From 5317272865488843ec446034db6cf083b9d050d4 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 14 Sep 2023 16:41:32 +0100 Subject: [PATCH 01/10] Bump azimuth-ops version --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 63c4504..23889d6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,7 +3,7 @@ collections: - name: https://github.com/stackhpc/ansible-collection-azimuth-ops.git type: git - version: 23f1573dd6d414e05b786329a0aa95528aa9d511 + version: 8cfc9eee5717cfc80321be398805f860d92a2a44 # For local development # - type: dir # source: ../ansible-collection-azimuth-ops From 8b419b255d66bfb64c57e2ab86244afada0e9abf Mon Sep 17 00:00:00 2001 From: Matt Pryor Date: Fri, 22 Sep 2023 08:27:46 +0100 Subject: [PATCH 02/10] Bump azimuth-ops to pick up Azimuth + Zenith fixes --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 23889d6..7e3af9b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,7 +3,7 @@ collections: - name: https://github.com/stackhpc/ansible-collection-azimuth-ops.git type: git - version: 8cfc9eee5717cfc80321be398805f860d92a2a44 + version: d78d51c5cb1a200b8bdd66b153c5ed9ba76632b3 # For local development # - type: dir # source: ../ansible-collection-azimuth-ops From b4052e511829a49376d4892b32030558a3444a41 Mon Sep 17 00:00:00 2001 From: Matt Pryor Date: Fri, 22 Sep 2023 09:28:50 +0100 Subject: [PATCH 03/10] Bump Zenith to pick up urgent fix --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 7e3af9b..764c542 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,7 +3,7 @@ collections: - name: https://github.com/stackhpc/ansible-collection-azimuth-ops.git type: git - version: d78d51c5cb1a200b8bdd66b153c5ed9ba76632b3 + version: a8a088865bceedb5f35f2c3bb239e31cf07ad491 # For local development # - type: dir # source: ../ansible-collection-azimuth-ops From 54da48db715d5e912c91a5f19d17e11e059ab38f Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 30 Aug 2023 14:24:48 +0000 Subject: [PATCH 04/10] Add ACRC demo env config --- environments/acrc-demo/ansible.cfg | 7 ++++ environments/acrc-demo/clouds.yaml | Bin 0 -> 1026 bytes environments/acrc-demo/env.secret | Bin 0 -> 127 bytes .../inventory/group_vars/all/variables.yml | 39 ++++++++++++++++++ environments/acrc-demo/inventory/hosts | 2 + 5 files changed, 48 insertions(+) create mode 100644 environments/acrc-demo/ansible.cfg create mode 100644 environments/acrc-demo/clouds.yaml create mode 100644 environments/acrc-demo/env.secret create mode 100644 environments/acrc-demo/inventory/group_vars/all/variables.yml create mode 100644 environments/acrc-demo/inventory/hosts diff --git a/environments/acrc-demo/ansible.cfg b/environments/acrc-demo/ansible.cfg new file mode 100644 index 0000000..d6f6cac --- /dev/null +++ b/environments/acrc-demo/ansible.cfg @@ -0,0 +1,7 @@ +[defaults] +inventory = ../base/inventory,../singlenode/inventory,../demo/inventory,./inventory +; inventory = ../base/inventory,../singlenode/inventory,../demo/inventory,../acrc-base/inventory,./inventory +roles_path = ../../.ansible/roles +collections_path = ../../.ansible/collections + +host_key_checking = False diff --git a/environments/acrc-demo/clouds.yaml b/environments/acrc-demo/clouds.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b9f464e663ee017e470b75941ad867eb6b2b433e GIT binary patch literal 1026 zcmV+d1pWH}M@dveQdv+`0BMC%Q-pp+2XpgD4#(eFvCY>M0oXJECaFyUnY?t3KbYa< zaUv-VgqU$6`e-uDvN4`laO*C!8~S7X&*a0Rr^?7Olcoc>w_GCCXs3SS$C+a4qb3^V z4kH@K)-wmAMhhA?sdh{c?;o8SF7S`n`lD4Ofj6&eT3kdlG4=Kj)=?6`3ZxN5fz3PksGgVP|SQxv)ON{r77 zvTiLL$snS&q@?~}p3ttV3RErlGc&xYg305^Amws)ww=jXYU664FB}z2!I`dNxfNyR zs;v!#>Nfn`_gF!(yHk+&j4=DuKVW6liAT#h)I(ONM)`PCZ>cKH0tLFNULYr(O&@^Q zb?18nh7R8pvIYNUQM=nP(}IY?D@~#T3wYV_wUZ9(9k_-G!|F)~AKmw* zj?