From 60b426b16671bd3df5cd3064f6f03e2a424b36f5 Mon Sep 17 00:00:00 2001 From: Karl DeBisschop Date: Tue, 17 Dec 2019 09:55:40 -0500 Subject: [PATCH] Rancher node plugin for Rundeck --- .gitignore | 24 + LICENSE | 14 + README.md | 52 +++ build.gradle | 100 +++++ gradle/wrapper/gradle-wrapper.jar | Bin 0 -> 54413 bytes gradle/wrapper/gradle-wrapper.properties | 5 + gradlew | 172 ++++++++ gradlew.bat | 84 ++++ settings.gradle | 1 + split-log.pl | 51 +++ .../bioraft/rundeck/rancher/LogMessage.java | 75 ++++ .../rundeck/rancher/MessageReader.java | 152 +++++++ .../rundeck/rancher/RancherFileCopier.java | 133 ++++++ .../RancherFileCopierFailureReason.java | 48 ++ .../rancher/RancherNodeExecutorPlugin.java | 164 +++++++ .../rancher/RancherResourceModelSource.java | 406 +++++++++++++++++ .../RancherResourceModelSourceFactory.java | 106 +++++ .../rundeck/rancher/RancherShared.java | 55 +++ .../rancher/RancherWebSocketListener.java | 412 ++++++++++++++++++ 19 files changed, 2054 insertions(+) create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 README.md create mode 100644 build.gradle create mode 100644 gradle/wrapper/gradle-wrapper.jar create mode 100644 gradle/wrapper/gradle-wrapper.properties create mode 100755 gradlew create mode 100644 gradlew.bat create mode 100644 settings.gradle create mode 100755 split-log.pl create mode 100644 src/main/java/com/bioraft/rundeck/rancher/LogMessage.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/MessageReader.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/RancherFileCopier.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/RancherFileCopierFailureReason.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/RancherNodeExecutorPlugin.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSource.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSourceFactory.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/RancherShared.java create mode 100644 src/main/java/com/bioraft/rundeck/rancher/RancherWebSocketListener.java diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..549076d --- /dev/null +++ b/.gitignore @@ -0,0 +1,24 @@ +# Eclipse +.classpath +.project +.settings/ + +# Intellij +.idea/ +*.iml +*.iws + +# Mac +.DS_Store + +# Maven +log/ +target/ +.gradle/ +build/ +out/ + +# Integration tests +build.log + +/bin/ diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b2f772a --- /dev/null +++ b/LICENSE @@ -0,0 +1,14 @@ +Copyright (c) 2019 BioRAFT + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..fafebc2 --- /dev/null +++ b/README.md @@ -0,0 +1,52 @@ +# Rancher Nodes Plugin for Rundeck + +This plugin implements Rundeck nodes for Rancher-managed Docker containers. + +## Requirements + +The containers must have bash installed for the Node Executer to work. + +## Features + +### Rancher Node Resource + +Collects nodes from a Rancher controller host. + +Features: + + - Project can include multiple environments. + - API keys are not exposed in configuration. + - Can limit selected containers to one per service. + - Can exclude stopped containers. + - Can exclude global containers. + - Can exclude system containers. + - Can apply a fixed set of tags to all selected containers. + - Can define node attributes from container labels (configured by regex). + - Can add tags from container labels (configured by regex). + - Can add node description (e.g., url) via a label like "com.example.description" + +Configuration: + + - Node executor and file copier do not require separate configuration. + - Authentication tokens for node executor and file copier are in password storage. + - The path for authentication tokens is specified in the node source configuration. + - Users will need to add those keys to storage in addition to entering them as password + on the configuration page. + + +### Rancher Node Executor + +Executes jobs on remote Docker containers managed by the Rancher host. + +Features: + + - Can select first container in a service so only one needs to run. + - Reconstructs the STDERR channel that is missing in output from Rancher API. + +### Rancher File Copier + +Should be considered beta. Probably limited to text files. + +## Compatibility + + This has been tested with Rundeck 3.x and Rancher 1.6. \ No newline at end of file diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..035467f --- /dev/null +++ b/build.gradle @@ -0,0 +1,100 @@ +plugins { + id 'pl.allegro.tech.build.axion-release' version '1.10.1' + id 'java' +} + +apply plugin: 'java' +apply plugin: 'eclipse' +apply plugin: 'idea' + +sourceCompatibility = 1.8 +defaultTasks 'clean','build' +ext.rundeckPluginVersion = '1.2' +ext.pluginClassNames='com.bioraft.rundeck.rancher.RancherNodeExecutorPlugin,com.bioraft.rundeck.rancher.RancherFileCopier,com.bioraft.rundeck.rancher.RancherResourceModelSourceFactory' +ext.pluginName = 'Rancher Node Plugins' +ext.pluginDescription = 'Interface with Rancher environments' + +scmVersion { + ignoreUncommittedChanges = true + tag { + prefix = '' + versionSeparator = '' + def origDeserialize=deserialize + //apend .0 to satisfy semver if the tag version is only X.Y + deserialize = { config, position, tagName -> + def orig = origDeserialize(config, position, tagName) + if (orig.split('\\.').length < 3) { + orig += ".0" + } + orig + } + } +} +project.version = scmVersion.version + +repositories { + mavenLocal() + mavenCentral() +} + +configurations{ + //declare custom pluginLibs configuration to include only libs for this plugin + pluginLibs + + //declare compile to extend from pluginLibs so it inherits the dependencies + compile{ + extendsFrom pluginLibs + } +} + +dependencies { + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.1' + + implementation group: 'com.squareup.okhttp3', name: 'okhttp', version: '3.14.4' + + implementation ( + 'org.rundeck:rundeck-core:3.0+', + 'org.rundeck:rundeck-storage-api:3.0+' + ) + + testImplementation group: 'junit', name: 'junit', version:'4.12' + + testImplementation ( + 'org.mockito:mockito-all:1.9.5', + 'org.powermock:powermock-module-junit4:1.5', + 'org.powermock:powermock-api-mockito:1.5' + ) +} + + +// task to copy plugin libs to output/lib dir +task copyToLib(type: Copy) { + into "$buildDir/output/lib" + from configurations.pluginLibs +} + +jar { + from "$buildDir/output" + manifest { + def libList = configurations.pluginLibs.collect{'lib/'+it.name}.join(' ') + + attributes 'Rundeck-Plugin-Classnames': pluginClassNames + attributes 'Rundeck-Plugin-File-Version': archiveVersion + attributes 'Rundeck-Plugin-Name': pluginName + attributes 'Rundeck-Plugin-Description': pluginDescription + attributes 'Rundeck-Plugin-Rundeck-Compatibility-Version': '3.x' + attributes 'Rundeck-Plugin-Tags': 'java,WorkflowNodeStep' + attributes 'Rundeck-Plugin-License': 'Apache 2.0' + attributes 'Rundeck-Plugin-Source-Link': 'https://github.com/' + attributes 'Rundeck-Plugin-Target-Host-Compatibility': 'all' + attributes 'Rundeck-Plugin-Version': rundeckPluginVersion + attributes 'Rundeck-Plugin-Archive': 'true' + attributes 'Rundeck-Plugin-Libs': "${libList}" + + } + dependsOn(copyToLib) +} + +wrapper { + gradleVersion = '6.0.1' +} diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000000000000000000000000000000000000..91ca28c8b802289c3a438766657a5e98f20eff03 GIT binary patch literal 54413 zcmafaV|Zr4wq`oEZQHiZj%|LijZQlLf{tz5M#r{o+fI6V=G-$g=gzrzeyqLskF}nv zRZs0&c;EUi2L_G~0s;*U0szbK}f6%Pvi zRZ#mYf6f1oqJoH`jHHCB8l!^by~4z}yc`4LEP@;Z?bO6{g9`Hk+s@(L1jC5Tq{1Yf z4E;CQvrx0-gF+peRxFC*gF=&$zNYk(w0q}U=WqXMz`tYs@0o%B{dRD+{C_6(f9t^g zhmNJQv6-#;f2)f2uc{u-#*U8W&i{|ewYN^n_1~cv|1J!}zc&$eaBy{T{cEpa46s*q zHFkD2cV;xTHFj}{*3kBt*FgS4A5SI|$F%$gB@It9FlC}D3y`sbZG{2P6gGwC$U`6O zb_cId9AhQl#A<&=x>-xDD%=Ppt$;y71@Lwsl{x943#T@8*?cbR<~d`@@}4V${+r$jICUIOzgZJy_9I zu*eA(F)$~J07zX%tmQN}1^wj+RM|9bbwhQA=xrPE*{vB_P!pPYT5{Or^m*;Qz#@Bl zRywCG_RDyM6bf~=xn}FtiFAw|rrUxa1+z^H`j6e|GwKDuq}P)z&@J>MEhsVBvnF|O zOEm)dADU1wi8~mX(j_8`DwMT_OUAnjbWYer;P*^Uku_qMu3}qJU zTAkza-K9aj&wcsGuhQ>RQoD?gz~L8RwCHOZDzhBD$az*$TQ3!uygnx_rsXG`#_x5t zn*lb(%JI3%G^MpYp-Y(KI4@_!&kBRa3q z|Fzn&3R%ZsoMNEn4pN3-BSw2S_{IB8RzRv(eQ1X zyBQZHJ<(~PfUZ~EoI!Aj`9k<+Cy z2DtI<+9sXQu!6&-Sk4SW3oz}?Q~mFvy(urUy<)x!KQ>#7yIPC)(ORhKl7k)4eSy~} z7#H3KG<|lt68$tk^`=yjev%^usOfpQ#+Tqyx|b#dVA(>fPlGuS@9ydo z!Cs#hse9nUETfGX-7lg;F>9)+ml@M8OO^q|W~NiysX2N|2dH>qj%NM`=*d3GvES_# zyLEHw&1Fx<-dYxCQbk_wk^CI?W44%Q9!!9aJKZW-bGVhK?N;q`+Cgc*WqyXcxZ%U5QXKu!Xn)u_dxeQ z;uw9Vysk!3OFzUmVoe)qt3ifPin0h25TU zrG*03L~0|aaBg7^YPEW^Yq3>mSNQgk-o^CEH?wXZ^QiPiuH}jGk;75PUMNquJjm$3 zLcXN*uDRf$Jukqg3;046b;3s8zkxa_6yAlG{+7{81O3w96i_A$KcJhD&+oz1<>?lun#C3+X0q zO4JxN{qZ!e#FCl@e_3G?0I^$CX6e$cy7$BL#4<`AA)Lw+k`^15pmb-447~5lkSMZ` z>Ce|adKhb-F%yy!vx>yQbXFgHyl(an=x^zi(!-~|k;G1=E(e@JgqbAF{;nv`3i)oi zDeT*Q+Mp{+NkURoabYb9@#Bi5FMQnBFEU?H{~9c;g3K%m{+^hNe}(MdpPb?j9`?2l z#%AO!|2QxGq7-2Jn2|%atvGb(+?j&lmP509i5y87`9*BSY++<%%DXb)kaqG0(4Eft zj|2!Od~2TfVTi^0dazAIeVe&b#{J4DjN6;4W;M{yWj7#+oLhJyqeRaO;>?%mX>Ec{Mp~;`bo}p;`)@5dA8fNQ38FyMf;wUPOdZS{U*8SN6xa z-kq3>*Zos!2`FMA7qjhw-`^3ci%c91Lh`;h{qX1r;x1}eW2hYaE*3lTk4GwenoxQ1kHt1Lw!*N8Z%DdZSGg5~Bw}+L!1#d$u+S=Bzo7gi zqGsBV29i)Jw(vix>De)H&PC; z-t2OX_ak#~eSJ?Xq=q9A#0oaP*dO7*MqV;dJv|aUG00UX=cIhdaet|YEIhv6AUuyM zH1h7fK9-AV)k8sr#POIhl+?Z^r?wI^GE)ZI=H!WR<|UI(3_YUaD#TYV$Fxd015^mT zpy&#-IK>ahfBlJm-J(n(A%cKV;)8&Y{P!E|AHPtRHk=XqvYUX?+9po4B$0-6t74UUef${01V{QLEE8gzw* z5nFnvJ|T4dlRiW9;Ed_yB{R@)fC=zo4hCtD?TPW*WJmMXYxN_&@YQYg zBQ$XRHa&EE;YJrS{bn7q?}Y&DH*h;){5MmE(9A6aSU|W?{3Ox%5fHLFScv7O-txuRbPG1KQtI`Oay=IcEG=+hPhlnYC;`wSHeo|XGio0aTS6&W($E$ z?N&?TK*l8;Y^-xPl-WVZwrfdiQv10KdsAb9u-*1co*0-Z(h#H)k{Vc5CT!708cs%sExvPC+7-^UY~jTfFq=cj z!Dmy<+NtKp&}}$}rD{l?%MwHdpE(cPCd;-QFPk1`E5EVNY2i6E`;^aBlx4}h*l42z zpY#2cYzC1l6EDrOY*ccb%kP;k8LHE3tP>l3iK?XZ%FI<3666yPw1rM%>eCgnv^JS_ zK7c~;g7yXt9fz@(49}Dj7VO%+P!eEm& z;z8UXs%NsQ%@2S5nve)@;yT^61BpVlc}=+i6{ZZ9r7<({yUYqe==9*Z+HguP3`sA& z{`inI4G)eLieUQ*pH9M@)u7yVnWTQva;|xq&-B<>MoP(|xP(HqeCk1&h>DHNLT>Zi zQ$uH%s6GoPAi0~)sC;`;ngsk+StYL9NFzhFEoT&Hzfma1f|tEnL0 zMWdX4(@Y*?*tM2@H<#^_l}BC&;PYJl%~E#veQ61{wG6!~nyop<^e)scV5#VkGjYc2 z$u)AW-NmMm%T7WschOnQ!Hbbw&?`oMZrJ&%dVlN3VNra1d0TKfbOz{dHfrCmJ2Jj= zS#Gr}JQcVD?S9X!u|oQ7LZ+qcq{$40 ziG5=X^+WqeqxU00YuftU7o;db=K+Tq!y^daCZgQ)O=M} zK>j*<3oxs=Rcr&W2h%w?0Cn3);~vqG>JO_tTOzuom^g&^vzlEjkx>Sv!@NNX%_C!v zaMpB>%yVb}&ND9b*O>?HxQ$5-%@xMGe4XKjWh7X>CYoRI2^JIwi&3Q5UM)?G^k8;8 zmY$u;(KjZx>vb3fe2zgD7V;T2_|1KZQW$Yq%y5Ioxmna9#xktcgVitv7Sb3SlLd6D zfmBM9Vs4rt1s0M}c_&%iP5O{Dnyp|g1(cLYz^qLqTfN6`+o}59Zlu%~oR3Q3?{Bnr zkx+wTpeag^G12fb_%SghFcl|p2~<)Av?Agumf@v7y-)ecVs`US=q~=QG%(_RTsqQi z%B&JdbOBOmoywgDW|DKR5>l$1^FPhxsBrja<&}*pfvE|5dQ7j-wV|ur%QUCRCzBR3q*X`05O3U@?#$<>@e+Zh&Z&`KfuM!0XL& zI$gc@ZpM4o>d&5)mg7+-Mmp98K^b*28(|Ew8kW}XEV7k^vnX-$onm9OtaO@NU9a|as7iA%5Wrw9*%UtJYacltplA5}gx^YQM` zVkn`TIw~avq)mIQO0F0xg)w$c)=8~6Jl|gdqnO6<5XD)&e7z7ypd3HOIR+ss0ikSVrWar?548HFQ*+hC)NPCq*;cG#B$7 z!n?{e9`&Nh-y}v=nK&PR>PFdut*q&i81Id`Z<0vXUPEbbJ|<~_D!)DJMqSF~ly$tN zygoa)um~xdYT<7%%m!K8+V(&%83{758b0}`b&=`))Tuv_)OL6pf=XOdFk&Mfx9y{! z6nL>V?t=#eFfM$GgGT8DgbGRCF@0ZcWaNs_#yl+6&sK~(JFwJmN-aHX{#Xkpmg;!} zgNyYYrtZdLzW1tN#QZAh!z5>h|At3m+ryJ-DFl%V>w?cmVTxt^DsCi1ZwPaCe*D{) z?#AZV6Debz{*D#C2>44Czy^yT3y92AYDcIXtZrK{L-XacVl$4i=X2|K=Fy5vAzhk{ zu3qG=qSb_YYh^HirWf~n!_Hn;TwV8FU9H8+=BO)XVFV`nt)b>5yACVr!b98QlLOBDY=^KS<*m9@_h3;64VhBQzb_QI)gbM zSDto2i*iFrvxSmAIrePB3i`Ib>LdM8wXq8(R{-)P6DjUi{2;?}9S7l7bND4w%L2!; zUh~sJ(?Yp}o!q6)2CwG*mgUUWlZ;xJZo`U`tiqa)H4j>QVC_dE7ha0)nP5mWGB268 zn~MVG<#fP#R%F=Ic@(&Va4dMk$ysM$^Avr1&hS!p=-7F>UMzd(M^N9Ijb|364}qcj zcIIh7suk$fQE3?Z^W4XKIPh~|+3(@{8*dSo&+Kr(J4^VtC{z*_{2}ld<`+mDE2)S| zQ}G#Q0@ffZCw!%ZGc@kNoMIdQ?1db%N1O0{IPPesUHI;(h8I}ETudk5ESK#boZgln z(0kvE`&6z1xH!s&={%wQe;{^&5e@N0s7IqR?L*x%iXM_czI5R1aU?!bA7)#c4UN2u zc_LZU+@elD5iZ=4*X&8%7~mA;SA$SJ-8q^tL6y)d150iM)!-ry@TI<=cnS#$kJAS# zq%eK**T*Wi2OlJ#w+d_}4=VN^A%1O+{?`BK00wkm)g8;u?vM;RR+F1G?}({ENT3i= zQsjJkp-dmJ&3-jMNo)wrz0!g*1z!V7D(StmL(A}gr^H-CZ~G9u?