-US/configure-usage-server.xml | 82 + docs/en-US/configure-virtual-router.xml | 17 + docs/en-US/configure-vpn.xml | 33 + docs/en-US/configure-xenserver-dom-memory.xml | 10 + .../en-US/configure-xenserver-dom0-memory.xml | 10 + docs/en-US/configuring-projects.xml | 10 + docs/en-US/console-proxy.xml | 16 + docs/en-US/contacting-support.xml | 5 + docs/en-US/convert-hyperv-vm-to-template.xml | 50 + docs/en-US/create-bare-metal-template.xml | 31 + docs/en-US/create-new-projects.xml | 19 + .../create-template-from-existing-vm.xml | 38 + docs/en-US/create-template-from-snapshot.xml | 11 + docs/en-US/create-templates-overview.xml | 17 + docs/en-US/create-windows-template.xml | 19 + docs/en-US/creating-compute-offerings.xml | 33 + docs/en-US/creating-disk-offerings.xml | 27 + docs/en-US/creating-network-offerings.xml | 112 + docs/en-US/creating-new-volumes.xml | 23 + .../creating-system-service-offerings.xml | 34 + docs/en-US/creating-vms.xml | 31 + docs/en-US/customizing-dns.xml | 26 + docs/en-US/dates-in-usage-record.xml | 8 + docs/en-US/dedicated-ha-hosts.xml | 15 + docs/en-US/default-account-resource-limit.xml | 22 + docs/en-US/default-template.xml | 37 + docs/en-US/delete-templates.xml | 10 + docs/en-US/deleting-vms.xml | 23 + .../deployment-architecture-overview.xml | 25 + .../deployment_architecture_overview.xml | 22 + docs/en-US/detach-move-volumes.xml | 25 + docs/en-US/developer-getting-started.xml | 13 + docs/en-US/developer-guide.xml | 20 + docs/en-US/developer-introduction.xml | 11 + docs/en-US/developer_guide.xml | 20 + .../disable-enable-zones-pods-clusters.xml | 34 + .../en-US/disk-volume-usage-record-format.xml | 21 + docs/en-US/dns-dhcp.xml | 9 + docs/en-US/domains.xml | 10 + docs/en-US/enable-disable-static-nat.xml | 25 + docs/en-US/enable-security-groups.xml | 10 + docs/en-US/enabling-api-call-expiration.xml | 16 + docs/en-US/enabling-port-8096.xml | 13 + docs/en-US/end-user-ui-overview.xml | 9 + docs/en-US/error-handling.xml | 6 + docs/en-US/event-log-queries.xml | 18 + docs/en-US/event-types.xml | 196 ++ docs/en-US/events-log.xml | 10 + docs/en-US/events.xml | 11 + .../example-LDAP-configuration-commands.xml | 28 + ...example-response-from-listUsageRecords.xml | 32 + docs/en-US/export-template.xml | 10 + .../external-firewalls-and-load-balancers.xml | 11 + docs/en-US/feature-overview.xml | 49 + docs/en-US/firewall-rules.xml | 37 + docs/en-US/first_ms_node_install.xml | 34 + docs/en-US/globally-configured-limit.xml | 81 + docs/en-US/globally-configured-limits.xml | 81 + docs/en-US/guest-ip-ranges.xml | 9 + docs/en-US/guest-network.xml | 10 + docs/en-US/guest-traffic.xml | 19 + docs/en-US/ha-enabled-vm.xml | 10 + docs/en-US/ha-for-hosts.xml | 10 + docs/en-US/ha-management-server.xml | 11 + docs/en-US/host-add.xml | 9 + docs/en-US/host-allocation.xml | 12 + .../hypervisor-support-for-primarystorage.xml | 83 + docs/en-US/images/1000-foot-view.png | Bin 0 -> 222230 bytes docs/en-US/images/attach-disk-icon.png | Bin 0 -> 1092 bytes docs/en-US/images/basic-deployment.png | Bin 0 -> 5892 bytes docs/en-US/images/change-password.png | Bin 0 -> 891 bytes docs/en-US/images/change-service-icon.png | Bin 0 -> 769 bytes docs/en-US/images/destroy-instance.png | Bin 0 -> 815 bytes docs/en-US/images/detach-disk-icon.png | Bin 0 -> 953 bytes docs/en-US/images/edit-icon.png | Bin 0 -> 940 bytes docs/en-US/images/http-access.png | Bin 0 -> 10214 bytes docs/en-US/images/infrastructure-overview.png | Bin 0 -> 11852 bytes docs/en-US/images/installation-complete.png | Bin 0 -> 20814 bytes docs/en-US/images/migrate-instance.png | Bin 0 -> 837 bytes docs/en-US/images/provisioning-overview.png | Bin 0 -> 23622 bytes docs/en-US/images/release-ip-icon.png | Bin 0 -> 815 bytes docs/en-US/images/stop-instance-icon.png | Bin 0 -> 955 bytes docs/en-US/import-ami.xml | 93 + .../increase-management-server-max-memory.xml | 16 + docs/en-US/incremental-snapshots-backup.xml | 32 + ...up-of-external-firewalls-loadbalancers.xml | 19 + docs/en-US/initialize-and-test.xml | 9 + ...all-database-on-management-server-node.xml | 82 + .../install-database-on-separate-node.xml | 86 + .../install-management-server-multi-nodes.xml | 54 + docs/en-US/install-management-server.xml | 41 + docs/en-US/installation-complete.xml | 20 + docs/en-US/installation-steps-overview.xml | 64 + docs/en-US/installation.xml | 12 + docs/en-US/installation_overview.xml | 14 + docs/en-US/installation_steps_overview.xml | 60 + docs/en-US/introduction.xml | 11 + docs/en-US/ip-forwarding-firewalling.xml | 11 + docs/en-US/ip-load-balancing.xml | 15 + docs/en-US/ipaddress-usage-record-format.xml | 19 + docs/en-US/isolated-networks.xml | 16 + docs/en-US/job-status.xml | 10 + docs/en-US/linux-installation.xml | 35 + docs/en-US/load-balancer-rules.xml | 10 + ...rt-forwarding-rule-usage-record-format.xml | 17 + docs/en-US/log-in-root-admin.xml | 27 + docs/en-US/log-in.xml | 29 + docs/en-US/long-running-job-events.xml | 22 + docs/en-US/maintain-hypervisors-on-hosts.xml | 11 + .../maintenance-mode-for-primary-storage.xml | 9 + docs/en-US/making-api-request.xml | 36 + docs/en-US/manage-cloud.xml | 12 + docs/en-US/management-server-install-flow.xml | 17 + ...anagement-server-installation-overview.xml | 24 + docs/en-US/management-server-overview.xml | 57 + .../management_server_multi_node_install.xml | 11 + docs/en-US/management_server_overview.xml | 52 + docs/en-US/manual-live-migration.xml | 28 + docs/en-US/max-result-page-returned.xml | 14 + ...grate-datadisk-volume-new-storage-pool.xml | 16 + ...-vm-rootvolume-volume-new-storage-pool.xml | 18 + docs/en-US/minimum-system-requirements.xml | 60 + .../en-US/modify-delete-service-offerings.xml | 10 + docs/en-US/multi_node_overview.xml | 19 + docs/en-US/multiple-system-vm-vmware.xml | 9 + .../network-offering-usage-record-format.xml | 20 + docs/en-US/network-offerings.xml | 28 + docs/en-US/network-service-providers.xml | 17 + docs/en-US/network-usage-record-format.xml | 17 + docs/en-US/networking-in-a-pod.xml | 23 + docs/en-US/networking-in-a-zone.xml | 18 + docs/en-US/networking-overview.xml | 17 + docs/en-US/networking_overview.xml | 12 + .../en-US/nfs-shares-on-management-server.xml | 95 + docs/en-US/nfs-shares-on-separate-server.xml | 28 + ...ion-of-external-firewalls-loadbalancer.xml | 15 + ...r-provisioning-service-offering-limits.xml | 12 + docs/en-US/per-domain-limits.xml | 21 + docs/en-US/performance-monitoring.xml | 10 + docs/en-US/pod-add.xml | 9 + docs/en-US/port-forwarding.xml | 33 + docs/en-US/prepare-nfs-shares.xml | 21 + docs/en-US/prepare-os.xml | 86 + docs/en-US/prepare-system-vm-template.xml | 37 + docs/en-US/prepare_os.xml | 84 + docs/en-US/primary-storage-add.xml | 9 + .../primary-storage-outage-and-data-loss.xml | 9 + docs/en-US/primary-storage.xml | 10 + docs/en-US/private-public-template.xml | 12 + docs/en-US/projects.xml | 13 + docs/en-US/provisioning-auth-api.xml | 10 + docs/en-US/provisioning-steps-overview.xml | 27 + docs/en-US/provisioning-steps.xml | 18 + docs/en-US/provisioning.xml | 10 + docs/en-US/query-filter.xml | 42 + docs/en-US/release-ip-address.xml | 22 + docs/en-US/release-notes-3.0.4.xml | 2420 +++++++++++++++++ docs/en-US/remove-member-from-project.xml | 25 + docs/en-US/removed-API-commands.xml | 8 + docs/en-US/removing-vsphere-hosts.xml | 9 + docs/en-US/removing-xenserver-kvm-hosts.xml | 15 + docs/en-US/requirements-templates.xml | 12 + docs/en-US/resizing-volumes.xml | 19 + docs/en-US/response-formats.xml | 32 + docs/en-US/responses.xml | 11 + docs/en-US/roles.xml | 16 + docs/en-US/root-admin-ui-overview.xml | 9 + ...e-allocation-virtual-network-resources.xml | 9 + .../runtime-behavior-of-primary-storage.xml | 12 + ...led-maintenance-maintenance-mode-hosts.xml | 9 + docs/en-US/scratch.txt | 0 docs/en-US/search-base.xml | 32 + docs/en-US/search-user-bind-dn.xml | 28 + docs/en-US/secondary-storage-add.xml | 9 + ...secondary-storage-outage-and-data-loss.xml | 10 + docs/en-US/secondary-storage-vm.xml | 14 + docs/en-US/secondary-storage.xml | 10 + docs/en-US/security-groups.xml | 10 + .../send-projects-membership-invitation.xml | 24 + docs/en-US/service-offerings.xml | 12 + docs/en-US/set-database-buffer-pool-size.xml | 17 + .../set-monitor-total-vm-limits-per-host.xml | 10 + .../set-projects-creator-permissions.xml | 30 + .../set-resource-limits-for-projects.xml | 10 + docs/en-US/set-up-invitations.xml | 79 + docs/en-US/set-up-network-for-users.xml | 17 + docs/en-US/set-usage-limit.xml | 14 + docs/en-US/shared-networks.xml | 18 + docs/en-US/signing-api-requests.xml | 36 + docs/en-US/site-to-site-vpn.xml | 27 + docs/en-US/snapshot-restore.xml | 9 + docs/en-US/standard-events.xml | 22 + docs/en-US/static-nat.xml | 9 + .../sticky-session-policies-for-lb-rules.xml | 11 + docs/en-US/stop-restart-management-server.xml | 16 + docs/en-US/stopped-vm.xml | 12 + docs/en-US/stopping-and-starting-vms.xml | 5 + docs/en-US/storage-tags.xml | 11 + docs/en-US/storage.xml | 11 + docs/en-US/suspend-project.xml | 30 + docs/en-US/sys-reliability-and-ha.xml | 12 + .../sysprep-for-windows-server-2003R2.xml | 39 + docs/en-US/sysprep-windows-server-2008R2.xml | 51 + docs/en-US/system-service-offerings.xml | 10 + docs/en-US/system-vm-template.xml | 19 + ...plate-iso-snapshot-usage-record-format.xml | 18 + docs/en-US/templates.xml | 10 + docs/en-US/time-zones.xml | 114 + docs/en-US/trial-installation.xml | 10 + docs/en-US/troubleshooting-alerts.xml | 39 + ...g-dataloss-on-exported-primary-storage.xml | 30 + docs/en-US/troubleshooting-lb-rules-fails.xml | 22 + ...aintenance-mode-not-working-on-vCenter.xml | 26 + ...leshooting-recover-lost-virtual-router.xml | 31 + .../troubleshooting-unable-to-deploy-vms.xml | 21 + .../troubleshooting-unable-to-power-on-vm.xml | 27 + ...oubleshooting-working-with-server-logs.xml | 23 + docs/en-US/troubleshooting.xml | 18 + docs/en-US/tuning.xml | 15 + docs/en-US/ui.xml | 9 + ...e-virtual-router-with-service-offering.xml | 15 + docs/en-US/upload-existing-volume-to-vm.xml | 57 + docs/en-US/upload-template.xml | 44 + docs/en-US/usage-record-format.xml | 17 + docs/en-US/usage-types.xml | 101 + docs/en-US/use-project-view.xml | 23 + docs/en-US/user-data-and-meta-data.xml | 25 + docs/en-US/user-services-overview.xml | 77 + docs/en-US/using-multiple-guest-networks.xml | 12 + docs/en-US/using-netscaler-load-balancers.xml | 42 + docs/en-US/using-sshkeys.xml | 87 + .../using-swift-for-secondary-storage.xml | 11 + docs/en-US/using-vpn-with-mac.xml | 9 + docs/en-US/using-vpn-with-windows.xml | 23 + docs/en-US/vcenter-maintenance-mode.xml | 23 + .../virtual-machine-usage-record-format.xml | 22 + docs/en-US/virtual-router.xml | 10 + docs/en-US/vlan-provisioning.xml | 11 + docs/en-US/vm-lifecycle.xml | 20 + docs/en-US/vm-storage-migration.xml | 15 + .../volume-deletion-garbage-collection.xml | 17 + docs/en-US/volume-status.xml | 10 + docs/en-US/vpc.xml | 25 + docs/en-US/vpn.xml | 22 + docs/en-US/whatis.xml | 26 + docs/en-US/whats-in-this-adminguide.xml | 7 + docs/en-US/whats-new.xml | 15 + docs/en-US/who-should-read-installation.xml | 15 + docs/en-US/windows-installation.xml | 9 + docs/en-US/work-with-usage.xml | 9 + docs/en-US/working-with-hosts.xml | 9 + docs/en-US/working-with-iso.xml | 14 + docs/en-US/working-with-snapshots.xml | 15 + docs/en-US/working-with-system-vm.xml | 9 + docs/en-US/working-with-templates.xml | 25 + docs/en-US/working-with-usage-data.xml | 15 + docs/en-US/working-with-volumes.xml | 12 + docs/en-US/xenserver-maintenance-mode.xml | 33 + docs/en-US/zone-add.xml | 58 + 340 files changed, 10847 insertions(+) create mode 100644 docs/configs/Author_Group/Apache/Author_Group.xml create mode 100644 docs/configs/Book_Info/Main_Book_Info/Book_Info.xml create mode 100644 docs/configs/Legal_Notice/Legal_Notice.xml create mode 100644 docs/configs/main/README.txt create mode 100644 docs/en-US/Author_Group.xml create mode 100644 docs/en-US/Book_Info.xml create mode 100644 docs/en-US/Common_Content/Legal_Notice.xml create mode 100644 docs/en-US/LDAPserver-for-user-authentication.xml create mode 100644 docs/en-US/Preface.xml create mode 100644 docs/en-US/Revision_History.xml create mode 100644 docs/en-US/SSL-keystore-path-and-password.xml create mode 100644 docs/en-US/VPN-user-usage-record-format.xml create mode 100644 docs/en-US/about-pods.xml create mode 100644 docs/en-US/about-virtual-networks.xml create mode 100644 docs/en-US/about-working-with-vms.xml create mode 100644 docs/en-US/accept-membership-invite.xml create mode 100644 docs/en-US/accessing-vms.xml create mode 100644 docs/en-US/accounts-users-domains.xml create mode 100644 docs/en-US/accounts.xml create mode 100644 docs/en-US/acquire-new-ip-address.xml create mode 100644 docs/en-US/add-additional-guest-network.xml create mode 100644 docs/en-US/add-ingress-egress-rules.xml create mode 100644 docs/en-US/add-iso.xml create mode 100644 docs/en-US/add-load-balancer-rule.xml create mode 100644 docs/en-US/add-members-to-projects.xml create mode 100644 docs/en-US/add-password-management-to-templates.xml create mode 100644 docs/en-US/add-projects-members-from-ui.xml create mode 100644 docs/en-US/add-security-group.xml create mode 100644 docs/en-US/added-API-commands.xml create mode 100644 docs/en-US/added-cloudPlatform-error-codes.xml create mode 100644 docs/en-US/adding-IP-addresses-for-the-public-network.xml create mode 100644 docs/en-US/admin-alerts.xml create mode 100644 docs/en-US/admin-guide.xml create mode 100644 docs/en-US/advanced-zone-configuration.xml create mode 100644 docs/en-US/advanced-zone-physical-network-configuration.xml create mode 100644 docs/en-US/alerts.xml create mode 100644 docs/en-US/allocators.xml create mode 100644 docs/en-US/api-reference.xml create mode 100644 docs/en-US/appendix-a-time-zones.xml create mode 100644 docs/en-US/asynchronous-commands-example.xml create mode 100644 docs/en-US/asynchronous-commands.xml create mode 100644 docs/en-US/attach-iso-to-vm.xml create mode 100644 docs/en-US/attaching-volume.xml create mode 100644 docs/en-US/automatic-snapshot-creation-retention.xml create mode 100644 docs/en-US/basic-zone-configuration.xml create mode 100644 docs/en-US/basic-zone-physical-network-configuration.xml create mode 100644 docs/en-US/best-practices-for-vms.xml create mode 100644 docs/en-US/best-practices-primary-storage.xml create mode 100644 docs/en-US/best-practices-secondary-storage.xml create mode 100644 docs/en-US/best-practices-templates.xml create mode 100644 docs/en-US/best-practices-virtual-router.xml create mode 100644 docs/en-US/change-console-proxy-ssl-certificate-domain.xml create mode 100644 docs/en-US/change-host-password.xml create mode 100644 docs/en-US/change-network-offering-on-guest-network.xml create mode 100644 docs/en-US/change-to-behavior-of-list-commands.xml create mode 100644 docs/en-US/changing-root-password.xml create mode 100644 docs/en-US/changing-secondary-storage-ip.xml create mode 100644 docs/en-US/changing-secondary-storage-servers.xml create mode 100644 docs/en-US/changing-secondary-storage-serversp.xml create mode 100644 docs/en-US/changing-service-offering-for-vm.xml create mode 100644 docs/en-US/changing-vm-name-os-group.xml create mode 100644 docs/en-US/cloud-infrastructure-concepts.xml create mode 100644 docs/en-US/cloud-infrastructure-overview.xml create mode 100644 docs/en-US/cloud_infrastructure_overview.xml create mode 100644 docs/en-US/cloudplatform-api.xml create mode 100644 docs/en-US/cloudstack-admin.xml create mode 100644 docs/en-US/cloudstack.ent create mode 100644 docs/en-US/cloudstack.xml create mode 100644 docs/en-US/cloudstack_admin.xml create mode 100644 docs/en-US/cloudstack_developers.xml create mode 100644 docs/en-US/cloudstack_features.xml create mode 100644 docs/en-US/cloudstack_installation.xml create mode 100644 docs/en-US/cloudstack_system_requirements.xml create mode 100644 docs/en-US/cloudstack_trial_installation.xml create mode 100644 docs/en-US/cloudstack_whatis.xml create mode 100644 docs/en-US/cluster-add.xml create mode 100644 docs/en-US/compatibility-matrix.xml create mode 100644 docs/en-US/compute-disk-service-offerings.xml create mode 100644 docs/en-US/concepts.xml create mode 100644 docs/en-US/configure-guest-traffic-in-advanced-zone.xml create mode 100644 docs/en-US/configure-public-traffic-in-an-advanced-zone.xml create mode 100644 docs/en-US/configure-usage-server.xml create mode 100644 docs/en-US/configure-virtual-router.xml create mode 100644 docs/en-US/configure-vpn.xml create mode 100644 docs/en-US/configure-xenserver-dom-memory.xml create mode 100644 docs/en-US/configure-xenserver-dom0-memory.xml create mode 100644 docs/en-US/configuring-projects.xml create mode 100644 docs/en-US/console-proxy.xml create mode 100644 docs/en-US/contacting-support.xml create mode 100644 docs/en-US/convert-hyperv-vm-to-template.xml create mode 100644 docs/en-US/create-bare-metal-template.xml create mode 100644 docs/en-US/create-new-projects.xml create mode 100644 docs/en-US/create-template-from-existing-vm.xml create mode 100644 docs/en-US/create-template-from-snapshot.xml create mode 100644 docs/en-US/create-templates-overview.xml create mode 100644 docs/en-US/create-windows-template.xml create mode 100644 docs/en-US/creating-compute-offerings.xml create mode 100644 docs/en-US/creating-disk-offerings.xml create mode 100644 docs/en-US/creating-network-offerings.xml create mode 100644 docs/en-US/creating-new-volumes.xml create mode 100644 docs/en-US/creating-system-service-offerings.xml create mode 100644 docs/en-US/creating-vms.xml create mode 100644 docs/en-US/customizing-dns.xml create mode 100644 docs/en-US/dates-in-usage-record.xml create mode 100644 docs/en-US/dedicated-ha-hosts.xml create mode 100644 docs/en-US/default-account-resource-limit.xml create mode 100644 docs/en-US/default-template.xml create mode 100644 docs/en-US/delete-templates.xml create mode 100644 docs/en-US/deleting-vms.xml create mode 100644 docs/en-US/deployment-architecture-overview.xml create mode 100644 docs/en-US/deployment_architecture_overview.xml create mode 100644 docs/en-US/detach-move-volumes.xml create mode 100644 docs/en-US/developer-getting-started.xml create mode 100644 docs/en-US/developer-guide.xml create mode 100644 docs/en-US/developer-introduction.xml create mode 100644 docs/en-US/developer_guide.xml create mode 100644 docs/en-US/disable-enable-zones-pods-clusters.xml create mode 100644 docs/en-US/disk-volume-usage-record-format.xml create mode 100644 docs/en-US/dns-dhcp.xml create mode 100644 docs/en-US/domains.xml create mode 100644 docs/en-US/enable-disable-static-nat.xml create mode 100644 docs/en-US/enable-security-groups.xml create mode 100644 docs/en-US/enabling-api-call-expiration.xml create mode 100644 docs/en-US/enabling-port-8096.xml create mode 100644 docs/en-US/end-user-ui-overview.xml create mode 100644 docs/en-US/error-handling.xml create mode 100644 docs/en-US/event-log-queries.xml create mode 100644 docs/en-US/event-types.xml create mode 100644 docs/en-US/events-log.xml create mode 100644 docs/en-US/events.xml create mode 100644 docs/en-US/example-LDAP-configuration-commands.xml create mode 100644 docs/en-US/example-response-from-listUsageRecords.xml create mode 100644 docs/en-US/export-template.xml create mode 100644 docs/en-US/external-firewalls-and-load-balancers.xml create mode 100644 docs/en-US/feature-overview.xml create mode 100644 docs/en-US/firewall-rules.xml create mode 100644 docs/en-US/first_ms_node_install.xml create mode 100644 docs/en-US/globally-configured-limit.xml create mode 100644 docs/en-US/globally-configured-limits.xml create mode 100644 docs/en-US/guest-ip-ranges.xml create mode 100644 docs/en-US/guest-network.xml create mode 100644 docs/en-US/guest-traffic.xml create mode 100644 docs/en-US/ha-enabled-vm.xml create mode 100644 docs/en-US/ha-for-hosts.xml create mode 100644 docs/en-US/ha-management-server.xml create mode 100644 docs/en-US/host-add.xml create mode 100644 docs/en-US/host-allocation.xml create mode 100644 docs/en-US/hypervisor-support-for-primarystorage.xml create mode 100644 docs/en-US/images/1000-foot-view.png create mode 100644 docs/en-US/images/attach-disk-icon.png create mode 100644 docs/en-US/images/basic-deployment.png create mode 100644 docs/en-US/images/change-password.png create mode 100644 docs/en-US/images/change-service-icon.png create mode 100644 docs/en-US/images/destroy-instance.png create mode 100644 docs/en-US/images/detach-disk-icon.png create mode 100644 docs/en-US/images/edit-icon.png create mode 100644 docs/en-US/images/http-access.png create mode 100644 docs/en-US/images/infrastructure-overview.png create mode 100644 docs/en-US/images/installation-complete.png create mode 100644 docs/en-US/images/migrate-instance.png create mode 100644 docs/en-US/images/provisioning-overview.png create mode 100644 docs/en-US/images/release-ip-icon.png create mode 100644 docs/en-US/images/stop-instance-icon.png create mode 100644 docs/en-US/import-ami.xml create mode 100644 docs/en-US/increase-management-server-max-memory.xml create mode 100644 docs/en-US/incremental-snapshots-backup.xml create mode 100644 docs/en-US/initial-setup-of-external-firewalls-loadbalancers.xml create mode 100644 docs/en-US/initialize-and-test.xml create mode 100644 docs/en-US/install-database-on-management-server-node.xml create mode 100644 docs/en-US/install-database-on-separate-node.xml create mode 100644 docs/en-US/install-management-server-multi-nodes.xml create mode 100644 docs/en-US/install-management-server.xml create mode 100644 docs/en-US/installation-complete.xml create mode 100644 docs/en-US/installation-steps-overview.xml create mode 100644 docs/en-US/installation.xml create mode 100644 docs/en-US/installation_overview.xml create mode 100644 docs/en-US/installation_steps_overview.xml create mode 100644 docs/en-US/introduction.xml create mode 100644 docs/en-US/ip-forwarding-firewalling.xml create mode 100644 docs/en-US/ip-load-balancing.xml create mode 100644 docs/en-US/ipaddress-usage-record-format.xml create mode 100644 docs/en-US/isolated-networks.xml create mode 100644 docs/en-US/job-status.xml create mode 100644 docs/en-US/linux-installation.xml create mode 100644 docs/en-US/load-balancer-rules.xml create mode 100644 docs/en-US/loadbalancer-policy-port-forwarding-rule-usage-record-format.xml create mode 100644 docs/en-US/log-in-root-admin.xml create mode 100644 docs/en-US/log-in.xml create mode 100644 docs/en-US/long-running-job-events.xml create mode 100644 docs/en-US/maintain-hypervisors-on-hosts.xml create mode 100644 docs/en-US/maintenance-mode-for-primary-storage.xml create mode 100644 docs/en-US/making-api-request.xml create mode 100644 docs/en-US/manage-cloud.xml create mode 100644 docs/en-US/management-server-install-flow.xml create mode 100644 docs/en-US/management-server-installation-overview.xml create mode 100644 docs/en-US/management-server-overview.xml create mode 100644 docs/en-US/management_server_multi_node_install.xml create mode 100644 docs/en-US/management_server_overview.xml create mode 100644 docs/en-US/manual-live-migration.xml create mode 100644 docs/en-US/max-result-page-returned.xml create mode 100644 docs/en-US/migrate-datadisk-volume-new-storage-pool.xml create mode 100644 docs/en-US/migrate-vm-rootvolume-volume-new-storage-pool.xml create mode 100644 docs/en-US/minimum-system-requirements.xml create mode 100644 docs/en-US/modify-delete-service-offerings.xml create mode 100644 docs/en-US/multi_node_overview.xml create mode 100644 docs/en-US/multiple-system-vm-vmware.xml create mode 100644 docs/en-US/network-offering-usage-record-format.xml create mode 100644 docs/en-US/network-offerings.xml create mode 100644 docs/en-US/network-service-providers.xml create mode 100644 docs/en-US/network-usage-record-format.xml create mode 100644 docs/en-US/networking-in-a-pod.xml create mode 100644 docs/en-US/networking-in-a-zone.xml create mode 100644 docs/en-US/networking-overview.xml create mode 100644 docs/en-US/networking_overview.xml create mode 100644 docs/en-US/nfs-shares-on-management-server.xml create mode 100644 docs/en-US/nfs-shares-on-separate-server.xml create mode 100644 docs/en-US/ongoing-configuration-of-external-firewalls-loadbalancer.xml create mode 100644 docs/en-US/over-provisioning-service-offering-limits.xml create mode 100644 docs/en-US/per-domain-limits.xml create mode 100644 docs/en-US/performance-monitoring.xml create mode 100644 docs/en-US/pod-add.xml create mode 100644 docs/en-US/port-forwarding.xml create mode 100644 docs/en-US/prepare-nfs-shares.xml create mode 100644 docs/en-US/prepare-os.xml create mode 100644 docs/en-US/prepare-system-vm-template.xml create mode 100644 docs/en-US/prepare_os.xml create mode 100644 docs/en-US/primary-storage-add.xml create mode 100644 docs/en-US/primary-storage-outage-and-data-loss.xml create mode 100644 docs/en-US/primary-storage.xml create mode 100644 docs/en-US/private-public-template.xml create mode 100644 docs/en-US/projects.xml create mode 100644 docs/en-US/provisioning-auth-api.xml create mode 100644 docs/en-US/provisioning-steps-overview.xml create mode 100644 docs/en-US/provisioning-steps.xml create mode 100644 docs/en-US/provisioning.xml create mode 100644 docs/en-US/query-filter.xml create mode 100644 docs/en-US/release-ip-address.xml create mode 100644 docs/en-US/release-notes-3.0.4.xml create mode 100644 docs/en-US/remove-member-from-project.xml create mode 100644 docs/en-US/removed-API-commands.xml create mode 100644 docs/en-US/removing-vsphere-hosts.xml create mode 100644 docs/en-US/removing-xenserver-kvm-hosts.xml create mode 100644 docs/en-US/requirements-templates.xml create mode 100644 docs/en-US/resizing-volumes.xml create mode 100644 docs/en-US/response-formats.xml create mode 100644 docs/en-US/responses.xml create mode 100644 docs/en-US/roles.xml create mode 100644 docs/en-US/root-admin-ui-overview.xml create mode 100644 docs/en-US/runtime-allocation-virtual-network-resources.xml create mode 100644 docs/en-US/runtime-behavior-of-primary-storage.xml create mode 100644 docs/en-US/scheduled-maintenance-maintenance-mode-hosts.xml create mode 100644 docs/en-US/scratch.txt create mode 100644 docs/en-US/search-base.xml create mode 100644 docs/en-US/search-user-bind-dn.xml create mode 100644 docs/en-US/secondary-storage-add.xml create mode 100644 docs/en-US/secondary-storage-outage-and-data-loss.xml create mode 100644 docs/en-US/secondary-storage-vm.xml create mode 100644 docs/en-US/secondary-storage.xml create mode 100644 docs/en-US/security-groups.xml create mode 100644 docs/en-US/send-projects-membership-invitation.xml create mode 100644 docs/en-US/service-offerings.xml create mode 100644 docs/en-US/set-database-buffer-pool-size.xml create mode 100644 docs/en-US/set-monitor-total-vm-limits-per-host.xml create mode 100644 docs/en-US/set-projects-creator-permissions.xml create mode 100644 docs/en-US/set-resource-limits-for-projects.xml create mode 100644 docs/en-US/set-up-invitations.xml create mode 100644 docs/en-US/set-up-network-for-users.xml create mode 100644 docs/en-US/set-usage-limit.xml create mode 100644 docs/en-US/shared-networks.xml create mode 100644 docs/en-US/signing-api-requests.xml create mode 100644 docs/en-US/site-to-site-vpn.xml create mode 100644 docs/en-US/snapshot-restore.xml create mode 100644 docs/en-US/standard-events.xml create mode 100644 docs/en-US/static-nat.xml create mode 100644 docs/en-US/sticky-session-policies-for-lb-rules.xml create mode 100644 docs/en-US/stop-restart-management-server.xml create mode 100644 docs/en-US/stopped-vm.xml create mode 100644 docs/en-US/stopping-and-starting-vms.xml create mode 100644 docs/en-US/storage-tags.xml create mode 100644 docs/en-US/storage.xml create mode 100644 docs/en-US/suspend-project.xml create mode 100644 docs/en-US/sys-reliability-and-ha.xml create mode 100644 docs/en-US/sysprep-for-windows-server-2003R2.xml create mode 100644 docs/en-US/sysprep-windows-server-2008R2.xml create mode 100644 docs/en-US/system-service-offerings.xml create mode 100644 docs/en-US/system-vm-template.xml create mode 100644 docs/en-US/template-iso-snapshot-usage-record-format.xml create mode 100644 docs/en-US/templates.xml create mode 100644 docs/en-US/time-zones.xml create mode 100644 docs/en-US/trial-installation.xml create mode 100644 docs/en-US/troubleshooting-alerts.xml create mode 100644 docs/en-US/troubleshooting-dataloss-on-exported-primary-storage.xml create mode 100644 docs/en-US/troubleshooting-lb-rules-fails.xml create mode 100644 docs/en-US/troubleshooting-maintenance-mode-not-working-on-vCenter.xml create mode 100644 docs/en-US/troubleshooting-recover-lost-virtual-router.xml create mode 100644 docs/en-US/troubleshooting-unable-to-deploy-vms.xml create mode 100644 docs/en-US/troubleshooting-unable-to-power-on-vm.xml create mode 100644 docs/en-US/troubleshooting-working-with-server-logs.xml create mode 100644 docs/en-US/troubleshooting.xml create mode 100644 docs/en-US/tuning.xml create mode 100644 docs/en-US/ui.xml create mode 100644 docs/en-US/upgrade-virtual-router-with-service-offering.xml create mode 100644 docs/en-US/upload-existing-volume-to-vm.xml create mode 100644 docs/en-US/upload-template.xml create mode 100644 docs/en-US/usage-record-format.xml create mode 100644 docs/en-US/usage-types.xml create mode 100644 docs/en-US/use-project-view.xml create mode 100644 docs/en-US/user-data-and-meta-data.xml create mode 100644 docs/en-US/user-services-overview.xml create mode 100644 docs/en-US/using-multiple-guest-networks.xml create mode 100644 docs/en-US/using-netscaler-load-balancers.xml create mode 100644 docs/en-US/using-sshkeys.xml create mode 100644 docs/en-US/using-swift-for-secondary-storage.xml create mode 100644 docs/en-US/using-vpn-with-mac.xml create mode 100644 docs/en-US/using-vpn-with-windows.xml create mode 100644 docs/en-US/vcenter-maintenance-mode.xml create mode 100644 docs/en-US/virtual-machine-usage-record-format.xml create mode 100644 docs/en-US/virtual-router.xml create mode 100644 docs/en-US/vlan-provisioning.xml create mode 100644 docs/en-US/vm-lifecycle.xml create mode 100644 docs/en-US/vm-storage-migration.xml create mode 100644 docs/en-US/volume-deletion-garbage-collection.xml create mode 100644 docs/en-US/volume-status.xml create mode 100644 docs/en-US/vpc.xml create mode 100644 docs/en-US/vpn.xml create mode 100644 docs/en-US/whatis.xml create mode 100644 docs/en-US/whats-in-this-adminguide.xml create mode 100644 docs/en-US/whats-new.xml create mode 100644 docs/en-US/who-should-read-installation.xml create mode 100644 docs/en-US/windows-installation.xml create mode 100644 docs/en-US/work-with-usage.xml create mode 100644 docs/en-US/working-with-hosts.xml create mode 100644 docs/en-US/working-with-iso.xml create mode 100644 docs/en-US/working-with-snapshots.xml create mode 100644 docs/en-US/working-with-system-vm.xml create mode 100644 docs/en-US/working-with-templates.xml create mode 100644 docs/en-US/working-with-usage-data.xml create mode 100644 docs/en-US/working-with-volumes.xml create mode 100644 docs/en-US/xenserver-maintenance-mode.xml create mode 100644 docs/en-US/zone-add.xml diff --git a/docs/configs/Author_Group/Apache/Author_Group.xml b/docs/configs/Author_Group/Apache/Author_Group.xml new file mode 100644 index 00000000000..ef9cad55cef --- /dev/null +++ b/docs/configs/Author_Group/Apache/Author_Group.xml @@ -0,0 +1,35 @@ + + +%BOOK_ENTITIES; +]> + + + Apache CloudStack Project + + + + + + cloudstack-docs@incubator.apache.org + + + Jessica + Tomechak + + Citrix + Cloud Platform Group + + jessica.tomechak@cirix.com + + + Radhika + PC + + Citrix + Cloud Platform Group + + radhika.puthiyetath@citrix.com + + + diff --git a/docs/configs/Book_Info/Main_Book_Info/Book_Info.xml b/docs/configs/Book_Info/Main_Book_Info/Book_Info.xml new file mode 100644 index 00000000000..ee0183ffe30 --- /dev/null +++ b/docs/configs/Book_Info/Main_Book_Info/Book_Info.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> + + Technical Documentation + Revised June 14, 2012 9:03 pm Pacific + Apache CloudStack + 3.0 + 1 + + + + How to design, install, manage, customize, and troubleshoot a public or private cloud powered by CloudStack. + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/configs/Legal_Notice/Legal_Notice.xml b/docs/configs/Legal_Notice/Legal_Notice.xml new file mode 100644 index 00000000000..7899e25c0c2 --- /dev/null +++ b/docs/configs/Legal_Notice/Legal_Notice.xml @@ -0,0 +1,35 @@ + + + + + The text and illustrations in this document are licensed by the Apache CloudStack Project + under a Creative Commons Attribution–Share Alike 3.0 + Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is + available at _http://creativecommons.org/licenses/by-sa/3.0/_. The + original authors of this document designate the Apache CloudStack Project + as the "Attribution Party" for + purposes of CC-BY-SA. In accordance with CC-BY-SA, if you + distribute this document or an adaptation of it, you must provide + the URL for the original version. + + Specifications are subject to change without notice. + + Citrix + Systems, Inc., the Citrix logo, Citrix XenServer, and Citrix XenCenter + are trademarks or registered trademarks of Citrix + Systems, Inc. + + Linux® is the registered trademark of Linus Torvalds in the United + States and other countries. + + Java® is a registered trademark of Oracle and/or its affiliates. + + MySQL® is a registered trademark of MySQL AB in the United States, + the European Union and other countries. + + All other brands or products are trademarks or registered + trademarks of their respective holders. + + + diff --git a/docs/configs/main/README.txt b/docs/configs/main/README.txt new file mode 100644 index 00000000000..57bd709c2f4 --- /dev/null +++ b/docs/configs/main/README.txt @@ -0,0 +1,5 @@ +The publican.cfg file in this directory should point to the main book file that will build 100% of the content in the CloudStack documentation XML source files. Swap this .cfg file up to the cloudstack-docs directory to build everything. + +For example, to build the English language total documentation set, which includes everything in the cloudstack-docs/en-US directory, use this publican.cfg file with a command like: + +publican build --formats=html --langs=en-US \ No newline at end of file diff --git a/docs/en-US/Author_Group.xml b/docs/en-US/Author_Group.xml new file mode 100644 index 00000000000..faccf5e2c1a --- /dev/null +++ b/docs/en-US/Author_Group.xml @@ -0,0 +1,26 @@ + + +%BOOK_ENTITIES; +]> + + + Jessica + Tomechak + + Citrix + Cloud Platform Group + + jessica.tomechak@citrix.com + + + Radhika + PC + + Citrix + Cloud Platform Group + + radhika.puthiyetath@citrix.com + + + diff --git a/docs/en-US/Book_Info.xml b/docs/en-US/Book_Info.xml new file mode 100644 index 00000000000..155a20bf2fd --- /dev/null +++ b/docs/en-US/Book_Info.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> + + CloudPlatform (powered by Apache CloudStack) version 3.0.4 Release Notes + Revised June 14, 2012 5:48 pm Pacific + Citrix CloudPlatform 3.0.4 Powered by Apache CloudStack + + 1 + + + + Release notes for patch release of CloudPlatform to support the XenServer patch XS602E003. + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en-US/Common_Content/Legal_Notice.xml b/docs/en-US/Common_Content/Legal_Notice.xml new file mode 100644 index 00000000000..8ed4152141c --- /dev/null +++ b/docs/en-US/Common_Content/Legal_Notice.xml @@ -0,0 +1,7 @@ + + + + © 2012 Citrix Systems, Inc. All rights reserved. Specifications are subject to change without notice. Citrix Systems, Inc., the Citrix logo, Citrix XenServer, Citrix XenCenter, and CloudPlatform are trademarks or registered trademarks of Citrix Systems, Inc. All other brands or products are trademarks or registered trademarks of their respective holders. + + diff --git a/docs/en-US/LDAPserver-for-user-authentication.xml b/docs/en-US/LDAPserver-for-user-authentication.xml new file mode 100644 index 00000000000..3cd4c3ba286 --- /dev/null +++ b/docs/en-US/LDAPserver-for-user-authentication.xml @@ -0,0 +1,21 @@ + + +%BOOK_ENTITIES; +]> +
+ Using an LDAP Server for User Authentication + You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudPlatform end-users. Just map CloudPlatform accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters provided by CloudPlatform for matching common values such as the user’s email address and name. CloudPlatform will search the external LDAP directory tree starting at a specified base directory and return the distinguished name (DN) and password of the matching user. This information along with the given password is used to authenticate the user.. + To set up LDAP authentication in CloudPlatform, call the CloudPlatform API command ldapConfig and provide the following: + + Hostname or IP address and listening port of the LDAP server + Base directory and query filter + Search user DN credentials, which give CloudPlatform permission to search on the LDAP server + SSL keystore and password, if SSL is used + + + + + + +
diff --git a/docs/en-US/Preface.xml b/docs/en-US/Preface.xml new file mode 100644 index 00000000000..ff90becceaf --- /dev/null +++ b/docs/en-US/Preface.xml @@ -0,0 +1,13 @@ + + +%BOOK_ENTITIES; +]> + + Preface + + + + + + diff --git a/docs/en-US/Revision_History.xml b/docs/en-US/Revision_History.xml new file mode 100644 index 00000000000..df57d7f48ee --- /dev/null +++ b/docs/en-US/Revision_History.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> + + Revision History + + + + 0-0 + Tue May 29 2012 + + Jessica + Tomechak + + + + + Initial creation of book by publican + + + + + + + diff --git a/docs/en-US/SSL-keystore-path-and-password.xml b/docs/en-US/SSL-keystore-path-and-password.xml new file mode 100644 index 00000000000..4819fdc68e8 --- /dev/null +++ b/docs/en-US/SSL-keystore-path-and-password.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ SSL Keystore Path and Password + If the LDAP server requires SSL, you need to enable it in the ldapConfig command by setting the parameters ssl, truststore, and truststorepass. Before enabling SSL for ldapConfig, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password. + +
diff --git a/docs/en-US/VPN-user-usage-record-format.xml b/docs/en-US/VPN-user-usage-record-format.xml new file mode 100644 index 00000000000..af9315f80a2 --- /dev/null +++ b/docs/en-US/VPN-user-usage-record-format.xml @@ -0,0 +1,17 @@ +
+ VPN User Usage Record Format + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usage – String representation of the usage, including the units of usage (e.g. 'Hrs' for hours) + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + usageid – VPN user ID + usagetype – A number representing the usage type (see Usage Types) + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + +
+ diff --git a/docs/en-US/about-pods.xml b/docs/en-US/about-pods.xml new file mode 100644 index 00000000000..45c4da7e781 --- /dev/null +++ b/docs/en-US/about-pods.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ About Pods + TODO +
\ No newline at end of file diff --git a/docs/en-US/about-virtual-networks.xml b/docs/en-US/about-virtual-networks.xml new file mode 100644 index 00000000000..0273bf43844 --- /dev/null +++ b/docs/en-US/about-virtual-networks.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ About Virtual Networks + A virtual network is a logical construct that enables multi-tenancy on a single physical network. In CloudPlatform, a virtual network can be shared or isolated. + XenServer and Maintenance Mode + Working with Usage + XenServer and Maintenance Mode +
diff --git a/docs/en-US/about-working-with-vms.xml b/docs/en-US/about-working-with-vms.xml new file mode 100644 index 00000000000..11d97c0a1b1 --- /dev/null +++ b/docs/en-US/about-working-with-vms.xml @@ -0,0 +1,15 @@ +
+ About Working with Virtual Machines + CloudPlatform provides administrators with complete control over the lifecycle of all guest VMs executing in the cloud. CloudPlatform provides several guest management operations for end users and administrators. VMs may be stopped, started, rebooted, and destroyed. + Guest VMs have a name and group. VM names and groups are opaque to CloudPlatform and are available for end users to organize their VMs. Each VM can have three names for use in different contexts. Only two of these names can be controlled by the user: + + Instance name – a unique, immutable ID that is generated by CloudPlatform and can not be modified by the user. This name conforms to the requirements in IETF RFC 1123. + Display name – the name displayed in the CloudPlatform web UI. Can be set by the user. Defaults to instance name. + Name – host name that the DHCP server assigns to the VM. Can be set by the user. Defaults to instance name + + Guest VMs can be configured to be Highly Available (HA). An HA-enabled VM is monitored by the system. If the system detects that the VM is down, it will attempt to restart the VM, possibly on a different host. For more information, see HA-Enabled Virtual Machines on + Each new VM is allocated one public IP address. When the VM is started, CloudPlatform automatically creates a static NAT between this public IP address and the private IP address of the VM. + If elastic IP is in use (with the NetScaler load balancer), the IP address initially allocated to the new VM is not marked as elastic. The user must replace the automatically configured IP with a specifically acquired elastic IP, and set up the static NAT mapping between this new IP and the guest VM’s private IP. The VM’s original IP address is then released and returned to the pool of available public IPs. + CloudPlatform cannot distinguish a guest VM that was shut down by the user (such as with the “shutdown” command in Linux) from a VM that shut down unexpectedly. If an HA-enabled VM is shut down from inside the VM, CloudPlatform will restart it. To shut down an HA-enabled VM, you must go through the CloudPlatform UI or API. +
+ diff --git a/docs/en-US/accept-membership-invite.xml b/docs/en-US/accept-membership-invite.xml new file mode 100644 index 00000000000..cb53f7eeb4f --- /dev/null +++ b/docs/en-US/accept-membership-invite.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Accepting a Membership Invitation + If you have received an invitation to join a CloudPlatform project, and you want to accept the invitation, follow these steps: + + Log in to the CloudPlatform UI. + In the left navigation, click Projects. + In Select View, choose Invitations. + If you see the invitation listed onscreen, click the Accept button. Invitations listed on screen were sent to you using your CloudPlatform account name. + If you received an email invitation, click the Enter Token button, and provide the project ID and unique ID code (token) from the email. + +
+ diff --git a/docs/en-US/accessing-vms.xml b/docs/en-US/accessing-vms.xml new file mode 100644 index 00000000000..47089e0a4d8 --- /dev/null +++ b/docs/en-US/accessing-vms.xml @@ -0,0 +1,17 @@ +
+ Accessing VMs + Any user can access their own virtual machines. The administrator can access all VMs running in the cloud. + To access a VM through the CloudPlatform UI: + + Log in to the CloudPlatform UI as a user or admin. + Click Instances, then click the name of a running VM. + Click the View Console button . + + To access a VM directly over the network: + + The VM must have some port open to incoming traffic. For example, in a basic zone, a new VM might be assigned to a security group which allows incoming traffic. This depends on what security group you picked when creating the VM. In other cases, you can open a port by setting up a port forwarding policy. See IP Forwarding and Firewalling. + If a port is open but you can not access the VM using ssh, it’s possible that ssh is not already enabled on the VM. This will depend on whether ssh is enabled in the template you picked when creating the VM. Access the VM through the CloudPlatform UI and enable ssh on the machine using the commands for the VM’s operating system. + If the network has an external firewall device, you will need to create a firewall rule to allow access. See IP Forwarding and Firewalling. + +
+ diff --git a/docs/en-US/accounts-users-domains.xml b/docs/en-US/accounts-users-domains.xml new file mode 100644 index 00000000000..b896f3f4b3a --- /dev/null +++ b/docs/en-US/accounts-users-domains.xml @@ -0,0 +1,35 @@ + + +%BOOK_ENTITIES; +]> +
+ Accounts, Users, and Domains + + Accounts + An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account. + + + Domains + Accounts are grouped by domains. Domains usually contain multiple accounts that have some logical relationship to each other and a set of delegated administrators with some authority over the domain and its subdomains. For example, a service provider with several resellers could create a domain for each reseller. + + For each account created, the Cloud installation creates three different types of user accounts: root administrator, domain administrator, and user. + + Users + Users are like aliases in the account. Users in the same account are not isolated from each other, but they are isolated from users in other accounts. Most installations need not surface the notion of users; they just have one user per account. The same user cannot belong to multiple accounts. + + Username is unique in a domain across accounts in that domain. The same username can exist in other domains, including sub-domains. Domain name can repeat only if the full pathname from root is unique. For example, you can create root/d1, as well as root/foo/d1, and root/sales/d1. + Administrators are accounts with special privileges in the system. There may be multiple administrators in the system. Administrators can create or delete other administrators, and change the password for any user in the system. + + Domain Administrators + Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains. + + + Root Administrator + Root administrators have complete access to the system, including managing templates, service offerings, customer care administrators, and domains + + The resources belong to the account, not individual users in that account. For example, + billing, resource limits, and so on are maintained by the account, not the users. A user can + operate on any resource in the account provided the user has privileges for that operation. + The privileges are determined by the role. +
diff --git a/docs/en-US/accounts.xml b/docs/en-US/accounts.xml new file mode 100644 index 00000000000..1061ce06813 --- /dev/null +++ b/docs/en-US/accounts.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ + +
diff --git a/docs/en-US/acquire-new-ip-address.xml b/docs/en-US/acquire-new-ip-address.xml new file mode 100644 index 00000000000..b8df5ed0950 --- /dev/null +++ b/docs/en-US/acquire-new-ip-address.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Acquiring a New IP Address + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network. + Click the name of the network where you want to work with. + Click View IP Addresses. + Click Acquire New IP, and click Yes in the confirmation dialog. + You are prompted for confirmation because, typically, IP addresses are a limited resource. Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding or static NAT rules. + + +
diff --git a/docs/en-US/add-additional-guest-network.xml b/docs/en-US/add-additional-guest-network.xml new file mode 100644 index 00000000000..76baf448108 --- /dev/null +++ b/docs/en-US/add-additional-guest-network.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding an Additional Guest Network + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network + Click Add guest network. Provide the following information: + + Name. The name of the network. This will be user-visible. + Description. The description of the network. This will be user-visible. + Network offering. If the administrator has configured multiple network offerings, select the one you want to use for this network. + Pod. The name of the pod this network applies to. Each pod in a basic zone is a broadcast domain, and therefore each pod has a different IP range for the guest network. The administrator must configure the IP range for each pod. + VLAN ID. The VLAN tag for this network. + Gateway. The gateway that the guests should use. + Netmask. The netmask in use on the subnet the guests will use. + Start IP/End IP. Enter the first and last IP addresses that define a range that CloudPlatform can assign to guests. We strongly recommend the use of multiple NICs. If multiple NICs are used, they may be in a different subnet. If one NIC is used, these IPs should be in the same CIDR as the pod CIDR. + Click Create. + + +
+ diff --git a/docs/en-US/add-ingress-egress-rules.xml b/docs/en-US/add-ingress-egress-rules.xml new file mode 100644 index 00000000000..805761e4d7e --- /dev/null +++ b/docs/en-US/add-ingress-egress-rules.xml @@ -0,0 +1,73 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding Ingress and Egress Rules to a Security Group + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network + In Select view, choose Security Groups, then click the security group you want . + To add an ingress rule, click the Ingress Rules tab and fill out the following fields to specify what network traffic is allowed into VM instances in this security group. If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule. + + Add by CIDR/Account. Indicate whether the source of the + traffic will be defined by IP address (CIDR) or an existing security group + in a CloudPlatform account (Account). Choose Account if you want to allow + incoming traffic from all VMs in another security group + Protocol. The networking protocol that sources will use to + send traffic to the security group. TCP and UDP are typically used for data + exchange and end-user communications. ICMP is typically used to send error + messages or network monitoring data. + Start Port, End Port. (TCP, UDP only) A range of listening + ports that are the destination for the incoming traffic. If you are opening + a single port, use the same number in both fields. + ICMP Type, ICMP Code. (ICMP only) The type of message and + error code that will be accepted. + CIDR. (Add by CIDR only) To accept only traffic from IP + addresses within a particular address block, enter a CIDR or a + comma-separated list of CIDRs. The CIDR is the base IP address of the + incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to + 0.0.0.0/0. + Account, Security Group. (Add by Account only) To accept only + traffic from another security group, enter the CloudPlatform account and + name of a security group that has already been defined in that account. To + allow traffic between VMs within the security group you are editing now, + enter the same name you used in step 7. + + The following example allows inbound HTTP access from anywhere: + + + + + httpaccess.png: allows inbound HTTP access from anywhere + + + To add an egress rule, click the Egress Rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this security group. If no egress rules are specified, then all traffic will be allowed out. Once egress rules are specified, the following types of traffic are allowed out: traffic specified in egress rules; queries to DNS and DHCP servers; and responses to any traffic that has been allowed in through an ingress rule + + Add by CIDR/Account. Indicate whether the destination of the + traffic will be defined by IP address (CIDR) or an existing security group + in a CloudPlatform account (Account). Choose Account if you want to allow + outgoing traffic to all VMs in another security group. + Protocol. The networking protocol that VMs will use to send + outgoing traffic. TCP and UDP are typically used for data exchange and + end-user communications. ICMP is typically used to send error messages or + network monitoring data. + Start Port, End Port. (TCP, UDP only) A range of listening + ports that are the destination for the outgoing traffic. If you are opening + a single port, use the same number in both fields. + ICMP Type, ICMP Code. (ICMP only) The type of message and + error code that will be sent + CIDR. (Add by CIDR only) To send traffic only to IP addresses + within a particular address block, enter a CIDR or a comma-separated list of + CIDRs. The CIDR is the base IP address of the destination. For example, + 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0. + Account, Security Group. (Add by Account only) To allow + traffic to be sent to another security group, enter the CloudPlatform + account and name of a security group that has already been defined in that + account. To allow traffic between VMs within the security group you are + editing now, enter its name. + + Click Add. + +
diff --git a/docs/en-US/add-iso.xml b/docs/en-US/add-iso.xml new file mode 100644 index 00000000000..1b6cc411ffa --- /dev/null +++ b/docs/en-US/add-iso.xml @@ -0,0 +1,74 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding an ISO + To make additional operating system or other software available for use with guest VMs, you can add an ISO. The ISO is typically thought of as an operating system image, but you can also add ISOs for other types of software, such as desktop applications that you want to be installed as part of a template. + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation bar, click Templates. + In Select View, choose ISOs. + Click Add ISO. + In the Add ISO screen, provide the following: + + Name. Short name for the ISO image. (E.g. CentOS 6.2 64 bit). + Description. Display test for the ISO image. (E.g. CentOS 6.2 64 bit). + URL. The URL that hosts the ISO image. The Management Server must be able to access this location via HTTP. If needed you can place the ISO image directly on the Management Server + Zone. Choose the zone where you want the ISO to be available, or All Zones to make it available throughout CloudPlatform. + Bootable. Whether or not a guest could boot off this ISO image. For example, a CentOS ISO is bootable, a Microsoft Office ISO is not bootable. + OS Type. This helps CloudPlatform and the hypervisor perform certain operations and make assumptions that improve the performance of the guest. Select one of the following. + + If the operating system of your desired ISO image is listed, choose it. + If the OS Type of the ISO is not listed or if the ISO is not bootable, choose Other. + (XenServer only) If you want to boot from this ISO in PV mode, choose Other PV (32-bit) or Other PV (64-bit) + (KVM only) If you choose an OS that is PV-enabled, the VMs created from this ISO will have a SCSI (virtio) root disk. If the OS is not PV-enabled, the VMs will have an IDE root disk. The PV-enabled types are: + + + + + Fedora 13 + Fedora 12 + Fedora 11 + + + + Fedora 10 + Fedora 9 + Other PV + + + + Debian GNU/Linux + CentOS 5.3 + CentOS 5.4 + + + CentOS 5.5 + Red Hat Enterprise Linux 5.3 + Red Hat Enterprise Linux 5.4 + + + Red Hat Enterprise Linux 5.5 + Red Hat Enterprise Linux 6 + + + + + + + Note: It is not recommended to choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will usually not work. In these cases, choose Other. + + Extractable. Choose Yes if the ISO should be available for extraction. + Public. Choose Yes if this ISO should be available to other users. + Featured. Choose Yes if you would like this ISO to be more prominent for users to select. The ISO will appear in the Featured ISOs list. Only an administrator can make an ISO Featured. + + Click OK. + The Management Server will download the ISO. Depending on the size of the ISO, this may take a long time. The ISO status column will display Ready once it has been successfully downloaded into secondary storage. Clicking Refresh updates the download percentage. + + Important: Wait for the ISO to finish downloading. If you + move on to the next task and try to use the ISO right away, it will appear to fail. + The entire ISO must be available before CloudPlatform can work with it + +
diff --git a/docs/en-US/add-load-balancer-rule.xml b/docs/en-US/add-load-balancer-rule.xml new file mode 100644 index 00000000000..99e61a77d73 --- /dev/null +++ b/docs/en-US/add-load-balancer-rule.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding a Load Balancer Rule + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network. + Click the name of the network where you want to load balance the traffic. + Click View IP Addresses. + Click the IP address for which you want to create the rule, then click the Configuration tab. + In the Load Balancing node of the diagram, click View All. + Fill in the following: + + Name. A name for the load balancer rule. + Public Port. The port receiving incoming traffic to be balanced. + Private Port. The port that the VMs will use to receive the traffic. + Algorithm. Choose the load balancing algorithm you want CloudPlatform to use. CloudPlatform supports a variety of well-known algorithms. If you are not familiar with these choices, you will find plenty of information about them on the Internet. + Stickiness. (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules. + + Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply. + The new load balancer rule appears in the list. You can repeat these steps to add more load balancer rules for this IP address. + + +
diff --git a/docs/en-US/add-members-to-projects.xml b/docs/en-US/add-members-to-projects.xml new file mode 100644 index 00000000000..94888abc998 --- /dev/null +++ b/docs/en-US/add-members-to-projects.xml @@ -0,0 +1,14 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding Members to a Project + New members can be added to a project by the project’s administrator, the domain administrator of the domain where the project resides or any parent domain, or the CloudPlatform root administrator. There are two ways to add members in CloudPlatform, but only one way is enabled at a time: + + If invitations have been enabled, you can send invitations to new members. + If invitations are not enabled, you can add members directly through the UI. + +
+ diff --git a/docs/en-US/add-password-management-to-templates.xml b/docs/en-US/add-password-management-to-templates.xml new file mode 100644 index 00000000000..69e16725e9f --- /dev/null +++ b/docs/en-US/add-password-management-to-templates.xml @@ -0,0 +1,14 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding Password Management to Your Templates + CloudPlatform provides an optional password reset feature that allows users to set a temporary admin or root password as well as reset the existing admin or root password from the CloudPlatform UI. + To enable the Reset Password feature, you will need to download an additional script to patch your template. When you later upload the template into CloudPlatform, you can specify whether reset admin/root password feature should be enabled for this template. + The password management feature works always resets the account password on instance boot. The script does an HTTP call to the virtual router to retrieve the account password that should be set. As long as the virtual router is accessible the guest will have access to the account password that should be used. When the user requests a password reset the management server generates and sends a new password to the virtual router for the account. Thus an instance reboot is necessary to effect any password changes. + If the script is unable to contact the virtual router during instance boot it will not set the password but boot will continue normally. + + +
diff --git a/docs/en-US/add-projects-members-from-ui.xml b/docs/en-US/add-projects-members-from-ui.xml new file mode 100644 index 00000000000..4ad12063575 --- /dev/null +++ b/docs/en-US/add-projects-members-from-ui.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding Project Members From the UI + The steps below tell how to add a new member to a project if the invitations feature is not enabled in the cloud. If the invitations feature is enabled cloud,as described in , use the procedure in . + + Log in to the CloudPlatform UI. + In the left navigation, click Projects. + In Select View, choose Projects. + Click the name of the project you want to work with. + Click the Accounts tab. The current members of the project are listed. + Type the account name of the new member you want to add, and click Add Account. You can add only people who have an account in this cloud and within the same domain as the project. + +
+ diff --git a/docs/en-US/add-security-group.xml b/docs/en-US/add-security-group.xml new file mode 100644 index 00000000000..2f00b6d47ec --- /dev/null +++ b/docs/en-US/add-security-group.xml @@ -0,0 +1,20 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding a Security Group + A user or administrator can change the network offering that is associated with an existing guest network. + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network + In Select view, choose Security Groups. + Click Add Security Group. + Provide a name and description. + Click OK. + The new security group appears in the Security Groups Details tab. + To make the security group useful, continue to Adding Ingress and Egress Rules to a Security Group. + +
+ diff --git a/docs/en-US/added-API-commands.xml b/docs/en-US/added-API-commands.xml new file mode 100644 index 00000000000..7136ad496c8 --- /dev/null +++ b/docs/en-US/added-API-commands.xml @@ -0,0 +1,143 @@ +
+ Added API commands + Added in 3.0.3: + + enableCiscoNexusVSM (Enables Nexus 1000v dvSwitch in CloudPlatform.) + disableCiscoNexusVSM (Disables Nexus 1000v dvSwitch in CloudPlatform.) + deleteCiscoNexusVSM (Deletes Nexus 1000v dvSwitch in CloudPlatform.) + listCiscoNexusVSMs (Lists the control VLAN ID, packet VLAN ID, and data VLAN ID, as well as the IP address of the Nexus 1000v dvSwitch.) + + Added in 3.0.2: + + changeServiceForSystemVm + Changes the service offering for a system VM (console proxy or secondary storage). The system VM must be in a "Stopped" state for this command to take effect. + + + Added in 3.0.1: + + changeServiceForSystemVm + Changes the service offering for a system VM (console proxy or secondary storage). The system VM must be in a "Stopped" state for this command to take effect. + + + Added in 3.0.0: + + + + + + + + assignVirtualMachine (Move a user VM to another user under same domain.) + restoreVirtualMachine (Restore a VM to original template or specific snapshot) + createLBStickinessPolicy (Creates a Load Balancer stickiness policy ) + + + deleteLBStickinessPolicy (Deletes a LB stickiness policy.) + listLBStickinessPolicies (Lists LBStickiness policies.) + ldapConfig (Configure the LDAP context for this site.) + + + addSwift (Adds Swift.) + listSwifts (List Swift.) + migrateVolume (Migrate volume) + + + updateStoragePool (Updates a storage pool.) + authorizeSecurityGroupEgress (Authorizes a particular egress rule for this security group) + revokeSecurityGroupEgress (Deletes a particular egress rule from this security group) + + + createNetworkOffering (Creates a network offering.) + deleteNetworkOffering (Deletes a network offering.) + createProject (Creates a project) + + + deleteProject (Deletes a project) + updateProject (Updates a project) + activateProject (Activates a project) + + + suspendProject (Suspends a project) + listProjects (Lists projects and provides detailed information for listed projects) + addAccountToProject (Adds acoount to a project) + + + deleteAccountFromProject (Deletes account from the project) + listProjectAccounts (Lists project's accounts) + listProjectInvitations (Lists an account's invitations to join projects) + + + updateProjectInvitation (Accepts or declines project invitation) + deleteProjectInvitation (Deletes a project invitation) + updateHypervisorCapabilities (Updates a hypervisor capabilities.) + + + listHypervisorCapabilities (Lists all hypervisor capabilities.) + createPhysicalNetwork (Creates a physical network) + deletePhysicalNetwork (Deletes a Physical Network.) + + + listPhysicalNetworks (Lists physical networks) + updatePhysicalNetwork (Updates a physical network) + listSupportedNetworkServices (Lists all network services provided by CloudPlatform or for the given Provider.) + + + addNetworkServiceProvider (Adds a network serviceProvider to a physical network) + deleteNetworkServiceProvider (Deletes a Network Service Provider.) + listNetworkServiceProviders (Lists network serviceproviders for a given physical network.) + + + updateNetworkServiceProvider (Updates a network serviceProvider of a physical network) + addTrafficType (Adds traffic type to a physical network) + deleteTrafficType (Deletes traffic type of a physical network) + + + listTrafficTypes (Lists traffic types of a given physical network.) + updateTrafficType (Updates traffic type of a physical network) + listTrafficTypeImplementors (Lists implementors of implementor of a network traffic type or implementors of all network traffic types) + + + createStorageNetworkIpRange (Creates a Storage network IP range.) + deleteStorageNetworkIpRange (Deletes a storage network IP Range.) + listStorageNetworkIpRange (List a storage network IP range.) + + + updateStorageNetworkIpRange (Update a Storage network IP range, only allowed when no IPs in this range have been allocated.) + listUsageTypes (List Usage Types) + addF5LoadBalancer (Adds a F5 BigIP load balancer device) + + + configureF5LoadBalancer (configures a F5 load balancer device) + deleteF5LoadBalancer ( delete a F5 load balancer device) + listF5LoadBalancers (lists F5 load balancer devices) + + + listF5LoadBalancerNetworks (lists network that are using a F5 load balancer device) + addSrxFirewall (Adds a SRX firewall device) + deleteSrxFirewall ( delete a SRX firewall device) + + + listSrxFirewalls (lists SRX firewall devices in a physical network) + listSrxFirewallNetworks (lists network that are using SRX firewall device) + addNetscalerLoadBalancer (Adds a netscaler load balancer device) + + + deleteNetscalerLoadBalancer ( delete a netscaler load balancer device) + configureNetscalerLoadBalancer (configures a netscaler load balancer device) + listNetscalerLoadBalancers (lists netscaler load balancer devices) + + + listNetscalerLoadBalancerNetworks (lists network that are using a netscaler load balancer device) + createVirtualRouterElement (Create a virtual router element.) + configureVirtualRouterElement (Configures a virtual router element.) + + + listVirtualRouterElements (Lists all available virtual router elements.) + + + + + + +
+ diff --git a/docs/en-US/added-cloudPlatform-error-codes.xml b/docs/en-US/added-cloudPlatform-error-codes.xml new file mode 100644 index 00000000000..05ac8833cbb --- /dev/null +++ b/docs/en-US/added-cloudPlatform-error-codes.xml @@ -0,0 +1,114 @@ +
+ Added CloudPlatform Error Codes + You can now find the CloudPlatform-specific error code in the exception response for each type of exception. The following list of error codes is added to the new class named CSExceptionErrorCode. These codes are applicable in CloudPlatform 3.0.3 and later versions. + + + + + + + + 4250 : "com.cloud.utils.exception.CloudRuntimeException" + 4255 : "com.cloud.utils.exception.ExceptionUtil" + 4260 : "com.cloud.utils.exception.ExecutionException" + + + 4265 : "com.cloud.utils.exception.HypervisorVersionChangedException" + 4270 : "com.cloud.utils.exception.RuntimeCloudException" + 4275 : "com.cloud.exception.CloudException" + + + 4280 : "com.cloud.exception.AccountLimitException" + 4285 : "com.cloud.exception.AgentUnavailableException" + 4290 : "com.cloud.exception.CloudAuthenticationException" + + + 4295 : "com.cloud.exception.CloudExecutionException" + 4300 : "com.cloud.exception.ConcurrentOperationException" + 4305 : "com.cloud.exception.ConflictingNetworkSettingsException" + + + 4310 : "com.cloud.exception.DiscoveredWithErrorException" + 4315 : "com.cloud.exception.HAStateException" + 4320 : "com.cloud.exception.InsufficientAddressCapacityException" + + + 4325 : "com.cloud.exception.InsufficientCapacityException" + 4330 : "com.cloud.exception.InsufficientNetworkCapacityException" + 4335 : "com.cloud.exception.InsufficientServerCapacityException" + + + 4340 : "com.cloud.exception.InsufficientStorageCapacityException" + 4345 : "com.cloud.exception.InternalErrorException" + 4350 : "com.cloud.exception.InvalidParameterValueException" + + + 4355 : "com.cloud.exception.ManagementServerException" + 4360 : "com.cloud.exception.NetworkRuleConflictException" + 4365 : "com.cloud.exception.PermissionDeniedException" + + + 4370 : "com.cloud.exception.ResourceAllocationException" + 4375 : "com.cloud.exception.ResourceInUseException" + 4380 : "com.cloud.exception.ResourceUnavailableException" + + + 4385 : "com.cloud.exception.StorageUnavailableException" + 4390 : "com.cloud.exception.UnsupportedServiceException" + 4395 : "com.cloud.exception.VirtualMachineMigrationException" + + + 4400 : "com.cloud.exception.AccountLimitException" + 4405 : "com.cloud.exception.AgentUnavailableException" + 4410 : "com.cloud.exception.CloudAuthenticationException" + + + 4415 : "com.cloud.exception.CloudException" + 4420 : "com.cloud.exception.CloudExecutionException" + 4425 : "com.cloud.exception.ConcurrentOperationException" + + + 4430 : "com.cloud.exception.ConflictingNetworkSettingsException" + 4435 : "com.cloud.exception.ConnectionException" + 4440 : "com.cloud.exception.DiscoveredWithErrorException" + + + 4445 : "com.cloud.exception.DiscoveryException" + 4450 : "com.cloud.exception.HAStateException" + 4455 : "com.cloud.exception.InsufficientAddressCapacityException" + + + 4460 : "com.cloud.exception.InsufficientCapacityException" + 4465 : "com.cloud.exception.InsufficientNetworkCapacityException" + 4470 : "com.cloud.exception.InsufficientServerCapacityException" + + + 4475 : "com.cloud.exception.InsufficientStorageCapacityException" + 4480 : "com.cloud.exception.InsufficientVirtualNetworkCapcityException" + 4485 : "com.cloud.exception.InternalErrorException" + + + 4490 : "com.cloud.exception.InvalidParameterValueException" + 4495 : "com.cloud.exception.ManagementServerException" + 4500 : "com.cloud.exception.NetworkRuleConflictException" + + + 4505 : "com.cloud.exception.PermissionDeniedException" + 4510 : "com.cloud.exception.ResourceAllocationException" + 4515 : "com.cloud.exception.ResourceInUseException" + + + 4520 : "com.cloud.exception.ResourceUnavailableException" + 4525 : "com.cloud.exception.StorageUnavailableException" + 4530 : "com.cloud.exception.UnsupportedServiceException" + + + 4535 : "com.cloud.exception.VirtualMachineMigrationException" + 9999 : "com.cloud.api.ServerApiException" + + + + + +
+ diff --git a/docs/en-US/adding-IP-addresses-for-the-public-network.xml b/docs/en-US/adding-IP-addresses-for-the-public-network.xml new file mode 100644 index 00000000000..50126518ebb --- /dev/null +++ b/docs/en-US/adding-IP-addresses-for-the-public-network.xml @@ -0,0 +1,26 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding IP Addresses for the Public Network + These instructions assume you have already logged in to the CloudPlatform UI. + + In the left navigation, choose Infrastructure. In Zones, click View More, then click the desired zone . + Click the Network tab. + In the Public node of the diagram, click Configure. + Click the IP Ranges tab. + Provide the following information: + + Gateway. The gateway in use for these IP addresses + Netmask. The netmask associated with this IP range + VLAN. The VLAN that will be used for public traffic + Start IP/End IP. A range of IP addresses that are assumed to be accessible from the Internet and will be allocated for access to guest networks. + + + Click Add. + + + +
diff --git a/docs/en-US/admin-alerts.xml b/docs/en-US/admin-alerts.xml new file mode 100644 index 00000000000..ebb68c1e36b --- /dev/null +++ b/docs/en-US/admin-alerts.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Administrator Alerts + The system provides alerts and events to help with the management of the cloud. Alerts are notices to an administrator, generally delivered by e-mail, notifying the administrator that an error has occurred in the cloud. Alert behavior is configurable. + Events track all of the user and administrator actions in the cloud. For example, every guest VM start creates an associated event. Events are stored in the Management Server’s database. + Emails will be sent to administrators under the following circumstances: + + The Management Server cluster runs low on CPU, memory, or storage resources + The Management Server loses heartbeat from a Host for more than 3 minutes + The Host cluster runs low on CPU, memory, or storage resources + + +
diff --git a/docs/en-US/admin-guide.xml b/docs/en-US/admin-guide.xml new file mode 100644 index 00000000000..a4fbb425255 --- /dev/null +++ b/docs/en-US/admin-guide.xml @@ -0,0 +1,73 @@ + + +%BOOK_ENTITIES; +]> + + Administrator Guide + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en-US/advanced-zone-configuration.xml b/docs/en-US/advanced-zone-configuration.xml new file mode 100644 index 00000000000..cd8a4da0e97 --- /dev/null +++ b/docs/en-US/advanced-zone-configuration.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Advanced Zone Configuration + TODO +
\ No newline at end of file diff --git a/docs/en-US/advanced-zone-physical-network-configuration.xml b/docs/en-US/advanced-zone-physical-network-configuration.xml new file mode 100644 index 00000000000..73fadec049c --- /dev/null +++ b/docs/en-US/advanced-zone-physical-network-configuration.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Advanced Zone Physical Network Configuration + Within a zone that uses advanced networking, you need to tell the Management Server how the physical network is set up to carry different kinds of traffic in isolation. + +
diff --git a/docs/en-US/alerts.xml b/docs/en-US/alerts.xml new file mode 100644 index 00000000000..81f5f7fbd8b --- /dev/null +++ b/docs/en-US/alerts.xml @@ -0,0 +1,31 @@ +
+ Alerts + The following is the list of alert type numbers. The current alerts can be found by calling listAlerts. + MEMORY = 0 + CPU = 1 + STORAGE =2 + STORAGE_ALLOCATED = 3 + PUBLIC_IP = 4 + PRIVATE_IP = 5 + HOST = 6 + USERVM = 7 + DOMAIN_ROUTER = 8 + CONSOLE_PROXY = 9 + ROUTING = 10// lost connection to default route (to the gateway) + STORAGE_MISC = 11 // lost connection to default route (to the gateway) + USAGE_SERVER = 12 // lost connection to default route (to the gateway) + MANAGMENT_NODE = 13 // lost connection to default route (to the gateway) + DOMAIN_ROUTER_MIGRATE = 14 + CONSOLE_PROXY_MIGRATE = 15 + USERVM_MIGRATE = 16 + VLAN = 17 + SSVM = 18 + USAGE_SERVER_RESULT = 19 + STORAGE_DELETE = 20; + UPDATE_RESOURCE_COUNT = 21; //Generated when we fail to update the resource count + USAGE_SANITY_RESULT = 22; + DIRECT_ATTACHED_PUBLIC_IP = 23; + LOCAL_STORAGE = 24; + RESOURCE_LIMIT_EXCEEDED = 25; //Generated when the resource limit exceeds the limit. Currently used for recurring snapshots only +
+ diff --git a/docs/en-US/allocators.xml b/docs/en-US/allocators.xml new file mode 100644 index 00000000000..99c9e572dd6 --- /dev/null +++ b/docs/en-US/allocators.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Allocators + CloudPlatform enables administrators to write custom allocators that will choose the Host to place a new guest and the storage host from which to allocate guest virtual disk images. +
\ No newline at end of file diff --git a/docs/en-US/api-reference.xml b/docs/en-US/api-reference.xml new file mode 100644 index 00000000000..c4ca74b3328 --- /dev/null +++ b/docs/en-US/api-reference.xml @@ -0,0 +1,8 @@ +
+ API Reference Documentation + 2.2 API Reference: + http://download.cloud.com/support/downloads.html/ + 3.0 API Reference: + http://download.cloud.com/releases/3.0.0/api_3.0.0/TOC_Root_Admin.html/ +
+ diff --git a/docs/en-US/appendix-a-time-zones.xml b/docs/en-US/appendix-a-time-zones.xml new file mode 100644 index 00000000000..8cd904efede --- /dev/null +++ b/docs/en-US/appendix-a-time-zones.xml @@ -0,0 +1,124 @@ + + +%BOOK_ENTITIES; +]> +
+ Appendix A—Time Zones + The following time zone identifiers are accepted by CloudPlatform. There are several places that have a time zone as a required or optional parameter. These include scheduling recurring snapshots, creating a user, and specifying the usage time zone in the Configuration table. + + + + + Etc/GMT+12 + America/La_Paz + Asia/Jerusalem + + + + Etc/GMT+11 + America/Santiago + Europe/Minsk + + + + Pacific/Samoa + America/St_Johns + Europe/Moscow + + + Pacific/Honolulu + America/Araguaina + Africa/Nairobi + + + US/Alaska + America/Los_Angeles + Mexico/BajaNorte + + + US/Arizona + US/Mountain + America/Chihuahua + + + + America/Chicago + America/Costa_Rica + America/Mexico_City + + + + Canada/Saskatchewan + America/Bogota + America/New_York + + + America/Caracas + America/Asuncion + America/Cuiaba + + + America/Halifax + America/Argentina/Buenos_Aires + America/Cayenne + + + America/Godthab + America/Montevideo + Etc/GMT+2 + + + + Atlantic/Azores + Atlantic/Cape_Verde + Africa/Casablanca + + + + Etc/UTC + Atlantic/Reykjavik + Europe/London + + + CET + Europe/Bucharest + Africa/Johannesburg + + + Asia/Beirut + Africa/Cairo + Asia/Karachi + + + Asia/Kolkata + Asia/Bangkok + Asia/Shanghai + + + Asia/Kuala_Lumpur + Australia/Perth + Asia/Taipei + + + + Asia/Tokyo + Asia/Seoul + Australia/Adelaide + + + + Australia/Darwin + Australia/Brisbane + Australia/Canberra + + + Pacific/Guam + Pacific/Auckland + + + + + + +
diff --git a/docs/en-US/asynchronous-commands-example.xml b/docs/en-US/asynchronous-commands-example.xml new file mode 100644 index 00000000000..3bc65b66dd8 --- /dev/null +++ b/docs/en-US/asynchronous-commands-example.xml @@ -0,0 +1,88 @@ +
+ Example + + The following shows an example of using an asynchronous command. Assume the API command: + command=deployVirtualMachine&zoneId=1&serviceOfferingId=1&diskOfferingId=1&templateId=1 + + CloudStack will immediately return a job ID and any other additional data. + + <deployvirtualmachineresponse> + <jobid>1</jobid> + <id>100</id> + </deployvirtualmachineresponse> + + Using the job ID, you can periodically poll for the results by using the queryAsyncJobResult command. + command=queryAsyncJobResult&jobId=1 + Three possible results could come from this query. + Job is still pending: + + <queryasyncjobresult> + <jobid>1</jobid> + <jobstatus>0</jobstatus> + <jobprocstatus>1</jobprocstatus> + </queryasyncjobresult> + + Job has succeeded: + + <queryasyncjobresultresponse cloud-stack-version="3.0.1.6"> + <jobid>1</jobid> + <jobstatus>1</jobstatus> + <jobprocstatus>0</jobprocstatus> + <jobresultcode>0</jobresultcode> + <jobresulttype>object</jobresulttype> + <jobresult> + <virtualmachine> + <id>450</id> + <name>i-2-450-VM</name> + <displayname>i-2-450-VM</displayname> + <account>admin</account> + <domainid>1</domainid> + <domain>ROOT</domain> + <created>2011-03-10T18:20:25-0800</created> + <state>Running</state> + <haenable>false</haenable> + <zoneid>1</zoneid> + <zonename>San Jose 1</zonename> + <hostid>2</hostid> + <hostname>905-13.sjc.lab.vmops.com</hostname> + <templateid>1</templateid> + <templatename>CentOS 5.3 64bit LAMP</templatename> + <templatedisplaytext>CentOS 5.3 64bit LAMP</templatedisplaytext> + <passwordenabled>false</passwordenabled> + <serviceofferingid>1</serviceofferingid> + <serviceofferingname>Small Instance</serviceofferingname> + <cpunumber>1</cpunumber> + <cpuspeed>500</cpuspeed> + <memory>512</memory> + <guestosid>12</guestosid> + <rootdeviceid>0</rootdeviceid> + <rootdevicetype>NetworkFilesystem</rootdevicetype> + <nic> + <id>561</id> + <networkid>205</networkid> + <netmask>255.255.255.0</netmask> + <gateway>10.1.1.1</gateway> + <ipaddress>10.1.1.225</ipaddress> + <isolationuri>vlan://295</isolationuri> + <broadcasturi>vlan://295</broadcasturi> + <traffictype>Guest</traffictype> + <type>Virtual</type> + <isdefault>true</isdefault> + </nic> + <hypervisor>XenServer</hypervisor> + </virtualmachine> + </jobresult> + </queryasyncjobresultresponse> + + Job has failed: + + <queryasyncjobresult> + <jobid>1</jobid> + <jobstatus>2</jobstatus> + <jobprocstatus>0</jobprocstatus> + <jobresultcode>551</jobresultcode> + <jobresulttype>text</jobresulttype> + <jobresult>Unable to deploy virtual machine id = 100 due to not enough capacity</jobresult> + </queryasyncjobresult> + +
\ No newline at end of file diff --git a/docs/en-US/asynchronous-commands.xml b/docs/en-US/asynchronous-commands.xml new file mode 100644 index 00000000000..8a6255b3387 --- /dev/null +++ b/docs/en-US/asynchronous-commands.xml @@ -0,0 +1,15 @@ +
+ Asynchronous Commands + Starting in CloudStack 2.x, the notion of asynchronous commands has been introduced. Commands are designated as asynchronous when they can potentially take a long period of time to complete such as creating a snapshot or disk volume. They differ from synchronous commands by the following: + + + They are identified in the API Reference by an (A). + They will immediately return a job ID to refer to the job that will be responsible in processing the command. + If executed as a "create" resource command, it will return the resource ID as well as the job ID. + You can periodically check the status of the job by making a simple API call to the command, queryAsyncJobResult and passing in the job ID. + + + + +
+ diff --git a/docs/en-US/attach-iso-to-vm.xml b/docs/en-US/attach-iso-to-vm.xml new file mode 100644 index 00000000000..4db9db0dd17 --- /dev/null +++ b/docs/en-US/attach-iso-to-vm.xml @@ -0,0 +1,20 @@ + + +%BOOK_ENTITIES; +]> +
+ Attaching an ISO to a VM + + In the left navigation, click Instances. + Choose the virtual machine you want to work with. + Click the Attach ISO button + + + + iso.png: Depicts adding an iso image + + In the Attach ISO dialog box, select the desired ISO. + Click OK + +
diff --git a/docs/en-US/attaching-volume.xml b/docs/en-US/attaching-volume.xml new file mode 100644 index 00000000000..e818a474188 --- /dev/null +++ b/docs/en-US/attaching-volume.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Attaching a Volume + You can attach a volume to a guest VM to provide extra disk storage. Attach a volume when you first create a new volume, when you are moving an existing volume from one VM to another, or after you have migrated a volume from one storage pool to another. + + Log in to the CloudPlatform UI as a user or admin. + In the left navigation, click Storage. + In Select View, choose Volumes. + 4. Click the volume name in the Volumes list, then click the Attach Disk button + + + + AttachDiskButton.png: button to attach a volume + + + In the Instance popup, choose the VM to which you want to attach the volume. You will only see instances to which you are allowed to attach volumes; for example, a user will see only instances created by that user, but the administrator will have more choices. + If the VM is running in the OVM hypervisor, the VM must be stopped before a new volume can be attached to it. + When the volume has been attached, you should be able to see it by clicking Instances, the instance name, and View Volumes. + +
+ diff --git a/docs/en-US/automatic-snapshot-creation-retention.xml b/docs/en-US/automatic-snapshot-creation-retention.xml new file mode 100644 index 00000000000..9bf6b34d9f6 --- /dev/null +++ b/docs/en-US/automatic-snapshot-creation-retention.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ Automatic Snapshot Creation and Retention + (Supported for the following hypervisors: XenServer, + VMware vSphere, and KVM) + Users can set up a recurring snapshot policy to automatically create multiple snapshots of a disk at regular intervals. Snapshots can be created on an hourly, daily, weekly, or monthly interval. One snapshot policy can be set up per disk volume. For example, a user can set up a daily snapshot at 02:30. + With each snapshot schedule, users can also specify the number of scheduled snapshots to be + retained. Older snapshots that exceed the retention limit are automatically deleted. This + user-defined limit must be equal to or lower than the global limit set by the CloudPlatform + administrator. See . The limit applies only to + those snapshots that are taken as part of an automatic recurring snapshot policy. Additional + manual snapshots can be created and retained. +
diff --git a/docs/en-US/basic-zone-configuration.xml b/docs/en-US/basic-zone-configuration.xml new file mode 100644 index 00000000000..5c5d176a45e --- /dev/null +++ b/docs/en-US/basic-zone-configuration.xml @@ -0,0 +1,128 @@ + + +%BOOK_ENTITIES; +]> +
+ Basic Zone Configuration + + After you select Basic in the Add Zone wizard and click Next, you will be asked to enter the following details. Then click Next. + + Name. A name for the zone. + DNS 1 and 2. These are DNS servers for use by guest VMs in the zone. These DNS servers will be accessed via the public network you will add later. The public IP addresses for the zone must have a route to the DNS server named here. + Internal DNS 1 and Internal DNS 2. These are DNS servers for use by system VMs in the zone (these are VMs used by &PRODUCT; itself, such as virtual routers, console proxies, and Secondary Storage VMs.) These DNS servers will be accessed via the management traffic network interface of the System VMs. The private IP address you provide for the pods must have a route to the internal DNS server named here. + Hypervisor. (Introduced in version 3.0.1) Choose the hypervisor for the first cluster in the zone. You can add clusters with different hypervisors later, after you finish adding the zone. + Network Offering. Your choice here determines what network services will be available on the network for guest VMs. + + + + + + + Network Offering + Description + + + + + DefaultSharedNetworkOfferingWithSGService + If you want to enable security groups for guest traffic isolation, choose this. (See Using Security Groups to Control Traffic to VMs.) + + + DefaultSharedNetworkOffering + If you do not need security groups, choose this. + + + DefaultSharedNetscalerEIPandELBNetworkOffering + If you have installed a Citrix NetScaler appliance as part of your zone network, and you will be using its Elastic IP and Elastic Load Balancing features, choose this. With the EIP and ELB features, a basic zone with security groups enabled can offer 1:1 static NAT and load balancing. + + + + + + Network Domain. (Optional) If you want to assign a special domain name to the guest VM network, specify the DNS suffix. + Public. A public zone is available to all users. A zone that is not public will be assigned to a particular domain. Only users in that domain will be allowed to create guest VMs in this zone. + + + Choose which traffic types will be carried by the physical network. + The traffic types are management, public, guest, and storage traffic. For more information about the types, roll over the icons to display their tool tips, or see Basic Zone Network Traffic Types. This screen starts out with some traffic types already assigned. To add more, drag and drop traffic types onto the network. You can also change the network name if desired. + + 3. (Introduced in version 3.0.1) Assign a network traffic label to each traffic type on the physical network. These labels must match the labels you have already defined on the hypervisor host. To assign each label, click the Edit button under the traffic type icon. A popup dialog appears where you can type the label, then click OK. + These traffic labels will be defined only for the hypervisor selected for the first cluster. For all other hypervisors, the labels can be configured after the zone is created. + (VMware only) If you have enabled Nexus dvSwitch in the environment, you must specify the corresponding Ethernet port profile names as network traffic label for each traffic type on the physical network. For more information on Nexus dvSwitch, see Configuring a vSphere Cluster with Nexus 1000v Virtual Switch. + + Click Next. + (NetScaler only) If you chose the network offering for NetScaler, you have an additional screen to fill out. Provide the requested details to set up the NetScaler, then click Next. + + IP address. The NSIP (NetScaler IP) address of the NetScaler device. + Username/Password. The authentication credentials to access the device. &PRODUCT; uses these credentials to access the device. + Type. NetScaler device type that is being added. It could be NetScaler VPX, NetScaler MPX, or NetScaler SDX. For a comparison of the types, see About Using a NetScaler Load Balancer. + Public interface. Interface of NetScaler that is configured to be part of the public network. + Private interface. Interface of NetScaler that is configured to be part of the private network. + Number of retries. Number of times to attempt a command on the device before considering the operation failed. Default is 2. + Capacity. Number of guest networks/accounts that will share this NetScaler device. + Dedicated. When marked as dedicated, this device will be dedicated to a single account. When Dedicated is checked, the value in the Capacity field has no significance – implicitly, its value is 1. + + + (NetScaler only) Configure the IP range for public traffic. The IPs in this range will be used for the static NAT capability which you enabled by selecting the network offering for NetScaler with EIP and ELB. Enter the following details, then click Add. If desired, you can repeat this step to add more IP ranges. When done, click Next. + + Gateway. The gateway in use for these IP addresses. + Netmask. The netmask associated with this IP range. + VLAN. The VLAN that will be used for public traffic. + Start IP/End IP. A range of IP addresses that are assumed to be accessible from the Internet and will be allocated for access to guest VMs. + + + In a new zone, &PRODUCT; adds the first pod for you. You can always add more pods later. For an overview of what a pod is, see . + To configure the first pod, enter the following, then click Next: + + Pod Name. A name for the pod. + Reserved system gateway. The gateway for the hosts in that pod. + Reserved system netmask. The network prefix that defines the pod's subnet. Use CIDR notation. + Start/End Reserved System IP. The IP range in the management network that &PRODUCT; uses to manage various system VMs, such as Secondary Storage VMs, Console Proxy VMs, and DHCP. For more information, see System Reserved IP Addresses. + + + Configure the network for guest traffic. Provide the following, then click Next: + + Guest gateway. The gateway that the guests should use. + Guest netmask. The netmask in use on the subnet the guests will use. + Guest start IP/End IP. Enter the first and last IP addresses that define a range that &PRODUCT; can assign to guests. + + We strongly recommend the use of multiple NICs. If multiple NICs are used, they may be in a different subnet. + If one NIC is used, these IPs should be in the same CIDR as the pod CIDR. + + + + + In a new pod, &PRODUCT; adds the first cluster for you. You can always add more clusters later. For an overview of what a cluster is, see About Clusters. + To configure the first cluster, enter the following, then click Next: + + Hypervisor. (Version 3.0.0 only; in 3.0.1, this field is read only) Choose the type of hypervisor software that all hosts in this cluster will run. If you choose VMware, additional fields appear so you can give information about a vSphere cluster. For vSphere servers, we recommend creating the cluster of hosts in vCenter and then adding the entire cluster to &PRODUCT;. See Add Cluster: vSphere. + Cluster name. Enter a name for the cluster. This can be text of your choosing and is not used by &PRODUCT;. + + + In a new cluster, &PRODUCT; adds the first host for you. You can always add more hosts later. For an overview of what a host is, see About Hosts. + When you add a hypervisor host to &PRODUCT;, the host must not have any VMs already running. + Before you can configure the host, you need to install the hypervisor software on the host. You will need to know which version of the hypervisor software version is supported by &PRODUCT; and what additional configuration is required to ensure the host will work with &PRODUCT;. To find these installation details, see: + + Citrix XenServer Installation and Configuration + VMware vSphere Installation and Configuration + KVM vSphere Installation and Configuration + Oracle VM (OVM) Installation and Configuration + + To configure the first host, enter the following, then click Next: + + Host Name. The DNS name or IP address of the host. + Username. The username is root. + Password. This is the password for the user named above (from your XenServer or KVM install). + Host Tags. (Optional) Any labels that you use to categorize hosts for ease of maintenance. For example, you can set this to the cloud's HA tag (set in the ha.tag global configuration parameter) if you want this host to be used only for VMs with the "high availability" feature enabled. For more information, see HA-Enabled Virtual Machines as well as HA for Hosts. + + + In a new cluster, CloudPlatform adds the first primary storage server for you. You can always add more servers later. For an overview of what primary storage is, see About Primary Storage. + To configure the first primary storage server, enter the following, then click Next: + + Name. The name of the storage device. + Protocol. For XenServer, choose either NFS, iSCSI, or PreSetup. For KVM, choose NFS or SharedMountPoint. For vSphere choose either VMFS (iSCSI or FiberChannel) or NFS. The remaining fields in the screen vary depending on what you choose here. + + + +
\ No newline at end of file diff --git a/docs/en-US/basic-zone-physical-network-configuration.xml b/docs/en-US/basic-zone-physical-network-configuration.xml new file mode 100644 index 00000000000..dac86b3a209 --- /dev/null +++ b/docs/en-US/basic-zone-physical-network-configuration.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Basic Zone Physical Network Configuration + In a basic network, configuring the physical network is fairly straightforward. You only need to configure one guest network to carry traffic that is generated by guest VMs. When you first add a zone to CloudPlatform, you set up the guest network through the Add Zone screens. + +
diff --git a/docs/en-US/best-practices-for-vms.xml b/docs/en-US/best-practices-for-vms.xml new file mode 100644 index 00000000000..000f6766153 --- /dev/null +++ b/docs/en-US/best-practices-for-vms.xml @@ -0,0 +1,6 @@ +
+ VM Lifecycle + The CloudPlatform administrator should monitor the total number of VM instances in each cluster, and disable allocation to the cluster if the total is approaching the maximum that the hypervisor can handle. Be sure to leave a safety margin to allow for the possibility of one or more hosts failing, which would increase the VM load on the other hosts as the VMs are automatically redeployed. Consult the documentation for your chosen hypervisor to find the maximum permitted number of VMs per host, then use CloudPlatform global configuration settings to set this as the default limit. Monitor the VM activity in each cluster at all times. Keep the total number of VMs below a safe level that allows for the occasional host failure. For example, if there are N hosts in the cluster, and you want to allow for one host in the cluster to be down at any given time, the total number of VM instances you can permit in the cluster is at most (N-1) * (per-host-limit). Once a cluster reaches this number of VMs, use the CloudPlatform UI to disable allocation of more VMs to the cluster.. + +
+ diff --git a/docs/en-US/best-practices-primary-storage.xml b/docs/en-US/best-practices-primary-storage.xml new file mode 100644 index 00000000000..4b4ef9a8f82 --- /dev/null +++ b/docs/en-US/best-practices-primary-storage.xml @@ -0,0 +1,13 @@ + + +%BOOK_ENTITIES; +]> +
+ Best Practices for Primary Storage + + The speed of primary storage will impact guest performance. If possible, choose smaller, higher RPM drives for primary storage. + Ensure that nothing is stored on the server. Adding the server to CloudPlatform will destroy any existing data + +
+ diff --git a/docs/en-US/best-practices-secondary-storage.xml b/docs/en-US/best-practices-secondary-storage.xml new file mode 100644 index 00000000000..27b889d539b --- /dev/null +++ b/docs/en-US/best-practices-secondary-storage.xml @@ -0,0 +1,14 @@ + + +%BOOK_ENTITIES; +]> +
+ Best Practices for Secondary Storage + + Each Zone can have one or more secondary storage servers. Multiple secondary storage servers provide increased scalability to the system. + Secondary storage has a high read:write ratio and is expected to consist of larger drives with lower IOPS than primary storage. + Ensure that nothing is stored on the server. Adding the server to CloudPlatform will destroy any existing data. + +
+ diff --git a/docs/en-US/best-practices-templates.xml b/docs/en-US/best-practices-templates.xml new file mode 100644 index 00000000000..71bc97be8f1 --- /dev/null +++ b/docs/en-US/best-practices-templates.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Best Practices for Templates + If you plan to use large templates (100 GB or larger), be sure you have a 10-gigabit network to support the large templates. A slower network can lead to timeouts and other errors when large templates are used. +
diff --git a/docs/en-US/best-practices-virtual-router.xml b/docs/en-US/best-practices-virtual-router.xml new file mode 100644 index 00000000000..07324e804f1 --- /dev/null +++ b/docs/en-US/best-practices-virtual-router.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Best Practices for Virtual Routers + + WARNING: Restarting a virtual router from a hypervisor console deletes all the iptables rules. To work around this issue, stop the virtual router and start it from the CloudPlatform UI. + WARNING: Do not use the destroyRouter API when only one router is available in the network, because restartNetwork API with the cleanup=false parameter can't recreate it later. If you want to destroy and recreate the single router available in the network, use the restartNetwork API with the cleanup=true parameter. + + + + +
diff --git a/docs/en-US/change-console-proxy-ssl-certificate-domain.xml b/docs/en-US/change-console-proxy-ssl-certificate-domain.xml new file mode 100644 index 00000000000..04c341ba38b --- /dev/null +++ b/docs/en-US/change-console-proxy-ssl-certificate-domain.xml @@ -0,0 +1,30 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing the Console Proxy SSL Certificate and Domain + If the administrator prefers, it is possible for the URL of the customer's console session to show a domain other than realhostip.com. The administrator can customize the displayed domain by selecting a different domain and uploading a new SSL certificate and private key. The domain must run a DNS service that is capable of resolving queries for addresses of the form aaa-bbb-ccc-ddd.your.domain to an IPv4 IP address in the form aaa.bbb.ccc.ddd, for example, 202.8.44.1. To change the console proxy domain, SSL certificate, and private key: + + Set up dynamic name resolution or populate all possible DNS names in your public IP range into your existing DNS server with the format aaa-bbb-ccc-ddd.company.com -> aaa.bbb.ccc.ddd. + Generate the private key and certificate signing request (CSR). When you are using openssl to generate private/public key pairs and CSRs, for the private key that you are going to paste into the CloudPlatform UI, be sure to convert it into PKCS#8 format. + + Generate a new 2048-bit private keyopenssl genrsa -des3 -out yourprivate.key 2048 + Generate a new certificate CSRopenssl req -new -key yourprivate.key -out yourcertificate.csr + Head to the website of your favorite trusted Certificate Authority, purchase an SSL certificate, and submit the CSR. You should receive a valid certificate in return + Convert your private key format into PKCS#8 encrypted format.openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encryped.key + Convert your PKCS#8 encrypted private key into the PKCS#8 format that is compliant with CloudPlatformopenssl pkcs8 -in yourprivate.pkcs8.encrypted.key -out yourprivate.pkcs8.key + + + In the Update SSL Certificate screen of the CloudPlatform UI, paste the following + + Certificate from step 1(c). + Private key from step 1(e). + The desired new domain name; for example, company.com + + + The desired new domain name; for example, company.comThis stops all currently running console proxy VMs, then restarts them with the new certificate and key. Users might notice a brief interruption in console availability + + The Management Server will generate URLs of the form "aaa-bbb-ccc-ddd.company.com" after this change is made. New console requests will be served with the new DNS domain name, certificate, and key +