{Gml=f74YR`AL!e7r(g2-Pdl`m(G`{ekGBiZoY0UWk{S>uzm`V{Zt7LzN8caz~S z)*6m`xNnwj$_c$r?0egtabu=R4Rgrt#;uc40r~Q)Cmg>ztlnWoxSkLJ0Id^(6)QOR zMd@e2OmBy#o<7NtgD{af6Qdv>Ti<)xk`Gcx#tx2Yx>DZyr^lXtnXV+fos&2Acfwmt9G>knECB*d^K|<1fRIq_}u9sUigkO8@`> literal 0 HcmV?d00001 diff --git a/environments/acrc-demo/env.secret b/environments/acrc-demo/env.secret new file mode 100644 index 0000000000000000000000000000000000000000..760c4de9284ebbea414e85f9881e57a5125df7ad GIT binary patch literal 127 zcmV-_0D%7hM@dveQdv+`03q`6i5C$hkuwO9QB-OzcZ%D@#EKt>Zw(zV%2|8o=#ymc zp|lwedeFd6x~f8E#>}{x4cvtr?hC0!S Date: Wed, 30 Aug 2023 14:47:13 +0000 Subject: [PATCH 05/10] Add config for remote tf state --- .../group_vars/all/terraform_state.yml | 43 +++++++++++++++++++ environments/acrc-base/inventory/hosts | 2 + environments/acrc-demo/ansible.cfg | 3 +- 3 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 environments/acrc-base/inventory/group_vars/all/terraform_state.yml create mode 100644 environments/acrc-base/inventory/hosts diff --git a/environments/acrc-base/inventory/group_vars/all/terraform_state.yml b/environments/acrc-base/inventory/group_vars/all/terraform_state.yml new file mode 100644 index 0000000..7693650 --- /dev/null +++ b/environments/acrc-base/inventory/group_vars/all/terraform_state.yml @@ -0,0 +1,43 @@ + +##### +# Terraform remote state config +##### + +# NOTE(scott): Used Leafcloud object store here since SMS object +# store was down at the time of writing and is generally less reliable +terraform_backend_type: s3 + +# The endpoint of the object store +terraform_s3_endpoint: https://api.dl.acrc.bris.ac.uk:6780 + +# The region to use +# Ceph does not normally use the region, but Terraform requires it +terraform_s3_region: not-used-but-required +terraform_s3_skip_region_validation: "true" + +# The bucket to put Terraform states in +# NOTE: This bucket must already exist - it will not be created by Terraform +terraform_s3_bucket: azimuth-tf-state + +# The key to use for the state for the environment +# +# Using the azimuth_environment variable in the key means that the state +# for each concrete environment is stored in a separate key, even if this +# configuration is in a shared mixin environment +terraform_s3_key: "{{ azimuth_environment }}.tfstate" + +# The STS API doesn't exist for Ceph +terraform_s3_skip_credentials_validation: "true" + +# Tell Terraform to use path-style URLs, e.g. /, instead of +# subdomain-style URLs, e.g. . +terraform_s3_force_path_style: "true" + +terraform_backend_config: + endpoint: "{{ terraform_s3_endpoint }}" + region: "{{ terraform_s3_region }}" + bucket: "{{ terraform_s3_bucket }}" + key: "{{ terraform_s3_key }}" + skip_credentials_validation: "{{ terraform_s3_skip_credentials_validation }}" + force_path_style: "{{ terraform_s3_force_path_style }}" + skip_region_validation: "{{ terraform_s3_skip_region_validation }}" \ No newline at end of file diff --git a/environments/acrc-base/inventory/hosts b/environments/acrc-base/inventory/hosts new file mode 100644 index 0000000..9dcf1df --- /dev/null +++ b/environments/acrc-base/inventory/hosts @@ -0,0 +1,2 @@ +[terraform_provision] +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/environments/acrc-demo/ansible.cfg b/environments/acrc-demo/ansible.cfg index d6f6cac..07b8d24 100644 --- a/environments/acrc-demo/ansible.cfg +++ b/environments/acrc-demo/ansible.cfg @@ -1,6 +1,5 @@ [defaults] -inventory = ../base/inventory,../singlenode/inventory,../demo/inventory,./inventory -; inventory = ../base/inventory,../singlenode/inventory,../demo/inventory,../acrc-base/inventory,./inventory +inventory = ../base/inventory,../singlenode/inventory,../demo/inventory,../acrc-base/inventory,./inventory roles_path = ../../.ansible/roles collections_path = ../../.ansible/collections From a3c24fcb0067dff3f8a66e5b305bae2d82f6bba0 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 30 Aug 2023 15:10:57 +0000 Subject: [PATCH 06/10] Move tmp workarounds to shared mixin env --- .../inventory/group_vars/all/variables.yml | 38 ++++++++++++++++++ .../inventory/group_vars/all/variables.yml | 39 +------------------ 2 files changed, 39 insertions(+), 38 deletions(-) create mode 100644 