*Uhcx|x7rb`v^X z9~QGx;wdF4VcxCmEBp$F#sms@MR?CF67)rlpMxvwhEZLgp2?wQq|ci#rLtrYRV~iR zN?UrkDDTu114&d~Utjcyh#tXE_1x%!dY?G>qb81pWWH)Ku@Kxbnq0=zL#x@sCB(gs zm}COI(!{6-XO5li0>1n}Wz?w7AT-Sp+=NQ1aV@fM$`PGZjs*L+H^EW&s!XafStI!S zzgdntht=*p#R*o8-ZiSb5zf6z?TZr$^BtmIfGAGK;cdg=EyEG)fc*E<*T=#a?l=R5 zv#J;6C(umoSfc)W*EODW4z6czg3tXIm?x8{+8i^b;$|w~k)KLhJQnNW7kWXcR^sol z1GYOp?)a+}9Dg*nJ4fy*_riThdkbHO37^csfZRGN;CvQOtRacu6uoh^gg%_oEZKDd z?X_k67s$`|Q&huidfEonytrq!wOg07H&z@`&BU6D114p!rtT2|iukF}>k?71-3Hk< zs6yvmsMRO%KBQ44X4_FEYW~$yx@Y9tKrQ|rC1%W$6w}-9!2%4Zk%NycTzCB=nb)r6*92_Dg+c0;a%l1 zsJ$X)iyYR2iSh|%pIzYV1OUWER&np{w1+RXb~ zMUMRymjAw*{M)UtbT)T!kq5ZAn%n=gq3ssk3mYViE^$paZ;c^7{vXDJ`)q<}QKd2?{r9`X3mpZ{AW^UaRe2^wWxIZ$tuyKzp#!X-hXkHwfD zj@2tA--vFi3o_6B?|I%uwD~emwn0a z+?2Lc1xs(`H{Xu>IHXpz=@-84uw%dNV;{|c&ub|nFz(=W-t4|MME(dE4tZQi?0CE|4_?O_dyZj1)r zBcqB8I^Lt*#)ABdw#yq{OtNgf240Jvjm8^zdSf40 z;H)cp*rj>WhGSy|RC5A@mwnmQ`y4{O*SJ&S@UFbvLWyPdh)QnM=(+m3p;0&$^ysbZ zJt!ZkNQ%3hOY*sF2_~-*`aP|3Jq7_<18PX*MEUH*)t{eIx%#ibC|d&^L5FwoBN}Oe z?!)9RS@Zz%X1mqpHgym75{_BM4g)k1!L{$r4(2kL<#Oh$Ei7koqoccI3(MN1+6cDJ zp=xQhmilz1?+ZjkX%kfn4{_6K_D{wb~rdbkh!!k!Z@cE z^&jz55*QtsuNSlGPrU=R?}{*_8?4L7(+?>?(^3Ss)f!ou&{6<9QgH>#2$?-HfmDPN z6oIJ$lRbDZb)h-fFEm^1-v?Slb8udG{7GhbaGD_JJ8a9f{6{TqQN;m@$&)t81k77A z?{{)61za|e2GEq2)-OqcEjP`fhIlUs_Es-dfgX-3{S08g`w=wGj2{?`k^GD8d$}6Z zBT0T1lNw~fuwjO5BurKM593NGYGWAK%UCYiq{$p^GoYz^Uq0$YQ$j5CBXyog8(p_E znTC+$D`*^PFNc3Ih3b!2Lu|OOH6@46D)bbvaZHy%-9=$cz}V^|VPBpmPB6Ivzlu&c zPq6s7(2c4=1M;xlr}bkSmo9P`DAF>?Y*K%VPsY`cVZ{mN&0I=jagJ?GA!I;R)i&@{ z0Gl^%TLf_N`)`WKs?zlWolWvEM_?{vVyo(!taG$`FH2bqB`(o50pA=W34kl-qI62lt z1~4LG_j%sR2tBFteI{&mOTRVU7AH>>-4ZCD_p6;-J<=qrod`YFBwJz(Siu(`S}&}1 z6&OVJS@(O!=HKr-Xyzuhi;swJYK*ums~y1ePdX#~*04=b9)UqHHg;*XJOxnS6XK#j zG|O$>^2eW2ZVczP8#$C`EpcWwPFX4^}$omn{;P(fL z>J~%-r5}*D3$Kii z34r@JmMW2XEa~UV{bYP=F;Y5=9miJ+Jw6tjkR+cUD5+5TuKI`mSnEaYE2=usXNBs9 zac}V13%|q&Yg6**?H9D620qj62dM+&&1&a{NjF}JqmIP1I1RGppZ|oIfR}l1>itC% zl>ed${{_}8^}m2^br*AIX$L!Vc?Sm@H^=|LnpJg`a7EC+B;)j#9#tx-o0_e4!F5-4 zF4gA;#>*qrpow9W%tBzQ89U6hZ9g=-$gQpCh6Nv_I0X7t=th2ajJ8dBbh{i)Ok4{I z`Gacpl?N$LjC$tp&}7Sm(?A;;Nb0>rAWPN~@3sZ~0_j5bR+dz;Qs|R|k%LdreS3Nn zp*36^t#&ASm=jT)PIjNqaSe4mTjAzlAFr*@nQ~F+Xdh$VjHWZMKaI+s#FF#zjx)BJ zufxkW_JQcPcHa9PviuAu$lhwPR{R{7CzMUi49=MaOA%ElpK;A)6Sgsl7lw)D$8FwE zi(O6g;m*86kcJQ{KIT-Rv&cbv_SY4 zpm1|lSL*o_1LGOlBK0KuU2?vWcEcQ6f4;&K=&?|f`~X+s8H)se?|~2HcJo{M?Ity) zE9U!EKGz2^NgB6Ud;?GcV*1xC^1RYIp&0fr;DrqWLi_Kts()-#&3|wz{wFQsKfnnsC||T?oIgUp z{O(?Df7&vW!i#_~*@naguLLjDAz+)~*_xV2iz2?(N|0y8DMneikrT*dG`mu6vdK`% z=&nX5{F-V!Reau}+w_V3)4?}h@A@O)6GCY7eXC{p-5~p8x{cH=hNR;Sb{*XloSZ_%0ZKYG=w<|!vy?spR4!6mF!sXMUB5S9o_lh^g0!=2m55hGR; z-&*BZ*&;YSo474=SAM!WzrvjmNtq17L`kxbrZ8RN419e=5CiQ-bP1j-C#@@-&5*(8 zRQdU~+e(teUf}I3tu%PB1@Tr{r=?@0KOi3+Dy8}+y#bvgeY(FdN!!`Kb>-nM;7u=6 z;0yBwOJ6OdWn0gnuM{0`*fd=C(f8ASnH5aNYJjpbY1apTAY$-%)uDi$%2)lpH=#)=HH z<9JaYwPKil@QbfGOWvJ?cN6RPBr`f+jBC|-dO|W@x_Vv~)bmY(U(!cs6cnhe0z31O z>yTtL4@KJ*ac85u9|=LFST22~!lb>n7IeHs)_(P_gU}|8G>{D_fJX)8BJ;Se? z67QTTlTzZykb^4!{xF!=C}VeFd@n!9E)JAK4|vWVwWop5vSWcD<;2!88v-lS&ve7C zuYRH^85#hGKX(Mrk};f$j_V&`Nb}MZy1mmfz(e`nnI4Vpq(R}26pZx?fq%^|(n~>* z5a5OFtFJJfrZmgjyHbj1`9||Yp?~`p2?4NCwu_!!*4w8K`&G7U_|np&g7oY*-i;sI zu)~kYH;FddS{7Ri#Z5)U&X3h1$Mj{{yk1Q6bh4!7!)r&rqO6K~{afz@bis?*a56i& zxi#(Ss6tkU5hDQJ0{4sKfM*ah0f$>WvuRL zunQ-eOqa3&(rv4kiQ(N4`FO6w+nko_HggKFWx@5aYr}<~8wuEbD(Icvyl~9QL^MBt zSvD)*C#{2}!Z55k1ukV$kcJLtW2d~%z$t0qMe(%2qG`iF9K_Gsae7OO%Tf8E>ooch ztAw01`WVv6?*14e1w%Wovtj7jz_)4bGAqqo zvTD|B4)Ls8x7-yr6%tYp)A7|A)x{WcI&|&DTQR&2ir(KGR7~_RhNOft)wS<+vQ*|sf;d>s zEfl&B^*ZJp$|N`w**cXOza8(ARhJT{O3np#OlfxP9Nnle4Sto)Fv{w6ifKIN^f1qO*m8+MOgA1^Du!=(@MAh8)@wU8t=Ymh!iuT_lzfm za~xEazL-0xwy9$48!+?^lBwMV{!Gx)N>}CDi?Jwax^YX@_bxl*+4itP;DrTswv~n{ zZ0P>@EB({J9ZJ(^|ptn4ks^Z2UI&87d~J_^z0&vD2yb%*H^AE!w= zm&FiH*c%vvm{v&i3S>_hacFH${|(2+q!`X~zn4$aJDAry>=n|{C7le(0a)nyV{kAD zlud4-6X>1@-XZd`3SKKHm*XNn_zCyKHmf*`C_O509$iy$Wj`Sm3y?nWLCDy>MUx1x zl-sz7^{m(&NUk*%_0(G^>wLDnXW90FzNi$Tu6* z<+{ePBD`%IByu977rI^x;gO5M)Tfa-l*A2mU-#IL2?+NXK-?np<&2rlF;5kaGGrx2 zy8Xrz`kHtTVlSSlC=nlV4_oCsbwyVHG4@Adb6RWzd|Otr!LU=% zEjM5sZ#Ib4#jF(l!)8Na%$5VK#tzS>=05GpV?&o* z3goH1co0YR=)98rPJ~PuHvkA59KUi#i(Mq_$rApn1o&n1mUuZfFLjx@3;h`0^|S##QiTP8rD`r8P+#D@gvDJh>amMIl065I)PxT6Hg(lJ?X7*|XF2Le zv36p8dWHCo)f#C&(|@i1RAag->5ch8TY!LJ3(+KBmLxyMA%8*X%_ARR*!$AL66nF= z=D}uH)D)dKGZ5AG)8N-;Il*-QJ&d8u30&$_Q0n1B58S0ykyDAyGa+BZ>FkiOHm1*& zNOVH;#>Hg5p?3f(7#q*dL74;$4!t?a#6cfy#}9H3IFGiCmevir5@zXQj6~)@zYrWZ zRl*e66rjwksx-)Flr|Kzd#Bg>We+a&E{h7bKSae9P~ z(g|zuXmZ zD?R*MlmoZ##+0c|cJ(O{*h(JtRdA#lChYhfsx25(Z`@AK?Q-S8_PQqk z>|Z@Ki1=wL1_c6giS%E4YVYD|Y-{^ZzFwB*yN8-4#+TxeQ`jhks7|SBu7X|g=!_XL z`mY=0^chZfXm%2DYHJ4z#soO7=NONxn^K3WX={dV>$CTWSZe@<81-8DVtJEw#Uhd3 zxZx+($6%4a&y_rD8a&E`4$pD6-_zZJ%LEE*1|!9uOm!kYXW< zOBXZAowsX-&$5C`xgWkC43GcnY)UQt2Qkib4!!8Mh-Q!_M%5{EC=Gim@_;0+lP%O^ zG~Q$QmatQk{Mu&l{q~#kOD;T-{b1P5u7)o-QPPnqi?7~5?7%IIFKdj{;3~Hu#iS|j z)Zoo2wjf%+rRj?vzWz(6JU`=7H}WxLF*|?WE)ci7aK?SCmd}pMW<{#1Z!_7BmVP{w zSrG>?t}yNyCR%ZFP?;}e8_ zRy67~&u11TN4UlopWGj6IokS{vB!v!n~TJYD6k?~XQkpiPMUGLG2j;lh>Eb5bLTkX zx>CZlXdoJsiPx=E48a4Fkla>8dZYB%^;Xkd(BZK$z3J&@({A`aspC6$qnK`BWL;*O z-nRF{XRS`3Y&b+}G&|pE1K-Ll_NpT!%4@7~l=-TtYRW0JJ!s2C-_UsRBQ=v@VQ+4> z*6jF0;R@5XLHO^&PFyaMDvyo?-lAD(@H61l-No#t@at@Le9xOgTFqkc%07KL^&iss z!S2Ghm)u#26D(e1Q7E;L`rxOy-N{kJ zTgfw}az9=9Su?NEMMtpRlYwDxUAUr8F+P=+9pkX4%iA4&&D<|=B|~s*-U+q6cq`y* zIE+;2rD7&D5X;VAv=5rC5&nP$E9Z3HKTqIFCEV%V;b)Y|dY?8ySn|FD?s3IO>VZ&&f)idp_7AGnwVd1Z znBUOBA}~wogNpEWTt^1Rm-(YLftB=SU|#o&pT7vTr`bQo;=ZqJHIj2MP{JuXQPV7% z0k$5Ha6##aGly<}u>d&d{Hkpu?ZQeL_*M%A8IaXq2SQl35yW9zs4^CZheVgHF`%r= zs(Z|N!gU5gj-B^5{*sF>;~fauKVTq-Ml2>t>E0xl9wywD&nVYZfs1F9Lq}(clpNLz z4O(gm_i}!k`wUoKr|H#j#@XOXQ<#eDGJ=eRJjhOUtiKOG;hym-1Hu)1JYj+Kl*To<8( za1Kf4_Y@Cy>eoC59HZ4o&xY@!G(2p^=wTCV>?rQE`Upo^pbhWdM$WP4HFdDy$HiZ~ zRUJFWTII{J$GLVWR?miDjowFk<1#foE3}C2AKTNFku+BhLUuT>?PATB?WVLzEYyu+ zM*x((pGdotzLJ{}R=OD*jUexKi`mb1MaN0Hr(Wk8-Uj0zA;^1w2rmxLI$qq68D>^$ zj@)~T1l@K|~@YJ6+@1vlWl zHg5g%F{@fW5K!u>4LX8W;ua(t6YCCO_oNu}IIvI6>Fo@MilYuwUR?9p)rKNzDmTAN zzN2d>=Za&?Z!rJFV*;mJ&-sBV80%<-HN1;ciLb*Jk^p?u<~T25%7jjFnorfr={+wm zzl5Q6O>tsN8q*?>uSU6#xG}FpAVEQ_++@}G$?;S7owlK~@trhc#C)TeIYj^N(R&a} zypm~c=fIs;M!YQrL}5{xl=tUU-Tfc0ZfhQuA-u5(*w5RXg!2kChQRd$Fa8xQ0CQIU zC`cZ*!!|O!*y1k1J^m8IIi|Sl3R}gm@CC&;4840^9_bb9%&IZTRk#=^H0w%`5pMDCUef5 zYt-KpWp2ijh+FM`!zZ35>+7eLN;s3*P!bp%-oSx34fdTZ14Tsf2v7ZrP+mitUx$rS zW(sOi^CFxe$g3$x45snQwPV5wpf}>5OB?}&Gh<~i(mU&ss#7;utaLZ!|KaTHniGO9 zVC9OTzuMKz)afey_{93x5S*Hfp$+r*W>O^$2ng|ik!<`U1pkxm3*)PH*d#>7md1y} zs7u^a8zW8bvl92iN;*hfOc-=P7{lJeJ|3=NfX{(XRXr;*W3j845SKG&%N zuBqCtDWj*>KooINK1 zFPCsCWr!-8G}G)X*QM~34R*k zmRmDGF*QE?jCeNfc?k{w<}@29e}W|qKJ1K|AX!htt2|B`nL=HkC4?1bEaHtGBg}V( zl(A`6z*tck_F$4;kz-TNF%7?=20iqQo&ohf@S{_!TTXnVh}FaW2jxAh(DI0f*SDG- z7tqf5X@p#l?7pUNI(BGi>n_phw=lDm>2OgHx-{`T>KP2YH9Gm5ma zb{>7>`tZ>0d5K$j|s2!{^sFWQo3+xDb~#=9-jp(1ydI3_&RXGB~rxWSMgDCGQG)oNoc#>)td zqE|X->35U?_M6{^lB4l(HSN|`TC2U*-`1jSQeiXPtvVXdN-?i1?d#;pw%RfQuKJ|e zjg75M+Q4F0p@8I3ECpBhGs^kK;^0;7O@MV=sX^EJLVJf>L;GmO z3}EbTcoom7QbI(N8ad!z(!6$!MzKaajSRb0c+ZDQ($kFT&&?GvXmu7+V3^_(VJx1z zP-1kW_AB&_A;cxm*g`$ z#Pl@Cg{siF0ST2-w)zJkzi@X)5i@)Z;7M5ewX+xcY36IaE0#flASPY2WmF8St0am{ zV|P|j9wqcMi%r-TaU>(l*=HxnrN?&qAyzimA@wtf;#^%{$G7i4nXu=Pp2#r@O~wi)zB>@25A*|axl zEclXBlXx1LP3x0yrSx@s-kVW4qlF+idF+{M7RG54CgA&soDU-3SfHW@-6_ z+*;{n_SixmGCeZjHmEE!IF}!#aswth_{zm5Qhj0z-@I}pR?cu=P)HJUBClC;U+9;$#@xia30o$% zDw%BgOl>%vRenxL#|M$s^9X}diJ9q7wI1-0n2#6>@q}rK@ng(4M68(t52H_Jc{f&M9NPxRr->vj-88hoI?pvpn}llcv_r0`;uN>wuE{ z&TOx_i4==o;)>V4vCqG)A!mW>dI^Ql8BmhOy$6^>OaUAnI3>mN!Zr#qo4A>BegYj` zNG_)2Nvy2Cqxs1SF9A5HHhL7sai#Umw%K@+riaF+q)7&MUJvA&;$`(w)+B@c6!kX@ zzuY;LGu6|Q2eu^06PzSLspV2v4E?IPf`?Su_g8CX!75l)PCvyWKi4YRoRThB!-BhG zubQ#<7oCvj@z`^y&mPhSlbMf0<;0D z?5&!I?nV-jh-j1g~&R(YL@c=KB_gNup$8abPzXZN`N|WLqxlN)ZJ+#k4UWq#WqvVD z^|j+8f5uxTJtgcUscKTqKcr?5g-Ih3nmbvWvvEk})u-O}h$=-p4WE^qq7Z|rLas0$ zh0j&lhm@Rk(6ZF0_6^>Rd?Ni-#u1y`;$9tS;~!ph8T7fLlYE{P=XtWfV0Ql z#z{_;A%p|8+LhbZT0D_1!b}}MBx9`R9uM|+*`4l3^O(>Mk%@ha>VDY=nZMMb2TnJ= zGlQ+#+pmE98zuFxwAQcVkH1M887y;Bz&EJ7chIQQe!pgWX>(2ruI(emhz@_6t@k8Z zqFEyJFX2PO`$gJ6p$=ku{7!vR#u+$qo|1r;orjtp9FP^o2`2_vV;W&OT)acRXLN^m zY8a;geAxg!nbVu|uS8>@Gvf@JoL&GP`2v4s$Y^5vE32&l;2)`S%e#AnFI-YY7_>d#IKJI!oL6e z_7W3e=-0iz{bmuB*HP+D{Nb;rn+RyimTFqNV9Bzpa0?l`pWmR0yQOu&9c0S*1EPr1 zdoHMYlr>BycjTm%WeVuFd|QF8I{NPT&`fm=dITj&3(M^q ze2J{_2zB;wDME%}SzVWSW6)>1QtiX)Iiy^p2eT}Ii$E9w$5m)kv(3wSCNWq=#DaKZ zs%P`#^b7F-J0DgQ1?~2M`5ClYtYN{AlU|v4pEg4z03=g6nqH`JjQuM{k`!6jaIL_F zC;sn?1x?~uMo_DFg#ypNeie{3udcm~M&bYJ1LI zE%y}P9oCX3I1Y9yhF(y9Ix_=8L(p)EYr&|XZWCOb$7f2qX|A4aJ9bl7pt40Xr zXUT#NMBB8I@xoIGSHAZkYdCj>eEd#>a;W-?v4k%CwBaR5N>e3IFLRbDQTH#m_H+4b zk2UHVymC`%IqwtHUmpS1!1p-uQB`CW1Y!+VD!N4TT}D8(V0IOL|&R&)Rwj@n8g@=`h&z9YTPDT+R9agnwPuM!JW~=_ya~% zIJ*>$Fl;y7_`B7G4*P!kcy=MnNmR`(WS5_sRsvHF42NJ;EaDram5HwQ4Aw*qbYn0j;#)bh1lyKLg#dYjN*BMlh+fxmCL~?zB;HBWho;20WA==ci0mAqMfyG>1!HW zO7rOga-I9bvut1Ke_1eFo9tbzsoPTXDW1Si4}w3fq^Z|5LGf&egnw%DV=b11$F=P~ z(aV+j8S}m=CkI*8=RcrT>GmuYifP%hCoKY22Z4 zmu}o08h3YhcXx-v-QC??8mDn<+}+*X{+gZH-I;G^|7=1fBveS?J$27H&wV5^V^P$! z84?{UeYSmZ3M!@>UFoIN?GJT@IroYr;X@H~ax*CQ>b5|Xi9FXt5j`AwUPBq`0sWEJ z3O|k+g^JKMl}L(wfCqyMdRj9yS8ncE7nI14Tv#&(?}Q7oZpti{Q{Hw&5rN-&i|=fWH`XTQSu~1jx(hqm$Ibv zRzFW9$xf@oZAxL~wpj<0ZJ3rdPAE=0B>G+495QJ7D>=A&v^zXC9)2$$EnxQJ<^WlV zYKCHb1ZzzB!mBEW2WE|QG@&k?VXarY?umPPQ|kziS4{EqlIxqYHP!HN!ncw6BKQzKjqk!M&IiOJ9M^wc~ZQ1xoaI z;4je%ern~?qi&J?eD!vTl__*kd*nFF0n6mGEwI7%dI9rzCe~8vU1=nE&n4d&8}pdL zaz`QAY?6K@{s2x%Sx%#(y+t6qLw==>2(gb>AksEebXv=@ht>NBpqw=mkJR(c?l7vo z&cV)hxNoYPGqUh9KAKT)kc(NqekzE6(wjjotP(ac?`DJF=Sb7^Xet-A3PRl%n&zKk zruT9cS~vV1{%p>OVm1-miuKr<@rotj*5gd$?K`oteNibI&K?D63RoBjw)SommJ5<4 zus$!C8aCP{JHiFn2>XpX&l&jI7E7DcTjzuLYvON2{rz<)#$HNu(;ie-5$G<%eLKnTK7QXfn(UR(n+vX%aeS6!q6kv z!3nzY76-pdJp339zsl_%EI|;ic_m56({wdc(0C5LvLULW=&tWc5PW-4;&n+hm1m`f zzQV0T>OPSTjw=Ox&UF^y< zarsYKY8}YZF+~k70=olu$b$zdLaozBE|QE@H{_R21QlD5BilYBTOyv$D5DQZ8b1r- zIpSKX!SbA0Pb5#cT)L5!KpxX+x+8DRy&`o-nj+nmgV6-Gm%Fe91R1ca3`nt*hRS|^ z<&we;TJcUuPDqkM7k0S~cR%t7a`YP#80{BI$e=E!pY}am)2v3-Iqk2qvuAa1YM>xj#bh+H2V z{b#St2<;Gg>$orQ)c2a4AwD5iPcgZ7o_}7xhO86(JSJ(q(EWKTJDl|iBjGEMbX8|P z4PQHi+n(wZ_5QrX0?X_J)e_yGcTM#E#R^u_n8pK@l5416`c9S=q-e!%0RjoPyTliO zkp{OC@Ep^#Ig-n!C)K0Cy%8~**Vci8F1U(viN{==KU0nAg2(+K+GD_Gu#Bx!{tmUm zCwTrT(tCr6X8j43_n96H9%>>?4akSGMvgd+krS4wRexwZ1JxrJy!Uhz#yt$-=aq?A z@?*)bRZxjG9OF~7d$J0cwE_^CLceRK=LvjfH-~{S><^D;6B2&p-02?cl?|$@>`Qt$ zP*iaOxg<+(rbk>34VQDQpNQ|a9*)wScu!}<{oXC87hRPqyrNWpo?#=;1%^D2n2+C* zKKQH;?rWn-@%Y9g%NHG&lHwK9pBfV1a`!TqeU_Fv8s6_(@=RHua7`VYO|!W&WL*x= zIWE9eQaPq3zMaXuf)D0$V`RIZ74f)0P73xpeyk4)-?8j;|K%pD$eq4j2%tL=;&+E91O(2p91K|85b)GQcbRe&u6Ilu@SnE={^{Ix1Eqgv8D z4=w65+&36|;5WhBm$!n*!)ACCwT9Sip#1_z&g~E1kB=AlEhO0lu`Ls@6gw*a)lzc# zKx!fFP%eSBBs)U>xIcQKF(r_$SWD3TD@^^2Ylm=kC*tR+I@X>&SoPZdJ2fT!ysjH% z-U%|SznY8Fhsq7Vau%{Ad^Pvbf3IqVk{M2oD+w>MWimJA@VSZC$QooAO3 zC=DplXdkyl>mSp^$zk7&2+eoGQ6VVh_^E#Z3>tX7Dmi<2aqlM&YBmK&U}m>a%8)LQ z8v+c}a0QtXmyd%Kc2QNGf8TK?_EK4wtRUQ*VDnf5jHa?VvH2K(FDZOjAqYufW8oIZ z31|o~MR~T;ZS!Lz%8M0*iVARJ>_G2BXEF8(}6Dmn_rFV~5NI`lJjp`Mi~g7~P%H zO`S&-)Fngo3VXDMo7ImlaZxY^s!>2|csKca6!|m7)l^M0SQT1_L~K29%x4KV8*xiu zwP=GlyIE9YPSTC0BV`6|#)30=hJ~^aYeq7d6TNfoYUkk-^k0!(3qp(7Mo-$|48d8Z2d zrsfsRM)y$5)0G`fNq!V?qQ+nh0xwFbcp{nhW%vZ?h);=LxvM(pWd9FG$Bg1;@Bv)mKDW>AP{ol zD(R~mLzdDrBv$OSi{E%OD`Ano=F^vwc)rNb*Bg3-o)bbAgYE=M7Gj2OHY{8#pM${_^ zwkU|tnTKawxUF7vqM9UfcQ`V49zg78V%W)$#5ssR}Rj7E&p(4_ib^?9luZPJ%iJTvW&-U$nFYky>KJwHpEHHx zVEC;!ETdkCnO|${Vj#CY>LLut_+c|(hpWk8HRgMGRY%E--%oKh@{KnbQ~0GZd}{b@ z`J2qHBcqqjfHk^q=uQL!>6HSSF3LXL*cCd%opM|k#=xTShX~qcxpHTW*BI!c3`)hQq{@!7^mdUaG7sFsFYnl1%blslM;?B8Q zuifKqUAmR=>33g~#>EMNfdye#rz@IHgpM$~Z7c5@bO@S>MyFE3_F}HVNLnG0TjtXU zJeRWH^j5w_qXb$IGs+E>daTa}XPtrUnnpTRO9NEx4g6uaFEfHP9gW;xZnJi{oqAH~ z5dHS(ch3^hbvkv@u3QPLuWa}ImaElDrmIc%5HN<^bwej}3+?g) z-ai7D&6Iq_P(}k`i^4l?hRLbCb>X9iq2UYMl=`9U9Rf=3Y!gnJbr?eJqy>Zpp)m>Ae zcQ4Qfs&AaE?UDTODcEj#$_n4KeERZHx-I+E5I~E#L_T3WI3cj$5EYR75H7hy%80a8Ej?Y6hv+fR6wHN%_0$-xL!eI}fdjOK7(GdFD%`f%-qY@-i@fTAS&ETI99jUVg8 zslPSl#d4zbOcrgvopvB2c2A6r^pEr&Sa5I5%@1~BpGq`Wo|x=&)WnnQjE+)$^U-wW zr2Kv?XJby(8fcn z8JgPn)2_#-OhZ+;72R6PspMfCVvtLxFHeb7d}fo(GRjm_+R(*?9QRBr+yPF(iPO~ zA4Tp1<0}#fa{v0CU6jz}q9;!3Pew>ikG1qh$5WPRTQZ~ExQH}b1hDuzRS1}65uydS z~Te*3@?o8fih=mZ`iI!hL5iv3?VUBLQv0X zLtu58MIE7Jbm?)NFUZuMN2_~eh_Sqq*56yIo!