diff --git a/docs/en-US/change-host-password.xml b/docs/en-US/change-host-password.xml new file mode 100644 index 00000000000..42a852c241a --- /dev/null +++ b/docs/en-US/change-host-password.xml @@ -0,0 +1,20 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing Host Password + The password for a XenServer Node, KVM Node, or vSphere Node may be changed in the database. Note that all Nodes in a Cluster must have the same password. + To change a Node's password: + + Identify all hosts in the cluster. + Change the password on all hosts in the cluster. Now the password for the host and the password known to CloudPlatform will not match. Operations on the cluster will fail until the two passwords match. + + Get the list of host IDs for the host in the cluster where you are changing the password. You will need to access the database to determine these host IDs. For each hostname "h" (or vSphere cluster) that you are changing the password for, execute: + mysql> select id from cloud.host where name like '%h%'; + This should return a single ID. Record the set of such IDs for these hosts. + Update the passwords for the host in the database. In this example, we change the passwords for hosts with IDs 5, 10, and 12 to "password". + mysql> update cloud.host set password='password' where id=5 or id=10 or id=12; + +
diff --git a/docs/en-US/change-network-offering-on-guest-network.xml b/docs/en-US/change-network-offering-on-guest-network.xml new file mode 100644 index 00000000000..c2448b947ba --- /dev/null +++ b/docs/en-US/change-network-offering-on-guest-network.xml @@ -0,0 +1,26 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing the Network Offering on a Guest Network + A user or administrator can change the network offering that is associated with an existing guest network. + + Log in to the CloudPlatform UI as an administrator or end user. + 2. If you are changing from a network offering that uses the CloudPlatform virtual router to one that uses external devices as network service providers, you must first stop all the VMs on the network. See Stopping and Starting VMs. Then return here and continue to the next step + In the left navigation, choose Network + Click the name of the network you want to modify + + + + AttachDiskButton.png: button to attach a volume + . + In Network Offering, choose the new network offering, then click Apply. + A prompt appears asking whether you want to keep the existing CIDR. This is to let you know that if you change the network offering, the CIDR will be affected. Choose No to proceed with the change. + Wait for the update to complete. Don’t try to restart VMs until after the network change is complete. + If you stopped any VMs in step 2, restart them. + + +
+ diff --git a/docs/en-US/change-to-behavior-of-list-commands.xml b/docs/en-US/change-to-behavior-of-list-commands.xml new file mode 100644 index 00000000000..2270db2e334 --- /dev/null +++ b/docs/en-US/change-to-behavior-of-list-commands.xml @@ -0,0 +1,70 @@ + + +%BOOK_ENTITIES; +]> +
+ Change to Behavior of List Commands + There was a major change in how our List* API commands work in CloudStack 3.0 compared to 2.2.x. The rules below apply only for managed resources – those that belong to an account, domain, or project. They are irrelevant for the List* commands displaying unmanaged (system) resources, such as hosts, clusters, and external network resources. + When no parameters are passed in to the call, the caller sees only resources owned by the caller (even when the caller is the administrator). Previously, the administrator saw everyone else's resources by default. + When accountName and domainId are passed in: + + The caller sees the resources dedicated to the account specified. + If the call is executed by a regular user, the user is authorized to specify only the user's own account and domainId. + If the caller is a domain administrator, CloudStack performs an authorization check to see whether the caller is permitted to view resources for the given account and domainId. + + When projectId is passed in, only resources belonging to that project are listed. + When domainId is passed in, the call returns only resources belonging to the domain specified. To see the resources of subdomains, use the parameter isRecursive=true. Again, the regular user can see only resources owned by that user, the root administrator can list anything, and a domain administrator is authorized to see only resources of the administrator's own domain and subdomains. + To see all resources the caller is authorized to see, except for Project resources, use the parameter listAll=true. + To see all Project resources the caller is authorized to see, use the parameter projectId=-1. + There is one API command that doesn't fall under the rules above completely: the listTemplates command. This command has its own flags defining the list rules: + + + + + + + listTemplates Flag + Description + + + + + featured + Returns templates that have been marked as featured and public. + + + + self + Returns templates that have been registered or created by the calling user. + + + + selfexecutable + Same as self, but only returns templates that are ready to be deployed with. + + + + sharedexecutable + Ready templates that have been granted to the calling user by another user. + + + + executable + Templates that are owned by the calling user, or public templates, that can be used to deploy a new VM. + + + + community + Returns templates that have been marked as public but not featured. + + + + all + Returns all templates (only usable by admins). + + + + + The CloudPlatform UI on a general view will display all resources that the logged-in user is authorized to see, except for project resources. To see the project resources, select the project view. +
diff --git a/docs/en-US/changing-root-password.xml b/docs/en-US/changing-root-password.xml new file mode 100644 index 00000000000..a30b461f3ff --- /dev/null +++ b/docs/en-US/changing-root-password.xml @@ -0,0 +1,32 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing the Root Password + During installation and ongoing cloud administration, you will need to log in to the UI as the root administrator. + The root administrator account manages the &PRODUCT; deployment, including physical infrastructure. + The root administrator can modify configuration settings to change basic functionality, create or delete user accounts, and take many actions that should be performed only by an authorized person. + When first installing &PRODUCT;, be sure to change the default password to a new, unique value. + + Open your favorite Web browser and go to this URL. Substitute the IP address of your own Management Server: + http://<management-server-ip-address>:8080/client + + Log in to the UI using the current root user ID and password. The default is admin, password. + Click Accounts. + Click the admin account name. + Click View Users. + Click the admin user name. + + Click the Change Password button. + + + + + change-password.png: button to change a user's password + + + Type the new password, and click OK. + +
diff --git a/docs/en-US/changing-secondary-storage-ip.xml b/docs/en-US/changing-secondary-storage-ip.xml new file mode 100644 index 00000000000..21ed9771c7f --- /dev/null +++ b/docs/en-US/changing-secondary-storage-ip.xml @@ -0,0 +1,26 @@ + + +%BOOK_ENTITIES; +]> +
+ Making API Requests + You can change the secondary storage IP address after it has been provisioned. After changing the IP address on the host, log in to your management server and execute the following commands. Replace HOSTID below with your own value, and change the URL to use the appropriate IP address and path for your server: + + # mysql -p + mysql> use cloud; + mysql> select id from host where type = 'SecondaryStorage'; + mysql> update host_details set value = 'nfs://192.168.160.20/export/mike-ss1' + where host_id = HOSTID and name = 'orig.url'; + mysql> update host set name = 'nfs://192.168.160.20/export/mike-ss1' where type + = 'SecondaryStorage' and id = #; + mysql> update host set url = 'nfs://192.168.160.20/export/mike-ss1' where type + = 'SecondaryStorage' and id = #; + mysql> update host set guid = 'nfs://192.168.160.20/export/mike-ss1' where type + = 'SecondaryStorage' and id = #; + + When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text. + Then log in to the cloud console UI and stop and start (not reboot) the Secondary Storage VM for that Zone. + +
+ diff --git a/docs/en-US/changing-secondary-storage-servers.xml b/docs/en-US/changing-secondary-storage-servers.xml new file mode 100644 index 00000000000..92590f2c124 --- /dev/null +++ b/docs/en-US/changing-secondary-storage-servers.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing Secondary Storage Servers + You can change the secondary storage NFS mount. Perform the following steps to do so: + + Stop all running Management Servers. + Wait 30 minutes. This allows any writes to secondary storage to complete. + Copy all files from the old secondary storage mount to the new. + Use the procedure above to change the IP address for secondary storage if required. + Start the Management Server. + +
+ diff --git a/docs/en-US/changing-secondary-storage-serversp.xml b/docs/en-US/changing-secondary-storage-serversp.xml new file mode 100644 index 00000000000..889f8b84f47 --- /dev/null +++ b/docs/en-US/changing-secondary-storage-serversp.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing Secondary Storage Servers + You can change the secondary storage NFS mount. Perform the following steps to do so: + + Stop all running Management Servers. + Wait 30 minutes. This allows any writes to secondary storage to complete. + Copy all files from the old secondary storage mount to the new. + Use the procedure above to change the IP address for secondary storage if required. + 5. Start the Management Server. + +
+ diff --git a/docs/en-US/changing-service-offering-for-vm.xml b/docs/en-US/changing-service-offering-for-vm.xml new file mode 100644 index 00000000000..c4748f0ee44 --- /dev/null +++ b/docs/en-US/changing-service-offering-for-vm.xml @@ -0,0 +1,30 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing the Service Offering for a VM + To upgrade or downgrade the level of compute resources available to a virtual machine, you can change the VM's compute offering. + + Log in to the CloudPlatform UI as a user or admin. + In the left navigation, click Instances. + Choose the VM that you want to work with. + Click the Stop button to stop the VM + + + + StopButton.png: button to stop a VM + + + Click the Change Service button + + + + ChangeServiceButton.png: button to change the service of a VM + . The Change service dialog box is displayed. + Select the offering you want. + Click OK. + +
+ diff --git a/docs/en-US/changing-vm-name-os-group.xml b/docs/en-US/changing-vm-name-os-group.xml new file mode 100644 index 00000000000..810d0e7c63a --- /dev/null +++ b/docs/en-US/changing-vm-name-os-group.xml @@ -0,0 +1,36 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing the VM Name, OS, or Group + After a VM is created, you can modify the display name, operating system, and the group it belongs to. + To access a VM through the CloudPlatform UI: + + Log in to the CloudPlatform UI as a user or admin. + In the left navigation, click Instances. + Select the VM that you want to modify. + Click the Stop button to stop the VM + + + + StopButton.png: button to stop a VM + + + Click Edit + + + + StopButton.png: button to edit the properties of a VM + . + Make the desired changes to the following: + + Display name: Enter a new display name if you want to change the name of the VM. + OS Type: Select the desired operating system. + Group: Enter the group name for the VM. + + Click Apply. + +
+ diff --git a/docs/en-US/cloud-infrastructure-concepts.xml b/docs/en-US/cloud-infrastructure-concepts.xml new file mode 100644 index 00000000000..cdf8ed0c2a9 --- /dev/null +++ b/docs/en-US/cloud-infrastructure-concepts.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Cloud Infrastructure Concepts + +
\ No newline at end of file diff --git a/docs/en-US/cloud-infrastructure-overview.xml b/docs/en-US/cloud-infrastructure-overview.xml new file mode 100644 index 00000000000..9c10acf7867 --- /dev/null +++ b/docs/en-US/cloud-infrastructure-overview.xml @@ -0,0 +1,28 @@ + + +%BOOK_ENTITIES; +]> +
+ Cloud Infrastructure Overview + + The Management Server manages one or more zones (typically, datacenters) containing host computers where guest virtual machines will run. The cloud infrastructure is organized as follows: + + + Zone: Typically, a zone is equivalent to a single datacenter. A zone consists of one or more pods and secondary storage. + Pod: A pod is usually one rack of hardware that includes a layer-2 switch and one or more clusters. + Cluster: A cluster consists of one or more hosts and primary storage. + Host: A single compute node within a cluster. The hosts are where the actual cloud services run in the form of guest virtual machines. + Primary storage is associated with a cluster, and it stores the disk volumes for all the VMs running on hosts in that cluster. + Secondary storage is associated with a zone, and it stores templates, ISO images, and disk volume snapshots. + + + + + + infrastructure_overview.png: Nested organization of a zone + + More Information + For more information, see . +
+ diff --git a/docs/en-US/cloud_infrastructure_overview.xml b/docs/en-US/cloud_infrastructure_overview.xml new file mode 100644 index 00000000000..89b8f6328e8 --- /dev/null +++ b/docs/en-US/cloud_infrastructure_overview.xml @@ -0,0 +1,21 @@ +
+ Cloud Infrastructure Overview + + The Management Server manages one or more zones (typically, datacenters) containing host computers where guest virtual machines will run. The cloud infrastructure is organized as follows: + + + Zone: Typically, a zone is equivalent to a single datacenter. A zone consists of one or more pods and secondary storage. See About Zones. + Pod: A pod is usually one rack of hardware that includes a layer-2 switch and one or more clusters. See About Pods. + Cluster: A cluster consists of one or more hosts and primary storage. See About Clusters. + Host: A single compute node within a cluster. The hosts are where the actual cloud services run in the form of guest virtual machines. See About Hosts. + Primary storage is associated with a cluster, and it stores the disk volumes for all the VMs running on hosts in that cluster. See About Primary Storage + Secondary storage is associated with a zone, and it stores templates, ISO images, and disk volume snapshots. See About Secondary Storage. + + + + + + infrastructure_overview.png: Nested organization of a zone + +
+ diff --git a/docs/en-US/cloudplatform-api.xml b/docs/en-US/cloudplatform-api.xml new file mode 100644 index 00000000000..ac96b0cb457 --- /dev/null +++ b/docs/en-US/cloudplatform-api.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ CloudPlatform API + The CloudPlatform API is a low level API that has been used to implement the CloudPlatform web UIs. It is also a good basis for implementing other popular APIs such as EC2/S3 and emerging DMTF standards. + Many CloudPlatform API calls are asynchronous. These will return a Job ID immediately when called. This Job ID can be used to query the status of the job later. Also, status calls on impacted resources will provide some indication of their state. + The API has a REST-like query basis and returns results in XML or JSON. + See the Developer’s Guide and the API Reference. +
diff --git a/docs/en-US/cloudstack-admin.xml b/docs/en-US/cloudstack-admin.xml new file mode 100644 index 00000000000..8b1d0b24021 --- /dev/null +++ b/docs/en-US/cloudstack-admin.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> + + + + + + + diff --git a/docs/en-US/cloudstack.ent b/docs/en-US/cloudstack.ent new file mode 100644 index 00000000000..4607134bc79 --- /dev/null +++ b/docs/en-US/cloudstack.ent @@ -0,0 +1,4 @@ + + + + diff --git a/docs/en-US/cloudstack.xml b/docs/en-US/cloudstack.xml new file mode 100644 index 00000000000..143e0a64e22 --- /dev/null +++ b/docs/en-US/cloudstack.xml @@ -0,0 +1,16 @@ + + +%BOOK_ENTITIES; +]> + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en-US/cloudstack_admin.xml b/docs/en-US/cloudstack_admin.xml new file mode 100644 index 00000000000..8b1d0b24021 --- /dev/null +++ b/docs/en-US/cloudstack_admin.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> + + + + + + + diff --git a/docs/en-US/cloudstack_developers.xml b/docs/en-US/cloudstack_developers.xml new file mode 100644 index 00000000000..8fc5e2a69da --- /dev/null +++ b/docs/en-US/cloudstack_developers.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> + + + + + + + diff --git a/docs/en-US/cloudstack_features.xml b/docs/en-US/cloudstack_features.xml new file mode 100644 index 00000000000..5cf619e0d47 --- /dev/null +++ b/docs/en-US/cloudstack_features.xml @@ -0,0 +1,42 @@ +
+ What Can CloudStack Do? + + + Multiple Hypervisor Support + + + CloudStack works with a variety of hypervisors. A single cloud deployment can contain multiple hypervisor implementations. You have the complete freedom to choose the right hypervisor for your workload. CloudStack is designed to work with open source Xen and KVM hypervisors as well as enterprise-grade hypervisors such as Citrix XenServer, VMware vSphere, and Oracle VM (OVM). You can also provision “bare metal” hosts with no hypervisor (Beta feature. Untested in CloudStack 3.0.x0.) + + + Massively Scalable Infrastructure Management + + + CloudStack can manage tens of thousands of servers installed in multiple geographically distributed datacenters. The centralized management server scales linearly, eliminating the need for intermediate cluster-level management servers. No single component failure can cause cloud-wide outage. Periodic maintenance of the management server can be performed without affecting the functioning of virtual machines running in the cloud. + + + Automatic Configuration Management + + CloudStack automatically configures each guest virtual machine’s networking and storage settings. + + CloudStack internally manages a pool of virtual appliances to support the cloud itself. These appliances offer services such as firewalling, routing, DHCP, VPN access, console proxy, storage access, and storage replication. The extensive use of virtual appliances simplifies the installation, configuration, and ongoing management of a cloud deployment. + + + Graphical User Interface + + CloudStack offers an administrator's Web interface, used for provisioning and managing the cloud, as well as an end-user's Web interface, used for running VMs and managing VM templates. The UI can be customized to reflect the desired service provider or enterprise look and feel. + + + API and Extensibility + + + CloudStack provides an API that gives programmatic access to all the management features available in the UI. The API is maintained and documented. This API enables the creation of command line tools and new user interfaces to suit particular needs. See the Developer’s Guide and API Reference, both available at http://docs.cloud.com/CloudStack_Documentation. + + + The CloudStack platform pluggable allocation architecture allows the creation of new types of allocators for the selection of storage and Hosts. See the Allocator Implementation Guide (http://docs.cloud.com/CloudStack_Documentation/Allocator_Implementation_Guide). + + + High Availability + + The CloudStack platform has a number of features to increase the availability of the system. The Management Server itself may be deployed in a multi-node installation where the servers are load balanced. MySQL may be configured to use replication to provide for a manual failover in the event of database loss. For the Hosts, the CloudStack platform supports NIC bonding and the use of separate networks for storage as well as iSCSI Multipath. + +
\ No newline at end of file diff --git a/docs/en-US/cloudstack_installation.xml b/docs/en-US/cloudstack_installation.xml new file mode 100644 index 00000000000..c57fc478f29 --- /dev/null +++ b/docs/en-US/cloudstack_installation.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> + + + + + + + diff --git a/docs/en-US/cloudstack_system_requirements.xml b/docs/en-US/cloudstack_system_requirements.xml new file mode 100644 index 00000000000..b8ce043dd82 --- /dev/null +++ b/docs/en-US/cloudstack_system_requirements.xml @@ -0,0 +1,45 @@ +
+ Minimum System Requirements + + The machines that will run the Management Server and MySQL database must meet the following requirements. The same machines can also be used to provide primary and secondary storage, such as via localdisk or NFS. The Management Server may be placed on a virtual machine. + + + Operating system: + + Commercial users: Preferred: RHEL 6.2+ 64-bit (https://access.redhat.com/downloads) or CentOS 6.2+ 64-bit (http://isoredirect.centos.org/centos/6/isos/x86_64/). Also supported (v3.0.3 and greater): RHEL and CentOS 5.4-5.x 64-bit + Open-source community users: RHEL 5.4-5.x 64-bit or 6.2+ 64-bit; CentOS 5.4-5.x 64-bit or 6.2+ 64-bit; Ubuntu 10.04 LTS + + + 64-bit x86 CPU (more cores results in better performance) + 4 GB of memory + 250 GB of local disk (more results in better capability; 500 GB recommended) + At least 1 NIC + Statically allocated IP address + Fully qualified domain name as returned by the hostname command + + The host is where the cloud services run in the form of guest virtual machines. Each host is one machine that meets the following requirements: + + Must be 64-bit and must support HVM (Intel-VT or AMD-V enabled). + 64-bit x86 CPU (more cores results in better performance) + Hardware virtualization support required + 4 GB of memory + 36 GB of local disk + At least 1 NIC + Statically allocated IP Address + Latest hotfixes applied to hypervisor software + When you deploy CloudStack, the hypervisor host must not have any VMs already running + + Hosts have additional requirements depending on the hypervisor. See the requirements listed at the top of the Installation section for your chosen hypervisor: + + Citrix XenServer Installation for CloudStack + VMware vSphere Installation and Configuration + KVM Installation and Configuration + Oracle VM (OVM) Installation and Configuration + + + + Be sure you fulfill the additional hypervisor requirements and installation steps provided in this Guide. Hypervisor hosts must be properly prepared to work with CloudStack. For example, the requirements for XenServer are listed under Citrix XenServer Installation for CloudStack. + + +
+ diff --git a/docs/en-US/cloudstack_trial_installation.xml b/docs/en-US/cloudstack_trial_installation.xml new file mode 100644 index 00000000000..084c867a835 --- /dev/null +++ b/docs/en-US/cloudstack_trial_installation.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> + + + + + + + diff --git a/docs/en-US/cloudstack_whatis.xml b/docs/en-US/cloudstack_whatis.xml new file mode 100644 index 00000000000..00f010a0892 --- /dev/null +++ b/docs/en-US/cloudstack_whatis.xml @@ -0,0 +1,25 @@ +
+ What Is CloudStack? + + Who Should Read This + + + If you are new to CloudStack or you want to learn more about concepts before installing and running CloudStack, read this overview. + If you just want to get started, you can skip to Overview of Installation Steps. + + + + CloudStack is an open source software platform that pools computing resources to build public, private, and hybrid Infrastructure as a Service (IaaS) clouds. CloudStack manages the network, storage, and compute nodes that make up a cloud infrastructure. Use CloudStack to deploy, manage, and configure cloud computing environments. + Typical users are service providers and enterprises. With CloudStack, you can: + + + Set up an on-demand, elastic cloud computing service. Service providers can sell self service virtual machine instances, storage volumes, and networking configurations over the Internet. + + + Set up an on-premise private cloud for use by employees. Rather than managing virtual machines in the same way as physical machines, with CloudStack an enterprise can offer self-service virtual machines to users without involving IT departments. + + + + +
+ diff --git a/docs/en-US/cluster-add.xml b/docs/en-US/cluster-add.xml new file mode 100644 index 00000000000..e269ab10add --- /dev/null +++ b/docs/en-US/cluster-add.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding a Cluster + TODO +
diff --git a/docs/en-US/compatibility-matrix.xml b/docs/en-US/compatibility-matrix.xml new file mode 100644 index 00000000000..e96be712742 --- /dev/null +++ b/docs/en-US/compatibility-matrix.xml @@ -0,0 +1,97 @@ + + +%BOOK_ENTITIES; +]> +
+ Compatibility Matrix + + + + + Hypervisor + CloudStack 2.1.x + CloudStack 2.2.x + CloudStack 3.0.0 + CloudStack 3.0.1 + CloudStack 3.0.2 + CloudStack 3.0.3 + + + + + XenServer 5.6 + Yes + Yes + No + No + No + No + + + XenServer 5.6 FP1 + Yes + Yes + No + No + No + No + + + XenServer 5.6 SP2 + Yes + Yes + No + No + Yes + Yes + + + XenServer 6.0.0 + No + No + No + No + No + Yes + + + XenServer 6.0.2 + No + No + Yes + Yes + Yes + Yes + + + XenServer 6.1 + No + No + No + No + No + No + + + KVM (RHEL 6.0 or 6.1) + Yes + Yes + Yes + Yes + Yes + Yes + + + VMware (vSphere and vCenter, both version 4.1) + Yes + Yes + Yes + Yes + Yes + Yes + + + + +
diff --git a/docs/en-US/compute-disk-service-offerings.xml b/docs/en-US/compute-disk-service-offerings.xml new file mode 100644 index 00000000000..a5680e45ff7 --- /dev/null +++ b/docs/en-US/compute-disk-service-offerings.xml @@ -0,0 +1,29 @@ + + +%BOOK_ENTITIES; +]> +
+ Compute and Disk Service Offerings + A service offering is a set of virtual hardware features such as CPU core count and speed, memory, and disk size. The CloudPlatform administrator can set up various offerings, and then end users choose from the available offerings when they create a new VM. A service offering includes the following elements: + + CPU, memory, and network resource guarantees + How resources are metered + How the resource usage is charged + How often the charges are generated + + For example, one service offering might allow users to create a virtual machine instance that is equivalent to a 1 GHz Intel® Core™ 2 CPU, with 1 GB memory at $0.20/hour, with network traffic metered at $0.10/GB. Based on the user’s selected offering, CloudPlatform emits usage records that can be integrated with billing systems. CloudPlatform separates service offerings into compute offerings and disk offerings. The computing service offering specifies: + + Guest CPU + Guest RAM + Guest Networking type (virtual or direct) + Tags on the root disk + + The disk offering specifies: + + Disk size (optional). An offering without a disk size will allow users to pick their own + Tags on the data disk + +
+ + diff --git a/docs/en-US/concepts.xml b/docs/en-US/concepts.xml new file mode 100644 index 00000000000..3cd3b720b7a --- /dev/null +++ b/docs/en-US/concepts.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> + + Concepts + + + + diff --git a/docs/en-US/configure-guest-traffic-in-advanced-zone.xml b/docs/en-US/configure-guest-traffic-in-advanced-zone.xml new file mode 100644 index 00000000000..82204df434a --- /dev/null +++ b/docs/en-US/configure-guest-traffic-in-advanced-zone.xml @@ -0,0 +1,31 @@ + + +%BOOK_ENTITIES; +]> +
+ Configure Guest Traffic in an Advanced Zone + These steps assume you have already logged in to the CloudPlatform UI. To configure the base guest network: + + In the left navigation, choose Infrastructure. On Zones, click View More, then click the zone to which you want to add a network. + Click the Network tab. + Click Add network. + Provide the following information: + + Name. The name of the network. This will be user-visible + Description: The description of the network. This will be user-visible + VLAN ID: Enter an administrator-configured VLAN ID so you can create different networks for use by different VM users in the zone + Scope: Choose account-specific or domain-specific if you would like to make the network accessible to only a single account or domain. Choose zone-wide if all accounts with access to the zone should be able to access the network. + Domain/Account: If Scope is account-specific, enter the domain and account name for the account + Network offering: If the administrator has configured multiple network offerings, select the one you want to use for this network + Gateway: The gateway that the guests should use + Netmask: The netmask in use on the subnet the guests will use + Start IP/End IP: Enter the first and last IP addresses that define a range that CloudPlatform can assign to guests. If one NIC is used, these IPs should be in the same CIDR as the pod CIDR. If multiple NICs are used, they may be in a different subnet. + Network Domain: (Optional) If you want to assign a special domain name to this network, specify the DNS suffix. + + + Click OK. + + + +
diff --git a/docs/en-US/configure-public-traffic-in-an-advanced-zone.xml b/docs/en-US/configure-public-traffic-in-an-advanced-zone.xml new file mode 100644 index 00000000000..2420410d59d --- /dev/null +++ b/docs/en-US/configure-public-traffic-in-an-advanced-zone.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Configure Public Traffic in an Advanced Zone + In a zone that uses advanced networking, you need to configure at least one range of IP addresses for Internet traffic. + +
diff --git a/docs/en-US/configure-usage-server.xml b/docs/en-US/configure-usage-server.xml new file mode 100644 index 00000000000..60973614023 --- /dev/null +++ b/docs/en-US/configure-usage-server.xml @@ -0,0 +1,82 @@ + + +%BOOK_ENTITIES; +]> +
+ Configuring the Usage Server + To configure the usage server: + + Be sure the Usage Server has been installed. This requires extra steps beyond just installing the CloudPlatform software. See Installing the Usage Server (Optional) in the Advanced Installation Guide. + Log in to the CloudPlatform UI as administrator. + Click Global Settings. + In Search, type usage. Find the configuration parameter that controls the behavior you want to set. See the table below for a description of the available parameters. + In Actions, click the Edit icon. + Type the desired value and click the Save icon. + Restart the Management Server (as usual with any global configuration change) and also the Usage Server: + # service cloud-management restart +# service cloud-usage restart + + + The following table shows the global configuration settings that control the behavior of the Usage Server. + + + + + Parameter Name + Description + + + + + enable.usage.server + Whether the Usage Server is active. + + + usage.aggregation.timezone + Time zone of usage records. Set this if the usage records and daily job execution are in different time zones. For example, with the following settings, the usage job will run at PST 00:15 and generate usage records for the 24 hours from 00:00:00 GMT to 23:59:59 GMT: + usage.stats.job.exec.time = 00:15 +usage.execution.timezone = PST +usage.aggregation.timezone = GMT + + Valid values for the time zone are specified in + Default: GMT + + + + usage.execution.timezone + The time zone of usage.stats.job.exec.time. Valid values for the time zone are specified in + Default: The time zone of the management server. + + + + usage.sanity.check.interval + The number of days between sanity checks. Set this in order to periodically search for records with erroneous data before issuing customer invoices. For example, this checks for VM usage records created after the VM was destroyed, and similar checks for templates, volumes, and so on. It also checks for usage times longer than the aggregation range. If any issue is found, the alert ALERT_TYPE_USAGE_SANITY_RESULT = 21 is sent. + + + usage.stats.job.aggregation.range + The time period in minutes between Usage Server processing jobs. For example, if you set it to 1440, the Usage Server will run once per day. If you set it to 600, it will run every ten hours. In general, when a Usage Server job runs, it processes all events generated since usage was last run. + There is special handling for the case of 1440 (once per day). In this case the Usage Server does not necessarily process all records since Usage was last run. CloudPlatform assumes that you require processing once per day for the previous, complete day’s records. For example, if the current day is October 7, then it is assumed you would like to process records for October 6, from midnight to midnight. CloudPlatform assumes this “midnight to midnight” is relative to the usage.execution.timezone. + Default: 1440 + + + + usage.stats.job.exec.time + The time when the Usage Server processing will start. It is specified in 24-hour format (HH:MM) in the time zone of the server, which should be GMT. For example, to start the Usage job at 10:30 GMT, enter “10:30”. + If usage.stats.job.aggregation.range is also set, and its value is not 1440, then its value will be added to usage.stats.job.exec.time to get the time to run the Usage Server job again. This is repeated until 24 hours have elapsed, and the next day's processing begins again at usage.stats.job.exec.time. + Default: 00:15. + + + + + + For example, suppose that your server is in GMT, your user population is predominantly in the East Coast of the United States, and you would like to process usage records every night at 2 AM local (EST) time. Choose these settings: + + enable.usage.server = true + usage.execution.timezone = America/New_York + usage.stats.job.exec.time = 07:00. This will run the Usage job at 2:00 AM EST. Note that this will shift by an hour as the East Coast of the U.S. enters and exits Daylight Savings Time. + usage.stats.job.aggregation.range = 1440 + + With this configuration, the Usage job will run every night at 2 AM EST and will process records for the previous day’s midnight-midnight as defined by the EST (America/New_York) time zone. + Because the special value 1440 has been used for usage.stats.job.aggregation.range, the Usage Server will ignore the data between midnight and 2 AM. That data will be included in the next day's run +
\ No newline at end of file diff --git a/docs/en-US/configure-virtual-router.xml b/docs/en-US/configure-virtual-router.xml new file mode 100644 index 00000000000..7aab6b369d6 --- /dev/null +++ b/docs/en-US/configure-virtual-router.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Configuring the Virtual Router + You can set the following: + + IP range + Supported network services + Default domain name for the network serviced by the virtual router + Gateway IP address + How often CloudPlatform fetches network usage statistics from CloudPlatform virtual routers. If you want to collect traffic metering data from the virtual router, set the global configuration parameter router.stats.interval. If you are not using the virtual router to gather network usage statistics, set it to 0. + + +
diff --git a/docs/en-US/configure-vpn.xml b/docs/en-US/configure-vpn.xml new file mode 100644 index 00000000000..cab25fd9342 --- /dev/null +++ b/docs/en-US/configure-vpn.xml @@ -0,0 +1,33 @@ + + +%BOOK_ENTITIES; +]> +
+ Configuring VPN + To set up VPN for the cloud: + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, click Global Settings. + Set the following global configuration parameters. + + remote.access.vpn.client.ip.range – The range of IP addressess to be allocated to remote access VPN clients. The first IP in the range is used by the VPN server. + remote.access.vpn.psk.length – Length of the IPSec key. + remote.access.vpn.user.limit – Maximum number of VPN users per account. + + To enable VPN for a particular network: + + Log in as a user or administrator to the CloudPlatform UI. + In the left navigation, click Network. + Click the name of the network you want to work with. + Click View IP Addresses. + Click one of the displayed IP address names. + Click the Enable VPN button + + + + AttachDiskButton.png: button to attach a volume + . + The IPsec key is displayed in a popup window. + +
diff --git a/docs/en-US/configure-xenserver-dom-memory.xml b/docs/en-US/configure-xenserver-dom-memory.xml new file mode 100644 index 00000000000..c647cd81330 --- /dev/null +++ b/docs/en-US/configure-xenserver-dom-memory.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Configure XenServer dom0 Memory + Configure the XenServer dom0 settings to allocate more memory to dom0. This can enable XenServer to handle larger numbers of virtual machines. We recommend 2940 MB of RAM for XenServer dom0. For instructions on how to do this, see Citrix Knowledgebase Article.The article refers to XenServer 5.6, but the same information applies to XenServer 6 +
+ diff --git a/docs/en-US/configure-xenserver-dom0-memory.xml b/docs/en-US/configure-xenserver-dom0-memory.xml new file mode 100644 index 00000000000..c647cd81330 --- /dev/null +++ b/docs/en-US/configure-xenserver-dom0-memory.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Configure XenServer dom0 Memory + Configure the XenServer dom0 settings to allocate more memory to dom0. This can enable XenServer to handle larger numbers of virtual machines. We recommend 2940 MB of RAM for XenServer dom0. For instructions on how to do this, see Citrix Knowledgebase Article.The article refers to XenServer 5.6, but the same information applies to XenServer 6 +
+ diff --git a/docs/en-US/configuring-projects.xml b/docs/en-US/configuring-projects.xml new file mode 100644 index 00000000000..925f3606b9d --- /dev/null +++ b/docs/en-US/configuring-projects.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Configuring Projects + Before CloudPlatform users start using projects, the CloudPlatform administrator must set up various systems to support them, including membership invitations, limits on project resources, and controls on who can create projects +
+ diff --git a/docs/en-US/console-proxy.xml b/docs/en-US/console-proxy.xml new file mode 100644 index 00000000000..bc14445ebbf --- /dev/null +++ b/docs/en-US/console-proxy.xml @@ -0,0 +1,16 @@ + + +%BOOK_ENTITIES; +]> +
+ Console Proxy + The Console Proxy is a type of System Virtual Machine that has a role in presenting a console view via the web UI. It connects the user’s browser to the VNC port made available via the hypervisor for the console of the guest. Both the administrator and end user web UIs offer a console connection. + Clicking on a console icon brings up a new window. The AJAX code downloaded into that window refers to the public IP address of a console proxy VM. There is exactly one public IP address allocated per console proxy VM. The AJAX application connects to this IP. The console proxy then proxies the connection to the VNC port for the requested VM on the Host hosting the guest. . + The hypervisors will have many ports assigned to VNC usage so that multiple VNC sessions can occur simultaneously. + There is never any traffic to the guest virtual IP, and there is no need to enable VNC within the guest. + The console proxy VM will periodically report its active session count to the Management Server. The default reporting interval is five seconds. This can be changed through standard Management Server configuration with the parameter consoleproxy.loadscan.interval. + Assignment of guest VM to console proxy is determined by first determining if the guest VM has a previous session associated with a console proxy. If it does, the Management Server will assign the guest VM to the target Console Proxy VM regardless of the load on the proxy VM. Failing that, the first available running Console Proxy VM that has the capacity to handle new sessions is used. + Console proxies can be restarted by administrators but this will interrupt existing console sessions for users. + The console viewing functionality uses a dynamic DNS service under the domain name realhostip.com to assist in providing SSL security to console sessions. The console proxy is assigned a public IP address. In order to avoid browser warnings for mismatched SSL certificates, the URL for the new console window is set to the form of https://aaa-bbb-ccc-ddd.realhostip.com. Customers will see this URL during console session creation. CloudPlatform includes the realhostip.com SSL certificate in the console proxy VM. Of course, CloudPlatform cannot know about DNS A records for our customers' public IPs prior to shipping the software. CloudPlatform therefore runs a dynamic DNS server that is authoritative for the realhostip.com domain. It maps the aaa-bbb-ccc-ddd part of the DNS name to the IP address aaa.bbb.ccc.ddd on lookups. This allows the browser to correctly connect to the console proxy's public IP, where it then expects and receives a SSL certificate for realhostip.com, and SSL is set up without browser warnings. +
diff --git a/docs/en-US/contacting-support.xml b/docs/en-US/contacting-support.xml new file mode 100644 index 00000000000..ef165b37e45 --- /dev/null +++ b/docs/en-US/contacting-support.xml @@ -0,0 +1,5 @@ +
+ Contacting Support + The support team is available to help customers plan and execute their installations. To contact the support team, log in to the support portal at support.citrix.com/cloudsupport by using the account credentials you received when you purchased your support contract. +
+ diff --git a/docs/en-US/convert-hyperv-vm-to-template.xml b/docs/en-US/convert-hyperv-vm-to-template.xml new file mode 100644 index 00000000000..813112c5c74 --- /dev/null +++ b/docs/en-US/convert-hyperv-vm-to-template.xml @@ -0,0 +1,50 @@ + + +%BOOK_ENTITIES; +]> +
+ Converting a Hyper-V VM to a Template + To convert a Hyper-V VM to a XenServer-compatible CloudPlatform template, you will need a standalone XenServer host with an attached NFS VHD SR. Use whatever XenServer version you are using with CloudPlatform, but use XenCenter 5.6 FP1 or SP2 (it is backwards compatible to 5.6). Additionally, it may help to have an attached NFS ISO SR. + For Linux VMs, you may need to do some preparation in Hyper-V before trying to get the VM to work in XenServer. Clone the VM and work on the clone if you still want to use the VM in Hyper-V. Uninstall Hyper-V Integration Components and check for any references to device names in /etc/fstab: + + From the linux_ic/drivers/dist directory, run make uninstall (where "linux_ic" is the path to the copied Hyper-V Integration Components files). + Restore the original initrd from backup in /boot/ (the backup is named *.backup0). + Remove the "hdX=noprobe" entries from /boot/grub/menu.lst. + Check /etc/fstab for any partitions mounted by device name. Change those entries (if any) to mount by LABEL or UUID (get that information with the "blkid" command).. + + The next step is make sure the VM is not running in Hyper-V, then get the VHD into XenServer. There are two options for doing this. + Option one: + + Import the VHD using XenCenter. In XenCenter, go to Tools>Virtual Appliance Tools>Disk Image Import. + Choose the VHD, then click Next. + Name the VM, choose the NFS VHD SR under Storage, enable "Run Operating System Fixups" and choose the NFS ISO SR. + Click Next, then Finish. A VM should be created. + + Option two + + Run XenConvert, under From choose VHD, under To choose XenServer. Click Next. + Choose the VHD, then click Next. + Input the XenServer host info, then click Next. + Name the VM, then click Next, then Convert. A VM should be created + + Once you have a VM created from the Hyper-V VHD, prepare it using the following steps: + + Boot the VM, uninstall Hyper-V Integration Services, and reboot. + Install XenServer Tools, then reboot. + Prepare the VM as desired. For example, run sysprep on Windows VMs. See + + Either option above will create a VM in HVM mode. This is fine for Windows VMs, but Linux VMs may not perform optimally. Converting a Linux VM to PV mode will require additional steps and will vary by distribution. + + Shut down the VM and copy the VHD from the NFS storage to a web server; for example, mount the NFS share on the web server and copy it, or from the XenServer host use sftp or scp to upload it to the web server. + In CloudPlatform, create a new template using the following values: + + URL. Give the URL for the VHD + OS Type. Use the appropriate OS. For PV mode on CentOS, choose Other PV (32-bit) or Other PV (64-bit). This choice is available only for XenServer. + Hypervisor. XenServer + Format. VHD + + + + The template will be created, and you can create instances from it. +
diff --git a/docs/en-US/create-bare-metal-template.xml b/docs/en-US/create-bare-metal-template.xml new file mode 100644 index 00000000000..9effd86889f --- /dev/null +++ b/docs/en-US/create-bare-metal-template.xml @@ -0,0 +1,31 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a Bare Metal Template + Beta feature. Untested in CloudPlatform 3.0.3. Provided without guarantee of performance. + Before you can create a bare metal template, you must have performed several other installation and setup steps to create a bare metal cluster and environment. See Bare Metal Installation in the Installation Guide. It is assumed you already have a directory named "win7_64bit" on your CIFS server, containing the image for the bare metal instance. This directory and image are set up as part of the Bare Metal Installation procedure. + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation bar, click Templates. + Click Create Template. + In the dialog box, enter the following values. + + Name. Short name for the template. + Display Text. Description of the template. + URL. The directory name which contains image file on your + CIFS server. For example, win7_64bit. + Zone. All Zones. + OS Type. Select the OS type of the ISO image. Choose other if + the OS Type of the ISO is not listed or if the ISO is not bootable. + Hypervisor. BareMetal. + Format. BareMetal. + Password Enabled. No. + Public. No. + Featured. Choose Yes if you would like this template to be + more prominent for users to select. Only administrators may make templates + featured. + +
diff --git a/docs/en-US/create-new-projects.xml b/docs/en-US/create-new-projects.xml new file mode 100644 index 00000000000..69e836013b7 --- /dev/null +++ b/docs/en-US/create-new-projects.xml @@ -0,0 +1,19 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a New Project + CloudPlatform administrators and domain administrators can create projects. If the global configuration parameter allow.user.create.projects is set to true, end users can also create projects. + + Log in as administrator to the CloudPlatform UI. + In the left navigation, click Projects. + In Select view, click Projects. + Click New Project. + Give the project a name and description for display to users, then click Create Project. + A screen appears where you can immediately add more members to the project. This is optional. Click Next when you are ready to move on. + Click Save. + +
+ diff --git a/docs/en-US/create-template-from-existing-vm.xml b/docs/en-US/create-template-from-existing-vm.xml new file mode 100644 index 00000000000..b3b951f9851 --- /dev/null +++ b/docs/en-US/create-template-from-existing-vm.xml @@ -0,0 +1,38 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a Template from an Existing Virtual Machine + Once you have at least one VM set up in the way you want, you can use it as the prototype for other VMs. + + Create and start a virtual machine using any of the techniques given in . + Make any desired configuration changes on the running VM, then click Stop. + Wait for the VM to stop. When the status shows Stopped, go to the next step. + Click Create Template and provide the following: + + Name and Display Text. These will be shown in the UI, so + choose something descriptive. + OS Type. This helps CloudPlatform and the hypervisor perform + certain operations and make assumptions that improve the performance of the + guest. Select one of the following. + + If the operating system of the stopped VM is listed, choose it. + If the OS type of the stopped VM is not listed, choose Other. + If you want to boot from this template in PV mode, choose Other PV (32-bit) or Other PV (64-bit). This choice is available only for XenServere: + Note: Generally you should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other. + + + Public. Choose Yes to make this template accessible to all + users of this CloudPlatform installation. The template will appear in the + Community Templates list. See . + Password Enabled. Choose Yes if your template has the + CloudPlatform password change script installed. See Adding Password + Management to Your Templates . + + Click Add. + + The new template will be visible in the Templates section when the template creation process has been completed. The template is then available when creating a new VM +
diff --git a/docs/en-US/create-template-from-snapshot.xml b/docs/en-US/create-template-from-snapshot.xml new file mode 100644 index 00000000000..23599da26a4 --- /dev/null +++ b/docs/en-US/create-template-from-snapshot.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a Template from a Snapshot + Not supported by Oracle VM + If you do not want to stop the VM in order to use the Create Template menu item (as described in ), you can create a template directly from any snapshot through the CloudPlatform UI. + +
diff --git a/docs/en-US/create-templates-overview.xml b/docs/en-US/create-templates-overview.xml new file mode 100644 index 00000000000..9c8bf37266d --- /dev/null +++ b/docs/en-US/create-templates-overview.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating Templates: Overview + CloudPlatform ships with a default template for the CentOS operating system. There are a variety of ways to add more templates. Administrators and end users can add templates. The typical sequence of events is: + + Launch a VM instance that has the operating system you want. Make any other desired configuration changes to the VM. + Stop the VM. + Convert the volume into a template. + + There are other ways to add templates to CloudPlatform. For example, you can take a snapshot of the VM's volume and create a template from the snapshot, or import a VHD from another system into CloudPlatform + The various techniques for creating templates are described in the next few sections. + +
diff --git a/docs/en-US/create-windows-template.xml b/docs/en-US/create-windows-template.xml new file mode 100644 index 00000000000..70a71af21da --- /dev/null +++ b/docs/en-US/create-windows-template.xml @@ -0,0 +1,19 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a Windows Template + Windows templates must be prepared with Sysprep before they can be provisioned on multiple machines. Sysprep allows you to create a generic Windows template and avoid any possible SID conflicts. + (XenServer) Windows VMs running on XenServer require PV drivers, which may be provided in the template or added after the VM is created. The PV drivers are necessary for essential management functions such as mounting additional volumes and ISO images, live migration, and graceful shutdown. + An overview of the procedure is as follows: + + Upload your Windows ISO. For more information, see + Create a VM Instance with this ISO. For more information, see + Follow the steps in Sysprep for Windows Server 2008 R2 (below) or Sysprep for Windows Server 2003 R2, depending on your version of Windows Server + The preparation steps are complete. Now you can actually create the template as described in Creating the Windows Template. + + + +
diff --git a/docs/en-US/creating-compute-offerings.xml b/docs/en-US/creating-compute-offerings.xml new file mode 100644 index 00000000000..fc0b6a938bb --- /dev/null +++ b/docs/en-US/creating-compute-offerings.xml @@ -0,0 +1,33 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a New Compute Offering + To create a new compute offering: + + Log in with admin privileges to the CloudPlatform UI. + In the left navigation bar, click Service Offerings. + In Select Offering, choose Compute Offering. + Click Add Compute Offering. + In the dialog, make the following choices: + + Name. Any desired name for the service offering. + Description. A short description of the offering that can be displayed to users + Storage type. The type of disk that should be allocated. Local allocates from storage attached directly to the host where the system VM is running. Shared allocates from storage accessible via NFS. + # of CPU cores. The number of cores which should be allocated to a system VM with this offering + CPU (in MHz). The CPU speed of the cores that the system VM is allocated. For example, “2000” would provide for a 2 GHz clock. + Memory (in MB). The amount of memory in megabytes that the system VM should be allocated. For example, “2048” would provide for a 2 GB RAM allocation. + Network Rate. Allowed data transfer rate in MB per second. + Offer HA. If yes, the administrator can choose to have the system VM be monitored and as highly available as possible. + Storage Tags. The tags that should be associated with the primary storage used by the system VM. + Host Tags. (Optional) Any tags that you use to organize your hosts + CPU cap. Whether to limit the level of CPU usage even if spare capacity is available. + Public. Indicate whether the service offering should be available all domains or only some domains. Choose Yes to make it available to all domains. Choose No to limit the scope to a subdomain; CloudPlatform will then prompt for the subdomain's name. + + Click Add. + + + +
diff --git a/docs/en-US/creating-disk-offerings.xml b/docs/en-US/creating-disk-offerings.xml new file mode 100644 index 00000000000..d455eccc60f --- /dev/null +++ b/docs/en-US/creating-disk-offerings.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a New Disk Offering + To create a system service offering: + + Log in with admin privileges to the CloudPlatform UI. + In the left navigation bar, click Service Offerings. + In Select Offering, choose Disk Offering. + Click Add Disk Offering. + In the dialog, make the following choices: + + Name. Any desired name for the system offering. + Description. A short description of the offering that can be displayed to users + Custom Disk Size. If checked, the user can set their own disk size. If not checked, the root administrator must define a value in Disk Size. + Disk Size. Appears only if Custom Disk Size is not selected. Define the volume size in GB. + (Optional)Storage Tags. The tags that should be associated with the primary storage for this disk. Tags are a comma separated list of attributes of the storage. For example "ssd,blue". Tags are also added on Primary Storage. CloudPlatform matches tags on a disk offering to tags on the storage. If a tag is present on a disk offering that tag (or tags) must also be present on Primary Storage for the volume to be provisioned. If no such primary storage exists, allocation from the disk offering will fail.. + Public. Indicate whether the service offering should be available all domains or only some domains. Choose Yes to make it available to all domains. Choose No to limit the scope to a subdomain; CloudPlatform will then prompt for the subdomain's name. + + Click Add. + + + +
diff --git a/docs/en-US/creating-network-offerings.xml b/docs/en-US/creating-network-offerings.xml new file mode 100644 index 00000000000..5bf32bec2a2 --- /dev/null +++ b/docs/en-US/creating-network-offerings.xml @@ -0,0 +1,112 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a New Network Offering + To create a network offering: + + Log in with admin privileges to the CloudPlatform UI. + In the left navigation bar, click Service Offerings. + In Select Offering, choose Network Offering. + Click Add Network Offering. + In the dialog, make the following choices: + + Name. Any desired name for the network offering + Description. A short description of the offering that can be displayed to users + Network Rate. Allowed data transfer rate in MB per second + Traffic Type. The type of network traffic that will be carried on the network + Guest Type. Choose whether the guest network is isolated or shared. For a description of these terms, see + Specify VLAN. (Isolated guest networks only) Indicate whether a VLAN should be specified when this offering is used + Supported Services. Select one or more of the possible network services. For some services, + you must also choose the service provider; for example, if you select Load + Balancer, you can choose the CloudPlatform virtual router or any other load + balancers that have been configured in the cloud. Depending on which + services you choose, additional fields may appear in the rest of the dialog + box.Based on the guest network type selected, you can see the following supported services: + + + + Supported Services + Description + Isolated + Shared + + + + + DHCP + + Supported + Supported + + + DNS + + Supported + Supported + + + Load Balancer + If you select Load Balancer, you can choose the CloudPlatform virtual router or any other load + balancers that have been configured in the cloud. + Supported + Supported + + + Source NAT + If you select Source NAT, you can choose the CloudPlatform virtual router or any other Source + NAT providers that have been configured in the + cloud. + Supported + Supported + + + Static NAT + If you select Static NAT, you can choose the CloudPlatform virtual router or any other Static + NAT providers that have been configured in the + cloud. + Supported + Supported + + + Port Forwarding + If you select Port Forwarding, you can choose the CloudPlatform virtual router or any other + Port Forwarding providers that have been configured in + the cloud. + Supported + Not Supported + + + VPN + + Supported + Not Supported + + + User Data + + Not Supported + Supported + + + Security Groups + See . + Not Supported + Supported + + + + + + System Offering. If the service provider for any of the services selected in Supported Services is a virtual router, the System Offering field appears. Choose the system service offering that you want virtual routers to use in this network. For example, if you selected Load Balancer in Supported Services and selected a virtual router to provide load balancing, the System Offering field appears so you can choose between the CloudPlatform default system service offering and any custom system service offerings that have been defined by the CloudPlatform root administrator. For more information, see System Service Offerings. + Redundant router capability. (v3.0.3 and greater) Available only when Virtual Router is selected as the Source NAT provider. Select this option if you want to use two virtual routers in the network for uninterrupted connection: one operating as the master virtual router and the other as the backup. The master virtual router receives requests from and sends responses to the user’s VM. The backup virtual router is activated only when the master is down. After the failover, the backup becomes the master virtual router. CloudPlatform deploys the routers on different hosts to ensure reliability if one host is down. + Conserve mode. Indicate whether to use conserve mode. In this mode, network resources are allocated only when the first virtual machine starts in the network + Tags. Network tag to specify which physical network to use + + Click Add. + + + +
diff --git a/docs/en-US/creating-new-volumes.xml b/docs/en-US/creating-new-volumes.xml new file mode 100644 index 00000000000..71b4f9bfd5a --- /dev/null +++ b/docs/en-US/creating-new-volumes.xml @@ -0,0 +1,23 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a New Volume + You can add more data disk volumes to a guest VM at any time, up to the limits of your storage capacity. Both CloudPlatform administrators and users can add volumes to VM instances. When you create a new volume, it is stored as an entity in CloudPlatform, but the actual storage resources are not allocated on the physical storage device until you attach the volume. This optimization allows the CloudPlatform to provision the volume nearest to the guest that will use it when the first attachment is made. + + Log in to the CloudPlatform UI as a user or admin. + In the left navigation bar, click Storage. + In Select View, choose Volumes. + To create a new volume, click Add Volume, provide the following details, and click OK. + + Name. Give the volume a unique name so you can find it later. + Availability Zone. Where do you want the storage to reside? This should be close to the VM that will use the volume. + Disk Offering. Choose the characteristics of the storage. + + The new volume appears in the list of volumes with the state “Allocated.” The volume data is stored in CloudPlatform, but the volume is not yet ready for use + To start using the volume, continue to Attaching a Volume + +
+ diff --git a/docs/en-US/creating-system-service-offerings.xml b/docs/en-US/creating-system-service-offerings.xml new file mode 100644 index 00000000000..7f9bf524c78 --- /dev/null +++ b/docs/en-US/creating-system-service-offerings.xml @@ -0,0 +1,34 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating a New System Service Offering + To create a system service offering: + + Log in with admin privileges to the CloudPlatform UI. + In the left navigation bar, click Service Offerings. + In Select Offering, choose System Offering. + Click Add System Service Offering. + In the dialog, make the following choices: + + Name. Any desired name for the system offering. + Description. A short description of the offering that can be displayed to users + System VM Type. Select the type of system virtual machine that this offering is intended to support. + Storage type. The type of disk that should be allocated. Local allocates from storage attached directly to the host where the system VM is running. Shared allocates from storage accessible via NFS. + # of CPU cores. The number of cores which should be allocated to a system VM with this offering + CPU (in MHz). The CPU speed of the cores that the system VM is allocated. For example, “2000” would provide for a 2 GHz clock. + Memory (in MB). The amount of memory in megabytes that the system VM should be allocated. For example, “2048” would provide for a 2 GB RAM allocation. + Network Rate. Allowed data transfer rate in MB per second. + Offer HA. If yes, the administrator can choose to have the system VM be monitored and as highly available as possible. + Storage Tags. The tags that should be associated with the primary storage used by the system VM. + Host Tags. (Optional) Any tags that you use to organize your hosts + CPU cap. Whether to limit the level of CPU usage even if spare capacity is available. + Public. Indicate whether the service offering should be available all domains or only some domains. Choose Yes to make it available to all domains. Choose No to limit the scope to a subdomain; CloudPlatform will then prompt for the subdomain's name. + + Click Add. + + + +
diff --git a/docs/en-US/creating-vms.xml b/docs/en-US/creating-vms.xml new file mode 100644 index 00000000000..ea5d0f2c2a4 --- /dev/null +++ b/docs/en-US/creating-vms.xml @@ -0,0 +1,31 @@ + + +%BOOK_ENTITIES; +]> +
+ Creating VMs + Virtual machines are usually created from a template. Users can also create blank virtual machines. A blank virtual machine is a virtual machine without an OS template. Users can attach an ISO file and install the OS from the CD/DVD-ROM. + To create a VM from a template: + + Log in to the CloudPlatform UI as an administrator or user. + In the left navigation bar, click Instances. + Click Add Instance. + Select a template, then follow the steps in the wizard. (For more information about how the templates came to be in this list, see Working with Templates. + Be sure that the hardware you have allows starting the selected service offering. + Click Submit and your VM will be created and started. + For security reason, the internal name of the VM is visible only to the root admin. + + Starting with v3.0.3, you can create a VM without starting it. You can determine whether the VM needs to be started as part of the VM deployment. A new request parameter, startVM, is introduced in the deployVm API to support this feature. For more information, see the Developer's Guide + To create a VM from an ISO: + (XenServer) Windows VMs running on XenServer require PV drivers, which may be provided in the template or added after the VM is created. The PV drivers are necessary for essential management functions such as mounting additional volumes and ISO images, live migration, and graceful shutdown. + + Log in to the CloudPlatform UI as an administrator or user. + In the left navigation bar, click Instances. + Click Add Instance. + Select ISO Boot, and follow the steps in the wizard. + Click Submit and your VM will be created and started. + (Oracle VM only) After ISO installation, the installer reboots into the operating system. Due to a known issue in OVM, the reboot will place the VM in the Stopped state. In the CloudPlatform UI, detach the ISO from the VM (so that the VM will not boot from the ISO again), then click the Start button to restart the VM. + +
+ diff --git a/docs/en-US/customizing-dns.xml b/docs/en-US/customizing-dns.xml new file mode 100644 index 00000000000..bf9dc419ded --- /dev/null +++ b/docs/en-US/customizing-dns.xml @@ -0,0 +1,26 @@ + + +%BOOK_ENTITIES; +]> +
+ Customizing the Network Domain Name + The root administrator can optionally assign a custom DNS suffix at the level of a network, account, domain, zone, or entire CloudPlatform installation, and a domain administrator can do so within their own domain. To specify a custom domain name and put it into effect, follow these steps. + + Set the DNS suffix at the desired scope + + At the network level, the DNS suffix can be assigned through the UI when creating a new network, as described in or with the updateNetwork command in the CloudPlatform API. + At the account, domain, or zone level, the DNS suffix can be assigned with the appropriate CloudPlatform API commands: createAccount, editAccount, createDomain, editDomain, createZone, or editZone. + At the global level, use the configuration parameter guest.domain.suffix. You can also use the CloudPlatform API command updateConfiguration. After modifying this global configuration, restart the Management Server to put the new setting into effect. + + To make the new DNS suffix take effect for an existing network, call the CloudPlatform API command updateNetwork. This step is not necessary when the DNS suffix was specified while creating a new network. + + The source of the network domain that is used depends on the following rules. + + For all networks, if a network domain is specified as part of a network's own configuration, that value is used. + For an account-specific network, the network domain specified for the account is used. If none is specified, the system looks for a value in the domain, zone, and global configuration, in that order. + For a domain-specific network, the network domain specified for the domain is used. If none is specified, the system looks for a value in the zone and global configuration, in that order. + For a zone-specific network, the network domain specified for the zone is used. If none is specified, the system looks for a value in the global configuration. + + +
diff --git a/docs/en-US/dates-in-usage-record.xml b/docs/en-US/dates-in-usage-record.xml new file mode 100644 index 00000000000..ff4658734ec --- /dev/null +++ b/docs/en-US/dates-in-usage-record.xml @@ -0,0 +1,8 @@ +
+ Dates in the Usage Record + Usage records include a start date and an end date. These dates define the period of time for which the raw usage number was calculated. If daily aggregation is used, the start date is midnight on the day in question and the end date is 23:59:59 on the day in question (with one exception; see below). A virtual machine could have been deployed at noon on that day, stopped at 6pm on that day, then started up again at 11pm. When usage is calculated on that day, there will be 7 hours of running VM usage (usage type 1) and 12 hours of allocated VM usage (usage type 2). If the same virtual machine runs for the entire next day, there will 24 hours of both running VM usage (type 1) and allocated VM usage (type 2). + Note: The start date is not the time a virtual machine was started, and the end date is not the time when a virtual machine was stopped. The start and end dates give the time range within which usage was calculated. + For network usage, the start date and end date again define the range in which the number of bytes transferred was calculated. If a user downloads 10 MB and uploads 1 MB in one day, there will be two records, one showing the 10 megabytes received and one showing the 1 megabyte sent. + There is one case where the start date and end date do not correspond to midnight and 11:59:59pm when daily aggregation is used. This occurs only for network usage records. When the usage server has more than one day's worth of unprocessed data, the old data will be included in the aggregation period. The start date in the usage record will show the date and time of the earliest event. For other types of usage, such as IP addresses and VMs, the old unprocessed data is not included in daily aggregation. +
+ diff --git a/docs/en-US/dedicated-ha-hosts.xml b/docs/en-US/dedicated-ha-hosts.xml new file mode 100644 index 00000000000..e985142023b --- /dev/null +++ b/docs/en-US/dedicated-ha-hosts.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Dedicated HA Hosts + (v3.0.3 and greater) One or more hosts can be designated for use only by HA-enabled VMs that are restarting due to a host failure. Setting up a pool of such dedicated HA hosts as the recovery destination for all HA-enabled VMs is useful to: + + Make it easier to determine which VMs have been restarted as part of the CloudPlatform high-availability function. If a VM is running on a dedicated HA host, then it must be an HA-enabled VM whose original host failed. (With one exception: It is possible for an administrator to manually migrate any VM to a dedicated HA host.). + Keep HA-enabled VMs from restarting on hosts which may be reserved for other purposes. + + The dedicated HA option is set through a special host tag when the host is created. To allow the administrator to dedicate hosts to only HA-enabled VMs, set the global configuration variable ha.tag to the desired tag (for example, "ha_host"), and restart the Management Server. Enter the value in the Host Tags field when adding the host(s) that you want to dedicate to HA-enabled VMs. + If you set ha.tag, be sure to actually use that tag on at least one host in your cloud. If the tag specified in ha.tag is not set for any host in the cloud, the HA-enabled VMs will fail to restart after a crash. +
\ No newline at end of file diff --git a/docs/en-US/default-account-resource-limit.xml b/docs/en-US/default-account-resource-limit.xml new file mode 100644 index 00000000000..0ace6348ff2 --- /dev/null +++ b/docs/en-US/default-account-resource-limit.xml @@ -0,0 +1,22 @@ + + +%BOOK_ENTITIES; +]> +
+ Default Account Resource Limits + You can limit resource use by accounts. The default limits are set using global configuration parameters, and they affect all accounts within a cloud. The relevant parameters are those beginning with max.account (max.account.snapshots, etc.).. + To override a default limit for a particular account, set a per-account resource limit. + + Log in to the CloudPlatform UI. + In the left navigation tree, click Accounts. + Select the account you want to modify. The current limits are displayed. A value of -1 shows that there is no limit in place + Click the Edit button + + + + editbutton.png: edits the settings. + + + +
diff --git a/docs/en-US/default-template.xml b/docs/en-US/default-template.xml new file mode 100644 index 00000000000..4f4e583f991 --- /dev/null +++ b/docs/en-US/default-template.xml @@ -0,0 +1,37 @@ + + +%BOOK_ENTITIES; +]> +
+ The Default Template + CloudPlatform includes a CentOS template. This template is downloaded by the Secondary Storage VM after the primary and secondary storage are configured. You can use this template in your production deployment or you can delete it and use custom templates. + The root password for the default template is "password". + A default template is provided for each of XenServer, KVM, and vSphere. The templates that are downloaded depend on the hypervisor type that is available in your cloud. Each template is approximately 2.5 GB physical size. + The default template includes the standard iptables rules, which will block most access to the template excluding ssh. + # iptables --list +Chain INPUT (policy ACCEPT) +target prot opt source destination +RH-Firewall-1-INPUT all -- anywhere anywhere + +Chain FORWARD (policy ACCEPT) +target prot opt source destination +RH-Firewall-1-INPUT all -- anywhere anywhere + +Chain OUTPUT (policy ACCEPT) +target prot opt source destination + +Chain RH-Firewall-1-INPUT (2 references) +target prot opt source destination +ACCEPT all -- anywhere anywhere +ACCEPT icmp -- anywhere anywhere icmp any +ACCEPT esp -- anywhere anywhere +ACCEPT ah -- anywhere anywhere +ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns +ACCEPT udp -- anywhere anywhere udp dpt:ipp +ACCEPT tcp -- anywhere anywhere tcp dpt:ipp +ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED +ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh +REJECT all -- anywhere anywhere reject-with icmp-host- + +
diff --git a/docs/en-US/delete-templates.xml b/docs/en-US/delete-templates.xml new file mode 100644 index 00000000000..d3f99b930e0 --- /dev/null +++ b/docs/en-US/delete-templates.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Deleting Templates + Templates may be deleted. In general, when a template spans multiple Zones, only the copy that is selected for deletion will be deleted; the same template in other Zones will not be deleted. The provided CentOS template is an exception to this. If the provided CentOS template is deleted, it will be deleted from all Zones. + When templates are deleted, the VMs instantiated from them will continue to run. However, new VMs cannot be created based on the deleted template. +
diff --git a/docs/en-US/deleting-vms.xml b/docs/en-US/deleting-vms.xml new file mode 100644 index 00000000000..a6cc0db1e07 --- /dev/null +++ b/docs/en-US/deleting-vms.xml @@ -0,0 +1,23 @@ + + +%BOOK_ENTITIES; +]> +
+ Deleting VMs + Users can delete their own virtual machines. A running virtual machine will be abruptly stopped before it is deleted. Administrators can delete any virtual machines. + To delete a virtual machine: + + Log in to the CloudPlatform UI as a user or admin. + In the left navigation, click Instances. + Choose the VM that you want to delete. + Click the Destroy Instance button + + + + Destroyinstance.png: button to destroy an instance + + + +
+ diff --git a/docs/en-US/deployment-architecture-overview.xml b/docs/en-US/deployment-architecture-overview.xml new file mode 100644 index 00000000000..25f082585a5 --- /dev/null +++ b/docs/en-US/deployment-architecture-overview.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Deployment Architecture Overview + + A &PRODUCT; installation consists of two parts: the Management Server and the cloud infrastructure that it manages. When you set up and manage a &PRODUCT; cloud, you provision resources such as hosts, storage devices, and IP addresses into the Management Server, and the Management Server manages those resources. + + + The minimum production installation consists of one machine running the &PRODUCT; Management Server and another machine to act as the cloud infrastructure (in this case, a very simple infrastructure consisting of one host running hypervisor software). In a trial installation, a single machine can act as both the Management Server and the hypervisor host (using the KVM hypervisor). + + + + + + basic-deployment.png: Basic two-machine deployment + + A more full-featured installation consists of a highly-available multi-node Management Server installation and up to thousands of hosts using any of several advanced networking setups. For information about deployment options, see Choosing a Deployment Architecture. + + + + +
\ No newline at end of file diff --git a/docs/en-US/deployment_architecture_overview.xml b/docs/en-US/deployment_architecture_overview.xml new file mode 100644 index 00000000000..08c10829a8c --- /dev/null +++ b/docs/en-US/deployment_architecture_overview.xml @@ -0,0 +1,22 @@ +
+ Deployment Architecture Overview + + + A CloudStack installation consists of two parts: the Management Server and the cloud infrastructure that it manages. When you set up and manage a CloudStack cloud, you provision resources such as hosts, storage devices, and IP addresses into the Management Server, and the Management Server manages those resources. + + + The minimum installation consists of one machine running the CloudStack Management Server and another machine to act as the cloud infrastructure (in this case, a very simple infrastructure consisting of one host running hypervisor software). + + + + + + basic_deployment.png: Basic two-machine CloudStack deployment + + A more full-featured installation consists of a highly-available multi-node Management Server installation and up to thousands of hosts using any of several advanced networking setups. For information about deployment options, see Choosing a Deployment Architecture. + + + + +
+ diff --git a/docs/en-US/detach-move-volumes.xml b/docs/en-US/detach-move-volumes.xml new file mode 100644 index 00000000000..26c241c0311 --- /dev/null +++ b/docs/en-US/detach-move-volumes.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Attaching a Volume + This procedure is different from moving disk volumes from one storage pool to another. See VM Storage Migration + A volume can be detached from a guest VM and attached to another guest. Both CloudPlatform administrators and users can detach volumes from VMs and move them to other VMs. + If the two VMs are in different clusters, and the volume is large, it may take several minutes for the volume to be moved to the new VM. + If the destination VM is running in the OVM hypervisor, the VM must be stopped before a new volume can be attached to it. + + Log in to the CloudPlatform UI as a user or admin. + In the left navigation bar, click Storage, and choose Volumes in Select View. Alternatively, if you know which VM the volume is attached to, you can click Instances, click the VM name, and click View Volumes. + Click the name of the volume you want to detach, then click the Detach Disk button + + + + DetachDiskButton.png: button to detach a volume + + + To move the volume to another VM, follow the steps in Attaching a Volume . + +
+ diff --git a/docs/en-US/developer-getting-started.xml b/docs/en-US/developer-getting-started.xml new file mode 100644 index 00000000000..adfac34488d --- /dev/null +++ b/docs/en-US/developer-getting-started.xml @@ -0,0 +1,13 @@ +
+ Getting Started + + To get started using the CloudStack API, you should have the following: + + URL of the CloudStack server you wish to integrate with. + Both the API Key and Secret Key for an account. This should have been generated by the administrator of the cloud instance and given to you. + Familiarity with HTTP GET/POST and query strings. + Knowledge of either XML or JSON. + Knowledge of a programming language that can generate HTTP requests; for example, Java or PHP. + +
+ diff --git a/docs/en-US/developer-guide.xml b/docs/en-US/developer-guide.xml new file mode 100644 index 00000000000..77af46eb430 --- /dev/null +++ b/docs/en-US/developer-guide.xml @@ -0,0 +1,20 @@ + + +%BOOK_ENTITIES; +]> + + Using the API + + + + + + + + + + + + + diff --git a/docs/en-US/developer-introduction.xml b/docs/en-US/developer-introduction.xml new file mode 100644 index 00000000000..d895253f5b3 --- /dev/null +++ b/docs/en-US/developer-introduction.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Introduction for Developers + + + +
diff --git a/docs/en-US/developer_guide.xml b/docs/en-US/developer_guide.xml new file mode 100644 index 00000000000..eb174be52d0 --- /dev/null +++ b/docs/en-US/developer_guide.xml @@ -0,0 +1,20 @@ + + +%BOOK_ENTITIES; +]> + + Developer Guide + + + + + + + + + + + + + diff --git a/docs/en-US/disable-enable-zones-pods-clusters.xml b/docs/en-US/disable-enable-zones-pods-clusters.xml new file mode 100644 index 00000000000..94bf89e4778 --- /dev/null +++ b/docs/en-US/disable-enable-zones-pods-clusters.xml @@ -0,0 +1,34 @@ + + +%BOOK_ENTITIES; +]> +
+ Disabling and Enabling Zones, Pods, and Clusters + You can enable or disable a zone, pod, or cluster without permanently removing it from the cloud. This is useful for maintenance or when there are problems that make a portion of the cloud infrastructure unreliable. No new allocations will be made to a disabled zone, pod, or cluster until its state is returned to Enabled. When a zone, pod, or cluster is first added to the cloud, it is Disabled by default. + To disable and enable a zone, pod, or cluster: + + Log in to the CloudPlatform UI as administrator + In the left navigation bar, click Infrastructure. + + In Zones, click View More. + + If you are disabling or enabling a zone, find the name of the zone in the list, and click the Enable/Disable button. + + + + enable-disable.png: button to enable or disable zone, pod, or cluster. + + + If you are disabling or enabling a pod or cluster, click the name of the zone that contains the pod or cluster. + Click the Compute tab. + + In the Pods or Clusters node of the diagram, click View All. + + Click the pod or cluster name in the list. + Click the Enable/Disable button. + + + + +
diff --git a/docs/en-US/disk-volume-usage-record-format.xml b/docs/en-US/disk-volume-usage-record-format.xml new file mode 100644 index 00000000000..c4b898ec447 --- /dev/null +++ b/docs/en-US/disk-volume-usage-record-format.xml @@ -0,0 +1,21 @@ +
+ Disk Volume Usage Record Format + For disk volumes, the following fields exist in a usage record. + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usage – String representation of the usage, including the units of usage (e.g. 'Hrs' for hours) + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + usageid – The volume ID + offeringid – The ID of the disk offering + type – Hypervisor + templateid – ROOT template ID + size – The amount of storage allocated + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + +
+ diff --git a/docs/en-US/dns-dhcp.xml b/docs/en-US/dns-dhcp.xml new file mode 100644 index 00000000000..dfebbd6f4bd --- /dev/null +++ b/docs/en-US/dns-dhcp.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ DNS and DHCP + The Virtual Router provides DNS and DHCP services to the guests. It proxies DNS requests to the DNS server configured on the Availability Zone. +
diff --git a/docs/en-US/domains.xml b/docs/en-US/domains.xml new file mode 100644 index 00000000000..669b3d3e317 --- /dev/null +++ b/docs/en-US/domains.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Domains + If the LDAP server requires SSL, you need to enable it in the ldapConfig command by setting the parameters ssl, truststore, and truststorepass. Before enabling SSL for ldapConfig, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password. + +
diff --git a/docs/en-US/enable-disable-static-nat.xml b/docs/en-US/enable-disable-static-nat.xml new file mode 100644 index 00000000000..0895b889483 --- /dev/null +++ b/docs/en-US/enable-disable-static-nat.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Enabling or Disabling Static NAT + If port forwarding rules are already in effect for an IP address, you cannot enable static NAT to that IP. + If a guest VM is part of more than one network, static NAT rules will function only if they are defined on the default network. + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network. + Click the name of the network where you want to work with. + Click View IP Addresses. + Click the IP address you want to work with. + + Click the Static NAT button. + + + + ReleaseIPButton.png: button to release an IP + The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address. + If you are enabling static NAT, a dialog appears where you can choose the destination VM and click Apply + +
diff --git a/docs/en-US/enable-security-groups.xml b/docs/en-US/enable-security-groups.xml new file mode 100644 index 00000000000..b97b65e7922 --- /dev/null +++ b/docs/en-US/enable-security-groups.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Enabling Security Groups + In order for security groups to function in a zone, the security groups feature must first be enabled for the zone. The administrator can do this when creating a new zone, by selecting a network offering that includes security groups. The procedure is described in Basic Zone Configuration in the Advanced Installation Guide. +
+ diff --git a/docs/en-US/enabling-api-call-expiration.xml b/docs/en-US/enabling-api-call-expiration.xml new file mode 100644 index 00000000000..9ebbb208033 --- /dev/null +++ b/docs/en-US/enabling-api-call-expiration.xml @@ -0,0 +1,16 @@ +
+ Enabling API Call Expiration + + You can set an expiry timestamp on API calls to prevent replay attacks over non-secure channels, such as HTTP. The server tracks the expiry timestamp you have specified and rejects all the subsequent API requests that come in after this validity period. + + To enable this feature, add the following parameters to the API request: + + signatureVersion=3: If the signatureVersion parameter is missing or is not equal to 3, the expires parameter is ignored in the API request. + expires=YYYY-MM-DDThh:mm:ssZ: Specifies the date and time at which the signature included in the request is expired. The timestamp is expressed in the YYYY-MM-DDThh:mm:ssZ format, as specified in the ISO 8601 standard. + + For example: + expires=2011-10-10T12:00:00+0530 + A sample API request with expiration is given below: + http://<IPAddress>:8080/client/api?command=listZones&signatureVersion=3&expires=2011-10-10T12:00:00+0530&apiKey=miVr6X7u6bN_sdahOBpjNejPgEsT35eXq-jB8CG20YI3yaxXcgpyuaIRmFI_EJTVwZ0nUkkJbPmY3y2bciKwFQ&signature=Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D +
+ diff --git a/docs/en-US/enabling-port-8096.xml b/docs/en-US/enabling-port-8096.xml new file mode 100644 index 00000000000..55214399437 --- /dev/null +++ b/docs/en-US/enabling-port-8096.xml @@ -0,0 +1,13 @@ +
+ Enabling Port 8096 + + Port 8096, which allows API calls without authentication, is closed and disabled by default on any fresh 3.0.1 installations. You can enable 8096 (or another port) for this purpose as follows: + + + Ensure that the first Management Server is installed and running. + Set the global configuration parameter integration.api.port to the desired port. + Restart the Management Server. + On the Management Server host machine, create an iptables rule allowing access to that port. + +
+ diff --git a/docs/en-US/end-user-ui-overview.xml b/docs/en-US/end-user-ui-overview.xml new file mode 100644 index 00000000000..879485cbe28 --- /dev/null +++ b/docs/en-US/end-user-ui-overview.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ End User's UI Overview + The &PRODUCT; UI helps users of cloud infrastructure to view and use their cloud resources, including virtual machines, templates and ISOs, data volumes and snapshots, guest networks, and IP addresses. If the user is a member or administrator of one or more &PRODUCT; projects, the UI can provide a project-oriented view. +
diff --git a/docs/en-US/error-handling.xml b/docs/en-US/error-handling.xml new file mode 100644 index 00000000000..1b2684f3413 --- /dev/null +++ b/docs/en-US/error-handling.xml @@ -0,0 +1,6 @@ +
+ Error Handling + If an error occurs while processing an API request, the appropriate response in the format specified is returned. Each error response consists of an error code and an error text describing what possibly can go wrong. For an example error response, see page 12. + An HTTP error code of 401 is always returned if API request was rejected due to bad signatures, missing API Keys, or the user simply did not have the permissions to execute the command. +
+ diff --git a/docs/en-US/event-log-queries.xml b/docs/en-US/event-log-queries.xml new file mode 100644 index 00000000000..b425ce0dfec --- /dev/null +++ b/docs/en-US/event-log-queries.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ Event Log Queries + Database logs can be queried from the user interface. The list of events captured by the system includes: + + Virtual machine creation, deletion, and on-going management operations + Virtual router creation, deletion, and on-going management operations + + Template creation and deletion + Network/load balancer rules creation and deletion + Storage volume creation and deletion + User login and logout + +
diff --git a/docs/en-US/event-types.xml b/docs/en-US/event-types.xml new file mode 100644 index 00000000000..f9570b1450f --- /dev/null +++ b/docs/en-US/event-types.xml @@ -0,0 +1,196 @@ +
+ Event Types + + + + + + + VM.CREATE + TEMPLATE.EXTRACT + SG.REVOKE.INGRESS + + + VM.DESTROY + TEMPLATE.UPLOAD + HOST.RECONNECT + + + VM.START + TEMPLATE.CLEANUP + MAINT.CANCEL + + + VM.STOP + VOLUME.CREATE + MAINT.CANCEL.PS + + + VM.REBOOT + VOLUME.DELETE + MAINT.PREPARE + + + VM.UPGRADE + VOLUME.ATTACH + MAINT.PREPARE.PS + + + VM.RESETPASSWORD + VOLUME.DETACH + VPN.REMOTE.ACCESS.CREATE + + + ROUTER.CREATE + VOLUME.UPLOAD + VPN.USER.ADD + + + ROUTER.DESTROY + SERVICEOFFERING.CREATE + VPN.USER.REMOVE + + + ROUTER.START + SERVICEOFFERING.UPDATE + NETWORK.RESTART + + + ROUTER.STOP + SERVICEOFFERING.DELETE + UPLOAD.CUSTOM.CERTIFICATE + + + ROUTER.REBOOT + DOMAIN.CREATE + UPLOAD.CUSTOM.CERTIFICATE + + + ROUTER.HA + DOMAIN.DELETE + STATICNAT.DISABLE + + + PROXY.CREATE + DOMAIN.UPDATE + SSVM.CREATE + + + PROXY.DESTROY + SNAPSHOT.CREATE + SSVM.DESTROY + + + PROXY.START + SNAPSHOT.DELETE + SSVM.START + + + PROXY.STOP + SNAPSHOTPOLICY.CREATE + SSVM.STOP + + + PROXY.REBOOT + SNAPSHOTPOLICY.UPDATE + SSVM.REBOOT + + + PROXY.HA + SNAPSHOTPOLICY.DELETE + SSVM.H + + + VNC.CONNECT + VNC.DISCONNECT + NET.IPASSIGN + + + NET.IPRELEASE + NET.RULEADD + NET.RULEDELETE + + + NET.RULEMODIFY + NETWORK.CREATE + NETWORK.DELETE + + + LB.ASSIGN.TO.RULE + LB.REMOVE.FROM.RULE + LB.CREATE + + + LB.DELETE + LB.UPDATE + USER.LOGIN + + + USER.LOGOUT + USER.CREATE + USER.DELETE + + + USER.UPDATE + USER.DISABLE + TEMPLATE.CREATE + + + TEMPLATE.DELETE + TEMPLATE.UPDATE + TEMPLATE.COPY + + + TEMPLATE.DOWNLOAD.START + TEMPLATE.DOWNLOAD.SUCCESS + TEMPLATE.DOWNLOAD.FAILED + + + ISO.CREATE + ISO.DELETE + ISO.COPY + + + ISO.ATTACH + ISO.DETACH + ISO.EXTRACT + + + ISO.UPLOAD + SERVICE.OFFERING.CREATE + SERVICE.OFFERING.EDIT + + + SERVICE.OFFERING.DELETE + DISK.OFFERING.CREATE + DISK.OFFERING.EDIT + + + DISK.OFFERING.DELETE + NETWORK.OFFERING.CREATE + NETWORK.OFFERING.EDIT + + + NETWORK.OFFERING.DELETE + POD.CREATE + POD.EDIT + + + POD.DELETE + ZONE.CREATE + ZONE.EDIT + + + ZONE.DELETE + VLAN.IP.RANGE.CREATE + VLAN.IP.RANGE.DELETE + + + CONFIGURATION.VALUE.EDIT + SG.AUTH.INGRESS + + + + + +
\ No newline at end of file diff --git a/docs/en-US/events-log.xml b/docs/en-US/events-log.xml new file mode 100644 index 00000000000..4087e58bbf4 --- /dev/null +++ b/docs/en-US/events-log.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Event Logs + There are two types of events logged in the CloudPlatform Event Log. Standard events log the success or failure of an event and can be used to identify jobs or processes that have failed. There are also long running job events. Events for asynchronous jobs log when a job is scheduled, when it starts, and when it completes. Other long running synchronous jobs log when a job starts, and when it completes. Long running synchronous and asynchronous event logs can be used to gain more information on the status of a pending job or can be used to identify a job that is hanging or has not started. The following sections provide more information on these events.. +
+ diff --git a/docs/en-US/events.xml b/docs/en-US/events.xml new file mode 100644 index 00000000000..b1a67c13201 --- /dev/null +++ b/docs/en-US/events.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ + + + +
diff --git a/docs/en-US/example-LDAP-configuration-commands.xml b/docs/en-US/example-LDAP-configuration-commands.xml new file mode 100644 index 00000000000..a91a9094ae5 --- /dev/null +++ b/docs/en-US/example-LDAP-configuration-commands.xml @@ -0,0 +1,28 @@ + + +%BOOK_ENTITIES; +]> +
+ Example LDAP Configuration Commands + To understand the examples in this section, you need to know the basic concepts behind calling the CloudPlatform API, which are explained in the Developer’s Guide. + The following shows an example invocation of ldapConfig with an ApacheDS LDAP server + http://127.0.0.1:8080/client/api?command=ldapConfig&hostname=127.0.0.1&searchbase=ou%3Dtesting%2Co%3Dproject&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=cn%3DJohn+Singh%2Cou%3Dtesting%2Co%project&bindpass=secret&port=10389&ssl=true&truststore=C%3A%2Fcompany%2Finfo%2Ftrusted.ks&truststorepass=secret&response=json&apiKey=YourAPIKey&signature=YourSignatureHash + The command must be URL-encoded. Here is the same example without the URL encoding: + http://127.0.0.1:8080/client/api?command=ldapConfig +&hostname=127.0.0.1 +&searchbase=ou=testing,o=project +&queryfilter=(&(%uid=%u)) +&binddn=cn=John+Singh,ou=testing,o=project +&bindpass=secret +&port=10389 +&ssl=true +&truststore=C:/company/info/trusted.ks +&truststorepass=secret +&response=json +&apiKey=YourAPIKey&signature=YourSignatureHash + + The following shows a similar command for Active Directory. Here, the search base is the testing group within a company, and the users are matched up based on email address. +http://10.147.29.101:8080/client/api?command=ldapConfig&hostname=10.147.28.250&searchbase=OU%3Dtesting%2CDC%3Dcompany&queryfilter=%28%26%28mail%3D%25e%29%29 &binddn=CN%3DAdministrator%2COU%3Dtesting%2CDC%3Dcompany&bindpass=1111_aaaa&port=389&response=json&apiKey=YourAPIKey&signature=YourSignatureHash + The next few sections explain some of the concepts you will need to know when filling out the ldapConfig parameters. +
diff --git a/docs/en-US/example-response-from-listUsageRecords.xml b/docs/en-US/example-response-from-listUsageRecords.xml new file mode 100644 index 00000000000..96615bb0f52 --- /dev/null +++ b/docs/en-US/example-response-from-listUsageRecords.xml @@ -0,0 +1,32 @@ +
+ Example response from listUsageRecords + + All CloudStack API requests are submitted in the form of a HTTP GET/POST with an associated command and any parameters. A request is composed of the following whether in HTTP or HTTPS: + + + <listusagerecordsresponse> + <count>1816</count> + <usagerecord> + <account>user5</account> + <accountid>10004</accountid> + <domainid>1</domainid> + <zoneid>1</zoneid> + <description>i-3-4-WC running time (ServiceOffering: 1) (Template: 3)</description> + <usage>2.95288 Hrs</usage> + <usagetype>1</usagetype> + <rawusage>2.95288</rawusage> + <virtualmachineid>4</virtualmachineid> + <name>i-3-4-WC</name> + <offeringid>1</offeringid> + <templateid>3</templateid> + <usageid>245554</usageid> + <type>XenServer</type> + <startdate>2009-09-15T00:00:00-0700</startdate> + <enddate>2009-09-18T16:14:26-0700</enddate> + </usagerecord> + + … (1,815 more usage records) + </listusagerecordsresponse> + +
+ diff --git a/docs/en-US/export-template.xml b/docs/en-US/export-template.xml new file mode 100644 index 00000000000..c6db53f179f --- /dev/null +++ b/docs/en-US/export-template.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Exporting Templates + End users and Administrators may export templates from the CloudPlatform. Navigate to the template in the UI and choose the Download function from the Actions menu. + +
diff --git a/docs/en-US/external-firewalls-and-load-balancers.xml b/docs/en-US/external-firewalls-and-load-balancers.xml new file mode 100644 index 00000000000..239e7b8f584 --- /dev/null +++ b/docs/en-US/external-firewalls-and-load-balancers.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ External Firewalls and Load Balancers + CloudPlatform is capable of replacing its Virtual Router with an external Juniper SRX device and an optional external NetScaler or F5 load balancer for gateway and load balancing services. In this case, the VMs use the SRX as their gateway. + + +
diff --git a/docs/en-US/feature-overview.xml b/docs/en-US/feature-overview.xml new file mode 100644 index 00000000000..9ea1b783229 --- /dev/null +++ b/docs/en-US/feature-overview.xml @@ -0,0 +1,49 @@ + + +%BOOK_ENTITIES; +]> +
+ What Can &PRODUCT; Do? + + Multiple Hypervisor Support + + + &PRODUCT; works with a variety of hypervisors. A single cloud deployment can contain multiple hypervisor implementations. You have the complete freedom to choose the right hypervisor for your workload. + + + &PRODUCT; is designed to work with open source Xen and KVM hypervisors as well as enterprise-grade hypervisors such as Citrix XenServer, VMware vSphere, and Oracle VM (OVM). You can also provision “bare metal” hosts with no hypervisor (Beta feature. Untested in &PRODUCT; 3.0.x.) + + + Massively Scalable Infrastructure Management + + + &PRODUCT; can manage tens of thousands of servers installed in multiple geographically distributed datacenters. The centralized management server scales linearly, eliminating the need for intermediate cluster-level management servers. No single component failure can cause cloud-wide outage. Periodic maintenance of the management server can be performed without affecting the functioning of virtual machines running in the cloud. + + + Automatic Configuration Management + + &PRODUCT; automatically configures each guest virtual machine’s networking and storage settings. + + &PRODUCT; internally manages a pool of virtual appliances to support the cloud itself. These appliances offer services such as firewalling, routing, DHCP, VPN access, console proxy, storage access, and storage replication. The extensive use of virtual appliances simplifies the installation, configuration, and ongoing management of a cloud deployment. + + + Graphical User Interface + + &PRODUCT; offers an administrator's Web interface, used for provisioning and managing the cloud, as well as an end-user's Web interface, used for running VMs and managing VM templates. The UI can be customized to reflect the desired service provider or enterprise look and feel. + + + API and Extensibility + + + &PRODUCT; provides an API that gives programmatic access to all the management features available in the UI. The API is maintained and documented. This API enables the creation of command line tools and new user interfaces to suit particular needs. See the Developer’s Guide and API Reference, both available at http://docs.cloud.com/CloudStack_Documentation. + + + The &PRODUCT; pluggable allocation architecture allows the creation of new types of allocators for the selection of storage and Hosts. See the Allocator Implementation Guide (http://docs.cloudstack.org/CloudStack_Documentation/Allocator_Implementation_Guide). + + + High Availability + + &PRODUCT; has a number of features to increase the availability of the system. The Management Server itself may be deployed in a multi-node installation where the servers are load balanced. MySQL may be configured to use replication to provide for a manual failover in the event of database loss. For the hosts, &PRODUCT; supports NIC bonding and the use of separate networks for storage as well as iSCSI Multipath. + +
\ No newline at end of file diff --git a/docs/en-US/firewall-rules.xml b/docs/en-US/firewall-rules.xml new file mode 100644 index 00000000000..a7a708dd4c7 --- /dev/null +++ b/docs/en-US/firewall-rules.xml @@ -0,0 +1,37 @@ + + +%BOOK_ENTITIES; +]> +
+ Firewall Rules + By default, all incoming traffic to the public IP address is rejected by the firewall. To allow external traffic, you can open firewall ports by specifying firewall rules. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses. + You cannot use firewall rules to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See . + Firewall rules can be created using the Firewall tab in the Management Server UI. This tab is not displayed by default when CloudPlatform is installed. To display the Firewall tab, the CloudPlatform administrator must set the global configuration parameter firewall.rule.ui.enabled to "true." + To create a firewall rule: + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network. + Click the name of the network where you want to work with. + Click View IP Addresses. + Click the IP address you want to work with. + + Click the Configuration tab and fill in the following values. + + Source CIDR. (Optional) To accept only traffic from IP + addresses within a particular address block, enter a CIDR or a + comma-separated list of CIDRs. Example: 192.168.0.0/22. Leave empty to allow + all CIDRs. + Protocol. The communication protocol in use on the opened + port(s). + Start Port and End Port. The port(s) you want to open on the + firewall. If you are opening a single port, use the same number in both + fields + ICMP Type and ICMP Code. Used only if Protocol is set to + ICMP. Provide the type and code required by the ICMP protocol to fill out + the ICMP header. Refer to ICMP documentation for more details if you are not + sure what to enter + + Click Add + +
