From 9068a628733f8a9e02278891135fa420f57ca7de Mon Sep 17 00:00:00 2001 From: mcrozes Date: Wed, 20 Jan 2021 13:18:47 -0500 Subject: [PATCH 01/13] Pushing 2.6.1 --- CHANGELOG.md | 16 ++ NOTICE.txt | 2 +- README.adoc | 29 +--- deployment/build-open-source-dist.sh | 75 --------- deployment/build-s3-dist.sh | 86 ---------- deployment/run-unit-tests.sh | 9 - docs/overrides/partials/footer.html | 2 +- .../control-hpc-job-with-http-web-rest-api.md | 4 +- source/manual_build.py | 40 ++++- source/requirements.txt | 1 + source/scale-out-computing-on-aws.template | 154 +++++++++--------- source/scripts/config.cfg | 24 +-- source/scripts/requirements.txt | 8 +- source/soca/cluster_analytics/job_tracking.py | 6 +- source/soca/cluster_manager/add_nodes.py | 90 ++++------ .../cluster_manager/cloudformation_builder.py | 6 +- .../windows/ComputeNodeInstallDCVWindows.ps | Bin 5304 -> 6009 bytes .../api/v1/scheduler/pbspro/job.py | 8 +- .../api/v1/scheduler/pbspro/jobs.py | 2 +- .../dcv_cloudformation_builder.py | 2 +- .../templates/common/horizontal_menu_bar.html | 2 +- .../templates/remote_desktop.html | 2 +- .../cluster_web_ui/templates/submit_job.html | 2 +- .../submit_job_selected_application.html | 2 +- source/soca/cluster_web_ui/views/my_files.py | 18 +- .../cluster_web_ui/views/remote_desktop.py | 8 +- .../views/remote_desktop_windows.py | 8 +- source/templates/Network.template | 9 +- source/templates/Scheduler.template | 6 +- 29 files changed, 233 insertions(+), 388 deletions(-) delete mode 100755 deployment/build-open-source-dist.sh delete mode 100755 deployment/build-s3-dist.sh delete mode 100755 deployment/run-unit-tests.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index f43961dd..12793841 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,22 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2.6.1] - 2021-01-20 +### Added +- Added Name tag to EIPNat in Network.template +- Added support for Milan and Cape Town +- EBS volumes provisioned for DCV sessions (Windows/Linux) are now tagged properly + +### Changed +- Updated EFA to 1.11.1 +- Updated Python 3.7.1 to Python 3.7.9 +- Update DCV version to 2020.2 +- Updated awscli, boto3, and botocore to support instances announced at Re:Invent 2020 +- Use new gp3 volumes instead of gp2 since they're more cost effective and provide 3000 IOPS baseline +- Removed SchedulerPublicIPAllocation from Scheduler.template as it's no longer used +- Updated CentOS, ALI2 and RHEL76 AMIs +- Fixed manual builds on Windows+Cygwin environments + ## [2.6.0] - 2020-10-29 ### Added - Users can now launch Windows instances with DCV diff --git a/NOTICE.txt b/NOTICE.txt index 267b67df..35307cb9 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -1,5 +1,5 @@ Scale Out Computing on AWS -Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/ or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, diff --git a/README.adoc b/README.adoc index 8d8489db..273c0892 100644 --- a/README.adoc +++ b/README.adoc @@ -7,33 +7,6 @@ https://awslabs.github.io/scale-out-computing-on-aws/[https://awslabs.github.io/ == :rocket: How to install Scale-Out Computing on AWS -=== 1-Click installer - -Visit https://aws.amazon.com/solutions/scale-out-computing-on-aws[https://aws.amazon.com/solutions/scale-out-computing-on-aws] - -:warning:1-Click installer is great for PoC or demos. For production workload, it's recommended to go with "Custom Build" instead. - - -=== Custom Build - -. Clone this git repository -+ -```bash -git clone https://github.com/awslabs/scale-out-computing-on-aws -``` - -. Run the following command to create your build (support Python2 and Python3): -+ -```bash -python source/manual_build.py -``` - -. Output will be created under `source/dist/` - -. Upload `source/dist/` folder to your own S3 bucket - -. Launch CloudFormation and use `scale-out-computing-on-aws.template` as base template - Refer to https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/[https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/] for installation instructions. == :pencil2: File Structure @@ -65,7 +38,7 @@ Scale-Out Computing on AWS project consists in a collection of CloudFormation te *** -Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/deployment/build-open-source-dist.sh b/deployment/build-open-source-dist.sh deleted file mode 100755 index 7fd23d40..00000000 --- a/deployment/build-open-source-dist.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash -# -# This assumes all of the OS-level configuration has been completed and git repo has already been cloned -# -# This script should be run from the repo's deployment directory -# cd deployment -# ./build-s3-dist.sh solution-name -# -# Paramenters: -# - solution-name: name of the solution for consistency - -# Check to see if input has been provided: -if [ -z "$1" ]; then - echo "Please provide the trademark approved solution name for the open source package." - echo "For example: ./build-open-source-dist.sh trademarked-solution-name" - exit 1 -fi - -# Get reference for all important folders -source_template_dir="$PWD" -dist_dir="$source_template_dir/open-source" -dist_template_dir="$dist_dir/deployment" -source_dir="$source_template_dir/../source" - -echo "------------------------------------------------------------------------------" -echo "[Init] Clean old open-source folder" -echo "------------------------------------------------------------------------------" -echo "rm -rf $dist_dir" -rm -rf $dist_dir -echo "mkdir -p $dist_dir" -mkdir -p $dist_dir -echo "mkdir -p $dist_template_dir" -mkdir -p $dist_template_dir - -echo "------------------------------------------------------------------------------" -echo "[Packing] Build Script" -echo "------------------------------------------------------------------------------" -echo "cp $source_template_dir/build-s3-dist.sh $dist_template_dir" -cp $source_template_dir/build-s3-dist.sh $dist_template_dir -echo "cp $source_template_dir/run-unit-tests.sh $dist_template_dir" -cp $source_template_dir/run-unit-tests.sh $dist_template_dir - -echo "------------------------------------------------------------------------------" -echo "[Packing] Source Folder" -echo "------------------------------------------------------------------------------" -echo "cp -r $source_dir $dist_dir" -cp -r $source_dir $dist_dir -echo "cp $source_template_dir/../LICENSE.txt $dist_dir" -cp $source_template_dir/../LICENSE.txt $dist_dir -echo "cp $source_template_dir/../NOTICE.txt $dist_dir" -cp $source_template_dir/../NOTICE.txt $dist_dir -echo "cp $source_template_dir/../README.md $dist_dir" -cp $source_template_dir/../README.md $dist_dir -echo "cp $source_template_dir/../CODE_OF_CONDUCT.md $dist_dir" -cp $source_template_dir/../CODE_OF_CONDUCT.md $dist_dir -echo "cp $source_template_dir/../CONTRIBUTING.md $dist_dir" -cp $source_template_dir/../CONTRIBUTING.md $dist_dir -echo "cp $source_template_dir/../CHANGELOG.md $dist_dir" -cp $source_template_dir/../CHANGELOG.md $dist_dir -echo "cp $source_template_dir/../THIRD_PARTY_LICENSES.txt $dist_dir" -cp $source_template_dir/../THIRD_PARTY_LICENSES.txt $dist_dir - -echo "------------------------------------------------------------------------------" -echo "[Packing] Create GitHub (open-source) zip file" -echo "------------------------------------------------------------------------------" -echo "cd $dist_dir" -cd $dist_dir -echo "zip -q -r9 ../$1.zip *" -zip -q -r9 ../$1.zip * -echo "Clean up open-source folder" -echo "rm -rf *" -rm -rf * -echo "mv ../$1.zip ." -mv ../$1.zip . -echo "Completed building $1.zip dist" \ No newline at end of file diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh deleted file mode 100755 index 5b9f941f..00000000 --- a/deployment/build-s3-dist.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# -# This assumes all of the OS-level configuration has been completed and git repo has already been cloned -# -# This script should be run from the repo's deployment directory -# cd deployment -# ./build-s3-dist.sh source-bucket-base-name solution-name version-code -# -# Paramenters: -# - source-bucket-base-name: Name for the S3 bucket location where the template will source the Lambda -# code from. The template will append '-[region_name]' to this bucket name. -# For example: ./build-s3-dist.sh solutions my-solution v1.0.0 -# The template will then expect the source code to be located in the solutions-[region_name] bucket -# -# - solution-name: name of the solution for consistency -# -# - version-code: version of the package - -# Check to see if input has been provided: -if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then - echo "Please provide the base source bucket name, trademark approved solution name and version where the lambda code will eventually reside." - echo "For example: ./build-s3-dist.sh solutions trademarked-solution-name v1.0.0" - exit 1 -fi - -# Get reference for all important folders -template_dir="$PWD" -template_dist_dir="$template_dir/global-s3-assets" -build_dist_dir="$template_dir/regional-s3-assets" -source_dir="$template_dir/../source" - -echo "------------------------------------------------------------------------------" -echo "[Init] Clean old dist, node_modules and bower_components folders" -echo "------------------------------------------------------------------------------" -echo "rm -rf $template_dist_dir" -rm -rf $template_dist_dir -echo "mkdir -p $template_dist_dir" -mkdir -p $template_dist_dir -echo "rm -rf $build_dist_dir" -rm -rf $build_dist_dir -echo "mkdir -p $build_dist_dir" -mkdir -p $build_dist_dir - -echo "------------------------------------------------------------------------------" -echo "[Packing] Global Assets" -echo "------------------------------------------------------------------------------" -echo "------------------------------------------------------------------------------" -echo "[Packing] Copy all templates for CfnNagScan and force .template extension" -echo "------------------------------------------------------------------------------" -echo "mkdir -p $template_dist_dir" -mkdir -p $template_dist_dir -echo "cp ../source/scale-out-computing-on-aws.template $template_dist_dir/" -cp ../source/scale-out-computing-on-aws.template $template_dist_dir/ -echo "cp ../source/install-with-existing-resources.template $template_dist_dir/" -cp ../source/install-with-existing-resources.template $template_dist_dir/ -echo "cp ../source/README.txt $template_dist_dir/" -cp ../source/README.txt $template_dist_dir/ - - -echo "Updating code source bucket in template with $1-reference" -replace="s/%%BUCKET_NAME%%/$1-reference/g" -echo "sed -i '' -e $replace $template_dist_dir/scale-out-computing-on-aws.template" -sed -i '' -e $replace $template_dist_dir/*.template -replace="s/%%SOLUTION_NAME%%/$2/g" -echo "sed -i '' -e $replace $template_dist_dir/scale-out-computing-on-aws.template" -sed -i '' -e $replace $template_dist_dir/*.template -replace="s/%%VERSION%%/$3/g" -echo "sed -i '' -e $replace $template_dist_dir/scale-out-computing-on-aws.template" -sed -i '' -e $replace $template_dist_dir/*.template -echo "cp -r $source_dir/scripts $template_dist_dir" -cp -r $source_dir/scripts $template_dist_dir -echo "cp -r $source_dir/templates $template_dist_dir" -cp -r $source_dir/templates $template_dist_dir - -echo "tar -czf $template_dist_dir/soca.tar.gz $source_dir/soca" -cd $source_dir/soca -tar -czf $template_dist_dir/soca.tar.gz * - - -echo "------------------------------------------------------------------------------" -echo "[Packing] Regional Assets" -echo "------------------------------------------------------------------------------" -echo "cp -r $source_dir/scripts $build_dist_dir" -cp -r $source_dir/scripts $build_dist_dir -echo "cp -r $source_dir/templates $build_dist_dir" -cp -r $source_dir/templates $build_dist_dir diff --git a/deployment/run-unit-tests.sh b/deployment/run-unit-tests.sh deleted file mode 100755 index efa50c8f..00000000 --- a/deployment/run-unit-tests.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -# -# This assumes all of the OS-level configuration has been completed and git repo has already been cloned -# -# This script should be run from the repo's deployment directory -# cd deployment -# ./run-unit-tests.sh -# -echo "Unit tests have moved to internal/content_scan.sh" \ No newline at end of file diff --git a/docs/overrides/partials/footer.html b/docs/overrides/partials/footer.html index d62106e6..ff05515f 100644 --- a/docs/overrides/partials/footer.html +++ b/docs/overrides/partials/footer.html @@ -44,7 +44,7 @@ {% endif %} Made with Material for MkDocs
- Privacy | Site terms | © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. + Privacy | Site terms | © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. diff --git a/docs/web-interface/control-hpc-job-with-http-web-rest-api.md b/docs/web-interface/control-hpc-job-with-http-web-rest-api.md index 698307a1..63f87c86 100644 --- a/docs/web-interface/control-hpc-job-with-http-web-rest-api.md +++ b/docs/web-interface/control-hpc-job-with-http-web-rest-api.md @@ -135,5 +135,5 @@ If the command is valid, you will receive a validation message: This time the output will return an error: ~~~json -{"succes": false, "message": "Unable to retrieve Job ID (job may have terminated and is no longer in the queue)"} -~~~ \ No newline at end of file +{"success": false, "message": "Unable to retrieve Job ID (job may have terminated and is no longer in the queue)"} +~~~ diff --git a/source/manual_build.py b/source/manual_build.py index 7d8e91b1..6d05b838 100644 --- a/source/manual_build.py +++ b/source/manual_build.py @@ -6,12 +6,13 @@ import argparse from shutil import make_archive, copy, copytree + def upload_objects(s3, bucket_name, s3_prefix, directory_name): try: my_bucket = s3.Bucket(bucket_name) for path, subdirs, files in os.walk(directory_name): - path = path.replace("\\","/") - directory = path.replace(directory_name,"") + path = path.replace("\\", "/") + directory = path.replace(directory_name.replace("\\", "/"), "") for file in files: print("%s[+] Uploading %s to s3://%s/%s%s%s" % (fg('green'), os.path.join(path, file), bucket_name, s3_prefix, directory+'/'+file, attr('reset'))) my_bucket.upload_file(os.path.join(path, file), s3_prefix+directory+'/'+file) @@ -24,7 +25,7 @@ def get_input(prompt): if sys.version_info[0] >= 3: response = input(prompt) else: - #Python 2 + # Python 2 response = raw_input(prompt) return response @@ -33,10 +34,12 @@ def get_input(prompt): from colored import fg, bg, attr import boto3 from requests import get + import requests.exceptions + import massedit from botocore.client import ClientError from botocore.exceptions import ProfileNotFound except ImportError: - print(" > You must have 'colored', 'boto3' and 'requests' installed. Run 'pip install boto3 colored requests'") + print(" > You must have 'massedit, 'colored', 'boto3' and 'requests' installed. Run 'pip install boto3 colored requests massedit' or 'pip install -r requirements.txt' first") exit(1) parser = argparse.ArgumentParser(description='Build & Upload SOCA CloudFormation resources.') @@ -70,15 +73,19 @@ def get_input(prompt): s3.meta.client.head_bucket(Bucket=bucket) s3_bucket_exists = True except ClientError as e: - print(" > The bucket "+ bucket + " does not exist or you have no access.") + print(" > The bucket " + bucket + " does not exist or you have no access.") print(e) print(" > Building locally but not uploading to S3") # Detect Client IP - get_client_ip = get("https://ifconfig.co/json") - if get_client_ip.status_code == 200: - client_ip = get_client_ip.json()['ip'] + '/32' - else: + try: + get_client_ip = get("https://ifconfig.co/json",) + if get_client_ip.status_code == 200: + client_ip = get_client_ip.json()['ip'] + '/32' + else: + client_ip = '' + except requests.exceptions.RequestException as e: + print("Unable to determine client IP") client_ip = '' build_path = os.path.dirname(os.path.realpath(__file__)) @@ -104,6 +111,21 @@ def get_input(prompt): print(line.replace('%%BUCKET_NAME%%', 'your-s3-bucket-name-here').replace('%%SOLUTION_NAME%%/%%VERSION%%', 'your-s3-folder-name-here').replace('\n', '')) print(" > Creating archive for build id: " + unique_id) + + # Sanitize build (remove unwanted characters, esp when you build with Cygwin) + wrong_chars = ["\\r", "\\^M"] + for path, subdirs, files in os.walk(build_folder + '/'): + for file in files: + file = build_path + "/" + build_folder + '/' + file + if file.endswith(".template") \ + or file.endswith(".sh") \ + or file.endswith(".cfg") \ + or file.endswith(".txt"): + for char in wrong_chars: + massedit.edit_files([file], + ["re.sub(r'" + char + "', '', line)"], + dry_run=False) + make_archive('dist/' + output_prefix, 'gztar', build_folder) diff --git a/source/requirements.txt b/source/requirements.txt index 0ddfb83f..7ae6c703 100644 --- a/source/requirements.txt +++ b/source/requirements.txt @@ -1,3 +1,4 @@ boto3 colored requests +massedit \ No newline at end of file diff --git a/source/scale-out-computing-on-aws.template b/source/scale-out-computing-on-aws.template index fcd0ca8a..8320934e 100644 --- a/source/scale-out-computing-on-aws.template +++ b/source/scale-out-computing-on-aws.template @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: (SO0072) - Scale-Out Computing on AWS. Template version 2.6.0 +Description: (SO0072) - Scale-Out Computing on AWS. Template version 2.6.1 Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -121,7 +121,7 @@ Mappings: Info: Data: ClusterIdPrefix: soca - Version: 2.6.0 + Version: 2.6.1 User: centos7: centos amazonlinux2: ec2-user @@ -130,78 +130,85 @@ Mappings: RegionMap: - ap-east-1: # Hong Kong + af-south-1: + amazonlinux2: ami-0c6e605ab94c1af57 + centos7: ami-0b761332115c38669 + ap-east-1: + amazonlinux2: ami-d60844a7 + centos7: ami-09611bd6fa5dd0e3d rhel7: ami-1a453e6b - centos7: ami-68e59c19 - amazonlinux2: ami-570c7726 - ap-northeast-1: # Tokyo - rhel7: ami-00b95502a4d51a07e - centos7: ami-045f38c93733dd48d - amazonlinux2: ami-0c3fd0f5d33134a76 - ap-northeast-2: # Seoul - rhel7: ami-041b16ca28f036753 - centos7: ami-06cf2a72dadf92410 - amazonlinux2: ami-095ca789e0549777d - ap-south-1: # Mumbai - rhel7: ami-0963937a03c01ecd4 - centos7: ami-02e60be79e78fef21 - amazonlinux2: ami-0d2692b6acea72ee6 - ap-southeast-1: # Singapore - rhel7: ami-055c55112e25b1f1f - centos7: ami-0b4dd9d65556cac22 - amazonlinux2: ami-01f7527546b557442 - ap-southeast-2: # Sydney - rhel7: ami-036b423b657376f5b - centos7: ami-08bd00d7713a39e7d - amazonlinux2: ami-0dc96254d5535925f - ca-central-1: # Canada - rhel7: ami-06ca3c0058d0275b3 - centos7: ami-033e6106180a626d0 - amazonlinux2: ami-0d4ae09ec9361d8ac - eu-central-1: # Frankfurt - rhel7: ami-09de4a4c670389e4b - centos7: ami-04cf43aca3e6f3de3 - amazonlinux2: ami-0cc293023f983ed53 - eu-north-1: # Stockholm - rhel7: ami-66f67f18 - centos7: ami-5ee66f20 - amazonlinux2: ami-3f36be41 - eu-west-1: # Dublin - rhel7: ami-0202869bdd0fc8c75 - centos7: ami-0ff760d16d9497662 - amazonlinux2: ami-0bbc25e23a7640b9b - eu-west-2: # London - rhel7: ami-0188c0c5eddd2d032 - centos7: ami-0eab3a90fc693af19 - amazonlinux2: ami-0d8e27447ec2c8410 - eu-west-3: # Paris - rhel7: ami-0c4224e392ec4e440 - centos7: ami-0e1ab783dc9489f34 - amazonlinux2: ami-0adcddd3324248c4c - me-south-1: # Bahrain - rhel7: AMI_NOT_ADDED_YET # /todo Update AMI ID when available - centos7: ami-08529c51dbe004acb - amazonlinux2: ami-0624cbc1598d12691 - us-east-1: # Virginia - rhel7: ami-000db10762d0c4c05 - centos7: ami-02eac2c0129f6376b - amazonlinux2: ami-0b898040803850657 - us-east-2: # Ohio - rhel7: ami-094720ddca649952f - centos7: ami-0f2b4fc905b0bd1f1 - amazonlinux2: ami-0d8f6eb4f641ef691 - us-west-1: # Northern California - rhel7: ami-04642fc8fca1e8e67 - centos7: ami-074e2d6769f445be5 - amazonlinux2: ami-056ee704806822732 - us-west-2: # Oregon - rhel7: ami-036affea69a1101c9 - centos7: ami-01ed306a12b7d1c96 - amazonlinux2: ami-082b5a644766e0e6f - sa-east-1: # Sao Paulo - rhel7: ami-05c1c16cac05a7c0b - centos7: ami-0b8d86d4bf91850af - amazonlinux2: ami-058943e7d9b9cabfb + ap-northeast-1: + amazonlinux2: ami-01748a72bed07727c + centos7: ami-0ddea5e0f69c193a4 + rhel7: ami-0e3e6ca71a19ccf06 + ap-northeast-2: + amazonlinux2: ami-0094965d55b3bb1ff + centos7: ami-0e4214f08b51e23cc + rhel7: ami-0f84aff229263c1fc + ap-south-1: + amazonlinux2: ami-04b1ddd35fd71475a + centos7: ami-0ffc7af9c06de0077 + rhel7: ami-0b105c57e305d9064 + ap-southeast-1: + amazonlinux2: ami-00b8d9cb8a7161e41 + centos7: ami-0adfdaea54d40922b + rhel7: ami-031290b4bd9eaa715 + ap-southeast-2: + amazonlinux2: ami-06ce513624b435a22 + centos7: ami-03d56f451ca110e99 + rhel7: ami-06d2821bfc76dcda3 + ca-central-1: + amazonlinux2: ami-0c3e7f50c89a372ae + centos7: ami-0a7c5b189b6460115 + rhel7: ami-0a43efe505004e592 + eu-central-1: + amazonlinux2: ami-03c3a7e4263fd998c + centos7: ami-08b6d44b4f6f7b279 + rhel7: ami-0fc86555914f6a9f2 + eu-north-1: + amazonlinux2: ami-02cb52d7ba9887a93 + centos7: ami-0358414bac2039369 + rhel7: ami-8833bbf6 + eu-south-1: + amazonlinux2: ami-080807541452b0410 + centos7: ami-0fe3899b62205176a + rhel7: ami-004f2ac6013e4fcfb + eu-west-1: + amazonlinux2: ami-01720b5f421cf0179 + centos7: ami-04f5641b0d178a27a + rhel7: ami-04c89a19fea29f1f0 + eu-west-2: + amazonlinux2: ami-0e80a462ede03e653 + centos7: ami-0b22fcaf3564fb0c9 + rhel7: ami-06fe0c124aedcef5f + eu-west-3: + amazonlinux2: ami-00798d7180f25aac2 + centos7: ami-072ec828dae86abe5 + rhel7: ami-08295de7534115935 + me-south-1: + amazonlinux2: ami-0032aa87bb75498ea + centos7: ami-0ac17dcdd6f6f4eb6 + rhel7: ami-0e845cba4071a4a1a + sa-east-1: + amazonlinux2: ami-022082b7f1da62478 + centos7: ami-02334c45dd95ca1fc + rhel7: ami-06efd558d6a5fb959 + us-east-1: + amazonlinux2: ami-0be2609ba883822ec + centos7: ami-00e87074e52e6c9f9 + rhel7: ami-08a7d2bfef687328f + us-east-2: + amazonlinux2: ami-0a0ad6b70e61be944 + centos7: ami-00f8e2c955f7ffa9b + rhel7: ami-0e166e72fda655c63 + us-west-1: + amazonlinux2: ami-03130878b60947df3 + centos7: ami-08d2d8b00f270d03b + rhel7: ami-056efb42b219f9abb + us-west-2: + amazonlinux2: ami-0a36eb8fadc976275 + centos7: ami-0686851c4e7b1a8e1 + rhel7: ami-02deb4589e0f0d95e Conditions: UseCustomAMI: !Not [!Equals [!Ref CustomAMI, ""]] @@ -380,7 +387,6 @@ Resources: UserName: !Ref UserName UserPassword: !Ref UserPassword SchedulerPublicIP: !GetAtt Network.Outputs.SchedulerPublicIP - SchedulerPublicIPAllocation: !GetAtt Network.Outputs.SchedulerPublicIPAllocation TemplateURL: !Join [ "/", [!Sub "https://s3.