+d_zr@^c@UwR&*j!fati$W<=rGGN zD$X`$lI%8Qe+KzBU*y3O+;f-Csr4$?3_l+uJ=K@dxOfZ?3APc5_x2R=a^kLFoxt*_ z4)nvvP+(zwlT5WYi!4l7+HKqzmXKYyM9kL5wX$dTSFSN&)*-&8Q{Q$K-})rWMin8S zy*5G*tRYNqk7&+v;@+>~EIQgf_SB;VxRTQFcm5VtqtKZ)x=?-f+%OY(VLrXb^6*aP zP&0Nu@~l2L!aF8i2!N~fJiHyxRl?I1QNjB)`uP_DuaU?2W;{?0#RGKTr2qH5QqdhK zP__ojm4WV^PUgmrV)`~f>(769t3|13DrzdDeXxqN6XA|_GK*;zHU()a(20>X{y-x| z2P6Ahq;o=)Nge`l+!+xEwY`7Q(8V=93A9C+WS^W%p&yR)eiSX+lp)?*7&WSYSh4i> zJa6i5T9o;Cd5z%%?FhB?J{l+t_)c&_f86gZMU{HpOA=-KoU5lIL#*&CZ_66O5$3?# ztgjGLo`Y7bj&eYnK#5x1trB_6tpu4$EomotZLb*9l6P(JmqG`{z$?lNKgq?GAVhkA zvw!oFhLyX=$K=jTAMwDQ)E-8ZW5$X%P2$YB5aq!VAnhwGv$VR&;Ix#fu%xlG{|j_K zbEYL&bx%*YpXcaGZj<{Y{k@rsrFKh7(|saspt?OxQ~oj_6En(&!rTZPa7fLCEU~mA zB7tbVs=-;cnzv*#INgF_9f3OZhp8c5yk!Dy1+`uA7@eJfvd~g34~wKI1PW%h(y&nA zRwMni12AHEw36)C4Tr-pt6s82EJa^8N#bjy??F*rg4fS@?6^MbiY3;7x=gd~G|Hi& zwmG+pAn!aV>>nNfP7-Zn8BLbJm&7}&ZX+$|z5*5{{F}BRSxN=JKZTa#{ut$v0Z0Fs za@UjXo#3!wACv+p9k*^9^n+(0(YKIUFo`@ib@bjz?Mh8*+V$`c%`Q>mrc5bs4aEf4 zh0qtL1qNE|xQ9JrM}qE>X>Y@dQ?%` zBx(*|1FMzVY&~|dE^}gHJ37O9bjnk$d8vKipgcf+As(kt2cbxAR3^4d0?`}}hYO*O z{+L&>G>AYaauAxE8=#F&u#1YGv%`d*v+EyDcU2TnqvRE33l1r}p#Vmcl%n>NrYOqV z2Car_^^NsZ&K=a~bj%SZlfxzHAxX$>=Q|Zi;E0oyfhgGgqe1Sd5-E$8KV9=`!3jWZCb2crb;rvQ##iw}xm7Da za!H${ls5Ihwxkh^D)M<4Yy3bp<-0a+&KfV@CVd9X6Q?v)$R3*rfT@jsedSEhoV(vqv?R1E8oWV;_{l_+_6= zLjV^-bZU$D_ocfSpRxDGk*J>n4G6s-e>D8JK6-gA>aM^Hv8@)txvKMi7Pi#DS5Y?r zK0%+L;QJdrIPXS2 ztjWAxkSwt2xG$L)Zb7F??cjs!KCTF+D{mZ5e0^8bdu_NLgFHTnO*wx!_8#}NO^mu{FaYeCXGjnUgt_+B-Ru!2_Ue-0UPg2Y)K3phLmR<4 zqUCWYX!KDU!jYF6c?k;;vF@Qh^q(PWwp1ez#I+0>d7V(u_h|L+kX+MN1f5WqMLn!L z!c(pozt7tRQi&duH8n=t-|d)c^;%K~6Kpyz(o53IQ_J+aCapAif$Ek#i0F9U>i+94 zFb=OH5(fk-o`L(o|DyQ(hlozl*2cu#)Y(D*zgNMi1Z!DTex#w#)x(8A-T=S+eByJW z%-k&|XhdZOWjJ&(FTrZNWRm^pHEot_MRQ_?>tKQ&MB~g(&D_e>-)u|`Ot(4j=UT6? zQ&YMi2UnCKlBpwltP!}8a2NJ`LlfL=k8SQf69U)~=G;bq9<2GU&Q#cHwL|o4?ah1` z;fG)%t0wMC;DR?^!jCoKib_iiIjsxCSxRUgJDCE%0P;4JZhJCy)vR1%zRl>K?V6#) z2lDi*W3q9rA zo;yvMujs+)a&00~W<-MNj=dJ@4%tccwT<@+c$#CPR%#aE#Dra+-5eSDl^E>is2v^~ z8lgRwkpeU$|1LW4yFwA{PQ^A{5JY!N5PCZ=hog~|FyPPK0-i;fCl4a%1 z?&@&E-)b4cK)wjXGq|?Kqv0s7y~xqvSj-NpOImt{Riam*Z!wz-coZIMuQU>M%6ben z>P@#o^W;fizVd#?`eeEPs#Gz^ySqJn+~`Pq%-Ee6*X+E>!PJGU#rs6qu0z5{+?`-N zxf1#+JNk7e6AoJTdQwxs&GMTq?Djch_8^xL^A;9XggtGL>!@0|BRuIdE&j$tzvt7I zr@I@0<0io%lpF697s1|qNS|BsA>!>-9DVlgGgw2;;k;=7)3+&t!);W3ulPgR>#JiV zUerO;WxuJqr$ghj-veVGfKF?O7si#mzX@GVt+F&atsB@NmBoV4dK|!owGP005$7LN7AqCG(S+={YA- zn#I{UoP_$~Epc=j78{(!2NLN)3qSm-1&{F&1z4Dz&7Mj_+SdlR^Q5{J=r822d4A@?Rj~xATaWewHUOus{*C|KoH`G zHB8SUT06GpSt)}cFJ18!$Kp@r+V3tE_L^^J%9$&fcyd_AHB)WBghwqBEWW!oh@StV zDrC?ttu4#?Aun!PhC4_KF1s2#kvIh~zds!y9#PIrnk9BWkJpq}{Hlqi+xPOR&A1oP zB0~1tV$Zt1pQuHpJw1TAOS=3$Jl&n{n!a+&SgYVe%igUtvE>eHqKY0`e5lwAf}2x( zP>9Wz+9uirp7<7kK0m2&Y*mzArUx%$CkV661=AIAS=V=|xY{;$B7cS5q0)=oq0uXU z_roo90&gHSfM6@6kmB_FJZ)3y_tt0}7#PA&pWo@_qzdIMRa-;U*Dy>Oo#S_n61Fn! z%mrH%tRmvQvg%UqN_2(C#LSxgQ>m}FKLGG=uqJQuSkk=S@c~QLi4N+>lr}QcOuP&% zQCP^cRk&rk-@lpa0^Lcvdu`F*qE)-0$TnxJlwZf|dP~s8cjhL%>^+L~{umxl5Xr6@ z^7zVKiN1Xg;-h+kr4Yt2BzjZs-Mo54`pDbLc}fWq{34=6>U9@sBP~iWZE`+FhtU|x zTV}ajn*Hc}Y?3agQ+bV@oIRm=qAu%|zE;hBw7kCcDx{pm!_qCxfPX3sh5^B$k_2d` z6#rAeUZC;e-LuMZ-f?gHeZogOa*mE>ffs+waQ+fQl4YKoAyZii_!O0;h55EMzD{;) z8lSJvv((#UqgJ?SCQFqJ-UU?2(0V{;7zT3TW`u6GH6h4m3}SuAAj_K(raGBu>|S&Q zZGL?r9@caTbmRm7p=&Tv?Y1)60*9At38w)$(1c?4cpFY2RLyw9c<{OwQE{b@WI}FQ zTT<2HOF4222d%k70yL~x_d#6SNz`*%@4++8gYQ8?yq0T@w~bF@aOHL2)T4xj`AVps9k z?m;<2ClJh$B6~fOYTWIV*T9y1BpB1*C?dgE{%lVtIjw>4MK{wP6OKTb znbPWrkZjYCbr`GGa%Xo0h;iFPNJBI3fK5`wtJV?wq_G<_PZ<`eiKtvN$IKfyju*^t zXc}HNg>^PPZ16m6bfTpmaW5=qoSsj>3)HS}teRa~qj+Y}mGRE?cH!qMDBJ8 zJB!&-=MG8Tb;V4cZjI_#{>ca0VhG_P=j0kcXVX5)^Sdpk+LKNv#yhpwC$k@v^Am&! z_cz2^4Cc{_BC!K#zN!KEkPzviUFPJ^N_L-kHG6}(X#$>Q=9?!{$A(=B3)P?PkxG9gs#l! zo6TOHo$F|IvjTC3MW%XrDoc7;m-6wb9mL(^2(>PQXY53hE?%4FW$rTHtN`!VgH72U zRY)#?Y*pMA<)x3B-&fgWQ(TQ6S6nUeSY{9)XOo_k=j$<*mA=f+ghSALYwBw~!Egn!jtjubOh?6Cb-Zi3IYn*fYl()^3u zRiX0I{5QaNPJ9w{yh4(o#$geO7b5lSh<5ZaRg9_=aFdZjxjXv(_SCv^v-{ZKQFtAA}kw=GPC7l81GY zeP@0Da{aR#{6`lbI0ON0y#K=t|L*}MG_HSl$e{U;v=BSs{SU3(e*qa(l%rD;(zM^3 zrRgN3M#Sf(Cr9>v{FtB`8JBK?_zO+~{H_0$lLA!l{YOs9KQd4Zt<3*Ns7dVbT{1Ut z?N9{XkN(96?r(4BH~3qeiJ_CAt+h1}O_4IUF$S(5EyTyo=`{^16P z=VhDY!NxkDukQz>T`0*H=(D3G7Np*2P`s(6M*(*ZJa;?@JYj&_z`d5bap=KK37p3I zr5#`%aC)7fUo#;*X5k7g&gQjxlC9CF{0dz*m2&+mf$Sc1LnyXn9lpZ!!Bl!@hnsE5px};b-b-`qne0Kh;hziNC zXV|zH%+PE!2@-IrIq!HM2+ld;VyNUZiDc@Tjt|-1&kq}>muY;TA3#Oy zWdYGP3NOZWSWtx6?S6ES@>)_Yz%%nLG3P>Z7`SrhkZ?shTfrHkYI;2zAn8h65wV3r z^{4izW-c9!MTge3eN=~r5aTnz6*6l#sD68kJ7Nv2wMbL~Ojj0H;M`mAvk*`Q!`KI? z7nCYBqbu$@MSNd+O&_oWdX()8Eh|Z&v&dJPg*o-sOBb2hriny)< zd(o&&kZM^NDtV=hufp8L zCkKu7)k`+czHaAU567$?GPRGdkb4$37zlIuS&<&1pgArURzoWCbyTEl9OiXZBn4p<$48-Gekh7>e)v*?{9xBt z=|Rx!@Y3N@ffW5*5!bio$jhJ7&{!B&SkAaN`w+&3x|D^o@s{ZAuqNss8K;211tUWIi1B!%-ViYX+Ys6w)Q z^o1{V=hK#+tt&aC(g+^bt-J9zNRdv>ZYm9KV^L0y-yoY7QVZJ_ivBS02I|mGD2;9c zR%+KD&jdXjPiUv#t1VmFOM&=OUE2`SNm4jm&a<;ZH`cYqBZoAglCyixC?+I+}*ScG#;?SEAFob{v0ZKw{`zw*tX}<2k zoH(fNh!>b5w8SWSV}rQ*E24cO=_eQHWy8J!5;Y>Bh|p;|nWH|nK9+ol$k`A*u*Y^Uz^%|h4Owu}Cb$zhIxlVJ8XJ0xtrErT zcK;34CB;ohd|^NfmVIF=XlmB5raI}nXjFz;ObQ4Mpl_`$dUe7sj!P3_WIC~I`_Xy@ z>P5*QE{RSPpuV=3z4p3}dh>Dp0=We@fdaF{sJ|+_E*#jyaTrj-6Y!GfD@#y@DUa;& zu4Iqw5(5AamgF!2SI&WT$rvChhIB$RFFF|W6A>(L9XT{0%DM{L`knIQPC$4F`8FWb zGlem_>>JK-Fib;g*xd<-9^&_ue95grYH>5OvTiM;#uT^LVmNXM-n8chJBD2KeDV7t zbnv3CaiyN>w(HfGv86K5MEM{?f#BTR7**smpNZ}ftm+gafRSt=6fN$(&?#6m3hF!>e$X)hFyCF++Qvx(<~q3esTI zH#8Sv!WIl2<&~=B)#sz1x2=+KTHj=0v&}iAi8eD=M->H|a@Qm|CSSzH#eVIR3_Tvu zG8S**NFbz%*X?DbDuP(oNv2;Lo@#_y4k$W+r^#TtJ8NyL&&Rk;@Q}~24`BB)bgwcp z=a^r(K_NEukZ*|*7c2JKrm&h&NP)9<($f)eTN}3|Rt`$5uB0|!$Xr4Vn#i;muSljn zxG?zbRD(M6+8MzGhbOn%C`M#OcRK!&ZHihwl{F+OAnR>cyg~No44>vliu$8^T!>>*vYQJCJg=EF^lJ*3M^=nGCw`Yg@hCmP(Gq^=eCEE1!t-2>%Al{w@*c% zUK{maww*>K$tu;~I@ERb9*uU@LsIJ|&@qcb!&b zsWIvDo4#9Qbvc#IS%sV1_4>^`newSxEcE08c9?rHY2%TRJfK2}-I=Fq-C)jc`gzV( zCn?^noD(9pAf2MP$>ur0;da`>Hr>o>N@8M;X@&mkf;%2A*2CmQBXirsJLY zlX21ma}mKH_LgYUM-->;tt;6F?E5=fUWDwQhp*drQ%hH0<5t2m)rFP%=6aPIC0j$R znGI0hcV~}vk?^&G`v~YCKc7#DrdMM3TcPBmxx#XUC_JVEt@k=%3-+7<3*fTcQ>f~?TdLjv96nb66xj=wVQfpuCD(?kzs~dUV<}P+Fpd)BOTO^<*E#H zeE80(b~h<*Qgez(iFFOkl!G!6#9NZAnsxghe$L=Twi^(Q&48 zD0ohTj)kGLD){xu%pm|}f#ZaFPYpHtg!HB30>F1c=cP)RqzK2co`01O5qwAP zUJm0jS0#mci>|Nu4#MF@u-%-4t>oUTnn_#3K09Hrwnw13HO@9L;wFJ*Z@=gCgpA@p zMswqk;)PTXWuMC-^MQxyNu8_G-i3W9!MLd2>;cM+;Hf&w| zLv{p*hArp9+h2wsMqT5WVqkkc0>1uokMox{AgAvDG^YJebD-czexMB!lJKWllLoBI zetW2;;FKI1xNtA(ZWys!_un~+834+6y|uV&Lo%dKwhcoDzRADYM*peh{o`-tHvwWIBIXW`PKwS3|M>CW37Z2dr!uJWNFS5UwY4;I zNIy1^sr+@8Fob%DHRNa&G{lm?KWU7sV2x9(Ft5?QKsLXi!v6@n&Iyaz5&U*|hCz+d z9vu60IG<v6+^ZmBs_aN!}p|{f(ikVl&LcB+UY;PPz* zj84Tm>g5~-X=GF_4JrVmtEtm=3mMEL1#z+pc~t^Iify^ft~cE=R0TymXu*iQL+XLX zdSK$~5pglr3f@Lrcp`>==b5Z6r7c=p=@A5nXNacsPfr(5m;~ks@*Wu7A z%WyY$Pt*RAKHz_7cghHuQqdU>hq$vD?plol_1EU(Fkgyo&Q2&2e?FT3;H%!|bhU~D z>VX4-6}JLQz8g3%Bq}n^NhfJur~v5H0dbB^$~+7lY{f3ES}E?|JnoLsAG%l^%eu_PM zEl0W(sbMRB3rFeYG&tR~(i2J0)RjngE`N_Jvxx!UAA1mc7J>9)`c=`}4bVbm8&{A` z3sMPU-!r-8de=P(C@7-{GgB<5I%)x{WfzJwEvG#hn3ict8@mexdoTz*(XX!C&~}L* z^%3eYQ8{Smsmq(GIM4d5ilDUk{t@2@*-aevxhy7yk(wH?8yFz%gOAXRbCYzm)=AsM z?~+vo2;{-jkA%Pqwq&co;|m{=y}y2lN$QPK>G_+jP`&?U&Ubq~T`BzAj1TlC`%8+$ zzdwNf<3suPnbh&`AI7RAYuQ<#!sD|A=ky2?hca{uHsB|0VqShI1G3lG5g}9~WSvy4 zX3p~Us^f5AfXlBZ0hA;mR6aj~Q8yb^QDaS*LFQwg!!<|W!%WX9Yu}HThc7>oC9##H zEW`}UQ%JQ38UdsxEUBrA@=6R-v1P6IoIw8$8fw6F{OSC7`cOr*u?p_0*Jvj|S)1cd z-9T);F8F-Y_*+h-Yt9cQQq{E|y^b@r&6=Cd9j0EZL}Pj*RdyxgJentY49AyC@PM<< zl&*aq_ubX%*pqUkQ^Zsi@DqhIeR&Ad)slJ2g zmeo&+(g!tg$z1ao1a#Qq1J022mH4}y?AvWboI4H028;trScqDQrB36t!gs|uZS9}KG0}DD$ zf2xF}M*@VJSzEJ5>ucf+L_AtN-Ht=34g&C?oPP>W^bwoigIncKUyf61!ce!2zpcNT zj&;rPGI~q2!Sy>Q7_lRX*DoIs-1Cei=Cd=+Xv4=%bn#Yqo@C=V`|QwlF0Y- zONtrwpHQ##4}VCL-1ol(e<~KU9-ja^kryz!g!})y-2S5z2^gE$Isj8l{%tF=Rzy`r z^RcP7vu`jHgHLKUE957n3j+BeE(bf;f)Zw($XaU6rZ26Upl#Yv28=8Y`hew{MbH>* z-sGI6dnb5D&dUCUBS`NLAIBP!Vi!2+~=AU+)^X^IpOEAn#+ab=`7c z%7B|mZ>wU+L;^&abXKan&N)O;=XI#dTV|9OMYxYqLbtT#GY8PP$45Rm2~of+J>>HIKIVn(uQf-rp09_MwOVIp@6!8bKV(C#(KxcW z;Pesq(wSafCc>iJNV8sg&`!g&G55<06{_1pIoL`2<7hPvAzR1+>H6Rx0Ra%4j7H-<-fnivydlm{TBr06;J-Bq8GdE^Amo)ptV>kS!Kyp*`wUx=K@{3cGZnz53`+C zLco1jxLkLNgbEdU)pRKB#Pq(#(Jt>)Yh8M?j^w&RPUueC)X(6`@@2R~PV@G(8xPwO z^B8^+`qZnQr$8AJ7<06J**+T8xIs)XCV6E_3W+al18!ycMqCfV>=rW0KBRjC* zuJkvrv;t&xBpl?OB3+Li(vQsS(-TPZ)Pw2>s8(3eF3=n*i0uqv@RM^T#Ql7(Em{(~%f2Fw|Reg@eSCey~P zBQlW)_DioA*yxxDcER@_=C1MC{UswPMLr5BQ~T6AcRyt0W44ffJG#T~Fk}wU^aYoF zYTayu-s?)<`2H(w+1(6X&I4?m3&8sok^jpXBB<|ZENso#?v@R1^DdVvKoD?}3%@{}}_E7;wt9USgrfR3(wabPRhJ{#1es81yP!o4)n~CGsh2_Yj2F^z|t zk((i&%nDLA%4KFdG96pQR26W>R2^?C1X4+a*hIzL$L=n4M7r$NOTQEo+k|2~SUI{XL{ynLSCPe%gWMMPFLO{&VN2pom zBUCQ(30qj=YtD_6H0-ZrJ46~YY*A;?tmaGvHvS^H&FXUG4)%-a1K~ly6LYaIn+4lG zt=wuGLw!%h=Pyz?TP=?6O-K-sT4W%_|Nl~;k~YA^_`gqfe{Xw=PWn#9f1mNz)sFuL zJbrevo(DPgpirvGMb6ByuEPd=Rgn}fYXqeUKyM+!n(cKeo|IY%p!#va6`D8?A*{u3 zEeWw0*oylJ1X!L#OCKktX2|>-z3#>`9xr~azOH+2dXHRwdfnpri9|xmK^Q~AuY!Fg z`9Xx?hxkJge~)NVkPQ(VaW(Ce2pXEtgY*cL8i4E)mM(iz_vdm|f@%cSb*Lw{WbShh41VGuplex9E^VvW}irx|;_{VK=N_WF39^ zH4<*peWzgc)0UQi4fBk2{FEzldDh5+KlRd!$_*@eYRMMRb1gU~9lSO_>Vh-~q|NTD zL}X*~hgMj$*Gp5AEs~>Bbjjq7G>}>ki1VxA>@kIhLe+(EQS0mjNEP&eXs5)I;7m1a zmK0Ly*!d~Dk4uxRIO%iZ!1-ztZxOG#W!Q_$M7_DKND0OwI+uC;PQCbQ#k#Y=^zQve zTZVepdX>5{JSJb;DX3%3g42Wz2D@%rhIhLBaFmx#ZV8mhya}jo1u{t^tzoiQy=jJp zjY2b7D2f$ZzJx)8fknqdD6fd5-iF8e(V}(@xe)N=fvS%{X$BRvW!N3TS8jn=P%;5j zShSbzsLs3uqycFi3=iSvqH~}bQn1WQGOL4?trj(kl?+q2R23I42!ipQ&`I*&?G#i9 zWvNh8xoGKDt>%@i0+}j?Ykw&_2C4!aYEW0^7)h2Hi7$;qgF3;Go?bs=v)kHmvd|`R z%(n94LdfxxZ)zh$ET8dH1F&J#O5&IcPH3=8o;%>OIT6w$P1Yz4S!}kJHNhMQ1(prc zM-jSA-7Iq=PiqxKSWb+YbLB-)lSkD6=!`4VL~`ExISOh2ud=TI&SKfR4J08Bad&rj zcXxMpcNgOB?w$~L7l^wPcXxw$0=$oV?)`I44)}b#ChS`_lBQhvb6ks?HDr3tFgkg&td19?b8=!sETXtp=&+3T$cCwZe z0nAET-7561gsbBws$TVjP7QxY(NuBYXVn9~9%vyN-B#&tJhWgtL1B<%BTS*-2$xB` zO)cMDHoWsm%JACZF--Pa7oP;f!n%p`*trlpvZ!HKoB={l+-(8O;;eYv2A=ra z3U7rSMCkP_6wAy`l|Se(&5|AefXvV1E#XA(LT!% zjj4|~xlZ-kPLNeQLFyXb%$K}YEfCBvHA-Znw#dZSI6V%3YD{Wj2@utT5Hieyofp6Qi+lz!u)htnI1GWzvQsA)baEuw9|+&(E@p8M+#&fsX@Kf`_YQ>VM+40YLv`3-(!Z7HKYg@+l00WGr779i-%t`kid%e zDtbh8UfBVT3|=8FrNian@aR3*DTUy&u&05x%(Lm3yNoBZXMHWS7OjdqHp>cD>g!wK z#~R{1`%v$IP;rBoP0B0P><;dxN9Xr+fp*s_EK3{EZ94{AV0#Mtv?;$1YaAdEiq5)g zYME;XN9cZs$;*2p63Q9^x&>PaA1p^5m7|W?hrXp2^m;B@xg0bD?J;wIbm6O~Nq^^K z2AYQs@7k)L#tgUkTOUHsh&*6b*EjYmwngU}qesKYPWxU-z_D> zDWr|K)XLf_3#k_9Rd;(@=P^S^?Wqlwert#9(A$*Y$s-Hy)BA0U0+Y58zs~h=YtDKxY0~BO^0&9{?6Nny;3=l59(6ec9j(79M?P1cE zex!T%$Ta-KhjFZLHjmPl_D=NhJULC}i$}9Qt?nm6K6-i8&X_P+i(c*LI3mtl3 z*B+F+7pnAZ5}UU_eImDj(et;Khf-z^4uHwrA7dwAm-e4 zwP1$Ov3NP5ts+e(SvM)u!3aZMuFQq@KE-W;K6 zag=H~vzsua&4Sb$4ja>&cSJ)jjVebuj+?ivYqrwp3!5>ul`B*4hJGrF;!`FaE+wKo z#};5)euvxC1zX0-G;AV@R(ZMl=q_~u8mQ5OYl;@BAkt)~#PynFX#c1K zUQ1^_N8g+IZwUl*n0Bb-vvliVtM=zuMGU-4a8|_8f|2GEd(2zSV?aSHUN9X^GDA8M zgTZW06m*iAy@7l>F3!7+_Y3mj^vjBsAux3$%U#d$BT^fTf-7{Y z_W0l=7$ro5IDt7jp;^cWh^Zl3Ga1qFNrprdu#g=n9=KH!CjLF#ucU5gy6*uASO~|b z7gcqm90K@rqe({P>;ww_q%4}@bq`ST8!0{V08YXY)5&V!>Td)?j7#K}HVaN4FU4DZ z%|7OppQq-h`HJ;rw-BAfH* z1H$ufM~W{%+b@9NK?RAp-$(P0N=b<(;wFbBN0{u5vc+>aoZ|3&^a866X@el7E8!E7 z=9V(Ma**m_{DKZit2k;ZOINI~E$|wO99by=HO{GNc1t?nl8soP@gxk8)WfxhIoxTP zoO`RA0VCaq)&iRDN9yh_@|zqF+f07Esbhe!e-j$^PS57%mq2p=+C%0KiwV#t^%_hH zoO?{^_yk5x~S)haR6akK6d|#2TN& zfWcN zc7QAWl)E9`!KlY>7^DNw$=yYmmRto>w0L(~fe?|n6k2TBsyG@sI)goigj=mn)E)I* z4_AGyEL7?(_+2z=1N@D}9$7FYdTu;%MFGP_mEJXc2OuXEcY1-$fpt8m_r2B|<~Xfs zX@3RQi`E-1}^9N{$(|YS@#{ZWuCxo)91{k>ESD54g_LYhm~vlOK_CAJHeYFfuIVB^%cqCfvpy#sU8Do8u}# z>>%PLKOZ^+$H54o@brtL-hHorSKcsjk_ZibBKBgyHt~L z=T6?e0oLX|h!Z3lbkPMO27MM?xn|uZAJwvmX?Yvp#lE3sQFY)xqet>`S2Y@1t)Z*& z;*I3;Ha8DFhk=YBt~{zp=%%*fEC}_8?9=(-k7HfFeN^GrhNw4e?vx*#oMztnO*&zY zmRT9dGI@O)t^=Wj&Og1R3b%(m*kb&yc;i`^-tqY9(0t!eyOkH<$@~1lXmm!SJllE_ zr~{a&w|8*LI>Z^h!m%YLgKv06Js7j7RaoX}ZJGYirR<#4Mghd{#;38j3|V+&=ZUq#1$ zgZb-7kV)WJUko?{R`hpSrC;w2{qa`(Z4gM5*ZL`|#8szO=PV^vpSI-^K_*OQji^J2 zZ_1142N}zG$1E0fI%uqHOhV+7%Tp{9$bAR=kRRs4{0a`r%o%$;vu!_Xgv;go)3!B#;hC5qD-bcUrKR&Sc%Zb1Y($r78T z=eG`X#IpBzmXm(o6NVmZdCQf6wzqawqI63v@e%3TKuF!cQ#NQbZ^?6K-3`_b=?ztW zA>^?F#dvVH=H-r3;;5%6hTN_KVZ=ps4^YtRk>P1i>uLZ)Ii2G7V5vy;OJ0}0!g>j^ z&TY&E2!