From 550cb07318fbbd367119aab76e2808cdd73b7f42 Mon Sep 17 00:00:00 2001 From: radhikap Date: Wed, 11 Sep 2013 11:26:40 +0530 Subject: [PATCH 01/12] new features section updated, api section added CLOUDSTACK-4245 (cherry picked from commit a94443665633ed2a372430ec900dc6459d849633) Signed-off-by: animesh --- docs/en-US/Release_Notes.xml | 2992 ++++++++++++++++++++++++++++++-- docs/en-US/removed-api-4.2.xml | 2 +- 2 files changed, 2860 insertions(+), 134 deletions(-) diff --git a/docs/en-US/Release_Notes.xml b/docs/en-US/Release_Notes.xml index 0ef3b07e5f9..2beef6a420e 100644 --- a/docs/en-US/Release_Notes.xml +++ b/docs/en-US/Release_Notes.xml @@ -25,7 +25,7 @@ under the License. Welcome to &PRODUCT; 4.2 Welcome to the 4.2.0 release of &PRODUCT;, the second major release from the Apache CloudStack project since its graduation from the Apache Incubator. &PRODUCT; 4.2 includes more - than 50 new features and enhancements. The focus of the release is on three major + than 70 new features and enhancements. The focus of the release is on three major areas: @@ -55,208 +55,1021 @@ under the License. If you find any errors or problems in this guide, please see . We hope you enjoy working with &PRODUCT;! - - Version 4.2.0 -
- What’s New in 4.2 - Apache CloudStack 4.2.0 includes many new features. This section covers the most - prominent new features and changes. -
- Windows 8 and Windows Server as VM Guest OS - Supported on XenServer, VMware, and KVM. - Windows 8 and Windows Server 2012 can now be used as OS types on guest virtual - machines. The OS would be made available the same as any other, by uploading an ISO or a - template. The instructions for uploading ISOs and templates are given in the - Administrator's Guide. + + What's New in 4.2 + &PRODUCT; 4.2 includes the following new features. +
+ Features to Support Heterogeneous Workloads + The following new features help &PRODUCT; 4.2 better support both legacy and cloud-era + style zones. +
+ Regions + To increase reliability of the cloud, you can optionally group resources into + geographic regions. A region is the largest available organizational unit within a cloud + deployment. A region is made up of several availability zones, where each zone is + equivalent to a datacenter. Each region is controlled by its own cluster of Management + Servers, running in one of the zones. The zones in a region are typically located in close + geographical proximity. Regions are a useful technique for providing fault tolerance and + disaster recovery. + By grouping zones into regions, the cloud can achieve higher availability and + scalability. User accounts can span regions, so that users can deploy VMs in multiple, + widely-dispersed regions. Even if one of the regions becomes unavailable, the services are + still available to the end-user through VMs deployed in another region. And by grouping + communities of zones under their own nearby Management Servers, the latency of + communications within the cloud is reduced compared to managing widely-dispersed zones + from a single central Management Server. + Usage records can also be consolidated and tracked at the region level, creating + reports or invoices for each geographic region. + + + + + + region-overview.png: Nested structure of a region. + + +
+
+ Object Storage Plugin Architecture + Artifacts such as templates, ISOs and snapshots are kept in storage which &PRODUCT; + refers to as secondary storage. To improve scalability and performance, as when a number + of hosts access secondary storage concurrently, object storage can be used for secondary + storage. Object storage can also provide built-in high availability capability. When using + object storage, access to secondary storage data can be made available across multiple + zones in a region. This is a huge benefit, as it is no longer necessary to copy templates, + snapshots etc. across zones as would be needed in an NFS-only environment. + Object storage is provided through third-party software such as Amazon Simple Storage + Service (S3) or any other object storage that supports the S3 interface. These third party + object storages can be integrated with &PRODUCT; by writing plugin software that uses the + object storage plugin capability introduced in &PRODUCT; 4.2. Several new pluggable + service interfaces are available so that different storage providers can develop + vendor-specific plugins based on the well-defined contracts that can be seemlessly managed + by &PRODUCT;. +
+
+ Zone-Wide Primary Storage + (Supported on KVM and VMware) + In &PRODUCT; 4.2, you can provision primary storage on a per-zone basis. Data volumes + in the primary storage can be attached to any VM on any host in the zone. + In previous &PRODUCT; versions, each cluster had its own primary storage. Data in the + primary storage was directly available only to VMs within that cluster. If a VM in a + different cluster needed some of the data, it must be copied from one cluster to another, + using the zone's secondary storage as an intermediate step. This operation was + unnecessarily time-consuming. +
+
+ VMware Datacenter Now Visible As a &PRODUCT; Zone + In order to support zone-wide functions for VMware, changes have been made so that + &PRODUCT; is now aware of VMware Datacenters and can map each Datacenter to a &PRODUCT; + zone. Previously, &PRODUCT; was only aware of VMware Clusters, a smaller organizational + unit than Datacenters. This implies that a single &PRODUCT; zone could possibly contain + clusters from different VMware Datacenters. In order for zone-wide functions, such as + zone-wide primary storage, to work for VMware hosts, &PRODUCT; has to make sure that a + zone contains only a single VMware Datacenter. Therefore, when you are creating a new + &PRODUCT; zone, you will now be able to select a VMware Datacenter for the zone. If you + are provisioning multiple VMware Datacenters, each one will be set up as a single zone in + &PRODUCT;. - Limitation: When used with VMware hosts, this - feature works only for the following versions: vSphere ESXi 5.1 and ESXi 5.0 Patch - 4. + If you are upgrading from a previous &PRODUCT; version, and your existing deployment + contains a zone with clusters from multiple VMware Datacenters, that zone will not be + forcibly migrated to the new model. It will continue to function as before. However, any + new zone-wide operations, such as zone-wide primary storage, will not be available in + that zone. + +
+
+
+ Third-Party UI Plugin Framework + Using the new third-party plugin framework, you can write and install extensions to + &PRODUCT;. The installed and enabled plugins will appear in the UI alongside the + Citrix-provided features. + The basic procedure for adding a UI plugin is explained in the Developer Guide. In + summary, the plugin developer creates the plugin code itself (in Javascript), a thumbnail + image, the plugin listing, and a CSS file. The &PRODUCT; administrator adds the folder + containing the plugin code under the &PRODUCT; PLUGINS folder and adds the plugin name to a + configuration file (plugins.js). + The next time the user refreshes the UI in the browser, the plugin will appear under the + Plugins button in the left navigation bar. + + + + + + plugin4.jpg: The plugin appears in the UI + + +
+
+ Networking Enhancements + The following new features provide additional networking functionality in &PRODUCT; + 4.2. +
+ IPv6 (Technical Preview) + &PRODUCT; 4.2 introduces initial support for IPv6. This feature is provided as a + technical preview only. Full support is planned for a future release.
Portable IPs - CLOUDSTACK-3236:Portable IPs in &PRODUCT; are nothing but elastic IPs that can - be transferred across geographically separated zones. As an administrator, you can - provision a pool of portable IPs at region level and are available for user consumption. - The users can acquire portable IPs if admin has provisioned portable public IPs at the - region level they are part of. These IPs can be used for any service within an advanced - zone. You can also use portable IPs for EIP service in Basic zones. Additionally, a - portable IP can be transferred from one network to another network. + Portable IPs in &PRODUCT; are elastic IPs that can be transferred across + geographically separated zones. As an administrator, you can provision a pool of portable + IPs at region level and are available for user consumption. The users can acquire portable + IPs if admin has provisioned portable public IPs at the region level they are part of. + These IPs can be used for any service within an advanced zone. You can also use portable + IPs for EIP service in Basic zones. Additionally, a portable IP can be transferred from + one network to another network.
N-Tier Applications - CLOUDSTACK-770:In &PRODUCT; 3.0.6, a functionality was added to allow users to - create a multi-tier application connected to a single instance of a Virtual Router that - supports inter-VLAN routing. Such a multi-tier application is called a virtual private - cloud (VPC). Users were also able to connect their multi-tier applications to a private - Gateway or a Site-to-Site VPN tunnel and route certain traffic to those gateways. For - &PRODUCT; 4.2, additional features are implemented to enhance VPC applications. + In &PRODUCT; 3.0.6, a functionality was added to allow users to create a multi-tier + application connected to a single instance of a Virtual Router that supports inter-VLAN + routing. Such a multi-tier application is called a virtual private cloud (VPC). Users were + also able to connect their multi-tier applications to a private Gateway or a Site-to-Site + VPN tunnel and route certain traffic to those gateways. For &PRODUCT; 4.2, additional + features are implemented to enhance VPC applications. - Internal Load Balancing between VPC tiers + - Source NAT and ACL support on private gateways + - Multiple private gateway support + - Support for ACL deny rules + - ACL support on all layer 4 protocols + - Support up to 8 VPN Gateways + - Support for blacklisting routes + - NetScaler support for VPC load balancing + - Support for KVM hypervisor + - Support for the ability to simultaneously deploy an instance on a VPC Tier and one - or more Shared Networks + + + + + + + + + + + + + + + + + + + +
+ Support for KVM + VPC is now supported on KVM hypervisors. +
+
+ Support for Simultaneously Deploying a VM on VPC and Multiple Shared + Networks + Support for the ability to simultaneously deploy a VM on a VPC tier and one or more + Shared networks is supported. +
+
+ Load Balancing Support for VPC + In a VPC, you can configure two types of load balancing—external LB and + internal LB. External LB is nothing but a LB rule created to redirect the traffic + received at a public IP of the VPC virtual router. The traffic is load balanced within a + tier based on your configuration. Citrix NetScaler and VPC virtual router are supported + for external LB. When you use internal LB service, traffic received at a tier is load + balanced across different VMs within that tier. For example, traffic reached at Web tier + is redirected to another VM in that tier. External load balancing devices are not + supported for internal LB. The service is provided by a internal LB VM configured on the + target tier. +
+ Load Balancing Within a Tier (External LB) + A &PRODUCT; user or administrator may create load balancing rules that balance + traffic received at a public IP to one or more VMs that belong to a network tier that + provides load balancing service in a VPC. A user creates a rule, specifies an + algorithm, and assigns the rule to a set of VMs within a tier. +
+
+ Load Balancing Across Tiers + &PRODUCT; supports sharing workload across different tiers within your VPC. Assume + that multiple tiers are set up in your environment, such as Web tier and Application + tier. Traffic to each tier is balanced on the VPC virtual router on the public side. + If you want the traffic coming from the Web tier to the Application tier to be + balanced, use the internal load balancing feature offered by &PRODUCT;. +
+
+ Netscaler Support for VPC + Citrix NetScaler is supported for external LB. Certified version for this feature + is NetScaler 10.0 Build 74.4006.e. +
+
+
+ Enhanced Access Control List + Network Access Control List (ACL) on the VPC virtual router is enhanced. The network + ACLs can be created for the tiers only if the NetworkACL service is supported. In + &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL items + are nothing but numbered rules that are evaluated in order, starting with the lowest + numbered rule. These rules determine whether traffic is allowed in or out of any tier + associated with the network ACL. You need to add the Network ACL items to the Network + ACL, then associate the Network ACL with a tier. Network ACL is associated with a VPC + and can be assigned to multiple VPC tiers within a VPC. A Tier is associated with a + Network ACL at all the times. Each tier can be associated with only one ACL. + The default Network ACL is used when no ACL is associated. Default behavior is all + incoming traffic to guest networks is blocked and all outgoing traffic from guest + networks is allowed. Default network ACL cannot be removed or modified. +
+ ACL on Private Gateway + The traffic on the VPC private gateway is controlled by creating both ingress and + egress network ACL rules. The ACLs contains both allow and deny rules. As per the + rule, all the ingress traffic to the private gateway interface and all the egress + traffic out from the private gateway interface are blocked. You can change this + default behaviour while creating a private gateway. +
+
+ Allow ACL on All Level 4 Protocols + In addition to the existing protocol support for ICMP, TCP, UDP, support for All + Level 4 protocols is added. The protocol numbers from 0 to 255 are supported. +
+
+ Support for ACL Deny Rules + In addition to the existing support for ACL Allow rules, support for ACL Deny + rules has been added in &PRODUCT; 4.2. As part of this, two operations are supported: + Number and Action. You can configure a rule, allow or deny, by using action. Use + Number to add a rule number. +
+
+
+ Deploying VMs to a VPC Tier and Shared Networks + &PRODUCT; allows you to deploy VMs on a VPC tier and one or more shared networks. + With this feature, the VMs deployed in a multi-tier application can receive services + offered by a service provider over the shared network. One example of such a service is + monitoring service. +
+
+ Adding a Private Gateway to a VPC + A private gateway can be added by the root admin only. The VPC private network has + 1:1 relationship with the NIC of the physical network. You can configure multiple + private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in + the same data center. +
+ Source NAT on Private Gateway + You might want to deploy multiple VPCs with the same super CIDR and guest tier + CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to reach + a enterprise data center through the private gateway. In such cases, a NAT service + need to be configured on the private gateway. If Source NAT is enabled, the guest VMs + in VPC reaches the enterprise network via private gateway IP address by using the NAT + service. + The Source NAT service on a private gateway can be enabled while adding the + private gateway. On deletion of a private gateway, source NAT rules specific to the + private gateway are deleted. +
+
+ VPN Gateways + Support up to 8 VPN Gateways is added. +
+
+ Creating a Static Route + &PRODUCT; enables you to specify routing for the VPN connection you create. You + can enter one or CIDR addresses to indicate which traffic is to be routed back to the + gateway. +
+
+ Blacklisting Routes + &PRODUCT; enables you to block a list of routes so that they are not assigned to + any of the VPC private gateways. Specify the list of routes that you want to blacklist + in the blacklisted.routes global parameter. Note that the parameter + update affects only new static route creations. If you block an existing static route, + it remains intact and continue functioning. You cannot add a static route if the route + is blacklisted for the zone. +
+
+
+
+ Assigning VLANs to Isolated Networks + &PRODUCT; provides you the ability to control VLAN assignment to Isolated networks. + You can assign a VLAN ID when a network is created, just the way it's done for Shared + networks. + The former behaviour also is supported — VLAN is randomly allocated to a network + from the VNET range of the physical network when the network turns to Implemented state. + The VLAN is released back to the VNET pool when the network shuts down as a part of the + Network Garbage Collection. The VLAN can be re-used either by the same network when it is + implemented again, or by any other network. On each subsequent implementation of a + network, a new VLAN can be assigned. + + You cannot change a VLAN once it's assigned to the network. The VLAN remains with + the network for its entire life cycle. + +
+
+ Persistent Networks + &PRODUCT; 4.2 supports Persistent Networks. The network that you can provision without + having to deploy any VMs on it is called a Persistent Network. A Persistent Network can be + part of a VPC or a non-VPC environment. With the addition of this feature, you will have + the ability to create a network in &PRODUCT; in which physical devices can be deployed + without having to run any VMs. Additionally, you can deploy physical devices on that + network. Another advantages is that you can create a VPC with a tier that consists only + physical devices. For example, you might create a VPC for a three-tier application, deploy + VMs for Web and Application tier, and use physical machines for the Database tier. Another + use case is that if you are providing services by using physical hardware, you can define + the network as persistent and therefore even if all its VMs are destroyed the services + will not be discontinued.
Cisco VNMC Support - CLOUDSTACK-742:&PRODUCT; supports Cisco Virtual Network Management Center - (VNMC) on Cisco Nexus 1000v dvSwich-enabled VMware hypervisors. &PRODUCT; supports Cisco - ASA 1000v as an external Firewall provider when integrated with Cisco VNMC. - When Cisco VNMC is integrated with ASA 1000v Cloud Firewall and Cisco Nexus 1000v - dvSwitch in &PRODUCT; you will be able to: + Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and + policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with + ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: Configure Cisco ASA 1000v Firewalls Create and apply security profiles that contain ACL policy sets for both ingress - and egress traffic, connection timeout, NAT policy sets, and TCP intercept - - - Consider the following use cases before using this feature: - - - A Cloud administrator adds VNMC as a network element by using the admin API - addCiscoVnmcResource after specifying the credentials - - - A Cloud administrator adds ASA 1000v appliances by using the admin API - addCiscoAsa1000vResource. You can configure one per guest network. - - - A Cloud administrator creates an Isolated guest network offering by using ASA - 1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static - NAT. + and egress traffic, and NAT policy sets + &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware + hypervisors.
VMware vNetwork Distributed vSwitch - CLOUDSTACK-772:&PRODUCT; 4.2 supports VMware vSphere Distributed Switch (VDS) - for virtual network configuration in a VMware vSphere environment. Each vCenter server - instance can support up to 128 VDSs and each VDS can manage up to 500 VMware hosts. -
- About VMware Distributed Virtual Switch - VMware VDS is an aggregation of host-level virtual switches on a VMware vCenter - server. VDS abstracts the configuration of individual virtual switches that span across - a large number of hosts, and enables centralized provisioning, administration, and - monitoring for your entire datacenter from a centralized interface. VDS is controlled as - a single distributed switch at the datacenter level. So there needed a component to - ensure that the network configurations on the source and the destination virtual switch - are consistent and will allow the VM to operate without breaking connectivity or network - policies. Particularly during migration of VM across hosts, the sync up among peers need - to be taken care. However in case of distributed vSwitch during VMotion, the vCenter - server, would update the vSwitch modules on the hosts in cluster accordingly. -
-
- Enabling Virtual Distributed Switch in &PRODUCT; - To make a &PRODUCT; deployment VDS enabled, set the vmware.use.dvswitch parameter to - true by using the Global Settings page in the &PRODUCT; UI and restart the Management - Server. Unless you enable the vmware.use.dvswitch parameter, you cannot see any UI - options specific to VDS, and &PRODUCT; ignores the VDS-specific parameters specified in - the AddCluster API call. Additionally, &PRODUCT; uses VDS for virtual network - infrastructure if the value of vmware.use.dvswitch parameter is true and the value of - vmware.use.nexus.dvswitch parameter is false. - &PRODUCT; supports configuring virtual networks in a deployment with a mix of - Virtual Distributed Switch, Standard Virtual Switch and Nexus 1000v Virtual Switch. - -
+ &PRODUCT; supports VMware vSphere Distributed Switch (VDS) for virtual network + configuration in a VMware vSphere environment. Each vCenter server instance can support up + to 128 VDSs and each VDS can manage up to 500 VMware hosts. &PRODUCT; supports configuring + virtual networks in a deployment with a mix of Virtual Distributed Switch, Standard + Virtual Switch and Nexus 1000v Virtual Switch. +
+
+ IP Reservation in Isolated Guest Networks + In Isolated guest networks in &PRODUCT; 4.2, a part of the guest IP address space can + be reserved for non-&PRODUCT; VMs or physical servers. To do so, you configure a range of + Reserved IP addresses by specifying the CIDR when a guest network is in Implemented state. + The advantage of having this feature is that if your customers wish to have non-&PRODUCT; + controlled VMs or physical servers on the same network, they can use a part of the IP + address space that is primarily provided to the guest network. When IP reservation is + configured, the administrator can add additional VMs or physical servers that are not part + of &PRODUCT; to the same network and assign them the Reserved IP addresses. &PRODUCT; + guest VMs cannot acquire IPs from the Reserved IP Range. +
+
+ Dedicated Resources: Public IP Addresses and VLANs Per Account + &PRODUCT; provides you the ability to reserve a set of public IP addresses and VLANs + exclusively for an account. During zone creation, you can continue to define a set of + VLANs and multiple public IP ranges. This feature extends the functionality to enable you + to dedicate a fixed set of VLANs and guest IP addresses for a tenant. + This feature provides you the following capabilities: + + + Reserve a VLAN range and public IP address range from an Advanced zone and assign + it to an account + + + Disassociate a VLAN and public IP address range from an account + + + + Ensure that you check whether the required range is available and conforms to + account limits. The maximum IPs per account limit cannot be superseded. + +
+
+ Enhanced Juniper SRX Support for Egress Firewall Rules + Egress firewall rules were previously supported on virtual routers, and now they are + also supported on Juniper SRX external networking devices. + Egress traffic originates from a private network to a public network, such as the + Internet. By default, the egress traffic is blocked, so no outgoing traffic is allowed + from a guest network to the Internet. However, you can control the egress traffic in an + Advanced zone by creating egress firewall rules. When an egress firewall rule is applied, + the traffic specific to the rule is allowed and the remaining traffic is blocked. When all + the firewall rules are removed the default policy, Block, is applied. + + Egress firewall rules are not supported on Shared networks. They are supported only + on Isolated guest networks. + +
+
+ Configuring the Default Egress Policy + The default egress policy for Isolated guest network can be configured by using + Network offering. Use the create network offering option to determine whether the default + policy should be block or allow all the traffic to the public network from a guest + network. Use this network offering to create the network. If no policy is specified, by + default all the traffic is allowed from the guest network that you create by using this + network offering. + You have two options: Allow and Deny. + If you select Allow for a network offering, by default egress traffic is allowed. + However, when an egress rule is configured for a guest network, rules are applied to block + the specified traffic and rest are allowed. If no egress rules are configured for the + network, egress traffic is accepted. If you select Deny for a network offering, by default + egress traffic for the guest network is blocked. However, when an egress rules is + configured for a guest network, rules are applied to allow the specified traffic. While + implementing a guest network, &PRODUCT; adds the firewall egress rule specific to the + default egress policy for the guest network. + This feature is supported only on virtual router and Juniper SRX. +
+
+ Non-Contiguous VLAN Ranges + &PRODUCT; provides you with the flexibility to add non contiguous VLAN ranges to your + network. The administrator can either update an existing VLAN range or add multiple non + contiguous VLAN ranges while creating a zone. You can also use the UpdatephysicalNetwork + API to extend the VLAN range. +
+
+ Isolation in Advanced Zone Using Private VLAN + Isolation of guest traffic in shared networks can be achieved by using Private VLANs + (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a + PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach + the DHCP server and gateway, this would in turn allow users to control traffic within a + network and help them deploy multiple applications without communication between + application as well as prevent communication with other users’ VMs. + + + Isolate VMs in a shared networks by using Private VLANs. + + + Supported on KVM, XenServer, and VMware hypervisors. + + + PVLAN-enabled shared network can be a part of multiple networks of a guest VM. + + + + For further reading: + + + Understanding Private VLANs + + + Cisco Systems' Private VLANs: + Scalable Security in a Multi-Client Environment + + + Private VLAN (PVLAN) on vNetwork Distributed + Switch - Concept Overview (1010691) + + +
+
+ Configuring Multiple IP Addresses on a Single NIC + (Supported on XenServer, KVM, and VMware hypervisors) + &PRODUCT; now provides you the ability to associate multiple private IP addresses per + guest VM NIC. This feature is supported on all the network configurations—Basic, + Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported + on these additional IPs. In addition to the primary IP, you can assign additional IPs to + the guest VM NIC. Up to 256 IP addresses are allowed per NIC. + As always, you can specify an IP from the guest subnet; if not specified, an IP is + automatically picked up from the guest VM subnet. You can view the IPs associated with for + each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by using + firewall configuration in the &PRODUCT; UI. You must specify the NIC to which the IP + should be associated. +
+
+ Adding Multiple IP Ranges + (Supported on KVM, xenServer, and VMware hypervisors) + &PRODUCT; 4.2 provides you with the flexibility to add guest IP ranges from different + subnets in Basic zones and security groups-enabled Advanced zones. For security + groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. + With the addition of this feature, you will be able to add IP address ranges from the same + subnet or from a different one when IP address are exhausted. This would in turn allows + you to employ higher number of subnets and thus reduce the address management + overhead. + Ensure that you manually configure the gateway of the new subnet before adding the IP + range. Note that &PRODUCT; supports only one gateway for a subnet; overlapping subnets are + not currently supported. + You can also delete IP ranges. This operation fails if an IP from the remove range is + in use. If the remove range contains the IP address on which the DHCP server is running, + &PRODUCT; acquires a new IP from the same subnet. If no IP is available in the subnet, the + remove operation fails. + + The feature can only be implemented on IPv4 addresses. + +
+
+ Support for Multiple Networks in VMs + (Supported on XenServer, VMware and KVM hypervisors) + &PRODUCT; 4.2 provides you the ability to add and remove multiple networks to a VM. + You can remove a network from a VM and add a new network. You can also change the default + network of a VM. With this functionality, hybrid or traditional server loads can be + accommodated with ease. + For adding or removing a NIC to work on VMware, ensure that vm-tools are running on + guest VMs. +
+
+ Global Server Load Balancing + &PRODUCT; 4.2 supports Global Server Load Balancing (GSLB) functionalities to provide + business continuity by load balancing traffic to an instance on active zones only in case + of zone failures . &PRODUCT; achieve this by extending its functionality of integrating + with NetScaler Application Delivery Controller (ADC), which also provides various GSLB + capabilities, such as disaster recovery and load balancing. The DNS redirection technique + is used to achieve GSLB in &PRODUCT;. In order to support this functionality, region level + services and service provider are introduced. A new service 'GSLB' is introduced as a + region level service. The GSLB service provider is introduced that will provider the GSLB + service. Currently, NetScaler is the supported GSLB provider in &PRODUCT;. GSLB + functionality works in an Active-Active data center environment. +
+
+ Enhanced Load Balancing Services Using External Provider on Shared VLANs + Network services like Firewall, Load Balancing, and NAT are now supported in shared + networks created in an advanced zone. In effect, the following network services shall be + made available to a VM in a shared network: Source NAT, Static NAT, Port Forwarding, + Firewall and Load balancing. Subset of these service can be chosen while creating a + network offering for shared networks. Services available in a shared network is defined by + the network offering and the service chosen in the network offering. For example, if + network offering for a shared network has source NAT service enabled, a public IP shall be + provisioned and source NAT is configured on the firewall device to provide public access + to the VMs on the shared network. Static NAT, Port Forwarding, Load Balancing, and + Firewall services shall be available only on the acquired public IPs associated with a + shared network. + Additionally, Netscaler and Juniper SRX firewall device can be configured inline or + side-by-side mode.
Health Checks for Load Balanced Instances - CLOUDSTACK-4243: This feature is supported only on NetScaler version 10.0 and - beyond. The Nitro API is not compatible with NetScaler 9.3 and therefore this version is - not supported for this feature. + This feature is supported only on NetScaler version 10.0 and beyond. - CLOUDSTACK-816:(NetScaler load balancer only) A load balancer rule distributes - requests among a pool of services (a service in this context means an application running - on a virtual machine). When creating a load balancer rule, you can specify a health check - which will ensure that the rule forwards requests only to services that are healthy - (running and available). This is in addition to specifying the stickiness policy, - algorithm, and other load balancer rule options. You can configure one health check policy - per load balancer rule. - When a health check is in effect, the load balancer will stop forwarding requests to - any resources that it has found to be unhealthy. If the resource later becomes available + (NetScaler load balancer only) A load balancer rule distributes requests among a pool + of services (a service in this context means an application running on a virtual machine). + When creating a load balancer rule, you can specify a health check which will ensure that + the rule forwards requests only to services that are healthy (running and available). When + a health check is in effect, the load balancer will stop forwarding requests to any + resources that it has found to be unhealthy. If the resource later becomes available again, the periodic health check (periodicity is configurable) will discover it and the - resource will once again be added to the pool of resources that can receive requests from - the load balancer. - You can delete or modify existing health check policies. + resource will once again be made available to the load balancer. To configure how often the health check is performed by default, use the global configuration setting healthcheck.update.interval. This default applies to all the health check policies in the cloud. You can override this value for an individual health check policy.
+
+
+ Host and Virtual Machine Enhancements + The following new features expand the ways you can use hosts and virtual + machines. +
+ VMware DRS Support + The VMware vSphere Distributed Resources Scheduler (DRS) is supported. +
+
+ Windows 8 and Windows Server 2012 as VM Guest OS + (Supported on XenServer, VMware, and KVM) + Windows 8 and Windows Server 2012 can now be used as OS types on guest virtual + machines. The OS would be made available the same as any other, by uploading an ISO or a + template. The instructions for uploading ISOs and templates are given in the + Administrator's Guide. + + Limitation: When used with VMware hosts, this + feature works only for the following versions: vSphere ESXi 5.1 and ESXi 5.0 Patch + 4. + + +
+
+ Change Account Ownership of Virtual Machines + A root administrator can now change the ownership of any virtual machine from one + account to any other account. A domain or sub-domain administrator can do the same for VMs + within the domain from one account to any other account in the domain. +
+
+ Private Pod, Cluster, or Host + Dedicating pod, cluster or host to a specific domain/account means that the + domain/account will have sole access to the dedicated pod, cluster or hosts such that + scalability, security and manageability within a domain/account can be improved. The + resources which belong to that tenant will be placed into that dedicated pod, cluster or + host. +
+
+ Resizing Volumes + &PRODUCT; provides the ability to resize data disks; &PRODUCT; controls volume size by + using disk offerings. This provides &PRODUCT; administrators with the flexibility to + choose how much space they want to make available to the end users. Volumes within the + disk offerings with the same storage tag can be resized. For example, if you only want to + offer 10, 50, and 100 GB offerings, the allowed resize should stay within those limits. + That implies if you define a 10 GB, a 50 GB and a 100 GB disk offerings, a user can + upgrade from 10 GB to 50 GB, or 50 GB to 100 GB. If you create a custom-sized disk + offering, then you have the option to resize the volume by specifying a new, larger size. + Additionally, using the resizeVolume API, a data volume can be moved from a static disk + offering to a custom disk offering with the size specified. This functionality allows + those who might be billing by certain volume sizes or disk offerings to stick to that + model, while providing the flexibility to migrate to whatever custom size necessary. This + feature is supported on KVM, XenServer, and VMware hosts. However, shrinking volumes is + not supported on VMware hosts +
+
+ VMware Volume Snapshot Improved Performance + When you take a snapshot of a data volume on VMware, &PRODUCT; will now use a more + efficient storage technique to improve performance. + Previously, every snapshot was immediately exported from vCenter to a mounted NFS + share and packaged into an OVA file format. This operation consumed time and resources. + Starting from 4.2, the original file formats (e.g., VMDK) provided by vCenter will be + retained. An OVA file will only be created as needed, on demand. + The new process applies only to newly created snapshots after upgrade to &PRODUCT; + 4.2. Snapshots that have already been taken and stored in OVA format will continue to + exist in that format, and will continue to work as expected. +
+
+ Storage Migration: XenMotion and vMotion + (Supported on XenServer and VMware) + Storage migration allows VMs to be moved from one host to another, where the VMs are + not located on storage shared between the two hosts. It provides the option to live + migrate a VM’s disks along with the VM itself. It is now possible to migrate a VM from one + XenServer resource pool / VMware cluster to another, or to migrate a VM whose disks are on + local storage, or even to migrate a VM’s disks from one storage repository to another, all + while the VM is running. +
+
+ Configuring Usage of Linked Clones on VMware + (For ESX hypervisor in conjunction with vCenter) + In &PRODUCT; 4.2, the creation of VMs as full clones is allowed. In previous versions, + only linked clones were possible. + For a full description of clone types, refer to VMware documentation. In summary: A + full clone is a copy of an existing virtual machine which, once created, does not depend + in any way on the original virtual machine. A linked clone is also a copy of an existing + virtual machine, but it has ongoing dependency on the original. A linked clone shares the + virtual disk of the original VM, and retains access to all files that were present at the + time the clone was created. + A new global configuration setting has been added, vmware.create.full.clone. When the + administrator sets this to true, end users can create guest VMs only as full clones. The + default value is true for new installations. For customers upgrading from a previous + version of &PRODUCT;, the default value of vmware.create.full.clone is false. +
+
+ VM Deployment Rules + Rules can be set up to ensure that particular VMs are not placed on the same physical + host. These "anti-affinity rules" can increase the reliability of applications by ensuring + that the failure of a single host can not take down the entire group of VMs supporting a + given application. See Affinity Groups in the &PRODUCT; 4.2 Administration Guide. +
+
+ CPU and Memory Scaling for Running VMs + (Supported on VMware and XenServer) + You can now change the CPU and RAM values for a running virtual machine. In previous + versions of &PRODUCT;, this could only be done on a stopped VM. + It is not always possible to accurately predict the CPU and RAM requirements when you + first deploy a VM. You might need to increase or decrease these resources at any time + during the life of a VM. With the new ability to dynamically modify CPU and RAM levels, + you can change these resources for a running VM without incurring any downtime. + Dynamic CPU and RAM scaling can be used in the following cases: + + + New VMs that are created after the installation of &PRODUCT; 4.2. If you are + upgrading from a previous version of &PRODUCT;, your existing VMs created with + previous versions will not have the dynamic scaling capability. + + + User VMs on hosts running VMware and XenServer. + + + System VMs on VMware. + + + VM Tools or XenServer Tools must be installed on the virtual machine. + + + The new requested CPU and RAM values must be within the constraints allowed by the + hypervisor and the VM operating system. + + + To configure this feature, use the following new global configuration + variables: + + + enable.dynamic.scale.vm: Set to True to enable the feature. By default, the + feature is turned off. + + + scale.retry: How many times to attempt the scaling operation. Default = 2. + + +
+
+ CPU and Memory Over-Provisioning + (Supported for XenServer, KVM, and VMware) + In &PRODUCT; 4.2, CPU and memory (RAM) over-provisioning factors can be set for each + cluster to change the number of VMs that can run on each host in the cluster. This helps + optimize the use of resources. By increasing the over-provisioning ratio, more resource + capacity will be used. If the ratio is set to 1, no over-provisioning is done. + In previous releases, &PRODUCT; did not perform memory over-provisioning. It performed + CPU over-provisioning based on a ratio configured by the administrator in the global + configuration setting cpu.overprovisioning.factor. Starting in 4.2, the administrator can + specify a memory over-provisioning ratio, and can specify both CPU and memory + over-provisioning ratios on a per-cluster basis, rather than only on a global + basis. + In any given cloud, the optimum number of VMs for each host is affected by such things + as the hypervisor, storage, and hardware configuration. These may be different for each + cluster in the same cloud. A single global over-provisioning setting could not provide the + best utilization for all the different clusters in the cloud. It had to be set for the + lowest common denominator. The new per-cluster setting provides a finer granularity for + better utilization of resources, no matter where the &PRODUCT; placement algorithm decides + to place a VM. +
+
+ Kickstart Installation for Bare Metal Provisioning + &PRODUCT; 4.2 supports the kick start installation method for RPM-based Linux + operating systems on baremetal hosts in basic zones. Users can provision a baremetal host + managed by &PRODUCT; as long as they have the kick start file and corresponding OS + installation ISO ready. + Tested on CentOS 5.5, CentOS 6.2, CentOS 6.3, Ubuntu 12.04. + For more information, see the Baremetal Installation Guide. +
+
+ Enhanced Bare Metal Support on Cisco UCS + You can now more easily provision new Cisco UCS server blades into &PRODUCT; for use + as bare metal hosts. The goal is to enable easy expansion of the cloud by leveraging the + programmability of the UCS converged infrastructure and &PRODUCT;’s knowledge of the cloud + architecture and ability to orchestrate. With this new feature, &PRODUCT; can + automatically understand the UCS environment, server profiles, etc. to make it easy to + deploy a bare metal OS on a Cisco UCS. +
+
+ Changing a VM's Base Image + Every VM is created from a base image, which is a template or ISO which has been + created and stored in &PRODUCT;. Both cloud administrators and end users can create and + modify templates, ISOs, and VMs. + In &PRODUCT; 4.2, there is a new way to modify an existing VM. You can change an + existing VM from one base image to another. For example, suppose there is a template based + on a particular operating system, and the OS vendor releases a software patch. The + administrator or user naturally wants to apply the patch and then make sure existing VMs + start using it. Whether a software update is involved or not, it's also possible to simply + switch a VM from its current template to any other desired template. +
+
+ Reset VM on Reboot + In &PRODUCT; 4.2, you can specify that you want to discard the root disk and create a + new one whenever a given VM is rebooted. This is useful for secure environments that need + a fresh start on every boot and for desktops that should not retain state. The IP address + of the VM will not change due to this operation. +
+
+ Virtual Machine Snapshots for VMware + (VMware hosts only) In addition to the existing &PRODUCT; ability to snapshot + individual VM volumes, you can now take a VM snapshot to preserve all the VM's data + volumes as well as (optionally) its CPU/memory state. This is useful for quick restore of + a VM. For example, you can snapshot a VM, then make changes such as software upgrades. If + anything goes wrong, simply restore the VM to its previous state using the previously + saved VM snapshot. + The snapshot is created using the VMware native snapshot facility. The VM snapshot + includes not only the data volumes, but optionally also whether the VM is running or + turned off (CPU state) and the memory contents. The snapshot is stored in &PRODUCT;'s + primary storage. + VM snapshots can have a parent/child relationship. Each successive snapshot of the + same VM is the child of the snapshot that came before it. Each time you take an additional + snapshot of the same VM, it saves only the differences between the current state of the VM + and the state stored in the most recent previous snapshot. The previous snapshot becomes a + parent, and the new snapshot is its child. It is possible to create a long chain of these + parent/child snapshots, which amount to a "redo" record leading from the current state of + the VM back to the original. +
+
+ Increased Userdata Size When Deploying a VM + You can now specify up to 32KB of userdata when deploying a virtual machine through + the &PRODUCT; UI or the deployVirtualMachine API call. +
+
+ Set VMware Cluster Size Limit Depending on VMware Version + The maximum number of hosts in a vSphere cluster is determined by the VMware + hypervisor software. For VMware versions 4.2, 4.1, 5.0, and 5.1, the limit is 32 + hosts. + For &PRODUCT; 4.2, the global configuration setting vmware.percluster.host.max has + been removed. The maximum number of hosts in a VMware cluster is now determined by the + underlying hypervisor software. + + Best Practice: It is advisable for VMware clusters in &PRODUCT; to be smaller than + the VMware hypervisor's maximum size. A cluster size of up to 8 hosts has been found + optimal for most real-world situations. + +
+
+ Limiting Resource Usage + Previously in &PRODUCT;, resource usage limit was imposed based on the resource count, + that is, restrict a user or domain on the basis of the number of VMs, volumes, or + snapshots used. In &PRODUCT; 4.2, a new set of resource types has been added to the + existing pool of resources (VMs, Volumes, and Snapshots) to support the customization + model—need-basis usage, such as large VM or small VM. The new resource types are now + broadly classified as CPU, RAM, Primary storage, and Secondary storage. &PRODUCT; 4.2 + allows the root administrator to impose resource usage limit by the following resource + types for Domain, Project and Accounts. + + + CPUs + + + Memory (RAM) + + + Primary Storage (Volumes) + + + Secondary Storage (Snapshots, Templates, ISOs) + + +
+
+
+ Monitoring, Maintenance, and Operations Enhancements + +
+ Publish and Subscribe for Event Notification + An event is essentially a significant or meaningful change in the state of both + virtual and physical resources associated with a cloud environment. In &PRODUCT; an event + could be a state change of virtual or psychical resources, an action performed by an user + (action events), or policy based events (alerts). In &PRODUCT; 4.2, a new event + notification framework has been added. This framework provides a means for the Management + Server components to publish and subscribe to &PRODUCT; events. Event notification is + achieved by implementing the concept of event bus abstraction in the Management Server. + A new event for state change, resource state change, is introduced as part of Event + notification framework. Every resource, such as user VM, volume, NIC, network, public IP, + snapshot, and template, is associated with a state machine and generates events as part of + the state change. That implies that a change in the state of a resource results in a state + change event, and the event is published in the corresponding state machine on the event + bus. All the &PRODUCT; events (alerts, action events, usage events) and the additional + category of resource state change events, are published on to the events bus. +
+
+ Deleting and Archiving Events and Alerts + In addition to viewing a list of events and alerts in the UI, the administrator can + now delete and archive them. In order to support deleting and archiving alerts, the + following global parameters have been added: + + + alert.purge.delay: The alerts older than + specified number of days are purged. Set the value to 0 to never purge alerts + automatically. + + + alert.purge.interval: The interval in seconds to + wait before running the alert purge thread. The default is 86400 seconds (one + day). + + + + Archived alerts or events cannot be viewed in the UI, or by using the API. They are + maintained in the database for auditing or compliance purposes. + +
+
+ Increased Granularity for Configuration Parameters + Some configuration parameters which were previously available only at the global level + of the cloud can now be set for smaller components of the cloud, such as at the zone + level. To set these parameters, look for the new Settings tab in the UI. You will find it + on the detail page for an account, cluster, zone, or primary storage. + The account level parameters are: remote.access.vpn.client.iprange, + allow.public.user.templates, use.system.public.ips, and + use.system.guest.vlans + The cluster level parameters are + cluster.storage.allocated.capacity.notificationthreshold, + cluster.storage.capacity.notificationthreshold, + cluster.cpu.allocated.capacity.notificationthreshold, + cluster.memory.allocated.capacity.notificationthreshold, + cluster.cpu.allocated.capacity.disablethreshold, + cluster.memory.allocated.capacity.disablethreshold, + cpu.overprovisioning.factor, mem.overprovisioning.factor, + vmware.reserve.cpu, and vmware.reserve.mem. + The zone level parameters are + pool.storage.allocated.capacity.disablethreshold, + pool.storage.capacity.disablethreshold, + storage.overprovisioning.factor, network.throttling.rate, + guest.domain.suffix, router.template.xen, + router.template.kvm, router.template.vmware, + router.template.hyperv, router.template.lxc, + enable.dynamic.scale.vm, use.external.dns, and + blacklisted.routes. +
+
+ API Request Throttling + In &PRODUCT; 4.2, you can limit the rate at which API requests can be placed for each + account. This is useful to avoid malicious attacks on the Management Server, prevent + performance degradation, and provide fairness to all accounts. + If the number of API calls exceeds the threshold, an error message is returned for any + additional API calls. The caller will have to retry these API calls at another + time. + To control the API request throttling, use the following new global configuration + settings: + + + api.throttling.enabled - Enable/Disable API throttling. By default, this setting + is false, so API throttling is not enabled. + + + api.throttling.interval (in seconds) - Time interval during which the number of + API requests is to be counted. When the interval has passed, the API count is reset to + 0. + + + api.throttling.max - Maximum number of APIs that can be placed within the + api.throttling.interval period. + + + api.throttling.cachesize - Cache size for storing API counters. Use a value higher + than the total number of accounts managed by the cloud. One cache entry is needed for + each account, to store the running API total for that account within the current time + window. + + +
+
+ Sending Alerts to External SNMP and Syslog Managers + In addition to showing administrator alerts on the Dashboard in the &PRODUCT; UI and + sending them in email, &PRODUCT; now can also send the same alerts to external SNMP or + Syslog management software. This is useful if you prefer to use an SNMP or Syslog manager + to monitor your cloud. + The supported protocol is SNMP version 2. +
+
+ Changing the Default Password Encryption + Passwords are encoded when creating or updating users. The new default preferred + encoder, replacing MD5, is SHA256. It is more secure than MD5 hashing. If you take no + action to customize password encryption and authentication, SHA256 Salt will be + used. + If you prefer a different authentication mechanism, &PRODUCT; 4.2 provides a way for + you to determine the default encoding and authentication mechanism for admin and user + logins. Two new configurable lists have been introduced: userPasswordEncoders and + userAuthenticators. userPasswordEncoders allow you to configure the order of preference + for encoding passwords, and userAuthenticator allows you to configure the order in which + authentication schemes are invoked to validate user passwords. + The plain text user authenticator has been modified not to convert supplied passwords + to their md5 sums before checking them with the database entries. It performs a simple + string comparison between retrieved and supplied login passwords instead of comparing the + retrieved md5 hash of the stored password against the supplied md5 hash of the password, + because clients no longer hash the password. +
+
+ Log Collection Utility cloud-bugtool + &PRODUCT; provides a command-line utility called cloud-bugtool to make it easier to + collect the logs and other diagnostic data required for troubleshooting. This is + especially useful when interacting with Citrix Technical Support. + You can use cloud-bugtool to collect the following: + + + Basic system and environment information and network configuration including IP + addresses, routing, and name resolver settings + + + Information about running processes + + + Management Server logs + + + System logs in /var/log/ + + + Dump of the cloud database + + + + cloud-bugtool collects information which might be considered sensitive and + confidential. Using the --nodb option to avoid the cloud database can + reduce this concern, though it is not guaranteed to exclude all sensitive data. + + +
- Snaphotting, backups, cloning and System VMs for RBD Primary Storage + Snaphotting, Backups, Cloning and System VMs for RBD Primary Storage These new RBD features require at least librbd 0.61.7 (Cuttlefish) and libvirt 0.9.14 on the KVM hypervisors. - CLOUDSTACK-1191: - With this release &PRODUCT; will leverage the features of RBD format 2. This allows + This release of &PRODUCT; will leverage the features of RBD format 2. This allows snapshotting and backing up those snapshots. Backups of snapshots to Secondary Storage are full copies of the RBD snapshot, they are not RBD diffs. This because when restoring a backup of a snapshot it is not mandatory that this backup is deployed on RBD again, it could also be a NFS Primary Storage. - Another key feature of RBD format 2 is cloning and with this release templates will be - copied to Primary Storage once and using the cloning mechanism new disks will be cloned - from this parent template. This saves space and decreases deployment time for Instances + Another key feature of RBD format 2 is cloning. With this release templates will be + copied to Primary Storage once and by using the cloning mechanism new disks will be cloned + from this parent template. This saves space and decreases deployment time for instances dramatically. - Cloning will however only work with new templates and when they are freshly downloaded - to primary storage. Templates currently stored on RBD Primary Storage are in RBD format 1 - which does not support cloning. Loglevel debug on the Agent will show if cloning is used - when deploying a template or not. - Before this release a NFS Primary Storage was still required for running the System - VMs from. The reason behind this was a so called 'patch disk' which was generated by the + Before this release, a NFS Primary Storage was still required for running the System + VMs from. The reason was a so called 'patch disk' that was generated by the hypervisor which contained metadata for the System VM. The scripts generating this disk didn't support RBD and thus System VMs had to be deployed from NFS. With 4.2 instead of the patch disk a VirtIO serial console is used to pass meta information to System VMs. This enabled the deployment of System VMs on RBD Primary Storage.
-
- Disk I/O polling and throttling - CLOUDSTACK-1192: - On KVM hypervisors polling and throttling of disk I/Os is supported. Per disk disk attached to - an Instance the usage server will record the amount of IOps. - Per disk offering you are able to specify the number of Read and Write I/Os. Trottling is - done by Qemu/KVM. - Both polling and throttling only works with KVM and with all types of Primary Storage. -
Issues Fixed in 4.2.0 @@ -2229,6 +3042,1919 @@ service cloudstack-agent start
+ + API Changes from 4.1 to 4.2 +
+ Added API Commands in 4.2 +
+ Secondary Storage + + + addImageStore (Adds all types of secondary storage providers, S3/Swift/NFS) + + + createSecondaryStagingStore (Adds a staging secondary storage in each zone) + + + listImageStores (Lists all secondary storages, S3/Swift/NFS) + + + listSecondaryStagingStores (Lists all staging secondary storages) + + + addS3 (Adds a Amazon Simple Storage Service instance.) It is recommended to use + addImageStore instead. + + + listS3s (Lists all the Amazon Simple Storage Service instances.) It is recommended + to use listImageStores instead. + + +
+
+ VM Snapshot + + + createVMSnapshot (Creates a virtual machine snapshot; see ) + + + deleteVMSnapshot (Deletes a virtual machine snapshot) + + + listVMSnapshot (Shows a virtual machine snapshot) + + + revertToVMSnapshot (Returns a virtual machine to the state and data saved in a + given snapshot) + + +
+
+ Load Balancer Health Check + + + createLBHealthCheckPolicy (Creates a new health check policy for a load balancer + rule; see ) + + + deleteLBHealthCheckPolicy (Deletes an existing health check policy from a load + balancer rule) + + + listLBHealthCheckPolicies (Displays the health check policy for a load balancer + rule) + + +
+
+ Egress Firewall Rules + + + createEgressFirewallRules (Creates an egress firewall rule on the guest network; + see ) + + + deleteEgressFirewallRules (Deletes a egress firewall rule on the guest + network.) + + + listEgressFirewallRules (Lists the egress firewall rules configured for a guest + network.) + + +
+
+ SSH Key + + + resetSSHKeyForVirtualMachine (Resets the SSHkey for virtual machine.) + + +
+
+ Bare Metal + + + addBaremetalHost (Adds a new host. Technically, this API command was present in + v3.0.6, but its functionality was disabled. See ) + + + addBaremetalDhcp (Adds a DHCP server for bare metal hosts) + + + addBaremetalPxePingServer (Adds a PXE PING server for bare metal hosts) + + + addBaremetalPxeKickStartServer (Adds a PXE server for bare metal hosts) + + + listBaremetalDhcp (Shows the DHCP servers currently defined for bare metal + hosts) + + + listBaremetalPxePingServer (Shows the PXE PING servers currently defined for bare + metal hosts) + + +