${AWS::URLSuffix}", !Ref S3InstallBucket, !Ref S3InstallFolder, "templates/Scheduler.template"] ] TimeoutInMinutes: 60 diff --git a/source/scripts/config.cfg b/source/scripts/config.cfg index 3ae357c8..42c7694e 100644 --- a/source/scripts/config.cfg +++ b/source/scripts/config.cfg @@ -1,8 +1,8 @@ # Python -PYTHON_VERSION="3.7.1" -PYTHON_TGZ="Python-3.7.1.tgz" -PYTHON_URL="https://www.python.org/ftp/python/3.7.1/Python-3.7.1.tgz" -PYTHON_HASH="99f78ecbfc766ea449c4d9e7eda19e83" +PYTHON_VERSION="3.7.9" +PYTHON_TGZ="Python-3.7.9.tgz" +PYTHON_URL="https://www.python.org/ftp/python/3.7.9/Python-3.7.9.tgz" +PYTHON_HASH="bcd9f22cf531efc6f06ca6b9b2919bd4" # Scheduler OPENPBS_VERSION="20.0.1" @@ -17,16 +17,16 @@ OPENMPI_URL="https://download.open-mpi.org/release/open-mpi/v4.0/openmpi-4.0.1.t OPENMPI_HASH="c72d9eb908a0f60e3155698a646cde38" # DCV -DCV_VERSION="2020.1-9012-el7-x86_64" -DCV_TGZ="nice-dcv-2020.1-9012-el7-x86_64.tgz" -DCV_URL="https://d1uj6qtbmh3dt5.cloudfront.net/2020.1/Servers/nice-dcv-2020.1-9012-el7-x86_64.tgz" -DCV_HASH="bbb715b47c0e47711deef1870c70120e" +DCV_VERSION="2020.2-9662-el7-x86_64" +DCV_TGZ="nice-dcv-2020.2-9662-el7-x86_64.tgz" +DCV_URL="https://d1uj6qtbmh3dt5.cloudfront.net/2020.2/Servers/nice-dcv-2020.2-9662-el7-x86_64.tgz" +DCV_HASH="1320245a52c7118c02f4dec2b2eacd46" # EFA -EFA_VERSION="1.9.3" -EFA_TGZ="aws-efa-installer-1.9.3.tar.gz" -EFA_URL="https://efa-installer.amazonaws.com/aws-efa-installer-1.9.3.tar.gz" -EFA_HASH="95755765a097802d3e6d5018d1a5d3d6" +EFA_VERSION="1.11.1" +EFA_TGZ="aws-efa-installer-1.11.1.tar.gz" +EFA_URL="https://efa-installer.amazonaws.com/aws-efa-installer-1.11.1.tar.gz" +EFA_HASH="026b0d9a0a48780cc7406bd51997b1c0" # Metric Beat METRICBEAST_RPM="metricbeat-oss-7.6.2-x86_64.rpm" diff --git a/source/scripts/requirements.txt b/source/scripts/requirements.txt index d6905778..a7fab14d 100644 --- a/source/scripts/requirements.txt +++ b/source/scripts/requirements.txt @@ -1,16 +1,16 @@ -awscli==1.18.154 +awscli==1.18.197 apscheduler==3.6.3 tzlocal==2.1 asn1crypto==1.3.0 -boto3==1.15.13 -botocore==1.18.13 +boto3==1.16.37 +botocore==1.19.37 cachetools==4.1.0 cffi==1.14.0 cfn-flip==1.2.2 Click==7.0 colorama==0.3.9 cryptography==3.2 -docutils==0.16 +docutils==0.15.2 ecdsa==0.15 elasticsearch==6.3.1 Flask==1.0.3 diff --git a/source/soca/cluster_analytics/job_tracking.py b/source/soca/cluster_analytics/job_tracking.py index 3759e112..aece7372 100755 --- a/source/soca/cluster_analytics/job_tracking.py +++ b/source/soca/cluster_analytics/job_tracking.py @@ -261,7 +261,7 @@ def read_file(filename): # Update EBS rate for your region # EBS Formulas: https://aws.amazon.com/ebs/pricing/ - ebs_gp2_storage = 0.1 # $ per gb per month + ebs_gp3_storage = 0.08 # $ per gb per month ebs_io1_storage = 0.125 # $ per gb per month provisionied_io = 0.065 # IOPS per month fsx_lustre = 0.000194 # GB per hour @@ -275,14 +275,14 @@ def read_file(filename): tmp['estimated_price_fsx_lustre'] = 0 if 'root_size' in tmp.keys(): - tmp['estimated_price_storage_root_size'] = ((int(tmp['root_size']) * ebs_gp2_storage * simulation_time_seconds_with_penalty) / (86400 * 30)) * tmp['nodect'] + tmp['estimated_price_storage_root_size'] = ((int(tmp['root_size']) * ebs_gp3_storage * simulation_time_seconds_with_penalty) / (86400 * 30)) * tmp['nodect'] if 'scratch_size' in tmp.keys(): if 'scratch_iops' in tmp.keys(): tmp['estimated_price_storage_scratch_size'] = ((int(tmp['scratch_size']) * ebs_io1_storage * simulation_time_seconds_with_penalty) / (86400 * 30)) * tmp['nodect'] tmp['estimated_price_storage_scratch_iops'] = ((int(tmp['scratch_iops']) * provisionied_io * simulation_time_seconds_with_penalty) / (86400 * 30)) * tmp['nodect'] else: - tmp['estimated_price_storage_scratch_size'] = ((int(tmp['scratch_size']) * ebs_gp2_storage * simulation_time_seconds_with_penalty) / (86400 * 30)) * tmp['nodect'] + tmp['estimated_price_storage_scratch_size'] = ((int(tmp['scratch_size']) * ebs_gp3_storage * simulation_time_seconds_with_penalty) / (86400 * 30)) * tmp['nodect'] if 'fsx_lustre_bucket' in tmp.keys(): if tmp['fsx_lustre_bucket'] != 'false': diff --git a/source/soca/cluster_manager/add_nodes.py b/source/soca/cluster_manager/add_nodes.py index f80ecb59..b7b2dbe5 100644 --- a/source/soca/cluster_manager/add_nodes.py +++ b/source/soca/cluster_manager/add_nodes.py @@ -6,6 +6,7 @@ import sys import uuid import boto3 +from math import ceil from botocore.exceptions import ClientError sys.path.append(os.path.dirname(__file__)) @@ -19,6 +20,32 @@ servicequotas = boto3.client("service-quotas") aligo_configuration = configuration.get_aligo_configuration() +def find_running_cpus_per_instance(instance_list): + running_vcpus = 0 + token = True + next_token = '' + while token is True: + response = ec2.describe_instances( + Filters=[ + {'Name': 'instance-type', 'Values': instance_list}, + {'Name': 'instance-state-name', 'Values': ['running', 'pending']}], + MaxResults=1000, + NextToken=next_token, + ) + try: + next_token = response['NextToken'] + except KeyError: + token = False + for reservation in response['Reservations']: + for instance in reservation['Instances']: + if "CpuOptions" in instance.keys(): + running_vcpus += instance["CpuOptions"]["CoreCount"] * 2 + else: + if 'xlarge' in instance["InstanceType"]: + running_vcpus += 4 + else: + running_vcpus += 2 + return running_vcpus def verify_ri_saving_availabilities(instance_type, instance_type_info): if instance_type not in instance_type_info.keys(): @@ -60,8 +87,8 @@ def verify_ri_saving_availabilities(instance_type, instance_type_info): for reservation in get_ri_count["ReservedInstances"]: instance_type_info[instance_type]["current_ri_purchased"] += reservation["InstanceCount"] - print("Detected {} running {} instance ".format(instance_type_info[instance_type]["current_instance_in_use"],instance_type)) - print("Detected {} RI for {} instance ".format(instance_type_info[instance_type]["current_ri_purchased"], instance_type)) + #print("Detected {} running {} instance ".format(instance_type_info[instance_type]["current_instance_in_use"],instance_type)) + #print("Detected {} RI for {} instance ".format(instance_type_info[instance_type]["current_ri_purchased"], instance_type)) return instance_type_info def verify_vcpus_limit(instance_type, desired_capacity, quota_info): @@ -123,58 +150,13 @@ def verify_vcpus_limit(instance_type, desired_capacity, quota_info): if not quota_info or instance_type not in quota_info.keys(): all_instances_available = ec2._service_model.shape_for('InstanceType').enum all_instances_for_quota = [instance_family for x in instances_family_allowed_in_quota for instance_family in all_instances_available if instance_family.startswith(x.rstrip().lstrip())] - # get all running instance - token = True - next_token = '' - while token is True: - response = ec2.describe_instances( - Filters=[ - # Describe instance as a limit of 200 filters - {'Name': 'instance-type', 'Values': all_instances_for_quota[0:150]}, - {'Name': 'instance-state-name', 'Values': ['running', 'pending']}], - MaxResults=1000, - NextToken=next_token, - ) - try: - next_token = response['NextToken'] - except KeyError: - token = False - for reservation in response['Reservations']: - for instance in reservation['Instances']: - if "CpuOptions" in instance.keys(): - running_vcpus += instance["CpuOptions"]["CoreCount"] * 2 - else: - if 'xlarge' in instance["InstanceType"]: - running_vcpus += 4 - else: - running_vcpus += 2 - - # Describe instance as a limit of 200 filters - if len(all_instances_for_quota) > 150: - token = True - next_token = '' - while token is True: - response = ec2.describe_instances( - Filters=[ - {'Name': 'instance-type', 'Values': all_instances_for_quota[150:]}, - {'Name': 'instance-state-name', 'Values': ['running', 'pending']}], - MaxResults=1000, - NextToken=next_token, - ) - try: - next_token = response['NextToken'] - except KeyError: - token = False - - for reservation in response['Reservations']: - for instance in reservation['Instances']: - if "CpuOptions" in instance.keys(): - running_vcpus += instance["CpuOptions"]["CoreCount"] * 2 - else: - if 'xlarge' in instance["InstanceType"]: - running_vcpus += 4 - else: - running_vcpus += 2 + required_api_calls = ceil(len(all_instances_for_quota) / 190) + for i in range(0, required_api_calls): + # DescribeInstances has a limit of 200 attributes per filter + instances_to_check = all_instances_for_quota[i * 190:(i + 1) * 190] + if instances_to_check: + running_vcpus += find_running_cpus_per_instance(instances_to_check) + else: running_vcpus = quota_info[instance_type]["vcpus_provisioned"] diff --git a/source/soca/cluster_manager/cloudformation_builder.py b/source/soca/cluster_manager/cloudformation_builder.py index 86623679..f986d7d5 100644 --- a/source/soca/cluster_manager/cloudformation_builder.py +++ b/source/soca/cluster_manager/cloudformation_builder.py @@ -52,7 +52,7 @@ def main(**params): # Metadata t = Template() t.set_version("2010-09-09") - t.set_description("(SOCA) - Base template to deploy compute nodes. Version 2.6.0") + t.set_description("(SOCA) - Base template to deploy compute nodes. Version 2.6.1") allow_anonymous_data_collection = params["MetricCollectionAnonymous"] debug = False mip_usage = False @@ -208,7 +208,7 @@ def main(**params): DeviceName="/dev/xvda" if params["BaseOS"] == "amazonlinux2" else "/dev/sda1", Ebs=EBSBlockDevice( VolumeSize=params["RootSize"], - VolumeType="gp2", + VolumeType="gp3", DeleteOnTermination="false" if params["KeepEbs"] is True else "true", Encrypted=True)) ] @@ -218,7 +218,7 @@ def main(**params): DeviceName="/dev/xvdbx", Ebs=EBSBlockDevice( VolumeSize=params["ScratchSize"], - VolumeType="io1" if int(params["VolumeTypeIops"]) > 0 else "gp2", + VolumeType="io1" if int(params["VolumeTypeIops"]) > 0 else "gp3", Iops=params["VolumeTypeIops"] if int(params["VolumeTypeIops"]) > 0 else Ref("AWS::NoValue"), DeleteOnTermination="false" if params["KeepEbs"] is True else "true", Encrypted=True)) diff --git a/source/soca/cluster_node_bootstrap/windows/ComputeNodeInstallDCVWindows.ps b/source/soca/cluster_node_bootstrap/windows/ComputeNodeInstallDCVWindows.ps index 57d12a22b232602232b12ac4e9463b0a4fa583dc..6c9b17e5a0393a76d46ac92476d72a7bee796cba 100644 GIT binary patch delta 722 zcma))!AiqG5QgsoPx=5usF+B15s!k0+E%GzQW|NGvPq_CbdxRF#G)d31;NKq58iw= zZ|-i|+TP3|EW`i*-_GoOyFc{xXA%s>0*hdVoLjAuB_7KVPQk+k@xwceO6X+lN#wNO zJ*LWqoGP%A){T~4;iJ;q+Gnp5=$P?J=h#w2jNFNk><50gb9?EZ-41&Dwq>OLBFExi zG?p0cil$O)c5*2~Q*F47U=9A``4g`{S|NvpFkStpMV2hp8(2ft8S3^2= zw!I|c={>^1gW!h;Zj){Z{ZNhtuQD9OYT8>S8dRYyi!@K1qxSKUOGh~8EJDXtDRx`` xiS3$;>L|SzY7^87bb*XeimHeZTAKi(7jv~rZGA8=V@}IanYb70"+job_output_path+""}, 200 except subprocess.CalledProcessError as e: - return {"succes": False, + return {"success": False, "message": { "error": "Unable to submit the job. Please verify your script file (eg: malformed inputs, syntax error, extra space in the PBS variables ...) or refer to the 'stderr' message.", "stderr": '{}'.format(e.stderr.decode(sys.getfilesystemencoding())), @@ -174,7 +174,7 @@ def post(self): }, 500 except Exception as err: - return {"succes": False, "message": {"error": "Unable to run Qsub command.", + return {"success": False, "message": {"error": "Unable to run Qsub command.", "trace": str(err), "job_script": str(payload)}}, 500 @@ -233,7 +233,7 @@ def delete(self): delete_job = subprocess.check_output(shlex.split(qdel_command)) return {"success": True, "message": "Job deleted"} except Exception as err: - return {"succes": False, "message": "Unable to execute qsub command: " + str(err)}, 500 + return {"success": False, "message": "Unable to execute qdel command: " + str(err)}, 500 except Exception as err: return {"success": False, "message": "Unknown error: " + str(err)}, 500 diff --git a/source/soca/cluster_web_ui/api/v1/scheduler/pbspro/jobs.py b/source/soca/cluster_web_ui/api/v1/scheduler/pbspro/jobs.py index 04f07fa6..41cfe080 100644 --- a/source/soca/cluster_web_ui/api/v1/scheduler/pbspro/jobs.py +++ b/source/soca/cluster_web_ui/api/v1/scheduler/pbspro/jobs.py @@ -52,7 +52,7 @@ def get(self): return {"success": True, "message": job_for_user["Jobs"]}, 200 except Exception as err: - return {"succes": False, "message": "Unable to retrieve Job ID (job may have terminated and is no longer in the queue)"}, 500 + return {"success": False, "message": "Unable to retrieve Job ID (job may have terminated and is no longer in the queue)"}, 500 except Exception as err: return {"success": False, "message": "Unknown error: " + str(err)}, 500 diff --git a/source/soca/cluster_web_ui/dcv_cloudformation_builder.py b/source/soca/cluster_web_ui/dcv_cloudformation_builder.py index c3b10eec..19ef8d5a 100644 --- a/source/soca/cluster_web_ui/dcv_cloudformation_builder.py +++ b/source/soca/cluster_web_ui/dcv_cloudformation_builder.py @@ -38,7 +38,7 @@ def main(**launch_parameters): 'Ebs': { 'DeleteOnTermination': True, 'VolumeSize': 30 if launch_parameters["disk_size"] is False else int(launch_parameters["disk_size"]), - 'VolumeType': 'gp2', + 'VolumeType': 'gp3', 'Encrypted': True} }] instance.ImageId = launch_parameters["image_id"] diff --git a/source/soca/cluster_web_ui/templates/common/horizontal_menu_bar.html b/source/soca/cluster_web_ui/templates/common/horizontal_menu_bar.html index b99149f1..99fca71b 100644 --- a/source/soca/cluster_web_ui/templates/common/horizontal_menu_bar.html +++ b/source/soca/cluster_web_ui/templates/common/horizontal_menu_bar.html @@ -1,5 +1,5 @@
-

Scale-Out Computing on AWS (version 2.6.0)

+

Scale-Out Computing on AWS (version 2.6.1)

Source Code Help and Support diff --git a/source/soca/cluster_web_ui/templates/remote_desktop.html b/source/soca/cluster_web_ui/templates/remote_desktop.html index fe4806d5..ca920316 100644 --- a/source/soca/cluster_web_ui/templates/remote_desktop.html +++ b/source/soca/cluster_web_ui/templates/remote_desktop.html @@ -184,7 +184,7 @@
{% if session_data.session_state == 'pending' %} diff --git a/source/soca/cluster_web_ui/templates/submit_job.html b/source/soca/cluster_web_ui/templates/submit_job.html index c904e594..4f4fd10c 100644 --- a/source/soca/cluster_web_ui/templates/submit_job.html +++ b/source/soca/cluster_web_ui/templates/submit_job.html @@ -41,7 +41,7 @@
- +

diff --git a/source/soca/cluster_web_ui/templates/submit_job_selected_application.html b/source/soca/cluster_web_ui/templates/submit_job_selected_application.html index f55ce5ca..56b10966 100644 --- a/source/soca/cluster_web_ui/templates/submit_job_selected_application.html +++ b/source/soca/cluster_web_ui/templates/submit_job_selected_application.html @@ -87,7 +87,7 @@

Theses numbers are just an estimate based on: -
  • Does not reflect any additional charges such as network or storage transfer or usage of io1 volume (default to gp2)
  • +
  • Does not reflect any additional charges such as network or storage transfer or usage of io1 volume (default to gp3)
  • Compute rate retrieved for your running region
  • FSx Persistent Baseline: (50 MB/s/TiB baseline, up to 1.3 GB/s/TiB burst)
  • FSx Scratch Baseline: (200 MB/s/TiB baseline, up to 1.3 GB/s/TiB burst)
  • diff --git a/source/soca/cluster_web_ui/views/my_files.py b/source/soca/cluster_web_ui/views/my_files.py index fdf67ca3..3de5165b 100644 --- a/source/soca/cluster_web_ui/views/my_files.py +++ b/source/soca/cluster_web_ui/views/my_files.py @@ -245,13 +245,17 @@ def index(): try: for entry in os.scandir(path): if not entry.name.startswith("."): - filesystem[entry.name] = {"path": path + "/" + entry.name, - "uid": encrypt(path + "/" + entry.name, entry.stat().st_size)["message"], - "type": "folder" if entry.is_dir() else "file", - "st_size": convert_size(entry.stat().st_size), - "st_size_default": entry.stat().st_size, - "st_mtime": entry.stat().st_mtime - } + try: + filesystem[entry.name] = {"path": path + "/" + entry.name, + "uid": encrypt(path + "/" + entry.name, entry.stat().st_size)["message"], + "type": "folder" if entry.is_dir() else "file", + "st_size": convert_size(entry.stat().st_size), + "st_size_default": entry.stat().st_size, + "st_mtime": entry.stat().st_mtime + } + except Exception as err: + # most likely symbolic link pointing to wrong location + flash("{} returned an error and cannot be displayed: {}".format(entry.name, err)) cache[CACHE_FOLDER_CONTENT_PREFIX + path] = filesystem except Exception as err: diff --git a/source/soca/cluster_web_ui/views/remote_desktop.py b/source/soca/cluster_web_ui/views/remote_desktop.py index 3f7f61d5..e4e44c21 100644 --- a/source/soca/cluster_web_ui/views/remote_desktop.py +++ b/source/soca/cluster_web_ui/views/remote_desktop.py @@ -54,7 +54,7 @@ def can_launch_instance(launch_parameters): 'Ebs': { 'DeleteOnTermination': True, 'VolumeSize': 30 if launch_parameters["disk_size"] is False else int(launch_parameters["disk_size"]), - 'VolumeType': 'gp2', + 'VolumeType': 'gp3', 'Encrypted': True }, }, @@ -334,6 +334,12 @@ def create(): echo export "SOCA_INSTANCE_TYPE=$GET_INSTANCE_TYPE" >> /etc/environment echo export "SOCA_HOST_SYSTEM_LOG="/apps/soca/''' + str(soca_configuration['ClusterId']) + '''/cluster_node_bootstrap/logs/desktop/''' + str(session["user"]) + '''/''' + session_name + '''/$(hostname -s)"" >> /etc/environment echo export "AWS_DEFAULT_REGION="'''+region+'''"" >> /etc/environment +# Required for proper EBS tagging +echo export "SOCA_JOB_ID="''' + str(session_name) +'''"" >> /etc/environment +echo export "SOCA_JOB_OWNER="''' + str(session["user"]) + '''"" >> /etc/environment +echo export "SOCA_JOB_PROJECT="dcv"" >> /etc/environment +echo export "SOCA_JOB_QUEUE="dcv"" >> /etc/environment + source /etc/environment AWS=$(which aws) # Give yum permission to the user on this specific machine diff --git a/source/soca/cluster_web_ui/views/remote_desktop_windows.py b/source/soca/cluster_web_ui/views/remote_desktop_windows.py index 934e9f67..9c9de9e8 100644 --- a/source/soca/cluster_web_ui/views/remote_desktop_windows.py +++ b/source/soca/cluster_web_ui/views/remote_desktop_windows.py @@ -46,7 +46,7 @@ def can_launch_instance(launch_parameters): 'Ebs': { 'DeleteOnTermination': True, 'VolumeSize': 30 if launch_parameters["disk_size"] is False else int(launch_parameters["disk_size"]), - 'VolumeType': 'gp2', + 'VolumeType': 'gp3', 'Encrypted': True }, }, @@ -319,6 +319,12 @@ def create(): user_data = user_data.replace("%SOCA_LoadBalancerDNSName%", soca_configuration['LoadBalancerDNSName']) user_data = user_data.replace("%SOCA_LOCAL_USER%", session["user"]) + # required for EBS tagging + user_data = user_data.replace("%SOCA_JOB_ID%", str(session_name)) + user_data = user_data.replace("%SOCA_JOB_OWNER%", session["user"]) + user_data = user_data.replace("%SOCA_JOB_PROJECT%", "dcv") + + if config.Config.DCV_WINDOWS_AUTOLOGON is True: user_data = user_data.replace("%SOCA_WINDOWS_AUTOLOGON%", "true") else: diff --git a/source/templates/Network.template b/source/templates/Network.template index a1684ec3..6c71ef1f 100644 --- a/source/templates/Network.template +++ b/source/templates/Network.template @@ -127,6 +127,11 @@ Resources: Type: AWS::EC2::EIP Properties: Domain: vpc + Tags: + - Key: Name + Value: !Sub ${ClusterId}-EIPNat + - Key: soca:ClusterId + Value: !Ref ClusterId EIPScheduler: Type: AWS::EC2::EIP @@ -134,7 +139,7 @@ Resources: Domain: vpc Tags: - Key: Name - Value: !Ref ClusterId + Value: !Sub ${ClusterId}-EIPScheduler - Key: soca:ClusterId Value: !Ref ClusterId @@ -261,5 +266,3 @@ Outputs: Value: !Ref EIPNat SchedulerPublicIP: Value: !Ref EIPScheduler - SchedulerPublicIPAllocation: - Value: !GetAtt EIPScheduler.AllocationId diff --git a/source/templates/Scheduler.template b/source/templates/Scheduler.template index 0501cdb7..682964b6 100644 --- a/source/templates/Scheduler.template +++ b/source/templates/Scheduler.template @@ -50,10 +50,6 @@ Parameters: SchedulerPublicIP: Type: String - SchedulerPublicIPAllocation: - Type: String - - Conditions: UseAmazonLinux: !Equals [ !Ref BaseOS, 'amazonlinux2'] @@ -70,7 +66,7 @@ Resources: - DeviceName: !If [UseAmazonLinux, "/dev/xvda", "/dev/sda1"] Ebs: VolumeSize: 150 - VolumeType: gp2 + VolumeType: gp3 Encrypted: true KeyName: !Ref SSHKeyPair From 5ecdad71c6a86e98255dbcdd842f289976765849 Mon Sep 17 00:00:00 2001 From: mcrozes Date: Fri, 22 Jan 2021 10:32:06 -0500 Subject: [PATCH 02/13] Windows: Updated manual_build.py with a link to GH releases --- CHANGELOG.md | 1 - source/manual_build.py | 36 +++++++++++++----------------------- source/requirements.txt | 3 +-- 3 files changed, 14 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12793841..e845b4c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Use new gp3 volumes instead of gp2 since they're more cost effective and provide 3000 IOPS baseline - Removed SchedulerPublicIPAllocation from Scheduler.template as it's no longer used - Updated CentOS, ALI2 and RHEL76 AMIs -- Fixed manual builds on Windows+Cygwin environments ## [2.6.0] - 2020-10-29 ### Added diff --git a/source/manual_build.py b/source/manual_build.py index 6d05b838..c3fa5a01 100644 --- a/source/manual_build.py +++ b/source/manual_build.py @@ -35,11 +35,17 @@ def get_input(prompt): import boto3 from requests import get import requests.exceptions - import massedit from botocore.client import ClientError from botocore.exceptions import ProfileNotFound except ImportError: - print(" > You must have 'massedit, 'colored', 'boto3' and 'requests' installed. Run 'pip install boto3 colored requests massedit' or 'pip install -r requirements.txt' first") + print(" > You must have , 'colored', 'boto3' and 'requests' installed. Run 'pip install boto3 colored requests massedit' or 'pip install -r requirements.txt' first") + exit(1) + + if os.name == "nt": + print("%sSorry, Windows builds are currently not supported. Please use a UNIX system if you want to do a custom build\n%s" % (fg('yellow'), attr('reset'))) + print("%s=== How to install SOCA on Window s===%s" % (fg('yellow'), attr('reset'))) + print("%s1 - Download the latest release (RELEASE-.tar.gz) from https://github.com/awslabs/scale-out-computing-on-aws/releases%s" % (fg('yellow'), attr('reset'))) + print("%s2 - Install SOCA via https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/#option-2-download-the-latest-release-targz%s" % (fg('yellow'), attr('reset'))) exit(1) parser = argparse.ArgumentParser(description='Build & Upload SOCA CloudFormation resources.') @@ -66,16 +72,17 @@ def get_input(prompt): session = boto3.session.Session(profile_name=args.profile) s3 = session.resource('s3', region_name=region) except ProfileNotFound: - print(" > Profile %s not found. Check ~/.aws/credentials file." % args.profile) + print("%s> Profile %s not found. Check ~/.aws/credentials file.%s" % (fg('red'), args.profile, attr('reset'))) exit(1) + else: s3 = boto3.resource('s3', region_name=region) s3.meta.client.head_bucket(Bucket=bucket) s3_bucket_exists = True except ClientError as e: - print(" > The bucket " + bucket + " does not exist or you have no access.") - print(e) - print(" > Building locally but not uploading to S3") + print("%s > The bucket %s does not exist or you have no access.%s" % (fg('red'), bucket, attr('reset'))) + print("%s %s %s" % (fg('red'), e, attr('reset'))) + print("%s> Building locally but not uploading to S3%s" % (fg('yellow'), attr('reset'))) # Detect Client IP try: @@ -111,25 +118,8 @@ def get_input(prompt): print(line.replace('%%BUCKET_NAME%%', 'your-s3-bucket-name-here').replace('%%SOLUTION_NAME%%/%%VERSION%%', 'your-s3-folder-name-here').replace('\n', '')) print(" > Creating archive for build id: " + unique_id) - - # Sanitize build (remove unwanted characters, esp when you build with Cygwin) - wrong_chars = ["\\r", "\\^M"] - for path, subdirs, files in os.walk(build_folder + '/'): - for file in files: - file = build_path + "/" + build_folder + '/' + file - if file.endswith(".template") \ - or file.endswith(".sh") \ - or file.endswith(".cfg") \ - or file.endswith(".txt"): - for char in wrong_chars: - massedit.edit_files([file], - ["re.sub(r'" + char + "', '', line)"], - dry_run=False) - make_archive('dist/' + output_prefix, 'gztar', build_folder) - - if s3_bucket_exists: print("====== Upload to S3 ======\n") print(" > Uploading required files ... ") diff --git a/source/requirements.txt b/source/requirements.txt index 7ae6c703..2b1f917e 100644 --- a/source/requirements.txt +++ b/source/requirements.txt @@ -1,4 +1,3 @@ boto3 colored -requests -massedit \ No newline at end of file +requests \ No newline at end of file From 4704a4244f621a5aeec96168bbae8aa6c3ea6809 Mon Sep 17 00:00:00 2001 From: mcrozes Date: Wed, 3 Feb 2021 09:18:53 -0500 Subject: [PATCH 03/13] DCV sessions provisioned on instance with NVME instance storage don't become unresponsive anymore after a system restart --- source/soca/cluster_node_bootstrap/ComputeNode.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/soca/cluster_node_bootstrap/ComputeNode.sh b/source/soca/cluster_node_bootstrap/ComputeNode.sh index 2c09d5c2..dde7a71c 100644 --- a/source/soca/cluster_node_bootstrap/ComputeNode.sh +++ b/source/soca/cluster_node_bootstrap/ComputeNode.sh @@ -86,7 +86,7 @@ else # If only 1 instance store, mfks as ext4 echo "Detected 1 NVMe device available, formatting as ext4 .." mkfs -t ext4 $VOLUME_LIST - echo "$VOLUME_LIST /scratch ext4 defaults 0 0" >> /etc/fstab + echo "$VOLUME_LIST /scratch ext4 defaults,nofail 0 0" >> /etc/fstab elif [[ $VOLUME_COUNT -gt 1 ]]; then # if more than 1 instance store disks, raid them ! @@ -96,7 +96,7 @@ else echo yes | mdadm --create -f --verbose --level=0 --raid-devices=$VOLUME_COUNT /dev/$DEVICE_NAME ${VOLUME_LIST[@]} mkfs -t ext4 /dev/$DEVICE_NAME mdadm --detail --scan | tee -a /etc/mdadm.conf - echo "/dev/$DEVICE_NAME /scratch ext4 defaults 0 0" >> /etc/fstab + echo "/dev/$DEVICE_NAME /scratch ext4 defaults,nofail 0 0" >> /etc/fstab else echo "All volumes detected already have a partition or mount point and can't be used as scratch devices" fi @@ -291,4 +291,4 @@ echo -e " # Reboot to disable SELINUX sudo reboot -# Upon reboot, ComputenodePostReboot will be executed +# Upon reboot, ComputenodePostReboot will be executed \ No newline at end of file From 034841ed970cfd84c69343bf38049d9214eb20b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Feb 2021 02:11:29 +0000 Subject: [PATCH 04/13] Bump cryptography from 3.2 to 3.3.2 in /source/scripts Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2) Signed-off-by: dependabot[bot] --- source/scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/scripts/requirements.txt b/source/scripts/requirements.txt index a7fab14d..437dff2d 100644 --- a/source/scripts/requirements.txt +++ b/source/scripts/requirements.txt @@ -9,7 +9,7 @@ cffi==1.14.0 cfn-flip==1.2.2 Click==7.0 colorama==0.3.9 -cryptography==3.2 +cryptography==3.3.2 docutils==0.15.2 ecdsa==0.15 elasticsearch==6.3.1 From 6f3c3cd4b5e2e5fba365710e433da151ffe871eb Mon Sep 17 00:00:00 2001 From: mcrozes Date: Tue, 23 Feb 2021 11:19:50 -0500 Subject: [PATCH 05/13] Increased the field length for AMI ID (previously 17) as new AMI ID seems to be 21 chars. Moved to 255 to avoid any further issues as we already validate AMI ID via describe_images() --- source/soca/cluster_web_ui/models.