diff --git a/docs/en-US/first_ms_node_install.xml b/docs/en-US/first_ms_node_install.xml new file mode 100644 index 00000000000..f0c2e142f1b --- /dev/null +++ b/docs/en-US/first_ms_node_install.xml @@ -0,0 +1,34 @@ +
+ Install the First Management Server + + Download the CloudStack Management Server onto the host where it will run from one of the following links. If your operating system is CentOS, use the download file for RHEL. + + Open-source community: http://sourceforge.net/projects/cloudstack/files/CloudStack Acton/ + Commercial customers: https://www.citrix.com/English/ss/downloads/. + Commercial customers will need a MyCitrix account. + + + + Install the CloudStack packages. You should have a file in the form of “CloudStack-VERSION-N-OSVERSION.tar.gz”. Untar the file and then run the install.sh script inside it. Replace the file and directory names below with those you are using: + # tar xzf CloudStack-VERSION-N-OSVERSION.tar.gz +# cd CloudStack-VERSION-N-OSVERSION +# ./install.sh + + You should see a few messages as the installer prepares, followed by a list of choices. + + Choose M to install the Management Server software. + > M + + Wait for a message like “Complete! Done,” which indicates that the software was installed successfully. + + (RHEL or CentOS) When the installation is finished, run the following commands to start essential services (the commands might be different depending on your OS): + # service rpcbind start +# service nfs start +# chkconfig nfs on +# chkconfig rpcbind on + + + Continue to Install and Configure the Database. + + +
\ No newline at end of file diff --git a/docs/en-US/globally-configured-limit.xml b/docs/en-US/globally-configured-limit.xml new file mode 100644 index 00000000000..5c8bb853db5 --- /dev/null +++ b/docs/en-US/globally-configured-limit.xml @@ -0,0 +1,81 @@ + + +%BOOK_ENTITIES; +]> +
+ Globally Configured Limits + In a zone, the guest virtual network has a 24 bit CIDR by default. This limits the guest virtual network to 254 running instances. It can be adjusted as needed, but this must be done before any instances are created in the zone. For example, 10.1.1.0/22 would provide for ~1000 addresses. + The following table lists limits set in the Global Configuration: + + + + + Parameter Name + Definition + + + + + + max.account.public.ips + Number of public IP addresses that can be owned by an account + + + + max.account.snapshots + Number of snapshots that can exist for an account + + + + + max.account.templates + Number of templates that can exist for an account + + + + max.account.user.vms + Number of virtual machine instances that can exist for an account + + + + max.account.volumes + Number of disk volumes that can exist for an account + + + + max.template.iso.size + Maximum size for a downloaded template or ISO in GB + + + + max.volume.size.gb + Maximum size for a volume in GB + + + network.throttling.rate + Default data transfer rate in megabits per second allowed per user (supported on XenServer) + + + snapshot.max.hourly + Maximum recurring hourly snapshots to be retained for a volume. If the limit is reached, early snapshots from the start of the hour are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring hourly snapshots can not be scheduled + + + + snapshot.max.daily + Maximum recurring daily snapshots to be retained for a volume. If the limit is reached, snapshots from the start of the day are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring daily snapshots can not be scheduled + + + snapshot.max.weekly + Maximum recurring weekly snapshots to be retained for a volume. If the limit is reached, snapshots from the beginning of the week are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring weekly snapshots can not be scheduled + + + + snapshot.max.monthly + Maximum recurring monthly snapshots to be retained for a volume. If the limit is reached, snapshots from the beginning of the month are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring monthly snapshots can not be scheduled. + + + + + To modify global configuration parameters, use the global configuration screen in the CloudPlatform UI. See Setting Global Configuration Parameters +
diff --git a/docs/en-US/globally-configured-limits.xml b/docs/en-US/globally-configured-limits.xml new file mode 100644 index 00000000000..5c8bb853db5 --- /dev/null +++ b/docs/en-US/globally-configured-limits.xml @@ -0,0 +1,81 @@ + + +%BOOK_ENTITIES; +]> +
+ Globally Configured Limits + In a zone, the guest virtual network has a 24 bit CIDR by default. This limits the guest virtual network to 254 running instances. It can be adjusted as needed, but this must be done before any instances are created in the zone. For example, 10.1.1.0/22 would provide for ~1000 addresses. + The following table lists limits set in the Global Configuration: + + + + + Parameter Name + Definition + + + + + + max.account.public.ips + Number of public IP addresses that can be owned by an account + + + + max.account.snapshots + Number of snapshots that can exist for an account + + + + + max.account.templates + Number of templates that can exist for an account + + + + max.account.user.vms + Number of virtual machine instances that can exist for an account + + + + max.account.volumes + Number of disk volumes that can exist for an account + + + + max.template.iso.size + Maximum size for a downloaded template or ISO in GB + + + + max.volume.size.gb + Maximum size for a volume in GB + + + network.throttling.rate + Default data transfer rate in megabits per second allowed per user (supported on XenServer) + + + snapshot.max.hourly + Maximum recurring hourly snapshots to be retained for a volume. If the limit is reached, early snapshots from the start of the hour are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring hourly snapshots can not be scheduled + + + + snapshot.max.daily + Maximum recurring daily snapshots to be retained for a volume. If the limit is reached, snapshots from the start of the day are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring daily snapshots can not be scheduled + + + snapshot.max.weekly + Maximum recurring weekly snapshots to be retained for a volume. If the limit is reached, snapshots from the beginning of the week are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring weekly snapshots can not be scheduled + + + + snapshot.max.monthly + Maximum recurring monthly snapshots to be retained for a volume. If the limit is reached, snapshots from the beginning of the month are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring monthly snapshots can not be scheduled. + + + + + To modify global configuration parameters, use the global configuration screen in the CloudPlatform UI. See Setting Global Configuration Parameters +
diff --git a/docs/en-US/guest-ip-ranges.xml b/docs/en-US/guest-ip-ranges.xml new file mode 100644 index 00000000000..97da0448a03 --- /dev/null +++ b/docs/en-US/guest-ip-ranges.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Guest IP Ranges + The IP ranges for guest network traffic are set on a per-account basis by the user. This allows the users to configure their network in a fashion that will enable VPN linking between their guest network and their clients. +
diff --git a/docs/en-US/guest-network.xml b/docs/en-US/guest-network.xml new file mode 100644 index 00000000000..e8264b3ab73 --- /dev/null +++ b/docs/en-US/guest-network.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Guest Network + In a CloudPlatform cloud, guest VMs can communicate with each other using shared infrastructure with the security and user perception that the guests have a private LAN. + The CloudPlatform virtual router is the main component providing networking features for guest traffic. +
diff --git a/docs/en-US/guest-traffic.xml b/docs/en-US/guest-traffic.xml new file mode 100644 index 00000000000..38658e05812 --- /dev/null +++ b/docs/en-US/guest-traffic.xml @@ -0,0 +1,19 @@ + + +%BOOK_ENTITIES; +]> +
+ Guest Traffic + A network can carry guest traffic only between VMs within one zone. Virtual machines in different zones cannot communicate with each other using their IP addresses; they must communicate with each other by routing through a public IP address. + Figure 1 illustrates a typical guest traffic setup: + + + + + guesttraffic.png: Depicts a guest traffic setup + + The Management Server automatically creates a virtual router for each network. A virtual router is a special virtual machine that runs on the hosts. Each virtual router has three network interfaces. Its eth0 interface serves as the gateway for the guest traffic and has the IP address of 10.1.1.1. Its eth1 interface is used by the system to configure the virtual router. Its eth2 interface is assigned a public IP address for public traffic. + The virtual router provides DHCP and will automatically assign an IP address for each guest VM within the IP range assigned for the network. The user can manually reconfigure guest VMs to assume different IP addresses. + Source NAT is automatically configured in the virtual router to forward outbound traffic for all guest VMs +
diff --git a/docs/en-US/ha-enabled-vm.xml b/docs/en-US/ha-enabled-vm.xml new file mode 100644 index 00000000000..63faa82b63c --- /dev/null +++ b/docs/en-US/ha-enabled-vm.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ HA-Enabled Virtual Machines + The user can specify a virtual machine as HA-enabled. By default, all virtual router VMs and Elastic Load Balancing VMs are automatically configured as HA-enabled. When an HA-enabled VM crashes, CloudPlatform detects the crash and restarts the VM automatically within the same Availability Zone. HA is never performed across different Availability Zones. CloudPlatform has a conservative policy towards restarting VMs and ensures that there will never be two instances of the same VM running at the same time. The Management Server attempts to start the VM on another Host in the same cluster. + HA features work with iSCSI or NFS primary storage. HA with local storage is not supported. +
\ No newline at end of file diff --git a/docs/en-US/ha-for-hosts.xml b/docs/en-US/ha-for-hosts.xml new file mode 100644 index 00000000000..f555c3e8c41 --- /dev/null +++ b/docs/en-US/ha-for-hosts.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ HA for Hosts + The user can specify a virtual machine as HA-enabled. By default, all virtual router VMs and Elastic Load Balancing VMs are automatically configured as HA-enabled. When an HA-enabled VM crashes, CloudPlatform detects the crash and restarts the VM automatically within the same Availability Zone. HA is never performed across different Availability Zones. CloudPlatform has a conservative policy towards restarting VMs and ensures that there will never be two instances of the same VM running at the same time. The Management Server attempts to start the VM on another Host in the same cluster. + HA features work with iSCSI or NFS primary storage. HA with local storage is not supported. +
\ No newline at end of file diff --git a/docs/en-US/ha-management-server.xml b/docs/en-US/ha-management-server.xml new file mode 100644 index 00000000000..27019cc091b --- /dev/null +++ b/docs/en-US/ha-management-server.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ HA for Management Server + The CloudPlatform Management Server should be deployed in a multi-node configuration such that it is not susceptible to individual server failures. The Management Server itself (as distinct from the MySQL database) is stateless and may be placed behind a load balancer. + Normal operation of Hosts is not impacted by an outage of all Management Serves. All guest VMs will continue to work. + When the Management Server is down, no new VMs can be created, and the end user and admin UI, API, dynamic load distribution, and HA will cease to work. +
diff --git a/docs/en-US/host-add.xml b/docs/en-US/host-add.xml new file mode 100644 index 00000000000..7591ee5b697 --- /dev/null +++ b/docs/en-US/host-add.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding a Host + TODO +
\ No newline at end of file diff --git a/docs/en-US/host-allocation.xml b/docs/en-US/host-allocation.xml new file mode 100644 index 00000000000..8a56322f839 --- /dev/null +++ b/docs/en-US/host-allocation.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Host Allocation + The system automatically picks the most appropriate host to run each virtual machine. End users may specify the zone in which the virtual machine will be created. End users do not have control over which host will run the virtual machine instance. + CloudPlatform administrators can specify that certain hosts should have a preference for particular types of guest instances. For example, an administrator could state that a host should have a preference to run Windows guests. The default host allocator will attempt to place guests of that OS type on such hosts first. If no such host is available, the allocator will place the instance wherever there is sufficient physical capacity. + Both vertical and horizontal allocation is allowed. Vertical allocation consumes all the resources of a given host before allocating any guests on a second host. This reduces power consumption in the cloud. Horizontal allocation places a guest on each host in a round-robin fashion. This may yield better performance to the guests in some cases. CloudPlatform also allows an element of CPU over-provisioning as configured by the administrator. Over-provisioning allows the administrator to commit more CPU cycles to the allocated guests than are actually available from the hardware. + CloudPlatform also provides a pluggable interface for adding new allocators. These custom allocators can provide any policy the administrator desires. +
\ No newline at end of file diff --git a/docs/en-US/hypervisor-support-for-primarystorage.xml b/docs/en-US/hypervisor-support-for-primarystorage.xml new file mode 100644 index 00000000000..e0fa56b6159 --- /dev/null +++ b/docs/en-US/hypervisor-support-for-primarystorage.xml @@ -0,0 +1,83 @@ + + +%BOOK_ENTITIES; +]> +
+ Hypervisor Support for Primary Storage + The following table shows storage options and parameters for different hypervisors. + + + + + + + + + + + + + VMware vSphere + Citrix XenServer + KVM + Oracle VM + + + + + Format for Disks, Templates, and + Snapshots + VMDK + VHD + QCOW2 + RAW + + + iSCSI support + VMFS + Clustered LVM + Yes, via Shared Mountpoint + Yes, via OCFS2M + + + Fiber Channel support + VMFS + Yes, via Existing SR + Yes, via Shared Mountpoint + No + + + NFS support + Y + Y + Y + Y + + + + Local storage support + Y + Y + Y + Y + + + + Storage over-provisioning + NFS and iSCSI + NFS + NFS + No + + + + + + XenServer uses a clustered LVM system to store VM images on iSCSI and Fiber Channel volumes and does not support over-provisioning in the hypervisor. The storage server itself, however, can support thin-provisioning. As a result the CloudPlatform can still support storage over-provisioning by running on thin-provisioned storage volumes. + KVM supports "Shared Mountpoint" storage. A shared mountpoint is a file system path local to each server in a given cluster. The path must be the same across all Hosts in the cluster, for example /mnt/primary1. This shared mountpoint is assumed to be a clustered filesystem such as OCFS2. In this case the CloudPlatform does not attempt to mount or unmount the storage as is done with NFS. The CloudPlatform requires that the administrator insure that the storage is available + Oracle VM supports both iSCSI and NFS storage. When iSCSI is used with OVM, the CloudPlatform administrator is responsible for setting up iSCSI on the host, including re-mounting the storage after the host recovers from a failure such as a network outage. With other hypervisors, CloudPlatform takes care of mounting the iSCSI target on the host whenever it discovers a connection with an iSCSI server and unmounting the target when it discovers the connection is down. + With NFS storage, CloudPlatform manages the overprovisioning. In this case the global configuration parameter storage.overprovisioning.factor controls the degree of overprovisioning. This is independent of hypervisor type. + Local storage is an option for primary storage for vSphere, XenServer, Oracle VM, and KVM. When the local disk option is enabled, a local disk storage pool is automatically created on each host. To use local storage for the System Virtual Machines (such as the Virtual Router), set system.vm.use.local.storage to true in global configuration. + CloudPlatform supports multiple primary storage pools in a Cluster. For example, you could provision 2 NFS servers in primary storage. Or you could provision 1 iSCSI LUN initially and then add a second iSCSI LUN when the first approaches capacity. +
diff --git a/docs/en-US/images/1000-foot-view.png b/docs/en-US/images/1000-foot-view.png new file mode 100644 index 0000000000000000000000000000000000000000..2fe3c1658b3223ad93ac4c49ffc1aa1f5c6fd1c5 GIT binary patch literal 222230 zcmV)`Kz_f8P)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!T^n&fnVmsVcROM6!(#aGHnG)7910-F3QG?OJ>7wg0cy%5CKcoE%4> z*=&i?Xf*5fX01-kdZXEB;?`=kXhIJ)o3%!xR;%MCJxJ@Z3J)|J^%i!~Y|-|$M!nXm z*ISKx6A#vE&3d(2!@vZ0F{!t(L5+u)(DpRJEAvF`w9%+z_joJfhTZeMW(|ABQoL2# zsD-<{lm=b^qtT$_i=~*X+*Xdj|Fv=mR*t|)a0GypGzc&WGie6!VnkysVj}bI zv=TT5(zQR8B2lN0OtypG-*^C zwW`2--oH3IV0VPA68>TpK|c+86JkOiia#5FG;ver?d#h&I0^nJD{tY`Isz-O`)M87 zmHmE_BOqa}z#s}I33f%a3t;6qmk?I0CpfMGV}Yv#XB-4G)KWl9cnNGIplmd%6aZ7W z3ee=x6)PEPf!%}E ztibLk`7V43wq1eUFTo%AbMg^^oqRD4gsj!8h%4n-k>X0esHXr`j#29faRn$75kP2) zZ7>LS5%|{dKQ1VJq@=8K?PU@f06 z5C9YWBS6L@6yEYCE79)f?XZimw9>4XT8(nENik-#R&D}_tED;xo(MK6n4~aO1fLAM6o@jR0EEQ=;1*l0 zT&tDmfq8)kCSr(riH9-~ca=3|-j9Oa0>`nk+-jDZ&0@2GWx3H1d_;vJZbaf7;&MRE zEH9HAE3o@H|91Y~-~I~h{@xGi=Xi%o#z)Ct(be%$A4ohRRv$HZEu-f#k1gBD@pgge z70fLDBLPCIQE3tEmas&$NOK@B!dYTq5kOXf#7bl;B3S~&W-C`~CQH>wuISI?o$0JK zoi(R2rbOBhPwHX`T_m9iM=`YFn3|XRNJ1Zt>mqUe(L-5djwbA}gfpIWB~!k1Hkd0! zij_pQk!}#C1EBG`0_er43i$+bb`t%-5(xfavP?rhM)FY=X*512BInkA?2kG8M@Wie z{tn`yqyJi;fO`jm8 z?B$&u$=b_UgP@R*2bc0Sj&Kn{)@cb`B~h7#Ypr~<5thCGq~uB>LVFTvgpcI0>x^mT#l5g@p3g&tLGby z0y7v2vq5P<&IGc!f`$+@@G+Hc@){-W#s^Q?plwU}*=-=s**bZ1MFXNBw}RrbP~@mn z=EwMQtZeeT9RWqAa^%m=J6wU?-|e`5{-6D6z^;r2@~>S1j3WRpp^pSW0%s)HrAu{a z2uN^1X{-jW>%jwnE66lk$$BeNZMiaKeJG{!CFb1Gaa-_!$+yqo-lOyE)%y18d?PyF z9)o|_5FFI|`*ogvjkj0r?oqpXm#}pAYFzyq-+<2Bul4k)Jb0*&hDTn?6MhI!AJlsX zuoJC&Kti0JF+tL0;fiS{U3R)&!>OUS!KrVCf`nR+W!sJfDQVVw_-U>AnY->va?X?>jpI?xuSB~i-Jj$HzajB!7uTvF zR+R~fV2@tOTk>@?p#&l{WUwT_-uj|xN(#b$ivEwcMk9*krL zNOm<_iAp_O!X8}%8(^P-KD`g`pbhM??qU zt`N&gL($ZtrWRSRDh8L~vgnG0xLjyU&m}b&QchIsMNcj_8^u;L-)g4n&3LWlE7Vni z^n^V+W(kjIy+dl}fXX?rwNuMU$4%`*oT-DXb4ygbn63MhES&= z+yx9Z1$&KwUPG|g5a`kSyLCPcOvDg#@er21#$b;z*iG0PKw#Tx2y_^OoyI_ifiSld z_-hPx7=XgTPHaHi1iG~TZasDa==b#E902e&crg0)1i^z^`;gW#tat4(x_9e6d-R@B zvwy}NH^hp*LL=1x1wnEM(rS?UfzM13DpM^Sm&3`YG^(b<(Ia&P>E;yJWf8DU#-NOu ze$q!^R{%QxULw)Q=Scj$Xa@>Y|7HK)pODY5z%Kr}Rp<=)FTDc0C*;_lye}f+ToLL@ zp{)3!N=3I^8^$GBR3HFQs8&lgfGU*?V4%=enuvNZ071202H>&}0axX=YE`m0-~mxW zwOpxGScWTvw-nwct1W-FWQ%3A{`j;rFlzDcG57|wfgY8wYtfC-qw@A?0t320zacPS z3=WzQ!-7Wefk|KtCF}zNcImtr-3EV;iD0x_=kC%tx;4&TEsY*5HI815vq$Z~=u+7* zy4Cg`42`o}QZ|;n3q6kyw?~wXbn!gLTYcs7Rf~ORRq5>S;Npv zyf)P!SBVfVV_73v1Xbk8x;Zwg;2J(EFkw}(j$?w~P&0jYyMaM&Ikw+9a)DQ5|eA}?ped+_Z>8cplM0FTkF zc62P+J5?BtZZ)BEj}~C+>Ct<7^#EKq0j@F(4AuaBa}el^d8gjjfp<$RM*y)o#l;#| zkIK;ll07@T!excqVANeDB)D_tMLj83=;fIk} zUH&O5F_A1nrJt*alJIkt#7QDJmRLv03_*B*ahgW}H7P`(x{)cyGe)?hszwMH_AKvM0AEjU6mR{xa6J8p50np}I0&SAZM zNM|3^*!tDBKDD)1W9!q}0q)%zN2kWo1#|`q8-2azP>&_jZ3ZI|++_&vGz2@0p)NBh zW3bP@L4@!|-+(DFU<&pdK~NyR#u);#3de}iJL`_?!f9~XiAtk@>JL6kF`P2Q;vSVI zqfi5tdqk;=c(+=kQW3K4Ar6Q@mi{;-i~!CO)XMA-U$HO}^IuP*^FQIYWo7eEd<5D_ z21Un$U&RXSe&R#<1$sg|>~b_DDF|42$`Ka9E|uUaN(KIL%l?OA&cAaJ?24K#$pMVQ zU<_O}x0=A*RITC56wINx$`hQj`wtqu!&*n*lC68mPEjQCW2R8IIn-qgcA0}+mQaT| z*kSVRGJ19y+&gv7U0Q30#@eN^^gwB=weB`J_ZeMd7SEJ3xa5x+A{kqv;L4W#g>tA^ ziWSSrauvefOtqe^)pPYm9=WUrMcM5G7x*;lEj)_N5N{^SwM3~BD^{Y#Qm9b!6^pJy z$&xAPqv?fUY|0%xWc35wckAr~T3gSOrCVj~)4Td~t{$DMOXum*`8xG}WOZ8fjN=O>5ybN|F=g>xD z1$Ix=U*P0>9hvE)lnY0-{4+;9gVSNy!CkW0$3)AcH6!bA)!oNL4vi|&#w7@Q7> zW)L8ahk@U@W-DGnP+2lW)3fgIsKGh3XhxmFpa$Wpih>2A_FLo6e_7oBL`HK9T=3_3K6rNsa{0pb`maikXm z*+1myaN+oT$Lc$=dXX%HJ_zRQ*;!St9stIN%9FY-|Zy1SwaIZ^_K8?Fi z=Ys$X$+12N2`EVgGB>bO>+jHbfnNhl)?tlfkJho8n z%C-?jPL>ps;~ATu34%u!kcq1kaaN%-32R1hoN%U;2wxU8tlUn>5fH?#xC!uGiFQxO zfj>!KWI4A>x+Tuhh@UL|Y6a{HIg->sffH@aK9GV;ba{}3xq`_B;I@**hC5MEd1Hqy z{t-%2A$s+7X?#68e;?$u5Y_5}-5Ot~8p$zlFM$;DW1e2EcR=GFR@)C~oio;e+LyG( zO1^9@Qm!Xz^-QgaOK-rRh-wAkN;yE5T(H@=Nbz%-8`UKUGe*UGoV<6Lct+(h1(AFa zkB=gnS1@KXql`L|flq6*h*^xZk z3hbV^-{cDHp15Ou^1qTe1yl4R|3VpZWCfB!AIMb{60;y+j9nJX_}NpKOM*~|QfRcI zrMfeoS9xONCf|tGIjDB@K?b04Lz%Ek3rSX}*BtFL#}MLm@JrrkST@B80Phe{aJtrt zl^RGGLZM*{rckanZ4ZnXAUAgQ>p%gM!WSA0Xw-W3P-TE;phApJ46rMvAb4$%4^-u0 zBy{dK`uZVKrn+P&EGE=`)E{RerJ8Wzp%*1mhvHv0yp*a>1otETVTFD{7W^_cOQkU@ z60#HU3tb@@PQXF_oV|n+@U+*7NpMC;tnh&{AxfEbDu5txsx`|AZklQSn7ZU;0p|*59e7i}4Y?f7}|HcZLmsm2kqJ z%;#%tj4SMMQC84sme}2qFpfgJ7R^QVh2S?O6LgAnS+_C-`c#}8};qBofK#;=q zR;t_#<*NEna>^A31+mu*j|gYC%GL?(u-@Hg_V-wVJr1a@dVyHI}&w1ryE9PT%U z`>BF12oi?N@caWB*Ra-k$m(12$L*YYCAxpDow|UKsC4B0!1GtSjQ#P6k>wO$H;#**gQ*Xqo4NtzVkL9P_kr5-JS3612^iI@P^qT!NL@fsLil~%BX$DG} zMd32}LWFv>1ik~P&ExXu{RS6|&^)=4lx@SA33V)0Iv+5PE5d%I>!)}(a?)@Gc2D5% zavAI@^}#FL?g{)OoMbPxjAY>63G!vT=rtxKlLko6t0U+VZI$3QxlG%Az zVANpSt+5UPa}l+n&5R$7w2?lXI4JTZMV*Y@ z811Kqhp>lc5%^w51P#0fh*KzyP!^{U0%b8^VNSs^_l%(P4$%}M9nv;9u9oUcxR;MY zUl8fdgE<=^r2s9EuGT}vvLl_>gwnv@{Z{B7oE<7_CuGPtIhi2g@T2~%3-U55L5BYh z)jIc>BmL$mgRieohk`wKzsfnRqsUhqhT30F5k|vuq&>UR$%vY`RDvSzGfgoE$B(aN*Ocw(SSyPl?-AxOadJmPY0@U^^O6( zW1qz};|Z8zsbHxJJpfxH5=RU$Emaz&QZrv_WJ|S7rJAl)FtYV(u2I9tHmW%SVxTZ# zae+XV;5A>RQK$h-Nr6kK3Y`NyARvYjS^)k#1Lnw(IXVE1oyyt0 zU>#OFP~c~dWy3`rB_e#dJH7B~5QGYKa-#s4VV6&yA`%zc-Id#?djytoy9x@g!0xAe z+&>3<=bxXf^%U9$D*G)X*-v?W3Ymby2>plwV3dSOSiIbDCh|+3*ceo+dKUywxMYS# zN|+cRJ5LFEa{PjK0i0`GdrY1~&fttUY);acL!veCT*h=NwW#5(GIh()DeFAAm_+iO0T7EOZ-l%|Fi`T3LT4N{ z;>4MBM&^!m(M`yKll7**)Nti%+F0hG)rV4M)ZL--4fYZJCf}en)Ncj&`gdtO+n1m} z3k_IfJqCz;Dd$FpYPg71;g4{b4`$2U_1oip)))o38k7$>kqFvn^iDd0nqb12Du&Bt)T$x&%)!l&%c)#3T`1;Cm3*<1EtYfTY7WdprAAB80s>@-OdxP1sAY)cXqSUlB6AU_;!QGc zBCzFwIc)&6#a)7Cz$l?@q0%J$1>lwe@r?pT1uMl;j7Aa5D&Ao&U9N&0$W-dtDrgFN zb-=n{CtwsNfS9e=fTti{+6^#eQij7%ZdA-#JHb=P%mXB7@oL?dFB+qnNmpo(-qEWv zb0wZ*z~BWrK7eWq_)(zFSRdG>@sh$9Nj6h-5P}dGR%qQQvOw5-$m}zOQvQ4e+7FTE z6s$MDAR#b?+(dZrTjauu6_Vj&|5kp>4VUH9gw%4SIQX|bnqQ=+F>6WwDU>clN}q!w zVkAXdb5c=}z?B42%~q&XF~rgnPCu$+d(~DbQoA&$1@IsdM1dGwYb_|v3Zc>$6=-|) zo(Wq}>rc88g$UrFLOTHzW(w6bMzNMGRuhF1Mygm$my6j-Ia4ZOWP!h+ZV3}X;1X#| zbS*<6qhX6DSYmHjNhEKn+C=iI1Wc?pFhOw2@hOG37_^2b^jxAEkb@$^p-`%06w6IQ z-f{yIfx`JBUL7%bBU47jFpn~jw~?vR$P)DP;0fpmybaP?NXj;;=1q!-8IDOB!8SIe zH{d!yzUHS*s0$}+Hq!N$CtK2nu_y1qW+E44!w}0Ejjy_9QzFLc8FTzIrJGqaUhAzq^cIYB=wwU4ut=_qM(g$a&Uaa zsHJ`77wM~h;y;T*G6=L?f!!1TCpbx8QNHlRzZC9rEfclnWgi>%8AFiUY^EDcU!klH z#t+y${W@!x8ukbXa@{E8MdqDquAuxUO_&olVDOneWDhL`llEjWTxbAr=~^DVZLygv z)N}bt7ARb(X29W=Ynf^_TO&RpQ$t({bgpE}wL%H8rv!ziN(%#+C_^VBro_*R$XDie zDWsLdUJiaa+GR?CC&cP9$-t3svq(@&XwG3TL9IYr5FNR4Emx{#OU+EVl__J{%$CHY z0qX{WV8-G!RJ5Q(K$1{?k6sA0t|V6DtRoFBFymATmt&yD7fm>+4=2zV+$&diaQh-? zLXwS^FJIAxQsXw?ZY_M%A;NPEL%NHKK2q|6VF-3<{JWOiyI>}%^+RViXo^x(3=Jv( zT~O?y#Sz*adGlncjwB&9KSr=k{p_ikJ>NvMy&P~)(l6*2;%zM>c~?k=FT`K+?`r`C#-772pm_t9#o(WXuQK}@2J7A@+WM`tT$JTRvRg#&g#u{ zrI{%vCaaYc!d`$Qg`c?aZ!-8YnZSdY zSx%qhzGfh0i6RAwIV4e z$IguAoMZ#?lE?wv0)VxQ39ZjTTwD@M$SuSYuuI5Gn_&%YDbjROY7Q!6u4xms%aWXd zke4cZ5sX4xT!g|H+O}E)n&V2jRz>O(VJ|q}aH(of=9hel!;qS3Y~72n$8@5N=8)by zWbh9e0l2WU;GP<~0Lo8bY5|@Hr50$wF`x$L;9BxUefbgy2X@^ge|h3|6%63?+Hpu; zxpq-19#{P5M5&*`PJA(b2cPDrXb*Cw8v2!#+NXKIKlObpKLIgOIz+TjWM9=I%)T&O zmA4iXw#p?yAR?DaW4ZhZa)nsAX^ZFQV6tUE+g&rdF!Tav4M^#Ddkp?wYVqLdf@$}X z1KlJi?NMzg7brCobqJ&y)KI4q0GR33<6Nw5CDKcqJ_`5vX<m4-t zt9&P<2{XWg2j==28F&>|_*4I~e_mfesB{INgZ%VLcZtvIAM!|SB1ay-H`ry;5C4^0 z4a7&0a?=>k!)Ot08el69XTok=!;)KAXuuE}L_2gt0F8ThL#v?oOuOQiWI0%A#;dJF zxsfV?^lT)H^<)9jA_7|?b~A-~JX1~-K;t&k)fzySNK(KS;!4n?l-;Tofp>h#pCy>% zz*CYga59Y<17dOsf~ByR){`m!3{xvS1qsc5_u=F7`tx&#x%ME~V)N z>^31_$N`9vNdun?c&*g&o7d=B(i+QLJVG!NqF2RL)e&g$CGM zsyP-#D4=kJvVl){=-WYdj#9xfo4*M)0=RaNvWU|Y^}4H2UI-@8qPTy_1mx{iqf-%l z%h1gT*1c$E0T0Otz<2v1{$8FTb6~H<4@cv{CDW+UsgI?TY%W}4V+n>{ndoinC?Y9) zooYOpCbu!(HtQ%Y>W(QeCRB>Pv@C&L=BOgJ6{P^o3T3d zyohiCOb85-gMvN`unRJw1_(nMDuIv|)NP}gtk%#*H&LnqpaE^*6M)ObLZbx!fihGS zP7=wh5C~GBN}(uSkW;`bmHH;OB8UmRjxKGBwZlz1;a~A!R@jf0#89S4XC9c z7ojdt6_IrnTuKuIbBSb-D=F{>GEflnJHh+O;5<>S;cP*GOTsdoHmb)m#YAIVS=Mm3RH##=_Wg!<4>R@(AUn>>sRV6J`OM}%cLnj9xJf>agN@}xJ?_e z@Nq~6LFl#p#w4RL;UFj}ys`9h;mpqLjhP2s12U0JO~?5!-+1vpCb1|}S6u!;ccv@)~=(wsG9ijqvI z%6JbH-h$g@oMqTWNJ~Q@G>F^fVm9b@Q7?xG_n1-Rhp-->u7bgY1CtNjoB9?ujJY)=~8e24M518$)>;XdlG9utQcRRAxDR*oDZ5L#S0j zGYc35#=^ie(e%@XWP{C3JFz#(|9^xC|O!6n4Or z4U{P?CpR|wCShd>&5TLjvI4sw3qaaoS1LbR@nrZ|NA6_Zh^sw`trzA1)YL&L@n!cG zHV$hGSlF}?1R|`%*j9j$m>jZcz}yfng27T59m5Vgffs=YB+vKR-R65xWvttATeBnz!lB@nv=wHP#EsHOEqX(jUytaTL$D<(#X z+hr637_khNR0Kre@=_|7Ah@KG2PS+)Y|GSvTpS_l&_viP$#rE=7J)Disgh#ZM5NSs zhjL1d(V4^y43W!*q*x$Ifj(nernBjT)129DF)4xwuBVC^M<%I4jp!FT6aa3@^>NJ` z4cW(1CR_y#L1#_qe7Qq2S2|Fm`%1%+$j`eXqec&PNK!ld&}|-e4SGLV_)c_nqXF+X zGIId<_M(Te+5z*k!w$bOnu?VwC5YFcTA?a%ioT&ZMmHz2e`6nbQR)l;CQl9ucPZ*d zcCbp~Zei%l*`k%(2OoiUl0iVQShGShd|tmb$40wKkSm$|k+CD2T64cJz$~;$_=yPt z5dti7U7+X*ssBbGUqmUysM+18wxFjZ3|`4O3}mhrmfO(*$U@cbA+3AT5z&V;{(KE_ zF$cMgM7|c!q1ddBXqSM7@I?x230XMQm115w+GX7sU6P9;1%g^hEvtwG2$T`(lA?gf zT*68qpaQi@tpvxalCVrFrr-+T_PMfwJP`q}A{vw8-?sV-As}Oy96kqpM6`=C3Y>Bv z&)^S8rx^sfxJxTJsYokZ6!p_X(jnsWP(1~9n`mMRsPRbwzEX2`W`qdZ2y#I>AjBl! zU{1EtMG9ur^uFE-LNa_@^bmZE5(urp z?#DfFC+BujT1-$09OMd^mAta#zcv^7a`zf;y8u?9gxn64t}&LZsP zsy1P(BU~p%s|)U71Y{(OGq$O0lIA2>YFZM-SxX z7hUDihq|;8;Ve8HBz}q;QXGkPMZtwcGOU=GeH17t z(XJBeipdJ>e$k`SQMd^>!o77ifX8Iqvg$% zmfX?(h?VBe0~+VB5giTu1iM;aKMZqqz5%s+pD{4+&pC3naJ2!Ks6z0KJg1Tw&ACh5?V2@&4frs#yM12L7Sb!Fw6KA89s#EEBvQby2IOmE&csrza^{U|C=o>VK`qAK4?+25MH4rTvvV}F_oG0Im z)<~`ZN)ZZ#c%d50BTS=IQjR1C6#2#raJLcBE?;XOC)%arT2@>U$smQj$D6bxavP-} z!E`$z@bTl^<8c(U!}h(2xm^ALrv*_ivF!995z}qa?(z@Y9^vBTgrR`1AiJ6S2FU8vuau&K~nCCLP0!fDGlBQ^Exd$BLUXb+QWT~?TVqUJTpiXYVV#OHFOj-kb zG`4=VZ9wbk$4S%_fwl~G>0OwZgS{54388gy_mT(2+@nUXHkb@R>xR-eVlhb5%U>2b z=gRHv#YtSW)=-Mvm5M>s zYxX- zc;drpyq6#jmBcPfBA#`mYxX@N$PRXsc zqn?O@6*fR*)jrWUmSj+fi*|%nP6;1OG9YFrPF8s3Ec>tu>cks3)6C*K49xC?hXOsVa57 zCmg0O6%_4qdXI3JbGgDGf93WeM_?Jru%g@j0(@JR!7fX0xrMoKbfrX^47NiG>6(0_c#h zqzYx!0zi-e;VQ0?yekIm=|p3$A?|X&_F@nd;V`?Mj!I zyzv7jFIXe=tn1eJdbB~DQ@f0j4pU^iKDbjG?9`E6I{LE>YEbs#Sa1hC>3kXpPTwJ6 z+JhaVsF^#@;k!d5!wT$vGTb2YbCK*Hv2#L-WiDq#zD0OKh zLXf=w5YA*8El;L2>j?vM2M`TW6ZJ6kxv+4hR^j?UpW1^qlvB=_Em@9KV8Y#u6{>O0 zl~LgtLS29YnJS2^5pk5bOimFB(_P|rg@8;ZG}{tNf@GjlU?v%;rmLN55Uj2k0*k3o zSgQUyl4MhY+)v6dEQ^kh&E_pbTNa9uyTZ|f3>nxThn6fL`!JHBo!b?n4#6-G=F-(e z9kvyU@Q$P48qRHrTqQwgIHGZIJ%N^Sh-VSiQeu>}e?&8|^neU|x%oUrr@%=16GP!p zsOln_F>7d0i*}-}UJX1nLS4q_PD6CNKDd9EkCjoOC3TLD(|j3wF}{98T&tBK=lnx(`I(3hbWLf3OdJbMgfqNpJ;` z%bmjM*FtI^iTdS>Q~ZR`q7kjj!7ZT730~TB&hQ?M6P*zIpvE;~$(~ z`%yQnkL=XPb{eCdMif>=dd=|73BuR`ZJwbH+;8$O_+nl}*<{qq{v6yan%M;K3nXL{ zDK%N=umZaufgVy8RMt0(YZI_HE3o^8fn7Fhm0*|C(9FKcu-hQrLbK_~73bZAxk#t< zY5bu4I&`63VExdZiwYuKyY=1~PtumI;71#;v|`Af(FHHqMzn+wm%RkFvI`O8y9TsmQGzc8NC!aFg>+4GwBhFL0w#_Mm6$Uchb> ztSpvrHLF(3q;O~fd68rbR~m+BZqgpwM^`qkZjHY~AMG^7I}8!hHt119f%GZ*Qv?9Y zkT;B){Mu;7kK`T&*HjuuSu{abaap5?a93dWW1_|i?0(Dx^?BK>jbvb5C-?cqj}QfG z^mE}-G;U_gZ3|#5h&H|6d~wki*=L}R-@R%GiKr6~I6l<=!Z3S4=N&Z%=lv;rrV;|+ zB8^7Zzg5Ou!8S7ZQaIK^yawz*E{G#LKnYdB;_6ts%MN76BN@cCIiv#2HhjPkp`}Q0 zwO{osYd#LJeo!E+V7H>rZGV-vmt((23dxW2K4p@D?9V@vWDti!q8bqGa{V3-9S=z?rqgoads_g-WeKJ*?N|o-CDGBj&xCLXY!NlF`>b8q(c+zQ29YO4e0|1EPk~w8pxH9 zprbEVty(UZs}<}|qI^YONMz(cFTa-0_IDU z&?$@<5Cek~gl-{FuA=Ycej}nDa0@8X4ngz{x$g@i2+Gh?d1+%VPJyIjr$4IUg z!}TWhl&q#fGUga_OSpn&q+qH#I~pJ#pSku8_Z?crG5=Z4*(q2 z2&Zt0H;*UYlE??8T;fA`hT~GeVtet>vN*b}Rzkc1>MoHflA#X|Or$~73g%?FE0G3D zVMzN#A{O}LOENNGs3c%OeHxxiP>X0+;4cVt99WEap%Kg1F>vO?N`_#hF3X90DVZ;& zi{*T|3cp_VP9S|RnV4Y^`zlyhqI=PB9>@z}FT9T(@$969Tsr$TKG655h3PZ+&>5u5 z7}`Y?Q)s6eou0$gC1lBd!00lBlW~}?!*&v_OG|KWAlQ{0nb|9yUS*{=__zHLuaFGC z?UDPepVtPv6nC)BlCsrpu%5kn6yM7y2L=R%?j zpYo+Z#*wK)w-Bqg;-z{tSB~LFj_N6dx;aF<)fBFRiv+s@8VGs$Vi}RIq6Yhfuq#2Z z0Ada;Y58$rS7CUMg9 zCX(1!u8CnhrbHV~y404b5igaUiOj4Mj`iMQgKrR>*>v76t#_B!PZX0W)@@33>B97V zAhEXdu+0bLjUuw9zQ|mvK`%iT4g~Zou=~6H{8wQ2cRPNc*|V9wm1XoS4kM)H(s}yP z)gh?IuLKy~oJlv7ReZLhOS`24RaMh6o-xrM7I4C%W94 zLFv(O{Hls}ir`p5!ZIe|Sic1&T_!SS#};mg?AeEs41y~85RyS6zNN|tz5*cK7*$CS znIJ9{k~obOaF<5gL?Ib!f&vEYQovip5*j`bKBaW7lq~>!8F?iVkr0?_+eAe%OU&3P zoxMUaiirA&b8f8@4{XV)x(f%o8w(*j;Zy*PX|SAgDUtoc#V;CtX!iG z#3;QX2Q;K+aUNeG89v$1USVStwqXT!KiLsHdA8;}2fZDVwo{r&Z!7VY~CzBzBomaK%q9xz=?`5agj;)jhE zzl6E4%c^B49p6Y$3cf{gnYc9OXczf+IX^~i7eF$wu;KXJ?$IQ}@@N-V^m4Q-$+nJL zt)KwqaS?MF9lVUG_&Ca34!0H9mEMvZl1pgIO)ZbW?gx+z#JWfhIJj02h803UCaS1$ z^-yRg^SH|sfU-P6WeOFi2%Z7+d#THT$>%{u(MHE>CHQW6!VYo=(2K8Oq(+#CAM5ws5JRk^ztYy)chxIJh| zWaDT_N0MPk8OWPVpssKrTOoIUJ3v^0-QVuGedf(xBh0 zHjqx4b%gioTxhNZdz4;Oi<*NyCSSMC)vLDe(Yt3|345wS`drWpxf=hZq0A*`77AcV zE{3ccl%#AkCg=s3XF%jjv;(E!C97Fsjw71-EKjL%VEEy%E0YXD()-cX!^b6m+bCM8 zuJ>3W+DAR{_W--7*^@w)Z6O8UEl0b=@JhKg3UYB*346svigsgpoB}Bdj^(NmqJ64y z9R?i3A2E7n-Em92 z5(XO9TKK8QGQiw&5=?GET;n%LqKgVNU@?B=(CQvxbd0&Gl8=-P5|r*J@1E* z3@0D#vcco=V3$u$$hIL6=4cn$NNIvN7t%c%0(RrbaAx6yL2CfMI6+2pn1gUY{7aW3 zu(?1z8@ZPW(_YqmiGC4O+RN8KlmKXD&$RMXjA_eN7aIvZnrp8Rv^b9@KVFTD>Mr~54Q|swe z+lKUxX;0LeDu=)rpfLogl+a09aToL%(sC`W@Qt|;|g-yK22p7|_~>8vNjp9>u^c=XUd?9wU-B-$>-@G$1TfMh<_VdMsCu0(M#FfWI0z2l6}4 zl`)|31MlVs zVAmT0`9Rt-y{AuOAGLV2kz|BPUN(c^3oE%XpZw))>%As5VN*5|UtYO2+i&%g`GP%Z z1$IyLAM{vYJsNCfYcbj6M*e~yxu84RF`07AEL^}PBsG0u18j8gZCYX(G<`ut)2DGG zkb(OjJWzJ&d^=TWvE>?bhV+R7^ts7e6TD$KSxV&agKy$To&wd#As8?>mMP;(RuMmu zR~EbqIRs|+773u0OXjv{SGXOD4mVsh%w9R*8QKJ7%eh^lXJF9$K$78ijCMbqyO1B1 zV3#FgBoyO8Os*KhyIo9<)b+}q?uxU!Ofu9_In4pDL^8}^OqOAqgEO?=iv+-+&OYe~*pm4a+oDq(Es|;k!Lr-FjKoqa zDe2qG@?QR5aphMc2`M5Hu($Gou#2Nd>9u?lBb7%u+{C~doZ$qApujHvH1Rz2yp1R=Iof5| zjpr*-Lf&#LhZdPtH2o~1jF?(viYS+CY`8%L3k|8uC-v{4b91e3iKi!Ro;_M?KiQRe zxF-;~bLyC)iUCFoQzw2f*whGdW~;N*Wqri88;nPKC$-jMY`O<70bQodL%!u`6?Xa;iC zd0;LqP8MzW*+8C&{sI)|YTdikt|3!!Hkfnd>!=)!P@J2KB{Ruv0mN=3Q;TFl8saBi zi)Jg~R5^kes!)L^KpY!n^H7zMuq<0he;8wNBZ9A?5%(2z+@6k@=Vg8HHHQufUvoPMRCBWfkaO8`y!ieTd(QFxii%7a0p+85J28i8!9m@#TXDPP^*cJ5@aD$8I zODWV-z_@|@8R>fhQ48r>7%QP^farw^&R|ytqsVI25J?;|xrWttWZ3$Rp);8MB^4x;)pIPlK4leK%*}$F}6}>ge36DN3#}4lB~DAdm?(#nkC(A*%HM` zdvFh$b?dz7*F9(q44Ohi=FqS?Flvu1Mhb33wY+5#BtxNsiY%B;WvdY3w$N4`#9tN; zFWmSRopI4=4Luf7lM4ISQVlJ8QRRhrihB2=Wn>-$U3huEY~<0eOth608(>*Keh0}T zZ79(O4XuCc=JF*)u)0Tn(h1|G#zu*4d?r7}N@-d-JgRl19T$;TPA6COt<*cu)Uknz? zx*+j8s5!GiB?H~Y`FsKF0&5l`oP$}#&0dvv51X8wspjy)l{z)wg)bLv zL%)9jt3VS8EUGjS*g->@U}I|hBli5^Ba60`+~1d>Q-WZDzskURAR|63wK``=MfozW zsj-IZ)96`m%*3IX<$}{etLwwXc`?Zm9_rpKAo+1$qeL$|0g`rcN#(+ zWQ&fr6zF8?=+-(0b?`(FI8((!6K5udR}{ikV4PouAqahwxh2I>uuBzmqB(_tVLf@M%I5o`g8*uS&}{`7GxT`@`azqU4u{qA3kMI5 z?>jtsV0!-G%;Lzz{P4v5;N-%qeIt*(vHgKp-hc4*9S^%-;hxdi!9xqX4=)TKo*OzmJ$QJ!cWk12bgb{d;h{qldk#x`RJiNV-tI@ zX6*2uv2o0Y$0i03Obi?tA3QiQaB!-BY-;e}^x&cC!Lga4Lo-8%d3k7d=+K-P!!)0! zfgOqs#GuXECgLuwnI0OWjfW3S4IiGO<)NwFho;-c)NXpwi32l>gQJHZe)`#8z5F`n zqce*`W0QD$`zGfG4`4ERU`{nMF^iSEX>aX&p!ptJGlhrt9G>AJO^&P?pV>P;vuB*% zmGtQ_QQjve_{ic@x6Sc+#n>&z*vy_ovly5RADkH;n;qt-U`d1bEDhSv^uX9e@93eP z{fB!G9PS^R7&tVEW#7T^p3y_y`^SdHCWgii_wGB;J38KXaH?-?dT@NUYu|Y1p0NYd zD!V^QlsX6v67z!IL2Y*pnKz{Da2BDqKzt+TaxU~G3lH)tLoFjp8C$t#!;{L*JAHdK zmfj^h>_GcWF|?xCsSoY|J!SBB8qk3lZAaX@_3i~vESM{!Xc*s7a9rpS1)VrN(8!vX zWNK`~&SV%NFgZoA9TR=ANk<{x3H$hP(D0>X9adoXM8mFxrXo;fK1_&w`1{9%E!+5W zr*#a%Ut}=I!J3n1NKoT(kHh`yoA2Iw_k&liz3-+6pSbCPC$HJ~=&H33{dn!eXWe@D z_pV>_gIn*r;DM)C|MdBbAN=L%w>|W|tJj})-Np-U`^l;`k6d=gPcFUvfh+EM;Hq^G zuDa`9z3ZM!?zsE1JMX=G&HY!cdGN|L_g}f@zN^;WfBBmGR^NHgDjN5$ zT66!UYwo{f?E{yreelP4t#uDwvi{*qH#~Cb#z!u@`_WbRJi7Ys$5w58oW=%>pRU4N z+8_qj%kzzot=@>cG{gi;dGhGx8!*R~4_&tLCs;~j{X?t7*zl88>wj|Tx(BYg|A~w5 zxc5)L^&emT;W^jb|I=$9eB#n|4_>!IgN*TiSej3*(g1<3LkC5BbV`#J|^b!SS2Rd)dsxnN3kV+ z#*L5S{YzuRBbRTahgNTRWYzkIv3>iv9FOu?z3$;F)<1I1J&#^{&tuoz{peNeAHHJE zgRAel|MImDUbX(AYc@P`)w+kU=Gu*qT#NU7=l!eKJapxT$F9En@vCw4Zolv5dmi8X zE(C#|WSPZe*)oXrXrUIvpePvK;Oiy8A%Dr(?^OamATWAXfG~h%FVbs?a>bd*&Da9{ z3zj~OcgPZhAullZeT{dg-Vaqn4^=jL2ei%+twZCD!(In?4WQST7liq0Cr^!qnu5Xvdj_?6J0=GT3PnUeJLp}A*)r$ z!-&;&cmj|8dh@?ueAQRazU14hZv5uO*ZECa8@Y0{X za_w)noq69c|LUCU|G(cp`%k}n;Xj^p-M22d>8qz*{y)Ea?*IDkIbZqS`G5VrbN}am zp8Z!pIPdSz`0?NT@Z!JvK9-mM?GG;f`%^Fb`%^Fd+aLb;uYYjyUw;3hzx=^Pe|gF! ze|hR<|Krq4{`;wy{`qOE{`9ofG|pK4XJ=lH@#kk<@fT-biScKrU-74>UH)gMUGe9q zUGZl}CaeGK^i_X;+Uh?$ZPlNjzWTqParvKPoWA-mc!H%g;fMYL>rcPz&riSfFHXDc z1IDG;;4e zgP!;o{I>t}^i@3YDOTfcW7$68H@q5~;UW4^rzvBVJg1NIXY`@y6a6`VuK#iBW&iWk z%l;R}4=??zQ!e|5v#$K7^REBS#kc&+MYnwOoa?`K#+4ZVeD<~fa_)`)cK*%(dj8Gd zx!~q+o_EvNe{{pw&c6O1&%W+!XJ7Nr=Uns6v#&hw`VG&$-J$h_!S*6$2LmHE&8fzU z0AG?fpw2r}0-wNjj8f?^N4`k4!Ti2nEs;$+(re9RwPgwC4j?6=$1%7GHmcsnlp@<-0n;{PxQJ_HAn^O5`in14-?%h>NNz>%UqfayI;yER|cCE z*ges(%Rwy-Wx`5GHdx>Qmx2h+vkCG{Ziq%bd#KlX1x5=kyD$9si*Nqdm3Mq|^=&`A z^PwNy^57{qK5**I51o43qi3!E`Kjxk`tEIye}C=Mr*3@qUvGZ&ug|~rPrkS6D`($$ z$}NvwxZ#(l-}LCetzQ4{tJnSD+IxR^-97(t)w+Mba_xU!d(Zc;d*HvW{mFN)y#L=; z-Tj|e-uL}$9{lcA_x|VA_y5P$_y7Af_y6aO4}JZTHUG~kSNzGTSN_TA*Zkq>*Zjfh z*Zj9LuKoiae|W|nAD({oADw#DAD?6dhGPR1-@WD#U>ADC?gi6st!=><4HYZo zl7l>NrHYDl&`*-KB`&*v;?RjhXE=~UC+`GPV?p>ICW!a$p;Gs2NId|>fVR_!27=L%}U4M6; zH2xOP;^+Py?QIR+rH9sF{KJLo|KWmlUpeQ_uU@$R|Gj9#-~8wf%<-sr3Qdk4;?cjq zU@eXFr6Kl)?Xh#b0lYNc3_cXzDi2K7eubA};DclNcjvA9TN-Qs{@isK@?APav>AP5 zIx^z;&>=dP#^0Vpz_J`L!^)Ht__^pfY{f{diI`ify&bj6BA6~xU!kd5ctG7BA?7?WM z8P1i%nPLQjvjXu9Br?m^AUK1c0~EozQWLG#s5=iUz|agH7CO|TlDzQ2Vxhfh6QY!0 zp|;?P4yo+jAbE{}K64a$GSu2Y`rQZE)wu@r?m@kC#ON?YQ)qcf&jsuj%dIM)o3a$5 z!7yvrD7xT@h%6}F7R~(>v{mr;ON9n2(e8=%Ml{4gdSpTfX+gTfX{(TfTAT+J8QC!{2`Y z*1!3$TmJ6*xBdMOZ^!t{f4}i>zI)?$ess@&T=c-doW0>2r``E)KiYW8B@dr^*~9;N z;l1BF{jP7Fy5>L6ec(UNx&K?Itog?G@BHprcYp6k_x#JLYrgxVjo-WQ{{J}lp6{M> z_rIRC@f&BX`=>M3{?qB}{`YBXzjoT%e>`K&Kc2pp#+hrscGjA&orUGvub;i{YiF(d z+L`OVe)gKLpM4h(Og_fI9!_Tw*2QGZTRQ2H+=ofwHU`fS6L$-#Z$zyl!s6pHqhjZb>G1IIb+RNPrdCQPrLP>&c6Ly=idIW=iT<5 zAKh@?b@x2`X4j%M6e%=9=~5_F3}wn;^37?)3ax0q8O=5#nR+bSNagV5ftZ25V8|c9 zyMz35$RnK+VJL8<=ELav-fTJJxx;2(zuMldMNN6AM~^Du5S6ZJ{XLK*T7rE>_~M(# z9X@Zi0A83x5@o`0+7nwmQ@3HN;lYv>z}^p+NUnQ?kP+zyy~e7u6*($8c$q)!!Isa_1Jg*>!xph_qu=i!Oj2j zy_^5f_iz0_r`-0hr{4aZQ*ZnBDYt#+l-s{^%5C31_4aR{c83_>IsK0BoN>puPP^@! zr`?9-w@$t7Tc_XhtM`hU(^^MB5|>zk+C@{J$fjFta-=ABsn%Nciw$+1sw-_^4D zw@<$vgJ0q{yac^@9^d8{g$yZ+_OHQzez_J982&HwzvTd@4bDYs($(+_U?-`~IKpKvNYg;xIaDK~xl z%v=BU>^r`3`i=kiUzdOV`>Vfm#+8@eeBTT2bT3&0;cP9KDh84TfNz9hH(F>i>^38r zMl@54rz`1fy@(7N1)qRjIF=(xOV|GFU=IHzmL9a4@lwMO%0j^|l0oQu z1Scl6WUOtF&2B(3l*;HNfIcp@d;wuf!=!h*9!u7oT`U~(XSkk~m8rZEgRap&QZX^vm1Qc?G)x;{piHiy)YqM07I|7Cw76=R+EE}D2HQ|*w1W96x(E-! zqZy{m++G^}pE@Vfes@qK3qL&%b3;eNM=!sOkZEticxbZ5-m`T9Ow(mxd}Or zR82vg1G>y}og3$nh4}nSc3UACPV^uAXx*-K`6VbYb~F{2Ws1C!@E2=~NLoP0P;cb& z#Y&;7S<;{-wyN3Js?Hidi*nEp7*WQVR{gX?hlj^Z4{rIf$;G}M3Og+75^+t-} zblnxoxg!N{tQ1IAf~i_4T@NIy-e}1aF8X8DK&s(M)_kdYDBlWXn*LP%z_j+^pFMZ; zUH9I0*L}C$ao=rs-j8wno%i2y7nTp+ao0~UZol&%b$tbOp7 zwGZ+{jQek0dmk^wz+BuF6M3xR36^)=ck7+^(~<@zM~z$Vyzln458kovCpX->@uu7F zxogA27`Lx^5aZ7E58+V^Oz=)HIriydjdBE}__Y7q?|R@49Jf2}yW@^~@4VwajN9+L2LpF+zmvvo zciwZ`UH9I)2IC%#+t=QI=lc8aSdabSAl!5NntRvY{qWrn{Pf{Re|i4{Pu;clp?mLp z^5I9HedwnczuNe~6Zbsyvp;)D%_gfZbxgv@o~u@{60cz4`WgZ*6_!^|uFyN49nKJp1x1FTDE3 zZ#KX7!sa($d-J_l-+XV&>sz<)>YtcdTGX3n)Vf)Xenw-M*61cx`f0UcPHUdmSm!k6 znMKp&qH#iPoYb18^wuezX~Agi8r-w-exTUe^>^RDVdMSl*5A8s-QDZg-n(Jly&Klw zw|?DySYoVOd+)lncduQ0HX#MfVdfphz zb@#4cdk-y-9<+a6kC(%^d*cIl-~9mHT|;*<*?`^hQ!wE-NpE%8kT&2)l^rVED39VJ zZ@8O20zSC(=CN};3m+Mug(n-<@e%_sCx-HJnB$%BW*gVubN3pIyT#bJb_2%UYc_6N zyK%$XjqBHL*s%WYjqC5;ux{hJwd>cf+ladxHr%s*!`)R@$h3$Z+`XNi8-A&n)b!Bfm9wTHPLk#x?S{vXE$`R zk)uKO4kZ*2LsC|zK$ptZxCD~RaX7UL*u?j(4632h&_{A;;f@w0ohmo%8u}@{7T&2t zv>WQNMth8&Znb%z!DbG@3YgsQP=bL=GWH~8E?2I4Uk1A(9A1Il6Ae9I=GUXI8%MlS z3l@f0fwFX^Mo|IP^Kiu)iErq74dwI1>!LKcp3N0N^Ulo9{`$FRcXjMIaA5!L5ma4G z?;W4)8QI@Ia$sQ3fq`L+(Y}F^!QG?#$EL=o7bfOa6ANmL@dfpvg{86i#j$zJwUY~m z$p!u4S>2&o?coL8*qj<;Vo5u-s2+W+Z`tzJtFLZ->7}=yeeRW) zUfFtZQtb|9-I1IxUJRw-#>+-!s8!2WVWR_3V?8A0yComdF7Br8L19H4nV?7 z&SIp$#n%k6a08`ltw6E1fxEmpa1$7L!-ML0jJgLG<&^9Z@}OV808gWapQdvy-4)+vTx>+tLBK^nG@!4Wn%!y1cMV|JOH0i)HU)mbze z)8f2FwWKu~&1$t)uQQlUmW9Qor6r9{Yg}B?EG()uTBA;H(dkWiT%*zJwMLD~usE+? znpbO7dY#6oS<pKsOYuurtGnn^8O2H)DpkY8V4TZvB8*-I!z8uPxu!J2N`rX0QLMVCJ6&(pN;vDd0BiOCODZiO&v>fR& zY?XSKtR0IEB6fA?@gD8cM|P?GJ%&KP$vdF8jar=gXc7j#z;XKKQgOSa;1y^qi*-c? zLkQSpPn;EQ_rzh(m-v;AgrpyXAqHZ8|>1r0*zbC)jYfw6UlV3I65`)MHm}PcwYq|4hu`WBT08-hH(>OJ zjNYKh7dCn$CU*?O?2235akD3CbOu2a+ngbXGZYLYiUq1|0^H{^MVG^4w>n~xc(DkJ z2=1CmKOi_y!Y6_%pvZudy2g+S6j!j+L55Q-D1;*4G~u2`4ZXON_{lwhAMEvpkA!?b znv_!wtT+_NLgAzF2GTb=q=Qtp+|`}m>e-6;I($Bot;_;cw^oA zNT(*yZ3y<7VBc&XHaX_}5r4j16bf`)t$i@;N(B@vu=^#(z|ZEROQz70n4C2WT)9R` zWfqc)VjkhCOZDzGB$%sk)6Hk{$y63R+JV{GpZ?}IyLRtAw4mzWKQ;`Ll#%`K_w;Y; z?A_Tr*ww$gyMOQQy<^jJDwEZ1cL%JlfYIqSxZFm!$KduETwbHgZ$MP*3K?BNg9FR3 z*&VgG!bY3lX!aV6E}u7AL%|%%kjgca*1Yq*j#poPeRSVgK8MnzRyI?J#Z&QAHj&Pg zU2i%I1!op9R63K%s>x&jb$x0$qhi@-DaY(=bl7U?s!ueXDSPqmbp+XH_z41&fm8}+vbV^{{1^$;w z$x9vzsFNfu7)sG|^@cZ7nQ{jE)z*$BI|ANbeFR;9AZ$PlTMx|1AZgIsN9|ryA_Joa z>f|QuCdre5Dt|~XCX~8DH6}V<&?=eT{bGMTj`!(SQfepqZ_dtQl5pmT2ehOh6D7io zx)Sxv!3PwPKr++?=ZmRy0U471gX2GW=GUFO$L4hQ15-;Ai<-mpiwCD>56#R?%qekx4TANz~O2OvW+X4n_&|voK zO&+zzYP0(CIfPh^WIVNZaOA%A_g#M3mA`!E*M4uX2q}febl~9RfkRW{Q}YMMr$!G= z9G;$=oLe|}XncBl*5&dP@q;FE1ZENy@Y0-YLDWaruoST24(5E1R<=(lsHC`(m!I7b zhFWcJfFf3OD&ryE7|UHLjKv3{HT=%;6okAy=TF8Tms3sb|3zjr(t6s4E&%9AAT$Pf zUn%2wQH+c^&UTpd9`Ib=2VSZM9U(}jJVI{lDU;1kOwPRg%A3P`#@zn6H<I`fzHW(cPnVg5mAe1$(K@CB(dN<_&flyd7FwztJ}94~L7mFo63FJLqxP zK%oTZDcWwrpJ9b$IMK-SWq&>K6+BWGAsj*k&Tw%+5GL?6S zQtx!{Uia`*okNF=j;O}uGrNKox8LISx%^>wAnNdf-VNE@K@5x2Z?e1fHkZ!kq+xey z9Zn3L-L12EbfA50US9e&7N5@SHCh7}d%$RNIURuFMns8QBjmIGcqAiQ{$tYhyo*F0@Wm zJ@Z7iU~6kaAP$XW$||iFYd-dn_VBT{KW5K-%|QbtT%`U-D99~BX(@VzijO8PNaVH( z#JcbX$`!VV@Pq|{WUwJS5>R?cy545JmE8MA_MH=Puc%}o!WE|gNDNSuz;f6UwJL4a zbGhuy%*-2azO!$1+!suG1Ia)*6HOEVyWHB6bYp1q4s+g6q3O>z0;PJWTn`txKSjD0 zMO>UNXA4!*lYz--ab`^z=3;_#B~Bnzw}ybXH0zG;F?itB(5vzG>w^7;2nr~O>O~`J zgR@I(9>sN4GKZEzpvx#&m(>iyPftm$iD;LDVG-T`zAhF%PpGmI?S2M-t)pR=OC;K1 zSFpd5xPh+OM3hrO(;jq=Ntb=m+_v74JMVq+4V4-`M2dgA>F1 zCq~9*rk4yRXTS#b))CNKJ$k#(2%f>^GZ57PlEIIGH3nD6fL@kPu?!lW0kbP$^90Ry zx6|# zk6FXSHD{Utd7>78AeCcS5u!?AEETYbbEw!r1hZly5SfK3AcTb-twIZv2Q9^tOxO}< z%d9WQ(Abi$1*Dgf_k|!B5wJ{(qsSMeY%QHkPL5B!_WIlVMi2V}2^n?~?NUD>ZiPn( z8%EtQ!EQ59Y=lY#yJ0j0LIbB%1&xBBDoZ16Kn{?^>=HjOG`JLRlhO+k2NwgH`06^O;~?cm-gE3o?^$nrUdT{)C$FRGR2 zTmU0t%Hxd>KF=!Lne;qmA8i4b!fc=VOv?WC?~oaja9!#_~|nToiGALqc3 z@@e?hRsnYTVm*>9*#oI}y7sQQ|EVo+bocj-cXjMLcnDYebAx*ib`9=(uXAWe&+d^! z(Bpb7o~XeQ)Y}6FK&lG^$SX$BKzG9iR|G@v#3W?!gbkh`m|vsIqq92fZZA|5xTYnA zQMnWihhyPzxmYBL5#pdS@xC0?96ws&+7Id_15;O#ffLq)#Og^Gnew?tIvgyQ6TQXd zI8un}l$%_?_d$PBS}%NxMQkNIyU8jh$>{B)?=t%+LR1dbC|KvPlLs-EjF8L-P-;y2 zo5>TgF+Y*fSYkMd=Oo8(D$^2kDp#P=Fj1}`-ZLYsY+K8Su8^SO8bB(qr9+iUBn}-s zyyca*Mn)%mp_C_>@<+1xhA^>9Er%gvh-T}Nd^1#N1q!ga0si7Hcg)LH!tXI?Ko$D*9Ab6_ zjLJHQBeEjtT*FCq4l_yFAuEjpN`KtJ&lMh65-}j=pL7U1LG-a>Srr0MQZTf;$4a*J zELq?JE#h18HzZ95I^FR0bdiG3&H=B`dz3(TQ?QRu$l3({CI}9hC9iz`? z#4ttKgo7-kAj|M{I(_)?iB(8_l^w8E-TnN}+`?8i}I21VpK`#J^v($b9;0q^*P`VP%l;g!}7VixrGOErYF`0B(0y}f`H$pq=YQq}Mj_RF# zOO{?O(r7-4b|GvqMfz;9E`zsIW!r0VX(Nef71bBaGteJX`cBBFJn{1o&QB8i^jTrw zXZX5bBG{EN^LK$=Il7k4-U6S0TiBJJDqvS+lZ6+92(AziQ5_Ne2s&4eNX1HQfMqY^vINAKv?I68G+6bg6i$R(%O9EFCrOXD0cI3_)Q zXEu*(A`$E|?uxKPTtCQBi5$hZhx4By4xZqb{(QjhaSn*x+yk zg4q%(;~GF5kIOYZHGXL9;M~mY{Op`+NsS_c$;s)12gb(6#;2y|7Ev#-q@JByoSmJU z=iBV;tX8XayIjFwz~}RL+)gaLUboll;-O4v?(?~QN7i67+_0pH&*!5%9&2dVNjLFCALwciy>XA59`*Ch>2&J#`h|tX>FH^; zTJ3N+j7B3q@6;6C#iz!{pPQSr*=&(WBoqt8VVgvHA^N-0+6 zh?cxbDVQLKQqtbgC7vkb5n(R<49E%xCOFL&63Pel&aP?oFW&FG?a7}#wPnjQn>RhX zdGo~V;=zfzci!*X)-eELx1)b#=)g40acus$)r*3N2;fzLU85s_aRhcj{yIZ|T_zcP zIv}spr#9KlE;pJ7mnwCHTB^mRT|0NY^Y&Xiwr_ub>$V-+ckbNTv32XVH{W>cjW^zU zXY01EuAYvL&UfB^7vnwLw!OD?>(<_$-ie8EwOWN@FO_N$V_{)#5gG{Kje1Fi>NgaA zY1QH`mKrWx1J=klEhcI_uF(L?u*6u!vW4enaZ-apeb|Usn>%>~#A-xUM zjY$Jf;j%L-MAOm|dsAcYSke%8R9H>Vkl%++r^7>lypfTS?(S~-jJ>^+lamJz9>k=h zqhnxTU}$KlzrTO??%jY+Ag|Nz@HicAyUl5}IIVV*-T-(W+qZxJ-jSifp{|b3p04iE zefuX4kMABD?na8Vx3{NMd!4#64pwDUifl6L};#Tf{kUV*CW`VskS1hh$xnD$x!Ij>(6QdIW-Wik&fg^}rb{5&W6(JiXQcRK(J1u^DwnD$-SJO(qjW#U_hMr&sHZ zI*ZL>L;z{jV`o;I2`^iw^Vrokm^`R5r+H@!c0Uk#Ah#c292LJx;VM&X(e|N%5%A z0}#5R%u()_$JrImO4Fq}9%#{0a=aH6xdg>*`o+K~PuS8!2!7}qi!QUUWV9u>Qfg04 zE0LroStq>=J(FHYGG3Cvn^qBQ%Y)AcxXVyYIU5$F!}}E9Pu?LVwaE&H>NC-)oh#+> z-dkYW{JGksBi=n{>Y6h=v$gw{ho5+}yLZN*Uo@HkyTI8cqf>A5Sv?W6E2Oh{)FxYZ0(PyC_qtU^D~c@gCGy_^T?sA`*Z}}CL(pq?;))v~ z7~sHe2hJIRST2V%91QurK5T|7;bbBa4M*^-Oo|9f;v;zi$`UtP1Ca#Z5{U$^#G_y? z!EC0GnNI-ac_c9sQS2uckHpi-Y$6(uMWfg(90`WP-bmaNjMyUyS2F95CS8%3GnViq zQr=k18I3uTX>TmyjmABZq$iT_L=*04(iu%Ulo6r3t{B$GF+9<@H<1j2l1(Nfv3NKd z19?g}yb*p&(hYNQ7Y~8G4F-c?0K`hMJy!C^iHaxS-6m6@cInYL{=?^t#c&sM<%ZXy z8#chl=KWxw;cyu1u*4c1F^R}7W(&m(<~UGzG!%*j!m-Jj#VxPBGra$>E0lDF(w=Az zTy2z{cG1*_+;A`l=4MFM0Kko<;g3TpwFrn^7Bhr^xolJx&Xl6ra<)`2vOJgr6Oy$_ z7jis-S3@vUSa5~*>YP0qcQ*lUc$XoF*229;P`$oht$Ux@uM4GP$h?AQpgf?ct>*8% zlqwYR4^FNrhUX_Y1pR*B-RFX2Xcr+!tSFAzm6WYqgqLMa< zx=afdya+=@+LaZXTsTV^YS zmVxy}T*Qw0UoP2~!eVmKYmyxw*WrU?Xto^5;sHq0XN=u*#$UYKdDH!my!zhu!Tlq> zyNBo0`tdpKz{p`_wD*tCV~P2`!*h!|o5dYQk`20D1!qwc+&+M|20~%v*8Dn`Pw(^s z#0@r=3-a3>(pxYWpui*&3M1wP+hEig>^3}1SH6e?5w%TEP9cZ`+J*u_x6=i*rQZ_$ zHOR7oGEgvUV4Z`gTjN|jW&G)KMVyG_8~q`rNK2Mf2`+~;5s<9mDfMXFrMDbbn_zv_ zZ*&csJpFn{ug=z^xAyC8g9h7x!8%~H4;gGjdfTwhKB%(|=UGhXh2^l${uvH0Ffl3vj2waa8 ziL$4P5ZJRyh%lSD59W}C=Of+{1?t30$R`g{@KC6WSOI;ivbCl;k{i)^JEo1jbEaRu z({alK4{z)2oSvCFICfxWLA8H;Zdc#lt-Jc)e6Q>EtsU>|=b8k4vhx{;r|NTzdEhXVgPjJaz?%v-IL)p59c_b*@BcH8SaZhX7@ z`ZqeSe7)oH*LPj@=FaQi*m>idJ8yb($BnOVzwwP7H{$N=yRLtI*L82~y84ZdD`|9I z&f|*LJFa@OyBFCE*;gXu`N!RIt{BmgId?LGvZE{b9`Y(7mftGLXo`!yY%<}TtvIewFe^G#Uz8E zV1+hbuKyNtSMjTnNqylZ%7Z=cx#CDoI!bwG&lyvO3<}*@x`>4 zC^C|$U2!2LC-xXk#cL|5K2bc%r+uL&SwnzNW_*MY&gh?cr{k`NpXePP24!eOsA;jQjSf({i+cOK)`|fEFK7obbXHhClJN}&V%}xZ z?va(Kp>QMS^=K?EquuQZMG@^5!Kt*G(MWX5=9h1}{>B@xzu}gfZoc9A8*p0-Yw?XR zK3{joZMR={&9zrve#Pp`R;{}9vTLro`lcIb%Nwq{9?P3|#& zqmMuF=<9E6*}s1u6deNYW63lOF#x-}N5|bvGI(S8V7f$%Er+^P5CPJb1PojaOjH9% z2Epx;dW;4L2b!RsjT*d%Q-wsfga+^AuE1YMN#w&(FQ-OYiAqfqOzuOQOTD+(0B*tG zq49LUuE7xM)ddE$o-wl@Q9=@ZiTTrVE}DL8e3d6Roe)a*BVzay8_RvBulBis-DA~R zbmHVc7=O9t8GCz*YA@-EMiLze`&zD;p?oZ3vLF-$%`XBN+8uqzc*49Z$p{2!3Vusa z0tB602SEElOiF|Ii6t2~@;eYAwfK^;vlxfC94oV>AiD~3O(?$s={@ncoVXBX7^t9> z!g0iYPzBAp;{7Ve`;)qkS#Y~ucRu{&`#pWIoJFP`wY+-d&8%MNcH!9I@W(;#f?fd6 z3x)v!FOj@dmIfIam8dNnT(K53x8fXUfso^|#aXa4A{v(Nbv z-Ol9O*=L`9&N=6tcG_wG^)+ z>q(byX>xwo-or1AOg+DM>X*agPmWAKb#V5%vDp_7Og(>a^2LLbn?@&J7@hph==5{@ zXP(_Z^Q+OBXGUk9rZM|-o;tpm6doF5i`UvP;`OV7SV1` zPuIX;-}uBqr1`-A(t)ZsqlwhP@tG~Jy$jfN1rzR2#uqCDQ$#W#+77Z4uTGr@#s#HUQ-oYy6Aky?>?v_}RSp=K^*W?vEo{ z78vjlRhOdOu3TJ86Oqqi0G8AW;yRX7U*gIMn{myev@sVdh%cB#8M9H8RN~2@2#2OJ zo>E?n(|7RXr)p0w_#`h8tYM`M<@ZQ-UgtrR7L6LmakUnWYLh!!Np--=mz%EUNXg3; zq^yQ$<*GG9Fm}-7>0PpIpEYzXT7L0<-;EFc^tm^-b`I|D+r4i=YaU z3EXb~-b0uGZ~?&tzFZA#;IiOjFqdnE5ePd2P>+#g1KiLp4!g$ytw2)0pGB<8M=KGF zL*De(8*lE~u@fA^j_o_%Wu5_dcW&SD{8R|Kf}2sjvkdDV}-enYZ403%Udp8{m^8=EbEnBQHgHs6h}_USvd3 zEMgmBgFwBLYo%;17E8KgDSJHUiskH)oGG5Sq>Aoz-W|uvgd>r3Co?W^wTY}Ho-@aD zrbOPD!1Bn%oXA-dSzA2iNTl&BZ#ok!meRF)5mxeeb=b+nh_+g8R>1I}d1!_I=W~O& z;Vt2=s0|Tw0hCI$h}fP=DNs=&b|Ejt_TnM26x)a!)*y$5H3FR(<)xZ8Q5G!NazHbV z7I>hsiJ4d5*tTbMf?+p}DzyN04yKHmKvk{-R-#>0sZq3xa2TKr4H?PEDC|XU4ZSC* zTrHF;MAL;-t^^$mHU8nOmvn~VpAf#Xg;pzAYR-CM!&>Kn&fRbDcWS&lm!RaO#y@>J z->}*-We>Pe{2{bMf>aZfg@|@(BK_t*8|3>;U-k0^yY#i=fs-huNoCk&K$PkX1ZOIS zUE_ms*wHmmL)8U>#V!0j5`k8xmf5ex$`7XuzQg4-38!qG|w z%C?aS8PL|{1Gj5-2X$r%c2O_^lt7sl(q%}RrBN4^N+TDKY&|mX$hAXO5Q{{UD4$9s zF)&FWHy@5f!jXVKKot^RsmcHs%SwVCD{&WvSX6Dsn2WF%cZHY%VgVF-@tSNrhN3KR z%q0|XB@>WCq;rLI0p=}@Y?b6pg?cMjY0(_5=E@ZmjG-`%yt9gU*Tqz!gprm<29ta# zlP^IMfDQ9-@WSgC0kg#l41-fJ4o+ZXlZjk9Rmf&aSSj8bip9j+6V+%~;;s;5h?Qc! zxQR!_hZ6N>$~NL5v8H_@G#*0cfnZh~85{^`C2&k}2EzHM1SG7`dlq|3Br}04Hb*4&)sOX#y*4nf4XqD909s?*R5A#e>s6mdMyj z6J=$yg|8-`8Ki;WoZL@nCGtct5Ep}s>j}Hrc!6mM`NoP03{ZI0+Kj`~uQKggFugOa zeQ)0Q#CyHhJ^ITRcMOiq>JBdG7mQ92yF#=(wMgyJX4Ph3F7#xi+r_ZLSNHfsVoT<}#&JrjP`>(ZHD^D@{^xWT%lzL57u2C3C4%E|V?*WaF_+ zIFyJ+@BxAK7#SL<$0b>pbQ7p5lwJZ}mG^u^5ymrYAixm-+P;mlE3r-cv#_x!1tyVM zB7rBeQjN|)^m$4Jz;2$3jnjCP|Cp9OXS9_ zzTH~Kkls6pUcyE+o``ho!aW-Qpw7!YLkxW|NgYY1KY}SHEef#?M=0GDlHue0Rz90; z+LgP4L^u-D%E(4sgi!NJ?@|0Kk+p(SV3t6XEOHwuK7)%`SaNnki30lfmFg|jm1E>; z4KP`_{!GyOSRjo!UHCL`?&(<8dnj>4Y^U|5E@~Am8Rd=QuC|0A@TD)3| zRjODfYqXyX>dko1@K|7dkVp`+#7$yMj%XaP0WQKr<;t|n*SlnVe@^$-wC3G8{Ucku zu6z7fulFCCF$ZRi9u@UKqtuzC(q+H}w~MFUMAF!E7@}owkWy-|yuEw>xCa6o-wH_f9SpM*KUdaZWqoS=T^Z!X&*C9EpHwCEERLkn|J1YCG&M%djcT z!*bYNM%F9rsiHKH0$&+$5sH@Oa5Yk@IO1trENu=ab^ger%RguL%$Qx1u=vtD4(lCb z2KRoWZ^RVXV-E5N>@@}V83X%FeykrgdPYs2112{%J8bk!nmsc%-#mN|d{I*5?Dj|0T{M$y~HxtVO+t$X($39WPgnvE)IkyJJzmZQk(Sl4Ymb_Sn1KS3LOS3)=^~ zM`t>Q4^FDg!wa4PON6}uVx-hay36eC2jtTfZa1id53k#Af~w5ww7R^B zEY;{E0+(@Rj5b$534 zc0*y-(bd_7I$D&vc6N4Rg5p<9cJ11=fB$}q#R7;CB!dz~N^x{DDZ??mdZqIAhtxDiwU^jK)}Cy_t2YfzVYg7FYnm7ZEkKB^%Qh+%H%`QBy_tk zZFy^W-=QP0o04Fc!1rUpF1e8jLozJki38XTCJK>sIa#O|P_E9fOT}s&!=M>Ou~tPi z0KtblT^P4``xniIB; zW5E?r;40LVth{BiNz!`>UR6{a5)q-;q!NM8m5D4JkO~`wQXfn30GT?N(`qnZbf>b` zSke%VX@Zd@e|Xvz7_)j0TD+qs?}))Yj4LU%ZD`5SKX31!xAo0CdKX+hOYW{EPlw9W zsq#Rs*sb>Vs60I?SMQRuPvz)S+k4RFdfwW*VC`SD45@6x8V9(r118V7H8AN2O}oN# z?l6GZ=#N=KNoPFk%M_x;YNkf41qoJpgiF<>KzyIY+o`s^zi57c(bA!^Ke4q3-0qeg z{X++4`u855Q(MNSRb2!7K<~nkVQ252zCB|opa8u9Ndu4s@!<^}xON-Lvs- z2*oa6wfd?nuDtf@Yp}!|VzR5RybAIL=*ccyb=m66FTe82E3c4mmtA(*#TQ?^e*JoQ z7XWdPhEnRj#Pv0!VH~Pnz6OWQFQV-*D!brYmdu3bmPX&%i9Y2UfAi|Pm)^eT#WyxQ z|JpsNI`g)%G^|Md@?C}>jJvY327*-Dy6=w^?XTfmO(2utfux3x_i0V5$g`7cLE%5;YQ5vS6ekqyC(*Y=B2u zD^w`YIs(HgYoFTLi~3+KN`%qrCxUse#=`g0M0uSC+rP10TKo zT=|kIkyVA_GoH{Pn`Z>IOocj&lNm~GP7+g)gsZuysiI+iZ)Log5I^pmag(9-2{uVhW& z8cYCo5$z_?8=jNts0n`j(Z>LzYwo-YI1AW?0v7_Z4eK}Db;q5+Ss@*}^v9Q6eBnhH zKgQzx3$O+Qw+k-3@S=+@0@Pl}xAV?B4`Q#q#0$Ri3{=@wP`?d`qd~ffe_lHKe4({82czVQYHv&Qd+2K$W zmR-Cz$^&8Gp*{GQ9HoyQoqFx9jjHUEz!`LAqU`WKdw2UB|%N0&^R|G@@WG3(i!4utX_9z>ui~ z(_-*?ti+cvT}ExU}7PVV>9r}OUC zyJs9hY(q_mk%uNh8vRU>Vph-=v(FCwKC@T;{J}2%Ox$8mcA4Q2m&sA``-e~m4mDt- z@SVU3nfO_vM=7vH)+=-Jk4_y`Kz1QlKs{5V7`?h!kCrU&(6(AKzSARz3m?1?Mvo2x@&HD!-rr{k zU|`Y%-w+xka_oXvDF*frbAC;rPlM3F+oyI7sO`gQ+kTDxu)#TF^)0y~nm}sKn;f+S z`!w!dD#v?^_IIbvJ76%-0p(OW_0-A-V4+L=t3w9Usnhc;D7_I7!+e*4|eU`xoz9F?c29^c7QMF z*!J$$*I#`N0}3+?l(7-v@an5rgZZ2C4Wxv)VZ|%2yn?60$_qY<02(%IgcT$-4?Z9! z4;@o>3HHWM zr#;9+%<;0=GhV|Ngx&(nkcURl8w~LX@?Ba(8_4iTXN8Y{6K4_n81n1Usi5s9Y$WLu zdcAOu#6e)3jpHdo{vpsFXC0^0jwRkqfZmw2TbMw)yaBFKBW@Sb?nlBdx!zG zFbs8Evjst%0=q(?EHG~cc0V)h|Hu~>(gXS<33U~xRYlFBB4uYSH}VbwQir*KlRqmHIM$HYk16t_7Dc=)VvNhyC8N)Cl(;x1>t}yH3fMAzTkGvo-l^V z9TJmchrtc+M=!WtXD|-fMM^D|FXl*Dl>?86>vJJmXus?x(HL@HiKKXxbYm100xbz_ zu%yV6u~Wi11{wsmSPGw)c6wA6R7s?#aLl1h8d%JHo-X7Qk$eGel<{IcUT-C;tw^aA zEVshdR-#mo=S%TiF$LsBAPAN=4KkOdTs(++Z6BadaTlpO47>s4NS`FykI^V~{Un8{#hFDOllvWS}aw{fAMd29m)= zBm-Be$)T=7G6>h35Rf-r!$5j1l&xUEcuXc4s=-VpK%+{7BHuD%MNT!^bP zaluJy1W*T_WMkvi@A#!dOeZf@ti`L)d^3)HYhVS}RqpMT;eGreKIVnR65xS-w=>rRKt#! z4t43nFwNVki|o|LI*qYzQXhsDx7sM_`=fJ+<(aAZD1u_N^@M1u>tJDN9FPGp@m*`z5S>c$y zA-g}SHd=LN8%PEeOmH`aG9U=>3W*p7BnoIAPvryXr2yB4d;uF^J+`4A<0rX^`U2+o zq#7_$2F4C>XkH7|Fv+L!_r{w*@dW<7#R_z-wopnR$?76mZ78FTW{ttPA)2&9V^S(p z7YypKgU+AS<(%8Ylg=6zu+$}h4;jl){c;rW=-aMiVO*BjAj`C7rnmqZ$ z|5CsD54edkHcG3~=cOCaR=6>sbOLvQwxVeeK7P4ez~SIBwra6dg%!@k%-k!lZxzul zbGsPJfYLjSOs*)hs1-+YL%uQGP>8d|d^Ji;5OsMfh8BK@_=vqv9 z6k#bvZl>%2MTxR#p|t1<@6poN6<2tju!1y2x`4bC**Fi{e2!cRR?*}w#O}RvP3UqL zq)+m#`P^^&`G8%;Y)mNw7RHSDO@Vx*A~5!KL~NUDHsQn^%-2lO%#1UzUr(v9L5+P# z?}4;%zz8#DZ-*Aw_(6zWm^z>dAh?@A788&Ixc2t~Wcv*MUIUm}-+mbxNE`k z)VAJR9)0Gm{{4$qzZ&W>t7k!P6IKim@L~zfMKTRbVi?#|R}i?%)MM?0FQQ$&+pn=v zaqxo1U~zhiz(f9qqqhw-VGuKbYQS;dnKIN$McT|8(P@;SSSk;c!@Z){uRAo^**~&n_u*IePP{U3 zVAJ4%Era`CpIsVGWqe59pyMXmFN(@q5m5099an=Wl{3n}6!D-iIf-kTZR}QFQ<14>bJeh@Vmy93xk!}~T>ye|~@I$$?|#9FSJgW)OnL7{k?Nd^gdTc}iN=>75iNLQ$xbj1de z0RaS%SMTfAI`$)}i`o-7nb6-su7#KLm3>f+44Zwg!Fj-fYb8GjiUnUx9ZYB=DP1%TQI{>AcBOKjY{8c; zc=H7>IM8eXchUI7nJS?8)Er40LK%HHqYkDQeTi9TWWp9a2-%s|xm#uLU$FMhTR`c; zqO==50TCVOy*&nBuPNAP3iO!+{U~n-5L4nVfKYe)qVwGuluPJ4RraTM3|{;2&!5}g zKQyZ!T`(?LJc|a0FgOSJ!Vm{&D=-&>t#GJ5?Zbx}roE_@fcK-_tG77d$pGChxLtgs zfT4r^1J6DC>*s&{94dfcLV53|O(^r-BG&<%LI3l8`F z_aQW+8**rvV~N^g7&5?zoUc;I`K8UK00Ab7fN}kbD{Hb&7L|YGfYEA{%E?9b=$qSq z_RI@6J^$LxFT8Q{Gn=k{=EZBD-E?Qyz)QY>w%$k+@=_X=%fltuRYZph{_@vKepGsx zVc^IEjM&mfpZuSrLH{_vOXZY+&&L5i-6-?K2Lxm{%+B}k9~~b*ylWS#vEP21rcbteE53IdAlU6^xP{I)omzqgM;A)(5(l&=!;{4@~;?!2zwWU+wK*a`!Dc zdl#Jji_T${Yp>3Iz~q~-1!kP#MdX+K5p6JP49BhUlslb62~-%@x0PC=)<`y*nPvlx zcBpjnXb&YJO{3H;xDI#-)>_#b{KFd2LN%BzdJ;K1AUhb-dBZAqaNZS|aYbM$vfttz zMmA4l>r#UQadc_HH6yv_gAk`rA3|JA{jpW9ZL{Wgr}Q|H{CxYs6%YLE=kIoRO=z<*J*8^d|Zi>&s!s=dOJeG&C z$2VX(_WLJL`ggt^H>^{TN1&}Z@rW%kM`BGhn*i)~cX#gCfz#EyJ9oWzc>EAxm*~}6 z6Rxrw}LWb^N~$Zx3VwB>7Ymiele1|J{&3X!$CJoU*@A-_SC`t0j0FN-XvjdOb*o%^ zbj~?KEFt>DmH{ zub3j4IZx!E#W$>X<4UJb@9i@Z zSJ0^;R+Q{HOpyV!mBv*(uGZDA9+hKQ;~LR8_o^Ht8V9bA#tfb*h_`$(OEl}j$-mf0 zq0}GH$<-71^@~Bp6jYzX>IjI^h&L3b-BOZ31T6fMXdq4$=HBESK^|qSVB`HzRWa8S zqlz|EtU1#qQ!G923mvv2NO$bk+XwWveyyFfkT@}@!A|%G;b*G#>|C_HH>vMju!3Z` z`oW()w{vhr=bSWo7fc=)-@u1qd-pH~Y9$c)BF=@=E(YltY~By*E+KXLfuz?RG5 z&6rmHYU*aD@_1KkIfA5QMRvqnuSEX9f_vXv~fvH&;W_j5h$oTaLgb63C0x8R&&f z)t9OHQq4f7<J&rtSu)NTdp{yt8y9}mAzUf2~V%oP&SbszsCiNMXk;JH%wWJ~%;X381ft4D=` zt!v4SWE7&pJ`lCgY$HN6;vzlLXQEKC7uWBQE~pU*TL(3kLnhZ8YGK`Bb0mctScI{O zQYBrjW)Yv(agBP!PNB^(N2y1q?+u4vk`*KoU4#kTOpT2dq~E&SP*ZY&l&jH%QG*1; zq^%(-ak5ekmnzaU$A< zZA`9&yi>heu4tB2=%u!IcsDrQeIxtOs1aQnQ6)UGdk@UX_U_)Z5A!{HvBVr(V(iy^Z__&D-`bz1(q|#Zz1OQV9n^w4uim6=+x~Oe5K) z4E~8QEkpDAEIb)-B*ZIH#U53uk&_WXzTL!xn`KGHd z@I|wqG&$oCN5Jh}xzL^>UF1WlucaZHLwzPy522kUFc$;D9v#8%A(I0Qmt>NGVV8ZV zS77(!LG-7w6=SM6akZar#HAMg7r7NW|MND0sz|wFOBYq4)M0x7^<%iSL1ALolB-kg z1&7dU6w)rrlJz6bg#rQBJ}Q8+xnFJBXLe7xLjX1S{rS_mXug=Pk&7LhNVa*_Fr*4k z9AUmBhQv!LXbWH1dJ9+K)MrhUzzG{2so@W~{E}Z8wWFdE9f8cqm{5>_wp45=%hl1HJVoWlH-=>KFDzv>>X2v_r{iXO=zBZr}MT)fBs76VAts6 z`-A%?RYsM`4N4cV3-Cos4a5RSUX)Hi(twr5Hh1&mcs~jgUQdX6so7i>IFMN!D3^d0 z4&V<^0Eq&M#Na>{^!cG@AOsUXeO5A%@d6Lz(3CkQ1q?-OgZil3bVs|d#z@QYx zvN;2cy9)3dgBwf=#k{ZuLnk%-4^y0E46g^kDOaIYDOBqiC0tY>-%m)HFJWZhdV}IJ zDi4z^(O4^n8uxkQp39sfRXG7`8HwH8p9+9GJ@Rm4Cx#Pjdpt!YCpnh{xwje0MRLmKGMgjQakGU zSw;#8AwCUM`qcONTSmKbY|rTjDd3l*Q|YQe309BL2ggZI98EHaQy~2_ zMLmfGp;plb6Neq)y+&`(k`>OgPzw$jLqn$6fGOH*AORNoJE1V4TkFL`P!SAjY}baM7gFX11UMF2uR8Ae1hHxm}BNZh_ni zAYGwq712el3dCSD5N#{!}I%jiqQG3Ao$j)5&~_tZmRa691v(7eg2wFc2SgQ|@9ym`)qh z1f_0J&Z4weYOJY1;fHH)mp$74QtjuJqu+z%z#wp$j{sS(3H-%@;P(s{H1Z+C3P_{r z=&-9~JdyMT!-pnjUU?n8)To7}J(zMrKqiw6!VQPoM#v-sN4xc4M)VA(n&1$1v820V z1VJ^V5c7inZ3HuQWZu9$aOnhEPL$!mOYtqj6wwu%i$d{Dz}MBED^1uU-Ak?xjTh}K zNrH(gA%ky7@7kxcn?rF_Ob8ok(vgYGnt%>r^&tK5m&1t^SRWr`#C7l&on&BMwVfKF zOYL@3TlV!57$skZ$Q^mvY*RGEBgG$Zrb>VVUP$70nb?zhs1OOnu0_aMp|uO32OMiK zU(p5P;}-Xb-ZiL$n$_C_aRMrLb$(Rk4j7|@81UfG`TDgUXuP1`-it(&$u;i^T4HGw zkHh^7*Qohsy+BPMq$WVrOIY%e6ipo@6K3HiDfyyH8%r^%;x(yavR)1`7ma6z$TVs*W($pw$WW7_7(u!9K4K-6~PNhSD)C+b1w^z+Leu z3R^|}74q`9F?^&%9W5Y6@i_$ek~taGM}WM!>ed}k?H+yI(8qcRGsz z8Hxf?v__402=VE4C0(dUdGX&t`2d{I!FP)sAQ8-BKrUXWHu9Bvwp_!=z=gJ0Nf%MT z1I`PRYN|kY(}gOQ=!Js;FK%oDuV^#`%$4eRZl1aqpuGfk%VD*EY;GAZe~(0S3sDQi zk-pS1lloo~1pysJIulML_Z}Gg}l1H8{c zK46X7;{Kqv!J?@I_p+2=S8IoX1Dg6c+<`D)H(x}#L=DY=p$2>A>1TfZt7p+U0wupF z0)FGw*U_*NLlgnSpA2(Mutd4AcnDTxCPDo0zowjvetM|3uMlJJbpS;X`f$a77r4R{=AF zrB0^n_v3%uYdL0Yt%~(r!m?ro$-gF;C2!14(}Ut_@QK=Dm8dAfTaaL z0DUeJYdjFiR#5BlA?xw?_8h8Rl<~oBiIGaA4=upg(~vc zxIm2;?25atkpz$%Q%ErqOH-tF;F82!YJsR&!OGY~dsE^df+BtamQYBM67QUc zB6m?HpE~${IPA(Lxl)fvvi(-*1>spMUwn%*Qu|p*oMvP|rA`TGiib;3R-q8o5?LyG zO7WB~=1G`By<4EhrAzE|weHPT(ENE6Mc-;WXxu?)sD&L&@EV?F88hQ2h2C~-ERrimC}duxqcxel#j zibf+MfVEA&oGR9`McO%`aFt#NX$mrP;=)M*wQ|Qy`5exa81>FASJ3T+Obau)gNG+y zcBP?e7nNH{~__|mR$3Vfdpzs6v~>WhA$@gs;`(cKbDHw`pw zM@r4*52o^^JW^bh8ba5npZfWgS6q4XjW=PSLnU0tu!KGga=XxDkG1Xj_R!YPg+y?zyL)dMYGnNUS031=Rr96<#nP9LRVKR6{t5B4fn8 zs5=G?5e_4vPkvz0xJPT4=pB0Fo%eq+u={nRWhRy&s~S8N-Y~oaJORdIWDmv*ati-U zZi?BM;yt!(LUuOnOeQAnE@ik5zbfi;g)I&q;VK zf-FJcvE8+}IF?xkX|gQZ<*=7Am!8W_-T1OvzW6?}E0Gftl!X%QN_#sd+LbyP$kDC{ zl~2g+lfka&&Pd^y9R4aT%ouj1z6~PK6@i;n=^(;gk|I#qktF{U5At6@^vnTwR6+ih z8pgKbl^Qg&6EFrt^%oV1`MV(q)B1a@(VeE?dm8U96q1>P!8A-0nI46QQ#37QEufB!WJr0AHR#U@1czz|PSUY#8E~AS z=(qxn4&WG_RG`#BKp~xrIWWiFLZt@(+f)`wr3x-BfA!p^J^RO8!H6Rewg4_2evvC{ zcU{0-6#ll4WhphFE!JSEv3m`kfW;4U-hkF*H#=OhG+v6Dxp`e~7(W6-6~!3zxlrap zB8CCLy?evP2kyHc8ZuavVa>gF-vcoj=6Bo4 zVt|`4YQPOfU4*;gpx@{AdR%bsqP9UW2n)qRL0Cb?qOpL@q1WhUwE7u?al!9*!l983 zA7C640J{Od2X--w9M|`2nGM*ddRK8B`yeYE;ff>NDuiPWjsP`5@_HFn9imj@D$?2qv$RXI&gUEr7dp^>^T4>!w0}FyPJP7>=NONAeT{?Cdi?o zCRm1D@V~(64Rg-9Mu9loI2|LI~4HXrdUpb$29z*&k|eepa7T>8E70){VM#L^!x z(nyq0v;%AnBudCLEFVd%A?rMpvBN_olqq3C10e>j!QEmYRSY5`CZtAy3|J@BrYpE~ z9u2Gj`Uy1u0$EY2g33S!gW3pk&H+cVRBdGPl|%;V`ufE5!gDXY4A?cJ`IC z=rEQj2!@gjYtUT+Yo;fsFfal6i$`asrg3)ycMpsm7)4F-0hpQ(4-Z2+2HhBzQ0!tQ zqBao{3Wx-nU`coqfsKv_jo8Rfhi=hGI2G_k@HiscXw;9^KIsfl82B1QBn;n3Xe=U8 zfERg~A@&781Hr`(1)_bnH|0IF8<>f=)c*FwqkQ^-=_TCM=ur{Nlm9Q`cpQl^%+2FKLU24WN-zOfZcYIfudbz7$gBN8$3!i6ig`yzg-wLgwiNlL)c3bV6I>ogbyT@ zu2H~S^rs71vhUO{becaRfxCpfeAR5VBH7 z%~ihC$P~~>wH!)4P?rwX9q?TQm0BZM@NZdDG1c2yM)?6VLapq9P_}JJCrR%vc+hw2na?S zK@7y;IVf1G1i@)A6{&o-Seu+(+Vt`ph;$I=>aBp?sKpZ&kP2%tEQS4oh|D=`7F%lUfhr6y8aP*NeAmdirD0KOJk`#AVr zs41XFKnt;4K9S2ua)l7&70I+Ol?MLe-9>=Hg<=9tg`q}+0XRg!Sbij-`>AfA@VSaq zPPDu{?oGTCv87;;#b%;EF}D_mbs~B9px=Znxl4zlWOKgxl{eu)hVBx8T__pw?FFj~ zZWo~|Tah8!<=(&qyHqhDSOtY-AZ}NRc4^|rHep2dI^rJo9qsnvrd0hxZa4i5f*O*d@h(=!7V7T ztJDM^TO51@j!`=74jA2jt0x2{gVE+hN)2CAfFsNiLGRkFHjm4V0e45p$eebE$za4v zC>AisdN@5=%@%l~V`B`gL}?W+hecO*p&k<^I3kY0 zHsY}GFGlj{!knAIQ#zWL^x5d7Rc|EHSpmC9si8{ksAx9_;{_4YHsolRLRSI16bPqT zAI2;&EiuobEV$+c+VUKF2AT_VGJJ0lUZl#ATse=_IQ@*JXqOVw++EF|FHU=6u#SRH z-Y%W5!vHr_WW0lr)lWGh!D0jHapwIvQ7i-svZO#tueAlUGE1q1w2HW2Rw_uSD*`q_ z$SL`JCAdB2Z=yuIBIl+&Lj>F>>h|Hf-4BD^W!wUPbP0AjJ1CJ1QXg}iViUY#1%(6kX1dhyrV4XT|6aXy$YAf$J393CPQ43`3WKKbkU25{M_RQX#ajDS&LvyK z70aWIIod(P`T#L9opbRsh2RV|xl}^hL|}jlD>%kRv-xnQ;7=9Y@tiB3cg6~?c*zq7 zAXdD9$VAx#&`g$rp~#S&z~)Wjs_=vj%HG^`ou>&FDd0%!-Z5=&IC9f06$ zanWEj+Uzz^0iufpxJz_VgS{4_HZHBEn}8DOCazG}#S=x;bZtu5O5odQWvtGbuKpL^ z+5Xt%!h7kQolo=tbTn*7tu?@xTq2eJ1yY!EqJB=l#p@^^T%35sQeZ9^7#t{YyYur4 zXrVSaIX*Qt0cHkqG;M%d%|sd`!{%4s7~CsyyGKZd-xhZ9Eu~<28SLT$jxNr?QIxW{ z0unhc4xboE>EaUY2j>H+0l==>iGY{vr{SB51PsA$IEc1v47-Au_&vccW3CV)NwBNX zq8|XFCqL}UjILmJ>Fl8B7LITWM9$+{jm}`ovEkd;F;xgu&xkY2^b zHKIHO%JlQDr&YSKEw4ZJ%&+g*J^E@aY2_~wYEIO}j&LN`Ie;K%@BAs~Zi+dJ>P%l>UpG;G~Jx*w-5ap?#v9Ki0D*WMc1 zKZcZ=9aU;!C>e^VLlYzeOB6)&G@)c@CmHILLzCzTiU1(>h4PH5fkpg_?_mlN0GXrH zWf^l0$XH}>q(xeq-ZYf~kq`;3TPk%`Fg>LAb-?hCU8tbjMK>(;6`pZ~Lb(cvUDiqp zOptdVp#>+&Rz<=Etp63?nO_`ohTwM25BI-)#DHw+LSsH{mnwTnJu9) zbLr6BIiGhHM7yp4tZ+zSvXMn6jE!=Pb+qyZBM6@>Q< zlnfA!VF>}lefQjpHFyXEGBT(d)~;C#>B2cbItQ*}kdDCz2NMX$Zn@vlO@xe3zvRz>iiq)zKi`~QT5)^Auwr@?u#k7hh={sVAoMf zJ_UNcpBm>a}YWW0mmhj0!*$*efM}-3jQKKquS*yLuUf- zb5NLXm4BdDOd}duy|A;Y&fm>XSi3TdDTEmJIc34 znZ_Vh8>DN)Oly*9?_^p#>E>>#v6pUwyn8^WfGH5%-Un(^tzA~Kwd=qx2Z7*Y*adSB zSOTma7KV6yD?n^;ELAW^goqH%0rFQ_2&sYve}(XsD!8Dq3#2{`cJnx#LLc`a)a3nO z!bw%9O(cS)J3);Lhky=u=F08A{_g9{{sOyF?JD2`uSV&bjLe|c1K+2U48X4390#&M zx9h+oT`?6On8y>vaJ4n`MWQ% z*kN&+6v*HB<`=*8B>;Lrg}-8kKj(fSDZ{|*Ti^N?#)g0k_iqLd7BivdI5duAs#sx2 zFn4DnOWr_7dxKG}R1FntTfJd=XRl2!Z-Pt97#I>WP#l6M+hbtYI(P=?|FgcVg=loP zJ%-04CcK08fF-oUb%m$BX2a9Wt-*lvtqmFDKcTev4lOmCQk%bgE1p*YS>0e)tjfza z6QM1&PX@cvlR(CxD6DxC(kpI{$jy2(?E0&{OX2)kGPB8S4Hd-N9}}|8)Wbxnj6hO- z7zB2?lrdDav3W=G?~ONjjDcMzPs6UU!3sYP?AkDevo+YYPh!29)Pes{Vb?wy+#wG~ zoa=E5&c~Lv&YUxyIa@(Uowu^FK#75(2r=DR|KKpw9Y4&}FXJB;%s>NC-jZq~2FYlx z@k`#y%=t4nq6O5rgih9&_0rKblTGsv!X+p!4gJYZdx$(1Q5VgzVYUH>JIOS+lZ{ET zv7M@KryIKhwXDW&wy~FM3S9tckfn5O@1)y1DOO9jy3(E9OlMb*vjv@%Oc1nXDftVY zcK4M@;I8Pc8Ob19VHFf`-31D3V+}q*m(aVA47TN4wc5*LY}((;@v`n6;4NM3Q-B=9 zu2s9z)&O?v-DtiVFE!3yzWLWL3G5KqMUTZEkUdE#I;@fgi0d zudFV_*d(8V#uPVu)JwUaT@9iH1>w`<--06+@Ie&I8RD|bU@aHc3 zu+OLp$)L@1bFEiTPIdUyA$j9xy@7mtm)oDLJ6c#f(-IzspsiP}V~xeMD{7f8QvZ`< z4=Y#Pp!eodr+<&DU8f=F%Eg44agbI1FrjgU*HJ}=B~R(|CGJ}0^rEf<8UZ1bR#L@? z%z%HPz5P^gbT3;atXF~+qUCe3I{IqHTExx;p#VW>Q+%=DJj@JBiwMys?{X?kAgj>H2=A0VjI^;1(L%@&YBByFhcg zHA%H5$@V1O*~xTwS*gx;y1T<-C)wF%3j{+QNWI+N$+owpc5ZEFr3)v`w`_Bpt+ylP ztza?DIw^8dFBF8OWo_p=6PA>^N-rqYD-5rAK2hX~=N>6ByHdKu}^H+Z~L@5Q?D~6Wb}|1t_)}O}^#TEDnqPfv`(-zVJpLPo5`KO*|a& zwyC2?ZCNSD#Fos|wg(zqholBS2S2ym^s6^Wkc zbm4-Od=tgk(P3}zfWVu(>C&Z0b}oiHXIWH!4Ex3!god5jNY8DiuZHsXlC@B^UmWfA z7~6F|5XC8RxW_!jZgV`Y^l)_UXPbTW35XL?RJhHZWMenc+=(}L<6v&%0OUHa5vW0!@&?+zJ&tjN9=PN zHV)73QSe>?c0m)176wNQhQybkI|O+_o`%K|;|td9j98LkJZSMiHhs63*DgFW@0u{oTDWkU_XP2%7b*HI6CZ#wZFWVB{V?DMs={4xizVK-TtYx$EmJt z*=z+wmo)DLcJEL|jFKo!F(|8OdAEu^h+uM??SHri;$KP1?-iri6y=|_b_tEgI9 zZEE#zGu%Dg-#)@Gj8a#GBBB+sQdg!T6mU5on}sBpnsKz4mh`*o6U57PB+s@h9J;KC}v6113;*^So$ z+}%WbPgZL`(b`Kw={6~W1sSuA?JTvbvkXH4-?2byXO|@enCs<^%RwW_g3(&5wTYLyljVUm!dU zmmF+y=4NIYS9`ep5V-=mG>eOia0|vWSXK?>18B=7Gsptg04U}HBa;G*T=YO0pu0jy zJ0^%S`_Sv*(>om1eSyVO=imI%yI+6rH{agy-I5cfI;08)u*FD>zWwc9-XPLtabu}40$ zRJ#Is!UmYkn23O2qkj>SVKXrkDV~oM&x8u6{DQpKVijL?kZ2Dxy-|L!&1F<&w9}aE zb#Nxp3t7h&N_QyMa4BIyN&vy)No_O8PDe+(cv|ne!QtXGDq3wD!E#5m41e|O#JGf` zitwZkj*wwm!uSc4fFI{3&y}Tif)BBN*_2kyX&{SeT6EKzjPxk6cjZ&Q43oaJ1~&3_dSXM#dC@@@{tfmHJKG1<@osSd zwMu^s#&(>j4dc~Oyf#kMw-XIYU04O6)?2%>&q3;0rEa;E+)%(&7z6ZVnKoA9<4kju zm8l2eaI=)I&dwy;;zlDH_^>yscdsS3`c#l39rytirKw zSH%e~w_8M<>oN~=DJSe3Zx5M;cN)z)sVU7gXUJH(&kDQ!bPbZBCM3fZAsOawE=CF{ z>hdz?Ku)m2?liIRJo^;LQY@<#4#~lxOfeA8A|T6^v6+;}7XEed+XY*3U0|VAzwo?i96_=0l`nny8-M*b$jdmwkJ$c?KmSXPARYVK*S_`{{W5a~+G}*x z(31fuU=TI0hm2P70i)_Yi=j=m-H|z9VH?_w!Km3A6xTK{{p{C&O@!s!KmEe$=B2?< z>}aWrvOJR4-SLP{>4cC!;Scv zVD?P7VCg=meFgML*JH(7(cGOx>3+8MFk9UyGy;`&q}EL~huQ9!QH#oGLeeGfrUMNB zH2cbR4OFO6no<$oMrnko5T&3%j8=83r;ut`SzUFQ)tRZO!IO^zjDNT1enQywbR6#I ziTndNuxqgiIJ)d{l_26t`GHv5>_;2jyYa#$Uy`7(xkv%67=zm&FFb=tbT<>X;)P(X z%do(Z5?S?VyU4=E`|Tm3LTJ`eqB%-7w^L2D2g2KGdAk#6!16DXF##ji&*vBOY~Q>r&;A)=vKL->;gA04kN)Mq{FndqpZ?Q-@h|=b8nS=>&;R*9`)B_Q0U4Htbk(e1 zZ!LSf#KuH{4M>VH8KD+{FUQN35@utqPA(8xT)6V%_s@Rk+`{X@$Wpi0s8w+-C^p-2 zGS&{YN{#v$8#6q0Jaez#{f_-P_IG*aYG$!E{Wbj~bHFjDb9M+lT3T8{x@)OOeBo%p z)dQ0zLPs<@`0Y~d{_v;2gxgIPo4+mWN`v=_uq)NBQNX}%MPL{IC}&(kxkF4($gn#M zH~W{O`484(r~K*Dunp1Lxp?z*pmJs_H|tBCUysag#1{NX7LD|4VO*}VR|6S>w2_B$ z;kJ^l2Fe|nz0&v)4+pZlASKACWl_XwdW#ga>dY;{79x7FBn0u}k)FTtzy`RO_K}8R zmJg=f`@4nGk8|(OrQ5ZlQ-}m-n9p`peXDMoC?&AimPg>bE3ALC1_qF@welf4%CdJKc>rFx<{ zj@HN0D{CF3+J~vuL9#6f8?A3g1$ie@^Qs6e-PlPtv}5MXN6-^vP(o#70=UZ0Hl_F# z!l6lF`vj5!=0V8^I%zNuCrJk3ZJ8t%KG%kW1%+*NO=M&qw;&>1Svg8zl@C)^sD?~P z2ALJc!vT{AuJ~k$3yF1~#nnL<-47On_Sps`LpR2?BqYPtTi^KJTk|)T5H?6l%}55< zf$VvT+$kkP85tDxm zm%@#SH4p^-KlsZ&s0j>-O?sZZS$uHdA#hF4n>$yrl&{tpbc-a?8_CRCBDG#9#;P@b zk}Z}})q18{lao2UTE>>F%r4G2y8b78nWvilY34L$J14%ppL*vr%f~^O1a?4Jz7X&- zt_BM8#kb~_Qz%qYnZnJ*dq4Q`yO*xR+qGPhftK1yl0mCoGq{ncb|W7oOTrQ*OuC>W z62>-2{p;+@e6W_o!bOM)WOvXUA(2=8y+{URqy@;Mr50%pE=TgG2sXr-A%rbMzi%YN z2_?g^wWHf2bZ1Re(B+1N$)7KuHtJK(L||jGA8!rsCChk_&w#KbsBdM@ZslZfFpNog zcHW;_Oq3#xL309|BNL$H)sDuyjn1gh=mR&(sKO!a#2OT^`-wJ9xr0PwPg`fZ@x~4d z%uUoMEP89S%V@H(;39NK;8iEnpcf!{Re{jZt?cMllwqP(@OA`k!BePS*$Qq#?*iXK z_!?ac&ML{E>;(LSipdyelbHw=Fi12N|qWe zwaLyN3R*7L@m@d{7K=p9oPnkpois9jIASs~vt{52oi~1D<_y6=AQ%j8`Ft1{0vQA) z@FhpKw%7q@t+`}X9zbIOKU(k+KY_xb2?}%EWC>zd)~fdhZBo=!6~DuNqd_@bp{w6& z7hxo%Cso0&OEQ6^+~hyE>inNl@LJ95nd(07z3ctd%3i(&m-&-Tt^ns?(UvCZrOzfT zgitVT1s&3*#GM7^Wo+Ryyd*)n3EAV!1fO zimczj1y6KZGMnPO@sGqiBiiU+iR8{~CeKTj8m)4Cv74uYgP|bKkhAzU1WN>QoyRy^gS|Bojr0&IX8#p>u+qq7^IvTgPcPYz^ z4wg_Z&ElHq4!Hz`Y(b0J(3Z)?RAuFg#-vnq2fpMJgI=ASZm{d^IAyET*qRcYIq>{( z%G#%#`+FX*{EQua?8@VaFhjl*_C&>T&Zvs$_C&VfMr%p(2l95yR8O>q50aHD46gXH zXPG(+6c`y~#G1p#HeF6I_W<6gH`uMWhlP5VsfT0}Zeg5gq6ync zFw`Kuvb|`7oc0MTUPq0f8e2vl>XUe7l&muctTZkSw1!}=D0W4M7!EyGc1-R#tvHEI@PZFGaOgDZf^~Y#`Zx>bChS1Q`1{3|51=OR}?vNIuR=b_^mlvsa1$K2x?YF6RX~!At2FP_!)151Z zQU&~W8JDn7A7B@8SexEfrAm_vtr&{|3giuF#pt$Si-VF(dS0}!TIdNxZ6@`jmXF^iH_t~b|*WHp~O8mMiY$3 zXc>$#Xyem?XiLI|Cqr(xzdeyGHwkmo$&26pmrZ==L*PM4aOV@hydSB}nBzBQ`<`gm z3$(XcKCZOsb8?~IX!q|wT%YE4t)(WmO%%L(&7{ngrnRep%&J}45zIA%T~|pqB^uLe zSI~BPN3PYnR1dw{aKO7;n^)T1LKG@}u){d{!Qnia15{LJgIKdx&IB8${1uWWW`h)4 z8H!xV@YbJ_=zcm>#uNQqs6u3cEF8;%Wq!(>6j(94nVR2BUffDt+KONICGUh%%UGC} zn(5A@wtdjuKOCs7Hl;2oOwFrJdv%CVme&z9Oic^R#kqsTHlVE4?zFd=V^8Mx;U2Xt zGZcT)`H$Si^C0ST!mhOkk73u8%1?w{>Rg}`ZeehE*x1=iwni(N`c;2+9&3e2jq$S& z0Nh}4Aygn-^72;nL9&=8c92X5HMPM-tWBnLbIh1yrrt--kZg=&wJ``AZEVLy?*)fD ziPuK4+JJ4M4mqp3T7CotQ5mFwTAklbOL%4#fG@8Pzkl@*&y?%qGG}#k_lBp*hIE3c9CTkRq$M}2p7SG@$6=L zb~AawkF+$mn5;g?Hr5M`Om_(RFu;{XJN70-6WN1Uc*`i9<#Kx_4fcYt!D5w~2`Ayf zsJ5vbX!UldogzO?*nQ@^V!F;&yBpW+6f z;vq^ik@{(nmk{*;?l!3_fy9G&A=T&;E-AthojSteDBl<+D&1J6n*eBz*lS;^qjo9k!4#<1`G01GK&?N%>=u;U4iVbEQUBhY5{Ap z!a?MK_X6CmY*|n!&M<|eD${WZniw`Wq1_CinZGw(?Z*nuM5#S<<<2)>erMs@{dlGk zPF5mm;|eOW-0`#L-0>=9QK8|3lPw05xo}b($na!9pvfzQ(i1fpT&*n#++V)?-h01z z@AQYKP>iwv?$3x(`}t3Q{F5L5=tuAV;ul8p{^F-UJA3*xaxq5K@D{jv^TwS!i_E8? z9=mz#=IZJy1f^-?DQ+DTGWT_FB^`hxfp%Q~>>nH#H$G`l- zMsWV%s7ukzIPw0jj1PN8clL()UHY3mZ4sKbppTyFQ?>g=ⅅR%EUM?Hoo z4i51gK`JNzC_DSbO5^(NrMG|Zb9B4eY8Ti|Rq=j$GPf%Na7HKEFjvyQl`AUMkR2<@ z99EaU8Dy^bl!{g9l<-Ec(k8i9ui78tYvYXnTk@<-Gg0l1t~1lWnwt0HcV0f{13K%o zf$GI@{d%m97@yIJi^1GNFn8XcIkTBQy_x=CBlVlD)QA4eX_$v_aVAok1$?dY4OQ5g z!+kJPBg#wSz^T~COZ4aG0)>l#{M|$$P^_ft%_4UxBrsL$#w(pr zxgDx@qYdbVNvyFgr7kM5rcCit(x#An2~R4WE{K9uZJZPt8OI&_1*>+!#7t9*TtVL5 zBvOYutv09zAsmF~Z34|tt#<8B9<6qz@;y=QI#y&3+hEo1@p?wJE3GzFm07pVX}Gy| zWhi^hx=ePas@*8uE+oShNQSpBT)!9BY8SNq#4RE(B8xveFA7adKd`jX8_6K9UV`7_*#@2>8xKYXI@tK#5o{ zw&zH#r8Be{Usw+=hU4orBpThqaJ$J+r6g_3m65jPb=JT}Dzv30w%?B3tR@$VQJ3?S zPcabo&t~(<$Mv#P?RpUC+-|Bse(smcGhtW8Kb%V-t0Sg9lvT@MP8JSDB5`QcB>0yw zf>Ign^Zecn^RyNgC~t+$$(;*l&xhz{CKmjOyNMELM!X(JnC|&Wv z;YVVKV@H%~5ZE;n$VW*ADSPzv~YL$*3LIC1-rT3zqdc_iF3j$$Gbxw0R6XQGRedQ*9TlBARS|$h9t17E)7SG zcJJn$dsMqN9Q@HFgN{p>P{G~NHrmvs(f9YB^66`bm3Ef0!^WSLLU#%i&yvA{Jw&i9?;MQzC`fh= zBK5&ytaxE7HOqAYsY<|ZIJXeZ%=#m9o8dc&e7rq?&xN$>PWH+$u(ZM|16+5bwSJ`0 z4>yOw)-c>0MOq*)kUFMaMperel%(bbVG;0B3n#?#1{s4KQAvZKGstV;%hu3S9mqK1 zd`n|Z=GI)}M`Lw$30Nz`z)y8P&5<#fm_e-=;F0OA36&wkX~ybBr9 zL@y!ygV~blP1Kfb+B#=?-+Uv*UPmkU0f@_7N4rJMKtWb#+NgyspG6i2aPGoy`h$Vxd6@$AM7cTtZ?eD+$v!9ARK=At6$;;`~I)r`}MDX@v9Ht`_1Y1Km6d=AN=Cy@BRE|zxeg9 zfAjwPAN>61?|%QCAClMp;~)KmlI^9JU!r_wj93gDaHA(&R8@KTN|rA;WA@=JTsa( z;Z0-5EnLTb>Uroq?qXv<;wJWGtuwp%^e>eU4fo5tbMM~lu>rE$QIs$5uP|da8=&BV z!)|NZ5B)Q@tM$%plng(9PjtHlSGP-43Ln_iF(OeQl}DuulGZN!^b9P`gsUir$(1Py zXI#RD(@enNEp?7I0hvrr7F(lwe*&VZU{*nw4=}3T{li#ufCB8y8iJ+LT&OnVF94m? zSb=KG=y_1Xy`)gQ0~`;I`aAorF_FfYV)x^Xj=$XAD75aUAtiG20d!{B*+3SN!+C!J zsGSLw@PlQY4Ff5~Gm+BSDCt4@GlBG3UvfT}yqPF$keuC{v`|B7t4-%A)Dvcpj^#uy z$VJhMosSyS37MtJUn_&nHBudQ)Ko`%RZypn0kn;W2(2Q2xrEhg%geb=oBHg1Ca``q z$zbTKTNx5j#~b-bR>NY6i4dt6tq)92A?Yv)+&y5Z0b}Fq5pmnZW8s6%EaKdmNNypV zyby@oj%UM-UW^K&L-0CW8!+4*Y7W^(o8wpmxx$2cHdT|tmTFhM z7X)f$E98Sfui=Rc6D&&2%$m&9ce0EEtaatN^^PIWg@mkN6YbSKAq0eWXq+qrCdS6BXh-cDw9km zG8sg;8YYPl0-Zw-lbUv^Oafzt)HK>(NEH}uFuySz#()!m#{(L3Cc_>Fodoa&$%~8v zZG~PgiY*eA3)92Qc}?S&4d9yY${ZIhJ;;t5R+{O7-D>(q_(10a>wj^sI0knWGbrqLOp1b_?wxL4P=0 zbFr{1FlBiz@Pr2xOqavi)9YB_AYBkot2w42BAIZ#ji^Z+TO>(Q3650r>kc-?*Qx-%gaThVziZI7!Y0bF;x5eYtZC!UYM3FP@8)XX54a zQLJKfr#9lJRwD~rN%AZZq?Sgzj4aDll7cT`e`X455t_i4KBWj=l_%AbSepaVd(&Fe z@R#iIJ;_kghJ#oY2v7?k>IaW#(4>}DqV*&L@sz^%`C(VEA9!b6lqF=2G7dV4Cw*jj z7U?t}9_Biuhsg?)Ckq%XFp(|klUar%W{Fkbir$K4Ld{-vpFBHeC=O}4rYgfksmF>H zyU|J?*o{17NHSEIwN`K=Cusbih-QOB^wbX?g z-iqaYah%a5mMs)7zhP8`&z>zJ<6}k{fpb=FhQ4V&A!$rM`5p+;fEat2_kgIFe zfeCVp-;{XgN}oeNwDmQuo}oKZ-*P!GpX}5gq95CFuJPH^Pkata9f>YX{ma!pMXL?< z)s^^6_Bc;}msB1+VyiZ6$H-jc6HEqcm-$vs^4^=K1?;qETjhG@xkg9Wm)*ppBRv0H zyL0axJMQre#yogGJt1`SPBZSp6lV5|Mq~0!`}ZEMz5SzK0K3QI5-#jQPZ{j0R%{A( zHMq}1ThHBGhJ&97yOsp#!Y;Yj9_#{0mPrfj4h435!0ws#gure^wHhga~*UaN5(*tG}$1lU#l{phb}bGz~$QC38OT;6j6xb7T?G1l^E#1H6TpSDE`)>n)4+u`;(jHc4dE`Ml8<-j*GGCFi{<*>!W0K5G{71 zT46(bTer8TM(1~W+$==#=wd+Jqc*=)IEqXnk!6g|~%7wZW~A<-34s=>m zK(jEUN}Ea{L+y#)l$v#ivVzZIw6i;MJ<6*FHerNat}?BhC~v+IKLiM6%X#Ug5KYoc&8nXP0$x@jT5U+dsB^}Wd~Sj8RFQ_u2CN3h zPyFH>16Hdpr%}})@9~44O4q|{JI#(8&)`A4-MM%F-cJp+jSKdEk*R%!!NUqjX%j^DX3qS}yyQ%hZc~w|ezJHYkhr)Jy08^x z&Uj`kes&XIE%d3C`6%JyC@6Bo70+xXnTcJD=eLTDTo0*(w2@##1bLA?Fh{G{t11Vo z1TNWi##p&q>BzatUfXeMS(Qf!67p(y+=KN@=XBkDj<4rvsoAd;fYq*oGXx^P)4_Z( z&QurO-Thdtvlz`^@TKNZJNt{XA(2UQX@KVLav-&qZ)Qh(&BLSGE|X>xU$Gk~wPRQl z)ko3lAX4tfD*Z$is$meV4r6L_!-`d9o6zO-)__-|8WeNA9mC&~Ew!h>?g^6NQEu0W z1)E#59T$8*J=lE;+CB!m!ap$3F;3U|NXH-<66MahOSd5z;CADM+O)y>$I|T@$zU=D z_M?SHv``P>MwTiC;`wB*N**2m!~kQpCcT|RJb_|2l}zSxnL<9BN+xiEWax~aaF|G8 zRJ@fcTHZo7$Fy!iMtjS^ceX+tM7^3XGACPLNR~laCePR*%o1D_bH`e(ToK-(TEqT^ zp|u7$X#=u=rnw;kp5D??;T-n?t};E$w|Wi(!EhOZv#C@H$=bz>7jNFYdF$4#`T6;? zXV21=V(!au7OFvr5LlB`ig8@z?K4Ge0N4(=UX=d(@Y;7FQ z8%VPwc0YF9TpH{?Iqv-m?}p~&U|)8oxm7U0=1sLVTU{b7@2_sW^~0Y5y9v*eq3Mte z)77rPF46^wsn#U+DPZ*~+~fI4N7&%Z2g|VKbhX=}+NE*n7!0a2fLyo0E(R*S%jm!u zGZT`bJmb$|NcMntJwEh0%b>>QW*}>xuyze3p~wP*PK=XzjR_%Z$|#wHlbN(59DAEP zhxyJhT57DPinqh*%f7?~Ut&&sNOR%RT!bVr>$VkUL;3koX5N>$8cZ#xOYvr>HkNoA zz?aGwH8>+Wiu7{5F0d-95nWY zwZZKoRO$PQZGX8FtaO9rUa;JcR1|6}Lso(gTXoFV*`dy*^3}4}t8fi%z2)I=N@Wbk zN`~iyT~Ep2Rl8HLJ5})hPl4U3mKw0@OsRc(uqz}3h75&TxL6J5OV~dK)4621iinpZjZ`N9IIR$iM4{d=(4OCrG&5KP3WwzIPU7K zFO@OZSzIcK5gxxuT@MM7J{;~GwkHSiYG*l7xEn9t2}O1NcVDI8UAr z=kXpmkMWi-ej}V(&sVd(acAG`&D0lMP+#xWEPt)qHJ-t!2i;e;S7A_ticP-d?R#29 zS8?{y(EA*)DaFIq?RCnp&wY-P?uxm|+P{Mmx7KsxJ7rIQuH+oSg2t>+$iL}ZU)@@HxVijrE>lT}ohJ7b7%= z5x`u&{osQSm`dQ=>({R{(6Ovolk?fUZFZI6oUG@y{)&J!(NhbjQ<>;tAV@M*2|B3{lsOWLK;VeBm}o}F`zys39i4Mn zo72k?1AsIZ4V#sIZg^0e9Q1Y(Egbf?4~9EppW`H^DMjH(xCDR2ypRThI_`>jtXx#P z&fbmznbelz+|u7gg2o8dcrD+)6)r4nCeG8%gW+UWfDT)@$e@6xkJDa?pWBQPOn#rd z*Ltry+Up+(_%e#aCA?F{Dr4rsuF}w&wP`bN?j)gT8w92;#lq!<9oHS>8$KF-p9QDU;(%UF^wy1XN!*G2Zgl9m^P#yuh$xwh>r05h0?C5KseN1rGEd2XCj%pD0RWde*I+lE zNR`Uy0H_8CGpkk#fz7qm`-_3q2l3!$lCpH=?&{(-|NT3$)d!*FyP@TK@y(T7*jI=K z%JFbM;*YF7Nch$Ykw8AMRf&eGv2Y=H89TgB@JgP9*y`O8$`Ej|*P}nAT5aTrl*ONB z@>ttr{#G6#;HydXQYLFKuSv?R4ffGrAI6|IkA$7k#@5t_YdxypT_WdN& zXyMsF3Jvp_P*F@Sq?=j15-mT>b<%WBM~6UXxY!F7d;U_-SL|&RI~(OL|0==8IK)CX zRvik}P#Giu+|ndb8nctAY{x6xu`2G4JFz;W6Ikm$x#sl<2h;6Z-^`0xpRRCE?0cZ> z>3qE@Vb$$Awq&Z?wU(L#vL{<=8liR!wJH=d{1w9;4PG<#*a=X6QrSCI?UHJNDZA=+ zAFp;lG3>hXUf1}M;RZjNEXD8LENndJCW5uly8p(-z^zN!mAjeycQW_xWFIW$9xP?= z-7PFX$Ul4#zq^!OTPgUrVjFAeaG+DKP~(_`sD!c$&F6IL9&34--187^ZYmWAF@a7l z;lW%B%A^*CYzs{>t z`555w81nKX9x9wN72Sz@nEqYfTlU1roPEn}Rd*qY?tHa6{aZ`--}wGdX0O~%6kP{0 z<#vr^5OdLEl7XRNwawME2qq?+WIr+Qm&+*y*<;T<+ZWF!hh&f)5s)>8B*s#8S=V2+ zw;0nLWd@VG=^7R8XE0UVyW{F`uO)@> z!EhHt4Rh8}Qq!7U$P8$?F@q&NdpAE!3Qh^07@^GFKaj$hBsV%n+lPtPU@cccF0~M( z{!5;r1Pm0#=PcTsi#C}sh5(seOI+DXE+;FA=CHZV%^j~9VLVJgW<5fum1dMKOCF7? zb?qT)ohynRNMTJlvWoq;uXgPh8|0p2 zM#GHl+gX}v!Q$;?-Cr9Q#z*;-#_dRPYr8b|+%0E3hl2u2=0&^9=t$VfQHz{5yhO38c_!*E|`b^wuyTi)S*0 z@{r#9a0u)k?QQ2_Z0{|WqyB?Q_h`GBiSj;WoNk3T3JiOD5 z``c09`o)=zOS7qax1u+%_%6){uUyLBy_36pue`ciSzk{q-OaA77X4e%mE}y(KWNq! zO!@jqurt_Y9C$mGN>J)bb1j#HUI6vDmIr?!a5(}NgL+iB9A}?qm*JhK#Cjb5o)c#u z2TjxkmMm$FHTqyysM7x8_p(Dg4;3p?3Skmm0G)mSss;GSzg=$WoylKAOHH!We*Er* z8%v3jH!ks9uxny)0bdt(HCgo;uq(Euz;3=is-c{AVHZ3=N5X7Es<*wAW-=`!rsneA zFW{_wJz9tm-7;iucqFkb?AJ&6<~YZ2X`6+Q75kLulX7QL@9lJkd!rpFUd?b<&8ni1 zs%bqeRM=IYS(soUBPjm3<`&Jv{$X{Dmq2SNk(=L&okwRD##N_!+Fw3}FAw-j!wH4e zM)Ha;eLqBK^0>5+aH5nWf%l@ZIa^CgWY4w#ihNK>rf#X zvk}U0lZJ%b8TC%!c9mcx{$pT7ha1%#~GvWSB&&YC5ACfcda1J1kxcE9JdG098#2Lx*jDNPSmqHAM8%1xsxr zO>VA~qR^C5pN9d98J*ji8fHVWYYltSLORrCeQ{$L{#YsHh*P&B=|Q4B{~=N!}LS_j9Q7`AV1`}mj3vz`3ES2Y_5I+);AswPnLew`K9rd_jBJb{|s z+%#<_3-j*E`<32JrXMFi-QGE?oO5s}ZBCl~U9qMU)xK1CsP*gHd!c&oWFhyZe`E-3a7E=VQ?;7 zqtDMg!9pN=C6u`t$p*?z;u$s7SPXpmb;=cJTBH!oJHjW}E5xBVl*iRqr320I4Dz_7 zNSFT^J@L%1XORqE)hv=-c~J=E49T)1N<=O)WcH&v+`)U{QZS8q?%7ZQ%smq>p7Li; zZ6)VJxx2-7n1P7iVX!<}&$N8`UZ61W7ho6$zVcwJGL%&vZq^Mv~P`p^+=)qp4IN zTuNkX*c$~g?+Wns(8SH08m%;!5|MW>jK~yyF z<3Z~EJ@I6q+I{;+KcBz4NT?4l3>?U^l#}MTFN!fG8N|z6`2m5~>5=sPLdTZL7WbXW zbsb@MC)b^y%BZ?#sg&D0osnn`?=v-bBT`rhWEMhv3?M9n`NYq+1luqlDa|uXu$8zT z%54?8*a6~IfV^x>%!14+$o#FO@$R#r5mYOyWP@png>C?5HA0AG^9@QxIQaYNz^?TW z_1=-h^V)@RIqGg7AYfifmig#7%coq3;pp;NqU-!{>e*|F(!)|Wh<{jpJ5U;K<-5SH zztCq*!!BsMrI-r@`zs*tI9Q?P9YreRXn7K?Fj8>>c0pducBRfeQSE-Zu;55JqEjCXWrZqBB>l5|A{0-AR{Y^$$rNrozHj{qonfEQ)W|r z(4A>Cs}@fn*AwYlZfi4Xc3T@p_*7u`<5CkR9_^7@sM2z=C6l~cVm@MwO60W%ojq62~#<{6!9uE+XH!zVOQpiZJ0u?QzS4`VV8RJ zQ-WO+LKsi1zl9H5v3Zg{Bfjo?hlS2)HB-Yza}Mc(dc~g#;t!NPAIMya7nkylwQ_e; zXx!cwXiJ4FJCwTp&C+1A+}|u~&8uavkHxowyd!Gf5Y0Exma?~^+yeW$U>Mk^r53F^ z$ZOoLr{|S_T6gge>FrPNct$xVD%{5_-xK0rji1nJ_jra)ymD9)%Vz05&W{{Y!q^6B z#M#c&vJTtRn`|z(`y`TqaS5AJ`)x=Dr={jdARruS;S`1prAU$~wOl%19Wah7h9M~9 z_jk!|?{{}bz5P9A*Dzx2_N(P#vpymlz1{4$n!`?K)a`J!-*2}1t#-fB7F&t=hx-^42JyyHk?BFli>UCSaPLquFE=CQ#ZjZPM@+_EXWAs}{sBJ%k&`VVX!qHsJ8XBOHH7@6 z7C;J*%f0Q!Xs5fgJK)8q*0Mr7$aN6bHi+32cG=lw0FuV3=+i`GrV|#W(O#h3y%Q^6 z!p|X~mOA2LRyq?BpY`(?1aD?9Y^Imul|*YqWz9v=efbdt-@+6hVbUGU)Jv z%~RM6g%+cF`DKLD^SlP0DIl}^kZU^U&eZ;&VqS(Ox|98Isc|!yW*R~U^1{_q7{vz) z%ttebeJfL46>%60OY32#xk0H*!3*FPy0E$%rT#{#w^i-~xSORu$m_3S$2nvhsG=kr zQSd7Aj%_P|D{Gsr_R}7zcBf}3WJ*oU9%W6d!A=Os9#=9v4#CqlW_G?24lJFm5YE@o z_84|`m`$QC@X%4&L!M7{IsXazTysXZ5n*rV$F4!Lpn~a;qf~`VoZ`3~69S$4iYAn=D$A|Uus8Jm? zDy(s%I%(AQI_=$dYgjJ!D#cN^#XCU-^2gRwkMzyt_3Iu`XTIYvoza0?5S%q15O+k9 z9dMK6AaBY`qApc^Wg(b0`ek!y9OtLdz{V;Vgjwb5!S2VcSbz8Ddk}vNyGk-l!)~J3 zN>;kq;S0lnj6p`xoH1YRm0?@1)vg1nPqw~$;!9DvU3rxjT2#9`-LdfNs$;hzTBUzq)HdI66d$lvl0rdU8d#sq{(xR5lUoJF~XS{CuF31-pidO`x@cK`9gF0m}fu?BR;&_ATw zm4rhNc6IokiiZl<&=%M=%w?PH0MoQ;Fu)ols@-_CooY05gq3okH5fIRifDv5fEV!^zE>|<)-OBb!uu<(5UY1@N8qHB zjQ?Unj7sAS-tSv^E;Mc?D$9j7;)Km&do|Zu$#vERZTkT3dZEi=N5Hq(_mu`Le|hNb z1OVLfFjS`69fhcQh36HXfhDwq%&GyqLn9e%>yZp6JQ=)kwG&jsCng!DOXjClyL8n& z<%3kas^onl$@@{#-IFAPc{0%WiWgf(GN=RDC--D)%XoZlqS%Gi#d- z)Txx13<__oW}=}^qq03=oiylpj*O0} zxJttBntKPqX76gGczPYp0JLdk)}Ol?Eo?9r+&=*H)2&g87Dyj5ft*=Mm=(Kf&GV+c zM#wA;H&SS&=7j<#qn2?~IERjWOAt6w284K}8-sMCmuYshO{skI%}%x3?})kQWJf-_ zwc2!sc-4GK{c6OfR-6~4fW->DJltl2`BoHhTk4!IO``5>v^p1SNN5nQ4$OB1(@e6( z8~ygS#5D-`I(EIvvpPBj9UxYDu`#+Hv+!ILgX_ugD0OkhDL$+b?S7FzX*CibAqQ^JKSzfj4*)>etoMTaD2`YJjFx_5rCy5PSpFlFmaln_CKGc;-8XhBdrzu_8*Y)UW@`_|hdyMsZi*RJi3 zdluEY(`z-0X*z4YTBTDdw~HlGA3FI`J(cU0s-tGRRV3XHu>*2B6YIW+cx!qB( z*=v;>(GzSBqW-r7I-YPZ!Ru-)T!`8=lD<*Hl^_=RVH^3t#<$wO0; zLFOmjh*ihm8LC&@^rr-lCKt1g?xXy#aJ$=$!5+FUouU;t1AwVK-dQg-FNN}FHVEUX z&IGCp!Q!oC6-lTVo^>GT#v&l=aixzzAVG)|X>2qmx&(hEg@7NyDv)5{E_!ho3UY+h z+AJn~LbWkBG|V&zx9z2?olLb=Xte9SKGPdSg3*KUoWpd~Kp1k#zEO8O`7qb1w(58< zSnb`3mvApTN7+k~G0_!%G#Hq66&57;F@7hWOEmk8u|Zoijv?-3*5x`DlG)y|GrCzf zsA zgQaV+%Dqf;HQ!my$yzV=*DK?d@_0qSS4jp6Ua#5}Rf9CyD0mHXsdEKwOT%z!C`vN) zWK_NizEbnb5uIc+mjEUPk=~!sRBe3hG zzN@@Ui`=JIyN`?xKfyin$02f^1d+8Ai&xM*`*s0{x!OhjMZyjre@YYs%V=Enu7UHR7Ae;z>qk-V+y?b|W z-Sls)msLj=3)h~C3wf>|%*=N*E zXecOi8T3SXkcDWaKOZjLc|5L#9^2AMGs zX4Elt6s}i9F#M|{F(b(>+3GK+O7mNZQ=2KJ8knRg;@dkHDqRQ_8Ebx!t`iPKa;gNv zOHU1S6{jAw4Uj7mv?J)NK5C*VSEu0Tz+7INaJw!|aZ>moFKTrhGu@5^!SP&o50B!l z!D76Oqb|DWGr}-HOV=oM=K__h(fVSdaX-_NIv2n#^e|*t&UGIa2dh-OU~axE)h_g| z%kXZAKZ8&Wz;38K2$d*x6?TDO3SM@E=VgY%p&A%t3s(ksm7!-a{6$aZu?_4?%%xSk z?v8wGIBN-*wB4SMWH3vIX*$B=D~#Kf%O!2d@=9XsdPVYzfoD+ARFXl3GLJ2ne9(&6 zNCr*uu>!e8_L`*1i%m(FJD;Sg{df`BtpUECfb6%gc8>$w)0JSN6ik$(D9MufWWLnH zteh^F%p{5rAR3J@WFB@ z5Cne%z5w{kk!G#VL*eZ%b%qLTye}ItGnJLWu`v&(7*olwXns+n86pF^(*m-O%e4OP z&!6IUG~ko7)Z!>ch6#C)WcdU zS>$4}M7kjFGI^u1wliQZLu*1ri0za}k|e%M05@LWmDSjbH}_d`TLfot!3_ldgJf+` z>}u>}StRdw^Br>%lkQezLm@Zc5j8{mttG4YTa(I4{!PTD~>mHP3aH?Hu2dV@S ztV8nE#8tCn!Kr6C)6iLO zZfI)*$5YkrIE^2CQKr=5F6`1$`xLp|P_i6Klw-L@w$h7bD)CH-ymkr5qfC@IbOemZ z7$*liLzD@FZX+EHMT5RvJX%gAin!0DQq^3x+o)Cx8H&|rxzMhb>IFv8(#1q97mMT~ zp=>Zzh{S5CbR&}~$CJevKJQDO+alkgMZr7kFWoP6;T+M@?PN5 ztusl3ybuUd>h7nSAg|4Tnrkb}1IQ~OUc@JYx%vi_%x{C~1emM%8&e2QAT?|4QiR2; z{WNTHd%Hf^Lu+9kX*@(7V3s%w^;Op**aq5;j;Lg_{hj-n`kXKI!FueBKRXwz;Baut zmp!#kELr|)sJN1?QyLS6iC&oE8H3pws;G+$nYd_aM_bWXq7Q3|Zio&>9uHEP2uDi<9BB!+e{GGWuzg`alAl z)oEA2ceINRclaQS-(&vtMs6WgUkFxi#A_i?k_K9Pl7yBO-he5IgG`fwG(HAE-f^0% zH`rU=fHu?Q=5{-8tEr(UM~1|^LwO017uZcU_hdDIU|?6~-(VC;pGj7SsoF5x8kO1; z?4q%k6klMG-CAOgj5<2*9+J*3G*qXRE=s%MDdutk-M*&ZdOPrXq@XT?hcRX)NFP1`6-#y=kX9lvl5kV$+ zaB5_ROvmCR$t;4Jg@{;#HX^tc#PkakRLUsht8!Yw~ zlT9vmPi^Gp{H05w^1XC3*=0Ba>UNxB6apTgd5~@%W?52CjI$jyWaD&0N?KucVSAnV zCT9xNMPcV#z50||SRt4iSs4jEs3GD)Dmn@!iT+}|Vw7PuV0$Mm`fN-UtAUINdZp-< zjY6f;1_y_|(LtnuQF?YZ7(W+Ip2tivoF^HGvT`O+ybvfZ#p~F7w|3~QX%rim{uah2 z+%5_V9p!PCD^hrhoRi>jI^7 z!4iRK7(8AGSFXpK_cGn(e1937Wke#=+OUEbZda>agytEAI-mPIpNL@oGxchf%C>vJzo=_R{UYR^9HWKr*O|L3F#(Y&cnrW-7jT zVJnu)l*sfEu>kbl?xY^gU-Mx0@>a80$p@0!Q z_%^pdThb}$#Vsw~xqD}cPnt4?4y(>`P{A=f#e+NDS=wg$y6 z3+%RD#er1BP0SM}mHxPm07R%#3SN=QHpjbotz3^bW`mW}T=H&Ve^aK+N(f%db)HQ9 zwhof5!&Kua-Qa$>lEa5=B!UE)K+|eh%3&99-B~A_GL-_z88;QcH6p?R>nSm)VXlPR zTId&V?b+b|A?Hh^Q`9SQ9FL5rE zlVl*=8+_&2&BEm%o<6N?ZwEnv*fcOWxjW$^OD%!v6QEDyg(WyE)9FehJeA>fNQTE@ zS6$T}fnD|8>F$!8+`p47&x^O4!Y+0a!4i$Xg>Vtc$jwyiUbY8~Yp}bPZml~!1F+k5 zVOOeMhidR(x4_(*6udgOrWOs4!mbH>r(xIYuuZ`(2;VPFEXCpTBXWDQdTMyDRT4KoG5&o zE#$o%WJ@_*WMDX#X9u?jD|M+%FnPeuLDE|O{|t69RWR60iA~V} zahz%k?4}z>nFa-~z&FS%PGef_D(uSk_;Pb<%Jd^)*PzyUn=8*Cm$o!`YD1`A`4Fo1 z3e90-xH}-mLTX-N8=TIo1y*V(wuTbza4CN!k~+H;I~zy?yR%_j+so(H^D`T%YoWqs zsZ$v-a4D*WF)vTr%Q_y6CK!9vj|sa@ERcl*9apsoz0@s(TGBKaAA zhG0&VZltB1(`?`iq0;q4{Z6)XKi7Kz=4RWF3@e$YkPOtea1KiE3gG62+x3>iHfX`? zunl67U)}AK~vil$MM6D2EThz#Kto?;}ya!IMuE;j`a%BAsJ}Y#!8(~t})$G`|YRH@HltU zfYKP8S6QKS1sPck<41D2`CQ){?(g@vCyn8#I+~E2-5QPY^Uft=TZzbeD!!SFu4NPc zd?uVu1fqfUY&=-WB{K0~E)^+fk za>;ZqoguJ?EZusQ5Mn0K`n|r*l}#%aOsoLx(qXf?HMS77vah4Ys2!+hIf1QfU`7PI z9AR+|TaLq2{KJG@hh%tCwR@6eaJgOL_`uNZVrRFgx?PDlk(V5V!$H0cbxWzckIfC{ zkR|ea+M`T+oat_7dbrrg%NS`vt~G#lVs=3K_bMkP$S2Vr-G~%tupA>NI9QtZ=O5%c ziH?{ss5nPD9L~IN^MKYF{V|m&Oz0@FbQC5*Msj_)@X*2|PSJ%nv3jd1gHlWUrkK z=H^4yd4J{nrd09sTbT0}Befo`W+-{_J)7)O`O|6^B2H%ET z?q>Le+Ti`ftAYJO9pKU&FFFNMU^QL>35RhbFK&p1%P@a<-@c`w(yp96VC$w0L$ z^lq-jtlDY;Znwj~2UEfzuUGAQ;46Sj+K% zso>jSUOA3kjup9H*(+?X2e?ls89owrrz8#XLH#Hl?7WQJF*awU;%PjC`j*j8Qze7a zyTj4hG>Z zUY5-Gkl8xf=?(_XLO!{cOHv=1Mtl;JvlN8x_Bo_@A zQ?X1W5MFzj4*Bx2P@3bBP%a+J#G>&~5alnU6D$HLgE&Q|QpkUa7bX&-UaOl!uA>8! z-Yyr0jt`lPyU!vSfL*HHQVZl2 zK-8L7k(Xv#3s!fxC`~h<8Dl&WcSdRS23^WkUfx_94)g7P3*TktR5eMRGOxaUKtRmJ zVCIZ3dxqpRw64+0R&|^i9LX4QlhF+HIeS#N85Mga&>_e>4sqDn+Gxtp9>;EdyK<;w1bUWR=pYPpsU{~yK zmMM61t<^$jr6AJX<*Z?D5AgK>SL6!Yl)E;#Bta4yi9LO@= z(PFwX7f7A2FDY*Yc9Ai-82ZU!SH--O zIHFxqk&YS1V8tkYE%%GW@oJw*3aEx?sTD7`bIn1uzuh6aSXEzBuq(|q`7ohLxO*6B zc5lRUXE$OWt|u89o{Q8MV$JjZ;<@$Y<#2Aj(kaqo7Mhp~C$5=B7N_Bch3Iuj z2F)o}*cKcoMgnN>92`X&y_>PzoG*=ayi74OpB9i#AEoY%L~SYCzMt#f&7jh4J;-AA zD1MK4%LB3x3osA;2dK&bT&;GeYu;5AlWmA&gLvgwwQG7_ku*r~nijlMWv}Pe@TgtG z7*F&_MdE+FYWF17U}dj*GMw;reBAi)8I*$OiQ^%x4OUF68g!pJS0){Fp2E}l+MtdG zQs|Bp9i}rg=D{?-Y9Q&73{veTwc0h3;moDmfAwiu;bcf1u7uep^RY}Zp05(~vjsPh zueR~RA;l5_+5WKGDc5V+ez&$W9-w+1Hrmxxww*5yOVw_^II1?r_13V~+-~=Gd*e~F z)67=})z)5bxZUaus*P5z*vu8S+ugn1fbHQJ{V!grJG+R+#$5i(Tn=^YWM`jnL}&mw zWt?lMZN2da8|sxwGo5!p##4vd1>&2nMy*~UWw=zXmMbj2#j&^3?%?MD!^;sUV7OfY zWrbklAEYAw2g&Vzl4@6^xGaiX@fR1PXC2|;h_Jm<(etzn|9G0ZiY zz8wu{McO4X@f?Ro!CL2XBsW8~8=%_FT#S_-mU}TebqH?+a0$D_^%PTc?W#$^t0E$` zUy$YY%ASX0aNeFyfqcw1NFk;9il|5hZK-^lBt!u&LYoTNSGK^am@^)0?^ZXniiq=pBQ&d7Q*=q)Nd? zzX7wW#yC>jfX zOi#f1<`sX+%VnhmK=o=7O?7aBEw* zT}XypJyvYFB!gJteDY8q&{j1Jrex3{pArGIfs{o1B#VvC5GgJBgb-N$blkVTd@~u{ z8uwc}y>2EDcyQ&a@AmE7`dV`3VQOtHzPcJ;TPu>520fd~L{~Q=Ya1zFFuuMKU0I8* ztR*(L@}Y1c8m**K<91tSDuo{q6DPIY)wBXBUQJz~z6y^{ojGiSx}1Q@B3IbhWV^Yx ze*f;h2lwtXNsMTL>10!tiL1l<2GedFr{N~$t+v#p1EOYH>3=%CtFH0`@1#Lx9fUsdgqrWI@01;<0 zCutKp%ram=gF~*`AdIsOroTolk&cNmi`gDx6SI=9&vWe?lGMbxQ2u7BwpAa+JB*)6 zJ;C@-zOk2Y9OOj6AOjJ+%T!7pm*rb!Uhj!I@L-3ffZSjzzz( z`*=Y_k?l*_I}Y+mP#e&}OEyFZ6wcS<&`T~m(@_7Agz-3Qq^sYGWOPQ#KtR2A2;K#5$5Ytho(Y~y~e zbvM(zo2rAnHXi}zK46~_wS4b^6uctfUC9c=Yb1kH^Qw&3nHUzH!9iY1U1c6fy6kV2 zaE2TPijTI}s$=m)H{?~4LA)YmZp~pEK;C#=Vb`K4$CdWK?}XPADKctgo*i*CKO7;-0rSiK#eGFV}Xauim~YwB!0uxq=F?EsRA0}jPV>%u+P%4bMSDxz zeDi*taf!PRMYnt9rjARTBpEUy0u$J^NMN0ugv?cuj8F~aP>jh@2Y+oiLaSiZ;YveqxM=ZbtA|eJLK`mG=!Sn>=x?# zEby00H?_7A;XF&4XSCS&ZE3mt_j|IY=RCz9#W^|1N zOvGg8#TLDII+(c}%lXT#2Eis23>q%U3(9cTN(I|D8rKC}X9rwm8SI*X!BARSY98$B z4)cEp@z!`TQJUFG@d&USn~l^l!6A=mK9~n~mof^w>E@CPyCPjs*nJ?d+dl!jCwPV@ z!md;B3hYAi>gd`D*p>L7;~WZwT@f}+!>&{9Lh=gi3Jnx%3hc@Nv5q00(Cr#m@cgjr zo&S#jc4N63m>U3jv$a67lqk^q-G;JaAb4-PGic{K_3XG`JDhZm#@%s^vMSy$WheE* zxR4lRBI81GTuwLA@pe8lY1X!zD0ec|SfmzJUO*$rS2f zBiZ4Is29*PXvWX89mxI>!!FanIz0IZ>@ue1VzEdViF*Kcb!b>&w*kYza2g*|I%9Bn z*xua_Rk~M6YVfCKNr&{I8>t|)oM zMu+*}ZSliWV!?skI>89rI?Jl#R8s$P1>C3R4bfqPrmNvP&qMe zC{t_IE-Hl@NDm)HRl{h`p*NfCKGsZRotDYM|GSu#6 z8`QZ==_WNVVg{rO0=v5ZAlIkchRA`TVHusswJCV5=JiP46C{IKp^J>y&7lyg0m8v$ zc*Q8vR1NBqV^o9V4`~y_;u0wX#KQaNR=M_V`A5=@Cs!y$hRD`_O-R|CAA{{Eyl?lhaZ^q^iIw=0coEEn2B9M&#p%9&U$9xi1P zjbgS_%yCXF6>k-@^=zsT2{v+>PPtgkrt=vb7(%g7FrUlzF%=U}G0jS`_y~t*aCROa zPY_s~j{kX{0R~zqsK|8M80@wN-A7*9KhGUM?VM@sp4PyfsAug*ANfe^9QUKhtZ*2Y z=-s;WKuCtmA5AjkJH)Lrh9eFPq6(MLDbQBD8KtivMj}ct@LqtU=pCZil_9tKsMH*_ z@Lkp`5uQ5Mg>R+iG$EL&s6mDn1z4wv5eIBV}TtgL^NwX;l-QnUjQXc`V-dj5=fw@wCO(QP_uTH%V@N$XO z!HRyM&6#VYmhId4t7MGA5Rr zi{x*hZLfB#X2u2+3r?yJjs&+GN#NKms1cegY!DX0NCq`46YElaIf_8XWa|3TR0izm zur{77#q$?}nb}D3ECh!DzxLCD6O+L_2+5o4t>&P2@hx-WC!A_msRpOXMqGs;uc~^L-gU=?g=DZv zVw0CSw&?8W^stQ)N9#MRNR6$q@1}M*F+j{msKXz5*FI0W2%6F=xDoC$8GQ0uNl!DV zl@K;-xakbBohiO{HpDs2`5MDuJvVhYlfoofA0?`NxLtpy8p$^x8JJR=yLQKD*-uC^ zke>!Skts!pQ%jLtiC=Cpj&3(q*^Ff4*-9U2qDTM;W#}W_-9JEb&b;t=cY9bZ<~LTC zQ{iAOpNR%HA1vK^c>hi$v=u``7TgT_)`DAW$#5VW!+zHn^KVAB)}dgdzRgr5n2d#^ zkszjJo9mm&WC|B_^>Q-bJdKagBKJhKYlpm=SDG0b;cm(Vn#$_Epv;;kP{`?OvujKR zJ7V{sDhQKCSijDxtDkml|63gQpw=7rI03$oAAbfqyOf1v^rH{^s7}xQ_Pw`%`183d zw~gCHT$rp4t-Gs3lJZ)@W*2y6Dpx`rIs`;g%*wdAb=5FQuzlnQ;2_t9z-}JcrQl`G zxG|`8_?X?p{ZlSSxBx#mjCUrG8Z(=TbDJs6Ol$Hk6KluT2+tOfH_@3SAbBaAn~YkB zovt}L^5)7m_F0U*8SIMF?$jH{o4NN!N%=`SHCyhdOisDGaD zfHKC9kHfCL9HptJLLC|(<-z23G&hHhaR_Rod?r+30lV{|GD^M0RP}DAemC8arLc>t z;a;W<&LU|L*v)qCa*3U)o6!xZeQU5?sBJp*>F^CnX_ zl^)!#FI@@e>Sr!Eu!}MIZx6dt?Iu;pkSZp!wFJrS=}M|l@1sf-idB>hyW5@Joh}|S z*dgEmxjpPPD#c-sILpcIuruh?yRGV=Tc1eePj`FJnsghxgU-REzc*rax4Y=Z8oQ(Z z?qoO_bkHeuyIle(>m&^`^&q-0i&8_c2Jy;gzeEO$=griYrA2Unq7`nJ>{qe({n}p@Im>Tr0Ba`+;FVCc#~OB{p+Mj!s_Z^F-~BO zVUZE9{`O!;thRVUah9P5Tr0INhcYwkaRydzC+k?L;FG|Mnf%8@YiO`bZw+5_Eo`S? zR~&7?Vvc+??8*$AUWv-v)1;reRD+KUlpP0lMLa6+Yh!gafKe$&7j}o9g<+6Xav>ag zfUm#UrRd*EAl7gtk@q!i>8;}2|hkB%zi?agBCQZRYmm!Re)z-%T|VpvRqdc)b3 zVzV^Z?d=>Aqb}JNQZYDFX8KPi`%=6D$ujId1-mfhV6eI2i5fy?e86NGPJ`HE)EGrY zzB{@R&d&IW+l1OEfxJ|^kPH_hRosS_GWGj81Pl8p zfO*jAH5Kq0&)|{_LO!rm%z((OV`7GBRRjODblV6U_Q~_5@jqJavW#0WF|VZox!G&S zGi-Lm9CM%=l-_kDz0(847CdaihG&orj|<42*myl5Z?JDIvri^}^mE?LWRs%Uid+wZ z*-tgb()#G`u>;8vuXL$)r(u_Bmp&NCYuit_Ql&7}E|P|1F_IGR$55)A%-6f37=pOM ztgGEDr%LH?vy$5z_x8uVdM+7Te^`hHyM=Tk8Lq_xwPdiFjrNM^?Rs&iUhL(Q%~X`t zO2xXlWGfvfX}FO~lW5tg6mk29R6zE)jeJb13js-cUGf|C(n~vR@?t#xas*@uz!>4^ z_Hef`(HO2b_}$>Tz?3kG1*U;fj1e1LD9WfC$-$(n0r8flCS~vTwxt1mWJ~S&LH6-8 zJv=pjz;JV#k?@X8pLqgyr|)*^13*3rc!$=Ty_<{o-}&*oz^)oUiaM2+y}quLnKccf zDjCFXv9paPjGzY=nUaFMS_Nk*c+EKkGl$+`fq`J|L0H{Ur9En++lFsc$qBlvXmfBQ zR+#sv&acO=gz~G!KG8d3ASvQ7GSf!M&N$u~$2!|_nB2yGirTip)t*LVF{LJpu{W1S zP+v!HdG9`x7}+wpy+tOfP}iw^g=BEw)PlJ#;Ch&AhJ{qS7R=~eAD4j+E|*~*0N)-| zZ=%sHGX$|C)59`&u30^N!P_EN$aROeBk8%#*nA+1+bzytB+`Gll|JK3UW=C^wSho3 zwvZsNR1Z?-df=2j@5_?hLNA4rv&w>y0>Lc{*bO^s@cEFaGF1TR;%69 zp)&dM2-z-1YB!T`3&3uJARma`rA&J%qsS`@XPl-WFV(J)44sEUGKjX!FxOjF^RkrE zJ+5{Qb|2M~oz(D7Pf`H50>17Tg*Q(jeKyyqOp#Yf2AXVB$ZH>@-i6E)%HF9$wh~*dlf?2q@nj4h$-og0b`g+83rz%MfAjL&mZkQ|t6k4~ zOlgW}t_IZ*NEDb-^T!K`Tou^Wyx#Gsg8|uAV0keU+T0zq_WI5A#>2ZaXEv|QC-2?} zT$%S>nF-!nh~B-Lez;imuhxU>ndPP6^-I1>^Zv^V(c9M|i#N8eUGgv94BcN!2Yi!m zQ=_)coJ59vv^#I*sl#gj(uy{VL3%hq;El9=B^d!OA39k;>P_3ISqsmkm(H6dy?e+yMkTuZFmOk8p#XEVBD_hcF$kF^UYVj zPnKG|Q1g-~y==7S-XSx%BJ41;64?q0B=(V!A!ES!k!qK#e`Q#AQH)hH(WHO1l8z7? zjEinNm547dWtQ)j)*s}Smx`PB3LE#*D|ZT;%dMEdn+n$g8<_`7@x>d-rCWuy<-*2l zYWYECb1fI3`4->Bt5?Lj5)s5pRC2jgn(yB`U)(-g-?!mfL=bFb!`rm%bW&F}y8 z{3R|&s~-WoV#7G0>opC#;=L=(gSg)r?B?2sFaR(NxRF&mlUf(W?qr0&EL`W_AyJY` z@zTsjbk3i;5-BXh>Q?E?(KOpmSFu|h0K24BCfYl|E}=d$CD9~|-C`rAV3%rFXCFQi zcD-U~dh|*5WipKpIgK?3c9q)|lEIkV&@uiV!>$Jx4uDkpTZPtUwjL_Cv7u;eGoxUi zX#%@K8R$fOzB^n=l`i?>B)v;edboTpT0W2Gcp$fwtY-RqeKA4bSLbJm{(vSH*cFo2 zuHme)rhJ&<@9(LyOhq|d*HKq9I>g1DBo#A1$G1m~;kK_>zY@;PfV`2?8G_m2cF{8g z%9p~m+ll&8s)q6TV!9!in{M7ox9>pjW?BHT=y^e2+H0B4gG_r_mJU$3>jeHPw<{!r zrT&~Cc`f4|Lv*NyEyQGxkFHHQHazaz;PMQJPSh@EYLeoFZ-a=sT_u^g%sscR@YypI zUXARw+8iUh$Hyohry7jgjTBqfQagK5s@>UZchDgq`Fb9b!SuOLlJ`PQ$d95xaJm>w z=CQ)@CklytwLiiKN19egyCZmoL90S|<-y)~chGC+a`|Ae91b-T(RwTlhtN#N%h6yl z7ObXYjcl@(j8vnca+q@h^?0-vi{|&tK~Y-SSmE@H8@&%eTz6js$K

#~V!pO}^Hp$TKb)C#t3myKUapMqV*~@s$X2>~7_ozI+o&T(-AOW+k+$ zTu?aH3ZgBel^iKIuli!=)}yDlGUvi&ve(3-%%8s&E<$^f>MJvER0BfHGIk8%ASkSQ z2Jw85%2y`*R35f>@O!Ftkcnb(a*)6*sdhCTo@ou4T*ilLEmOM8d|D`b&R{oO#r1I} zP`(_g-%ip=t1qRicT$bTbaOGoYTwCpwDP6?ZK5iBkZv!hI?HKfyv(hMSHm>&TJg&O z8?`VqY+&x1ZoS^xBPB4y6tYCy;KaOJ*t_eJ<8{?M!grc#kbNn5ZHDc5O|uQ+rZLr9 zJHaPBJ}&VzR(JY1a6D~`uGFvz8`R5Or+VBaBk(3*n4X(3C4;rpLfP8sg`12^%v`;L zi;X`8El><33&gFn*q>fYUNNXfqR#<= zQd~<>q5%Cs0>2&%JKcOd74rr2@nk)hE5s#%Cl(B(qIimjP${rYMnm~zyqHerqLFMQ zk_m-Vp6?CuN|b8M zf!!beZ0?w3XeSuTk}iV0x}1z&Q!;>zov|3)NTB4lg!*8H+s2qtFjp1|hxR@|oF(zB zHYn74m3B`{T}d$Q?j53yy&W!`UyaRfq;ABk$nDW@F^P}_Z6!;P*DWr(_$^3s1T8Ne zj?fqg@gCb#`!Q->wZajzT}#_?BDn0^V~Lnf@O!;(dxuWtg^Sl!q$Y1?(cPW&96n2^4s9cFQ7E=(ohP+Lx-CJ2!dlA^pvf5~P9oS7H z!Gc;V^8R)z zo|56?(zs76jXk{flngHH+T8FXL&H|>8tfK&`z+Dz)+u)j2iL5?kh^PuA|{NpDDycv0^6Q zC?VC2t*tDttSpm78I4DXWRIZ9jYkN6$YoN=a5xbP#e<<(AdrlNv#Dezn@y1H9tyIu zg*>IGU7krZ7`rhsGL>GM(^7k+sU{6ECm~H7@;F&;C}xjp>L_=j{ScXV(_+F?j2WM6 zerCX&DJGxi(*6X|@v&got7kvf#M+6rn|*7Sq~34WBNAarOYN;6{)}{qh(j_wA|P|! zlvJV%GInr4mmo`fbA$ECpyZAdT+Z#nMKW0Aek5Eg@E>m1#DQ4~|mx)}2W5VjyuYC@_Bp zO9)ku%>}DhqP4{oQxc*cvugKdrhPNhxs~qRRvDR0Pox?TQWU)6&maq<2I^m#q;P6p zEq>vAnHxq)CjPt_MItGCyx`T;OY5+Ss==N$?@46Go^BhX@W6MPZ2)$);l>yR37C#u zgJ;^HC@iK8tS840yJE6WfW;o{dMXG7XlE?g-X4aw+Vhp-S1lU!?P0oIRWbm(wA9XD zx$~`8f3R@tUbI*Pc4LKlJYT~Ek`-tFd6#pt-m01@*3!jFJYR|Ds?l^6mvde~s*V+p z8v6(r&qbZ$o#1&l7>)bG30L}D<9FJvcB|X(_PM4Xajh>```FpYMSdH3S&ws&jIos? zlks3QYWI7sK?jb2``4r%2}L~Oiq3@Qa+&844#!C6&Rt5kScSe$X{_oq+c(%%KUl#j zYIT$7+80L*#Y|8343c3AF+Do<<2BgieQR8ajodxuOa7Kevx}bgYxEAi+Fn%mRJ*qp z?|=WtznH(iC@r;I6W$*_%G8RI1?fcjiDE%uw@v$Ntm*}%W0G$s5ofIfa(B@4QuYeB zOCV5lJ6G!!8l49JmV5hDV6DA_SZlZ#E6=SZ=GN0UWA)YYFh*aF?isM#9;Gqo#W$T_ ziZY=-$<}vrbx|znOq#*2DanA{5m{#$`fsxE+`-Y*omXZbLKO;Lsd-h=q_vj{b!90g2-GUz3QMWbq1A4WMiJ*gp75cvQEZVhk?js! zs2KI%P51(^^578PvT$>BD_ft7F{WF@(;e77AIKx%y&lW@iZyVVHwpACn2REk*dJbu zDk#^Mn%KfiVe60#A{f(yHj*aDE7_P(%LhE&RJ+Mq^L99K0oV;?&V~wtxwt|EE3={U ztBgm^FGe=)i<&uPdEsPo@?EM7z zYVf5rNuO5jeqxegn%MPJ4VwKUl)^O0pqztCGPtquz^(|$XsH3a`R18RRJ(5hyU9u` zQEDbitwgboiwz448(q!gol-OTv!!~bR81DE1Wd%UbzqklkY-N_=MR;N zV=WrQ3CdW>!nPVrDuO4%ghlfRo}fJPPSzdqz0ob{l9Gc>QiPPaB)tkyqRN#@K&Kv@ zZn93TYx}{8`jel_%bAxfLv#`;Y*Xt)w z-Mx`+-j}m)CqK`ZJxrU+u>04?U|&M#xyy=oS(;EF%f6jncHGK*+t<`%{(}9QaJ%=J zQd_tt0y1*;qQw@k6L-+dy^4~M;4zC>2YeWGCQZD-6n4q4Bu-7(2GR4%fCEN3lM;4v z-2tU8=tGw&*B>wAwe3q^*veiFmG9^Jf#x0^vqWb} zIt=e_oRmq8n?y;Lu0t{mS+Kw<-en575;O5p)vh?|nz@R;XCsv%OB}BtcB?zMY=_I+ zp^9Q|l{dTWcw?)Q#|T6i^14MXB2;Hz!Bhtp`g}gVqY#!dun3- zd;02-oI+>hMIa7lxF8nn>_b5kI1 z6NcedM%Ha%c(tnr@}?X2wcxdy*YU?;n8HO~lQ*!W$W>c(t#)OrY%g9plECKqlNq<` zEAk|2ZQdG3+cnBpOZSwzlVx>~zU8-DscYWPyogmw=~TOr3^<1d)75CMar(lI zzxdY6znQu8&>y?I9#~xQ-+s8U_;B;i!!5SD+?{3L;zQr!if?Jfe@B*2x6c0Js_ZO1 zvV4JXD8j!&dTlFwYUa|*Z~SQP z>K*!NVc5x1n;w9DY1AO6g5f#Yj8r?QB)d6T?cRNEY z$AE~V{@#AL(!3T*x#vO-3Eyb+PrK%NdE%waC+n|=UiSevhev9|ZS_!JNwo$03T7$Nz$+`AYhL?4C z*xcP;E4ME|GWhUaqu?z_$PVV?zSPYy=_z#tyqY}7$dA?lRIy0R(Z0*Im(mN`Sd*3- zaLXsDrBdieG(X~EY-i%auD?*fuo0W{1G{*Sl`Or3*h(@huO{lZQcdVxWDEwoiq=(*}{6iMEUqSZN1GpeG|0YT8g%e#c}buCQ0~-W}LAi%1W4E%@C@#MAh9hv`4w zalO(#voUYSB)Z3+-ufDPlvr?u;x6pMb6I;=XDF@7E4^UtMWAVydE$6=Koygy_5!I& zEZ-!&^6TGx`May=mDVEgu4KX~iyAH4k9o8Ni)mA`%EwO6>wTkpK|`kODm{^s{|`_ij#aNF13 ze4B5%`S-X7Td%$S%IhqC#rJjl_RFun^~RfWZ-4vUS6+Sf&9~qA;Y%;Q`tmEUzy8+u zUw-wC?|$!fe#>ibaPr%)y!IB4_VqWu&$sNnrZ;E3%HqLuM7OWL?(Fcb9pOydvGYIf z`rhmO75ZEF^I7uD@BsLwx^ukb3FKRSGUa);XLWjUKlY=SUX`clyRW?Q;`iQo=SRPI z@BK4x{pj7leeL_-dgbl!z5TNbw;qDIa8ST*tkNZyx6qRj2~jUJMv%FM?v9v{wTbg# z7+o4@%uO(vCW>0-dSP0*>SBzdE4)FbH6kRqHvab9U;HY`H`HUZ!sGJc7tH760+0+ zHMf$yE|0zScHG>__MtdLPG@*CZm0D6O1cde?~;d-&Xf+tC# zp6d(-YVE9&1_8{$!C_&vcQ;*`*-A1rfe++a1iV|>xnTB6FuR(oHn64^*o7w(YEHEb zunm%nrBs7m_=uQSxLxT+$OV}ezRuMU7hsamJ~%wu%-81VU7`~Pb2Y*Ee4scNEMANV z?A}bbZlzkcsB@FF*Hp})^{)!ZT1(m1Qd)P?wAaKL62}~~ZeTGzY=naVF5oKzY#=ZG z3^G;0^n~Y?gBAK(vA06lyQB^~rVS!#FiCHjxnY4|AD>|QA!Zj8IzX&|TN(MQBcE;q z74z!FmuM0$QwXDKkbhk_hmC(`MA|#{xhhZSQRf@JU|O8!LY;>`#Dc}=`lny`@@GE(eEHA6{MEnwlRx{yfBEm9`Qy*L z@YyeX<#S*7>Yx7Em;U61FR}lb&wu5=zwpIBec?+S{M;A5@>%ZT^I!Vx=fC{9&wqvW z+0TFVv!DOk=U(`8w(S4upMCiYU-|myUiixY`mg`(|NZa(h`Z&te3sjO@vGd)fB&;D z{plCJ`e$GI3-0POFX(MwV10${=RSYD^giX==^Z=4j@!;>9zAFJ9%P?K>)wOikF(@A ze)V&*_`P5Gj67*P!))cbed4lzh{xCQ$zQO4)35!>=fC#lzx?J`|LQyc@xT7r|Nig) z^MC&AS6+PcC-b*gwo+w~7p)61HYzIM5^4z4miyGUT+R>j7@2E?PX-#dv!5iLT5y@l zlI2?59pQqdI`*P`o#vj0X$TW7xQ!MmeRx-DYQc7dwui7 z^;GL-stM0~JB4mn=O#qJiyN6>E)&DT^JW>NXx+^T;4((RvJeU*c}>+|l!DL;?&z?6 zD>H0`?n6OdiG1Hs!q=M~*12KTHYizc(mdgO+xD^SqM=jRPFJ`mq+?ICC_5$@WO`?Uo{{Rnn!iYGV8N1@ zceQ|NO%*e(kTn_0sEq`^p>Ne(AOEye!*q zefQOGefPC*zx1lE*LCr&?RbkbW&c|**-hT~=6B!t#!Ih$Q`T#?6LHFV}AWx-+hJ0{~eC=Ew_D{oAU_Y{PuU> z)a@JJ{M%Q*_r?$Y>KiZpzy8_(^1uJv-+!5M_>H$;{N8Kd{O&7yZ`Am2vDH6~dw4^Z z+=KqT^4OmIJUA!FbK*QR?C=O5J6~_kqml=uk^22b`KB6H^9t;yAAwydd#7L*e@KVheGGOjY;A?lA`E;5 zcDrkQMopPE82$>$pw+HXHpZPhuq$QnKuHFLU8-H!Uh#xmPguTQh)e|2j1mmi*g?}M3NemL{1Q*7s09Q@TO zwoh2UJjDsKvOP8btJCbrK0CT(ha=w3dmqle_u-75!+K=rJ^8&ezy5Ge9tl7CVCL7S zX5Z%_@c>TE{O0V!hi5Oo`~KM<{`~zPzxyGNkVh*wIWzm~v-7_^J@<0*0k?)@`!ztP2?U_0EKo%sotcf+5)f94k-&cNpX^343tesk{UAI!Xadf`vM{8zvK zpFi`eb$ffo-a)pjDG$o(N_b^=FONu3Y`}nB zNCp|H$Tvrg5jt&&U8oOtnIpI!NL=*A7ZYV)b)4)TraA{W(WF#_I|aLz44^My>yJGN zb{)Bx3%ge8dUI$~@_C2%(>JDcVk9O}U>8q8zSRj}okpY7tq!R@ynnF&YBc zLB=8^Kf%D)1W^XN-NB1BZL{~%I zE5>CyM4|28?J=mV9;=&qsdi_5ct8*;0kK{wo>eWQ^MzVE1-JsxAk{5*f^vcAJ4y5aj zjHv65zGTgLQhZ5xWz%+0i?Y2$br@&dUXl0yM&zxZ{QC1>`^Jxce(K7t<%`$u&R)EI zZsF$Hi#N|+xOryb`sw*=r{=Dmp1*o#;o9ki8>bhp%Ryc2xa*p?&-u20_QJKZY!_~v zy}&+8caD$TILD9Vv>WGSUDvJb$PxL`wQ~#C&&&R`vvb$ZFI=Cwc!O`xUc5eY`PST} z+aJze1`U68dY%V%?&6Iz+yf_EzIpBv4^kd2N90Z}+|V29{a?JvJ;;5^k()F8nX^}J z+L&*35I&IRuFBX&5! z&XFDWhIa78;%;?a)kn+Yv=d~9hpmf0|Jsb~T$KkPr#*XlcjBC8kC|V=Q_2p{&xi9@ zPR(EaVD<|Cj`P>=UB0vW#!r6z#lQT{D?fPm`u$B`sRid4I|!s(0t*sVlqt2#`e zGs9!SQh6L~wH$R@kJ^%O8nuW;tZR!*mJ=Q8y4$$UfA+STddG30seoH?xLqN3W!{%1 z1(W%%NcT)jU5Ptz(e}hxgjHZB8au{Z2RDRd;7a--m)Awi2|8lbm1_gg>vWrvmGyKv z(?XCd{WO>ZWVt{hlMx7b8PX$HSTcOW6`7mxXD=}~k*t&k6OlRZ5)()+pa@V@X(P%U z7kSYFQSCaabm^~YB`ir(XjF&?Lbof`ZmvGNnwZhwA+bXIjsVpz+-}vWc2iWl&6`Q- zs$tO}HLr`jblW`eRS0g}$=2DbEw2{5GQ&pj4`N;?<6T(Y$Lw;%E2kjKI0wBDICkc> zc{T`gA9^yk+O?@6iPJ++n_AI{gYb`rYX#(2P+&8Byd)_ zU8{4SSnWOycBjh$xe)VAm;{K84s)6hkZ#hFrX5`Fk=}|U)Jib@=1<=L@?U-T)pvd| zbLq~tJFBx-7SGJzI5l_u!})6;&RzRp_UdnDuD*Z%3Y8IWQNFeHn;DK=)*~!-_$gai zdZzBrUH)+P>J!$C9-O;+dQJfSiR<+2H9+AMpuh>US5KY4a(V_N6*NCJf9>=I+4=Rk zi$DM1Jf$dSa)dkNM`td`2Lq2v?tg(h;REB^8BUnLBA*=W&s}B7!MW>a=dPbRcj?N_ z`yZZ}|6l*N|LZe<_LUop_s`8;`t|9VQ*)QkUKDuJKjg}XJQ!I5RZ}~BYe$~AbA0CM z*{i2#<;>IatL2gCvYjjZnf#5m^Wn_p4`(i&nq^&IWn7v{mB?4G;4ICFLBhrc}Y#sBf*+duzc z2}9#Vk!siGfRnX8%>a$_p|%C@Mu@$n@x?@gf~I(k!8vqAy?}FAx&>1Ap%hv}R7?j0 z5smGWPrk4fxg1J8EOryvl64Q$b<_yL2rI*I(ow-)@E)r+ec3mCX~=OP_}EBn%9P60 zbeg9AnEJDr#N$yk&G8bb)vH*ou8v31JVn2=qe`a}nClo1Ufa3)$i7pCCN&j&I$Bl#@)k0X)pjuApi zS4~HM)XZFnTs47YfY@MHs0Y*Ws!f@}?l$T%LIpks>&NF_PhA*=xNu4|CNh(t_U=d7VHu zlz>9#Yu>w~>OE%qo!**|3{$W>rNe!MaCko0mDjFwX{JrKJ#+E)=?k|`E!;Xy<$LiK z-`e6JOOM#HpUQI2yoDSXw}(%*&T&Jz`K@!8ZnMrV+&p*j*36YVEd0_~9Q-Iyv9#+MEuqV3^7`@%M31`*~K0`G>BAmwUV_1>^dQmO7Egx zNYZelB5np3%iz`=)kVf2nxRL_}TOvn$inOIXdbE$7#!em6jSi zjA&_B$-)-evM7NIc*r#9t!?HSsYY+0a}bjQ8D;40OH%#aWO<%&4PQp8-Ed_Fmxe(0 zaxfih_C|2xdx!W^Z;O&a(ba`r5opT*8^gicWs_8Pf`>)&U_+TZ+-!Jsgiq9ZUaH+$ zLfnEtsQs4QvM~^Kd6_2|& zh=G}x2BbCb(^L)5VWZOx%+q1FF)Am%9r$m%sj<*I)U;dsmk> zRsyMe8<8t_))sC&n7gq&dwqHK+JhNg=da#Bf93x9YxicZ-<`S6_TKD``!jrdjUCz7 z#m-&X@&@Jv*0pF?%dbq?p*i2m2)0nvsdl5cfAGL&R$)bzj2@C9K3oL_&5a@ zaq0Gg9;aAi5yUAcurCjf2X=Sv#$6P03pehuIBntjJr?zyt(nVrZrR&G2U%PN^asJxkrP~i?uiu%uw#1z;+opPFwbgdK2BnH})uJc- z7QC?t5$e+NF`EI`Y+%~&1$e;+d`0GCnUxS=A%{WC!Sn6aLT4pi^A{SmG1Kt`cOGyZ zfcHXWwEZw$#)0?rdV-L%vysXS&NxB&hze9X-Mu4Drr?FcrJR*n_iYJumuU#8cBSm4 z+68wRLQ@2Ncy1RDi zE?e7KWqXlxYo}WZ6$SS$;K-YH9WI(kdS(SC$@GSMP9F@}o<)9^P9I z&tAFxZ~nu7df}^od2hvc>;C$+yDQi3t}fi<&L2Q}>Yc1zmYaOSb!mx5A`d`+udJ(& zEq)O{y?S?@KSv&|?c81Wj@S-QmpmtrJ*&??;`~GKl-^mru(W!Ce@*=donKs8SX{Y! zZ)0&Kc=Lh(Hi^tzu@C33|LvPUdFyAtSq)P<<8*27$Dz0ley$ix=&1Z3hY12U!lgLHi*RYl0$ z-Z{{8cWiME8EdhYA>>27zBB1i`n{}T!Sm3I~n15t?ZSscSqach946P&1-A|eowCc|t8LvosnNc2+ zFvxHbTHWuzd-}yUetPZRW-wg~W*Y0U(&B1lX+5?a%H3Xz-dG9WT#K=8tVXV{glyed ziA#VsBTu-C=2P$hK+zbhv}-AK8xVNsaU1u@OT+94Yl4I!8^?> zP{g*;6=;f=7?ZvgVtpC;mD)C3Hb*g9XF76b@epo&0W(lW@=iIIKRWp9_H~ZOe|5A< zyku1bWh8@LF&px(WS|$C8+qY&Y4yt`c)q(_=u0?RvKA~fEB$Sp5{%?+Pqw%6>s22Yt>lk)W>N#8P;$`*?-xO$C52m=`ovqkiU;JS>vmD}~##wT*F6YjD@nwJF zp+C8->tTSE(k1)LoVgh#+n9OiKltO%F(HkWxKQSq>&w!WsFEzL-5o`-@II z+K>KLo+Viicnm(-%8tA2AnQJ-`DH8X(I-T|J^sBs;UE1=AH4_XIgtm?pOCtPY}U_{ zmcQ#y-`V1^rB*0K!+Br47|GSM^}+3xz{~Ia{LP>I`o=>)fD7_6CCqSRX?TcqAygWR z4xw|9Z0})%D=HdlRrzQiWpF!e4r@K^UXObFd+79UMpD-!8B$|HO#-Ek3XQ{Tc_&q2 zoOeY3ZAyguEZ7wyLOsUJV9e=%XgQ*Mu4AwuRD;2;R=e)tujm#OSl!63smK`5R?vK} zyozf2{SL8k?7#prNVSV}O#E)F+C2%o+16UNxt?nRyL6kD=sD#`fb8AR_HdP1PLy(F zY#>ok*zIm_2a6SaAaQ-fo#vFExd~vmJRis{#*4{TPhfZdXzar7_QZo-gbgn2BI+IO z3JvU#45E2}+ua)-9(4|d+ns~kHIe}hnUV}_=OV)GQtBGXa6{<@NCx8>r0f;8m$_kJ zm$Da<0q~VE;>Cxp?iGDtouA7dNjQ`GI5I>Rsm!IZj)wAIN$GD_XiHH^wk7Gu1Xr{r~a zybt*kB*U@0o#+-J+GOU(xd&dUwGkv*qB=;``qja~RXn_r*a*IU`~&18wSktnhlsbYUUnwJ&JZ^Q~4ab2;(dNj8g zD{jS0Y-O<%XY1@x*{z1N=}K?e7yrZm_QGHN?dz#>8=Ll(U~(;z-Aa}4Bi=~xXUZSA z9xuwDsXHHU#hmjuV#Oz~XmKN2T#psk^jECQlgW-Qb{<_H?^nAI)$T;^xv&~9$v<(d zyqRvSC#nx4awL#x_)|4M*>{CzvfPQ6+I(Dn@138&`r}{moRzE2EFt?{4S$;BO3Q8I^jI*3MyPk2#&ropAbAB(sul1ZdEqr=kxWBq7us$JN9TAf*c(dyuf@f&YP~XTaT}k&5mzgA+>G%| zucmy(rZHEz1=nK?Zedd!Kguv*zu;UV1F!C67Sbu5kCoxH2K)D==fs>r_b!;5>)*vp zCQ*%7yRFIYSd4KFdpkSvYW=?0;bMzZITavq2LiUV5H4H~XM^Q>9}}^I!=XfC!Q{d) z9LgMoRJ&}M7pB@Jp%8@KCWae^7jAct*j8-MM!UO+NIJCCvNA3)XxFue2O z@+Bh~l588-brg7?A@XDN8AhAGQiV z-LMYZv{BiVW0~*|;uXmxu{v2eb~!ps!3^6bY!1COZLeWY#&V@3js=DzaxgKkg0FMg zq6wHzCYzg#$;FNl4(eg1M(HxSD3xyln`b83s_1pZPRa1s`E1vZdatG6fU==;T^2v( zWP}sxHqxAfgo3z~2DMSLI%J!pxTy5rKY#VbH-2(?aV=78rW!ai5be{8m3omX9 zEN{oYm1RG&yUK9??wxZh{gx~uF={Ec5SHQ_zhwo9Gu&1miq{`iHzdFibZ`Cz3^h&##Ev1gMr!J{k>hFdk++RmrD zNUSo+*LLz4=F*Xq*a+c;Su$oOEZHN=%l9>jf(%4>Q@?7nU|LKs z7{W}-_06UJjpB&ynA!;ba`own7QA2x)hzkVHq0{;6F(Mtrwir^ncD*aWSkY8b>kV; zT}wcNrDn6bWL6e)M3A@nFvn`qOnV@uZvSp>u#|;o=&okk{#-NL9FS;SDRe}c5^3ScTQpVDxzJ5T>$r1qI%O{SJ2jjT_qV5cEMbQ zU8e-riD83X@rS(Yz%C^))h@8h(;?ihm`19SS5#%LV~)VCs>+UG7yNZ#x4V_YE?!{Q zWV}-9+CP=Mm4BhB9_Zt+JB_>oyY3jc%_eG&h}66ZMu)59K8&nZ1$+g6riY12oX!9Ar(gQ^t3Rj@_H*?i9>nsC z++04KSW!9hNfsY(-r^p-{YbIP;{Kz>Znz{%j_B|DbeG;Ue>>0iAY2-Sii1$G7b{scN$OgyRsJo0f?3Ri}TfVeg8r@FY?9OfJ2 zL=nwHueQC@IXujdb}%Bi6UwZn8!&H_#+lxcIOaI8%kaA3Y_y^CnNzT9jS3kWI^nUP zuwUh0d^IFWm)2+k+xR-Sl>n7jB4KKSU9?{%Y>BK5IS#dt8m?V3lQM) zS86hWT`hIZUCYb{G|R?;T>uxwu3T8R9_CvQa*}s`H%GPGH`oP~*RqX7z1yQ)Wr%E# z2_~?(a4A53a30KM5ps4RQbEkHnsH!vMADBm$~@RrQ*(n|>{CVDD!Vx zhkFx&-NT~|NQRC0tUrhS7{Xv3$&i-XJijAezXHjSsMAurE?u=cRD*B}N-s<=hv5~+ zoce7ybq)M=riaBVM}mh%$!jh-I>RPA7U^xt{$Vj#;;MR$?R7a{d2(g!Pe0}O z#FNn!xyq0kHu*;qlVfpy^G{_0IZ;b)tIdlYwVs=(dfmtnCmmYYUd?`215kSzvFtKx zdU+RIUi9=Mmt*>(Bu2$9!SaAFZwWCW6_O!Y?OnaM{?{+R{exeg-Aa_A#Ws?LJW;Ro z+3L8kgYQyh$0`E)i3%<`*g~@7Z3ny|6BQVVK8qbH=%oC#pR9U|gSIb#C`&QX*@BQeP*B|oIJ}UMP_#6rrdtfLZ@M=1~SM2T=>Z4S-Q|M2chey@jeSf)iH=2K# zEQ4{0Iz2axa>#?=vTU5G;Ta-o90;+9MgfRD9%Zj;$h^pH+hJKfYa_qYj$)?I<&m=@ z_2WFACq(k7Nx6ppI+m>`JZ@Y{!MTc6148GW4xeCec|bs*KmphI1h?ANX#f$8=`?`! z(^@N;rj&H38fd8jLB#Lox=XpNtc8DEZS z_iU)fpzuPte8HDm$rSk*lPqD$oPs|PZSG|I0IC61gSd|E>`AqYR*X`2jGjSla@2QU ztKEZx&H+|9&4tb69L~Nl3`#PH%Ou<`zav(|4d-gS2J8a9*HzVEu*;SO+IrwC46h?8 zQ;V`k28bCQ#-CS1fKZjma>v-D{+Bve7zQ1>y1c#zHt{FReD2WJ6Bqc%_THcPfWilrgS_opZHi z9%fERiM}HB2s4`CW~_{Blw_hv{$PDf{PoQB2Y>OmZ@m4>Gc==sEe1UcGCr?%rLL2t z$7wJ)l&VeGN>GZk#np7g$qwl7<}pQ@yCZIsH15Q6Qmm>}T`v|Y$2;tQoRxNOYmVAB zD>c1Csm@Zk-){ zNRk8ccemWXdII~8*J6s82B)+{iXcV``jCih;3^6in*q--A8%LgZ+;a=$X}k}V*oKC z;iv3KazqbHfqmh`sDc}#N`I%eb6D8f57m1QlEvj@nE-Q%n{4jus5*TxKEpItazCOl0m<_v$j>66o#>nU?(6hfE0A6>*=b;s%M<;HWm)_LXW^LXZr(Qvp(at7ik{`A}(oE3up|v{l}VDTCQO z?(EP~!<|7CyE>1iB!j{((`>N1Y7!|d!}f$hwZj9d-9WK@*_Ux(7loR^ZlD0{TD1%2 zy0D9k*MVKA2G()Gt8B0K)`Vx6o)|XY24fpEdrf+4F6^S@Z5ZI%GT6PJXY0bQJHsZQ zW?~wt&-HW&n?fx|j*}@2c9jfzbb#3DiW>Nu#gW1838PO{I7qcSoigGL+sH?{^$pCY zS$Aye+6Qv*%+}CWzC{|ra@@`U5!<&PfszW554opS^|KEyE<#4}qLP^iKD1;$Viz4)tlTYh#;v`>>h58v)}cGJoGb+^ zeZqq?HPN zm23#jU{|hXiB&8Q>Y$yLKK+o0;aC#1f+UKm>KD%)#=gHLkL@g#xf-ry`vz{HQk z;)iLxO1KEBm#S#XJP4j1b~LnA8wXwP^_RU~m1MvU6_w>EUg_sLJLSOvdV|-0cIvx7 z;36@IWT)6Cb(NY$uV_4mAQ}1O0K5uqS$Tj}>rn3_0l+P^=nL&o?B@VnJPDbJ zYVEVdpAaV(O-Vq3H0bV2wTtuNOK<V;M`M|epE2)8;@hdf>ZL(XAK~~j?!-`_1y_7m;#N~-)ImJjl& z&wb+3fR`@TqtYBkF*X*S0mPSPn&SaY46qsSpERMKzS@IxbFFRc?clsStl*U}Ly_gm zGD_Edi#ZpXZUEY}KFpg#^SU)+DrQ#YXmVY&6>+X75p!K!JO!#!l#01py-5Kl?IOY4 z2S{{TIy#GB*?Rlt+jSrQGg;wkAY5+MCkS{CX_`gq-RqIuxy{TObi0rY{_Hx6PyG*I6jCWsS*ED)nDqVJ=gP|k#F;tH?2DhW71&#B; z*%y!VbACy)!259_TD_#0dnwB3L``^xgwngzxen|a1Y--?x<$c@T~0#df1J@_8z9zL zAST&lm`z8Ab$Zy4_r$VT3QAo8UtMAg@39R=)=1<#pJ@n0o|5`51`gH+bsBEdUXj!P z(vHH+!bd%t$#v`vSCKsoqB6PYvErwe0d}=tXOY96tCP+P9lJf5D0pf)?of{%SHm5(-O(PP zxlnrnn%>CrbL~hRkzlI?aSB8##8~XS)Prn=E|AM}kkKt3g)@;7(!F?x1W?!&%tg1P z*)zL2W>RHG@5HLz`jBcDv8oHZLNZ9TtFWs8O|>g`&K)}S=~Tt)m9EdZ!^eZb_uoOa z>s7eVfL-}Vp`;bta#6oJv*zB8SkE}7cU%Kmy^L91vO3}^y1pFv>sP-2(^K>QOr%G4m5w00mS<_pKT+c+?v$>I)w@8ue zaEVVGKeJRYRWE2|##RB>T^(9yLSU*77pV*I2_hY{=~+=#HB4S5#c!&1KT+Pw*NVif z;hJ!G5Nq~tLtmNGOQP z0D`rEwPR&~An9kPFMjsxFP^zdi7!Jz)}oOKPLNlluz5>hRt@qZK}(SNh8>jaHu)s9 z^-TGmwc}0}S@rbP+U*$(rut-4%z}DSZ8_J)0=ssBY}e*mjUrvrBKP>pU0_#=Vi$I0 z{PYvSt{}LP3|f|Yu&ec{0r8XY*HG16a<&L=PQ_N@<-rXewQWvj8W+VxUuGTjMu6IyHjTWZq3W+ywfpLO3e}{y~{q&*hDT6 z_398U{BiGks+%I#*vA%*#ws|NEALY;KE||S2D^_rEqKlW2D|FzBFSL}yB>yc#SGM1 z-w0cRd#D$naiJ8l;4DB?U&6ObI8SNv-%Z!O1d{j-_beFM2YKYsHg6t6frnXt9aIIpywXXJp=fJ|iDf-lrDSxWkTT#kWCXfgT-1@xWKEM5N=X zBNaNkV$SH^V1;ubGbJzc=Dxi?n@S69n2iyd0n!{9oQ|6d*93xR{^5yoiP04}UYqm;*+rO!DAG%@T8HtxTP%Vr?1GuLp>& z9(khGL&gS*&=<8~Xw;z~`8 zOI8jK0l5eH05JS@mxd`g-`c*n>`eEk@>IxjklMHf@8sj3%5ljU6#@h|`j58^thv=Q zSYZ9PFvdomJ=ED&!r1MCMs_slp$+l69jh?=0D->GL*;cv4>p*o{o?e6m%slmc4hdJ zH77?{JHpyCKoO}8)=?kl`?(f+vZFY&zg2pwg!%xr)VcpZ=KcdduJgPS#wi!svD0=p z*=*uXbBSZ`ew*FwZnBBvBzEk?Ep}|lk}O%WtlmjU?7jEi36dZQ5+r)ZpwFNUFoWs6 z_qq2@?*$#-dEPq!p=u}J{{Fwe{A6+gf)q97+~+;ddCmdm(s>0zXV?$6CuSY-8I(Of zOD0exBddg6t#+ekhdEKMP-#2FK35F-6*qu!K(t2kqT%lp36 z)e?bAkD_9MJ<^5fZUbU>l@si;(*m7zmnCANbb(M}RjZp~as}4Lfzn+jbJ-XT+(LB1 z8$rpvxQNq)4X$2}Fb0qIL_WT-m{?e}C#lR=pKyrJZgY*ofY7m7DBJ4UV+%Axpb-Q4A0k{>|T}Iyf{=7h2 zW?IIOw_;RAO+LFpk;nm$6M@8dke;vm&mgGYAjv_*dm7^ws8&oH$mEUk-f6^HA%n2E z!ZPfb!Yo547t#P$T+&5f`ulo@<=d~g7+wh>re(Igh0g(b34GyuPe&)_-az6Q?6zSL zM;mV9cWf~d&Di552PVs6oGLQ}!I3agT7sYoHeg3D-?-5vff62_BlX2Nl4odmBFfIi z5jM%uD?36WEg-@!*+mkWi@86#OEOKzlnL`_;1M3*zd+%!Uz(!}k^d!Fd><3l6(2Rm zZ;(m0c(GF8nyK>wZ9j2C^yPlCSp_~`FT8n75ak3g;nkuX#~}<=w&LJfKeyD>Ptd2 z{0zY#VITc!e?ZgFuTTAtG(rkKSBx7(tklA#6vCb;3)If;{6 zU2waIwK8mHa%ElUN z^07Tk-7dSJ=Zi*-D?Bf#UKA~#taQ7}-a=@5>7Y@Wu#uFc()m_g;F!XJQN8yGduoC2 z`=hT6PsNLsn==~%0C02U>Of|o;ubmDUIw)htlZE_1?ztab{%m@eQ~k;PNlam5oF*N zqWSqTt$oMQbLVc>W79O4nF|*n^g*{~gn@;X8`;!t`(V&|mC6c2{hx@K>c7k%+cLUISqPiwy4oxMhDDx(M>A5W8L28$!u& z?Bb2o+!9~FzZcUa))i9wNqHP1$g&O;UlJ`tfXg^yFD<#2J?Rp~*x-+aUl)-NP?!N^ zf%v#d;6GFR(?lf$fiL?jiQ!{}(G?bZB^RA8{&lsQPZu$6`3_p4+Ql!Ie@UF9vb3k= z1Sv6mmmXP;1O6Mat>Y95fL%2Ho=6_B%V%ccv%K^0nVXI6dUr6K!<#B?2*!*YW@rn6 z%#sIk;0WGD^TD*}n?rvSa6Tj<$4Ui|7xXTYDG&(6(j{E6SxUW%qW_(?Czy*EbT}A7 zprt_JI$pA(&}WDf4%+>#a0}>5ENFFE!)uP_O%Zf0`1q8}VQlJ`fV`A7Nm&GWqmVW7 z83UKb?Exx#G4z);yo9zDF=$1rK;otQ##pS$Wdrt=g^1;Dmywg=d|q4&pf(P8LZh?z zSO6n^7J@@dvw+$djrWOXpe}IO6P4LRW3~|fK3sV*I=^U376$EHlh%Vaw3S)mbRcI^ zWuI{2{mZu0sM}=)E`cx?oo@wq0lSR%Ww1+(FNt|)DD!6y8nWs9^lWx^(U~ks%t3%U zU>CZvHZx$?-);(a+rttE*X`hX0KQHdul0+t>jK+=H41DDGecfnBkU3vguH~d%q|BP z%c?RrvunU?jVdw5E+Fh>VZ+O4yXrztn>te&?>LW6)pk_Em)+yXv1$wj*W0mF=tTkIdx96VEX{7Q{Xg@rN#HD*Lj zeWG}>!vq80VOn$|C}<0V7Tzi`g3HKwA0k&-N{ZQ5VpdS4?te*=SXTE_g$Q%+r(OK3 zVHcPS0URGxJAdOlc^mO%5^rM_r|_;e@;Q7c^2 z@}EN^P1rQUa>1V{Vk5D!duZp;Q@!J===6d;lET6QlnF2-^Q3TtU%(p@OAw+!f?f!A zJ7+F7E3p(sSfqKzvLy<3M6AY%QnSQM=0w?y)wnpQhH20j zWamgL5=EH#St2=WG>@Lq97&raSqq=Ha7A;dYzmi*ToGh~PC&$2+Q6sbU2EVHhH#S6 zy9LVq1-;7`^g@Azx=5cS%@TP7EW_@yP;7aOCT_PfZw$3Q6nf1;>SUv$_Tm3bm~9CZtFJFoMn{FzxE%JJ0nkb`f~x*AQvW`wtkrnrDz z2hJOd#rdUt30hntZ_)GOk&3n=2zl4gd<~cjBLUR2@(IELt-e)fzPoP7`Ibo-eGK7Fo_-xME+*L|6=uxBm+nQw5~u; zvcX!tl<*hu0ofs_g0c-K?$}}=&gM&L7{Qc)3~+6p7{Ms`1@7nJ=xEsp>hX$VFM5v*TcUZoM$FHkRF z*Csi=Wbs8V-mJTHyM9b>g@!tuTf`qFj>zx`0A-dmmIb9mawmGwfA!EQ<~q)bB65RU3YaS}6x3t$DQLn2(x ztGEo(Y%w2G2O!J6zl2r^9T#zyVXkPTwc5X%&CrUC{cHc*k<(B}ZyT>J%Du&IYr;$;LHei5E=3lw-mHVfTUvyVTSI zbIVx#g+dH~OJIv_H0pLmz!i(cz3iflp9V33BsN%Z=B8zKt_@=}GuLSf!;K6{ndo*q ztXzkU>$HWt;Q`@_NT4KhMS5MJcS+34CTy(FU4Fy`%b}_o0Nmt=J4G5Y z686Fthq#3?>U@b<7{k+n8xi%tVxLPo50WvH&W?4vtVGPkqr#U((F7BmFVl`Nwt--G zb^JS0g6KO`@Zv1!(d3eqMve@0LOD{8ad;%cfnb*`(kq0o3CAM3&YB__ChVQH^79s9 zhA~z+K;d{b4W7Zw;pl`nB3fPQ4$$pdIJ}7gC39vDP28fvn>=~B_Qa)IaIJ>K9g0@~ zB_p_U{&dM zE5_B!B=4%;?Snw!KIbd8b)Xl3ZZQI1zsMJh13EUcW2qS=KJ`M4k0KTr-7YCZm*Zvu zzI0E*m&Eg?;nEGZ5$D`IRE)sEKyDUTj3wY`dCBC9tlhr<@xbTiX1uww3p^(M1!(y-5T6akVDGSizd!y0)D+{7g-m#v zMWIvt`_%_Q>I#gC&Fp)}p5l|keryGB-%V4j{4Un*GI~MOGthsOXb@V-{T1)E%=C*G zC)!{HhGNo~D#OPPRD;^$JAUcf*=slLp$PU?*zFnbF`Uxy7RBvq7O-o@mRbzY75wm~ zoynpz0Vju?GnqkF4PFAKt3fKn4BpJFK$-z_vsAI1J(9Oaat=1(FvRluIQfU!!v$x! zXy<77jH4m8;LxmqKrlpeCKT&-8SKJJu?(I841V%X|NEo@eAsE#M6SUbB%40l( zxCa<4sJV=i%P8F3Z;y*hRxzaT-WXdciZ0Vxht?5T(i5JD|;S z0^~5v3@8~L5xr=5qa!Y1+>WJ*B;<6V!jdhHZa31XcQ=@PjaI-e53NC~$}#B-CT8G3 z29g0p0tRT)W&Dqp&`2~!ixIOk=yu-$yDJb(unVIzg54#dFpF)mZZl$vgB^ff6E-H` zcm^>8*I|X80aSxPfa~CUT|%D-yPz5zOxVC+cgPV%lS_b0-R?5%vR0SDZoC4!)cMj) z2LI)F3efhVa8ZF>qF^epOJ0%7unV36;0v|$O2fMvcEx9WWjnB9gs~jXCYtFm*kxu8 zG+`syC7lCtzL>V9_3%*V;2oFI^9YBhZ8rlYz-Ms?GU6yi=v+ckBMiohPER=|a==)C z`eMMYnFr=#KVr_zXH0wopJ#t|LG6mwv<~e*ef3UzpDmc+a|?*nW??6^d5lpn(F?4{ zVKPaAUDnc){)}A%g)4d2@26zApRM_h&pe|hSZ+2J+vrieptkq_0_>vm#dJ%AUB>WM zV3#qu;jS5WSIzWl!nyF}@-SB+jTDzUWsnN#bS<1|S zpP{@p`i*#Bm7S@AGm&@1bB<)%k;pjX)bKJ9B&3Z@MGimTXx0(Sh=pqu3`^lwZi(g0 zahh{DxRR5@?mNqd0P?aCH1O9D$!moi3Xp0>i-V&i$%o*bg3nqCKI>XOZsZe&5Go~h zyZCsj!fEumYCb!KZWk3I*%FG)(=tdLrxKx-A*|SPfl^rMc11^7bi3HSBG_fySgheC z*agne($*^2m9D@p@)=yhsGXbgB*2`&C&(0=9wgZHHkbnqR<41<+X;3j91M2nSHUhi z-3sioeKf%C3b!D(w@y;}D%iw)LZv{Suxgrie zIxdZ;g2LfpdW!=1LhpjEmL-l@V|kPr@3~09OjBA?$=IT^7GcgRpmm+I$8pYz8@Pyx zOWy4s*>m#Bt=3+RD};DgNOx%-f{#jS0S0~4DF9y6FfN%V0~ENEh>p<}%&kn=NaVo2 z$>6M_s25RKw4hw^0$x_yS2DCo^|{RLu3UT&$*{5x_kl_V{ArBJBr-viM#Ryy(wGi^ zcmTa56t!$wnf4~=%uebBT1!im!ii!yUP9sB%5)B(Vwb=XyQ8dwM(}M0WAr(DYR;A- z0VzKG2()(biI?Bna`?=(%*+y`Ail`7UnszSAsC$wMz9mimZ#B8XG*?o!Jp0rQn?_C zkhcIY9&zFa&u@4e;vN8EAsAl>#&7`#IP~l!#t>UwB2O46`yqV7`|=E{IT1>x5wsq}?b!3n@C~M8rr&>Eg>MM`hp)Nm~3~rY%;!~;SGb%o-60#~>aAKxyg<*JCt1D8vtGNZS|Gi(>eWmp?T8^N# zSXz#ym~({SkS*8p8m-Kmkou6A6C3tn{vR1}a7uR!%%Ll_sE?EfoRKDjufY^(wDOG> zt_fReYNx^#j?XMo_S&?_B21U4g9XO`l7Y?5$O?z?2`eN6wYSUoTL$vtx6LmgM+kT^ z?B+U+o;IVu4U1|fuF1f`ViLyZ?H0bv&i4}X@;zW1aN!{21;b0KGG|oO@WPOnJ>K_f zSixVAyd%!!u#>gD_%CD)FHO}L=8EGrdQxyZB3pD3d?9H_Q!Rt90%-dVeBOU_TU&sH&(W|ZzbyIqlIcwe^R-Lskx=yoev zge-9Ty(Hr=1O>LQEDi%nZo#NkoQUUfTn(W2gufbLZh<-PFwTL5y5Lf$gK(>XydTQt z7;JIa?myX0EPCS$9zZtReIQW>OjuI$jucJL0lV1+C>dg}Z`^(Y%faQvNM=3|EeFXf zs~7<6#)vV%X#j^o4~Ax0oGl8$3~XXx`>@pXS4WVN*{ zY9?I!g%s^CBpm*=f5I{aAqJ!qk55c4*Xw{pR@8_2d|5mq(0Llf+#7HEq%2IPew zDf3`U6#4wjuu6aE>}4FWhE+DGq@maiVt$wa{gtu;LlZO3& zsA$nB=B~4`3S1Y6VZgX70-k~T8}vN}4&!d9bn`R=#~4lQbHizBb(ghb)ZwlQLtqm# z#G{F$Gir6k3o)t@k5m-i$XZo~T77nh1N^Ms|O3_}Nte<)g_0=vr{ zZiU+g?21Kmw`JJP%)tU^kP4lFc(Fb+e_PP z#PAM?u8&jA$aT`gDpw%T+FZ5)UO$zY56;&BY$^f`{Mk+>;6_Lj> z;1UGG0iJ0X0KQN)D15+N(aHEet-i9C&0rUp%lhAC*k!9M%dpEAv_c-QG2<2xzQo=E zguje!z&)8@7j!|^3`;$}q9G$m1L}kDV1^0)QNTbPo#}!%O#?Sjw4~ehM>lNWd*ND5vb2Cq8g$KkX3iTaU^2#K7l__v zYbkCVrJ+^G6a#6noV0lyPRxagQeb2PoAsf$Wv~k`LUjVx_Q~*~% zqf1QTD5H<0dw9-ibr=&udps*M*biQ~dG2Pb!IQ+4j8;@K7?EXd(G19L7mzoOZWkMC zWFC!XnF4so>2%f>MfZT3sl=cGdC5zJ_8=e#qnU(Iz?azCutI7HcVHT3lrYAiSsB_@ zP`BZtFP9;panDj_(S@Q*O^6MZf) zcLjDw?EJVh0-!MP<*8s!gx!W^*ljiVC3+8XAw<|^%W33p0}UC?(~v7cuuDDf8X^-I zy?cL#w$km2x`)~M-24(>n$w1316FUBG0ggzUG zM_QnuV#rG*Z)DIR3^@b5XmDV)Xm$P5Vt343V-hnu#6FB*7YZo!B(iukmNhdu_zAJf)o zreCc+f9LMW>o*3bG~qnv5M<$+>``Dh$k+haua!5HH@ZRzUe(Y%k(~&cmQsr3=>}@oQKOY9WWQaowQ&ItAO@qnTpg@3i zAx-%icsSYaoKx{ZO2C4B;#dgjYa7tGM3l7)`D2u=gIbCdcdP2oL|Eh4xikU>XJ%f9Gd z1EmFbX1ca}D<_M-I0yRS2tRypr5SB`=iP#dCxEX;~`80DLi_>7bfgu)beN=uNK@WyjkW+QM+&h;ye zN2{t2U96I-4PG4IA~`#Izv7Jxzy;I-c`Li>428wyD>2%d9Ix5Ny{HnS)d^BK%;PXF zHp1e}O`Myrl=xA<|K)N77PYs_BQ>(<6}#Q{trf_4e=KIMH zKsuN(Fd~v|1c;u2bgKZEqR{i=2XHT8W-Bh*WdILevhrCdz=ZU?kXhiX|%u0<`FXPMHy-SR6=`nKzzZaV7Wv3(4>cxrGn9pRImHMByOO z3(F(}ZKJV!F!>_UowyATIjw7K((1MAjgP0o3zd!*ZN}GV2XtH0Ai$r2eLq3tv{_{4KIDh@ky_Ub1R0qBHCiF zN;GmLQvs4LkjKFC42`%2~hE=hZV~n2Kc_y zqW8X}VP(QL5y+rO9WBD{GVjA&i0F{=F4(0xTL?1Vyc)>s&tlt+?zC)~0ykS)T4S+5 z;Fzef4byF$&^A=Chf5B=3GN!x|EB`nza1SC6{YP0|kb*1s1C`C!yUoW;hLZ5?rudHO4%U z;))h480%MIcvsrVRo&AH^1d&yu1FnLnzCOA6RUn;MgN40`%aHc8dX_-6W5N}ES@cW zu$X!XlYQ|86na>;-Ub#G(p|zkbg9fOsL18#p?vZpmB$;yBaC`^1b4yy;f@s^RZ;M;0cAjJQq$T1JSrY5(`A)At4^( z<3TPK#3P^Z3u#0Lc?BSH!W)gDd_vmK=MX3Aj$ovgbVcG`{1_Jt@KN!11%#Mah@w0~ z#LY)NeAE|?20{^kIN}vzo@m^IKZlR|xI}=9`#D_1JmI)I6!&lmXBc^UQA+?(cu|cj zta63bz8JH%$!h&sgFmD9qvuVFIXx_!hgKnI>zCOEkY@{EmoCzXUS~1Dv%vxRS zN_1I*0A-v5ur5(pTq4+oaXEH?VR}Qbi*9$39$|$e&d^BKTaoTo#%r|GhF>br6rpFB zpU=;ut4b=|LFgGEAY-tbY_X>s&CzB!l+GL zN)hdakjCc2WRnfn*vo^47okaDewXKLkTm3RaKMX-y%+2tBK}>C4Cg>ni}EGK=s*MI zMWzhCl*ykl`Ljk}#vI67gL!KpZ|90u$Xt9$gExv0D~lgFW(l(|Z1D$Nyx`!35w+oZ zUGx5v7i(MloT0Q2$FWcjVsbj8RUDWwbD+_jh`*J@OfrPV(GSB7N{%7hY4p5o1zv<* z=p2~BOx#DIGaz!UL_-`@TMLYisqzLZ?<@ZC(_c>39ui6KZ z46A;L<)2p;(!{?W&OJB)QSvEnS`Zk3QALA~n-=B-cp8Hcfw2EB1kf4XVU5+TvpVe_ zUy$d7NL1jXAwaOpgGYSn2?V{NU@#&C1m4ew{Tv?%M_BRxFc%1OK42v(#0T(8Jm=$i zUpS5+1q#ID(L+RCe8kH|{rG`k*dGiBf*c<4r@KQzPdMlf22fsqAmGRUf^L7n?)Ta8 z>F@^Ko}kO)cY6GIbh!Nvm)Gg`+1!4!%V+T*L)t%KuuWRrPzb;ZQSMGC-ARo*p>o9` zp(Po(eX=GVc}PoQMTPtWBc*(FGjQ$SVQKKt?%yzauo@2oE?S1CAITp=uyu12b)?ki3j! zV1YoQX%3MLl^tT5voSM=3I)S-9xD+Q;$jJt@rp|(w7SN+T@dF0T%sD5Q<884q*1F|}fWpL$sJ*f&`?$_Ap|i;~wn?2sWpK&Wh6#;UZ?|i#*0$dMi`Q?} zG_))9jsOD9f+>3-h3GR2am1uTBUecp%E2^e+Qvv;+Orh$Hk|3=(DxvL3V~WwBGt0=#|4BE1I*_Ve(?mHv10sP?hV7p7*^e+$(dol~eZn9k(m8f6-Hh zISJfH6QCIRrvO{gMbg?Xke6oV#GI1950H+$%EV+E$da6JDNN5q^Gix=V+O?muOi@nB?IXltjql# z_Lt!V-pvoZhroG%F6jMI(8U)8EVH;Se_$IUdA6!24nG1B*qE&bzr(6gd-fs2f3i1 z3kLWQ6&C`qb13}3fZrGN`GWpnFcb=e0)Bw8m%ici27K;-*XeP&Y<8#4WYb$6CWl9= z)JPOMnJpx92w+zy9T9~yszk)uiY$!D6)GJrHC`gIKo`h~pj8Ok{Ut$^SgdcOL)n!aJzF9*q(=Z`RpvJKq3VM_bkl7>84DuyTA&tD_)4#^WcERFL8lZIX7L(FD?Xg zr4eViRqJU1)B<+R$!1f$%@pl03f-n~kD2gZV&x<-gmgwFjzqUJf#9DW2YTU9pFNC5 zSd^5p)nSMnNXCGI)IlT}RyV?AT81dLN*WtsF6`1pAjWeKr+aaEEL6PTi_MQGNH^ z?fRIWeW0n3@`$m>iu@Dl|r&*=2PE?cNAf)hJUSp${Ytp)^#$@Zw|k z&k#J2v5p-5KJzD(xt>%CRPQL z%We#!He=48oA+ly-R4kk+JmCl7?