+
+ NIC + + + addNicToVirtualMachine (Adds a new NIC to the specified VM on a selected network; + see ) + + + removeNicFromVirtualMachine (Removes the specified NIC from a selected VM.) + + + updateDefaultNicForVirtualMachine (Updates the specified NIC to be the default one + for a selected VM.) + + + addIpToNic (Assigns secondary IP to a NIC.) + + + removeIpFromNic (Assigns secondary IP to a NIC.) + + + listNics (Lists the NICs associated with a VM.) + + +
+
+ Regions + + + addRegion (Registers a Region into another Region; see ) + + + updateRegion (Updates Region details: ID, Name, Endpoint, User API Key, and User + Secret Key.) + + + removeRegion (Removes a Region from current Region.) + + + listRegions (Get all the Regions. They can be filtered by using the ID or + Name.) + + +
+
+ User + + + getUser (This API can only be used by the Admin. Get user account details by using + the API Key.) + + +
+
+ API Throttling + + + getApiLimit (Show number of remaining APIs for the invoking user in current + window) + + + resetApiLimit (For root admin, if accountId parameter is passed, it will reset + count for that particular account, otherwise it will reset all counters) + + + resetApiLimit (Reset the API count.) + + +
+
+ Locking + + + lockAccount (Locks an account) + + + lockUser (Locks a user account) + + +
+
+ VM Scaling + + + scaleVirtualMachine (Scales the virtual machine to a new service offering.) + + +
+
+ Migrate Volume + + + migrateVirtualMachineWithVolume (Attempts migrating VM with its volumes to a + different host.) + + + listStorageProviders (Lists storage providers.) + + + findStoragePoolsForMigration (Lists storage pools available for migrating a + volume.) + + +
+
+ Dedicated IP and VLAN + + + dedicatePublicIpRange (Dedicates a Public IP range to an account.) + + + releasePublicIpRange (Releases a Public IP range back to the system pool.) + + + dedicateGuestVlanRange (Dedicates a guest VLAN range to an account.) + + + releaseDedicatedGuestVlanRange (Releases a dedicated guest VLAN range to the + system.) + + + listDedicatedGuestVlanRanges (Lists dedicated guest VLAN ranges.) + + +
+
+ Port Forwarding + + + updatePortForwardingRule (Updates a port forwarding rule. Only the private port + and the VM can be updated.) + + +
+
+ Scale System VM + + + scaleSystemVm (Scale the service offering for a systemVM, console proxy, or + secondary storage.) + + +
+
+ Deployment Planner + + + listDeploymentPlanners (Lists all the deployment planners available.) + + +
+
+ Archive and Delete Events and Alerts + + + archiveEvents (Archive one or more events.) + + + deleteEvents (Delete one or more events.) + + + archiveAlerts (Archive one or more alerts.) + + + deleteAlerts (Delete one or more alerts.) + + +
+
+ Host Reservation + + + releaseHostReservation (Releases host reservation.) + + +
+
+ Resize Volume + + + resizeVolume (Resizes a volume.) + + + updateVolume (Updates the volume.) + + +
+
+ Egress Firewall Rules + + + createEgressFirewallRule (Creates a egress firewall rule for a given network. ) + + + + deleteEgressFirewallRule (Deletes an egress firewall rule.) + + + listEgressFirewallRules (Lists all egress firewall rules for network.) + + +
+
+ Network ACL + + + updateNetworkACLItem (Updates ACL item with specified ID.) + + + createNetworkACLList (Creates a Network ACL for the given VPC.) + + + deleteNetworkACLList (Deletes a Network ACL.) + + + replaceNetworkACLList (Replaces ACL associated with a Network or private gateway.) + + + + listNetworkACLLists (Lists all network ACLs.) + + +
+
+ Resource Detail + + + addResourceDetail (Adds detail for the Resource.) + + + removeResourceDetail (Removes detail for the Resource.) + + + listResourceDetails (List resource details.) + + +
+
+ Nicira Integration + + + addNiciraNvpDevice (Adds a Nicira NVP device.) + + + deleteNiciraNvpDevice (Deletes a Nicira NVP device.) + + + listNiciraNvpDevices (Lists Nicira NVP devices.) + + + listNiciraNvpDeviceNetworks (Lists network that are using a Nicira NVP device.) + + + +
+
+ BigSwitch VNS + + + addBigSwitchVnsDevice (Adds a BigSwitch VNS device.) + + + deleteBigSwitchVnsDevice (Deletes a BigSwitch VNS device.) + + + listBigSwitchVnsDevices (Lists BigSwitch VNS devices.) + + +
+
+ Simulator + + + configureSimulator (Configures a simulator.) + + +
+
+ API Discovery + + + listApis (Lists all the available APIs on the server, provided by the API + Discovery plugin.) + + +
+
+ Global Load Balancer + + + createGlobalLoadBalancerRule (Creates a global load balancer rule.) + + + deleteGlobalLoadBalancerRule (Deletes a global load balancer rule.) + + + updateGlobalLoadBalancerRule (update global load balancer rules.) + + + listGlobalLoadBalancerRules (Lists load balancer rules.) + + + assignToGlobalLoadBalancerRule (Assign load balancer rule or list of load balancer + rules to a global load balancer rules.) + + + removeFromGlobalLoadBalancerRule (Removes a load balancer rule association with + global load balancer rule) + + +
+
+ Load Balancer + + + createLoadBalancer (Creates a Load Balancer) + + + listLoadBalancers (Lists Load Balancers) + + + deleteLoadBalancer (Deletes a load balancer) + + + configureInternalLoadBalancerElement (Configures an Internal Load Balancer + element.) + + + createInternalLoadBalancerElement (Create an Internal Load Balancer element.) + + + + listInternalLoadBalancerElements (Lists all available Internal Load Balancer + elements.) + + +
+
+ Affinity Group + + + createAffinityGroup (Creates an affinity or anti-affinity group.) + + + deleteAffinityGroup (Deletes an affinity group.) + + + listAffinityGroups (Lists all the affinity groups.) + + + updateVMAffinityGroup (Updates the affinity or anti-affinity group associations of + a VM. The VM has to be stopped and restarted for the new properties to take effect.) + + + + listAffinityGroupTypes (Lists affinity group types available.) + + +
+
+ Portable IP + + + createPortableIpRange (Adds a range of portable portable IPs to a Region.) + + + deletePortableIpRange (Deletes a range of portable portable IPs associated with a + Region.) + + + listPortableIpRanges (Lists portable IP ranges.) + + +
+
+ Internal Load Balancer VM + + + stopInternalLoadBalancerVM (Stops an Internal LB VM.) + + + startInternalLoadBalancerVM (Starts an existing Internal LB VM.) + + + listInternalLoadBalancerVMs (List internal LB VMs.) + + +
+
+ Network Isolation + + + listNetworkIsolationMethods (Lists supported methods of network isolation.) + + + +
+
+ Dedicated Resources + + + dedicateZone (Dedicates a zone.) + + + dedicatePod (Dedicates a pod.) + + + dedicateCluster (Dedicate an existing cluster.) + + + dedicateHost (Dedicates a host.) + + + releaseDedicatedZone (Release dedication of zone.) + + + releaseDedicatedPod (Release dedication for the pod.) + + + releaseDedicatedCluster (Release dedication for cluster.) + + + releaseDedicatedHost (Release dedication for host.) + + + listDedicatedZones (List dedicated zones.) + + + listDedicatedPods (Lists dedicated pods.) + + + listDedicatedClusters (Lists dedicated clusters.) + + + listDedicatedHosts (Lists dedicated hosts.) + + +
+
+
+ Changed API Commands in 4.2 + + + + + + + + API Commands + + + Description + + + + + + + listNetworkACLs + + + The following new request parameters are added: aclid (optional), action + (optional), protocol (optional) + The following new response parameters are added: aclid, action, number + + + + + copyTemplate + + + The following new response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + listRouters + + + The following new response parameters are added: ip6dns1, ip6dns2, role + + + + + updateConfiguration + + + The following new request parameters are added: accountid (optional), + clusterid (optional), storageid (optional), zoneid (optional) + The following new response parameters are added: id, scope + + + + + listVolumes + + + The following request parameter is removed: details + The following new response parameter is added: displayvolume + + + + + suspendProject + + + The following new response parameters are added: cpuavailable, cpulimit, + cputotal, ipavailable, iplimit, iptotal, memoryavailable, memorylimit, + memorytotal, networkavailable, networklimit, networktotal, + primarystorageavailable, primarystoragelimit, primarystoragetotal, + secondarystorageavailable, secondarystoragelimit, secondarystoragetotal, + snapshotavailable, snapshotlimit, snapshottotal, templateavailable, templatelimit, + templatetotal, vmavailable, vmlimit, vmrunning, vmstopped, vmtotal, + volumeavailable, volumelimit, volumetotal, vpcavailable, vpclimit, vpctotal + + + + + + listRemoteAccessVpns + + + The following new response parameters are added: id + + + + + registerTemplate + + + The following new request parameters are added: imagestoreuuid (optional), + isdynamicallyscalable (optional), isrouting (optional) + The following new response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + addTrafficMonitor + + + The following response parameters are removed: privateinterface, privatezone, + publicinterface, publiczone, usageinterface, username + + + + + createTemplate + + + The following response parameters are removed: clusterid, clustername, + disksizeallocated, disksizetotal, disksizeused, ipaddress, path, podid, podname, + state, tags, type + The following new response parameters are added: account, accountid, bootable, + checksum, crossZones, details, displaytext, domain, domainid, format, hostid, + hostname, hypervisor, isdynamicallyscalable, isextractable, isfeatured, ispublic, + isready, ostypeid, ostypename, passwordenabled, project, projectid, removed, size, + sourcetemplateid, sshkeyenabled, status, templatetag, templatetype, tags + + + + + listLoadBalancerRuleInstances + + + The following new response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + migrateVolume + + + The following new request parameters is added: livemigrate (optional) + The following new response parameters is added: displayvolume + + + + + createAccount + + + The following new request parameters are added: accountid (optional), userid + (optional) + The following new response parameters are added: accountdetails, cpuavailable, + cpulimit, cputotal, defaultzoneid, ipavailable, iplimit, iptotal, + iscleanuprequired, isdefault, memoryavailable, memorylimit, memorytotal, name, + networkavailable, networkdomain, networklimit, networktotal, + primarystorageavailable, primarystoragelimit, primarystoragetotal, + projectavailable, projectlimit, projecttotal, receivedbytes, + secondarystorageavailable, secondarystoragelimit, secondarystoragetotal, + sentbytes, snapshotavailable, snapshotlimit, snapshottotal, templateavailable, + templatelimit, templatetotal, vmavailable, vmlimit, vmrunning, vmstopped, vmtotal, + volumeavailable, volumelimit, volumetotal, vpcavailable, vpclimit, vpctotal, + user + The following parameters are removed: account, accountid, apikey, created, + email, firstname, lastname, secretkey, timezone, username + + + + + updatePhysicalNetwork + + + The following new request parameters is added: removevlan (optional) + + + + + listTrafficMonitors + + + The following response parameters are removed: privateinterface, privatezone, + publicinterface, publiczone, usageinterface, username + + + + + attachIso + + + The following new response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + listProjects + + + The following new request parameters are added: cpuavailable, cpulimit, + cputotal, ipavailable, iplimit, iptotal, memoryavailable, memorylimit, + memorytotal, networkavailable, networklimit, networktotal, + primarystorageavailable, primarystoragelimit, primarystoragetotal, + secondarystorageavailable, secondarystoragelimit, secondarystoragetotal, + snapshotavailable, snapshotlimit, snapshottotal, templateavailable, templatelimit, + templatetotal, vmavailable, vmlimit, vmrunning, vmstopped, vmtotal, + volumeavailable, volumelimit, volumetotal, vpcavailable, vpclimit, vpctotal + + + + + + enableAccount + + + The following new response parameters are added: cpuavailable, cpulimit, + cputotal, isdefault, memoryavailable, memorylimit, memorytotal, + primarystorageavailable, primarystoragelimit, primarystoragetotal, + secondarystorageavailable, secondarystoragelimit, secondarystoragetotal + + + + + listPublicIpAddresses + + + The following new response parameters are added: isportable, vmipaddress + + + + + + enableStorageMaintenance + + + The following new response parameters are added: hypervisor, scope, + suitableformigration + + + + + listLoadBalancerRules + + + The following new request parameters is added: networkid (optional) + The following new response parameters is added: networkid + + + + + stopRouter + + + The following new response parameters are added: ip6dns1, ip6dns2, role + + + + + + listClusters + + + The following new response parameters are added: cpuovercommitratio, + memoryovercommitratio + + + + + attachVolume + + + The following new response parameter is added: displayvolume + + + + + updateVPCOffering + + + The following request parameters is made mandatory: id + + + + + resetSSHKeyForVirtualMachine + + + The following new request parameter is added: keypair (required) + The following parameter is removed: name + The following new response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + updateCluster + + + The following request parameters are removed: cpuovercommitratio, + memoryovercommitratio (optional) + + + + + listPrivateGateways + + + The following new response parameters are added: aclid, sourcenatsupported + + + + + + ldapConfig + + + The following new request parameters are added: listall (optional) + The following parameters has been made optional: searchbase, hostname, + queryfilter + The following new response parameter is added: ssl + + + + + listTemplates + + + The following new response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + listNetworks + + + The following new response parameters are added: aclid, displaynetwork, + ip6cidr, ip6gateway, ispersistent, networkcidr, reservediprange + + + + + restartNetwork + + + The following new response parameters are added: isportable, vmipaddress + + + + + + prepareTemplate + + + The following new response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + rebootVirtualMachine + + + The following new response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + changeServiceForRouter + + + The following new request parameters are added: aclid (optional), action + (optional), protocol (optional) + The following new response parameters are added: id, scope + + + + + updateZone + + + The following new request parameters are added: ip6dns1 (optional), ip6dns2 + (optional) + The following new response parameters are added: ip6dns1, ip6dns2 + + + + + ldapRemove + + + The following new response parameters are added: ssl + + + + + updateServiceOffering + + + The following new response parameters are added: deploymentplanner, isvolatile + + + + + + updateStoragePool + + + The following new response parameters are added: hypervisor, scope, + suitableformigration + + + + + listFirewallRules + + + The following request parameter is removed: traffictype + The following new response parameters are added: networkid + + + + + updateUser + + + The following new response parameters are added: iscallerchilddomain, + isdefault + + + + + updateProject + + + The following new response parameters are added: cpuavailable, cpulimit, + cputotal, ipavailable, iplimit, iptotal, memoryavailable, memorylimit, + memorytotal, networkavailable, networklimit, networktotal, + primarystorageavailable, primarystoragelimit, primarystoragetotal, + secondarystorageavailable, secondarystoragelimit, secondarystoragetotal, + snapshotavailable, snapshotlimit, snapshottotal, templateavailable, templatelimit, + templatetotal, vmavailable, vmlimit, vmrunning, vmstopped, vmtotal, + volumeavailable, volumelimit, volumetotal, vpcavailable, vpclimit, vpctotal + + + + + + updateTemplate + + + The following new request parameters are added: isdynamicallyscalable + (optional), isrouting (optional) + The following new response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + disableUser + + + The following new response parameters are added: iscallerchilddomain, + isdefault + + + + + activateProject + + + The following new response parameters are added: cpuavailable, cpulimit, + cputotal, ipavailable, iplimit, iptotal, memoryavailable, memorylimit, + memorytotal, networkavailable, networklimit, networktotal, + primarystorageavailable, primarystoragelimit, primarystoragetotal, + secondarystorageavailable, secondarystoragelimit, secondarystoragetotal, + snapshotavailable, snapshotlimit, snapshottotal, templateavailable, templatelimit, + templatetotal, vmavailable, vmlimit, vmrunning, vmstopped, vmtotal, + volumeavailable, volumelimit, volumetotal, vpcavailable, vpclimit, vpctotal + + + + + + createNetworkACL + + + The following new request parameters are added: aclid (optional), action + (optional), number (optional) + The following request parameter is now optional: networkid + The following new response parameters are added: aclid, action, number + + + + + enableStaticNat + + + The following new request parameters are added: vmguestip (optional) + + + + + registerIso + + + The following new request parameters are added: imagestoreuuid (optional), + isdynamicallyscalable (optional) + The following new response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + createIpForwardingRule + + + The following new response parameter is added: vmguestip + + + + + resetPasswordForVirtualMachine + + + The following new response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + createVolume + + + The following new request parameter is added: displayvolume (optional) + The following new response parameter is added: displayvolume + + + + + startRouter + + + The following new response parameters are added: ip6dns1, ip6dns2, role + + + + + + listCapabilities + + + The following new response parameters are added: apilimitinterval and + apilimitmax. + See . + + + + + createServiceOffering + + + The following new request parameters are added: deploymentplanner (optional), + isvolatile (optional), serviceofferingdetails (optional). + isvolatie indicates whether the service offering includes Volatile VM + capability, which will discard the VM's root disk and create a new one on reboot. + See . + The following new response parameters are added: deploymentplanner, isvolatile + + + + + + restoreVirtualMachine + + + The following request parameter is added: templateID (optional). This is used + to point to the new template ID when the base image is updated. The parameter + templateID can be an ISO ID in case of restore vm deployed using ISO. See . + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + createNetwork + + + The following new request parameters are added: aclid (optional), + displaynetwork (optional), endipv6 (optional), ip6cidr (optional), ip6gateway + (optional), isolatedpvlan (optional), startipv6 (optional) + The following new response parameters are added: aclid, displaynetwork, + ip6cidr, ip6gateway, ispersistent, networkcidr, reservediprange + + + + + createVlanIpRange + + + The following new request parameters are added: startipv6, endipv6, + ip6gateway, ip6cidr + Changed parameters: startip (is now optional) + The following new response parameters are added: startipv6, endipv6, + ip6gateway, ip6cidr + + + + + CreateZone + + + The following new request parameters are added: ip6dns1, ip6dns2 + The following new response parameters are added: ip6dns1, ip6dns2 + + + + + deployVirtualMachine + + + The following request parameters are added: affinitygroupids (optional), + affinitygroupnames (optional), displayvm (optional), ip6address (optional) + The following request parameter is modified: iptonetworklist has a new + possible value, ipv6 + The following new response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + createNetworkOffering + + + The following request parameters are added: details (optional), + egressdefaultpolicy (optional), ispersistent (optional) + ispersistent determines if the network or network offering created or listed + by using this offering are persistent or not. + The following response parameters are added: details, egressdefaultpolicy, + ispersistent + + + + + listNetworks + + + The following request parameters is added: isPersistent. + This parameter determines if the network or network offering created or listed + by using this offering are persistent or not. + + + + + listNetworkOfferings + + + The following request parameters is added: isPersistent. + This parameter determines if the network or network offering created or listed + by using this offering are persistent or not. + For listNetworkOfferings, the following response parameter has been added: + details, egressdefaultpolicy, ispersistent + + + + + addF5LoadBalancer + configureNetscalerLoadBalancer + addNetscalerLoadBalancer + listF5LoadBalancers + configureF5LoadBalancer + listNetscalerLoadBalancers + + + The following response parameter is removed: inline. + + + + + listRouters + + + For nic responses, the following fields have been added. + + + ip6address + + + ip6gateway + + + ip6cidr + + + + + + + listVirtualMachines + + + The following request parameters are added: affinitygroupid (optional), vpcid + (optional) + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + listRouters + listZones + + + For DomainRouter and DataCenter response, the following fields have been + added. + + + ip6dns1 + + + ip6dns2 + + + For listZones, the following optional request parameters are added: name, + networktype + + + + + listFirewallRules + createFirewallRule + + + The following request parameter is added: traffictype (optional). + The following response parameter is added: networkid + + + + + listUsageRecords + + + The following response parameter is added: virtualsize. + + + + + deleteIso + + + The following request parameter is removed: forced + + + + + addCluster + + + The following request parameters are added: guestvswitchtype (optional), + guestvswitchtype (optional), publicvswitchtype (optional), publicvswitchtype + (optional) + See . + The following request parameters are removed: cpuovercommitratio, + memoryovercommitratio + + + + + updateCluster + + + The following request parameters are added: cpuovercommitratio, + ramovercommitratio + See . + + + + + createStoragePool + + + The following request parameters are added: hypervisor (optional), provider + (optional), scope (optional) + The following request parameters have been made mandatory: podid, + clusterid + See . + The following response parameter has been added: hypervisor, scope, + suitableformigration + + + + + listStoragePools + + + The following request parameter is added: scope (optional) + See . + The following response parameters are added: hypervisor, scope, + suitableformigration + + + + + updateDiskOffering + + + The following response parameter is added: displayoffering + + + + + changeServiceForVirtualMachine + + + The following response parameter are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + recoverVirtualMachine + + + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + listCapabilities + + + The following response parameters are added: apilimitinterval, apilimitmax + + + + + + createRemoteAccessVpn + + + The following response parameters are added: id + + + + + startVirtualMachine + + + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + detachIso + + + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + updateVPC + + + The following request parameters has been made mandatory: id, name + + + + + associateIpAddress + + + The following request parameters are added: isportable (optional), regionid + (optional) + The following response parameters are added: isportable, vmipaddress + + + + + listProjectAccounts + + + The following response parameters are added: cpuavailable, cpulimit, cputotal, + ipavailable, iplimit, iptotal, memoryavailable, memorylimit, memorytotal, + networkavailable, networklimit, networktotal, primarystorageavailable, + primarystoragelimit, primarystoragetotal, secondarystorageavailable, + secondarystoragelimit, secondarystoragetotal, snapshotavailable, snapshotlimit, + snapshottotal, templateavailable, templatelimit, templatetotal, vmavailable, + vmlimit, vmrunning, vmstopped, vmtotal, volumeavailable, volumelimit, volumetotal, + vpcavailable, vpclimit, vpctotal + + + + + disableAccount + + + The following response parameters are added: cpuavailable, cpulimit, cputotal, + isdefault, memoryavailable, memorylimit, memorytotal, primarystorageavailable, + primarystoragelimit, primarystoragetotal, secondarystorageavailable, + secondarystoragelimit, secondarystoragetotal + + + + + listPortForwardingRules + + + The following response parameters are added: vmguestip + + + + + migrateVirtualMachine + + + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + cancelStorageMaintenance + + + The following response parameters are added: hypervisor, scope, + suitableformigration + + + + + createPortForwardingRule + + The following request parameter is added: vmguestip (optional) The + following response parameter is added: vmguestip + + + + addVpnUser + + + The following response parameter is added: state + + + + + createVPCOffering + + + The following request parameter is added: serviceproviderlist (optional) + + + + + + assignVirtualMachine + + + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + listConditions + + + The following response parameters are added: account, counter, domain, + domainid, project, projectid, relationaloperator, threshold + Removed response parameters: name, source, value + + + + + createPrivateGateway + + + The following request parameters are added: aclid (optional), + sourcenatsupported (optional) + The following response parameters are added: aclid, sourcenatsupported + + + + + updateVirtualMachine + + + The following request parameters are added: displayvm (optional), + isdynamicallyscalable (optional) + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + destroyRouter + + + The following response parameters are added: ip6dns1, ip6dns2, role + + + + + listServiceOfferings + + + The following response parameters are added: deploymentplanner, isvolatile + + + + + + listUsageRecords + + + The following response parameters are removed: virtualsize + + + + + createProject + + + The following response parameters are added: cpuavailable, cpulimit, cputotal, + ipavailable, iplimit, iptotal, memoryavailable, memorylimit, memorytotal, + networkavailable, networklimit, networktotal, primarystorageavailable, + primarystoragelimit, primarystoragetotal, secondarystorageavailable, + secondarystoragelimit, secondarystoragetotal, snapshotavailable, snapshotlimit, + snapshottotal, templateavailable, templatelimit, templatetotal, vmavailable, + vmlimit, vmrunning, vmstopped, vmtotal, volumeavailable, volumelimit, volumetotal, + vpcavailable, vpclimit, vpctotal + + + + + enableUser + + + The following response parameters are added: iscallerchilddomain, isdefault + + + + + + createLoadBalancerRule + + + The following response parameter is added: networkid + + + + + updateAccount + + + The following response parameters are added: cpuavailable, cpulimit, cputotal, + isdefault, memoryavailable, memorylimit, memorytotal, primarystorageavailable, + primarystoragelimit, primarystoragetotal, secondarystorageavailable, + secondarystoragelimit, secondarystoragetotal + + + + + copyIso + + + The following response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + uploadVolume + + + The following request parameters are added: imagestoreuuid (optional), + projectid (optional + The following response parameters are added: displayvolume + + + + + createDomain + + + The following request parameter is added: domainid (optional) + + + + + stopVirtualMachine + + + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + listAccounts + + + The following response parameters are added: cpuavailable, cpulimit, cputotal, + isdefault, memoryavailable, memorylimit, memorytotal, primarystorageavailable, + primarystoragelimit, primarystoragetotal, secondarystorageavailable, + secondarystoragelimit, secondarystoragetotal + + + + + createSnapshot + + + The following response parameter is added: zoneid + + + + + updateIso + + + The following request parameters are added: isdynamicallyscalable (optional), + isrouting (optional) + The following response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + listIpForwardingRules + + + The following response parameter is added: vmguestip + + + + + updateNetwork + + + The following request parameters are added: displaynetwork (optional), + guestvmcidr (optional) + The following response parameters are added: aclid, displaynetwork, ip6cidr, + ip6gateway, ispersistent, networkcidr, reservediprange + + + + + destroyVirtualMachine + + + The following response parameters are added: diskioread, diskiowrite, + diskkbsread, diskkbswrite, displayvm, isdynamicallyscalable, affinitygroup + + + + + createDiskOffering + + + The following request parameter is added: displayoffering (optional) + The following response parameter is added: displayoffering + + + + + rebootRouter + + + The following response parameters are added: ip6dns1, ip6dns2, role + + + + + listConfigurations + + + The following request parameters are added: accountid (optional), clusterid + (optional), storageid (optional), zoneid (optional) + The following response parameters are added: id, scope + + + + + createUser + + + The following request parameter is added: userid (optional) + The following response parameters are added: iscallerchilddomain, + isdefault + + + + + listDiskOfferings + + + The following response parameter is added: displayoffering + + + + + detachVolume + + + The following response parameter is added: displayvolume + + + + + deleteUser + + + The following response parameters are added: displaytext, success + Removed parameters: id, account, accountid, accounttype, apikey, created, + domain, domainid, email, firstname, lastname, secretkey, state, timezone, username + + + + + + listSnapshots + + + The following request parameter is added: zoneid (optional) + The following response parameter is added: zoneid + + + + + markDefaultZoneForAccount + + + The following response parameters are added: cpuavailable, cpulimit, cputotal, + isdefault, memoryavailable, memorylimit, memorytotal, primarystorageavailable, + primarystoragelimit, primarystoragetotal, secondarystorageavailable, + secondarystoragelimit, secondarystoragetotal + + + + + restartVPC + + + The following request parameters are made mandatory: id + + + + + updateHypervisorCapabilities + + + The following response parameters are added: hypervisor, hypervisorversion, + maxdatavolumeslimit, maxguestslimit, maxhostspercluster, securitygroupenabled, + storagemotionenabled + Removed parameters: cpunumber, cpuspeed, created, defaultuse, displaytext, + domain, domainid, hosttags, issystem, limitcpuuse, memory, name, networkrate, + offerha, storagetype, systemvmtype, tags + + + + + updateLoadBalancerRule + + + The following response parameter is added: networkid + + + + + listVlanIpRanges + + + The following response parameters are added: endipv6, ip6cidr, ip6gateway, + startipv6 + + + + + listHypervisorCapabilities + + + The following response parameters are added: maxdatavolumeslimit, + maxhostspercluster, storagemotionenabled + + + + + updateNetworkOffering + + + The following response parameters are added: details, egressdefaultpolicy, + ispersistent + + + + + createVirtualRouterElement + + + The following request parameters are added: providertype (optional) + + + + + listVpnUsers + + + The following response parameter is added: state + + + + + listUsers + + + The following response parameters are added: iscallerchilddomain, isdefault + + + + + + listSupportedNetworkServices + + + The following response parameter is added: provider + + + + + listIsos + + + The following response parameters are added: isdynamicallyscalable, + sshkeyenabled + + + + + +
+
+ Deprecated APIs + + + addExternalLoadBalancer (Adds F5 external load balancer appliance.) + + + deleteExternalLoadBalancer (Deletes a F5 external load balancer appliance added in a + zone.) + + + listExternalLoadBalancers (Lists F5 external load balancer appliances added in a + zone.) + + +
+ Version 4.1.0
diff --git a/docs/en-US/removed-api-4.2.xml b/docs/en-US/removed-api-4.2.xml index cf4ab741cf3..596d3163fe0 100644 --- a/docs/en-US/removed-api-4.2.xml +++ b/docs/en-US/removed-api-4.2.xml @@ -19,7 +19,7 @@ under the License. -->
- Removed APIs + Deprecated APIs deleteCiscoNexusVSM (Deletes a Cisco Nexus VSM device) From f0a93d5c020e1bf4eef4df80943db1d0153fc818 Mon Sep 17 00:00:00 2001 From: radhikap Date: Wed, 11 Sep 2013 11:50:31 +0530 Subject: [PATCH 02/12] new workload image for RN (cherry picked from commit a0c8fdf26f387a90d7aa778c4759bea6b1442e83) Signed-off-by: animesh --- docs/en-US/images/workloads.png | Bin 0 -> 69265 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/en-US/images/workloads.png diff --git a/docs/en-US/images/workloads.png b/docs/en-US/images/workloads.png new file mode 100644 index 0000000000000000000000000000000000000000..a8334d97546b16c1a7559f32700d7d1c8cc4696b GIT binary patch literal 69265 zcmd421CuOKv#33`XOC^$-eb?~v2EM7ZQHhO+qP}rdC$2xf8dMwI-;Vxy0a>CA#-&; zl`HI@j3_J=CKLbw0Iax}kURhY&?W!?U;+ft?>C7w@|eGGfDZDa0sz(1*k`{dASV3M z`~U!TG0>lSpugvkwqj}y003|U|2Y6hY)TCQ0Dg+Zh4>X+wJ){6Jr#$RbG9tqZ+M7f zXXCV`gyiZF3Ri1aWCM8mp8wSGPADiMan+#-)#?FeANi3B{ZlLyBqRZy_t=@*zTtCm zX3Oxtx!#(xW?cD*n7E!ybNF^JKAuctVxr_nfbd}l!Ul{65cMVMMcjpWWCJ??Hug=K z`TcAQ@_&9J?2SUI2LB&o>>xm!ni_$RojACh5)chSccG)O#VOZzAzxIa)iLt*@^#U z-+$Y*LGWwPhTa5)!~Zpr2p<^GI&l=h0)f=Z!U8K$-XV_TzZ;gT^Q%g{r*|6q=>Ih- zm+7|wdz^j$Ly;ii5zWv16Bq8P>}#76_j zI665wU9om)*QCgVlsKY-C{iYcDLu?g_w$`3{Pu{gIY=Udgs#t@l_qPt(lw`g+#DA) zHbu6J@C$XgBsLBf&P+GL)3D|==H+-_2w=>mp}~omR(Avxmj;d&e;7zxJfvMf44Igh zk)6FhTx3Eo(O~yJRK4TSH*itZriITC*%0jJ`bF~!PFP+<`^@yFt;-?G0+6U5UA2Su zFC&YWM3j}5$Tq3xrqrX zYHDh7^3j2TfuW%xAb;+N1AN=c@;6nKEY?rQMob_0B$jJVwGa^=kJ2BKf&i1jHv@>i z0V(8!w0-nIe`qbuA0;GjC4?H5E-YmwEowL(9iN-(0lDs`q0stG^I9 zjJJv@D;};L?d@es=gvAf;Ij;fw+~Qo(4oLKdEa&2+Wh?8aV5l=*GGF3#*E7MmU(ji zxC9OweUd$>?xu^-q9NMO66nXO%JuyXT=+n#>5a|J%gf8kDk=k3kG2JVKjDOfQ768!STdJJF}Pdza+E}Zec-gNt- z1%rB`!ZZB7=az0Xkyy9nT$#oX;JJ@K7>?oDzDeF6WLEHpJXGPAJk z1&9>fJw7_RxQu{b(Cqs`t@p-4L)Y7UDmNOtj4c@e>89g1LKH(b$Vf#adq|9H649(5 z|9m~oO%Lpl2+Lw)aCvRcF6c$CCctVZ6GGgsMHA9<{)q#A+jznLI{Nz!mr8mf-QBmb zFvGYYlr49Ead+Oq_Km!E(5!Eb#3qU@L0~xo(+)3Xak~o)M!Ya;*nz}hG{O&1Jl4R6 z_oHt!=3^{8iGc_Nk8vq?>id=+jnf(=>~Hen_r&-4_T3ogV4P*2R?^XTWfL;*h8RxN zYr+*Sc#aR!WL35C?A>PcQj(A`oyBv8>7oMPwxEI`GIp^6&9|ylPsoB8F$G7+XEMMG zQA^;Lv_#in_z^lLc?Jn6l(YH1l!q?+rC=gr012;+?65Gn+}ej}ZCdW-aNvc=e}^{N z3VN~DOdGe*0u1EYYycknQ4w04{GQ`n^G0>!voiJVVrc7MDJK{&H($9xr#Su z-xGLvWd9qDz9InnN54CM4kJuNg+N|)A!BGxYnQOG7=|nNKH~!{eB7+(FkXg2V(R4h zGc9}Ye;f4$)UgF6Jo@&r!^i2d-&7EiN!e9!x|JnoI&4-{~IfN z0TFwZJA8gpUoIzi74m@*v<8(O3SHRhiTgu?#vZGEyx*UC+o@*M#|Ko5@dHT6a3LgauV4l7%nt5P%AElhKX#75oz6XM>{04-4k6evfh=06UmjriLm{C>FS5F}qwD+1 zVLgd~M+qt3sSo1cFmzBUbPRf`RBgrIPgwCQxhuL9m_x)UHHC9_xP1B~x!TD#k@?F8 zuV4Y_YUn_0UuVxJhPhjt+G{)8ySs6*hMLrA_H$9V>m${ORh!=2X3~E$9$;F;-pi4{ zxkP*O5PR1xI^L>SV%%Mi3EqDkGjlQ&WH3$X89_doLEN9MZG?y`N{(x8;2s=&g;tTn*i7}66V zH%jqURMI+Y*J-Hcdb#WCI#}^+Ug*HF0jJu56HaY`=jF#l?+W4%r(N zC^(%XSF2;e125n(z=muBu+~B8d2FazsbjM^raSwxPC+2}URRN(_IiF&nbFCY3Z1s$ z;EM}ClRrRPf zC1@*GBC>6K2>Bp;M=dJgDX~d%)`X>nwQBwG23l6qC72z_oXybyTj8UX>}Ah)=?^de zc`hXCqZzO=3&dwuszK%Uy`q+&(@jIlbyWP+kD|9%El@}tJD!lR4)04}9TVQC<(MP# zjpOG;yQ^=sB3H8wX^D=Tjs(yfhbUyl;G6m8;9c|#AG^r3rn`#A6jvR+Os~6$L}iA~ z?0HvGt)y);uFSVlx0=N#$tX0T#)~H+8t=UL^SYGAeUe@M-R@Z_t0OO%#v7H9Qk@Hz z_T5<^DCQ`c*cFrBuchUGQw=83SzbE$wu20sQnd3u3J$MffAA9rfvPTFsJWJ_IVEId zli6vVG>_EuSW6WWdIp3_Bo{-?u6j8gRuN+L4hIkC7$!Leg>$mExP^17zSAbt8F<{+ zCqe2tO1wZzpnn2GVKNLa{k&~(*Sl5Ca~RVZekbI@%YKN7H)**6-lnx`$a(e~ukE+h z&;nn=YXxeWir37Oq+ZFK@YX%GdEMLkEWRdY!g72Lhs!EgTl@X_dV4$PDhUK_-SIdx zs>J;2X6@JPiivEe1ST|h(g1!hnV6^lVhUq%WY?|k-t+i+ytcn&JA;Jsk5;5A>q+NC zaQeAp>@_szK&itArM*?Mp8CV?Sw@Z-Uc(2zFXBa74y;1{ioAE*Rom2Z=3?&qTiHhQ zlxLLs+GIh1+}lB`^Ki6xsb-j!`@q1Tg~rY%L-m(Qvck;uh8ByF@DtXA zSBo1a4Oao2C+(gQ<*jyIk9zhgudno1IQ)#2n+g?@&&NzdyF%0LUUB5T3+J=f(k1W< zy+qZX&;gmZ&+nKQ`C)2wbh1J<#-mfa=7kI#SuwPW9jJ)TnlsTBs7W$0Qq@~i48sR=3J(Vu zH&`m6IW*%gXC?o=&V}p|tOT-Lt`pJzCdo-bsbV??4V!e{1F5_Kv_VCYxo0cVmVb{h zmAlvgTKh{b&a9ucfuInn@Ug7&&m?B zPhSY-Q>aDoU?zw##;RB+4!c6C20hLdGW!bJ6ZS4v;z5 zA~aSb*5GiHY&=-(1M_69NfWZ>9S9?xG>W)%0S@Q)ds6r^<_N{ayzweQzkKPx%KrFj zKDFCPHlUAg4T<<>ZnhfbnOpG@_qy=48p zyng*4Y%byO*s1xEXZ59P#@P_cEJ&Ev=e=(dpO^o)EoSPNxa=UJ9ogi3KqlfV*f^2# zHE@Xsjm&0-I7~{9Br2IQ(N*djC+~b%52+p7uYZmWSOyWK#nJF5bKt&$(kgO_y`vdWTxDdHM%dd1|o%U|vkjpXa`TAA*?a@2_>ld@Wu<$#ls1 zdjpC<0!a{8bP19g-j(CL%;7s$Ok6|SO>W$0nyEnVAMTm4KR^vU!!|$PF>rC<+FiC( z2~;rg;ygHiFPW>VI)={auGi&v9AO#9W3^rNrlv`Y6tTBkU9Cr3u*sjgAmz_cLmYHX zxr$sxr%c8rf{4O!YZ~+78mr*HCSrf=4rH%b4>Fl?4!1o26D=Kxe%hc?SwJPIU-BG5 zPCm4>=kg=A%p{z98whw=Zd+t!9U$)mtg(+mY8Btrq$uOXM7c~PLmVwF*e(WvnsWY~ zh%~8nq0y@UHGCLV09zhn@@7wU*0TQAY!cB*EC=;imSD-k>ww4xIS|dM=_4Sz9#$&@ z3;A^3+uUnacnF!T>)wazk3o(zpc>e1RlDOg^^+_AV$m|hV1*sunmnX9ue%xe7z-ue z%_M8HPD)Nz+hI~e(w5E`c6Kbjk(&f2Th3>%&sL9VjxE^4w%NSasQXL=TSOx4(D#ka z8U`+iPeVD@uR{Doj2sAv>Gu#Q##zs#p#$YXfA}1)wX7Rh zy(kvYoYZo|Xe6L``$tz6cw7a0gE5IbuKr=3=rbo%Z|KXa7)F*F>D=I@>PlDf!5=w! zJDiAXjK7rYbQCo^qS;LE%~Pae$3pJ!QY7aPm3p#xD9F{1xWyV*YMkfR9kr+`;6baE zlnh^32*`!w?Fm%89Z%7VN#Eb!*4Eao#+!kf9dh@lF`~95w+1FIJztAz9gx#4$V9#e z$~haG+hrVe!~uR!FW>BMdovviAx-oJ#1!J^Bq;O}2v{0gT3z=aTsCPh-2S^@z?zyO zCj!2*v58f5RvH(;HrXC8ol1Uwez>@}$0A{U+aeI`dU~n|3P1~m;u>7^aQ00+tDPWRMEEC_wp3f7nvAq$*~0-v&loERZgF1lS3`KSNAV~LVCF}%7*B|)g5qG0RBs7Qy&0D z${hcHWf2TQ{mLWzv2j3VJVuF0f2iGADOxgHUqeq#7X=wCsNv6gwBt zR}aE`_28H`F({$RCN^&V#zM(|`y8K>`^HUvD%m8jYl_b6v07^SO#3kKUh_L3@rW3Iu+$ASIc8zQ1j%q!^=F#8}uEB=_?v%I`KBzwpVibX-7^H5m+g_|L3sB${1DI@!4I z!5V>qeU`5PW9`5q-MUV>OFJCHv~ykM5hQle0CN4S`oO7mt0n?+@1-HdH?GBZ-osQvkE&Hg?a zhDSvp;>O4fiw3gUm2@6pRK#0az!3;5nsxfYT?Bi)m{B=@g zyT=US>%zRwn0*-IWdG9eqZDhRq>-wm#WjsUb%)YUNZ8DpU9n3Ms}z_lnqr?{IJQ<= zfdruivRjit@HY@lYt4mgXDD|J&91QV4|EjLqw;A(^h%?A!QhyqkaffJhOGzs+cEUg z(1enTr~PYZo!N*tQI#~01kQP~808DzQk)(IvA6kpQbM34h`dAm>0U*wM&r_19uSw0 zqSn3t`S{AM%U$$tk}Rp=d(umv6gc9rJj=XNLNZvz8#n>aTr&a)RcbCm67yZAZ)5(J z5O@HjGa$jby?m%ofA$5gU*p8^I*8J^E|pmT-=z6rRyvT}Qp>r9y1FYHWf6Rn8Rlan zy+kzX%`)T^D@`bJ3jvV1m-m{t@sUGEp=>4%gM{e{4JHX^7keQ4M`x|e_rPYn*ueV_ z4t`vLSbuG#3T49qDYA-7z+!6602gR$@v*uaT0VpH!+eP-roc_HL1(G!N(G11GP%W_MCgxBtgsvgPcB$Z{ls3gzZz+N(H zn~9R03pMD1q2cX8nwy~|cwf}5Cfjb|w>Oae3JF0a{_`@IMAA-XDLI6is6vDzHXnyF zdq^#lT%^@P-Qp$?H(U6c@)@4y`L-b%_G1KgwAVd*VRvl{F>&uu=Pl@1WS?AwSA*X9 zPGg-0{VxKvWzYerrDtypyPE@S zA1D5ur-%{U520|)!lH;mggC;bL`uTH{*6Yv5boKYKMPy;ghh^p98?l)T<($}LT%g^ zdmjAfh>V*1CG0MEaNCKVgp)~}qjK`~SaqMoq$mmJOc&#yU3!aD9X<<*p;TpEa>?xZ#hMRO?m7^`q;x--Gm?kA1~C%`NmJC3P|$Jj z%Q`z5(CO=X(U6iVRVrVf$lO$M>oPfE!ic0($bdbvNakiZ7h=%c^R z>G-I01=+#1>2gKWzM*HJ~y4iGff*WF8 zglCKbp}|+Ya~82)pkfX{Un2wHVGQt^ddwt=L5RlK@qxR{y+EhHwc zy7VJ17$PUq*!M0Q6QV>Im_|iyw!CEeg)pb#^nP8)jTgVultzRLXz>msCC3k4{(_@q zc%vC39klGH0kZJfalimwC{bZIbOK=r*RvrCSyd-hW;*XAW3G{#ljw6zB${_Zl=*OK zb&{~UI%od5k!_q%^kf%Ryk{4wnKUE@C+Q30OJzrn(pD!JOTPQ*4Yv7Y8Vw(;Vu7aR z!6sqcYScO{hDLWCj+e}uHN>seGg4mjEV-U@*lJio0Pg8cHc@#bos^kRDiS0{dKak;k+^2+yp)0H=2jRcFC-pP{NK)iP$~ji?Lj7hF|jUZ zudtoX#J?a>q#mc8(}4}b^9-i{bR)B$*&+cRhIY+ePhx} zi!g+S2FodH*Sy5;)EI1f)~W`};61Uq?E5IG4?X!&a|NhxClLo;Bkj7VkXlHLUHSTr zEODW}ZFyUWeew|@q8$+0-}+$9K_Sbp!<8+J62RhzrgT9!oL8DJ@}SP>wz_F>b-5qge%RvnK|fS7My$4Q(kZJ1K!H3hFT- zB4xyXjFxVyXiKXrfMST7Nz&e>XJG&B1o}rrOdVIfDJN){d(m0uCwVF6%7}%pd!1m+ zO6ZgM2XOt&ex;z1RliM6KbP;HN%*n7UfnPizR3o`l0wLX*uGaoxEK-XS}5F{LW5vc zULBFEW~aDh7es`s6U5iNYY4=5j8D1x^0kFTWE6puRm3oJ<;Px&lTWl}>ZX{#=Sgsu zW{bF}r+~Pj)U}T>#D0fWGuso!Y!fb6b2w=)C5%_+JW~o(%`|ehBw{umN60HYUOpO; zAeYR(8gDzHo@26*D`{N%04Tcy!j7}(AcDFcsXsxZU|}yVypDe^2Bv;KVt{dN>cToPhNq5YE)qsO@J% z%T>c1XgOKp6tSnPi1P+QsXB$0%3g3LyA11Mow9Fp=F<8gU@$?fkrad_FN9nvHwbj^ z#o>daodG7qI`n>H?6OQHn*`W<;v7BMaM(1a{7QYd&|nkfL7Ev`6uSgQun((!#!R7b zK`(pD^qN*2o0XJ$mV0Zrc}+Eohs{{#0x3xhtoY}HEvtZ%ez4vi{!0;>Qi@TT^(*~R z4@7@2X89bZu3!EmU3lq4`vc+^gFO z+X6D8;9@xgQG>^PW&%bFu;&1CDJQvMUH3p6a2!o4@#oH}Ov^$-O>E1W1lfCA1 zX3Voo+UhTT3TuFX#|gN-z|Xn}Q*iE#y5Y6kjo_1-e=Z-!#-B*K&s1^* z22{F$!dz-!2|MQe&n`oJa{xXZ9nDmvwK$q-FV>8GiodsSYcgwCX}3`_zaP)clJ>*VHHjc>;X(J>3KGN5e?~K zwt!WK0SiK!(FWZM41HxW99X}bRJk-&vkAGm1Y7%AEY8X!J5l#FQrus@qZa58wFiL4 z%cuh2i#O|N!99Gv2G+>Qs^$K{^FP0Uy2T|lSG6g$jt4Cs{H+ac^1wQoMDMbjpc@>> z`J+;)0-J{1U6Vh* z@Ud*d_4>v7buOitH%FGXOUu>EuU4q(bFRy+ur8w%Ef_uFqQH~$_MjHwUD`_)dt6XS zE6shz@0v0qXd+dD&ALsote)?a=i)FlNp_GlCcNYcE)a0HC-}J9mFA$Z6)V$2!g7c0 z4r%f?Ge3CJMTnwma0F4b%!6jw{_jMQgoF&pIXyjnd}0E5o84a;TfUy%0n?9p1<^7k zNZhX$n7aN|bdDb<0*GCB-4^`PNavdBZT&NW?ds#%@Gq!ONu?GSv zU95+KPXKd|TZ}L}AO3g{H=WU(8g}t-rr8=_VRNcCFdYOKU*Zump*tKLLXYh}7Ntl9 zM5E>`pv@})rym2zH$3W=zWd)Q<``xrtb7fGD#&zKIRvc84w89skWqcgc3>>Z08>Pw zvWQX-Z$-x$`hWARNbrd5<(`;-CA1{;SD_NneqcgbM}w?*eI*ZM;Dh_()nxU@1(L+q zo9a39%xNhE+$7)?askjZN!bNKl_JCc(qPRx7#Ce9xHvt`X#@uc2D-YtxA(3mKi_Kj z7wr+VB$btD)$LJML8Cgn9aKWJHowt|Ymv0@b5u0Wzh0ju>sCa?vr1uue+D2A{Q3>8 zHh#MTO?LP&m=lavF*s4FUM|YXrkJs-YHj)7D|F-H*#)g95zhUZ#L8FX4-~rYytqQ@ zWCd!tgO)QUsx4ay>SeUQYlBK7=ekC9A;#cp4g*Etgri2Z{%&(Ps|aaq5ZlOnB6k>$ zxt2iV#5Um7oPhIaYGI|%s%kiLSHu*+QF^1jHZ{x9?C`ZdZH=}Cg*z3E0do1nM=&xE z5bSM=m-&k3C>O(EZwKWs2O{ERIHzOedlPK($vLJQ`GOSMtfXoAI(M=Q7Ep{v&q5s` zc*hVjTF7i?wRCH@mbpaV=I>!&<4}xg_`#a`MrjE~2E?S-IIZX8h*S|>l^&HNIG?Afo=^}~7as`sNb9@;%tH(0JVJ0GL3d+W+xC4U*)>UDWXucPd?SML6d z+i}!yliL|f+iByRWIBLYhWj2ks|6%7Wh^(#4-%DlKMWtS;d+sMUtSmtxm+jbJ`@X$zGQAef9NbSUl zeXwbHFE!1zeiX-xXhGAm_04F7U;F(rZAM$)xm}ZC0K+x1PP8rfEyqAS_3!PyIM37~ zJa|ehKJdHz(OY-(Xt;58vscJCOC%(?OG`H?h?!K8re=dnO+E+;EW}7UvF7cp$;=m^NF}y87YZe96&`B zq3hJY*>IR9Cf>Urf!=O2@p8i+j(0@%;JS$4lga>Hui6|os&0X-tNy-IZDU80{Udm_0asg% z{xfYv6xOPGWzH259i#8(<(0?8rkzRe8Mcni$AMUX*u)I6%BtNfrhp6%ZD)WZJ;=MqmtV3hT-UoAWSZT$ z@Vc=bhA^LxJt4*GaZpvZ`CTwgypH4S6mrI5J0q8Q-=f;#jR)S^GAi#P)iN2A#lu|c z1Jf`XOH0@@>|}HdUgz-$tCy<3$$-upN1%`^e2Bu}kT42jFj%gLk}}hJ*@iaHTvewTAEED!^#!U2`H!2Xp38h5Qd%}ou>2NX~B`v!^JTa^)8uN zaAJ|z0*#iN=Q{_K7@7R^^L#&)-1EV51a=d9gtg>{Fj?Pv=8q8zA?LFvNzvPJ=G3-q#Gd2iWb{^s8uCOhCUAOe%PNJ@eu`P|60UENiw@1E6 zj}JMeTA}gy631QCH&5IZ^lgIdcZ>BjMRj5KqyS5;@&iq|=ok-#tSKJIyHC9=8F2qt z=MPHk+JdOrhU5F`o{2D;&yQr;`jX&Kv~zR>W{~P)bYJPEtqdn^$)@`2(7n%g*H7=p z%cYMGFQIU0SMCCXETo;CN=NIwLE#wz*nU+Oxd4oX5dc=dT2ZXLN9#ZNL<&(~X-CGp z|L!lDeTuN~R4lnx>n}+6RxZ>k>QpX?DWtl+KB4ZC(ON-7eP#C51^p25*hp z=5zDxgTj5n8Vb`o<>^1fUTB_)S}Nm_NcmO7O(glXftRW!0_ko)GH;3*-=`R9+Mg{IfkGT96SFk6jGPRG1F%Dvhg4U1AX z18xJK`Tr_ktmNiTA>ptV7nv<47QTM&EN8*k3WGorgvcfzWY_G?IU1E<;ebnM z=!B(vh<^5WgwS?|bVDa+b``G;2piCwPA+Yl28TKh`lQk#8ys{v$~OlHpc;LUkM)up z)uNM(ArBzSCSDFrnX_MR7Jfgbb5^}R)2q)4!_quq*S2irRVP@Byc5TzKkeKQ54uG4;M&d&ClRrko-RDS4@@m0sxV`dPIb7iNxV=#+5P+=P!M}`otKY$^zo?Qib4ZyPBEg+nq&B@ zXE>9o6s*csah#8_kn!)zp(%9f4@e}oVE*u255Hg}*?joPHfAwCAw-;ky*GP(Tp%p` zbcxA^i&pem5GMMy;iQvTrFu&Oad1W27uiNRyIhWBJgUqH6r3jeCOHN=Psvu1t?w4w zso`Szmk%~4Dw`31=||=mfoRLsY5)n6yLmZ_Hcu;7bBhwigw3eSFi5d_t3_2pnQvKDLzJum!>x6J}l@# zHj)LZ78^WoJuBKf*&b^kB`9ZC?rW($>GBe!J06KNQRsGU+0!m}++C}ITd%@8|L8;o zQh)jNu&zQD!+{DWCeh#{`DWP($DIu42hBZF7fpL`C@Q(#N4Nfz7wDf7i4MK)TU%Fq zCjyNr@oY8)S9Z>{cfQFL7D7}Rd@MfAi~y`)V1qL)rpHEwI1Te7At%a+#`b2S=iyN1 zO`-rvbC4UEN~oGBWHsUaw6yGU*gtKe>z&AM= zb{Cp%(Z>J5lcAf9>**$yAZ`%4Sm3hDVWn4dNp*tABY*J$l{?XPzP>z7*!hw#{;kPe z;-yN27^xCwSY^K{{NcuK?(BF$X0E<@u9QWrVd$V%CCn~u{R zbc7N#n-ndnIt@y5n-umF17;XY%msi`tH}r(&z8$u+e^i9SF&6n*VQh+89q%AMvQlx zD;YtLcRuF};F5!AgAboTempAZAu>)TYIg+b>#@}rONq4R8ND95Fb`+QL;4wsPp$C3 z*gmpBZf1NdZDq^jo*8MrZyGIJre;SyCAxYjM9&4COz+oaa7E~B znKy~7Zhi0du`Xgu)$6EjwU*7Ac4kSZCynwBdwX}6WMB8mNvj;1Jdr&MG|N;NdSTHZ zy-e2jxJUzA_4PsyVxKMeQWCL6VJ43}k*eY78n^wBc%%q#uX{3=x$Z_Wc)MBw&BVFl zxHUs+s=51NeW4{*9=H;73?Sv@68|+NBP?$!jC4jf)9>h-@GrZOpuDqQt@{%dqG^wh zk+T)N58Ji87d-aR7yr#g3*J}cs%F!Rw}zAB`G2++Vrt4~0Zb{s|DU^#ZG-Jb z>-RfDM0?{_skJ-vN6N=HL)R-?*cK!$c)skrd21P*Kl5Xehn>LdLd9&_p&kz8&V@@W zHGLQjUt^W;+*KiAKD!m1w!kSYCXh~a2s=3_Vf7H=_O?>QILgM{FUXL%L7Y`o&! zZDH(;R9-P%=&*KzC*bEsr;uHBJafw-L!Zh!!`le1e1c!)q~2|d8% zE;3i^rz|6v2mY}ZPjf0cuOumNxRLoX3?V3AnN^LdpJ^3({lvZPvG0!?Dzh=_aGRgV z?2t>vEyW-@^=tKDYaz|9j-^CYf?V%-;?IihU<5;*rLzvTJr8C~~TO)@+ z6@@u2m-*xq`Z}ENS&6z!zJ%Myb%tWnxmLRp*&{u2oLbsZC2 zLU9HAnU=eg#ZS33x0SiQmf8Jb>0o|@|B@sf8{bp+Pjl}wkO#Wl(cG~PCT zr<<}dNcgqWq9ItC4|7vxtfChA50e3j|m*NP-qO7%77!vp+a4=(*jg2yL))*JOB-I4b{v!Ij+jS ziIjjrkc@Av%ZI3^M`&k3OQ@?tNV^wDe#XzDH;{A&@_ruuQZxz2mwe+`A$c6v z3mpLPn*H(QP4@z!V!CyGH1s8zh>3C@%}FpuA<_D#u=2``n}1r*<>%#=@7ifu?JkXW zb|Fau31r%LzP0bDdvy$LGrS3Mh=TN$5=Z=+{H3L;KJwHpb$+qq))Lg!Gep0zt`F(7 zl^`@qFSs5?uvU+{_@}@DnQ0@4fQXc-KIP%aFN(p0nrq2xj<_cZ&nN2uWw9-^U*MMY zB$+JPVwzIY*ji-|+pLFJ-s82@RHijk zs_PE9-Ls*S{VU9YalqUI76&D$pBP#MtP3VBC=z|Eixgp25_B+@U_qBBHg+%@P0c-b z8L=I%w!l=e-30#*F~BEdh#aqsbGEwLfXGXHFAN*n-w@V93Du&z2*c=wm^;7<(KeN% zr;nmvptIE7$?Y_cusCAu3}PW0Xv1;p=A0F~LF6>05t{i;bI@j;sb5DQhLXvPA}%pt z*I45SU3Kv{i@szDDWEjBQ(O9wjUOan2sT~r_kSV-UZ}~D&}4Qzj*{-r{@z#C>zO2@ zMao8xi#!cClXH-{l;STPL8+;r^0VC$d=>=U8(xhcD9k5h-sHw zR|-fC&fY6qF9KuGplx($JH66wpA#E7v55$9ee)`ak3`3sa}=E6Hl7C@`p-3jWUbM7 zTfGNf3GGBnRavNEpN0<{Kq+`l*KIQ%-hzkL6)4tPP$AjeOp1Ck?MjneTa2i`nlq4| zk}%+{Hd5`oM#qe(ny?glHf7Z@8+6v28Qv)OB0Pdz`d4V)l(6xnH*|!#1~o~vH;O;3bbtWjMwp5q<{Mz{Ol!3X)hs1JOhV;8H(skFU;WKILMG*?kk(oh$0lM#uYl_yoG-B- z6I&dm(Tq%Otd={BYFK9v62Ldnh-unV9g4O{1q8=6%|0rO247xYVddn#K>o-f?_TrgC0o4#>8ueZ40SDiEpls7 zcD7~k>%YvUJ!FZJ#Us(sVVbue>osTow|zCWH3G;*zZ}o%*zNjP|Ct6syNf@1W@5c& zSlc)rugfNk(H#l5d%;7X|E$gMSEHdP0C+`R@bk;F(^E4L#hXV1e{33E(t_rI^Eg&BVJ!0pa{#JT2nS{$?l+g;wx4q+#;Uw0) zi^6_4(v|t9sV;d6OgUQgpIsda4nSemLH?16p}nBfp>u%jwKRVL<##2YW?^k&u7L_h zNjlMzM$AwL(97}<+--p%WAMS9XJ>j*f$8UKXPAx2WmsAM2uYT)000yI15*T99QfDR z+JvZv(_$fuzZ}5geRc|n?020|RresXTqGQfre8!wkP{+@wm4$$W zwEv$HFae%3dEEb7PsTr-#$+Nf=FeQoM?puYQ@2-MxzQ{>$$}oAMx-ETBz(h$-fM4( z5dbWhQdk|ok&CTCYSAX?LsO(7Mg5pK+kv-qzEEJ-<{N@iL22(f@wfN>2#be;yZd|a zHprxDwk{+HRF{IlkUUD@FENn-QC+VeI55&Mw~+Ea1$P~q#$QCUy}gV~gz#P&bDr8; zXa?!~p@aDDZ-N5^=Oq#J7(T=mUIYsa#>hb#LVDl+_)=j)kx~~OLP_`xu&_QDFf#>x zPYf?8NaU&9Tf{{e|2m-YVlU?1!Ot8q-~CunKvYVl`^D73{LQAH-dV`gdS?RxZG@@{ zbR>p&#>h^3uhU)%FwhL-l24C+#=XSap1BX+42yrn(p5nt6O|ZVfvNbJC6S7-8T{je zOkX1g^&d+|OE};18MgY!?L!{{KsxjMPq_rRxuqNb-STj;L>Dn+;+M1prspNf5&L)j z1DgxAq;m&JLKAj8S}vq#?p`hB#^GBCU%hi--OcBk_gFJu6m+PSe>iHvj0)K(+oLtz zH9cN-=H~7ZfKWaA++X`Z0}N`^{TEv|NUnzpc`O?d>;dLsaSCA=0#%~b5M;roKb#&} z^KhcsLY`(#qgNN659yCV?@w+9QpDh{xapAma5ke>p0?5L5qyp8_OovF5P_ESB+|@I z9fk-)J*6UU^ZWD^;#}*rmR&zTl814hdZBTB-YP5+`EHl7y=0i$G|_8}e3vc)w`3ZC zs3J1q*$4CNAE9>y>BouHRvd5+c+|`lC=Zi01~6$bSJIN7>~M@-TOn0NV)$srn=G|u zf;W*qEmTHBGa0(@KG>j;t<)?1!(8Wh zCfq9J-}s}Utla!yddAaJF%B&oF6yy%9~MeD#9qFdE}AP{oLN}R zsMAeBMVFKwRpP)6A|TlRdM{mKE@%H1>?Sd*;pXNR1@)lKT1-OBxJuN!(@cvDL2PHd zX25vq^MaaUHpva!H5*vww`Qda<8(koI-td!U!dTA4pZw@T4Pin!0;nxrxN!xJCk~DXjTx1E z6$A!nL;jM;-Vbn6{9A;%_&Bcl%}E5biXgxR`zS4O{b%(H?n8_xo}1mi{U_Z0onDt8u~VaDqz?N z^VPxNo9wab;3%SA!x-3|%H&ZKj4;A)(9DuBX?+T8rl`|I?*I*yV=BwpPa;gwP;hrZ zssAf$xYTXrG$Jsl>)*@oPmQXSbOD%&@SN&W03iFd~U&o7z+=KV?dArg{ zXKqoRR5Vkz1`fzvVRzR+%lU+hPV!qfKHt)?7Si=iDXdoz2IcvD+~$H7-zlerXA1tEi==rKX1N`Ej3#8tH6~xKil1 zYFnUtX7JQUH&J)_MfUsK=7ra#bGOvh6u~DG#&7lXwLx^7lhzK*GnW3VO|Ji3)~z6L zjimPI*L~*fR|g`I9_lnHo-khI&ax})9FxAXtDTc7)e8J0)k!c}YZ^CIni;9YRaJFkd2H%l~g2qw*7h~@j z7)jK2?Z&n}v2EKnC${ZmV%xTD+cqY)lZnl*pXWW_d(O}EyQ{i-qjpu_dtGY{RIK9! z#P8Mb?^Bt_c0eQ?-U>C6Dd}Kdpgr0eB?~&W#s)#^p+2Xl@+OaveU9{yxyPxcmNqHk zPB*&iNCd$k>A+fRX9g32_(7LCV%S3fB>IiIFkTvu1Ai%Yh(4gP)<(1g;XInxw0CdqKe?41ZVKu-(68*VM(Kn`G9EdmV}Zx9O=dms}j# z3rpme>Zd_!kIpzGIw3pyYICP~CDZ>Kq zn3$NAl@&(m+qUY`J%{5HZd<7;#WD}aXA;U>y$X9&Mvo?8L*oi2y~CvFd8>~*nkrI_ zl(abOwR-=I1mK8zvHCQ4SPrPQzJd)`-0n9FaT8##g_PnVOo|v&hm9(%2be zN15XAB-S`LXCb13b3`mkw(ava8WgAi_YLAKJJm=;C|TC{Zpc|a$Z$mPv3LaCW8OL$ zR-a)MVJ{dW9>v--6e0{y-~dL*Mke`MsAzq&)15LF+m*WvV^WeB=lY zSVBMjKv;mGJyjJtpl2`?x|E#@4JY{9|L>1pll;lh9gHu?RUTbdwjkhlED;kX$nZI-d=GWv=GH{ zAI)az#`&*fhi~N$rGrn`akBsQ{pj}>^v5LwEyU?S`d?!chd%&klK)?aC38qm-<%FX zb4l~H|CXRqj*g8`7@<*e1Vc;PUWEcu9uZ=!^92WP2*IJG=?WZlvl42J*S%XEhW?MC zKoAUYisfO~$v)lSQmQ`vklXYxN?XmgI-7sFPCnls#Ui_yZ2XIuva{h2a#=WBOqn~X zmd9`Gc)(^+aN2BG(~V8?OUScS4No)qK~^61IrXK^(t2;-;_8$5r@e<)r^#yw^pFMB z%QHE$c$);dp|SZ5YVJRyB)|SqTQ7HAhU3zy{JSPpbejw94f#{|_pPgSTKd-aqi|nn zCsn_zAK3t7B3~_NfVQi`_o+@Pkhrs|=kQ$6h34}!xvP;cJyX$GD< zC-u*KdnH>fHKIK{fBEvPpWH1_&2P*W8Bs-H<;UbZ5py!p=oTk(dzzwPF74;EW&P$0 z1EC(7roDgBEBn%!AgnPrzmwCssa3BN`T=c>{hv0vTU~tt_#o=F)|;vro+jLlNmY8U zLOT-bvhIpm>< z4Cwoea>PzEp2i^DSp2TtFiTs^d#-!GO2agTPeb7Wt^(0rz+dKQ)4QM8m(CGT>XN2i z6iTXCUg7TZ?&Z-_-5wUlq4IG8OIKpHSTSInqAv+pn4~#Drirnetr*iy+g#Hq68NhEf4*8O^>nDi z4Oc&15x^|KRpy{pt$%MVyR3x9in&b8aJ`;plE;e|I33=sqlC#s(BVw{hZoVWXX(30 z@?|@yoB{Hzk8Nsde|p&VWjJv7-=6&1ImyT>ZfSXvyrU1~MET~#1flNSSE^C(XrJ$M zF^7Cf;#7mLT(+g4e$dv|PIgVzG)?wtZR;+OV?pvEHM7gbsWE%Hb~5{VI$$s~UNjKz zH%W$*M`{P*6#j|WLGm?n6@kt%ejr3C6YO3fR+RW4+^S_1`jRk6wT;p{`svIy#)is(k3Nx9eFP2kN_z=B* zJ_R67SJ6P3o;SuN;9ve^;?R+XMM`2xsYq!7tq_vSYBSAcm)m3`$XG{K{pkIH*W&B6 z)2zWNNg3mx`~T0m1kOp1ePv)i7A@LvJDTWt22&h`oW7cVHj(V<$c#1H|7{7SwVtMI z%sLrs*TdMlGcqU0Y?%L9f#N)I1LJ&3hL}wtvtr&(jX zc+?@_IpT5}$GA<w^JeHYE%-m%)Ib=$0Mi;~I92BLU#*`eV#LwHtA zA-pn}?2-y{i4Y`+29VC91jbVHX)~ME1xFqIj_q?VYe&u3s-w3PF%-!u!^YRem8aJw zR=N`c`sqFui6a@j_Zi3ObX#I|h@ye~+SxWx6;cx2=cHVQFJ&q>r$;AwWRMV*FO9#BtFcr7agcBv2|Lz`W};J zfVLbokxb>N{&veR4s+OjNRw`1h`_B|s+F~vPN<)1IL$4S4%Ct{$e`t_rdaMY{GCAp zxVQy9tE|zSA{gyT!I7M%mgRX;;zcKcz2>tVfCYDE857^lTm zty2#xUYXL0(&(NJ6~|@S8HoSR-d0DAiJj;<==Tg+%#)fnMpeIF$uKJt9Iv17oFBNTOyUpwc9y`;*RG4wl}c-V9v^W{ zZC$FTC9W-A9gO8gWTcVZW|@{(l@(Wge11OG8tS~Wh9D_!@UD{N5Pw>Q2*m@HIzjzFzqwS)9`2nBAh$Flb#}24|MUfs z%0|l#%Z-N)51AusbOwNuXCqk&2_ zM?-9`Kmf8E_q7p7x6!vE9zhGrJk1ipTKjW@p{ya!Du?~@6R+z8l_s_^ubeWHOVvPI zT!JYyVz2!(R9E~-sr1)`_f^Gh9eGjnU-&h#7F0L_YDFD%aHKI>FeJMvXiO@EBd``T z@<(wpRG^Dl`PIy&-+NZ}nnLhobV;9yMjm0y2&fP+sgY@u$s*0bd$KGP$FH=0$+&!r zxPD6aT|$jQoTk0Vo~W?dzT@W}`}vp6w?AvxtT_7LyNtr(0$tA)TUQU5%?l#f=V?Yb z-F32thVX-dI`L%t*JE&=5_Ih#Xxz$0EPL`3!Pw3(zMfOZ*E{WJK~Pe4SQFR2hml=H zaB`KK2i(o-J7cBM%(ClL z8nUv^+zbi}AbGWcP3@)$J$v5%5JfD9AW7-Tl9<_AUZJ_?C2I4weJI#S3i1Thw~Aez zUEz?MFYpO22PZJ%s`@v)l13D>ur)zBVj0=oE*M<5+b_1mOPHszi(^~JgZJWOx#$TW zU+){bJkR(!{MW>`uy7dfzBenujo+M-g@NK(i#l}|zRLAtL9KO4PK`uq9wqwR(V{U# z`$JO8nkXC@#M`V07|JC-jHrG0!?bDLRDP4-hDxj~N z-W#r}z$QZ|+y;-4haZ43%WjtYzb?KA7(@uhn;g#5(jo@3nI69H41q(Hxel6gqrYW0 zv3k8x@w+#e zecq$8a9V_YF4#Emy~)l4c@FKr#q+%6R;i9_mP^m$t6S0SvffkQC)Im?w&U_}f8HKM zgr2LdjZgSLhws#HS*;8eMlwK&5j?KF8&@&rdJhZVxao8^i;0yw6}N-=*~=D8yF(VSG!` zzwCODkBNjM4hi|#=4JeRBF)z%`B&$1fZvTq_%rtG4nsVbb5MbfPw+rNmWbb1bNA@z zxG*2}N3^Oq$=G-~x!|tv>#ZWHs`7rVG*GH-&i$`aax|{JcR9JX4h|*?E>~g4PP(2@ z&P_lv-9`^!>ENAn7Q5gPGkFggjBIkAdmyyJJh%`FH$O>SI3M{?)u>a|eU+WWG%@Xz zXl#{wwDd04U+Ctwt+`0lNK(fqHq?vajfnbK?DZ1&#-fT^1Rp*j- z(o&RpDc2~ir7kn45iQSg!}t>RJoP`r~tsI2t^C`|5?=R#7jYbWGdAnq9Kbz@6v zr*>quUE?Ef8gXU1Li(Pj=d=SV_}h&w@MFS)R6M1Z z(b*X&n?=#>*HixU$jw}MSJaqBpuXKL?s^_Yl_&DUHt}@4{ObR$U#s)yPy+DyVIJRk zu4>;Rnf(45xFYFLeeS(iUZ;se?x|*D?tqz}J1@}*jVvam(AaVG{ydID=mQYnb6>Tn zU%#4xZG4ZL)7;rTU#*@AHf4!J-+oySY955h&#L`9u7i$xdBklpP@ZpK%d1wdP-7zT zwep+$X8X*(1Eb-g{bQuKT!dTMRxo79YxwfQe*Sd)hrrn$43w#4QJ}_x-?`i6(OnVi$P%q^`%| zU$)*2g(O@Ez8y`SMNt}%nkLC`-&TDc3Af(ahTh`+5-kg)G*jTb{6r-gZ=lQigBa}+ zclW*DmRR5@@>|#_Ag)p-h9ZEhK&@`I+;S-eL@D3pAP2vljyf3w>$Bw z9s6bXry~lt>GZs7=0|wYi7d=Uw`tPql)|BMi=+3%e8rFi7O}Ti1$lxn^48n}32~OD zOEur`xmJs3bzHJWQ3;y$tg6nl_2fAklsP;GUOrNImciTpj)EAi8$ShmNIYh?)2^+U zgodasXGcXmu$|YzkM$DIVTMFJ-dtB^i|aLrKu^-fV7A&HM}`Q6;jrF^Q1V6Z=#nOC zSj%&hg!`MJN*aBIw`$(IYG_p-+4qW9Ijy{-c_J1oo7vJsToP1_jw@nqFSzN^v{loz z6BG^xr}pqjfrgl7_D0%Ej$ee(B;~KZCm|fdhxC6*KR0ACiL(Fv5AB`)P$3_3(o6vDC`f zlWN=Tk&}O(N%zk+FVGBOZrACRGY~PgXBEJ4i$duZKVu#~%CG8d$LT-9CSk$-uUNVz zb-ADs^I__r7_o^bcg%Ofm4<2N$s4CuP_s(X)Sy?%F-j~dmekUkRda0y^rMHDLyKQ_ zP&7gR5ZPTf4^%v*@3$dq(AJczYEs=kIgMh~0^p1)BvHORSko@a+-giFa-~EY% z(8Ru6Y_Fs!H>$)+_-mf8npef1`%j$}QcdzUp68GOiY%}pQ9f9!mC-(2R8TV^I1}PNYI*C*BTJ zR&)hU6Xri=%S&QStIv7+L|@O$h@4yNo!;?KSb2++6~l7MYrYdmJ)rJhw7R)JSQ}z$28(1e5evH!6n13usn`fQ(vj*OMf?s}4TP|F>;} zke4_8Zv6n*cl52tTzG-rE38V8-2NS;-P`k&-BYkQXXAjAR<2MR}9A=|`6L3woongW4-o8)MId|rI zs7deF0?u`t^^8dSg?#9L9Vh%9%Q00eeJ`EZhqRa({2Qi|yL3X~d(l$C6!r(?z>`$U z)F{MZBoJ0FzNfd7dEXYphnt9BzFs8Q9A6B|&)}oT9RT>^Qn_}P=to)6o{oNO=bQEZ zJw@wQy5s_D&F^~cYm8HNI{GmZ#|Mt?pZij%^lWeylsMa|x2dJS;PT4kP(j;Qx{UT-pRtIjiV+0dMnsQQ9`^@tF0&!LSv~NA#lTncUB0ENhXU-xb#ME;*xDbzlI}jGKpeAf# z+lCd^z)MGXbpaxh1lzC5#*4vqbWckEt4=r$0!3Hd3Q zL7Z2Yv8et#YX387X^R5SEagdsujMmo1%eQ-nQCfb zYede#i%m~$#aeFZ;BT30mHFDJ8hSGnMp3Uh(g@EZjau7#6`8KYFEaYJFNbx*afBwY zk%Y~RWv&pM?KZYrHFz#yES`-n6-&S~ivwJ=nLGWcz!(G$OB)L%_H$(1(^?=$`LCiK zKrxU9)(1H2e>Iy}uoCC2-Rdvmf(Jt|ca&S8YnG++9lk%1r{VD*6gt&$X(J_dI(U3O z@2<9cTdRKftqIL)XF76ip7HqZEG1Fzc)C{sJ$5EYibeYIeysO}(zpL>u?&x9dIy42 zb{Flxt!p@yqw@PWsWP7Jq<33gVT$`)6#r|d$fj#04{ z&FkcO9D42S;V^rJL{!F$MVEhnl!cvMY8ajs`pj@*{>0??OPVG!29eH^LTwn<%((Q( zOMTx91fI^~@^N%~Y`Y&1Gi0Ns$;{A%DP$l;A#g(1Df!6yEt_~LdzlOYoZgQ1b}yrR zm+EpPi9?4JB#;Gf55rj^I7V@md=~P{?4<_obpxCka(FpDhdXa%!rhUmDm3+p>FU6q zxg!ZtK_?zJUHkEZMZDn%MPqFs4PR+x>pIW;p$12Q3Ou$E$%Z+S(KIAyXfmWo&`^Zp zRX@z$8L0c0haba7pZqGv0|fr2d6en1M0A1{DHOmUaU{SA1c8CMkbKzvbZF$Vb95VQ zlebHKN_jrLD_eTnl68rO+vHC3KM0FZmEVr*G&aWey6*y3b>YOR%$H zepoxw6Ml9+{TmE#*3jd7-U$Tv`r2u!(|dJ%jH)8w59aE5?RBGmkgR`apT0Ujtzqav zah(&m*=hT^J2%;uvBYihiotR;OqHD;{f$nd2hMV{?YEaS20*7%)o(Y>ZwQ1GEfhvv zBga_Ja9mU4ef9smsq^>tXQBkkhxqa_(jKKxm7uB)_U@F>=DO=C_d24jjLC!FL5)t>mB(%poS6p^KPm=KyWLrr08e{|wqIQp#aS$~ z%|LrG!(`V_X~CgypdC)3f7kDu(}UGbZ#3D!gJwqQGOBqyGTwcs~?WhnzNZ$Yt0Ep zAgM*ph|A6*FeX;+ecb_Fzqo~;gQsBN&GzyDX%X0?6|#-Sq25B0`tu|IbaX?yuZlyd z{Wr1W$_Cn#%!!g*h2vL`sfDCucv)FlRFtLNqWpj|Sa7qovU)5_hM(;Dp^i4ZhYCZF{Ul*V>F1`LtvW1R!5x zAS0N7_@ss}g$p=Xf~2>)4E)OlsKH1Il^?XWs`Q}x2ZF4H zD%Pvz!|GQDL7z0e1fi&PDhCpS74mUIZx6jM1B>{OR01nRjbmDmEL0w$>^0n7Z9QoU z6?{N`CyXr3l@!*ORLF<<6>0>r1^Kt-OS)H+q&HSA8`Hn{&4Fr&(QiXA6hJ)UTDjnG zxSAAVdI>d|a4HQbmMg^5NDo*+t;Y33FG|2YJU*@xiZ^!WcUU|AqlalW%~5ozAK(#0 zMLUkYNx*l0j4U*BAmG`61Ofc%+C2ngO#00qP&=;a0EDX-9IuH8HpaSo5&2^o{6lUB zXQFucasOFb+R0uF#t*-u9Uhw8BN%%<`(r((ProU{8*%*_vgvo z$Ry6|n{DMxQ z1n)eRbI;UL_^?*e?>4o2%)D1uvcB9rGRRP@FdVf5o(|r&cfhW|F_aR!RFV>$a|wx< z?GDiul6GwgmuVXI$zr^!#1r}D;@64W0po#9XB~N3_(xtZ(|*oW?KjO1=!PVu?54ms z|A36L#uKyp^Pup%HP!Y>%MK+n2_+f7gI z(I$B64*&w<=nzOca|BaDhBF3(AlMfAxbwF_;fnMcyp#L>m3S|0f-_N#mwzFvSXY9@uwQ2eoW^$OOdY>92~u zh?QVCfkq|>Q>8DhcYYuv=+EAS&{~0q`0Ay(cFQ697O7dq6RJ6bTE%_1_TQH z5nVqULhkLtqXy)|4hbw;kC4uoV*n0WpNyB9tU-iCn}$EOn7t-r8a6B9>gZuG40Z5J z%t}V`4w$;soe>?fK7Vmvk(OUlOFWsLMLJ&?eQaXl>yg3(H2|m=7)|+qX8rpDWrg@> zT@Qg^>_B4+w0rRqF;gZXQZPcZXg_lK8r{LQ7zs;D&HKAF-GLsmW8gj{Mo_EP4gOi= z0=NtombXJTW#}(N2F&1=0|xT2f9q<-^u6a%`DzJ26G8T(D~rnznSY3CaWq`VOk5Ui zCc&-X)iz4s*|C^hmLd^T(Ipx_J+pG9-+Ofq9K0G?i%#r2b^DGcQ~HR)**G_Pl9WJlEXx;K*)OzoS#C3k z3!Jcx8D$OX2dkIcs|rX<=SfpB4M6CNZz?hmW?#Rh`ZN^$tkk9{tspnc*uY*xDeaOq zXF99ZsNjSH9Gd}F>RM-RzQPq^fwAcL^rL3c;`JJpFlW8EUS5!yU9ixxV^m^B;E`1( zSgG?`kQDL$Slq??xR0|a57Opp>b{eNRmA*6%WH$BxZ!a?qv;VYK%tf)42B_l-rRk9sf(UcS;bZT}h@e&J z$73Nc+3F<;d9IXvLhDz=9(noB1aQE=p+g3yRC5}O3#o`~g4>HGA7hfc7vGZUyJ*Q8 zOpUaFS=7lx@c@VefG!N!e}so}9}*DTR|Ph-vm=<7(q_Sl*$`Ns5rebtM+%u6U?Rxn zcUgiK*UAIp@Q~Omk#I9XCgPZi6@zg!6|YhM2l@ z6&J#~IUoOP>v%#)SYl83{F*Pr6ig6cn|y{F>`y0MOaYT~WHgSY83HM3N^C?J_4sGN z4nSV)Awl_9w_mL&IW+kNf?$El!L5dhGk!e%j_nxqe zVz+H66CKkodX(5Q8Knl(rHi>?=Kh=RHh(ix5Z)nvTjGhs%^cB{qlvRb!c-^9&Zdo> zi_!t*@8>1&D!~Nrlo2sn%mQqB(5-U^uWcM$Qr3+!BGK53B$$Y>17akGoPX^;3Z96h0MU4Pryk5^Za+n zAz)~izt*EH6p=2!wh{f(h*dIV0}Mo0ED+t|#EB6TDK@O}(@cZI)qr&GUt|9gGAz|_ zg$g7+DxPEzN=@#Sjv}UmT@L3K63%6SvC}lWzm}kscxt}CBE?H`y#>8hl*O6Msh{{S zpsYvSUQ7w9B>R3|_$-`7?wj@z4I{mXBr)t1qtQOq1I=5LgRBV4_^FbI7nkO1O3Su` zC?4SVS(*e9Sn|n5sw}fla-``?jY2{M@IdfJ_ZnJf@O%nRESjDwka~>e81-KM5?#A#bE{sZh^%A9~vbbS1j3SS!)(y%8 z{uighp(RGbXheaYMrIjmA&+NSxR&G}FuT}gH9Yi{*=(0agm zzLZJJNu|Yj5@t=TjYw`V5l75au)tO+aKjqJP(fO55lHKd*hUN>J%wyIF->dU*$T1! z{epsrg?G+l3wWpIPRHxVJ3iGiYKJ$EzHA zQ@`?x1{U~jiX$>mQBFJa9ThBN+?}FJj16k7#kIJiR=_l^iXyVq90S^iR76-F`a%Bw z;VDfE9fku(k6XgvmT>Rn8*;o`)5OHR&G`f zJuV>e3q`pnj8!!PGEXzU=ajawQ@%q?&)LCwpTB83PslQ{8Xuxox zU}zRAGqm(HlI3ILCP_7)r2hT3S^V($J~2ZoH>=xrTA!-TerDi2wFchuMWBAswCBS2 zE|niUPT^!RdH-fN&C4HOxUTpk+@oWXlUI%$MD?@bL)q?~98$vhLVM}D$Gzm8Wu?pN zVAO6e={5YI?hmso4?@8&GdIuj;VWOVOIYBe8wdY%GQukbsm=I9R9T_+o1K(O2GyI2 zh$?ga?2I4!z}tn!<=vqTg@d%DzPM(-AcK@E%wii{Z^q+L1!srUs$RN(J6#%yEtPH1 zcf(Ypiz}MRzB3OM0*6TNO3a(FV9}(Mf*RCr{JikMzSYE)RaK7Y8m6YEe@1eL)Ut3l zuiTHi!6-dZV*CAt`$f=^uKBEfA9(@{pxd7y{Cc{(_v(``X&ctJIpAxY?&QVGcu(e% zKM;@hzHx-|+zta%HsaK7%Fne9hbbNkGR~2sk0wUkKT~WuaS?a(%wGTe{Z+{k6|wPa zSFy;+)&u$@|Lk2Ah3HRu}pSsoevfkFa(WDi$f!Es-HPB8s(c1||U_3QYM$Z-`}JT@&-MZ8uf_tE6Eu zRUoruS?%}_MU=Pe)8aa79-96nPp;JUOBA&H-53-`|18lKZCeo$k(Afv)m3&5jzip5 z;DNx>T@?&P(Dl*LQHEB5xy9eChkB1A>Ex6DqR@{fJ*6CZ(W`m911B(K_X+Qwo&Hx)Z(L2p?)la2% z&A8}>RBNl58n9*d^{VV5k1t_pJjbmV+KI$>-6d_jOY1uycnD-*Yw8_WpYdHL{C1@` z8iqsl3%fYLRCOlM-eUC}3Lg@s;VxHn*@EN7vVY}2Psxi=07LgX*C7t^tFY6{S+cPl zj-Um@qPW*n2MX08ftm+aP0iKL8xqjB1ls>Qp7OWC8%$`d+eI8{)jpr_RZJO)z(>S& zz<3^G+-8r1vUr*J)j$f6|Ba#}(q)(l&W=0(RRm63D zs&Y9@417&t$RhnpM7{`PV)R#%`ZZy0f$Fmazv9dXN6ObpoHGs$oi>)T6K7hLbmL+X zjVNZsX7|_ES5Q#UdN(}ccf^=N2P9uzTN}r_k-GxC_Z{}`p7${fwrDbEE{uBXc7HH* zAO$5Qlr21BX8MFgVZNo^)4iN;Q?)!;L=r=K$3LIDRD<^;hTIoBc5#v|)XNL`<{6h5 zJdODdFVZUe`Gst+^#1P zmH*-wM{x>K;qCzP$;fFeje&Hb`g6=B?Fab4_z9SK$(WJPDF5sq$Ouf;@=4hXKf{p* zdK@#@Q9j-(-b4^nwVYd zSS$B&OD@-v9$dlGl&ReHITfYhA3W=BU50)H(>bI*h5%XB2DSA|BhhOm>1v1@QOti_ zF!HA15BUB=3x+kb&w7-Y6nTR{V%D1&w`KRASCk4=nD99OT;Pv%r;Yk`R+UO0{}ym? z9p7-(FI$j6wZ^%uj(@yK-NB-)R^4%JMBk( zRy=z5>&a`Viq|^{i+Xp^De(S%()18^`kCpnP|;!Um)ZG^wZNV@{=i|Ppz!{m?-p2v;>aSv3+uH?i^;35l;GNopu`{Xm7i-aS zqe;9skG95t6gsXi@myt3x?W1F{z!WkQ;vaRu2)Gu-fophMUWeT3zYJz#=06dV8 zg~CyV){+}(1t8hMiZ81{v(Eds=%D^_D<-&}%3zP_!V|JW+IdinloGlyO4BCz`c10+ zIU z2kyFk;uvr+%6)9_<(kB?eFWg!zCpM{!jm~FVQ28%8=28% zZ3v%+D=iaG_#T3;h)wPL$-kj3SRJ@U6WcJ~;qq;%MF*lWln<#YyD-}Okn@?w(0{c= zPctEhR*iR8s*D^Xu0$rCPnnsDYu6Wul-_Kh-0;=bBa(^~vgo~$Fg#zGE?t~6ii{`> zN9(&zz^r^yRJ?+$+C3J&_7;U*>~k@04U5~~qmKCPFC??so@=$4#6}V0c!)Z5*;`W2 z^PK9fL>4}pnwyAgb~1?AMKyqd3Hy+Y$EQc9xu1;Ww%ADH>slCa8z6uTWXj`GRnL&{ z=Li{a-(G#81*h3tLk`qTLk&WE`x|6jgvnuvsR(ZJ*{W8(NgG=!pdCDjX42RHJyLENEK(ABz@+)BUT|du2#-P)u#)%=) zNTHRqzo20X2olJktDx-i0SzR)JUl!+*&o#N0YrqXRtq`s)(F+9=<)bZ;Gn?>qq5j` zHcU$_dgI>2rK5}@pM=!v6}K9^AuyX4{<5?t^Ky)@SeNm;7qDF~AquThgoXW^2PNHS z1`?$$Dbr;zgtoAZRB`0fX?0g;cpfJwy%Y(VYOw_cBDoJIpq(g@DODv_#yNh0c^oT6 zTMY4_f$6U7>horAGMmiETK@3SaLcUoJ z8>&VQ0tv|_u&mtTYr>yEQ1R5~(~W~rG)MTpN)&0*1~xFHQ3QCaUc1eQB7?;j%CeH_ z%x{}WSzp{o9v!_ug&mkuu)+TQ36+N$NGD72*eAKiL&D?zzG?*)sYaNnRm(}WdBe1t|i<_SfFymcKtQqBI zBDo~1?-JJ5C>xG^97j>a6+7WMy-$^xjm^w7>8Q56w>u}fe!S#gZ6aVRij*4Ix$LdTaNb=SYU0;>hn>4d)GXK3nS(Z6%NpFHX0k>vjGVC zU=9pL@U&hY;xkr^VoTSiFDc)w^lYKi+b z#APFXgE1zj;*}~(#FRLOKjwvnw?=S#5boXOBpU{&FQ+Z}s|$i@-X?f8S$YUiF>}T>S3A4bW?PhS`#S$DZgAI`m zGRV1tGUt~Ti^>wsAuE5JJXG}#lPzFVdu==W7fv|SQd|(&3M&e`j|kcMglSma$V8A+%R#L&Z<_MBcQqjK_zE2-S*YrgI!&ETFSik{5 z%unrZ_d{)Y?sOFt6gZeZq@%zh9eZd4X)9=DqsdA{QU!<*7}JTXaQmU2r3Vv@&4fL7 z>jk(x32h3eG1mJ6?HWgf$(OPf-XRAMty-k!dvwYN5bzSFW-{da55K~Bk5I^7#VRcJ z@;kBeB}AtXU#0+Flqr{vq0zU|4`}RQ3t{Qwi9q`a&5(^>02x&)&d;}Zg4Oy{!!*rE3gu_@hNwJdRb?L(}g3-q50t5Wh8X%EB zi>RRH;nUHuLY2yZfS)O=Q|*NOkEMl>T%n&KQ#%FeNE7}9?cs{9Ei)s9Zs38znm`U2 z;0`LUtEpn230Xnuhvdc;t5db!51xr$QCA6(n^~Z&Sh2#hq8fnA%VG)70i(HT3wa7| znM@Ce8e5USq^y8>82vYUCLakzeJq&}L+!dsJpl-=YR6$|zWdRl+~5FH`j$`c#{q>Y z8=*Y?A5lhD*T7pe;($o`As8-FH>jl^DMB^;=Ywz@ zK$FCu!Vx}cy(gE?D}sc{_61QWB-q_Qz>$2-ZbZohOd^pGjy#O0 z9D|-8ynr(?m}KGR^xwnZ-5J@(hQ!kj|I>;lsLQ;PsVA75=uf)Vu_YZONNyqvt@pR z`7(|n zYR61g|+u=L{xD?m`LiSo8R7B&0 z$$v36K_#$iX6bH6CRkS?9i+{hJ*{G+X=EVf|0$y_iw`dSC)NlLcmfK5JsMcY_vws1 zfq%@M+9(kdT`#iJIDnmLFA=K$hyFSu2&FgzU?u-a_O1uO6P#D=!Iq=6*6bSw&UaQ@qX`D=f2U5$>8ix>WVd2ulimPJNJrcP7ejj%7Y zx$%K4=V!rUkQk&d^A{Q}b}a0?O=^=;r^HT*y{-uzDPg!R-Kof0D9-%alZSc;-fZ9`r zk#XdB@9F7@bNALj=v;0yIPx>;Kx#++2W(iBpGzv8jTg_H?ckdz`+2uUX%N}K?E8NJ zyC7V$>M?tZ$}h7qYaZvmrS=M)jmmRy=|@uB!)>(KC8cx6HcGS5VUgpqrNjltGQH$R zQvclaQ>0R8NEI!)eUHq;ira`=>3iBbiul+u;$m0!*GhbXa@5?+d-cSh%53D z_o2VzYhPf)I6)Na2H*w(gwuMiwvg2{cJEjJJB0?r``1|~dt4=kE0^O6GG-2mHfcPb zTVj-a$wEuJYOAN}HU0ayfOYNr^^3b)6)sF5Ng5iY3cXQJ*{O&0@X~R^7=dxq4h8!! zzbl)&%#>b&BzNQvhl@YmWvvw@CH-XO6$Qwcg^wwlM1FtUAw(szv5B@=21o>b97@2q zNNLj>XvXk>A2PNG{{!4@vmcKAxIYfgb7MVP@QZ}PC9EwM2ms)6jwzeDFQeJzpQQ9E zYi5Aw6aDG&jJJS=dK$Eqn?4Co@I04ZiuUfwqNZl9j%K2}^dL6hlK_SYDIW=>3b(ql zvJ-Dt;p6V^E*IOm5&Lpxog^Rvgz=(!fU#QQ)ne>}_1fy*&iQHH>giFQ&D@i<_B!A@ zK!_hP+NKxDvFqUQ^78WfI<~^$CaMcBK&TetH!ye0{U288bkomshPfY4880|H-#Z_o&*nH>|mq?#E0yO>7{MQ?mxDV8A?8 zz=ywu1gilnAxwULeNJXvN~61N^p{a`K5*fXR?~5ZE;zusha9{s{F`Fs1mz#g{_I;_ zgJmNA>%IXsEb~|sCNF@=2h`>mh4z>O;=op+33RZ?4%M&LnoK$aaf~k#koiG$!2A~O z4NE24B(Yd*I&D+{pf6xc)rbt_8F--k0v&AFi>!*!m-R%U5gT~JwJO4e!QcKBQ1xW*}teFZx@Ew@bN3lQ!rQF&I^ z=k#ghDQ*5NrcEf|5mOFqG8p21S=7w{1HC60kiuk~HF-DikbhRmlvO~_FUf+tjQAU^ zFPArNeXE7F%JqH@NXi%Nb1Gqa?DnH{Hj^eQwVdgbgHv}`3Pr=L8fH!6OXS|*|4`;k z1=s*7wp1mCsgO}N=C#O|MOztHt%8DD>v9+o2T*H5@NfWuQL>O0TYUn^TH&+S3QaB0 zGlz6~n(1*U+1TZ`>ONy)z{}anpNsYn`gbHp`&PG92gVe&U$JGT;t@ud$u=%ypw0w_ z*jE9rb;}~ZlZ(v`kp5*i*k%L`~;1z zANJRDr@Fi9sj9o4=f19A)Jmog?(SxHxpb~PAyY;QnF`eRI=Gu}R5-=!XkhT=&Cx@* zt(Xd904Vfr`>zeqy+LzoAt$|rwQA;pY z4Rp**Lw!S@t+@6A-9seZ%v4?rlT5DeQMAldv(M~pgET|ha&@r|w4MJjEu_l!(TSIC zT*atl)R^B>{GXDG5CeE*mxC@g8TgzE3CW1a8@fK+BZdV+rT*nHKmX7QEB{Nw!I2;H zrDV4NlYPynBnY-1>_3o7Yj2kX91v@kiDhG6K-deDD=!J4Vp;fv+~D3Q{v>0~=P`tk z2fQPA_O=yB0kCKfggrm}6?_N=(*8ui8JbwEWDFsHp%RS;cGd^k6J^yA{DPr8Hug(g z>QkMPArJ70jnKejuc9@bPIt3_D;G`Tp%w7g_W@$f4+FgFNDKB;8nd$DJqW*2a%*gF zMb6EM*X)duL)vs`3=mGw2@)R#gwFZx+$LZUf;#z06a065J7+$#YbFjE^WcHhS5-41 z8mJ(SR*M0+g&GE#${?VB%Cf|;z&r7% zzh$l)Wpyi{7@5kYn0P1!%{R%(n*V{`N8-;s^+2W7adtl%aG5p!PyW6dQfKlDs3wN{ zlSmUu4WS~$`1dYOmr=4HgZ`tH;Ol41MgKR0n6n@0D3vdkaD+WPwafUYaMdiWpPn#)C9 zmVN+{6f_jnkl0Y?)e5$9->)OU^@et$MS*wOK;}%nDUC^b0gt2o{A$nhSBaikoVN#_ zQweOnQzm81wkHbK}H1KGpmT5{O8G!&))q>mOs~zkF^Pw53 z1n33i1ZKNIwgQ5`zZ#6S+@T}_wMawM;l8z8w4Ww$$^iztAt1e=PDy!h$9sw*g2wGb z^zwX1vHHIf?+1jNgc5;RWFhEZ>%6Joj5}DR<-|+MeebQe>|6enP1&`wAcAD@+P-}p zdkQ5mMD)K|Z*knejTxNrSbvoD807I8?6D{NbNcjSCe{twaKOreQw_66Ix=FFvX82) zXEd3=*RyqD%gJb=`?Yp?KrCF1<5W`8MsQjD`Z;k_@ z0#c}&H@(NMGKa&C&i;E_^k~QFYz%=^`3Sdwt-Te^(_atxsF$W!%|UrCV^?2Ar@AC< zX+>M72dKJ^KM+MnK#a1k4nUlf(8jB)eW>>k?-F^9Ky_y*#@G?9m z7Ul;A&y920cZX`U4M}cJ|0C#c4p-(d&^Hw>4XC*$L7=*NaL?*0XYa1g?ixu(wK)U! z_g&?NdnnFlDfO-JW^}!o-G=@!=Urca$rOE=wEJJ}83R=I?oK}j>{mBrH2n6V>(oP; za2`MauEc^%ItR;TSTKU9tegt*8m+#bTrL^!+l)pgD@GDSX6bJfkh;LO3wT=c%E2V6 z$qX4?+dtlQgH3pYP56S1d3!-wOAiW!0n`mRM#Q++OITOfsF!HMozr6F4;%yE{fQD4 zdaujiDGr57-;=4;fPIa)9`ErTzka2fp8NC=V=H;FAyRzcdckIx%nVp$ z#wvcQhv;r8-M&?!MdJJ>eE%Z*(z{70f;C864b-hMVVztvm+x zdhh4?JPEM7wQ83IV}RXtR;sZD^ks>d&*$L}m>jA|tO^TO_Gs53|732ku@k+HL|9`n zH~G~~ZsNoCDXn;#=NNt%0v=rG|izcz#Yf~V^<dqOH5{e5-r7FIwa;N>9}?D??I*Nh$kilt@|s5j zIrJFK^0jp5%N|L+m-Vk0p0-HDAiV>xi};o81B?J4QseWjbq60S>S6Iwq4n<~;08?i zdU`T~nLXoa@&acJfR+x?iamzkAJM^Gzw(Xp1|OygWC1@aHBi;*39n-;=f)Q0Fl#4% zm+QJdwACSYI*MTo+tp2tsUWDmdK1vi^<4z_N(`{vd#GNTUT4|NXVwPL)WzG>p(nQw zDXK_viXkdTL!K?GFi#>eK6Hnu!Fi%I3K^K9NtJ2yw*Y7V-maF`riszH>41AhW&Go; zCPD6%@$P$dA)$eu$TE+U6WWR5E5P?yWfhUW`|y~QsZe3i+d!Z zZ)L%a_12{}Y9x|7XIiKhV|-Y%I{Gj0;1{u_9$JZ@jaqNaR~Q9n%s2X$c_)#a!T-~I!ECUD`g0BHX%ULSP_M3 zttc+8@XvJZRz;x zTtFhGtzhw=Vk)Q(VN5D8*8+)3C$Mi_*pA?il)pvyvj~R8S*c|O)igsik}A*k`kg*N zdtKUs&ExCnfDpia zszd*0b(ud}goZp|+T(BzwG4Hm=oFJa{dXAw<9!Jy>WMVdG6x8`MO3kLJ?dxl!WkS` zJ&-#t85wGsWLOJ6kMV8v$%ohdoF9$DUeDc=MtM6_*noax^Ci`7fsaN$&gb{-lL4<> z*u0c1>{c(YV~UN%pO+`+8V_692SxYCyLe;qbV`la8H9bqQmEiATp)T7ESb>SWR)0T z-RAgZLG`j+ZmL`@kC)SbFMC{e=@$@s2w|rG4$su+{a67Yi~QgX0ouH-Lt}r$n@wa; zO{I*!m;9pbN}P9HRs3qqCzr(6*hlK}5GRfHVz1xK>c$xwM#mPvn@&s9*6?~rFY42s zvEl-eC*p5BhXE$VnkA$peZ8&f4sWLVDD23uRye?BPrtV-U7>k+Kigm5XZmmht#khx?ZxByIJ=I^Mlh zzLgmj2{TPU+>k{2dO`K97V_K@BDVJCI>2aP$aTfBIXd$xGc~<$5K0W$*Uk-R-GEvE z-_bcR&}x_O0NQ5kW(A4@o}-nuy~`^a#}@J6ylQ;+am%?||L~|HNSl4_4Dm8FZDP&b z@2si3ktn}^NKso2&?f&}Fg_^hu|XLIaSlqngY*J@67AM4RjVYgqc=&hEOj=pKL>et zcwL>NUQ_?~;s(pe%B^gA44B4jH%HEubT#wAS?reMQkm{U)$NBygaU$G%`}Dgg<-P% zkUbTdlzqA+w+T5SKMN@Et<)0L23;Az&2djM-S3rf{?wqhE&?pPL>-TeXJ3>4&p%9G zQBI+1wSyzcCV`Obd|}O;Xmiev_s&E4;17>MN%+7?_@|?{&k@}ur>kRfb?!?0jd0%h zP`)^q=M=RlZP4!Gj;#?};4Hpr3WYWgjt;ph!Pg?je1$0o=BNkzB~bB?sy07C z6#s^G9dhze_B_UJ3Uk#xDNiEP{5Lv|$W|+~8dj~@hh$Ckr6riM1CF}SeGO&*)Jhv> z{5Pte3rMS4@)!0KaY6MKmLNr^*x;MNa@)eiB|*p15LeR66y;)UNsI95-QJIifvKo> z(aKrP7a8|QC}ka9L{vdy^>!KZK6G!nDEOTM_uH%Tb&5c59$nT^hDo%hP*2d|9Y;cP z@~r-#`scJccCl=0w(q|$D~3)HG53#;<9FQ@b;z0r!FoYaWVL>n7)(P&&ZeQfe0y|p zB5D+aoyL+!Log6Vcn>z>?4Y4Q9FG|VF0yBo)(ov}Yk<=Rz^ch9a9yJ`?@LCc*04|n z^2OuHol}roM8Oi~aFeH+bipbfb#Nx@%XQLwsLmzmf>uv2Z0`$Eh&*Y%-Q3+D* zKX)zksrz+%B+x;cwe|k5s4Oh|{zGNaarWzx-x@Ay$9Yr=^kVob^h2Kc*v>(*g3Xen4Q)!sm?J zjKiCx+jog?o7?_q89t($0|J?Tq#4t@8v4{eM@+>TZQ|q_z%N{Vt}_c~%3B0l6(N$` zBTo=2YpHVGgz(8r=$_hksguLs$ai*iSH}I_`eQ;xC z!ezhzrS~u~y&(Rh3#KgmGmfFRKrdV3jd*J4P>UkuINpvhQ-WAV^YDe>Px7;SS)!?zJY6!d4JIWMTMISp#naft^(nAJyxw#?@3_SSTRp z$Ct??l>-%A5~uxjEIN8qZDg|EApX9`Igl{@u?6VA4XEr@1e)X@iCIZYxdEyM(m_Ze zD!%YLj>8n|1+gRU(dFAe``2Pj1LVd!pl-VO|4E*sdbmaBn#6G=gCP)o@Y{H-lgZ8=bCzB4ReQB;AvXI|ZbklOgxdW#CXk zq|gRuXIA^sA9BX}Izfamnxx@!=&YgCf=onoW~H^UiQlR}F+L)w1yBu@)Xx>@M?Ghe zo=TPTjGz(OoRuoQ7d0E=_CC^)l>GP{xt{@AT@R`68@vFe}m(FD~i;Z zGYU)L-x*)*c2aaDu6^*|>_c(~3ez>~8PYR0 zG@E3?rmv>bvsf0ojn{QuFqK@DU~FTN8~D9*WRyhw5G{CW@fEmuUw{Cp$6Uat?hd=I z=acG-{(jcuECZHAV?hL>v`U8o-^7d?3_7&HyzET>gL>cKa52bOuRyg zXBHLTPBgHx`A;gjJVD;`>+VIk^Z}0i*ylXFl$TkQ!;R8ZkP!1b06>-&Qd~FZeUwpu zC>y51aD@oYg2xoZOzT7;RK*f{R#VoWlEn^3i2{-&&$-_lm_;2VvEf23jI*p}&i~6s zb4BbF2vlBW zF$}=Kq-T!RRkZ&GD#o|2ByC8kk|BPN7U3xbg$27{8Ro{Q*W~WbqXy#72>~M3gpkdQ zUnZuaC5s?CQiBAWF`H;&rFc@_EV@_J!^OvB3VxOVq=Ak>RA%lDsp1X>OGk(_JrkN? zDRmz}!|MfCamveIRR|2_K!V-C6(%NY5N-MpEhkWPuW^`QsUEc4#P<~Bd!7!3ZQ3}V zm+4dF2Atf^Skr5_zyECYdc|1(;kViC&^y*5RVu)8d_AD0={=%humqPSEx?Z-oIXVQvQj~;G%nEg6Msy6AV=HkAw?YJeFPg!-~RZmfc$Dr0v z;o!rloP-U$7!^KPnbX=36iGo?yrmmBZwml{*Fs%$ZkniuRDfu0YqShEDgk6NE6NQt z(mI^cD15^=3c;BVyrKdEjFb-*ktpT+ZvdY=NLecYrE4v#2%QcqS{KNMp8^{Ckuxe^ z9>O{*^gSH5WDgV!lT3f;8zLd$S~YhN(3oL6Hn`9VG?kYfaIkAOE9ZDdD5+u>ArF4- z`XF)8MWe(mR-2Zd==^fXM~TwU0!7ST*;T8)N=s=-9HOgAWjc(pQRAt|(gBsrUMquD!4o;1 z5}WLxGM1sqXrk3B7~ZPLRaN}N{#n^s|17VWwy-RvOdRbZ0TcTK=9cMk!f>`7eBa0O zu*nVOz(hOND2IM8k|*KRTz+|t2v;dc$&M0y=%H+-*BSS@8Idsy2D#`IXxMQlVi6w1 zEikT}@TVb@bz~$r5MbKT+%JfbssUg~qGXf#_6ikFUX2M2BvmzJ)LLU$D`M@7z!pe* zfk=;e<@xOR-_FIH|bx>f22PQG_d(GEy`inJ|;J@qO*)YH%UP!f!*vj|umm&T0{^~8v zu9HF&({CScob^vHcbq?HHq3RW#mI1}PeJJ>2Q93r!PEN|fi{(HlvOt<%M=e`GCq+5 zJoy4wtl=hgGmlt`WTPGKkwOkp}w)NYXo@0s1IUK)x`d?k2^v$9JW#S!kG zosI@vACDj*uA(M!yelOxGHii%Mfn~aGS_B_2K{md7+fZ|)XP1Ss$otLH|de`@Y(_P zYa_Dbv<<2mVQpeL6=v@p5|lkz*$~}_#|Cx=8jQ8eCqSU5-r$i^9E5D!jUz-9G4(pPh4a#&X+IAI*O_ zeR_}YdEvRe+qOyac@M}Lq~p3=n$%M8Rn$uL+=naBQ+#WNW`p#L5 z@i{i1127MG4`;3CJ{oKjbWETl_ONPd9?JSwE=dgzSbwHUk{?#_iQau&JABNJ` z_#r4HQ%xigI=&&gKlq%a5{0<{SL22q76Sjc-gu`-@%o_^HJsct?hRm?(E-> zyCs%(pZki>x7B^J%ppO)Czi(Y_h6C*|FiI6qcO(*+1CCH)CGM)C_?OL7SdrMD6%rw zseo3B^Oc*@!cK*5^{qdo%`ULwJq{VlS=tsE@Hh`+x!tswkZMLm*thyvB8rYmhXe*g z$>Wb6)yyNy9F^kZ^dX^#+G&NL@w@GW`Qe3JA&OJaI>bu2PK=$<(5bDCvjfOOBo+(& zM0!V);M0-g0&Y~fk6_FR_hoE@M;6UX2S(0#7YLu*ZYAk=`BM z-Z!>|@dYXjd3gSI^Y0VSRNkoy?*udfahx8()mdkM+t=&gn>)vNCfR6*V76o^`2Ef* z=x$oKD2v>;27Szg_-;lmCf26Bzp;GLi(1mgGoya)1++q1`b1Kg$TEm>ON&5EnfRAK z7){nh*9KoR=J}o*g8$-Z2zWn_l3(x7V0+7kfYW8}XSY5OBB^aN_^4;Gsd$*%|3QW!!L9mfXpO$pM=3 zJcIvz@A<`v@`NHmz=v8Y5`JmX5k)DiC=0mgDxbeoRXJG7_=c7`whEwZJe>ba`%@8p z5`DqrjrI#rox{R4bj|{}T6LS{lk|%(<}xm3E?+0DmKoNq70X`0>tOd2lMOAYMw zX9P#d5s#-aV2#ZH-R}+okr%$+b-c@R$x%>D528r@=kbT3oiEWe#S-2KSieI!{Bs>< z0UUrlB2ILtKj~qUK(lfd$#ATCi-JM?U%sDheOgQ5P_=-1WOL9xo&zRc6#`>!yc zp5mE0R}r5N%#76ZirB^hDJ0BQu0)!Ot{G~fNl=o#(n#OVOoAX+Tif`hA(E6x)>c~G zo>IEwqgjRonO9b-%Ot0P2FEd{DaFI2r)^R07e~u}c|Yg-^8yZKb81ssVcCqR&hso8 zGWtNFIqo@pP75A7*;Bnc8*Bo|2%t-skg&~BFBXgF^In~C==Zuh|9P?-@N>cE55efG z=ue!C-j?)Te)~pg%8CL1r@^%<8va*+x99Ws&gG^9T4BbJt@A97TobfWzeshClA(!TE%6A-KN8ZewVuix)A1