environments/acrc-base/inventory/group_vars/all/variables.yml diff --git a/environments/acrc-base/inventory/group_vars/all/variables.yml b/environments/acrc-base/inventory/group_vars/all/variables.yml new file mode 100644 index 0000000..aec8ccb --- /dev/null +++ b/environments/acrc-base/inventory/group_vars/all/variables.yml @@ -0,0 +1,38 @@ +# Workaround broken python dependency issue until +# https://github.com/stackhpc/ansible-slurm-appliance/pull/304 +# is merged along with corresponding update to caas-slurm-appliance +azimuth_caas_stackhpc_slurm_appliance_git_version: 83575461dbc29532c3922871fd8ea89d8053807b + +# harbor_enabled: false + +# NOTE: It seems that latest k8s + Ubuntu Jammy images don't work with Harbor +# Not yet figured out why, but for now use focal images instead until +# we get a chance to debug this further. +community_images_azimuth_images: |- + { + {% for source_key, image in community_images_azimuth_images_manifest.items() %} + {% if "kubernetes_version" in image and source_key.endswith("-focal") %} + {% set kube_version = image.kubernetes_version.removeprefix("v") %} + {% set kube_series = kube_version.split(".")[:-1] | join("_") %} + {% set dest_key = "kube_" ~ kube_series %} + {% elif source_key == "jupyter-repo2docker" %} + {% set dest_key = "repo2docker" %} + {% elif source_key == "ubuntu-desktop" %} + {% set dest_key = "workstation" %} + {% else %} + {% set dest_key = None %} + {% endif %} + {% if dest_key %} + "{{ dest_key }}": { + "name": "{{ image.name }}", + "source_url": "{{ image.url }}", + "checksum": "{{ image.checksum }}", + "source_disk_format": "qcow2", + "container_format": "bare", + {% if "kubernetes_version" in image %} + "kubernetes_version": "{{ image.kubernetes_version }}", + {% endif %} + }, + {% endif %} + {% endfor %} + } diff --git a/environments/acrc-demo/inventory/group_vars/all/variables.yml b/environments/acrc-demo/inventory/group_vars/all/variables.yml index a0e7b12..f9c7572 100644 --- a/environments/acrc-demo/inventory/group_vars/all/variables.yml +++ b/environments/acrc-demo/inventory/group_vars/all/variables.yml @@ -1,39 +1,2 @@ -# Workaround broken python dependency issue until -# https://github.com/stackhpc/ansible-slurm-appliance/pull/304 -# is merged along with corresponding update to caas-slurm-appliance -azimuth_caas_stackhpc_slurm_appliance_git_version: 83575461dbc29532c3922871fd8ea89d8053807b - -# harbor_enabled: false - -# NOTE: It seems that latest k8s + Ubuntu Jammy images don't work with Harbor -# Not yet figured out why, but for now use focal images instead until -# we get a chance to debug this further. -community_images_azimuth_images: |- - { - {% for source_key, image in community_images_azimuth_images_manifest.items() %} - {% if "kubernetes_version" in image and source_key.endswith("-focal") %} - {% set kube_version = image.kubernetes_version.removeprefix("v") %} - {% set kube_series = kube_version.split(".")[:-1] | join("_") %} - {% set dest_key = "kube_" ~ kube_series %} - {% elif source_key == "jupyter-repo2docker" %} - {% set dest_key = "repo2docker" %} - {% elif source_key == "ubuntu-desktop" %} - {% set dest_key = "workstation" %} - {% else %} - {% set dest_key = None %} - {% endif %} - {% if dest_key %} - "{{ dest_key }}": { - "name": "{{ image.name }}", - "source_url": "{{ image.url }}", - "checksum": "{{ image.checksum }}", - "source_disk_format": "qcow2", - "container_format": "bare", - {% if "kubernetes_version" in image %} - "kubernetes_version": "{{ image.kubernetes_version }}", - {% endif %} - }, - {% endif %} - {% endfor %} - } +# Add customisations here as required \ No newline at end of file From 041449cd3f101a9986e44c278a7ffab42fe4f6ee Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 5 Sep 2023 08:19:42 +0000 Subject: [PATCH 07/10] Add prod env config --- environments/acrc-prod/ansible.cfg | 6 ++ environments/acrc-prod/clouds.yaml | Bin 0 -> 971 bytes environments/acrc-prod/env.secret | Bin 0 -> 127 bytes .../inventory/group_vars/all/secrets.yml | Bin 0 -> 1204 bytes .../inventory/group_vars/all/variables.yml | 80 ++++++++++++++++++ environments/acrc-prod/inventory/hosts | 2 + 6 files changed, 88 insertions(+) create mode 100644 environments/acrc-prod/ansible.cfg create mode 100644 environments/acrc-prod/clouds.yaml create mode 100644 environments/acrc-prod/env.secret create mode 100644 environments/acrc-prod/inventory/group_vars/all/secrets.yml create mode 100644 environments/acrc-prod/inventory/group_vars/all/variables.yml create mode 100644 environments/acrc-prod/inventory/hosts diff --git a/environments/acrc-prod/ansible.cfg b/environments/acrc-prod/ansible.cfg new file mode 100644 index 0000000..7d56103 --- /dev/null +++ b/environments/acrc-prod/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +inventory = ../base/inventory,../ha/inventory,../acrc-base/inventory,./inventory +roles_path = ../../.ansible/roles +collections_path = ../../.ansible/collections + +host_key_checking = False diff --git a/environments/acrc-prod/clouds.yaml b/environments/acrc-prod/clouds.yaml new file mode 100644 index 0000000000000000000000000000000000000000..95b37f59c20a0ada3cd0da32bd73ff6061427b95 GIT binary patch literal 971 zcmV;+12p^qM@dveQdv+`0Lx;4dQ$}B-&TJ%=C*mUBl0Ho78t9dE03pEPg+UmdT-;0 zgm652sdK7>hVQ1n;+$bsfz<2_2LE~}m&YV&lngICLwsMh)ui!$X+K=?pkyzPLJt7w zt#!DS7f{_N+3sIgnAHhf!zohbZ+NCGPebIXc{|Wf)vB}^=v^@6^T*3X=*9R7`nHAs z@hiC_B;jjfs$qAH6$eSEdJ)Iv(9O`>5H=n+`92ULcZFR}n7WYC0bbKYRUV~b`oO)R zQaHJ%`SHT{?qK{!e29U94D;=#|Fh>+n|>3N?I-s(p5juJO{QR`q1>KG!ANT`J<5KG z1!vcWJ>soRc{s`{nXhSrS~~oGub(OqpzR~huhk66yLqiWX#uY%2Iu0;av)IU#M)=s zIoz`3ygQVwFnxzj_Y|05Yc-OobVjd|&k5_RAN9hI3O}0a%p6b_3e1{dn2e+t+9grs zc}Y++v8i8Nnx0ga;4A=>v+H37+eeiKh7g10%9p8+vL6E<>;Qfi4(3(nD9*r!9Mq&N z1vZGpA&Jw&R|%cu&c1!>S#GB#P`m&qBjIC1vGQlzU0qQsI?h*=?pl+Dhj;le*!d$^ zM7)J zhM8@cCPc=1n^t=^-t!U@tOiJJeaJ*KS<{p*PL>;6 zEKjYSZRPRTqLH4qWHq@Rv)}Je;#u8IqSsa0rI4^9T~YzJOL@wSToV%v=$J-dv~%_v z`i_~oBlvKgS^Rb?O^B+}iki;jqU~ZnR_-I_sDXrrdOpb&=U2=7EAW(IbqOrFiM!&9 zP;T1z$Lb<4c;SESf>Q+o25ax{v;UqgWvnM48v#ua)@Y}23e(^d4F zNh3Ts(GY^AcW8F!F9;#(Wa@%yYK@0FkA=CS|2=T@`&;?#7aHGY0I2ju4&52OK8Zk* zbKF~Fpi+bdWG8&6oh!a9U7P%IF*d}0$ZzJQs&jHcyB=rj%sWd9!#c9W%o|})>orb6 z@uK`QZp;T##LrTb(S+GJsWyyiY@3=Sks{j6j;UX?+vLNy zF$4y1btnA!E|NU?X#z@-`F1cS-_k@_#!0#X8hE8bUavHjOdWYwvPg})$I+}!5IeV; literal 0 HcmV?d00001 diff --git a/environments/acrc-prod/env.secret b/environments/acrc-prod/env.secret new file mode 100644 index 0000000000000000000000000000000000000000..760c4de9284ebbea414e85f9881e57a5125df7ad GIT binary patch literal 127 zcmV-_0D%7hM@dveQdv+`03q`6i5C$hkuwO9QB-OzcZ%D@#EKt>Zw(zV%2|8o=#ymc zp|lwedeFd6x~f8E#>}{x4cvtr?hC0!SM@dveQdv+`09Lea-pp-Ji~WXHD`^1RQ%{>OzbvU3iKeh$=i&8qxuf_> zF{^eefjgDm949`Z)1eGN-Ko9y1Smj!+4tA9THyv5Eam8-hQxkWT&sRmCX1@p!!+JOH zX&=^uhyE+aPC9~>XGBoyt0dcnLmx7kXID%|N^$H})rd0R9W+XH%_CXTR*mf#n1k7oS;M{?R%w^}(7-WGQrgT6><0x! zDeXUadWf-qW@a6`uvQAYWiW3ahORW%zm5>PK8y?$)A)glTj*mYr>k(j+zbw0G#a?c zx_6oHr@w@Wpc;YZw8jE*drGhy=--OAc$NnBb^9D8GhBuYISdc^FRl(uUCgkrZK7Tk zDQN#gu@WU@6yQ7c2D}mcWU51+#iz?cERS4dzjwB<#6O}0V{KyfBwN&Ql0j*P6!${< zZ*6r~Tu;Dbz+bc^x!mTP48)3VJ>e9%D<+C(b^@4W2Gw z3BhVCcLC#4^Ts@ahrhRG;#xs<7i(WH#)06Pufk?6Y{DfATg#9}<>l{c5?t~SOQng{ zqKzx#P{v!biyK&jPIM1yenq_8jH)%ak+g=2bc+%Ea$y?_Rui#15>oZXf{{Mq*m(!h zgP)T&x_p!~e4Ut*BkbVLmy>D%XSbeU)!ENeguVWn3s`pYul*T>)^{bO4FCL+V+DS| z(JnbpyLwmrT!eRDrvU~pXYas1FV-hsi$)?wBGbht{}+YIQ;+s*U~Uxf*?F<5iX2w^ zz2UrE@)m+FPD(c>{OZEbNGs!xA_uF1!(8yN?jDRM08gy-rB`N&{k+YqUUC_wR`{2^ zAUk29PTrI;FGa_3&b!OMmUS%fUusKpTA?wxU8Ae?>5b8WPG*cX>c+Ew&Q5eTDD$pC z(parr7)8nM9m_*w_@lmayu(R|s>v@L8}V`BPTKkaIeRQLOH=D=EF8S?Nnr@phBdHi zXNh2VAXUCk2fFZ$|CXDs60*9vNTg>$`0$U^L3!Uo?CFjV7{xdnu?