$CNXte^)t?p3F7mQ~MOJ2To{A$lPAKmYF^!b>-*0h_{I}Ezy0K{r(Qq2`{?zi_F=6h7>bn>#rZ_J94qJI<#e=| zjN}rbMAYR+*Cm8w$k~m#W0?T-WVw%epzgglPkzN8~R0#UTbBq|Wx2nixk#4c#S%DaEdYSOLFy?{yrON%4Exh48 zgn%e`Rs^xxEM!zh+l0z6r8BDyW~VP00t0~mOQch|Vl0&tl35{{i>C8Yx+VsdO@(O~tdRXeOOVq>Jgo5_Hp%;v8R?ju)q+xk4;k zNM(zeY$=;5C$srzCM9H&LN*=A<)YbKJe9?7OD5CFR4SRqAC^vLvZ+iqlg?x^sdOrl zNg*}|zbTSVLwf$tB!L8(u7;H;zda zOLB-0xf27nXty!kp%1oWcflf1s|)JY=x^6Lwc%83dI^aqxoMIy6lTgm-aH0tXkLM+ z<@xCn6=0V@_PvE4DiQe3!!@!vJzbbC7Z&EZLV3y;?SYuVfJKR9t0mcDUWQ$BSYiR} zay?c7u**AE)ZA3fy7L@WdmPOKM*S5Y=YMeush+7vmJ_5$Asx>OaHmrwhMP#uQqqyXzRY! zE~)M8x!2v()YsoJD3i!Wdxpmc#ufeJ$_brC@A6kSb$s(*p8QXr`Ln5q4Q&`V>Wpo|BX`gFt(_JH&*d;;2hr%w@U<`Kg zy3;^)h03pt)W}4XvHu_+D26!~gl(>n(wG3dI+YIhdz-@-@Syz<2_7!u4hxPT2S@{* z>JyTFA>j_k9Knb^D7d&7${yq$9BA2?pO1o#4T6;5BA^b?Bo~TB+!)EFEVJZ=J3(>D zSzZdvEd^(nyoCjCZUIlSP+kfn!=k+4DKB`Z7kzZSTVeHg7r4~PG#1S4R z+MxowIMj-Au?p-`JR{q&V&J<{kmb@g8o_R46tGK+0tCB^#!U>ZhFt<#2D@$=Q^EFt z?7iIaK3k;A7;c9P;|lDWgB?a6)MF+-lbBt~&MiX5K(^&G(*?Nb&b$Y9OJyviy-(3* zFd^?;sl=4LGt>Fm*+>C`=M4J%4*dHd9kaySEU`9Yq}?cVq2;!Qy0Nil6T0ltE=R13 zU^mu{@fwyXfVmDHVlr~(W!)}zh~W~65FjxJr~U<{J+1p zX3Zx)`-QJwyjBZufy(k+Pxl^-|h5!TwWhePeFeu9L5>T8wh#)pwf7E zD5`e`ls1pT?o&BKT5m)TQZkqX_>zY&6ge>JC8_Xdj<}|aF)qHw?x_i`VOB#bXzzJAuVR#f;STP@o_tGe1Q-KF|ll} zu%tGH51ecH@f#PO-`{z>!G5Gh_2jxMU;ELfM_)R;`N-XxE|toa;4({dOYEP8#eA-m zN*A)3ToM15j>qFTMx!FJL?oGwU{LRmMZ?)SeIR$YPqY7W!}e1*Z?+8S?4eLBCm>Q2 zIx{*w6kw(UF9H{KZ6S!pgo<=^B#VBRCi+99VE?vXs_+KOndd9v=b~g=be zw#$skVb-@q&EpOSxdJ$G%2L7_UW``qe36vF=2B|)8iU#Ba7`F3GNVQ54NQ4_Qx4aZ z-KBAQ^iH3_?bCbwYNvb3;Z(cadaqCK_Guh$t<$S>c=b-N(FvM0hzq&FI%W5bnSC{b zQ@d*i-@GM#yMAI_-PpSN(e=&p%`Fof>POb!m2RpV+fp~asc!VGhT%6GhS%Y-e)P?T z(YNYGHq?!5yf?}U7h`YT8Ch35`evPcedGAsb<(vp-5YOr?W*mr8c^b#>doVhSTNb# zBV!Xy-TgN^25JW6tqMc0&eo^54_SSqPGQU$LGvWiiJ~%>>|EIFUE~v}!(E15HXp(O z4ZRw=+UN*snPh-D;-EKyB3p20ibw`0VGgyoE?{n~#~tf)Be6FM5bHE?9mY_*iG#s; z3;87kx(vP{OTZS*f!NK>FBIm$Es%3LF$|1kD3<3-rG;{F4)uZEE>n^*wgIk@FwmI= za?d2nm@=2q&v(OeR}Upww4Ia;2w3Ag%+NE0J5g4?!xrhZ$2#qCfG@gTvdDqL!NEbm zi*8rkVH3T|#2w=MZSM;HzH5iL!nrWVGLeW89edg1%27f*O_1yiNuNYDP`694i=`B- ztWeB5J(82W6Uj(15&*)xGnkPmEEnoJ&)jLOYU;Sz-gT?Jqo%#>ZdXTZe|MLxzjt(K zP(C~~IXbMAk54HkREja>q{eEo1p^oF-20z@``wR!`m~ zwp(pBv(sX9nhg${85ryg_&mWNfiHM0U%>13`Ca~y%@@`>ed7k(h}Jq`a%tThqMD6R z3I|hQ9!S0#$E^;=zN9lF!x6N-%*mAHRzSqg=m^SfV}YzJx=OU5zMr1CeEp82t4JxV zgBouPmW0~Q~RS-|meIR8e{@$^FXh;9AhdoLVpd+FrRQ+wP0 z`L&Bbc;gm^I?Os6NT{OLQ=A3neT%U^x!e|-I^^?NQ1PZ%BEus;;%W3-?Q*BD<0Mh#?? zY!{|ok$33oRx=D@gGo;X;|G|e`o3sy<$CpI_R4R$|J1E8JnZQu!SZ{GeUmJNuovS1 zk5AzaSUeLifW^#5w8BVG3KTpRC-TB=9$m<93WrRgpwaI)`$Hyg$lwVZ{k%CCQTsyuCP$0P ze!5ff$iZ8`|I^(MKD6yqPaXc`Q-?nO_@0mbWY;I2*!wF#-S^4I_dfXO-cLNT@4-j+ zef04?A9-T;1CQ@{;3xYZczpjyf3ol6kL`O9^~nAQA3gAiCk}n=vBPT~IlSg4M?Uh? zBlv+eKi>Ayhc&8FE*vrHnw&ng8o{2-#zJgi(J{IG7Om9 zGFzBd7+g_0wu)P4qQL?YjFn(q=3Fj9?Xo6{jp#)H5u?Rq?kL&CV1Nd;0Sg3~x9n7lgrTlHnJ?E=|>#)Pccnc{(#aCzKbAe6HUdY}I(%k=jOJ&tY#3=42fZ3|l}x z2=Iqwu#1M5V3!go80@0kT@AY{X%q~0X{5&V3~Yyj!LHcnu3S`jUMAz9XU$uQB3|Zp zD|0q7Dq|Lr%%!Xn!d9`A7em90*Bk)S>M-J*CVOx z?riGq?3DKQjt&k@jK~yYgA;_j<7(xUUNfmt8=Y>PzfN4e@#X*hjo|NZk{`o`WP zmwZt!9P^s2YOBrQbUM85fX5Z`pxbqNy>6Ee6IzeW?Q!^gXm$fWU~n*m!>=R2smxC4 zlzvEQm^6Eg{-`mSK;VkjpA`MknSlsf1On!Q+a=hgtO{Fsza;E}TYy_`eBK?IL5iXqAASgCu>nEofSh?)uE50+ zqy%l6Sp&Sm<#gaA;Bn)BAOe!{6o|ht0&WBOmLc>0t9^TF6q~9ipFY^~vzL49?9jW@qLyrBc37oGz4Ri^Z8@p^(qyGRb@@Ig`x+k1>u&MAKY25=qAM3v+sJ zWb@J6-+W@{SN>)FHy_)&ZqM~QZDR_x&F1ui_VEW2fp9t)hkFD5V`)V1K%S3g*EbNlw?S0sNClMUM<`|hhI=Pe&$Qw&py#chk8lze5aJNorT1FPp$cD3uOpz*JxeS%mL@S@UewnrHBMWzEmn4?K_Gczw;&Ra7rjuX*Xln&&UC`Pr$DK6&)P zhj;zXk9V%G8Q1VjK4^q=mb-N=2hUcWs;R%)E~)7mY?do~wDv)BVA#ej!)|5wYz213 zhU^`%y9~Y+eH0tcQ}BW-N>Bry0o%ZEDR86+cAd!~lq<0UyS;7*w8;Dx-7a94_H`NT zwi*2WMxWXn3+JX0`%6AJMC_K}#!#B4hWD3;-TT}w#0*fF?Z&`1fMkHMp@+8DKs8Vl1)5*h@QRPD=OxmFimeeZ zE6kQVUnXx5i|HB2D?Lg8l0a?0<`gS8t5s|RoP&C3IgRqXR z!W4_kDqMW?uo{j`=WCm0CO4a4v$Pt3@hYgnyD$X zQEfC&Y79EN-|CO=J$dcR|MR>5`E%d+{m*^aHP$J!%Ve^dt#+r=?FZg^ zJRlj|J|AG$4yG5di}`IZ42=%7I1y+hT>*Z|WE+~)3@LOICb!1T>HRT%Fo`)E-1w=Y zP^4E<+Q_0G%mY1AGKv+O1;j-_YDS4|6lOteL#388S3tAUfpmq1V3;ee9am;(;u!6I z|GPZZp`Q^$j+gyh-a+!dliQ_6I|?Uk_+XV_Jr2WGVwNLVRmg)_z=}EkG^H)kE;S4( zO*UVU=3OB+%k~9@NHUfw`yxf9CE7LaZI*}HHOU)N&+$g(jb5YDlZ?+U<&l*#Hwvr?uF>g=4&8FV;2HjCS8@jIP7y!Z6=nw3*NkR8k&3V4Y+|6Y^eq zVdaDl-7mcMsesj;Clio=mTD!)`h!%J%vusqMt%w^}W z{4=d|M|yRhF1;64kYclqu%A{7hrBh)w?GJmErz0o7pexEAhBY57AR|ICh zh@!)Ono-EfouP&y`T4u8m+rM)Z|=I$(p4|%Z|v!9l=O5-rM+Xr19CLE{RyapUM`F!zrsd*$j;yQi z5vHJ^m8vkpEdNymU-3f3T=9BE$so?(MHNJ)$k2;U+=TcL29RwzHhpp6#o8{+ZmG5Kd5#$%PdlZ;KC9_en}lHPP)lh zIz6|LpPx+uOf$J$Hd`tHTXXpWaJP^K3YTV5<+=3qYCEQTR17>RRQn}1SoQ5r1@o4ZqG>UH>Cvy0wr83VLnKnQt)VV5`H!hyqSb=$07 zyCdYX2VG{5!{l_EoB@L)q_hNwjovUz_md*#a zb^gls&QI;?`PA;L%9-jDC<``E7j2X+iRuzm2OJEb4r zG4!!*y$@{b`q+-nU)d@7)!jXx-YI!-Yu5vtJJ)P#|LB&sPi$-djcske_14`#e69K) z_qJT>cld>}-xa)lK{DjJ)l zEt|TKdveGTN4E=ZSAss*DRkJ8 zZAQ+Egm`3u8}2ZLx{W>rT;e?wD=p+;$UyV7V!oUM^5#V`1J>0rLMzRei>QSUhh6yX z&f-V$8{h_+FHYxYX0Z-0HG+6{T85@`}&0 zC>bGd3kJI)!#nDRIXor6!x~u~O359;x`FWvb(n^C+-Q;1cJm1Dw2dT6ykxtktoEG=}02& z@Q37DV=s_*LNjV~PPuqc4f+t$O>zjHVs_NT-mbtd^}OT@wF0|r&zQw%G9s8@mvUBE z!j+SyTCMc6?}A+-B1FJl9?Jb2U>98&IfP*zg?xt;-~gxHJTNzsS_~&j)_{O6{=&Wf z??1QaTR+`a)gXf(m?yx4jNwDjFytmp{wpoAT~}I9)XB%3@zl~%90{uBg#>04i&+27 z158U0GUl`SY-*-Rn#MvgpD7fR`C`0Kj+aV_QZZF7rKXF?Qa+MS<)`O`^kQv?;i=cJ ze(NVkU)|nN)8SCsvi4BQ3t_LvZ?@PBMw7u{(P^z}wOOUM=uB>lmvcb>ABP=Rj%@~t z$V(>T_fd7#knO$#`aSgSFAuvP)a|Zj+wb%Bl}Q?Ihlus1;VNL4h4qoM2h-}!VCme3 zoJy}Sp?AVVA4dy?)g{qbhTS3m>{1|8^y03MH=*4Xvbur}H%Kry=&+zS9OXQG(CD-& zH2M*Rc5qzVJ*;jXnyMR7-5yh29aX~y>-JRSnQLQT*w*~<^^I$`bgtRl@ln9&?!E_h z^{v?^S+lL@BRi!JY?rRt*1u+Z&zc>*Yj*Ul*)gzY$KV6_{tkSvd-OAVd@q^bzJ#ODskV7DFnVpd{PDZ*zNc6-c$NpBRfQpxf{c6zor2lZH~0N5=T3guD`o$tF~ z_k#pv?E50OOOGgIROF`Tax+WuG8Pa^Dt~Oy>hCi7I!pmH+f8P!(ZV;8*Dr)@K;B3@ z7+zbn%Np&mqT!7|;Q-9V-ReCwzXd&guMI*U@FFvL9U91~=et-3I$LcOhy(9d*0ZY%> zauTL_ONdCB$&~WBV!l)^77KY?&J=P5XvMNQ>VL~+G`Z#YrNp{y6jH7&Ec>*oG63Ys!*#(#ucM-wNi)aliw8q z-3dtmG8!n3mqfDn6C%Wj$#(>xu|TsAGrRc^3If3WLESFBC?YS9n<&Y*#g#>DT`Zfv<>RaN^dw+#KLskrzz{j?>eCqAm-`P<6r@Nc};)vvLj`#hqgPot>e(yi8zxnT9 zIQOYX4}A9LM|a*G4QJ=W!SL0p>gQj3`?bw`cAdO*aMUHQL%7Y?!#6l@FKTBMOs}DyHTkVW(yHIPm?|j_!F1eMUo*dwNV!cfI?6t zx?Qxotybg&hcL>bFkeDmuEQLLF9H<1LTMpWp3jz$LWy};sff0qj5jOV-ZGI46dVE3 zE_j9y>vmUEW$1b5ilsROVdn9NPA_KWmLlbOIDE^j!EQ9XW`Bz**k}$n0C`P9qeW=4 zP|pj7x5FCiv_>TsAa7IxlGj09dN)JfE^2$J)m`22Qe$gJRs4Agc_AhP?BW^0BQ1^4 zZEDaR5s{b7ftFPbcv_hjj}@bGVCe?T9d-)CE&-d`@H9f|a*y6qJ2-LfZp*cn&U<}> zcY6Bk`v#i_rR}oOzVXT4vGLx~u@R*j=lv;zWkO??Ypez*hYq)I)LLC9J944*ZYh{QUZ}8xCAO zf4gmP%0!CMc*YIsXdsN;%n-+i!y%pvL?fXXc6y>H0l*u_1RiooA)zoiCFAODEL<2} zN;i*fbZwBa4dk8i8Om<&Xt|*bem9|%88<+KDjBr@y7FL#7*)A^??G&IWsSFNej#L3A+2D4u1{MhC zU9Py+;2BdHrE1%aPW5Yt+8$b4^~h@{4qt9GxWKP0sx{v8*V>=odF7EE*I%m|yfT$& za85Vq_Jd`R#5^;|6V=>j^wqu%ScYDk(r_N?n=u~40 z#mKmFbX+wK$rZL}BUu=+Ls(YX_q#7wAi|egU|1iB$!6l@t>T!odIYyRu;<;Y7OS~k z68|mV>XspxZiKYU$6gWOEYl8BUL@_#(Cb*V!4j7=EqGaHU<^i4Cb)=ABL$r%uF(P{ ziNiWOrUgo?PpUGG7%b+nz~^#-81D^ufV&>69arf{Jcb>$2o@P~LM+9_k`7;JLTiyJ z4C6Yd+Rka*QLQhk4aKIyDRpf2-W2!PS;^;iHvHzHo?kgKux4w^nr+P=JJkEJ!+jq+ zI{1lWqaQyq@{xT559|cycCOjkzGheFn%$BI_78mQ(9kCi4?cLH|C0xXK7C;5KkSoy zVPD7BPxU{0PrG}_e_X-u84f(xp!vb&!9Ux2>(?LM{h7yhZMfb8B{Iaqb#)Cdyz%yn zZ*SXrM`OOK7?cd)XuP)!=Moi|H;|GS zMIr~r?NY6Xzn@MY7w`0NmJI1iMt?F#%fLWp#*1nS*42bPRkhFc-RL z#ML2}sNdkd**ki^q5Vc%@14%RyIuVaebnc+4h?sW$^pAF#T1%cxkjhd8!-IUnC)hF z$Pr4(RIZKttN!}C&;7|?{rC_6^3mV@^GCk?_s>1I|TIDm>oxOgH) zg^o9o%oIwQ;*2{S8P%A&N2huex>1uy=@L}Fm@bG6p@I=EIZ>3D9+b5Rhyu)sl)@^& zt)MMZRcPUuR1lOE&je?zIbt0ydxSuZiGLX=vkyFl3n0XSafN7gnPRjuQmb@x_m?l0 z`#Vt@Oq&`BupAj%EbC5TQMC-wzSYSqlve4mN;aXJvIV;o{v)?0-aOj*qnD38{r0ij zos$ZSP}eDcZO6HvY&!qixvpK!y8XSbBZKZsQggjj;R*&97qKdtPo?8nWUC{Gk$BfKP4eDk#izC?vRtMoYA#Uz{pkw3;JF&u^uQ2bpSk_+?9Zv;yHaH?toed{2 zBtJ#*3Nqm!6*au%qZFSuM2cD%Ho^K9ZxVlWQg5HK_$Dj?$)sLxarzS28O!)1JO~CH zv?5_HmrR$lC9H-;xnz`2a(q0J$OMIi$r)6dy%P?8%$x0XrkeHPI|}#JQR|sr{cD#c zf3g13?{B*CnWK{5I@ohoe%8m`NW}tPahfhwS#>h-_h}_J3GI8Qudvz@>d%4M@GVTUDF-0#k#=U@yYO} zPUB-&2L5b))gL^u=b2-7;fRti%=YvQy!z&*XI|g%_P%5LE?1wbYq`-o(kwUj>fFP& z@R%zKQjtbDo+$FwY2}xlgDZAgY!!{|xK^~MjARg(u+YyD$xD%sBw9!eLcQQf4BBCY zKy4o&2wDJ%lTPYwb|eIcn@PAOwBt-~i6G|z#$%%{0f~RPg#~Oz0CvF*z*M(XE)_tD zm5YE~wgADZNcCZ`OT;dqmOvT|FKlt}I8Azn**S=KgwmXePf6`q&+x$O7aMYnXW&|_ z7_0$y!F?d_hwlQ~I^qD|4r{a%R0HlC;v>-u(Ow%BV3)!vh;1NqUWBk!qSz<_J|d>E zVXLAN%jUsTL$U{%FNvb>+ju-{t66jL{x^HQzzjeQsYLqUJsdOft z!(kbeXi{Tybqy;d^Zr5{rbkE@6AvDZ7sjKSs+*NK{uSNGg{ZrhbDryGye_8+|6 zwedpT`U|ZG?oFQRvF~X&Y;B%8+$yi`9I^O9^NWj^3nvnBERRk@mYdJz)9C_uGv>#S zHW*7&#X_c-OOy(!QUPi1i=e`4`}D6Ky!Z0{yL&G6wa7fyKq;CiMuaF#0)%iN;Bh)# z*l2N^9S*(KqA}@Idi9i6HK|mNjZX~9#(D;a`(+aElt{vk>Dp?z6X|N#lJnwK%|JPc>O>&;X4{TQ&m4d{R7! zP{JO42j7QWVGds7$Ves12tg0I5| zce?ZM_SAlL_wB#hSoPmtIq}&SkNv@0m;PYK?cdpU>r-pbf9j2MzqPsg_jcX=y&d;{ zXUo0c+Fbu@Z{7t(`-x3;pWM;<;I8%ucD8+FN887CcKph20B-9?->Uf!+v>hvC4Z?= z|N70*7ccd0YS!%#9rVGV#4)683h2$(e z35$rF=r;RWjJ_6As2OQOmQX8G@3t{Zo_0$JP}}8QrU0{cp_MpYBHntf}k3*gWfwB{@n?^C%`=sqdqg}%jJ#tmQLOZ0=j%xK2Mw7~7HdxIT zr`77RSX@?28GKQ=EJyCiv>VSi{BYBmzkTKSe|u{0mmb~rm1htAVEv`Xci;Kxp8Cgj zHvIGYTVH+d^p}6I?Y}>?{cF!0`p%07pV@l$#I1Iz))q)*qJ>;2F2D$c7r1CF7LCRr z+z}#iA)bQy2)eKo?WL!&s*b&PG;%OV4#g4*y{%_VEtxb7XkBA=o*DO$XUX4%2n7I zAje(`Fm@#&qXzfQLWal?gG}IHK;grB2+$Uoo60+AD+Ip^P=>me_O=;6%NDpREG^^H z?~g9UIp?esDbW@1h57w7T3YIA=>@_Q3#eu5h!MhEyD)Ey&e z?~KDJyvH8u!I|F4cRTrZJKu_0utKGb0X#zi?anr z6^KbaBr8Yf%9eqP)X2_$XtzsEE@)t|4G^RwbeP%i0(nd2+{|ox2F^Is1_7QCSd#O! z8Uu`D4x-O(N5c#JC08Cy{dma8+O4q;OQh2h>$V7(tx4>R>a|A1ZkJIFLNAQc2~Vj+ z&VjA5Rgjmi!Mrf?1+6iD75GaH_1(wDVtsAaGISC8+;UePEQcSU7s_=`BV8| zX~~pa=rRf?JJg%12VOW{_wf1?KYshzBX6Jl&dUeC^U9GQtUdGNjhCO^b!+pb?z1h5 zYKdmZ7)Jaec<@-U#HSJ=oaiE4G>(=l%JHyt!g5rSizfMaGMY-IG7y|*b2-SPGN3JU z1z3vY_;_Z@?Ccy-;DiVfkJ257FQqyFQ+-7HK|NN6fDBF!6r%}~b@E>q_u0grw}QD0 zYAdz!&D9Xhen1?-fvjNRgT()`b1M@ktnd=zq8c+>D7vu|wX8xD_bC7+_~iRDbK&f) z(H$C5XnKc+CH?)9{yy2*ICiDTkj3QEIk`!zAl1iuG>L9QQXZO~jLi(f0G~M3&HO2**clt5n5b?B4;+8!)+;!{a?I!%f&J_h@lSy0%tSec)>ZO33dx`giI%sE4IwJf@FcM%xvMo_M?f;G&IXk7S!mQ6nrAo$_d@`lQBVA7@xHQ@d4Q$-l#LEwR)91jDGFbq-`XW_RlQoxn!Tl zT-DHdrs{S}XCIs(3&mNi^>L959|P=0+-|SWA4Ef7rUUWMz83&^OM1Y1CBSF)K6ZQ{o|>Q z|FQ4hXSd$?y^YoXY2%IGUVr^J)?WG5*Dn6nx~qSFuz6jl^~jL#wVR_4pKAZ^@#crl zv^;&O`N*K*z>wo_ch`REyKjB{tuq5ic%ND78=8FSm5tB5@aDSh`?sCCaJ07WO6R~m znYvTs>^BFb4vwsC0JWq~064Hn2--cPF*~!$C2IlEatqf0TrwfR03VE{n<1~*?K%>D zPGBxB#BMj-;|O)z!<}}n%?5)G^=t)mc1!KKtBnk)6-cpcz z1$Ifv3%(f(6i|{uPu6LUbXg({cEK>`1!2bfE+%fJ_G!#iPjC4N{$Vd{1n?6NO~ zL3+NTfL*cA6$u(L#AI?1tfou`(j)E&j5F>GOk8arxYjvvw@=nMG}b&a(mp2ZnvnHO zjSXm~hV}X}lV!qUSK3`#m&fGsLGoqydOd!RpYwZR6&el&67dKOmZq12`6Zmb!LB0C zUFGByHs6@hHK4Yk8y&WA3Re<|Pj;AU=V!x(IiWZoEzSzrY$zTL!3-}hM3Xqd#o?L< zD`+m3il(wWocH3m$i#svQ2*!hc+3Dua=Co53{(1$5L4*PgA?jLxkjq7E1V&OHE99~ zL=71b8YCe25B}=}yCU-9aRqjP5%21D8UEgHd&O>-Q4r*Ih9L}KmpWg-E|C%pcIlB7 zgABMMVsu8c9kS*j@h|1Zi=t8Djtc0XO>>_ykc56tZqfM6G@hGp2Lju?F_8eYKe42rs4VgM@EV((H$FHh1K<`TC+XiLaT zUozOG*9$KV?y^~|DdGi!Xn_Kv5K3K{qXK*>LDd9kMivQRmoLGmSYvd;%0RBwPw|PK zaJow4l!Oba%o2q5)%}xq`o=p()onxLt^Kkwttp%<3B_p-4-ayZ*Zy5i{^}fG5UiT+kt3JQG_OrVhe{a*RzdF|WT!UeUG_ZfvzkA4v z+B4!_*KPdvS;-&0cIknCdi$?lJJGBFbF(NLpIZCY)}KHB`npZKcOSoSy!zhdmcF|~ zQypqYpUFRD53j&3Vjz|WKdcV}EHKz*Xj@r-t@s@Rb}=P-2kgRZ4CiS;FtNHwLkH}3 z*+Vo;vw}noH=02;kUF;A5N_A`rFISq`e*_4!Xj}4fJ$mWl7So00GmelarVO?S?>$0UBQHs)=JhL}@~1foNe!8c^VQ1wgHY zS(L4=UPv@RHK10Jyp@KRxZR3%gUB|(0f-0(qIZP>S42v;I6R@yoFS`Cpb!qHfF~OE z#u%yLPFOQAaiy&vunS_hWklIJHrX;Z)}pGpS@Y6Ql3M!_lOW%)~OeNGgj0{zjAOcq)_1fNG;Y7tJra z-vUWb%J4!}8!f%V@-CTNrZy^_0c{|r4kc6+bAqJRf`J$NT#;d@@VR2cyTa|ReEH5U zSo}!iQ4~L57Y-#tFnxcSf)LS}dMiqqOyW!YSdO*{i2ucx1l(XJa11x|i7|t2V?;Kjl#fn~OUL9=xpExl07|{PwO4uRc5g!;jH;rp5eyk0VX>1JE6OsDhZ zZ%SQy>QDgnC)7FQLWWX zsiqW!yCc%!p@E^no`J!xfsq3zF1@m0Psgwx_Tes=%A=_Vs%ZQI#vmpXbzT^>&|6^KP)*an@0&13WNeqS`?5rRT4g#~NzydD8UT_ zUt&OCfWc!vfu>QEjtl<+_f!M{23fyT3t!{%kglzU!d$ipu zwCMs}I-lGV^<`$#GcYx0X1O9OyX@&Gj>nj@4FNGx5bWZ^yWM3P82DSH_81Gsu+PD7 z&KG71)3b%Sh4k!VATy&4rG~7bPQ4Ef=q(2Hyue&|H88sdO!_QBC#f3v4!b}Mw3R0f zFQ^7l%uCyAjBS9zmu<2!$1);$D?4ns=P*^TXq_X{y8vI2j==Lv>%!P@v+;utei(`w z4=KiE4z5G%xIH+@Ft`79pR8$kqIFc+Ha^)gG0~@*7}QP5j4HX=2x5VJm^=Y9Ean1& z6PY66cu+`&kZ!_pL6|$I60uY=9KkMc7|O;BsIX)%7E2~+2nH9@Bo?9)nM@>==296x zoe3u)T1bTxFb&Pb(y3T7fuBue(!ktgHVxQ~rqi)>E>4w=rLyr%9$yM^_(`W=ftt#f zlDT|5m5P(UX^KUBlmi^6)av?2#(KvlWEhe-11euc8Hgjc8fL)=&0GQ8l~(s%C@i+a zE1I{wEsOEbFdobl!^sSB>RecWkOU_fAK5@S+#ZX=W3ssn z7MsRsP-$Sdp`27qj=^nic(8Avue+~bCRZIlckSVyy}Ikf&HgDr7*$^e>;at#U>{6Y z^ay7Iu^WMOp$yEmfoFh?85@P!MHq#UmX-sTbzq_t;T=UHF#367Z<#(pJdRM|MG^0d z09k0XGsbAv7%i9xb6G|;rJz$fwINc{3nd+bQxWUOeDOU%XHQV6HI8e|V}7pH9XK&K zail|bxqqr&>BOmVES$&g{<#7D)5mK5`h~4udv*Jsd!3^`!5&ZIY)5JjuiX!)JTl93 z#S;Q3%9;6Da9^<2gqv=*fR6!&aoE3(CL@sq05-;PF@J#f1UNTGD;I9w=jO=GJm~U~ zna)%|81_LAz}+^54h>shX;eO3HT3s~8vn~%mwx}n!=HQY=ojBQ`G;?u{P!=P{?(Vy z{pu@KzxsUDn(y!V!p{#JY8b@5-0BZj*W7(=?S>a#TfgJ*nPZo4U#{!E(>K|wuu2SG zqIX?F<>1TA14NkRJ0-kzN2U*~m~DdOKo! zOppu!cEe3Jq1g%2XM1LgpdZH3Z2mdHTt;;krZ5LR`&r2eW9255wr>ledrg$%~7 z8e=76B+YHq>f;l%6w~J ztg55`T4#T4zpQb1v}t&xd1SPGe4=-1N~%$h=(KW!ams9mU;x1(W>47aPUUl~^G(9KAHN;QDjcnrfjAl3OvPR@d?|AjUKuYKeSGie#ONjEwQ|r$+OO1!Fb-b{r>bdA-rb?(8jJK1_kpX_Y<+-`i{Gyf1o^6;| zf4=Wzo32J`kQv=Bcn;)>crC(|c);;Ik-PB6K)37kc+C!{$!0fLtQvzssZmc(DJK*Y zqYQR?2YLy1$CWo~Tb_M=`}cpk{=kJcl`DsgGTd4$kqq_&F;b)CX0lr&4+;l^UDDM; zflKJgNCWD2MOhx3q^$y67JE(#FeXSqIwWDPc%Q??eb~hzgWVA=vAhvfeyj-CHPLD~ zML8hKo;~X*$|H*<<&c<4Ip4208{VA`S;+%{J)DXCR51UjU_! zh5+3ItjQtc%cnCr41=M-fzSjWlSnwkWRVm`0j>f*BzT%VE}PqBbh-3y4o!0A;<`--PaeE<>wI0;tzLP{q(uS*vX(nB>0_ zXTt;xBvc^RZ-&1tW0&L#P_@z{>=!^Ukb4)LWF+D$Fy;1gjaH$_7C~TTv)wO}0^5tccSbu@x?Muv`@!#(O=7YC z#rG@A#B>~h?1KPz&u7*wkV&%DLR+&g+dd0efOxmeN@q} zvA}3f;Y&bO2JcD(a^qL^yke^>en$k~)sL%t-ip+W&1A$SH?i$yf?u)Q5hA9A>6LVL4fJB~PdN#vz6s;u z>)lUmy7tWernMLQch!zmNv+Bd$k6!#UEubRX;01ITNm0c^jk(kGg`hhs=>x;1W_nC z7~eoyhsB?{Sx~$&+?fjHWT~7jmvf~8QViyo7GcQHId0uwJ-oeIeojUYwzHNx3=-kQkLQbPoi1JDIn z$Og^LB)256r4pSvSFY(xcD4|?1t=4!!(HazD`QVQ^A$d!0QMG`3o?Ny1pqEj`Fps~ z34r5iduqWbpy7q4Fl`8OW>3&)b&n}DDw{_a;0AO?nMQB$`nADG&A9QUOD%u-_Nm|f z`QAT%{la%I3~lfC?CrI^eS2`nz3y6AN{4w*B;pGO>~_1&V)uK|0jKeiha#1wf*Mdmnk}#)B`_eC&xcpLy!wGbd{%eGz!~ zV8Z#@8=Iee?)A6!9^HGP`s}@q8$Dx9a#Od?JpkhfcSKZ?l7In;lNhOa$YWsu!8{CV zhsb82V(pD>0M^N2k_H-+XJi5kXK+Qa79nx+5(iRpIJg?%bPh@ZE78qhO(7ry>>B+o zde?x>YvAKtwgg{Bw7PjfBBTp!q=x#inb|KxGO$03pcdm!xZw~4&k$9S2h#?g7d0~v zRf9KCRO5h;P#**GEtvZ+VlK@Q=q*UYYhk$;_z$o#wxI&P)bJAL3pFwg*|1Up=7Ea3 zePSEl1HNJ-%oM)jkd0^u2RG#6WMFpCaa+B0?!DD5xz*i$ zx39NJCT$%aZW|u$8YSO@L4|I3$~302PUx))qaD6sYMWc<@EMSu=L=c`K?|lXfuKDU zb_RovKmZ?BI5>J>*NA($5cR>OKZMx67$Q+U5#ARSd@;cr<9u<>ALIQ|M0g<$P{8pP z+yv~kBIvv#2}D^TBG88&HN*u*;O!sw!;w3l=AluK!sH+PMgrxBjz@@vV)!!R=XoHw zkV@f8lh-$_F?Nh8+vTcWjcwExob*K1zNFTl(g!P&hL!Oe(vC%W!wLi=vF%+zT!COZ zv?6w1L|f{4Me#2i%28K^A0wS_f~ZFL|FQ@oYKm<_7Ok!;0jI>G%I2$Y>$!gGZf#wC zeM4PmXGecue{XO9;K0Z@=7FP{YxjCz-BbO@#v8An8{AkmaNy2Bw;|+2LVLV07OFv= z9^<|Vg<@PjE*p`8*p>A4bx3+Udk1S9y0+{(_YXgKSU5XmdGmV5*4tfIhNgOqZbK*r z#~hC{=&^dSWdf#*=IUTD2@~M*0_9#VO-DeS%K*8+T%d0P?`F;~1iWD%$_GOaK0j>VNlk{jaR8|L9A% zKlf{o_%%Q&Vzf-UOjuKy}Em}aoo_QbwSL4ZdVLI zpt(9aTwpGnl~K2g^D*0W75iLq6>HVR9(V#WLFje?c_R`RtYf$?d$`MrFkr5eCRIQ) zR@P{X6(cJ$MUZ4^-$292^Ocy@mf0J}(eBU?x++FQe|1IP;q?x3C*qc)^b zV1WXG6e8?`@CD`)>@xf%s-;rsb}0?MQnb~^V7DK!#4e&25U<%hWjx>Bd+1i(@!E!S z4Xstp9aoy#E;Tk+wY1#s?rs~&M;I>fNg$hZZ9v&?Fw zeuXLK+JoO4jl&Mrg)A0oKw=Idrt^e`H0G93ir4H@TgPlcr7NoT;HVB~^h(c*Pb1Z8 z*k#`#s)3bwT^Y;Jg$TPVTWv%gqC{ge5q7EhVtMi=f?ce}p+U}B;dB+vx?*{>mR%#t ztGDW^uHCvjK~#L179+4BIY*g**#E(y0s8ZN zxs-sQp$vzHOevSZFfE#y8PfO;UF$h2TOZ0G@meS3jPZ<# zPulzuhs|f!!E=lYh0_|$`W?dMA>9uTT>Jb>hkp0DqyJ~?jV<*P!w_jKE`{coocYB` zVWvjIZL62ReqFM!L*8TzVmA`T(s+6NPOP?pHUp`P=ev}{dI~8X@egi$i1WZvPyqb~ z#cvqKW?s(k<~**j2O3Ow(1TQ9m&5tZ4{EgRd{O0=RkG)*`z*Cog<0pr{x#G0~xM_L=?Q7+E$C^Ho>{y94)O7fJ?E85T#D?z@Ci;BdPExaf1qy@2bq zg*vTR0*0S0wh#z&ae{9J>_Vvp;e;cs=ab=F8E1X0NWdnH02gvyCeeLYt$cHZj`(LrGpSVx`1WP{Wa)c=BND9*zpYQ_+VOHIKp*pfj^W+X*1*^-f} z0dqEVyD(~im@LvkZs;WM1@eM!V(qw@Pw$AC++Fer?hZ+RWa7bxqCn&CPYK z9W6ZrvVl=`vt<0xnffPQKJ?Vasx6mCHeDIK+NDw1gI2E(hPO_S$?doK1uhIlN1>cW zjus~73kwMC8ds`Yy81LWPi}q*l7=j}1<;9^e2Ro*1?2Zk=aP#H^Y%cZx8i&9uN7+kwevrAzmr-CFh`q&e0kzWS;yI)$QCumWc9G0oCAGeVQS_InWQk%~k?hC!1K0u9pipnyqq zI1mf?1UUV}dCy^YIqeR+&1$!rtY(8ruQlq_M(vbNrO+y-)Du(SprjM3Ho5wA&*W3r z2fw)a&Zl0y@@sF@KKM-4Cm-7T)i=-7YXZ12463bf?>zA6&t6=+Y46^XRcCIsTy2xy z8`iW<*?WxMK?jb!G(#ijZZ`f|E?RSiTRAXy&=IGd2z!E5x==5G!)09^CE%d27J;_c z#rI$p*bV^$*^EIK055Y!mPR1TYDX};B{1O?up$vdCkjn1q9)ZpP4^EnLfN^?0d541516JLb7&u7cnlFX~TQ4IJxjWC47 zq8iD_=r2u%J!A`s?KDI(P%KK8OGAnJ1&>_SpT zDHU+$1x@b3Yz?3cQk-wsIIeUJpKa{A(A0Igx%+BscXeBLO=oXycmKWKq56JV!@zLk z;AqRRykl&tdqN|b)b-P@gnmS47&qwUMuXB~(%39IhYbtA0++4sJ@_O*;j&NQ+>M*a1!xjf1>xF1iL1#XreDg{uixo+8)gSb8&iYlZ~IfcJsoO>o;!Px_kFdOKU?@OI=Gl!ERgM z=&`EiXEt1X;?2u1?W^B@W#CNHWcQ@g;0&7`Fr=}Nv#ZAvK%0cIW2TV84Srz}u|28j zIfQN;yK-yax$F0OMy$a|3P#b3ONH6FWUib@<&&{^DVv&|nH$r(kKGwORy%&NN!cy; zy28`3_-vF<^Fa{0(QqgVZ&|=D5*U4fpwr{FqSdvTjAn!0s8#FKN)WqKXmuw?M<=8* z5q5jqx_UY#gLO@kod>V}(?eUo`Ov=Cw%t5>`EEl`AC5#GBweQGFgLRavo--vG-Via zV(JB59R=SBc{^Wpa7a6boQr~&SZ_MT-m@A!(b5ddLgUl(?%{0gKb2h>Vd!UvN1NT4rO$~q{85ykn8n2=a|aTEH#~O zp8UbC>%aHdrr&;S%m3bZd7H#Io?S{VE#($wVc}MspF?D13hCgpOUB$%U!Z(t!nM6_ zVDFu-JAH}~txIVQXgy&cOy0pVsycr5#Yj0FBlO*Aj3j9Qy`ic8niGUWSowV z?51rFn-zCDyWL_ko8Yx+1i_$H>ZT?&3I+7iQ;I3+$hc%=tZ7VrdO-i=CCQi9SN*$J zE`8$XXFvJy?*H-P;cFw#;Oydr#kcFosV84}9X@0`j$Jr$qwz}X&|R6jRcVtLJOhp} z0uZ1EgTM(r*>c5!u;eR%M{05*$gLDLbAS;RFa~acT>yE3znsL*bz&9;dI5YcPVJBe zko|(tY7BSk1IUdxP#kJG3FSEUey6d%gAH{OlCv&Ww6ggyw&6p%U1oxV-j;YAU@pcP z(5S=1e~vJB8eTgKSwJxT3=usz@?}eNNkoLEN>kowA46UQtf4FI5g%~`ZGH@8-lUXi>%7jtL3yW&A9LVdP zbO=g!3_LHJu;Iv=MFCsI3$g9R_eHiBpu7UR;)Up#BYxV^g)u=WFc-_m_*Eh$SVu-q zDdE>_Inj4MHcN^OqJA1k%1JWyZTAtf- z=G!lxdf{;QhVy;fFSIntbW_%l&gwT>T{bjAZUk{yF@E8(#23rNlG#MQ2$Df4F9OSM z^-VmzY5&77Z{B9w-=)f=R;ei)7RiC(0f8l0LbN_%hk@u(P&0!o7W~}_IMVNu8 zfH`w!ZQx#5x9dQw%TH4?i~Ctc5C*!2YMJ3FSw*U6mD*aIf6@q)jw}WEAJLP~!9O>T z@6b60b2DHrpVmc^1|ezWVG5ejb7@U535Ee(upTdHD5o;{)LNU(D_mt>|NWW0 zfAq6G|LMuyf41)Q&UUpjUXEf8iB**Ox$@#nZn2bKm@O|ZKGBKsZlF5Q*!l`QmL52A!9%~jCkNq>Bya)k@KD7FIIK_ z@oOhP{qw`0dSu7vAK!keTkk0@PTBkiPMvxBwY4vA-MQh=$wOCbFE$U{8B#S*TDo-Z zetQUt-9hZQx`ci#`w}dW6t~}w^#=%YQE1W7>S75PD*`cWY0<8hBQ9}L>SGVsUgkg` zv2vZzhna$)7nn34(rhAu0FLi%`arKSsPx7>sZzW&5Bq1>J%jZs|8lVV%a9Bez^3J5 ztVPT8%I72t~mN)JaJ6h zOd>lx;}WB>&OOvfP|OF~9QOK2$UN5ruIp2-PNjHPo?=yu`n0s#&LW|&N* zQ?Pr9W$9OQjtv{|WuyaugWJ0-#{Sl!X_(c#fCz;18fKxcOkV7Iwla`R5hmOYpM;fFi^ z?qBvlzw!E^bG64VUaoFzH2A_;kuXCiE0nGL%rfk_Ty zX00Q*w?^`%r*{0tzpVeYA8q_EZ=89hW~ASnO)QApJy?7I+LrT+#lq6u?9$R47#?JI z%`9?rOP1W+SSa19cVFtCI8fKM^Je3zrp_^&Gg>SpF-ul{uzO#(`@u{E^~|&x zLEFIC1p?+`JE)W`&Sr~%`9)L)2^L_HiO~SH0izvwHOysZ7r4TVQAiKl!`%j?{`iqQ zghk;d=#62Pk^0C;F(2G8+L_pz5uOWH>$23nrIxEY#p7H$fx=h>LImmRBN0tS|_azwacgV z1`Pg?ImlbWyqyPgikTJq$`}uCnrJK%gCAHNeqb5`_&k68%GPnky!=#Z(qMX%M5* zJ}_jESiwr=^Qn9h8xtvbGSD>wa3M@DEH4e?hv8a3CnU1N6Pgp}ukAl^@!GwPyOPn4 zal??_Bex@(Gfozf3~i~m6A%;}eeA;J<7Y2ixOn+S^^KaEnp?MPn%mLt_8q%i z|I}MYf4KJ4&kr>}ceHtbO<(t!ALS+kKI|xdL0fpsgP0ya&vTCV) z)ETvLQ7^~AJsuDqfc6yH6R#Tz6bQ#0IM�aGf<+pkXj+^qMJ+N}*CrASh2hIx;p) z^Ryu;=4n`KZf@^tYL{HQ-Td~B^MCvOt$+8U121g8vG;V%{!?epR#(fk1{;@#6wE5X zatJGY(=6JK*l?m>z%%egJCAT3*p0J$7;AC~QpKCra)-;FcIIJJd8A)mMZ2%C^LaD; zkHFf~(IjsaG6o@~r*1c8;BimI3z`M&>bR7S%OH^iS$t}%Q)jVFIRhJSbbjWiJAduR z+y3LD+a5Y}uf?3?%Sg8+hH!d*7PL)au2`5yVIyLO)*?&u#o5L5!eV@JNx-NrGcB|E z?v5y{`^Q@*wa!?gw6uuCB&=?_f&q)up)r}|YW;{(ix>-)*#?kH4qv*Fl#BQ`7$V)g&_Ol)KD9dDkl8RQ;KwWlG5-?P-NX+5L z^~MAxL!`~Xbs2(~Nt(D^FpY4j1$3XZGFG0ZRnir1mzq?n4<~s)gk-=SjOYo*S%6+3 zgK7NfSuA3f<}yY2s8it@$h!>9C8&G~bMvX$g+O*%51U$hsLSMOGx)$mLqChg95XD+z%#J6*B)Uy2dXXyP1{g_V9~unVj(k!0e5o1lLG8^ zGuXwd3Cw?+#sHU)ek8oQkfAxF?mKLepsQCIm% zHdVu!IusvP886(Z*?a87$+H(PT)J9ywYs|c=Iz^eo7=jp?sUDh{qnb;Km5bDF1&K0 zX~V_VOYOs>W`rG>v7Vrs(in9{tHol4oYP{2!U*GXzlV2+)5Ch--C=W`M%Zz8d{b4= zpfRcTl)4rEOU)B&4^}_?@}9?E-Miz|?IEoPtp~c_3vCk@x^*{XW^FhV%H$D99O8p8 zH-`4a;j}nh2neyey)Nj+!0G~awI=u}W0IzwRH-MFBw%2eD;<(yKdryB2lPTmV{1oK zM^9Bv^BY^we)R|2zV_q8FK?^ace-ZRkz@N$orF!Z3F;K=Nn_p!o&m61IU*18R(+_X|%Qwy*Yo7GwFq~Y(+X<`I z@N1i%2SHgZ&XutOMQ^q=0>EacXBQw(O3jis6w4`mCg)3K{kdsjdMUrK1SOx-7akm& zywlot<<7lxH)>B^yM4T>=FH88Q`L1>>pKQP9_X=*;!5z4>^Qt;z1L!L5v6N@DF>D~ z^g0;6jjQA%3ixb}PK*tYNu@(W(*7aYK;Mw8rF)=OGIF_Z>g96{UwUNYXa4c^XAZZS zk}!cO?>fBa+YkTnxec4%K6rfZ#ha(@wqNTRtsB*~scaInZvfME8j*o6NTR4SbCRQ2 zKODszsXluW!!*KNaxN!U0ixATN3@-txzYU5*&4kdgjj|^Gb|OwVH%iH6OVO-K2uQR zOZZcB$s&$f3xy(a+&JRHpay0M5PC7KSEXD1x5F-U3smob-4cV{*-Q~VHb@2ry9E-K z0g?%r@i!<>XQ$_rvy1-x4DP)M{%O}bJ52sA8#?yzYS?Wu(EWsE|4;}8EXqXKUD>A~ zp4SFdZ)BzLGy!(I%{(l1(CPwtsoSMAcqn$momxlBq^5mRC7IIn19J_!NsCEsw`iR< zz1v~(xvfDcy~1`ua7JTZETP4dp?C^WIv@dX!bf58EP+!z=INPiB$tcifV>4ER{;J- zv$;5$R}DY^(}lAd4#=AW)H2uwMaW>c z0=27PmndK~%UMz;5jyALyd%Ocx?RErY(qu!dJossGj!RA<9W`rD*B`sr(=|P>jjPu_Xa3hC%5-Z$Bn!U1-(oTiTmDdN1E>d}+gpul~!nZ#;hd^<8)OpSivB z@R6>hsxBQ^A}t6&!^C!k;Gpg@>w<*`)Fh;lkfFf|B!s^6vLgK6hGusFPo z#o%_SlVxs4gtQtzZc4V4IRx151w1QLe1*##_F%}meF!(p&oB8ez8s7M9{mz69|itYU>8jrh+S6-=CsuRA(p|y19p)QiEUuf+W;qZ z@Vwnd|0trS`D`@5ki)&F#1aZXIm8`XP zstsLAjYO#$P^m`rnn|->V>jxY7QNeM@;R;0ha%9I3pu#3i|4!oxI_pINpJ|oAr<~V zMq5}Uh3GpK=hMinj-%iK9f7q1X16i;CIF|gScb(M*pt)uBT1~5;oDgM1!R-c0x`Ln zT!Q#qgpdQz08A2F=h2$ zuBqE~=-B=v$IhI)c=__xix;n5y;gg-UUKG2^D}Rs`}z}y|7G2cmku>WY9?Y($!=egS#TZUxzxK@~*^rYp^7!LlpO>(KEJ>WHBcJB2!JWjhC zJO-L-gUO;bn6yxgsSSoHtVke9L^(A!F@dwKYL4W59;QMI7p2vYDR2DmKnuSrSjrVj-}I3A02tap_jW@k`aG ztFSoTHmXoLDX9X4LsakP2Bs|6n|lvlzIFC?0WQAG`c%`jsy+y9p zDK%PXc9ldijKXVEJ~})+JUD=pMsNQB-Xy)F?cK84mhL-UgKH06|MIur_|7Y5I^k(n zobHgcuU)_4>6h2PvHi&IGdE7uv|j0w)efs$l$LH2G-Md5G4mD|7)VgMzy~sNB(!xT zdI@vmG)ZGs$y;zHx?Sl`XB<2O%ZvcXB0K`P1ZtG&Tuq@aqkqT}()yDy?@xnU0ILf- zupAOiO29g*;&hgwZ~;eHc0u_2!L{atP+64zGDw|)0|QiP*nCGjjqd|$0qx)xmWf^Q zC-E;sYgWJ#5gIp;?WvgszBp@-=O#UoJ}|s`PYW!{DB7K=${6yZsNqFpZ;qfKX#nPS z+6Z%Sn*N6eWv_>55fqSHd6lP3bhNl?wN*?#RZoRD+IeiA}u+bv7n5XQ7widtB z9`ZT3pi2mQV^Ke5Vo4xrl20d*9fc8AGDBd7|Bu3=Bl_Jq=3#IWEM^iVR61GAqzf6y z#Ipp0)TS0;@JjxJaK+7K3J9+S37eMyRzr9q-vA9q?W`UK6{lYDY(!g*8p%!)q zenL>}U-gzuXdw~a!2}_sgRU4PPh&iaf1o0PSMn@A7jyW@;>>h$X>k!9^Wczd z)7Bl&zw-Ky1ILbBzHz0gdzokODcm$zQ~Odt-io9ln9&EbhF})Hl$tP(qL~Wv5}xK6 z1T+2tEilMm9BJXCj?Z%#n4892Fo*njBA@lz*H zojHH*{N>Bnuit8_s_9<8`}+5OcIY3UIrr%1duxw1AGzMtCL0-6DF=aZW1}PElX8Vt zqcua~q}NRuj2f%MX0*F?aK7?KG>&k$+IMG)J1Vihb-r!eksAu7qg-AL0IFd3Zt{&9 zJ!5cLH3i1qQAcJTt~6t&VCSf=U#?Y}9nkr?g}5i0baL2j@nS92hz1M10;cFDz22aw zK3AoYPie*!%8_wwrVUG_gM&kT{R5Kjp02h|w7M;Knp*1HB`2%yJpRhwzy872fBM!J;b}kXQ_;Aq>hTUipH%q);TAr994VS?SY6upMfs!Fm z&<9|Fp9Jixg5iF>UZ&Hi?bhBY{f{=C_>F&f@jF|qrJl&#(gJSucw;UtmKPT1W@qQ8 z%k$-#1(s<5b60ScneuG9Fq=uwX4A8UWVwJCX2_(l7#!xpAYS3o3rIbF?asZ<9*x-o ziv}1X<2^YCJD3^7X_rP#uIugn=NmgN*0)}(Z|NVE!_nAkw$mxYVAWe7Xw!~Of!S4# zf!o1zKQ=TxJRp+}3=Rwo^bSdTMr3^xz1`A=#^%-@++1t_`mxR5c<%7sK~t(YH#$DH zW&56|o_p){O^0`%x^etg%jHh#9hs_GVFm0icf07rU{Vf*#oR331Hc9T0&{I~L@SWf zH_N!e&>s7-U0@g-@pdr07@eWL1?IA?0@m$f;TDRlz2NZ~rAl0;6v>s- zr8(RfSS{pckO6~(1Ll$l=)}g|0;YoLxw+K*Y;t}!wJ@JXcHBH3=QFSZnOi`z2CUce zxL#PuEG}g52&p-KW^MsLKqY>k{Ze*uA-A}YUoM#Dp~0A0T%5(*bcsFU8XdnGSH2^5b}a^06+v&b|E7fQEc6Jc>A6MM^BtOdhF=QlgF#BUb|M)xbJk`BQG8M z+N1j(T6^QCTkAHQXui?h-#a`yEFT*l#XsYttM%4pG= zofbET*7fSR=j@1o@4c~Cww~^kOe7F!=7BaL#UYj$deu-;6VBUGbFuk_XnC=J(!Txh zh3D7p+a{rWLZqwLlC>_;3+ge2YD7LcJT@jBmJJT} z!;rnVud7Sa+0xz)E1%nqEp=@@$1dJ}^rhWj`Qg@oe(~blhg%PvzO(nxi8t17d}H(0 zn@w#RSD3^M+_VXzS^`}7B%s4Zw@a973}eCM-LPBXaEU#jVq7g@F4YR`;{GSr@^{e5 z8pG&ki@H!=9nPtF!d!SR>p~erFlP)D2z*2MqhL{n+hkN~v5Z?V%yPF#mEU<~-|v6- zjdfRg&2els&EpIcKJ)Hs8rjGZ64|*nN-ZH6E@`I&t)NGUTiEBr1G+pW#x+4YbQn&lQ zu#1Mbm!u1cJ}bd4^|>S+qlH+&ZYQ}oQqnoe#n|wlRtlhS1-FYfQRkBw{S%%DJm&=5 zi)PqP8qH?#Y@x+Ok2OosLF;4x8rc0HSuZ1YsnrGevc`4}{{r$k1@Vq$O(-T9?h^7Y z>x9Lgmo;nCnOu>`O~|TemxSU16x~u=7+6X2W2~+Lc`-f2d=OJY(AA(9K;AW5dMZcEx}%U7=;TUFDZFRTgLZ6?W=R&lc`$e`XQ}Drm>A{Y?C^d%IMRY zLk62*bi|F$l*yI0c+w7E#u3QagQ%Q6RIr7M7OVh;u?~Qb%`}S4^x$QVip>~ev%2J* zE;X-9E$GvW`pl9cyJUbNcWz0a$Hf9lkMCrb=$BaGORCJ0F-zieQ+COmUNol{EU7sh z^Bf3$L8^9&B_YOU+>vScz2MOmWs#9$b}z+B;;b<1NG{kjOIG||SZm|Aq-S9|V+Eu=31R7pVAVtyz5DTG<2AiX-#0w3v z4Pukax+i?R!+_L+*!C`~9jM#I?h}K6oQBJ*gL#Cx0fh}1z5%$s{N47x_1pJu+qviP zk)wwW?LT(xAZUg&S8u+w_59aDA-u=| zvxQ@Ne`3NBQw6fY!je!}nz9I&Y9vp;dFY>>+W63``_~<~cD%ado@5eR1KwZ+HX0D9 zf$daHk@o`Z(8eYd!*YcTHo!RF4h<0I_H;=k9UYzRO|7kW8k%q3Yr50ib?{8}L(lE_ z>O)n8Rg5kl0vIv_`lu3Q!t=E`WX( zgg`|oLgWAyp1KN+AU3wdB%q%qdYww7fEb5Bg=^jN2vkoK(LAX6DL$(b(rP}b<>J~< zLLY?jO;#Vw83J^F#cfiJIj7YFUuLD%U)?JE+n=ug@-D}d+1qU>k4j!&0 zkO_zqhmZUc%&uUai_Ck>alvnq^%CeUBzG`jXs%R(?E+pG@U_>PdXL;_-*=_HVL+~N zcq~pAcp}Zzq)MgGBY)8Dmz&&mLlb+i+&+D;Z9r>j?31Y_vm6eJ+;SNLywLBOkuc5gKrDUAADil^R|kFD!~-;MS&co~`eFb=S$q zU*7Wb*LS@5#_m_v?tSC!!*6apv0=;EjoU76+EKM>$F)s6t2XbtylKzn4STCL?7Oz{ zz>W0>Z@zW-_M1oUym_>C-SK-=C+gOos>c-QjWdmJoNIplV(V*{J6@~mdi7fOYt_B4 z-ROP&X73v}``6v-d-GNgtKPS6_P=?fe;um2f9>@?)EifO->8zjezkk;<*s!XJJwxn zTYJ9w&2vp}oo#&kY~%WKjq6W0tUp%2@yNYR$11h?*xgMhYB!=z-dlgF;jPmRZ=G#{ zDc76lTi?8Zi{_1&ns!%r9I5Hpaqi|*YqviB@>}cn9NBaB+L_w68p%l8xNgYcnsf<- zx&D+EA4rg}!Hg!DR)^8&;sSu1Mq!ajL|#JALs7FYNuR$M$~v#j{Uu zzPWZ^?aAw1-2;l=URiHf??}IFa%gl?2Jjt+Tvnk_DqusSQei`vz}KLItjz9oDV^c! z3HNPV@#1*!ncbImp1e6WWeQ;;YJ>dCYVvV?3R_*Dx^>JUx2G+^vLjejnBx~4Ctlcl z>z`jf^0l9A{^zH+zp~}bu?zPaS_enQ)H)sH60{Di(Ha$M?YKfE9h)2&9;HUBzpoel zm88A9tF5h#7VK`*(blJiX;BKic|}w`+D^=s$3(cIWP+Yv0=R>RWH` zJAMl348~v@%VW9#o-5jJpq-RRL5~6zLr*3(t&B8a7t1B0DitGe#QWU+Z!*ALVd2@! zgfBBNCRg!UrI1naDK#J0a#3wKrVAxWF$Nwfkkxq8xZ~nPJmD0;MaoT~)3+sm{)3nP z=VNa->v?E(kBhjc*a>=gbT!u`(#M9L%Bf=`zf<5LSbq!uo+*{p0(I7W;=v{r* za39-cC6WPq5X9jUy}R-VAO^S4gPj1;1jZ4C53LBhq-wQfwh}jRUe;w>*S#mpY z_Pwyn(3x0>3SLvj@C>|pAazKU=Q9gS-1NK(ZuZV7T2$-}gSrL;6S05=Vp7J@e>rP` z+3K)`(Ywr_jGA0gPexQPk0!Sd?v5V#qlYB+FxL36MgbljHs_6U)4r;@|M86$ifBaW}{Dr^!{Ga~A7ryk5pa1edeg41v;}`y)Z+_v= zzWMq8@vYDQ&+mNUFTVfzzx=^x|LTXI{p*K6_cxDx{%;@s{NFwLxxfF(XTSEuXTSc$ z=f3geXaDi3&wcyp&wcmV&wl@fKmL~&Kl`JXKljkfpMUt3KYir&FF*SFe|e16PhS78 zkG=6?TkG%e;55M-MAHDjgKYH~G|MJr3{`rN^eeZ?Of9JW+fBV_bf9sjgee-9Z z`^HZ{{|}G<$v-^)Mby_G`{Lg``o*vO_)ov`@Rz>w<1gd!Zyx^Bum1Q?|Mtg!`gf0f z@$Vn|ldt{cb6DOB?Wg|cu~#2mx9iz0haP=t;}frJd~@&d z-Dj_zzSDB6dzitl8?Z~58^DHW=05C#ULbQ`U@mKTK{cRnWwW&v*o99vJJm96gE&BE zBOMVwFig|O%2QlU5l8`9;91iWO>sCFz{^E|~cWyNFN&4lzz0&TEo`KH(u|C-Zj-F%ScPAz%mGVjD7&aD^N|>WS z(x6r;EjFvc7pb2L+*Bvd4|~_0Z+zp>m0K-+E+2Cf400xKw5p;1SaoN0hpJYh8&L;r zzO2!c9kV1`6|KKaJ6A3d|}JCCk?=*hR&ZajSE^4-?1;SsrRQe~M`na3ve z(oxmGu)I$?j35a~@Bd5PTL8qhX4%61zc(7yR-Yu$Kg;R=j5!j&)R#hRbEzJ zR8m?{P>`3Mos*W4otTy#nV9S18>(n{^OT0$CD&B{sJc4=32vTu?3}LKIy$=C_DL>Y7@l^VVC3=I=)reI;vh>e9_- z_WBxH5pYkEp;NeZfX*cqv^D4niG-W0D=#)ykyU|cK#g~6{rS%Nt4+a{U||Jn`>1I^ z=@iDU6%8GEbv+>&RZjj9_o6cr3oFt}%8P63Yn$6}CgBc}TiFzfJ;f3DjqS~_d z{-WAu=oSx>X6Ye%UteE$XJ>mWXr_inB7I+5TVGLuSB&C1lC!Wu6gP7ff8817aryqRIKWM-gEvMn=X?&dv{>ct<4#<&?)&wPm%@Fr-?= zAh1g*w-DGxuL4T$2#~xK_#*$MibH5ZMMEkDyTxM=xS@s#(BTRT2?jSGTEIih;$dbz znu2CU%+;Oc=ih>O6j50}F{(y;0r?NG3l88VA;KvRmO|UVt&@Q$H~vRKeGt`^Myh8B zv`UDv98XD*LX=T97Gw`;cp?Xrpa7R(E?!TNDI-k=CxVtT-o^{u!wmpX8nc9s-Uf)O zfySQ6MQ1YTg|VfAQ4A1MOg0!625=eiW^|3HH&8V<#!ST|kq9cJF-sX-jHqE85d2Gi z=SW;>lXpm>v7@J|k&U{cji%8RZ6iBfBYQ(*Clj-qrWWod7H%e%9;P-PrdQle?L15! zZkaiGnP2xcclI;CdDq_> z&JW|RKZv@1FVY#|AL;BDe)CS4%bk#$z9B9MpWvIm!8h)N-bCCDyWx)rcfK2O^M16) zlf+w3lRe2c=|OZ(WM*Yhe4d4qx1RYm$6F7)f?}Rhu$$k~Urn289iQ)J33}k}j(!Hz zzPJQ!feVN}5<&!#ssij1!U6B3B=hYfq#+1gFu%J%EN%#;@kkk`4^{HHjh@Ag?xl@( z+~*hv;I9`oH2VcSy5Z(}!_Cv(+t1toVL)iet@{skY&}ot-ad0VSluzo%JpebbXs0X zRZ)3uad~xVSyg3OO>G74)Vjuoh9>k7ps)h(nRfE-PkPFFySuwPVdXn8#;c((WOmF& z)K2*2v>D$C_Y6zu!@vU*wqfdQQ6 zk(jK;+fOo$uRT#T_LkLmQ@G@=W9?_}5&9q`BPpY*q_VrIgVEYEQs35F4iD+t+JZ9B z3t72&8QB>r$h8vUQ^R9&oIFFMwQii(yk+B^^)R;f*1eExE;sEQ?QE}JwYzpRI4-Rf z6Z-R;{ao^bk7hgi+$v}pydvPCwL7A++pb3y$0%%l!yf!edi&j-)I*Ux9jVJfN}zZ~ z;sRmOJF^0`?VVljo?YphS?M7!E*J}5?Pafav%uh^&uopxT&U}1^h_+YF_vxxWqu~5 zf5FndgSUwa0f+>=3FFQcZEdcii2Dj!v4CCTM7IMQP&7EABYkaiW8?W28bd|f=uU^0 zIiMJ3D$`6(M=!mqr8lFj=}AJ4Us!@yP{ggr;rXXRvMHOPaXa`-P3o@F9pAotk23Yi)AP$>HvO&+z!b%#xUjmW-Bu zNV1gEx#b`pN6^R*2^S({hzW@Dan#KqUcN-dA`v^J%0=+~MUt04I-fl{mkl{bbhwV< zEu2$CpDr1ks2yR#w2&#-THJaCZ4e<6Thgw88rlXqJ$Tzk@f?u2@lv!7e<}EG?2sU0 z#Nx$YitmYm@-GF!_%~p>yC99a7?B`B>5!2F-W(=Am}>8(Ae+?qc7z){!tIyfd1uyM zq8qdYvh8$MF^!2rArU7V5sNm==P`&kC)MqMkz(TaE*2`IL>s7d7{xcLx0ir2om(+7 z3t9MzVNP}nEwZroadO_%ehkkmcCkKf6e_3tpm;N^yZG?hIV>W$8amg z3c3dydT333^k!I|prd7Qv~6&#ZD_oGc%qXr)jc}hJ<94CWA}`6`X;#jle~fH*@5Yq z0p{!=dw!5JKg3-e<}NWfizD2nQ67Jkw>&l@fXMe4wHV{^$MNNiU~+Cn98(K;N{goE zL=&^9tuIf`@F#gBrg?l8G|6~NOe&_ii_^TtX(*gx4eduL`9h5h- zgxSGrdP%A4Ee|JWryFkWu3ml~egXHMhTD7i%Nn|zGI(&_JVMhk{JIZ1JJX6vOLGcK za?zPpR#je60}2o26X+|}qL|g#*4zxCTLQc7o#-kiE+{KO z_EuDolb4;9nUNotTH)XobwSfr>CyxD!1AZb4W9R&T=#Uj;eONU+6_l%AWTXfo!P%Y zDvfB`L!0v;QU3y^jzPgyQkkTBLeL5VlKm~0=25p{(%;qof{r{I3Fgb_{QBF5R5MP$sK_@hw! zp?c2dV5qRMy{EjPEw8E}GCj{PJmFSQjK|Y>&#)BF@HEe`G`HX+-{`FPl7`|oT3K5k z>S@K*^)(p&YidScZcTMfRb^FSQ9*8Qc1~_)Zf<6NPEKBCPG(wGS{eX1J2@p2gEkm) zOh}B2O^gpuOo+%Xx|dugVR+rd`QFgP9K`3ci%Lu#?2Mi4uim-q5f=9_qd2;}8F~?g zy<_EroU$Qa83VN+ZN{a!Cj+wEVZ#Wy13y^WQrFWxQnW2%sEUq6Zx5IXU3appbpYb<#5X+m-1(5pzZSw3D zn3Lu8o#nM>f(`f`;KD$s;?;MzWSry~dL&*W)}Lb*6N<5~H_#*b^7XSpgJ~nq=L3tM6-Foq=b71Vco4=m1&2_K)K2M{c zrsgG;)r+%TJk{E#`9R(-7V@ACQU~JzZAm9D$##Ll1bp!=($zp38+I2I>=Ggv85YuE z;PTo47cIJ5G|uJ#mlWK3=GWSJEA2eNARo0yVM11(lk;^4CwpgC7dLNT_dAa~{6kC~ z?@H==NL&h(vJ5wHj_|?sQd(MWeqKgS9tIHdi%Q}3ga5$gVIHgsv>v**8e5xSx7LQy z{I>Sa*3Pb0LOJvf_0s1{8>dq0CX%{mOoP%dy4;J-uNau*whnQEGn(Ckiadi$0}>iz zb31A~#^@uge#qOKbq|QnXkc*rmp1YG4|bJ~JeQn00foE-e4&9$)x=20h`0%l zf=+QKi8#K)umdrv@8T+uBPsl)9)u*@6+aXSlgnM|=kR+uqHf+=H+Q{4Y41Mp^MR~hBZQOOy%WoIwA&onS{`0w|MHXau7iVV|d9!mc zIf3KR3>UN6oEbP~PjiSuIdpQT;O{Xt0n<;+SdULkp#QG5tEZu@qqe=Xtg#&exQRtI zk$Gqrs}6-?PH|&mRYzuBcYb46X=`s;b60V7LrFzVS!GpOMH!fcBI>{V{QT^kYzX0J z=Vaw(<>qAMW~OIC8$S(^l9rkTQa3R+E;=+aG&D9QuAm|yv+kIdos#j5j=m{~f0k6& zX_}hq+g-VO$KNd^=0RFvWNBk+V^4nfNZBA8uv}yR?wOj0dN^M^6h`H(;>OTbydn^R1WY!Oc3r}$ zQe9pYJmLT<)g`$mLBGEce+SqV$$C0@Z)QqoGBk-f-At^wvf~i zi9{rZpmVUL8ha`5g@zfjU2qOy8wl*?qr3>rom@sGEe(z!g>?bxMFA;=Hy(!A``nMt zDef9)O)d&Y*bu1Y!A=Ug_@ivzICpl8GebNh*j%i~iN5X3yx3tPzT$@>1<1G;cpIu&?TV9(NtSt!F7ett0+u&n>7#?V= zn^-KbZ}AcEo)N(qjSLM#W7-K=s$zXXItN(ldGqJsg>K^0AB*Txq#igmj0@N zDP+5EVV7Vo?o7^V4@Zc=y()%XERY40#Fio%ddL=cFS)VFoex!P@De2FUF+wr(>NP| zUDER~zuq^$h6bkLC8!;4q!pC9dU!fJJ3HQRbo2J~@(*zEe4=J@`?RX-c>q^HsK29! z@>U^cZc&dT)6+9@Gcv)J=49s<d{@+3^^Lu z47WG5w>5Njp}m1w-7=BYIGx(J=#*Haar2?;qo~Hd@v2^yXGE!MXr=qpvbzx#*_E`` zzUkinF{s+0QK1LiaBoj%Z(n;ajTku6m@PwdZDWF#(Ut0f`ShxxM=|BjcjAn$K9JXS zJFju=q>9~9728u<4w44Wie_$FSAC2e{jc1La1F|_4=%hMkY^fLWc#%8W>o#PCxu4N z4^=K-JEMI0z-g_MGA1tmv9-fI+A<_=SJ9tG!7eJ9BpV%=S*GFn#3K_8gg_@v2%yL* zFr_-637LadFmkrZVwc{bzDusc?sr8!ToTmPK^qB3Az=Duyy)8n1W(Sk z4-PkU^$oF?Yx;OP4)=d~NLkv-rxxavfL&NY5M?$D2F*b@0gWM?872=llU%q}L6V$3 zHN~F5SlKvp9MW)%(P0QRLLhUP&cHAs5wn5mTu(=DZ)g8t`vASMmsZu@Th!E@Ti2P> z&{@#jTiHES+cR9z-dEBHdZD4Ds@ludtv1RZHZ$8Bk@;%0~4p zGd(9gH7z40IU_kSEh#=FAucgKE;cqQGBOmS=CQfu4>B6Rx#%RJX6T?QdpNf+<(n$rOf;_xl zBf}d*!aJMGfaN(G%xBFoyK{1Gd;x8AFs6LHfi4BAWQA!63Rp28LBZ}OfnAbrQk245 z*hT(J;O%oowU@uS%k7Y~oce*`-brT1&`3LdxMP^nF*Mvc%;*^z?H(D$mz@ko&*<0y z3?rcTI5vs?d^$w75#!TjG07Z;obD8hG0h%fav0Mbg4(Q^arPWyjBMv8U~|b`nB>72 zVv#uqeKHEBiPcc>6BFGATzLN4dP{e=y^D+PWpkH1$abRu zyUFDZ`Jh&4lgM_F>UOXMU91%`nD%f)V%Q}&Fcso8Mf(!w7wHmtQ3dQ$d-{0zK|v3; z$lZ7twE%Is-j9@-C!#N4Rs!{UG8CIpSnYPp_Zpg5ui3eIxq13MFn4?)sp)xC@#Z;$ zyQ(%%uHKFbkIzld$WKenOijx|!6YB|USU>Iadt^*UTH;9X%$Lrr6_3C)?*gGz8;Bh zbA5AjOJ z2brDSG$3^+Ds<4a>S(Wrs7*s%eQRrDM{i>{y`_JwV+h32T*t_KT_3xoZ6d9l_B5&4 z{V_x-V^pmkp4D?dq~^3=>FQnun>{jChm;*JnENYw#G6Fc+NX6HJSx0!CFrn@+g^Fg z&(G+-e^BN32Q*H|*|ii<=~$MYc;u0YU66_0I77A&)Qvaf}rLwMbNv$x_%V ze$>5zS^~TOHYl7W`+M+2B-akeyN28rJtRNQ_>(@ zmk^Z_7nu|n9UmJV8xs*16A>F97X{_BxT=F%H%@6dWtViI*{!Ii_N=PTMH~Ao-u^cq zh24+O4$H4etn19~8ZLtN))2Rt!2^Lyf@;o%(t_Bk5wFN_x*@sU@LcW)VgU>TxZQjP z#$~6AXj3q;M-vFFKxWp!ExcYsQ$M;CcAEu&v(%_GaWug!u6Q_Y2dplFl+^wPJbVk1 z|EsY3R~g|yJpl9H;y)6~TacCEZ|yAayjt4%c1pC}$>CQsI54EZ5FQY=U>I`3i+PNt zTnJnu=Y?(#5gR5{Z{aY9B78}cLuSupct!hTj3K7vyN4w@Jq*@!xM|>c^Jz*(eLuZ> ze6n?DsD(~%8-`EMa65z1IXc=oI@ZpB4%tZ0*m&Rg#K71jZER`?L0}gqvK07EG6A^a z0PG@0*<2`{!}UL7CR~J( z;@f~F@a|4%K?wK=)QZW-FmZHW!SFjZ_69Yw-TAlGRm{)9KNtgQ&ro;Xf>zEtlp))? zdmLTew2e)#-@fA=6#1QOccOW02H9>qYq^sxAh#=LwVMshT|waf+)aDQ9wE7_5mY`! zy{PUc#XUSh_snwV4C*!*Nx+aXQn}TBfH({3+iD*R@($1FGaF%v`No!xrq*_jH=Nyl zZaKO8>YDqWRrNfg;3A>zrDGrH`XD|cJ~KH5MH1Xt>FHTnU>b18gytuwF77#Ja9ZiAve7NiCm9ue)1+1gzy-I9=2`FqKt^P{yp?_)9$G?i z(+FM>NWx2q0x{0+E~q^u$dixSQn7nEx`C|(Sl7C^YlO+=;gSh@IAHCu6{3vR!xrJ< zcH_zda|!J72RV!IF6kZ_?;M*=sv3~G?D@leDhIS~JSphnY`ofh@eE?Pb8!2E=-%Qi zoc!Q(hMbqp<}jHYm_aasyigJvV@-}sPmE5&5n^~4?ar7a#FWWEe}6w-CWrx27ioNM zYDdQyqNlmLx3RMur@OMLsT%VS4b3Ix6@?`wm7sEw?Ut4SYKx1C3v%;wbI2=CE;R5_ zMg!(%WTmF2CnqK)$HykcMJC2XB*a9=#l%EMg(H&F(qpnK93E%y)wq64<62aD-PX6? zR<(Ah7+GmqJKA{Mxp_atKQF%FDYqZqK1yslutz1*ttWjydjj}h-ZCL>u_Lxoqt-9PkfehP>i+jLuGRtb;~P{ z;*+bodRys?y1qU{!@vNdiAHOt4>i$;8))=K8XdEW?ex*E!Le@oSTB97Z+N_Sc!F$4 z#v$4?Fg}TZa~geW8s=%ku)oJaI|CuU|Qq3SR@Lp*zCXAy9jqzo%( z5FF?YLhS*gJBtf*_}2~hN$_dQ%k$8a z{6dmKViTg{qOeI!O-f2lNzX{l&IQezkynsaSe#c}3WdeeGUy;w)j$xvqPC%`p{}N( zy1u2hu@$OR$XzFDAv~5(i>hMXP3h2ed}`(%bt9zwT6n#4MBS~(@|euJrZzf+#9G?x zJG;>gTn{xXSo1Wu)HXL)!vz?#5JY07yt=ZyrlPX0yt=xmrYyIrsGzQ*ytT0$0^87H z?whFW7%yxX$*iC!0hu}xBdi#6-!MFH zVRv@{_5hd*nAj5ncZ#S6O^rgRZEAEF(m|6WBT#Ha z!V6vU-hpn+wGbMoqqDQEgFM`tG4ev@yrCcl(Z)u!r&QHKBfh$}wg$Zl$Zsnu%Fwe= zkY4~kx3I7{7Z*MQlx|)Y{t;wm19Q_;)6-H?lAw(r9~&2kB$q^7Ol)*yL`X<*R$gIz zex0F5NaT0B^q1eMpbGu3$QzrJ2I0qis0pqa8W}m9hd~4+de+Sm|LA&$0RDrb61e? z3ZJd661zwWb_wPZz@--7fn6~o|0iMhKLyhN<%3E81F~`9=9XY%YX$Yeoo@xtUvt-Y zP>5(k2ktPp4E?-NLm!;Y9fW8D^ezd*OQg#fkn3gV(m8o_Zq6VlrF|r%wB>GUp+{uu z^(WD`cOEHTwo<%gem5ef2scu1e?@yoMSEveXIDjMcV$;kRZo9a_dq#O$$@Pet)XYA zsb{#kZ@9IO(KayBMjP#}Z0TcwB+d&_%&MvLZEv?V<*A@l9Swa&-8Vz3VAd8_6g%rc# zriZQxVE3MPP{iY;Y#3_fH1$^Wk2Q|++NPG;nEW=jpcCCxTu}$IAr=WFL?k(43%l6D z4(>_^7h7QmL0$m#iWrNLMs@L4I%fnOGt2F;v6xvQ6&^N*P(?#r;Q;RN=@kb5_3*+= z=eyA#eV%pCkA)Lr*W-aI1ja^a%$RgcGyqmqL_(M3LuMo~I7J|QVC zDK!E28WJ7!3gi{!78Vs27nc^7RHC;GHoc`)pc`tdp#IlbTUA$IQv*FlT7AcKZXGkK zaP)3Mo8A2!O~;T+w^N;?8Xba5eIiRTi!g1B#`~s**2_bYO1Jitf)q1r>vy3uqZdXC@rHXDZMBmtso(zFs-1nw5-0du%ZbP-Z`b6d1bvt zC0(VJ{TUTQE-_7d4=Sz0+aKkOJx%Y!FpHVXT~k*tLkIWs8s=Z0QZu;XRoXg?SAjv6 zh|UxZa{#+&{{R)fM)m4Z^C{>HLPA7f zm%ECK)rlt}cNs4(y=+k*Yps{H+QSloO%lJm^zxRQ=%Y35on4Fx5Dq~FT?chs{`G{> zJBp5yR|CuXS+Gi)=PysQ*-ZRngv%;tdYU;2S5E}ocUTi+(_`ZkBQRB-7^aWW=|qu} z5{MfZ?Cl@yf`&~m40zCMjp8Rtpe?N}P2hzZ!4K77=%lt59V*~*ORKBO%1Vn%OEG>@ zTu_*w1GojfR8W+YlaEHR>};gExoH`hsc?TvNl8Jjn-m|9b}`^C02lv@iH(Yg4hf6Q zE3J;mt&y?uf9IUp7jjo`24t{ATNCqqj1C&xIvd;Fym2?kFES-Kvox-}DYIoDzkjL_ z#t;nD(1@IDG1P6){shfjIs*J8DHI`ZLvwBpgOiP!h+$Ug5VM}a?wg*Um|vS+eU3aA z);VjNFGZ`*S4Bi)fvC^`YEhfnc!ofEhHN*X5CrgjgT+_?e8m|t4*qNLe>~e2{|2BJ zuoc4i2LiIF_ko-ySvoTIXDiR1FK#~Pu05L+Y~d9N#>16EGsRFQqx8x0NpHg}`Wy;D z!H_;PVpNee$j<1QOm3wImo(f>E4&?(ej_MC+s;|T!tQQlTv=yN``Ba?Z5YuqIMO^g z+B5{`g{juz>89byrs1i!5mx62r)!McJBrA z>vOA{^Q)Usfmqnsf+j!eY^b&^Z(#cjMobWRM2JX3H2SU~r1>p0`9)4Wr!F z$;Gzmr8e*k+*M?|ko)Um3lN>+S5fu~fViC_z?KAVX2L&^ba)q(xhtJi$3ol8at9B$ zG+NL|`ZkCHJ#KsS#_}<&{Q7oi_MWp^pB+;=tz>k`-rMBbkQjq)YDOvw*O@3~=i*&6A6y^W8}f@w3(G2t$}5X8tyEi6 zR#Q`2QB_%8Usc;u*UD(-A`z`m)36Pmu~(b_jX3-&8YIgq>8etj{5r6y2hI7 z=JJ}BiW>X`I+g0{Dr+mj8dp`9*H%^5S60=bb)vKsUHSP%**QfS`DK|o#i?o8v59F& z!xQ6^Q^Fz>g2EDmBQql7@)DDZ;t~rWE1}^Sampf0&pSUbqc0@6(fLle`E{>LPA;Y<&x| zU2IUaNLm54x}#IkE0&1H zg(QgMCq&1_M@Gevh=_@bijPT3Pb;qWipoBq=kjw2(~sn?TKUAIMUS<-5f-0)`O0-e zYp3gX9{YqPK29%+DQ!$|?$7I+ETDsmoPmD=0`JY_T^ZFgO0Ar`GG3kYhghVB z1~sLznE?);$=_H4tFZl=xHqi5TwQy)zP1AeAiyqBw^>I4oaoH_dA3WD4U~i1hITk~#06+be(~+JV54Vx3AP!vkhwui?;slm zGy=QmFdJVe7+WYDUn-nf%A#{J`=|2;nVH?AiA}xXr40|#@*E#LMOE!?R6<@ud(+@p zP4{3;7rm}$xW1QBj|6aVx@mA4Cc6z-46&Q&oTgz8TyWYLGqBz57@zGLpX-{O@19=h zWx@!O-_PRrvH5)*K8*`Db7gQA!YeT4g%9>BbhV-I4QUM6>mtVZ8x#CZJToQ*+f#zA zsg=eM>x7fVRL~^qj$M1wCZwp1~IDm93Y}J+vEMe%hC9%fz@J+8Pnv2OfPVRt||EvAk6w74^^w7sdZx4yQis=lhMsiLHz zq5?8jRSnhE^%cl<>uZXu2@DjKlz>@8V}3z#0UX}4kaA_GWoD;R^H8|w(VU+Y8518G z6&D(v7#fur5uJSRVb~>Guj6VrPZ|c8-^qWR)Nns2)ynafzLlf0k>x=tm3Q}?*>hUs zif3?P%TOPSXl!CQ1^r$g6OTjLAJ89#sv~h9O$m6q{45Y30Os#fLi@KQDgU8`=FK4N`XCSAts+BQb z$(XT^D*K(v^?x{b27|I$`6T{;u zqm7O+hR2`?*V{GR*)`PDO{aB1BaX~Fkm&5{ZSLrTmIYdI8%e5*)@uU0ct5GHDlac9 zEG;RhC@(25FCjbw@uLIs7Uvff=j0b<<`$%9=cQz3rDbNOW~3#jCM6^%#w8`iB__qj zCq~7@MMTC#M8t%K#zeyzs-WUYYQDB>;CssUKbEq2N8V1$Ikv};4jH@DQ@>Wuq*Bw_*-H3 zzswu_HBw{uX|PTGLZtSG6n*!X+rk566MhPUjZGmen4Ud{Vi{NT3=9h<%BzPkPcc8<@q^_`JLweVJQ@O@~+b()#!?|iJj|Z z2X`|k5A*A{t#0~RyWF$5ao5u2o{jrME7u2B?hkA{AKKmuxO)4soj0UZpV<2bIr;@V z`Gs7&8*<%0?E3wP>klGtK8$vG6yx?d-W~BI!SiX7S8%F#Sej3GDv5|RpU5=d$h13A z>AsPOR4P&scOp~oM3L}|!cb`%6{-FaDR(21#o-^Gd@nrlerWu|kl05g;vOPG;~#}5 zA_60lf+CZjMy3QsV4EBolM)`A8WEog|Fn?U0Mu${MxPw2+yaQGdZ`L0=hJ4$T}n_Y9;ff+U0c6TN9T|PLb_lGm)XN~Tk zGJU*X*Z1_L+g2V=ydQ-7KMDJ1xXt2|(-P4YpO%rHk&%&w znl`c@2qEO=6(TDt$^$@_Rv=RaVwPZ1zXtvG-K{;-b-nDo&Z!#KQs>G> zu8q$lqPo8WKELg~ z?VY_%@K=Y$GL+%P8aCCHU=?br%4#byVqIE}=O)Q>k=_>M;#H;?uQFxXc}1z2xoMd> z>6tm0LqndMnwFH1k`SE`9~DPMOng*yY*ZAAY4Jf|rV=x=>pE|Qr0&(b{!<0JA1Ph? znY68>)!l}XCAQ#YOj6EeD|;QYD_6ZAc?8ElNG^ydtb@O4Zudm~0FgOFk_)KKX3S#z zEN29Wf&SFlV(1`_a*FBGMFSI+gRHj6#lg8Xwh&s0FNw4Q>;=}L;e}RQB2WR?U0dCT zH9cHlRL(d0eE|bnB z^~bS=TJ@didvmfj~`{6-}-yb^v(GjVSk4k@XOy<+$vR|B(|Khab z7pD}zI;*nhyvE)O7xznPAC%TTET?}&!SJY}(FtYaQ>x}?)Gf|jv^b+_c~;9xLfb|{ z$M&4g6)etbS)S3dIDOIlw1yetxQfXUMI*#9CBtJ121n)f56kEr!UsxflDKg3;CZ$E zrxg#Jk~?@t{@@vf1E&-YoK`w;R_)+fwL=o>Me?-BGdnE{hpQfUJsyPvcH;`FavHkJd&e3WFxp!r^e$_eq`DjtYHQ*k zcdt0-rMLx(-o^cldzdQAu$HOf3=np;oiK^3z}yb*8k&;;3Y}bj2XCQsZn=%e@0wrh zoLvt{FE?_&uj}~etnRI^*HmPemlTy(Rg~8h7ggXRa*B#` zONw(!in5C^sga$To0$PdF()N0BQ+(Jply6yVqyY@fRkd;ogWh$8UZ`F5dX))4})V| zeV-~DT>t8IPUdPSQ`8CAWv;;S6UHKaQ@q}Zi9QZ5tz$(0asK<4?)~${ zJO5(v=wEgGe<*D)V;7jyHpLXZlGfkoyA}0vcz$ipCZ5y#MRj?q3)S-W@-qx`M^v z`=3JeKaw3(rH}eW@f&a9_ZB}W#CwEDbvHMFzrbbKh!L*y*~{f;uX$@PAhyyrIbSiz zEa;oc8(Lwn>v+9c(Vss+5OWweUtg!V>#{g#HyCS&^xQ3C!uI?UggqxHIwri#uqeAB(=<>bu46bE#>sBuW4A^ylCm7W$mG3b4%~aZ38WtRX`*Fbak zCzhU1t!@QddIp($1e&>H=R=bl_Yp?d?ix7WK^Qst8aetHI(X|}y`^X4sblS~Z3TS* zHytY%&C5=jCiYsF9W*aHUNmviynIc|^aeuP>?T6T{D!`ji?OW-1l5eMxEtBHm^s{X z^nBv5yjz1+Jg6(LDk{(->|1;2YgFyK+pQ?R_0qkBkHY-lVR z%g`~Dfc|)-KB%l@q^IVjr|07BAHz%eIoUfB!|w$}-hLEgdhPycRl7YGY>Zu!pQaDE z+(}hZx8HM6{hg0xKRKv#THZ!Q&tBEg*7bg9Rqq6OR)JxdS;q?m@DT|t=-nRfQV)Bs z7w-q0rA{`#8(m-EWI4;-T!A>mY&-UlEqTcR=T6=^#If6Xg6p!|87An&`wExe!r?b_ z_$}<^Ry;m&rKVRqn5*s6z+CcEP`K|NXZKD(g^rof!Z3}j-g`anH#U*Kc1--WUHmVN z9{oZ8j*eea$q;+-#jDwsB?g0}woJ56!o`_3#b7XphernCbk+|6PO!PXXkX~;B^I9@ z#9NtID>pT^HZ-@_HMQ0?kiun69b6&6>_9>cZ3`HTK-sdipr|CTuqdaXP|PYI$<3fR zB}~qcG&e0ZF*zw3J-L{Q0I8dZVp?njXBI&b^in)ZHkJ0}feD`dOZA4T}aW(DO`Mpv{YH4SETO~SSY#6r#p z$#!!`cm#7tVZe?gceHc>NeLUwA$tX*r{BT>9Z4>MoplUB?53`uao5(6As(U67HN6wHeN(ml%=!U#1C8AzX9dGlk%GO>uiBIM8|M8Y9s|ZVz_v7_)C| zx^Hy4Z-m)1#_Szu_DzuJpJ4S*G6yD^ed8>Q*bh##2dCKhl8%OAjN5S*N*a2vxcaM` zT(x$&lAU-2Dzbd<~yR3Vx9<=qu0&EvrrunVR6>M9kfxjz=RszKQUABS6Cz&ty zqpN{M?&_{-K9n4=1{PB=4cJ{Hu*(#p3!;t9Z{;j?%q};x7dp|;J1>gJE4k$4X5ip` zGqBJnvEL!4-!z)863{5)nX2RZ^txa0y{9n&A@TPD!u{?B-1mPJ@aRc!NH{3ekf^xe zsL0T$u<+>c=vXih@u+5Jq@-kFR4FYvB_laCH$A&3E3Y6kFFP$aC#|qFzoET(oXHk$ zyx4gD?aGT+urI^hL`4JaNhcujPylMU6c#e*jX<|jK^|&#d1#c#&&|rgEL3`WdRjVO zZ2`EkNhwIRqe;Szrlo|Wh=}M=JPyJ_gPsQ6gIaLF)BC}3o&kv()^`ueUzNIa&*@>A z>*ESVJ1KfqUreXDaIbS)({_bkrZ*Qc(>z4bmYxZw01-z%_ zViB0oFwPP@e=)}g@{Z64q4>sRFxW#w5YNSzgV2OW#~5sPpwtMJ49seGcD12%0SX%R z7$|ILuB~sXscnF)2IzYxq(W_BJKi%7>+$i(Xnh~e^@3y^mdy<#Y! zvGNBeN(RTPN2c4SW=Cd)aGd6^zgk&;C0u_&hy}cMlc3)02|o))bQ?%Y0{j1C*aaMm zVVBB+cY*kCg5AHJK=?1R4dfX@1$lr_`S}Vpv_|3$3Zu7-bU2{aze;NTOPf1$TQAsa zI}H8?{>@c0xWxW_XeP6dnN4Grjn4y!(^_cJ70n^}RqnxY*Y5{M=b{wHM^oC&>duVl z+5GDBh1H$KH7F{)THbuUwEk*o<6HPmFK!}ZB9;V8Td$X%k>GDriyczzBK0n+=89n#r8Xu-^0FwN7dzQt ze(}JYbA-9<{z#nj=xqx<7Kk0JwuqXHj4LDC!eIPme)kf)&$VG;1V z43CPAh(^wdq$e((Fsw-=4~<7>K}Je;KI&~qk5mLIgN*r;2`Hkm0xB7FLTqeORCEHd*^G>d z#Jg>Dd?Lzy!67i3fBG=M-~YkA$KjD73EA$C(-h48_bWO}n+0iKPdcZ2_Ya2+-rb|J z|D5T04QF*zUnK*l^U69GP0RvfQ}F2Ro7ohXyjsbd1Ud=`?2@4d782gYZVtbTDe}Dm1T!_rm24FTfFhIQQyNHZ#8#)&{$b1BxL7D)( zL^-Y=c`l6Ss%k1KkmZ6{C@)0=_Acxe6%yeE%tYj6=b&ATJo!MRrz9sOC&VQu#3GUs z;u7M}s2hWUw3x`SkdP-q!H<(O(n}j!GO9Zq0uuM@yZ%J!`ah|8{fq9yf7T87M-AWa zowoXevfbU}>M1x3uzAitcQj0_%w2r#{eo{trUqt~k!-hxp3yUbHdE5EfR3gTYfKQatRdv}||cA*(P zTEzc*H=+F7vGhNY?fxw&{^!S#hX7awVotuk21_Pbj>8NCe?9W|S%H+y<_mGaMFikW zX+>hvZW|W77#V=@58Ar{g)^HkCYFgSD*jo+MIv`#I=c_t`9x;>AbdjuGm7uVW!T)l zZ|Qy~Dz~JKF*V4VMdsKuI^91uJuo&!!{F~En?A`I7-J%^7@C?HX7U(J-taVp8s>&s zv%}M~*p9GgMmW4t&dfM(c6?@jVrFp?8entFle2uXo#Ri~9H=)eugwTHW|r58)XwtioB-+#>j=m=%<@->n8Whg0=jWmNbm*g{1x=%ZY~SA zS42C))#nJ&>WdZ8^Oe=-n_FfXZmZ%kJ5l7fc?$Wm;1Gojy2tq25*y39V!X6R= zku1o!2)Bp|8{r>FUfjYFwef_Y7klS0e6?8K(RSm`Z3$&Hy(`|15Auxf7HI_5s)x17 zdKZ7G>igN5EBnt`pOCY-Y=7J5VaUVBflr=341D}3Aduv|QISY02U)PJ}E6ODFt#?(Fsuz@!_E{VIfhW!4cs>kx_x+ zkpUs0L7`8BgYiJ{e}YE0)U@E_d^`VSd7GdUhK~+w-TO@1<=5X_{>=fsZ{)8in|iC7 z-BLAkxuALJl)U_9C%eSrGMt>=`JHy&8ZfbivxIFA;d#;ig@PEGKo9^{RM-RvG$HH; zZ&`e*#hrYl;7O4`|2D)WP;xLj8A$z8(99Jyb8sz$cnad0wi50LJ%T8&3EM{J>q$d; zKaD&0D5w5Qy<0y}xcUDnd45mb_j}s+zNho>pY~i(8KMA-Z63YCFk1BUDVOU zdN+90$Oc=KnVA9Zp43f=YI!Ousd3Sm{Y?hD5E&L7791NMl8O-tNZy1zNy$vBX=~4J z?6iE8_@%zbPZh8INZsoPn*RT!_2?h91OKP0-}g>hy(evX?Q#0_+6$&=#n#nTUiXrf z`(3*`L7rhr4^xZ7OPb=F`qFzwbLlK}EaVNd^Xb!Q%dH+^w@uGMxrr^@UV>!Rvu|N} zP7EOlnE>jRsxT2y+F02lLD*ZQz!U`U(xHT9CGY4U83?xkQC%v@CB_awHp;g0zf&i} zn~6H=_k)$=7Q8S3yX3FBL10(#9oQ8Ru?eEpOLh2ek!~|Aww_~{jd-$cJm&#?SD$y! zuGUX2mJCj(HTA}nH$KTI@`+6Hcp7c);%#>GR%k|kGkt7;$?Y1Qz^fK)5ixt#4+Vya zse$pSzR`((%mhzBet|hOIXyf@6c{iEJVbOD*f8BX91hXYnc&S$ z&dejGW*4R@tsJ7jfSAX2i9=!;TdX0)z*$=2EiFTSVO}6wSXo(E5h5@d3{Uta%m-sK zco_p}WMX*NC7$w%hZLV+Wqn1sArwK|e_ON)FYRX{sGXwPxcPh=?$GGmUW0Sp7JOE4 z4k6Rf(cO3LhMTV8W#?PI-T~oH60_rqYqJ~r%6i7@8NBAnC2@w^##(D(iCO@uz+7^R z;=bhrH^pe%#s!87+qoj@TS(S$W0N3?b7w&3+4eQ>>`b0I-OD(XD^3-cFO*<;})MB)!!$fFQsN`V(sMV;}`HW zEI1+|G&~U`-qWX{K~I98;{Sp4MZac3TzFheI5-E=)0K#M{5WL45V}rDj!R0;Ev-%| zYx7O4b4_UX&Y$oun7k6&Byash!_qG(wlF!XC?+v3Eh8y2GbI^wrf616N=iye#Wp5B z3A6oS(cm=DqVV)d7$W#dM0j9CTbJm9va!<_H?uD_j_M)9_o!uSXSi^RyrIqw8 z)HXEKH9{vDcuRcGsw$zmKoVREYzf*zA|4I8q!qiM01{(qX}A`NpcDvkpP8DSmXw~H zkeV2mk`S916BQQ`9vvDI^yp!1WCYac8alh9^GftR0=_bE|FN>`_tkFySo{7DwIBYY z#>4-q`rx0HeE;dB^}A_DJ|`s{qAEU zdlzGe8&49`>-*?^lkE24(e@!m7h?oQ1<=94)Nk+jc+V(V3`|T6j6(`%d~jl7aD0-E zIpB#YpfCl*tPv)G-BHK}PO(Or>~R)vf<23v)))OqvuPnm^5DNW}Uszm$R6kT2mKR|Qh&?NmAOqw~1uM%i za~FyPBH|!O#)9$4A#!DS1KPlFFl46T-@d)`eCH+1@}OR}0oBpAp8jiY9@>{KJ9+wI zTp}PbJEpKEv!SP?XS8OR*EqS8L z0^b!Mi33>ZKU->ris1B8=M=wV3Z$^8mA3)?K=d|ra0P9Xyng0%Y-WJeY!#ns+Kx9yO zTtswyL=2!dB0M%MGzJ-HSa4(*65#0QNbs#O3DNN>$bP{H#H3{x2B%b5_-7m5EwK)3 zw~gq$ zm#5aZo)}#9l+(31r=ox8oXl})$%hdkT@zEJV#X5zD_be{hIB(CEyV+GO4u=lCa?{# z)oj3o%Da#+q-~1P~TmM7F;~zA<{!#7LKPtNaNXg?TQrCWZ z+TsgEYlEAQqH?PtInA7#XV1=#j863S)6loj+}wt-U;GC>&gSNpriPZL#1FOPGqf=HT=KO=rIkl`MZCYyTrn|DPHJeP8q84=z6VzWV)tl=uFz!mXc6 zT>1T3Q#A{(_F>lis>s~Q@vO4C>2*&#?}y%DiBAB#C3Ok49cirt`F*36Bdq!fUORK1 zKEKLZeYOZu)}7ZYn=koL1Qg<)+7c@*2v;{Tc`pLJK=oFwV04z?6`24Q2N^{pFiqhe z!Dtd#?DC~pBRwMAE~!hAc*8>cWvKk#U-&kD4>8n=7h){gBIJgT5_)`_;m;Z#k>m{jAxNww~C$lKasK zF83c_^}M5MY^ibCDljGyN=O~U6HWbtjRUl18oik|*h(Ml7#?b847Ux@JBEh37>sVl zNH2rYH^S&+jP|4cFggzRF2vwC@Ry0?modQ_nP84gvc{&kH#467!~J5i`^CGpvPK=KLIUewMi~#{vW|&aoHgI7{;g9)DqGX>pbhI9{AtTEGG^ z4-F_H)W9cN4FbXZieOPBTwGmUSld{nVhNHr8*2-z$d_06>uV5u+=6@YHu^xeAt~9? zGhpxLp=n~~0DbW%VGk3tq6%x$>wAj2N2@Sw z1;G^53Y&MKSxCM`Zezf%pq0fZf%J{V@0?!lKv51AHr{3{XS0L1ftKF3>G`4A`HZq+ zO*3<416%dWo=4=Yf4yJxgqHiQh>Gakj=-2wYnO02{d*^ry!T1E{{E=#y9Y0Se8TJ- zd0Q#{Yx?#+PTqmuk3#M}4S9&HHv-L?VNYYC!@)S9sVF8oGBP4Q3FR+v5RuVQQORj} z_rmipI>*ahOEV2)MgY)p7WnL9$m8;syEEn?23! z-2-re8UVQL<$4Yu$lFLRC0KhQX>6EUAoFQ(N1m8)3ylBuA?=?WG5)2L<4fN2 zq0mrQ4Y#w#y5^?3_J;a4n20t<5Y(-HhdDo1XXm6?6=Y>~7e4-1Wj# zPI7KUeq};cOLogZ1#PN>wK%k}irFRJ`pYHQLjZQcWUg&5i;%Jq91~ZnmRC2xXNrN9 zN_0pw6$#)kwE#u|qe%dc!AJnF(NabhK(kFKxDtYR70qV=+)V@)e+xqXpNC!i9#l6R zoI=FEC{$fUFbaXf3x?A+HxNkcfV>Dw`33qfTf~D?oc~jQZGmV@K#+Hnk2AHs12$@W zb^-bc1vL#3sTn>`Lma()mGmwt=@|z^B~-TcH1rNucXlIcx_Ya+x@&rR>ihc;wY@!c zy**9+{jCGEb{ef?aIkZ5sEa<_H8k8k#OS88hcU?= zp5!1HQ``~YFOxS4^I9au94O;(5EC=pNeX`n784Ynot~Q|i#f6Y9Fx>|9@-1@lxWU8 zg1fN5TU->!%+k^Bzy8xs>TfdDgU@jlYQKJ}k zfw@d1Q!6ciUACx^EdoF{b3`~E0a5}?LJL(oMp#!2FnQ%PTN6i_=pJSr-T z2)0I|YauQnB{m@?A|@#?EXwE6UrtWz;MHzY33(`twB<1x?tuo81>2r8jSZLy) z#{-2g5DRE#0Aqu$51_E9orzQzu)9V`SWH?Yu)vD~>AeLriz7wYws7&b0Z9EW?Be7T z_Mio<4z3GZD84ROP$6pM3LC|+%UNz@TSm7|^#@Okpk&Q7#~Iju6t# z%7QTm6w8w{Q&`QL}ts+Vocn zc0X3R`40+i-&6GZM|J;y)qM0r6~FJxxc~V4wGU-){Pw8HufI}~(X_Acps&B&iAqV* zx3bZ-wzqV-?e-|-L2PPNZh3ZXM^)cw&-B71e`|J~)XbN+za>m2X7LFS5%%D15(%6U zt6;wkakh)sYb3ei`1fFUdzBzBK#WR5fw`+lc#)nWWftSxUyr{yE* z3WeOIr77-Ad*5JTWld~G)`PHcOQ##gSDb?4QmQ-p+K0v(`iC0(hni?3^|ax}K}O5) z7@~9$)cfEYnn5}x zZUWry4B>W}5ZGPfvlf@|QpSY9BT+*q^e%Tvz~jSx2V0m{tjsL0%&n|0u0jEwh@cbs zb4tQyQ3%<_jV0*X;4er{0w`?KKeubcfuiEh%k}3kVW_?N{N={;7u&DC#WXP5AvRvT zSbMg!_WT9D#OQG6;OKP^-;0+lY~6g^1Hv98W`!43L+m-PYoubB1+Sx;$;H}fem!fY zmL;fVF4s?!sAKZ$nM)+5ml}}#vX+6ufKeRQK!Qq*ag&n(fe6%IYR0QE-eJKou-9RO zSTiN8niAkM8{inUxL!pYhgqT8WtU^pW?!Gs{o?4wZ_epUtDEUvwzYO}_Vjxk8dI8( z)fJx7dFx5JiA%yc1HUh29Y2+}`&7#A(+gL=kh;2G{>m{GyK|b?YgE=tU6dzjdI$t(AiN${mxIkBbFNfk`j;06VoxU)u&WKDb= zeL|D-tFnq~W0LZM!;>Ec$J~7q;dMX6)jP=EEx^plU(d!{#neMu|HkQy4o6k&56E8m z>YVjgXRmy6!sdgcR-Z^Xoz@Rfv`dh>5_{S#%)qB8uwXPKs|_}H+Lx?ll{KUll;sqa zPMdx2i+Wh>4;rpiyzK}3Dt7c{9boYKpT5f4e7Y&NLtkH={i0;B| z89rzY4X~RmD~5yy`t0ul!KP>HBgwexT(3eI?Hy zs(JrZ^X|XMdHj=v)6dU4{6X6BH~X~T{aiuc>{eUPBnGeY%F3;rZ(KCDF~8yI_Aodw zJ}tGRuC{A~cm%R3JS3^^F7rSgk5m^>PPB4}T+ZJHkAErKecR3^UhK}5?e@5d zJKg?Dh>2ZsP)R$*;gVt+z66Nl&3Scg9l7rc?4eiTK2N;iHrLicL6GDhN$$!j`HPWu z<@FtkQh{Carcfk;M(sS1m(3kuj5c?6=T}rdjgGr@KfpgEGP|O#p?9dftq)PrF;Lbq zP|-=N>KU%?L1!+#s+(TZ$EfaO)bMjL5kjkJ*_DCP`~Hq*yjhbP)bCfY~G z0nMGL%Z*R=OiuMqP4!Pr)25k&EH<6P9^!I_Iox3uVurzzue7p+4#*2(RTx}l|o^Q{~ApZdk71?3V8Rdjb04otw@ z6GncpHmR6cEQf{EIPo|krhZtA&yg6Ls~VrH#t`W_$^GZr#*s)uga&V!0HKN)t=1CY}Ijx>yrDi_q+Ac|oS7RlN!;WeN>{IssOv?G= zGxi^yu>bV5)0Yz04#`}TP`jz1@1|jVL)X&fvZLSCTM=$g3Opm5>>k%DJ0x7Ri*O4p ze4O0s7S^EeRifotC}SI}?(oPXB-1x6JkH=c=dXY9TE$zF0E`7u$vEN$f-{RwJesNK7tOQBgg$1bZr+e7G*+fZdqD0^jAs zc)SuOxYV|ie7RgRu?(Mxn(_Ja$=UKL*tyQ)N>z_je->jVr>Uo)si}K(fWe%sZt8dT zi23pxgMa;<)Gt0)``tGNzdK~|>%->1J$vOh7wmp=&iY@^T43T9;$$DlJG_6+`n}`E z?|!56@eyqaWovVXyZ%85soBMlbnEKx8yukxjSLJ9_0k5rySkuZ+=Qu#x&{bp)|6CK zLp`prtg4`-q5wLcMJ0sjEiOVHTvbtuW(Oin1S7SU_KL>VtkUYJ^aB6LbmQyyj;q^# zB6;~Yr!W8d+?C(R-T0}z%lD<7zc1zVQw8T=D&6>n(#@YLxqV;i`uERV{pksdpB>Qs z>Bn+M&lrbC6|#A&ym?VkRjq@&=S4GXTMuu)(3n^_tU>X2XnK+-SirpR`b&Z6xnN~m zAlzCJB8{VF1*qx~z=ywq_vTGPZ;FM)@Lklg34mhpCUqrgA^|RJzr!t{l?cEEn1)RZ z;TGQT667TwK~ckhJ^l``i)@Z0bol)UIg82|5l_RHV0a1at`gWqvWqR@e&K40vfJ)+ zgV5DLTeOrB{q{F?Ik-o!iA1Y>81D&I=9dLb-W({}%Es2nD`DlT>E=b8TX?zAH-xojLmu!mlY779hjH{ zAIv8y`S3q~nwAfmKRB}>IIAEeyATnYQxuk49G+hsQBV?DP!?TS9aB^jTU;AkTpw3l z7gtgjU)q>Z+K^b%kW|{7T;7~q)|_0@lmertvgQ;LO{t}gX(f#rrA>&;(x$AEhV0_H z+~V52(z@Kz`uy_7f{LcXs-}Xfro!sxqUx67n%2UqW<*&-M|o3sd2>&BOHW~KTUL3) z)3_`nYiDIWOVew&?ff2lMkK+@FQTk5xv3|sdnA8=SxA)QIgosY6KLTu)bJo-0U>#^ zEruE05Dz;1C0GpeN*OcQ;u!ea5#2m|i_R;8)6y`rfH7S-Oc|v>7LGnsM4u( z4BcVUb6Cdm%d^Ixp1J(xdCNW0SN6#|?pM5dK=sz4i+2ud`5)DJa7^dXS%W7E7GXM$ z@m5}0K9S9FWy~j8bRDPYFVEQ=l(}l<5_vBq$I`)5QC(B@qK2xvnzFKrq_os2iL?8T z9MLo}PpN3AV{l7}0qcAoObQqag|I}V&0vHFdi=#B+*0^n;}qd4z=jILJ`6VIQ;8ZZ zwj{_27hf0gnI|Wo?7>#NfV4kR_lK|x(RRU_sC3Vk49%9(alP+6Eq<>{0&UYsFuED*OI^?e`8C{9>=pJEt$dbHVbb zr!W2Rxc<-2n*Q#B&2LXzymQ>_{bQFuIAZwmQJpVOXdF7PEvsp6Ztv#%Feo}X9aa%d z?QQ+^!O`)_(Mc9;0S2IqN@sNR54ZOXxAhLU^$fN347Ninr+c8Ue~>mfOdDkM^wMe@ z+j0sk!{f7VJ&Z8D<}Isdb3j_})3e$ioYedEF~i@SwfgmWho7Bu`tf8YCnGzGT!EFPD7iSpy&86Y=c%%GR?b zO4}Nl?CR={h)}eD4!eNSe+#=HKi^WiZ`jfQB<#MSli#GxyX^9t)cS3X{kJ90f5t!j z@xuwdK%^=OZ}Ns-AR+F^xJN>B?>Vh~=d|~o*Et}mw_i%{psc|+@f zl$`!a5(X#b4NoavI;m)UO4;PJ>gCgFrl-{rP{xf|pbo(R~57+Yd}S4PKBUjH-&ySS^NbjO7O9dT$L#>5WU5?9dOn;G{r zxupRIyWbrG1aJ%KxYYp!>^uhaoH+QhkPcH-UICq#Mu74~Ueqzr)-ljEFflQ=b+o&2%O@ZrEV(o?t1c$L zJ*AAEQZW)&I2f4J;ucVB>5{5%6Qg1ha$ej2q`LQU)mxBDKOlEwpR)TY(?BiXT$fzN z{l;ad>`{65w7pthdo(=H*hJ_A)?F)@y4A37y<*xVzD3zH<*ezWLz-S+E4hB9?72_H zYoD^mH|k!ebni+UK2W&)Slcej+B?VjQHg&{U1V;1RDMfndR1s@<1GKvZ(&!0bX_Uvgn#j9R^gQuO;=>ch9~{wp z{~OKUA5#1Dn8tx~I%gCwDe7D?vUam~^Y`=*c@&luo|G4tU7Ci5#fql9s@B5Vj*|NB z()w;pgyxntX5?2VrWHlSe?sx{o(uXPpVE5&n8pVubU!?G z`GYg&A4u4~FLCvqGq%4wZT*{5=087T_~U)*|GG!9a8`GVYPiyMw;dx zp>ah+BeP3O8}kdxV^d6s*n8i*Z)$z@*4_JIaY>m4rFG2^Lmi)(p5@J=K?rCIxB!ge z-JhBwqa+tFA3=BnWWKOjK#c@%mXxs}mFg0%fO@z7Baiw=(%=orApY)KZUIAXRP6r9 z-%K)y8zBCMAivOmKE%J@ZURrhcbBN8xDx6VP$z|=y5F)Y9XpVe)s92_r5&#`~7D>I(Yt*LsFj~k^lOn z^4`;GdrqqEJ*j@+jP}8E`rlkI{6@;?ko2WPGRB8xFCURNKdfMWSjqB;iuGYNo5LEm zM>MY<(YktA$Ki-R@buadqZ>yrxg5Xjdfe3gxVgu1t6RscZy&$neZtQ7#8tnOc77-9 z{ElC_bKKVZn2q;w8=vD=w~t$R9W%Xk?6Svk6OUt;JdPQ;9@oElOwaj<&b6c3*N$j8 z9lL0MQp5I)x-~epGb&c6Rjf{_TAxw7dRpD?^hNvAT8<~R9M0%olQ48Xi!i!zO3&$p z&Q%qgTZT98YukCr8QQCuIh(rOzv3V4hHN*h1hAXX(4E;ioDZ3OI)^weLka}qLBLH2 z-x1FwBv3@`8L1Pshb%DCLwrJacOt8zj=>hXO~}PaItFoQ{1gEcg5bn{iR5Cq`C)KZ zNau!Cbn3Z2{P?uWhX*cveO%^*q>`eRuA=5eMGa+bLoMA)y86Zj2A529^bGV2jLoeb zZn)oh@H8quy)dT?seM;YMOR8eM|4_yXhKI|Y@1(1gX`nUD}IG$9(npVvh=+Qt;1Vx zMJP8%PC6AD#=_>kUJuAZr|y%YL_h^rDTf<^uj>^=saRYJgN+2vJh=)Ob)AFXB80W5okZ$| zsJ%ea5T>r!GsG(&ovmQ7qf6`2{aOhdW?0JgqC=gByli}WuB5UxF1hgj<0O~c5f+XQ z)QnstRBVpQntgo^qMbUwJ)r)JuT_8cwc5|VR{hBrN1UrS{o)ISUwkhAi_fHg z@yUf>e=7OG9{JA?tL{6kc|=O@tg4B;p{n0C=zMid?W2QA?|iNB^Uq~|_J!Op_bLDO(8XUJ)cpBA5|E#KOGIP5+R#651}=YtrI37(4ow&L}hJ~-+DvfC3!of%x54N@@s+(vwX~!< zT2ehdv1vG=Wh9|xETMHgv3(+`V=}pGDyf^9)XPd5U?BQQX2(QkYfJRn{{MQ_`Q5*%TC!d)q(w zn!AU!(^U(5TVop=Wqp%I5xAgGIYU!yOZ{p&87|moqqzGmC=La%$STsxeR2+D-#RO->;_T;F=J1wGk~*Yis+ zMwz0P?y20;_Tace_xtg-u0i@XK5}~3PAXaKm%8-DDcw(wT>RjG%J25b|Mn}{cfOK& z=L_lIeIfbV&n18Nxzz7IKmY4b&;0V!lfVA*)H{15-raNV{e2Q2>^=9v-t!;syYS(@ z^Y8CH_s*ARe)I8(Uw?e^cb`eT_m$Lpdt~0a>HE+rGwO5KCw+@;kq&H{tIFv3|JVK0tw_~X14 z#3)BF!CRS}SwU(%&gFxBpPUg)&IzaHSEm=&5zM6x=JFP6Wt%D3p5{Zg{Moed`Sj|G z>D8B0tFI>4zMb0mc6#$QYx^~G`}Nco3Fb5MCHvWH&JNkKc3yL~U(Y;yJ+t$A4q90+ zUoVQ)&7ZwqhTsFX+ph&%&?$c{*rXOauixQHZBGB{sl#wdFMJ;d)*^(cjel`baJ2X== zz63Tiht8wa`-yaa$vD4sQV?9;p>B8kw_l%m|I1USr8UmVDxFhMkXBKYS5s6}Q&hXC zrl+ra>Cz=5V$Mwg6@E?qV|o&>B%)yUh%E^zS)Kk3cYd$liQaHIv4Ysn0ZZ;Wxeo%5~TJlyXVr?{qiMj z<7KWSoBNaprwwKlGvYIvL*t7ABQhR_Cf*B*@_iI~%P+{y^O3!Sm!-9XnWd%SWfLQF zD=lN2lk$2WA5z|P+DP@%Ez9fojcsl!T-29VRFYLvkd%`?cJ|DXv*(UT$(~Wu@{3Nc zALCTO;v3pbbZ+6u0vxXk0JzZA9$n0%PI5l%5yxh+EkKOmR8RIzX z03ZmQ!zFB4_R?0#tCwIc3wJ{uPf`= zo>w$EbWZb&!wP@cEBXFc=im9_>~B6f`LmCX|K#^afAZm>AAfM@NADf{;d=*u^uaej z{lk%;{oyF$7at%0)u*T5{R(g_{pn%FeJ3@KNE)73wp7%1)G%=~y5eW!`qcGad|*^T zYEE-y9lfiMNoUNAPAyLHme~udT>b`cd1C)P{`m7Ue)?d3TkbDT@-p$`oV_jLCs zC8yatTr)N?_wcwK8Wsh$otoOlp8i3`#1xFO7M3x5gi#0rrsBnSLyWn9MBcwY?22FT z|9c0iGm;>b3Z6?FeDto0;P$x2TUZ*In1Uo=K}lIeO#IV`=q%#bAPHQM9(Sy0)+a<%HE) z0a|F+7eu)HoAaWLxwXyt_3inM?WN6UOB-7YYlzJy6heaJXFA>`> z;P(10oCmjY*oz$;{Oa|q#nqL(%5qC5Xb_arbheDi-vI`n=$~xkUdc9)m zb=;Cq83gW?yM0p4$H^_>>66R{exaToKK4#dR#&XeY|M=<&5X>ex8FX0{$c~oReTYLH$Mv9yMfV`j)B^yuCkie+~T^#%#zUf z+{Y1_4?{EVK1scOKmMj~)b-n8j<ZE!5-q+JNHZ`?$b@zH29G;e*T~%G* z-A5Z9pJZ}p=lQ}nX)Jj;{@VLM7JDVfk1oM3SglWg7;XJ!g+?cCWZ-rN-F-koR8 zF2HvZ@~`ZfInL}HcWxfP3=afPUM}|n??fes=9VW{x8=6eO8dvEhnY2_oZ4|--8ipigk8yCSB!8G zl?;w}QN`d?4`WLfH~?Gmw<Z)lOsOcE0X&b6*8)@iV($>FhWNdC>YGrF;Zf#^@ehHj}F(D-^uQ)q-h8a6PmC$xS ztmdp}dEe6IslD@EM+Xmk8)wI>H*dQ5dESk5d6Z`1ouXhFwnygH?+;rZIb(70;#G4~ z2V2`KRyMdj4KG`gP;aA>Y!uo)PD&P51;pd%d;&dVBlzIzD9c<&tP? zVNp0cv&iMnayUE=2i|ThCKdR#I9wh)`IJt@6d*T`C4 z>7oVN*4=MCei8z;(2C01&Yu3^(FrDJW`Qpxsr@QxV|bhA{_nt||2_Qg|4XoolL*+| z+=fQi>df5i==fN3YfE8CNpc2;n&NKXx$ElX6Pudef|2scsg7Yr+wgGv2m^0f9gNW~ z(u6yXMJFU0#>RWb#vswqKQTd@oE)5*9GsjQoMa9{mSJj|!DJyunVc~e7ctJ}O^DSP zICE2+`Drc*CU1d7f*>zvb^*biTNG~*ctp=Ezyp|o@4_Q6_w3h9T2O=;PRY+y}Zs@+2)CMW>%lWwgkaheSu($o^w`rNRY*I zY`LQ6Gr}Egv1a2KY9T)OZQ!R65T56*J!h^wZ)jgRZ&w=)sR!y zlGoBv(l$`jHM*!{q@``3tEH!>rKhiLfD#-@OpPz&|6RRo@2_g=dsxYSkBrp?eK&0j zPXm*yW~NqFrskHWfNE=tE6!Ffeij}fnhudCbsl|o*6D+N`uk7lDQQ`nSlO7{UN*AO z*SoB*Z*s}d_>!Tap`MNb!qCvf(9~L5-T0%!iogC^cHcP@6+;ir%WewlM(3sQxHyN+ zImvT}PaNHQ_!~(Dg}aZRjBxhSPSh$T}Q03XGXX+Bii7s ztj=%Z8tr7(beY}`mUHm8dYT#zyqqwzao*!xoL! zPamQ)81#wp5f&5ElrszSa|`qH3k&m0Bu!XZ=8F(~fr!7n$``CH3)YvH*H>0Hg=mId z*;rZL6biP4E88N3a9araV)dCoglVRY`IYs#m5qhf%|*(yl`3Ivtcce5xE&UjW@hJD zTqHECDGrmx0l>0YY}PcJ1qb8tX>_Mej6o)4WUQ;JucfuCxxKHxi&jwImfO%?(K}K( zI2n>rs%3ut;Aw?(^6KW+SKZt_0|J8L6H-e`E89DIh8akiW{~YJ3;!F#?w_$9|1H17 zd;}pG2<)zJZNh9=D8ysBr?>Z!Rlp1uzp(c(Pn&u2M zxeO+Egf%nDo*iS&j#=wEFy?3&I)2#BwSfr6|S$YtRt&k6RfWa*4LId z*96d`+u0OSA==qm-G=k)BDA1x`*=Gz*gbe~KQS?-th}bZy_YdE#o;ZWog_{E1&u@oM#%c>M~8t&#o2x|rIE7jHwnha8W?L|d<*Rf->k zul4#fq%GgB!SfjE~lc=%2$$R5?W3dO`Y|OtxZkMEKE(zOu!f$8kk%*vUR-d?5BS%Ox`^7u(J_ioZdF#InK=b*0(ry>r~)EkdsEm+r`Ge*+U)qYHjls z`SI;no0~7TwjhfNQ4aiBud!XT z82gAa-_(Y%f~K^JmcoX%(#BRaIn;M_H+J~sHpm8MDiIut3Mo(mD9D-Gq*D~ zvvPIwc=YITY+O=dQ5g(}hK9!QdoCG?Q(L zR@ayK0&rBFT|FhG<=}K8;}Rb{d1~u$-Q3pUNmOiQOIs_AUfVN(sP7xB9iZ3IhU@90 z4RkUnjA)<_H`9k&hK5>)hY@WIM*GMpa$!U_hzJY{k59qbfi}q+oM4IZcX*nDV6x?n zFy}^D^W&V^Nj9?JnQ89qG8-VR~T!1H`ChurW!@r{;ZC0#RV_rkD_ZKuRqV2-m3w8feCYyC4c6 z*b)+hY{85p`v9AHRvz705| zVD1@`Meu!?=G+N@^Mm^io;Z5=)ZzK}JqaRzX%? z2?Mt>iYhWnDzeI|3aV-($qaQlV`F_IOk^19=oso~nOxGfbkw!=)3AChWpMAXg3G5TP5*G@;=c207c_KK z3=C1!Q`6DDsCDt8rn;7v#zk!%6wOX4>U?}u;kWzbzm_nP)UsF9vArOtb52r0LgL)X z)5p(UID6pG!O!=8si~(`P*$|Ijc4BWl1R9`zAoI_URnp~zqTaSEh3d(q6{Zk#hF}3 zW{3Cm6%h&4vUVrk$vLO)e`@>P1-knGY|ooxh!!Zp4ulX3qEE7n6a@O*!VM7w>xAS_ z5(+WYxw){iRns|~P~Pz{yG8j%@E7Wido-_~v-Z>R2)ptq*(0{#ZboHbL1RQ!PkiHG zQuAwWn_1bq%_b{>*?8T zlX2Apfd$QXbLyPq@+|`6l&;dklET5iGtvUGvAir=Tw39B=LYGF=9c#2lFG!? z%qO9djyK#buU>l)98p}`(AZ0>XzxK(cJ@_v_gD1{*7h;#`WZF7L$!TF^#eools;M0 z;9wJNu!TO3v{Jbj#O zoF4i;glu$SQAu-iE1f<(&Em{0f;?UoV=m?cmkBA1nRINS0)fTGGO}s0>ID{5tYAPJ z`*)8KFT_7Weu{{|p~N9t=L^>`UI`pu0IXAj$VA3ybz}Y63mh|t*HWyXzi6lRTRS-% zK7D-eq5XTl*>~{R;S-oLI45=T3|g@+oR^l9l$Do}mzPtJm6ZpBDkUQ$B`b?@1Z6c< z!uzVIq3;Z{xEKx7)KJ&c(6v!D@;oYU|LF<6edqL~G|g4?%v3LGX=-a|>uG4}YFyM+ zSJP2e(o|H`)K=5KqGRr@Vd{VO;;m24Sp0gQ+It6;4_wf`pnge78$_~>in@xDGEiP# z@uJ3A6|Ju&RNnhW@uL&E$CR(g>Rgpp);V=f`jo`E(-P;7pE`Zw%&9N-?m2Z{A~8LM zyD*Ojo@fiw*BktewZ%2j(%L#XEvWG#$VtZOUB{aWbu!7c`|e^*yoZu`qE6<&4dfI5 z?tUWsxk}(;847%>c(!5e3PQ}Jb$wN|DI#hn8yhQRySBaq9sSbAuAJ)jx&d} z&>l70k5z0x)4K76uICq*eD>Q09CwM9x|^vLT5guqVxKqQQ8{t1nfJ7NDXMQdrf(s( zcQ&z`m)^t5?wQK%7|Ctv&ui!`sB0~$Z>nr+s>eidGhEsmTN;|$8k>j;WOGYP3;x&C z(%RJA(%6D%YHGu6+0xR{+}hp*JBqd@9NySk+uTvr+)>`#Uf9r*UE7#j*Phqdozd8p z)Yc#0GZaG`kD@UnY245r_M?VLpW@*g89io^wJLsDCme&nF!p?3!|p>Ri;rXtet%Z& zg0{uI(4^YdfqMZV8d`eSoo_yP7yt)MXz?_*K&Ax)bZqc@yRa+n8x!{`{Jq+8|LPy~ zz3=u?{C8dNc02DrxX8mF?Ye8|&YPI#_Vy1~)->f5lsyUxck#Lt7#34p)70EgukPrn z>gcQPrq%Wg*7XfF4U9C?MjQJXO#_Tp`dBNS0X5zZu^R8#c;EO$|0FWpse!3!I+HcT z;)sL628K+MfgE+CCvVlE+X<#QML+$HGh@@EA6*_Gv4;mWLVbyg^v6G6Oj zeI5!pz{;%+{ubFTZEr4ZZ7gqZ3bwZd&o%|mHU!&*w}l7}q(3({ceWsBzWw4EIu%~L zdimm8lyp&KMkzyV2=sO#b_0U&c~57*kGqe(r9*&!U`%v;K|yg-OFJg#p;LjH9)#6N zati3&+yX8TXdoRIn^XWb*554FmI<4I0D?ejlKL(Q@sWQFd<&D5ORMXE7*g)T0)an* z2>MVu5=5U9LO&$oT@tNk6%=07)A@YwR|k$BI&$j7p%cfyIePNMsq<&g%Sc?1m5`J< zFDWA>1?oXsN?Jx*8mKETC#x(krz$U}EU%ydM3z&KQ&Lh>R?%0!Xd|O_bKeEa&rawb zkuf-{Vj!!oqoSdqdQnADLs3pmPC-LKMO#tjqP(K2qOzL4hVE4jBR55(+b7hVKRtc< z{X?4XA5i+@xH85URkZX~FJ6>Ykd{`Ikyg_@*=`-gq96NLN)33fheBzXcx6jb{#QL)x{OyQ}%Gw%#V?(e-PAqhefV|MgTiPH& z_OGwwkw!hDQ)j8YHrPMY%XeQDQju3Z0)LS>8NVyhL~AZ z>p)FAt-5olqGzP6ceJo)B&Um!(J`EcT)U1QQQQBhru$Y!hkZeladMSbRI&1t9BJRw zGdJV+*@V2S>-!6JH(2}pME>dr8czH5oaL>&oFBv{7dA9?4L5i6dHMKjT-0&8=6wIb zBj}suYNjSHUy9v8lSgxvIVio$57BE!B-J!2jA7 zL<<#o;J4JZw$`_`Vq4eNQcrS&)}~fiRCR%qYHRK4XzS^0hihO@S9fm@oUD3CbYt7w zk1`>eV|w~%{cyV)7>0v(Zg#%M&0CIFuE82IIyxagzoZevkwX}l=c1suu(C!PA;1g} ztR%2Ya$X8~sRgx$8VFUjLoS9bfe%su+5IjKcpC(NfvOwi$MI1_4UhQUkqLKfkw=hG zcW@43F()Kq>(9`H6c7}A@|*;+#eIhl9XfI1;F06UPD-4XkUA|PdFH(28N9%sJAY2{ zf)p@URuRdrl$64S3v!Z@GSV_qGV-XvNy}kGOi4#p)j~qme(wddFHh?ol`%N2pe3oK zF0ZaCudX1aDsxUrN>Wu;5y-2dprkCXq^Pc_sIR1Mp{jpf+0acw&FO0i<9GHb{pJhF z&ko6)l-7_{(^1saQqs{mucr6aS&g56E&ZGQ%KN0u&Z^o-DC(Y)lst9*^og@44e$xZ58TARx&^`NBDx8MfZFY~omWsSLc1Y(6~J?doV{(tTd6>DVt0eQ zb`Vih66DnVEkT}Sl-M-Dm%4Dz_-i}Jd2tIscu)j!ZgS=UCGa9awS!Rkf{mRC&RkMj zwx`#f?1EC-B)4OHCckqew4~EFy~!b_QvYGL+^zW2&f$lyKHhKraIe+FuPh&YW`6He zi~FD31n#kadek*W=0UbfaFJGIxk*xkZFZ|uQMYUPfLATuw_)f`Bi*lo?$PCF)7+%%G z?iGVKi+Y{XTdu@an?;srKFN^06LZKp@G}da4-MTu)VukquIrb&?qBPFOCeUb}wp{=>+qnB2UAx<<%Q(?=&! zc3DDqKhcZ@3HGLM7whkan7aJ4oqwM%zxPLF-?tLK|NR!2*whJOaLzHO*16NdZqn?>`Fix^vIj&GV|0v*i_g(vxInh0bc@OJ>H#=9i2? z3z`|CUSn)#g!QG}t$1NzY>F_tY;J63Ny60Pl9|ONQ%e$9n3+>wTHsq|=GN##vM{qo zn4=-d!UkIs7B=`60t*XETXRcW%wt(%D!?2IYfDQjOR}}Lu&~0`+Ulx}wH>zB)>mz; z>};&BTHDxK+g!1+wzaXcMqIJBy=rykiUrx)+g!D?M%dZgIy%^0yXJ7y^@iu&yAPvd z67ven8k#$3Lu2S#P~P;owdcUWk3awX(6JMTj-5Po?9}1or;eREi(K;T zg$rlSpF>E3W{^{qmQgr=LH2^A9KMi}z921kUS0u91sMemNoAuG@)mo}8-IRE`+$U| zgo2Kg^2PHC@{-EZ7XZ6z@)uMUWt8OQ6=W6UkR>b1%cv^IX(=e7G0jF**YT9R<(DV) zKiH@8+b<+P*em_b`HS-U=IZ8GPpVyh_lVlB_N#n-;qo~R2MJ}fgJ( zU+n#Q|DnT|Eo_P_YDJqbp25a+?b+fA*l?W59cbwZDSbF{8mV_!q85$)Z_li(YJA&PmEFqQX;7#TG^F~zNqGi!X}imnG|nEJ%cE&I|sPUQAWSBz^k z&lq(roAwG!d-%qk3r6j;hHYH^77n$TRj-~nm)ZSIL@hpH&*QSaf#qM{EB?YO;|rJg zJ=Y`l*+2c#`r)T$cfK(3+HdN8!t#!s!viC)aQjC|-qE>{1$D)(gKfiX+VtEQcWHWt zKgpi!r!l&_28xR+++DrUh;rG~-08aWUH|(Lk*&)*FUzbC#M|ChZcpy4r^NIz|XRZS*bSchJ|@F~C+&TVEGCF{lSoe-I9%{#;!hT|HeLJzXvG z=NSN+KxMyZ>*=GZ>Y|RJmL9@DOV?1_z}VojrMZox!wnC2@B0rP$Hu4R7nRqybkc?< zc4yL82<$G2wkiB2m?%Dn;s=;`4;6&K{m#|jJ^0O@U9f)hBjTU>(+?pXCS(tv3=lqB z-*~kO=S=}z;I=onUZ9Wiii6|V`wsl!lg|zwId<&inZw6V9yxIeXnRgdNFBNi&Ir{7>{C2VIRI+-64{L;=md`Rcp_vQ}kyi z|LvZ?ym)iHpa@FdGYD$|a-YbelG_2=|4@(JUc|M=LJ0DGwX3%`EG*c^$MbQ({fyLv z^75jl=6bwSwRX0n95Oo2qzz5>&?nmZ$7?zn`OUQC+U~H@R=@1}8!1&5(Z!lUdGe2Q zB?5DgJjmJWpZ(e0oDc8j{mw7%m%e#F_Rjg2+u8qgC+8pT<^RL|f*(9A`gu_KJK=SI zh-&&Qw)yke=Fg%VKaFYlIHvyhku@Jhk$5Ml`@rYBnlcpD#?+{&iH>)+Gyg##fq-KEKJGC%2vpmIHz;FkfjecVG#ON5_ z_1c?SYAUNLOUuKT=uHrAF`EU_SK zTYPC{Wn*KFOp|;`4n#I;X=8=Jf0ou{ga5O#vLAmgKXx)+CL!wIxCR6zVs+VrfOfO1!Yfv@H2F8%tY+Ew&am*5=kW=Gc;jt;H2P zTgU58H(gvjeSGgd4UR}k$wXCY@FlNWji{LtLqzV?H%?UIPmU= zzyE6gzT>A)9V2n_)VZ?~QWwriNuIrM?i|W&vU2iDs&Wb{QZk@qyJ1D9ETNN~u|0zBq00?g5Qo?p6KOA)Qa8Z1$_(_(sF^l#Yj#zN?hF&9QT8 z-yFZN_nSkXe)ZXbZ}wd>xs;xr$z5FBeDxZLhAGEcG;eG`wrU64rPZxPG_g{yTm*kb zB=1aU?%Cj+ zvq4!BPcknAWh;gjYQ|I=Ce&M`G&<+B-zn~UQb|u}nJnm^Z5&_eb}=8`vcsIR62@iCahhuR!1b8`&4t;T4Xhm;$%3pMZ#X$PJ32T!Vc~cK3*@%g>0o~yiyO}F zn0fWRb3gD&2%N(*v!L@{+tG=>-AVL{&n}=5ZH;sw2{*7HBo}4XLAiDOX^_JDclLSn$xFWeev$^-`o4m zz9XlO?LTtxo8yPk(kmf-9{79m?AZ$-6jaq^6;&{zAPdGoML}8~8z=$CPbO%Ny@MCb##{ znFB{oo<4uh!pb5yKL@R!o3CD=P&Ox8o59pL;m5ZZL>Lw)b|K(-NjVXeE`dMtY(u3N zLDDFa_>){1Sum9dQ%w$UPV9fM5I^(26I3w`d+@U)@TY*L7gtBAk#rO}F^sTCQeCvN zJ)0A5a2G`jf;H|uAM#^xLb`GDrk%aLySsKPjqkLpHhc0o>lNkMUW zX+>RiQ+rEiUvD>Uu#-l^bGx6ItuQ-ACR>N6nueGS!^}DcyBcGS!`uo8G!Jr%`Z)!? zto&Y9ULP~3XDYL6BCTsYrDHU)l@Z@M6xTc$)7T$b*BepW69vX>EN$d1Y>KS!!lZ zd{TNsQd(qWY(!X0a8Q_=tEY~(?uGN`)M?vh$1To1q9SCK*sw zM!ODqlR%N<-%Vq8lidFs@B07m!7l#A&k5J&Ny&&jsR;5e2{0Rm3O-|es)shz($Q1h z&{R-bo|=&z8JiFk5*`rn`2M{Ies}Krc>CP;^7gvz?d9Wh%hwm%+unD)y?t-{_}<3W z+ZSseA75|8ZC@WRgpc=a9OR4R5ZAC$R0z3*Uw@btNZxOLn2 zHWkoD!snAuzU}Abea8!*ar=%p!rKRd{a&|yZ+ZE8P~qw2d+Qdp-Hkh*w|o#@-hN(p z{Jnhc`rNtaedpe7-@8z{^Sk@-!NbRoABW(dV_I5vadAa`V+(3-Xl`e5=P;LytcTpO zRLd86)grJ1?A zHAwoetv_4edXA)*zp~QO(dKr`eb2$YK;C^v4(va2;K0#u(9(PA!Wm?>Kv;|pBe#{3 zQytDC3o6$g{cW`;(_7M9j_jt;IKuJ<1Lheia) zB}S*FC1&TO6%=F@7v+`}=arY_Rh1UiR+cr?RJAnJb+oi}w|Dk*_4M@(^wa2I@P>vb z86(ppBdpO8*7!JgVsZxJwxi7X5$5dh^elaHjy5sVKgQ`BsZ2?;wrF80sCMwRQBgv~)E#w89g!s;r_EmTbkCIV~zIDa^^wOV7#q|J!@Z zD7mg{T{J)5dw0C|?ilagd(OEhZ~`Yz9OpQE6DM(uG0PS+Se9jxMHVwdi(1qusnv{X zZb{7yYG&qQ+{H{?`+alms#Y74lNh7>?6F3(axEqyIqzOk?StkX zq}k-DGUU~wenRi?SW8!LZBr|nk>nMY zq~+wrr)IG-s{6uw1OcxwX1*ABPrwBUf&!4&;(~@0xulde0JJhe zU1~KuY+VE0C(oUJ=EY}!@c0jZ_{5KY_Um8%&p-SQrtXWcf=qbzg_mCi(eUc5*+?0l zHGko&bLYJB)|^?W8oA)@mu9d0*|YQh<;fTS`{U34@HcNf{ralc7p#4A-paS;E_!qB z!ddecy*Y2u>^V#4zO{TF)MoRSzO`rx+D*PbfBBn>SI=Gc&a4GcKD_nfoQ1D0dH02d z8-Ml2rpI6Y;AeA>|7`Y=A3nSB2T!f|A3uKa|N3t~{?~6m@#dTrG4UB9x!U9RqjfcB zLVhgqgK+8vg)&QsfGmlsGO-$X%$Q=POp1!)1rk- z=g(U>ckaAJix#2`+=lh*wrqKS=g#d1_U}1%WY#|PzGhiXn|R9_kK=p-ktRHgxJ`~h_KMh7tfs! zfnBqA|6aJ0o40I5Z<0Cl7S5it;H6h*J@xc+zxmzM&%N-vLz% zUAlPbI!FRO*m?ZOF(BWii=mf8FNeXbz<*IukNoz%3n!gR`pxJok+6QQUATDh=&@t4#MivH7XA0$oc-4GFFgOpKm6fOe|-8+e|Y*C zbll0Pz)1D90lxx zeuPaXMAC$+QZr&0)4_~@VG*z}zN{$MBNb9(lR_#~LBa_Y^>U34j{slH^{7;V zR_gr|;?AMb#*W^arjCmGmeQKWqN;{_<+b-pYwnd)-7l>!uBa)gtS!M~MQv$$Evn<; z2|cfGDJ`!qEw3rV^D_3xMp;=kp3^9+E-kI1fmh0^FiJ|R zitt!gRZNf7#pU>Cd2v};X-P$CX?a;$IX$8uc1dMvX+=p{1;jvje_=)C{mP1>>Z+nD zJTEUUuc)Z1uB)wu>CxKM+|}LN(?8rlB0}MaNd=NPOiH~4-T-lba0`&N5kOmk7MzCN zpiw3`t&Av~dD{!{@yW1DNG-e>&@lak{r2}zmHi1x6mQOXWA?n4-kAN``~|NsT=K?(rE?dp zTCjM{>+|0J0m+wFMFaPn>Q*SJsz2d$3OV=z!;WCsjTl)6=C94)JUA1u8 z>IKVI&s*`%+?A_muY70D@^@!1UGpZ|L(E+;cfq3B3m5(IrB}cEfb`_P?E45I1qSBj7g|eRplaBhT+6{V(L1!@N!D;x&)-@A$g}I%%=Lz#Rjkc5!@!?m5ZIWCHc7b5$66^}r z?#EzPgKQV-AC8WVcDY)Q-FIkQ3P~jjB;G41O-;_cc_S|5?8SY14sO}Bb$X3d#1XYnF*!$UdZ^;@@Z-L-euo_%|u zSUhp^*o6z{LNA}c7JfA{I^t%`ja#v3#U2-*n1KJ{;}hZl%&`e^F>x_bH^Q!5y?8bR zY}(NShYs!Ci!jAb#J1nxfSO0Z``6}xyPt)0@#kNB;ZM&#gYhi9pO;^H>17gc&wg{x zl7&kaEnJL@ap;KNLB+WBo8EbE)4LFazQ5zZz9Zo7&Yrszej_G1BkOJvtgPlP)E^T` zk){bW0OktTE?}1>#Q!6~?w4j)f0i!__;GC4Qo+cj)FATj;CwNg7j+CVA z`HW9>;W_(Y7aRB#J;4WQ;2`V?J3<#5>`6yQb2~oR)!fn5)ZX3LfzjF2(b?SI*@Ds5 z)hax;cGGARK83I7MVt@?QxWuNf(Em-y|J~UmFPAaJ$?PdqZ4By8S0{m6r4MoNS; zx;zLyNwj(m5;1HncL0TnO%_~qhfFvUxV zaK3?xohThQd)919M}aj8vSQ()h09kigWhB9y0z=quiL=>Tep7Q+V|e2BF1aqTf27c zJF8bOTe@_?{Q0xrdh1ObeHK)HsDXr(@YkMw{`sf=^rt@pXYnO3LPhw}%P+tD`fJEb zd~5#vg-dWkD^{*vwPx*m8{b-3{6bpP$>H`E>TESTA3PFzfsAVp)*A=hya3Z?*YYPu&xc8Dq(Z;XME&rX<6qA=8W%fLEHWY72{enou&vgWN3u z8C3mR6a$33!RGQz@u>e_aKC)#?t?GA`sS~G`-h+Y{8t#i`kznz@wpeDeP!13Z_IsZ z)`B-@FPXn^)trT^pLuifcYpJz|KmG9{J*~U*iWB*;k6~p7Or@E@$%J+VDm0rw`ke= z#mhG=UO@x>)fcRMcmDF#bC;}`y=eKI#VcpcU-gFWJEBNAIu1&k*S3#3QYUQCUbgLKm0@}MI>A=JVEqKZH90SgUPYY zPNE=?&kYj<)pn4mZN$pgs>~*&gX6b=p&k{<`$j~yO`XLRb-8zo5|Ywx#Keb1$6UM` zcJ_QIWH5-<9zJ?v|A8aBcJJS|ea8k=$lS1T{f3S2y|-=^8s9Bju@E&b=7UE)-NdH(lA06h21bI(8b0_wD}|A3w-yMbhrXaDr{vrpskPtQGrw3w%# z1xY{y9haYf5p2P0ue=Hk!mPL6oHK9!qD70ALP1Ym_TB+{zZV?qA>{;by8*kxmhGFj zL;SPv;DKZN_8i)?bKj|Br>|VPcJ*@DWmE%*x|NcCC+}_{Ft-7A4Vk(!nOdjPnS^*6 zV3%fzvNQv(!^0==PJ$ecFx7uaXZA%X%pN7!W#CISL9p_u;{)5+1Czp(Qh;4fkDCXq zA^^ys01~NmawR8MXi%w6EK!J{z6MB1m13C^yCRx@pk^*gl~d(hsTu?NUlIM2{whW- zbA_7TMn%nO;K`%{|HMbw>!^1wQ%%a1lX8VfE*H!27#OH@hrtd--!g&X=n5KmGNDjT zDCL2nP~e}an?4~|BaNI+2Is&AYS&HD8RE3n60t@sR!gKBF4cL`&Mh?kx7F;if%HU9O zHkH<@(wdbT11^?EZ$aESHZcX|`+oD(AOHQapFH;XPXWHae(LGpJ@dlT$fkH1hSt1U z^OipU)}nv^&C~z;x4!qkee>Ub@Y~=0dEUGQE08<#_M#>4EL^f~(UJ`edDmeqTE1rC zGSChy<}6(L#@t0OzCP#Ie|+gXKl=6m^Kbw0PmllhTR;2bx1W6KC%=1c_VRZwL`2oL zwu~#J5>74Fph}@usWzxNoRw8&zz=aKjShvu0=5CN86;b)^cJnrff|hXIdbp}f{cu| zH<~ES9`QL;s)7kf7z8uv0+nrpO%R-RJo%dj5yyBZ^5W=;U1NfF%?;#LQ?3xHbkW%a zr9U(%AZIe8@W0M%*4eCD8-%@B02aXRq#O-$w4DRv58Aq`>YDBsS7c=6Cn7~YJ~{G6 zEMmVGFNd8zck#p-C}cv8ojQB?`04$JkM7+MDq+uV@BzE_KtH*8%XVZ+zDwTy`nTU* zi_-INBZqVK+Lf!;EL)BO$pp;{7A%}Uf8GL=j$5>F!IH)E7cZK(XdwokFIu(~)sq*m zSh;A$$|Wn_UbbotQb5Y#lP`EM!;!w_(SY56ZiXxfAt8z+;wp;; z%Z@`8C`Q~6UNGwbh=YGs=8of=cvvHh7%b8Gc9_8Qw#|ZV{Il?CJeDTPhn^YWp zG&4*vKsHQfya!St8u%xbD#ypcnF{~Jn*r+>78*Je4uZ;!D850Tq61P>2^1hzvv40P zxoei`EEo#T#J&{o)TvqFUHns~gA^aJL6cf*)@aRYtpU|S=_^o{7iX(As-efkz>D-< zCUj)sIHMM%irysG8=+!GDjESF1~4(uq9Pz&n9hBeCJLsr&V~Ac7z{VrAnH6Ij>d~r zZ;)DrJ~Yq*MjW(azybq#+-ML0Fwz(StZWb>5M=?F#!rxHbaI_Zsx?k3^}}LrU`*LN zC~5B;X=v=Meb7?h(t^SinYnovFJD38$?LDb^{Zd~?uU>4_}?G<@e}{?1-1+a!o&Wai z`7374Ui>P|%V%DB;mw6B z-rI8Q+!Yk!D66ZlZE3D)YOQPSZ0kXB!V$O;kRMIRwIa0h(%Gf>37j6~k`blU=uA32 z*ai=0pjuxf9ygiPMk0Bsl`4KOa1b^WO$c<2tY8IeJrxM%2wT^~%#;sBbw2+3w3`yp zMGzxI1_#;TWbHByFLO|sdXGxVp)@{d9IXjkuSKCXfNGGabiT76fN9dy9 zUTI!l@tw?jDJj`;@oCX9@!&?UN8P#-aWnLK^u;UJ&tE(ja{kQOv!|h?gj(|OkrM|G zo!EQu*zN;|cJAA|eedoayZ7wcwQuK+J=?bL-m+!q`|l&89jQa>Hf}`fI}&;}zqe`g zdmHii{`yTw4%)hD^R|s!x3Ay&!TN1GHf`Uz<%8XjrSIIiZ`aPfIL@A32lwtew0HNx z{re6b+<*A+;Uh;+U<)`Ma{fZd#jEEphhMrD8468NRLo8A#|g=)DQOw02-W466jfAK zHPk$42Di{NfTEKU>@*1T;Kl^(lI0=TWCHo~P){;51S&YqU%_}Zbh|b~4o<^>)LVRtfF6YwF$4*x-e5&RRs&@*(eYsc0gN;T zHwF-j4vt&~gIP~S!cbbpLc1}YfE~6ciuUWFw8dA`pXjeR0a&RR>^xZvM~~xM^sw$t zp@BiQzzxcz8&p-3x^M88&rRQFp z_1p`yo_+rHKR)})Q-6H^*S~xEm%sV_&wus1pZ?-Ek3I3TfBWH&zxDmczWbvmegp>N z_s=~4>YGbey}M)Ykuw*soxd6pawYt7J>J%b#-?Sg8WgANOhAc z4o&$aYLrFRq1-5^wQ95ut&YktVar!CRj**i66Xu5*Fw7vAup?IEc}V>RY3vY-+Pk> zaDl{X)2uFg&ba$vG%u)>BKt!K^kE?24AT#u86XMzS(Hg?YVE3PXsxMfuBd1%E~>qE zw>&$)Fg>RrIWrgap>Cs4RD4p*?VC4lMnpzlzjp0v=;dpdLZLLc7INXr>GKy)gq%Hk z<`m@YOqPBc(zGK-P9Z)0@S%f;5A8p2@W9@Khjtw}ymSBIUHgwE_8!{3 z|Im&@hj$)5y64F81BXu@J`6!Rr0&qmpE-T%V#w*xkTaJ;LN1-Z5PI?Q)hprGpxcbN z5q%>j;Z|H~TvA42T24w~DxS1A;OkLDG6$+jbG^5uD00JwLdD&Qk zM8g3Y$(5!TseBY+9H0;xmV!@><%>7t4Q>oPA=d+B5P6QmB4)XmBozXl;v-J-&B2En z=m`UB=5&+04TUUeJSi*8NP{_>uzKLduH!dGl4R3Pb9D(AP9F!X|>~4C+m{R15x^~5ZGZFdwjc4V*%etHYo=4h?!j+ zc!F()-KgXv3xj#e>_z+*oD6mm`i%zqjjVc}kX6B)X#8*k)Km_Q0iLg0ZE(psn_O#F zpj9XWn_}q*>J$%;HTMlxw{{j*J;*JrPRYD?BPJ#EYSi&lA=~%tS@Zse1G-yb~o zU%&T*|N7nU{p*h&`{9#M{P;h9@}r;p$77HG;zvLE#bb~E{D(jO*<+7C`PfgM{LvG5 z{Er{}_=)fS=qKO*$$$L#=fC{LQ-46ka;T8roV#ctDq0{Ej;@yb5AQ#A<^){Vh+DT4 z(=)SiOP5!oTx@e|TW4=)-&oJE7{%3mJsEMqC6jTeF7a;`ntzqi~9z6=_g79Ti zq_Q|vR%&btYnM$RbHZo=unn7S$)DDZ4HymVXu=T6)d&757iPhDMmMa_fas@nS%)%nGhd4*-UcMEfKbF(36%t%X3 zO+$Cygv3N z#j9s7uyOus$hj*Q&W2tH2@Sb$>Gb8$Ggq&iyApOWG$J%K;>xwCYdB8SjYycW(Q&tK zCEU85a4SABHaR&7U!9eao|6qt7%Ghv+%JXtsIaoOv<9Um8XAz>jE%8#ps#lny;KHA zC&A|ea|KFQpcjN)C*UH}Y<%iz|9ohN=@WQJGJI*lyU+4PK^YT^s+mz~2^H`Hu*)Rn zls!pRy-|LjU^f_KW2-P2ng~QW7{IY?PJDzVR#Ac$^@c(!J-KfIO-~@oA8_K>J4q&K zpe%bfjL7?>mLUx62*`k^8mmQPHEXSAR;+~eYhbc=1Zo0#`pl!pRzchdV4BGcNc0*o z*l{xW6eSwq3?boC6QcrzC7nEphXf1MXg3k;qK&a#ZnrB@evm}_l>SfqfshBmtlhr_ zcG>MpU&jWkqKgv?zR2Jnn-Hv8R?>l0@7|Lb@Do=mHL*o*r z57CMhTI?c9wU#=7aAvK}j&@<#n?ZA7i^66s>`V-Hi9lrBcOa_yX>sZ-cR z@@hyJkt%`iWOwfs=NA;AaYJTKK{|?~X67cRWhbU&CnjgdCuhVZrQA+PxE&u88+#)r z1}Qx8H*Y1~xRs2Z6|$~dw~}IS#K+!39fi1<_&B^XE+I7`J|iLFPC_zl*bH<*Ov}uK z2t6w|FFQX!``-QBqT+jHd-u~`^Vbp3E9+iwu zC`1w!l7k={RSp3@>O12|s}_F=3g>WQ8Q&2nXL7=$L{yH9Tbs7Bg=S_{h@jS?4|+me3g( zN6H>hpA6Q)PPjogtF30W)u6VSprd56E&P?$hyg~^2w0&e zJ=4Wmrc1O4wpgIq53}*{qaIr8m=N}Hd=|%qiH8JPBWFe=2W$!G6uTb5Oam-*FrHQg z;!&VJ!A)y8xrURdIkY$$mP-4^N4kgl+PXR$8{6t?TPi9W?-f;N=9MI6XU`u!ei90&J-hcqGqifcrsZqbFMj7;bhw{qQl?$Qa zSHo^Z-U1XPBHus1u%xKGsuQrNg3cts#H)bXpKRxHo5-wMMcCG81-+vH!^7wof!hVKi>pa3C$K*;=YaNja;m;?_Hbr87M=?LB*3u%zAyt3 zmXM>%lu9|NkRy)^mFkAaB|{Lyj0~d#H~P7Qh3M=aYHuHCYwc}q>TZ0{-T?l+p}DrM z5$z$$tLmV0FDkFTUtE3ne$Cx`)p_?zbMM{Hxto_=kb?|~?3^4>uGyLQva$;AWEb7Z zxtEoFFE_IwFFP+cCoeBAH!m;0Apicoypp^5rTO6NDuw6sI(rU-stxrL?ax%bnu?%`(6$}P^!x|@-mcPB45BM+HTd0Bb+ z7`gccc?I|K?-k}17w4Cj+$}4^2aAvqQ&V4DTVGn&P*(S#x}gbptQQaysEycqOQ84rn<7as=BJGrW)33ZA}x% z<(h_;nwFN@)}{yTtu3AHZ9QFWef=E+!(Bt8V5NFTCI&`DBcr0Raq+~YL?o6;WJ;3c zqcf~pFU2m1_%;IIdMHeY%oVtWX=`_SNq^DP{+}Ly=2Z|bgz(BEV(kX1jS%c|Mg*o% zRSym|V3(p;0bY_~xJ(3rl@>Dwy$)1m(J&kk z9S`A>Ye{c_Kpak(;E4t62&8aZ;vg!xsH6%2f;)72H)7=)qeo%(C`l@ZH>1V^n!BT= zy9IztgF*;(qYEkLasBVd;xn?-)8I2;TRy-^FB3wxDNI>1U>pvh*p+Nm=QN>i$} z@PCmHMu9=nVl(kI!8G~u=%#D}j{%q?ADM)JI;BdlhQ>=}P^xrjS&N}k>(IDXK_M@S zdSS@52B@}W8u-*4K84RJkjjWbnnEa2XeZDb5ehS^jO3Qmj{;Sqw{vdC*kS=RBSgDyY|KJTm2vSV6@qMLc72IZ-LmQN&dq0 zNi*ronGA!l4F_QtKb#yXTq!-;RO@scr`77TYEBEk1T!Yl7{qGRq=JS>u0u^FkyM6) zcH@)Ev4Ckj2@!h#kf^U;+S@1T=^yLvAMEHGZ0j3rrKF_6j_#qZu7QrOezYHM?e4{6 zXJ>C$XHO^9ne6Dm)84+$-oehEp-vdrBg5UJ!_c!sqK@)`*#AZ)@-e9jJ-Nr_=)=uP zh$NV@}@k*-HjSZV+P3Zny^&CGhWMXNRG@SN;ZrfDU}6Jlb5WklSRx9f;k1?qJu_-Wg!Z z0a;us6Yv**BHabEi(#A7R6{F*{eTIpGzPS;r5XjOFi8z;7+*mpx0$@xgNPzY&6t0{ zik2}su%HRSBnZhb)F{DWBuNI9>_R&nv%_I=I8hbBY@;qg=s0J!yKFX>!|FksOjO&k zqQaTYWwFs4(8m{LaMAI>WcQeD9wS;Uu%Hw2Wl)7#59NL6|aYyc9CQL08+ADe=6D0GlfTY zDx02YTuKmd<6ecENtJEMAfmz4l$1+~UWa(I+G2oLE=V{DG!cPefjIhVK`+6S17sPI z>J#S!oB{-R)gT!_?-KcI)DoSFH`6&#Aj@PjpdUD%U~3^ujealAmMmYAng#Hb#n1)z zV48gRxV4L~CQF}fY_RW`B8rSPSo&@yB>Hrc09+<_gVPO@kgQ-#HSh>1!(mq-{Tx0b zc-C~8$P%Y2;6#O!(3QXo6Me{~R3j9P8N2A;UawrHRuvr@Mie9bd z&<7cYGql*`E9lHR&dNbfpu?jD9gNxFIx@L_4;8!4>=7M2MrUApbr&V)KR4z1p$ zhJcrJ%0Oh;xdx5NKr95CeEcZvOjwO@kA(Q-7i8^D)3`IeY~i8@~r2y-!eL_R?3tGCJZctj>QQg2X3L#xtjp;?w{Ef}D=;aqXYC zFmM-tBxWVJcL8G}NIT3VyZ=*K;0t}jv?cxs!Y(jZ4+|8l8LJ$HWeprmGx*v@l%qz9 z6s#~}+|+uzMn`5KgIyEsQ{+t&?BbTDq*WSZ8XKq~0`yo$sxuI2j>$$LpI#$t5D?K)v=BNGYnHztsP8x9`Bry)27xI;)_(Ba51X_*xR2buA(_`L$` z3a0Mg4!b~Jyr0pv1iR!|kabU)QB=-`27MP2WF2JVW0FmF1&S@0j7l@I25?Iw_t&M? zSyj+ZB8vnPS3Q0RAsU3PXf{f~3aS@C#s-ib>NFVFz)cnId}1rGEx{ml>1`g)1~{YJ zOs6;L@Q7<+VM&Q}KsJc{!F5MBd!5S6;WQMeyo`Bc>2^$CMS?=?#{%pEF#+xb-+BYv zEdcA3)Tc&uU_CZ+>Y1x3c8s07=3KYuH(43t*S!;Nax((@4Fm(xYe&a!+yX zK=b4|x}6EX3%7$3?3odl zgE%7{3>s{3a1+gFhK<{ba-*?Jakv~h6T0%^3gT+2^o+yN0VpYCr{##d(CAQ_N(ad> zLS9O>NvXkNVB!|a+6UFcGJ|xqpCRRk_G2AQrcUS9>s@-Cg9_xcpe4BrVEF_Njm#su z%i!d(8;v;hKHk>i(O^5BhaBWd#!HXWaX*NB_jSNvmC1jhAJU4>PEV(KHli|85~|4-e&RPN;73U z@X-JkRcF%Eoe5*j>LT#~oHC;Sn1U56)nZUtbTF4FT0-j>z>U=a+Y?3km{x(Y9AF-l z$lbDetW&(n=7EV}HMt%5Iv1~^Y%XF9S)K(p1HIY^B7z8I=D7!HK@b|mBeU0u&_D-) zDW%D$Kz|J|A!Y;ab`<)uxTXwtkP>uEtW*}p3D~xbRSXcj!GOcZNe1}8z*BOKIh+hE zN<1N-0K5l&0$3EB4~#g_(3cE*c^ePQLwZThSYB&dr+w4To zM_vs$gB6LZLjXrRfzUdLOhN{}^n}QFGxe&0`Ai-?b{dz;=EM$4mByh4lX_=`f6Y!DfTZ2-;vsy@1)E^lP{m;DTv&Vc`L} z=yHI>$N6Bl7VLcr1At^8_Y430qDY46IMOG^ls+6~qUFlzT^ejNxP!2-qcS?Kg~#XM zc{k7dc;3tNHXqOEV61xl7EG^IiR)|i&~1fSE+jp~L1BAFIE%Ub)N_EMTO7D}#8&~? z2HIa)_9ke0RN=tIa>7GGpcSqXSx7ppG!pq>_Y`~26!7fO?NWi!Ih><%zAs_bxzGQ!W`V6PHghzzir5k{l0f7%? zQ4XRGm}h4qtA~hDEOD}SwKlhubM%aWo5wu{s6y_LLuqv?%(#<1YRi;JYwsLZ4vO_- zGE4u6N~*+NigZu1hA4P#gf#@)%BeKCr7Ei$#QGP7F&C!JClp+*AZ44=<{ z2ofwQ#th;`9E1>%I6*SH$@Hc>+~`Fzn9^)hSg?^;01)FU6MCZH`0&LbexOuc*t|jN zR;bS)*uQ@jb_o|4jT7J{$wOy130ZT1V6sX;qeH_0h5>6>tSc+-9_k=ML0DErv~=5-mTEN z#ues)32t0vRare$BiMjQ8iqyASw=(}MD0~t#AbaO4%VDUX>!SoHW{r1T5mANsG2Ql zF!YcpVB41Cvn1glEXJ9z_$qJ#`y#Fmb|xluz~;?}a?c6;n^9?XjBDI$Mj+? zk!wpjlixETW+ zt6O3A_leDQEt4aYMuW+x)q;hDSQrVu03*uEg;|QYDyfA~%^FcM@B?~-49QI3BMGOR z3Z2K~_t%eVcASeVs_pUl{T+Rxu*B@dk{XfCqp&;a9)>l64hB|K(8kU|{x5VFboUCu z4nzzgD<;)2AP=R&VJCvrhPJ`3u-c?Hm%`;QX&sM9DJ*}`E73qs3r3i%ewcgAv}7bH z!|uNdyPpu}A<&^fAI{1~mM{5(77CYP_kwGQYTF*3bNC}Os&-wAj87H(RISP7N z!6p+Wssbs2PQ7}U+2l1LJBBzMk_l6$GG2#|46C1WqRa&fBY@>#yDvm+a9P|MomZvx zs`TDTjlH^U{6DRlkG2jHq4jq$nd4;txaXF(CC|Bv1sc}9&&gumi$+Xz^ z$e`0`jfnE845mr7Mvb%-yG>-&fvwVzE}KvuY%&J1LoD@?DVO0e8NrG$*d=-wd&!pr zyVJM&w2MhFB*gJ(#ZuHk&cR=C8eLNggGr({N$gXND%aWk=GXUy|6#+q->f?R+@{d2 zQKbdL#$g*j2@BNi?+|HoTZek#UU>cRa!?z@sB>BLK2D7t4!_PU*Ksg!5n9DUHtVb= zaPF+O2`O+;d>zqIWc?UuR$({51eT*x2`b{FJstQ8^z1-&P^3N?EvSw}cY+Pq+5*(3 z7y#}v8*C}7RINjW6Pv~AFu|cfBoIyQ;P!bG@SI6D`yvN5+@${&-@)K$g$MYq<^7&gXB;-7B`}tvsKEJN( zUdPCU({JT@3qPf`yUbp{(LIGwyUBstgIJ)*1VcpLV|7e9Ty!X#V~PcxC0{ZC`iUkUFvv5Q6Q!wViNk9AvH4Dm_CHD z(t#&Jyph@_G471ma1#GxW7Csy0jE!aoyF$VI`|Wj1y3(Mu|4!|{fGrqH=&=BSbQU# zHK(fWKuAnhX(#95rDmVZ;#T3;Id~i9mgiM=?K$ly*Cad3I_NzIsLJRe@)964r(T=Ke*msTADT9?ayLmg$Tm8Jo?v`m$(#&Xg z`1D48e2A|%`YiwRAXMfN>T2$UXp|BVoyaHs1 z-LJ9wagt7+K5GOD8(awK$Pj44Y&g9pp2twSoN|jr$#xDwd`)YQsQ@W*K)KYg<`C=! z%FtW^=-D)WQ6aUD^LW#78y2S(E^7dP+1Xm<2BTD`*LghMTHD_E`)@}SA1Ue&DeJmc z(|Ihfbxl~=`iSC$x_+5s3Y^2Of`%2xuh*#zSj?j;@-2 zRO(99x3nOt0pHZ2a{Bas+$Ovc&70AqQ)|>}IBdLTt6PH&o_H-XK^Ub*4CLoVX@2pC zdNe|6)A{V=oHAV$IZ({xBx1n~R+ktC_L&Dm$;tc&0fhoW8QvT! z(NOS;tX%{;n87=3($3^|gZdlt_%O(}Wi}cJWtfBkEi-&NCdC6kOMWGkUI>^F0qyi3 zi@NuVxknf8Pl+iU=~Y-|HePJ;4QcFob=`YI;*twHRW85W%}ZT;x584~G*nR6Q#YU( z)_KRxyxirl=u&Sxdi%(w^s4sB3C=O3wDrqvKt`3-C*i;k*u)yIRO^-LAz}6nD=qzE ztr$WRH!n9%wGC)1TP91JN1H}8_+FjUNBge9Emrya#$3(an!0vT^MES1dSKhhn=$#d znyD$7lkZo$IwlRh68(hMJ|MNU4(Z0U9+A;Mq~=F;e3!&o)2FKJo-FT}=$J5S9K6)v zR$8X8Lv)WDOB+W@o5vpvYI`KM5v4<_W#M%SaCThEc1(&%jrW>GL|pXfvGKKHerXDV+SI(IK{Z#h6u%yQEK&`Jne+_e6)* zgF7k&1CmzloPQco^48y`I=P)PXa3NGu<)cF8&Whc$9P zeqxUXw=1Bnph#tsTPEUR>lmA-!s0@v7R(A(;|AJ8v&K%A*WQr$ZO3A}C0?o7FM{;X z&Z|6pXmZ8sePQ_zCi;|~vNpw?vcX=JqfKVJdA~oYMtmWye(TxP)3LP&BWhP1$a?o^ zPIO*x%b2BgRGU@NR?<8KPyno(-2Nds7nN3A)I4nDd9iuwUftxWh~kY$W8XV?YxlX# zo7o+0606zoFYK4hT6gkBdNr)wF^M6gsJ*mHGHUVN%xOLuRT7cielfi{B(3pmQtj2$ z+6RLg&dZN-zJdnP`PyF;scP%%)cD!BX>ecayrP9@VZm-=F5p(B3MXNk9zay`@ z7gnEJ3b(@;T2$FdPPrWb*I?opD<4qw@zG7syK8hed~$1qfv#09V)qf z3eih!Q6=??gq-1!@ah90nc+!QvH8v0Lt^8~nzTGW;h0J-9|=!yDrp<<6zfacCsWFL zap`-sd_jjXrA`@JI(i|s{)0<*)}4qC&3MqM^5W-+u?3Dg<1;(<9Z%nREaQ57TYTO~ zexr8OfuO47Rs4s{sddYpTUxvHe>$|d|_Y8u!%NN#G}9n zU?)aAS?2I1Hx9jdGHGZ2gEp^k*fTW>^8!=tt1O4u5sOa$RWFQ#)=hzgeFr zGRt^>r^XvsBieDhYWexBg(1oNGVAh1<`KWY&+I7b*CalWoXu(5cqMz?g_PtbQIl~h zx!Z6ww{vY|@zRUgOU|X8%&4mz<3{biF)!bsb;mbL58!^hnDp+oJ7-J!uGUXRJ{Yf2 zyN29TRT4|+-PU#2GMAoD-E_M=qDj_j_9^{SW1Myz*&RkI001o}6Pptb2!Qa9HvXb+ z_p_{nFYU8|VvK_DnGZB_EzV2k!yT_C6G)bjXe4C65xt;&P$+(NL zH8F*ghi>=0zBO^dj$7$v0}~piIzR{!KtODOu>a41-2hP&fZZUa5P)4F?MHxJp~y=B zc1f~BDh?8Iuqq9RH=^{g-R(De_zx~*EM!!F;s_VUj;k(YJ0379Bf8(Tc-?gmMare6Q{?xj@4?=G5zmyuC)f}DI^Fe6d zs)IMutNPV$zHvae|6JCZ-3e!JHl2^DOD`GBt)F~9Br&PJ9o8IBbVK{`={@R z&$?QZqw=;}tS3{-m!C@65?gbkcywQW_gm*u7F|rbC+3EE|E>Co1*el1oXgso+H@$b z?*4=$zC-!u$&|%ci}&1{*mqyFEu(AExwPFe`Hec;0MB2k9DVC(%%&SfS8B%hWwp$? zknyKOw>PKNmK)r8#6qAsj)jKa4SkZAR_?u;TR!RaN97G13@=Zt93O}H zhUb&(6>E;=oQ&=1w(vzmve(z2jLokH5mwba^1;!_D{*(l7QS)RoZB!~*dxy$aBdB& zes$yJ({aT^GHuhOe$TbC!?$V+y41rC9tVu87Hz#+5|ZB8rSp{Z%9ic8d@MY-aa7-> z(6Aqw)R3wVW*gLA;N%kRY<#p_A^55U?HSN{x3zwW+e77krTNKtf~v?q8Q0Q znaXgDi7{tNEXq2upzs1!2PUNl#V%0%(B=Yj>fd}eb=9e)E<2x8JGSFY#;vRdC^tk_ zZ(>pR?(^w6^+O|8UqX#^%hjSY>5UzFx}|HxwsV+I=CfxF%8{hi|}9wOfF6QmLl-D71=hY1_ z*>oX1sd`Z698&VxHR2^(BNuPFRNOG3Hce?P9>@fhEM=TZJX6{Tri=UoMlzU{5IF>w zE=%_N^cLB4K<4kjZh>Tgfgan(CtlCsQbX@)@?YFX*$v<(|H9(^vl+A6K{igTKNwF{IZcotBO?`B?Ny zQfmf#S%UMm+9gJ}#Khms>R!GrEWdsXn#4h!?d0vkgONpr?MmEu;|6ca{kHw*Qfmja zRl|nuq4{T18>`24D&CJh|6YgmRBYpwJKYVFR*9Q0?Ua0QI`(=>iO!2?xYy?MKj@df zwdu^|yVVk&FCBK>>#I?dH=duR3 zUoX$;FlRPu-r0YRx0em=4kxOtB=K(w2j#O zH;cMXCDr8iY8o|Dn=T|C48Nm6WX!|kVs#pvA!*fTACw z7@T)%C%1+at~*h-F{Enwp_Ihxam5rbweo{VJacl!F(@S|kZ3gt(9qSY621 zM6$frIyG$O)7vMvM`zF4f9 z$~nj4;%oacx0B8(Ky$%}e8=s(A$g5iecZK*q1mV7F4VP80G^*HazuBXBJFNJ6ZucLQ*!_sAdb(uKqX)YT z7YH(_a~c*mDylI1jx1tSx5LV&+%TKO;I#PpoT~n1TQ1+s?S%7QGh$l4=lZ^|0+>jX z7LcUo*qr)3XOdedbrl23caNt=+#l>SOo23zI(>IrCNCs4hG+LQPS_@`d|~VOj(g#Jn{gnzs&d3UW_BZnUeGf3!rSMce(ozp!A(<<~Y{c;=n+OAaK**XR?gw3|<76t=@1GrI0~m$GZ6jt=+!@yQI2<_<_=70lVZ_0Crh3F#~iFPHODPU{{N>hX~W7IuG=f zfL$lQD>QA{@f%&%DL_(D)9}&I^jlf2^}~*|O3}LqVsaXK2Ta~gm+rp2@y46mqGxZp z`o_i!v){k^^4hQ`-Z*kOzrD@q-g!OmVnXe>&Zljlnz=polU%O=Ru=(>fV5T`F@$}MrOyh(^*+{+^u^$$}Iy1r4RRSC7P z4zLTAH`XD`VFTQ;YmGsN?-6PoW%u`Aa->tS?x!<-ssdVAFnBQ$X z{rs`;pKiMF+PTEL7WcUaBg?K8CUk1L^**WHGh+7DsHYC(b}f%Ajq0&&Olkb#s$)-Y z4}Io?(BJR6^80-^9((u9pSGVrpItV9D6wm53>A^6i6`WJ!MwrG;70tdllk|5#mAFb zgjXI7CBwscVV*KPVm!ij!xHBxH{VGTdS<&(HjxoUJxmgv-8AK|?U5V`y>lV4sdUJm zRnblX+G^s(XXo{jgApaCZWf)7zjyq0 z$=>L?192U78h`PG;*||2BJ*l-(^hoI_nuF=oKz%p`|(fMR(mdFZatNf-yi}nDZ=gQ z^k!D}&DwZvYiQxMoQ5;E@14d06UwgVG{u#Vmkl{%N+cUjBo=oP?7~{t`h9n*2ezL~ z%`WQ!?5YLWMS2Kj1R-e^>B7|6h2^u-7DYu2C{30oP{_7oPoPMrM{*Y^-pvY|>2U0$+-G6v85-X@1KY+xsX_YJ-fR>X0DT)cZFr2xeZQREj9T% zq_*&!o~`F|j@+nCs8HN4RqVc2ay@S-EN^h`mW$zcn+M%|Zl`nmrF)Tg>Yy$VLlI%} z^cdZshE7Bk$LICb_F9hJyniSzzsKeubNPEUo~+uj1>2+EJC$=fwfpU3+2CzqjLXbZ z{UR0a&uZQmTbA4; zPU%ptxsnlD(LOfiAGP`hH1?F5-u0pB8zPH7NT}MKSa7YhVSY%$OGj=NSzMu6$u|8pR4V&CG9KSnvVD9DOux`f(Ssj1gAF)5N>_~FSwi|_eQ!0*RHHDY;ln#i; zuvQ%&xxp^usCEP`TC%qSNfV!LX1>5refYvnU;RhX+6|UdVsnk?fI;ifb4Xrd#TLvK zDKJ-SMxv+MJ~gPYWtR2tyP{u+q>N#!#}EEDr?Pj|f%wE45i|e*cMO$_?^C)Sj5+!Zd`j*3(p{m6 zr7c>YUx|qS6d#?_vT}PwMsb%!3mF427eEOs6`n7v;fq_HfRc*dGH#cux;(U=*aX5} zpmd<1rN$ciVke`7P6e9ukct+WAV>iKD`>#cP{|*;NoG)NcK_DXx0WBg)@SuY4F>hd zu*$#jc;cF4X&2MGwuYqVG>*2&J*N_yPbYWPjyd45;y)Nl6DGc4#5`zn*NTlhuce=j z&21S`NX)zv!O7auC3_=R9*DVhf2eH09aSJYal38n`GS>uBh%`7<-EUU+`siq_NlM} zDTlfZJXBE4Qp>@pfLT&6!s&Db;puxO8b;>L`FGJr-Dbsa_jkfdF|%dvhnwh zMi;jYKtrnV@;zpL&y9+=4<{D2$mB*|ZSrBZp~_O53`(<3X@)~!)p4*W-PpQ-abU?= zIf#e25J(6VlE?n8K^(D=a`v~50M@fQ64(PIT7w9M+fkm)$9GD&==|Cvu|+X;lL$gc zrua#h7mQgy&u>X8ULBH9KdiR+{by6Fe!Jmxrcyh`^Pvrj*AGNp%WqJ5{b1h2JRjFB zS{0goB&GKLpf<^PGIC@0`9~AHL9!66^{b8Ov1_Do;}gh|+dByMd!8cmpCB za^lpSTB{HFQBc%&O%pzy-JGuZi>R{5oyHCN*5TgOd6!18X%>b=+ZhUSi02zKlHB)iYX{(0HKoTj1L zN&OoeubofsfjU*?UBqS9U9Rg``9w(q!V# zC)VsZe?PxL2?E*x4Y`Ha*}PDvw~VNFUCiGedOy8ZB(jk{|8D)@!AnV3lPh|)-pXO+ z+9THwT~BQqRl{I!mH2m@&!4;QYz8c64#70Uc3g65Gj3O)B#mIn3Pqr)b_uIS$Shy> zgjgB|yDSSc@QP5N1hJQoz%IqpSmqVIQ-Q2_&y>OA-+LkE?SohQ41WETAH^ajIGFJI zLy;A8HeXw@H@vW8SmgF6R!P<#PdRa;U{voxc0-@s9(|{F%kh}(hLKjKWB0Yxi}Cp# zlNzzbuLH-@HL>zQ#2f2EBJ&=MSo!k)sokMv3%7+Ij=WbhtTgccK?A?zTUSkKbi6V zvDjfHgxK!Ll#+cHlWIq~2MX7@JB_DPtBSg%O1B?pf^cPc&fvz=Sv8a9y!MIZyF$Y< zN=A)#sfRDYUcG2i2Qf7gZ9y*>)h5DRC9VDxcnbF>#m!m}ZSD<{Y}d{(MsTuyVrBcR2VR@l`Kuy%1M7HfZ%H zRQA7nGCHcH5mOD9qTs>Ep0M1_5&8KdJxu9N8-KI1{l!gZU)vp4&Y5eRz7Os+Exr(+ z)I5s!H){C}w`za6J#lSPYlVY9Q&jioEoZOhH4IxESTntP{)6+W+s{Nd4@)U!86jV) zy*oXttk~`&H9#^531I)&gCQ(SbHo#*A5NPK1~# zc?<}v^PUdRerDdbl{+p~_9$dd2tU1G5(j16_2m4uhc8zStBSkiYxYIm%xWEwq2ke$ z)-=^W;fP3STDs}dj#DvJ-6Mk<+xgg%RXd}1grw{WiMy6seIzXRx3f1#<<|_Fokydq zHl51;;9SC%Q!%?PB&|Dkd&$m-4W}|5h%B{(vX_=@3r{Wv`&rg9xoKb6g_}jy1Lg(W zBY!>j;Cm-hw}qtazL2u@MD+IKp&6yMT{3Gyi~LYz`P&B*)*g-7cp~z>L)Q+3CgwK` zjhm+W)aK;k#zU8rx1EgHc`jww<$H6thRp{(T--9QFrj^<25HTDWRa00Ni~4<78&aG zp(GfiZb_xU9s`5v7Fdz>8Lv<=Gb%{~ngRvA6jXnfYL-*ka%wg~hea_~R1t!1_k-gX zmu@~d%(;y|UZS+#aA_?+HoQA<+l%BO1_W#eAL8mKA!sGvVBRV zJwtjo#3v)hsqEU}QxW;QPu$#jB4Ycg=*_3&4u|KKcd0}MzO+fY^K9(NTe(9fKj-I% zl-A_J=5+_JMCF$2_$kDQuBF$lI}m;?v9PLrJTkT9{UhO31L{VJ{ZxGE@tXyOZR1K0 zV3+Tbd#|Q8zOz5Fv_~>xvWI6i>^PtF-jS#cr&G3Gu9&+s;hkei_gZAbYPXm}(gaK` zlpru5fJQZ8Q5-`LQx}ye!1llp#`I!YlD34#^i+R2PXb@cdSoD{7G0^RGmA%}cS%u= zL18_A-Z@Qg%IJ;tRTJhVLlUJO%9ad0}d4PkGP}cMO`=KxI42vpiZcy8z zDmpfVWh_2>YuUM&6=xDwpH4lQL=xX&qbKHW!`h>vH}2PhLxaG)TWY>l*!K3RTgyYD z-@SC>ol6Pp!!n;;f992~S8@l8!1p@?iubN2%s&#o>RimS3)%B87Cv`0_nnyPTC=lK zrrvj}c;%^tRcB&1T!>wFCV9=_=qo8jeKOL9%8_c!p$I)S0AztmtZhu}jD`K>%}Ev5WkEs_q#g}y(Pu(b9y+3@_!E4(?6GAhp zV(xZ?r`LB(T6!k+htA&4FY7dU{4E2@=!BxQg7(@z^YNIX<%c3yorqm}FlzO&n=21o zeS7cOsGQP%t$WPM-)&PIin_aO|Mew%E**+YyWcjdAX9ouq_>T0ZJDKAdqR>o9Jz5Q zD)(f3(WT_l^0pED9K^v;`U{vVM^ZeMt$>&xiOVK3$G|-35jV3@G6hZ1ClB(Mg&P&# zF`G%KL7>~efj zX}d&$j50UhI%&9>SHJC4)apIwHy@9P%BmjJ`4QS0(z(kzCy!lE+8q*^UEMLNpXyOK zl8f6;MQ3MJb|NMNXErjk=0Ipt(A6y96O~Wv^<~ zh?EL%^Qh`(Rz-4A^Q4KU3v_cu>+qGhocy{TjSrEuspe5G;cnB_`26zr(Yp-;R}+gm zrDh~3#uv6G7PYpFYn5)0=2HVIPhQ>7)r6u4Lkfk{Upr)o%xm6w`qui>aiKXaTP_uB zIGtYFrJ6K&q%>pLkYMCuZ-Xm*u@dKi!P-uIejytxVc?n8%LF7j~|N0Nbvj` z#&su>?kztR_4#j}y1b!W@YFgfp z%6LR!*MVYj0_+m!Kt-5w42J@nF@#tLGSjSNe<8fCwmDf*C=@h+`;62$zu4iQ zutSeLHLkVe$Ldid3SOiRIr30+P#ZL16=F8nsD>L&H}ag80-7^H{_n%zdXe_Uyt)Ywo#LS^+!4BiQyds2rtPvOKS^ge~% zFSYnaS&Fd2&dY7s+dNXEPm0si`8XHfHlj^0>unO-aB;&pySonTB-){4_;2=ETW%hTec#$26KZg4~ zigK~7+2QL1iRbi3_L(;&wCstmY>`<(>y6o_I_>@@8{c9jK79n2!_3R9ewi61D6xhS zC^o233-l3%T>+{dsR4MU5_Yu3!30Aj4THlIR1Ba&l{!r}Icn4!Q7zvp)|hoDD+6xc zi&_UxF|veF6p9t=LvEYQ>Xq2NQkzF^as#=@LquRo=R#i-RONu`3zb$-p+khD;ZvxC zW9Lm%sGEcPlQ$y9VzY};jn~N=ojhsx_mf86E=fhg5`&0by)iLSvT(z~E_ zMeJLmbAlko06&WoEwHe(9&+eV0am8-jH5r8&0_ZX%|71b;SEU8FdC)+71m9D%x=P2{s>US1RDMo4t5ZZ|9Xp4|>e#Q8oyLil}xim5^rvKvW-g z;XSxC<|!TlNsVnvtUL18Q{9f)<*mczgk)|L%DFW7uic#U59YxDnCF3qR=6SD!QuPGXj zVj#q-r+T#pyOgs?us6f2@be>fzEj5!B1q`vwKSz3jm3nY;Fnamt(;@ zy%W#^Aw-5t??PC@C)QZx*xj98xy>mV#4Uv<6HC=6m5Vy6Q9Kwscg7w91@*P z#w0qdUk0U3u_ADg)?ilAK;$nj?0>XBJtEfbM>!C%4T9lDn5*S1TGU~HXqT;Ws*UE zWmTe8%Q-FfRh3?kHY5_YPNug=v?$36e6h>)TCqm1;81JSfy#j*xfPP$Nv&0+vxs%p zF^yr8v&xJvl+==2Jg^;x)ka`65vG7Gy%jJD$9z&{5^I1FZl%hpR(aGKC;Bcb(ST8- zP^vhEOs`ZxWocEb9ZEEnqQ*r|xz;XK*`z9mOyv-(Y!Wr7LlWu=cJ4IhVt#~Igcqk* z-rr?L36>gL(*Y<4w&E4SS)wwij;cg$V2F&AO(u{sSmkJhCD)@<3wB2|sYL4msm3H$ zn&et5;12^G;BgQsTDfQ)a+L`oX}yK|(V?LWI#b}|D2t9PJ3PV15e7u3TWZE*Ktmuc z8h@dI1=<>-^n^@f0{R105uA{zsedKw+(Y$V(cTpGGgWFNj!`XnG|E+K_2|2f<}}ny z9<4KRVp2{E!Op6trHITOZ2!n2QR(1SP`V&>t*3rM(2#)Su>gVv%lAw6g_$u(ZH=f^ z4+wg@1&vW8I!rUlnZo!rC{$3Vz*BTdlwhKL2qvSPkPIy$AZNrqV$e-+`bmRR46|2l zz%9U8tWuqMOl=gwt56wHOAN*Hz-UW31L_pZP{p*42CrdKtrz1?Ls>ai(N)GlVu|Wdo?(rveZtZ!wTd|Vuv9;x1RadpbUuw0 z)#tFPR7w;s2O)-l35PX@PVlH63tcb}2XLkWwxj4B?q?bL*K(+R4po3zje-Uii_EAe z%_i(D6PBO_vRstNQ(F<`bLeai^teSm50uM8-WO_z8&FtU=1?mf2E7dxtWeSxU8WQY zCAzQ~QE#7f7|}2hiY`jYqZk*KAS`{O&8tHn8Z`kch5&^Es!|DX2DJhe`>A2~6Rl&g z7CKBLb`H)gQtHN}XaVffTU`J?)}b9WRnZKbL+J*i#csB_Q22@>>F`Jb^-9pkhX zfu};(9UG*EDq)*U=!d4`6xhO`e#2Rz0=-Z+o;6jIY0)iFixURU;-C0B44Cg!>j#z~ zmJl!+;Eq%XBR{5|Ds7d<6tqO=HD%U~wn-i2(AZI(!$VnoF!QN*22d5Q09m_A?8=BA z(Cb*4MtH;&c_%v;mqy@!zoa3+E*XP>C)V9cYSd1kff?1TN2fbf7Pq23ik7p><;ed= z!%$QiwJV_!)R8JfWksJ>e9(rQh&96|gGPla=2St{3KW*2_^lnPA-INgd_q9bTv+g0 zln3&{CzFFjR$+0%ICbG-Axi_zL=+aA$nFKbR+X}OPl|{^hJ+`wfh%fSLoFo$O*=^ z5z>U@XxxpS4X7$$pu7pR!@+>63@#Pbd9gT9(Hu<~5Pa`bI8WUuS-CrA$=0xUc3%GA zSY%ddmlSjr=N#9VBu1k|&&l;V)X!G|QVrJ>_jii6M|u&x)Q5xD^!-ki|ha~w*|nqYHzZoy{r1Geg8Ke304<=9ILU7N0yO7EobnY zZfVv`l`IP9jm)>P!^HVwBy3Peb?`wxN-O3 zwVb^dGj^X#3{NTRk(lH*$GFZcH6uFj;_OpMX8=X3wR@0@A*W(7)a6%aN1qso_B}=) zie`CHbYE%K$n`3fkwc$d+;6b*(2haInWPB3+U?*mOdhY^fd=DFqu8`W{z$3xkE<@cD;v&IL z;AjwR;t066Eg*bADU!quHM2pdz~sb7$hZTf0)=%*>p-J3?0i%^*lMR{i(py-m-L7d zYjpCQ73WV51ZX9aBm=%tuK@MfEI<%ou2HHtif|5Sh=6h&o+**VDniLxqfyLhl^k|R zw6sAt5a2K5%m{2c%)wwBuL_=*sa8t+(dYOq0gIQ0?z5}_4Dw>*4@%(*W#e&q)z8-`Un#H>*+-Hzb9r(0rf8`HN>7)Ny;1k=FiVev_I zAZ`5vGDqu(u3Kv8Q|Ly~DivL}>|{O3)bLvYb`B81NK;nXd}5=!V?y0DC>@le1)N7^ z^lA(qjS0 zDADQ1j;4gY@bO5CsrHT_KCvEMo{D^vkT%#ZbZ)lyohuF>=3Yj zfv`wnAlGPQe>NN5W*QKlA*G8_RQ4)BHRYOspb20Aj97C;<~5Vn1XmPjQU}^yYZR-nN77Ww_2AXOAnBFZfVE(guzO)i+W@-~4CDk;;|Vu{9O&l+ z*kvBZr1Hd@f#w%)6$`4#=*af=ro5E4S~w#hFfSMR!# zbtw8?QuTO`nnwokq{`JcWG-pt;_i){kE=T!QxcI`pIbZ7f|iJ+H1LX)u&t&ln#Qxr zJ4Ud$ov35^#$eJ-uPY0Ffg7X-@} zkDm+dGOLy(dL&i@4zj2er3=F31hb*m3!T=0l0ujTpb4}U{0wyV1>}Ke2jK(F8L>T_ zX;P&ZYxICc+_z*46J3DY$tu%ZMOqVLp0JM5yq!*-v{}Gb>dKBXDAd6as0vyDd7^sj zgxWX>4w39E>ez;(VUYE0LBBP#gu^an!T~XdP`Tkzig+eohvkl~h#;F52Cx|K$C1Ys z=)Z|tG1yLQFyA!bQc(HDV48ph4dUKP2D^~- zlGXo}!fxQ|YfK6?crEY=tmiy+fkOK@B-(<*LDy6RIfH8w(%3Ko*ItNo^6^aye%O*d} zD8jV>MMjjdNu~#OQ#WW~+eZCz30lB9-SC0XKaHX_kkG(<*5XhULdUGa#X%nf@@$yK zCSVhMSzP(&1-_34$sqVjY@!*mFpo)~N7(Cd;s|gBl7YpkDWpbb2<~t*c69^7xPV=l zU}CKaDQXbg9*ZnkyfrlLZd+CNWS7{agdhnj8IP}1sY5rBVY9DC<4UL)*m?Et=1YYK zW1DtF)x2{i>)5TbP7xRee}3h}_K>{IA;rgUx1ETozLMS)k=c}Tzq3zlg&az(@$^hs z!jr2mCztnd{_Ixiw#&s^LW>XGe6T01V$+$d6Su1>hBbX=Us9c9XGGbS%Xx?6s}J0+ zj4bRa?$e%%D@VlqWNgR5$fga)Gf&?t>PH@j+b7m?3O$D&x+IlDT3if84HcVGIzi|9vN+ZcouD2r!3Q7kg9|>b&d1;~U0(`rm z_kt}f1G1xuJ+by?7_9(YRFFVJIo3%Y6a*2k zemr4@D(U2itiUVGKY)dZFC{h;8gL-B!6c)m@pv7pi@K!&QlY89Zzs$}%QXYq@uGVe zvh_f|V;-;q(Qy$b8^u3A64?9{7vfWYgz5k21Sl@eS(O?S`eBpYO%FZQba_k;prNu+vW#u#mafHKT_z^+PZkSf83PodDAfnH|)X3Du6~Qt9n?VJjX{iJl z5=<|AH8#mXF&qpmtT%cL%<2rG&ZnNGFY|-npx^TkKd^0L;5_jtXh^B%0KGyxYVe5( zE-Hpx1L+UNYJj=yIbeuZ61lWs8*n*ozHy@`tA1$z)jRJWjXr!eBRaGCPDMvi>u876 zJc+(0D2D6h%ldU&FXn8!QjpRje}HNOBHss5B}?|jluPd)=nO zE?q^x_Ii3f>Y0_d$x%RLSm8>(-+44F7uikKldfY4jjN8O$JNQ(4SeScVLm_Hd)c_8#okJzSnPstIK zr;1hxedtMLMJAO^t^vaf4I|?aI3ixBH4Fj?%R0RWbh|UP4bvirzwwDcR^U*$0r2gx za{;?BbpgACyaEb?lZ8RbZW4eOuvKTljct=qjxrG)c!fX>fXMVfU}F*2q65--f*Q7i zwV+%$==oXjP^ty1pv9NUv}UmiECgaHa4>=0NXEtSf!BI)0$Qs_3qDcH^x72J!#imz zfD2&Z0qFQfio7uu3Kg#+xTl)JI1NB8De!3aOj2;-9KZ$kwH2N(kOeYcJc5G2$F(*9 zs}b4>ilmWT*Q{oS7>r`<6EK`Hq`+Lna#3j)=fIf&XTfzVV8lah$=^8bpZ#sP9OOfQ zT4lN2qy?ls(jrmA#>AEb`JD^Z>2v^4guFC56jUVZo^4cM9!y3fq#-i7R;)B?EnYRm zGvLjzV_{p>5N}R#PQ*^s8l_6B*60ujMxdC9iy#Ow=@4MRuBm~?iAxM|5$&21d^`Cx zm``lUCR`MpnAQSE0aJ~zn;8p(mNAtrX2up)3vGmyZbx-Z1v7#vBR}*c2*jU#(!S6m zd_zFAM`*Bxi%AzW{5W&$gapCtR%e3&F|&nd>?rsr-h(S=w2AfBeuZh=;;SFyPTjiu z?xCpp@1K9`-LtFr+&C9sSJbT?FnR&I>2<2*2U4TUhD0cl4kCi*Gka8fZ&Zb4x77|B zlPks+?ufcx&@4yE6|-ON@!!mCn6vhDMmZ`+`yY&$cZQ@Mipb0Fkft?>_TQ=rxzpBX z=g0j#iafPx+-pz99*eDPR`JorW7{s~Ur4L#Ld_~ak4DGm?$ob57JDS|L9K!xMS)7W zyLA+y3_rTqVxd#37_zponqk`-5Um1e7GVEm6imu_H+stHPa{8QKf zSgwr`pQSGf_)kWfD+J2$ehyR0=u6BtJ2>gXunECo$5JHtAlQ|{gb%_l-UiH7Ghchg zoPR~I%R-LAet<_dZ?xY~4i1SEY~XKUt6~O-8K+pK6{aX$3Z(%6%4xvE0(qH#Kz2P% z3k6H*(vY5y7Ni>f3Jn9E&>-)V%_mJeT?kxF;r67cEZ7@80%hQi$@9Q=i1)C|M3)}j zn#uWKXp3t>!e{yvTSCHYlkzHRG0`K$WuHw5$k5gBwV+=i%q0nw z4hUiaDcFMvc!U(VNthunAi>jU%x|y_Zuu4_~iYwKrk&*^HtdLpR4q z=80!*yt!cajcr#`-VM3=Zpf{9`y%G-3_B2Bkl!pztr=f`IytGX548m*EG`sY$*Jvq z2R3YGKT?Ow2TV(LUO$~s(rs|ZR`jeomN0uq)cSL2YmVREd@gRw`NXFd?$~lZqh!E- z>;A}zn^kc|Jt$D1bWaVMJa>E5dv4rca3Ffcv0J;YrN$PtHTIdsYQU}+1`Da;kjBPQ za9>7x01iP3kSB7Ocz_1DkW9=t%?wQA@8{w}u`G}2U5zG_2)Kvfiy5Yy1lt=7JrZd# z6oX=yZHi=v3fpABA||{Gyh1OMFG=^FfUwLcgVBoI2LdlOg4&!7kN6X*M;ZLlmP0Ir zk$`|hZ%vRM^e2XQH~}{3D}=#{!H&AS;A82f90G9%!$ELjYd^b*q8VdV^BODfOf|19JjShHZy<59Up{G)9Vj!IFi= zN`q{C+-rhKL`X``2cbN6N4g3^q6&;$crAKRHx%2%n*qw~owU#4PY9RM5d?dd$ReC- z(BDNC5`i_gI{InCulrn<_m_5%N6*?7d^+|B#~CgyB}Xx9mnEwNOsx-DzRZ#ekU<2y zM%RSVS2L`s8`a2J_cO>ChV>`{>pF3>bk+WtYuSV4gHzG@(m9(Vm+T1Jd^T>`zVPJ- z!d4!M+<7%KuBfZFpG&D2+Zd`HTR%AgF zD2v#_*7Yaim+Zdz_MwCod!kqGkJ@xH26eMy3frrOEHMRrXJe|8ihEI)V8Y}>&xmmw zpVOi^c;nux!x2k%hOOBbec?uFOF!~|D5?glL9FCtYCW_Z2mw>HohhOiD10b6VtOZ^ z8EX3+ws#?LEX=u(c@=mr7>t4+O(rKWk?yoke47nkS5M(PKG8&Fq^>e(kU_LgLxML##7 z_Km7NsfC@JPbDOj_E9Yr&ZS3%8jUZlOuX(y_ReeNVRuLOhL_|uPK+C;(u+IKL>49% z_Kq6R6$TxHs2XY0xS?0&?o)YU3%bwTC`~Qt9#%UL>zm*_y&`wZu(MCe59#@`9`)AK z$*VqyyjQP8F+DL9vPNi|z&|2h;lv$+;+C|084@wa{L9$(KhZauz76QkVJs?>6EIIU za1WEZfW0z(S3_EWJDI&9Fvz`S{v+;50qp1=BT(Q-1d0K8g()Q1T+AG!dleoG+46T*%|dnbeqME(f>6wE1{ z5H9zo}Qd z_jKakkmLciAH64Vs7|Tz$d&l`yt+{>pIXv?I=V2qsC|NSTBi8+0r}0uimNw@>w8gj zjLPMlxm~t!6PgFfQOr<`I0KZVLhTP21svl0q>&gPtq*nwvO!i1 zGfWtk1;L2qmLGm4VE8b?PPl;uAQt>t!MP#WRnuU=8h~Ajh70eX0lNb0CjfT*3g98L7`y#VFoe+k^*THSZsI$-Xhy074V1!{*eYDJ6k8h(jrX= z{UR9D0*ulR6ueq?aF+8*{&>J;4w!^QmCyz;7iQ*jndeV^5Fv|CC@3TBe}Yv` z;<H z2w2KwmeQecWQsacN(&L_$hoIC1n3Ka5h5#C@NxvxSeU~=Fo4~{0s&3Gh3pTeZu*L- z^G|JGe?w3OJraY=I>w+AR{#wu8-L-<1;q@BPJ(Z+K%zv0R*X}w_DEDycdLdsAB$PK z^Xi&oachpoF5Y=%>*@HElHNg;M`iPiwBFW1E;_Yh!@=wG)*YYq-if`}vWmLZD@+KXmuSm`<4&B3{>fW8wf#~XKcI2M+-tp@T3ygMI-oM6*pkHH9*{Vb@>|y*4EyuyJ+G}l zbSyfjqDM7h;1wnh(w&tkdZ4GIFO)+=V2xEgKrjtLu|VwNE4h?xo^cw2(`Q2-2PE$F z3Mz`B7BB`uA)TiJ%KX4906}_1Nw47jh!EnD?IK7&LjnbgE#O*1DuCjO8mLVH1b8Pa z`a`5GvY$z0DhzPkC`E(`L2)g-lVt?ZaWJT63Vjhh!L80@-NHRD1b>7l!n&e>4}B^9 zlX9+bN{G43$g4p0A}1a(@@C3i>uP)aw`Ub?x zN0KzYh0-;V?#zY(lSX-Em@#%C*c<3qLpO%}5yTQPAmf928gg0;_7mt5VBlxc4-^D> zfO3{N1GyN@Kbvj3f)6i>k$nX7X_26YA8;R60ZF7(ZwPP0_8GY1O5zX@qYG4t6Jh{C zZvCT?e?j!}$YllttREHFr3KAkmk1yVeXxHDuLPDm*%V9+Bp7`G(~tg1ZwRh?!UeTe zuC#H6DY?P-U{s$`FODf0Nvs&jZy(%G%Uh(T zAr#dH?CM;7N@L3;*Q>OnsGS5s2cy%7%Fr59pHzd6Pp#w138PzKLuqrA*7gr;`F5G7 zc2rx^D=+DmH;w5eRxgUI1HN&Drg2k;*oyM(QQ876G{*dQqdSu_lG2_gYr3}lrW z1iL`2GspuFYfyEJ@rDdx0g+@?0d`?zQDsQHi2IOWmo7Kd0vb}?&j3@%Jb}58I zR@}OPU}&^I4!aDC186HC?86~s)(C$M0yNWyPQxy32Gg($%mwng6dL3QI%vS!W!5*- zkO&J;03E;zkPCoC15X(23d{A2M%Yg{K3TZzE@1dbB3Xu*q*9>0ioqofVFRN#d>D51 zCIPA02WdkUkXJZJ0CwpJxVR=YvOv*XG61{m_;gVM--2_17J}pu1o!khyVld^jHzRK zLDZaM#W@8BC20Q!qUaB)`9~LaKegNP<$jPkM?sI0Wk3WWfQgWpzZn2rK>*JN!`uK; z2sl6KbnNRF85w$aXWJx0t~`sloCEapoS^y3rv5M?m`n zG-?Ddf#TdK*C0}%I+`Dhhr;MZaRAEZ!uRUX|BcsrDQgaIMqO7a3Vx%2smdTxYUC(^ zC=)FKg`F~^wC)#lX#^%ANG1p~JaY(FgiwaL6im!OC<9-WOkGmiVg$@v z7C&J|E3+#Jtb@>iI~hT9Y%O>~uM6HTJt3sVHBCH*+kbD8QYjHED01UgKfd0 zc>-}Eusz^y1Zp@~cR#rNzLF%A&vKW2J`vkd$rWY)q(9LLph34Z6-Y#V0CYDnqrl^s#v}p>Wkyb?jSAy(HXtS%PoS0^ zCF4@nDAYdOQyK6(X+Nv|-nh^qI}wKEtns7@7KUzors+CsrYf;=II0&iyL zz|2Y9jZCnGN6a~0Wy}LUf295P(%!IhbTxO9G4v z)B!U9=^L5F&A`j5)}U}W4FP}gI({JimWS)`3%oji<)RY-#h4c1Bw=#^Pr;us#3ZVR zD#tUhBfo)|1e$gQv^^+&hYd`ieQ1F>Fqp6eKbaY-j8p-X6D=cR z9ge^gnm1NpOoD}lHse7MSps3_Y1m3 zKkvhSF0e}*FGF4`Lxq%oiO#4+2_+P4<~T61$U8s+D3bR5?L)0rgW5?FH;2-i4YwaQ~??H{2y!op>8!wWzvcm_(6T4TrKX zWC3YOh>C{CD9fZmvMEZ#(yePm#1FO2q-f`bg8VSwjCz#UL);v-%#j5zBv#_&F__d5 zC;-f*N;m(&u**E$hp-!@L4vSL8zJ+`nFk601?IBBU>6O6gu9(p%p$6h@s9vp!CoVv zr*|^2W*7%+7azf(vQ+_xnqlsT@OK)8neWf&OERv7m=Z%?`Yr&gLXTWk0(8Kr03uS9 zSQEaB{pqj3E;I=?M1;I7o_!0_W&_Oc<@^C?^Vdss-#~siAHbRypMYP}x9cV^U2*s?~(o=_Caf zg}K`d$O8Wi#2-HIZI1<)|0a@QCfy;N8wJ*w(25m!1cAtY4ijLIM@gYGdL?i{0~|uo z8xQ+6PZhF#o3m&U8cJDg+pF z7F(mgQtAZLZv--`g$u!EhDApOS%?rsVeOix11$k&Mp&Q1truW9rsq7cHU#2=#Vuj; z3JwbUQ&8n1fH+wd%(Y@C7R-DLM%$*tZePT*|00h0sE`Z~*V8ng_)stPapBY_z9Qrr z&4{+q;uE5`Oc2h@E(T}JIwL1h*pLGPAc6H`_n44}6RgC+LcnZeAbeq`N{k-+I16^c zwiT38WTG--Ex2~sDim_Mgd3PeGgvKAIu4Nr%%)&2o`C*AU=?CGGjHQBQ$RNTT{8oi z59gMh*bGWh$gE{Uh`b4dW`l(R19b3*!l8kv9aC;GhB2TO3!s1S=YQk`9)?wgxt%_f zPkYnE=LD{1P}LL=Y0W(HR{^yj0gJ#d6?9jE zj4ViY2jd@X#Rh(<@SczCUV#fS@HmLlY=F*Rr!zy5)J%rt9{1p~S@M;Ey#sSalA)x;w!S3`)2CZ)a;~p;8z}6xd z7QxVTU_l1<+G*7OykK_*A_rWD{{(geClFmx_xjK6nwg)Pxo`blODKp$A9tLE^Plm0!20{x ziA}rkpYG25d_NVm3Lj3whqwP3{D5F-eh9)o-G%s1Cp_TdOtU?~t&VN60{=4&timfn zn&{&{=kuMeFZyVYp0)c$P%Sg;l$ow*fK2#Q-x##){#HxpvwYVVC0+PbKm4zp%p>|6 zgG|LIT*|-lr$^X0ssI2-)+0b00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D1KCMLK~zXft(I$3 z8dn&{`D~p|r;~QlnZC-4P7@Qf(u9j5f)JvZOf(=0WEZ@|CRBq9$Yr@L%VoJNuq?Y= z;c{}SHf1@L4fnQxt(k6lEX zGC`X>6iW~pwt4)1?20FICdk4=!(=?e);sUUu4p1-gv>l2PR2?0sC7E5@=*tfi<1-! znRk@xCGgY~Q@t^NAQ&M?g9+{dqG_hu=nkk*s;?WMU8@bm zH?No6=tDTMzG3PeGM=D{)g~vpSlfNQfA=2$?SZ}4JXS9*tDY>ij!*Y&j*0t|ZxJUR zOH1b$5T~bKGRg$QaeWVfrNi+oTds2o;c=mO2Hx6fwoi0=qw>kpQKM}`4*8P;Ul602 zvQ(ycpd1b}29lA@S0r(Ns5NFq&=IU<$4|6t1Qba{M1{?xR?<)Mp} zxp}2}QA5!z@coie#_PwlYkD3UO8PJ&Llro^*|R+o&!Pb=m7xqKNHimr%*t$tgDIBh z6{>mV<19r}gxOj9(YQZLEm zs&pnx6<974?Bo|;ex+MC^lJx<%Zv5^o?sje#mF4ZDVt}&UO$);K;|v5I;KWN zQYu#vsdTvN!~FM#o<1cFB* zu|zuglVEZAX(|KIC6ESNwr_oN`}TL=KNLxX;@&LqU*G!HAHr`2xcyOYFfuU56f2n= zWrSdze#7NK8MXx0&gCGEL$F=T&sG#FH2?q${DMl2$A}RC6bC;z19M;qI@ao~db7=z zt6=f{1iIu3hXF7ug10V0d-_&uLE5OC&CvbOk z8?fDlM&hY)b^qrcfWIx5zyERe{@m&DTXw9gYo>8Y@mMo05dH~aU+(2nsD_IG0000< KMNUMnLSTYtqWk{< literal 0 HcmV?d00001 diff --git a/docs/en-US/images/basic-deployment.png b/docs/en-US/images/basic-deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..894a05327bf1a91ef89f38d916ccfb1b79bfa1c2 GIT binary patch literal 5892 zcmds5XH-*bv)%~?kP=V7;yz|bUd7haaXKbj;$tK7K z008GDy^E#*0CA=NUuT8VzYWvp{OLasKU3WcKzT1>hQ8S6a{kJB0I0gpzGV-iulJ+$ zto#4~{)+K|kiCl>0e~;_(#7*;fp!bI>JLX%4#ljoYQ!UTC-#4}mKam|2DN7MXO%Rc z@=bfJj=`&-D&r2OnNDv0$Ol-VN8<7zZ~IaytBaT`)P=>^q~qwR&q;^b9sz6!GwNq* zU`!#v_J}A%J;G`Xz~Isfk+eR|-B9X>MrbaMi$!k)(qS}L^}eDnF@HZ|%=`VZJ0`r+ zN2ZrnV!5U+FcauhmKNyeOWfW10KkJgv`h5)iKp)`1XxbZVKg z$(Oy=D4egyyAJ}oO66zkxEUIuo_7<|%>a}h-n#M@Lts;xGy9Ag93X_+RN4entSn~n z$8elr{OyFTCtu%L_f|Jcs{NE$=niKs!ujS@9Gc+{Xu4B8)0P5>9 zSMk-o9pdls8B>a=t?kdEJH;0wUBAD1iXQUiomK2Ii9E*x!K#?Bf_gi1YyehehWj1| z(MSDOB>)1kLQJ0K)C*=1B80wZ8^fZ7fVi&BF>My-{ZcknW4v@~JviCzUTDEVE zeJ<8SK}=u(3-!?#mgr+cXU(D~_<Je6RIJKZr{LdLu#x7+|yLM+yegb!lG_1ZTtZbf`{)dOvnQr@Vflnq&gu(XJ&Xotr zUTTA8O6CJ*h!9@#qq^GUnFyu8%FTSQGc`J?H52WKR}~~@|RPyk_p^zwkEmV4!s^lvRu9VAme@0 zm41`spibO#zL_s==R_$ft8jFvtjBUu|N5+%A9U5)Z=bLr#WAU+o1&?8K#%G z$14s29c5#s={NJr6`ebJKh`a@kYw{-9u{$PzrD&1BR97!1valLtC)`l&z-6If(j4_ zAbkc%-@H77<(?r;rLjc^h$aA-&cEy#&dH)iRXB6N%adQXCuDZV{c|NT?pR^V2XcW@ zrd!DPVUkX}L%v>?@MIM7;GB~=85)}#TTC6&bO&>%HOj(xEGWC$<25q;B>TV@&-nTiZzQf?u}<@U zrKT#FyDu+~r6xGjV{u{9o?0{sQCccXIZCxC&9F1tM>c!LoH!pTb`76%k82TsC!cn0 zF*FnW{(|Tdq3wXY%9_~ze$3uy;r`~2#jy?Us+*! zqEwMsf}}E5(1Wj#wx9v?T=}qC!E2AblQ@s|!(~^8i2pbm3Se2mXL1?l;n@CKbhKuF z*?T@@Fmo_60*)t*EiPPJepX>C>`?*2#m|kme>xVhnceKtj8pER>h+Iq0_zJ(N=|q* z;;O}c8umh9iI9tB5P8PwtTL4~VP@eX6s~)USf!CaJNmV4NmRq>5A8+@*)=dQ@ZQVG zQB0*1L0q(YKI}LY^+Y#$W>WGY6s!4Fh|-`v4Lva`1CDZS&hBKj z;=SKIOyDIReO@L);f$v3OuRLB=7(TUZkv8A6=WfgPmp5UCLDkNkw!gif7{FO)K7_B zldM<=I12GFq1_Ia1=Fn`Y4LvC^HZCDMn^y4EYT!O*FDFGLj9HywGs`T_I8U4zoh^2 zus!0pO47TRP*mzvvf%W45Y)kSuV2%23$O9qUCTCbO4zV}K*Locwp5ZHA7euCOk(v< z6haY~H6L$Q-dJLJCEL3knzy}GyWcs@XF$)S9RkMt>OM^|VZv@)W`<6P4HFc8Bq(47 zC8a<>*JQEi_Q{^8S6j0w8<#3)JSwU~4|JM{O?I$QCCGgdS-n)_)gi z#&gml{l$bVymb0&fNKy7j<|Dw2$?JRplMqYW*4y6JJGsLU|_4GQOE*}+q zX~Z2Vj9JSn;(zxEO)eD50f|6}`qrJECz?yu9GnCm>OnzwwMczx3=y5o_{ zQa6Kxf~j2O>9hs|4_`Za&+_cyX%`rH`}g)0xt2*8X@B!%3Nu2xQ9In!cShF5%8s}9 z0Un_0nd7T`7y^RgVY3zl(WG{>*T{~ck$*#0cgg}leYJRTFl2AXK{s=QL#QIuazOH) ziQK~^K?d?d@D{;ueXx+_r!%F$r3{^v7GhR3erI)aOmBE!2l@CMUwmWtf(ztQo^t49& zYbPe`v9V*Cl8mNIrh?5ykKU#{k@_$MG6bU;?07pkwP+-4`h+|~qpu=e%ugBseWkC* zsqgi1aWABv?FY>oGCx)6kIB?|5|19gH5@ZJ3ss{yN#i{NFj}}af^f;e1cBb({i)V? zuGg2*s~x8re|8Q={G-~8kHiXkk?!DVyoG~Nx!i*qo4-#Ji8WPCkQGARyJTHwPheOa zj-SmEroNr@rd!<34H^C`B#e7o9xID?gTi^eo{mD~cvw*iZ zvgsBhrtMVz>L(fg{~bxXBaBEYN73dsV`JBDggx9@`%w`a+orK|;y7CE&)ZHGkqz|s zksq{qG~-0>nrpiaRsT+nhWO<4>atmk0Oe8%+Z_tk8dq?;TlN9;&bcGHU2+9Lb7 z!K0g~X2OO_2nDLU_A0Ax^*}&L&8C|m_;kw*+AzrH7inLx92m+0dI_&{)^YlH?~SdNt+y&G!2jQBcMtWH!`;Ev*)hd)Y<+Dkju2rzGW}LUl}wC z7^d-kaFiE9FspHJfNt(yx`|_N!t3l{H73cky@7_c2MkD9{xZOP_ z&5n>w;^Ac`C)=H%HgJK0?kSv5C>DjV3R2nmJ|5~!!Q9J!IMvs*8C${|t6i0v3Lqq< zCJ{=~;|AHD+%B#0Q)aWJW$&c1`)dXl4%Yv^77!V5<~`)a7($sXhNh0?{9OiL805v! zJOlI8dndR{8m_1yX>X9ME~H-~mKtEEjIwvl$kRK+K7qR*ijQ}z9`2F1L|h&Q$06fk z_>PYpYSpB!SvPXV=yI-a`ui0H;})IEJ-4c>MkJVpyuHPv#MCwTgRVmub&=D04NbWo zlwEqt{Wcar%=8Zp=vDmbQ|v;}}&x<8XT6oBJonL1bYv_Il%KH617xA!XsJ#Yiek3BQ`F%!r;wm1YIT z5v2p>+HyiDo*BN4OI?iVEXW+x!qXwbytuQIA(-s6F<$WnbU!Sf(F|f}gof85GOg*u zmUX}W{N4`zC+3P*hy^cuK56d_cu&ive1|cGdiAf3^ciPTN?r<>(g&SlePtCxhCp>H z3Xfv~@c|PXT@=O{%O#VqN9m*1UhVF=`F9bj;s2=!L#)dFFNeWBfbk;#BMeRjl>Tou z|L@R~fg=CSa5fDgi$-kqZ>L*+V!Lg}7k~T9^M%&}mM)!r(Z+w+^TCWC(ceGlzUp;y zlQ{Aepgu6=Ym#_d3B?rJPgkGfc|fOGJ;?-H9@lFSVt=Kdl^~m*Bmh21CCRa!Dg~&n zLj)O4*b^QAVfx15FieonXQ$?E(qo{eYye!+sVV`=Nhb)w0J+Or5J?yin_4}j9T`K< z70xrbrv;c)C`L=)YX0%LSM=nF$)&tAKBo^M9(^hkVDjJRmXH4M4LS<%1g(AESeBpo zEI+Zk^WA8zuZe3S-zam5OE9r{^Ve_Mi@QRif&L%bG$UrULxKrEn$dL@Trsvf?<8%IiwFZdD-5`?Ta!+ zt=E$+V%7@O2B12&>O99OD&%jHGSMG>ox{-2zbMpSKGYm$Y+Y{_z>dt-QSHhljs@2j zel74z;uC4x&Wj>z^t;~@vi3WS%-MBluW{cT>Yp0NPgk*np;2uucN6&!WjphxhS@f$ z_f_sp?d$F63M_vVGxebt)ltx}V017We_;3OzDDJcUyYwGl72YLewr=6MYPwcT-$Z& zI{PWV);fp}VTjFK=v%PfnJQ|MRFE48sGHCAh<}}FbtrC1ry?Outv07QH~5lDK+g?9 zNkYub8?29*TT8&ce4Rxh0gHvYdQVB4Z|jXC_S8<*v3fFU3 z76cb4cR5A*C`2vD^9uMb%|7*WSkF zovx}scr|P>NJHGv{kgvC%%R4cPey-80*JW}-$+6Ftf)Z!JVaaYhL^g#vM%0QFb7I@ zE~zfQlRNJ(b@%OR`?bxp(|5|=G!_K@KKVjBrB1u9cezyLxtGs`$fEm;Me@1(!;Wuk zocnO!h!&)vx$hQEpf*u&dYjN_CqE!GoYaL5Y8b}fS($iool|+OPHG3-@8;@VpSx2s zgEJ;2D}1O0P3?TvHv^ETZO8EqmV^b`(HW|O*F;0l*$H|wedDfiX7ZHfp3e--a-2&k z?aWQ^(e{gLT6riAI_D}g_iGGPY8G@ zu4?E?VT}`Sxu2fktj&ejheUcmA%Ct!p1{G?ZVJqgH!X;t{YV@7y2af=X&up<+Q|Fi z^^ur8on4X?QaBK}FWjWNIbyiarA>9}p66H#o2qWvr>7OPI@e{1?Zqo(N$0hs49YKM z(wd3KQ>}};!ip(0N6=DFtMEROwrM=tn4s(+1BEZcUyTdTX;77EMS)YPDj|3h6O)C8|1ldyY#9c`GTl<3pBi%CeH`l-=ZNrP@7j8!V E5B!E4@&Et; literal 0 HcmV?d00001 diff --git a/docs/en-US/images/change-password.png b/docs/en-US/images/change-password.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb203a5e256e14fb9fe3ef4a3229c3e93a6927a GIT binary patch literal 891 zcmV->1BCpEP)X1^@s6$@ldn00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!TK~zXf#g*+# zQ*ji>zxTSi>7MXmYHqA;PMOIFsnpD98TC#QXa7S%`v-zv^dCf2(8H@Dh#dz~{r(PO4OF#9~VbO-(|SBngmm^pwuQSj6RU&gbvax=2_?E@|dc zj+n$135y(+z0}UQ!p&QEB;SA!iLK;;1ow5}3qDRvV0Cqcx65p~^PYoaN;h z!olf6&nbHnfl{BG{DkMvo?>op7MV;2*=!aIG&)ZnKSCrNRuqQ|j$Kn?YFFq>u|>Rl z`v&D2Ei4u*4mDaZcxez<{eHB%Tk(46g={P~UCcy2Vsr~7S+fkIkuWq`4XUeapslEY z(O`hn>4L#%!tu@%$O%voD=%;ooboYCrBc}3{0W1>h;p@>Pf0u;$JF!`*4EY$3WT7h z?}|p2Wll2BA6Bqr%0v++y#Xqf3J?T(1fJ!qmqU2?;2xr%qfnKV$;V=4C$5;4NHDo9 z(wVfZv++=s6L`-Uyi%t_eO&|0wPw^%E7a<8**ILJ#1+}iCF*6C;Bp?M@`l49R8^Uv z(^c{-uqx>FdKgV6XfzrUVWVuEY&Oj+#?{WZoQwy90lXg`My;7LG}mG$ndI%_MipRY zG#YWL`=o5FJd5?5ZC5V3{XGx}V0?584yO~AMl0rL=V8zran$3X@p7Zt<-)P{c6hy~ zp{>;YGgg7apnI9`zmypG!`L|N4hL*D8)l+2{1WFcoP(>y1-H8e9#0z%+ileA9Mb8u z?1n2GkcE$qjKJB{1gq6b;3%31+;*fDTiZ$Q+sU0jZ?*>xVzTi1h6Y#)V22aEy=Nha zG){$nAB6VTSy{N26dZ{}Xp1?}(ba(;8wtM4i(#_x-Cw(CX>LYWXBYiMiUU>Lb3gqs zyxud&P_}F~i)pf%FR!ffQWqPXpY#7{!sRP|sjsgOf$&Vpu8~M=An|=2zX2sgJMFkj RsTKeL002ovPDHLkV1j_Mof-fD literal 0 HcmV?d00001 diff --git a/docs/en-US/images/change-service-icon.png b/docs/en-US/images/change-service-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..780e235f2f5ca8e8b38cdbe53c1af46d6a17815e GIT binary patch literal 769 zcmV+c1OEJpP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0+vZcK~zXf?UhS! z5>XV#nPFfm1;S9N#sNWQAfQs)FQBfBE{N2A30?RFOkB9rxHT^P2pV^GWprU0W7Iwf z5o@CkFDZ|KnFczP&dYNdoDxcR!_J$3CU+k9chCLbbLL`|>aJ~S4WAkrfw2bm5y{^?INnxKi{%jxUTCqUDGv-WdoqDBRb+wr@^ic*jC35 zb^sZliZ6p;fs7BX$a#x}{22NUb6MZeu0kSO9X9d-+yF8-gHmTK@@}`2%Vj~(nYgHC zv$3}J;r+X}9QW&lRU@eV#?4#FM51@lH>;^o;9kFaS+CV9<#IN=<@e9|e7@0I+uU5= zSpVXhnQ=G>j{Dsf+QDFGtQfnU4$n7n8w&j>BNbWx{OKbbk6%iqE~geEkqdAO56zT? zVc+w4hGAezx7!^Fhj**hN~tuS)8LGz6RNJLnkp-@F}WxRKFUwiL8sFRw=fh-#xqKqM4uV?#5e*Wy4(eM>T0WuDQbyZar+0g9lDUZhsXl&4&B-E~tot+716R?Wq%GZr7h%1(kqk%;bL^K*@W3h?oqd=`aG{$Jt zJy-wJPujfcI)mN4cR!s@=knXuCXWcU*5dyH#jz^3O;_(400000NkvXXu0mjfLvdN| literal 0 HcmV?d00001 diff --git a/docs/en-US/images/destroy-instance.png b/docs/en-US/images/destroy-instance.png new file mode 100644 index 0000000000000000000000000000000000000000..aa9846cfd9bfd7cf6e626c856604adb0231f5a3b GIT binary patch literal 815 zcmV+~1JL}5P)X0ssI2LSV8^00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0>nu~K~zXft(9v} z+E5&a`z5z*-tTeQ8>db--v{pbYpdweJ-(i2& zmlT%FCeMqLp7VRo$@!h6NIc2eF#P#!?^)N@H$Bv8u~aTqsz~kODSK0vgk*}hyT}6< z(ePI5k5~D73E8t^G{Yg)+G8eHln~M%b`gH0Qhi8Y-%1E|Mq~I1Qm)i5vjqw9f!7^G zO65A2$xDbYNIQuja$l;kDPBT6r?G~&SgJ6W*;d%>&aR$*bZ&uWQo@>Of}2*My?uku zBSJLg2}By+yJ9(UkrBo6(>^pj+S$|h;#J4IRxhl9Jzl=gV<0(YNnq(_`aP9o@Z)x)pRz3&ydDDfkFeut#%{I0-d+yS*#X$xBh9G_(25 zpis>M;2Ibn?H?R@Hz`x7HPfnDqsbhjndYF|caGtwNWO3viX}yf#94+*ZyQY@0=4X; zQYKfyST&g&Mpop1eY^DZpvq5VctP@P(1{%$px%tC3x z3y~|;&EA6}kHh6{=e1aEa>a}wHSC&ME(L7u7zMRbjlxc1UebQ(Y3HRAtef;LEa`WQ zrUY{#D4?;;ErV9Kd=d!4Sj6ih>=@C`3z=Ag;qwJ9eFfDE3K*m^+3Q>(LMKIAf&axm z=KhDbRi$mdI}UNX6PMom;}_=k!uxIg&i>=DI7#W&Hu&6)WM0x2u~*^ tLHe}%FVAOVYuDyDytyq_>ksgs{{s*fW(qxYbS?k@002ovPDHLkV1fZdctQXG literal 0 HcmV?d00001 diff --git a/docs/en-US/images/detach-disk-icon.png b/docs/en-US/images/detach-disk-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..536a4f8d00168ddb32b3fb16efa081afa2033809 GIT binary patch literal 953 zcmV;q14jIbP)X0ssI2LSV8^00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D15QaqK~zXft(Eyt z+F%@q`{ylgamjx2hb2x$r<(`D01z4Z3+e0=q`*tofVa4POh}#&TKB9yDC7}w?9*7`I^AS z(^|xGfM7*$;pQ%xxvU{74a|h1P~rM6agwbe7KabP9MDza_UQP$hTv`nMh~I<)lDpQ zT0`u>Yj#1o{7p2GsUdb3qsLs(W$rp0Pd`K;oB))ngvY-qSBeLQ=NA=TihU?zb<#y| zHg^?@rK&;&BD2!Pm9b>Ja4dP8xnRT5_II7%RohjAn8OE`yn*o1J^aC_OrdOS;%IdS zhK=%t;?ePm`3>z!QM~A+x{%Cx|+1S!V zV#$G_QOV$NB6XtL)HF4>Zf@_Gtqz`0tlrVy3znK@y9Y*{Q0DZ4q}g&{6V}i0 z;>oFLsd#WW6o~_A3#a|SVD$KC-Urd-)C{<}7c4aq3jw1JD1CD3CjI3suda7-c{t&+ z;*RE)HnnDVUk7tq+rgEj7`~uyU}(fcQeKL=7c4dPC=Q#7-i({1%2`uwcJ}aK#6-Bg za|<%CV_cqKOT9w}SYe+;*gxPQeWV{q|4RL7>QUQ)35U|@jLS=vgP5@QUEF!u66mDp zpwVQ;51n2gEg2jUh$K#z$A&w%HM^A@Iz1o)n`}Cxy^0qsoZg7Gv~|dqzJm9ngCVok zE)ezeMSVEo^!WpFg|hB>ef`T<5r~#KAK{;(59i81hTz>1@ zj^VL!!VN|Yf~tCF56pe+z+G9s}_1!{&c^A7iO}MrS~^dbIXl^&V`t zf%98&&i-$jr4(wxr{@&ule3z6Ep|e)4^KU7g|VJX^TA b1^@Y9wYO$Q*-olj00000NkvXXu0mjf@-)dr literal 0 HcmV?d00001 diff --git a/docs/en-US/images/edit-icon.png b/docs/en-US/images/edit-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..42417e278d3cbf3686cfe3b1ecb6fa941a2d4ade GIT binary patch literal 940 zcmV;d15^BoP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D13^hdK~zXfy;a{& z(@+#{yY5E}Gl(Wj1cuCn4TL}-uopAK9KmQ7hddblOMLLfzrq(|f<_|&M9~)mLI8=$ zLGj^idL zC){1`sc!+a=Ob8I3 zB#3#D7kEt*C5h#-T#jRN9LMLthsiQSLoaG;YDg0a1fWXqwO)wy*mV^dV&vrlKpP6Y zrlIka)T1mzkG&eLv)heEa^dqrV^iZ*Z#PBl@wwdb>j%it>`HynOlsR7r}OilD2g%| z$WUnUQd5)9+nu55(sw}*^eK^L*EU6A^)#`SgzgH5zc)8GcXf8Y92tcY7rl#+4~Mqo zkmJf}I-LgP9FB_~&tpS)<8hF`Iel7(u{sT+9n3sgnfYqhiX4ix;+5b|%@xMEVE!LEV; O0000_y1*uY{7X|4>nn0+E^xh!^ zQ0ZL=z3vJB?_T??v(~;i=VIUNJWn#2$rxW9*hWL~@TFs)0ZR zNZ{}KOHknR=2z4JZ~;52$vyxTcGD~ZHy6w$l_Wu+;&)e%o)H4~mtQ>6aRh;gzn;Cp zl@ZpfAP}>M+(StXSA*4L-F*Efx0W7t`u<$6oWZRRa!)m_G`2se-Mg2qM8|el{%-D- zz~8DG88X+sZZSiDMtj^cDnwjEaY1RgzPg}Co0)#jNi~d+HZ&Vidvev$Om!EB+Q0^L zW|o!{bYjJaX`!D@ffnZ}aoB{e4Y>aFILEn;dYk~fJ<=fqa%moYYj+yh?{|;YC#;RDc`f;xN zWcbmAj#ExYT{NF*T}krXXgYPWeKD;szP<^}WZ;C}AnG-r?{2F*z8DYJwes|A#2+=& z!qeVc=a;42fAL8C^ysSMwe!Jf_-|u|J`k;hyCN}-@Jfw`D63;uPkS5R{3A}2-@g+$ zF?_!VlnE%f^uis(HXgG}mNKjG{N~xee&$EGDVlhF>Yl8*N^7xtmK>)U8f=xd5%^{4 z$j*mdJ-`gU7k31>g@(8CBKZae9A>_=s&!Brp)t?U8tg+_aC64{q>^VLK~qBlb&c9V zv?(HTRzeWiHR#)~;g=(Ts9@j_z;5a!4$@%oH;}XakMu6ZJwP=YxU;{6xlQ+$lN;*E zC3p9?7_ z9KKHS{U$t0kAhhUtB7MhkGRv(>+nBPzBG)U7#;cn#%$X8(h7^u!x_{P0WY|bHBxi5 zyg)Xcc%ZymXl@A`ghZ|loB^gvaZw!G`C0{VZ4tUKnoq-6o&Y{m{jlNTdG14eH6TvC zJQ5i$d<~#yXw3cJeP&FafDexZkQc+~DAcOYDH|L@%+M0Ij za130FRK$}YrS_ge`j|X#am!D5xGq)bt@-ukk=D9FEXD@2JEDbP%_f@yQqq%gX1~xW zd&seDn4Duj)CO&US3tT*|u7R&F!c$mny7LG711+NxW%;es9am zWgF>{Tq!Ro2n0=&Neghy;wdbn2qb_5txEh#NNgZ0@XD@u;Ivx0nK>Xnawq5IaYdVy zE)Cvf?lMfXh-Ls(P}lN=(;}Odst~*x(%9bu(I-gfDV8bR)WWZ67J1}xx2NgN9u*i2 zxP^LB7;aRCxDA_5^-ye=5o^8B&O6tH>qvF`ixWS(#Fqac?xhs`-yr(_~Z~wl+e~}MM z{=oWza|%=O($EkTLYD8p$0SMpI;EJWOWxuQQ`y0EQDJ2>1fAP6%%3#PfXe4^XF{c~iJ zgnFQc$+OP^wDx|(xgCY=%JoK@!~vxP&_R=au%kFm6x|0XEhOy?(0w3 zo}!*42u?X|GXP&H;BDeuy};DT?FxBH0H}>06pB|xYz&pbTe*?4NtbI`Eo(h4xhoab zVe_+X?hW}X_1xDrsvQ|>?`_)6e~GQ=;zN$VnwsFnEt}CfPY58py>e@;Q|)1z_lovc zGGCNB5VBZb<#-ZdPZVTl>#l3Dc1ocA=3%vHC(splKz5uHN@V? z%{oAyD+tZD^t-!l`idEfC5PldE&AheiBZEHU0(ElhHUIzh&Wx{6t~B#x;Z3#Q%nki zZqODHvf8c7St;axNqCF3;I&k*`*`OF z(O^T3H%cF!% zg2<=V0}oBKHqMTAUNHFp zVn!{|K`Lvw2qn-zi8!ReOIZm*V5(p2Efk1hs?|_CCe+p)XnPaVA1plcH|SxF?MlXd z!EAz0c*h#v!7a358PsXV7ftDNhG5*tvE~n)Lfptzs+#zaz9={g1rWZ4=|#wcbHTbR zN-iSY$XTcY6ZPJ8$Z8OPf?E+N^rKavaI_f4}W{V1aN(UV`C3p`4DL zJtgE0Z6#f-xkl(qI)8p$y3K6_$KErJz}y#noI zYHWC4UhNd%J_(9Qyk~h;F+R(=M1?gwWi}>j{jye)C+YCrcuRI5-{)Co@&!|+waP1+ zY)cok$C-P(`^ahsM|K}n<~^*9p__JF(#hnJpYXno{CoU03lZP1lni#7EmJ8$XS`QV0-e|wZaaK4_Qr=-C z_{#~9FBd6192{h;;?~+VL_6IX=5fEO;%+91tjD-kygB-4m9tcI`@Roh&}tD^i-=9Y z*-`~xvLNu|K|bcY(LmyZ6Wb$;b98kxT?lttS2v2~(4}~8{zhQyOYH@X^T%AJqI-1f@_ov|m~#IBkn^emUpeH4CR!~%U}W1pj$Qbo!nzc0|oGW^(-g4n2OP!^Icdqs}1gBI41U<5Mv_E&Sc7vAGc~&&THW zHHzvyn1?Xt-GpQXmv_BuQW{Iu4+Tv17>Ef1AA+jF|;;P&HFLCNaOX`4@7 zt?tS1#8W22{pOdZM-#h%U4o}7oexijue8kUMOlP^uTauO6q|;%T`sKJr>Nm3&wbU+ zhb;Yp?>93asH`b{K_)N%8qkR%Adx%6=_TeFysIXx2l`g?xZUHuWNt$C7Io24|@DbC>7ZLMj& z0zFz>$rHi^+0hqQ&sT89HFz!pc~7E5!TYpDw;b%g7f&(M z8PB&F^-00;YFsUER0}9xrXh@+VG2|$zVpSCpNI1z3GHyR?1qrXPCkBJC*Db`BWTm% zD_iqDgXV4lW_D&=k{D^!iwQpIwVNnc0j>$qw$>odMlM}EE)}<-B6GgmT2+9B zWigwp$txztSwG2JSW$iQgF3c@9`{Abdw1Ao)8q6-mFG5fY+GHV&ntxkR)}9*L_{|(mQ9yB%t+*3C$s%0 zc1uDI_lYMF9lXesDh{5C+EIcI>Vp}-^R@Kqg1<4^Wo7hMQSAvPNq9R@^q>>J$$Yw} zzrQ)CI(2~p?cSq@Tw(JeK2oD%jR&dr+Czehlor2hj_}` z&2(6AR;o7}vr0-5MUhbq)2P+vmn2cCjIPHaV;x=-+}t|4Mkj2f&}`2dRf6-Zn2-XC znO9=iYiA{^#JWdz6Nl9{-S!tWS!xJ5=}vU>f{Fixg(rMw7lCA?_Kn|cm(dfKjUMUz z*|@f!O3Iuxl*)&nC$IQsY|v5NKP||!dnMfRPUE;GJZ*F1!R2#g3RgPY#hME7G}{vh zs~B0Y{SQyOROP%j74+4M$WIx+XQ=q@```7r+S#n)JJiJP-PHMHyWfn(6Z*(5_LBh# zJ;QFr$OFAvzy7r^6i}Ax#7M|FI^;5O^FuPIK58Kbcft4%2&S*4)TUg3V>?YNpqh@XKd!q#?&NJV1LQ)X~c@tlkF~k&RCwy!n`lwt9!@V z1R~u1&H7og3Etxiq^FmhKuQ3q@2e>C2edy2gP^TkV%bE0Fd4#t22+7d=)ixYI9mS# zH_~NM(&itf0u1W~G2k!#DGVz>VJJ}`vHFAi4Ilu;p`du#Kb69W0t^e+cUPtUGXshQ zLHI$fqJK&wxEh$T((i};GlLrhR0=S1?mw&1s5A&-5=%D-{ZlEx*BU@XAl`T9j1Dlh zfr|jnP`#Cg_)|JyXyhu?VmVW(#L+X!gcY)7Y4-f1E}yeH>K66`t)sCRPuhW2M5-@5 zZ6HhKYMU~Y&8W9o*{0t~vSQA1ZaL7!q9smO1qK`@=)Qpw`Pqxn7O#PcClYcJgRYiI zRbyHL3g6p(0v`Z{;I#=egq+&~m4&dxr0L@M@!JnY%21sJ%usG*T)_i>|F4xPVNZ5J z0k&O(N=<~=5Bd|+QraCA{h(xFXZc4iysBV7go{;F=2eV<3ZJ1$nUqK~&fORUc|FEv zVgV0XUVQ6J@?v3FaY92cjTSp3Chk=3$xhVU7RCJL->S~%M=~oXU5iYHX*8sTCSx-e zU)gpIbdHd&_J;9PqyQZL*_SJnRM2U6VdDu14Msp+ketFIz{U9;i9Y9)JcJ*BN4Nf+ zto2BR`g-ojwMgb>{KS+;v&iOmqN}srMAGXW5k8IS4vR#2rXJmhS<78+d^VbO%X7$E zJ^j#daYDin!Ma;eEkQ-Hv@UC^|LmlwHF+vkg=6+@;5TPhL$k*dzl6A=`?99u15WIZ z$fw{1oqMevmUZ^g6-T$`*>jWEQm6Aw`E#ZgM?95q#rK56{GGzy&&G<-7x;IU^p0vu z>d$|gNXn9f8j77Zb#tyAzd5ubT&3loD(NZh2X%FK%cqnn5jJe+nIy*h)bjn5DKdS( z8z$;qi$V|2d)TI62;Js1Q>m6B+8CzzG#h4Y>#eF$jC50Lv8xVsgNvh>ko^+5D!T$+ zr1!o-qI1&2Leq+`0?1m-{B)H5+KYD9jKoIHu<06XChEsyopB1ELhzN{Dz}}+{pQEg zUd9G`S469`T}sEbE%B%lqQxA;T><;}yta}NV(r8q3ElLoSM3jon7=H~8D<`R!|qT2 zI({ci^?f^$ZhCZIrA0F-(}FZBJqEh4w=o^bY~#_+hcxr9cN7^J=CT*w*j{7nTTrj> zGtIR=sZOr64j!)V3G0|2UKCurQ#eJKBl)#xxya=4@34-_HIi#tk)JE=8tIWD;>Em z#5}%32W_h?G}lZ|{m@AQ*JaF?ORl+$#>A3&^)^XeH5v;W5ft3K9ePrMg`Bfp}PGV5waO%Nnyt!wcU+E zhshE}?VG8D#tWqkyz*ApS~te->(!oobmDEPiWBNs_p^7r31vAX$^&vXT8sj6=C#xv z$A^5^PPKj_FlmK0e1C9wQ6==E>8=5N?CcWls=}IM6h24UCyQh1W`W@rM(}?2rh%HS z1G}m9KX%lCXV;i3^ZIgBd-IP>X9Q&?H<3h#hwTfyC-bNlT)ng6b6r-6OO}Zl&UK?4 z?b&Nb($2xN@ZUU@i=0t1Af5Mw%xv8FFHH>mqFd};<( z`C7^r_J*^R>NebaanD^1cvkf|55z~OL(RSL`rO1j*6@_WUS`&t07lA&(L{(^mLiZn zZF8@W>U*IU9;#ZnsaP(zF*mPj(YXtgw9B}8rg;yYwHHiHEnglkQ`8oo?6m7~2_@V{LsGlW!O*n_d zZTIiqu}r>)!1GdR0Gnywi$OxxPcs@tubrCOC;RKb?zxcd6#ESlzhAoZj=6oxO?84U zZ$>d*-)NYfbvsY8@c}Jj6FpD)3x_@#-dg>2Am8swNqM_;4uiptY&jJ0BLhh2--}uf zTp0n`$hV&UGR{I3joys@gcpfg31+J&<`9s~Gq=IR!Vhuzo|5sC3>zO`o_-28T&tf- z%#T`%%SuMfJ_bisi-S{BQskqMd{Ig)MR@_KD$75MhkBHs<#q_-WsK9;_uY+lr@sah zdA*a!nGbHlDLOQ}49$}FcjcgjTVD8FE_E=(AHL;kS$F*K8lm4m_qbXMM6QGK}d_ZWrV$l_Vjy zrR<)m8Y{B?wp~t=HO!