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/soca/cluster_web_ui/models.py b/source/soca/cluster_web_ui/models.py index 4837878e..4ef4baff 100644 --- a/source/soca/cluster_web_ui/models.py +++ b/source/soca/cluster_web_ui/models.py @@ -110,8 +110,8 @@ def as_dict(self): class AmiList(db.Model): id = db.Column(db.Integer, primary_key=True, autoincrement=True) - ami_id = db.Column(db.String(17), nullable=False) - ami_type = db.Column(db.String(7), nullable=False) + ami_id = db.Column(db.String(255), nullable=False) + ami_type = db.Column(db.String(255), nullable=False) ami_label = db.Column(db.Text, nullable=False) created_on = db.Column(db.DateTime) is_active = db.Column(db.Boolean, nullable=False) From 9932f7336a78299d0261c67abbe78488a4a8cdad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Mar 2021 04:53:13 +0000 Subject: [PATCH 06/13] Bump jinja2 from 2.11.1 to 2.11.3 in /source/scripts Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.1 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.11.1...2.11.3) Signed-off-by: dependabot[bot] --- source/scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/scripts/requirements.txt b/source/scripts/requirements.txt index 437dff2d..9075374b 100644 --- a/source/scripts/requirements.txt +++ b/source/scripts/requirements.txt @@ -23,7 +23,7 @@ flask-swagger==0.2.14 Flask-WTF==0.14.3 gunicorn==19.9.0 itsdangerous==1.1.0 -Jinja2==2.11.1 +Jinja2==2.11.3 jmespath==0.9.4 MarkupSafe==1.1.1 prettytable==0.7.2 From fdcf8ade98be7047201e6c19ae033bde1531cfaa Mon Sep 17 00:00:00 2001 From: mcrozes Date: Mon, 22 Mar 2021 17:08:38 -0400 Subject: [PATCH 07/13] Pushing 2.6.1 sync with solBuilder --- CHANGELOG.md | 5 +- docs/imgs/disable-feature-1.png | Bin 0 -> 58343 bytes docs/index.md | 10 +- .../update-soca-dns-ssl-certificate.md | 2 +- docs/{ => tutorials}/access-soca-cluster.md | 4 +- docs/{ => tutorials}/install-soca-cluster.md | 34 +- .../integration-ec2-job-parameters.md | 7 +- .../job-configuration-generator.md | 40 +- docs/tutorials/launch-your-first-job.md | 4 +- docs/web-interface/disable-api.md | 85 ++ docs/web-interface/index.md | 2 +- source/manual_build.py | 2 +- source/scale-out-computing-on-aws.template | 38 +- source/scripts/config.cfg | 16 +- source/soca/cluster_manager/add_nodes.py | 58 +- .../soca/cluster_manager/dcv_alb_manager.py | 4 +- .../cluster_node_bootstrap/ComputeNode.sh | 9 +- .../ComputeNodeInstallDCV.sh | 30 +- source/soca/cluster_web_ui/app.py | 11 + source/soca/cluster_web_ui/decorators.py | 14 +- .../validate_db_permissions.py | 16 + .../static/css/jquery-ui-lightness.-precss | 1179 ----------------- .../static/css/jquery-ui-slider-pips.min.css | 4 - .../static/js/jquery-ui-slider-pips.min.js | 4 - source/soca/cluster_web_ui/views/dashboard.py | 6 +- .../soca/cluster_web_ui/views/my_activity.py | 6 +- .../cluster_web_ui/views/remote_desktop.py | 38 +- .../views/remote_desktop_windows.py | 38 +- source/templates/Analytics.template | 144 +- source/templates/Security.template | 13 + source/templates/Viewer.template | 38 + 31 files changed, 498 insertions(+), 1363 deletions(-) create mode 100644 docs/imgs/disable-feature-1.png rename docs/{ => tutorials}/access-soca-cluster.md (91%) rename docs/{ => tutorials}/install-soca-cluster.md (91%) rename docs/{ => tutorials}/job-configuration-generator.md (82%) create mode 100644 docs/web-interface/disable-api.md create mode 100644 source/soca/cluster_web_ui/scheduled_tasks/validate_db_permissions.py delete mode 100644 source/soca/cluster_web_ui/static/css/jquery-ui-lightness.-precss delete mode 100644 source/soca/cluster_web_ui/static/css/jquery-ui-slider-pips.min.css delete mode 100644 source/soca/cluster_web_ui/static/js/jquery-ui-slider-pips.min.js diff --git a/CHANGELOG.md b/CHANGELOG.md index e845b4c3..0c07fbb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,15 +9,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added Name tag to EIPNat in Network.template - Added support for Milan and Cape Town - EBS volumes provisioned for DCV sessions (Windows/Linux) are now tagged properly +- Support for Graviton2 instances +- Ability to disable web APIs via @disabled decorator ### Changed - Updated EFA to 1.11.1 - Updated Python 3.7.1 to Python 3.7.9 -- Update DCV version to 2020.2 - Updated awscli, boto3, and botocore to support instances announced at Re:Invent 2020 - Use new gp3 volumes instead of gp2 since they're more cost effective and provide 3000 IOPS baseline - Removed SchedulerPublicIPAllocation from Scheduler.template as it's no longer used - Updated CentOS, ALI2 and RHEL76 AMIs +- Instances with NVME instance store don't become unresponsive post-restart due to filesystem checks enforcement +- ElasticSearch is now deployed in private subnets ## [2.6.0] - 2020-10-29 ### Added diff --git a/docs/imgs/disable-feature-1.png b/docs/imgs/disable-feature-1.png new file mode 100644 index 0000000000000000000000000000000000000000..aee5671e8e1f845745456071f19df9e56f2698f0 GIT binary patch literal 58343 zcmeEuRajhI)+X*QAwUT34k5S&cM0w;!L@J=?gV#tcb8zn6Wld86i~QNef@WTot|N? z=4LLM=bWc@oprV?+k3Bf6=90<5~xT7NDvSZs8W)m$`BARG7u1uX$WxOCpQ7(YTz#d zmLejGQX(QGijH<>me!^a5HxYd1_oG?3^YFs4Gj!_jMLL1IRcbJLnD<9d`Ei5dIo!j z4f;t^Q*?AT-ePP(t9*yZSL$uHLWv}~uVeaA5nxbs%)=SRauC-#8DX}q2o6s+64&vG$fvIp_yog)sVH{NRFWmI7o#jgsyQ( zv`M(hSz&+pK$#p-kcJhL*XCXaK!nuS#)Y)I!$KCvqe&~%OA9qP`3RdTnR$qZ1(36R zRmSDJh`(~iiA0G+!G9~XiK_H;2gmgee}D_a2vrsZWiE$BCmQ2Id#tC%ofjIq8|9NM zv_(7#2Jr-)B!l!qZ7#XQ&VwSK2eziiJF2hN_urNSVpWLC}HA2oR7VmJl%D5+wL00N)T0(DA_#@Ze7@ z@GY7H^)D)nOb+zF%8+S)y(s)yL`n+$`Ptaf)YR6=!p=E>9l9Uf)V!sNhO>s8ERV6B z4U?gXoslV%n~nWnRUr7>c)&#)Q)fdGHydkPCmuI`vVXk611|sdn3;^^AFnuD@snxD zDUyiTIhvAiFnwTRArn9%AtB*&G%@2*78Ul>qP!Pjr^+}QBx;lM@xHWOFLVVzuGl4vU73fCnNi- zqrdYb(bCP-T0_**2FxCC9|Ei_ z+}wQssPKP~{@vyOR8@5{bri9)0oQaE_&0<9S@}=m|6cJQeQN%@&kw9De|Gr?<)1bA znE#skAFTKvKL6t>n9%}Ae9V6fO#n%SK)MD3LI^@iR9M9g@;DPd17|4l#VR?&X+o34 zUkD14EG$w80g-fgB%adz!8+UP`p)|0sUT?JqK~dAFcY_Qu7UGplQS&?7YYl>Xc>_r&!|+yz z;&WB96W`5b)?UU`iNj4eaAyo4+5JW{CeP+ejcI zz`S{b!W92{yNQ$x(65ih05hkqKcH9ab;jk?eKmbm7Je`cP%23pEG?3+NCMoGN>UBV ztIUq|6Z0FvLWaYWdbQo04&hj*>xQ-lr*vg=dD_He^N$zFuQNkBTBvHlU8SpNelfQhX)rqdy z1>U99WBhD;x`tC-J0UcWqS*sAQM(lhm(tR2gyL0EPl*bl@Z?ngsML}p^bm@Pvm72@ zZdKJzph;;|e6@n)hBSqu9$8qZ#8}}fFI!goN(Q?*NY{?dhgR=ZmiWOaQ|E|;WbmYV zKw(afsk-AGcwl3`K_`DrDQSeELTi!u#e;*oIPu}ee!t4)y1$fV@v0+5`!%WiqhROM zQS|wx^1Wg!u|lq3g`sHA!gG>&P4cmZV9}erW%)+^+UR~T{Y9O>FtUAhTx_y_Bk?HE zW}sJ9brGyM@y8x|V~nqkD;QBxGv2UAHtRKQA!!GDfOy@>h*rv1$HfA+Wj2(Q;cu^* zj|m=_T6g5m+WhLc@Tn9TM&cv(Cd-lcCQWbEq(9z$9*QpgCJ~chP33l_EVuEatMl-C z>(tZx#6$R$-@8n@Z3(|a$4wsu=<|mN(VgIIxW`IQL&h)yvV2ew`{YGLk)I}s(p8~M;^V8*8 z`|LB(GIWeg)Anty$l>hzqx6%-cdqer8cWJ{HHTBd8mEx1;$gvCy;{9{WxXt>K*3h? z03P36*;>7J8a!Ut4Zq#1nA690d9#7YgTv$)z7ijg^X85Nj&4VZ z&-od2n>C*5=3V=wAl2zGjLY>5?fQ|J`@EL|11#aW&*S__^Op(gnDEC(+L-5^*edHvy`?dk)v{W(@;=KJr{suwNsi-a zVtWTK^?uFIlYNMnYp0k}%F`~!Ip{srVgYZJ%)uy;$*{KR)2_U%^s4P^+vTFlh^7iU ztzsrypNX&l7}K+v+U-M)H?#-WGJE(VVT{SVy*u>kQ_azJNlc4%MyX88uI_+o0pIHi zo;Kg?rZgU{et_#sG|@fxyZF6LYNa)f?hEO@rsk~MdY`o#`SiQvf*;KdSB_5&+uMzC zljpoO%86wjPQv`VfCPXxohc}l*hl|qlU`pkJqQO!ru*r*xG{b)owq9PPX!hFg^<9! zbnt9$r`xJyqgktS>UHevTdJk!-KZzv{n&E9pKVuiVx?9N!ll2@)(Ox~?h=#(pl~v3 z7o{~=5pz?|9?ht(ds>#YQM}~5l@^<0)+$MqN-R_Ryza5vnlOFd?pk)Ull-PR5yhX$ z`=Ru->$a>+v9)ewSW1pmosD}>^&93wvv>Lu$!RyH1^}gN&quXUjj^6~yZZ%{++FHq zbpE;aOV<>|2<&!}6wOybJr;dxRGG9vn`N<9*?m^ek2Z?%t|!VN{XzRp)js@}8o>Wp zY5loi*zy>J`(`B@c^b#_%9Qhi37l{E!(148bj=5UhkY3jxtM{(cdwew@&7V?rR8#A zE?7;cYunO&-M(IeTVGV}+5M1xxY{k4E3jB6hI&84e|Xy~(zOhz(k^zbe9`be2ly&; z9L+1}*bTB{4`lA*UM(p2RuMGXq%WWiOdNH;MAhp zrv9=jL0sy%<238iCsFDHSSc-&3V}=Kbicehq=`E6vh zz2uO?sw$ZOw&rl7RuL#X0gx9^_zmu?L`p^0q%e4mR{iP_nw`*Nl1yNvh0e2=MO!oAHxWK(;(4PI)55ubs^cRW7 zgE_fQ!E@S1vo)PnCCi^>iHDp(*IDlc1aGeeUnjj3GB5qCWm=b8q>Tu_vkodv6eHiV$f?-rp$0u&BOPnFJYkwk7gGAMEQDN&>`>jN0+CP zbnKArCHAaT3N=ys9elN)JNC!P&y>F`#mt$Hv(zWja`oQ39|T)<9cSHc^8z>nirlmEAkWd{u8N$5jN7NvL67Eh zpQrOteMOGLS=H>P9XtN;qHgb_^#U~RoUTV-U$xd9dWy=BjZdNG_lx?^S{xR?l-D6~ z2u~kRn7^zfcbB!TeGu*CfCb7m``pogdD;@Yf3jFB{pN9O-i_3;ZRzW&e0s$0nlUkX zh`w98_#N%En^Cc>ye0g z=};`x0k2#uzv%u_!I$brhw|X!!_BdeI^6n$5Lvd)pW9WMb{Mv;;OT?lHN?E`yRqU~ z{eo{HDa1`!1MkirV|)vY(~pjhlmzAQZC1#>b zTE}YJjxf;9XnA;EhEOqafVf~Zx9fgR0Odq>*FCPc?y=QOQKPf7S_$>biT>49jm=2R zi*}`UN_CIrTy4JDGfl?Eo5tt-$2h$Lmrq7TIopvPSpp89a5(R7 zf;`hHYQ>|ahU&B`)ABCMsCr7*Q#mK59Cl$`#74u(lI&gE9 zucGx_?&v@9Ian+_ZIJYv^)#}ktyG9etRhaRyFPu46aV==-SO8`|-4m^6mi13`?EMKU4w z_XWNdfLx?Ry7JEDrV>lvm-0RP7S@BkMwSL@E2z%kO`MlPa-dUA$v0<1S zE@wv@VNG#Ov0{SBTM^oM<_IGa$#{naip--t&K_%eXs=R@UskXChRS@s!DBlEDwOu3^Hn78$+!z=n*P4+ z4OD*9UDX3;iX=_JN1b4-J$AMJrun@tvn0N#H;2_oJ=Vo8scuZ-HygL&a{)i-{+U`T zA33m{Bn_LK7U|yTVwkQKcE}*PR1DXTqJ(3$P<~RHD$wO^J-yHxzW?3rtvmni+S?fa zV4HX<62v#o-@cB^say5umNG#O3cr@2RIR+}9z^_7kqB*(aEe2Z{@BTwpNFd5tOj^_ z0GOII1pym!MUdS0B?Q$@Jani>f}al6vwb81!Sh}$^TwqRc!>|s>o=-awS4|#KAYT6 zN4C`}jo}{8#e!-PYd$g+-0y!SK`PD(Vg4$x@vIfy&zod_A?>VwxgtKiF%t8i7>b2| zul#hHk^?Zl{Pjcq`LbYwlR?EyHmg8wGP5#R;I?Kl^LDkkhc zQscu{hs6fh&#C&4S}|`YzwtGltm*PUt_#ju<_4m|%2vXm&TcEn%`E?{&AQ9bAeHr1 zK=s_mbeZq=)#iEG!NsABbwS=OAI8En=!+LS1iswrZFnv zf7$+oR!iU^OTV0TJGcGiba#9%Zf(HCv?5<4XXCE<^p{AB+B7wJ6Lf;CL1>&iImh9g zlK$gUwkW2WHly1%$5j!HXHGxCLt*s~(maQHm{X@Zb3tt&UI5!gXu=LCk*?G?++{{0 z-c{vp>-4!~^~1Hza+%M|z@#PRnz)iIiuYNr#_2~L%`@3tzaS1Qh9(k4dEuUSkZI%m zVx=LMVVKW^FIPi5x^KzU=zC|6A70#~i@)-HcZBmjDSZFc@l6spIq^fqTDR;PfF^ol z_ok8hrHXMk)?7m!W|%X}M|`$IT>;)!>iORD}n)EMedyJZ)|nDIHmb- zE^oT>D|5QeFHJI04i~v5r=NUMI?nz)*XLMcBiIh$#mV%kRpJsXS`<`2Soo_knF(&y<-p!!K=KnG@2-e>|NMjex->3XTW402UfLcC6tc_DljQ?tiULH8dU$Cw&iLXj z$BDSGq=JQOf2B9g>b9BCME49xr#PHnx;SNV^Koqv4k& zqAPY8USrU}wuLTB&ie<-D*Jcy4{(&O?4+=11lPgrVA~Sg8wXhH)N%FRpHX{WHW3l~ zGB82RUa>vPxK3u(O;xr}*ePmq*EpFQC3GaW;0dL|!D_{j_RTD(zr?o`wZ~RO_M+w% zwLBS!(~Z?RgMMJzRDN}ij+l*S)V)Xj8IEP$SMOg36TlX1ZX}an-fh*#<2`akE>3A= zu)^XYYhsG1Gb}4XaD{+VQNr0Y${ygUxB~DzdqTG`Ma1DxPma(I@Avi(A{a4xK?GPf zGnsIG;WxQJ&=Su&X&XIl32X;gmg66nua?ARxg(EWrE$)W#G~tbs#eGWe*q(w3xQvA zItb^#GjU!|k6;_$6`;2~>X(;S{|d*d_=r6~Ho~2NR-f+j^6#DHR_K* zK+Z8H_z>Bj(;vy?ZA(=Af?>RQqkrE4d}s6_;r1wg(mN;Ybfyu{?Bd zBLN{B`Lp}BK0CD3!$(opndWDUt*@@a&86hg?9p!ko4x&nX>w`~cHB$#;{hUvIs@Ds zqfXBFlOZT3Zfod8KuS9eCezAJ5U|^zSEWJ1<99U{z;JRm%4k(dVoURK zF7vZ9OuqEmfEOivbjXoh>`ar{E;rz#pni)2uYP4!s}^7^V5-NpMX?tZVhgY2!{Sp9 z*_KoHeP-GN2>Ht>sIaXbkuxfhy}10r2ZL`U`Y4fJA5E|;;4LvmLaiAQ@4o4Zw!C~* zn_hyB%=%<=f0*N>t0t{F={;>WJCBpzK7|KbM&Y>?}SIbP3}#6&&vU<*L;*W@rl>aiyFxv!z~Z}F$O8Vr5u zo!ZFke%2KKg?>aE>9BMr@gA9i71ZZZSDeM;IGfe|*Z3V~^}S*R=26QsIvSBB~-qEiBz zuV0_=xNWb#JQI228wbbSqU`s#*~+`>CCR2!k=@nH9qSvDMOZ*gN-R@(a}?w? z4`0yiUD=yO?REwnkeuiTH216POV)pu> zq|m+W)yjFVysMI6b~e&T@fCtb_kXT8pweSed%Cfw0w6$Y3FyQ zbD+cWkbUZ(Hh+ozBed@K*_wihc%15eb)K`p(GQC!hcK~#34{X6higRaFV4F^_a(d# zG<*y$387@dCcGaGc2u54irsHTvXeG)yMGqvfA&&6708uxA?6c>ztuS#JZh^Cj@wg# zsTJRNRs;v3X7fIqyXeRc{t^}{Zqb|ef>lazeu&D>VKk29MPKpVnDFPKviPxnv3h!B z<#+V^<*`dmAeA=#XTqQanbW^gVC@6vjx611D}XS&Eqq2_OEjh3>C}~ zIKI=pjeti#&4s59x=Cy%uD3z9Gi^}}d+lBZ{IW^`$kl25?5tw+DW7tF z21eeGna{3wKgq3TLvN9!rSnev%*)YXu_Bm$(T-GF44bj^nw znkj2erF8Y22ce#2)CSX}&$O@R((hM4*{@|D&A}CgZOIjssDnXHFS2!2luQ;|UD2_<${G_!aLf(@gz-sZac% zZ=R>18rGrYOS=TX1%Z;0NZ54;Oi^&-k8#i%EaC{uN{E?kT1k_Pbt38(*&Y&3^e_0zUL0%`j-f$E~*{6o4$2J_|1a54?3TbQs#ct0KOx)vzUbgM%R(VTGKa zA(`)*Kj`69_t1;et1BAj`l$l2;R7v00b|?w5^_iMj@O1E-4g;^HqPrnxfkK`C;a=l zOvQI0zxE%xUPQ)GO;sm(9DyCK>nuzP!$59n&E7^GNPz4C^7a0up&CJl;0DwUerVX_ z&l)kS&a8?^T~4pBE80Gh@5bB$%) zsbHV_p1=}(n(Mf{zi`Qb$wxPv(-YXDxtsL^EL6>*SKPAFtIv>^07yIT+~ zSn?r{q<^};3rUp+AK*%OdtzRUo7W~a6+~4>ih$}L(eyUFIK;fQFr@SLi8!2>*hi$7W{RCLO z{(!Obwq;zkLWT95X>rWHYyB$DyhU?yD@pZ+56~^OTyhTgX;{ATwf^?dL7a_q?wp;vgsaHhi$OhCUnKOndxwATm!fP*fD7Yz4Cq1GQwu$;@%pq3D z3#xFgjzRz_OZX4%`Wx`JFT|!n8;y^IaqFDwW%K=WZ}smohA0?&BVk*Sf2{>YDlqh> zOhwFVm-ff<`!|+J5(-8eg-u#AUnAzoV&&8o$O^cwefR_Z`WxgB!T>{W0YB_{UnQo3 zk#wn4uj3BOS8+@dFxUtax9R#SkxdFbBeuH*_vwGn@^799K?#Ggc0{tilUIqR@!%Pm zf@&{{UWG9O5Ps{8;Cc@icH}(0&M_eNA z2fIR${5y4|H&o8U!(7g{=FFo z7t0%YmxE*4#Bar%g;{iy{{h(ijjj5Bz-UQG&v&F#RppjTFPBlZDj*&BEk%()IgGx8 z`6^Q>6z>u34>zV>BHcq?eSsAW;bK9*L4Os&rFjAijP_|V1@LM@0!AQMVyp(|im&Rz zlmb{6{@d}tZTtU?)k5x0$3e(=v#IrXDtc>_^4?Oq}_xNvLqlJJI@}8XYl*~AxV8@ab^VQ}e!QPS|&b)8<*7!H< zfB5NtIlQ{Czp^VX8&cH&FAae6C$>Y~|F)Gs3;x#N#38AV{EWMauX#(7ZLpRPa~b_# zj5qzSBnLT#2=`Y_S{yUFfb}HDtoY0ppFT5=m%gCGtpVh+&&6nmgM@aHu1GiFZAk(aR7rJGrADE^ zV!e7MFF^0mKO&5Gba+^4XC(16ht;g&cshsbyq;%cnGW~WJ!_mjBD1VF>eVHrYN0f) z%d!n;d6{Z?l6~|P;I7eXzMR8KK&@CIQ*CcTUy@IO4~%Jn^BHjI%RH_QOS-&0OVc>4 z3QoUkW=zFX($5shY0spxo6p`|z@9>+Y!d2~DpSt3NQtUKqSlX)YxDV!Wx~~AzN4{rQo~_j8WlK7kHZNz? zZj$ki&xc!|(QmY!rUSJC{fVVLpSEK-OOS9!$~Vd3%EeI$TS7$je2-3UW~wqhF9C*Q zDVX=m7|tNtyCMedCS{xTuFshQ-dbIZ?uS!_GWYhM)zvE1R5>hHBz317>&w)erti2y5KPOljPZ{{kOX9qe0 zn&S2#tSC9D)el4I?w7Ty^>k;&vz(N=>q~r-n6wM!vv^7;vfFc*bXsCt$hs78=~aGS zeGZ8}Q3<)W!G36o<%Z&ZK+E{Se3#ljh?@v1Q?2**_+3)$4Wkwn@f>d0 zXYEGoT=B?v85%M5Eanp-ZEPR*E>G7bT!1UTDvGWEpx=12rJswP(@M_Xdmj5Y6ixPn z9Yqx%6g>KSwdu9=(r9Ad_uNh;#BF-hnpePSb`ZDvlE1~JZ2Cv`IK~f5wgfAJwOLWf z7Bv%T+zK{}ZE^(4!-USe@2x`X3SyigBBty)ElrnC7wgSuFY%pbfV$Z`aqA;RACd=FY4Pj!)s5p>*H-MgnWCzrOxI0_vWVQANFlZsg{;x!zv3u zXl=>rMjX5$hU6P%H=n>+hjlNkAg%El_;LjrtsYWN*w|GpQmfF(r;^Lab3Ix5#&Kh1 zep!iX7(8+t0#Ja?Jmx?zN9F=ZND{Y^zm>}nAm-H$BSUT==F}uF`33hp&d6u`- z$x1D6QXWhs+B>e2Ecab84s&1tJuLnOW}r~UDVg|+O>fSWd+l6a0wWYW+B*=9wEazS zVb)TUw}c7CTMHIPah%2wG$PjWS|2#_k8PHDoiivS`HXrawo;bmyg$BwFN*j&n+V_3C5nbrf_Oa@u ztdFpEX{wE3_ujzw8}4%kjn4aRjc}|2_xl(}b3hB?P+`jk!`W5wFjucBcg-)r`=4M5CGgD0=D`>?AV<3OIxmLnzE%a!_Bt^zxT!# zowBxnZ9Z$P+gJADPgQ`T zpX{HO4Wo*ueyis=H~#bn7XxF zYdpj>3EUY~|E#%1s_aE?Pjpv&o8BHC4_FYHJ4gBM6Ei5_~(GM~@Kp`=!)hT|-#=!;TJ`Yyd714}=l= zpnJ@G`rY%iPxbsOu;8)`{JbJEJO&Y}>eJ_2Fm>^{;l|P6& z&`_5H)sGw{Zmc3)xb?=~iD^o!**0HO?j9NSV*o9_a2G-Hxe$LatS>m85iV}f-h#Ri zuu(Lw{h^UFh$;WVug6)p-BoEn<>qLf_tFhGh5~sT(@w4?_nX&YFLV2{0#2!FsmaFb zxhzV8Uc}maZjX3V20I9(O3cjaE_i=hnw6s zCqqa4M;!fEgS8XxVF)@g zlk>7q?mL!migZu|Z_KRQPnuYHo^|Lf&obO>w@W zbU}gXDqxD*c>KMh1Re3IGhrVQYoS^(oGBnikkeDvh z@E#6F4A3DIs@v-3y$g)#(HJ)(gR0!v?2%+_*_+y8VW;V)c}xQ=2i7*gY1-62^as#T z46*uZo9+p#OJlWR(zMb9OMHXuZf7-lR591Z5_!uZCGBzw+zQbz&bvT6<^b8gT@&)bPWn1``w=4&hl5Z-TL*R!jn-|Bi zcoyd$Li%2A>XNx!!_IW9?v#FokVl7Xqzzv=%dtb*U{uJx5^$<(r7eWA3-jn0y0&8cf+ISjItO5BQ z+5_TRE-K;2L-T;W=xAk`0|;@(A&U#^Bp#$B?%N~+VXdPA1|mK;QJwyYa!_7u8M6y` z-^{2wLlWqwMq^CG(-6VOL36m>XoMQ+_w7J!BQIK$mff#09)QB6EevJ)4krr8i8A?~ zNVnxfPLxWe7RRj0lqK0oLCFchLmJIcx+#zGjBpVH=?29X{z4=wHjU`ESN^e85Mw@y z&1#b_QT)g6N`@+3I#n8kb8{zx&cE}KDmpRTnkyR?S3u2TBRpm$W6di+ltR}-hSB0% z{Y5)n>$Y`Zt+E9=FKMCSE|tDfcc*ZzW_GgG_Gt>OVNxu>$V!Z1%tR?s*=sa@iK1@I z!V)l83n4BI{7#Hz{wYiqVSGtqKIIl@TE0mW#_vW8aX3n~DxVHC7Y))E8^1@dZJ zeNo@jOeIk?OQfVpNMVJ@#6Td}NFlq>vP}4jDDcKLmcrO9BqoS;ecEz(h-9$>bH6`T z8fU&jxmDR<#`Jgy-fUoG)}xH3f>3xMs$}#QBOfzUy5Hto(mFE_3Ia@Mj&jo+(GUSU zn+{=Agg^8{@W-ul%nXhPkwy`Lx30#kT})E}P;ijZ0eOnsZUsTKM5GqhsMy(F&Qz>1 z9ocsK;IowKohC6&O6B6D*&00ZjE6&JT{iuc4n2{sBzJ-!OxGAylQISjuaaJF2po-ro?V)o<5_;(4@%q)K$Iwo8mywqmKfJMok;jM#;tDV@ za!ZO;1x?(;PD-0|_qqI3WILtH>sWXG>}!pdsIKQOQbaUvw@{Jr=p!vlsq4=+0OPM+ zZP)3a#o(H~Cv40?JHGK*Ffpv|h;6>DEAfn4Cp_{&pg*l)A3}Lomlc zFlssP zjt>=Yt*?VX1*wub!QzQ*>X)W&&`7$+p-x40viYWZ@ObSmp388ZDgD(U7AvnrYViI6 zX11rMSsE=(jK|Q<3rpfQwgR7x-4s!j!?rke6!R9hl-e6!szXHv%7>?6nl@&yHYN(O3hCBcF7=GnoEDsy2%|d{g$7_f%wC|cxQRZx|r8X);Bh! z-cGU_O7Rh0cNr)~!e*{B;T4h=^KS4NRiQ`BX>Dq>milZ>47DWEZYYDBn4*i6itz%O zKD5o{OL-jDXQ=Q7^DK8-Od70{a#F|<1t*^weH#9AzT67e(O9W`uOLvFTzS$LzlN9Z zI?QLfA8oMD#NIDAT2-1!wOdaYF$OJtz1tQQRV7lu%#2(YP8>ZAcn2Zw*<(hC2bAl0Rn4^zark@Zq=XSi(FRCuWA`pTS zi0VzMr&BriK%CtE)6rtp4{JF<`v*edK-}T#LGtiGp;VVXNS#~zpX3 zd{z6(hC|?>PY07bN$Mh9-0O!d=-N%QY7 zlq{bs3*M~AXkq@QlRo}nZxczOka63gg}pKLbr6Op^Q~AjufHpghPale3B^$mUXe63 z52X|Dzy241cYQl=ZI^8(rv+BD*!G%&l9BwU5WKGAi#_JKdG~|Dd1vzR%9gS7TiEGg zHggX)+KIgehwa^-U>QY$)mvOHG@`dO%s+pksU+ygV-QaP)>GpwxZriE7hT)Q{U-HUufA?dzweK#uQJeJ;YPCQYxF)~sRWPvTtwVY zA!MO%RSIn!5){y|4z+i?ovKOhkyS0sWpg!inWcE@2V9M(uu^L%Io?s7p$=^fjxu-a zS)BEDDe%&eWTEmzGk4vlRp<3*g!E=}nq0$nMASU@tHhhBAvr}pML3`Hd+lW&T$@dT z;O^!Y>U7|2VwnzwyV;DRgJ9`^m~&9VP?WKZN=tHzHE+cbCsymJyS)rs!RC`eYr)=E&=Hy8Sjmi&_Lwm(_fxvQa5o#dAO4a&w&v6)=#_dR2fO#Mb zy16&hviCckwaHIlg;2V!xO?t-(|BGC5kC`gHFECFZ?&{e4-dkcT@x>qry{n%Cj2D> z^=~m~gEOTsC^n&~4ShbjGd&35{AHHJF-o-RinNpIH%g?@EQCI)AQJ%3c&j8eO{FH= z_vl{$!Qu9Vy+srmB7hlrx3dG5cnIs~fXdFH>zs}p;jhtVDL8vhUuIf_HPpOrX5-@Q zwa+TD5`#xrEma<*Vu$$&ycE+4=r{&UR+7*QIz(}uBTqn~aVpwu$`b{B=EypOc~Udm zNXidqfk9c~cD?Tl87IM^x`DL>=esY6b!Nzi&3j_pO+seFQpE-3RXy#|aBZtC^%r5m zdHStir%=^U#BfE6In`ubwNkS1To`4`Z2Z|E@?UKCRs@PlMyVAtK@>{5c{_NjXO)ge z;?5mYq_(A;zwS28Hucy?u9ljth;~>eS@%Q{t&w>UQWH4W+=jO2tn^2LD+|l4(l+9Y zCnsii@u2vA!0h|GK?fhcbKqD8w?yaj;BpX@(mhd(vjOgr4{|NhR#${#Mc=2Mq#S1l zpy%o29Fx@bx!EF-pZ};4TWbp7ms4nFcb*U4YWbej^HYBp)wM|PVYohjknzu?6kY|{ zNGNcEq{feyd6tm&ieCF*QyahSfC&yu(Ypbs;H@QQ#+CGR^nx(Q^DX3RSh^@Co^@rK ztK(7yxvs~l!LETRIH%D_?qZs5#r>?hL(Q3+Dp;zD#$ztxmid}qzHh`D1qCy5@cx@v$JF-JPOxeWiUm}Jl1`KKM@Ka(&4pntm&=aIa2wX( zpte^N>4OGSG76;KXtfDQ(MVkkHdu+rv%vFUDzVIb64>SLNO&$s=&28J3$dK0kpgvd z;M8fSbxX38DDdcK^YYmVYfOJN2GLBoMX%NWQ65 z=+k(Zh30+7?T7WpjbgnB@@3+oEvY$)In?`=wahBYqHJ|4(Kb$D@xJICyVD#wqjT`; z2r-f5ZS(zk?S=W&P{U~tiTF7oGhV5Gy7E{^(9!L?P!#)0tsRb-G%xPqVzn~FlJES+I*Mv?ew@(35m8*-7DuQN)V{Z zoM`)=DNb~Qa?ZcE^?5mIf@)>r`H!%_h_KYJ){O z;jI#SK_^mFyAQ#_@xog`gDt#G-m@YaD{E|zc`{_A;w~)T-kI84GjjPTDeUb_M3J{NcY!8y7~zCFZzkH=6NqqdPp_;U7JF6p z4-(J^cBYb=Y@VP~Z}uIc-lKdNVtRvI8%?y7HrunVR+;8m6r;;H$+*wA(!5ITKkH94 z3dQtc!wLpl`nEOPP_S$KniFe%x=ObbnudyK2DOCxSR;BN0 zo+>r=w865~NE?_qgfmiftl7HMrflK3M(S zNk2mHfq-7UEakRjo8aukc{K!sYqYW^P=vz5jYL8h9g zB7OJKh{pVxgw}z?H|fRezo>?7$xa3u9BMAkg9d({G{;EYe%^lP%<$-zG~@IsaNvWM zqoX5#vue9Mqk@poq`YSDF>mADQev7=O}8xh z`35kkRhZ=8$^H9G2Y_68)Am=h>ZugrjTw|oX}Pf70LEFFRnoWvOuU{azrIiKyR)|< zD>#v99JW)6x|H>WZ}m@T=4H)wf5{PS^8!xPb{t0!a#~6vo)ScV9O(k0J}dBFSsOJF z-2}Es4?p$>0*8q*ZAg&HmQCPr)a`Bhfo@VdC}_IZuo6Um(a1$IvduZrrZTG@cbSNu z+H|8}K>>*Y8jN@v+rn@pIX z>7z-$S@li!usPIzFQYVL<+gsJbd=LUW+RJj2_QH_?U7ZzyWu^rut@j{&< z<3x&EHw)J@?&ICCJOA+e`hD;nJSFcMeoJfGg1`cNL`tjEZuv774g0im!l{uGD0qV6 zP)ofvq=~3yK~2^VtSzefdvjqxXwb zO>$PAs>zfM-jRu#3tzFWAEHEANJUaeYzJHG_bvf5{AeQ@1tEfbgc{S$R`cTU1aS4T z$O&9kWYp91k!b>Jdr|S-F#=jDCDnnanGd?W%#k+2tHP~yh;E)5>aKe1@w}q9&HBzN z89u0JUOmTggpo7t%n$+wX20Q5gIwR|3smKhg3p9z+1ZHi1caJ|4mOLyyVZ@rU7&=} zf{Mu`urq5Kwg#MY~XH!47Jm$96vccE;Dl_7SX|kys-g3N;D`oh46k({EouG zAQ0)@)qV{3wy&goxz}ORKf9Z;s;P@>G&M8EnR%T=dcFq02)v?Gt0)1s-k|Y+F`0L< z<=H>WXN9_H=zeyIkA4YMDm00oXoFIth~fKR?7dZ399y?8jE3MEG(ZyE-5r8^aCdhP z9w4{|ch}%FG%ms2y>a)(9dbJBTWjsT|7YL)cjw~VRabS*sxfNL;p3e?)#}gr0R+hg zJIFHpI=ABI2#v8^Blrz4V3ClUXP@dw1=tIBQrEp2AS`2z6dNuzr2WBtovAV5jKrbZBW~&%V)?wMw`MU(V$f;yV&FUVUFwM1=XF0B z6pg@gF{nuobPI#u1-y0og)LO* zg90g{vK~G0aNlf@AfLy4IX^H~-fRhuiF1F8=(|Y%hX9IV2GUU-!|F#yF-&VZv0wPf zM}Aw{!cVAcgd+x-vGvSl-*ODk7m{tNZ~BdD@6yaPE5$?*j+;J+kRqDBV=Pq^wrMlQ4T(kG$g1@9NAQ})`ZH`Id5A}}fv zE0GLg3Z#@A;v!}vMmd-P@m>n<9b1fGcS18ILQ3o={btmBij;z9D!zqP^gE1Jv4H(Z zsD6>a+)5==!e0QO-bw@@GmYPL3y+M`h)t!?OMVs+pQGjXE1%jvBe4J~S10=g|72=t z=jE~S7P^bRkhF!~W{O{(UDXy;6?xg<7pgVHBac>}$0EdCw=r$_VO0?7IQU+*ap{I< znme1)#rQ6*yRLx!?b=6;Eozt*m!5eIdV}qy=m02?=^Ehb5~)LkxKF+(`PA4fPA<0% zJp;ASX{LLgP0Tc;iP=fZ=o?j9F26+Dlvx}bH}pa-^&wU3Yf@9EUhBN{>i1O(3-pf7 zY>b|MP2^PXs4WRp@gTlZlX1meJYt7d--rO5&R_gocB9`dk+*Isyus&;bOSe@By0FaL}2FzqP!5qMsu^RK8E*{i>!?)h>N&6U%tDonszOBFHx$aAcnEj+? zXV;(-A?U0TU(W4`%I~3dv;axxd_{&r87jRV$q>*18g;tmB;&7K$%mf z)Cte}_tb}{SP5P_7;$V`CRhUn&Q&TUF;s?hawkUagyc!Ixc20&1NjMdt$0g>UU!-m ztuAAvcWHICh1m%Peg*ab$tfp=#D0tz8@gywHq=k^vF{nf2m)@n1Dzd8;8WOAai4~C zEw1}HTCsFwQt5jW7zdd53yG_jnvwCX z=rTa#PBe=#N@2;06o(=ibl%^vHLP{mw)_R4?q!^}XqDW{+Ch8|AgcAgJ(;Qcc{n}+ zNtW_U>%YU`pK^(-xW>ZMAN4WYi84vH1A;mm;`wvlpb{>I+Ppci3_T?JM=9+*oCX z{B$n6{COEkKH|W`T)S{WcDx{()a$O8pzrnFi(O`XT9WTQosNZPL;Ymn_|}z^G0S_a zsB)hDb*{ z?c;hIK??fR-#}tdkIUu+56fkK{^r*L<_t1yjo{n1#PO`ByxUE9QTC=h z8cuT;O(83{_^AN2$FRJM0Hg)>+`RfO9KYf`*vck>21455alvSW1x4bAZr60>-fXA6 zsF@Ej&aX7b`c6KOOdD!d4f_-#pvZZ52MN{1$Ia?ssrctmeYIKw`(>QHpKUA*;FeOp zO~h-gVXXS)VhWVGaZmA(DMzyXx}3y5-ZvohbJjs=!KIY%_`8Kg{5v0|$*;_0;*%?4 zMqAoXUDmy5_+kBOov-@qcU$xp()Q(2t;cgWmkeKwr4=Mhuw@Ji?#0Cr0``G})Qv=n zFcWW`%m~A1cz8u5rnNLu*-s7F?SV3W7=>rwqr7s2{1uF_=-F8>EQVuv2JG+C?Uel{ zq?Z8j!&h2ZQp{bZnf)(XWH^&a%ruy;gk`bYknfAg|%EFHT7O?58stJLE6*G ze{pNP%LL3e;z$!tn>3k+o#0DmFJK3>cydVOmaYP2%p^{pe$Eg}yp7`N$nK4mN@+sc z|IldOdED$2XK02|OkYM=OTXz0gm?4jHHE}dvrWD3TE+n+^{l!628t+zO_;3_=y$sH z6nU2Q3=tT=d)%dgm5Iti-cu^qHDG%_npN^zY~McWYwBO>hR_jg?%`B-+up6Yn4Dr5}cHQ0MM6y z6agl!UYNkE&+Os9>TAKp`^#5XJe$*VrN)fJSjJ9ui3FM6tMx`FLHVyTi?pHg#lYA1 zy=6vnTJ=1NRIJT8xpTU!A=>lXzqbQ4%=^2gk($ zF`K#z!wuxL!tp;GTH}DMo)}tX@Ia5F;QKDS>8^%8)E#s1m5$(k!OD1!dQDf>Wp8*s zS4G#H-NrnFgm~6^dx?wA!{s}E-0zZ~5t9&`58y-;&4-Nkp=GR}GGas$YhtW21K#LT z#bB+BYt-#hC+AT{TeFg72oQy?iZBl(hOC>i-H102%oqooBUd;U$gJ|}mnW6(KM?P0 zqc+uAJdd-0m|Y@I_V z82L+a;dlKdMG*5zsqI^F!Pt&ajV9#HqoFH+MdZu-`V&$ezWV#bw_ z$^sq9aIRe#T-~>XHi9RM9lou1FD|~DPQRx0$BjkgdwyA#8XXO!Vbzbii|`xuMN9XX zAyEYEzl^dmc@nOiiC7kHd1gFz*`2oxNNP!X6{Bq3H@Pv42gv4>_liA)h{p)D#F)Im zWf^t$b4oOvbj1$LU;ujkiU*McADTVyMofUVL9#z8b%h)^WY}G9mvIfhvl8tX>j#*b z*FCowAb^Rf_*!jGJ@}NWG8FKm#SYoGx!xV`BJcHmU2`Xnm~qL{dh9;SYr3n9Uks>f zvP1RoU*tVf?R*3YB2*2e3XC`g!k5%a=$`bB9W8V40vzCQq;BZXH) zE$}l=d3nJ6`uT{U~ zxo#HxhW7|^e^@+4mH?`{uD(A-3b2OT9o)NPAd_ppZ=N8D)`81o__^qm9XGG%v5I?O zO|Y+hzMb=7rUh4=IViwxH4Hp7T|_5lF(lNU0OFZ##*|`p1oe6sOR3#V|ERVC5?dD2-Mit6GjhoD#qsvz4r3E?R?$tzefb+DKFJIu=#6~HSBI$No#?rZNc1)+b&8%ym zm!>K5i~2bcc~y+F z+~nkY#)UR}6{K;$GSXMdoza!;CmsnjlMMz}iU+C)emEllswRf0DVue5b!3xY7L4pm zA{fy5)dErQH%Qs(6Lv@4%vy1b3Q=XIw!94N1k*I#E8T4u0$k_c4Yr;FqTMv{R~aIZ zHD8+}uueSW{c9QCIr;AE`GZxbL6plwW9g%&^>$g zNf1xOsndIbit^#h4RYU42IjHQB4M0b$+Cj?r0!8V6aC5x%@NaEQNP}~E1q@0$Lzu< zV%JbcJ?*#nG3j(nx2xv4dF=g)&Hx@kBZA)5JCQlm?1_f!u1yw%E({Z6%jCY8F8ora zQhVDXk$JjHe9Z09-@t8^v}ba|wTj60tqfS;XClj%L3guesbwsXrq7BE%|0%{{1l=0 zRk=(48<~sTWHk{x?vHVFlFR-G$CBU9Gl5#S;n?sjA2(p}iB_@br!L zDGjt`&ra7XtWhf&xTmzL7Oq#Ch|^vT0=!#+T#)rJzI80<|JvP4*@hR1$E30_a$@7u z7gG}KGPU6_)x9o9bP=T>t7i*GTvC(zu13mrB$8+0#m$5@Gijsg5QlpC#7e}7CgMYj ze3pXMtj(6*&rfbizJgmki_k0@)vrxTqZFOjED@Hn(*3k`SD0o5(8p5*E+xe76RT9< z;$y%0;k2oV=umgsz)$@o0Up(dRRb@KE&F);yn!0|0DJ$dHE##=yl)fs*_;k*N40S7 zcLRC@9v&GSNp7=Hb2XQMcZW*fIieO1V>1Tw-=oVCut5h&?{_>=k~2)~Y2Mv|{c|$I ze4QaByTOLlA~!VS!SHWZNTSUM=xI_I_0FU@t=rMe7`EQ0Ns~<$i=E);Xg69}Rli{@ zcnN-N57I0zq#ZDe8%*wxp0=p9EYTrMUcKkQum3($#pi83>)m%H24#0GKyyeXJc1QT zLrd)XDSD&8OygDLm*&{TS+zhCDXoNRp~U2*)clmId;#X^a%xY8E9(VvaGbyvZ1B|e zq01*dqzAw|xzbS}H6(N~H)^}&U zV?UpsO!LeYaq#g^f5uRP0X5DOh0HRzoomD;l}K4I%MG5Bqm;TJDxEY0) zbLrOIINWeV&}lPlS-NIoWR?}?u-TsQYsVQMmb>qLf9HL-YOD@T4A{d2+%>b(l~h$X zD{zt3xbDFPUqx2h!fJFYpQp7t1~l;d#KxwIV%nc(pLDTtodvc2mgX4 zvwyA=o5mD#++h}Zsr7XEm5UN%w*Yioq|ulaY%5^1_+<9H$$_u1?CdM%r52?d9n`czamsV#!Ew_^o2Oh&Xh00S_!C*u% zw-TqFJZ~)vd7Qya6e*!os62ZrII2VH8@HEO4c=tOhues|-k(qP(kP|&5v(|t(0O#~ zDC;_Iko;brZQN&*jpb? z_SJnt-cwvisENg7BO%@o;=ggr=`>iK+R|vYS4l1eCcTxl7aJC&kh`*tA>wc9q!L6T z)KV#VWjh=s7PS3+Kj3mSL`7Bnyw#M%K^S#ji;U%}tM9ohf3wi3@WuZLWExA5dmR70 zf2R$-jg+2Gk1eOQ{ZyvPRrZpHK;q02yv(sVjIJ>h@CGy6AddB{>osWjl-q=z-S+lP zLL+r&DiCMph(IK0B}Om6rWsY*rQ%`Cl&73pB@o0)ChQsJah;^GF83I-Y-MKc3GN6? zMa6%Su#Lql1Y}k~K-z;s5^UC1n_VOUd>0uI;hcjVKx{?f3prZ5aW;WWLo zpG4%36tPzGgIaFgek9_Z4NNtM$J(>#A!xs4x z8~n0lEg{@ohaRFf2g-l`m9vVtSX=O6gS|pyB?cF!ujjE_F}KF+u!xHv<=3y#uuYHg zq$ayo<}TY$A}}MujTH^IwJ2_#I{2ALN2MQ0P}YXHw~BL4TJfn)<=*pI8VV_9pf7x* zSX4b6Tux3Yo!Fl+sL=O&aGUt1-*P#-h&bH*B{0u^r3n)3X;XC1`rG`t%s&`8{y8GUw#Q+;gF7)m%A+ zN|QnG)%P?U2-xx`0b(l|cm|n2VSiJ?!tG56 zKE;dX8j^Y66%8!U7Y?lZz_|7}$%s~GFZ_)4m00SLOUfe0Di8Y_)!%8CW$eD@D0ca< z!jisPGI3+Q)&>LMZK@H*gy|fZuhgM&Wt}qm27ZMUX(2rb+GCPRz{N(;6-b~cV^ax$ z53lo_;8aG&^>}{*r<;XMTnEPWtWVQ#maivuVTlP+L)>wZ-@RoowJE%^pJ3`Vzu|3= z^ohlUePfkGr=kC+{I3#kj8?A54!Xyv=gm?^Rp~Co6nz7i9e(-f1V$9{Vb;U}oi#G? z5O42ZE*Su1y+p?LCSzt9pcYtTXxqmpSpLN5W2ySs4&H0qdTy`s<}#b;4Yt`P{tQbL zP3=m~tY_;o5Mkm1yx7)bwW#j^C-A~g=WKmN;_7MMU)m?D&cTtG0kKjdH z@6uD~5_5e9I;5Lbv(06ll2*ygP+& zl)ar24t{XM!M0r(_TBaME?5@%H#-+=i(h22^ZbQ!6< zPp4*h5dh^Vn^HxcC_d|O-xKPwJ3JSB+e(yMlL^UpdI0nlE%aEF2sKrDzx3=yNl@eT zQunxCd{neJg?jq$BE1t$^vaw^}VwkZ7F?