()`d`tx$Oy;J# zU~oaJ0P>9vUJ&X$phsE_XnDs|#~}tYBPp~sS3Yv5xoT`U;6zeoH%4>3IMiieL4`%n S!V?e3hf8>pE{@@OgUJm|-bB*? literal 0 HcmV?d00001 diff --git a/environments/acrc-prod/inventory/group_vars/all/variables.yml b/environments/acrc-prod/inventory/group_vars/all/variables.yml new file mode 100644 index 0000000..7a9a9f6 --- /dev/null +++ b/environments/acrc-prod/inventory/group_vars/all/variables.yml @@ -0,0 +1,80 @@ + +##### +# Configuration for the seed node +##### + +# The ID of the external network +infra_external_network_id: ee29b0e7-d381-4d5f-a940-c86e39da34dc + +# The ID of the flavor to use for the K3S node +# A flavor with at least 2 CPUs and 8GB RAM is recommended +infra_flavor_id: 1d5df89f-e753-45de-8717-719a325243c5 # == m1.large + + +##### +# Configuration for the HA cluster +##### + +# The name of the flavor to use for control plane nodes +# A flavor with at least 2 CPUs, 8GB RAM and 100GB root disk is recommended +capi_cluster_control_plane_flavor: m1.xlarge + +# The name of the flavor to use for worker nodes +# A flavor with at least 4 CPUs, 16GB RAM and 100GB root disk is recommended +capi_cluster_worker_flavor: m1.xlarge + +# The number of worker nodes +capi_cluster_worker_count: 3 + +# The floating IP to which to wildcard DNS entry has been assigned +# This IP must be pre-assigned to the target OpenStack project +capi_cluster_addons_ingress_load_balancer_ip: 10.129.31.71 + + +##### +# Ingress configuration +##### + +# Disable TLS for now until we arrange a DNS entry + TLS cert +ingress_tls_enabled: false + +# Indicates if Harbor should be enabled to provide pull-through caches +harbor_enabled: no + +# Cloud uses Octavia OVN provider +openstack_loadbalancer_provider: ovn +capi_cluster_addons_openstack_loadbalancer_method: SOURCE_IP_PORT +azimuth_capi_operator_capi_helm_openstack_loadbalancer_method: SOURCE_IP_PORT + + +# The name of the current cloud +azimuth_current_cloud_name: acrc-dl +# The label for the current cloud +azimuth_current_cloud_label: "ACRC Digital Lab" + + +##### +# Configuration for CaaS appliances +##### + +# The name of a flavor to use for Slurm login nodes +# A flavor with at least 2 CPUs and 4GB RAM should be used +azimuth_caas_stackhpc_slurm_appliance_login_flavor_name: m1.medium + +# The name of a flavor to use for Slurm control nodes +# A flavor with at least 2 CPUs and 4GB RAM should be used +azimuth_caas_stackhpc_slurm_appliance_control_flavor_name: m1.medium + + + +##### +# Configuration for monitoring stack +##### + +# Loki volume fills up in ~1 week with defaults so reduce rentention time and bump storage capacity +capi_cluster_addons_monitoring_loki_volume_size: 20Gi +capi_cluster_addons_monitoring_loki_retention: 336h # == 14 days + +# Prometheus retention and volume size +capi_cluster_addons_monitoring_prometheus_retention: 30d +capi_cluster_addons_monitoring_prometheus_volume_size: 20Gi \ No newline at end of file diff --git a/environments/acrc-prod/inventory/hosts b/environments/acrc-prod/inventory/hosts new file mode 100644 index 0000000..9dcf1df --- /dev/null +++ b/environments/acrc-prod/inventory/hosts @@ -0,0 +1,2 @@ +[terraform_provision] +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" From 8b39ab2b14714f8cbff1d001c01bf10e7e416ee7 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 5 Sep 2023 08:26:11 +0000 Subject: [PATCH 08/10] Remove seed MTU workaround --- .../acrc-prod/inventory/group_vars/all/variables.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/environments/acrc-prod/inventory/group_vars/all/variables.yml b/environments/acrc-prod/inventory/group_vars/all/variables.yml index 7a9a9f6..c244ae4 100644 --- a/environments/acrc-prod/inventory/group_vars/all/variables.yml +++ b/environments/acrc-prod/inventory/group_vars/all/variables.yml @@ -77,4 +77,9 @@ capi_cluster_addons_monitoring_loki_retention: 336h # == 14 days # Prometheus retention and volume size capi_cluster_addons_monitoring_prometheus_retention: 30d -capi_cluster_addons_monitoring_prometheus_volume_size: 20Gi \ No newline at end of file +capi_cluster_addons_monitoring_prometheus_volume_size: 20Gi + + +# Work around seed network MTU issue +# (possibly related to disabled DVR) +infra_network_mtu: 1500 \ No newline at end of file From 7ce02d1375aba5f4f55ac504b8172e618e0cde9c Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 