+TV$+^Zkg4jWaoDwfn`axllAx;HSg<+j3>_(7Di4^Imc9D& z+jy^s?Lys){7S#K5f%3ko%8phqXQl?v5Vq8HmRvSgZB;fZvKkm8}4|oqanz5B6VQ- zg)0%AyhaLTHl&|uNpUpbtMWfoC<=jpkr9feG6hy>3GR7ieYOjx`<9D0JsuulEQX{1 z)httyf8zb4?s3S#m#X6ot6IGEd^f%Q@h$!y%IQT~<*5T-o|K(~mB!7ubS0;?JdBME zOOHInX`%Plt+6&FAq+d3qm;n4Ff7{TDb`243U^!%1Ou$#tKY@{mK9tirulzo1!X>` z-v6!kt*x@~6_YdqsLjeClM;oKb&6SC3P3ADs71D&G}E6kQMn;!tgZ0@_e zF_JQmQ3B4O5Zaa|eCeDS+8*~7!~?yvggk2OSP?BWd)hy9;d{qJE1#^e0WyFzQb$=h zI!lQhmNx=Tr7Jdqyb;)`93EuXAj@LcC9lFN_m9aF*t0GYJdOA}2vR%&vB%1D08Ftj z#(i@>m=dOXk*S_d1mb637p8d^&({6`u&5a!{|}*0z)MJgt*+3Aj1gED%2ENE4*>kG7+E4^i zKb}8;lA+IBTP&iRM*NmzR`<<)-tO*MO;08g8g>EXhw&ecnO7#3xRF~`D^Id@tC>gY zIj{N%-Il;{Xl1;q7iN4{u$Xe$ss`LnJo|GNPD>k8A{Srtg*xpg>tGV|xCJ^v%Fb1Q zGf!6^YT^1Y0Y8H&J8ZM|m@PR(w6^*gYhqR=w>KNus|ynBmQoJ6kperirrun7mE7wY zYb~H57FE9>E)n=hF~J~%r&OMm&IC77DyncR*E-TgTjH}?9mZ8ghVBI{TzXN3f}TvX z0;3e5G>bx8tr*sUg|=xsaLiG}c9s>nVrf z)6F*_xOF%~aAa;&ZlV(O(;B9%1*F6o8!RJZatEP*rz6Xq*3xQU`ln|)>Vp9SL1n0X zN7t<9JIK_B7nv-}?eh)$+BxcNGe!JIv)sNFnCZpo1ESt&j{4RGK?+Wa^p3!gQ2ztH zzPdq;?e--E9Kz3(K35sfrW{d2$#ea>faqG7ysL)REq+Gt)Sh-->6*b$6RQ`WeXFPPSW54HwWK3Ocy zTnSIP`BX&8(0vzo*dBRbghRo zZye~py4E-nDMwypi`3qo`X0C7DDlBwh(?92XzA1dmb1sx{QIP4h($Nn1q+%0dbw9g zp)6u9W|>*DNBj5>{5NWUoEGp>9JBJO=HYpYCEOiCc#we*J6DHL0VD>J;OFkr;R$it zSf7=snhxkVp@gZ=EAbkPO+jAEFNyLR30`#Eru$y+@62`T zcM4T=CH-W}(_Ljp+UL#6$$WY=c^?v8#!Fw#IBNHC!Znbu=a^kx(`gt}HUPDVKxsHI z*%*nF?#EI*3}d}L17|!nI8NA2CyL}nDg#E9rUU{H160kwJ|I@7;FGwLUQcia@Mb}L zl6|7d{KyD!zbJ%EoMZ;d3T;gxPb2veKz{wqlm(ZT>={L?!{yP}i9X4w*JW*wcWs?@F>7wS zcC|{G1`3#zX}9zI)R3BK`jy(D#ZUH7flLDznrbJdA%i^=t`#jepX8{R4^|V9;fZl^ zE5MnSoyK&CQUR8HY?v*wqMwtS-0&p6`~7p@i8*+TsHMWu>zYRs%e9$4FZ(}ED;qH1 zHR#z8g{cM;g&#h~RjLHc3SH1Y@_J*3-dUSqx0j1g%NW6!qkj>{Q)6CS!WuxLw{26U zdUvcSP#XCn7Ycr{Z{`&B?pXe6SKHtjuSp*!Pdjx9kq^sI3dNpm;)PG0{SU@|9*O)q zuCtBNeQy9(gR(5Ths{4jW1pjwzH}X;e&ZJu>cH4qj|wuS2|ncH`}dZrQvNaTzQ&I2 zWIL086^ZRTY%Lw>dF3eK37a%n{WeuJo%*$O3HAFc*uw6bZDY$1yK{{d_2R_yLozKw zu#7ds3}Qkz36a5d%JXzuRe{yImJb=f$E_3Q{z7L0k=*+MVNJkTpbyG_246c~d$KcO zQ44*<-a>J!IV9QCIq&#dS)pTlEcH&oum(fmU%<>Oo8}Rl08zZR#%E%^)IXt@fp1H;Bf- zeu`+HDgexrYe$Agr?bF^go9$ZwA_%~P(i1Q&A^(?yw95mX3WL#fKwvz!-0EVhS`E3 z{e-=@C4M|mi~G5;Lj`!?TC$im{AuD)s74TxY=tmUub=hH4gm=Rrh3P&)ArV(u*)S3 zIT()0)$2MXW)+%vr6Ig_SxqxFgXuMF$`bJ_#@P{`i0))zk($SaU==OT=lnoXrV|B< zaxC~k^-rsp_)WptCEeIILoOV%AqG1}eE0$N+CO}-w7%|znv9*-LtEFGP~~{~p$aM+ zbdVx$rfV{+y)oMg;}d)o%RbMSHr68l4lhT1d=b0WsuZY6s<20qcsTP_dF9 zg)t6|?d}`=qZ7U%w zQf9qWiSnrB0rK+z8veC1-j4@3aH_it4{2F&CZDwe5lrqhsi_w?wJ|RLzD&8OHdL z(PGz#yY65Wy+#SFQ*HA>V@0fIPyAd_y=V-YwmLNmakKd^De+Zj~iT_=rc#e55$4*EI9~b5@E*4qOI$V1*3Z uf4B3HX=lCYXC}D6duIPb1AOm8wobnzD1J760iNvwUUJgP4+|d{z4{Mn*R=fr literal 0 HcmV?d00001 diff --git a/docs/en-US/images/infrastructure-overview.png b/docs/en-US/images/infrastructure-overview.png new file mode 100644 index 0000000000000000000000000000000000000000..24aeecfcd1e1942811c57863a89629f0a6ab9fca GIT binary patch literal 11852 zcmeHtc{r5q`}de+&7P1YOBAvuYeL8x+1CkCCNj!0ma$sQ3|lPzPLF)@}X5|2G( zm{D27JwnL--g@eJ`hLI9`^S46@A3YAzvFoSaJc7Q&hxy^^SnOib$zZg=8BOH1Kn{t z2n52Qr>kWOflv&9f6r;4;2oW+U382n9p zTi3=L0%3f8@JI31v)Ba!k@%#irD5)W6?ocP!>i*Pwss1hq{hFmfkDdK+(=?AGcPU9 z@3hHfps&%Z*1evmoqJln%4}Mzgj07aJ>r46It7%cOJ49z1%!>7KD+9S_(|xQDaAKx z5a*B6<6~#NQ8PV_XNx@jjB_%UhU|2g))US;OH=t zA+P7Z=y8=jxK|_6CvJgJSvWWQ5tOAzn@iMNKC48@UwIx1_X}|EVbO#@Q&`pUDW6@v zXw)48DEr7O!&yR65K0l@FyyJW-YMp=S1UBR#OZP+og)-9hM*Nj4|3iKK*Fb4)bU+* z-tnAJ=JZDp!qcN_DWI?}p)llQ+zgKlCBL*N1x7_QL?jwQnWh5)Bt5&8u7NsCLCvN+ zhKv+6XA&R;80m@k8&JnHQ1i3z89Y#CYd#7LzTw>LeNe}Lk-@K^G!1*hQsjoMw4l&^ zGPlD%sc~l8q1k)m?Ed<0*iupR?gO=+F10{n+&+QZGxJpp^70urjf=TH&}*vwIUlZM z%^3zR(@UM-shccmf*l#j-p-5o_L*tVxOIEFA_PXGg|X|n$V^4~2XkV+sg{T`YG?Gs zeFER+K&)Avg-XSaNMcw;$YeZa=#GP0z%(|;2+9i>-F>Pj;20CO$of(rxpLfcVN?cC zTT2~V*`BPk+fV6kg^!r7vx!qyvoKSuqE;>J+7>zAG1ew&ra4IKu|GuC6w0t^fEHG7 zi{hzQ_{RI1T5>PleB%Bv240Km03q-m}`9K&T#L967vOuDlO) zo(&qp)q#R0EeWVF!AGW)H2atpBf{*Zwx-N*(1)6jqh6ijYZg^G>r@toeEqVY9%@Oe zn-r_+%#zp}ML9)5UfKnhFa>W$KY0xW$Eo!z3)1G zo5`rJH)JSSb;Bw7P|0|XqR!MOq+>Ep6 zz^Zc9@t{qqazZw~KA_P|U>n78v{xIwE}#*E)Mids$nS2eTiX2UOHpRafhlXXaGaF* zf()tL^DOA=EK7~C+IPQdi+^b%$LBt>gg0llpGw6`gn2_-`F8<|bA;5;ozX(iJCPFKIiil%o!BYb{~Ay_ zd>AOb%|7gpLODrv4M%BC6ZLaduw$gh#R{kU5KiJD){0Fc#MxQhUe@YyW5X@D=`b#JiWZ$JW0h00c2g^w~>E8Nd;wMVO5#fKP} zR0j22EOo4lm%9h8-C%aP*H&UVzbmajX{BLn3i_y@6Bk>_! ztO&MYCyB03;8P=0FmPM;w~UMKx{ji(yJMks2A`8JU2?yzZH1byQ}h9hOMJVAmE;h# zrNUae?W6h4)4~??q~vkUSJL5g=ux%Y#kdDEQ`=H%+pwzapsrn3v>|e$1%K>uHayPz zOU&c(@6}wNZyX_s(_DI{PYsM9 z-=j3Y8IH7g2|q&dnv#mBanBL@o5?Lkd6WDUznP=q*T!e>48Cd!r+dc-FP2LoP@I0*#^R5S5?7Fd^x9sc9d6n!vov zBa)QNO$NZS`$5xjN>qN1(VIb%Cnswhzx!&_Jw*rIY5ZqmJksS)K=x*<)dy85?I=h& zWL-tV{alsf|A=87%t+^V41d*OwwRb)>4kvVW;gn88&O;rA!y@|8C|)SB@}*!(0Iqk z%WHP4Uw|A>;sElAO4)rpDTkq>7?f8~fz?yjigDs?H>(yV`_P(zcewS^tLq>5V57He zUbqAXIS*E;ew?@1@C_;`Aa)xpSY=)zh7FZ%ARMm7-QKv16AF6SWO1{V^dq^h2!Uh1jE37dI_a8$(K-lsza)t8RGz z@M9L~;S$r!<2Ac(v&~Mzb-%I|6nLKC5rMtb*WpvB-E0X{@mVW1`?}twRXBtEw7C7A zy{O#Q7Z{GeTiAjY!=8;)`))hE;C^rI=w3yf^sK(ruX&KG1rB%Nh4~WGi_)H+s~VSG z%ZW&nQO@qsL4`H9KWv9n4N+M9x!elkdfc%g$%stMw|NT#*E#%VxLHy<@9SUkxjTv#f~1} zo(THdH2l`M7se3F2}Iq=EVZHn(53w|&x!NiY}-M;e8(`W-XvYYj6vh4z$^@ND# zw0`sHG?NC8iA&Q@-Qi*jI~fxmFROGl)u2qc%-rN)~zKCA0+=Uc6n=I+yY~_ zrC&h2x4(1wMeNO<5b&&s`0H|0#FXN%!ln4!6pJr0ZW`YzOX`Wh}<$n4$lUBtbW-yYeZGy2#dj> z95jVSBu*6&2ds{RslThFyuzDUt|fJrKqevBt{YdOs!5x$GEN|^E~}v6c))|U@+Hph zQ__LumJB5z$m)AGnBm>q)^Ew0uSsVfDXh5lsFTX%xlpb?|DU5I5`5V`Hj-^?fRA={ z^@ZUEZiN-=A{R=DJ{NeEs>N(T*tPl+w*mKK-xx;qvTYl2F+%#1{sa^g`3==#0N-1O+Cur$|W0@>iA6KN*J9>6C$; z{Vms1+;O`u(Tbsi;!g$59=`Ym?T>UFZ2@G?B7Z1Fh+2acs>PN9|Q`K+0 zkI8nm9A?T+93^UgEUVy507j+Ue=};(%_?Y$Z(#6zTcgZ-BzED}hkz_&=c%68{#kgH zCS>r2S~4+|3N^0g+GNo5tD>pLP>PI@JMS$-+ajmN`VmWm{kzR5{J!VMEuxBX@Wv@Z z2!BviBjay+gyAEp;n<+EB0I!QKP>&?lGuAZ#ZWg>u(9Ot>mT2LJ-EjDtq}}7TI>V)y)8=^Bo~)#f?{{Ba zqwNrt-ZQ-V99dvqQbonpY&}qY1&B8k8p;E!SrkpNQFv0EvuM& zN@8!gIQwM8|FsxNjCrM-l27yzv55OCM_mNNkQT$44OPEfoEQV{Nynd+LVm4!!VM|= z(4B!P3V%%jS#SrNl4;KVn_vjR!p3u@{jW3<0XM5&DW%ZA7FP$~h%HAKgM{pV^XhKB3n)d<~p=wzrVF_g(}R(AtFHHWsc z*M4*mGo88sZXAIp@<2aAT3Pubzd-nVf^VK$==QmT4Z!YXLh$O`_qWuN=l|U3B}S<8 z0rh=LdrQ48W1sdCLM()HwathlM>+S0Vrr zlGj*OgQq$f1{E%Lq{@^`?=OFOJRKD=Lh`q3JRj|=j*nh0P@o)OK5dDA`Z|@{O8X7C zIi^c_U~PXUG&eUZ-@4P9R&U)^xM88USul?(s9s=;u7EhF%f$?3p|S2KXKSW5n)GJ{ zIc#s7c(68QM}EvqD}S(FUqXH73eD1K+R5j3kk=f47_d%v_c0ehRZt*A$;z4@j$|8< zxgbY4*A%w!wIW-^cfN_*v**(l#i$2h(%uovg_*^oR$I1R+U6_TG4PT1V)1mxfcRFI z8WzI28iY75TiKWF#`d+drKf@V=0Sc-o;_?d-kGeGU?6{>gb;fFL zPl{~D+7#Tcy(<=EDae7|P8;NM*B)O3<6eo9K-5umOj$0@Pr_Epe-%y0!P~A~Q&752 z&LuwbImO2f7&Sm9pHJ8=)XHz@oU56Yj4nluxAeIk0ePONG$~B0)bcMh>a-~aHHjX_er?l zaWcUM#-Kc76lJ7AXs-E)$9kqXjSR__!hqJpI30Y;T<6k#WS4^whtt~3ghGYx?d>L5 zvowO}#lL@3*$<7zMv^4TGjG}#8e%hrulFI2{V`~G7g_X)Pu|^i!uM^_d-?KbEi-4? zfw4B_EhOq?H%?sM|xNM>$8oWF#nd8C(!?Nl8ZE zNQV&4HTY}h6%Yk3HZX>Zg7%0OyFOt9Za}-`n6Dh5m3{5;0+`)`HpW083{*D&>W%Hn z;}Qu&GDwlG%)$NcGgoLj(t-BS&1cML;WO0FGEn}%ALch!|J`zj@qjgn&AmOMLepL& zs(Yh3WR~o@2W(SJ7>91Nhh{wv{Z`Mtk5wSmVkr+IP?E2GK=UvP@DH=?#xS(S^gQEe z{@VIFM#q{un zu2bjN>NI`(Y>pV}5pSkF`LS%`rBKU>{So7<0YK59Bm?1TTIj%NKf<(O^@Kf=)?Qd8 zfT3({F?~H}tJ7n1cX_;g|DC53MrAUE8cgClX1q@n=SDLt2x2$h>LM%Sc&c~qzAJFV zWQqmTb8-O3Drt^gOe7kQswQrHj9O=)I(K|r9eI*6a#4F{hojjL69`ve`M?^bjTe4# zv0tV`m1^Y@iV*AA67ol1|E9v0wi3qfo6Q~T+wcwPkX1m!H*4{vef_#Am3OxzT>#tH zKb8|Fwl-C&WT8O2pv^}`IPR5phT=)lajloPL@0M;6E`RYCr*Q`oZsg`{^@UU1!34d z=dQJU;|spxuM~Z5(gb~8&a6J`{qb`F@eoDYI4_Xapj_viBFKSi7v#@jP;%MrBMW?^ zTZ%=}JLCp^dRJ~z_3*V~d{_{(r2lRoLb`rMC7-x5a#|;1g~G-@<8Ija6mx9|T;XA6 z%vBI3WQCbb$#?Yyc-tTK)J%FdvVs|NksxZB zt?-}to2BdOu58o9JB=HDyNDM_6AefVUE4f4pl7aj{P_A(A7W(+t3W}(;%}5Lw%_Ooon7-Khm6JXNIsZ3v8RxSL;3o!Flda@ZnW z+c@DeV#gS2?9nBnx#EIV13lFoB@^%1fZR>Xciha1G;i_Zy-9WW){;O6RjgV0`)#L3 zt;5l7zlBcL@buHGg3m1kcBUkLmDcG5^9}~urQkXD=oDJJ^BC^-ZY?Q{`?ZW@>VTK_ zwK|FaSzSM*R#mHsf7)#;Y8J|?H&)QvXZ+U>xrpbssUQ8Qu=~@l&Emr;o^=kbsqe@t z{v)3U*vjunsxBx0SzudGhg9S6>+jy2J39g?B7PtRgwuGPc zy2U^`#|8fn$-iQR!Rx<|%#``^DLMx7Gy3^3Or|__tJVQEeUOBM*65^kb^Vo=_19y>5OgqQ|B|n_IgbJPuu>vMiTOG0 z&nzZlitNATOPN?|C!|o6AlatpkAS!Vf9$5HyDJdYq_3(<#sm{_mv5JUEIy>2) zDHw|!9gF+Aa64h*^ZT65{9m^XJlvbOnmK~@>RvlE}~;SS+J<>b)bkfXm|a@)$c^Lt=XGvawDUE zo98=(W-Dths}%EU6u+^+EihH)OCgbuWV>!5&}rAKt*BJzw@tBRlzj0TJ)_XAcfZic z6u(eDb^)j*E0t|{PkPFp>@0OGdice9U#!&Gv)Ssajyk@3E1#%Ua<#P*ZdF3`#g5gy ztF*|i>p~dy(N`d?2<4kEar9@)TsQW~v?{&*KT*yI?{&A1Q0}egQ7}^fXw_mt+}|*O za~JWf#s0i>=`JxC7=}!aw`IvKTHj-8UGn%fV}=OjWg|C&?WmSLIaW6WpXB(-pT^80 z^Ir@^<+)Atqxb1=Moxdfbl4TfQn3en+)f_q=4;!UB@ZVJS#9%PTDYX@d7|KK+w|6! zt2fQw!_vv)ql$lx7D2F^*2&J8%oOe{U8bPKjGF=1zjS{2kSNqD4MchfmPsVG?>m1c8nbBfzUSGCzA(hwqff1H z`;>3LgIZ<(n%o?~jefMB{P&zeZxu*WbA9F!l2I!kU@5!StK@(OM2`<4kDfOzAlz^g zRR5WuaD`Z;-}nP=ZT!=*p1@LKEi%&>>+->gS?71G*(P{Q7^)V-O!CCDr2PGAZ@Pb2 z2L8^7esnNU>-n5)uQ?`Jyo)kn-09MCp5hjP{*~n2?tXUfb41c>ISuTeRV)^n;bN;L!L!pxxX+F3@Ins)6{QMnPp^11TD(5MA-(q|>RA6L@%y(pb z*zcU@Y@x+1@w%eMK91kNOfNzTL2Wy(uuPaO9WPDuT)Po!fS0hU*VvICGtOTe)w5nY zyI6v>ORyh1BSC=aK6&hw4#z!8O_z^9LMT6HJCp|l)>W^&5}yzF=-`Q{ljB07!2lvG z5MR%gGyR&uW$?MryP5)GvehYvTN#)In+hBOun)2;8Ey`oagcMT$6()829`93`DPyB z;u|2Z9sC^V21lB5wK@YY|{|*g6wj;HAJu5UTv^V?Cc5xOIo(N{OlJcE;B$ z_7{G#UcCdPYeqq5HLY!ne{&9t({VnrBxIus*YIt^U3Y}gLUHZPhf-_QI#R)Eeje4; za5<_w-Dm^0I-GJ6iDsrTpikAahK zgdJ1-zP&%Q;Mu%d_U{hCs6IN_2ka2}e^6+Yvk?a|Y!T>}IR?fscFM3lNuiBpsOCc+ z-`1kvy#@QndIvW2o-~s>E&Jl;e;2omqsoh@1 zIXL%f2v4Z(eNae<59JXTIEZgNyTBwRn>t8b9P3{u@9!Db@{;%GtSq3m=97M*bK*aa z%|DC$FzL>u3kCuvCxpO?*InKoaq!nTT64OPtYqyvc7NLARM~;RtJk)UA^(8mDi4cZ zIM_6AO;_yA{#^U31$y8c7Y~f*$ho%41d=YHaf7^hr>!rz3RqOy>pXF1Kf`_I#P|0& zZLH~1kx&fMyZUL6Bt~VE^^a2!mXx_KLRN_MCYFonhk6qG3C7K56izm*w~v`gB$S3( zoXeiSpN<2W2E8bA%Bgk>ma4^&2d&Qpk8yOJIDNY4begQ?#pGQZ+NG`43f(VbzoP`H)B!*v##4pK4PsHtLio2e~uMPkF?K4s?8M_BBJ>dr&89wCR2{y3>j z0Yv*B;Htm!$NXT7iLU~w59^a$)KD4P9}sX>znu;wh3{4N(?Vl@+{#kC9d!bvJ)*h# zq0r4gZ|z&BS7}0kWLEGLCF~&L!hAsMwTpOqyW5N-G!zGx#X-`&)8T$SWnERH!nv{~ zrByJInwW+wK=y@TTfs?sXsj@Q(JTM1T#$Lwhuah*4b(M{FjroL0Jb)w9H)NJJ@nyx zAjM+|p7tLQG0f`t8E**i#Ni?%1Zs}2^@0EdTdDj=$Pjvy2YmK8@lY6eT@GH?4#&a; z)UoatsQb{H!c!1_@LC+aE?*P0rMUt;>7~H9htMiPz-vM$cet#P2RL;pR6Ia=e3jC0a19USh1zBmdM90Dd( zi@y6(9+(YP0)Zk6lX1`p_==VwOba@J#szG}tNDE6M?)X{F%Re?{=`%Wq5DDRyMxEM zFs~n?EJ08ZM~K`5ABQ2|{g7q@N_+7#;|M4XLJ+3@A0%w#A|ua)KiFR7Dn)8?7O-}f zL64%pW;fq)Ipfoc1-lT}UyS#s4h5W^0JnHn+X#=< zDZk4B#Q#y!-_5vXAs3hy%n-X9d~AA-^O-rwkrpAPcq&NY2>m<>fK=DC;SS7bJm9|-!hWy0a%jnS5}L%+_8ot^n{Jo_MwoIK=72s zS9coH_VSG5?iPkO=7`rP|2E{?j$p&uGU8JmoI+_&GMV$4z_`uP5tIV6=QrNy2Ddxv zQ>f~E^El?m@el&BfH*&1hV&mJ09hDri*jOB|FXXIE`g|YcXs?n7RkVk_Z()eU-rdP zcPfLzNKzIOue`plS>J-Y!8J@qCq-lN8*}TIrX{{)YplEZF(oh>*TIBvV>em`e*{H=*Dm;L@B!+DQUOY_XhQ8iuH zDrC-cO%w~Dd4YdLHNc`$i{`Qc1R#%~t-fv%h=G1z++JbZwxr_y*lS!P=EqktLny+A zJ!9!}L@Rv4`D3H)+S-!(2SR8ul2xq5gA$;wakk6#BLNHN>i{mlpZE3Xluy>_lrO_x?kfhtd$I?8@To6 zaIk`IZ(GW`QK6duk}wuvIbXHzjyv@+Fc$gNr=W~je#k*I#B=mRy^E9~VPF*HGl{`Z zex91~>y^xje}P0X1vn0bcWk({RsSKkP@s)>#@NABR?tfofxc3a8+wEI8`yw^iL7<} zrQ0gpYpPd=y6qZIFp}-%HlB|SAeI2SZoGdlKa+hkj2Kj_-1!CH z+fJad*{?EaRk_KXgr0=v60&F=J1m~^bS3`QR;InXIv>uLbFTA2WN-GYxYt_u{kvn&8x1u@DvHY#1OxaRcl5ytaUvk(wyEIyK#)A2RioP|U%tUy+`k=v9{7_F{g!c$OFjkh(LoXlesjF4Wh zsfL@WYIQs!hv0DyQG_pz%ACwwgN!m?C`YnqM zF4>N9IgxRM5P<&u@g%O5Ut#oB&wp-(gxmmU4!rsMOh^b6#6W}<7LekrHyOb1{-AWv zE4g5|6dJa95_l&4MvvR0Z%5QMj>u+ImV-sbL^J^tC!c*wIHwgF8FaE@uJmJ9+WN)> zE0mb{vaFsiyGJvo=3d9jy`Gz4u1&_EH1+o+gdM(Wuk>htkRx`9mWKNupf=g3_*8V? zO-Vr4UN`CD`j=W|CPyjk6pE%loC#qKGNTp()xGq!{fsjWt#m&eB)>@;B^<-RN1k(Gi9sVOVFISXImJ zJ{xe|orWDYJ}EpuCxmdzHUX_-5`%QxKGNk&kM`jUf=A8_>?L=fOPM5##__s(T+a@% zk<_JJH=G`b$7P$+IPK*qiX-M!`sDD_EwIn`)^JRA!#>?sda^n)uAeh7?P@UR8w-Va z!UMnUa;c4+h@(^%bZDr@>U@ltN^@sFQ{rO>Iik+n)F?9fE5$s~#q9^aYxOG%uw%1b z*}A4qUe&ATMQicVjuG4KcSnZ@r`^Y=7D=rFKkW9++?hK$T726Q@yNoKjD{~W(azHq z=1kjcl8u`b#2c;2rqA6ew)9#@lIqfDAk_wo2xQKZ+gQ=A`>sCcr%?A$@u%YVjBjRD zU%_8G@;^UN^d>q+;)vZtZ`Ak2O3juPt~x&ll0WM;SN_E%5%1-FRFo!3p(fPWMunYv z#k09zJLw^X^iRALdUJY2Ktx(ZUZc?guZwnU*}b*8t)p^3Ri%Ab%m5iCi~M4sTi6%` z`-B_upkDLQ{n)?d!EvtYb3pZQK*65sAX1h7wN*(`;1<(hmBV5n>LB^79@Wxz!yBdW~S(+|egDvaXjdweGgZrBK08+V+S+N0wLCUEHQ~!J>1I{BE+T zlVoN+_o>;8an(ugIJo6hj&U=z?N4rWzckpCdzuHAC!ZP=YpCwk$VpP(%r zRaTdYvm$k|b$lBE{Q>gh_q2V#Pob4H>^10UQnj;y3*)GgY&Q&QaSaZt z0_RrYN9{&uk>Jv#>j51jg?YOe9A*pBtNOOc2I*ibsn3`FT=R$|DyEq6z4VufdRs43 zeGMt$oh>BZER@`%iD&HN;EfhcpT*$82eg?ts@uzj%ieaUn$U}qkG9i*!Md;13x#Nj zm=Z?kTG{%EM{JL!`mK%1clfSLYk4I!ZI~jSTQ%XUz6nTP`=RtDii_;91ZRmP(-C@r z4rH0Y8emhAJFZkOhU*a6=^MQzGp-nKg_3}~SkVdYt=WhDp=DULF0fJqpGZ3x~RY1qZfZiVkaO|S(3A!gf(oo(slm3I5Ok14k0S z_@0}@Vs{qAq2IfVdE~vHBZCa}?yM`)d{>b!US84$r>fXu5&VxQuS&<37mpzn*agS} zhIXa58XC{(tWeHFA!<0plx2_FOedA)XPLDNWYT)N_Q|{)F7&N2f$1NoUga#Eo>(%( z_|m-erWB?Q8>Q41wF)#awJ*G57A(FUEt&eJ&)~tQp|m#2&t$$tSY=+-Pij9b-;T&+ zgb{{{R|g<-wUmx(pD&Q5NDF6~uPrG``fat#Mk@~?a6!D6>()i8jf0+jC$-F_nif87 zr(x7L9h|_g&ThB%(+IkGx7{(M5X+?~f za;tB2mQJc{yt@chvWmBG?iC0quH(_?vkIb-cc&Dg4wI+W1qRJAo4~d>-ZfAeKosuK z2%kS7=mi&TAf6DqW^O6p7(zDmw74<6ck zfJkrEpqgTV=prV0yE~X{BE|8Q!%!?KeU{6|9_qEE*QW8cA~@gpqKl|N^~^1m^pggN zc45QD+4Eg+Y0O>-aTLqKhL!#z$^9tZB58&Z)tC?U`-k<32mNOc+>#K$i0S-jUV8o< zv6TJ&`2I`mN_DxNzK~F^mP=hRcF_%ttL3O3%TjRG27(wGgGdzFF>$N#>|V)k3^t*O znf%_s$Nr#woc`jsW_yt~cBk(>Hc0G;b(L3+ss>2xgJS);Bf;q!-i)a7k9X^bPu#~N z)VHUL{Hp@}s?t16;I{*wG`zD3+kMQ{CNsIo{E$kYJPg)NGe=+3#t(KjVY>Nm5-|{TN>iLrb|} zN2mCg|06%7Y|^l=nTeBjSzp1P07ek#XLeZAGY%Zr*Ha}N!jtd zSyYf=_xtDu`q;sv8*p&i&hq0+q`t+RLw}#JnGTPze>F236vwmP}RX0uyY7mYu z$rV&6E27c$mqP8NK6UocinWCK!^B_un+Py-m)?=+T2VH^Knq+fI_CxRRVON$7sDGO zwsY;0}>-c{Ru`#^o1!*^b8FnJYQX6eUA&YWVqe_$x>LFp@4mEZZ$~FHH@DC?j%N zI1${N0&T*Z(n=>6zy#19P{ejBD_Qlc5OHBN`c;-?Sr$87?drU{>i3b0gRMFnuL(fi zl!Do8Rd=ic`!eanLXtooeFZD*3L00%ggm3_lP0K28Pcgx%TEAQ20tLVw8+xa-$wg1 z;b(*W7r%e{4@O_Q`D7rX0eVk|oRF9nOz`Um)RvsKKujfl@!DUK)_52KP8%Wm`w$@! z$wg{J%7MWY5sR2YVEH@qv_;3TIHG0Mjw>=MZh?6Iu zm_ope?#oxZ7l|+5q($QSoN}{U1en)DE9MS7!-LfBjDBy&(v>&f)q_u3J36fsp^znW0sJ-=Jzrj>8oW@HZd&9lR_#|hQ!J-T;y!cc(GiVub7^>ffJyaiR$S6=#lGGke@1Jk}y0U+|=59DYLH!TjW+hk?+*Pym>Pn1vgLVe=y*R z{gR7FBt0Sdj1%XVJQog|z*4~)u>w%Ek-K5}Qf2WjN$d1D>O@=0+!Ij0e47}8v{mT? z#F5qxf6lUaZj@&6`S-cQD?5}L{N8dLbRf+Rt`6L>-4(0m04JN0!LK1;&Mfi*Fkjo| zUJ1nyTit$Jn`fOH_IRaypYzMX`rCHT^hn-@mf}uXY|X0<0-ax&C+)Yi)L#9*eT?2f zMoos;=#}Y*y6XlM)lS+Jrm&4wHGMI~zRSw@kqyY8it=tf-9}(*CaHAs&BNmJrLisf z_?oTV{1~^I24bmvM3R2J^p*tEy5Ooz1zq5Z=3P)E!;_Nnxd`llVW+{M0dnHP&0fV3 z;XHB|xpNpx@FMlSaPInbDh%~SQ@Kh!mFAV3Cqy^g65aeeOOjWsL5G&iaztL^K_b1L zG~XG}DC(!C*rGj>&RJX6Otan*SR?NxQgPw?qob0(Oj8;=p`G)4vh2#T=S|bM+$kUn z!PK}6?snX$Og<0R9xHUI=|!r}Myw2B2k!oBqYr|XB|cn>m)1uPqVhVH$?o33wo4zh z%-5tzcNw-$~Pb&^2;q9;h+_zx{#&f|03LqOzFAB2`uOmi_t&QhdTW z#)9Iq7m`ai@{waD42_0a@DE)c`{eU7>^!BhB8M&Sd$Z$+lU3!<%U|X zT<|OAOOy?S#@6n`rh8++#e+xtjn@R)c8LjI^x^p%`rf=lpmd3 zi7#T-z1n*-XmxBLlylJ&|{K1zt_rw*qM|9}m<5*oe=ht6UrfjEPBhg3JbQOw0jd9 zVPIR5OY3Q6RCg0XWoRy~e~D$#b|-?E366zvEt8Cr^wA(nvGrb4J@1@OD+5kk&W@iV zn`Fi}?A-QEAsm7AQ7MleBrxCfnc6BA8Qd(l3)CIjFyb{s60A$zMFh}UpX49K*qOVR z#+Q{OHjEY59fx;L{J`2#9-;aRin(=y`)btSMv2WoG)Ac$O~u|M;7Z=t49pgz!xgu$ zK^;}S6B~n(p|`#OJ84s@6ek&bkya_2zzQ-?!D9tEB5w+>kcq@Nps&0LIfCM1>`*tj zXKetk;g>4!B4-=@;%CNlE^4a@9#~!o5e5@zpq} z#FMV}Vf^j`=^KSs0mHA7we&G1{-d7od?2=h^it83&OF&A@*0)YYv{GNOPHKBbvXJw>-sN5dk%}&F&@-_XkdpTZQ{UeOOgr>Eh2WT7xwgI5 zQ>ac~L6{4Jz`yqXr%~rXfr!z!FyNx-KLNIPs)Qh{(>`zM{eQ3kcuc9DK>U9`Ws9hq zgjG}gVT1qMZ9)BeB;TPq|4@dtb_iHHOGz?`QL(n z4geXchb8Ph1#Q8vB^)9CAZULXQbf~tFBQF&y+cLIfz2iCx&r#M2n5h_U_~w3C)oeJ zCB*+D9u|0GWHZ}s?E;5}y1Kch_P-K*8q(?m-%UGrCG-J@hH(hEx%NW9f5NIm&w!2a zD%J!1N8p6S4uHhRMJ;LmbL%p&RCCYVsR2Cwy;xvp;FD7d8_@sU`T{Hri`oDofV#g2 zTfh&_G@E`c{dd`EpMD~M`hV#b=lIhW0jLJ}q$5iO>3?ofF>z?P-V-PNBPm*NW-ahZ zXU_e<&4V-N0Z~wKuY~*_7cd+IBZmge`77IhZrwEjrar%Ph4%NjfI~9{e6l8T;y>UE zeFaQiEH#zrzjXZn387JCr|S|`x~@B5g*nu{jxbWZraQWh8KXO;y3RGDlfPuZQ4OBz zTr{+g%@;+<@;X4uUUtlrka4_w1T1vx>=YLb_K0-8x!B*DVySwDC$}f2=h6-hRYMT(a9O<|fB@?GL4z z?8I}<_iJ5Q-j8pZFRxD<&g3o`jJfe3R#NdbGF~P5PA6@;V+z>Dii?By@P_98whsuP zzQi$C!qP5}3A2$hb7n^b%XRXnT|25N<+aXS63*0-UA@;}s<$L-j4)`jD^eWeKZwFM zm=wEgwhzYMv`GwNZ1 z*nautEVO~``nWnH(ZOUH=~8>llNQ0Q=@)gvAHr_s{~%l{GKQOAT1}l)WS$+Eysc@u zq*D|fKc$@;g^k;Eaoi3cEN{{}mWk~${(_)+Eq__%BiVJnp&_vJlJ6DIhzN;O64tt% z#hmnaNqVu8C@YgVHyxj1x)7R1t{7!mm8^ucCHvhf4CY;WZFG#3{8A+iy9{6Oac3|e z@^rtBGqH{G!s`d$$IfzV?@>6|G6&;v^eagm30q#rUd!Ce>{yh#C{WxL)JfGoi2<G z>0-p)cg%M?9=QY`D!InAYm0*TZ@gQ&w*gjQk9LfHAG&>S=`g>uJ9BZY{o5Tstd1J| zN4*;Jp$Y8xBd+geVERjD#p%)Oec>xh&ZM@MM#}|*3Gk#h3wCP3u;XabeAHRf-8>_D z%VPn4$+jxrwtN|W<1@UG-`+RHNW9-#ZsJk^5}(dzRDDy9@T~%%{=@-|^)?{lago&C zg6iXD2<|K@bUcb`Mfd`?4W5|~4v=&A@S~dEF?^I$7~$JsANXAZ^BI5t z7$+GUPFf|v0QDsK^wePf?&V zu)`2))1o|LmYR)L$;Mr*Ip9ve8+*N%I=^EM&_Z5N!9};WYps_iZ;G*&yG|7gxO(?I z3EnQy?EL1z&1F;4{6Meh=yKY=P{Gc4n7Z#SX?DWwO}eNT1fZY%b9M0T7udQXtw?zp zMngqNt;=ORGCMu1p<(H&NPx_-LYmJW>8;Kw#TBUrq8|%XIeN_<`KaeOD>p^ZdK0&y zch{+f4>9diR_L=ux5zt{%ucbw=-sb#Xja9}PSivkq`l4@B2y3BA2aqAcDly}A~X1D zqSc8V1$Ay+?=?+iIO!=TRZy4c!I2dT$n{k0e@oP8w&%x-GK{Z`R;j~`R37gKu+3PP zo~=&_@P*CEj#ZY@+>Xy1xsc1%bdHeNNSOoSYXXTV>E&bI6?i8ZcqP+9=(})iqDEPRK3fb3*@T@!4`Q=x4Hze9{Z8S zP7rb5Iw5!WwH9>4^((n%KSx%{OY14cNG__N5KkfGf>Kbh-tDHIw2+NQG}v|fA8Kx+ z?PeDX2BuxdRYcT!E9mALx7Tk=@=(J7mDxaSkX~_HM%c`xVIx7iSh+Yi4=+gZ>5;z{XE z0I%LQtEKz}rwCvOV({>SzmNpx1qiXu5;kJ{7t9s`Y>LEOFLvMk7_kS4HgNCPi zQ%i-a#Sdk3`Okhr0JD~O(O-D`7X%a8HU4YD=}&HMaeJ%vJXmLY$3}!!WcZ75mj!?^ z`+8(>-hS7Aq-(N@5yhJav&5DJ1>_bKoz;02nHm;=!}5lto*2r;!-t zNX@l7DNVv#(IxsV#>g9E84?hM6TJ4=*+DPojT^@JPiE}78|hQ3|KU*RYhZ2{<`)7D z)jCk4oFmtI^>zAGF@_=>_ze2Vt(*=gmIP^@JGP3C%FB8uu635~CDk}6oTBLHii*;N zCd^B=OFX;3?<|}TLR2a)%4hQZ6=XE97q4=EUHxbgpD4p)#bXYcRlxM;NR*!r_lPpj zNnV3ZWBa?Sn~q;me4duH&RxkHA)kZ?G))w}_o%c}wsuoA-u5|R72=?)#1B;?bZf7A z>-+)BE?^Th$Td5la*f4eBnTVRDu+k8!gZxd(>-AnRYv{gJ_+Ne2=Uv8hC@8vBc_iR~C zmArGyYQL{Bc3&v)Gd`=phNVj}{`aCm9|Jg%G8Gvs%tO^N_e;N-tK*bE_(waljbSAC_1(?98mE2n_|7Bhf8<5!gRo!Gfq>@ zmB?M%oZ)fZqK~nIWh3V4diDb8HXNHQhS>>esT4Q4aWjNHXm6Z)Wk3eVu`LDC3p}MFZ?{q$Z7`VyIxng zG+aZg1X!J~V{fpY$n*c5ozY{!J!qFmUH*G=a~=TJ>wi3T1$+ztm*x54YcNg?SAQmr|1C6c3y52PE2HATZV6q(BILD3mvprB%B1P|P0elq zdmx{fOLEJ*CkN8IrMNlqGw=G{sA-$`6boL0!I)W}uF|@t2+2F-h{*MeJcyeBzAHTP zxB_f;4pUGmTS4%%qaup0umXMAnLNp=;hbk?8IiX%3(OAX#R0QhY(!v^ zYcBjs7KoYx;#o5Vll%snw zh{0w`>oSP2V>9-u22B6mc)lL6ZZ)Qg?ZE0nmof^IP$QFA+jKR=30k9#Vk5TnU4$(>;SfZuUP+U9HZ^WP$o? z+}eNe+iaY_I3!#X5C!M=pY^EqBwH0(YdKq_+`+X(lNJd={W-Y2|Acb-E*y3nYmf0s z7)y{uwVXh&98U^3>ZOC5xh_clas8LcR=tM2G6xb|pxT(go4EWbh0OFVnY{gf2RCF1 zl9fG>3$MA?*k3xDNQ|D`3@~~HIA=dwV5av~p9S|MP(ce-^gn10D(DYW{MMyl>n-QL zDqED)2U!?y3ccs4=b!BTZ?|9-vcP*^cmxdBR!t&b0r8I9eEZ)nfAz~&nlr4aVf7Oi zm1>dRNE6@AE8;%{taMY9GSgAQA+^6;L%_ask({1R_&vwcACyoJpKT*MmU>26bdBEw zYUS- zpqjZ3EkqV?Ld zOE(>;T2ce^`U^0v+H*Q9iP8A6dqut0@OwK_Y+R`43{*qe+ z{nL2xEX`S!3g-Qm`s`JozHZs6(=4Oh90oB6(JH?~(tvu|?7MCA{;tXGULm(_6G-c^LeLfoxI0!iyyt}m1z-M*wFQpD#k7&LBXUKROx+5TdIcXvzDCJ-}B z!j<|sX_*_r2JHbq;P(;iAyI-n@*~xP{N6PLP^X`v$0~FC-)9BrwFdx8?K!BK^4nfO2O?yk(CC-WimCP^Lvr#`?Hmyf^)s{;B_K%vnAlmGV8 zOv#)T5Q0(0c2M}TExNd1LM15+U5^4=U%2Cec#b#cx|pJ zcc{B=w;a2!_vG{q#ZXn#8rYO{!(Y^FuxA}?HrU})h^zoyXKxa+E0xoAk7^^p(#f|m zbx&RL;BUdw^XcFIcSA{D6~};tKTBt*_PL#GN3u(diQFQL3Im)LV(RWm+j?sd_Gxo3 zoG6g?akvk!%TkzUUS6$$kERj|7Jy;CG>lU8!eJI>ev1S`XGVsQCQ0q}N4%Z*-1c z5I=jty5XL*B9gIrOWat3*pnhcO~wBN**T(V;Q#~{|2ZY{v`^Q-C)}>8hE=OhYxMU{ z_esYh^Z!&RgBeMTL^a0OGuOds{Iei`-AgB5ep^N|Yt>8}B5Xzmp2HC`S-JU9z_@nZ z{@y5Dar4X`TZjBN63~l|MXs8GvV@JBfp1pmfW9X z+pAE_K2YAHqNjFdqIdbe!iof}uILhjc zh=#mFywwW%nD%kmkQ`3-bozryy+3DrX(sx2Cm}6h6;iZB>xlYwXUFHCgf)N7%OI3Jiu^AnN>`joYLDHwH zjUbvI5;pf`j!qOF>QQ&WRofw7u1q&#?G>C4yJo@>KKd9p(e1`iv{E;7Xy~`xUKQGMP=?m8+VmgumpAi? zFFlyfd5*2vXY+H3KT8bL(0yaDKR>R^s)Of+K;IaJaR6=yEYs7%K>;r2X*T-|7bVgQ ze|CE18N(y8V8K$qX(yNEx$?T^3eYQK`!`R4A|Z zqztC>^Z~>*MAT+EwTkp-;_bSdJ$zqt9htq4I>SZFk&}JBD#$O;@=;4Q@qpgFk`j7A zo+0@d0>aP1snwrI`ahlM5gT9QTo+9+QAIn%w!7&_S~9N$+I36XsLc0_J4|N5JtJ7f zS044g@%=O;z^Or_x(tC*&tSjA?nN}hziE=DOAyr9&W=8=IJF;DMG_RT^LTa6OfSV4 zsjlSP1>59a6o=Nswc38_x0eiL0rqBz=IP!GIT`c`t=t=U4dQnoxeF80MRNgQuxU<#c3Zy9}Wi?e|d4y``>{KTbL1Y@-+dBISc#i-^ zHLbXj;SPQOC_c=r$=!xzPCI+2XfUEOeOty|Yw&}Q!J0t3PC|EO;I7>Ui~KHOfM3I7 zU6J^hV{cGNGiy*i#==EPHB+nX8aaaQ$0%We$aRT6qc&i%6Qtr|H zscwXuV>|gtl_@IsZ9`l$B;{aP1mYK@*!eWb=B;z5jlt~K+6N>xcs!SMi-(I-0Hkip z6$bxiiX=-En0D=MFzN3-vxLY^oaNB#<@s7pmv3mA(|O00`F=!ydbm+rz_Mc|^D){y z#y`^?ON!;ogb#$ znAtA5Kg}mDF?fZwjwuSJ9gylTzQ)r4AK3T=pVzKi`!R^Dn(BJ+`m(2%+a+QnJwS$j z-T7&sh{C?;JzI}WEV88%!wdvlO18Z{Jigr%={$P-Y(3?Pm*Cx|y2Ez4K^>!8WHxP3 z+;fZZZ$+zJ;*;6#zD$jF=kSsUA%D6`<5CY({Yn0SsBb^+Zyn(l>UAFF(oPh!$gr0R z;mv$cmLim2bi0NgBuR6cd!JwD8tZ`uOG~42_U`hQ-cXt)N4&Tx^7P-C?GDPGb37JVBnx zpm+Gl^t5i*6Nu(%x$guok2olcdW{ZOy-Z8<|9-mju4Q|04i;4zEBLHO3b!e%ec+3V zIIaLGJy_3MAAQ$f?_M+Gbz4`w9E;L7g-&S+;aze~>dPn$^*@dIxeiD*8Jjk132zuH z>qU3VPAIXTeF_v_W)b&#ce$}R~bkLe(@|$$){~)FUB7T8B+6jPN~?V{vYcvZ-UgF8V||JPFtBKy+%<8Hf$dFfu;< z`XM>Ex-Q7w;*@AE=|bZ(hx_Mro){fApM2PD-{&0I#d~#CP((lUX;4LG*5{g%(3a6` zakNn4?|H2FhT@8!%nK;)MBDnHP1bZO(b>BrDxh=RG-n@Uzf{^+>hA-&jv?xm3XEp2 z+D^5o*Tz`Y7+08Lq;E^;rqAHT9C(}S#Kmy@3KB0Nvhid?c>S9r1CqD6ndXCL^k7oV zFDAQui*|3g$*U^4iZ7M7=6XVBOz}D6qgsbI^-(>MFs~zI{bY53P0Pw1R4%O8lbAch zG`~fvbl6Nv9a`;b9ckpv*%)V)YtUN%24N&AJ=b5~VpX9`#hYOmePECmuaN0t6s^Jj zlf$53P@6#iiU(r0kexwahuqT|qc$)?m3Hjj0>0LT3TBOPlDW1oG2)#Z;%M7sJL)+H z@3~-B*L1x0-Yd~`_xr{W8uUn(zN@~4bIZhQ1RsfD8VPufBe^Ju-LcQ?siFfh(+X~D zHGMHk7SdinU|x+v+-*Ztq#zOzsrQo#ZWan8ttwppl|i62%?wO)YrbM>VH3AXva1XX zkK+!Zmifi(+$X<~k&bxBo_%D&4EL-BvS=%;=O)UPLUl<+jtye1vW+Y$BK-5>x#f#oNZSxM0sC2}K|Aiv{VW`)xbTW15R`Hm3OMjY;uqu*RM- zyt7st&LALKiplbvtPXbKZALZKo>4j+T8*pceJcj zp(inGeHQD?^MNhCokhQEf%D5w-$#2t>l25`%E0^mF9TjUtsiVUFrKvA9}SN&2t7l8 zDw&lw8|(WVf!B!)9v9y6er8_M3lwRXSy$aE-DCULhh6v`#5@(C=^b4cTYSo6bBRNP z|CNQpYzTD>0MMd9#(zasC%77>y@V)eGP!t(J;=1*R|O#P#^<;)QtK1<_w!Fn`Vw@5_upUXwj{aS^M*_78$K2=S1f_*9>pBAg&I_#4 z0FmDL2wG47teRV;_8s!s4mZVJj@ev)=aTg9YJft}-cWhGt4!Xo-Iz09y+uv2DkIA` z7oOj_Mhg-d828SE(ADzFmd_5?yw}MPs%y*t;9ntvqA6birK`^qp{*;u2wBQWzk?~? znMyP978fy0a6OHHym%_}1S8P<0ycGA$m};w&yN1xa6&7S>^OghsXNW(TTH9X2Wm$z z1orftNr22=TB`OM&x8E0@WN^pc(vB7Ji39ox;lAuh!6aSZ$&aybic2)Bdc7$o!tz!nM!+`L6^uss7a}8lYhKsTkl?2Xd`) zoUo_|D=g3GNz-#{h!w^%9aKAf4RoNr8UK&W${BpbPWGfe+h=x&kp&{5hGQ~5?sJaoA*(8sRu zp-=3tigZJ;F#i`G61yjUk62R);9nj4%!Df6M2vkjOs|-fZr%Q=<2T4Yz@@BitiAt6 zV~rW|^8*4!lWP&@tCz$OJksjabNQCVQA4Fy0pG=TfKp1G!%MpFX4GXI#Nu`KOim9_ z?x>vL{VW{$+jl z;Ht0jI{#5-UYN-EX)`xfc8Gu5^GFio+et+flccb9u>S)jJ zr{R=|)}9NM*!)vTV;g8AQ{ROXoe7%^vx4V4p;YzIL~xq05FHSc{cVLWT^-_qHn7*K z#k)QCNkf*M&Am+-;2kgI>uq2%lJ#!~CNAa=q#CR5b*jh%_VR)r#n0fgk=CzBIdzNw zNnVrJ`~%+3lbJ)C`g;)F+XeZF>L$kqCnk?j;#n`Yw)REWOzx^nV3N6K5BlmrZmjP} z4UtWnkw98C?r!HJ9iUN7Gm4+nFj5A75A->^PqH(v1BQvQHmL`Gp!p7){bb)i)F{UL zJ^EI^ts6cN$o7=wAI}9aDNWBDe|gDR(|@5kx+>SX*$)V{uUvx(Y5+;OR<)1HfPM!n z|BOjbxiOcBs&n-}$sfM{*Rt;c>C*fb8hgUu(XoUw+~^0i?Btd0_Ng zw*e7sIe-$lyo-V=SK+EOO6o7rwBy^#y%nc$c(GjRcfsFg1?&h|l{y94k)LSuFHOV& zg}eDBUkYyj?eqWQDef5yz*Nf1Msyw>jTO}vDW-1vgW;$t^OmjRllH_ux?2(k8~IrpBD@(L}<+FPsPZh4KN@RfQUi1u^OYM2!y78VeU>9!;o0Pmtq+XU_L>Oc*?D?$O=IEtUUGJpSWcDc=yaL*5 z2*1C7pvpK^Z&##Ud-sRJPaZ*jacs zkJ);#ev)x|KfkMRai{_8&&1Fb#gT|D18x>u=xDh!~{ffR@q_XGVzDa37e3wMd{7Z|%NYtDX< zOBVSwqkoVy>=l7e;hA!-`YC*RFtVTx3f=SC1BmK~hVZ1+_jhzx+F1!x23>y7fB?h> z1ckNL$Rux;nWWi^o3njM(F*uuE66x#tAGysGD8=B)j{+wM4`o^6SicB^ktk+pJph( zNlJcSH##6ux^%1)sT?NloxAWkZe(s5@=Uuka81vvSulxS5cQ{AU=m1Ls}}@&2;GLU zCF#|p+EWyFd27!f&OJtN2%z&G5Aq10&uK&GR)4VAQ5N2CUH42zNr$@chy^mTWc6O= z>2?&DXTy&U<)Zp!eoqTrObL8j#@Jgj|A+AkPDk

!K&imy;f5009=czs>;#Vp_k=RcRmn|r=9p2!<5x--Y3QOcsO+uEXrs$N%3JZjqO zjUwfyv>}<~R>HrC%bu^>2H%VTi=NeO8hGB!bEbgwf1fGs>z}?p<|d@1RA_<1{Ll zZ02q)2$v6^L!deQ&)1%7H&q{*%lm<9L$!vnnR-{-0VG0Q)&KR<8U`&I5yO z1p^y`NHX+qvXzVj_(~D+zuMsESBem$&v{em{>i1&f`NALCES9{B5t5E7pUs`A9jwF@r(Q62<9*QrFm*BNN; z(#@etC@yu{sCMmK`m6smmZ_6zlRXMx*@9EoYw${zAG1Aq|DTDz1@W^K1jAvmyBwS# zUVNj_@WtfcgajzD-rtP0a=(YfAJeRT`kk`*mMh8M99|EJk+*`W_VE!8dEG#LyYW8h z8qyah{Q2bEtu6VYsDCHQKw>1JF-|x)CW~`6JUGIOKh)wX$N2=Qo}$%*^rx0*6DpIn zO@C`kjt@UG3)J7Vi-Tt=aJYai>bwp!Rl1?7Rb20A#_8#cz8tYqrh9__O5^T*4zc1| zg)2AtJ1;SxfcL4>62%6aG7@;|*SPD}ax9zvbKl<;8AC8#!kS4-vXWm%cfAL=?sJa>w zQV%S_@_uBu2&aZvy-z_3IdDzrF9%S->erW7{-FS(rst+vKtlbfwbI*mF#Fn$1aUI3 zjpm5=&R+qdzC>wCbQb}8PSYK*)f}y3)CXHSJPOb0d|6#w-3S-^E=&`sJj+@BI%)UA z<6GyT3V=cvGm>KIsb^**R+1@eR7~T<7rl}W@9+k zJcRqkTe}KQqXPJX8+hlYS;kpD94N^9*mq}`4;XvqT;u;V{*U{+zP3k?4#uAwy*Bq{ zHM6m?Syh6mKX#yT`O(j`D%gZ{sl=5HCX##g36Q>SSd+H4Jt0H%Z!kI7L;=_0kdLRju;&&w(@%I;`i>HHMD?3IB){0KefKx z5EtT~EhhCnmL*{6^V|!-lxFF;*#_t^x|&=KH!T!E*>ex9b6MkSFZh|B zVBcelZNh)Ot>FDO5{J?WI(M8Z;y9NS{Qg9e^_eluaBGvlB`)Q@@<8EYrFWhBK$NLG zoNC`qIV$%Ijc{u$>0;L(wHefjE-^N93e#qBM0$^(4|-XdHhGpaplFMTjme!UArs6_ zk5A8G1@sWOm@ERQ3%vCn3csx$&c3NlxCK-O)?cT-O}wVfqcrC|gqsXfZmE{~6p!My zR_rXO8Kj$z>V4KoF*Rznb#S2SA9OIolg2BsgLA1t&XHq-C6H3)wdQ7lK=r1s*9~xD zi|cxb6sojAH$iP07({^p^^tq}geYHtJZta>5xS*JHU49ZhJmxD`86{=nkBlmxVF;; z8C-ZWw-GBzZ2 z$>8I$+Y7gP2R~*A)e318dQoDI(z7 z!%=yEsh;4)!IN7P;{JQFe*vz|-&1>idi$TNtkwIiPWiDM z)cf*q{hzI8&YhF`xp;NOiwg@?X8YgdU=acqQb&&XfrCtq(_-`8pR>I_Z@&0W+O+m{ z*3!98njh%eS>Ele#(K3?|voCYR`8DF126yEs3wvjzMqP43o7VCmXN& z_sz^sSNzKVs!QRALe8AJy?wpGi!I{cueMg5<_qTk=E~3*0nEM0PnQ^gDw4)FP7Cv? zdgV(if5_h93Yoj7AUw zoIHE2{oDS|D=S0n-0#l)6db#LL%lFPTknvYw!^4wf zLtmB9swtqQ2U})1C|?Wg_nK87wKA%Hugcw}m)q?N(6pb**Yb)q;CbdneAjCbVMt^7Sh+i&;EsGyAOF z!Ap}M?TQ7ffNdOg4y48kwc0qqbsh=J15{xR1z;)7amA7y*2w~v*~nc$XxjtWj49?D z?u|bp0tVPfGGl)23UBi^F5`GoWT|MA#bwK`E12LmHyCNpDDY4Zx;0!;-JUV;z~1lo zZtrOZ_8DTBY(8{ch7ZaYaK`K`a(#Aob~`7NFK}ERv<@1%nG9O2_HYfnZA)w;{=fVe YrT9XrI>uALGY}a(UHx3vIVCg!0KW7M2LJ#7 literal 0 HcmV?d00001 diff --git a/docs/en-US/images/migrate-instance.png b/docs/en-US/images/migrate-instance.png new file mode 100644 index 0000000000000000000000000000000000000000..25ff57245b33279913922620079c9be505be2dc8 GIT binary patch literal 837 zcmV-L1G@Z)P)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0@_JLK~zXft&)3F z5@8gF_cJzXrej%V|IOq}wZ-KRA{STJzmAKw#pT^cN|)E^ zqe5+QdT^w4@#ipmT3Z~udq}Z#mCT$xidJvt3&)6q^rM~7fVq4~@%$>0KBgd=$gFFP zA3A#*n_7e-u@?_h_rvM7(~A^}m+@4N0<+D*WO2HB`Z~I4on5r)*||_OMLlBMaU*Ai zQY@LF!0p>NTDCtj*^D8MR5s)G?*}6Z>Jb~}LQc=lBL`^;K;iP>;AOJ7Q#0~-DofoD zrxv>t$)6U9_#ue^abPgpcU=B*-G=QBphNIpiBxvmsnHoB>$|g1f#{Hvd?6f7l2}>Q z_V&>gO0~{t-PD`ZE9)p@7`$T>QoYHxp)=_W7J*R2;g0(7@ZE8f6+?2zc{~)YMD=5> zqpPR&O?&gp*1Gz}`sXj&-gQC_Lu?+cA8l%BeOA}d(AfO??fX}4?IQx=rol`y=#5q+ zn?3U3!AeBqV%UEF00Zdl9|Y)wOct9r%oU(aHjR$<^bNoTQ0%7B=_o@sD<>JW`YrJ0 ze0ZReU^uE=R(}$S<=+*GMb*OM^4z?VFBEZkqteOg#U(XV7L=+<*|%|tbQ^OJu{g<~ z)fEAB44-;tk P00000NkvXXu0mjfo=%DS literal 0 HcmV?d00001 diff --git a/docs/en-US/images/provisioning-overview.png b/docs/en-US/images/provisioning-overview.png new file mode 100644 index 0000000000000000000000000000000000000000..25cc97e35575112a09bd6a4ff0f6b4c105132701 GIT binary patch literal 23622 zcmeFZWl&vBv@Hr`2R53G1P?C3o!}k_P6EL#xN8DoV?jgk1b2cH+=EMSCpZLm3GRB= zCU(xbx6Z5g>eZ`T_3n?a^0D?>-K%GJ&pGCpqt^!|1u1kCLKHYSICSY}5-;H35WL~w z;5)#Gz!ioNUNzt!c*hq~VsM51#2dgLAX8C!Q8>7gFx0D8_kq8W?Vf2k!ogv*!v2Gg zV!$ARgVUOpmJn5WtNXLwIv7VSe(f^SB^wTpTd6##f{xHkyU?b})ztSTr^iAMM!8cj z7goAPmyNk_Q+G6?8?~Nw7-N{x=Z)IU2h17#(epi{6E&sG(32*%bXAbNIZQlEG)qv8 zu@i+ufV_hPk-@=(%Za^eH48glOy>UR*Up{8ML@SkhI?`VJi z9}f6^P_pz{kfhN28IR?UQp=}}x9%9Ok}AgP*@Y`LD+y??g&L5bv&o>^Fb=4abM~)i+o-|M#*~ zvT)?FjGmhBe~kv{?gOR>n8rW(|1<;s-_16u)|xt9H6mLOR`Jw=0(ty?6Lo|8z_Jth z0cuFTP%ZR0EEw(mIqhs@v{;kZl~A?QdG_$s^||||I;+&`K-|KY2BRV3IKjNV*(+WS z<9+YR=Y82Vy1=>-V;x=iRt*J%&`+RN&vEZoavC=Njf0GhhpSe5(QJ4wQI+xH6nf7D zUQFZ1Y3J|4w+vG2k1coGTMdzk5$it7vIem+2N@j1s7n}5{R zyw1CU2-DjuWwvVPMqSgp$=NrOtaJI(3WM) z5+z1-e?kFD5R@@v;YJYk5v=rQLj$%EnJGwe1glVY_S(v-l-lHc5iLd6q(QNMM{g=Q zfEDe+MgrVU;BNIKN@P&q_6r9mBJ3G)&{0GEp`II)Pl~5?-`R@0%ah!}b>o%G7^d(Y zg=5VIkyV_Cmy1WV>$RBV__Y7^@p~ZVP~8YcW}ONNecVqx?C;8%@oHmO$|V-!3!j!y ze+I$cbPI*RZ&;4ZtT=np+06&og@cR;(8}GBY;1?kMc<0kFa{R{sL9@EB)(;&nV^Dg zqX;$Fj15v*TT#mZkI`-thlm5N=2`5!899&|eI zvQ=6UAI$_nLoU=_uXbRGo2DybhpLc~`u6cPz64T3n01DnJjFh+MY&P|3_r|wE7bNztm z(!*W|@Q>eR=bcSEFugX=6;n;Kh3c*PmfKy(K}#7yzg?k-80d)iohI19IH4(SpfJFr z?G5lVMUc)fk0s&_x*7NDL9SF7ra^8cko8UNdiDzSu4%GxEQAX-JMD9_RMK6%aX(0K z5Tg@0oYxVAr%w6E-+XS|zn(poL~$R4&<^g6>r$&@i$x}i7arf9^zPqbmBGSb?gQRZ zo~+mYBE+2AO#f1d5lR@5Yg8<4kbT{#nsxtUmb^+z!SY1`MW& zjMhDyvJ<`Jeti&D8}4Nug5|*_IX`}TQvI4Sb~qN(f>uF)sBY5XOz*wn;XQJEB26@) zt6XZkGrZEvubrVWPSvLOkWRZ12e1zMzwPJ}&*nzQjwblHK8cKpzmATn?-^ng&358h zo-Fa?v&UqMU4XO1JWB}kU%BX;E;&Z{)8Yn|ow}3FWRc1|`DE4P!e?9?ODEY~@(!$n z&yPwyWfQC>wkDr`^$g1Ay?$Yzdmg^c)1c+C`PlG7D-*?gnVzAw3_YhF!d890_Y$G? z-w_s@F7Yx1+XYQ{+hfeecWhFaZVze)mMwY*d?dj%geHVQi~y{%*Uwa{=hR6agQ6na z=IYk^c}gp%Je7Fv8r5DNjUJO%=S!nT6USuRw33v4{rsO;M$z7L;Ld+XB#P7)>Dq11)S6>Q-${3L%>1tX51dt1py}K4-#_f-C z{#qUhyb7i_x)s~HOB1wTv!(hU9ma*Ay$Yj%n9+D~r09I~6msd(6uRkqpQ6>Gl=Q`@ z4}Vhvv2Y4>^rDvO>PRlnBg8dLd{U*byb^gh62e7K!b0NvXWx;)B26H# zf+AwJSMB5NVPiiSbWVFCT*^?xgc6iA3JczDfWm4=oCiW|ZF@S^lpQ>l8$<(NOJin#?IzbsMqCTX4TLi>eGz`6vYd2xr4v2S&KjD%K**i$DIL^jB zV8I58l=x(3CuKqdK zz`;~CBC9uUJNv05?}<#`mSBW=EyUYA2z-+f3Ma<;hP;^^m}^l4a~yBv#ZI?jdt}j1 zPuYbz*Z*QRNPr|9IerLH#c#+6c&SxnG7tx;7~dZ-2nR|7fSu%$B-1}M=z_o%7WOLL ze03?|8B&^!ne~Xqr>BI}&)k9T6hUVg1InCF(>$txh{{eGTVyY0`>%O31aR|U&SNkT z5PtdkgQozHEPDH$=+6Z*NIdZJob)JSe}S+Y@CK_4$w!F4TsZJ*zBKP3Xd!{#f6%lD znI3>y&jV@ez5WjFGcXeI^fa=&=nw0y6AwVK4U5wMKYpDLUQLu?0uSkqUyEMOJYr=nKgtqPqi6KA;vz?)KHZ?NmL6TFk`?)Pzh{$RVlnhCzCvpncL`(+lDEx?gJWp>wZ;QU(RLu=3;K!IkBj z>}}}GeZl}gk%XyBPMy9|)hlgCPRu)9?q`eNksopSI~v6-mJ&^p(*w(f=_%Q!VCS;) zS^4YkxrVFod|^kKN)r6sZqJ%3wOJRa#`*4&1>z7Tu9{G_?!}YJm~J#uLArrPevOOM z*K71H)@w2w4&@F9KPe9my$*<=MRTYQGEQLyjME3^J@i$D>Wb$#Uj(RF80{~Y>C=Ot z7iLw)qob87{I(%Qk=9$1E2C4)zA)xLE2{_kKWfm32jDBF~kW zr>4Ft53h($og;}lRjigsHbX<|b3zkG&}IQ-rK)cTgz%eXr~`&E`sxohB=XudfRli*7ah4wBqz z1;oc_A`UJt((ykPBs*V2=hTI-V3+ z>x<|LQhu)}(IRp7w(tF6{u!zr<5E1_4IaBWqI=Hmb|hxru5elOlc#8ogl926B=RFB zFB@}dLr22>bWo-v%}BPk^S}$PAYS^8M;tNc!Rh1Kt-kt`ADvvvJJJt=Jhwd@GV=!z z+R)B&JdH=OW(d|1nD3m6NDC<6-AgqsfC=o1x|m<4qndNO9#`w2x=(Y;Zf}|`@a2R+ zmym(wUTv-N#QV1guUEbwx@JeEs)+616l-)p_54!x(rhvT`8qT{aVpC#=WBm(b@aQ6 zcY+rs$>cf~$8)&Vi*zw|U&XjmiXp^NRU;~ne%;O@kA(QBXvN?7iT&|joIdYxeFt)> zwe}gqHtXF^KG~c%`VllXKmVrg| zl9YnLDEr_CRqf1TQL4ca3Wp6wiU5-8*g?n3@wL<*Nh{0K*VBG|wI{C|26Tg{q{yws z$<{y^yDExVlf`O?j={yAH+~f*abVIO?Z@Tc>Zf0E{FY(e)PMO6>9O9xYJX}- zMg{kW=ze)Z78}UR;RV0z`#W-MD)c^dI78dN*f?3YR@R%V?s^R-SU;6F zo+f&oM4C!tXGZCKy*TOp;grtBeXkm1b!@EA4=7ug_6hylOxqvIBBX1$ zqp^iwQ}#nWj8P(({Iuas#R54r#HRb-jER2;VFX5bo?xj^5VPi+~M zao{~gx*?#MZPSFT`b-x*l^{J{z-Wp-8TUl!62zG|n80soMTKsf?a=7$oFW#BUYdEf zIdZaSqU;*J$@zNMwZE@WG{IK3^4>-KJbt=4*vLmjuQ8E9Q0!;;_C%wfMxB)e21|m7 z2(8uj&D-4dF4X!97rB>lVOvc z&^2~l+i;e)$hivd*OPv3&1WXEk2Hk1f>^c1zxCa znai6Dv9H|ZOXUpKz_>3uX$v^s&N3t`mZ!aq4nM9!>d0?)Y(9Llh3D_yQtd3BEsi$1 zcEdBke~`S3ZPdXllb}8I>bHt?0Az%u;PirV zvwRB5Z7or%!o78^14mEUp1iTzDW}wmd9?K-qopXJB~D`J9#uu3KX)f0S{0A=d%_JI zZxK{1_4+Z_@K|rwuWH;mK0U`FqaNo4WLmBWKiL`Cs^-@}_b`d4HoN;wQG|5$LWx=44~rb2pD1a@1F~2S|>0alIs;kPjMwlHbAP zhl&e=%OUVwho{3c9Z#L=RJ3tPBI{iv_s};{woLI{ zfStA%aWZGACDPh`br`pB8Tj59-8OfZ-G88E z*(_Kp>HJyUrYW9e8HV!1JpiOi$VSiDqfnEabk^VV;DgX=yNinK#kb)108TaparXpW zyUQTkV5(si$D@yYAmi694NID2gl2xNGgVT=-(3FKu9?jZz)!EQU^39XP7AhmcN+@D zl>kc~13ZKc>eL9KZN`P~L#$eeBdRUtY6xAc?rRy1wvASFJ5PQLJ1X>>V|D>ap$M5D zXo51fCDmvqvkh-H{PX9}SX4(`tEb`bu%y-z3ckiSTz@ibHWtOPqu`?4DiEGc1EYnldW*L2^ zLV9eJYOfvvFy$Q$$V(4nM z{0k`7cn^RC6=E~v04(1()coW(4wMA{M;v&RJ|5bseA&J{WSwVZT=HPJzFvlk0%I8G zg|B{mnitEj_~_M(rB22W9f0O3kd~pp@ICB_`%T4Rrl)D8C9hLr{sJ-5lib3mu!Yk2 z9~KG{K(XTjE+f^1Hb^dy*7mvpy54fZk?lrWvv+nPf6&6`yzM`Fk8r!pC7WNZ%aUJB zCMLbJt17H>;P_r$P>iv-LRa2_QuEl?cy~sWK9oxmVHu8Snf#if=Pt)l@Fk?wd8SNr z0G6x{NDrZs(!H~h4@8dr3$Hc*roJ_f)S!Ntg)npN^Xtzf06V7%N}KhGX9B%ZQT+uv z^KKI&t4@+4pGf{Fp%2JE32dBP?4i5bK20{XhUf!?zIU-Hjd-GNxiK}t6joc4(K-!Z)pGUIi!w9rY2JEgKq5Y##+;$)7o6w< z#boAj*WIHW`U&P!yr6Z0zD8AwljZ4^$!2b9Gd)keD6LWz?p4kW>TxmF-uBUDA?9)z zV+u>ONZ~E@QllOlptk6Sg&&?&zsQ)Rt~2O^-u9}S6O1#jB^|j)ArD#?QqNmDbWx){ zOH#blbYC|FFSlUV}OBng^Bu#zVOY1sL;xNX4GlpCNXN1i-J@0Jw4{7s&V-$mbdaNa;@&9fRQghKSL-!O-2qmy zal?8?U?w!oa7!B)#2w&I!YT29KigFvBod!<(HvtQ1j*6&zYk{tUyo7HM$m4 zB9hdrI>G(wxw3wJ-<>|FOCc%D!ZqhjJE@=_EV=bcgcQ>VC1R69cjvg1?hDX&{Or|} z#s5M*k-4J4-NN1ZnEGJbJ?I8oxRO+d$W`aPzUyUF zgk4n4M@#Y?R}IT03wI)M!31R_X7%CzLOqOnS>t-bJ*3&BNPnv}>&PL}U-K#mpY)^T zaw+q>p7yJm7zm@r=9P1QBe@wbOM44>cSu(sLvw%N6g$k!R zPO6czrBBi6`3ZXW8_#9C(Rh@T)`rQj4P}zy&$(EAc`YGN;xqB0qa$+QF?~i*$% zbKcIC5$DSvX$8rQK-ziL%yvp32^~|4I^=(lOERrNV)b142hmSQr9d~8OZ&-?%?HPT zZN?}7uNB$4&t@JHe5#H=Jz%k$T|)Z2QOl=YamN&t)SO>w&$Zb;h??DD^fmT{4GSv2 z^6;DK=hoTwkVWiYQ~_Bnh`!2kW69vEG`wuO<3iAuj@)d)-bUN{wPDU1h3B;bQ|XAG zba7R)!y3(ZeauFju1hiy|IiFVAQah#h@DK+W1Pr`n_V=sqYbL}VlBz>%k3+MLO!2} zM(8|n>Mo-%>pFI8Gf0!kv*xp|c%U?KBXrP7nU=in8+Lj88;&R`q z3mR>;RXs;RG-VD`baH|EialS*go2ZqgstGFkpDUpt_9*xp8$(F zUma}jv~IsX2>FX4a-jq$EG>zR2Y)U= zz|sJxgoV@g`v#z)Ss?r!;y%Cl53vIah#jD(Y=2@0S@;tm+}1sfy!lNF0aFP-|L)+}#b+Su|7=bP-USNs&b!}3L zs{c9}-0UwVVf_0ZD6$#+{(&b{z4H3Z>xl1zX#n~aGt={-S_k`s{&`V(1Sqaj&}rj&50YULa(NO^S61T+t88%awG&OXK|s=* zRdIfV{cvh(Dx=*l^oQ@=eD1(K1Zo_u$ea!j%rXk~I*|OCd!{>By5IZg(e&R(>IOAr zm)521)as2DX<6XN4xWjE3EM*0|&0)mNwH8clX4xBHla7TweY#nSpc)!xQ zdrK8lG}G%0_hO2_eml=^&hu=@J)Ccn3cu(Q5;;D3fJ!d#1_6*|4xoPY z6&d7CK+6P5`l)xeXjx%(6_r@S(|l0!*(?9lM5uI=q(Z8UvNEpGq7X4e&^PrnnPHaP z-NT2lg`oz98fN<~(8d&Y53X}x|7-J^Rq`^aJfW8Hk`jp7tF? z0?h3`I79||p+L6Y!z0h({Yq&w(@2YW^V;uX4&aR4-J!Y8*5edgnH(M!5V_%poF}oE za?0fni>P7{^4N&aa!<(gfy#P}{g`iRO5+pTnU7^Lh3c+oEWz3lAG#78%-v)pX&asw zZMCa&4~OHv(UF~cD!k=9IpdhQHG3XCIPA@`b9gOx%we`o4wC=auJ8d4Xt=Wj9sy#9 z4ZdLS_ko~cA1X#FU8y2Vx|`ecKr_i8jrHyw@vmO%MyGO?qtzR9xoxPkb{IFho+Fs2 zDD&i3r@L3Kv!6s|AL9D7>&lbk)8rIruKMBWhBsc;Hb#VohN?adukk=aKgq#JD7I{o zRJqLsKopf?>PJ@*$~O_ayd+feWM)@;Mjrz(`QGlO%E`$|y+AWM%z-z@QgYP5P-PXujqpb}UDeqsz@ zY|BVQuYiIPJy^ZW9afh5Y`%3q>^IIk>7gIeN`v@dSH;`WCzXpJ9JoIk@GE6FOm09} z^hSOxT4~(ai9wBUYVCxp$5b0C-&3NK=VPse05}klAczRK@>%Kz4M@|cDRp}$T}5B7 zv2Gp9OSE3?m^(+KHR-+1eTEZEXmrBQMOEGcp_Q-Oy2|Q-PJIHJWqzT?76Y>qc@69) z*J?3_y9P>4XZ!$V9{?vd2zk~EjL4kKPC;o+gjd*f_Po9G+I%*@qfLH?(* z9etN0-w!`O+Pu9ONkNqzI_X`SpGB9U3M6)5e16(vqp|eR^|GoHmsh3O-AWDZCYxO7 z3|O@pFn?!_*$f2V)K>`Zf|i7pm{uYzT)Pod*kSKi@M^>Ij4e!gU+z*<6NZt7>s33b z0rj<0O{ZeiNSMlGkPMg*AGll$psBE?{oyqOJBzZqi8^6HRbR_u zPw(K7Z_)V#?+~)1-Pol6L)8Y{hF=v-kCQ#l@V& zuQytw98OBFZ##VJqR1RzX+uB)@Xj_Z6R?`!GyRGyquLkV9nL*0Esx7TndTW=+rE8L zAn3JrF&f%*?NF@BpEn-J&2JZdi27|flL~lcIUo#}e9r=k4P;ITdCu4AIS;ihdB-9^ zR>mu;{8Dxy$ud70vtMJRGH+=%kH$4B_^c`95ibbQSxadTr{BEM{*m|n#Nj}3W)0Os z%LuVU2-ge%q+nRNz(fKWXjK`6vUWdN*)5U&8OF*^V!Mj)W2j#3DM%!A`-{k2Q4P-ti*? z0tewLYNk|1a)IUHSC%kCwyl;^ZekJG=di z-}Pz%Kf6cUb+Vqelhrht>rK(ETC}_A)6wELjIor5YrS^Y?p;WD&~KcaoblbB+Sf;zb6}x)LFEZa=fIpyN@UwdVC%Ha|*z=g_I)4&BVjbMAjm zmLDk#)O@@-*{X0%qUHtY4Z^y+{wwey%uR3`*e5eb5M81j6;onavKY$tn_aW0WC@L{ z&$wrlcKsiuAeCQu&pF<$M!VWW0A+R6x*J$FfVqg@06f zaNUFZ%sCs%q(|l$*hMdWj;&S;G-grz-^~S(+y|wPFGt9#F=3kVeV{a-*DwRTzL+dd z;f7{p9#tfO>$tf8yB6dD!vC*yWWC-~y9;}e!{>qEAi40mu9Y#Z=`{*qkxSE-LS&-n z*V#Zi8!q4_xdR_EBHys~Hk{KdbsxJHGQ#2E$#Wa!cGOX%ejyL#R590Mc_du7N#e3x zdujxo+BK+Z((Ww6eeJESVE$6$L}K{QupAs3&t>)s`& z`^ds=5!(Gyg^-j`MGLL4c@8HZ4zV!*33~^!OlFBF2MMB-iN3+#Jt1f#usuIA5x%v=9HiKLLW`r^UZ0k;(N$pFbu;vZ{!Jo5AsnLyr<6%vht{SnsX^o0=Iv;( z(%r7D1ZneWL;$@O0?qnfu2OQNNhm|W_VoFr&;y5&QG*-Um z@7W9FMM&q~C<~6eUu~kt)!5e_8EVt+Z*;h4U2oPnH>@nSoR=9b)M;3}F|VY)Q;S_Z zkJV_nL!(c6diQ3~U<(jfJUVBhrv@5Ti#BnwM!TtT;q8V`2M}}#8);~T>{H-B0JyH5 zW3iYp>YayCcK>>c((PywAW&mma27{y6428GTZjT0vg7AIY)R@g);0-VuFz-w<@f zUWn_ix$a(Qa#_k=W{M{AOk5VXuR>y>G_*QeT`rvm?Sfqr?2pFXwn+owJc*|PSr4c& z#<6%dIDM#)d&MF=Hp4*ADWQMTOTe!9bNYPw`$J?tPC@_>TbUI4@4eLmHx^6ZP<6Tc z*88W~gk_!{@{|BfXG53nrAN3x+COJ$h;ANetTeegXsAn289e^4j;RljuJz!PPxP9V zt7?fFvOFhWM{BF`bgs&;w*4HR8{Y=ta<-|@(e91aF0w+8lF$;*^TwzE2y14>W6&-- zzqroDMd>+;<)!g#u~TcW=8w2dURDelW|URy$joeEpkXet!5}%*Z%EMHjbj~UcZ8yAWiK0X+5H#fq8r5cimSd#gZ4azABow-5SX{R^#)POV% zP3TDEebh)!S;P_`4-Cfiw*PKxJq@&9AvVZj1*NOrN_Jtlby~PL{UxrGuX(Akl6x!2 zSc2&|nY5ZFJ-Mt&4&4=)*ufEXimybt0d@neHQ%gYu(DzNjG%w4alL z?wc_}KaKe9P5wcz~@YdiSHNDqkOTd=$QtKKjU_y+NC5djE-F-H$0n zvkMfMo#JUi1rtODCwl6De858Rr?8{Rf;lv3)M^Uh%}r!Ox&BDYkjqT9p$!3ap)Sti z_QP~T@}sXW1tyMbG}|93cZf~I1yg{&g+A=AMt0*l%S`0qK#WGidb{q` zc5rse9|9$TttQSuB0~%WQNto?UouJxK6t<)tQYI%Gx3f5{LB|^Q920Fl#8tQjfVO6 zMD^OiqJ}wa%jCey{xSS={w_oJ@&~Uw!eM%$lgm9_0mMC+*NfgFvjFHnBzbiKaE@78`Ob6&^BM@m8@V~rddy2Ho z6o?$eQcMV*heO5MjV}D(>YLtxeE|{#t>eQB7-$p29{eSVOA<8s9G96nKePGy9!wDz ze}j`#@WBMiBPcr~Mz39B>g3uSpKm09}N! zvWi9(ifbR`bYvH?G5~e~u>Bl=9v*<;VlX|~2VM4?Z0r<`GT)%p0bC}zuZz_BLBfKU zr!2RJ9G1wjwC`Jch_@zT`X$N4JuHCpC5IQ3J?nYk&-lv0-s;6_Z%xpOp^yETD+iad z;Gt=du*oeNLc0nxkg_>qO7a0UAEP9gcC%ABrOt?n^mg^z0Mo09ECtRn4u8InUU}T` z^&>W@!h*wJ2sZ2E;^{a%gGsx9hh(0WsAc+akq z@Cgh`?omCCqw?a}^%B-}EP6e|p}5+|EO22ZW?Wsln29a0^CIPxXl^$8V^P-fRVNog zQoveuQ`U|bK#>vVP6sae2-N~0jTBhqSv2sjbkppaf(1)%qvYgI>n+Z?W$?CLU;faJ`tE?c46&%IAKpUid7?~P`q z?3!+pOxz^`{$k#7XfQwxZbn0@A}CC#LFWE84udO5f8a{IZ0e*KtK6=~Z($fn^Z$`B zOm5~L5sbchVlA+reGc+&e;`(T&eo+8lx5@HxBeQy&6_?juITNxV)}eQH%}o{I#_QJ zON}$4#L@zd3q~B-u#cE=$-^G)qA(A{ZMcIZu++ti2B7n}F}ZENo#Q)nbL>41vw-T}SRG9Q&{;po-89)4;PPnYw3Z|S}pGFva#Cv}t_E%P+vu1m!*Hf;SXJmt9e%4GQX-Afd}2 z&`BEc(#t5yG*afVGOFvJv;xdi@}J_8^z z9pu0Wl3FQ9kGRvsoRSS2STFhfWOsZ0OkvE=(JNn_g8gbg;FGssp7nB_!0pue_r}_k z?I>$mnw0|gdk0$Yt#x*IsS)4Dct-r?$?-!|w2s1a#9Vorl{75xQlka|ea>L~-&8KJXpXTvs~{>ZTgRtTQFdAy zGK6%8O2$RBR_&w zf@CmwH=elW&}$--+2#>Qx$?Rgy+gM7w6p^`%g-H2ti3f`8_@yFhOhERe6SUz8Om@`l@GEYe zD0U6FM`vm|o()<4*{q+a2C>A7%TEL{&_CNuD}d4?EnsYsOPF+e^%t%7ngKY(ik{X z{=caXGEdM{)~Io*)&(7*Mx(YO#GV+}I!*6l$nn}DYkzrKik*!khcrDVDi1iZg7&~P zZwr?EErf`Z2wB>P6;QRa*ni;v(pO>o$2U2e4`~v@a_i_=%zS=Ur%wTIoKh!yggi{z zh7;UO5c?|qxWFUgse5kQ-DqzwtA88|MARlb(V^Z=a2MdNE{Z)D?N1wohZjmnWV1~a zCK=4)8BaIjyOoq2Q!i|^rkJlyFxVB43xpe!XK`eFT;^N{oa(5q#g>7}}Yb#V^$y;tp)TKR%@+6klL<@sLlisH%`e32g0BRReYUijc; zcFT!wZSAyZsrd5VS6>8+9&OFNh>Iim#*<_5U8P-{!wsW5IPee3pylV{Ns|tqqgpaZ zx_>?&yEUuEL;6Cd<0!JTK5YNF%Jx;ly5Ki_2-iwV#8gBI&2$3J2}aGAb6{ z-WtL5La?X@78OCw#e4FF(yJfMrQbqj zav?e0)2(mg+P}>K8h8FRzWHIwDG<~mqn_S_3g;Zo+Y=Cc#9s1nl@Sy=i`?4L_)>`- z+`aDwNy-ER+JB%B!-~aC4+A>S=)9;IGUs$d)f7E2k6UqfUBVnpdih59L-Stag#7g3 z<1UjCe+H}cBv$cKAlK8rV22=_t@M9|i7Fb|7N)tq^ z@eLX`#l?@uQQb0Z7`caSx_Th(BKu49$)C}muT3+ZqJmIdrc6@cplgh;6$vbz7R=6k z$We04@q>%@=S$yZscz?a^?Is#>yH@5Y?aH_!biW;Y#|P;qgZxSuq8N7w1im603+z5 z)eovNSbbZMG0`&s%{@o1XUv!QnZSrT9`x}5k`p9CEQ#qlM`tI*`4?XjN~EdChf!k8Yiv zoX5;x7%~adA79XP#pxgKWibLB6C*$+cXyAQ7cL-MizvZD=c$FR%T0cZFAg#id439A zWbxLgK7^@-esxbhFsVNJ4R@zH=W~m$Te<34WuAILNB>#IB_7-RJ%5ykeq@7zpnR!| z`@{*EWl)AsQaFrT?ov9tja&n)yBmk(Db7Mgn#PY@r}I~R7)+K79m>ygT2zCn-Tg(% zz($JTG1;upwX`wI_=7u`q8}^bbBTuT>cb0OP8K=w)wh4p9hg}WAujU~^;}z}zRr#9 zaaqA^WgdD8beqwfC27Do?ocR;;Z!^l1HfPf67wHA)Eu1j8SW=G&?t~OiVb==nT)qP zI6Na?a;~>6eKxU{w)xBrP!a=z)k(S}4?Q$xy7a!1qCqVhIf<>(^Z^iq3A+~UWnRbY zmn0ZOSueX`ko}o3yyfIsl-EQ*ubeQvfUk%nvXKJVLI6tIyOT~a?Sz~B<~)?I_~=fD zs_XkIIq1ul_FHEWYd};nIT|KCenrG3dAZWeu*dVoaoX zXHVopKHqWBAu$+ZWw1bGK+j8`YEkp^U(q83D*1@<__6<^7FL87?rbrIvHu4G-2UUuK#{DW0BCU>piT)=5DW z5LRZ;?czYqvQ*w~$UMr+?-Hp1>wlitQ8T=Z1VVbnF>%FxC)p;4k$6S3=dbZO&?c1;^vWRiQ*3%a!C~ z_S~G1Djhw`Lq8*FP-x6ki{@x85bjk9BeM9ogR?hBLRR}Po_mbLi7r7AR!&kS&-v)# zun|~izg&lgrqfTmka#3BfFM+6{xU1(*ay*dL@DlfF@0PcK^j?fM)tHfSqpN3EGqob zWcVPEOL%`(YRqytxd5jFEqxrXkzLjEOTf5^Bo6t6+*J8PB(Kz6(j`|=ebQNSH^o>_ z@I~8fGmqGhSoudODb}|Qbu~)^9~2EA=b{7p4)sgG9ef0&f5=qRPAA<XtZm{%7EMB8?Y+RhRZx}2X6Oculn?a9z(gq zfpfl{bY3NNTnzYjA#&Z+FI#!FOvj5&ezs?4tTONRE4Zi(JZ{jVmyMc%@z^Pr@9&$1ytH~F}%jkL^j^~?Yn z!JJ$_3G*y*saM3kaQ;6D@zgsIL=u8K6Qo|Q7RMJ{#u=_EO%KO4bKOrCZ>o-VuX2s{ zXZi@>u$i6)1y5_?8t#*Bj?hdq+s5xLM8ag@vPY1&+3#pVc6D5xvX*`j9NpzXK_8kXi z+2U+v1n|md(gl#CZ-pFT*7k4Dr~0D%B*tWG{z+dZ9dj`Ttt}%qHq4h&)M0!T>ns~u zyBHZAIlinZ8vZc}s$oL@NrM+nNIbw|wtXl8fkE!KMl#@w{o(g&DKDi)Kwq4B`gR%7PP5Q?$N4>iR+26;Dlva^7`i42(%c;tc78_Icz>t8?u=4KlV`&ju{ zWR(at{dG%>8i3Q+OQm!5ZeHaBbOI&mfKG<5=9S0BZo$_?A{viZJ%Cp!cB)(XkA3P> z?*>xqy=-++f8$80qGt(izIgkb&mGpKrWiPjh4C#8uyKK!rTjk{4*=-ev-VZ~kl+N? zlO-C+(RGB`nB9-04xzuH=bgwKK$$Ix^!I|tbLKPxTK0hXi42)L1@YL)0ah220|82D1KudL1B0$eVi$KY&l#Olz6k(l2QvE$mgDXalJ|D-!4wQ2wsJ3xOOy6Y`zK;Mek3`;y--UiR zpXq;U(3!xQEpJ=W#>b=>9&s4&_gX0S1fy22U(a2addz%R|8OU@v&m0tc}w#v9j9pt zheRrg(n3<#`Zm=V&k$5+NlF?v4E-AXg-)y6TeX|^T+IzXm{Q&NxDDb%0@ z`(NxU$Au)(22d&V016VJq_d-c znO2@@H9ARemw9G+DmmPCHp9skqryfMt8ZsE#dtR+u0LzERCK-tPcP4Ssc3nm4LLdt z-7nvH#lXdARPcLkX}URw=cu+VOb4PP{+KP|)tzBt7v>jh09OIXE_(jFhZWXf%N`&{ zFg81iKi0dpE!+g*vcxi7n!IcPs)nGHOUWY*13x z!+)B(f(*)bRq~8nqH1wrYwT_f%hp@g;%cxY?dSRF#~1z5AaG#2Sz-XiSs#d%0p zGRPazRR!PV>T8+G1LEw}J*4ZS$#NC&8uO^!=@uua}`UzVv>sr%4>D zO9yVXwVf+5!B2{zevHl}UZl>h$A{Z%Ke?;hATqUv)2c0XX*FcL&0yVAO(UgnXMp(a zdzGcqcLpdUP^&uu3T6}OVjRC~4gV`e%!0-@X{msd-}+EM6d(rB-^gCs|6pi1C$O=; zW2OSv9Cd9zYpEQuE6Mc$lLgTxK|o`{wy|wQslB7 z49e`3vhMVqX$!*ZX>FBI!OH>abw-IIQc~}=8{Bwbu*m)Jq2Q9s)P|{=z|GpeaSCRz zI6e%+Qleh-rqTVl?WjA-t2&rAcSVZRrfFHZd9dI`vZLejHTJHXxiM%b|cUBfAl z^49_0~j23Qzsah7)b=bguml#0wyojJnjD* z~<2!~(v}V}3-C z@_Q8aSinz4<~#})6aV7WKfdkH&{|=_a9SO!f5iwK!17r= zYk84Cz+}qA#M=KBi#zbl)t86u@1{w&zd5GJOG{&&@TB`%z2>*%+Lj7f$VR~0q=pQND9^edB0p( z*6$u*2l?A_D?qa1KTym6H;56~0v3|s`S(4GMZl8<{~z=G^0oiRJZOAx-)5IrRJiE! zuM{`alv-@=^_$q^N7fSsvP}SI=|kXxzGY!{Y_dDN%{H~#2{tu~o;FwQy=LVUHtGB6 ze0Zrgt}k0`ceula?DQ#%1NO0$T)U@lPKvij5bSz9Nbg-52VDRYl?M@dYWhn- zG`!iGMaIXJZA3l|$y@~;ULgdb{i zUiOh-00;E79cIa(4ny_5YHtTl4>Sr3X`X#!d{h(D7|8LN`gTUvtH#O&_X{h>)R^jH zWp{!Ct1@q&2YHp1gziObC*40UN1V%*_dcJnYg^llZmL#kl;W9~^S7Q2os2~yZrD%O zOLmaIOJMsS-JJP18|WIxyC|xvbW^?3(9PazO{QT6rIVtxI)qTJD4nFXps5%_jJ>sG zN`)2;X4FVR>=m-8R?}*Us-$AAq=tsrB}k$-bI+Y~&;1wf&+kvqIq!R(_wzj8@0a)F zoJXyDOfziD98738n^QF}<1Nt^|8cp(KB>Fssl8wFGj3<}5P1HTK*0uOYq8WqHzeD4}6)@K{Pe$ z;To_g-42Gc3(H*-Ngwsdg4#Gal8PtTfLiQT6bm=wgHWG2b);@|f7Iw;LRvsCia1O3 zE=b>XPJl&YvO&_T4RVMuf%Q1bl(j(LT@Es%i za8jldLrND(ACBU-zi;@@ukOL<>Y?M4=G^v>4MlI9=iS-EndO>>of;T9(tNZjtq=Yg zSNY>phGRD;(#o+uKcqX{!PmvB%w*}tQkl+fi!)@-sMoMXHlU>8p9pqdms_<|A+mbM zMTGY-$hNqYv_M-*YFc2euPD@N#?HzC6JB<_TBJ!Ad)f-dP)+Ubtz1j{z@7#&G6#&D z>`G`A%@QT70jcTnQN#HjVsxhV-QJ7daT8KB6u8e*N{@=Yb;ZHJZpWNX4pwYiAW^HL z$FiL0w34v+x!m-fcUprM;Ka6kTNt%)Ttk&BrYZxp6kxtliP$C;*?sLq|89#uVPuc2 zM=l>S^mDze@hVg{cDr03`*<+mMPuZ9aoyG%jLEO#XVt_7(7rN47l8v<_Ncv;)!tT1 zXz4ZpC~s^dZoU}>>An+&pGuV_j>&mngs8kBOz7aeVzHOR&a9ATu-^Kch5n$jAIP;-@*rz+{*$T)hpUwRg zlb6tvm^&lk&AmT9@EkCO3VeXQgKw`C2NsySEuKT=s~9!PK=GA*p}9(mM5yHDQ(MGK!K%E zE*NhdG89=|kjl#637Mo2u3G@58@-|Y#y5_R_QE#PJCqx-H>*o1Qj!dAvUnHSb z37oaq;p{Do0dE^YB^~+)PsNOBzUOVmCdvQCo{#BACAGmoeYOo40TTN*L`8rJp4o>) zOC6%~jT4k)AtPY=#&5wAOVQ+Oax4Q{>IHQSUwAGk3Y;47-&N2~K($s&-aqx%0`jBm;?!v~qf3&1w)3m-njz08d~{d*=h z?bd@Hm0yAm$3ogs{jU;`;p7Ms)h)#sBz!|(JuP0(TZwPH6!Y1YzB3;p3IaSd-+x@z z@VSKIN*I_0P68QL3I>4}-c zTDe3W*t>VD8_Vy5_#33t+Keem(gg#RL&i=WI7gEn>l8bTe=9XPh#qmEN(#l=0 ztB!_=nA2XRPI{%g#`nYB@1Bp|VZOIIB>vlP;aM`mm08ce49va9_<|7P)d=1IkG3^% z%(jEj0^@X^ZtImj1OSPYM9dl4aFW#Xx;Y%m`$YQ^D%%;u`aXuToR@PeB6x+l+*tNg zb8#{~zDR#XGDcb`(kw4fp>G{}BJdbC@{YkH?v;i{J<9M)z_kfsTciKhMN!Oz6E0p`@?rkIaz->8-Sk)Yqe@tOV-zM zUTvz9YUvWyY9O`A6BX83n#z@4uu8E`cn+}T-xy@zy~A`n(tT;}BB<%c%I8WSMJHHg zS&6&FoVEe8zc@tCNSV1wdeJsA+=IL;S!4MK4OVhub)|;?JDKS^(2vc;r(0WoLwC8N z#Eh(MSQS0hzscreIb^rxiJ{8m>i@E@Qay6yZ(3C*pIuQ-ng6fPKYdjzu|5#t*|~yJ QW`A#Ufn58c&M`3MUow#Rz5oCK literal 0 HcmV?d00001 diff --git a/docs/en-US/images/release-ip-icon.png b/docs/en-US/images/release-ip-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..aa9846cfd9bfd7cf6e626c856604adb0231f5a3b GIT binary patch literal 815 zcmV+~1JL}5P)X0ssI2LSV8^00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0>nu~K~zXft(9v} z+E5&a`z5z*-tTeQ8>db--v{pbYpdweJ-(i2& zmlT%FCeMqLp7VRo$@!h6NIc2eF#P#!?^)N@H$Bv8u~aTqsz~kODSK0vgk*}hyT}6< z(ePI5k5~D73E8t^G{Yg)+G8eHln~M%b`gH0Qhi8Y-%1E|Mq~I1Qm)i5vjqw9f!7^G zO65A2$xDbYNIQuja$l;kDPBT6r?G~&SgJ6W*;d%>&aR$*bZ&uWQo@>Of}2*My?uku zBSJLg2}By+yJ9(UkrBo6(>^pj+S$|h;#J4IRxhl9Jzl=gV<0(YNnq(_`aP9o@Z)x)pRz3&ydDDfkFeut#%{I0-d+yS*#X$xBh9G_(25 zpis>M;2Ibn?H?R@Hz`x7HPfnDqsbhjndYF|caGtwNWO3viX}yf#94+*ZyQY@0=4X; zQYKfyST&g&Mpop1eY^DZpvq5VctP@P(1{%$px%tC3x z3y~|;&EA6}kHh6{=e1aEa>a}wHSC&ME(L7u7zMRbjlxc1UebQ(Y3HRAtef;LEa`WQ zrUY{#D4?;;ErV9Kd=d!4Sj6ih>=@C`3z=Ag;qwJ9eFfDE3K*m^+3Q>(LMKIAf&axm z=KhDbRi$mdI}UNX6PMom;}_=k!uxIg&i>=DI7#W&Hu&6)WM0x2u~*^ tLHe}%FVAOVYuDyDytyq_>ksgs{{s*fW(qxYbS?k@002ovPDHLkV1fZdctQXG literal 0 HcmV?d00001 diff --git a/docs/en-US/images/stop-instance-icon.png b/docs/en-US/images/stop-instance-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..209afce50863f66b5e3c476e39048adce588f614 GIT binary patch literal 955 zcmV;s14R6ZP)X0ssI2saFY200001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D15imsK~zXft&|H> z8fO%S_a}Cew8^9zQL42vAeZHihF~fhs3M~!79E4O1gan?W?`?~uZt|oHDb+}W;*S! z=wX;)Hf++`&d$8EbN1|cpYJHCJBUF}cbbk|F1d~Om413wW z7K-Is{$N;dw2Vup9*<2-N@t!e*+Y@o`9=Ga^&?4~&LBj(Qg2?3h)U*Ao$-r%55}HM z&dL-rg?f5c1`FJK@Ril}eZI^IEhCvYnL>zEiEDKEO65ulrDj|r)#{8pd;0{POy`OT zoOZ5l$mA+mz+hf1RJak>$ZecpkVLWwJr2ck&F9N6BvaFtMH@jTdpEbO?scQn<1RZJ zn;wJtsak7zGWm^r^CjOUjNc?^B*7G__0~`rk(`*4s?-IsmaSDl3IkwgqYR~sGAZ*L4Z0&N8q?oKyt%E*PsQxG%O=pWn^HUf- z-zAJ=7=gs_RH0HE%H`fts8Hv+yTo#k#7IV=L?zN0n1erXSZ}nmh4Pa9#kX^EzDpQK zPBG*JqoH~z_oioFtzBMmK;|q?$mi7q?k|C0mAil>mY^1_Ht3A+62_s(382Yrp)}OK z|22%#ykLdiH97;#q0fCCJm>0znqQB?b8@9zso}eXaVQc+qHoAdzBCk0GN|4xpVv&! z&cSB_Zx7~Bt2iB_UwO87);2chWQwoHCGaMG-1e3# z)jObL2?4s2$rZM?y(WtlPQt^-WB0#&1XtNCNgA2Bg;p9c5^{-qY^k;p1ihXW;#5i$=m643|MBNvH}7r_k54^b--^>M dmJF6>e*@N1c>gkEq7MK7002ovPDHLkV1kB`%5eYy literal 0 HcmV?d00001 diff --git a/docs/en-US/import-ami.xml b/docs/en-US/import-ami.xml new file mode 100644 index 00000000000..ad3a74ed7ce --- /dev/null +++ b/docs/en-US/import-ami.xml @@ -0,0 +1,93 @@ + + +%BOOK_ENTITIES; +]> +

+ Importing Amazon Machine Images + The following procedures describe how to import an Amazon Machine Image (AMI) into CloudPlatform when using the XenServer hypervisor. + Assume you have an AMI file and this file is called CentOS_6.2_x64. Assume further that you are working on a CentOS host. If the AMI is a Fedora image, you need to be working on a Fedora host initially. + You need to have a XenServer host with a file-based storage repository (either a local ext3 SR or an NFS SR) to convert to a VHD once the image file has been customized on the Centos/Fedora host. + When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text. + + Set up loopback on image file:# mkdir -p /mnt/loop/centos62 +# mount -o loop CentOS_6.2_x64 /mnt/loop/centos54 + + Install the kernel-xen package into the image. This downloads the PV kernel and ramdisk to the image.# yum -c /mnt/loop/centos54/etc/yum.conf --installroot=/mnt/loop/centos62/ -y install kernel-xen + Create a grub entry in /boot/grub/grub.conf.# mkdir -p /mnt/loop/centos62/boot/grub +# touch /mnt/loop/centos62/boot/grub/grub.conf +# echo "" > /mnt/loop/centos62/boot/grub/grub.conf + + Determine the name of the PV kernel that has been installed into the image. + # cd /mnt/loop/centos62 +# ls lib/modules/ +2.6.16.33-xenU 2.6.16-xenU 2.6.18-164.15.1.el5xen 2.6.18-164.6.1.el5.centos.plus 2.6.18-xenU-ec2-v1.0 2.6.21.7-2.fc8xen 2.6.31-302-ec2 +# ls boot/initrd* +boot/initrd-2.6.18-164.6.1.el5.centos.plus.img boot/initrd-2.6.18-164.15.1.el5xen.img +# ls boot/vmlinuz* +boot/vmlinuz-2.6.18-164.15.1.el5xen boot/vmlinuz-2.6.18-164.6.1.el5.centos.plus boot/vmlinuz-2.6.18-xenU-ec2-v1.0 boot/vmlinuz-2.6.21-2952.fc8xen + + Xen kernels/ramdisk always end with "xen". For the kernel version you choose, there has to be an entry for that version under lib/modules, there has to be an initrd and vmlinuz corresponding to that. Above, the only kernel that satisfies this condition is 2.6.18-164.15.1.el5xen. + Based on your findings, create an entry in the grub.conf file. Below is an example entry.default=0 +timeout=5 +hiddenmenu +title CentOS (2.6.18-164.15.1.el5xen) + root (hd0,0) + kernel /boot/vmlinuz-2.6.18-164.15.1.el5xen ro root=/dev/xvda + initrd /boot/initrd-2.6.18-164.15.1.el5xen.img + + Edit etc/fstab, changing “sda1” to “xvda” and changing “sdb” to “xvdb”. + # cat etc/fstab +/dev/xvda / ext3 defaults 1 1 +/dev/xvdb /mnt ext3 defaults 0 0 +none /dev/pts devpts gid=5,mode=620 0 0 +none /proc proc defaults 0 0 +none /sys sysfs defaults 0 0 + + Enable login via the console. The default console device in a XenServer system is xvc0. Ensure that etc/inittab and etc/securetty have the following lines respectively: + # grep xvc0 etc/inittab +co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav +# grep xvc0 etc/securetty +xvc0 + + Ensure the ramdisk supports PV disk and PV network. Customize this for the kernel version you have determined above. + # chroot /mnt/loop/centos54 +# cd /boot/ +# mv initrd-2.6.18-164.15.1.el5xen.img initrd-2.6.18-164.15.1.el5xen.img.bak +# mkinitrd -f /boot/initrd-2.6.18-164.15.1.el5xen.img --with=xennet --preload=xenblk --omit-scsi-modules 2.6.18-164.15.1.el5xen + + Change the password. + # passwd +Changing password for user root. +New UNIX password: +Retype new UNIX password: +passwd: all authentication tokens updated successfully. + + Exit out of chroot.# exit + Check etc/ssh/sshd_config for lines allowing ssh login using a password. + # egrep "PermitRootLogin|PasswordAuthentication" /mnt/loop/centos54/etc/ssh/sshd_config +PermitRootLogin yes +PasswordAuthentication yes + + If you need the template to be enabled to reset passwords from the CloudPlatform UI or API, + install the password change script into the image at this point. See + . + Unmount and delete loopback mount.# umount /mnt/loop/centos54 +# losetup -d /dev/loop0 + + Copy the image file to your XenServer host's file-based storage repository. In the example below, the Xenserver is "xenhost". This XenServer has an NFS repository whose uuid is a9c5b8c8-536b-a193-a6dc-51af3e5ff799. + # scp CentOS_6.2_x64 xenhost:/var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799/ + Log in to the Xenserver and create a VDI the same size as the image. + [root@xenhost ~]# cd /var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799 +[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# ls -lh CentOS_6.2_x64 +-rw-r--r-- 1 root root 10G Mar 16 16:49 CentOS_6.2_x64 +[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# xe vdi-create virtual-size=10GiB sr-uuid=a9c5b8c8-536b-a193-a6dc-51af3e5ff799 type=user name-label="Centos 6.2 x86_64" +cad7317c-258b-4ef7-b207-cdf0283a7923 + + Import the image file into the VDI. This may take 10–20 minutes.[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# xe vdi-import filename=CentOS_6.2_x64 uuid=cad7317c-258b-4ef7-b207-cdf0283a7923 + Locate a the VHD file. This is the file with the VDI’s UUID as its name. Compress it and upload it to your web server. + [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# bzip2 -c cad7317c-258b-4ef7-b207-cdf0283a7923.vhd > CentOS_6.2_x64.vhd.bz2 +[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# scp CentOS_6.2_x64.vhd.bz2 webserver:/var/www/html/templates/ + + +
diff --git a/docs/en-US/increase-management-server-max-memory.xml b/docs/en-US/increase-management-server-max-memory.xml new file mode 100644 index 00000000000..d4ac19663e1 --- /dev/null +++ b/docs/en-US/increase-management-server-max-memory.xml @@ -0,0 +1,16 @@ + + +%BOOK_ENTITIES; +]> +
+ Increase Management Server Maximum Memory + If the Management Server is subject to high demand, the default maximum JVM memory allocation can be insufficient. To increase the memory: + + Edit the Tomcat configuration file:/etc/cloud/management/tomcat6.conf + Change the command-line parameter -XmxNNNm to a higher value of N.For example, if the current value is -Xmx128m, change it to -Xmx1024m or higher. + To put the new setting into effect, restart the Management Server.# service cloud-management restart + + For more information about memory issues, see "FAQ: Memory" at Tomcat Wiki. +
+ diff --git a/docs/en-US/incremental-snapshots-backup.xml b/docs/en-US/incremental-snapshots-backup.xml new file mode 100644 index 00000000000..db6de2fc51f --- /dev/null +++ b/docs/en-US/incremental-snapshots-backup.xml @@ -0,0 +1,32 @@ + + +%BOOK_ENTITIES; +]> +
+ Incremental Snapshots and Backup + Snapshots are created on primary storage where a disk resides. After a snapshot is created, it is immediately backed up to secondary storage and removed from primary storage for optimal utilization of space on primary storage. + CloudPlatform does incremental backups for some hypervisors. When incremental backups are supported, every N backup is a full backup. + + + + + + + VMware vSphere + Citrix XenServer + KVM + + + + + Support incremental backup + N + Y + N + + + + + +
diff --git a/docs/en-US/initial-setup-of-external-firewalls-loadbalancers.xml b/docs/en-US/initial-setup-of-external-firewalls-loadbalancers.xml new file mode 100644 index 00000000000..8cfdb6a79d4 --- /dev/null +++ b/docs/en-US/initial-setup-of-external-firewalls-loadbalancers.xml @@ -0,0 +1,19 @@ + + +%BOOK_ENTITIES; +]> +
+ Initial Setup of External Firewalls and Load Balancers + When the first VM is created for a new account, CloudPlatform programs the external firewall and load balancer to work with the VM. The following objects are created on the firewall: + + A new logical interface to connect to the account's private VLAN. The interface IP is always the first IP of the account's private subnet (e.g. 10.1.1.1). + A source NAT rule that forwards all outgoing traffic from the account's private VLAN to the public Internet, using the account's public IP address as the source address + A firewall filter counter that measures the number of bytes of outgoing traffic for the account + + The following objects are created on the load balancer: + + A new VLAN that matches the account's provisioned Zone VLAN + A self IP for the VLAN. This is always the second IP of the account's private subnet (e.g. 10.1.1.2). + +
diff --git a/docs/en-US/initialize-and-test.xml b/docs/en-US/initialize-and-test.xml new file mode 100644 index 00000000000..ed251a7cee4 --- /dev/null +++ b/docs/en-US/initialize-and-test.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Initialize and Test + TODO +
\ No newline at end of file diff --git a/docs/en-US/install-database-on-management-server-node.xml b/docs/en-US/install-database-on-management-server-node.xml new file mode 100644 index 00000000000..e80f09c2796 --- /dev/null +++ b/docs/en-US/install-database-on-management-server-node.xml @@ -0,0 +1,82 @@ + + +%BOOK_ENTITIES; +]> +
+ Install the Database on the Management Server Node + This section describes how to install MySQL on the same machine with the Management Server. + This technique is intended for a simple deployment that has a single Management Server node. + If you have a multi-node Management Server deployment, you will typically use a separate node for MySQL. + See . + + + If you already have a version of MySQL installed on the Management Server node, make one of the following choices, depending on what version of MySQL it is. The most recent version tested is 5.1.58. + + If you already have installed MySQL version 5.1.58 or later, skip to step 4. + + If you have installed a version of MySQL earlier than 5.1.58, you can either skip to step 4 or uninstall MySQL and proceed to step 2 to install a more recent version. + + It is important that you choose the right database version. Never downgrade a MySQL installation. + + On the same computer where you installed the Management Server, re-run install.sh. + # ./install.sh + You should see a few messages as the installer prepares, followed by a list of choices. + + Choose D to install the MySQL server from the distribution’s repo. + > D + Troubleshooting: If you do not see the D option, you already have MySQL installed. Please go back to step 1. + + Edit the MySQL configuration (/etc/my.cnf or /etc/mysql/my.cnf, depending on your OS) and insert the following lines in the [mysqld] section. You can put these lines below the datadir line. The max_connections parameter should be set to 350 multiplied by the number of Management Servers you are deploying. This example assumes one Management Server. + +innodb_rollback_on_timeout=1 +innodb_lock_wait_timeout=600 +max_connections=350 +log-bin=mysql-bin +binlog-format = 'ROW' + + The binlog-format variable is supported in MySQL versions 5.1 and greater. It is not supported in MySQL 5.0. In some versions of MySQL, an underscore character is used in place of the hyphen in the variable name. For the exact syntax and spelling of each variable, consult the documentation for your version of MySQL. + + Restart the MySQL service, then invoke MySQL as the root user. + +# service mysqld restart +# mysql -u root + + + Best Practice: On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly recommended that you set a root password as a security precaution. Run the following commands, and substitute your own desired root password. + mysql> SET PASSWORD = PASSWORD('password'); + From now on, start MySQL with mysql -p so it will prompt you for the password. + + To grant access privileges to remote users, perform the following steps. + + Run the following commands from the mysql prompt: + +mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; +mysql> exit + + + Restart the MySQL service. + # service mysqld restart + Open the MySQL server port (3306) in the firewall to allow remote clients to connect. + # iptables -I INPUT -p tcp --dport 3306 -j ACCEPT + Edit the /etc/sysconfig/iptables file and add the following line at the beginning of the INPUT chain. + -A INPUT -p tcp --dport 3306 -j ACCEPT + + + Set up the database. The following command creates the cloud user on the database. + + In dbpassword, specify the password to be assigned to the cloud user. You can choose to provide no password. + In deploy-as, specify the username and password of the user deploying the database. In the following command, it is assumed the root user is deploying the database and creating the cloud user. + (Optional) For encryption_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See About Password and Key Encryption. + (Optional) For management_server_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; properties file. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption. + (Optional) For database_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; database. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption. + + # cloud-setup-databases cloud:<dbpassword>@localhost --deploy-as=root:<password> -e <encryption_type> -m <management_server_key> -k <database_key> + When this script is finished, you should see a message like “Successfully initialized the database.” + + Now that the database is set up, you can finish configuring the OS for the Management Server. This command will set up iptables, sudoers, and start the Management Server. + # cloud-setup-management + You should see the message “Management Server setup is done.” + + +
diff --git a/docs/en-US/install-database-on-separate-node.xml b/docs/en-US/install-database-on-separate-node.xml new file mode 100644 index 00000000000..4dc10bab481 --- /dev/null +++ b/docs/en-US/install-database-on-separate-node.xml @@ -0,0 +1,86 @@ + + +%BOOK_ENTITIES; +]> +
+ Install the Database on a Separate Node + This section describes how to install MySQL on a standalone machine, separate from the Management Server. + This technique is intended for a deployment that includes several Management Server nodes. + If you have a single-node Management Server deployment, you will typically use the same node for MySQL. + See . + + + If you already have a version of MySQL installed on the Management Server node, make one of the following choices, depending on what version of MySQL it is. The most recent version tested is 5.1.58. + + If you already have installed MySQL version 5.1.58 or later, skip to step 3. + + If you have installed a version of MySQL earlier than 5.1.58, you can either skip to step 3 or uninstall MySQL and proceed to step 2 to install a more recent version. + + It is important that you choose the right database version. Never downgrade a MySQL installation. + + Log in as root to your Database Node and run the following commands. If you are going to install a replica database, then log in to the master. + +# yum install mysql-server +# chkconfig --level 35 mysqld on + + + Edit the MySQL configuration (/etc/my.cnf or /etc/mysql/my.cnf, depending on your OS) + and insert the following lines in the [mysqld] section. You can put these lines below the datadir + line. The max_connections parameter should be set to 350 multiplied by the number of Management + Servers you are deploying. This example assumes two Management Servers. + +innodb_rollback_on_timeout=1 +innodb_lock_wait_timeout=600 +max_connections=700 +log-bin=mysql-bin +binlog-format = 'ROW' + + The binlog-format variable is supported in MySQL versions 5.1 and greater. It is not supported in MySQL 5.0. In some versions of MySQL, an underscore character is used in place of the hyphen in the variable name. For the exact syntax and spelling of each variable, consult the documentation for your version of MySQL. + + Restart the MySQL service, then invoke MySQL as the root user. + +# service mysqld restart +# mysql -u root + + + Best Practice: On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly recommended that you set a root password as a security precaution. Run the following commands, and substitute your own desired root password. + mysql> SET PASSWORD = PASSWORD('password'); + From now on, start MySQL with mysql -p so it will prompt you for the password. + + To grant access privileges to remote users, perform the following steps. + + Run the following commands from the mysql prompt: + +mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; +mysql> exit + + + Restart the MySQL service. + # service mysqld restart + + Open the MySQL server port (3306) in the firewall to allow remote clients to connect. + # iptables -I INPUT -p tcp --dport 3306 -j ACCEPT + + Edit the /etc/sysconfig/iptables file and add the following line at the beginning of the INPUT chain. + -A INPUT -p tcp --dport 3306 -j ACCEPT + + + + Set up the database. The following command creates the cloud user on the database. + + In dbpassword, specify the password to be assigned to the cloud user. You can choose to provide no password. + In deploy-as, specify the username and password of the user deploying the database. In the following command, it is assumed the root user is deploying the database and creating the cloud user. + (Optional) For encryption_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See About Password and Key Encryption. + (Optional) For management_server_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; properties file. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption. + (Optional) For database_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; database. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption. + + # cloud-setup-databases cloud:<dbpassword>@localhost --deploy-as=root:<password> -e <encryption_type> -m <management_server_key> -k <database_key> + When this script is finished, you should see a message like “Successfully initialized the database.” + + Now that the database is set up, you can finish configuring the OS for the Management Server. This command will set up iptables, sudoers, and start the Management Server. + # cloud-setup-management + You should see the message “Management Server setup is done.” + + +
\ No newline at end of file diff --git a/docs/en-US/install-management-server-multi-nodes.xml b/docs/en-US/install-management-server-multi-nodes.xml new file mode 100644 index 00000000000..3efa4f6e24b --- /dev/null +++ b/docs/en-US/install-management-server-multi-nodes.xml @@ -0,0 +1,54 @@ + + +%BOOK_ENTITIES; +]> +
+ Prepare and Start Additional Management Servers + For your second and subsequent Management Servers, you will install the Management Server software, connect it to the database, and set up the OS for the Management Server. + + + Perform the steps in . + + Download the Management Server onto the additional host where it will run. Get the software from the following link. + https://www.citrix.com/English/ss/downloads/ + You will need a MyCitrix account. + + Install the packages. You should have a file in the form of “&PRODUCT;-VERSION-N-OSVERSION.tar.gz”. Untar the file and then run the install.sh script inside it. Replace the file and directory names below with those you are using: + +# tar xzf &PRODUCT;-VERSION-N-OSVERSION.tar.gz +# cd &PRODUCT;-VERSION-N-OSVERSION +# ./install.sh + + You should see a few messages as the installer prepares, followed by a list of choices. + + Choose M to install the Management Server software. + > M + + Wait for a message like “Complete! Done,” which indicates that the software was installed successfully. + + (RHEL or CentOS) When the installation is finished, run the following commands to start essential services (the commands might be different depending on your OS): + +# service rpcbind start +# service nfs start +# chkconfig nfs on +# chkconfig rpcbind on + + + Configure the database client. Note the absence of the --deploy-as argument in this case. + (For more details about the arguments to this command, see .) + + # cloud-setup-databases cloud:<dbpassword>@<dbhost> -e <encryption_type> -m <management_server_key> -k <database_key> + + + (Trial installations only) If you are running the hypervisor on the same machine with the Management Server, edit /etc/sudoers and add the following line: + Defaults:cloud !requiretty + + Configure the OS and start the Management Server: + # cloud-setup-management + The Management Server on this node should now be running. + + Repeat these steps on each additional Management Server. + Be sure to configure a load balancer for the Management Servers. See Management Server Load Balancing. + +
\ No newline at end of file diff --git a/docs/en-US/install-management-server.xml b/docs/en-US/install-management-server.xml new file mode 100644 index 00000000000..bfe12838673 --- /dev/null +++ b/docs/en-US/install-management-server.xml @@ -0,0 +1,41 @@ + + +%BOOK_ENTITIES; +]> +
+ Install the Management Server on the First Host + The first step in installation, whether you are installing the Management Server on one host or many, is to + install the software on a single node. + + If you are planning to install the Management Server on multiple nodes + for high availability, do not proceed to the additional nodes yet. That step will come later. + + Download the Management Server onto the host where it will run. + Get the software from the following link. + https://www.citrix.com/English/ss/downloads/ + You will need a MyCitrix account. + + Install the packages. You should have a file in the form of “&PRODUCT;-VERSION-N-OSVERSION.tar.gz”. Untar the file and then run the install.sh script inside it. Replace the file and directory names below with those you are using: + +# tar xzf &PRODUCT;-VERSION-N-OSVERSION.tar.gz +# cd &PRODUCT;-VERSION-N-OSVERSION +# ./install.sh + + You should see a few messages as the installer prepares, followed by a list of choices. + + Choose M to install the Management Server software. + > M + + Wait for a message like “Complete! Done,” which indicates that the software was installed successfully. + + (RHEL or CentOS) When the installation is finished, run the following commands to start essential services (the commands might be different depending on your OS): + +# service rpcbind start +# service nfs start +# chkconfig nfs on +# chkconfig rpcbind on + + + +
diff --git a/docs/en-US/installation-complete.xml b/docs/en-US/installation-complete.xml new file mode 100644 index 00000000000..62a069aa825 --- /dev/null +++ b/docs/en-US/installation-complete.xml @@ -0,0 +1,20 @@ + + +%BOOK_ENTITIES; +]> +
+ Installation Complete! Next Steps + Congratulations! You have now installed &PRODUCT; Management Server and the database it uses to persist system data. + + + + + installation-complete.png: Finished installs with single Management Server and multiple Management Servers + + What should you do next? + + Even without adding any cloud infrastructure, you can run the UI to get a feel for what's offered and how you will interact with &PRODUCT; on an ongoing basis. See Log In to the UI. + When you're ready, add the cloud infrastructure and try running some virtual machines on it, so you can watch how &PRODUCT; manages the infrastructure. See Provision Your Cloud Infrastructure. + +
diff --git a/docs/en-US/installation-steps-overview.xml b/docs/en-US/installation-steps-overview.xml new file mode 100644 index 00000000000..9a95bfb06f0 --- /dev/null +++ b/docs/en-US/installation-steps-overview.xml @@ -0,0 +1,64 @@ + + +%BOOK_ENTITIES; +]> +
+ Overview of Installation Steps + + For anything more than a simple trial installation, you will need guidance for a variety of configuration choices. It is strongly recommended that you read the following: + + + Choosing a Deployment Architecture + Choosing a Hypervisor: Supported Features + Network Setup + Storage Setup + Best Practices + + + Prepare + + + 1. Make sure you have the required hardware ready + + + 2. (Optional) Fill out the preparation checklists + + + Install the &PRODUCT; software + + + 3. Install the Management Server (choose single-node or multi-node) + + + 4. Log in to the UI + + + Provision your cloud infrastructure + + + 5. Add a zone. Includes the first pod, cluster, and host + + + 6. Add more pods + + + 7. Add more clusters + + + 8. Add more hosts + + + 9. Add more primary storage + + + 10. Add more secondary storage + + + Try using the cloud + + + 11. Initialization and testing + + +
\ No newline at end of file diff --git a/docs/en-US/installation.xml b/docs/en-US/installation.xml new file mode 100644 index 00000000000..6a003fe4af3 --- /dev/null +++ b/docs/en-US/installation.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> + + Installation + + + + + diff --git a/docs/en-US/installation_overview.xml b/docs/en-US/installation_overview.xml new file mode 100644 index 00000000000..6b743d219c0 --- /dev/null +++ b/docs/en-US/installation_overview.xml @@ -0,0 +1,14 @@ + + +%BOOK_ENTITIES; +]> + + Installation Overview + + + + + + + diff --git a/docs/en-US/installation_steps_overview.xml b/docs/en-US/installation_steps_overview.xml new file mode 100644 index 00000000000..a48cf512be7 --- /dev/null +++ b/docs/en-US/installation_steps_overview.xml @@ -0,0 +1,60 @@ +
+ Overview of Installation Steps + + For anything more than a simple trial installation, you will need guidance for a variety of configuration choices. It is strongly recommended that you read the following: + + + Choosing a Deployment Architecture + Choosing a Hypervisor: Supported Features + Network Setup + Storage Setup + Best Practices + + + Prepare + + + 1. Make sure you have the required hardware ready + + + 2. (Optional) Fill out the preparation checklists + + + Install the CloudStack software + + + 3. Install the CloudStack Management Server (single-node, or multi-node) + + + 4. Log in to the CloudStack UI + + + Provision your cloud infrastructure + + + 5. Add a zone. Includes the first pod, cluster, and host + + + 6. Add more pods + + + 7. Add more clusters + + + 8. Add more hosts + + + 9. Add more primary storage + + + 10. Add more secondary storage + + + Try using the cloud + + + 11. Initialization and testing + + +
+ diff --git a/docs/en-US/introduction.xml b/docs/en-US/introduction.xml new file mode 100644 index 00000000000..98653603a38 --- /dev/null +++ b/docs/en-US/introduction.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Introduction + + + +
diff --git a/docs/en-US/ip-forwarding-firewalling.xml b/docs/en-US/ip-forwarding-firewalling.xml new file mode 100644 index 00000000000..6873fcb72ed --- /dev/null +++ b/docs/en-US/ip-forwarding-firewalling.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ IP Forwarding and Firewalling + By default, all incoming traffic to the public IP address is rejected. All outgoing traffic from the guests is translated via NAT to the public IP address and is allowed. + To allow incoming traffic, users may set up firewall rules and/or port forwarding rules. For example, you can use a firewall rule to open a range of ports on the public IP address, such as 33 through 44. Then use port forwarding rules to direct traffic from individual ports within that range to specific ports on user VMs. For example, one port forwarding rule could route incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP. + For the steps to implement these rules, see Firewall Rules and Port Forwarding. +
diff --git a/docs/en-US/ip-load-balancing.xml b/docs/en-US/ip-load-balancing.xml new file mode 100644 index 00000000000..638e935d2f4 --- /dev/null +++ b/docs/en-US/ip-load-balancing.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ IP Load Balancing + The user may choose to associate the same public IP for multiple guests. CloudPlatform implements a TCP-level load balancer with the following policies. + + Round-robin + Least connection + Source IP + + This is similar to port forwarding but the destination may be multiple IP addresses. +
diff --git a/docs/en-US/ipaddress-usage-record-format.xml b/docs/en-US/ipaddress-usage-record-format.xml new file mode 100644 index 00000000000..609fbd6f5ba --- /dev/null +++ b/docs/en-US/ipaddress-usage-record-format.xml @@ -0,0 +1,19 @@ +
+ IP Address Usage Record Format + For IP address usage the following fields exist in a usage record. + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usage – String representation of the usage, including the units of usage + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + usageid – IP address ID + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + issourcenat – Whether source NAT is enabled for the IP address + iselastic - True if the IP address is elastic. + +
+ diff --git a/docs/en-US/isolated-networks.xml b/docs/en-US/isolated-networks.xml new file mode 100644 index 00000000000..a2e27ab7307 --- /dev/null +++ b/docs/en-US/isolated-networks.xml @@ -0,0 +1,16 @@ + + +%BOOK_ENTITIES; +]> +
+ Isolated Networks + An isolated network can be accessed only by virtual machines of a single account. Isolated networks have the following properties. + + Resources such as VLAN are allocated and garbage collected dynamically + There is one network offering for the entire network + The network offering can be upgraded or downgraded but it is for the entire network + + + +
diff --git a/docs/en-US/job-status.xml b/docs/en-US/job-status.xml new file mode 100644 index 00000000000..17d602e21db --- /dev/null +++ b/docs/en-US/job-status.xml @@ -0,0 +1,10 @@ +
+ Job Status + The key to using an asynchronous command is the job ID that is returned immediately once the command has been executed. With the job ID, you can periodically check the job status by making calls to queryAsyncJobResult command. The command will return three possible job status integer values: + + 0 - Job is still in progress. Continue to periodically poll for any status changes. + 1 - Job has successfully completed. The job will return any successful response values associated with command that was originally executed. + 2 - Job has failed to complete. Please check the "jobresultcode" tag for failure reason code and "jobresult" for the failure reason. + +
+ diff --git a/docs/en-US/linux-installation.xml b/docs/en-US/linux-installation.xml new file mode 100644 index 00000000000..5168d66483a --- /dev/null +++ b/docs/en-US/linux-installation.xml @@ -0,0 +1,35 @@ + + +%BOOK_ENTITIES; +]> +
+ Linux OS Installation + Use the following steps to begin the Linux OS installation: + + Download the script file cloud-set-guest-password: + + Linux: + + Windows: + + + + Copy this file to /etc/init.d.On some Linux distributions, copy the file to /etc/rc.d/init.d. + + Run the following command to make the script executable:chmod +x /etc/init.d/cloud-set-guest-password + + Depending on the Linux distribution, continue with the appropriate step.On Fedora, CentOS/RHEL, and Debian, run:chkconfig --add cloud-set-guest-password + On Ubuntu with VMware tools, link the script file to the /etc/network/if-up and + /etc/network/if-down folders, and run the script: + #ln -s /etc/init.d/cloud-set-guest-password /etc/network/if-up/cloud-set-guest-password + #ln -s /etc/init.d/cloud-set-guest-password /etc/network/if-down/cloud-set-guest-password + If you are using Ubuntu 11.04, start by creating a directory called /var/lib/dhcp3 on your Ubuntu machine (works around a known issue with this version of Ubuntu). On all Ubuntu versions: Run “sudo update-rc.d cloud-set-guest-password defaults 98”. To test, run "mkpasswd" and check that it is generating a new password. If the “mkpasswd” command does not exist, run "sudo apt-get install whois" (or sudo apt-get install mkpasswd, depending on your Ubuntu version) and repeat. + + + +
diff --git a/docs/en-US/load-balancer-rules.xml b/docs/en-US/load-balancer-rules.xml new file mode 100644 index 00000000000..6eb323a2442 --- /dev/null +++ b/docs/en-US/load-balancer-rules.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Load Balancer Rules + A CloudPlatform user or administrator may create load balancing rules that balance traffic received at a public IP to one or more VMs. A user creates a rule, specifies an algorithm, and assigns the rule to a set of VMs. + If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later change the network service offering to one that uses the CloudPlatform virtual router, you must create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function. +
diff --git a/docs/en-US/loadbalancer-policy-port-forwarding-rule-usage-record-format.xml b/docs/en-US/loadbalancer-policy-port-forwarding-rule-usage-record-format.xml new file mode 100644 index 00000000000..1e724fd3e1b --- /dev/null +++ b/docs/en-US/loadbalancer-policy-port-forwarding-rule-usage-record-format.xml @@ -0,0 +1,17 @@ +
+ Load Balancer Policy or Port Forwarding Rule Usage Record Format + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usage – String representation of the usage, including the units of usage (e.g. 'Hrs' for hours) + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + usageid – ID of the load balancer policy or port forwarding rule + usagetype – A number representing the usage type (see Usage Types) + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + +
+ diff --git a/docs/en-US/log-in-root-admin.xml b/docs/en-US/log-in-root-admin.xml new file mode 100644 index 00000000000..f57e2642a2a --- /dev/null +++ b/docs/en-US/log-in-root-admin.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> +
+ Logging In as the Root Administrator + After the Management Server software is installed and running, you can run the &PRODUCT; user interface. This UI is there to help you provision, view, and manage your cloud infrastructure. + + Open your favorite Web browser and go to this URL. Substitute the IP address of your own Management Server: + http://<management-server-ip-address>:8080/client + On a fresh Management Server installation, a guided tour splash screen appears. On later visits, you’ll see a login screen where you can enter a user ID and password and proceed to your Dashboard. + + If you see the first-time splash screen, choose one of the following. + + Continue with basic setup. Choose this if you're just trying &PRODUCT;, and you want a guided walkthrough of the simplest possible configuration so that you can get started right away. We'll help you set up a cloud with the following features: a single machine that runs &PRODUCT; software and uses NFS to provide storage; a single machine running VMs under the XenServer or KVM hypervisor; and a shared public network. + The prompts in this guided tour should give you all the information you need, but if you want just a bit more detail, you can follow along in the Trial Installation Guide. + + I have used &PRODUCT; before. Choose this if you have already gone through a design phase and planned a more sophisticated deployment, or you are ready to start scaling up a trial cloud that you set up earlier with the basic setup screens. In the Administrator UI, you can start using the more powerful features of CloudPlatform, such as advanced VLAN networking, high availability, additional network elements such as load balancers and firewalls, and support for multiple hypervisors including Citrix XenServer, KVM, and VMware vSphere. + The root administrator Dashboard appears. + + + + You should set a new root administrator password. If you chose basic setup, you’ll be prompted to create a new password right away. If you chose experienced user, use the steps in . + + You are logging in as the root administrator. This account manages the &PRODUCT; deployment, including physical infrastructure. The root administrator can modify configuration settings to change basic functionality, create or delete user accounts, and take many actions that should be performed only by an authorized person. Please change the default password to a new, unique password. +
diff --git a/docs/en-US/log-in.xml b/docs/en-US/log-in.xml new file mode 100644 index 00000000000..385deddb89a --- /dev/null +++ b/docs/en-US/log-in.xml @@ -0,0 +1,29 @@ + + +%BOOK_ENTITIES; +]> +
+ Log In to the UI + &PRODUCT; provides a web-based UI that can be used by both administrators and end users. The appropriate version of the UI is displayed depending on the credentials used to log in. The UI is available in popular browsers including IE7, IE8, IE9, Firefox 3.5+, Firefox 4, Safari 4, and Safari 5. The URL is: (substitute your own management server IP address) + http://<management-server-ip-address>:8080/client + On a fresh Management Server installation, a guided tour splash screen appears. On later visits, you’ll see a login screen where you specify the following to proceed to your Dashboard: + + Username + The user ID of your account. The default username is admin. + + + Password + The password associated with the user ID. The password for the default username is password. + + + Domain + If you are a root user, leave this field blank. + + If you are a user in the sub-domains, enter the full path to the domain, excluding the root domain. + For example, suppose multiple levels are created under the root domain, such as Comp1/hr. The users in the Comp1 domain should enter Comp1 in the Domain field, whereas the users in the Comp1/sales domain should enter Comp1/sales. + For more guidance about the choices that appear when you log in to this UI, see Logging In as the Root Administrator. + + + +
diff --git a/docs/en-US/long-running-job-events.xml b/docs/en-US/long-running-job-events.xml new file mode 100644 index 00000000000..577e1c29628 --- /dev/null +++ b/docs/en-US/long-running-job-events.xml @@ -0,0 +1,22 @@ + + +%BOOK_ENTITIES; +]> +
+ Long Running Job Events + The events log records three types of standard events. + + INFO. This event is generated when an operation has been successfully performed. + WARN. This event is generated in the following circumstances. + + When a network is disconnected while monitoring a template download. + When a template download is abandoned. + When an issue on the storage server causes the volumes to fail over to the mirror storage server. + + + ERROR. This event is generated when an operation has not been successfully performed + + +
+ diff --git a/docs/en-US/maintain-hypervisors-on-hosts.xml b/docs/en-US/maintain-hypervisors-on-hosts.xml new file mode 100644 index 00000000000..7d6bb0e334d --- /dev/null +++ b/docs/en-US/maintain-hypervisors-on-hosts.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Maintaining Hypervisors on Hosts + When running hypervisor software on hosts, be sure all the hotfixes provided by the hypervisor vendor are applied. Track the release of hypervisor patches through your hypervisor vendor’s support channel, and apply patches as soon as possible after they are released. CloudPlatform will not track or notify you of required hypervisor patches. It is essential that your hosts are completely up to date with the provided hypervisor patches. The hypervisor vendor is likely to refuse to support any system that is not up to date with patches. + The lack of up-do-date hotfixes can lead to data corruption and lost VMs. + (XenServer) For more information, see Highly Recommended Hotfixes for XenServer in the CloudPlatform Knowledge Base +
\ No newline at end of file diff --git a/docs/en-US/maintenance-mode-for-primary-storage.xml b/docs/en-US/maintenance-mode-for-primary-storage.xml new file mode 100644 index 00000000000..83cc245e886 --- /dev/null +++ b/docs/en-US/maintenance-mode-for-primary-storage.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Maintenance Mode for Primary Storage + Primary storage may be placed into maintenance mode. This is useful, for example, to replace faulty RAM in a storage device. Maintenance mode for a storage device will first stop any new guests from being provisioned on the storage device. Then it will stop all guests that have any volume on that storage device. When all such guests are stopped the storage device is in maintenance mode and may be shut down. When the storage device is online again you may cancel maintenance mode for the device. The CloudPlatform will bring the device back online and attempt to start all guests that were running at the time of the entry into maintenance mode. +
diff --git a/docs/en-US/making-api-request.xml b/docs/en-US/making-api-request.xml new file mode 100644 index 00000000000..35ba460e1f0 --- /dev/null +++ b/docs/en-US/making-api-request.xml @@ -0,0 +1,36 @@ + + +%BOOK_ENTITIES; +]> +
+ Making API Requests + + All CloudStack API requests are submitted in the form of a HTTP GET/POST with an associated command and any parameters. A request is composed of the following whether in HTTP or HTTPS: + + + CloudStack API URL: This is the web services API entry point(for example, http://www.cloud.com:8080/client/api) + Command: The web services command you wish to execute, such as start a virtual machine or create a disk volume + Parameters: Any additional required or optional parameters for the command + + A sample API GET request looks like the following: + http://localhost:8080/client/api?command=deployVirtualMachine&serviceOfferingId=1&diskOfferingId=1&templateId=2&zoneId=4&apiKey=miVr6X7u6bN_sdahOBpjNejPgEsT35eXq-jB8CG20YI3yaxXcgpyuaIRmFI_EJTVwZ0nUkkJbPmY3y2bciKwFQ&signature=Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D + + Or in a more readable format: + +1. http://localhost:8080/client/api +2. ?command=deployVirtualMachine +3. &serviceOfferingId=1 +4. &diskOfferingId=1 +5. &templateId=2 +6. &zoneId=4 +7. &apiKey=miVr6X7u6bN_sdahOBpjNejPgEsT35eXqjB8CG20YI3yaxXcgpyuaIRmFI_EJTVwZ0nUkkJbPmY3y2bciKwFQ +8. &signature=Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D + + The first line is the CloudStack API URL. This is the Cloud instance you wish to interact with. + The second line refers to the command you wish to execute. In our example, we are attempting to deploy a fresh new virtual machine. It is preceded by a (?) to separate itself from the CloudStack API URL. + Lines 3-6 are the parameters for this given command. To see the command and its request parameters, please refer to the appropriate section in the CloudStack API documentation. Each parameter field-value pair (field=value) is preceded by an ampersand character (&). + Line 7 is the user API Key that uniquely identifies the account. See Signing API Requests on page 7. + Line 8 is the signature hash created to authenticate the user account executing the API command. See Signing API Requests on page 7. +
+ diff --git a/docs/en-US/manage-cloud.xml b/docs/en-US/manage-cloud.xml new file mode 100644 index 00000000000..564e62144e2 --- /dev/null +++ b/docs/en-US/manage-cloud.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Managing the Cloud + vCenter Maintenance Mode + XenServer and Maintenance Mode + vCenter Maintenance Mode + XenServer and Maintenance Mode +
diff --git a/docs/en-US/management-server-install-flow.xml b/docs/en-US/management-server-install-flow.xml new file mode 100644 index 00000000000..a828d673fa8 --- /dev/null +++ b/docs/en-US/management-server-install-flow.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Management Server Installation + + + + + + + + + +
diff --git a/docs/en-US/management-server-installation-overview.xml b/docs/en-US/management-server-installation-overview.xml new file mode 100644 index 00000000000..f733141df65 --- /dev/null +++ b/docs/en-US/management-server-installation-overview.xml @@ -0,0 +1,24 @@ +
+ Management Server Installation Overview + + This section describes installing the Management Server. There are two slightly different installation flows, + depending on how many Management Server nodes will be in your cloud: + + A single Management Server node, with MySQL on the same node. + Multiple Management Server nodes, with MySQL on a node separate from the Management Servers. + + In either case, each machine must meet the system requirements described in System Requirements. + For the sake of security, be sure the public Internet can not access port 8096 or port 8250 on the Management Server. + + The procedure for installing the Management Server is: + + + Prepare the Operating System + Install the First Management Server + Install and Configure the Database + Prepare NFS Shares + Prepare and Start Additional Management Servers (optional) + Prepare the System VM Template + +
+ diff --git a/docs/en-US/management-server-overview.xml b/docs/en-US/management-server-overview.xml new file mode 100644 index 00000000000..40cbd53fe53 --- /dev/null +++ b/docs/en-US/management-server-overview.xml @@ -0,0 +1,57 @@ + + +%BOOK_ENTITIES; +]> +
+ Management Server Overview + + The Management Server is the &PRODUCT; software that manages cloud resources. By interacting with the Management Server through its UI or API, you can configure and manage your cloud infrastructure. + + + The Management Server runs on a dedicated server or VM. It controls allocation of virtual machines to hosts and assigns storage and IP addresses to the virtual machine instances. The Management Server runs in a Tomcat container and requires a MySQL database for persistence. + + + The machine must meet the system requirements described in System Requirements. + + + The Management Server: + + + + + Provides the web user interface for the administrator and a reference user interface for end users. + + + + + Provides the APIs for &PRODUCT;. + + + + + Manages the assignment of guest VMs to particular hosts. + + + + + Manages the assignment of public and private IP addresses to particular accounts. + + + + + Manages the allocation of storage to guests as virtual disks. + + + + + Manages snapshots, templates, and ISO images, possibly replicating them across data centers. + + + + + Provides a single point of configuration for the cloud. + + + +
diff --git a/docs/en-US/management_server_multi_node_install.xml b/docs/en-US/management_server_multi_node_install.xml new file mode 100644 index 00000000000..ba925bddf50 --- /dev/null +++ b/docs/en-US/management_server_multi_node_install.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> + + Management Server Multi-Node Installation + + + + diff --git a/docs/en-US/management_server_overview.xml b/docs/en-US/management_server_overview.xml new file mode 100644 index 00000000000..19b32d726bb --- /dev/null +++ b/docs/en-US/management_server_overview.xml @@ -0,0 +1,52 @@ +
+ Management Server Overview + + The Management Server is the CloudStack software that manages cloud resources. By interacting with the Management Server through its UI or API, you can configure and manage your cloud infrastructure. + + + The Management Server runs on a dedicated server or VM. It controls allocation of virtual machines to hosts and assigns storage and IP addresses to the virtual machine instances. The CloudStack Management Server runs in a Tomcat container and requires a MySQL database for persistence. + + + The machine must meet the system requirements described in System Requirements. + + + The Management Server: + + + + + Provides the web user interface for the administrator and a reference user interface for end users. + + + + + Provides the APIs for the CloudStack platform. + + + + + Manages the assignment of guest VMs to particular hosts. + + + + + Manages the assignment of public and private IP addresses to particular accounts. + + + + + Manages the allocation of storage to guests as virtual disks. + + + + + Manages snapshots, templates, and ISO images, possibly replicating them across data centers. + + + + + Provides a single point of configuration for the cloud. + + + +
diff --git a/docs/en-US/manual-live-migration.xml b/docs/en-US/manual-live-migration.xml new file mode 100644 index 00000000000..63a80e8ef0a --- /dev/null +++ b/docs/en-US/manual-live-migration.xml @@ -0,0 +1,28 @@ +
+ Moving VMs Between Hosts (Manual Live Migration) + The CloudPlatform administrator can move a running VM from one host to another without interrupting service to users or going into maintenance mode. This is called manual live migration, and can be done under the following conditions: + + The root administrator is logged in. Domain admins and users can not perform manual live migration of VMs. + The VM is running. Stopped VMs can not be live migrated. + The destination host must be in the same cluster as the original host. + The VM must not be using local disk storage. + The destination host must have enough available capacity. If not, the VM will remain in the "migrating" state until memory becomes available. + (OVM) If the VM is running on the OVM hypervisor, it must not have an ISO attached. Live migration of a VM with attached ISO is not supported in OVM. + + To manually live migrate a virtual machine + + Log in to the CloudPlatform UI as a user or admin. + In the left navigation, click Instances. + Choose the VM that you want to migrate. + Click the Migrate Instance button + + + + Migrateinstance.png: button to migrate an instance + + + From the list of hosts, choose the one to which you want to move the VM. + Click OK. + +
+ diff --git a/docs/en-US/max-result-page-returned.xml b/docs/en-US/max-result-page-returned.xml new file mode 100644 index 00000000000..ffbe60bbd9b --- /dev/null +++ b/docs/en-US/max-result-page-returned.xml @@ -0,0 +1,14 @@ +
+ Maximum Result Pages Returned + + For each cloud, there is a default upper limit on the number of results that any API command will return in a single page. This is to help prevent overloading the cloud servers and prevent DOS attacks. For example, if the page size limit is 500 and a command returns 10,000 results, the command will return 20 pages. + + The default page size limit can be different for each cloud. It is set in the global configuration parameter default.page.size. If your cloud has many users with lots of VMs, you might need to increase the value of this parameter. At the same time, be careful not to set it so high that your site can be taken down by an enormous return from an API call. For more information about how to set global configuration parameters, see "Describe Your Deployment" in the Installation Guide. + To decrease the page size limit for an individual API command, override the global setting with the page and pagesize parameters, which are available in any list* command (listCapabilities, listDiskOfferings, etc.). + + Both parameters must be specified together. + The value of the pagesize parameter must be smaller than the value of default.page.size. That is, you can not increase the number of possible items in a result page, only decrease it. + + For syntax information on the list* commands, see the API Reference. +
+ diff --git a/docs/en-US/migrate-datadisk-volume-new-storage-pool.xml b/docs/en-US/migrate-datadisk-volume-new-storage-pool.xml new file mode 100644 index 00000000000..417eb71d46b --- /dev/null +++ b/docs/en-US/migrate-datadisk-volume-new-storage-pool.xml @@ -0,0 +1,16 @@ + + +%BOOK_ENTITIES; +]> +
+ Migrating a Data Disk Volume to a New Storage Pool + + Log in to the CloudPlatform UI as a user or admin. + Detach the data disk from the VM. See Detaching and Moving Volumes (but skip the “reattach” step at the end. You will do that after migrating to new storage). + Call the CloudPlatform API command migrateVolume and pass in the volume ID and the ID of any storage pool in the zone. + Watch for the volume status to change to Migrating, then back to Ready. + Attach the volume to any desired VM running in the same cluster as the new storage server. See Attaching a Volume + +
+ diff --git a/docs/en-US/migrate-vm-rootvolume-volume-new-storage-pool.xml b/docs/en-US/migrate-vm-rootvolume-volume-new-storage-pool.xml new file mode 100644 index 00000000000..dbf6138356e --- /dev/null +++ b/docs/en-US/migrate-vm-rootvolume-volume-new-storage-pool.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ Migrating a VM Root Volume to a New Storage Pool + When migrating the root disk volume, the VM must first be stopped, and users can not access the VM. After migration is complete, the VM can be restarted. + + Log in to the CloudPlatform UI as a user or admin. + Detach the data disk from the VM. See Detaching and Moving Volumes (but skip the “reattach” step at the end. You will do that after migrating to new storage). + Stop the VM. + Call the CloudPlatform API command migrateVirtualMachine with the ID of the VM to migrate and the IDs of a destination host and destination storage pool in the same zone. + Watch for the VM status to change to Migrating, then back to Stopped. + Restart the VM. + +
+ diff --git a/docs/en-US/minimum-system-requirements.xml b/docs/en-US/minimum-system-requirements.xml new file mode 100644 index 00000000000..3973c304233 --- /dev/null +++ b/docs/en-US/minimum-system-requirements.xml @@ -0,0 +1,60 @@ + + +%BOOK_ENTITIES; +]> +
+ Minimum System Requirements +
+ Management Server, Database, and Storage System Requirements + + The machines that will run the Management Server and MySQL database must meet the following requirements. + The same machines can also be used to provide primary and secondary storage, such as via localdisk or NFS. + The Management Server may be placed on a virtual machine. + + + Operating system: + + Preferred: RHEL 6.2+ 64-bit (https://access.redhat.com/downloads) or CentOS 6.2+ 64-bit (http://isoredirect.centos.org/centos/6/isos/x86_64/). + Also supported (v3.0.3 and greater): RHEL and CentOS 5.4-5.x 64-bit + It is highly recommended that you purchase a RHEL support license. + Citrix support can not be responsible for helping fix issues with the underlying OS. + + + 64-bit x86 CPU (more cores results in better performance) + 4 GB of memory + 250 GB of local disk (more results in better capability; 500 GB recommended) + At least 1 NIC + Statically allocated IP address + Fully qualified domain name as returned by the hostname command + +
+
+ Host/Hypervisor System Requirements + The host is where the cloud services run in the form of guest virtual machines. Each host is one machine that meets the following requirements: + + Must be 64-bit and must support HVM (Intel-VT or AMD-V enabled). + 64-bit x86 CPU (more cores results in better performance) + Hardware virtualization support required + 4 GB of memory + 36 GB of local disk + At least 1 NIC + Statically allocated IP Address + Latest hotfixes applied to hypervisor software + When you deploy &PRODUCT;, the hypervisor host must not have any VMs already running + + Hosts have additional requirements depending on the hypervisor. See the requirements listed at the top of the Installation section for your chosen hypervisor: + + Citrix XenServer Installation + VMware vSphere Installation and Configuration + KVM Installation and Configuration + Oracle VM (OVM) Installation and Configuration + + + + Be sure you fulfill the additional hypervisor requirements and installation steps provided in this Guide. Hypervisor hosts must be properly prepared to work with CloudStack. For example, the requirements for XenServer are listed under Citrix XenServer Installation. + + +
+
+ diff --git a/docs/en-US/modify-delete-service-offerings.xml b/docs/en-US/modify-delete-service-offerings.xml new file mode 100644 index 00000000000..601a8bd6211 --- /dev/null +++ b/docs/en-US/modify-delete-service-offerings.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Modifying or Deleting a Service Offering + Service offerings cannot be changed once created. This applies to both compute offerings and disk offerings. + A service offering can be deleted. If it is no longer in use, it is deleted immediately and permanently. If the service offering is still in use, it will remain in the database until all the virtual machines referencing it have been deleted. After deletion by the administrator, a service offering will not be available to end users that are creating new instances. +
diff --git a/docs/en-US/multi_node_overview.xml b/docs/en-US/multi_node_overview.xml new file mode 100644 index 00000000000..b7533405804 --- /dev/null +++ b/docs/en-US/multi_node_overview.xml @@ -0,0 +1,19 @@ +
+ Management Server Multi-Node Installation Overview + + This section describes installing multiple Management Servers and installing MySQL on a node separate from the Management Servers. The machines must meet the system requirements described in System Requirements. + + For the sake of security, be sure the public Internet can not access port 8096 or port 8250 on the Management Server. + + The procedure for a multi-node installation is: + + + Prepare the Operating System + Install the First Management Server + Install and Configure the Database + Prepare NFS Shares + Prepare and Start Additional Management Servers + Prepare the System VM Template + +
+ diff --git a/docs/en-US/multiple-system-vm-vmware.xml b/docs/en-US/multiple-system-vm-vmware.xml new file mode 100644 index 00000000000..a809b67eb50 --- /dev/null +++ b/docs/en-US/multiple-system-vm-vmware.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Multiple System VM Support for VMware + Every CloudPlatform zone has single System VM for template processing tasks such as downloading templates, uploading templates, and uploading ISOs. In a zone where VMware is being used, additional System VMs can be launched to process VMware-specific tasks such as taking snapshots and creating private templates. The CloudPlatform management server launches additional System VMs for VMware-specific tasks as the load increases. The management server monitors and weights all commands sent to these System VMs and performs dynamic load balancing and scaling-up of more System VMs. +
diff --git a/docs/en-US/network-offering-usage-record-format.xml b/docs/en-US/network-offering-usage-record-format.xml new file mode 100644 index 00000000000..853554460f6 --- /dev/null +++ b/docs/en-US/network-offering-usage-record-format.xml @@ -0,0 +1,20 @@ +