}ilpT(B1CHvV{%fmO2g$`bai zllj+yO*OfbXZJW$xUah|YSi>L`rf(`t7^7O90~!iRE1re859fKNfW_sv(r(4YDeU4 zgN!i&AlI;EZ3!S0bxjh0faAWWlM};Vpm3+MY*>ThZxndRVm^9aBPL_J4y@$kUr@m1 znsjj-l=%(aE^vddYjj@O4M4=ACSCy}9pPUKZ6TSIk{#}g+fzu+(R%`W>z#p^+hZa9A@2#KeWk<%{Kpp7&W#tG0t z$Ds#)*F%^&$*(=2vgGcLH?sJat82FGGpb@f&3=c#5pW>|?k$)v6yKPRwhp-F#265qXjCDa8U%k6S+k zxY5%K=fBPFoBRmNAG-J5Rm#aQ6P&N30oOp2?}u;_)l!wY>l~P|j(<4NB~b?*-om=< zUm_>3UmBEXV!+d2Ms2qR{Ed-w*5OTc0FBmJF0p%@ov~d*yFc2pMFMV&Swy?#f?MCG zp1FD~+O-!GFdx_xTMb71)ZJU{FbR}Du2F%x`*k^ImtpKkufStRGo0}R?v!mrxX6+c z$EbfYS5|k?>VeXscye#F%pigwzy5n9wPhFtEqrLL0Tlq-=5+#eofYa7c;s9$-13UM3skl7637qaeeZ zgIz@`sRY~*4Z@t+rZQDW8u*M(DjZeVl!Zr);FJUDp_wmk@LTxoDISC}(Wulj3jU7M z_^S>3%v53$N;rrirm!_L&89$kU7YZy)g7#C0aNVSTZ&=4D69q37)6!>+xRgoGsg`j zF`^&ueH2Seg0)!R&diIrr#R2Rjgj5=%T0?8s~m(g=77+^w^b6!z!j?MA%9T6x0M?D!2Mg7T2T_crVjG0eDw=Y&M5+sc$}TLi z;twZ`10_$*&3CrdVl<189`5Dfqqw%lGu19g7Qg@Mc(yF)tVuMSL~?Qn7Tt#nBeI9& zh4nD^W2D0M#xGdaD%ZHih+|~91$kU-C}OLo7vE2~NcWUYZA6im6vSDCsXt8$-x2%z zz&^_jjJ<5&-OcL4;Ht{)7j^DFH#+mT%-ddXLChfIG8$JM>$*Vg-d)F zYj)gVj}+S0<8FzUZ4x{avVVgqPGi3NK5C&-zwb248a;9Qa)e4|nTn1X+;_+}O^LA} zaOb(nJ!|&%lb|*ZMJZPTBCmDLqzHW?vLGOOb2V^xr^%_{-O-n(%zR=vk+?%<2x>Lm zk;hae9W(U?UJCNMjOLQ)q_q3C*&*?`zm!F=<^_SifGHHp9S*srO5XSxrJIqRQJ4cV zeS8L|4ZU64t@XM5i<(9mtdfG!N6QW}scMM^YiSUt$U;M-WaUhrRA~7LhUf29h1M*R zwO{Y()G3bQ1lzse0P#+*6teltRt0NN8G9Y4BIrs7=KbhTA4hhP8PDt;Uz@C!2NtT- zbh1S{;GuXQQ|HJlvSQsCbzkN50-SlRXPGxsY^aDl3D#Y`i%U1Bliw0;oXg@bNO)r) z*;4;BQiIX=bL-$C1yc^+HhlSwj(5k9nC2=4Z-rpn!Out2{UO)(oj8Ug{wCCi!7HUQ z#Z@5l?QV*4xxvSvprOZi+|{LD#FqmPNI#mRE=N}dH)IGdOIscb^90|TI{}4O+H?_* zlW08=fHPSonZ5`L{x(EF_#;f~ zTdb7oFPA_EKQ=4jrg?f1s}EpHYDqU`(QWgD`#m6Tr+aEie^NewNz;OJtYlP%SV~ES z{Y-HKc;FW}(--SK4ly(JOfG-a5$9gg0lQ3onKX59*Froqpu5LK(GyO%&&mRFS=K6hYJX2e-?Y%V-ODjYc5!1QNh%iOp6x;9Gw)CIor5RoEJ1wM^8L+By{R zW)GTRvCBKM{&}tOl=W>ew?LUL-ASwEQ3TK!8b!A8gGd?=#XQmwOl<2u**L;7&n?c$ z8H>{b=2aJ36LK&vz4bJMdsa-0IhnF9hoz>Fx?ZYG2I^gab4XX2c-A}2+6yK7{0>ql z{BAG!Qxl(&0;HoBY}O`t3UTGm-){rkbc~_5`1XO~`FjIkZb!+?sO^C(1i7orbA1_N zGNdrM`3Y)=4Qy4ehg}X^qUAuPF2mbe({+d5tpM*L(EM9jq1C7H$b6)AmuC@zkjsEa zv>QoXam|)1_o5;VfP|x7R!rL$t$4Huxga>H+(EeWyvA+3jh^#Cvb&HN)prm1a{s}U z`4A_}Y9_rAzM^akhcUXUNxhN(7LIsv{#h+59a|{LkkSRg6q(jnPyqns z59M7((ccO~!C-t7W~0p2a&=f6vrgqB6RPA)|50jPYe`l%SD| zIkSQSJ_oeAh_+~klsAYbGi$H%HOJ+zy9Q&ShU1^VZW6*^P(ue4$@b`qvL9E21oxCqHy zX23`vGHK2SDCoC^T26Rq=1Flhe}1TvK)Vh8n8t_;us;19A6^^9KYU=8ng3Z<-3%p5 zBxJe}wL=sNrZNSJO;+1s`DzcN6d$IpqKX)ayspLoN%rR5Ro&-54-sbj$h>SnL3|dX zGKeNQwxdS(Dcxg@XVq>FQfy5K=sAO-+?8USic0jn+B4jy!=pYEgRq(U8&vBi4pg+{ z2dIE8tT-b+JKs{Pfx4X>E7QuRye%TQKd-p+sb<99qt$ytknJHkTp=xMMBpw`vdcll z_i@&$;3`txb9!!E_z=_>OTcSdv#Q_fZ~@ap^@opRal&ODJtA7uC~WY`A&`#+8SQWG z{W+{RhbdA|HUt!M>@%(r|HY~Q@sEHva7xMS!rk!y{ieU~*JguGq^RV%@$~p#E)rr0 zYfVET;{A`&{_|+dG02$pd$aqiAOGje{2A9$7|Ki#`jG3;I;}QD5 zT!e$mvCXaPv7ba z-%)T@BmMRN%AhVt7)qx%a$dJ>_S0HW%0GO_eZVv%P`Hw1Ge-HFix+VE-lxPaug~x^ z#qvaK4r}jK^aS$zI@y^1e)KotT?|8W>D@wjmVmz*)`i9Ga}cJI__jZqh--AYfoK!v zKchh&lb#4!aFl)WhJUST2=8}3ISwuBAr{?Qk7%mnbYSoQb3v68!t10g!Ctigh1ryp z5Q4%3u;2g7l7C2mf=QBxg023q8?^}n$RuOZ#pcZi4pl5h=a#i+$~6?(91Z>1zMg-W z>G0ha0zoQBYC*^bEHfpFEOsDDBDSSgk4_$^t;95Dr_96YW|e%LX0L|%ljVkilXd^D zl^VtC(-}}lk1(5|u)jq;#}BG#S5+04sgotZL?*ZA^lWCQrPuX|(N9SLn-<`9jOM}-=^Nws@|gZ~);e%~yig({_xttEzqrcnWO3^GVPc}h?=WEN_YKrr&(ChX(Ys*};Lxwn$!P`_{OyR*{BB3CNAnLZ`zrfO3b!X~87;mqk8UpK8=JG>^BqXV(_S>!Ivbz+31=D(g>&_) z9lOfzoW`0fxWa~r%Wg3-vvFm!$;yzmsR=L)@CRB>}is=WnT+4j&LJ^xF1|KB`Ku zHQn2M%}7E$)=}mSgYr_nS^0z6SWA5x6$1Ku&h3HN%CNiV&Cnz(CzV3`_8VL_lYZi| z`=OAbpL0SP5IsvkLqlG7lb1#-7J}j|s|j%k>`pUQm_tuE#xO3XD|IvghMPgJC49HQ z5lhhwy7bC?Erz_XU9#A5wsx;uIlZc~G8R(5>t-I0+hXJWV~6B)JOdxfUCNno97_Fq z9P9gYBTm%*R1$Y-?Ej+Yk32IgqH=)!OR$W6@7f#dOjDT;v!R|-7h&~(h25l>=@9c~ z8>1z;rh@O@8`D{Rkxm#WX{OspcUb5d*gR`>;DSiB3!zozek*VmN6%=cQ;AlKYqMU2 zOP6a6m{L3(&%vKu)$~9gfsar8jWJ-Tah*}Nb+yx9=xSCawoq>-7V>4ebr`^HPd|99 zqUU7_g&|s(MuoC@ed*Q4VtxBZ=)P7#D{LLlHpxFyYAh2X{miq!eJ1@&rlnH_+#FA* zM7kcXGza99KbqgIxTH)O6otDlAW~#Zi|`HepLd;1dKOHeFRuofvh_upXYyYT^8aSL zZ8Ch-wNRa3PsF0tX=`s?7kEiMwDOn}`A3~uF2U7kP1nt&GzR^V$^l5^xfC=OPI)k6AAtbV)0GMsW- z!`!*#Jjuu*+u=x*%#A_`*+^P{6iFI&>Eyf=Hyg!F&vt+GxNGF`KkKKS8Rk$-gyCfO zEAfAXfG`CXw-IVuNW2a1=K~f zMSM7_1F^s$78X1vH_=INzNH%ww9IKS6_300@ke|&*mZk-|EHSiA2Igw@_eN|(_n+g zX4K8?GC(}jmLNgeP_97T&~Vt<92q8kaY)cmHzkJw)2{QVbyQ+7gqS)*Dy9Djx-mG@9m<+lD0v*<1DQdEm>gTX)DqF(0>`5ap(|B<6*L! z;qS@)7OwtD{*GjI#z(uuM{OBwE0iyx3TQ?Ji+kiRb@*C*ZT4tx6>j^( z=d!o#jXoOwq|m8$)e?h=M3KWgpX)(om!0z|cAyU`KuDiO$JpHT``Pw*>yn<0s8*xBO8!5iFb#~zCB*a@8=1Pu?0@Q=471Hl?JM@obfE8W!xXX=7Dw&oXYimkWJ}y zX0nm}Rdvjy!GqJq6P@?-nSu!duR4vV?A4vGRgu3Dz)WcEJMaItv;x!>pfV^b`C-o= z|C&omBrqx^t><~?|6l{9L!3m2 zl}Q`WWfIHeO8h*@7{>b`^!vH|X#{uR=xB4veqfD=+wt4sLbXGBwNSIqERX|jnAh_v~w@}@#-vnM{)?TcW&Mn{70=YWOR-3R53gWc=G)% zH2W|oZ-GqDn|JORAja@*O7UNnDpVG$r$zF(>$vo(HoQv=ehE_kt+LTL^m+BM_~CO9 z+`gF-UU-Rv@tmhLlGjF|+Zqs+(ADVnt3{9rSie296V-kZ`BDX749WQWE}y2cf!UGq z1TB{v9dg_S7GgVI9#buHJnI4gjx>ZLsGCB1%0t z9#q&?}uTJ72wFw5PlhoS_0q`&&BHP5t>O^upveuy1{miRcNSfb6vV|JX|t5c<9 z9DgYwTyUFMLrsm~ROWh+>}t&QSYM{JG;Asyn`+gJU}tXh-M@2W_`_tai51>(J&)J( zbM)|6HRFF)eHUbB=DpGel`T7OlsX`1K7fx^IsPS1e}2+Rh)?BHnI*yaT06oQnc!bR z2VapKedNi22-Evv}Ruy#@*a5~f^5d!q9FyQ0$F1E~K@mOiS<0`HP7 zZ^HYqI`VJ7X#P3>j~;<&#U#bt*-32+E{Qf7h@X}U?xrc9oI{6C!P)VLlxv#kLOhV_cmZ9w$6u4IfrT(qT*N@bsi`ip{z%hm@BCGR6h z9L0ROo(A<(VTGQ9j~A*lDAs>lo@G0=LiAW< zr!7P~T0wAWO=5`o?0MafEZ?9L8vZPo)aJ@kvFEn(g6TWH;PhRQ#oc1+tZ)gYkcMjY z06PuG8`wfyFI3U~sM~=Qq_O-lPtcjtEkaO9Hw1gdp6reB^|^l8ktPN zrxP29N{42%Ke4>(T3MnIQu|SFr_&a$s8Kziu3_K{Qgi&{@_*S(-15GR=$ft56vO7xe%GwGw7~!(9CLb)mYit!W*VX{kFi{Y<|> z4Q=@B;?42-#=FBg#BC6ytP&a)SEnbSo_WbB?9DNVN`mtN6f3T; z(M+(jZ9~lIG%6AU(>L0c)-0ddj9OgJY=7F8)XnC{+R;!z!0LMFBGwUq(7)~=yBwS= zUy=U4a1cl2BvtgfIXjeqeZ1~S!@KhAz_)kU%i=XmyF7(J0%zqHTEvpW<3n$*Eh3`P{BGPi6)!nOj7zByIMy)(+t8*NG%uprP+K;|hsB@!vhG zSjBQBi=|tFKwa25U7P{F-&hlFM+9 zgjAH>>@_lg*l1<_9?aUkB_7OP9>>g&W~HtC?nyzFSf3+?hZ2s}$=Y5Yz5fbvZgfE_ zu&`Q9e_g0vv9d_3(0olGDiw4)s(*L^=bY<1+KT>(!(af>kA6tv-Os4|w{6E9O8Dnl zhR5%;=@~OKw@nRR;r%{cl6X`ih#g=lk4ohb#7#LF5G8xNiy;sF``F;OW=t+1gdoM? zPrF05=Ve)_o(Weu!pe7Hlz?R2*xokAln-$U!X_Z|-DkgDpJsf7h6QW+jO7qn1)`CU zl%)}EICpkqy@j6)a+5y)RP_zSSTB-I8J#K^kb^iE@^+_cjjBpWv5tFc5cKAi7dDFt z!ZEq{ZU$Nq@Kj0w&^O*6tCDQl+>rduDo*p2w02WQnbmp65n%Xhg`J7xSl^#eSpEHv zOAP8Y-q6e5PGhk-*Qx^dF|AC?^!YCl^_r1HIuUp>l9#{MI#;Rz+iV6zsIWA3I>j(dyoOw=k)A+h;N_*j)x#cb3C&tx1a(5qqgwZ-=|599&tKOzvRe-DztFHP;|m z-R#i-Nr&Ev9+o>8vR6474KwYIkgt3E_IZ!suPB+6X8RiKNon=;$?DS1KDmd)k+@@#eia|k}>G4h~zH^5&hyQ1bP?c}4yX7^}_BJNT&8l)n zMQuF8c=NNqx={I!0^e6YwlIoa02C@TIcz$!Q&D&)`ud(^Ywk$L#fvNLx?F6V& zpY3^zIMb?8y%ED=;BU8W1Rl#4m|0dP$Z=Ox=`k(6QReG08;lbpBj;2gzD(_gic6~a9c4h_0RnYp=5#}*rP-Y+mn~kIqJXD=MSb@ z>4;n1WDP#u_U*5yzaXF$t3Cf*+!tV{de@;)|HkDZwtVLK1mZi6?<(f_-KuF@9E1IT zmt1M2KX*Rw!h2LfHsu5ROUcp^v}-qQh|Ekd?hjKSZP(a+oqv<%*LSL%F^?n}-Oy-9 zLclTHvC!6XcWLH!lqhZ9zPmTl5al88x+q$n$h$Y+G(W%g{DGEqJk<%%*7ix8GK&Rk;DX`4tcv(E4rl_pf=;7)mIn$C=* z?s~d8Hp%unnwqsts%8UsJh^93acP!__P&bl$Ir5q3Vrg)-+ozPWX7v<8sEa?%zm%L##${zK-d33E|g| zH}7|_s(?#n83#!HTre7Q>2Ip^e%m-QcjO!3J%=c^HOw`0$Cc7wg4Ifc>SRf$;X zPWT6(NZ)Mv$J5c|&dad^Jv%<-pwIfV_CBu^aWlgS3T@*!Mmmvht z!ZIkMZolJtGXail9h)j*SH0_bn$|qD%%rtL$QsYm=&;uHgFN{T|=<(>;BJ6yympl$-(f*P6!Y$)ye^{Q#uv1yFmJ0G{!_yMMDEvq=BuLOAnhjIZZYIew_TE%(tP}QOnrkxcKGdp^uf2F<`=JYc2b@R2o6J z)>zXTU%4SBWG#!LEA47gp;MmI5WW83U>XumYG1#z0pU&bK`#4_q*TeiC;6ym81u_I zwz#|`O4k7ur6kyTc1V`b01W@d#n-VgRYR+LD9>V=qt#t`&~z??N^0%Ll`o1aS&2&E z{)|&;m-2WoZA<6bz}%yT>nokGKyw|$Ol7}23D2AxM+tv!0O6G}=!-|$P=$0Xs=VcL zX%IjxR>LDZ(|xw38UcdZeqTXfHX)fT3Te|W6jQ$U@(XD(V_nf>b>wMXpJwL@lioC# z^YvMwMvH!nbLRrTOVwI2dvOE8q?krIU+lHvU%^QTiu2HD%u8kKv_xsyuuOQ~j%+6r zBIUos5_G7`P=uGmux*3*#zR8r!uw(!RC1m!kXeEP9dLRcv4CMP{LMF7r!? z#zYuKE!7?UDl>z-mWeIYuG38DY;wW?!a{aoKGUt2(^9Ec{r;C)7Tf~@=o(_w_`P<+-W}fPL}3clCvA=0{YMTFp>NITPM@h`(Ww`RP6`a0YU1N}-0i z+C=p@F$Zi4fsZ+^#~eQ|y=~84(H3D*9Vw^_C?Hyt)x#O63XRq!_m5M|$(rp$o1UA* zg`OsxI6SOj3gbCjeN-^^19M`zpU}AXK zmFM0Aj_Nz2xGsZsyl#IYJiD&zT#C&F^qrDst6}epM2kN#sH{m-@VT6+N6=Q)FpoZY zN$M91kw60VY==~^WjhfMo5y}9ak@f%s?A!Fn~Zw~%PlU)Ol+O(H#?Vo%EiQk6{9k3 zBd^3Sb0<{v&SmcwhqaPoR9}QvQW&$%6-pdvTjB&o^Y{q$% zzgs@l!3BmX!9`QwUlzGK2<9VV9#y%kPw_Z+4e4|G18)fQ?rJyJmoHn*3Bhd@RoIU$&OCjOkSZgBO3T{I6SWYw4+q99pI9Kj2ByL z!?uRkLrw3cr)kg~PA7Ywdx|Ds#+m;t+o8UF53$zNQs+FR`?A(zH;w6v`89G)Qv$># zItK1_)uEghl37@*5*PIM&4sHVE8>NzD;H4srzuI)x5f!nR_!0<0!0up4LB}XgBf@i`WQWsK80FxK$F4YeU=P{OUcOEBAF z1fIY3fn5EG*v7bBs&T9bX3*_|q8_A%V2@;ppM& zupF7}vn&|hrXs*wlv1F!E1A8wLtebNi8(rr`fC6{=8HTpM(kq7-_F-@ImhSN;VfRD zyjt#GC3=O8dc2*k9=)XX_i8~{g9gm!{78e&h1i;plE^qC*bf{8m<+P24*e*cC!@&W zBDE-5)t@_LdECWe`0#SJ(l*^-u|+MiBGCE0WbR2^uK>i5&glZ8g~Dn)NP|IFIGepR zk%n|3u3$NXo!!fA@g=Mb{OYy8>db?SLZ3%Nh;jSa=omrN0D&EB>22esHsayi?b+(U z-DSvzrl-I>4v5OHVaXBQX0P&UcWs@B_Np^)LAQ<$v4BQhseW18I(M-e6Z9-?A}_4? z+V>d?Z|-q>z!QhyXQ4yxIu>N?R=*)RN>%I$?yn`kN~oRCkk+cxtM?IOo{REPfJTXELz3u`)5V+fy5kp&knY!`dcu&{DF7(YT(M8 z9`t-BA}J~d@KK}bZu_qqM}=y6qXAvP!Uc$uDvpNdx*WHxY~~<&davNDtcGB>jc8Y| z7cDJEtsE4nK|Drc@Q(T53uT`t*PQc=jB`5u!{kS&6CYF!)J^I{kAcaW%W5%Ku3=Si z`4-$>B>LAyake=~vR~tE-+NU};!=D=T<3Cz1BY>ZqRG2p$zbi+c4c)QYt2D_6z;4v zs^>|uS3IQGQhlN_5_0R^s`O8b<@u4)9S);b{fa(E@762|QLancq_-gOIYLp@FeUKq zHSHj=zt6DxHAuu-LdzwRcy?oinI050!TLyAfNQP@*=Gxt%E*bR+HVJYFmnak9Bf%y zz&s>_TzR}C4Dz>Ru;!hYQp13EYK4QtV!}lX!!^mW9URplARG=XWNc}zq!}rSr9(e* zxbNyuV#>pcT&WC)U3?~>zhjm%vm}NKu14hv2JIfsmo>!act_S;_Oupo!VqM~Y`w@F z7n2ktwAbU+v|$$(UA7HJszD?Fbrn#KxJoKZBJZm)!z#?<-qCF7MU`O7+U}b5Sti*9 z+>3N7W&W6-l*X?dPFBvc%^R${GIr`KN=r@>TOJVaoi2dJFn3S3EJ7i4LBzH}fU=a0 zt#0-w z^C{`&h#U)5q<$;3`WgPxbUmr+7c5-o-O_9HFwX+RRfgZ)K?+wz>-Qlv=X*E;YT|M< zK%uc2!yD%8Z`f~9LnA@enG3xqud6$l76It&mZ1rA`8DZP^{++)HLI~#b2hvh@U!eO z48{|sOV?f_DiKpU_YJcDU{|+#+Z7>3{HxWod`vG&u}anld6w;eGuy0l{YYH-9CvE7 zaF)E54~W$S)~HJ~wS#kh)Eq6jb;c0NtEgCT>Y_IZkYWiSZ`zfbmN$kT@jon6F`p4h z&7Lk(oD>FB?B2YWha{!GQ$`GF_2yYUrD@w~AL68l=U)XY>fm7dpsb824!m&!5MYpZl-A#vD{S+N=pD&h1a{c1AKXc<`*k=5!fACQr{PV~euuPfM%Zcrez zIhQwApYu}eP+Z?VtT=huZMT_|j7WHo9>IU5{C28VuR*oFQH>%?$CC72aczIv;b2{o zS0ula;%j<&s2*x zfr5%1s=-Ac)fM-%+}CF+8)$u0H6oSOg9Pnwp+k z#2tXtCsduvMkcJg7V?<}i`OL_mYJnQS?k2fyImhz-rXVry;_xu;^Jq+V${zXC^HUC&T{T=?HxCpg6sAKM`NwB8t5@3g$sw-}7y0jG60EwbW5_ z{A)GYrw0!o;Bod#AYbcQs*dzSn$-qoW)Bi2`Ztg1RT8I)zH(XbRb4CSDO^Ai<9jP+ zhhKI(Z%Uot{CV> zixEXj1(g}Ku1x(#ZwEO3o?f@2^WRhEBqS+NC_l4l<<&e|u`{`Lj~shPeO;`H*)vap zNCjM-&ncddLw8{I5ckvia2}gZHFz9DXZ>+#{14B>vfhuWd9&N%<#N(b{Hu^eg_*CugIl@{I4`p<tHwCpA!|7dmT5S^^OE^O|bJ<@OY(x z+kTRHYuwd#(M$P?eND5xPXniAB{%4&HzGU~QhSl)mz~R%Ux7qIeTp(`H11@gD;=@#SQM^C7%yp6kE|vdvo(tJtE#au zpMv&t58d(tlE`C4y+}}o^p-|Fwo!*`7@Y7>+lv4oqzjjery2I(PTVoSes{1RbvFBg z=KvXLL}}|B*>iqpTkpginq-uceI?_*g6KEX<7b?QCXwXe-fx1CgyIO48#Z?>7$fe0 zA7$lEsi-VlA(t?$T%l6?*Z{0z ztS41c;L_4(3hl?#qf5*3(xrtV!Tjs&FAH7PG9kgpEJ?h2Inq}#TrMD}so5MG>e1rv zLikUk7B3JYZb=TSFRF_JvBE53N-XM&50W$8G|2__VwKJPbD&~U6pG`+7@9@#P9wqi z8PxPJ)U{=RPLX_f%;?0{G?1E5p>(Pw>W%OUMt@UiuZlcW+xqL2b>mu^O1IcHbO}1N zmXinQw10T6a4l;qZ;oucQxT~LSxbyzpBKs6$A3A|1(X>+T<6VBD$8E}s z1hk)?7PNefxLIhi+vv#s$~7q>TK%^XxKtorjjpCl1w>qg+}s>3)hfO%AtX+s=r*NW zREWh`6MJ~<8p9vPr7LBEdD1ABAD@5n!SW{dT zO%P!*4&5U;Wd1V_(CVs$i=nACe~fK_B32Mm1}{|V|@$xMJgbtb(m2b z%h3gU*94j1Q;+*z$q`&j9oi>8G>gR@Zqyp*`BI!?yXLWC3b}~NG$px-h1GLLaGz4j za;W7+7kaad)->t>oj`{6sXoL!@4lCKnrpm1n&VewTPoe=RS|`bu^d_KUkDk79y)v%ePKCpf?MOVGP`3 zCh`{GdY=-`V0+Yj+=vB7G24ZRXV__1^ZKmF`Q5AePN$E@Y|m*m((Kdq$%rbo*Rzyt zLfWGl@zZ*7i=k0-GDIp`Lxrl^`kuyHOBVM6ic*+0utngMcX2iq(X87yQh`{7uUqF6 z$PxzzmjbLAxCH*}du0n2LIq58GXYqic6;%pN-q%1>B188OH;h~jj0VYW3b5trR0Rd z(J3HGScqBu(-1?ov!_4A&R(Qq{#NZSZQq`r_0gMuRNh!pBMt7p)i9X~;cpHR!L(g7 zZ}I+`Q;FzF&`_WFH2E-x7|xa3?qhB9mM~OP3MJ)h z5_>%4BugT6wgB?<-D^)`{N+qN(lt$NLM|&>RY8z1dU@X%;WS-)gl6tY!XeehuvAHWE#V>qq%GWCtyR^K9FBFcTukHy=ASfiPpXg&YU3mF0{uV zx-$Z20v=ax5wh`JulT{<_wSe;b*)^;vtMua6j@-wy7V?_sYc1Q%12>TmWUoZ5u5F4r2C`tg~ zXzfibez#(2kj%ct!mu_VD%;k=*T@?*>30|F1QpNA{nihvKu-Cq^JxT;XDGC=opXUT zd3&bv%RELDCavD1UTI38!B1*{x=5AIx3t{lZM}b>?nxOe)tIB9VR0C%wNw)vXI00t z1QO^gOvJW&;Xl=ish%?vRU10G9YH~;pr$6d5|3jE3gPUof|RO!F@z?5!Qn>C`~K93 zQp?NhZU>fJ(A7}^ii&;W`G8YEh?zo#H<$XTCe5gkET!ULyo?v0rFg`K*wWC9R;aK< z`=EOMk&N|X;1d#?P=>jo;$x%O)87fl$jnw!2ST;(Usk;W^V{y{f2=K~)uXx^-wvd~ z1SXp-ne-2)9;$21GfpexOM_I))*(2OYkR&-2-9TA?c&SKu%H-Q>5@tV+jPeJU%%IY zs0NJQOgEkGciRy^7NRHPl72$Pp>p@v67t6ypr|x>VAgqQ^(zGn=YMYt_R)=*+QqT`ZsF)naPy}gS#X+2lKoZs3oc#3dpLQNv$?+Y8 zkPceg=&M_}k;xqHmSv1b585l7#@OBg$tlhp?E^+R>z4(T*tDQwuS3Nx-zZeqdLYf! zren4vZ82ufxH%o3v)#mat?I>6V)D7#-z3?yqnYB2ysk>UH=o%(HX@0hc%pAi61HyU zVHj$~5)x^=cFeQHVPZp(%kOm&mO6AbK%>{9Ap&04>_Ww8mbaY8sii^u{9EMurb!Q? zjqnDO*PtKIE>ZR=uUdXVpNd*$zsZqMNiE>o17?Y&MJ)&>TB!vxa4K(O`f@5ivu$z! zpG}q;bMl2BQ1Yth^eBM(8!qi-pJ10O_a0$n=dgO7mzkfE*H-Jqvl*Gix&$hO?=LRi ziiC!T^f3#N=`@mC<&(~qsm<>dP`ruGQj$w-wteOj!G$^t8WGO1G7vT$*e4%r7jCT#6QJpr~yy}Z6 zp|LyZ?RiFR(`cP-EpS@lO$*ZQ5M5TSt)9G^dbw}lnm66(@WG*!6VUh2tQQ3&a}Fg+ zkkm7_duwb}A%5qIUqBT}e*20XZizL**Iexs{#fe0r%Ccz=qAlfA+X`vS?s3Z!p`Ax zwc0EE@GLlnHt7ys5G&az7m*~YXoJmK2F{`3KeD9jL2G#l&)gye>#qW z<_ECo!5T_4;pvye%c+gfWNse2GKVQo`XE=61P~^zZa((vd>3oly|A|H)#TaaUQlPc zS7O||U4>n(hwJIt zVnWGskA2YD{PMaStsmCR>wFBUcdt>tSF>>9+-cWk7N<}Fu0LKry6=f-9dHGa`FWGW zDemzXGrb8#S2U`xd+8!b>F`^-_{m?X)#K{$2A+sCH%jzRiygQ~Yz6K!F}swQc`2za z(mHZ@pRd=jZ;y9S!C8~+T}n$e0&4q>+2Ab~7D;tWmp>=(n{=t~My6y9MSM@`%}D4= zxgvy>H1;c3=cUL-9mdS(xYO&>@66h~&aMEXzAU}6Tufn+Uqrb}V7CFg#_PZl!qb)0 zLhyHpfZWBJrgZ`(kf4a$HNmu{h>KNfzpJ>dg;eU%H^rpU1Yjmrz5B9gZ4HZJLNTHe+N_jdaarvj=VFwX<&t+g zO_lsvoHN`kB>AwQgY0<9Jr5aws1U{d>GE4K(#1evC8b)AXqT)UnJ$4KLP-1=fL^w7 zMzTxD#qrq8L~*xkRpV@8+4emsiOMdmO|JDEHq`32zIOqXK;Ei632udP$3{AX3`~zy zv))+DDPZL=qgK~e!mk>_Mo%Q84he**T$d7H_T;arZI~68{ zekJ5lHQ%e{pcFR?I@hzBH>kpD#SB>s53Q)k5`p9;F~Z?CBwyn^(_3CkBjRwaUOdpmQgQ8QLiF3&=X zyl7vuXF?VrlTLT zTPG7E&z>}7HD@JtyvuWEKBA(C;Mmu0bLYtkqWYmpv@Z36F88#At*slaE= zS4P*zY{igL_Un`U%~XQiR_OQvx>IB`eDv^XynSa?ALG^P(z`2}gTh&3*M+x2X5rlz z>FWifAJL^!dB%Fl7c(U! zl4$CbjC7UoiiUk~^bT>#)#w3l&Mr|q>&Z|KK99F?7u(h{xsdqa`S!b<8*5$X7C{dc z$;@y}VEY@FGFl5#oREfik@L7t`1S}M=-oQqWmw>8yAxbzaA~S6bZ(!lS0O|Cbj(pq zCrSYK<88lS`adlck#Sk_^X=zdiKJjslF11@5{x{1Zu6>94T;p7B4*2AEoF=20Ip95 z)2%Htguk9iG0{{^*!41XuE`68ywNverA>`-QMqqRsFG4evlFoVPgj8GOEN!ICb`wX zmg>%Lo`8=IFrj!Tm8Nbsq@QsM5V&H0>iU=S_@8b@;G8x3H&#HqxkK~+*;wF1!W;I% z?Gd+sdRPAKXZ_;jfY16B^p@Y_^u zPgYx;H{bC!_@Qh96x<>FuKT8WO6j^8Y_aGW-3vns8{tGwOR-++A2%v`pEhldkD|WB zQ#aOnG>TY$I86u}TVTiNU7D#oWOj_meBtZc!ZUM+r0G)CZh`V1338)WpT*0=eh;UW zw);+}i*?D0sr-`qe>kY_h+O^X`%cLn7bqnl;IkF5cn)5K0tMxAV?c@F=7b&EMm01uW zwI0ldW7C%Y5*W?Mho=oayY-vgdNGvTUNVMY!c8MX%Jq-T*F5u8&iid>buTBus4ZyW zS}FrR2{~X>EjLHZ;cm>;?v~l$QE_*CCpAd@#T6g@bmoUc2%p1YjQeG!KRBh%il?*S zV)gP2QHL<^jiORG-CrDd%ywC(!Lb3q;YbkPSXYfBJE#EP4ERxjnm+xNcG7PnceKKI zrHM3Z0i_g6_ldm4ur5`n_tM=-zLui?IIHV$6!4c8O|~Z75E#OR&nE=07sjukhTQ@loIXx)Z=g5ukXDbwp2J$V7O+L*Z zeD=m0=a1H!Le#fH(9TOr8#C#nOuo|(9{Y*e0 z6qtSQ9;rFz9$qag{f!|Z-tas=k<+0m(R+E|v!QS_;2S)x!CrypDIu5cqx;4GdS^x= zfc^%^|G2T7zm&{4(Ji%9({oo#;$jk4TS|8`j&$EG#T(cj2Y?bxS_&6W5NZxe9#u}8 zl$%Gr`IOM$%$#AO9Yr}+noUGiy0Ow+dB>5*`sjWCtkwG01lp~3(WnF1d|nm*3({fZlKO@haHU?&A=DA=i(`YK64 zuA5mAvi%f0{nqIDP1w{sob)rr*K$UVM!K#DgPU)vl-`VlhY93q5CE%%bq03#5u#KuTkxG29F~nWo zbQw_ZR;c(+%{sLB3WL0M9tOyy!-B^X)can8NwwyH$-&ZLZ?SmD=Nr$9!V7i@ChDkN z9vgOI>m7c-q-X3Oe}8(DbU)pw1o{4WYe{G@T>n7Mw|fo?S?~mPBW0$*R2L4Vnb$11 zOxtcu>Dhz*kK^D=zlI=y2eo{*+9KU)zTeU9WR_md&iOTUak1uAO2f$@kKFhFD~Xmb zaK8NAt~3a2P^k6+x;64kzK-K|-u(}Gf`uYr-}tkmsPS@Jx5hnr(q(szB&GkW{7#DB zDe*!Lo)#XBDS)D%vnC{;j%5Pa4@ZjhRt!Rk6=ybMbc~+G{oL}n+)_3Q7yxHx#qg5t z7OU81bznBRvrT9o4!Z@wD|ELywH44h$MV?-RMx)RRI)tW%0}6qJAbrezp{u|Zn_Z# z2S0?bT-cDe!;L&z-rD52=^kS63aeV+Za$H?OJ4Md%YqZy-JjQ;5a_!^a- zZlAGmu^!Df@G99Ztr}HwB~lqF*4OWQwOPEcu77nHPrQJZP3GaTU$QDQEL9@}*&o5= z$NaOQ zt|XFFRO~EdS>L0vyk11$Mb1tka`{`$Y40pZJ#}`7R3Xjjxu?7p+2f86|CpK0IW zc;f=e!ktvOf(o(t2sc5YSY)$i^9Rxo!so&mwc^!#h$3DA>z@@b91L@tLx#Y@UJjT`^ z4Sh=EFWSNBIq@THh^7m7#iE|nS**1VM|_$N)koG<3r+ZqLn`|OQ%&u?NwDveL7ZMWdKKvDJ8IT^B^wJ4AWy2JIM)DNM@Y>5V`#nA;xap@n*V$ zihqK1rUuu`g?YK+gCVcc8WbJrDA8pdP9d;i{tChaSdUky*DO4VNdy62>M`uD&tz`B zO_e-so8g&A=+N`SsBg>|*KR zee;Ex(fyq~h1U8fE&Lq#g9XZIGj*q*cE9%91rS;!-T!TVXXYc_G;)q$GyVI)J|HlK zHwRKCnZ#mI4B&~BaRNeVXmDU5w@5K{S>$Ro^s52&ZZ@@9n`Fn;CMKRNH?!~CjPuUK zC>)c@%@$71*M=^(h^jic3LsZZ;Wf({DX6WMrJGs&Oc=(W$OuT0D{`F$KK{w*mm58r zDyYY)mSr_+StWeBABa)vE2ou>S;I1?;Sjl`6P)}Ls3b{v{|xIm|o}46N*MPxDF-VAkvXZviR_ex!GdHwOzeg z)nldBT4%epu4R24WkV7!tFQB1V0TgZ4w=_+;C@NiIUP9l_nm=1%MYl0%-3875IZzd z;x-0!W~ixBfdv8pi7MC0N0kQN@tou{W;b4cqh;Z*qF?8et@aW8?DYYTdRLBH!|@cT zj1}K$aA&^3rLmu_DBJUNdu?o^WRRHsRw=(?)@4l1RWvTS*0s*_#GN=w*nU)%)N%Zh z`0-p0V0fZb=TjCs0^sM#*4(8U^x;%IU0tQ|YU=%%TgBf-U0IW<8uFW_NW#*mw(!2ry0BsIxWHFF0%UnU>g*+vLDrdir#cM?jzcQ1!SZ{HFE!Ri@R<96h)CqJq7O4sc6a9w zxX3pD@J2^U!5q2)CiyLyS^+3FPw(5SocEWL*--lecwi{6wL!No@|9#S;P1)Z-=+ay zdRYkXQ?%A)Uz7f#dh3;tD01x=vrPJGdY@Hf?v#qp*lnjl@$w;LuJd;wbT@KLQkD+H z&^7mDHR0_fhhg%#dChDD#a{l=>>K3vTaN7R3 zcq4BML${V8w~r<>z*XfbBOo1mqRgw><&8PUN7Xl9H|A4uaO}5?cU_1JRNIILxAKUSY-`r=+S?eHN4rdZY(xx zqfxIv)N*|*g)XTrtL%*rnxmIrR?_Lqhw#_>ul z7Tu+twH7eT#Hr%Yz8p*W<1ywG`mtXLW2w+;UL>Q!KF3G~OtvC3QYV83LfAn@oRonG z9Q@uAPkTm|BRvkqBTC{g@OurciI%R!mfy*Rpjn0o(Uf^@0QWp1Suwo>s*uOau-FW! z5EC7(7jZJ2HtpxM>)+#!F#1ZMl8`c~HSRSp*zLf1b;BmecJf#oTja#C*KTW$O9&o^hx$^iBddB$&!9x3 zb=bPt;2`@JE6pXFWg=<`h+dmS$Zr;BHH0@fKoF?cQ#8Z>=?tvYPWJToYkLq`XLc@j z5^Vw+dGR?Tpp$=)g99t+Kq&3rQX;< zIG$GKfiZOXHr+x+6(Aa)(QgH6%UBT5bW% zQr`>V^qIyCUc%Gv>S(&tmb;!9U4wl6ewB%L(?)qU&BpPc2*uBjZGYs*q;9D}`CIvs zAG*PPZ-Zi}0E7ATOE*xha8*A|4J`@~#nsd5Rkdc%a)5KJ>l$cfRO%K>9L3QJ)T^~q zanhMKg46q&XncBuy<-B+N1*G;4`lZ784$WpHX4w7hA@d7(UGzHgHmHv-!()qtL6cg zSfAqF;#4&HeH~bB3u=UovsOn!3dPmcVL7}4CMZb;^oHx;({Hk57ip<;u8<7EGOPSt zD;^?q|CkVn_xKF|yFOiTN^0&iyMWogiCrN1+FeX|3~Zvk?NUbgF>0o!qA!?iBhQ$1 z`J4^B7>EVyqvTg1PgEJ|M_btEaBFfy9=^PXe9-!rw{pt)Q*m4tC4 zBV{M`aLNm83k%bhUW*>K4?SVi=AEAP9f36F#RaN0JPtBy|6~8dj6QnD)^xqi z^}SEciS-k5-mQh+((h7zFCBQJD1|qNzqHi1u7|Y|c zlAh}EJuJj$0{U*HiBOyH%4*swS$PjL7pnU0_>zKbm0;KKd+}$RBOksj;xHiAQC+*p zgl;Omm^q;?&#XitU_tIEGWiH|GM@{j8?v*wJpM~lR4Gle5E|_SmGbAeNjg}wz!0`c z_1nkn`*aAC#+fTY0^*Usdu@Fi2Nba4HRy)50RSDshQrs0L*A!~LoP>ow(;~6*|Ts~ z>fnIL?Yh0if+4==)v+~uq6K&7yGie`#1m%gbHWt2mRrj?o|o8$2hKLV2sTH5jlvtw zId0bSf;>vG5%+h5TRE6}`1`~aU0G|DbD{)}&feq_stZTIhOV?dz?juBsjKTm^@dM~ zAJe1b>bFpr|A4}pL={Z0+yhc78NCm2Ds~4ZUq#*S{y6_$QnddzfcBv>8?SNewQMwz zVn_-uIX=&XXx#%zh>fD!11D|4<60jd{z>;B1^bQfmw%W;|jJgS46H z^$T5#T7iyJB_wuTzc!)P>TI3gmfs6lOHtU7#D5Q7Qb1}K997L%$~IBlLkXNw)4feINWGqb#4#8l`sAelWzFq;Of3<<%LMf^ADf-mb`-)BdnHnUe zZ8KPf6__%ZGqvqTIxO zWZi9|xgwRzRt)R|Cb>8K$LV0*KqvYa*G(d+H1UQm?6ia0e_Eh?XKq$ffT!uOPj9Fv zZ;uz!FYBUSOAV$=CekH+ot-~tCe{d>m@;&s-W{Eu&@3YbPle%5LJK9?toM|#$WLc& zeI_lF*lUNj^3&9^b*%p^1B^=x8>L2~30rCRkll=y!@gu_y;SYCNjx&8YQAQFsd?CC zsg2_Px{~_DyNRAwbM~)|auSR1^HPLlZE`4~*rA#fn5$hB#yH`}%IO2hNZz09&mv*Y zLLZjp8dqg%I@S`nI*K9fn>ZmrrDx6$+!5dK4*Bar zC?JOj>|mfwC?GjVVZkG1=6G?EYKNtJ#B#W@y=Y#HjAi3$2OqZyAiW^F0ht@?h0#M{ zDx7=9m#k)(d|K0_-s6*bsviyZ3o~!`lk?y)=Uv{$v0uJm;W-NM6qbcX^NQHy&i%A( zF)Qqr0*uL4=4FF9SCq3BY@(qDECeA_O8Tu@TRVKKE6maAT3akvl2ev;;0LS z0~F5fsBM5ayX$PbR5K|&{>z{dpqMS#M5aQ)?QtHiJ6@I(UUM~i@<>A-S3LKh(2;qV zr8N{eyNlCiCDj+gCcFlFHd&BL$hz|;;XLU1&Qb4B;Id0+_b`>gy*=OQ^6A;GADYPy zlJ!n=g-hI$T8%zJ(Gb2c{x`c*_VS3|S+~V zwyC+wy|jsAatLIi3WxQDa6oyInxWv%v~vi})Uba#qkck{-nv>xf97pifQfi7V?*g=Gns^5ixig%{k zw53wg@*1z(aFI>DTFZCY#`k)DWVO)v`^`VY=x0LN9^xuNAj#^T(CUSn=O6g-yx12P*NXPAZytv*EV zhYKsFxoA&egtQ)Dxg=Z;EJ1F&o)E(Fr3ZoM}ZyRKKh3A+@{eo8nvY zi8~B~VH>vkM3;)&RSm8Oj=fWbB=+ZrIp0127AOFSPc&n2bZv8-c&+Yp{07lY&Px0@ z05E|OxK16_Hi9Jt_;jCSg=wnSG{L_vs=Tam`1os1BI58Rqpq>j+`ce=n6C8V*|JrJ zD`Jk%tnrtTmRtVbVR{-&Z5zRV=E-j!Y>~(7KfEItB*3C!X)j>tATYKboW579J{$JA z?gAgzs8vZX`5Atz=l2Vh>+~10nS{j9E!KVgYOJC3atDf~E$;)(K#*Qj*6`QX_M^V% z(ulmV*}3$f4K`%F`BVY*i}>lLHOuKwv3b{J5+r6yqGQ3Os zC2qCnkEPLkuTr0a8MC~=?4!{=d>3UWFgJJNDvJn_>mdHOdBDMzcPKM+8wY98NZf$h zT&0$@=^0o?Nuza4#+g{l`xRhK>zIe(iM*zV^sKF4ui%Wti95+7;rcFOTipBl93?r< ze~wdkA_^SaMB)KlL%s>@e5rAqnQivRs3TQSTp0wU`ND^8BeBdv_A!-t=CKj1LDF5t z5|q9AVKKYmG75t_i9YgS49O&;Dlec)TvFP1imkW7scH@kfBaW|5&jaO%r*SFFz&t$ zpq+wNZ*JhfRT}>~1or;6G6U~_$c}2EOuM1f|5sJ?ABTQ@H=N(9u`e_KEHwVxZz!7s zMb5sITlet(=kEexpV>2@s;aa7&gOrg^(n&*QQl1P*5|(iyjKB5&cc$Tm)!rWF}EMa zBmy-dcKTbt{-&+UIyb?*rpHsVzd_se-JszU2|oS)7m@wHO2`GwKsOkfgueX?(D!d= zHoL)`4?Gh6^KXCq=b`#@pc}EVlpR=qbK%$lh`s8@y_ar()0+QDq5b!(E}94o_#me{ zPX+(xe#J@x-7w32Q2BSY>H(ntF?_clQvOYA{&O4ua~uEjHvZ>r{Li5Jzo(=B466T` z8~;B;9LPMZNWrZ0+uub;xBPJKC5eTP!o(Y)B%e3g|7JRW3WOdCnca~2O!3%4tNuNJ zOz-heGW~yx31UPwH1w#2qzZEfbNg#~2zz3grU!ESwd5!$ul^zeRw+KLYZ$_gROsfAb-s zBJez|?789pO&s$420#2*Ufu8}HTYj4*k6Z!Z8wom3Wd_&QH1Y2s$rTGSOoUnQ#V{= zyIG55J%s=j7?n#)P@1xRT};fn(94mkN6N1G`D`w({CGZq4lY(Yqkd}M9VA!qor!Jj z88wjg`gjLDVL4bEHM~jjn7;R~z9of;3LlfYxQ^#Oesv?B>yfzmFOpbVbdxe2gZ@p7 zI->fpV=^dq>S1_@iQLMt=gp-6BtiPkGK&Te!GCFjMmX;=7A`4*yF)yyosLGJ1BR)K z-*~_YkM1Qk{37#iub^bo&~JN_wZe0Zlns_sYZX`l+Sp00Ty)NEiPPRtqVDjhU52z= zwZ1s#N6Zez0Wr`r7C+U=Sg;Ajlu7P)IV*GU*f;OXXr|p=(cznGgIrghpnpbB`J;9oF1|vzp;EX!?Wr zNBNnl08dnX+QI%II8+QMF#Ccqilh$~fD2I?E?U;WPW5`!<6qw)B`Ehw8-&9m&ejj3 zFK(`R)w3QAC38=14>sLE_*$JWce+K^%C2j2NPOASNYJVBCO9|3BI-Q!FLXPcMp*`) zG|Z8>u%TAIu{KrByiRh>{MU*qRuSk?63Y@=FuK=P*u`4d&b#TcdzVQ6vzs2#{+|h- z2w9)jU2J#$$zwCAwAr(|!-1=FtCW9P|M%MEd!@Tc#E91he0>LS9p{noDV?kKhh%)L zTavfjZ_=*I%=dsM<^*l`yt`B>Z^icfO%H$zKv%FZ?d$XD=LV(cSMN&X{s6P-DbEF$ eUcarm@u&Vo^CkDC*VU#m0D-5gpUXO@geCw1+7ZP7 literal 0 HcmV?d00001 diff --git a/docs/index.md b/docs/index.md index a68c8fb9..c87e649e 100644 --- a/docs/index.md +++ b/docs/index.md @@ -10,14 +10,14 @@ Scale-Out Computing on AWS is a solution that helps customers more easily deploy This solution is designed to provide a production ready reference implementation to be a starting point for deploying an AWS environment to run scale-out workloads, allowing you to focus on running simulations designed to solve complex computational problems. ____ ## Easy installation -[Installation of your Scale-Out Computing on AWS cluster](install-soca-cluster/) is fully automated and managed by CloudFormation +[Installation of your Scale-Out Computing on AWS cluster](tutorials/install-soca-cluster/) is fully automated and managed by CloudFormation !!!info "Did you know?" - You can have multiple Scale-Out Computing on AWS clusters on the same AWS account - Scale-Out Computing on AWS comes with a list of unique tags, making resource tracking easy for AWS Administrators ## Access your cluster in 1 click -You can [access your Scale-Out Computing on AWS cluster](access-soca-cluster/) either using DCV (Desktop Cloud Visualization)[^1] or through SSH. +You can [access your Scale-Out Computing on AWS cluster](tutorials/access-soca-cluster/) either using DCV (Desktop Cloud Visualization)[^1] or through SSH. [^1]: [DCV](https://docs.aws.amazon.com/dcv/latest/adminguide/what-is-dcv.html) is a remote visualization technology that enables users to easily and securely connect to graphic-intensive 3D applications hosted on a remote high-performance server.* @@ -38,7 +38,7 @@ user@host$ qsub myscript.sh ~~~ !!!info - - [Check our Web-Based utility to generate you submission command](job-configuration-generator/) + - [Check our Web-Based utility to generate you submission command](tutorials/job-configuration-generator/) - [Refer to this page for tutorial and examples](tutorials/launch-your-first-job/) - [Refer to this page to list all supported parameters](tutorials/integration-ec2-job-parameters/) - Jobs can also be submitted [via HTTP API](web-interface/control-hpc-job-with-http-web-rest-api/) or [via web interface](web-interface/submit-hpc-jobs-web-based-interface/) @@ -63,8 +63,8 @@ Customers can integrate their Centos7/Rhel7/AmazonLinux2 AMI automatically by si ## Web User Interface Scale-Out Computing on AWS includes a simple web ui designed to simplify user interactions such as: -- [Start/Stop DCV sessions in 1 click](access-soca-cluster/#graphical-access-using-dcv) -- [Download private key in both PEM or PPK format](access-soca-cluster/#ssh-access) +- [Start/Stop DCV sessions in 1 click](tutorials/access-soca-cluster/#graphical-access-using-dcv) +- [Download private key in both PEM or PPK format](tutorials/access-soca-cluster/#ssh-access) - [Check the queue and job status in real-time](web-interface/manage-ldap-users/) - [Add/Remove LDAP users ](web-interface/manage-ldap-users/) - [Access the analytic dashboard](web-interface/my-activity/) diff --git a/docs/security/update-soca-dns-ssl-certificate.md b/docs/security/update-soca-dns-ssl-certificate.md index 556a3beb..cb1f00b8 100644 --- a/docs/security/update-soca-dns-ssl-certificate.md +++ b/docs/security/update-soca-dns-ssl-certificate.md @@ -73,7 +73,7 @@ Make sure your browser is detecting your new SSL certificate correctly. ![](../imgs/cert-9.png) -Finally, [create a new DCV session](../../access-soca-cluster/#graphical-access-using-dcv) and verify the endpoint is using your new DNS name +Finally, [create a new DCV session](../../web-interface/create-virtual-desktops/) and verify the endpoint is using your new DNS name ![](../imgs/cert-11.png) diff --git a/docs/access-soca-cluster.md b/docs/tutorials/access-soca-cluster.md similarity index 91% rename from docs/access-soca-cluster.md rename to docs/tutorials/access-soca-cluster.md index de75c051..76e06a8a 100644 --- a/docs/access-soca-cluster.md +++ b/docs/tutorials/access-soca-cluster.md @@ -9,7 +9,7 @@ title: How to access Scale-Out Computing on AWS To access your Scale-Out Computing on AWS cluster using SSH protocol, simply click "SSH Access" on the left sidebar and follow the instructions. Scale-Out Computing on AWS will let you download your private key either in PEM or PPK format. -![](imgs/access-1.png) +![](../imgs/access-1.png) !!!info "SSH to an instance in a Private Subnet" If you need to access an instance that is in a Private (non-routable) Subnet, you can use ssh-agent to do this: @@ -35,4 +35,4 @@ To access your Scale-Out Computing on AWS cluster using SSH protocol, simply cli ## Graphical access using Windows/Linux virtual desktop -Refer to [this page to learn how to launch your own Windows/Linux session and access SOCA via your virtual desktop](../web-interface/create-virtual-desktops/) \ No newline at end of file +Refer to [this page to learn how to launch your own Windows/Linux session and access SOCA via your virtual desktop](../../web-interface/create-virtual-desktops/) \ No newline at end of file diff --git a/docs/install-soca-cluster.md b/docs/tutorials/install-soca-cluster.md similarity index 91% rename from docs/install-soca-cluster.md rename to docs/tutorials/install-soca-cluster.md index 6b5a3153..7de2d238 100644 --- a/docs/install-soca-cluster.md +++ b/docs/tutorials/install-soca-cluster.md @@ -6,6 +6,8 @@ title: Install your Scale-Out Computing on AWS cluster You can use the [1-Click installer for quick proof-of-concept (PoC), demo and/or development work](https://aws.amazon.com/solutions/scale-out-computing-on-aws/). This installer is hosted on an AWS controlled S3 bucket and customization is limited, so we recommend downloading building your own SOCA (see below) for your production. Always refers to the Github repository for the latest SOCA version. +[1-Click Install](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?