  • +H!hg2E*0=(sot@Re#6O&tilX`-j&K6@40#Ch&4DvB+m;t3vkceLJI=MKI0IYDiX<3k z?s9HvhVgR2W$&+$A}Xc^QGnQg%Or4|X+Ln5iqfHU>@cv zsx4{jErEcCm><~LFO0?BSlQXz)Gl^)*A#6(rfFZ$Jl%~rsh9RwqhSiy2%%UssG)VN zXjm1MK?VuyR~kFELL94;zbqkGw1{)z9p13ASAa=Uc$DdWR6}16xF@@$xTuVo6q*i% zs$LUu+Tg+%H{U;L=dN7I$x?J!MjG@|9NlTe9#s6A81Hp_|uvQa`jcx%_tyvfg&>x82~*vlmkrHCQ0yz{4%$MhPteD84>); zGyha<6Nj{&K0Tta_pq^rJ;94|5aOLCV&USI)nP!kXyZ?YLWL)XqTR0%UB;3(aPDw8 z2SEYGm*YH&hvz|-LPCf2@tEgPfb42BQ*>W}2fiGk=T*f4B^f|g1O)S^uKh^a zV#+(Ep-shg23&0Yjw(=f$L|<%%kWVUsG9OI>BxB zZ4V4Eg|0wohct}~dw6A9fV#&~;n#P9R~rm%yz zvLSGHNqBkz7p%KU)$8po=#PkM$T`%FLd&vavC;?9i2X3fssWVO1%g;| zk*~_cO%*sMFPinZcRfW{1?J62lt+|JASyu-YrZ@G1eS;>(4rQQuM@A)!H4$qfkdNZgW zwcV~L_uVK}@t3HmQOj6-mjm_YGmHJoG76vfZq~@UdG#@^N}kW>!DSMS!wuuZ3IZS` z#W}}%pQZZ#qpj2HE?jBiEGWj-H6bVQ)sXn_@$b?Mj+DZUo!`AJS2N0G^eTCO3eVf! zxGoR7bB~C$BxS0);jLm7WiYp|r*ze!)5QQ`cf`WfyNC|n~z^#HO2>N%IXAW zkN&@5+Jn$7O28k041`vXfb`A0T?SP8PYP&of8?JE)E3=b)B}@bhn`F<2!0)`>0Urs##qpjty)DhI$Wb4J z(YX9(&VS~1lVOpiVKzPAU7|)l%imFyFD9;hCa^8apn#w-9r%zxXAsprBP6v~zq+&P za;TH?e%Ii>ueUEbNN^zhK;qm?SSq^W>AJvzwZ{T#TvXbP={YsGeLVn7qkEx-%IHh} zxDfv>Ll=Cbl7a76)k1O4EiO4n_ConN6%B zC0u$UoXp^}erf;Yr|az(^jvWHi`G!)ziycNp0h&t_|TlwDdjU$E!C>vyy}DuSgdWwu@pSXT`}6#vufCY15@Um0b|#UX_NRYgx3NRk4xks1|nh;-m%o zK)v5zoEhDzG346-EEn0IWwPPdbtnhD_DkWNp>m4vkEA;^NvanD3xexB3kHY$EZ!3I zN4|4rEhth)`vV9|*G-6p^zwb@6FW0YVSnmTc5_p>iVx+?m$cHtqFkH5Rp1m?c9iA1 zRZ#lRPGd}vMUW$T+^YY|T(>;5%brBTxoXcWX#vM=u`OB#cP<`5-OyussW+{f@Yh zX4{55;ba;fGy0`umRkg+&%^XdIK|u9+9cUk2-0T-EQCQH=tr?k}Y)PvlPkm zr)#RBj;sB0@dC!%YP$gHSFsA^%|G}>Oj4Gp^=4HaZ|Oc~mjEd-^(&(RbQO4;$cSR^I)r`|WG3Z4OcS^>p4Vru%jfn-L~CM2V)0)kqfxytC_RAD>{*OCc#X%erog`` zkK|}t%y|>NHSlCLlhg5Dqsuxhjtq}q5LL;BewgdhXe*}l+r-L3O23)`^Zh|g3(v?e+H))YFe~bS=a(EX!47i8#?)2QWt^L&?@wAxmQ0ipqDf9^0ADdWsdL2f1-){tEa!{yu7Rv30! zBssX3N*8{;w&(T6hY9jBE2dDAz?C@B0%40d37I=d7Av#cmiCLJBV-FAHdevCJXJh{ z51cF(GFezWM6zM>lk{%~8M0#$6<~WpZz&&V>vGH}1AMAf7LPnJ9T61*Y$SDUN#uit zXxWm*6p3%=yi3y9GGmr#SqD0dO6huFD*9}XN2(_=grUfJmO0Fb+BvXSzpPCOzRs&HOj$286M-ox()Fn?l)xD4&X%?fdm^9PC9UIOC zL7&NN70AR@$ja2QOVunMh?VHx#Lh`+_P{4&F*griO&;!BudB(uZ#W5^PlqIs<9f5} zZ}M9)-}y5TSD{be>%}CDsGhv1++hq_ce}vuaebk|KSPb#ba&hNt188+Q2c3ZID!M3 z;rp!Lu>h7=8~PPOxz4-!E^(W5xF|C*6^OMs4p;ZJ2YV;K%V#AcD>BRUio6yw`NC#Sgs=hDn z+b1^aAeqlmcj`PX4)|QkzV{$^ zV#i<2)&Y!Na>N)eH43hE^(i`}c#8L*qLcWy3B~c2vk5RC$R3asiR0GJ&IC}A#TBUs zh%ln6fP|La1M&@&o-^NdmOyw$x<^uR*Ie9f`C*AgN~Md+S}vjC@R$=mL#NS<<2pKW zro%Ift`og)&(oZXYV;tO(lYQWRVCxYrG+FmQ$*OE&=3fGw@wshm_?wEN2OKS!vBdf zpBo2R7D3Y7l2iOy{)v1+YgbEL79l0bs<%IEQ3y6#4J|1NavOu#_s(3p5UvFT775zr4FViP2p+JM3IsfHnubpt)Cs(n z$Bhq5_-i>#xJ;-~{)t`LDK#3MBZ^x_@hokk>Ipte*rxi%VR0KtNW>e5+OlUb-O4uv z^nf~E3EXiJ(Q_;jNFeRqWDs#LcSFLYF94`b5s#z2sO&0Q-&U|^#j%bc@*xMC&yM{>1xmgKfQi%wwRSq-TheLM&fkV zY7@xZQ2`9vzb>b9WP?of_hbBOwkx6qG6|@{60(sBjJGglIvjupsFcWkSHUq`gsC0J z&df^BXGGpmZuwzkrxlj(F{43?;b8RitW2kYwvxP2*kZyFOPlPE?=z+e`oNZXXfqhPVPfW&UZ0Y+*bYY7ag)rp%Pm76NWU%-KAQvt(uk zXXG$Uaa_{hZpR9`hbNDhQ`tqPXtT(0r-KDQ(tqL$F^=DGBSE4M+ti9?|Il6KIroY% zAI=Wn;NC(TEQJ*(4o5dN08gx9n5OV3_SdDanGRXS5bMI_R(k0d?U=fj4^7Zjw+qw| zz#>C`IDDEVhOzWvHt%RQB{Jl9+=>(7K_x{3<8d_pBqp7{Vx0Q*RQ5F(FnRuCFtmE$ zb~XTJ!KW#2$DNYW3$V^7*~rkWKfpH$ zW`npbSU7FcAXc19M9Y-__PFU9G!BGs7K;k+l-a5Ogj{GV7pnbgz(49CrlGW6xw5{E zwD{0W0D@TdhW$?E$a{2PWh5i+5o=K@@Fe{+kl}CBdwlNL7};Eo^g2)K|AItE+4)6#esD$;yMyjA_Eji~FA1ffZrmP>t>`E`apw0PkuY$I#nk?2~IW zkYN%0tjecHR|$i_{dNk$O!a8Ms7~HC5RMh@*U!UX40g!L-n@D)L zd`N5`k9}Q6Zip3M_%SMHKKh|mlv408qoE1w-NQpH)I+zoWQ+l4yeIPfv-9yf-{j|m z;$_ybmCiusGv)hMPQWxY3vQkwt0B3?fO#B)xF~)(^(Oz(7DyAd}onAG-`O7F{95ZB_BJ7%DP~n_}(g z>h>yea(g=mi>%K_`Wp)fxx&;>upka#m>2A^mP~74`faKvjEFFCE~`JwDBDR!OerSx zPj@%sG%b%$#DF%)m#Ht(5D-7fPB`=}RAOj-eSLoZ`b7y}A6dYzAOpQh{2-wQfR0A@;FdOHeSF2o$4?R(8RnA!dpWGH z1ith1d42ARK!C}CJ$t!`ug%E%+J|}R4jU_ZG!?prbX{bbX+`V5-MIBkOicb8@R&R! z;X|6>xH<=?s*g|{^5*vL&mRO>SXfBNzzWgnl~5AKNkHDDV1>EOiB53VOIv&U+Ujar zMn*NGK?wb+A1<1||FG)R`ewFmV*5 zc#CV#Cs&z9Kr}KT|0z;-cJ>0*N;HCPYI-_4Ce4Kg`0wXpgg?Gc-#Njdf>CwuO@^2p z6AOZ8caf5IWZZlr%1> zGhf-0kf75hR%|q(p#_^^E)8U48sUZzFe+-h%6*gaQ+?dxhd7j{pg;&b1Rug%8^CR~ zy1F`mR$Fh&r?0CUdX09$bRj5xSsV|UaOV=k$#&IU7--1bD7nB^l+!FyNCTmAOMN`O z2~#@lBduv<+YE^UMvw9=X_)u3DNKpkek`6(rktjdwHzNy$+=PNCWA}z=&HX36aYx? zPEj@ic2xDh2x$#a9h$)4;V08n%?6-vaoXKyAxdJHqD%t-gIM|KTJ$a`3s&tw?S`Y; zn%y?(F*BKoI}ta5dB)G6nf5~G>!9gt*O&C^Y-hyv4k|98>iJzQ95WLg$d!Yhd zZKj)6OKnB-skDtS@=E`Z%h&=c{5V8~ofqUKqC#MqR>nMtvoxwgf~m@&+f((0je2p& zW@v>5ykxSs3lEuk!EU&mGL40>dzVq&?`3fj)H?C4No)K(q5iUk#PlEaOiB7CB)$@V zy565~XE^C;e;H*_4*_ z8FUM;?8$Z`LV6a7`+t(njo2Mk*o?<%AfjJr^My3j_A0TGF7V3?CDSI^&H6BUPz4}D z9MG*tGQ^Qdp5;wC!;Odzh@>*Oo;5{1R+uuZpNYlZ z_TL7Py+1&OSOXqvZFA;k0Hjz*%c{FqAf!Kn=(%+9c6ME6v7{B7^E0;8Yf(*;^T-N? z%%V4M!vn8D+LeBbt!)m>v^GFuQ`B__oDOTOO4U#gB}&HUFZ;D-ME11(adqT6RvCsD zV0atc1|J`|pf|%+e@0vbaYm#8YMmD-tSPm3U=PTmZ3k*uCaflG zgoi1YOI!B3Z3R&8PB^D5CFenM!vS;WESrI{0C&fAyD%U}UY^wU6Pv8|HwPV|F&hK| zFYX$Tj3CMrT(KJeZhI`%uQVzJ;-8@9A!*_w6;7z`Q23aXj){|S_A0%CL@|JPq}L4fU3IYrqV$^W6N|AkWn-n0(dR`wE?ih9_qiUG{Z956fU(Zr+TQQ7cykJ*(B7tO9|a)HV>SpC zu608y4>i(V_N(6Zt!9Ok)wfw+fApc0gzR-$zR@j5$RUb-7E+Q*+Sc+;x9*n*O5U^N>7kmy4o`=sj}LC$6f~^t}ZDoVQD9cR#Jg zr^aXQj$1QxLsgj&_X#iAmk)pfq@Lcs$*3eeG!7p}fQ87oHVs3I21{ia-5y}vaM1JM zWTL%@zFqW#9zppc?&pFB=Ot+PU+yP4)?@E(ZU)0#mO^9z7d4@T(5T}Ei2ir4Yl;#S zdAUej9Hi8r`&UP_fiC<2%qu9cUQS2TyR-3Oq3DoDVj|CduGB`(LrQyaV3>*Q6hvD` z=T9no0_>xcbpV^i*KFBo=-{N{UZ0s99UYzJG5Q0W``j>Xa<1Rr#r)^r@h*kAY|pdA zNTn-#{O~aJ6q1~PuTfnqGAMQ#Jf7w}J&be0r?sf~tTtC;=^b4_LO8-1>?^-J5D1^u5rRWn6Bp|F&1=5m5Lsns zhxZ|q{x$>fa~felSmd)_m-h&0c9j51na2LWF84g+WfF^Iz^jR2K-ujfI;68sGiyor zGw`AjWVa!JS``=AhZqqrTT|0Z^VUrtP#7+v7twIGo-~IPL}Cm9PUH;?;0i|RjTJ~g zV=p^@O+(xq+S`b)k3#_2#s7f&zB)^(#MnG4ToSrTwnMqkjwN9zNNjjws1_45vI3cp zY^OsbeB)_K0~id37GMj`i$GZs!c`N_C817)GZeG`h#CL~Px(DY?u;>j4qn#Sh4kZV zB)E$Q(iJrer&(XDVUsZ?KFbZff+(c`fv;-=;E>I zUycMacyI0F;Z(lLHHsOS zsATI_aDx0GUI>5eW3O`w3h7B}Y+9rF-TJC;n=1bB0ZbW^s1Xse&s4zBs>gLBph`wh@>IqWhBj{j1DTL0 z=wXy7?BSTyeaENcX!pZ~ZSH#||owwr$(C zZQJ&K=6(0~UHj}m{ZH4mR(Ew5@9JJvf)9RWpMxS4cxTA;arf0}1dZ>9F5X;{q_Z)- zJ3~itpr8i^#|YDO=c%7B9~ReH4zG!q+kCaJ14u?2Am2H6GNA50z%C7}){*o5il;(S z@UlF@obLwMK1gjl;q&0%JBnLC{Q|uvV`Q~IAVVKJf3lc6Mw_`r$Hg6cwBnhAbO`tRyNRTRy@^NX*8` zMMOupPiZ=9oD%#3I1`aqEy;I>T)nD7aDG!AD+WxI}*cX@nP<)7J;tj{qHrH?6#aC{2 z+S*o~tyIQ&oA+$}>+=Lx%&F1`>76!wcFWx^2ghj6P83txW)rKe?R9m3I12ZdKI&rI z_j8N#22k?ASdr?tkO7%RxOwdU#-JMhL>0mZ5*GVnuF5$&2A$hJP}Q!N9c8I2_s0<` z8u9DiLaD265QdM2gTU%?cd6!1*TK6^5P`2d0zS9X!|5g`N9Qax=SlYUvjfQ=D5kpR zPvM`tx-VwG>O(%Hl?7rjh4S|rz!Qx@B1Ns3Sy?t;Q}tpbz1yCe)zvvz34rf`~PmHmnNg6pW;MHXC6XC2mj4xVla1A7_O2L+C7{>Res?7<+|;! z`Q+ixk-XvZ{f5H2xhc{_RrcWv?eL8T=d^Ry1=*AkqvbHO^*y%xL6Ztbmk<2>X3gYRa~vO&ngg+s5E3_t$IHN}dpE zDkEByqpyt#ee)-&=d6fs_Wg`;QQ2GcE0nAlaund-F^hX*o})H2cS%^;Cr1n`_tPypfoAE{ZnKF9a3-{C zk6PmN(BN`Q=(yl&@5{t$9JqV`AH?EVJG*|bpM~!17B<;-qq;s6LoNHqV)*aBzJ*m) zb0Ec zhUwln*6f-je5I@YQ}H^9jVqzUQ^A%Y4O`bk&*+OgE!Elj>;9f`Cd&0hn!{p1X?~%n zq~Q?dZf&D>X5h$RQqFqMdO+)P!4Tf->1#6VSxPFihB+SdPE^xSr5(J<-MobU(VgBz ze$`xg{QRDx7+FyPMSxh~TWHQvEtQp+3qr(e=H;c;3miMtkUA;Wf`X{2j;}zGY0s=HS(FfqnZVEQqy9;AHv`cQm;qK>xxRHYfNiFDDLH4Tg_-VgBf=EExbx{fd9(;eoU{QT}B0K@JxtLvH|_&)bp7o7@LSN zKh+OH%$<=XqPwexe+dh4Uucve=^uTtUDxVYAxX)o8)^%AghiXc*=qNL{a zFdJ%29!D#iigJ$a9+;Lz%|*j4L--LM_8UJFjWG5IknEV5k9r;18q?-9mX{CJP8q}E zHdncx;8RXQL%s)UZ4tk@zTMX0YNDdj-$MH{@m`|`|5;OLsd3lhT&u=wek9`MK&--Z zJGA@T9hux^EedzGDeL8OJR?U+hppinK3W2vIRNHESUOLTZ!q9}`hHudVLyJq``5!* z_5OFmi!Z6Pq1|ovi=O%G!hv-80sS0E95q#CIirozky0R+IM;Dd*c?cu7hH1QO4r^W zfdDPF#GiljMAKK}?rq(gX`MDuyW1kg#`E&x+m!^~QU)HXM%UI%yVg4I`A;sezP^AP z#@;YNtu>%_1d~RHi9VnMCt|<|K0aoYRVuwMHv1(E56n-WD0i zpz2)IuXF?~Z?%^r!Xi~G-0nVgrA8J1qnpr; z<&}-@{@Nzs=o=uH(q(*&D}{zI+&pHtIszNV)J*+!>QC|B$Us9z-)MFp^tZt~oi1fN z{iah#B%S4R{DVf%9wYZ+SF93Z~*RiEkBN>aI-ev z$>!3Al8!!HDgrHZ0_7P*ed%B(W6|jx{z$8I`5{_%(u+V)-~LFr_fAytw^ODtwSX(e zlF*kJ>&8Z#$Isnzq&(_|rly|@%WMnFJ9y4KqBJQqP@{D@Z^J)qetliBGG{0}IJ*eLjL^p${Mac|F}B%zs&RYkM}J_)Rn#9>M?5P?r_%w{mRiC*O!+=+LkdlI~I)kd&K;-+FML#G=3NE7# zgI``>BthldMPYMx%k8J>b`|o{B6>3C1NhS-Hb;raZ8w0J5m{I&3^dS|(t}`jm5mst0Q*|E#{)fouH13PO{^#``$n-5CO+Gzw@cr_sRXo zUaxN6$FJ(RS=DdjD-tQ|Rxg$1x9O)#4#$pgJFRNomMZcC*?sG->kc>dT|xcJ-s@(!2ctACk*S)y>GTAHJE&k_g0aWbd{aPs|;Q0v5f8?{?i}Z^)?&#J-_0A zOpFv_D~zhx!|B~2zme&FFQW>$?Uu`Wx4p!7($Q7^>Rh|e@?1e?Lk;CXYjwRj{nlh` zGCB8tu3oEcZd?SBok_w-RyO@S{i47C9?D24QzrPy&il;;?QLqehTFy zshG;4_wk19G|rzYGr6K+=z;KusA$Ptc3+RP8Um`?^0T9c5&2hC;wCgvkq2w3NwEEr ze5rzDs9|8BaswmiW+i=%-=E8sQo66ydTVI0e?@$Rr&hATh}s_R=Zkch|GX8t?h09o z0}&TE%@KkAH^Aacw}e#!Fh75&n!0IT-XlNHJXIr&Ovc6Kzq#=bCUE&$^AzL_HCcf=+;i z6E+1``}_9~(GmIOX>5`bN}97WN*h703_T=b9+ru&WY5lC0Sy6d5%Y9!9}fOK0(2~5 zc*JMDGd-V!7S1@Cu7}e?mr0!JlFheuL+^J-ApxeP=nPJ>eC*YS zkasoEs42ZM<6Ky$8fV2;Is6z`05e{+ctUkdpKdmO7H1DS2QQkkSA;#sIY;ad0ka(z z`lTh$T(Y~Yj*|jqII;fn3dwlSum`j-tf&}10Y<_S9I@E@%DuR@b36ao3H}>|kLrpa zGdG)q%iQs3;oeDJUO~V@$_bif$y8MPanb~BGO}2ek4aKjURg_KZ~F5tOcy?@mU0M0 z;}@`(%B)O*LKONb8JA%=PQZbb0Ux22d18eI77Hb}ydi4CG8BDy>cv9R zb^c3si(|vU0JhEfbNl;q5S|>JPo96P%+M)TV3(+K}9rM2~mUl}2a;29wqId_VF$g6IuU+9nTJ=hkz z)U?rvE8Pn z;7&MQ8_GH=ZV;CDHxQFq8s&cFR5$#vp~iJXMJjy|unY8EKxDUxp%z!A zqiRh!@7Nk8L`I`X68koU%AXj#PP)Ha9`mh~K@`Z>c- z&~zEs&7PRM7)-iVeG%)>U~O@Wc>RDkZsibE6F6`InVZj~xT8%?KJVR1v1;|V88oTy zTWq-MPjViI;q~HnQVRv~{@ClJ?&s;}EUhXoQ;>VY96x-o{m9_z0c`?amvIIfw$ULi zR6HO0ZU*Ng*03O}_AdAR%j#yKxaVcKA}3e^mvOwaG`=nGH&N0DhiOmsUge|4Yg{R4 z$kDUAz*Cg{Mi|z4y_oP&qrHsbD`C=a&m(g3xVrKqZO+=_R*8Hm0`KulmDu#lC{K_S zA#(b^)Jmz{PmkY94UMs=i^mk_`D|lzu#EgHa(n@)GVKx`1R@``%hO!j_cB3e06d!2IWfl5*2$VhStAE zKtU9&y`Q(-vs$j|R_}f=c(mP_;k^w2oK<2iLG7=_aM;Ew0gydA7Gts^)XWrh<8o?hy^2qF; z+-_^H=JUsevgsxD>6Vm5o_JjD5nO9m#!p z-k0$Z8c#}#vxpb(Q-1`?PKG*>{{RyeTbY}ybClhGG&G!KfqpQK2L297{qp6qay5{C zOBgA*MH&^AH|*5FsF3Mus4Rs$4@kuB{OR#0S`Im$my?R6zMev^Ts0W8@1WK}Xn(lO z-*BEhD;hzeduin5XQ>udOfguo5%dSBV!l$*(NKs4dviK9Vzgu>2Bh$~;J)!$Oo1H> z$%3}Ah+9yN*-KUo^B!@i_}GGZ+w25sk!i1saH=abu)p}nKx~L`l|ULx9to&L_0;T2ndQCO4TsEMJhuNZE7>b39^C`-Q;yy7p z{Pi!jBB;=Ku|S+a7`J@_ZiJs>MKTeyI1RoqSSC!Qb3lCZ{k~|!X+rNd6t#FfTMJm| z8OWujTXnb1xQR>>F}V4ZD@sOOc+!BLeAkfa3F?OZv6Rk|exh<^ApRif&z6;Q1)`)B z;Oqb(Dr#Rq&gfKpcO0FqbM8Hbi54H(dMinv)m0Q%i4zvs+tykyR?e#2P4`QUEH*j~(TbAe&Dd^*6Jt>4 z{rKKgn}f+hxDW0;Se=r^WHD27i)Bp!gngzOZ!d758d6 zHXr!_W(5i}c2qIlQk77*jAV;t%@1(5A=T?QTgkmcGa6d#)ZMVS^AbwCysjLK0ej3y zUg1jCvIYp{7=hBIu^hUca_YO~lbZpEzB!*SWCRX4Xe1^osOX*-e0$)p3dT~&!?2YD zxIjr*J|yY09o+$+6eKtuj2k);o|8KyGF-`>dOwYb>wFZkaZu%&ggD7b5kDNKUL?Cw ztO$Qt9=e?teF!09c}OhOKXhxJ-l4SAym(thnA^L~II;DuF;qaja%cfC!7d@l9jGaw z%h<7X!sKH1(50y%1nN6`6se6eQLxbJH_ypxiVMnZui~9dw36)lXB%o21|^!=iiELd z#`5}1J79lg^I6j(B?RR#kdYu=Q0iWMyDk`OCf0=|&`Bg+Jz4SAyZ8AQYqeX?Rj;(( z=bsw+(7}zsM9PFI*srRUFcnckC`Yy1>(^sYW3UOZkZ9K1&w64(MR4xkh6VsX=VB^< zT0BLUBUI_O8g5Q=FMTQzi^mO~y}^Gvc5qgFJLl?h12X6hvkkjFW6JGbeAJR@1o0(_ zWJTpsRTGC`D9m{U>Y0g1Rb$g$52K0F0esgh9gWiQiO#1HDg1?O&Z2^gX_YFY<`a0N z4ifvKkCrbV{jx61&sP`XtsK83x8gIhY{@TfpjAZ=yc*pnhd`m6b4VUD)R{eVellH3 z^OV_YyURE`&mOV1FMlc(;uKeuqC}-(;-&HOcG-3^5V!p`8wpc{qL+mlnbV3RW*qr!e)0a;FfQ$?6$a zmzKI&Ek0I%)2)xTk3<#_X|x?pyJ&s--LprDi*uMIq9?Mlrj3w9xCAQTL zfYdg>zp{Qj4HUmWj5-tx_jMWnv6e4Ok%5QSw@{N|b}+|JS6&{c&*7fmjX zhlWF+C_#I(vt1V#w&%zE0XD2dhyc&(Xr=pleONaO>o`BRPZsA>CA4beZ86qH%c5Wgh8OjCudL0$A?T#TlaXb+1xxC zJs!5$^94L4u3c9ohz_Wwz@b_wpBJ*q+DTc_u^&h|{Bn@8k>Qca3+2pmM>E!TW5i?$ z!E_tzH?~>*RX^YwYrnfuTB8>!?&QQg`|a^L^Xr}$&r(Q$xcm9i{8_gJ&MHuve4mZE zAB~JpM^+>>eo)N6H4vDx;B76;@V&X81zxjN&w)yMnIb9+DjZ(5r7@LjYN-%kPz(DsA-aL2&(%k}G z#`^j4uiI5#&p9%O`24-T)LQt7Y+E1JaYAeA4Q~nR2`yyw)zDONb#g26;jb~cJWLKa z{3Ev6)8542D=o3m#wt8Zu83$#6I2*V9(ta7v&y>^ALBs-oiEGVx&xho@2fl_ z;}6|(7*L_vYQak^es;)YrGzr%L`(Wha1$o>w2LjVKYS2yF|^lfkof#+n>BX?@R59s zlGFksF|zmsv|7IAFOIL?cSgIr?x$q)(^`c?}N<3f!9m~Gx0GWO)Q_@WH-Ah z31nT~93EC^U7Rcj6>AIV= zjgDf7_t1q1gj7alw2Y@7AezWwW=Jd(!>Rl|kH9`sBc@=Cw#3BX?Xy&Jd<&A{lZT)L zP5QrpXCg`Q!PtbK68%ZPn^jjI)U7wmVgz+7IEG<^xuiWPHABkGl<~z)47%+ zBr*Yb39f> z6JnYO1?Xr?Y@RMhozl3+dRB*k@Xt6{>q!?Ek^2U3V^yGN#P=KGVZx%KcAyD=nveCU zkMQe{)>1xlR6N>SX)-y=gHWn-30Q0QuPzzQe<(nBr2A%^1>OENk%C@sVx>157z59~ow{Mx|)@{)evz{+3CWI?mes{MOdi%#4rr znH`$aHG}!K`nJm6pfP{0BE-w2k0f$MGHDT}$+;t!e=i~`Dww$+(}Z3mS=EL~Rs%SP zQ(jdSe4Ekv=-RTwAxggCUSrw{A#3+*!3ia30x%97Dmxnn+s{hwEO%Lh^NAKhT$9|z zKXxz2IcwMm;mAgyprrPFjE>N0`9njZxY!XyD62IY?Zxl5l6a+#&dzDlMTzcPgtuA= zZtPJnSP2F=@Ibnq$;jtxaZWVZ!VWPK$he_}3Z*l`{IPJCA$r1xlJbIUAa@B%Y1LzE zZ?ZCB2&|9?sVNToCn8umaIP4j^1gkfBFl8O+Pi;QA^2MoB*{)4GYNp)bP{6jg=f)s z#k)=J!R6;>XMyDfQA4EwlyR>Z>fwBOnSR%L!&2}Dh^kX3a@mO9RlV(CH6*Al-(9Hi zs(0J}gheDXBe31=*VBY%8>dGnJJ8eT`7i??!2~C`*)Uk}yS{7ySEb{An0(CF(nO{Y zjpXZj@ed$N611<2x(%Z=?WxHpn1IO-7oqXbMW9aszG3Kc)QR;Wo(@NzTR?P&jwLrs zxbY1^PNqaA6(A3t8T0IVlvhBpPWj>q3JoBpIEVOQG6_Vs)Y#Zp=~0&lmV_KC>^Bzu zyzAQ9rUp<7Ak-XapUZ>@`59uw{?bgQv5e>Es&=Og3#mS`+FM9W@0gka1#y`rCLN?h zILtiGnfg4t-T}r2C`agvS~F`1Ry&~=EF{40604-;eD)6FYM(2}`wjizrMa%|PCs~9 zTD4IlXuUEb%k5QzkW)xd!&riBzLOA!zNHu2_iu}UfyEOZ)$HDq^xJg%dPgLy(N>fiwLK{ufDit4?!GxjVNRoF&Wy_` z7}GA25EBICk8Hq828#M_h`Pz5`6oMNcP-9V!tw)nh=7!~7Bw#3DMD446Euk1Qz(eH z1>#Vw&)CFB1Uh^`xt`53prEq4s>;h@a`Irj{m3)K2~sJ6<5dd|H3FGi8idaJ88cg` zDasbOT`B=lTW~8AD_lO=f5_)48{iUzBNb91t+LWFw*;8bp4CwwSYc?X zj6uuzN$<*|f{fNt6#W;_2tIMOEhD8mY}%CidhmkQA~-n+*Fhf|5$I}W(Ox-# z{rG2t|Cw)XI63(}?L(1Sh5vcjV~UlNH((l`WD>#5574iFZ*L6(p^!8vBzWMJ% zk0fAfNslHo^P&Hb!4T_)MMJ(@ORry7uck_Fb{{>ZHnPSL?R)YQP2aOvZ5h;B#J{uI)%gg2p#iV#sW0{L_>9Hn1uw4)gIMAN z31Q~M;5I=`E$1Q8utxJ)=uk_}s2?R=PSUJL)3Y=?R`=(*U=osZ{4R%!gprAamWhU! zalqVC1w~cC2hMgod{5V~kg~83PMzGzp$t+s{3H0%5>OMNKXeq?{H`YQSVBp3`8Zpa zB&m43Rd*EhWc{(event0XRN5x&uRBZfhg{=PEQ1gSA5Vbo;U$J)zvb@ul<^J{Re_> z4x;$sZ@l3@8u#aGFxYF*L7#`@AT|zO{hYPfkxD$|q%j|;l}Q6&67i3Bh{ize^JK8o z8pLpAN$dG1M!#YrP(_-gA_bX~gEJLK_+m86hNZ#5E^jXYsZ38diBO zVWxhayvZs`p}~O5%w#h4uR5@=-Y@BDI(?pdk2@c6V#}mlWljBl@80ydY4>e_;%c?^ zBsS6aL+v$s>+!PRc!hGF8-7CE(8z3G2Jh}#$`Ta+)>Kvfq)PwUNm|^ts2qbB%_QgXY4%CCFXR*EZV)2W4~;;T z7lW%pdR;UUOR1k7uFq>>$@76hRuk^g{<_$91Y?~Jsro)IFAoM8 zw}aQKeLpffz-L8#qr@@TmZOjfk8YuyJLBn2UW!o^O>{di_0ykrz95dCX%kew?i->* zH$WYgk&|lc!G+nQ@VvMhC>XBC60}xP^Y)*qE68sWOEN}jy$lkCKsO!bE_eT&tRejE zEf6=Q;m1*tV|%^gTIV$x$|c=m8%Yn*dJ+yUzfbb>#`Rbdn*e#33Iig9)>%lk zU+&ap=OWM-h>BaQlg{6aoIH*)53Gj%xl$0CwU$A_TyB3ofwxAhCB1jY#!2G*l$lc_ zLV%pvf;%@skV!`_QTlBr;0~iOfY8io!Qww7P( zYSLh1V@s1OiiwH2xUi$QXwr^11U=le&eAK9Mj*?we0UANMAOTXmHb)z3tg6!l=SrE z46CFgfP^4rWkfWq;BchAuiSkCmjX(`9;*jiw85zm23D%ec1aJ?-$&DzN_)csCv{O# zyBrZhe9NR_E`paw>5HvqR}jQQIz1IBw0&I!3E@D`x51bu+*Mmq-qqCwXlU8ki1vQj zW1fBSA?no_bRZaL6wCdPMqBoyFq40AWyQ>QjE3^xKGFVnpRB1#nnl;QRb4*Fsk5a0$ejDXs%!KH;w9?MUy;ij^5EqYa@cB6*lUIC7i_z(iZI{U z;ZHBna;}3ZebqsRkclN*Ze8J!k)0qChi^DQgAhfCe8Jw)LKO~Th>r<$@Ph`zQpj}a z`u-px82VTDjBkGhN)x>vI5n6J?=fKXelNtg`pb@{;2HN~3)`oU=Ln3Cvr}g<#pRLHJopgFT2Q=nh+x(HlUp6A?E8YUksqArN&Ys87(WTy zoA5s(;IMdqRqMJ^Z$7hU!*z4HSB)-^>G8DAa&n+IVLJ*2wkKeDqbB?uu{_PaW%x^6 zbS86f6VC8AiUf!~SbIrq2TJqr6_%iEE>gS;&21|$G>wB$S^9o2mWq*k36<%!Fs=m9 z*AXg7j-Khftlnpoa+|5h#U32TkuThn$6Uc0ii=_Qu}ZSRm z;Q~rm6H35@gUFvPnLh;q1+@x87DqIL3de@a;1Aq)s)P7I{nB@#i6a}udTBugMppH6EAAP1Nj5|NuLm2TCCE-Lx> z7SrvT&Zy{6WH#OD4OHP$~%~pwvntQseJ5JwwmNc2r|DPB`~Rlxk0@|pjz+qhW5@yL&r+d(^e@G zf1uqie+jKH^nZL0K$~IZ1*ImB>W^6R0w$q2JsNAyC?jwK(Sn1$BXA>VIHuXwJhCbu zsd{3c%6b<{DaMAz!dmtc`|5D=R&RAuDjpS`BF&M{w27 zHwc9HEYuPvuA(P_)z5#fHzee6>s#Tc*!H5=E&16h6r*sCe0>nWnJ9g3YvYuC%8M6< z3~Ml3%+|PQH_gzXnC!FDUC%!F~zsIpaU#UEzdJ zuLDwnjEu1B_PK{V`pdZQZ&Q)U7ep)B@|coQ*)Khu@XXEx{%EyC0Tp*|Hxd~mHu{&- ze{AVtK8KbJT^9A9tAju$^Qc{MvkzXX#)U~Me|HU~z z0JLI;mir$x^WV=g0LZ5=+#rYWf5!s=o4kOf{{o}`f*jXg0Pg9agn;q;f5rz4g!f-q z^#9+1TKE$hT%PZUX>bue{0G>1a>4}d)y%0x;HmENfWGp8{F*BJ4@7ES5fTAu7v?+< zcIfsQy5S`T=Y1j=sQIc`2n8mTGpX{poeR61gYFuc;l$MZ#9`SQoDohpLi^CGp-*UwWn1ky`i zQhv)8USHCN)1Kz=ZVfO406N^vbkueLKY$uTG6*RE$HZ{s1MDEo`-G~EP4!E5`de1^ zrO|J}7eLGHY{+BB(oIE7opL-@a*B{9EWe-K<#9ZQA$~hI3<)kALJ3t%v@9*8d%h%1Nq z#e!hzONyhP3ksTcS65(dtEOarW`!ezyz70T ztI=A*ANu>}HH^(r8dCF89&&-fFYWj*>0kS;ta1Ie!kc`NQ%P4{*0N^tO4Q`?h~HdaUtd^Qn47y>@2NZ<)tqfvn;~0E&nb=qm5_0UZc45)b348K zQ%1EJ0PMoROpxLF^ayAFG$H~cQX+yGQA0wj^J^q3e!kW=@txrc^>rfBxB?L3iL`P! z+zF5DWR72pKPfg8THYR~2oG%|Qt-fc*snd*RX5QN!34w)OxtU&ChW^DQ}q3wWqqZK z2D`26+nt)g0E+9ajvwx_6(lIi)}4BLVL_)t>FFw4b8_lO{ zs??0;ird@UJ3BXxm|5A_1k;Q#(!HuLw&n@x&A6??umlSO(6R7Vcak{}0-xL-OBFa^uKuOjYcJbIUvCK<7d$hbY|Tr8MGNWFqXPokikz={ z$9+S{Mp(tP{76ON6pDOP(y|-_`z*jaauK7+V{dtYRNsJ~f|}h*E){s047oh9t;dPl zga?*?Ucb}JkXVueLb0u9ejXP(Sv}v%^Mjim%f4R*MfggaJ{*6ttRqnC4c4}vJ>(k@ zu&n^i4spMnmbhQXK5?0!_SyL53lTS?04NUh`e%M?0DMof95s4az`&58;Moi@7y_>? z5ip}2p5CpkZ*57-cr>ISIL`ryV0y`mGyrKvQp5ljnEXSWm@93sTRNL}b2Mqdu-qnNK*;}JRD`eBlSL_TcM?tTb{HT- zxdZAw>2#F3tXKhF3M(=DF1kTm>Pr7Kplxtz-4>7dcb zWROJw6nKOJ59b{$(ghY4T`ki~;tDp6YQf3l2z%6Y^2$?RI6}MN2Xo8!g#j7Z=siNd z_DG`Fk%c}snJ=ZZ#)zL)SQ_xv>(Le^wKzyrxWJzO76kYWC`M<9F?gr{sM-)D!0BeV zEr~aNyExybUA|jGnftMG36CC(#%EeesL9_QrKO{9*9HB0?;l+^X9VQ8dvN~oW+}78 z%}eSuNOR~1r+Y;`6q9GX%M<83*`DbysgOQBZYPyA+vDGAp*sb*yL-oib^L>9#B9H` z|BMD*DXjFf9-(hfHu)z3DL(Tbfc;&b7=s+mSe<$C5eCD-1^sdPb zjAx(I0|GHJf~uWnB;F0gQg+@E*>2$}d^KoboUY3l~bRi}5(o#xAHhQzT&Ry$d@$Y6A<=`OW{F(BO8JxC1s;4Hg78b&r%fS!nMc8thjnLRFUwa3=XZk&!(5x0L%} zh8XB7F$4{t*U-6!(A@POC&}P`HZF~QD2I$`BxmST_4Ybp-s+){CKpJO{0r)*kRfd4 zjEnLjDUs_0w_YRa`#}o_5K*KunC^Q#k^tN0M!+O`x(E>j`7J{?+aU50h-bH|iI+?z{7 zA&G-cqx?q<7Q~L6f>I(%)o&uxK{zw2UW6A;X*%tglD;I+EMPIke=F)p1HMQtIw|Ro zRW{m#;AYszzIgay7d?1M6b490EU4`*vikWI!*S>VO}n;G<4w0e0y{^*>tB_UJjy7TJyQ4q2v9Va}lnm;B7}%j6pFe-hpTYOWDZ#@A18e20pQ*fz$r;QI*4& z4t5*>=G<^W+(d}|8LBHDT&+()ln0=@jnq>2zn)#o#)%;R_JL;c4KuZCnuBsvrSBqpmouqX8&+FK){xduwmEF+-%`ou=E+95ceYc_<4`iv^HPR>4CE9SdAXRj5{$m%Q#(0MYFrEkr%4}|B9T0!(18Mg!>gNM zUqHOy-pywlnI|4p|7XI0c*bKF^sBLTZkpG1LvU}lv@gL6X*JkuN7jT2`M;9Z1GTnE z54TLdYEEgXCK*DdOqSfmO!HEOCRXYYDh1;&Du{IhV4Oc4vQxA32MJ!%3nqs6~O(ai=nn-fw1hO)Cax?$3UW`0y z_9CZuu2g96pq}^jQi3Z~s2tb0#}xC$;L|}v|4$0NZvz@=q>kl9@lccoBTyQC@w;Z( z_d~PG6-}|J!i)4~4puH4TrBX)?_=){U3n+Ryu3hVQVw*?yZ{SwtTaj@7LFT90ZaKH zN4xf~;L2(QB+AZ6fOPDjfZ{xRZ>p_h+hq6@r@LnT`1u#<*W-dBC=mrcIg+GZQPFYl zcG#n&c^FZQ>}rA9KXg6K1cXp8#kb|zbu+Ni!$yf5;l#Mto7#gN330s> zK>47p6b<6EKPQ?Ug|x+0G&F)_Xn>o|EnFBsc>&z?5rd;$Rcbj{?q@H(BQfe6AVH&p zwInq&2qD(*lnBZfUr7o+K~ALHPS+_bE0LO?_Ky@UHx`CYgKt1XBm)Jm zr;xNoz=oO=`09k9B7JRf{P{hmR%Tz7OE003U{>(hxRh~#l4Tvq><34UfPB#DkpvY+8|(N_ z`~T|5LDJQy`8#)5R*Tth@*w&c65&`qAVcqmJ^q9oUqUNkKtkUUI*4KN=v-L&o|__I zFcTPq^c20|?Di_oaz-4mGrmZsKsuMY1SNjH1KsnEwRs@rmMi^FA;iAr*r?EOq()2s zCs_lg{Ki!_5;o(c&FSpygf3}pY=kJmaHy`S@?_KIK1u7sY4;|Cj~j88C;-X;Wxyr_ z*t7MA?4@{Y;}qu_)iJEw8Brt-M=uUU36do9JDA78)zQ(>*4Bop9CDqkZQWMUwYyoG z(pY43q&EFo4OLgC{rRT$`eb+!)!6U{wMcz>rB^`zvm^$vYM$Bs6Iwpi3}( zfiywufI$o{e85%L+PSl)FSpgdxKo0V`7M6UT?4wRxFGj53d#Uwz;z6aR`((@qo_Sh z)Rw7e)A;woG(vVWBYTICllI7-tz<8GVj!`3bcL&MvGX{rPaD(;+8m6Fs+#j^x^imU z^COH2;}YfsYoc+SUrcbitCFViPzERi&M;6}U)bDQSKC~ED1Xb5!ru+@B&~l!m@7d5d#SfA;hhfoNI%3_PjmTiDbxYZJfy|J9mr*2ki{3vk)bCCk+l- zo4U5bn$F`LeT_Z6_+0EvoHPt&fHL4J22@g`M5G81D%9ebV0khzsj>qYGQ&%J&Ybsx zAA~4jbqO(W$s!Lo|186*y0e3J!7UFW{2&+hlnS`94 zg^SGBkP#2L+<}K1Cp#8Gt3sxaiJ6w@64Kz1ArO1H8xoD5GC&z1&pweF>==eUn3GKJ zk^{rp=E6zR1}93KjFbkW3{VCr11@BMoj!&HA!b_cK!{jp=@7_;gwv=f19li-$0S^< zDm#FI7QyHRa)jMTeo&(qDoSYGqYO|6ynq4L5JJqfWD=QZ6!HxbCAhpGGZZ3az{?q6 zZ6vHOJX8p)MTTQcrJ}^ks|JNn89195AP#C|QkYmrtY?a;6WiHTBWPYnfB|;yhU;8P449{|8B1PIFRP*~kC@002ovPDHLkV1m(<20{P; literal 0 HcmV?d00001 From f270f2db05555e6b92d38273b90351d744afd9b1 Mon Sep 17 00:00:00 2001 From: radhikap Date: Thu, 12 Sep 2013 11:23:47 +0530 Subject: [PATCH 03/12] vmware dvswitch update, UI has changed for traffic label CLOUDSTACK-4089 doc changes (cherry picked from commit bf7cda2598dcf9bf72e202560d7cd5f3d10bfdb1) Signed-off-by: animesh --- docs/en-US/advanced-zone-configuration.xml | 17 +- docs/en-US/basic-zone-configuration.xml | 394 +++++++++++++----- docs/en-US/images/edit-traffic-type.png | Bin 0 -> 93662 bytes docs/en-US/images/traffic-type.png | Bin 0 -> 19159 bytes docs/en-US/vmware-cluster-config-dvswitch.xml | 78 ++-- 5 files changed, 349 insertions(+), 140 deletions(-) create mode 100644 docs/en-US/images/edit-traffic-type.png create mode 100644 docs/en-US/images/traffic-type.png diff --git a/docs/en-US/advanced-zone-configuration.xml b/docs/en-US/advanced-zone-configuration.xml index 43b9391516e..451b5454eb2 100644 --- a/docs/en-US/advanced-zone-configuration.xml +++ b/docs/en-US/advanced-zone-configuration.xml @@ -84,6 +84,14 @@ These traffic labels will be defined only for the hypervisor selected for the first cluster. For all other hypervisors, the labels can be configured after the zone is created. + (VMware only) If you have enabled Nexus dvSwitch in the environment, you must specify + the corresponding Ethernet port profile names as network traffic label for each traffic type + on the physical network. For more information on Nexus dvSwitch, see Configuring a vSphere + Cluster with Nexus 1000v Virtual Switch in the Installation Guide. If you have enabled + VMware dvSwitch in the environment, you must specify the corresponding Switch name as + network traffic label for each traffic type on the physical network. For more information, + see Configuring a VMware Datacenter with VMware Distributed Virtual Switch in the + Installation Guide. Click Next. @@ -219,9 +227,9 @@ Protocol. For XenServer, choose either NFS, iSCSI, - or PreSetup. For KVM, choose NFS, SharedMountPoint, CLVM, and RBD. For vSphere choose either VMFS - (iSCSI or FiberChannel) or NFS. The remaining fields in the screen vary depending on - what you choose here. + or PreSetup. For KVM, choose NFS, SharedMountPoint, CLVM, and RBD. For vSphere choose + either VMFS (iSCSI or FiberChannel) or NFS. The remaining fields in the screen vary + depending on what you choose here. @@ -362,7 +370,8 @@ Secondary Storage : - NFS Server. The IP address of the server or fully qualified domain name of the server. + NFS Server. The IP address of the server or fully + qualified domain name of the server. Path. The exported path from the server. diff --git a/docs/en-US/basic-zone-configuration.xml b/docs/en-US/basic-zone-configuration.xml index 965aff3f644..79d4ab8ce1b 100644 --- a/docs/en-US/basic-zone-configuration.xml +++ b/docs/en-US/basic-zone-configuration.xml @@ -22,124 +22,298 @@ under the License. -->
    - Basic Zone Configuration - - After you select Basic in the Add Zone wizard and click Next, you will be asked to enter the following details. Then click Next. - - Name. A name for the zone. - DNS 1 and 2. These are DNS servers for use by guest VMs in the zone. These DNS servers will be accessed via the public network you will add later. The public IP addresses for the zone must have a route to the DNS server named here. - Internal DNS 1 and Internal DNS 2. These are DNS servers for use by system VMs in the zone (these are VMs used by &PRODUCT; itself, such as virtual routers, console proxies, and Secondary Storage VMs.) These DNS servers will be accessed via the management traffic network interface of the System VMs. The private IP address you provide for the pods must have a route to the internal DNS server named here. - Hypervisor. (Introduced in version 3.0.1) Choose the hypervisor for the first cluster in the zone. You can add clusters with different hypervisors later, after you finish adding the zone. - Network Offering. Your choice here determines what network services will be available on the network for guest VMs. - - - - - - - Network Offering - Description - - - - - DefaultSharedNetworkOfferingWithSGService - If you want to enable security groups for guest traffic isolation, choose this. (See Using Security Groups to Control Traffic to VMs.) - - - DefaultSharedNetworkOffering - If you do not need security groups, choose this. - - - DefaultSharedNetscalerEIPandELBNetworkOffering - If you have installed a Citrix NetScaler appliance as part of your zone network, and you will be using its Elastic IP and Elastic Load Balancing features, choose this. With the EIP and ELB features, a basic zone with security groups enabled can offer 1:1 static NAT and load balancing. - - - - - - Network Domain. (Optional) If you want to assign a special domain name to the guest VM network, specify the DNS suffix. - Public. A public zone is available to all users. A zone that is not public will be assigned to a particular domain. Only users in that domain will be allowed to create guest VMs in this zone. - + Basic Zone Configuration + + + After you select Basic in the Add Zone wizard and click Next, you will be asked to enter + the following details. Then click Next. + + + Name. A name for the zone. - Choose which traffic types will be carried by the physical network. - The traffic types are management, public, guest, and storage traffic. For more information about the types, roll over the icons to display their tool tips, or see Basic Zone Network Traffic Types. This screen starts out with some traffic types already assigned. To add more, drag and drop traffic types onto the network. You can also change the network name if desired. + + DNS 1 and 2. These are DNS servers for use by guest + VMs in the zone. These DNS servers will be accessed via the public network you will add + later. The public IP addresses for the zone must have a route to the DNS server named + here. - Assign a network traffic label to each traffic type on the physical network. These labels must match the labels you have already defined on the hypervisor host. To assign each label, click the Edit button under the traffic type icon. A popup dialog appears where you can type the label, then click OK. - These traffic labels will be defined only for the hypervisor selected for the first cluster. For all other hypervisors, the labels can be configured after the zone is created. + + Internal DNS 1 and Internal DNS 2. These are DNS + servers for use by system VMs in the zone (these are VMs used by &PRODUCT; itself, such + as virtual routers, console proxies, and Secondary Storage VMs.) These DNS servers will + be accessed via the management traffic network interface of the System VMs. The private + IP address you provide for the pods must have a route to the internal DNS server named + here. - Click Next. - (NetScaler only) If you chose the network offering for NetScaler, you have an additional screen to fill out. Provide the requested details to set up the NetScaler, then click Next. - - IP address. The NSIP (NetScaler IP) address of the NetScaler device. - Username/Password. The authentication credentials to access the device. &PRODUCT; uses these credentials to access the device. - Type. NetScaler device type that is being added. It could be NetScaler VPX, NetScaler MPX, or NetScaler SDX. For a comparison of the types, see About Using a NetScaler Load Balancer. - Public interface. Interface of NetScaler that is configured to be part of the public network. - Private interface. Interface of NetScaler that is configured to be part of the private network. - Number of retries. Number of times to attempt a command on the device before considering the operation failed. Default is 2. - Capacity. Number of guest networks/accounts that will share this NetScaler device. - Dedicated. When marked as dedicated, this device will be dedicated to a single account. When Dedicated is checked, the value in the Capacity field has no significance – implicitly, its value is 1. - + + Hypervisor. (Introduced in version 3.0.1) Choose + the hypervisor for the first cluster in the zone. You can add clusters with different + hypervisors later, after you finish adding the zone. - (NetScaler only) Configure the IP range for public traffic. The IPs in this range will be used for the static NAT capability which you enabled by selecting the network offering for NetScaler with EIP and ELB. Enter the following details, then click Add. If desired, you can repeat this step to add more IP ranges. When done, click Next. - - Gateway. The gateway in use for these IP addresses. - Netmask. The netmask associated with this IP range. - VLAN. The VLAN that will be used for public traffic. - Start IP/End IP. A range of IP addresses that are assumed to be accessible from the Internet and will be allocated for access to guest VMs. - + + Network Offering. Your choice here determines what + network services will be available on the network for guest VMs. + + + + + + + Network Offering + Description + + + + + DefaultSharedNetworkOfferingWithSGService + If you want to enable security groups for guest traffic isolation, + choose this. (See Using Security Groups to Control Traffic to + VMs.) + + + DefaultSharedNetworkOffering + If you do not need security groups, choose this. + + + DefaultSharedNetscalerEIPandELBNetworkOffering + If you have installed a Citrix NetScaler appliance as part of your + zone network, and you will be using its Elastic IP and Elastic Load Balancing + features, choose this. With the EIP and ELB features, a basic zone with + security groups enabled can offer 1:1 static NAT and load + balancing. + + + + - In a new zone, &PRODUCT; adds the first pod for you. You can always add more pods later. For an overview of what a pod is, see . - To configure the first pod, enter the following, then click Next: - - Pod Name. A name for the pod. - Reserved system gateway. The gateway for the hosts in that pod. - Reserved system netmask. The network prefix that defines the pod's subnet. Use CIDR notation. - Start/End Reserved System IP. The IP range in the management network that &PRODUCT; uses to manage various system VMs, such as Secondary Storage VMs, Console Proxy VMs, and DHCP. For more information, see System Reserved IP Addresses. - + + Network Domain. (Optional) If you want to assign a + special domain name to the guest VM network, specify the DNS suffix. - Configure the network for guest traffic. Provide the following, then click Next: - - Guest gateway. The gateway that the guests should use. - Guest netmask. The netmask in use on the subnet the guests will use. - Guest start IP/End IP. Enter the first and last IP addresses that define a range that &PRODUCT; can assign to guests. - - We strongly recommend the use of multiple NICs. If multiple NICs are used, they may be in a different subnet. - If one NIC is used, these IPs should be in the same CIDR as the pod CIDR. - - - + + Public. A public zone is available to all users. A + zone that is not public will be assigned to a particular domain. Only users in that + domain will be allowed to create guest VMs in this zone. - In a new pod, &PRODUCT; adds the first cluster for you. You can always add more clusters later. For an overview of what a cluster is, see About Clusters. - To configure the first cluster, enter the following, then click Next: - - Hypervisor. (Version 3.0.0 only; in 3.0.1, this field is read only) Choose the type of hypervisor software that all hosts in this cluster will run. If you choose VMware, additional fields appear so you can give information about a vSphere cluster. For vSphere servers, we recommend creating the cluster of hosts in vCenter and then adding the entire cluster to &PRODUCT;. See Add Cluster: vSphere. - Cluster name. Enter a name for the cluster. This can be text of your choosing and is not used by &PRODUCT;. - + + + + Choose which traffic types will be carried by the physical network. + The traffic types are management, public, guest, and storage traffic. For more + information about the types, roll over the icons to display their tool tips, or see Basic + Zone Network Traffic Types. This screen starts out with some traffic types already assigned. + To add more, drag and drop traffic types onto the network. You can also change the network + name if desired. + + + Assign a network traffic label to each traffic type on the physical network. These + labels must match the labels you have already defined on the hypervisor host. To assign each + label, click the Edit button under the traffic type icon. A popup dialog appears where you + can type the label, then click OK. + These traffic labels will be defined only for the hypervisor selected for the first + cluster. For all other hypervisors, the labels can be configured after the zone is + created. + + + Click Next. + + + (NetScaler only) If you chose the network offering for NetScaler, you have an additional + screen to fill out. Provide the requested details to set up the NetScaler, then click + Next. + + + IP address. The NSIP (NetScaler IP) address of the + NetScaler device. - In a new cluster, &PRODUCT; adds the first host for you. You can always add more hosts later. For an overview of what a host is, see About Hosts. - When you add a hypervisor host to &PRODUCT;, the host must not have any VMs already running. - Before you can configure the host, you need to install the hypervisor software on the host. You will need to know which version of the hypervisor software version is supported by &PRODUCT; and what additional configuration is required to ensure the host will work with &PRODUCT;. To find these installation details, see: - - Citrix XenServer Installation and Configuration - VMware vSphere Installation and Configuration - KVM vSphere Installation and Configuration - - - To configure the first host, enter the following, then click Next: - - Host Name. The DNS name or IP address of the host. - Username. The username is root. - Password. This is the password for the user named above (from your XenServer or KVM install). - Host Tags. (Optional) Any labels that you use to categorize hosts for ease of maintenance. For example, you can set this to the cloud's HA tag (set in the ha.tag global configuration parameter) if you want this host to be used only for VMs with the "high availability" feature enabled. For more information, see HA-Enabled Virtual Machines as well as HA for Hosts. - + + Username/Password. The authentication credentials + to access the device. &PRODUCT; uses these credentials to access the device. - In a new cluster, &PRODUCT; adds the first primary storage server for you. You can always add more servers later. For an overview of what primary storage is, see About Primary Storage. - To configure the first primary storage server, enter the following, then click Next: - - Name. The name of the storage device. - Protocol. For XenServer, choose either NFS, iSCSI, or PreSetup. For KVM, choose NFS, SharedMountPoint,CLVM, or RBD. For vSphere choose either VMFS (iSCSI or FiberChannel) or NFS. The remaining fields in the screen vary depending on what you choose here. - + + Type. NetScaler device type that is being added. It + could be NetScaler VPX, NetScaler MPX, or NetScaler SDX. For a comparison of the types, + see About Using a NetScaler Load Balancer. - + + Public interface. Interface of NetScaler that is + configured to be part of the public network. + + + Private interface. Interface of NetScaler that is + configured to be part of the private network. + + + Number of retries. Number of times to attempt a + command on the device before considering the operation failed. Default is 2. + + + Capacity. Number of guest networks/accounts that + will share this NetScaler device. + + + Dedicated. When marked as dedicated, this device + will be dedicated to a single account. When Dedicated is checked, the value in the + Capacity field has no significance – implicitly, its value is 1. + + + + + (NetScaler only) Configure the IP range for public traffic. The IPs in this range will + be used for the static NAT capability which you enabled by selecting the network offering + for NetScaler with EIP and ELB. Enter the following details, then click Add. If desired, you + can repeat this step to add more IP ranges. When done, click Next. + + + Gateway. The gateway in use for these IP + addresses. + + + Netmask. The netmask associated with this IP + range. + + + VLAN. The VLAN that will be used for public + traffic. + + + Start IP/End IP. A range of IP addresses that are + assumed to be accessible from the Internet and will be allocated for access to guest + VMs. + + + + + In a new zone, &PRODUCT; adds the first pod for you. You can always add more pods later. + For an overview of what a pod is, see . + To configure the first pod, enter the following, then click Next: + + + Pod Name. A name for the pod. + + + Reserved system gateway. The gateway for the hosts + in that pod. + + + Reserved system netmask. The network prefix that + defines the pod's subnet. Use CIDR notation. + + + Start/End Reserved System IP. The IP range in the + management network that &PRODUCT; uses to manage various system VMs, such as Secondary + Storage VMs, Console Proxy VMs, and DHCP. For more information, see System Reserved IP + Addresses. + + + + + Configure the network for guest traffic. Provide the following, then click Next: + + + Guest gateway. The gateway that the guests should + use. + + + Guest netmask. The netmask in use on the subnet the + guests will use. + + + Guest start IP/End IP. Enter the first and last IP + addresses that define a range that &PRODUCT; can assign to guests. + + + We strongly recommend the use of multiple NICs. If multiple NICs are used, they + may be in a different subnet. + + + If one NIC is used, these IPs should be in the same CIDR as the pod CIDR. + + + + + + + In a new pod, &PRODUCT; adds the first cluster for you. You can always add more clusters + later. For an overview of what a cluster is, see About Clusters. + To configure the first cluster, enter the following, then click Next: + + + Hypervisor. (Version 3.0.0 only; in 3.0.1, this + field is read only) Choose the type of hypervisor software that all hosts in this + cluster will run. If you choose VMware, additional fields appear so you can give + information about a vSphere cluster. For vSphere servers, we recommend creating the + cluster of hosts in vCenter and then adding the entire cluster to &PRODUCT;. See Add + Cluster: vSphere. + + + Cluster name. Enter a name for the cluster. This + can be text of your choosing and is not used by &PRODUCT;. + + + + + In a new cluster, &PRODUCT; adds the first host for you. You can always add more hosts + later. For an overview of what a host is, see About Hosts. + + When you add a hypervisor host to &PRODUCT;, the host must not have any VMs already + running. + + Before you can configure the host, you need to install the hypervisor software on the + host. You will need to know which version of the hypervisor software version is supported by + &PRODUCT; and what additional configuration is required to ensure the host will work with + &PRODUCT;. To find these installation details, see: + + + Citrix XenServer Installation and Configuration + + + VMware vSphere Installation and Configuration + + + KVM vSphere Installation and Configuration + + + + To configure the first host, enter the following, then click Next: + + + Host Name. The DNS name or IP address of the + host. + + + Username. The username is root. + + + Password. This is the password for the user named + above (from your XenServer or KVM install). + + + Host Tags. (Optional) Any labels that you use to + categorize hosts for ease of maintenance. For example, you can set this to the cloud's + HA tag (set in the ha.tag global configuration parameter) if you want this host to be + used only for VMs with the "high availability" feature enabled. For more information, + see HA-Enabled Virtual Machines as well as HA for Hosts. + + + + + In a new cluster, &PRODUCT; adds the first primary storage server for you. You can + always add more servers later. For an overview of what primary storage is, see About Primary + Storage. + To configure the first primary storage server, enter the following, then click + Next: + + + Name. The name of the storage device. + + + Protocol. For XenServer, choose either NFS, iSCSI, + or PreSetup. For KVM, choose NFS, SharedMountPoint,CLVM, or RBD. For vSphere choose + either VMFS (iSCSI or FiberChannel) or NFS. The remaining fields in the screen vary + depending on what you choose here. + + + +
    diff --git a/docs/en-US/images/edit-traffic-type.png b/docs/en-US/images/edit-traffic-type.png new file mode 100644 index 0000000000000000000000000000000000000000..16cda947fdbd346838eca731b6a1171d90bec26e GIT binary patch literal 93662 zcmZ^KV|XsjmUe90wr$(CZQDDxZ96-*ZQHhuon$9p&di*7&;0m)^i|#UJYBWA)~bc> z`;JhM6NiPuf&u^lfR&UGQ33z}dipv1Ab@^)lv9Aee;Pn%C2=8uni-t)p9>IkL0Lfn zfciM-Peah3Ye)wPO=kcAxWRuNfTQ;1CIA56C6Xe7Djs@Q-QfN>!zp}vyqwopHn9se zYSgyz3IK+X2m~aEAYvdv%y8y+IsNB0*|Y8gfSY}WkIp;@7@GzkUnej^Yb1b3;RJ;W z8j@9YRj?af+}LDg-&Hlaxw%`7$Zl@0tkaccWf#j;x2o#D9xqf;-51IE_Mg3YpMJfE z;qm3|io^dR*n1ts_loy)1As6_W|IzZT(}8WcNGXDE^aCgCk2=Tpow*mN=e+t%u9Fi z?#dP-MCKtaW599|E>f#jOCpKdF$fj%d4bH^`ModE$8G4G6%7U|{;B*zS;(A)LW1D1 zi6gha!EflSl!3*^Yr$iZyeIf#n{U(U*^)$Q93e$GjzP9O3P5$HFHB* zGg5fW(^BA=R$sSP{=z{R)V@{-+i25ge2H84PJ0Y3dyzlDw|aI&g05K7){KZP;3-)@ zdZ<{n{DzJw0D=(U8S4+`B~&Y3JrAHfZ_(VR>cYjl#fTL{*E*`Bu;TDJl7D+1{aRMJ$@;o;;2Mc)$V|1@-1Y2(cuNPK`qzxPO3JR0HBfFkmT zAOH#n_-SPD0h^^P7vgVbW(Ed?$`&mtsan>rhm&_@obY@0!R|KBrb)}hZ5HVPor(VY zj{mwb-WkM-rX!$-IeORsTdY83U@W<9XmO$>i9lmdO~kSzfA)d`-sLkDMl~>NZ)@%jDmk7 zr6ei`UWOgY!F|9zzgxBW-5r>SsGW)A$qY0$O)L+Xs}>U?iCb@Y!)RkVrZ>@C)>4ZR#&$&_iX3+ zKoPinc!9YV<`aGZsJg1A3ettQ^;fSF>aCv$UA;mjj5uXlK1+#SmmdM!86y%jQn$Df zC66ld!fd^m|FYn}_rM7fQ0zQjQU$3=;Yzz#b=5E|Hlg)5d(!-Ee|Bkrmtv7rko?+`^Z)i;rYG2 zXOLQsB=JJSaru6Ha$i(?dtM%>b6oS)+v^2{lK)qYclc)m;7TAjh?mLOK+QdY?nQ)8I3Z#UrCO? zvln_~$7g4s?$_`_i0Mddk`EIP;(tf9AJ0Jmk2qHaF@zWeE^k+=!*GOh>*DAoD>zSb zKTyf$aF&w2e14hbBG1)bBF440$a=zK==!qGxNTA+izEG;U=uzaGB0TiLr9^rnCF#05l;gD`NVJeA zrOVB<$nIcn@|swo3=~=oV~fxd&~~~o5vcdoqP5h~5)kv2gR?J9Nw52NJU~cc3C5Es zt@MnQ-O(&l5z@$@c3vOuu@KmNN9hA3ZM_{oN&9Wy5|J*&+w0zh$XiL_aCg0K_& z=_c2uHI6ejhKsC}r|M5%dN=M$+KdbizIzUayWkuQ&Sa#^pz+WdM^W&fgL;yWzth(0 z+D%fzsB;irnTGk&))bET{K8h3RX@85*|$hVrB7dDU8yFUW93>$LBAxz@f#*jhUc$q z6@3l+#!T1y3BYqR2$fYDW_MweK%Y);o5(F*!BJ_2zf3j{;87?kHHqdi#>C;LH`61&q#m36XuYFtP*KYC*)U!KihwGo-eRiIn1{7_>WD$ z08U@gt&*d+aPV7R0dFB|2Gq+{*|MI?X4ay3yBR|U+7f=L9%c&3kItm!m0bn!Kch}Y z!a%)7w5BvqMy1RY>GFQs*zOLztD+h4uK4CRah?3tbA0B{>~b62*bwr*MXrUvXYK$V zQs`-txD)i4cS3$FpL?u(bXlh$bA0t$HPw;fo$}v>zdTuaZO-IA{2IC>=o>^Q^0#qM4zDUGw4#Pc?hr-3+qanx|*7rdK?UV(uJAbB{=`uj`X265{{poXQ{(wh|4~B zYeGkiI$PSJ2j1*n9d>EpBRk>!0LQB)=Rs?M(e|MD_ZJo936N*e?bll zjrsQ=>8wiUwyJ*TMc6^%ari2`fKG#cPUvJb;M?o?chfg)V&wpLZ=d(^#gLk{ zdA9M%K9qmQzklV(#o>Jur5y*8j@gOCtnKD?(@wz!}-Qi!;6KVsqtq zf``cP?qS0CaWa`YYX(Xvp%6MSkeGYCYCh!5kJ}evsQ(iTh1vQ5E^|p9uko2;c)M8x9cK z?*ZF28%!wp+6|c~D9CtB!&aLMPu z$b#l^h!ftN<^u1wjALL@+=Cc28o)W+nwF|EV1_96$p0 zwyB+HZ9vrjt+NmUq6qdavaU9&?LE_>Q+yR2z9lXSKYbdgK@7>k&hzlUrcWw(_!7||he zxQjub)oNu-BQ?^*6a;`xL&R{V2Z2rVo?=!a!lEN)I1vk1s$fG$sn+P|%U2(!aeRH8 zr9y=YQL0d=@(z_ia$58>JF_^&v^5P9GCx@A*jfUVmP8I<$J=PR(QhfC1Zh0Q17y*; zVVsqSFle*)z0}4;3=wjQ=$rL>VP?^x1C%eL30vf4G_~fQ_f>Niju^(Fy@>JsSgT7` zf-GY~Y|m)w^y~a9cr&04EM?2ZWw@h5eD}oG06H#Pqc|(zY0(Db&w)&oE9S(ETvw(` zmYCHl&{Et}*paAWqS=#D2 zbTyJwvPFzdXDDA67v~BbA>}qg12TMEDPc65Lgeq8SxN(3?lVFo=ELLQHNpk}6&X5s z&~Ua(BDh>P#UPi!=_fV91Nw;1Y`7m?S=%(CTufEwG!+el{P==+LXan}n89N?Dw>2- zGD|a=|1F?@%BdeCo7?1f>2Tj0I%gi`>e!UaK0&{yj_D5Ht*X5tjbfi_8z~oU=VbK{OoQ~-`f1XQ+{_!mhp#lwt711uR zeE9cXXXlSdzW|D$8e#=9Zzb03qSvK)e7}BQW+$YwZH5$Ea@-3d!-U0Y*AQJYF9`~p zl+B(#K7i}=jlw{RF=C1VyqKWS4quV-&beWRdTSkcH~~i)jPfjAS*>S*ap|0*WMB~` z1r0F@?hSKp?h5>={ceH zW6LkVS?52CFI#UubrFh*X|Ft^Y*ou?gIOq&XC-;@=h=6qPe^gX*BMlFG&+ z;(Jd^>9y^B50pVT3Lo2y(Wopq81=u)1%wG4Ch|J&EYFzf8)YUPCj4s~iWwd#p|NI6 z7*NhR4qgkE8^Zmwd)Vgf#{i-Q+I0boxS}@>kp#2^S)rFPh#xB@r2v?yJ#BDER*zQT`>K6bw(6iNHqrNKuGhKG1qAe%l#EC()LF<5Y)WXns3!9EnF1sB=0K8MkdD_!B(Orsn+ zBLhm!j61pDGZpsvbQi;=&;=3?mn1kplBBrZC5M1Cv=SG@vuyf2PoY_@q#5`>wIt@FiD{1eQwD&{seV!+C)B}h;dj1Y%h}gtztR5 zm-%cjTJFdlw@D<}6EDl(oP+l{^eU}I9;I4M^Q5P*(#q+c1 zjNnhP>Z3>)sTYZXATG00AHe-TAn?C2J9NLen+)DhCV%e>;Adqua`kBo%VWTn=5pnU zA2*_-on)IVjWp(tcHu445!dnS9-yJ6*zLNM}J@3MFR`0O%oO zUfS?)dxDS6#l#626>Ng@7T5!*0lvX$RD{1B8fq~%QK_1z3c-g4yd6r$<*}zjmvI9o z$Khxbt;bxz9Tp*Ss5B=CI1P2oGT}cdMFgDCYv^CJ0`@kiO-BUN;n^qO$_Sk)IM>ZU zOOIuOd<@hVMRwQ-?F3yw@*fV~0))VQ9{iy7i0fP0vy%|ZVSp_0^wBw`IL9b3U&S~r z?fv>gV>6vq*R_wRQlZ8$V8VC}%6=}*<*IDf#apb!jd{*&-6qi(*sX&+#HXV+^dal% zi*w_@2~HgOa5t43Ks1FlJF(c}Ct|Ssl&Rp8e1tJ`Nj}@d&SDp)C%FQ6D-=%raDZVhA(j%^jPEqwGk6j~APv;6W3SAr^amd^1Wgd=5mfUGTp z7OgwgnFFWK@2GLJnA9jR836%5-y}C{1J>zd$e;`$$07jjb04QErN{B$St24bNB#3V}&e}oYZEGk(iJ$t_J9S15X87sr!!P~=M zZ;fTJIv@-*(ZD#A-5W;aU~-G|i{kpcp9Rb1d+xk0xpr~je)~}>!>6DdLNH#sK%0uQ zF=2~mfw2J&^sr@17Oofm(|8IMbH9=RCx;Q|5qF)5qb27JD@vr1L4RJ2O5Ou#Dd#H- z037y#++jl)MH8`O!ieh%wp5d1r{14BH58=SloNHzKhlKBq8r)E-WOqLQFl{T8}R;l z5j9~>0{bPnhop2%_E9aUSjY`%$51aMj-qD~nJ-J+uD1Ueokxa4te-74zU{DI2(3n= z;P^GeT!aHae}_GD+EM{yipM`osmx(v(6(VuP0JKjudGaW@I> z@7|u;#W`kShS6kzGX&FI~?YU&v)aVbc_{w7|Jta!jVq(OP8~5r8uVi*l^`ps6wOk3lfuaZ7Jh8``#8Mzz5I3& zrdKRcletGMs7YpVl6GR^VtvU%0*t{Z+zLB3{o&Rm}TS~%EWu@mxH|Qm?Z4L zCa;hU9~kSt{#P$auE)ivAnW`%E-(Ud<9_dhx1wxb!#90^e849>2JS<8V^S}HeMLix zB4`}raW4w{9|8Bw^gtw~x#WEG;i$gwkRYW{c~?(Z-^sg-Vu6Hxc=~%5vu_7d%8LU^ z;TBhCdBF-sgf-K*$`(*vB3T10a1v0C<9ynxluz@8@B|Djl%UcrHAX@n(=UTaR8Q?|?ik%AFG;-{}o#orqllk=Fe30zO%_ z|GhGUr-7U^NegLVo*M(#d2!P>^G5d|0JLb!!7O)6WGTSQu0h-`pW#J#SG>mq((yI^ zW7FbS>kE?8Wc$)>LrwbCHBoVZk2kHRD_eVFyPMoS?lJgS3v}R2ZtR^MzkrqXI8p4? zbqVizbJke1s);?k{@l9BCR0OJyuH4F8fy~uY$7>BW9V^7g|9N;Yny}}00hJ7eC$_a znhM?Tral9aJXEUj*JwceGP*k_u=XRc1;M>o^TNs{60p!gg2OqIskVg8<&kPfL`{1_ zaCl_@)H@ZYZ;J0oq-jN2U;8{wc_~&CNnl5haoJPo-d=uZ)NkQkBsjn1Yo=X1CaWGA ztk}G5G2*Ce2Il$NRS4&|X07JQ^N06r8r@*L9Au{%8JRauXTiaV7%LEyx|DE-bDrDpiK4mOpEtmy zkW=RQ7>#P(s%QkNL{fFortCIa)Q*gN#MP^N2cR+dJmYtxG2D*J%vr*hOYzSu&M*c( zXIjRXc>U{BRa=s@dS!&#<>XgNM+N47JrdBd%Zqx)!v>Dtm&cfl1 ztl4tA6{^)1@OlB;mLw z(6YzduEtyMyR${TM>C9a9_G(IM8>Bc`kc>}(pUhMScv$0c%2J^}@T2beBOPjfYc|v-J%LL|^Qv~LNoR94 zpkc}2Rve8XzC|ECO2YG{%h$CoV>v;Jw_MAq-4~A)zYURMHRsQV`MpsVQbNpNg^dr< zb%Xi=NBzS=GGEb?0WZ~G>psWhv7Wc}5 z%1I5)^5?h{>`xJ@D0Ihxo1B~4VJ5qF1*L9my`Ovn=or(j-J5KaUWHTIV^!zv^YK9<8-gyq!$ z*8aC@39+zoBt|I1+0s^>lOO{ut9~0N9DZm3JjP`mdNtUG0%yEgD&F{*EDP&+D>vVJ zQq7K}-@De_5?Wyv$#3h+41!Xj9TvQW(cKIu>lBexZp}BP*LlKcuck5#+ zOx|EfwqB7qq({uK{j>MK;h}&d>Jz0rE>@5hIXEv!XkkrkSqTq$E@K{x8^M$KknW;a z6N2b5I zEOZV0Q^-nfS`NMQJWtwBbGcb$aOl!DbWAX|zG1dJS39j9E1gP|4s#n)Qqk88*_ujP zw)oDAnG60{%~#GD+Qhz^V^~MAxO6ETI?7^FO+j&aZ)`by4Np!cr7BIxJ4&50U_C8h z%21^^O;?)MA!*C+8o2MqpXmeIM~CW@czKzI%qw&powFQ|QR;el1WFb_T?`Cc&pz}@ z$AA`K!im!e&v}A^B_(1>E1Lul`>7zFtkrczw}3FDX4<)cS!T<Fj<@tC z+5RHtk2(7qdZkbfiVy1_))iSYsQ7w18ONLJ24S$zAXl2gUVzh$np^DSA& zR_I#h`&{kb-rI#^^ZnI#dZJ>cFF-q~)MvA$jEa^sW@F%`vWnp7%{*dr=1-6ndP3g& z&h63B@4~xAO5%Rn8&MYmpTdzifxLVOOn*NqJg;Q`SlrDNuq`|krLd~C|X4=0S)>* zEX!y%Wlu7!0${FhCU2zyNKq`!o&zH(@SJ15+wx3~ARlt(tF#d?npBkZiUle-j7-%^ zTFM}{UM;6MDKtKDM%iuiUfun6XIf)S!kj)QO^g`sFG9ecQ+s;&7&lUXvH&I)U!CFL zaat`Mai~*Nsuh4S4XSxiUMTMA(%II<#q(X#S0HKVzHq18H5U)gUIh$pDWDlCZt%Y8 z=BVvwrTf$IS%?Qj+i+P~Qa$J}P(X1>6Rh;Fb&>(r9e1)KK$l=b@|Tk;8tMSek{n)N zB{Shw+?O^&G1_|;b}d}DJ5@N+6ZGVndqOmc`|I8B1MDPOb)9*7t8eaga6xRErubWm9MB`Jw==?KGbYxV zT@?LD7(Tvf^9#$&SsmdX4>y|Gn6*y9clR@o71EHSv#NeQRbj1s_m{aEw2o~OAm(>B z6W0Ri=JN{!`5}O*C%89muggzKJL9_;p;|5e)OS?*4(VJ7|<=370i!@lP2Zq~hS)e~u@*DINR{TO!L277_ zLMyL(UJl8CX*#6%l=pox@XUgl!-*-G@jhv%H4Q%tj9!t7Eiyx+bU)eeG_%B1(wCMJ z)R-h5On^cR9Gu!f=PYuPzBikk@Dkk-nApvTrWVqrZ$MRmK6DL;4$*z!6(*ks1R`wF zQqNa#y023_bl@M=JjV?@V8118_a--9S<0&im;#zD!Ik6c zZYK0H0MXi9{@3?h`jYvf6K8+7rkYSu1TsED@flbd)~$LG^y@u1?i|$L-^H$_Id(5_ zCs;{db_C(=O)xqZH9K}KI`S~W!A_7lmIM>_KV-s1}O0@GPY zx3sG5gt;ggua*M!f*SP+HO|7n6iAF!m_&ojKX8l`6Q$ByrsdMRbfw*Tg?UPjgwlz6 zve!Dt{)RzP5?&HEA(ZYQG+0p*5}SNWHmnNN*p^z-xH+N2Scc#?yZQ()f)GR720N4# zhYpP?>9n{Z`f?O5XX6PhK0QG6`+^~w52%Ihz34;YkW4r)%R*AdBAfWH# z7T#Z)w5@|yq!bPQ>M@SuvMp&Y9gu8;CGk#zryB2yYGTE3VVJCy_sgsqwOCYsC+Jdf zVNEKMeC)dc+?i!Qi7weSn+Hz*o#{&nW4q5>!ZO&3T>QQrv!^YPEo?)9EStPZ4e@18bPuaof-{wB$5pYfBns zvCS=h>8!v~xEz5`Ug5gSf^%Oey7dWPnf|T^&0Ixw*pw9KWwt#=%iGJLGb% z;P7GD^t;!gRI1deR$SSV>;*@l4OC*> zVIvm=gkC|p2x-IuZJPdDEy`@t(= zz?FB-+p~eC1;RswGNWTeMbQ#k#|kg0jQFXLR6gS{DRfzlFzaM!x{gx@BYriaS3$v`eRA;Y7Nk7Ad~=5WE%pqDyVy_I7KU}n?f zMXf{h$P;8ciBPh1%%PP5#`&6Tfs&9JFr_Vo;QawM3+L9UoAGvot4o`=FsY&yhBU}Y zABkaTT|z*N5edc;iI}GBurw`WTTFO=;1+Mu>0%=~y*Cy&Xk>u334{V)V~RK}^%-=L zN?hY_THK1Wgs2LUgqm^P~(FQ*(okW2pQ&Q{t&!l4Uk9~CTvg{6FG z0!u(M+819;e^acNmLqcQ5)(Zj`dSEVceIhXayrw1lQGR zeoa%I%877@ifB5Kh!iIP=Vh}nWKEhdrJ`t4O-SW_jm}83+Xw4^I59~rycxWRbs37L z5AHiaI!`L2WC=N$fx3;cus4Qli18qg$|MDvaY}BW=50X`E04EZZ76ySyf+A`5YJ() zD=RJ1d+kW&+jk|)$<>CCZXSbV7lJASu?-JVV#~$De|_B;+6|z!2-AMTT;f7L#RO=Y zYOpnfB^h;}blt(Yp6!#cXa`|oD!KVZ-FIBEWpO)YDfh0LO#(J%?9Po=cXPNCVJKv; zIV-mi%HkNZWh{%WjennwlC#N*n3~{k$SSd9Pa-oVS=63EH|4`TElMPI>=%dhYl$c& z#cZCR*jZWxX_^uFvNkA_OGvOo!sGQv#AU=sF&Povy=>Z-8FN%LdsG#SJ1xz1 zyo(oxm53Ds4!7TJP5r^Q_0;G;=K@fAdfl6Sl_CE54n0^V87swku~3ikgMtW;6L1&@ zT#0KC{XF39$++n}c0o=j^98xX&EN}VCIWiDEqW{6)SQ0Tn>wc6o!A=OEm=Ocj=c$de z;l~pow$EQo)iEQ2Wz6t_%mK!K?A~BfBK|k{fkf6Uc>M=eB)|ql*Q#C>&@7FF=b}ON zm5a;jDmygK`Js2+e!KBdE#f17k|k<#5fqvPsnSE5v`ud;^dqDMGGNxArk+s*8qvsB zogYiW>B+?auipZViY``;^kyUF9Uyk;v`FQ&32?1|Y&-oFp}gXep( zo(sYR-`b*I*6F#R46iN-W8Z2C-&k_s?o&y4K$Ojq#0bv7gNps>*daR>KM;tvcFdSa z_an|mz~)E&L6AE#Fn(;bS>K5Da!}LHHM_>(-!S#<_M+|dieNB{l7ZK5T;-+|@;BOw zH_}rGDhWnR>vo`Ju(w?Su67NtP_wy5GzC0SLu9t=?cn^cq-NuK&ZR_}1LU~%Yj%r* z^p1Kqt?Pqmo3<}?(;l6sFkv;$$af!&W$aQjNI;nO2$~DbmSyoJPKq{uL_e?|{_8-k zY1jjf*$?g7(L>kH{iik^2d7nC@9V@;GtC%psmG&QRB=+ttX8jeV*cfTI zE}`2_Y3)l|Bg2E7a+=T!Q`dMpF6g6}Hp^=srxCJn6?9rHrD|x^k#+aaV%18hTG-zg zOUN~ZgdloiHA+aBZb1`^0M&SbKL(rP^3^_8#9 z?jSLg7^G+f1+~SZC&Jh1d`iL?R$3a^G9`jSo%ImcfE!}9y5(fnY>t^3b13zQ6IP)= zrZ$ENBp!#eZypG~+TMPXX`RZ_I!48pC=7xL79no8wafzD8eAW*;5K0+5s#_BHiwsQ zZx`W{O9TS4FsLz~AH17A-{qJIqveyV)lV3-g+nUHL@1lbV;tTTAVrTvPmNduuL)cT zbf8|)q0nr>3VwLko8C;u(}>BhJ}@XU2=OGL1g*(7sZ+SeU8E2$289Hgn7$>!0hq#I z8tg9Vl6vQk^nI}$-Zix0**1&ZZ@)&()pb_hij~4_3Y7q3eQHU4Z$V8-9`y$;*^wD_ z+n-OQu4*cSxT08sMQDf)2kl+yb?BtxiF)A8Vu+BTETbx?&qksyL7~!+dE9VwUqq)| zT|<^QOIC)C4k$2&!BTk$#F8LhNyHZGcq-(#_{PSN=%)c~wu>9+D>|F=Au^;OWBaPk z&^3?5Ya5rdf?&(L2Rtmh#3yu+ABu9+cVUsvYqCo0`&`n|#imeA{>3AYI`VJf{gL*XYCn#KkB(>=51a6MZ5&v$LQAey|F;KqL;Ru zittrbY*WoXE(S3gSVHyq62JP8Xjlzp$|(6NY9>h+mlxP}))choB?~F7urw-dc3oHF z%Z607NsrBaV%uw9OOy-S-spGnuBFfQ(vPjYYF^ zH0+2PD?!AJ7SkNJ{DKfPKn`8i_I_s8RKg@f;wc5-8UOTk4l8EuAN-j?u1u5y&+{zm z>tCVGT3?)2%ED9F#`SN$3T~T`K*dHt6J=-0_p(Wc*G#e)7X6Z+7GT&|u1eTFm z!@M~@=>r<4Kq2f&wGRA(p-Ag%%?&vw+D-_NYW_$P`6DJ%NJz|H>z4mXvEQC;go9H4 zLQB{m=MQWly-a54amRWcsrm!ZaBs@+MI?8^_hx$_dtvPTuW6*V#xQa$`Fa;5=b8~<%FI}jrW~h^b)m3 z^wT`tn$q?`Pa(hSw$(~6xxpi)7R7H-nX?$mNtR0g5sYnVB-W)RN5wVyEj0}c3MI1F zg>oj$#Aqaa0=&1n=GaSLNi);OiqW^}gg7!K-hVs-Wl}bVLbtg`sr7~v|F`ZVsm`Hl7D;knd8!lYe-0!;00P?hir6&<}w98Sl|H2WR3T1lnj^l8?P z=0d#+wYp4CvH@WGp3hittpBI|7ob26XM zLJ@y9)H^{rTR~&LwY*s{c%*u%NT!3bpF%q-4r`{OZ3SuuywABebRV6=<8^eW7_Qu+9i%0(1Rat()HQBR zrO$qvk)*JKXiXSG4Ln7b_2R@uRM;pS!nw`ZI}x@K5mXq+!H55j%^F)sK=*O znZD^-luSDeNAX_kZV*(JZihJSa`M0=E8;srgyIp zTo!uK3+p|EdTTQwynU*K(?Jnz5!ftZ)Yz_8Ps-_CkwAIP69&KHu_hEVFQbY+Wt0V| zM;{Z@vK~)vYJyenG$5?g=GZfOA22uyY{NyQPgw(2r`scGW=Ue zWORLo!ZgoVQ79^?rDj?e(#-xRC9Pu9<8&TRNjj=3Z5ZH~^2gp#wO|PCM$xB2J&dTh z@OVWaZ291=Mnf0UU0s)>D3@5lz>J|_nZmi3AcUreh1GSf?%K*GYlWRojEIw0RTxo; z7#<-gYC10Z)O#+p+U8~*U9u`f$ZKt*LFQkHZ$x~410v;bt&&G7x%cAu_oTpvKRobG zwl1vx(pSjqVPE2o_~i*(@9KPf+9BKj!RqQ~fSnjEx%}8{1BLS|Sk9shbhrvJ3I8vx z1z)*`dHe|QJP3l);ICl+to)6wBKHWZs@K1nBMPe`5lqcqwRUPe@1a}`C`sPLDxaV+ zv;zpNH}*o=PD;Qf>3tR~Y^<$)km%#p^nHjibtQ9q^>7+NNZEgRjfYfzAExZnQkm7q zKJMcwzJ`GG52ZqlNC#q$%I7sD7D7qG9EMK9Q_HD0&jAIXlvNnfT_$(@&a40_8#Zdv zKK~njb+sAHetd3LVIS}ohccb81d`F9E}GDJ8xB$1TxA@MqN-)IUUeBgP0%kp$3SmY zRz=0UG28Uo8CVVEkv_L}#6D)A2aV99XD};>9E@cZNJh9}t;af0T#bTE0K^<30FtNl zUl8=vaU)H;8KV$Q-_@vR7%y;|Mb=T9&rag8^)7=i-lVbXCH(;jH7sHajW6bcmIzteT(#9pNX0|=rLI}HRK$|(w6Vrol8{;V)I08t6` zLe0KaO0Dlzo3chL>f1e}KQudilLp@To6Gzyoc|?S_uHWv)s>x-o%K%8BcTw;v^g?i zG_d2vO*UhkctRaDIk}=5R|sHe4uwP4Xe3gs9HpY5vhNHR z9|z~z%2ydrIYz`8w>}Tk1%oAbyc}!z_YcWWXWPj%we5JQRow%%k75#Q;w?QB<0VrL z$33>PrZE|{4NT4zwvM1qQiI!ou`28eOpbMsJ>uSoCzYc z81*M}Nci(pG7}&HdU%vDvTrr7>NKjHaItd&B9}d%f|${e3_=)mPBY|F(2@V^1aeA4 zA`~%v-L7b*-S8vmbed7y?D81h%G0>VvkIbR)6@E0Q`ga^wQLHoF_w}83)P2ET$Qy4(Y=9FPXqSL=l zwhVL9NPqCAIhuE);{TtYDYLRNBTZ*gCnlltmHwyL{%IIy5iu|e8cS59N`SrsK)2@H z*=Mmq)bRgZ>!lk*?A0ydFjJ_3|8Ljrk0=?pv;dd?OT3tZ1kvf%<&Kq`t5k3T4p8@C z0zrrYp#|(8-y8*z4Z3Et$0pA-^D6BR<5JzCC{T2u>PUj|%_ur0i>^K~^!NP&5j`g4 za6Tv#1EWd^EA4m70_>b|Mf{;dXmG&yk3YV=N!?P>%;*ZDat4V|*hx~8Y2!Zkyt%ZD#-n+^2W->zlw)SJW6hfO>eeecXx$wK{`V^Ui|7Bt zQ+f8XW!pSDGASsbAoX*8lE{)PbB6m4O2Ec)Mviy)p9M>o6%+(y%7Vc}9R44&`@i_u z5P$?2A)kQB!g%b6O83sizk}EWRiFTe@#01;SPBvU4{-$#h(Q1(NR)E?SMO_zIhUOF z@(eYyXd_Zw$|*Te_YYGqG*k z6HRPe6Wg|J+qP}n6FYb8Ol*Dk^PKO!