From 289d299360c4092d832951b8226340960a695feb Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 2 Jun 2020 16:01:07 +0200 Subject: [PATCH] Fixes #719. Spostare i ruoli in repository dedicati. --- library/roles/apache/defaults/main.yml | 95 - .../apache/files/apache-letsencrypt-acme.sh | 25 - library/roles/apache/handlers/main.yml | 7 - .../roles/apache/tasks/apache-basic-auth.yml | 37 - .../roles/apache/tasks/apache-letsencrypt.yml | 43 - library/roles/apache/tasks/apache-modules.yml | 74 - library/roles/apache/tasks/apache-ppa.yml | 14 - library/roles/apache/tasks/apache.yml | 44 - library/roles/apache/tasks/main.yml | 8 - library/roles/apache/templates/info.conf.j2 | 20 - .../templates/letsencrypt-proxy.conf.j2 | 1 - library/roles/apache/templates/ports.conf | 3 - library/roles/apache/templates/status.conf.j2 | 32 - .../ldap-client-config/defaults/main.yml | 4 - .../roles/ldap-client-config/tasks/main.yml | 33 - .../templates/ldap.conf-old.j2 | 11 - .../ldap-client-config/templates/ldap.conf.j2 | 14 - .../defaults/main.yml | 47 - .../handlers/main.yml | 8 - .../tasks/main.yml | 143 - .../templates/acme-cert-request.sh.j2 | 28 - .../templates/acme-sudoers.j2 | 2 - .../templates/cert-requirements.j2 | 25 - .../templates/letsencrypt-default.j2 | 4 - .../templates/responses.j2 | 13 - library/roles/nginx/defaults/main.yml | 125 - .../nginx/files/nginx-letsencrypt-acme.sh | 25 - library/roles/nginx/files/nginx.pam | 26 - library/roles/nginx/handlers/main.yml | 7 - library/roles/nginx/meta/main.yml | 4 - library/roles/nginx/tasks/basic-auth.yml | 17 - library/roles/nginx/tasks/main.yml | 24 - library/roles/nginx/tasks/nginx-config.yml | 45 - library/roles/nginx/tasks/nginx-deb.yml | 27 - .../roles/nginx/tasks/nginx-letsencrypt.yml | 20 - library/roles/nginx/tasks/nginx-rh.yml | 7 - .../roles/nginx/tasks/nginx-virtualhosts.yml | 32 - library/roles/nginx/tasks/pam-ldap.yml | 7 - library/roles/nginx/templates/ldap.conf.j2 | 16 - .../nginx/templates/letsencrypt-proxy.conf.j2 | 9 - .../templates/nginx-browser-cache.conf.j2 | 27 - .../nginx/templates/nginx-compression.conf.j2 | 6 - .../roles/nginx/templates/nginx-cors.conf.j2 | 58 - .../templates/nginx-proxy-params.conf.j2 | 29 - .../nginx/templates/nginx-server-ssl.conf.j2 | 49 - .../roles/nginx/templates/nginx-virthost.j2 | 353 -- .../nginx/templates/nginx-websockets.conf.j2 | 4 - library/roles/nginx/templates/nginx.conf.j2 | 63 - library/roles/openjdk/defaults/main.yml | 32 - library/roles/openjdk/tasks/main.yml | 80 - .../defaults/main.yml | 98 - .../files/context.xml | 35 - .../files/jmxremote.access | 2 - .../files/logging.properties | 49 - .../files/policy.d/01system.policy | 52 - .../files/policy.d/02debian.policy | 10 - .../files/policy.d/03catalina.policy | 32 - .../files/policy.d/04webapps.policy | 59 - .../files/policy.d/50local.policy | 32 - .../tomcat-multiple-instances/files/web.xml | 4283 ---------------- .../handlers/main.yml | 28 - .../tomcat-multiple-instances/meta/main.yml | 3 - .../tomcat-multiple-instances/tasks/main.yml | 214 - .../templates/catalina.properties.j2 | 135 - .../templates/jmxremote.passwd.j2 | 2 - .../templates/tomcat-context.xml.j2 | 79 - .../templates/tomcat-default.j2 | 80 - .../templates/tomcat-host-manager.xml.j2 | 3 - .../templates/tomcat-instance.init.j2 | 310 -- .../templates/tomcat-manager.xml.j2 | 3 - .../templates/tomcat-server.xml.j2 | 146 - .../templates/tomcat-users.xml.j2 | 49 - .../templates/tomcat-web.xml.j2 | 4344 ----------------- .../templates/tomcat.logrotate.j2 | 17 - library/roles/tomcat/defaults/main.yml | 135 - .../roles/tomcat/files/catalina.properties | 131 - library/roles/tomcat/files/jmxremote.access | 2 - library/roles/tomcat/files/logging.properties | 49 - .../tomcat/files/tomcat6-juli-adapters.jar | Bin 23018 -> 0 bytes .../roles/tomcat/files/tomcat6-juli-log4j.jar | Bin 69283 -> 0 bytes .../tomcat/files/tomcat7-juli-adapters.jar | Bin 31865 -> 0 bytes .../roles/tomcat/files/tomcat7-juli-log4j.jar | Bin 75385 -> 0 bytes library/roles/tomcat/handlers/main.yml | 12 - library/roles/tomcat/meta/main.yml | 3 - library/roles/tomcat/tasks/access_log.yml | 6 - library/roles/tomcat/tasks/main.yml | 24 - library/roles/tomcat/tasks/not_pgsql_jdbc.yml | 9 - library/roles/tomcat/tasks/pgsql_jdbc.yml | 16 - library/roles/tomcat/tasks/tomcat-admin.yml | 10 - library/roles/tomcat/tasks/tomcat-jmx.yml | 16 - .../tomcat/tasks/tomcat-log4j-logging.yml | 41 - .../tomcat/tasks/tomcat-logger-logging.yml | 26 - library/roles/tomcat/tasks/tomcat-pkgs.yml | 111 - .../tomcat/templates/jmxremote.passwd.j2 | 2 - .../tomcat/templates/log4j.properties.j2 | 68 - .../roles/tomcat/templates/tomcat-default.j2 | 71 - .../tomcat/templates/tomcat-server.xml.j2 | 176 - .../tomcat/templates/tomcat-users.xml.j2 | 40 - .../roles/tomcat/templates/tomcat-web.xml.j2 | 4344 ----------------- .../templates/tomcat_access.logrotate.j2 | 8 - .../user_services_perms/defaults/main.yml | 18 - .../roles/user_services_perms/meta/main.yml | 3 - .../tasks/common-users-data-dirs.yml | 67 - .../roles/user_services_perms/tasks/main.yml | 5 - .../user_services_perms/tasks/sudo-config.yml | 5 - .../tasks/sudoers-groups.yml | 40 - .../templates/service-sudoers.j2 | 3 - library/roles/users/defaults/main.yml | 20 - library/roles/users/tasks/main.yml | 126 - library/roles/users/templates/sudoers.j2 | 1 - 110 files changed, 17480 deletions(-) delete mode 100644 library/roles/apache/defaults/main.yml delete mode 100644 library/roles/apache/files/apache-letsencrypt-acme.sh delete mode 100644 library/roles/apache/handlers/main.yml delete mode 100644 library/roles/apache/tasks/apache-basic-auth.yml delete mode 100644 library/roles/apache/tasks/apache-letsencrypt.yml delete mode 100644 library/roles/apache/tasks/apache-modules.yml delete mode 100644 library/roles/apache/tasks/apache-ppa.yml delete mode 100644 library/roles/apache/tasks/apache.yml delete mode 100644 library/roles/apache/tasks/main.yml delete mode 100644 library/roles/apache/templates/info.conf.j2 delete mode 100644 library/roles/apache/templates/letsencrypt-proxy.conf.j2 delete mode 100644 library/roles/apache/templates/ports.conf delete mode 100644 library/roles/apache/templates/status.conf.j2 delete mode 100644 library/roles/ldap-client-config/defaults/main.yml delete mode 100644 library/roles/ldap-client-config/tasks/main.yml delete mode 100644 library/roles/ldap-client-config/templates/ldap.conf-old.j2 delete mode 100644 library/roles/ldap-client-config/templates/ldap.conf.j2 delete mode 100644 library/roles/letsencrypt-acmetool-client/defaults/main.yml delete mode 100644 library/roles/letsencrypt-acmetool-client/handlers/main.yml delete mode 100644 library/roles/letsencrypt-acmetool-client/tasks/main.yml delete mode 100644 library/roles/letsencrypt-acmetool-client/templates/acme-cert-request.sh.j2 delete mode 100644 library/roles/letsencrypt-acmetool-client/templates/acme-sudoers.j2 delete mode 100644 library/roles/letsencrypt-acmetool-client/templates/cert-requirements.j2 delete mode 100644 library/roles/letsencrypt-acmetool-client/templates/letsencrypt-default.j2 delete mode 100644 library/roles/letsencrypt-acmetool-client/templates/responses.j2 delete mode 100644 library/roles/nginx/defaults/main.yml delete mode 100644 library/roles/nginx/files/nginx-letsencrypt-acme.sh delete mode 100644 library/roles/nginx/files/nginx.pam delete mode 100644 library/roles/nginx/handlers/main.yml delete mode 100644 library/roles/nginx/meta/main.yml delete mode 100644 library/roles/nginx/tasks/basic-auth.yml delete mode 100644 library/roles/nginx/tasks/main.yml delete mode 100644 library/roles/nginx/tasks/nginx-config.yml delete mode 100644 library/roles/nginx/tasks/nginx-deb.yml delete mode 100644 library/roles/nginx/tasks/nginx-letsencrypt.yml delete mode 100644 library/roles/nginx/tasks/nginx-rh.yml delete mode 100644 library/roles/nginx/tasks/nginx-virtualhosts.yml delete mode 100644 library/roles/nginx/tasks/pam-ldap.yml delete mode 100644 library/roles/nginx/templates/ldap.conf.j2 delete mode 100644 library/roles/nginx/templates/letsencrypt-proxy.conf.j2 delete mode 100644 library/roles/nginx/templates/nginx-browser-cache.conf.j2 delete mode 100644 library/roles/nginx/templates/nginx-compression.conf.j2 delete mode 100644 library/roles/nginx/templates/nginx-cors.conf.j2 delete mode 100644 library/roles/nginx/templates/nginx-proxy-params.conf.j2 delete mode 100644 library/roles/nginx/templates/nginx-server-ssl.conf.j2 delete mode 100644 library/roles/nginx/templates/nginx-virthost.j2 delete mode 100644 library/roles/nginx/templates/nginx-websockets.conf.j2 delete mode 100644 library/roles/nginx/templates/nginx.conf.j2 delete mode 100644 library/roles/openjdk/defaults/main.yml delete mode 100644 library/roles/openjdk/tasks/main.yml delete mode 100644 library/roles/tomcat-multiple-instances/defaults/main.yml delete mode 100644 library/roles/tomcat-multiple-instances/files/context.xml delete mode 100644 library/roles/tomcat-multiple-instances/files/jmxremote.access delete mode 100644 library/roles/tomcat-multiple-instances/files/logging.properties delete mode 100644 library/roles/tomcat-multiple-instances/files/policy.d/01system.policy delete mode 100644 library/roles/tomcat-multiple-instances/files/policy.d/02debian.policy delete mode 100644 library/roles/tomcat-multiple-instances/files/policy.d/03catalina.policy delete mode 100644 library/roles/tomcat-multiple-instances/files/policy.d/04webapps.policy delete mode 100644 library/roles/tomcat-multiple-instances/files/policy.d/50local.policy delete mode 100644 library/roles/tomcat-multiple-instances/files/web.xml delete mode 100644 library/roles/tomcat-multiple-instances/handlers/main.yml delete mode 100644 library/roles/tomcat-multiple-instances/meta/main.yml delete mode 100644 library/roles/tomcat-multiple-instances/tasks/main.yml delete mode 100644 library/roles/tomcat-multiple-instances/templates/catalina.properties.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/jmxremote.passwd.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat-context.xml.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat-default.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat-host-manager.xml.j2 delete mode 100755 library/roles/tomcat-multiple-instances/templates/tomcat-instance.init.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat-manager.xml.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat-server.xml.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat-users.xml.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat-web.xml.j2 delete mode 100644 library/roles/tomcat-multiple-instances/templates/tomcat.logrotate.j2 delete mode 100644 library/roles/tomcat/defaults/main.yml delete mode 100644 library/roles/tomcat/files/catalina.properties delete mode 100644 library/roles/tomcat/files/jmxremote.access delete mode 100644 library/roles/tomcat/files/logging.properties delete mode 100644 library/roles/tomcat/files/tomcat6-juli-adapters.jar delete mode 100644 library/roles/tomcat/files/tomcat6-juli-log4j.jar delete mode 100644 library/roles/tomcat/files/tomcat7-juli-adapters.jar delete mode 100644 library/roles/tomcat/files/tomcat7-juli-log4j.jar delete mode 100644 library/roles/tomcat/handlers/main.yml delete mode 100644 library/roles/tomcat/meta/main.yml delete mode 100644 library/roles/tomcat/tasks/access_log.yml delete mode 100644 library/roles/tomcat/tasks/main.yml delete mode 100644 library/roles/tomcat/tasks/not_pgsql_jdbc.yml delete mode 100644 library/roles/tomcat/tasks/pgsql_jdbc.yml delete mode 100644 library/roles/tomcat/tasks/tomcat-admin.yml delete mode 100644 library/roles/tomcat/tasks/tomcat-jmx.yml delete mode 100644 library/roles/tomcat/tasks/tomcat-log4j-logging.yml delete mode 100644 library/roles/tomcat/tasks/tomcat-logger-logging.yml delete mode 100644 library/roles/tomcat/tasks/tomcat-pkgs.yml delete mode 100644 library/roles/tomcat/templates/jmxremote.passwd.j2 delete mode 100644 library/roles/tomcat/templates/log4j.properties.j2 delete mode 100644 library/roles/tomcat/templates/tomcat-default.j2 delete mode 100644 library/roles/tomcat/templates/tomcat-server.xml.j2 delete mode 100644 library/roles/tomcat/templates/tomcat-users.xml.j2 delete mode 100644 library/roles/tomcat/templates/tomcat-web.xml.j2 delete mode 100644 library/roles/tomcat/templates/tomcat_access.logrotate.j2 delete mode 100644 library/roles/user_services_perms/defaults/main.yml delete mode 100644 library/roles/user_services_perms/meta/main.yml delete mode 100644 library/roles/user_services_perms/tasks/common-users-data-dirs.yml delete mode 100644 library/roles/user_services_perms/tasks/main.yml delete mode 100644 library/roles/user_services_perms/tasks/sudo-config.yml delete mode 100644 library/roles/user_services_perms/tasks/sudoers-groups.yml delete mode 100644 library/roles/user_services_perms/templates/service-sudoers.j2 delete mode 100644 library/roles/users/defaults/main.yml delete mode 100644 library/roles/users/tasks/main.yml delete mode 100644 library/roles/users/templates/sudoers.j2 diff --git a/library/roles/apache/defaults/main.yml b/library/roles/apache/defaults/main.yml deleted file mode 100644 index 4da45fe8..00000000 --- a/library/roles/apache/defaults/main.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -apache_service_enabled: True -apache_user: www-data -apache_pkg_state: latest -apache_group: '{{ apache_user }}' -apache_from_ppa: False -apache_ppa_repo: 'ppa:ondrej/apache2' - -apache_listen_ports: - - 80 - - '{{ apache_ssl_port }}' - -# Possible choices: event, prefork (the old ones), worker (the threaded version), itm -apache_mpm_mode: worker - -apache_packages: - - apache2 - - apache2-utils - - libapache2-mod-xsendfile - - unzip - - zip - -apache_modules_packages: - - 'apache2-mpm-{{ apache_mpm_mode }}' - -# Only one can be present at the same time. It needs to be listed as the last one -apache_worker_modules: -# - { name: 'mpm_itm', state: 'absent' } - - { name: 'mpm_event', state: 'absent' } - - { name: 'mpm_prefork', state: 'absent' } - - { name: 'mpm_{{ apache_mpm_mode }}', state: 'present' } - -# apache RPAF is needed to obtain the real client addresses when behind a reverse proxy -apache_rpaf_install: False - -apache_default_modules: - - headers - - rewrite - - expires - - xsendfile - -apache_ssl_modules_enabled: True -apache_ssl_port: 443 -apache_ssl_modules: - - ssl - - socache_shmcb -apache_http_proxy_modules_enabled: False -apache_http_proxy_modules: - - proxy - - proxy_ajp - - proxy_http - -apache_status_module: True -apache_status_location: '/server-status' -apache_status_allowed_hosts: - - 127.0.0.1/8 - -apache_info_module: True -apache_info_location: '/server-info' -apache_info_allowed_hosts: - - 127.0.0.1/8 - -apache_basic_auth: False -apache_basic_auth_single_file: True -apache_basic_auth_dir: /etc/apache2/auth -apache_basic_auth_file: '{{ apache_basic_auth_dir }}/htpasswd' - -apache_basic_auth_modules: - - auth_basic - - authn_file - - authz_user - -# Put them in a vault file. auth_file is optional. Not used when apache_basic_auth_single_file is true -# apache_basic_users: -# - { username:'', password:'', state:'present,absent', auth_file:'path_to_file' } - -# -apache_additional_packages: False -apache_additional_packages_list: -# - libapache2-mod-uwsgi -# - ... -# -# Set this variable to load the modules you need -apache_additional_modules: False -apache_additional_modules_list: [] -# - -# - - -apache_letsencrypt_managed: True -apache_letsencrypt_proxy_modules: - - proxy - - proxy_http - -apache_letsencrypt_proxy_conf: - - letsencrypt-proxy.conf diff --git a/library/roles/apache/files/apache-letsencrypt-acme.sh b/library/roles/apache/files/apache-letsencrypt-acme.sh deleted file mode 100644 index 5d10a4eb..00000000 --- a/library/roles/apache/files/apache-letsencrypt-acme.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks -LE_LOG_DIR=/var/log/letsencrypt -DATE=$( date ) - -[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR -echo "$DATE" >> $LE_LOG_DIR/apache.log - -if [ -f /etc/default/letsencrypt ] ; then - . /etc/default/letsencrypt -else - echo "No letsencrypt default file" >> $LE_LOG_DIR/apache.log -fi - -echo "Reload the apache service" >> $LE_LOG_DIR/apache.log -if [ -x /bin/systemctl ] ; then - systemctl reload apache2 >> $LE_LOG_DIR/apache.log 2>&1 -else - service apache2 reload >> $LE_LOG_DIR/apache.log 2>&1 -fi - -echo "Done." >> $LE_LOG_DIR/apache.log - -exit 0 diff --git a/library/roles/apache/handlers/main.yml b/library/roles/apache/handlers/main.yml deleted file mode 100644 index a4fd00ab..00000000 --- a/library/roles/apache/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: apache2 reload - service: name=apache2 state=reloaded - -- name: apache2 restart - service: name=apache2 state=restarted - diff --git a/library/roles/apache/tasks/apache-basic-auth.yml b/library/roles/apache/tasks/apache-basic-auth.yml deleted file mode 100644 index c0ae1c37..00000000 --- a/library/roles/apache/tasks/apache-basic-auth.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Load the basic auth modules - apache2_module: name={{ item }} state=present - with_items: '{{ apache_basic_auth_modules }}' - notify: apache2 reload - tags: - - apache - - apache_basic_auth - -- name: Create the authentication directory - file: path={{ apache_basic_auth_dir }} mode=0750 owner=root group={{ apache_group }} state=directory - tags: - - apache - - apache_basic_auth - -- name: Install the python-passlib library - apt: pkg=python-passlib state=present - tags: - - apache - - apache_basic_auth - -- name: Create the basic auth file when it is unique to all the virtualhosts - htpasswd: path={{ apache_basic_auth_file }} name={{ item.username }} password={{ item.password }} create=yes state={{ item.state }} owner=root group={{ apache_group }} mode=0640 - when: apache_basic_users is defined and apache_basic_auth_single_file - with_items: '{{ apache_basic_users }}' - tags: - - apache - - apache_basic_auth - -- name: Create the basic auth files - htpasswd: path={{ item.auth_file }} name={{ item.username }} password={{ item.password }} create=yes state={{ item.state }} owner=root group={{ apache_group }} mode=0640 - with_items: '{{ apache_basic_users | default([]) }}' - when: apache_basic_users is defined and not apache_basic_auth_single_file - tags: - - apache - - apache_basic_auth - diff --git a/library/roles/apache/tasks/apache-letsencrypt.yml b/library/roles/apache/tasks/apache-letsencrypt.yml deleted file mode 100644 index 86928be5..00000000 --- a/library/roles/apache/tasks/apache-letsencrypt.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- block: - - name: Enable the proxy modules needed by letsencrypt - apache2_module: name={{ item }} state=present - with_items: '{{ apache_letsencrypt_proxy_modules }}' - ignore_errors: True - notify: apache2 reload - - - name: Install the apache letsencrypt directives on trusty - template: src={{ item }}.j2 dest=/etc/apache2/conf-available/{{ item }} owner=root group=root mode=0644 - with_items: '{{ apache_letsencrypt_proxy_conf }}' - ignore_errors: True - notify: apache2 reload - - - name: Enable the apache letsencrypt directives on trusty - file: src=/etc/apache2/conf-available/{{ item }} dest=/etc/apache2/conf-enabled/{{ item }} state=link - with_items: '{{ apache_letsencrypt_proxy_conf }}' - ignore_errors: True - notify: apache2 reload - - - name: Create the acme hooks directory if it does not yet exist - file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root - - - name: Install a letsencrypt hook for apache - copy: src=apache-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/apache2 owner=root group=root mode=4555 - - when: - - letsencrypt_acme_install is defined and letsencrypt_acme_install | bool - - apache_letsencrypt_managed | bool - tags: [ 'apache', 'letsencrypt' ] - -- block: - - name: Disable the letsencrypt conf - file: dest=/etc/apache2/conf-enabled/letsencrypt-proxy.conf state=absent - ignore_errors: True - notify: apache2 reload - - - name: Remove the letsencrypt hook for apache - file: path={{ letsencrypt_acme_services_scripts_dir }}/apache2 state=absent - - when: not apache_letsencrypt_managed | bool - tags: [ 'apache', 'letsencrypt' ] - diff --git a/library/roles/apache/tasks/apache-modules.yml b/library/roles/apache/tasks/apache-modules.yml deleted file mode 100644 index cfe94239..00000000 --- a/library/roles/apache/tasks/apache-modules.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: Load the required modules - apache2_module: name={{ item }} state=present force=yes - with_items: '{{ apache_default_modules }}' - notify: apache2 reload - ignore_errors: True - tags: [ 'apache', 'apache_modules' ] - -- name: Install the libapache2-mod-rpaf module - apt: pkg=libapache2-mod-rpaf state=present - when: apache_rpaf_install | bool - tags: [ 'apache', 'apache_mods', 'apache_rpaf' ] - -- name: Enable the apache rpaf module - apache2_module: name=rpaf state=present - when: apache_rpaf_install | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods', 'apache_rpaf' ] - -- name: Load the apache ssl modules - apache2_module: name={{ item }} state=present - with_items: '{{ apache_ssl_modules }}' - when: apache_ssl_modules_enabled | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods' ] - -- name: Load some apache proxy modules - apache2_module: name={{ item }} state=present - with_items: '{{ apache_http_proxy_modules }}' - when: apache_http_proxy_modules_enabled | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods' ] - -- name: Load additional apache modules if any - apache2_module: name={{ item }} state=present - with_items: '{{ apache_additional_modules_list | default ([]) }}' - when: apache_additional_modules | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods' ] - -- name: Disable apache modules if any - apache2_module: name={{ item }} state=absent - with_items: '{{ apache_modules_to_be_removed | default ([]) }}' - notify: apache2 reload - tags: [ 'apache', 'apache_mods' ] - -- name: Load the apache status module - apache2_module: name={{ item }} state=present - with_items: status - when: apache_status_module | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods', 'apache_status' ] - -- name: Configure the apache status module - template: src={{ item }}.j2 dest=/etc/apache2/mods-available/{{ item }} owner=root group=root mode=0644 - with_items: status.conf - when: apache_status_module | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods', 'apache_status' ] - -- name: Load the apache info module - apache2_module: name={{ item }} state=present - with_items: info - when: apache_info_module | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods', 'apache_info' ] - -- name: Configure the apache info module - template: src={{ item }}.j2 dest=/etc/apache2/mods-available/{{ item }} owner=root group=root mode=0644 - with_items: info.conf - when: apache_info_module | bool - notify: apache2 reload - tags: [ 'apache', 'apache_mods', 'apache_info' ] - diff --git a/library/roles/apache/tasks/apache-ppa.yml b/library/roles/apache/tasks/apache-ppa.yml deleted file mode 100644 index 33a10997..00000000 --- a/library/roles/apache/tasks/apache-ppa.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- block: - - name: Install the Ubuntu apache PPA - apt_repository: repo='{{ apache_ppa_repo }}' update_cache=yes - - when: apache_from_ppa - tags: [ 'apache', 'apache_ppa' ] - -- block: - - name: Remove the Ubuntu apache PPA - apt_repository: repo='{{ apache_ppa_repo }}' update_cache=yes state=absent - - when: not apache_from_ppa - tags: [ 'apache', 'apache_ppa' ] diff --git a/library/roles/apache/tasks/apache.yml b/library/roles/apache/tasks/apache.yml deleted file mode 100644 index 9b809380..00000000 --- a/library/roles/apache/tasks/apache.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: Install the apache packages - apt: pkg={{ item }} state={{ apache_pkg_state }} update_cache=yes cache_valid_time=3600 - with_items: '{{ apache_packages }}' - tags: [ 'apache', 'apache_main_packages' ] - -- name: Install the apache modules packages - apt: pkg={{ item }} state={{ apache_pkg_state }} update_cache=yes cache_valid_time=3600 - with_items: '{{ apache_modules_packages }}' - when: - - not apache_from_ppa - - is_trusty - tags: [ 'apache', 'apache_additional_packages' ] - -- name: Install the apache additional packages, if any - apt: pkg={{ item }} state={{ apache_pkg_state }} update_cache=yes cache_valid_time=3600 - with_items: '{{ apache_additional_packages_list }}' - when: apache_additional_packages - tags: [ 'apache', 'apache_additional_packages' ] - -- name: Instal the ports conf file - template: src=ports.conf dest=/etc/apache2/ports.conf - notify: apache2 reload - tags: [ 'apache', 'apache_conf' ] - -- name: Remove the default virtualhost file - file: dest=/etc/apache2/sites-enabled/{{ item }} state=absent - with_items: - - 000-default - - 000-default.conf - notify: apache2 reload - tags: apache - -- name: Ensure that the apache service is enabled and started - service: name=apache2 state=started enabled=yes - when: apache_service_enabled - ignore_errors: True - tags: apache - -- name: Ensure that the apache service is disabled and stopped if we do not want it running - service: name=apache2 state=stopped enabled=no - when: not apache_service_enabled - ignore_errors: True - tags: apache diff --git a/library/roles/apache/tasks/main.yml b/library/roles/apache/tasks/main.yml deleted file mode 100644 index 2370761e..00000000 --- a/library/roles/apache/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- import_tasks: apache-ppa.yml -- import_tasks: apache.yml -- import_tasks: apache-modules.yml -- import_tasks: apache-basic-auth.yml - when: apache_basic_auth -- import_tasks: apache-letsencrypt.yml - when: letsencrypt_acme_install is defined and letsencrypt_acme_install diff --git a/library/roles/apache/templates/info.conf.j2 b/library/roles/apache/templates/info.conf.j2 deleted file mode 100644 index 413dfc24..00000000 --- a/library/roles/apache/templates/info.conf.j2 +++ /dev/null @@ -1,20 +0,0 @@ - - - # Allow remote server configuration reports, with the URL of - # http://servername/server-info (requires that mod_info.c be loaded). - # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. - # - - SetHandler server-info - Require local - {% if nagios_monitoring_server_ip is defined %} - {% for addr in nagios_monitoring_server_ip %} - Require ip {{ addr }} - {% endfor %} - {% endif %} - {% for addr in apache_info_allowed_hosts %} - Require ip {{ addr }} - {% endfor %} - - - diff --git a/library/roles/apache/templates/letsencrypt-proxy.conf.j2 b/library/roles/apache/templates/letsencrypt-proxy.conf.j2 deleted file mode 100644 index 4dddd47b..00000000 --- a/library/roles/apache/templates/letsencrypt-proxy.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -ProxyPass "/.well-known/acme-challenge" "http://127.0.0.1:{{ letsencrypt_acme_standalone_port}}/.well-known/acme-challenge" diff --git a/library/roles/apache/templates/ports.conf b/library/roles/apache/templates/ports.conf deleted file mode 100644 index bc9e42fc..00000000 --- a/library/roles/apache/templates/ports.conf +++ /dev/null @@ -1,3 +0,0 @@ -{% for port in apache_listen_ports %} -Listen {{ port }} -{% endfor %} diff --git a/library/roles/apache/templates/status.conf.j2 b/library/roles/apache/templates/status.conf.j2 deleted file mode 100644 index 28d37ed2..00000000 --- a/library/roles/apache/templates/status.conf.j2 +++ /dev/null @@ -1,32 +0,0 @@ - - # Allow server status reports generated by mod_status, - # with the URL of http://servername/server-status - # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. - - - SetHandler server-status - Require local - {% if nagios_monitoring_server_ip is defined %} - {% for addr in nagios_monitoring_server_ip %} - Require ip {{ addr }} - {% endfor %} - {% endif %} - {% for addr in apache_status_allowed_hosts %} - Require ip {{ addr }} - {% endfor %} - - - # Keep track of extended status information for each request - ExtendedStatus On - - # Determine if mod_status displays the first 63 characters of a request or - # the last 63, assuming the request itself is greater than 63 chars. - # Default: Off - #SeeRequestTail On - - - # Show Proxy LoadBalancer status in mod_status - ProxyStatus On - - - \ No newline at end of file diff --git a/library/roles/ldap-client-config/defaults/main.yml b/library/roles/ldap-client-config/defaults/main.yml deleted file mode 100644 index 8ed59077..00000000 --- a/library/roles/ldap-client-config/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -ldap_uri: "ldap://ldap.sub.research-infrastructures.eu" -ldap_base_dn: "dc=research-infrastructures,dc=eu" -ldap_tls_cacert: /etc/ssl/certs/ca-certificates.crt diff --git a/library/roles/ldap-client-config/tasks/main.yml b/library/roles/ldap-client-config/tasks/main.yml deleted file mode 100644 index c4b4e76e..00000000 --- a/library/roles/ldap-client-config/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Install the ldap utilities - apt: pkg={{ item }} state={{ pkg_state }} - with_items: - - ldapscripts - - libpam-ldap - tags: ldap-client - -- name: Write the ldap client configuration file - template: src=ldap.conf-old.j2 dest=/etc/ldap.conf mode=444 owner=root group=root - when: is_ubuntu_less_than_trusty - tags: ldap-client - -- name: Write the ldap client configuration file - template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf mode=444 owner=root group=root - when: is_trusty - tags: ldap-client - -- name: set the ldapscripts.conf uri - action: configfile path=/etc/ldapscripts/ldapscripts.conf key=SERVER value='{{ ldap_uri }}' syntax=shell - when: is_trusty - tags: ldap-client - -- name: set the ldapscripts.conf bind dn - action: configfile path=/etc/ldapscripts/ldapscripts.conf key=BINDDN value='cn=admin,{{ ldap_base_dn }}' syntax=shell - when: is_trusty - tags: ldap-client - -- name: set the ldapscripts.conf dn suffix - action: configfile path=/etc/ldapscripts/ldapscripts.conf key=SUFFIX value='{{ ldap_base_dn }}' syntax=shell - when: is_trusty - tags: ldap-client - diff --git a/library/roles/ldap-client-config/templates/ldap.conf-old.j2 b/library/roles/ldap-client-config/templates/ldap.conf-old.j2 deleted file mode 100644 index 38754476..00000000 --- a/library/roles/ldap-client-config/templates/ldap.conf-old.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# The distinguished name of the search base. -BASE {{ ldap_base_dn }} - -# Another way to specify your LDAP server is to provide an -URI {{ ldap_uri }} - -# The LDAP version to use (defaults to 3 -# if supported by client library) -ldap_version 3 - -nss_initgroups_ignoreusers avahi,backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,messagebus,munin,news,nslcd,proxy,root,rstudio-server,sshd,sync,sys,syslog,uucp,www-data diff --git a/library/roles/ldap-client-config/templates/ldap.conf.j2 b/library/roles/ldap-client-config/templates/ldap.conf.j2 deleted file mode 100644 index ae1526d6..00000000 --- a/library/roles/ldap-client-config/templates/ldap.conf.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# The distinguished name of the search base. -BASE {{ ldap_base_dn }} - -# Another way to specify your LDAP server is to provide an -URI {{ ldap_uri }} - -# The LDAP version to use (defaults to 3 -# if supported by client library) -ldap_version 3 - -nss_initgroups_ignoreusers avahi,backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,messagebus,munin,news,nslcd,proxy,root,rstudio-server,sshd,sync,sys,syslog,uucp,www-data - -# TLS certificates (needed for GnuTLS) -TLS_CACERT {{ ldap_tls_cacert }} diff --git a/library/roles/letsencrypt-acmetool-client/defaults/main.yml b/library/roles/letsencrypt-acmetool-client/defaults/main.yml deleted file mode 100644 index 0ebd556f..00000000 --- a/library/roles/letsencrypt-acmetool-client/defaults/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -letsencrypt_acme_install: False -# Set to false if a binary installation is needed (unsupported distributions) -letsencrypt_pkg_install: True -letsencrypt_acme_pkg_state: latest -letsencrypt_acme_pkgs: - - acmetool - - libcap2-bin -letsencrypt_acme_ppa_repo: 'ppa:hlandau/rhea' -letsencrypt_acme_debian_repo: 'deb http://ppa.launchpad.net/hlandau/rhea/ubuntu xenial main' -letsencrypt_acme_debian_repo_key: '9862409EF124EC763B84972FF5AC9651EDB58DFA' -letsencrypt_acme_user: acme -letsencrypt_acme_user_home: /var/lib/acme -letsencrypt_acme_log_dir: /var/log/acme - -letsencrypt_acme_command: acmetool -letsencrypt_acme_command_opts: '--hooks={{ letsencrypt_acme_services_scripts_dir }} --batch --xlog.syslog --xlog.syslogseverity=INFO --xlog.file="{{ letsencrypt_acme_log_dir }}/certrequest.log" --xlog.fileseverity=TRACE' -letsencrypt_acme_config_dir: '{{ letsencrypt_acme_user_home }}/conf' -letsencrypt_acme_certsconf_dir: '{{ letsencrypt_acme_user_home }}/desired' -letsencrypt_acme_dest_dir: '{{ ansible_fqdn }}' -letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ letsencrypt_acme_dest_dir }}' -# The various services maintainers need to put the reconfigure/restart scripts there -letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks - -# responses parameters -letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' -letsencrypt_acme_agree_tos: true -letsencrypt_acme_rsa_key_size: 4096 -letsencrypt_ocsp_must_staple: False -# rsa|ecdsa -letsencrypt_acme_key_type: ecdsa -letsencrypt_acme_ecdsa_curve: nistp256 -letsencrypt_acme_email: sysadmin@example.com -letsencrypt_specify_key_id: False -letsencrypt_key_id: 'some random string' -# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured. -# Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case. -letsencrypt_acme_authenticator: listener -letsencrypt_acme_cron_day_of_month: '*' -letsencrypt_acme_cron_hour: '{{ range(1, 4) | random }}' -letsencrypt_acme_cron_minute: '{{ range(0, 59) | random }}' - -# desired parameters -letsencrypt_acme_domains: - - '{{ ansible_fqdn }}' -letsencrypt_acme_standalone_port: 4402 - diff --git a/library/roles/letsencrypt-acmetool-client/handlers/main.yml b/library/roles/letsencrypt-acmetool-client/handlers/main.yml deleted file mode 100644 index 9d1c6a95..00000000 --- a/library/roles/letsencrypt-acmetool-client/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Initialize letsencrypt acmetool - become: True - become_user: '{{ letsencrypt_acme_user }}' - command: '/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1' - when: letsencrypt_acme_install - ignore_errors: True - diff --git a/library/roles/letsencrypt-acmetool-client/tasks/main.yml b/library/roles/letsencrypt-acmetool-client/tasks/main.yml deleted file mode 100644 index 040b2ddb..00000000 --- a/library/roles/letsencrypt-acmetool-client/tasks/main.yml +++ /dev/null @@ -1,143 +0,0 @@ ---- -- name: Install the letsencrypt acmetool repo on ubuntu - apt_repository: repo={{ letsencrypt_acme_ppa_repo }} state=present update_cache=yes - when: - - letsencrypt_acme_install - - is_trusty - - letsencrypt_pkg_install - notify: Initialize letsencrypt acmetool - tags: letsencrypt - -- name: Install the letsencrypt acmetool repo key on debian - apt_key: keyserver=keyserver.ubuntu.com id={{ letsencrypt_acme_debian_repo_key }} - when: - - letsencrypt_acme_install - - is_debian - - letsencrypt_pkg_install - tags: letsencrypt - -- name: Install the letsencrypt acmetool repo on debian - apt_repository: repo={{ letsencrypt_acme_debian_repo }} state=present update_cache=yes - when: - - letsencrypt_acme_install - - is_debian - - letsencrypt_pkg_install - notify: Initialize letsencrypt acmetool - tags: letsencrypt - -- name: Create the letsencrypt acme user - user: name={{ letsencrypt_acme_user }} home={{ letsencrypt_acme_user_home }} createhome=no shell=/usr/sbin/nologin system=yes - when: letsencrypt_acme_install - tags: [ 'letsencrypt', 'letsencrypt_user' ] - -- name: Create the letsencrypt acme home, if it does not exist already. In a separate step because it could be already there. - file: dest={{ letsencrypt_acme_user_home }} owner={{ letsencrypt_acme_user }} group={{ letsencrypt_acme_user }} state=directory recurse=yes - when: letsencrypt_acme_install - tags: letsencrypt - -- name: Install the letsencrypt acmetool package and some deps - apt: pkg={{ letsencrypt_acme_pkgs }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600 - when: - - letsencrypt_acme_install - - letsencrypt_pkg_install - tags: letsencrypt - -- name: Create the letsencrypt acme config directory - become: True - become_user: '{{ letsencrypt_acme_user }}' - file: dest={{ letsencrypt_acme_config_dir }} state=directory mode=0755 - when: letsencrypt_acme_install - tags: letsencrypt - -- name: Create the letsencrypt acme desired domains directory - become: True - become_user: '{{ letsencrypt_acme_user }}' - file: dest={{ letsencrypt_acme_certsconf_dir }} state=directory mode=0755 - when: letsencrypt_acme_install - tags: letsencrypt - -- name: Create the letsencrypt acme hooks directory - file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root mode=0755 - when: letsencrypt_acme_install - tags: letsencrypt - -- name: Install a default file that shell scripts can include - template: src=letsencrypt-default.j2 dest=/etc/default/letsencrypt owner=root group=root mode=0644 - when: letsencrypt_acme_install - tags: letsencrypt - -- name: Install the letsencrypt acme responses file - become: True - become_user: '{{ letsencrypt_acme_user }}' - template: src=responses.j2 dest={{ letsencrypt_acme_config_dir }}/responses mode=0644 - when: letsencrypt_acme_install - tags: [ 'letsencrypt', 'letsencrypt_responses' ] - -- name: Install the letsencrypt acme certs config file - become: True - become_user: '{{ letsencrypt_acme_user }}' - template: src=cert-requirements.j2 dest={{ letsencrypt_acme_certsconf_dir }}/{{ ansible_fqdn }} mode=0644 - when: letsencrypt_acme_install - register: letsencrypt_new_desired_file - tags: letsencrypt - -- name: Set the cap_net_bind_service capability to the acmetool binary when we use it in listener mode - capabilities: path=/usr/bin/acmetool capability=cap_net_bind_service+ep state=present - when: - - letsencrypt_acme_install - - letsencrypt_acme_authenticator == 'listener' - tags: letsencrypt - -- name: Remove the cap_net_bind_service capability to the acmetool binary if not needed - capabilities: path=/usr/bin/acmetool capability=cap_net_bind_service+ep state=absent - when: - - letsencrypt_acme_install - - letsencrypt_acme_authenticator != 'listener' - ignore_errors: True - tags: letsencrypt - -- name: Install the sudoers config needed to run the acmetool hooks - template: src=acme-sudoers.j2 dest=/etc/sudoers.d/letsencrypt-acme owner=root group=root mode=0440 - when: letsencrypt_acme_install - tags: letsencrypt - -- name: Create a directory where to put the cron job and hooks logs - file: dest={{ letsencrypt_acme_log_dir }} state=directory owner={{ letsencrypt_acme_user }} group={{ letsencrypt_acme_user }} mode=0750 - when: letsencrypt_acme_install - tags: letsencrypt - -- name: Install a script that requests the certificates and manage the self signed certificate - template: src=acme-cert-request.sh.j2 dest=/usr/local/bin/acme-cert-request owner=root group=root mode=0755 - when: letsencrypt_acme_install - tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_hook' ] - -- name: Set certificates as to be revoked - become: True - become_user: '{{ letsencrypt_acme_user }}' - file: dest={{ letsencrypt_acme_user_home }}certs/{{ item.cert_name }}/revoke - with_items: '{{ letsencrypt_certs_revoke_list }}' - when: - - letsencrypt_acme_install - - letsencrypt_certs_revoke_list is defined - tags: letsencrypt - -- name: Remove the old cron script - file: dest=/usr/local/bin/cron-acme-cert-request state=absent - when: letsencrypt_acme_install - tags: [ 'letsencrypt', 'letsencrypt_cron' ] - -- name: Install a daily cron job to renew the certificates when needed - become: True - become_user: '{{ letsencrypt_acme_user }}' - cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1" - when: letsencrypt_acme_install - tags: [ 'letsencrypt', 'letsencrypt_cron' ] - -- name: letsencrypt acmetool request the first certificate - become: True - become_user: '{{ letsencrypt_acme_user }}' - command: '/usr/local/bin/acme-cert-request' - when: letsencrypt_new_desired_file is changed - ignore_errors: True - tags: letsencrypt - diff --git a/library/roles/letsencrypt-acmetool-client/templates/acme-cert-request.sh.j2 b/library/roles/letsencrypt-acmetool-client/templates/acme-cert-request.sh.j2 deleted file mode 100644 index d595c1c7..00000000 --- a/library/roles/letsencrypt-acmetool-client/templates/acme-cert-request.sh.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -TMP_DIR=/var/tmp/acmetool -BASE_DIR=/var/lib/acme -RETVAL= - -if [ -d $BASE_DIR/keys/fakeselfsignedcert -a -d $BASE_DIR/certs/fakeselfsignedcert ] ; then - mkdir -p $TMP_DIR/{keys,certs} - mv $BASE_DIR/keys/fakeselfsignedcert $TMP_DIR/keys - mv $BASE_DIR/certs/fakeselfsignedcert $TMP_DIR/certs - /bin/rm $BASE_DIR/live/{{ ansible_fqdn }} - {{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} quickstart -fi - -{{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} reconcile -RETVAL=$? - -if [ -d $TMP_DIR ] ; then - if [ $RETVAL -ne 0 ] ; then - mv $TMP_DIR/keys/fakeselfsignedcert $BASE_DIR/keys - mv $TMP_DIR/certs/fakeselfsignedcert $BASE_DIR/certs - cd $BASE_DIR/live - ln -s ../certs/fakeselfsignedcert {{ ansible_fqdn }} - fi - rm -fr $TMP_DIR -fi - -exit $RETVAL diff --git a/library/roles/letsencrypt-acmetool-client/templates/acme-sudoers.j2 b/library/roles/letsencrypt-acmetool-client/templates/acme-sudoers.j2 deleted file mode 100644 index 17cfd21e..00000000 --- a/library/roles/letsencrypt-acmetool-client/templates/acme-sudoers.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{ letsencrypt_acme_user }} ALL=(root) NOPASSWD: {{ letsencrypt_acme_services_scripts_dir }}/ - diff --git a/library/roles/letsencrypt-acmetool-client/templates/cert-requirements.j2 b/library/roles/letsencrypt-acmetool-client/templates/cert-requirements.j2 deleted file mode 100644 index 7c01b058..00000000 --- a/library/roles/letsencrypt-acmetool-client/templates/cert-requirements.j2 +++ /dev/null @@ -1,25 +0,0 @@ -satisfy: - names: -{% for d in letsencrypt_acme_domains %} - - {{ d }} -{% endfor %} - -request: -{% if letsencrypt_ocsp_must_staple %} - ocsp-must-staple: true -{% endif %} - challenge: - http-ports: - - {{ letsencrypt_acme_standalone_port }} - -key: - type: {{ letsencrypt_acme_key_type }} -{% if letsencrypt_acme_key_type == 'rsa' %} - rsa-size: {{ letsencrypt_acme_rsa_key_size }} -{% else %} - ecdsa-curve: {{ letsencrypt_acme_ecdsa_curve }} -{% endif %} -{% if letsencrypt_specify_key_id %} - id: {{ letsencrypt_key_id }} -{% endif %} - diff --git a/library/roles/letsencrypt-acmetool-client/templates/letsencrypt-default.j2 b/library/roles/letsencrypt-acmetool-client/templates/letsencrypt-default.j2 deleted file mode 100644 index b8ba756d..00000000 --- a/library/roles/letsencrypt-acmetool-client/templates/letsencrypt-default.j2 +++ /dev/null @@ -1,4 +0,0 @@ -LE_EMAIL={{ letsencrypt_acme_email }} -LE_SERVICES_SCRIPT_DIR={{ letsencrypt_acme_services_scripts_dir }} -LE_CERTS_DIR={{ letsencrypt_acme_certs_dir }} -LE_LOG_DIR={{ letsencrypt_acme_log_dir }} diff --git a/library/roles/letsencrypt-acmetool-client/templates/responses.j2 b/library/roles/letsencrypt-acmetool-client/templates/responses.j2 deleted file mode 100644 index 8e361635..00000000 --- a/library/roles/letsencrypt-acmetool-client/templates/responses.j2 +++ /dev/null @@ -1,13 +0,0 @@ -"acme-enter-email": "{{ letsencrypt_acme_email }}" -"acme-agreement:{{ letsencrypt_tos_url }}": {{ letsencrypt_acme_agree_tos }} -# https://acme-staging.api.letsencrypt.org/directory is the staging site. -# This is the production site -"acmetool-quickstart-choose-server": https://acme-v01.api.letsencrypt.org/directory -"acmetool-quickstart-choose-method": {{ letsencrypt_acme_authenticator }} -"acmetool-quickstart-complete": true -"acmetool-quickstart-install-cronjob": false -"acmetool-quickstart-install-haproxy-script": false -"acmetool-quickstart-install-redirector-systemd": false -"acmetool-quickstart-key-type": {{ letsencrypt_acme_key_type }} -"acmetool-quickstart-rsa-key-size": {{ letsencrypt_acme_rsa_key_size }} -"acmetool-quickstart-ecdsa-curve": {{ letsencrypt_acme_ecdsa_curve }} diff --git a/library/roles/nginx/defaults/main.yml b/library/roles/nginx/defaults/main.yml deleted file mode 100644 index cf21aa95..00000000 --- a/library/roles/nginx/defaults/main.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -nginx_enabled: True -nginx_use_ppa: False -nginx_ppa_repo: ppa:nginx/stable -nginx_package_state: present -# See https://mozilla.github.io/server-side-tls/ssl-config-generator/ -nginx_ssl_level: intermediate - -nginx_snippets_dir: /etc/nginx/snippets - -nginx_conf_snippets: - - nginx-compression.conf - - nginx-websockets.conf - - nginx-browser-cache.conf - - letsencrypt-proxy.conf - - nginx-proxy-params.conf - - nginx-server-ssl.conf - - nginx-cors.conf - -nginx_old_snippets: - - compression.conf - -nginx_workers: 4 -nginx_worker_connections: 1024 -nginx_multi_accept: 'off' -nginx_worker_rlimit_nofile: 2048 -nginx_server_tokens: 'off' - -nginx_large_client_header_buffers: 4 8k - -nginx_enable_compression: True -nginx_gzip_vary: "on" -nginx_gzip_proxied: any -nginx_gzip_comp_level: 6 -nginx_gzip_buffers: 16 8k -nginx_gzip_http_version: 1.1 -nginx_gzip_types: "text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript" - -nginx_enable_browser_cache: True -nginx_cache_control: public -nginx_html_cache_expire: -1 -nginx_feed_cache_expire_enabled: False -nginx_feed_cache_expire: 1h -nginx_media_cache_expire: 1M -nginx_css_js_cache_expire: -1 - -nginx_reverse_proxy: False -nginx_define_x_real_ip: False -nginx_set_original_uri: True -nginx_proxy_buffering: "on" -nginx_proxy_redirect: "off" -nginx_proxy_buffer_size: 128k -nginx_proxy_buffers: '4 {{ nginx_proxy_buffer_size }}' -nginx_proxy_busy_buffers_size: 256k -nginx_proxy_connect_timeout: 30s -nginx_proxy_read_timeout: 480s -nginx_proxy_send_timeout: 120s -nginx_proxy_temp_file_write_size: '{{ nginx_proxy_buffer_size }}' -nginx_client_max_body_size: 100M -nginx_client_body_timeout: 240s - -nginx_cors_enabled: False -nginx_cors_global: True -nginx_cors_limit_origin: True -nginx_cors_extended_rules: False -nginx_cors_acl_origin: 'http?://(localhost)' -# Possible methods: -# CONNECT, DEBUG, DELETE, DONE, GET, HEAD, HTTP, HTTP/0.9, HTTP/1.0, HTTP/1.1, HTTP/2, OPTIONS, ORIGIN, ORIGINS, PATCH, POST, PUT, QUIC, REST, SESSION, SHOULD, SPDY, TRACE, TRACK -nginx_cors_allowed_methods: 'GET, POST, OPTIONS' -# Possible headers: -# 'Accept, Accept-CH, Accept-Charset, Accept-Datetime, Accept-Encoding, Accept-Ext, Accept-Features, Accept-Language, Accept-Params, Accept-Ranges, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin, Access-Control-Expose-Headers, Access-Control-Max-Age, Access-Control-Request-Headers, Access-Control-Request-Method, Age, Allow, Alternates, Authentication-Info, Authorization, C-Ext, C-Man, C-Opt, C-PEP, C-PEP-Info, CONNECT, Cache-Control, Compliance, Connection, Content-Base, Content-Disposition, Content-Encoding, Content-ID, Content-Language, Content-Length, Content-Location, Content-MD5, Content-Range, Content-Script-Type, Content-Security-Policy, Content-Style-Type, Content-Transfer-Encoding, Content-Type, Content-Version, Cookie, Cost, DAV, DELETE, DNT, DPR, Date, Default-Style, Delta-Base, Depth, Derived-From, Destination, Differential-ID, Digest, ETag, Expect, Expires, Ext, From, GET, GetProfile, HEAD, HTTP-date, Host, IM, If, If-Match, If-Modified-Since, If-None-Match, If-Range, If-Unmodified-Since, Keep-Alive, Label, Last-Event-ID, Last-Modified, Link, Location, Lock-Token, MIME-Version, Man, Max-Forwards, Media-Range, Message-ID, Meter, Negotiate, Non-Compliance, OPTION, OPTIONS, OWS, Opt, Optional, Ordering-Type, Origin, Overwrite, P3P, PEP, PICS-Label, POST, PUT, Pep-Info, Permanent, Position, Pragma, ProfileObject, Protocol, Protocol-Query, Protocol-Request, Proxy-Authenticate, Proxy-Authentication-Info, Proxy-Authorization, Proxy-Features, Proxy-Instruction, Public, RWS, Range, Referer, Refresh, Resolution-Hint, Resolver-Location, Retry-After, Safe, Sec-Websocket-Extensions, Sec-Websocket-Key, Sec-Websocket-Origin, Sec-Websocket-Protocol, Sec-Websocket-Version, Security-Scheme, Server, Set-Cookie, Set-Cookie2, SetProfile, SoapAction, Status, Status-URI, Strict-Transport-Security, SubOK, Subst, Surrogate-Capability, Surrogate-Control, TCN, TE, TRACE, Timeout, Title, Trailer, Transfer-Encoding, UA-Color, UA-Media, UA-Pixels, UA-Resolution, UA-Windowpixels, URI, Upgrade, User-Agent, Variant-Vary, Vary, Version, Via, Viewport-Width, WWW-Authenticate, Want-Digest, Warning, Width, X-Content-Duration, X-Content-Security-Policy, X-Content-Type-Options, X-CustomHeader, X-DNSPrefetch-Control, X-Forwarded-For, X-Forwarded-Port, X-Forwarded-Proto, X-Frame-Options, X-Modified, X-OTHER, X-PING, X-PINGOTHER, X-Powered-By, X-Requested-With, Observe' -nginx_cors_allowed_headers: 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Accept-Language,X-CustomHeader,Content-Range,Range,Observe' - -# Find a set of acceptable defaults for the cache setup -nginx_cache_enabled: False - -nginx_use_ldap_pam_auth: False -nginx_pam_svc_name: nginx -nginx_ldap_uri: "ldap://ldap.example.org" -nginx_ldap_base_dn: "dc=example,dc=org" -nginx_basic_auth: False -nginx_basic_auth_users: - - { name: 'test', pwd: 'hide inside a vault file', file: '/etc/nginx/htpasswd' } -# nginx_ldap_login_attribute: uid -# nginx_ldap_pam_groupdn: -nginx_webroot: /usr/share/nginx/html -nginx_letsencrypt_managed: True -nginx_websockets_support: False -nginx_use_common_virthost: False -# Set it to 'ssl http2' if the nginx version supports it -nginx_ssl_type: ssl -# When we do not use letsencrypt: -# nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt' -# nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key' -nginx_block_dotfiles: True - -# Virtualhost example -# nginx_virthosts: -# - virthost_name: '{{ ansible_fqdn }}' -# listen: '{{ http_port }}' -# server_name: '{{ ansible_fqdn }}' -# server_aliases: '' -# index: index.html -# error_page: /path_to_error_page.html -# ssl_enabled: False -# ssl_only: False -# ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}' -# root: {{ nginx_webroot }} -# server_tokens: 'off' -# proxy_standard_setup: True -# proxy_additional_options: -# - 'proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;' -# locations: -# - location: / -# target: http://localhost:{{ local_http_port }} -# -# extra_parameters: | -# location ~ \.php$ { -# fastcgi_split_path_info ^(.+\.php)(/.+)$; -# fastcgi_pass unix:/var/run/php5-fpm.sock; -# fastcgi_index index.php; -# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -# include fastcgi_params; -# } - diff --git a/library/roles/nginx/files/nginx-letsencrypt-acme.sh b/library/roles/nginx/files/nginx-letsencrypt-acme.sh deleted file mode 100644 index d18314b3..00000000 --- a/library/roles/nginx/files/nginx-letsencrypt-acme.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks -LE_LOG_DIR=/var/log/letsencrypt -DATE=$( date ) - -[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR -echo "$DATE" >> $LE_LOG_DIR/nginx.log - -if [ -f /etc/default/letsencrypt ] ; then - . /etc/default/letsencrypt -else - echo "No letsencrypt default file" >> $LE_LOG_DIR/nginx.log -fi - -echo "Reload the nginx service" >> $LE_LOG_DIR/nginx.log -if [ -x /bin/systemctl ] ; then - systemctl reload nginx >> $LE_LOG_DIR/nginx.log 2>&1 -else - service nginx reload >> $LE_LOG_DIR/nginx.log 2>&1 -fi - -echo "Done." >> $LE_LOG_DIR/nginx.log - -exit 0 diff --git a/library/roles/nginx/files/nginx.pam b/library/roles/nginx/files/nginx.pam deleted file mode 100644 index f94005a8..00000000 --- a/library/roles/nginx/files/nginx.pam +++ /dev/null @@ -1,26 +0,0 @@ - -# -auth [success=2 default=ignore] pam_unix.so nullok_secure -auth [success=1 default=ignore] pam_ldap.so -auth requisite pam_deny.so -auth required pam_permit.so - -# -account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so -account [success=1 default=ignore] pam_ldap.so -account requisite pam_deny.so -account required pam_permit.so - -# -password [success=1 default=ignore] pam_unix.so obscure sha512 -password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass -password requisite pam_deny.so -password required pam_permit.so - -# -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so -session optional pam_ldap.so diff --git a/library/roles/nginx/handlers/main.yml b/library/roles/nginx/handlers/main.yml deleted file mode 100644 index 04c7fb28..00000000 --- a/library/roles/nginx/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Reload nginx - service: name=nginx state=reloaded - -- name: Restart nginx - service: name=nginx state=restarted - diff --git a/library/roles/nginx/meta/main.yml b/library/roles/nginx/meta/main.yml deleted file mode 100644 index b20d9ba9..00000000 --- a/library/roles/nginx/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -dependencies: - - role: '../../library/roles/ldap-client-config' - when: nginx_use_ldap_pam_auth diff --git a/library/roles/nginx/tasks/basic-auth.yml b/library/roles/nginx/tasks/basic-auth.yml deleted file mode 100644 index 13579097..00000000 --- a/library/roles/nginx/tasks/basic-auth.