&templateURL=https://s3.amazonaws.com/solutions-reference/scale-out-computing-on-aws/latest/scale-out-computing-on-aws.template){: .md-button } + ## Download Scale-Out Computing on AWS @@ -73,18 +75,18 @@ Download the tarball from [https://github.com/awslabs/scale-out-computing-on-aws Go to your Amazon S3 console and click "Create Bucket" -![](imgs/install-1.png) +![](../imgs/install-1.png) Choose a name and a region then click "Create" -![](imgs/install-2.png) +![](../imgs/install-2.png) !!! warning "Avoid un-necessary charge" It's recommended to create your bucket in the same region as your are planning to use Scale-Out Computing on AWS to avoid Cross-Regions charge ( See Data Transfer ) Once your bucket is created, select it and click "Upload". Simply drag and drop your build folder (`r6l1` in this example) to upload the content of the folder to S3. -![](imgs/install-3.png) +![](../imgs/install-3.png) !!! info You can use the same bucket to host multiple Scale-Out Computing on AWS clusters @@ -94,11 +96,11 @@ Once your bucket is created, select it and click "Upload". Simply drag and drop On your S3 bucket, click on the folder you just uploaded. -![](imgs/install-4.png) +![](../imgs/install-4.png) Your install template is located under `//scale-out-computing-on-aws.template`. Click on the object to retrieve the "Object URL" -![](imgs/install-5.png) +![](../imgs/install-5.png) !!! info "Want to use your existing AWS resources?" Refer to `install-with-existing-resources.template` if you want to use Scale-Out Computing on AWS with your existing resources. @@ -109,7 +111,7 @@ Your install template is located under `//scale-out-co Clicking on the link will open the CloudFormation console and pre-fill the **Install Location** parameters: -![](imgs/install-6.png) +![](../imgs/install-6.png) Under stack details, choose the stack name (do not use uppercase or it will break your ElasticSearch cluster). @@ -122,7 +124,7 @@ Under stack details, choose the stack name (do not use uppercase or it will brea - LDAP Parameters: Create a default LDAP user -![](imgs/install-7.png) +![](../imgs/install-7.png) !!!warning "Marketplace AMIs" If you choose to use the CentOS 7 image, [you must subscribe to CentOS 7 in the AWS Marketplace](https://aws.amazon.com/marketplace/pp/B00O7WM7QW/), to allow the installer to access the AMI during installation. @@ -134,21 +136,21 @@ This solution supports a heterogeneous environment. After installation, administ Click Next two times and make sure to check "Capabilities" section. One done simply click "Create Stack". The installation procedure will take about 45 minutes. -![](imgs/install-8.png) +![](../imgs/install-8.png) !!! info "CREATE_FAILED" If you hit any issue during the installation, refer to the 'CREATE_FAILED' component and find the root cause by referring at "Physical ID" - ![](imgs/install-12.png) + ![](../imgs/install-12.png) ## Post Install Verifications Wait for CloudFormation stacks to be "CREATE_COMPLETE", then select your base stack and click "Outputs" -![](imgs/install-9.png) +![](../imgs/install-9.png) Output tabs give you information about the SSH IP for the master, link to the web interface or ElasticSearch. -![](imgs/install-10.png) +![](../imgs/install-10.png) Even though Cloudformation resources are created, your environment might not be completely ready. To confirm whether or not Scale-Out Computing on AWS is ready, try to SSH to the scheduler IP. If your Scale-Out Computing on AWS cluster is not ready, your SSH will be rejected as shown below: @@ -182,7 +184,7 @@ Cluster: soca-cluster-v1 At this point, you will be able to access the web interface and log in with the default LDAP user you specified at launch creation -![](imgs/install-11.png) +![](../imgs/install-11.png) ## What if SSH port (22) is blocked by your IT? @@ -190,15 +192,15 @@ Scale-Out Computing on AWS supports [AWS Session Manager](https://docs.aws.amazo First, access your AWS EC2 Console and select your Scheduler instance, then click "Connect" button -![](imgs/session-1.png){: style="height:250x;width:500px"} +![](../imgs/session-1.png){: style="height:250x;width:500px"} Select "Session Manager" and click Connect -![](imgs/session-2.png){: style="height:300px;width:550px"} +![](../imgs/session-2.png){: style="height:300px;width:550px"} You now have access to a secure shell directly within your browser -![](imgs/session-3.png) +![](../imgs/session-3.png) ## Enable Termination Protection @@ -244,5 +246,5 @@ When enabled, the following information is collected and sent to AWS: ## What's next ? -Learn [how to access your cluster](access-soca-cluster.md), [how to submit your first job](tutorials/launch-your-first-job.md) or even [how to change your Scale-Out Computing on AWS DNS](security/update-soca-dns-ssl-certificate.md) to match your personal domain name. +Learn [how to access your cluster](../tutorials/access-soca-cluster.md), [how to submit your first job](../tutorials/launch-your-first-job.md) or even [how to change your Scale-Out Computing on AWS DNS](../security/update-soca-dns-ssl-certificate.md) to match your personal domain name. diff --git a/docs/tutorials/integration-ec2-job-parameters.md b/docs/tutorials/integration-ec2-job-parameters.md index f56d50e4..65c3a617 100644 --- a/docs/tutorials/integration-ec2-job-parameters.md +++ b/docs/tutorials/integration-ec2-job-parameters.md @@ -8,7 +8,7 @@ Below is a list of parameters you can specify when you request your simulation t !!!info If you don't specify them, your job will use the default values configured for your queue (see `/apps/soca/$SOCA_CONFIGURATION/cluster_manager/settings/queue_mapping.yml`) ____ - You can use [the web-based simulator](../../job-configuration-generator/) to generate your qsub command very easily. + You can use [the web-based simulator](../job-configuration-generator/) to generate your qsub command very easily. ## Compute @@ -191,12 +191,13 @@ Below is a list of parameters you can specify when you request your simulation t ##### Mount existing FSx -- Description: Mount an existing FSx to all compute nodes if `fsx_lustre` points to a FSx filesystem ID -- Example: `-l fsx_lustre=fs-xxxx` +- Description: Mount an existing FSx to all compute nodes if `fsx_lustre` points to a FSx filesystem's DNS name +- Example: `-l fsx_lustre=fs-xxxx.fsx.region.amazonaws.com` !!!info - FSx partitions are mounted as `/fsx`. This can be changed if needed - Make sure your FSx for Luster configuration is correct (use SOCA VPC and correct IAM roles) + - [Make sure to use the Filesytem's DNS name](../../storage/launch-job-with-fsx/#how-to-connect-to-a-permanentexisting-fsx) #### fsx_lustre_size diff --git a/docs/job-configuration-generator.md b/docs/tutorials/job-configuration-generator.md similarity index 82% rename from docs/job-configuration-generator.md rename to docs/tutorials/job-configuration-generator.md index a32b0545..8a897a96 100644 --- a/docs/job-configuration-generator.md +++ b/docs/tutorials/job-configuration-generator.md @@ -5,9 +5,9 @@ title: Job Submission Generator !!!info "Automatic parameter selection" - - You can manually specify parameters at job submission using the command below. If needed, all parameters [can also be automatically configured at queue level](../tutorials/integration-ec2-job-parameters/#how-to-use-custom-parameters). + - You can manually specify parameters at job submission using the command below. If needed, all parameters [can also be automatically configured at queue level](../../tutorials/integration-ec2-job-parameters/#how-to-use-custom-parameters). - Job will use the default parameters configured for its queue unless the parameters are explicitly specified during submission (**job parameters override queue parameters**). - - [Refer to this page](../tutorials/launch-your-first-job/#examples) for additional examples. + - [Refer to this page](../../tutorials/launch-your-first-job/#examples) for additional examples. @@ -98,24 +98,24 @@ myscript.sh

    Compute parameters:

    - Documentation + Documentation
    Must be a number greater than 0
    - Documentation + Documentation - Documentation + Documentation
    Image name must start with "ami-"
    - Documentation + Documentation
    Must be centos7, rhel7 or amazonlinux2
    @@ -125,20 +125,20 @@ myscript.sh - Documentation + Documentation
    Subnet name must start with "sub-"
    - Documentation + Documentation
    Spot Price must be a float (eg 1.2) or auto (match OD price)
    - Documentation + Documentation
    Must be a number
    @@ -147,7 +147,7 @@ myscript.sh
    {{spot_allocation_error_price}}
    - Documentation + Documentation
    Must be either lowest-cost (default) or capacity-optimized
    @@ -160,14 +160,14 @@ myscript.sh - Documentation + Documentation
    Root Size must be a number
    - Documentation + Documentation
    Scratch Size must be a number
    @@ -175,7 +175,7 @@ myscript.sh - Documentation + Documentation
    Provisioned IO/s must be a number
    @@ -183,20 +183,20 @@ myscript.sh - Documentation + Documentation - Documentation + Documentation
    Size must be a number

    Flags:

    - I want to use EFA Documentation
    - I do not want to use Placement Group (enabled by default) Documentation
    - I want to enable HyperThreading (disabled by default) Documentation
    - I want to retain my EBS disks (disabled by default) Documentation
    - I want my job to only run on Reserved instances Documentation
    + I want to use EFA Documentation
    + I do not want to use Placement Group (enabled by default) Documentation
    + I want to enable HyperThreading (disabled by default) Documentation
    + I want to retain my EBS disks (disabled by default) Documentation
    + I want my job to only run on Reserved instances Documentation
    diff --git a/docs/tutorials/launch-your-first-job.md b/docs/tutorials/launch-your-first-job.md index 72524cd9..ab483e59 100644 --- a/docs/tutorials/launch-your-first-job.md +++ b/docs/tutorials/launch-your-first-job.md @@ -7,7 +7,7 @@ title: Launch your first job * Jobs start on average 5 minutes after submission (this value may differ depending on the number and type of compute resource you need to be provisioned). [You can reduce this cold-start by pre-configuring your AMI](../../tutorials/reduce-compute-node-launch-time-with-custom-ami/) * Nodes are ephemeral and tie to a given job id. If needed, [you can launch 'AlwaysOn' instances](../../tutorials/launch-always-on-instances/) that will be running 24/7. * If your simulation requires a lot of disk I/O, [it's recommended to use high performance SSD-NVMe](../../tutorials/integration-ec2-job-parameters/#storage) disks (using /scratch location) and not default $HOME path - * Use [the web-based simulator](../../job-configuration-generator/) to generate your qsub/script command. + * Use [the web-based simulator](../../tutorials/job-configuration-generator/) to generate your qsub/script command. !!!success "Web Based Job Submission" In addition of regular qsub, SOCA supports [web based job submission](../../web-interface/submit-hpc-jobs-web-based-interface/) as well as via [HTTP REST API](../../web-interface/control-hpc-job-with-http-web-rest-api/) @@ -187,7 +187,7 @@ The web ui will also reflect this change. ## Examples !!!example "Job Submission Simulator" - Use [the web-based simulator](../../job-configuration-generator/) to generate your qsub/script command. + Use [the web-based simulator](../../tutorials/job-configuration-generator/) to generate your qsub/script command. !!!info "How to set a parameter" - In a script: #PBS -l parameter_name=parameter_value,parameter_name_2=parameter_value_2 diff --git a/docs/web-interface/disable-api.md b/docs/web-interface/disable-api.md new file mode 100644 index 00000000..7286c867 --- /dev/null +++ b/docs/web-interface/disable-api.md @@ -0,0 +1,85 @@ +--- +title: Disable API +--- + +If required, SOCA administrators can disable web API or views by using `@disabled` decorator + +## Disable an API + +First, let's confirm a user can submit a job via the `/api/scheduler/job` endpoint: + +~~~bash hl_lines="6" + curl -k -X POST \ +> -H "X-SOCA-TOKEN: xxx" \ +> -H "X-SOCA-USER: mickael" \ +> -F payload="IyEvYmluL2Jhc2gKI1BCUyAtTiB0ZXN0am9iCiNQQlMgLVYgLWogb2UgLW8gdGVzdGpvYl9vdXRwdXQucWxvZwojUEJTIC1QIG15cHJvamVjdAojUEJTIC1xIG5vcm1hbAojUEJTIC1sIG5vZGVzPTEsaW5zdGFuY2VfdHlwZT1jNS5sYXJnZQovYmluL2VjaG8gIkhlbGxvIFdvcmxkIgo=" \ +> https://xxx.us-west-2.elb.amazonaws.com/api/scheduler/job +{"success": true, "message": "0"} +~~~ + +Edit `/apps/soca/$SOCA_CONFIGURATION/cluter_web_ui/api/v1/scheduler/pbspro/job.py` and import the new decorator + +~~~python +from decorators import disabled +~~~ + +Locate the API you want to disable and replace the current decorator with `@disabled` + +Before: +~~~python +@private_api +def post(self): + // code +~~~ + +After: +~~~python hl_lines="1" +@disabled +def post(self): + // code +~~~ + +Restart SOCA web interface via `socawebui.sh stop/start` and validate you cannot use the API anymore + +~~~bash hl_lines="6" + curl -k -X POST \ +> -H "X-SOCA-TOKEN: xxx" \ +> -H "X-SOCA-USER: mickael" \ +> -F payload="IyEvYmluL2Jhc2gKI1BCUyAtTiB0ZXN0am9iCiNQQlMgLVYgLWogb2UgLW8gdGVzdGpvYl9vdXRwdXQucWxvZwojUEJTIC1QIG15cHJvamVjdAojUEJTIC1xIG5vcm1hbAojUEJTIC1sIG5vZGVzPTEsaW5zdGFuY2VfdHlwZT1jNS5sYXJnZQovYmluL2VjaG8gIkhlbGxvIFdvcmxkIgo=" \ +> https://xxx.us-west-2.elb.amazonaws.com/api/scheduler/job +{"success": false, "message": "This API has been disabled by your Administrator"} +~~~ + +If you want to re-enable the API, simply configure the decorator back to its previous version (`@private_api`). +Restart the web interface again and verify the API is now enabled: +```bash hl_lines="6" + curl -k -X POST \ +> -H "X-SOCA-TOKEN: xxx" \ +> -H "X-SOCA-USER: mickael" \ +> -F payload="IyEvYmluL2Jhc2gKI1BCUyAtTiB0ZXN0am9iCiNQQlMgLVYgLWogb2UgLW8gdGVzdGpvYl9vdXRwdXQucWxvZwojUEJTIC1QIG15cHJvamVjdAojUEJTIC1xIG5vcm1hbAojUEJTIC1sIG5vZGVzPTEsaW5zdGFuY2VfdHlwZT1jNS5sYXJnZQovYmluL2VjaG8gIkhlbGxvIFdvcmxkIgo=" \ +> https://xxx.us-west-2.elb.amazonaws.com/api/scheduler/job +{"success": true, "message": "1"} +``` + +## Disable a view + +Process is very similar, locate the HTTP view you want to restrict. For example edit `/apps/soca/$SOCA_CONFIGURATION/cluster_web_ui/views/remote_desktop.py` + +Import the new decorator + +~~~python +from decorators import login_required, disabled +~~~ + +Then replace the current decorator of the view you want to restrict with `@disabled` + +~~~python hl_lines="2" +@remote_desktop.route('/remote_desktop', methods=['GET']) +@disabled +def index(): + // code +~~~ + +Restart the Web UI. Accessing the view will now redirect you back to your homepage + +![](../imgs/disable-feature-1.png) diff --git a/docs/web-interface/index.md b/docs/web-interface/index.md index 1cbd5233..f206b638 100755 --- a/docs/web-interface/index.md +++ b/docs/web-interface/index.md @@ -4,7 +4,7 @@ Scale-Out Computing on AWS includes a simple web ui designed to simplify user interactions such as: - [Start/Stop virtual desktops (Windows/Linux) sessions in 1 click](../web-interface/create-virtual-desktops/) -- [Download private key in both PEM or PPK format](../access-soca-cluster/#ssh-access) +- [Download private key in both PEM or PPK format](../tutorials/access-soca-cluster/#ssh-access) - [Check the queue and job status in real-time](../web-interface/manage-ldap-users/) - [Add/Remove LDAP users ](../web-interface/manage-ldap-users/) - [Access the analytic dashboard](../web-interface/my-activity/) diff --git a/source/manual_build.py b/source/manual_build.py index c3fa5a01..d721e05c 100644 --- a/source/manual_build.py +++ b/source/manual_build.py @@ -43,7 +43,7 @@ def get_input(prompt): if os.name == "nt": print("%sSorry, Windows builds are currently not supported. Please use a UNIX system if you want to do a custom build\n%s" % (fg('yellow'), attr('reset'))) - print("%s=== How to install SOCA on Window s===%s" % (fg('yellow'), attr('reset'))) + print("%s=== How to install SOCA on Windows ===%s" % (fg('yellow'), attr('reset'))) print("%s1 - Download the latest release (RELEASE-.tar.gz) from https://github.com/awslabs/scale-out-computing-on-aws/releases%s" % (fg('yellow'), attr('reset'))) print("%s2 - Install SOCA via https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/#option-2-download-the-latest-release-targz%s" % (fg('yellow'), attr('reset'))) exit(1) diff --git a/source/scale-out-computing-on-aws.template b/source/scale-out-computing-on-aws.template index 8320934e..e86f36af 100644 --- a/source/scale-out-computing-on-aws.template +++ b/source/scale-out-computing-on-aws.template @@ -246,6 +246,14 @@ Resources: - logs:PutLogEvents Resource: - !Join [ "", [ "arn:", !Ref "AWS::Partition", ":logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":log-group:/aws/lambda/", !Join [ "-", [ !FindInMap [ Info, Data, ClusterIdPrefix ], !Ref "AWS::StackName"] ], "*"] ] + - Effect: Allow + Action: + - iam:ListRoles + Resource: "*" + Condition: + "StringEqualsIfExists": + "aws:PrincipalAccount": !Sub "${AWS::AccountId}" + CheckPreRequisiteLambda: Type: AWS::Lambda::Function @@ -264,6 +272,7 @@ Resources: ZipFile: !Sub | import cfnresponse import re + import boto3 ''' Check SOCA Pre-Requisite ''' @@ -303,10 +312,18 @@ Resources: PublicSubnetMaskBits = 32 - int(VPCCidrPrefixBits) - int(PublicSubnetMaskPrefixBits) if PublicSubnetMaskBits > 6: PublicSubnetMaskBits = 6 PrivateSubnetMaskBits = 32 - int(VPCCidrPrefixBits) - int(PrivateSubnetMaskPrefixBits) + + iam_client = boto3.client('iam') + es_roles = iam_client.list_roles(PathPrefix='/aws-service-role/es.amazonaws.com') + if len(es_roles['Roles']) == 0: + CreateESServiceRole = "True" + else: + CreateESServiceRole = "False" responseData = {'ClusterId': clusterId.lower(), 'PublicSubnetMaskBits': PublicSubnetMaskBits, - 'PrivateSubnetMaskBits': PrivateSubnetMaskBits} + 'PrivateSubnetMaskBits': PrivateSubnetMaskBits, + 'CreateESServiceRole': CreateESServiceRole} cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'Pre-Requisites OK') @@ -347,6 +364,7 @@ Resources: S3InstallFolder: !Ref S3InstallFolder SchedulerPublicIP: !GetAtt Network.Outputs.SchedulerPublicIP EIPNat: !GetAtt Network.Outputs.EIPNat + CreateESServiceRole: !GetAtt CheckSOCAPreRequisite.CreateESServiceRole TemplateURL: !Join [ "/", [!Sub "https://s3.${AWS::URLSuffix}", !Ref S3InstallBucket, !Ref S3InstallFolder, "templates/Security.template"] ] TimeoutInMinutes: 30 @@ -391,22 +409,23 @@ Resources: TimeoutInMinutes: 60 Analytics: - DependsOn: Scheduler + DependsOn: Security Type: AWS::CloudFormation::Stack Properties: Parameters: - SchedulerSecurityGroup: !GetAtt Security.Outputs.SchedulerSecurityGroup - PublicSubnet1: !GetAtt Network.Outputs.PublicSubnet1 + ComputeNodeSecurityGroup: !GetAtt Security.Outputs.ComputeNodeSecurityGroup + VpcId: !GetAtt Network.Outputs.VpcId + PrivateSubnet1: !GetAtt Network.Outputs.PrivateSubnet1 + PrivateSubnet2: !GetAtt Network.Outputs.PrivateSubnet2 ClusterId: !GetAtt CheckSOCAPreRequisite.ClusterId - ClientIp: !Ref ClientIp - SchedulerPublicIP: !GetAtt Network.Outputs.SchedulerPublicIP - EIPNat: !GetAtt Network.Outputs.EIPNat TemplateURL: !Join [ "/", [!Sub "https://s3.${AWS::URLSuffix}", !Ref S3InstallBucket, !Ref S3InstallFolder, "templates/Analytics.template"] ] TimeoutInMinutes: 30 Viewer: - DependsOn: Analytics + DependsOn: + - Scheduler + - Analytics Type: AWS::CloudFormation::Stack Properties: Parameters: @@ -419,6 +438,7 @@ Resources: SchedulerInstanceId: !GetAtt Scheduler.Outputs.SchedulerInstanceId SchedulerIAMRole: !GetAtt Security.Outputs.SchedulerIAMRole LambdaACMIAMRoleArn: !GetAtt Security.Outputs.LambdaACMIAMRoleArn + ESDomainIPAddresses: !GetAtt Analytics.Outputs.ESDomainIPAddresses TemplateURL: !Join [ "/", [!Sub "https://s3.