|BDIf1}U(+4G5L~X6sQ_e7In0qJmWYpn!5j|2V{1zhjZt9cdKm!we6|Pp$ z07E+C8=tOwF<<}11VgVMzV8tCg+cD_z?u+$sBjwPXl^(Ge7y8-=c=fgNg@FxI1i5Y-HYQMEH z_($je;nw`Otdhd1G{Vn*w*u@j8&T=xnL;X?H6;{=WaFY+NJfB2(xN`G)LW?4u39;x z6?eSh3Wc@LR&yA2tJj;0{+h6rxF zKyHo}N}@004HA(adG~0solJ(7>?LoXKoH0~bm+xItnZ;3)VJt!?ue|~2C=ylHbPP7 zv2{DH()FXXS_ho-sbto)gk|2V#;BThoE}b1EkNYGT8U#0ItdHG>vOZx8JYN*5jUh5Fdr9#12^ zsEyffqFEQD(u&76zA^9Jklbiz#S|o1EET$ujLJAVDYF znX&4%;vPm-rT<8fDutDIPC@L=zskw49`G%}q#l$1G3atT(w70lgCyfYkg7-=+r7$%E`G?1NjiH)MvnKMWo-ivPSQHbk&_l5tedNp|3NbU^wk0SSXF9ohtM zUqXiOg*8ERKx{wO%BimK)=g^?w=pxB1Vu_x<9jKOcU7N;(!o3~UxyO+*ZCw|jy2}V*Z22~KhmvxoTszc+#EMWXTM6QF*ks% zW47#2B~?wS)6>_ciKe1Fu!@Tc6oN7e+6nriSU;qT7}f@DJiDF@P2jXUv|o|Wh1QPf zLG31d>@CpThA+Ex#y)ny8wkC4x-ELYCXGm1rFI=1C4`I5qboYgDf322B_Nk@#eMZ% znluCKW2GZ{r9HR@VY`>sNgy~s+D_GkqFyz6jgXKD)U|*eKBkJRRIz{gm3tUd*yXmR z(O4&#ZA*us6!^O*TzpKAZ#}B5@}?f=vdnqnRmG}xyt=)2o%<9jj>-4wLP1X-bI{(n zD9#|rN#J;G%LJ&$+Gl2eTRPx6BQC6Uc~YK?nMmktvy^E8#Y*6ZJVZ>Y(cgsVnd!tV z!%twMNznd)?}YCWyy1-#P|2Fu%~}hcTGoy>_uawRTVl=(xo5!%F#A38L109wyh@wm zdy+S8E_&$Gjm=7va-b7@Hv=*sNo0{i8B7=n4ex-mfg`$!n#)v@xxyQCr3m&O1Jxg! z+FXX^jtlw=utuQ+>Yj$`9!E<5-c!|FX(~q`mvt6i*K!L(MHaqZBTtuSA9V~V9Q$G? zC8wAV|#XY=;TQD#H;;dcHVb9I7Vu2nI0hHo)!_{qIa@|2}9d ztpC*Q{4Py~2;~6URN^4FBCBip`QDf|O_Y%iZyA0R`^MQf$ce0JuaV(_=YA`knEMXw zP6TbjYSGXi#B4eX=QiWqb3bEw-N*a;Yg?dsVPpeYFS*&AsqtW1j2D$h$*ZOdEb$8n0 zGET4Igs^cMTXWG{2#A7w_usx=KMmNfi4oAk8!MA8Y=Rh9^*r>jEV(-{I0=rc);`Y) zm+6KHz-;MIy|@2todN&F+Yv1e&b&ZvycbTHpDoZ>FIiUn+M-=%A2C(I*^Yx@VKf(Z zxJOny&WoWcyKodkeN^5))aV|-UBFw{?AGo?;NNFFcKzk+6|gYfA#FR=y@?;3IoQ zUMI=7lwo9gV9fRvYi}Nd)&gQw7(K3=a0#p27u6Q)7JlP#A)piUUF8B3Li&38Xk$@| z9OR+tU~qgd3T3322E))eV)hAAHYIj$TmhH#R+C-&E-}5Qd{3B}gD{MXnsrS;{Erv1 z6IyQ=S2qD>Weqqj#Pd65rDSdK54%boN+a?=CkR|agnIP6;INm0A*4gF;G4PlA^3%b zN{H%#wYu|!3fl*UL1~f+Iu|;cqDax?DBkZWSUQodSDL4Es@u6zA>sIm>^Aq-&X#X8 zI=#-ucD|iAodfOIY4AaBL$cFO@s(xJ#&_@ZbtU+jjSAW^g;_w`FK%aH_hAY=!MTjI zwh_OEJ_25zTQv$#9&u0A11x_cGd92E74AbOrD`~f6Ir9ENNQAV2_J2Ig~mHWhaO5a zc>fYG$zke^S+fBupw+klDkiljJAha z6DnTemhkf>hv`8J*W_#wBj-2w(cVtXbkWWtE(3j@!A-IfF?`r$MhVknTs3D1N`rYN zKth9jZtX#>v#%U@^DVN!;ni#n1)U&H_uB{6pcq7$TqXJX!Q0P7U*JUZyclb~)l*DS zOLpoQfW_3;a0S$#V0SOwVeeqE$Hd^L`$;l_~2giLYd?7!gUYIpOs!jqSL~pI)4`YuB_692~A z^T#YYQ_W3Rakk}$SL&{`H8mc{>j+3eKprw6BK`$vSSIn;s31M~YlJLApJ)+Gi1{^- zw96WnT9M0Vr_D=e=a}${raR{(35Q!g+8`}vOFj1e&Or(_wp2U2aVQP0_jP57 z2(R4E(E$n!xl<}Zx38wO;27wuQ`P#_j!}L2 z2qr;As4D4n2X$-Jd_-!fsbu_D(64i;c4cJnP576x_>Q4WNushFwkBV!kVd(AYFXe{ zaqO5`Qfr!#ETmE(B;u_&FITotv~W}QYFCI!&ENKIb1p4fg*Yv1)EDMb==EjHHWM#{ zGMpqb2-LXdHB@D~pE3|+B392Gh4q)y9jBd$a^&cJM60VEUnLtHQD5i-X6PVF>9m_k zDvG3P(?CzdaIrC8s4cu~N9MEb!Tt(g*GK~gIp1Gyeaw3b7#YPx_1T6i zRi#pAMr~PJKe9P~I+ARa$a!K~)t(4LaVbjva1yd;b1Yz2$7MMc`aLmMl(a^DgN(u? zq2o9&Gif@Tq~Yq+qDfx^F*nCnpuPv%hRFc$I!p74*quLt^M}D_rwl10uMTr!)(*=7 zSC5ea@#;l(h87k4T4x)(o^#l76P-GYJA(pOa&F9YT=fS<*O{4agzba^dIrh0hjls<~APlIz9{ zgRY{OMv2s|`;VCoYVj?InYoq^QWuA&*VDyOn@pPvK8l~g#1~~MGVVvtLDt}>id_Z` zn(ihfL?Y}Y4YX335m*Xx(y+bbukchHrM zycIGp#1*K3$!(tgTsMD2VyUSg^yvCwB8*V~sACE(yq2!MS6f+gsxv^GR|Q7R_euYx z&X+@@H?_oQddGxJYS&ZG-9O(X+l{wcw;W7srpYjZZvanY(>Q1utSiyuuonkjh5J0q zGz6`&meSuxixIPt{UoHVupUbFKIA+3V5(?ijn}(C(v>=v?L*lJF8|yRjl-m#^|krg zLVbFV6+VkoEGNz6he;EkP!Z6|a@n8?yCzX9>FEzLnp21JpU0x!Qee}lwVKA})LZJq zlI|C??|;gZ8#fC3`gzDU%7R87KZyd)H__0c^T^$zo@TBKTP*i{)Gp3E0TZ}s3mKSY zix@atp^j#QnSc5K&LsU38#{lUdwj%xF zcx&l^?95uq9on1m*0gp$ruu||5MQo)XaN>|ngV5Jb#^wWH^5AdYcn_1>H~XtNwJd3 zd9&?orMSSuj=lhO?6)Ay7;gdU#E}pTBa5wFu`nejq##Xd71BHzH2XqLA5 zeLEo;9$}~u0pEu@(?hXB_l;{jQ=7m?~mwj-ME~Tw-OHPrR7K2Xq9eCNwQO$hR z3_A?=`FJctNXA#yQEorVoh{RWxJbdQga zU%K##XEPgy?E|K(=o#IPgnbk7E&5%J=VHube|2%!Qp}@LznjE%VQhJ?L(XJOmFVY~ zo-az+^5!Ck7Lo<7b~XC6JFk>17*_dY;=z!<0eSdFD2L?CSp_XB+?;N+(5;@=_Ss3& zXse>@sA7hpq;IAeIp3hTe9^$DVYf&?)={zc9*hZAV)|UgKoD!1w{UVo8D)Htwi8*P z%#NAn+8sd@b{h=O)dy9EGKbpyDtl@NBZw0}+Wd=@65JyQ2QgU}q2ii;ot1OsAj zUI&+Pz+NvuRv#8ugesT<<@l4L$zso0AQMh{we$tkeG*mpLmOTiy8|dNYhsqhp+q*yfZA`Z)UC*(oxTNPfOFk3RXkbzAEPofVUy zZ3A%mO?WyTRh@WdXz+zD!ogo}gbUMV!YtTNhr zrt@3PcP%5F;_SQ>Ui`Gq-lUe&taU4*h2)6RDh@8G1$o!){k~3)DT87%tQeHYdO?B` zAmoJvG6wWS?=0(Cj?Aqj59`p(SIEvYyPGJ^reI z`Hr?3#U2zI7k0=UmqMD35l`>3xMcWlDv$oo6;b`dZq3d!~)W z=4Qk)lE8&>#HV>?kRLOHZYz83{u7?^KoXmM^pazj8`7OwQ=5I!==; zA!uN`Q#n=Drmzg}@^nG!mJp9ml3ukWk96^6*us*;&>s+7hWfLXtl?a}(|-#=P12>A zon1}yqh^?9!;on?tRd6Fk0knQSLl4vBGb87A_kJNDGyrnpmn48lz_%P{* z_G*3D#IR<2SS54L5^h*%=)4D9NPpji7DZ5&lHD|99W86QN_(|aJ<5C~PX%YB`Qt_W z>jF_Os@kI6R!ub4n-!orS(G6~mKL7()1g=Lf~{D!LR7#wRHfLxTjYr{*c{neyhz#U zbm@WBKozE+kTd+h-mgF+ELWqTKin57P;0b){ zii5=(B%S(N!Z=rAFGnM6iePtvpxB_Q9-oq_xH!URn2_d-H~i;lro8r{-g!k-Ydb6_w5K@FOV?zPF_hi z%rlxBv$lQi%bjsu^7KT~@u#*c$2-;AkuP)hVEN?W5MO8C9snj*EC&|M!aK6o12q3+ z8e?+dH17E!A$tRlbJW~GtMDkMPT=m1g-v67q{sznnWOI$`g(8E!Pf!#KpO?FETxLK z2b^8^@mE#AR1z(DT~R3!nnvq}LG2zDGoE1URR=A2SA z%lN$#V@#E&ip_KZL}Q6mvm(dsS?oHoRf8TWL~1)4^5<3JvvVbEsQqSa3(lF*_mA$g zv`LWarC79G)zR0J+#=6kB`SgjQZ2460W zN%lZt%M@=EN>Wz4I;eH>C0VnDyFe)DBS_2{h6=0ZJ*w%s)QFxLq+%L%e~UQ0mM9ud zm&|r){_<*Om%vlT(K9>dE(3AHjSYro5Y1I?ZjMqWyHzuCE0nyCn`6eq%MEt(aY=M2rIzHeMds)4^Aub^iTIT|%*izG4YH;sT`D9MR(eND-SB+e66LZT z2VX)RJsn${O{D48aUBl|(>ocol$1@glsxisc#GE*=DXHXA?|hJT#{;X{i$XibrA}X zFHJa+ssa2$F_UC(o2k2Z0vwx%Wb(<6_bdDO#=a$0gK2NoscCr;vyx?#cF)JjM%;a| z$^GIlIzvz%Hx3WVU481}_e4~aWcyC|j&BZ@uWW1`bH1y9EWXOxd~f-VE5DpueNofN zv7vZeV<*!A^|36hUE;`#x%MHhL(~?eZ5fhA9Ql3KHTWoAeO-^7&|2)$IcD1r5X#-u zN~N0$6pHPhop@t1_d`dO3#TC0>y5jm>8;$F5_A2& zt#=^IDfYv?JjPPTPNx2TL-Lrl82VClQSLWW_$3=XPbH}xM34)cyW5@lnxy=&h%eRq zv29&h^fMoxjsDnmua(>~OnX{Cq!7vM0M4Mr@_18|YuSKPBKUTV$s^So zc}JlAW&bVz|JY#Eyup6Ny{|P_s0Pq;5*tinH+>5Xa--{ z2;?2PBs((S4{g=G`S?B3Ien`o#5DmUVwzpGuABthYG~OKIY`2ms;33SN9u^I8i_H5`BQ%yOfW+N3r|ufHS_;U;TWT5z;b14n1gX%Pn`uuO z6#>Vl)L0*8yl|#mICWQUtgzeFp9$puHl~m&O+vj3Ox#SxQUa?fY*uK?A;00RiFg(G zK?g=7b5~U4QIK`C*um%=Sw=OJ1eeaV@WZ%hh-3<=lR#(Xesk%?)l4p(EpTwPvN99V@TT)!A8SeFTV+frN=r|5l?K#odjijx2nFgc3kI zC$hVs1S-!z9>xn9MZcRk0YXdYlf~8*LfH$IHKD59H&gLz%6 z#mAYSRJufbRi~LRadwM*G!O2>&U<^d`@<)otXZJJxT@G}4kTx0zPDVhVXwiU)$}5Y z`0iV`8EEh&GlUk&VY9m0Mqr*U&|^Bc?FB`<%{x-o0ATntwIA%(YDcxWs$C)%a%d_@ z?fx!Co+@3p7ha$|pWYD}p6#(PG%_h8K7sQjT_P~|3ZEH0DRxa3~bP&&lPMj3C~!H2QD zq>(f^RUFSqf6K3BMBFy$jiuoSE+DhEq$xLDb7{57 z0B|1pSjYJ5F@cHG%qDZ{ogL$P!BK&sR%zD`gbK#9gRZX17EtAJxN% zys^gb2=X9=7HP}N(iRqt(tot2yyeE%s;L}AcMh;~-W~s_eAe!gIUYdQz5j~T)0trh z>#1U$uOyyl%!Pi(gD&)uHe9Q^27_kHyFCC}n^-KL(=OxHqUfex1YS__RJh0m-S>eM zqAk`aSev*z1lI&-?CycgDm=bdQCp}RqS0_d-4Mf&>u2KyGFxKe8JM1N{GNWw0n$FL z1UDp(h0(1I2Jh9I`?IS}h4R~n zRwRz>8?$fFMB2{UPe^$Ifl;Oc>}@Q9`|8DCeR{?LUQLPfaMsxs8ps=D_aAXORZH~< zdcIOca-F;+D3~M+)Vi4h)I4O3<)$65yI)goQ_vk#fb;Uim>UI4Dv9#2b1;N_Wg>-F zNwKeMKY+su#~NL0uE%_$mw1%ddX2Qs2P!ncM+>wnz}OCQX1!q~oS?OqYU;&ESAAwP z452QWL0&u^mraF#=j_ZeBWhm&F|d!QjwRl^7=Bl7@(43=BkN=3{BRv#QHIk>Umc_w zvP>q|q{lJ=zs|W9%a@8%W>C@MYN1D5{(=Af31+pR#kB`cd0-YlQQTg}+ zL|_h=F9JQ|Gux5c0ehaffHNYLf8VwF+qnM6IjBEI_eceee;o;FY@#~FFVsZjBSp!j z8V*Bgmn{RK!!zqGc;jy)z@Zjo>5{%m1?K}fLEL$l6Dl4f=ye0wNI#)2L=^K(&18Gb zJoj8@WBB;P^T#V)I0`aDSy?$rJU{+-5472NyFp>;Vw43j@3Z=;D2eSfyw5*0Q+&ML zsV&&*3c3$pa`qcaGbEB0*CA~Wp3%PkF?B87FV&rWNb|@GU$LB;l|;YutU*k za1hjUL_BX%G^s;BuzRi4Hl?eqC2z&ZrKh1tZDwnufG$g$LX(j!h%F5(n8D@in3lnX z(*8+3ZT6TVYRcSpM1eMeCps=Fz8q%gyM&B=a7(Vf`4k3dN$IM+`BO^_7HZq4BR|7w z+5kOJ;9_$X%-~arA@qmXSzD|+NMh--%5-9u6t(M=f%&z$<_V#Y_lzn{E$MZZG)+A> zu2E`_Y(MBJ2l*AqvCUmU;yBT}#oQ{V=((mC-QGJwsCOH*a;{1JRTKv7DBNG+M!XL7(^jbv&Qy-o9HNFrmN)-`D3WFtXs>1vBOJpI(=x; zKhJlFdfMf^G#oU(w1+ucMKYPZaDp>$kt=wiYsBCjUY-uz<4JziB>6fXDSLH*2Y z&Px5y`#3!fF=c4>fCMdg-tX582pemU@ZxyFbznL8-=TTo1Sybg9>7h*J^9^~XxXJO z`k9v~=4amxl<;FCV9h2k%?^-ZUzQy^#{JleyH23o1S{r<+t#z6jKS<9rbAM96^1iY zi6{IjauB)UwBhC-_L(MzGCxhhv`?ryc zja_Uwi7$8l!}*vjJppGyp#Wz=*?;jC*xQ&J894rql5A$2giJRtV&DWQh#(+Vs3-5_ z69_tj(>8%z1VtVp>a74r5}j2rG%&;uaTQ|fr&r%ew-HO}76i8`&ki%#)~}q4Y|d$_ zfNp9uc#$#OEca>>MaY6rF`dB|5#S)bghf>>TmmE&S~IFw;PF0UztO6+R-0!TSC?QP z{b(RA_;q3QAPW^XN?qQqu{h<}Vfiv}Rr!lA$C79^1=U>+ng9Dh>v{`?AOZt>CrQ=o zI}=mSnR))8fJpO->rcX?H);oqSQUZ?sR!fH2SoFdcPm5*2y<_u;4h;BqcF*XbwWSv zcJN%!g|L(22Xp!^1?c;T&qm%rpkP&2EQC3JF+SENm$+@7#e!UKD1uQ{TDw43?!b!3 zUooS_rt=xJfa&h?c^hfV>YwQXre3qosz_^c#)FO~d!<)2o}Oxz5HWtr<)1Yw012v4 zhv0w(RfJspDnA^-6Jmr;GkWt%{mAYOm6yPb&Vl&rv@D^K&;#?=X{kaK5FhScNJ_3> z#5u(Saisq2(~pVlrfG#@kLM#Ot~5rZZc%B&h1=gen?R+#t^1bYKf zVvtefX=D$*)39e^2@!~A_}9c${Gf0?1;dk=!Itp#s%0>Io%k`9(bDeI-udd&E6Zfu zcaiv(h`DM3W3Mfda)fYwhB=8RAPkotVt5-z21Ij~Ot9A^SK-1u*zFVK&mF?q1;|wy zrF+XWs^5Q-%Z6I62gTwrRe#F>riVM#fv_TihxSJ6to1X7NVszgivoTa!fPfBBYj94 zuc2m zL_k-<1FoORng190; z+@DGs;NHgGW8%wjH$EpvQ-Hd! znZdIh#!H5nOStiOKNV8}QvY~=VMqtG&p$ByF&%pe_gR`|H5ULg47lk20(Xe=k8ptc zn%EmTI7k9gNE=!IN4WnbymtsKoHn2-cL65z^9cQOSp>XFzo;!h*x1s^0U!<{Y-VZ1 zXJ7zekkYf(`@dZ3F9|?O+*dUL4K4?0@V^>I2;k-a1%ZgY9w2|C5r0R5?80e-|&4yEwkklXmZ)!QSYG) zXBKOz|IPC2W_X!t^cgb^@D=|>r@x$f{3Y+`%NoDT^Y@JIuJ%jxe;es9vi`kJmbnPYT%X}rzs0K#=H)Q`)_L7%?KLLJP+0XJbL&JgdJE{i*){MOFSK z{7XUfXZR-Te}aE8RelNkQV0AQ7RC0TVE^o8c!~K^RQ4GY+xed`|A+zjZ(qij@~zLP zkS@Q0`rpM|UsnI6B;_+vw)^iA{n0%C7N~ql@KXNonIOUIHwgYg4Dcn>OOdc=rUl>M zVEQe|u$P=Kb)TL&-2#4t^Pg0pUQ)dj%6O)#3;zwOe~`_1$@Ef`;F+l=>NlAFFbBS0 zN))`LdKnA;OjQ{B+f;z>i|wCv-CmNs46S`8X-oKRl0V+pKZ%XJWO*6G`OMOs^xG_d zj_7-p06{fybw_P;UzX^eX5Pkcrm04%9rPFa56 zyZE \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS="" + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=$(save "$@") + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then + cd "$(dirname "$0")" +fi + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..f955316 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,84 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS= + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..593942a --- /dev/null +++ b/settings.gradle @@ -0,0 +1 @@ +rootProject.name = 'rundeck-rancher-node-plugin' diff --git a/split-log.pl b/split-log.pl new file mode 100755 index 0000000..b84d0bb --- /dev/null +++ b/split-log.pl @@ -0,0 +1,51 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +my %handles; +my $stack; +my $buffer; +my $channel; +my $newStack; +my $newChannel; + +$_ = <>; +if (m/^[0-9:]+ \[[^@]+@[a-z]+_([a-z0-9-]+?)-[0-9] [^]]+\]\[([A-Z]+)\] /) { + $stack = $1; + $channel = $2; + open( $handles{$stack}, '>', $stack ); + s/^[0-9:]+ \[[^@]+@[a-z]+_([a-z0-9-]+?)-[0-9] [^]]+\]\[([A-Z]+)\] //; + $buffer = $_; +} + +while (<>) { + if (m/^[0-9:]+ \[[^@]+@[a-z]+_([a-z0-9-]+?)-[0-9] [^]]+\]\[([A-Z]+)\] /) { + $newStack = $1; + $newChannel = $2; + if ( !$handles{$newStack} ) { + open( $handles{$newStack}, '>', $newStack ); + } + s/^[0-9:]+ \[[^@]+@[a-z]+_([a-z0-9-]+?)-[0-9] [^]]+\]\[([A-Z]+)\] //; + if ($newStack eq $stack && $newChannel eq $channel) { + chomp $buffer; + chomp $buffer; + $buffer .= $_; + } else { + if ($buffer =~ m/\S/ms) { + $buffer =~ s/^/$channel /mg; + print { $handles{$stack} } $buffer ; + } + $channel = $newChannel; + $buffer = $_; + } + $stack = $newStack; + } else { + $buffer .