&iT{7`s&?XyL#{1t7@%M6sNG^A&i^H|Dm6(>W3g^^0yrneffXvb&Cg*ejvPwt*A)=5hX9d zC&hO#`24oT8zec@<1o1)Qle7y;q(8+t$F@0&o+*R=@7PoJ;6(?dr_SK$Z8p=m zwz%rN!0-N-wxicW6sPa7(CE6cjSnK!w*A;Dq;#>cnBUva_LhkjCE!$cq8I<3O^cq< zL_ViUHqCqq-cD<|E@?t)=p^I$Xi}nWEGa8m!RaVi@-#L!OU7pm9VneYI2EHaWU2WQ)1lV6$pptlL>dF7uCYNvT+Z&t~L3=P^T*zic{S*Ey8xklxBOU z7)@Oh`=C!Y{Gu^r;LY~t*pxSJW-gd>4{BP>Gyz9lxW%#k{fk9pR^0noKVNCNCu)&P z$$`0GstP4x3CbE$rt#&7uyb66k2x?o8?Bli>>1a`%J*8$O+DHF_oidfq09CjN8)9} zsTHdYmOQiN$kCmtDD9MR;Cvz(j${460*l?QF9ZrBqBwGR@?l0s3 z-vI*s`q*Suc?)k&VIoI!a&q!}k3cVXlEJ~c$e*~duf4>B2O(ygh6v6Bow9R1rGSPG z1&)?kSUR)oKB1n8N%V|<2W~EOuh$j?-Q}{q#5uJ+DJ~Dg!H|&}&r>Z$j@8GoyDID4 z^$wym(Se^XT{AQl*?E6LATop4GM#p!&GGVSVQ$a~3hw%0ujYlyf;>_~2w1OmC zX(w+(ns3e!3nv>kMpvUc6oJnL;R<}SClXpna}v19Dl?A^-v+Q)e|OhRNQrUTs*8|h zr{l9_kwNyR2yzTk|05|6=>*>@sw~iTw6GFUA?CmHP{|bwpD<2ETtp<(W9>~B9zdhu z9n1w%d{t!%?>t7230mQ$j>#NVrY0RJ%&My7J=vh0&6-1H=9iX$!g^B_EL&P)Pd&Ei zx7=jO%@-%TtVH=TG-oY0V@Sn{6Cr4am@=C}-c{c?iam{nikMphUJTVpQDfy4O`Nk} z7Adwro)>A;#FXg)J|nRqM9Etwc+v>IzfGsLYKVsYAR9rX?!~>E+ovu=T=FoiPxXi> zqDIj%(bNfjbyAdITGUVg%H)}hxfM{f8-7XG@$Ym^ON=-o6%s_Q^c9JdpSUEnaGfNM zpO=gHO_YgWdk@h+{V;d*ns)r2M`|>)R}ENBJ!s~BV}Ov z({=ggNqbOV@oL>f=-zIyh}5A8^IIttdGH(Gs&4BhP&h~zt1cJ=i3aR2VS~$4Rf90e zLaM=y-0e2ZSgOH+1Qy~bNmC|qy!77gCE7{c`>jR0%W4cs!K^^t)xBA~1mfctXO{zz zcu8LEP)Lg(T}l=sxnOyABO|mny^zgI=dF_R(411S;%_`@9wOao%(1!Y0KRRWR3@w@ zFyqMFeMZWz22Y*o;TfJy(tswyt9p|mPys7F%Vj{tJf+-Oarp3&O{X{kfoUzc8dBLXD(9N=R1&tIFWQA5EB9osHgh?fKfCzR zUbjPrp_+;*62y8ijtJf=(x2Sc!|QofpFpSe2N4S<39ndKWrm8m)b|V&&L4gJDOcgOqb0X|(60DOpWR z3dhriv3Mz%fh&RR@I8r1Gf!};y7=+VXZrE*YA0L@JF27x|;G>^8<=9SsqT48KuU9T5on9&HAv z5y|ty10vyps$zuj072|X9f zYyk;uhrv^t`%5&FrB3kXlvHQmoJoJ8 zK}*zXc5lc*T6{1$A~i!p;X;|kMR&4;JkpG`jF6G73rw9lq?%m^00|zQT8+u>Ww(+oaRA z@BY;D^+IFpx&oP=4=GwC?WYILRMKo>NPQ*=?t>wQT(*dRPfw|+>EjVhN6Qm6qeTmg zeHW=!M!+HtEt&VJh9BDX^aJVIkY&9*r8VgK-Rx4rh+St5X_>KOU;Msldi_$zI!_CQ z-YMkJF3dYN=@`@h^?%0zpacXwsJW-j&#>X~&G^8jiGC`MXlIhcXdA1!HhfkoI+FciWglq0bUl$c_pyb{XC2VRIG$Z+@UkG8YGYp~tul=3x=m<}t zJ9Twu4Uz(B1NDy#X$LMvj$5*|7LsG|vzb&RT6pJjXDp8I(R5igqhK}bwkT!69dmH< zr+)m^P797AqoI)UCR$3G0cN|BSQG{CeI6-?>r_m@5>3TqfF~1vZqSD0b%3JQBHs}^ zRe*|6EYAfgq9+Q1Nwct^!4i!FH=g-m)P*au)f-|>@-TM0ErR8CIQx=BlgMnB*UD^< zWNC+>{g4%vv87bxl%G-i0r`GqvKZ|VuiSD70^6`U&^Q1*Vh?M#ljFk1QBCV^YL7YZ zQ+PB9HR4csN`vpgLu-vaOZ;ZLkC-Znjb-keWV>sg6kg^oa8vDvPmVhjTX&&GhtGew z&Ye&a%FsTF-N{yNT7Jg;jU-1+w#x*i7IWTCS+;Mn7P*JLfyva3qEiCjU|W=G9SE~A zspk-cK}U~~Frtdz;b4z2mS7nPDZ3cNV2Ac}ssm?otqfbmBa zNtNG?+??B{wMJVTyG~B#k^Xfe!!uBgZus)WNF;~$=i~R@6&T^x8NG*Yj2ljfuo=XG zr@`G!?b!V_Hu`gy9b#_QtLqZf=mJDAINTYDjG|1rD_gqA!Kmh*U`uv2y9jaI zystci+r67~V@9~fF}I*wP<ZBc+~F zvxZlmVset^>%rkfrDhQB%Oy3Lvr?TntiysuMEIlxJOdwQ%28l0&Na#+tJG19k^$re znmLAh^zRC}AC<+F!m=CU`Dmp%P9tdI+Qw7yaNsA8-`C=B$XTYBCXNr+uZg}H(gQ`G zjP03xGu8^#K1~vgY0GoWe8D)^P?{#4TCfp^OM1%M8Mg#G^x7%urm@F4D3d6G)&<`{ z9rHahz5qd1Q2o?|NZZP|sR$OXcn-=*x>gj{R>IXC;@_>srjEzWw zo}s@}i+A372nMR$*Qxae@t1vHQX`Z#|M}1IO17V5&Rc7J759j)EHvO1>xWNAGpqj$S)_e-B_*) z?*Hy&yh74D2uXCE@oYl;_CI?n5-9UHj1;;{-Z8lt`GCQHpFzm+4=xQi^S=_K2hbqD zf%ownGW{1)jKcx{`i0thKLjZGy^1^it;B1gTRP_>z=VKWyK(BzOh%u)xs={4Z!ebA zI;0{MWv2Sm#fO&KO@o8X$fO_aU(BjRD$e4ef{I(maXG93B9t-d(#Pzaz^`>F)= z3=9No7bewKEbx@5k|ohT3Y94v_S)CH?%03Y^y;tGT>5gelIe0tr}IHe<9WQ+4>~NR zpYb@P$yWl}Hc8uS)P43_tj{e`q$J7-+hJuWwvw7{xz=t;V$ENo{k&70(wD}JU{Fva zfmroR^tY>as_Crb5#H5DO|Aa5Mg2l52IWhimO_u|hFbx7uLrz`j8Z^TgsY@P zO~AhLgFMMwIG$z=Ucs|208E);s`^9j`jum1Y$t9wLyI=M8MmLA% z*;cpFus_$wC2_$OX1naQf(kEcFa8>dl2oGkKfLaJQ&6cHRsBhsDn-lS*!qBw z{eZ>3mM>+r*#zFD;e2fYvXK9*Y+Y#($2kbZ68i}uoJuHXXn|i$m%w2nSpg0eGSsI( zOl2WB7Ngl82$4jm`eXWo#Bh)Xd2W^cmk#`%-x1cHyFc8W?mAgSFM+PfAMovA^Q82u zeVn+RNSKM~ejVTWJS4ct@~QLf-qiOWfD5u)b9UP^Hp`p)H%G|WY!-%D@Pg3wOM!5B4@3w#C5-}#Cspj+Qv~Irw)(}qJs3ktIeVA^{;5jS9tj2 zl4E#krtyZ&u6T&80z6a1kF`2x(Z-(%lzvv0s@^&u1Ye<;Wj`lGrWnGj$u)7!5~fQw zy?Q>{@nqR`?=#_e?+#Uo2eJN=!S!Z6oGja6fA)|n3<;`4GLKoBRErGHtSrV7Dd7ew zNiS&2(dD`yBLVf#Uy4Uxw1Vf?4xz$walH&2;IN5?`_;8p$mXi#Fkl5WeO6DRe=_jq zI_mPk)&(=_bBA0E`zHwBK4&=URld|f$k0&x^pD$lY55fub^T98h`jEi{mh$x&_1l` z)f*2i-_UXYR`1zuZh%%FM*&;$n-2uTt)%HjObi5Td>Xl#l%M#sq_|WiZcbZETa&dX zg&b4~Jnx(MgN7D{Y}X480f5llIc8oEVq(vSrQl?*M*M+z49@Gvpua6p!LiF~T0_8y zHRK;8a3bFW{=)IJ6xNMvspnXDt-X?}HUc=ksd*v6mvY<;UDnZ6x=O3FB*5R*OO#N? zVbHdh&@nxWRllYI+U9QkVWTCkRDZ|fjb0F5t2)Tl)3)Y#l)>VhLo5X)IfqQ$q`pr# zu~;$>3MQD8nz#%TN1ij*{mGs8wQ3+QLz(l2yht*ROp%v5>tbCN>S8D&l1+v%G^{On ze?Zw_DU~#TeLQ}oG`v#ohtepA?z~HX;Ouee9E#5cwF&yd?HzmLaEf(UX?cj%hW5dl;nCZAj_Pu#nGdP z!&38eqDTd_2NO&3W}Bu{VI`9k{+{s&w?`jjV@e4&9r4)iWuks<1HKy((m;Ku+(($0 z*K<3{{l*%ceXBb3rLUs;cpl*Gj06mFo`Ul5{e;C>dRc`rX`uzbX?uW}UEN zwFbul`18aix=SVotMpHjtOMF8ar55kFYKp5a)ksH!WXwrl+wW#!n>^!=HF21T`{NE zwB#e-j#0FPXD#x$Vk9nr-C=NNmxH35WB@IaB=aojNBQK5_Vb2X4=yKUDhXZvFBr*q zbNF)baPM8?PC9`&&RH9LPui>vAPHH^5r3fG0WXQCQ zVFFj^JcHapyiUBsw@hZdSL*!rOyi_Q5$<$6BuBbOJF9`eS4e(n_gT(pg-r>a|2(`7qjj5A-*<}*2Vu<42rW(M9Agz#t|~NC%#9vDF3u?y*a|8$ zfz@xvEtlSkJca*+jSY~f+G0ppJ$8B=p;WcI3~w$E;lEnI+kz*mv=P23dVqB?SZ+5P zsSI5KbDMfIBz@YB4@**7ng@%HR!&VV?BiWJoDK;^{;~*M7aNTn^=u+|FEG3+92D8} zSq19S_&EM{ceC!-`2li?bmKUkn@+1$|As4RIMDa^_o!$XleJQ#=T@*v^Km2XXn_o!LK=3Mn$j`Xvf)jD`9#OJrH7)E0mBA<9TLLO z^f2=Q%K_`|*Rv86_ngf7EH|55Y;$G!|3+{PF~FS&wRo@n6#8k?NLzsRf3(~Y{c(x& ztSl_3>F5%b3aYw`51xAjiJ#GCd&xZ2Y&y3{%66v>!6pk2{tvD4=g9@(yP~7YNFm$iyNNU z3>4ZiV)OD{Mrsm)He!N|BT!5zJlljSV*Px{T~?GONk}`<-2%R_Jr1Ffm)GX56M7o# z!Ab#%7g8_kSoG|1W*R1xL*dG~3U%^3F_Uo*5u$(%W+O}?8^77J@O<>M|J6y00b zXALV4Iw1dEGOio1aBx&nnW2?>Sld&kQGygk&JooMOi-=Db(buXKXdYrR=ZUULe>#` zz!`C-vm;Lkfgh28=9|O*`3{2`oPaf=>?SCb&CXL8Z-*NX2m@0Qw>i?k1I{Z#G=7Bx zZY!Le6?iWk3H!S#fjrh+Hi?IOS|b$9beD~|y1OvpBy^ZPd%$;5yLrE3Q5f)0Q;x3h zp&$BRVcXbF+eT|#3mCOa78fqum_J0bkvo@HTM+{WMM)Cz#cdJ`B{8pUr1?lt5@)UhCxO>GS7?_jUWi23XbGyvisKvzO zrS2iH#mlmxNM8wAq^uOZMsPzj^Z}QbcPrJjDp^ZBK$xrypv-7 z#Qi~leiDUI2G>nXORL#?>X13fZIXTM##^2eeEM%i$`~Q2MRLcO0lS5Yr>>iemsivc zPBE+*96>iyL_ZR_Vz>xN?|2^CJVr9NL*wD?WNNK?e9s6a(HBw}8@Whmw%_En0>_lI z&{y|uN31krT`zCd@apqhD%vJKv^vg_PFB><3U|qz_Fi|5!Aa zL!nMqNQ#Mtsus?D^PD$Zq(*c7cvxZ3=~7o!m1dnp3M1s00>aSwCxD&$n+gQH3n5LG z$>``a5>Q8M|7C|mzOO3j6WvL@D}5bvx7@u`3b|7blmu)?__MXLRH91}70 zkMRo9bUL!inD~Pup%q;~U7Nyx20+}mQs)f{wqCub^xt%oIVwmn#v#9$(a=#-{->_$ zh#Ax*u*Uc6PHDf;K(GEMGumz=(2e&mzX_J@pzYiJ)FY8D>_@z8*C&1Ohr(|=Owkhd zN&KsPeO}w`a+6TZqT{Yi2n8)Z9(~f{FK@twO%^5bLjSrm3ZI2P?a!loj~`nK=%CMh*lEDmSH%IBd{7b|)sAt9k! ztCiU&ksipoShvK9-!vKuac3Yks7Puv%f+Nk^k_$UmH$KAHhDWVgw7IKV$9{Oy%a;i@wy+!J?w0LsJsC>b*SF`f6)xYHDbh zGh*&|H`#1)J>KCo<$MzRtY|yR?9Z2ARsTfKApsvs!_mjN-XZpO5{Gqzd*6RZs_q!L z^hYDQ`4=@ItVQxGo2w6;rCG8-o5}>8m9dlIv#;kX;f0qv3`E<#+;`#<6BVb7p$$sR? zCeQaT{^16Wd+F)7+}F=-L)n@CH)E&Cj+DcFNji&u<@(wVyj}k&Vi|>(!`-;kON~5g zv(B11xLna|5zcwj?Ry48ibk|TZuyqhK3!FJoj`YmsD`m>AF;1D%I8OS4=)AJYk7@{ zvt0fFkrFn!&_5#0geu^;6py!?AqZ`|P^CdHO8uO>C+!kw^B2Xg?Z1T-4#)-U%||zP z>XaX&(oGXc#^HKT7_|>Vbem(R!8urU2*u7_bf@1wQ{=q(J;xQyfwS4%AkK%KlYFQJx6|=#oWIe#iHjPQsGaB}~IzccL8{KNB*OK&DMXun0LKQ}>jw ztuk0`jl|+{Iv&4~aO@%btal)gE@O=3d@|S_hR!H0CDW{u!{f&SOi3(hq7gTI+=iHn zZ?T*tI~ab9;$7YKewfU940pm91-wCG?bZ#Y32a*`6a`ddkwxLA-j{39Y<7)XjzidB-oyX_N zpNF&bm4Q*cUe#CDmD;6&)jE2k7#*!!lUJ{nkN};r>~MR8B zh{F+is2F1N&e>=)ie58=cKiLSbo$)I%^Uw~9`tgMKpPax_xbk|A6Jz{v|_c=nGAKa zEZeXChYNx=L^rY=^;paO*uOeDI4=)ll>qMpeF%&^1p)l$?^ff!gQj10HMUnApVyub zDtujy`Uc0gzVGw5wjU?+BBnWSdtgv~95Nj6B^#+wzh_i$dIFRn!Vt>PqdFDjq7poe z)1=${XfI+m4(q&6bU&}&9oky5-9D89Y1W!QlyjT&&GyOxA5S=a$AS}K!%V})!P}2~ zR}0xTWycbEme+J{!9NR7+4R{G&T#V+(m3|v5P&$JBP58;4q-y(n!z*=8HW>n^dLxl z=^u$%bV|oO3T=6i5cdZUJB5S1HrB{EAsg}GTkv9OU~N3dQ``At2;=1t@DrWV2L zY%hp>>*tP5TaWz)fT(l9h6NQB6e*q>tbGx?T3nzg*ypTQH;{;Pbxg1rokvb5Hj}!F z!;i8ArV4E%^1bYho8+{Pr*Uc`ar=TEa{O?{4#p^U)>j^W{9 zlj}c|+yy)wTCMcvk_}-5j5r8g_&*@wx`qv9BvRGxait+@C0e)OOV^d-zTQRQ+i#Ma zN$Zqq3tX!H7W6A}yD@g5bBMqn!Li4+MW`?SJGi$%c4G=S9r%1lLuJpFEBn_D|8ierAW&D5x#C2?%T(V+bptMD0J&e!3%Ly0&u=sb z5tEug%~^l2+@9m~yyK$_+pT(uuCH+Jx89G$@9lrb4`p`3?eX3Bw!iMZ?ssu;qWT*= zbUv0_zf5`#xdEMR0bAIA2`H<7==8oPZ->04$o}%V%C5D0MDRL@CD4{;S?BisdU(@i z%}85;it*FcJo&`y`wxLTl z_a5C%dg@gO1?(@WNsQ4L=pQ&ZINEJ?`O+W6W6`v}V9!>5YbQ~nM(jwGV1!(W5{9gx z!pv}S$KxmD88>pNy4K5%g|b&=3#P$FH<@yNBq+c5NCSt0J%VZS!f8?n@L}CXN=L+o z7JivOcx?RwaJp``mRvtK=5~CPa(GvFhc%#>Jv(7I;*W6n+-I92tcAlNZ+^)6_&Qd2 z5nijVdV_YHq%zd;-ZtlYojvMqzT84xb=K>@PjmC#ED`v;)9|e>$XPHvuhW45zBXS1 zG2Z-0FTWNqH+sq2Kk?uo1H|A95^B1x3L{6KK6aE^ueb)5e4o#8!g5h)$ms4%a(O@c zPW2TP9ynto>0?eb++Ct;p6->pW?m05(g67x@At8zGO0Y*&6%g9Y-LBw9oxPEzwAEq zTlaKbNliHlWT!% zJiEHY?ETsTX?qE6(dW1kVrI!U8xk0CO910>Xg>G-91?npIR5%L*&mVvCEzw~*WbB( z(>bP^oY?^ENaZU`dFkKR>(PeRERygRKdm)aKdrLxyn%26o+n~^9-%OzP}V3${_=v< zPf3&WZDSL%%B(uqRmCnXC;0FCf)c&?yl)YFo!0`8Pm}m70w(&rZ_VTosC3^I5WJ06 z7_^Nrd2T2PSY*VnaC&=kR}N0!VjklnMq*zy*Z|Krj(G@KzP)$pLPhoqqu@0m42(ca zg@yKQo;V*{(*?Y7e6PXo5dEcX9c@!TzMLilg{5%->C;*;OAa#eZ6*sw1e7>)ht)$A zs;Y-hg&Y)w=GPbR)uZ=ru+rD#`?#mhUxVlO!>vzW&%Z+$Iy?_o47nlY(s5Q&$@#uh zrq@v;Xp^lw+bg|aHw*wIF5fP&EV5J#9R0qMKwX~noUKIuefL?oX;7Gxzeqf-;i&Z8 zv$|TLy2j=^{Wopd^v6)X4?Dba@1Muq%L_LYI^_H0U1fEa`Bmb^1^x-Bl4B?ouM#p_ zONgajYqyeyzOz?lW{8J%E>M;Gd@LpuDSHU=<3$DwgT3Fp%OrbyZQA|SC6~!sAbkGG z(wug^GhR&*6EbG*@L6#X`Y0ejYfp}p&T}2aXEsIjO*O)R`0$0anfjOZIpqHaC6Uk+gb$g{+v7BGLrF@iTEISaL!BFczU4 zjLlHMCgl_g4w&!td0A9m8qo4S|5e8i*to&`;ts+%#9)Cvb)TKT0eo$^^1Tj!1)(&( zURML&QgypBR?(mT>5Vs4(u3waO$Qp`w5DLQG(6uB4eTL61sEuI)#W_v_Ev$2;;`@2 zbMxr$Px*eKhmmvxF3A>ATU)d0xTth)CPk>42j>&JatNDk(>iCdAs0xmCu|`Nu5Y= zUZ709r%6eph!qN!#lLH)Z>1+CPhNL!7uszwzLHAE4BzyXLx2>>#AHBO8`XB3qv>w6?9asB6b>NIMmNdJ z=UjLSJc@|&@gcVBnv=It9iYWdpPRDT>aB0vRMY(KqBx`S`#zP`o) zzT7rO>~>*zEhMT#U=aN|!};kw-DoXK5aV9XqT~@mi%lkU+%;|Hbwed{3r(I60T=e> zoQHTA^v|~$XN@$`nyZnivXZbTDiLfdB^xWtK2KfPxoS6=TQees3`o9dp(M=DsZXwp zI?t2YzOdPHzq|lnZ$Iop)q1{)@j_`WPt|O7W3{Jhz)c1I)1y`?xTzgm5dR`E|Vkh2%+yTeiXGD;bpok*rP-t?l$jLg9#vfOy zpAHQtf*Cg{DdQMl`@S!18AAS3NE3an+Uzn1j!7*O%pyZx4hrND=k4GxZ zDubnil+6Lewm)7c41llM#V{Y^fgVms z{602mQP&1uzdk=`)M||4hpzWy@aig}5tXDd0zxUlYGq3=|NgbGwob<4L1}MQ&NwhR z=u5115!Ki7?O#SCV@7Iq?P)mg!z88Gtbf71mA&@(82HoWra}UQn zh`dUBQw`{R+dnvs{kk^};U~PV*ZtC`dzwhK^+X(>{(%D>nTrFhTxR`G97tvAw@EA0 zB3Mt;a|~%BaEI4gZTRH)HeNBwP8*<6T|Om$oGyVhZ3g}0($~QDdVRV5xc$R0lD^GE zM52L8-~2qzzXjw#l-n@}hp@%rBrppt0;+p&qMJ!iKjly@5=oU1ldU-lwFZ-88R}=p zlHb4;`-W_C>=i>3OcP`k*qf`nv2*F&O|bj$wJ*T&ZdR+9|jbvWSD9MAnl zs?}zeKT!w?h!DvaI}-zsJ=1#Y2cjkrB(1t_M`x9(>>Ly`S$><~0QJWO20ny?qxs0Q zRf}h4igL%zF@L;T7u5Qw!34_z)#dyJQ(#L6R_8dF-+M+ZQZ`1a0`TovcB9(W@wrKG zk@M~9;C1gp<%<3EQg;!XV^B~^|I`sQA(bt6#&1gFbmN+486Sk?58A`WZ=OKV5Bz2p z5ivA03?k4*9?dm_#|-SK+t%azn5cO=jYGvfS|13{v3HRXD{FJzsobecVztf6ub{+B zyVkSN$@Vyd#y&!;tfk1#_L@U>PXM7WA^gx$bU86Gs!U@!D4E4-_bgUdVHboo%rF0i zywmQ#B@(|`6oFGB2IQv=K`&x=1LseQWSpsee0i1chk(54J7#(3#kys!wu+!AJU{Dn z!Nba&;Ri9Z%TD%!i-Ecm({C`KT-aJO&dP6M9o??6u@Odo*!Rif>f<}Xgc&tmPC8Q( z3Lz0~B%ZnG3S#Qo1=&PsFe5Lf2SX^AZcuFG(NkAK zVrbM-2_QzbQ#`#(Vz4BBD%P`%d(l;`Ea*%8rd+OnCbmmPWWMzM3L_kW(y43 zFpFSqu~`;46M+{YhMOVOD9Tn#^NR9Qb!MD#H1cHPzGu`wyqIK?CY<2>BY4tJPq3I5 zb$^J|QfJ;Bgv>O>xWY~n%@tc2<-Ws8!WiwT{flr*BYxed_sw_Zpc68i_f=Jd|KUBZqk%)GZUUqmtK<;t!f)bXGEm3&$8Tsq^K%-4XN!e^`-S$=lO+zDn3baa< z2Cq>E?0aZ@CMrxy zNn0PB2-U~_hw2Wy6fJceA)N>zM{=|&-Jk2?st&J7cN)zADBXe*Go-KfC`IPVhN^O6 z(J{INob*eC#D9B1#ZiGD{b&c#Tv%^ts;V+7nQ`5AxAgL&EpGgym^6D30wF}oxnLV+ zMO#|vidmLkz0b%;%O(q^eSllc#^|(YUnT?{<$f!HPLg<^$65z|8#6bikC_O|4m_)jWwI%s&O*UmsEw^cKuby1Bg+da7@phXm#N=Y2Mft7y~{N~v6 zqK@Y3-&$|ncpRMME0<<@pEd_NLW-lEMB}Cm*Bgrysv${|0BdXcOJ=N^uVU4T zHwWZvTpSXux;vv>gDJ(~Jt)5|V&O}fj-f~>4MyBnXnDB_qcKU4MQn(j{lMdl@B83^ z@E?7bjR+GN8F732#hynRH(4@zV^Y}ehTHkysdTi6s~!%{_V{*_yeah9aYX-3LZBoQ z$Is&iR8o#~LGIe|=q^c7tKPWu69q1;5Wb=w|1j=;YZAdPW&2QSMV>pN1&5Qj~r!jtS2CFhFstb^1bxWWK|*z)25@!>Pr;c(vAD@$8n%hiSkljl>@5MXE8P3u^|M;}1f=P-G9zENv} zb#dkP@ur^d^9G@|>$bt-M&$bxQD?u}*Uw)r_p!du+@v}efVauFQ;6Kkr)GkW+gQS& z*@B<%v7x%=+^-|zr)!bp<4USHxgtsIOOMamPg0UapLm}$Vfh(O2^n?F!}I#tIO@Bi z>tR!{OMgeJfTfJL)Q`AsW6e7gONZEkn}OD~oEXqg#hf17?=rJ%E4fhSgjaxV#~KaM zM5qN0c6665Pkw>B;RL(Aq442Ij6q2c={;@Ntp|%m`+f+FI$M4B?nDZ?qc<)ND@cJo z7F+y{E>+ThmZ5KP#%H@gvbLFYC(~5r(|MD^gyM+%lFdfw1bz2e1&-~e+oLB~;82~> zhp|+u&C38(CPeP^V*GJV+4IFy&l3UQP5N+umcRr|oFSg;b7mw}RxAdo84gwFwfpON z!ujBa1E%xmG8;tEvCO2JdCHY{3eUS{t@&EeX+H zQ(LLwqvlE*#L(0-KuPhhdJ4%5$oF4!3hac8YpY2tZeA~wx-oyy{)Pcc6r+C>B?C_{ zl;-pZQpVquQT>5yX*mgF?RIVXU?3-RNZ&2l!5`qfwf1&D(_>{v>1;S}dKd|5!_ifj z{7q=NvG3Vbl_L5mt*dkH!$x9QSXUl}4sruo*@_l|t75Vb;#KtjG z!XfJ-tL`bUFga|&Rs@ziUy@O&Y$^kY>u|6(Lqd=ffpuJs(RdrK@nvB~29jLtWZB8@ z!wfzO${01py2Z-T>5@?gCM9vB4*#ErKQFj5tdb$=~CWSMwC& z)XhF(XE$zt!^KSO=Sc)azD`<&)VG956=QW47Ma$y2~rOLz78`ph@UjmvENNAS{SdUZ7B8;-EU%W!PXnrKU5F zwihn0Vf^Z%R`j+K$|#y!Oym`@-_`WG%`Vkbw}{JiId)`f*7-`07`*}`dg9f&Nx#z%8dp|_0aIb3@Xyp_=%nu&`jgG^ zrlr)(Ju43{=9sCyK_;8gi)RtbnM`f61BaK{p|8QiYt$2@SS^}yT3V_yf_@{V8+h}I@ydHvs>RLJ;J+647^KxL@;{n z!f8lsIGPf5Si-S;94($Ykd7fpw3LX0h3NeF@=-Niwl*+cwYi_x{g$&!@TO z!(6lWwfA1nb3f}wT1amPL5@HNEq_zqA-SlWK;g_Om(3gL7n#NehW6tk)%{%G{#L!` zk#kfYqvwuq;^EaI&(aRfxskcGRbFI1dqlN&$)Kx8JFT!YLW+#5Ad9 zx7$vu5zEK`?bSLc9HyOfwnmyh1x`=qt4#zc%sME(`K1Ko?Zl=bo4BIFsXv}i#_|*Y zQ=QHI2~y}CNZV>i6>l8rEPL4A=B=|Yis~!`(=9ao{ixt`x90wN4U7~yg`>d&nHj7> zZrHxv+!juL4mNLe9GPvds(e`uMLK&K&RSJq&B(mZL0MyH;QDagxXvxb7kXYN(b4`c z6ui0V_3F*dT`Ok4_amB!ow>91az{bU%6E@cZq@Fd8Bot#;>4f!=M`u3ZBZc`OT}ta zd{g`NM(2AYbJsIq=;0eg&g-cheJVD~-EHATrO3-w8$;`{rz?}t4};cHQ0nz{Ix2ay z%O4N_Op+$zrw>;?=8wJZ2T2&{9|b+yE-X-&D~>5=o-%&;Wsdz|U=Gs?U9Pm=MMm=~ z5Ty=x!Ev-kX|g{^)#&g#3?KrbiQM<-?e(K<;lBGW==YrjrH@?P1~Q&3J;ZJ}Dh9Qk zE9gCg53X{UA{tljKQww?pjF7SCkL(2^?#DTU?UNgHW~9WYFjy@F$(2#vZ11D3YFM( z6!~oRXc2p5CoB1k%3-0rNwuE$Omc=cQ5LoSAstRn*lYc7X_ZzI8`-TVZ?qBk5Rwo^7G{ z+&}4h(uWu=tZ#t3BQilP{ft!>i z4w+F(1PQ)hlifRNP2mc z8U;u*4>;Qb++1i$71(B>s;A^W2_=@Em=1y%D4>{<)o`7rTS?uu)z?zzFVOjz$>ew+ zxEnY6i)P1LHxrUVb69(8`N4an@a@c!{5bF#FCCYZw*+ANj1DnxRYAE#e=>d<6!ELx zJmvV@O>1?LXRkg~wA@ZJH$7mZ&o{ge3yzlQ(&tNh8kpseWDHi=i?+Hymxq9%VcloAZkhcE+@~z^`xYXU9vzDpPTAGveOYV4+*dN#w}hkt5Ok?gDTRVnYPw zR4@yW3)W>|(NF3*oN!Fx1smGs7VrGI#~RcV;{W2s^qYc79uZShrX`xZ8_Kap6BzFx zlRV!m3WB5*wF|6RVT!4Q3FNfyUsgB0vMb)6#3`rnbuLUuK5#ai@qNCEE3pKCUX7`_ z+Xf2JMmMN#Jc`dD-?6y0JwWu0is;c=hTtQlxiG66T5=nI4R=S$wc;lj+2!Y=8NhA# zunX!iRPeQ%J;><+14b^h zBaTX#4hPdi7(XcEDUu$42y{@!lr3x1a*JD9#)K?v$RkeFSC=|T+;!{mekJ_`$D_ZI z50nL3zsA_Mfzc#lg0r%=;}yXtiCQuiyIk-2ExGAS*NYjOIZJ6O({|X)NzgZ1tQ)po zNi>_5h{)nX`Y9NRmg=zt0a~)zwzl_bi&gZu>tsNOzZ(M^<)epprTRD z&s{^(l&<``B}SH*XhVn}8Q&uqd36zs8zWSg|8o5?dUr#L+CafZIA5EA0I>EV^Zrm` zzYfhT$}aZ)94v zjC&W(NUfro-;rAu(R=G%9X5kW zS5<;Qlzhrio!TY7v~jPmQYB_M-|Fk+3tPI!STeyCwK!YVLTNWm@rfhv_{@NK{q>kx z0!;_8g5YUr+de+{vm@4%dOGtKj>5`$#PWCBm_&8eIE?Df>D{Jp+Gh>CnH;}fGurW+ z1h0mO2pEZ5j?V<_6BSU37cU)Ky7lVMMx%DRa}_+jc(+#u#ztdF?p$M_%>1IhWCnES zCO@%_Vspm(*qsfgvZAZ}!4GCmN5=hClCTxs8Tyc^>Arz}Viqw*b6^Od_{&EvLEDRM zzX!Dwh^MCQ^Z>;ft;FU(47P!)jkz)MQWr!O2}TAUMXkF@!lpgQs`LvoZwpkE{Ji_0 z%YQs>McR_I+^w1D>Mh?O(q;R49v&-WWvHu7C$fD{NX9C3G3340G+I-`udkERDu{~c z^ZfGsN+gCkmN4G%l_St>DSwxJ~Q<+vbhu(`uLFSInXAqz#5oVj?$KBR;xK z1bQ#jz;{|%MK4~b-@H_*+aA)9*j2lWDw-TJgp0-vi65{&k8k>L8>dW+;g%k>Q8P-0 z-9tcf{GH`NWOP#=;)r$FS7=E8?*-VW5bRGGi#k3IgSNUQCG-%k@Wyo1prx$sIG4*D z4F=7_YrW8isiqQ%k1N{@!-J&jBUGTS7AuY`)eWh_{2aT^cNIjQ5VHH!adP6!f2R^> zGgjo4(;*jlhOmsEREnBhzC;5JG$O!+sv(!{CB{-P2fXA-xdJisesnba_EXWeA8eXT z$kOZDFDD7S&Gz?gPtk*|eop?zjkNX|%{-mKB5=~htS$ATfPx`@JFeiRel03^Eh+f8 zPta9sJIj3GH(X`E|D$1lXK&w9&HWT$*RhmirRO#};rmN!aBk;_YV9&)Ueo*q_SD9G z=YZ2HKz0mLEGetehL%jdqQI~q1`EfUd~)-BKUSc(=yyNQ-ds%Flf#Z*+T5Sgc@7_1 z%nhVscMR%Kb-^gK6R9uFI}3W+G9OTpVzcP&Lden7H-7d^VY{tv7-MgG?EzJi!f!G{ zcC=#QI$m5*Yg2hZp84?2?A@&#Lzx(xZGu8Z{-qOgE%Sf{+(jm`;9c%}tY*O%+ms6f zIq$YhY@;SJEH3Pi308)BglFGupHf~Bl=f#2(cR4yxSs8AWj zq9>R&R*d*wY=E5zY3nqKc8ZH+G&6uY?e;gCtSvX}n=H@RRG`^+D}S_sBz&EQ0^s%^ zm@eZoO6p3hu>~4$xLvpPA+l30o4=BTE~7E0 z`0GgUEF>G_MyAJ5GzJ5KYQw_8udSuk?)&+XM6b>!NqApy18c=gyq3WZW=meZSUzjs z-rlaMrDbw4F}*zfZ^Sq?Y{6lXB)z=0rmd~?r-e$eSlODzxS+{Vf(mMZ&iRgr%QEJQ z6>)mo^LSr10yKRTRpbfIz z&Z(o}bgXy$6z8{>y>nP`#$K03=}{X>=W`18kl}p%~mD zR|6E*U#3kXT7W@;rfBow<`ktw6e1q%^M4Z5xzsG99%;mBGPR$a;u8gN!ZSQ%3r3Hv z(f_({KOfR$z#npSn=bk9QOUWnXApV7x3Al9WxT$=($mwY+1VpQ)}(D&hCQGsHkPYk zVCsLM+0#DFVGuFht$k%@bF*ovUv?B-=k7Q>FuURB z9=;kXxJ)}d=*{s?(PQGBh1E$oFU3I8YW}<$fe0s|pY0!Wc8A;5ZnjH4d2FoqN$MI> z*=pSO=0ecO`@=*Bx3LRP-v+PqQRbhbf& zn~gw0vgHtFu{A!NfGVRB4oaH2^L5(#O${FS*)@PE)Z)aWm6FSpEZaeF- zu!S^=TnnO}7kfrz=Er%by9O^{hq>R;;Zr3~_9GAinn@sHNi}H(AcX2H{o&ChtRTa> z2_?WX%`Bo9aE53%bAd{c2{4$kvAY9l;abE1dsBn#X8Cv?M0@QSKSTV1@1oQff12&7 zR-sOIa=cs}X@5@Hlh|jBp~9d}7tfb1qXUQIZmC;>HO0Z+Lh13n}k#IfTa}0$!>K@p=@|cx1 zFJX-7~^l4yD_(?f)J8^DrGX!8aSSu=yWUImI&5B z)-!A|bM z*E1({9B_1OCY(ef`Ebt+wH%h)Yqj)L<9TzCY0X3gUGI_SSr1P1+s=U!Eu{GPkifZGBSSaG7E|8Q~Su_#m5 zbG73vy2KemLSh zc8YT12XG$nHc_Pi)Fs9<%N|XYxLYw(`kKbb=lO@doLV{~8cwXC$~TroF)BNQzu|IE z16hFk*N##G1_pAdC}OBQ$Y>eASZ?3Sk;L1?>e2E2+voCo^U>||N3kx6cPr3&r23}# zt58V_@V59C zHfvtjqn=Ct#wSk^mpI>@cwfT!qniI=Q^Eg(O;coG^q@@Zj}X0D{|AuE{{qGe_dmQw z0~{BtzcK@ve#+MNJn9j27{0eU5ySk4uBj{6iJIwLe2%Aq4E|y~a~@Z)LhkmzAKuPz zxOgW6dhy~38$-o!Ov43Jp8bSXPSe8$(ML0p;EXLb5b_J2=bdPp4Kg9A0*8ev{jZy; zHa^TAF+BNPT#yMfGx2XcGFklBt!RSkr}S%aBO{{vuO9B)2#uQjDFQF~XRm!H@6Y(z z?5BXOdzfEY$aKXOo!9ud2+oq6iTa^!(Y3oX_TNTDue% zVm)9J^RV|~r{((kztQ|K5zm9|3Z6CDaC;>2^^|e^{d~U!!OR1j3<3G;!u%chwtb z^f~IzRyNats>1!?Y~L5s2RbU|{@w-HSg*YARiVXLZn}S#Cb@e3fp^tpTJh*FrFLy_ zbO4j3m75Derrnq4wU3F6EY|C2e7+UyOf<;y#d9z!t#A#~=&lea)!KuB@uX?ZOO&`; zA95I}S=ADjFIZ%F63gH6^uqU1e<*MQw%#a;l=^y+zQ`IE}ha z_M-!iIF&kz+O|`;R>-H*{_hHnpT5<1oqKRg7%4;i+_Jo>VJLyh^$TI_xjcX_RzNqa z5F+hA7}Jj&-MS(wT^urEE+KH-Gwx9;s#u~%f6aCr$TC;%S8 zu-x&sH7NKwAG_Ak$%rR{?hktjc%~=mG}~Ixd%GaonU$1M$$Kq$;(bT{Y5|8ZAK(mSyYS>|>AF$H~5*gA-^KCY+2W+!Sx(_tVRVERJz9 zx<>P_m8s*9hwm0jfrlGkh z_F@1gbMXBUj)NJ{aJ_X}O}OD`vF{$)@BDmJl-O)2S`g)SNjKDH+Er?j?7)< zmyb7S*hYJe|07nALM)4tYT4d}tqY*5Z?#?=ZVFxpOr9>_&xJ_Kb)PvuS@RVd6uOTm zC6Tlh9qgv4>b4i{^+FGXh{)CIn#`4ck!WnyP;VMqb8zVwKP}_V(Q&`-?JY!oVf}rX zb``@=sp;`tS8f@J&9~mUqSt&EU@*OA<(+j%Q%Et8d8n-yHmA^%TAzEx6L7 zb-R`4w+ZPP$+KR?Zl;g$nD5Z`!{aE5Ic{b``E}#sQN(3)%W?B#*?$QAZ*T}wXyww{ z65u@t_DMC|LNE~u6?Bq_gN&S~s+~|L+U;teAeiy9 z)w{@V`46ID%r*ZP81{z&ZVw6{y|<+Y%Ks37E7|uGtqN{-X6f}mQKKxZ-}H@J>i-J3 z@-o=(rBPY_b*f+8NWV~tX@tq6^dCz65L)iKO3wNe0iXwg@aMtleXS?V$N9!LCVI$i z$o7l3lgG#IuP*$k{&*5#q4}muU>a{@WZgRL&XzOL?CYh~iu@crLx$lPD&sg;0`52A z_Ld}8E=Bb;;e5GD=E+z&v%htV)P8rMg5h7)ot>fG1ATiX`KY07LKgV_HkUXWLLsUC z?#wA?hkumLUOCrR89G^5DZJjs*_toc-JUXqm&PKxXt}n|{5mn6sBolk3^v3C4J1qK zd(6Qd)AbYFmxBF}M!MBKh~D8A&jKzk%T!JpEDUI=Q?2&%dj^%XzM{en_nnaP96L+z&*c>R2K>s8iD zcRwKZVZcL6J%`&u=&$b$$e)z>{?@9M$1_NFrzFF_eqYgT6@e+X&pd^#qta*+?#}CG zNT}NmGz&#^1v{8;$-IKN2lipb5?plO)cfG98T&31@t7NujPo4hsngCOB4#*Q?A8=a z8rEsIzVXpCdmml-f4G{8D-ZcnZWE!9QK9~ZSnEGUTR3{t5dAPv`Ur#*-fzLxY#Tve}I0MLPw&&GZf$cEc&5^&nfm# z2d9rs9@l74YOHaF=Vk2{#za_7A9TL}5xlbFyiX8K$F7LMchz?!1NOo941h?=`x0W0 zFYO^BHi%*8Y0zZbji~4T#?)>$a*@U`t)AWxOcCP~Ezwx|EKPH|p1s&!Ni?hiyfh&b z#&JcKhmKtmkba}-oScdLl|TA}6cs&k69PP(QLpZEh-0+yn>UErSzYxyFc1MZgHl&` z5+0-VB8ZG{-3jeFqD#nzUk1ol$N^LqtA%d7=nC%PgL=|2@VYwUAyfFM(zb( zb{`8d@Du5p-~nrw`wof@(!9fmS*vws_pwbM3yV}#a4^wq?QiXG)fcou;k;=tn|F7` zozbkx)wKlL-5|UJaEORHnaki|ZJ~}j)O1z54dvXsnRb$OY%DSkl&x+$5T^^IjkQEe z1$Wqmf7;;hgl%$GI^`*ZiQC1-X`K%T8U=b8rOj zuU!L6{iUI&f}u91<~?4Mu-m+*T8Qr_TH$dX5$1NOZjSJO8yHZQBs+>+O zWkrB1!x!NKj@lnr#RDn6KQH4}+yoWz-v~{8Ii^O|K5A z-LZ+fak*Id8eY_$wDvccA7Y^VQ(ixs$;hEvXh&^r{;ONDXntFQR+Y``R6yy(wT zDyo6ek$_iBYSD3v#u?SX=fXfU{rxt0KxaWpm2!T*AOXaeVr{+sJ6T)%8 z^%B|uDFut*wjZkbNJp(;I0u#6I-ID+qTak-dr0jrFqz0X1;VOuUtyNMKwZz_p8g7B z#e}LNwcF^{P<4b}$9WmwP`{2&swg$SesyD4x!z~Bo^t%66LW}r*wW&r2BIFFKZJX+ z?oQ=(_kkMu*I>88F5asqlBRAIM`@xs9%#u#R3}IysVPqSusR8Ky}wv%KZFH~2otc< zN9g1#RNz>gm+AuRj?5fyF zms>imakjO1nX4L{{{^m?6mE~X?O{Q<-yo0D%No-KP7OoR5e%cgnHNM%$q}^uO02CZ zNz7`UOB+}VD~BI!A4(L7@q3jO(&5u9EtHu9%kke2nMYupLbIza32W?c&-`op*6 zm^-?%%Q0wlc%al81#~0YElFLGXDRK4Qy}L~*sL+ilm;wLz)WiO2 zpoE;DY@(^Jh}F^|f92D&!@Ya)GsDdA`%j`oZ+%kWY;Qtu>Lh%hX&kLq0pWk**?*#4 zP@(SPqd*uj7rr()WrcfIEeRJ9UFYHpCeCC)mE^x@T3J(eF6z&BkbFUTZ1teRN(ih1 zk1Q(5%dM5)+`8i%Tq^)p<$+6n`W4tN@p2qz2f<~Ew-u7mbm+I5JBK%|Rj{M*kvaZe zUgNt(Z$>fIch~nqD4G20>Gkth!7p39H2h3E&DlXB%KzeFVn8LZEM4P*P!w$SoRIyu zj~aFHUXf#%O?|GS{ZvaMLg%^>tS00IwnkR9it^7~R`#fgsK@LkXH@U*;+v-AOjXfN z<^c;)>(Vxerj|PgVjh7$qsMPl0vN=x#UqLZ$|o{Tg_P+^cF<{e1G=8-n{LbrF!hC` zU8yj4Puex=kZ}Z|i)y;U1!;T(F^9#fisg9U_3^zgIO>dRERJR-NmJ|9=Q!}ULElkH zteWwlFvR;sNnQ6~2L2XVIf;_WLl($`KTQ%`^<rX9ItK+ILXw!{4y$YZOcLk zMo^2ZcQ^1BS`9GN)LwL>Zu%l7ECyOt702jU7t2)4EjB1|<#ypt;~EN%#$kctk?#dw zY>dWykA<*iC0nyJWV+N~FgN5V!l@s`aHyTd056x>rc=?t&M<%#_2`D+s&?(<+rhtR z&hg(ebQVUMAWr2*t{<$ts9kJ-h~O`3vLkb|AMh%Gyy&W$o@MaNo5&~gNEw9g;YJ-d zdR$?E(OgTlhHJrWihYg}hFSgO*kF~4pUm};8tsLuhx7l!^#v3bGjvf><^|<&*viW; zH5l%cja%$Xq{iefUPrj3PYTpp6E>QSlD0*H{ zq8tnw2FeH05&?46Kh;oUDMZeuuGJc21D@n?7Q?8tD{B1=@6@81=>E6^oaxFxACXH{ zcUrN=*nK-fX0+xfk zHdyjj;1fYY`pp*}32TZ8KVS(%$&^Y@S;E;tUc9JJzPGl$lGwCM<-HiU%AMjE~V&>edJ5pNunZHU{wj z*9K^a^56e6Fi?SwGT#D~61S!%YjOel4^hb>jrL zR{n0u!7&b9d4;8zWAKQ|kPJjmRmIjogWZW4%%nI&#sm*ktO0;kM1r0iGGocYzgnVT z?IVskH*`FWzmz#n2t(G3NMkgHJwr%;F>Plzn^4C1j!FD5 zGR>RtMZ%cl4(usr`#J6%&W0t!iPyBMf;OuE!aEzm76u>jCsz1^pPQpA_Sq_61s(?+ z0vXE%<&Dn?cHB=d^BqdBg!dleoIF~Apjr(9j_%?0$n+ONYNR+yE(6OI)TkM;!Uhc5mXWn7&#kbNoEk!;U z=Z12Sw9#jm$p&0~`&ln!rEG!j_s)jLMAZmiWa0U4Q$9L!aWvNk|JYZ0jRAbftJMdK z#_ZcJB^$C)!gZDop6)90dK z(bDaf(lf1JhAZ(Lfg4M9$#Cdr5%nRB6Lo+rUkMZaDWb@V*uGt)t^6h0&>KFENC?O8 z-fD>mj^2j$*8zFe_sgx>!4Evv2q=;qp=Yb=`eqf?+P(&rsP7@~c->}@?GDLD!Rs^B zSr~$-6}k5&G32;cJ0ORMZ@k3+*xe>jS0>4zxdJ~(F&Bh7v`+2=!ze@&2riij2RzaCWp zY6_2CV2uR_vH zmH&Pe7WA55-DPn0VUH-}*J4Z+Ewjme8|dR) z;Ht}DOsdRG3v3`L<4R5&SssTU6g$)?9yj{N=}@+!4Yc7Ch+$V2P>e$nNrDvIlBmH( zW}t(c8?30;R|dH~jXlU?hxe}i4lP}PShX$-Gw=`-M*g>FsJ5{MtHDx;aukK2bZt}E z95p8JtiZ;yIU_m;TQXSoWbLYehR|KJrx*`Dn!n4K)zx4yjcb2t3|1@ZXqeK_tE0-UoOsnk>rnX}DvD#Wn^hGa<1iB>$D3@WL&<=k6%gm+Lm#NDH z+tQj&wW{O~=c5eEo37^VTvbQ_T52Y%JAUR$K+~-r2A*1wR9l_yudt ze`|;6QpkQ_ww%L0DS719V$x_>`0SgvExIaL7@8f`)xvMgm2G(ZePwl;n*2L^G5G&Y zj6ff#(ZU8lX}>wb%U@t$2Wm1h{Pi@T^Xi$m(O2WjK(E@9=m1{2bOJ4qvy;j#s~G*( zIqvs@%HQK3KklqnXPF5-H*z_cxVXxma`9XkI6387sXqaapD$jkj=mnRD1%vpUNCyW zwI?TSmfzuIZfzdFQFIyP=QEMV(99tq$$k>o^fG0y<2AsZeZ`;E$Yi1q2y`E&jt4WT7$p!}DvmzwCYVWotYr3UE;6zml9s!!Ej z$(kL_I!nPw35U1S_MpsNKvT`H`J4^kr29($D`BM7nBy)iic3|-+Vp+9STXwhu zZsaptYT<7nxWN*O2psI0Z_h{fr{Lz~MJsm-ox!hC z@+~_aKKZN~Ik{Ht-V?=A>F&EQVJ=j^kB#4Kj26G=PJ_>#>V8TGja9$DE*_m!(qUD+ z=jFmy@S{v8U9l(2^BI6B?1V>w;$J279jt1anq2-Thy=zvDS!R&OJVUQnWp&vpZF$R zW7PJ=#2{Bn6im+uStQXF@4+OxeT-dfu!p{t`N>Ga=KZ!}E;hD&dCvSm5TBQvd~VUC ztPr?e*vhz6=qgq|asu~mY%0pD>B(n?2p|u(HQS5u{F)0VY}D25wGEwwQwK$y z^U8cFutIXAe07s3W}uQ*_JwmHzDMfy$wa2Qlnap`ei#YFp_`@$uXleu=a!U^Xlrk$ zrV46AHw`{0*~^sdw&LRE;Lu=5RyC_0#sh#%W7=2dwW+v`vWJUf-sTToS{r?s&+x=U zBmB0&M%C<4f1hn7V=-+mwWY~z`&7QpyHafg$gvts?*#a{OKtx_awed#g5L%*BXzJ` z5EQ>gdk*oRZS*^a(f;2*CtZ`1nJn{gNhvsY&C8RuDY^{b)5E7;ndRTpay7o>_9Q!R! zRr_uI#>DRw;THVPO(g(`K_}(EA@pDFwQ}Ifa5eNIOdW^D(e@jon#{Q1S3z0XE0W7N zIXyk+TIH`0RO8)5^_w2n27I4j7E(83P ze4X$Lk5pfJqWA&l2oWapU9>9i`yyB-WR(vOHUBR33B;0pLYF>fU**Hunb%FvBk_@w zD>@|3)-ftcUBz7amxplpR4rZghL&EHB-`X60`K3XDjS)i%xmxG88(R7zUDGjOG6jd z&F|M?nRH*}q%gcZSLsFbM0Sn0@tm0C?P@A@JNazW5$FQo#K@=C*2W|Q_jl}t2br1x zAZ*b=+}5wegidcwI4vjQ> z&H3;i42*U8IBxASbG;M1KCF`bSbIMrkr(1W3t2=_NFXILX2qC*$go4l9|KC>3O7Wn z+o_O#UqN2Q_tfv*qA@28xHxc7V? z+Aa4@PuP7UKs_27Ry2Q(8b!`k8P13L?--f)t+6QYm-M|GW>WP-)jC!0 zg*TkQ#Q$o>m=DxbO1CT_j%t>=nl!i4)VCx$5-3QS=2=XB-ZzJVH{A>$Atdet-}7Fv zTKGpE23tr1+U|T{$HiMNX5`j3bI^XQyEK#~>Zv#WAWxR2!}oVe9@3i|CA*pLUxy6zRf;=r(_D7q#o1 zka%5d<+OjsU2XwCpU2=Go+ef=+zogVZ;DpCps7dcx28U7?ur@^qKFyW&TeroJws@* zgJM3x`mbk>o>N5M7|R|+nU#}*GCDl|K*b$QiHb1Q*7*Z{pBI`^VE1ylF%;;M!~fZC zWe#MOc@d zI?4z}BVyXxeIuSYh0F#5?A!pcJZ~eQoF7KMMCeuH6C%3FAfk)Ps$cDYIff$y*`cA6 zWu!Hk%WOS&d1Cv1tb)vV$}>iq-xe7&bbX#M^q!~$NCez3JiQmU{Vtt&KW%4q}EQRTBJY)o)4Ehy55Vi$pcCRikEm!-Xe4O!?U&kUT zLP;{|$J_Q59u9&xE{b$c7%v#MP6M82ochqt)|LZU_#%(FC}iq*eV~x2G_W`Jf{< zTgjqeu5-4iCT;a8jgqFT5O@SwCcSjlDe226N&b#%EM|39)tcd^_SCwDaQPY&Eg}lR!JwQIXm;4; zX+oF7(Wpuns+B_lA~i=*eiHc}7K&@xXqR&0-@UBR`#iNz&g2q$ByM``OLyv)SDXKi z!tfQv`DWGi;@GLc{({b*ynfT(ZfgXgUbWh{87$t%fl&7xGKw7_>}?GsuRDGjziV^3 z?~e?Tk5!s!YIa=i_o@m`v0k5hp6EeqTT11LNv5>=$pGr)Ng-~L{4;F;s7Op5;Z>SW z?xOR{-9mG^!PA9GKvb-6xaSCMc1Pb}Lek#e;8Q?11ld$dOxZ`2r&H28Qwc^}H%Z#l zm07aO2WQ+j#_Hboji0oCK8;SXg78J(x;i?&}Pa7g2#>`F`7Bq!3|Ig*u)|YG-(q@ zYZ84KDXpkh>LF?-NGHwbgcO7QrypJ^Ie9YYEcwa&1 z9>%2vO1TSHqzW^m5+z9htLAGA>0o6_L{KNUKfg>upR}&240~}QorL^r1G~>eNEc7n z`os?NPi_~uw96FDRRt%ul<;*>O=RJ}kQ|V{<$b~|nukPgy_HRg(I+GC0l(Y^NHvsEF;eOyF^yhp}=hZC|f-m>*u>h^ukDm;@$;u1H<)7pS0fZYm}gH$xH&{e{Je zmTzCCX4>dlNOT|l*{vANk9kvayl#eFK0J&ceK$NN5qnsv21E>r4J!oxg2RrTRI2BE zjLyo!^u1(~?nhc2fz5^k_}?mwe<1R-(8zhn*(Nirc06rm5OJi~7*28vdVd<+Eso6$ zL|7CDfN|ZbO!YRTeJ9l$LYf=MUC>*$>&IdwVG3Z(;faY>!s45|Qa}Ak=Z#Ppi%x`X zC>vVhMF>!e32;b+U7}_4BmO!N(#C(2#wKtE~b}3u&T? zMa`%GHSz%cHw=wpo7L=2Pw2;P1|XEw#OAs3(MsU`);1tBgS75x({>Z;TRGbec^O@2 zOxrQ!h*Hz@rqFQcdoQl?ZPI7k)77KUYm%kldts=h;A?O{B*$MWf8p$SbX{W`~)(Jcjp0v0$$2oQoVx zI_VnS94^o##P|VOyw2P00i)`UORNt1SKV=yliRqvt+Gqt^t&`izeSh8f1;R*nj2lu z6wP2qE71cOe!#!R_crYmn)H-%(V84!>{e}+8evnwTJ0lfwY6#6*v$(=MSZUhmYHsa zaBaZnY_Z#lNkvc2RHGGb)eqG#(6x2s5$5ChK`5Uxh(U$0qpO07z3b8wL&!iW+l%f9 zO>O*ho!q8OMY>ZSu{~RE#cJwnnoW1T6CYB$luQ(*Vj{%>#Je~r=?Vt9K2{@s&Tl!5-f65@s+kkO8>$;3&~*>iTS$>NuPgm8(zT^ErU3eW00Y zg>=#~3uRib+ZY3clZnIIAy1lsZD(9)b_%nrB>aF>=q6 zF>1c5XNPcV$?|hl!@!Isntxb^ZZ!%IiydtX^9jt%?$Sdhz<_2imm$f2YM3e?oK%&;R@qdUR3R>NxGtZ8x=ys0Y`Ay^1C33m><3zbPels zgUJNmj47W%=U+lHJZo!YHuC* zs-JGt-Ns@bGDHR6Zho#;mLLgI7PKUD>@|N?Hw{#O2S>v zpARpPF#L*$$Ve@pIYhcbgMbD~`N_)4k|?09XZwjy&VmG$SQBn31+N3->;b=Ub3R$U z|6YxfiQj9ZpM;KkHw=VyG7<_Xv`shngZstr(r(cPE-_2bx~^?Sd01j}Yl1ry&(yFy zYD>q`O!5sO7K>l*2rx`MLF0}O_g}uay1M#k-9E2n=A^(YVT+}H5^b0U7)tb2ik>UD z0QW45VN-oe7T5n=JZLK>$wTIPpQNsw`M$UFr zN$dYfr~e)LPmucUnNFm#DPs-K7;4dA{~MwEM^VI;`k?HOaYDtdjd4Z}RK#-F;6ijB zQ_0-r&bmAyr91)Ngzzps6}QgB!B%FXXoQsaCw`dJPC22b;;eJ4IcUPs*e%AIZ*yg^ zv6@28_3z&I%m8e-t&)(w8NceYTWEBpFu{B&Uzr{r7OZBrDxfr9?RH_ykj*C3DF$39 zdm#M%#niNVw>7vH)~zipyu3E2qJ%(j{*|wY8_SESo1z{0nF}j3M;hm<_a#U$C$viG z2Xl#~M5fi?Wv)E;aehYStz+-8>&GbbCVBfzD(Zh%l_s{;dT2-YB)h|0Z?)vpv)=%O zUll#DqT@l98E%+3`!PU+pon*pmq(1(vPX-gU}8*k{1nE@{9mutDkiK}91;%lM|T&o zAr!C$)IDOkbj=z~#!;RLTsA}-|5#u^h5QNwldV4#et|XYn7&5Cn89tLl!Zsjk$@%q zi#@tKiX#t?)~P6d;0DbfPneWs2#F=5`P*>5BU6XndoWJ6vI5`cFdWFbronltGw<-F z2ip-!e%A@I^!gxbHms!xkBn8|b?isptTLA4J~agUOpxi{skc6oMiHpG2w~#5jQAM& z(7dk3Z~orqxbEq9`6sz-7Vt*@ zKHJAJ>j+2?7c#F~nf+W~seYwbk>|h520^(vBPdK%>GWN4iU`Lgf6t@)Zqq%&w;#$< z^!L{lwv2e@yWac{*-i58T|P)_R}4ZP2z*9=^E4j4M}-L zNKtf6DI-trA11iS*g~F7`+)MWmALnLq1i9L&mbu{;7QDYusc`Nyq8V{noqTK<}ZYK zsjG&5Q^HSnN}))*AhkgQz6U7ZKoM7;mGIl&2%w~gX9#v-|Nn72_<`lW=F+LLVkJUK zf_<%=Q9g=gwi1(h7EmyG;xC-$c=AQedSRvQRj`InAGDvU8rIX%0uX2SWLeR{)W z8R&XV3e$y0$ouWo56#nkhw`fRmbIlXJt}m76rwt!BXt(+UK1zr_2O^1_5P$8Q1f{W zFof*+LLrB2@yE{^^v6wK&OB}lQ%taEF#naJFySK9Zt*v^U}LrYqdORvwydU1#+||c z0y+*3`mh{9!&u{TTr;fnHyj%h;ss5H<%NW33Cf3Mzvhs~DVl;Lw85IE`!F(?v>Jgz zKf2oJqOGT6ok!z#Y#JeO2z|^<#wbSP1u_=p^M_MCKvqmiIcZc}OgT{RN{D_7@6TI) z68-X|x&6FX@$9gz!w;OSU~V)9;r}abS?DS#5G|kn z-EfB@roGowlPKGN=*{*U)(K>AyA8a$3t+t0M9So=q@t=%%XyMBqTBj+Y_4U@g$L#M z5RooH0kWe0vJ-gD6{w$I5(U~nsVGGHp(fqX>^lrIpn+VNc!h<_=kcS9Uc`|+yzAhr(`I2p3)w3K#?jodeH%TGLwF9IH%qgvC%$Jv_q4gyK6EX<{%kYO;Xtp$Eja-*6< z+V|xnvtSmg%_f;E5e0$9nR7Aj*}3OaJrff#>FMdo$;mrAJN%2-^BL-JQ86)Hj~kwl zkdV>QGMXtlNf~Vv|I+Ky=qOY6U_e#Mq|s{Ff66|L9GR6MX4c}Ux3`on!|FKH!7;46 zuaAc%1Cgl(EKLsi=U~1u8JM-hY?0jk{k==OoEnU55S%dvsJJbQaa%7t#X<|MqbEoO ze5YX)n*8QDM&+@e(duA!73|q{TM8hIDUn~*d&&T|Uq0=StnR2bzQ^Xg?Dzs$7@pIM zJ|~E(zl7NICz5XL&H73^gzP6Fv5v)QcX~Llj3YpU7_%a|t*vSFPjW0I*QQzc6FEUu|QvZJd073u0$;LIy8NhLL zAA0f0BOBM3|Ka(zhy*A9_nB~MF(rsMTfg_4pFP6PU*ELwe}Ddiy+hML%V3bX$Lus@ zV-`dpT?Ejlm@a~IG5`43FgtTuIR#F3%_ZEamPMHjZy|`Yq016wpV_3k{P}E24~u*m zSN{L)y$66?S9Lf3rq}IN(n?xsS6VfzST2&Q0D}QH*%VuWFPIM!2;>73$QK+)2wwm@ zgd*}!NFW6WB(e#?CKy}*TW*qEB+IsXU6s}LKE3{b_ue;e-t;%KGqW?h=lXdx`{tH& zfA`IMzd7gJbGE)sI{MN{#$x2-5u{rEchYg3_e#IYrW-Yjp(xFBe^SyqkJ|QqG z2xz>XXI^bqW=Dfo1p=hGspw^b86wKr4NGrXdS+A6Sj=2F-TG^;m!8=lSHK+If3*Ae z-n~xAvXyS@+1RlIr?zcb-T2nu-*))FUX1R2 z_8n0yNg$n}VB@Xt*FW%ZqHQYkG-D|)!iY2-2sU;vAHFcozJP0g@4+u!*D|Z{(BOms zAwUSsDFlezRPJ(ePvR(?h@rMAod0)I$*wV4J|h5uvsz zVz=|WD=2ANFT1+?g#*XNo_+X*wI6&-TQ;@L=#l4p*M8;S|G$U6_qYG?-M_)>FTQzu z_X}}74Zb?8dGk#>bU*&LkUsJ1lTzElCRQycv&q#LeNG5e0RlwOt6-7JE@Ep- zOXt$1iGWV`CFCl!Zd^i2Maln8;1R z(3Q3!e$DG)kHik;Vi)ur3ZJ3)CMWP!a^RT+BtO zQxfT^({dqDQnQrqwp(slwI;_8NXjjhbFGV>TMBGLq{hrSw8jcBa)m;On#$CPd@qNHP>BVo|%5`vwup7Gs^>YQASD1Ed__-Cm#Rxk|j&vMJ)O^^J25v zr>3TH2flFO{F+?+L=o)l*|Qcj#s&>IBpZ#Sxhcw$6}c0U;j&nM#8C0Mp`Y=3@i1i% zQNBrs9~eXlqs8CP534vh9OHB9O;Q|io7DmeA`Uq11CUgY9FYtI2dJRpuLh0+9T-!k zCV8-N$0b}H-ZPt%+oK#_4=d_AqOxcU z9+T7qlwuxFLZ3=yt{h9~ABI5mAUcH74E8|0YQYVB7beB|{`H{wS1JR;PBcyds+%Mt2aOC5vKKod;2X(xL=$m7_0zQVm6HkmC-$6apj4_^S66@P)Tsim z32H_NlpcZJ-d;F_mho3o>8C^^loEmN?(UwRp04h0aV+ZSXlQ6C%7A*C!%>uusFNZh z0A@22g&Nl@_?YvDiq@z(jd-u-IO6YlVwNi6N|m{*Wy`xRUc89s2Yw%yd1xAr5Xg=I zuE~=pPvZK-RZ3V90$LD&S!(OnYnCrxzHs5fmX_A0rskTOT14_I%5Ev$d+xexc~_2W zksOM1u2XRxiuq1(ro72HZfXT=gW{G8xh?NQ{$CX>lx;L;e#JbTPFQv*4#A=1o8R84 z^eGe5h4<+!M89Ef}?%KY+YsHG}LKC^kxv0e@H#vt(TLBjem<{}Fluw2J zN8vYc@DOxG?3RM3D|>|{Mvxn{j6}ZqtvI?5&VO6_7yYMNPJLlS@xAOr{jLZAo;7*_Z6G&b=d z@R>{4=QG*uMHp@Fb`kV=jBNAptd(SD!x>GS*2pX;!L3H{T44g?nIYNBJKjNIRAy}v zX<$Nt5XcLGr=I!^wh*$-7dq~#C|+Z~;Y3$6a$w9$8mgQNfq>6lTU$FYFwoxKF6t`L zGhl}jjuIjY8*B;4Ff}zb+0xRIt5^B+iHQjWhch6qKV@Xp2wCMn6 zQgTe2%AW{HNC*%Dga9Eh#}Jqt9}!16=S4yM%87PK#sb5I+D0%NnaKz~6XQB18I?LE z1PB2_fDj-ADis0Uop;>Py>exC@d|b*o|>GT7$5ihd}8BqWr4u;Ulyyiv8mZvgTM?k zDzoTNjCeNi305&1Wm|VL;3DubitJF#5r{byBRc~N^74&uetSkhP-8-X5FiA~g}~=N zN9h;Jh4l=^QFJzXDbmr=aq!^54I4HH6IAJTOO;S_GjQqB@X!$S3Lp?TDy;~qAl~3W zKjfUj!p&w=1pe2^Y_v)_n-TcR82XE*NeB=Ea{vLY_cf|F?+_>zxtX4tLO>1+N{rM9 zGEwlM3x)h+<5Ruo)Q79@Qpn|Esj~9#Ss`0!?wX!P^!=(^e9+!lFn+}jMZx&0ZW&2n zLVyq;1PFm5BcR)U#~mw5V3xYn*9UzQc!SYoV&3cpIjjdfp0U$sCVG3P28TqN2zi5# z>Ww&QudQiXytsbZvc|<78W9p(gkY3`@*@}sK){6^THB@$F)L;%FdKg$C^9K1e#2S9 z3~Mn^uGI z#}EGK$LC*oaq?mx6ckV~i387Z<&C0M^-fJ+IDF)d$9}c<2R}Nucb|?s(_}w{=0+%% zOlC7nR#0sPv@FINWBVT|q;NrtSYhs98RtMzsR~-&IopV?+c~?mG_e^YU|6+kRZ|J# z+#tiU*U9)Ayb=UUXaQ%v{ zTRS&jz7WE9blB@^p?(Sa{ZPeVQ}p=2;JE{@!3nyqqXS#svp}STvlC8D&YGHn@hpFw z8~EDr1RU}tgz6?Q`P0U^x%uXI=G6&RE++!{EpRy{qp=8q%m|e3x}`WbRdL<(~m#V_wvgj?5^VK8LQLT*3;8{ z!}ZIyT-Cm2b$!PodwspxZa2c(g|6*3dwpGPTWj;uC2d{Ho0lxM*zJCoD;x-bsZ5TH zoIm)w*=(v?uplSDLD~VRnjFr;_e_ z)VXs8Nx}hZQOAb$tKRYUrB`0zXlg_!pe$j(ANh}ztz)1gVLajefe>^ylH{mwSiElS z+HE&3z3ehujT7_;nvFxdpL_M;p9Xxsocu;R3DY>EQdh&aZ9#=&A^LLvIznc$vGEDe zpjxM+w#ETpqp|UEaA_xKqRko#hum(NUzb{V>YorG1PB2_V4fgQ*U&7Ea?ZC@jU)|WbOs_XELK6%!LL;`r^H&j^S^krKgbdd#?;}`_ z-e722vUvIBm$!FyLA!$o{_vk}`h>Cw?_{DzZ+a^gP2v7l-K42sBEoQTx}O}pHE z{R8kbTC%ufaYqN>9T^#g@}{k=wY7y^cCISiGB!gbsW~A)2vju!;)x)_`15Cj6ov6a ziRxd~b0gtrfI!K}jW(H(+Wg!TPY&umQ8FX=^ta^pRjd3WuXeSXvB0FX7?MXbqXHA%3u}+YuZg~y7t5O!Zk-N7_wja{Qj2K z)`Azf%t8FTK0j11O87pFVk77uc0~;g4x?@NvQCrPM7gCjLRTTxB111mM_#NDVMq)@ zAPWMz=4*OnS0= zrp008hBF&MZrB@kE`V)Qpg``)NvJEJ@#tL9z2??is+!z*ylnrM*pjC4N`(jV*w}dg zz#y79Y}SPf+Hpr9a-$KwN~i{AGq(2&Q|5J*APmVs2xLc~HgKqM>sL$7Z;0Gf{&gsR zhqGtBPMRE>>*S{I(MR3A=LEYpJDprBW0VhUaWa_@aRuZCnFR*iE`KBn?-|7MW2`); zwqcqZ_GD)28&=?U6Aste>@_A6qd1)CaJ3Cyg4pEDoN%Dlal6GXqb+yd0skK5vZy-E zjmPWdmrEYx=KO_=_)X(**bVH5jsbc#fnics@cEg3q4IAKkT87s>%HgBZ~6UQRUs`2 zIhPRl%x6B6?{x0oG}yVc!?5Ex##3W zQ98KL==G6^ICSDQ9M*wxN24!Y>;tp0!5znHWry;{YGLpBpV-FCD_HP~0~>#i^j-Am zbWyIz!GZWU{NPa#A`vzm-w2I}F9Qb;YX7cQT1}bhX*Eg7;_H|xI!EDzhsul)5UjEI zMa~6>>Am(3J}Nq_I?WB-pJPG% za`P22$HAdte;{Bo7#bStk-H+3=H?sU{8rg6zJdlCe)^l=`O&#p(`$e4M|ZEu(a-2} z|L@Be-uHJOSe^0e^Pn}Ngr1?W%y6>$`IlC@Gh47KDpF4Mf%u+>wlDfzf0in48 zx6#thZnq1~&C;cd3~Nejmij-R`~;p2{6{PE#Z*VeR}}Nw9TT<8j_MSE0JqH;!EEq~ zjYj3s+?1Q#4F30j`z~A*Y{g(Uap!it82C0QyuvaC_Zp+Csqx8U$Lecq<-D6hQ<2Vj zmRVR(@EbvbrUn6x{SJ#|owLU8^)g<=Hd6_1!Z>74Qrz8@c)X|NT=u zBSe8?gJ3y=;?Qm>EsItDI%Oj_Wi?BMTrU5`J{Gc1hd8;|^(5(|QAFC&AtYTS3bT|h z0-IDs56e_EYUI3zZS2Frn()_@z?oPZ_z#1`Fb^JnW#g6Ep_ol7W|m^^C34;dXe`*Z z&->{+aG?B4Ta*zC`z?Y1#ETa#bh+IZ`z{qljIwufM|`MOG2OiOTqJu+Ss^u*p7{Ohxa(6rRNd?g@+X*F{1SEI=EH$ z;6657`#ld8m)XST@bHcw@&RV0?0Zn5aeRFCH=f_o=-vnJ-zp}a&&jNF05MX^-itZeYPETUYfn#eZ7uXOI46uWEQlYASb4$y;DNj2 zHSnmud)K{e_FL}7#KnVL`$_ExZTbA(2WFMkX%|&hbIZ15b`#?^1$C#@gQl>~sTCnm zTm;HWZv2egFlGbmsG_!k=0;E)uDKBo#bGFN;v|M|_)g4}$+v)myF{bTK)^OOzM;P1 zs^!ZO#)j?m27i&&HnLB#(wk7&polHhaK@QFf4;bYmZ!IwXbX@e6PBr=;gN}niSkHW z;3!S2ukSqil1y2SzM#ALww0~#`pb{L_4$AQ;3w~A$A7-b7%g+NZP~D;`I!TpVT@gn zI-AcAGOjQ@INY^mZHqkonm_pJJ6B4V{l!21DR+@M^20Abwe-_p`^i5%@RR>{^ZEZz zp&D;~b^qp{{KMCN^6Ayj#81jyh?tSW4ka5r!;#fDy`$^J*AxevwAXpkpZ)Vzh?oZ=hD;#wqz=8W%-dBWqt`${YUG;sN}^*dG;{ znhs7*dIknAjgGRE0`kTvmPC{7lVaU6^-sbPqd35H^ptpbR$1Y89X+W-zo}eSPaQuN}i^W5*BZuiw#{PIZG(j{C}zyUM0N7DXFA{c{tb4Rmh2tx z`s?q0DCTb5`q6i9u-okRMP1!86V5SPL+jeNEkFA5Y4$t8Fmdd~-gVckV%C3)Ub^W| z{`Y2dWxHbgj+WDX!_w%{7tgKP#s^*cjyv9V?zJ~ZSsqi3R0 z^oe;TJ$%2!OoobTO>Tbw!A`y)Sx`>uDh<4By_nvPW8Qi2{&cb@vKz*2wr@*8Q5N#M z-%S!er9*|)G^H!br^Q$v>VpuNDFWrw+=N{&DG*nqk{6yQ;fyWJEXe=1aP_Ue=DgC-P)i%ofH- zY*+ljKmHArE?qA?@w-t;*WBLOd*IO6NPl1J;??b)FB~|g8#&**=DJlpMiO)DiuwYG zPmQdse)KaoJS^#rh+_@Y63lbRL=jVlwJ%+0!Wn-sl*RuhQP!5ruWfxA1L}06M-S-! z*KL9)!E%TY+pMdAfAQjWsc&?Q`Scw5%m01f_Ip2d*Z=<4-$8$AV4lvX!~C5~SYl7* zEuWVkyYZj!D(@Vo^I-lMtSE|#v{Jzclw_L%KX_Pf%X~c^esnkIQ0x&6>hvJvS34Cq zbla--I}$e5wUFszV5r8iDeWn-CsSvPUpeIxtfd7zU>u1}RQ-g#HE! z814itn2j(?vCU9kzaIx&ZSXvpa=U9x=CH@(w_0EByJ#^YQZu?Z@N%+W4GB>_pDg7pqRgei#|hhrQ$S8#_mOhrth4-neb}!U@z|ULRb2voRSAUeN zn__;B4P4XH(^FGZlarI<9jq zTnxe?oQuJ1pub`KhEp4^Vv)Uoy?!5Jw5;z~{I;H+n|oH>v})CLt5z+vT68ws3j_UT zWS-*B6Hp;pPs4RKafMARjIr{?5>G8(prTDPS#ASj!(%b;6TB~FY4Unga6>iGOnnbh zyM9aCzkcfp>G}=LV5=+M@!`&+U;X;-L4+>~2EATS-*5lr-}JZMu?j9*sCn7Bz57wK zH5zGODm}Y*c;(V|roD?{#NQ0UV8sSndHKz!fBD!6{(khizxv~EJ;TqVfc+?vWSW=g zQh_KMS$)G>-rW1#k!N&QuWyJq|J~1@9%0oE|M!oE-nMzIu4&CpU2neJ%eGwEUC;mD z5B>8|(E5BZPhRdczx3)Kz5Vl{ZOiKX_v^n(Fm!xBkVqzp(hJ&wlEQzyGN( ze&CaT{(tsd{{6pvdow4sk;Wy`+2PJMu%KvjTkEN_(p%QDR`P1&-^Mj>?Hc;QU*7+N z6Zm7zAARGt-tXLxetsXG#h?1jTN+h0)veOV%u!D~zvjwyzx~h0JKytGF{BvuZHq5J z)DL{}CucwO=O12ylP&M~i;spL{68>D-SN47*ZuVedcy27J@U{Ozx=|G2Fz1en_C^W zD$c*mGb6TtC{~%dj;44AgB2;8f0PRBX&Ku(oc>v!AON#X?TE$Ki7N=yF1Jh`W{=u} zU0ercF;$~5V~glAt&q7d?)Ws|(-Sj`X+H_G(8e8GcWAIlG4B?6UzQ?OMwz+aan>Sl zXk&zfGp4kdupVMvrG;0uh`gr^g}2>#pJF!5E}Al8XKKAvPvS#|4yB${8Y&xGHC)>T zR)KAu6@(?_1u;~>b=WJFia`L2ffa!Q0u)DMsHEIqeGN50FbcJ8Xy`qm3UgwJF&o(? zCF0gFn-nKHvXzPxo%plE117I0D1NVep&DsasaBhK+`K z8H=Y1JK}yeLV2U`8;GRV5Ww*`-+5F{eR!>wKzCC)^MfHN?DMVsRxpxKoBhvWRufS{P@4xn+-+l0pF0(S9n|Mtr;e8S$>T3KWHhN75wqjk? zDa$D?GvhTML+2Rr!5ihxP?5;mkII97_Fe5Jp?h1q;7MYHoD5-+F7$>KuXTi;{l9_sXljJ$r=O2G%IfFxZB0 z9$JLI#Qp=x8SPl~*tv7HHk&^b>TGV_Vl)OvMp%Gh{9x8e>=h3u98l2U9$~e*+S_-Z zI%zYT1EFxO)v`7m33z>Ba2y2lLkw9_lf5!7BM$akpZD|5&wRS-(l01C2Rv4h^jzb; zBBq*7pH z)I$=yNg|0)$M$^ZGlO^h3TrI65}g z(a}+!^b6%POX-mPTM01?{=(kJ91hr@Ntzp`gAq^PjWsplfk7!0;=VWtWE`Cih5bB0 zAKMazhl$(moR~mLDLmw4Po0=Sif3hjLI^9EV2x7rRcxDZH5V37cTQ_>z-c@lnb}~W zu*4qjP%I9-7t97lT{G=_oOHQeXd)bVm9CUdGWC#jfh36}f&qT!p_Z?FXnj&mBydIN zY9UhxEz54HYQDrt_KHEE0yQ@kgAECi0|BP0E$`E|e2;eg08ezd5eggbN6dVRIsafL zDn@#QYcNz;Ee?lubX078VyE=_=K}txaQJ-)6d^oypr8qkj&|18!XP1(6MRdQiq>!z z#m*<n4^r1Ceu^6k_3KJOoY?4M4But3}m^x^+UyUUH97fWqo`5`q42w z4TLqSufG1t!9lyh5R61>&6b-?#&94Y>{H<-i=XK2#g3|an|&QJXnK7(&n#2yHD;FL z1}UUz5Kkc-jkV4zKJt<3HA{&#)@YonMzfTbi+FbHK>Lk2eYk)X+Y{tTYr2}DoMe`o zA%N7pU<6>6%C~KKvVxOYD&KXP#rlZiGCVR;HnUXu$PGg6xxf35vd@jO{Z)3j5#$DB zL*{nF9UYIJ>&0VZ%c4a+{R7OyhPwoxZfSYGug_sN!@U?kfbVQ<3{6f6-LZCMAX5-ec=v%KX)d0L-A~z+4x450p zS#krIJU{%QG&!Z(3Lc9T!YNHmXT|;<>R9whZ!dhrRy8(VH8C!))MeB%5$_{=xh?d#!`<71i|grpTzMyPOPw_?SoSd!LXd3pPF z*UtfR!}twci?as0C2~{T?`rvb`|d9flz&hfkr1dZ1pFtSCWqqEE!p7U;Qj-zwYRr# z+^}AFZNqecGl-vf<&{?;Ge@SO=Q6qRKmBz0%|i*6DU}LGjmS_(2gr@hWU?3x?=f58 zQ_B5uB+23McXXWd`J5(GE27_A>Vpc0XIPNVH@6%d9DrG>!S1*$9Ok>Fgu;gFY?R$q zYR!#K+P32!b6eZoAUDiQDVEkT?d3(}rgUHU^7IUH^H}H|?n5|)X zmzcBKu}FR|lru`<@39YP!si=uI>c!foX_nsUA)-s_OyUfTT|P6 z?%bP)4!w5p^$QpKYH$Mknj?{+p`qfASa5G;4C05FW=ogo%;s#ermzv@{eF6ADCn>Y znt~FZb_IurLt|r6WKM`tmlFnqFT{cbs%TAaOcpNb5P^;7QUSlgQSh`13=~Su%7VaL zx=?8@ga9E>bqI8IE$>{i1c4I~mJf+8&R^*3yVUP+!VlJhaEe{am#tm9ra~rF-e37T zoniGVrh`$E-(ldW3y(*6P$3EvLzf`~# zkfjOl^O;*!HA*o`c9~N~{N9J;xvM9u{bc&l)R1yuKl?-J zd+QRqWgsZmL+q0;y`P^fY!+#y&fJx<3JF(ct_w`lMO#Gqi@y|exkp4C?OD09wY3>H zJn$Q2RB$+*W|IZa=Y{QUE4sRn=c_{IUtV&9xH4B>8I`j@B_N=-9;x0lf?_rp`rYnd z2ZL`!BCc4n2z(I4&hTjD`EdB)=qOxsS>Lxjuc$V4TD7|`(wEO$g75vz5i#^W{NpJbS^yL!3RI{+y zoGBk6e|C*jqpFWb^=2=d_%A1<+hPxL?I*L3{L2`s=znx!jNfDjHq%45faRF+^ZR4H zl2o6(SeMmHy@QgJR-PG;sK!%Sh2$$U3+ReeGn0h<%qUoQozK-cKkMSh^RlI#4x1Gy zLxqEaA9hGtx_sF(B`S0!AX9E~qjNY6t9rz(T(LnV`N-fSh^5rQpBAK!((4aKqfbO4 zPesDdMv+c<^Lh*M%v)L(kdHI=XcC6xgww;07? zR;mIXz9kinI!{2L;N|&QkJNiSPGUZ`Uz)B@{smuLtoL7%wyBjj#qB+FZ#!;f8kD99 zXuJoQ<{fBSyyP@>%d+MSr) zDsH(@Szh8+64l8h8;1hhrN^WbP3fOfu#AX-#4}9L5xF15q^15*u700ZNcCb(OW*vy z^cGHK!_P!LEg<|P8F>BO>1&UkE zzLcbjXp@1GtzGFbN$84CF$rFFN)aH%{3IZHb3*EDiv#whHfj12r^3pJDj}aq5?(QD zW|(rS%}c#pqkd_#+WR7=m5D>myOpm!Oyon-j@UrSb5DD%s-|BGGv8dgPZV)3*zxrG z>u;Pn+skq(#DA0FxuQFH>hz(*hY`!Ph{MgKE67*ykH!MWMV?FJ)~!k8Ch1T8`1m`! zSA>ujF&ISd%m5B#h>Wn*nFue;H8Xe@!5N%qpN2yIP|z0&E@^6R6Y0UZbm~_{T${`lbpgFuGuD*y9O{JO;@JlChi3{z{{yp4obzIuKS=u3Ujl8)iQbf2F(KcQBz(FK zl@W0*q328t7)?L+BdNDO#T87Fc8|vR7MLj@A3LU{Ld{+H#e#uCCm3u9)$_Xuxe4(J`@Pxv;z#@u0+o+H_BdBLI^c05+bk4CMcUz?WzIbb4>s@vi`*8Rrq?2E zFt$=OVX@l z6gDlqszqd&XId$R!}0pN1?x&IX@yMN-+R9=y;rb6euZQ&s4N_AWR}C#OS^idX&d9d zP$My>g^jS1w5>@RRht{t{ieNEc?DsS#M)(QnoB_XJZ}UV>Khsx8u8G8MXJ561>2)m zuIO%QX~GXSMsAf6zU3vmWM)}fuL<@$lZ4dHmM|qjoK#F+1b%> z#oXK^HM0eYwa$0X57jRx0;y|kVOocr&lssk{tYek1o)wxrZh=4Dm_rDqC(vSE)*+M zwtT`IBg|5rs;W@)bi#=>_BhWZDjtMMLgt#*Og~qivUswl(PyM|-(-=JNPrfZWvf{R zVNZDSm_-u2=@&7jKZV0Fn^Xo4mtDw&E>#vH^(yDQ0-+$3y}@8WU*4NhB+}*VtRdN4Y+1=gT+-SF1*REN;Wbxt( zL9n3h!o`ps#wqiA-V-(G6=tJW`^W^LfQld2Ll6x{sHzX-r(@@!z+%#K@UHC zh%cmKHVOJ09@=j~OXJepw--Zv>Vpud00dG!M!9E3s-;8z4Sie^3jAGZf9m2Fu!<_B zKFbp(d`Q}ju@awe>g`3cU51-Z_8*U1zOtZ}BxG)U6+atPRa|ZIIl0>_ZM%`N!?gO0 z1Od2vQ|i++Zr z+R45VU_}<`JzR?uufS=6ytyXBvs?`tHYhbMjBU*3k1n}wVoaB&OVY=lmA)Ty#1Wpq zq9*J?vI;4!kQ!D9k4D9(rzZA*)P52!DVuvV*`z?xWLI28s?0JozvHZ>vy*#1al*mO zF=;X3J;+_9g;%wR@ZIjrG$L=iZL_4{lU+7t#5BtU-Cm60VW)S-5itM^mwwsxN(=`H zH^&^C06SwjT#W?X)yk&y3{RFM?X{}m+Mp^WLI6)%_RNj%NM_@RlOhCNg%thl%3@fw z$hu>PWHAeylwzDpvQjB~sYDv7IBSVz`BrRONrXoEb5VQCstKv3qi;*^dB;JTV65JiJZzk|=x{kpyMomd9-#_C9lxMCMTZOEFD;e6~sYrgCM1H^Iio)rU~bK(=JF zV4@^xuhm?Wq0i?#0=hfzxTAYz4y(O?V#40cJfgLi;h`afGPGz5Rv7j9JP$n-nVeGh zFL()xN*Nk0z-2ARAI-9wXI5X$!s1s*0T^FG2 z`p42(`68fs8L1*6KnM^5^B94OaX``OZ129s`TqCm8|qT_Pl47jW)nYR%qC%jRpOQ_ zgsWS;bn%7{eW-R5RO3_#0YZQfAOr{jLSViiP%5+3$nY?-YFV|JrINr79zEiIaZlLo z;n@_DeS~36QE#w<;YpaE6ruw=RC9Z4+jZBO7IkP`Mg&z11Om-1g{PYGjEq?7>opEH zTh+9fr5S2nHKykMjzY1uG5(; zW~5CrI-T}Ki)vP_(l_!b3V9Yd(uP7IhqDIxtMY6buTGkqf}x{^+7TeljdrZ4=KMsU zN;NkpPMxjB^;+4zOuN`+*4*f}-*Lx^66}`3gc0K(wjS^Xs75N&UtI_W1_ldSJV~ea zwNlk2a#Ij&)F?j$63NZLL-#D$v2kzo^IO!t?0ZnRRoWZ9w-+BiEIp9;G5hfTx)zI-PZOb+r{)AQ;4hkTYa9`Cb!LpAaYp0`2$Q_keW&?tKY;?b{9VvQ5yP zyYId`@nd|5bHy0DfIc4H@xw$>Gxvc9p6)@dl?xC>)nwm;oFK}jf7ijS^2lYBA=eDD zE_C}n52bR%q6(i8qAYSNQWaH_TtLz1GeY1U`IH%rRF=jiBsY*BQ49mYpwI8G*aPB0 z$g)69gAfA6MqtafWOk$GHqyrJ+wVTuJD`k;4(?lfJHEzQ80%=@2Nb=B9LVQ_m$rpuoHU)T}HBq%L~m zLyvKr?b~90EvVhDVmF-I#B>z+Af}-}!tT3e1H3hMXkIpz2#1*!`%q>s~q36wE8q*5t=mYFAr6-@of_<`@JQom_G% zHl@8AcPxl?9hXzZY_=ZU)z5lN#1LF&?*rgbqQqrW%fP8kT0o@xAC-0rlwuSqUbDaR z;QjJoIq^)}DnZg53oYu(6aVga;{ay5Ph^@=YW++QWnUW6PYR66da>(9f&2cgySE7# z?@zftN_3;E@NN(N*I)hB3m21wy!Zk?>B5I8pD9&YrT;qQQZ;4u6HjIDp~9ijEFO^? z%}`NALZAW>*m7^&j*`M{)a)jK+wczrquICn;P(5rOQ1N6i9Ecq6OaEbpXU^YKb~Ou zQp(-P_{a*YC=(^-5AtwaJH$VZKlT{6QL`;bn`E2H(N$JC!NnB+A||I|f{V#11n&hC z1G7mXHuALCWMv*FSWX)4K}JC2$w9jzdQ+*+xTlOLx$sQiD)DN|vCyJ&;=~g>Na`-b z5~ppG9-^$5P`ZB9dc_1+p_pY*fiaup^Ww90TW^wn+ndO4F82Obx~VgJ@HW?>y}!Nb zrUgGcm`scgr=Cg&q{iQ9Rj~#{ZmMFL$|z*M`2eVXIT1*6A;g(P8g3J3H%Z(EA9QYH zqyz+EW9OF6jm-17w>L&vxcx#D?5GfS_x04Q6aL`h3on5##kqJ~ijg(Ss< z)C35hT<69#Xyt02zEw&`GP}vN(0P3qa)}i0EE`0bmnNMs8mF1pJTg{xuHJsfYG-l! zO6kQlS$fC#WOf5?v-Z6kbLee2x9M;~@AKOvDpSAiU8|3#=yOtLHm5W@RC7^8VqHXDK9Jo;#i|9~gNlpoABBXt@HUNz~r zZExAOG3}siT-c^|#3IXN>?*#^E2Et3X&Kw=&bEnVQ2=cDJe+dwOWCZ&Z9QtAp@E0) zLqML`_NkZ*IRQ~1;$RD}X+}cC`JBzuw#oo|=7mmb5EEX760-qn6e&KVY!GE!ngm&5 zlBlN1Rf8$+-9`Gs{NrQCTrtg!>&PQt`RZ43{9I^QpljK)XAeK~l_V_+Q^V}p^N6V2 z2Q5pyRo@=b32)*${F_IP9C>7?th1STgV$7gOCFJp$z^!tjmdl_n8y)*<)OWjsKInRiD3jq=WNt; znj|(D+i)F|GF?|(eX?UgOsSGdPVTRYz%<-?2CtfQVyGX|QrzcQHF}i!Ouc1P98I{k zi-+Lu?(QBOg1fuByW8MS2<{MIa0~A4uEE{i9dah`-e-OLPcIg0rn_sptLo9~CL3-F zuUml?NY)8o4;qM27H?BrWqMoRcOc4>>QK*&As-eU)};W$Ar>S~OrA>jl=F%FttWc3 zbXu%dg?+~`wGYiXUo%L&(I#U7UR|gtu==>e?6(tR*wXxwxJ7`a_-0vD{63+Z$D3wH z&c~+p^vLXYGw&&r(7_PJJv`km>|;>foxu6h7g0=ndE#2_|CVFBwC=r?W4lcAD{3z5 zY(zDIBEB@++xMd<(GR#(chec|Esfr+d_z3spweMCW6ZRMF~<;nTc+qwC#{kF?{~zj z*Uh=TWi9FLlahaB)CIqEDn=vM)yh9uoKuY+9VX?yQ!t|HEneKKk#UQZ;4s?Y4C4PPi(&y78W@8_~^Lh<`)q}Was^+tQ?3+6(;2= z(0Kh{?*|4#hx?g=T6K^V|0Et-R5LM6R?xswSUGG`2|Rf2>2^6?kO4WoTQBE5t5a_O ztas@9oPHbjomu*7KJ7_Wqf!=#L74EXRpjqhM$0R_(nhI7Y~D+O8}l1OW6|O|EaRlI z^~DafTp)R~Oi3%i=E#tux77QLaXsn+8B zeDe4{#^Z~eM@G0+hW90(N9Wsn@#p8=(Z&=dVpY<5y5z?beQ1Dq94x>a&~y1mA@EHy!BGqN%~zw@ z@8h%@sQLFKFYt5y?n~OnTSV55E-H?okHo3YhRIO7>A8LdFHFp>@>~|8Etgwd;9uXr zpieS`s!guGEG@|#_B>A$uX3*Xd8fJYm2q2+?;e8A_EwHMIhGM*KUwQKix^`&&oFSj zEG{csE*sw3IQ49(*yT2_>uC53lu`nLD3_Dk_sm2@$K0b1Ry@2+#nIn(GZy$)1M6hMZ3>xLb%|J1G%&$a3A>aK#aI#Li+3BqCF z`6h}#3Bu0*^xI_}D(+>bAW~4CKnt^FoQ11_HTjE{VakcM1j0}ueNaoCvUY7Rb-SoBp97V?v zz0I#@JEFr?+Z)tZUVIM_QcL`)!2OgES|OEl!}bXvaFdT0%1V|I-lt~p^$=x}6IDwJ z-Ont3bJ)j|NEv2j{jf0UlD>c#`ZB@U@F<9GLsurBQqRjALdNJh^p!HW)STmD*{VjH zBzJ)U9Q?SuF}YmW-h+c%-ZsA$(0THLZKU~|QMbP-m>mcqy9i%naKHMkmUMmX?G(PW zr&2b0%b8#fIAu;Ed~E!;0kI9|-6~>__0hn2_5S?_#{6_?+v*m*yT*ycU3p8gh5CpK zP&j?C4vqD2G{!{a+=RH!$fNE(-E)gjHl8+c42@&GN<5wRE}GI}Yl_cHo7npFd4wT1 z21L00Nn9+ICEa&kHK*VMOq%q;ElRNjl2g?&QsM%$B{{jhHHzrUDa^Zak2alZIjose zgg#d8TWLx8M%(LTc#@BOrk>aRE&!)7u6OIM)784|P5ZWb;E?!5tfq5S2Q^*O^UwyU&@Eo#Lt?m0|Soy1wtMuPL{f zvN7H;4uSc0Jt8G3Iouoah1+hKWZ`dOq#cZKs4x%e9a`8K>w8R<#&{U~(Vt4~Lg&bO z%W0hni~6w6^jL|Hb?I)fza~~b1I}g(ORZE*(|Y7=YE{vw>EG>Tcq0_FNwHwGs@j#0 z^d%0a?AMCDh8%Lgxn>=UJtS${FDb%V?DyA-_tE>ASgI@46qdB9*+6cGU%y!bCwj{?z0T^+WcG*A8a2$1w zVS-1#f|MwZi#GS2)bp^~mm9uCd`eCsZkMu=9;@iD!`D5rgJfBSL5e;EnY!vdm-2MP z@#!C#JM8X+=)axE)?=E@zbhyer~c5CCQQuh`fEh(Sc1i5Jy29V2Z3)G|2Y+6t>Pc0 zhwc0`i%Xz`Y~QmRKZ1MSJbMR1N;SuP+DlmajL2~P9G;p_CiB~#H~!1_u=VpVd)Q+i zx}J`EG$z@+a*lKdsce?}>0%((WaU?Ria@BbGQo_&x;e0Z^e-1!p`?>yj8hJ1Epbvg z1Gtl28(*5Ynh8eDGRE=NGTG8aAH77TAV*Q6Xbg%LTx5Ba@1k{cis6~{T=+1N-ROGw(Zu>^=}0Ca^Z)ND)-2+sh2C#J3DIpd%gV6in6>Yt z^BrLJTA65zvS(WTrl7FY-@nsSkO)z3S*IK}@A)=DYSu?`!W?w&!lHms46m}lu5S1U z&rn=4F+U-BzAmgB_Yw?htbh4E=jxm5{3VgC1K;~yaj8-pqz~oY84CFufCeMg9(ikO zzg>{?R5ISjn9KTRO7}s!;DSXf{q_84OLEk~|^?mdvQ+MKjcRz6I5^#_(W0M!d#e z8*7Ha6vr}ZWdz>n=k2Noqtm8zYSjkjWzTyZRPLGkBl`rros`S+pQR3w(e{AZGH z5fO$7%l|lU{r@>{xPu4-K7cg0-+0kqVI2gC^5AsRUop+K4HJKZ1I5RArcLY^b zbGM7Ay}D|I<^hWAgbOlpa>_Hu#6*O7E-8PbO4~n{bbU2yrUad$Tx3%Mn~L$BF9%x7 z`YN|UxZU$1M0}a%mYZDUfWU)|ImLv(J3|d2b&B1zfwwCWiup^|HJ9zxR~K7+uNguw zoKxLzy3FStVblQAqZeA~*Yo~iAu3PLYhQt1AC?ECUU$Cg{U5{doyof81n}~vYK#z( zuIw(?($Y0~nLqXxLR=^(fz{x&9P??TH?h`rWhr>S{bq%k#(}S^iL=uuZIcwQ^wz44;|eNQK$nys1ux! zbN+M(Zsb*>avHur*0py}E5^T{vU{FAj|yxFzJ5->>oi!bGN~6(QvXL(I7R6Zm@sP! zEi`Y$m@FU(P;cJGq;)#6lPo@KWeZw=u0y9bBb*qj5W-G7+2Gb6Y~+mLb3mm=?z)cy zwahXVR9Uy0msoMU-#P|;=rs`gPtk(qI{REzOq_DdG3`QyChsxI(aWg|r)hX+x zg~Mxnh?`o4iCH8vMhZQkZ(DQdbjQpnwm^8!W|b9C3bQD)%=3S|jSFT-ZXtL#czOdx z4sYt@t%q?x7fWhBCTjK*HaqVIbDCv%TyG4N^Zds)J>O5es=B@33|53O&u9u56@VN^ zn1S!_D`?X{+Nhz*iNK9hRVtOsEXvCBj29J*eEdr7ENIEN2V3PL*D<~f2m64xu5{1} zY|)f9JbEd=mR)1WlsDHQSdA{OJuR6cIkNoZ0pl`GbIS*r>>hW{? zsV$(zDzCH@<6u6UI!1u9xcj4~(_=4=+vcR}BBrEh)wW@Q!8=FkIHLv+go#XB{M)7d zd$E3}13m9^p7Wb#=;d4R$v54;y{8tUkJ7XL2L{Ng5+S0E6~gD8wSf1X@47`pDL-fR zTyB0Nvou;>({I!>h@~L^Z58_9&*r_CqA21%)@D7v=M&(75_h0;F&~$97_)(_kZO=F zg@W4GDpY?!rcz?c%aXs^@E!;0>U0g8C8Q?~U;1usZT`ON%yMh%>N1qB_@K! zt6SYnWt?i$vF%kc@FC-`;K+BPm&Fpz>rI{Jj=faJ4h*3efg7&TBVf^d=m=g~jy`MR z7|;DsGeLB9+e@Kj;8pV+Akbp?igBfNw&m^XyyyKkQ%g54#VAG5$CRggyFjXM;5*UD zT!2&lN?x!<4`=l_f2BmTqbLbFgt)`;YC1Y>vNe56^+8kjx4U}Iyv^0l4*cOI#hRCu zjPCX-=t9F!P$$D}+*57RhLF~KJ?QU>7=OP&o&a&W-=kN|e+&J$cwYrK`>W!k;7 z%mTskT*|DFpJZ?0%SHN&#cppCM~c%g`e2y5uBxDYErMrpDm*Bj60Q7kZ8=-VWXRE? z5v4Ul{n^sfX&rGPW6+I{hhnN)oWp04L}`&O2@bW(2CF?7+FWQ#4K*_9(i)TDIU8HP zB!szJ59LXl;2@hbG0WwbzO?C}1MF=Mc%Ve#B0kEmqP56F>7y6@9Q7);GL)S=v22?X zF|aYbcdDdj%rVSgMZEQi>l2&EGkfOn=hxScQRj1mEn zsuu{b+kI*BDkdSM%tfKOPk&+rG355<_^*sJ#=&SNB+~PjCxbTdOc+YwN*wC6`gX46 z@-FV$JGZVp`Eu~EyQggC!uspGQ`$r;Wuc=AVqU+UUEqP2*x;fHPYB-Zg?q2lG;=s> zl9Ru6bUA^FT}%xiS(vGrCltvfvLpM*04Fn#0u$;lBB z5%Dzt=Fp!}_7|@p2Wu|c;BU+<${uf4+(eIS$t&SYnD4hJ)lH%S@7ZYS5**TR9_TSr+!Sy|DXszFPhH)LQ?v3O~J&(>^hav=Fk zyA^KH2S>5NgMjP?U_n93=3MR^v`k6gQ?p_awC(5P;Q>~Tbqq0-#x%+A`PeD zi(Z4DX$w}#6P+l~2I-jtKT>M;v+bZYBE`v$rgHF!i9K8OFlh`ZW1ws?+_;Rm7@ji@ zcabIjUKP$W=XgFTcyVz5ibep}D$K73udho#E;*26juQI2Yj{TzAVo`gl)5XlptU4t z?koOqnFNAl)Ncq9{B#5vLbRP2w1&GA-tCIxc^IwhYIteJog#;VNQUcA%tjF!Mjd6{dd_Yt+c}sW`w35AZ%R6nB@l?O*h!s zG~SMD$vTXaEloEI$Nyy2p~-sQp~7gRD|*e+c6sV)K{ODJ57?Rh%GWROY<(1z z^LPdQVe$|{J{+FkF~9z!ucf;~X)&O$cc=GBI1`wWwkKDqm?dRCa0Y|9BTnwpl(2|9 zfbea_vBg#nyN)fNRLnIoG8qV?BLC9(nBXm|+g+58e$m((<=(yne)^-k(^(_(H>_2u zM0;G;#-)en7EVsJI{VbTpo3=h>FYe-!DMClclx|o(7i;sQ^qDYgb2T=mO5O&&dD;9 zYT3u0&UF9BX;dSFXpz70JqZ#t{?mLeneCQV5sJ?|suTcqk5SO}p0BwY`7Vj<+R~e4 zL~^~Ls;HhBN`d@eNrDX&(aYc-Kv)T9{-B2o3WYRZG>C)y?#V?dARZiomk`nc-RGl# zd+Yt+?|Z`ZQC9cN%mipi`6{SARVM{`fQFIa0)IdnBZjG=3(t< zFsg1%qBt+pIP=D@_?@4Vpp!&^V!lVYz7Al#S*8DBm6X6?5fBhA0vxWUy8r$`r|z}W z8tGa_qQyF(`pBt*7@$J6fCk@qTyr#>olo+&lj;89YF|z!TE`Z%;MW?dntfk}22Y)< z&%MMzBt}NfG*}%31&=Ciu|KuyIHXfL8_t2@KZ zJL8L%*TkqV$muq87DwWlSGvBu0LJfJfk?XV$`X5gt&z3Jc_2!lUYH0Sl|VA0#KFhQ zin*7T_?l{w$GxAE>$1Sf#dMBGh=<_)rkjbUT7m_865Pn0Vgf?$dH4G6Y?o2H!;A(o z{7@b(<=!DhkA<=WW`;ddX6e+RC1l5-V;T5#h728#5W9w0s;5OuYS_A$Yq7HE2FJj=Bd1x@D>; zEYRQFny5tfZkfFpK7t{J|52Fcn138v2pWWyaYO7l6|S=_AcgXG5dY44>^kWpBlB0bM7ZVBn#dhq!S*A>j=dr*;PKr&C;#K6B zTD)r1gNd1eL!1X{y?E|0Vxvl$vicEA<$Q$~a6Y6wru+0~3eYOJc#v0~O^73k2%kau%n+ zzcD|0qI8Bw;imt@Yj-YlJSb~!dGRW&N#`YRPUab-Mg4Cxgf^wckUZqjyP@Aw*$*_Y zE>xpA!sk4Tt|M^pWPaRnja#mS>16sP2m#(bYuCKuloaQqkIqM{H^011^o{uIo~5}K zfkizj8q%&j2O8XSr^BBH-&IVwSAEr_XL5`ni(vJnU!+O1`3=#bzXG1}2OVN0g2AUT z!h3{qn54mOEGh8lUj5)No%*=30B{ls?`Au-14xEAIt;0CjZ1peOXJwL0Kd?Ck@~4s zGe<1yFThttU&ZiBK&@a$LBO56{aWf0gQ0r!VfbOQLun^Lidbro^|Z7a`h#w^y+sJ8 z6>Kcj7k`l&lC{PqpU$F)IfM|HU!TIuj?K#?3G^)L*RiEL=j0@=>Caa<&R5C-Ymw=N zW0U1@4wV!pE2tnUsK*GsY0rWo*I15d2Vlx@0aX$8hAu#U6hVw8dOUz9yKxunf^Gx# zI#x%{$V2%772)}Uv&v@_|8dXz0uVKtj~oFZV#Va9{8Eeau#<22g6_ye9#uZQ?T^C; zi>{Qa`@LWJYTrp-pK$6~4;=>r(zt~J{F<6Bv?HlF%L~*c_>P`v#q$eZvPcOhf(c_b z>>bsR2F)ciXZM8TgfPNo(4w|EU8i6al{z7g_-j@O39GH`60@hrV6N$Tq4`vGBPYHn z%#dSz0wF3fu6wwIsVNJbQb$tPSLZqFsvDS2Wm*%qbbnGulHKNv^B=?Lr6iHJVaccC z3=$gixA!1wAyzkj?`s*5)7sHI#W{_V)&d>0bk;|Gp2z1rdM3D({J=%{D{0?z*qt9; zLp!@neQ6_+^qnA5TBoi5iikTSxyX-xIzZxlUn#Hm&56g119ySCeucme5R%Dy)ETOk6tF?*uCWmQ$Dkp1<0e_?N8KB-yq1ih_hNp*nY zg^eEuTd1TGBe2XR^AvI>;v{$v;5-W@#^SEbVX}}VV5}$w*NXz<-Q#kb1G`wm0fpm# z5YPRNHQ*?|>p|gS2J}LSVK39O^l+@_c(o%Hc6P9Uf04ljb?7Pc$m_Hf0tFBJYSz1D z1gvPbxoWqfl?(@w`D+<9;2o++f8f*F)U7~n(pt56v6;LG7b@|T3PR!|K8;B82s?n} zy?Lx7!?m6VSbS4hP{L(F%HUr?C}lBB)xKGjyZG>1nIHI8sU|g4kZ!7#!X;>P5yo69 za$k3(Myyyw=S`CcWH=wPuge5ZL-FO6i0@sslo)(mNzksv1wMZ$X7AX?ai+eq{)L4_ zN9o7H8-avY93&AB#)uD+J2kDOd;k`$OGGWHjiDEt?1MnwgA9X}a6dnm^1FB^%hM0= z37Ya2dTYPHMdM~8v;D~^?X`l9@WYBJ04@~}SX7LjG*nFUTyQ1P79a^WuH|R4Qgd+N z&*Br%lJB5^Ciy9&9i8zt!c!V@WHveJm->9p*xg#O07y)vY5oKViNl1~U?t7(%L~i6 z(rhwANU|loc2gX|f|ba@l};tj%G5YWuiJCvVa^Jd)Ob~_i}7#6J=xDQwehUDE;90% zJwbBzmn8~-QXs95U5?l&C~nnuc#m=w{!glp_;^W zV?Z#k$}|uqsfPa`ZTIWe+wWF-lYiS1?kj(~i0g9X3PSNpJaEowusejL z#OKMIgii3hbz;#k1SiEJH60IM$I>|`&uR~RdHCN4qJ~?+nGCLv9H;r+M+3_S7rK4} zzoZOWigk$$k-86A_*U@j-75B@gy-zo@wVJRjFEO^$}f!pA}MJ3AO<_;l?`1nK&ynS zo3XVHyO^+JLr(~K8S=4asLP<4aUx_$K=-DRC`DSR4XoL)=>|<0HG{(EFVajy6`Jo* zeE^p)T(q6Dp-nh6WqDo^;jzH%4EeSnOCGk2wlMOkI`h!uKbZK=iO>YNRx?lK5sd`X z{QOk~dEIu*C-KiEBBto{5%T^{LkjV-I%Qj%|C;T(iAf;*3^Tm4ZQ%CM!g}JU!pf0* z1L})tW)=JUPYy|B5o|g^i5;`@MAF1u51qurr`R$ghRKDmg3P}jJ&~Z1Nj+`pOi5)_ z7Tq%lkrff~ljTTQAMnE%(s_yqi1{P)5aCm*rNJ$Mo!Mg z$w|hzIC+f<5M{QipkUU)vNG}^pF317vmg_%q<8oFT6)D+Ta-TUPt49wD6smkFnt#I z%~0wR+D5wh5#>?lKaC8Sed1hCyV!Fty>Vq(-iwjK+O{&=d_^J8fK;LzDyRGe9EJ@oqmQd-ro8GVFgKh5@`!9bCe9`sybc4<%Y)XS0|A|Y^o z4miw|0Gi|w5!Wv^_P=N;VPQ~&aAYt{GFBm3BJxWCOG-fC{`XH3m4H`2K`Sd^XC0kY zEi;@Z`e@7VLR|ag+!-1e`1&f=&3n6$VE8dB zy>(M7uzslJv^IAU4XW%2`zYK&9i_SbekSij@$ef#;eMxP3fOpe;Zpp92C*0k_LnzV zXL%?%L$ZR*MKvxBYE;h!supofr`gSJB8LMF;$GfcPK9E`gNIosRzOxF{JMw>qG8hqad%CpR|;T6wyjGjjQAiiZam9Loje*CBzJd_}?mNpZ19Y zrqqaJx>;1A%0BeI=QsI(j6}+Qt)~Y@eehexbM+kcSdp1 zqKUc6f(Fm^l&pi+5SE&NDL=+~Mi5M)Vqsk zR~t%=XLk=Nk+SBE-8gi07Lp(c^_FJLopnN{@}WGb3PDH_)g<{Lb{r&rkNd!Ps%|r* z>T#oJr6VKFmxhSMtcRHD3JyOhBGAZ{$b*j0YiEaD!lF2weUe6DD>|W99V-?c>Ujw~ z&Z!6Af(zL1@9#OdkCyW>!)t;BCa*?WbVa8dWz-VV<`H7I>5hh|5hpMIh zXk|E3S2Tp&E;;vq{$BYp!)7pnbyq}xTAM`yHSNCivQZs04S$zBY7-45FgYo^qr`ua zS*uO>JOmRG(6YC^cKUeDIK~UhikcAk5!DCa}fd)tPu(qZN{hxGY6}Hj-_Ll%cy*qJU|B(6smJZjl3;2Iz_u~1yu$amk|>XoS&WH zYn12`rpG!ZWF64z@DxbQ+O4Dl9k$ae(p-Mx z6WwcYuX_F}8wJ!vli^uKtk^xq<~A%e^cz4N;peSkikq1PE?d>Tc8V!Ts`~50=U(Qs z@ymux*)%~zbhWiv5IiT&EiA+<4ez02zl-EpX4+p{>vv47%usxPpHDMzU1%zcK;MIb z*Z~+Ds{U#3!Eym`z~_m1vtv0cD(FM-kcLbMeb<1=ZT!a1FSsByx23Y?;C&cnnH*3@42hNvX$g0oN*w29Wo3sbp-fOtcQh!+PzkTs$GOa&3sk(E2V`jB9dW-qu-+ z3{ZFk6RDLEt7O!yam_aSk*}ky%KrCi{y3}nFF;utzhN~oMHH09m zH@^w|*^hc~TJ(FVcwB?|S}ZOe$K^Am_WUX5I!)}~fq4(v590iyVCik~$b^9xa{y^; zmEgW9l8P%isjm*@i1NN4;8#C~a^2yZtgzE<&_M5xG^*0bdkW3JS)|lfQ+u%*iTF1dGl*kxGY>Di(IuY_LYFe_Xqi{kx7KBue;P`0kty8jO z0c_z+V%bH)v0y5&;6%gp2{v0UT;)B!P<3v8Ey{NB9RhCbF*UDUxP0-3>dp)YHcdHH z^ncBfH@bfLVI9Rt*@Rf$y8ijOW3*PjMrVWWHRprp4wF^f<+xjfq}%NlSyr-)oH3k; z^h(9vlq5aU+(Q5;fbG|C&Jp|tpXZUo$8!Tx93}tQ{1j7-cvS3oJzU7Dk?%N!QyexW z7M(Z$d5@K21`d+HKGxt2w(?}wJsUjKo~ry*WKYdOf^3Q$;E!I-oZI z-A8ZRQaw^DNLelk{Wxt5Y-Ep`FcHE)SnBGtj+H|O+v{71C3uIvB;~CEwLDZfT(cx2 zi%u^60(Vm#y;K~h_#y;6uJ zbn*g-!r)0}`Uak-zh?>!~|j-Lo&9LRze${c@gQ>dXGg5sl`2KS;q-~2w|#1(Ept6U&G)Fd;&w=t>OJN! zdL;l&3E5Xe@&)q`*L9ADvfX=>6shKdr*b9_N_N*V@`~KlAna4xQi%dfR!o}Tc+Gpz zteRJC#BF7a55~FCsg0HZ3eJt!FaoOA$Z;@SH|oOz9KlLpc;1(+9k|Sfpjs5Z?3Hwi z!hX}(S1}SlO=jPtRcOtW!1({tJ^SKDsiTuJw;(|xaXdPd)>$wW)ba_eR=_c*{CIG{ zA0W@HG`BLz1dxUn9*z0nx+Vi8Wv;Y~g1P z%RmQU8F;-ktKMJ+QnSPg1Xb2Bn4^8+tjpag@(<2(SVOwgU=$iehkP^o~Q&R z(s4C`&7KSpicWRbJj-+0MoVGLhJl1k);3Ms4)H^^lW%_u?kujBm)3x1#UrS^Wc-1X zUoUUPF{p1Sk|aLSs;cTm-!`DTH`kO}oO4%#4IRQ2=3n^0m^NxX*%H$-ZJi}xe!ZAm zC!9GqJ^fmE9xS@>fwc;eB>k6fLA$lKBJvxkKS#)qEIb(riIr6_t=d2rL#=m}#A1dC1ETN(X0!#e(I;R{Y_fs=c>zqBWUg~;#X(h+oit(HJ zW4wU^8WO%qy&b=t<#qj^(gP8C1Gd9VkItZ++ob=Wc(`r=;*k(+cfAbqm_ zSmkl0zx(*Ze##D|Txf1A+;u&!Ql_x7gUVA#pnj9)|G+OALyeH?R;nfmFiWKydXU}+ z;?Nvk7NU(H7ICbd;_)p>lFc3Ww4PXBHH;G@Ny<^31EVdiM+9&U`j3#~;#-*>^VzTR^~ebl*JMh;lBLpRT}x?0;!uq8QO1zh-U{5xw+;q zC2Uh$E9MAC7Q_l~rgLPc+ioTai^EcwbiBIB^G#-PA(7|FQnCe`LYJZ%oVR zL&hwBYu}fU+I5XX$l2iLb?YmIUtG|!wf&(oW>TM#KQ01>Pl-j?1QAA_XvA{<6ahls z?n@=EI#rdLj82S6PH;h=KG*4k~*Hd7y+BJD7+ zPQJ6faD8$z%U(U}8ZhmJC7hq_#KGjez+CNkR;S^o5_Vh35ckhqb4B=XdWiftJ?Jym zOHsjQZ(1e&=KGcR(S)(WoO+Cm6o#pEI|mIc>og6IGjA)I|L2P^fE7w^?>C_-+;wZR zP~m?SBXW5anLG^mG8K$Ox@z>CO{*py+sy4J)pR>3HRBd#`v3f* zd>#z?2AI)LFWD)^A4 z5nI-8$@n=M=|PPciNb(DBOAYom4;HV05M_p^Rb^sp~CK@EaUr!Q=s#Kg0Rm&NnO}Y zVL9EwTvX?O{Gib#Z*^8g;K}g_8I9%t3JXljY*U`UR#%E*p086{||ON^tV$z4w6 zo(eQuh!~yeD^%>1q>(FKP{U+$cV^z9-8}Z+` znI))Cw(-6(o%KJCn$5b3u@CsSclDoZh$%e8T&mQQ~)kiY<q~Ca`iA zv@AU$a5%jmTK~Qrptlow-(s?Kx9G@*!&6+PbTu`*m}}kLXyRgQ-T-K;N!wp;o2w0I zq(PGKjnZNRbeL`B`4!o@DabCTqnyYo(VlBIDQp9>bSg0e|1;{y@jajn!BvMM*=A+ql1HKh@gy9O6--@fgA z>a6D8Xb-1;SHN?fk+I#+HHo6Q$6WjOjm*h2bH?G}jehsHrD;a(VUIf@VqT~6I!nX_ zou*f++t!SoXeC!sBO(%z$lu!qy^qiD>0}q#gAOzrQD=q7XqAHPbrsbROPj1Ut^2fJ z81;>tKxE&fSn|U*z9jGu@`+dlY{V97O5H+j>?jaa{o8CUJ{(bT0mfDDZtb_&Y>>X! z;13jXg*Z?giE+BQo(z%_*|D;$F&$$F8!5iEM_zUNw!C~)sVLhR3=hSZBOM{23q9ow z8$k`Qr_3&Dv`LaLPNQMLFCeJawXP!W5baV7!Xv`P@_sABa7j{~S*cdKW^d=%w`kfK z;ScB)R=-S^ViV10LrK?n5wj>8Yk`x31FcE_yKvK>L4eE%q#q!8R?x+LXtiAT@OUlR zu-Wf*nWQcM-YL=STbY5I-_k*;88|7MgT6Qt+H-E>05T7c#y}hj0s_|u6`oeys|rUu z6WaPC$*+=q)n(ScjKBK!HT9s>0)mw7|E+)t|5m_gSFt|_9l|7NUuB(c!=^9adG3A0 zXtW}2*}yrOyO24gMe}1}<>C_}3u8@X_FYvK8mt-q&#m%;rmYMTDoW-76Q{roQD{82mk_iY4{55Gi33jwL3-eRxCKN=Yv6; zsB{LVvgH!6YP=BM=gDv|kTqSmb7iX38%&z6vaYJK=<%tk7WJbX94tYEn$(K9Jnpvx zpPGiw?TI&h3Ay81t=k72|7w(T|Ep2f>zoK(r&y`~jo^M9_s3t*(BB_27*CfWbqHv2 z%smJ$d01~b74!iG0XWbfuhKaCZ9ZOLJW1I?5vTwD04PX08Xnm3D2m1AJ~ft*yn4Dh`A&v6`+|Hk|3;F!=Crm|^On_BPF9L>PI2`l96_`kHpT z;mPym-z3g%xom4@(Gs?49jc!Tu9xYyqNYb|4>HH~+u!Fo2nBcfzmyw=mXVUO)S#5w zT471@TFUPOv#sW}>Z5}!6w#hrSw$XTI%i9{@j@jL`6H2uc$74CEjjR}^S*6$8TIys z#fTQLxa!P%NvSMfWu#jSHzYLP>Ye+)56<%-J-C|9Oz*!8=lQu_QC_`3rXlt3b8_52 z14I&rK9kBZ5tR_Cf$P*GDyNQS%n5}Orp>K^SH3egSkrPjm?(Ilz2=yj>P~cQMFaG7O~rLk}gXNT8Je4q)$cMz~xa>t?30X z`}v>zc-Q6s#~22=UzYkxf}nil>G82}3!BzUBDsj{EA%>mv(NYOTstNsjH(}Ag&w_i zHc~g<2DHV6m{uE%i8*ZgedPZ+t6MoQFj8_9h690=5fz<(!AFGDO6xm6r0V^g`aCix z;l9HyT`@HJ393r9gR)3l$MMmqwsROo<`5!^5|LcE< z)8rBmi(JYP9LQx$XJ+l{{gXQX-@TMwAYj&{CQ;n2OK-5}_o78*RF2B>m)wd3?N5F< z^31KHQrl@wBnUdgfl@)xPFD0?cy>K#Jrd4`7KFCOfW9dl|2>A{w6G9G&fF@G^@Rf$ zkI=Q>_|PEfq^AV$Eo0DTCx6T6_daxDshlt-7#`=pj$|3JAP-sf)#xAmyePt_GXGy) zUmX@z_l3(09YdFNNlM4i3`nCr`3NB2<_*gf1^Amw3v{39?l`dtfXbxdWiB%j=sl%< zm5qc{`4DCf;b^YC?9@|njB-DMqU$?U8{K=9S#pOEGXEk3J|ef2D(CC$Kd2+$24jM& zjlNN5mNZ$E;orK_z|3JV+Jq=W%$|TBoV$QNj+EVB7KOV%NbYQ9EF*kE z77Y}959Vo7ot(d8H(|&!o;P7CrZL9P;btt0-Q_f@S&-0zuJp=(bZIC29r+(d{3yFg z%(TFbOhdpSheD)VNri%#*WSiwsCVg0YU^z7a7$!Sy0=+pLXbLG6p~_{gVnB-bxieQ) zvxC>0vY=VEDK$_&$qbWViw-D9^G`Pnpd2*MA4KOI_;Yn!>M_94{THGEUqC@Cm?ZQe z_;ouc3D_scZ&0jm!KInwlxl-m~QZD0zbMH$ZfNpZ;bHh3Hxh-q4=h7m;*}@5LT+5+V19&P1o4s@F?!p2T7 zY6cEnmO0_$4v{bmK(E|wx{X|~r9k6qv(o7|Zx`gHj}F6EqmKkFFkYhH!PR&QpWxSX z$6h;vGLle=%|iD3J`-GE9vNwCWO%4v%#apMW2)1D?o!XrFz1T3x+GMj7KZ^ULSKmW zR{}1mf*X=3`BWw^IO0k*0GawTh9C;eY1h%v-4QN8`#sM! z%9@5SVc%NWLXqb0`%3_6^rFv%srFU~-jnQykE%U+i_8F(3+A|9zuc#>q*XT2clmKZ>S>yMB@W zu%Lui=o^utYIzX<(~E0Ap(@YPE=}M2iC02EGZZMP5n{p9r_MGutQukFb18bOR(w65 zAZTD!Yi-8~cmOxWWG*1cdxGGZh8+dAlT|@=>lL7G4O_VBN^fZ}JT_?2Zs>b)JB}8A zuE5`e6`qWAC#ys$DOOo%a;#jG3j&%1_-Ft4$sN3E|JP~}17CT1T2ZD4-#0!yW(Puz*3_h>GZ6iq3|2Fd499+9K3@{q@sJ2%pIt5!r0*)3AyYzor6!R}E} z7WX~8TSJUscKQ5jNvORZSEYHm;^oWmAkxV=9>rjHI^xnXOLOVp%G$B=%SEc>a%Yt3 zy?ZNmGamOZh*9L=20JHQ>Yl_18=W-#bX^pn07<%Qr0+`5%b*V~DLU$b>HTF)R6#tX z+uHPCmW)!Yh-5?HLF_eF$gj?%l$Fc<;yw3k4;S1f2pxSewPvaho0uaDew2`bgU!wD zj_#0&c`yD$vUkk^Q@~jCuxb#)atTp)>CmuUI_OsX#e}B4{1WZ6Py&^N&t~(I%N>>f z=tKzr{#4%d8(CZDlCIJa5Ocs*|0_Q^<&e4{SL^3-wu*qDrGvm$iwN1a!(1$SO%jaV z1;i!+_C=x(mrNd^{QJqm*Gz&Ce*g1&)IN4|S7E9wA*W8i`O=eQL!j!Y{dWN^co^luyy1?oCHr}QtPW_cGak13pW4ngceRhOghThCh-&A&?hg^=O zbgvE1s8D`Wn(&U2K5*dQ}pM4!7c? zxOj$eVcK?UJ3Ks`;S^3;J@yjK`BQbvdMdlGRZvhc^zq|>yy>Z)0-D+vK%ET(ZDif| zpZTq?(a|R0{E{IiyXK~*&m0|jh(!ao2VcdIDU1x`yMWiWTZmI1m$Uh3Cq&}T;@_Aa zo=QzG%9Yc}zr2{CpGC2F*6v~J;jwV~-6CI7602RVs$xuOA!3<~+azpNP&_5Ip16W; zY~t9v;4xM6fj_&c_#`Ak4n` z6Jmw;e)&hM+lwIYuCA`}H{2r%)YQ}f0Zl$CP~>a|hpnrG3lzB!ed1IC&J2>mv?4t7 zP}68>X@Lp~dU8F(k_P45uV&v;mX97|mXYm=G5Ottu!G?WCu6y@@&H*mjNytUWgb0y1 zxlC#u55Ma3p1e`DsVX2W?skp9s9j&EA4E2xXYfV~Jv3v4V$qCwzcLASCSTey?Ic_6 zOk=nu-hYyMJEVWULA&h?*6Y)G;2tmc>Aq}_=;>btO2Mr_jxu7k| z3d762!s1cXuDPFqxd}RkHG75fr3oBe-+&@|Cua9&Ek;ayj|I<=FJH5hv*xAeljBlh z`%usmUJ7VNu&HTcF1$Z>E8r*_2oBFDo5|Rc@PQ3{%%u3{u9lo%ApM9zKxZ%HdwM^h z?E4mzEfoprY9^GW4sjbJE2#r3l>j|BBy;yxG7J-1c95)Iz!4SV)sy2ZfzseUj5FnjN%@%ew*VVvlViRdu;dtEA z(k$)Bh@)YtB6sp)f>7NT^&;9BZxW#)IE%V zfVFIIcxItJ-&zhgkJ9TWG-LB6@{Jn46#ltzStuiZIGQ9OuPBxGHOVP0CrTelYh?CM_&do)L~Gzgk{t=sp~#G* z#NY`)y2^ zw(U@b4zS2MR%cyvgJoi4fge*A{T8^y0PzXl9b^{PjZ#A7JJdg5mBbpmB zU3yQ*N^E+qOIFEaX`~<|(gvlp<0^0_LkMmeHE$FGBb+{kave*QJYDB(6Ftr~9hpvO z7T-I5obIKx&E=CH)Ey-ljN;p|T(J?|DpejN&V?%)88RF>w}<>z^q9+LP+Gqq;uq}i`PxQD_=UV_?6 zDo$pL;D@3Iperu}3a?JcdCZ8PZRR~YZ z0#pDai!8Uo0Re+qVnl!*>AGvrRd1Rr5L&9(w^T-_J){TpyqOcD=56(+JEcbETDA;b z*|gfBgH@iXQ>uA&=u+=gVG{56g{DA{ez9X*oP>ViPqfq#Z0tOueI^R>Yr+ZqDdqep zAPy}YHHJ&qPrXp?)`RbwQ~L=yUbkNLoNlP#nc zpDCgiQ(PuBVfR>*;uh2sT*i)2OW$T8l%5a`>jF}=hAUjsMG(Y``*6~N(t>;J!^!}* z^>=bHx?KvqS$bpQ^LbIvRKjHwNql$nNd#v~3@Im}6dN|)wnB6k0~d{_t{qB~y;E|E z>d?WsDwECv^gZ0|)yhP%k)6t&h0yBo2TIEemab7uTPwOv+S&cg%mflxz z?j7M&xtQx-t4)6~?03|5$Oz*=!prOv@-wRmo9^YG7Dsl3n0uRBge{lQOAetC#C?gv z&!3seGDz1tBIhLp+$xm1RTwBur>_Zj-Cz}w%);53X5K~ zK7D!|odiEU^twNLx2*wFL8#-e;yqHj&2=(^b z(N*}VOR_T>w>mGxwv7j-vJxoES0YT)wDDBpTSr`fv4JS-pP551~N zv*jx+t;3HI4cRE~Nhv`CgCy{1B|A-ZO#*K`L8y}bw;>^dN~i)FtFnq1zIk9dkOUbT z<5BDiP)oU&J5d|P;Xr362Z#f|Ea0vwCM1*7Epm94v!yTV1jnEg%lk2z-emiG9TWy zt%xR{tHX?lRQ#LgcxCdLxTJPkrE$N;|A7ZELi}0h);Fk9$uNrRB@?PKZQk_3Ak;oV00TJFS9pX zOdk-VR7(3O{@7)#Wy(H$#U*h3M)?3PUDj)>sYz=~CTG=$HprQe)2L1j#!TlyMZAMs zT{eY+iBJe-*WbP;z)TM6sxfGkcQHR|9EfIQ)0b0H?8gUJU~EFkyOr%2;*B7MJ(0Vv z23SpH%d=6C0wvF;-)F3!-7IGj#Qw&JA`aF>zu7Vc>M357uQQ0^0_xZpjK;UDULD9C zc`)N-VXRw}P>^pgCr}k}@Cy;@w4CrSy-kh4p|1=$0^4M{4VR-PY`3a{Gv$G(m2sxg z1q!y{M)gCDvEnN1Uw9xw?Q>A>NIdmpJm>CzN_%O?#Af+#QH*qtlx2{31tcZh_i*gk zwJJDWHHY&f*NGp5mD|nhCwl|PaZ@yvywm&?GuZ45@y~@}0FPy5R362sP6AES3tc3N zS8*Xv_qmNnon&;wKm;Srhh80N{6FAZ9dsd)aQ5;b=2lmFor>$KCn8ef#FG%&MSU!N zx>?y5lb%qMjw^P~V}HrtZ869g+NXFrGpBN#$z&z*Lk@1sjw)gwYo4k+5iM5#H&r6o z!S5lJ|DJ5|v?I+qgX&Tz$K<S}zS zi@uReG`k-RaE2fSo6=y@W(g_2b0{qr;h98epS9~PhB+IhN%C~fiAN!rPV6RmFk;R{ zkDbb2?2($kT`I3>_7(5m7WJI=oUjS_JJ3J$L1n6^Z2@pw@BzL9 z0*qbLNW^Z!gXVjUb@%)GARv1IAPi`ou)(-*2(-`l19;Ks-L$)_;^hBxYW{y3rp6); z7@k|qSYfGtc?@DBBnjN^rK}N~o@J-v3-eP{u5MQ9n;)Zf{fLz-1z-5<)d0>vAcIjG zgN-2&dgqG;O3sv@Io&bWE}FlhkevniNc@E@ze5(sKGs)GY}I8^ZP zg94a8nQ33(!qj4*67Z<)?Hxgq=C}Gw`o6s${`HfL6U-RuRJ+*Lx*j6s@a}9ha>UW? zk&AaiSHRZb?xo_!=t`fh|6_kg?;p(rH`eGQT#-_7x7|Bk5ys5xJl{;94f{V5S3fK} z47C+sC!=&tofi;Dh(hD9a(#}omu5|3cB$42+-tKb+IoFxQdUVtGy1m9hhjcrIjSB1 zl^{1d9=D^k0c-9kK1YKE2X0LB_SqfsQjeQySsQULQ}HivVoQ`i+eH4znHmlEGGfKI z^^pC3b^ZF0o0o8L#q;UU1)!1SZ@w)xhz6gr*SX=J*4@#|zQpDn2YL_8wKVzQ<%$Om z34S?2AZBT5p1G>|^3U-Z96`B+e5OBN!}+$393Q{6f5Us5SfZ+`N}lxa{iq3!kN*Qf zXhzuA2XFY|rsm}4&g|=iIQ1t;`1{;Pu7{aaEJBqsvnh6PY(KIH3N4hkXGnTE%#D-C zWRWWF$LEZfL%!nCe!=^=n_E)9J|U>mBDBDN@BRscIiZN}Z+L%l$oHT3tafl{QO)x& zT1x3K=oajynUJS8{FIf%yAcf6kt$QRU?vH(Oj(bj7^w+R_oqt+-kC25gxDTR%_`H+}EIKK)R zPy0X>Y6NrRN_*!GBb`!QPPXEw{Gfl3l{o+I9^jq?9eVcYv=omMV$nZuZ2bA&{_P54 zOc0vu?%YYp;hb&Zr?78Twl3_Y>PM%}tgD-z#IOMrak*`Upo*^qHphiFj{A| zBKS0i3RActpkROjb%cw??V4LsZ0|MG&%*J`=Q&pu8*ysNQzWNG3v@3{1L>Jo3sC&{ zi5Op8{35G}-G#ep{vduVHou$^WdeIX@GQZ%EB55aO>)V*#rOI#OSH+=--cC-2hFV< zMu`*?f=aBkS$>M|E#c(g|1DV={9Xo0nK+NK=Sj^|%1AX~Vk}fJs8dEc^z>H+J?3@x zm)f2HtDIfhcAmyL5APrcm2Y|Z60sA#?})r4*DeHZI}rJ;CGSS$&N_97>tNU(EkYe*q0P~X)2JHU z>@6W}gnW^!Wco|8jy`KGn*ekYJ^|5ZE+8tri&+70Z%tba@ASg;?Ygn)byjXViR;X_ z<1HrZB3Hu~(^7#UYrV)$3F_r0kFJj2Mb^ZBzIvkJOhq}g@5wotuh9N({B7G_<|3!) zZw%s}AFhSO)VXX1!c!}flA`ri&14=fMvmIoe$U0eyv`zBis^}y4!1ko&Qj>UisAqL z;bMtmt5M zu~qhMHx?!plpait9MQTLr`_|Std>5zBQC1BHYjog@m~VYn$&cD)uF$0-rS4<0;vSM zqo-WKj2g29><`+a@bKS1bh-513%su%+qgYit1~yVyMN6uh?2!&D>iu%^+{l3B`P*K?**>In{ z;v7!Gp2M43^mI0A7=09nb7;C?5Wqv8G|{|dvdZV!WbD#6-g?XJRPVr@QU1ybb!p8N zNc-~jX+Vw}x0>c~cF>1oE6Xq9)GQB?{cO(_`c}nXs{;k@vDTND7pE#Ax@&yotyR`;oaNS8QVPZ z^RMSo*PryhKjKU10ewtH-nO-$nKwsgxrb}H^n-5>Tj>{3!IPHU?yE^SuZl3SQ zYvf<#mZHc#d0?IG$_hKbD%;wcGr{cF3Bp1C{k^7ng|@?bI=312)ABhtbJ3G&suvai zVVuS|Bz~z^HEViKc5l$|E+Cq*D<1r14-~#1qCT}fyzG8sBFeb9^tfYZ((EZ#MAnjN zcQ2nO+N7!c&vqxxygJX7G>$L7LY+G==Tw|=3#TV_3tHJ~rqz@@IfstLe{*QJ+!86o(bH7Nx@Xe%`anJ|?&^*vPN;b7DcIAGMG0ISygaT*E!ypWVUOHQ8 z9kHXQPlzNoH3TeI-)#QTdRS{p2adWRhTrB7MEiNg`5S93|*%DGaB zKHhKkH=+&yThK6A6alNJOQ+puslasL{L}x75@D`aw2P}ox0+uHmd1NX{(YS9q@R#c zv&*BnHF+P;{UPf4xT(+oW-?)b60Jf|+0ychEPX=j9}D?^)e%N8AKjl`_Cc9#cpQ?0 zihO{dLl+49|G}$w>ARZ7(VAUdwrD0R^d$;@_MAgzGZ6!*pQxASe6JQTQ64{4*+c9s z@)IPd-t7&5TayXuC<^>pUEdv7=8LtvbfwAJPdt%bRydEY3#4G=7g|`vO;F!G^gRib z6q5YpVZ#*WP7BGT|Euz&@by2~q^Q!o@1=Xtg>BdTnHZ)1`Dbm0;mG&Ygwty!%_;PvicDc*@oPn>PFg=lh zWOuLY#aeT9mC8>4w1#03nnF=bvb=Z&#h(QNTxX~tpCdcJBa?OyObW_GN*>DBqyfht zo39`c56AyP$9HP11j8HQG;HfKSglHYSgQOcdGN1@-)&TQ5Ux5u!cm_18#?GN?d`AC z5(c|s==BR}GpfrM_UWuyA4}Z*_n$j6FA|~={Y@UPln7^Hq-M>7?SK7xsbF-(SYxYg z1@DqX;!RG!|J?6I*!&wE2gcyRBY>TW3_W`I69G%ux%j6p&5x#ETKj)f3a*q#@*P5L zi&`mZosQ$tY$GM5tbzgRjzI)@(&qe~ogFyBS1APJFPx)k{Aytifbe+^Pe06K8! zb%0q}W~KJwZ(wnCth)s8i|_{X2)j&F3@as1{O@jfXz_!%(2O6Fa% z0VH3o8ZscBBt;!_1H}^7z^JYayu>IGw2(eDEQEOAhb*}Ae<)$}L3f5e1LW1$%wCJu zh`4K9qQaoHT)gzsftXmx!