+ Network Offering Usage Record Format + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usage – String representation of the usage, including the units of usage (e.g. 'Hrs' for hours) + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + usageid – ID of the network offering + usagetype – A number representing the usage type (see Usage Types) + offeringid – Network offering ID + virtualMachineId – The ID of the virtual machine + virtualMachineId – The ID of the virtual machine + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + +
+ diff --git a/docs/en-US/network-offerings.xml b/docs/en-US/network-offerings.xml new file mode 100644 index 00000000000..87af7eb916b --- /dev/null +++ b/docs/en-US/network-offerings.xml @@ -0,0 +1,28 @@ + + +%BOOK_ENTITIES; +]> +
+ Network Offerings + For the most up-to-date list of supported network services, see the CloudPlatform UI or call listNetworkServices. + A network offering is a named set of network services, such as: + + DHCP + DNS + Source NAT + Static NAT + Port Forwarding + Load Balancing + Firewall + VPN + Optional) Name one of several available providers to use for a given service, such as Juniper for the firewall + (Optional) Network tag to specify which physical network to use + + When creating a new VM, the user chooses one of the available network offerings, and that determines which network services the VM can use. + The CloudPlatform administrator can create any number of custom network offerings, in addition to the default network offerings provided by CloudPlatform. By creating multiple custom network offerings, you can set up your cloud to offer different classes of service on a single multi-tenant physical network. For example, while the underlying physical wiring may be the same for two tenants, tenant A may only need simple firewall protection for their website, while tenant B may be running a web server farm and require a scalable firewall solution, load balancing solution, and alternate networks for accessing the database backend. + If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later change the network service offering to one that uses the CloudPlatform virtual router, you must create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function. + When creating a new virtual network, the CloudPlatform administrator chooses which network offering to enable for that network. Each virtual network is associated with one network offering. A virtual network can be upgraded or downgraded by changing its associated network offering. If you do this, be sure to reprogram the physical network to match. + CloudPlatform also has internal network offerings for use by CloudPlatform system VMs. These network offerings are not visible to users but can be modified by administrators. + +
diff --git a/docs/en-US/network-service-providers.xml b/docs/en-US/network-service-providers.xml new file mode 100644 index 00000000000..2c711ca1cef --- /dev/null +++ b/docs/en-US/network-service-providers.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Network Service Providers + For the most up-to-date list of supported network service providers, see the CloudPlatform UI or call listNetworkServiceProviders. + A service provider (also called a network element) is hardware or virtual appliance that makes a network service possible; for example, a firewall appliance can be installed in the cloud to provide firewall service. On a single network, multiple providers can provide the same network service. For example, a firewall service may be provided by Cisco or Juniper devices in the same physical network. + You can have multiple instances of the same service provider in a network (say, more than one Juniper SRX device). + If different providers are set up to provide the same service on the network, the administrator can create network offerings so users can specify which network service provider they prefer (along with the other choices offered in network offerings). Otherwise, CloudPlatform will choose which provider to use whenever the service is called for. + + Supported Network Service Providers + CloudPlatform ships with an internal list of the supported service providers, and you can choose from this list when creating a network offering. + + +
diff --git a/docs/en-US/network-usage-record-format.xml b/docs/en-US/network-usage-record-format.xml new file mode 100644 index 00000000000..fbcc88318cb --- /dev/null +++ b/docs/en-US/network-usage-record-format.xml @@ -0,0 +1,17 @@ +
+ Network Usage Record Format + For network usage (bytes sent/received), the following fields exist in a usage record. + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + usageid – Device ID (virtual router ID or external device ID) + type – Device type (domain router, external load balancer, etc.) + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + +
+ diff --git a/docs/en-US/networking-in-a-pod.xml b/docs/en-US/networking-in-a-pod.xml new file mode 100644 index 00000000000..08cf36f0edd --- /dev/null +++ b/docs/en-US/networking-in-a-pod.xml @@ -0,0 +1,23 @@ + + +%BOOK_ENTITIES; +]> +
+ Networking in a Pod + Figure 2 illustrates network setup within a single pod. The hosts are connected to a pod-level switch. At a minimum, the hosts should have one physical uplink to each switch. Bonded NICs are supported as well. The pod-level switch is a pair of redundant gigabit switches with 10 G uplinks. + + + + + ReleaseIPButton.png: button to release an IP + + Servers are connected as follows: + + Storage devices are connected to only the network that carries management traffic. + Hosts are connected to networks for both management traffic and public traffic. + Hosts are also connected to one or more networks carrying guest traffic. + + We recommend the use of multiple physical Ethernet cards to implement each network interface as well as redundant switch fabric in order to maximize throughput and improve reliability. + +
diff --git a/docs/en-US/networking-in-a-zone.xml b/docs/en-US/networking-in-a-zone.xml new file mode 100644 index 00000000000..75dba08443a --- /dev/null +++ b/docs/en-US/networking-in-a-zone.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ Networking in a Zone + Figure 3 illustrates the network setup within a single zone. + + + + + ReleaseIPButton.png: Depicts network setup in a single zone + + A firewall for management traffic operates in the NAT mode. The network typically is assigned IP addresses in the 192.168.0.0/16 Class B private address space. Each pod is assigned IP addresses in the 192.168.*.0/24 Class C private address space. + Each zone has its own set of public IP addresses. Public IP addresses from different zones do not overlap. + +
diff --git a/docs/en-US/networking-overview.xml b/docs/en-US/networking-overview.xml new file mode 100644 index 00000000000..bff714fc9c7 --- /dev/null +++ b/docs/en-US/networking-overview.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Networking Overview + + &PRODUCT; offers two types of networking scenario: + + + Basic. For AWS-style networking. Provides a single network where guest isolation can be provided through layer-3 means such as security groups (IP address source filtering). + Advanced. For more sophisticated network topologies. This network model provides the most flexibility in defining guest networks. + + For more details, see Network Setup. +
+ diff --git a/docs/en-US/networking_overview.xml b/docs/en-US/networking_overview.xml new file mode 100644 index 00000000000..1080ed72622 --- /dev/null +++ b/docs/en-US/networking_overview.xml @@ -0,0 +1,12 @@ +
+ Networking Overview + + CloudStack offers two types of networking scenario: + + + Basic. For AWS-style networking. Provides a single network where guest isolation can be provided through layer-3 means such as security groups (IP address source filtering). + Advanced. For more sophisticated network topologies. This network model provides the most flexibility in defining guest networks. + + For more details, see Network Setup. +
+ diff --git a/docs/en-US/nfs-shares-on-management-server.xml b/docs/en-US/nfs-shares-on-management-server.xml new file mode 100644 index 00000000000..dcddc47ff2a --- /dev/null +++ b/docs/en-US/nfs-shares-on-management-server.xml @@ -0,0 +1,95 @@ + + +%BOOK_ENTITIES; +]> +
+ Using the Management Server As the NFS Server + This section tells how to set up NFS shares for primary and secondary storage on the same node with the Management Server. + This is more typical of a trial installation, but is technically possible in a larger deployment. + It is assumed that you will have less than 16TB of storage on the host. + The exact commands for the following steps may vary depending on your operating system version. + + On the Management Server host, create two directories that you will use for primary and secondary storage. For example: + +# mkdir -p /export/primary +# mkdir -p /export/secondary + + + To configure the new directories as NFS exports, edit /etc/exports. Export the NFS share(s) with rw,async,no_root_squash. For example: + # vi /etc/exports + Insert the following line. + /export *(rw,async,no_root_squash) + + Export the /export directory. + # exportfs -a + + Edit the /etc/sysconfig/nfs file. + # vi /etc/sysconfig/nfs + Uncomment the following lines: + +LOCKD_TCPPORT=32803 +LOCKD_UDPPORT=32769 +MOUNTD_PORT=892 +RQUOTAD_PORT=875 +STATD_PORT=662 +STATD_OUTGOING_PORT=2020 + + + Edit the /etc/sysconfig/iptables file. + # vi /etc/sysconfig/iptables + Add the following lines at the beginning of the INPUT chain: + +-A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT +-A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT +-A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT +-A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT +-A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT +-A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT +-A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT +-A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT +-A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT +-A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT +-A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT + + + Run the following commands: + +# service iptables restart +# service iptables save + + + If NFS v4 communication is used between client and server, add your domain to /etc/idmapd.conf on both the hypervisor host and Management Server. + # vi /etc/idmapd.conf + Remove the character # from the beginning of the Domain line in idmapd.conf and replace the value in the file with your own domain. In the example below, the domain is company.com. + Domain = company.com + + Reboot the Management Server host. + Two NFS shares called /export/primary and /export/secondary are now set up. + + It is recommended that you test to be sure the previous steps have been successful. + + Log in to the hypervisor host. + Be sure NFS and rpcbind are running. The commands might be different depending on your OS. For example: + +# service rpcbind start +# service nfs start +# chkconfig nfs on +# chkconfig rpcbind on +# reboot + + + Log back in to the hypervisor host and try to mount the /export directories. For example (substitute your own management server name): + +# mkdir /primarymount +# mount -t nfs <management-server-name>:/export/primary /primarymount +# umount /primarymount +# mkdir /secondarymount +# mount -t nfs <management-server-name>:/export/secondary /secondarymount +# umount /secondarymount + + + + + +
\ No newline at end of file diff --git a/docs/en-US/nfs-shares-on-separate-server.xml b/docs/en-US/nfs-shares-on-separate-server.xml new file mode 100644 index 00000000000..7d70d8c4e01 --- /dev/null +++ b/docs/en-US/nfs-shares-on-separate-server.xml @@ -0,0 +1,28 @@ +
+ Using a Separate NFS Server + This section tells how to set up NFS shares for secondary and (optionally) primary storage on an NFS server running on a separate node from the Management Server. + The exact commands for the following steps may vary depending on your operating system version. + (KVM only) Ensure that no volume is already mounted at your NFS mount point. + + On the storage server, create an NFS share for secondary storage and, if you are using NFS for primary storage as well, create a second NFS share. For example: + +# mkdir -p /export/primary +# mkdir -p /export/secondary + + + To configure the new directories as NFS exports, edit /etc/exports. Export the NFS share(s) with rw,async,no_root_squash. For example: + # vi /etc/exports + Insert the following line. + /export *(rw,async,no_root_squash) + + Export the /export directory. + # exportfs -a + + On the management server, create a mount point for secondary storage. For example: + # mkdir -p /mnt/secondary + + Mount the secondary storage on your Management Server. Replace the example NFS server name and NFS share paths below with your own. + # mount -t nfs nfsservername:/nfs/share/secondary /mnt/secondary + + +
\ No newline at end of file diff --git a/docs/en-US/ongoing-configuration-of-external-firewalls-loadbalancer.xml b/docs/en-US/ongoing-configuration-of-external-firewalls-loadbalancer.xml new file mode 100644 index 00000000000..444a715291f --- /dev/null +++ b/docs/en-US/ongoing-configuration-of-external-firewalls-loadbalancer.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Ongoing Configuration of External Firewalls and Load Balancers + Additional user actions (e.g. setting a port forward) will cause further programming of the firewall and load balancer. A user may request additional public IP addresses and forward traffic received at these IPs to specific VMs. This is accomplished by enabling static NAT for a public IP address, assigning the IP to a VM, and specifying a set of protocols and port ranges to open. When a static NAT rule is created, CloudPlatform programs the zone's external firewall with the following objects: + + A static NAT rule that maps the public IP address to the private IP address of a VM. + A security policy that allows traffic within the set of protocols and port ranges that are specified. + A firewall filter counter that measures the number of bytes of incoming traffic to the public IP. + + The number of incoming and outgoing bytes through source NAT, static NAT, and load balancing rules is measured and saved on each external element. This data is collected on a regular basis and stored in the CloudPlatform database. +
diff --git a/docs/en-US/over-provisioning-service-offering-limits.xml b/docs/en-US/over-provisioning-service-offering-limits.xml new file mode 100644 index 00000000000..17704bc9a79 --- /dev/null +++ b/docs/en-US/over-provisioning-service-offering-limits.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Over-Provisioning and Service Offering Limits + CloudPlatform performs CPU over-provisioning based on an over-provisioning ratio configured by the administrator. This is defined by the cpu.overprovisioning.factor global configuration variable. + CloudPlatform performs CPU over-provisioning based on an over-provisioning ratio configured by the administrator. This is defined by the cpu.overprovisioning.factor global configuration variable + Service offerings limits (e.g. 1 GHz, 1 core) are strictly enforced for core count. For example, a guest with a service offering of one core will have only one core available to it regardless of other activity on the Host. + Service offering limits for gigahertz are enforced only in the presence of contention for CPU resources. For example, suppose that a guest was created with a service offering of 1 GHz on a Host that has 2 GHz cores, and that guest is the only guest running on the Host. The guest will have the full 2 GHz available to it. When multiple guests are attempting to use the CPU a weighting factor is used to schedule CPU resources. The weight is based on the clock speed in the service offering. Guests receive a CPU allocation that is proportionate to the GHz in the service offering. For example, a guest created from a 2 GHz service offering will receive twice the CPU allocation as a guest created from a 1 GHz service offering. CloudPlatform does not perform memory over-provisioning. +
\ No newline at end of file diff --git a/docs/en-US/per-domain-limits.xml b/docs/en-US/per-domain-limits.xml new file mode 100644 index 00000000000..af770a56e3e --- /dev/null +++ b/docs/en-US/per-domain-limits.xml @@ -0,0 +1,21 @@ + + +%BOOK_ENTITIES; +]> +
+ Per-Domain Limits + CloudPlatform allows the configuration of limits on a domain basis. With a domain limit in place, all users still have their account limits. They are additionally limited, as a group, to not exceed the resource limits set on their domain. Domain limits aggregate the usage of all accounts in the domain as well as all accounts in all subdomains of that domain. Limits set at the root domain level apply to the sum of resource usage by the accounts in all domains and sub-domains below that root domain. + To set a domain limit: + + Log in to the CloudPlatform UI. + In the left navigation tree, click Domains. + 3. Select the domain you want to modify. The current domain limits are displayed. A value of -1 shows that there is no limit in place. + Click the Edit button + + + + editbutton.png: edits the settings. + + +
diff --git a/docs/en-US/performance-monitoring.xml b/docs/en-US/performance-monitoring.xml new file mode 100644 index 00000000000..d1c3fda5dcf --- /dev/null +++ b/docs/en-US/performance-monitoring.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Performance Monitoring + Host and guest performance monitoring is available to end users and administrators. This allows the user to monitor their utilization of resources and determine when it is appropriate to choose a more powerful service offering or larger disk. +
+ diff --git a/docs/en-US/pod-add.xml b/docs/en-US/pod-add.xml new file mode 100644 index 00000000000..d6f018a41f9 --- /dev/null +++ b/docs/en-US/pod-add.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding a Pod + TODO +
diff --git a/docs/en-US/port-forwarding.xml b/docs/en-US/port-forwarding.xml new file mode 100644 index 00000000000..06beaf3b0eb --- /dev/null +++ b/docs/en-US/port-forwarding.xml @@ -0,0 +1,33 @@ + + +%BOOK_ENTITIES; +]> +
+ Port Forwarding + A port forward service is a set of port forwarding rules that define a policy. A port forward service is then applied to one or more guest VMs. The guest VM then has its inbound network access managed according to the policy defined by the port forwarding service. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses to be forwarded. + A guest VM can be in any number of port forward services. Port forward services can be defined but have no members. If a guest VM is part of more than one network, port forwarding rules will function only if they are defined on the default network + You cannot use port forwarding to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See Security Groups. + To set up port forwarding: + + Log in to the CloudPlatform UI as an administrator or end user. + If you have not already done so, add a public IP address range to a zone in CloudPlatform. See Adding a Zone and Pod in the Installation Guide. + Add one or more VM instances to CloudPlatform. + In the left navigation bar, click Network. + Click the name of the guest network where the VMs are running. + + Choose an existing IP address or acquire a new IP address. (See Acquiring a New IP Address on page 73.) Click the name of the IP address in the list. + Click the Configuration tab. + In the Port Forwarding node of the diagram, click View All. + Fill in the following: + + Public Port. The port to which public traffic will be + addressed on the IP address you acquired in the previous step. + Private Port. The port on which the instance is listening for + forwarded public traffic. + Protocol. The communication protocol in use between the two + ports + + Click Add + +
diff --git a/docs/en-US/prepare-nfs-shares.xml b/docs/en-US/prepare-nfs-shares.xml new file mode 100644 index 00000000000..b0b0e3827c8 --- /dev/null +++ b/docs/en-US/prepare-nfs-shares.xml @@ -0,0 +1,21 @@ + + +%BOOK_ENTITIES; +]> +
+ Prepare NFS Shares + &PRODUCT; needs a place to keep primary and secondary storage (see Cloud Infrastructure Overview). Both of these can be NFS shares. This section tells how to set up the NFS shares before adding the storage to &PRODUCT;. + For primary storage, you can use iSCSI instead. + The requirements for primary and secondary storage are described in: + + About Primary Storage + About Secondary Storage + + A production installation typically uses a separate NFS server. See . + You can also use the Management Server node as the NFS server. This is more typical of a trial installation, but is technically possible in a larger deployment. + See . + + + +
\ No newline at end of file diff --git a/docs/en-US/prepare-os.xml b/docs/en-US/prepare-os.xml new file mode 100644 index 00000000000..0e23315d167 --- /dev/null +++ b/docs/en-US/prepare-os.xml @@ -0,0 +1,86 @@ +
+ Prepare the Operating System + + The OS must be prepared to host the Management Server using the following steps. These steps must be performed on each Management Server node. + + + Log in to your OS as root. + Check for a fully qualified hostname. + # hostname --fqdn + This should return a fully qualified hostname such as "kvm1.lab.example.org". If it does not, edit /etc/hosts so that it does. + + Set SELinux to be permissive by default. + + Check to see whether SELinux is installed on your machine. If not, you can skip to step 4. + In RHEL or CentOS, SELinux is installed and enabled by default. You can verify this with: + # rpm -qa | grep selinux + In Ubuntu, SELinux is not installed by default. You can verify this with: + # dpkg --list 'selinux' + + Set the SELINUX variable in /etc/selinux/config to “permissive”. This ensures that the permissive setting will be maintained after a system reboot. + In RHEL or CentOS: + # vi /etc/selinux/config + In Ubuntu (do this step only if SELinux was found on the machine in the previous step): + # selinux-config-enforcing permissive + + Then set SELinux to permissive starting immediately, without requiring a system reboot. + In CentOS: + # setenforce permissive + In RHEL: + # setenforce 0 + In Ubuntu (do this step only if SELinux was found on the machine): + # setenforce permissive + + + + Make sure that the machine can reach the Internet. + # ping www.google.com + + (RHEL 6.2) If you do not have a Red Hat Network account, you need to prepare a local Yum repository. + + If you are working with a physical host, insert the RHEL 6.2 installation CD. If you are using a VM, attach the RHEL6 ISO. + Mount the CDROM to /media. + Create a repo file at /etc/yum.repos.d/rhel6.repo. In the file, insert the following lines: + +[rhel] +name=rhel6 +baseurl=file:///media +enabled=1 +gpgcheck=0 + + + + + Turn on NTP for time synchronization. + NTP is required to synchronize the clocks of the servers in your cloud. + + Install NTP. + On RHEL or CentOS: + # yum install ntp + On Ubuntu: + # apt-get install ntp + + Edit the NTP configuration file to point to your NTP server. + # vi /etc/ntp.conf + Add one or more server lines in this file with the names of the NTP servers + you want to use. For example: + server 0.xenserver.pool.ntp.org +server 1.xenserver.pool.ntp.org +server 2.xenserver.pool.ntp.org +server 3.xenserver.pool.ntp.org + + + Restart the NTP client. + # service ntpd restart + + Make sure NTP will start again upon reboot. + On RHEL or CentOS: + # chkconfig ntpd on + On Ubuntu: + # chkconfig ntp on + + + + Repeat all of these steps on every host where the Management Server will be installed. + +
\ No newline at end of file diff --git a/docs/en-US/prepare-system-vm-template.xml b/docs/en-US/prepare-system-vm-template.xml new file mode 100644 index 00000000000..060b8929d44 --- /dev/null +++ b/docs/en-US/prepare-system-vm-template.xml @@ -0,0 +1,37 @@ + + +%BOOK_ENTITIES; +]> +
+ Prepare the System VM Template + Secondary storage must be seeded with a template that is used for &PRODUCT; system VMs. + When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text. + + On the Management Server, run one or more of the following cloud-install-sys-tmplt commands to retrieve and decompress the system VM template. Run the command for each hypervisor type that you expect end users to run in this Zone. + If your secondary storage mount point is not named /mnt/secondary, substitute your own mount point name. + If you set the &PRODUCT; database encryption type to "web" when you set up the database, you must now add the parameter -s <management-server-secret-key>. See About Password and Key Encryption. + This process will require approximately 5 GB of free space on the local file system and up to 30 minutes each time it runs. + + For XenServer: + # /usr/lib64/cloud/agent/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/acton/acton-systemvm-02062012.vhd.bz2 -h xenserver -s <optional-management-server-secret-key> -F + + For vSphere: + # /usr/lib64/cloud/agent/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/acton/acton-systemvm-02062012.ova -h vmware -s <optional-management-server-secret-key> -F + + For KVM: + # /usr/lib64/cloud/agent/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/acton/acton-systemvm-02062012.qcow2.bz2 -h kvm -s <optional-management-server-secret-key> -F + + + + 2. If you are using a separate NFS server, perform this step. If you are using the Management Server as the NFS server, you MUST NOT perform this step. + When the script has finished, unmount secondary storage and remove the created directory. + +# umount /mnt/secondary +# rmdir /mnt/secondary + + + Repeat these steps for each secondary storage server. + + +
diff --git a/docs/en-US/prepare_os.xml b/docs/en-US/prepare_os.xml new file mode 100644 index 00000000000..782a0b24d19 --- /dev/null +++ b/docs/en-US/prepare_os.xml @@ -0,0 +1,84 @@ +
+ Prepare the Operating System + + The OS must be prepared to host the Management Server using the following steps. These steps must be performed on each Management Server node. + + + Log in to your OS as root. + Check for a fully qualified hostname. + # hostname --fqdn + This should return a fully qualified hostname such as "kvm1.lab.example.org". If it does not, edit /etc/hosts so that it does. + + Set SELinux to be permissive by default. + + Check to see whether SELinux is installed on your machine. If not, you can skip to step 4. + In RHEL or CentOS, SELinux are installed and enabled by default. You can verify this with: + # rpm -qa | grep selinux + In Ubuntu, SELinux is not installed by default. You can verify this with: + # dpkg --list 'selinux' + + Set the SELINUX variable in /etc/selinux/config to “permissive”. This ensures that the permissive setting will be maintained after a system reboot. + In RHEL or CentOS: + # vi /etc/selinux/config + In Ubuntu (do this step only if SELinux was found on the machine in the previous step): + # selinux-config-enforcing permissive + + Then set SELinux to permissive starting immediately, without requiring a system reboot. + In CentOS: + # setenforce permissive + In RHEL: + # setenforce 0 + In Ubuntu (do this step only if SELinux was found on the machine): + # setenforce permissive + + + + Make sure that the Management Server can reach the Internet. + # ping www.google.com + + (RHEL 6.2) If you do not have a Red Hat Network account, you need to prepare a local Yum repository. + + If you are working with a physical host, insert the RHEL 6.2 installation CD. If you are using a VM, attach the RHEL6 ISO. + Mount the CDROM to /media. + Create a repo file at /etc/yum.repos.d/rhel6.repo. In the file, insert the following lines: + +[rhel] +name=rhel6 +baseurl=file:///media +enabled=1 +gpgcheck=0 + + + + + Turn on NTP for time synchronization. + NTP is required to synchronize the clocks of the servers in your cloud. + + Install NTP. + On RHEL or CentOS: + # yum install ntp + On Ubuntu: + # apt-get install ntp + + Edit the NTP configuration file to point to your NTP server. + # vi /etc/ntp.conf + For example, you can use one of the following: + 0.xenserver.pool.ntp.org +1.xenserver.pool.ntp.org +2.xenserver.pool.ntp.org +3.xenserver.pool.ntp.org + + + Restart the NTP client. + # service ntpd restart + + Make sure NTP will start again upon reboot. + On RHEL or CentOS: + # chkconfig ntpd on + On Ubuntu: + # chkconfig ntp on + + + + +
\ No newline at end of file diff --git a/docs/en-US/primary-storage-add.xml b/docs/en-US/primary-storage-add.xml new file mode 100644 index 00000000000..f8b49a91118 --- /dev/null +++ b/docs/en-US/primary-storage-add.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding Primary Storage + TODO +
\ No newline at end of file diff --git a/docs/en-US/primary-storage-outage-and-data-loss.xml b/docs/en-US/primary-storage-outage-and-data-loss.xml new file mode 100644 index 00000000000..1e2e588ed1b --- /dev/null +++ b/docs/en-US/primary-storage-outage-and-data-loss.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Primary Storage Outage and Data Loss + When a primary storage outage occurs the hypervisor immediately stops all VMs stored on that storage device. Guests that are marked for HA will be restarted as soon as practical when the primary storage comes back on line. With NFS, the hypervisor may allow the virtual machines to continue running depending on the nature of the issue. For example, an NFS hang will cause the guest VMs to be suspended until storage connectivity is restored.Primary storage is not designed to be backed up. Individual volumes in primary storage can be backed up using snapshots. +
diff --git a/docs/en-US/primary-storage.xml b/docs/en-US/primary-storage.xml new file mode 100644 index 00000000000..25afc214724 --- /dev/null +++ b/docs/en-US/primary-storage.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Primary Storage + This section gives concepts and technical details about CloudPlatform primary storage. For information about how to install and configure primary storage through the CloudPlatform UI, see the Advanced Installation Guide. +
+ diff --git a/docs/en-US/private-public-template.xml b/docs/en-US/private-public-template.xml new file mode 100644 index 00000000000..1acc91a2d86 --- /dev/null +++ b/docs/en-US/private-public-template.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Private and Public Templates + When a user creates a template, it can be designated private or public. + Private templates are only available to the user who created them. By default, an uploaded template is private. + When a user marks a template as “public,” the template becomes available to all users in all accounts in the user's domain, as well as users in any other domains that have access to the Zone where the template is stored. This depends on whether the Zone, in turn, was defined as private or public. A private Zone is assigned to a single domain, and a public Zone is accessible to any domain. If a public template is created in a private Zone, it is available only to users in the domain assigned to that Zone. If a public template is created in a public Zone, it is available to all users in all domains. + +
diff --git a/docs/en-US/projects.xml b/docs/en-US/projects.xml new file mode 100644 index 00000000000..37ca7b15f4e --- /dev/null +++ b/docs/en-US/projects.xml @@ -0,0 +1,13 @@ + + +%BOOK_ENTITIES; +]> +
+ Projects + Projects are used to organize people and resources. CloudPlatform users within a single domain can group themselves into project teams so they can collaborate and share virtual resources such as VMs, snapshots, templates, data disks, and IP addresses. CloudPlatform tracks resource usage per project as well as per user, so the usage can be billed to either a user account or a project. For example, a private cloud within a software company might have all members of the QA department assigned to one project, so the company can track the resources used in testing while the project members can more easily isolate their efforts from other users of the same cloud + You can configure CloudPlatform to allow any user to create a new project, or you can restrict that ability to just CloudPlatform administrators. Once you have created a project, you become that project’s administrator, and you can add others within your domain to the project. CloudPlatform can be set up either so that you can add people directly to a project, or so that you have to send an invitation which the recipient must accept. Project members can view and manage all virtual resources created by anyone in the project (for example, share VMs). A user can be a member of any number of projects and can switch views in the CloudPlatform UI to show only project-related information, such as project VMs, fellow project members, project-related alerts, and so on. + The project administrator can pass on the role to another project member. The project administrator can also add more members, remove members from the project, set new resource limits (as long as they are below the global defaults set by the CloudPlatform administrator), and delete the project. When the administrator removes a member from the project, resources created by that user, such as VM instances, remain with the project. This brings us to the subject of resource ownership and which resources can be used by a project. + Resources created within a project are owned by the project, not by any particular CloudPlatform account, and they can be used only within the project. A user who belongs to one or more projects can still create resources outside of those projects, and those resources belong to the user’s account; they will not be counted against the project’s usage or resource limits. You can create project-level networks to isolate traffic within the project and provide network services such as port forwarding, load balancing, VPN, and static NAT. A project can also make use of certain types of resources from outside the project, if those resources are shared. For example, a shared network or public template is available to any project in the domain. A project can get access to a private template if the template’s owner will grant permission. A project can use any service offering or disk offering available in its domain; however, you can not create private service and disk offerings at the project level.. +
+ diff --git a/docs/en-US/provisioning-auth-api.xml b/docs/en-US/provisioning-auth-api.xml new file mode 100644 index 00000000000..d7c518446a0 --- /dev/null +++ b/docs/en-US/provisioning-auth-api.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Provisioning and Authentication API + CloudPlatform expects that a customer will have their own user provisioning infrastructure. It provides APIs to integrate with these existing systems where the systems call out to CloudPlatform to add/remove users.. + CloudPlatform supports pluggable authenticators. By default, CloudPlatform assumes it is provisioned with the user’s password, and as a result authentication is done locally. However, external authentication is possible as well. For example, see Using an LDAP Server for User Authentication . +
\ No newline at end of file diff --git a/docs/en-US/provisioning-steps-overview.xml b/docs/en-US/provisioning-steps-overview.xml new file mode 100644 index 00000000000..3c1d46588c7 --- /dev/null +++ b/docs/en-US/provisioning-steps-overview.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> +
+ Overview of Provisioning Steps + After the Management Server is installed and running, you can add the compute resources for it to manage. For an overview of how a &PRODUCT; cloud infrastructure is organized, see . + To provision the cloud infrastructure, or to scale it up at any time, follow these procedures: + + Change the root password. See . + Add a zone. See . + Add more pods (optional). See . + Add more clusters (optional). See . + Add more hosts (optional). See . + Add primary storage. See . + Add secondary storage. See . + Initialize and test the new cloud. See . + + When you have finished these steps, you will have a deployment with the following basic structure: + + + + + provisioning-overview.png: Conceptual overview of a basic deployment + +
diff --git a/docs/en-US/provisioning-steps.xml b/docs/en-US/provisioning-steps.xml new file mode 100644 index 00000000000..62ab9fa336b --- /dev/null +++ b/docs/en-US/provisioning-steps.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ Steps to Provisioning Your Cloud Infrastructure + This section tells how to add zones, pods, clusters, hosts, storage, and networks to your cloud. If you are unfamiliar with these entities, please begin by looking through . + + + + + + + + + +
\ No newline at end of file diff --git a/docs/en-US/provisioning.xml b/docs/en-US/provisioning.xml new file mode 100644 index 00000000000..17309583ee0 --- /dev/null +++ b/docs/en-US/provisioning.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> + + Provisioning Your Cloud Infrastructure + + + \ No newline at end of file diff --git a/docs/en-US/query-filter.xml b/docs/en-US/query-filter.xml new file mode 100644 index 00000000000..bb577746aac --- /dev/null +++ b/docs/en-US/query-filter.xml @@ -0,0 +1,42 @@ + + +%BOOK_ENTITIES; +]> +
+ Query Filter + The query filter is used to find a mapped user in the external LDAP server. The query filter should uniquely map the CloudPlatform user to LDAP user for a meaningful authentication. For more information about query filter syntax, consult the documentation for your LDAP server. + The CloudPlatform query filter wildcards are: + + + + + Query Filter Wildcard + Description + + + + + %u + User name + + + %e + Email address + + + %n + First and last name + + + + + The following examples assume you are using Active Directory, and refer to user attributes from the Active Directory schema. + If the CloudPlatform user name is the same as the LDAP user ID: + (uid=%u) + If the CloudPlatform user name is the LDAP display name: + (displayName=%u) + To find a user by email address: + + (mail=%e) +
diff --git a/docs/en-US/release-ip-address.xml b/docs/en-US/release-ip-address.xml new file mode 100644 index 00000000000..59c4814c9c2 --- /dev/null +++ b/docs/en-US/release-ip-address.xml @@ -0,0 +1,22 @@ + + +%BOOK_ENTITIES; +]> +
+ Releasing an IP Address + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network. + Click the name of the network where you want to work with. + Click View IP Addresses. + Click the IP address you want to release. + + Click the Release IP button + + + + ReleaseIPButton.png: button to release an IP + . + +
diff --git a/docs/en-US/release-notes-3.0.4.xml b/docs/en-US/release-notes-3.0.4.xml new file mode 100644 index 00000000000..21f47c61458 --- /dev/null +++ b/docs/en-US/release-notes-3.0.4.xml @@ -0,0 +1,2420 @@ + + +%BOOK_ENTITIES; +]> + + + + Submitting Feedback and Getting Help + The support team is available to help customers plan and execute their installations. To contact the support team, log in to the Support Portal by using the account credentials you received when you purchased your support contract. + + + Upgrade Instructions +
+ Upgrade from 3.0.x to 3.0.4 + Perform the following to upgrade from version 3.0.0, 3.0.1, 3.0.2, or 3.0.3 to version 3.0.4. + + If you are upgrading from 3.0.0 or 3.0.1, ensure that you query your IP address usage records and process them; for example, issue invoices for any usage that you have not yet billed users for. + Starting in 3.0.2, the usage record format for IP addresses is the same as the rest of the usage types. See bug CS-8222). Instead of a single record with the assignment and release dates, separate records are generated per aggregation period with start and end dates. After upgrading, any existing IP address usage records in the old format will no longer be available. + Stop all Usage Servers if running. Run this on all Usage Server hosts.# service cloud-usage stop + Stop the Management Servers. Run this on all Management Server hosts.# service cloud-management stop + On the MySQL master, take a backup of the MySQL databases. We recommend performing this step even in test upgrades. If there is an issue, this will assist with debugging. + In the following commands, it is assumed that you have set the root password on the database, which is a CloudPlatform recommended best practice. Substitute your own MySQL root password. + # mysqldump -u root -p<mysql_password> cloud >> cloud-backup.dmp +# mysqldump -u root -p<mysql_password> cloud_usage > cloud-usage-backup.dmp + + Download CloudPlatform 3.0.4 onto management server host where it will run. Get the software from the following link: + . + You need a My Citrix Account. + Upgrade the CloudPlatform packages. You should have a file in the form of + “CloudStack-3.0.4-N-OSVERSION.tar.gz”. Untar the file, then run the install.sh script inside it. Replace the file and directory names below with those you are using: + # tar xzf CloudStack-3.0.4-N-OSVERSION.tar.gz +# cd CloudStack-3.0.4-N-OSVERSION +# ./install.sh + + You should see a few messages as the installer prepares, followed by a list of choices. + Choose "U" to upgrade the package>UYou should see some output as the upgrade proceeds, ending with a message like "Complete! Done." + If you have made changes to your existing copy of the file components.xml in your previous-version CloudPlatform installation, the changes will be preserved in the upgrade. However, you need to do the following steps to place these changes in a new version of the file which is compatible with version 3.0.4. + How will you know whether you need to do this? If the upgrade output in the previous step included a message like the following, then some custom content was found in your old components.xml, and you need to merge the two files: + warning: /etc/cloud/management/components.xml created as /etc/cloud/management/components.xml.rpmnew + + Make a backup copy of your /etc/cloud/management/components.xml file. For example: + # mv /etc/cloud/management/components.xml /etc/cloud/management/components.xml-backup + Copy /etc/cloud/management/components.xml.rpmnew to create a new /etc/cloud/management/components.xml: + # cp -ap /etc/cloud/management/components.xml.rpmnew /etc/cloud/management/components.xml + Merge your changes from the backup file into the new components.xml file.# vi /etc/cloud/management/components.xml + + + Repeat steps 5 - 8 on each management server node. + Start the first Management Server. Do not start any other Management Server nodes yet. + # service cloud-management startWait until the databases are upgraded. Ensure that the database upgrade is complete. After confirmation, start the other Management Servers one at a time by running the same command on each node. + Failing to restart the Management Server indicates a problem in the upgrade. Having the Management Server restarted without any issues indicates that the upgrade is successfully completed. + Start all Usage Servers (if they were running on your previous version). Perform this on each Usage Server host. + # service cloud-usage start + 12. (KVM only) Additional steps are required for each KVM host. These steps will not affect running guests in the cloud. These steps are required only for clouds using KVM as hosts and only on the KVM hosts. + + Copy the CloudPlatform 3.0.4 tar file to the host, untar it, and change directory to the resulting directory. + Stop the running agent. + # service cloud-agent stop + Update the agent software.# ./install.sh + Choose "U" to update the packages. + Start the agent.# service cloud-agent start + + + Log in to the CloudPlatform UI as administrator, and check the status of the hosts. All hosts should come to Up state (except those that you know to be offline). You may need to wait 20 or 30 minutes, depending on the number of hosts. + Troubleshooting: If login fails, clear your browser cache and reload the page. + Do not proceed to the next step until the hosts show in Up state. If the hosts do not come to the Up state, contact support. + If you are upgrading from 3.0.1 or 3.0.2, perform the following: + + Ensure that the admin port is set to 8096 by using the "integration.api.port" global parameter. + This port is used by the cloud-sysvmadm script at the end of the upgrade procedure. For information about how to set this parameter, see “Edit the Global Configuration Settings” in the Advanced Installation Guide. + Restart the Management Server. + If you don't want the admin port to remain open, you can set it to null after the upgrade is done and restart the management server + + Run the following script to stop, then start, all Secondary Storage VMs, Console Proxy VMs, and virtual routers. Run the script once on one management server. The script requires the IP address of the MySQL instance, the MySQL user to connect as, and the password to use for that user. In addition to those parameters, provide the "-a" argument. For example: + # nohup cloud-sysvmadm -d 192.168.1.5 -u cloud -p password -a > sysvm.log 2>&1 & +# tail -f sysvm.log + + This might take up to an hour or more to run, depending on the number of accounts in the system. + + In order to deploy AWS API on its new port (7080), you need to deploy it under a separate webapps folder and make some changes to port settings. + + Create the new webapps folder: + # mkdir -p /usr/share/cloud/management/webapps7080 + + Create a symbolic link: + # ln -s /usr/share/cloud/bridge/webapps/awsapi /usr/share/cloud/management/webapps7080/awsapi + + Remove the old folder: + # rm /usr/share/cloud/management/webapps/awsapi + + Open port 7080: + # iptables -I INPUT -p tcp -m tcp --dport 7080 -j ACCEPT + + If you have made any modifications in server.xml on your existing CloudPlatform installation, back it up: + # mv /etc/cloud/management/server.xml /etc/cloud/management/server.xml-backup + Then replace with the new server.xml file: + # cp /etc/cloud/management/server.xml.rpmnew /etc/cloud/management/server.xml + Merge any changes from the backup file into the new server.xml file. + # vi /etc/cloud/management/server.xml + + Open the /etc/cloud/management/ec2.service.properties file in your favorite editor. For example: + # vi /etc/cloud/management/ec2.service.properties + Add the following to specify the Management Server host and port to which AWS API calls should be forwarded. Substitute your actual Management Server IP address. + +managementServer=<management.server.IP.address> +cloudAPIPort=8080 + + + Restart the Management Server to put the new settings into effect. + + + If needed, upgrade all Citrix XenServer hypervisor hosts in your cloud to a version supported by CloudPlatform 3.0.4. The supported versions are XenServer 5.6 SP2 and 6.0.2. Instructions for upgrade can be found in the CloudPlatform 3.0.3 Advanced Installation Guide. + Now apply the XenServer hotfix XS602E003 to XenServer v6.0.2 hypervisor hosts. (Support for this hotfix is the reason for release 3.0.4.) + + Disconnect the XenServer cluster from CloudPlatform. + In the left navigation bar of the CloudPlatform UI, select Infrastructure. Under Clusters, click View All. Select the XenServer cluster and click Actions - Unmanage. + This may fail if there are hosts not in one of the states Up, Down, Disconnected, or Alert. You may need to fix that before unmanaging this cluster. + Wait until the status of the cluster has reached Unmanaged. Use the CloudPlatform UI to check on the status. When the cluster is in the unmanaged state, there is no connection to the hosts in the cluster. + + To clean up the VLAN, log in to one XenServer host and run: + /opt/xensource/bin/cloud-clean-vlan.sh + + + Now prepare the upgrade by running the following on one XenServer host: + /opt/xensource/bin/cloud-prepare-upgrade.sh + If you see a message like "can't eject CD", log in to the VM and umount the CD, then run this script again. + + Upload the hotfix to the XenServer hosts. Always start with the Xen pool master, then the slaves. Using your favorite file copy utility (e.g. WinSCP), copy the hotfixes to the host. Place them in a temporary folder such as /root or /tmp. + On the Xen pool master, upload the hotfix with this command: + xe patch-upload file-name=XS602E003.xsupdate + Make a note of the output from this command, which is a UUID for the hotfix file. You'll need it in another step later. + (Optional) If you are applying other hotfixes as well, you can repeat the commands in this section with the appropriate hotfix number. For example, XS602E004.xsupdate. + + Manually live migrate all VMs on this host to another host. First, get a list of the VMs on this host: + # xe vm-list + Then use this command to migrate each VM. Replace the example host name and VM name with your own: + # xe vm-migrate live=true host=<host-name> vm=<VM-name> + Troubleshooting: If you see a message like "You attempted an operation on a VM which requires PV drivers to be installed but the drivers were not detected," run /opt/xensource/bin/make_migratable.sh b6cf79c8-02ee-050b-922f-49583d9f1a14. + + Apply the hotfix. First, get the UUID of this host: + # xe host-list + Then use the following command to apply the hotfix. Replace the example host UUID with the current host ID, + and replace the hotfix UUID with the output from the patch-upload command you ran on this machine earlier. + You can also get the hotfix UUID by running xe patch-list. + + xe patch-apply host-uuid=<host-uuid> uuid=<hotfix-uuid> + + Copy the following files from the CloudPlatform Management Server to the host. + + + + + + + Copy from here... + ...to here + + + + + /usr/lib64/cloud/agent/scripts/vm/hypervisor/xenserver/xenserver60/NFSSR.py + /opt/xensource/sm/NFSSR.py + + + /usr/lib64/cloud/agent/scripts/vm/hypervisor/xenserver/setupxenserver.sh + /opt/xensource/bin/setupxenserver.sh + + + /usr/lib64/cloud/agent/scripts/vm/hypervisor/xenserver/make_migratable.sh + /opt/xensource/bin/make_migratable.sh + + + + + + Reboot this XenServer host. + Run the following: + /opt/xensource/bin/setupxenserver.sh + If the message "mv: cannot stat `/etc/cron.daily/logrotate': No such file or directory" appears, you can safely ignore it. + + Run the following: + for pbd in `xe pbd-list currently-attached=false| grep ^uuid | awk '{print $NF}'`; do xe pbd-plug uuid=$pbd ; + + On each slave host in the Xen pool, repeat these steps, starting from "manually live migrate VMs." + + + + +
+
+ Upgrade from 2.2.x to 3.0.4 + + Ensure that you query your IPaddress usage records and process them; for example, issue invoices for any usage that you have not yet billed users for. + Starting in 3.0.2, the usage record format for IP addresses is the same as the rest of the usage types. See CS-8222. Instead of a single record with the assignment and release dates, separate records are generated per aggregation period with start and end dates. After upgrading to 3.0.4, any existing IP address usage records in the old format will no longer be available. + If you are using version 2.2.0 - 2.2.13, first upgrade to 2.2.14 by using the instructions in the 2.2.14 Release Notes. + (KVM only) If KVM hypervisor is used in your cloud, be sure you completed the step to insert a valid username and password into the host_details table on each KVM node as described in the 2.2.14 Release Notes. This step is critical, as the database will be encrypted after the upgrade to 3.0.4. + While running the 2.2.14 system, log in to the UI as root administrator. + Using the UI, add a new System VM template for each hypervisor type that is used in your cloud. In each zone, add a system VM template for each hypervisor used in that zone + + In the left navigation bar, click Templates. + In Select view, click Templates. + Click Register template.The Register template dialog box is displayed. + In the Register template dialog box, specify the following values depending on the hypervisor type (do not change these): + + + + + + + Hypervisor + Description + + + + + XenServer + Name: systemvm-xenserver-3.0.0 + Description: systemvm-xenserver-3.0.0 + URL: http://download.cloud.com/templates/acton/acton-systemvm-02062012.vhd.bz2 + Zone: Choose the zone where this hypervisor is used + Hypervisor: XenServer + Format: VHD + OS Type: Debian GNU/Linux 5.0 (32-bit) + Extractable: no + Password Enabled: no + Public: no + Featured: no + + + + KVM + Name: systemvm-kvm-3.0.0 + Description: systemvm-kvm-3.0.0 + URL: http://download.cloud.com/templates/acton/acton-systemvm-02062012.qcow2.bz2 + Zone: Choose the zone where this hypervisor is used + Hypervisor: KVM + Format: QCOW2 + OS Type: Debian GNU/Linux 5.0 (32-bit) + Extractable: no + Password Enabled: no + Public: no + Featured: no + + + + VMware + Name: systemvm-vmware-3.0.0 + Description: systemvm-vmware-3.0.0 + URL: http://download.cloud.com/templates/acton/acton-systemvm-02062012.ova + Zone: Choose the zone where this hypervisor is used + Hypervisor: VMware + Format: OVA + OS Type: Debian GNU/Linux 5.0 (32-bit) + Extractable: no + Password Enabled: no + Public: no + Featured: no + + + + + + + + + Watch the screen to be sure that the template downloads successfully and enters the READY state. Do not proceed until this is successful + WARNING: If you use more than one type of hypervisor in your + cloud, be sure you have repeated these steps to download the system VM + template for each hypervisor type. Otherwise, the upgrade will + fail. + Stop all Usage Servers if running. Run this on all Usage Server hosts. + # service cloud-usage stop + Stop the Management Servers. Run this on all Management Server hosts. + # service cloud-management stop + On the MySQL master, take a backup of the MySQL databases. We recommend performing this step even in test upgrades. If there is an issue, this will assist with debugging. + In the following commands, it is assumed that you have set the root password on the database, which is a CloudPlatform recommended best practice. Substitute your own MySQL root password. + # mysqldump -u root -p<mysql_password> cloud >> cloud-backup.dmp +# mysqldump -u root -p<mysql_password> cloud_usage > cloud-usage-backup.dmp + + + Download CloudPlatform 3.0.4 onto management server host where it will run. Get the software from the following link: + + You need a My Citrix Account. + Upgrade the CloudPlatform packages. You should have a file in the form of + “CloudStack-3.0.4-N-OSVERSION.tar.gz”. Untar the file, then run the install.sh script inside it. Replace the file and directory names below with those you are using: + # tar xzf CloudStack-3.0.4-N-OSVERSION.tar.gz +# cd CloudStack-3.0.4-N-OSVERSION +# ./install.sh + + You should see a few messages as the installer prepares, followed by a list of choices. + Choose "U" to upgrade the package>UYou should see some output as the upgrade proceeds, ending with a message like "Complete! Done." + If you have made changes to your existing copy of the file components.xml in your previous-version CloudPlatform installation, the changes will be preserved in the upgrade. However, you need to do the following steps to place these changes in a new version of the file which is compatible with version 3.0.4. + How will you know whether you need to do this? If the upgrade output in the previous step included a message like "warning: /etc/cloud/management/components.xml created as /etc/cloud/management/components.xml.rpmnew", then some custom content was found in your old components.xml, and you need to merge the two files: + + Make a backup copy of your /etc/cloud/management/components.xml file. For example: + # mv /etc/cloud/management/components.xml /etc/cloud/management/components.xml-backup + Copy /etc/cloud/management/components.xml.rpmnew to create a new /etc/cloud/management/components.xml: + # cp -ap /etc/cloud/management/components.xml.rpmnew /etc/cloud/management/components.xml + Merge your changes from the backup file into the new components.xml file.# vi /etc/cloud/management/components.xml + + + If you have made changes to your existing copy of the /etc/cloud/management/db.properties file in your previous-version CloudPlatform installation, the changes will be preserved in the upgrade. However, you need to do the following steps to place these changes in a new version of the file which is compatible with version 3.0.4. + + Make a backup copy of your file /etc/cloud/management/db.properties. For example: + # mv /etc/cloud/management/db.properties /etc/cloud/management/db.properties-backup + Copy /etc/cloud/management/db.properties.rpmnew to create a new /etc/cloud/management/db.properties: + # cp -ap /etc/cloud/management/db.properties.rpmnew etc/cloud/management/db.properties + Merge your changes from the backup file into the new db.properties file. + # vi /etc/cloud/management/db.properties + + + On the management server node, run the following command. It is recommended that you use the command-line flags to provide your own encryption keys. See Password and Key Encryption in the Installation Guide. + # cloud-setup-encryption -e <encryption_type> -m <management_server_key> -k <database_key> + When used without arguments, as in the following example, the default encryption type and keys will be used: + + (Optional) For encryption_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. + (Optional) For management_server_key, substitute the default key that is used to encrypt confidential parameters in the properties file. Default: password. It is highly recommended that you replace this with a more secure value + (Optional) For database_key, substitute the default key that is used to encrypt confidential parameters in the CloudPlatform database. Default: password. It is highly recommended that you replace this with a more secure value. + + + Repeat steps 10 - 15 on every management server node. If you provided your own encryption key in step 15, use the same key on all other management servers. + Start the first Management Server. Do not start any other Management Server nodes yet. + # service cloud-management start + Wait until the databases are upgraded. Ensure that the database upgrade is complete. You should see a message like "Complete! Done." After confirmation, start the other Management Servers one at a time by running the same command on each node. + Start all Usage Servers (if they were running on your previous version). Perform this on each Usage Server host. + # service cloud-usage start + (KVM only) Additional steps are required for each KVM host. These steps will not affect running guests in the cloud. These steps are required only for clouds using KVM as hosts and only on the KVM hosts. + + Copy the CloudStack 3.0.4 .tgz download to the host, untar it, and cd into the resulting directory. + Stop the running agent. + # service cloud-agent stop + Update the agent software.# ./install.sh + Choose "U" to update the packages. + Start the agent.# service cloud-agent start + + + Log in to the CloudPlatform UI as admin, and check the status of the hosts. All hosts should come to Up state (except those that you know to be offline). You may need to wait 20 or 30 minutes, depending on the number of hosts. + Do not proceed to the next step until the hosts show in the Up state. If the hosts do not come to the Up state, contact support. + Run the following script to stop, then start, all Secondary Storage VMs, Console Proxy VMs, and virtual routers. + + Run the command once on one management server. Provide the IP address of the MySQL instance, the MySQL user name, and the database password for that user. In addition to those parameters, provide the "-a" argument. For example: + # nohup cloud-sysvmadm -d 192.168.1.5 -u cloud -p password -a > sysvm.log 2>&1 & + This might take up to an hour or more to run, depending on the number of accounts in the system. + + After the script terminates, check the log to verify correct execution: + # tail -f sysvm.log + The content should be like the following: + +Stopping and starting 1 secondary storage vm(s)... +Done stopping and starting secondary storage vm(s) +Stopping and starting 1 console proxy vm(s)... +Done stopping and starting console proxy vm(s). +Stopping and starting 4 running routing vm(s)... +Done restarting router(s). + + + + + If you would like additional confirmation that the new system VM templates were correctly applied when these system VMs were rebooted, SSH into the System VM and check the version. + Use one of the following techniques, depending on the hypervisor. + + XenServer or KVM: + SSH in by using the link local IP address of the system VM. For example, in the command below, substitute your own path to the private key used to log in to the system VM and your own link local IP. + Run the following commands on the XenServer or KVM host on which the system VM is present: + # ssh -i <private-key-path> <link-local-ip> -p 3922 +# cat /etc/cloudstack-releaseThe output should be like the following: + Cloudstack Release 3.0 Mon Feb 6 15:10:04 PST 2012 + + ESXi + SSH in using the private IP address of the system VM. For example, in the command below, substitute your own path to the private key used to log in to the system VM and your own private IP. + Run the following commands on the Management Server:# ssh -i <private-key-path> <private-ip> -p 3922 +# cat /etc/cloudstack-release +The output should be like the following: + Cloudstack Release 3.0 Mon Feb 6 15:10:04 PST 2012 + + In order to deploy AWS API on its new port (7080), you need to deploy it under a separate webapps folder. + + Create the new webapps folder: + # mkdir -p /usr/share/cloud/management/webapps7080 + + Create a symbolic link: + # ln -s /usr/share/cloud/bridge/webapps/awsapi /usr/share/cloud/management/webapps7080/awsapi + + Remove the old folder: + # rm /usr/share/cloud/management/webapps/awsapi + + Open port 7080: + # iptables -I INPUT -p tcp -m tcp --dport 7080 -j ACCEPT + + If you have made any modifications in server.xml on your existing CloudPlatform installation, back it up: + # mv /etc/cloud/management/server.xml /etc/cloud/management/server.xml-backup + Then replace with the new server.xml file: + # cp /etc/cloud/management/server.xml.rpmnew /etc/cloud/management/server.xml + Merge any changes from the backup file into the new server.xml file. + # vi /etc/cloud/management/server.xml + + Open the /etc/cloud/management/ec2.service.properties file in your favorite editor. For example: + # vi /etc/cloud/management/ec2.service.properties + Add the following to specify the Management Server host and port to which AWS API calls should be forwarded. + +managementServer=<management.server.IP.address> +cloudAPIPort=8080 + + + Restart the Management Server to put the new settings into effect. + + + If needed, upgrade all Citrix XenServer hypervisor hosts in your cloud to a version supported by CloudPlatform 3.0.4. The supported versions are XenServer 5.6 SP2 and 6.0.2. Instructions for upgrade can be found in the CloudPlatform 3.0.3 Advanced Installation Guide. + Now apply the XenServer hotfix XS602E003 to XenServer v6.0.2 hypervisor hosts. (Support for this hotfix is the reason for release 3.0.4.) + + Disconnect the XenServer cluster from CloudPlatform. + In the left navigation bar of the CloudPlatform UI, select Infrastructure. Under Clusters, click View All. Select the XenServer cluster and click Actions - Unmanage. + This may fail if there are hosts not in one of the states Up, Down, Disconnected, or Alert. You may need to fix that before unmanaging this cluster. + Wait until the status of the cluster has reached Unmanaged. Use the CloudPlatform UI to check on the status. When the cluster is in the unmanaged state, there is no connection to the hosts in the cluster. + + To clean up the VLAN, log in to one XenServer host and run: + /opt/xensource/bin/cloud-clean-vlan.sh + + + Now prepare the upgrade by running the following on one XenServer host: + /opt/xensource/bin/cloud-prepare-upgrade.sh + If you see a message like "can't eject CD", log in to the VM and umount the CD, then run this script again. + + Upload the hotfix to the XenServer hosts. Always start with the Xen pool master, then the slaves. Using your favorite file copy utility (e.g. WinSCP), copy the hotfixes to the host. Place them in a temporary folder such as /root or /tmp. + On the Xen pool master, upload the hotfix with this command: + xe patch-upload file-name=XS602E003.xsupdate + Make a note of the output from this command, which is a UUID for the hotfix file. You'll need it in another step later. + (Optional) If you are applying other hotfixes as well, you can repeat the commands in this section with the appropriate hotfix number. For example, XS602E004.xsupdate. + + Manually live migrate all VMs on this host to another host. First, get a list of the VMs on this host: + # xe vm-list + Then use this command to migrate each VM. Replace the example host name and VM name with your own: + # xe vm-migrate live=true host=<host-name> vm=<VM-name> + Troubleshooting: If you see a message like "You attempted an operation on a VM which requires PV drivers to be installed but the drivers were not detected," run /opt/xensource/bin/make_migratable.sh b6cf79c8-02ee-050b-922f-49583d9f1a14. + + Apply the hotfix. First, get the UUID of this host: + # xe host-list + Then use the following command to apply the hotfix. Replace the example host UUID with the current host ID, + and replace the hotfix UUID with the output from the patch-upload command you ran on this machine earlier. + You can also get the hotfix UUID by running xe patch-list. + + xe patch-apply host-uuid=<host-uuid> uuid=<hotfix-uuid> + + Copy the following files from the CloudPlatform Management Server to the host. + + + + + + + Copy from here... + ...to here + + + + + /usr/lib64/cloud/agent/scripts/vm/hypervisor/xenserver/xenserver60/NFSSR.py + /opt/xensource/sm/NFSSR.py + + + /usr/lib64/cloud/agent/scripts/vm/hypervisor/xenserver/setupxenserver.sh + /opt/xensource/bin/setupxenserver.sh + + + /usr/lib64/cloud/agent/scripts/vm/hypervisor/xenserver/make_migratable.sh + /opt/xensource/bin/make_migratable.sh + + + + + + Reboot this XenServer host. + Run the following: + /opt/xensource/bin/setupxenserver.sh + If the message "mv: cannot stat `/etc/cron.daily/logrotate': No such file or directory" appears, you can safely ignore it. + + Run the following: + for pbd in `xe pbd-list currently-attached=false| grep ^uuid | awk '{print $NF}'`; do xe pbd-plug uuid=$pbd ; + + On each slave host in the Xen pool, repeat these steps, starting from "manually live migrate VMs." + + + +
+
+ Upgrade from 2.1.x to 3.0.4 + Direct upgrades from version 2.1.0 - 2.1.10 to 3.0.4 are not supported. It must first be upgraded to version 2.2.14. For information on how to upgrade from 2.1.x to 2.2.14, see the version 2.2.14 Release Notes. +
+ + + Version 3.0.4 + +
+ What’s New in 3.0.4 + CloudPlatform 3.0.4 is the first maintenance patch for CloudPlatform 3.0.3. This release includes no new features. For a list of the major fixed items, see Issues Fixed in 3.0.4. +
+
+ Issues Fixed in 3.0.4 + + + + + + + + + + + + + CS-15376, CS-15373 + The AWS APIs (EC2 and S3) now listen on the 7080 port and send request to CloudStack on the 8080 port just as any other clients of CloudStack. + + + CS-13944 + The CloudPlatform 2.2.x to 3.0.x database upgrade for multiple physical networks is now supported. + + + CS-15300 + The admin accounts of a domain now honour the limits imposed on that domain just like the regular accounts do. A domain admin now is not allowed to create an unlimited number of instances, volumes, snapshots, and so on. + + + CS-15396 + The CloudPlatform database now contain the UUD information after the 2.2.14 to 3.0.4 upgrade. + + + CS-15450 + Upgrade from 2.2.14 to 3.0.4 no longer fails on a VMware host. + + + CS-15449 + Running cloudstack-aws-api-register no longer fails with the "User registration failed with error: [Errno 113] No route to host" error. + + + CS-15455 + The iptable rules are configured to open the awsapi port (7080) as part of the installation. + + + CS-15429 + While creating an instance with data volume, disk offering also is considered while checking the account limit on volume resources. + + + CS-15414 + After the 2.2.14 to 3.0.4 upgrade, the value of the global parameter xen.guest.network.device is now decrypted before setting the traffic label. + + + CS-15382 + During 2.2.14 to 3.0.4 upgrade, the hosts no longer go to the Alert state if destroyed networks existed with non-existent tags prior to upgrade. + + + CS-15323 + CloudPlatform supports the following Citrix XenServer hotfixes: XS602E003, XS602E004, and + XS602E005. + + + CS-15430 + Create snapshot now fails if creating a snapshot exceeds the snapshot resource limit for a domain admin or a user account. + + + + + + + + +
+
+ Known Issues in 3.0.4 + + + + + + + Issue ID + Description + + + + + CS-15476 + The 2.2.14 to 3.0.4 upgrade fails if multiple untagged physical networks exist before the upgrade. + + + CS-15407 + After the 2.2.14 to 3.0.4 upgrade, VLAN allocation on multiple physical networks does not happen as expected. + To workaround this issue, follow the instructions given below: + + Revert to your 2.2.14 setup. + Stop all the VMs with the isolated virtual networks in your cloud setup. + Run following query to find if any networks still have the NICs allocated: + + Check if any virtual guest networks have the NICs allocated: + #SELECT DISTINCT op.id from `cloud`.`op_networks` op JOIN `cloud`.`networks` n on op.id=n.id WHERE nics_count != 0 AND guest_type = 'Virtual'; + If this returns any network IDs, then ensure the following: + + All the VMs are stopped. + No new VM is started. + Shutdown the Management Server. + + Remove the NICs count for the virtual network IDs returned in step (a), and set the NIC count to 0: + UPDATE `cloud`.`op_networks` SET nics_count = 0 WHERE id = <enter id of virtual network> + Restart the Management Server, and wait for all the networks to shut down. + Networks shutdown is determined by the network.gc.interval and network.gc.wait parameters. + + + Ensure that all the networks are shut down and all the guest VNETs are free. + Run the upgrade script.This allocates all your guest VNET ranges to the first physical network. + By using the updatePhysicalNetwork API, reconfigure the VNET ranges for each physical network as desired. + Start all the VMs. + + + + + CS-14680 + CloudStack and LDAP user validation cannot happen simultaneously because the user password is hashed and stored in the database, and LDAP requires the passwords in plain text. + To work with the LDAP user, the MD5 hash should be disabled in the login process by commenting the following variable in sharedFunctions.js file available at /usr/share/cloud/management/webapps/client/scripts, and restart the cloud-management service. + var md5HashedLogin = false;However, if md5HashedLogin is set to false, the end user can login with the LDAP credentials + but not with the CloudPlatform user credentials. + + + CS-15578 + Upgrade from 2.2.14 to 3.04 fails with an exception if the setup has a zone deleted and the + corresponding router state removed. + To workaround this issue, perform the following before upgrading from 2.2.x to 3.0.4: + # mysql> delete dr from domain_router dr, vm_instance vi, data_center dc where dr.id = vi.id and vi.data_center_id = dc.id and dc.removed is not null; + + + + + + + + + + + + +
+ + + Version 3.0.3 + +
+ What's New in 3.0.3 + +
+ Secure Console Access on XenServer + With the addition of Secure Console feature, users can now securely access the VM consoles on the XenServer hypervisor. You can either SSH or use the View Console option in the Management Server to securely connect to the VMs on the XenServer host. The Management Server uses the xapi API to stream the VM consoles. However, there is no change in the way you can access the console of a VM. This feature is supported on XenServer 5.6 and 6.0 versions. +
+
+ Stopped VM + This release supports creating VMs without starting them on the backend. You can determine whether the VM needs to be started as part of the VM deployment. A VM can be deployed in two ways: create and start a VM (the default method); create a VM and leave it in the stopped state. + A new request parameter, startVM, is introduced in the deployVm API to support the stopped VM feature. The possible values are: + + true - The VM starts as a part of the VM deployment + false - The VM is left in stopped state at the end of the VM deployment + +
+
+ Uploading an Existing Volume to a Virtual Machine + Existing data can now be made accessible to a virtual machine. This is called uploading a volume to the VM. For example, this is useful to upload data from a local file system and attach it to a VM. Root administrators, domain administrators, and end users can all upload existing volumes to VMs. The upload is performed by using HTTP. The uploaded volume is placed in the zone's secondary storage. + This functionality is supported for the following hypervisors: + + Hypervisor : Disk Image Format + XenServer : VHD + VMware : OVA + KVM : QCOW2 + OVM : RAW + +
+
+ Dedicated High-Availability Hosts + One or more hosts can now be designated for use only by high-availability (HA) enabled VMs that are restarted due to a host failure. Setting up a pool of such dedicated HA hosts as the recovery destination for all HA-enabled VMs make it easier to determine which VMs are restarted as part of the high-availability function. You can designate a host as a dedicated-HA restart node only if the Dedicated HA Hosts feature is enabled by setting the appropriate global configuration parameter. +
+
+ Support for Amazon Web Services API + This release supports Amazon Web Services APIs, including Elastic Compute Cloud (EC2) API. Fidelity with the EC2 API and the installation experience for this functionality are both enhanced. In prior releases, users were required to install a separate component called CloudBridge, in addition to installing the Management Server. For new installations of CloudPlatform 3.0.3, this software is installed automatically along with CloudPlatform and runs in a more closely integrated fashion. The feature is disabled by default, but can be easily enabled by setting the appropriate global configuration parameter and performing a few setup steps. +
+
+ Support for Cisco Nexus 1000v Virtual Switch + In addition to standard vSwitch, Cisco Nexus 1000v is now supported for virtual network configuration in VMware vSphere deployments. With this, guest traffic isolation through VLANs is possible in VMware environment. Using Nexus virtual switch simplifies configuring and monitoring virtual networks that span across a large number of hosts, and facilitates live migration in VMWare-based cloud deployment. +
+
+
+ Summary of New Features by Bug Number + + + + + + + Issue ID + Feature + + + + + CS-14385 + Dedicated High Availability Host + + + CS-14378 + Stopped VM + + + CS-10789 + Uploading an Existing Volume to a Virtual Machine + + + CS-6061 + Secure Console Access on XenServer + + + CS-9909 + Cisco Nexus 1000v Support + + + CS-14435 + Support for Amazon Web Services API + + + + +
+
+ Issues Fixed in 3.0.3 + + + + + + + Defects + Description + + + + + CS-14256 + Virtual Router no longer remains in starting state for subdomain or user on a KVM 3.0.1 prerlease host on RHEL 6.2. + + + CS-7495 + Implemented a variety of Xen management host improvements. + + + CS-8105 + NFS v4 for primary storage now works as expected on KVM hosts. + + + CS-9989 + The error messages returned during VM deployment failure will have much more details than before. + + + CS-12584 + You can no longer add security groups not supported by the hypervisor in use. + + + CS-12705 + When creating a Network offering by using SRX as the service provider for SourceNAT servcies, an option is given in the CloudPlatform UI now to set the source_nat type to "per Zone"/"per account". + + + CS-12782 + Assigning a VM from Basic to Advanced zone no longer ignores the network ID. A warning message is displayed for VM movements across zones. + + + CS-12591 + Broadcast Address on the Second Public IP NIC is now corrected. + + + CS-13272 + When a user is deleted, all the associated properties, such as IPs and virtual routers, are now deleted. + + + CS-13377 + Creating template from a root disk of a stopped instance now provides an option to make it a "Featured template". + + + CS-13500 + Reaching the first guest VM by using its public IP from the second guest VM no longer fails. + + + CS-13853 + The default gateway can no longer be 0.0.0.0 in the Secondary Storage VM (SSVM). + + + CS-13863 + The queryAsyncJobResult command in XML format now returns the correct UUIDs. + + + CS-13867 + Corrected CSP xenserver-cloud-supp.tgz for XenServer 5.6 and 6.0. + + + CS-13904 + Labels and values for the service offerings CPU and memory are now consistent. + + + CS-13998 + The SSVM kernel panic issue is fixed on XenServer. + + + CS-14090 + The issue is fixed where running the VMware snapshots randomly fails with the ArrayIndexOutOfBoundsException error. + + + CS-14021 + The java.lang.OutOfMemoryError is fixed on the Management Server. + + + CS-14025 + The Python Eggs are provided to easily package the test client for each branch of CloudPlatform. + + + CS-14068 + Resetting the VM password through the CloudPlatform UI no longer causes any error. + + + CS-14156 + The pod which has the administrator's virtual router is no longer selected while creating the virtual routers for guests. + + + CS-14182 + The users can now delete their ISOs as normal users. + + + CS-14185 + The listOSTypes API now filters out the types of operating system by using the keywords. + + + CS-14204 + The cloud-setup-bonding.sh command no longer generates the "command not found" error. + + + CS-14214 + The Specify VLAN option cannot be enabled now for an isolated Network offering with SourceNAT enabled. + + + CS-14234 + Sending project invite email to an account now requires SMTP configured in CloudPlatform. + + + CS-14237 + The garbage collector of the primary storage no longer fails when the first host in the cluster is not up. + + + CS-14241 + Custom Volume Disk Offering is now matching the Global configuration value. + + + CS-14270 + The listNetworks API no longer assumes that the broadcast type is always VLAN. + + + CS-14319 + The internal name of the VM is no longer present in the error message that is displayed to a domain administrator. + + + CS-14321 + The listVolumes API call now returns a valid value for the isExtractable parameter for the ISO-derived disk and data disk volumes. + + + CS-14323 + Invalid API calls will now give valid response in json/xml format. + + + CS-14339 + Custom Disk Size will now allow values larger than 100GB. + + + CS-14357 + The ConsoleProxyLoadReportCommand is no longer fired continuously. + + + CS-14421 + Fixed the issue of virtual router deployments. The DHCP entries can now be assigned to the router. + + + CS-14555 + Unzipped downloaded template MD5SUM will no longer override the zipped template MD5SUM in the database. + + + CS-14598 + The complete screen of the running VM is now displayed in the console proxy. + + + CS-14600 + Windows or Linux based consoles are no longer lost upon rebooting VMs. + + + CS-14784 + Multiple subnets with the same VLAN now work as expected. + + + CS-13303, 14874, 13897, 13944, 14088, 14190 + A variety of upgrade issues have been fixed in release 3.0.3. + + + CS-15080 + Setting a private network on a VLAN for VMWare environment is now supported. + + + CS-15168 + The console proxy now works as expected and no exception is shown in the log after upgrading from version 2.2.14 to 3.0.2. + + + CS-15172 + Version 3.0.2 now accepts the valid public key. + + + + +
+
+ Known Issues in 3.0.3 + + + + + + + Defects + Description + + + + + CS-14346 + The UpdateVirtualMachine API call does not check whether the VM is stopped. Therefore, stop the VM manually before issuing this call. + + + CS-14361 + On KVM hosts, the volume size allocated in primary storage is stored incorrectly in the database or displayed incorrectly in the Dashboard. The value displayed in the Dashboard is very small compared to the original size. + + + CS-14452 + Data disk volumes are not automatically copied from one cluster to another. + + + CS-14770 + The API does not return the keypair information when a VM is deployed with sshkey. This affects the API commands related to virtual machines (deployVirtualMachine, listVirtualMachines, ... *VirtualMachine), as well as the corresponding AWS APIs. + + + CS-14780 + You are allowed to ping the elastic IP address of the VM even though no ingress rule is set that allows the ICMP protocol. + + + CS-14796 + Deploying a VM is allowed even if the user data is not Base 64 encoded. Using the ec2-run-instances API with -d or -f option with user data in plain does not return any error. + + + CS-14879 + When a user VM is stopped or terminated, the static NAT associated with this VM is not disabled. This public IP address is still owned by this account and cannot be associated to any other user VM. + + + CS-14939 + Adding a VMware cluster is not supported when the Management Network is migrated to the Distributed Virtual Switch environment. + + + CS-14952 + The vCenter IP Address and the datacenter information is not present in the "virtual_supervisor_module" table. The Nexus virtual switch credentials are not encrypted. + + + CS-15009 + The port_profile table will not be populated with port profile information. In this release, CloudPlatform directly connects to the VSM for all the port profile operations; therefore, no port profile information is cached. + + + CS-15037 + Hairpin NAT is not supported when NetScaler is used for EIP. + + + CS-15092 + Connecting to the guest VMs through SSH is extremely slow, and it results in connection timeout. + + + CS-15105 + The cloud-sysvmadm script does not work if the integration.api.port parameter is set to any port other than 8096. + + + CS-15117 + In a deployment with Nexus 1000v virtual switch, disable/enable operation of the Nexus virtual switch is not working as expected. The Nexus 1000v virtual switch continues to be used to create network or edit network operations even after disabling the switch. + + + CS-15118 + In a deployment with Nexus 1000v virtual switch, zone VLAN range is not validated against the reserved list of VLANs for Nexus 1000v. + + + CS-15120 + No actions are listed in the Action column of the Volumes page in the CloudPlatform UI. + + + CS-15124 + Mixed switch environment is not supported. The zone can either be deployed as Standard vSwitch based or Nexus virtual switch based. + + + CS-15163 + The minimum limit is not honored when there is not enough capacity to deploy all the VMs and the ec2-run-instances command with the -n >n1 -n2> option is used to deploy multiple VMs. + + + CS-15167 + The Amazon Web Services API does not allow the admin user to view or act on the resources owned by the regular users. + + + CS-15198 + Peak bandwidth (PIR) and burst size shaping policies are not applied on Nexus 1000v virtual switch interface. + + + CS-15218 + You might find the term "CloudStack" when you expect "CloudPlatform" in scripts, file names, etc. The use of the new product name CloudPlatform is not yet fully implemented. + + + CS-15256 + If cluster addition fails in a zone using the Cisco Nexus 1000v virtual switch, a subsequent retry will not succeed in adding the cluster. To work around: + + Find the VSM id that was attempted to be added along with the cluster when the cluster creation failed. To do this, log into the MySQL database and execute a select query: + # mysql -uroot -p <password_for_mysql_db>; +mysql> use cloud; +mysql> select id from `cloud`.`virtual_supervisor_module` where ipaddr="<vsm_ipaddress>"; + + Delete the cluster to VSM mapping in the cluster_vsm_map table for this vsm id: mysql> delete from `cloud`.`virtual_supervisor_module` where vsm_id=<the id returned in step1>; + Try again to add the cluster. + + + + + + +
+
+ API Changes from 3.0.2 to 3.0.3 + +
+ New API Commands + + + + + + + API Commands + Description + + + + + listCiscoNexusVSMs + Retrieves information of a Cisco Nexus 1000v virtual switch associated with a cluster. It lists the control VLAN ID, packet VLAN ID, and data VLAN ID, as well as the IP address of the Nexus virtual switch. + + + enableCiscoNexusVSM + Enables a Cisco Nexus VSM device. + + + disableCiscoNexusVSM + Disables a Cisco Nexus VSM device. + + + deleteCiscoNexusVSM + Deletes a Cisco Nexus VSM device. + + + markDefaultZoneForAccount + Marks a default zone for the current account. + + + uploadVolume + Uploads a data disk. + + + + +
+
+ Changed API Commands + + + + + + + API Commands + Description + + + + + reconnectHost + A new response parameter is added: hahost. + + + addCluster + The following request parameters are added: + + vsmipaddress (optional) + vsmpassword (optional) + vsmusername (optional) + + The following parameter is made mandatory: podid + + + + listVolumes + A new response parameter is added: status + + + migrateVolume + A new response parameter is added: status + + + prepareHostForMaintenance + A new response parameter is added: hahost. + + + addSecondaryStorage + A new response parameter is added: hahost. + + + enableAccount + A new response parameter is added: defaultzoneid + + + attachVolume + A new response parameter is added: status + + + cancelHostMaintenance + A new response parameter is added: hahost + + + addSwift + A new response parameter is added: hahost + + + listSwifts + A new response parameter is added: hahost + + + listExternalLoadBalancers + A new response parameter is added: hahost + + + createVolume + A new response parameter is added: status + + + listCapabilities + A new response parameter is added: customdiskofferingmaxsize + + + disableAccount + A new response parameter is added: defaultzoneid + + + deployVirtualMachine + A new request parameter is added: startvm (optional) + + + deleteStoragePool + A new request parameter is added: forced (optional) + + + updateAccount + A new response parameter is added: defaultzoneid + + + addHost + A new response parameter is added: hahost + + + updateHost + A new response parameter is added: hahost + + + detachVolume + A new response parameter is added: status + + + listAccounts + A new response parameter is added: defaultzoneid + + + listHosts + A new response parameter is added: hahostA new request parameter is added: hahost (optional) + + + + +
+
+ + + Version 3.0.2 + +
+ New Upgrade Path + Starting with version 3.0.2, existing 2.2.x installations can be upgraded. See Upgrade from 2.2.x to 3.0.2. +
+
+ What's New in 3.0.2 + Version 3.0.2 includes no new product features. However, the following changes were introduced in version 3.0.2. + + + + + + + CS-14588 + When creating a virtual machine in the UI, the name of the VM specified will now directly affect its DNS name, unlike previous releases. DNS names can only be specified during creation. You can continue to modify the Display Name, but this will have no effect on the DNS name. + + + + +
+
+ Issues Fixed in 3.0.2 + + + + + + + Defect + Description + + + + + CS-13398 + Pressing ESC while in any UI dialog will no longer freeze the UI. + + + CS-14305 + You can now upgrade the service offerings for system VMs. + + + CS-14333 + Fixed an issue that prevented any users from upgrading their service offerings. + + + CS-14341 + Fixed an issue where the orders of the service/disk offerings were not being honored in the UI. + + + CS-14364 + Ubuntu 10.04 now works with the Quick Basic Install. + + + CS-14369 + Quick Basic Install for KVM hypervisors can now be done on a single host. + + + CS-14372 + Async Job timeout counter is now properly reset across calls. + + + CS-14406 + Putting a host into maintenance will now properly live migrate the VM rather than stopping it. + + + CS-14433 + Fixed an issue where System VMs were not correctly releasing their IP when destroyed. + + + CS-14441 + VMWare: Networks labels are not correctly honored. + + + CS-14447 + Registering an ISO/Template with “All Zones” will now correctly propagate the templates to all zones. + + + CS-14447 + Deleting an account will now properly remove its associated Virtual Router. + + + CS-14512 + The DeployVirtualMachine command will accept UUID for the “iptonetworklist” parameter. + + + CS-14542 + Fixes issues with labeling networks for KVM. + + + CS-14593 + Fixed an issue with where you hit a “EncryptionOperationNotPossibleException” when attempting to validate user credentials against a LDAP server. + + + CS-14614 + Fixed issues with attempting to boot off of a CentOS 6.2 Live CD. + + + CS-14622 + Fixed issues with dedicating public IP ranges to an account. + + + CS-8222 + IP address usage records are now created for each day the IP address is assigned, in order to be consistent with virtual machine and storage usage records. + + + + +
+
+ Known Issues in 3.0.2 + + + + + + + Issue ID + Description + + + + + CS-14103 + Global settings such as *.network.device (for example, xen.guest.network.device) are not cleared during upgrade from 2.2.x to 3.0.x. If you had manually set the global configuration parameter *.network.device (for example, xen.guest.network.device) to a custom network label, you will need to set the network traffic labels manually each time you set up a new zone after upgrade. + + + CS-14201 (was 14430) + VMWare: Template sizes are being reported different depending on whether the primary storage is using ISCSI or NFS. + + + CS-14237 (was 14468) + Primary Storage GC cannot occur when the first host in a given cluster is not in an “Up” state. + + + CS-14275 (was 14506) + F5: Unable to properly remove a F5 device. + + + CS-14291 (was 14523) + The EIP/ELB network offering for basic zones does not support multiple NetScalers. + + + CS-14296 (was 14530) + OVM: Network traffic labels are not supported. + + + CS-14303 (was 14537) + The IP addresses for a shared network are still being consumed even if no services are defined for that network. + + + CS-14655 + XenServer known issue: If using network bonding on XenServer 6.0.x along with the CloudStack XenServer Support Package (CSP), interfaces, IPs, and networking can fail after adding hosts to the cloud and rebooting them. Workaround: patch each XenServer node, using the following steps. This patch is required only if using the CSP, and is a temporary requirement until XenServer issues the official hotfix for this issue. Before installing the CSP package, install the newer biosdevname rpm, selecting the correct patch for your version of XenServer: XenServer patch XS759 for XenServer 6.0.2 or XenServer patch XS753 for XenServer 6.0.0. + + Download three files: + + http://download.cloud.com/releases/3.0.2/60-net.rules.template + http://download.cloud.com/releases/3.0.2/net-rename-sideways.sh + http://download.cloud.com/releases/3.0.2/biosdevname-0.3.7-1.xs753.i386.rpm (for XenServer 6.0.0) or + http://download.cloud.com/releases/3.0.2/biosdevname-0.3.7-1.xs759.i386.rpm (for XenServer 6.0.2) + + Run the following. Substitute the filename of the patch you are using:rpm -ivh <packageName>.rpm -force + Replace /etc/udev/scripts/net-rename-sideways.sh with the new version. + Replace /etc/sysconfig/network-scripts/interface-rename-data/60-net.rules.template with the newer version. + Delete /etc/udev/rules.d/60-net.rules. + + + + + CS-14756 + Installing KVM on RHEL 6.2 will result in unreliable network performance. Workaround: blacklist vhost-net. Edit /etc/modprobe.d/blacklist-kvm.conf and include vhost-net. + + + + +
+
+ API Changes from 3.0.1 to 3.0.2 + Added the following API command: + + changeServiceForSystemVm + Changes the service offering for a system VM (console proxy or secondary storage). The system VM must be in a "Stopped" state for this command to take effect. + +
+ + + Version 3.0.1 +
+ New Software License + Starting with version 3.0.1, the software license has changed from the GNU Public License Version 3 to the Apache License Version 2.0. For the text of the license, see Apache License. +
+
+ What’s New in 3.0.1 + Version 3.0.1 includes no new product features. For a list of the major fixed items, see Issues Fixed in 3.0.1. The following changes were introduced in version 3.0.1. + + + + + + + Componenets + Description + + + + + XenServer Version + XenServer 6.0.2 is now fully supported. + + + vSphere 5.0 + VMWare vSphere 5.0 is now fully supported. + + + KVM Basic Install + In the basic installation, which is one that follows the prompts in the guided tour, the use of the KVM hypervisor is now tested and officially supported in addition to XenServer. + + + Adding a Zone + Some fields and controls in the Add Zone wizard are different than in 3.0.0. These changes will allow the first cluster and host to work properly immediately after you click “Enable” at the end of the Add Zone wizard: + You must now choose the hypervisor before adding the first cluster. This applies only to the first cluster; you can still add clusters with different hypervisors later. You can configure network traffic labels for the different traffic types. This fixes a known issue from release 3.0.0. + + + 14379 + Port 8096, which allows API calls without authentication, is closed and disabled by default on any fresh 3.0.1 installations. You can enable 8096 (or another port) for this purpose as follows: After the first Management Server is installed and running, set the global configuration parameter integration.api.port to the desired port, and restart the Management Server. Then, on the Management Server host machine, create an iptables rule allowing access to that port. + + + + + The following new error codes have been added. If one of the errors occurs, check the error string for more information: + 4250 : "com.cloud.utils.exception.CloudRuntimeException" + 4255 : "com.cloud.utils.exception.ExceptionUtil" + 4260 : "com.cloud.utils.exception.ExecutionException" + 4265 : "com.cloud.utils.exception.HypervisorVersionChangedException" + 4270 : "com.cloud.utils.exception.RuntimeCloudException" + 4275 : "com.cloud.exception.CloudException" + 4280 : "com.cloud.exception.AccountLimitException" + 4285 : "com.cloud.exception.AgentUnavailableException" + 4290 : "com.cloud.exception.CloudAuthenticationException" + 4295 : "com.cloud.exception.CloudExecutionException" + 4300 : "com.cloud.exception.ConcurrentOperationException" + 4305 : "com.cloud.exception.ConflictingNetworkSettingsException" + 4310 : "com.cloud.exception.DiscoveredWithErrorException" + 4315 : "com.cloud.exception.HAStateException" + 4320 : "com.cloud.exception.InsufficientAddressCapacityException" + 4325 : "com.cloud.exception.InsufficientCapacityException" + 4330 : "com.cloud.exception.InsufficientNetworkCapacityException" + 4335 : "com.cloud.exception.InsufficientServerCapacityException" + 4340 : "com.cloud.exception.InsufficientStorageCapacityException" + 4345 : "com.cloud.exception.InternalErrorException" + 4350 : "com.cloud.exception.InvalidParameterValueException" + 4355 : "com.cloud.exception.ManagementServerException" + 4360 : "com.cloud.exception.NetworkRuleConflictException" + 4365 : "com.cloud.exception.PermissionDeniedException" + 4370 : "com.cloud.exception.ResourceAllocationException" + 4375 : "com.cloud.exception.ResourceInUseException" + 4380 : "com.cloud.exception.ResourceUnavailableException" + 4385 : "com.cloud.exception.StorageUnavailableException" + 4390 : "com.cloud.exception.UnsupportedServiceException" + 4395 : "com.cloud.exception.VirtualMachineMigrationException" + 4400 : "com.cloud.exception.AccountLimitException" + 4405 : "com.cloud.exception.AgentUnavailableException" + 4410 : "com.cloud.exception.CloudAuthenticationException" + 4415 : "com.cloud.exception.CloudException" + 4420 : "com.cloud.exception.CloudExecutionException" + 4425 : "com.cloud.exception.ConcurrentOperationException" + 4430 : "com.cloud.exception.ConflictingNetworkSettingsException" + 4435 : "com.cloud.exception.ConnectionException" + 4440 : "com.cloud.exception.DiscoveredWithErrorException" + 4445 : "com.cloud.exception.DiscoveryException" + 4450 : "com.cloud.exception.HAStateException" + 4455 : "com.cloud.exception.InsufficientAddressCapacityException" + 4460 : "com.cloud.exception.InsufficientCapacityException" + 4465 : "com.cloud.exception.InsufficientNetworkCapacityException" + 4470 : "com.cloud.exception.InsufficientServerCapacityException" + 4475 : "com.cloud.exception.InsufficientStorageCapacityException" + 4480 : "com.cloud.exception.InsufficientVirtualNetworkCapcityException" + 4485 : "com.cloud.exception.InternalErrorException" + 4490 : "com.cloud.exception.InvalidParameterValueException" + 4495 : "com.cloud.exception.ManagementServerException" + 4500 : "com.cloud.exception.NetworkRuleConflictException" + 4505 : "com.cloud.exception.PermissionDeniedException" + 4510 : "com.cloud.exception.ResourceAllocationException" + 4515 : "com.cloud.exception.ResourceInUseException" + 4520 : "com.cloud.exception.ResourceUnavailableException" + 4525 : "com.cloud.exception.StorageUnavailableException" + 4530 : "com.cloud.exception.UnsupportedServiceException" + 4535 : "com.cloud.exception.VirtualMachineMigrationException" + In addition, there is special error code for ServerApiException when it is thrown in a standalone manner when failing to detect any of the above standard exceptions: + 9999 : "com.cloud.api.ServerApiException" +
+
+ Issues Fixed in 3.0.1 + + + + + + + Defects + Description + + + + + Many + In the Add Zone wizard, added a step for configuring network traffic labels on the physical network(s). + + + 13313 + The Add Zone wizard will now skip adding an ESXi host if the cluster is VMWare. + + + 13899 + NetScaler is no longer a selectable provider for static NAT network service. + + + 13966 + Fixed issue with not cleaning up instance when it fails to acquire an EIP address. + + + 14016 + NetScaler – Deleting a load balancer rule will no longer delete other load balancer rules pointing at the same private port. + + + 14023 + UI – You can now update SSL certificates on system VMs. + + + 14042 + Fixed issues where VMs are not able to access the public network when attached to an isolated guest network with source NAT enabled and a shared network. + + + 14047 + Login API no longer fails when using UUID for the domainId parameter. + + + 14073 + Zones will now be automatically be created as public zones and not dedicated to the ROOT domain. + + + 14077 + DestroyVirtualMachine API call will now work against VM when the VM’s state is Starting. + + + 14101 + You can now specify the storage network when adding a basic zone. + + + 14135 + You can now specify the storage network when adding a basic zone. + + + 14135 + Windows 2003 is not reported as supported for XenServer. + + + 14188 + Fixed an issue where the pre-generated SSH keys are not properly updated to the system VMs. + + + 14189 + Fixed an issue where the secondary storage VM is not using the storage network to download templates. + + + 14202 + Non-bootable ISOs no longer show up in the Add Instance wizard. + + + 14216 + Fixed issues with KVM when adding multiple physical networks. + + + 14239 + Added ability for administrators to limit the number of guest networks. + + + 14282 + Fixed an issue where KVM is not able to reconnect the management server after a management server reboot. + + + 14285 + NetScaler SDX: can now create VPX instances when XVA image is not NSVPX-XEN-9.3-52.4_nc.xva + + + 14313 + Fixed an issue with the JSON builder that prevented a template copy across zones from working properly. + + + 14332 + You can now delete a host. + + + 14336 + Login API now returns the account’s UUID. + + + 14392 + You can now add public IP ranges even though you did not add zone VLANs. + + + 14484 + Fixed issues where new port forward could not be added if you created it, then deleted, and attempted to recreate the port forward again. + + + 14492 + System VMs now work if you have configured multiple physical networks across zones. + + + 14515 + Snapshots are now properly cleaned up. + + + + +
+
+ Known Issues in 3.0.1 + + + + + + + Defects + Description + + + + + 14430 + VMWare: Template sizes are being reported different depending on whether the primary storage is using ISCSI or NFS. + + + 14468 + Primary Storage GC cannot occur when the first host in a given cluster is not in an “Up” state. + + + 14506 + F5: Unable to properly remove a F5 device. + + + 14523 + The EIP/ELB network offering for basic zones does not support multiple NetScalers. + + + 14530 + OVM: Network traffic labels are not supported. + + + 14537 + IP addresses for a shared network are still being consumed even if no services are defined for that network. + + + + +
+
+ API Changes from 3.0.0 to 3.0.1 +