= $_; + } +} + +if ($buffer =~ m/\S/ms) { + $buffer =~ s/^/$channel /mg; + print { $handles{$stack} } $buffer; +} diff --git a/src/main/java/com/bioraft/rundeck/rancher/LogMessage.java b/src/main/java/com/bioraft/rundeck/rancher/LogMessage.java new file mode 100644 index 0000000..3d3dada --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/LogMessage.java @@ -0,0 +1,75 @@ +/*- + * -\-\- + * docker-client + * -- + * Copyright (C) 2016 Spotify AB + * -- + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * -/-/- + */ + +package com.bioraft.rundeck.rancher; + +import java.nio.ByteBuffer; + +public class LogMessage { + + final Stream stream; + final ByteBuffer content; + + public LogMessage(final int streamId, final ByteBuffer content) { + this(Stream.of(streamId), content); + } + + public LogMessage(final Stream stream, final ByteBuffer content) { + this.stream = stream; + this.content = content; + } + + public Stream stream() { + return stream; + } + + public ByteBuffer content() { + return content.asReadOnlyBuffer(); + } + + public enum Stream { + STDIN(0), STDOUT(1), STDERR(2); + + private final int id; + + Stream(int id) { + this.id = id; + } + + public int id() { + return id; + } + + public static Stream of(final int id) { + switch (id) { + case 0: + return STDIN; + case 1: + return STDOUT; + case 2: + return STDERR; + default: + throw new IllegalArgumentException(); + } + } + + } + +} \ No newline at end of file diff --git a/src/main/java/com/bioraft/rundeck/rancher/MessageReader.java b/src/main/java/com/bioraft/rundeck/rancher/MessageReader.java new file mode 100644 index 0000000..ce77453 --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/MessageReader.java @@ -0,0 +1,152 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Much of this file is copied from com.spotify.docker.client.LogReader + * @link https://github.com/spotify/docker-client/blob/master/src/main/java/com/spotify/docker/client/LogReader.java + */ + +package com.bioraft.rundeck.rancher; + +import static com.google.common.io.ByteStreams.copy; +import static com.google.common.io.ByteStreams.nullOutputStream; + +import com.google.common.io.ByteStreams; +import com.bioraft.rundeck.rancher.LogMessage.Stream; + +import java.io.Closeable; +import java.io.IOException; +import java.io.InputStream; +import java.nio.ByteBuffer; + +/** + * Reads a message from Rancher transmitting a portion of a Docker multiplexed + * stream. + * + * To use this class, instantiate with an InputStream, read nextMessage() until + * the stream is exhausted, then prepend nextHeader to the next message from + * Rancher. + * + * @code + * MessageReader reader = new MessageReader(stream); + * while ((message = reader.nextMessage()) != null) { + * log(message.stream.channel(), new String(message.content.array())); + * } + * theRest = reader.nextHeader(); // Prepend this to next Rancher message. + * @code + * + * @author Karl DeBisschop + * @since 2019-12-12 + */ +public class MessageReader implements Closeable { + + private final InputStream stream; + + // Size of header in bytes. + public static final int HEADER_SIZE = 8; + + // Beginning of frame size (bytes after start of header). + public static final int FRAME_SIZE_OFFSET = 4; + + private byte[] expected = new byte[0]; + + public MessageReader(final InputStream stream) { + this.stream = stream; + } + + /** + * Looks for frame headers in stream and sends a message on each successive call + * until the buffer is exhausted. + * + * @return + * @throws IOException + */ + public LogMessage nextMessage() throws IOException { + stream.mark(HEADER_SIZE); + + // Read header + final byte[] headerBytes = new byte[HEADER_SIZE]; + final int n = ByteStreams.read(stream, headerBytes, 0, HEADER_SIZE); + if (n == 0) { + return null; + } + final ByteBuffer header = ByteBuffer.wrap(headerBytes); + + // Read frame + int streamId; + final byte[] frame; + final int idZ = header.getInt(0); + // Header format is : {STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} + // So idZ is : {STREAM_TYPE, 0, 0, 0} + if (idZ == 0x00000000 || idZ == 0x01000000 || idZ == 0x02000000) { + streamId = idZ >> 24; + final int frameSize = header.getInt(FRAME_SIZE_OFFSET); + + // If the Docker frame extends into the next Rancher message, the log + // message will consist of the rest of the buffer and we need to + // calculate how much of the Docker frame is in the next Rancher + // message. Otherwise, just send the frame (which moves the buffer + // pointer forward to prepare for the next call of nextMessage()). + if (stream.available() < frameSize) { + frame = new byte[stream.available()]; + this.calculateNextHeader(idZ, frameSize); + } else { // Just send the next frame. + frame = new byte[frameSize]; + } + + } else { // No header, so send everything on STDOUT. + stream.reset(); + streamId = Stream.STDOUT.id(); + frame = new byte[stream.available()]; + } + + ByteStreams.readFully(stream, frame); + return new LogMessage(streamId, ByteBuffer.wrap(frame)); + } + + /** + * Build a header for the rest of the Docker frame, which should arrive in the next + * message from Rancher. + * + * @param idZ + * @param frameSize + * @throws IOException + */ + private void calculateNextHeader(int idZ, int frameSize) throws IOException { + // Calculate the number of bytes expected before next Docker frame. + int size = frameSize - stream.available(); + // Build header with same stream ID (STDIN/STDOUT/STDERR) and expected size. + expected = ByteBuffer.allocate(HEADER_SIZE).putInt(idZ).putInt(size).array(); + } + + /** + * Returns a header for the rest of the Docker frame, which should arrive in the next + * message from Rancher. + * + * @return An 8-byte header. + * @throws IOException + */ + public byte[] nextHeader() throws IOException { + return expected; + } + + @Override + public void close() throws IOException { + // RancherWebSocketListener will close the stream and release the connection + // after we read all the data. + // We cannot call the stream's close method because it an instance of + // UncloseableInputStream, where close is a no-op. + copy(stream, nullOutputStream()); + } +} diff --git a/src/main/java/com/bioraft/rundeck/rancher/RancherFileCopier.java b/src/main/java/com/bioraft/rundeck/rancher/RancherFileCopier.java new file mode 100644 index 0000000..23bf89e --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/RancherFileCopier.java @@ -0,0 +1,133 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * RancherFileCopier.java + * + * @author Karl DeBisschop + * Created: 3/31/11 4:09 PM + * + */ + +package com.bioraft.rundeck.rancher; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.util.Map; + +import com.dtolabs.rundeck.core.common.INodeEntry; +import com.dtolabs.rundeck.core.execution.ExecutionContext; +import com.dtolabs.rundeck.core.execution.service.FileCopier; +import com.dtolabs.rundeck.core.execution.service.FileCopierException; +import com.dtolabs.rundeck.core.plugins.Plugin; +import com.dtolabs.rundeck.core.storage.ResourceMeta; +import com.dtolabs.rundeck.plugins.ServiceNameConstants; +import com.dtolabs.rundeck.plugins.descriptions.PluginDescription; + +/** + * RancherStubFileCopier provider for the FileCopier service + * + * @author Karl DeBisschop + * @since 2019-12-08 + */ +@Plugin(name = RancherShared.SERVICE_PROVIDER_NAME, service = ServiceNameConstants.FileCopier) +@PluginDescription(title = "Rancher File Copier", description = "Copies a file to a Rancher-mananged Docker container.") +public class RancherFileCopier implements FileCopier { + + @Override + public String copyFileStream(final ExecutionContext context, final InputStream input, final INodeEntry node, + final String destination) throws FileCopierException { + Map nodeAttributes = node.getAttributes(); + String accessKey; + String secretKey; + try { + accessKey = this.loadStoragePathData(context, nodeAttributes.get(RancherShared.CONFIG_ACCESSKEY_PATH)); + secretKey = this.loadStoragePathData(context, nodeAttributes.get(RancherShared.CONFIG_SECRETKEY_PATH)); + } catch (IOException e) { + throw new FileCopierException(e.getMessage(), RancherFileCopierFailureReason.AuthenticationFailure); + } + String url = nodeAttributes.get("execute"); + + try { + RancherWebSocketListener.putFile(url, accessKey, secretKey, input, destination); + } catch (IOException | InterruptedException e) { + throw new FileCopierException(e.getMessage(), RancherFileCopierFailureReason.ConnectionFailure); + } + return destination; + } + + @Override + public String copyFile(final ExecutionContext context, final File file, final INodeEntry node, + final String destination) throws FileCopierException { + FileInputStream fileStream = null; + try { + fileStream = new FileInputStream(file); + return copyFileStream(context, fileStream, node, destination); + } catch (FileNotFoundException fnf) { + throw new FileCopierException(fnf.getMessage(), RancherFileCopierFailureReason.ConnectionFailure); + } finally { + if (fileStream != null) { + try { + fileStream.close(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + } + } + + @Override + public String copyScriptContent(final ExecutionContext context, final String script, final INodeEntry node, + final String destination) throws FileCopierException { + ByteArrayInputStream scriptStream = new ByteArrayInputStream(script.getBytes()); + try { + return copyFileStream(context, scriptStream, node, destination); + } finally { + try { + scriptStream.close(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + } + + /** + * Get a (secret) value from password storage. + * + * @param context + * @param passwordStoragePath + * @return + * @throws IOException + */ + private String loadStoragePathData(final ExecutionContext context, final String passwordStoragePath) + throws IOException { + if (null == passwordStoragePath) { + return null; + } + ResourceMeta contents = context.getStorageTree().getResource(passwordStoragePath).getContents(); + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + contents.writeContent(byteArrayOutputStream); + return new String(byteArrayOutputStream.toByteArray()); + } + +} diff --git a/src/main/java/com/bioraft/rundeck/rancher/RancherFileCopierFailureReason.java b/src/main/java/com/bioraft/rundeck/rancher/RancherFileCopierFailureReason.java new file mode 100644 index 0000000..e082368 --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/RancherFileCopierFailureReason.java @@ -0,0 +1,48 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.bioraft.rundeck.rancher; + +import com.dtolabs.rundeck.core.execution.workflow.steps.FailureReason; + +/** + * Failure reasons for Rancher File Copier. + * + * @author Karl DeBisschop + * @since 2019-12-14 + */ +public enum RancherFileCopierFailureReason implements FailureReason { + /** + * Requested file could not be found + */ + FileNotFound, + /** + * Timeout on connection + */ + ConnectionTimeout, + /** + * Connection unsuccessful + */ + ConnectionFailure, + /** + * Authentication unsuccessful + */ + AuthenticationFailure, + /** + * Command or script execution result code was not zero + */ + NonZeroResultCode, +} diff --git a/src/main/java/com/bioraft/rundeck/rancher/RancherNodeExecutorPlugin.java b/src/main/java/com/bioraft/rundeck/rancher/RancherNodeExecutorPlugin.java new file mode 100644 index 0000000..e5ee047 --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/RancherNodeExecutorPlugin.java @@ -0,0 +1,164 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.bioraft.rundeck.rancher; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Map; + +import javax.xml.bind.DatatypeConverter; + +import com.dtolabs.rundeck.core.common.INodeEntry; +import com.dtolabs.rundeck.core.execution.ExecutionContext; +import com.dtolabs.rundeck.core.execution.ExecutionListener; +import com.dtolabs.rundeck.core.execution.service.NodeExecutor; +import com.dtolabs.rundeck.core.execution.service.NodeExecutorResult; +import com.dtolabs.rundeck.core.execution.service.NodeExecutorResultImpl; +import com.dtolabs.rundeck.core.execution.workflow.steps.StepFailureReason; +import com.dtolabs.rundeck.core.plugins.Plugin; +import com.dtolabs.rundeck.core.plugins.configuration.Describable; +import com.dtolabs.rundeck.core.plugins.configuration.Description; +import com.dtolabs.rundeck.core.storage.ResourceMeta; +import com.dtolabs.rundeck.plugins.ServiceNameConstants; +import com.dtolabs.rundeck.plugins.util.DescriptionBuilder; + +/** + * RancherNodeExecutorPlugin is a {@link NodeExecutor} plugin implementation for + * Rancher. + * + * @author Karl DeBisschop + * @since 2019-12-08 + */ +@Plugin(name = RancherShared.SERVICE_PROVIDER_NAME, service = ServiceNameConstants.NodeExecutor) +public class RancherNodeExecutorPlugin implements NodeExecutor, Describable { + + static final Description DESC; + + private String accessKey; + private String secretKey; + + static { + DescriptionBuilder builder = DescriptionBuilder.builder(); + builder.name(RancherShared.SERVICE_PROVIDER_NAME); + builder.title("Rancher Node