5 Sep 2023 08:46:58 +0000 Subject: [PATCH 09/10] Remove resolved k8s image workaround --- .../inventory/group_vars/all/variables.yml | 34 ------------------- 1 file changed, 34 deletions(-) diff --git a/environments/acrc-base/inventory/group_vars/all/variables.yml b/environments/acrc-base/inventory/group_vars/all/variables.yml index aec8ccb..13d7c7e 100644 --- a/environments/acrc-base/inventory/group_vars/all/variables.yml +++ b/environments/acrc-base/inventory/group_vars/all/variables.yml @@ -2,37 +2,3 @@ # https://github.com/stackhpc/ansible-slurm-appliance/pull/304 # is merged along with corresponding update to caas-slurm-appliance azimuth_caas_stackhpc_slurm_appliance_git_version: 83575461dbc29532c3922871fd8ea89d8053807b - -# harbor_enabled: false - -# NOTE: It seems that latest k8s + Ubuntu Jammy images don't work with Harbor -# Not yet figured out why, but for now use focal images instead until -# we get a chance to debug this further. -community_images_azimuth_images: |- - { - {% for source_key, image in community_images_azimuth_images_manifest.items() %} - {% if "kubernetes_version" in image and source_key.endswith("-focal") %} - {% set kube_version = image.kubernetes_version.removeprefix("v") %} - {% set kube_series = kube_version.split(".")[:-1] | join("_") %} - {% set dest_key = "kube_" ~ kube_series %} - {% elif source_key == "jupyter-repo2docker" %} - {% set dest_key = "repo2docker" %} - {% elif source_key == "ubuntu-desktop" %} - {% set dest_key = "workstation" %} - {% else %} - {% set dest_key = None %} - {% endif %} - {% if dest_key %} - "{{ dest_key }}": { - "name": "{{ image.name }}", - "source_url": "{{ image.url }}", - "checksum": "{{ image.checksum }}", - "source_disk_format": "qcow2", - "container_format": "bare", - {% if "kubernetes_version" in image %} - "kubernetes_version": "{{ image.kubernetes_version }}", - {% endif %} - }, - {% endif %} - {% endfor %} - } From c528f06f2c5ad04e567b853b23f540c2d5cbbc37 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 26 Sep 2023 16:09:59 +0100 Subject: [PATCH 10/10] Add tls certs --- environments/acrc-prod/tls/tls.crt | 119 +++++++++++++++++++++++++++++ environments/acrc-prod/tls/tls.key | Bin 0 -> 3269 bytes 2 files changed, 119 insertions(+) create mode 100755 environments/acrc-prod/tls/tls.crt create mode 100644 environments/acrc-prod/tls/tls.key diff --git a/environments/acrc-prod/tls/tls.crt b/environments/acrc-prod/tls/tls.crt new file mode 100755 index 0000000..69aa2ef --- /dev/null +++ b/environments/acrc-prod/tls/tls.crt @@ -0,0 +1,119 @@ +-----BEGIN CERTIFICATE----- +MIIIhzCCBm+gAwIBAgIQJWxobeEFujl7A61ylGQcmDANBgkqhkiG9w0BAQwFADBE +MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE +AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjMwOTE1MDAwMDAwWhcNMjQwOTE0MjM1 +OTU5WjBvMQswCQYDVQQGEwJHQjEZMBcGA1UECBMQQnJpc3RvbCwgQ2l0eSBvZjEe +MBwGA1UEChMVVW5pdmVyc2l0eSBvZiBCcmlzdG9sMSUwIwYDVQQDDBwqLmF6aW11 +dGguZGwuYWNyYy5icmlzLmFjLnVrMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAsEPHj48z0NWMJ6+2Kt4HkWXztZu3ZOIvunI6hzUd8AvJTXPDnvg6VE68 +uZyjJyJvIHy36XRdnjrSu2p4USSJOpy/mf05nLQenjZjYJtYLd5yZ2IflXgBv2Nx +4JDQV0ZPBDFbCxz3tiMew73GHR5uaMF1AAz5HR0iHq6ArTW56IRCadaGg3HbS5zF +LbIWY9Au/OE9pYLYV1W+xRYmm0d6Kly9XYHFhPsPxrHzp97joP1Kv8Tqh1DdbH+j +JOjkS6DCwtI68LIJStCtriS0jjs2MuSPp6BZD+MvYhYtoDGEqlYdz+ILCFAPbELL +Y4JdBFxCSFumpLisHW4mLrPJ8YipLL0B8qJCSgVGZ841lrRdXLTbr2i2a/swi3og +I/cq389eM0erKgfaRJuvZOz/SUjaHCXy/qVRhVdQjKqRIzWmfnQ+1hANuR4EStYm +t0dtncK7pAE/iYT1ebMc4fa26ncoBqElvo0GsGFHrx4FxvfTKLinH1xIl56Wx4xr +GZNWF6u9hn7I7CV9c6BDfdlXu9Y3bigTcU8rzuys28cYjGKWBCzXRqyGAM8btwMF +9C4Lh6KEZVmBvTe9X33PVO4kpMQVnF7SdDaTzMYmQUzD7tyE5p+vegsPtXcneddC +9sL2n9l+TmAKlifERxmdX92rr6NlBsjojr+vc7tJsW3w1hwsFYkCAwEAAaOCA0gw +ggNEMB8GA1UdIwQYMBaAFG8dNUkQbDL6WaCevIroH5W+cXoMMB0GA1UdDgQWBBT/ +U8wp8PIpyFPzk/YQnABKaxbeoTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw +ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0Bgsr +BgEEAbIxAQICTzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQ +UzAIBgZngQwBAgIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL0dFQU5ULmNybC5z +ZWN0aWdvLmNvbS9HRUFOVE9WUlNBQ0E0LmNybDB1BggrBgEFBQcBAQRpMGcwOgYI +KwYBBQUHMAKGLmh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5jb20vR0VBTlRPVlJT +QUNBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3NwLnNlY3RpZ28u +Y29tMIIBewYKKwYBBAHWeQIEAgSCAWsEggFnAWUAdQB2/4g/Crb7lVHCYcz1h7o0 +tKTNuyncaEIKn+ZnTFo6dAAAAYqYVvXNAAAEAwBGMEQCICkcYSQulORySc2+Tswp +5sgVOpnbO9SwbZf4JLgtsKW8AiB8Q6P+OwJI0jndDat3aRGuFKQy7r8MgPXGApzR +oJ8sggB1ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABiphW9ioA +AAQDAEYwRAIgKM7NnWmQfZhAS+3cOFKK00n8dToTL2xdtStbX/NhzbACIFFJq4O8 +PRtQpLX5eekeJ90pQtZIDN7H5xLO3n+s92hwAHUA7s3QZNXbGs7FXLedtM0TojKH +Rny87N7DUUhZRnEftZsAAAGKmFb1+QAABAMARjBEAiBNOFQiD2zYmTULOCjhxSvj +I20OLAcU8cPxuSUqaJnA0gIgcLSaZlNeOWAGlNn0A1N0YHCswrGZeWjrk8JItpU8 +4lIwQwYDVR0RBDwwOoIcKi5hemltdXRoLmRsLmFjcmMuYnJpcy5hYy51a4IaYXpp +bXV0aC5kbC5hY3JjLmJyaXMuYWMudWswDQYJKoZIhvcNAQEMBQADggIBAFot7Yb2 +KnKyDis7DviY6aUQT4onVVgu8nNfPV/xBfzVsrdvW5sMlFGP/27NpxjuMqJm4hSB +0aFR9/0q/X4QF69g8Cdg+BT0H5IoosbXCGYussDBDQp7w44TSrNPlrbbG+HxUUhU +r5ueGgYl0uV/NLaZWVIbxiyYwj7lK0+EeVcCXnxJQ6poEG2wjRZ3KGuZfOl4Yr3C +c+378ZU0PBeN9T2VSwKKE1ZdDTM1xR72OadU/faTSpJChZU0S0KC+NU0JcvJA2Wq +iQ8LLDk8IRJTacDEocQ0qdPrSAu26YFfgaaZAa+pNbwbiGnxjQbnWu2TZNbJZ8nN +mBnuqAXLmxfa8L1t8meVysm7HzsgvLZw6MEm8LT4vh+m4fNm6fmM6VdhHwA6eR9P +q6HJ7FeTtFGXq3bLNTvx4hRIwlHuBV4xIrVa2GPZDQgkfVpLiTz4Ol1TGOhExQbN +emVS3P+AiXe/Arbe2BmixIFu8TfJ5bpEPwV+jSPr3Lr/g8tls/pzeQh7ML9Sm2N5 +T5M53CRM5Hn4ksLb6hWsKNWsek5LQk53C7je7nI0y/hhNgVDMDBo1xm8l24makFg +wrnPivcoCp3DetGtwdvpjSHb86AhpuGoCFoEdHg7/FGbKXm58DXpnhG5dpPf+0JL +zcYTH0BlESkYdT0VCNiOogMl2yq/MUFWIIwO +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw +gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK +ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD +VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw +MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV +BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q +r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT +PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp +LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF +TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn +TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP +FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw +d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 +2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ +URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo +NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 +lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq +K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO +BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH +AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 +dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 +Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl +BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B +AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R +lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG +hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh +AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ +ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r +48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm +EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 +bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 +vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt +apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp +Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 +MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD +VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE +AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 +MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 +MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO +ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI +s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG +vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ +Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb +IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 +tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E +xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV +icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 +D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ +WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ +5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG +KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg +EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID +ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG +BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t +L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr +BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA +A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ +rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ +/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA +CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F +zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA +vGp4z7h/jnZymQyd/teRCBaho1+V +-----END CERTIFICATE----- diff --git a/environments/acrc-prod/tls/tls.key b/environments/acrc-prod/tls/tls.key new file mode 100644 index 0000000000000000000000000000000000000000..840c8d1e468201ee4727bd44ae17aa14d8e887dc GIT binary patch literal 3269 zcmV;$3_9}wM@dveQdv+`01a;@B1O);4ORY>P^b5Y`JkX$jJ`Dge ztiq ze)YW}yPmpU6?&RvWD_Qlh|e~*(bq@-_(2Z7Fkr1F_~6xl>0kgu3F%jq%Hx4C8d7M7 z&VmEt8PMu%jRoCZME|SeGMf+FFDel7&jzdF{W_!ED{kXO9=so0$xMi+bxWH+#5QGg z4BZoyR^3gt9LeVws*PO2H}BecYMd6xrLAE@`r zi|54o?;YVXaCZ6_SRwP&&MYS7$&^mVQ0f)hbS?}8qTxk-VsP9*W~!|k{^jh4#>7re z5x}*~cMGYcFnO%+CnsSl_k=7aYf+Fau$s2VX-Iftl!iu$?uBMEo}=zbj{SA}C95eS zYqdVgdSeXMCRE@J&{B>_zYcX$zATg4TnreRtB>S*w0>;l&%1&F%R;o&^1a~w|E)$gme z`lK7B7o0L1LS{5gfpV$mki#zneUTcLN)GrmLoOdl#!O;JMUXJX`v){cul8>VVrYO} zM82YLQLd$SU8aaf_$MD!YdSS(JeOVnh1UzcphCDEj_$MRdAT}GN4*>0Y{%B$N0yMi zhgP(*07_sTRZ?#{ZJ9oRo7KiXfQI%&z6pi-Jsp@EM`q2kxV|y+SOK%xN=I!d>0a;` zfq%Bd4zdR`64O*pe`J(=vGEBglK&zgwV?5oqRj2B1}aU2wPWL>rHvRBhd>z_II4bM zk`e@A9|(%N8ZD_rmBjR3mX2=sv+8Wn zIVB}T-GuI0Z+`B6{Zl~JJe94PZvj7}`<)x^n&&YtHo^kR%p&Vy@HQLVDGKC%5rmRr znZd!~A)s*rpIaP8ai<;1oLr>>%7h7ik_cyEZz(F&_#zuYt6p;r!kFY06rAJn9<2fe zDQqGimV=ARgy{XS<1v8PxIYt0{>Hz^`BIU7Bi14&+KK(*%>ZWD^byqqZE6|n9zQL# zv@rf2UOHlrNkPyO%H{&rS(;YOMy<-zPPG?jQieg&6^_t}% zGp+%gzcTPC(eE7^H89s?I2WU+tSwquXal2%kYd3Wik~4P?i%|GU{kf-I!CMpFs|!l zYBT?~fcOTP{*^iT6AyT@e*y8uy>i!heRw)z9a|^o*6Y{kb-yz3_ATBY#Ee3iu(mmT zKW6sTx5IIaAZi;aa+79C@qffGz32{Z$%#RC%8Vh7x6fYy-u`%z&(R!o%qOsjn4hsv zUm~D5#Tgm~#qteriRTZtaUP7$j71?_b)D}Y=06|<4DNC2O5QsK@1d6~pVa(I%Gf2T zj;lt@a5)^L>|8%#*FL^n8CskVMvnG1`v*j;`WT{nFO?_Iq(MDRAmJv8KvpuA_E|hu zE?xUI?8xCZlzYjqx$hbM$hQYCS=4~Fu4xdm9Mu6POdzVdJ4D4dbDUB0s(>6J*%EH8 zF&}43GMxyLj_wpbU&n4Z8BHT?*?pR8Oen)SJ_$+?&EjOltvPo>2qoJ_5{mjm)9p0|!#%;zm}g z9l?z*?2fj845B4(U2G`urs7^O+u1{T9jKhj3c6GetLxcG2rJckFa$rRL9{?2dD5V4 zk#{QLJ%IRl8rw?HA0FZ;o~7er*Yye_$Yt4?_v5E{=N1DUToY~loYRuko{cos5NF)a zcy#Ai(zYK85vp!GaR6H=W5q1gFmW($!`U}gEr7qiHD~o4U2~^a9KvQr3};@oJuAf& z&m1u=sYS;gSp^5r$2yiF$i`=?CR$D z^#$!E>Vp^?@tcJo}Y`Ief86E3fqL-=JLQKYh#w#2Jo#{Gmllt zP|E$wM&DIq3L^3N`}U=~#g5m*u0kjx0KDr30<>Y`c-1dyqBV5_i7nsWRF5oJ1rnb7 zV*wz=BTaYRc2A+%zV*d5*EP#-=KqH&ER$mOu2a_xMvt&v27fLK+xS)TGU@q723eZV zR+)D2Yu;j=e@!zt**Od3yh+E&AuY-{dhg$lS7G#AU=;sN;VB`$c5 z`p}o5A|2CKxojRgKM89lhnNbmShc-(1Sq@a{GR7*H+A56@!V^lCecal?Cj^bd)D!7 zpHfr;9&v7^#+hqsk?+Ur5xX=yWa+`9(MjcN=NF9`&SGz|Wfa#2cQ_`uyhj-r=_|O< z!zUy#POVQy2~LB)tU=cgA?#6>i!wt@_2593VdowN)dAJKexIvND-chlVOv$S$T|o) zJf}QUq=ssHY^8vkaHJRSB){Ys;^n#n-In0iH?Uv_sOwxaXV8_b)4g`6>6fD-+ zM(EVE${`Z1H@wdd>F!xM|^#zyyEYeFd&E23`pL``*>UkbRmNYlY$SB9YI%%<^qR+~|ou49xLM5#oQZ>?5>M#*K%z7QOSQsG2w;IPY?Ln+kNwz#WQs)jV5u_@KR6GE+h7+z7 z0QPGL1p4IMBW59CR)24jBrzZzw(loY)$HKjrYpKfd#p~7GG^C-Yy;1yqoo&eF(|ZT D;jBe} literal 0 HcmV?d00001