>h2@&|$p2=LNC}d+6Rv&E z{TU-(xQzIpX{jHh3dC?m{&XG3xPE6H0rnQzMPpqn5L|=16M{={cV}=27TjHeI|Lit-66QUOmKGy?!i5G-uL^?z30#U z(a${Hy=QmT-d(j;Nk^(ENuwbXAwxkyp~=cfs6jzN|9~8*hyciyI3;i%asq4lMez$1RDC?ks|g(B9LZ5e*98g+ec+!1dc>j3912SAo2!KQB+* zk(AnRe{T+ceZ0B8?n(n^vP^X1PbJwU$$mYM|LR17@rVC2{9xQ5rKs4M3;=7*i3Dsa z${ZINd(Im-^tC$hydE1S2{U3N5Ho3+T1!^@!KSC*|FT+2ynhud~B=9sIYv7tl>#BVWM6p2l%GztcjAXu+2bC`|95sJ^w zDT@=`+!826Kv4!F4w66*vm>v?5TfkC;J`}2y22L0&cnjOeS$NGOU6YG<#cv-=C#|O z(yy!B?c#CQs@=L@ThQMc3_&CZMD!w3LjCtIgJUT4(d8X9Yg!|3__VK7goJ<5#dsy6t<$)_(@~ zVk6RnQ@B}}{todNl*qE3J#D(&1+>)r`7fOFD7kiT?XGQ|t@(Gl81A1tbk4uO9iEiD zo0iI}>YzgO!wf>i3_QmKAC6D@m~>>`PET$A?QdMdJMS^rIH|Nb_I?mMT(ji&cX^(? zxXDiWWst(s-FdS1_czEkURe8FiYWEVzsmrCZL)H@xao0Lh!@iTLpRm()_HMH97|f8 z+jDb5*J4=Jm1E?@*K&4!gRpAE=ZC_%Q@IP%((}0flP-7TH$5f_WM7~tF`)rbQzv++(VB1Say*0g zg@Y?O@A}gsB4oqHepsqs%C?nm(DX$i0p=+zDuJu8751ImNGHYhEKVoTxpSv=YiD#BH{s&XqbFkn+iWGU{yq6zyjo z^%$EkQujF62k+g2?^5Hhq26qkL*X!ZS5ZB!#>?9s3lYrd8)>9$(46seKO!cDGY+@@ zpVwR>EN~derIox~+Cwk=Vm$Pd?)~OuU?Gic+3630L)PCBqwH+GRdD*L<;Nz!zbVT8 zSI47>ai8_ye;8o^+htcPHjP!ncr5LcBMd5z2N*w)!YX>sb@HEIOFzsGonBFws$w& z^QK6J^J2fSFXESP=i7(JRR04%8~UJq<_g6nsLJA$mc?_YTz4V|Y>4{z>!L@PSPKTr z^HB0oWloMJuT$TR@~^VjB9Zxke3JL9_B}~jXx713S(KcQLXF10n_T43QHr`vQ4{8- zJIa`d7n|WcV)>b9+iyaAen=f**DBfbdY$8WsPn-jHI2*ke?D5WerJ5um)v<0`JHi9 z@+E>^7u@m@cLU%p;H=bqcY&ynJHKUONA)ZWQ;(qt@f-LBvp z^1%${UGea={4Ls6WU9x;&w@W__um6WqWDkF6@{`X=r$0&``HY0Y-2tX@~^=P&zyfR zBG4cd{Ck0Lh%kTekQ;Pe70Dnk{NaXfFW_pdm%Lg&(#`n@phps7;IVDAY=#y;{9C_0^mKXs#t4{uG};n; zF!J}RsM$zr1N2S38=o@J!-xKT`bmtz>@y;F_UM~Fm4BZBr)N@Zf95NFh{u{vw|(ujw3{t^((h?JetyKLg|^#hd3x+3j^BJydlRZW z^?#hej`2LWux_{1JnuR^-C?4K8fp-+e>rtKkDuJKqH#aV!ZsKF$od)I^Ec%m;m!0y zUvBrM{qE`W_(PmIh#KyFL*2@OZLAku^SC!F+-bR>2XOid(>qm1khkO6fH_`(MEWUg z#HUT}@uWKz&B*`vkJu4`zn)LJ#31EE zl2WjyIqMC-!twjTlFO*J*&$y1<_t3U?j?&-&tiLBskMxj=@!2d%?*SP6#ZYSj>^q*0Ke%6$AnGsfwPDCf^D*x&~ zAAy5dz$`Yz1ct$e_PO0%WxlVI`ov1>@9PI<572g9Ixre{Q?#pyPC_b$8ReY}I zbgaQ)J!%{(LH7KLuu%d7~D`bW=Bz83s@4lgc8 zll*=n4}1jD+&=wjl=n^GM>6cswY<{s>wLE9!5?$Ph!#t@5gX=0+$bI-_{@QbMHGNl zGVk=*`{O^lOg)dlwUV$n7CMKwTsyi;eNC5-DhpE>>o0Pb z+vh`cmUt_pzRvKV-t+Klvh1Sbk&*)uKC>}(E~c^F=UA$}N(Sk&TGtm3uGDEp7)$w` z0)S3=trG^*ls?u??kFoADgZ3gA;n{}@#HuzNO^Pq^|>k`QctX4C=*RZDxkXQZeC%$ zE?j2Fh#NiO4Vx=1@{N-oW-EyoOV~zMN^=@+k$=ULW4hh%fU`LB?N^T}B4#j|V23!} zx)bmpgb9Nn44giQWX|KD%kS^%y|%Jj@@IF}*Q?nr2a!JrmFSxfuOkWXS3}}k0dMAg zm$kjx`tcsVZklTk2VK@|n5kLj0;)l_c;Z8UM{CIUB!$0QvZ>%R`*2iqdft<^>VQ|E zYrMow-?4S~$%ACgBC7@~nSeco)dMXmp?h23@?xWw4NC|*Jh>3 zGFi=Oa?{Q&3XuOb{zUPm_VFHklpG0={~;zvr=4k}dN z73x{dJTQX>sq#4R!8|Xw%gMf}-8_dWB22v3g+>NOfBLFhrq)-y;)+_7wivws9*F#H zc$1gMcpEtTRaI07o@csRPWFmd$m*ze3Y2JI1jH-yi7mAq6dMNAOGorZkmprTi}3SJ z(F$=gJkVhuyuP&RV#H?m&3ZH%Jzw`@{Pl5~IMg!ye*1*WVq|#L_t2=-=%drnij+!Fr^-^t?XztV}eSgj%R5u||uUT~jA-@zGx?)Z*4hzl_?#0j0Ea5^v{ zxBX&#PR4T~-GDqsEC}7rj{3LuztmqM5W2u0QyW5>bJA5Z#bbazU^hrxmEpOgMD z{Y%;@MIp{Tk02A)iBi_gGAz*w*QfrG1;VGu0a)aa_3_mF4>`Yr1&jhmmmt$_3&AF| zb@F`8X{9MhiVy{2sXVwSPDI&q(Ubg3k_jmDIJDDx@Uj1$Bu7+qP5e@7L&=;+qW3#u z-bOoUW0Mh^%*CtN!K&PlkYQe30_uFROQ?v}rR`EARRV&bY?OiE;;M_C^U3IgX#Udb z4N8|C7bJ+dS7ZPp7dQ6@Q&U7&a-4`j1S}b*j_l`UkzNop;fk)VjDCdZEn?BaUL+Z7 zGA0M$?;}P$g-d>8Bt#oBapMDXb5@LDIIOMmI!ej}B1GRiCK2?dLz|WQd0!RnFVTM}lwzes6DUU%78lRUKp%G6I!C_61fpK7yZM^q~l{JzObXYbxcfbLbCl9_}#UceW-kRu>8z7qdGB2uMl- zR{59vTczNliRHO%C{J`p-0l&c7vgxs;p6xP@YuJp?Vrr+V`Z*9!gzK!kru6H-$A_RhWr%B>3WD8vq44@Y%Z3 z>(tWOq$mV>NG+YjG}tP%fY;yEDR1Obd3Cw$+Ol@!XVy%U(MO6x%qDE)I|_sxY> z_AGN0>=&Z>aJhzLjwC(u##C>+j6Ir!7b_nK}!orxYoU zWZv{TLp)EYqqFFrwvX{syDzzLZcQ#O5b#AsEp5|Rv>pxZ3+9@ZR>Ix(!N50W7FX;W z;s|^%*T4>T0k%7YwaRNLe9iS&W?n%O!8WW^cnyBqfzFFP_J^Tu!$A}bxbUF!NZJX; znh%QfL{&>lT|XvP)I@MPQA|7D1bHNUq7UFV!!NM*b*f8^v}>{Oq; z$^fBk6D18SGomKYu52r&XQN=suqd`kF4#?GbX2KyOqPseBXw(~%H0PbCY#xr9u9 z74S-B&N`=Tjp-h^>3n)tlIUV^2^CH6#k;aG>+Qu(u>I6@!;U&{-*l~FY|M@rW=bQS zWv1o!1=KmC%a+|fk#V|Xr+Zui|6Red2IdkcMWyLw+&Hi0<1n$kZq%tnjM|q#rePE= zo&H&gv+NWSOk21TogtO%p=-gAPq!N5K&|SKH3mMHF=NzEN3o?QFw1JO#s&(?ZKBRo zR34!hqPDtUb}lN=Fz__Ezqr=MCH|eIDTmW@lZI8XblcHukVnxLu;rFo#c5O#)mU~W zLRN=5dtDW7O(6nBdtBSI7hagy1(*O2|9XKMt8ECDkhSHEEtBS7ZMibO88bS`LC2B)!~LS z*Eh=@wqUdU+Mu18eeooNOCnDuTaUAs%krhQj58|hQlzV?O5D(HW+Uk(_|2O{k=C=; z`?EM-_cH5oYjjA z#Z(fMr28cjlx&{cRyxfs1sGI40(X;Aak%MN>}gMibcl%~88XDRknMf=;S|6%ii;{G^!DK9)%f+jCrhc>7NzMML!|lPt3UC=i1@{8O z@--YJ(PdWI@dKnR2VO2Vn5@U@rX=nj%9w5&AW&`or4&)j=&$Nkg^cn3<*{XXM`?WL z3dZmHrq}Ul$2VgrN0hkFk*Jp*EsZ6;O!Ap3lvh{DplDg%vnR1XyR7J$tVM-Lt3pQ z&&*n{GEB@rv}#U^9QPjoNsGfLShza=prgj@!)JR}51rf7(pGWRm&Q{=XrSZ&Tm5ly z9KbRnvsD(R39&qfow)4%^Du7KRI_}s@j>ShNqI*JH5(=SVS3s_eJk+7%EoWnzH4Z| z=4D0}h3_|%4fc}JeR|eZ*z*12o~ZNU9&x?H!Tw1rudII8lH+rLI{Y}Cd${N2-P~9b zgHtWH1zc~&X3)1hzqTM|4BexWJ%@_I{!IC_-oi4y)M_5XRi~vbFOMYkP!@I_=re5#4O>r-S zS5Tf-y%&#y8&1(qk8i_jpOt&(_zlVWWo<0+oClTqW5x9FlY>;6zU4By-!gR|G@q$Ct28y-f%E6PI-N1aojMRo9l5}0 zXe6Ur`Xh^Hrm^EVYxp+%>ln`N)0LgWUve%vj$GmLlw_X0=#3xELkXb~Ddjs-B^v0L z$!(YOJR#Bra!aVGzn;+@pL|^N+P=tUEo(Vf_2TU78|cTzEwg^KI!>6;&5y|=_WX79 z2ck-ttswj!8m*001`>wak8M0FdMb4Ok&pIfYL(HmNu&Zy{Y>0s;?feKq@l#g9`Qvu zl*H;D1JV~0A-{loHN_uA#LaeFrg@06v6jXH5hu=On~$-BUT69ST2vS zAtWm+Z_|TAT%1Q;WsjRPD7A3lVfn-FY5&_D^=Hlv7VZ)aeMB=NbZ_Q%K`%Kx5vKkH z{j^GuSNj zF30E&`DV&diS%k+i<^eN^@a{4-a$3^+#hSSWn^hAWIlGii6ZcXL?R)299qtQ_ zTFIQZqZxXOC~p*ezzFiJ&f-0q==d$1*j)2k1-f}Ie?)>Rd2`l7GkPG|X2Fw1DxD9# zUFwlqSZu61aZ#Pa>pRzWnKLVti1}@1?e^#l zGAfu_nrm%$y{4{%ZoK_7qUK7Js5^`VgJV;1Ex?!V+T#6d(F7#?{b)_pg_W-!t2NG^ zr60W;g2#9d=@1C7Ha*&Z4hU<56z=8RxKUgYK*8THEUK z0{dla3|lv3cdjD|%j-b$Yt;Mdh9fX|W&_6l^6<;jf*tVV1Xl7@L$z(9THW#i)NvOq zB>Ae@fLkG-YqC`Sr}H&9XLIRAQLhh--M-1wG_j#SH_L0kC*G)0BRn>h)UlW@3C4<= zmQnX%4h6Q2`c&hA;hxU+VRmTB?-1^4LO{rEy-G&sjNYrvoddjrug4q2d!AFH=@Y1x z%dG6ook55-i~07~WNcm-iQdWJ@9N%kocLKJ0Ec_jISIB=3>)f2$^HY(AXh2!3$WxH z?FTyNceP+nx12SOB@<_AbiTeM_!yzRRv8a)F&*hK6mbN@v^a)yMbRZiKT~QHk2HqQ zv?u7%={8GtH@e;`u`}&^Q)pEzA~jx6-GfUTe`hFm_|OyA?q)rfz>s8scjR7G3OmM_ zQwIg>EE+TYM=Zy9Q9(mo*DY^=oK!Dxl1|UcaziIeq|mYki+@Ox7ZvuFg6`u{d==6I z4!(O4{wq)p5Qdg13Oh>@1o2^CTYvAc%zo#snk=iwLNqgT>qZtCmiWfB>%QV1FrdqX zMUsTQIRSIzO96-wEkcC260p!t_<#=S=7&vd#znx;foVWg^t&hCKV!*~%zR)~GPdaI zUm`@SFe5_ROc&fgj3s9O{IDhNOxd+Sjb*hACtQG$&h8EURv);o)*0c0e#W@+VsCh#QDbAxZ`lSt!-Q8Lm_sEkNXjtTejYQT5 z%VWviAX^~CPn?r~8Tpm9DJGrxqf$k>_=zET@Ff|O_!xb@Jl;W6>t7u#NSHi}3BB{l zGUoTcg|90_NNnw7v>H9~#xAEUK*pG_Akm8zM6k-jiEmPa2o;+b^}7{Pcp+zorDX3% ztOzMq>qn+?8R|WhBea!CUojCM3k)nh|Lg~18VhF`TaXWnOv~Y?ZZn})=!)=naN28r zm2N!7JEerI-1t91eFDvY%4&i^P@MSJ+>k)s6C()A@K8=igXB+!%(X3n(^8%3AR={- zCUs93*7qsK;p{dwvOanQ@|p!~4F6sI804F1@GN*NoCto-V3CP&hucw;Qpu!J8fUsXS5u-x_{aGZ(%YJAF_2~-BOTr!6ii? zc)yE7e2D-}EtEpz?cvHUTE%*CL-U01hkR#a5TQG3xaxVYs#luB>+_I-EgemV&M=js^UwChWAQ;^n*1q zOU54eyDQq5TIeifx6~-fXrAYDc(Y=i`o+w*cfgZIBA*1{Ys3AeR~VOP39Vh^Lly}DsqTpo&)Bj zwT;F7mVqW$3_>8SY$b~yz5f`jNL@WvU>X4>4h5>TxBKe!bhop!)4_~puyxwY-3>LZ z^|u$3f{iZq&rhvAOZ)Oa4|*FPb%HiDht|)Xt3F)nqjBOlh+k8&bAq`|1teIL=r8jc z>>em#BW>fGlG&yR@0^9EG3A4Dy8H6;YCGV%4Gfe$j1%=v-2BGM`mb-IvQ~e}#prha zF3?JX%c-gn6PMgiK#Beja;pqh?Lu_WcjHe zw6AxpcWzURcUkqfH#KYhI@&%#`atg8E1D=crJds-Jy|v^yA0nW%2z{YbMF!f{i8Ng z1ZGfeM>wbUROq;AKT5K&GfMPIlZcUFmi~&uSa5>awwi_i!Qz0B9}amxzHPh;{I_yr zIC`{1D;(J8IH&+?jed3uLARm+#f4I;H0p-2)dl+Wj&-V6SIm9vbdGMu~^ zg?X!BR;a1ju=aKsR%t8{iWkKbmJHhg;JLLufQAY&ec|b)_6cTi03Z@QjYb979i7K| zx7o_n)`6bu{wnYERNm!Pgl7_aR~qaurlWuI+J&h%IpzDLX%eU=_M!bs<#zzc_(lCaR__?=cze`;spahr1 z$Y)C|gTL*qjpcUBnw0Vr-j7A4wl-jz#*4y*=5MDY+FV>4q92at=Vw-cVsZ=imYi`o zIVPctp?h=Sq2yQrp`1NGo?vq-bCbBIj7(6wUY+*>)iZFgPq(`zG>LpPD3sk8nVWzl zjHFnL2MuOn(6eH3OP&|U6=qf=b=W)4`|nSicK@kax#{skhjP8d#+^^N%P!?=t?*J* zHCiZl*S9~X5Btk=Oc7&HA-TLKX+}7J--w}ZTSq?UM;+SfC0V>AIh(+qz%YQHxOgAM z$!Jyi!(0;IX@$&~ydO-F)7S3vt5TC^_Hy+MeD&#HitN1!=pT19ER z(NYCmvS|hVwu;r;)neAql$Z%`{>TT7&dQXd#X0>R$VznCLpSR!iNa;nERkty0O;Zt zPr@zH9kK9Mk6enEsg=hr5^$d-W+LjCC{-0RUf}0EA8+v-Wv{nvOV#ysKig;=m6R4o zwJOy)56T_jR)-{sLfc(dn=d8QTC$4KCrh7v?&V)nmBTith=KLsw^5gso0nr2E&Cyn zyv?C{Kv~s(ysUz`d^q@d^p(MqbrIQ&b%5JESiSiVxO7kT_|9*TCu9o=1HsX}COPYb zVUdB$<%=;^YIX-(7LLymMKUq+=g#D|Cmr@tGTMGh)n8f^os1P$Fd{Uf-N6=BULed2 zIG8R!@sLZcR3o~d?QE(o^iYYkJLubAu4eL(+2JrQ7Rf@fRo*&_b}}xva8Xn?g46D6 zsKJsrRt%;66u;JdLJ~B-&r$+0gPPn1xK)2&{Bb)GpV~-!Zf_rZNvgABY1u8v^cxrj zGJGCWZxC?RmIyY4RYE=p-t6}leB`)d19CM$nFb?GeV|~FvoV!Te>G+4M^E0MS6mNe zgjZEbw|_*wN=mj$)}!1FQwUIIYt_m1e+G$VYw#otb5+A$`_@YX(JIJH)Oe6UOf;q5 zQErT+py(&vm`rkL-2?7FDK{3#=a+INy}7UVxi7D9AypvM`)@6AgRFyRc3Ga2i(8~*YpKB%9or^cY{f@ zwrbjC1rZ;dtEjKEP{&2P(+BoEo|_b;Q$&Nii0-$wwY2VUZ;OiB%u3Z@pmV2M9Jabc zoFZDW-9jKp;CF8-j(|=g=(HW4R2&*+XHQ{ZDvNbzM?jJ zQLnx!2|*n&h|4(FxOfz}NuC@Mi~R}qEA+!B$I&0hvI*&MPc{= zLAlOwD9*HpVdlg*vgS}kYC6D}qZaJDJ;A>z_Z^Bn_NAtB^^MDpktBwA(O1LOx^VlV zRmCT0#V&M4Ft_!rdA&mcbUsJ%W?89C{ItEgoB6M|T`+ffVI%SXP1_sSByNi5W}yU? z;XcVJn6LXt+;j3Nla;>d@bm_{V^m}-DiUN^+iAhlw08Z6O+{GXeV_Xwbd=T?@5?WL`(tTggD=YCz_ zbf}ZnAwDc%M&B#%IUAjEA&M{G zt!KppxCUg($hwRu6@LIgY$4K@HDR>bSNQL?@xUrLYau*Tv2+l`XiY$J-SQuL@I=GN zow9FX&+lE0{4P{xkA26TCjJDW3%$Zs$P*kg+n}@E$E%I)EB2zkeB*~1MbScFo;-a* zo0@f4sf|&uoWZKg?U0&{b_fo7KTy1{y_)*-9vr&; z@9%gzlYVGBsqU1gUO$2K;}O=}aT#0>Z1cgzX}w%4LpwQ!MjlW}BGX*#j;?lJ|HRSu zd*{JhioVoK9LO!K8!nToQC7Vjh$0%g#njgfu(OmddM$he;Oj>(Y zLI7LC_wILS>1)#$?Zh@Ux8_o{9*Kh}=dGV+yrAb9%I{F?m6b2roNVP^<(1ywZ4=D) zIow=7pNEVjK3fJCglnGCIc*ugY<9BzG~vLvuJ5oHKN!zup%!*4ViEQq1(tsrQ2)uM zC9Ex|!)%Zq-D)8E36zO$Kz(|FHowzg&f5Mt;Pqky${;s5Al%_>qA*&06_DEQ+uS_s zl`S8G=O?}WrPSBr*MabNa7sm^P|9=YjA=}v&S$`9^dH~iPjO^LGXTK*6YJ+ASUUXNj(&&Hsh}=jq?da_N5}( z9~Z9f#qKB9ZgXzWS$Cyj+Zk@n(N(R)?ok)}rw;}j{;7dQVMjy(vDefy$|u3S`T2`o zObjlGBspa|N!F=7%@j~S(*bqFpIcsoiI@Lp4Uhb5U}qveuqb7*bC@W`8H-~+q4mX8 zh>8}b+lzQ=zULS!scrc8Gn*1>5jc}?eMA)XqOUT4h7s>0Z#5T`rjTGv9mCoGp70*@ z#VQ#0R0C-q3;VxYot9`^6KUNC+&)G{wL!HBWtnJzQhh`O@d{Zv=kA=`1S9dRd=%Ln`k7a`@s5$pf?QeS5ZkZExjLciF z)lGs^^J7ab_6rGZRFFnKAt9l1^Zn&C9P!@6oAb4nsb3^9vV?bOrgTckwtWOBbOg}6 zB71|8*bHA!m$Nm*pw50|IsYijRmb%I&9ACRTjfwbk4eId^grM-wqDQ15D2xr2Wi;s z6~^{ruILB;pi{&<^b&NBEB+84BV*LdyqyD&?xmK!7d=i6F#cf-iY#JD4`g&vT;y1a z04sdM`KO`_orXy6GGwt-DSuo455oN0Y3IS;&JKyhA?08sNI5v67UIx*eIVn!9KeE3 z@)9&yL9LJ~ZYVeuQhMDK7d5Vt=wdv6j3dMQXF`cyGHCM}*sj&Mun5R~4hhk9+?|uI zp7c(aWI-`t_j$S?av^O56nUU~<^^~^#X2zcBqdQyND_9}vSk!_d}O_QCI;IX7x?(C z{zeJmzrk!^U_Ve6$_xodwBl^q81U@%Ae ze_oNlnqCu$Er#POG zgKW>zIiSpk_r`u?NA{w@4OWALe(@DH&-YHP%*{77vRfvjT%Vj>C;IcLrK<a;&yv2g8BZvXyer9hO33_BQ3IM zoLKZ9IyOERhSX7Jefz37t;^;>&fL%y%mY}*wFC>kS$!w|>&^*s`xS;S??QG5!5C8LOoyrLgcv=lA{fQBP?BA^@) zwE*W`MkKrokLGI7hsM@wMTG*Z`_!Gg_b&+mIZ<`P#856+Awyi zDFlC$q}Vj7$gAY6XNs3-O<0M=ajFx%7@zZ`O#m5{e5!iM)P*9Fw6CR$(<}TAQcqg= zz-y5~#yC0Tb?3_NoRD&@g)!!0eqzmrQ9&xHxe^8@&;aL?l=0J+O<}SXQg4`*Qwk>~ z@_3Tcv1Iv0l1VE)cfDW&Jt61!AgiKD{SXw%F+LXwsy0o=Yko7<+z#b-F8t|{6h9^t zO_YPr;2W=(8rPS%ZIhr}$!ta>G-=Pz~+!QcC6Jt1DPIx7vD)TdFOk9+kaA6=zIsM z>pZbJ`-Ff?)AAB%=mu5Hw1eI|1`&3|$x_7R*P#o3Ea`4hJo{jaePdZa%wNuMKNeFo zbQQ)UJE?sqmdDsBymBg12wHWg)bNH7-M)1W>u@Zwe8B{D?Ve-@y*J5ZxvrAw6nZn} zc<0S`S6s;m6q_mg`AO>ACAjh+B|5wQroWN0R@~7l-1q?oFO>T~HdJ`_^++CEV?EO| zifnnAXk+Pa0>S`M(3C1i!yoga_nF*3zrZ6PVVzk8C((?AZMW|kA5uKxTLri2)#b55 zV)uPr!wm&lOw-A3{{~Dc2J6#$V@&6Hy(DfnY?r4Rz<_-<%q}2oe9I#RK1DHw$@z0u zNdbA0P@4tLV+^=-4id`?>g7)0x`6O(EGj9T9VDBKHg0ELIMtNHT{4d_N6SYn*zp8% zPg55SxSYoD>NLBGC8kt4@0Cc&2#0JZl;XfNq1rqVvseo+Wu{m&hr17`T|{3GY_Npk zuRrw2c^m{Ypv`sfq@;8ZkKd$e8{HyA6c!B{h1iz~xVYiR(p!&Z{nRWnmv{JBuBpj+ zk^(<^C_%-kgwOo7dKqPhF8WcYa~QeKahBjiRHeZ;z8L9fiK+IxB2$;A>y!>XYd0hH zp{T5%XlLym=R&)J71v_`kjOMP30WA*$Uci9`L&fQ3L~ucn1UDo@3cYrVHrhV2}y^I ze(3}yDk48on~&dCg|TBnQUKut-U>v8dAxu;zC)2TyjnA9ecX^m}E;0&3A}1gxMC zC&Uk}T`*l+G;qJ4&P((=sBzYo5yKh}wqdf_ySRKK&@{uE)EPfjW>*_1l2#ks? zM3Lh2d&#PaR$E-8JuzABKQ?E%Y2rRH-G9as`XX$?detbZxrt}4g(ZE)`WQ2?2Te1b zJ0)a)#Tsf&SFxg*2uHpSPt%v#nnca|Hu^O<=a%8vM1fqbKXb_@=d~u8RQVNc;BvJIaAt*+gFR{hwrAWxnMB5fWCeW7Y3%GejgpA1 z$P=rIgT>pGx8 zTY?uIG(BUQ<+o03LSOn6{tVPl8A*P+G%%Cv#}4}`*QC=~IfPLN7mD#M`0nKI)7IEpa!02Yn+ZnK|6!&%`!!Be#}>g(kfUIy2UWNjFBs{kn~nPe7Kvm*K$?z@ES zSQ2B~n%~t8C!X8FD2(w7^+=_O_2#E7!FQ1z%9J46gWKbZsr}oKiMMtI1-WZK3tV=cESl{u3hPx?;cPiemjU%PBk-Y65;!l}JCI`~uJUW;5T7sA`vL0jZDb z$Z{FPu_r49UZ!T~l$Z#x1TNW553+mw+SiYO(aZ6 z@Yl2Fy=v}FsU#RSOc&$GZ&*F~lEd-eP?*vPpZsfhm+7MGO>A0*{gtyj1{_b;bAR=CLUQ&{^pl1mohm z4EcDrzFIa11R_BwsRV4&?TTr?OdmE{U!b3*KH@)F4Mzxj7Tk8HaM_8GghhpXp5*qT zgiul>2?atqWT7OtWaY_htB)asChu@GiOh@2YC93@dOc1vilwpss`*V^p0V*E46|mq z5Z5PLk%bI{F&kgtR9IaJma<5rbMbVvop~OxQS)g?c(3OJGHLBxBn`QvkBVyb^&EKA zn}U?cR@D~=F_>17dbDFnj=o$fdS|NF(ULheKK+pzydY5(tgKgFKYYeoJ!u(BwVtUL z!;5oJx@=@YW{>g*DO zJb-B|f<`;T2079|rRKnryZ%JB{y%Lo3Ph=nBmEF|{`DVfGLnO5_Az!oBv7UU2?g}w zS>2+4U45OkE0iNV;zc6H7Kcx87N?SzkwGEFO)=l?s#MdBUtU(9Hf0Z#=7wrzj=cg- z9OZ$Yz)~R!?M;Ah)C{wlsf8+jbZSsKmVnR`L^czWnn0uT?i?U$9LB5lH>?b;ls#K? zsX^v2StKYHo#FAZ*}M{5+_mp9uxb}1bAWab#?t^euG-VXL@VxQ$m|#qHxs(@*MQH-*|22N zqRl8?v|GXAM!nN^^YNhQzVbd(Z>z;)|Ip21AB&xcKMX|*#L+p|<@6S;RCOhrk*su? zQ3U~Xx@>8ahSth=-^=Qg$V998>N~q}8_N{Y90rYl6tVyFabUsGku2?m;QKB^+U3);${ zd_K0@!c162$aIh2ta=T0ER>Y8bd?iTj?J$JA0{bjkS(SAF;$MS0V?ZC3#VwlFR@2x zfrpUvP;e!e7D96^E+Tei$NF7fip9gY)KjYYdb$5SDpOz0YUdZXug)^5E|=zbcGOCw*@-9cJQ*Nqw9H?>XR$wS7oq_& z`4}5u2K61zO3K>vhIVLN__A79q1p&|yDyrL>uy2-5smV))s%1jX7^8_1{0k=gv3$1 z5aRJRapPF?k}v--IS<@IHK=x}A1mYs43o>Sdryb6nG@i9q@U7Z<~C1SG-4}?z-%}K zCZw8cu&!Jf7tjUDH#D=<`~nG>_L+upmd0lA=) zt&zPI%6P;k>ym)SAw7y=mR2t6x`Jq;D!f8eJmw>^A1jw92~NmAXxn9qSe8IZZ|x;V z3S{TwWUCG5X+@pfE{UNcxX|z=IM|BGsD^(I`VyMf(aaE+s|5v`PvwAW>}c3qKxCE- z{CCuRN;95)D*k31!armT255U3S3X4);bpskl|FKvRs4S(9s*D77YOwX%YDT9z!8FUj? z6T_%_#M-HTxqFiq1xlL*#)#+S9xtRhQca%2B=sOO7TX@-sX=P zG)mPJ`!bik3Qy$(Y8Mj#{r0f!&R`MK*6P^;Nom32pRlnc@OnI=E(i2PD*KXUL$=Xm zGktg>T9_;7vDd}C$?Hgqpp=3fJ@$syw2S;6KLqtzN^;%&CEX@RpLqhgbRU3)wYzo? zGNp``3=RJm`nEmnKp$H@J70&YS{YT+c50@%A-x_xC# z z#l#*h%U&W9u;?Gq>Kt3^YR8L}hX5^t;@-P!u`h@)NeMof(?^4@Tx*I|8isR9f=Z~E zh{>7o=ANl5%#}%KBS^xfz8OS?r>xqGss2RmZb?6L$dvbxbX=Pz3`-Q$aFF&`vbew` zV0uaQkr+nlhp~Qq`5d%Ms7t)cV$CijO5E0*1&_IWfJA5f z1hECSvX2TmZt+yp!jBh3wUIBAC;ScrGS)V@Fl#mx^(^FSm$Ez-77GSXKt=>zv?f)P zm860=m2ctcW<}9zx;2YQH`5V%y3fGbg(>z{6hBtwXCOE!rh^nV+Jv>+wA5REw%W10 z(qPzvkfnX+6NOB@DaUF>k?JpKjvCKnN?oTv;JW^yyHAYcOKs-fa;0ecxY&!wpOUbS zrP90fTJ{w3aTg>6wD9>&HDq`K>=0JtY(f_#-H)q2I4l!UGD_QvrQ%pS_f{eDpzez0 zP815KnMQaY_Bqxz0->=;*zMre%{0kCK`kXlf5q+)(J7pl1v?1@qK# zROBLxWgFp3W|kH>%ANFN%%nE4|L9U;r2n)CAQn|PS6PIo({gboz0#n-x6!Q`0_7#E ze-1zehyOrcvL{dyuX<4Ql3^20s3#&q!yHp#j5l0SS1_+}F z$X zfdus+)F>rb~H{w3B>F&t^K%<^?3<0i(L zHDAWVAR#r)t}Nx7OPaZLHd3u*;yz7Nk%O#KVJa`b&8|*h)cpzZQb^lmu5!3}6rLjd zIM-1^+U^tZo{c$!F6=xR!}7W#(}jG-?Th?@+{;{tAQ*`M&)|?l7sCG&?FbV04@=M@ z72%i!?Hnr%xlA+0 zIQh*7V;Pk*oJ6aCy7vp&wo4jXv{UFB zp3g;2a4j_-2`x-%-2~%*Shy9h=gQ|w>(jeD%v{YE zE+ilEGyEEvFiF@t1fI_&Ss*epm#`it zjk9#jWgmPAOH%aGa4eRVr}L=s)HUXlVvk;jQs#Fi)P|<<+wyU{^$QQ&U3H zj>Q=ni+2cZ)d0CXyrCvOtrOvkb_rdx+(S>vNq%e-b4T!eF8xny2z#k?he>M~ic?)% zgVwE}DVW>%T&wiY7KKx?%|~UaP4mVi$B^OaU8bKV;`_Oh{&YR_Ib4LfE?!JT+DV9O zmsMNjTlKSeC();N{lgiHH^4vi^YHpwMM;vcd=~HIn)CW<6STV69KQV%=1x>Bo)!pr z*yn0#ZcaqnwHO?%!}7LvEy>7OvWuz##h_eWb4%TZM=~-V*-)ouF5XS*3MEMamRYyq zVWs+ExMHnn-zvRB=1Pl+h@A`*0k58N13p(GXp2#jC3A_?3Eae)i(ZH{Bo(3~DX}`^ zHDs16 z1w;M)^XCs|ln(ks9dAG;)pmZ%{|kkJZ#?j7#^kdZ@a>3qVP>66z_FMW0+Xj?@i(qL zc~->b*4D(NqZ`S}RY^T-uD*o)wecui10Q89d6%m3E?lxQ^&1~mGlgqLc2oi>z@!mT zLM9a@R*!!Nfw^3cJz=hep=3!%fR92K_O8kJb`eQ?yF#JQKHf7-)GH18L%uhrw{ulL z9teeQbZ7kN&5T)hMqdA!buIzNVpa%vpScowAnG1q9`&;*Dc)Ra6mE63YD*OkkcF-3_$c+8a-%D@yQ0?1s*TvzZD zH3H!=*PKuWrYI3W=0fJWdgThHC=m#cxpG1on4&}gnJZSzl{IZz)S^Z}08F_kCoNV7 z1j1vk8KDeJQ6hlM6*XH-o#yd%u4`AXVu})h@R%zb4*$j!9RkQ)(KDCVSLoZWUBeV5 z0^u>&v`_}7C=o#BiWzfdXGbk+1O&kEEy829_O>=m5hDOE813J`-{s)_(Y%IxCV!SO zIfN-<1n!v{{L<1>E&<14RtQYZo?Q)ZpTj)2mpWpqs!4Bx4HSA zX>A!3Lzp5)000CST>_59tPseW?q%k>dGjW?UB?<4T3cGKx3^;o3jqM_NPRs32r#;w zA=lb({ZU@SJyUPqGclMkK7=VO1OT*qrnUiq0HaI5v6wY;%_Tn9%o#I0iV@5@a2X)p zfyEm9goOZr2GF^uEoLDw>%e7zc!#_Rgee>Z05pIOX)7jFlRYDsFxRY^Gh-qSg&+cm z03wh81g6iNN0=)oCno`oVH1b|B7g|Q1cB)}`GmPb92v}ITHhUC;|~c1Q3BZBXIi6Cpo!G2y^A-<+?ATQ{J8vmruKaoP7B60W?bHQx$}$i7Az;swUB-Yf92;dTe@`j?%l9ppMA!sL&mQ>Pmmd4vmmdAxUq1dn|MH11{KaFR zyZ@;_e_+xN7B5<~WbtB1nbXI9{pqiLbK+n9d)5Oi2NK*R9~}R{*T;PATND2JM_E7o z-qde>W6J%IzB&1?zCP~$2gm>0!iDpB;eVO@Pv6M=+BcrOe|+{>mI=bY`_$ij`O(kc z|HPmCQ|7lGo%Z0A*%LvTKmXUy&zie1;vQkekwsv3-ZGZv%!5=gciu8^ujb?zFei&7 wm9yq8DxSA!C1I{~`dM7;D<{9 literal 0 HcmV?d00001 diff --git a/docs/en-US/vmware-cluster-config-dvswitch.xml b/docs/en-US/vmware-cluster-config-dvswitch.xml index 311673a0e09..2aeea2a5e5c 100644 --- a/docs/en-US/vmware-cluster-config-dvswitch.xml +++ b/docs/en-US/vmware-cluster-config-dvswitch.xml @@ -75,27 +75,52 @@ vds-name.png: Name of the dvSwitch as specified in the vCenter. - Use this VDS name when you specify the switch name in the traffic label while creating the - zone. Traffic label format is [["Name of vSwitch/dvSwitch/EthernetPortProfile"][,"VLAN - ID"[,"vSwitch Type"]]] + Use this VDS name in the following: + + + The switch name in the Edit traffic label dialog while configuring a public and guest + traffic during zone creation. + During a zone creation, ensure that you select VMware vNetwork Distributed Virtual Switch + when you configure guest and public traffic type. + + + + + + traffic-type.png: virtual switch type + + + + + The Public Traffic vSwitch Type field when you add a VMware VDS-enabled cluster. + + + The switch name in the traffic label while updating the switch type in a zone. + + + Traffic label format in the last case is [["Name of + vSwitch/dvSwitch/EthernetPortProfile"][,"VLAN ID"[,"vSwitch Type"]]] The possible values for traffic labels are: - empty string - dvSwitch0 - dvSwitch0,200 - dvSwitch1,300,vmwaredvs - myEthernetPortProfile,,nexusdvs - dvSwitch0,,vmwaredvs + + empty string + + + dvSwitch0 + + + dvSwitch0,200 + + + dvSwitch1,300,vmwaredvs + + + myEthernetPortProfile,,nexusdvs + + + dvSwitch0,,vmwaredvs + - - - - - - - traffic-label.png: Traffic label specified while zone creation. - - @@ -124,10 +149,10 @@ 2 VLAN ID to be used for this traffic wherever applicable. - This field would be used for only public traffic as of now. In case of guest traffic this - field would be ignored and could be left empty for guest traffic. By default empty - string would be assumed which translates to untagged VLAN for that specific traffic - type. + This field would be used for only public traffic as of now. In case of + guest traffic this field would be ignored and could be left empty for guest traffic. + By default empty string would be assumed which translates to untagged VLAN for that + specific traffic type. 3 @@ -153,6 +178,7 @@ +
    • Enabling Virtual Distributed Switch in &PRODUCT; @@ -171,6 +197,10 @@
    Configuring Distributed Virtual Switch in &PRODUCT; You can configure VDS by adding the necessary resources while a zone is created. + Alternatively, at the cluster level, you can create an additional cluster with VDS enabled + in the existing zone. Use the Add Cluster option. For information as given in . + In both these cases, you must specify the following parameters to configure VDS: @@ -179,10 +209,6 @@ dvSwitchConfig.png: Configuring dvSwitch - Alternatively, you can create an additional cluster with VDS enabled in the existing zone. - Use the Add Cluster option. For information as given in . - In both these cases, you must specify the following parameters to configure VDS: From b18afb1c3603d326f05654bb629368868b75ed4f Mon Sep 17 00:00:00 2001 From: radhikap Date: Thu, 12 Sep 2013 18:16:47 +0530 Subject: [PATCH 04/12] known issues from animesh has been added, edited, updated CLOUDSTACK-4245 and heading changes --- docs/en-US/Release_Notes.xml | 2458 +++++++++++++++++++--------------- 1 file changed, 1397 insertions(+), 1061 deletions(-) diff --git a/docs/en-US/Release_Notes.xml b/docs/en-US/Release_Notes.xml index 2beef6a420e..96cf6e63b39 100644 --- a/docs/en-US/Release_Notes.xml +++ b/docs/en-US/Release_Notes.xml @@ -55,836 +55,848 @@ under the License. If you find any errors or problems in this guide, please see . We hope you enjoy working with &PRODUCT;! - - What's New in 4.2 - &PRODUCT; 4.2 includes the following new features. -
    - Features to Support Heterogeneous Workloads - The following new features help &PRODUCT; 4.2 better support both legacy and cloud-era - style zones. -
    - Regions - To increase reliability of the cloud, you can optionally group resources into - geographic regions. A region is the largest available organizational unit within a cloud - deployment. A region is made up of several availability zones, where each zone is - equivalent to a datacenter. Each region is controlled by its own cluster of Management - Servers, running in one of the zones. The zones in a region are typically located in close - geographical proximity. Regions are a useful technique for providing fault tolerance and - disaster recovery. - By grouping zones into regions, the cloud can achieve higher availability and - scalability. User accounts can span regions, so that users can deploy VMs in multiple, - widely-dispersed regions. Even if one of the regions becomes unavailable, the services are - still available to the end-user through VMs deployed in another region. And by grouping - communities of zones under their own nearby Management Servers, the latency of - communications within the cloud is reduced compared to managing widely-dispersed zones - from a single central Management Server. - Usage records can also be consolidated and tracked at the region level, creating - reports or invoices for each geographic region. + + Version 4.2.0 +
    + &PRODUCT; 4.2 includes the following new features. +
    + Features to Support Heterogeneous Workloads + The following new features help &PRODUCT; 4.2 better support both legacy and cloud-era + style zones. +
    + Regions + To increase reliability of the cloud, you can optionally group resources into + geographic regions. A region is the largest available organizational unit within a cloud + deployment. A region is made up of several availability zones, where each zone is + equivalent to a datacenter. Each region is controlled by its own cluster of Management + Servers, running in one of the zones. The zones in a region are typically located in + close geographical proximity. Regions are a useful technique for providing fault + tolerance and disaster recovery. + By grouping zones into regions, the cloud can achieve higher availability and + scalability. User accounts can span regions, so that users can deploy VMs in multiple, + widely-dispersed regions. Even if one of the regions becomes unavailable, the services + are still available to the end-user through VMs deployed in another region. And by + grouping communities of zones under their own nearby Management Servers, the latency of + communications within the cloud is reduced compared to managing widely-dispersed zones + from a single central Management Server. + Usage records can also be consolidated and tracked at the region level, creating + reports or invoices for each geographic region. + + + + + + region-overview.png: Nested structure of a region. + + +
    +
    + Object Storage Plugin Architecture + Artifacts such as templates, ISOs and snapshots are kept in storage which &PRODUCT; + refers to as secondary storage. To improve scalability and performance, as when a number + of hosts access secondary storage concurrently, object storage can be used for secondary + storage. Object storage can also provide built-in high availability capability. When + using object storage, access to secondary storage data can be made available across + multiple zones in a region. This is a huge benefit, as it is no longer necessary to copy + templates, snapshots etc. across zones as would be needed in an NFS-only + environment. + Object storage is provided through third-party software such as Amazon Simple + Storage Service (S3) or any other object storage that supports the S3 interface. These + third party object storages can be integrated with &PRODUCT; by writing plugin software + that uses the object storage plugin capability introduced in &PRODUCT; 4.2. Several new + pluggable service interfaces are available so that different storage providers can + develop vendor-specific plugins based on the well-defined contracts that can be + seemlessly managed by &PRODUCT;. +
    +
    + Zone-Wide Primary Storage + (Supported on KVM and VMware) + In &PRODUCT; 4.2, you can provision primary storage on a per-zone basis. Data + volumes in the primary storage can be attached to any VM on any host in the zone. + In previous &PRODUCT; versions, each cluster had its own primary storage. Data in + the primary storage was directly available only to VMs within that cluster. If a VM in a + different cluster needed some of the data, it must be copied from one cluster to + another, using the zone's secondary storage as an intermediate step. This operation was + unnecessarily time-consuming. +
    +
    + VMware Datacenter Now Visible As a &PRODUCT; Zone + In order to support zone-wide functions for VMware, changes have been made so that + &PRODUCT; is now aware of VMware Datacenters and can map each Datacenter to a &PRODUCT; + zone. Previously, &PRODUCT; was only aware of VMware Clusters, a smaller organizational + unit than Datacenters. This implies that a single &PRODUCT; zone could possibly contain + clusters from different VMware Datacenters. In order for zone-wide functions, such as + zone-wide primary storage, to work for VMware hosts, &PRODUCT; has to make sure that a + zone contains only a single VMware Datacenter. Therefore, when you are creating a new + &PRODUCT; zone, you will now be able to select a VMware Datacenter for the zone. If you + are provisioning multiple VMware Datacenters, each one will be set up as a single zone + in &PRODUCT;. + + If you are upgrading from a previous &PRODUCT; version, and your existing + deployment contains a zone with clusters from multiple VMware Datacenters, that zone + will not be forcibly migrated to the new model. It will continue to function as + before. However, any new zone-wide operations, such as zone-wide primary storage, will + not be available in that zone. + + +
    +
    +
    + Third-Party UI Plugin Framework + Using the new third-party plugin framework, you can write and install extensions to + &PRODUCT;. The installed and enabled plugins will appear in the UI alongside the + Citrix-provided features. + The basic procedure for adding a UI plugin is explained in the Developer Guide. In + summary, the plugin developer creates the plugin code itself (in Javascript), a thumbnail + image, the plugin listing, and a CSS file. The &PRODUCT; administrator adds the folder + containing the plugin code under the &PRODUCT; PLUGINS folder and adds the plugin name to + a configuration file (plugins.js). + The next time the user refreshes the UI in the browser, the plugin will appear under + the Plugins button in the left navigation bar. - + - region-overview.png: Nested structure of a region. + plugin4.jpg: The plugin appears in the UI
    -
    - Object Storage Plugin Architecture - Artifacts such as templates, ISOs and snapshots are kept in storage which &PRODUCT; - refers to as secondary storage. To improve scalability and performance, as when a number - of hosts access secondary storage concurrently, object storage can be used for secondary - storage. Object storage can also provide built-in high availability capability. When using - object storage, access to secondary storage data can be made available across multiple - zones in a region. This is a huge benefit, as it is no longer necessary to copy templates, - snapshots etc. across zones as would be needed in an NFS-only environment. - Object storage is provided through third-party software such as Amazon Simple Storage - Service (S3) or any other object storage that supports the S3 interface. These third party - object storages can be integrated with &PRODUCT; by writing plugin software that uses the - object storage plugin capability introduced in &PRODUCT; 4.2. Several new pluggable - service interfaces are available so that different storage providers can develop - vendor-specific plugins based on the well-defined contracts that can be seemlessly managed - by &PRODUCT;. -
    -
    - Zone-Wide Primary Storage - (Supported on KVM and VMware) - In &PRODUCT; 4.2, you can provision primary storage on a per-zone basis. Data volumes - in the primary storage can be attached to any VM on any host in the zone. - In previous &PRODUCT; versions, each cluster had its own primary storage. Data in the - primary storage was directly available only to VMs within that cluster. If a VM in a - different cluster needed some of the data, it must be copied from one cluster to another, - using the zone's secondary storage as an intermediate step. This operation was - unnecessarily time-consuming. -
    -
    - VMware Datacenter Now Visible As a &PRODUCT; Zone - In order to support zone-wide functions for VMware, changes have been made so that - &PRODUCT; is now aware of VMware Datacenters and can map each Datacenter to a &PRODUCT; - zone. Previously, &PRODUCT; was only aware of VMware Clusters, a smaller organizational - unit than Datacenters. This implies that a single &PRODUCT; zone could possibly contain - clusters from different VMware Datacenters. In order for zone-wide functions, such as - zone-wide primary storage, to work for VMware hosts, &PRODUCT; has to make sure that a - zone contains only a single VMware Datacenter. Therefore, when you are creating a new - &PRODUCT; zone, you will now be able to select a VMware Datacenter for the zone. If you - are provisioning multiple VMware Datacenters, each one will be set up as a single zone in - &PRODUCT;. - - If you are upgrading from a previous &PRODUCT; version, and your existing deployment - contains a zone with clusters from multiple VMware Datacenters, that zone will not be - forcibly migrated to the new model. It will continue to function as before. However, any - new zone-wide operations, such as zone-wide primary storage, will not be available in - that zone. - - -
    -
    -
    - Third-Party UI Plugin Framework - Using the new third-party plugin framework, you can write and install extensions to - &PRODUCT;. The installed and enabled plugins will appear in the UI alongside the - Citrix-provided features. - The basic procedure for adding a UI plugin is explained in the Developer Guide. In - summary, the plugin developer creates the plugin code itself (in Javascript), a thumbnail - image, the plugin listing, and a CSS file. The &PRODUCT; administrator adds the folder - containing the plugin code under the &PRODUCT; PLUGINS folder and adds the plugin name to a - configuration file (plugins.js). - The next time the user refreshes the UI in the browser, the plugin will appear under the - Plugins button in the left navigation bar. - - - - - - plugin4.jpg: The plugin appears in the UI - - -
    -
    - Networking Enhancements - The following new features provide additional networking functionality in &PRODUCT; - 4.2. -
    - IPv6 (Technical Preview) - &PRODUCT; 4.2 introduces initial support for IPv6. This feature is provided as a - technical preview only. Full support is planned for a future release. -
    -
    - Portable IPs - Portable IPs in &PRODUCT; are elastic IPs that can be transferred across - geographically separated zones. As an administrator, you can provision a pool of portable - IPs at region level and are available for user consumption. The users can acquire portable - IPs if admin has provisioned portable public IPs at the region level they are part of. - These IPs can be used for any service within an advanced zone. You can also use portable - IPs for EIP service in Basic zones. Additionally, a portable IP can be transferred from - one network to another network. -
    -
    - N-Tier Applications - In &PRODUCT; 3.0.6, a functionality was added to allow users to create a multi-tier - application connected to a single instance of a Virtual Router that supports inter-VLAN - routing. Such a multi-tier application is called a virtual private cloud (VPC). Users were - also able to connect their multi-tier applications to a private Gateway or a Site-to-Site - VPN tunnel and route certain traffic to those gateways. For &PRODUCT; 4.2, additional - features are implemented to enhance VPC applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - Support for KVM - VPC is now supported on KVM hypervisors. +
    + Networking Enhancements + The following new features provide additional networking functionality in &PRODUCT; + 4.2. +
    + IPv6 (Technical Preview) + &PRODUCT; 4.2 introduces initial support for IPv6. This feature is provided as a + technical preview only. Full support is planned for a future release.
    -
    - Support for Simultaneously Deploying a VM on VPC and Multiple Shared - Networks - Support for the ability to simultaneously deploy a VM on a VPC tier and one or more - Shared networks is supported. +
    + Portable IPs + Portable IPs in &PRODUCT; are elastic IPs that can be transferred across + geographically separated zones. As an administrator, you can provision a pool of + portable IPs at region level and are available for user consumption. The users can + acquire portable IPs if admin has provisioned portable public IPs at the region level + they are part of. These IPs can be used for any service within an advanced zone. You can + also use portable IPs for EIP service in Basic zones. Additionally, a portable IP can be + transferred from one network to another network.
    -
    - Load Balancing Support for VPC - In a VPC, you can configure two types of load balancing—external LB and - internal LB. External LB is nothing but a LB rule created to redirect the traffic - received at a public IP of the VPC virtual router. The traffic is load balanced within a - tier based on your configuration. Citrix NetScaler and VPC virtual router are supported - for external LB. When you use internal LB service, traffic received at a tier is load - balanced across different VMs within that tier. For example, traffic reached at Web tier - is redirected to another VM in that tier. External load balancing devices are not - supported for internal LB. The service is provided by a internal LB VM configured on the - target tier. -
    - Load Balancing Within a Tier (External LB) - A &PRODUCT; user or administrator may create load balancing rules that balance - traffic received at a public IP to one or more VMs that belong to a network tier that - provides load balancing service in a VPC. A user creates a rule, specifies an - algorithm, and assigns the rule to a set of VMs within a tier. +
    + N-Tier Applications + In &PRODUCT; 3.0.6, a functionality was added to allow users to create a multi-tier + application connected to a single instance of a Virtual Router that supports inter-VLAN + routing. Such a multi-tier application is called a virtual private cloud (VPC). Users + were also able to connect their multi-tier applications to a private Gateway or a + Site-to-Site VPN tunnel and route certain traffic to those gateways. For &PRODUCT; 4.2, + additional features are implemented to enhance VPC applications. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + Support for KVM + VPC is now supported on KVM hypervisors.
    -
    - Load Balancing Across Tiers - &PRODUCT; supports sharing workload across different tiers within your VPC. Assume - that multiple tiers are set up in your environment, such as Web tier and Application - tier. Traffic to each tier is balanced on the VPC virtual router on the public side. - If you want the traffic coming from the Web tier to the Application tier to be - balanced, use the internal load balancing feature offered by &PRODUCT;. +
    + Support for Simultaneously Deploying a VM on VPC and Multiple Shared + Networks + Support for the ability to simultaneously deploy a VM on a VPC tier and one or + more Shared networks is supported.
    -
    - Netscaler Support for VPC - Citrix NetScaler is supported for external LB. Certified version for this feature - is NetScaler 10.0 Build 74.4006.e. +
    + Load Balancing Support for VPC + In a VPC, you can configure two types of load balancing—external LB and + internal LB. External LB is nothing but a LB rule created to redirect the traffic + received at a public IP of the VPC virtual router. The traffic is load balanced within + a tier based on your configuration. Citrix NetScaler and VPC virtual router are + supported for external LB. When you use internal LB service, traffic received at a + tier is load balanced across different VMs within that tier. For example, traffic + reached at Web tier is redirected to another VM in that tier. External load balancing + devices are not supported for internal LB. The service is provided by a internal LB VM + configured on the target tier. +
    + Load Balancing Within a Tier (External LB) + A &PRODUCT; user or administrator may create load balancing rules that balance + traffic received at a public IP to one or more VMs that belong to a network tier + that provides load balancing service in a VPC. A user creates a rule, specifies an + algorithm, and assigns the rule to a set of VMs within a tier. +
    +
    + Load Balancing Across Tiers + &PRODUCT; supports sharing workload across different tiers within your VPC. + Assume that multiple tiers are set up in your environment, such as Web tier and + Application tier. Traffic to each tier is balanced on the VPC virtual router on the + public side. If you want the traffic coming from the Web tier to the Application + tier to be balanced, use the internal load balancing feature offered by + &PRODUCT;. +
    +
    + Netscaler Support for VPC + Citrix NetScaler is supported for external LB. Certified version for this + feature is NetScaler 10.0 Build 74.4006.e. +
    +
    +
    + Enhanced Access Control List + Network Access Control List (ACL) on the VPC virtual router is enhanced. The + network ACLs can be created for the tiers only if the NetworkACL service is supported. + In &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL + items are nothing but numbered rules that are evaluated in order, starting with the + lowest numbered rule. These rules determine whether traffic is allowed in or out of + any tier associated with the network ACL. You need to add the Network ACL items to the + Network ACL, then associate the Network ACL with a tier. Network ACL is associated + with a VPC and can be assigned to multiple VPC tiers within a VPC. A Tier is + associated with a Network ACL at all the times. Each tier can be associated with only + one ACL. + The default Network ACL is used when no ACL is associated. Default behavior is all + incoming traffic to guest networks is blocked and all outgoing traffic from guest + networks is allowed. Default network ACL cannot be removed or modified. +
    + ACL on Private Gateway + The traffic on the VPC private gateway is controlled by creating both ingress + and egress network ACL rules. The ACLs contains both allow and deny rules. As per + the rule, all the ingress traffic to the private gateway interface and all the + egress traffic out from the private gateway interface are blocked. You can change + this default behaviour while creating a private gateway. +
    +
    + Allow ACL on All Level 4 Protocols + In addition to the existing protocol support for ICMP, TCP, UDP, support for All + Level 4 protocols is added. The protocol numbers from 0 to 255 are supported. +
    +
    + Support for ACL Deny Rules + In addition to the existing support for ACL Allow rules, support for ACL Deny + rules has been added in &PRODUCT; 4.2. As part of this, two operations are + supported: Number and Action. You can configure a rule, allow or deny, by using + action. Use Number to add a rule number. +
    +
    +
    + Deploying VMs to a VPC Tier and Shared Networks + &PRODUCT; allows you to deploy VMs on a VPC tier and one or more shared networks. + With this feature, the VMs deployed in a multi-tier application can receive services + offered by a service provider over the shared network. One example of such a service + is monitoring service. +
    +
    + Adding a Private Gateway to a VPC + A private gateway can be added by the root admin only. The VPC private network has + 1:1 relationship with the NIC of the physical network. You can configure multiple + private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed + in the same data center. +
    + Source NAT on Private Gateway + You might want to deploy multiple VPCs with the same super CIDR and guest tier + CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to + reach a enterprise data center through the private gateway. In such cases, a NAT + service need to be configured on the private gateway. If Source NAT is enabled, the + guest VMs in VPC reaches the enterprise network via private gateway IP address by + using the NAT service. + The Source NAT service on a private gateway can be enabled while adding the + private gateway. On deletion of a private gateway, source NAT rules specific to the + private gateway are deleted. +
    +
    + VPN Gateways + Support up to 8 VPN Gateways is added. +
    +
    + Creating a Static Route + &PRODUCT; enables you to specify routing for the VPN connection you create. You + can enter one or CIDR addresses to indicate which traffic is to be routed back to + the gateway. +
    +
    + Blacklisting Routes + &PRODUCT; enables you to block a list of routes so that they are not assigned to + any of the VPC private gateways. Specify the list of routes that you want to + blacklist in the blacklisted.routes global parameter. Note that the + parameter update affects only new static route creations. If you block an existing + static route, it remains intact and continue functioning. You cannot add a static + route if the route is blacklisted for the zone. +
    -
    - Enhanced Access Control List - Network Access Control List (ACL) on the VPC virtual router is enhanced. The network - ACLs can be created for the tiers only if the NetworkACL service is supported. In - &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL items - are nothing but numbered rules that are evaluated in order, starting with the lowest - numbered rule. These rules determine whether traffic is allowed in or out of any tier - associated with the network ACL. You need to add the Network ACL items to the Network - ACL, then associate the Network ACL with a tier. Network ACL is associated with a VPC - and can be assigned to multiple VPC tiers within a VPC. A Tier is associated with a - Network ACL at all the times. Each tier can be associated with only one ACL. - The default Network ACL is used when no ACL is associated. Default behavior is all - incoming traffic to guest networks is blocked and all outgoing traffic from guest - networks is allowed. Default network ACL cannot be removed or modified. -
    - ACL on Private Gateway - The traffic on the VPC private gateway is controlled by creating both ingress and - egress network ACL rules. The ACLs contains both allow and deny rules. As per the - rule, all the ingress traffic to the private gateway interface and all the egress - traffic out from the private gateway interface are blocked. You can change this - default behaviour while creating a private gateway. -
    -
    - Allow ACL on All Level 4 Protocols - In addition to the existing protocol support for ICMP, TCP, UDP, support for All - Level 4 protocols is added. The protocol numbers from 0 to 255 are supported. -
    -
    - Support for ACL Deny Rules - In addition to the existing support for ACL Allow rules, support for ACL Deny - rules has been added in &PRODUCT; 4.2. As part of this, two operations are supported: - Number and Action. You can configure a rule, allow or deny, by using action. Use - Number to add a rule number. -
    +
    + Assigning VLANs to Isolated Networks + &PRODUCT; provides you the ability to control VLAN assignment to Isolated networks. + You can assign a VLAN ID when a network is created, just the way it's done for Shared + networks. + The former behaviour also is supported — VLAN is randomly allocated to a + network from the VNET range of the physical network when the network turns to + Implemented state. The VLAN is released back to the VNET pool when the network shuts + down as a part of the Network Garbage Collection. The VLAN can be re-used either by the + same network when it is implemented again, or by any other network. On each subsequent + implementation of a network, a new VLAN can be assigned. + + You cannot change a VLAN once it's assigned to the network. The VLAN remains with + the network for its entire life cycle. +
    -
    - Deploying VMs to a VPC Tier and Shared Networks - &PRODUCT; allows you to deploy VMs on a VPC tier and one or more shared networks. - With this feature, the VMs deployed in a multi-tier application can receive services - offered by a service provider over the shared network. One example of such a service is - monitoring service. +
    + Persistent Networks + &PRODUCT; 4.2 supports Persistent Networks. The network that you can provision + without having to deploy any VMs on it is called a Persistent Network. A Persistent + Network can be part of a VPC or a non-VPC environment. With the addition of this + feature, you will have the ability to create a network in &PRODUCT; in which physical + devices can be deployed without having to run any VMs. Additionally, you can deploy + physical devices on that network. Another advantages is that you can create a VPC with a + tier that consists only physical devices. For example, you might create a VPC for a + three-tier application, deploy VMs for Web and Application tier, and use physical + machines for the Database tier. Another use case is that if you are providing services + by using physical hardware, you can define the network as persistent and therefore even + if all its VMs are destroyed the services will not be discontinued.
    -
    - Adding a Private Gateway to a VPC - A private gateway can be added by the root admin only. The VPC private network has - 1:1 relationship with the NIC of the physical network. You can configure multiple - private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in - the same data center. -
    - Source NAT on Private Gateway - You might want to deploy multiple VPCs with the same super CIDR and guest tier - CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to reach - a enterprise data center through the private gateway. In such cases, a NAT service - need to be configured on the private gateway. If Source NAT is enabled, the guest VMs - in VPC reaches the enterprise network via private gateway IP address by using the NAT - service. - The Source NAT service on a private gateway can be enabled while adding the - private gateway. On deletion of a private gateway, source NAT rules specific to the - private gateway are deleted. -
    -
    - VPN Gateways - Support up to 8 VPN Gateways is added. -
    -
    - Creating a Static Route - &PRODUCT; enables you to specify routing for the VPN connection you create. You - can enter one or CIDR addresses to indicate which traffic is to be routed back to the - gateway. -
    -
    - Blacklisting Routes - &PRODUCT; enables you to block a list of routes so that they are not assigned to - any of the VPC private gateways. Specify the list of routes that you want to blacklist - in the blacklisted.routes global parameter. Note that the parameter - update affects only new static route creations. If you block an existing static route, - it remains intact and continue functioning. You cannot add a static route if the route - is blacklisted for the zone. -
    +
    + Cisco VNMC Support + Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and + policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with + ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able + to: + + + Configure Cisco ASA 1000v Firewalls + + + Create and apply security profiles that contain ACL policy sets for both ingress + and egress traffic, and NAT policy sets + + + &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware + hypervisors. +
    +
    + VMware vNetwork Distributed vSwitch + &PRODUCT; supports VMware vSphere Distributed Switch (VDS) for virtual network + configuration in a VMware vSphere environment. Each vCenter server instance can support + up to 128 VDSs and each VDS can manage up to 500 VMware hosts. &PRODUCT; supports + configuring virtual networks in a deployment with a mix of Virtual Distributed Switch, + Standard Virtual Switch and Nexus 1000v Virtual Switch. +
    +
    + IP Reservation in Isolated Guest Networks + In Isolated guest networks in &PRODUCT; 4.2, a part of the guest IP address space + can be reserved for non-&PRODUCT; VMs or physical servers. To do so, you configure a + range of Reserved IP addresses by specifying the CIDR when a guest network is in + Implemented state. The advantage of having this feature is that if your customers wish + to have non-&PRODUCT; controlled VMs or physical servers on the same network, they can + use a part of the IP address space that is primarily provided to the guest network. When + IP reservation is configured, the administrator can add additional VMs or physical + servers that are not part of &PRODUCT; to the same network and assign them the Reserved + IP addresses. &PRODUCT; guest VMs cannot acquire IPs from the Reserved IP Range. +
    +
    + Dedicated Resources: Public IP Addresses and VLANs Per Account + &PRODUCT; provides you the ability to reserve a set of public IP addresses and VLANs + exclusively for an account. During zone creation, you can continue to define a set of + VLANs and multiple public IP ranges. This feature extends the functionality to enable + you to dedicate a fixed set of VLANs and guest IP addresses for a tenant. + This feature provides you the following capabilities: + + + Reserve a VLAN range and public IP address range from an Advanced zone and + assign it to an account + + + Disassociate a VLAN and public IP address range from an account + + + + Ensure that you check whether the required range is available and conforms to + account limits. The maximum IPs per account limit cannot be superseded. + +
    +
    + Enhanced Juniper SRX Support for Egress Firewall Rules + Egress firewall rules were previously supported on virtual routers, and now they are + also supported on Juniper SRX external networking devices. + Egress traffic originates from a private network to a public network, such as the + Internet. By default, the egress traffic is blocked, so no outgoing traffic is allowed + from a guest network to the Internet. However, you can control the egress traffic in an + Advanced zone by creating egress firewall rules. When an egress firewall rule is + applied, the traffic specific to the rule is allowed and the remaining traffic is + blocked. When all the firewall rules are removed the default policy, Block, is + applied. + + Egress firewall rules are not supported on Shared networks. They are supported + only on Isolated guest networks. + +
    +
    + Configuring the Default Egress Policy + The default egress policy for Isolated guest network can be configured by using + Network offering. Use the create network offering option to determine whether the + default policy should be block or allow all the traffic to the public network from a + guest network. Use this network offering to create the network. If no policy is + specified, by default all the traffic is allowed from the guest network that you create + by using this network offering. + You have two options: Allow and Deny. + If you select Allow for a network offering, by default egress traffic is allowed. + However, when an egress rule is configured for a guest network, rules are applied to + block the specified traffic and rest are allowed. If no egress rules are configured for + the network, egress traffic is accepted. If you select Deny for a network offering, by + default egress traffic for the guest network is blocked. However, when an egress rules + is configured for a guest network, rules are applied to allow the specified traffic. + While implementing a guest network, &PRODUCT; adds the firewall egress rule specific to + the default egress policy for the guest network. + This feature is supported only on virtual router and Juniper SRX. +
    +
    + Non-Contiguous VLAN Ranges + &PRODUCT; provides you with the flexibility to add non contiguous VLAN ranges to + your network. The administrator can either update an existing VLAN range or add multiple + non contiguous VLAN ranges while creating a zone. You can also use the + UpdatephysicalNetwork API to extend the VLAN range. +
    +
    + Isolation in Advanced Zone Using Private VLAN + Isolation of guest traffic in shared networks can be achieved by using Private VLANs + (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a + PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach + the DHCP server and gateway, this would in turn allow users to control traffic within a + network and help them deploy multiple applications without communication between + application as well as prevent communication with other users’ VMs. + + + Isolate VMs in a shared networks by using Private VLANs. + + + Supported on KVM, XenServer, and VMware hypervisors. + + + PVLAN-enabled shared network can be a part of multiple networks of a guest VM. + + + + For further reading: + + + Understanding Private VLANs + + + Cisco Systems' Private VLANs: + Scalable Security in a Multi-Client Environment + + + Private VLAN (PVLAN) on vNetwork Distributed + Switch - Concept Overview (1010691) + + +
    +
    + Configuring Multiple IP Addresses on a Single NIC + (Supported on XenServer, KVM, and VMware hypervisors) + &PRODUCT; now provides you the ability to associate multiple private IP addresses + per guest VM NIC. This feature is supported on all the network + configurations—Basic, Advanced, and VPC. Security Groups, Static NAT and Port + forwarding services are supported on these additional IPs. In addition to the primary + IP, you can assign additional IPs to the guest VM NIC. Up to 256 IP addresses are + allowed per NIC. + As always, you can specify an IP from the guest subnet; if not specified, an IP is + automatically picked up from the guest VM subnet. You can view the IPs associated with + for each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by + using firewall configuration in the &PRODUCT; UI. You must specify the NIC to which the + IP should be associated. +
    +
    + Adding Multiple IP Ranges + (Supported on KVM, xenServer, and VMware hypervisors) + &PRODUCT; 4.2 provides you with the flexibility to add guest IP ranges from + different subnets in Basic zones and security groups-enabled Advanced zones. For + security groups-enabled Advanced zones, it implies multiple subnets can be added to the + same VLAN. With the addition of this feature, you will be able to add IP address ranges + from the same subnet or from a different one when IP address are exhausted. This would + in turn allows you to employ higher number of subnets and thus reduce the address + management overhead. + Ensure that you manually configure the gateway of the new subnet before adding the + IP range. Note that &PRODUCT; supports only one gateway for a subnet; overlapping + subnets are not currently supported. + You can also delete IP ranges. This operation fails if an IP from the remove range + is in use. If the remove range contains the IP address on which the DHCP server is + running, &PRODUCT; acquires a new IP from the same subnet. If no IP is available in the + subnet, the remove operation fails. + + The feature can only be implemented on IPv4 addresses. + +
    +
    + Support for Multiple Networks in VMs + (Supported on XenServer, VMware and KVM hypervisors) + &PRODUCT; 4.2 provides you the ability to add and remove multiple networks to a VM. + You can remove a network from a VM and add a new network. You can also change the + default network of a VM. With this functionality, hybrid or traditional server loads can + be accommodated with ease. + For adding or removing a NIC to work on VMware, ensure that vm-tools are running on + guest VMs. +
    +
    + Global Server Load Balancing + &PRODUCT; 4.2 supports Global Server Load Balancing (GSLB) functionalities to + provide business continuity by load balancing traffic to an instance on active zones + only in case of zone failures . &PRODUCT; achieve this by extending its functionality of + integrating with NetScaler Application Delivery Controller (ADC), which also provides + various GSLB capabilities, such as disaster recovery and load balancing. The DNS + redirection technique is used to achieve GSLB in &PRODUCT;. In order to support this + functionality, region level services and service provider are introduced. A new service + 'GSLB' is introduced as a region level service. The GSLB service provider is introduced + that will provider the GSLB service. Currently, NetScaler is the supported GSLB provider + in &PRODUCT;. GSLB functionality works in an Active-Active data center environment. + +
    +
    + Enhanced Load Balancing Services Using External Provider on Shared VLANs + Network services like Firewall, Load Balancing, and NAT are now supported in shared + networks created in an advanced zone. In effect, the following network services shall be + made available to a VM in a shared network: Source NAT, Static NAT, Port Forwarding, + Firewall and Load balancing. Subset of these service can be chosen while creating a + network offering for shared networks. Services available in a shared network is defined + by the network offering and the service chosen in the network offering. For example, if + network offering for a shared network has source NAT service enabled, a public IP shall + be provisioned and source NAT is configured on the firewall device to provide public + access to the VMs on the shared network. Static NAT, Port Forwarding, Load Balancing, + and Firewall services shall be available only on the acquired public IPs associated with + a shared network. + Additionally, Netscaler and Juniper SRX firewall device can be configured inline or + side-by-side mode. +
    +
    + Health Checks for Load Balanced Instances + + This feature is supported only on NetScaler version 10.0 and beyond. + + (NetScaler load balancer only) A load balancer rule distributes requests among a + pool of services (a service in this context means an application running on a virtual + machine). When creating a load balancer rule, you can specify a health check which will + ensure that the rule forwards requests only to services that are healthy (running and + available). When a health check is in effect, the load balancer will stop forwarding + requests to any resources that it has found to be unhealthy. If the resource later + becomes available again, the periodic health check (periodicity is configurable) will + discover it and the resource will once again be made available to the load + balancer. + To configure how often the health check is performed by default, use the global + configuration setting healthcheck.update.interval. This default applies to all the + health check policies in the cloud. You can override this value for an individual health + check policy.