Executor"); + builder.description("Executes a command on a remote rancher node."); + DESC = builder.build(); + } + + @Override + public Description getDescription() { + return DESC; + } + + @Override + public NodeExecutorResult executeCommand(final ExecutionContext context, final String[] command, + final INodeEntry node) { + Map nodeAttributes = node.getAttributes(); + try { + accessKey = this.loadStoragePathData(context, nodeAttributes.get(RancherShared.CONFIG_ACCESSKEY_PATH)); + secretKey = this.loadStoragePathData(context, nodeAttributes.get(RancherShared.CONFIG_SECRETKEY_PATH)); + } catch (IOException e) { + return NodeExecutorResultImpl.createFailure(StepFailureReason.IOFailure, e.getMessage(), node); + } + + ExecutionListener listener = context.getExecutionListener(); + + String url = nodeAttributes.get("execute"); + + Map jobContext = context.getDataContext().get("job"); + String temp = this.baseName(command, jobContext); + + try { + RancherWebSocketListener.runJob(url, accessKey, secretKey, command, listener, temp); + } catch (IOException e) { + return NodeExecutorResultImpl.createFailure(StepFailureReason.IOFailure, e.getMessage(), node); + } catch (InterruptedException e) { + return NodeExecutorResultImpl.createFailure(StepFailureReason.Interrupted, e.getMessage(), node); + } + + String[] pidFile = this.readLogFile(temp + ".pid", url).split(" +"); + if (pidFile.length > 1 && Integer.parseInt(pidFile[1]) == 0) { + return NodeExecutorResultImpl.createSuccess(node); + } else { + return NodeExecutorResultImpl.createFailure(StepFailureReason.PluginFailed, + "Process " + pidFile[0] + " status " + pidFile[1], node); + } + } + + /** + * Create a (nearly) unique file path without the extension. + * + * + * + * @param command The command array to be executed for the job. + * @param jobContext The job context map. + * @return + */ + private String baseName(String[] command, Map jobContext) { + MessageDigest md; + try { + md = MessageDigest.getInstance("MD5"); + md.update(String.join(" ", command).getBytes()); + byte[] digest = md.digest(); + String md5 = DatatypeConverter.printHexBinary(digest); + return "/tmp/" + jobContext.get("project") + "_" + jobContext.get("execid") + "_" + md5; + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + return "/tmp/rundeck_job"; + } + } + + /** + * Read a file on the Docker container. + * + * @param file The full path to the file. + * @param url The URL for executing jobs on the desired container. + * @return The contents of the file as a string. + */ + private String readLogFile(String file, String url) { + StringBuilder output = new StringBuilder(); + try { + RancherWebSocketListener.getFile(url, accessKey, secretKey, output, file); + } catch (IOException e) { + e.printStackTrace(); + } catch (InterruptedException e) { + e.printStackTrace(); + } + return output.toString(); + } + + /** + * Get a (secret) value from password storage. + * + * @param context + * @param passwordStoragePath + * @return + * @throws IOException + */ + private String loadStoragePathData(final ExecutionContext context, final String passwordStoragePath) + throws IOException { + if (null == passwordStoragePath) { + return null; + } + ResourceMeta contents = context.getStorageTree().getResource(passwordStoragePath).getContents(); + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + contents.writeContent(byteArrayOutputStream); + return new String(byteArrayOutputStream.toByteArray()); + } +} \ No newline at end of file diff --git a/src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSource.java b/src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSource.java new file mode 100644 index 0000000..f28b189 --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSource.java @@ -0,0 +1,406 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.bioraft.rundeck.rancher; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; +import java.util.Properties; + +import com.dtolabs.rundeck.core.common.INodeSet; +import com.dtolabs.rundeck.core.common.NodeEntryImpl; +import com.dtolabs.rundeck.core.common.NodeSetImpl; +import com.dtolabs.rundeck.core.resources.ResourceModelSource; +import com.dtolabs.rundeck.core.resources.ResourceModelSourceException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; + +import okhttp3.Credentials; +import okhttp3.HttpUrl; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.Response; + +/** + * RancherResourceModelSource collects nodes from one or more Rancher + * environments. + * + * @author Karl DeBisschop + * @since 2014-09-03 + */ +public class RancherResourceModelSource implements ResourceModelSource { + + private Properties configuration; + + // URL to Rancher API. + private String url; + + // HTTP client is shared among methods. + private OkHttpClient client; + + // Tags that will be applied to all nodes (comma-separated). + private String tags; + + // Regular expression for labels to include as node attributes. + private String attributeInclude; + + // Regular expression for labels to include as tags. + private String tagInclude; + + // Regular expression for stacks to include in result set. + private String stackInclude; + + // The set of nodes that will be returned by getNodes(). + private NodeSetImpl iNodeEntries; + + // The node being built. + private NodeEntryImpl nodeEntry; + + // Labels read from the node. + private JsonNode labels; + + // Track how many times each stack_service has been seen. + Map seen; + + // Tag set for the node being built. + private HashSet tagset; + + // Storage path for Rancher API access key. + private String accessKeyPath = RancherShared.CONFIG_ACCESSKEY_PATH; + + // Storage path for Rancher API secret key. + private String secretKeyPath = RancherShared.CONFIG_SECRETKEY_PATH; + + /** + * The required object constructor. + * + * @param configuration + */ + public RancherResourceModelSource(Properties configuration) { + this.configuration = configuration; + tags = configuration.getProperty("tags"); + } + + @Override + public INodeSet getNodes() throws ResourceModelSourceException { + + // avoid creating several instances, should be singleton + client = new OkHttpClient(); + + url = configuration.getProperty(RancherShared.CONFIG_ENDPOINT, ""); + attributeInclude = configuration.getProperty(RancherShared.CONFIG_LABELS_INCLUDE_ATTRIBUTES, ""); + tagInclude = configuration.getProperty(RancherShared.CONFIG_LABELS_INCLUDE_TAGS, ""); + stackInclude = configuration.getProperty(RancherShared.CONFIG_STACK_FILTER, ""); + + iNodeEntries = new NodeSetImpl(); + String environmentIds = configuration.getProperty(RancherShared.CONFIG_ENVIRONMENT_IDS); + for (String environmentId : environmentIds.split("[ ,]+")) { + seen = new HashMap(); + getNodesForEnvironment(environmentId); + } + + return iNodeEntries; + } + + /** + * Adds nodes for specified environment to the NodeSetImpl. + * + * @param environmentId Rancher account ID for the desired environment. + */ + private void getNodesForEnvironment(String environmentId) { + ArrayList data; + String environmentName; + try { + environmentName = this.getEnvironmentName(environmentId); + } catch (IOException e) { + environmentName = environmentId; + System.out.println("Failed getting environment name"); + System.out.println(e.getMessage()); + System.out.println(e.getCause().getMessage()); + } + + try { + data = this.getContainers(environmentId); + } catch (IOException e) { + System.out.println(e.getMessage()); + System.out.println(e.getCause().getMessage()); + return; + } + + for (JsonNode node : data) { + if (this.canExclude(RancherShared.CONFIG_HANDLE_STOPPED)) { + if (!node.get("state").asText().contentEquals("running")) { + continue; + } + } + + this.initializeForNode(); + + if (node.hasNonNull("labels")) { + labels = node.get("labels"); + + String label; + label = RancherShared.CONFIG_HANDLE_SYSTEM; + if (this.canExclude(label) && labels.hasNonNull(label.replaceAll("-", "."))) { + continue; + } + label = RancherShared.CONFIG_HANDLE_GLOBAL; + if (this.canExclude(label) && labels.hasNonNull(label.replaceAll("-", "."))) { + continue; + } + + if (!stackInclude.equals("")) { + if (labels.hasNonNull("io.rancher.stack.name")) { + String stack = labels.get("io.rancher.stack.name").textValue(); + if (stack != null && !stack.matches(stackInclude)) { + continue; + } + } + } + + if (configuration.getProperty(RancherShared.CONFIG_LIMIT_ONE_CONTAINER) != null) { + if (labels.hasNonNull("io.rancher.stack_service.name")) { + String stackService = labels.get("io.rancher.stack_service.name").textValue(); + if (stackService != null && seen.containsKey(stackService)) { + continue; + } + } + } + + this.processLabels(node); + } + + String name = environmentName + "_" + node.get("name").asText(); + nodeEntry.setNodename(name); + nodeEntry.setHostname(node.get("hostId").asText()); + nodeEntry.setUsername("root"); + nodeEntry.setAttribute("id", node.get("id").asText()); + nodeEntry.setAttribute("file-copier", "rancher"); + nodeEntry.setAttribute("node-executor", "rancher"); + nodeEntry.setAttribute("type", node.get("kind").asText()); + nodeEntry.setAttribute("state", node.get("state").asText()); + nodeEntry.setAttribute("account", node.get("accountId").asText()); + nodeEntry.setAttribute("environment", environmentName); + nodeEntry.setAttribute("image", node.get("imageUuid").asText()); + nodeEntry.setAttribute(accessKeyPath, configuration.getProperty(accessKeyPath)); + nodeEntry.setAttribute(secretKeyPath, configuration.getProperty(secretKeyPath)); + + JsonNode actions = node.get("actions"); + if (actions.hasNonNull("execute")) { + nodeEntry.setAttribute("execute", actions.get("execute").asText()); + } + if (actions.hasNonNull("upgrade")) { + nodeEntry.setAttribute("upgrade", actions.get("upgrade").asText()); + } + + try { + if (nodeEntry.getNodename() == null) { + System.out.println(node.toPrettyString()); + } else { + iNodeEntries.putNode(nodeEntry); + } + } catch (IllegalArgumentException e) { + System.out.println(e.getMessage()); + System.out.println(e.getCause().getMessage()); + } + } + } + + /** + * Returns true if property is set to exclude relevant nodes. + * + * @param property The name of the configuration value we are examining. + * @return + */ + private boolean canExclude(String property) { + return configuration.getProperty(property, "Exclude").contentEquals("Exclude"); + } + + /** + * Start processing a new node. + */ + private void initializeForNode() { + nodeEntry = new NodeEntryImpl(); + if (tags == null) { + tagset = new HashSet(); + } else { + tagset = new HashSet(Arrays.asList(tags.split("\\s*,\\s*"))); + } + } + + /** + * Adds attributes and tags from labels array. + * + * @param node The node we are building. + */ + private void processLabels(JsonNode node) { + if (labels.hasNonNull("io.rancher.stack_service.name")) { + String stackService = labels.get("io.rancher.stack_service.name").asText(); + this.countTimesSeen(stackService); + String[] parts = stackService.split("/"); + nodeEntry.setAttribute("stack", parts[0]); + nodeEntry.setAttribute("service", parts[1]); + tagset.add(parts[1]); + } + + if (labels.hasNonNull("io.rancher.stack.name")) { + nodeEntry.setAttribute("stack", labels.get("io.rancher.stack.name").asText()); + } + + setAttributeForLabel("io.rancher.stack.name"); + setAttributeForLabel("io.rancher.container.start_once"); + setAttributeForLabel("io.rancher.container.system"); + setAttributeForLabel("io.rancher.scheduler.global"); + + Iterator> iter = labels.fields(); + while (iter.hasNext()) { + Map.Entry entry = iter.next(); + String label = entry.getKey(); + String value = entry.getValue().asText(); + this.setAttributeForLabel(label, value); + this.setTagForLabel(label, value); + } + tagset.add(node.get("imageUuid").asText().replaceFirst("^[^/]+/", "")); + nodeEntry.setTags(tagset); + } + + /** + * Count