+ Added API Commands + + ldapRemove + Remove the LDAP context for this site. + +
+
+ Changed API Commands + + + + + + + API Commands + Description + + + + + addHost + Changed request parameters: podid (old version - optional, new version - required) + + + assignVirtualMachine + New response field: instancename + + + attachIso + New response field: instancename + + + changeServiceForVirtualMachine + New response field: instancename + + + deployVirtualMachine + New response field: instancename + + + destroyVirtualMachine + New response field: instancename + + + detachIso + New response field: instancename + + + disableAccount + New response fields: networkavailable, networklimit, networktotal, projectavailable, projectlimit, projecttotal + + + enableAccount + New response fields: networkavailable, networklimit, networktotal, projectavailable, projectlimit, projecttotal + + + listAccounts + New response fields: networkavailable, networklimit, networktotal, projectavailable, projectlimit, projecttotal + + + listLoadBalancerRuleInstances + New response field: instancename + + + listOsCategories + New request parameter: name (optional) + + + listOsTypes + New request parameter: description (optional) + + + listSystemVms + New request parameter: storageid (optional) + + + listVirtualMachines + New response field: instancename + + + migrateVirtualMachine + New response field: instancename + + + rebootVirtualMachine + New response field: instancename + + + recoverVirtualMachine + New response field: instancename + + + resetPasswordForVirtualMachine + New response field: instancename + + + restoreVirtualMachine + New response field: instancename + + + startVirtualMachine + New request parameter: hostid (optional) New response field: instancename + + + stopVirtualMachine + New response field: instancename + + + updateAccount + New response fields: networkavailable, networklimit, networktotal, projectavailable, projectlimit, projecttotal + + + updateVirtualMachine + New response field: instancename + + + + +
+
+ + + Version 3.0.0 +
+ Overview of Major New Features in 3.0 + Version 3.0 is a major new release. It provides several new features compared to version 2.2.x. This section provides overviews of the new features. +
+ Redesigned User Interface + The user interface has been redesigned to provide easier navigation as well as a more intuitive workflow. Graphical displays of the infrastructure topology have replaced drill-down lists as the main way to access the various components such as zones, hosts, and networks. The main Dashboard now provides a more clear display of key information for managing the cloud. The end-user UI also benefits from this redesign, making is easier for users to manage their VMs and other resources. The new Project View lets users switch context from one set of resources to another, enabling a more efficient focus on the task at hand. +
+
+ NetScaler Load Balancer + Citrix NetScaler is now supported as an external network element for load balancing. Set up an external load balancer when you want to provide load balancing through means other than the provided virtual router. The NetScaler can be set up in direct (outside the firewall) mode. It must be added before any load balancing rules are deployed on guest VMs in the zone. + Limitations: NetScaler cannot yet be used as a firewall. It cannot currently be set up in in-line mode (behind the firewall). +
+
+ Sticky Session Policies for Load Balancer Rules + Sticky sessions are used in Web-based applications to ensure continued availability of information across the multiple requests in a user's session. For example, if a shopper is filling a cart, you need to remember what has been purchased so far. The concept of “stickiness” is also referred to as persistence or maintaining state. + Any load balancer rule can have a stickiness policy. The policy consists of a name, stickiness method, and parameters. The stickiness method could be load balancer-generated cookie, application-generated cookie, or source-based. In the source-based method, the source IP address is used to identify the user and locate the user’s stored data. In the other methods, cookies are used. The cookie generated by the load balancer or application is included in request and response URLs to create persistence. A variety of options are provided to control the exact behavior of cookies, such as how they are generated and whether they are cached. +
+
+ Using an LDAP Server for User Authentication + In version 3.0, you can use an external LDAP server such as Microsoft Active Directory or ApacheDS for end-user authentication. Just map the accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters for matching common values such as the user’s email address and name. The external LDAP directory tree is searched starting at a specified base directory and the distinguished name (DN) and password of the matching user are returned. This information along with the given password is used to authenticate the user. +
+
+ VM Storage Migration + The CloudPlatform administrator can move a virtual machine’s root disk volume or any additional data disk from one storage pool to another in the same zone. You can use the storage migration feature to achieve some commonly desired administration goals, such as balancing the load on storage pools and increasing the reliability of virtual machines by moving them away from any storage pool that is experiencing issues. This functionality is supported in XenServer, KVM, and VMware. +
+
+ Swift for Secondary Storage + In version 3.0, OpenStack Object Storage Swiftis supported for secondary storage. When using Swift, you configure Swift storage for the entire platform, then set up NFS secondary storage for each zone. The NFS storage in each zone acts as a staging area through which all templates and other secondary storage data pass before being forwarded to Swift. The Swift storage acts as a cloud-wide resource, making templates and other data available to any zone in the cloud. There is no hierarchy in the Swift storage, just one Swift container per storage object. Any secondary storage in the whole cloud can pull a container from Swift at need – no more copying templates and snapshots from one zone to another. Everything is available everywhere +
+
+ Password and Key Encryption + CloudPlatform stores several sensitive passwords and secret keys that are used to provide security. Starting in version 3.0, these values are always automatically encrypted. These include the database secret key, database password, SSH keys, compute node root password, VPN password, user API secret key, and VNC password. + In version 3.0, the Java Simplified Encryption (JASYPT) library is used. The data values are encrypted and decrypted using a database secret key. Of course, the database secret key itself cannot be stored in the open – it must be encrypted. To read it, a second secret key must be provided from an external source during Management Server startup. This key can be provided in one of two ways: loaded from a file or provided by the CloudPlatform administrator. The encryption type, database secret key, and Management Server secret key are set by the administrator during the CloudPlatform installation. +
+
+ Security Group Egress Rules + Security groups can be used to control network traffic to and from VMs. A security group is a group of VMs that filter their incoming and outgoing traffic according to a set of rules, called ingress and egress rules. These rules filter network traffic according to the IP address that is attempting to communicate with the VM. + In addition to ingress rules that control incoming network traffic to VMs in a given security group, starting in version 3.0 you can also define egress rules to control outgoing network traffic. If no egress rules are specified, then all traffic will be allowed out. Once egress rules are specified, the following types of traffic are allowed out: traffic specified in egress rules; queries to DNS servers; and responses to any traffic that has been allowed in through an ingress rule. An egress rule can be specified either by CIDR to specify IP addresses, or by account to allow traffic from another security group. +
+
+ Using Projects to Organize Users and Resources + In version 3.0, users can group themselves into projects so they can collaborate and share virtual resources. The usage per project as well as per user is tracked, so the usage can be billed to either a user account or a project. For example, a private cloud within a software company might have all members of the QA department assigned to one project, so the company can track the resources used in testing while the project members can more easily isolate their efforts from other users of the same cloud. Per-project resource limits can be set. + You can configure CloudPlatform to allow any user to create a new project, or you can restrict that ability to just administrators. You can either add people directly to a project, or you have to send an invitation which the recipient must accept. + A user can be a member of any number of projects and can switch to a new Project View in the CloudPlatform UI to show only project-related information, such as project VMs, fellow project members, project-related alerts, and so on. +
+
+ Providing Network Services for Users + People using cloud infrastructure have a variety of needs and preferences when it comes to the networking services provided by the cloud. Provisioning physical and virtual networks has always been supported in CloudPlatform. As an administrator, you can do the following additional things to set up networking for your users: + + Set up several different providers (also known as network elements) for the same service on a single physical network. For example, you can provide both Cisco and Juniper firewalls. You can have multiple instances of the same service provider in a network; for example, more than one Juniper SRX device. + Bundle different types of network services into network offerings. When creating a new VM, the user chooses one of the available network offerings, and that determines which network services the VM can use. A network offering is a named set of network services, such as DHCP, source NAT, load balancing, firewall, VPN, port forwarding, and specific network service providers, such as Juniper SRX for the firewall. You can add new network offerings as time goes on so end users can upgrade to a better class of service on their network. + Provide more ways for a network to be accessed by a user, such as through a project of which the user is a member. + Set up two types of virtual networks: shared and isolated. An isolated network can be accessed only by virtual machines of a single account. A shared network can be accessed by virtual machines that belong to many different accounts. Network isolation on shared networks is accomplished using techniques such as security groups. +  More directly control the physical network, such as add/remove/update physical networks in a zone, configure VLANs on the physical network, specify properties like network speed, configure a name so the network can be recognized by hypervisors, configure the IP addresses trunked to a physical network, and specify what type of traffic is carried on the physical network (such as guest VM traffic vs. internal management traffic). + +
+
+
+ New Features in 3.0.0 + + + + + + + Issue ID + Description + + + + + 4282 + Added nonce support in API. + + + 5510 + Openstack Swift can now be used as an alternative to NFS storage for templates, ISO, and snapshots. + + + 5822 + All sensitive passwords are now properly encrypted in the database and any configuration files. + + + 6745 + UUIDs are now used in place of regular DB IDs. 3.0 API will support both. + + + 6876 + Netscaler MPX, VPX, and SDX is now supported. + + + 7883 + Templates, ISOs, Disk, and Service offerings can now be sorted to allow admins to more easily view them in the UI. + + + Many + Network as a Service feature. + + + 8313 + Basic LDAP authentication is now built in as an optional AUTH adapter. + + + 8620 + Projects feature. + + + 8791 + User dispersing allocator has now been added as an alternative algorithm for VM placement. + + + 8962 + Admins can now re-assign VM from one account to another. + + + 9128 + Network throttling is now controlled via network offerings. + + + 9154 + Redundant Router support has been added. + + + Many + Brand new 3.0 User Interface. + + + 9949 + Users can now revert a VM to the original template it was created from. + + + Many + State management now included to pod and cluster level from the original host and zone level support. + + + 10405 + API Version annotation supported. + + + 10588 + XenServer 6.0 is now supported. + + + 10617 + Egress rules for security groups now supported. + + + 10657 + Capacity now has two levels of threshold support. One threshold is used to alert. The other is to disable resource allocation. + + + 10792 + Added ability for admins to set ingress rules that cannot be removed by user. + + + 10796 + Sticky session now supported for load balancers. + + + 11303 + Added support in login API call to take in a map of parameters that can be passed into the authenticators. + + + 11173 + VPN usage is now added as a new usage record. + + + 11598 + MTU for secondary storage is now configurable via Global configuration. + + + 11689 + Templates now have a SSH enabled flag similar to password enabled flag. + + + Many + vSphere 5.0 now has Beta support. + + + Many + RHEL/Centos 6.2 (KVM) is now supported. + + + + +
+
+ Issues Fixed in 3.0.0 + + + + + + + Defects + Description + + + + + Many + VM Sync has been improved so that VM state should be better reflected between Management Server and Hypervisor. + + + 8150 + Template delete events are now recorded after being expunged. + + + 8870 + IPs from “Direct-Tagged” networks (shared guest networks) are no longer counted as part of the total number of public IPs. + + + 9036 + Migrated VMs will now have their consumed resources reflected properly in the capacity reports. + + + 9842 + Network Usage time range aggregation has been improved. + + + 10043 + Restarting the Management Server will no longer change a host status from Maintenance to Up. + + + 10067 + Extractable attribute can now be edited by administrators. + + + 10195 + Added a new VM state of “Unknown” if the host state is in “Alert”. + + + 10217 + Management Server installation will now check for FQDN hostname instead of stopping with an error condition. + + + 10292 + UI will no longer allow attaching volumes from one hypervisor to another. + + + 10307 + Network Usage will now account for more than one virtual interface. + + + 10354 + VMware ISO attach and detach events are now correctly registered. + + + 10362 + Disabling VPN will now work correctly even if the virtual router is in a STOPPED state. + + + 10674 + Management Server will now alert if it hits a snapshot limit quota. + + + 10779 + Port Ranges now work in the UI. + + + 10831 + Adding Secondary Storage URL with double slashes will now work. + + + 11056 + DHCP issues with Debian/Ubuntu guest OS have been resolved. + + + 11131 + VM scheduler will no longer retry in the same zone if that zone has been declared as non-allocable. + + + 11193 + Management Server will now alert a link-local IP capacity issue. + + + Many + Added new Global configurations to set limits for the number of guest VMs per hypervisor. + + + 11273 + Management Server will no longer attempt to program security group rules for non-reachable hypervisors. + + + 11284 + Administrators can now add a Basic Zone without security group support. + + + 11311 + Improved listVirtualMachine API call performance. + + + 11387 + Public IP of the secondary storage VM will now be correctly returned to the pool after being expunged. + + + 11492 + Volume limits are now checked when deploying a new VM. + + + 11542 + Management Server will no longer allow same public IP ranged across zones. + + + 11585 + Multiple public VLANs are now correctly supported in VMware. + + + 11616 + Manual live migration of VMs for KVM is now supported. + + + 11814 + General guest VM options for VMware are now supported. + + + 11838 + Deleted VM template names can now be re-used. + + + 11902 + Added global configuration to allow different NIC drivers for VMware system VM. + + + 11926 + Installation of system template will now perform mount point validation before proceeding. + + + Many + Many passwords are no longer logged in the Management Server logs. + + + Many + Secondary storage VM has been hardened. + + + 12139 + Added a way for Administrators to specify the default system template to use on a global or per zone basis. + + + 12113 + Improved re-try algorithm when attempting to copy a template from secondary to primary during failure scenarios. + + + 12162 + CreateLoadBalancer public ID was incorrectly published as optional. It is now required. + + + 12192 + State NFS handle are now correctly handled for KVM. + + + 12290 + Security Groups improvements. + + + 12476 + DHCP anti-spoofing fixes. + + + 12481 + Account ID is now returned as part of listAccount API. + + + 12705 + Source NAT is no longer configured on additional IP of a different network interface. + + + 12782 + Capacity now reflects hosts in maintenance mode. + + + 12820 + KVM: Attached disks are no longer removed after a VM reboot. + + + 12877 + Pagesize = -1 now works correctly. + + + 12848 + Removed notion of setting a default network when adding a shared network. Default networks are now specified during VM deployment. + + + 12929 + Added domain ID to all events. + + + 13201 + Added global configuration to allow administrator to specify default network device drivers for system VMs. + + + 13315 + Added BASIC auth http proxy for secondary storage VM. + + + 13396 + Escaped double-quotes in JSON responses. + + + 13537 + Templates created from snapshots now work with NFSv4. + + + 13777 + VMware snapshot errors are now handled better. + + + + +
+
+ Known Issues in 3.0.0 + + + + + + + Defects + Description + + + + + 11535 + In-line mode for load balancer is not supported for all external devices. + + + 12741 + vSphere: maintenance mode will not live migrate system VM to another host. + + + 12840 + Capacity view is not available for pods or clusters. + + + 13518 + Security Groups are not supported in Advanced Networking + + + Many + F5 Known Issues: + + Unable to create load balancer rule for port 22. + No support for changing algorithm once rule has been created. + Source algorithm is not supported. Setting a rule to source will prevent other rules from being created properly. + Virtual router upgrades do not migrate all sticky session parameters correctly. + + + + Many + NetScaler Known Issues: + + When a VM from a load balancer rules is removed, it will also get removed for other load balancer rules of the same port.. + Sticky session method “lbCookie” and “appCookie” do not work for any port other than 80. + Virtual router upgrades do not migrate all sticky session parameters correctly. + Once the public port 80 has been mapped to any private port, “A”, no other public port can be mapped to that private port, “A”.. + + + 13336 + vSphere: cross cluster volume migration does not work properly. + + + 13359 + Programming F5/NetScaler rules can be better optimized. + + + Many + Network restart can fail under certain circumstances. + + + 13883 + Multiple NetScalers are not supported in Basic Networking. + + + 13935 + vSphere: detaching an ISO from a restored VM instance fails. + + + 13963 + vSphere: template download from templates created off of the root volume does not work properly. + + + Many + Disabling a pod or cluster does not prevent resource creation. Only zone level is supported right now. + + + 14024 + KVM: clustered LVM is not working properly. + + + Many + Bare metal host provisioning is not working properly. + + + Many + In the Add Zone wizard, there is no step for configuring network traffic labels on the physical network(s). Workaround: Don’t enable the zone in the last step of the wizard. Enable the zone only after configuring traffic labels for each traffic type, on each physical network, on each hypervisor in the zone. Set up the labels on the hypervisor host, then configure matching labels through the CloudPlatform UI. + + + + +
+
+ API Changes from 2.2.14 to 3.0 +
+ Change to Behavior of List Commands + There was a major change in how our List* API commands work in version 3.0 compared to 2.2.x. The rules below apply only for managed resources – those that belong to an account, domain, or project. They are irrelevant for the List* commands displaying unmanaged (system) resources, such as hosts, clusters, and external network resources. When no parameters are passed in to the call, the caller sees only resources owned by the caller (even when the caller is the administrator). Previously, the administrator saw everyone else's resources by default. + When accountName and domainId are passed in: + + The caller sees the resources dedicated to the account specified. + If the call is executed by a regular user, the user is authorized to specify only the user's own account and domainId. + If the caller is a domain administrator, an authorization check is performed to see whether the caller is permitted to view resources for the given account and domainId. + + When projectId is passed in, only resources belonging to that project are listed. + When domainId is passed in, the call returns only resources belonging to the domain specified. To see the resources of subdomains, use the parameter isRecursive=true. Again, the regular user can see only resources owned by that user, the root administrator can list anything, and a domain administrator is authorized to see only resources of the administrator's own domain and subdomains. + To see all resources the caller is authorized to see, except for Project resources, use the parameter listAll=true. + To see all Project resources the caller is authorized to see, use the parameter projectId=-1. + There is one API command that doesn't fall under the rules above completely: the listTemplates command. This command has its own flags defining the list rules, as shown in the following table. + + + + + + + listTemplates Flag + Description + + + + + Featured + Returns templates that have been marked as featured and public. + + + Self + Returns templates that have been registered or created by the calling user. + + + selfexecutable + Same as self, but only returns templates that are ready to be deployed with. + + + sharedexecutable + Ready templates that have been granted to the calling user by another user. + + + executable + Templates that are owned by the calling user, or public templates, that can be used to deploy a new VM. + + + community + Returns templates that have been marked as public but not featured. + + + All + Returns all templates (only usable by admins). + + + + +
+
+ Removed API commands + + createConfiguration (Adds configuration value) + configureSimulator (Configures simulator) + +
+
+ Added API commands + + assignVirtualMachine (Move a user VM to another user under same domain.) + restoreVirtualMachine (Restore a VM to original template or specific snapshot) + createLBStickinessPolicy (Creates a Load Balancer stickiness policy) + deleteLBStickinessPolicy (Deletes a LB stickiness policy.) + listLBStickinessPolicies (Lists LBStickiness policies.) + ldapConfig (Configure the LDAP context for this site.) + addSwift (Adds Swift). + listSwifts (List Swift.) + migrateVolume (Migrate volume) + updateStoragePool (Updates a storage pool.) + authorizeSecurityGroupEgress (Authorizes a particular egress rule for this security group) + revokeSecurityGroupEgress (Deletes a particular egress rule from this security group) + createNetworkOffering (Creates a network offering.) + deleteNetworkOffering (Deletes a network offering.) + createProject (Creates a project) + deleteProject (Deletes a project) + updateProject (Updates a project) + activateProject (Activates a project) + suspendProject (Suspends a project) + listProjects (Lists projects and provides detailed information for listed projects) + addAccountToProject (Adds acoount to a project) + deleteAccountFromProject (Deletes account from the project) + listProjectAccounts (Lists project's accounts) + listProjectInvitations (Lists an account's invitations to join projects) + updateProjectInvitation (Accepts or declines project invitation) + deleteProjectInvitation (Deletes a project invitation) + updateHypervisorCapabilities (Updates a hypervisor capabilities.) + listHypervisorCapabilities (Lists all hypervisor capabilities.) + createPhysicalNetwork (Creates a physical network) + deletePhysicalNetwork (Deletes a Physical Network.) + listPhysicalNetworks (Lists physical networks) + updatePhysicalNetwork (Updates a physical network) + listSupportedNetworkServices (Lists all network services provided by CloudPlatform or for the given Provider.) + addNetworkServiceProvider (Adds a network serviceProvider to a physical network) + deleteNetworkServiceProvider (Deletes a Network Service Provider.) + listNetworkServiceProviders (Lists network serviceproviders for a given physical network.) + updateNetworkServiceProvider (Updates a network serviceProvider of a physical network) + addTrafficType (Adds traffic type to a physical network) + deleteTrafficType (Deletes traffic type of a physical network) + listTrafficTypes (Lists traffic types of a given physical network.) + updateTrafficType (Updates traffic type of a physical network) + listTrafficTypeImplementors (Lists implementors of implementor of a network traffic type or implementors of all network traffic types) + createStorageNetworkIpRange (Creates a Storage network IP range.) + deleteStorageNetworkIpRange (Deletes a storage network IP Range.) + listStorageNetworkIpRange (List a storage network IP range.) + updateStorageNetworkIpRange (Update a Storage network IP range, only allowed when no IPs in this range have been allocated.) + listUsageTypes (List Usage Types) + addF5LoadBalancer (Adds a F5 BigIP load balancer device) + configureF5LoadBalancer (configures a F5 load balancer device) + deleteF5LoadBalancer ( delete a F5 load balancer device) + listF5LoadBalancers (lists F5 load balancer devices) + listF5LoadBalancerNetworks (lists network that are using a F5 load balancer device) + addSrxFirewall (Adds a SRX firewall device) + deleteSrxFirewall ( delete a SRX firewall device) + configureSrxFirewall (Configures a SRX firewall device) + listSrxFirewalls (lists SRX firewall devices in a physical network) + listSrxFirewallNetworks (lists network that are using SRX firewall device) + addNetscalerLoadBalancer (Adds a netscaler load balancer device) + deleteNetscalerLoadBalancer ( delete a netscaler load balancer device) + configureNetscalerLoadBalancer (configures a netscaler load balancer device) + listNetscalerLoadBalancers (lists netscaler load balancer devices) + listNetscalerLoadBalancerNetworks (lists network that are using a netscaler load balancer device) + createVirtualRouterElement (Create a virtual router element.) + configureVirtualRouterElement (Configures a virtual router element.) + listVirtualRouterElements (Lists all available virtual router elements.) + +
+
+ + diff --git a/docs/en-US/remove-member-from-project.xml b/docs/en-US/remove-member-from-project.xml new file mode 100644 index 00000000000..18e2f657b52 --- /dev/null +++ b/docs/en-US/remove-member-from-project.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Removing a Member From a Project + When a member is removed from a project, the member’s resources continue to be owned by the project. The former project member cannot create any new resources within the project or use any of the project’s existing resources. + A member of a project can be removed by the project administrator, the domain administrator of the domain the project belongs to or of its parent domain, or the CloudPlatform root administrator. + + Log in to the CloudPlatform UI. + In the left navigation, click Projects. + In Select View, choose Projects. + Click the name of the project. + Click the Accounts tab. + Click the name of the member. + Click the Delete button. + + + + deletebutton.png: Removes a member + + +
+ diff --git a/docs/en-US/removed-API-commands.xml b/docs/en-US/removed-API-commands.xml new file mode 100644 index 00000000000..1c08717c0ce --- /dev/null +++ b/docs/en-US/removed-API-commands.xml @@ -0,0 +1,8 @@ +
+ Removed API commands + + createConfiguration (Adds configuration value) + configureSimulator (Configures simulator) + +
+ diff --git a/docs/en-US/removing-vsphere-hosts.xml b/docs/en-US/removing-vsphere-hosts.xml new file mode 100644 index 00000000000..9366d5673e4 --- /dev/null +++ b/docs/en-US/removing-vsphere-hosts.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Removing vSphere Hosts + To remove this type of host, first place it in maintenance mode, as described in . Then use CloudPlatform to remove the host. CloudPlatform will not direct commands to a host that has been removed using CloudPlatform. However, the host may still exist in the vCenter cluster. +
diff --git a/docs/en-US/removing-xenserver-kvm-hosts.xml b/docs/en-US/removing-xenserver-kvm-hosts.xml new file mode 100644 index 00000000000..9d39e899113 --- /dev/null +++ b/docs/en-US/removing-xenserver-kvm-hosts.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Removing XenServer and KVM Hosts + A node cannot be removed from a cluster until it has been placed in maintenance mode. This will ensure that all of the VMs on it have been migrated to other Hosts. To remove a Host from the cloud: + + Place the node in maintenance mode. See . + For KVM, stop the cloud-agent service. + Use the UI option to remove the node.Then you may power down the Host, re-use its IP address, re-install it, etc + + +
diff --git a/docs/en-US/requirements-templates.xml b/docs/en-US/requirements-templates.xml new file mode 100644 index 00000000000..5ea0943a038 --- /dev/null +++ b/docs/en-US/requirements-templates.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Requirements for Templates + + For XenServer, install PV drivers / Xen tools on each template that you create. This will enable live migration and clean guest shutdown. + For vSphere, install VMware Tools on each template that you create. This will enable console view to work properly. + +
diff --git a/docs/en-US/resizing-volumes.xml b/docs/en-US/resizing-volumes.xml new file mode 100644 index 00000000000..d3cf3147f74 --- /dev/null +++ b/docs/en-US/resizing-volumes.xml @@ -0,0 +1,19 @@ + + +%BOOK_ENTITIES; +]> +
+ Resizing Volumes + CloudPlatform does not provide the ability to resize root disks or data disks; the disk size is fixed based on the template used to create the VM. However, the tool VHD Resizer), while not officially supported by Cloud.com or Citrix, might provide a workaround. To increase disk size with VHD Resizer: + + Get the VHD from the secondary storage. + Import it into VHD Resizer. + Resize the VHD. + Upload the new VHD. + Create a new VM. + Take a snapshot, then create a new template from that snapshot. + For more information, see How to Resize a Provisioning Server 5 Virtual Disk at the Citrix Knowledge Center + +
+ diff --git a/docs/en-US/response-formats.xml b/docs/en-US/response-formats.xml new file mode 100644 index 00000000000..171c4097e33 --- /dev/null +++ b/docs/en-US/response-formats.xml @@ -0,0 +1,32 @@ +
+ Response Formats: XML and JSON + CloudStack supports two formats as the response to an API call. The default response is XML. If you would like the response to be in JSON, add &response=json to the Command String. + Sample XML Response: + + <listipaddressesresponse> + <allocatedipaddress> + <ipaddress>192.168.10.141</ipaddress> + <allocated>2009-09-18T13:16:10-0700</allocated> + <zoneid>4</zoneid> + <zonename>WC</zonename> + <issourcenat>true</issourcenat> + </allocatedipaddress> + </listipaddressesresponse> + + Sample JSON Response: + + { "listipaddressesresponse" : + { "allocatedipaddress" : + [ + { + "ipaddress" : "192.168.10.141", + "allocated" : "2009-09-18T13:16:10-0700", + "zoneid" : "4", + "zonename" : "WC", + "issourcenat" : "true" + } + ] + } + } + +
\ No newline at end of file diff --git a/docs/en-US/responses.xml b/docs/en-US/responses.xml new file mode 100644 index 00000000000..7c70570ac38 --- /dev/null +++ b/docs/en-US/responses.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Responses + + + +
diff --git a/docs/en-US/roles.xml b/docs/en-US/roles.xml new file mode 100644 index 00000000000..8e027278c24 --- /dev/null +++ b/docs/en-US/roles.xml @@ -0,0 +1,16 @@ + + +%BOOK_ENTITIES; +]> +
+ Roles + + The CloudPlatform API supports three access roles: + + Root Admin. Access to all features of the cloud, including both virtual and physical resource management. + Domain Admin. Access to only the virtual resources of the clouds that belong to the administrator’s domain. + User. Access to only the features that allow management of the user’s virtual instances, storage, and network. + +
+ diff --git a/docs/en-US/root-admin-ui-overview.xml b/docs/en-US/root-admin-ui-overview.xml new file mode 100644 index 00000000000..54772660e55 --- /dev/null +++ b/docs/en-US/root-admin-ui-overview.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Root Administrator's UI Overview + The &PRODUCT; UI helps the &PRODUCT; administrator provision, view, and manage the cloud infrastructure, domains, user accounts, projects, and configuration settings. The first time you start the UI after a fresh Management Server installation, you can choose to follow a guided tour to provision your cloud infrastructure. On subsequent logins, the dashboard of the logged-in user appears. The various links in this screen and the navigation bar on the left provide access to a variety of administrative functions. The root administrator can also use the UI to perform all the same tasks that are present in the end-user’s UI. +
diff --git a/docs/en-US/runtime-allocation-virtual-network-resources.xml b/docs/en-US/runtime-allocation-virtual-network-resources.xml new file mode 100644 index 00000000000..25415744119 --- /dev/null +++ b/docs/en-US/runtime-allocation-virtual-network-resources.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Runtime Allocation of Virtual Network Resources + When you define a new virtual network, all your settings for that network are stored in CloudPlatform. The actual network resources are activated only when the first virtual machine starts in the network. When all virtual machines have left the virtual network, the network resources are garbage collected so they can be allocated again. This helps to conserve network resources.. +
diff --git a/docs/en-US/runtime-behavior-of-primary-storage.xml b/docs/en-US/runtime-behavior-of-primary-storage.xml new file mode 100644 index 00000000000..a3740dbfad2 --- /dev/null +++ b/docs/en-US/runtime-behavior-of-primary-storage.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Runtime Behavior of Primary Storage + Root volumes are created automatically when a virtual machine is created. Root volumes are deleted when the VM is destroyed. Data volumes can be created and dynamically attached to VMs (although, when the Oracle VM hypervisor is used, the VM must be stopped before an additional volume can be attached). Data volumes are not deleted when VMs are destroyed. + Administrators should monitor the capacity of primary storage devices and add additional primary storage as needed. See the Advanced Installation Guide. + Administrators add primary storage to the system by creating a CloudPlatform storage pool. Each storage pool is associated with a cluster. +
+ diff --git a/docs/en-US/scheduled-maintenance-maintenance-mode-hosts.xml b/docs/en-US/scheduled-maintenance-maintenance-mode-hosts.xml new file mode 100644 index 00000000000..28769c76691 --- /dev/null +++ b/docs/en-US/scheduled-maintenance-maintenance-mode-hosts.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Scheduled Maintenance and Maintenance Mode for Hosts + You can place a host into maintenance mode. When maintenance mode is activated, the host becomes unavailable to receive new guest VMs, and the guest VMs already running on the host are seamlessly migrated to another host not in maintenance mode. This migration uses live migration technology and does not interrupt the execution of the guest. +
diff --git a/docs/en-US/scratch.txt b/docs/en-US/scratch.txt new file mode 100644 index 00000000000..e69de29bb2d diff --git a/docs/en-US/search-base.xml b/docs/en-US/search-base.xml new file mode 100644 index 00000000000..3c0d1ef6e75 --- /dev/null +++ b/docs/en-US/search-base.xml @@ -0,0 +1,32 @@ + + +%BOOK_ENTITIES; +]> +
+ Search Base + An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The search base is the distinguished name (DN) of a level of the directory tree below which all users can be found. The users can be in the immediate base directory or in some subdirectory. The search base may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation. The following table shows some examples of search bases to find users in the testing department.. + + + + + + LDAP Server + Example Search Base DN + + + + + ApacheDS + ou=testing,o=project + + + Active Directory + OU=testing, DC=company + + + + + + +
diff --git a/docs/en-US/search-user-bind-dn.xml b/docs/en-US/search-user-bind-dn.xml new file mode 100644 index 00000000000..a4c9d4b210f --- /dev/null +++ b/docs/en-US/search-user-bind-dn.xml @@ -0,0 +1,28 @@ + + +%BOOK_ENTITIES; +]> +
+ Search User Bind DN + The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudPlatform user with an LDAP bind. A full discussion of bind DNs is outside the scope of our documentation. The following table shows some examples of bind DNs. + + + + + LDAP Server + Example Bind DN + + + + + ApacheDS + cn=Administrator,dc=testing,ou=project,ou=org + + + Active Directory + CN=Administrator, OU=testing, DC=company, DC=com + + + +
diff --git a/docs/en-US/secondary-storage-add.xml b/docs/en-US/secondary-storage-add.xml new file mode 100644 index 00000000000..b17b998dfe5 --- /dev/null +++ b/docs/en-US/secondary-storage-add.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding Secondary Storage + TODO +
\ No newline at end of file diff --git a/docs/en-US/secondary-storage-outage-and-data-loss.xml b/docs/en-US/secondary-storage-outage-and-data-loss.xml new file mode 100644 index 00000000000..f651310376a --- /dev/null +++ b/docs/en-US/secondary-storage-outage-and-data-loss.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Secondary Storage Outage and Data Loss + For a Zone that has only one secondary storage server, a secondary storage outage will have feature level impact to the system but will not impact running guest VMs. It may become impossible to create a VM with the selected template for a user. A user may also not be able to save snapshots or examine/restore saved snapshots. These features will automatically be available when the secondary storage comes back online. + Secondary storage data loss will impact recently added user data including templates, snapshots, and ISO images. Secondary storage should be backed up periodically.Multiple secondary storage servers can be provisioned within each zone to increase the scalability of the system. +
diff --git a/docs/en-US/secondary-storage-vm.xml b/docs/en-US/secondary-storage-vm.xml new file mode 100644 index 00000000000..40c8a279b7d --- /dev/null +++ b/docs/en-US/secondary-storage-vm.xml @@ -0,0 +1,14 @@ + + +%BOOK_ENTITIES; +]> +
+ Secondary Storage VM + In addition to the hosts, CloudPlatform’s Secondary Storage VM mounts and writes to secondary storage. + Submissions to secondary storage go through the Secondary Storage VM. The Secondary Storage VM can retrieve templates and ISO images from URLs using a variety of protocols. + The secondary storage VM provides a background task that takes care of a variety of secondary storage activities: downloading a new template to a Zone, copying templates between Zones, and snapshot backups. + The administrator can log in to the secondary storage VM if needed. + +
+ diff --git a/docs/en-US/secondary-storage.xml b/docs/en-US/secondary-storage.xml new file mode 100644 index 00000000000..4d6191eb3bf --- /dev/null +++ b/docs/en-US/secondary-storage.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Secondary Storage + This section gives concepts and technical details about CloudPlatform secondary storage. For information about how to install and configure secondary storage through the CloudPlatform UI, see the Advanced Installation Guide. +
+ diff --git a/docs/en-US/security-groups.xml b/docs/en-US/security-groups.xml new file mode 100644 index 00000000000..3c1ae91c5da --- /dev/null +++ b/docs/en-US/security-groups.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ + + +
diff --git a/docs/en-US/send-projects-membership-invitation.xml b/docs/en-US/send-projects-membership-invitation.xml new file mode 100644 index 00000000000..67abf33aee5 --- /dev/null +++ b/docs/en-US/send-projects-membership-invitation.xml @@ -0,0 +1,24 @@ + + +%BOOK_ENTITIES; +]> +
+ Sending Project Membership Invitations + Use these steps to add a new member to a project if the invitations feature is enabled in the cloud as described in . If the invitations feature is not turned on, use the procedure in Adding Project Members From the UI. + + Log in to the CloudPlatform UI. + In the left navigation, click Projects. + In Select View, choose Projects. + Click the name of the project you want to work with. + Click the Invitations tab. + In Add by, select one of the following: + + Account – The invitation will appear in the user’s Invitations tab in the Project View. See Using the Project View. + Email – The invitation will be sent to the user’s email address. Each emailed invitation includes a unique code called a token which the recipient will provide back to CloudPlatform when accepting the invitation. Email invitations will work only if the global parameters related to the SMTP server have been set. See . + + Type the user name or email address of the new member you want to add, and click Invite. Type the CloudPlatform user name if you chose Account in the previous step. If you chose Email, type the email address. You can invite only people who have an account in this cloud within the same domain as the project. However, you can send the invitation to any email address. + To view and manage the invitations you have sent, return to this tab. When an invitation is accepted, the new member will appear in the project’s Accounts tab. + +
+ diff --git a/docs/en-US/service-offerings.xml b/docs/en-US/service-offerings.xml new file mode 100644 index 00000000000..8af653bb789 --- /dev/null +++ b/docs/en-US/service-offerings.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Service Offerings + vCenter Maintenance Mode + XenServer and Maintenance Mode + vCenter Maintenance Mode + XenServer and Maintenance Mode +
diff --git a/docs/en-US/set-database-buffer-pool-size.xml b/docs/en-US/set-database-buffer-pool-size.xml new file mode 100644 index 00000000000..3fc439b1a8e --- /dev/null +++ b/docs/en-US/set-database-buffer-pool-size.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Set Database Buffer Pool Size + It is important to provide enough memory space for the MySQL database to cache data and indexes: + + Edit the Tomcat configuration file:/etc/my.cnf + 2. Insert the following line in the [mysqld] section, below the datadir line. Use a value that is appropriate for your situation. We recommend setting the buffer pool at 40% of RAM if MySQL is on the same server as the management server or 70% of RAM if MySQL has a dedicated server. The following example assumes a dedicated server with 1024M of RAM. + innodb_buffer_pool_size=700M + Restart the MySQL service.# service mysqld restart + + For more information about the buffer pool, see "The InnoDB Buffer Pool" at MySQL Reference Manual. +
+ diff --git a/docs/en-US/set-monitor-total-vm-limits-per-host.xml b/docs/en-US/set-monitor-total-vm-limits-per-host.xml new file mode 100644 index 00000000000..806ba334679 --- /dev/null +++ b/docs/en-US/set-monitor-total-vm-limits-per-host.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Set and Monitor Total VM Limits per Host + The CloudPlatform administrator should monitor the total number of VM instances in each cluster, and disable allocation to the cluster if the total is approaching the maximum that the hypervisor can handle. Be sure to leave a safety margin to allow for the possibility of one or more hosts failing, which would increase the VM load on the other hosts as the VMs are automatically redeployed. Consult the documentation for your chosen hypervisor to find the maximum permitted number of VMs per host, then use CloudPlatform global configuration settings to set this as the default limit. Monitor the VM activity in each cluster at all times. Keep the total number of VMs below a safe level that allows for the occasional host failure. For example, if there are N hosts in the cluster, and you want to allow for one host in the cluster to be down at any given time, the total number of VM instances you can permit in the cluster is at most (N-1) * (per-host-limit). Once a cluster reaches this number of VMs, use the CloudPlatform UI to disable allocation of more VMs to the cluster. +
+ diff --git a/docs/en-US/set-projects-creator-permissions.xml b/docs/en-US/set-projects-creator-permissions.xml new file mode 100644 index 00000000000..bc0080253a9 --- /dev/null +++ b/docs/en-US/set-projects-creator-permissions.xml @@ -0,0 +1,30 @@ + + +%BOOK_ENTITIES; +]> +
+ Setting Project Creator Permissions + You can configure CloudPlatform to allow any user to create a new project, or you can restrict that ability to just CloudPlatform administrators. + + Log in as administrator to the CloudPlatform UI. + In the left navigation, click Global Settings. + In the search box, type allow.user.create.projects. + Click the edit button to set the parameter. + + + + editbutton.png: Edits parameters + + + + + allow.user.create.projects + Set to true to allow end users to create projects. Set to false if you want only the CloudPlatform root administrator and domain administrators to create projects. + + + + Restart the Management Server.# service cloud-management restart + +
+ diff --git a/docs/en-US/set-resource-limits-for-projects.xml b/docs/en-US/set-resource-limits-for-projects.xml new file mode 100644 index 00000000000..f9b57a86ee3 --- /dev/null +++ b/docs/en-US/set-resource-limits-for-projects.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Setting Resource Limits for Projects + The CloudPlatform administrator can set global default limits to control the amount of resources that can be owned by each project in the cloud. This serves to prevent uncontrolled usage of resources such as snapshots, IP addresses, and virtual machine instances. Domain administrators can override these resource limits for individual projects with their domains, as long as the new limits are below the global defaults set by the CloudPlatform root administrator. The root administrator can also set lower resource limits for any project in the cloud +
+ diff --git a/docs/en-US/set-up-invitations.xml b/docs/en-US/set-up-invitations.xml new file mode 100644 index 00000000000..bc7b21aed27 --- /dev/null +++ b/docs/en-US/set-up-invitations.xml @@ -0,0 +1,79 @@ + + +%BOOK_ENTITIES; +]> +
+ Setting Up Invitations + CloudPlatform can be set up either so that project administrators can add people directly to a project, or so that it is necessary to send an invitation which the recipient must accept. The invitation can be sent by email or through the user’s CloudPlatform account. If you want administrators to use invitations to add members to projects, turn on and set up the invitations feature in CloudPlatform.. + + Log in as administrator to the CloudPlatform UI. + In the left navigation, click Global Settings. + In the search box, type project and click the search button. + In the search box, type project and click the search button. + + + + searchbutton.png: Searches projects + + 5. In the search results, you will see a few other parameters you need to set to control how invitations behave. The table below shows global configuration parameters related to project invitations. Click the edit button to set each parameter + + + + + Configuration Parameters + Description + + + + + + + project.invite.required + Set to true to turn on the invitations feature. + + + + + project.email.sender + The email address to show in the From field of invitation emails. + + + + project.invite.timeout + Amount of time to allow for a new member to respond to the invitation. + + + + project.smtp.host + Name of the host that acts as an email server to handle invitations. + + + + project.smtp.password + (Optional) Password required by the SMTP server. You must also set project.smtp.username and set project.smtp.useAuth to true. + + + + project.smtp.port + SMTP server’s listening port. + + + + project.smtp.useAuth + Set to true if the SMTP server requires a username and password. + + + project.smtp.username + (Optional) User name required by the SMTP server for authentication. You must also set project.smtp.password and set project.smtp.useAuth to true.. + + + + + + Restart the Management Server + service cloud-management restart + + +
+ diff --git a/docs/en-US/set-up-network-for-users.xml b/docs/en-US/set-up-network-for-users.xml new file mode 100644 index 00000000000..bc8902f5f24 --- /dev/null +++ b/docs/en-US/set-up-network-for-users.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Setting Up Networking for Users + People using cloud infrastructure have a variety of needs and preferences when it comes to the networking services provided by the cloud. As a CloudPlatform administrator, you can do the following things to set up networking for your users: + + Set up physical networks in zones + Set up several different providers for the same service on a single physical network (for example, both Cisco and Juniper firewalls) + Bundle different types of network services into network offerings, so users can choose the desired network services for any given virtual machine + Add new network offerings as time goes on so end users can upgrade to a better class of service on their network + Provide more ways for a network to be accessed by a user, such as through a project of which the user is a member + + +
diff --git a/docs/en-US/set-usage-limit.xml b/docs/en-US/set-usage-limit.xml new file mode 100644 index 00000000000..350d5c43e1b --- /dev/null +++ b/docs/en-US/set-usage-limit.xml @@ -0,0 +1,14 @@ + + +%BOOK_ENTITIES; +]> +
+ Setting Usage Limits + CloudPlatform provides several administrator control points for capping resource usage by users. Some of these limits are global configuration parameters. Others are applied at the ROOT domain and may be overridden on a per-account basis. + Aggregate limits may be set on a per-domain basis. For example, you may limit a domain and all subdomains to the creation of 100 VMs. + This section covers the following topics: + Globally Configured Limits + Default Account Resource Limits + Per Domain Limits +
diff --git a/docs/en-US/shared-networks.xml b/docs/en-US/shared-networks.xml new file mode 100644 index 00000000000..24e0252e1ea --- /dev/null +++ b/docs/en-US/shared-networks.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ Shared Networks + A shared network can be accessed by virtual machines that belong to many different accounts. Network Isolation on shared networks is accomplished using techniques such as security groups (supported only in basic zones in CloudPlatform 3.0.3). + + Shared Networks are created by the administrator + Shared Networks can be designated to a certain domain + Shared Network resources such as VLAN and physical network that it maps to are designated by the administrator + Shared Networks are isolated by security groups + Public Network is a shared network that is not shown to the end users + + + +
diff --git a/docs/en-US/signing-api-requests.xml b/docs/en-US/signing-api-requests.xml new file mode 100644 index 00000000000..b71cd42d9e5 --- /dev/null +++ b/docs/en-US/signing-api-requests.xml @@ -0,0 +1,36 @@ +
+ Signing API Requests + Whether you access the CloudStack API with HTTP or HTTPS, it must still be signed so that CloudStack can verify the caller has been authenticated and authorized to execute the command. Make sure that you have both the API Key and Secret Key provided by the CloudStack administrator for your account before proceeding with the signing process. + To show how to sign a request, we will re-use the previous example. + http://http://localhost:8080/client/api?command=deployVirtualMachine&serviceOfferingId=1&diskOfferingId=1&templateId=2&zoneId=4&apiKey=miVr6X7u6bN_sdahOBpjNejPgEsT35eXq-jB8CG20YI3yaxXcgpyuaIRmFI_EJTVwZ0nUkkJbPmY3y2bciKwFQ&signature=Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D + Breaking this down, we have several distinct parts to this URL. + + Base URL: This is the base URL to the CloudStack Management Server. + http://localhost:8080 + + API Path: This is the path to the API Servlet that processes the incoming requests. + /client/api? + + Command String: This part of the query string comprises of the command, its parameters, and the API Key that identifies the account. + As with all query string parameters of field-value pairs, the “field” component is case insensitive while all “value” values are case sensitive. + command=deployVirtualMachine&serviceOfferingId=1&diskOfferingId=1&templateId=2&zoneId=4&apiKey=miVr6X7u6bN_sdahOBpjNejPgEsT35eXq-jB8CG20YI3yaxXcgpyuaIRmFI_EJTVwZ0nUkkJbPmY3y2bciKwFQ + + Signature: This is the hashed signature of the Base URL that is generated using a combination of the user’s Secret Key and the HMAC SHA-1 hashing algorithm. + &signature=Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D + + + Every API request has the format Base URL+API Path+Command String+Signature. + To generate the signature. + + For each field-value pair (as separated by a ‘&’) in the Command String, URL encode each value so that it can be safely sent via HTTP GET. + Make sure all spaces are encoded as “%20” rather than “+”. + + Lower case the entire Command String and sort it alphabetically via the field for each field-value pair. The result of this step would look like the following. + apikey=mivr6x7u6bn_sdahobpjnejpgest35exq-jb8cg20yi3yaxxcgpyuairmfi_ejtvwz0nukkjbpmy3y2bcikwfq&command=deployvirtualmachine&diskofferingid=1&serviceofferingid=1&templateid=2&zoneid=4 + + Take the sorted Command String and run it through the HMAC SHA-1 hashing algorithm (most programming languages offer a utility method to do this) with the user’s Secret Key. Base64 encode the resulting byte array in UTF-8 so that it can be safely transmitted via HTTP. The final string produced after Base64 encoding should be “Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D”. + By reconstructing the final URL in the format Base URL+API Path+Command String+Signature, the final URL should look like: + http://localhost:8080/client/api?command=deployVirtualMachine&serviceOfferingId=1&diskOfferingId=1&templateId=2&zoneId=4&apiKey=miVr6X7u6bN_sdahOBpjNejPgEsT35eXq-jB8CG20YI3yaxXcgpyuaIRmFI_EJTVwZ0nUkkJbPmY3y2bciKwFQ&signature=Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D + + +
\ No newline at end of file diff --git a/docs/en-US/site-to-site-vpn.xml b/docs/en-US/site-to-site-vpn.xml new file mode 100644 index 00000000000..2e29909f4ae --- /dev/null +++ b/docs/en-US/site-to-site-vpn.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> +
+ Site-to-Site VPN + + To add a Virtual Private Cloud (VPC): + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network + In the Select view, select site-to-site VPN. + Click Add site-to-site VPN. Provide the following information: + + IP Address:. + Gateway: The IP address of the remote gateway. + CIDR list: The guest CIDR list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs. + IPsec Preshared Key: The preshared key of the remote gateway. + IKE Policy: Internet Key Exchange (IKE) policy for phase 1. Specify it as a combination of the encryption algorithm(aes,3des,des) and hash algorithm(sha1,md5). For example: aes-sha1, 3des-sha1. + ESP Policy: Encapsulating Security Payload (ESP) policy for phase 2. Specify it as a combination of the encryption algorithm(aes,3des,des) and hash algorithm(sha1,md5). For example: aes-sha1, 3des-sha1. + Lifetime (seconds): Lifetime of SA in seconds. Default is 86400 seconds(1day). + + Click OK. + + +
diff --git a/docs/en-US/snapshot-restore.xml b/docs/en-US/snapshot-restore.xml new file mode 100644 index 00000000000..2a63f1f1917 --- /dev/null +++ b/docs/en-US/snapshot-restore.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Snapshot Restore + There are two paths to restoring snapshots. Users can create a volume from the snapshot. The volume can then be mounted to a VM and files recovered as needed. Alternatively, a template may be created from the snapshot of a root disk. The user can then boot a VM from this template to effect recovery of the root disk. +
diff --git a/docs/en-US/standard-events.xml b/docs/en-US/standard-events.xml new file mode 100644 index 00000000000..290b8bc5625 --- /dev/null +++ b/docs/en-US/standard-events.xml @@ -0,0 +1,22 @@ + + +%BOOK_ENTITIES; +]> +
+ Standard Events + The events log records three types of standard events. + + INFO. This event is generated when an operation has been successfully performed. + WARN. This event is generated in the following circumstances. + + When a network is disconnected while monitoring a template download. + When a template download is abandoned. + When an issue on the storage server causes the volumes to fail over to the mirror storage server. + + + ERROR. This event is generated when an operation has not been successfully performed + + +
+ diff --git a/docs/en-US/static-nat.xml b/docs/en-US/static-nat.xml new file mode 100644 index 00000000000..ea7c7d8d565 --- /dev/null +++ b/docs/en-US/static-nat.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Static NAT + A static NAT rule maps a public IP address to the private IP address of a VM in order to allow Internet traffic into the VM. The public IP address always remains the same, which is why it is called “static” NAT. This section tells how to enable or disable static NAT for a particular IP address. +
diff --git a/docs/en-US/sticky-session-policies-for-lb-rules.xml b/docs/en-US/sticky-session-policies-for-lb-rules.xml new file mode 100644 index 00000000000..a8c11c95ff5 --- /dev/null +++ b/docs/en-US/sticky-session-policies-for-lb-rules.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Sticky Session Policies for Load Balancer Rules + Sticky sessions are used in Web-based applications to ensure continued availability of information across the multiple requests in a user's session. For example, if a shopper is filling a cart, you need to remember what has been purchased so far. The concept of “stickiness” is also referred to as persistence or maintaining state. + Any load balancer rule defined in CloudPlatform can have a stickiness policy. The policy consists of a name, stickiness method, and parameters. The parameters are name-value pairs or flags, which are defined by the load balancer vendor. The stickiness method could be load balancer-generated cookie, application-generated cookie, or source-based. In the source-based method, the source IP address is used to identify the user and locate the user’s stored data. In the other methods, cookies are used. The cookie generated by the load balancer or application is included in request and response URLs to create persistence. The cookie name can be specified by the administrator or automatically generated. A variety of options are provided to control the exact behavior of cookies, such as how they are generated and whether they are cached. + For the most up to date list of available stickiness methods, see the CloudPlatform UI or call listNetworks and check the SupportedStickinessMethods capability. +
diff --git a/docs/en-US/stop-restart-management-server.xml b/docs/en-US/stop-restart-management-server.xml new file mode 100644 index 00000000000..26d30eab340 --- /dev/null +++ b/docs/en-US/stop-restart-management-server.xml @@ -0,0 +1,16 @@ + + +%BOOK_ENTITIES; +]> +
+ Stopping and Restarting the Management Server + The root administrator will need to stop and restart the Management Server from time to time. + For example, after changing a global configuration parameter, a restart is required. If you have multiple Management Server nodes, restart all of them to put the new parameter value into effect consistently throughout the cloud.. + To stop the Management Server, issue the following command at the operating system prompt on the Management Server node: + # service cloud-management stop + To start the Management Server: + # service cloud-management start + To stop the Management Server: + # service cloud-management stop +
diff --git a/docs/en-US/stopped-vm.xml b/docs/en-US/stopped-vm.xml new file mode 100644 index 00000000000..e6b8400c897 --- /dev/null +++ b/docs/en-US/stopped-vm.xml @@ -0,0 +1,12 @@ +
+ Stopped VM + CloudPlatform now supports creating a VM without starting it. You can determine whether the VM needs to be started as part of the VM deployment. A VM can now be deployed in two ways: create and start a VM (the default method); or create a VM and leave it in the stopped state. + A new request parameter, startVM, is introduced in the deployVm API to support the stopped VM feature. + The possible values are: + + true - The VM starts as a part of the VM deployment. + false - The VM is left in the stopped state at the end of the VM deployment. + + The default value is true. +
+ diff --git a/docs/en-US/stopping-and-starting-vms.xml b/docs/en-US/stopping-and-starting-vms.xml new file mode 100644 index 00000000000..20d0d952327 --- /dev/null +++ b/docs/en-US/stopping-and-starting-vms.xml @@ -0,0 +1,5 @@ +
+ Stopping and Starting VMs + Any user can access their own virtual machines. The administrator can access all VMs running in the cloud. +
+ diff --git a/docs/en-US/storage-tags.xml b/docs/en-US/storage-tags.xml new file mode 100644 index 00000000000..3297c8d83c2 --- /dev/null +++ b/docs/en-US/storage-tags.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Storage Tags + Storage may be "tagged". A tag is a text string attribute associated with primary storage, a Disk Offering, or a Service Offering. Tags allow administrators to provide additional information about the storage. For example, that is a "SSD" or it is "slow". Tags are not interpreted by CloudPlatform. They are matched against tags placed on service and disk offerings. CloudPlatform requires all tags on service and disk offerings to exist on the primary storage before it allocates root or data disks on the primary storage. Service and disk offering tags are used to identify the requirements of the storage that those offerings have. For example, the high end service offering may require "fast" for its root disk volume. + The interaction between tags, allocation, and volume copying across clusters and pods can be complex. To simplify the situation, use the same set of tags on the primary storage for all clusters in a pod. Even if different devices are used to present those tags, the set of exposed tags can be the same. + +
diff --git a/docs/en-US/storage.xml b/docs/en-US/storage.xml new file mode 100644 index 00000000000..45fa648db58 --- /dev/null +++ b/docs/en-US/storage.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Deleting VMs + CloudPlatform defines two types of storage: primary and secondary. Primary storage can be accessed by either iSCSI or NFS. Additionally, direct attached storage may be used for primary storage. Secondary storage is always accessed using NFS. + There is no ephemeral storage in CloudPlatform. All volumes on all nodes are persistent +
+ diff --git a/docs/en-US/suspend-project.xml b/docs/en-US/suspend-project.xml new file mode 100644 index 00000000000..9ad1e622fc0 --- /dev/null +++ b/docs/en-US/suspend-project.xml @@ -0,0 +1,30 @@ + + +%BOOK_ENTITIES; +]> +
+ Suspending or Deleting a Project + When a project is suspended, it retains the resources it owns, but they can no longer be used. No new resources or members can be added to a suspended project. + When a project is deleted, its resources are destroyed, and member accounts are removed from the project. The project’s status is shown as Disabled pending final deletion. + A project can be suspended or deleted by the project administrator, the domain administrator of the domain the project belongs to or of its parent domain, or the CloudPlatform root administrator. + + Log in to the CloudPlatform UI. + In the left navigation, click Projects. + In Select View, choose Projects. + Click the name of the project. + Click one of the buttons: + + + + deletebutton.png: Removes a member + + + + + + deletebutton.png: Removes a member + + +
+ diff --git a/docs/en-US/sys-reliability-and-ha.xml b/docs/en-US/sys-reliability-and-ha.xml new file mode 100644 index 00000000000..d8c4bbdf69c --- /dev/null +++ b/docs/en-US/sys-reliability-and-ha.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ System Reliability and High Availability + vCenter Maintenance Mode + XenServer and Maintenance Mode + vCenter Maintenance Mode + XenServer and Maintenance Mode +
diff --git a/docs/en-US/sysprep-for-windows-server-2003R2.xml b/docs/en-US/sysprep-for-windows-server-2003R2.xml new file mode 100644 index 00000000000..bdde68e89b2 --- /dev/null +++ b/docs/en-US/sysprep-for-windows-server-2003R2.xml @@ -0,0 +1,39 @@ + + +%BOOK_ENTITIES; +]> +
+ Sysprep for Windows Server 2003 R2 + Earlier versions of Windows have a different sysprep tool. Follow these steps for Windows Server 2003 R2. + + Extract the content of \support\tools\deploy.cab on the Windows installation CD into a directory called c:\sysprep on the Windows 2003 R2 VM. + Run c:\sysprep\setupmgr.exe to create the sysprep.inf file. + + Select Create New to create a new Answer File. + Enter “Sysprep setup” for the Type of Setup. + Select the appropriate OS version and edition. + On the License Agreement screen, select “Yes fully automate the installation”. + Provide your name and organization. + Leave display settings at default. + Set the appropriate time zone. + Provide your product key. + Select an appropriate license mode for your deployment + Select “Automatically generate computer name”. + Type a default administrator password. If you enable the password reset feature, the users will not actually use this password. This password will be reset by the instance manager after the guest boots up. + Leave Network Components at “Typical Settings”. + Select the “WORKGROUP” option. + Leave Telephony options at default. + Select appropriate Regional Settings. + Select appropriate language settings. + Do not install printers. + Do not specify “Run Once commands”. + You need not specify an identification string. + Save the Answer File as c:\sysprep\sysprep.inf. + + + + Run the following command to sysprep the image:c:\sysprep\sysprep.exe -reseal -mini -activated + After this step the machine will automatically shut down + +
diff --git a/docs/en-US/sysprep-windows-server-2008R2.xml b/docs/en-US/sysprep-windows-server-2008R2.xml new file mode 100644 index 00000000000..37a2e1cefda --- /dev/null +++ b/docs/en-US/sysprep-windows-server-2008R2.xml @@ -0,0 +1,51 @@ + + +%BOOK_ENTITIES; +]> +
+ System Preparation for Windows Server 2008 R2 + For Windows 2008 R2, you run Windows System Image Manager to create a custom sysprep response XML file. Windows System Image Manager is installed as part of the Windows Automated Installation Kit (AIK). Windows AIK can be downloaded from the Microsoft Download Center at the following location: + Microsoft Download Center. + Use the following steps to run sysprep for Windows 2008 R2:The steps outlined here are derived from the excellent guide by Charity Shelbourne, originally published at Windows Server 2008 Sysprep Mini-Setup + + Download and install the Windows AIKWindows AIK should not be installed on the Windows 2008 R2 VM you just created. Windows AIK should not be part of the template you create. It is only used to create the sysprep answer file. + Copy the install.wim file in the \sources directory of the Windows 2008 R2 installation DVD to the hard disk. This is a very large file and may take a long time to copy. Windows AIK requires the WIM file to be writable. + Start the Windows System Image Manager, which is part of the Windows AIK. + In the Windows Image pane, right click “Select a Windows image or catalog file” to load the install.wim file you just copied. + Select the Windows 2008 R2 EditionYou may be prompted with a warning that the catalog file cannot be opened. Click Yes to create a new catalog file. + In the Answer File pane, right click to create a new answer file. + Generate the answer file from the Windows System Image Manager using the following steps: + + The first page you need to automate is the Language and Country or Region Selection page. To automate this, expand Components in your Windows Image pane, right-click and add the Microsoft-Windows-International-Core setting to Pass 7 oobeSystem. In your Answer File pane, configure the InputLocale, SystemLocale, UILanguage, and UserLocale with the appropriate settings for your language and country or region. Should you have a question about any of these settings, you can right-click on the specific setting and select Help. This will open the appropriate CHM help file with more information, including examples on the setting you are attempting to configure. + + + + + sysmanager.png: System Image Manager + + You need to automate the Software License Terms Selection page, otherwise known as the End-User License Agreement (EULA). To do this, expand the Microsoft-Windows-Shell-Setup component. High-light the OOBE setting, and add the setting to the Pass 7 oobeSystem. In Settings, set HideEULAPage true. + + + + software-license.png: Depicts hiding the EULA page. + + Make sure the license key is properly set. If you use MAK key, you can just enter the MAK key on the Windows 2008 R2 VM. You need not input the MAK into the Windows System Image Manager. If you use KMS host for activation you need not enter the Product Key. Details of Windows Volume Activation can be found at + You need to automate is the Change Administrator Password page. Expand the Microsoft-Windows-Shell-Setup component (if it is not still expanded), expand UserAccounts, right-click on AdministratorPassword, and add the setting to the Pass 7 oobeSystem configuration pass of your answer file. Under Settings, specify a password next to Value. + + + + + change-admin-password.png: Depicts changing the administrator password + You may read the AIK documentation and set many more options that suit your deployment. The steps above are the minimum needed to make Windows unattended setup work. + Save the answer file as unattend.xml. You can ignore the warning messages that appear in the validation window. + Copy the unattend.xml file into the c:\windows\system32\sysprep directory of the Windows 2008 R2 Virtual Machine + Once you place the unattend.xml file in c:\windows\system32\sysprep directory, you run the sysprep tool as follows: + cd c:\Windows\System32\sysprep +sysprep.exe /oobe /generalize /shutdown +The Windows 2008 R2 VM will automatically shut down after sysprep is complete. + + + + +
diff --git a/docs/en-US/system-service-offerings.xml b/docs/en-US/system-service-offerings.xml new file mode 100644 index 00000000000..92aff735111 --- /dev/null +++ b/docs/en-US/system-service-offerings.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ System Service Offerings + System service offerings provide a choice of CPU speed, number of CPUs, tags, and RAM size, just as other service offerings do. But rather than being used for virtual machine instances and exposed to users, system service offerings are used to change the default properties of virtual routers, console proxies, and other system VMs. System service offerings are visible only to the CloudPlatform root administrator. CloudPlatform provides default system service offerings. The CloudPlatform root administrator can create additional custom system service offerings. + When CloudPlatform creates a virtual router for a guest network, it uses default settings which are defined in the system service offering associated with the network offering. You can upgrade the capabilities of the virtual router by applying a new network offering that contains a different system service offering. All virtual routers in that network will begin using the settings from the new service offering. +
diff --git a/docs/en-US/system-vm-template.xml b/docs/en-US/system-vm-template.xml new file mode 100644 index 00000000000..e873ee1b1e5 --- /dev/null +++ b/docs/en-US/system-vm-template.xml @@ -0,0 +1,19 @@ + + +%BOOK_ENTITIES; +]> +
+ The System VM Template + The System VMs come from a single template. The System VM has the following characteristics: + + Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security APT repository + Has a minimal set of packages installed thereby reducing the attack surface + 32-bit for enhanced performance on Xen/VMWare + pvops kernel with Xen PV drivers, KVM virtio drivers, and VMware tools for optimum performance on all hypervisors + Xen tools inclusion allows performance monitoring + Latest versions of HAProxy, iptables, IPsec, and Apache from debian repository ensures improved security and speed + Latest version of JRE from Sun/Oracle ensures improved security and speed + + +
diff --git a/docs/en-US/template-iso-snapshot-usage-record-format.xml b/docs/en-US/template-iso-snapshot-usage-record-format.xml new file mode 100644 index 00000000000..d3ae8e1191a --- /dev/null +++ b/docs/en-US/template-iso-snapshot-usage-record-format.xml @@ -0,0 +1,18 @@ +
+ Template, ISO, and Snapshot Usage Record Format + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usage – String representation of the usage, including the units of usage (e.g. 'Hrs' for hours) + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + usageid – The ID of the the template, ISO, or snapshot + offeringid – The ID of the disk offering + templateid – – Included only for templates (usage type 7). Source template ID. + size – Size of the template, ISO, or snapshot + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + +
\ No newline at end of file diff --git a/docs/en-US/templates.xml b/docs/en-US/templates.xml new file mode 100644 index 00000000000..a249ded15e5 --- /dev/null +++ b/docs/en-US/templates.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Templates + + +
diff --git a/docs/en-US/time-zones.xml b/docs/en-US/time-zones.xml new file mode 100644 index 00000000000..a886e5f5f46 --- /dev/null +++ b/docs/en-US/time-zones.xml @@ -0,0 +1,114 @@ +
+ Time Zones + The following time zone identifiers are accepted by the CloudPlatform API. There are several places that have a time zone as a required or optional parameter. These include scheduling recurring snapshots, creating a user, and specifying the usage time zone in the Configuration table. . + + + + + + + + Etc/GMT+12 + Etc/GMT+11 + Pacific/Samoa + + + Pacific/Honolulu + US/Alaska + America/Los_Angeles + + + Mexico/BajaNorte + US/Arizona + US/Mountain + + + America/Chihuahua + America/Chicago + America/Costa_Rica + + + America/Mexico_City + Canada/Saskatchewan + America/Bogota + + + America/New_York + America/Caracas + America/Asuncion + + + America/Cuiaba + America/Halifax + America/La_Paz + + + America/Santiago + America/St_Johns + America/Araguaina + + + America/Argentina/Buenos_Aires + America/Cayenne + America/Godthab + + + America/Montevideo + Etc/GMT+2 + Atlantic/Azores + + + Atlantic/Cape_Verde + Africa/Casablanca + Etc/UTC + + + Atlantic/Reykjavik + Europe/London + CET + + + Europe/Bucharest + Africa/Johannesburg + Asia/Beirut + + + Africa/Cairo + Asia/Jerusalem + Europe/Minsk + + + Europe/Moscow + Africa/Nairobi + Asia/Karachi + + + Asia/Kolkata + Asia/Bangkok + Asia/Shanghai + + + Asia/Kuala_Lumpur + Australia/Perth + Asia/Taipei + + + Asia/Tokyo + Asia/Seoul + Australia/Adelaide + + + Australia/Darwin + Australia/Brisbane + Australia/Canberra + + + Pacific/Guam + Pacific/Auckland + + + + + +
+ diff --git a/docs/en-US/trial-installation.xml b/docs/en-US/trial-installation.xml new file mode 100644 index 00000000000..9e3e33aee10 --- /dev/null +++ b/docs/en-US/trial-installation.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Trial Installation + Coming soon. +
+ diff --git a/docs/en-US/troubleshooting-alerts.xml b/docs/en-US/troubleshooting-alerts.xml new file mode 100644 index 00000000000..9127364bf15 --- /dev/null +++ b/docs/en-US/troubleshooting-alerts.xml @@ -0,0 +1,39 @@ + + +%BOOK_ENTITIES; +]> +
+ Alerts + The following is the list of alert type numbers. + +MEMORY = 0 +CPU = 1 +STORAGE =2 +STORAGE_ALLOCATED = 3 +PUBLIC_IP = 4 +PRIVATE_IP = 5 +HOST = 6 +USERVM = 7 +DOMAIN_ROUTER = 8 +CONSOLE_PROXY = 9 +ROUTING = 10// lost connection to default route (to the gateway) +STORAGE_MISC = 11 // lost connection to default route (to the gateway) +USAGE_SERVER = 12 // lost connection to default route (to the gateway) +MANAGMENT_NODE = 13 // lost connection to default route (to the gateway) +DOMAIN_ROUTER_MIGRATE = 14 +CONSOLE_PROXY_MIGRATE = 15 +USERVM_MIGRATE = 16 +VLAN = 17 +SSVM = 18 +USAGE_SERVER_RESULT = 19 +STORAGE_DELETE = 20; +UPDATE_RESOURCE_COUNT = 21; //Generated when we fail to update the resource count +USAGE_SANITY_RESULT = 22; +DIRECT_ATTACHED_PUBLIC_IP = 23; +LOCAL_STORAGE = 24; +RESOURCE_LIMIT_EXCEEDED = 25; //Generated when the resource limit exceeds the limit. Currently used for recurring snapshots only + + +
+ diff --git a/docs/en-US/troubleshooting-dataloss-on-exported-primary-storage.xml b/docs/en-US/troubleshooting-dataloss-on-exported-primary-storage.xml new file mode 100644 index 00000000000..677bcc33a4b --- /dev/null +++ b/docs/en-US/troubleshooting-dataloss-on-exported-primary-storage.xml @@ -0,0 +1,30 @@ + + +%BOOK_ENTITIES; +]> +
+ Data Loss on Exported Primary Storage + + Symptom + Loss of existing data on primary storage which has been exposed as a Linux NFS server export on an iSCSI volume. + + + Cause + It is possible that a client from outside the intended pool has mounted the storage. When this occurs, the LVM is wiped and all data in the volume is lost + + + Solution + When setting up LUN exports, restrict the range of IP addresses that are allowed access by specifying a subnet mask. For example: + + echo “/export 192.168.1.0/24(rw,async,no_root_squash)” > /etc/exports + Adjust the above command to suit your deployment needs. + + More Information + See the export procedure in the "Secondary Storage" section of the CloudPlatform Installation Guide + + + + +
+ diff --git a/docs/en-US/troubleshooting-lb-rules-fails.xml b/docs/en-US/troubleshooting-lb-rules-fails.xml new file mode 100644 index 00000000000..1808d06b26b --- /dev/null +++ b/docs/en-US/troubleshooting-lb-rules-fails.xml @@ -0,0 +1,22 @@ + + +%BOOK_ENTITIES; +]> +
+ Load balancer rules fail after changing network offering + + Symptom + After changing the network offering on a network, load balancer rules stop working. + + + Cause + Load balancing rules were created while using a network service offering that includes an external load balancer device such as NetScaler, and later the network service offering changed to one that uses the CloudPlatform virtual router. + + + Solution + Create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function. + + +
+ diff --git a/docs/en-US/troubleshooting-maintenance-mode-not-working-on-vCenter.xml b/docs/en-US/troubleshooting-maintenance-mode-not-working-on-vCenter.xml new file mode 100644 index 00000000000..60d769fa299 --- /dev/null +++ b/docs/en-US/troubleshooting-maintenance-mode-not-working-on-vCenter.xml @@ -0,0 +1,26 @@ + + +%BOOK_ENTITIES; +]> +
+ Maintenance mode not working on vCenter + + Symptom + Host was placed in maintenance mode, but still appears live in vCenter. + + + Cause + The CloudPlatform administrator UI was used to place the host in scheduled maintenance mode. This mode is separate from vCenter's maintenance mode. + + + Solution + Use vCenter to place the host in maintenance mode. + + + More Information + See + + +
+ diff --git a/docs/en-US/troubleshooting-recover-lost-virtual-router.xml b/docs/en-US/troubleshooting-recover-lost-virtual-router.xml new file mode 100644 index 00000000000..f4699d85929 --- /dev/null +++ b/docs/en-US/troubleshooting-recover-lost-virtual-router.xml @@ -0,0 +1,31 @@ + + +%BOOK_ENTITIES; +]> +
+ Recovering a Lost Virtual Router + + Symptom + A virtual router is running, but the host is disconnected. A virtual router no longer functions as expected. + + + Cause + The Virtual router is lost or down. + + + Solution + If you are sure that a virtual router is down forever, or no longer functions as expected, destroy it. You must create one afresh while keeping the backup router up and running (it is assumed this is in a redundant router setup): + + + Force stop the router. Use the stopRouter API with forced=true parameter to do so. + Before you continue with destroying this router, ensure that the backup router is running. Otherwise the network connection will be lost. + Destroy the router by using the destroyRouter API. + + Recreate the missing router by using the restartNetwork API with cleanup=false parameter. For more information about redundant router setup, see Creating a New Network Offering. + For more information about the API syntax, see the API Reference at API Reference. + + + +
+ diff --git a/docs/en-US/troubleshooting-unable-to-deploy-vms.xml b/docs/en-US/troubleshooting-unable-to-deploy-vms.xml new file mode 100644 index 00000000000..f1432c4df54 --- /dev/null +++ b/docs/en-US/troubleshooting-unable-to-deploy-vms.xml @@ -0,0 +1,21 @@ + + +%BOOK_ENTITIES; +]> +
+ Unable to deploy VMs from uploaded vSphere template + + Symptom + When attempting to create a VM, the VM will not deploy. + + + Cause + If the template was created by uploading an OVA file that was created using vSphere Client, it is possible the OVA contained an ISO image. If it does, the deployment of VMs from the template will fail. + + + Solution + Remove the ISO and re-upload the template. + +
+ diff --git a/docs/en-US/troubleshooting-unable-to-power-on-vm.xml b/docs/en-US/troubleshooting-unable-to-power-on-vm.xml new file mode 100644 index 00000000000..ba114732354 --- /dev/null +++ b/docs/en-US/troubleshooting-unable-to-power-on-vm.xml @@ -0,0 +1,27 @@ + + +%BOOK_ENTITIES; +]> +
+ Unable to power on virtual machine on VMware + + Symptom + Virtual machine does not power on. You might see errors like: + + + Unable to open Swap File + Unable to access a file since it is locked +  Unable to access Virtual machine configuration + + + Cause + A known issue on VMware machines. ESX hosts lock certain critical virtual machine files and file systems to prevent concurrent changes. Sometimes the files are not unlocked when the virtual machine is powered off. When a virtual machine attempts to power on, it can not access these critical files, and the virtual machine is unable to power on. + + + Solution + See the following: + + VMware Knowledge Base Article +
+ diff --git a/docs/en-US/troubleshooting-working-with-server-logs.xml b/docs/en-US/troubleshooting-working-with-server-logs.xml new file mode 100644 index 00000000000..9255b5ac2bd --- /dev/null +++ b/docs/en-US/troubleshooting-working-with-server-logs.xml @@ -0,0 +1,23 @@ + + +%BOOK_ENTITIES; +]> +
+ Working with Server Logs + The CloudPlatform Management Server logs all web site, middle tier, and database activities for diagnostics purposes in /var/log/cloud/management/. The CloudPlatform logs a variety of error messages. We recommend this command to find the problematic output in the Management Server log:. + When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text. + + grep -i -E 'exception|unable|fail|invalid|leak|warn|error' /var/log/cloud/management/management-server.log + + The CloudPlatform processes requests with a Job ID. If you find an error in the logs and you are interested in debugging the issue you can grep for this job ID in the management server log. For example, suppose that you find the following ERROR message: + + 2010-10-04 13:49:32,595 ERROR [cloud.vm.UserVmManagerImpl] (Job-Executor-11:job-1076) Unable to find any host for [User|i-8-42-VM-untagged] + + Note that the job ID is 1076. You can track back the events relating to job 1076 with the following grep: + + grep "job-1076)" management-server.log + + The CloudPlatform Agent Server logs its activities in /var/log/cloud/agent/. +
+ diff --git a/docs/en-US/troubleshooting.xml b/docs/en-US/troubleshooting.xml new file mode 100644 index 00000000000..c129dc912e1 --- /dev/null +++ b/docs/en-US/troubleshooting.xml @@ -0,0 +1,18 @@ + + +%BOOK_ENTITIES; +]> +
+ IP Load Balancing + DNS and DHCP + VPN + Configuring VPN + Using VPN with Windows + Using VPN with Mac + Templates + Events + Templates + + +
diff --git a/docs/en-US/tuning.xml b/docs/en-US/tuning.xml new file mode 100644 index 00000000000..91b0f0cf15b --- /dev/null +++ b/docs/en-US/tuning.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Tuning + This section provides tips on how to improve the performance of your cloud. + + + + + +
+ diff --git a/docs/en-US/ui.xml b/docs/en-US/ui.xml new file mode 100644 index 00000000000..d01f1d27397 --- /dev/null +++ b/docs/en-US/ui.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> + + User Interface + + diff --git a/docs/en-US/upgrade-virtual-router-with-service-offering.xml b/docs/en-US/upgrade-virtual-router-with-service-offering.xml new file mode 100644 index 00000000000..72cb4336279 --- /dev/null +++ b/docs/en-US/upgrade-virtual-router-with-service-offering.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Upgrading a Virtual Router with System Service Offerings + When CloudPlatform creates a virtual router, it uses default settings which are defined in a default system service offering. See . All the virtual routers in a single guest network use the same system service offering. You can upgrade the capabilities of the virtual router by creating and applying a custom system service offering. + + Define your custom system service offering. See . In System VM Type, choose Domain Router. + Associate the system service offering with a network offering. See + 3. Apply the network offering to the network where you want the virtual routers to use the new system service offering. If this is a new network, follow the steps in Adding an Additional Guest Network on page 66. To change the service offering for existing virtual routers, follow the steps in . + + +
diff --git a/docs/en-US/upload-existing-volume-to-vm.xml b/docs/en-US/upload-existing-volume-to-vm.xml new file mode 100644 index 00000000000..da6e157108d --- /dev/null +++ b/docs/en-US/upload-existing-volume-to-vm.xml @@ -0,0 +1,57 @@ + + +%BOOK_ENTITIES; +]> +
+ Uploading an Existing Volume to a Virtual Machine + Existing data can be made accessible to a virtual machine. This is called uploading a volume to the VM. For example, this is useful to upload data from a local file system and attach it to a VM. Root administrators, domain administrators, and end users can all upload existing volumes to VMs. + The upload is performed using HTTP. The uploaded volume is placed in the zone's secondary storage + You cannot upload a volume if the preconfigured volume limit has already been reached. The default limit for the cloud is set in the global configuration parameter max.account.volumes, but administrators can also set per-domain limits that are different from the global default. See Setting Usage Limits + To upload a volume: + + (Optional) Create an MD5 hash (checksum) of the disk image file that you are going to upload. After uploading the data disk, CloudPlatform will use this value to verify that no data corruption has occurred. + Log in to the CloudPlatform UI as an administrator or user + In the left navigation bar, click Storage. + Click Upload Volume. + Provide the following: + + Name and Description. Any desired name and a brief description that can be shown in the UI. + Availability Zone. Choose the zone where you want to store the volume. VMs running on hosts in this zone can attach the volume. + Format. Choose one of the following to indicate the disk image format of the volume. + + + + + + Hypervisor + Disk Image Format + + + + + XenServer + VHD + + + VMware + OVA + + + KVM + QCOW2 + + + OVM + RAW + + + + + URL. The secure HTTP or HTTPS URL that CloudPlatform can use to access your disk. The type of file at the URL must match the value chosen in Format. For example, if Format is VHD, the URL might look like the following: + http://yourFileServerIP/userdata/myDataDisk.vhd + MD5 checksum. (Optional) Use the hash that you created in step 1. + Wait until the status of the volume shows that the upload is complete. Click Instances - Volumes, find the name you specified in step 5, and make sure the status is Uploaded. + +
+ diff --git a/docs/en-US/upload-template.xml b/docs/en-US/upload-template.xml new file mode 100644 index 00000000000..2021b6b923f --- /dev/null +++ b/docs/en-US/upload-template.xml @@ -0,0 +1,44 @@ + + +%BOOK_ENTITIES; +]> +
+ Uploading Templates + If you are uploading a template that was created using vSphere Client, be sure the OVA file does not contain an ISO. If it does, the deployment of VMs from the template will fail. + Templates are uploaded based on a URL. HTTP is the supported access protocol. Templates are frequently large files. You can optionally gzip them to decrease upload times. + To upload a template: + + In the left navigation bar, click Templates. + Click Create Template. + Provide the following: + + Name and Display Text. These will be shown in the UI, so + choose something descriptive. + URL. The Management Server will download the file from the specified URL, such as http://my.web.server/filename.vhd.gz. + Zone. Choose the zone where you want the template to be available, or All Zones to make it available throughout CloudPlatform. + OS Type: This helps CloudPlatform and the hypervisor perform certain operations and make assumptions that improve the performance of the guest. Select one of the following: + + If the operating system of the stopped VM is listed, choose it. + If the OS type of the stopped VM is not listed, choose Other. + Generally you should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other. + + + Hypervisor + Format. The format of the template upload file, such as VHD + or OVA. + Password Enabled. Choose Yes if your template has the + CloudPlatform password change script installed. See Adding Password + Management to Your Templates + Extractable. Choose Yes if the template is available for extraction. If this option is selected, end users can + download a full image of a template. + Public. Choose Yes to make this template accessible to all + users of this CloudPlatform installation. The template will appear in the + Community Templates list. See + Featured. Choose Yes if you would like this template to be + more prominent for users to select. The template will appear in the Featured + Templates list. Only an administrator can make a template Featured. + + + +
diff --git a/docs/en-US/usage-record-format.xml b/docs/en-US/usage-record-format.xml new file mode 100644 index 00000000000..21dd3263bba --- /dev/null +++ b/docs/en-US/usage-record-format.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Usage Record Format + + + + + + + + +
+ diff --git a/docs/en-US/usage-types.xml b/docs/en-US/usage-types.xml new file mode 100644 index 00000000000..868d3312243 --- /dev/null +++ b/docs/en-US/usage-types.xml @@ -0,0 +1,101 @@ + + +%BOOK_ENTITIES; +]> +
+ Usage Types + The following table shows all usage types. + + + + + + + + Type ID + Type Name + Description + + + + + 1 + RUNNING_VM + Tracks the total running time of a VM per usage record period. If the VM is upgraded during the usage period, you will get a separate Usage Record for the new upgraded VM. + + + 2 + ALLOCATED_VM + Tracks the total time the VM has been created to the time when it has been destroyed. This usage type is also useful in determining usage for specific templates such as Windows-based templates. + + + + 3 + IP_ADDRESS + Tracks the public IP address owned by the account. + + + + 4 + NETWORK_BYTES_SENT + Tracks the total number of bytes sent by all the VMs for an account. Cloud.com does not currently track network traffic per VM. + + + + 5 + NETWORK_BYTES_RECEIVED + Tracks the total number of bytes received by all the VMs for an account. Cloud.com does not currently track network traffic per VM. + + + + 6 + VOLUME + Tracks the total time a disk volume has been created to the time when it has been destroyed. + + + + 7 + TEMPLATE + Tracks the total time a template (either created from a snapshot or uploaded to the cloud) has been created to the time it has been destroyed. The size of the template is also returned. + + + + 8 + ISO + Tracks the total time an ISO has been uploaded to the time it has been removed from the cloud. The size of the ISO is also returned. + + + + 9 + SNAPSHOT + Tracks the total time from when a snapshot has been created to the time it have been destroyed. + + + + 11 + LOAD_BALANCER_POLICY + Tracks the total time a load balancer policy has been created to the time it has been removed. Cloud.com does not track whether a VM has been assigned to a policy. + + + + 12 + PORT_FORWARDING_RULE + Tracks the time from when a port forwarding rule was created until the time it was removed. + + + + 13 + NETWORK_OFFERING + The time from when a network offering was assigned to a VM until it is removed. + + + + 14 + VPN_USERS + The time from when a VPN user is created until it is removed. + + + + +
diff --git a/docs/en-US/use-project-view.xml b/docs/en-US/use-project-view.xml new file mode 100644 index 00000000000..6935ee87a22 --- /dev/null +++ b/docs/en-US/use-project-view.xml @@ -0,0 +1,23 @@ + + +%BOOK_ENTITIES; +]> +
+ Using the Project View + If you are a member of a project, you can use CloudPlatform’s project view to see project members, resources consumed, and more. The project view shows only information related to one project. It is a useful way to filter out other information so you can concentrate on a project status and resources. + + Log in to the CloudPlatform UI. + Click Project View. + The project dashboard appears, showing the project’s VMs, volumes, users, events, network settings, and more. From the dashboard, you can: + + Click the Accounts tab to view and manage project members. If you are the project administrator, you can add new members, remove members, or change the role of a member from user to admin. Only one member at a time can have the admin role, so if you set another user’s role to admin, your role will change to regular user. + (If invitations are enabled) Click the Invitations tab to view and manage invitations that + have been sent to new project members but not yet accepted. Pending invitations will + remain in this list until the new member accepts, the invitation timeout is reached, or + you cancel the invitation. + + + +
+ diff --git a/docs/en-US/user-data-and-meta-data.xml b/docs/en-US/user-data-and-meta-data.xml new file mode 100644 index 00000000000..6724af770f8 --- /dev/null +++ b/docs/en-US/user-data-and-meta-data.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ User Data and Meta Data + CloudPlatform provides API access to attach user data to a deployed VM. Deployed VMs also have access to instance metadata via the virtual router. + User data can be accessed once the IP address of the virtual router is known. Once the IP address is known, use the following steps to access the user data: + + Run the following command to find the virtual router.# cat /var/lib/dhclient/dhclient-eth0.leases | grep dhcp-server-identifier | tail -1 + Access user data by running the following command using the result of the above command# curl http://10.1.1.1/latest/user-data + + Meta Data can be accessed similarly, using a URL of the form http://10.1.1.1/latest/meta-data/{metadata type}. (For backwards compatibility, the previous URL http://10.1.1.1/latest/{metadata type} is also supported.) For metadata type, use one of the following: + + service-offering. A description of the VMs service offering + availability-zone. The Zone name + local-ipv4. The guest IP of the VM + local-hostname. The hostname of the VM + public-ipv4. The first public IP for the router. (E.g. the first IP of eth2) + public-hostname. This is the same as public-ipv4 + instance-id. The instance name of the VM + + +
\ No newline at end of file diff --git a/docs/en-US/user-services-overview.xml b/docs/en-US/user-services-overview.xml new file mode 100644 index 00000000000..3c2459074d3 --- /dev/null +++ b/docs/en-US/user-services-overview.xml @@ -0,0 +1,77 @@ +
+ User Services Overview + In addition to the physical and logical infrastructure of your cloud, and the CloudPlatform software and servers, you also need a layer of user services so that people can actually make use of the cloud. This means not just a user UI, but a set of options and resources that users can choose from, such as templates for creating virtual machines, disk storage, and more. If you are running a commercial service, you will be keeping track of what services and resources users are consuming and charging them for that usage. Even if you do not charge anything for people to use your cloud – say, if the users are strictly internal to your organization, or just friends who are sharing your cloud – you can still keep track of what services they use and how much of them. +
+ Service Offerings, Disk Offerings, Network Offerings, and Templates + A user creating a new instance can make a variety of choices about its characteristics and capabilities. CloudPlatform provides several ways to present users with choices when creating a new instance: + + Service Offerings, defined by the CloudPlatform administrator, provide a choice of CPU speed, number of CPUs, RAM size, tags on the root disk, and other choices. See Creating a New Compute Offering. + Disk Offerings, defined by the CloudPlatform administrator, provide a choice of disk size for primary data storage. See Creating a New Disk Offering. + Network Offerings, defined by the CloudPlatform administrator, describe the feature set that is available to end users from the virtual router or external networking devices on a given guest network. See Network Offerings. +  Templates, defined by the CloudPlatform administrator or by any CloudPlatform user, are the base OS images that the user can choose from when creating a new instance. For example, CloudPlatform includes CentOS as a template. See Working with Templates. + + In addition to these choices that are provided for users, there is another type of service offering which is available only to the CloudPlatform root administrator, and is used for configuring virtual infrastructure resources. For more information, see Upgrading a Virtual Router with System Service Offerings. +
+
+ Accounts, Users, and Domains + An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account. Users are like aliases in the account. Users in the same account are not isolated from each other, but they are isolated from users in other accounts. Most installations need not surface the notion of users; they just have one user per account. + Accounts are grouped by domains. Domains usually contain accounts that have some logical relationship to each other and a set of delegated administrators with some authority over the domain and its subdomains. For example, a service provider with several resellers could create a domain for each reseller. + Administrators are accounts with special privileges in the system. There may be multiple administrators in the system. Administrators can create or delete other administrators, and change the password for any user in the system. Root administrators have complete access to the system, including managing templates, service offerings, customer care administrators, and domains. Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains. +
+