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- block: - - name: Install the python passlib library on deb based distributions - apt: pkg=python-passlib state=present cache_valid_time=3600 - when: ansible_distribution_file_variety == "Debian" - - - name: Install the python passlib library on RH based distributions - yum: pkg=python-passlib state=present - when: ansible_distribution_file_variety == "RedHat" - - - name: Create the htpasswd file needed by the basic auth - htpasswd: path={{ item.file | default ('/etc/nginx/htpasswd') }} name={{ item.name }} password={{ item.pwd }} state={{ item.state | default('present') }} crypt_scheme={{ item.crypt | default('sha256_crypt') }} - with_items: '{{ nginx_basic_auth_users }}' - - when: nginx_basic_auth - tags: nginx - diff --git a/library/roles/nginx/tasks/main.yml b/library/roles/nginx/tasks/main.yml deleted file mode 100644 index b0ed6145..00000000 --- a/library/roles/nginx/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- import_tasks: nginx-deb.yml - when: ansible_distribution_file_variety == "Debian" -- import_tasks: nginx-rh.yml - when: ansible_distribution_file_variety == "RedHat" -- import_tasks: nginx-config.yml -- import_tasks: nginx-virtualhosts.yml - when: nginx_use_common_virthost | bool -- import_tasks: nginx-letsencrypt.yml - when: letsencrypt_acme_install is defined and letsencrypt_acme_install -- import_tasks: basic-auth.yml -- import_tasks: pam-ldap.yml - -- name: Ensure that the webserver is running and enabled at boot time - service: name=nginx state=started enabled=yes - when: nginx_enabled - ignore_errors: True - tags: nginx - -- name: Ensure that the webserver is stopped and disabled - service: name=nginx state=stopped enabled=no - when: not nginx_enabled - ignore_errors: True - tags: nginx diff --git a/library/roles/nginx/tasks/nginx-config.yml b/library/roles/nginx/tasks/nginx-config.yml deleted file mode 100644 index 1f3b45e1..00000000 --- a/library/roles/nginx/tasks/nginx-config.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- block: - - name: Create the snippets directory - file: dest={{ nginx_snippets_dir }} state=directory - - - name: Create the pki directory - file: dest={{ pki_dir }}/nginx state=directory - - - name: Create the client body tmp directory, if needed - file: dest={{ nginx_client_body_temp_dir }}/nginx state=directory owner=www-data group=www-data mode=0700 - when: nginx_client_body_temp_dir is defined - - - name: Create a dhparams file 2048 bits long - shell: openssl dhparam -out {{ pki_dir }}/nginx/dhparams.pem 2048 - args: - creates: '{{ pki_dir }}/nginx/dhparams.pem' - when: nginx_ssl_level == 'intermediate' - notify: Reload nginx - - - name: Install the supported configuration snippets - template: src={{ item }}.j2 dest=/etc/nginx/snippets/{{ item }} owner=root group=root mode=0444 - with_items: '{{ nginx_conf_snippets }}' - notify: Reload nginx - - - name: Install the main nginx.conf - template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=444 - notify: Reload nginx - - - name: Remove the old configuration snippets - file: dest=/etc/nginx/conf.d/{{ item }} state=absent - with_items: '{{ nginx_old_snippets }}' - notify: Reload nginx - - when: nginx_enabled | bool - tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ] - -- block: - - name: remove nginx default virtualhost - file: dest=/etc/nginx/sites-enabled/default state=absent - notify: Reload nginx - - when: - - nginx_enabled | bool - - ansible_distribution_file_variety == "Debian" - tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ] diff --git a/library/roles/nginx/tasks/nginx-deb.yml b/library/roles/nginx/tasks/nginx-deb.yml deleted file mode 100644 index 5ddc9b76..00000000 --- a/library/roles/nginx/tasks/nginx-deb.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- block: - - name: Install the Ubuntu PPA for nginx - apt_repository: repo='{{ nginx_ppa_repo }}' update_cache=yes - when: - - nginx_use_ppa - - "'{{ ansible_distribution }}' == 'Ubuntu'" - tags: [ 'nginx', 'nginx_ppa' ] - - - name: Install the nginx web server - apt: pkg=nginx-full state={{ nginx_package_state }} cache_valid_time=1800 - when: - - not nginx_use_ldap_pam_auth - - ansible_distribution_major_version <= '14' - - - name: Install the nginx web server if we need ldap auth via pam - apt: pkg=nginx-extras state={{ nginx_package_state }} cache_valid_time=1800 - when: - - nginx_use_ldap_pam_auth - - ansible_distribution_major_version <= '14' - - - name: Install the nginx web server on Ubuntu >= 16.04 - apt: pkg=nginx state={{ nginx_package_state }} cache_valid_time=1800 - when: ansible_distribution_major_version >= '16' - - when: ansible_distribution_file_variety == "Debian" - tags: nginx \ No newline at end of file diff --git a/library/roles/nginx/tasks/nginx-letsencrypt.yml b/library/roles/nginx/tasks/nginx-letsencrypt.yml deleted file mode 100644 index 2c57d94a..00000000 --- a/library/roles/nginx/tasks/nginx-letsencrypt.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- block: - - name: Create the acme hooks directory if it does not yet exist - file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root - - - name: Install a letsencrypt hook for nginx - copy: src=nginx-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/nginx owner=root group=root mode=4555 - - when: - - letsencrypt_acme_install is defined and letsencrypt_acme_install - - nginx_letsencrypt_managed - tags: [ 'nginx', 'letsencrypt' ] - -- block: - - name: Remove the letsencrypt hook for nginx - file: path={{ letsencrypt_acme_services_scripts_dir }}/nginx state=absent - - when: not nginx_letsencrypt_managed - tags: [ 'nginx', 'letsencrypt' ] - diff --git a/library/roles/nginx/tasks/nginx-rh.yml b/library/roles/nginx/tasks/nginx-rh.yml deleted file mode 100644 index 57211c2d..00000000 --- a/library/roles/nginx/tasks/nginx-rh.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- block: - - name: Install the nginx web server - yum: pkg=nginx state={{ nginx_package_state }} - - when: ansible_distribution_file_variety == "RedHat" - tags: nginx diff --git a/library/roles/nginx/tasks/nginx-virtualhosts.yml b/library/roles/nginx/tasks/nginx-virtualhosts.yml deleted file mode 100644 index 1615c602..00000000 --- a/library/roles/nginx/tasks/nginx-virtualhosts.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- block: - - name: Create the nginx webroot if different from the default - file: dest={{ nginx_webroot }} state=directory mode=0755 - when: nginx_webroot != '/usr/share/nginx/html' - - tags: [ 'nginx', 'virtualhost' ] - -- name: Install and enable the nginx virtualhost files on Deb based systems - block: - - name: Install the nginx virtualhost files - template: src=nginx-virthost.j2 dest=/etc/nginx/sites-available/{{ item.virthost_name }} owner=root group=root mode=0444 - with_items: '{{ nginx_virthosts | default(omit) }}' - notify: Reload nginx - - - name: Enable the nginx virtualhosts - file: src=/etc/nginx/sites-available/{{ item.virthost_name }} dest=/etc/nginx/sites-enabled/{{ item.virthost_name }} state=link - with_items: '{{ nginx_virthosts | default(omit) }}' - notify: Reload nginx - - when: ansible_distribution_file_variety == "Debian" - tags: [ 'nginx', 'virtualhost' ] - -- name: Install and enable the nginx virtualhost files on RH based systems - block: - - name: Install the nginx virtualhost files - template: src=nginx-virthost.j2 dest=/etc/nginx/conf.d/{{ item.virthost_name }}.conf owner=root group=root mode=0444 - with_items: '{{ nginx_virthosts | default(omit) }}' - notify: Reload nginx - - when: ansible_distribution_file_variety == "RedHat" - tags: [ 'nginx', 'virtualhost' ] diff --git a/library/roles/nginx/tasks/pam-ldap.yml b/library/roles/nginx/tasks/pam-ldap.yml deleted file mode 100644 index ae253511..00000000 --- a/library/roles/nginx/tasks/pam-ldap.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Install pam service for nginx - copy: src=nginx.pam dest=/etc/pam.d/{{ nginx_pam_svc_name }} - notify: Reload nginx - when: nginx_use_ldap_pam_auth - tags: nginx - diff --git a/library/roles/nginx/templates/ldap.conf.j2 b/library/roles/nginx/templates/ldap.conf.j2 deleted file mode 100644 index b748f415..00000000 --- a/library/roles/nginx/templates/ldap.conf.j2 +++ /dev/null @@ -1,16 +0,0 @@ -# The distinguished name of the search base. -base {{ nginx_ldap_base_dn }} - -# Another way to specify your LDAP server is to provide an -uri {{ nginx_ldap_uri }} -if {% nginx_ldap_login_attribute is defined %} -pam_login_attribute {{ nginx_ldap_login_attribute }} -{% endif %} -if {% nginx_ldap_pam_groupdn is defined %} -pam_groupdn -{% endif %} -# The LDAP version to use (defaults to 3 -# if supported by client library) -ldap_version 3 - -nss_initgroups_ignoreusers avahi,backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,messagebus,munin,news,nslcd,proxy,root,rstudio-server,sshd,sync,sys,syslog,uucp,www-data diff --git a/library/roles/nginx/templates/letsencrypt-proxy.conf.j2 b/library/roles/nginx/templates/letsencrypt-proxy.conf.j2 deleted file mode 100644 index d385cf19..00000000 --- a/library/roles/nginx/templates/letsencrypt-proxy.conf.j2 +++ /dev/null @@ -1,9 +0,0 @@ -# Include this one inside a "server" directive listening on port 80, this way: -# include /etc/nginx/snippets/letsencrypt-proxy.conf; - location ^~ /.well-known/acme-challenge { - proxy_pass http://127.0.0.1:{{ letsencrypt_acme_standalone_port | default('4402') }}/.well-known/acme-challenge; - access_log /var/log/nginx/letsencrypt_acmetool_access.log; - error_log /var/log/nginx/letsencrypt_acmetool_error.log; - } - - diff --git a/library/roles/nginx/templates/nginx-browser-cache.conf.j2 b/library/roles/nginx/templates/nginx-browser-cache.conf.j2 deleted file mode 100644 index ade01328..00000000 --- a/library/roles/nginx/templates/nginx-browser-cache.conf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -# include inside a 'server' directive -# -location ~* \.(?:manifest|appcache|html?|xml|json)$ { - expires {{ nginx_html_cache_expire }}; -} - -{% if nginx_feed_cache_expire_enabled %} -# -location ~* \.(?:rss|atom)$ { - expires {{ nginx_feed_cache_expire }}; - add_header Cache-Control "{{ nginx_cache_control }}"; -} -{% endif %} - -# -location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { - expires {{ nginx_media_cache_expire }}; - access_log off; - add_header Cache-Control "{{ nginx_cache_control }}"; -} - -# -location ~* \.(?:css|js)$ { - expires {{ nginx_css_js_cache_expire }}; - access_log off; - add_header Cache-Control "{{ nginx_cache_control }}"; -} diff --git a/library/roles/nginx/templates/nginx-compression.conf.j2 b/library/roles/nginx/templates/nginx-compression.conf.j2 deleted file mode 100644 index 4a06955b..00000000 --- a/library/roles/nginx/templates/nginx-compression.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -gzip_vary {{ nginx_gzip_vary }}; -gzip_proxied {{ nginx_gzip_proxied }}; -gzip_comp_level {{ nginx_gzip_comp_level }}; -gzip_buffers {{ nginx_gzip_buffers }}; -gzip_http_version {{ nginx_gzip_http_version }}; -gzip_types {{ nginx_gzip_types }}; diff --git a/library/roles/nginx/templates/nginx-cors.conf.j2 b/library/roles/nginx/templates/nginx-cors.conf.j2 deleted file mode 100644 index 1f3af869..00000000 --- a/library/roles/nginx/templates/nginx-cors.conf.j2 +++ /dev/null @@ -1,58 +0,0 @@ -{% if nginx_cors_extended_rules %} -if ($request_method = 'OPTIONS') { -{% if nginx_cors_limit_origin %} - add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; -{% else %} - add_header 'Access-Control-Allow-Origin' '*'; -{% endif %} - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; - # - # Custom headers and headers various browsers *should* be OK with but aren't - # - add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; - # - # Tell client that this pre-flight info is valid for 20 days - # - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; -} -if ($request_method = 'POST') { -{% if nginx_cors_limit_origin %} - add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; -{% else %} - add_header 'Access-Control-Allow-Origin' '*'; -{% endif %} - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; - add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; - add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}'; -} -if ($request_method = 'GET') { -{% if nginx_cors_limit_origin %} - add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; -{% else %} - add_header 'Access-Control-Allow-Origin' '*'; -{% endif %} - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; - add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; - add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}'; -} -{% else %} -{% if nginx_cors_limit_origin %} -add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; -{% else %} -add_header 'Access-Control-Allow-Origin' '*'; -{% endif %} -if ($request_method = OPTIONS ) { - return 204; -} -add_header 'Access-Control-Allow-Credentials' 'true'; -add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; -add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; -add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}'; -{% endif %} - diff --git a/library/roles/nginx/templates/nginx-proxy-params.conf.j2 b/library/roles/nginx/templates/nginx-proxy-params.conf.j2 deleted file mode 100644 index 2d834a43..00000000 --- a/library/roles/nginx/templates/nginx-proxy-params.conf.j2 +++ /dev/null @@ -1,29 +0,0 @@ -# Proxy stuff -# include /etc/nginx/snippets/nginx-proxy-params.conf; -proxy_http_version 1.1; -proxy_set_header Connection ""; -{% if haproxy_ips is defined %} -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-Host $remote_addr; -proxy_set_header X-Forwarded-Server $host; -{% else %} -proxy_set_header Host $host; -{% if nginx_define_x_real_ip %} -proxy_set_header X-Real-IP $remote_addr; -{% endif %} -{% endif %} -{% if nginx_set_original_uri %} -proxy_set_header nginx-request-uri $request_uri; -{% endif %} -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_buffering {{ nginx_proxy_buffering }}; -proxy_buffer_size {{ nginx_proxy_buffer_size }}; -proxy_buffers {{ nginx_proxy_buffers }}; -proxy_busy_buffers_size {{ nginx_proxy_busy_buffers_size }}; -proxy_temp_file_write_size {{ nginx_proxy_temp_file_write_size }}; -proxy_redirect {{ nginx_proxy_redirect }}; -proxy_connect_timeout {{ nginx_proxy_connect_timeout }}; -proxy_read_timeout {{ nginx_proxy_read_timeout }}; -proxy_send_timeout {{ nginx_proxy_send_timeout }}; diff --git a/library/roles/nginx/templates/nginx-server-ssl.conf.j2 b/library/roles/nginx/templates/nginx-server-ssl.conf.j2 deleted file mode 100644 index f09f52e4..00000000 --- a/library/roles/nginx/templates/nginx-server-ssl.conf.j2 +++ /dev/null @@ -1,49 +0,0 @@ -{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %} -ssl_certificate {{ letsencrypt_acme_certs_dir }}/fullchain; -ssl_certificate_key {{ letsencrypt_acme_certs_dir }}/privkey; -{% else %} -ssl_certificate {{ nginx_ssl_cert_file | default('/etc/nginx/ssl/server.crt') }}; -ssl_certificate_key {{ nginx_ssl_cert_key | default ('/etc/nginx/ssl/server.key') }}; -{% endif %} -ssl_session_cache shared:SSL:10m; -ssl_session_timeout 1d; -ssl_dhparam {{ pki_dir }}/nginx/dhparams.pem; -{% if nginx_ssl_level == 'old' %} -{% if ansible_distribution_version is version_compare('18.04', '>=') %} -ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; -{% else %} -ssl_protocols TLSv1 TLSv1.1 TLSv1.2; -{% endif %} -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA; -ssl_prefer_server_ciphers on; -{% endif %} -{% if nginx_ssl_level == 'intermediate' %} -{% if ansible_distribution_version is version_compare('18.04', '>=') %} -ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; -{% else %} -ssl_protocols TLSv1.1 TLSv1.2; -{% endif %} -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA; -ssl_prefer_server_ciphers off; -{% endif %} -{% if nginx_ssl_level == 'modern' %} -ssl_session_tickets off; -# modern configuration. tweak to your needs. -{% if ansible_distribution_version is version_compare('18.04', '>=') %} -ssl_protocols TLSv1.2 TLSv1.3; -{% else %} -ssl_protocols TLSv1.2; -{% endif %} -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -ssl_prefer_server_ciphers off; -{% endif %} -{% if ansible_distribution_version is version_compare('14.04', '>=') %} -ssl_stapling on; -ssl_stapling_verify on; -{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %} -ssl_trusted_certificate {{ letsencrypt_acme_certs_dir }}/fullchain; -{% else %} -ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/nginx/ssl/cacert.crt') }}; -{% endif %} -add_header Strict-Transport-Security max-age=15768000; -{% endif %} diff --git a/library/roles/nginx/templates/nginx-virthost.j2 b/library/roles/nginx/templates/nginx-virthost.j2 deleted file mode 100644 index d5f52b91..00000000 --- a/library/roles/nginx/templates/nginx-virthost.j2 +++ /dev/null @@ -1,353 +0,0 @@ -{% if nginx_websockets_support is defined and nginx_websockets_support %} -include /etc/nginx/snippets/nginx-websockets.conf; -{% else %} -{% if item.websockets is defined and item.websockets %} -include /etc/nginx/snippets/nginx-websockets.conf; -{% endif %} -{% endif %} - -server { - listen {{ item.http_port | default ('80') }}; - server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; -{% if nginx_block_dotfiles %} - location ~ /\.(?!well-known).* { - deny all; - access_log off; - log_not_found off; - return 404; - } -{% endif %} - -{% if letsencrypt_acme_install %} - include /etc/nginx/snippets/letsencrypt-proxy.conf; -{% endif %} - - {% if item.access_log is defined %} - access_log {{ item.access_log }}; - {% else %} - access_log /var/log/nginx/{{ item.server_name }}_access.log; - {% endif %} - - {% if item.error_log is defined %} - error_log {{ item.error_log }}; - {% else %} - error_log /var/log/nginx/{{ item.server_name }}_error.log; - {% endif %} - - server_tokens {{ item.server_tokens | default('off') }}; - -{% if item.ssl_enabled and item.ssl_only %} - location / { - return 301 https://{{ item.server_name }}$request_uri; - } -{% else %} - root {{ item.root | default('/usr/share/nginx/html/') }}; - index {{ item.index | default('index.html index.htm') }}; - error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; - location = /50x.html { - root {{ item.error_path | default('/usr/share/nginx/html') }}; - } - location = /favicon.ico { - log_not_found off; - access_log off; - } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } -{% if nginx_block_dotfiles %} - location ~ /\. { - deny all; - access_log off; - log_not_found off; - return 404; - } -{% endif %} - {% if haproxy_ips is defined %} - # We are behind haproxy - {% for ip in haproxy_ips %} - set_real_ip_from {{ ip }}; - {% endfor %} - real_ip_header X-Forwarded-For; - {% endif %} - - {% if item.max_body is defined %} - client_max_body_size {{ item.max_body }}; - {% else %} - client_max_body_size {{ nginx_client_max_body_size }}; - {% endif %} - - {% if item.body_timeout is defined %} - client_body_timeout {{ item.body_timeout }}; - {% else %} - client_body_timeout {{ nginx_client_body_timeout }}; - {% endif %} - - {% if nginx_cors_enabled %} - {% if nginx_cors_global %} - include /etc/nginx/snippets/nginx-cors.conf; - {% endif %} - {% endif %} - - {% if item.additional_options is defined %} - {% for add_opt in item.additional_options %} - {{ add_opt }}; - {% endfor %} - {% endif %} - - {% if item.http_acls is defined %} - {% for acl in item.http_acls %} - {{ acl }}; - {% endfor %} - {% endif %} - - {% if nginx_websockets_support is defined and nginx_websockets_support %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {% if item.websockets is defined and item.websockets %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% endif %} - {% endif %} - - {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} - - # Proxy stuff - {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} - {% else %} - include /etc/nginx/snippets/nginx-proxy-params.conf; - {% endif %} - - {% if item.proxy_additional_options is defined %} - {% for popt in item.proxy_additional_options %} - {{ popt }}; - {% endfor %} - {% endif %} - - {% if item.locations is defined %} - {% for location in item.locations -%} - - location {{ location.location }} { - - {% if nginx_cors_enabled %} - {% if not nginx_cors_global %} - {% if location.cors is defined and location.cors %} - include /etc/nginx/snippets/nginx-cors.conf; - {% endif %} - {% endif %} - {% endif %} - - {% if location.target is defined %} - proxy_pass {{ location.target }}; - {% elif location.php_target is defined %} - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass {{ location.php_target }}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param REMOTE_ADDR $http_x_forwarded_for; - #fastcgi_param REMOTE_ADDR $remote_addr; - include fastcgi_params; - {% endif %} - - {% if location.websockets is defined and location.websockets %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - {% endif %} - - {% if location.extra_conf is defined %} - {{ location.extra_conf }} - {% endif %} - - {% if location.acls is defined %} - {% for acl in location.acls %} - {{ acl }}; - {% endfor %} - {% endif %} - - {% if location.other_opts is defined %} - {% for opt in location.other_opts %} - {{ opt }}; - {% endfor %} - {% endif %} - } - {% endfor %} - {% endif %} - {% endif %} - - {% if item.extra_parameters is defined %} - {{ item.extra_parameters }} - {% endif %} - -{% endif %} - -} - -{% if item.ssl_enabled %} -server { - {% if item.https_port is defined %} - listen {{ item.https_port }} {{ nginx_ssl_type }}; - {% else %} - listen {{ https_port | default('443') }} {{ nginx_ssl_type }}; - {% endif %} - server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; - - {% if item.access_log is defined %} - access_log {{ item.access_log }}; - {% else %} - access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log; - {% endif %} - - {% if item.error_log is defined %} - error_log {{ item.error_log }}; - {% else %} - error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log; - {% endif %} - - root {{ item.root | default('/usr/share/nginx/html/') }}; - index {{ item.index | default('index.html index.htm') }}; - error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; - location = /50x.html { - root {{ item.error_path | default('/usr/share/nginx/html') }}; - } - location = /favicon.ico { - log_not_found off; - access_log off; - } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } -{% if nginx_block_dotfiles %} - location ~ /\. { - deny all; - access_log off; - log_not_found off; - return 404; - } -{% endif %} - - {% if haproxy_ips is defined %} - # We are behind haproxy - {% for ip in haproxy_ips %} - set_real_ip_from {{ ip }}; - {% endfor %} - real_ip_header X-Forwarded-For; - {% endif %} - - {% if item.max_body is defined %} - client_max_body_size {{ item.max_body }}; - {% else %} - client_max_body_size {{ nginx_client_max_body_size }}; - {% endif %} - {% if item.body_timeout is defined %} - client_body_timeout {{ item.body_timeout }}; - {% else %} - client_body_timeout {{ nginx_client_body_timeout }}; - {% endif %} - - include /etc/nginx/snippets/nginx-server-ssl.conf; - - server_tokens {{ item.server_tokens | default('off') }}; - - {% if nginx_cors_enabled %} - {% if nginx_cors_global %} - include /etc/nginx/snippets/nginx-cors.conf; - {% endif %} - {% endif %} - - {% if nginx_websockets_support is defined and nginx_websockets_support %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {% if item.websockets is defined and item.websockets %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% endif %} - {% endif %} - - {% if item.additional_options is defined %} - {% for add_opt in item.additional_options %} - {{ add_opt }}; - {% endfor %} - {% endif %} - - {% if item.https_acls is defined %} - {% for acl in item.https_acls %} - {{ acl }}; - {% endfor %} - {% endif %} - - {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} - - # Proxy stuff - {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} - {% else %} - include /etc/nginx/snippets/nginx-proxy-params.conf; - {% endif %} - - {% if item.proxy_additional_options is defined %} - {% for popt in item.proxy_additional_options %} - {{ popt }} - {% endfor %} - {% endif %} - - {% if item.locations is defined %} - {% for location in item.locations -%} - location {{ location.location }} { - - {% if nginx_cors_enabled %} - {% if not nginx_cors_global %} - {% if location.cors is defined and location.cors %} - include /etc/nginx/snippets/nginx-cors.conf; - {% endif %} - {% endif %} - {% endif %} - - {% if location.target is defined %} - proxy_pass {{ location.target }}; - {% elif location.php_target is defined %} - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass {{ location.php_target }}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param REMOTE_ADDR $http_x_forwarded_for; - #fastcgi_param REMOTE_ADDR $remote_addr; - include fastcgi_params; - {% endif %} - - {% if location.websockets is defined and location.websockets %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - {% endif %} - - {% if location.extra_conf is defined %} - {{ location.extra_conf }} - {% endif %} - - {% if location.acls is defined %} - {% for acl in location.acls %} - {{ acl }}; - {% endfor %} - {% endif %} - - {% if location.other_opts is defined %} - {% for opt in location.other_opts %} - {{ opt }}; - {% endfor %} - {% endif %} - } - {% endfor %} - {% endif %} - {% endif %} - - {% if item.extra_parameters is defined %} - {{ item.extra_parameters }} - {% endif %} -} - -{% endif %} diff --git a/library/roles/nginx/templates/nginx-websockets.conf.j2 b/library/roles/nginx/templates/nginx-websockets.conf.j2 deleted file mode 100644 index 32af4c3c..00000000 --- a/library/roles/nginx/templates/nginx-websockets.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} diff --git a/library/roles/nginx/templates/nginx.conf.j2 b/library/roles/nginx/templates/nginx.conf.j2 deleted file mode 100644 index 9dc53920..00000000 --- a/library/roles/nginx/templates/nginx.conf.j2 +++ /dev/null @@ -1,63 +0,0 @@ -pid /run/nginx.pid; -{% if ansible_distribution_file_variety == "Debian" %} -user www-data; -{% if nginx_use_ppa or ansible_distribution_major_version >= '16' %} -worker_processes auto; -include /etc/nginx/modules-enabled/*.conf; - -{% else %} -worker_processes {{ nginx_workers }}; -{% endif %} -{% endif %} - -{% if ansible_distribution_file_variety == "RedHat" %} -user nginx; -worker_processes auto; -# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; -{% endif %} - -events { - worker_connections {{ nginx_worker_connections }}; - multi_accept {{ nginx_multi_accept }}; -} -worker_rlimit_nofile {{ nginx_worker_rlimit_nofile }}; - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - server_tokens {{ nginx_server_tokens }}; - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - include /etc/nginx/mime.types; - default_type application/octet-stream; - large_client_header_buffers {{ nginx_large_client_header_buffers }}; - ## - # Logging Settings - ## - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - -{% if nginx_enable_compression %} - include /etc/nginx/snippets/nginx-compression.conf; -{% endif %} -{% if nginx_websockets_support %} - include /etc/nginx/snippets/nginx-websockets.conf; -{% endif %} - include /etc/nginx/conf.d/*.conf; - -{% if ansible_distribution_file_variety == "RedHat" %} - # Load configuration files for the default server block. - include /etc/nginx/default.d/*.conf; -{% endif %} - -{% if ansible_distribution_file_variety == "Debian" %} - include /etc/nginx/sites-enabled/*; -{% endif %} -} diff --git a/library/roles/openjdk/defaults/main.yml b/library/roles/openjdk/defaults/main.yml deleted file mode 100644 index 58ac3b7b..00000000 --- a/library/roles/openjdk/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -openjdk_default: 8 -jdk_default: '{{ openjdk_default }}' -openjdk_pkg_state: present -openjdk_version: - - '{{ openjdk_default }}' - -dismissed_openjdk_ppa: 'ppa:openjdk-r/ppa' -openjdk_zulu_repo_install: False -openjdk_zulu_repo_key_id: '0xB1998361219BD9C9' -openjdk_zulu_repository: 'deb http://repos.azulsystems.com/{{ ansible_distribution | lower }} stable main' - -openjdk_java_home: '/usr/lib/jvm/java-{{ openjdk_default }}-openjdk-amd64' -openjdk_zulu_java_home: '/usr/lib/jvm/zulu-{{ openjdk_default }}-amd64' - -openjdk_zulu_package_name: zulu - -openjdk_pkgs: - - jre-headless - - jdk-headless -# - jre -# - jdk - -oracle_jdk_ubuntu_ppa: 'ppa:webupd8team/java' -openjdk_oracle_jdk_pkgs: - - oracle-java7-installer - - oracle-java7-set-default - - oracle-java7-unlimited-jce-policy - - oracle-java8-installer - - oracle-java8-set-default - - oracle-java8-unlimited-jce-policy - diff --git a/library/roles/openjdk/tasks/main.yml b/library/roles/openjdk/tasks/main.yml deleted file mode 100644 index 5c6c0975..00000000 --- a/library/roles/openjdk/tasks/main.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- block: - - name: Remove the openjdk-r ppa. It is not maintained anymore - apt_repository: repo='{{ dismissed_openjdk_ppa }}' update_cache=yes state=absent - - - name: Remove the Oracle JDK PPA - apt_repository: repo='{{ oracle_jdk_ubuntu_ppa }}' state=absent update_cache=yes - - - name: Check if we must use the Zulu repository - set_fact: - openjdk_zulu_repo_install: True - when: ansible_distribution_major_version <= '16' - - tags: [ 'jdk', 'openjdk' ] - -- block: - - name: Install the Zulu repository key - apt_key: keyserver='hkp://keyserver.ubuntu.com' id={{ openjdk_zulu_repo_key_id }} - - - name: Install the proper Zulu repository - apt_repository: repo='{{ openjdk_zulu_repository }}' update_cache=yes - - - name: Install the Zulu OpenJDK - apt: pkg={{ openjdk_zulu_package_name }}-{{ item }} state={{ openjdk_pkg_state }} update_cache=yes cache_valid_time=3600 - with_items: '{{ openjdk_version }}' - register: openjdk_installed - - - name: Set the default OpenJDK as Zulu - shell: update-java-alternatives -s /usr/lib/jvm/zulu-{{ openjdk_default }}-amd64 - when: openjdk_installed is changed - - - name: Set the correct value for jdk_java_home when we are installing Zulu - set_fact: - jdk_java_home: '{{ openjdk_zulu_java_home }}' - - when: openjdk_zulu_repo_install - tags: [ 'jdk', 'openjdk' ] - -- block: - - name: Remove the Zulu repository if it is present - apt_repository: repo='{{ openjdk_zulu_repository }}' update_cache=yes state=absent - - - name: Install the OpenJDK that comes with the distribution - apt: pkg=openjdk-{{ item.0 }}-{{ item[1] }} state={{ openjdk_pkg_state }} update_cache=yes cache_valid_time=3600 - with_nested: - - '{{ openjdk_version }}' - - '{{ openjdk_pkgs }}' - register: openjdk_installed - - - name: Set the default OpenJDK - shell: update-java-alternatives -s java-1.{{ openjdk_default }}.0-openjdk-amd64 - when: openjdk_installed is changed - - - name: Set the correct value for jdk_java_home when we are installing the distribution OpenJDK - set_fact: - jdk_java_home: '{{ openjdk_java_home }}' - - when: not openjdk_zulu_repo_install - tags: [ 'jdk', 'openjdk' ] - -- block: - - name: Rebuild the Ubuntu keystore - command: update-ca-certificates --fresh - when: openjdk_installed is changed - - tags: [ 'jdk', 'openjdk' ] - -- block: - - name: Remove the Oracle JDK packages - apt: pkg={{ openjdk_oracle_jdk_pkgs }} state=absent cache_valid_time=3600 - - - name: Remove the OpenJDK packages fthat come with the distribution when we use the Zulu repository - apt: pkg=openjdk-{{ item.0 }}-{{ item[1] }} state=absent update_cache=yes cache_valid_time=3600 - with_nested: - - '{{ openjdk_version }}' - - '{{ openjdk_pkgs }}' - when: openjdk_zulu_repo_install - - tags: [ 'jdk', 'openjdk' ] - diff --git a/library/roles/tomcat-multiple-instances/defaults/main.yml b/library/roles/tomcat-multiple-instances/defaults/main.yml deleted file mode 100644 index ff7aeae3..00000000 --- a/library/roles/tomcat-multiple-instances/defaults/main.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -tomcat_version: 7 -#tomcat_catalina_home_dir: '/usr/share/tomcat{{ tomcat_version }}' -# Disable the main tomcat instance -tomcat_service_enabled: False - -tomcat_m_instances_install: True - -tomcat_m_host_manager_install: False -tomcat_m_manager_install: False -# Users and roles for the manager -tomcat_m_manager_gui_user_enabled: False -tomcat_m_manager_gui_user: guiadmin -tomcat_m_manager_gui_r: "manager-gui" -#tomcat_m_manager_gui_pwd: *Use a vault file* -tomcat_m_manager_script_user_enabled: True -tomcat_m_manager_script_user: scriptadmin -tomcat_m_manager_script_r: "manager-script" -#tomcat_m_manager_script_pwd: *Use a vault file* -tomcat_m_manager_jmx_user_enabled: False -tomcat_m_manager_jmx_user: jmxadmin -tomcat_m_manager_jmx_r: "manager-jmx" -#tomcat_m_manager_jmx_pwd: *Use a vault file* -tomcat_m_manager_status_user_enabled: False -tomcat_m_manager_status_user: statusadmin -tomcat_m_manager_status_r: "manager-status" -#tomcat_m_manager_status_pwd: *Use a vault file* - -#tomcat_m_manager_other_roles: -# - { role: '', user: '', password: '', user_roles: '' } - -tomcat_m_instances_base_path: '/var/lib/tomcat_instances' -tomcat_m_instances_logdir_base: '/var/log/tomcat_instances' -tomcat_m_cache_base: '/var/cache/tomcat-instances' -tomcat_m_default_user: 'tomcat{{ tomcat_version }}' -tomcat_m_use_default_user: True -tomcat_m_user_home: False -tomcat_m_default_user_shell: /bin/false -# Workaround for the '50 days shutdown' bug, until a fixed package will be available -tomcat_m_shutdown_port: -1 -tomcat_m_shutdown_pwd: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,hexdigits,punctuation') }}" -tomcat_m_max_threads: 200 -tomcat_m_min_heap_size: 2048m -tomcat_m_heap_size: '{{ tomcat_m_min_heap_size }}' -tomcat_m_permgen_size: 512m -tomcat_m_file_encoding: 'UTF-8' -tomcat_m_restart_timeout: 300 -# -server -Djava.awt.headless=true are always used. No need to specify them -tomcat_m_java_opts_heap: "-Xms{{ tomcat_m_min_heap_size }} -Xmx{{ tomcat_m_heap_size }}" -tomcat_m_java_opts_permgen: "-XX:MaxPermSize={{ tomcat_m_permgen_size }}" -tomcat_m_additional_java_8_opts: "-XX:+CrashOnOutOfMemoryError" -tomcat_m_java_opts: "" -tomcat_m_java_gc_opts: "-XX:+UseConcMarkSweepGC" -# Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved -# response time). If you use that option and you run Tomcat on a machine with -# exactly one CPU chip that contains one or two cores, you should also add -# the "-XX:+CMSIncrementalMode" option. -#tomcat_m_other_java_opts: "-Djsse.enableSNIExtension=false" -tomcat_m_reverse_proxy_name_enabled: False -tomcat_m_reverse_proxy_name: '{{ ansible_fqdn }}' -tomcat_m_reverse_proxy_port: '{{ http_port | default(80) }}' -tomcat_m_proxy_enabled: False -tomcat_m_proxy_http_host: 'localhost' -tomcat_m_proxy_http_port: '3128' -tomcat_m_proxy_https_host: '{{ tomcat_m_proxy_http_host }}' -tomcat_m_proxy_https_port: '{{ tomcat_m_proxy_http_port }}' -tomcat_m_proxy_opts: "-DproxySet=true -Dhttp.proxyHost={{ tomcat_m_proxy_http_host }} -Dhttp.proxyPort={{ tomcat_m_proxy_http_port }} -Dhttps.proxyHost={{ tomcat_m_proxy_https_host }} -Dhttps.proxyPort={{ tomcat_m_proxy_https_port }}" -tomcat_m_other_java_opts: "" -tomcat_m_webapps_autodeploy: False -tomcat_m_webapps_unpack: False -tomcat_m_start_instances: True -tomcat_m_enable_instances: True -tomcat_m_jndi_pool: False -tomcat_m_direct_access: False - -# JMX and debugging -tomcat_m_enable_remote_debugging: False -tomcat_m_remote_debugging_host: '0.0.0.0' -tomcat_m_remote_debugging_port: '8100' -tomcat_m_remote_debugging_uri: '{{ tomcat_m_remote_debugging_host }}:{{ tomcat_m_remote_debugging_port }}' -tomcat_m_jmx_enabled: False -tomcat_m_jmx_auth_enabled: False -tomcat_m_jmx_use_ssl: False -tomcat_m_jmx_port: 8186 -# The following works with jdk >= 7.0.25 only -tomcat_m_jmx_disable_additional_ports: True -tomcat_m_jmx_localhost_only: False -tomcat_m_jmx_ip_address: '{{ ansible_default_ipv4.address }}' - -#tomcat_m_jmx_auth_dir: '{{ tomcat_m_instances_base_path }}' -# tomcat_m_jmx_monitorpass: define_in_a_vault_file -# tomcat_m_jmx_controlpass: define_in_a_vault_file - -# This is only an example. Insert a line for each tomcat instance. 'app_contexts' can be used to automatically configure apache or nginx virtualhost http/ajp proxy -# -#tomcat_m_instances: -# - { http_enabled: True, http_port: '8180', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '8105', java_home: '{{ jdk_java_home }}', user: '{{ tomcat_m_default_user }}', user_home: '{{ tomcat_m_instances_base_path }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ tomcat_m_instances_base_path }}/8180', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', install_server_xml: True, default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', proxy_enabled: '{{ tomcat_m_proxy_enabled }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/8180/conf', jmx_port: '{{ tomcat_m_jmx_port }}', jmx_monitorpass: '{{ set_in_a_vault_file }}', jmx_controlpass: '{{ set_in_a_vault_file }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_uri: '{{ tomcat_m_remote_debugging_uri }}', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], app_contexts: [ 'app1', 'app2' ] } - diff --git a/library/roles/tomcat-multiple-instances/files/context.xml b/library/roles/tomcat-multiple-instances/files/context.xml deleted file mode 100644 index 745bf953..00000000 --- a/library/roles/tomcat-multiple-instances/files/context.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - WEB-INF/web.xml - - - - - - - - \ No newline at end of file diff --git a/library/roles/tomcat-multiple-instances/files/jmxremote.access b/library/roles/tomcat-multiple-instances/files/jmxremote.access deleted file mode 100644 index c5aab07e..00000000 --- a/library/roles/tomcat-multiple-instances/files/jmxremote.access +++ /dev/null @@ -1,2 +0,0 @@ -monitorRole readonly -controlRole readwrite diff --git a/library/roles/tomcat-multiple-instances/files/logging.properties b/library/roles/tomcat-multiple-instances/files/logging.properties deleted file mode 100644 index 6eeb1814..00000000 --- a/library/roles/tomcat-multiple-instances/files/logging.properties +++ /dev/null @@ -1,49 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler - -.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler - -############################################################ -# Handler specific properties. -# Describes specific configuration info for Handlers. -############################################################ - -1catalina.org.apache.juli.FileHandler.level = FINE -1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs -1catalina.org.apache.juli.FileHandler.prefix = catalina. - -2localhost.org.apache.juli.FileHandler.level = FINE -2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs -2localhost.org.apache.juli.FileHandler.prefix = localhost. - -java.util.logging.ConsoleHandler.level = FINE -java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter - -############################################################ -# Facility specific properties. -# Provides extra control for each logger. -############################################################ - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler - -# For example, set the com.xyz.foo logger to only log SEVERE -# messages: -#org.apache.catalina.startup.ContextConfig.level = FINE -#org.apache.catalina.startup.HostConfig.level = FINE -#org.apache.catalina.session.ManagerBase.level = FINE -#org.apache.catalina.core.AprLifecycleListener.level=FINE diff --git a/library/roles/tomcat-multiple-instances/files/policy.d/01system.policy b/library/roles/tomcat-multiple-instances/files/policy.d/01system.policy deleted file mode 100644 index 8e02c821..00000000 --- a/library/roles/tomcat-multiple-instances/files/policy.d/01system.policy +++ /dev/null @@ -1,52 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one or more -// contributor license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright ownership. -// The ASF licenses this file to You under the Apache License, Version 2.0 -// (the "License"); you may not use this file except in compliance with -// the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// ============================================================================ -// catalina.corepolicy - Security Policy Permissions for Tomcat 6 -// -// This file contains a default set of security policies to be enforced (by the -// JVM) when Catalina is executed with the "-security" option. In addition -// to the permissions granted here, the following additional permissions are -// granted to the codebase specific to each web application: -// -// * Read access to the document root directory -// -// $Id: catalina.policy 609294 2008-01-06 11:43:46Z markt $ -// ============================================================================ - - -// ========== SYSTEM CODE PERMISSIONS ========================================= - - -// These permissions apply to javac -grant codeBase "file:${java.home}/lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions -grant codeBase "file:${java.home}/jre/lib/ext/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/../lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions when -// ${java.home} points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/lib/ext/-" { - permission java.security.AllPermission; -}; diff --git a/library/roles/tomcat-multiple-instances/files/policy.d/02debian.policy b/library/roles/tomcat-multiple-instances/files/policy.d/02debian.policy deleted file mode 100644 index 582c47c1..00000000 --- a/library/roles/tomcat-multiple-instances/files/policy.d/02debian.policy +++ /dev/null @@ -1,10 +0,0 @@ -// These permissions apply to all JARs from Debian packages -grant codeBase "file:/usr/share/java/-" { - permission java.security.AllPermission; -}; -grant codeBase "file:/usr/share/maven-repo/-" { - permission java.security.AllPermission; -}; -grant codeBase "file:/usr/share/ant/lib/-" { - permission java.security.AllPermission; -}; diff --git a/library/roles/tomcat-multiple-instances/files/policy.d/03catalina.policy b/library/roles/tomcat-multiple-instances/files/policy.d/03catalina.policy deleted file mode 100644 index 2de15182..00000000 --- a/library/roles/tomcat-multiple-instances/files/policy.d/03catalina.policy +++ /dev/null @@ -1,32 +0,0 @@ -// ========== CATALINA CODE PERMISSIONS ======================================= - - -// These permissions apply to the logging API -grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { - permission java.util.PropertyPermission "java.util.logging.config.class", "read"; - permission java.util.PropertyPermission "java.util.logging.config.file", "read"; - permission java.lang.RuntimePermission "shutdownHooks"; - permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; - permission java.util.PropertyPermission "catalina.base", "read"; - permission java.util.logging.LoggingPermission "control"; - permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write"; - permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; - permission java.lang.RuntimePermission "getClassLoader"; - permission java.lang.RuntimePermission "setContextClassLoader"; - // To enable per context logging configuration, permit read access to the appropriate file. - // Be sure that the logging configuration is secure before enabling such access - // eg for the examples web application: - // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; -}; - -// These permissions apply to the server startup code -grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { - permission java.security.AllPermission; -}; - -// These permissions apply to the servlet API classes -// and those that are shared across all class loaders -// located in the "lib" directory -grant codeBase "file:${catalina.home}/lib/-" { - permission java.security.AllPermission; -}; diff --git a/library/roles/tomcat-multiple-instances/files/policy.d/04webapps.policy b/library/roles/tomcat-multiple-instances/files/policy.d/04webapps.policy deleted file mode 100644 index 74af20de..00000000 --- a/library/roles/tomcat-multiple-instances/files/policy.d/04webapps.policy +++ /dev/null @@ -1,59 +0,0 @@ -// ========== WEB APPLICATION PERMISSIONS ===================================== - - -// These permissions are granted by default to all web applications -// In addition, a web application will be given a read FilePermission -// and JndiPermission for all files and directories in its document root. -grant { - // Required for JNDI lookup of named JDBC DataSource's and - // javamail named MimePart DataSource used to send mail - permission java.util.PropertyPermission "java.home", "read"; - permission java.util.PropertyPermission "java.naming.*", "read"; - permission java.util.PropertyPermission "javax.sql.