the number of containers are in each service for each stack. + * + * By constructing a node filter of "seen:1" we can run on only one container in + * a service even when we are not limiting the project node set to the one + * container per service. + * + * @param name + */ + private void countTimesSeen(String name) { + Integer count; + if (seen.get(name) == null) { + count = 1; + } else { + count = 1 + seen.get(name); + } + seen.put(name, count); + nodeEntry.setAttribute("seen", count.toString()); + } + + /** + * Sets an attribute from a label with a name defined by the text after the last dot + * in the label name. + * + * @param label The name of the label we are considering. + */ + private void setAttributeForLabel(String label) { + String attribute = this.last(label, "[.]"); + if (labels.hasNonNull(label)) { + nodeEntry.setAttribute(attribute, labels.get(label).asText()); + } else { + nodeEntry.setAttribute(attribute, "false"); + } + } + + /** + * Determine whether an attribute should be set for a given label. + * @param label + * @param value + */ + private void setAttributeForLabel(String label, String value) { + if (attributeInclude.length() > 0 && label.matches(attributeInclude)) { + nodeEntry.setAttribute(this.last(label, "[.]"), value); + } + } + + /** + * Sets a tag from a label with a name defined by the text after the last dot + * in the label name. + * + * @param label The name of the label we are considering. + */ + private void setTagForLabel(String label, String value) { + if (tagInclude.length() > 0 && label.matches(tagInclude)) { + tagset.add(value); + } + } + + /** + * Gets the part of a string after the last occurrence of pattern. + * + * @param string The string we are splitting. + * @param pattern The pattern the split with. + * @return The part of the string after the last separator. + */ + private String last(String string, String pattern) { + String[] keyParts = string.split("[.]"); + return keyParts[keyParts.length - 1]; + } + + /** + * Makes the underlying API call to get the list of nodes for the environment. + * + * @param environment + * @return An array of JsonNodes representing the containers in the environment. + * @throws IOException + */ + private ArrayList getContainers(String environment) throws IOException { + ObjectMapper objectMapper = new ObjectMapper(); + String accessKey = configuration.getProperty(RancherShared.CONFIG_ACCESSKEY); + String secretKey = configuration.getProperty(RancherShared.CONFIG_SECRETKEY); + String path = url + "/projects/" + environment + "/containers"; + + ArrayList data = new ArrayList<>(); + while (!path.equals("null")) { + Request request = new Request.Builder().url(path) + .addHeader("Authorization", Credentials.basic(accessKey, secretKey)).build(); + Response response = client.newCall(request).execute(); + String json = response.body().string(); + JsonNode root = objectMapper.readTree(json); + path = root.get("pagination").get("next").asText(); + Iterator instances = root.get("data").elements(); + while (instances.hasNext()) { + data.add(instances.next()); + } + } + return data; + } + + /** + * Gets the environment name for the specified environment ID. + * + * @param environment The Rancher accointId for the environment. + * @return The name of the indicated environment. + * @throws IOException + */ + private String getEnvironmentName(String environment) throws IOException { + String accessKey = configuration.getProperty(RancherShared.CONFIG_ACCESSKEY); + String secretKey = configuration.getProperty(RancherShared.CONFIG_SECRETKEY); + + HttpUrl.Builder urlBuilder = HttpUrl.parse(url + "/projects/" + environment).newBuilder(); + String path = urlBuilder.build().toString(); + + Request request = new Request.Builder().url(path) + .addHeader("Authorization", Credentials.basic(accessKey, secretKey)).build(); + Response response = client.newCall(request).execute(); + String json = response.body().string(); + + ObjectMapper objectMapper = new ObjectMapper(); + return objectMapper.readTree(json).path("name").asText(environment); + } +} diff --git a/src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSourceFactory.java b/src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSourceFactory.java new file mode 100644 index 0000000..8f4422b --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/RancherResourceModelSourceFactory.java @@ -0,0 +1,106 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.bioraft.rundeck.rancher; + +import com.bioraft.rundeck.rancher.RancherShared; + +import com.dtolabs.rundeck.core.plugins.Plugin; +import com.dtolabs.rundeck.core.plugins.configuration.*; +import com.dtolabs.rundeck.core.resources.ResourceModelSource; +import com.dtolabs.rundeck.core.resources.ResourceModelSourceFactory; +import com.dtolabs.rundeck.plugins.ServiceNameConstants; +import com.dtolabs.rundeck.plugins.util.DescriptionBuilder; + +import java.util.Arrays; +import java.util.Collections; +import java.util.Properties; + +/** + * RancherResourceModelSourceFactory establishes parameters for Rancher node + * resources. + * + * @author Karl DeBisschop + * @since 2019-12-08 + */ +@Plugin(name = RancherShared.SERVICE_PROVIDER_NAME, service = ServiceNameConstants.ResourceModelSource) +public class RancherResourceModelSourceFactory implements ResourceModelSourceFactory, Describable { + @Override + public ResourceModelSource createResourceModelSource(Properties configuration) throws ConfigurationException { + return new RancherResourceModelSource(configuration); + } + + static final Description DESC; + + static { + DescriptionBuilder builder = DescriptionBuilder.builder(); + builder.name(RancherShared.SERVICE_PROVIDER_NAME); + builder.title("Rancher Node Executor"); + builder.description("Executes a command on a remote rancher node."); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_ENDPOINT, "API EndPoint", + "URL of API endpoint (e.g., https://my,rancher.host/v2-beta)", true, null)); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_ENVIRONMENT_IDS, "Environment IDs", + "List of environments to include, comma-separated", true, null)); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_ACCESSKEY, "Access Key", + "The Rancher API Access Key", true, null, null, null, + Collections.singletonMap("displayType", (Object) StringRenderingConstants.DisplayType.PASSWORD))); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_SECRETKEY, "Secret Key", + "The Rancher API Secret Key", true, null, null, null, + Collections.singletonMap("displayType", (Object) StringRenderingConstants.DisplayType.PASSWORD))); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_ACCESSKEY_PATH, "Access Key Storage Path", + "Path in Rundeck Storage for the Rancher API Access Key (e.g. keys/rancher/access.key)", true, "keys/rancher/access.key")); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_SECRETKEY_PATH, "Secret Key Storage Path", + "Path in Rundeck Storage for the Rancher API Secret Key (e.g. keys/rancher/secret.key)", true, "keys/rancher/secret.key")); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_STACK_FILTER, "Stack Filter", + "A regular expression for stacks to be included", true, "^.*$")); + + builder.property(PropertyUtil.bool(RancherShared.CONFIG_LIMIT_ONE_CONTAINER, "Limit to One Container", + "Only run on one container for each service", true, "false")); + + builder.property(PropertyUtil.select(RancherShared.CONFIG_HANDLE_STOPPED, "Handle Stopped Containers", + "Exclude stopped containers", true, "Exclude", Arrays.asList(new String[] { "Exclude", "Include" }))); + + builder.property(PropertyUtil.select(RancherShared.CONFIG_HANDLE_SYSTEM, "Handle System Containers", + "Exclude system containers", true, "Exclude", Arrays.asList(new String[] { "Exclude", "Include" }))); + + builder.property(PropertyUtil.select(RancherShared.CONFIG_HANDLE_GLOBAL, "Handle Global Containers", + "Exclude global containers", true, "Exclude", Arrays.asList(new String[] { "Exclude", "Include" }))); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_TAGS, "Tags", + "Tags to apply to all nodes in this set", false, "rancher")); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_LABELS_INCLUDE_ATTRIBUTES, + "Labels made into attributes", + "A regular expression for labels whose values will be used as a node attribute (name will be last part of label ID)", + false, "")); + + builder.property(PropertyUtil.string(RancherShared.CONFIG_LABELS_INCLUDE_TAGS, "Labels made into tags", + "A regular expression for labels whose values will be used as tags for a node", false, "")); + + DESC = builder.build(); + } + + public Description getDescription() { + return DESC; + } +} diff --git a/src/main/java/com/bioraft/rundeck/rancher/RancherShared.java b/src/main/java/com/bioraft/rundeck/rancher/RancherShared.java new file mode 100644 index 0000000..de9832a --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/RancherShared.java @@ -0,0 +1,55 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * RancherWebSocketListener connects to Rancher containers. + * + * @author Karl DeBisschop + * @since 2019-12-11 + */ + +package com.bioraft.rundeck.rancher; + +public class RancherShared { + + public static final String PROJ_PROP_PREFIX = "project."; + + public static final String NODE_ATTR_RANCHER_ENDPOINT = "rancher.endpoint"; + public static final String NODE_ATTR_RANCHER_ACCESSKEY_PATH = "rancher.accessKey.path"; + public static final String NODE_ATTR_RANCHER_SECRETKEY_PATH = "rancher.secretKey.path"; + + public static final String PROJ_PROP_ENDPOINT = PROJ_PROP_PREFIX + NODE_ATTR_RANCHER_ENDPOINT; + public static final String PROJ_PROP_ACCESSKEY_PATH = PROJ_PROP_PREFIX + NODE_ATTR_RANCHER_ACCESSKEY_PATH; + public static final String PROJ_PROP_SECRETKEY_PATH = PROJ_PROP_PREFIX + NODE_ATTR_RANCHER_SECRETKEY_PATH; + + public static final String CONFIG_ENDPOINT = "rancher-api-endpoint"; + public static final String CONFIG_ENVIRONMENT_IDS = "environment-ids"; + public static final String CONFIG_ACCESSKEY = "access-key"; + public static final String CONFIG_SECRETKEY = "secret-key"; + public static final String CONFIG_ACCESSKEY_PATH = "accessKey-storage-path"; + public static final String CONFIG_SECRETKEY_PATH = "secretKey-storage-path"; + public static final String CONFIG_STACK_FILTER = "stack-filter"; + public static final String CONFIG_LIMIT_ONE_CONTAINER = "limit-to-one"; + public static final String CONFIG_HANDLE_STOPPED = "exclude-include-restrict-stopped"; + public static final String CONFIG_HANDLE_SYSTEM = "io-rancher-container-system"; + public static final String CONFIG_HANDLE_GLOBAL = "io-rancher-scheduler-global"; + public static final String CONFIG_TAGS = "tags"; + public static final String CONFIG_LABELS_INCLUDE_ATTRIBUTES = "labels-copied-to-attribs"; + public static final String CONFIG_LABELS_INCLUDE_TAGS = "labels-copied-to-tags"; + + public static final String SERVICE_PROVIDER_NAME = "rancher"; + +} \ No newline at end of file diff --git a/src/main/java/com/bioraft/rundeck/rancher/RancherWebSocketListener.java b/src/main/java/com/bioraft/rundeck/rancher/RancherWebSocketListener.java new file mode 100644 index 0000000..8804e56 --- /dev/null +++ b/src/main/java/com/bioraft/rundeck/rancher/RancherWebSocketListener.java @@ -0,0 +1,412 @@ +/* + * Copyright 2019 BioRAFT, Inc. (http://bioraft.