+ Using an LDAP Server for User Authentication + You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudPlatform end-users. Just map CloudPlatform accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters provided by CloudPlatform for matching common values such as the user’s email address and name. CloudPlatform will search the external LDAP directory tree starting at a specified base directory and return the distinguished name (DN) and password of the matching user. This information along with the given password is used to authenticate the user. + To set up LDAP authentication in CloudPlatform, call the CloudPlatform API command ldapConfig and provide the following: + + Hostname or IP address and listening port of the LDAP server + Base directory and query filter + Search user DN credentials, which give CloudPlatform permission to search on the LDAP server + SSL keystore and password, if SSL is used + +
+ Example LDAP Configuration Commands + To understand the examples in this section, you need to know the basic concepts behind calling the CloudPlatform API, which are explained in the Developer’s Guide. + The following shows an example invocation of ldapConfig with an ApacheDS LDAP server. + http://127.0.0.1:8080/client/api?command=ldapConfig&hostname=127.0.0.1&searchbase=ou%3Dtesting%2Co%3Dproject&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=cn%3DJohn+Singh%2Cou%3Dtesting%2Co%project&bindpass=secret&port=10389&ssl=true&truststore=C%3A%2Fcompany%2Finfo%2Ftrusted.ks&truststorepass=secret&response=json&apiKey=YourAPIKey&signature=YourSignatureHash + + The command must be URL-encoded. Here is the same example without the URL encoding: + +http://127.0.0.1:8080/client/api?command=ldapConfig +&hostname=127.0.0.1 +&searchbase=ou=testing,o=project +&queryfilter=(&(%uid=%u)) +&binddn=cn=John+Singh,ou=testing,o=project +&bindpass=secret +&port=10389 +&ssl=true +&truststore=C:/company/info/trusted.ks +&truststorepass=secret +&response=json +&apiKey=YourAPIKey +&signature=YourSignatureHash + + The following shows a similar command for Active Directory. Here, the search base is the testing group within a company, and the users are matched up based on email address. + http://10.147.29.101:8080/client/api?command=ldapConfig&hostname=10.147.28.250&searchbase=OU%3Dtesting%2CDC%3Dcompany&queryfilter=%28%26%28mail%3D%25e%29%29&binddn=CN%3DAdministrator%2COU%3Dtesting%2CDC%3Dcompany&bindpass=1111_aaaa&port=389&response=json&apiKey=YourAPIKey&signature=YourSignatureHash + + The next few sections explain some of the concepts you will need to know when filling out the ldapConfig parameters. +
+
+ Search Base + Coming soon: TODO +
+
+ Query Filter + Coming soon: TODO +
+
+ Search User Bind DN + Coming soon: TODO +
+
+ SSL Keystore Path and Password + Coming soon: TODO +
+ +
+
+ diff --git a/docs/en-US/using-multiple-guest-networks.xml b/docs/en-US/using-multiple-guest-networks.xml new file mode 100644 index 00000000000..1ff0804acea --- /dev/null +++ b/docs/en-US/using-multiple-guest-networks.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Using Multiple Guest Networks + In zones that use advanced networking, additional networks for guest traffic may be added at any time after the initial installation. You can also customize the domain name associated with the network by specifying a DNS suffix for each network. + A VM's networks are defined at VM creation time. A VM cannot add or remove networks after it has been created, although the user can go into the guest and remove the IP address from the NIC on a particular network. + Each VM has just one default network. The virtual router's DHCP reply will set the guest's default gateway as that for the default network. Multiple non-default networks may be added to a guest in addition to the single, required default network. The administrator can control which networks are available as the default network. + Additional networks can either be available to all accounts or be assigned to a specific account. Networks that are available to all accounts are zone-wide. Any user with access to the zone can create a VM with access to that network. These zone-wide networks provide little or no isolation between guests. Networks that are assigned to a specific account provide strong isolation. +
diff --git a/docs/en-US/using-netscaler-load-balancers.xml b/docs/en-US/using-netscaler-load-balancers.xml new file mode 100644 index 00000000000..61fb6fa30bc --- /dev/null +++ b/docs/en-US/using-netscaler-load-balancers.xml @@ -0,0 +1,42 @@ + + +%BOOK_ENTITIES; +]> +
+ About Using a NetScaler Load Balancer + Citrix NetScaler is supported as an external network element for load balancing in zones that use advanced networking (also called advanced zones). Set up an external load balancer when you want to provide load balancing through means other than CloudPlatform’s provided virtual router. + The NetScaler can be set up in direct (outside the firewall) mode. It must be added before any load balancing rules are deployed on guest VMs in the zone. + The functional behavior of the NetScaler with CloudPlatform is the same as described in the CloudPlatform documentation for using an F5 external load balancer. The only exception is that the F5 supports routing domains, and NetScaler does not. NetScaler can not yet be used as a firewall. + The Citrix NetScaler comes in three varieties. The following table summarizes how these variants are treated in CloudPlatform. + + + + + NetScaler ADC Type + Description of Capabilities + CloudPlatform 3.0.3 Supported Features + + + + + MPX + Physical appliance. Capable of deep packet inspection. Can act as application firewall and load balancer + In advanced zones, load balancer functionality fully supported without limitation. In basic zones, static NAT, elastic IP (EIP), and elastic load balancing (ELB) are also provided + + + + VPX + Virtual appliance. Can run as VM on XenServer, ESXi, and Hyper-V hypervisors. Same functionality as MPX + Supported only on ESXi. Same functional support as for MPX. CloudPlatform will treat VPX and MPX as the same device type + + + SDX + Physical appliance. Can create multiple fully isolated VPX instances on a single appliance to support multi-tenant usage + CloudPlatform will dynamically provision, configure, and manage the lifecycle of VPX instances on the SDX. Provisioned instances are added into CloudPlatform automatically – no manual configuration by the administrator is required. Once a VPX instance is added into CloudPlatform, it is treated the same as a VPX on an ESXi host. + + + + + +
diff --git a/docs/en-US/using-sshkeys.xml b/docs/en-US/using-sshkeys.xml new file mode 100644 index 00000000000..a753b32d1b0 --- /dev/null +++ b/docs/en-US/using-sshkeys.xml @@ -0,0 +1,87 @@ + + +%BOOK_ENTITIES; +]> +
+ Using the SSH Keys for Authentication on Cloud + In addition to the username and password authentication, CloudStack supports using SSH + keys to log in to the cloud infrastructure for additional security for your cloud + infrastructure. You can use the createSSHKeyPair API to generate the SSH keys. + Because each cloud user has their own ssh key, one cloud user cannot log in to another + cloud user's instances unless they share their ssh key files. Using a single SSH key pair, + you can manage multiple instances. + + Creating an Instance Template that Supports SSH Keys + + + Create a instance template that supports SSH Keys. + Create a new instance by using the template provided by cloudstack. + For more information on creating a new instance, see + Download the cloudstack script from The SSH Key Gen Scriptto the instance you have created. + wget http://downloads.sourceforge.net/project/cloudstack/SSH%20Key%20Gen%20Script/cloud-set-guest-sshkey.in?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fcloudstack%2Ffiles%2FSSH%2520Key%2520Gen%2520Script%2F&ts=1331225219&use_mirror=iweb + Copy the file to /etc/init.d. + cp cloud-set-guest-sshkey.in /etc/init.d/ + Give the necessary permissions on the script: + chmod +x /etc/init.d/cloud-set-guest-sshkey.in + Run the script while starting up the operating system: + chkconfig --add cloud-set-guest-sshkey.in + Stop the instance. + + + + + Creating the SSH Keypair + You must make a call to the createSSHKeyPair api method. You can either use the cloudstack python api library or the curl commands to make the call to the cloudstack api. + For example, make a call from the cloudstack server to create a SSH keypair called "keypair-doc" for the admin account in the root domain: + Ensure that you adjust these values to meet your needs. If you are making the API call from a different server, your URL/PORT will be different, and you will need to use the API keys. + + Run the following curl command: + curl --globoff "http://localhost:8096/?command=createSSHKeyPair&name=keypair-doc&account=admin&domainid=5163440e-c44b-42b5-9109-ad75cae8e8a2" + The output is something similar to what is given below: + <?xml version="1.0" encoding="ISO-8859-1"?><createsshkeypairresponse cloud-stack-version="3.0.0.20120228045507"><keypair><name>keypair-doc</name><fingerprint>f6:77:39:d5:5e:77:02:22:6a:d8:7f:ce:ab:cd:b3:56</fingerprint><privatekey>-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci +dXYBeZVwakDVsU2MLGl/K+wefwefwefwefwefJyKJaogMKn7BperPD6n1wIDAQAB +AoGAdXaJ7uyZKeRDoy6wA0UmF0kSPbMZCR+UTIHNkS/E0/4U+6lhMokmFSHtu +mfDZ1kGGDYhMsdytjDBztljawfawfeawefawfawfawQQDCjEsoRdgkduTy +QpbSGDIa11Jsc+XNDx2fgRinDsxXI/zJYXTKRhSl/LIPHBw/brW8vzxhOlSOrwm7 +VvemkkgpAkEAwSeEw394LYZiEVv395ar9MLRVTVLwpo54jC4tsOxQCBlloocK +lYaocpk0yBqqOUSBawfIiDCuLXSdvBo1Xz5ICTM19vgvEp/+kMuECQBzm +nVo8b2Gvyagqt/KEQo8wzH2THghZ1qQ1QRhIeJG2aissEacF6bGB2oZ7Igim5L14 +4KR7OeEToyCLC2k+02UCQQCrniSnWKtDVoVqeK/zbB32JhW3Wullv5p5zUEcd +KfEEuzcCUIxtJYTahJ1pvlFkQ8anpuxjSEDp8x/18bq3 +-----END RSA PRIVATE KEY----- +</privatekey></keypair></createsshkeypairresponse> + Copy the key data into a file. The file looks like this: + -----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci +dXYBeZVwakDVsU2MLGl/K+wefwefwefwefwefJyKJaogMKn7BperPD6n1wIDAQAB +AoGAdXaJ7uyZKeRDoy6wA0UmF0kSPbMZCR+UTIHNkS/E0/4U+6lhMokmFSHtu +mfDZ1kGGDYhMsdytjDBztljawfawfeawefawfawfawQQDCjEsoRdgkduTy +QpbSGDIa11Jsc+XNDx2fgRinDsxXI/zJYXTKRhSl/LIPHBw/brW8vzxhOlSOrwm7 +VvemkkgpAkEAwSeEw394LYZiEVv395ar9MLRVTVLwpo54jC4tsOxQCBlloocK +lYaocpk0yBqqOUSBawfIiDCuLXSdvBo1Xz5ICTM19vgvEp/+kMuECQBzm +nVo8b2Gvyagqt/KEQo8wzH2THghZ1qQ1QRhIeJG2aissEacF6bGB2oZ7Igim5L14 +4KR7OeEToyCLC2k+02UCQQCrniSnWKtDVoVqeK/zbB32JhW3Wullv5p5zUEcd +KfEEuzcCUIxtJYTahJ1pvlFkQ8anpuxjSEDp8x/18bq3 +-----END RSA PRIVATE KEY----- + Save the file. + + + + Creating an Instance + After you save the SSH keypair file, you must create an instance by using the template that you created at . Ensure that you use the same SSH key name that you created at . + You cannot create the instance by using the GUI at this time and associate the instance with the newly created SSH keypair. + A sample curl command to create a new instance is: + curl --globoff http://localhost:<port numbet>/?command=deployVirtualMachine\&zoneId=1\&serviceOfferingId=18727021-7556-4110-9322-d625b52e0813\&templateId=e899c18a-ce13-4bbf-98a9-625c5026e0b5\&securitygroupids=ff03f02f-9e3b-48f8-834d-91b822da40c5\&account=admin\&domainid=1\&keypair=keypair-doc + Substitute the template, service offering and security group IDs (if you are using the security group feature) that are in your cloud environment. + + + Logging In Using the SSH Keypair + To test your SSH key generation is successful, check whether you can log in to the cloud setup. + For exaple, from a Linux OS, run: + ssh -i ~/.ssh/keypair-doc <ip address> + The -i parameter tells the ssh client to use a ssh key found at ~/.ssh/keypair-doc. + +
+ diff --git a/docs/en-US/using-swift-for-secondary-storage.xml b/docs/en-US/using-swift-for-secondary-storage.xml new file mode 100644 index 00000000000..a3b873be532 --- /dev/null +++ b/docs/en-US/using-swift-for-secondary-storage.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ Using Swift for Secondary Storage + CloudPlatform supports OpenStack Object Storage ( Swift) for secondary storage. When using Swift, you configure Swift storage for the entire CloudPlatform, then set up NFS secondary storage for each zone as usual. The NFS storage in each zone acts as a staging area through which all templates and other secondary storage data pass before being forwarded to Swift. The Swift storage acts as a cloud-wide resource, making templates and other data available to any zone in the cloud. There is no hierarchy in the Swift storage, just one Swift container per storage object. Any secondary storage in the whole cloud can pull a container from Swift at need. It is not necessary to copy templates and snapshots from one zone to another, as would be required when using zone NFS alone. Everything is available everywhere + Swift storage must be set up before you add NFS secondary storage to zones. This is accomplished through some additional configuration steps on a fresh Management Server installation, before you add the first zone. The procedure is described in Adding a Zone in the Advanced Installation Guide. +
+ diff --git a/docs/en-US/using-vpn-with-mac.xml b/docs/en-US/using-vpn-with-mac.xml new file mode 100644 index 00000000000..0104d854fe3 --- /dev/null +++ b/docs/en-US/using-vpn-with-mac.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Using VPN with Mac OS X + In Mac OS X, in Network Preferences – Advanced, make sure Send all traffic over VPN connection is not checked. +
diff --git a/docs/en-US/using-vpn-with-windows.xml b/docs/en-US/using-vpn-with-windows.xml new file mode 100644 index 00000000000..77389f9e674 --- /dev/null +++ b/docs/en-US/using-vpn-with-windows.xml @@ -0,0 +1,23 @@ + + +%BOOK_ENTITIES; +]> +
+ Using VPN with Windows + The procedure to use VPN varies by Windows version. Generally, the user must edit the VPN properties and make sure that the default route is not the VPN. The following steps are for Windows L2TP clients on Windows Vista. The commands should be similar for other Windows versions. + + Log in to the CloudPlatform UI and click on the source NAT IP for the account. The VPN tab should display the IPsec preshared key. Make a note of this and the source NAT IP. The UI also lists one or more users and their passwords. Choose one of these users, or, if none exists, add a user and password. + On the Windows box, go to Control Panel, then select Network and Sharing center. Click Setup a connection or network. + In the next dialog, select No, create a new connection. + In the next dialog, select Use my Internet Connection (VPN). + In the next dialog, enter the source NAT IP from step 1 and give the connection a name. Check Don't connect now. + In the next dialog, enter the user name and password selected in step 1. + Click Create. + Go back to the Control Panel and click Network Connections to see the new connection. The connection is not active yet. + Right-click the new connection and select Properties. In the Properties dialog, select the Networking tab. + In Type of VPN, choose L2TP IPsec VPN, then click IPsec settings. Select Use preshared key. Enter the preshared key from Step 1. + The connection is ready for activation. Go back to Control Panel -> Network Connections and double-click the created connection. + Enter the user name and password from Step 1. + +
diff --git a/docs/en-US/vcenter-maintenance-mode.xml b/docs/en-US/vcenter-maintenance-mode.xml new file mode 100644 index 00000000000..90732b06a01 --- /dev/null +++ b/docs/en-US/vcenter-maintenance-mode.xml @@ -0,0 +1,23 @@ + + +%BOOK_ENTITIES; +]> +
+ vCenter and Maintenance Mode + To enter maintenance mode on a vCenter host, both vCenter and CloudPlatform must be used in concert. CloudPlatform and vCenter have separate maintenance modes that work closely together. + + Place the host into CloudPlatform's "scheduled maintenance" mode. This does not invoke the vCenter maintenance mode, but only causes VMs to be migrated off the host + When the CloudPlatform maintenance mode is requested, the host first moves into the Prepare for Maintenance state. In this state it cannot be the target of new guest VM starts. Then all VMs will be migrated off the server. Live migration will be used to move VMs off the host. This allows the guests to be migrated to other hosts with no disruption to the guests. After this migration is completed, the host will enter the Ready for Maintenance mode. + Wait for the "Ready for Maintenance" indicator to appear in the UI. + Now use vCenter to perform whatever actions are necessary to maintain the host. During this time, the host cannot be the target of new VM allocations. + When the maintenance tasks are complete, take the host out of maintenance mode as follows: + + First use vCenter to exit the vCenter maintenance mode. + This makes the host ready for CloudPlatform to reactivate it. + Then use CloudPlatform's administrator UI to cancel the CloudPlatform maintenance mode + When the host comes back online, the VMs that were migrated off of it are migrated back to it and new VMs can be added. + + + +
diff --git a/docs/en-US/virtual-machine-usage-record-format.xml b/docs/en-US/virtual-machine-usage-record-format.xml new file mode 100644 index 00000000000..9df22f04b46 --- /dev/null +++ b/docs/en-US/virtual-machine-usage-record-format.xml @@ -0,0 +1,22 @@ +
+ Virtual Machine Usage Record Format + For running and allocated virtual machine usage, the following fields exist in a usage record: + + account – name of the account + accountid – ID of the account + domainid – ID of the domain in which this account resides + zoneid – Zone where the usage occurred + description – A string describing what the usage record is tracking + usage – String representation of the usage, including the units of usage (e.g. 'Hrs' for VM running time) + usagetype – A number representing the usage type (see Usage Types) + rawusage – A number representing the actual usage in hours + virtualMachineId – The ID of the virtual machine + name – The name of the virtual machine + offeringid – The ID of the service offering + templateid – The ID of the template or the ID of the parent template. The parent template value is present when the current template was created from a volume. + usageid – Virtual machine + type – Hypervisor + startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record + +
+ diff --git a/docs/en-US/virtual-router.xml b/docs/en-US/virtual-router.xml new file mode 100644 index 00000000000..e2bde355ad1 --- /dev/null +++ b/docs/en-US/virtual-router.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Virtual Router + The virtual router is a type of System Virtual Machine. The virtual router is one of the most frequently used service providers in CloudPlatform. The end user has no direct access to the virtual router. Users can ping the virtual router and take actions that affect it (such as setting up port forwarding), but users do not have SSH access into the virtual router. + There is no mechanism for the administrator to log in to the virtual router. Virtual routers can be restarted by administrators, but this will interrupt public network access and other services for end users. A basic test in debugging networking issues is to attempt to ping the virtual router from a guest VM. Some of the characteristics of the virtual router are determined by its associated system service offering.. +
diff --git a/docs/en-US/vlan-provisioning.xml b/docs/en-US/vlan-provisioning.xml new file mode 100644 index 00000000000..5921bb3ae0f --- /dev/null +++ b/docs/en-US/vlan-provisioning.xml @@ -0,0 +1,11 @@ + + +%BOOK_ENTITIES; +]> +
+ VLAN Provisioning + CloudPlatform automatically creates and destroys interfaces bridged to VLANs on the hosts. In general the administrator does not need to manage this process. + CloudPlatform manages VLANs differently based on hypervisor type. For XenServer or KVM, the VLANs are created on only the hosts where they will be used and then they are destroyed when all guests that require them have been terminated or moved to another host. . + For vSphere the VLANs are provisioned on all hosts in the cluster even if there is no guest running on a particular Host that requires the VLAN. This allows the administrator to perform live migration and other functions in vCenter without having to create the VLAN on the destination Host. Additionally, the VLANs are not removed from the Hosts when they are no longer needed. +
\ No newline at end of file diff --git a/docs/en-US/vm-lifecycle.xml b/docs/en-US/vm-lifecycle.xml new file mode 100644 index 00000000000..b9b86e7e73a --- /dev/null +++ b/docs/en-US/vm-lifecycle.xml @@ -0,0 +1,20 @@ +
+ VM Lifecycle + Virtual machines can be in the following states: + + + + + basic_deployment.png: Basic two-machine CloudStack deployment + + Once a virtual machine is destroyed, it cannot be recovered. All the resources used by the virtual machine will be reclaimed by the system. This includes the virtual machine’s IP address. + A stop will attempt to gracefully shut down the operating system, which typically involves terminating all the running applications. If the operation system cannot be stopped, it will be forcefully terminated. This has the same effect as pulling the power cord to a physical machine. + A reboot is a stop followed by a start. + CloudPlatform preserves the state of the virtual machine hard disk until the machine is destroyed. + A running virtual machine may fail because of hardware or network issues. A failed virtual machine is in the down state. + The system places the virtual machine into the down state if it does not receive the heartbeat from the hypervisor for three minutes. + The user can manually restart the virtual machine from the down state. + The system will start the virtual machine from the down state automatically if the virtual machine is marked as HA-enabled. + +
+ diff --git a/docs/en-US/vm-storage-migration.xml b/docs/en-US/vm-storage-migration.xml new file mode 100644 index 00000000000..fdbbba067eb --- /dev/null +++ b/docs/en-US/vm-storage-migration.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ VM Storage Migration + Supported in XenServer, KVM, and VMware. + This procedure is different from moving disk volumes from one VM to another. See Detaching and Moving Volumes . + You can migrate a virtual machine’s root disk volume or any additional data disk volume from one storage pool to another in the same zone. + You can use the storage migration feature to achieve some commonly desired administration goals, such as balancing the load on storage pools and increasing the reliability of virtual machines by moving them away from any storage pool that is experiencing issues. + + +
+ diff --git a/docs/en-US/volume-deletion-garbage-collection.xml b/docs/en-US/volume-deletion-garbage-collection.xml new file mode 100644 index 00000000000..9f50ac57309 --- /dev/null +++ b/docs/en-US/volume-deletion-garbage-collection.xml @@ -0,0 +1,17 @@ + + +%BOOK_ENTITIES; +]> +
+ Volume Deletion and Garbage Collection + The deletion of a volume does not delete the snapshots that have been created from the volume + When a VM is destroyed, data disk volumes that are attached to the VM are not deleted. + Volumes are permanently destroyed using a garbage collection process. The global configuration variables expunge.delay and expunge.interval determine when the physical deletion of volumes will occur. + + expunge.delay: determines how old the volume must be before it is destroyed, in seconds + expunge.interval: determines how often to run the garbage collection check + + Administrators should adjust these values depending on site policies around data retention. +
+ diff --git a/docs/en-US/volume-status.xml b/docs/en-US/volume-status.xml new file mode 100644 index 00000000000..88f3717dd0c --- /dev/null +++ b/docs/en-US/volume-status.xml @@ -0,0 +1,10 @@ + + +%BOOK_ENTITIES; +]> +
+ Volume Status + When a snapshot operation is triggered by means of a recurring snapshot policy, a snapshot is skipped if a volume has remained inactive since its last snapshot was taken. A volume is considered to be inactive if it is either detached or attached to a VM that is not running. CloudPlatform ensures that at least one snapshot is taken since the volume last became inactive. + When a snapshot is taken manually, a snapshot is always created regardless of whether a volume has been active or not. +
diff --git a/docs/en-US/vpc.xml b/docs/en-US/vpc.xml new file mode 100644 index 00000000000..cd298a16ecf --- /dev/null +++ b/docs/en-US/vpc.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Virtual Private Cloud + + To add a Virtual Private Cloud (VPC): + + Log in to the CloudPlatform UI as an administrator or end user. + In the left navigation, choose Network + In the Select view, select VPC. + Click Add VPC. Provide the following information: + + Name: A short name for the VPC that you are creating. + Description: A brief description of the VPC. + Zone: Choose the zone where you want the VPC to be available. + CIDR: To accept the traffic only from the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0. + Network Domain: If you want to assign a special domain name to this network, specify the DNS suffix. + + + + +
diff --git a/docs/en-US/vpn.xml b/docs/en-US/vpn.xml new file mode 100644 index 00000000000..31b7a64dfc4 --- /dev/null +++ b/docs/en-US/vpn.xml @@ -0,0 +1,22 @@ + + +%BOOK_ENTITIES; +]> +
+ VPN + CloudPlatform account owners can create virtual private networks (VPN) to access their virtual machines. If the guest network is instantiated from a network offering that offers the Remote Access VPN service, the virtual router (based on the System VM) is used to provide the service. CloudPlatform provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks. Since each network gets its own virtual router, VPNs are not shared across the networks. VPN clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The account owner can create and manage users for their VPN. CloudPlatform does not use its account database for this purpose but uses a separate table. The VPN user database is shared across all the VPNs created by the account owner. All VPN users get access to all VPNs created by the account owner. + Make sure that not all traffic goes through the VPN. That is, the route installed by the VPN should be only for the guest network and not for all traffic. + + Road Warrior / Remote Access. Users want to be able to + connect securely from a home or office to a private network in the cloud. Typically, + the IP address of the connecting client is dynamic and cannot be preconfigured on + the VPN server. + Site to Site. In this scenario, two private subnets are + connected over the public Internet with a secure VPN tunnel. The cloud user’s subnet + (for example, an office network) is connected through a gateway to the network in + the cloud. The address of the user’s gateway must be preconfigured on the VPN server + in the cloud. Note that although L2TP-over-IPsec can be used to set up Site-to-Site + VPNs, this is not the primary intent of this feature. + +
diff --git a/docs/en-US/whatis.xml b/docs/en-US/whatis.xml new file mode 100644 index 00000000000..89348c52fb6 --- /dev/null +++ b/docs/en-US/whatis.xml @@ -0,0 +1,26 @@ + + +%BOOK_ENTITIES; +]> +
+ What Is &PRODUCT;? + + &PRODUCT; is an open source software platform that pools computing resources to build public, private, and hybrid Infrastructure as a Service (IaaS) clouds. &PRODUCT; manages the network, storage, and compute nodes that make up a cloud infrastructure. Use &PRODUCT; to deploy, manage, and configure cloud computing environments. + + Typical users are service providers and enterprises. With &PRODUCT;, you can: + + + Set up an on-demand, elastic cloud computing service. Service providers can sell self service virtual machine instances, storage volumes, and networking configurations over the Internet. + + + Set up an on-premise private cloud for use by employees. Rather than managing virtual machines in the same way as physical machines, with &PRODUCT; an enterprise can offer self-service virtual machines to users without involving IT departments. + + + + + + + 1000-foot-view.png: Overview of &PRODUCT; + +
\ No newline at end of file diff --git a/docs/en-US/whats-in-this-adminguide.xml b/docs/en-US/whats-in-this-adminguide.xml new file mode 100644 index 00000000000..94129a4d340 --- /dev/null +++ b/docs/en-US/whats-in-this-adminguide.xml @@ -0,0 +1,7 @@ +
+ Who Should Read This + If you have already installed CloudPlatform or you want to learn more about the ongoing + operation and maintenance of a CloudPlatform-powered cloud, read this documentation. It + will help you start using, configuring, and managing the ongoing operation of your cloud. +
+ diff --git a/docs/en-US/whats-new.xml b/docs/en-US/whats-new.xml new file mode 100644 index 00000000000..c1a6e0cb1c8 --- /dev/null +++ b/docs/en-US/whats-new.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ What's New in 3.0.x? + The following describes any new major features of each CloudPlatform version as it applies to API usage. + + + + + + +
diff --git a/docs/en-US/who-should-read-installation.xml b/docs/en-US/who-should-read-installation.xml new file mode 100644 index 00000000000..013781119b7 --- /dev/null +++ b/docs/en-US/who-should-read-installation.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Who Should Read This + + For those who have already gone through a design phase and planned a more sophisticated deployment, + or those who are ready to start scaling up a trial installation. + With the following procedures, you can start using the more powerful features of &PRODUCT;, + such as advanced VLAN networking, high availability, additional network elements such as load balancers and firewalls, + and support for multiple hypervisors including Citrix XenServer, KVM, and VMware vSphere. + +
\ No newline at end of file diff --git a/docs/en-US/windows-installation.xml b/docs/en-US/windows-installation.xml new file mode 100644 index 00000000000..46044bc6585 --- /dev/null +++ b/docs/en-US/windows-installation.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Windows OS Installation + Download the installer, CloudInstanceManager.msi, from Download page and run the installer in the newly created Windows VM. +
diff --git a/docs/en-US/work-with-usage.xml b/docs/en-US/work-with-usage.xml new file mode 100644 index 00000000000..d5d88021214 --- /dev/null +++ b/docs/en-US/work-with-usage.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Changing the Database Configuration + The CloudPlatform Management Server stores database configuration information (e.g., hostname, port, credentials) in the file /etc/cloud/management/db.properties. To effect a change, edit this file on each Management Server, then restart the Management Server. +
diff --git a/docs/en-US/working-with-hosts.xml b/docs/en-US/working-with-hosts.xml new file mode 100644 index 00000000000..7f65da3df7a --- /dev/null +++ b/docs/en-US/working-with-hosts.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Removing Hosts + Hosts can be removed from the cloud as needed. The procedure to remove a host depends on the hypervisor type. +
diff --git a/docs/en-US/working-with-iso.xml b/docs/en-US/working-with-iso.xml new file mode 100644 index 00000000000..8b6f345a8fa --- /dev/null +++ b/docs/en-US/working-with-iso.xml @@ -0,0 +1,14 @@ + + +%BOOK_ENTITIES; +]> +
+ Working with ISOs + CloudPlatform supports ISOs and their attachment to guest VMs. An ISO is a read-only file that has an ISO/CD-ROM style file system. Users can upload their own ISOs and mount them on their guest VMs. + ISOs are uploaded based on a URL. HTTP is the supported protocol. Once the ISO is available via HTTP specify an upload URL such as http://my.web.server/filename.iso. + ISOs may be public or private, like templates.ISOs are not hypervisor-specific. That is, a guest on vSphere can mount the exact same image that a guest on KVM can mount. + ISO images may be stored in the system and made available with a privacy level similar to templates. ISO images are classified as either bootable or not bootable. A bootable ISO image is one that contains an OS image. CloudPlatform allows a user to boot a guest VM off of an ISO image. Users can also attach ISO images to guest VMs. For example, this enables installing PV drivers into Windows. ISO images are not hypervisor-specific. + + +
diff --git a/docs/en-US/working-with-snapshots.xml b/docs/en-US/working-with-snapshots.xml new file mode 100644 index 00000000000..1987b2318bd --- /dev/null +++ b/docs/en-US/working-with-snapshots.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Working with Snapshots + (Supported for the following hypervisors: XenServer, + VMware vSphere, and KVM) + CloudPlatform supports snapshots of disk volumes. Snapshots are a point-in-time capture of virtual machine disks. Memory and CPU states are not captured. If you are using the Oracle VM hypervisor, you can not take snapshots, since OVM does not support them. + Snapshots may be taken for volumes, including both root and data disks (except when the Oracle VM hypervisor is used, which does not support snapshots). The administrator places a limit on the number of stored snapshots per user. Users can create new volumes from the snapshot for recovery of particular files and they can create templates from snapshots to boot from a restored disk. + Users can create snapshots manually or by setting up automatic recurring snapshot policies. Users can also create disk volumes from snapshots, which may be attached to a VM like any other disk volume. Snapshots of both root disks and data disks are supported. However, CloudPlatform does not currently support booting a VM from a recovered root disk. A disk recovered from snapshot of a root disk is treated as a regular data disk; the data on recovered disk can be accessed by attaching the disk to a VM. + A completed snapshot is copied from primary storage to secondary storage, where it is stored until deleted or purged by newer snapshot. +
diff --git a/docs/en-US/working-with-system-vm.xml b/docs/en-US/working-with-system-vm.xml new file mode 100644 index 00000000000..47b397602e2 --- /dev/null +++ b/docs/en-US/working-with-system-vm.xml @@ -0,0 +1,9 @@ + + +%BOOK_ENTITIES; +]> +
+ Working with System Virtual Machines + CloudPlatform uses several types of system virtual machines to perform tasks in the cloud. In general CloudPlatform manages these system VMs and creates, starts, and stops them as needed based on scale and immediate needs. However, the administrator should be aware of them and their roles to assist in debugging issues. +
diff --git a/docs/en-US/working-with-templates.xml b/docs/en-US/working-with-templates.xml new file mode 100644 index 00000000000..6073f7b91e7 --- /dev/null +++ b/docs/en-US/working-with-templates.xml @@ -0,0 +1,25 @@ + + +%BOOK_ENTITIES; +]> +
+ Working with Templates + A template is a reusable configuration for virtual machines. When users launch VMs, they can choose from a list of templates in CloudPlatform. + Specifically, a template is a virtual disk image that includes one of a variety of operating systems, optional additional software such as office applications, and settings such as access control to determine who can use the template. Each template is associated with a particular type of hypervisor, which is specified when the template is added to CloudPlatform. + CloudPlatform ships with a default template. In order to present more choices to users, CloudPlatform administrators and users can create templates and add them to CloudPlatform. + + + + + + + + + + + + + + +
diff --git a/docs/en-US/working-with-usage-data.xml b/docs/en-US/working-with-usage-data.xml new file mode 100644 index 00000000000..09a89df38f8 --- /dev/null +++ b/docs/en-US/working-with-usage-data.xml @@ -0,0 +1,15 @@ + + +%BOOK_ENTITIES; +]> +
+ Working With Usage Data + The Usage Server provides aggregated usage records which you can use to create billing integration for the CloudStack platform. The Usage Server works by taking data from the events log and creating summary usage records that you can access using the listUsageRecords API call. + The usage records show the amount of resources, such as VM run time or template storage space, consumed by guest instances. In the special case of bare metal instances, no template storage resources are consumed, but records showing zero usage are still included in the Usage Server's output. + The Usage Server runs at least once per day. It can be configured to run multiple times per day. Its behavior is controlled by configuration settings as described in the CloudStack Administration Guide. + + + + +
diff --git a/docs/en-US/working-with-volumes.xml b/docs/en-US/working-with-volumes.xml new file mode 100644 index 00000000000..56106723ecb --- /dev/null +++ b/docs/en-US/working-with-volumes.xml @@ -0,0 +1,12 @@ + + +%BOOK_ENTITIES; +]> +
+ Using Swift for Secondary Storage + A volume provides storage to a guest VM. The volume can provide for a root disk or an additional data disk. CloudPlatform supports additional volumes for guest VMs. + Volumes are created for a specific hypervisor type. A volume that has been attached to guest using one hypervisor type (e.g, XenServer) may not be attached to a guest that is using another hypervisor type (e.g. vSphere, Oracle VM, KVM). This is because the different hypervisors use different disk image formats. + CloudPlatform defines a volume as a unit of storage available to a guest VM. Volumes are either root disks or data disks. The root disk has “/” in the file system and is usually the boot device. Data disks provide for additional storage (e.g. As “/opt” or “D:”). Every guest VM has a root disk, and VMs can also optionally have a data disk. End users can mount multiple data disks to guest VMs. Users choose data disks from the disk offerings created by administrators. The user can create a template from a volume as well; this is the standard procedure for private template creation. Volumes are hypervisor-specific: a volume from one hypervisor type may not be used on a guest of another hypervisor type. +
+ diff --git a/docs/en-US/xenserver-maintenance-mode.xml b/docs/en-US/xenserver-maintenance-mode.xml new file mode 100644 index 00000000000..f8811bf4a31 --- /dev/null +++ b/docs/en-US/xenserver-maintenance-mode.xml @@ -0,0 +1,33 @@ + + +%BOOK_ENTITIES; +]> +
+ XenServer and Maintenance Mode + For XenServer, you can take a server offline temporarily by using the Maintenance Mode feature in XenCenter. When you place a server into Maintenance Mode, all running VMs are automatically migrated from it to another host in the same pool. If the server is the pool master, a new master will also be selected for the pool. While a server is Maintenance Mode, you cannot create or start any VMs on it. + To place a server in Maintenance Mode: + + In the Resources pane, select the server, then do one of the following: + + Right-click, then click Enter Maintenance Mode on the shortcut menu. + + On the Server menu, click Enter Maintenance Mode + + + Click Enter Maintenance Mode + + The server's status in the Resources pane shows when all running VMs have been successfully migrated off the server. + To take a server out of Maintenance Mode: + + In the Resources pane, select the server, then do one of the following: + + Right-click, then click Exit Maintenance Mode on the shortcut menu. + + On the Server menu, click Exit Maintenance Mode + + + Click Exit Maintenance Mode + + +
diff --git a/docs/en-US/zone-add.xml b/docs/en-US/zone-add.xml new file mode 100644 index 00000000000..7d68375dfab --- /dev/null +++ b/docs/en-US/zone-add.xml @@ -0,0 +1,58 @@ + + +%BOOK_ENTITIES; +]> +
+ Adding a Zone + These steps assume you have already logged in to the CloudPlatform UI. See . + + (Optional) If you are going to use Swift for cloud-wide secondary storage, you need to add it before you add zones. + + Log in to the CloudPlatform UI as administrator. + If this is your first time visiting the UI, you will see the guided tour splash screen. Choose “Experienced user.” The Dashboard appears. + In the left navigation bar, click Global Settings. + In the search box, type swift.enable and click the search button. + Click the edit button and set swift.enable to true. + + + + + edit-icon.png: button to modify data + + + + Restart the Management Server. + # service cloud-management restart + + Refresh the CloudPlatform UI browser tab and log back in. + + + In the left navigation, choose Infrastructure. + On Zones, click View More. + (Optional) If you are using Swift storage, click Enable Swift. Provide the following: + + URL. The Swift URL. + Account. The Swift account. + Username. The Swift account’s username. + Key. The Swift key. + + + Click Add Zone. The zone creation wizard will appear. + Choose one of the following network types: + + Basic. For AWS-style networking. Provides a single network where each VM instance is assigned an IP directly from the network. Guest isolation can be provided through layer-3 means such as security groups (IP address source filtering). + Advanced. For more sophisticated network topologies. This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, or load balancer support. + + For more information about the network types, see Network Setup. + + The rest of the steps differ depending on whether you chose Basic or Advanced. Continue with the steps that apply to you: + + + + + + + + +
From 8a3a788d720a3d491034b58ff02d1a919355a7bb Mon Sep 17 00:00:00 2001 From: kishan Date: Mon, 16 Jul 2012 15:00:13 -0700 Subject: [PATCH 07/29] ant targets to run usage server --- build/build-usage.xml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/build/build-usage.xml b/build/build-usage.xml index 61b6a314d1d..264f27f5b1f 100644 --- a/build/build-usage.xml +++ b/build/build-usage.xml @@ -29,7 +29,9 @@ - + + + @@ -55,4 +57,19 @@ + + + + + + + + + + + + + + + From 097c260690509d3d84cd6265699c2481fb18232d Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Mon, 16 Jul 2012 14:36:13 -0700 Subject: [PATCH 08/29] Resource tags: CS-15591 - delete tags for template/iso when corresponding vo object is removed --- server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java index 1db12aa641f..3c30076295c 100755 --- a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java +++ b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java @@ -860,8 +860,10 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem txn.start(); VMTemplateVO template = createForUpdate(); template.setRemoved(new Date()); - if (template != null) { - if (template.getFormat() == ImageFormat.ISO) { + + VMTemplateVO vo = findById(id); + if (vo != null) { + if (vo.getFormat() == ImageFormat.ISO) { _tagsDao.removeByIdAndType(id, TaggedResourceType.ISO); } else { _tagsDao.removeByIdAndType(id, TaggedResourceType.Template); From 09e4b1683f5fbe65c654413d8de4ca32d38c7ec9 Mon Sep 17 00:00:00 2001 From: kishan Date: Mon, 16 Jul 2012 16:10:56 -0700 Subject: [PATCH 09/29] Added ant target deploy-server-encrypt to enable encryption in dev setup --- build/developer.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/build/developer.xml b/build/developer.xml index 4d466b76478..ecd6939b988 100755 --- a/build/developer.xml +++ b/build/developer.xml @@ -167,7 +167,12 @@ - + + + + password + + From 88205a7a83ed27c115aca4800068a89468979165 Mon Sep 17 00:00:00 2001 From: kishan Date: Mon, 16 Jul 2012 16:11:20 -0700 Subject: [PATCH 10/29] Added ant target deploy-server-encrypt to enable encryption in dev setup --- client/tomcatconf/db-enc.properties.in | 54 ++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 client/tomcatconf/db-enc.properties.in diff --git a/client/tomcatconf/db-enc.properties.in b/client/tomcatconf/db-enc.properties.in new file mode 100644 index 00000000000..4cdea827a5a --- /dev/null +++ b/client/tomcatconf/db-enc.properties.in @@ -0,0 +1,54 @@ +# management server clustering parameters, change cluster.node.IP to the machine IP address +# in which the management server(Tomcat) is running +cluster.node.IP=127.0.0.1 +cluster.servlet.port=9090 + +# CloudStack database settings +db.cloud.username=@DBUSER@ +db.cloud.password=@DBPW@ +db.cloud.host=@DBHOST@ +db.cloud.port=3306 +db.cloud.name=cloud + +# CloudStack database tuning parameters +db.cloud.maxActive=250 +db.cloud.maxIdle=30 +db.cloud.maxWait=10000 +db.cloud.autoReconnect=true +db.cloud.validationQuery=SELECT 1 +db.cloud.testOnBorrow=true +db.cloud.testWhileIdle=true +db.cloud.timeBetweenEvictionRunsMillis=40000 +db.cloud.minEvictableIdleTimeMillis=240000 +db.cloud.removeAbandoned=false +db.cloud.removeAbandonedTimeout=300 +db.cloud.logAbandoned=true +db.cloud.poolPreparedStatements=false +db.cloud.url.params=prepStmtCacheSize=517&cachePrepStmts=true + +# CloudStack database SSL settings +db.cloud.useSSL=false +db.cloud.keyStore= +db.cloud.keyStorePassword= +db.cloud.trustStore= +db.cloud.trustStorePassword= + +# Encryption Settings +db.cloud.encryption.type=file +db.cloud.encrypt.secret=password + +# usage database settings +db.usage.username=@DBUSER@ +db.usage.password=@DBPW@ +db.usage.host=@DBHOST@ +db.usage.port=3306 +db.usage.name=cloud_usage + +# usage database tuning parameters +db.usage.maxActive=100 +db.usage.maxIdle=30 +db.usage.maxWait=10000 +db.usage.autoReconnect=true + +# awsapi database settings +db.awsapi.name=cloudbridge From dfb0eed5a42ead051283229b2a58652f80d9ab3a Mon Sep 17 00:00:00 2001 From: Edison Su Date: Mon, 16 Jul 2012 17:59:52 -0700 Subject: [PATCH 11/29] fix ubuntu 12.04 build --- .../SYSCONFDIR/init.d/cloud-management.in | 2 +- debian/cloud-daemonize.install | 2 -- debian/cloud-deps.install | 2 +- debian/cloud-server.install | 16 ++++++++++++++++ debian/cloud-test.install | 6 ------ debian/control | 19 ------------------- wscript_configure | 7 ++++--- 7 files changed, 22 insertions(+), 32 deletions(-) delete mode 100644 debian/cloud-daemonize.install delete mode 100644 debian/cloud-test.install diff --git a/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in b/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in index 32855a5833b..2711ffc6db9 100755 --- a/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in +++ b/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in @@ -55,7 +55,7 @@ TOMCAT6_USER=tomcat6 # The first existing directory is used for JAVA_HOME (if JAVA_HOME is not # defined in $DEFAULT) -JDK_DIRS="/usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-sun /usr/lib/jvm/java-1.5.0-sun /usr/lib/j2sdk1.5-sun /usr/lib/j2sdk1.5-ibm" +JDK_DIRS="/usr/lib/jvm/java-1.6.0-openjdk-i386/ /usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-sun /usr/lib/jvm/java-1.5.0-sun /usr/lib/j2sdk1.5-sun /usr/lib/j2sdk1.5-ibm" # Look for the right JVM to use for jdir in $JDK_DIRS; do diff --git a/debian/cloud-daemonize.install b/debian/cloud-daemonize.install deleted file mode 100644 index 8ffbb222fe0..00000000000 --- a/debian/cloud-daemonize.install +++ /dev/null @@ -1,2 +0,0 @@ -/usr/bin/cloud-daemonize - diff --git a/debian/cloud-deps.install b/debian/cloud-deps.install index 9381a484d02..f0f7235baeb 100644 --- a/debian/cloud-deps.install +++ b/debian/cloud-deps.install @@ -17,7 +17,7 @@ /usr/share/java/cloud-jstl-1.2.jar /usr/share/java/cloud-axis.jar /usr/share/java/cloud-commons-discovery.jar -/usr/share/java/cloud-wsdl4j.jar +/usr/share/java/cloud-wsdl4j-1.6.2.jar /usr/share/java/cloud-bcprov-jdk16-1.45.jar /usr/share/java/cloud-jsch-0.1.42.jar /usr/share/java/cloud-iControl.jar diff --git a/debian/cloud-server.install b/debian/cloud-server.install index 98380cb9a26..a88fbf01f83 100644 --- a/debian/cloud-server.install +++ b/debian/cloud-server.install @@ -1,3 +1,19 @@ /usr/share/java/cloud-server.jar /usr/share/java/cloud-ovm.jar /etc/cloud/server/* +/usr/share/java/cloud-dp-user-concentrated-pod.jar +/usr/share/java/cloud-dp-user-dispersing.jar +/usr/share/java/cloud-host-allocator-random.jar +/usr/share/java/cloud-plugin-elb.jar +/usr/share/java/cloud-plugin-f5.jar +/usr/share/java/cloud-plugin-netapp.jar +/usr/share/java/cloud-plugin-netscaler.jar +/usr/share/java/cloud-plugin-ovs.jar +/usr/share/java/cloud-plugin-srx.jar +/usr/share/java/cloud-plugin-nicira-nvp.jar +/usr/share/java/cloud-storage-allocator-random.jar +/usr/share/java/cloud-user-authenticator-ldap.jar +/usr/share/java/cloud-user-authenticator-md5.jar +/usr/share/java/cloud-user-authenticator-plaintext.jar +/usr/share/java/cloud-xen.jar +/usr/share/java/cloud-vmware.jar diff --git a/debian/cloud-test.install b/debian/cloud-test.install deleted file mode 100644 index 37efeaeca03..00000000000 --- a/debian/cloud-test.install +++ /dev/null @@ -1,6 +0,0 @@ -/usr/bin/cloud-run-test -/usr/share/java/cloud-test.jar -/var/lib/cloud/test/* -/usr/lib/cloud/test/* -/etc/cloud/test/* - diff --git a/debian/control b/debian/control index 517366d8797..1ffb93728e4 100644 --- a/debian/control +++ b/debian/control @@ -73,15 +73,6 @@ Description: CloudStack agent scripts will participate in your cloud -- this is a requirement for the CloudStack agent. -Package: cloud-daemonize -Provides: vmops-daemonize -Conflicts: vmops-daemonize -Replaces: vmops-daemonize -Architecture: any -Description: CloudStack daemonization utility - This package contains a program that daemonizes the specified - process. The CloudStack Cloud Stack uses this to start the agent - as a service. Package: cloud-core Provides: vmops-core @@ -93,16 +84,6 @@ Description: CloudStack core library The CloudStack core libraries provide a set of Java classes used in the CloudStack Cloud Stack. -Package: cloud-test -Provides: vmops-test -Conflicts: vmops-test -Replaces: vmops-test -Architecture: any -Depends: openjdk-6-jre, wget, cloud-utils (= ${source:Version}), cloud-deps (= ${source:Version}) -Description: CloudStack test suite - The CloudStack test package contains a suite of automated tests - that the very much appreciated QA team at CloudStack constantly - uses to help increase the quality of the Cloud Stack. Package: cloud-client Provides: vmops-client diff --git a/wscript_configure b/wscript_configure index 70fb163a61d..e6d99589a71 100644 --- a/wscript_configure +++ b/wscript_configure @@ -56,9 +56,10 @@ systemjars = { ( "servlet-api-2.5.jar", "jsp-api-2.1.jar", - "jasper-6.0.28.jar", + "jasper.jar", "el-api-2.1.jar", - "jasper-el-6.0.28.jar", + "jasper-el.jar", + "ecj.jar", "cglib.jar", "asm3.jar", "jetty.jar", @@ -288,7 +289,7 @@ depsclasspath = [ in_javadir(_basename(x)) for x in _glob(_join(conf.srcdir,"dep conf.env.DEPSCLASSPATH = pathsep.join(depsclasspath) # the MS classpath points to JARs required to run the management server -msclasspath = [ in_javadir("%s-%s.jar"%(conf.env.PACKAGE,x)) for x in "utils api core server server-extras core-extras vmware-base ovm dp-user-concentrated-pod dp-user-dispersing host-allocator-random plugin-f5 plugin-netscaler plugin-ovs plugin-srx storage-allocator-random user-authenticator-ldap user-authenticator-md5 user-authenticator-plaintext vmware xen plugin-nicira-nvp".split() ] +msclasspath = [ in_javadir("%s-%s.jar"%(conf.env.PACKAGE,x)) for x in "utils api core server server-extras core-extras vmware-base ovm dp-user-concentrated-pod dp-user-dispersing host-allocator-random plugin-f5 plugin-netscaler plugin-ovs plugin-srx storage-allocator-random user-authenticator-ldap user-authenticator-md5 user-authenticator-plaintext vmware xen plugin-nicira-nvp plugin-elb plugin-netapp".split() ] conf.env.MSCLASSPATH = pathsep.join(msclasspath) # the agent and simulator classpaths point to JARs required to run these two applications From 2b2e491f27a1485338557a775e5c21179a19b32b Mon Sep 17 00:00:00 2001 From: bfederle Date: Tue, 17 Jul 2012 11:38:56 -0700 Subject: [PATCH 12/29] CS-15572: Fix page index for list view filters This fixes an issue where the page index is not reset back 1 when activating the search or filter functionality, causing truncation when trying to scroll down to later pages. --- ui/scripts/ui/widgets/listView.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ui/scripts/ui/widgets/listView.js b/ui/scripts/ui/widgets/listView.js index b01d01e18b0..087f5401d3d 100644 --- a/ui/scripts/ui/widgets/listView.js +++ b/ui/scripts/ui/widgets/listView.js @@ -974,8 +974,8 @@ if (!options) options = {}; var context = options.context; var reorder = options.reorder; - var $tbody = $table.find('tbody'); + if (!loadArgs) loadArgs = { page: 1, filterBy: { @@ -1262,6 +1262,7 @@ }); var search = function() { + page = 1; loadBody( $table, listViewData.dataProvider, @@ -1269,7 +1270,7 @@ listViewData.fields, false, { - page: 1, + page: page, filterBy: { kind: $listView.find('select[id=filterBy]').val(), search: { @@ -1316,7 +1317,8 @@ var context = $listView.data('view-args').context; if (loadMoreData) { - page = page + 1; + page = page + 1; + loadBody($table, listViewData.dataProvider, listViewData.preFilter, listViewData.fields, true, { context: context, page: page, From f2bbf62d9d5d87149b5db729b902e6ba6364718a Mon Sep 17 00:00:00 2001 From: kishan Date: Wed, 18 Jul 2012 14:20:04 -0700 Subject: [PATCH 13/29] Added getUser API to get user details using API key. Services like S3 can user this API to authenticate. API is admin only. --- .../com/cloud/api/commands/GetUserCmd.java | 76 +++++++++++++++++++ api/src/com/cloud/user/AccountService.java | 2 + client/tomcatconf/commands.properties.in | 1 + .../com/cloud/user/AccountManagerImpl.java | 5 ++ .../com/cloud/user/dao/UserAccountDao.java | 1 + .../cloud/user/dao/UserAccountDaoImpl.java | 17 +++++ 6 files changed, 102 insertions(+) create mode 100644 api/src/com/cloud/api/commands/GetUserCmd.java diff --git a/api/src/com/cloud/api/commands/GetUserCmd.java b/api/src/com/cloud/api/commands/GetUserCmd.java new file mode 100644 index 00000000000..465e440a0f3 --- /dev/null +++ b/api/src/com/cloud/api/commands/GetUserCmd.java @@ -0,0 +1,76 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.api.commands; + +import org.apache.log4j.Logger; + +import com.cloud.api.ApiConstants; +import com.cloud.api.BaseCmd; +import com.cloud.api.Implementation; +import com.cloud.api.Parameter; +import com.cloud.api.response.UserResponse; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.user.UserAccount; + +@Implementation(description="Find user account by API key", responseObject=UserResponse.class) +public class GetUserCmd extends BaseCmd { + public static final Logger s_logger = Logger.getLogger(GetUserCmd.class.getName()); + + private static final String s_name = "getuserresponse"; + + ///////////////////////////////////////////////////// + //////////////// API parameters ///////////////////// + ///////////////////////////////////////////////////// + + @Parameter(name=ApiConstants.API_KEY, type=CommandType.STRING, required=true, description="API key of the user") + private String apiKey; + + ///////////////////////////////////////////////////// + /////////////////// Accessors /////////////////////// + ///////////////////////////////////////////////////// + + public String getApiKey() { + return apiKey; + } + + ///////////////////////////////////////////////////// + /////////////// API Implementation/////////////////// + ///////////////////////////////////////////////////// + + @Override + public String getCommandName() { + return s_name; + } + + @Override + public long getEntityOwnerId() { + return 0; + } + + @Override + public void execute(){ + UserAccount result = _accountService.getUserByApiKey(getApiKey()); + if(result != null){ + UserResponse response = _responseGenerator.createUserResponse(result); + response.setResponseName(getCommandName()); + response.setResponseName(getCommandName()); + this.setResponseObject(response); + } else { + throw new InvalidParameterValueException("User with specified API key does not exist"); + } + } +} diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java index 02e9b27f0f5..53383d3c7c3 100755 --- a/api/src/com/cloud/user/AccountService.java +++ b/api/src/com/cloud/user/AccountService.java @@ -196,6 +196,8 @@ public interface AccountService { List searchForUsers(ListUsersCmd cmd) throws PermissionDeniedException; + UserAccount getUserByApiKey(String apiKey); + void checkAccess(Account account, Domain domain) throws PermissionDeniedException; void checkAccess(Account account, AccessType accessType, boolean sameOwner, ControlledEntity... entities) throws PermissionDeniedException; diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index 08c175bbc52..28beadeef85 100755 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -19,6 +19,7 @@ listUsers=com.cloud.api.commands.ListUsersCmd;7 ####lockUser=com.cloud.api.commands.LockUserCmd;7 disableUser=com.cloud.api.commands.DisableUserCmd;7 enableUser=com.cloud.api.commands.EnableUserCmd;7 +getUser=com.cloud.api.commands.GetUserCmd;1 #### Domain commands createDomain=com.cloud.api.commands.CreateDomainCmd;1 diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index e66b886839d..0a11dc4d884 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -2225,4 +2225,9 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } } + + @Override + public UserAccount getUserByApiKey(String apiKey) { + return _userAccountDao.getUserByApiKey(apiKey); + } } diff --git a/server/src/com/cloud/user/dao/UserAccountDao.java b/server/src/com/cloud/user/dao/UserAccountDao.java index f0907192c46..eb4e0cdf517 100644 --- a/server/src/com/cloud/user/dao/UserAccountDao.java +++ b/server/src/com/cloud/user/dao/UserAccountDao.java @@ -23,4 +23,5 @@ import com.cloud.utils.db.GenericDao; public interface UserAccountDao extends GenericDao { UserAccount getUserAccount(String username, Long domainId); boolean validateUsernameInDomain(String username, Long domainId); + UserAccount getUserByApiKey(String apiKey); } diff --git a/server/src/com/cloud/user/dao/UserAccountDaoImpl.java b/server/src/com/cloud/user/dao/UserAccountDaoImpl.java index 5cc7434c886..663e58fba4f 100644 --- a/server/src/com/cloud/user/dao/UserAccountDaoImpl.java +++ b/server/src/com/cloud/user/dao/UserAccountDaoImpl.java @@ -21,10 +21,20 @@ import javax.ejb.Local; import com.cloud.user.UserAccount; import com.cloud.user.UserAccountVO; import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; @Local(value={UserAccountDao.class}) public class UserAccountDaoImpl extends GenericDaoBase implements UserAccountDao { + + protected final SearchBuilder userAccountSearch; + + protected UserAccountDaoImpl() { + userAccountSearch = createSearchBuilder(); + userAccountSearch.and("apiKey", userAccountSearch.entity().getApiKey(), SearchCriteria.Op.EQ); + userAccountSearch.done(); + } + @Override public UserAccount getUserAccount(String username, Long domainId) { if ((username == null) || (domainId == null)) { @@ -45,4 +55,11 @@ public class UserAccountDaoImpl extends GenericDaoBase impl } return false; } + + @Override + public UserAccount getUserByApiKey(String apiKey) { + SearchCriteria sc = userAccountSearch.create(); + sc.setParameters("apiKey",apiKey); + return findOneBy(sc); + } } From 8e648e4a98d8eaa3d8475220e53fb83c07968cc8 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Wed, 18 Jul 2012 15:45:16 -0700 Subject: [PATCH 14/29] Fixed update endpointe.url global config var --- server/src/com/cloud/configuration/Config.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index df2fc9ec741..6c0af1b0528 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -215,7 +215,7 @@ public enum Config { ApplyAllocationAlgorithmToPods("Advanced", ManagementServer.class, Boolean.class, "apply.allocation.algorithm.to.pods", "false", "If true, deployment planner applies the allocation heuristics at pods first in the given datacenter during VM resource allocation", "true,false"), VmUserDispersionWeight("Advanced", ManagementServer.class, Float.class, "vm.user.dispersion.weight", "1", "Weight for user dispersion heuristic (as a value between 0 and 1) applied to resource allocation during vm deployment. Weight for capacity heuristic will be (1 - weight of user dispersion)", null), VmAllocationAlgorithm("Advanced", ManagementServer.class, String.class, "vm.allocation.algorithm", "random", "'random', 'firstfit', 'userdispersing', 'userconcentratedpod_random', 'userconcentratedpod_firstfit' : Order in which hosts within a cluster will be considered for VM/volume allocation.", null), - EndpointeUrl("Advanced", ManagementServer.class, String.class, "endpointe.url", "http://localhost:8080/client/api", "Endpointe Url", "The endpoint callback URL"), + EndpointeUrl("Advanced", ManagementServer.class, String.class, "endpointe.url", "http://localhost:8080/client/api", "Endpointe Url", null), ElasticLoadBalancerEnabled("Advanced", ManagementServer.class, String.class, "network.loadbalancer.basiczone.elb.enabled", "false", "Whether the load balancing service is enabled for basic zones", "true,false"), ElasticLoadBalancerNetwork("Advanced", ManagementServer.class, String.class, "network.loadbalancer.basiczone.elb.network", "guest", "Whether the elastic load balancing service public ips are taken from the public or guest network", "guest,public"), ElasticLoadBalancerVmMemory("Advanced", ManagementServer.class, Integer.class, "network.loadbalancer.basiczone.elb.vm.ram.size", "128", "Memory in MB for the elastic load balancer vm", null), From 44f289e0a6e156fca459c693ab80d13acc4b339c Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Thu, 19 Jul 2012 13:35:27 +0200 Subject: [PATCH 15/29] debian: Do not depend on the cloud-daemonize package We are in the process of removing this from all packages and files --- debian/control | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/control b/debian/control index 1ffb93728e4..db717a48114 100644 --- a/debian/control +++ b/debian/control @@ -123,7 +123,7 @@ Provides: vmops-agent Conflicts: vmops-agent Replaces: vmops-agent Architecture: any -Depends: openjdk-6-jre, cloud-utils (= ${source:Version}), cloud-core (= ${source:Version}), cloud-agent-deps (= ${source:Version}), python, cloud-python (= ${source:Version}), cloud-agent-libs (= ${source:Version}), cloud-agent-scripts (= ${source:Version}), libcommons-httpclient-java, libcommons-collections-java, libcommons-dbcp-java, libcommons-pool-java, libcommons-logging-java, libvirt0, cloud-daemonize, sysvinit-utils, chkconfig, qemu-kvm, libvirt-bin, uuid-runtime, rsync, grep, iproute, ebtables, vlan, libcglib-java, libcommons-httpclient-java, libservlet2.5-java, liblog4j1.2-java, libjna-java, wget +Depends: openjdk-6-jre, cloud-utils (= ${source:Version}), cloud-core (= ${source:Version}), cloud-agent-deps (= ${source:Version}), python, cloud-python (= ${source:Version}), cloud-agent-libs (= ${source:Version}), cloud-agent-scripts (= ${source:Version}), libcommons-httpclient-java, libcommons-collections-java, libcommons-dbcp-java, libcommons-pool-java, libcommons-logging-java, libvirt0, sysvinit-utils, chkconfig, qemu-kvm, libvirt-bin, uuid-runtime, rsync, grep, iproute, ebtables, vlan, libcglib-java, libcommons-httpclient-java, libservlet2.5-java, liblog4j1.2-java, libjna-java, wget Description: CloudStack agent The CloudStack agent is in charge of managing shared computing resources in a CloudStack Cloud Stack-powered cloud. Install this package if this computer @@ -141,7 +141,7 @@ Provides: vmops-usage Conflicts: vmops-usage Replaces: vmops-usage Architecture: any -Depends: openjdk-6-jre, cloud-utils (= ${source:Version}), cloud-core (= ${source:Version}), cloud-deps (= ${source:Version}), cloud-server (= ${source:Version}), cloud-daemonize (= ${source:Version}), cloud-setup (= ${source:Version}), cloud-client (= ${source:Version}) +Depends: openjdk-6-jre, cloud-utils (= ${source:Version}), cloud-core (= ${source:Version}), cloud-deps (= ${source:Version}), cloud-server (= ${source:Version}), cloud-setup (= ${source:Version}), cloud-client (= ${source:Version}) Description: CloudStack usage monitor The CloudStack usage monitor provides usage accounting across the entire cloud for cloud operators to charge based on usage parameters. @@ -149,6 +149,6 @@ Description: CloudStack usage monitor Package: cloud-cli Provides: cloud-cli Architecture: any -Depends: openjdk-6-jre, cloud-utils (= ${source:Version}), cloud-core (= ${source:Version}), cloud-deps (= ${source:Version}), cloud-server (= ${source:Version}), cloud-daemonize (= ${source:Version}), cloud-setup (= ${source:Version}), cloud-client (= ${source:Version}) +Depends: openjdk-6-jre, cloud-utils (= ${source:Version}), cloud-core (= ${source:Version}), cloud-deps (= ${source:Version}), cloud-server (= ${source:Version}), cloud-setup (= ${source:Version}), cloud-client (= ${source:Version}) Description: CloudStack commandline tool The CloudStack commandline tool for invoking APi From 308cb36066b155eb720381cbaedeb051235938a6 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 19 Jul 2012 16:35:45 -0700 Subject: [PATCH 16/29] Unnecessary INFO log cluttering up the logs. Also make logs more informative --- .../storage/upload/UploadMonitorImpl.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java index 25ada43f49d..891d44f8912 100755 --- a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java +++ b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java @@ -437,8 +437,6 @@ public class UploadMonitorImpl implements UploadMonitor { @Override public void run() { try { - s_logger.info("Extract Monitor Garbage Collection Thread is running."); - GlobalLock scanLock = GlobalLock.getInternLock("uploadmonitor.storageGC"); try { if (scanLock.lock(3)) { @@ -476,24 +474,26 @@ public class UploadMonitorImpl implements UploadMonitor { if( getTimeDiff(extractJob.getLastUpdated()) > EXTRACT_URL_LIFE_LIMIT_IN_SECONDS ){ String path = extractJob.getInstallPath(); HostVO secStorage = ApiDBUtils.findHostById(extractJob.getHostId()); - s_logger.debug("Sending deletion of extract URL "+extractJob.getUploadUrl()); + // Would delete the symlink for the Type and if Type == VOLUME then also the volume DeleteEntityDownloadURLCommand cmd = new DeleteEntityDownloadURLCommand(path, extractJob.getType(),extractJob.getUploadUrl(), secStorage.getParent()); HostVO ssvm = _ssvmMgr.pickSsvmHost(secStorage); if( ssvm == null ) { - s_logger.warn("There is no secondary storage VM for secondary storage host " + extractJob.getHostId()); - continue; + s_logger.warn("UploadMonitor cleanup: There is no secondary storage VM for secondary storage host " + extractJob.getHostId()); + continue; //TODO: why continue? why not break? + } + if (s_logger.isDebugEnabled()) { + s_logger.debug("UploadMonitor cleanup: Sending deletion of extract URL "+ extractJob.getUploadUrl() + " to ssvm " + ssvm.getId()); } - try { - send(ssvm.getId(), cmd, null); + send(ssvm.getId(), cmd, null); //TODO: how do you know if it was successful? _uploadDao.remove(extractJob.getId()); } catch (AgentUnavailableException e) { - s_logger.warn("Unable to delete the link for " +extractJob.getType()+ " id=" +extractJob.getTypeId()+ " url="+extractJob.getUploadUrl(), e); + s_logger.warn("UploadMonitor cleanup: Unable to delete the link for " + extractJob.getType()+ " id=" + extractJob.getTypeId()+ " url="+ extractJob.getUploadUrl() + " on ssvm " + ssvm.getId(), e); } } } } - + } From 3631e7a1d2858d37023cc719432a93c756a0b0b6 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Fri, 20 Jul 2012 13:49:56 -0400 Subject: [PATCH 17/29] cleaning up some last license header files in agent-simulator --- .../db/create-schema-simulator.sql | 28 +++++++++++-------- .../zucchini/zucchini.configuration.sql | 28 +++++++++++-------- 2 files changed, 32 insertions(+), 24 deletions(-) diff --git a/agent-simulator/db/create-schema-simulator.sql b/agent-simulator/db/create-schema-simulator.sql index bae65ee1c34..0b3a820b92d 100644 --- a/agent-simulator/db/create-schema-simulator.sql +++ b/agent-simulator/db/create-schema-simulator.sql @@ -1,15 +1,19 @@ -# Copyright 2012 Citrix Systems, Inc. Licensed under the -# Apache License, Version 2.0 (the "License"); you may not use this -# file except in compliance with the License. Citrix Systems, Inc. -# reserves all rights not expressly granted by the License. -# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Automatically generated by addcopyright.py at 04/03/2012 +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. DROP TABLE IF EXISTS `cloud`.`mockhost`; DROP TABLE IF EXISTS `cloud`.`mocksecstorage`; DROP TABLE IF EXISTS `cloud`.`mockstoragepool`; diff --git a/agent-simulator/scripts/zucchini/zucchini.configuration.sql b/agent-simulator/scripts/zucchini/zucchini.configuration.sql index 6a267be52ab..f2c492ea189 100644 --- a/agent-simulator/scripts/zucchini/zucchini.configuration.sql +++ b/agent-simulator/scripts/zucchini/zucchini.configuration.sql @@ -1,15 +1,19 @@ -# Copyright 2012 Citrix Systems, Inc. Licensed under the -# Apache License, Version 2.0 (the "License"); you may not use this -# file except in compliance with the License. Citrix Systems, Inc. -# reserves all rights not expressly granted by the License. -# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Automatically generated by addcopyright.py at 04/03/2012 +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. update configuration set value='pod' where name='network.dns.basiczone.updates'; update configuration set value='false' where name='use.user.concentrated.pod.allocation'; From 50da77c63fafb3478d47720869d861e07b26a45a Mon Sep 17 00:00:00 2001 From: David Nalley Date: Fri, 20 Jul 2012 13:51:56 -0400 Subject: [PATCH 18/29] cleaning up one remaining license header issue in api --- .../cloud/api/BaseListTaggedResourcesCmd.java | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/api/src/com/cloud/api/BaseListTaggedResourcesCmd.java b/api/src/com/cloud/api/BaseListTaggedResourcesCmd.java index 9a70b107089..1894fba8bb4 100644 --- a/api/src/com/cloud/api/BaseListTaggedResourcesCmd.java +++ b/api/src/com/cloud/api/BaseListTaggedResourcesCmd.java @@ -1,15 +1,19 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 // -// Automatically generated by addcopyright.py at 04/03/2012 +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. package com.cloud.api; import java.util.Collection; From bacb50d1bac59929aabc569cc71bdc22bae31577 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Fri, 20 Jul 2012 13:58:48 -0400 Subject: [PATCH 19/29] cleaning up last license headers in build --- build/deploy/production/db/templates-dev.sql | 28 +++++++++++--------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/build/deploy/production/db/templates-dev.sql b/build/deploy/production/db/templates-dev.sql index b673e44443e..2a96750e707 100644 --- a/build/deploy/production/db/templates-dev.sql +++ b/build/deploy/production/db/templates-dev.sql @@ -1,15 +1,19 @@ -# Copyright 2012 Citrix Systems, Inc. Licensed under the -# Apache License, Version 2.0 (the "License"); you may not use this -# file except in compliance with the License. Citrix Systems, Inc. -# reserves all rights not expressly granted by the License. -# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Automatically generated by addcopyright.py at 04/03/2012 +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. INSERT INTO `vmops`.`vm_template` (id, unique_name, name, public, path, created, type, hvm, bits, created_by, url, checksum, ready, display_text, enable_password) VALUES (1, 'routing', 'DomR Template', 0, 'tank/volumes/demo/template/private/u000000/os/routing', now(), 'ext3', 0, 64, 1, 'http://vmopsserver.lab.vmops.com/images/routing/vmi-root-fc8-x86_64-domR.img.bz2', 'd00927f863a23b98cc6df6e377c9d0c6', 0, 'DomR Template', 0); INSERT INTO `vmops`.`vm_template` (id, unique_name, name, public, path, created, type, hvm, bits, created_by, url, checksum, ready, display_text, enable_password) From 385f2e7923c13fc207444d2eaeac9d8fcb4d9894 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Fri, 20 Jul 2012 14:02:24 -0400 Subject: [PATCH 20/29] cleaning up a few last license headers in client --- .../SYSCONFDIR/init.d/cloud-management.in | 27 +++++++++++-------- .../SYSCONFDIR/init.d/cloud-management.in | 27 +++++++++++-------- .../SYSCONFDIR/init.d/cloud-management.in | 27 +++++++++++-------- 3 files changed, 48 insertions(+), 33 deletions(-) diff --git a/client/distro/opensuse/SYSCONFDIR/init.d/cloud-management.in b/client/distro/opensuse/SYSCONFDIR/init.d/cloud-management.in index 52eb3aa4746..d071b39d2e7 100755 --- a/client/distro/opensuse/SYSCONFDIR/init.d/cloud-management.in +++ b/client/distro/opensuse/SYSCONFDIR/init.d/cloud-management.in @@ -2,17 +2,22 @@ # # /etc/init.d/tomcat6 -- startup script for the Tomcat 6 servlet engine -#Copyright 2012 Citrix Systems, Inc. Licensed under the -#Apache License, Version 2.0 (the "License"); you may not use this -#file except in compliance with the License. Citrix Systems, Inc. -#reserves all rights not expressly granted by the License. -#You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -#Unless required by applicable law or agreed to in writing, software -#distributed under the License is distributed on an "AS IS" BASIS, -#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -#See the License for the specific language governing permissions and -#limitations under the License. - +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. ### BEGIN INIT INFO # Provides: tomcat-vmops # Required-Start: $local_fs $remote_fs $network diff --git a/client/distro/sles/SYSCONFDIR/init.d/cloud-management.in b/client/distro/sles/SYSCONFDIR/init.d/cloud-management.in index 52eb3aa4746..d071b39d2e7 100755 --- a/client/distro/sles/SYSCONFDIR/init.d/cloud-management.in +++ b/client/distro/sles/SYSCONFDIR/init.d/cloud-management.in @@ -2,17 +2,22 @@ # # /etc/init.d/tomcat6 -- startup script for the Tomcat 6 servlet engine -#Copyright 2012 Citrix Systems, Inc. Licensed under the -#Apache License, Version 2.0 (the "License"); you may not use this -#file except in compliance with the License. Citrix Systems, Inc. -#reserves all rights not expressly granted by the License. -#You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -#Unless required by applicable law or agreed to in writing, software -#distributed under the License is distributed on an "AS IS" BASIS, -#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -#See the License for the specific language governing permissions and -#limitations under the License. - +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. ### BEGIN INIT INFO # Provides: tomcat-vmops # Required-Start: $local_fs $remote_fs $network diff --git a/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in b/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in index 2711ffc6db9..b4f2d3e0312 100755 --- a/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in +++ b/client/distro/ubuntu/SYSCONFDIR/init.d/cloud-management.in @@ -2,17 +2,22 @@ # # /etc/init.d/tomcat6 -- startup script for the Tomcat 6 servlet engine -#Copyright 2012 Citrix Systems, Inc. Licensed under the -#Apache License, Version 2.0 (the "License"); you may not use this -#file except in compliance with the License. Citrix Systems, Inc. -#reserves all rights not expressly granted by the License. -#You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -#Unless required by applicable law or agreed to in writing, software -#distributed under the License is distributed on an "AS IS" BASIS, -#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -#See the License for the specific language governing permissions and -#limitations under the License. - +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. ### BEGIN INIT INFO # Provides: tomcat-vmops # Required-Start: $local_fs $remote_fs $network From 7c62865090ea1bff317e5e63f1c495b86eab7046 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Fri, 20 Jul 2012 14:07:32 -0400 Subject: [PATCH 21/29] additional copy of license not needed --- daemonize/COPYING | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 daemonize/COPYING diff --git a/daemonize/COPYING b/daemonize/COPYING deleted file mode 100644 index db2569eea6d..00000000000 --- a/daemonize/COPYING +++ /dev/null @@ -1,16 +0,0 @@ -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. From 2f6cef64022b6d45ba745d2e7b5c6ab612bb7ec8 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Fri, 20 Jul 2012 14:09:16 -0400 Subject: [PATCH 22/29] fixing license statement in debian --- debian/copyright | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/debian/copyright b/debian/copyright index cee717125ad..13a83393a91 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,10 +1,16 @@ -Copyright 2012 Citrix Systems, Inc. Licensed under the -Apache License, Version 2.0 (the "License"); you may not use this -file except in compliance with the License. Citrix Systems, Inc. -reserves all rights not expressly granted by the License. -You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. From 67bc9c819ada18ffdba1081377bcb6e2afdf56f6 Mon Sep 17 00:00:00 2001 From: David Nalley Date: Fri, 20 Jul 2012 15:59:31 -0400 Subject: [PATCH 23/29] fixing some more license headers --- .../debian/config/root/savepassword.sh | 29 ++++++++++--------- .../commands/AddNetscalerLoadBalancerCmd.java | 17 ++++++----- .../ConfigureNetscalerLoadBalancerCmd.java | 16 +++++----- .../DeleteNetscalerLoadBalancerCmd.java | 17 ++++++----- .../ListNetscalerLoadBalancerNetworksCmd.java | 16 +++++----- .../ListNetscalerLoadBalancersCmd.java | 16 +++++----- .../allocator/RandomStoragePoolAllocator.java | 17 ++++++----- .../server/auth/LDAPUserAuthenticator.java | 17 ++++++----- .../server/auth/MD5UserAuthenticator.java | 27 +++++++++-------- .../auth/PlainTextUserAuthenticator.java | 17 ++++++----- 10 files changed, 108 insertions(+), 81 deletions(-) diff --git a/patches/systemvm/debian/config/root/savepassword.sh b/patches/systemvm/debian/config/root/savepassword.sh index c2c89e2b318..80a6928df0e 100755 --- a/patches/systemvm/debian/config/root/savepassword.sh +++ b/patches/systemvm/debian/config/root/savepassword.sh @@ -1,17 +1,20 @@ #!/bin/bash -# Copyright 2012 Citrix Systems, Inc. Licensed under the -# Apache License, Version 2.0 (the "License"); you may not use this -# file except in compliance with the License. Citrix Systems, Inc. -# reserves all rights not expressly granted by the License. -# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Automatically generated by addcopyright.py at 04/03/2012 - +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. diff --git a/plugins/network-elements/netscaler/src/com/cloud/api/commands/AddNetscalerLoadBalancerCmd.java b/plugins/network-elements/netscaler/src/com/cloud/api/commands/AddNetscalerLoadBalancerCmd.java index 283293f4db5..1a88de2cb6c 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/api/commands/AddNetscalerLoadBalancerCmd.java +++ b/plugins/network-elements/netscaler/src/com/cloud/api/commands/AddNetscalerLoadBalancerCmd.java @@ -1,15 +1,18 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 + package com.cloud.api.commands; import org.apache.log4j.Logger; diff --git a/plugins/network-elements/netscaler/src/com/cloud/api/commands/ConfigureNetscalerLoadBalancerCmd.java b/plugins/network-elements/netscaler/src/com/cloud/api/commands/ConfigureNetscalerLoadBalancerCmd.java index f5633a34c5d..de1a7c84ef5 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/api/commands/ConfigureNetscalerLoadBalancerCmd.java +++ b/plugins/network-elements/netscaler/src/com/cloud/api/commands/ConfigureNetscalerLoadBalancerCmd.java @@ -1,15 +1,17 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 package com.cloud.api.commands; import java.util.List; diff --git a/plugins/network-elements/netscaler/src/com/cloud/api/commands/DeleteNetscalerLoadBalancerCmd.java b/plugins/network-elements/netscaler/src/com/cloud/api/commands/DeleteNetscalerLoadBalancerCmd.java index a2cb54058e0..b063fdf6396 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/api/commands/DeleteNetscalerLoadBalancerCmd.java +++ b/plugins/network-elements/netscaler/src/com/cloud/api/commands/DeleteNetscalerLoadBalancerCmd.java @@ -1,15 +1,18 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 + package com.cloud.api.commands; import org.apache.log4j.Logger; diff --git a/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancerNetworksCmd.java b/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancerNetworksCmd.java index 909956048d3..c0c5950d57e 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancerNetworksCmd.java +++ b/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancerNetworksCmd.java @@ -1,15 +1,17 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 package com.cloud.api.commands; import java.util.ArrayList; diff --git a/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancersCmd.java b/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancersCmd.java index daca1112de0..98fe6e95df7 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancersCmd.java +++ b/plugins/network-elements/netscaler/src/com/cloud/api/commands/ListNetscalerLoadBalancersCmd.java @@ -1,15 +1,17 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 package com.cloud.api.commands; import java.util.ArrayList; diff --git a/plugins/storage-allocators/random/src/com/cloud/storage/allocator/RandomStoragePoolAllocator.java b/plugins/storage-allocators/random/src/com/cloud/storage/allocator/RandomStoragePoolAllocator.java index def048e792f..919270349a9 100644 --- a/plugins/storage-allocators/random/src/com/cloud/storage/allocator/RandomStoragePoolAllocator.java +++ b/plugins/storage-allocators/random/src/com/cloud/storage/allocator/RandomStoragePoolAllocator.java @@ -1,15 +1,18 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 + package com.cloud.storage.allocator; import java.util.ArrayList; diff --git a/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java b/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java index 8a056cc4545..7c6e52f6659 100644 --- a/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java +++ b/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java @@ -1,15 +1,18 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 +// package com.cloud.server.auth; import java.util.HashMap; diff --git a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java index 2aec4a7937f..5c5d21fe08f 100644 --- a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java +++ b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java @@ -1,15 +1,18 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package com.cloud.server.auth; import java.util.Map; diff --git a/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java b/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java index f05a8cd815f..006daf98e9b 100644 --- a/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java +++ b/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java @@ -1,15 +1,18 @@ -// Copyright 2012 Citrix Systems, Inc. Licensed under the -// Apache License, Version 2.0 (the "License"); you may not use this -// file except in compliance with the License. Citrix Systems, Inc. -// reserves all rights not expressly granted by the License. -// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// -// Automatically generated by addcopyright.py at 04/03/2012 + package com.cloud.server.auth; import java.math.BigInteger; From 152b17b7f399acc0667845a137f3a4610292f774 Mon Sep 17 00:00:00 2001 From: Brian Federle Date: Fri, 20 Jul 2012 14:05:44 -0700 Subject: [PATCH 24/29] Remove dummy VPC UI from networks section --- ui/scripts/network.js | 87 +------------------------------------------ 1 file changed, 1 insertion(+), 86 deletions(-) diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 6699d163d97..ed621d07092 100644 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -177,7 +177,7 @@ } }); - var sectionsToShow = ['networks', 'vpc']; + var sectionsToShow = ['networks']; if(havingSecurityGroupNetwork == true) sectionsToShow.push('securityGroups'); @@ -3179,91 +3179,6 @@ } } } - }, - vpc: { - type: 'select', - title: 'VPC', - id: 'vpc', - listView: { - id: 'vpc', - label: 'VPC', - fields: { - name: { label: 'Name' }, - zone: { label: 'Zone' }, - cidr: { label: 'CIDR' } - }, - dataProvider: function(args) { - args.response.success({ - data: [ - { - name: 'VPC 1', - zone: 'San Jose', - cidr: '0.0.0.0/0', - networkdomain: 'testdomain', - accountdomain: 'testdomain' - }, - { - name: 'VPC 2', - zone: 'San Jose', - cidr: '0.0.0.0/0', - networkdomain: 'testdomain', - accountdomain: 'testdomain' - }, - { - name: 'VPC 3', - zone: 'Cupertino', - cidr: '0.0.0.0/0', - networkdomain: 'testdomain', - accountdomain: 'testdomain' - }, - { - name: 'VPC 4', - zone: 'San Jose', - cidr: '0.0.0.0/0', - networkdomain: 'testdomain', - accountdomain: 'testdomain' - } - ] - }); - }, - actions: { - add: { - label: 'Add VPC', - createForm: { - title: 'Add new VPC', - fields: { - name: { label: 'Name', validation: { required: true } }, - zone: { - label: 'Zone', - validation: { required: true }, - select: function(args) { - args.response.success({ - data: [ - { id: 'zone1', description: 'Zone 1' }, - { id: 'zone2', description: 'Zone 2' }, - { id: 'zone3', description: 'Zone 3' } - ] - }); - } - } - } - }, - messages: { - notification: function(args) { return 'Add new VPC'; } - }, - action: function(args) { - args.response.success(); - }, - notification: { poll: function(args) { args.complete(); } } - }, - editVpc: { - label: 'Edit VPC', - action: { - custom: cloudStack.uiCustom.vpc(cloudStack.vpc) - } - } - } - } } } }; From 9b4c578e0d10afb600c7aa1e63bddb93a7a02de8 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Wed, 18 Jul 2012 10:59:07 -0700 Subject: [PATCH 25/29] More logging on nic release --- .../src/com/cloud/network/guru/ControlNetworkGuru.java | 9 +++++++++ .../src/com/cloud/network/guru/PodBasedNetworkGuru.java | 4 ++++ server/src/com/cloud/network/guru/PublicNetworkGuru.java | 4 ++++ 3 files changed, 17 insertions(+) diff --git a/server/src/com/cloud/network/guru/ControlNetworkGuru.java b/server/src/com/cloud/network/guru/ControlNetworkGuru.java index 6cbed8dffc2..ec8887f340c 100755 --- a/server/src/com/cloud/network/guru/ControlNetworkGuru.java +++ b/server/src/com/cloud/network/guru/ControlNetworkGuru.java @@ -173,9 +173,15 @@ public class ControlNetworkGuru extends PodBasedNetworkGuru implements NetworkGu DataCenterVO dcVo = _dcDao.findById(dcId); if(dcVo.getNetworkType() != NetworkType.Basic) { super.release(nic, vm, reservationId); + if (s_logger.isDebugEnabled()) { + s_logger.debug("Released nic: " + nic); + } return true; } else { nic.deallocate(); + if (s_logger.isDebugEnabled()) { + s_logger.debug("Released nic: " + nic); + } return true; } } @@ -183,6 +189,9 @@ public class ControlNetworkGuru extends PodBasedNetworkGuru implements NetworkGu _dcDao.releaseLinkLocalIpAddress(nic.getId(), reservationId); nic.deallocate(); + if (s_logger.isDebugEnabled()) { + s_logger.debug("Released nic: " + nic); + } return true; } diff --git a/server/src/com/cloud/network/guru/PodBasedNetworkGuru.java b/server/src/com/cloud/network/guru/PodBasedNetworkGuru.java index 12f23cca99b..b513325d5ee 100755 --- a/server/src/com/cloud/network/guru/PodBasedNetworkGuru.java +++ b/server/src/com/cloud/network/guru/PodBasedNetworkGuru.java @@ -149,6 +149,10 @@ public class PodBasedNetworkGuru extends AdapterBase implements NetworkGuru { nic.deallocate(); + if (s_logger.isDebugEnabled()) { + s_logger.debug("Released nic: " + nic); + } + return true; } diff --git a/server/src/com/cloud/network/guru/PublicNetworkGuru.java b/server/src/com/cloud/network/guru/PublicNetworkGuru.java index 46477f375d4..f23ff9af950 100755 --- a/server/src/com/cloud/network/guru/PublicNetworkGuru.java +++ b/server/src/com/cloud/network/guru/PublicNetworkGuru.java @@ -198,6 +198,10 @@ public class PublicNetworkGuru extends AdapterBase implements NetworkGuru { txn.commit(); } nic.deallocate(); + + if (s_logger.isDebugEnabled()) { + s_logger.debug("Deallocated nic: " + nic); + } } @Override From 4c6e547e701790e8f0330fb872f6d18ec76ba7b3 Mon Sep 17 00:00:00 2001 From: Edison Su Date: Fri, 20 Jul 2012 18:20:14 -0700 Subject: [PATCH 26/29] create devcloud base image from veewee --- tools/devcloud/veewee/README | 5 ++ tools/devcloud/veewee/definition.rb | 56 +++++++++++++ tools/devcloud/veewee/preseed.cfg | 122 ++++++++++++++++++++++++++++ 3 files changed, 183 insertions(+) create mode 100644 tools/devcloud/veewee/README create mode 100644 tools/devcloud/veewee/definition.rb create mode 100644 tools/devcloud/veewee/preseed.cfg diff --git a/tools/devcloud/veewee/README b/tools/devcloud/veewee/README new file mode 100644 index 00000000000..c9299e504b4 --- /dev/null +++ b/tools/devcloud/veewee/README @@ -0,0 +1,5 @@ +Install DevCloud Base system: +1. get code from https://github.com/jedi4ever/veewee, and install +2. veewee vbox define devcloud ubuntu-12.04-server-i386 +3. put these two files(definition.rb and preseed.cfg) under ./definition/devcloud/ +3. veewee vbox build devcloud diff --git a/tools/devcloud/veewee/definition.rb b/tools/devcloud/veewee/definition.rb new file mode 100644 index 00000000000..d025ce9a4ea --- /dev/null +++ b/tools/devcloud/veewee/definition.rb @@ -0,0 +1,56 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +Veewee::Session.declare({ + :cpu_count => '1', + :memory_size=> '2048', + :disk_size => '20000', + :disk_format => 'VMDK', + :hostiocache => 'off', + :os_type_id => 'Ubuntu', + :iso_file => "ubuntu-12.04-server-i386.iso", + :iso_src => "http://releases.ubuntu.com/12.04/ubuntu-12.04-server-i386.iso", + :iso_md5 => '32184a83c8b5e6031e1264e5c499bc03', + :iso_download_timeout => "1000", + :boot_wait => "4", + :ioapic => "on", + :nestedpaging => "on", + :hwvirtex => "on", + :boot_cmd_sequence => [ + '', + '/install/vmlinuz noapic preseed/url=http://%IP%:%PORT%/preseed.cfg ', + 'debian-installer=en_US auto locale=en_US kbd-chooser/method=us ', + 'hostname=%NAME% ', + 'fb=false debconf/frontend=noninteractive ', + 'keyboard-configuration/layout=USA keyboard-configuration/variant=USA console-setup/ask_detect=false ', + 'initrd=/install/initrd.gz -- ' +], + :kickstart_port => "7122", + :kickstart_timeout => "10000", + :kickstart_file => "preseed.cfg", + :ssh_login_timeout => "10000", + :ssh_user => "devcloud", + :ssh_password => "devcloud", + :ssh_key => "", + :ssh_host_port => "2222", + :ssh_guest_port => "22", + :sudo_cmd => "echo '%p'|sudo -S sh '%f'", + :shutdown_cmd => "shutdown -P now", + :postinstall_files => [ "postinstall.sh"], + :postinstall_timeout => "10000" +}) diff --git a/tools/devcloud/veewee/preseed.cfg b/tools/devcloud/veewee/preseed.cfg new file mode 100644 index 00000000000..4a97171e76f --- /dev/null +++ b/tools/devcloud/veewee/preseed.cfg @@ -0,0 +1,122 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +## Options to set on the command line +d-i debian-installer/locale string en_US.utf8 +d-i console-setup/ask_detect boolean false +d-i console-setup/layout string USA + +#d-i netcfg/get_hostname string dummy +d-i netcfg/get_hostname string devcloud +d-i netcfg/get_domain string cloudstack.org + +# Continue without a default route +# Not working , specify a dummy in the DHCP +#d-i netcfg/no_default_route boolean + +d-i time/zone string UTC +d-i clock-setup/utc-auto boolean true +d-i clock-setup/utc boolean true + +d-i kbd-chooser/method select American English + +d-i netcfg/wireless_wep string + +d-i base-installer/kernel/override-image string linux-server +#d-i base-installer/kernel/override-image string linux-image-2.6.32-21-generic + +# Choices: Dialog, Readline, Gnome, Kde, Editor, Noninteractive +d-i debconf debconf/frontend select Noninteractive + +d-i pkgsel/install-language-support boolean false +tasksel tasksel/first multiselect standard, ubuntu-server + +#d-i partman-auto/method string regular +d-i partman-auto/method string lvm +d-i partman-auto-lvm/no_boot boolean true +d-i partman-auto/disk string /dev/sda +d-i partman-auto-lvm/new_vg_name string devcloud +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-basicfilesystems/no_swap boolean false + +d-i partman-lvm/confirm boolean true +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-auto/choose_recipe select devcloud + +d-i partman/confirm_write_new_label boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman-auto/expert_recipe string \ +devcloud :: \ +4000 4500 4500 ext4 method{ lvm } \ +$lvmok{ } mountpoint{ / } lv_name{ root } \ +format{ } use_filesystem{ } filesystem{ ext4 } \ +.\ +15000 15000 15000 ext4 method{ lvm } \ +$lvmok{ } mountpoint{ /opt } lv_name{ data } \ +format{ } use_filesystem{ } filesystem{ ext4 } \ +. + +#http://ubuntu-virginia.ubuntuforums.org/showthread.php?p=9626883 +#Message: "write the changes to disk and configure lvm preseed" +#http://serverfault.com/questions/189328/ubuntu-kickstart-installation-using-lvm-waits-for-input +#preseed partman-lvm/confirm_nooverwrite boolean true + +# Write the changes to disks and configure LVM? +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select Finish +d-i partman/confirm_nooverwrite boolean true +d-i partman/confirm boolean true +d-i partman-auto-lvm/guided_size string max + +## Default user, we can get away with a recipe to change this +d-i passwd/user-fullname string devcloud +d-i passwd/username string devcloud +d-i passwd/user-password password devcloud +d-i passwd/user-password-again password devcloud +d-i user-setup/encrypt-home boolean false +d-i user-setup/allow-password-weak boolean true + +## minimum is puppet and ssh and ntp +# Individual additional packages to install +d-i pkgsel/include string openssh-server ntp + +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select full-upgrade + +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i finish-install/reboot_in_progress note + +#For the update +d-i pkgsel/update-policy select none + +# debconf-get-selections --install +#Use mirror +#d-i apt-setup/use_mirror boolean true +#d-i mirror/country string manual +#choose-mirror-bin mirror/protocol string http +#choose-mirror-bin mirror/http/hostname string 192.168.4.150 +#choose-mirror-bin mirror/http/directory string /ubuntu +#choose-mirror-bin mirror/suite select maverick +#d-i debian-installer/allow_unauthenticated string true + +choose-mirror-bin mirror/http/proxy string From 65551cff82b646911bccdb3764951e65a9684e42 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Mon, 23 Jul 2012 10:32:56 -0700 Subject: [PATCH 27/29] Resource tags: CS-15647 - delete resource tags when SG is expunged --- .../network/security/dao/SecurityGroupDaoImpl.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java index 0c9bdc57995..81c20e3ccdb 100644 --- a/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java +++ b/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java @@ -113,5 +113,19 @@ public class SecurityGroupDaoImpl extends GenericDaoBase boolean result = super.remove(id); txn.commit(); return result; + } + + @Override + @DB + public boolean expunge(Long id) { + Transaction txn = Transaction.currentTxn(); + txn.start(); + SecurityGroupVO entry = findById(id); + if (entry != null) { + _tagsDao.removeByIdAndType(id, TaggedResourceType.SecurityGroup); + } + boolean result = super.expunge(id); + txn.commit(); + return result; } } From 7bef9a961d968e4187d1bf843404b29992c21a67 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Mon, 23 Jul 2012 10:50:21 -0700 Subject: [PATCH 28/29] Resource tags: CS-15661 - don't accept NULL or empty key value when create resource tag --- api/src/com/cloud/api/commands/CreateTagsCmd.java | 1 + .../com/cloud/tags/TaggedResourceManagerImpl.java | 12 +++++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateTagsCmd.java b/api/src/com/cloud/api/commands/CreateTagsCmd.java index f87ae6e96d8..a981363cc89 100644 --- a/api/src/com/cloud/api/commands/CreateTagsCmd.java +++ b/api/src/com/cloud/api/commands/CreateTagsCmd.java @@ -33,6 +33,7 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.event.EventTypes; +import com.cloud.exception.InvalidParameterValueException; import com.cloud.server.ResourceTag; import com.cloud.server.ResourceTag.TaggedResourceType; diff --git a/server/src/com/cloud/tags/TaggedResourceManagerImpl.java b/server/src/com/cloud/tags/TaggedResourceManagerImpl.java index f79eba4a17f..84a26924a71 100644 --- a/server/src/com/cloud/tags/TaggedResourceManagerImpl.java +++ b/server/src/com/cloud/tags/TaggedResourceManagerImpl.java @@ -233,7 +233,7 @@ public class TaggedResourceManagerImpl implements TaggedResourceService, Manager Transaction txn = Transaction.currentTxn(); txn.start(); - for (String tag : tags.keySet()) { + for (String key : tags.keySet()) { for (String resourceId : resourceIds) { Long id = getResourceId(resourceId, resourceType); String resourceUuid = getUuid(resourceId, resourceType); @@ -254,10 +254,16 @@ public class TaggedResourceManagerImpl implements TaggedResourceService, Manager _accountMgr.checkAccess(caller, _domainMgr.getDomain(domainId)); } else { throw new PermissionDeniedException("Account " + caller + " doesn't have permissions to create tags" + - " for resource " + tag); + " for resource " + key); + } + + String value = tags.get(key); + + if (value == null || value.isEmpty()) { + throw new InvalidParameterValueException("Value for the key " + key + " is either null or empty"); } - ResourceTagVO resourceTag = new ResourceTagVO(tag, tags.get(tag), accountDomainPair.first(), + ResourceTagVO resourceTag = new ResourceTagVO(key, value, accountDomainPair.first(), accountDomainPair.second(), id, resourceType, customer, resourceUuid); resourceTag = _resourceTagDao.persist(resourceTag); From 9e5fb17e3d1caed094dd962029b206294618303d Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Mon, 23 Jul 2012 11:16:11 -0700 Subject: [PATCH 29/29] CS-15077: fixed listPublicIpAddresses in basic zone Conflicts: server/src/com/cloud/api/ApiResponseHelper.java server/src/com/cloud/server/ManagementServerImpl.java --- .../src/com/cloud/api/ApiResponseHelper.java | 4 ++- .../cloud/server/ManagementServerImpl.java | 35 ++++++++++++------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 4c88e2b2be6..433d2637e52 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -760,7 +760,9 @@ public class ApiResponseHelper implements ResponseGenerator { ipResponse.setIsSystem(ipAddress.getSystem()); // get account information - populateOwner(ipResponse, ipAddress); + if (ipAddress.getAllocatedToAccountId() != null) { + populateOwner(ipResponse, ipAddress); + } ipResponse.setForVirtualNetwork(forVirtualNetworks); ipResponse.setStaticNat(ipAddress.isOneToOneNat()); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 93c2f4ca2a9..047305ed249 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -1691,23 +1691,30 @@ public class ManagementServerImpl implements ManagementServer { Boolean staticNat = cmd.getIsStaticNat(); Map tags = cmd.getTags(); - Account caller = UserContext.current().getCaller(); - List permittedAccounts = new ArrayList(); - + Boolean isAllocated = cmd.isAllocatedOnly(); if (isAllocated == null) { isAllocated = Boolean.TRUE; } - - Ternary domainIdRecursiveListProject = new Ternary(cmd.getDomainId(), cmd.isRecursive(), null); - _accountMgr.buildACLSearchParameters(caller, cmd.getId(), cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false); - Long domainId = domainIdRecursiveListProject.first(); - Boolean isRecursive = domainIdRecursiveListProject.second(); - ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); - + Filter searchFilter = new Filter(IPAddressVO.class, "address", false, cmd.getStartIndex(), cmd.getPageSizeVal()); SearchBuilder sb = _publicIpAddressDao.createSearchBuilder(); - _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + Long domainId = null; + Boolean isRecursive = null; + List permittedAccounts = new ArrayList(); + ListProjectResourcesCriteria listProjectResourcesCriteria = null; + if (isAllocated) { + Account caller = UserContext.current().getCaller(); + + Ternary domainIdRecursiveListProject = + new Ternary(cmd.getDomainId(), cmd.isRecursive(), null); + _accountMgr.buildACLSearchParameters(caller, cmd.getId(), cmd.getAccountName(), cmd.getProjectId(), + permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false); + domainId = domainIdRecursiveListProject.first(); + isRecursive = domainIdRecursiveListProject.second(); + listProjectResourcesCriteria = domainIdRecursiveListProject.third(); + _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + } sb.and("dataCenterId", sb.entity().getDataCenterId(), SearchCriteria.Op.EQ); sb.and("address", sb.entity().getAddress(), SearchCriteria.Op.EQ); @@ -1760,11 +1767,13 @@ public class ManagementServerImpl implements ManagementServer { // don't show SSVM/CPVM ips if (vlanType == VlanType.VirtualNetwork && (allocatedOnly)) { - sb.and("associatedNetworkId", sb.entity().getAssociatedWithNetworkId(), SearchCriteria.Op.NNULL); + sb.and("associatedNetworkId", sb.entity().getAssociatedWithNetworkId(), SearchCriteria.Op.NNULL); } SearchCriteria sc = sb.create(); - _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + if (isAllocated) { + _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + } sc.setJoinParameters("vlanSearch", "vlanType", vlanType);