*", "read"; - - // OS Specific properties to allow read access - permission java.util.PropertyPermission "os.name", "read"; - permission java.util.PropertyPermission "os.version", "read"; - permission java.util.PropertyPermission "os.arch", "read"; - permission java.util.PropertyPermission "file.separator", "read"; - permission java.util.PropertyPermission "path.separator", "read"; - permission java.util.PropertyPermission "line.separator", "read"; - - // JVM properties to allow read access - permission java.util.PropertyPermission "java.version", "read"; - permission java.util.PropertyPermission "java.vendor", "read"; - permission java.util.PropertyPermission "java.vendor.url", "read"; - permission java.util.PropertyPermission "java.class.version", "read"; - permission java.util.PropertyPermission "java.specification.version", "read"; - permission java.util.PropertyPermission "java.specification.vendor", "read"; - permission java.util.PropertyPermission "java.specification.name", "read"; - - permission java.util.PropertyPermission "java.vm.specification.version", "read"; - permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; - permission java.util.PropertyPermission "java.vm.specification.name", "read"; - permission java.util.PropertyPermission "java.vm.version", "read"; - permission java.util.PropertyPermission "java.vm.vendor", "read"; - permission java.util.PropertyPermission "java.vm.name", "read"; - - // Required for OpenJMX - permission java.lang.RuntimePermission "getAttribute"; - - // Allow read of JAXP compliant XML parser debug - permission java.util.PropertyPermission "jaxp.debug", "read"; - - // Precompiled JSPs need access to this package. - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; - - // Example JSPs need those to work properly - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; - permission java.lang.RuntimePermission "accessDeclaredMembers"; - - // Precompiled JSPs need access to this system property. - permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; - - // java.io.tmpdir should be usable as a temporary file directory - permission java.util.PropertyPermission "java.io.tmpdir", "read"; - permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete"; - -}; diff --git a/library/roles/tomcat-multiple-instances/files/policy.d/50local.policy b/library/roles/tomcat-multiple-instances/files/policy.d/50local.policy deleted file mode 100644 index 3f15a8d2..00000000 --- a/library/roles/tomcat-multiple-instances/files/policy.d/50local.policy +++ /dev/null @@ -1,32 +0,0 @@ -// You can assign additional permissions to particular web applications by -// adding additional "grant" entries here, based on the code base for that -// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. -// -// Different permissions can be granted to JSP pages, classes loaded from -// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ -// directory, or even to individual jar files in the /WEB-INF/lib/ directory. -// -// For instance, assume that the standard "examples" application -// included a JDBC driver that needed to establish a network connection to the -// corresponding database and used the scrape taglib to get the weather from -// the NOAA web server. You might create a "grant" entries like this: -// -// The permissions granted to the context root directory apply to JSP pages. -// grant codeBase "file:${catalina.base}/webapps/examples/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; -// -// The permissions granted to the context WEB-INF/classes directory -// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" { -// }; -// -// The permission granted to your JDBC driver -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// }; -// The permission granted to the scrape taglib -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; - diff --git a/library/roles/tomcat-multiple-instances/files/web.xml b/library/roles/tomcat-multiple-instances/files/web.xml deleted file mode 100644 index cc8383cb..00000000 --- a/library/roles/tomcat-multiple-instances/files/web.xml +++ /dev/null @@ -1,4283 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - org.apache.catalina.servlets.DefaultServlet - - debug - 0 - - - listings - false - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - jsp - org.apache.jasper.servlet.JspServlet - - fork - false - - - xpoweredBy - false - - 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - / - - - - - jsp - *.jsp - *.jspx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 30 - - - - - - - - - - - - 123 - application/vnd.lotus-1-2-3 - - - 3dml - text/vnd.in3d.3dml - - - 3g2 - video/3gpp2 - - - 3gp - video/3gpp - - - 7z - application/x-7z-compressed - - - aab - application/x-authorware-bin - - - aac - audio/x-aac - - - aam - application/x-authorware-map - - - aas - application/x-authorware-seg - - - abs - audio/x-mpeg - - - abw - application/x-abiword - - - ac - application/pkix-attr-cert - - - acc - application/vnd.americandynamics.acc - - - ace - application/x-ace-compressed - - - acu - application/vnd.acucobol - - - acutc - application/vnd.acucorp - - - adp - audio/adpcm - - - aep - application/vnd.audiograph - - - afm - application/x-font-type1 - - - afp - application/vnd.ibm.modcap - - - ahead - application/vnd.ahead.space - - - ai - application/postscript - - - aif - audio/x-aiff - - - aifc - audio/x-aiff - - - aiff - audio/x-aiff - - - aim - application/x-aim - - - air - application/vnd.adobe.air-application-installer-package+zip - - - ait - application/vnd.dvb.ait - - - ami - application/vnd.amiga.ami - - - anx - application/annodex - - - apk - application/vnd.android.package-archive - - - application - application/x-ms-application - - - apr - application/vnd.lotus-approach - - - art - image/x-jg - - - asc - application/pgp-signature - - - asf - video/x-ms-asf - - - asm - text/x-asm - - - aso - application/vnd.accpac.simply.aso - - - asx - video/x-ms-asf - - - atc - application/vnd.acucorp - - - atom - application/atom+xml - - - atomcat - application/atomcat+xml - - - atomsvc - application/atomsvc+xml - - - atx - application/vnd.antix.game-component - - - au - audio/basic - - - avi - video/x-msvideo - - - avx - video/x-rad-screenplay - - - aw - application/applixware - - - axa - audio/annodex - - - axv - video/annodex - - - azf - application/vnd.airzip.filesecure.azf - - - azs - application/vnd.airzip.filesecure.azs - - - azw - application/vnd.amazon.ebook - - - bat - application/x-msdownload - - - bcpio - application/x-bcpio - - - bdf - application/x-font-bdf - - - bdm - application/vnd.syncml.dm+wbxml - - - bed - application/vnd.realvnc.bed - - - bh2 - application/vnd.fujitsu.oasysprs - - - bin - application/octet-stream - - - bmi - application/vnd.bmi - - - bmp - image/bmp - - - body - text/html - - - book - application/vnd.framemaker - - - box - application/vnd.previewsystems.box - - - boz - application/x-bzip2 - - - bpk - application/octet-stream - - - btif - image/prs.btif - - - bz - application/x-bzip - - - bz2 - application/x-bzip2 - - - c - text/x-c - - - c11amc - application/vnd.cluetrust.cartomobile-config - - - c11amz - application/vnd.cluetrust.cartomobile-config-pkg - - - c4d - application/vnd.clonk.c4group - - - c4f - application/vnd.clonk.c4group - - - c4g - application/vnd.clonk.c4group - - - c4p - application/vnd.clonk.c4group - - - c4u - application/vnd.clonk.c4group - - - cab - application/vnd.ms-cab-compressed - - - cap - application/vnd.tcpdump.pcap - - - car - application/vnd.curl.car - - - cat - application/vnd.ms-pki.seccat - - - cc - text/x-c - - - cct - application/x-director - - - ccxml - application/ccxml+xml - - - cdbcmsg - application/vnd.contact.cmsg - - - cdf - application/x-cdf - - - cdkey - application/vnd.mediastation.cdkey - - - cdmia - application/cdmi-capability - - - cdmic - application/cdmi-container - - - cdmid - application/cdmi-domain - - - cdmio - application/cdmi-object - - - cdmiq - application/cdmi-queue - - - cdx - chemical/x-cdx - - - cdxml - application/vnd.chemdraw+xml - - - cdy - application/vnd.cinderella - - - cer - application/pkix-cert - - - cgm - image/cgm - - - chat - application/x-chat - - - chm - application/vnd.ms-htmlhelp - - - chrt - application/vnd.kde.kchart - - - cif - chemical/x-cif - - - cii - application/vnd.anser-web-certificate-issue-initiation - - - cil - application/vnd.ms-artgalry - - - cla - application/vnd.claymore - - - class - application/java - - - clkk - application/vnd.crick.clicker.keyboard - - - clkp - application/vnd.crick.clicker.palette - - - clkt - application/vnd.crick.clicker.template - - - clkw - application/vnd.crick.clicker.wordbank - - - clkx - application/vnd.crick.clicker - - - clp - application/x-msclip - - - cmc - application/vnd.cosmocaller - - - cmdf - chemical/x-cmdf - - - cml - chemical/x-cml - - - cmp - application/vnd.yellowriver-custom-menu - - - cmx - image/x-cmx - - - cod - application/vnd.rim.cod - - - com - application/x-msdownload - - - conf - text/plain - - - cpio - application/x-cpio - - - cpp - text/x-c - - - cpt - application/mac-compactpro - - - crd - application/x-mscardfile - - - crl - application/pkix-crl - - - crt - application/x-x509-ca-cert - - - cryptonote - application/vnd.rig.cryptonote - - - csh - application/x-csh - - - csml - chemical/x-csml - - - csp - application/vnd.commonspace - - - css - text/css - - - cst - application/x-director - - - csv - text/csv - - - cu - application/cu-seeme - - - curl - text/vnd.curl - - - cww - application/prs.cww - - - cxt - application/x-director - - - cxx - text/x-c - - - dae - model/vnd.collada+xml - - - daf - application/vnd.mobius.daf - - - dataless - application/vnd.fdsn.seed - - - davmount - application/davmount+xml - - - dcr - application/x-director - - - dcurl - text/vnd.curl.dcurl - - - dd2 - application/vnd.oma.dd2+xml - - - ddd - application/vnd.fujixerox.ddd - - - deb - application/x-debian-package - - - def - text/plain - - - deploy - application/octet-stream - - - der - application/x-x509-ca-cert - - - dfac - application/vnd.dreamfactory - - - dib - image/bmp - - - dic - text/x-c - - - dir - application/x-director - - - dis - application/vnd.mobius.dis - - - dist - application/octet-stream - - - distz - application/octet-stream - - - djv - image/vnd.djvu - - - djvu - image/vnd.djvu - - - dll - application/x-msdownload - - - dmg - application/octet-stream - - - dmp - application/vnd.tcpdump.pcap - - - dms - application/octet-stream - - - dna - application/vnd.dna - - - doc - application/msword - - - docm - application/vnd.ms-word.document.macroenabled.12 - - - docx - application/vnd.openxmlformats-officedocument.wordprocessingml.document - - - dot - application/msword - - - dotm - application/vnd.ms-word.template.macroenabled.12 - - - dotx - application/vnd.openxmlformats-officedocument.wordprocessingml.template - - - dp - application/vnd.osgi.dp - - - dpg - application/vnd.dpgraph - - - dra - audio/vnd.dra - - - dsc - text/prs.lines.tag - - - dssc - application/dssc+der - - - dtb - application/x-dtbook+xml - - - dtd - application/xml-dtd - - - dts - audio/vnd.dts - - - dtshd - audio/vnd.dts.hd - - - dump - application/octet-stream - - - dv - video/x-dv - - - dvb - video/vnd.dvb.file - - - dvi - application/x-dvi - - - dwf - model/vnd.dwf - - - dwg - image/vnd.dwg - - - dxf - image/vnd.dxf - - - dxp - application/vnd.spotfire.dxp - - - dxr - application/x-director - - - ecelp4800 - audio/vnd.nuera.ecelp4800 - - - ecelp7470 - audio/vnd.nuera.ecelp7470 - - - ecelp9600 - audio/vnd.nuera.ecelp9600 - - - ecma - application/ecmascript - - - edm - application/vnd.novadigm.edm - - - edx - application/vnd.novadigm.edx - - - efif - application/vnd.picsel - - - ei6 - application/vnd.pg.osasli - - - elc - application/octet-stream - - - eml - message/rfc822 - - - emma - application/emma+xml - - - eol - audio/vnd.digital-winds - - - eot - application/vnd.ms-fontobject - - - eps - application/postscript - - - epub - application/epub+zip - - - es3 - application/vnd.eszigno3+xml - - - esf - application/vnd.epson.esf - - - et3 - application/vnd.eszigno3+xml - - - etx - text/x-setext - - - exe - application/octet-stream - - - exi - application/exi - - - ext - application/vnd.novadigm.ext - - - ez - application/andrew-inset - - - ez2 - application/vnd.ezpix-album - - - ez3 - application/vnd.ezpix-package - - - f - text/x-fortran - - - f4v - video/x-f4v - - - f77 - text/x-fortran - - - f90 - text/x-fortran - - - fbs - image/vnd.fastbidsheet - - - fcs - application/vnd.isac.fcs - - - fdf - application/vnd.fdf - - - fe_launch - application/vnd.denovo.fcselayout-link - - - fg5 - application/vnd.fujitsu.oasysgp - - - fgd - application/x-director - - - fh - image/x-freehand - - - fh4 - image/x-freehand - - - fh5 - image/x-freehand - - - fh7 - image/x-freehand - - - fhc - image/x-freehand - - - fig - application/x-xfig - - - flac - audio/flac - - - fli - video/x-fli - - - flo - application/vnd.micrografx.flo - - - flv - video/x-flv - - - flw - application/vnd.kde.kivio - - - flx - text/vnd.fmi.flexstor - - - fly - text/vnd.fly - - - fm - application/vnd.framemaker - - - fnc - application/vnd.frogans.fnc - - - for - text/x-fortran - - - fpx - image/vnd.fpx - - - frame - application/vnd.framemaker - - - fsc - application/vnd.fsc.weblaunch - - - fst - image/vnd.fst - - - ftc - application/vnd.fluxtime.clip - - - fti - application/vnd.anser-web-funds-transfer-initiation - - - fvt - video/vnd.fvt - - - fxp - application/vnd.adobe.fxp - - - fxpl - application/vnd.adobe.fxp - - - fzs - application/vnd.fuzzysheet - - - g2w - application/vnd.geoplan - - - g3 - image/g3fax - - - g3w - application/vnd.geospace - - - gac - application/vnd.groove-account - - - gbr - application/rpki-ghostbusters - - - gdl - model/vnd.gdl - - - geo - application/vnd.dynageo - - - gex - application/vnd.geometry-explorer - - - ggb - application/vnd.geogebra.file - - - ggt - application/vnd.geogebra.tool - - - ghf - application/vnd.groove-help - - - gif - image/gif - - - gim - application/vnd.groove-identity-message - - - gmx - application/vnd.gmx - - - gnumeric - application/x-gnumeric - - - gph - application/vnd.flographit - - - gqf - application/vnd.grafeq - - - gqs - application/vnd.grafeq - - - gram - application/srgs - - - gre - application/vnd.geometry-explorer - - - grv - application/vnd.groove-injector - - - grxml - application/srgs+xml - - - gsf - application/x-font-ghostscript - - - gtar - application/x-gtar - - - gtm - application/vnd.groove-tool-message - - - gtw - model/vnd.gtw - - - gv - text/vnd.graphviz - - - gxt - application/vnd.geonext - - - gz - application/x-gzip - - - h - text/x-c - - - h261 - video/h261 - - - h263 - video/h263 - - - h264 - video/h264 - - - hal - application/vnd.hal+xml - - - hbci - application/vnd.hbci - - - hdf - application/x-hdf - - - hh - text/x-c - - - hlp - application/winhlp - - - hpgl - application/vnd.hp-hpgl - - - hpid - application/vnd.hp-hpid - - - hps - application/vnd.hp-hps - - - hqx - application/mac-binhex40 - - - htc - text/x-component - - - htke - application/vnd.kenameaapp - - - htm - text/html - - - html - text/html - - - hvd - application/vnd.yamaha.hv-dic - - - hvp - application/vnd.yamaha.hv-voice - - - hvs - application/vnd.yamaha.hv-script - - - i2g - application/vnd.intergeo - - - icc - application/vnd.iccprofile - - - ice - x-conference/x-cooltalk - - - icm - application/vnd.iccprofile - - - ico - image/x-icon - - - ics - text/calendar - - - ief - image/ief - - - ifb - text/calendar - - - ifm - application/vnd.shana.informed.formdata - - - iges - model/iges - - - igl - application/vnd.igloader - - - igm - application/vnd.insors.igm - - - igs - model/iges - - - igx - application/vnd.micrografx.igx - - - iif - application/vnd.shana.informed.interchange - - - imp - application/vnd.accpac.simply.imp - - - ims - application/vnd.ms-ims - - - in - text/plain - - - ink - application/inkml+xml - - - inkml - application/inkml+xml - - - iota - application/vnd.astraea-software.iota - - - ipfix - application/ipfix - - - ipk - application/vnd.shana.informed.package - - - irm - application/vnd.ibm.rights-management - - - irp - application/vnd.irepository.package+xml - - - iso - application/octet-stream - - - itp - application/vnd.shana.informed.formtemplate - - - ivp - application/vnd.immervision-ivp - - - ivu - application/vnd.immervision-ivu - - - jad - text/vnd.sun.j2me.app-descriptor - - - jam - application/vnd.jam - - - jar - application/java-archive - - - java - text/x-java-source - - - jisp - application/vnd.jisp - - - jlt - application/vnd.hp-jlyt - - - jnlp - application/x-java-jnlp-file - - - joda - application/vnd.joost.joda-archive - - - jpe - image/jpeg - - - jpeg - image/jpeg - - - jpg - image/jpeg - - - jpgm - video/jpm - - - jpgv - video/jpeg - - - jpm - video/jpm - - - js - application/javascript - - - jsf - text/plain - - - json - application/json - - - jspf - text/plain - - - kar - audio/midi - - - karbon - application/vnd.kde.karbon - - - kfo - application/vnd.kde.kformula - - - kia - application/vnd.kidspiration - - - kml - application/vnd.google-earth.kml+xml - - - kmz - application/vnd.google-earth.kmz - - - kne - application/vnd.kinar - - - knp - application/vnd.kinar - - - kon - application/vnd.kde.kontour - - - kpr - application/vnd.kde.kpresenter - - - kpt - application/vnd.kde.kpresenter - - - ksp - application/vnd.kde.kspread - - - ktr - application/vnd.kahootz - - - ktx - image/ktx - - - ktz - application/vnd.kahootz - - - kwd - application/vnd.kde.kword - - - kwt - application/vnd.kde.kword - - - lasxml - application/vnd.las.las+xml - - - latex - application/x-latex - - - lbd - application/vnd.llamagraphics.life-balance.desktop - - - lbe - application/vnd.llamagraphics.life-balance.exchange+xml - - - les - application/vnd.hhe.lesson-player - - - lha - application/octet-stream - - - link66 - application/vnd.route66.link66+xml - - - list - text/plain - - - list3820 - application/vnd.ibm.modcap - - - listafp - application/vnd.ibm.modcap - - - log - text/plain - - - lostxml - application/lost+xml - - - lrf - application/octet-stream - - - lrm - application/vnd.ms-lrm - - - ltf - application/vnd.frogans.ltf - - - lvp - audio/vnd.lucent.voice - - - lwp - application/vnd.lotus-wordpro - - - lzh - application/octet-stream - - - m13 - application/x-msmediaview - - - m14 - application/x-msmediaview - - - m1v - video/mpeg - - - m21 - application/mp21 - - - m2a - audio/mpeg - - - m2v - video/mpeg - - - m3a - audio/mpeg - - - m3u - audio/x-mpegurl - - - m3u8 - application/vnd.apple.mpegurl - - - m4a - audio/mp4 - - - m4b - audio/mp4 - - - m4r - audio/mp4 - - - m4u - video/vnd.mpegurl - - - m4v - video/mp4 - - - ma - application/mathematica - - - mac - image/x-macpaint - - - mads - application/mads+xml - - - mag - application/vnd.ecowin.chart - - - maker - application/vnd.framemaker - - - man - text/troff - - - mathml - application/mathml+xml - - - mb - application/mathematica - - - mbk - application/vnd.mobius.mbk - - - mbox - application/mbox - - - mc1 - application/vnd.medcalcdata - - - mcd - application/vnd.mcd - - - mcurl - text/vnd.curl.mcurl - - - mdb - application/x-msaccess - - - mdi - image/vnd.ms-modi - - - me - text/troff - - - mesh - model/mesh - - - meta4 - application/metalink4+xml - - - mets - application/mets+xml - - - mfm - application/vnd.mfmp - - - mft - application/rpki-manifest - - - mgp - application/vnd.osgeo.mapguide.package - - - mgz - application/vnd.proteus.magazine - - - mid - audio/midi - - - midi - audio/midi - - - mif - application/x-mif - - - mime - message/rfc822 - - - mj2 - video/mj2 - - - mjp2 - video/mj2 - - - mlp - application/vnd.dolby.mlp - - - mmd - application/vnd.chipnuts.karaoke-mmd - - - mmf - application/vnd.smaf - - - mmr - image/vnd.fujixerox.edmics-mmr - - - mny - application/x-msmoney - - - mobi - application/x-mobipocket-ebook - - - mods - application/mods+xml - - - mov - video/quicktime - - - movie - video/x-sgi-movie - - - mp1 - audio/mpeg - - - mp2 - audio/mpeg - - - mp21 - application/mp21 - - - mp2a - audio/mpeg - - - mp3 - audio/mpeg - - - mp4 - video/mp4 - - - mp4a - audio/mp4 - - - mp4s - application/mp4 - - - mp4v - video/mp4 - - - mpa - audio/mpeg - - - mpc - application/vnd.mophun.certificate - - - mpe - video/mpeg - - - mpeg - video/mpeg - - - mpega - audio/x-mpeg - - - mpg - video/mpeg - - - mpg4 - video/mp4 - - - mpga - audio/mpeg - - - mpkg - application/vnd.apple.installer+xml - - - mpm - application/vnd.blueice.multipass - - - mpn - application/vnd.mophun.application - - - mpp - application/vnd.ms-project - - - mpt - application/vnd.ms-project - - - mpv2 - video/mpeg2 - - - mpy - application/vnd.ibm.minipay - - - mqy - application/vnd.mobius.mqy - - - mrc - application/marc - - - mrcx - application/marcxml+xml - - - ms - text/troff - - - mscml - application/mediaservercontrol+xml - - - mseed - application/vnd.fdsn.mseed - - - mseq - application/vnd.mseq - - - msf - application/vnd.epson.msf - - - msh - model/mesh - - - msi - application/x-msdownload - - - msl - application/vnd.mobius.msl - - - msty - application/vnd.muvee.style - - - mts - model/vnd.mts - - - mus - application/vnd.musician - - - musicxml - application/vnd.recordare.musicxml+xml - - - mvb - application/x-msmediaview - - - mwf - application/vnd.mfer - - - mxf - application/mxf - - - mxl - application/vnd.recordare.musicxml - - - mxml - application/xv+xml - - - mxs - application/vnd.triscape.mxs - - - mxu - video/vnd.mpegurl - - - n-gage - application/vnd.nokia.n-gage.symbian.install - - - n3 - text/n3 - - - nb - application/mathematica - - - nbp - application/vnd.wolfram.player - - - nc - application/x-netcdf - - - ncx - application/x-dtbncx+xml - - - ngdat - application/vnd.nokia.n-gage.data - - - nlu - application/vnd.neurolanguage.nlu - - - nml - application/vnd.enliven - - - nnd - application/vnd.noblenet-directory - - - nns - application/vnd.noblenet-sealer - - - nnw - application/vnd.noblenet-web - - - npx - image/vnd.net-fpx - - - nsf - application/vnd.lotus-notes - - - oa2 - application/vnd.fujitsu.oasys2 - - - oa3 - application/vnd.fujitsu.oasys3 - - - oas - application/vnd.fujitsu.oasys - - - obd - application/x-msbinder - - - oda - application/oda - - - - odb - application/vnd.oasis.opendocument.database - - - - odc - application/vnd.oasis.opendocument.chart - - - - odf - application/vnd.oasis.opendocument.formula - - - odft - application/vnd.oasis.opendocument.formula-template - - - - odg - application/vnd.oasis.opendocument.graphics - - - - odi - application/vnd.oasis.opendocument.image - - - - odm - application/vnd.oasis.opendocument.text-master - - - - odp - application/vnd.oasis.opendocument.presentation - - - - ods - application/vnd.oasis.opendocument.spreadsheet - - - - odt - application/vnd.oasis.opendocument.text - - - oga - audio/ogg - - - ogg - audio/ogg - - - ogv - video/ogg - - - - ogx - application/ogg - - - onepkg - application/onenote - - - onetmp - application/onenote - - - onetoc - application/onenote - - - onetoc2 - application/onenote - - - opf - application/oebps-package+xml - - - oprc - application/vnd.palm - - - org - application/vnd.lotus-organizer - - - osf - application/vnd.yamaha.openscoreformat - - - osfpvg - application/vnd.yamaha.openscoreformat.osfpvg+xml - - - otc - application/vnd.oasis.opendocument.chart-template - - - otf - application/x-font-otf - - - - otg - application/vnd.oasis.opendocument.graphics-template - - - - oth - application/vnd.oasis.opendocument.text-web - - - oti - application/vnd.oasis.opendocument.image-template - - - - otp - application/vnd.oasis.opendocument.presentation-template - - - - ots - application/vnd.oasis.opendocument.spreadsheet-template - - - - ott - application/vnd.oasis.opendocument.text-template - - - oxps - application/oxps - - - oxt - application/vnd.openofficeorg.extension - - - p - text/x-pascal - - - p10 - application/pkcs10 - - - p12 - application/x-pkcs12 - - - p7b - application/x-pkcs7-certificates - - - p7c - application/pkcs7-mime - - - p7m - application/pkcs7-mime - - - p7r - application/x-pkcs7-certreqresp - - - p7s - application/pkcs7-signature - - - p8 - application/pkcs8 - - - pas - text/x-pascal - - - paw - application/vnd.pawaafile - - - pbd - application/vnd.powerbuilder6 - - - pbm - image/x-portable-bitmap - - - pcap - application/vnd.tcpdump.pcap - - - pcf - application/x-font-pcf - - - pcl - application/vnd.hp-pcl - - - pclxl - application/vnd.hp-pclxl - - - pct - image/pict - - - pcurl - application/vnd.curl.pcurl - - - pcx - image/x-pcx - - - pdb - application/vnd.palm - - - pdf - application/pdf - - - pfa - application/x-font-type1 - - - pfb - application/x-font-type1 - - - pfm - application/x-font-type1 - - - pfr - application/font-tdpfr - - - pfx - application/x-pkcs12 - - - pgm - image/x-portable-graymap - - - pgn - application/x-chess-pgn - - - pgp - application/pgp-encrypted - - - pic - image/pict - - - pict - image/pict - - - pkg - application/octet-stream - - - pki - application/pkixcmp - - - pkipath - application/pkix-pkipath - - - plb - application/vnd.3gpp.pic-bw-large - - - plc - application/vnd.mobius.plc - - - plf - application/vnd.pocketlearn - - - pls - audio/x-scpls - - - pml - application/vnd.ctc-posml - - - png - image/png - - - pnm - image/x-portable-anymap - - - pnt - image/x-macpaint - - - portpkg - application/vnd.macports.portpkg - - - pot - application/vnd.ms-powerpoint - - - potm - application/vnd.ms-powerpoint.template.macroenabled.12 - - - potx - application/vnd.openxmlformats-officedocument.presentationml.template - - - ppam - application/vnd.ms-powerpoint.addin.macroenabled.12 - - - ppd - application/vnd.cups-ppd - - - ppm - image/x-portable-pixmap - - - pps - application/vnd.ms-powerpoint - - - ppsm - application/vnd.ms-powerpoint.slideshow.macroenabled.12 - - - ppsx - application/vnd.openxmlformats-officedocument.presentationml.slideshow - - - ppt - application/vnd.ms-powerpoint - - - pptm - application/vnd.ms-powerpoint.presentation.macroenabled.12 - - - pptx - application/vnd.openxmlformats-officedocument.presentationml.presentation - - - pqa - application/vnd.palm - - - prc - application/x-mobipocket-ebook - - - pre - application/vnd.lotus-freelance - - - prf - application/pics-rules - - - ps - application/postscript - - - psb - application/vnd.3gpp.pic-bw-small - - - psd - image/vnd.adobe.photoshop - - - psf - application/x-font-linux-psf - - - pskcxml - application/pskc+xml - - - ptid - application/vnd.pvi.ptid1 - - - pub - application/x-mspublisher - - - pvb - application/vnd.3gpp.pic-bw-var - - - pwn - application/vnd.3m.post-it-notes - - - pya - audio/vnd.ms-playready.media.pya - - - pyv - video/vnd.ms-playready.media.pyv - - - qam - application/vnd.epson.quickanime - - - qbo - application/vnd.intu.qbo - - - qfx - application/vnd.intu.qfx - - - qps - application/vnd.publishare-delta-tree - - - qt - video/quicktime - - - qti - image/x-quicktime - - - qtif - image/x-quicktime - - - qwd - application/vnd.quark.quarkxpress - - - qwt - application/vnd.quark.quarkxpress - - - qxb - application/vnd.quark.quarkxpress - - - qxd - application/vnd.quark.quarkxpress - - - qxl - application/vnd.quark.quarkxpress - - - qxt - application/vnd.quark.quarkxpress - - - ra - audio/x-pn-realaudio - - - ram - audio/x-pn-realaudio - - - rar - application/x-rar-compressed - - - ras - image/x-cmu-raster - - - rcprofile - application/vnd.ipunplugged.rcprofile - - - rdf - application/rdf+xml - - - rdz - application/vnd.data-vision.rdz - - - rep - application/vnd.businessobjects - - - res - application/x-dtbresource+xml - - - rgb - image/x-rgb - - - rif - application/reginfo+xml - - - rip - audio/vnd.rip - - - rl - application/resource-lists+xml - - - rlc - image/vnd.fujixerox.edmics-rlc - - - rld - application/resource-lists-diff+xml - - - rm - application/vnd.rn-realmedia - - - rmi - audio/midi - - - rmp - audio/x-pn-realaudio-plugin - - - rms - application/vnd.jcp.javame.midlet-rms - - - rnc - application/relax-ng-compact-syntax - - - roa - application/rpki-roa - - - roff - text/troff - - - rp9 - application/vnd.cloanto.rp9 - - - rpss - application/vnd.nokia.radio-presets - - - rpst - application/vnd.nokia.radio-preset - - - rq - application/sparql-query - - - rs - application/rls-services+xml - - - rsd - application/rsd+xml - - - rss - application/rss+xml - - - rtf - application/rtf - - - rtx - text/richtext - - - s - text/x-asm - - - saf - application/vnd.yamaha.smaf-audio - - - sbml - application/sbml+xml - - - sc - application/vnd.ibm.secure-container - - - scd - application/x-msschedule - - - scm - application/vnd.lotus-screencam - - - scq - application/scvp-cv-request - - - scs - application/scvp-cv-response - - - scurl - text/vnd.curl.scurl - - - sda - application/vnd.stardivision.draw - - - sdc - application/vnd.stardivision.calc - - - sdd - application/vnd.stardivision.impress - - - sdkd - application/vnd.solent.sdkm+xml - - - sdkm - application/vnd.solent.sdkm+xml - - - sdp - application/sdp - - - sdw - application/vnd.stardivision.writer - - - see - application/vnd.seemail - - - seed - application/vnd.fdsn.seed - - - sema - application/vnd.sema - - - semd - application/vnd.semd - - - semf - application/vnd.semf - - - ser - application/java-serialized-object - - - setpay - application/set-payment-initiation - - - setreg - application/set-registration-initiation - - - sfd-hdstx - application/vnd.hydrostatix.sof-data - - - sfs - application/vnd.spotfire.sfs - - - sgl - application/vnd.stardivision.writer-global - - - sgm - text/sgml - - - sgml - text/sgml - - - sh - application/x-sh - - - shar - application/x-shar - - - shf - application/shf+xml - - - - sig - application/pgp-signature - - - silo - model/mesh - - - sis - application/vnd.symbian.install - - - sisx - application/vnd.symbian.install - - - sit - application/x-stuffit - - - sitx - application/x-stuffitx - - - skd - application/vnd.koan - - - skm - application/vnd.koan - - - skp - application/vnd.koan - - - skt - application/vnd.koan - - - sldm - application/vnd.ms-powerpoint.slide.macroenabled.12 - - - sldx - application/vnd.openxmlformats-officedocument.presentationml.slide - - - slt - application/vnd.epson.salt - - - sm - application/vnd.stepmania.stepchart - - - smf - application/vnd.stardivision.math - - - smi - application/smil+xml - - - smil - application/smil+xml - - - smzip - application/vnd.stepmania.package - - - snd - audio/basic - - - snf - application/x-font-snf - - - so - application/octet-stream - - - spc - application/x-pkcs7-certificates - - - spf - application/vnd.yamaha.smaf-phrase - - - spl - application/x-futuresplash - - - spot - text/vnd.in3d.spot - - - spp - application/scvp-vp-response - - - spq - application/scvp-vp-request - - - spx - audio/ogg - - - src - application/x-wais-source - - - sru - application/sru+xml - - - srx - application/sparql-results+xml - - - sse - application/vnd.kodak-descriptor - - - ssf - application/vnd.epson.ssf - - - ssml - application/ssml+xml - - - st - application/vnd.sailingtracker.track - - - stc - application/vnd.sun.xml.calc.template - - - std - application/vnd.sun.xml.draw.template - - - stf - application/vnd.wt.stf - - - sti - application/vnd.sun.xml.impress.template - - - stk - application/hyperstudio - - - stl - application/vnd.ms-pki.stl - - - str - application/vnd.pg.format - - - stw - application/vnd.sun.xml.writer.template - - - sub - text/vnd.dvb.subtitle - - - sus - application/vnd.sus-calendar - - - susp - application/vnd.sus-calendar - - - sv4cpio - application/x-sv4cpio - - - sv4crc - application/x-sv4crc - - - svc - application/vnd.dvb.service - - - svd - application/vnd.svd - - - svg - image/svg+xml - - - svgz - image/svg+xml - - - swa - application/x-director - - - swf - application/x-shockwave-flash - - - swi - application/vnd.aristanetworks.swi - - - sxc - application/vnd.sun.xml.calc - - - sxd - application/vnd.sun.xml.draw - - - sxg - application/vnd.sun.xml.writer.global - - - sxi - application/vnd.sun.xml.impress - - - sxm - application/vnd.sun.xml.math - - - sxw - application/vnd.sun.xml.writer - - - t - text/troff - - - taglet - application/vnd.mynfc - - - tao - application/vnd.tao.intent-module-archive - - - tar - application/x-tar - - - tcap - application/vnd.3gpp2.tcap - - - tcl - application/x-tcl - - - teacher - application/vnd.smart.teacher - - - tei - application/tei+xml - - - teicorpus - application/tei+xml - - - tex - application/x-tex - - - texi - application/x-texinfo - - - texinfo - application/x-texinfo - - - text - text/plain - - - tfi - application/thraud+xml - - - tfm - application/x-tex-tfm - - - thmx - application/vnd.ms-officetheme - - - tif - image/tiff - - - tiff - image/tiff - - - tmo - application/vnd.tmobile-livetv - - - torrent - application/x-bittorrent - - - tpl - application/vnd.groove-tool-template - - - tpt - application/vnd.trid.tpt - - - tr - text/troff - - - tra - application/vnd.trueapp - - - trm - application/x-msterminal - - - tsd - application/timestamped-data - - - tsv - text/tab-separated-values - - - ttc - application/x-font-ttf - - - ttf - application/x-font-ttf - - - ttl - text/turtle - - - twd - application/vnd.simtech-mindmapper - - - twds - application/vnd.simtech-mindmapper - - - txd - application/vnd.genomatix.tuxedo - - - txf - application/vnd.mobius.txf - - - txt - text/plain - - - u32 - application/x-authorware-bin - - - udeb - application/x-debian-package - - - ufd - application/vnd.ufdl - - - ufdl - application/vnd.ufdl - - - ulw - audio/basic - - - umj - application/vnd.umajin - - - unityweb - application/vnd.unity - - - uoml - application/vnd.uoml+xml - - - uri - text/uri-list - - - uris - text/uri-list - - - urls - text/uri-list - - - ustar - application/x-ustar - - - utz - application/vnd.uiq.theme - - - uu - text/x-uuencode - - - uva - audio/vnd.dece.audio - - - uvd - application/vnd.dece.data - - - uvf - application/vnd.dece.data - - - uvg - image/vnd.dece.graphic - - - uvh - video/vnd.dece.hd - - - uvi - image/vnd.dece.graphic - - - uvm - video/vnd.dece.mobile - - - uvp - video/vnd.dece.pd - - - uvs - video/vnd.dece.sd - - - uvt - application/vnd.dece.ttml+xml - - - uvu - video/vnd.uvvu.mp4 - - - uvv - video/vnd.dece.video - - - uvva - audio/vnd.dece.audio - - - uvvd - application/vnd.dece.data - - - uvvf - application/vnd.dece.data - - - uvvg - image/vnd.dece.graphic - - - uvvh - video/vnd.dece.hd - - - uvvi - image/vnd.dece.graphic - - - uvvm - video/vnd.dece.mobile - - - uvvp - video/vnd.dece.pd - - - uvvs - video/vnd.dece.sd - - - uvvt - application/vnd.dece.ttml+xml - - - uvvu - video/vnd.uvvu.mp4 - - - uvvv - video/vnd.dece.video - - - uvvx - application/vnd.dece.unspecified - - - uvvz - application/vnd.dece.zip - - - uvx - application/vnd.dece.unspecified - - - uvz - application/vnd.dece.zip - - - vcard - text/vcard - - - vcd - application/x-cdlink - - - vcf - text/x-vcard - - - vcg - application/vnd.groove-vcard - - - vcs - text/x-vcalendar - - - vcx - application/vnd.vcx - - - vis - application/vnd.visionary - - - viv - video/vnd.vivo - - - vor - application/vnd.stardivision.writer - - - vox - application/x-authorware-bin - - - vrml - model/vrml - - - vsd - application/vnd.visio - - - vsf - application/vnd.vsf - - - vss - application/vnd.visio - - - vst - application/vnd.visio - - - vsw - application/vnd.visio - - - vtu - model/vnd.vtu - - - vxml - application/voicexml+xml - - - w3d - application/x-director - - - wad - application/x-doom - - - wav - audio/x-wav - - - wax - audio/x-ms-wax - - - - wbmp - image/vnd.wap.wbmp - - - wbs - application/vnd.criticaltools.wbs+xml - - - wbxml - application/vnd.wap.wbxml - - - wcm - application/vnd.ms-works - - - wdb - application/vnd.ms-works - - - weba - audio/webm - - - webm - video/webm - - - webp - image/webp - - - wg - application/vnd.pmi.widget - - - wgt - application/widget - - - wks - application/vnd.ms-works - - - wm - video/x-ms-wm - - - wma - audio/x-ms-wma - - - wmd - application/x-ms-wmd - - - wmf - application/x-msmetafile - - - - wml - text/vnd.wap.wml - - - - wmlc - application/vnd.wap.wmlc - - - - wmls - text/vnd.wap.wmlscript - - - - wmlsc - application/vnd.wap.wmlscriptc - - - wmv - video/x-ms-wmv - - - wmx - video/x-ms-wmx - - - wmz - application/x-ms-wmz - - - woff - application/x-font-woff - - - wpd - application/vnd.wordperfect - - - wpl - application/vnd.ms-wpl - - - wps - application/vnd.ms-works - - - wqd - application/vnd.wqd - - - wri - application/x-mswrite - - - wrl - model/vrml - - - wsdl - application/wsdl+xml - - - wspolicy - application/wspolicy+xml - - - wtb - application/vnd.webturbo - - - wvx - video/x-ms-wvx - - - x32 - application/x-authorware-bin - - - x3d - application/vnd.hzn-3d-crossword - - - xap - application/x-silverlight-app - - - xar - application/vnd.xara - - - xbap - application/x-ms-xbap - - - xbd - application/vnd.fujixerox.docuworks.binder - - - xbm - image/x-xbitmap - - - xdf - application/xcap-diff+xml - - - xdm - application/vnd.syncml.dm+xml - - - xdp - application/vnd.adobe.xdp+xml - - - xdssc - application/dssc+xml - - - xdw - application/vnd.fujixerox.docuworks - - - xenc - application/xenc+xml - - - xer - application/patch-ops-error+xml - - - xfdf - application/vnd.adobe.xfdf - - - xfdl - application/vnd.xfdl - - - xht - application/xhtml+xml - - - xhtml - application/xhtml+xml - - - xhvml - application/xv+xml - - - xif - image/vnd.xiff - - - xla - application/vnd.ms-excel - - - xlam - application/vnd.ms-excel.addin.macroenabled.12 - - - xlc - application/vnd.ms-excel - - - xlm - application/vnd.ms-excel - - - xls - application/vnd.ms-excel - - - xlsb - application/vnd.ms-excel.sheet.binary.macroenabled.12 - - - xlsm - application/vnd.ms-excel.sheet.macroenabled.12 - - - xlsx - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - - - xlt - application/vnd.ms-excel - - - xltm - application/vnd.ms-excel.template.macroenabled.12 - - - xltx - application/vnd.openxmlformats-officedocument.spreadsheetml.template - - - xlw - application/vnd.ms-excel - - - xml - application/xml - - - xo - application/vnd.olpc-sugar - - - xop - application/xop+xml - - - xpi - application/x-xpinstall - - - xpm - image/x-xpixmap - - - xpr - application/vnd.is-xpr - - - xps - application/vnd.ms-xpsdocument - - - xpw - application/vnd.intercon.formnet - - - xpx - application/vnd.intercon.formnet - - - xsl - application/xml - - - xslt - application/xslt+xml - - - xsm - application/vnd.syncml+xml - - - xspf - application/xspf+xml - - - xul - application/vnd.mozilla.xul+xml - - - xvm - application/xv+xml - - - xvml - application/xv+xml - - - xwd - image/x-xwindowdump - - - xyz - chemical/x-xyz - - - yang - application/yang - - - yin - application/yin+xml - - - z - application/x-compress - - - Z - application/x-compress - - - zaz - application/vnd.zzazz.deck+xml - - - zip - application/zip - - - zir - application/vnd.zul - - - zirz - application/vnd.zul - - - zmm - application/vnd.handheld-entertainment+xml - - - - - - - - - - - - - - - - - - index.html - index.htm - index.jsp - - - diff --git a/library/roles/tomcat-multiple-instances/handlers/main.yml b/library/roles/tomcat-multiple-instances/handlers/main.yml deleted file mode 100644 index 35d87044..00000000 --- a/library/roles/tomcat-multiple-instances/handlers/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: tomcat restart instances with changed configs - service: name='tomcat-instance-{{ item.item.http_port }}' state=restarted sleep=20 - with_items: '{{ restart_needed.results }}' - when: item is changed - ignore_errors: True - -- name: tomcat restart instances with changed jmx config - service: name='tomcat-instance-{{ item.item.http_port }}' state=restarted sleep=20 - with_items: '{{ jmx_restart_needed.results }}' - when: item is changed - ignore_errors: True - -- name: tomcat instances restart - service: name='tomcat-instance-{{ item.http_port }}' state=restarted sleep=20 - with_items: '{{ tomcat_m_instances }}' - ignore_errors: True - -- name: enable tomcat instances - service: name='tomcat-instance-{{ item.http_port }}' state=started enabled=yes sleep=20 - with_items: '{{ tomcat_m_instances }}' - ignore_errors: True - -- name: disable tomcat instances - service: name='tomcat-instance-{{ item.http_port }}' state=stopped enabled=no sleep=20 - with_items: '{{ tomcat_m_instances }}' - ignore_errors: True - diff --git a/library/roles/tomcat-multiple-instances/meta/main.yml b/library/roles/tomcat-multiple-instances/meta/main.yml deleted file mode 100644 index f7cc2f22..00000000 --- a/library/roles/tomcat-multiple-instances/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: '../../library/roles/tomcat' diff --git a/library/roles/tomcat-multiple-instances/tasks/main.yml b/library/roles/tomcat-multiple-instances/tasks/main.yml deleted file mode 100644 index 710c1c25..00000000 --- a/library/roles/tomcat-multiple-instances/tasks/main.yml +++ /dev/null @@ -1,214 +0,0 @@ ---- -# -# Note: the library role 'tomcat' is a dependency -# -- name: disable the tomcat main instance - service: name='tomcat{{ tomcat_version }}' state=stopped enabled=no - when: not tomcat_service_enabled - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create a tomcat user for each instance if needed - user: name={{ item.user }} home={{ item.user_home }} createhome=false shell={{ item.user_shell | default('/bin/false') }} - with_items: '{{ tomcat_m_instances }}' - when: - - not tomcat_m_use_default_user | bool - - item.user != "tomcat{{ tomcat_version }}" - register: tomcat_first_install - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create a tomcat user if needed - user: name={{ tomcat_m_default_user }} home={{ tomcat_m_instances_base_path }} createhome=false shell={{ tomcat_m_default_user_shell }} - when: - - tomcat_m_use_default_user | bool - - tomcat_m_default_user != "tomcat{{ tomcat_version }}" - register: tomcat_first_install - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create the instances directory trees - file: dest={{ item.0.instance_path }}/{{ item[1] }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755 state=directory - with_nested: - - '{{ tomcat_m_instances }}' - - [ 'common/classes', 'conf/Catalina/localhost', 'conf/policy.d', 'lib', 'server/classes', 'shared/classes', 'webapps' ] - register: tomcat_first_install - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create the instances log dirs - file: dest={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} owner={{ item.user }} group={{ item.user }} mode=0755 state=directory - with_items: '{{ tomcat_m_instances }}' - register: tomcat_first_install - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create the instances work dirs - file: dest={{ tomcat_m_cache_base }}/{{ item.http_port }} owner={{ item.user }} group={{ item.user }} mode=0755 state=directory - with_items: '{{ tomcat_m_instances }}' - register: tomcat_first_install - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create links to work dir inside the instances directory tree - file: src={{ tomcat_m_cache_base }}/{{ item.http_port }} dest={{ item.instance_path }}/work state=link - with_items: '{{ tomcat_m_instances }}' - register: tomcat_first_install - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create links to log dir inside the instances directory tree - file: src={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} dest={{ item.instance_path }}/logs state=link - with_items: '{{ tomcat_m_instances }}' - register: tomcat_first_install - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Create the catalina tmp directory - file: dest={{ item.catalina_tmp_directory }} state=directory owner={{ item.user }} group={{ item.user }} mode=0700 - with_items: '{{ tomcat_m_instances }}' - when: item.catalina_tmp_directory is defined - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Populate the instances conf directory - copy: src={{ item[1] }} dest={{ item.0.instance_path }}/conf/{{ item[1] }} owner={{ item.0.user }} group={{ item.0.user }} mode=0640 - with_nested: - - '{{ tomcat_m_instances }}' - - [ 'context.xml' ] - register: restart_needed - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Install catalina.properties - template: src={{ item[1] }}.j2 dest={{ item.0.instance_path }}/conf/{{ item[1] }} owner={{ item.0.user }} group={{ item.0.user }} mode=0640 - with_nested: - - '{{ tomcat_m_instances }}' - - [ 'catalina.properties' ] - register: restart_needed - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_catalina_properties' ] - -- name: Populate the instances conf/policy.d directory - copy: src=policy.d/{{ item[1] }} dest={{ item.0.instance_path }}/conf/policy.d/{{ item[1] }} owner={{ item.0.user }} group={{ item.0.user }} mode=0640 - with_nested: - - '{{ tomcat_m_instances }}' - - [ '01system.policy', '02debian.policy', '03catalina.policy', '04webapps.policy', '50local.policy' ] - register: restart_needed - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Install logging.properties if we do not use log4j for the tomcat logging - copy: src={{ item[1] }} dest={{ item.0.instance_path }}/conf/{{ item[1] }} owner={{ item.0.user }} group={{ item.0.user }} mode=0640 - with_nested: - - '{{ tomcat_m_instances }}' - - [ 'logging.properties' ] - when: - - tomcat_use_log4j is defined - - not tomcat_use_log4j | bool - register: restart_needed - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances' ] - -- name: Install the server.xml conf file - template: src=tomcat-server.xml.j2 dest={{ item.instance_path }}/conf/server.xml owner={{ item.user }} group={{ item.user }} mode=0640 - with_items: '{{ tomcat_m_instances }}' - register: restart_needed - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_serverxml' ] - -- name: Install the web.xml file - template: src=tomcat-web.xml.j2 dest={{ item.instance_path }}/conf/web.xml owner={{ item.user }} group={{ item.user }} mode=0640 - with_items: '{{ tomcat_m_instances }}' - register: restart_needed - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_serverxml' ] - -- name: Install the tomcat-admin package if the host-manager or manager apps are required - apt: pkg=tomcat{{ tomcat_version }}-admin state={{ tomcat_pkg_state }} cache_valid_time=1800 update_cache=yes - when: tomcat_m_host_manager_install | bool or tomcat_m_manager_install | bool - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_host_manager', 'tomcat_manager' ] - -- name: Install the catalina configuration for the tomcat manager - template: src=tomcat-manager.xml.j2 dest={{ item.instance_path }}/conf/Catalina/localhost/manager.xml owner={{ item.user }} group={{ item.user }} mode=0640 - with_items: '{{ tomcat_m_instances }}' - register: restart_needed - when: tomcat_m_manager_install | bool - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_manager' ] - -- name: Install the catalina configuration for the tomcat host manager - template: src=tomcat-host-manager.xml.j2 dest={{ item.instance_path }}/conf/Catalina/localhost/host-manager.xml owner={{ item.user }} group={{ item.user }} mode=0640 - with_items: '{{ tomcat_m_instances }}' - register: restart_needed - when: tomcat_m_host_manager_install | bool - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_host_manager' ] - -- name: Install the catalina configuration for the tomcat manager - template: src=tomcat-users.xml.j2 dest={{ item.instance_path }}/conf/tomcat-users.xml owner={{ item.user }} group={{ item.user }} mode=0640 - with_items: '{{ tomcat_m_instances }}' - register: restart_needed - notify: tomcat restart instances with changed configs - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_host_manager', 'tomcat_manager' ] - -- name: Install the instances startup scripts - template: src=tomcat-instance.init.j2 dest=/etc/init.d/tomcat-instance-{{ item.http_port }} mode=0755 owner=root group=root - with_items: '{{ tomcat_m_instances }}' - register: reload_systemd - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_init' ] - -- name: Install the tomcat instances default file - template: src=tomcat-default.j2 dest=/etc/default/tomcat-instance-{{ item.http_port }} mode=0640 owner=root group={{ item.user }} - with_items: '{{ tomcat_m_instances }}' - notify: tomcat instances restart - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_default', 'jdk' ] - -- name: Reload the systemd daemon if we are running on a systemd-backed server - command: systemctl daemon-reload - when: - - ansible_service_mgr == 'systemd' - - reload_systemd | bool - -- name: Install a custom context.xml file - template: src=tomcat-context.xml.j2 dest={{ item.instance_path }}/conf/context.xml owner={{ item.user }} group={{ item.user }} mode=0640 - with_items: '{{ tomcat_m_instances }}' - register: restart_needed - notify: tomcat restart instances with changed configs - when: tomcat_m_jndi_pool | bool - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_contextxml', 'jdk' ] - -- name: Install a logrotate entry for the access log file - template: src=tomcat.logrotate.j2 dest=/etc/logrotate.d/tomcat_instance-{{ item.http_port }} owner=root group=root mode=0644 - with_items: '{{ tomcat_m_instances }}' - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_conf' ] - -- name: Install the jmx authorization file - template: src=jmxremote.passwd.j2 dest={{ item.instance_path }}/conf/jmxremote.passwd owner={{ item.user }} group={{ item.user }} mode=0600 - with_items: '{{ tomcat_m_instances }}' - when: - - item.jmx_enabled is defined - - item.jmx_auth_enabled is defined - - item.jmx_enabled | bool - - item.jmx_auth_enabled | bool - register: jmx_restart_needed - notify: tomcat restart instances with changed jmx config - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_jmx' ] - -- name: Install the jmx role file - copy: src=jmxremote.access dest={{ item.instance_path }}/conf/jmxremote.access owner={{ item.user }} group={{ item.user }} mode=0644 - with_items: '{{ tomcat_m_instances }}' - when: - - item.jmx_enabled is defined - - item.jmx_auth_enabled is defined - - item.jmx_enabled | bool - - item.jmx_auth_enabled | bool - register: jmx_restart_needed - notify: tomcat restart instances with changed jmx config - tags: [ 'tomcat', 'tomcat_instances', 'tomcat_jmx' ] - -- name: Start all the tomcat instances - service: name='tomcat-instance-{{ item.http_port }}' state=started sleep=20 - with_items: '{{ tomcat_m_instances }}' - when: - - tomcat_first_install.changed | bool - - tomcat_m_start_instances | bool - tags: [ 'tomcat', 'tomcat_instances'] - ignore_errors: True - -- name: Enable all the tomcat instances - service: name='tomcat-instance-{{ item.http_port }}' enabled=yes - with_items: '{{ tomcat_m_instances }}' - when: tomcat_m_enable_instances | bool - tags: [ 'tomcat', 'tomcat_instances'] diff --git a/library/roles/tomcat-multiple-instances/templates/catalina.properties.j2 b/library/roles/tomcat-multiple-instances/templates/catalina.properties.j2 deleted file mode 100644 index bc1d2045..00000000 --- a/library/roles/tomcat-multiple-instances/templates/catalina.properties.j2 +++ /dev/null @@ -1,135 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper. - -# -# -# List of comma-separated paths defining the contents of the "common" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank,the JVM system loader will be used as Catalina's "common" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.base}/common/classes,${catalina.base}/common/*.jar - -# -# List of comma-separated paths defining the contents of the "server" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank, the "common" loader will be used as Catalina's "server" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -server.loader=${catalina.base}/server/classes,${catalina.base}/server/*.jar - -# -# List of comma-separated paths defining the contents of the "shared" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_BASE path or absolute. If left as blank, -# the "common" loader will be used as Catalina's "shared" loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -# Please note that for single jars, e.g. bar.jar, you need the URL form -# starting with file:. -shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/*.jar - -# List of JAR files that should not be scanned for configuration information -# such as web fragments, TLD files etc. It must be a comma separated list of -# JAR file names. -# The JARs listed below include: -# - Tomcat Bootstrap JARs -# - Tomcat API JARs -# - Catalina JARs -# - Jasper JARs -# - Tomcat JARs -# - Common non-Tomcat JARs -# - Sun JDK JARs -# - Apple JDK JARs -tomcat.util.scan.DefaultJarScanner.jarsToSkip=\ -bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\ -annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\ -catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\ -jasper.jar,jasper-el.jar,ecj-*.jar,\ -tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\ -tomcat-jni.jar,tomcat-spdy.jar,\ -tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\ -tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\ -tomcat-jdbc.jar,\ -tools.jar,\ -commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\ -commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\ -commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\ -commons-math*.jar,commons-pool*.jar,\ -jstl.jar,\ -geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\ -ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\ -jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\ -xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\ -junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\ -cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\ -jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\ -xom-*.jar - -# Additional JARs (over and above the default JARs listed above) to skip when -# scanning for Servlet 3.0 pluggability features. These features include web -# fragments, annotations, SCIs and classes that match @HandlesTypes. The list -# must be a comma separated list of JAR file names. -org.apache.catalina.startup.ContextConfig.jarsToSkip= - -# Additional JARs (over and above the default JARs listed above) to skip when -# scanning for TLDs. The list must be a comma separated list of JAR file names. -org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar - -# -# String cache configuration. -tomcat.util.buf.StringCache.byte.enabled=true -#tomcat.util.buf.StringCache.char.enabled=true -#tomcat.util.buf.StringCache.trainThreshold=500000 -#tomcat.util.buf.StringCache.cacheSize=5000 - -{% if tomcat_m_catalina_opts is defined %} -# Custom configurations -{% for opt in tomcat_m_catalina_opts %} -{{ opt }} -{% endfor %} -{% endif %} diff --git a/library/roles/tomcat-multiple-instances/templates/jmxremote.passwd.j2 b/library/roles/tomcat-multiple-instances/templates/jmxremote.passwd.j2 deleted file mode 100644 index c064d4d6..00000000 --- a/library/roles/tomcat-multiple-instances/templates/jmxremote.passwd.j2 +++ /dev/null @@ -1,2 +0,0 @@ -monitorRole {{ item.jmx_monitorpass }} -controlRole {{ item.jmx_controlpass }} diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-context.xml.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-context.xml.j2 deleted file mode 100644 index ba40c066..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-context.xml.j2 +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - - WEB-INF/web.xml - - - - - - -{% if tomcat_m_jndi_pool %} -{% if tomcat_jndi_pool_databases is defined %} -{% for pool in tomcat_jndi_pool_databases %} - - -{% endfor %} -{% else %} - -{% endif %} -{% endif %} - - diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-default.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-default.j2 deleted file mode 100644 index 54afff18..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-default.j2 +++ /dev/null @@ -1,80 +0,0 @@ -{% if limits_nofile_value is defined %} -ulimit -Hn {{ limits_nofile_value }} -ulimit -Sn {{ limits_nofile_value }} -{% endif %} -TOMCAT_USER={{ item.user }} -TOMCAT_GROUP={{ item.user }} -JAVA_HOME={{ item.java_home }} -JAVA_OPTS="-server -Djava.awt.headless=true -Dfile.encoding={{ tomcat_m_file_encoding }}" -{% if jdk_default >= 8 %} -JAVA_OPTS="{{ tomcat_m_additional_java_8_opts }} $JAVA_OPTS" -{% endif %} - -{% if item.java_heap is defined %} -JAVA_HEAP="{{ item.java_heap }}" -{% else %} -JAVA_HEAP="{{ tomcat_m_java_opts_heap }}" -{% endif %} -JAVA_PERMGEN= -{% if jdk_default <= 7 %} -{% if item.java_permgen_size is defined %} -JAVA_PERMGEN="-XX:MaxPermSize={{ item.java_permgen_size }}" -{% else %} -JAVA_PERMGEN="-XX:MaxPermSize={{ tomcat_m_permgen_size }}" -{% endif %} -{% endif %} -{% if item.java_opts is defined %} -JAVA_OPTS="{{ item.java_opts }} $JAVA_OPTS $JAVA_HEAP $JAVA_PERMGEN" -{% endif %} -{% if item.java_gc_opts is defined %} -JAVA_OPTS="{{ item.java_gc_opts }} $JAVA_OPTS" -{% endif %} -{% if item.proxy_enabled is defined and item.proxy_enabled %} -{% if item.proxy_opts is defined %} -JAVA_OPTS="${JAVA_OPTS} {{ item.proxy_opts }}" -{% else %} -JAVA_OPTS="${JAVA_OPTS} {{ tomcat_m_proxy_opts }}" -{% endif %} -{% endif %} -{% if item.other_java_opts is defined %} -JAVA_OPTS="${JAVA_OPTS} {{ item.other_java_opts }}" -{% endif %} -{% if item.jmx_enabled is defined and item.jmx_enabled %} -# JMX settings -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port={{ item.jmx_port | default('8186') }}" -{% if item.jmx_use_ssl is defined and item.jmx_use_ssl %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=true" -{% else %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false" -{% endif %} -{% if item.jmx_localhost_only is defined and item.jmx_localhost_only %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.local.only=true -Djava.rmi.server.hostname=127.0.0.1" -{% else %} -JAVA_OPTS="${JAVA_OPTS} -Djava.rmi.server.hostname={{ tomcat_m_jmx_ip_address }}" -{% endif %} -{% if item.jmx_auth_enabled is defined and item.jmx_auth_enabled %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file={{ item.jmx_auth_dir }}/jmxremote.password -Dcom.sun.management.jmxremote.access.file={{ item.jmx_auth_dir }}/jmxremote.access" -{% else %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false" -{% endif %} -{% if item.jmx_disable_additional_ports is defined and item.jmx_disable_additional_ports %} -JAVA_OPTS="${JAVA_OPTS} -XX:+DisableAttachMechanism -Dcom.sun.management.jmxremote.rmi.port={{ item.jmx_port }}" -{% endif %} -{% endif %} -{% if item.remote_debugging is defined and item.remote_debugging %} -# You will be able to use a java debugger on port {{ item.remote_debugging_uri }}. -JAVA_OPTS="${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,address={{ item.remote_debugging_uri }},server=y,suspend=n" -{% endif %} -# WARNING: This directory will be destroyed and recreated at every startup ! -{% if item.catalina_tmp_directory is defined %} -JVM_TMP={{ item.catalina_tmp_directory }}/jvm_tmp -{% else %} -JVM_TMP={{ item.instance_path }}/tmp/jvm_tmp -{% endif %} -{% if item.catalina_tmp_directory is defined %} -export CATALINA_TMPDIR={{ item.catalina_tmp_directory }} -{% endif %} -# Additional options not managed by the provisioning tools -if [ -f /etc/default/tomcat-instance-{{ item.http_port }}.local ] ; then - . /etc/default/tomcat-instance-{{ item.http_port }}.local -fi diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-host-manager.xml.