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.bioraft.rundeck.rancher; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.io.StringReader; +import java.util.Base64; +import java.util.UUID; +import java.util.concurrent.TimeUnit; + +import com.dtolabs.rundeck.core.Constants; +import com.dtolabs.rundeck.core.execution.ExecutionListener; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.ObjectNode; +import com.google.common.io.ByteSource; +import com.google.common.io.CharStreams; +import com.google.common.primitives.Bytes; + +import okhttp3.Credentials; +import okhttp3.HttpUrl; +import okhttp3.MediaType; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.RequestBody; +import okhttp3.Response; +import okhttp3.WebSocket; +import okhttp3.WebSocketListener; +import okio.ByteString; + +/** + * RancherWebSocketListener connects to Rancher containers. + * + * @author Karl DeBisschop + * @since 2019-12-11 + */ +public final class RancherWebSocketListener extends WebSocketListener { + + // Try to use a single HTTP client across methds. + private OkHttpClient client; + + //URL of the Rancher API end point. + private String url; + + // The Rancher API access key. + private String accessKey; + + // The rancher API secret key. + private String secretKey; + + // The command for the job being run. + private String[] commandList; + + // A buffer used to accumulate output from the Rancher message stream. + private StringBuilder output; + + // Docker message frames do not necessarily coincide with Rancher. When a Docker + // frame is continued in the next Rancher message, this header allows us to decode + // the rest of the Docker frame. + private byte[] nextHeader; + + // Log listener from Rundeck. + private ExecutionListener listener; + + // These are used to reconstruct STDERR since it is lost in the stream from Rancher. + private static final String STDERR_TOK = "STDERR_6v9ZvwThpU1FtyrlIBf4UIC8"; + private static final int STDERR_TOKLEN = STDERR_TOK.length() + 1; + private int currentOutputChannel = -1; + + @Override + public void onMessage(WebSocket webSocket, String text) { + logDockerStream(webSocket, Bytes.concat(nextHeader, Base64.getDecoder().decode(text))); + } + + @Override + public void onMessage(WebSocket webSocket, ByteString bytes) { + logDockerStream(webSocket, Bytes.concat(nextHeader, bytes.toByteArray())); + } + + @Override + public void onClosing(WebSocket webSocket, int code, String reason) { + this.log(Constants.VERBOSE_LEVEL, reason); + webSocket.close(code, reason); + } + + @Override + public void onFailure(WebSocket webSocket, Throwable t, Response response) { + this.log(Constants.ERR_LEVEL, t.getMessage()); + t.printStackTrace(); + } + + /** + * Runs the overall job step: sends output to a listener; saves PID and exit + * status to a temporary file. + * + * @param url + * @param accessKey + * @param secretKey + * @param command + * @param listener + * @param temp + * @throws IOException + * @throws InterruptedException + */ + public static void runJob(String url, String accessKey, String secretKey, String[] command, + ExecutionListener listener, String temp) throws IOException, InterruptedException { + String file = " >>" + temp + ".pid; "; + // Prefix STDERR lines with STDERR_TOK to decode in logging step. + String job = "( " + String.join(" ", command) + ") 2> >(while read line;do echo \"" + STDERR_TOK + + " $line\";done) ;"; + String remote = "printf $$" + file + job + "printf ' %s' $?" + file; + // Note that bash is required to support adding a prefix token to STDERR. + String[] cmd = { "bash", "-c", remote }; + new RancherWebSocketListener().runJob(url, accessKey, secretKey, listener, cmd); + } + + /** + * Get contents of a file from server. + * + * @param url + * @param accessKey + * @param secretKey + * @param logger + * @param file + * @throws IOException + * @throws InterruptedException + */ + public static void getFile(String url, String accessKey, String secretKey, StringBuilder logger, String file) + throws IOException, InterruptedException { + String[] command = { "cat", file }; + new RancherWebSocketListener().run(url, accessKey, secretKey, logger, command); + } + + /** + * Put text onto a container as the specified file. + * + * @param url + * @param accessKey + * @param secretKey + * @param logger + * @param file + * @throws IOException + * @throws InterruptedException + */ + public static void putFile(String url, String accessKey, String secretKey, InputStream input, String destination) + throws IOException, InterruptedException { + new RancherWebSocketListener().put(url, accessKey, secretKey, input, destination); + } + + /** + * Runs a command and passes output back to an external listener. + * + * Exit status is read after completion from the job's PID file in /tmp. + * + * @param url + * @param accessKey + * @param secretKey + * @param listener + * @param command + * @throws IOException + * @throws InterruptedException + */ + private void runJob(String url, String accessKey, String secretKey, ExecutionListener listener, String[] command) + throws IOException, InterruptedException { + client = new OkHttpClient.Builder().pingInterval(50, TimeUnit.SECONDS).callTimeout(0, TimeUnit.HOURS).build(); + + this.url = url; + this.accessKey = accessKey; + this.secretKey = secretKey; + this.commandList = command; + this.listener = listener; + this.nextHeader = new byte[0]; + + // Even though we are passing data back to an external listener, we need to buffer + // the message stream so we can pick out lines that are part of STDERR. + output = new StringBuilder(); + + client.newWebSocket(this.buildRequest(false, true), this); + + // Trigger shutdown of the dispatcher's executor so process exits cleanly. + client.dispatcher().executorService().shutdown(); + client.dispatcher().executorService().awaitTermination(900, TimeUnit.SECONDS); + } + + /** + * Runs a command, capturing output in a StringBuffer injected on invocation. + * + * This is used to get the contents of the PID file when the job ends and + * determine the exit status. + * + * @param url + * @param accessKey + * @param secretKey + * @param output + * @param command + * @throws IOException + * @throws InterruptedException + */ + private void run(String url, String accessKey, String secretKey, StringBuilder output, String[] command) + throws IOException, InterruptedException { + client = new OkHttpClient.Builder().build(); + + this.url = url; + this.accessKey = accessKey; + this.secretKey = secretKey; + this.commandList = command; + this.output = output; + this.nextHeader = new byte[0]; + + client.newWebSocket(this.buildRequest(false, true), this); + + // Trigger shutdown of the dispatcher's executor so process exits cleanly. + client.dispatcher().executorService().shutdown(); + client.dispatcher().executorService().awaitTermination(30, TimeUnit.SECONDS); + } + + /** + * Put a file onto the server. + * + * Neither STDIN or STDOUT are attached. The file is sent as a payload with the post command. + * + * @param url + * @param accessKey + * @param secretKey + * @param input + * @param file + * @throws IOException + * @throws InterruptedException + */ + private void put(String url, String accessKey, String secretKey, InputStream input, String file) + throws IOException, InterruptedException { + String text = null; + try (final Reader reader = new InputStreamReader(input)) { + text = CharStreams.toString(reader); + } + + // Create a random UUID to use as a marker for a HEREDOC. + String marker = UUID.randomUUID().toString(); + + // The command cats a HEREDOC to the desired file. Note the quote that ensures + // the contents are not interpreted as shell variables. + String[] command = { "sh", "-c", "cat <<'" + marker + "'>" + file + "\n" + text + marker }; + + output = new StringBuilder(); + + client = new OkHttpClient.Builder().build(); + + this.url = url; + this.accessKey = accessKey; + this.secretKey = secretKey; + this.commandList = command; + + client.newWebSocket(this.buildRequest(false, false), this); + + // Trigger shutdown of the dispatcher's executor so process exits cleanly. + client.dispatcher().executorService().shutdown(); + client.dispatcher().executorService().awaitTermination(5, TimeUnit.SECONDS); + + } + + /** + * Builds the web socket request. + * + * @return + * @throws IOException + */ + private Request buildRequest(boolean attachStdin, boolean attachStdout) throws IOException { + JsonNode token = this.getToken(attachStdin, attachStdout); + String path = token.path("url").asText() + "?token=" + token.path("token").asText(); + return new Request.Builder().url(path).build(); + } + + /** + * Gets the web socket end point and connection token for an execute request. + * + * @return + * @throws IOException + */ + private JsonNode getToken(boolean attachStdin, boolean attachStdout) throws IOException { + HttpUrl.Builder urlBuilder = HttpUrl.parse(url).newBuilder(); + String path = urlBuilder.build().toString(); + String content = this.apiData(attachStdin, attachStdout); + try { + RequestBody body = RequestBody.create(MediaType.parse("application/json"), content); + Request request = new Request.Builder().url(path).post(body) + .addHeader("Authorization", Credentials.basic(accessKey, secretKey)).build(); + Response response = client.newCall(request).execute(); + ObjectMapper mapper = new ObjectMapper(); + return mapper.readTree(response.body().string()); + } catch (IOException e) { + System.out.println(e.getMessage()); + throw e; + } + } + + /** + * Builds JSON string of API data. + * + * @return + * @throws JsonMappingException + * @throws JsonProcessingException + */ + private String apiData(boolean attachStdin, boolean attachStdout) + throws JsonMappingException, JsonProcessingException { + ObjectMapper mapper = new ObjectMapper(); + JsonNode root = mapper.readTree("{}"); + ((ObjectNode) root).put("tty", false); + ((ObjectNode) root).put("attachStdin", attachStdin); + ((ObjectNode) root).put("attachStdout", attachStdout); + ArrayNode command = ((ObjectNode) root).putArray("command"); + for (String atom : commandList) { + command.add(atom); + } + return root.toString(); + } + + /** + * Logs a Docker stream passed through Rancher. + * @param webSocket + * @param bytes + */ + public void logDockerStream(WebSocket webSocket, byte[] bytes) { + LogMessage message; + BufferedReader stringReader; + try { + InputStream stream = ByteSource.wrap(bytes).openStream(); + MessageReader reader = new MessageReader(stream); + while ((message = reader.nextMessage()) != null) { + // If logging to RunDeck, we send lines beginning with STRDERR_TOK to ERR_LEVEL. + // To do that, we make a BufferedReader and process it line-by-line in log function. + if (listener != null) { + stringReader = new BufferedReader(new StringReader(new String(message.content.array()))); + log(currentOutputChannel, stringReader); + } else { + output.append(new String(message.content.array())); + } + nextHeader = reader.nextHeader(); + } + reader.close(); + } catch (IOException e) { + log(Constants.ERR_LEVEL, e.getMessage()); + e.printStackTrace(); + } + } + + /** + * Read a Buffer line by line and send lines prefixed by STDERR_TOK to the WARN_LEVEL + * channel of RunDeck's console. + * + * @param level + * @param message + * @throws IOException + */ + private void log(int level, BufferedReader stringReader) throws IOException { + String line; + while ((line = stringReader.readLine()) != null) { + if (line.startsWith(STDERR_TOK)) { + this.log(Constants.WARN_LEVEL, line.substring(STDERR_TOKLEN) + "\n"); + } else { + this.log(Constants.INFO_LEVEL, line + "\n"); + } + } + if (output.length() > 0) { + listener.log(currentOutputChannel, output.toString()); + } + output = new StringBuilder(); + } + + /** + * Buffer lines sent to RunDeck's logger so they are sent together and not + * line-by-line. + * + * @param level + * @param message + */ + private void log(int level, String message) { + if (listener != null) { + if (currentOutputChannel == -1) { + currentOutputChannel = level; + } else if (currentOutputChannel != level) { + if (output.length() > 0) { + listener.log(currentOutputChannel, output.toString()); + } + currentOutputChannel = level; + output = new StringBuilder(); + } + } + output.append(message); + } + +} \ No newline at end of file