    -
    - Assigning VLANs to Isolated Networks - &PRODUCT; provides you the ability to control VLAN assignment to Isolated networks. - You can assign a VLAN ID when a network is created, just the way it's done for Shared - networks. - The former behaviour also is supported — VLAN is randomly allocated to a network - from the VNET range of the physical network when the network turns to Implemented state. - The VLAN is released back to the VNET pool when the network shuts down as a part of the - Network Garbage Collection. The VLAN can be re-used either by the same network when it is - implemented again, or by any other network. On each subsequent implementation of a - network, a new VLAN can be assigned. - - You cannot change a VLAN once it's assigned to the network. The VLAN remains with - the network for its entire life cycle. - +
    + Host and Virtual Machine Enhancements + The following new features expand the ways you can use hosts and virtual + machines. +
    + VMware DRS Support + The VMware vSphere Distributed Resources Scheduler (DRS) is supported. +
    +
    + Windows 8 and Windows Server 2012 as VM Guest OS + (Supported on XenServer, VMware, and KVM) + Windows 8 and Windows Server 2012 can now be used as OS types on guest virtual + machines. The OS would be made available the same as any other, by uploading an ISO or a + template. The instructions for uploading ISOs and templates are given in the + Administrator's Guide. + + Limitation: When used with VMware hosts, this + feature works only for the following versions: vSphere ESXi 5.1 and ESXi 5.0 Patch + 4. + + +
    +
    + Change Account Ownership of Virtual Machines + A root administrator can now change the ownership of any virtual machine from one + account to any other account. A domain or sub-domain administrator can do the same for + VMs within the domain from one account to any other account in the domain. +
    +
    + Private Pod, Cluster, or Host + Dedicating pod, cluster or host to a specific domain/account means that the + domain/account will have sole access to the dedicated pod, cluster or hosts such that + scalability, security and manageability within a domain/account can be improved. The + resources which belong to that tenant will be placed into that dedicated pod, cluster or + host. +
    +
    + Resizing Volumes + &PRODUCT; provides the ability to resize data disks; &PRODUCT; controls volume size + by using disk offerings. This provides &PRODUCT; administrators with the flexibility to + choose how much space they want to make available to the end users. Volumes within the + disk offerings with the same storage tag can be resized. For example, if you only want + to offer 10, 50, and 100 GB offerings, the allowed resize should stay within those + limits. That implies if you define a 10 GB, a 50 GB and a 100 GB disk offerings, a user + can upgrade from 10 GB to 50 GB, or 50 GB to 100 GB. If you create a custom-sized disk + offering, then you have the option to resize the volume by specifying a new, larger + size. Additionally, using the resizeVolume API, a data volume can be moved from a static + disk offering to a custom disk offering with the size specified. This functionality + allows those who might be billing by certain volume sizes or disk offerings to stick to + that model, while providing the flexibility to migrate to whatever custom size + necessary. This feature is supported on KVM, XenServer, and VMware hosts. However, + shrinking volumes is not supported on VMware hosts +
    +
    + VMware Volume Snapshot Improved Performance + When you take a snapshot of a data volume on VMware, &PRODUCT; will now use a more + efficient storage technique to improve performance. + Previously, every snapshot was immediately exported from vCenter to a mounted NFS + share and packaged into an OVA file format. This operation consumed time and resources. + Starting from 4.2, the original file formats (e.g., VMDK) provided by vCenter will be + retained. An OVA file will only be created as needed, on demand. + The new process applies only to newly created snapshots after upgrade to &PRODUCT; + 4.2. Snapshots that have already been taken and stored in OVA format will continue to + exist in that format, and will continue to work as expected. +
    +
    + Storage Migration: XenMotion and vMotion + (Supported on XenServer and VMware) + Storage migration allows VMs to be moved from one host to another, where the VMs are + not located on storage shared between the two hosts. It provides the option to live + migrate a VM’s disks along with the VM itself. It is now possible to migrate a VM from + one XenServer resource pool / VMware cluster to another, or to migrate a VM whose disks + are on local storage, or even to migrate a VM’s disks from one storage repository to + another, all while the VM is running. +
    +
    + Configuring Usage of Linked Clones on VMware + (For ESX hypervisor in conjunction with vCenter) + In &PRODUCT; 4.2, the creation of VMs as full clones is allowed. In previous + versions, only linked clones were possible. + For a full description of clone types, refer to VMware documentation. In summary: A + full clone is a copy of an existing virtual machine which, once created, does not depend + in any way on the original virtual machine. A linked clone is also a copy of an existing + virtual machine, but it has ongoing dependency on the original. A linked clone shares + the virtual disk of the original VM, and retains access to all files that were present + at the time the clone was created. + A new global configuration setting has been added, vmware.create.full.clone. When + the administrator sets this to true, end users can create guest VMs only as full clones. + The default value is true for new installations. For customers upgrading from a previous + version of &PRODUCT;, the default value of vmware.create.full.clone is false. +
    +
    + VM Deployment Rules + Rules can be set up to ensure that particular VMs are not placed on the same + physical host. These "anti-affinity rules" can increase the reliability of applications + by ensuring that the failure of a single host can not take down the entire group of VMs + supporting a given application. See Affinity Groups in the &PRODUCT; 4.2 Administration + Guide. +
    +
    + CPU and Memory Scaling for Running VMs + (Supported on VMware and XenServer) + You can now change the CPU and RAM values for a running virtual machine. In previous + versions of &PRODUCT;, this could only be done on a stopped VM. + It is not always possible to accurately predict the CPU and RAM requirements when + you first deploy a VM. You might need to increase or decrease these resources at any + time during the life of a VM. With the new ability to dynamically modify CPU and RAM + levels, you can change these resources for a running VM without incurring any + downtime. + Dynamic CPU and RAM scaling can be used in the following cases: + + + New VMs that are created after the installation of &PRODUCT; 4.2. If you are + upgrading from a previous version of &PRODUCT;, your existing VMs created with + previous versions will not have the dynamic scaling capability. + + + User VMs on hosts running VMware and XenServer. + + + System VMs on VMware. + + + VM Tools or XenServer Tools must be installed on the virtual machine. + + + The new requested CPU and RAM values must be within the constraints allowed by + the hypervisor and the VM operating system. + + + To configure this feature, use the following new global configuration + variables: + + + enable.dynamic.scale.vm: Set to True to enable the feature. By default, the + feature is turned off. + + + scale.retry: How many times to attempt the scaling operation. Default = + 2. + + +
    +
    + CPU and Memory Over-Provisioning + (Supported for XenServer, KVM, and VMware) + In &PRODUCT; 4.2, CPU and memory (RAM) over-provisioning factors can be set for each + cluster to change the number of VMs that can run on each host in the cluster. This helps + optimize the use of resources. By increasing the over-provisioning ratio, more resource + capacity will be used. If the ratio is set to 1, no over-provisioning is done. + In previous releases, &PRODUCT; did not perform memory over-provisioning. It + performed CPU over-provisioning based on a ratio configured by the administrator in the + global configuration setting cpu.overprovisioning.factor. Starting in 4.2, the + administrator can specify a memory over-provisioning ratio, and can specify both CPU and + memory over-provisioning ratios on a per-cluster basis, rather than only on a global + basis. + In any given cloud, the optimum number of VMs for each host is affected by such + things as the hypervisor, storage, and hardware configuration. These may be different + for each cluster in the same cloud. A single global over-provisioning setting could not + provide the best utilization for all the different clusters in the cloud. It had to be + set for the lowest common denominator. The new per-cluster setting provides a finer + granularity for better utilization of resources, no matter where the &PRODUCT; placement + algorithm decides to place a VM. +
    +
    + Kickstart Installation for Bare Metal Provisioning + &PRODUCT; 4.2 supports the kick start installation method for RPM-based Linux + operating systems on baremetal hosts in basic zones. Users can provision a baremetal + host managed by &PRODUCT; as long as they have the kick start file and corresponding OS + installation ISO ready. + Tested on CentOS 5.5, CentOS 6.2, CentOS 6.3, Ubuntu 12.04. + For more information, see the Baremetal Installation Guide. +
    +
    + Enhanced Bare Metal Support on Cisco UCS + You can now more easily provision new Cisco UCS server blades into &PRODUCT; for use + as bare metal hosts. The goal is to enable easy expansion of the cloud by leveraging the + programmability of the UCS converged infrastructure and &PRODUCT;’s knowledge of the + cloud architecture and ability to orchestrate. With this new feature, &PRODUCT; can + automatically understand the UCS environment, server profiles, etc. to make it easy to + deploy a bare metal OS on a Cisco UCS. +
    +
    + Changing a VM's Base Image + Every VM is created from a base image, which is a template or ISO which has been + created and stored in &PRODUCT;. Both cloud administrators and end users can create and + modify templates, ISOs, and VMs. + In &PRODUCT; 4.2, there is a new way to modify an existing VM. You can change an + existing VM from one base image to another. For example, suppose there is a template + based on a particular operating system, and the OS vendor releases a software patch. The + administrator or user naturally wants to apply the patch and then make sure existing VMs + start using it. Whether a software update is involved or not, it's also possible to + simply switch a VM from its current template to any other desired template. +
    +
    + Reset VM on Reboot + In &PRODUCT; 4.2, you can specify that you want to discard the root disk and create + a new one whenever a given VM is rebooted. This is useful for secure environments that + need a fresh start on every boot and for desktops that should not retain state. The IP + address of the VM will not change due to this operation. +
    +
    + Virtual Machine Snapshots for VMware + (VMware hosts only) In addition to the existing &PRODUCT; ability to snapshot + individual VM volumes, you can now take a VM snapshot to preserve all the VM's data + volumes as well as (optionally) its CPU/memory state. This is useful for quick restore + of a VM. For example, you can snapshot a VM, then make changes such as software + upgrades. If anything goes wrong, simply restore the VM to its previous state using the + previously saved VM snapshot. + The snapshot is created using the VMware native snapshot facility. The VM snapshot + includes not only the data volumes, but optionally also whether the VM is running or + turned off (CPU state) and the memory contents. The snapshot is stored in &PRODUCT;'s + primary storage. + VM snapshots can have a parent/child relationship. Each successive snapshot of the + same VM is the child of the snapshot that came before it. Each time you take an + additional snapshot of the same VM, it saves only the differences between the current + state of the VM and the state stored in the most recent previous snapshot. The previous + snapshot becomes a parent, and the new snapshot is its child. It is possible to create a + long chain of these parent/child snapshots, which amount to a "redo" record leading from + the current state of the VM back to the original. +
    +
    + Increased Userdata Size When Deploying a VM + You can now specify up to 32KB of userdata when deploying a virtual machine through + the &PRODUCT; UI or the deployVirtualMachine API call. +
    +
    + Set VMware Cluster Size Limit Depending on VMware Version + The maximum number of hosts in a vSphere cluster is determined by the VMware + hypervisor software. For VMware versions 4.2, 4.1, 5.0, and 5.1, the limit is 32 + hosts. + For &PRODUCT; 4.2, the global configuration setting vmware.percluster.host.max has + been removed. The maximum number of hosts in a VMware cluster is now determined by the + underlying hypervisor software. + + Best Practice: It is advisable for VMware clusters in &PRODUCT; to be smaller than + the VMware hypervisor's maximum size. A cluster size of up to 8 hosts has been found + optimal for most real-world situations. + +
    +
    + Limiting Resource Usage + Previously in &PRODUCT;, resource usage limit was imposed based on the resource + count, that is, restrict a user or domain on the basis of the number of VMs, volumes, or + snapshots used. In &PRODUCT; 4.2, a new set of resource types has been added to the + existing pool of resources (VMs, Volumes, and Snapshots) to support the customization + model—need-basis usage, such as large VM or small VM. The new resource types are + now broadly classified as CPU, RAM, Primary storage, and Secondary storage. &PRODUCT; + 4.2 allows the root administrator to impose resource usage limit by the following + resource types for Domain, Project and Accounts. + + + CPUs + + + Memory (RAM) + + + Primary Storage (Volumes) + + + Secondary Storage (Snapshots, Templates, ISOs) + + +
    -
    - Persistent Networks - &PRODUCT; 4.2 supports Persistent Networks. The network that you can provision without - having to deploy any VMs on it is called a Persistent Network. A Persistent Network can be - part of a VPC or a non-VPC environment. With the addition of this feature, you will have - the ability to create a network in &PRODUCT; in which physical devices can be deployed - without having to run any VMs. Additionally, you can deploy physical devices on that - network. Another advantages is that you can create a VPC with a tier that consists only - physical devices. For example, you might create a VPC for a three-tier application, deploy - VMs for Web and Application tier, and use physical machines for the Database tier. Another - use case is that if you are providing services by using physical hardware, you can define - the network as persistent and therefore even if all its VMs are destroyed the services - will not be discontinued. -
    -
    - Cisco VNMC Support - Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and - policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with - ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: - - - Configure Cisco ASA 1000v Firewalls - - - Create and apply security profiles that contain ACL policy sets for both ingress - and egress traffic, and NAT policy sets - - - &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware - hypervisors. -
    -
    - VMware vNetwork Distributed vSwitch - &PRODUCT; supports VMware vSphere Distributed Switch (VDS) for virtual network - configuration in a VMware vSphere environment. Each vCenter server instance can support up - to 128 VDSs and each VDS can manage up to 500 VMware hosts. &PRODUCT; supports configuring - virtual networks in a deployment with a mix of Virtual Distributed Switch, Standard - Virtual Switch and Nexus 1000v Virtual Switch. -
    -
    - IP Reservation in Isolated Guest Networks - In Isolated guest networks in &PRODUCT; 4.2, a part of the guest IP address space can - be reserved for non-&PRODUCT; VMs or physical servers. To do so, you configure a range of - Reserved IP addresses by specifying the CIDR when a guest network is in Implemented state. - The advantage of having this feature is that if your customers wish to have non-&PRODUCT; - controlled VMs or physical servers on the same network, they can use a part of the IP - address space that is primarily provided to the guest network. When IP reservation is - configured, the administrator can add additional VMs or physical servers that are not part - of &PRODUCT; to the same network and assign them the Reserved IP addresses. &PRODUCT; - guest VMs cannot acquire IPs from the Reserved IP Range. -
    -
    - Dedicated Resources: Public IP Addresses and VLANs Per Account - &PRODUCT; provides you the ability to reserve a set of public IP addresses and VLANs - exclusively for an account. During zone creation, you can continue to define a set of - VLANs and multiple public IP ranges. This feature extends the functionality to enable you - to dedicate a fixed set of VLANs and guest IP addresses for a tenant. - This feature provides you the following capabilities: - - - Reserve a VLAN range and public IP address range from an Advanced zone and assign - it to an account - - - Disassociate a VLAN and public IP address range from an account - - - - Ensure that you check whether the required range is available and conforms to - account limits. The maximum IPs per account limit cannot be superseded. - -
    -
    - Enhanced Juniper SRX Support for Egress Firewall Rules - Egress firewall rules were previously supported on virtual routers, and now they are - also supported on Juniper SRX external networking devices. - Egress traffic originates from a private network to a public network, such as the - Internet. By default, the egress traffic is blocked, so no outgoing traffic is allowed - from a guest network to the Internet. However, you can control the egress traffic in an - Advanced zone by creating egress firewall rules. When an egress firewall rule is applied, - the traffic specific to the rule is allowed and the remaining traffic is blocked. When all - the firewall rules are removed the default policy, Block, is applied. - - Egress firewall rules are not supported on Shared networks. They are supported only - on Isolated guest networks. - -
    -
    - Configuring the Default Egress Policy - The default egress policy for Isolated guest network can be configured by using - Network offering. Use the create network offering option to determine whether the default - policy should be block or allow all the traffic to the public network from a guest - network. Use this network offering to create the network. If no policy is specified, by - default all the traffic is allowed from the guest network that you create by using this - network offering. - You have two options: Allow and Deny. - If you select Allow for a network offering, by default egress traffic is allowed. - However, when an egress rule is configured for a guest network, rules are applied to block - the specified traffic and rest are allowed. If no egress rules are configured for the - network, egress traffic is accepted. If you select Deny for a network offering, by default - egress traffic for the guest network is blocked. However, when an egress rules is - configured for a guest network, rules are applied to allow the specified traffic. While - implementing a guest network, &PRODUCT; adds the firewall egress rule specific to the - default egress policy for the guest network. - This feature is supported only on virtual router and Juniper SRX. -
    -
    - Non-Contiguous VLAN Ranges - &PRODUCT; provides you with the flexibility to add non contiguous VLAN ranges to your - network. The administrator can either update an existing VLAN range or add multiple non - contiguous VLAN ranges while creating a zone. You can also use the UpdatephysicalNetwork - API to extend the VLAN range. -
    -
    - Isolation in Advanced Zone Using Private VLAN - Isolation of guest traffic in shared networks can be achieved by using Private VLANs - (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a - PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach - the DHCP server and gateway, this would in turn allow users to control traffic within a - network and help them deploy multiple applications without communication between - application as well as prevent communication with other users’ VMs. - - - Isolate VMs in a shared networks by using Private VLANs. - - - Supported on KVM, XenServer, and VMware hypervisors. - - - PVLAN-enabled shared network can be a part of multiple networks of a guest VM. - - - - For further reading: - - - Understanding Private VLANs - - - Cisco Systems' Private VLANs: - Scalable Security in a Multi-Client Environment - - - Private VLAN (PVLAN) on vNetwork Distributed - Switch - Concept Overview (1010691) - - -
    -
    - Configuring Multiple IP Addresses on a Single NIC - (Supported on XenServer, KVM, and VMware hypervisors) - &PRODUCT; now provides you the ability to associate multiple private IP addresses per - guest VM NIC. This feature is supported on all the network configurations—Basic, - Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported - on these additional IPs. In addition to the primary IP, you can assign additional IPs to - the guest VM NIC. Up to 256 IP addresses are allowed per NIC. - As always, you can specify an IP from the guest subnet; if not specified, an IP is - automatically picked up from the guest VM subnet. You can view the IPs associated with for - each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by using - firewall configuration in the &PRODUCT; UI. You must specify the NIC to which the IP - should be associated. -
    -
    - Adding Multiple IP Ranges - (Supported on KVM, xenServer, and VMware hypervisors) - &PRODUCT; 4.2 provides you with the flexibility to add guest IP ranges from different - subnets in Basic zones and security groups-enabled Advanced zones. For security - groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. - With the addition of this feature, you will be able to add IP address ranges from the same - subnet or from a different one when IP address are exhausted. This would in turn allows - you to employ higher number of subnets and thus reduce the address management - overhead. - Ensure that you manually configure the gateway of the new subnet before adding the IP - range. Note that &PRODUCT; supports only one gateway for a subnet; overlapping subnets are - not currently supported. - You can also delete IP ranges. This operation fails if an IP from the remove range is - in use. If the remove range contains the IP address on which the DHCP server is running, - &PRODUCT; acquires a new IP from the same subnet. If no IP is available in the subnet, the - remove operation fails. - - The feature can only be implemented on IPv4 addresses. - -
    -
    - Support for Multiple Networks in VMs - (Supported on XenServer, VMware and KVM hypervisors) - &PRODUCT; 4.2 provides you the ability to add and remove multiple networks to a VM. - You can remove a network from a VM and add a new network. You can also change the default - network of a VM. With this functionality, hybrid or traditional server loads can be - accommodated with ease. - For adding or removing a NIC to work on VMware, ensure that vm-tools are running on - guest VMs. -
    -
    - Global Server Load Balancing - &PRODUCT; 4.2 supports Global Server Load Balancing (GSLB) functionalities to provide - business continuity by load balancing traffic to an instance on active zones only in case - of zone failures . &PRODUCT; achieve this by extending its functionality of integrating - with NetScaler Application Delivery Controller (ADC), which also provides various GSLB - capabilities, such as disaster recovery and load balancing. The DNS redirection technique - is used to achieve GSLB in &PRODUCT;. In order to support this functionality, region level - services and service provider are introduced. A new service 'GSLB' is introduced as a - region level service. The GSLB service provider is introduced that will provider the GSLB - service. Currently, NetScaler is the supported GSLB provider in &PRODUCT;. GSLB - functionality works in an Active-Active data center environment. -
    -
    - Enhanced Load Balancing Services Using External Provider on Shared VLANs - Network services like Firewall, Load Balancing, and NAT are now supported in shared - networks created in an advanced zone. In effect, the following network services shall be - made available to a VM in a shared network: Source NAT, Static NAT, Port Forwarding, - Firewall and Load balancing. Subset of these service can be chosen while creating a - network offering for shared networks. Services available in a shared network is defined by - the network offering and the service chosen in the network offering. For example, if - network offering for a shared network has source NAT service enabled, a public IP shall be - provisioned and source NAT is configured on the firewall device to provide public access - to the VMs on the shared network. Static NAT, Port Forwarding, Load Balancing, and - Firewall services shall be available only on the acquired public IPs associated with a - shared network. - Additionally, Netscaler and Juniper SRX firewall device can be configured inline or - side-by-side mode. -
    -
    - Health Checks for Load Balanced Instances - - This feature is supported only on NetScaler version 10.0 and beyond. - - (NetScaler load balancer only) A load balancer rule distributes requests among a pool - of services (a service in this context means an application running on a virtual machine). - When creating a load balancer rule, you can specify a health check which will ensure that - the rule forwards requests only to services that are healthy (running and available). When - a health check is in effect, the load balancer will stop forwarding requests to any - resources that it has found to be unhealthy. If the resource later becomes available - again, the periodic health check (periodicity is configurable) will discover it and the - resource will once again be made available to the load balancer. - To configure how often the health check is performed by default, use the global - configuration setting healthcheck.update.interval. This default applies to all the health - check policies in the cloud. You can override this value for an individual health check - policy. -
    -
    -
    - Host and Virtual Machine Enhancements - The following new features expand the ways you can use hosts and virtual - machines. -
    - VMware DRS Support - The VMware vSphere Distributed Resources Scheduler (DRS) is supported. -
    -
    - Windows 8 and Windows Server 2012 as VM Guest OS - (Supported on XenServer, VMware, and KVM) - Windows 8 and Windows Server 2012 can now be used as OS types on guest virtual - machines. The OS would be made available the same as any other, by uploading an ISO or a - template. The instructions for uploading ISOs and templates are given in the - Administrator's Guide. - - Limitation: When used with VMware hosts, this - feature works only for the following versions: vSphere ESXi 5.1 and ESXi 5.0 Patch - 4. - - -
    -
    - Change Account Ownership of Virtual Machines - A root administrator can now change the ownership of any virtual machine from one - account to any other account. A domain or sub-domain administrator can do the same for VMs - within the domain from one account to any other account in the domain. -
    -
    - Private Pod, Cluster, or Host - Dedicating pod, cluster or host to a specific domain/account means that the - domain/account will have sole access to the dedicated pod, cluster or hosts such that - scalability, security and manageability within a domain/account can be improved. The - resources which belong to that tenant will be placed into that dedicated pod, cluster or - host. -
    -
    - Resizing Volumes - &PRODUCT; provides the ability to resize data disks; &PRODUCT; controls volume size by - using disk offerings. This provides &PRODUCT; administrators with the flexibility to - choose how much space they want to make available to the end users. Volumes within the - disk offerings with the same storage tag can be resized. For example, if you only want to - offer 10, 50, and 100 GB offerings, the allowed resize should stay within those limits. - That implies if you define a 10 GB, a 50 GB and a 100 GB disk offerings, a user can - upgrade from 10 GB to 50 GB, or 50 GB to 100 GB. If you create a custom-sized disk - offering, then you have the option to resize the volume by specifying a new, larger size. - Additionally, using the resizeVolume API, a data volume can be moved from a static disk - offering to a custom disk offering with the size specified. This functionality allows - those who might be billing by certain volume sizes or disk offerings to stick to that - model, while providing the flexibility to migrate to whatever custom size necessary. This - feature is supported on KVM, XenServer, and VMware hosts. However, shrinking volumes is - not supported on VMware hosts -
    -
    - VMware Volume Snapshot Improved Performance - When you take a snapshot of a data volume on VMware, &PRODUCT; will now use a more - efficient storage technique to improve performance. - Previously, every snapshot was immediately exported from vCenter to a mounted NFS - share and packaged into an OVA file format. This operation consumed time and resources. - Starting from 4.2, the original file formats (e.g., VMDK) provided by vCenter will be - retained. An OVA file will only be created as needed, on demand. - The new process applies only to newly created snapshots after upgrade to &PRODUCT; - 4.2. Snapshots that have already been taken and stored in OVA format will continue to - exist in that format, and will continue to work as expected. -
    -
    - Storage Migration: XenMotion and vMotion - (Supported on XenServer and VMware) - Storage migration allows VMs to be moved from one host to another, where the VMs are - not located on storage shared between the two hosts. It provides the option to live - migrate a VM’s disks along with the VM itself. It is now possible to migrate a VM from one - XenServer resource pool / VMware cluster to another, or to migrate a VM whose disks are on - local storage, or even to migrate a VM’s disks from one storage repository to another, all - while the VM is running. -
    -
    - Configuring Usage of Linked Clones on VMware - (For ESX hypervisor in conjunction with vCenter) - In &PRODUCT; 4.2, the creation of VMs as full clones is allowed. In previous versions, - only linked clones were possible. - For a full description of clone types, refer to VMware documentation. In summary: A - full clone is a copy of an existing virtual machine which, once created, does not depend - in any way on the original virtual machine. A linked clone is also a copy of an existing - virtual machine, but it has ongoing dependency on the original. A linked clone shares the - virtual disk of the original VM, and retains access to all files that were present at the - time the clone was created. - A new global configuration setting has been added, vmware.create.full.clone. When the - administrator sets this to true, end users can create guest VMs only as full clones. The - default value is true for new installations. For customers upgrading from a previous - version of &PRODUCT;, the default value of vmware.create.full.clone is false. -
    -
    - VM Deployment Rules - Rules can be set up to ensure that particular VMs are not placed on the same physical - host. These "anti-affinity rules" can increase the reliability of applications by ensuring - that the failure of a single host can not take down the entire group of VMs supporting a - given application. See Affinity Groups in the &PRODUCT; 4.2 Administration Guide. -
    -
    - CPU and Memory Scaling for Running VMs - (Supported on VMware and XenServer) - You can now change the CPU and RAM values for a running virtual machine. In previous - versions of &PRODUCT;, this could only be done on a stopped VM. - It is not always possible to accurately predict the CPU and RAM requirements when you - first deploy a VM. You might need to increase or decrease these resources at any time - during the life of a VM. With the new ability to dynamically modify CPU and RAM levels, - you can change these resources for a running VM without incurring any downtime. - Dynamic CPU and RAM scaling can be used in the following cases: - - - New VMs that are created after the installation of &PRODUCT; 4.2. If you are - upgrading from a previous version of &PRODUCT;, your existing VMs created with - previous versions will not have the dynamic scaling capability. - - - User VMs on hosts running VMware and XenServer. - - - System VMs on VMware. - - - VM Tools or XenServer Tools must be installed on the virtual machine. - - - The new requested CPU and RAM values must be within the constraints allowed by the - hypervisor and the VM operating system. - - - To configure this feature, use the following new global configuration - variables: - - - enable.dynamic.scale.vm: Set to True to enable the feature. By default, the - feature is turned off. - - - scale.retry: How many times to attempt the scaling operation. Default = 2. - - -
    -
    - CPU and Memory Over-Provisioning - (Supported for XenServer, KVM, and VMware) - In &PRODUCT; 4.2, CPU and memory (RAM) over-provisioning factors can be set for each - cluster to change the number of VMs that can run on each host in the cluster. This helps - optimize the use of resources. By increasing the over-provisioning ratio, more resource - capacity will be used. If the ratio is set to 1, no over-provisioning is done. - In previous releases, &PRODUCT; did not perform memory over-provisioning. It performed - CPU over-provisioning based on a ratio configured by the administrator in the global - configuration setting cpu.overprovisioning.factor. Starting in 4.2, the administrator can - specify a memory over-provisioning ratio, and can specify both CPU and memory - over-provisioning ratios on a per-cluster basis, rather than only on a global - basis. - In any given cloud, the optimum number of VMs for each host is affected by such things - as the hypervisor, storage, and hardware configuration. These may be different for each - cluster in the same cloud. A single global over-provisioning setting could not provide the - best utilization for all the different clusters in the cloud. It had to be set for the - lowest common denominator. The new per-cluster setting provides a finer granularity for - better utilization of resources, no matter where the &PRODUCT; placement algorithm decides - to place a VM. -
    -
    - Kickstart Installation for Bare Metal Provisioning - &PRODUCT; 4.2 supports the kick start installation method for RPM-based Linux - operating systems on baremetal hosts in basic zones. Users can provision a baremetal host - managed by &PRODUCT; as long as they have the kick start file and corresponding OS - installation ISO ready. - Tested on CentOS 5.5, CentOS 6.2, CentOS 6.3, Ubuntu 12.04. - For more information, see the Baremetal Installation Guide. -
    -
    - Enhanced Bare Metal Support on Cisco UCS - You can now more easily provision new Cisco UCS server blades into &PRODUCT; for use - as bare metal hosts. The goal is to enable easy expansion of the cloud by leveraging the - programmability of the UCS converged infrastructure and &PRODUCT;’s knowledge of the cloud - architecture and ability to orchestrate. With this new feature, &PRODUCT; can - automatically understand the UCS environment, server profiles, etc. to make it easy to - deploy a bare metal OS on a Cisco UCS. -
    -
    - Changing a VM's Base Image - Every VM is created from a base image, which is a template or ISO which has been - created and stored in &PRODUCT;. Both cloud administrators and end users can create and - modify templates, ISOs, and VMs. - In &PRODUCT; 4.2, there is a new way to modify an existing VM. You can change an - existing VM from one base image to another. For example, suppose there is a template based - on a particular operating system, and the OS vendor releases a software patch. The - administrator or user naturally wants to apply the patch and then make sure existing VMs - start using it. Whether a software update is involved or not, it's also possible to simply - switch a VM from its current template to any other desired template. -
    -
    - Reset VM on Reboot - In &PRODUCT; 4.2, you can specify that you want to discard the root disk and create a - new one whenever a given VM is rebooted. This is useful for secure environments that need - a fresh start on every boot and for desktops that should not retain state. The IP address - of the VM will not change due to this operation. -
    -
    - Virtual Machine Snapshots for VMware - (VMware hosts only) In addition to the existing &PRODUCT; ability to snapshot - individual VM volumes, you can now take a VM snapshot to preserve all the VM's data - volumes as well as (optionally) its CPU/memory state. This is useful for quick restore of - a VM. For example, you can snapshot a VM, then make changes such as software upgrades. If - anything goes wrong, simply restore the VM to its previous state using the previously - saved VM snapshot. - The snapshot is created using the VMware native snapshot facility. The VM snapshot - includes not only the data volumes, but optionally also whether the VM is running or - turned off (CPU state) and the memory contents. The snapshot is stored in &PRODUCT;'s - primary storage. - VM snapshots can have a parent/child relationship. Each successive snapshot of the - same VM is the child of the snapshot that came before it. Each time you take an additional - snapshot of the same VM, it saves only the differences between the current state of the VM - and the state stored in the most recent previous snapshot. The previous snapshot becomes a - parent, and the new snapshot is its child. It is possible to create a long chain of these - parent/child snapshots, which amount to a "redo" record leading from the current state of - the VM back to the original. -
    -
    - Increased Userdata Size When Deploying a VM - You can now specify up to 32KB of userdata when deploying a virtual machine through - the &PRODUCT; UI or the deployVirtualMachine API call. -
    -
    - Set VMware Cluster Size Limit Depending on VMware Version - The maximum number of hosts in a vSphere cluster is determined by the VMware - hypervisor software. For VMware versions 4.2, 4.1, 5.0, and 5.1, the limit is 32 - hosts. - For &PRODUCT; 4.2, the global configuration setting vmware.percluster.host.max has - been removed. The maximum number of hosts in a VMware cluster is now determined by the - underlying hypervisor software. - - Best Practice: It is advisable for VMware clusters in &PRODUCT; to be smaller than - the VMware hypervisor's maximum size. A cluster size of up to 8 hosts has been found - optimal for most real-world situations. - -
    -
    - Limiting Resource Usage - Previously in &PRODUCT;, resource usage limit was imposed based on the resource count, - that is, restrict a user or domain on the basis of the number of VMs, volumes, or - snapshots used. In &PRODUCT; 4.2, a new set of resource types has been added to the - existing pool of resources (VMs, Volumes, and Snapshots) to support the customization - model—need-basis usage, such as large VM or small VM. The new resource types are now - broadly classified as CPU, RAM, Primary storage, and Secondary storage. &PRODUCT; 4.2 - allows the root administrator to impose resource usage limit by the following resource - types for Domain, Project and Accounts. - - - CPUs - - - Memory (RAM) - - - Primary Storage (Volumes) - - - Secondary Storage (Snapshots, Templates, ISOs) - - -
    -
    -
    - Monitoring, Maintenance, and Operations Enhancements - -
    - Publish and Subscribe for Event Notification - An event is essentially a significant or meaningful change in the state of both - virtual and physical resources associated with a cloud environment. In &PRODUCT; an event - could be a state change of virtual or psychical resources, an action performed by an user - (action events), or policy based events (alerts). In &PRODUCT; 4.2, a new event - notification framework has been added. This framework provides a means for the Management - Server components to publish and subscribe to &PRODUCT; events. Event notification is - achieved by implementing the concept of event bus abstraction in the Management Server. - A new event for state change, resource state change, is introduced as part of Event - notification framework. Every resource, such as user VM, volume, NIC, network, public IP, - snapshot, and template, is associated with a state machine and generates events as part of - the state change. That implies that a change in the state of a resource results in a state - change event, and the event is published in the corresponding state machine on the event - bus. All the &PRODUCT; events (alerts, action events, usage events) and the additional - category of resource state change events, are published on to the events bus. -
    -
    - Deleting and Archiving Events and Alerts - In addition to viewing a list of events and alerts in the UI, the administrator can - now delete and archive them. In order to support deleting and archiving alerts, the - following global parameters have been added: - - - alert.purge.delay: The alerts older than - specified number of days are purged. Set the value to 0 to never purge alerts - automatically. - - - alert.purge.interval: The interval in seconds to - wait before running the alert purge thread. The default is 86400 seconds (one - day). - - - - Archived alerts or events cannot be viewed in the UI, or by using the API. They are - maintained in the database for auditing or compliance purposes. - -
    -
    - Increased Granularity for Configuration Parameters - Some configuration parameters which were previously available only at the global level - of the cloud can now be set for smaller components of the cloud, such as at the zone - level. To set these parameters, look for the new Settings tab in the UI. You will find it - on the detail page for an account, cluster, zone, or primary storage. - The account level parameters are: remote.access.vpn.client.iprange, - allow.public.user.templates, use.system.public.ips, and - use.system.guest.vlans - The cluster level parameters are - cluster.storage.allocated.capacity.notificationthreshold, - cluster.storage.capacity.notificationthreshold, - cluster.cpu.allocated.capacity.notificationthreshold, - cluster.memory.allocated.capacity.notificationthreshold, - cluster.cpu.allocated.capacity.disablethreshold, - cluster.memory.allocated.capacity.disablethreshold, - cpu.overprovisioning.factor, mem.overprovisioning.factor, - vmware.reserve.cpu, and vmware.reserve.mem. - The zone level parameters are - pool.storage.allocated.capacity.disablethreshold, - pool.storage.capacity.disablethreshold, - storage.overprovisioning.factor, network.throttling.rate, - guest.domain.suffix, router.template.xen, - router.template.kvm, router.template.vmware, - router.template.hyperv, router.template.lxc, - enable.dynamic.scale.vm, use.external.dns, and - blacklisted.routes. -
    -
    - API Request Throttling - In &PRODUCT; 4.2, you can limit the rate at which API requests can be placed for each - account. This is useful to avoid malicious attacks on the Management Server, prevent - performance degradation, and provide fairness to all accounts. - If the number of API calls exceeds the threshold, an error message is returned for any - additional API calls. The caller will have to retry these API calls at another - time. - To control the API request throttling, use the following new global configuration - settings: - - - api.throttling.enabled - Enable/Disable API throttling. By default, this setting - is false, so API throttling is not enabled. - - - api.throttling.interval (in seconds) - Time interval during which the number of - API requests is to be counted. When the interval has passed, the API count is reset to - 0. - - - api.throttling.max - Maximum number of APIs that can be placed within the - api.throttling.interval period. - - - api.throttling.cachesize - Cache size for storing API counters. Use a value higher - than the total number of accounts managed by the cloud. One cache entry is needed for - each account, to store the running API total for that account within the current time - window. - - -
    -
    - Sending Alerts to External SNMP and Syslog Managers - In addition to showing administrator alerts on the Dashboard in the &PRODUCT; UI and - sending them in email, &PRODUCT; now can also send the same alerts to external SNMP or - Syslog management software. This is useful if you prefer to use an SNMP or Syslog manager - to monitor your cloud. - The supported protocol is SNMP version 2. -
    -
    - Changing the Default Password Encryption - Passwords are encoded when creating or updating users. The new default preferred - encoder, replacing MD5, is SHA256. It is more secure than MD5 hashing. If you take no - action to customize password encryption and authentication, SHA256 Salt will be - used. - If you prefer a different authentication mechanism, &PRODUCT; 4.2 provides a way for - you to determine the default encoding and authentication mechanism for admin and user - logins. Two new configurable lists have been introduced: userPasswordEncoders and - userAuthenticators. userPasswordEncoders allow you to configure the order of preference - for encoding passwords, and userAuthenticator allows you to configure the order in which - authentication schemes are invoked to validate user passwords. - The plain text user authenticator has been modified not to convert supplied passwords - to their md5 sums before checking them with the database entries. It performs a simple - string comparison between retrieved and supplied login passwords instead of comparing the - retrieved md5 hash of the stored password against the supplied md5 hash of the password, - because clients no longer hash the password. -
    -
    - Log Collection Utility cloud-bugtool - &PRODUCT; provides a command-line utility called cloud-bugtool to make it easier to - collect the logs and other diagnostic data required for troubleshooting. This is - especially useful when interacting with Citrix Technical Support. - You can use cloud-bugtool to collect the following: - - - Basic system and environment information and network configuration including IP - addresses, routing, and name resolver settings - - - Information about running processes - - - Management Server logs - - - System logs in /var/log/ - - - Dump of the cloud database - - - - cloud-bugtool collects information which might be considered sensitive and - confidential. Using the --nodb option to avoid the cloud database can - reduce this concern, though it is not guaranteed to exclude all sensitive data. - - -
    -
    - Snaphotting, Backups, Cloning and System VMs for RBD Primary Storage - - These new RBD features require at least librbd 0.61.7 (Cuttlefish) and libvirt - 0.9.14 on the KVM hypervisors. - - This release of &PRODUCT; will leverage the features of RBD format 2. This allows - snapshotting and backing up those snapshots. - Backups of snapshots to Secondary Storage are full copies of the RBD snapshot, they - are not RBD diffs. This because when restoring a backup of a snapshot it is not mandatory - that this backup is deployed on RBD again, it could also be a NFS Primary Storage. - Another key feature of RBD format 2 is cloning. With this release templates will be - copied to Primary Storage once and by using the cloning mechanism new disks will be cloned - from this parent template. This saves space and decreases deployment time for instances - dramatically. - Before this release, a NFS Primary Storage was still required for running the System - VMs from. The reason was a so called 'patch disk' that was generated by the - hypervisor which contained metadata for the System VM. The scripts generating this disk - didn't support RBD and thus System VMs had to be deployed from NFS. With 4.2 instead of - the patch disk a VirtIO serial console is used to pass meta information to System VMs. - This enabled the deployment of System VMs on RBD Primary Storage. +
    + Publish and Subscribe for Event Notification + An event is essentially a significant or meaningful change in the state of both + virtual and physical resources associated with a cloud environment. In &PRODUCT; an + event could be a state change of virtual or psychical resources, an action performed by + an user (action events), or policy based events (alerts). In &PRODUCT; 4.2, a new event + notification framework has been added. This framework provides a means for the + Management Server components to publish and subscribe to &PRODUCT; events. Event + notification is achieved by implementing the concept of event bus abstraction in the + Management Server. + A new event for state change, resource state change, is introduced as part of Event + notification framework. Every resource, such as user VM, volume, NIC, network, public + IP, snapshot, and template, is associated with a state machine and generates events as + part of the state change. That implies that a change in the state of a resource results + in a state change event, and the event is published in the corresponding state machine + on the event bus. All the &PRODUCT; events (alerts, action events, usage events) and the + additional category of resource state change events, are published on to the events + bus. +
    +
    + Deleting and Archiving Events and Alerts + In addition to viewing a list of events and alerts in the UI, the administrator can + now delete and archive them. In order to support deleting and archiving alerts, the + following global parameters have been added: + + + alert.purge.delay: The alerts older than + specified number of days are purged. Set the value to 0 to never purge alerts + automatically. + + + alert.purge.interval: The interval in seconds + to wait before running the alert purge thread. The default is 86400 seconds (one + day). + + + + Archived alerts or events cannot be viewed in the UI, or by using the API. They + are maintained in the database for auditing or compliance purposes. + +
    +
    + Increased Granularity for Configuration Parameters + Some configuration parameters which were previously available only at the global + level of the cloud can now be set for smaller components of the cloud, such as at the + zone level. To set these parameters, look for the new Settings tab in the UI. You will + find it on the detail page for an account, cluster, zone, or primary storage. + The account level parameters are: remote.access.vpn.client.iprange, + allow.public.user.templates, use.system.public.ips, and + use.system.guest.vlans + The cluster level parameters are + cluster.storage.allocated.capacity.notificationthreshold, + cluster.storage.capacity.notificationthreshold, + cluster.cpu.allocated.capacity.notificationthreshold, + cluster.memory.allocated.capacity.notificationthreshold, + cluster.cpu.allocated.capacity.disablethreshold, + cluster.memory.allocated.capacity.disablethreshold, + cpu.overprovisioning.factor, mem.overprovisioning.factor, + vmware.reserve.cpu, and vmware.reserve.mem. + The zone level parameters are + pool.storage.allocated.capacity.disablethreshold, + pool.storage.capacity.disablethreshold, + storage.overprovisioning.factor, network.throttling.rate, + guest.domain.suffix, router.template.xen, + router.template.kvm, router.template.vmware, + router.template.hyperv, router.template.lxc, + enable.dynamic.scale.vm, use.external.dns, and + blacklisted.routes. +
    +
    + API Request Throttling + In &PRODUCT; 4.2, you can limit the rate at which API requests can be placed for + each account. This is useful to avoid malicious attacks on the Management Server, + prevent performance degradation, and provide fairness to all accounts. + If the number of API calls exceeds the threshold, an error message is returned for + any additional API calls. The caller will have to retry these API calls at another + time. + To control the API request throttling, use the following new global configuration + settings: + + + api.throttling.enabled - Enable/Disable API throttling. By default, this setting + is false, so API throttling is not enabled. + + + api.throttling.interval (in seconds) - Time interval during which the number of + API requests is to be counted. When the interval has passed, the API count is reset + to 0. + + + api.throttling.max - Maximum number of APIs that can be placed within the + api.throttling.interval period. + + + api.throttling.cachesize - Cache size for storing API counters. Use a value + higher than the total number of accounts managed by the cloud. One cache entry is + needed for each account, to store the running API total for that account within the + current time window. + + +
    +
    + Sending Alerts to External SNMP and Syslog Managers + In addition to showing administrator alerts on the Dashboard in the &PRODUCT; UI and + sending them in email, &PRODUCT; now can also send the same alerts to external SNMP or + Syslog management software. This is useful if you prefer to use an SNMP or Syslog + manager to monitor your cloud. + The supported protocol is SNMP version 2. +
    +
    + Changing the Default Password Encryption + Passwords are encoded when creating or updating users. The new default preferred + encoder, replacing MD5, is SHA256. It is more secure than MD5 hashing. If you take no + action to customize password encryption and authentication, SHA256 Salt will be + used. + If you prefer a different authentication mechanism, &PRODUCT; 4.2 provides a way for + you to determine the default encoding and authentication mechanism for admin and user + logins. Two new configurable lists have been introduced: userPasswordEncoders and + userAuthenticators. userPasswordEncoders allow you to configure the order of preference + for encoding passwords, and userAuthenticator allows you to configure the order in which + authentication schemes are invoked to validate user passwords. + The plain text user authenticator has been modified not to convert supplied + passwords to their md5 sums before checking them with the database entries. It performs + a simple string comparison between retrieved and supplied login passwords instead of + comparing the retrieved md5 hash of the stored password against the supplied md5 hash of + the password, because clients no longer hash the password. +
    +
    + Log Collection Utility cloud-bugtool + &PRODUCT; provides a command-line utility called cloud-bugtool to make it easier to + collect the logs and other diagnostic data required for troubleshooting. This is + especially useful when interacting with Citrix Technical Support. + You can use cloud-bugtool to collect the following: + + + Basic system and environment information and network configuration including IP + addresses, routing, and name resolver settings + + + Information about running processes + + + Management Server logs + + + System logs in /var/log/ + + + Dump of the cloud database + + + + cloud-bugtool collects information which might be considered sensitive and + confidential. Using the --nodb option to avoid the cloud database can + reduce this concern, though it is not guaranteed to exclude all sensitive data. + + +
    +
    + Snaphotting, Backups, Cloning and System VMs for RBD Primary Storage + + These new RBD features require at least librbd 0.61.7 (Cuttlefish) and libvirt + 0.9.14 on the KVM hypervisors. + + This release of &PRODUCT; will leverage the features of RBD format 2. This allows + snapshotting and backing up those snapshots. + Backups of snapshots to Secondary Storage are full copies of the RBD snapshot, they + are not RBD diffs. This because when restoring a backup of a snapshot it is not + mandatory that this backup is deployed on RBD again, it could also be a NFS Primary + Storage. + Another key feature of RBD format 2 is cloning. With this release templates will be + copied to Primary Storage once and by using the cloning mechanism new disks will be + cloned from this parent template. This saves space and decreases deployment time for + instances dramatically. + Before this release, a NFS Primary Storage was still required for running the System + VMs from. The reason was a so called 'patch disk' that was generated by the hypervisor + which contained metadata for the System VM. The scripts generating this disk didn't + support RBD and thus System VMs had to be deployed from NFS. With 4.2 instead of the + patch disk a VirtIO serial console is used to pass meta information to System VMs. This + enabled the deployment of System VMs on RBD Primary Storage. +
    @@ -1223,7 +1239,7 @@ under the License. - + @@ -1237,10 +1253,10 @@ under the License. CLOUDSTACK-2709 + >CLOUDSTACK-3466 VM Migration across VMware clusters which are added with different switches - (Standard Swith,Vmware DVS, Cisco Nexus 1000v) is not supported.. + (Standard Switch,Vmware DVS, Cisco Nexus 1000v) is not supported. @@ -1248,7 +1264,7 @@ under the License. >CLOUDSTACK-4207 The following exception is observed when the Management Server is started - after upgrade from any older versions to &PRODUCT; 4.2. + after the upgrade from any older versions to &PRODUCT; 4.2. jsonParseException: The JsonDeserializer com.cloud.agent.transport.ArrayTypeAdaptor@2426e26f failed to deserialize json object @@ -1261,17 +1277,18 @@ under the License. CLOUDSTACK-2709 - Egress rules are are not supported on shared networks. + Egress rules are not supported on Shared networks. CLOUDSTACK-1747 - mvn deploydb only creates 4.0 DB, not 4.2 - Due to tooling changes between 4.2 and 4.2, CloudStack's database is created + The mvn deploydb command creates only 4.0 database, not 4.2 + database. + Due to tooling changes between 4.0 and 4.2, &PRODUCT; database is created by using the 4.0 schema and updated to the 4.2 schema when the management server - starts for the first time. It's OK to see the same schema if the management server - has not started yet. + starts for the first time. Neglect the same schema if the management server has + not started yet. @@ -1280,8 +1297,9 @@ under the License. >CLOUDSTACK-1306 - Better Error message when trying to deploy Vm by passing static Ipv4 addresses - that are assigned to another VM/IP4 address is outside the iprange. + Enhance the error message that is displayed when trying to deploy a VM by + passing the static IPv4 addresses that are assigned to another VM or an IPv4 + address that is outside the IP range. @@ -1290,7 +1308,8 @@ under the License. >CLOUDSTACK-1236 - Warning while adding Xen 6.1 host [Unable to create local link network] + Warning while adding a XenSever 6.1 host. The warning displayed is Unable to + create local link network. @@ -1396,20 +1415,347 @@ under the License. console proxy does not support any keymaps besides us, jp + + CLOUDSTACK-4645 + There is no upgrade path from 4.1.1 to 4.2.0. + + + CLOUDSTACK-4641 + Create volume form snapshot command times out exactly after 1 hour in + case of KVM hosts. + + + CLOUDSTACK-4621 + Changing the management server's Ethernet interface or MAC address leaves + the system in unstable state. + + + CLOUDSTACK-4615 + (Baremetal) Baremetal agent is missing in the installer. + + + CLOUDSTACK-4598 + Long delays during deploying a VM; both network and deployment planner + are delayed. + + + CLOUDSTACK-4596 + The same IP range is allowed to be defined in different VLANs across + public and portable ranges. + + + CLOUDSTACK-4588 + (VMware) VM deployment failed while creating a volume with null pointer + exception. + + + CLOUDSTACK-4578 + (VMware) SSVM is not getting created if one host is down in a + cluster. + + + CLOUDSTACK-4551 + Migrating the data volume from NFS to local storage does not change the + underlying disk offering. + + + CLOUDSTACK-4550 + Migration does not work in the case of bridge naming while upgrading KVM + agents to version 4.2. + + + CLOUDSTACK-4549 + Deploying VMs from template fails if the template is created from a + snapshot. + + + CLOUDSTACK-4540 + (VMware) When deploying 30 parallel VMs , 16 VMs fails to get deployed + due to the following error: "VmDataCommand failed due to Exception: + java.lang.Exception Message: Timed out in waiting SSH execution + result". + + + CLOUDSTACK-4506 + In a mixed hypervisor setup, destroying a VM whose host has been removed, + throws a null pointer exception. The Root volume of that VM also is not deleted + from the primary memory. + + + CLOUDSTACK-4442 + Source NAT not applied when network starts up. + + + CLOUDSTACK-4405 + (KVM) Migration between existing hosts and new hosts + fails. + + + CLOUDSTACK-4402 + No options to delete the primary storage if the last host with which it + was associated is already removed. + + + CLOUDSTACK-4366 + (Ubuntu) Key translation fails for the Japanese keyboard for the Menu key + and Caps Lock buttons. + + + CLOUDSTACK-4351 + Host/Hypervisor System Requirements has misleading or premature note in + the documentation. + + + CLOUDSTACK-4348 + Regression truncation issues occurs when moving the cursor to the "plus" + buttons. + + + CLOUDSTACK-4300 + (KVM) System VMs are not coming up after 2.2.14 to 4.2 + upgrade. + + + CLOUDSTACK-4292 + The destroyedvm API failed with ArrayIndexexception while + expunging. + + + CLOUDSTACK-4247 + (VMWARE) Network read and write statistics always returns + zero. + + + CLOUDSTACK-4224 + Deleting UCS returns unknown API. + + + CLOUDSTACK-4220 + From 3.0.6 to 4.2 upgrade, Add VMWare DataCenter button is provided for + legacy zones. + + + CLOUDSTACK-4201 + The listServiceOfferings API does not take virtualmachineid parameter of + SystemVM to return the Service Offerings available for the VM to change a Service + Offering. + + + CLOUDSTACK-4200 + The listSystemVMs API and listRouters API fail to return hypervisor + property. + + + CLOUDSTACK-4148 + The usage statistics are not triggered for Shared network. + + + CLOUDSTACK-4139 + (VMWARE) Resizing the volumes fails if they are created from + snapshot. + + + CLOUDSTACK-4137 + (KVM): After removing a cluster, manage cluster will not bring KVM hosts + to UP state. Manually restart the cloud-agent on KVM hosts. + + + CLOUDSTACK-4128 + The System VMs start up does not check for existence of staging secondary + storage in a zone. + + + CLOUDSTACK-4099 + Update the systemvm templates in DevCloud2. + + + CLOUDSTACK-4095 + Region ID is displayed within the Database Transaction + code. + + + CLOUDSTACK-4072 + The mysql-connector-java rpm is required while upgrading from 2.2.14 to + 4.2. + + + CLOUDSTACK-4036 + The UI remains in processing state and the queryAsyncJobResult is being + called repeatedly for the scaleSystemVm API. + + + CLOUDSTACK-4016 + The listPublicIpAddresses lists the portable IP that was already + transferred to a different Isolated network. + + + CLOUDSTACK-3968 + Distributed Port groups are not deleted when guest networks are removed. + The user account of this network is removed from &PRODUCT; + + + CLOUDSTACK-3967 + No support for usage statistics collection at the portable IP + level + + + CLOUDSTACK-3953 + The usage statistics are not collected for GSLB rules. + + + CLOUDSTACK-3911 + No check available while adding public range in a zone to see whether the + same VLAN exists in a portable IP range. + + + CLOUDSTACK-3888 + The UI does not return the mode (Strict/Preferred) when listing the + ServiceOffering that uses ImplicitDedicationPlanner. + + + CLOUDSTACK-3808 + Attaching volumes does not work when root is at the zone-level primary + store and data at the cluster level or host level store. + + + CLOUDSTACK-3791 + Download template fails with a null pointer exception. + + + CLOUDSTACK-3788 + The weekly Snapshot is stuck in Allocated State. + + + CLOUDSTACK-3765 + Upgrading CloudPlatform 4.2 build on centos5.5 does not + work. + + + CLOUDSTACK-3737 + Uploaded volume is not getting deleted from secondary storage after + attaching it to a guest VM. + + + CLOUDSTACK-3658 + Several old object storage tables and columns are deprecated as a part of + 4.1 to 4.2 database upgrade. + + + CLOUDSTACK-3627 + Public IP interface (eth2) is not getting configured with Redundant + virtual router. The State is FAULT. + + + CLOUDSTACK-3608 + The guest_os_hypervisor table in the database has repeated mappings of + hypervisor and guest OS. + + + CLOUDSTACK-3583 + Stopping the Management server does not remove the PID. + + + CLOUDSTACK-3565 + Restarting libvirtd service leads to destroying the storage + pool. + + + CLOUDSTACK-3243 + Wrong NFS mount point is given in the documentation. + + + CLOUDSTACK-3138 + Flaws in the documentation for the upgrade from 3.0.2 to + 4.1.0. + + + CLOUDSTACK-2791 + Installation instruction is wrong. + + + CLOUDSTACK-1986 + Key translation fails for the following Japanese keyboard keys: ¥_,\ |, + Muhenkan, Henkan, Hiragana/Katakana, Kanji Key, and Caps Lock. + + + CLOUDSTACK-1775 + Events related to User/Domain/Account are not being generated expect for + the USER-DISABLE,DOMAIN-DELETE and ACCOUNT.DISABLE events. + + + CLOUDSTACK-732 + KVM snapshot is not supported. +
    - - Upgrade Instructions + + Upgrade Instructions for 4.2 This section contains upgrade instructions from prior versions of CloudStack to Apache CloudStack 4.2.0. We include instructions on upgrading to Apache CloudStack from pre-Apache versions of Citrix CloudStack (last version prior to Apache is 3.0.2) and from the releases made while CloudStack was in the Apache Incubator. If you run into any issues during upgrades, please feel free to ask questions on users@cloudstack.apache.org or dev@cloudstack.apache.org. -
    +
    Upgrade from 4.x.x to 4.2.0 This section will guide you from &PRODUCT; 4.0.x versions to &PRODUCT; 4.2.0. Any steps that are hypervisor-specific will be called out with a note. @@ -1438,7 +1784,7 @@ under the License. url="http://cloudstack.apache.org/downloads.html" >http://cloudstack.apache.org/downloads.html for package repositories supplied by community members. You will need them for step - or step . + or step . Instructions for creating packages from the &PRODUCT; source are in the Installation Guide. @@ -1489,7 +1835,7 @@ under the License. If you are using Ubuntu, follow this procedure to upgrade your packages. If not, - skip to step . + skip to step . Community Packages This section assumes you're using the community supplied packages for &PRODUCT;. @@ -1515,7 +1861,7 @@ under the License. Now update your apt package list: $ sudo apt-get update - + Now that you have the repository configured, it's time to install the cloudstack-management package. This will pull in any other dependencies you need. @@ -1642,7 +1988,7 @@ service cloudstack-agent restart - + If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If not, skip to step . @@ -1651,7 +1997,7 @@ service cloudstack-agent restart If you've created your own packages and yum repository, substitute your own URL for the ones used in these examples. - + The first order of business will be to change the yum repository for each system with &PRODUCT; packages. This means all management servers, and any hosts that have @@ -1673,7 +2019,7 @@ gpgcheck=0 If you're using your own package repository, change this line to read as appropriate for your 4.2.0 repository. - + Now that you have the repository configured, it's time to install the cloudstack-management package by upgrading the older cloud-client package. @@ -1701,11 +2047,6 @@ gpgcheck=0 Upgrade the Usage server. sudo yum upgrade cloud-usage - - After upgrade, if the usage server fails to restart then copy - db.properties from /etc/cloudstack/management to /etc/cloudstack/usage. Then start the - Usage Server. - @@ -1756,7 +2097,7 @@ Done restarting router(s).
    -
    +
    Upgrade from 3.0.2 to 4.2.0 This section will guide you from Citrix CloudStack 3.0.2 to Apache CloudStack 4.2.0. Sections that are hypervisor-specific will be called out with a note. @@ -1765,7 +2106,7 @@ Done restarting router(s). The following upgrade instructions apply only if you're using VMware hosts. If you're not using VMware hosts, skip this step and move on to . + linkend="stopping-usage-servers"/>. In each zone that includes VMware hosts, you need to add a new system VM template. @@ -1851,7 +2192,7 @@ Done restarting router(s). - + Stop all Usage Servers if running. Run this on all Usage Server hosts. # service cloud-usage stop @@ -2108,12 +2449,7 @@ service cloudstack-agent start Start all Usage Servers (if they were running on your previous version). Perform this on each Usage Server host. - # service cloudstack-usage start - - After upgrade, if the usage server fails to restart then copy - db.properties from /etc/cloudstack/management to /etc/cloudstack/usage. Then start the - Usage Server. - + # service cloudstack-usage start Additional steps are required for each KVM host. These steps will not affect running @@ -2351,7 +2687,7 @@ service cloudstack-agent start issues are seen, try clearing your browser cache and reloading the UI page.
    -
    +
    Upgrade from 2.2.14 to 4.2.0 @@ -2575,7 +2911,7 @@ service cloudstack-agent restart If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If - not, skip to step . + not, skip to step . Community Packages This section assumes you're using the community supplied packages for &PRODUCT;. @@ -2638,7 +2974,7 @@ service cloudstack-agent start - + If you have made changes to your existing copy of the file components.xml in your previous-version CloudStack installation, the changes will be preserved in the upgrade. However, you need to do the following steps to place these changes in a new version of @@ -3043,7 +3379,7 @@ service cloudstack-agent start
    - API Changes from 4.1 to 4.2 + API Changes in 4.2
    Added API Commands in 4.2
    @@ -9503,7 +9839,7 @@ service cloudstack-agent start
    - Upgrade Instructions + Upgrade Instructions for 4.1 This section contains upgrade instructions from prior versions of CloudStack to Apache CloudStack 4.1.0. We include instructions on upgrading to Apache CloudStack from pre-Apache versions of Citrix CloudStack (last version prior to Apache is 3.0.2) and from the releases @@ -9536,7 +9872,7 @@ service cloudstack-agent start source, or check the Apache CloudStack downloads page at http://cloudstack.apache.org/downloads.html for package repositories supplied - by community members. You will need them for step + by community members. You will need them for step or step . Instructions for creating packages from the &PRODUCT; source are in the Installation @@ -9586,7 +9922,7 @@ service cloudstack-agent start PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior to 4.1. - + If you are using Ubuntu, follow this procedure to upgrade your packages. If not, skip to step . @@ -9595,7 +9931,7 @@ service cloudstack-agent start If you've created your own packages and APT repository, substitute your own URL for the ones used in these examples. - + The first order of business will be to change the sources list for each system with &PRODUCT; packages. This means all management servers, and any hosts that have @@ -9620,7 +9956,7 @@ service cloudstack-agent start dependencies you need. $ sudo apt-get install cloudstack-management - + You will need to manually install the cloudstack-agent package: $ sudo apt-get install cloudstack-agent @@ -9667,7 +10003,7 @@ service cloudstack-agent restart If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If - not, skip to step . + not, skip to step . Community Packages This section assumes you're using the community supplied packages for &PRODUCT;. @@ -9701,7 +10037,7 @@ gpgcheck=0 cloud-client package. $ sudo yum upgrade cloud-client - + For KVM hosts, you will need to upgrade the cloud-agent package, similarly installing the new version as cloudstack-agent. @@ -9730,7 +10066,7 @@ service cloudstack-agent start - + Once you've upgraded the packages on your management servers, you'll need to restart the system VMs. Make sure port 8096 is open in your local host firewall to do this. @@ -9760,7 +10096,7 @@ Done restarting router(s).
    -
    +
    Upgrade from 3.0.2 to 4.1.0 This section will guide you from Citrix CloudStack 3.0.2 to Apache CloudStack 4.1.0. Sections that are hypervisor-specific will be called out with a note. @@ -9769,7 +10105,7 @@ Done restarting router(s). The following upgrade instructions apply only if you're using VMware hosts. If you're not using VMware hosts, skip this step and move on to . + linkend="stopping-usage-servers"/>. In each zone that includes VMware hosts, you need to add a new system VM template. @@ -9855,7 +10191,7 @@ Done restarting router(s). - + Stop all Usage Servers if running. Run this on all Usage Server hosts. # service cloud-usage stop @@ -9878,16 +10214,16 @@ Done restarting router(s). the community provided yum/apt repositories to gain access to the &PRODUCT; binaries. - + If you are using Ubuntu, follow this procedure to upgrade your packages. If not, - skip to step . + skip to step . Community Packages This section assumes you're using the community supplied packages for &PRODUCT;. If you've created your own packages and APT repository, substitute your own URL for the ones used in these examples. - + The first order of business will be to change the sources list for each system with &PRODUCT; packages. This means all management servers, and any hosts that have @@ -9906,13 +10242,13 @@ Done restarting router(s). Now update your apt package list: $ sudo apt-get update - + Now that you have the repository configured, it's time to install the cloudstack-management package. This will pull in any other dependencies you need. $ sudo apt-get install cloudstack-management - + You will need to manually install the cloudstack-agent package: $ sudo apt-get install cloudstack-agent @@ -9957,16 +10293,16 @@ service cloudstack-agent restart - + If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If - not, skip to step . + not, skip to step . Community Packages This section assumes you're using the community supplied packages for &PRODUCT;. If you've created your own packages and yum repository, substitute your own URL for the ones used in these examples. - + The first order of business will be to change the yum repository for each system with &PRODUCT; packages. This means all management servers, and any hosts that have @@ -9987,13 +10323,13 @@ gpgcheck=0 If you're using your own package repository, change this line to read as appropriate for your 4.1.0 repository. - + Now that you have the repository configured, it's time to install the cloudstack-management package by upgrading the older cloud-client package. $ sudo yum upgrade cloud-client - + For KVM hosts, you will need to upgrade the cloud-agent package, similarly installing the new version as cloudstack-agent. @@ -10022,7 +10358,7 @@ service cloudstack-agent start - + If you have made changes to your copy of /etc/cloud/management/components.xml the changes will be preserved in the upgrade. However, you need to do the following steps to place these @@ -10474,16 +10810,16 @@ service cloudstack-agent start the community provided yum/apt repositories to gain access to the &PRODUCT; binaries. - + If you are using Ubuntu, follow this procedure to upgrade your packages. If not, - skip to step . + skip to step . Community Packages This section assumes you're using the community supplied packages for &PRODUCT;. If you've created your own packages and APT repository, substitute your own URL for the ones used in these examples. - + The first order of business will be to change the sources list for each system with &PRODUCT; packages. This means all management servers, and any hosts that have @@ -10502,13 +10838,13 @@ service cloudstack-agent start Now update your apt package list: $ sudo apt-get update - + Now that you have the repository configured, it's time to install the cloudstack-management package. This will pull in any other dependencies you need. $ sudo apt-get install cloudstack-management - + On KVM hosts, you will need to manually install the cloudstack-agent package: $ sudo apt-get install cloudstack-agent @@ -10553,16 +10889,16 @@ service cloudstack-agent restart - + If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If - not, skip to step . + not, skip to step . Community Packages This section assumes you're using the community supplied packages for &PRODUCT;. If you've created your own packages and yum repository, substitute your own URL for the ones used in these examples. - + The first order of business will be to change the yum repository for each system with &PRODUCT; packages. This means all management servers, and any hosts that have @@ -10583,13 +10919,13 @@ gpgcheck=0 If you're using your own package repository, change this line to read as appropriate for your 4.1.0 repository. - + Now that you have the repository configured, it's time to install the cloudstack-management package by upgrading the older cloud-client package. $ sudo yum upgrade cloud-client - + For KVM hosts, you will need to upgrade the cloud-agent package, similarly installing the new version as cloudstack-agent. @@ -10618,7 +10954,7 @@ service cloudstack-agent start - + If you have made changes to your existing copy of the file components.xml in your previous-version CloudStack installation, the changes will be preserved in the upgrade. However, you need to do the following steps to place these changes in a new version of From 51224335797eacc249f6d65232d26635a03250cf Mon Sep 17 00:00:00 2001 From: radhikap Date: Thu, 12 Sep 2013 18:06:30 +0530 Subject: [PATCH 05/12] known issues from animesh has been added, edited, updated CLOUDSTACK-4245 and heading changes --- docs/en-US/global-config.xml | 172 ++++++++++++++++++++++++++++++++++- 1 file changed, 170 insertions(+), 2 deletions(-) diff --git a/docs/en-US/global-config.xml b/docs/en-US/global-config.xml index 407d97d2ee4..30d02eb98c0 100644 --- a/docs/en-US/global-config.xml +++ b/docs/en-US/global-config.xml @@ -33,8 +33,8 @@ shows a few of the more useful parameters. - - + + Field @@ -127,4 +127,172 @@ In the Actions column, click the Edit icon to modify a value.
    +
    + Granular Global Configuration Parameters + The following global configuration parameters have been made more granular. The parameters + are listed under three different scopes: account, cluster, and zone. + + + + + + + + Field + Field + Value + + + + + account + remote.access.vpn.client.iprange + The range of IPs to be allocated to remotely access the VPN clients. The + first IP in the range is used by the VPN server. + + + account + allow.public.user.templates + If false, users will not be able to create public templates. + + + account + use.system.public.ips + If true and if an account has one or more dedicated public IP ranges, IPs + are acquired from the system pool after all the IPs dedicated to the account have + been consumed. + + + account + use.system.guest.vlans + If true and if an account has one or more dedicated guest VLAN ranges, + VLANs are allocated from the system pool after all the VLANs dedicated to the + account have been consumed. + + + cluster + cluster.storage.allocated.capacity.notificationthreshold + The percentage, as a value between 0 and 1, of allocated storage utilization above which + alerts are sent that the storage is below the threshold. + + + cluster + cluster.storage.capacity.notificationthreshold + The percentage, as a value between 0 and 1, of storage utilization above which alerts are sent + that the available storage is below the threshold. + + + cluster + cluster.cpu.allocated.capacity.notificationthreshold + The percentage, as a value between 0 and 1, of cpu utilization above which alerts are sent + that the available CPU is below the threshold. + + + cluster + cluster.memory.allocated.capacity.notificationthreshold + The percentage, as a value between 0 and 1, of memory utilization above which alerts are sent + that the available memory is below the threshold. + + + cluster + cluster.cpu.allocated.capacity.disablethreshold + The percentage, as a value between 0 and 1, of CPU utilization above which allocators will + disable that cluster from further usage. Keep the corresponding notification + threshold lower than this value to be notified beforehand. + + + cluster + cluster.memory.allocated.capacity.disablethreshold + The percentage, as a value between 0 and 1, of memory utilization above which allocators will + disable that cluster from further usage. Keep the corresponding notification + threshold lower than this value to be notified beforehand. + + + cluster + cpu.overprovisioning.factor + Used for CPU over-provisioning calculation; the available CPU will be the mathematical product + of actualCpuCapacity and cpu.overprovisioning.factor. + + + cluster + mem.overprovisioning.factor + Used for memory over-provisioning calculation. + + + cluster + vmware.reserve.cpu + Specify whether or not to reserve CPU when not over-provisioning; In case of CPU + over-provisioning, CPU is always reserved. + + + cluster + vmware.reserve.mem + Specify whether or not to reserve memory when not over-provisioning; In case of memory + over-provisioning memory is always reserved. + + + zone + pool.storage.allocated.capacity.disablethreshold + The percentage, as a value between 0 and 1, of allocated storage utilization above which + allocators will disable that pool because the available allocated storage is below + the threshold. + + + zone + pool.storage.capacity.disablethreshold + The percentage, as a value between 0 and 1, of storage utilization above which allocators will + disable the pool because the available storage capacity is below the + threshold. + + + zone + storage.overprovisioning.factor + Used for storage over-provisioning calculation; available storage will be the mathematical + product of actualStorageSize and storage.overprovisioning.factor. + + + zone + network.throttling.rate + Default data transfer rate in megabits per second allowed in a network. + + + zone + guest.domain.suffix + Default domain name for VMs inside a virtual networks with a router. + + + zone + router.template.xen + Name of the default router template on Xenserver. + + + zone + router.template.kvm + Name of the default router template on KVM. + + + zone + router.template.vmware + Name of the default router template on VMware. + + + zone + enable.dynamic.scale.vm + Enable or diable dynamically scaling of a VM. + + + zone + use.external.dns + Bypass internal DNS, and use the external DNS1 and DNS2 + + + zone + blacklisted.routes + Routes that are blacklisted cannot be used for creating static routes for a VPC Private + Gateway. + + + + +
    From 10486ea4dddbfe41bfc200094dd2ee5e833ed7c5 Mon Sep 17 00:00:00 2001 From: Vijayendra Bhamidipati Date: Thu, 12 Sep 2013 09:04:56 -0700 Subject: [PATCH 06/12] CLOUDSTACK-4645: There is no upgrade path from 4.1.1 to 4.2.0 Description: Simpler fix to support upgrade path from 4.1.1 to 4.2.0 by adding a 4.1.1 string in the db update version range. Commit # d1642a489ce76e055d60b2caf3ccfe4bb136b745 introduced a duplicate user_vm_view view in the schema-410to420.sql script. Removing the first occurrence of that view, since whatever QA has been testing until now would have used the duplicated view that gets created after the first one. --- .../cloud/upgrade/DatabaseUpgradeChecker.java | 2 + .../cloud/upgrade/dao/Upgrade410to420.java | 2 +- setup/db/db/schema-410to420.sql | 180 +----------------- 3 files changed, 4 insertions(+), 180 deletions(-) diff --git a/engine/schema/src/com/cloud/upgrade/DatabaseUpgradeChecker.java b/engine/schema/src/com/cloud/upgrade/DatabaseUpgradeChecker.java index 723205869f7..c64be67f0d5 100755 --- a/engine/schema/src/com/cloud/upgrade/DatabaseUpgradeChecker.java +++ b/engine/schema/src/com/cloud/upgrade/DatabaseUpgradeChecker.java @@ -173,6 +173,8 @@ public class DatabaseUpgradeChecker implements SystemIntegrityChecker { _upgradeMap.put("4.0.2", new DbUpgrade[] { new Upgrade40to41(), new Upgrade410to420() }); _upgradeMap.put("4.1.0", new DbUpgrade[] { new Upgrade410to420() }); + + _upgradeMap.put("4.1.1", new DbUpgrade[] { new Upgrade410to420() }); //CP Upgrades _upgradeMap.put("3.0.3", new DbUpgrade[] { new Upgrade303to304(), new Upgrade304to305(), new Upgrade305to306(), new Upgrade306to307(), new Upgrade307to410(), new Upgrade410to420() }); diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java index 8ff07dfa9dd..3d4ba58d1de 100755 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java @@ -51,7 +51,7 @@ public class Upgrade410to420 implements DbUpgrade { @Override public String[] getUpgradableVersionRange() { - return new String[] { "4.1.0", "4.2.0" }; + return new String[] { "4.1.0", "4.1.1" }; } @Override diff --git a/setup/db/db/schema-410to420.sql b/setup/db/db/schema-410to420.sql index 6e9fe72b63e..f7f10b97ef7 100644 --- a/setup/db/db/schema-410to420.sql +++ b/setup/db/db/schema-410to420.sql @@ -722,185 +722,7 @@ CREATE TABLE `cloud`.`service_offering_details` ( CONSTRAINT `fk_service_offering_details__service_offering_id` FOREIGN KEY (`service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE, CONSTRAINT UNIQUE KEY `uk_service_offering_id_name` (`service_offering_id`, `name`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; - -DROP VIEW IF EXISTS `cloud`.`user_vm_view`; -CREATE VIEW `cloud`.`user_vm_view` AS - select - vm_instance.id id, - vm_instance.name name, - user_vm.display_name display_name, - user_vm.user_data user_data, - account.id account_id, - account.uuid account_uuid, - account.account_name account_name, - account.type account_type, - domain.id domain_id, - domain.uuid domain_uuid, - domain.name domain_name, - domain.path domain_path, - projects.id project_id, - projects.uuid project_uuid, - projects.name project_name, - instance_group.id instance_group_id, - instance_group.uuid instance_group_uuid, - instance_group.name instance_group_name, - vm_instance.uuid uuid, - vm_instance.last_host_id last_host_id, - vm_instance.vm_type type, - vm_instance.vnc_password vnc_password, - vm_instance.limit_cpu_use limit_cpu_use, - vm_instance.created created, - vm_instance.state state, - vm_instance.removed removed, - vm_instance.ha_enabled ha_enabled, - vm_instance.hypervisor_type hypervisor_type, - vm_instance.instance_name instance_name, - vm_instance.guest_os_id guest_os_id, - guest_os.uuid guest_os_uuid, - vm_instance.pod_id pod_id, - host_pod_ref.uuid pod_uuid, - vm_instance.private_ip_address private_ip_address, - vm_instance.private_mac_address private_mac_address, - vm_instance.vm_type vm_type, - data_center.id data_center_id, - data_center.uuid data_center_uuid, - data_center.name data_center_name, - data_center.networktype data_center_type, - data_center.is_security_group_enabled security_group_enabled, - host.id host_id, - host.uuid host_uuid, - host.name host_name, - vm_template.id template_id, - vm_template.uuid template_uuid, - vm_template.name template_name, - vm_template.display_text template_display_text, - vm_template.enable_password password_enabled, - iso.id iso_id, - iso.uuid iso_uuid, - iso.name iso_name, - iso.display_text iso_display_text, - service_offering.id service_offering_id, - disk_offering.uuid service_offering_uuid, - service_offering.cpu cpu, - service_offering.speed speed, - service_offering.ram_size ram_size, - disk_offering.name service_offering_name, - storage_pool.id pool_id, - storage_pool.uuid pool_uuid, - storage_pool.pool_type pool_type, - volumes.id volume_id, - volumes.uuid volume_uuid, - volumes.device_id volume_device_id, - volumes.volume_type volume_type, - security_group.id security_group_id, - security_group.uuid security_group_uuid, - security_group.name security_group_name, - security_group.description security_group_description, - nics.id nic_id, - nics.uuid nic_uuid, - nics.network_id network_id, - nics.ip4_address ip_address, - nics.ip6_address ip6_address, - nics.ip6_gateway ip6_gateway, - nics.ip6_cidr ip6_cidr, - nics.default_nic is_default_nic, - nics.gateway gateway, - nics.netmask netmask, - nics.mac_address mac_address, - nics.broadcast_uri broadcast_uri, - nics.isolation_uri isolation_uri, - vpc.id vpc_id, - vpc.uuid vpc_uuid, - networks.uuid network_uuid, - networks.name network_name, - networks.traffic_type traffic_type, - networks.guest_type guest_type, - user_ip_address.id public_ip_id, - user_ip_address.uuid public_ip_uuid, - user_ip_address.public_ip_address public_ip_address, - ssh_keypairs.keypair_name keypair_name, - resource_tags.id tag_id, - resource_tags.uuid tag_uuid, - resource_tags.key tag_key, - resource_tags.value tag_value, - resource_tags.domain_id tag_domain_id, - resource_tags.account_id tag_account_id, - resource_tags.resource_id tag_resource_id, - resource_tags.resource_uuid tag_resource_uuid, - resource_tags.resource_type tag_resource_type, - resource_tags.customer tag_customer, - async_job.id job_id, - async_job.uuid job_uuid, - async_job.job_status job_status, - async_job.account_id job_account_id, - affinity_group.id affinity_group_id, - affinity_group.uuid affinity_group_uuid, - affinity_group.name affinity_group_name, - affinity_group.description affinity_group_description - from - `cloud`.`user_vm` - inner join - `cloud`.`vm_instance` ON vm_instance.id = user_vm.id - and vm_instance.removed is NULL - inner join - `cloud`.`account` ON vm_instance.account_id = account.id - inner join - `cloud`.`domain` ON vm_instance.domain_id = domain.id - left join - `cloud`.`guest_os` ON vm_instance.guest_os_id = guest_os.id - left join - `cloud`.`host_pod_ref` ON vm_instance.pod_id = host_pod_ref.id - left join - `cloud`.`projects` ON projects.project_account_id = account.id - left join - `cloud`.`instance_group_vm_map` ON vm_instance.id = instance_group_vm_map.instance_id - left join - `cloud`.`instance_group` ON instance_group_vm_map.group_id = instance_group.id - left join - `cloud`.`data_center` ON vm_instance.data_center_id = data_center.id - left join - `cloud`.`host` ON vm_instance.host_id = host.id - left join - `cloud`.`vm_template` ON vm_instance.vm_template_id = vm_template.id - left join - `cloud`.`vm_template` iso ON iso.id = user_vm.iso_id - left join - `cloud`.`service_offering` ON vm_instance.service_offering_id = service_offering.id - left join - `cloud`.`disk_offering` ON vm_instance.service_offering_id = disk_offering.id - left join - `cloud`.`volumes` ON vm_instance.id = volumes.instance_id - left join - `cloud`.`storage_pool` ON volumes.pool_id = storage_pool.id - left join - `cloud`.`security_group_vm_map` ON vm_instance.id = security_group_vm_map.instance_id - left join - `cloud`.`security_group` ON security_group_vm_map.security_group_id = security_group.id - left join - `cloud`.`nics` ON vm_instance.id = nics.instance_id - left join - `cloud`.`networks` ON nics.network_id = networks.id - left join - `cloud`.`vpc` ON networks.vpc_id = vpc.id - left join - `cloud`.`user_ip_address` ON user_ip_address.vm_id = vm_instance.id - left join - `cloud`.`user_vm_details` ON user_vm_details.vm_id = vm_instance.id - and user_vm_details.name = 'SSH.PublicKey' - left join - `cloud`.`ssh_keypairs` ON ssh_keypairs.public_key = user_vm_details.value - left join - `cloud`.`resource_tags` ON resource_tags.resource_id = vm_instance.id - and resource_tags.resource_type = 'UserVm' - left join - `cloud`.`async_job` ON async_job.instance_id = vm_instance.id - and async_job.instance_type = 'VirtualMachine' - and async_job.job_status = 0 - left join - `cloud`.`affinity_group_vm_map` ON vm_instance.id = affinity_group_vm_map.instance_id - left join - `cloud`.`affinity_group` ON affinity_group_vm_map.affinity_group_id = affinity_group.id; - + DROP VIEW IF EXISTS `cloud`.`affinity_group_view`; CREATE VIEW `cloud`.`affinity_group_view` AS select From 10a25789a69c467cc8598ceae3d92e1e8465700e Mon Sep 17 00:00:00 2001 From: Edison Su Date: Fri, 6 Sep 2013 17:55:11 -0700 Subject: [PATCH 07/12] CLOUDSTACK-4618: fix CLVM (cherry picked from commit f2c5b5fbfe45196dfad2821fca513ddd6efa25c9) Signed-off-by: animesh --- .../kvm/storage/KVMStorageProcessor.java | 31 +++++++--- .../CloudStackPrimaryDataStoreDriverImpl.java | 57 ++++++++++++++++++- scripts/storage/qcow2/managesnapshot.sh | 4 +- 3 files changed, 80 insertions(+), 12 deletions(-) diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/KVMStorageProcessor.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/KVMStorageProcessor.java index 99ea04fc1d7..c69f9b03963 100644 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/KVMStorageProcessor.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/KVMStorageProcessor.java @@ -147,8 +147,7 @@ public class KVMStorageProcessor implements StorageProcessor { DataTO destData = cmd.getDestTO(); TemplateObjectTO template = (TemplateObjectTO) srcData; DataStoreTO imageStore = template.getDataStore(); - TemplateObjectTO volume = (TemplateObjectTO) destData; - PrimaryDataStoreTO primaryStore = (PrimaryDataStoreTO) volume.getDataStore(); + PrimaryDataStoreTO primaryStore = (PrimaryDataStoreTO) destData.getDataStore(); if (!(imageStore instanceof NfsTO)) { return new CopyCmdAnswer("unsupported protocol"); @@ -197,19 +196,32 @@ public class KVMStorageProcessor implements StorageProcessor { KVMPhysicalDisk primaryVol = storagePoolMgr.copyPhysicalDisk(tmplVol, UUID.randomUUID().toString(), primaryPool); - TemplateObjectTO newTemplate = new TemplateObjectTO(); - newTemplate.setPath(primaryVol.getName()); + DataTO data = null; /** * Force the ImageFormat for RBD templates to RAW * */ - if (primaryPool.getType() == StoragePoolType.RBD) { - newTemplate.setFormat(ImageFormat.RAW); - } else { - newTemplate.setFormat(ImageFormat.QCOW2); + if (destData.getObjectType() == DataObjectType.TEMPLATE) { + TemplateObjectTO newTemplate = new TemplateObjectTO(); + newTemplate.setPath(primaryVol.getName()); + if (primaryPool.getType() == StoragePoolType.RBD) { + newTemplate.setFormat(ImageFormat.RAW); + } else { + newTemplate.setFormat(ImageFormat.QCOW2); + } + data = newTemplate; + } else if (destData.getObjectType() == DataObjectType.VOLUME) { + VolumeObjectTO volumeObjectTO = new VolumeObjectTO(); + volumeObjectTO.setPath(primaryVol.getName()); + if (primaryVol.getFormat() == PhysicalDiskFormat.RAW) + volumeObjectTO.setFormat(ImageFormat.RAW); + else if (primaryVol.getFormat() == PhysicalDiskFormat.QCOW2) { + volumeObjectTO.setFormat(ImageFormat.QCOW2); + } + data = volumeObjectTO; } - return new CopyCmdAnswer(newTemplate); + return new CopyCmdAnswer(data); } catch (CloudRuntimeException e) { return new CopyCmdAnswer(e.toString()); } finally { @@ -287,6 +299,7 @@ public class KVMStorageProcessor implements StorageProcessor { String templatePath = template.getPath(); if (primaryPool.getType() == StoragePoolType.CLVM) { + templatePath = ((NfsTO)imageStore).getUrl() + File.separator + templatePath; vol = templateToPrimaryDownload(templatePath, primaryPool); } else { if (templatePath.contains("/mnt")) { diff --git a/plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackPrimaryDataStoreDriverImpl.java b/plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackPrimaryDataStoreDriverImpl.java index 47cd1a83ef9..683239c1d1c 100644 --- a/plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackPrimaryDataStoreDriverImpl.java +++ b/plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackPrimaryDataStoreDriverImpl.java @@ -25,9 +25,13 @@ import com.cloud.agent.api.to.DataObjectType; import com.cloud.agent.api.to.DataStoreTO; import com.cloud.agent.api.to.DataTO; import com.cloud.agent.api.to.StorageFilerTO; +import com.cloud.configuration.Config; +import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.exception.StorageUnavailableException; import com.cloud.host.dao.HostDao; +import com.cloud.storage.DataStoreRole; import com.cloud.storage.ResizeVolumePayload; +import com.cloud.storage.Storage; import com.cloud.storage.StorageManager; import com.cloud.storage.StoragePool; import com.cloud.storage.VolumeManager; @@ -36,17 +40,24 @@ import com.cloud.storage.dao.SnapshotDao; import com.cloud.storage.dao.VMTemplateDao; import com.cloud.storage.dao.VolumeDao; import com.cloud.storage.snapshot.SnapshotManager; +import com.cloud.template.TemplateManager; +import com.cloud.utils.NumbersUtil; import com.cloud.vm.dao.VMInstanceDao; import org.apache.cloudstack.engine.subsystem.api.storage.*; import org.apache.cloudstack.framework.async.AsyncCompletionCallback; import org.apache.cloudstack.storage.command.CommandResult; +import org.apache.cloudstack.storage.command.CopyCmdAnswer; +import org.apache.cloudstack.storage.command.CopyCommand; import org.apache.cloudstack.storage.command.CreateObjectCommand; import org.apache.cloudstack.storage.command.DeleteCommand; import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao; +import org.apache.cloudstack.storage.datastore.db.StoragePoolVO; +import org.apache.cloudstack.storage.to.TemplateObjectTO; import org.apache.cloudstack.storage.volume.VolumeObject; import org.apache.log4j.Logger; import javax.inject.Inject; +import java.util.UUID; public class CloudStackPrimaryDataStoreDriverImpl implements PrimaryDataStoreDriver { private static final Logger s_logger = Logger.getLogger(CloudStackPrimaryDataStoreDriverImpl.class); @@ -72,7 +83,12 @@ public class CloudStackPrimaryDataStoreDriverImpl implements PrimaryDataStoreDri SnapshotManager snapshotMgr; @Inject EndPointSelector epSelector; - + @Inject + ConfigurationDao configDao; + @Inject + TemplateManager templateManager; + @Inject + TemplateDataFactory templateDataFactory; @Override public DataTO getTO(DataObject data) { return null; @@ -163,10 +179,49 @@ public class CloudStackPrimaryDataStoreDriverImpl implements PrimaryDataStoreDri @Override public void copyAsync(DataObject srcdata, DataObject destData, AsyncCompletionCallback callback) { + DataStore store = destData.getDataStore(); + if (store.getRole() == DataStoreRole.Primary) { + if ((srcdata.getType() == DataObjectType.TEMPLATE && destData.getType() == DataObjectType.TEMPLATE)) { + //For CLVM, we need to copy template to primary storage at all, just fake the copy result. + TemplateObjectTO templateObjectTO = new TemplateObjectTO(); + templateObjectTO.setPath(UUID.randomUUID().toString()); + templateObjectTO.setSize(srcdata.getSize()); + templateObjectTO.setPhysicalSize(srcdata.getSize()); + templateObjectTO.setFormat(Storage.ImageFormat.RAW); + CopyCmdAnswer answer = new CopyCmdAnswer(templateObjectTO); + CopyCommandResult result = new CopyCommandResult("", answer); + callback.complete(result); + } else if (srcdata.getType() == DataObjectType.TEMPLATE && destData.getType() == DataObjectType.VOLUME) { + //For CLVM, we need to pass template on secondary storage to hypervisor + String value = configDao.getValue(Config.PrimaryStorageDownloadWait.toString()); + int _primaryStorageDownloadWait = NumbersUtil.parseInt(value, + Integer.parseInt(Config.PrimaryStorageDownloadWait.getDefaultValue())); + StoragePoolVO storagePoolVO = primaryStoreDao.findById(store.getId()); + DataStore imageStore = templateManager.getImageStore(storagePoolVO.getDataCenterId(), srcdata.getId()); + DataObject srcData = templateDataFactory.getTemplate(srcdata.getId(), imageStore); + + CopyCommand cmd = new CopyCommand(srcData.getTO(), destData.getTO(), _primaryStorageDownloadWait, true); + EndPoint ep = epSelector.select(srcData, destData); + Answer answer = ep.sendMessage(cmd); + CopyCommandResult result = new CopyCommandResult("", answer); + callback.complete(result); + } + } } @Override public boolean canCopy(DataObject srcData, DataObject destData) { + //BUG fix for CLOUDSTACK-4618 + DataStore store = destData.getDataStore(); + if (store.getRole() == DataStoreRole.Primary) { + if ((srcData.getType() == DataObjectType.TEMPLATE && destData.getType() == DataObjectType.TEMPLATE) || + (srcData.getType() == DataObjectType.TEMPLATE && destData.getType() == DataObjectType.VOLUME)) { + StoragePoolVO storagePoolVO = primaryStoreDao.findById(store.getId()); + if (storagePoolVO != null && storagePoolVO.getPoolType() == Storage.StoragePoolType.CLVM) { + return true; + } + } + } return false; } diff --git a/scripts/storage/qcow2/managesnapshot.sh b/scripts/storage/qcow2/managesnapshot.sh index 368ff549ee6..42bd1eb2613 100755 --- a/scripts/storage/qcow2/managesnapshot.sh +++ b/scripts/storage/qcow2/managesnapshot.sh @@ -42,11 +42,11 @@ fi is_lv() { # Must be a block device - if [ -b "${1}" ]; then + if [ -b "${1}" -o -L "{1}" ]; then # But not a volume group or physical volume lvm vgs "${1}" > /dev/null 2>&1 && return 1 # And a logical volume - lvm lvs "${1}" > /dev/null 2>&1 && return 0 + lvm lvs "${1}" > /dev/null 2>&1 && return 1 fi return 0 } From 097ad0b5fe82a653ff860c35a4250bacdc1297c8 Mon Sep 17 00:00:00 2001 From: frank Date: Thu, 12 Sep 2013 14:14:23 -0700 Subject: [PATCH 08/12] Add Baremetal agent package back to RPM spec file (cherry picked from commit d58044ccbaa49d011d4e5b72f8e96a8619b224fd) Signed-off-by: animesh --- packaging/centos63/cloud.spec | 16 ++ .../networkservice/BaremetalDhcpElement.java | 11 +- .../BaremetalDhcpManagerImpl.java | 7 +- python/bindir/cloud-setup-baremetal | 217 ------------------ 4 files changed, 23 insertions(+), 228 deletions(-) delete mode 100755 python/bindir/cloud-setup-baremetal diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec index 2b814f871df..5f8a2a50d16 100644 --- a/packaging/centos63/cloud.spec +++ b/packaging/centos63/cloud.spec @@ -162,6 +162,19 @@ Group: System Environment/Libraries %description awsapi Apache Cloudstack AWS API compatibility wrapper + +%package baremetal-agent +Summary: CloudStack baremetal agent +Requires: tftp-server +Requires: xinetd +Requires: syslinux +Requires: chkconfig +Requires: dhcp +Requires: httpd +Group: System Environment/Libraries +%description baremetal-agent +The CloudStack baremetal agent + %prep echo Doing CloudStack build @@ -236,6 +249,7 @@ install -D client/target/utilities/bin/cloud-set-guest-sshkey ${RPM_BUILD_ROOT}% install -D client/target/utilities/bin/cloud-setup-databases ${RPM_BUILD_ROOT}%{_bindir}/%{name}-setup-databases install -D client/target/utilities/bin/cloud-setup-encryption ${RPM_BUILD_ROOT}%{_bindir}/%{name}-setup-encryption install -D client/target/utilities/bin/cloud-setup-management ${RPM_BUILD_ROOT}%{_bindir}/%{name}-setup-management +install -D client/target/utilities/bin/cloud-setup-baremetal ${RPM_BUILD_ROOT}%{_bindir}/%{name}-setup-baremetal install -D client/target/utilities/bin/cloud-sysvmadm ${RPM_BUILD_ROOT}%{_bindir}/%{name}-sysvmadm install -D client/target/utilities/bin/cloud-update-xenserver-licenses ${RPM_BUILD_ROOT}%{_bindir}/%{name}-update-xenserver-licenses @@ -603,6 +617,8 @@ fi %{_defaultdocdir}/%{name}-awsapi-%{version}/LICENSE %{_defaultdocdir}/%{name}-awsapi-%{version}/NOTICE +%files baremetal-agent +%attr(0755,root,root) %{_bindir}/cloudstack-setup-baremetal %changelog * Fri Oct 03 2012 Hugo Trippaers 4.1.0 diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpElement.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpElement.java index 34e83027da7..f01deb7430b 100755 --- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpElement.java +++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpElement.java @@ -65,8 +65,8 @@ public class BaremetalDhcpElement extends AdapterBase implements DhcpServiceProv static { Capability cap = new Capability(BaremetalDhcpManager.BAREMETAL_DHCP_SERVICE_CAPABITLITY); Map baremetalCaps = new HashMap(); - baremetalCaps.put(cap, null); - baremetalCaps.put(Capability.DhcpAccrossMultipleSubnets, Boolean.TRUE.toString()); + baremetalCaps.put(cap, null); + baremetalCaps.put(Capability.DhcpAccrossMultipleSubnets, Boolean.TRUE.toString()); capabilities = new HashMap>(); capabilities.put(Service.Dhcp, baremetalCaps); } @@ -82,11 +82,8 @@ public class BaremetalDhcpElement extends AdapterBase implements DhcpServiceProv } private boolean canHandle(DeployDestination dest, TrafficType trafficType, GuestType networkType) { - Pod pod = dest.getPod(); - if (pod != null && dest.getDataCenter().getNetworkType() == NetworkType.Basic && trafficType == TrafficType.Guest) { - SearchCriteriaService sc = SearchCriteria2.create(BaremetalDhcpVO.class); - sc.addAnd(sc.getEntity().getPodId(), Op.EQ, pod.getId()); - return sc.find() != null; + if (dest.getDataCenter().getNetworkType() == NetworkType.Basic && trafficType == TrafficType.Guest) { + return true; } return false; diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpManagerImpl.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpManagerImpl.java index 9d18478626b..2f4ffcb6993 100755 --- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpManagerImpl.java +++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalDhcpManagerImpl.java @@ -136,14 +136,13 @@ public class BaremetalDhcpManagerImpl extends ManagerBase implements BaremetalDh public boolean addVirtualMachineIntoNetwork(Network network, NicProfile nic, VirtualMachineProfile profile, DeployDestination dest, ReservationContext context) throws ResourceUnavailableException { Long zoneId = profile.getVirtualMachine().getDataCenterId(); - Long podId = profile.getVirtualMachine().getPodIdToDeployIn(); - List hosts = _resourceMgr.listAllUpAndEnabledHosts(Type.BaremetalDhcp, null, podId, zoneId); + List hosts = _resourceMgr.listAllUpAndEnabledHosts(Type.BaremetalDhcp, null, null, zoneId); if (hosts.size() == 0) { - throw new CloudRuntimeException("No external Dhcp found in zone " + zoneId + " pod " + podId); + throw new CloudRuntimeException("No external Dhcp found in zone " + zoneId); } if (hosts.size() > 1) { - throw new CloudRuntimeException("Something wrong, more than 1 external Dhcp found in zone " + zoneId + " pod " + podId); + throw new CloudRuntimeException("Something wrong, more than 1 external Dhcp found in zone " + zoneId); } HostVO h = hosts.get(0); diff --git a/python/bindir/cloud-setup-baremetal b/python/bindir/cloud-setup-baremetal deleted file mode 100755 index 03ea0864213..00000000000 --- a/python/bindir/cloud-setup-baremetal +++ /dev/null @@ -1,217 +0,0 @@ -#!/usr/bin/python -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -import sys, os -from subprocess import PIPE, Popen -import logging -import traceback -from os.path import exists, join -from signal import alarm, signal, SIGALRM, SIGKILL - -class CloudRuntimeException(Exception): - def __init__(self, errMsg): - self.errMsg = errMsg - def __str__(self): - return self.errMsg -def formatExceptionInfo(maxTBlevel=5): - cla, exc, trbk = sys.exc_info() - excTb = traceback.format_tb(trbk, maxTBlevel) - msg = str(exc) + "\n" - for tb in excTb: - msg += tb - return msg - -class bash: - def __init__(self, args, timeout=600): - self.args = args - logging.debug("execute:%s"%args) - self.timeout = timeout - self.process = None - self.success = False - self.run() - - def run(self): - class Alarm(Exception): - pass - def alarm_handler(signum, frame): - raise Alarm - - try: - self.process = Popen(self.args, shell=True, stdout=PIPE, stderr=PIPE) - if self.timeout != -1: - signal(SIGALRM, alarm_handler) - alarm(self.timeout) - - try: - self.stdout, self.stderr = self.process.communicate() - if self.timeout != -1: - alarm(0) - except Alarm: - os.kill(self.process.pid, SIGKILL) - raise CloudRuntimeException("Timeout during command execution") - - self.success = self.process.returncode == 0 - except: - raise CloudRuntimeException(formatExceptionInfo()) - -# if not self.success: -# raise CloudRuntimeException(self.getStderr()) - - def isSuccess(self): - return self.success - - def getStdout(self): - return self.stdout.strip("\n") - - def getLines(self): - return self.stdout.split("\n") - - def getStderr(self): - return self.stderr.strip("\n") - - -def initLoging(logFile=None): - try: - if logFile is None: - logging.basicConfig(level=logging.DEBUG) - else: - logging.basicConfig(filename=logFile, level=logging.DEBUG) - except: - logging.basicConfig(level=logging.DEBUG) - -def writeProgressBar(msg, result=None): - if msg is not None: - output = "%-80s"%msg - elif result is True: - output = "[ \033[92m%-2s\033[0m ]\n"%"OK" - elif result is False: - output = "[ \033[91m%-6s\033[0m ]\n"%"FAILED" - sys.stdout.write(output) - sys.stdout.flush() - -def printError(msg): - sys.stderr.write(msg) - sys.stderr.write("\n") - sys.stderr.flush() - -def printMsg(msg): - sys.stdout.write(msg+"\n") - sys.stdout.flush() - -def checkRpm(pkgName): - chkPkg = bash("rpm -q %s"%pkgName) - writeProgressBar("Checking %s"%pkgName, None) - if not chkPkg.isSuccess(): - writeProgressBar(None, False) - printError("%s is not found, please make sure it is installed. You may try 'yum install %s'\n"%(pkgName, pkgName)) - return False - else: - writeProgressBar(None, True) - return True - -def checkEnv(): - writeProgressBar("Checking is root") - ret = bash("whoami") - if ret.getStdout() != "root": - writeProgressBar(None, False) - printError("This script must run as root") - return False - else: - writeProgressBar(None, True) - - pkgList = ['tftp-server', 'syslinux', 'xinetd', 'chkconfig', 'dhcp'] - for pkg in pkgList: - if not checkRpm(pkg): - return False - return True - -def exitIfFail(ret): - if not ret: sys.exit(1) - -def bashWithResult(cmd): - writeProgressBar("Executing '%s'"%cmd) - ret = bash(cmd) - if not ret.isSuccess(): - writeProgressBar(None, False) - writeProgressBar(ret.getStderr() + '\n') - return False - else: - writeProgressBar(None, True) - return True - -def configurePxeStuff(): - stuff = ['tftp', 'xinetd', 'dhcpd'] - cmds = ['chkconfig --level 345 %s on' % i for i in stuff] - cmds.append('/etc/init.d/xinetd restart') - - for cmd in cmds: - if not bashWithResult(cmd): return False - - chkIptable = bash('chkconfig --list iptables') - if 'on' in chkIptable.getStdout(): - printMsg("Detected iptables is running, need to open tftp port 69") - if not bashWithResult('iptables -I INPUT 1 -p udp --dport 69 -j ACCEPT'): return False - if not bashWithResult('/etc/init.d/iptables save'): return False - - return True - -def getTftpRootDir(tftpRootDirList): - tftpRoot = bash("cat /etc/xinetd.d/tftp | grep server_args") - if not tftpRoot.isSuccess(): - printError("Cannot get tftp root directory from /etc/xinetd.d/tftp, here may be something wrong with your tftp-server, try reinstall it\n") - return False - tftpRootDir = tftpRoot.getStdout() - index = tftpRootDir.find("/") - if index == -1: - printError("Wrong server_arg in /etc/xinetd.d/tftp (%s)"%tftpRootDir) - return False - tftpRootDir = tftpRootDir[index:] - tftpRootDirList.append(tftpRootDir) - return True - -def preparePING(tftpRootDir): - pingFiles = ['boot.msg', 'initrd.gz', 'kernel', 'pxelinux.0'] - pingDir = "/usr/share/PING" - - for f in pingFiles: - path = join(pingDir, f) - if not exists(path): - printError("Cannot find %s, please make sure PING-3.01 is installed"%path) - return False - if not bashWithResult("cp -f %s %s"%(path, tftpRootDir)): return False - - if not bashWithResult("mkdir -p %s/pxelinux.cfg"%tftpRootDir): return False - - return True - - -if __name__ == "__main__": - initLoging("/tmp/cloud-setup-baremetal.log") - tftpRootDirList = [] - - exitIfFail(checkEnv()) - exitIfFail(configurePxeStuff()) - exitIfFail(getTftpRootDir(tftpRootDirList)) - - tftpRootDir = tftpRootDirList[0].strip() - exitIfFail(preparePING(tftpRootDir)) - printMsg("") - printMsg("Setup BareMetal PXE server successfully") - printMsg("TFTP root directory is: %s\n"%tftpRootDir) - sys.exit(0) - From 13a9310aa556699df58410d751f322c3da6f075a Mon Sep 17 00:00:00 2001 From: frank Date: Thu, 12 Sep 2013 14:47:37 -0700 Subject: [PATCH 09/12] Add Baremetal agent package back to RPM spec file add missing file in d58044ccbaa49d011d4e5b72f8e96a8619b224fd (cherry picked from commit 4c1a20fe6650a7f75673df92a26925d4bfa1815d) Signed-off-by: animesh --- setup/bindir/cloud-setup-baremetal.in | 232 ++++++++++++++++++++++++++ 1 file changed, 232 insertions(+) create mode 100644 setup/bindir/cloud-setup-baremetal.in diff --git a/setup/bindir/cloud-setup-baremetal.in b/setup/bindir/cloud-setup-baremetal.in new file mode 100644 index 00000000000..367e38943e2 --- /dev/null +++ b/setup/bindir/cloud-setup-baremetal.in @@ -0,0 +1,232 @@ +#!/usr/bin/python +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +import sys, os +from subprocess import PIPE, Popen +import logging +import traceback +from os.path import exists, join +from signal import alarm, signal, SIGALRM, SIGKILL + +class CloudRuntimeException(Exception): + def __init__(self, errMsg): + self.errMsg = errMsg + def __str__(self): + return self.errMsg +def formatExceptionInfo(maxTBlevel=5): + cla, exc, trbk = sys.exc_info() + excTb = traceback.format_tb(trbk, maxTBlevel) + msg = str(exc) + "\n" + for tb in excTb: + msg += tb + return msg + +class bash: + def __init__(self, args, timeout=600): + self.args = args + logging.debug("execute:%s"%args) + self.timeout = timeout + self.process = None + self.success = False + self.run() + + def run(self): + class Alarm(Exception): + pass + def alarm_handler(signum, frame): + raise Alarm + + try: + self.process = Popen(self.args, shell=True, stdout=PIPE, stderr=PIPE) + if self.timeout != -1: + signal(SIGALRM, alarm_handler) + alarm(self.timeout) + + try: + self.stdout, self.stderr = self.process.communicate() + if self.timeout != -1: + alarm(0) + except Alarm: + os.kill(self.process.pid, SIGKILL) + raise CloudRuntimeException("Timeout during command execution") + + self.success = self.process.returncode == 0 + except: + raise CloudRuntimeException(formatExceptionInfo()) + +# if not self.success: +# raise CloudRuntimeException(self.getStderr()) + + def isSuccess(self): + return self.success + + def getStdout(self): + return self.stdout.strip("\n") + + def getLines(self): + return self.stdout.split("\n") + + def getStderr(self): + return self.stderr.strip("\n") + + +def initLoging(logFile=None): + try: + if logFile is None: + logging.basicConfig(level=logging.DEBUG) + else: + logging.basicConfig(filename=logFile, level=logging.DEBUG) + except: + logging.basicConfig(level=logging.DEBUG) + +def writeProgressBar(msg, result=None): + if msg is not None: + output = "%-80s"%msg + elif result is True: + output = "[ \033[92m%-2s\033[0m ]\n"%"OK" + elif result is False: + output = "[ \033[91m%-6s\033[0m ]\n"%"FAILED" + sys.stdout.write(output) + sys.stdout.flush() + +def printError(msg): + sys.stderr.write(msg) + sys.stderr.write("\n") + sys.stderr.flush() + +def printMsg(msg): + sys.stdout.write(msg+"\n") + sys.stdout.flush() + +def checkRpm(pkgName): + chkPkg = bash("rpm -q %s"%pkgName) + writeProgressBar("Checking %s"%pkgName, None) + if not chkPkg.isSuccess(): + writeProgressBar(None, False) + printError("%s is not found, please make sure it is installed. You may try 'yum install %s'\n"%(pkgName, pkgName)) + return False + else: + writeProgressBar(None, True) + return True + +def checkEnv(): + writeProgressBar("Checking is root") + ret = bash("whoami") + if ret.getStdout() != "root": + writeProgressBar(None, False) + printError("This script must run as root") + return False + else: + writeProgressBar(None, True) + + pkgList = ['tftp-server', 'syslinux', 'xinetd', 'chkconfig', 'dhcp'] + for pkg in pkgList: + if not checkRpm(pkg): + return False + return True + +def exitIfFail(ret): + if not ret: sys.exit(1) + +def bashWithResult(cmd): + writeProgressBar("Executing '%s'"%cmd) + ret = bash(cmd) + if not ret.isSuccess(): + writeProgressBar(None, False) + writeProgressBar(ret.getStderr() + '\n') + return False + else: + writeProgressBar(None, True) + return True + +def configurePxeStuff(): + stuff = ['tftp', 'xinetd', 'dhcpd'] + cmds = ['chkconfig --level 345 %s on' % i for i in stuff] + cmds.append('/etc/init.d/xinetd restart') + + for cmd in cmds: + if not bashWithResult(cmd): return False + + chkIptable = bash('chkconfig --list iptables') + if 'on' in chkIptable.getStdout(): + printMsg("Detected iptables is running, need to open tftp port 69") + if not bashWithResult('iptables -I INPUT 1 -p udp --dport 69 -j ACCEPT'): return False + if not bashWithResult('/etc/init.d/iptables save'): return False + + return True + +def getTftpRootDir(tftpRootDirList): + tftpRoot = bash("cat /etc/xinetd.d/tftp | grep server_args") + if not tftpRoot.isSuccess(): + printError("Cannot get tftp root directory from /etc/xinetd.d/tftp, here may be something wrong with your tftp-server, try reinstall it\n") + return False + tftpRootDir = tftpRoot.getStdout() + index = tftpRootDir.find("/") + if index == -1: + printError("Wrong server_arg in /etc/xinetd.d/tftp (%s)"%tftpRootDir) + return False + tftpRootDir = tftpRootDir[index:] + tftpRootDirList.append(tftpRootDir) + return True + +def preparePING(tftpRootDir): + pingFiles = ['boot.msg', 'initrd.gz', 'kernel', 'pxelinux.0'] + pingDir = "/usr/share/PING" + + for f in pingFiles: + path = join(pingDir, f) + if not exists(path): + printError("Cannot find %s, please make sure PING-3.01 is installed"%path) + return False + if not bashWithResult("cp -f %s %s"%(path, tftpRootDir)): return False + + if not bashWithResult("mkdir -p %s/pxelinux.cfg"%tftpRootDir): return False + + return True + +def prepareSyslinux(tftpRootDir): + pkg = bash('rpm -ql syslinux | grep "/pxelinux.0$"') + if not pkg.isSuccess(): + printError('cannot find pxelinux.0 on system. is syslinux installed?') + return False + + pkg = pkg.getStdout() + cp = "cp -f %s %s" % (pkg, tftpRootDir) + if not bashWithResult(cp): + return False + + return True + + + +if __name__ == "__main__": + initLoging("/tmp/cloud-setup-baremetal.log") + tftpRootDirList = [] + + exitIfFail(checkEnv()) + exitIfFail(configurePxeStuff()) + exitIfFail(getTftpRootDir(tftpRootDirList)) + + tftpRootDir = tftpRootDirList[0].strip() + #exitIfFail(preparePING(tftpRootDir)) + exitIfFail(prepareSyslinux(tftpRootDir)) + printMsg("") + printMsg("Setup BareMetal PXE server successfully") + printMsg("TFTP root directory is: %s\n"%tftpRootDir) + sys.exit(0) + From c1e24ff89f6d14d6ae74d12dbca108c35449030f Mon Sep 17 00:00:00 2001 From: radhikap Date: Thu, 12 Sep 2013 14:59:40 +0530 Subject: [PATCH 10/12] build fixed (cherry picked from commit c98817c2bafbb571e4aa0f663d6c8cfaacc0ca36) Signed-off-by: animesh --- docs/en-US/manage-cloud.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en-US/manage-cloud.xml b/docs/en-US/manage-cloud.xml index d35667382e5..6bc45e21de2 100644 --- a/docs/en-US/manage-cloud.xml +++ b/docs/en-US/manage-cloud.xml @@ -1,5 +1,5 @@ - %BOOK_ENTITIES; ]> From 83a6221dc03d014662e92a3323c5a00fe35a9528 Mon Sep 17 00:00:00 2001 From: radhikap Date: Sat, 14 Sep 2013 09:16:45 +0530 Subject: [PATCH 11/12] known issues added, 4.1 reference removed --- docs/en-US/Release_Notes.xml | 6079 +--------------------------------- 1 file changed, 4 insertions(+), 6075 deletions(-) diff --git a/docs/en-US/Release_Notes.xml b/docs/en-US/Release_Notes.xml index 96cf6e63b39..ce2a7371628 100644 --- a/docs/en-US/Release_Notes.xml +++ b/docs/en-US/Release_Notes.xml @@ -56,7 +56,7 @@ under the License. We hope you enjoy working with &PRODUCT;! - Version 4.2.0 + What's New in 4.2.0
    &PRODUCT; 4.2 includes the following new features.
    @@ -81,14 +81,6 @@ under the License. from a single central Management Server. Usage records can also be consolidated and tracked at the region level, creating reports or invoices for each geographic region. - - - - - - region-overview.png: Nested structure of a region. - -
    Object Storage Plugin Architecture @@ -106,7 +98,7 @@ under the License. that uses the object storage plugin capability introduced in &PRODUCT; 4.2. Several new pluggable service interfaces are available so that different storage providers can develop vendor-specific plugins based on the well-defined contracts that can be - seemlessly managed by &PRODUCT;. + seamlessly managed by &PRODUCT;.
    Zone-Wide Primary Storage @@ -153,14 +145,6 @@ under the License. a configuration file (plugins.js). The next time the user refreshes the UI in the browser, the plugin will appear under the Plugins button in the left navigation bar. - - - - - - plugin4.jpg: The plugin appears in the UI - -
    Networking Enhancements @@ -193,9 +177,6 @@ under the License. - - - @@ -239,16 +220,8 @@ under the License. -
    - Support for KVM - VPC is now supported on KVM hypervisors. -
    -
    - Support for Simultaneously Deploying a VM on VPC and Multiple Shared - Networks - Support for the ability to simultaneously deploy a VM on a VPC tier and one or - more Shared networks is supported. -
    +
    Support for KVMVPC is now supported on KVM + hypervisors.