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-host-manager.xml.j2 deleted file mode 100644 index 73081d01..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-host-manager.xml.j2 +++ /dev/null @@ -1,3 +0,0 @@ - diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-instance.init.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-instance.init.j2 deleted file mode 100755 index d13361c5..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-instance.init.j2 +++ /dev/null @@ -1,310 +0,0 @@ -#!/bin/sh -# -# /etc/init.d/tomcat-instance-{{ item.http_port }} -- startup script for the Tomcat {{ tomcat_version }} {{ item.user }} servlet engine on port {{ item.http_port }} -# -# Written by Miquel van Smoorenburg . -# Modified for Debian GNU/Linux by Ian Murdock . -# Modified for Tomcat by Stefan Gybas . -# Modified for Tomcat6 by Thierry Carrez . -# Modified for Tomcat7 by Ernesto Hernandez-Novich . -# Additional improvements by Jason Brittain . -# -### BEGIN INIT INFO -# Provides: tomcat-instance-{{ item.http_port }} -# Required-Start: $local_fs $remote_fs $network -# Required-Stop: $local_fs $remote_fs $network -# Should-Start: $named -# Should-Stop: $named -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start Tomcat. -# Description: Start the Tomcat servlet engine. -### END INIT INFO - -set -e - -PATH=/bin:/usr/bin:/sbin:/usr/sbin -NAME=tomcat-instance-{{ item.http_port }} -DESC="Tomcat servlet engine" -DEFAULT=/etc/default/$NAME -JVM_TMP=/var/tmp/$NAME-tmp - -if [ `id -u` -ne 0 ]; then - echo "You need root privileges to run this script" - exit 1 -fi - -# Make sure tomcat is started with system locale -if [ -r /etc/default/locale ]; then - . /etc/default/locale - export LANG -fi - -. /lib/lsb/init-functions - -if [ -r /etc/default/rcS ]; then - . /etc/default/rcS -fi - - -# The following variables can be overwritten in $DEFAULT - -# Run Tomcat {{ tomcat_version }} as this user ID and group ID -TOMCAT{{ tomcat_version }}_USER={{ item.user }} -TOMCAT{{ tomcat_version }}_GROUP={{ item.user }} - -# this is a work-around until there is a suitable runtime replacement -# for dpkg-architecture for arch:all packages -# this function sets the variable OPENJDKS -find_openjdks() -{ - for jvmdir in /usr/lib/jvm/java-11-openjdk-* - do - if [ -d "${jvmdir}" -a "${jvmdir}" != "/usr/lib/jvm/java-11-openjdk-common" ] - then - OPENJDKS=$jvmdir - fi - done - for jvmdir in /usr/lib/jvm/java-8-openjdk-* - do - if [ -d "${jvmdir}" -a "${jvmdir}" != "/usr/lib/jvm/java-8-openjdk-common" ] - then - OPENJDKS=$jvmdir - fi - done - for jvmdir in /usr/lib/jvm/java-7-openjdk-* - do - if [ -d "${jvmdir}" -a "${jvmdir}" != "/usr/lib/jvm/java-7-openjdk-common" ] - then - OPENJDKS=$jvmdir - fi - done - for jvmdir in /usr/lib/jvm/java-6-openjdk-* - do - if [ -d "${jvmdir}" -a "${jvmdir}" != "/usr/lib/jvm/java-6-openjdk-common" ] - then - OPENJDKS="${OPENJDKS} ${jvmdir}" - fi - done -} - -OPENJDKS="" -find_openjdks -# The first existing directory is used for JAVA_HOME (if JAVA_HOME is not -# defined in $DEFAULT) -JDK_DIRS="/usr/lib/jvm/default-java ${OPENJDKS} /usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-sun" - -# Look for the right JVM to use -for jdir in $JDK_DIRS; do - if [ -r "$jdir/bin/java" -a -z "${JAVA_HOME}" ]; then - JAVA_HOME="$jdir" - fi -done -export JAVA_HOME - -# Directory where the Tomcat binary distribution resides -CATALINA_HOME=/usr/share/tomcat{{ tomcat_version }} - -# Directory for per-instance configuration files and webapps -CATALINA_BASE={{ item.instance_path }} - -# Use the Java security manager? (yes/no) -TOMCAT{{ tomcat_version }}_SECURITY=no - -# Default Java options -# Set java.awt.headless=true if JAVA_OPTS is not set so the -# Xalan XSL transformer can work without X11 display on JDK 1.4+ -# It also looks like the default heap size of 64M is not enough for most cases -# so the maximum heap size is set to 128M -if [ -z "$JAVA_OPTS" ]; then - JAVA_OPTS="-Djava.awt.headless=true -Xmx512M" -fi - -# End of variables that can be overwritten in $DEFAULT - -# overwrite settings from default file -if [ -f "$DEFAULT" ]; then - . "$DEFAULT" -fi - -if [ ! -f "$CATALINA_HOME/bin/bootstrap.jar" ]; then - log_failure_msg "$NAME is not installed" - exit 1 -fi - -POLICY_CACHE="$CATALINA_BASE/work/catalina.policy" - -if [ -z "$CATALINA_TMPDIR" ]; then - CATALINA_TMPDIR="$JVM_TMP" -fi - -# Set the JSP compiler if set in the ${ NAME }.default file -if [ -n "$JSP_COMPILER" ]; then - JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\"" -fi - -SECURITY="" -if [ "$TOMCAT{{ tomcat_version }}_SECURITY" = "yes" ]; then - SECURITY="-security" -fi - -# Define other required variables -CATALINA_PID="/var/run/$NAME.pid" -CATALINA_SH="$CATALINA_HOME/bin/catalina.sh" - -# Look for Java Secure Sockets Extension (JSSE) JARs -if [ -z "${JSSE_HOME}" -a -r "${JAVA_HOME}/jre/lib/jsse.jar" ]; then - JSSE_HOME="${JAVA_HOME}/jre/" -fi - -catalina_sh() { - # Escape any double quotes in the value of JAVA_OPTS - JAVA_OPTS="$(echo $JAVA_OPTS | sed 's/\"/\\\"/g')" - - AUTHBIND_COMMAND="" - if [ "$AUTHBIND" = "yes" -a "$1" = "start" ]; then - JAVA_OPTS="$JAVA_OPTS -Djava.net.preferIPv4Stack=true" - AUTHBIND_COMMAND="/usr/bin/authbind --deep /bin/bash -c " - fi - - # Define the command to run Tomcat's catalina.sh as a daemon - # set -a tells sh to export assigned variables to spawned shells. - TOMCAT_SH="set -a; JAVA_HOME=\"$JAVA_HOME\"; source \"$DEFAULT\"; \ - CATALINA_HOME=\"$CATALINA_HOME\"; \ - CATALINA_BASE=\"$CATALINA_BASE\"; \ - JAVA_OPTS=\"$JAVA_OPTS\"; \ - CATALINA_PID=\"$CATALINA_PID\"; \ - CATALINA_TMPDIR=\"$CATALINA_TMPDIR\"; \ - LANG=\"$LANG\"; JSSE_HOME=\"$JSSE_HOME\"; \ - cd \"$CATALINA_BASE\"; \ - \"$CATALINA_SH\" $@" - - if [ "$AUTHBIND" = "yes" -a "$1" = "start" ]; then - TOMCAT_SH="'$TOMCAT_SH'" - fi - - # Run the catalina.sh script as a daemon - set +e - touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out - chown $TOMCAT{{ tomcat_version }}_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out - start-stop-daemon --start -b -u "$TOMCAT{{ tomcat_version }}_USER" -g "$TOMCAT{{ tomcat_version }}_GROUP" \ - -c "$TOMCAT{{ tomcat_version }}_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \ - -x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH" - status="$?" - set +a -e - return $status -} - -case "$1" in - start) - if [ -z "$JAVA_HOME" ]; then - log_failure_msg "no JDK found - please set JAVA_HOME" - exit 1 - fi - - if [ ! -d "$CATALINA_BASE/conf" ]; then - log_failure_msg "invalid CATALINA_BASE: $CATALINA_BASE" - exit 1 - fi - - log_daemon_msg "Starting $DESC" "$NAME" - if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \ - --user $TOMCAT{{ tomcat_version }}_USER --exec "$JAVA_HOME/bin/java" \ - >/dev/null; then - - # Regenerate POLICY_CACHE file - umask 022 - echo "// AUTO-GENERATED FILE from {{ item.instance_path }}/conf/policy.d/" \ - > "$POLICY_CACHE" - echo "" >> "$POLICY_CACHE" - cat $CATALINA_BASE/conf/policy.d/*.policy \ - >> "$POLICY_CACHE" - - # Remove / recreate JVM_TMP directory - rm -rf "$JVM_TMP" - mkdir -p "$JVM_TMP" || { - log_failure_msg "could not create JVM temporary directory" - exit 1 - } - chown $TOMCAT{{ tomcat_version }}_USER "$JVM_TMP" - - catalina_sh start $SECURITY - sleep 5 - if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \ - --user $TOMCAT{{ tomcat_version }}_USER --exec "$JAVA_HOME/bin/java" \ - >/dev/null; then - if [ -f "$CATALINA_PID" ]; then - rm -f "$CATALINA_PID" - fi - log_end_msg 1 - else - log_end_msg 0 - fi - else - log_progress_msg "(already running)" - log_end_msg 0 - fi - ;; - stop) - log_daemon_msg "Stopping $DESC" "$NAME" - - set +e - if [ -f "$CATALINA_PID" ]; then - start-stop-daemon --stop --pidfile "$CATALINA_PID" \ - --user "$TOMCAT{{ tomcat_version }}_USER" \ - --retry=TERM/20/KILL/5 >/dev/null - if [ $? -eq 1 ]; then - log_progress_msg "$DESC is not running but pid file exists, cleaning up" - elif [ $? -eq 3 ]; then - PID="`cat $CATALINA_PID`" - log_failure_msg "Failed to stop $NAME (pid $PID)" - exit 1 - fi - rm -f "$CATALINA_PID" - rm -rf "$JVM_TMP" - else - log_progress_msg "(not running)" - fi - log_end_msg 0 - set -e - ;; - status) - set +e - start-stop-daemon --test --start --pidfile "$CATALINA_PID" \ - --user $TOMCAT{{ tomcat_version }}_USER --exec "$JAVA_HOME/bin/java" \ - >/dev/null 2>&1 - if [ "$?" = "0" ]; then - - if [ -f "$CATALINA_PID" ]; then - log_success_msg "$DESC is not running, but pid file exists." - exit 1 - else - log_success_msg "$DESC is not running." - exit 3 - fi - else - log_success_msg "$DESC is running with pid `cat $CATALINA_PID`" - fi - set -e - ;; - restart|force-reload) - if [ -f "$CATALINA_PID" ]; then - $0 stop - sleep 1 - fi - $0 start - ;; - try-restart) - if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \ - --user $TOMCAT{{ tomcat_version }}_USER --exec "$JAVA_HOME/bin/java" \ - >/dev/null; then - $0 start - fi - ;; - *) - log_success_msg "Usage: $0 {start|stop|restart|try-restart|force-reload|status}" - exit 1 - ;; -esac - -exit 0 diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-manager.xml.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-manager.xml.j2 deleted file mode 100644 index 13ca5225..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-manager.xml.j2 +++ /dev/null @@ -1,3 +0,0 @@ - diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-server.xml.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-server.xml.j2 deleted file mode 100644 index 3a7863a0..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-server.xml.j2 +++ /dev/null @@ -1,146 +0,0 @@ - - - -{% if item.shutdown_port == '-1' %} - -{% else %} - - {% endif %} -{% if tomcat_version <= 7 %} - -{% endif %} - - - - - - - - - - - -{% if item.http_enabled %} - -{% endif %} - - -{% if item.http_enabled %} - - -{% endif %} - -{% if item.ajp_enabled %} - - -{% endif %} - - - - - - - - - - - -{% if item.access_log_enabled %} - - - - -{% endif %} - - - - diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-users.xml.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-users.xml.j2 deleted file mode 100644 index 8eaf5da8..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-users.xml.j2 +++ /dev/null @@ -1,49 +0,0 @@ - - - - -{% if tomcat_m_host_manager_install or tomcat_m_manager_install %} - - - - -{% if tomcat_m_manager_gui_user_enabled %} - -{% endif %} -{% if tomcat_m_manager_script_user_enabled %} - -{% endif %} -{% if tomcat_m_manager_jmx_user_enabled %} - -{% endif %} -{% if tomcat_m_manager_status_user_enabled %} - -{% endif %} - -{% if tomcat_m_manager_other_roles is defined %} -{% for t_adm in tomcat_m_manager_other_roles %} - - -{% endfor %} -{% endif %} -{% endif %} - diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-web.xml.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-web.xml.j2 deleted file mode 100644 index d27fdfb5..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat-web.xml.j2 +++ /dev/null @@ -1,4344 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - org.apache.catalina.servlets.DefaultServlet - - debug - 0 - - - listings - false - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - jsp - org.apache.jasper.servlet.JspServlet - - fork - false - - - xpoweredBy - false - - 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - / - - - - - jsp - *.jsp - *.jspx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -{% if tomcat_javamelody %} - - - - - javamelody - net.bull.javamelody.MonitoringFilter - - - log - true - - - - - javamelody - /* - - - net.bull.javamelody.SessionListener - -{% endif %} - - - - - - - 30 - - - - - - - - - - - - 123 - application/vnd.lotus-1-2-3 - - - 3dml - text/vnd.in3d.3dml - - - 3g2 - video/3gpp2 - - - 3gp - video/3gpp - - - 7z - application/x-7z-compressed - - - aab - application/x-authorware-bin - - - aac - audio/x-aac - - - aam - application/x-authorware-map - - - aas - application/x-authorware-seg - - - abs - audio/x-mpeg - - - abw - application/x-abiword - - - ac - application/pkix-attr-cert - - - acc - application/vnd.americandynamics.acc - - - ace - application/x-ace-compressed - - - acu - application/vnd.acucobol - - - acutc - application/vnd.acucorp - - - adp - audio/adpcm - - - aep - application/vnd.audiograph - - - afm - application/x-font-type1 - - - afp - application/vnd.ibm.modcap - - - ahead - application/vnd.ahead.space - - - ai - application/postscript - - - aif - audio/x-aiff - - - aifc - audio/x-aiff - - - aiff - audio/x-aiff - - - aim - application/x-aim - - - air - application/vnd.adobe.air-application-installer-package+zip - - - ait - application/vnd.dvb.ait - - - ami - application/vnd.amiga.ami - - - anx - application/annodex - - - apk - application/vnd.android.package-archive - - - application - application/x-ms-application - - - apr - application/vnd.lotus-approach - - - art - image/x-jg - - - asc - application/pgp-signature - - - asf - video/x-ms-asf - - - asm - text/x-asm - - - aso - application/vnd.accpac.simply.aso - - - asx - video/x-ms-asf - - - atc - application/vnd.acucorp - - - atom - application/atom+xml - - - atomcat - application/atomcat+xml - - - atomsvc - application/atomsvc+xml - - - atx - application/vnd.antix.game-component - - - au - audio/basic - - - avi - video/x-msvideo - - - avx - video/x-rad-screenplay - - - aw - application/applixware - - - axa - audio/annodex - - - axv - video/annodex - - - azf - application/vnd.airzip.filesecure.azf - - - azs - application/vnd.airzip.filesecure.azs - - - azw - application/vnd.amazon.ebook - - - bat - application/x-msdownload - - - bcpio - application/x-bcpio - - - bdf - application/x-font-bdf - - - bdm - application/vnd.syncml.dm+wbxml - - - bed - application/vnd.realvnc.bed - - - bh2 - application/vnd.fujitsu.oasysprs - - - bin - application/octet-stream - - - bmi - application/vnd.bmi - - - bmp - image/bmp - - - body - text/html - - - book - application/vnd.framemaker - - - box - application/vnd.previewsystems.box - - - boz - application/x-bzip2 - - - bpk - application/octet-stream - - - btif - image/prs.btif - - - bz - application/x-bzip - - - bz2 - application/x-bzip2 - - - c - text/x-c - - - c11amc - application/vnd.cluetrust.cartomobile-config - - - c11amz - application/vnd.cluetrust.cartomobile-config-pkg - - - c4d - application/vnd.clonk.c4group - - - c4f - application/vnd.clonk.c4group - - - c4g - application/vnd.clonk.c4group - - - c4p - application/vnd.clonk.c4group - - - c4u - application/vnd.clonk.c4group - - - cab - application/vnd.ms-cab-compressed - - - cap - application/vnd.tcpdump.pcap - - - car - application/vnd.curl.car - - - cat - application/vnd.ms-pki.seccat - - - cc - text/x-c - - - cct - application/x-director - - - ccxml - application/ccxml+xml - - - cdbcmsg - application/vnd.contact.cmsg - - - cdf - application/x-cdf - - - cdkey - application/vnd.mediastation.cdkey - - - cdmia - application/cdmi-capability - - - cdmic - application/cdmi-container - - - cdmid - application/cdmi-domain - - - cdmio - application/cdmi-object - - - cdmiq - application/cdmi-queue - - - cdx - chemical/x-cdx - - - cdxml - application/vnd.chemdraw+xml - - - cdy - application/vnd.cinderella - - - cer - application/pkix-cert - - - cgm - image/cgm - - - chat - application/x-chat - - - chm - application/vnd.ms-htmlhelp - - - chrt - application/vnd.kde.kchart - - - cif - chemical/x-cif - - - cii - application/vnd.anser-web-certificate-issue-initiation - - - cil - application/vnd.ms-artgalry - - - cla - application/vnd.claymore - - - class - application/java - - - clkk - application/vnd.crick.clicker.keyboard - - - clkp - application/vnd.crick.clicker.palette - - - clkt - application/vnd.crick.clicker.template - - - clkw - application/vnd.crick.clicker.wordbank - - - clkx - application/vnd.crick.clicker - - - clp - application/x-msclip - - - cmc - application/vnd.cosmocaller - - - cmdf - chemical/x-cmdf - - - cml - chemical/x-cml - - - cmp - application/vnd.yellowriver-custom-menu - - - cmx - image/x-cmx - - - cod - application/vnd.rim.cod - - - com - application/x-msdownload - - - conf - text/plain - - - cpio - application/x-cpio - - - cpp - text/x-c - - - cpt - application/mac-compactpro - - - crd - application/x-mscardfile - - - crl - application/pkix-crl - - - crt - application/x-x509-ca-cert - - - cryptonote - application/vnd.rig.cryptonote - - - csh - application/x-csh - - - csml - chemical/x-csml - - - csp - application/vnd.commonspace - - - css - text/css - - - cst - application/x-director - - - csv - text/csv - - - cu - application/cu-seeme - - - curl - text/vnd.curl - - - cww - application/prs.cww - - - cxt - application/x-director - - - cxx - text/x-c - - - dae - model/vnd.collada+xml - - - daf - application/vnd.mobius.daf - - - dataless - application/vnd.fdsn.seed - - - davmount - application/davmount+xml - - - dcr - application/x-director - - - dcurl - text/vnd.curl.dcurl - - - dd2 - application/vnd.oma.dd2+xml - - - ddd - application/vnd.fujixerox.ddd - - - deb - application/x-debian-package - - - def - text/plain - - - deploy - application/octet-stream - - - der - application/x-x509-ca-cert - - - dfac - application/vnd.dreamfactory - - - dib - image/bmp - - - dic - text/x-c - - - dir - application/x-director - - - dis - application/vnd.mobius.dis - - - dist - application/octet-stream - - - distz - application/octet-stream - - - djv - image/vnd.djvu - - - djvu - image/vnd.djvu - - - dll - application/x-msdownload - - - dmg - application/octet-stream - - - dmp - application/vnd.tcpdump.pcap - - - dms - application/octet-stream - - - dna - application/vnd.dna - - - doc - application/msword - - - docm - application/vnd.ms-word.document.macroenabled.12 - - - docx - application/vnd.openxmlformats-officedocument.wordprocessingml.document - - - dot - application/msword - - - dotm - application/vnd.ms-word.template.macroenabled.12 - - - dotx - application/vnd.openxmlformats-officedocument.wordprocessingml.template - - - dp - application/vnd.osgi.dp - - - dpg - application/vnd.dpgraph - - - dra - audio/vnd.dra - - - dsc - text/prs.lines.tag - - - dssc - application/dssc+der - - - dtb - application/x-dtbook+xml - - - dtd - application/xml-dtd - - - dts - audio/vnd.dts - - - dtshd - audio/vnd.dts.hd - - - dump - application/octet-stream - - - dv - video/x-dv - - - dvb - video/vnd.dvb.file - - - dvi - application/x-dvi - - - dwf - model/vnd.dwf - - - dwg - image/vnd.dwg - - - dxf - image/vnd.dxf - - - dxp - application/vnd.spotfire.dxp - - - dxr - application/x-director - - - ecelp4800 - audio/vnd.nuera.ecelp4800 - - - ecelp7470 - audio/vnd.nuera.ecelp7470 - - - ecelp9600 - audio/vnd.nuera.ecelp9600 - - - ecma - application/ecmascript - - - edm - application/vnd.novadigm.edm - - - edx - application/vnd.novadigm.edx - - - efif - application/vnd.picsel - - - ei6 - application/vnd.pg.osasli - - - elc - application/octet-stream - - - eml - message/rfc822 - - - emma - application/emma+xml - - - eol - audio/vnd.digital-winds - - - eot - application/vnd.ms-fontobject - - - eps - application/postscript - - - epub - application/epub+zip - - - es3 - application/vnd.eszigno3+xml - - - esf - application/vnd.epson.esf - - - et3 - application/vnd.eszigno3+xml - - - etx - text/x-setext - - - exe - application/octet-stream - - - exi - application/exi - - - ext - application/vnd.novadigm.ext - - - ez - application/andrew-inset - - - ez2 - application/vnd.ezpix-album - - - ez3 - application/vnd.ezpix-package - - - f - text/x-fortran - - - f4v - video/x-f4v - - - f77 - text/x-fortran - - - f90 - text/x-fortran - - - fbs - image/vnd.fastbidsheet - - - fcs - application/vnd.isac.fcs - - - fdf - application/vnd.fdf - - - fe_launch - application/vnd.denovo.fcselayout-link - - - fg5 - application/vnd.fujitsu.oasysgp - - - fgd - application/x-director - - - fh - image/x-freehand - - - fh4 - image/x-freehand - - - fh5 - image/x-freehand - - - fh7 - image/x-freehand - - - fhc - image/x-freehand - - - fig - application/x-xfig - - - flac - audio/flac - - - fli - video/x-fli - - - flo - application/vnd.micrografx.flo - - - flv - video/x-flv - - - flw - application/vnd.kde.kivio - - - flx - text/vnd.fmi.flexstor - - - fly - text/vnd.fly - - - fm - application/vnd.framemaker - - - fnc - application/vnd.frogans.fnc - - - for - text/x-fortran - - - fpx - image/vnd.fpx - - - frame - application/vnd.framemaker - - - fsc - application/vnd.fsc.weblaunch - - - fst - image/vnd.fst - - - ftc - application/vnd.fluxtime.clip - - - fti - application/vnd.anser-web-funds-transfer-initiation - - - fvt - video/vnd.fvt - - - fxp - application/vnd.adobe.fxp - - - fxpl - application/vnd.adobe.fxp - - - fzs - application/vnd.fuzzysheet - - - g2w - application/vnd.geoplan - - - g3 - image/g3fax - - - g3w - application/vnd.geospace - - - gac - application/vnd.groove-account - - - gbr - application/rpki-ghostbusters - - - gdl - model/vnd.gdl - - - geo - application/vnd.dynageo - - - gex - application/vnd.geometry-explorer - - - ggb - application/vnd.geogebra.file - - - ggt - application/vnd.geogebra.tool - - - ghf - application/vnd.groove-help - - - gif - image/gif - - - gim - application/vnd.groove-identity-message - - - gmx - application/vnd.gmx - - - gnumeric - application/x-gnumeric - - - gph - application/vnd.flographit - - - gqf - application/vnd.grafeq - - - gqs - application/vnd.grafeq - - - gram - application/srgs - - - gre - application/vnd.geometry-explorer - - - grv - application/vnd.groove-injector - - - grxml - application/srgs+xml - - - gsf - application/x-font-ghostscript - - - gtar - application/x-gtar - - - gtm - application/vnd.groove-tool-message - - - gtw - model/vnd.gtw - - - gv - text/vnd.graphviz - - - gxt - application/vnd.geonext - - - gz - application/x-gzip - - - h - text/x-c - - - h261 - video/h261 - - - h263 - video/h263 - - - h264 - video/h264 - - - hal - application/vnd.hal+xml - - - hbci - application/vnd.hbci - - - hdf - application/x-hdf - - - hh - text/x-c - - - hlp - application/winhlp - - - hpgl - application/vnd.hp-hpgl - - - hpid - application/vnd.hp-hpid - - - hps - application/vnd.hp-hps - - - hqx - application/mac-binhex40 - - - htc - text/x-component - - - htke - application/vnd.kenameaapp - - - htm - text/html - - - html - text/html - - - hvd - application/vnd.yamaha.hv-dic - - - hvp - application/vnd.yamaha.hv-voice - - - hvs - application/vnd.yamaha.hv-script - - - i2g - application/vnd.intergeo - - - icc - application/vnd.iccprofile - - - ice - x-conference/x-cooltalk - - - icm - application/vnd.iccprofile - - - ico - image/x-icon - - - ics - text/calendar - - - ief - image/ief - - - ifb - text/calendar - - - ifm - application/vnd.shana.informed.formdata - - - iges - model/iges - - - igl - application/vnd.igloader - - - igm - application/vnd.insors.igm - - - igs - model/iges - - - igx - application/vnd.micrografx.igx - - - iif - application/vnd.shana.informed.interchange - - - imp - application/vnd.accpac.simply.imp - - - ims - application/vnd.ms-ims - - - in - text/plain - - - ink - application/inkml+xml - - - inkml - application/inkml+xml - - - iota - application/vnd.astraea-software.iota - - - ipfix - application/ipfix - - - ipk - application/vnd.shana.informed.package - - - irm - application/vnd.ibm.rights-management - - - irp - application/vnd.irepository.package+xml - - - iso - application/octet-stream - - - itp - application/vnd.shana.informed.formtemplate - - - ivp - application/vnd.immervision-ivp - - - ivu - application/vnd.immervision-ivu - - - jad - text/vnd.sun.j2me.app-descriptor - - - jam - application/vnd.jam - - - jar - application/java-archive - - - java - text/x-java-source - - - jisp - application/vnd.jisp - - - jlt - application/vnd.hp-jlyt - - - jnlp - application/x-java-jnlp-file - - - joda - application/vnd.joost.joda-archive - - - jpe - image/jpeg - - - jpeg - image/jpeg - - - jpg - image/jpeg - - - jpgm - video/jpm - - - jpgv - video/jpeg - - - jpm - video/jpm - - - js - application/javascript - - - jsf - text/plain - - - json - application/json - - - jspf - text/plain - - - kar - audio/midi - - - karbon - application/vnd.kde.karbon - - - kfo - application/vnd.kde.kformula - - - kia - application/vnd.kidspiration - - - kml - application/vnd.google-earth.kml+xml - - - kmz - application/vnd.google-earth.kmz - - - kne - application/vnd.kinar - - - knp - application/vnd.kinar - - - kon - application/vnd.kde.kontour - - - kpr - application/vnd.kde.kpresenter - - - kpt - application/vnd.kde.kpresenter - - - ksp - application/vnd.kde.kspread - - - ktr - application/vnd.kahootz - - - ktx - image/ktx - - - ktz - application/vnd.kahootz - - - kwd - application/vnd.kde.kword - - - kwt - application/vnd.kde.kword - - - lasxml - application/vnd.las.las+xml - - - latex - application/x-latex - - - lbd - application/vnd.llamagraphics.life-balance.desktop - - - lbe - application/vnd.llamagraphics.life-balance.exchange+xml - - - les - application/vnd.hhe.lesson-player - - - lha - application/octet-stream - - - link66 - application/vnd.route66.link66+xml - - - list - text/plain - - - list3820 - application/vnd.ibm.modcap - - - listafp - application/vnd.ibm.modcap - - - log - text/plain - - - lostxml - application/lost+xml - - - lrf - application/octet-stream - - - lrm - application/vnd.ms-lrm - - - ltf - application/vnd.frogans.ltf - - - lvp - audio/vnd.lucent.voice - - - lwp - application/vnd.lotus-wordpro - - - lzh - application/octet-stream - - - m13 - application/x-msmediaview - - - m14 - application/x-msmediaview - - - m1v - video/mpeg - - - m21 - application/mp21 - - - m2a - audio/mpeg - - - m2v - video/mpeg - - - m3a - audio/mpeg - - - m3u - audio/x-mpegurl - - - m3u8 - application/vnd.apple.mpegurl - - - m4a - audio/mp4 - - - m4b - audio/mp4 - - - m4r - audio/mp4 - - - m4u - video/vnd.mpegurl - - - m4v - video/mp4 - - - ma - application/mathematica - - - mac - image/x-macpaint - - - mads - application/mads+xml - - - mag - application/vnd.ecowin.chart - - - maker - application/vnd.framemaker - - - man - text/troff - - - mathml - application/mathml+xml - - - mb - application/mathematica - - - mbk - application/vnd.mobius.mbk - - - mbox - application/mbox - - - mc1 - application/vnd.medcalcdata - - - mcd - application/vnd.mcd - - - mcurl - text/vnd.curl.mcurl - - - mdb - application/x-msaccess - - - mdi - image/vnd.ms-modi - - - me - text/troff - - - mesh - model/mesh - - - meta4 - application/metalink4+xml - - - mets - application/mets+xml - - - mfm - application/vnd.mfmp - - - mft - application/rpki-manifest - - - mgp - application/vnd.osgeo.mapguide.package - - - mgz - application/vnd.proteus.magazine - - - mid - audio/midi - - - midi - audio/midi - - - mif - application/x-mif - - - mime - message/rfc822 - - - mj2 - video/mj2 - - - mjp2 - video/mj2 - - - mlp - application/vnd.dolby.mlp - - - mmd - application/vnd.chipnuts.karaoke-mmd - - - mmf - application/vnd.smaf - - - mmr - image/vnd.fujixerox.edmics-mmr - - - mny - application/x-msmoney - - - mobi - application/x-mobipocket-ebook - - - mods - application/mods+xml - - - mov - video/quicktime - - - movie - video/x-sgi-movie - - - mp1 - audio/mpeg - - - mp2 - audio/mpeg - - - mp21 - application/mp21 - - - mp2a - audio/mpeg - - - mp3 - audio/mpeg - - - mp4 - video/mp4 - - - mp4a - audio/mp4 - - - mp4s - application/mp4 - - - mp4v - video/mp4 - - - mpa - audio/mpeg - - - mpc - application/vnd.mophun.certificate - - - mpe - video/mpeg - - - mpeg - video/mpeg - - - mpega - audio/x-mpeg - - - mpg - video/mpeg - - - mpg4 - video/mp4 - - - mpga - audio/mpeg - - - mpkg - application/vnd.apple.installer+xml - - - mpm - application/vnd.blueice.multipass - - - mpn - application/vnd.mophun.application - - - mpp - application/vnd.ms-project - - - mpt - application/vnd.ms-project - - - mpv2 - video/mpeg2 - - - mpy - application/vnd.ibm.minipay - - - mqy - application/vnd.mobius.mqy - - - mrc - application/marc - - - mrcx - application/marcxml+xml - - - ms - text/troff - - - mscml - application/mediaservercontrol+xml - - - mseed - application/vnd.fdsn.mseed - - - mseq - application/vnd.mseq - - - msf - application/vnd.epson.msf - - - msh - model/mesh - - - msi - application/x-msdownload - - - msl - application/vnd.mobius.msl - - - msty - application/vnd.muvee.style - - - mts - model/vnd.mts - - - mus - application/vnd.musician - - - musicxml - application/vnd.recordare.musicxml+xml - - - mvb - application/x-msmediaview - - - mwf - application/vnd.mfer - - - mxf - application/mxf - - - mxl - application/vnd.recordare.musicxml - - - mxml - application/xv+xml - - - mxs - application/vnd.triscape.mxs - - - mxu - video/vnd.mpegurl - - - n-gage - application/vnd.nokia.n-gage.symbian.install - - - n3 - text/n3 - - - nb - application/mathematica - - - nbp - application/vnd.wolfram.player - - - nc - application/x-netcdf - - - ncx - application/x-dtbncx+xml - - - ngdat - application/vnd.nokia.n-gage.data - - - nlu - application/vnd.neurolanguage.nlu - - - nml - application/vnd.enliven - - - nnd - application/vnd.noblenet-directory - - - nns - application/vnd.noblenet-sealer - - - nnw - application/vnd.noblenet-web - - - npx - image/vnd.net-fpx - - - nsf - application/vnd.lotus-notes - - - oa2 - application/vnd.fujitsu.oasys2 - - - oa3 - application/vnd.fujitsu.oasys3 - - - oas - application/vnd.fujitsu.oasys - - - obd - application/x-msbinder - - - oda - application/oda - - - - odb - application/vnd.oasis.opendocument.database - - - - odc - application/vnd.oasis.opendocument.chart - - - - odf - application/vnd.oasis.opendocument.formula - - - odft - application/vnd.oasis.opendocument.formula-template - - - - odg - application/vnd.oasis.opendocument.graphics - - - - odi - application/vnd.oasis.opendocument.image - - - - odm - application/vnd.oasis.opendocument.text-master - - - - odp - application/vnd.oasis.opendocument.presentation - - - - ods - application/vnd.oasis.opendocument.spreadsheet - - - - odt - application/vnd.oasis.opendocument.text - - - oga - audio/ogg - - - ogg - audio/ogg - - - ogv - video/ogg - - - - ogx - application/ogg - - - onepkg - application/onenote - - - onetmp - application/onenote - - - onetoc - application/onenote - - - onetoc2 - application/onenote - - - opf - application/oebps-package+xml - - - oprc - application/vnd.palm - - - org - application/vnd.lotus-organizer - - - osf - application/vnd.yamaha.openscoreformat - - - osfpvg - application/vnd.yamaha.openscoreformat.osfpvg+xml - - - otc - application/vnd.oasis.opendocument.chart-template - - - otf - application/x-font-otf - - - - otg - application/vnd.oasis.opendocument.graphics-template - - - - oth - application/vnd.oasis.opendocument.text-web - - - oti - application/vnd.oasis.opendocument.image-template - - - - otp - application/vnd.oasis.opendocument.presentation-template - - - - ots - application/vnd.oasis.opendocument.spreadsheet-template - - - - ott - application/vnd.oasis.opendocument.text-template - - - oxps - application/oxps - - - oxt - application/vnd.openofficeorg.extension - - - p - text/x-pascal - - - p10 - application/pkcs10 - - - p12 - application/x-pkcs12 - - - p7b - application/x-pkcs7-certificates - - - p7c - application/pkcs7-mime - - - p7m - application/pkcs7-mime - - - p7r - application/x-pkcs7-certreqresp - - - p7s - application/pkcs7-signature - - - p8 - application/pkcs8 - - - pas - text/x-pascal - - - paw - application/vnd.pawaafile - - - pbd - application/vnd.powerbuilder6 - - - pbm - image/x-portable-bitmap - - - pcap - application/vnd.tcpdump.pcap - - - pcf - application/x-font-pcf - - - pcl - application/vnd.hp-pcl - - - pclxl - application/vnd.hp-pclxl - - - pct - image/pict - - - pcurl - application/vnd.curl.pcurl - - - pcx - image/x-pcx - - - pdb - application/vnd.palm - - - pdf - application/pdf - - - pfa - application/x-font-type1 - - - pfb - application/x-font-type1 - - - pfm - application/x-font-type1 - - - pfr - application/font-tdpfr - - - pfx - application/x-pkcs12 - - - pgm - image/x-portable-graymap - - - pgn - application/x-chess-pgn - - - pgp - application/pgp-encrypted - - - pic - image/pict - - - pict - image/pict - - - pkg - application/octet-stream - - - pki - application/pkixcmp - - - pkipath - application/pkix-pkipath - - - plb - application/vnd.3gpp.pic-bw-large - - - plc - application/vnd.mobius.plc - - - plf - application/vnd.pocketlearn - - - pls - audio/x-scpls - - - pml - application/vnd.ctc-posml - - - png - image/png - - - pnm - image/x-portable-anymap - - - pnt - image/x-macpaint - - - portpkg - application/vnd.macports.portpkg - - - pot - application/vnd.ms-powerpoint - - - potm - application/vnd.ms-powerpoint.template.macroenabled.12 - - - potx - application/vnd.openxmlformats-officedocument.presentationml.template - - - ppam - application/vnd.ms-powerpoint.addin.macroenabled.12 - - - ppd - application/vnd.cups-ppd - - - ppm - image/x-portable-pixmap - - - pps - application/vnd.ms-powerpoint - - - ppsm - application/vnd.ms-powerpoint.slideshow.macroenabled.12 - - - ppsx - application/vnd.openxmlformats-officedocument.presentationml.slideshow - - - ppt - application/vnd.ms-powerpoint - - - pptm - application/vnd.ms-powerpoint.presentation.macroenabled.12 - - - pptx - application/vnd.openxmlformats-officedocument.presentationml.presentation - - - pqa - application/vnd.palm - - - prc - application/x-mobipocket-ebook - - - pre - application/vnd.lotus-freelance - - - prf - application/pics-rules - - - ps - application/postscript - - - psb - application/vnd.3gpp.pic-bw-small - - - psd - image/vnd.adobe.photoshop - - - psf - application/x-font-linux-psf - - - pskcxml - application/pskc+xml - - - ptid - application/vnd.pvi.ptid1 - - - pub - application/x-mspublisher - - - pvb - application/vnd.3gpp.pic-bw-var - - - pwn - application/vnd.3m.post-it-notes - - - pya - audio/vnd.ms-playready.media.pya - - - pyv - video/vnd.ms-playready.media.pyv - - - qam - application/vnd.epson.quickanime - - - qbo - application/vnd.intu.qbo - - - qfx - application/vnd.intu.qfx - - - qps - application/vnd.publishare-delta-tree - - - qt - video/quicktime - - - qti - image/x-quicktime - - - qtif - image/x-quicktime - - - qwd - application/vnd.quark.quarkxpress - - - qwt - application/vnd.quark.quarkxpress - - - qxb - application/vnd.quark.quarkxpress - - - qxd - application/vnd.quark.quarkxpress - - - qxl - application/vnd.quark.quarkxpress - - - qxt - application/vnd.quark.quarkxpress - - - ra - audio/x-pn-realaudio - - - ram - audio/x-pn-realaudio - - - rar - application/x-rar-compressed - - - ras - image/x-cmu-raster - - - rcprofile - application/vnd.ipunplugged.rcprofile - - - rdf - application/rdf+xml - - - rdz - application/vnd.data-vision.rdz - - - rep - application/vnd.businessobjects - - - res - application/x-dtbresource+xml - - - rgb - image/x-rgb - - - rif - application/reginfo+xml - - - rip - audio/vnd.rip - - - rl - application/resource-lists+xml - - - rlc - image/vnd.fujixerox.edmics-rlc - - - rld - application/resource-lists-diff+xml - - - rm - application/vnd.rn-realmedia - - - rmi - audio/midi - - - rmp - audio/x-pn-realaudio-plugin - - - rms - application/vnd.jcp.javame.midlet-rms - - - rnc - application/relax-ng-compact-syntax - - - roa - application/rpki-roa - - - roff - text/troff - - - rp9 - application/vnd.cloanto.rp9 - - - rpss - application/vnd.nokia.radio-presets - - - rpst - application/vnd.nokia.radio-preset - - - rq - application/sparql-query - - - rs - application/rls-services+xml - - - rsd - application/rsd+xml - - - rss - application/rss+xml - - - rtf - application/rtf - - - rtx - text/richtext - - - s - text/x-asm - - - saf - application/vnd.yamaha.smaf-audio - - - sbml - application/sbml+xml - - - sc - application/vnd.ibm.secure-container - - - scd - application/x-msschedule - - - scm - application/vnd.lotus-screencam - - - scq - application/scvp-cv-request - - - scs - application/scvp-cv-response - - - scurl - text/vnd.curl.scurl - - - sda - application/vnd.stardivision.draw - - - sdc - application/vnd.stardivision.calc - - - sdd - application/vnd.stardivision.impress - - - sdkd - application/vnd.solent.sdkm+xml - - - sdkm - application/vnd.solent.sdkm+xml - - - sdp - application/sdp - - - sdw - application/vnd.stardivision.writer - - - see - application/vnd.seemail - - - seed - application/vnd.fdsn.seed - - - sema - application/vnd.sema - - - semd - application/vnd.semd - - - semf - application/vnd.semf - - - ser - application/java-serialized-object - - - setpay - application/set-payment-initiation - - - setreg - application/set-registration-initiation - - - sfd-hdstx - application/vnd.hydrostatix.sof-data - - - sfs - application/vnd.spotfire.sfs - - - sgl - application/vnd.stardivision.writer-global - - - sgm - text/sgml - - - sgml - text/sgml - - - sh - application/x-sh - - - shar - application/x-shar - - - shf - application/shf+xml - - - - sig - application/pgp-signature - - - silo - model/mesh - - - sis - application/vnd.symbian.install - - - sisx - application/vnd.symbian.install - - - sit - application/x-stuffit - - - sitx - application/x-stuffitx - - - skd - application/vnd.koan - - - skm - application/vnd.koan - - - skp - application/vnd.koan - - - skt - application/vnd.koan - - - sldm - application/vnd.ms-powerpoint.slide.macroenabled.12 - - - sldx - application/vnd.openxmlformats-officedocument.presentationml.slide - - - slt - application/vnd.epson.salt - - - sm - application/vnd.stepmania.stepchart - - - smf - application/vnd.stardivision.math - - - smi - application/smil+xml - - - smil - application/smil+xml - - - smzip - application/vnd.stepmania.package - - - snd - audio/basic - - - snf - application/x-font-snf - - - so - application/octet-stream - - - spc - application/x-pkcs7-certificates - - - spf - application/vnd.yamaha.smaf-phrase - - - spl - application/x-futuresplash - - - spot - text/vnd.in3d.spot - - - spp - application/scvp-vp-response - - - spq - application/scvp-vp-request - - - spx - audio/ogg - - - src - application/x-wais-source - - - sru - application/sru+xml - - - srx - application/sparql-results+xml - - - sse - application/vnd.kodak-descriptor - - - ssf - application/vnd.epson.ssf - - - ssml - application/ssml+xml - - - st - application/vnd.sailingtracker.track - - - stc - application/vnd.sun.xml.calc.template - - - std - application/vnd.sun.xml.draw.template - - - stf - application/vnd.wt.stf - - - sti - application/vnd.sun.xml.impress.template - - - stk - application/hyperstudio - - - stl - application/vnd.ms-pki.stl - - - str - application/vnd.pg.format - - - stw - application/vnd.sun.xml.writer.template - - - sub - text/vnd.dvb.subtitle - - - sus - application/vnd.sus-calendar - - - susp - application/vnd.sus-calendar - - - sv4cpio - application/x-sv4cpio - - - sv4crc - application/x-sv4crc - - - svc - application/vnd.dvb.service - - - svd - application/vnd.svd - - - svg - image/svg+xml - - - svgz - image/svg+xml - - - swa - application/x-director - - - swf - application/x-shockwave-flash - - - swi - application/vnd.aristanetworks.swi - - - sxc - application/vnd.sun.xml.calc - - - sxd - application/vnd.sun.xml.draw - - - sxg - application/vnd.sun.xml.writer.global - - - sxi - application/vnd.sun.xml.impress - - - sxm - application/vnd.sun.xml.math - - - sxw - application/vnd.sun.xml.writer - - - t - text/troff - - - taglet - application/vnd.mynfc - - - tao - application/vnd.tao.intent-module-archive - - - tar - application/x-tar - - - tcap - application/vnd.3gpp2.tcap - - - tcl - application/x-tcl - - - teacher - application/vnd.smart.teacher - - - tei - application/tei+xml - - - teicorpus - application/tei+xml - - - tex - application/x-tex - - - texi - application/x-texinfo - - - texinfo - application/x-texinfo - - - text - text/plain - - - tfi - application/thraud+xml - - - tfm - application/x-tex-tfm - - - thmx - application/vnd.ms-officetheme - - - tif - image/tiff - - - tiff - image/tiff - - - tmo - application/vnd.tmobile-livetv - - - torrent - application/x-bittorrent - - - tpl - application/vnd.groove-tool-template - - - tpt - application/vnd.trid.tpt - - - tr - text/troff - - - tra - application/vnd.trueapp - - - trm - application/x-msterminal - - - tsd - application/timestamped-data - - - tsv - text/tab-separated-values - - - ttc - application/x-font-ttf - - - ttf - application/x-font-ttf - - - ttl - text/turtle - - - twd - application/vnd.simtech-mindmapper - - - twds - application/vnd.simtech-mindmapper - - - txd - application/vnd.genomatix.tuxedo - - - txf - application/vnd.mobius.txf - - - txt - text/plain - - - u32 - application/x-authorware-bin - - - udeb - application/x-debian-package - - - ufd - application/vnd.ufdl - - - ufdl - application/vnd.ufdl - - - ulw - audio/basic - - - umj - application/vnd.umajin - - - unityweb - application/vnd.unity - - - uoml - application/vnd.uoml+xml - - - uri - text/uri-list - - - uris - text/uri-list - - - urls - text/uri-list - - - ustar - application/x-ustar - - - utz - application/vnd.uiq.theme - - - uu - text/x-uuencode - - - uva - audio/vnd.dece.audio - - - uvd - application/vnd.dece.data - - - uvf - application/vnd.dece.data - - - uvg - image/vnd.dece.graphic - - - uvh - video/vnd.dece.hd - - - uvi - image/vnd.dece.graphic - - - uvm - video/vnd.dece.mobile - - - uvp - video/vnd.dece.pd - - - uvs - video/vnd.dece.sd - - - uvt - application/vnd.dece.ttml+xml - - - uvu - video/vnd.uvvu.mp4 - - - uvv - video/vnd.dece.video - - - uvva - audio/vnd.dece.audio - - - uvvd - application/vnd.dece.data - - - uvvf - application/vnd.dece.data - - - uvvg - image/vnd.dece.graphic - - - uvvh - video/vnd.dece.hd - - - uvvi - image/vnd.dece.graphic - - - uvvm - video/vnd.dece.mobile - - - uvvp - video/vnd.dece.pd - - - uvvs - video/vnd.dece.sd - - - uvvt - application/vnd.dece.ttml+xml - - - uvvu - video/vnd.uvvu.mp4 - - - uvvv - video/vnd.dece.video - - - uvvx - application/vnd.dece.unspecified - - - uvvz - application/vnd.dece.zip - - - uvx - application/vnd.dece.unspecified - - - uvz - application/vnd.dece.zip - - - vcard - text/vcard - - - vcd - application/x-cdlink - - - vcf - text/x-vcard - - - vcg - application/vnd.groove-vcard - - - vcs - text/x-vcalendar - - - vcx - application/vnd.vcx - - - vis - application/vnd.visionary - - - viv - video/vnd.vivo - - - vor - application/vnd.stardivision.writer - - - vox - application/x-authorware-bin - - - vrml - model/vrml - - - vsd - application/vnd.visio - - - vsf - application/vnd.vsf - - - vss - application/vnd.visio - - - vst - application/vnd.visio - - - vsw - application/vnd.visio - - - vtu - model/vnd.vtu - - - vxml - application/voicexml+xml - - - w3d - application/x-director - - - wad - application/x-doom - - - wav - audio/x-wav - - - wax - audio/x-ms-wax - - - - wbmp - image/vnd.wap.wbmp - - - wbs - application/vnd.criticaltools.wbs+xml - - - wbxml - application/vnd.wap.wbxml - - - wcm - application/vnd.ms-works - - - wdb - application/vnd.ms-works - - - weba - audio/webm - - - webm - video/webm - - - webp - image/webp - - - wg - application/vnd.pmi.widget - - - wgt - application/widget - - - wks - application/vnd.ms-works - - - wm - video/x-ms-wm - - - wma - audio/x-ms-wma - - - wmd - application/x-ms-wmd - - - wmf - application/x-msmetafile - - - - wml - text/vnd.wap.wml - - - - wmlc - application/vnd.wap.wmlc - - - - wmls - text/vnd.wap.wmlscript - - - - wmlsc - application/vnd.wap.wmlscriptc - - - wmv - video/x-ms-wmv - - - wmx - video/x-ms-wmx - - - wmz - application/x-ms-wmz - - - woff - application/x-font-woff - - - wpd - application/vnd.wordperfect - - - wpl - application/vnd.ms-wpl - - - wps - application/vnd.ms-works - - - wqd - application/vnd.wqd - - - wri - application/x-mswrite - - - wrl - model/vrml - - - wsdl - application/wsdl+xml - - - wspolicy - application/wspolicy+xml - - - wtb - application/vnd.webturbo - - - wvx - video/x-ms-wvx - - - x32 - application/x-authorware-bin - - - x3d - application/vnd.hzn-3d-crossword - - - xap - application/x-silverlight-app - - - xar - application/vnd.xara - - - xbap - application/x-ms-xbap - - - xbd - application/vnd.fujixerox.docuworks.binder - - - xbm - image/x-xbitmap - - - xdf - application/xcap-diff+xml - - - xdm - application/vnd.syncml.dm+xml - - - xdp - application/vnd.adobe.xdp+xml - - - xdssc - application/dssc+xml - - - xdw - application/vnd.fujixerox.docuworks - - - xenc - application/xenc+xml - - - xer - application/patch-ops-error+xml - - - xfdf - application/vnd.adobe.xfdf - - - xfdl - application/vnd.xfdl - - - xht - application/xhtml+xml - - - xhtml - application/xhtml+xml - - - xhvml - application/xv+xml - - - xif - image/vnd.xiff - - - xla - application/vnd.ms-excel - - - xlam - application/vnd.ms-excel.addin.macroenabled.12 - - - xlc - application/vnd.ms-excel - - - xlm - application/vnd.ms-excel - - - xls - application/vnd.ms-excel - - - xlsb - application/vnd.ms-excel.sheet.binary.macroenabled.12 - - - xlsm - application/vnd.ms-excel.sheet.macroenabled.12 - - - xlsx - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - - - xlt - application/vnd.ms-excel - - - xltm - application/vnd.ms-excel.template.macroenabled.12 - - - xltx - application/vnd.openxmlformats-officedocument.spreadsheetml.template - - - xlw - application/vnd.ms-excel - - - xml - application/xml - - - xo - application/vnd.olpc-sugar - - - xop - application/xop+xml - - - xpi - application/x-xpinstall - - - xpm - image/x-xpixmap - - - xpr - application/vnd.is-xpr - - - xps - application/vnd.ms-xpsdocument - - - xpw - application/vnd.intercon.formnet - - - xpx - application/vnd.intercon.formnet - - - xsl - application/xml - - - xslt - application/xslt+xml - - - xsm - application/vnd.syncml+xml - - - xspf - application/xspf+xml - - - xul - application/vnd.mozilla.xul+xml - - - xvm - application/xv+xml - - - xvml - application/xv+xml - - - xwd - image/x-xwindowdump - - - xyz - chemical/x-xyz - - - yang - application/yang - - - yin - application/yin+xml - - - z - application/x-compress - - - Z - application/x-compress - - - zaz - application/vnd.zzazz.deck+xml - - - zip - application/zip - - - zir - application/vnd.zul - - - zirz - application/vnd.zul - - - zmm - application/vnd.handheld-entertainment+xml - - - - - - - - - - - - - - - - - - index.html - index.htm - index.jsp - - - diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat.logrotate.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat.logrotate.j2 deleted file mode 100644 index 64877dea..00000000 --- a/library/roles/tomcat-multiple-instances/templates/tomcat.logrotate.j2 +++ /dev/null @@ -1,17 +0,0 @@ -{{ tomcat_m_instances_logdir_base }}/{{ item.http_port }}/catalina.out { - copytruncate - {{ item.log_rotation_freq }} - rotate {{ item.log_retain }} - compress - missingok - create 640 {{ item.user }} adm -} - -{{ tomcat_m_instances_logdir_base }}/{{ item.http_port }}/localhost_access.log { - copytruncate - {{ item.log_rotation_freq }} - rotate {{ item.log_retain }} - compress - missingok - create 640 {{ item.user }} adm -} diff --git a/library/roles/tomcat/defaults/main.yml b/library/roles/tomcat/defaults/main.yml deleted file mode 100644 index 39ffa85e..00000000 --- a/library/roles/tomcat/defaults/main.yml +++ /dev/null @@ -1,135 +0,0 @@ ---- -# The tomcat version is set at runtime. It changes from one distribution to the other. -#tomcat_version: 7 -# To force a tomcat version set the following variable: -# tomcat_fixed_version: 9 -tomcat_pkg_state: present -tomcat_service_enabled: True -tomcat_pkgs: - - 'tomcat{{ tomcat_version }}' - - 'libtomcat{{ tomcat_version }}-java' - - 'tomcat{{ tomcat_version }}-common' - - libapr1 - -tomcat8_additional_pkgs: - - jsvc - - libcommons-daemon-java - -tomcat_user: 'tomcat{{ tomcat_version }}' -tomcat_max_threads: 200 - -tomcat_min_heap_size: 2048m -tomcat_permgen_defined: True -tomcat_heap_size: '{{ tomcat_min_heap_size }}' -tomcat_permgen_size: 512m -tomcat_file_encoding: 'UTF-8' -tomcat_java_opts: "-Xms{{ tomcat_min_heap_size }} -Xmx{{ tomcat_heap_size }}" -tomcat_additional_java_8_opts: "-XX:+CrashOnOutOfMemoryError" -tomcat_java_gc_opts: "-XX:+UseConcMarkSweepGC" -#tomcat_other_java_opts: "-Djsse.enableSNIExtension=false" -tomcat_proxy_enabled: False -tomcat_proxy_http_host: 'localhost' -tomcat_proxy_http_port: '3128' -tomcat_proxy_https_host: '{{ tomcat_proxy_http_host }}' -tomcat_proxy_https_port: '{{ tomcat_proxy_http_port }}' -tomcat_proxy_opts: "-DproxySet=true -Dhttp.proxyHost={{ tomcat_proxy_http_host }} -Dhttp.proxyPort={{ tomcat_proxy_http_port }} -Dhttps.proxyHost={{ tomcat_proxy_https_host }} -Dhttps.proxyPort={{ tomcat_proxy_https_port }}" -tomcat_other_java_opts: "" -tomcat_install_server_xml: True -tomcat_install_default_conf: True -tomcat_load_additional_default_conf: True -tomcat_http_enabled: True -tomcat_http_port: 8080 -tomcat_http_address: 0.0.0.0 -tomcat_webapps_autodeploy: False -tomcat_webapps_unpack: False -tomcat_ajp_enabled: False -tomcat_ajp_port: 8009 -tomcat_ajp_address: 127.0.0.1 -tomcat_direct_access: False -tomcat_reverse_proxy_name_enabled: False -tomcat_reverse_proxy_name: '{{ ansible_fqdn }}' -tomcat_reverse_proxy_port: '{{ http_port | default(80) }}' -# There is a bug that kills tomcat after 50 days if the shutdown port is enabled -# Disable the shutdown port by default -#tomcat_shutdown_port: 8005 -tomcat_shutdown_port: -1 -tomcat_shutdown_pwd: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits') }}" -tomcat_restart_timeout: 300 -tomcat_max_post_size: 1000000 -tomcat_catalina_home_dir: '/usr/share/tomcat{{ tomcat_version }}' -tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}' -tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}' -tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps' -tomcat_common_dir: '{{ tomcat_catalina_base_dir }}/common/' -tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes' -tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat' - -# JMX and debugging -tomcat_enable_remote_debugging: False -tomcat_remote_debugging_host: '0.0.0.0' -tomcat_remote_debugging_port: ':8100' -tomcat_remote_debugging_uri: '{{ tomcat_remote_debugging_host }}:{{ tomcat_remote_debugging_port }}' -# -tomcat_jmx_enabled: False -tomcat_jmx_auth_enabled: False -tomcat_jmx_port: 8082 -tomcat_jmx_auth_dir: '{{ tomcat_conf_dir }}' -tomcat_jmx_use_ssl: False -# The following work with jdk >= 7.0.25 only -tomcat_jmx_disable_additional_ports: True -tomcat_jmx_localhost_only: False -# tomcat_jmx_monitorpass: define_in_a_vault_file -# tomcat_jmx_controlpass: define_in_a_vault_file - -# Metrics monitoring via javamelody -tomcat_javamelody: True -#tomcat_javamelody_version: latest -tomcat_javamelody_version: 1.79.0 - -# tomcat logging -tomcat_logdir: '/var/log/tomcat{{ tomcat_version }}' -tomcat_use_log4j: True -tomcat_install_the_log4j_properties: True -tomcat_retain_old_logs: 30 -tomcat_log_rotation_threshold: "ALL" -tomcat_log_max_file_size: "100MB" -tomcat_log_level: INFO -tomcat_log_logger: CATALINA -tomcat_access_log_enabled: True -tomcat_access_log_rotation_freq: "daily" -# -# Define them if you want to send all the logs to an ELK installation -tomcat_send_to_logstash: False -tomcat_logstash_collector_host: logstash -tomcat_logstash_collector_socketappender_port: 4560 -tomcat_logstash_collector_socketappender_reconndelay: 10000 -# Set to LOGSTASH only if you do not want local logs -tomcat_logstash_logger: CATALINA, LOGSTASH - - -#tomcat_access_log_file_name: localhost_access.log -# -# Administrative interface -tomcat_install_admin: False -tomcat_manager_gui_user_enabled: True -tomcat_manager_gui_user: guiadmin -tomcat_manager_gui_r: "manager-gui" -#tomcat_manager_gui_pwd: *See the vault file* -tomcat_manager_script_user_enabled: False -tomcat_manager_script_user: scriptadmin -tomcat_manager_script_r: "manager-script" -#tomcat_manager_script_pwd: *See the vault file* -tomcat_manager_jmx_user_enabled: False -tomcat_manager_jmx_user: jmxadmin -tomcat_manager_jmx_r: "manager-jmx" -#tomcat_manager_jmx_pwd: *See the vault file* -tomcat_manager_status_user_enabled: False -tomcat_manager_status_user: statusadmin -tomcat_manager_status_r: "manager-status" -#tomcat_manager_status_pwd: *See the vault file* -# -tomcat_install_jdbc: False -tomcat_install_pg_jdbc: '{{ tomcat_install_jdbc }}' -# Not used yet -tomcat_install_mysql_jdbc: False - diff --git a/library/roles/tomcat/files/catalina.properties b/library/roles/tomcat/files/catalina.properties deleted file mode 100644 index c57b4e84..00000000 --- a/library/roles/tomcat/files/catalina.properties +++ /dev/null @@ -1,131 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper. - -# -# -# List of comma-separated paths defining the contents of the "common" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank,the JVM system loader will be used as Catalina's "common" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/common/classes,${catalina.home}/common/*.jar,${catalina.base}/common/classes,${catalina.base}/common/*.jar - -# -# List of comma-separated paths defining the contents of the "server" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank, the "common" loader will be used as Catalina's "server" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,${catalina.base}/server/classes,${catalina.base}/server/*.jar - -# -# List of comma-separated paths defining the contents of the "shared" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_BASE path or absolute. If left as blank, -# the "common" loader will be used as Catalina's "shared" loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -# Please note that for single jars, e.g. bar.jar, you need the URL form -# starting with file:. -shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,${catalina.base}/shared/classes,${catalina.base}/shared/*.jar - -# List of JAR files that should not be scanned using the JarScanner -# functionality. This is typically used to scan JARs for configuration -# information. JARs that do not contain such information may be excluded from -# the scan to speed up the scanning process. This is the default list. JARs on -# this list are excluded from all scans. Scan specific lists (to exclude JARs -# from individual scans) follow this. The list must be a comma separated list of -# JAR file names. -# The JARs listed below include: -# - Tomcat Bootstrap JARs -# - Tomcat API JARs -# - Catalina JARs -# - Jasper JARs -# - Tomcat JARs -# - Common non-Tomcat JARs -# - Test JARs (JUnit, Cobertura and dependencies) -tomcat.util.scan.DefaultJarScanner.jarsToSkip=\ -bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\ -annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\ -catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\ -jasper.jar,jasper-el.jar,ecj-*.jar,\ -tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\ -tomcat-jni.jar,tomcat-spdy.jar,\ -tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\ -tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\ -tomcat-jdbc.jar,\ -tools.jar,\ -commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\ -commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\ -commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\ -commons-math*.jar,commons-pool*.jar,\ -jstl.jar,\ -geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\ -ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\ -jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\ -xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\ -junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\ -cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\ -jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\ -xom-*.jar - -# Additional JARs (over and above the default JARs listed above) to skip when -# scanning for Servlet 3.0 pluggability features. These features include web -# fragments, annotations, SCIs and classes that match @HandlesTypes. The list -# must be a comma separated list of JAR file names. -org.apache.catalina.startup.ContextConfig.jarsToSkip= - -# Additional JARs (over and above the default JARs listed above) to skip when -# scanning for TLDs. The list must be a comma separated list of JAR file names. -org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar - -# -# String cache configuration. -tomcat.util.buf.StringCache.byte.enabled=true -#tomcat.util.buf.StringCache.char.enabled=true -#tomcat.util.buf.StringCache.trainThreshold=500000 -#tomcat.util.buf.StringCache.cacheSize=5000 diff --git a/library/roles/tomcat/files/jmxremote.access b/library/roles/tomcat/files/jmxremote.access deleted file mode 100644 index c5aab07e..00000000 --- a/library/roles/tomcat/files/jmxremote.access +++ /dev/null @@ -1,2 +0,0 @@ -monitorRole readonly -controlRole readwrite diff --git a/library/roles/tomcat/files/logging.properties b/library/roles/tomcat/files/logging.properties deleted file mode 100644 index 6eeb1814..00000000 --- a/library/roles/tomcat/files/logging.properties +++ /dev/null @@ -1,49 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler - -.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler - -############################################################ -# Handler specific properties. -# Describes specific configuration info for Handlers. -############################################################ - -1catalina.org.apache.juli.FileHandler.level = FINE -1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs -1catalina.org.apache.juli.FileHandler.prefix = catalina. - -2localhost.org.apache.juli.FileHandler.level = FINE -2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs -2localhost.org.apache.juli.FileHandler.prefix = localhost. - -java.util.logging.ConsoleHandler.level = FINE -java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter - -############################################################ -# Facility specific properties. -# Provides extra control for each logger. -############################################################ - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler - -# For example, set the com.xyz.foo logger to only log SEVERE -# messages: -#org.apache.catalina.startup.ContextConfig.level = FINE -#org.apache.catalina.startup.HostConfig.level = FINE -#org.apache.catalina.session.ManagerBase.level = FINE -#org.apache.catalina.core.AprLifecycleListener.level=FINE diff --git a/library/roles/tomcat/files/tomcat6-juli-adapters.jar b/library/roles/tomcat/files/tomcat6-juli-adapters.jar deleted file mode 100644 index 8b75f237db6d0f9c914ca97e9d83ccf4e58095d9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23018 zcmbTe1C%V$(k|HDr)}G|ZQHi(?$h>Z+qP}nHcs2N?dkV^ynFA=y!&Qqt*TnPD)!2q z8IciRM0~mBrG5cJ0sw#m0Ejnn2?PAY3jzQbKt@DafJQ=AlKvqIjL`j)eMl>jv3#y+UIp~@HOGp$4@eIlN{*Qc-QbenS zv>nSVF^NRnm#0<;V)%(i_rNPH+pZ?+4tJNI^ZW@+S}k}%6>PlC&=8V%Mw9)}5&9*K zJsig-i;iz!{<@Ro^;~4+yk>$hq?PtQH@TQ0%?f%!BM<=;MXMc|1*td0r@g6i1{_zH z&ngbHF(+Fyp191e-Ubjyy5?~Xq-b5aqQaAB(E|nmfbQQ- z6>u@IwzHM~S%Zlqt&z3C@83mgGRjyg$X~iZ!2LIN0s)PAlze&cD7BEtny+(~km~T( zO=raJ5}+Z_W{h#|k0+Wf+3ibFP&SL101eLTO04* z&z{%a?jd^LUthTW=pm>g&=E9lz*5%9MCum9PzuaDL#o=tQVNjWlXhj~)%r=>ODmNP z?m<&3tXS5ptDWPf5mT%g%PZPOzq6*!t+zsVM1k!@Z<6`7RFD4F+ZIK7>81l2Q4CCy zE%LA^#Y#NtsIY~PWtLrydk=V#m91-xN#0fRCtM}6Oj(FbrK6>ya{%_9B=ZmC$0Y&b zP*jntO>|gT*p^#l5pGft6`X06m(^VZV^#XA-Z`}?EwNy!QynF&U1eu?8ZWf#WMfKP z%9Bax6a~Ue6m~*7$E_I>Zr1?OxSv*!y^NlOsTMU5R}~dZtfeNMI_lypY>sPsh?!Qd zmXDhDF+XXPZR#1TB}-avE#xba;8Vw|Hmne>mg$d*TBL(MCn(XVl#tAZa|q??P|-L9 zOo&v^Kn9A5)~xTEOuG&stM3Z3%@!xoA_+S87nhkDJNGwRqU!X_?d62I<>UiR{l?f# z!_F@REx;08og77pa_y+_AR<$b^=E1=-C+hr<_-t^v+!(Eo$TzrIUAnLoMLBskX?i^ zSi1x5)>$ug>#rHECCW{+U&NC(=a@b@+@zg(OqtCPPBKAlMm-RjphY`&fzJdha?=ci zVgXVhPVNSJOf*V9DoDv5f}KGCGPBp|FX2MAI@O@1-_m;p-LY^X+rTw)#ocj_j)-36 znQPJAsYNx5r!31N)`!R4)fmA15&UHt85f4> z4UC(WJs`lt*gcntHGuD}Zj_rO1g?-x0&sn=Ki3emX9iEkCBB7e5_qy2*9sK}zm1=W zPIQkFB*-q+oYB41OSsC>s1I?eK5T@1T9vr#zzw)!2Tf;vLjbmstL4`ataGyt{_Wq4 zH)~(jaZ8)-BPp+c0T2ft9XmWL%z7BBOK_v2*eKe2u5vIy`%3>AwQ|7R59>bv^k;Z* z8Ql9+kZrZk21~Szn4O*m{dbDVJWY4N&1ZK$YmKCLQ4D~xs_Lu+hAV(=>;pZ|JJNRk zD*z2pPHx2ZNVm|#2B7A^P5)K=MLrBxO=A1q8-u~bZVTBhvI*1T0_>uS8I+NVa#n~k zn7klwaYke6wF-^#q)9l3w7)7ozhs7*WQX2381RF^rXp!TVWWGY(@T+;up%$7=(uuh zqHIkfZBL>W@PoysVzGarlSiS`dy$u@A}^olxKnH*ZcSpyhoUXgY*u@bG?>KctvJVF z${mqJn`1tfzf;PV?ZnZP#uKwZ9mJr)GokDTizzEA|sE+gmN9^V$=&mMfu7>tTne2Okz z3U6MD{FK6nMH&-camgC7@c|zSC!vT2xWxHL5N)R$Fl*Cxi@@JFVdXSg1fFBTzF&I( z<*fh1$?24lTZ;UIKD3_z#{Tb|oTRZ81Cz9~jiHI7rGb&vKYF_)H48VSWfUHx2}~(m zEFge!^l?aQ90_chFMbw(G9nGab*9-t(T{JidU3=6!np z>JfDSw!;Jr`$_E7Gem}0sK4c6kDvrLBHooZ@Py&ThVK0$agl#ZPYTuV7@))e*TEYZ z;;P&Z;h!-S?@0+T?@jD|guCHF?Nz*_hmTO*3d2v_6sFcd#n=Jg%6L(Q+U>iMWXB&b z7-l2fSEe2-bK~{8-uQQB!sBiyEniDKTu+>cFz~_uRvhgq+%rMpQ@$lasUg21TNoG+ z744f}@$r_no6s<=m+>;SY^5=s*(~o(nHPfwah^^uoNmLV8X(Ekij_HLbTHCVoH6aV zFlmZ5D>1l~BEw$JZI*vDGsODfyx9(ta*g4WNWL@#$@ySh%b*xsbrMVb;mJBD!-tta+AjmVge=>`7 z;~a3Rw5RK{^-LF_ikD3u7psTXHH~CKt1g8^g~eKGo=}{&F$hDgEl#GGt!HiOjAm#(#gGe2~%YmSF^Iz5OP?pwrHuWXY|;xZHbH zI}44QIvZdT)>hBO->aW$&<8Z4q~FI(lTH__M4zY0YJ#A@t?MUi;_f^u$4g4Xl%y(U zXjl*O6q5vEcgC#U!~xQAT9~6?2#>a8!Xgno_17)qKlSJ3NucajTLCfL5qh93-9VN@ zJ~H`~i)|@_}tv(OS5R)>^uU19QEXQki616~9}<+!^xB z^09{TdBnISl2!gv6})ZG5WKw)=h%&d`9)qc@WMY3!uXbu$`|p9#vq7$ZX#ua}n19K(KT5SHRbfzCuFWVY#e%}Oq5n8#MY@(b!x4j*;JrXJZq zVx>uKO(rmE?`dN;*85o(b#yF{X+%Bhis{3r>Or}o$`x>D2}{RT@;MPqak$k)DyLP+ zH6*hEdD&$=if>?uwU;KS!mX=(SuX;)N~=0~yd8Nn##Ft&Ixl9bGP1G^HPC;*!j9PVCw7HHj> zUMY+R%!_`Q7vS`{02}Sa6X1RqCx9n$@O!eb#zvqlwlL+sW7x32iDEkx*4e_fJ!S4d zDwo}(7^QLvlfaF!oyrFaHgF&Ae;Ydk_(zxHM}Stb?+z8XWSIN6mwExpZ!8dBp;dPp zCijm|wT~h{a7tNjsvMF&&Vu_!ASwOT|6Gu8eU}Je|rrZPX)Yq;u2J63KYiwVE zRU6d;-8z%Jn{A#$KDZZI+$+cT*Xq&StVg`>e0}M%+>4F(@CbZ2ogZGGZRLf&*6eYY z?Mk6vvHk{+bK9E31p+lyxqBH4(IY}8vH_na#D@UE2yAb0t2W$`?M8@@13o5tZ{1VR zLIL~{ZumI`AoqKo{3H6&qd#nnLF$cG*-trwa+W`EkDZ}4JM+ZvebQoitZgMQv; zUvve6+fm^bzX%EQiCjJ>a>I&QV_^r1dMTkO$co(dL!&6(jO;<2QB>@jbY=Pm@Q!D> zVc1d_J~dk8#Q0Qt7)z-G{H$ynH>at52bhcA=T!A28u9=lu+;Z!Z|zlQ$QGY=E0Z@1 zT3gYAHvzjX8efcC0B6e@z%&7hv#0h=#Tt66kh9;PqPP?A{c+n+((Q3HC zNypoMCgAHj8c*qwf!a}c&&o=SD!I`4EBr#u7h-CW{m`ijtzTl!xpNL>Q5x?eh0&nZqZs(KuJldI z;iz&uDnS=YiWd6aDi}HWOR&s7NZehZv6WxBL$I(5UsDGkQ=34v3x7=;U$s>b+et;f zBE&zDp4nuI8j|y*JXaMCgyI~$&1V{Ny!FoJe$NxDuVu2IZGXIFD&krvFmfu+j)bnU zKWSQzIlN1L3JO_=`?kW{Hk zS^uP8Jp0=#SHu=RGMlXyl6ma1iqBAgVLppw)0dp_B^HXm!+2asG1mKX3TfokYya?w zU+@bWDiK54DE|2iBCc!*$dyd3QE#l_u(jgMn^mS1n7`rv``Y_B+jG0i?&CZG54SJO z$LnN7HS<327X*RmC$in^E$gsxx@}g)x7j1@?8XB>)4WzWH9;Y6HCV5gAHK;8A}GC3ClLb0M>Mp=uK(M zdlH@;qp##tL@&?zfRkn zvRM`)N`Rl$Wr6iwrsZcylyHz{Sy)hn2t{S)a?!*>YuEA=TUB7u{t8wf?%KF1Hzvot)syrbCNgi>39jy)SoJBdV9LMKVLS7EAHRIZ?eKjUG=`p$9wKv{ax5 z(V&mko}N0qi{QX;2f23>6A%a`loU)fp(a-smLHY@X|dN50Ox_+5|Iydlk0mobQTMR z3p^2)7c?(O=oMbVs|=Lw*mPiEvN;0f!NXW)4+{3_U<}l{jE)alh%nT+g<6ZrWM2kl z9hFRwI)Q!sd;UFroJv9tjLrPlkih^}Vtt`l%abUq_IUEPthH^_TDO12w-e8rB|nDo zo2~Sc*kxtVz(A-;YpS(USj!)KxfCp&ITDe4GlBYSEAGaf0G#A zaiZL-g^@cW49IC|=8EY6s$C;)gnxeH$?&5#xh(dP~W7i!Lm*e339$+Q-Dx*k{j?%>_nO{zYEZ zAuXXY_Cx`*hY4}O8FBbEkUFeEe42MF$M#z);nBb_aBgDb_4hCDkHcNkVfZI}!3`bu zu&zlp(k+FH{c)=+Pt7Rirv}3KHctME0c{-O@PrP#)Z>HvPk7ymY}v@`{tAK*986EV zdZ=C z0p~=?UKy7!KGHXGXE!{CV=b%E*Cl};)&pK(x{=ptz~A+-+kepZJyT-0tyAgv!c}e% z?r~1Qw?pSn zVmD9=Rp?;&5FK1&(GECdmiptBCmSTR3a$)y@?S0G@)V!Os8HCI7kSOY=C1bB`<={`UleP$2B$^ z#JSLD-4Tqrz}K=aS;hfM3GjxPsDsW-@2qM-7*Du*9X0-bk-QiT@#0Y@7kJwf@=@yM zCiQ9FPB=bb&@1-{Ht|~p=~13hR{MNZb9Qz9{`B?z#B5p#n8_bC&<>_GA`IsyEhuEo zUx_Lcb=pTjHBA&22uAsXBa&EBa!WqLP96Sn&YBNJf?A@UY05BQ$QsV%7Ab>k=8!yu zbn#>iEXQ!OFv*|GgVfi+&5PD2r~cX*iALzg5UxW{=oY3zCw2?zL%DCp=tH}Y#^^(_ zug0jGB%jhT?gRwqV(r7`$R#qb3W=ENX zpk%CUW&xrj_}95HGkZ?%v^da)>N18S_!9k!+MW1!u`2cO81YrwV2NZg!m&Own=Nwj z6no!w2iJbcHa!0FL^tp}JGWI^Lc7%gv9%r`x#6%ktD0J>Zmw_`E+h3omyV!~*|LLV z*)ncPVmecBk(pEw!zRYuuyj_1@iFs#>k<0LHP!isL;*Pg!eknfJ)NiSWAI20~S+t;uT!cG7~C%d2N`BT?{oHP*SZ`4He_KmW<)vkt=o%ehzi8 zWI^pY1QV8ug%}-`>UPLrp@Osefl|oK>;ebl-!NOcvGy`6kbxHs>1kbvF0?tLYqo2& z8vCD29Nudz)>7)abOes%W^bNlqB$CxeYp-!E3_OOJT^D5mJrs_#Oo7oGJQ1yB=Txd z)Okj8#8yxRyx#pxdwXLqQU2R|u8^>M^btakPkW#sYMEF_U+4kiqnoJ3O5=JM6xjff*!D z^VyOfo|I!|w5K_3#5rxoxs{Nj4vKw%E^CPPh|~#CS^Rxf*0mNve@=)Yd3!^gM1L*j z53)?K2wQ$`UD=^2EOw1yDNnel)U!y}DEy6qetdYMVh@Qi_Nv@L@;ZxyxK2dW6nctI zxlezCwy8WE$@)R#c6V{Jq}b40ER{+zOi@g@_eUljv7A$Zm&PLdb}$wQjXkFqcsk~y zHd#6b%M;^&Jz3Od)?tfi6M91QtQhN%2u7O5N$!8WX?yE^?|NPrlCs9iz|Gs|n}uEt zynW^6^$}n$@DTA}Xf8rdN%d#XiYm4(Q~dqgX`6U-Igc=ZJ7HmuWX%xH<5YOpPjdnc*9#RXliCrUXt8jRNM5;nYG8v}r8APE83Y21Rvoh467=-hHy&8q- zK~6$oM3v(VFk`=;R~PIF7p1`a#Vqb}cOQ11JR8d=5Em2Ut`?3%Hk*anRu3}m#568d zjK~7@wk7}10TG}VQWd#A7BzxdLdfCBE}g74B7)~4_y4ZwaV`-{y*4dLNKvPlVnm_Z^gTnQlLI`-13&ztg?Pi)bY2Rz_-hE z4ZN!Uc9z6P*TC;j%E}m3gH6owH@(2OYnF!TpTUn9U*Pw)in>`vtu2%h&DysC?3wR5v-g<~fy?yqb z3vPY8f!(b5E7GPT@Uj4{_7NLXoGGS)_Gb8Ur>vr@43=S$0W2wri@S(2@r>K0dyMV0 zdQSa=u(}P~61l?#cX{si>;qH>ZPp8Rj_B{*>3Qc0aD!WB_2f>HCzH;P~D%Fq%05s0MozAn|=bUsDY7_ zouj+NPX~;c;Xis;NeVJjzZl@XE!0}7RjjmnM7SSjDOn%25roN+QBjbuEiji7FGcG+ z{C!2f1GACgz5sj^**l)}yI5i;Co|kTCnuMmN65n2`>VmgSm2y1+tgj_b`28@zJ$d% zIZVh|wOXL3+b}4DQS`*l2yx&NyAT3mW6SLd!R>+;HMjw@4rE85^~s+L#8>a-2kQs} z--ki9H=x{0UdUls;AG%W$ag%v@Dy23Akxs^S4wIfHb~qvM4=x|C-B0+`h*0UQUc=Q zAxOHc5;V&^IFYJk8rC(uG4Abktdr`ZaDofc{$fymvtT?qlB+T{ak?LLW~yCfECq2X17?X1OBkemUfP+h;+v_$_`^8HQDgwGq}Uy#fBS zy2y^#!drjT_3-~gU5x*!E=3(HBmrceh78k;OY^lxOPeNDEQY8h5IkXpKt*z7e^kXc z-qpyAu#8Q5F02*2BJxIZ-j`n=3VT^3iH+_SU`Nv%HNR)FxO~4qzkZ>4x}6n-zq3&5 z4}{C$!QIRbB!`IMHe+;#g=Xj(_syO_4+#U;iRb59HA?2YLO0pQrT$^2%nW`yGz&iS zOd`Mkv#VjnYq3@DIWEs3{vMyVr4aU!8snju6RJyXv&xKoTQ)m>rerh(tvn0>>XS&U zh&M<$L9F2~TVB8)DZ(DxM<1gCU!ou^0>pwjau5Y8Vy>uz9k=Esg44<=hrXoQ!PLq7 z7|h6g@X%pVE#zKmJ-0ZqN@v3jHewVl@|QhX{{AM=2uvop3+q;2y<0QOpn}Fq#^T!Qus?4J$cD)4W8(~lvL z{rdlY-!lE*3?aeU%F?>(u|PE{zIX}68&M=yu&CBNZ~l4Acttw(Dsjvj|9jkDiP(D6Ax1?bd@y9oss)|$`jMIRd^#4 zQ7i9}s=F_0rTY=IzBp{S;2NZiBC$@O+%d`&;#$4F`lanm-1}cViCuCGytH}9wwjMT zHab_n=SPU-Tk<{@VhBugQMb(80J6sUAUFC-ZJsQH2FR!)@+!xLhuLz7+tI_FF8gu# z)7o>kmZzDbd70yR97ifB|Fu@;t&giZ5x6qhh)DR{OEY|~;O{k`${t<*Z^r6`ZNhVw zSAtX3Yc6%WV{C!zRgV6Ka{Hjd5Mld2SjL|4lq9_@FI*i#j~J6u^SsL^-XbqBO>}B+ zzSECvrk{YeYL34u3XR5TRDf^)#R`1rlb6_jSO=Xy)QNw~I{5M4QWj4Cm?TB1{72bq zMuK~c-uc37jTA;6C~<|B!9h`TE%qyZR-TQ5m{^|I#5!gqLH5GZnvC+Ca0&kje@R3h zLRtk_D!d)64zv!e&gf68D|eP=jZqZa$n&P_Oxtl+8&mi9_9ot3z_EkO5W6g#KC~J7 zbUE;`a^?u(03uxqhOUAGAQh$VkVr8007Y0L2DBYT zYyOT6$Thi}8os5P%z`~I>_K^S+FZ?fP<>pUG3l{wCgMre30H8hysg&uB2%+21Jk+l zNO@`_T2>3Cs<(i?)7jkR0cqTfT7)p}qy~ynQ(XdECJc{VhvTBZt=(DlkQLpk7M&K$ zAE%C#%V3*2f&^lwrD^AkES<))?jFE}8&n`8rLpMalL{`6zSzp@!j=1I}jva4GPZ5o9V-aj1&1?C4>q&Q3EiRBLsC0r=un9)i_NDoO5?Y2;Z zm1~5{G%Bg8$R}x%x(*9c+9xFxb(7G1bu;BvvG$&Qpm?2K`VpFMR?b~(_K?H%Lvr|Y zK5YwL05Ed9JTNi)5HNCkwZRm`DB6oRyykQ<{=pc97{w^aEa>DE^zJ-k@=LLY~JE)k*fg*%6r+1!^wLb32*0b)83ERW~VgETb-N0uZdRq%qSO-g-ss!I1*l+geAQqz=h-}r(!MhQy5z;`25YlM-WK3Wi;vZ{fa4q znb3zd&YWOp=BK}sQKNS_dZSv&x)QkCbVsng13;{bx&;n!5zDwv3TjKj$X!bgmVJ8A z7lBf8^-&61FP>&Kt!uz^aObn{{9TjHDK`V}W}D7TYw}~ZGD2tzx+ln^=X?C^n~Hg= zP|ha1l9b=fkv{8JSO{0ES9Vp?=!)G8u}x0W36W=BP=99+xxJAMzIZIS($5BZXmQ@r z>fGXjIuuOVZ(Jih!_2${w{Q-PlKce2KsCMKSdK`8Su^JEgFPEDW!` znGemBkM_A$jK_!c{aNT@CTLA=biOC{p@#TYYxyZAXcaHs^Fx;B3;*3Wc!dwu(pNqC zE28k5G|acXSCUWDhslfJYySYZG=i8ZcE{u=zR)jeATaoO`C#?qb zPR?ZyFZNaF&xg`xwq7LI-7(iK-1x^B|JQ`=V*mF)MU6k5CXSmy6>HyOuK)du}j(P`S$t#gN!Z65;Bkt^-hc3D({jf zi2oiP!u`gNuTrfIFYb%1BdTB2C*;D4+n8oO=i-<24l|e62a=>+wQtCIc8l=mGdQ+e zETnP4NY@wJo({fyMreCKz+fjU?A}1=g$2m!P&CJ{LmJbJmRd0&!G0 z-em>bbL*->wot>hSCr^%X4m1@A4?!sC5y+xRt2_#2JygS;;VeIl%^5h_PZO+9eW{@ zP!-amSa#ioP*C9H*OP=ZE*O-h#h6FM6gids#>k*{!r~wj-nYoU1{fOW{RSAl+tE|b zWn`mO1Lx|mP_K_jJ&I>;<35sFtNRjo^(Koryz! zOhy2C;C$j64=^>{Xy6g)N3_@+c848W-G=s7Fpkb6G8lU}v)tVxbl%~)HW=R7n*j+S z=!#Xw$`dBFJopi83q({RN+twj%s+NW+@VC_4ucS1iV_HPPJ>UzzX=4VmL33sm!^0_ zKy#cMV$3cZ44&L=ZhkDhv+ik?`5ha>i*<_EuFAW4l6M3&ho(VpYOTch$=&XTBF$Tt z+8go)9CyTkZr^T0;xkpMV#aGnHdED)4D}#I_^u3ORg$=cX0$@sam3%6EPjSsJewcU zty-<)`(HpY^0G|j|LFY){Y1fkOG{BQadfdZaT2n#buw{t60$Ziu>CI*UXrSoE7A`M zuULlhlwMw(0$yG`PhW8@FoT@J&`KgN9+bF9o@&p@BVL*-4T345v4|4QZh~(og3k|3 z517SiOmW+Z#{1#B^nJ3>W*!#*QuFupmRXMX=M(SieNK+A2p8y05->smA#G?YxdHUG z3?C98cDx%E(QFioaEKq)tui zO5;STwC9xEO&6VxB2$A0P_q!SC_o!Vqb|!wIA*Lz7*kd%{fHcvH-{20H&^Z1l#GIz zMn5lzp$fv!QkUYflKiSriKbYw%w)%iRXj6*TGR#1$`kIUN1d>=knQb_EFFuPELEdc zC-cWCqfIf1R~LvAneJ7Z4k#>=EmWC{&nrt$2Fk~+J2cFDM{*bnL^Te9kiu1rWgEOY zsuY9aK4ZLYI7=x7OrMASxZz{@OY_ww)9U{&M&?d1{XPKUTf#CAW0qtTO`S#7=@^JW zyaOQJvF|)}+^Q?>4}ie)YNEkC&N0Gf$)E*~y)#`@TrC|YXk13ak?@fb#Sj8Aq$`j2 z`v$5fEK^XG8nENTQ_Qigq53A7sy4JY~mFuXY3W89@(+c z`v)yoZjcA#`If(Tw*4#BbS2ublv;I%Ba|kQxd}OgB@Ks3n#@#<3T4635N5ruzM@`i z(2S9Hm% z&unMWdl4e|Nu}xOK{hzD9QULfEQ577Oie?AVU!@UT9S@e5=yhQVX6l4(siYxv@$B> zM4>!}BJNhr9aUDq++-j!yypLevw(b3;WxM&#L94 zu#1e#7R0#JmjH{+$x-o0ihF+9`itOvT7uhU zm-IDVpr=#RbE((&C3bL*3vCd{eSA)G;kayZ;k@kLIUhRJ%lnp1R1-p8ZD1YZPdgc_ z9EYfxKgt~L5iOe{vChrtv`=_RH>X4&z1|86#TJ@f?Cz5=%pnwIOOtQ_#KSE$*d`?8 zk@j`HK<%@0RO3%$d#b2himws6gC4D9!I;>E#4ge45YH}v0T(aZ?V06b;_902lDI8; z^?C)X7W@JeSoHIwD|i+ay{DWy=%v2;^D%vgT}?;@WD;Z;lRr zzZ@~$8jekItQgmg0={jQlka_Ij`N2M{OiaPGB&}6rd_V)6t>NR_tcTdEhIi1R23xC zm1q3pUosq=Km4qqKj^~kC(r%2eSM|>LCiM!!59Bkn)*Q)KeZ0@;O*7QRbw4b@r)(6 zQWc}AzIKF8r9eb@$cS(X5IV99115t8EElt1uWBgV$aI|zZZC3sY#H)vYZ0`Qrx~u< z*YpiP_~Jbp$feF|p#PFFywzx*w%K}Pp!w=b%T0ebFNjmfVtl}3aKt}vFX|<+gCGW| zr34WJgbsbYOQSGYP$DPqMNw3-%dnL7D}@yfW73uzf3}{C=#~`gS;VpT-5@&J8yELZ z`0TOYygW}Dqj%>*EKa@IT?-Y&ji^99;9nx&^*jOK0aABwwz!~iRbQ+z$XTX zx_Eu4LDw8N(){|D_)9pelw~S7?}-O=hS}3^Io(MxLV~!>h=xJ5nj%=s)5I_3a~yWJ zgIwtK{^)=ab9Hl0^SsL)h&AY_is12DM+W}js*OZQKB>a=wrfO=B61*xmHVVfiW)(o zW#?l{S#p%CcS4!-EZLAemuk}E-_^S9eYL3IkGh5K0#AzVntdbCQxjL7w()fxcruJE zDTr;Nfm_rnhF)<2HXh-qI<8@wBFl-x=d(EiQ++U+baNLRRZT;--XK;@d;>43R>@^_ z@u0(Sl?P<0ssC zbd{LCjxWR5wSF1E+k-OwSjG!xb_O)AvOOZ%f~Wt&6p0-X*4q7fg20pn0D$`6;nn}P zsQ)aPXuxb|oV%z&v*fn=Ict4rcC_2LwrFj-xW3ofG&MI}`utt{Zo57_ zlyOU??$O)odfxEly=ptoeD4{!_jS9&KAc7D=HiF&;NiEMrDOI`D$oNxQF}NCcs;EG z_zd=`n7h8K+w1w|#Pq4U^c5rfjg|Xdunk5oVK=dXcW@7Tl*)Vr0CH-R}vozr@V>tzCBJ^r2Ih?&KkV8YFfo*sIt=8$EYO5(EvTHMQg%`>%WO zG?R07(Yc zBA8-Mwy1lkSz1n8<@Yj-YsC&$eoqTpm@O8aI{P@7EmoZgW8!$SW|Lo46b)pogUFE= z5x9{{!v$emYfI9U$tOAk%r-)danr&`X*hE)xn;k>lngkR_~6-y#SSM#3XG63cAti}ghm3Qdg63LV6Z z3L9*+K7&O|p^o7Z%w$-YtGBxqMtM&#$wFF~o4{GfBGzqVB zmAtjQg-6}#Ju3WEvZP9;g+X_sFuj%jOVqX zmFUrqXm4@4tiUf@nO64J%DvJr?1f7e6wgz|eqhCK)~AV68`xr8Y+Dtt<$LZI2kO*Q zVQwSH3>jM^Vfd=G52e}*QvYssD4oC_9gK&FOO@|2LHo@4G>$3BUG9Y#xW%QK8+v{pd_?+s5;!!ba1G;{Q0!~ z$>vt#k@!M?9idlBW?;N`exew}6+d$(W`>W~QYRagm4kOQwp?tQxtMHdi7^wyg=r;8 zaD*KY6dS6IOV*RqiTe|Hrh1(U$?^`xKLxMt`Z5ItbpuXLJDRo_GVV*iF@=EHlWX>* z$%=VSU6dQH2Y;GiLm){9{_zC!l;@;%IC<;K#w{XzjwLsu?D~89gt=nV^y?nGxEB5B4Ar4T?!>#VTo zC(gJ=<3mwanyHRkNzv-|$BGm?CZlW4&07sE`frx6ly-!D(BN*;n*APry#{Kdh?4w; zZqBlu>05m52@h`MlqGD%Q3q)Yu@+dzTO~zHp+D`jXm#rat7)&ljVUKb>KWtt0yqNG z+KjUMYkZJBEEy;$(~@G{YI&@51ZmlCqr*kEM(TBMOG7Efg+y#=W1D`q#zYEu6mBt%wbe^d{Xi&GQV1xtVzM=b-o zMYfmRQu;bh-=$3wE`v`gpYzH@U`%70#QQb&Ghns`TF@U%JkkD(}q{1B!p<&06xIi%16sGE|KQ&M5sWN~W_4oP?nJ zoClgGbXq`b1`3x{T2PokR>f)xXes?6Ox%*3#V>w+6tY;E2t7F^P@r&k0#R@n+`@2J z4=f(Txnie<0=|;Z`<4h4ERKjQsIUwt+r;7i9dr_C0dV&SQ8AcaSUqz4&sbhu+kavo zCyy)HA7~|8p}z4*#&(Q80ENilN- zqcpc>wi(}T#FqeQ0(yaZhv6Ewn_5a&vC22+8czL91qL_yTVQmGJkNWsK?rg#uwlP1 zhj30kj7QvxLrS-$$}YX@cj@$-2nlp`$8J49WR`ivJt1V*`vU9xs{*?Cg2gCA<9DVl)%NP4_j(t>2f*wHG z2O+VW+}xFtkq$q?lDDMKS>FlZa%m)xza7I5uL7)>sOK}$k=QA?ag_cwqk?w65n&uI zN)ce7JVE`82*#RoZASmrdVJ{F2z~R{o5Q46CZztjS<(ykLm01^Z?rpj@eEah7yTF1 z_*njzfYzssxrjGHA{w)r9&r^UWrZ9ir~-<-;8jS!9LHYW1}bG29c5mdI>ny1xr563 zp6g0S#%U-WPVq;s0*~ZEH>1Ev3Bf)SEe;b74pZKK=)8jQxxTxCI_C?J>igWAP)Qm6 zV2lyn3vx(#VG5h%!i-|=KJyg#Gr`yA+5zJ<-;L{k7=p?L_BH~5BqBCQ(%-p$6SY0Sg;ywq8F4rI=4l10yTuSfcs%^ z_wZR{YAho2@LEE4-^g4lL3jHkQ)~?Y~@z|GtWu&p~MZPDV9ybJn>6 zS8@7lp(mu|k5pATK{c0+QS8r&V-x1nJ*el;l)k9D2NzsO<1M@@(RDVWSLa^}(Hu*3xOkXd#DYW8R$^hJvxRs&<$R|B#@FY)Jh3Ma;dmH4VlRDP zidjNN)~emK)VKLV-S2QuoPjD0MVrUg6~1?4P`O)djHf#Bs4k4^3I|!3pQL&b?T#io zVfl?^x2vd9k&1>P@aVG3Ym~AW}x-4TQY`7bsfH>V8uHd zI6eUiELLJf86G#6>_h@(73_qXCrEqrnDCTqa*miAi=V zcZ9LD72!qgHtYg__2)hAl2tS8)WVxu-agC8 z%NOwy-?hPKt1;cVUdRC({_7Nl*0+DiV|$g*bK}?Z>@BNPCsWuXotruz?dpI>jzGH| zCdzC0&%q+1AGNH{10dzB;R_WmFu1xE$DgN)PP;3#pTKZv1V+BlaNb?lp3Ekm)&x+D z)r4H4tiV#nlebo2zp{1fo2XUv<#+s*Lm(a})Q;QtM{@g}{PLyRoZ+sbvNyhW?CBcX zSgb;jR@b#J(g(ikLmcU@N=xq4xLZGQHz4G$d>?j}xLad9?7 zmt>cAtN3}jymYOfV6pQGk!w<*>xJ^eYo z<>q6rGw*sGH_j@=vlX`$+?tTPdTd7$qf@aJXb=6KqR#%6#DP1NtetAEU(J z1s@qpa9IBm8-e<$SDE7qX>?B4x%iV~+PRfJok)>GD#7i?X5=v9W!e4ldIPqVZ4 z-?}w~K?Zg-T03W=Y z9mpkJ7PNzjb-|k92G|Dh$ALh@6&xDT?pn{fs)uZw%k-GYzbM0%dPw+HVICU;)M)am z7B5;~@BPIDt=-WTWLMe-CK{W3ZkTR4c#dX5(2`KLn9y^(%mgcqYT|Kw3ITGNJ}#y9T#@pWq0oGdhc(} znK);j&ol4)$9v}eo$vF6mgzSfoh-cj)L!m+e0FRDu8;Ki=wI<}B~7Sb;Bwx%VgKUf zpn%V=wg$J%hCp-g^mt%ip`oc3e|xKx#m@cw;9z-ehQ&>HS4VTN{&ed2aC=pHV!jXE zE>C-A9Ras4bO#_*Wm}bGYXx;O&M{%TGwq@TTJYN-RZeNzT^F}1CQ2*vQ`fOduE_6J zpAOZxc~4rb|7IVBI_<@(+IY~C{&eBwHjEy#+)THm6WsRxNMb=iHG*^;t2>+6oleKP z+Wnp8x=5m4S+Td8R#9MM-Q{_2_O7Vq(%H9<>xS~0s21vHdCyx}>Tm?ePw(_uRzVX5 zZSZFSd;-PizzYca?xa?{3EyOi&!x%I{ZR&;fi|uuP2qUvC(~t|e5Ndk!)@Ah0bA$I zEbK(evRWClp;JfA6$Hf-5dBiXvnU17^G3{Ubz`tbF+vRj9kB&Bi;Pe(-&;wkV)CBbQ0_@y&?^uxCGN{KJbmXt zM5_+Ed25GNN1b=trVqL1nyZVCupA*>93+P^WTrhMb!GKY_`Yuejl|*w+{sAZB54+Z z#TMK_$vSIH4%wQ+v`L1d6;gDfM#e%Ix33M*v zyY@jOeHQoBLba;petU06u<`LgIADw!PGjsJFf1gfjV+Is<$x>| zgIu)rmLv=tXkGzjfkKZx5i}X$%E7@8`@an%z4Gx+c7uQ9AfNx{pYDm2@ zg&L+pJ1~-G(2CAblAFt2 z!a}6!v~@L6d49Jg(K?3l{Zt3X#*n<>0}GY~&W^sFwr*A>e4NKhGLLxbWrMc5=;!F> zq;nZI%pdTh6V3Z78V3o{Q1(owVr9tD(`QlFEbsMvPe4Pn&I)Ic8eCz&%`OX0?i}D} zkg^R|FB0R?MvN?l0A!&RVw(>hZX{)gc|P*V^iF)CZ)zGnH|Rv3p4^gs_Pw<+5?PRTawI z22ppUD*;xAxw5!!0|ZKS0Mlvxeg)*KG`^x{#MdJWGqs|qM-C3QrCMU?dA`qm^qISy zA$k;Q;<>8L;kLPNFiSDsZ;kTqF3=Fra(FsXdr{p6GBnG`1d+*2hYNnc0~UCO94Dgb z`#}^F-#;G72yM}DdqS)R@6n4Ob-B;!;5 zjU(wy3ey2@CJbEBCyjzn_r$Bs%Y#8DszwFi=<=h>b}4hMf@(x$GUhmHT&AE^4|*ro z>Weym9Fd)hDQ!VUv)9serJeFqxYXhxC2}R`C7W>9MC%j-wOHo3kKkiiZeJ8hL*aa_ zef{QJElz>3p`!cz=xyU^V@h?ezzvjYJ@v873NI#Ulha}}9LlQ+yaDLcd8+ykqUQS3 za^7$?qCs&J?~X+G-qLrjp_=K@gisSM+)2Nu(1~uo0ij^W(hqW#wTYBvMA@ggRLCdZ z??tE9jK1h^A+)@#O6_}$2kxphFXpV1wgwtMyKv_52Bb~bDq}fLDU^7Cygy|hA)E7f z_ZA38#P}1=_-i*#ydAth*_|Ts?q%YrG3C(beAc8F>JLoC#yUpmx^<)iqg;=RMRsMl zhOb`|&nNI$ zBkfd(;jFh_rleLBIDv!hTf=yjU4M4zFf#^uaVq z(&7d=EiEL6bW|*^_N))St*ll@Kj}8w-Az-h`Zi%|SGE`A)2iB%TbUP6LxuTD29LFvtccGt%xXTw z?BXtA3uQFcQkUkPcpgaR{nfWA&Q3I&wm2`NAI4wYC9l=c^#}oomYou<;(2c}OUmlv zaX0i#$!UN$>lw^ni7R^CJT&F>_}x13ZJ3>5qbgm%^Ps#0$+%sOTkXLgc}Lh%N~T%j zOL41XF%sTF5yz#Ma5bdY=n_tm-al{HasH~KmXR}KpD`LDSf~f$dpW}N?Jagn7*bm@ zS&N|(&w(jG4aij0Ru!Lrv6LP=Uyr-Wu*DU;Zy_nW%9Vq)G^Rcn*^NS^lcw|`tf720 z#Xn@;FMqPV+$i1$Hk@*gZ*rM<#v$XunCcJ~K6eEcy>i=ZnJ0o|CP?(NKQzhcNSogY zQ`vQKGQp+aN0@qqsPiC(SXhRs(qi>XJX+oeXPKzkMCS^}f^J~4zL zT+F8yc@i%YY?D-8uE8v5YVkBYeD?`A+wh(AR2s!pWVXdD3Ph~;XjfNBpTek2lxj=loSMJ*s%l2ioX<(alAr+XiLVo^)7EW}?E z!SwYEB4Aw}%PEpwHRo55sj#Fkp)@6re_*k=V@_pa!t~~2<=kwzkuW*GJe!$P?!_a> z9vOqY++u*6UGSk2tvnPZnat0CT4Trj(%x~7(a}ChcUk-U)Z6xk5ZtEM7K}?(7OnUC z1MV!*VL4)$sVqddQq^i@vF<2ub9ZTQ7(nnC?8VeR8?bi7fpkH`(>3_ptr}UWo*_YW zoA%o*hNZKG{4Cx+13jjSTgB>7TLcW<_=B*Hyie`Q;W|wU;lsgkLxrjVCXebH@b>DH zjxJy}UI}VvUS5|A1NH8^7qEi^dpn`#COmHN68CNHvd*P>^WDSad9+liQ{sJEPJKN) z;sLEuz{3eL#p%~^IQ0jNG0*gLWuSNv^zhlC?Jv5TN*D7`kKGec)6v(Hg7r>Mdat@B z&+oL04QE~#W?q+1PDj>{&*x7DUk%t2bGy2`qPI7?JGipUHr0E&J2-DvRb;4wI9glq zt9dl`9A6g*H@)TGAtm~lTr%FVay;_zENs?Dv0qqs-`JCIloy+!&d%3vlL(ep=v4Gx zU^0-M4eZv(yKTow*0@tf=z@zc+c*27c8nZr_i7jlSxQByoY9Mrf2}40ja|7U!8(P9 z?==I4>3WvtJB8PI<7*8vVuzL^OoN`eiYFIIE4UoItNYPOl%e44CLl#*hZxEUS=(;x zg=4XcT-qYO0Ui>E}x5nt{|Z1dyIQ8j5lF);-p;3Eba}e6Yx^}ur(KXLg56{ToH3QN7r$0(B-op z@#uyl_ctjo;X$sclH6I^ihwASU-Gtq>v(Y+lNCcqL3oRWzo@>L5cbkt>!2(lBMTyn zzI$%;3!6U^|#_zB1oLq$tQmF3@0ETptN?%4v6Q zu}^`)ltH#D(WYG%zI(22lcgYeF+GIbYK2dGZ!W?#*0bbHqPnS-1lw+i;w_he=a$O; zM1y@jW7DHP*7qM0r}!DDXp%Qpp4Q-YDlqmr`i`r`p1lC62^}+YFol26-bgKje1Y!k z@w!L@1mp~B#Kdao61}9-G`N$*e*KVpEiLLUe7Ut&s zb#Zja=4IOq$YN62&F!J7leF6NW97*A8Dm^4{P_JGx>m!|IE})kGHs!#4GEE7e5F}q z+R7HgF`Q6Fs2S^|=vhHHTjOy`z&3Ds9R0F~9Oc%gpofgImzC73=XRjZeKeuNjM`i@ z11C8h+~7b`@hAy;p^h!7xO#*V4ZQ^)B)HP(gItJzJ3^QFOKV2=^5G!>4tEQ2`o8yp-RtDm)1ihX*`zFlS{ zvXhX{2+mJei!-PSdE!Rx$>erHzKw%U?2D4|MKnWD<<(5!(|GnLyqe3RG>4e|(WJKa zBPe0|4+A&OGfqqnFo-Vaw@!#VFhd0cKfemg^($MrD!Nm3KEogwVC*Fnl$pAe9Hi)} z`#hVbf=8V_`UKGz@hj-u((lygDV5cJpaD(SCt0)Ots_gGH6bNggxdhbe=g0ux?8_m z*ta%Cu3!JSasRDC^LOdrmuOxKu2-%P%hmHA(mz#d{@MJxhV$32|9H9zPW)Kc=2TZ{ zn&0{C<$8?js^9W=)ZaH;{tnCaLA#pIx;}G1&cm;V^ZO6_74_eJm+)}- zX1N>q_MM-=|D|UR-UYrS=Ef!DYU}7<58>M7FO@OyZ1}o@8@4X~PuN!jYkw^-fM>&p zG;i2#WIt#BO=J_^06tcDV_-+|{~7!U8NwUD$JK5O+^GIPgCF5Fcmwz()Qy2R&Cdo?p0rk`;CWsDu(1%8C`#>JTJXD;vqmGEr%VY(ak zd-ng8{o82WpUHo>_k2VCBKoIG{ck(b@M8Gg;2Uv>*q_8d_J);Yk*_W?w{GEIJ+iLe JJyE^>^dC1<!t&+k9g?>7?VNzy9vt=euX0d+)w`jj_gB zKb{(+YCg}bS(sJIa^MhfARsUxAkr;-;voO+fdzp8QIJpNJ;i1Bk0oEElwjR zIM)nL$UNH|`u+ojTW+$q3o$W^I?3X2wt9#B)KVr4>o`TtU?lJ~?T%E|l)kW^P8RCf z$b3D18-(m;yj-os(hB>AKro&xoztIik`0xz%K4v6$N3n%8+M<{om04lNg-;7qp$DrKPpQ|6Q4XaD*+es0#g;AK>4YcF*-7uCj9uE1Ma*1prF92*R~ zyD)(>dg-EvJ4I3DJ0_`7= z|3&FPtZ3+#$e|Ag0y6QJajt)FMKMPQ3u{Y&i?N%vql1K}skzht{`rS(Q`M#%mV_|` zlG&XPvao%PjpNy-GZ`*(&6^q4IODQ9*!MwTy2F~>ok+7YRn zI$||1;&>d1F+E;>bdW9A#%MH=RAK@HDvj{gB$}y>#R3DvNwqC9`uI1N>KFEUgB0vo zs394$j+>R=wNNa#5UPjkUw21Y>2p222|ELq_Qi-TCC|v2z?g`ljGuzA!PlBJ+orbF z!Y0dgyIe4$w|XFi%3C}IaFC@E^L}H1cxw+zMX_Qe*EG*6w}xX#1XTYFJio$MHKdj^ zPFtmU(+%LL)gR-*c5n5S4(TrS7G%TcX%TYiiuac>n%Z{IUoA zqH;hEwa|Mucr%@o$;QU_@OA$N1^>SOx5wKV0mCAs=h1SnA5`W~X<(N^(5&&BF=|u) z&OH6bie)*WFLg$@6A4rCM!UDbvBuisI?pM8&1@BDx&21 zNuFd-Jg7Wca9UMA177rKb($}u0YGD;U%v4BiQIwh499c(C}A{yZcr%>UC2;WUE*j# z7RyisGd5s@YpZ3s{;DJrHtC5QHiLi{@oix-rW>9iT%8$X`>tZkBNm9Y+Zt zYH5iH8Ie3Eyy1QAJVI5U;LFg;Fc!mDDXbz0^?Zq8q6X;Wwu2&z;shtx2`349-7T8b2o3 z>SM=NE$_L>zdvZhc3tYjZ(%h|Cb+LM*+hP!UDS9)A=bh*bET|9fpbwS*?y$;5Xg>z z4^OeZ3tCy#t(w{Bh=ZiVW&B5ZMbLuUa)`H7gJPUt?6!|0zd*7jf^E$cSQ+wX zB1T$}h|;O#I9V!I%1P>+o4N z;@B+ZOL3$fxGMJhN1dBE_phCR0?L>p&DraTlv-Q+}Yvi`{-Zu)a7ATti6xqF*H|Fz;99q+$696E>UO* z*s$z~`^5Wa@13ve$EY&Dbl9-=vpKzD!hxZSue8|Hb=9*x-ww@pf%VYn{OSkFu*AG?tj5ntyec$pV_5~Y9@P;`K&lW zvw}S0Bs9-jU{MpNy}TK#Yi<=L>W^Z*^WrC)jp;Kue+{g^p-Y$VE_&f#`mUVi9gOqV zq#iv1AhKIvI+|~tqRuy#EPH3js55r2uZMH9DNpVZZToJfTYTA5XVhbvPW|}AXzV)~ zSVb-e5#lRP{teF}-|B#IdZ_krC+8$%o^tiVS8|`KA+gZZSLA;1%(0#cD}_UCK`_wt zXQ6eUVWGoJ1^oK>v2S%EXL8D~ohkqSp_#N$@Sn_o_3{()KkhZy|EU>ud)F;-6u;Rx zS}Dw8Kvr5(vuO}bT(V|CN_vuNR;i-1vMQ7ZEBG$sFYVrZU}kd4-hTQW(;$KZ8}pEq z;G-1F)dUIpqHq=N_RdZ(u&FEl@t|(^OBk1{VZR`%!&y&!iSdC5%V~+RO%H+y>pn1g zi-p+mPe>@JDS6TJ`uUz$bjtN z5<5MD9KvC4!Q>lhGOE}}7Z)PGb<*w^z#(GMOQhh$?r2@jf6 zaq86dagWvzugSKg11!ROvt)eh-$g?W)l6zo%rEvOAvC|>c{@;T(4l?$i+W*NAH<;| z<4ilrVF2BeMe^CkpGf=k*?KH`Hq*HQ4`#Ny;<&iD`Yar*(uB=FoBd*jza{G=UT;PQ zAZ||-eRYn%b#AdrZdrH{=4MM*PZm?3zO3qUPLF8-pPgaV1Z(#gunk{41I&q$8>X4P zMq?Q@efUMA_kW%D3QYeH;A`I+n{DY4)YqMwPMB_yU-MQ4*d}TU;GTwIGYVYpn_|XS zD3T7P3vOyX+^6b`RUr zFQ37i%*lSPWwsm9e8#BY-RlgMC@JMdnVetpi;$%TSgJ-;i7RBkKB(hvdPQh;ip25U+$sfBnEPMi1Y?XwMI)E()xq{YqT~n^fZO}>vuB$x!-a8m)~tDVu)Y} zKrTJbHIxi!DK0C%X|D8?Rn7_ks(St2UvOK_hN{Cbe*IpLCqnEwQ(LGb3G8MM3j@tjca|Np z&QWpJ3=Z=_J2m@ZkOjY}m$ENM3#Fl_=^QGe-;^VN#D@@j64hdX%ZMENx^?nR>=W3D z&-kFcjsQpxr5hv(``pN_2ZD*2EYmrK^^`ijx;1x>fAXysishx8Z=^LDy^6-s&5F0v zgF!K$CD%@Us*J&bDdssWJw%6TG+voIREx(k6Vz#8I4m&t9E6yM=k?|B$PL?kj+$hmghor+rI>;3xwb^-;Ch$|TT-4Q8Pk&jOW@RpRp2>)9M0 zQ~Vk4LmHZXPT1Y5-u{79Vs%#=`Yoxs(kxT0UMOZzP*CMBm5JKIS&V*BwF>B;G}`9N zt)hM$k8K6HqtN9ZVWW#h$8G(;1a4IxI7bP{b)|5qk)0ymIP+#*Xz6@N z-56R-Up>k<#A`MlAZxayf!jf>D_c#Gyl*Qzv0P`YLit}5NRDDfMq;wN!+F1oM-{F< z1AOhsc1pl=r8T)9ivqd%#Z|o^^u1y%j$x6gm7K-B!ipy8+-T<(O1gy=y&_SM0n;2x zN_uQFm*UtpNyT<-+=_G_sLu{L5zjbPW~#wpwJ7~OoQWMBv-g$bR9L+x{9yfj~W(0qCV zd#=O47(xC7{ZuJwl1eb@^>k|DW1HiDxSHPeZ}Z!X%{WNz>D>KFLtM{iK3hj3PRaJ6Nj1pWpZqVnPtx9_hD z#ys3RF4IM`4FR3;h;bfPEX_oVS;qH%Vqq<;DHGIOlUVx&DyBAsQv=WAvSx@A=_jgun9n za{A!r!8;{;6@kDPOue+FD2f)uMmQ#u;|Z}P;{+v=Xs#=s7DH}XFNX`MLmetACWnm? zE-DAb9X3x{T?{c9hGivpZWPZH%9wxm>9eyfL#3@K>VJs5E6{WA^;2L+fcW#{%PWKK6oBd^cjYHMYvJ%BR-iW1HPrk#oxyl@e0n~ zQn`J!z`xzgU<-ySJsf7zU-)T`ox1rLjA6U^B%Xdsj_qE&pm7woS)cs@qc#Ew?e2`=VsMW_ z!`7pg1*nupyXdR8f1@sC89(pL7`Rn)V^PCya%0iOF1s*^V^my{C}BLgFv(*)xikr6 z#JVs^R8wbJAL%S#9YNDyJ~OFcOglH}V6*`=h+@+LRLY{gv4H_U+!peqCH1QpN6ur+ zlNqxB3xoKzt0Q>&)hi>oiVKy|fKIJj41B$MT|2iZwp^2B_$TKF`m(!@d?h<~IH6nM z2?nTN+oflRoLhvVJ_Nv-v&l7@QMB`HQ9=tFRp0IMfIwdyfOxYynH}f)~7{$qP|{Hv@PIXL0@mI^pQ^ACwjxDhtXkvq)q!Zl9GtsQk&8jJb(eG{DLxD*KeDH!}X2gAHDN7f#rZ0F{jGc~DM z=Vc6~m`HoV3k{yKAbK2IpMf`?3CsA#-jW#ci2b;TAz-~Yu2gtuQFe&y(nN`{L=8)X za{KZkVbNQdNK4Vn;$4tBQ@T0X z?6Y|NWQX~#MBo1v5rFE52oE$~5JAAR-KwvkB0zSByh6yxx+AX|YRJ2}k!B~ds)Btd zvu{rJEsRJ?Jf^T@2_X4|rLUUEaM!!GJ*n{kbsgt0>>O>lr|6KG(k(A;12hVwMru;=y(btS^}2Bkq@@pm?X9-2$sXpCV+rz-`qgE6EG+o6n9#TpvKEV0q4RXvO8p;|Y z>x8AY%0F?nDTGa3MFTKPB&NTV8^1K3;_P&xE3iubbY3MI%aYigm$adCN@A>Zp}PWb zr!?6Fa;P|OBSygWPgdFaPuC^grV-5K0zkMo!LEx3ay}Vlun3oTi6SZVI4WS8DjTTs zNOGFK*h@2l8F=v?sqF)`au^sawu&gH&o#2;J0>{85+KQ?CMK3{DR()4d=~_49I2u2 z;KfJ|N;c1!IUj{LeM|s{6{gamWiX4r6bri_9GRWDj8#2l^o{>4= z!ReV>bXO+)QYLX#L#T@f8}WlI34Y!>evDT~7^BA_6j0jB-ojUm+tgRz^l);e>Z;sR zZHmy5-ANHy+cbY>izw2&Lj9=~x~QQ&y$WLEcrGA7_X_I=@I~w+QTGb7YrGbXufv&Y zM?P=i6VM@e4HXfKujvPAzGXD zfHOLa{RB0mlOtijHL_k9AdKzl%i>tgw};#c9eJAVfsj8IYgvF?zzNz%@@sd&4h1L) z0iZO}@Tvj1MAS;#kA10#{=2Kts<qj17vt$<`%U4&Bx$V(nn?k5R`!7K%Rh)|@F*4>;y})ltH8@%QsXi4H_mxN zdN7CMXiKGsudjlfhPM5Xs;p(9Zt#%_-B%sm`Sc$PWG+b-3!WHI3Vw-Y1l)X%(pm>? z9nNt6=Cji=-{CHF9vaGq)mE8dv1H0$jl5Et& zqtatAS!SkfOgowLU_+@YF2>Im!}343*Hz6s8Kf^u)ZxGIEnVDULI`%D5% zPDcTZO=_ESPNDZIWUudhr|x_a-LI1U=L#%DpC8zv~yDj zo3|$Djh#ycdf3iW?T>1yTqUyZoJapK@0yt!8wAJfV#fLQbXOemVc%&3ttoz#;se_Z z^rUofi8hQd>>Lq^syslU;^;Wv2*NKj3BBpyaCg}b?F*}0Gz4a- z5x7T_9eh{+G^57^aw7;(&P{pM17EcEM|F8To~nrx^14P$56ac}Z?Kdi43pQigzC|p zqNuhHXztx)Z*pJtkc{8b1;I$uYLK8?lM7rlGjJJy{I-w!zJ!-mv~=PfNR{%YMQ!YeSk?=i{Dxa;RjE=s5g;zR zat!~@3ue7>AMKf~`|)?_lLQcUjn8|I)pu;SLDr)-i5F6Ee$Tl33m=#AN4I^Vu>2dM z3tFHPewT5bJmZW622n|$45FLZ8dI&#K~3#LEBnf_9l3CFQYnUsw$qbY!5)@WiBXgpqOAPHH$v>swIgz+(KP zl!yyzS>qu3B8)QWEqcSN2gmaW)*m<}5Oto$mi#;V+A7AH#+t)M_zhR2M0Xx(9;02N z2sRq_T^>@!;p;6NMmCra%s9x`^$kqurxE$gQz_*LkZlm6d|8_SF$-N;T1-S&a|Ju5}2jJjGQ6X%8cUhlwl>O*nzOBnWelB7?C4?WwHa-=C4WZu(tw51t+Fq3>yrL4(sA z!_>&q755p&oG4dMVZ4xDq(Yp789CDspCzefB`1>0+~O59VOn;bX*l?h zFJ$SavDZ2{M++4##p3bC)@GGbhI9|~j^1(lH&_>4N8uoUuGE&twpMSov^O-A)HX!* ztNFEc8k>t9ZbHc(ua-$EKnzIr@cP_f)g5BAc?QS3%l?hx)f;Cu`zR>MDk3|y3C{!F zp^Z?5cf#V5(d*Fd*8(t@qZhQgPn3u%d3!ijv0`912_PNGV<`H^~8eMd`2Noj9H z^&10J-ZcZA?w);Zg+rzFzV9n`!2s=`hnu%3Nt>r`cW^*7@Ie2bXlvlz;e$8*oa;cr zfqs}&l|644xTxMTsk=SihOBFoR!ks@BT+*muj@U>C3P89EQwj?MwqDam)Z8rvD^t$7`Td@ z&&Sds>ZO>m`!BgCBs3|Pi3917B#O;p8YUr*R?A*O%iR&Z!E{Yde1(U&N;p*=#!I@k&nTFzV}mQ0cGMyC>yl<SIP zLylE@8ffRUmtB!$7mgbuSv{~`t1LUH&!DV?nTd*Yg+}x52Nt$hZrZ|TdobXTq*5(n&8>gdP^3=+f8` zl&MC8R=wD&s1I_ud^`#ZP|;vNpWCvtruhb+1N9TDb@%tUoxN{yc-7Y1L^^{o&{El%@fiYAujdS*|X6nUWy4cN7xl33pZT= zeaV}0p_Jc)RWb3lLQA-)h$oym@ioL9Fy96F-P`Rdyt>n1{-UAw2*xV!sx!$C<#&ni zo*;yn=F?!Yx01UI@evT=^)sOhy-{H34fF@e4<=9kp|`!_1F{5Pkg(>P@O`>y4|F?F zZShEW$)vN=LFMFC%stTlmPcDcvwcdF18PJkiUKA*b&=~nl`2O7mXE|xR(c=JgoXR5hDds%5ft@?fz}Ja&<}s%1 z=Z?u-h+l@5AyC;HXEfcL^7p`zEQKKtLY_|vap~j0a`r$6HXPox0GyXO>eNC8r`*%u zL`0It(G$AIyOg^k>IU6jRmrW?q&o(?sbV88P1;}281SMUup-yta8N7^poQ3_B}#dT zoUa&Le$X;Q2F%Y{6FK)NwM~fCOne|^twaGlHLp>p&7aC0#3!1SJ|$*ixy=!x19W-tV#r8A%qgP z#5#Qx%eP5p^2vJw7DOg2wmTPRxEs{6eP0ts!EYyrVkV$OsIi{v>WAnixPo+Phhruj zUvkw0bHh3$!?=SqoKXbMr8tb7kqZa(EV|8+vKynB4T~v?A+=IX2){Wj{fSDUS?9k4I z9!?J;`d)p57a^28{39ETSOm63k?e*mI9w<7C$gw+;gSWkOwpe zk4wx3{P1eSuFB+j;c)k0(`ZbC{P$?|=uAVh_i*e{y8}A+v@gT9Nu!An0NjZf^MTAk zi|X`W6QuAhs?lQ#c-ac4PNgz)li_C@(AgKV@`lXa!)}oH+?{oop9c&)`}8uu638b; zlFChz%Z)MGFJXNIs*@ap%VneDzwJ;J3I^ESlOUk`la;)}P)5WTh=1fpyhBf;{0ZSX z*sT}#0h1dptJnL0&Kkys9h9zVP(e$R3iQLQ_=Xw&LAXhN<%2s2T8dib+jXhhb8mrV zO#C8XzntG+O4)NSQh@_k0?mlNmADKw2BA!dF5)T=)@I6@!Uu<*VWmvJ1Y^K8qpUDk zjH@djND+JKJAtC-Q^e^Sq6Rx`B9IU`V%o!8>%f#V)*p?qcPg`Y`g`a#XPk#RIZravR=yWo z)f1(jXg0+4I_mlx4G&`&Y}}Ml)}bc%h%@B0n-3xuZ*7o7+^uNOVR-$HGjh&(J0d5K zL-=*vXXKGRrMaprH%W*@%FE0Eo7s&)WKGI9(oAK+-!)}v0oP%hWlrAU4(z{=tcs7 z^HP;WJTPuGNqs}IJ;)fkjjr>WYjz+;?y=6|+DOLk8SQ@u+E@83Wp$X_Q8-p-!97;0 z8wb>aI~m(LPx!S*sFxR9iA3CnEH;XvaG|F-r^)EqQBXg{$SKk^m->W;O(Kk)c7za> zxKl|pbCL6Kq$XJ?mky$oAcWB!GwW1<)UhJcre-o5W+JXkR?JsSD@ePtQ{0TCj5g6- zB<(|)Mazh9nDoLeW;RjNJeP%_Qg+Q8-RUI{%^sl1Qp+y+^etK){$y*2T>_5Af>wSb z|2D=1!(Da+TFt~0L!6et>C+-u)SE1#*NI*#r>Sq#aKUP!M65Sk-5KN?ldI8FFEVRj zI`frf|CB1ZW%=us*4qrYn&Ssx{rtmgf51UohuDQr4TlLtGOzHv#Sh!XzwDqSENcwz z$*^Z+UEIrDEwrtX*gYBpOr+*H-XD7NA#j@va!XI%UvES~9!kQGDvTAJ@K}-%)c2iBG-lrKQeP34nXqH+wO_~noKh;BD3 z?FX_+zYN5xD8m06ZknY}2WhvSfOs9a-fZ+Uoc4jRc~<;P9wXhv7DXvjW+34UK);LnNY z+^dsf(&|7|kP8%)3+4G`y>ZQOk+_RMl?x}FvbX@63ui*$xuFLh$g;&? zF5yWW#(sFj`U6DKaJJN2lh1iftqK=?KjI(cUV|xhxE0*q9Tcwj?{vAZvwqyl6{nZs zDik%fa~_(Nuim~Dr=Yc~O<}d;bG!)JuiBq?(U=wcAL#`5xjB#zDnX~;1ft&d5=w&K z9{}*9){IaGNy3V*#~o1)Z-ULzMjBZ4(9mF0uBhyDV*L3?jnR>IdA1Tv^n4-#$i(nQ zx2JuVp+MQ0$FX?jbi3MbtK?U|RmjeXFL~_PIv{l8w2Jx~IVW@1q2qBMWM4xTWxN{` zAo#&fC)!BvekO4SdJ}6OeC8_;J6HAv6kLdK%LqV_Er%O-zrko97-tj^1*)wW4(R=6 z(JChj9l1EH7xe|ZST-Cwzeujv^o8QAoExOLh<3_+!*8759Rys+ITgLJ0t>&09Mt}R z2x%CGa;>cG>;Fc45%xv@s_jMmS$Vr>eX;AD_Xf+T{wGl5LdZGujj38qXo&K+P`l(O z!C_W^ZWbfvFFn;3OlD{%(%3oDITtDedfl}F#t%3HQMc4R<%(Lxj6lT?+Le1=gb|nS zlqiN+dJ0`{&>3Z|p`da=X7jhrvFZ=ZZdfKNPo&8vhkiO3qEyWf{~(J}n+IsAlHY=i z3KcXn#8zZ#9|IZ|H)+w|AN(TS5*VH@H34#g!_*Di zmg);I6}hpw z#7(CU#de&!WKyf5>Fo@vKi7+H3CS~A=^3xf#!j?7>f^vvogN#(U%p&>7_K8a59<~= zdWlMNJ$Ej|-J*z5HB<{#$bRXX#MWEFORea^?)}o&dN@_Nj(l6VR7)_lefL|D3Yr<& z2Iwb`@SxjnO$XGsPxpNFRB}f5QDd zIrgop6NP?_+diR2y#exsoGoN3#0g8%PuHFYGoWk-ekuT1DXH9FqD##E6`01WaqD#1 zc9_GsH#W#5xUsPk4px%pm6WLWOjP0L9Y{9&lw@DfGxE2QTwC~z0$1fGTjA5JJVa~U zxoEa}oH|?av#6V{mu~{|TZwB|Z^8|(g$v7drB$Ys>nU+4bgRF*rpc0Y)}j>u)dd8gdcp~wdVRazIaki2nC&-lDyw_ zjo$fr))h>Lbhj2ix;v$M?WA7|z64bBm#NY`d?0%~iW+2|it)G|MVC$T`?K*9nx9aL zFW8lbybf>EO$-^N@BP|PzYBVzcFv3u`w=7mNuBv}$gKMVj<)60xc7x*E zOWVHS^|m-=I=tF_*RUhB%y!b~@8NqBFHwSUybq!sQVKUAzum{$=j=!TMdmwlaY*CK z&sYUp9ZMZGV;29ncPo#ibmHudyWQBLMgPYEp-2krj*KT7>P<`WKc}3Rw8O+|ts_)T zZ3p%iAy&*y49IJGT@wSeH9i(?#LY*>xkE&B1lU_hr@$BVNja}PXvg%jo>k~IgJ1BY zNSKkx)v9(hfzTGEK6(m}4Rp>4Zwe2?wU9K@^Sih{IK1ni8-mnl;r@uMZ?}FgA*4eh}~NQnj7 zRzLszr|`VIBr==SV(5yfw_su^|9hr$>lWfNp~uI^4iBm(IW6g?F4xoE=bqd5?z#6J z56az-=OHDOLGKUFppkXr{m(g$m^1Egr_jeAI~LU=zIZq3hv2By{Y>l`sEU%u>L7$sj&)RV7Ls(TV~Q%0wIF^1L`Xzr*#$rAnbh<`Bqb@CF=IkCR00w0F%|1u z5<=w5my$43u>I;}8aR3dg^chSvx%mr3BKurcFQ=6ni;U@j&5s{{Pyd5Ys(UOVS;>5 z6FZloQn_J06v~hSr?*C#n3Me0$bCYQVeTrmlYR?JVPaqFZsu@e5M0LqXx+wbows# zb$U(S+ufanF5S6`G={dqd`InK7a?^OTLc%)+(dkTFq+3MXqsh1ZMd-8S=_zou5|BE zQ3`PbTN(+gAe(pZlpj8i!$!YT0t#qsn`rb{M8h}f7NgbXw5a5Rn-HTnXLa_YGh zfY>d`4OTY~tXePUq@$>GJXohkX5}ajw0yllKUl}_3kXwxAr%e26kWLUVn=$eo-3`7|xZmXV%4wLfv;X#E*%O=YUaGdQ4mbu|j4F3e29(GD z)p9lV0&8Dg?8DYd-PQ9#)9TVKFYW88MPXrMvPS9_q+7rCuXq* zSYb1Qk31iC1I*9)=Q21MDf2c_Qdny>>5yM|`*}QdGrt=4U32bzpJwxU{D>0g<_8^R zAAgGAYqP1UDndj*J@*lVoaH<3xi%lbHy_H;kA0W_wZ`$y+c_MrJ#`PNK65%;q zTOShG{+K|R3P|?rM_kT@e^CTtsy8l!@=lz1(W|VLU@zQT(%bf1YR%Ri39IvNVlTX74ZZi ztB+a2Xjmb46=&c9TID|0C+hm>?Zp-AMEgaN)&S#O*1&9iMgHyHj`(=2~1Gyj)``jxPh;CXg~Bo4OZCc_9vsV~yKaiKB83lTtiQ{DI6S zk~LeeAMhxt)nCKUuA(UleSS?cV9O%E^=|!1)Eeje=#+r>+^|ZNU&r2)xr|dXO5#me zwp{8Kv_^nx<~4&ZA+pas*u@$(%qqc7k&}N!PBcivKiyVj${l<7LRez?0`-LTefB`+ zfM23m$vACWGA$y8ai7?C{sE{T*C)%zU2xQBH%XrqWyhJ2i)cp1je@aa0O$$7zrXeW zuk`5u=M4;m|0Y;k+dJ9)pF0BnaZa6x0jwqL@97i_WDpR>|G%QLX0|Nsf6x6}n!EfX z+}3Ey+2Lzo2psON-;i7TDQve}%NB4esy@RnBYu`BW~~Cg$t;!ri4<_B#N8VBSAN;^iD;}mVxtpLj6wriGa)@SKAw?SAa_?bxp7s~-kOh#26nFv5Q$BZ>qKSwl^K&a zB`&{&3QJTl4~N#O&6COL-Qi-RnLMw0&!WCLDhJsK69OtwmL4Z-g)CrulX-M9;1iXd zec-Jqm(sMPV=S7>Dc|m+%0amj#JE!>``ucSNfu`8Ayi&G_j@v%j#;bS8HcL3`%XlT z%*-{PR?%s(!l2PO=bU9^&7%A?#;<77_K8(7*)ZzyCyxKc**gV^5`|g1W!tuG+qP}n zwr$(CU8k&5cAc_q<5u_dbj0n4J2CeqBQqZ|ANI zvt^OS{gbhJAmz z`N0n(SMdn=kW&!_A&cVV0g)B_nh?3}e~ygIw#Q(+_?W94p<#aAOd;A=aY>QhN9IIe#<5J1er*Kb87e9YbGDs;va9Ea%7!BbhHy6vay@?|mPNwfFJ37a0^!}{* z_u$*G7R59Duvc7>xUCHv`Uw+9u4N6?8#Lmgs}$G7mXThzby3sQKisXE*u*$^*VH|n z{C$-$vPc04nt25Y*5_bM!;pk=PUCvTbRh_^{iFgDRR?~Rh(XV%V>I-!3ly16r*OZc z74-+tAG~EMX?O&HBh1;;Bm5)npy(X$2Ci4OHCj)BK)Pc2njk<7Ha8i0KFru-WR$J3 z7OM{EOlow`h5Dc#N#Tk(B(JSiAg&9jeuK1?Z+tH9QI()!w4E0*QCnJB4~OQ3p42bUx&x!XSD zHQ^^NmN$Npq}J$hYRYF>BY@*cZAyP3S_5GH0jv<@_>k(jq7aw5@Uy1Cc3=kvsEPZ? z8>U2KR8nW~1#y~B_SLJO%&q+SEw9l;`+D3>dB~^DkPoMh~}?kU7h_yHr(0s_maK-C^(gqcAXDZPrFAV>Qb&{8$vG?a zuzZMH=UgV7W*XsYT}(gX!y9b6A;+AGApEK{!{iR3wb34d>y-lDva@(qO8cr(p9Q$0 zb)bED>4-t}z}G3H{S;i0YS7`GGz3QO2sY>le;UHDOM(qrf;IS$EmK zmg?*a&5 z#C8gqiSe;k-r%@J>X|JD^JF%K9|=AvEZCYJoR|bj+H0MxRq4frTr1nWsp*UP;Gk=h z+8B!)R-CznN%g~u`RqiY#?;E?d8n?&pWsyxX3jJp*5}0$4CYEuqT;x9>cR!1t*m=2 z{1A&lwK>99J6Y)Y7x0(o&_+R(I5x3R!RUSq_MBCYeh&l$Eq^;s|AS_LI5nQu6f_yK zm6wp~j-vPNnE&ID3)vp9{8?)hStH&_)TI3WKQ_ALCmT^6zr*$T|6{oRo9v+bA7lsK z=3lbImBmJjm2ImUHe>7xD87hdh!O=#5Sr3E-+D}TWcEJ>ZtOMuQi>J|zE|K+#r<5; zlon4*@Z-N*_0F@o-2Ojb-@xeJ9_PhTAFMP6Ls7E$@V9eAY2o5{ZJ0fg5!w1CgL9`a zBO)M;5=8~pEmB49Fs*ip8G$TRIbqL7=3(dFsT2=^dz#jKmfKCntdDm2;El%EluwDx&~kekmkM_`^g~B$`2TRmB1^q8tf>4DqT6<%%Mr zK&)6}hp}*?7D~D}i5otmxE);b7%N)c%sqThVN5KCkKLAa!k!g2^UG7~^tL?UW5#i! zOB`tm54R!4;Id)8*mnjReOkGO)hwn=)2&RR4mHam9wJTs_*kh(mhGncc4W=kCSq|I zX+)NBu3TvwbGzF*_7D$bHjD8U3&h?Ia}BZ!|H5@)H?KmE=Z-r>-)*~kN&l5LZ+}Cs z`1!$=f9>O3$1^p^EeQR2i#lS8U00|vfOX4rcW{S#$SSIhZ=Z$OgSnC+#4WeXlG z$AG&|b;7N7c|X*qkfi$t|KE$a|Fsgk4q0ky{T0H0kUjoyzuW%;Jftf9w-AzDt*vZo zpNiFDlgd_5eUW})ETs(=g$pkeCTlVo*C`V=1V58Os<(xGAH~Dm(g`i6!f4NaJIp8B znfm?yIt0UXd7~8va>&vh7bCqGFO8Ucf+4jK@R;Ywb=*SCHRiu$kIG}wylYE7Jo7O4 z65pXYo-8ywid-a>>oBV=&%uUl%CenJ)=@3Y#2tLcYM%aRHJ-;X1`=>l zLK{%BN+h}=@+YV>NE=NC8dr9+i62Y&l6w@G_?Zh(o%NrE?DX#ZFHewZcNBxHB#>AZ zVjejK!Q?Fqp&kr1I=s1t%}}wW6tzyjx#}v&yYZvlUWZA9vxW=y_UGBs1=*7YTqkPi zpp6ce?a%8*QTR%^=oo~8D{}(wu%8XTntnZjAEvtG9ij`?H^MWu8*UBz6CA;tbO@2dBIEy;NxJye#LPqtq4j!ivmhPY~mhyrVDpukLJ z2Zl)mkOmqehNhu0Gp2_#A+w8?t8{I28|W;wMQa@kQCmQ2Q~|XsYHQn8x>i?8t}yK``=&Qm#yX*YIao$WDW z-Oo<_G4KwbghbxM!7n|G;C9D@?5|txR|bDLk6QwF{y+KRZx6O)*9fy0&%1_n@wX{s zE}wAe@ee26TzrKG$$A+9@}7pEcu)I`Jb&}cJ<)d#X1_k)_~P>nNOo55NM1e%f@e=( zh2g))p-*;gx%j4z;(K3_ed4TVFJ6^#{YRIJdveh|7G^u2iHhGs^g06E;`@hoyl>(0KKbcu z#`wK{!{!|bKQ#yXE}zwL_)N$BXRq$KKZOVUuAk{~KgWGPr>}^}Px`q0D|g7}NCnVK zp>v@{(5c)kx+o53gifJ#(L!{+U8iHEh0)(U90B~mu8b1s!LED8Iqm005HE1cBMf92 z8$+Ix5V|pk3-U2&#V(9m=*BLLYUl?pjC$yRx-xSkBDyjQBPL*+!syB_io+FU=SEp{ zQJw7~=%soZ$sis-U>YxG&JjZx;cW+>J!j)8PqE{$sF7cPx@=-4ifg>-D^`$WGP$wown02@y$MtdbW%@e18r_ydA8-Q|Gy!D)>RdtJk+&6q zpzvzfWmpJ}U;~8VQPkKebrp8Db^;hDc6Pe@Y9Wm7iaNWutXSy_wA#wLjSdq}Vdp2% znL5gY=Fw`atTY;Z-G6Hf)We>v%dyc|={YB17&uX2$&$?LIQ3B^!gsc2K!)R8J~R(5 zWHZO4(iZp~Y2&csLD|N4CR9jTi45Ar+z35`D1&zAGMSPghGR)kk2M&U zGYL%iUhocydN=}Cvn$&?GD267J6Xj7_`v64nJ{8U+v#J$+OrL{SWK@a2w_}Z%Q!oj zyFYp&G9k!>Y?pX-oV=Opc{0`WY#h^v6XG|@avN2$C2_8K(06)R#&HT*%^qQ~EN>#ZcC9NS8TL|65uyG@4iiy8q@(AtZZh;?gP_(kgaIsV+&WGHRl1nj%0) z&6ry$YE>bW%br!HE$ixzvfC0cEc39Eu~^r5b5mnbozGi(&SMclXw3#+btbzvT3luS zSzVVjBGxsYYnXFSu%SkdtqCBRH8E!qW%#w&#nzrcES5hbT({`G3D6LzU`-gW(lJ$@ z;}SLp-yyGHdb;nh6Y=gRFg~OFvLBXU$TZ6!n{yx6MqUly(#S{|k~HrrCxKU#d3Y2z z&E9nN`OaX8pVz_2)>YBr!`A8F%H^hxN?1jl!^DzQ- zEMT7p*1XUiE+J0>X!Jpo2J2?C3+F~kSd|m=|5>CzBr_DLzjz|=G)XJwZ6Tld1Y5v6 zZ~8o%qjBSix~yg5Mlz$w*#ClWGw=L&9#Z4^hI>&V(Ztr{I$FbJxvm{lSR362N~}1Q z0j?R`+}v%Ex!zh==f~*mJqiKE6%=XU%|zb8L8M*;!%|I;N(!V+oXt(^?EHW#EZ31J zk-dp@cjeYWIn}(FwZ?X@z|+Z@LGW#|N0iRTR{y@NAWno9qs3#pktvgTMU8X^$DBx1 z&fRW5GkZ{t<4Jj_eu~YeEm;!cCCXqp+O*tS4&Inr>RyUUCTfC6% zG)o!7DtoVm2KVtJRN0qi+)B$r49^|Ql^X2ER_o4Dvsg+^AWM)<&=P&%=p@`obBV(7 zK%h6(Qn|N6F(I=~Mmm(1#k`2$R?Ng0SRA!3x79lKp4=`E#-1I`t*xCoOYBW!6x(p; zR3^yQsyVs_G_{OOoP=vev4F)mwBE)^gJc~`zM<|qY%H7TX4H8_j`p|}-aBjwY0Mf; zhygABNAS7bSev-pu?rl=5Eoru#Nx`J zg`EaN9HN7Pb(qv7b=^vk3~6B&wNoHxo%NAEDGH=GQP+$JmNUeyn*!&OfPQ!1p`QSf zKE+B(($j;P;qv;QoV&qa7c>)dAuTS`B|bHus9w$A&5Ltc4W2%Qyb4YSrTf0Z*<*Y5 zgw23yuVME(vIjA^s`K$!tYwXnQ90&QYTwB%%oX99L~ zDbuz@SMDM0#4z?=jIzhy$3lTigO!_%zhkusg%Wake7RWfoP`y+dEVJ2owTtH$@odR zO6kl(!Xgeugl)U6CPd{;tW2$avEvBZj$MHf#;?RMue6_WD>KgT%)9Wn{$QVp{QhD6 z3CG7Yb_4#q#QT`;>CWz*BM`v-5vy3Y>aTMF{ewHOuNi}6N!(QJTZ)|B#ZH^Jspf4q z1N;_nXo#8|kdafti;$87P9b|vz*7-Uh^SZ3f39nG1_X(Y5gmnHc1?tJXpk%k(lcNZ zQ7DC7qHM#~=-e=j$RCU$;sh}Mg^#f~z{N2P(>X#8vQ92#ivhXV!Pvx(w2uM7Sd%4% zb)<}=cV`Yb|2uOtB^Vy4^x#1#t(}Gr*$RwDn1>tU21YUEM4DHVlpfb(D-$ZLAf!W1 z$KGe=_(xpFFr2#I9M%!l7J)3md<&Cf6j43GS|S~tPH$hQ-B(f7HII;woKLRwG442l zTVuu1Z}^r42DSD!gmY)F+a^WFGK@Zq&bzNA>?7%uiM^Vr38F>G2P(114g&Ma+hZ1S zAt`f9UbSasb~TXmh+=4F|2{ybnFp*#o@s3WyOKnlxK4xHBp+$m#u{HXZu6p|Orqcw zCGA+#vPx`6K#IWbHH;^`Mbalk-Xov;ouvMO0$E3Bht{5u8Ku35mUU%AssD{~@-T52 z835!XOJfGk%6x{{j%ifik=x^-r~g5zo-r}JeMdEbBZKHbCV` zKw=Cz%w8Ils8JwnwhnmaS8O@fS26=*Yf4QL4T+NYjGE{Vu}_9o6%_*9=s`7ri4N~s z0)Dtrz!jY)pp*yMVeO+xkOTv=*y$E9ttvE{+t|9ULH_NCtd);ZE(-peL_~H#qa~6y1=IHghxL%#358ZeoOKH3w#5eXHO=k;E+QpH8LtJ@b*T zNZ@@Qx*J&Cuo&?71f$ivrJQRLCh+%@yiLO1LSSY8<>{GyM?A}P?y&Uwn3O? z6M)GzDMfrC`X(Y@`=Os;(IQ`ZqS=#HU%Dh~%knjOR>qY{dSInuNsP)owH@*#0nJ^1 zF_lMuL6s$I| zXw!4UI>fiEBkUu*DHUiWH}jN+`Ig!VSAizXz)?Zlz?0hq!IT4uq-IBaQ|j504H*`L zR^}7uWvHY!t;q&#qCuL+36JVZW;=TWnmSFvWwoj3a8g^!=^Xn5)%VR2|0ZQ@5KCIt z88#2agwAMC7?A;QZcb+$!bTR8a84us~k z+Y57jUF)@*DH;pQ4mH6lO+Uv9qP5%P7NAg|MzkwYG$j=_DQJ^SHgZ~ZuD3~u8+el} zo9#Ky$hU$jTS^}0&?C}m%c$*#*-3{FdUkS+QQaU}G@KBzl_rr)ZIIHg5rsO$OBdU>~7{K*p$nmnIdMeCKBxZXX_M>D#nVyfWGJ!=$A! z?U0O1e!Q$9_XQMU!-Z^JS1M~I1>R?5o_WW!Ln~BL8bn@~=jh|y&O9$5;eMcyB`Q;$ zm?&#a#B>sCo_G^i;QDHTSi62Lo7v+jRoIg|3-Ms`))x<*vUE^_K0>e^v^6W>r85=l z8fH=EN;VNp=9*X9CR#W%8J>I|&6R7`3*&?v&C;iTEUx z@T(x>Ms&iHX8J*io8|`KDB>{nLb77{88y#mcq6eXyOZATuhO;w$K?RblsLhTA=yOO zVXz6TP@!cYeG;U1=B@Vp8AQe7!T zMie){>^Q)hJ+nymli6a{59)+$FmEV65SymzN2P>(|Admz@`G-Ae#CxKPS$N@=rs>D zYQh*PxD5I7qF02Ip8Hn17gO#bx~!Cgl8epJhxA1|oM)!!0!}XNpw5;FVC>-4HTu6s zU%q}OF;7Uo8TFavd(OkfPmI!b z@uX$W$(3p^E~t5aLp!qfi(pDEj)^=gTUmJ|YpcTtGS-bFduFa8K|dmVKG%t)o~qe? zPRo}3jd9qQx}VJQ&S_ycv;EFDJT3W`K#RODW$1Rg*{qF+bdB=wFTujc&om~0gqfQpfu$VSoQ9_jeeI_>&maPYG2e=|0AoPppE{p_KNH9cHOVld8wO@4feU$ z?mD-qjef`0cI6LVb#L-LUwpoVr=34HCU4$Y;0kYvVrl*)*_uqG|r2@TPC< zuiZ31gquM(OD1ph-Jk6=u6~P!u0PNO+W6+Je2(oL^)6cG0Qb&FzNl8b@SrR}4b`s< z9#PA}1?c>6p|s(H-VpDmRbq^ILEj_i$P5Ldo*-a(A%T5@;sy>=#S9J5P!;882(K6x z5x^`dfnk~g!lZKwKv;6nu^d3eFG7ZmvpcZGaQAr%r8hDRr{08DpOO?I<^~js?0F?@ znH+keJk^ALA_l}QL!t>G1b18^SThVYxCVe;6(W60t?ur0j?xO68lSeO>I<;N@Ep+- zwg(201|6U##JgGQQ7Dc0SZq}XB4|T(9yp^2@}nz^lXe*D`tKMq;%m^tQWavAhl&|< zu*ltfZ?v`SXOJ0l1v#Z~%2Rng*kS3g%FJ9b?5ZjdCwm_sKM{Bd9<;FORY1 z664h3MW{H##aOVWE<-hX;U+98wg|?cw*>-<5%i7WW;qWa9xZl&fxT&zt*WOTEwyUG z;OPl+Fq|H(`+3iW;*G0{C2iDtd)3<65^(#(Kj@|)CW4d=#s%$?*yyOsR6VS|4U6h+ z=)lNYjvt8mk0BX`Rd`q=iF?;|cksfJ+uML)8^rj|jN;Fx0oQft+p8)%H#)~KZA0Y2 zhQ|UM;C=1_+A#*F&?PTWGn_=4Ns4iQ^xZw^+IE)p-^(vf=ke%U;0jpHL774&YCa(I zWl4_~Nu7E%oD!?I}?2BSg-OY3X_PssP<34%4c$ z??ZRwj<|s#JIy_98CRoEpgp8-SK&E=3Vumz&*9XVK&h-GV=JJ3@smC|WuIi$9W_Rj zeWKtb%88TIxqFyA4Dd_m1!tcZ6W5?|>3h{;9K2l*+>L2te^9 z?bfV<=L8(8Z8YL!D@g&vo>*r~;awJ3R!yza=LP)24=+RO_rg%)A8BQ(W8q*e(o2}q z7D}5rQnE-Zg|xnuT?&e4n+FoA2^MO^^D!chK|>czgb?h67{W39Lo^R2J&aa?wIUUfKRlEqV~XXvl!Ci29co0C*69=BB}*;p?ho(h^aP>xZ#^n28mEkWTO^j{+Bj*9`7-oxZoPF|X^fXm%47^+^N z)B{y5dUX%zPP#*(2eNy(eoyI+?Go)~z zW+Wb$(obfBOxh8tCybhbptJ)C+ZNlVm`#~G<%)g+sxEe2-;7ib)0}QbE)xtCsuW5J z5<{v|X9wzCIJY%SYD!$wx~Mpt;D!Mpo76SPKh>b#EASC4hX?&b=`fcYevqxouDy!8 zqHD40nkz$i2;g{p6K?pxoied&gWVcdC z?HqI4)B>lQH^1A2R75(gsZJdH#^;Ptw|n}>!TPi6Mv4wnU6Jw05#_U{W~rRI^=wjA zrEwq8kPk+kU)761cAeGc%E!YCgim~o{BJ@yy0UKu*P@m#Ug36`9p=1GetQ}Bw4?$X zxD+g8MOuh5d~nLqt}>Qk$O24ps_JmfvO`@HT2(5nLa`3S%%qq`xef>+DNHshGFOV4 z(!h*E=>pg)mG&-MDXyJ*ABa1pe%MC}cA@q>z@LIq9$zas(=i+7YGMG9rOPL=kp z!X}+-K+_rOT-;T<7FBoR(!{h)>vnk-@WrAJri+LhE+=OcvvLJ2r?BlZztXWKr!K*bTdV-lWm$@f0-H5VY32a-nX@DZl`L1&Zl25t8^Dpa#WLPsYJGM=bb zspxw?N9YYoo{()+_6g`8q@IoJdq_vNN=5LyR!6uUVxH)IC7)p^r}4K1_v9WLZ`DKZ z50a{769&Gq%EVOml|3sl}4ms zsi7MdgvtE1ORr@%vh!THeLuNyOPYAUS8WE81doELy7u6}zN$c#&YmvF4GQ#Myu0_T zQ$uwbM!}BZz%LewMQ>#2z0m2Y0$)0b=3DZ9(I^IlV-wTI4NVOqrb#z@ zt@ibgW#<2^jax_b*JlS`Vp;k=bh@8h9gFcT#l>{v0t`x)Q^nAfisegQUIrFHf9@Y- zQ|httDrj!e8>X}+eID?FiMalKKvVPj(U;z*YN7L}%jD4Tz`(l=4o?25F@ApKXtq54R5|VQq;gT#$dOk?Lrd2H@t>;C4+)~f5Wwbufmc7*{plU6&kgW3mh_F1 zh8t`$@(0`@edp~19*)`j=a66zyGYHyplsi5K({B(zEu2%vixHEjWY>S$>QRU)>4iQ zw}~9b(cpIl03#Ckl@M2Sm`MKz!LudSgS}6xyvcsIxyc7ke?RGCgk^2^tEt3~&h!V4 ztH_BzeM`RdatGGhVQmTXtg>b=`mk}MxxR8!3 zjSY*rAZ1*!bPCaiSgjy06{mIyUAb@+%m=8?Xv(BY@WNe4KRf{Ba!@-xHUNgEN<0}b2`>;mMRgv?RkzbR%!27Dm?p$5T zzh(cCmQ|=nSe~aAiF^fBDD_itEn|!Y(*yhLy> zeGK=Wf9(T40p2yd%ifhpeW=DqurCGg%RV9A#l2VTEB6;qtH(>BzoKJ6t|Gq(W0Vo^ z3D4QA)&)$>k&K;`-U!)@%(!Ueh(SW@n?DW-Ixx2>=BFc7qTk`XM*IlFa*>Hq)IRL* z7_@~v>|ZFz)44+9YF01!7KuFDmiFo1_nF}>)3w8=g}NwYm@cpNmKhT*7pZZHx1v## zDb?m8af3>w8s6Vl35D(tVT`!Kno$8W%6U@7&hFm#l_r(@r#z|jd+dnyli*_HZ_oAu zrsMJsFDq&uv0XS482BKWd)8i3SQ@|S3S^*KQ{WN``at}iP$4SnleGE(m6zBHWqhH{ zDsFx=aK0J!egLZH`G%G6gf$93z||}vPgw!7SwPyYesh&?Iuj#q*@=D~2+8*dT%c-3 zQhH&jg0yZ*wA`Q@VVhSdrxCg7v!!eGsdxp$@fZq!D68vh9{KDP&YfEdFOvCFwQ@;c z7=L5D%pY0u;1+XaK~=IrKvyugR>}i&QU(EPP<*v8Virfct5gO-Y|vzu&4m)&$WpD% z1v=Tl=9Z~-U(>EhrJWtZ*WuROM}A-ejMw{Lb5-fPrEX0wkgcvkUV>1&lw;Dk(%zK^ zYJI+GJ?ZT|bgcP*akk?GAM`rPE-6@?Cud%`u)5b$g3rA#Pg-nHw){4ZZsG>NdmF~< zaYMgwV!HM|Q2cmY$Xpw88hTC9(BiS7Ef?Z82OX~C;EowQKpEXhrz0KY#G!|3vmnP>F?fnc_ROk`sMgZy1BH8Y!1H}J?bGJha)Ot`!M zHZ>PA12 zD72f3j=yYcBB0KuY~}obiQbNrtiH5uW?OpDnY6_isX>p?$(w_^M9#wbi1aSZ_j?D$S<-buNU>767=2~N zeg>_knVJ56vrJUq6MHuDBl+vn_h}#ET{s0fLT&(7c@s;}!pk7m4M}FDAINlN#-ZLF zs`93$A#?T6!Yz^84;QvzQdivN#zi}_u|voTK@Z#@6J-ax)J{}_7<`kn3-`m6XA>1X(J6TlU# zrI`Bs+b&E7349?a0_lwlDyAqPuFTl@tr`IRA1#{lU_C(0WuR_1;OTa2`#Bv=V`WKf z%;mba9^B=+!h%tDiu~OZ6AYZ-oBfjs5Y>zb`+f9X;W-^V-4lMU7GT}r9$T17BrJOCStk}f2U0s2cR@>QP9){3E3K-fYkyYEQ4+s z4Y!Gg&A$2l2stwTCx9QtL8hTFgbnkbvg(V{wTU)2Bm|-ZftlhnKtuo0jVFb^M!+;sXDa>MqKB2h=E^W z34P+>EsMr_{x}Zw2z|4{I|sprySb4MhQhC`K-NcM`F_QE0*>{Vk~WoR%EDZ8<}{Z` z<046JYdGH9*UfSzn(hN)#OJenj=+IdKy1pEPbD3S?8VIzAtxl)MdInLV|-orw_3Xn z!ln_bWTgoldW#WYAZc%>$>-d#s4L6yPfF?Xss}AGp9&_pE3HBFFYoLqz%>&

(N{yZR3?TJ_vRsqoU6St-iukNHE+`GF| zM*>((016;QB)4AR>UeP=V=_%$ zlEN_6>r6GL%<6>*V>p&bXv9>^h$dKp_Q*UD#8HmJkl#v@i1aSQ&nC`B^3?Ds>&+9B7IG8?cGko^7zHQTdV_^BT&GIuFfQenJC7SEzy|iKK#yNb-v2Qiq5K~@H2u}!|8~*FCjUpnEsU_8^_q1PU2lo( z6^{y4x}*&1rQzSj0I*eeX>61JQi@){lsD%_8KP3b0# z2Wl@z!UUzqnC#Uo2@{gcFML%JQ|dLUVEayIgU6h<;~|)9A}78h!+sHU8u&1bi}S_9 zyB9fs`eRX5D1$k$dnukM(M2e)ESQ#tP98W#zJ(9vo)WqMdq6-yUWX$u)L!nrHzN3j z392E{6k*sq&x5?M`7QDK+nB^E1A_0=3nttA*;!t18k~qQ@n3ZFFnWC{oYh&%x5@=B zhsR+7%;ulC;4upg3oeVot6j(qnAqyD$p$Azfw0=G6exb_lB~`fB+gO_AjY+a)ELTo zA>mcm6Dv6i)awr-*^6Ac@ItpbvJ>Yzy{^FqG>9j?5>LTrr7o?(F_@XDYj3-x#%_FB zCf0PMPO*?}8dW2o#9&*mC^TL7NG;LTl+la1e8HJPSS|YbOU~NX5j$T{>sJ1u*9_~l zO8O+QQTUoe@(eXY)Qh>=H{*+1AOi{|!*wC-~KqIp7R`2TN{XTq3>_TF#jPP5-;1~mUC zd*6R6>VH+WR83ePmE}}^bEXOJOr9hL9|^1!0KjBP34uZZ0hR<1F)|QI0+3-268eb& z6S8R;f`D2j?ahtWk*<|e{LKxm<_kA<7}kQ009Wl#t?n*c_jc`nZtfqAwykZgSAI(y zKb<#6N3tFnH2wP9y}vCZ`K~)paz6Tp9{fG-agOGY`nUxky?6!e=jd6yl#BJjPSqbT z0N&1O0lvcgs^@R+8~6KxU6{YrR=(rqey|IEig&;%B<-iR@DCs0jx$(}0YJ}ebA2s1 z#rgbdj&*V$N|q0cFLLUg1fqg!zR=R%NP(h*c4U-a z;4FED{bhE|D}AuZt)KIZlSz+QdO6jpdeFhtuY6El1OIT%D|gfkPr#GYjTfTF<3|O}-g&B6JOzKqSsz(%zmD^Y9NZT_k4crq`4|&_#qjP|Y)vtb# z3TU;bidDbTNhiR5hZVaD_2SA^kDPYF+D9nBy{E7}0E@+LwMB9rlFl~SCCe2qIu%QB ze++PSEQ%%WVu!YmmaFZuUG*T#v{B}09q_!Ujn!`1qkDjh)o$IBJRyNEXFmO1OW91$ zHjEN;8I2dSGFlwDy|E%gm3FE-#9}MVl=xQ!ITLsOwV=`&T-lIog&%>Pcw)P@@=zel zvTcMTBXYz#)TE4wks0=w6E;@%X_MGC7xu|EHrICVc=T^sn(fS!tqkZ{-yvbd8qyVe zrUyC;WN9mX=A;IT@F?tj%sN`Kp<(+!TdA`5V$2%!AlC5=%CV>z&Xh`9hcW|E#S&9v z^AbmK^5_k{e%ok;FHIt>c3bOp zvcoMJCuLu4Uy*T72Cp0)d_|E-qBa&*NJU|-;jtX$CDsh7%t)9XR7UtL$0^pzn1kMR z-8%~|UAj&B^hIj>3+c>xyRx%7;VhZfgju)@C&W4f1aci~CX1#bpcB37^=%B)Lop8bdqG%N^^ojUw-Z zvJl-SYOEbZ*%1>PWK4hcu8|A}AsXin$BHSO@!=%M#0-V*7x)2;GF7}VnR%ApO`Owc zxKTtEK^sS3CQSC?$UEM@&j`KMNQBw#Y-tguD~vPu_kZBl($1m@1*wP}9BYsEwHzI5 zuYQkqzccR5s>E&ljp;V%ZB0>d15KK7WfeqsOZ(+Nb2rm1ZE+S7 z_(<(kNzTYa!ZIWENvS3ZdWj%H?+l+aVL85$r01}WJ%8rV&_2NFzfNZDMob4X@66%g z4isAbnR4RZGnZ9Hn_*w3IFQIPA%WiD-U?iFj;HT~d3dEnF9{UJRJ}`Q&sgi`+j`65 z8>0)8ma&kEbGDwy;pJnwK9g5$FL2Lt9AcXqiKzDl`YVH-nJO*P`%G!4l0}>-vU_P$ ztjd)nH4|5nW<`#ss=*YlHGd+nl@7%;PZIX#FTFD{?gOYA8EA0WSW~|_WL#OgXO*~|ulY|XehGtQYV z79kLsH)d5l-;zQd;K;$im{*h<*Q*j_qRA?qjgOYuTWB_Yt&F6Z7E^F!Ol<$Kx1>-a zsM^u$ccB3L+Ny8SQAC8{UXwt#cW6%W#*r^`ufYR7mq_0l+y3$`ys9^ZAR zyamH85eECpta&h33N9N}41RG+AAe00d{Npc_&9t}e?(QGzEKK*hAM3zrRx371X^D% zXd4$|#DpjrJFsViy$pz5AMvG7BpCI~?taC%)aL0(wXYMqM^H_0&Uc`knaIZr=9d_Q z{Sy=4J-W=Yp8Gg+i~WF=V}JrpCj@e%4rvm1MI}nCYtvSUSVlfHl%;MlbVdEMrffE+ z$VCKpz;&o~O0NyHVW@aTtqqL@WL>7Nh@So@oS8?8tL!ykkWvmi2eCiD92yM%UN9CO zlSc#|`;paav_SlX%WLqXEkRTzV3ZRIF@Owljzk9Kku-DdT{ui%H2)=+ zy}BtzbONLSUZ)qvk5zWIb$9m^n{Cy_O}%vag_gGVR2&Yc(cA}wv{@YaP{5GoT=iqt zApTx_7iwEaPN&KJR#G{D7N8H9ZzP^kmzkAJEt^7HfzixT1_*@dQnB$F$^zeoCK2d` z;FiOIJmLk-C_YICE*br{8i&kYz?F+LF*43_w@6DjP)5Mk-5MgaBYlQXwZIKB6EbQg zd1jLyAu|sEVjZT5$O8sij^0?Q`>05ZZRP12DEm8RDx3&|A&)^kQD7&?7PBJVk4+i@ zZgZbp><8-UO;q_w#6y51y?ZtXf-x9)CZB4Q5yXc#Dm9uIkKphjx?TaQ9au>;bI=km z1o`It1>=LufR>8;?vbOCKWB_7A75+dzn%WpzOEbhc>E7jIro|XVsb5_ABdoOKNi_O z-V`Yuc6_b1=4fmWsP9!d2E#nMt+0}Fl zEr^rwu}T0#RmmFX#IQD88?y#?Hj^VS#u)#A-yNrYa-a+*%~M}-9wYh0{o_0#%4VsP zeHgx>Cnt)&1+~9qEku10Q_xw|^+{@>sH)|uz!Xsxgs#K?$aC&DZlO{2(o+?7YEbU` zS~#k1?z^vbXP-sTLl@lH?)8R7X;xZQ=L@X$pTo`yNYH+;*seR19 z3zt_i496SOzoLX!m87#vEzT-69I(tl{KYBNEUZ^T%u>vv1yju}qz-Zxt2Dt?=a*U4 zJM)gPs&cBs8PQ&zQ8^l6{QN8ZCk3Ad)ytvI<_rWi#HqkB0}i|%hxiq>klte%gHRoD zBluwy!ZT_Pg$A40BC3Ii!#}2gTFBEOP?SMv1WlfyW3K2hJSy~zajabYl**?ca+XK- z?a`I0B;69sH~e_6e~$H0S4;XwO7@Z03QXamY!xA#Ux4nL`~EU~JQJU=!7m2+2Quii z-y*{gs^o{6OPIeL`jLxQ++JXVp5RE<;S-6uzo`9m^^vW2g!7TxHH`2=X5a(;{6wyw zOO}AcEA(3_cTdYJ4Nq|8Fd%9y2bb}Jfp|Uvoys?75`QWVQDXK;ht$8V)k=oXD_mX*viE#UzcHu+ z$bYp;7CH28HLPEbL1Lg4eo@M$y4H@hOSlogk>v)s~FcN^($#`RtkoPW@Fb!uM$(&;E{ z%t7X%0;`;yyhEpTW$>RY^lrCj$}Dt61o{Gwp2&j-qw4)~OA_^|S6xYLPY75?Sez5> zzY*y(Jw37fBWsI{`ciREQr^GSr<8TY>K?FPA*=J7KD;NlusqS&9(eYLp*@k+9MjaV zVtsMMr>xG{_ItWpe{y?LUkq6WxK(bqVgNFMKk$kXLlj7vu2G1%k_0%rR8z1g5%72YhE_FKJ!-m@woZ`aP@PB-+yo6r(c?W6({&0 zC5e~Wd^zK-oUC)*^VIT#Z%ofY59JcyJK_dVUB#F_t4;{TOabu z7wodfLVb(+ec7+6Puu1q7)ss-p+xZ#le#wJ5R5vl}6P-VK+!69P(*O{iN$)tl*DJK#_E(EBtkA-qz2q z1ATKRt93Z?`lilh*3frTxD)+#MftrtPsbPD7Nq>O|KsioPe;6$1Nb37xXm!{D&Gci z52s6_Tb#myC_zjab4%j^3M-s49>t(6!11197bDPk&-%GIox;Phq1M_jlraktQahjQ z3*-nETBN^{xI?f`OV1Sb6 z32Hok*s+Nu&-I}t-r+X@!@tRbABCo|ywaaY;#QVv)rSO^FpZi6N6iXH;|u?Y@IX`` zYMW?2$22=IoNec*duO?MsQ-tucmB>S+_HsZ+qP}{jcwbuZQFKIv0brkqhcFXNh+R-Sfl#1D?I-UTclH<}>FPwRX6>(p|dB^2Cn{63l; zG!E$(0@p-g^TB@xKG=W910m{ih6cN$b=+`-9p?8RzES^htyM?9H|aR%ID5gQ=4o087+XCHuv3lWgm_ns%*v zr@$8|I&vIziAxxk=~k>*MS@J{PdFvg}Ai68`F5aO>=lIo_`$W5SnI)HRW~>sy(eFIhTgNXCz? zp^k-f&2-`I8}Y`!|2rb+DY#)Pt?F`OKz@%O`TZ52;2Gr?G?)=qduj57UHI<{wy=PG z)h*-k+VHL50V^4D0t85WWd2ohxMTOTN5dEi<=e4=+>;p~h_^ar5^Z=-JlJTqAB8Gb z3v#&x3520Zny|w{6`@2;E1N3e!6=N$PKics+PF@LT*CYpPhka$PD+$^krpH9Qj`+bwr9itwGz{C^QEXJXaGS5+TDSyH zc(SB~fb&8sIG2b&Txn^WSD(BB=ly;L!%k(bBGWettX6No`AS_hOADwKmQ094npP9v zNuE?zo8;ZKyk)q=-&njjsdOapp7Aqvb^)VySHy4OBG`D8Hi{&7=*_0r%N|S-Df1!H z{5V6pWoiXlH#(+*L}PasK!c}#P^(};IDFzA5;o!~_{7spzCjCheG#wT!KP){yJsZ3 zDlMob(ahS&tXwgV)U(Fg&7rSPe1OGR0#FS{1lYd+5tF{7-I}NO&Glk_ZyY%OJ;;gK zyE=RQlc!VFQdv?&`?O!=Xn}|kQ*^4PO%#Fch#3KQ5_1e6u@e>PY#Yd2CUY|!g&Ygm zXWScs%tLm}a`IZh4oE%hx^Ig*OI~=`9c~1ViM=f08%50CWhlVz(sqvKa_9ov zjReOcT9EA?#yUK!8IKOf?CSn;`KP|jC!3h%Y8I7++nU?A=D{=GC*>q}MvSE0aC52L z0=maK7L0uAhcBu89y0bv)uE%qI)`6DikIQ??`ZC3TMTKwcE!fp+-r;&4DuF&jO%TB zdx0+Fzhy$hJX8RrXRH8aW;>B~_PuStjO2SJEuEJx6ixS=aIHFULk95s4ueKeWvF@8 zVlpEwYmH|$mKVNE1YXw;rDSn>JDOD{ou4?~!{diM28&FCK;e~N*016`%Z!kvbbq2s z4DdkVHsZt#BNgblg`*(VgNT{;)w@CZOecW9j&sme-E75jxERjYgHz+xOWAbIE$!yL z@gch0u0{#)^+b3g0WDsAGWpK$(w$e{zy*YiE^}~nYuH+JcTGrGi!9RaejHX)3cU7- zbw*9W5mx0z=lE5%;Da z04#SyOd|56a49J=Wy$ghwWV&-yaPk^8H?V1{S(?^M&_*7;Ique=yeY=pIv~-OZ+>F zb{O@t#=;W{#QFU^Ik7H}NQP&H3?_Y3Y-INC@2b(CdC`!xLPn34=6KY9kXWaaw&4$w z2dVz3S7+9$F~|5d!GN=_CxAA=Y<5|rbCx0CA#mGVu%L+Oj+7@Jbdk%aWA=3pgGIlx zv=fL|n3sNm^HeWHM8=4C9FRWoR-Ulie(GWxDT!Mm_E_hlHtjxHpb$#2tIJ;qEqlg{ zUv@FgeG;M6A~WLzuXx`*LKx1A{7%jQN>D*JUd&E9*8=rXf$Y=64O|~~>j<}X^J1IK zPX@Pc8Tml774oLyBAF{$m-2wzNa+yrfK1{Fi`T@%K94Z?*B((iBPX`|55ELxARyj< z?}t@3GdFWKvo|p_{m;L)Rc%)VRRir)zG*`)9h^ECN2n;xdL0P3rWGAftwbvqNQ2Mw z(l%_<)IrfD#q*o+t~Jk!@UKbvkSw8RMH@>AQ!8tpJCBOR-_?MMB^QVENGnqu^S}K& zE^|GnZ@rI)$%0@0e_;o)#*(Atb5mrr8Ja1&?&E_zPRjAD;IbUdI zke^)aCu(O={-XQ@!PHn2?d4(ZlAXWsKs?$`)~wjkNB@kNts2YE*X6$ToQl7l^xIpm z5^EP>!j0vGTGg#2dyhR;r3s#!J(~05>a8t@zk&>rce#u*Et{{cGlp58vBE=cNwL`pwmKBH5E@u z>Wx}bJA8IvKXXsRNPXoNPNfkuI4A8aqaIfa)aY_bwyu)3@2gblmCLQi$)o^8yhO9Z zVa;2%i0H>cok2Y)>NCLSF7qs1({gdrc_=TyNRyUSDHT3N@n_>OJELd z#cO~)XCRWdsm8`d692J7svjTXI~n4mJvh#7P)85^%qMnI+7ZVSCDYXrMzI3YmMW11 zTHq++tBU0lcGtNJUJ)ab#a9sz&|fDs#Z_iF=I&B#1WWtDy#i!Irb1?oWD^d%5);Jo z`mA$Yyix~dq04Bij`#&boZ;$dDed}wE{T-fUxBP623{DAgrt88f$L-_{eA$|{tW|S zA|sSR;=>1%;9g%3{#`-sZ=&JL7D>rnDg18Wt8;qm%a!*IpJ%YI{Gj2=;P|(wd9y>8 z)ae>qew1|1&=Plk@LbpqAMgjGYxLE@Z|rAKdE_v z@vMw+K_P)jG^gR5vh<9a<%zfHDFTIeD!40glqv@Pkt#Q6W@Sn99WB{btaMx4?vxqB zm3d0=3$<#@&zH4y@#na~2JFs>6SM;d`srt#{W-j7UX1o_dc2Bf2&p`60GdNnx}wTl zhv*D@-^XhL}I7dm*jG^6_S{uYK^R)dylF(-B zynQXuv9Q-5y6+@~KtdRS%s0B$jZ57nRDI@RDq9MhIftG*+i*-@JK?vbq zjDz(-AJ#KAh30bRUk?IEQzeV|(ar1s~05NZSyJo7k(+4XX80Y`kI(ds|8WhM*e? zN_{HX;A9^;>WK~umoIYrLs*ta0dgDt+lOwgGO_Dpb7Zz(N81=+Dd$apK0V0fvH^;y z`_*915NBQc#j>S`-K=V|26b|Y`L2u82Xr^xBk!(A&Xu+z2vkW5*N80*PaJEkYEm}( zVWtCZwrQh=9`qyrfx{SSa+TyRz}jRPN$E#JsM$?67-G=}!Y3cF0AVmA(84)`INIFn zHniB3v?J;h-%#m6-WAIopFS?Fsth>Ytr!M>t4$DG? zcmD1k2*%MEcziPh`h~}Q0`^60TBO1CRnif@_ZM=CZ@a;PfQ^Q%-N|d1qmTpJ~0-;c|9BP7kI^ zqNsz_oIE)^ZQD###he&uQr-3%YkOg7AxEI2-o?=33&9J$aMMS{d{R|&)n}Z`IJ6|3 z9Vb2qa;Way?x9z&$kH?Rc6wHGQkv#vRiZ}HxkSVWaL53zU|}07E$vO3zEOZ9XgKPD z1zEgJeH#alyPzk|M`B~Kl!6yC-=pY2CxF925xdXK>Pv+l7h2M|umA-tI!ak=6g6p1 z%AAfyj4L!Pje|^U6j9Yg413of1UPYQ>TyE6$4hTN*620mI@H?lb|Vl zWTE6MDoJt7+Srdqd-bG6$X!e*-clP&6tH4koQqj8;*@_LYHi~s;1}^~lP$0dB=Om6 zV7qLkMCLMGgTw9=#M)Vm*D5uwC&IJ!>e41F*$>QX z(PdU~7A&tUd6XS!=o%4ARc1+wVAV zSKc2b$9Ov`khQ zCz$d-QZL!!h<0g;TbU5BYVQtY=Ch?hajVwRMr&i!J@ufjmlL$(s&zVLXYYO;Yn;d0 zUu*FZXxKVEJ1=H9ZN713+2E{05S)uM`>gY%FkYO=IJ(Oy>Es_;#WAw+)wi8-T^_wG z#j5riu-$K+8In2It^svm)+I+jMEu5}104&&xWL=-3>@W%q%j2~klT zutI~AE4qXC494rWux&($KV}2to4yxF-6O+r@`o(t+!#C?&hw=?ABsN^&QJ3(J7@C+ z$XUZ^8!)kfe^uAXcLISXJiKPsR&)6MS|D$hTbH$SZoL_h@Y0s@@Oavt{IRYtwD$np z%^`Dt2zDomF%Hfk>5soCtqR_~4M`H8T>Q)GELO9~lW-N1PD>*%Mpmuj$Zpb|KFwVd~jzoRn?MtDGo$9 zB*07lXRaY;itq5Sc}uC+mBIbeV*NMt&q1oF9yos0>%5|y9=eO*7KryyPk-qtL6b9o z`3wJny)P8P(R#_DdaoN!(LecdZlp?~nq&vP5tJB%hLYW6WJf5A*WOLQka!}i#_PnP zgeGG@2vy{zog9`BmH6UtBPKKCj9y3Pr>oS}2a1~SZtkxvpflog#iOqK(4NR9gMHO- zGCg5%JT%r@oTmWR4i|_VDO-qUczR(Z@qHx&yQoiu>)@Z`w%!E|U&AMl7Ce73d0sSv zzi?fyZrhp%*!VKOdJw)?QuyfhD)xy0#BmmACh;aIx<0Sl^RC#}M?d1-a3;$t8LFW| zKZTjTN>RTCQQmQXzaaV?LTW0ofw;lLud+rgj;P3=S#d%Co#qsCv3LtxAh^A35^W|u&(%vHf2o0ztC%UN#MHl~CUmuuJOwH4~bt7v95YLTAT zNn@9?K$PLhsF7c&p$A(#sV}s2F|_h*Q+58D*;gK_39n6GD%qNWIaK%VnW8Zbe&{C2#F%*me?m*x4rc3dN$7DQ@;C--^q<2vx^z04n`jBMH6X9dNap|> zZ%ig{it~kN*0~odUAx|=KDw}nP@WxdnV#X_9Cd zZ4YF9`@jCxP(YZiyrSA?=EZ#9<9N_F)l2`sOgsQvBNrE02P0E6=Wl(boRPiJw*&Qm zvAl8rWO=trolM~5a)8KNj?