${AWS::URLSuffix}", !Ref S3InstallBucket, !Ref S3InstallFolder, "templates/Viewer.template"] ] TimeoutInMinutes: 30 @@ -472,7 +492,7 @@ Outputs: LDAPMasterPassword: Value: /root/OpenLdapAdminPassword.txt AnalyticsDashboard: - Value: !Join [ "", [ "https://", !GetAtt Analytics.Outputs.ESDomainEndpoint, "/_plugin/kibana/"]] + Value: !Join [ "", [ "https://", !GetAtt Viewer.Outputs.LoadBalancerDNSName, "/_plugin/kibana/"]] ConnectionString: Value: !Join [ "", [ "ssh -i ", !Ref SSHKeyPair, ".pem ", !FindInMap [ Info, User, !Ref BaseOS ], "@", !GetAtt Network.Outputs.SchedulerPublicIP]] WebUserInterface: diff --git a/source/scripts/config.cfg b/source/scripts/config.cfg index 42c7694e..f26aca57 100644 --- a/source/scripts/config.cfg +++ b/source/scripts/config.cfg @@ -17,10 +17,14 @@ OPENMPI_URL="https://download.open-mpi.org/release/open-mpi/v4.0/openmpi-4.0.1.t OPENMPI_HASH="c72d9eb908a0f60e3155698a646cde38" # DCV -DCV_VERSION="2020.2-9662-el7-x86_64" -DCV_TGZ="nice-dcv-2020.2-9662-el7-x86_64.tgz" -DCV_URL="https://d1uj6qtbmh3dt5.cloudfront.net/2020.2/Servers/nice-dcv-2020.2-9662-el7-x86_64.tgz" -DCV_HASH="1320245a52c7118c02f4dec2b2eacd46" +DCV_X86_64_VERSION="2020.1-9012-el7-x86_64" +DCV_X86_64_TGZ="nice-dcv-2020.1-9012-el7-x86_64.tgz" +DCV_X86_64_URL="https://d1uj6qtbmh3dt5.cloudfront.net/2020.1/Servers/nice-dcv-2020.1-9012-el7-x86_64.tgz" +DCV_X86_64_HASH="bbb715b47c0e47711deef1870c70120e" +DCV_AARCH64_VERSION="2020.1-9012-el7-aarch64" +DCV_AARCH64_TGZ="nice-dcv-2020.1-9012-el7-aarch64.tgz" +DCV_AARCH64_URL="https://d1uj6qtbmh3dt5.cloudfront.net/2020.1/Servers/nice-dcv-2020.1-9012-el7-aarch64.tgz" +DCV_AARCH64_HASH="c16f4f1ea253170a980ec31c69e13b07" # EFA EFA_VERSION="1.11.1" @@ -33,6 +37,10 @@ METRICBEAST_RPM="metricbeat-oss-7.6.2-x86_64.rpm" METRICBEAT_URL="https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-oss-7.6.2-x86_64.rpm" METRICBEAT_HASH="631a7e53a47c53b092f64db9cd8a96a8" +# SSM +SSM_X86_64_URL="https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm" +SSM_AARCH64_URL="https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm" + # Default LDAP base LDAP_BASE="DC=soca,DC=local" diff --git a/source/soca/cluster_manager/add_nodes.py b/source/soca/cluster_manager/add_nodes.py index b7b2dbe5..3a821a55 100644 --- a/source/soca/cluster_manager/add_nodes.py +++ b/source/soca/cluster_manager/add_nodes.py @@ -396,15 +396,21 @@ def check_config(**kwargs): # if placement group is True and more than 1 subnet is defined, force default to 1 subnet kwargs['subnet_id'] = [kwargs['subnet_id'][0]] - cpus_count_pattern = re.search(r'[.](\d+)', kwargs['instance_type'][0]) - if cpus_count_pattern: - kwargs['core_count'] = int(cpus_count_pattern.group(1)) * 2 - else: - if 'xlarge' in kwargs['instance_type'][0]: - kwargs['core_count'] = 2 + # Check core_count and ht_support + try: + instance_attributes = ec2.describe_instance_types(InstanceTypes=[kwargs['instance_type'][0]]) + if len(instance_attributes['InstanceTypes']) == 0: + error = return_message('Unable to check instance: ' + kwargs['instance_type'][0]) + else: + kwargs['core_count'] = instance_attributes['InstanceTypes'][0]['VCpuInfo']['DefaultCores'] + if instance_attributes['InstanceTypes'][0]['VCpuInfo']['DefaultThreadsPerCore'] == 1: + # Set ht_support to False for instances with DefaultThreadsPerCore = 1 (e.g. graviton) + kwargs['ht_support'] = False + except ClientError as e: + if e.response['Error'].get('Code') == 'InvalidInstanceType': + error = return_message('InvalidInstanceType: ' + kwargs['instance_type'][0]) else: - kwargs['core_count'] = 1 - + error = return_message('Unable to check instance: ' + kwargs['instance_type'][0]) # Validate Spot Allocation Strategy mapping = { @@ -474,21 +480,27 @@ def check_config(**kwargs): error = return_message('spot_price must be either "auto" or a float value"') # Validate EFA - if kwargs['efa_support'] not in [True, False]: - kwargs['efa_support'] = False - else: - if kwargs['efa_support'] is True: - for instance_type in kwargs['instance_type']: - check_efa_support = ec2.describe_instance_types( - InstanceTypes=[instance_type], - Filters=[ - {"Name": "network-info.efa-supported", - "Values": ["true"]} - ] - ) - - if len(check_efa_support["InstanceTypes"]) == 0: - error = return_message('You have requested EFA support but your instance (' + instance_type + ') does not support EFA') + try: + if kwargs['efa_support'] not in [True, False]: + kwargs['efa_support'] = False + else: + if kwargs['efa_support'] is True: + for instance_type in kwargs['instance_type']: + check_efa_support = ec2.describe_instance_types( + InstanceTypes=[instance_type], + Filters=[ + {"Name": "network-info.efa-supported", + "Values": ["true"]} + ] + ) + + if len(check_efa_support["InstanceTypes"]) == 0: + error = return_message('You have requested EFA support but your instance (' + instance_type + ') does not support EFA') + except ClientError as e: + if e.response['Error'].get('Code') == 'InvalidInstanceType': + error = return_message('InvalidInstanceType: ' + kwargs['instance_type']) + else: + error = return_message('Unable to check EFA support for instance: ' + kwargs['instance_type']) # Validate Keep EBS if kwargs['keep_ebs'] not in [True, False]: diff --git a/source/soca/cluster_manager/dcv_alb_manager.py b/source/soca/cluster_manager/dcv_alb_manager.py index 7d0e72be..96c2110a 100644 --- a/source/soca/cluster_manager/dcv_alb_manager.py +++ b/source/soca/cluster_manager/dcv_alb_manager.py @@ -137,7 +137,7 @@ def get_current_listener_rules(listener_arn): rules = {} priority_taken = [] for rule in elbv2_client.describe_rules(ListenerArn=listener_arn)['Rules']: - if rule['Priority'] != 'default': + if rule['Priority'] != 'default' and rule['Priority'] != '1': priority_taken.append(int(rule['Priority'])) for condition in rule['Conditions']: condition_list = [] @@ -239,4 +239,4 @@ def return_alb_listener(alb_arn): # handle case where TG is already deleted print(err) pass - print('Cleaning complete') \ No newline at end of file + print('Cleaning complete') diff --git a/source/soca/cluster_node_bootstrap/ComputeNode.sh b/source/soca/cluster_node_bootstrap/ComputeNode.sh index dde7a71c..22db5276 100644 --- a/source/soca/cluster_node_bootstrap/ComputeNode.sh +++ b/source/soca/cluster_node_bootstrap/ComputeNode.sh @@ -12,7 +12,12 @@ fi service pbs stop # Install SSM -yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm +machine=$(uname -m) +if [[ $machine == "x86_64" ]]; then + yum install -y $SSM_X86_64_URL +elif [[ $machine == "aarch64" ]]; then + yum install -y $SSM_AARCH64_URL +fi systemctl enable amazon-ssm-agent systemctl restart amazon-ssm-agent @@ -291,4 +296,4 @@ echo -e " # Reboot to disable SELINUX sudo reboot -# Upon reboot, ComputenodePostReboot will be executed \ No newline at end of file +# Upon reboot, ComputenodePostReboot will be executed diff --git a/source/soca/cluster_node_bootstrap/ComputeNodeInstallDCV.sh b/source/soca/cluster_node_bootstrap/ComputeNodeInstallDCV.sh index 14316275..fd974ad8 100644 --- a/source/soca/cluster_node_bootstrap/ComputeNodeInstallDCV.sh +++ b/source/soca/cluster_node_bootstrap/ComputeNodeInstallDCV.sh @@ -40,18 +40,28 @@ then fi # Download and Install DCV +echo "Install DCV" cd ~ -wget $DCV_URL -if [[ $(md5sum $DCV_TGZ | awk '{print $1}') != $DCV_HASH ]]; then - echo -e "FATAL ERROR: Checksum for DCV failed. File may be compromised." > /etc/motd - exit 1 +machine=$(uname -m) +if [[ $machine == "x86_64" ]]; then + wget $DCV_X86_64_URL + if [[ $(md5sum $DCV_X86_64_TGZ | awk '{print $1}') != $DCV_X86_64_HASH ]]; then + echo -e "FATAL ERROR: Checksum for DCV failed. File may be compromised." > /etc/motd + exit 1 + fi + tar zxvf $DCV_X86_64_TGZ + cd nice-dcv-$DCV_X86_64_VERSION +elif [[ $machine == "aarch64" ]]; then + wget $DCV_AARCH64_URL + if [[ $(md5sum $DCV_AARCH64_TGZ | awk '{print $1}') != $DCV_AARCH64_HASH ]]; then + echo -e "FATAL ERROR: Checksum for DCV failed. File may be compromised." > /etc/motd + exit 1 + fi + tar zxvf $DCV_AARCH64_TGZ + cd nice-dcv-$DCV_AARCH64_VERSION fi - -# Install DCV server and Xdcv -tar zxvf $DCV_TGZ -cd nice-dcv-$DCV_VERSION -rpm -ivh nice-xdcv-*.rpm --nodeps -rpm -ivh nice-dcv-server*.rpm --nodeps +rpm -ivh nice-xdcv-*.${machine}.rpm --nodeps +rpm -ivh nice-dcv-server*.${machine}.rpm --nodeps # Enable DCV support for USB remotization yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm diff --git a/source/soca/cluster_web_ui/app.py b/source/soca/cluster_web_ui/app.py index 0db5ee6f..94a48107 100644 --- a/source/soca/cluster_web_ui/app.py +++ b/source/soca/cluster_web_ui/app.py @@ -37,6 +37,7 @@ from views.my_files import my_files from views.submit_job import submit_job from scheduled_tasks.clean_tmp_folders import clean_tmp_folders +from scheduled_tasks.validate_db_permissions import validate_db_permissions from scheduled_tasks.manage_dcv_instances_lifecycle import auto_terminate_stopped_instance, schedule_auto_start, schedule_auto_stop from flask_wtf.csrf import CSRFProtect from config import app_config @@ -47,6 +48,8 @@ from flask_apscheduler import APScheduler #from apscheduler.schedulers.background import BackgroundScheduler from models import db +import os +import stat app = Flask(__name__) @@ -139,6 +142,12 @@ def page_not_found(e): class Config(object): JOBS = [ + { + 'id': 'validate_db_permissions', + 'func': validate_db_permissions, + 'trigger': 'interval', + 'minutes': 60 + }, { 'id': 'auto_terminate_stopped_instance', 'func': auto_terminate_stopped_instance, @@ -225,6 +234,8 @@ class Config(object): db.app = app db.init_app(app) db.create_all() + basedir = os.path.abspath(os.path.dirname(__file__)) + os.chmod(os.path.join(basedir, "db.sqlite"), stat.S_IWUSR + stat.S_IRUSR) app_session = Session(app) app_session.app.session_interface.db.create_all() app.config.from_object(Config()) diff --git a/source/soca/cluster_web_ui/decorators.py b/source/soca/cluster_web_ui/decorators.py index 7703b9be..aa2c7f76 100644 --- a/source/soca/cluster_web_ui/decorators.py +++ b/source/soca/cluster_web_ui/decorators.py @@ -131,4 +131,16 @@ def check_admin(): else: return redirect('/login') - return check_admin \ No newline at end of file + return check_admin + + +def disabled(f): + @wraps(f) + def disable_feature(*args, **kwargs): + if "api" in request.path: + return {"success": False, "message": "This API has been disabled by your Administrator"}, 401 + else: + flash("Sorry this feature has been disabled by your Administrator.", "error") + return redirect("/") + + return disable_feature \ No newline at end of file diff --git a/source/soca/cluster_web_ui/scheduled_tasks/validate_db_permissions.py b/source/soca/cluster_web_ui/scheduled_tasks/validate_db_permissions.py new file mode 100644 index 00000000..68153c58 --- /dev/null +++ b/source/soca/cluster_web_ui/scheduled_tasks/validate_db_permissions.py @@ -0,0 +1,16 @@ +import os +import stat +import logging +logger = logging.getLogger("scheduled_tasks") + + +def validate_db_permissions(): + # Ensure db.sqlite permissions are always 600 + logger.info(f"validate_db_permissions") + db_sqlite = os.path.abspath(os.path.dirname(__file__) + "/../db.sqlite") + check_stat = os.stat(db_sqlite) + oct_perm = oct(check_stat.st_mode) + logger.info(f"validate_db_permissions: Detected permission {oct_perm} for {db_sqlite} with last 3 digits {oct_perm[-3:]}") + if oct_perm[-3:] != '600': + logger.info("validate_db_permissions: Updated permission back to 600") + os.chmod(db_sqlite, stat.S_IWUSR + stat.S_IRUSR) \ No newline at end of file diff --git a/source/soca/cluster_web_ui/static/css/jquery-ui-lightness.-precss b/source/soca/cluster_web_ui/static/css/jquery-ui-lightness.-precss deleted file mode 100644 index ca6f5c72..00000000 --- a/source/soca/cluster_web_ui/static/css/jquery-ui-lightness.-precss +++ /dev/null @@ -1,1179 +0,0 @@ -/*! jQuery UI - v1.10.4 - 2014-01-17 -* http://jqueryui.com -* Includes: jquery.ui.core.css, jquery.ui.accordion.css, jquery.ui.autocomplete.css, jquery.ui.button.css, jquery.ui.datepicker.css, jquery.ui.dialog.css, jquery.ui.menu.css, jquery.ui.progressbar.css, jquery.ui.resizable.css, jquery.ui.selectable.css, jquery.ui.slider.css, jquery.ui.spinner.css, jquery.ui.tabs.css, jquery.ui.tooltip.css, jquery.ui.theme.css -* To view and modify this theme, visit http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fwDefault=bold&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=f6a828&bgTextureHeader=gloss_wave&bgImgOpacityHeader=35&borderColorHeader=e78f08&fcHeader=ffffff&iconColorHeader=ffffff&bgColorContent=eeeeee&bgTextureContent=highlight_soft&bgImgOpacityContent=100&borderColorContent=dddddd&fcContent=333333&iconColorContent=222222&bgColorDefault=f6f6f6&bgTextureDefault=glass&bgImgOpacityDefault=100&borderColorDefault=cccccc&fcDefault=1c94c4&iconColorDefault=ef8c08&bgColorHover=fdf5ce&bgTextureHover=glass&bgImgOpacityHover=100&borderColorHover=fbcb09&fcHover=c77405&iconColorHover=ef8c08&bgColorActive=ffffff&bgTextureActive=glass&bgImgOpacityActive=65&borderColorActive=fbd850&fcActive=eb8f00&iconColorActive=ef8c08&bgColorHighlight=ffe45c&bgTextureHighlight=highlight_soft&bgImgOpacityHighlight=75&borderColorHighlight=fed22f&fcHighlight=363636&iconColorHighlight=228ef1&bgColorError=b81900&bgTextureError=diagonals_thick&bgImgOpacityError=18&borderColorError=cd0a0a&fcError=ffffff&iconColorError=ffd27a&bgColorOverlay=666666&bgTextureOverlay=diagonals_thick&bgImgOpacityOverlay=20&opacityOverlay=50&bgColorShadow=000000&bgTextureShadow=flat&bgImgOpacityShadow=10&opacityShadow=20&thicknessShadow=5px&offsetTopShadow=-5px&offsetLeftShadow=-5px&cornerRadiusShadow=5px -* Copyright 2014 jQuery Foundation and other contributors; Licensed MIT */ - -/* Layout helpers -----------------------------------*/ -.ui-helper-hidden { - display: none; -} -.ui-helper-hidden-accessible { - border: 0; - clip: rect(0 0 0 0); - height: 1px; - margin: -1px; - overflow: hidden; - padding: 0; - position: absolute; - width: 1px; -} -.ui-helper-reset { - margin: 0; - padding: 0; - border: 0; - outline: 0; - line-height: 1.3; - text-decoration: none; - font-size: 100%; - list-style: none; -} -.ui-helper-clearfix:before, -.ui-helper-clearfix:after { - content: ""; - display: table; - border-collapse: collapse; -} -.ui-helper-clearfix:after { - clear: both; -} -.ui-helper-clearfix { - min-height: 0; /* support: IE7 */ -} -.ui-helper-zfix { - width: 100%; - height: 100%; - top: 0; - left: 0; - position: absolute; - opacity: 0; - filter:Alpha(Opacity=0); -} - -.ui-front { - z-index: 100; -} - - -/* Interaction Cues -----------------------------------*/ -.ui-state-disabled { - cursor: default !important; -} - - -/* Icons -----------------------------------*/ - -/* states and images */ -.ui-icon { - display: block; - text-indent: -99999px; - overflow: hidden; - background-repeat: no-repeat; -} - - -/* Misc visuals -----------------------------------*/ - -/* Overlays */ -.ui-widget-overlay { - position: fixed; - top: 0; - left: 0; - width: 100%; - height: 100%; -} -.ui-accordion .ui-accordion-header { - display: block; - cursor: pointer; - position: relative; - margin-top: 2px; - padding: .5em .5em .5em .7em; - min-height: 0; /* support: IE7 */ -} -.ui-accordion .ui-accordion-icons { - padding-left: 2.2em; -} -.ui-accordion .ui-accordion-noicons { - padding-left: .7em; -} -.ui-accordion .ui-accordion-icons .ui-accordion-icons { - padding-left: 2.2em; -} -.ui-accordion .ui-accordion-header .ui-accordion-header-icon { - position: absolute; - left: .5em; - top: 50%; - margin-top: -8px; -} -.ui-accordion .ui-accordion-content { - padding: 1em 2.2em; - border-top: 0; - overflow: auto; -} -.ui-autocomplete { - position: absolute; - top: 0; - left: 0; - cursor: default; -} -.ui-button { - display: inline-block; - position: relative; - padding: 0; - line-height: normal; - margin-right: .1em; - cursor: pointer; - vertical-align: middle; - text-align: center; - overflow: visible; /* removes extra width in IE */ -} -.ui-button, -.ui-button:link, -.ui-button:visited, -.ui-button:hover, -.ui-button:active { - text-decoration: none; -} -/* to make room for the icon, a width needs to be set here */ -.ui-button-icon-only { - width: 2.2em; -} -/* button elements seem to need a little more width */ -button.ui-button-icon-only { - width: 2.4em; -} -.ui-button-icons-only { - width: 3.4em; -} -button.ui-button-icons-only { - width: 3.7em; -} - -/* button text element */ -.ui-button .ui-button-text { - display: block; - line-height: normal; -} -.ui-button-text-only .ui-button-text { - padding: .4em 1em; -} -.ui-button-icon-only .ui-button-text, -.ui-button-icons-only .ui-button-text { - padding: .4em; - text-indent: -9999999px; -} -.ui-button-text-icon-primary .ui-button-text, -.ui-button-text-icons .ui-button-text { - padding: .4em 1em .4em 2.1em; -} -.ui-button-text-icon-secondary .ui-button-text, -.ui-button-text-icons .ui-button-text { - padding: .4em 2.1em .4em 1em; -} -.ui-button-text-icons .ui-button-text { - padding-left: 2.1em; - padding-right: 2.1em; -} -/* no icon support for input elements, provide padding by default */ -input.ui-button { - padding: .4em 1em; -} - -/* button icon element(s) */ -.ui-button-icon-only .ui-icon, -.ui-button-text-icon-primary .ui-icon, -.ui-button-text-icon-secondary .ui-icon, -.ui-button-text-icons .ui-icon, -.ui-button-icons-only .ui-icon { - position: absolute; - top: 50%; - margin-top: -8px; -} -.ui-button-icon-only .ui-icon { - left: 50%; - margin-left: -8px; -} -.ui-button-text-icon-primary .ui-button-icon-primary, -.ui-button-text-icons .ui-button-icon-primary, -.ui-button-icons-only .ui-button-icon-primary { - left: .5em; -} -.ui-button-text-icon-secondary .ui-button-icon-secondary, -.ui-button-text-icons .ui-button-icon-secondary, -.ui-button-icons-only .ui-button-icon-secondary { - right: .5em; -} - -/* button sets */ -.ui-buttonset { - margin-right: 7px; -} -.ui-buttonset .ui-button { - margin-left: 0; - margin-right: -.3em; -} - -/* workarounds */ -/* reset extra padding in Firefox, see h5bp.com/l */ -input.ui-button::-moz-focus-inner, -button.ui-button::-moz-focus-inner { - border: 0; - padding: 0; -} -.ui-datepicker { - width: 17em; - padding: .2em .2em 0; - display: none; -} -.ui-datepicker .ui-datepicker-header { - position: relative; - padding: .2em 0; -} -.ui-datepicker .ui-datepicker-prev, -.ui-datepicker .ui-datepicker-next { - position: absolute; - top: 2px; - width: 1.8em; - height: 1.8em; -} -.ui-datepicker .ui-datepicker-prev-hover, -.ui-datepicker .ui-datepicker-next-hover { - top: 1px; -} -.ui-datepicker .ui-datepicker-prev { - left: 2px; -} -.ui-datepicker .ui-datepicker-next { - right: 2px; -} -.ui-datepicker .ui-datepicker-prev-hover { - left: 1px; -} -.ui-datepicker .ui-datepicker-next-hover { - right: 1px; -} -.ui-datepicker .ui-datepicker-prev span, -.ui-datepicker .ui-datepicker-next span { - display: block; - position: absolute; - left: 50%; - margin-left: -8px; - top: 50%; - margin-top: -8px; -} -.ui-datepicker .ui-datepicker-title { - margin: 0 2.3em; - line-height: 1.8em; - text-align: center; -} -.ui-datepicker .ui-datepicker-title select { - font-size: 1em; - margin: 1px 0; -} -.ui-datepicker select.ui-datepicker-month, -.ui-datepicker select.ui-datepicker-year { - width: 49%; -} -.ui-datepicker table { - width: 100%; - font-size: .9em; - border-collapse: collapse; - margin: 0 0 .4em; -} -.ui-datepicker th { - padding: .7em .3em; - text-align: center; - font-weight: bold; - border: 0; -} -.ui-datepicker td { - border: 0; - padding: 1px; -} -.ui-datepicker td span, -.ui-datepicker td a { - display: block; - padding: .2em; - text-align: right; - text-decoration: none; -} -.ui-datepicker .ui-datepicker-buttonpane { - background-image: none; - margin: .7em 0 0 0; - padding: 0 .2em; - border-left: 0; - border-right: 0; - border-bottom: 0; -} -.ui-datepicker .ui-datepicker-buttonpane button { - float: right; - margin: .5em .2em .4em; - cursor: pointer; - padding: .2em .6em .3em .6em; - width: auto; - overflow: visible; -} -.ui-datepicker .ui-datepicker-buttonpane button.ui-datepicker-current { - float: left; -} - -/* with multiple calendars */ -.ui-datepicker.ui-datepicker-multi { - width: auto; -} -.ui-datepicker-multi .ui-datepicker-group { - float: left; -} -.ui-datepicker-multi .ui-datepicker-group table { - width: 95%; - margin: 0 auto .4em; -} -.ui-datepicker-multi-2 .ui-datepicker-group { - width: 50%; -} -.ui-datepicker-multi-3 .ui-datepicker-group { - width: 33.3%; -} -.ui-datepicker-multi-4 .ui-datepicker-group { - width: 25%; -} -.ui-datepicker-multi .ui-datepicker-group-last .ui-datepicker-header, -.ui-datepicker-multi .ui-datepicker-group-middle .ui-datepicker-header { - border-left-width: 0; -} -.ui-datepicker-multi .ui-datepicker-buttonpane { - clear: left; -} -.ui-datepicker-row-break { - clear: both; - width: 100%; - font-size: 0; -} - -/* RTL support */ -.ui-datepicker-rtl { - direction: rtl; -} -.ui-datepicker-rtl .ui-datepicker-prev { - right: 2px; - left: auto; -} -.ui-datepicker-rtl .ui-datepicker-next { - left: 2px; - right: auto; -} -.ui-datepicker-rtl .ui-datepicker-prev:hover { - right: 1px; - left: auto; -} -.ui-datepicker-rtl .ui-datepicker-next:hover { - left: 1px; - right: auto; -} -.ui-datepicker-rtl .ui-datepicker-buttonpane { - clear: right; -} -.ui-datepicker-rtl .ui-datepicker-buttonpane button { - float: left; -} -.ui-datepicker-rtl .ui-datepicker-buttonpane button.ui-datepicker-current, -.ui-datepicker-rtl .ui-datepicker-group { - float: right; -} -.ui-datepicker-rtl .ui-datepicker-group-last .ui-datepicker-header, -.ui-datepicker-rtl .ui-datepicker-group-middle .ui-datepicker-header { - border-right-width: 0; - border-left-width: 1px; -} -.ui-dialog { - overflow: hidden; - position: absolute; - top: 0; - left: 0; - padding: .2em; - outline: 0; -} -.ui-dialog .ui-dialog-titlebar { - padding: .4em 1em; - position: relative; -} -.ui-dialog .ui-dialog-title { - float: left; - margin: .1em 0; - white-space: nowrap; - width: 90%; - overflow: hidden; - text-overflow: ellipsis; -} -.ui-dialog .ui-dialog-titlebar-close { - position: absolute; - right: .3em; - top: 50%; - width: 20px; - margin: -10px 0 0 0; - padding: 1px; - height: 20px; -} -.ui-dialog .ui-dialog-content { - position: relative; - border: 0; - padding: .5em 1em; - background: none; - overflow: auto; -} -.ui-dialog .ui-dialog-buttonpane { - text-align: left; - border-width: 1px 0 0 0; - background-image: none; - margin-top: .5em; - padding: .3em 1em .5em .4em; -} -.ui-dialog .ui-dialog-buttonpane .ui-dialog-buttonset { - float: right; -} -.ui-dialog .ui-dialog-buttonpane button { - margin: .5em .4em .5em 0; - cursor: pointer; -} -.ui-dialog .ui-resizable-se { - width: 12px; - height: 12px; - right: -5px; - bottom: -5px; - background-position: 16px 16px; -} -.ui-draggable .ui-dialog-titlebar { - cursor: move; -} -.ui-menu { - list-style: none; - padding: 2px; - margin: 0; - display: block; - outline: none; -} -.ui-menu .ui-menu { - margin-top: -3px; - position: absolute; -} -.ui-menu .ui-menu-item { - margin: 0; - padding: 0; - width: 100%; - /* support: IE10, see #8844 */ - list-style-image: url(); -} -.ui-menu .ui-menu-divider { - margin: 5px -2px 5px -2px; - height: 0; - font-size: 0; - line-height: 0; - border-width: 1px 0 0 0; -} -.ui-menu .ui-menu-item a { - text-decoration: none; - display: block; - padding: 2px .4em; - line-height: 1.5; - min-height: 0; /* support: IE7 */ - font-weight: normal; -} -.ui-menu .ui-menu-item a.ui-state-focus, -.ui-menu .ui-menu-item a.ui-state-active { - font-weight: normal; - margin: -1px; -} - -.ui-menu .ui-state-disabled { - font-weight: normal; - margin: .4em 0 .2em; - line-height: 1.5; -} -.ui-menu .ui-state-disabled a { - cursor: default; -} - -/* icon support */ -.ui-menu-icons { - position: relative; -} -.ui-menu-icons .ui-menu-item a { - position: relative; - padding-left: 2em; -} - -/* left-aligned */ -.ui-menu .ui-icon { - position: absolute; - top: .2em; - left: .2em; -} - -/* right-aligned */ -.ui-menu .ui-menu-icon { - position: static; - float: right; -} -.ui-progressbar { - height: 2em; - text-align: left; - overflow: hidden; -} -.ui-progressbar .ui-progressbar-value { - margin: -1px; - height: 100%; -} -.ui-progressbar .ui-progressbar-overlay { - background: url("images/animated-overlay.gif"); - height: 100%; - filter: alpha(opacity=25); - opacity: 0.25; -} -.ui-progressbar-indeterminate .ui-progressbar-value { - background-image: none; -} -.ui-resizable { - position: relative; -} -.ui-resizable-handle { - position: absolute; - font-size: 0.1px; - display: block; -} -.ui-resizable-disabled .ui-resizable-handle, -.ui-resizable-autohide .ui-resizable-handle { - display: none; -} -.ui-resizable-n { - cursor: n-resize; - height: 7px; - width: 100%; - top: -5px; - left: 0; -} -.ui-resizable-s { - cursor: s-resize; - height: 7px; - width: 100%; - bottom: -5px; - left: 0; -} -.ui-resizable-e { - cursor: e-resize; - width: 7px; - right: -5px; - top: 0; - height: 100%; -} -.ui-resizable-w { - cursor: w-resize; - width: 7px; - left: -5px; - top: 0; - height: 100%; -} -.ui-resizable-se { - cursor: se-resize; - width: 12px; - height: 12px; - right: 1px; - bottom: 1px; -} -.ui-resizable-sw { - cursor: sw-resize; - width: 9px; - height: 9px; - left: -5px; - bottom: -5px; -} -.ui-resizable-nw { - cursor: nw-resize; - width: 9px; - height: 9px; - left: -5px; - top: -5px; -} -.ui-resizable-ne { - cursor: ne-resize; - width: 9px; - height: 9px; - right: -5px; - top: -5px; -} -.ui-selectable-helper { - position: absolute; - z-index: 100; - border: 1px dotted black; -} -.ui-slider { - position: relative; - text-align: left; -} -.ui-slider .ui-slider-handle { - position: absolute; - z-index: 2; - width: 1.2em; - height: 1.2em; - cursor: default; -} -.ui-slider .ui-slider-range { - position: absolute; - z-index: 1; - font-size: .7em; - display: block; - border: 0; - background-position: 0 0; -} - -/* For IE8 - See #6727 */ -.ui-slider.ui-state-disabled .ui-slider-handle, -.ui-slider.ui-state-disabled .ui-slider-range { - filter: inherit; -} - -.ui-slider-horizontal { - height: .8em; -} -.ui-slider-horizontal .ui-slider-handle { - top: -.3em; - margin-left: -.6em; -} -.ui-slider-horizontal .ui-slider-range { - top: 0; - height: 100%; -} -.ui-slider-horizontal .ui-slider-range-min { - left: 0; -} -.ui-slider-horizontal .ui-slider-range-max { - right: 0; -} - -.ui-slider-vertical { - width: .8em; - height: 100px; -} -.ui-slider-vertical .ui-slider-handle { - left: -.3em; - margin-left: 0; - margin-bottom: -.6em; -} -.ui-slider-vertical .ui-slider-range { - left: 0; - width: 100%; -} -.ui-slider-vertical .ui-slider-range-min { - bottom: 0; -} -.ui-slider-vertical .ui-slider-range-max { - top: 0; -} -.ui-spinner { - position: relative; - display: inline-block; - overflow: hidden; - padding: 0; - vertical-align: middle; -} -.ui-spinner-input { - border: none; - background: none; - color: inherit; - padding: 0; - margin: .2em 0; - vertical-align: middle; - margin-left: .4em; - margin-right: 22px; -} -.ui-spinner-button { - width: 16px; - height: 50%; - font-size: .5em; - padding: 0; - margin: 0; - text-align: center; - position: absolute; - cursor: default; - display: block; - overflow: hidden; - right: 0; -} -/* more specificity required here to override default borders */ -.ui-spinner a.ui-spinner-button { - border-top: none; - border-bottom: none; - border-right: none; -} -/* vertically center icon */ -.ui-spinner .ui-icon { - position: absolute; - margin-top: -8px; - top: 50%; - left: 0; -} -.ui-spinner-up { - top: 0; -} -.ui-spinner-down { - bottom: 0; -} - -/* TR overrides */ -.ui-spinner .ui-icon-triangle-1-s { - /* need to fix icons sprite */ - background-position: -65px -16px; -} -.ui-tabs { - position: relative;/* position: relative prevents IE scroll bug (element with position: relative inside container with overflow: auto appear as "fixed") */ - padding: .2em; -} -.ui-tabs .ui-tabs-nav { - margin: 0; - padding: .2em .2em 0; -} -.ui-tabs .ui-tabs-nav li { - list-style: none; - float: left; - position: relative; - top: 0; - margin: 1px .2em 0 0; - border-bottom-width: 0; - padding: 0; - white-space: nowrap; -} -.ui-tabs .ui-tabs-nav .ui-tabs-anchor { - float: left; - padding: .5em 1em; - text-decoration: none; -} -.ui-tabs .ui-tabs-nav li.ui-tabs-active { - margin-bottom: -1px; - padding-bottom: 1px; -} -.ui-tabs .