    Load Balancing Support for VPC In a VPC, you can configure two types of load balancing—external LB and @@ -5291,6048 +5264,4 @@ service cloudstack-agent start
    - - Version 4.1.0 -
    - What’s New in 4.1 - Apache CloudStack 4.1.0 includes many new features. This section covers the most - prominent new features and changes. -
    - Localization - The 4.1.0 release adds partial User Interface (UI) support for Catalan, Chinese, - French, German, Italian, Japanese, Korean, Norwegian, Portuguese, Russian, and Spanish. - Not all languages are complete. - The 4.1.0 release also adds documentation translations for Chinese, Chinese (Taiwan), - Italian, Japanese, Korean, and Portuguese. -
    -
    - Added Region Support - CLOUDSTACK-241: This feature adds a "region" construct that spans several - management servers. The objective of this feature is to add AWS EC2 like Regions - implementation into CloudStack. Regions are dispersed and located in separate geographic - areas. Availability Zones (or Zones in CloudStack) are distinct locations within a Region - that are engineered to be isolated from failures in other Zones and provide inexpensive, - low latency network connectivity to other Zones in the same Region. - Regions are expected to add the following benefits - - - Higher availability of the services: users can deploy services across AZs and even - if one of the AZ goes down the services are still available to the end-user through - VMs deployed in other zones. - - - Higher availability of the Management Server (MS): Since each MS Cluster only - manages a single Region, if that MS Cluster goes down, only that particular Region is - impacted. Admin should be able to access all the other Regions. - - - Scalability: The scalability limit of CloudStack dramatically improves, as the - scalability limit of MS Cluster is limited to a single Region. - - - Object Store: With Regions construct, CloudStack would also allow users to define - Object Store (Secondary Storage) across AZs. This helps users easily deploy VMs in - different AZs using the same template, offerings. - - - Geographical Grouping: Regions allow admins to group AZs (that have low latency - and are geographically located nearby) into a broader region construct. - - - Currently the Region feature is exposed in the API, but does not have a UI - component. -
    -
    - Support for EC2 Query API - CLOUDSTACK-197: This introduces a query API for the AWS APIs that are currently - only supported by SOAP. The AWS Java SDK and AWS PHP SDK should now be supported by the - AWSAPI in CloudStack. - Supported Query APIs in 4.1.0: - - - AllocateAddress - - - AssociateAddress - - - AttachVolume - - - AuthorizeSecurityGroupIngress - - - CreateImage - - - CreateKeyPair - - - CreateSecurityGroup - - - CreateSnapshot - - - CreateTags - - - CreateVolume - - - DeleteKeyPair - - - DeleteSecurityGroup - - - DeleteSnapshot - - - DeleteTags - - - DeleteVolume - - - DeregisterImage - - - DescribeAddresses - - - DescribeAvailabilityZones - - - DescribeImageAttribute - - - DescribeImages - - - DescribeInstanceAttribute - - - DescribeInstances - - - DescribeKeyPairs - - - DescribeSecurityGroups - - - DescribeSnapshots - - - DescribeTags - - - DescribeVolumes - - - DetachVolume - - - DisassociateAddress - - - GetPasswordData - - - ImportkeyPair - - - ModifyImageAttribute - - - RebootInstances - - - RegisterImage - - - ReleaseAddress - - - ResetImageAttribute - - - RevokeSecurityGroupIngress - - - RunInstances - - - StartInstances - - - StopInstances - - - TerminateInstances - - - See the Feature Specification for more information on the Query API support. -
    -
    - Auto-Completing Shell for CloudStack (CloudMonkey) - CLOUDSTACK-132: Adds a auto-completing shell and command-line tool for - &PRODUCT; written in Python, called CloudMonkey. - CloudMonkey includes the following features: - - - Usable as a command line tool and interactive shell. - - - All commands are lowercase unlike API. - - - Api Discovery using sync feature, with build time api precaching for failsafe - sync. - - - Raw api execution support. - - - Auto-completion via double tab. - - - Reverse search using Ctrl+R - - - Emacs compatible key bindings. - - - Output that's "pipeable" to other *nix programs. - - - Unix shell execution. - - - Support to handle asynchronous jobs using user defined blocking or non-blocking - way. - - - Tabular or JSON output with filtering of table columns. - - - Colored output. - - - API parameter value completion (based on predication, fuzzy results may fail - sometimes). - - - CloudMonkey has a few requirements above and beyond CloudStack, and does not need to - be run on the same machine as a management server. If you wish to run - CloudMonkey you'll need Python 2.5 or later, - readline, Pygments, and - prettytable. CloudMonkey can be installed with - pip: - $ pip install cloudmonkey - See the Developer's Guide and the CloudStack - wiki for the latest information on CloudMonkey - installation and use. -
    -
    - API Discovery Service - CLOUDSTACK-926: CloudStack has more than 300 APIs and more are added in each - major release. CloudStack admins can enable or disable APIs, or add plugins which provide - more APIs. The API Discovery Service is a plugin which will help users discover the APIs - available to them on a CloudStack Management Server. - The discovery service implements a method called listApis which - will return information about APIs for a user. It currently accepts an apiName to list api - information of that particular API. The method ensures that user can only list APIs they - are entitled to. - All CloudStack APIs are implemented by annotated command class and PluggableService is - a contract implemented by all the components such as the Management Server and all the - plugins which provide an API. During load time, API discovery service asks all the - pluggable services to return list of API cmd classes from whose fields and annotations it - gathers information about each API, the information consists of name, description, - parameter name, parameter description, etc. - For more information on the implementation of the API Discovery Service for 4.1.0, see - the CloudStack - wiki. -
    -
    - Events Framework - CLOUDSTACK-820: The Events Framework provides a mechanism to publish and - subscribe to events in &PRODUCT;. -
    -
    - Additional VMX Settings - ### -
    -
    - L3 Router Functionality in Nicira Nvp Plugin - ### -
    -
    - Persistent Networks without Running VM - ### -
    -
    - Add/Remove Network on VM - ### -
    -
    - Resize Volumes Feature - ### -
    -
    - Autoscale - ### -
    -
    - API Request Throttling - CLOUDSTACK-618: Limits the number of API requests per second that can be placed - against a management server to avoid DoS attacks via API requests. - The throttling is controlled by the api.throttling.enabled, - api.throttling.interval, and api.throttling.max - configuration settings. Note that api.throttling.enabled is set to - false by default. -
    -
    - S3 Backed Secondary Storage - CLOUDSTACK-509: This enhancement backs NFS secondary storage with an - S3-compatible object store. Periodically, a reaper thread synchronizes the templates, - ISOs, and snapshots stored on a NFS secondary storage mount with a configured S3 object - store. In addition to permitting the use of commodity or IaaS storage solutions for static - assets, it provides a means of automatically synchronizing template and ISO assets across - multiple zones. - See the &PRODUCT; - wiki for more information on this feature, currently the documentation is - incomplete. -
    -
    - User and Domain Admin Can Create API Key and Secret - CLOUDSTACK-437: This feature adds the ability for domain admins and users to - create their own API Key and Secret. Domain admins can create keys for themselves, - subdomain admins, and for regular users, but not for other domain admins. -
    -
    - Support Inline Mode for F5 and SRX - CLOUDSTACK-306: For &PRODUCT; deployments using the Juniper SRX (firewall) and - F5 Big IP (load balancer), &PRODUCT; 4.1.0 supports putting the firewall in front of the - load balancer, making the firewall device the gateway and putting the load balancer behind - the public network. -
    -
    - Egress Firewall Rules for Guest Networks - CLOUDSTACK-299: This feature allows users to create egress (exit) traffic rules - from private networks to public networks (e.g. from your internal - network to the public Internet). By default all traffic is blocked from internal networks - to the public networks, this allows you to open ports as necessary. - Egress traffic rules are suppored only on virtual routers at this time, physical - devices are not supported. -
    -
    - Reset SSH Key to Access VM - CLOUDSTACK-297: &PRODUCT; 4.1.0 introduces a new API - resetSSHKeyForVirtualMachine, that can allow them to set or reset the - SSH keypair assigned to a virtual machine. -
    -
    -
    - Issues Fixed in 4.1.0 - Apache CloudStack uses Jira to track its issues. All new features and bugs for 4.1.0 have been tracked - in Jira, and have a standard naming convention of "CLOUDSTACK-NNNN" where "NNNN" is the - issue number. - This section includes a summary of known issues against 4.0.0 that were fixed in 4.1.0. - Approximately 470 bugs were resolved or closed in the 4.1.0 cycle. - - - - - - - - Defect - - - Description - - - - - - - CLOUDSTACK-46 - - - Remnants of mycloud remain. - - - - - CLOUDSTACK-70 - - - Improve Network Restart Behaviour for Basic Zone: Restarting Network - Fail - - - - - CLOUDSTACK-94 - - - "API command, listIsos documentation clarity - - - - - CLOUDSTACK-95 - - - IP address allocation not working when a user tries to allocate IP addresses - in a Project - - - - - CLOUDSTACK-97 - - - Vmware network labels are ignored when creating a Zone using basic - networking - - - - - CLOUDSTACK-108 - - - VM should not be allowed to be deployed on two Isolated Networks of an Account - that were created from DefaultNetworkOfferingwithSourceNATService - - - - - CLOUDSTACK-118 - - - Status of host resorce stuck in "ErrorInMaintenance" - - - - - CLOUDSTACK-119 - - - Move Agent-Simulator in to the hypervisor plugin model - - - - - CLOUDSTACK-130 - - - Clarify docs on tags parameter in API reference - - - - - CLOUDSTACK-152 - - - Routes on the User VM are programmed incorrectly on a VM present on both - Isolated and Shared Guest Network - - - - - CLOUDSTACK-178 - - - Expose name parameter of VM in list Vm view. - - - - - CLOUDSTACK-198 - - - vpn:failto add VPN Users deletes all the existing Vpn user - - - - - CLOUDSTACK-222 - - - Admin UI prompts to restart Management server with cancel edit - operation - - - - - CLOUDSTACK-225 - - - API Docs: Request params repeated with different description - - - - - CLOUDSTACK-226 - - - UpdatePhysicalNetworkcommand failed due to java.sql.BatchUpdateException ; - Tried to extend the existing Guest VLAN Range of one physical network into the - Guest VLAN range of the other physical network - - - - - CLOUDSTACK-227 - - - ReconnectHostCmd: NullPointerException: Unable to get host Information for - XenServer 6.0.2 host - on intentionally changing the traffic labels on the - physical network - - - - - CLOUDSTACK-228 - - - UI provides an option to reconnect a disconnected host - ServerApiException is - thrown on an attempt - - - - - CLOUDSTACK-232 - - - Zone infrastructure chart -- disable resource total display - - - - - CLOUDSTACK-235 - - - Network rate can be set in 2 places. Clarify docs on how this works - - - - - CLOUDSTACK-249 - - - Add host id to failed VM deploy alerts - - - - - CLOUDSTACK-250 - - - Incorrect description of maintenance mode in admin guide - - - - - CLOUDSTACK-256 - - - "vpn:As an admin user, not able to delete VPN user which is present in a - regular user's network. - - - - - CLOUDSTACK-271 - - - updatePhysicalNetwork dies with an NPE when the vlan range is empty - - - - - CLOUDSTACK-274 - - - Two error codes mapped to same value in API - - - - - CLOUDSTACK-275 - - - hostid not always a UUID - - - - - CLOUDSTACK-277 - - - Message during CloudStack management server Installation: cannot access - /usr/share/cloud/bridge/lib: No such file or directory - - - - - CLOUDSTACK-279 - - - deleteProject fails when executed by the regular user (works fine for - root/domain admin) - - - - - CLOUDSTACK-284 - - - listVirtualMachines does not return deleted machines when zone is - specified - - - - - CLOUDSTACK-290 - - - 3.0.0 template also needed for 2.2.14 to 3.0.5 direct upgrade. - - - - - CLOUDSTACK-293 - - - "We do awful, hacky things in our spec file for client" - - - - - CLOUDSTACK-304 - - - Add synchronization for createSnapshot command per host basis - - - - - CLOUDSTACK-309 - - - iptables rules being deleted from wrong VM after a migration - - - - - CLOUDSTACK-318 - - - Adding XenServer Host Fails - 6.0.2 fails with 4.0.0 - - - - - CLOUDSTACK-320 - - - "sessionKey query parameter should be case-insensitive, now only sessionkey is - accepted" - - - - - CLOUDSTACK-322 - - - During upgrade displays error - a foreign key constraint fails - (`cloud/#sql-f34_6e`.. - - - - - CLOUDSTACK-332 - - - "count" property in list* API response should be equal to how many entries in - database, not how many objects in API response - - - - - CLOUDSTACK-333 - - - When Datacenter name in VCenter has spaces Primary Storage (VMFS) discovery - will fail - - - - - CLOUDSTACK-335 - - - KVM VPC load balancer not working - - - - - CLOUDSTACK-336 - - - listZones doesn't honour paging - - - - - CLOUDSTACK-343 - - - "Document what tools and packages are required to build, package and install - CloudStack 4.0 - - - - - CLOUDSTACK-346 - - - Cannot add Vmware cluster with class loader conflict exception - - - - - CLOUDSTACK-347 - - - listNetworks API: return vlan information only when the caller is ROOT - admin - - - - - CLOUDSTACK-348 - - - deleteNetwork does not clean up network resource count correctly - - - - - CLOUDSTACK-354 - - - Display of storage statistics is wrong - - - - - CLOUDSTACK-355 - - - "Fix ""count"" in a bunch of API commands - - - - - CLOUDSTACK-357 - - - "ISOs can be deleted while still attached to a running VM, and they - subsequently cannot be detached from a running VM - - - - - CLOUDSTACK-359 - - - PropagateResourceEventCommand failes in cluster configuration - - - - - CLOUDSTACK-361 - - - Wrong creation of guest networks on a KVM host in Multiple Physical Networks - with guest traffic - - - - - CLOUDSTACK-364 - - - Docs point to download.cloud.com for AWS API script - - - - - CLOUDSTACK-368 - - - OVM - cannot create guest VM - - - - - CLOUDSTACK-369 - - - ASF 4.0 - unable to support XenServer 6.1 host - - - - - CLOUDSTACK-373 - - - "static NAT and Firewall is not working on external firewall device SRX, it - needs to be implemented - - - - - CLOUDSTACK-377 - - - provide deployment config access to marvin's testcase - - - - - CLOUDSTACK-378 - - - mavenize marvin on master - - - - - CLOUDSTACK-390 - - - Install Guide: Section 4.5.7 (Prepare the System VM Template): Links go to - cloud.com - - - - - CLOUDSTACK-397 - - - Install Guide: Section 11.1 (Guest Traffic): Diagram is the wrong - diagram - - - - - CLOUDSTACK-398 - - - Install Guide: Section 11.17.3 (Using VPN with Mac OSX): Not complete - - - - - CLOUDSTACK-404 - - - Update docs on the usage of cloud-setup-database - - - - - CLOUDSTACK-412 - - - Data truncation: Out of range value for column 'ram' at row - - - - - CLOUDSTACK-415 - - - restartNetwork call causes VM to be unreachable when Nicira based SDN is - used - - - - - CLOUDSTACK-416 - - - XCP 1.6beta2 (61002c) - can't add a host - - - - - CLOUDSTACK-417 - - - Handle password server securely to run on port 8080 on VR - - - - - CLOUDSTACK-424 - - - Updated userdata not propagating to the VR - - - - - CLOUDSTACK-427 - - - Change hardcoded step number references to dynamic link - - - - - CLOUDSTACK-428 - - - Storage capacity shown in UI is incorrect - - - - - CLOUDSTACK-435 - - - Vmware network labels are ignored when creating a Zone using basic - networking - - - - - CLOUDSTACK-441 - - - Running mgmt server using jetty fails to start api server - - - - - CLOUDSTACK-446 - - - "Host going to alert state, if you are adding already added host - - - - - CLOUDSTACK-448 - - - SSVM bootstrap failure on XenServer hosts with E3 CPU - - - - - CLOUDSTACK-456 - - - License tag in SPEC isn't what RPM is expecting - - - - - CLOUDSTACK-459 - - - [Optional Public IP assignment for EIP with Basic Zone] Associate IP Checkbox - in Create Network Offering Dialog is Displayed When Elastic LB is Selected - - - - - CLOUDSTACK-462 - - - A few corrections to make to the 4.0.0 installation guide - - - - - CLOUDSTACK-464 - - - "Regression in AWSAPI docs, entire sections removed - - - - - CLOUDSTACK-465 - - - French language file quotes are dropping javascript syntax error - - - - - CLOUDSTACK-467 - - - Developer's Guide points to cloud.com for API reference - - - - - CLOUDSTACK-479 - - - UpdateVirtualMachine api fails to propagate userdata to domr - - - - - CLOUDSTACK-481 - - - Installation Guide Doc Error - - - - - CLOUDSTACK-493 - - - 2.2.x-3.0 DB upgrade support for Advance SG enabled network - - - - - CLOUDSTACK-499 - - - cloudmonkey CLI can't accept complex parameter - - - - - CLOUDSTACK-500 - - - Passwd-server iptables rules are dropped on domr on fresh start or on - reboot. - - - - - CLOUDSTACK-501 - - - Apidocs and marvin does not know how to handle Autoscaling docs. - - - - - CLOUDSTACK-504 - - - Duplicate guest password scripts in codebase. - - - - - CLOUDSTACK-507 - - - fix api docs for listSSHKeyPair - - - - - CLOUDSTACK-508 - - - CLVM copies template to primary storage unnecessarily. - - - - - CLOUDSTACK-510 - - - Add button not visible when adding public IPs to physical network. - - - - - CLOUDSTACK-514 - - - Marvin and Cloudmonkey don't work when an API target uses https or an - alternate path. - - - - - CLOUDSTACK-518 - - - API refactoring -- change @Parameter annotation and remove the @IdentityMapper - annotation. - - - - - CLOUDSTACK-520 - - - Dependency jar names mismatch with install-non-oss.sh - - - - - CLOUDSTACK-521 - - - Build will hung up when doing test for TestAgentShell - - - - - CLOUDSTACK-522 - - - Log requests in cloudmonkey's log file. - - - - - CLOUDSTACK-527 - - - List API performance optimization by using DB views and removing UUID - conversion. - - - - - CLOUDSTACK-534 - - - Failed to add host - - - - - CLOUDSTACK-536 - - - remove citrix cloudpatform from 4.0 build - CloudStack is ASF project. - - - - - CLOUDSTACK-539 - - - Cropped Text in UI under Quick View. - - - - - CLOUDSTACK-552 - - - ]Quick view details for a volume displays scroll bar in place of name of the - volume when the name of the volume has more no of characters. - - - - - CLOUDSTACK-553 - - - "SRX - When adding SRX device make "Public Network" - default to "untrusted" - and "Private Network" - default to "trusted" as un-editable fields. - - - - - CLOUDSTACK-556 - - - Erratic window behavior in Quick View tooltip. - - - - - CLOUDSTACK-559 - - - source code import problem - - - - - CLOUDSTACK-560 - - - Usage server doesn't work in 4.0.0 due to missing db changes - - - - - CLOUDSTACK-572 - - - SG Enabled Advanced Zone - Not able to deploy a VM in an account specific - shared network - - - - - CLOUDSTACK-573 - - - "NPE at - ""com.cloud.network.NetworkManagerImpl.networkOfferingIsConfiguredForExternalNetworking(NetworkManagerImpl.java:4345)"" - when create network from the network offering having NULL provider for the - service - - - - - CLOUDSTACK-578 - - - The already deleted same hostname is not deleted from /etc/hosts of - vRouter - - - - - CLOUDSTACK-584 - - - "typos in - ""Apache_CloudStack-4.0.0-incubating-CloudStack_Nicira_NVP_Guide-en-US"" - - - - - CLOUDSTACK-590 - - - Incorrect Network Gateways Assigned to System VM - - - - - CLOUDSTACK-592 - - - "API bloat, unknown apis cmd classes - - - - - CLOUDSTACK-593 - - - "2 guest network, auto create vlan error - - - - - CLOUDSTACK-596 - - - DeployVM command takes a lot of time to return job id. - - - - - CLOUDSTACK-599 - - - DhcpEntryCommand fails on Router VM on CS4.0 and vSphere5 with Advanced - Network Zone. - - - - - CLOUDSTACK-600 - - - When rebooting KVM local storage VM host, libvirt definitions deleted - - - - - CLOUDSTACK-605 - - - Host physical CPU is incorrectly calculated for Vmware host - - - - - CLOUDSTACK-606 - - - Starting VM fails with 'ConcurrentOperationException' in a clustered MS - scenario - - - - - CLOUDSTACK-614 - - - "ListTemplates API is not returning ""Enable SSH Key"" attribute for any given - template - - - - - CLOUDSTACK-617 - - - Unable to edit a Sub domain - - - - - CLOUDSTACK-639 - - - API Refactoring: Adapters for ACL - - - - - CLOUDSTACK-648 - - - The normal users could change their own login password. - - - - - CLOUDSTACK-660 - - - Network Traffic Labels are not functional in Marvin - - - - - CLOUDSTACK-683 - - - Image Is Missing in the Accessing VM Section - - - - - CLOUDSTACK-689 - - - RVR: Stop pending flag is not cleared when user start the disconnected router - from another host - - - - - CLOUDSTACK-691 - - - A warning dialog box shows after reloading the welcome page. - - - - - CLOUDSTACK-693 - - - Adding a VPC virtual router to a NiciraNVP enabled network fails. - - - - - CLOUDSTACK-694 - - - "Create a new VPC network offering with "connectivity" option needed for SDN - networking) is not allowed / VPC support for SDN networks - - - - - CLOUDSTACK-717 - - - cloudmonkey fails to parse/print response. - - - - - CLOUDSTACK-720 - - - Fail to load a png image when accessing the web console. - - - - - CLOUDSTACK-721 - - - Bytes sent/received in user statistics is empty (CloudStack 4.0) - - - - - CLOUDSTACK-725 - - - UI: Error when the Egress rules tab is selected for a network. - - - - - CLOUDSTACK-734 - - - api_refactoring: CreateAccountCmd fails to send response due to NPE in service - layer - - - - - CLOUDSTACK-735 - - - Integration smoke tests: Fix expunge vm test on api_refactoring - - - - - CLOUDSTACK-736 - - - Integration smoke tests: Fix check for vm name for the deployvm smoke - test. - - - - - CLOUDSTACK-793 - - - "Create cloudmonkey-helper, a plugin that helps autodiscover and sync api info - via an api over some endpoint - - - - - CLOUDSTACK-798 - - - Move usage related cmd classes from cloud-server to cloud-api - - - - - CLOUDSTACK-799 - - - [Load Test] Check router statistics falls behind in gathering stats by more - than 2 times the set value - - - - - CLOUDSTACK-819 - - - Create Account/User API logging password in access log - - - - - CLOUDSTACK-863 - - - Non-printable characters (ASCII control character) such as %00 or %0025 are - getting stored in raw/non encoded form in the database - - - - - CLOUDSTACK-870 - - - Client UI: Wrong character encoding for some language - - - - - CLOUDSTACK-928 - - - [Simulator] Latency for Agent Commands - change unit of wait from seconds to - milliseconds - - - - - CLOUDSTACK-938 - - - s2s VPN trouble - - - - - CLOUDSTACK-959 - - - Missing sub-sections in document section System Service Offering - - - - - CLOUDSTACK-968 - - - marvin: vlan should be an attribute of the physical_network and not the - zone - - - - - CLOUDSTACK-977 - - - Document how to use openvswitch with KVM hypervisor - - - - - CLOUDSTACK-978 - - - TypeError: instance.displayname is undefined while adding VM's to the LB - rule - - - - - CLOUDSTACK-985 - - - Different MAC address for RvR caused issue in short term network outage - - - - - CLOUDSTACK-987 - - - Sections missing in Working With Snapshots - - - - - CLOUDSTACK-993 - - - "admin"" user is not getting created when management server is started. - - - - - CLOUDSTACK-995 - - - Not able to add the KVM host - - - - - CLOUDSTACK-1002 - - - Not able to start VM - - - - - CLOUDSTACK-1006 - - - need to disable service libvirt-guests in CentOS packaging RPMs, or in - installation docs - - - - - CLOUDSTACK-1008 - - - "Egress"" tab should not be presented in the UI for Shared Networks - - - - - CLOUDSTACK-1010 - - - Host count and Secondary storage count always shows 1 in UI - - - - - CLOUDSTACK-1011 - - - KVM host getting disconnected in cluster environment - - - - - CLOUDSTACK-1013 - - - running cloudstack overwrites default public/private ssh key - - - - - CLOUDSTACK-1014 - - - Merge ManagementServer and ManagementServerEx - - - - - CLOUDSTACK-1016 - - - Not able to deploy VM - - - - - CLOUDSTACK-1021 - - - the vlan is not creat to right nic. when i creat multi guest network - - - - - CLOUDSTACK-1024 - - - Regression: Unable to add Xenserver host with latest build. - - - - - CLOUDSTACK-1027 - - - "Update SSL certificate" button should properly reflect its - functionality - - - - - CLOUDSTACK-1029 - - - Enter the token to specified project is malfunctioned - - - - - CLOUDSTACK-1037 - - - "Make cloudmonkey awesome-er: Online help docs and api discovery, better - colored output, parameter value autocompletion - - - - - CLOUDSTACK-1050 - - - No Documentation on Adding a Load Balancer Rule - - - - - CLOUDSTACK-1051 - - - API dispatcher unable to find objectVO corresponding to - DeleteTemplatecmd - - - - - CLOUDSTACK-1055 - - - "The overlay still exists when the ""Recurring Snapshots"" dialog is canceled - by pressing esc key. - - - - - CLOUDSTACK-1056 - - - S3 secondary storage fails to upload systemvm template due to KVMHA - directory - - - - - CLOUDSTACK-1057 - - - regression of changeServiceForVirtualMachine API - fails to find service - offering by serviceOfferingId parameter - - - - - CLOUDSTACK-1063 - - - "SG Enabled Advanced Zone - "Add Guest Networks" - When user tries to add a - guest Network with scope as "Account" he should NOT be presented with "Offering - for shared security group enabled" - - - - - CLOUDSTACK-1064 - - - A type error occurs when trying to add account/register template... - - - - - CLOUDSTACK-1068 - - - Names in VR list is useless - - - - - CLOUDSTACK-1070 - - - javelin: NPE on executing registerIso API - - - - - CLOUDSTACK-1071 - - - Netscaler element is not getting loaded as part of LoadBalancing Service - Providers - - - - - CLOUDSTACK-1078 - - - Not able to start System Vms on Rhel 6.3 KVM host - - - - - CLOUDSTACK-1079 - - - Deploying AWSAPI with mvn -pl :cloud-awsapi jetty:run fail - - - - - CLOUDSTACK-1082 - - - UI doesn't throw any error message when trying to delete ip range from a - network that is in use. - - - - - CLOUDSTACK-1083 - - - listUsageRecords api: removed project results in NPE - - - - - CLOUDSTACK-1087 - - - Update the Developer Guide for ASFCS 4.1 Release - - - - - CLOUDSTACK-1088 - - - EnableStaticNat error will clear the data in database - - - - - CLOUDSTACK-1094 - - - Ipv6 - hostname/hostname --fqdn does not return the name of the VM. But i am - able to reach the Vm using their names - - - - - CLOUDSTACK-1095 - - - Ipv6 - dhclient command needs to be run manually on the Vms to get the Ipv6 - address - - - - - CLOUDSTACK-1100 - - - Expunge thread is not kicked off based on global configuration if the global - setting is less than 60 seconds - - - - - CLOUDSTACK-1103 - - - "IpV6 - listNetwork() command does not retrun gateway,netmask,cidr - - - - - CLOUDSTACK-1104 - - - Ipv6 - listVlanIpRanges() returns error 530 - - - - - CLOUDSTACK-1105 - - - "IpV6 - listVirtualMachines() does not return netmask, - gateway,ipaddress. - - - - - CLOUDSTACK-1107 - - - Ipv6 - Unable to extend Ip range for a Ipv6 network using craeteVlanIpRange() - command - Error code 530 returned - - - - - CLOUDSTACK-1108 - - - Ipv6 - Not able to restart Networks - - - - - CLOUDSTACK-1109 - - - "Ipv6 - Unable to expunge User Vms that are "Destroyed". - - - - - CLOUDSTACK-1111 - - - Ipv6 - listRouters() does not return guestipaddress/ - - - - - CLOUDSTACK-1112 - - - "Errors in "Prepare the System VM Template" - - - - - CLOUDSTACK-1113 - - - "Ipv6 - Not able to deploy a new VM in this network because of "Unable to - allocate Unique Ipv6 address" - - - - - CLOUDSTACK-1114 - - - unable to execute listegressfirewallrules API due invalid value id - - - - - CLOUDSTACK-1115 - - - In multiple shared network unable to login with default nic - KVM - - - - - CLOUDSTACK-1123 - - - ListStoragePools API broken by refactor - - - - - CLOUDSTACK-1138 - - - "Providing invalid values for gateway, netmask etc in the zoneWizard blocks - the VLAN container to load, throwing an error - - - - - CLOUDSTACK-1139 - - - "After the Vm is "Expunged" we see the entry still being present in the router - in /etc/dhcphosts.txt - - - - - CLOUDSTACK-1141 - - - "Ipv6 - After network restart (and reboot router), we do not see the existing - vms dnsentries not being programmed in the router. - - - - - CLOUDSTACK-1152 - - - Missing tag in host-add.xml - - - - - CLOUDSTACK-1153 - - - "Ipv6 - Vm deployment fails with "n must be positive" error. - - - - - CLOUDSTACK-1154 - - - Account/Users related API failed due to RegionService inject exception. - - - - - CLOUDSTACK-1157 - - - No API Documentation on Listing Custom User Templates Using CS4 API - - - - - CLOUDSTACK-1160 - - - References to version=3.0.3|4|5|6 in API classes needs to be removed. - - - - - CLOUDSTACK-1161 - - - Differences between 4.1 and master in - ongoing-config-of-external-firewalls-lb.xml - - - - - CLOUDSTACK-1163 - - - Failed with NPE while creating firewall rule - - - - - CLOUDSTACK-1168 - - - Create firewall rule broke - - - - - CLOUDSTACK-1173 - - - ConsoleProxyResource instantiation exception. - - - - - CLOUDSTACK-1174 - - - Snapshots related SQL error. - - - - - CLOUDSTACK-1176 - - - Issue with snapshots(create/list) - - - - - CLOUDSTACK-1181 - - - mvn deploy db failing with NPE - - - - - CLOUDSTACK-1190 - - - Make APIChecker interface throw a single sensible exception. - - - - - CLOUDSTACK-1200 - - - "Unknown column 'vm_instance.disk_offering_id' in table vm_instance, db - exception shown in MS log - - - - - CLOUDSTACK-1201 - - - "Failed to create ssh key for user "cloud" - /var/lib/cloud/management/.ssh/id_rsa and failed to start management server - - - - - CLOUDSTACK-1202 - - - Fail to install KVM cloud-agent. - - - - - CLOUDSTACK-1203 - - - Fail to create advance zone with SG enabled when UI allows SG enabled - option. - - - - - CLOUDSTACK-1204 - - - Fail to create advance zone due to fail to add host - - - - - CLOUDSTACK-1205 - - - Ipv6 - Ubuntu 12.10 guest Vms loses default route (after it expiration time ~ - 30 mts) when ipv6.autoconfig parameters are disabled except for - net.ipv6.conf.lo.autoconf which is enabled. - - - - - CLOUDSTACK-1206 - - - Failure in Copy of System template - - - - - CLOUDSTACK-1210 - - - Make all pluggable services return list of api cmd classes - - - - - CLOUDSTACK-1216 - - - UUID is null for admin and failed to register user key with 4.0 - - - - - CLOUDSTACK-1218 - - - "IPv6: Shared Network - After network restart with clean option, router is - assigned a different address. Name resolution for the existing guest Vms in the - network fails. - - - - - CLOUDSTACK-1219 - - - Ipv6 - Provide better error messages when deploying a Vm with Ip an address - that is outside the network's ip range / if the ip address already is assigned to - another Vm - - - - - CLOUDSTACK-1220 - - - Ipv6 - Better error message when deploy Vm fails to get a free Ip - address - - - - - CLOUDSTACK-1222 - - - API rate limit configs: removed double quote in upgrade script - - - - - CLOUDSTACK-1223 - - - Exception while starting jetty server: - org.springframework.beans.factory.BeanCreationException Error creating bean with - name 'apiServer' - - - - - CLOUDSTACK-1224 - - - Volume snapshot creation failing - - - - - CLOUDSTACK-1226 - - - Error while running Cloudstack-setup-database - - - - - CLOUDSTACK-1228 - - - Unable to Create System Vm's in the VMware Hypervisor setup - - - - - CLOUDSTACK-1229 - - - Incorrect SQL syntax to insert api limit related configuration items in - upgrade path script. - - - - - CLOUDSTACK-1231 - - - cloud-install-sys-tmplt failed due to missing path - - - - - CLOUDSTACK-1232 - - - "Ipv6 - Guest Vms are not able to get Ipaddress when executing dhclient - command when using ""/96"" network. - - - - - CLOUDSTACK-1233 - - - Veewee configuration files are inappropriately identified as ASLv2 licensed - file - - - - - CLOUDSTACK-1234 - - - Unable to start KVM agent with 4.1 build. - - - - - CLOUDSTACK-1237 - - - "Register Template fails with ""Cannot find template adapter for - XenServer"" - - - - - CLOUDSTACK-1239 - - - Unable to registerISO :unhandled exception executing api command: - registerIso - - - - - CLOUDSTACK-1240 - - - Unable to registerTemplate : Cannot find template adapter for - XenServer. - - - - - CLOUDSTACK-1241 - - - Network apply rules logic is broken. - - - - - CLOUDSTACK-1242 - - - [F5-SRX-InlineMode] Failed to create LB rule with F5-SRX inlinemode - deployment - - - - - CLOUDSTACK-1243 - - - Failed to cleanup account :java.lang.NullPointerException - - - - - CLOUDSTACK-1244 - - - fail to push sysmvm.iso onto xen host - - - - - CLOUDSTACK-1246 - - - "[ ALU beta CS 4.1 build2] ""Guest network"" missing in Add Zone wizard ( step - 3, Setup Network \ Physical Network) - - - - - CLOUDSTACK-1251 - - - Baremetal zone doesn't need primary/secondary storage in UI wizard. - - - - - CLOUDSTACK-1252 - - - Failed to download default template in VMware. - - - - - CLOUDSTACK-1260 - - - Failed to register template: Unable to find template adapter - - - - - CLOUDSTACK-1261 - - - Cannot find template adapter for XenServer. - - - - - CLOUDSTACK-1262 - - - "Failed to Prepare Secondary Storage in VMware, - - - - - CLOUDSTACK-1265 - - - logrotate dnsmasq configuration is wrong - - - - - CLOUDSTACK-1267 - - - KVM's cloudstack-agent service doesn't log (log4j) - - - - - CLOUDSTACK-1269 - - - Failed to start CPVM java.lang.NullPointerException Unable to start - SSVM - - - - - CLOUDSTACK-1272 - - - Autoscale: createAutoScaleVmProfile fails due to unable to retrieve Service - Offering ip - - - - - CLOUDSTACK-1274 - - - UpdateNetworkCmd throws NP - - - - - CLOUDSTACK-1276 - - - Remove autoscanning for 4.1 - - - - - CLOUDSTACK-1277 - - - ApiResponseHelper.createUserVmResponse failed to populate password field set - from UserVm object - - - - - CLOUDSTACK-1278 - - - Improper permissions on injectkeys.sh - - - - - CLOUDSTACK-1288 - - - [F5-SRX-InlineMode] classCastException during network restart with cleanup - option true - - - - - CLOUDSTACK-1289 - - - [F5-SRX-InlineMode] Usage stats are not generated for Juniper SRX Firewall in - inlinemode - - - - - CLOUDSTACK-1290 - - - listNetoworks API takes too long to respond - - - - - CLOUDSTACK-1292 - - - "[F5-SRX-InlineMode] Update network from SRX,F5 as service provideds to VR as - service provider does not delete firewall rules from SRX - - - - - CLOUDSTACK-1295 - - - NPE in usage parsers due to missing @Component inject - - - - - CLOUDSTACK-1299 - - - Errors in 4.5.5 section of installation guide - - - - - CLOUDSTACK-1300 - - - section in wrong order in installation guide - - - - - CLOUDSTACK-1303 - - - Ipv6 - java.lang.NullPointerException when executing listnetworks() and - deployVirtualMachine() after extending the Ipv4 range of a dual stack - network - - - - - CLOUDSTACK-1307 - - - Noticed NPE when we put host in maintenance mode in clustered management - setup - - - - - CLOUDSTACK-1310 - - - ASF-build-master-nonoss-rhel63 - create advance zone FAIL - - CreatePhysicalNetworkCmd FAIL - MySQLIntegrityConstraintViolationException: - Duplicate entry '200-Public' for key 'physical_network_id' - - - - - CLOUDSTACK-1312 - - - "Fix rolling upgrades from 4.0 to 4.1 in 4.1 release, fix db schemas to be - same as 4.0 - - - - - CLOUDSTACK-1313 - - - Working with Volumes Section Is Missing - - - - - CLOUDSTACK-1315 - - - [F5-SRX-InlineMode] Network implement failed with Run time Exception during - network upgrade from VR to SRX-F5 - - - - - CLOUDSTACK-1319 - - - createCustomerVpnGateway response gives TypeError: - json.createvpncustomergatewayresponse is undefined - - - - - CLOUDSTACK-1320 - - - Routers naming convention is changed to hostname. - - - - - CLOUDSTACK-1321 - - - [Site-to-Site VPN] No events are generated in case of status change in site to - site vpn connection - - - - - CLOUDSTACK-1326 - - - KVM - Failed to start cloud agent from SSVM - - - - - CLOUDSTACK-1328 - - - console view unable to connect - CPVM SSVM guest VM - - - - - CLOUDSTACK-1329 - - - "API listRouters response returns hostname instead of Virtual Routers, UI - displays host entry for each VR - - - - - CLOUDSTACK-1330 - - - ec2-run-instances - When -n option is used to deploy multiple Vms API returns - error even though few of the Vms have been deployed successfully - - - - - CLOUDSTACK-1331 - - - Upgrade fails for a 2.2.14 Zone having multiple guest networks using - network_tags and Public Vlan - - - - - CLOUDSTACK-1332 - - - IPV6 - Router and guest Vms should be able to use an IPV6 address for external - DNS entry - - - - - CLOUDSTACK-1334 - - - vmware.root.disk.controller doesn't work - - - - - CLOUDSTACK-1337 - - - Zone to zone template/ISO copy fails and template/ISO download also - fail - - - - - CLOUDSTACK-1338 - - - Deploy VM failed using IS - - - - - CLOUDSTACK-1339 - - - ASF 4.1: Management server becomes unresponsive - - - - - CLOUDSTACK-1341 - - - URL for the KEYs file is wrong in the installation guide - - - - - CLOUDSTACK-1342 - - - Document installation and usage of cloudmonkey for 4.1 docs - - - - - CLOUDSTACK-1343 - - - Porting Baremetal related UI changes to ACS - - - - - CLOUDSTACK-1344 - - - Typo in use.external.dns setting description - - - - - CLOUDSTACK-1345 - - - BigSwitch plugin introduces 'VNS' isolation in UI without backend - implementation - - - - - CLOUDSTACK-1346 - - - "Check to see if external devices are used in the network, is hardcoded for - specific devices - - - - - CLOUDSTACK-1347 - - - "Not able to delete network. Error - "Unable to insert queue item into - database, DB is full?" - - - - - CLOUDSTACK-1348 - - - API/UI: zoneObj is undefined. - - - - - CLOUDSTACK-1349 - - - "VPC network Adding Network ACls, PF rules - Unable to insert queue item into - database, DB is full? PF rules and NW Acls in Add state in DB - - - - - CLOUDSTACK-1350 - - - Management server Stop and start causes previously downloaded ISOs and - templates to redownload & reinstall. - - - - - CLOUDSTACK-1353 - - - KVM 6.3 snapshot Scheduling snapshot failed due to - java.lang.NullPointerException - - - - - CLOUDSTACK-1357 - - - "Autoscale: Provisioned VMs from Netscaler not being added to lb vserver, - provserver fails with provserver_err_asynctaskpoll - - - - - CLOUDSTACK-1360 - - - The clusterid field of the createStoragePool API command should be documented - as required. - - - - - CLOUDSTACK-1367 - - - NPE noticed in logs while AgentMonitor is monitoring the host ping - interval - - - - - CLOUDSTACK-1368 - - - Shared network - Not able to delete network because of - java.lang.NullPointerException - - - - - CLOUDSTACK-1369 - - - "Ipv6 - In dual Stack network, guest VM does not have the Ipv6 address of the - router programmed in /etc/resolv.conf for DNS resolution. - - - - - CLOUDSTACK-1370 - - - DeployVM Fail - VPC or non-VPC network - - - - - CLOUDSTACK-1375 - - - deploydb failing with acs master - - - - - CLOUDSTACK-1376 - - - Unable to migrate VM due to internal error process exited while connecting to - monitor - - - - - CLOUDSTACK-1377 - - - HA fail - when host is shutdown, VMs and SSVMs are not failover to second host - in cluster. - - - - - CLOUDSTACK-1382 - - - vm deploy fails with Error "cannot find DeployPlannerSelector for vm" - - - - - CLOUDSTACK-1383 - - - Deploying basic zone on 4.1 fails in NPE - - - - - CLOUDSTACK-1386 - - - BASIC zone SSVM fail to start due to exception - - - - - CLOUDSTACK-1388 - - - UI - ListUsers doesnt display any User except the Default Root Admin - User - - - - - CLOUDSTACK-1391 - - - EventBus is not getting injected after javelin merge - - - - - CLOUDSTACK-1394 - - - [F5-SRX-InlineMode] Failure in static nat configuration on SRX does not result - in LB configuration error in CS during LB rule configuration - - - - - CLOUDSTACK-1397 - - - Static Nat configuration is failing with NPE - - - - - CLOUDSTACK-1399 - - - Unhandled exception executing api command: stopVirtualMachine - - - - - CLOUDSTACK-1402 - - - listRouters API response doesn't return linklocal IP and public IP - details - - - - - CLOUDSTACK-1403 - - - Storage and console-proxy related error - - - - - CLOUDSTACK-1411 - - - Issues with VMWare Hypervisor host_ids not updated when ESX(i) crashes in - instance table - - - - - CLOUDSTACK-1414 - - - Redundant router: BACKUP switch cancelled due to lock timeout after a glitch - in network. - - - - - CLOUDSTACK-1417 - - - When invalid values are passed to createNetwork(), error message does not - indicate the parameter name that has invalid values. - - - - - CLOUDSTACK-1418 - - - As regular user, we are not allowed to deploy VM on a shared network. - - - - - CLOUDSTACK-1419 - - - Apache-ify and apply trademark logos in the UI - - - - - CLOUDSTACK-1420 - - - Ensure trademarks are properly attributed in publican brand - - - - - CLOUDSTACK-1423 - - - Unable to launch UI [HTTP Status 404]. - - - - - CLOUDSTACK-1425 - - - unhandled exception executing api command: migrateVirtualMachine & - recoverVirtualMachine - - - - - CLOUDSTACK-1427 - - - Failed to delete Guestnetwork which has LB with Netscaler - - - - - CLOUDSTACK-1428 - - - [UI] Instance which are created without display name are not visible when - added to LB - - - - - CLOUDSTACK-1429 - - - single account is unable to use same vnet across multiple physical - network - - - - - CLOUDSTACK-1436 - - - 4.1 management server fails to start from RPM build artifact - - - - - CLOUDSTACK-1443 - - - As domain admin we are allowed to create shared network - - - - - CLOUDSTACK-1446 - - - [UI]VPC Router type should be of type vpc and not system - - - - - CLOUDSTACK-1447 - - - [UI]Persistent Status is not displayed for VPC Tier - - - - - CLOUDSTACK-1449 - - - listAccounts and listProjectAccounts API lists all the users not - account-specific users for each account returned - - - - - CLOUDSTACK-1451 - - - Getting EntityExistsException while creating more than one project in CS - 4.1 - - - - - CLOUDSTACK-1452 - - - Public IP's are assigned to private interface with VPC Restart [PF/LB rules - are not functional - - - - - CLOUDSTACK-1461 - - - "Ipv6 - From a Vm that that is part of 2 networks, non default network - router's details should not get programmed in the DNS entries of the guest - VM. - - - - - CLOUDSTACK-1463 - - - IPV6 - Ubuntu 12.10 - Multiple Nic - IPV6 address is assigned automatically - for 1 nic only. Need to do a manual dhclient request to get the ipv6 for other - nic. - - - - - CLOUDSTACK-1464 - - - "IPV6 - Multi nic - Ubuntu 1210 -When Vm is stopped and started/ rebooted, i - get multiple global IPV6 addresses being allocated for one of the nics. - - - - - CLOUDSTACK-1465 - - - List Zones returns null under create instance when logged is as user - - - - - CLOUDSTACK-1467 - - - Failed to create Volume for the System VMs - - - - - CLOUDSTACK-1469 - - - kvm agent: agent service fails to start up - - - - - CLOUDSTACK-1470 - - - unhandled exception executing api command: deployVirtualMachine - - - - - CLOUDSTACK-1472 - - - AssignVirtualMachine API with wrong Virtual Instance ID failed with NPE - - - - - CLOUDSTACK-1473 - - - deleteDomain is failing with NPE - - - - - CLOUDSTACK-1481 - - - "IPV6 - When Vm is part of 1 dual network and 1 ipv6 network, name resolution - using fqdn fails for the ipv6 network. - - - - - CLOUDSTACK-1482 - - - IPV6 - We are not allowed to create a shared IPV6 network with a VLAN which - already is associated with a IPV4 network - - - - - CLOUDSTACK-1484 - - - API Throttling : api.throttling.enabled, Global setting missing - - - - - CLOUDSTACK-1485 - - - Add Baremetal Provider back to 4.1 branch - - - - - CLOUDSTACK-1487 - - - cloudstack-setup-agent fails to set private.network.device on KVM host - add - - - - - CLOUDSTACK-1488 - - - "Ipv6 - When Vm is deployed as part of multiple networks, one of the IPV6 - address assigned to guest VM is lost. - - - - - CLOUDSTACK-1490 - - - 4.1 deb management fails to start due to tomcat dep problem - - - - - CLOUDSTACK-1496 - - - List API Performance: listAccounts failing with OOME for high values of - pagesize (>1000) - - - - - CLOUDSTACK-1499 - - - ListAPI Performance for few APIs not as good as it was before API - optimization - - - - - CLOUDSTACK-1503 - - - listHypervisor API not getting fired when logged in as User - - - - - CLOUDSTACK-1505 - - - Unknown column 'domain.region_id' in 'field list' - - - - - CLOUDSTACK-1509 - - - Failed to implement network elements and resources while provisioning for - persistent network(createVlanIpRange to an account - - - - - CLOUDSTACK-1511 - - - [UI] Instances NIC details does not have Network Name - - - - - CLOUDSTACK-1512 - - - [UI] Wrong message[message.configure.all.traffic.types] when trying to create - zone with mulitple physical networks without providing the traffic label - - - - - CLOUDSTACK-1515 - - - None of the cloudstack packges are marked for upgrade when tried to upgrade - from.4.0/4.0.1 to 4.1 - - - - - CLOUDSTACK-1516 - - - Create documentation in languages that have translations available - - - - - CLOUDSTACK-1517 - - - Check UI in languages available - - - - - CLOUDSTACK-1521 - - - Redundant router: Services are not stopped when switch to BACKUP state - - - - - CLOUDSTACK-1526 - - - Template registration fails in the VMware Setup - - - - - CLOUDSTACK-1531 - - - vmware create volume from snapshot will missing date - - - - - CLOUDSTACK-1537 - - - Restart network with clean up set to true causes Autoscaled LB rule to get - mangled and unusable - - - - - CLOUDSTACK-1541 - - - NPE while deleting snapshot :Unexpected exception while executing - org.apache.cloudstack.api.command.user.snapshot.DeleteSnapshotCmd - - - - - CLOUDSTACK-1542 - - - unhandled exception while creating project - - - - - CLOUDSTACK-1544 - - - The description and the response format for the deleteUser command are - incorrect - - - - - CLOUDSTACK-1550 - - - createaccountresponse returns more than the user you requested for - creation - - - - - CLOUDSTACK-1553 - - - AWS Regions-Not able to list accounts from the 2nd region after - user/account/domain details have been manually synced up from first region - - - - - CLOUDSTACK-1555 - - - "AWS Regions - userapikey and usersecretkey parameters are not returned in the - response of addRegion, updateRegion listRegion api calls.. - - - - - CLOUDSTACK-1557 - - - EC2 REST API : cloudbridge database is missing on the CloudStack - Installation - - - - - CLOUDSTACK-1562 - - - Replace the short-cut solution of supportting @DB with the formal one - - - - - CLOUDSTACK-1565 - - - "Used Master Branch System VM Template: Default Route on the System VMs - (SSVM,CPVM and VR) is missing - - - - - CLOUDSTACK-1566 - - - Baremetal API addBaremetalPxePingServer fail to add PXE PING server to - deployment causing create instance with PING style image to fail - - - - - CLOUDSTACK-1569 - - - "AWS Regions - Not able to Edit domain/account/user from a region that is not - the owner region.""The content of elements must consist of well-formed character - data or markup."" - error message presented to the user. - - - - - CLOUDSTACK-1571 - - - "AWS Regions - When deleting domain/account/user from a region that is not the - owner, the request is not being forwarded to the owner region. - - - - - CLOUDSTACK-1574 - - - updateResourceCount API is failed saying to specify valida resource type even - after parsing the valid resource type - - - - - CLOUDSTACK-1583 - - - AWS Regions - RabbitMQ Server did not recieve any event notification during - account creation - - - - - CLOUDSTACK-1587 - - - Basic zone - CPVM fail to go to running state, Exception while trying to start - secondary storage vm - - - - - CLOUDSTACK-1588 - - - AWS Regions - When registerUserKeys() is called for a user from a region that - is not the owner, it is handled by this region. - - - - - CLOUDSTACK-1600 - - - Typo in dpkg-buildpackage command - - - - - CLOUDSTACK-1604 - - - deploy VM failed when global setting "vm.allocation.algorithm" is set to - "userdispersing - - - - - CLOUDSTACK-1615 - - - "VMware Cluster discovery fails with if ESXi version is 5.0 Update 1, build - 721882 - - - - - CLOUDSTACK-1620 - - - Cannot provision CentOS 6 VMs on XenServer 6.1 - - - - - CLOUDSTACK-1621 - - - listProjectInvitations fails with NPE for valid request - - - - - CLOUDSTACK-1624 - - - API is not returning response in details:UI is also not returning any - output - - - - - CLOUDSTACK-1625 - - - NPE with updateResourceCount when && is passed thru API - - - - - CLOUDSTACK-1630 - - - 4.0.x cloud-aws-api not properly obsoleted - - - - - CLOUDSTACK-1631 - - - 4.1 RPM packaging broken - - - - - CLOUDSTACK-1636 - - - AWS Regions - Remove the concept of having an owner region for - domain/account/user objects - - - - - CLOUDSTACK-1642 - - - Add support CentOS 6.4 - - - - - CLOUDSTACK-1648 - - - Unable to add KVM host. - - - - - CLOUDSTACK-1649 - - - vmware vm os type error - - - - - CLOUDSTACK-1651 - - - agent scripts still pointing to /var/log/cloud - - - - - CLOUDSTACK-1656 - - - NicResponses in a UserVmResponse are not preserving the natural order - - - - - CLOUDSTACK-1663 - - - AWS Regions - Events - There are no events being generated when a new domain - is added/edited - - - - - CLOUDSTACK-1664 - - - Action Events are not logged due to spring change - - - - - CLOUDSTACK-1665 - - - AWS Regions - Events - There are no events being generated when a new user is - added/edited/enabled/deleted/password changes/api & secret keys are - generated - - - - - CLOUDSTACK-1666 - - - KVM VPC NetworkUsage does not work - - - - - CLOUDSTACK-1668 - - - IP conflict in VPC tier - - - - - CLOUDSTACK-1671 - - - AWS Regions - Events - Domain Delete event does not include the UUID of the - domain that was deleted - - - - - CLOUDSTACK-1674 - - - AWS Regions - Events - Account Deletion event does not include the UUID of the - account deleted - - - - - CLOUDSTACK-1681 - - - Upgrade instructions mention incorrect name and description of systemvm-vmware - template in registering template section - - - - - CLOUDSTACK-1684 - - - "api.throttling.enabled configuration setting should be set to ""false"" in - Config.java - - - - - CLOUDSTACK-1688 - - - AWS Regions - Domain admin user is not able to use getUser() command to fetch - user details - - - - - CLOUDSTACK-1690 - - - NPE from API server when starting mgmt server - - - - - CLOUDSTACK-1694 - - - Issues to start/access Management Server after upgrade from 4.0 to 4.1 - - - - - CLOUDSTACK-1697 - - - Six DB tables are not available with upgraded setup(4.0 to 4.1) when compare - to 4.1 newly installation - - - - - CLOUDSTACK-1706 - - - Failed to deploy VM with error "cannot find DeployPlannerSelector" - - - - - CLOUDSTACK-1709 - - - AWS Regions - As part of adding a new region, project related entries should - not be synced from accounts table. - - - - - CLOUDSTACK-1710 - - - AWS Regions - As part of adding a new region,default_zone_id column for the - account entries should not be synced. - - - - - CLOUDSTACK-1711 - - - AWS Regions - Include all the details of the API call made in the Events - payload when changes in Admin/Account/User objects are made. - - - - - CLOUDSTACK-1713 - - - EC2 REST API: AWS API Installation Problem - - - - - CLOUDSTACK-1714 - - - Doc section has wrong title: Setting Zone VLAN and Running VM Maximum - - - - - CLOUDSTACK-1715 - - - "Missing ""host"" config setting in docs on management server load - balancing - - - - - CLOUDSTACK-1716 - - - "AWS Regions - listRegions(),removeRegions(),updateRegions() should accept - UUID value instead of id. - - - - - CLOUDSTACK-1718 - - - AWS Regions - removeRegion() response returns updateregionresponse - - - - - CLOUDSTACK-1719 - - - EC2 REST API: AWS APIs are not getting translated on the CloudStack Management - Server - - - - - CLOUDSTACK-1720 - - - Have an upgrade path from 4.0.x to 4.1 and 4.0.x to 4.2.0 - - - - - CLOUDSTACK-1729 - - - Ensure adapter execution order in runtime - - - - - CLOUDSTACK-1733 - - - [ACS41][UI] Add guest network is missing ip range fields and missing network - offering - - - - - CLOUDSTACK-1736 - - - Ubuntu 12.04 cloud-setup-management Failed to configure CloudStack Management - Server - - - - - CLOUDSTACK-1738 - - - StatsCollector is not running - - - - - CLOUDSTACK-1740 - - - Failed to view console - - - - - CLOUDSTACK-1746 - - - Cloudstack Usage Server won't start - - - - - CLOUDSTACK-1747 - - - "mvn deploydb only creates 4.0 DB, not 4.1 - - - - - CLOUDSTACK-1750 - - - injectkeys script fails on OSX because cp does not have a -b option (backup of - destination file - - - - - CLOUDSTACK-1761 - - - Available local storage disk capacity incorrectly reported in KVM to - manager - - - - - CLOUDSTACK-1764 - - - ListTemplateCommand failed with java.lang.NumberFormatException and failed to - create default template. - - - - - CLOUDSTACK-1772 - - - the change in vnc listening port will cause live migration doesn't - work. - - - - - CLOUDSTACK-1773 - - - Disable baremetal functionality - - - - - CLOUDSTACK-1776 - - - NPE on listSecondaryStorageHostsInAllZones in Upgraded setup from 4.0 to - 4.1.0 - - - - - CLOUDSTACK-1785 - - - Redundant Router test cases failing during automation run. - - - - - CLOUDSTACK-1789 - - - Unable to download templates to Primary Storage if a host is in - maintenance. - - - - - CLOUDSTACK-1791 - - - Volumes with storage tags can't be attached. - - - - - CLOUDSTACK-1792 - - - "AWS Regions - RuntimeException while executing listAccounts(), when the - encryption keys are set to different values between regions. - - - - - CLOUDSTACK-1793 - - - L10n docs don't build in chinese, portuguese and japanese - - - - - CLOUDSTACK-1795 - - - Customize AOP to fully support legacy CloudStack @DB and @ActionEvent - semantics. - - - - - CLOUDSTACK-1796 - - - Japanese docs don't build. - - - - - CLOUDSTACK-1802 - - - Upgrade 4.0 -> 4.1 - Not able to start management server becasue of missing - /etc/cloudstack/management/tomcat6.conf file - - - - - CLOUDSTACK-1804 - - - Upgrade 4.0 -> 4.1 - DB upgrade fails - - - - - CLOUDSTACK-1805 - - - com.mysql.jdbc.exceptions.jdbc4.CommunicationsException seen after long time - of inactivity resulting in not being able to log in to the management - server - - - - - CLOUDSTACK-1810 - - - listTemplate API with templatefilter=featured|community is not returning any - lists - - - - - CLOUDSTACK-1811 - - - "Upgrade 4.0->4.1 - When upgrade scripts fail, component loading continues and - management server starts. - - - - - CLOUDSTACK-1812 - - - create physical network fails while creating basic zone - - - - - CLOUDSTACK-1825 - - - EC2 REST API: AWS APIs fail to execute due to BeanCreationException: Error - creating bean with name 'SAclDaoImpl' - - - - - CLOUDSTACK-1826 - - - "Storage migration not working, seemingly due to uuid vs id - - - - - CLOUDSTACK-1827 - - - Redundant router - When VR Master was stopped failover to VR Backup did not - occur. - - - - - CLOUDSTACK-1834 - - - "Events are not generated for registerUserKeys(), Enabling account and Editing - account. - - - - - CLOUDSTACK-1836 - - - License header failures for ja-JP .po translation file - - - - - CLOUDSTACK-1839 - - - Upgrade 4.0 -> 4.1 - Upgraded DB has lot more keys and indexes for many tables - compare to the fresh installed 4.1 DB - - - - - CLOUDSTACK-1841 - - - ASF 4.0 to 4.1 Upgrade: Missing Few Global Configuration parameters on the - Upgraded Setup. - - - - - CLOUDSTACK-1842 - - - ASF 4.0 to 4.1 Upgrade: Missing Ubuntu 12.04 Guest OS Types on the Upgraded - Setup. - - - - - CLOUDSTACK-1844 - - - Upgrade 4.0 -> 4.1 - KVM host agent.properties is not restored as part of - upgrading the binaries from 4.0 to 4.1. - - - - - CLOUDSTACK-1845 - - - KVM - storage migration often fails - - - - - CLOUDSTACK-1846 - - - "KVM - storage pools can silently fail to be unregistered, leading to failure - to register later. - - - - - CLOUDSTACK-1848 - - - Cloudstack Packages are not got updated with scenario 4.0 to 4.1 upgrade where - MS is on Ubuntu 12.04. - - - - - CLOUDSTACK-1856 - - - Upgrade 4.0 -> 4.1 - Fresh install of 4.1 has 3 parameters missing in - db.properties compared to an upgraded 4.0 setup - - - - - CLOUDSTACK-1873 - - - "Installation : JasyptPBEStringDecryptionCLI missing, failed to decrypt db - password - - - - - CLOUDSTACK-1874 - - - AWS Regions - Account table in cloud_usage DB has region_id - - - - - CLOUDSTACK-1876 - - - External Devices - network offering for external devices is not returned in - API listNetworkOfferings when creating instances. - - - - - CLOUDSTACK-1877 - - - Failed to connect to DB while starting Ubuntu management server after - upgrading the packages from 4.0 to 4.1.0 - - - - - CLOUDSTACK-1882 - - - “HTTP Status 404 。 The requested resource () is not available. - - - - - CLOUDSTACK-1890 - - - listProjects is not listing state in the response - - - - - CLOUDSTACK-1900 - - - "Upgrade 4.0 -> 4.1, We do not have a copy of db.properties that comes from a - 4.1 installation saved anywhere. - - - - - CLOUDSTACK-1929 - - - ASF 4.1 cloudstack agent fail to install in KVM host CENTOS 6.3 OS: - qemu-kvm-0.12.1.2-3.295.el6.10.x86_64 requires libusbredirparser.so.0 - - - - - CLOUDSTACK-1934 - - - NPE with listSupportedNetworkServices after upgrade from 4.0 to 4.1 (Ubuntu - MS) - - - - - CLOUDSTACK-1935 - - - Cloud utilities are not renamed to Cloudstack after upgrade from 4.0 to 4.1 - [Ubutnu MS] - - - - - CLOUDSTACK-1936 - - - On CentOS, after a upgrade from 4.0.1 to 4.1 on a cloud node (cloud-agent), - the new cloustack-agent isn't add as a service (chkconfig) - - - - - CLOUDSTACK-1951 - - - centos packaging: cloud-install-sys-tmplt can't find jasypt jar. - - - - - CLOUDSTACK-1971 - - - VM deployed to incorrect primary storage. - - - - - CLOUDSTACK-1972 - - - VM deployed to incorrect primary storage. - - - - - CLOUDSTACK-1978 - - - openvswitch - unable to start console session for SSVM CPVM user VM - - - - - CLOUDSTACK-1980 - - - "[4.1]cloudstack-setup-bridge, cloudstack-setup-encryption & - cloudstack-sysvmadm utilities are not available in Ubuntu 12.04 Management - Server. - - - - - CLOUDSTACK-1987 - - - Deleted service offerings owned by a domain show up to domain user. - - - - - CLOUDSTACK-1988 - - - AWS API using SOAP client - User Registration fails - - - - - CLOUDSTACK-1989 - - - "Query service offering by ID returns no result, but querying all returns - service offering - - - - - CLOUDSTACK-2003 - - - Deleting domain while deleted account is cleaning up leaves VMs expunging - forever due to 'Failed to update resource count - - - - - CLOUDSTACK-2007 - - - Release Notes failing to build on jenkins.cs. - - - - - -
    -
    - Known Issues in 4.1.0 - - - - - - - - Issue ID - - - Description - - - - - - CLOUDSTACK-2709 - - Egress rules are are not supported on shared networks. - - - - CLOUDSTACK-1747 - mvn deploydb only creates 4.0 DB, not 4.1 - Due to tooling changes between 4.1 and 4.2, CloudStack's database is created - using the 4.0 schema and updated to the 4.1 schema when the management server - starts for the first time. It's OK to see the same schema if the management server - has not started yet. - - - - CLOUDSTACK-1824 - Service CloudStack-Management is being displayed as cloud-management - service - Many scripts and text entries have references to cloud-management rather than - cloudstack-management due to the changeover between 4.0 and 4.1 to rename - services. This is a minor issue and should be corrected by 4.2. - - - - - CLOUDSTACK-1824 - Service CloudStack-Management is being displayed as cloud-management - service - - - - - CLOUDSTACK-1510 - - - NPE when primary storage is added with wrong path - - - - - CLOUDSTACK-1428 - - - [UI] Instance which are created without display name are not visible when - added to LB - - - - - CLOUDSTACK-1306 - - - Better Error message when trying to deploy Vm by passing static Ipv4 addresses - that are assigned to another VM/IP4 address is outside the iprange. - - - - - CLOUDSTACK-1236 - - - Warning while adding Xen 6.1 host [Unable to create local link network] - - - - - CLOUDSTACK-969 - - - api: zone response lists vlan in it as "vlan range of zone" but the - vlan belongs to physical network - - - - - CLOUDSTACK-963 - - - [cloud.utils.AnnotationHelper] class java.lang.Stringdoes not have a Table - annotation - - - - - CLOUDSTACK-458 - - - xen:snapshots:Storage gc fail to clean the failed snapshot images from - secondarystorage - - - - - CLOUDSTACK-315 - - - Infrastructure view does not show capacity values - - - - - CLOUDSTACK-300 - - - Creation of compute offering allow combination of local storage + HA - - - - - CLOUDSTACK-282 - - - Virtual Routers do not properly resolve DNS SRV Records - - - - - CLOUDSTACK-276 - - - SSVM ID is exposed in the Error Message thrown by AddTrafficType API - - - - - CLOUDSTACK-270 - - - Ui should not ask for a vlan range if the physical network isolation type is - not VLAN - - - - - CLOUDSTACK-245 - - - VPC ACLs are not stored and programmed consistently - - - - - CLOUDSTACK-231 - - - Tag creation using special charecters - - - - - CLOUDSTACK-124 - - - NetworkGarbageCollector not cleaning up networks - - - - - CLOUDSTACK-62 - - - console proxy does not support any keymaps besides us, jp - - - - - -
    -     - - Upgrade Instructions for 4.1 - This section contains upgrade instructions from prior versions of CloudStack to Apache - CloudStack 4.1.0. We include instructions on upgrading to Apache CloudStack from pre-Apache - versions of Citrix CloudStack (last version prior to Apache is 3.0.2) and from the releases - made while CloudStack was in the Apache Incubator. - If you run into any issues during upgrades, please feel free to ask questions on - users@cloudstack.apache.org or dev@cloudstack.apache.org. -
    - Upgrade from 4.0.x to 4.1.0 - This section will guide you from &PRODUCT; 4.0.x versions to &PRODUCT; 4.1.0. - Any steps that are hypervisor-specific will be called out with a note. - - Package Structure Changes - The package structure for &PRODUCT; has changed significantly since the 4.0.x - releases. If you've compiled your own packages, you'll notice that the package names and - the number of packages has changed. This is not a bug. - However, this does mean that the procedure is not as simple as an - apt-get upgrade or yum update, so please follow - this section carefully. - - We recommend reading through this section once or twice before beginning your upgrade - procedure, and working through it on a test system before working on a production - system. - - - Most users of &PRODUCT; manage the installation and upgrades of &PRODUCT; with one - of Linux's predominant package systems, RPM or APT. This guide assumes you'll be using - RPM and Yum (for Red Hat Enterprise Linux or CentOS), or APT and Debian packages (for - Ubuntu). - Create RPM or Debian packages (as appropriate) and a repository from the 4.1.0 - source, or check the Apache CloudStack downloads page at http://cloudstack.apache.org/downloads.html for package repositories supplied - by community members. You will need them for step - or step . - Instructions for creating packages from the &PRODUCT; source are in the Installation - Guide. - - - Stop your management server or servers. Run this on all management server - hosts: - # service cloud-management stop - - - If you are running a usage server or usage servers, stop those as well: - # service cloud-usage stop - - - Make a backup of your MySQL database. If you run into any issues or need to roll - back the upgrade, this will assist in debugging or restoring your existing environment. - You'll be prompted for your password. - # mysqldump -u root -p cloud > cloudstack-backup.sql - - - If you have made changes to - /etc/cloud/management/components.xml, you'll need to carry these - over manually to the new file, - /etc/cloudstack/management/componentContext.xml. This is not done - automatically. (If you're unsure, we recommend making a backup of the original - components.xml to be on the safe side. - - - After upgrading to 4.1, API clients are expected to send plain text passwords for - login and user creation, instead of MD5 hash. Incase, api client changes are not - acceptable, following changes are to be made for backward compatibility: - Modify componentsContext.xml, and make PlainTextUserAuthenticator as the default - authenticator (1st entry in the userAuthenticators adapter list is default) - -<!-- Security adapters --> -<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList"> - <property name="Adapters"> - <list> - <ref bean="PlainTextUserAuthenticator"/> - <ref bean="MD5UserAuthenticator"/> - <ref bean="LDAPUserAuthenticator"/> - </list> - </property> -</bean> - - PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior to - 4.1. - - - If you are using Ubuntu, follow this procedure to upgrade your packages. If not, - skip to step . - - Community Packages - This section assumes you're using the community supplied packages for &PRODUCT;. - If you've created your own packages and APT repository, substitute your own URL for - the ones used in these examples. - - - - The first order of business will be to change the sources list for each system - with &PRODUCT; packages. This means all management servers, and any hosts that have - the KVM agent. (No changes should be necessary for hosts that are running VMware or - Xen.) - Start by opening /etc/apt/sources.list.d/cloudstack.list on - any systems that have &PRODUCT; packages installed. - This file should have one line, which contains: - deb http://cloudstack.apt-get.eu/ubuntu precise 4.0 - We'll change it to point to the new package repository: - deb http://cloudstack.apt-get.eu/ubuntu precise 4.1 - If you're using your own package repository, change this line to read as - appropriate for your 4.1.0 repository. - - - Now update your apt package list: - $ sudo apt-get update - - - Now that you have the repository configured, it's time to install the - cloudstack-management package. This will pull in any other - dependencies you need. - $ sudo apt-get install cloudstack-management - - - You will need to manually install the cloudstack-agent - package: - $ sudo apt-get install cloudstack-agent - During the installation of cloudstack-agent, APT will copy - your agent.properties, log4j-cloud.xml, - and environment.properties from - /etc/cloud/agent to - /etc/cloudstack/agent. - When prompted whether you wish to keep your configuration, say Yes. - - - Verify that the file - /etc/cloudstack/agent/environment.properties has a line that - reads: - paths.script=/usr/share/cloudstack-common - If not, add the line. - - - Restart the agent: - -service cloud-agent stop -killall jsvc -service cloudstack-agent start - - - - During the upgrade, log4j-cloud.xml was simply copied over, - so the logs will continue to be added to - /var/log/cloud/agent/agent.log. There's nothing - wrong with this, but if you prefer to be consistent, you can - change this by copying over the sample configuration file: - -cd /etc/cloudstack/agent -mv log4j-cloud.xml.dpkg-dist log4j-cloud.xml -service cloudstack-agent restart - - - - Once the agent is running, you can uninstall the old cloud-* packages from your - system: - sudo dpkg --purge cloud-agent - - - - - If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If - not, skip to step . - - Community Packages - This section assumes you're using the community supplied packages for &PRODUCT;. - If you've created your own packages and yum repository, substitute your own URL for - the ones used in these examples. - - - - The first order of business will be to change the yum repository for each system - with &PRODUCT; packages. This means all management servers, and any hosts that have - the KVM agent. (No changes should be necessary for hosts that are running VMware or - Xen.) - Start by opening /etc/yum.repos.d/cloudstack.repo on any - systems that have &PRODUCT; packages installed. - This file should have content similar to the following: - -[apache-cloudstack] -name=Apache CloudStack -baseurl=http://cloudstack.apt-get.eu/rhel/4.0/ -enabled=1 -gpgcheck=0 - - If you are using the community provided package repository, change the baseurl - to http://cloudstack.apt-get.eu/rhel/4.1/ - If you're using your own package repository, change this line to read as - appropriate for your 4.1.0 repository. - - - Now that you have the repository configured, it's time to install the - cloudstack-management package by upgrading the older - cloud-client package. - $ sudo yum upgrade cloud-client - - - For KVM hosts, you will need to upgrade the cloud-agent - package, similarly installing the new version as - cloudstack-agent. - $ sudo yum upgrade cloud-agent - During the installation of cloudstack-agent, the RPM will - copy your agent.properties, - log4j-cloud.xml, and - environment.properties from - /etc/cloud/agent to - /etc/cloudstack/agent. - - - Verify that the file - /etc/cloudstack/agent/environment.properties has a line that - reads: - paths.script=/usr/share/cloudstack-common - If not, add the line. - - - Restart the agent: - -service cloud-agent stop -killall jsvc -service cloudstack-agent start - - - - - - Once you've upgraded the packages on your management servers, you'll need to restart - the system VMs. Make sure port 8096 is open in your local host firewall to do - this. - There is a script that will do this for you, all you need to do is run the script - and supply the IP address for your MySQL instance and your MySQL credentials: - # nohup cloudstack-sysvmadm -d IP address -u cloud -p -a > sysvm.log 2>&1 & - You can monitor the log for progress. The process of restarting the system VMs can - take an hour or more. - # tail -f sysvm.log - The output to sysvm.log will look something like this: - -Stopping and starting 1 secondary storage vm(s)... -Done stopping and starting secondary storage vm(s) -Stopping and starting 1 console proxy vm(s)... -Done stopping and starting console proxy vm(s). -Stopping and starting 4 running routing vm(s)... -Done restarting router(s). - - - - - For Xen Hosts: Copy vhd-utils - This step is only for CloudStack installs that are using Xen hosts. - - Copy the file vhd-utils to - /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver. - - -
    -
    - Upgrade from 3.0.2 to 4.1.0 - This section will guide you from Citrix CloudStack 3.0.2 to Apache CloudStack 4.1.0. - Sections that are hypervisor-specific will be called out with a note. - - - - The following upgrade instructions apply only if you're using VMware hosts. If - you're not using VMware hosts, skip this step and move on to . - - In each zone that includes VMware hosts, you need to add a new system VM template. - - - While running the existing 3.0.2 system, log in to the UI as root - administrator. - - - In the left navigation bar, click Templates. - - - In Select view, click Templates. - - - Click Register template. - The Register template dialog box is displayed. - - - In the Register template dialog box, specify the following values (do not change - these): - - - - - - - Field - Value - - - - - Name - systemvm-vmware-4.1 - - - Description - systemvm-vmware-4.1 - - - URL - http://download.cloud.com/templates/burbank/burbank-systemvm-08012012.ova - - - Zone - Choose the zone where this hypervisor is used - - - Hypervisor - VMware - - - Format - OVA - - - OS Type - Debian GNU/Linux 5.0 (32-bit) - - - Extractable - no - - - Password Enabled - no - - - Public - no - - - Featured - no - - - - - - - Watch the screen to be sure that the template downloads successfully and enters - the READY state. Do not proceed until this is successful. - - - - - Stop all Usage Servers if running. Run this on all Usage Server hosts. - # service cloud-usage stop - - - Stop the Management Servers. Run this on all Management Server hosts. - # service cloud-management stop - - - On the MySQL master, take a backup of the MySQL databases. We recommend performing - this step even in test upgrades. If there is an issue, this will assist with - debugging. - In the following commands, it is assumed that you have set the root password on the - database, which is a CloudStack recommended best practice. Substitute your own MySQL - root password. - # mysqldump -u root -pmysql_password cloud > cloud-backup.dmp - # mysqldump -u root -pmysql_password cloud_usage > cloud-usage-backup.dmp - - - Either build RPM/DEB packages as detailed in the Installation Guide, or use one of - the community provided yum/apt repositories to gain access to the &PRODUCT; - binaries. - - - If you are using Ubuntu, follow this procedure to upgrade your packages. If not, - skip to step . - - Community Packages - This section assumes you're using the community supplied packages for &PRODUCT;. - If you've created your own packages and APT repository, substitute your own URL for - the ones used in these examples. - - - - The first order of business will be to change the sources list for each system - with &PRODUCT; packages. This means all management servers, and any hosts that have - the KVM agent. (No changes should be necessary for hosts that are running VMware or - Xen.) - Start by opening /etc/apt/sources.list.d/cloudstack.list on - any systems that have &PRODUCT; packages installed. - This file should have one line, which contains: - deb http://cloudstack.apt-get.eu/ubuntu precise 4.0 - We'll change it to point to the new package repository: - deb http://cloudstack.apt-get.eu/ubuntu precise 4.1 - If you're using your own package repository, change this line to read as - appropriate for your 4.1.0 repository. - - - Now update your apt package list: - $ sudo apt-get update - - - Now that you have the repository configured, it's time to install the - cloudstack-management package. This will pull in any other - dependencies you need. - $ sudo apt-get install cloudstack-management - - - You will need to manually install the cloudstack-agent - package: - $ sudo apt-get install cloudstack-agent - During the installation of cloudstack-agent, APT will copy - your agent.properties, log4j-cloud.xml, - and environment.properties from - /etc/cloud/agent to - /etc/cloudstack/agent. - When prompted whether you wish to keep your configuration, say Yes. - - - Verify that the file - /etc/cloudstack/agent/environment.properties has a line that - reads: - paths.script=/usr/share/cloudstack-common - If not, add the line. - - - Restart the agent: - -service cloud-agent stop -killall jsvc -service cloudstack-agent start - - - - During the upgrade, log4j-cloud.xml was simply copied over, - so the logs will continue to be added to - /var/log/cloud/agent/agent.log. There's nothing - wrong with this, but if you prefer to be consistent, you can - change this by copying over the sample configuration file: - -cd /etc/cloudstack/agent -mv log4j-cloud.xml.dpkg-dist log4j-cloud.xml -service cloudstack-agent restart - - - - Once the agent is running, you can uninstall the old cloud-* packages from your - system: - sudo dpkg --purge cloud-agent - - - - - If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If - not, skip to step . - - Community Packages - This section assumes you're using the community supplied packages for &PRODUCT;. - If you've created your own packages and yum repository, substitute your own URL for - the ones used in these examples. - - - - The first order of business will be to change the yum repository for each system - with &PRODUCT; packages. This means all management servers, and any hosts that have - the KVM agent. (No changes should be necessary for hosts that are running VMware or - Xen.) - Start by opening /etc/yum.repos.d/cloudstack.repo on any - systems that have &PRODUCT; packages installed. - This file should have content similar to the following: - -[apache-cloudstack] -name=Apache CloudStack -baseurl=http://cloudstack.apt-get.eu/rhel/4.0/ -enabled=1 -gpgcheck=0 - - If you are using the community provided package repository, change the baseurl - to http://cloudstack.apt-get.eu/rhel/4.1/ - If you're using your own package repository, change this line to read as - appropriate for your 4.1.0 repository. - - - Now that you have the repository configured, it's time to install the - cloudstack-management package by upgrading the older - cloud-client package. - $ sudo yum upgrade cloud-client - - - For KVM hosts, you will need to upgrade the cloud-agent - package, similarly installing the new version as - cloudstack-agent. - $ sudo yum upgrade cloud-agent - During the installation of cloudstack-agent, the RPM will - copy your agent.properties, - log4j-cloud.xml, and - environment.properties from - /etc/cloud/agent to - /etc/cloudstack/agent. - - - Verify that the file - /etc/cloudstack/agent/environment.properties has a line that - reads: - paths.script=/usr/share/cloudstack-common - If not, add the line. - - - Restart the agent: - -service cloud-agent stop -killall jsvc -service cloudstack-agent start - - - - - - If you have made changes to your copy of - /etc/cloud/management/components.xml the changes will be - preserved in the upgrade. However, you need to do the following steps to place these - changes in a new version of the file which is compatible with version 4.1.0. - - - Make a backup copy of /etc/cloud/management/components.xml. - For example: - # mv /etc/cloud/management/components.xml /etc/cloud/management/components.xml-backup - - - Copy /etc/cloud/management/components.xml.rpmnew to create - a new /etc/cloud/management/components.xml: - # cp -ap /etc/cloud/management/components.xml.rpmnew /etc/cloud/management/components.xml - - - Merge your changes from the backup file into the new - components.xml. - # vi /etc/cloud/management/components.xml - - - - If you have more than one management server node, repeat the upgrade steps on each - node. - - - - After upgrading to 4.1, API clients are expected to send plain text passwords for - login and user creation, instead of MD5 hash. Incase, api client changes are not - acceptable, following changes are to be made for backward compatibility: - Modify componentsContext.xml, and make PlainTextUserAuthenticator as the default - authenticator (1st entry in the userAuthenticators adapter list is default) - -<!-- Security adapters --> -<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList"> - <property name="Adapters"> - <list> - <ref bean="PlainTextUserAuthenticator"/> - <ref bean="MD5UserAuthenticator"/> - <ref bean="LDAPUserAuthenticator"/> - </list> - </property> -</bean> - - PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior to - 4.1. - - - Start the first Management Server. Do not start any other Management Server nodes - yet. - # service cloudstack-management start - Wait until the databases are upgraded. Ensure that the database upgrade is complete. - After confirmation, start the other Management Servers one at a time by running the same - command on each node. - - Failing to restart the Management Server indicates a problem in the upgrade. - Having the Management Server restarted without any issues indicates that the upgrade - is successfully completed. - - - - Start all Usage Servers (if they were running on your previous version). Perform - this on each Usage Server host. - # service cloudstack-usage start - - - - Additional steps are required for each KVM host. These steps will not affect - running guests in the cloud. These steps are required only for clouds using KVM as - hosts and only on the KVM hosts. - - - - Configure a yum or apt respository containing the &PRODUCT; packages as outlined - in the Installation Guide. - - - Stop the running agent. - # service cloud-agent stop - - - Update the agent software with one of the following command sets as appropriate - for your environment. - # yum update cloud-* - # apt-get update - # apt-get upgrade cloud-* - - - Start the agent. - # service cloudstack-agent start - - - Edit /etc/cloud/agent/agent.properties to change the - resource parameter from - "com.cloud.agent.resource.computing.LibvirtComputingResource" to - "com.cloud.hypervisor.kvm.resource.LibvirtComputingResource". - - - Start the cloud agent and cloud management services. - - - When the Management Server is up and running, log in to the CloudStack UI and - restart the virtual router for proper functioning of all the features. - - - - - Log in to the CloudStack UI as administrator, and check the status of the hosts. All - hosts should come to Up state (except those that you know to be offline). You may need - to wait 20 or 30 minutes, depending on the number of hosts. - - Troubleshooting: If login fails, clear your browser cache and reload the - page. - - - Do not proceed to the next step until the hosts show in Up state. - - - If you are upgrading from 3.0.2, perform the following: - - - Ensure that the admin port is set to 8096 by using the "integration.api.port" - global parameter. - This port is used by the cloud-sysvmadm script at the end of the upgrade - procedure. For information about how to set this parameter, see "Setting Global - Configuration Parameters" in the Installation Guide. - - - Restart the Management Server. - - If you don't want the admin port to remain open, you can set it to null after - the upgrade is done and restart the management server. - - - - - - Run the cloud-sysvmadm script to stop, then start, all Secondary - Storage VMs, Console Proxy VMs, and virtual routers. Run the script once on each - management server. Substitute your own IP address of the MySQL instance, the MySQL user - to connect as, and the password to use for that user. In addition to those parameters, - provide the -c and -r arguments. For - example: - # nohup cloud-sysvmadm -d 192.168.1.5 -u cloud -p password -c -r > - sysvm.log 2>&1 & - # tail -f sysvm.log - This might take up to an hour or more to run, depending on the number of accounts in - the system. - - - If needed, upgrade all Citrix XenServer hypervisor hosts in your cloud to a version - supported by CloudStack 4.1.0. The supported versions are XenServer 5.6 SP2 and 6.0.2. - Instructions for upgrade can be found in the CloudStack 4.1.0 Installation Guide under - "Upgrading XenServer Versions." - - - Now apply the XenServer hotfix XS602E003 (and any other needed hotfixes) to - XenServer v6.0.2 hypervisor hosts. - - - Disconnect the XenServer cluster from CloudStack. - In the left navigation bar of the CloudStack UI, select Infrastructure. Under - Clusters, click View All. Select the XenServer cluster and click Actions - - Unmanage. - This may fail if there are hosts not in one of the states Up, Down, - Disconnected, or Alert. You may need to fix that before unmanaging this - cluster. - Wait until the status of the cluster has reached Unmanaged. Use the CloudStack - UI to check on the status. When the cluster is in the unmanaged state, there is no - connection to the hosts in the cluster. - - - To clean up the VLAN, log in to one XenServer host and run: - /opt/xensource/bin/cloud-clean-vlan.sh - - - Now prepare the upgrade by running the following on one XenServer host: - /opt/xensource/bin/cloud-prepare-upgrade.sh - If you see a message like "can't eject CD", log in to the VM and unmount the CD, - then run this script again. - - - Upload the hotfix to the XenServer hosts. Always start with the Xen pool master, - then the slaves. Using your favorite file copy utility (e.g. WinSCP), copy the - hotfixes to the host. Place them in a temporary folder such as /tmp. - On the Xen pool master, upload the hotfix with this command: - xe patch-upload file-name=XS602E003.xsupdate - Make a note of the output from this command, which is a UUID for the hotfix - file. You'll need it in another step later. - - (Optional) If you are applying other hotfixes as well, you can repeat the - commands in this section with the appropriate hotfix number. For example, - XS602E004.xsupdate. - - - - Manually live migrate all VMs on this host to another host. First, get a list of - the VMs on this host: - # xe vm-list - Then use this command to migrate each VM. Replace the example host name and VM - name with your own: - # xe vm-migrate live=true host=host-name - vm=VM-name - - Troubleshooting - If you see a message like "You attempted an operation on a VM which requires - PV drivers to be installed but the drivers were not detected," run: - /opt/xensource/bin/make_migratable.sh - b6cf79c8-02ee-050b-922f-49583d9f1a14. - - - - Apply the hotfix. First, get the UUID of this host: - # xe host-list - Then use the following command to apply the hotfix. Replace the example host - UUID with the current host ID, and replace the hotfix UUID with the output from the - patch-upload command you ran on this machine earlier. You can also get the hotfix - UUID by running xe patch-list. - xe patch-apply host-uuid=host-uuid uuid=hotfix-uuid - - - Copy the following files from the CloudStack Management Server to the - host. - - - - - - - Copy from here... - ...to here - - - - - /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver/xenserver60/NFSSR.py - /opt/xensource/sm/NFSSR.py - - - /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver/setupxenserver.sh - /opt/xensource/bin/setupxenserver.sh - - - /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver/make_migratable.sh - /opt/xensource/bin/make_migratable.sh - - - - - - - (Only for hotfixes XS602E005 and XS602E007) You need to apply a new Cloud - Support Pack. - - - Download the CSP software onto the XenServer host from one of the following - links: - For hotfix XS602E005: http://coltrane.eng.hq.xensource.com/release/XenServer-6.x/XS-6.0.2/hotfixes/XS602E005/56710/xe-phase-2/xenserver-cloud-supp.tgz - For hotfix XS602E007: http://coltrane.eng.hq.xensource.com/release/XenServer-6.x/XS-6.0.2/hotfixes/XS602E007/57824/xe-phase-2/xenserver-cloud-supp.tgz - - - Extract the file: - # tar xf xenserver-cloud-supp.tgz - - - Run the following script: - # xe-install-supplemental-pack xenserver-cloud-supp.iso - - - If the XenServer host is part of a zone that uses basic networking, disable - Open vSwitch (OVS): - # xe-switch-network-backend bridge - - - - - Reboot this XenServer host. - - - Run the following: - /opt/xensource/bin/setupxenserver.sh - - If the message "mv: cannot stat `/etc/cron.daily/logrotate': No such file or - directory" appears, you can safely ignore it. - - - - Run the following: - for pbd in `xe pbd-list currently-attached=false| grep ^uuid | awk '{print $NF}'`; do xe pbd-plug uuid=$pbd ; - - - On each slave host in the Xen pool, repeat these steps, starting from "manually - live migrate VMs." - - - - - - Troubleshooting Tip - If passwords which you know to be valid appear not to work after upgrade, or other UI - issues are seen, try clearing your browser cache and reloading the UI page. - -
    -
    - Upgrade from 2.2.14 to 4.1.0 - - - Ensure that you query your IPaddress usage records and process them; for example, - issue invoices for any usage that you have not yet billed users for. - Starting in 3.0.2, the usage record format for IP addresses is the same as the rest - of the usage types. Instead of a single record with the assignment and release dates, - separate records are generated per aggregation period with start and end dates. After - upgrading to 4.1.0, any existing IP address usage records in the old format will no - longer be available. - - - If you are using version 2.2.0 - 2.2.13, first upgrade to 2.2.14 by using the - instructions in the 2.2.14 - Release Notes. - - KVM Hosts - If KVM hypervisor is used in your cloud, be sure you completed the step to insert - a valid username and password into the host_details table on each KVM node as - described in the 2.2.14 Release Notes. This step is critical, as the database will be - encrypted after the upgrade to 4.1.0. - - - - While running the 2.2.14 system, log in to the UI as root administrator. - - - Using the UI, add a new System VM template for each hypervisor type that is used in - your cloud. In each zone, add a system VM template for each hypervisor used in that - zone - - - In the left navigation bar, click Templates. - - - In Select view, click Templates. - - - Click Register template. - The Register template dialog box is displayed. - - - In the Register template dialog box, specify the following values depending on - the hypervisor type (do not change these): - - - - - - - Hypervisor - Description - - - - - XenServer - Name: systemvm-xenserver-4.1.0 - Description: systemvm-xenserver-4.1.0 - URL: - http://download.cloud.com/templates/acton/acton-systemvm-02062012.vhd.bz2 - Zone: Choose the zone where this hypervisor is used - Hypervisor: XenServer - Format: VHD - OS Type: Debian GNU/Linux 5.0 (32-bit) - Extractable: no - Password Enabled: no - Public: no - Featured: no - - - - KVM - Name: systemvm-kvm-4.1.0 - Description: systemvm-kvm-4.1.0 - URL: - http://download.cloud.com/templates/acton/acton-systemvm-02062012.qcow2.bz2 - Zone: Choose the zone where this hypervisor is used - Hypervisor: KVM - Format: QCOW2 - OS Type: Debian GNU/Linux 5.0 (32-bit) - Extractable: no - Password Enabled: no - Public: no - Featured: no - - - - VMware - Name: systemvm-vmware-4.1.0 - Description: systemvm-vmware-4.1.0 - URL: - http://download.cloud.com/templates/burbank/burbank-systemvm-08012012.ova - Zone: Choose the zone where this hypervisor is used - Hypervisor: VMware - Format: OVA - OS Type: Debian GNU/Linux 5.0 (32-bit) - Extractable: no - Password Enabled: no - Public: no - Featured: no - - - - - - - - - - Watch the screen to be sure that the template downloads successfully and enters the - READY state. Do not proceed until this is successful - - - WARNING: If you use more than one type of - hypervisor in your cloud, be sure you have repeated these steps to download the system - VM template for each hypervisor type. Otherwise, the upgrade will fail. - - - Stop all Usage Servers if running. Run this on all Usage Server hosts. - # service cloud-usage stop - - - Stop the Management Servers. Run this on all Management Server hosts. - # service cloud-management stop - - - On the MySQL master, take a backup of the MySQL databases. We recommend performing - this step even in test upgrades. If there is an issue, this will assist with - debugging. - In the following commands, it is assumed that you have set the root password on the - database, which is a CloudStack recommended best practice. Substitute your own MySQL - root password. - # mysqldump -u root -pmysql_password cloud > cloud-backup.dmp - # mysqldump -u root -pmysql_password cloud_usage > cloud-usage-backup.dmp - - - - Either build RPM/DEB packages as detailed in the Installation Guide, or use one of - the community provided yum/apt repositories to gain access to the &PRODUCT; binaries. - - - - If you are using Ubuntu, follow this procedure to upgrade your packages. If not, - skip to step . - - Community Packages - This section assumes you're using the community supplied packages for &PRODUCT;. - If you've created your own packages and APT repository, substitute your own URL for - the ones used in these examples. - - - - The first order of business will be to change the sources list for each system - with &PRODUCT; packages. This means all management servers, and any hosts that have - the KVM agent. (No changes should be necessary for hosts that are running VMware or - Xen.) - Start by opening /etc/apt/sources.list.d/cloudstack.list on - any systems that have &PRODUCT; packages installed. - This file should have one line, which contains: - deb http://cloudstack.apt-get.eu/ubuntu precise 4.0 - We'll change it to point to the new package repository: - deb http://cloudstack.apt-get.eu/ubuntu precise 4.1 - If you're using your own package repository, change this line to read as - appropriate for your 4.1.0 repository. - - - Now update your apt package list: - $ sudo apt-get update - - - Now that you have the repository configured, it's time to install the - cloudstack-management package. This will pull in any other - dependencies you need. - $ sudo apt-get install cloudstack-management - - - On KVM hosts, you will need to manually install the - cloudstack-agent package: - $ sudo apt-get install cloudstack-agent - During the installation of cloudstack-agent, APT will copy - your agent.properties, log4j-cloud.xml, - and environment.properties from - /etc/cloud/agent to - /etc/cloudstack/agent. - When prompted whether you wish to keep your configuration, say Yes. - - - Verify that the file - /etc/cloudstack/agent/environment.properties has a line that - reads: - paths.script=/usr/share/cloudstack-common - If not, add the line. - - - Restart the agent: - -service cloud-agent stop -killall jsvc -service cloudstack-agent start - - - - During the upgrade, log4j-cloud.xml was simply copied over, - so the logs will continue to be added to - /var/log/cloud/agent/agent.log. There's nothing - wrong with this, but if you prefer to be consistent, you can - change this by copying over the sample configuration file: - -cd /etc/cloudstack/agent -mv log4j-cloud.xml.dpkg-dist log4j-cloud.xml -service cloudstack-agent restart - - - - Once the agent is running, you can uninstall the old cloud-* packages from your - system: - sudo dpkg --purge cloud-agent - - - - - If you are using CentOS or RHEL, follow this procedure to upgrade your packages. If - not, skip to step . - - Community Packages - This section assumes you're using the community supplied packages for &PRODUCT;. - If you've created your own packages and yum repository, substitute your own URL for - the ones used in these examples. - - - - The first order of business will be to change the yum repository for each system - with &PRODUCT; packages. This means all management servers, and any hosts that have - the KVM agent. (No changes should be necessary for hosts that are running VMware or - Xen.) - Start by opening /etc/yum.repos.d/cloudstack.repo on any - systems that have &PRODUCT; packages installed. - This file should have content similar to the following: - -[apache-cloudstack] -name=Apache CloudStack -baseurl=http://cloudstack.apt-get.eu/rhel/4.0/ -enabled=1 -gpgcheck=0 - - If you are using the community provided package repository, change the baseurl - to http://cloudstack.apt-get.eu/rhel/4.1/ - If you're using your own package repository, change this line to read as - appropriate for your 4.1.0 repository. - - - Now that you have the repository configured, it's time to install the - cloudstack-management package by upgrading the older - cloud-client package. - $ sudo yum upgrade cloud-client - - - For KVM hosts, you will need to upgrade the cloud-agent - package, similarly installing the new version as - cloudstack-agent. - $ sudo yum upgrade cloud-agent - During the installation of cloudstack-agent, the RPM will - copy your agent.properties, - log4j-cloud.xml, and - environment.properties from - /etc/cloud/agent to - /etc/cloudstack/agent. - - - Verify that the file - /etc/cloudstack/agent/environment.properties has a line that - reads: - paths.script=/usr/share/cloudstack-common - If not, add the line. - - - Restart the agent: - -service cloud-agent stop -killall jsvc -service cloudstack-agent start - - - - - - If you have made changes to your existing copy of the file components.xml in your - previous-version CloudStack installation, the changes will be preserved in the upgrade. - However, you need to do the following steps to place these changes in a new version of - the file which is compatible with version 4.0.0-incubating. - - How will you know whether you need to do this? If the upgrade output in the - previous step included a message like the following, then some custom content was - found in your old components.xml, and you need to merge the two files: - - warning: /etc/cloud/management/components.xml created as /etc/cloud/management/components.xml.rpmnew - - - Make a backup copy of your - /etc/cloud/management/components.xml file. For - example: - # mv /etc/cloud/management/components.xml /etc/cloud/management/components.xml-backup - - - Copy /etc/cloud/management/components.xml.rpmnew to create - a new /etc/cloud/management/components.xml: - # cp -ap /etc/cloud/management/components.xml.rpmnew /etc/cloud/management/components.xml - - - Merge your changes from the backup file into the new components.xml file. - # vi /etc/cloud/management/components.xml - - - - - - After upgrading to 4.1, API clients are expected to send plain text passwords for - login and user creation, instead of MD5 hash. Incase, api client changes are not - acceptable, following changes are to be made for backward compatibility: - Modify componentsContext.xml, and make PlainTextUserAuthenticator as the default - authenticator (1st entry in the userAuthenticators adapter list is default) - -<!-- Security adapters --> -<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList"> - <property name="Adapters"> - <list> - <ref bean="PlainTextUserAuthenticator"/> - <ref bean="MD5UserAuthenticator"/> - <ref bean="LDAPUserAuthenticator"/> - </list> - </property> -</bean> - - PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior to - 4.1. - - - If you have made changes to your existing copy of the - /etc/cloud/management/db.properties file in your previous-version - CloudStack installation, the changes will be preserved in the upgrade. However, you need - to do the following steps to place these changes in a new version of the file which is - compatible with version 4.0.0-incubating. - - - Make a backup copy of your file - /etc/cloud/management/db.properties. For example: - # mv /etc/cloud/management/db.properties /etc/cloud/management/db.properties-backup - - - Copy /etc/cloud/management/db.properties.rpmnew to create a - new /etc/cloud/management/db.properties: - # cp -ap /etc/cloud/management/db.properties.rpmnew etc/cloud/management/db.properties - - - Merge your changes from the backup file into the new db.properties file. - # vi /etc/cloud/management/db.properties - - - - - On the management server node, run the following command. It is recommended that you - use the command-line flags to provide your own encryption keys. See Password and Key - Encryption in the Installation Guide. - # cloud-setup-encryption -e encryption_type -m management_server_key -k database_key - When used without arguments, as in the following example, the default encryption - type and keys will be used: - - - (Optional) For encryption_type, use file or web to indicate the technique used - to pass in the database encryption password. Default: file. - - - (Optional) For management_server_key, substitute the default key that is used to - encrypt confidential parameters in the properties file. Default: password. It is - highly recommended that you replace this with a more secure value - - - (Optional) For database_key, substitute the default key that is used to encrypt - confidential parameters in the CloudStack database. Default: password. It is highly - recommended that you replace this with a more secure value. - - - - - Repeat steps 10 - 14 on every management server node. If you provided your own - encryption key in step 14, use the same key on all other management servers. - - - Start the first Management Server. Do not start any other Management Server nodes - yet. - # service cloudstack-management start - Wait until the databases are upgraded. Ensure that the database upgrade is complete. - You should see a message like "Complete! Done." After confirmation, start the other - Management Servers one at a time by running the same command on each node. - - - Start all Usage Servers (if they were running on your previous version). Perform - this on each Usage Server host. - # service cloudstack-usage start - - - (KVM only) Additional steps are required for each KVM host. These steps will not - affect running guests in the cloud. These steps are required only for clouds using KVM - as hosts and only on the KVM hosts. - - - Configure your CloudStack package repositories as outlined in the Installation - Guide - - - Stop the running agent. - # service cloud-agent stop - - - Update the agent software with one of the following command sets as - appropriate. - # yum update cloud-* - - # apt-get update - # apt-get upgrade cloud-* - - - - Start the agent. - # service cloudstack-agent start - - - Copy the contents of the agent.properties file to the new - agent.properties file by using the following command - sed -i 's/com.cloud.agent.resource.computing.LibvirtComputingResource/com.cloud.hypervisor.kvm.resource.LibvirtComputingResource/g' /etc/cloud/agent/agent.properties - - - Start the cloud agent and cloud management services. - - - When the Management Server is up and running, log in to the CloudStack UI and - restart the virtual router for proper functioning of all the features. - - - - - Log in to the CloudStack UI as admin, and check the status of the hosts. All hosts - should come to Up state (except those that you know to be offline). You may need to wait - 20 or 30 minutes, depending on the number of hosts. - Do not proceed to the next step until the hosts show in the Up state. If the hosts - do not come to the Up state, contact support. - - - Run the following script to stop, then start, all Secondary Storage VMs, Console - Proxy VMs, and virtual routers. - - - Run the command once on one management server. Substitute your own IP address of - the MySQL instance, the MySQL user to connect as, and the password to use for that - user. In addition to those parameters, provide the "-c" and "-r" arguments. For - example: - # nohup cloud-sysvmadm -d 192.168.1.5 -u cloud -p password -c -r > sysvm.log 2>&1 & - # tail -f sysvm.log - This might take up to an hour or more to run, depending on the number of - accounts in the system. - - - After the script terminates, check the log to verify correct execution: - # tail -f sysvm.log - The content should be like the following: - - Stopping and starting 1 secondary storage vm(s)... - Done stopping and starting secondary storage vm(s) - Stopping and starting 1 console proxy vm(s)... - Done stopping and starting console proxy vm(s). - Stopping and starting 4 running routing vm(s)... - Done restarting router(s). - - - - - - If you would like additional confirmation that the new system VM templates were - correctly applied when these system VMs were rebooted, SSH into the System VM and check - the version. - Use one of the following techniques, depending on the hypervisor. - - XenServer or KVM: - SSH in by using the link local IP address of the system VM. For example, in the - command below, substitute your own path to the private key used to log in to the - system VM and your own link local IP. - - Run the following commands on the XenServer or KVM host on which the system VM is - present: - # ssh -i private-key-path link-local-ip -p 3922 - # cat /etc/cloudstack-release - The output should be like the following: - Cloudstack Release 4.0.0-incubating Mon Oct 9 15:10:04 PST 2012 - - ESXi - SSH in using the private IP address of the system VM. For example, in the command - below, substitute your own path to the private key used to log in to the system VM and - your own private IP. - - Run the following commands on the Management Server: - # ssh -i private-key-path private-ip -p 3922 - # cat /etc/cloudstack-release - - The output should be like the following: - Cloudstack Release 4.0.0-incubating Mon Oct 9 15:10:04 PST 2012 - - - If needed, upgrade all Citrix XenServer hypervisor hosts in your cloud to a version - supported by CloudStack 4.0.0-incubating. The supported versions are XenServer 5.6 SP2 - and 6.0.2. Instructions for upgrade can be found in the CloudStack 4.0.0-incubating - Installation Guide. - - - Apply the XenServer hotfix XS602E003 (and any other needed hotfixes) to XenServer - v6.0.2 hypervisor hosts. - - - Disconnect the XenServer cluster from CloudStack. - In the left navigation bar of the CloudStack UI, select Infrastructure. Under - Clusters, click View All. Select the XenServer cluster and click Actions - - Unmanage. - This may fail if there are hosts not in one of the states Up, Down, - Disconnected, or Alert. You may need to fix that before unmanaging this - cluster. - Wait until the status of the cluster has reached Unmanaged. Use the CloudStack - UI to check on the status. When the cluster is in the unmanaged state, there is no - connection to the hosts in the cluster. - - - To clean up the VLAN, log in to one XenServer host and run: - /opt/xensource/bin/cloud-clean-vlan.sh - - - Prepare the upgrade by running the following on one XenServer host: - /opt/xensource/bin/cloud-prepare-upgrade.sh - If you see a message like "can't eject CD", log in to the VM and umount the CD, - then run this script again. - - - Upload the hotfix to the XenServer hosts. Always start with the Xen pool master, - then the slaves. Using your favorite file copy utility (e.g. WinSCP), copy the - hotfixes to the host. Place them in a temporary folder such as /root or /tmp. - On the Xen pool master, upload the hotfix with this command: - xe patch-upload file-name=XS602E003.xsupdate - Make a note of the output from this command, which is a UUID for the hotfix - file. You'll need it in another step later. - - (Optional) If you are applying other hotfixes as well, you can repeat the - commands in this section with the appropriate hotfix number. For example, - XS602E004.xsupdate. - - - - Manually live migrate all VMs on this host to another host. First, get a list of - the VMs on this host: - # xe vm-list - Then use this command to migrate each VM. Replace the example host name and VM - name with your own: - # xe vm-migrate live=true host=host-name vm=VM-name - - Troubleshooting - If you see a message like "You attempted an operation on a VM which requires - PV drivers to be installed but the drivers were not detected," run: - /opt/xensource/bin/make_migratable.sh - b6cf79c8-02ee-050b-922f-49583d9f1a14. - - - - Apply the hotfix. First, get the UUID of this host: - # xe host-list - Then use the following command to apply the hotfix. Replace the example host - UUID with the current host ID, and replace the hotfix UUID with the output from the - patch-upload command you ran on this machine earlier. You can also get the hotfix - UUID by running xe patch-list. - xe patch-apply host-uuid=host-uuid - uuid=hotfix-uuid - - - Copy the following files from the CloudStack Management Server to the - host. - - - - - - - Copy from here... - ...to here - - - - - /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver/xenserver60/NFSSR.py - /opt/xensource/sm/NFSSR.py - - - /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver/setupxenserver.sh - /opt/xensource/bin/setupxenserver.sh - - - /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver/make_migratable.sh - /opt/xensource/bin/make_migratable.sh - - - - - - - (Only for hotfixes XS602E005 and XS602E007) You need to apply a new Cloud - Support Pack. - - - Download the CSP software onto the XenServer host from one of the following - links: - For hotfix XS602E005: http://coltrane.eng.hq.xensource.com/release/XenServer-6.x/XS-6.0.2/hotfixes/XS602E005/56710/xe-phase-2/xenserver-cloud-supp.tgz - For hotfix XS602E007: http://coltrane.eng.hq.xensource.com/release/XenServer-6.x/XS-6.0.2/hotfixes/XS602E007/57824/xe-phase-2/xenserver-cloud-supp.tgz - - - Extract the file: - # tar xf xenserver-cloud-supp.tgz - - - Run the following script: - # xe-install-supplemental-pack - xenserver-cloud-supp.iso - - - If the XenServer host is part of a zone that uses basic networking, disable - Open vSwitch (OVS): - # xe-switch-network-backend bridge - - - - - Reboot this XenServer host. - - - Run the following: - /opt/xensource/bin/setupxenserver.sh - - If the message "mv: cannot stat `/etc/cron.daily/logrotate': No such file or - directory" appears, you can safely ignore it. - - - - Run the following: - for pbd in `xe pbd-list currently-attached=false| grep ^uuid | awk - '{print $NF}'`; do xe pbd-plug uuid=$pbd ; - - - - On each slave host in the Xen pool, repeat these steps, starting from "manually - live migrate VMs." - - - - -
    -     - From b183efe8020d0aca420158ca55254f2e1c98b680 Mon Sep 17 00:00:00 2001 From: radhikap Date: Sat, 14 Sep 2013 10:33:40 +0530 Subject: [PATCH 12/12] release notes structure issue fixed, links to known issues and fixed issues have been added --- docs/en-US/Release_Notes.xml | 2593 +++++++++++++--------------------- 1 file changed, 954 insertions(+), 1639 deletions(-) diff --git a/docs/en-US/Release_Notes.xml b/docs/en-US/Release_Notes.xml index ce2a7371628..d1def441685 100644 --- a/docs/en-US/Release_Notes.xml +++ b/docs/en-US/Release_Notes.xml @@ -57,1007 +57,965 @@ under the License. What's New in 4.2.0 -
    - &PRODUCT; 4.2 includes the following new features. -
    - Features to Support Heterogeneous Workloads - The following new features help &PRODUCT; 4.2 better support both legacy and cloud-era - style zones. -
    - Regions - To increase reliability of the cloud, you can optionally group resources into - geographic regions. A region is the largest available organizational unit within a cloud - deployment. A region is made up of several availability zones, where each zone is - equivalent to a datacenter. Each region is controlled by its own cluster of Management - Servers, running in one of the zones. The zones in a region are typically located in - close geographical proximity. Regions are a useful technique for providing fault - tolerance and disaster recovery. - By grouping zones into regions, the cloud can achieve higher availability and - scalability. User accounts can span regions, so that users can deploy VMs in multiple, - widely-dispersed regions. Even if one of the regions becomes unavailable, the services - are still available to the end-user through VMs deployed in another region. And by - grouping communities of zones under their own nearby Management Servers, the latency of - communications within the cloud is reduced compared to managing widely-dispersed zones - from a single central Management Server. - Usage records can also be consolidated and tracked at the region level, creating - reports or invoices for each geographic region. -
    -
    - Object Storage Plugin Architecture - Artifacts such as templates, ISOs and snapshots are kept in storage which &PRODUCT; - refers to as secondary storage. To improve scalability and performance, as when a number - of hosts access secondary storage concurrently, object storage can be used for secondary - storage. Object storage can also provide built-in high availability capability. When - using object storage, access to secondary storage data can be made available across - multiple zones in a region. This is a huge benefit, as it is no longer necessary to copy - templates, snapshots etc. across zones as would be needed in an NFS-only - environment. - Object storage is provided through third-party software such as Amazon Simple - Storage Service (S3) or any other object storage that supports the S3 interface. These - third party object storages can be integrated with &PRODUCT; by writing plugin software - that uses the object storage plugin capability introduced in &PRODUCT; 4.2. Several new - pluggable service interfaces are available so that different storage providers can - develop vendor-specific plugins based on the well-defined contracts that can be - seamlessly managed by &PRODUCT;. -
    -
    - Zone-Wide Primary Storage - (Supported on KVM and VMware) - In &PRODUCT; 4.2, you can provision primary storage on a per-zone basis. Data - volumes in the primary storage can be attached to any VM on any host in the zone. - In previous &PRODUCT; versions, each cluster had its own primary storage. Data in - the primary storage was directly available only to VMs within that cluster. If a VM in a - different cluster needed some of the data, it must be copied from one cluster to - another, using the zone's secondary storage as an intermediate step. This operation was - unnecessarily time-consuming. -
    -
    - VMware Datacenter Now Visible As a &PRODUCT; Zone - In order to support zone-wide functions for VMware, changes have been made so that - &PRODUCT; is now aware of VMware Datacenters and can map each Datacenter to a &PRODUCT; - zone. Previously, &PRODUCT; was only aware of VMware Clusters, a smaller organizational - unit than Datacenters. This implies that a single &PRODUCT; zone could possibly contain - clusters from different VMware Datacenters. In order for zone-wide functions, such as - zone-wide primary storage, to work for VMware hosts, &PRODUCT; has to make sure that a - zone contains only a single VMware Datacenter. Therefore, when you are creating a new - &PRODUCT; zone, you will now be able to select a VMware Datacenter for the zone. If you - are provisioning multiple VMware Datacenters, each one will be set up as a single zone - in &PRODUCT;. - - If you are upgrading from a previous &PRODUCT; version, and your existing - deployment contains a zone with clusters from multiple VMware Datacenters, that zone - will not be forcibly migrated to the new model. It will continue to function as - before. However, any new zone-wide operations, such as zone-wide primary storage, will - not be available in that zone. - - -
    + &PRODUCT; 4.2 includes the following new features. +
    + Features to Support Heterogeneous Workloads + The following new features help &PRODUCT; 4.2 better support both legacy and cloud-era + style zones. +
    + Regions + To increase reliability of the cloud, you can optionally group resources into + geographic regions. A region is the largest available organizational unit within a cloud + deployment. A region is made up of several availability zones, where each zone is + equivalent to a datacenter. Each region is controlled by its own cluster of Management + Servers, running in one of the zones. The zones in a region are typically located in close + geographical proximity. Regions are a useful technique for providing fault tolerance and + disaster recovery. + By grouping zones into regions, the cloud can achieve higher availability and + scalability. User accounts can span regions, so that users can deploy VMs in multiple, + widely-dispersed regions. Even if one of the regions becomes unavailable, the services are + still available to the end-user through VMs deployed in another region. And by grouping + communities of zones under their own nearby Management Servers, the latency of + communications within the cloud is reduced compared to managing widely-dispersed zones + from a single central Management Server. + Usage records can also be consolidated and tracked at the region level, creating + reports or invoices for each geographic region.