    @LE2(bTGF5)*ZWXeL1&a4phok2Y5}qlP(wzCe^! zkPv-={)6VNf~iE4$=939*)Himzes~O@@3NtYr z>Msw%3E4OmCXd{-E5e%8&v@?Kk}=)0E`Zyr%NTXXI#DS-i`ipRLNn6D8w8baC`vHw zEG0dhMYb3Z!M9gwwG^0w<3lHZ%&WdsSWUSmY z9KVsE7pC@PL38ktkSh|nGbeI|Ntz3R&`=IY$koaN0mZ7}G@??i5>EWVlh-Ysmpoaa zKd#tReTvp&%17I!de z`2~}Z$vZjFc>($D+P^H9)vscFG(RMdo85L{4tJJklpZX*8!VPQ{6H!Rw8A$`>Wr)0 zXY!dyQd-VThC5u7WWzf($w>bkN1d0Vtw7i>iA^tYWsRf3bXfq^F1NXsi7(FN6?p*1 zgwib9XY@9=r02!~XEt;9$Ex5G9li_w@rhaYvkHyB0lCdZB~{ktgh7y(8Q>UL=0_U(}ELH zW?Wf~cy%a#3KNPg6dY8GRPTid_7jr-+5n5)6mm2=J^b~px%~M&`}y*E%^Uc(o-d5S zIn$6G5~jnw-ERl$L8nSzqt!9RB)BKM0_)j#8{SR&1ibbhYBX_u59|R_=lkPz>n)QQ z*UhZ2Yo_5QeADBF`nhZHd?W}@@GSh3Kx3OQoG(dQTmjqNT4hw$u%3|FG}}mm2~D?h z`0=Hb{t5OM!nm?KAOTWBSEiW|n^l}16zeKoS%lIunC|y^sw!dPXG=V~U!}I6?5h7y z%I?VASWS#@1ZO8$;a3cen00q&V1{0$l zad=#ghX%W8A`26Y9F7~KnEgp`SJgynR%5EqJjfww;|o~ERTl4SJWFn(mEN-}Pry^_ zcak4mZ{(;hy&Imkeja=1J>hUY)@^ZB~PFX4VEgQg%?nCp@2qi7b7wzsY zfVxqdbGn$|XRK)(q}Fn-C}0g z`6?&X!X}3e46O-pc^GCRTd##I zS^Rc<75io||KH2rKfPY#l5GQ?yV*)$Hr*`1Z9;!2yq*)28>q`{#~M za|f}4=9X90noO>Mtf=}=}A=xH5yeujO4U zw!^<)U|yD+kq^~$(rWT=c#+0c#*oi^aC=^wB2ytYvbZ`3H$Lm5iAHb1XxQEXs3w~A zBAt=a^f8D7Md>cZnUODMs*+-Fwt7%``_eV>qE4FBSgX-n0Md~Qk|Hea*LsZb)-TKJ zghnYrtrRe4!{6Q~DnLhiheiuq;Sw7NdHD-F6ubD>xgl``xkEU9;UA4O-Lk9w{obJr zd2*;}#Szs^f9vwdl$^t%{QeHSBv|L30gubooL-rV7zoPdg)!}luG@3Pd% z7)}a+Ye{8b2Wll^vll8kQHEko-cAIrcHxvlH!D7hTZ{jRLbTUUTm^KXn6q0VS$G#nK65}d0d>o6&948d7NVFxdVBby_i>8MqC zqUZt^R|l@G9>j#H<4uX|$$tD$a~Lka-gWOD`4&Eu6E9*>2GD!pS44dtD8Yy1eaO}) zrdk9u4(JpM7#DPQ$Q_^O-6M@g=V6KTWLZ@`TiH09U54{Q^UM>SqOzRfXUaV)wukem zmeYL&PWWr2UEzmb)nny7*~+wNEh?JU>ESRz?n)vii|EYDk}Q?8@AZ)!Y)imw>Y-v4 z(;GXy{{qlB^XSG+{&7`JfSAycJ}Tg5o)T25KWX9hT=E>fe+*vzRUiZ4!e?LQzt_&D zS#d#apLu6cZ=IS2EY+QJ}_bciak#Nrq3@A5qIOqnh#G&$&^2 zLJ6;xfu2jO#J#q`oGeCX!38r_V!1}8$ub&nOlb%sZ^}5mg4tlBH4@*2sdC*VMk56% z6>e|=+q?(6`36seZD8vXWs+JdBs#EBQoTz;Yn<0CRt^4*uK5iucF9_`in(0lV5zz5 zlyQ(o&3>~FoJg`nLwY-uY636TH5FP{5`;T^KJQ0Z{q^5go&SK>U+Cw{;qTfr{*Ud+ zzX2~ZBm4gf|437w`Nw+wa}?UiL>70OsPMgv+zwTv78M!^B~k_nWWrG@4dAe4n%2Rt z-x9yoD@|CUT%?TX2SfnFe5u`E1nH9Xb(@p5^ZI)E03$@$8-kO+ti|VMc&LR>U&BMU zYRlKYK(Tz%Ol9{Bl~c61B;<>Fm<5N>#03M`+3M-ADS8 zmz;SMsfb?@MMf8H4&d*fYWV{5C0%?=G6B75OZfI)aXuj7uaQ;QB0|=r;$y1!I4)n+!Sb zehpb3|7H)k1aW=jtG$diCNSaOyQXRT1R#+M_EVWqb}+SiZoclf`|<3B)= zDL8So|6Ol@Vg4OZe2?Vv4yOMMU`tcmQo%Jt`|>m3(2{IJvJ?_2!YH+~N2<(d1FMK8 zsmxK7v4j29MJChKVQZMebaqyO|9fETWv^D=?=I@Tb`}kZ_wYs4{2lb2^&Pe5bZZ!h zeB`0QV$P%2l0~;C#+(;(_$j!T zaH5m2{*w`i6gDF?y&9f!aH(JBFgT(9sF-m1@HIK(>>)aK1~#8LamJEexV)Rb&g#K& zve9VRbc3_gN~a7Ho9RP%R;yb~kynJiv`*>NC^e~tRasLl>$qt$gK3mXa(da8Nx3@R zg;;pZ&zW#q36&Bm74n>5^5x*X7@HVviu$qBsd8iw+m+z-6}yM*MY_1;^J)mmSY^|> zVsY*?tOH0kiY22V7U>c=>$AW%#8GNlPiYhR-!oN4=jRWDHTDLJ=5om`RbjE_`m45p z+-i}^R8FW|704N3QR__B8e8zo#(90NA;|F3fkh2zE4u+H_XNSNISgqj+Uk0y2C~+j ztSD)aPK=4foJ z26}h+8hUpSC%SG3#du9@Y%rZGwhP<`q;;4hp>iTXKPbox+ku*?k!VO+5s17QOlLsF zQ(G9B?fvswUv75x5*wvc1SBmU(n#DVd#Sn>;e9Q6XXei?V@cXV#$>kC;bxo5HVrZA zKDM)U7zEY+}4Gw zw>VwA%lgigb~ydU;PMBqn|DFnro-A9=89+lRlgYGHONBXI>Nj&>fAk5o|RIh#}Xh$ zgwt>MctT{|Rh*-r#H0TQ=bm;5T2$QtepKziV~j~auI0~$V{S=bj2XTJAWo#CM=oKH zF&cfx#VBGfki~WU8IeF9c%$`aRe?$0?^ReWmKoG#mS&NY&g% zAnwP+;pkG5_I)i0fGd6+C)J0}!q3e3zmTi@_}9JA2CkCE7c>YGdOMeQ@KOu*=bJoe z?C!YAikrj4@q+VgM+jZ*jz%l!dJEr#~kbMDJeG=C_TxK2;4(t&Q9Tjl>mRAh( z19L%RmOKlO_J>pS3*k~pBZm&+G9ucvTybo?^>q1)v0}rZI3}RAWJ98QfjchKl6gij zZZBo!?1{KW{3~h}rALB_BWQcDAxb@5)fP1Z+kTIX8JHqb;aNpQ=kB)(=$87q+}K&Y zr9sd0+Mmd$;-K|<>Pm{JoE$y`Cte&yp0=(BMDHA|P~_+0f%lV8xPl zr4UZLf45Pi?@8@{Qw;svz@sKQUTqN^%My-+3!~7#OQ+NPS2O6j(^8m_5c%LdM2T-bh0|Ld~gkIx6lT1_ZIt zI01ozlUzHNd}qK*rsaP14!>mIJ{vtj9fNyNY;DmR&q)&KA$bw3;lfNwPU8>&tcpBO zul$5^p@MRx=g%Yp1(4ARVF;?8GbRKuJLD5tv1ZP*^Y-+W+;~ju{OlNT$3mkA6nXGr zy@x}QiPnYUd^nEuGq12MayoD~waU=w#UyaQ)bL>QxS&d$Hq;{s+>AC^SL{Y4XF0be=RZNagzTtOeAsB0f_nI62F zlbCN$onC(})GISrXX4e7$)g$a7!pIoyjuO9z*g(Dudq8MK!O_&ShOIx}DngC5CM) z`UrGPvGK@iYwK#Q^>weM&2@2Y+v3;uvpEYYMP}Q}>q+n14gcx3%V)Em=bz>spD4>{ z^~17S-C~!@3^s=Q`8Yn&(;|ImZAO1DxW@-ahNaGJ8GQm`Mp8EfPwL^4ZoX{VBj(YV zFcW^Zw6WKYWW$7ZCm7r>zIm8X1xrVbitg>+UdRf`W5!BrWUmdP z1Tx1?U3{C}?_vT&Qx*?YoCW0XbLr=1O`onsecNM3`um6OH;EC{!8NH8KQhYiY4S*$ ztXrWv#ZN0THa%-+nK{RLTp>Ir-g)v+?enk7%yO5xkB{y3Z%^O{ZA)@ECwMapNJTk+ zzUp!oP|D1CJc8@@D!P7>GmgAY@fegoj@b7O&t!O06MM_tnLV64=hfdWiuWo@>Xtof zh%RaP6b02!8ue1(bc}*(>umehX4D_n`&i)z3{9;~0oyw+#gI(JJ*;0G=e(F>?~o+u zh&8rP5Zhzo@9dvAcw0dS08V*(TEcFfA9tFr2!zLbST2&rIPz|nUUg)Dh248rQUBVo zqR5OL)tr`P6CIi;%`$zcR#M^HHlk=KWo~1cEj3w2xn*Luj?CWAyn1Xur3a(GVzAT3 z*C(vIl@}}iJ+ohjEt|h8X+f8JA#eB?{a!z&Q@`L?(<~5i8C&jI+$^w-Zf{_=T7MHS ze(@+~jW9O2$FXlHY%vW6(9jsv#oicaBZ+t~R)c2UUO;m|lxQT=e37Z+tF06zTdjmj zcc+|LRokhIe+ggj_Vk5EZIG%vByE(mrchB@IU<*hhbYTmESH?NJ=gy^C`$)ZA8Gte z^fN+Jl04WeV2CAq5~L5+Gvl!H4lS&za+%F;tlPVnk=$ct@+w!8%wLucoP*(h+u+B% zO~E1)Hws#nBm6z8_*)!#3+>@*3dCGaGbXDfD}wxcbqrf1g7|M}h*&||*_FP{sB-6` z&(A?<+1AiC8acdDeTv;G#~M;=iW>5+k5RU+K)A=6Z?m0t56V!--Xs_1P{5BP-%eM$ z@|XjgY0V?N)=~7$>(nGXW8W~XogsY<7$cKdaF9a>c*zC)h3Ua)ZpQQQLv2K|_ zOq{{Ovinv3iEy@p;A%t4exnukI?eryP%Gc3y-+$2eZ zWIgiR7v1f;I|_$>7#4BW2Y|gu9b;?GhKA~k44D{u+jOk0I^c@w<5!MvQWYeTQKfFD(5iNiJS zrO+lIH9p3jp2f_itfc&OlJsm!lM4jyVAIXJV6TlssD>o#CbCgz=Srx$LityjwcA{u zs}p7=Qn-ByKP%xw1~lZR_$PcsxT}XGH)%NL;UkKqr zgxfEpJJMW^jtmc+CyBo)13%9Y@;q?6BM8}Fn196>3IvYA`R5h{;$NsbGrvgruNP{Z zv!|kjp!&d|MoquD`cLlN-Y>}>3JRX$b{7;dzr4MJhWJYgCa+n*`^V>VzIgc$6#9V~ zGd{>bu-ZU;B?f@WteQEe3@|Ps^c(i4!dI+CDhhJEpnH$+73`_LSMli|u4To47#v0m zGe%#7f`$v_?J~W{tp^26IuQR_!A}La`ETucyjVc=$siKj!5tAmeB}ldJu0 zeZqG)_aVc3hv>7e6DRCG+`4}D39kj!JwsTE2 zfFSSg&GqLY-pvXRSaV-v2y3oJe!cSIwWph~h z5Cjf|>B8(;dRM2J-UGyhh?xbE2mU&?EXtA{L`}l)n^r6azVYiKF{=kxrOb4x=Q3y2 z&g90DVf;1&N-ls%(sSk<7(>rdbBg*DTNsDg&>=}sE+>VIDC|X}ehbIiRD>o7fg5z! zqvQQ}z%rjFP336We`+gAvpVJy*T=WCl3o+X+LWBJumtW>SQ9_?0&q;=Y+BY1&W~D} zxY^|vsaZ#0Z+fDGw+_ME1-pk9$t_c0Yo~R1H{vtWL4>#$l#pFmQNdB#LO9v64E|K7 zx6MymBU(ZZDGuSOH`JZ6VzbkEUjtT5L6QYd%$lz|dq?hCp1qXyU0hfM6u~Wv5)B#czJXA7IfI%$Tyc_Au4$ zh%v5{|D6)OAp2WC*Mpd3hg>p@wDG9&q}+cjtIxP~BVQTc6WJGOqpp7q|Jf!XXbUD$h+o+~7BJ%0NzW*$eQBri3w81r-YpA8_v(@j< zVU4?5D&}$!;-GfkpZ7Fp#6>Rb>o&@b9uh0UhVH7yMk3AJ2jG|;WnrB)V|y#QS|fmP z+GqRq8`4VUiP|B$TEtbKOv=a9GeG}HXkn-pw&q|5;LWF9$tbB zJ;Ij`VZ3{e@gEV38T9F2BzDg*HXWjEgCVP#IoijTfXABPN^CE9@eo7xBBa0fS$>>& zet!CWZmbZ!3=@dLT4mg2*+8!kxpA;f;Ne%aY>4cl$u6tz6Jn8w9kvE0UfTLhEuKKT zSrCNOcYFO5XP2Ddtd%Epoovb4D~!ozPju}SlPFT1=2^O$xL%9TGl0@aKT4AP?4R7H zb;AL7HC?8%Z9o;yW@X>njY`B%lWGdWzYL{ZMs;!ZoXtqCZ4!shc`*j8vCsQNYhBb? zENdsio~r?vjIbPkFFvh{vQ)1baGHV^Y&6!9JTl2FeWq$k)w-DF2s|%^HMB+!d^c!# zD3Q>6<*>QuIjc1@)9xWMI_r4x(DCe{D2-{3FhVC#Yz$Z%pg)d0WTahVflezF-X-=TMp<5~- z-l3TrXZ*`e5Kf-_$rBxBYGKVbNnITDntvmqkH+0Yxer`|Jt#O{jZeZyu?CfDcJP2q zxaJqU+9SC{Xz#3yr(#9Sgbbuq^#cheL3v{BOKU|{MTd^fp?hvQ@5>kRjuNLzuip6C zbZ*j^{+QU~?nIon-?^i6->02bT<9NM@Rzp!R$d@I>YtA)x

    A#!pD}q4fHb*j}6M zGm$}25`ibTC2WkhvVcYd5#j_Y_WNfAsfuTpKjU?fDwLZ16$QD?bG6Nm-;%y51P$iC zi3rm^qtli*v3t7#w~d?)8<~aVVJJ0vB42-)a^=#Kl~^=emdr32OIvrLch>{;{3TSq zFYJ`*K)NHkwlIUW6Z~Z#lCX`C?E&)r`bzpoRD?#KncqkfA7SnuBm#dk240RmG4WbL zmaLsROS=SmcLuvZ7`4Rwn77ZD_jy6{PR%)E&R0-y#JxUjKBvAZ{Lz_`e+YZ-)f=t9 zXLA+-lk&WzI4-sZ-GCh<<_`_Io9^tnDbSP*g zHlIlgqH~GmUiG=pdbQD9*%O;P+5%JWx91G26zDJ z;}^L%umY#NFQR;34qxI%!p6>?d!}yxroIQn8RkBxA-9wZyDS$P0&+_np?5<8X)ox* zZ52R68@D+gt1v^DAP6s3R2M$hAFkCVdI4msM?yO`yD9{uL@!jbGbR3Z?)16vQ9pht zq2={Vu~l&nY@)#MiKfS#@Kk^NDA5o^cgRoPGuWKNMP|kyCk=L?Fl=6*r?Ko0_Jb%~HM98Vc5vXbOIqKbKY8BFeHC9ws9$TKCE8oww+!c(|8Ugdozjwsy zzslgWVk7_Zh>KzMB_(B%qx@{}SE+;6w)U8(8~1AJIAV28?=G)2qHSG`gst*)?RM6; z81*^^JA7!5Yii#y^{Q8~yXL-Y@qL_Zw3zDZJ)9MVK?-tZ02hduha!+i?Svbn|3S?c zEPs&1hO246ujGo6P=3sZ@lsvN#b?2LHMBgBi8h+&TvH>$VFsMs0IV#l6n092 z1N?=&!gco{XUYT1)-0*=THL}T=Tb%gQEFvx;7o-K$HF$pt~%((Oz^sDG2)EYkzBw z=*;d9j-N760{zEIb_w(SM|q_cEq5E_TaCWnmduRgCA}X>1=!3OAQZLV9|Qgr0_M&Z zXUxSCWDXopVIpYPREG=_Us&*mflwq6d}Av=Lfvnfvg?8>^qSCjwYEA#Q0=n7DsAay-Uzl+arSUj@) zDdV6zCbw0R5b=Q(vN80o%q2Hn3>hs6)B;b=;AX5aW=4|N_R0GiRvFEzys9F)i5+HC zfNu}CoXTe;RWKJ&D(-l?2v7_X*j)VtDS1#Kcw;Dt?UwIZvd5+dJhACd&|P`jm&`fN zMfAlm@1?uI`Z6A^HwSIb)Z=Mp@<7q%LP{hj?+R~t@b2#rg;tp*b8d;(FVU1YeKGbb zN~ECf0|N6Yjp!zZg2;Fz&buNRl&sGEe0Sg;Vfi85NLX|XimvIx9aP*!_!$C9ECC1V z-Ox4humXSz9eD>7OH=2e<&$iS3YPVzh|Nu~4ujOJ#%L;t0ec4JyOxZ-x} zn^I$zj#4c5b?kvb7RGp4rAk$STGj>SVhGCYxj~%L?jrjOO!mSRiKQbk$lUq!V&!Km zFExd5w=LqxmMYCfS)I9X3FuU?57h$2*ISC_slspN_OEGuZ9?bqhrp5yj*8a3)<$?@ zQx#Yae9Y9uTSGj^2t0I00f5;G$U_lJN$+pGms-5m7LGkp;I5E($t7+dOBzi(dlSvy z+xk3=M~dd~Ts1VE;>u?5l5?oka|T^{Ba1L#nP&aFGEk3~X8_a5IaNvI!(AygrWy6c z7j>G$Eu*Ihr2by1G+$1XDgN=2=SAvmfLu3xuP33~L;D$xe_-A5?L6o^lXNqFO9r7Z z_Nolyy}fsq$0F@JR?n=@IlwkLg>Dj-adJE?uH6}Db_ z_@QrM*Xckb)xr-8l_+YJhDJWfs%=kZvtiXU zZ;}MZM{&;|q*tsP>(l;zCiKb;=BZ$_a5tP2l#OOsfZZ=GPz_wSAr9eI7cB7jULqz+;=fLQSc~b z$X^a2CdIw`KPRmwa%^ufgDb}LqGEbkK(`H4mS?5Jv`)XNWJ`cNz()R~%Og zsvW4e$@RywWaCHNzR{*8L8aP*djc7DsjInf4lDWx=!IJ~n&^6bo#W=D6+3P*c zpYQ1L)t-b-+B2IfZYR(MjRjyU6iZl~x}T~k4M8{RGf|<-(RAvxS3DBp>Pkw3du@MCf(?;Uv+(eb&byXHdX>V*a-aKL~(e*M)j}A4sZs;z~!D zQtm(pkHGB^i#q?)zpHuL3-)!Ci>I8|=WLnCd@46sK4bWK>f58aKWuLc)Ia#+Lp2x& zpzZtgSXRg-E=d#pd0Dd$&+3DqYw;LdqDMhE0t?z%=>(l-ivxFtdzfmF`Z%ZY9?uYg2?^Cos~wWZAqbonajl*f`=^(iUpJ zB(H&^1Et5N1l2QXuW5u$gObrwK7VvvQ{v*(Ps#v%QlK{S7k|U_+s{m`v95^0Q_qc& zpbPlSOWl|s#{w!=eBb;%T*!`;87z@Dw1xk67!Qt)-)D72xeZtq}q#B=8&`pb2V8aUL{A=Wty z;}@+$rkiM881>7&F6{;qMu3nege>CjIV5ohRLC7E+z@_593Y&B6W8y52s_rZFT@tW zfq&_gR6vaL`mdm^T}U>5l!3$O__XqCQ&X#nKXz@1>_hw}# zWvjHeR?Vc;k$%RijK&G-ccr20o{Ypj7Z3V9U{z*;CA^|uWu`(R&5hQA z;jLH`M2GGUzecMv4&IhklrD!1Cs+3V2sT)rV$}i(;w;_HD^I4}RVT`YN+=v+cb!66 z;8TR>`yPXqA}}-DQO6VuvZ#VTho!>cy@28(16d=CgOUVq$uG5c zBu(0uFx~5Oh^>#o%k6k;-R-UtOO(ABXp*ullLQu0U2Gx?O-vu-aY!FCsF}5AD69>i%sG)WpH9IV7-r-MCfoQNS^Q61_cgBzKq3@Pol2B5zCz8 zO|0BUXu8hmN0QS|k1s*JdT};~bW8wg0nCX6hjfLu#19NxFs;HmZBsu*P+t`>-O)_N zfx2Gvp>=; zk{$KDJ?wpr)rRWBZXJ;WJARBsa)`42Npy#w;lVg#f|ZT4WRoC)g(lz=*Cmd!fc28E zFULn#PjcE0clY8~$Y~tTST3NPgr;7_bdY}invXTGAd&->UssNt;4<4zY9X+{TgvI5 zzLGyD_B;h0sE7A(T85D+Tu}N#vB)G~K25l=3jY8QGZ!E|BDp$JI3Y6AOntjn;*{KC zJuT+ZZU1%kqXKCK6jU2w)VWtv@NebOUNFU zpzZOxNuzF(^tyA-*nq>gCJwv@-3Z+4HjQiuh`4fGJoP3GiWz{;VO~GoA2j_QWy4AmFHHdafkmS@uJ7o3 zq{;WVWH$_{#E`B!!xF#Acp>lFxgN|uR@$^2+gC!i3pC6%#FfVLaeV~f$8GQBJUAa` zww;D~tk#&P;N7C|++3bP{u&WK!~BN*2C%z}9gtfJkRJxJvNfXBvHo$nqcwFfH=%uT zW%%uy5C)J%z*IozWSKYbs~n4AuB}$i8AIgd%c#yk9%Dv+L!fQ)DzhflKt(69T!$Gm z|L#z0E#xz8^NqF<5v!x1Q0iGb%QM{b>+efqWDM}6;w0akPF7q;oLX_`A8tpbxL=`n zgrJY;$tGQA-?V)|zlP!XpqND7;6CSTvS*Z&$TUVmn<6C1yPb72_JMLc_m(W!j|??i z8PUrt@q(jw6t&cLo*at5GOlIo4dY1+wrf8mNbfc1!ggKhXo>jvIWxnc_sPfPYf#ln z;xa5{&4{{S6y8fIv8T@{Z@SF;D-J!{0|OEek=&6R>J4F@1oO#EbZ zTw{o95b810rDk_6Nu-2Mib;hBZ^4(Z#CI!xsqv~ zCvVLX)6dx^x+xKQLuauYEH1>}Fj>0gtCP#>-IH^|QCQk^o&~)@!;X{2b>d`6Kt`9? zmJG2%ucwuYHBgXspFPJ8=ShY`tNGl`oVr?|AGE3d2nlxlIfknjQLXkUW{|TE931Rp zR2W!!WM=%Q-ZmYGX4lu+ocKMqh3ktW)s*ZuXQ28YK*ZJC4Um+^@vZkfgUxh-aD~qL zy6AC|oqd{vP)g|AEgQ%Zlsn~+Qk{Fd7VAl@H^g6&nWQJ)fR2K_$HW6&?_Ecot;0^< zIx$5y43vwEp$9R)eBK)qfp;Y{p^Zta< z-89xWD@aixNE(uZt0A+c1BRzIOifJL3lByUKHG^NOu@3q*w89?1j5z3a zQe%h4icc2VdAfRe&ARzo-OeKOQ<_5w#mip#@>=h1EhHzG&c6bVBWUylVxT3E%;~d>Q zSV^U0-qt5p9vWsaSa}v~4IRoTwLzDS;etvFiYUt)&8V@#48!PGEkU?Jgp9<2=-5^* zVg8QTJ0i9vlQ>f!PDFTd>}jVpaa{PVxo5h2ywfP>^^)E5MLNU#=i|a&V5&%YAOsHh zHZH8|4JecpH<@HwlZy=I=bT}_g_QDBYan2(+5Y$%7k-xXDU#x0FTZvmobEy(lGSQv zEr?Y*4$UA2=PbnMP|xwbulu{jcSmN8dnL>}AalN?)Ev3d7r?%!)y&U^Yl%RH#U@&_ zPnaGY#g9tz4{WhFhCrhmYQS!o-yl|-Zqk^)U2lMKYsxFof}PT9o^2>_YhG-8d%W?+ zExSL%^?1lnIu``u?h2=B-s|<;d!Syv(1YSW+sH?`!SMJJ@JP@$PV2CxjQX9$NI=Jk6&A!dmkkhG@S>>;YxRTMkYIDMc@*xS z#@eOrsF1@Mt)xh^&-x&F1Xz>o8z+M{5xmQ2_b&P2>>>s(6L-3(!MMKgyz)T4R#aFk9 zx4&S-4wrM!eLO~6(3Jqg1opdM<2BpxJwt`@#hvlcJbZ9~Ue8kTfzbV?Y-<6JqE;Ry zs>Bh})HGnLc3dDo*~C&>pt)TmQhzxDYW^xiw$bvMWj-yoM3;##?OqOjMK#9mYo>eN zJ5U3Y6^kg!nD_8zD+ospvU}22xU&y?F=j;HbLD1};;$Wh5y`J&^S-6J@>xkyWp68; zT71lk6pun|H6}_MYcC!I zD`-m8$BG3bB$l^8FOfHilc+N&URaYe5~o7H7{yjQ6zdW7xpRMD=#`6|=!u+t{%1jR@jFiw0FyDixhU z(H20hJ;lL$^9I40)3BuAz{zMyLoCen9?rPxg-XRQ3f=@O-%pWSo2FxSw8~@^qCNVN zD)NKqeVr%a#TF_hXVh#{sWD?{%xDqIpxg4?@a8LJnCB;G#K7!miQR(M^AhaFf>bK! z<6!5rXy#1^zgG^&9aZv4IPgtIrPdxsE!QsLrTQd|^VhEQ&5M(|PQm%%p^8)Dr)bq| zJyyn7Gpg#lR@c#Pm*C1W*i{cT>eELqVFd>e6z!2T%txu2Lx`ZI3p83lh*58}u)ag7 z6tkFc45vnz&z~%yzGsV4`>rPLG}Wv`R_t7+{n2ANmw}W+mLyH+>XctJj!XdfIO|x< zcrt$&SS`vH#ofu9pY+XVM-d%rc;Yib0vbiyxB=x?p|ru3goV|eu9AH+0k5C7jj8eq z<5gSZ2F8(@&_(^aqK*x!d)QW#E ztRX7rihzK`w&sEjoIVqsma~C%&wOuT^bHHwg~9q4{q9VBSM%*+g1H&kDie7iV-g!Z zzh?JHC5o+rft>7i3j&_<-Hv%1GON113zx8I!Y@klkhi?<;{H_XsPTyC-^qmr83(eU z9DTE>UMGoZkZToaK+}E6zwMAWqJZ$9ewUCKzQkbJMLG*o=SDVBrGWqn4j9Ym-XIXhGoH@H;6&UIFl(dkPTnfdsq~I3ptOtMdF=G9{l`7He&9l zEMXVS;owbCWD2WE-kcoW(t15fj;IwQ-8zZlccd*}q(4fKd$SI|iP4-~85xZ8$$>0E z2M%#lRtG}W)H?uMlRwAerXImyYS9lwXA?Nwj5_JK3AKs%)YBZ|#RgY2P;Xa2J>o;U zaunJnd|WAN2<;estGp6lIjq6hGhe9FB^?zV;LPI`I+;%~U^8G%%#0F};65ofAS+Pf5?g+U?yz8j+m(t;WKN{ z8r!zt%7Mv29pVMO2f7(AiscY8P#sFt7>CZ*z}(8$kFy>IAcfYq_NqR$Wxt*2wiU`}GHU)bgy2y2iU z=8RA>5IShFef5CHwWU>b^u4EWo>hPesYLgr0*S2^4 z{0#VtI?Z25n>*OFJv)J5b;uJ=_K<@|3YF=aK$Zxe5hO(d8*y|{A_Fdu36yhRJl}ULP(`)SBKgcb^FqBRamO43?1h zusv?C!`_eTDsmfM_yNAR<%frL(}IVJlSWBGz<4)Ip&&U0b*6(-*y57(Qccd_zOKJ| zLh1_r#N8|N{+0|^^gh5EGW_f|Elw0;@JWo7whBe$A*fF?uPSH8qn7I3Hw`j3M7#MX z!td^BqqZsUZa_@W1g184)^G5u*K`hh;$2kZ`f%|Uz;8Fh&)IN0(^qX4PC=!(J11L3 z_o}MbIFv@t2BXc>2|lN{vz$3J2U@LyJEL;qj7Z11}o-0w#)m3>BO-;R5yhI>~nI40>p{I^JVy(|1M$oy2{?n1cqx3I7NhAIo)I ztIPL-!L$p9Y zk~2MsoxvQCed!BKLMLQPi$*)88EYw=O#-Ig{)A+DvTJo#q!!ThqK@BmTo+0mF z^L$nlR~(e<&?Wvv5)WOJ1a3W#7e`jX4RXTfW0)|v#a5AvEEntv+A2doXiKkzjzLUs z7BdvfmRKAb%4BZQ(3FSF99T^LVH@fr_;^Rx1RSkPk@81_&)xDPXqTx14iR{o4!8`T zVHFQx&2H9a>($Ofl}GkEm7@hHxswjchSwK#*k@3%b-_xj-bD3$Qbawdsy~J>@5_=H zJ%d}Ut}u?~-sK*ow29{aY9fbv^q4T8)o;hZ;*fAVmxU3a#=4Z${hjp9PJBP4m9C$> zNSJu%JrTasfJOp&dUQ0s@ViFsd*p2d*l1~yiNZM3A%b@5m_pE5Xmu&kMsNQ3$oES$ zRn~A2Csp*|;r;5(R2OHj`wt{kyz2BLopU2ena)axb50Bs@s;`%RcP+FOw*cujLPDg z^mCV}OKrcF7r9EDGX8Sjj+laD84UZn>=|D+55QUomv!h49%Kt zS~i=}kK$wQu8HZV^~gxpS^Z?884v%(pOgOhm7_2$e^l-*#TdOmyH-1@S=N9C4( zvu?_F!)~%cGgpa;loNe*NM6Km3K=U5b3Cj-z;uJDSC+ncjiFZt?x{u(7K#}Ol7oo@ z5ibsWjUwAdsSn-=d6L#MA_)Vy@1HpR*5c|cIcDI|iVrRYqvkVNst=-?3Ex5j%c!g| z2b&=ml8MQ_8_0S6)>GOH^~CBdrDtVCa1_YWR0agy4wodYXE>FI0i%t23dKH~aSG!y zrQ3IMcOUxBXK8#HZZQ=GPn`=$NN!9zYF{Vnecsl9K{94er2kYBkwPPCqN;p|voc+Z zk!5=S6GpRSI7i5=`15-Y{g1O%O$jb|GF+=3T-vmD_8?80Kv%+u8d1Fb^t-X2Sg8W6 z}+lsKp`w^c_twp|2H>bI-5-x>9CG zw~liHSSjNL$cmEv;_+5g-|V;ao!>%6_J2I(`YDRpBPjrawNZ{FljLJ@sJhg79E^UV zpf3LLxj6|@wF$m)!LoV%jH&bz1Nt3u-QcZShs!P;0e(;p(P^)C>L>juuW6R8KkwAr zmU=klg_XjT-+n7|eSS`7|N7wmECl3gt<=dJYK-2U0BXe4>=T+(iMYvV-pz)x@s`9| z(?*#bop!a<|4yl zHX;HlcX7y6Wc38)T%3*{DN?bd^73sHz1wrVgdwV73U@6^>`piGCVamicSS)(```(TMjJ?1t=p>k~FtzBZJ zj>o7>lQ1ztk(fPwYcko7G09APv}e0g-V4(k^$_)Lb3_%z`)IFHE))|=&|@ZaRKbFh zOT9jY1}!9yLEdp2W|k?HP@HLl4#ZV=k8Ps}p{y|uyUxTYHrQstXvl4z9Bc2Qrk2NK z#-SjmsvHy~)(k|Wb%ug=j|6KF4p%v&w(1L~Sgx89GrOj_cUo_rAx<4m7bPCcK}=cy zr0lGIvXVq{FAc`UN-Sdm!=|b%sXthZOO-5L@TSk?G=}%E*`bu8kzw%tLj@#y)cGvFU+H0gzY@F3 zX-(Gnc4zjCiz`D)9uar{<_(LoEhAd&X$-g=PRgnF#3z}K5AsNJa|PIyQ{iCm-!k$Q zamkz(ejYt-_)J@_)Ei&l{QzD2z5f%@SWE4v@Y$JrN_d*2FS8SfCu}p4rk6?M%Jd?rI@EC^3 zwa`4zEGFO-=h{*Iuwvh}57ks%oL0@Fb|a%2As6Ei_OO+rw@E&aWmbPo&o8$^qhy@b zXz&&E^1S$K*eD;v*OA4FS0JNNP^)a`6)0}Fx2cpj8k_e@r=!u|S^z>Ro;oPFc*6?B zZjn)}6?m2l4R6jq8C8x_@-QqL+4~TZq`*D?{|-rD`LVi24KHLU1xkdM#cva{ zVGRw@?8}qVh0#IfZw*H7_DRQ0sNX&33`y{m@|nh?Q{~~a-OZ~V0dzEeOqyUx@gN-Z zEVxNs+;akNA68&FXgx*!cRRyv5|Zt#&p3!!x$mCT^L8gg2utwAM`>nku#!>&a#bRy zAQXGN(Nv(zTY*&lN^HPM^ZAHuAVqxPbz1RLw)e8u;o0MTeRyVK*CFITrk@?-Khpkn z(p>8map?o3Lh1q(1%5SYN?96+n^^uHWd}@|f9N;)$!bU;@gQ?f#vNCFL4gWf2S+I~ z5wRYO&VgqnM-*0dCNo*zuy>k}tV$)WY9e`}bVtYz0*K}qG*?|_k`uA_52bRtjwZTV z9)I)v`UEuBs|L=Trsk}(k^4!a*;cwO?iCahR2j87Lrge8P@j&kVjSyT%zGI;bR36V zM6^A7vP%?Pe_#2g$k9&V*$KDNHd*>Ox>x8+cDcUCz8s&y@V{H;2;qF)eo}UhW{g?M zMHIYXoRCW+;+?&Q3o=-V6J!<_vCJQD?qpx<51pdJi<}`d>-cI-yJ@-kNE~2VCX5P{V#N(dK2g{QbK8+kk@*hp!9+QyEeNaM{X5GEzhvWaZ@> zx)`vXiX)i%cyF#gwydlusn%3gUD+>u)1J#H*$g(3s_z9SH(#*xBZ4@ zqi$8B3VnjPV@G{JniPt??O4qAA2Z2Bh^KmC-6V zN6uu6#0Ri&^0?3gj9V}1i?VY}zfs4U8>C!JDt9&MTh@Hp1_c#1{MZ_H;)f3|k#3$4 z2P!j2=K5#kX$HF_sg%`WER+|fe^%K2AtfO6y6^}Upss5J4Fp8;i%aOsv*Gt>lj6Y- z5$wmI>_3iJBBBRs)7zc6EMK%5op3)ty1;#4w=CtOlngx8Sqh3K z2&SW1N0toXkHdhWduvEWz{?X8kDiS*B<+%@zs3MYy@T|0&P7Bc>(&RYOqpdJl{EFd|P#GvnAX3l5jLTbWBB_+H~gSsp7n_J(dG+ zH;MFG`>XTr5==0w`QO_$#$hcqcWtdf@I?}O#NmxQ@G!+i3|I5WV*BMb&Qv>lA&upd z$X|GQ>4rP;du6MITeo>IWkTm{;CG|P@g;T4>jAPdGwIWa-w#1B5o_;2iU}b>nw5to z2DkfX&2QGantM*>72Ps&qGpTUJbW}4hBy$+nN%wf7br9VR$vyIuDX=rt5HBB4pK|p zfkm7gVi1E7EAz4_PBOs62cD)Z!4)l5?V2F!kL-Kr0O26WA#%rY9ecDRj~Xx`LlM*9 z%)6T(BLKrDenb+`DM~RtHZwz_9p8How7j+tX*RDK#KURf8;cVgBHh3-UwRnl3u`ax z3<+KscD#{~6i?jjS4Yedf)8=BssVAb=I+mBz0L=LyB6$Qd;@rr5Wb1Y9Cg0MYC&vm zi$}!aY4Qr@^+S->%pf?NU?OdeI%R5&Jf(&et^a&7*Kv)wFh;WmUOVPTnsOu4AytpB zegAeo@|3|t2ZiMpQHDlUPE?jzUoIcrGxikIBmZzVIy+KW3=iHoF;mOk%1Vf1B~r9P z%u^bzY`O~unY;kz4iTbzcV<&wG;_O5>mb3aloHd*!LpUQ&{H=ULz*e<1Vck+KSP!+ zQ690Y=(~McGgZjZepa-Hf#`UjZ?9UxZK8+|wHW5Dv9T;fGMMFB)_UdEhW~3rRtt2| zj-fRaoRi>8e$v#<2`?tbD#W=Oc=Nxny2}mEi@+`}Dq`WLs zvE&ZBqV(?UeQ5e@oxYpkSnFpjMdMP=2X!blHG92-878W88H?#O^52U>G6>0EmDWWe z){&4hSZ0m+EZBf#3Q5$x9ZBj68HO2BXNr{2D3Qe`b4tmhA%H_gD_jd@er>DOEh^>N zo;8h{g=QYVDn1~;4l)xx!^0;<;m<~>ef>FQ`R|_awX5^_*1#S2V=|cta&4%x!a?QxN7r`BH$P-b<1N^KTW3(IM zG1l-b_Bdgd(p*#XupFd$_iZ!ZGL#2yp+_5TWOR0P1rX~Jfr2%>d+#sn?w+8 zl>~eM995cbhCX}%792{RoxWh*z|KzWwHkc^PVOtFxDM#rm5~5f#AK5rZz%UUQ0`j1 z5AARreCe3D{$$ZS19NY{xI|<0E^$AFA|D}CDEHG^>@Gd4?JCL5qm}v;!{|w8dG|!F@ zlx;vgrbTaF*_0ZijSgz9c3M$vaYW#D*kM;>PHGSKy3=Vbkx!y_{*bq^rCOSLr`!bC zLC?V9SWpK?!VVsFOk9`RuAn7)_N2CXS>O(ntkPY6k>>o=h4OC0IW_%&Xx@C@?h)?i zeFi$<%F;MCuH^x^qLct$aDbPDfIJVih@>E`q?Eh}pMd)?CoBj)y#HF7FS~f5-|Ab; zL*`^>;07RX8+;X~H_(VyCtBvEUrE2Q8}1PL6 z#VQtA>aVUQc58{a0(>L`sJj7*KL2!89N?&=oWQcGg%xHm!jmT6vyNCs0ceT=sl-Ch zZH}^S$4n-)$QMk|+w$f`!aA-M`X;BWIjwI-hFak{2566p_{OD^N5_ZF92Y}F?q}?0 zh3SK(C9|T<<2C!Kck6{<&(bp{lObg^n)2&bmAJXfA!VA)H+LJwGo9t`w-2|Lbxjd& zV}2FIJE`15oX_h{&6iJiSNZHV4fTj+mZ(Y>_qW6AlFh9RC@05XC~aIHudcTDmnlE0 zpQ$NbG~F-WUY`JZczqDcCRcU&02r|`db)#ph(HP|Q?S`jRa?>*E2@ zl0&5j*|Bc^*ELb8_1nwgo9M2M#9BNMDi>Tb@Vg)Y%cQ7-wh9Mc< zEtN5`8&D>Ucc>EiA3uJjq(hexQ%+wAS-kmLfm$-xr}+h0B~sE+uLU+sLAOq^1h^g; zm&)ZL$k8zg3u-aNq_0EK)~qGBRCSp*SIxj|;r=ig&69QK0$P5vCf)HZILn7?eF*eH z3beYeG_h$ugc^Sy(nYkWxV-22PzD?S=}TI6cG}YLXJIT10_5vZ{66}7E zd6oq>M^8sKTtxF!Bu%G)S7u#A>lSvq_G-nd2Gq=}Uu#Ql;OzT)7~ft;V;S^MG?q0* zqWBabw_xz+vm}9f@uZprV7nx3AnByM77T3fWAAo@sdAQUOc7)PFR_@WNj=HX+)8D zmPnP5Zlr&ViP*tcf)qIM)toK3R|MVGF8Z>1Z`u+pqRFZkyBH5gCA6tbC^wk822VSB zX{1pQ=%q#9u{MbX9`_Kh60M5lkRBRQaX_K3`$*{qaueY8FQmYwixU%P;@59q^nZ_s zgtW*EBNZOmp#z~4t4r!0<{%Ze4pS)NV^w_>@ud%0Y`%i;h>H3!F)P&lop**;g0ZH7 zLFAX$@vj2HR*Og{<^8M9ksso7K}7dID>~t2%zf!I3ZiRh!JO)m$iNnHk&jU~mCRg2 zIRT474fNr6S;ck+e6ghe@d< zTocJp7)@TCHG8v0tAdUKO!4!BmUG-@r5#ppkx$#Fd{27kx#T14^-HG8K@sYR)44#t zf^64qAcka$u^!b%pWa=9>fUo4-iT!27!0$J!yxi9v~az@;IB0*4|2Sd)5))kD!+N| z6gE=MuYCoEMG=dSNFKQBM(jXS`_$-%z;jx$sLDlV_(_E5OSi-#B0j&PG`95oGwp|- zx%Nd;e7=lnZ!Y@toWaPq&4ud?woOL`%1oT0qeUbfP#x2$Q__u|b! zNvY9_cICCGUdT}RxpJCRk*h}d(3>n!Y@PsE#TcEGg|90zXVf^|!)zEe zc6uY;CWw7Iiky|E{mC3-J)YG9^t6Hx;h_CFIi(`sp>FgHm#2gKt$l8(ez7o#!%wW*tGI2)|Z#Tie@fB0NeLTN2A)w4_;15t;mSffOW(rVDiAFQ z;CfL)zHxBwJU_HIbo?BwOJg)j;p{44Jx`{qtRTWRrx$?bwdT_rYr~sGSdyDQbk0%I zBca^f^A1=LGAlVs)*X5wQ`qc@zIXmX+F_V2Q{~)GnmKCPC?xs*w)g-8yoJtkojC9F@nmTBg>8&wyL754xluS2mI^px znU0k*cVM9mN8VY#`9z%?RSpMO8JEq4c;_MS5BL-4-B-~VA4JJ3O?JPWNdW~73B0`o3TCg`+!3FD#TTbtd>Km zd?S+ZF>qJ@e{c{t71|&r{pG&l(4kSH_uTper z^hXdbMFjq;Uzo0O3$+LQwSp;EB1UM~eN}w35$1^`NYf-sO}AGzr6*yfD6C%QVpo?qahq48n>N1CN z-es-gSod69MDvawwfYq6Ye0UZM3Va*460#mnq+EjznKZAP8A|y?(?XPe9#|juKvbITsq7-LT_X-j(F#-IQd|S5Pr~xm!dE;sdbYJ+C9}6p zRNq$pzF5%N9E{ld$%JgH%A_57$p7^g5u81Yq3lLfJ6?lwCe5kL2}_S6qgEdhsV$%U ztQJjItfRW)_)SGG3XUt5t_>b6)w zSjxJ$){V}tZ`UDHgzqsf37IrCY%qqECy}Y=u%wng#UeCakwvR$sEf`c^+AQLjGlZ` zSCW2OpLaXEb8Nj?yURc5b|>~|Y<2%mxY_*R@nq=n%y2((aQnD^H{v;LjltsL>H^i- z;%etYxzgI??rP_BR8^5K=g8RJhEmI_cwzr3|3hm5$0;WISW@Y9*Us$(^+V{2j?~Zx z^-EoMv`IF2(ncE}n0aA!L) zNnpaV+~s5*XdL_X;gEDPrSTTYtn8miVGIs3m5L=lCGH?H zvh7|*CE|wEWwi?8M0D|i-(hu}#XQ-UIE$xlqL`i%4LT%+!-jz|S1k2S+sl3!+?a*9 zWe2NMVBDYuUk#)w*XFLoOWI)XVFZP45?sw=#v#i0um2wHI&jVwKRI_-E^Qe58L%ev z%zxdU12!jl2Wun+yPd6We=*`btAR0jXwR}I?D1iQd9gHSg|NauQr{}~SnvQT_HdzM z6f_WNv(QS;cv)un?iv(Zo$qv zwDrn7eV(E~XYl~7ZGKJAzI!H{N0Un&81i(iGl34(vaqv91|S zgBbVH2Z7qw_P6jhqc{c3obJc6mvhawO=PX_25G8m5*9f~@d%O*ciz_{c1w~C+WSn) z$2=H2%5&dRFp`JWs2--2^?jSa)L?TKLFN?KuIIzTL25KKHwa3E+47bEzHB&>zX603 zdA&vN<+8imX*d}$c-yr;e)DUUqW(Ur#Iw4YB`9jAqE9t@<$2~b9WsJ$2I{2aW%ndu@XqW0LJ}uo82=Cl8g^`1M$4YFg!Vq{}_} z*rZKjvE12fx8_mZ;{zC*8{4ej7oq2U_Q!8q`|x?z{N8(_!cU>?v=&ZAClgQ1m?b3% zmG#*TXVU(?^gI1481(1$<2#Hl*buIOS(M(Zy$>5uEb#NhF3nX)*K&Aeeb>BgCM^G=-dL5A%p>|3V^5ce;*J)fY|T94tSs=o*#ewdyU~~00@w8_lM~l zAR&P1J%degC*V!NfZzx6zs!F7k>mYCckth)5biGIHyKP-5ExA;A?fQb8VL4u!7{RXFHAIYQv z(BJF_^cu@w;7|aes2{EO=PZ{$oC3h{Sy>vI7&+ML*qc~c3OMT-SpWFr*CgczcMO^U z?>+#CDE>my3rM#7e@Fy%^z5x{UH*u6y>z}F;gq!zfJ+K+^{==VfFi{I0QdLu6EAUd zk@I#A0k|B0!?glzYWN4Zzn2+!i5utlD*YV*Gac}$|LSix;5_^XxQxGUUrjA%y*B_{ zk-y<$0v6Ez0WQ<8aj(vJN6P{2u=2NlGei7GxXi!CtwCf1=n?_}Daid6?fm1E$nn+# z%mM%1-(RB!TMVG=0-|OpfZU27Y07^bIo=BI|6f!&D+gP>-zB(zcG=&jHbB0{@5hfJ z@5A$-K}{^I&Hps*{5I5Zs6lG{0X>8a=o6YhkO04Pyj%Vo6kyK`9V1}S{af_*r<=cF zqq1QH{up7BfS&rHNdL!?;~g&aU)%)1{yxk^0ABy6p+>s15L^!+xcnOdm&pG{@E^w9 zvF}u64S?XsSpMrL5EA>}2>!$18w11unhAh_I>mv20J66KK61PzB>pFYU!Q%dMH~?C z0gclNn0fv>ww0~_3%sP2lr^9ievOOm{ek&40M{ANE`L317Ht0uuH28)&;Wq^pE@<7 zmtSoSa3M1Uj76${H^`4OlFH$qV*lD}YgjG{LV(v{fXfQ~Uyzmj{|oYu8nMDUcE zU&`ygWO-Q`^(TvT^#8*0_YVKDW#MHNvY+U@DSt=*wX!$euc2R7mih_ZpY~6oe=+I& z@cLyDp`Xxfng0~}7t_rT=$9pEenKl||5NC{Hq+07G=J{eA6zf%k^JPU$^GYCf2vOM zlHg@+i=PAo`TvvvFc1B#bn%klr4;;6f(JmT^5q@DU)$wB3B$kScqwZBlOyiSKjirJ z3HnkWhe~0{Ae(OsQU+y6O2{*C&cewwwpZF!}%Pn?4QNg$Wj{0(o)qm=yms_=dqN42n zchtW(=dXhFKQXP2|MX1!Tgd*;AM=Ot%dq)RlZN$xl&FG=px?CPE`HR|uLs=HcV z3J4ey000~uz)r_Vr24b?aR>kaAQBJ&0QuinMnqYFMnYDUPDVghLR3UanN~(LBz_Jm zkRCnsF6bMMYt=xAfTr^$sDCgCamR3G4zpdRRpNcG3|E-=@-Hvl-P1#f_7q}vnOeOp zW)BGg6#eFfL}OKlJK#kltgU+Z!oZ(5`FWqMHzU+-H3T1E1`XpF(hB6&_Eiu0SYpk3 z5>X8p!Bj>2J()%AzmTH`+vT)*Zld3veCD&x2G{KI8H;@#AdZYNw4soq5tUT(`QLOW z)yyu9=HDT|Z@cFM<(jJeOiSv3&)(h8dYOgUTV(GLgXci<|DV%l|D0wcRn2S#1^`Hh z0RW);=d_)p8J&T>fswfhou!Ml1)a5>nVE&H8J&fVy)~VHtAVwht@OVs6GvJjYXc{z z5)~O`EEVJ*U3}n02$*?AtYVmQ3W$(${}sW4WIP)zK#+^Lz9i#BXjqI{W5P>^nlT$M z?e@i^Rou8=npf zOLT^5mwoor4eH?f^;okZ^AV>odxW$>VI zYU|o2PBAkstaMEtB*AJz?li$`AcP(z_-ZUnMQBlx1oYVpF@~DEiB2RWG<_sio*X*# z$1)~bY`fA{tCh|+55@dhre!TM6(%d$sOUJH0Q`(WM(aq zFJ{jJL4`n3hUPnR1Fa`9Tli_voC9QA80SD}lR5b4<{6W_Z9~x9 zdyq=|3CTDE!Zka@!C#DmdgOvd0czt|A$l$7&*D9bjIgp!r@-Bs!^IZPBz zc5W;8#uZSB4~S=_*aLha;EMG2hkY`nRAjUkRvIhNq3q6*X_QtX3`TM9-EGniNjebO zUffk9)LN6XHRV&hwP}VuY7aSjv>9S7XP0BxJ60kS@$^T9!R^H36H?-ZB?pz*kpyK0 zaU+A5$m=D<-7(FGqZ_zJZ4-77yGUH;8o35;fxDEhWt+HSg83US0!lv|?P~b*^f*th zLHzEY7hxCo=Teku`moY1oIPP(akoF1HyLA}vGUNg%Wp%hnaYMH~bD`K-5)F!D_#q?HKkNwkIEl1Y4C;7uI;CKlOA?CehD zB}kNmxNa&XiTRX>>?C&aBJq*6ZWCWb`xMW-Pg*`obsna=fK9lDU*9Puk$IQ6bdcb@ zOnGK%_!dmOy&;Ow#mO?-=8ZNmYq#r&eX?^Yb9f^~{NiU34R=TIwF|$G#uHqQx)&1) zZt?}^(GBLqB9z9>hx20*PJa|Se7XtA zhEZq1C(&aoG1i@ED7+|^_%|z+`G%}wjpTx$t{Au>hfrbyOww`;dUgx@8; zJTA#Mdoan@8%2+5bnWB~%P<$wNpqS_#d|8O%s~{lmxgIetQT!p*thzAIY1doBRq1UtUVtCeDNE?;BDNg*l4j##Z&|<#5@C77MFD=H;Vi81O*)d6H^)L!46!i0g`MgxlyHv z@?Fd*;-s9{#>i;1G+Uf-IAd+8BF3H>>~Z$3BMK+~=~s$-xMEQ;IG6JyPicYvh+t`k zShpqv%vDv8m4Odt)@y=^)pr1)6gTwJ-3-i|HKd+|pL7{6ToVaGYUsQs**KSeamw{& z1UYCHkx{}0AkQUxO4H**%p#+P(i|Y7w!H;|AQ-ViqK-gh$CSX;e5$<<Zhc-kfY+0^i8%UURcN^Y_z3PlbcK1OToisLP+8j1|&!-fV;V}=A?Om`AD)1O>*J+v^Vp8Bod5W*ch zq)!N`AUIwnJHqSaw-PY0n{Ib30gNf*(+sLHPtbdMRJ=>pRoDRSFREc#iyg5=WgmyxSYQA^;FO zOH=zkTb*1(Ib8Lrc=lKd{#^ACl&MFu%t8ZPfPZ&Gj26u~Ud8KLe6*VS+|2woEI+yw zJwg1eI^4K6&9^?Blb=AoY`|p%At=xk@Js2HFFL{rw>*VH&bcC< zhQzi;_uB+|nWn^>BZbqFE@hzYq10B6dcJ`8d~W!`jmY%lg6a7bibqT?x&?~~e{SQ& zT`b;Z4X=>Dysj?E6c!I5dca?hC!__T#)T9xOJ4i4L^X!4?m@U=ERv^A{mEh?H3|uQ zvw*tf17#5}1}U#ib-FI@2zGQ;pLi25h$4DeH)M(xhKgMsdc?p_%R-4gMTrOhn%kSpKid#oT?yfTz*%y1y+s^o~`M;}q= zkX5f?+$q&$4OOHR{4Z*5n{1-k_DxjTN*YLGT0rC&ZlXW0e}8iMo{V>g`Tp!qx;%Tl zu~h-uiO|PnWkmt)TDEku$7pGK1L}zwVcwa)hW+UswB++~JOGn*PnD@`em6-pon)=clyhHcgBIj zxLCA4#&l1=tKbcQcU;ke^dj`^fl-$6Z;{I>&~R%`fx)Pj=!ypU$^v-&+xPMi(r9N2 zn|SQvnuBUuY%Wsqn5Ik{v(sOHhs0W*6d^MubuX7&v~ldoSvM0&nnH?Em^^?xKIEFv z*nro#2k6)+*n2xvJ4u5ZPEi!JN~!;$o@kGgt(OeK_Y%}Q4CiCDmEk~doK;#!(+hvqb3ssZfowk*qR$eO#$`L?to-j>Z$nbLpz-j>s1Bvo<&)4 z6;X1^dS+tUnOZ1F3uBkKUyF@A=t4adw2iSF=A%;E9ODpuDsV4@Mku0LYchT3Zw7Yr zTJB#f-AR&;WIX$zawq@yEFxh;2KZm+VDU}?W_JFsDTG1CAaiH`_c$WqNti+l-eARj zaE9CRd{HzI3QXpbXHZB?H)Z*vsK8`RL0YZ)KvL`v){X}qse2c;eXfJ?wuu-!9s(@X z@iufYvs!201@c$Q6iYwAww$&pKCi(n3%HE}*k8Q=TFmg^H2Rl-001z;0RYhc-xM>< z|G9*zQPr|XGC}@n?XX5gnZdxxNmxL`>zC3GJ{SPQ@OhkJ8$-)`(J;gA^Fvw$=(2Ihp3eS$%YO1Z<2vIz z+xvQ+b93A0=i7ZPfGX=zk5V8|4RqQSUB_vwSOi&s;4!LZB(HV__(ZuM8_=lvXysE>YMtu=#G~+!V*g`$fFJC`- zvQhz8%?V}3#rblStS^MGhh`wH;`k{IakG1LW?(p)vrd%Kga>T`rBP#NTvU3=7s9q+ zJ`!8lLLmOPQtwI<5+o9@q|zZco1-BehQ4F8iL3A7US$RKrl3G3$e3+gz7`0 zhP_nwRJvU-lcQof`p%`KiMu9^I2b9!khO5O;=+Q4QEB1=M$yxk77b%|`gVOK|14i- zkbj(YE-Zq@Vze|W1O#E*_=>b7n|!?VleOYvqoFW!)sTax4#Nc0hD8dyD}D8Jk{jvN zE`nkp%P4a&#Dd4w7eiUCQ`OQJ_`h|Lfzmq{lf982H ze;=1g7{K%l{3V-dg#mC!UWtL&kQv#x2boN;NvOtN1{TS3!MwX`a&WpIYFY9gTm0 zC-C&a08>i+fUTQgv{YG#0G+Vn=}Mtq?aUr$my+?!bE5j{7we{67P}&!mr+9>iF24| zs?|4)RJxTv*-VCbCeWfs-N9{NOm;CNnZYyPE=Vip0@KDX*0Sqmr}ZIyUx7QL>z>70 z{krGVAr?I&i9yy%kG_XXnc-1`!k|rCXJ=aWnY*KTFhHP;W%K}9Y&7Z7gb{W|%NJ*> zK2D&$A&(zczbRn()-c&t=9Sy9`NIYB(#V_$dn1;&aFYUZdMH)B{98S3Ka|NLn_l~6(f>HU8LvMe+sIBtJw&mHYa&Q-J%%1@ zh%J=9e@Xqzp-r!pNx1PH-++Tq+6_DQ!0g&T@-0@6GzafQb<>qzD*f9ty!j_iyiNf) z<)JI1Tm7b_WkmaiC^D#PE^F+l_*+BxDh%;5sUFR<^8RI`L~6Lsk!W0V?MnoVVA z5B!|004NwSer|<84E(}8^t#EPT2Qs@LeiA88uh=P;Jl;et+JS^E|{9>}CB`ejoV9TO=2`!9?3qXx(uzVMppg zR{imo#gLjMk+FV=H_sP4$<=1FTR^MpmmFWjsTv?psFtp31-hTzYt9@xt2N(bV z0@D8l@c*%%S@J&vKSfo?9_!zkwbsVN!~}<{@#yQYJR*m(k%lFs85vPgd&@D0T-J~a z!WQaAQ+MjBw&m6mg$rVSvGl8%-{Qkg>O;;SRXkgD0zQ=fhTqgZP|f`SME4*e03+1t zw)P~ZCvj$Kr{^s9Gv_Yb>z3mU?)Q7ePCg1ZnJ|4o2~rxQ3E|j4M4THIKm(T-X~4-nSB3WB{tsNd&)$pFcb0{JPl*RBWo-thuQI98B-Www4*_-Ir88txu($I(}xx z!mI^_($tw^QLN3eQyB223{~2aO@Ix?)NDyJ2Mt$EnYg<>X-a}rv2xm)sY^h(k(CBd zQQneF08Z75+-9f=)~v^7!gQu)!Mp$^POapa^a3;II{L;9z3JIBY#^UI^HIj$G11zX z7eukav-fVsDh?4ijNYmLXNgds%OHE=CroPWN2B7V@7Q0WpMldlslq5Z5|w^w#WVm1#LxYU3A< zFx%|qZaI8!b}LT_l_I)r9Lc`NP_i#HGDb_3o9bLv_J&L!j-=xqNL{rD&|Kv38WEv< z9}ScBM9J^J$yLJz%J(=Zc86V*ypaO9o+{k_aFy=xZ&mCtlm0tX;6kMpXUt7&vnXaS z-A7DGr{#*%hCB`43(Q8g6X6&i>Zw$*I@6q~KIE)sD3G8cyrgoxtX9b89+TrJHZcx~ zkiBJxpVDXeTfgwU)rVm31%Y@K?+mn6?Sn&d?(Y^j}5*@QCW3y>k7fmMqpQ_P%C@qj$3$l_@#%ZFgeI|>;ON%)ZwiFE_Vq^P3 zUO`(LRtUF+;tFh+=b30C=v#?GKJn}E@HYT6l_v6k-`af_*d|G$d$&3w=h>z~0-pK) zjBg}#nZkXTYF)%Z62!nQS^Lj}_+%ln$>+h}2_6u5%Vgdpg_~bie-^`+>AL zN0^&mdiFG_nQbhnx9!o379 zSgqy1f#vrJk=IKpXHfG)q5Oq83g+HVQc<^qH2&s1=xYGI`VYe=L%yy$>!pISx+tK! z4)LdjMLn-_kP~zKFKWS$=T5a)WxXwg@i*7t?>FZEGQ{lY7nIfk&4-^qZM|;Q_ikREn)ej)Ry!3 zmJ8&U@F)b$5uVow2G8N)b05iKOu@jjo*=Qi8Mqxljdv`CXFt+!aQtO?FhE;HeLKue)lJHqT_^u#=+`1D{HdJqSFwciaDdfx`^5P(h z@4_VEsQ}?%fA9yt%*kj%(O*4vm>rM~El*J`$11v3cKFX*x0T42_QJ$P(`Gwz?OCM7 zEs`}k`mj=UL6c6>`t^9A(oh?|VKWQ4Yz@!eU99^8Jrk4f1Fo`vZn~SNbS%@PZlb~) z?s3)7lLplxy7Z28yUn;a9e{G$fKm#*q}tPHExy{;-J%n@glvw~4>>byC!`qTppw&S z<-96Xn&i015y#3OvP<`8mnd}dy}QKAzM(@tJtEf<=g=q!IZMIKa=Ygy*b@7jqdOn? z{%a8syoJ%J{jY5)`v(Ak>Hl=<`5C;=S&<*!>>ty=YkCTEOdS@OHX8V{9wq zP%e7(L zfjg~BXp4qSXwVwhN&qej5|{P`rgn}8!` zqHxlgoNV_#X0tzDKF8$R*GHuARH|3%{avV7y{!)