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor, -.ui-tabs .ui-tabs-nav li.ui-state-disabled .ui-tabs-anchor, -.ui-tabs .ui-tabs-nav li.ui-tabs-loading .ui-tabs-anchor { - cursor: text; -} -.ui-tabs-collapsible .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor { - cursor: pointer; -} -.ui-tabs .ui-tabs-panel { - display: block; - border-width: 0; - padding: 1em 1.4em; - background: none; -} -/* -.ui-tooltip { - padding: 8px; - position: absolute; - z-index: 9999; - max-width: 300px; - -webkit-box-shadow: 0 0 5px #aaa; - box-shadow: 0 0 5px #aaa; -} -body .ui-tooltip { - border-width: 2px; -}*/ - -/* Component containers -----------------------------------*/ -.ui-widget { - font-family: Trebuchet MS,Tahoma,Verdana,Arial,sans-serif; - font-size: 1.1em; -} -.ui-widget .ui-widget { - font-size: 1em; -} -.ui-widget input, -.ui-widget select, -.ui-widget textarea, -.ui-widget button { - font-family: Trebuchet MS,Tahoma,Verdana,Arial,sans-serif; - font-size: 1em; -} -.ui-widget-content { - border: 1px solid #dddddd; - background: #eeeeee url(images/ui-bg_highlight-soft_100_eeeeee_1x100.png) 50% top repeat-x; - color: #333333; -} -.ui-widget-content a { - color: #333333; -} -.ui-widget-header { - border: 1px solid #e78f08; - background: #f6a828 url(images/ui-bg_gloss-wave_35_f6a828_500x100.png) 50% 50% repeat-x; - color: #ffffff; - font-weight: bold; -} -.ui-widget-header a { - color: #ffffff; -} - -/* Interaction states -----------------------------------*/ -.ui-state-default, -.ui-widget-content .ui-state-default, -.ui-widget-header .ui-state-default { - border: 1px solid #cccccc; - background: #f6f6f6 url(images/ui-bg_glass_100_f6f6f6_1x400.png) 50% 50% repeat-x; - font-weight: bold; - color: #1c94c4; -} -.ui-state-default a, -.ui-state-default a:link, -.ui-state-default a:visited { - color: #1c94c4; - text-decoration: none; -} -.ui-state-hover, -.ui-widget-content .ui-state-hover, -.ui-widget-header .ui-state-hover, -.ui-state-focus, -.ui-widget-content .ui-state-focus, -.ui-widget-header .ui-state-focus { - border: 1px solid #fbcb09; - background: #fdf5ce url(images/ui-bg_glass_100_fdf5ce_1x400.png) 50% 50% repeat-x; - font-weight: bold; - color: #c77405; -} -.ui-state-hover a, -.ui-state-hover a:hover, -.ui-state-hover a:link, -.ui-state-hover a:visited, -.ui-state-focus a, -.ui-state-focus a:hover, -.ui-state-focus a:link, -.ui-state-focus a:visited { - color: #c77405; - text-decoration: none; -} -.ui-state-active, -.ui-widget-content .ui-state-active, -.ui-widget-header .ui-state-active { - border: 1px solid #fbd850; - background: #ffffff url(images/ui-bg_glass_65_ffffff_1x400.png) 50% 50% repeat-x; - font-weight: bold; - color: #eb8f00; -} -.ui-state-active a, -.ui-state-active a:link, -.ui-state-active a:visited { - color: #eb8f00; - text-decoration: none; -} - -/* Interaction Cues -----------------------------------*/ -.ui-state-highlight, -.ui-widget-content .ui-state-highlight, -.ui-widget-header .ui-state-highlight { - border: 1px solid #fed22f; - background: #ffe45c url(images/ui-bg_highlight-soft_75_ffe45c_1x100.png) 50% top repeat-x; - color: #363636; -} -.ui-state-highlight a, -.ui-widget-content .ui-state-highlight a, -.ui-widget-header .ui-state-highlight a { - color: #363636; -} -.ui-state-error, -.ui-widget-content .ui-state-error, -.ui-widget-header .ui-state-error { - border: 1px solid #cd0a0a; - background: #b81900 url(images/ui-bg_diagonals-thick_18_b81900_40x40.png) 50% 50% repeat; - color: #ffffff; -} -.ui-state-error a, -.ui-widget-content .ui-state-error a, -.ui-widget-header .ui-state-error a { - color: #ffffff; -} -.ui-state-error-text, -.ui-widget-content .ui-state-error-text, -.ui-widget-header .ui-state-error-text { - color: #ffffff; -} -.ui-priority-primary, -.ui-widget-content .ui-priority-primary, -.ui-widget-header .ui-priority-primary { - font-weight: bold; -} -.ui-priority-secondary, -.ui-widget-content .ui-priority-secondary, -.ui-widget-header .ui-priority-secondary { - opacity: .7; - filter:Alpha(Opacity=70); - font-weight: normal; -} -.ui-state-disabled, -.ui-widget-content .ui-state-disabled, -.ui-widget-header .ui-state-disabled { - opacity: .35; - filter:Alpha(Opacity=35); - background-image: none; -} -.ui-state-disabled .ui-icon { - filter:Alpha(Opacity=35); /* For IE8 - See #6059 */ -} - -/* Icons -----------------------------------*/ - -/* states and images */ -.ui-icon { - width: 16px; - height: 16px; -} -.ui-icon, -.ui-widget-content .ui-icon { - background-image: url(images/ui-icons_222222_256x240.png); -} -.ui-widget-header .ui-icon { - background-image: url(images/ui-icons_ffffff_256x240.png); -} -.ui-state-default .ui-icon { - background-image: url(images/ui-icons_ef8c08_256x240.png); -} -.ui-state-hover .ui-icon, -.ui-state-focus .ui-icon { - background-image: url(images/ui-icons_ef8c08_256x240.png); -} -.ui-state-active .ui-icon { - background-image: url(images/ui-icons_ef8c08_256x240.png); -} -.ui-state-highlight .ui-icon { - background-image: url(images/ui-icons_228ef1_256x240.png); -} -.ui-state-error .ui-icon, -.ui-state-error-text .ui-icon { - background-image: url(images/ui-icons_ffd27a_256x240.png); -} - -/* positioning */ -.ui-icon-blank { background-position: 16px 16px; } -.ui-icon-carat-1-n { background-position: 0 0; } -.ui-icon-carat-1-ne { background-position: -16px 0; } -.ui-icon-carat-1-e { background-position: -32px 0; } -.ui-icon-carat-1-se { background-position: -48px 0; } -.ui-icon-carat-1-s { background-position: -64px 0; } -.ui-icon-carat-1-sw { background-position: -80px 0; } -.ui-icon-carat-1-w { background-position: -96px 0; } -.ui-icon-carat-1-nw { background-position: -112px 0; } -.ui-icon-carat-2-n-s { background-position: -128px 0; } -.ui-icon-carat-2-e-w { background-position: -144px 0; } -.ui-icon-triangle-1-n { background-position: 0 -16px; } -.ui-icon-triangle-1-ne { background-position: -16px -16px; } -.ui-icon-triangle-1-e { background-position: -32px -16px; } -.ui-icon-triangle-1-se { background-position: -48px -16px; } -.ui-icon-triangle-1-s { background-position: -64px -16px; } -.ui-icon-triangle-1-sw { background-position: -80px -16px; } -.ui-icon-triangle-1-w { background-position: -96px -16px; } -.ui-icon-triangle-1-nw { background-position: -112px -16px; } -.ui-icon-triangle-2-n-s { background-position: -128px -16px; } -.ui-icon-triangle-2-e-w { background-position: -144px -16px; } -.ui-icon-arrow-1-n { background-position: 0 -32px; } -.ui-icon-arrow-1-ne { background-position: -16px -32px; } -.ui-icon-arrow-1-e { background-position: -32px -32px; } -.ui-icon-arrow-1-se { background-position: -48px -32px; } -.ui-icon-arrow-1-s { background-position: -64px -32px; } -.ui-icon-arrow-1-sw { background-position: -80px -32px; } -.ui-icon-arrow-1-w { background-position: -96px -32px; } -.ui-icon-arrow-1-nw { background-position: -112px -32px; } -.ui-icon-arrow-2-n-s { background-position: -128px -32px; } -.ui-icon-arrow-2-ne-sw { background-position: -144px -32px; } -.ui-icon-arrow-2-e-w { background-position: -160px -32px; } -.ui-icon-arrow-2-se-nw { background-position: -176px -32px; } -.ui-icon-arrowstop-1-n { background-position: -192px -32px; } -.ui-icon-arrowstop-1-e { background-position: -208px -32px; } -.ui-icon-arrowstop-1-s { background-position: -224px -32px; } -.ui-icon-arrowstop-1-w { background-position: -240px -32px; } -.ui-icon-arrowthick-1-n { background-position: 0 -48px; } -.ui-icon-arrowthick-1-ne { background-position: -16px -48px; } -.ui-icon-arrowthick-1-e { background-position: -32px -48px; } -.ui-icon-arrowthick-1-se { background-position: -48px -48px; } -.ui-icon-arrowthick-1-s { background-position: -64px -48px; } -.ui-icon-arrowthick-1-sw { background-position: -80px -48px; } -.ui-icon-arrowthick-1-w { background-position: -96px -48px; } -.ui-icon-arrowthick-1-nw { background-position: -112px -48px; } -.ui-icon-arrowthick-2-n-s { background-position: -128px -48px; } -.ui-icon-arrowthick-2-ne-sw { background-position: -144px -48px; } -.ui-icon-arrowthick-2-e-w { background-position: -160px -48px; } -.ui-icon-arrowthick-2-se-nw { background-position: -176px -48px; } -.ui-icon-arrowthickstop-1-n { background-position: -192px -48px; } -.ui-icon-arrowthickstop-1-e { background-position: -208px -48px; } -.ui-icon-arrowthickstop-1-s { background-position: -224px -48px; } -.ui-icon-arrowthickstop-1-w { background-position: -240px -48px; } -.ui-icon-arrowreturnthick-1-w { background-position: 0 -64px; } -.ui-icon-arrowreturnthick-1-n { background-position: -16px -64px; } -.ui-icon-arrowreturnthick-1-e { background-position: -32px -64px; } -.ui-icon-arrowreturnthick-1-s { background-position: -48px -64px; } -.ui-icon-arrowreturn-1-w { background-position: -64px -64px; } -.ui-icon-arrowreturn-1-n { background-position: -80px -64px; } -.ui-icon-arrowreturn-1-e { background-position: -96px -64px; } -.ui-icon-arrowreturn-1-s { background-position: -112px -64px; } -.ui-icon-arrowrefresh-1-w { background-position: -128px -64px; } -.ui-icon-arrowrefresh-1-n { background-position: -144px -64px; } -.ui-icon-arrowrefresh-1-e { background-position: -160px -64px; } -.ui-icon-arrowrefresh-1-s { background-position: -176px -64px; } -.ui-icon-arrow-4 { background-position: 0 -80px; } -.ui-icon-arrow-4-diag { background-position: -16px -80px; } -.ui-icon-extlink { background-position: -32px -80px; } -.ui-icon-newwin { background-position: -48px -80px; } -.ui-icon-refresh { background-position: -64px -80px; } -.ui-icon-shuffle { background-position: -80px -80px; } -.ui-icon-transfer-e-w { background-position: -96px -80px; } -.ui-icon-transferthick-e-w { background-position: -112px -80px; } -.ui-icon-folder-collapsed { background-position: 0 -96px; } -.ui-icon-folder-open { background-position: -16px -96px; } -.ui-icon-document { background-position: -32px -96px; } -.ui-icon-document-b { background-position: -48px -96px; } -.ui-icon-note { background-position: -64px -96px; } -.ui-icon-mail-closed { background-position: -80px -96px; } -.ui-icon-mail-open { background-position: -96px -96px; } -.ui-icon-suitcase { background-position: -112px -96px; } -.ui-icon-comment { background-position: -128px -96px; } -.ui-icon-person { background-position: -144px -96px; } -.ui-icon-print { background-position: -160px -96px; } -.ui-icon-trash { background-position: -176px -96px; } -.ui-icon-locked { background-position: -192px -96px; } -.ui-icon-unlocked { background-position: -208px -96px; } -.ui-icon-bookmark { background-position: -224px -96px; } -.ui-icon-tag { background-position: -240px -96px; } -.ui-icon-home { background-position: 0 -112px; } -.ui-icon-flag { background-position: -16px -112px; } -.ui-icon-calendar { background-position: -32px -112px; } -.ui-icon-cart { background-position: -48px -112px; } -.ui-icon-pencil { background-position: -64px -112px; } -.ui-icon-clock { background-position: -80px -112px; } -.ui-icon-disk { background-position: -96px -112px; } -.ui-icon-calculator { background-position: -112px -112px; } -.ui-icon-zoomin { background-position: -128px -112px; } -.ui-icon-zoomout { background-position: -144px -112px; } -.ui-icon-search { background-position: -160px -112px; } -.ui-icon-wrench { background-position: -176px -112px; } -.ui-icon-gear { background-position: -192px -112px; } -.ui-icon-heart { background-position: -208px -112px; } -.ui-icon-star { background-position: -224px -112px; } -.ui-icon-link { background-position: -240px -112px; } -.ui-icon-cancel { background-position: 0 -128px; } -.ui-icon-plus { background-position: -16px -128px; } -.ui-icon-plusthick { background-position: -32px -128px; } -.ui-icon-minus { background-position: -48px -128px; } -.ui-icon-minusthick { background-position: -64px -128px; } -.ui-icon-close { background-position: -80px -128px; } -.ui-icon-closethick { background-position: -96px -128px; } -.ui-icon-key { background-position: -112px -128px; } -.ui-icon-lightbulb { background-position: -128px -128px; } -.ui-icon-scissors { background-position: -144px -128px; } -.ui-icon-clipboard { background-position: -160px -128px; } -.ui-icon-copy { background-position: -176px -128px; } -.ui-icon-contact { background-position: -192px -128px; } -.ui-icon-image { background-position: -208px -128px; } -.ui-icon-video { background-position: -224px -128px; } -.ui-icon-script { background-position: -240px -128px; } -.ui-icon-alert { background-position: 0 -144px; } -.ui-icon-info { background-position: -16px -144px; } -.ui-icon-notice { background-position: -32px -144px; } -.ui-icon-help { background-position: -48px -144px; } -.ui-icon-check { background-position: -64px -144px; } -.ui-icon-bullet { background-position: -80px -144px; } -.ui-icon-radio-on { background-position: -96px -144px; } -.ui-icon-radio-off { background-position: -112px -144px; } -.ui-icon-pin-w { background-position: -128px -144px; } -.ui-icon-pin-s { background-position: -144px -144px; } -.ui-icon-play { background-position: 0 -160px; } -.ui-icon-pause { background-position: -16px -160px; } -.ui-icon-seek-next { background-position: -32px -160px; } -.ui-icon-seek-prev { background-position: -48px -160px; } -.ui-icon-seek-end { background-position: -64px -160px; } -.ui-icon-seek-start { background-position: -80px -160px; } -/* ui-icon-seek-first is deprecated, use ui-icon-seek-start instead */ -.ui-icon-seek-first { background-position: -80px -160px; } -.ui-icon-stop { background-position: -96px -160px; } -.ui-icon-eject { background-position: -112px -160px; } -.ui-icon-volume-off { background-position: -128px -160px; } -.ui-icon-volume-on { background-position: -144px -160px; } -.ui-icon-power { background-position: 0 -176px; } -.ui-icon-signal-diag { background-position: -16px -176px; } -.ui-icon-signal { background-position: -32px -176px; } -.ui-icon-battery-0 { background-position: -48px -176px; } -.ui-icon-battery-1 { background-position: -64px -176px; } -.ui-icon-battery-2 { background-position: -80px -176px; } -.ui-icon-battery-3 { background-position: -96px -176px; } -.ui-icon-circle-plus { background-position: 0 -192px; } -.ui-icon-circle-minus { background-position: -16px -192px; } -.ui-icon-circle-close { background-position: -32px -192px; } -.ui-icon-circle-triangle-e { background-position: -48px -192px; } -.ui-icon-circle-triangle-s { background-position: -64px -192px; } -.ui-icon-circle-triangle-w { background-position: -80px -192px; } -.ui-icon-circle-triangle-n { background-position: -96px -192px; } -.ui-icon-circle-arrow-e { background-position: -112px -192px; } -.ui-icon-circle-arrow-s { background-position: -128px -192px; } -.ui-icon-circle-arrow-w { background-position: -144px -192px; } -.ui-icon-circle-arrow-n { background-position: -160px -192px; } -.ui-icon-circle-zoomin { background-position: -176px -192px; } -.ui-icon-circle-zoomout { background-position: -192px -192px; } -.ui-icon-circle-check { background-position: -208px -192px; } -.ui-icon-circlesmall-plus { background-position: 0 -208px; } -.ui-icon-circlesmall-minus { background-position: -16px -208px; } -.ui-icon-circlesmall-close { background-position: -32px -208px; } -.ui-icon-squaresmall-plus { background-position: -48px -208px; } -.ui-icon-squaresmall-minus { background-position: -64px -208px; } -.ui-icon-squaresmall-close { background-position: -80px -208px; } -.ui-icon-grip-dotted-vertical { background-position: 0 -224px; } -.ui-icon-grip-dotted-horizontal { background-position: -16px -224px; } -.ui-icon-grip-solid-vertical { background-position: -32px -224px; } -.ui-icon-grip-solid-horizontal { background-position: -48px -224px; } -.ui-icon-gripsmall-diagonal-se { background-position: -64px -224px; } -.ui-icon-grip-diagonal-se { background-position: -80px -224px; } - - -/* Misc visuals -----------------------------------*/ - -/* Corner radius */ -.ui-corner-all, -.ui-corner-top, -.ui-corner-left, -.ui-corner-tl { - border-top-left-radius: 4px; -} -.ui-corner-all, -.ui-corner-top, -.ui-corner-right, -.ui-corner-tr { - border-top-right-radius: 4px; -} -.ui-corner-all, -.ui-corner-bottom, -.ui-corner-left, -.ui-corner-bl { - border-bottom-left-radius: 4px; -} -.ui-corner-all, -.ui-corner-bottom, -.ui-corner-right, -.ui-corner-br { - border-bottom-right-radius: 4px; -} - -/* Overlays */ -.ui-widget-overlay { - background: #666666 url(images/ui-bg_diagonals-thick_20_666666_40x40.png) 50% 50% repeat; - opacity: .5; - filter: Alpha(Opacity=50); -} -.ui-widget-shadow { - margin: -5px 0 0 -5px; - padding: 5px; - background: #000000 url(images/ui-bg_flat_10_000000_40x100.png) 50% 50% repeat-x; - opacity: .2; - filter: Alpha(Opacity=20); - border-radius: 5px; -} diff --git a/source/soca/cluster_web_ui/static/css/jquery-ui-slider-pips.min.css b/source/soca/cluster_web_ui/static/css/jquery-ui-slider-pips.min.css deleted file mode 100644 index 7badd717..00000000 --- a/source/soca/cluster_web_ui/static/css/jquery-ui-slider-pips.min.css +++ /dev/null @@ -1,4 +0,0 @@ -/*! jQuery-ui-Slider-Pips - v1.11.4 - 2016-09-04 -* Copyright (c) 2016 Simon Goellner ; Licensed MIT */ - -.ui-slider-horizontal.ui-slider-pips{margin-bottom:1.4em}.ui-slider-pips .ui-slider-label,.ui-slider-pips .ui-slider-pip-hide{display:none}.ui-slider-pips .ui-slider-pip-label .ui-slider-label{display:block}.ui-slider-pips .ui-slider-pip{width:2em;height:1em;line-height:1em;position:absolute;font-size:0.8em;color:#999;overflow:visible;text-align:center;top:20px;left:20px;margin-left:-1em;cursor:pointer;-webkit-touch-callout:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.ui-state-disabled.ui-slider-pips .ui-slider-pip{cursor:default}.ui-slider-pips .ui-slider-line{background:#999;width:1px;height:3px;position:absolute;left:50%}.ui-slider-pips .ui-slider-label{position:absolute;top:5px;left:50%;margin-left:-1em;width:2em}.ui-slider-pips:not(.ui-slider-disabled) .ui-slider-pip:hover .ui-slider-label{color:black;font-weight:bold}.ui-slider-vertical.ui-slider-pips{margin-bottom:1em;margin-right:2em}.ui-slider-vertical.ui-slider-pips .ui-slider-pip{text-align:left;top:auto;left:20px;margin-left:0;margin-bottom:-0.5em}.ui-slider-vertical.ui-slider-pips .ui-slider-line{width:3px;height:1px;position:absolute;top:50%;left:0}.ui-slider-vertical.ui-slider-pips .ui-slider-label{top:50%;left:0.5em;margin-left:0;margin-top:-0.5em;width:2em}.ui-slider-float .ui-slider-handle:focus,.ui-slider-float .ui-slider-handle.ui-state-focus .ui-slider-tip-label,.ui-slider-float .ui-slider-handle:focus .ui-slider-tip,.ui-slider-float .ui-slider-handle.ui-state-focus .ui-slider-tip-label,.ui-slider-float .ui-slider-handle:focus .ui-slider-tip-label .ui-slider-float .ui-slider-handle.ui-state-focus .ui-slider-tip-label{outline:none}.ui-slider-float .ui-slider-tip,.ui-slider-float .ui-slider-tip-label{position:absolute;visibility:hidden;top:-40px;display:block;width:34px;margin-left:-18px;left:50%;height:20px;line-height:20px;background:white;border-radius:3px;border:1px solid #888;text-align:center;font-size:12px;opacity:0;color:#333;-webkit-transition-property:opacity, top, visibility;transition-property:opacity, top, visibility;-webkit-transition-timing-function:ease-in;transition-timing-function:ease-in;-webkit-transition-duration:200ms, 200ms, 0ms;transition-duration:200ms, 200ms, 0ms;-webkit-transition-delay:0ms, 0ms, 200ms;transition-delay:0ms, 0ms, 200ms}.ui-slider-float .ui-slider-handle:hover .ui-slider-tip,.ui-slider-float .ui-slider-handle.ui-state-hover .ui-slider-tip,.ui-slider-float .ui-slider-handle:focus .ui-slider-tip,.ui-slider-float .ui-slider-handle.ui-state-focus .ui-slider-tip,.ui-slider-float .ui-slider-handle.ui-state-active .ui-slider-tip,.ui-slider-float .ui-slider-pip:hover .ui-slider-tip-label{opacity:1;top:-30px;visibility:visible;-webkit-transition-timing-function:ease-out;transition-timing-function:ease-out;-webkit-transition-delay:200ms, 200ms, 0ms;transition-delay:200ms, 200ms, 0ms}.ui-slider-float .ui-slider-pip .ui-slider-tip-label{top:42px}.ui-slider-float .ui-slider-pip:hover .ui-slider-tip-label{top:32px;font-weight:normal}.ui-slider-float .ui-slider-tip:after,.ui-slider-float .ui-slider-pip .ui-slider-tip-label:after{content:" ";width:0;height:0;border:5px solid rgba(255,255,255,0);border-top-color:#fff;position:absolute;bottom:-10px;left:50%;margin-left:-5px}.ui-slider-float .ui-slider-tip:before,.ui-slider-float .ui-slider-pip .ui-slider-tip-label:before{content:" ";width:0;height:0;border:5px solid rgba(255,255,255,0);border-top-color:#888;position:absolute;bottom:-11px;left:50%;margin-left:-5px}.ui-slider-float .ui-slider-pip .ui-slider-tip-label:after{border:5px solid rgba(255,255,255,0);border-bottom-color:#fff;top:-10px}.ui-slider-float .ui-slider-pip .ui-slider-tip-label:before{border:5px solid rgba(255,255,255,0);border-bottom-color:#888;top:-11px}.ui-slider-vertical.ui-slider-float .ui-slider-tip,.ui-slider-vertical.ui-slider-float .ui-slider-tip-label{top:50%;margin-top:-11px;width:34px;margin-left:0px;left:-60px;color:#333;-webkit-transition-duration:200ms, 200ms, 0;transition-duration:200ms, 200ms, 0;-webkit-transition-property:opacity, left, visibility;transition-property:opacity, left, visibility;-webkit-transition-delay:0, 0, 200ms;transition-delay:0, 0, 200ms}.ui-slider-vertical.ui-slider-float .ui-slider-handle:hover .ui-slider-tip,.ui-slider-vertical.ui-slider-float .ui-slider-handle.ui-state-hover .ui-slider-tip,.ui-slider-vertical.ui-slider-float .ui-slider-handle:focus .ui-slider-tip,.ui-slider-vertical.ui-slider-float .ui-slider-handle.ui-state-focus .ui-slider-tip,.ui-slider-vertical.ui-slider-float .ui-slider-handle.ui-state-active .ui-slider-tip,.ui-slider-vertical.ui-slider-float .ui-slider-pip:hover .ui-slider-tip-label{top:50%;margin-top:-11px;left:-50px}.ui-slider-vertical.ui-slider-float .ui-slider-pip .ui-slider-tip-label{left:47px}.ui-slider-vertical.ui-slider-float .ui-slider-pip:hover .ui-slider-tip-label{left:37px}.ui-slider-vertical.ui-slider-float .ui-slider-tip:after,.ui-slider-vertical.ui-slider-float .ui-slider-pip .ui-slider-tip-label:after{border:5px solid rgba(255,255,255,0);border-left-color:#fff;border-top-color:transparent;position:absolute;bottom:50%;margin-bottom:-5px;right:-10px;margin-left:0;top:auto;left:auto}.ui-slider-vertical.ui-slider-float .ui-slider-tip:before,.ui-slider-vertical.ui-slider-float .ui-slider-pip .ui-slider-tip-label:before{border:5px solid rgba(255,255,255,0);border-left-color:#888;border-top-color:transparent;position:absolute;bottom:50%;margin-bottom:-5px;right:-11px;margin-left:0;top:auto;left:auto}.ui-slider-vertical.ui-slider-float .ui-slider-pip .ui-slider-tip-label:after{border:5px solid rgba(255,255,255,0);border-right-color:#fff;right:auto;left:-10px}.ui-slider-vertical.ui-slider-float .ui-slider-pip .ui-slider-tip-label:before{border:5px solid rgba(255,255,255,0);border-right-color:#888;right:auto;left:-11px}.ui-slider-pips [class*=ui-slider-pip-initial]{font-weight:bold;color:#14CA82}.ui-slider-pips .ui-slider-pip-initial-2{color:#1897C9}.ui-slider-pips [class*=ui-slider-pip-selected]{font-weight:bold;color:#FF7A00}.ui-slider-pips .ui-slider-pip-inrange{color:black}.ui-slider-pips .ui-slider-pip-selected-2{color:#E70081}.ui-slider-pips [class*=ui-slider-pip-selected] .ui-slider-line,.ui-slider-pips .ui-slider-pip-inrange .ui-slider-line{background:black} diff --git a/source/soca/cluster_web_ui/static/js/jquery-ui-slider-pips.min.js b/source/soca/cluster_web_ui/static/js/jquery-ui-slider-pips.min.js deleted file mode 100644 index a866ead0..00000000 --- a/source/soca/cluster_web_ui/static/js/jquery-ui-slider-pips.min.js +++ /dev/null @@ -1,4 +0,0 @@ -/*! jQuery-ui-Slider-Pips - v1.11.4 - 2016-09-04 -* Copyright (c) 2016 Simon Goellner ; Licensed MIT */ - -!function(e){"use strict";var i={pips:function(i){function l(i){var l,s,t,a,n,r=[],o=0;if(u.values()&&u.values().length){for(t=u.values(),a=e.map(t,function(e){return Math.abs(e-i)}),n=Math.min.apply(Math,a),l=0;lt[1]?o=r[1]:iv[0]&&tt||"max"===u.options.range&&t>f)&&(p+=" ui-slider-pip-inrange");return d="horizontal"===u.options.orientation?"left: "+s:"bottom: "+s,''+g.formatLabel(l)+""}var n,r,o,p,d,u=this,f="",c=u._valueMin(),v=u._valueMax(),h=(v-c)/u.options.step,m=u.element.find(".ui-slider-handle"),g={first:"label",last:"label",rest:"pip",labels:!1,prefix:"",suffix:"",step:h>100?Math.floor(.05*h):1,formatLabel:function(e){return this.prefix+e+this.suffix}};if("object"!