    -
    - Third-Party UI Plugin Framework - Using the new third-party plugin framework, you can write and install extensions to - &PRODUCT;. The installed and enabled plugins will appear in the UI alongside the - Citrix-provided features. - The basic procedure for adding a UI plugin is explained in the Developer Guide. In - summary, the plugin developer creates the plugin code itself (in Javascript), a thumbnail - image, the plugin listing, and a CSS file. The &PRODUCT; administrator adds the folder - containing the plugin code under the &PRODUCT; PLUGINS folder and adds the plugin name to - a configuration file (plugins.js). - The next time the user refreshes the UI in the browser, the plugin will appear under - the Plugins button in the left navigation bar. +
    + Object Storage Plugin Architecture + Artifacts such as templates, ISOs and snapshots are kept in storage which &PRODUCT; + refers to as secondary storage. To improve scalability and performance, as when a number + of hosts access secondary storage concurrently, object storage can be used for secondary + storage. Object storage can also provide built-in high availability capability. When using + object storage, access to secondary storage data can be made available across multiple + zones in a region. This is a huge benefit, as it is no longer necessary to copy templates, + snapshots etc. across zones as would be needed in an NFS-only environment. + Object storage is provided through third-party software such as Amazon Simple Storage + Service (S3) or any other object storage that supports the S3 interface. These third party + object storages can be integrated with &PRODUCT; by writing plugin software that uses the + object storage plugin capability introduced in &PRODUCT; 4.2. Several new pluggable + service interfaces are available so that different storage providers can develop + vendor-specific plugins based on the well-defined contracts that can be seamlessly managed + by &PRODUCT;.
    -
    - Networking Enhancements - The following new features provide additional networking functionality in &PRODUCT; - 4.2. -
    - IPv6 (Technical Preview) - &PRODUCT; 4.2 introduces initial support for IPv6. This feature is provided as a - technical preview only. Full support is planned for a future release. -
    -
    - Portable IPs - Portable IPs in &PRODUCT; are elastic IPs that can be transferred across - geographically separated zones. As an administrator, you can provision a pool of - portable IPs at region level and are available for user consumption. The users can - acquire portable IPs if admin has provisioned portable public IPs at the region level - they are part of. These IPs can be used for any service within an advanced zone. You can - also use portable IPs for EIP service in Basic zones. Additionally, a portable IP can be - transferred from one network to another network. -
    -
    - N-Tier Applications - In &PRODUCT; 3.0.6, a functionality was added to allow users to create a multi-tier - application connected to a single instance of a Virtual Router that supports inter-VLAN - routing. Such a multi-tier application is called a virtual private cloud (VPC). Users - were also able to connect their multi-tier applications to a private Gateway or a - Site-to-Site VPN tunnel and route certain traffic to those gateways. For &PRODUCT; 4.2, - additional features are implemented to enhance VPC applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Support for KVMVPC is now supported on KVM - hypervisors.
    -
    - Load Balancing Support for VPC - In a VPC, you can configure two types of load balancing—external LB and - internal LB. External LB is nothing but a LB rule created to redirect the traffic - received at a public IP of the VPC virtual router. The traffic is load balanced within - a tier based on your configuration. Citrix NetScaler and VPC virtual router are - supported for external LB. When you use internal LB service, traffic received at a - tier is load balanced across different VMs within that tier. For example, traffic - reached at Web tier is redirected to another VM in that tier. External load balancing - devices are not supported for internal LB. The service is provided by a internal LB VM - configured on the target tier. -
    - Load Balancing Within a Tier (External LB) - A &PRODUCT; user or administrator may create load balancing rules that balance - traffic received at a public IP to one or more VMs that belong to a network tier - that provides load balancing service in a VPC. A user creates a rule, specifies an - algorithm, and assigns the rule to a set of VMs within a tier. -
    -
    - Load Balancing Across Tiers - &PRODUCT; supports sharing workload across different tiers within your VPC. - Assume that multiple tiers are set up in your environment, such as Web tier and - Application tier. Traffic to each tier is balanced on the VPC virtual router on the - public side. If you want the traffic coming from the Web tier to the Application - tier to be balanced, use the internal load balancing feature offered by - &PRODUCT;. -
    -
    - Netscaler Support for VPC - Citrix NetScaler is supported for external LB. Certified version for this - feature is NetScaler 10.0 Build 74.4006.e. -
    +
    + Zone-Wide Primary Storage + (Supported on KVM and VMware) + In &PRODUCT; 4.2, you can provision primary storage on a per-zone basis. Data volumes + in the primary storage can be attached to any VM on any host in the zone. + In previous &PRODUCT; versions, each cluster had its own primary storage. Data in the + primary storage was directly available only to VMs within that cluster. If a VM in a + different cluster needed some of the data, it must be copied from one cluster to another, + using the zone's secondary storage as an intermediate step. This operation was + unnecessarily time-consuming. +
    +
    + VMware Datacenter Now Visible As a &PRODUCT; Zone + In order to support zone-wide functions for VMware, changes have been made so that + &PRODUCT; is now aware of VMware Datacenters and can map each Datacenter to a &PRODUCT; + zone. Previously, &PRODUCT; was only aware of VMware Clusters, a smaller organizational + unit than Datacenters. This implies that a single &PRODUCT; zone could possibly contain + clusters from different VMware Datacenters. In order for zone-wide functions, such as + zone-wide primary storage, to work for VMware hosts, &PRODUCT; has to make sure that a + zone contains only a single VMware Datacenter. Therefore, when you are creating a new + &PRODUCT; zone, you will now be able to select a VMware Datacenter for the zone. If you + are provisioning multiple VMware Datacenters, each one will be set up as a single zone in + &PRODUCT;. + + If you are upgrading from a previous &PRODUCT; version, and your existing deployment + contains a zone with clusters from multiple VMware Datacenters, that zone will not be + forcibly migrated to the new model. It will continue to function as before. However, any + new zone-wide operations, such as zone-wide primary storage, will not be available in + that zone. + + +
    +
    +
    + Third-Party UI Plugin Framework + Using the new third-party plugin framework, you can write and install extensions to + &PRODUCT;. The installed and enabled plugins will appear in the UI. + The basic procedure for adding a UI plugin is explained in the Developer Guide. In + summary, the plugin developer creates the plugin code itself (in Javascript), a thumbnail + image, the plugin listing, and a CSS file. The &PRODUCT; administrator adds the folder + containing the plugin code under the &PRODUCT; PLUGINS folder and adds the plugin name to a + configuration file (plugins.js). + The next time the user refreshes the UI in the browser, the plugin will appear under the + Plugins button in the left navigation bar. +
    +
    + Networking Enhancements + The following new features provide additional networking functionality in &PRODUCT; + 4.2. +
    + IPv6 + &PRODUCT; 4.2 introduces initial support for IPv6. This feature is provided as a + technical preview only. Full support is planned for a future release. +
    +
    + Portable IPs + Portable IPs in &PRODUCT; are elastic IPs that can be transferred across + geographically separated zones. As an administrator, you can provision a pool of portable + IPs at region level and are available for user consumption. The users can acquire portable + IPs if admin has provisioned portable public IPs at the region level they are part of. + These IPs can be used for any service within an advanced zone. You can also use portable + IPs for EIP service in Basic zones. Additionally, a portable IP can be transferred from + one network to another network. +
    +
    + N-Tier Applications + In &PRODUCT; 3.0.6, a functionality was added to allow users to create a multi-tier + application connected to a single instance of a Virtual Router that supports inter-VLAN + routing. Such a multi-tier application is called a virtual private cloud (VPC). Users were + also able to connect their multi-tier applications to a private Gateway or a Site-to-Site + VPN tunnel and route certain traffic to those gateways. For &PRODUCT; 4.2, additional + features are implemented to enhance VPC applications. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Support for KVMVPC is now supported on KVM + hypervisors.
    +
    + Load Balancing Support for VPC + In a VPC, you can configure two types of load balancing—external LB and + internal LB. External LB is nothing but a LB rule created to redirect the traffic + received at a public IP of the VPC virtual router. The traffic is load balanced within a + tier based on your configuration. Citrix NetScaler and VPC virtual router are supported + for external LB. When you use internal LB service, traffic received at a tier is load + balanced across different VMs within that tier. For example, traffic reached at Web tier + is redirected to another VM in that tier. External load balancing devices are not + supported for internal LB. The service is provided by a internal LB VM configured on the + target tier. +
    + Load Balancing Within a Tier (External LB) + A &PRODUCT; user or administrator may create load balancing rules that balance + traffic received at a public IP to one or more VMs that belong to a network tier that + provides load balancing service in a VPC. A user creates a rule, specifies an + algorithm, and assigns the rule to a set of VMs within a tier.
    -
    - Enhanced Access Control List - Network Access Control List (ACL) on the VPC virtual router is enhanced. The - network ACLs can be created for the tiers only if the NetworkACL service is supported. - In &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL - items are nothing but numbered rules that are evaluated in order, starting with the - lowest numbered rule. These rules determine whether traffic is allowed in or out of - any tier associated with the network ACL. You need to add the Network ACL items to the - Network ACL, then associate the Network ACL with a tier. Network ACL is associated - with a VPC and can be assigned to multiple VPC tiers within a VPC. A Tier is - associated with a Network ACL at all the times. Each tier can be associated with only - one ACL. - The default Network ACL is used when no ACL is associated. Default behavior is all - incoming traffic to guest networks is blocked and all outgoing traffic from guest - networks is allowed. Default network ACL cannot be removed or modified. -
    - ACL on Private Gateway - The traffic on the VPC private gateway is controlled by creating both ingress - and egress network ACL rules. The ACLs contains both allow and deny rules. As per - the rule, all the ingress traffic to the private gateway interface and all the - egress traffic out from the private gateway interface are blocked. You can change - this default behaviour while creating a private gateway. -
    -
    - Allow ACL on All Level 4 Protocols - In addition to the existing protocol support for ICMP, TCP, UDP, support for All - Level 4 protocols is added. The protocol numbers from 0 to 255 are supported. -
    -
    - Support for ACL Deny Rules - In addition to the existing support for ACL Allow rules, support for ACL Deny - rules has been added in &PRODUCT; 4.2. As part of this, two operations are - supported: Number and Action. You can configure a rule, allow or deny, by using - action. Use Number to add a rule number. -
    +
    + Load Balancing Across Tiers + &PRODUCT; supports sharing workload across different tiers within your VPC. Assume + that multiple tiers are set up in your environment, such as Web tier and Application + tier. Traffic to each tier is balanced on the VPC virtual router on the public side. + If you want the traffic coming from the Web tier to the Application tier to be + balanced, use the internal load balancing feature offered by &PRODUCT;.
    -
    - Deploying VMs to a VPC Tier and Shared Networks - &PRODUCT; allows you to deploy VMs on a VPC tier and one or more shared networks. - With this feature, the VMs deployed in a multi-tier application can receive services - offered by a service provider over the shared network. One example of such a service - is monitoring service. -
    -
    - Adding a Private Gateway to a VPC - A private gateway can be added by the root admin only. The VPC private network has - 1:1 relationship with the NIC of the physical network. You can configure multiple - private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed - in the same data center. -
    - Source NAT on Private Gateway - You might want to deploy multiple VPCs with the same super CIDR and guest tier - CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to - reach a enterprise data center through the private gateway. In such cases, a NAT - service need to be configured on the private gateway. If Source NAT is enabled, the - guest VMs in VPC reaches the enterprise network via private gateway IP address by - using the NAT service. - The Source NAT service on a private gateway can be enabled while adding the - private gateway. On deletion of a private gateway, source NAT rules specific to the - private gateway are deleted. -
    -
    - VPN Gateways - Support up to 8 VPN Gateways is added. -
    -
    - Creating a Static Route - &PRODUCT; enables you to specify routing for the VPN connection you create. You - can enter one or CIDR addresses to indicate which traffic is to be routed back to - the gateway. -
    -
    - Blacklisting Routes - &PRODUCT; enables you to block a list of routes so that they are not assigned to - any of the VPC private gateways. Specify the list of routes that you want to - blacklist in the blacklisted.routes global parameter. Note that the - parameter update affects only new static route creations. If you block an existing - static route, it remains intact and continue functioning. You cannot add a static - route if the route is blacklisted for the zone. -
    +
    + Netscaler Support for VPC + Citrix NetScaler is supported for external LB. Certified version for this feature + is NetScaler 10.0 Build 74.4006.e.
    -
    - Assigning VLANs to Isolated Networks - &PRODUCT; provides you the ability to control VLAN assignment to Isolated networks. - You can assign a VLAN ID when a network is created, just the way it's done for Shared - networks. - The former behaviour also is supported — VLAN is randomly allocated to a - network from the VNET range of the physical network when the network turns to - Implemented state. The VLAN is released back to the VNET pool when the network shuts - down as a part of the Network Garbage Collection. The VLAN can be re-used either by the - same network when it is implemented again, or by any other network. On each subsequent - implementation of a network, a new VLAN can be assigned. - - You cannot change a VLAN once it's assigned to the network. The VLAN remains with - the network for its entire life cycle. - +
    + Enhanced Access Control List + Network Access Control List (ACL) on the VPC virtual router is enhanced. The network + ACLs can be created for the tiers only if the NetworkACL service is supported. In + &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL items + are nothing but numbered rules that are evaluated in order, starting with the lowest + numbered rule. These rules determine whether traffic is allowed in or out of any tier + associated with the network ACL. You need to add the Network ACL items to the Network + ACL, then associate the Network ACL with a tier. Network ACL is associated with a VPC + and can be assigned to multiple VPC tiers within a VPC. A Tier is associated with a + Network ACL at all the times. Each tier can be associated with only one ACL. + The default Network ACL is used when no ACL is associated. Default behavior is all + incoming traffic to guest networks is blocked and all outgoing traffic from guest + networks is allowed. Default network ACL cannot be removed or modified. +
    + ACL on Private Gateway + The traffic on the VPC private gateway is controlled by creating both ingress and + egress network ACL rules. The ACLs contains both allow and deny rules. As per the + rule, all the ingress traffic to the private gateway interface and all the egress + traffic out from the private gateway interface are blocked. You can change this + default behaviour while creating a private gateway. +
    +
    + Allow ACL on All Level 4 Protocols + In addition to the existing protocol support for ICMP, TCP, UDP, support for All + Level 4 protocols is added. The protocol numbers from 0 to 255 are supported. +
    +
    + Support for ACL Deny Rules + In addition to the existing support for ACL Allow rules, support for ACL Deny + rules has been added in &PRODUCT; 4.2. As part of this, two operations are supported: + Number and Action. You can configure a rule, allow or deny, by using action. Use + Number to add a rule number. +
    -
    - Persistent Networks - &PRODUCT; 4.2 supports Persistent Networks. The network that you can provision - without having to deploy any VMs on it is called a Persistent Network. A Persistent - Network can be part of a VPC or a non-VPC environment. With the addition of this - feature, you will have the ability to create a network in &PRODUCT; in which physical - devices can be deployed without having to run any VMs. Additionally, you can deploy - physical devices on that network. Another advantages is that you can create a VPC with a - tier that consists only physical devices. For example, you might create a VPC for a - three-tier application, deploy VMs for Web and Application tier, and use physical - machines for the Database tier. Another use case is that if you are providing services - by using physical hardware, you can define the network as persistent and therefore even - if all its VMs are destroyed the services will not be discontinued. +
    + Deploying VMs to a VPC Tier and Shared Networks + &PRODUCT; allows you to deploy VMs on a VPC tier and one or more shared networks. + With this feature, the VMs deployed in a multi-tier application can receive services + offered by a service provider over the shared network. One example of such a service is + monitoring service.
    -
    - Cisco VNMC Support - Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and - policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with - ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able - to: - - - Configure Cisco ASA 1000v Firewalls - - - Create and apply security profiles that contain ACL policy sets for both ingress - and egress traffic, and NAT policy sets - - - &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware - hypervisors. -
    -
    - VMware vNetwork Distributed vSwitch - &PRODUCT; supports VMware vSphere Distributed Switch (VDS) for virtual network - configuration in a VMware vSphere environment. Each vCenter server instance can support - up to 128 VDSs and each VDS can manage up to 500 VMware hosts. &PRODUCT; supports - configuring virtual networks in a deployment with a mix of Virtual Distributed Switch, - Standard Virtual Switch and Nexus 1000v Virtual Switch. -
    -
    - IP Reservation in Isolated Guest Networks - In Isolated guest networks in &PRODUCT; 4.2, a part of the guest IP address space - can be reserved for non-&PRODUCT; VMs or physical servers. To do so, you configure a - range of Reserved IP addresses by specifying the CIDR when a guest network is in - Implemented state. The advantage of having this feature is that if your customers wish - to have non-&PRODUCT; controlled VMs or physical servers on the same network, they can - use a part of the IP address space that is primarily provided to the guest network. When - IP reservation is configured, the administrator can add additional VMs or physical - servers that are not part of &PRODUCT; to the same network and assign them the Reserved - IP addresses. &PRODUCT; guest VMs cannot acquire IPs from the Reserved IP Range. -
    -
    - Dedicated Resources: Public IP Addresses and VLANs Per Account - &PRODUCT; provides you the ability to reserve a set of public IP addresses and VLANs - exclusively for an account. During zone creation, you can continue to define a set of - VLANs and multiple public IP ranges. This feature extends the functionality to enable - you to dedicate a fixed set of VLANs and guest IP addresses for a tenant. - This feature provides you the following capabilities: - - - Reserve a VLAN range and public IP address range from an Advanced zone and - assign it to an account - - - Disassociate a VLAN and public IP address range from an account - - - - Ensure that you check whether the required range is available and conforms to - account limits. The maximum IPs per account limit cannot be superseded. - -
    -
    - Enhanced Juniper SRX Support for Egress Firewall Rules - Egress firewall rules were previously supported on virtual routers, and now they are - also supported on Juniper SRX external networking devices. - Egress traffic originates from a private network to a public network, such as the - Internet. By default, the egress traffic is blocked, so no outgoing traffic is allowed - from a guest network to the Internet. However, you can control the egress traffic in an - Advanced zone by creating egress firewall rules. When an egress firewall rule is - applied, the traffic specific to the rule is allowed and the remaining traffic is - blocked. When all the firewall rules are removed the default policy, Block, is - applied. - - Egress firewall rules are not supported on Shared networks. They are supported - only on Isolated guest networks. - -
    -
    - Configuring the Default Egress Policy - The default egress policy for Isolated guest network can be configured by using - Network offering. Use the create network offering option to determine whether the - default policy should be block or allow all the traffic to the public network from a - guest network. Use this network offering to create the network. If no policy is - specified, by default all the traffic is allowed from the guest network that you create - by using this network offering. - You have two options: Allow and Deny. - If you select Allow for a network offering, by default egress traffic is allowed. - However, when an egress rule is configured for a guest network, rules are applied to - block the specified traffic and rest are allowed. If no egress rules are configured for - the network, egress traffic is accepted. If you select Deny for a network offering, by - default egress traffic for the guest network is blocked. However, when an egress rules - is configured for a guest network, rules are applied to allow the specified traffic. - While implementing a guest network, &PRODUCT; adds the firewall egress rule specific to - the default egress policy for the guest network. - This feature is supported only on virtual router and Juniper SRX. -
    -
    - Non-Contiguous VLAN Ranges - &PRODUCT; provides you with the flexibility to add non contiguous VLAN ranges to - your network. The administrator can either update an existing VLAN range or add multiple - non contiguous VLAN ranges while creating a zone. You can also use the - UpdatephysicalNetwork API to extend the VLAN range. -
    -
    - Isolation in Advanced Zone Using Private VLAN - Isolation of guest traffic in shared networks can be achieved by using Private VLANs - (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a - PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach - the DHCP server and gateway, this would in turn allow users to control traffic within a - network and help them deploy multiple applications without communication between - application as well as prevent communication with other users’ VMs. - - - Isolate VMs in a shared networks by using Private VLANs. - - - Supported on KVM, XenServer, and VMware hypervisors. - - - PVLAN-enabled shared network can be a part of multiple networks of a guest VM. - - - - For further reading: - - - Understanding Private VLANs - - - Cisco Systems' Private VLANs: - Scalable Security in a Multi-Client Environment - - - Private VLAN (PVLAN) on vNetwork Distributed - Switch - Concept Overview (1010691) - - -
    -
    - Configuring Multiple IP Addresses on a Single NIC - (Supported on XenServer, KVM, and VMware hypervisors) - &PRODUCT; now provides you the ability to associate multiple private IP addresses - per guest VM NIC. This feature is supported on all the network - configurations—Basic, Advanced, and VPC. Security Groups, Static NAT and Port - forwarding services are supported on these additional IPs. In addition to the primary - IP, you can assign additional IPs to the guest VM NIC. Up to 256 IP addresses are - allowed per NIC. - As always, you can specify an IP from the guest subnet; if not specified, an IP is - automatically picked up from the guest VM subnet. You can view the IPs associated with - for each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by - using firewall configuration in the &PRODUCT; UI. You must specify the NIC to which the - IP should be associated. -
    -
    - Adding Multiple IP Ranges - (Supported on KVM, xenServer, and VMware hypervisors) - &PRODUCT; 4.2 provides you with the flexibility to add guest IP ranges from - different subnets in Basic zones and security groups-enabled Advanced zones. For - security groups-enabled Advanced zones, it implies multiple subnets can be added to the - same VLAN. With the addition of this feature, you will be able to add IP address ranges - from the same subnet or from a different one when IP address are exhausted. This would - in turn allows you to employ higher number of subnets and thus reduce the address - management overhead. - Ensure that you manually configure the gateway of the new subnet before adding the - IP range. Note that &PRODUCT; supports only one gateway for a subnet; overlapping - subnets are not currently supported. - You can also delete IP ranges. This operation fails if an IP from the remove range - is in use. If the remove range contains the IP address on which the DHCP server is - running, &PRODUCT; acquires a new IP from the same subnet. If no IP is available in the - subnet, the remove operation fails. - - The feature can only be implemented on IPv4 addresses. - -
    -
    - Support for Multiple Networks in VMs - (Supported on XenServer, VMware and KVM hypervisors) - &PRODUCT; 4.2 provides you the ability to add and remove multiple networks to a VM. - You can remove a network from a VM and add a new network. You can also change the - default network of a VM. With this functionality, hybrid or traditional server loads can - be accommodated with ease. - For adding or removing a NIC to work on VMware, ensure that vm-tools are running on - guest VMs. -
    -
    - Global Server Load Balancing - &PRODUCT; 4.2 supports Global Server Load Balancing (GSLB) functionalities to - provide business continuity by load balancing traffic to an instance on active zones - only in case of zone failures . &PRODUCT; achieve this by extending its functionality of - integrating with NetScaler Application Delivery Controller (ADC), which also provides - various GSLB capabilities, such as disaster recovery and load balancing. The DNS - redirection technique is used to achieve GSLB in &PRODUCT;. In order to support this - functionality, region level services and service provider are introduced. A new service - 'GSLB' is introduced as a region level service. The GSLB service provider is introduced - that will provider the GSLB service. Currently, NetScaler is the supported GSLB provider - in &PRODUCT;. GSLB functionality works in an Active-Active data center environment. - -
    -
    - Enhanced Load Balancing Services Using External Provider on Shared VLANs - Network services like Firewall, Load Balancing, and NAT are now supported in shared - networks created in an advanced zone. In effect, the following network services shall be - made available to a VM in a shared network: Source NAT, Static NAT, Port Forwarding, - Firewall and Load balancing. Subset of these service can be chosen while creating a - network offering for shared networks. Services available in a shared network is defined - by the network offering and the service chosen in the network offering. For example, if - network offering for a shared network has source NAT service enabled, a public IP shall - be provisioned and source NAT is configured on the firewall device to provide public - access to the VMs on the shared network. Static NAT, Port Forwarding, Load Balancing, - and Firewall services shall be available only on the acquired public IPs associated with - a shared network. - Additionally, Netscaler and Juniper SRX firewall device can be configured inline or - side-by-side mode. -
    -
    - Health Checks for Load Balanced Instances - - This feature is supported only on NetScaler version 10.0 and beyond. - - (NetScaler load balancer only) A load balancer rule distributes requests among a - pool of services (a service in this context means an application running on a virtual - machine). When creating a load balancer rule, you can specify a health check which will - ensure that the rule forwards requests only to services that are healthy (running and - available). When a health check is in effect, the load balancer will stop forwarding - requests to any resources that it has found to be unhealthy. If the resource later - becomes available again, the periodic health check (periodicity is configurable) will - discover it and the resource will once again be made available to the load - balancer. - To configure how often the health check is performed by default, use the global - configuration setting healthcheck.update.interval. This default applies to all the - health check policies in the cloud. You can override this value for an individual health - check policy. +
    + Adding a Private Gateway to a VPC + A private gateway can be added by the root admin only. The VPC private network has + 1:1 relationship with the NIC of the physical network. You can configure multiple + private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in + the same data center. +
    + Source NAT on Private Gateway + You might want to deploy multiple VPCs with the same super CIDR and guest tier + CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to reach + a enterprise data center through the private gateway. In such cases, a NAT service + need to be configured on the private gateway. If Source NAT is enabled, the guest VMs + in VPC reaches the enterprise network via private gateway IP address by using the NAT + service. + The Source NAT service on a private gateway can be enabled while adding the + private gateway. On deletion of a private gateway, source NAT rules specific to the + private gateway are deleted. +
    +
    + VPN Gateways + Support up to 8 VPN Gateways is added. +
    +
    + Creating a Static Route + &PRODUCT; enables you to specify routing for the VPN connection you create. You + can enter one or CIDR addresses to indicate which traffic is to be routed back to the + gateway. +
    +
    + Blacklisting Routes + &PRODUCT; enables you to block a list of routes so that they are not assigned to + any of the VPC private gateways. Specify the list of routes that you want to blacklist + in the blacklisted.routes global parameter. Note that the parameter + update affects only new static route creations. If you block an existing static route, + it remains intact and continue functioning. You cannot add a static route if the route + is blacklisted for the zone. +
    -
    - Host and Virtual Machine Enhancements - The following new features expand the ways you can use hosts and virtual - machines. -
    - VMware DRS Support - The VMware vSphere Distributed Resources Scheduler (DRS) is supported. -
    -
    - Windows 8 and Windows Server 2012 as VM Guest OS - (Supported on XenServer, VMware, and KVM) - Windows 8 and Windows Server 2012 can now be used as OS types on guest virtual - machines. The OS would be made available the same as any other, by uploading an ISO or a - template. The instructions for uploading ISOs and templates are given in the - Administrator's Guide. - - Limitation: When used with VMware hosts, this - feature works only for the following versions: vSphere ESXi 5.1 and ESXi 5.0 Patch - 4. - - -
    -
    - Change Account Ownership of Virtual Machines - A root administrator can now change the ownership of any virtual machine from one - account to any other account. A domain or sub-domain administrator can do the same for - VMs within the domain from one account to any other account in the domain. -
    -
    - Private Pod, Cluster, or Host - Dedicating pod, cluster or host to a specific domain/account means that the - domain/account will have sole access to the dedicated pod, cluster or hosts such that - scalability, security and manageability within a domain/account can be improved. The - resources which belong to that tenant will be placed into that dedicated pod, cluster or - host. -
    -
    - Resizing Volumes - &PRODUCT; provides the ability to resize data disks; &PRODUCT; controls volume size - by using disk offerings. This provides &PRODUCT; administrators with the flexibility to - choose how much space they want to make available to the end users. Volumes within the - disk offerings with the same storage tag can be resized. For example, if you only want - to offer 10, 50, and 100 GB offerings, the allowed resize should stay within those - limits. That implies if you define a 10 GB, a 50 GB and a 100 GB disk offerings, a user - can upgrade from 10 GB to 50 GB, or 50 GB to 100 GB. If you create a custom-sized disk - offering, then you have the option to resize the volume by specifying a new, larger - size. Additionally, using the resizeVolume API, a data volume can be moved from a static - disk offering to a custom disk offering with the size specified. This functionality - allows those who might be billing by certain volume sizes or disk offerings to stick to - that model, while providing the flexibility to migrate to whatever custom size - necessary. This feature is supported on KVM, XenServer, and VMware hosts. However, - shrinking volumes is not supported on VMware hosts -
    -
    - VMware Volume Snapshot Improved Performance - When you take a snapshot of a data volume on VMware, &PRODUCT; will now use a more - efficient storage technique to improve performance. - Previously, every snapshot was immediately exported from vCenter to a mounted NFS - share and packaged into an OVA file format. This operation consumed time and resources. - Starting from 4.2, the original file formats (e.g., VMDK) provided by vCenter will be - retained. An OVA file will only be created as needed, on demand. - The new process applies only to newly created snapshots after upgrade to &PRODUCT; - 4.2. Snapshots that have already been taken and stored in OVA format will continue to - exist in that format, and will continue to work as expected. -
    -
    - Storage Migration: XenMotion and vMotion - (Supported on XenServer and VMware) - Storage migration allows VMs to be moved from one host to another, where the VMs are - not located on storage shared between the two hosts. It provides the option to live - migrate a VM’s disks along with the VM itself. It is now possible to migrate a VM from - one XenServer resource pool / VMware cluster to another, or to migrate a VM whose disks - are on local storage, or even to migrate a VM’s disks from one storage repository to - another, all while the VM is running. -
    -
    - Configuring Usage of Linked Clones on VMware - (For ESX hypervisor in conjunction with vCenter) - In &PRODUCT; 4.2, the creation of VMs as full clones is allowed. In previous - versions, only linked clones were possible. - For a full description of clone types, refer to VMware documentation. In summary: A - full clone is a copy of an existing virtual machine which, once created, does not depend - in any way on the original virtual machine. A linked clone is also a copy of an existing - virtual machine, but it has ongoing dependency on the original. A linked clone shares - the virtual disk of the original VM, and retains access to all files that were present - at the time the clone was created. - A new global configuration setting has been added, vmware.create.full.clone. When - the administrator sets this to true, end users can create guest VMs only as full clones. - The default value is true for new installations. For customers upgrading from a previous - version of &PRODUCT;, the default value of vmware.create.full.clone is false. -
    -
    - VM Deployment Rules - Rules can be set up to ensure that particular VMs are not placed on the same - physical host. These "anti-affinity rules" can increase the reliability of applications - by ensuring that the failure of a single host can not take down the entire group of VMs - supporting a given application. See Affinity Groups in the &PRODUCT; 4.2 Administration - Guide. -
    -
    - CPU and Memory Scaling for Running VMs - (Supported on VMware and XenServer) - You can now change the CPU and RAM values for a running virtual machine. In previous - versions of &PRODUCT;, this could only be done on a stopped VM. - It is not always possible to accurately predict the CPU and RAM requirements when - you first deploy a VM. You might need to increase or decrease these resources at any - time during the life of a VM. With the new ability to dynamically modify CPU and RAM - levels, you can change these resources for a running VM without incurring any - downtime. - Dynamic CPU and RAM scaling can be used in the following cases: - - - New VMs that are created after the installation of &PRODUCT; 4.2. If you are - upgrading from a previous version of &PRODUCT;, your existing VMs created with - previous versions will not have the dynamic scaling capability. - - - User VMs on hosts running VMware and XenServer. - - - System VMs on VMware. - - - VM Tools or XenServer Tools must be installed on the virtual machine. - - - The new requested CPU and RAM values must be within the constraints allowed by - the hypervisor and the VM operating system. - - - To configure this feature, use the following new global configuration - variables: - - - enable.dynamic.scale.vm: Set to True to enable the feature. By default, the - feature is turned off. - - - scale.retry: How many times to attempt the scaling operation. Default = - 2. - - -
    -
    - CPU and Memory Over-Provisioning - (Supported for XenServer, KVM, and VMware) - In &PRODUCT; 4.2, CPU and memory (RAM) over-provisioning factors can be set for each - cluster to change the number of VMs that can run on each host in the cluster. This helps - optimize the use of resources. By increasing the over-provisioning ratio, more resource - capacity will be used. If the ratio is set to 1, no over-provisioning is done. - In previous releases, &PRODUCT; did not perform memory over-provisioning. It - performed CPU over-provisioning based on a ratio configured by the administrator in the - global configuration setting cpu.overprovisioning.factor. Starting in 4.2, the - administrator can specify a memory over-provisioning ratio, and can specify both CPU and - memory over-provisioning ratios on a per-cluster basis, rather than only on a global - basis. - In any given cloud, the optimum number of VMs for each host is affected by such - things as the hypervisor, storage, and hardware configuration. These may be different - for each cluster in the same cloud. A single global over-provisioning setting could not - provide the best utilization for all the different clusters in the cloud. It had to be - set for the lowest common denominator. The new per-cluster setting provides a finer - granularity for better utilization of resources, no matter where the &PRODUCT; placement - algorithm decides to place a VM. -
    -
    - Kickstart Installation for Bare Metal Provisioning - &PRODUCT; 4.2 supports the kick start installation method for RPM-based Linux - operating systems on baremetal hosts in basic zones. Users can provision a baremetal - host managed by &PRODUCT; as long as they have the kick start file and corresponding OS - installation ISO ready. - Tested on CentOS 5.5, CentOS 6.2, CentOS 6.3, Ubuntu 12.04. - For more information, see the Baremetal Installation Guide. -
    -
    - Enhanced Bare Metal Support on Cisco UCS - You can now more easily provision new Cisco UCS server blades into &PRODUCT; for use - as bare metal hosts. The goal is to enable easy expansion of the cloud by leveraging the - programmability of the UCS converged infrastructure and &PRODUCT;’s knowledge of the - cloud architecture and ability to orchestrate. With this new feature, &PRODUCT; can - automatically understand the UCS environment, server profiles, etc. to make it easy to - deploy a bare metal OS on a Cisco UCS. -
    -
    - Changing a VM's Base Image - Every VM is created from a base image, which is a template or ISO which has been - created and stored in &PRODUCT;. Both cloud administrators and end users can create and - modify templates, ISOs, and VMs. - In &PRODUCT; 4.2, there is a new way to modify an existing VM. You can change an - existing VM from one base image to another. For example, suppose there is a template - based on a particular operating system, and the OS vendor releases a software patch. The - administrator or user naturally wants to apply the patch and then make sure existing VMs - start using it. Whether a software update is involved or not, it's also possible to - simply switch a VM from its current template to any other desired template. -
    -
    - Reset VM on Reboot - In &PRODUCT; 4.2, you can specify that you want to discard the root disk and create - a new one whenever a given VM is rebooted. This is useful for secure environments that - need a fresh start on every boot and for desktops that should not retain state. The IP - address of the VM will not change due to this operation. -
    -
    - Virtual Machine Snapshots for VMware - (VMware hosts only) In addition to the existing &PRODUCT; ability to snapshot - individual VM volumes, you can now take a VM snapshot to preserve all the VM's data - volumes as well as (optionally) its CPU/memory state. This is useful for quick restore - of a VM. For example, you can snapshot a VM, then make changes such as software - upgrades. If anything goes wrong, simply restore the VM to its previous state using the - previously saved VM snapshot. - The snapshot is created using the VMware native snapshot facility. The VM snapshot - includes not only the data volumes, but optionally also whether the VM is running or - turned off (CPU state) and the memory contents. The snapshot is stored in &PRODUCT;'s - primary storage. - VM snapshots can have a parent/child relationship. Each successive snapshot of the - same VM is the child of the snapshot that came before it. Each time you take an - additional snapshot of the same VM, it saves only the differences between the current - state of the VM and the state stored in the most recent previous snapshot. The previous - snapshot becomes a parent, and the new snapshot is its child. It is possible to create a - long chain of these parent/child snapshots, which amount to a "redo" record leading from - the current state of the VM back to the original. -
    -
    - Increased Userdata Size When Deploying a VM - You can now specify up to 32KB of userdata when deploying a virtual machine through - the &PRODUCT; UI or the deployVirtualMachine API call. -
    -
    - Set VMware Cluster Size Limit Depending on VMware Version - The maximum number of hosts in a vSphere cluster is determined by the VMware - hypervisor software. For VMware versions 4.2, 4.1, 5.0, and 5.1, the limit is 32 - hosts. - For &PRODUCT; 4.2, the global configuration setting vmware.percluster.host.max has - been removed. The maximum number of hosts in a VMware cluster is now determined by the - underlying hypervisor software. - - Best Practice: It is advisable for VMware clusters in &PRODUCT; to be smaller than - the VMware hypervisor's maximum size. A cluster size of up to 8 hosts has been found - optimal for most real-world situations. - -
    -
    - Limiting Resource Usage - Previously in &PRODUCT;, resource usage limit was imposed based on the resource - count, that is, restrict a user or domain on the basis of the number of VMs, volumes, or - snapshots used. In &PRODUCT; 4.2, a new set of resource types has been added to the - existing pool of resources (VMs, Volumes, and Snapshots) to support the customization - model—need-basis usage, such as large VM or small VM. The new resource types are - now broadly classified as CPU, RAM, Primary storage, and Secondary storage. &PRODUCT; - 4.2 allows the root administrator to impose resource usage limit by the following - resource types for Domain, Project and Accounts. - - - CPUs - - - Memory (RAM) - - - Primary Storage (Volumes) - - - Secondary Storage (Snapshots, Templates, ISOs) - - -
    +
    + Assigning VLANs to Isolated Networks + &PRODUCT; provides you the ability to control VLAN assignment to Isolated networks. + You can assign a VLAN ID when a network is created, just the way it's done for Shared + networks. + The former behaviour also is supported — VLAN is randomly allocated to a network + from the VNET range of the physical network when the network turns to Implemented state. + The VLAN is released back to the VNET pool when the network shuts down as a part of the + Network Garbage Collection. The VLAN can be re-used either by the same network when it is + implemented again, or by any other network. On each subsequent implementation of a + network, a new VLAN can be assigned. + + You cannot change a VLAN once it's assigned to the network. The VLAN remains with + the network for its entire life cycle. +
    -
    - Monitoring, Maintenance, and Operations Enhancements - -
    - Publish and Subscribe for Event Notification - An event is essentially a significant or meaningful change in the state of both - virtual and physical resources associated with a cloud environment. In &PRODUCT; an - event could be a state change of virtual or psychical resources, an action performed by - an user (action events), or policy based events (alerts). In &PRODUCT; 4.2, a new event - notification framework has been added. This framework provides a means for the - Management Server components to publish and subscribe to &PRODUCT; events. Event - notification is achieved by implementing the concept of event bus abstraction in the - Management Server. - A new event for state change, resource state change, is introduced as part of Event - notification framework. Every resource, such as user VM, volume, NIC, network, public - IP, snapshot, and template, is associated with a state machine and generates events as - part of the state change. That implies that a change in the state of a resource results - in a state change event, and the event is published in the corresponding state machine - on the event bus. All the &PRODUCT; events (alerts, action events, usage events) and the - additional category of resource state change events, are published on to the events - bus. -
    -
    - Deleting and Archiving Events and Alerts - In addition to viewing a list of events and alerts in the UI, the administrator can - now delete and archive them. In order to support deleting and archiving alerts, the - following global parameters have been added: - - - alert.purge.delay: The alerts older than - specified number of days are purged. Set the value to 0 to never purge alerts - automatically. - - - alert.purge.interval: The interval in seconds - to wait before running the alert purge thread. The default is 86400 seconds (one - day). - - - - Archived alerts or events cannot be viewed in the UI, or by using the API. They - are maintained in the database for auditing or compliance purposes. - -
    -
    - Increased Granularity for Configuration Parameters - Some configuration parameters which were previously available only at the global - level of the cloud can now be set for smaller components of the cloud, such as at the - zone level. To set these parameters, look for the new Settings tab in the UI. You will - find it on the detail page for an account, cluster, zone, or primary storage. - The account level parameters are: remote.access.vpn.client.iprange, - allow.public.user.templates, use.system.public.ips, and - use.system.guest.vlans - The cluster level parameters are - cluster.storage.allocated.capacity.notificationthreshold, - cluster.storage.capacity.notificationthreshold, - cluster.cpu.allocated.capacity.notificationthreshold, - cluster.memory.allocated.capacity.notificationthreshold, - cluster.cpu.allocated.capacity.disablethreshold, - cluster.memory.allocated.capacity.disablethreshold, - cpu.overprovisioning.factor, mem.overprovisioning.factor, - vmware.reserve.cpu, and vmware.reserve.mem. - The zone level parameters are - pool.storage.allocated.capacity.disablethreshold, - pool.storage.capacity.disablethreshold, - storage.overprovisioning.factor, network.throttling.rate, - guest.domain.suffix, router.template.xen, - router.template.kvm, router.template.vmware, - router.template.hyperv, router.template.lxc, - enable.dynamic.scale.vm, use.external.dns, and - blacklisted.routes. -
    -
    - API Request Throttling - In &PRODUCT; 4.2, you can limit the rate at which API requests can be placed for - each account. This is useful to avoid malicious attacks on the Management Server, - prevent performance degradation, and provide fairness to all accounts. - If the number of API calls exceeds the threshold, an error message is returned for - any additional API calls. The caller will have to retry these API calls at another - time. - To control the API request throttling, use the following new global configuration - settings: - - - api.throttling.enabled - Enable/Disable API throttling. By default, this setting - is false, so API throttling is not enabled. - - - api.throttling.interval (in seconds) - Time interval during which the number of - API requests is to be counted. When the interval has passed, the API count is reset - to 0. - - - api.throttling.max - Maximum number of APIs that can be placed within the - api.throttling.interval period. - - - api.throttling.cachesize - Cache size for storing API counters. Use a value - higher than the total number of accounts managed by the cloud. One cache entry is - needed for each account, to store the running API total for that account within the - current time window. - - -
    -
    - Sending Alerts to External SNMP and Syslog Managers - In addition to showing administrator alerts on the Dashboard in the &PRODUCT; UI and - sending them in email, &PRODUCT; now can also send the same alerts to external SNMP or - Syslog management software. This is useful if you prefer to use an SNMP or Syslog - manager to monitor your cloud. - The supported protocol is SNMP version 2. -
    -
    - Changing the Default Password Encryption - Passwords are encoded when creating or updating users. The new default preferred - encoder, replacing MD5, is SHA256. It is more secure than MD5 hashing. If you take no - action to customize password encryption and authentication, SHA256 Salt will be - used. - If you prefer a different authentication mechanism, &PRODUCT; 4.2 provides a way for - you to determine the default encoding and authentication mechanism for admin and user - logins. Two new configurable lists have been introduced: userPasswordEncoders and - userAuthenticators. userPasswordEncoders allow you to configure the order of preference - for encoding passwords, and userAuthenticator allows you to configure the order in which - authentication schemes are invoked to validate user passwords. - The plain text user authenticator has been modified not to convert supplied - passwords to their md5 sums before checking them with the database entries. It performs - a simple string comparison between retrieved and supplied login passwords instead of - comparing the retrieved md5 hash of the stored password against the supplied md5 hash of - the password, because clients no longer hash the password. -
    -
    - Log Collection Utility cloud-bugtool - &PRODUCT; provides a command-line utility called cloud-bugtool to make it easier to - collect the logs and other diagnostic data required for troubleshooting. This is - especially useful when interacting with Citrix Technical Support. - You can use cloud-bugtool to collect the following: - - - Basic system and environment information and network configuration including IP - addresses, routing, and name resolver settings - - - Information about running processes - - - Management Server logs - - - System logs in /var/log/ - - - Dump of the cloud database - - - - cloud-bugtool collects information which might be considered sensitive and - confidential. Using the --nodb option to avoid the cloud database can - reduce this concern, though it is not guaranteed to exclude all sensitive data. - - -
    -
    - Snaphotting, Backups, Cloning and System VMs for RBD Primary Storage - - These new RBD features require at least librbd 0.61.7 (Cuttlefish) and libvirt - 0.9.14 on the KVM hypervisors. - - This release of &PRODUCT; will leverage the features of RBD format 2. This allows - snapshotting and backing up those snapshots. - Backups of snapshots to Secondary Storage are full copies of the RBD snapshot, they - are not RBD diffs. This because when restoring a backup of a snapshot it is not - mandatory that this backup is deployed on RBD again, it could also be a NFS Primary - Storage. - Another key feature of RBD format 2 is cloning. With this release templates will be - copied to Primary Storage once and by using the cloning mechanism new disks will be - cloned from this parent template. This saves space and decreases deployment time for - instances dramatically. - Before this release, a NFS Primary Storage was still required for running the System - VMs from. The reason was a so called 'patch disk' that was generated by the hypervisor - which contained metadata for the System VM. The scripts generating this disk didn't - support RBD and thus System VMs had to be deployed from NFS. With 4.2 instead of the - patch disk a VirtIO serial console is used to pass meta information to System VMs. This - enabled the deployment of System VMs on RBD Primary Storage. -
    +
    + Persistent Networks + &PRODUCT; 4.2 supports Persistent Networks. The network that you can provision without + having to deploy any VMs on it is called a Persistent Network. A Persistent Network can be + part of a VPC or a non-VPC environment. With the addition of this feature, you will have + the ability to create a network in &PRODUCT; in which physical devices can be deployed + without having to run any VMs. Additionally, you can deploy physical devices on that + network. Another advantages is that you can create a VPC with a tier that consists only + physical devices. For example, you might create a VPC for a three-tier application, deploy + VMs for Web and Application tier, and use physical machines for the Database tier. Another + use case is that if you are providing services by using physical hardware, you can define + the network as persistent and therefore even if all its VMs are destroyed the services + will not be discontinued. +
    +
    + Cisco VNMC Support + Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and + policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with + ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: + + + Configure Cisco ASA 1000v Firewalls + + + Create and apply security profiles that contain ACL policy sets for both ingress + and egress traffic, and NAT policy sets + + + &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware + hypervisors. +
    +
    + VMware vNetwork Distributed vSwitch + &PRODUCT; supports VMware vSphere Distributed Switch (VDS) for virtual network + configuration in a VMware vSphere environment. Each vCenter server instance can support up + to 128 VDSs and each VDS can manage up to 500 VMware hosts. &PRODUCT; supports configuring + virtual networks in a deployment with a mix of Virtual Distributed Switch, Standard + Virtual Switch and Nexus 1000v Virtual Switch. +
    +
    + IP Reservation in Isolated Guest Networks + In Isolated guest networks in &PRODUCT; 4.2, a part of the guest IP address space can + be reserved for non-&PRODUCT; VMs or physical servers. To do so, you configure a range of + Reserved IP addresses by specifying the CIDR when a guest network is in Implemented state. + The advantage of having this feature is that if your customers wish to have non-&PRODUCT; + controlled VMs or physical servers on the same network, they can use a part of the IP + address space that is primarily provided to the guest network. When IP reservation is + configured, the administrator can add additional VMs or physical servers that are not part + of &PRODUCT; to the same network and assign them the Reserved IP addresses. &PRODUCT; + guest VMs cannot acquire IPs from the Reserved IP Range. +
    +
    + Dedicated Resources: Public IP Addresses and VLANs Per Account + &PRODUCT; provides you the ability to reserve a set of public IP addresses and VLANs + exclusively for an account. During zone creation, you can continue to define a set of + VLANs and multiple public IP ranges. This feature extends the functionality to enable you + to dedicate a fixed set of VLANs and guest IP addresses for a tenant. + This feature provides you the following capabilities: + + + Reserve a VLAN range and public IP address range from an Advanced zone and assign + it to an account + + + Disassociate a VLAN and public IP address range from an account + + + + Ensure that you check whether the required range is available and conforms to + account limits. The maximum IPs per account limit cannot be superseded. + +
    +
    + Enhanced Juniper SRX Support for Egress Firewall Rules + Egress firewall rules were previously supported on virtual routers, and now they are + also supported on Juniper SRX external networking devices. + Egress traffic originates from a private network to a public network, such as the + Internet. By default, the egress traffic is blocked, so no outgoing traffic is allowed + from a guest network to the Internet. However, you can control the egress traffic in an + Advanced zone by creating egress firewall rules. When an egress firewall rule is applied, + the traffic specific to the rule is allowed and the remaining traffic is blocked. When all + the firewall rules are removed the default policy, Block, is applied. + + Egress firewall rules are not supported on Shared networks. They are supported only + on Isolated guest networks. + +
    +
    + Configuring the Default Egress Policy + The default egress policy for Isolated guest network can be configured by using + Network offering. Use the create network offering option to determine whether the default + policy should be block or allow all the traffic to the public network from a guest + network. Use this network offering to create the network. If no policy is specified, by + default all the traffic is allowed from the guest network that you create by using this + network offering. + You have two options: Allow and Deny. + If you select Allow for a network offering, by default egress traffic is allowed. + However, when an egress rule is configured for a guest network, rules are applied to block + the specified traffic and rest are allowed. If no egress rules are configured for the + network, egress traffic is accepted. If you select Deny for a network offering, by default + egress traffic for the guest network is blocked. However, when an egress rules is + configured for a guest network, rules are applied to allow the specified traffic. While + implementing a guest network, &PRODUCT; adds the firewall egress rule specific to the + default egress policy for the guest network. + This feature is supported only on virtual router and Juniper SRX. +
    +
    + Non-Contiguous VLAN Ranges + &PRODUCT; provides you with the flexibility to add non contiguous VLAN ranges to your + network. The administrator can either update an existing VLAN range or add multiple non + contiguous VLAN ranges while creating a zone. You can also use the UpdatephysicalNetwork + API to extend the VLAN range. +
    +
    + Isolation in Advanced Zone Using Private VLAN + Isolation of guest traffic in shared networks can be achieved by using Private VLANs + (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a + PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach + the DHCP server and gateway, this would in turn allow users to control traffic within a + network and help them deploy multiple applications without communication between + application as well as prevent communication with other users’ VMs. + + + Isolate VMs in a shared networks by using Private VLANs. + + + Supported on KVM, XenServer, and VMware hypervisors. + + + PVLAN-enabled shared network can be a part of multiple networks of a guest VM. + + + + For further reading: + + + Understanding Private VLANs + + + Cisco Systems' Private VLANs: + Scalable Security in a Multi-Client Environment + + + Private VLAN (PVLAN) on vNetwork Distributed + Switch - Concept Overview (1010691) + + +
    +
    + Configuring Multiple IP Addresses on a Single NIC + (Supported on XenServer, KVM, and VMware hypervisors) + &PRODUCT; now provides you the ability to associate multiple private IP addresses per + guest VM NIC. This feature is supported on all the network configurations—Basic, + Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported + on these additional IPs. In addition to the primary IP, you can assign additional IPs to + the guest VM NIC. Up to 256 IP addresses are allowed per NIC. + As always, you can specify an IP from the guest subnet; if not specified, an IP is + automatically picked up from the guest VM subnet. You can view the IPs associated with for + each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by using + firewall configuration in the &PRODUCT; UI. You must specify the NIC to which the IP + should be associated. +
    +
    + Adding Multiple IP Ranges + (Supported on KVM, xenServer, and VMware hypervisors) + &PRODUCT; 4.2 provides you with the flexibility to add guest IP ranges from different + subnets in Basic zones and security groups-enabled Advanced zones. For security + groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. + With the addition of this feature, you will be able to add IP address ranges from the same + subnet or from a different one when IP address are exhausted. This would in turn allows + you to employ higher number of subnets and thus reduce the address management + overhead. + Ensure that you manually configure the gateway of the new subnet before adding the IP + range. Note that &PRODUCT; supports only one gateway for a subnet; overlapping subnets are + not currently supported. + You can also delete IP ranges. This operation fails if an IP from the remove range is + in use. If the remove range contains the IP address on which the DHCP server is running, + &PRODUCT; acquires a new IP from the same subnet. If no IP is available in the subnet, the + remove operation fails. + + The feature can only be implemented on IPv4 addresses. + +
    +
    + Support for Multiple Networks in VMs + (Supported on XenServer, VMware and KVM hypervisors) + &PRODUCT; 4.2 provides you the ability to add and remove multiple networks to a VM. + You can remove a network from a VM and add a new network. You can also change the default + network of a VM. With this functionality, hybrid or traditional server loads can be + accommodated with ease. + For adding or removing a NIC to work on VMware, ensure that vm-tools are running on + guest VMs. +
    +
    + Global Server Load Balancing + &PRODUCT; 4.2 supports Global Server Load Balancing (GSLB) functionalities to provide + business continuity by load balancing traffic to an instance on active zones only in case + of zone failures . &PRODUCT; achieve this by extending its functionality of integrating + with NetScaler Application Delivery Controller (ADC), which also provides various GSLB + capabilities, such as disaster recovery and load balancing. The DNS redirection technique + is used to achieve GSLB in &PRODUCT;. In order to support this functionality, region level + services and service provider are introduced. A new service 'GSLB' is introduced as a + region level service. The GSLB service provider is introduced that will provider the GSLB + service. Currently, NetScaler is the supported GSLB provider in &PRODUCT;. GSLB + functionality works in an Active-Active data center environment. +
    +
    + Enhanced Load Balancing Services Using External Provider on Shared VLANs + Network services like Firewall, Load Balancing, and NAT are now supported in shared + networks created in an advanced zone. In effect, the following network services shall be + made available to a VM in a shared network: Source NAT, Static NAT, Port Forwarding, + Firewall and Load balancing. Subset of these service can be chosen while creating a + network offering for shared networks. Services available in a shared network is defined by + the network offering and the service chosen in the network offering. For example, if + network offering for a shared network has source NAT service enabled, a public IP shall be + provisioned and source NAT is configured on the firewall device to provide public access + to the VMs on the shared network. Static NAT, Port Forwarding, Load Balancing, and + Firewall services shall be available only on the acquired public IPs associated with a + shared network. + Additionally, Netscaler and Juniper SRX firewall device can be configured inline or + side-by-side mode. +
    +
    + Health Checks for Load Balanced Instances + + This feature is supported only on NetScaler version 10.0 and beyond. + + (NetScaler load balancer only) A load balancer rule distributes requests among a pool + of services (a service in this context means an application running on a virtual machine). + When creating a load balancer rule, you can specify a health check which will ensure that + the rule forwards requests only to services that are healthy (running and available). When + a health check is in effect, the load balancer will stop forwarding requests to any + resources that it has found to be unhealthy. If the resource later becomes available + again, the periodic health check (periodicity is configurable) will discover it and the + resource will once again be made available to the load balancer. + To configure how often the health check is performed by default, use the global + configuration setting healthcheck.update.interval. This default applies to all the health + check policies in the cloud. You can override this value for an individual health check + policy. +
    +
    +
    + Host and Virtual Machine Enhancements + The following new features expand the ways you can use hosts and virtual + machines. +
    + VMware DRS Support + The VMware vSphere Distributed Resources Scheduler (DRS) is supported. +
    +
    + Windows 8 and Windows Server 2012 as VM Guest OS + (Supported on XenServer, VMware, and KVM) + Windows 8 and Windows Server 2012 can now be used as OS types on guest virtual + machines. The OS would be made available the same as any other, by uploading an ISO or a + template. The instructions for uploading ISOs and templates are given in the + Administrator's Guide. + + Limitation: When used with VMware hosts, this + feature works only for the following versions: vSphere ESXi 5.1 and ESXi 5.0 Patch + 4. + + +
    +
    + Change Account Ownership of Virtual Machines + A root administrator can now change the ownership of any virtual machine from one + account to any other account. A domain or sub-domain administrator can do the same for VMs + within the domain from one account to any other account in the domain. +
    +
    + Private Pod, Cluster, or Host + Dedicating pod, cluster or host to a specific domain/account means that the + domain/account will have sole access to the dedicated pod, cluster or hosts such that + scalability, security and manageability within a domain/account can be improved. The + resources which belong to that tenant will be placed into that dedicated pod, cluster or + host. +
    +
    + Resizing Volumes + &PRODUCT; provides the ability to resize data disks; &PRODUCT; controls volume size by + using disk offerings. This provides &PRODUCT; administrators with the flexibility to + choose how much space they want to make available to the end users. Volumes within the + disk offerings with the same storage tag can be resized. For example, if you only want to + offer 10, 50, and 100 GB offerings, the allowed resize should stay within those limits. + That implies if you define a 10 GB, a 50 GB and a 100 GB disk offerings, a user can + upgrade from 10 GB to 50 GB, or 50 GB to 100 GB. If you create a custom-sized disk + offering, then you have the option to resize the volume by specifying a new, larger size. + Additionally, using the resizeVolume API, a data volume can be moved from a static disk + offering to a custom disk offering with the size specified. This functionality allows + those who might be billing by certain volume sizes or disk offerings to stick to that + model, while providing the flexibility to migrate to whatever custom size necessary. This + feature is supported on KVM, XenServer, and VMware hosts. However, shrinking volumes is + not supported on VMware hosts +
    +
    + VMware Volume Snapshot Improved Performance + When you take a snapshot of a data volume on VMware, &PRODUCT; will now use a more + efficient storage technique to improve performance. + Previously, every snapshot was immediately exported from vCenter to a mounted NFS + share and packaged into an OVA file format. This operation consumed time and resources. + Starting from 4.2, the original file formats (e.g., VMDK) provided by vCenter will be + retained. An OVA file will only be created as needed, on demand. + The new process applies only to newly created snapshots after upgrade to &PRODUCT; + 4.2. Snapshots that have already been taken and stored in OVA format will continue to + exist in that format, and will continue to work as expected. +
    +
    + Storage Migration: XenMotion and vMotion + (Supported on XenServer and VMware) + Storage migration allows VMs to be moved from one host to another, where the VMs are + not located on storage shared between the two hosts. It provides the option to live + migrate a VM’s disks along with the VM itself. It is now possible to migrate a VM from one + XenServer resource pool / VMware cluster to another, or to migrate a VM whose disks are on + local storage, or even to migrate a VM’s disks from one storage repository to another, all + while the VM is running. +
    +
    + Configuring Usage of Linked Clones on VMware + (For ESX hypervisor in conjunction with vCenter) + In &PRODUCT; 4.2, the creation of VMs as full clones is allowed. In previous versions, + only linked clones were possible. + For a full description of clone types, refer to VMware documentation. In summary: A + full clone is a copy of an existing virtual machine which, once created, does not depend + in any way on the original virtual machine. A linked clone is also a copy of an existing + virtual machine, but it has ongoing dependency on the original. A linked clone shares the + virtual disk of the original VM, and retains access to all files that were present at the + time the clone was created. + A new global configuration setting has been added, vmware.create.full.clone. When the + administrator sets this to true, end users can create guest VMs only as full clones. The + default value is true for new installations. For customers upgrading from a previous + version of &PRODUCT;, the default value of vmware.create.full.clone is false. +
    +
    + VM Deployment Rules + Rules can be set up to ensure that particular VMs are not placed on the same physical + host. These "anti-affinity rules" can increase the reliability of applications by ensuring + that the failure of a single host can not take down the entire group of VMs supporting a + given application. See Affinity Groups in the &PRODUCT; 4.2 Administration Guide. +
    +
    + CPU and Memory Scaling for Running VMs + (Supported on VMware and XenServer) + You can now change the CPU and RAM values for a running virtual machine. In previous + versions of &PRODUCT;, this could only be done on a stopped VM. + It is not always possible to accurately predict the CPU and RAM requirements when you + first deploy a VM. You might need to increase or decrease these resources at any time + during the life of a VM. With the new ability to dynamically modify CPU and RAM levels, + you can change these resources for a running VM without incurring any downtime. + Dynamic CPU and RAM scaling can be used in the following cases: + + + New VMs that are created after the installation of &PRODUCT; 4.2. If you are + upgrading from a previous version of &PRODUCT;, your existing VMs created with + previous versions will not have the dynamic scaling capability. + + + User VMs on hosts running VMware and XenServer. + + + System VMs on VMware. + + + VM Tools or XenServer Tools must be installed on the virtual machine. + + + The new requested CPU and RAM values must be within the constraints allowed by the + hypervisor and the VM operating system. + + + To configure this feature, use the following new global configuration + variables: + + + enable.dynamic.scale.vm: Set to True to enable the feature. By default, the + feature is turned off. + + + scale.retry: How many times to attempt the scaling operation. Default = 2. + + +
    +
    + CPU and Memory Over-Provisioning + (Supported for XenServer, KVM, and VMware) + In &PRODUCT; 4.2, CPU and memory (RAM) over-provisioning factors can be set for each + cluster to change the number of VMs that can run on each host in the cluster. This helps + optimize the use of resources. By increasing the over-provisioning ratio, more resource + capacity will be used. If the ratio is set to 1, no over-provisioning is done. + In previous releases, &PRODUCT; did not perform memory over-provisioning. It performed + CPU over-provisioning based on a ratio configured by the administrator in the global + configuration setting cpu.overprovisioning.factor. Starting in 4.2, the administrator can + specify a memory over-provisioning ratio, and can specify both CPU and memory + over-provisioning ratios on a per-cluster basis, rather than only on a global + basis. + In any given cloud, the optimum number of VMs for each host is affected by such things + as the hypervisor, storage, and hardware configuration. These may be different for each + cluster in the same cloud. A single global over-provisioning setting could not provide the + best utilization for all the different clusters in the cloud. It had to be set for the + lowest common denominator. The new per-cluster setting provides a finer granularity for + better utilization of resources, no matter where the &PRODUCT; placement algorithm decides + to place a VM. +
    +
    + Kickstart Installation for Bare Metal Provisioning + &PRODUCT; 4.2 supports the kick start installation method for RPM-based Linux + operating systems on baremetal hosts in basic zones. Users can provision a baremetal host + managed by &PRODUCT; as long as they have the kick start file and corresponding OS + installation ISO ready. + Tested on CentOS 5.5, CentOS 6.2, CentOS 6.3, Ubuntu 12.04. + For more information, see the Baremetal Installation Guide. +
    +
    + Enhanced Bare Metal Support on Cisco UCS + You can now more easily provision new Cisco UCS server blades into &PRODUCT; for use + as bare metal hosts. The goal is to enable easy expansion of the cloud by leveraging the + programmability of the UCS converged infrastructure and &PRODUCT;’s knowledge of the cloud + architecture and ability to orchestrate. With this new feature, &PRODUCT; can + automatically understand the UCS environment, server profiles, etc. to make it easy to + deploy a bare metal OS on a Cisco UCS. +
    +
    + Changing a VM's Base Image + Every VM is created from a base image, which is a template or ISO which has been + created and stored in &PRODUCT;. Both cloud administrators and end users can create and + modify templates, ISOs, and VMs. + In &PRODUCT; 4.2, there is a new way to modify an existing VM. You can change an + existing VM from one base image to another. For example, suppose there is a template based + on a particular operating system, and the OS vendor releases a software patch. The + administrator or user naturally wants to apply the patch and then make sure existing VMs + start using it. Whether a software update is involved or not, it's also possible to simply + switch a VM from its current template to any other desired template. +
    +
    + Reset VM on Reboot + In &PRODUCT; 4.2, you can specify that you want to discard the root disk and create a + new one whenever a given VM is rebooted. This is useful for secure environments that need + a fresh start on every boot and for desktops that should not retain state. The IP address + of the VM will not change due to this operation. +
    +
    + Virtual Machine Snapshots for VMware + (VMware hosts only) In addition to the existing &PRODUCT; ability to snapshot + individual VM volumes, you can now take a VM snapshot to preserve all the VM's data + volumes as well as (optionally) its CPU/memory state. This is useful for quick restore of + a VM. For example, you can snapshot a VM, then make changes such as software upgrades. If + anything goes wrong, simply restore the VM to its previous state using the previously + saved VM snapshot. + The snapshot is created using the VMware native snapshot facility. The VM snapshot + includes not only the data volumes, but optionally also whether the VM is running or + turned off (CPU state) and the memory contents. The snapshot is stored in &PRODUCT;'s + primary storage. + VM snapshots can have a parent/child relationship. Each successive snapshot of the + same VM is the child of the snapshot that came before it. Each time you take an additional + snapshot of the same VM, it saves only the differences between the current state of the VM + and the state stored in the most recent previous snapshot. The previous snapshot becomes a + parent, and the new snapshot is its child. It is possible to create a long chain of these + parent/child snapshots, which amount to a "redo" record leading from the current state of + the VM back to the original. +
    +
    + Increased Userdata Size When Deploying a VM + You can now specify up to 32KB of userdata when deploying a virtual machine through + the &PRODUCT; UI or the deployVirtualMachine API call. +
    +
    + Set VMware Cluster Size Limit Depending on VMware Version + The maximum number of hosts in a vSphere cluster is determined by the VMware + hypervisor software. For VMware versions 4.2, 4.1, 5.0, and 5.1, the limit is 32 + hosts. + For &PRODUCT; 4.2, the global configuration setting vmware.percluster.host.max has + been removed. The maximum number of hosts in a VMware cluster is now determined by the + underlying hypervisor software. + + Best Practice: It is advisable for VMware clusters in &PRODUCT; to be smaller than + the VMware hypervisor's maximum size. A cluster size of up to 8 hosts has been found + optimal for most real-world situations. + +
    +
    + Limiting Resource Usage + Previously in &PRODUCT;, resource usage limit was imposed based on the resource count, + that is, restrict a user or domain on the basis of the number of VMs, volumes, or + snapshots used. In &PRODUCT; 4.2, a new set of resource types has been added to the + existing pool of resources (VMs, Volumes, and Snapshots) to support the customization + model—need-basis usage, such as large VM or small VM. The new resource types are now + broadly classified as CPU, RAM, Primary storage, and Secondary storage. &PRODUCT; 4.2 + allows the root administrator to impose resource usage limit by the following resource + types for Domain, Project and Accounts. + + + CPUs + + + Memory (RAM) + + + Primary Storage (Volumes) + + + Secondary Storage (Snapshots, Templates, ISOs) + + +
    +
    +
    + Monitoring, Maintenance, and Operations Enhancements +
    + Deleting and Archiving Events and Alerts + In addition to viewing a list of events and alerts in the UI, the administrator can + now delete and archive them. In order to support deleting and archiving alerts, the + following global parameters have been added: + + + alert.purge.delay: The alerts older than + specified number of days are purged. Set the value to 0 to never purge alerts + automatically. + + + alert.purge.interval: The interval in seconds to + wait before running the alert purge thread. The default is 86400 seconds (one + day). + + + + Archived alerts or events cannot be viewed in the UI, or by using the API. They are + maintained in the database for auditing or compliance purposes. + +
    +
    + Increased Granularity for Configuration Parameters + Some configuration parameters which were previously available only at the global level + of the cloud can now be set for smaller components of the cloud, such as at the zone + level. To set these parameters, look for the new Settings tab in the UI. You will find it + on the detail page for an account, cluster, zone, or primary storage. + The account level parameters are: remote.access.vpn.client.iprange, + allow.public.user.templates, use.system.public.ips, and + use.system.guest.vlans + The cluster level parameters are + cluster.storage.allocated.capacity.notificationthreshold, + cluster.storage.capacity.notificationthreshold, + cluster.cpu.allocated.capacity.notificationthreshold, + cluster.memory.allocated.capacity.notificationthreshold, + cluster.cpu.allocated.capacity.disablethreshold, + cluster.memory.allocated.capacity.disablethreshold, + cpu.overprovisioning.factor, mem.overprovisioning.factor, + vmware.reserve.cpu, and vmware.reserve.mem. + The zone level parameters are + pool.storage.allocated.capacity.disablethreshold, + pool.storage.capacity.disablethreshold, + storage.overprovisioning.factor, network.throttling.rate, + guest.domain.suffix, router.template.xen, + router.template.kvm, router.template.vmware, + router.template.hyperv, router.template.lxc, + enable.dynamic.scale.vm, use.external.dns, and + blacklisted.routes. +
    +
    + API Request Throttling + In &PRODUCT; 4.2, you can limit the rate at which API requests can be placed for each + account. This is useful to avoid malicious attacks on the Management Server, prevent + performance degradation, and provide fairness to all accounts. + If the number of API calls exceeds the threshold, an error message is returned for any + additional API calls. The caller will have to retry these API calls at another + time. + To control the API request throttling, use the following new global configuration + settings: + + + api.throttling.enabled - Enable/Disable API throttling. By default, this setting + is false, so API throttling is not enabled. + + + api.throttling.interval (in seconds) - Time interval during which the number of + API requests is to be counted. When the interval has passed, the API count is reset to + 0. + + + api.throttling.max - Maximum number of APIs that can be placed within the + api.throttling.interval period. + + + api.throttling.cachesize - Cache size for storing API counters. Use a value higher + than the total number of accounts managed by the cloud. One cache entry is needed for + each account, to store the running API total for that account within the current time + window. + + +
    +
    + Sending Alerts to External SNMP and Syslog Managers + In addition to showing administrator alerts on the Dashboard in the &PRODUCT; UI and + sending them in email, &PRODUCT; now can also send the same alerts to external SNMP or + Syslog management software. This is useful if you prefer to use an SNMP or Syslog manager + to monitor your cloud. + The supported protocol is SNMP version 2. +
    +
    + Changing the Default Password Encryption + Passwords are encoded when creating or updating users. The new default preferred + encoder, replacing MD5, is SHA256. It is more secure than MD5 hashing. If you take no + action to customize password encryption and authentication, SHA256 Salt will be + used. + If you prefer a different authentication mechanism, &PRODUCT; 4.2 provides a way for + you to determine the default encoding and authentication mechanism for admin and user + logins. Two new configurable lists have been introduced: userPasswordEncoders and + userAuthenticators. userPasswordEncoders allow you to configure the order of preference + for encoding passwords, and userAuthenticator allows you to configure the order in which + authentication schemes are invoked to validate user passwords. + The plain text user authenticator has been modified not to convert supplied passwords + to their md5 sums before checking them with the database entries. It performs a simple + string comparison between retrieved and supplied login passwords instead of comparing the + retrieved md5 hash of the stored password against the supplied md5 hash of the password, + because clients no longer hash the password. +
    +
    + Log Collection Utility cloud-bugtool + &PRODUCT; provides a command-line utility called cloud-bugtool to make it easier to + collect the logs and other diagnostic data required for troubleshooting. This is + especially useful when interacting with Citrix Technical Support. + You can use cloud-bugtool to collect the following: + + + Basic system and environment information and network configuration including IP + addresses, routing, and name resolver settings + + + Information about running processes + + + Management Server logs + + + System logs in /var/log/ + + + Dump of the cloud database + + + + cloud-bugtool collects information which might be considered sensitive and + confidential. Using the --nodb option to avoid the cloud database can + reduce this concern, though it is not guaranteed to exclude all sensitive data. + + +
    +
    + Snaphotting, Backups, Cloning and System VMs for RBD Primary Storage + + These new RBD features require at least librbd 0.61.7 (Cuttlefish) and libvirt + 0.9.14 on the KVM hypervisors. + + This release of &PRODUCT; will leverage the features of RBD format 2. This allows + snapshotting and backing up those snapshots. + Backups of snapshots to Secondary Storage are full copies of the RBD snapshot, they + are not RBD diffs. This because when restoring a backup of a snapshot it is not mandatory + that this backup is deployed on RBD again, it could also be a NFS Primary Storage. + Another key feature of RBD format 2 is cloning. With this release templates will be + copied to Primary Storage once and by using the cloning mechanism new disks will be cloned + from this parent template. This saves space and decreases deployment time for instances + dramatically. + Before this release, a NFS Primary Storage was still required for running the System + VMs from. The reason was a so called 'patch disk' that was generated by the hypervisor + which contained metadata for the System VM. The scripts generating this disk didn't + support RBD and thus System VMs had to be deployed from NFS. With 4.2 instead of the patch + disk a VirtIO serial console is used to pass meta information to System VMs. This enabled + the deployment of System VMs on RBD Primary Storage.
    @@ -1066,658 +1024,15 @@ under the License. >Jira to track its issues. All new features and bugs for 4.2.0 have been tracked in Jira, and have a standard naming convention of "CLOUDSTACK-NNNN" where "NNNN" is the issue number. - This section includes a summary of known issues against 4.0.0 that were fixed in 4.2.0. - Approximately 470 bugs were resolved or closed in the 4.2.0 cycle. - - - - - - - - Defect - - - Description - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + For list of issues fixed, see Issues Fixed in + 4.2.
    Known Issues in 4.2.0 - - - - - - - - Issue ID - - - Description - - - - - - CLOUDSTACK-3466 - - VM Migration across VMware clusters which are added with different switches - (Standard Switch,Vmware DVS, Cisco Nexus 1000v) is not supported. - - - - CLOUDSTACK-4207 - - The following exception is observed when the Management Server is started - after the upgrade from any older versions to &PRODUCT; 4.2. - jsonParseException: The JsonDeserializer - com.cloud.agent.transport.ArrayTypeAdaptor@2426e26f failed to deserialize json - object - Ignore this exception, this would stop after you upgrade the System VM. - However, if you want to prevent this, stop system VM from the hypervisor before - upgrade. - - - - CLOUDSTACK-2709 - - Egress rules are not supported on Shared networks. - - - - CLOUDSTACK-1747 - The mvn deploydb command creates only 4.0 database, not 4.2 - database. - Due to tooling changes between 4.0 and 4.2, &PRODUCT; database is created by - using the 4.0 schema and updated to the 4.2 schema when the management server - starts for the first time. Neglect the same schema if the management server has - not started yet. - - - - - CLOUDSTACK-1306 - - - Enhance the error message that is displayed when trying to deploy a VM by - passing the static IPv4 addresses that are assigned to another VM or an IPv4 - address that is outside the IP range. - - - - - CLOUDSTACK-1236 - - - Warning while adding a XenSever 6.1 host. The warning displayed is Unable to - create local link network. - - - - - CLOUDSTACK-969 - - - api: zone response lists vlan in it as "vlan range of zone" but the - vlan belongs to physical network - - - - - CLOUDSTACK-963 - - - [cloud.utils.AnnotationHelper] class java.lang.Stringdoes not have a Table - annotation - - - - - CLOUDSTACK-458 - - - xen:snapshots:Storage gc fail to clean the failed snapshot images from - secondarystorage - - - - - CLOUDSTACK-315 - - - Infrastructure view does not show capacity values - - - - - CLOUDSTACK-300 - - - Creation of compute offering allow combination of local storage + HA - - - - - CLOUDSTACK-276 - - - SSVM ID is exposed in the Error Message thrown by AddTrafficType API - - - - - CLOUDSTACK-270 - - - Ui should not ask for a vlan range if the physical network isolation type is - not VLAN - - - - - CLOUDSTACK-245 - - - VPC ACLs are not stored and programmed consistently - - - - - CLOUDSTACK-231 - - - Tag creation using special charecters - - - - - CLOUDSTACK-124 - - - NetworkGarbageCollector not cleaning up networks - - - - - CLOUDSTACK-62 - - - console proxy does not support any keymaps besides us, jp - - - - CLOUDSTACK-4645 - There is no upgrade path from 4.1.1 to 4.2.0. - - - CLOUDSTACK-4641 - Create volume form snapshot command times out exactly after 1 hour in - case of KVM hosts. - - - CLOUDSTACK-4621 - Changing the management server's Ethernet interface or MAC address leaves - the system in unstable state. - - - CLOUDSTACK-4615 - (Baremetal) Baremetal agent is missing in the installer. - - - CLOUDSTACK-4598 - Long delays during deploying a VM; both network and deployment planner - are delayed. - - - CLOUDSTACK-4596 - The same IP range is allowed to be defined in different VLANs across - public and portable ranges. - - - CLOUDSTACK-4588 - (VMware) VM deployment failed while creating a volume with null pointer - exception. - - - CLOUDSTACK-4578 - (VMware) SSVM is not getting created if one host is down in a - cluster. - - - CLOUDSTACK-4551 - Migrating the data volume from NFS to local storage does not change the - underlying disk offering. - - - CLOUDSTACK-4550 - Migration does not work in the case of bridge naming while upgrading KVM - agents to version 4.2. - - - CLOUDSTACK-4549 - Deploying VMs from template fails if the template is created from a - snapshot. - - - CLOUDSTACK-4540 - (VMware) When deploying 30 parallel VMs , 16 VMs fails to get deployed - due to the following error: "VmDataCommand failed due to Exception: - java.lang.Exception Message: Timed out in waiting SSH execution - result". - - - CLOUDSTACK-4506 - In a mixed hypervisor setup, destroying a VM whose host has been removed, - throws a null pointer exception. The Root volume of that VM also is not deleted - from the primary memory. - - - CLOUDSTACK-4442 - Source NAT not applied when network starts up. - - - CLOUDSTACK-4405 - (KVM) Migration between existing hosts and new hosts - fails. - - - CLOUDSTACK-4402 - No options to delete the primary storage if the last host with which it - was associated is already removed. - - - CLOUDSTACK-4366 - (Ubuntu) Key translation fails for the Japanese keyboard for the Menu key - and Caps Lock buttons. - - - CLOUDSTACK-4351 - Host/Hypervisor System Requirements has misleading or premature note in - the documentation. - - - CLOUDSTACK-4348 - Regression truncation issues occurs when moving the cursor to the "plus" - buttons. - - - CLOUDSTACK-4300 - (KVM) System VMs are not coming up after 2.2.14 to 4.2 - upgrade. - - - CLOUDSTACK-4292 - The destroyedvm API failed with ArrayIndexexception while - expunging. - - - CLOUDSTACK-4247 - (VMWARE) Network read and write statistics always returns - zero. - - - CLOUDSTACK-4224 - Deleting UCS returns unknown API. - - - CLOUDSTACK-4220 - From 3.0.6 to 4.2 upgrade, Add VMWare DataCenter button is provided for - legacy zones. - - - CLOUDSTACK-4201 - The listServiceOfferings API does not take virtualmachineid parameter of - SystemVM to return the Service Offerings available for the VM to change a Service - Offering. - - - CLOUDSTACK-4200 - The listSystemVMs API and listRouters API fail to return hypervisor - property. - - - CLOUDSTACK-4148 - The usage statistics are not triggered for Shared network. - - - CLOUDSTACK-4139 - (VMWARE) Resizing the volumes fails if they are created from - snapshot. - - - CLOUDSTACK-4137 - (KVM): After removing a cluster, manage cluster will not bring KVM hosts - to UP state. Manually restart the cloud-agent on KVM hosts. - - - CLOUDSTACK-4128 - The System VMs start up does not check for existence of staging secondary - storage in a zone. - - - CLOUDSTACK-4099 - Update the systemvm templates in DevCloud2. - - - CLOUDSTACK-4095 - Region ID is displayed within the Database Transaction - code. - - - CLOUDSTACK-4072 - The mysql-connector-java rpm is required while upgrading from 2.2.14 to - 4.2. - - - CLOUDSTACK-4036 - The UI remains in processing state and the queryAsyncJobResult is being - called repeatedly for the scaleSystemVm API. - - - CLOUDSTACK-4016 - The listPublicIpAddresses lists the portable IP that was already - transferred to a different Isolated network. - - - CLOUDSTACK-3968 - Distributed Port groups are not deleted when guest networks are removed. - The user account of this network is removed from &PRODUCT; - - - CLOUDSTACK-3967 - No support for usage statistics collection at the portable IP - level - - - CLOUDSTACK-3953 - The usage statistics are not collected for GSLB rules. - - - CLOUDSTACK-3911 - No check available while adding public range in a zone to see whether the - same VLAN exists in a portable IP range. - - - CLOUDSTACK-3888 - The UI does not return the mode (Strict/Preferred) when listing the - ServiceOffering that uses ImplicitDedicationPlanner. - - - CLOUDSTACK-3808 - Attaching volumes does not work when root is at the zone-level primary - store and data at the cluster level or host level store. - - - CLOUDSTACK-3791 - Download template fails with a null pointer exception. - - - CLOUDSTACK-3788 - The weekly Snapshot is stuck in Allocated State. - - - CLOUDSTACK-3765 - Upgrading CloudPlatform 4.2 build on centos5.5 does not - work. - - - CLOUDSTACK-3737 - Uploaded volume is not getting deleted from secondary storage after - attaching it to a guest VM. - - - CLOUDSTACK-3658 - Several old object storage tables and columns are deprecated as a part of - 4.1 to 4.2 database upgrade. - - - CLOUDSTACK-3627 - Public IP interface (eth2) is not getting configured with Redundant - virtual router. The State is FAULT. - - - CLOUDSTACK-3608 - The guest_os_hypervisor table in the database has repeated mappings of - hypervisor and guest OS. - - - CLOUDSTACK-3583 - Stopping the Management server does not remove the PID. - - - CLOUDSTACK-3565 - Restarting libvirtd service leads to destroying the storage - pool. - - - CLOUDSTACK-3243 - Wrong NFS mount point is given in the documentation. - - - CLOUDSTACK-3138 - Flaws in the documentation for the upgrade from 3.0.2 to - 4.1.0. - - - CLOUDSTACK-2791 - Installation instruction is wrong. - - - CLOUDSTACK-1986 - Key translation fails for the following Japanese keyboard keys: ¥_,\ |, - Muhenkan, Henkan, Hiragana/Katakana, Kanji Key, and Caps Lock. - - - CLOUDSTACK-1775 - Events related to User/Domain/Account are not being generated expect for - the USER-DISABLE,DOMAIN-DELETE and ACCOUNT.DISABLE events. - - - CLOUDSTACK-732 - KVM snapshot is not supported. - - - - + This section includes a summary of known issues that were fixed in 4.2.0. For list of + known issues, see Known + Issues.