$!f4>+xVcU4NeOLprveKWFd`$s z4HJX~*346cKcQP}6Vd~iDYHXgPt-y$10<6^B9z47kiD%-INLWPKt7u z^@QnCTdgr8-=)n>UMd<4K`D&@fcPX3E8+|jOcJRD$W|2aM+vdV_0z{F!fM$$Z5xlqW}p^X z%)WG{ZYdb(`RyZ^&bklv6;8q32nq_dNxbE~wp_RUwS={a%J)4y3$ zv)|-Wv!|Qv=ahhg5HskIHeyA7tB2&8`*f!d@eo^B9otF^wugAbOtE95pEaX@M;;m& zQsfin>6jDS`cDUBK>zQXmg#@#KufBUsXS*4CeSTlU z;XK^Y3S%>*srFM*TMW1QRD(O08~W%m2$*o47}K1@b{~p?b%qez(98xO?OjtXDaRl8B2q zAXc4tBT$|Uuy$~F&Bz_!e*clpb_wwL|_)~+xiQ=Je?(WZ%hkHB^uj9S|@SXnFVPH&poCx}<918E~(IIrb$_Os)^Sw!LjLg}45$5Q@AM5g- zf{iz3?*2@p^qu49`gBeJ*C#gtd-(z6_M-txZ}}k}3a-llcQ^k?O1t-ZRPA1+_FH%? z@A4f}EzfY#Z#2nwwq*@t28;7Ya7@qfMFz*O|C9C$$mpX##Lsz%vU?!LZ;-F+o{sjb3M=zL2+j96^yR%F)^F+Ij`JsI z!LRU$&*e*b?04lskJES5C-3SVMCsKIr*HXzZ~MiM)3@YkjnlX22;mYwAL>{UenxO1 zWU{0*3Y%7^bKZkKjn7sGdOoBeDj@pFQwRERcc2q}P+7@~T<+oA5IxOf*oHwHjmVin z5v|DiU}eNyCwgH-T_<{J#9c>PA3l$k^wJQqD6=}sTSxj}x1y8Wen^uchHuG5p*)IE z2l=Wnc$h}gMWHkbqcgoCN@JTLt88vzL_3XL7H!PQ3fE6|UW6lVZfzu@lU)K0%DF)v zEvmgv5G^WWUQ$Py!J5S{_1y3uoL5C+Xj3l=Q~+=Ha5orjut=*G4Kj*Yl&6oEsF-%B}|MqGUS3?`5^L z3C|I0!2R`?g$W1LP1f<^z>dIoJ5i+4R+s5^)SJ9bc0?_wHAeSJR$#z$J86Dwej4lf z8at{P5THa@=fu#}F=B?1e#8x1__i^oh3l&;T~D#G2Hu^It5WG|ZPis3G^~K4Wr56( z?OJ%s>#AA6;I*}Ds%pjhF*pARSZi<88=ANXDKQPgn>igtc2WjApt!hDty*g%Q2=8&!SFMH^WCD;Ur}r&u1AN;4hp8f^{XR9re9HE-iNBb8{pe&WLXwa2_w>$7Z6QO5ly; zVdh$yA!ftN9-8r?)a_Cqg>AAfsCYKmd9&BeFhY#gbe8u9dxyDfJW0uB2r`qWfjM-;=rj3e{-Hs96P@o{k*!1^4E*h24k4J z`cX;(w}!I1jebqblIbz%hk-{lSJ0sD*oK5BQghWrSQFI^CS`pw9LizRIu0E*R_ejH z3={s;Pb`hrx)ZMVGNRsqk0KtEpS{$5XnaM{(3x1p!;{kpOo~2&zexH~qf4l*?cxqA zruL?&0#igr0wi#0N0!nyNBj{>6XF$PSS6mgQfI$zaw_?oIXmAtpUhpod}c1YvfI3C z&?K8y>(3lu9XL-LD>?xqvRJQFKNaYXvsBvJ94cWt$x4CIx*VOci%OMl6UdiqqZ8Bj0xFVymfXj zU(AAOrMH3*!yLL9ag$o7zV1c0$~Ztrxb^%t_=615-w8K(tLE`RDcySviqF!#lK8`#l>ztra=@!swLu<4^2Dhcc=srb>B zINi{IE{3(p@8${^4h7#VC*9%J1Wfu+L3xM?%!s-~3?_64`y}v}b0dCcGW?Wal1$@M zG2FS~BICJp@v_L+B#s0E9=frz`3u-$2A_FSA4!dnoGUy{K`~O~l(Ks`QdEWft$ZWS z8O?+9}jDO$2p2ZHe87B~LfFI^Ph2IZIUV^R}wQWC} zeX#rJPRX{8CF5ZK-GK?HH>@7|z1{mFzj3|9akZq3nabpB<+7t{Nd*noJzi$ehcN12 zd%}=-7AfDqx1b;4FmLh4Nz1O$aB;4*6M!XbDw@J*X+H!k2O_|fMh8kp=L zk5KV&*+8rK3bvT{^XjuL%m~}KcXU?tC@e!P1hUqs8gMd>r5i^*{{W9`VWUM`clD8H`>&FCKyL*g#IQKdDJraWcUqu+KjFup#MWtX3ABilOT4tbbS;n<~ zlJ?~7;AztfeQ#xGr)dvn5z{WQEW&_9C2UNi(jM9e9>qTn8B*G|;Z(yZ&V!$;7jz%h zb_x5Kho6U(jDinA#or}dnnKz$LL_^K`Z;_{B);b1R>LjFs!g18b`f@{OKv-D+00pF zI&t!yy$zj?Dnc?!PoR609-zdZ_aba0Uj^ZHLZqv_7ji=qaylER(AFkHL_`lL@q;Mw z19rnp7Uh)7hf%^vyt4J~<0LwmYoW^-&F_bg=>0lKklqFDb9vHrKE?%(j2hT&6Yr6$ zYHM}7`&N-I57LDH9(@@!NehJ|V6p?iIO?AwJMAo|`n;Z`+wovc!x+i-cxMDrD7&Ir)I;Pt!!RRni%P?_zOQ3(sGp`M z5pv{UITJ#P1k%XXQV(e&I`Y}}G{5y^2E4Qn`u`r~GaaFqZFWQf>iJ}OxY8Q*uW{Qs zA|^QBP$TM*-#{yBN?xw^FPH(P#xEwh!L=sUWMU3#PGTZcH6*#iLX|=`tyX{p`^#Qc z{SBC)%jZWh(AiE-=3`>cEzJe36-sMkNAQ-O0If1K6F-I0SY_S^dM_eyjliN1eP0jm zD$MD1ka*diVFVJ6ULoLd+8D{Ex|G2TNzeo zGI*AVAvGZO)bi;Q_a^E6#Z)->1ywLeA{W{oUS%QO>71@o;5=$TKW|po*9Viuzsue9 zXXeMmQq@QceLctoqaB^%TpBs0HES$OcZ>Qa-_2sA+2!r|P$D2LrBb%kIBn?TBlDez zg4NDBv4#kf$!!g>nAng{N6B^oN7g{#{wXYeyv#8&_Q7nig06=Z;iVMsD(qFnJQHbs zEHd#4$yb}}(d;S_IE5wkd5`U+0YBY_$E=eMQ0pbb`0b^y_tU6U+L_I8!L; z-tchzZjUIS0K=m1F;f!~v#mo==aq&Rr;M?D< z>B^VCMPzvz6G6|ul_zR><-}#BC+CEXdXbLfMTtQrN#_hbG#hZNvrwEFw2wq2B=iuR zsgEH=A4x&g(}WIj8LCTowu@_^zpiIQH|@T9${7_K&BR&8VlOXRh=(HK+<#RGKZB`_ z@u+-#&BnvQz=@WQPrLyG z9!-67bBzev%!)y&{yc(bxIm4)J9lXIx_M{mMLfSiHgXDm|5aAk5&<0z%!>Fq`2nVx z?xW0Vtu1AXU}1TLNy5B&1VhI$;Oh&DOIOv%SV4aeBY|1f!t7Y+r6GKIP4%pimEoq? zvbt>O1(<2`l{;9z-B|Mc6}~*@V;oP(-BP|0(Gcfk&3=We37sIT^Pd*dybjkdrt;in z{)CwD`MuD@yg(wEW#&s4aN?W#5!4|L!gF;cfZdH~-Dt#OueaxDDas_)Axm z@^fvjCvfEF&^(v_s)us}+`{MF+=j3lw{N8Ji}j_G`kU_nkg{iH{82#-qBlPE+PBZ7 z;R~xb{g3(L_D zWQKYRq*l<0_B;p_zts)5?Pb7UX^DKOi>_YI3lo%?B4%)JfPRh9h!@Jr2O88x5ax;b z78n)~y20-O&AbgfnZ)k_%p8b{*?}i|6SyrH*9IoaH|QmZ=3^Ehu(#6u6h?rS>(A|u zO4=_+fVb;U=^kbLr3F5KX&%-BA7*+U_)@+EJ+uvYT9_qye5GgQMuyM^oYD~zH{@T4 zi{3P*JH7pihByF@G%ncR5};Td9%Nr1Vo5P@AMFrb2{xKJ(q3lpg+wpV@3dd!hj9)e z6xr**>LX-NE>N;0HY{@;AdvwM`YMno2I-uxj1-K5XptMz421j_iatV|*?nnl;P_-D zOoDNFT#wc(%1eJT^KjXch`(rsG$0_!0Q__aJo^tXb$r#QwDs#{67?-QFbj4>D>J9) zW@XFx;d;K{oN^*l-4+lCg#(;nH#?Z4JuUR`5q34Eag!yoCyjL!jcNytf~;23;PEMf zwz#*(@qXG?>AKC76LW0C{f?1CMe02a_wXcpPB<|uOe@+sY0O!tv1&qDJy@h`!dDcW z0ImzlU05P6`3?we3zl*SHJQjfaieVi%l@E}g%y?od9Li^9xw=cFvdFMRQ=4rre@Z> zW|Vww%!ottzo&=h5U$keq}8`!jXa4w6e1h9@PXbjEv*;nOh*IJ9A|;vwaxfb=>p1@ zA)f}OrMSLh1UNF5cyVW2jlMywf|$Tl;Sx=kk*`D6tL@rz*?(>4Bb1yvsMUDJ){^8h z#CT7D4AKr=5!{LNrZWESi@i)T)1v9^J71(kul^Xojg_Sj-*YY=;i3hvE z%MP3k+tExlnUsCIT3_3C7keQVonjhZ`8O2=fYCC9@4`khCclX(-T(=&Ey6Tq>q~e5 zql%kVs7Dc{MyIHYFhts^G%zv>j&_>|QyUB(A1)rb{=-zcb4=n~d?OedvYqcpdPkXYk!r zS((YaEF1GV7U42CHs-0HmS07QK%aw5Wf$uVQEbv&xUCuI$f*fiY3@Q5knb-uQwm2t zaq(GnXJOMWhhPW5ovP(yVW>(6JRQ4UNaj|RUXmSO0IJPjD~X2_ZRfi$dCl_^zUPO( zNwyPV4H1;%HJmg+s7yRCnKil8p@q!Bj0Q+X2jCBY>e9iLgn5ypDCpIsLqZHWmBR_u zsZIG)(m_@XX_q69_L&{Ht&yMb@lU6A+7e-)iCGeGbE^CMJKV8rc+;$BsuRFQj~sAU zEG0-}`yCI(STy#Ov*moSCKhtUeWdNyRUhh4=1cn*bsGj}+UiroOC^`^TetwK#v4`d z!dT`8HlfMLR7+-b`EmEMXA%!Sgkbrdn4(N_viW$2q9RzsFklBn7{3oSL6*#qO#PbB zsc5G5Bz?Nc?f}*49P%s|TD#|)0ti8G6D*n1hvS`?=Cxaplz4HFgMeW`Vcta!oz3=R}uo?9FLfuhloe%GT1b zLj$8Zes-Ob!I<<}UqTh|s^|@)3Xp!9pZ4PZG>N$+1%0x}l0oMd{NzAKX)NGHnjcsHCJMbV$Qa?h7#&#dbjQK=q#E4)#O78&Wsy)r!nT zK^d2#@ZupE%nsXx+}BX@4znsjAsg!E&>`&&{QKD7IKXPzg#5Jr!>K;d(g2s5{-HLR zmSy@zwmFqIK=bn_^j*GI&-~w2`D9XRTw`lutYTpI5I(nvBH8;J@M@)13EMt*=e!eW z$LYFmxDtzjDpy74Otq~aaZu=-zW+P6XgHmI;d>iVE3uRL0N+q!;Uq0pWp@TQ(v5z| zHkeL(cCT3@?9DX&U{fNev#Vr~RAhMS630cQ8T}l`r@mRor3!{^jM_`~lnFr#2S6?v z70bkAqVb7$WjaDc{cR9bZcB4^d1pM$H@i#wUvll|=^RD{Tm|u$gG*|slPKkD-bb)Y z+;Mbnw5%nYQDJ>(|3ZP-M4-?_D4}G)eFe|~aTD-ph0w&S$9{=P@N(5|`J(7hQWNNE zwNXL-2LbgA@SI8F^$O`wsTA*aQ40U7WD@(PM&w&%%L9cH*xZsw5fhN^>gr%Uav9e@ z>%tK_NVSBddqQBDE6#^zChkkBp==H@%Aj!F{#GXESP*miOjJQc>)<~jVI`<)fl`O$ zC+4zXe_j#{RVWIcZb|-L@Yr9_qH7#~z&dq_KlYA4>Ch@tGUlEJIdYy$0yw6?yQk3X zE42m^9HAHM z0G>>dGDvX5pjPn(m`a{1Q0@35t56$UGsyz4QcD8T2|KH38w{1abzpcx+AiFIL91pP z;FaQa;9G))t9sj}p(j9~{YtmC-&^89e=>?`^9+@|g?A|x4>{L&8t-8ltJ z;pX)sM896;wZmg?)g4dW_@M$=p&Y;J)D$x0(bHiB0?(i=JhfZFLb6=XphG&U+d=gtyXshzs+Tfwyp8s zb2C&Ahd0)liwAD;PV9LA-b0U;<42gMl{Q;;vNmu|KAhPS(;V&(cVZ-s#JSi~z7EfQ zI?I6r)@s#FfpU7R3A;bGIm@acPae!YwRiNaBG&`1#%(DQXG-HQ(mKs&$FVPEhhFmh zK;mB$iEr)6AB}nP|1l{dt}TRN@+kZaLru)(9m_o`kY45Wb<6cyGRAWiITh!^$#)=FT9E+ryfgTl4U=@7GtU#pfDrDNICuA)P5tEd*awnF;Q(y8j%AZLK=okzSs zCiAbO$e*Obh39JM@12&#n5SqxfS>d9s2|lGj?Q0j0&QKw%XY9HL)MSL38M#dLwsijECGBy$LNLP}XK0))xoOx6`H;7$o>#3q5}|Mo@nzS=WQ0$Bl2gmI!Il4!9=VF~?^LDvDxcdyaxsFK=|hir8oi zDf|5{VPYmJdpj9U*koN^Ty_i(LvJ*yf znKr%RHrV5`qn@7!u5ww*AmT5NdW9}X)$-N8@{8ws@h*VY%2t8Wjq5Sk7LBOq0W-Hy zE?(In1$xq&I!QhBk+RgBA>z7)34@#_g$qZBU5z{3iOsM-;Vf%d3i94m%pjs8@5_$Z zkAn3p>dutED_yB;tG_fZIfU}ccYF~pK-*tr^vfrDaUVeL%Q%DLzl1k`Nj4wk@b$ha zq?PoFbbg^Hm)XqM>^NPOZOyn(+GTFTt+q~LK?N9Y_i+{~b=*r+9<-$_1tdZ4BoVM% zeO8nt^j?}XsOSD$W#0fD>9%eg+qRu_(y`sK-Eq>fZQHhO+eyc^ZQD*>_Ph7JeNMmo z&bha06vw~jT=iFtHCBCNesjh?o))4P9x#@~E%N_tfv%)+fm62a9BX1oRpA6NS}o2r zuqrCZ+j?Mxt8zkcy!6GYdcZk5_&p0eDOXIG<*^3HCMudqx7bk$d?iq)LeBHv46apQ zgCCpO1P)j9cD_61LX7c%Iz^00b%#j*toLh;S2yPcQ?V>dFyjR@J@*59Lb=N~Y_4jX z;U2qLjT>ljwtL4Bc3W5KH?bI9lGyHID_atM3$_V2JxQa?`_1Xw>{=0U7`q*%D%hENH|e$JnwnFvE$I7Ggu9Qs zj@u#fYeokBA}pGjaf#(9>alJC2|b~zRX2y^V{bS{uJf=8s@^!1aTuPd?I6tql)2}u z0%f4x$Xr#!e#()DM#|52b!TRSXmh6;BOMq41Dg|st}*J>Mx{E|6zdk1UAZasH?hZ@U$Yk}}rhS6(4O3qIZ z2vG(jH(}JtVL?Vyc-6O{oin-3=BEy-X2HK$pvqQP2Y57r-X^p_G;u;Tabh-kL~_$0G;{cwJ->@{jxy4MT`h0cr&a-p-Js+g*of6u&+P2eh(@=t zu)Duf;#|=PXf-X}>sBA}RPD%dG5hvZ-v|kB!v7Yq5NKsa=&rr$i*Krat*wU9HM0^> z=pZ`U8ax50pi|3be!!P}c1%EHiD51eEFM$CKp%}PC0fxrNK;3d$*NF3a$J-rtA;(iO&-OZHuySCW1^02#gPxz}k zM`#fqY%F8fr8AwPfp+KNBKOsTo^{Bn3C3o*vnh6(l8lsI-GS=NQu;1?*EN0f5h8Y- z`)i)Zu{HU$N5WkKulJ@bd#YpYh6Y&b_`FVn>c=0N#N~Toox(3?5eb<8hO@|*CQ-t~ z{vSINB9tV|znn$5>1wz`IK|G~U&MgpflL_U7Azo`x)NvJu*m^q$w=JEANo?Z#`5*r zQ1QECdyssVe4}-Mi$!(B1Nd@_QEB+g`OBAT^uTvEhV@OQ2C=Lr+MPDJ4>LLKvfgjK zSUUx|BX{L-GLnt^2qhUL`ymT=le<9!RW}MT4|b9V1#o1x!~%;j&@dA*Xc=f2%fEAt zSC3Q=T*36#!A#O~OqmvpVEs*MiAc3y4)W6kQqQi`~voX>V&_Xaps2b)Jr}P_q z)1Ju#K5n|}j4Ikd2;Q&IkZuBn%m2oiG~-x5R+yQqLv@Z54)H_MLLJ>$%E~0EK~am* zuB1QLBAJ~dECQ=gj*EI~+V0Wjk|AcWoF+znCa`2Osd3T4O-y}~(^fgq-E=SU!ScKO z8WR+dX+ctj{DzJod#ohpDyNI%mvWukD}sG}9Rla%xMD?QYyrB!U5-Glz9IbLw!ONu zz$i4*$V8nEr9QpNh?SoYGF$0KB8$Z-RMW08Wa%QJvp7%fiz}swCiX#~P!x5lh5TRo zf3*-xW1(+!Q|2fG>{dPcYRcK2MNZ?8GS<21g}+G{+xg<;k_op*{7Eg_8FT~0U0P4&gwPWqfBUA;tFpp7(si0K}+XxS+2I2Mx4I#9D7-w>vew7F z)y!v~DmcU=P1ID(A49;}X6a%|cdiIY2uG+J1JP=g^q&PHjG zpIBpP-U%*;xLMPITmVxzg7DsOO>^`R3r#w5oDR_U;H?-?7DZ-ijw~XCK0!Ia+=q^2 z$0Ozpp-0No>5~8Q7tEgz63(BJw3`n^Eaid%is8cMOC9Tqrj~#GR?;p zNkKNWNMazBgF3rs6zH1KFE*z1bn5gjG^`Z50sG1sqEOjYcYz&3X^J_Mv9T*{pYYQR zRgJ!C5##tv{0Q5u#yDrj%}pwFPMz0Hmq;3W5sbSmb=yax60Q=pB{zcRey_P)Z$_W9 zA;9QGa?gP^8oW7e<#;FQI*q1gUD9LSQxX-A7_BL}Fd*?=S?K%Ds)N{uAYUa+z%tP{u zAFzZE)v&pf^bwxVOCDmzyowK3mvy!H6ll6e@VXhegb&w{btkb&bi7J(tuX!|(sS1I zV)iD$>`D6C^)(i)<@f zn+)#Q<<;#c+#auTMAzozCwa72CDx~R)~6N0=e61^dJNykv+0|k=SL^sM{*qVpG#gZ zeq6D|m#X*Us~?N%-%0tTtz@jf7QFw^@I}OrTCVV+1WsDpr3xU;+@)emi2;%Hm6jHV z9vL7aQGOH87bsp)0#8onAMhI}jCsNF2)Ar4ofE<*keO4O-|ZHFz==S2K4Uz5J-l5y zIM}@8MF?U@zGaJtSz^@L^sWU22T9Z*V{b^4Y}H^(GExHC!}S@fvDS#<(283TOk}d` zGy?ZJyaAD~YVPe|1=$Js700*p(;ma8AIoX!xq9GKn?c)0*71I@z!;{Ru#89>Q9FK;9 zF&dwIa+5Tv8uSW0Gq+IYmobMD<^XV55OKn#9|hA1J1bq72|`>NAQopzpniddW)De+um4;s*g(t#2yY{)v3~Y-gi;lXHy$VR#zym64ih=qm2Y_y<*0{C(b`cf;)Q)CiA-g^YU1{c~(ej0zAYsHs+LK)j4X_xy<|d ze68~I-PfvT$qA!)G{;VBIh+A56reO20njGHG(e{AwCei9wI2DP>m|IE~VtH6lAMEQtyMrv7{?k zQfEvWPZDlchdbpsLQA5md}2a=B}TxWf928xMlYTc4OoDVECiS)|A6An8WE#~qy2$t zpu%2cAp?kvS>Qps?p6Pe9n1$L<0NJ)V`_I@!VFN8VFG9dTTFNf)l2#>6JN{k@6vL0 zn2|=3WzmWwp=x`>1)-Is4t26qM?WeQ7vk70zn!k7e1{EE$$-qD25TCMuqYi&*=y8G zVa_yS!?9bhAhWQV4D2{Iuw>KgnY8546_>-EEp3sbw^vQ4S#=NO6pE9)X9cyq7Ro4- zo{5{D#%&+5*3mPqEo3xM4tH-Yy{XMh0W*PPqBI!S5c=jSoa&GYD|O02NAc2JYP)Kw zjAgPrSzjZmiV9U1sI#E8C=AMc8sHX?X zg|N>R_*;yySRo{GYOYz6ken~xZw$EpRF*@WFe)xIE5EA96MA|a)Z*oOA3}SzdF*WH z!?DnU8%n9{lCE#ENIkwVz($z4bW|9op;&JZN3biz|u{t9ZyNThw)qPi`AnJjB zq2UJQ2o$V^K_e1J(#}WH5ccF)N7DKW^b|Q%d1M;#Sl{F6y@44lcl98%hMrKI^w;`B z!`*h`-{}An{3rF@Bk3?Ec(_SQF&pzRsG?{?opY&$q`nE?k~QT89{)HOZ!uSsuHWXX z-%G`bzA6Z>(rM7I;ugmg*0xVQ$S7#W7DC3*VY@;4ZHQs&^rLKYS||X3P~%f=z+kQD zv@_?50nQg-nR*GbTbgNGb3i>8DUWV59s?}PX`LbU+*(CSjj5tso@nZU>)yQ4IE7kE z4@O~(kw_4f$gywdyprFlZIx-!m#=mRwbe({w7>SKv}(Enjk~h?r!iFVG3-&8MQg!n zMov?O_Xfl?5>`dSY{YZ`JdKXJWWogz)bcF?LSW)wQCP`by_E%SNUA z98$Dj8j3%F)N9kqRb1FFdt<ZTr_^Y^Tdbr$eqhB!N^5Y8i}UVr*doCRC4v8LZVK6`;*-iq`%n2UkF z03kjjww^4dLOp;ki{h@UyZ||vm+85Ud~R)aDFBikbjkaO9EF?}=Ped^JsfG8-96&1 zHwk;OwugQMUForE&NdCZ&}WJCWmNqt;-s5C3NV<;La|Ow=K;2d6JUOsCkZc)Br?>L$0iJ!nZFmY!@Of4s)sUY;;^onk)3c+sa1qp&=liZ;|fep z`Ftm^g(8oVAgL8D_k$-?a4@a!HtuaqEo3N>f^yze&*HLe;{4A46uf!>kZ}55luS~8 zxOplRro#6<`WdqGnb_eei{L8FY*a=d7dt0jdg`qE`wz&Uz}sT1 zk_6%aD~y+J{vBS~oHrv>597Q88{iN~`B zr6tYMYuIDRdNu(DL=@^(>>IQbkfin1DrUu!Q{RBDnLNvS$+f9#`1$t!3=MjwI~f>| zW`JTdI$&YG-0auZ+Ge!f8DIhJ5I7SbbRQfAD%g*GP3a_v2Wlxp$^ezg5bste3L6m1 zBY2$>p6@y#Yw<>Bfya=%?#!2MAS1kEz;Y3`_w6!>o#Vm9c?h{=5jw9Vkih`J&kjL| z=s1u|3RG21D;VL;z zYPVoLCf1i5r0%}EH;j44YD@*KfWXSri~V$2syK+BdXEID`lhs`wh<5=s-=BTT;RB_ zp=g>;A!jQDA0Oo4QYIW83`(vP5!6 zUWBxYmdfhzX;@=_M{|KH@cQT7!_FbXG$Hz!%5)0Z3|`i@6P$*9((^sW{j8ES=go%(85`YuQz6 zGHRJ-5y3JvV5v7-cwyKULAHLbGIK7nQfRVrA=0#L8Qb`2x4C=$yQup4-T86D?vnd( z&2EzY(QAO~GpMLbQnfxDA4=ZW6FdJiXVc`aQ1}x&e{=Q|bXdj;^w`2xB#(Dbryt+X zp0UHPL6XBR+9Mq`pX8N(5b#-lG`+9}FCXF6VIqcwB1=Qn;)qLXh3i>zkzM-`lcOVh zmesyBdsZkzYwnmdL$JrJ(B064i&IqM8zLxwX0M$C?c6g}#^EuS_8};TcEzng3N2D) zn7vl{Ei(h{f(ztCcMAvI{L>0S#V%5WgkODTuK-<~R!g*<(76Ho9g7M`OKj3;wKxy8 z|D>xbQ&0M@g5Ywq8J9Fs6SSQNg7acv3~w^%c)}h zNZh9m8>8__k@xq5U||;1JjkZ!focLK=Te0XXyef~noN3){rbs^22R+qC7s4# zrvW;!42C1qM0$9`iVN%tQ@>pEU2Z!?-z#5+IvW#HS6qY5#)y{8))Y103p3IJ&iu;h zZFd_34RZ`5@){TG&5=vJaKc^^6A#b`!3ScnO;=2b1SSG!^!8GNiDuY-*$Mg~Fq3`b zF-nt1;uiPoA$Doe252;HvtEw1aqe~T!J}a7va+NFuK+Qx|n=sck$a21<7O!lh9*>m~ zsH$r4_u51_efeo=o2j3hvJhPgHcN*NFi^*!?!%6qP=N74Mo z(YSEBYBcK*0~eqcL{lBvxI`J(=FRZ(T_mCjFhs+~NlOLQ`S!mus|$5@`YTfgoY&4m z2Fy4(Z3-^lRaO?MBY+@%1MRqUe#a>XVQ6_)2HX#d?LtjPVtY_wCTvTIi>FqiYgFCzMO|)fmKj zu*d5|(xGTx$ z8K;64f2I5X{Dl)`Lk`_YRmapva(TesQY@g1edpn-y6XY9Db8y|m3qb`snSL#^{te# ztwLyL0!svTV=@EGBQkTUc~mEk#|NTQppf;5tz$JiYLvr^j9JHY&B7Y~5h_X>^A3^2 zbPDpBOROlmqFn({i)wERiW*!+6t1$`&N=|p=sS{lfX|xS?=8Qnm|Yk;-DsqArsgcG z-Z*ylB-%Q4JmiG5x?G##h2aZJKfHohnASMUpoBqkZNG~`HzsM!^hEa|p(}50sM59E zR;W}_l~rQvz7t50nnKjG>Q*SzHF^ChT>CZ(E&$7fXzhBK`o~aX?P;*7t)F%6v8~A{ zEa}HFUqb327@jc^7(A3VuZ#(7_xLCi_q8pjS!A$xWNxb|1t#+;?HTRu2t-;`TVzx; z0{SDP9ibfVB>%AP%k4)~n2gIUPUgp=5iyhs9V9ye1DPa&zM-4&ZJAd($+QN z2xGpDv&egx{5i*@7p`qb@i}FJfXgI zA(0xpvHRDI46qJyUgjsiw`_Htx>5U4vM7=gfGMa6#v`laI!Wrn#*+DgK{SE#@q%@(WrSsXJ|5+`GtL%ZI1IT+g${WdDOQ>+{;pmaNGv( zhn?Xls3{&oxEQb2I7(=ui92szXT_~gsk|X8mqSz~;kz@P{G`LQv9(h|F?Bm-#w2m8Nw{+7yT#?&UGsYeU|;K0pu_WAuFb z4sCf)GqM$z>T%yHyTOGP#7=?cjO%<2ezfoBqzT@@-wj=(b=65J;Iby=I)4%NU~|DZ z9^1*elCCB5P7o^La*bDJiwy4K&g70vq9*M^Z!lPkmifIfH{_eypfm2?dNypWT zW6ppQam^gYmkAZpl-?0eDrhrCB&87JIVoB#_O8r@fkl`le9j4gn{~&^&zpF{7yxiP znk;&3K60ZZIs$zUCcvKGFllo3ouYyWXpFuncun_s)O+Jud;$#Lyu|VX*oAK$fdBOt zZT4n_;WfnUiLoo9vCBL7)LVJ2Et~OM?(P)iJZGI`2&IBH8se0Ps_RMTj()K?*w@#R z{)0rg$tUU!gei)68*zq6aLW!jPUqN3fdQ;t&)9ZpPabgzAV`0z!EpQi#eyXc0*ELKJY{8X<()Hdm0L zH1*_cd!B2L#RdySj!oS^F%zE|_NVINMK-fj>|+jQnv6l;sV%a-^1xnLn5UhJ!#bgP z-7&S^p?0o=g3Ix{OFUsdKOi;smDomQj-df=iSNDy`&EEXpFrtaMVHfbH7Bs{UP4_3 z+OwQ@*b}**icT1f7yciSJXN0ecV(*}xq0Z_5*OCM@5C8D=Jb6+W z9@Yco;1+P}xpP*$LKD-o?~P0-0~eLSrRBs#8Xjm;1=fsB92|2V<_SkC7N*foCcosk zHX?Pa(C<0b^|w4_clmht*wx1TioRV5CsRKnp3HhTdCU=l%BnvgFyl3B;k?vIxT@mN{)k_@BB3=VOxWGnyHGA!Xsrb|rY~oSvu*Y+yv0c! z4XBT<%9YO)F>~h8oP;)Jq|5cxk{o=(YE23|7Hs$D8Ib^-t16(g#^mnbzay>8hSm_{ zJ)m-pQ<>syk1e{zqW#*5|2}nrwBiHwz@=EU`?mRewK;Ir8QDo^u0QP=z)H??7S<~r z`h9|c3`jBb=d0V3J&R^G0(XR#x7jsPW&vGJ6Kv-Td~lDs4H-Ee+zjK0c7ao5C(%au zM%|rKpCH_2QPs4aHD6c!dL!%NN=%GfsOc5~Xm7oVfU`9Hz9??=JFmadS zIZLk;OK-ai5`I+7fyl{ZDh9cm=GzU9r;F&f+z*)i1h1NBq2HRy`x1d=-2C0v+2KJY zmXf1fVrOiH6E+%pJ^k#P+v!zfx;7t$x8YCoaa#u(7u_xh=~2G7Hj9k5lt#xPIUdp1 zzCjP3>VcaIuWkgpT0_lVNaxyDQ=Z{cWjh5BNdhGJFGi zamIhWML(gn;suwU1#mbiqxu?#w_?@^Gp_K;7)=j^DI=5nE(Cu*$mVA9$!zTjm;Tow z=-l;-7MQI?59kEDMEdPaArEw}#=HZ|60a)1pTW1@dMV95WAolw)L)}}P#Sz$ZaO>; z(M2VzW??*g3%rJ6kZkX~hNnNt)IYD=JEX5TuRM|4y)HSr3)%}w^8BENF9xT6f88>pDNHtaUP5fF!r1v$t4GKi|AYxM*lwQh0LW zc6{Y_RB^rd$Q-mB*K=wZyvTmL^^RyYT2^rjZpzGkx%I|?C9ZGTWtxYVW1-0T25=D3 zYp(|q?NT-$m7Z5vA!si(i}20d7v205>X@9uO_bmzGEz1ydP4S;(K(Q4`~)-DB=TVj537m7%luWUuV1vWkc@PYZCcfg%sD2tT_C0^(uQ zCnjZO{wzw-CJ_+sBcyh!?Dt5b$0DVE7}PP%`kc>7zMj8hRvtGwImS!!=v1CT0&Q2i zUIJ>Cs-t^k^d-p&k{7s^mv_mT(HtHx$~e{_{Z5||%Tp&^1>zfbvpx)DzGi<#kdhQUMaG*DxBy*s_SL|C zj40rG0Gq+F43Shv^pa&ZDw_7ukyG?1b>p>32V1KGH=lcZx+u96W3vIAQUF$-v57iL z7*47Iu`bM|84b;W4#m2svIZ=96Kk-SU8qW<{ECz!-p`Ra18kA<+i)n*@IcQIh2;(- z#GbH>xIy8A$E-)+axmV(O^I6WKIJz*3+r!C0$E1ty@38Mrzm{Iv9wN2YkPi`QOdt= zUk<*1XV6H?D2fRRd5m+z0TChuZfE*)N|pp{VPT)Kq&Wk&0QlGtsyacyAX!~%n^$y^ zZ*m$Q68jdUInnh0c$S;N!35JAyQs#G)X{!@GC*&&bpqX%w1AC7u8*)K#}?9siyR6i@ANxk>VQw0Kz{` zRq|`1(h5TBY8F=5gNR?zFrT^-*~K8~2INvJ1JC(CZF?4SV8kl1L7uDISBaZ=HW=ER za+kC>jSRJ;@(s}6l?jb2X3sCq+PQAW#yqY$uS>EQqNc1=2+6tw67vx)qTd_Z4i^v~D?>#}ah|g_FDd zUHD@N`g-MOqCV$Jh0mw{KG`g}`gjiuV`l`i(aTyDGp7M{@^p_HN#MnM7d1VGoW#$p zjj+|Ht{SxRr6H|K6xA4MN4*ZXT%})4%H@E~fcP{nw;_&>sW{N9=_W%x%C=@51r=)R z0tM;@W-G5}Y3N>Thqo|_dktBRSm3ODkNS`pqg3ckeVG#Tf`|=){N$_Xv5AGB%i)YR zf%A8CoSbwOQJ2AHrO<8TayXIiV;Vo-gHQ93Yx6tSj)c=KnN1mU`*?jq}^ zg9!(B4{`Q;ykRT(`zu!okJA0-%1G528NboK3e~$d=z5&gNvhekHmO+Nin>>Oi00~t z=E`@vD-ECMmubB+qt3tL*m*BKCfy|icM`&|UJ>t7O4PJeeG8XwmZzXk;Wdl)G_qd4K z(p6%L7x?ma(zQUG!X#`5yof3v>Ba2U8fNYO>LrUcxbW~D+ih7ZeuIn_z}Vgwh1o+#)@Pv603rAmFooLl~^r` z*<-#0lIu8{Y%7Yvn%0;!=p7)jj7rq@lZl~XY0P&!JL}4yf|&)rdOliI15QJlc#1#r z6}lp<^CRIZVe2nu*{^qr(1@8l90)xLfP~4r#KnVgB-bK%?!lV4RY4Q@ReT!+;7|h+ zL3E+^40{I00DmB{f?}?f0-lIvLa?2sW{~mBqgVSp zXQhNi5@77$;kf`D??N_BM+#S6aa-Tqr*t|!I_@d$h z(ANXhI+ltj$W{i^gv!j5XMf>OE*8?J7%R~j2+sA*kPNDe2F18Mm-AnXvqg+^lDm7=)ygJ5inKX8Sko+x-`#gz~o2lbxj=7V>W&v_lBZzp~ z{h5|tQ{>Pzd5zECM71bWp3pPQBJN_>R47Qg56S0Wm&6XAHEid#j;Pf{lp^*+JMZ^z ztVa?8Y8P8tn&ZQx##qKd-RtWNnY!a81Dodvs<%_o$&*&YZm|?&t6-E=@{6 zKEh_J)p;p}%O2CaIj=gshh- ze*IJuV_(t>!tvhr?M$!{$R#c>$QrxhDj$&g**@?cP#7vVEmqzGW+g||?1N!&`Aybg zoIOYNCP0=YcHSr~?e)3r6cgyiMyEr8Bv3E7AW0WQu);F0EpXI_%nDhqiI~~m0$Q40jT?c87@nxH+|Nsj!mCsrL^A}(CV*nx`K*YrBXd!V9^Y- zl}t4HQjAR8xkYr_cV?n*prH?i^C63{_C;h+kP8fYSo4;O$`z z<#%Jd30i*U&|b-1vJNOSX%8Wj+X^Z!YSZ>5IBGafuQj7yb}Q$kdxQp)oZDVf>r`%( za8Y~vj1L>gT$C#VI!*N4{-KdHT4q^h{EG z^Yr}O9dC2H{O^L3+Ghn~t?J+3F}i+y-hoONeZ{;ZX4cZQ!5sfNi}Gy= zM`q100kQ3YB2HCPLwp%|2s&b8@^Vu{MfPK7+5P&(vGZyBrRcQZgVeLN)8n3aul>#Q z!_f1S@pb0(`F-bQ!fV_blhwt|1-iGx&CZ2-qqEJ!&Ccn(t|m*tk*WJPY9pKSt-W6n zUuQAb6*k6HYQ=ot;q%P5x9|;JnK3?%yI&sYv+M}utv0?k=NLB`B@U(a+$%x!bWN_K z?3XsoI2~72=*~!}5~CZ&Epxc=*N5?`prZ1;)fArSTqn&@Q1o&YNfv2roPOl62B$eH zWzv2H^C#`%f{&&%loKBLGA|z~he%B9M|ZI)_+d@Cox*t0eS+XGI6c?#ANJ+Wk{Nrb zrdK4R4yjRa5uhwJYeVz)@_eJai;&NppiN3lyL8}N!L-#nykFi%yPN||ATVvhTZJrm zBt?PE_i=6`H|$BXOE1;3h6$074#J;59=r2Fm!x0djAY;r@-*ykC!7~GF=x;0S&v0M z`6gIaEAlspYXW2RtqLxLPmvSOR%#|ef|2)1tQ3rw_&haE`tU1oaDs7SA>MVZ=qzKg z9%@~txH2tzA4!4(vxA>XgqC=Pdz;XAY76!GOM{&ygR~ERXn_p9GTXeH+~L7eX5m~5 z^{7=vT)!(>=17ZttWAP;o1qfJY(*KwdsMs$HFkDmA=pgf6|-=AT*%)owcEB)bbcSD zt#3$P$ueWqffjA&3hORpN*T)xv}cNRn8megq$ z#KA*uH8eK}NrBz>kpjGHIahoVJYrKQDNv7ELHXo)Q{}Z-kjYbkf_Hq8;G~3k_io{jjrSHZF~HX2C2qRitXjZcO{(=~?Nmr&e&mkN&bsm;WlMkfNzDQ!zoi zE|k%g(1X(T1NRaU8q*g%Yf~VLN8W2ah$E4nkzM6Lfano!EEe0^b_P6L>s!#-d)ABo z11!ep&czF6A6ytu(4tp(zJJxOb5^c`(;F<>IK>D$kNE1R$OPVS>*7X+JThVKEF-Wl z@V4W-ssF1F2Z7mLkT%i4f`sAo#gi%9$yXx=AP@@h|3BIG>)-nSzU2G-_3&Ti-2NlN ze-#t^AL9W4@_p{Vp8gL*WB&yIGl21L@Tb3YssAdG_Fu#?{>k!ZGSc5H{c!&cmVe4g z`V;%l5RSjG8^1y&|K%t6Qds?SB*&lFe|mfWjopUx@3H?2r|&-r{`8~%o4^?Fe@5`1 z?$m!0{AqOjH-R<5|BT>2ZIAyX_|ro7Zvv+;W8Hsu`v2h+{f92;PxwDOnf`{C5&HM= zfAlr|3I1o#z~A5k;{OKxpE?Ns#Qjs&{WtF8m(lRQJSYD`9m}5r z!#}bAl$QOC&8+m_#r}W4(EqB+`Zuz_;Xka0|50=O$7%gF_|LlM--GFl{$cQcRzYPY VK*9bx0^#c#_O+TVIsWzPe*x_G>s9~& diff --git a/library/roles/tomcat/files/tomcat7-juli-log4j.jar b/library/roles/tomcat/files/tomcat7-juli-log4j.jar deleted file mode 100644 index b09bf783dc734aca0f3e0bae0e6b402d4bfe3ede..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 75385 zcma&NQ*@@$vNfEfJGPy4Y}>YNys>R|Y}>YN+qP}nfB)m`n|&_6aW0;*p4+OLHP@Uq zYROCe`V9pH1OWkLs$(cp`B8X300aaS4h#f@^6!)pQ5K+)kQJqq5s;M-6;V>Al@Se! zoq_hJ#|XX&_=4wJ1_%+*v_A#(_9q~18BEP!waPS0yzZ3X2@{{c^U~cs+!bk0AZ3=Q z)yiUZkq|)Bub)ZOSG2hSpVhhYieq4V@fA&Yf5Wq1#onU2?lfR|Cs;4Glj&Hi&>RkQxD!(tmkw|!)kH3>6G%eTT+bugA!qpnR zOX-gpAdHV^tXg4A!AR5s^Zqd8iAnG@cXHk`@)G`(X2nZ4s z2#D?fokbyA8xwO=X9s|jxvh1aD-W2Z3|9jO) zPe_gt8is-@5fJt#EM~z0qnLteO1rc34co`BCY_u({k1fV?mNytC#?>}4Bv~x^oGZ> zrt6tAP0zR6M-2YhPEVB2q~Uac2Jy%kC3h?ljU>^ikbx??4d!^L%G6G4Gd&O#(iH=Y z=UP+LFs38>Xq7J8hQ5|2xVzravm5Z?DN3|kwkyW-as4%K8>~D9!97i{U4~r)(*;;9 z?)E(8tckJ+s9`Kzq29R1r+++z_JkR$Z;(6n3paka+ASU5(g8M-r;?2t#$wLAZ%uuK zr-=d7?Y9=&Fh{KutXv2T%wtEJYciMZrxIWGGX7e*mAENjW7$Rlmcg5DkyyXe>92u; zoJV}&9)K~`1)`5U;<6#+Y=Vo_>BCI;I2z5E^U90hx{pR~W%*u3+K_eGGSPLS!ssjY zCxD4C6YS6TC)q?DLm3!#H@@iW19nB-9AFHHp9s->c3f)VP|(UVrJ<+(Y^j4eC`rf$ zZ??s~YmQ0bx|Gm;l_d@boJOM4tSpE&j9qyLE0(Br$cHCu@qqiPRz0Ne;6_ut!@dI( z(???)#2%7SJS@$wK+Ym-z8vIU# zh^lB6ZP8B;P0N;7^S{=ua`VrQR(53eN=QEuDvyJ}QwlRfS_zYmJvNx9IY%Z}q52LS zZ5flv1 zzIR_e(v-czG)wctVfahniYX%4BE*XYDG0|?^ectW&iBtI07sHdS>R7W@00TEUbljW zqIGj=c{EY5V%0V5TWSYEN$kb8{A+OLbX9m09Ver-<~xA3xQ>ImuUTOlfQ}k`?hD0; zf;K^aNj59~T9<6Hziq}*?C*D)^C3!ke!Y9M2$R&kn0PIi+8iF~#ym#NJ@g^Sl<4bi zH@(ykNi&iUX#!MuI$tw79)BEPxJT&t2=biSnvwtnvOtS7@3;f3-iK9eIa)wZ#Aaf2 zfm&7qYU3DfIn_#0NoI>!L5zD}#K5!mzlyYdl9tf*uSjIS{?A2X{15pkURWRtpnQ{N zm}EE`T9jIMEj16v53kdFlZT?m@(ZXdi=X|B8Es0dyBaZKk7`jgl7FB6dXx#j`ID_7 z1VfWgdzt3=HSKyl`4(eqdV7np0ZiGdGX!$YZqL@sQ~A+)V>mEEIxwGFGWDXZZcUn% z7$XW3QoOD8|^h`2f zb3u8DU+xl(IgY!PvPh|#=9S=kD&aWjS>|-vxO>LHHom50x(0{B050^(IZ;S4OYGik zXdNHwduZ^d0FYfyz9b>oRiI85(lczsOOTyC#uR+CJdIP*(v^pj>@T2pB04IRgqCQM zF4knT1*`Nw<~*Mre>JCJ z>kDkj$0<_QGlbT5<6|Po2}0C&k)^os0-Q<-L$t`>Ei)^!Q8}*;j$kW6J)UZjm&%C zGnp{D6XTu?DzeKVWKA#ksBVVIs4OGdU*ezF7EeDbNs0)dqBA0Vk_z6s=6n5~KF4K9 zd|p7bX9Y(hL#W(B-&=u~g?sr-4%FR} zxl@0!M-fu)gPS|`3T2hMpHMuRS8xMb*RQG?A57R0^NMr1#2rz?e_^82&@ka+SB7wM z;#t`7xV2vH`h{3ux}6$?q$xJItWaBg z^;a=A66WoMRhoIx6-+_#8lO7TslTL26@LR9GB23OWx6C_0^Ey-9=YMOXXy@Sn=5K( znF|)akS14{xzsh$vN*AfYUZvm*I3U)f0)#N_9!a9uPH9!L2sePpnw(LC5ZoEndF-7 zVNDL$?7sUSqvpv}Zv8-9aMi`-8~O^K4W81G=TK8z6dRneWirlEYEdm-fi?wA32ygt znlnihop!y0|2JeHg#!$z|G_2apMv>6k~{N%Afv3Mge-yb%?Ze)k0ul_V#$qzP5tdO z`&3W6jSztC(o18gP-Ht*$YgGjT72w(T=Gg+YawD$wLao~D`tIl2B{c&d9FOg;r+hZ z?U?rVIFsW`5L2PvBrj}@Fi>jAXb3=4V`($#ucHsSAhl5^&sFV}OW&d1O%B>}f}<%xER?g8RoGMfeGi1@;Mw^fB#WPw@9s_R4 z9k03FgCpL~XaW?l1tWxLdKVO>r9h&hL4+s%L~j*@t5kRU{5NwVuYT)e$}E0nM(!?;Nq z%iTZ%OoIblqsE*K`{b^7SR-;BV*s8MZ`~~r6g#G_m)=2I6gh%5JGam7+H41}Br6(k zGwRpD{RM3i4VgmB;*oF?7o$}Q52{OHjwm?cgz@NYoVj5 z3y1e7Q&RI?09n70sHejW7-KSKtxZlMxj&5s^1dD8>!+(HEGwrBi+Vrw@%0A2&W4c6 zZ_HM8ePBz^9PF zjD`{%z~hgW zwO3u4VM@8B4P{s)=ehW-+&2fBp2E~o1sl7mVak?7FK{MfQaE023A#ocHH$b#pue1a+?kRy%nxIS?L`SRA@PMw^3-!x@KBO9%RXPYm zLPMbm(3rccV2+1buxoB^qQD7#|IYDY$Sl7^8hGnHg6cZO*rvsuU(J&|8X6XFduE}~Qy-rLixn(G zQN0!qS=W`!)r`?BCqh|5-Oi_S@YyB~HnUjTsi39nB;qk*e_(vIoQg_sZWeeKR~h=! zk5U1O*ORvoh9+ByV%Bdp3{GybN}D%OUjyd={$zY$f?Rr zshRYhJ;=uOptRL;C!238zUX&O=<4cn!Yn6g2-NlPWLa>w%`53saT8K6^R5CpgkY`|l5yJNg*Cpi#!Ey#s~x)hA*c zl7&gTg=DBpQt#5^O{$0g>Ns!V+O-p;y@y5GIu8m7@fG$*^1y|dIXl+(*wdYmM_W@_{hfgn)Wl&)D3K0aQ7v8$%^&$ov-)|7v0)!W_%cFo zjNU&g(gD3_Q;3iHF~{I;fr@LqxtiB|KJ2_E#35colpj-@At zX8Q+bN66y0655AKr@IT{50Li{~^ilKz7c~7a{Z{?m zgq|@KtrMoVEIC8o`#gWPiSAQETjVsmqKU)`3P5OzpM4lHZAoulC$6paepf)zpyGc5^M>}6x|u?fFw^O*ayj1cylgVP ze7Ai*VdHJ@iu~ogW|JTIWr_#p7C6GY?9F|5m)MsRTKJ`d22-`IE-joI$_)3hT+002 zJ9~;=hAUB#PvJx!gK>_pQhrGmtd{kb|2BF|AmpqDPa@P%qWH$bhbQj%2Q19V+L<_B z2$1+t(pQdK_D>UjN~KFSWQ0;Dpt!Fskirdxg^DuboPGDeJE0mQahwQfM0s`w>W}wIN6(08ItoLW`RuAi2Yv9N1wT_e@xfD_W zC@AU_Ns<%>n(L<&Zg1Bn%9rtVWQ;E@-41cc0Olw1D4Tjea?~Z%ezTp0A$tSzlPOM} ziqzbI(Oyt`P8d!u=Nw@nb5^7iWnl;=ggpRwYB4Yb+|+#a7@@&^3#Vih)e+YqTj?;& zD0W_W5Nic`pA=H5E5{)FC+&L5!MxUTYcTjxBDYPNeu83U=`NYhijx?Da(7~P} zkZf*1(K5kopG}%6~6VCtO8(&a6-q z1}0OvG6*KaY>_X4Je6)XHz+D&<oyRAQ<&`lo=7WyE4p2 zhC4s3=KdM)D98J=K@VBaF|>vV$iIRU!Ir#v4*T*c;h9ZMb@}|EK}}7Wm5sUCMrUWWw!6G8 zt-XG-T1BOTO4A|((rmo&yqxs6sglaU@cDRo)lvn5gQ|*JWtpv+MRm1RzO&2}n%lwp zukC4hb}Z=EeBt<=jVO8rGA0CC9XaOVN1J?RE(TZc!5zfaAbLw{k%jf+@T8`|G8=De z6&)3CM-fM7p)Sy&L>U!S7A<6CDod*L^mD57ax=ENYJO#h3f4>O7cm4@!eov14b-+}jT}as26p76BvoB+2be8E5s-xwr z10&GW6UT6Lj%sp`$xQ>f=em6vAP%N?TVmQxA;ZvMA)@sLU*13Ec3O%%6c7EEn8C(5) zvp!2?PB>PTVtGOg2Yn-Ar~fg6F_~7qx_|RD0G@Xa3^JGC<^U2K#DDZGn9K_8;o3ZD zv2r)ybQ_daV-90-H!qGdf}wNz5T9r0At)w&&pS$ZIEl%3>6a^}AAs7txrq90&~cDa zEOGE_i$}n>g%9PyA;t(BWO#p_S}i_0$Q4U}DU@#=yAV<-Us}Mq{Rzst;A2rR26`SX zDmK`}*hsOFfJzHy$DIUVAs}n=!*L8bC3|jPqliyr=wG9 zWaEo)KhJOdc+g&t^LsIa!+kUFW!CxU!XZjXe>Z8%u|91F$o@q{7c)00G_B&9_GR-_ zIT3nsy*AByfjFV4Q0}y;4!5v-n~;Y=$_cPHO`J&A)t5!Ni`G~NgD40lJxSD(7R{bqU&qPA34YA)1$*0}GkSQk0|Jxi=mI1lrNy8&~F=5Uc;LVfqZ-O z$O4>)F-gtL%cKAahp*;sh_;@(u?7js_8w`B(Q}}X>+l~NJqZjZPeMQX8=>Hfx$p*G9k7ecorj0d&hyeH z9XUX&>tDEqeVHOPlFE$9M%Kcph8GZG2j5wuX<@Kkb<7+bqtXxb_S z(~0ZGP;#t{!PEo{lJ%*sFX0uGVxuQ1N-`SJQ0r(qdrDTDlTMux2LeFKR|Fv( z<>Ko56FLK`I3TW#PpAi*{IcXizO&^QMT zX&L^0jM>N?#f|~8H*q@#f$e957HVUCiZIBnM-k?Bw63OHV)`@_G8^Lxh>Mq2QOu&FLcy{rF8bO4Q7L0_PtROH_EZF zv9Vg*kcd;Q6b=zjxntPQ!=7Kg{i1>Hyf&^8KkNbMUFKWl; zL{TFo5N}$N+*6z=w(_d9b^JMeA`kiTD@tNDZiuv!v$*fRf^>q{$%r6##q}AZoh((9 z9%CMl%Hsom*>U!em*y1}7S-g{)p{~z@`ZH#cpZ;F?eW=9JG*v!MQ&+l^rD$C@+h(i zJn4qd$;V4WQlniFC2uE~`&(x?Vz-+&t%D6Hc!LblFpvWr-V=G7#(}BCBV&ch$8~tG z?c7}EU_lq;6c_>t+?NDm*lK=pK9Q@ZP3ao-%&uT&b&00iz5^HBiil7#BocGO`I~H! z@)U%ednC?S>Jw&sgAfw1MXuSM3j$wZ%H|T8@lO<|GQnaC{(p{%zACVsIYh+d$gQmS zLr7#;VCe}9rYXafMG?S%31FHXEsvHtJzUSnEeRxH*j|7_2XtM{iy+X2(rj<*UlJqQ zD}zlC6V*jGBy-E@^-}GLYA94PFfJcOxgR=qguoYxSvdRj%3bbB*uTZ(mp+(t1?Bvu zMt9LKk-|aWaSl5n&kjG~Kp&T#Le^Ff9HP|@K54U~oj%C%3Rj4_SC{7G2+&OfS3lru zx9@}|+Z9Hi9yz1ER} zcy{~8*oX8TAmNiw*Rr8s?4z%2u;W%c2H}TdaP~)N?~w159FVPvEFnT()1*2Hb!Eoq z7IH2Ls6Pio#0LwKV|~#zNXh=5?bZMK;V9c7V`p{>(+gb*tx{brm=Z~K4-XJRmmQ*@ z{+Xh^le()|KwcrN79xk&8BF_ivQVZWG`o)+zW_p+Vx*s6=HW*+0B^3)!ghG|SVG+2 zGyFw+hrKDGVpC;v*^bmcXv@LiBITOc2nMjSaGGGi6-occN}j9uNzwkD{(OtmJ}X2I z;)aNzLTCE%L>sHkNvIXvNln?u!{y~Pzs+R(UHqw`WfP^5yo@}2AlIro8jY}Ul8OgP z06A=fgH{jNuVw7A4Mq%UYJWtpn?uB-Jw|Ip2M!4a25lE)i$bLNnFfv?6L6>6?7$y9 zoSDL=HWrX!P9;f%WC(d;W4lb2+1e{gKAF~0uVI^+e4s)WpNF~crevFJk~bZ4a+GjP z{=lx^OLBt|FfR%u4z|)ixI43VJpC3vCh|~SkO7eKpNjnk;j8Gy1fKRQwaCvT={1ma z2xJCaN!HkUng*r~Di3iC0}80nE-0vISS)CnBx}=BixD3_+9lf!wgkXbl(zQPaIZ;< zpWa}H3}nF!`nJ$Wix2RxC0g~ir6;E;ilBLJbn!5lj1Fyw#yK|BCuzh(V@6UW zS-ps^R~1SvFaqZ3t^W|0jq1_$fVhVmcV8`A5NK$)owqlA>&r2|OvnYi5HrVv z=;**e45@lPHj{bgF{7!7q8Tr9>WtZhX7_jhb<$vzlOAJ}j0Y)EAknDmAMN76Pk!G- zC9UEK+bZ-RhNhH5Vk?^TUS3t|k9Mapm(enoQgRf^Drp8pjkH$Ri5%am)*QcB5fy8^ zNba#+Nv2>R^b{B|3s@))54mK)Y;v`CA>x~mK4XBVPR?O3#53&AhO;6<-oT8N4vbLV z8L-3+USHlz)tHf&5R)SuIt5Y4vL_k^(Pzn~k)8b>eHQ`VTW=KBJo)s^yNP==DkL2& ziwpA86gYR*|ADpJ+LBMuKkYAp7XqP%A~7A_w2EVS<+S z&T;gZoHO%9C&8bB6JCjg5`C57s z9{qmth9(fRfOa`W<~EQ*UUW2p%vnxOJ(0r(mzJ;WNL|jow9=aHXmZ_-8VL$L)=^HC zKi!lmP*N)KxIt_y!nm7irXS6uA74&R@}xHLTNv1+aeT^Qrc(GPGM|;D#=^|pC9Gwx zs7Hl`l~5YOYwLt`tCdb+B6t^OpRXx5`+NsSBW?g$>fuyPTQ zn%;{U$c>jzT`tGB6lPDmQx-r5i3#p(FI)*4q4ZZ?r8p379{iF`AYsUCQqoi=Iy~oWA%anq1jQZ23 zTs<@Uvv|4qxV-(%s0g3_R$9*f&OuH|#n@1V>EMWs(9l>&h)Hkr3>HjhU+4}IB)MZy zZ%|L8=126eo1nE2=oxO&7tIsP6Kuvgq^Xt#Y0#h7+8^1@i6Ho0bRBj7qC)G=&a$>T zgRYW#KRP~EwJJ$Yx7iC#q1R;MoEqSuDLFM|{AC45NrG^`@1n2hVLd(Ml$&_6AzQ4{ zZ``hJedZ&^%r|!%$NR8QBbK74LV&O|JhmeJAbyKytG~pLj6JdW9X6OIwUv+Lq_o$= zwoIiowFV}fQoXP^&OMllkl6c&n=17%QukZEj4yNbXgXVhBJWp8&u?~KhP76d;Vz~5 zfL(&9FPfd+MD(hDuOquicWxW)gvl}duV8+(rC-i_p*@s74dI6^RI0|hZS{yDvR{ZS z1ZrQ+1%*R5QH7%>i!(K08~9@@D38D3zh}`Pl`tn;h}Q?gI-re8-%8q7W0NOg%0}L| z%I=vRaNP-wK$-S~lSDM8v|0=g<3!0#y2&>DwmTMK@Xd3PsD9;j-?|tawVA7@9`jRP zi9*YMxADB47iP3F?!%ZlQ10D9=ddacCUPNyZ7&eh2H=+L8P@-r3pZn)rLZLEt`jO2 z3p}+U+v+NwDzUE{`;^psguKqYEecr7pu9Qr8<3sQb4K#c zN!D|ZpHtEXZjQBrZlESDIzWa$A^sGbKSIQ7kP4Bs7OQ1jFWT8K$8s<7moe#L%ikGb zrqiqMksP_Tk|Ypfs2BULuh~J8yEv^#`?XZyz@G++-ai5q3(G-13l<911<5XW<1+EV z?V(08Nq4^9*9-gfVaS1M#BSN%F@tchsm!tL(mojNXzgYE}_B-C37{{A=Kaa zWdbl-&>6R`0lhw>+zFiE(d`U^dW=n%d56L2*~!J zT~&cF+CoXd~k+7Npm0PCe)J~ zqSc^vys4=l?l8h2Xlrb(ED-}WAp^uH5xMEUMtpLVTQiCt81pU%wZ3BDQ0pMVw0p1} zqdB?@4mn1k#4mfqC}UN?Uv_tfQjEq>3gnq2PU4$7jNEh>c@9vyzQe9uRGgqOu~YZ( zZ|);;!RLffo8F0DzZB$9p2i<40F;vo($a+lvc+OfQ^oT_Z&m2 z#$h%aguAh1v;)j0$2k2VeE+9suRQ|PIV?_4XMHHDXpT$s~SvAP=~Y7bXH@FwGv}tM-rc{TfBWOx-S*VEL!_uN8yi zNY63)%nBv%BLKN24~&$SBg#uX0lO_ka?08Vz#%Oi1H<28Ez1x;Fq|!G0N=Rge_e3b1fuw<9(5Wdwr=dumv!v0rfuYngCcA*tXc+^r_aN{91GH-d$6Lv` zh?R)8Ry~y6gM5e(VMrgT#Qg;W4qhs>J$rk&Y=nqA9fdIbaFtg!g`gj_iXeoGK&8b{ zY6U9NaLzjUO7scg26YO}K`eXTsAk0(6OV`a1=c#1SK*G((Ad+Woh^fs*2M1~X>Af( zbhZep!7YOrH-2r3_p%cO`>aQb4**UkJhB}J2My?RES(NPPP71Ta>9-BuF!qck-EU9 zEeIP=6>*3fJg$0J#V8#ZfJSu=3UwxUX4m3=8%p9&&gZqJd|-kR;a*q=0d~dN7%ko( z%<2Qweah4r7Ii6hlsky!u~<%#O#x2+K9uD!>s9`2UH+<82)5Z$8pOHL4;ID6gl%}V zIh^Onb$Tmewl0djVwG$37LCr5U>OwfKcI>}9^xk@f*yY$k#5K^=e?|0wZCs5k=z|t zNnuUf&Hby&cwhclRnu5id8TJR7Y59_z}%m@BGCS6vbhK;3lbhmF0cc5-!WhaRX>7U zueO(+ruo<@l{aDsTSvVr{W)kcbIaKLOdULiexgB3*TRvz z&JFHek@rzU-r08;%^x{2imj|P|E#1Lso?H+dV06XRKy>n3XP}>{l-c;X0dq#%0-t zMrXjTtLyBqBGKo-5?;b2Q35oMsyyA#2j96wFLL5qz(Z`?_n%Sjf za`ORb7~?EjF^FS&r}}&YK?Q3i8jG_-s>pM5sIG+ykPkY0tm%&ah_{>yr67>)xI@@!0dtm1fthOI<#fn;BM8I z>3o7!=fH7^tsj6tjWeN^mPyY z3L20OE47h?;Rf;msuCkbeh!kXqeMlhe&t}@P0`O)$ul*M_fv^p+AW-T_N{0iA-QrG zHO6e}jQOHw;Cj%3RHb?G4cy$-Q3I@B zn9#kWeQo3_opt~^a5LBwIi!L&oMH^gj?Guy8KgG(&kr72`kmKH8wr;&rdtD7!p3ye zB`Ka!(;tz~J_TR?bG-VEdd%x|_EM-cJiKO3-f3E0+eekjV|*~K&EqEoZsKb18pqc? z25UD1cVB44;pY2Ii1Z&Eo_t`S1?6Krm(62pyo%D%4uA2__9}iA{!qg7Bb?E;*h(#7 z7jpi{DlQ5zgn*pHrqXEXr1?TdNTiwi%bWO>ANom+g?JhBCX$2JDsZ6F%8&0>j61kV zYd{K(Q(~x=?}pZcWveXrV@twz7HxvqQa#<876J1rvi9VUEqnCV`JcK6Sst3ojkJN#p zfudw`iBx8V-p*qlRvUuuc}(dynVv7>v`jTf#v@mV)dW;@-wFp!DHSJN+O=3wm5s{{ zk;Jq;`daClo}To<3SEW?MeNJjGr`oIB^psql1={#4Kn4$BxcN+sBH_(bObye21lyG z39mT(!n0HoWFOqPL~9o)m{CW}R<3eVRIiw<#URrB&sPhg)#wBXI@La}S3j&l^jq2@RJD zz0?|^ZV@1TyJvG&NW?gNUpG~Ce}?3-E@wbVrci&vLmbpgW)EIS{<#t_umqao07f-{M{R!OSA1Kxb z_kMG_i<;2|z@*c{+`AMF_X&4o>-7ZKkdwjQ1aWM+A-YmdrR-H31nse@8_(z z-ePvh^bZZZ+8F<#KQ7^pI((HJGJi*8!D@f_dQL+w8JBKXN6MsltBIBeubw(QuK5FmbDv-)|HL4454Uv~5XdQgVf z=|b+Fsr2)|C{xXQu%ND1`UyXrYgc`EsGD|xs4jE-lb*2wSzn~3O*=5ympQ>Q&su