==e.type(i)&&"undefined"!==e.type(i))return void("destroy"===i?s():"refresh"===i&&u.element.slider("pips",u.element.data("pips-options")));e.extend(g,i),u.element.data("pips-options",g),u.options.pipStep=Math.abs(Math.round(g.step))||1,u.element.off(".selectPip").addClass("ui-slider-pips").find(".ui-slider-pip").remove();var b={single:function(i){this.resetClasses(),d.filter(".ui-slider-pip-"+this.classLabel(i)).addClass("ui-slider-pip-selected"),u.options.range&&d.each(function(l,s){var t=e(s).children(".ui-slider-label").data("value");("min"===u.options.range&&i>t||"max"===u.options.range&&t>i)&&e(s).addClass("ui-slider-pip-inrange")})},range:function(i){for(this.resetClasses(),n=0;ni[0]&&to;o+=u.options.pipStep)f+=a(o);for(f+=a("last"),u.element.append(f),d=u.element.find(".ui-slider-pip"),p=e._data(u.element.get(0),"events").mousedown&&e._data(u.element.get(0),"events").mousedown.length?e._data(u.element.get(0),"events").mousedown:u.element.data("mousedown-handlers"),u.element.data("mousedown-handlers",p.slice()),r=0;ro&&(o=n),o>r&&(o=r),p&&p.length)for(t=0;tr&&(p[t]=r);if(a.element.addClass("ui-slider-float").find(".ui-slider-tip, .ui-slider-tip-label").remove(),f.handle)for(d=s(a.values()&&a.values().length?p:[o]),t=0;t'+f.formatLabel(d[t])+""));f.pips&&a.element.find(".ui-slider-label").each(function(i,l){var t,a,n=e(l),r=[n.data("value")];t=f.formatLabel(s(r)[0]),a=e(''+t+"").insertAfter(n)}),"slide"!==f.event&&"slidechange"!==f.event&&"slide slidechange"!==f.event&&"slidechange slide"!==f.event&&(f.event="slidechange slide"),a.element.off(".sliderFloat").on(f.event+".sliderFloat",function(i,l){var t="array"===e.type(l.value)?l.value:[l.value],a=f.formatLabel(s(t)[0]);e(l.handle).find(".ui-slider-tip").html(a)})}};e.extend(!0,e.ui.slider.prototype,i)}(jQuery); \ No newline at end of file diff --git a/source/soca/cluster_web_ui/views/dashboard.py b/source/soca/cluster_web_ui/views/dashboard.py index 3028d7e8..1056935a 100644 --- a/source/soca/cluster_web_ui/views/dashboard.py +++ b/source/soca/cluster_web_ui/views/dashboard.py @@ -11,6 +11,6 @@ @dashboard.route('/dashboard', methods=['GET']) @login_required def index(): - elastic_search_endpoint = read_secretmanager.get_soca_configuration()['ESDomainEndpoint'] - kibana_url = "https://" + elastic_search_endpoint + "/_plugin/kibana" - return render_template("dashboard.html", kibana_url=kibana_url) \ No newline at end of file + loadbalancer_dns_name = read_secretmanager.get_soca_configuration()['LoadBalancerDNSName'] + kibana_url = "https://" + loadbalancer_dns_name + "/_plugin/kibana" + return render_template("dashboard.html", kibana_url=kibana_url) diff --git a/source/soca/cluster_web_ui/views/my_activity.py b/source/soca/cluster_web_ui/views/my_activity.py index 66421e57..aeba29f9 100644 --- a/source/soca/cluster_web_ui/views/my_activity.py +++ b/source/soca/cluster_web_ui/views/my_activity.py @@ -23,7 +23,7 @@ def index(): start = (datetime.datetime.utcnow() - datetime.timedelta(days=timedelta)).strftime('%Y-%m-%d') user_kibana_url = False - elastic_search_endpoint = read_secretmanager.get_soca_configuration()['ESDomainEndpoint'] + loadbalancer_dns_name = read_secretmanager.get_soca_configuration()['LoadBalancerDNSName'] job_index = "https://" + elastic_search_endpoint + "/_search?q=type:index-pattern%20AND%20index-pattern.title:" + config.Config.KIBANA_JOB_INDEX get_job_index = get(job_index, verify=False) index_id = False @@ -43,9 +43,9 @@ def index(): if index_id is False: flash("Unable to retrieve index ID for {}. To do the initial setup, follow instructions available on https://awslabs.github.io/scale-out-computing-on-aws/analytics/monitor-cluster-activity/".format(config.Config.KIBANA_JOB_INDEX)) - user_kibana_url = "https://" + elastic_search_endpoint + "/_plugin/kibana/" + user_kibana_url = "https://" + loadbalancer_dns_name + "/_plugin/kibana/" else: - user_kibana_url = "https://"+elastic_search_endpoint+"/_plugin/kibana/app/kibana#/discover?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'"+start+"T00:00:00.000Z',to:'"+end+"T23:59:59.000Z'))&_a=(columns:!(_source),filters:!(),index:'"+index_id+"',interval:auto,query:(language:kuery,query:'user:"+user+"'),sort:!(!(start_iso,desc)))" + user_kibana_url = "https://"+loadbalancer_dns_name+"/_plugin/kibana/app/kibana#/discover?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:'"+start+"T00:00:00.000Z',to:'"+end+"T23:59:59.000Z'))&_a=(columns:!(_source),filters:!(),index:'"+index_id+"',interval:auto,query:(language:kuery,query:'user:"+user+"'),sort:!(!(start_iso,desc)))" return render_template('my_activity.html', user_kibana_url=user_kibana_url, diff --git a/source/soca/cluster_web_ui/views/remote_desktop.py b/source/soca/cluster_web_ui/views/remote_desktop.py index e4e44c21..7a20ae35 100644 --- a/source/soca/cluster_web_ui/views/remote_desktop.py +++ b/source/soca/cluster_web_ui/views/remote_desktop.py @@ -400,26 +400,24 @@ def create(): /bin/bash /apps/soca/$SOCA_CONFIGURATION/cluster_node_bootstrap/ComputeNode.sh ''' + soca_configuration['SchedulerPrivateDnsName'] + ''' >> $SOCA_HOST_SYSTEM_LOG/ComputeNode.sh.log 2>&1''' - - check_hibernation_support = client_ec2.describe_instance_types( - InstanceTypes=[instance_type], - Filters=[ - {"Name": "hibernation-supported", - "Values": ["true"]}] - ) - logger.info("Checking in {} support Hibernation : {}".format(instance_type, check_hibernation_support)) - if len(check_hibernation_support["InstanceTypes"]) == 0: - if config.Config.DCV_FORCE_INSTANCE_HIBERNATE_SUPPORT is True: - flash("Sorry your administrator limited DCV to instances that support hibernation mode
    Please choose a different type of instance.") - return redirect("/remote_desktop") - else: - hibernate_support = False - else: - hibernate_support = True - - if parameters["hibernate"] and not hibernate_support: - flash("Sorry you have selected {} with hibernation support, but this instance type does not support it. Either disable hibernation support or pick a different instance type".format(instance_type), "error") - return redirect("/remote_desktop") + if parameters["hibernate"]: + try: + check_hibernation_support = client_ec2.describe_instance_types( + InstanceTypes=[instance_type], + Filters=[ + {"Name": "hibernation-supported", + "Values": ["true"]}] + ) + logger.info("Checking in {} support Hibernation : {}".format(instance_type, check_hibernation_support)) + if len(check_hibernation_support["InstanceTypes"]) == 0: + if config.Config.DCV_FORCE_INSTANCE_HIBERNATE_SUPPORT is True: + flash("Sorry your administrator limited DCV to instances that support hibernation mode
    Please choose a different type of instance.") + return redirect("/remote_desktop") + else: + flash("Sorry you have selected {} with hibernation support, but this instance type does not support it. Either disable hibernation support or pick a different instance type".format(instance_type), "error") + return redirect("/remote_desktop") + except ClientError as e: + logger.error(f"Error while checking hibernation support due to {e}") launch_parameters = {"security_group_id": security_group_id, "instance_profile": instance_profile, diff --git a/source/soca/cluster_web_ui/views/remote_desktop_windows.py b/source/soca/cluster_web_ui/views/remote_desktop_windows.py index 9c9de9e8..ced4ebeb 100644 --- a/source/soca/cluster_web_ui/views/remote_desktop_windows.py +++ b/source/soca/cluster_web_ui/views/remote_desktop_windows.py @@ -330,28 +330,26 @@ def create(): else: user_data = user_data.replace("%SOCA_WINDOWS_AUTOLOGON%", "false") + if parameters["hibernate"]: + try: + check_hibernation_support = client_ec2.describe_instance_types( + InstanceTypes=[instance_type], + Filters=[ + {"Name": "hibernation-supported", + "Values": ["true"]}] + ) + logger.info("Checking in {} support Hibernation : {}".format(instance_type, check_hibernation_support)) + if len(check_hibernation_support["InstanceTypes"]) == 0: + if config.Config.DCV_FORCE_INSTANCE_HIBERNATE_SUPPORT is True: + flash("Sorry your administrator limited DCV to instances that support hibernation mode
    Please choose a different type of instance.") + return redirect("/remote_desktop_windows") + else: + flash("Sorry you have selected {} with hibernation support, but this instance type does not support it. Either disable hibernation support or pick a different instance type".format(instance_type), "error") + return redirect("/remote_desktop_windows") + except ClientError as e: + logger.error(f"Error while checking hibernation support due to {e}") - check_hibernation_support = client_ec2.describe_instance_types( - InstanceTypes=[instance_type], - Filters=[ - {"Name": "hibernation-supported", - "Values": ["true"]}] - ) - logger.info("Checking in {} support Hibernation : {}".format(instance_type, check_hibernation_support)) - if len(check_hibernation_support["InstanceTypes"]) == 0: - if config.Config.DCV_FORCE_INSTANCE_HIBERNATE_SUPPORT is True: - flash("Sorry your administrator limited DCV to instances that support hibernation mode
    Please choose a different type of instance.") - return redirect("/remote_desktop_windows") - else: - hibernate_support = False - else: - hibernate_support = True - - if parameters["hibernate"] and not hibernate_support: - flash("Sorry you have selected {} with hibernation support, but this instance type does not support it. Either disable hibernation support or pick a different instance type".format(instance_type), "error") - return redirect("/remote_desktop_windows") - launch_parameters = {"security_group_id": security_group_id, "instance_profile": instance_profile, "instance_type": instance_type, diff --git a/source/templates/Analytics.template b/source/templates/Analytics.template index d7270222..c7092d60 100644 --- a/source/templates/Analytics.template +++ b/source/templates/Analytics.template @@ -1,22 +1,19 @@ AWSTemplateFormatVersion: 2010-09-09 Description: (SOCA) - Manage ELK stack Parameters: - SchedulerSecurityGroup: + ComputeNodeSecurityGroup: Type: String - PublicSubnet1: + VpcId: Type: String - ClusterId: - Type: String - - SchedulerPublicIP: + PrivateSubnet1: Type: String - EIPNat: + PrivateSubnet2: Type: String - ClientIp: + ClusterId: Type: String Resources: @@ -28,8 +25,10 @@ Resources: reason: "Domain Name is required if we want to restrict AccessPolicies to this resource only" Type: AWS::Elasticsearch::Domain Properties: - ElasticsearchVersion: 7.4 + ElasticsearchVersion: 7.9 DomainName: !Sub ${ClusterId} + DomainEndpointOptions: + EnforceHTTPS: True NodeToNodeEncryptionOptions: Enabled: True EncryptionAtRestOptions: @@ -51,12 +50,6 @@ Resources: Principal: AWS: '*' Action: 'es:ESHttp*' - Condition: - IpAddress: - aws:SourceIp: - - !Ref ClientIp - - !Sub ${SchedulerPublicIP}/32 - - !Sub ${EIPNat}/32 Resource: !Sub 'arn:${AWS::Partition}:es:${AWS::Region}:${AWS::AccountId}:domain/${ClusterId}/*' AdvancedOptions: @@ -68,25 +61,122 @@ Resources: - Key: soca:ClusterId Value: !Ref ClusterId - # Cloudformation does not support bind of ElasticSearchServiceLinkedRole to ElasticsearchDomain - # Because of this limitation we are restricted to non VPC only + VPCOptions: + SubnetIds: + - !Ref PrivateSubnet1 + - !Ref PrivateSubnet2 + SecurityGroupIds: + - !Ref ComputeNodeSecurityGroup + + GetESPrivateIPLambdaRole: + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: "DescribeNetworkInterfaces requires * resource-level permissions" + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + Policies: + - PolicyName: PreRequisite + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:DeleteLogStream + - logs:PutLogEvents + Resource: + - !Join [ "", [ "arn:", !Ref "AWS::Partition", ":logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":log-group:/aws/lambda/", !Ref ClusterId, "*"] ] - #VPCOptions: - # SubnetIds: - # - !Ref PublicSubnet1 - # SecurityGroupIds: - # - !Ref SchedulerSecurityGroup + - Effect: Allow + Action: + - ec2:DescribeNetworkInterfaces + Resource: + - '*' + Condition: + "ForAllValues:ArnEqualsIfExists": + "ec2:Vpc": !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/${VpcId}" - #ElasticSearchServiceLinkedRole: - # Type: AWS::IAM::ServiceLinkedRole - ## Properties: - # AWSServiceName: es.amazonaws.com - # Description: !Sub Service Link Role for ${ClusterId}-analytics + GetESPrivateIPLambda: + Type: AWS::Lambda::Function + Properties: + Description: Get ES private ip addresses + FunctionName: !Sub "${ClusterId}-GetESPrivateIP" + Handler: index.lambda_handler + MemorySize: 128 + Role: !GetAtt GetESPrivateIPLambdaRole.Arn + Runtime: python3.7 + Timeout: 180 + Tags: + - Key: soca:ClusterId + Value: !Ref ClusterId + Code: + ZipFile: !Sub | + import cfnresponse + import boto3 + import logging + ''' + Get prefix list id + ''' + logging.getLogger().setLevel(logging.INFO) + def lambda_handler(event, context): + try: + logging.info("event: {}".format(event)) + requestType = event['RequestType'] + if requestType == 'Delete': + cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, '') + return + ClusterId = event['ResourceProperties']['ClusterId'] + logging.info("ClusterId: " + ClusterId) + ec2_client = boto3.client('ec2') + response = ec2_client.describe_network_interfaces(Filters=[ + {'Name': 'description', 'Values': ['ES ' + ClusterId]}, + {'Name': 'requester-id', 'Values': ['amazon-elasticsearch']}]) + ipAddresses = [] + for networkInterface in response['NetworkInterfaces']: + logging.debug(networkInterface) + az = networkInterface['AvailabilityZone'] + logging.info("AZ: " + az) + for privateIpAddress in networkInterface['PrivateIpAddresses']: + logging.debug(privateIpAddress) + ipAddress = privateIpAddress['PrivateIpAddress'] + logging.info("ipAddress:" + ipAddress) + ipAddresses.append(ipAddress) + if len(ipAddresses) == 0: + msg = "No IP addresses found" + logging.error(msg) + cfnresponse.send(event, context, cfnresponse.FAILED, {'error': msg}, msg) + else: + ipAddressesStr = ",".join(ipAddresses) + cfnresponse.send(event, context, cfnresponse.SUCCESS, {'IpAddresses': ipAddressesStr}, str(ipAddresses)) + except: + logging.exception("Caught exception") + error_message = 'Exception getting private IP addresses for ES soca-{}'.format(ClusterId) + cfnresponse.send(event, context, cfnresponse.FAILED, {'error': error_message}, error_message) + ESCustomResource: + DependsOn: ElasticsearchDomain + Type: AWS::CloudFormation::CustomResource + Properties: + ServiceToken: !GetAtt GetESPrivateIPLambda.Arn + ClusterId: !Ref ClusterId Outputs: ESDomainArn: Value: !GetAtt ElasticsearchDomain.DomainArn ESDomainEndpoint: Value: !GetAtt ElasticsearchDomain.DomainEndpoint + ESDomainIPAddresses: + Value: !GetAtt ESCustomResource.IpAddresses diff --git a/source/templates/Security.template b/source/templates/Security.template index e0ba920e..29cc3a36 100644 --- a/source/templates/Security.template +++ b/source/templates/Security.template @@ -22,6 +22,12 @@ Parameters: S3InstallFolder: Type: String + CreateESServiceRole: + Type: String + +Conditions: + CreateESServiceRoleCondition: !Equals [!Ref 'CreateESServiceRole', 'True'] + Resources: SchedulerSecurityGroup: Metadata: @@ -621,6 +627,13 @@ Resources: - acm:AddTagsToCertificate Resource: "*" + ESServiceLinkedRole: + Type: AWS::IAM::ServiceLinkedRole + Condition: CreateESServiceRoleCondition + Properties: + AWSServiceName: es.amazonaws.com + Description: 'ES Role to access resources in SOCA VPC' + Outputs: SchedulerIAMRole: Value: !Ref SchedulerIAMRole diff --git a/source/templates/Viewer.template b/source/templates/Viewer.template index d3cbcb7d..a5a08dc0 100644 --- a/source/templates/Viewer.template +++ b/source/templates/Viewer.template @@ -28,6 +28,9 @@ Parameters: LambdaACMIAMRoleArn: Type: String + ESDomainIPAddresses: + Type: String + Resources: SchedulerELBPolicy: @@ -197,6 +200,23 @@ Resources: - Type: forward TargetGroupArn: !Ref TargetGroupSocaWebUI + ESLoadBalancerListenerRule: + DependsOn: + - HTTPSLoadBalancerListener + - TargetGroupES + Type: AWS::ElasticLoadBalancingV2::ListenerRule + Properties: + Actions: + - Type: forward + TargetGroupArn: !Ref TargetGroupES + Conditions: + - Field: path-pattern + PathPatternConfig: + Values: + - "/_plugin/kibana/*" + ListenerArn: !Ref HTTPSLoadBalancerListener + Priority: 1 + HTTPLoadBalancerListener: Metadata: cfn_nag: @@ -233,6 +253,24 @@ Resources: - Id: !Ref SchedulerInstanceId HealthCheckPath: "/ping" + TargetGroupES: + DependsOn: LoadBalancer + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + Name: !Sub ${ClusterId}-ES + VpcId: !Ref VpcId + Port: 443 + Protocol: HTTPS + TargetType: ip + Targets: + - Id: !Select [0, !Split [ ",", !Ref ESDomainIPAddresses ] ] + - Id: !Select [1, !Split [ ",", !Ref ESDomainIPAddresses ] ] + - Id: !Select [2, !Split [ ",", !Ref ESDomainIPAddresses ] ] + - Id: !Select [3, !Split [ ",", !Ref ESDomainIPAddresses ] ] + - Id: !Select [4, !Split [ ",", !Ref ESDomainIPAddresses ] ] + - Id: !Select [5, !Split [ ",", !Ref ESDomainIPAddresses ] ] + HealthCheckPath: "/" + Outputs: LoadBalancerArn: Value: !Ref LoadBalancer From 614e78cafb58e5a107f9ef60c71d3b6f8b707488 Mon Sep 17 00:00:00 2001 From: mcrozes Date: Mon, 22 Mar 2021 17:13:04 -0400 Subject: [PATCH 08/13] Update mkdocs doc --- mkdocs.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/mkdocs.yml b/mkdocs.yml index 7f323cef..e363329f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -8,10 +8,14 @@ site_name: Scale-Out Computing on AWS Knowledge Base theme: - name: 'material' - custom_dir: 'docs/overrides' - features: - - tabs + name: 'material' + palette: + scheme: default + custom_dir: 'docs/overrides' + features: + - navigation.tabs + - navigation.tracking + - navigation.sections # Repository repo_name: 'awslabs/scale-out-computing-on-aws' From 812f9aa04c81036daa49cf15655c3a8b9a63391a Mon Sep 17 00:00:00 2001 From: mcrozes Date: Mon, 22 Mar 2021 17:16:47 -0400 Subject: [PATCH 09/13] Fixed new broken links due to mkdocs system update --- README.adoc | 2 +- source/manual_build.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.adoc b/README.adoc index 273c0892..9e6a0b11 100644 --- a/README.adoc +++ b/README.adoc @@ -7,7 +7,7 @@ https://awslabs.github.io/scale-out-computing-on-aws/[https://awslabs.github.io/ == :rocket: How to install Scale-Out Computing on AWS -Refer to https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/[https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/] for installation instructions. +Refer to https://awslabs.github.io/scale-out-computing-on-aws/tutorials/install-soca-cluster/[https://awslabs.github.io/scale-out-computing-on-aws/tutorials/install-soca-cluster/] for installation instructions. == :pencil2: File Structure Scale-Out Computing on AWS project consists in a collection of CloudFormation templates, Shell scripts and Python code. diff --git a/source/manual_build.py b/source/manual_build.py index d721e05c..e9511ea8 100644 --- a/source/manual_build.py +++ b/source/manual_build.py @@ -45,7 +45,7 @@ def get_input(prompt): print("%sSorry, Windows builds are currently not supported. Please use a UNIX system if you want to do a custom build\n%s" % (fg('yellow'), attr('reset'))) print("%s=== How to install SOCA on Windows ===%s" % (fg('yellow'), attr('reset'))) print("%s1 - Download the latest release (RELEASE-.tar.gz) from https://github.com/awslabs/scale-out-computing-on-aws/releases%s" % (fg('yellow'), attr('reset'))) - print("%s2 - Install SOCA via https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/#option-2-download-the-latest-release-targz%s" % (fg('yellow'), attr('reset'))) + print("%s2 - Install SOCA via https://awslabs.github.io/scale-out-computing-on-aws/tutorials/install-soca-cluster/#option-2-download-the-latest-release-targz%s" % (fg('yellow'), attr('reset'))) exit(1) parser = argparse.ArgumentParser(description='Build & Upload SOCA CloudFormation resources.') @@ -140,7 +140,7 @@ def get_input(prompt): print("3: Launch CloudFormation and use scale-out-computing-on-aws.template as base template") print("4: Enter your cluster information.") - print("\n\nFor more information: https://awslabs.github.io/scale-out-computing-on-aws/install-soca-cluster/") + print("\n\nFor more information: https://awslabs.github.io/scale-out-computing-on-aws/tutorials/install-soca-cluster/") From bd9d8d20e1ecfb402465732432837b105734adb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Mar 2021 19:30:04 +0000 Subject: [PATCH 10/13] Bump rsa from 3.4.2 to 4.1 in /source/scripts Bumps [rsa](https://github.com/sybrenstuvel/python-rsa) from 3.4.2 to 4.1. - [Release notes](https://github.com/sybrenstuvel/python-rsa/releases) - [Changelog](https://github.com/sybrenstuvel/python-rsa/blob/main/CHANGELOG.md) - [Commits](https://github.com/sybrenstuvel/python-rsa/compare/version-3.4.2...version-4.1) Signed-off-by: dependabot[bot] --- source/scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/scripts/requirements.txt b/source/scripts/requirements.txt index 9075374b..92d747df 100644 --- a/source/scripts/requirements.txt +++ b/source/scripts/requirements.txt @@ -39,7 +39,7 @@ pytz==2019.1 PyYAML==5.2 requests==2.23.0 requests-aws4auth==0.9 -rsa==3.4.2 +rsa==4.1 s3transfer==0.3.3 six==1.14.0 SQLAlchemy==1.3.15 From 06fa515ed953c0c9e44249d451fab60da36ffc20 Mon Sep 17 00:00:00 2001 From: Ahmed Elzeftawi Date: Wed, 24 Mar 2021 16:56:48 -0700 Subject: [PATCH 11/13] Update release date for 2.6.1 in CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c07fbb3..2389f1ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [2.6.1] - 2021-01-20 +## [2.6.1] - 2021-03-22 ### Added - Added Name tag to EIPNat in Network.template - Added support for Milan and Cape Town From ee74e6275636674ed557348c38b3175df1fcb49f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Mar 2021 15:52:52 +0000 Subject: [PATCH 12/13] Bump pyyaml from 5.2 to 5.4 in /source/scripts Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.2 to 5.4. - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/5.2...5.4) Signed-off-by: dependabot[bot] --- source/scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/scripts/requirements.txt b/source/scripts/requirements.txt index 92d747df..827e8544 100644 --- a/source/scripts/requirements.txt +++ b/source/scripts/requirements.txt @@ -36,7 +36,7 @@ python-jose==3.1.0 python-ldap==3.2.0 python-pam==1.8.4 pytz==2019.1 -PyYAML==5.2 +PyYAML==5.4 requests==2.23.0 requests-aws4auth==0.9 rsa==4.1 From d872ca806a4a24fdb452f9fe13d70a927179ae67 Mon Sep 17 00:00:00 2001 From: ahmedelz Date: Fri, 26 Mar 2021 09:10:22 -0700 Subject: [PATCH 13/13] Update awscli, boto3, and botocore to be compatible with PyYAML 5.4 --- source/scripts/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/scripts/requirements.txt b/source/scripts/requirements.txt index 827e8544..50d5cc8e 100644 --- a/source/scripts/requirements.txt +++ b/source/scripts/requirements.txt @@ -1,9 +1,9 @@ -awscli==1.18.197 +awscli==1.19.38 apscheduler==3.6.3 tzlocal==2.1 asn1crypto==1.3.0 -boto3==1.16.37 -botocore==1.19.37 +boto3==1.17.38 +botocore==1.20.38 cachetools==4.1.0 cffi==1.14.0 cfn-flip==1.2.2