    %E3BC9o$+7+*fnTCl*Rpsaqyx?=p3Qhufe`k+^=WHcFl?LK^X1 z-2*%RzK%Opf71f)OSn(!z5=L-pU}BcBbx8sz{YL#A_|t0*IyrD#J+YNaT~_S(iunO zSu`*I#sjqrDKM)^*D0@`4WfJ$#ea1oet}-!zzaU>PJihYr{Jg39Z=Z))Hd;B`r|L* z1>?6MiSS|Oz9Gdz*F%ahB(WUbDp{i1{*XX^s>PcBute7Nz^y&+^s|59i@)0TJAG*F z*8LzJZ~XiodUlm~y%A{p@-D6Q#c&loh)l369L*7c`QYYJ8SUySJwHu#$ZSOr7V3ZM~k8&@O|Vn&isg)5gBh9tQ{xR1HP9e;Fg3(?jw_Hg5Z;_ zSWv3Ouj2SeDhn!M(VSi<3qav-BLCNao4xM^-~kz)p#>?Do*ciw5Ey(MZ>a74a&Z_L@%ZDOKQovR$B*}YSBWyXj!nS9q)VzZ8g{CuV@ow`=SX%X~wR} zlh>)5)0P-2`2~1e96eB9zwtYg$QY@Q$9jf@d~gG*=}`Q2HupVu`m^a|@EKJf)xJ z9IsWT3&uu`F2r+@YS-t9(oMVz3s0fOZ)DMOFW2K2ciuL}OmaN{k5~A!Ic`zLd{Y)j z?+?6%p?r{DUSKlGBQdX)TP<1CVG~UCpbteJ%y$4_Ae|L^IZ>}y?~NBj{Ptdm=-^YF zukLf=&u5Z)eEdym4!8(OOR;7Q?fsp?xY_GpC;V%+PP?wSxz@IO%s(R~jrVt}2&G|; z3>i!K8(7pQ`m~=|M?Ty$QF!H#aup(zK7!c4E z?7zoK|L-j{C0l0)L*xH!AF6#gBLCZbZkFiCaPnhK1W9HCF$W2QpwtvbbVr%@2MY&P zXgQ0w$uJo(5i%FJ3$hgvK=hh?tuAF(GyyWU`;-`Yc`f+)>l=LFYTInC3DRW#eEn}5 z@xlAVe#XY?Av zR&Zd~09Le_oAwYg)F&oamKr_LoFxwPKIqE$U<<|@-pc8CDh$Avh4!p zwSNltu&(dAILRE6%CZ^#y+hj6bk2qxP!cH}vZrov4f$mgBeEQU+?)`N%|WzeIP3|H zNhOP99+3*kmDLC>EBQJb%eEyPm$_zZqBGERNv#8yVlUke*U|(*ie+8MD4P9zF~Q6V zfmmf8oZtfPNSY$#NmWT@Ly@l7-7r!I-f0F_xK%kv_tg%jBVc!smzak9c~2Q#?xr}T zM44R-zh{}7&ZW#f&{`tXlH|uyPob%!F;<2x5|;Z-NPu4ibu63jB?U^DU{zMUA|&+K zx^v33F$EkKfdt?i7?YQ!gFkw%)?Jp8nq#wQNysUkvwPT<6j)d;X4Ivj03EJPeU(Wj zPb@1E3=PZD?%J8;Fd4U-vcY8-bmopQtn7f4rT80ta@!e=ew!ctZ%`188eeXR+0Uul zKLM3)g8+tWy;^yI+F5?Ug0oTwnK8tWzS|JK;@s(n3}w@u%@ARXW82blQn-X+vto~A zd+r8ZGK@(bEH<>kDSI#(2$5pI*41CPG8Y*dO-=}95-(aQPDH9D5Ls)UK<1Uaiiyl+ zh}Sf)*lLxqtE-5xX{aS~fuUmEo=qu+dUNWAezV0dHN4BZsT;ZS#L(p?BN|0n(Gsnw z#cpn^Fw2gn$Xd-yWNqVwv-UHLwti(qu(V*(&g0^G=C)8$Zu*y=S zRdAskLVLj!jx?y|si5_KP=R>eHhU~SrcV`AX}BuB-m=CO$1pZY3$e;zgZc&}zE7kOnd zS^jAnX%fiCo$goj6MSRc4qT+gy?IlM|3DRhH-P^&A` zA~3@Pb77czMf^=%Lz0EKkPi56@!>fqpNy~wQM9aj0bQawir<*_0`v*6*hn!C`~@YL zMV)a5>44shMeitR;#<6>NB)yV)nkC>W9ahJ>-9MX^;MC$2J~e%;&PoiR5NOt^l!$t z%AX_Vz3B%o=}hJHmlW)l5bMx+ScTaqB2DELxZ#ypeg>NNZ=NASD>6dJYdb4i z2_s8-rhhpMrp6BcvlmvYXxbqe|LcYAR){RtW>CahMHG4&EkbdbfbGrXMM20J3lqbW zEbAqkB$*kKP+_a~BD&Ah=-Aou^QgFel6pb={b1LZ&kG`jzr@W`TUr)2Hu6umEJ1_ZArQK?g^7slo5%jn-dRikva5h;e2kvk)A9k>( z!N&pcv~KqVIuHBCWd@T)ZqiVKB2`TIB|&45OXlbuQRwK63=W8Yh^xyg+wH5>7NADb z-|~RX)dGC;^pYkj-U=Qrb{BCeQ{R0NkFN1S773;I_I!KRxjm z2+7<;?8qmkd>5}~E0H;oY7@v{FQ1CKbuMn?s!k;eLJBruDVQlgH>YM$96yIq@bIBQ zMW30vSzFFK&66JB8)KOb4QDnVDTxdQLD(|7Bq`1!8!P!_DL-GYFUVLiV5hD{HwLw4 zmc;5zTREBFLOQVxC-2WR%oqqZ=XUWyS5oazv2fL)ltpDwIJiL)F>}9!DXxK0Ftz*|~s znCgRClDNYXJH4=;h?|;BrBI46w-!U?Mm4i2y(WMH(TrERW6P1dBWfXI3n*lGfP|)t zgpD*HPaCA9@*YlOhJ*@(R6zY*;`3)nPX6Z*doi3IEwBTO5f72VCRm4E5|HQik(t=M7o)A={jU~fBp}lKh^lK8fKX&eM`x=h04Vo zWW@_Eww)&kBHW@BYJ((YUX>n#Klbpk^4}if0Hy_o7T%Hax-+dr z>bHAn<4>$utvqn@eP?=?+I4aBu+}wUL}2G^=ICM3x4O_}DB@w~-9u<^K<_JwMlr<( z%Hn@vP6__Ih8J-0|-fyQtDF~UW7IQ;u~>{{@O+wr*j~usc{K&FS_92m z{oaNV32eaT^#SiIiHGX2g-St&Zd2e%sW{69YXX1p`f?|o<{&0vFX}GydcogcBRI+Q z$N%AkwMRh&?J4`2bw``#gQ^yUMtZ?s++S?OmwTDgPi_=^(@2(=mK@}R_uedt9{Etd6jkPW zo}+L%Y$piA1Lp@RcH6c|b&{N#AR&LNeJXOh1A8kR62Id2yd1ch>PjEoOn?9Qc@sh( zU3=Zr8x#b}q-oKz>Ri(=%ehc1HHAKQDV^QZO3OD;gK?^=X&m)$cr}1WP=Jd{N$w64N+1(()3X{IPK+ZQ9#t=LHyV%|#b1q;MKB(e#8))TttGR{ zeiGX;p%*ONh8Qs*a3d;vF`-joC@yj}WuROxo)KpKY3y|OhEZ;#$zZ-Rh~0OiaSmx# zmktU1Bat*!C6oJJy^N#)w|u8nvN5L`doq^?8{M+5Gf4kU(CbxVA%_zHURlhTxDP_aU(N6!zn?_xE0E) zWjaBv-|cp(Msg`%6ZJ*)1@K=Ni%XmTqxIinJ^lY!tp5|Lq4^(XxgQhOX_n3Tr6wJZ z`W=Fj`s)a|f+pl5IWk~sp%0$*s7!IzPJI`ay59+b$YC&FKVAv0M&R)2NbEF5N1NUE znXLEc&r#X7wP8tI<*Ma6KW9o7FRO$4P--|?E-vFc5(1l?$$qj-;{+;x(q(zP5dy3+y|ht^utl;00)LEX!v~R30;X~r z88PdgVpy$gQs~O+YjmAlPeF7HhmUQh)qF0Mma~c8bx)R@z(e#=0t+n3GIzI``#;hl z+nV=!YCY=N`jt$^|7dXrVY`auAUC0gUwS4A;su+@o-HYp*0CrodMe?CtP3Zq=KTKd z-(LKw%)1aDp=6x(z`zjegd3hKi#3~H3s~zI&Z6DoO|S)Rj?3#?z3Wv~yA4iNJKBjp z4sj?5QT=u)Ll)%MI!MmhPdBZ? zFw1R^N&2*mEVA$DsDkM+64eUU4_fk#9NdfMCJ#U~S@ny84iH5@5`QPUP24uM%N}{F zTx8KKK27k@HPR`LIv<*7ufcX!kMHoBn1LiFJVI&NyZe zHyQWWt!!r#zV`4Y49GL^uoVA&;CmOW)xPpMxJ05l^a-F8Lu8tZs!PlZ1Z!FdcB8A( z;`t{B$mn9SYKO(Au?mR$vE#jHy9xO7x=Ys9pV{IC>C**ldrGK)jV`*KubX;lxN@1u zDEPcT5QhG*!@AwEDN8s3 z006oa008~}TkZZ|=XFj9w|@r8)2&yX6Js|kLA4NPKR!IlN&`7OB0xcbJ|Zf>fBwlJ zXepC}Dc~@un~jy?m5%)$uv7{fU}V;&07=Wr>S{^LPtDG9>uTTS4c%kj(;ima9VrsP z-rBy`8<&5+{haR|&aQ{)#96;T#0U7SU4g2d`tUzLt zG+pyB?IwpLKU-6|np$p@sjcU3otYDyZT6(THwUxZ96N)@-CQfvx&KC^$KO#`fInPg zxw!3j`G9Y9H}?IbQe%YBk7ZD}hY$84Yn6s@sh@9+x}&5{UJEdX_kNfccjT-*(X)4_ z>LqXNKUXKS{5ak@@mNduAUE&zP`XR^aZqrb`Zzmzhmu-7S0k!-$~E6Yqq!Gv7^=Aj z3%(N&R&wEt=exfn7hNfZTGEjIZ(c*1G}C2#6Pi^ zDtn(aUqFWMeZjs?gA`r;(Y^z`op-b}UzL~{_kyTCMhc^T89vC6QP( z+8uN5bg8^H+R$^s`H}unj~?342Rr>8Xah=$o@BE3X9j4g?nBn}TBw9h^a`kjPW#Kl zX4+Bn!)n@5i^Fc(QhM;YG$a=Wh=mzdkzU$T`#a?wWOjoZ^wGSF&hllE1lq`#1wlj9 z63+4^k?0+1<&o-J^qHlz^TS%HY%-{$j+QvSGIPT0v9qhg;T>$^s8CMza;TAQwF0P- z>2ng=O7vFDzA0x0|BCa9a5PQIc|nSj=F+)AJElvdN2=O>NT6GwWR=q()B!S%)toS) zYr~x|(xG;7^eLgbstT7AEX@8lr=!Xg+8P@*6?t__pePw2vm@JP?y}k{ zW-xdyt?J4e(LRigKm1l&>vaak&Vq`J1MsGfhY=kVLH2*0ohetWv=mh9OFAqJk0U-x zE}Erd$dMLCDlIT5RjX=j%x;hljxsJnB0?q-v*87SNZ>LHl=I#2I;hbE(OP&gC$+Ng z^%RYXuYpz(+Ntq>PsEsVz(G_-0;=<|!EJm4^jMuq)CdNpk+Z|)+OCXzyQuefkzo;2 zw&IRF{q&>koEnk!yL+>Z=)y9oQq)ZG5QsTQ*v9gh2m1L6rU3cYL`r1Mp{--ykh19o zPV8^^X$B&Z-X8P{s5b@#E~B@w2>D`R&VLxRSHbVcn(=#cDI?C?P zBRRU0Sdfh}&!8h0p4zNg%G1m(VtS*(mU_wrGbqGRgpzcm!usj=A6VZ!>a^ZsMyv@^ z2G+%|ua2`5VxJR$YWhasIXO?!H9%cK>7Z~?;n+Aw12RMjDn7XqY2D~N6%oxa^1w@h zcs*~^&l0_=aN(&J6qvWc%I|vk)@m8%c@%>1)TMbu;}b;VE}`^hA@oG$6d9EIzBMc< zC8B0X{fnlZ2=?vyW`ji(M8auBLWRN*j?%`2dIOov9OZ5>c&q5*OmN1MXT-559&^$L z2!9bSu16_`zzb}DJy8N73-N(53H#r$r#R`6wnD!SgMPa?TvPU;fa@YpSQD7p7AA<9 zu+sY`JSa8Wlm{W}%yUZabvB-?HB-=1Bxkz9&{P^s6;5x;bc5*``E}-gf>ZtM=h{tES;jFnfbn}TNeD+yZ-zfFZX$ej!ZktYW-h)I62L7X zEUqJ8Q!=Ew^m?J-;Z5b#DBCu{VF^^6)!|lzwF8NnU-SpE7&H!phYc0FFwR2+KXv1a zBQ`uL{kNMMCn(E#xK>_t{NSSKQd(tJ6G2D9uDk( zPxcOGR#Z+N%XA{s2&>TW7tChh$7)z6*V2%nMmXKC_wQr$@Rl$jTZ%SM@8pV@F)VeL z5u%wwHo~t{YSq>}X;&CViQ<;2AbpF7mkvyGIcu1a&DHpG=9-$+uMG#|YBaQ*59^0ZS*43FhwDTT_F)W+!Ui7?AJlJ z68_y-2E!)jo#CK8*c^vR8_X{YHij8i6OYD#4rZGG{&H%-%SeKs6!;gn@mK_RX0X6; z=2WyKJUW3bj)041q-6FCwvf(ime@;NEhy^(Pn}fPG3m?u4N~ zA@60$u#C#7M#pJ#hfl#rcJR(GarByHpZwkI)o#o02{0KktbVv=873dx!7A6y5 z8CT94{dQJ$x``2P6Z?k7f)c z%@fgp6>LUW1Y`t*iR90>2G1#!ia#@in94Q@ZyM?|${SMA;7Jio)zwcK81~a`mka0mVNZngJ6Q+gT z&4v z0R@A=ePGddF{g&0*0dn;?txx5?;^2}S(xQe^N~s;$ECaHF;Tt`oR zhl8@9wBjS^E`>WN(dV5oEAdx;Sgjz*3eUOhpt!8|ItsLv@gO1L{olBOzj6JxLyP8R z6iWw@LP$I^b#7zC+8C=LOX*E-2M=g{+DMRI`E9egQnlVj`3?-~Sgqr45i6>zwL5#3 z5zhBg1d&9E`i)Y8VF(y(05A@EC&-T5ODWzj$7#0Qm{TxDbeKm*3Sy2D-b|ccl|sXL zpfr8KNjw~>buEcg)83Z|5!PPmf#gaqsOEJLIZiN4$Xg;(a4m0ZnCxmNX^8~v*_ciQ zkir4fGBs3#8i)?OHr-9H-5LJRZ3BM4hk1;LXr&wNk$}41neHw$`hBZhwhoB#PS;e3 zx@6bT3K|j@D}D2(Kq+wxiLP)hiPaex0~!+;$dvVoZm>`#kc}(lAVGdImz5v>RMvNlCnnOgSYvpf!RCFH1h#>V-wxCe-u^Dxmt^tgO7~UT&N&kRp#qFB<_oF-=a; zc*B=hXJI3VB`*ny<%R(J--<8`@f*_`iW$MTSF_%B-)0 z3b$d{K~E<3Q0_Yl>*isa!`2~f+FK(21q|k%5`dp_vmsJYM48wMdz&}0nxN;hZ;)iW zD6VpUHiSa@r5-a$g+&0UD`~WC=r)IW27BWpoSRDzEe?s!q zB4bmhJBiKqC9)~Y;$h>?sP~o>{|~3qdvRt+}%0F3qFbM!F!Dj`;D`lvnq?YN z97~zRF1psY#BW#}ov$r#PuAG{0g=+pJq2KSva$awpwn`hbhPf*p{igzaCHpr*@}OI z^hzjYboIT)vM&k}gLVLTj~9Ra<4s_wXVz0KashfuE2m%lqPivC+i;11bz7NED`dCpc{(p9l4m{PQSRy zzUt$NvxsOgt();pJtwT$YBMR;n40m-wzax84=v7$wjv)SDRiw1UIb8eic&D`6=FX9Lw8ivpE2;^v$VVqsP@NQ#btS8M1*x@cTnaO;Z?jBp@^V=lBPhda9Qqv!$kl zHJq9G0VWaS`T-0LTc5W#Fg8s^J$)JNEtD8$MH8cazK5FN`6b1pT1J|SeADuxz6W5s z)kk)J>1KV=<5%e7jF(|7IcHPpT3B6-gC*+)t~z9#wAOD*P~$30uZYrPhv^ey+=EMl zRJlEnF?%G4x2~C-#F&l(oi6F<}g<24}EKV+TH z9hzwicp{O{9hfNq1*08T(v=jU6*##)ICjvl00*scRA*}I z1r@O$9BE9Tui0OrC@j#fF4%&+|1Qctssd~zW4NtU{|kwZzt3^6&=>s-LNKDop2b_x zj*P!}QFKW9%3nMk9Q1`hR}|7IO$jOJFQR!)a1#*n2NYen7?a!LZ2!^maHu%L(wHud zXQZdzM8?6A1tDMIGKs%`qCWV^Ab8dv9;&#?PbsUHi$tm$G+<_|@D?Txk&TMxv4gcd zfmx*l#@bCF5ORAsgDy5O2Rj<*p+l@H45LO1WDjbqNNSaKYIzyW#DSv|1T8Ty^`pJi z&5||iNk^ub`nzpI`|^}K7_OlSw(Kw>7MK>)Gm_}j4kMNL(mJpRm-w$pIDQ=Gzqg?Y zIAq%(G|iYw!BnKeb3_d?eb0LXisqJ>`eZpW54*r1XhG;}kdt-O{TmvYa~hFyHPOTN zO)&2jW)Ln^X(UxQp$*&#+~mURH}C;o(akOAX^e;cQS7GyUNud4lWF`)7QvtTCM7sN zqxjg;7Pzsen+-mJECLw7lVReG7ZERmRx527qQxz_RXe zQ>Dc+SN@4yP-QYxS-0w9xj1S~s1!K)&09xWqXYIR#KB9TU6CujnM51X8V#5acRqIq zf^;ajLHBQjX<=}JFgNi_Gh|I}1G!3y#tCFMJ#F{J^N`LbsvA=@Z{X;YrlMJzeymS)wVAjjN+G5+EXR#WZxO38;wS|RNi!gxjgoGQ`2~^DlAN-o)!&x z>+5q=k4rBigrHA>CNc}P27j$now=+SX33}sTBvVBVsxvY>M@$gP2w_6inpoy5{ak8uW`r6&Fs(DharmNz?Mh@+9mMz4IW%?Wr zM48ohm9k{LF~{e##k{3#*HrH7j^|4H7If+drd#V$!b&6-@tQdSD#sdBZbO-8`!}FT zNmYucb@*_0v!)aF-vwd$92p~xv$J@41|!2+LeXLSg&DpNG(Z;34o!R;(I}}WcO|^L zNN)kvXzgX`ug}_KVr~TwjMOu&4;zgo)p6 zSUngpv*Q-MOWKvU)8WXft*LM0YtI00+UA(JW6g>zUfY>bw_K^MgO#qPVub`mvH$Ei zCV?^Pu{?*!<5tZAKoa?DV1=16CX!KeW)?M|%p??#hdDS9;?aa+*@H+Ss`f+MQ%@nR z^0&9)s6=YlscZ>(xG`pt+XOcbU)#mB0ns444p<-9jMuRn*)rzA%92dW?_rIRYG;xb z+lNkfa9+i^gRRI#e=+qsX-aL)`ecpt#DAh$-x8)dY)J!3pYKid?X0UCHd25MLC_LNixhgm%_LX4t+rTiDB@K=rLKxDJk(G z+k^%d6}a{>HZT!8VMGx@aLXWWKphVGq*3Mg{kbPf3InRs;(~z*P}0TQ~5+SI3+qX#2^UPM9LI zz6xh~$8?pAFHvB~te)Q+mPi<_Ucp-{VGEI?SwHV!L%{?MWkpvy7t*y}@D`YMTUL*0 z1MKw_-9Tdkhm(s$pkzc?$|C!Dg(=-E`=_31`-L*PO|7PR8DhKR#`_J^*5Vy+XtD}(^NKtJdV8B^Zo^u<8h?Y70(0M1FrpgRn73S5;MzE}68;pEaRyZKN6k zl3hWtjAf?-Q)9P9l@M0@XeCg%EZ}6bv~hfesvJ5&#a#@NUV}dx|XsO2p8_ z5<~e7#VpCi4sc|aK*foN8|5hzHhEX`POjH0`6uy3YdxbK`|VL%n8AY`1%rFiFl3fui^LY>s;6lle`UK1YRh@gn4jU#j!J53C=KA6 z!)Ded#~8CgQ2T~kLO1>thHG<**>{N9&jcV$uos1Mh8v$EPSW_HPYlzEwgXQjOX|lv zpi?RP08A!L=Bu>-k&&+ns-9qmSFRxj>42S4unB@n+T1rdCTSCDN2gJ>@%K#j-1jNQ z#8J6vRo9iQU{D4)% zH*AkM#z;BUYmb!r-f-B?ang2Jcz(LSaPpCOeQH(n6Bd*RO?vKwf$o?DCU^CG7NlFN z^xWpQGjz9MjcWF59|YZmV@*EwaD)@A?>?Iz7q;COCcdkV0cYxF-Lr;Ho4luQZYM}S z@6JZu5ov;>5;$+!~GsECMH|`sAmJSU(O~Jp&rv?ly5AYqN$Kpek(ilmwpmjYqng+TdvzIHo`TRB+V+gU(Q)cnRJFP^ zeef2|)EY|6J%&5}3Kk|2e)W7Fj1xT7EU?4nlB;p`{Z_5Lgx}({LETdSkKPQ`&F+PH z>gkKik9*&(>F^%vVX4KMm81onod;*S$T*Ah!<7(0Eq*4tn5WHsm&UwrkGWEL zov)M@W6b7z?}U^sFa89FkKCrjhIySoQ%NvQ#Rkk;NC`2I(63D&@)tOwQrp zWs<^T)qgpcIP9Z0@M=_3BegBM+myBOZxmD`R+mZcn>$oI>Sgtjy>f~6My3D#QRGWh z=EQX|@bgN|WXM&p>c`7|e9(*R3Pa<|KZdp{=3(7mize+u;DFJEIkaaqHnQ=8JP~7K zEuZsxh_Gh*DBgZ8zk=egAxmVXek@}NeW2h$I#H6Euc)RU#8_@o zkSUpae@=baDi=t1!yX)CO==vnL_Xjttm9Gbia;os1$i8fL@ORl%t5K)yh=PqxCE~I zmS3AhUEn?me$sKr?{?*#sv$&Lum!FTbIA6dgo-2|-kK#R(ajwhwQ`>Aa`aDwyk!9JGLJ3BbZ?cO-A0Gj2=LA;CbE_{gJnNLD`=4 zbD=G9Y4MZ7A%jp_{*Eie0cia|M!R^V6Y~b-x`@>;`XIReAl|r_#nb&Jmr~R%)c%E@ zSYkC>wdHV8vN7d4Zj-(Vv)nw60p+K^*~6Z%&~__HzSokp;Fkcol|aC1@m^LG*L`kE zr01Pvl`q53_1*$x6BEm!UG1&`x)W$rCFS{U1Jh}$$4$s-1%oa9x;~t9Cq#Ss zJ4c94@q|GCZfLN@tDpaYu2h*TnEe5gRq%s3qtY7?xm3H)@Qm4}!To1-vH!pYW?x^r zk5YrCtEPP)dpZu9H+jv46FC8l2h*ty8s&i9sGHr6S^Yw$K?zl9aM+DzhO~bvew8iu z<1Oo#-8NRibL|l zKTq{^9GP%YL}RmZ|ZuD2sMZVoDXV zW`bvM@<4=o?ZYYQ)EAbi$1;qfx*ryKBAQP|7jWAMdBHWSKqW{&5?Aebpi0cCsmi-! zPM<>+QW}=$bo(6Ut`8ulGpm-F#VP~oh^|^)FVp0~(iLlL zcozd{gRZftf$XX0H)tDX$F?V{;%Mb5L-)pFWt=mTno*6T@AF}g^l16XR*nSuo*x_y#_9;6TY;o zbApB#tTs533A8kz+ddAe0w8Tzm4xl|W=nm4WzXD`35-ptg^e&vg-&nmOAb+pa$(m2E`Zf7t)YZBV>>%c72V&X^b zpoABJj}UKD2{6~LtOlT)=e@sPo))}xy5jdL<6d?HQJnBZnR3qx;>|> z+;=O6cHx)iXuDNz7MPjJveJf)C+Z7pS%>Vs_w;RN2$+ptpM~D%cBJ#($xq3=e!Ft) z87>VwTA&%z%X-P`KfM1Ha~s4>EVKTHxc&S$*HHW?gf3$%YxjTd0*p?YwAtW84w(>AX2ArZr!rq)I)uF|fYO4I_ z2-|^Z{6*wr#MR75E_7Ad&At%?Zta7{hh#y>8c_fnSqF zCFNhKHK=|#>^N`%I8zIXG;6qSDwsd=V!J!&?#KG;Gz2nk0p}2zU_)#*Mm1TQR_=nWuAM?QDdsC zkD<1>{Tp;pSr(=*%v`ItFv*zO(@O)g&8wtOI0Eded;i;s(_HRP^&{=@%{a)oT^o2$`7N!Xb4_FP|2mzyu z!n=XT2850B4{3f44-!OB5U^%sg#$G6R*J!^Eq-2^d#yb29FOr_df+M^HrBkl9h3*}P%Kv{w4fA+KDME<5pRLXem z)#Fh|=62_J;Yyqk#^DN#UxOc&$~ln!c_&WVissY6C-M*Ip!oT}LhPe(N8Z8ziPr5O zllR{`Clvofy2k%x`@b35=*0iPGSNbI*Q?fzv^~W#SKP`%OPIkfMebw}B>2dvC`2H2 zWLO4G225D5WinZ=ZCUc0no+gW7Fln(cJ)nuzrNq0K(6#>LxMAn zk?ki(tgY7D0y{f8P4|0(t)ZMl7Lr1r!(u@MhcWNTT?KJKY-EWUAafX!JR8Mef)jWI z@6)4-JZ9vqzi6#-7}B=g`0|WpMGlNvZX%DUZ$sHRUfkWrkjht~3d=(ni~#~2;e`p# zL%5_t)HQUnfN65=e95-tQ6yNS0{ybu9JnC1b8doB!JbEv_3+0DLY_q)mBea42=^&B zsLJ&T-tsQ#t#USIx!vh;!-9ldXlD?0yW%*?ijh7Dt6lf>M)}cOg0;cm=IZ90<^(qT z1)I<@Qel$ykG=e$HQUMm`lN_4JL-};NXP>l)ZJ2|E9wM?)Lh;iXUS1)y$WZnaAv~_ zUQ0>OoM?611?p47Uqp*N23(aoH3!6^XP|DsZV?&2;$;|F&=5OBgLkV}483uIVS7ZN zXuF1M2(KoMRL9_n1S+wyEzQ;a^$BDH+J_A9K?)}^Cb?4vp8K+y0 zv+S?FBV50srM*(>O;Naz3IRTtMZfvG=1(OeznDe4i@zY_vbG@S)*hmTyhnP&xPeZL z-GR+g9FB3`S$~U&KIumR-;E}-O6qZn;6I&b;#tUYwbZT8xTH6@-lbOAbx+Yby7LxU zojURsg|l^*&WW=H2P{jxOw74B#U!Z_K=^Y89i3^G-YK$A&$)C@K{#})9|h8B5Njfx zbgCYi8E97AA!hp9IcS&PHt?zs5u+son{oyPXcKkX;~a&rjoF`ARDs(QQYY&qcqoHr zC9+k=^_pdNSKqYj5NjbGG;~mpEOct`L8EII-3;S0-aVpi=h{icINcIQnj1Q0PCeEa z^6pRYwt)j5P;8doM50>s2 z6ysnQG%;Mwx-<{DF?Or&silUDm`D&!Dp+u&OQ)F>eKw?q3+}Z|D6l0-Tv%4<@1vy_ zEfT|>NHWH*B1XWb0DiA-R=tX6dHt@>`<+IvHggy{4Mo!g;(_J`=O^5l<`vg7#D@{N zFP(QLlTu@zpGT*~8caPY*5TMeRtEf~sC3AQ7?Z=(&!43nFE21HTtqfrmY18BZ!ImY zDt1@rwic8YN0Kscq;Wtat><}=EUrT|1kA6cOBhh5WEYo}h8*E+xzuYp+Fza-2WrQr*JJhf9P^hH6Q_EJpBEF6 z_*yqe!XkwePgw(be@-iDI{9uPvr4)Qh!@%^M_Cgb+WKckLl6!z1U`#$O#eW4sk4zR zoqvDJg_u`|5-2K3-!go976RF`DT9k{B}t7;n;Be1f#6iRrVbc4vJN5EPl=SQ>!_@O zY%_Gz1B;0RlhiaxX_5bXN^6miR69vQYd0K(+Vx`vs+cnx?zZ+8$+w+z!xC2(HOZq) zHYX)BbriAQ^6I&mY>9@l62V2PCrhY@AL$o?s*Xw2kx`2I;d|KCIBh*p>3-B9snr*G zH@Ij8r4PXB@|u`(Hg3|V+mn2!_xsq*eM~uVY#7GKlC~tUnT_nz@vEA3_~v1~H;coD z)z_ff1|PWru_l=7&ci0izPDA935d3LmlL z;IuEk;nOA!hi_ckeEg@~?sSX(PPsk4Z;bkJ;Y&TCxF zaB!TscEUB9F^;82!e~l6KjN!ctP&p-o-)H#JU@0s-D;>*S>oGvA4A!dXb_aAB#e2bwng%n9vk4&W<<=dS@Z)Jq)(of|a!^qs$jO4B%U1ppM zT{XxGQZvAcwI_vYp=e|pBDy_cZ!Z&2!F=-eP(Snr-Id@qrO3Eql2YxYm8Py>?5q|( zn86T**_q7-^^VDzYn#+dQvF{MM42=?Fd?Ar^Ri$8>>)sI8WVrt8^9ZY0r zPo-(p#6e2VY%H)JUm3r#3B)P>gziYR2~8d))eXEU@nn)g&r0zc6Tb7~hOF2s=zz=+ zQ{5!A8@hl1t}pp}Ro4M&v87-%hwao!#sy%L9H-j^-Siq^raKQhx2M+FmC%uf%#w8; z|Bp2Zh31(Og~mbd^v#~Z^h$~~_uATXT|@%?M&h=eQ)IH5(_PTrk4B*R>wxqZ1&{vB z^guYDJ2fb>|91b?0y_J4kCVA)a)AAEA~I#s{H1%Ql_+0Q&TfC21j^kTUfN- zaq9UqI~%lHf|vO%@GDPKuW{08k|dU>9AFM|hVjhyyitm>q@{d$WE4f9Ds6+LpBG)( zk}6jqF1AvHh#O{~8?%y+YBF{i-wldHc6sGkcAw*V&*2bWYx(cjD)wy!Srm4&-^;;x zEaV&yK5V>iM# zoOtV;4#2k4BCwZIYkUym=;)j(6ZhptHr3W`a+-AT1Mc-HntK!8#vwpp7Bkc$`fgnX zA4`%A_qyqTTF23qc7z^*w(R>NEq)ZbYvN=-AUYF|IDJiGGT7W%`5puO0ZcAvmvcvX z58|yf-WhylY_92=JkilZ?1h4f*}tiWkcFdhTW|+umt0u-v&r6rRS$9kTO)^Wv z<-P-|HD;rznC^dWwrz_*h89>dDw=S_{C~@d8sJdSw8gc?@cVjj%3)R37qYMo6PdFi zMLlxHab+WfwPg-OQj0sy5Qxddc`iyf%lv8zpkd$_@!#`$b>*`Aj9>%w?tG?h)?XmWT~g2n|t; zwrY%|T8-e!`DQ>5D+c|mPSwsMTtgq5+;MCZUGlz+ucBd)HalN z72wVV-v_i|m2o^+MPA zhCH|r4XeWKFZY4|{ejRrR%V-&J%<8#Bz*eEG}QvW{r<_)DZQPit-pZr@)hna)?MU$ z!kj7iRdPjZxe5A-;i>g`eyZFAE+|Cpm%On9`X2isBkf~rz3{F?Vv5++$R|0tNQREQ4$)AoEo?>dP>@QI8$sG-+*FUf9b{jwb_ z54(ch#GSw488Brl4$1RiPndqUxn zs5-~ll~DSKLG$k<-goH^Vao^TjZL=d_%Aklvn^!P4arq+X*ly8z*gR75ym$Q>U#!{ z+NbB66N`2pJa@E?pXEJbPBCqMD@@M^T-bn>Jqale>;mJ2Zn0}j55Z2vYy z@hi5H8G9|mfnoOD{jAz4efyu1$EdgE#Jv-(n|^ortk{4@`&C8^x zqMy;(@P*CF1vs6RRsW2{*|2PZo>u&1jHCa9E-PE`KPY>vs7RnJSrjSUA#rzix1w-& zcXxMpcM5lRcPJbZcbCH5ohlq2{if&L>AQNZH~o=cnP0i$oE<0j-VyJjNS7mA-d`4G z4t|K)|M&?efAfkhc1PJ?Orm`flPfM0>f+4uj+lzP&;oxYU|I$qIVAM*MtE; zOAyChx9>5ggiPH6ydSW{fAlA+(}Vxm+$V+h=WSQF+zs!IA6l3HHBWy@R|%(AkUi+2 zhEgi+52^&gMqtR>;e=E7{gzPqFp}MS zwokw%V7QZRm=}FN2e{b7?t|Khx%-WFw`ab#z|3MhD!{TyUJ+r0WEI?_T_L{LVU z-v$l+cRTQB#_y$zcooM~P{fbO#@VXA@l@XxYLjT#Q@YK?z~9BjA#Qm^{FIbfFX{t-(dqN3M+?ap zX`K>s!=6m2G8Ch^xDk&zGxK*`kmu#4x>k0t6S_@!DxV3<@i89Rs`s)A*vrJ(t%c@z zd1c9yWt1qp!<#Z{6V;~I+ZF0GT$Vrv@p9ZwA%2kRN^SHrhyk@ta#$<%P@^)7ZD@Ru z-X@oN@L*N|lrhM5L?TNZ%?Yzim7}_@OG4Z%^I6kWW7^Tqy3pO{!GR&5kZN)vlvftS z-Y+rLKo!efGc?hYy)vhzJ)}&r`?Iw94iLsM-s}(duX4&|x@7~|mqZu) z6>-e+|0k!Yn;Ke67&=?H7#i7_{$m+{p6>x(!Ld?dfB0 zMZ(S~g#GSIq`XLeeh>aixX{rwv}gvFpWotNJ%+3hLe9et*r`|6QbO?tK8oBNyL)U% zdr%^W7;Yp=QM6$%S1kZOLX~Z!iQ91O;2_KBQ#`ovTtpr;(wLIh3uc1p2_(A-p`0^0 z!Lcqnr6MiZcO2=c=Cgz3N<=vwz4-i)#f<2Y!3$7>M%Aq4v0JrlXrlRN?Y^+7_+g?}w_qcZ>Q_%ZeE5@bu*2b!)2(yCj);M_ z#wu&nJK~tjuwmD}ubA6<%sMm0`oNb27cx!a|K3+ovub+1ekulk^hFs-S%ziq6qqW$ zT)9t}HvH*V$|oBi3O}wTd>1_{uQ|c9W_n7$i*-41u$gaz@3`S^VCRd3-PRC(feUNu zkXyh3MoC-E+kq zj*vrw=6FKEc=I|W^amd-f~hYzo9%wxjVDo-Fmyp z1pIwpz|gzf354;=j4XyvsU*z@9o2xIh6FYuSiyUn5CvwTndoN;VbKWffZ(_ZoG^AB zQw7W?7GWc!Egcrt*3$#lBvSnx8Bi2DjCst_ zX0?5+_onOPt9IY*6@{!DEX=PQoed}H(0x$OBj5!$NZ%yanqfB8!kr&|rG|q|Z2Qj} z?bkB0%o=b4egOveOByeegaX3A$YI8nIy*+j6!tz`W($n}BraN83im`=URIu?5Xa;C zXab?Zv93PUC)ySY{J4n@E%UfuhM4;jw)DP*oh&x)W47BLVi_shtxeo2N+Wti+iNK- z%|&rI#+WcqF65DfxFwLU~ML(a7%P{W3OvCo8tunG9>R{Sg$M}n?sG!w)N4vv~Z0s(@K(Lf2QLnLH}%bZXZbj8~Ait5&- z3ST-xD1Bihw*(U=(puty9dgfr90z^oYhow2FOf1TSF)oo?mFLOw_#x>bixFNuA zNDIMeERG)mT2+VPuo`e8^+Wvy_R?Nibej~H6pk04v+DS_71La9*>f3%W0oY>8GNYN<1b2uWvL1L5utNHX;5{L(V9JQYc6VOAPGh~n9C@;A~buy<;XF{Ei zhd*w~h%?=#o`3Dp_ejBg^Bt#eKg1SNzf0I3A1)nDr3_z&*1EhJi_u1&Na@5K_?%q3 zSw)=zG{v?letg6y{0uK4#nK6?4+&X8n!& zl|7-j+4;yf^oXNOC*2najwh*Gatat{dFmZSW#Eu35RB#7`V&b6+i+^HNJTX&<5OYanYV9O-Jh@0_^9D5_N@|Na@&AI^0UlkKB z{bU*fb2&}~A0ZIKTFnl63*Op!BwucdaK`})>*)=*DkRv+<_oi5dvYAKQYC@6%wgJ6 z1Wm)TDK1(J=Z-4rJ9ui*=mNC09hKes9UL_KnkPcNp`6TA>Sc%ZGAG=7-I^W}lgqhmQ|$fO!$>3KNqcDs;}Fllk*O`&ZGWG-x#QdoAPTz@b$cwc*YQF@;B zqdm)0w5|hL>+<_O@2p3#K9Ai%potl(#;e+^sb>^h9R+TZ_<)_R7F|%Ne;L?bu}RJ= zbWeDhE>zIx@CRGbM>QexZ-qZ#aeQMDe-CKBV8FEI)q>{Z9)q;-#D5PT56JPYI zJj!bYVy!gkdpStW?@$mXGD7JcJ`^tTwYBmAulb$Nd*V-v9r;FO@Xy|-)@f%7zMK~{ zTkUlD_rO+DIRO_@+@Ho|1($|QC~Lt5{9zcmSDQi`wS~SR{_%ff;~hx~$VpVQv#r|y&U1Q@5Gd)z>s-^`)JN7zRU9^oi28V7b) zNq{<%L`&Ue_%AyihPyO>m6SHPeZGmwBhOURS=+1R8@FHvBqVgHI?}Uh^BM&nhCSQA z?Zp?0W=`CF{8X4#3sjH5v~l(V18d~O-<_a?u;GW(Kk3=KX#ZG38m-hW{=#;(gLLl9 zZ)CqAXo80#7HTgXmb7E7*H7PG=JWDML8MCW>W#YkzwKB!Pz=b#zj&qLmwPPNe|BN~ zgJnva{&|t32#mZi8Tz4XB2&f^SPA=Ooy)l+pGl481}MfC}OL z&Hj7lt0KaC!Gt?i_Evj&SdZ8g8jI-z!HlmQ-Zj3<-zo1;N5bPH3PP+PVRY0f@&r*s z*~ClZ3gb|T_b1Zk({kzCT$8!KOy*&ReP@zB!f0Q7*C;n^9^O*P-9k50)y#KzQrE3p z@ajytH+5IMD2Ar_=j@>hPscYHb9sn8*Kf0T5DSv*T?VZUe+4PVXX0Bz{Sik09>Wg# zonSPudWNg1UNpk~p_SaQVb|ksH-A0(LwQMTl*6mlp)KUPoR4NWxD`m^D*F863e9RE zCQhN6y|t)sO~4fuwJw=#V7!+c?MR!2%Lk?HE;PeE52cm<^&!* zA?sCdHZ{=rydIjU>sf!s0B2R}$)dTN-L!JN8f|=m`KE)@8+<#}J?ExC)`yWc6cTK51=)I%hx&n&*}5MzB*PB`KS23?fI zHDp7>6U!Q-@-q{CKi!@-)1*ON7v>&+&whk7u~K4N*vfbjS+T4>#Pllj8&bhL;s+n- zcfue>khxO^F~H3828`&0l(g_{zrLnbQEo#A;68S-#DQ8VZQxKLC#sfcq^rmhr#9>_ z4$DPaJ87tDF}GCxOrt(F{u$-JRO126B0b%-&!1-S#EJxkaCD|O^Z_C82 zXY2rOZ8Z@DA+vPML@1G?nHbbc0!?BJ%n;u~I{bhXJAJaaNuhk%s>Y}W&h@--Idwja zq((F_VHgZUwq=Qdq3lJP--~bLtm61YAZ^dN_nAdHorpTSYrAvnb>nrzd)r;l`?JJ( zRE&Ph&5#?>@~Ik5lPft`jE`#Sn2qls2s|(Ckg=WXUi8#gG82eH;3haypyPwBKQ^R( z%Wm0IyE~@?*kk5?Y=7t}*v(>?1h$#%qd7gS&+}F6Qe#Rvia^R+bDa&cGSCe-$;CvK z8k6jBYx3nri#uo>#ZBDs&Sxhad0Ofv9CgljmG2hA5#XVc_LS|uGA!<@Fv#u0{Nt;b zFlGdE^k&;I`)#lN{Gcstc%0qV07g`164=`B#_=c|LGQx>LEZdV2+l|VSQ4?-Yd9PB z0Th3#_L6%H2-hkhJ#8wi$d{nGnw}q%^}VmNwZ@M<>T0F+^_{M-wXLo-{MPH7ms$&3 zbL%TT*1*)BmP@{s41|EaXwK%pwpTWnQH&Q>=bQ6QnyEUAKI)SZ*s#(ae_#H-o`Lo3 z80fC9DyRKuQ(V>tIK76qn>B|T^_K@3mk6B1*Q$-yR&G@qSi>PGNcg1*SUe1dx#R9m z^=yJp16)I2EMwv+9BpKO7Yh4%^(~;oA}v3Q`Me8@ZEk7w>0?48Ailu#3Gktoqm9(u zi-r|CjebLh74!Wt7<@SDss!|PcRu30&!wK>4>rlGMKkCZj{vC&dMz==X%kfxV-}#X zfMQHia8i|(`%y-U{`s~1ShySmJye#gZ7?NS@H|yawzy^OI$Q>1yBZhz0=P0q*szVb zx4?TP6_-~r)N@Zs_R{@}SMmTr4W z%!3JusC)#|+?oVoC>Q)f8Z4aILtQYh>^0BY8cv&~TxLzOasn*#_Y{8A{en{Xr&`no zDzhK;!jd(CAVoDan~(H~s5F^ZtQp7H3$Gy!O!O4Lg#tlJv{OT4cW3=Fi=Ig@fuwW6 zW~t1rwkV(cVcaLhYjd*{9ei987*$Gv!{+-=VOR{sK4cgK2mQlqgK4U5RN~LFw!RpZ zL4Xb2kBIg`OPUh|r==EZ0Nf)kz8~xBf(S#BGtYA138rqv?-L90@VFKWRgI6pd6njv z^OGS+{Ko?25e%E9284C&b;$>(MB?IIa(uL>z_2veY@i_iv7;am340e?Nos_)J%69X zuXul?Jzqg!y%^mgiAN9J0X)AY*r3b9jJQ-#wSdGzr~gxk?Bp9%22URMuUab#kA=8F}_w!ZH~ zwH;7|OSjA$Rr~t`)=?u`K*Mc87-amqee-I&CZzB90wcIMTL6LXlARte7)uEyvvrok zcN;$YBR4%QYLmCun%@;n0`zstR#tO|O_L537V(Y&BsPNgNx9>ZnMr9F5i+(InoW8g zKJV{hWJ+@i`gQd^XW)8P*seSkz{)D^+DfhIt@yPbP`x4iroc@WU?|bv{MI)$>}1dF zlwEU=tH~|Ex`ae+P$S#NJXssrniZfm%zS8Bg}e5n?>d$H)Kq(8DI?H>?FO_fJ6@QV zaEe}IjPjHwuCYFIKR%zGSr6!_J^q9Nko@YN&~3h9IK?jIUe@5%95aISI55xfLmqxv zYq-O&l^HrWHRQ3y*O+U6!(E43^Fw`p0vt7N4`K8BVQroSb|q=9)A##s(AKR5!Ekl4 zTfu9!t+PTNM~29FmV<{s`>rOd5^UR#C2omH5evLg*TZD}(jJR79P5qLpUV;6xjXi9 z%-j)&*=YbIaKj{YIqnImFu!L2xqHdU+N{BN_!CxiS>w22`CIl!)d34*a)AR70FHGj zn|-Rpo}x89BZ25Wvv8RyRf}aQyddQ?)MG9T6T|hB66IX7QQV&+ zeRB@%8T7eLOEH#12`j&Wv%?8YrV4; z--D(<$?f{;B!G1pme)*=e#S<+vH${#$aMStIPO*Pv{lInNsWO zv3!WJP13Sj+@_>0glCQ`iR(y|2)bc9t-WOf0>}@9nh+m@7B6syz0qE8DPcV$LHF)K zpHQ-|WtP>vh>ZQ8a?$>$l6Yp0Wnn0-N*-52t1LFj#=N~%RupqWel&m%{!=#9VzPqu zaUt6K=^d@ahjo*FEg|y0Ug)E3wmktVpub||V*^-Py%IH=6)CzJOW59+vdD=ehm)pl zTShKrb_j75vfyG2)Av?0Dxs8xJ0Z)5YF1$sEt+_C=}}5(VHI{=e%mV%p19qP;%Oxq zcU1{W^f~GwjpCysCHesElwvYj<$+>~Xk7BTVQiVoOtpGdZdt9&hT6L&?%;&8Q=v+# zVxA)89xZd^z1*t}FIdY_qCtu}J!y#vHe&WMWafz|EkWWbhssp=pvD99DDo3`H6Jg^ z9YchQ%f#wiw_cJwRt+~$*R5Ph!17|Q=sOqAWZ|v(%#dPxrfqICdFy@5>A5GZd7WO@ z33T0h=FomSG2DUuI{2E^!~C|KlJ0lq+CV9s^jCz_KVmh+qZ|}Mys71g9*aC|6?Pld zUb6*Wb0gPoEzBq@rqzVF*jj7VB5)p-ZJDaW*4Re}zu&ut(HWzZ?v|xwHSe+pSpNFO zk;QJ7{?w%wbMw}~+$6xE9<{c}YbrZ3y7UyRW3Hz4s03Td*j~)vK$P{&sOM$UzZ_&g zb5p6}MHSQ>oKToG%UG7<{#-D7#fA);{H-WHVaImJ&f+4isfe2~Q}RamsU9I-Kk)PZ ze+)oN=^Be#Za5kqefc|Te5nwO|Aw;(I(ym~i&@&3N*LOi*qAzzeNB@754A8>`Mi7=n)LDb@(29KRd z(0jt96I;LBkG7nzMkZ(UxBWrd<64oB%+JbqZK$W08lvvMN5T-(KoU7HHCoH`C8@$hGnlecHu)Na zY8Rv(yguL9$|n7@2lbx9v#W)Id(2%ZuxANRzX6u-+5-k)OyoMPA9O?;3mhxx+4)P9 zWjOp96hYhnhvxqSGVVvqT$NvN>HKFWJvc!%(1m?+il zNS&Zen@Icqaw5>+#|kQF(DKCedeJn)x!sf9^hoIc`2ZKd%7l6XRKSD!DXWmJ-12zLZWv1Ld&;xWG z6(-`@qnFlzbj%Yj^WUZJxuqsnYD7Fo$t8VyQ_Y9X`r65MlKRaSr*nA1ZDy`3@PDm` z%hlO&!77hbXhhU>E7E?^ueQ33&~?ux@J(68X^)+`ZkCTjrX+o#$I zk;aP&Q%!;vJmZYw{X`3|t+FW@nS(k8K#R}ExKIUCia8QfNfED8@?>V$aH)Bj96DQ# z!esoEOgtt;-1UVszP$L@CgjjWHE$|8Q+C(GS0(s+Zh-y0@lA|9TMADp=V)!tFuOoRN za{KB6aywy!hwZzhRuc7`5LJ;Qvi*qO2{*v#V&omaWJ3`JYQfm3a6RZ}=l4q>*6u%3haO-vlzu=`7%Ke=y=y7o55yEvQ z_?5t?Z%4I8Wzglq5|Z31a|01qivq|xI4>2o&R@i_k_aDI+apn}dU-}@73u1VR3Upy z0EuC`O3*qPQXJ+y%I@=7sQ%$N(%=ng|L8abJ@-nt9njBMjY`nz5o(|(Q+3SiO z@d4gV9J-o({`X?lUwBtG1o$D6-C7Ol>;jETE9>aNustg>p~N}FM7pk&L(OSqm62vi z`eauZ(&YL{k>%E3ry(kvc*kRAK&hB>v&zsU7ye+z+A^7`vERk3y{1EuOO49J^flyS zo)&c0Ck3UG%^4O;2wSxolELdE7)5&95^Am3Ec5UM^wbRGqU99uv_NY9uVrV1jtbsb z_}ZxP?~v}RQiH5Fx;C5J;GDEeIOF&RAhy$O&tE*E!wukyL6$MSM9w25!SCS zp5U!`$DGfEtE1K~oFir8$Le?{;!x9Hz&jvYm|gg}gXY)pX)C<27a#S&MQw`Kaj4pm zTBr6mtFYYzxRy$V!fdu3RfyjFNGk_c*Rc00QMKxqKQT-R=OI(Dd11o$!z5X4-6y$1 z)+QoYjGEs;I>JWE3rbMzGxw^ju%*VXqQ+ZT7C(dvRog-(PCJON=O{fGm%iuxz*kg_ z9k#4=kE-yqcn9sGlHW03aXcTV&>FbRnQ6g@?<9Hm)SU?IP@?;u<_AgH#9 zg49W_7hLCE)-NGM@D)o|&K;oaOYKh)F!7(ovL#gDMF4`}Rvy818RHNaS1zow=$c6P zh^$iYEBuXNUF;B^-}+%b-BIZe9#+&q``VEK!b+q9LmmCA>Vr=^>A(E?WSG`SMdR&a;<*ddYTD!h(NR4q942EAA zFc&agZ-6?!p)E=Uuvf5G%nb0r`M!S9qgmEugz4QrFhqgCPwY5&hMf~MyewdYC!Rl@ zGawcFZuTA?T@3%PVo|EH^Rl8ghZ1Y60x!mn?CD=um2o3#qB1!JIrNUFy!={)|GD@k z@x?r;ixU7|U)>L`uh<~^e^Y*hZ48~AW$X=2Or5@-DYAxkhF`q%zXxh!RnFxWe*iwh zx&c-xu9~7KH?5;~zW_H3?NSP8NusjL7f7E7mnPUsS}eAlx7;!h>`b6+A2*;rRQnlM zVLOcpw)5PV?$bW+)21)S*LB+u zeXzl6M}BKa+Fuhx6lc6$Q#oX*Jw?pe&DmaO+NM~tq@vnSu^KS1_X0S$sSAM{k+%CSSto77zqSvg&K?=km#CQn`n_-%@ zt5cDuvI?6gRX-KDd0&omFb)#OX+*!_QY715It@TXh2d0W`MB^=Xr%X@L*44YonX>9 zf0v7;ni5N=Qt$f7Qxn-^g!zYqX6n4}4=@6@m3r@TmepZ<0GzK`q0bZ!gF&l3L=jGu zkL6}{0F96RW^#aL8J@3A0SE`j$s`#|ST6w|xTP-aBk|I4Fmc<6stCD$`9sEtpVkA1QI}h)OxUi(pzhzX zp3`E$5{2Cy45y_VBat%I$uOu%g?mMb-Fz>Jusez|K((+8CoF+nyYU#Y|KeE~ehn^s zbX6eXUG53Fb~dxjVh65v-l}AVJjNL8C0k*;Q|BB|<7@mEv;mLEIb=irAl{(<-Iykc z?k1(!hgXnuxq!ABZBr#}nz+iB`xP4adTcS~+G4_-Beq%0W8sbKuJph#-k$51DF%M} z=YMdhe}Fhsk-pjU3&aBd5s3epsga|yF1P*znco^L%s>JRLQCp2R3Y&PbBQ}TF>yX> z;xCB`5B=;RI`*&ae#KWLUyG#=Vf~74Drdq1`Gl&j%aJNqQ8;5;QyCe~W?zGOuQN0H zAZE9Pa2&%^=Y|+L>7z#QXt^W%2S-8&oR8Ncf*{K(64?Tzu> zMddiro?~I8?P;Mfcmnsk# z#j(RtBvoCp{>lh)K3o79cpGf$k zm6cJZEmU57WuiUh(i98rH4nKbP5)q46=`)@t>}HnpNo^yWAIjjaC+J*bFJ{GQ@En= z`W51!jGyYLk0(m*^D*xI&NuU8bP9;OQkf zcqdT@&n=!a{28f!yd@GHQ5gJ@nIS3_yA59u&wPjZf8GKAz;FTf6*1x$hTpzqfdBnP z{Leg)SY=!51qFbg-Af|7tZkXHx$Aw6vn>ba91;m`Ff)3{Bs$HzUzX0iwh_yn(v80C zD#cSj;Z8j2jBL?KvuWT)65nz5ao54vBcXmTs7G85PGx&t92BGrAKMLdJc8Hd$?EK_ z$OuI+^PwPRgpd9pysh~_*~YZemvvoIfj#dp`?d(a-3Dmou(Mov(~g;&MqUB)o-$4o zDnhYb0}CD&z;#nRDT@D2Q9#1E+`*l}sBy&>Tzz(&=>Q1iy)IVN6Vr|)3G^wq;>G$~ zNT;!(eB+Pbza}EvDUE2{2ZiOxc^NH2l(Ityw=bu7;J94bVv5CUQ+oUM=S146`&$AZ zgmcZ9TW(&q1F#dJIipQq#;!)3Xux;juKQ$70av=UO?7{{A{tlG?MrZ~-nY%%Rd8yK zWKSR!g}ixDPr2?~Tx1_+nG}N!3u_V4Qsd~+);+BDDD0SR^c)G{YbNfQsu>9)4ELoj z;3xFhkSzt$qLoLh7FD->U2|zH*2n4qVJ#2?X9%}3F4ajmsrfBhR)ipH9gS3TwuORQ z)(;P`T5)VOHO@@duXve%AWCMwSz63%mi(|l)bhkpF3=c;O&}XnoD{|^@tq<5{?#4r&D{~^ zx-lxf@Cofo|NiY?frTJs>5KIREX}XE+3)}B3jeQlU((LZ{+|tH2)p_*ij;(RGO%IO_07B{xmXGRP~@&pagAV0ufoHBdGN#W(d zzVp@o#)yU7hu=G5ek>+rs=`8p;SXVYBs6)~MFbNw6J>GW4?D5UGmlbZ>F}Y1Btc|+ zNa2Eg?%*vrJW;Gk-)&5%m3>1hA;>CBiIF`tyZ8|HIQ|tWo$dgn(Bfk7D`)Z1KMQY& zlAeLW7~}L0!*8r@d!v7FAiH1tUIM_{^l<<>Q2zK&s?M=XCF=;vG{zQ$y)z^QIh2Hhd~*i(xGCB~Bbj@OTofZZkXs?R)WVXSwe)K-uE zN}3cnw6?`JiskyLdgkp={3kcMk{eR%NBFB-2a$CSM>tyeiTe}QkxHj(on|F8cSUAL zG;(~~u(Xw&r~RH|aCJF8`LF2uZ&oR6V`^yk-)WR7O0xC~U%6!aA??g| z=V1X-&sM}Gk)#e$?L_%PutG%K-Nk2t>l~WocCl?*BYpb2<|;HQdwobd;;NGj-yKf+ zb>E9I`iIQWv^`E5JP!)@jk0DnCX>2Yi7p1EW=I@q zD4enJF)dLMlz$#Kpek1wv*Sj}Ocwi%C96xO(*1=tY$GXimncVCQbASQCrf%ADkH5x z8dMyotkIAa@uG4u+PkZ_`%TggREd(Y3i>2Awm&4-7g?flm-_CmyC6E;YVD;-z&Lnd zLMCU+ju{U_6jK$a-0-(HXZ@Ln$t-QQYLe8$SoI{*CoO$swVmbqwBd=)$D{qq7)Cbu zH-npx%iKLmp{&Q9e!K{Dj7f5o4F>*X3qV;fI*K2ymDcnQ67UOeCVEK4cWjH+RVY6` zq@;^)AfRpO@Un!6$(gybpV{~h^BIr-c+~JZ^!?gl0B&)b%c*{{wV%5WuDbpY{onei zR7D^{vveqmxAO|@%x-qkM{En$dtVEy_7qi3J(M1+Ka#b_eY{bXN|&XxB|Veqvh-=& zMg%d(zz4+1*)YeaSuzXc<`MH)A;Lz({$|Uhx6W^X%aa)#Xpwem;Qs}aAe>Hll`qb= z3HzVGAbCk%5qQ`&WFN-I>O_U@_l2w?4+C<0CX<_x; zm21wWX1T1+mx&{a-QWzUR-ZbWSG1LqHhVZR>1Qj9tI1qa@`~#kW|t;q$|(Wq1_!M1 zm!ME&5qF3gvs|*$0SOEgz^$9RIpzBmAuVUedi2=o_!YT$Ymeis_bDVZ7j2YS#apt8 zr^yRU%;8DQAGMexBwEnIQfQp`u{0#j9j1~OwO$~23vyihYH!3JE2{CElwKepF^U>_ z`4ztrX~t!6YK}$*0YcBkZ0J41qAtm#W2yHc!XQCkBa}H?7QM8=`oGfS8b@OiQF05QZLo*mN#h6^Dj+V9y_yaUESvl>qT!MKl3bF5T^N07Ie3arq>NsIAM(Y0N;id(U^fcmTqPJZkJRDMJer^nZ`zfd1ZUV-$R zk>FhO^MFUsw{gOVp~{X;ta1i@^;;Oy2rqF}g)7fQ}m>MxopDM>Jhhv=(-q439O2wuvp1=9hWV7U;-k;*pSgSxTq>snF zxm!Kfvb0o9v38suw?uv?EacB_i6SAuZo14f2xAPCva>;9 zbijP)2+zcpD7b;wDHw&{SiyU}Y<>x)_XkJyNBHw5`}Cx3v1@M(wP{Q1)h|aGwi;A~siaGluqZ5Lc{1_zQ~6vxI#8j*KE?}2scs@%seJd_$gnLm|XzY%vxIqkURrz+@>rVA8ie1;(U z<M)(aq|&s zi13=a;@;VI?0QTV>^c^TJa82m@=Gmk-ZB0we^fGPDJK7_oFy&sLKwnO^A9)i?nSx@X*wjM*=vOm1eUwn*vUJQ; zdwR4B&2#m9)QXbPporG^FVtW8UESBHzBF8HDYA#5PO@%(vRt{5-u(d_nXAzCV-9!Q zV({y=&~;KJzbK0DV*DkcHj6P@h`8wJE#LD7V{Ja=eH)@7r#9)uIwLXG0=ks<9uPys znT_Lb2u`ku$#CajuF(S@!ywwrmK_Jv&e9KmyG3+rya*0zh`fUT>mQ%#)rX~w0|JuD z4gx~^za{Sf#nMZ(V0@Ae-#_1T$$XO@Y^C8K28a(CWVIOtsluJ8Q(B1*k#meJ^reW% z*d+tcIC3~yaz+++*1ZRN`3az?V(vqv^uJ~mZK|9-ynUuUsVgRTvS zcU|9qAG!Wc_%xLEC?Fz|wCE(TIf{mmdq6pa=Ig>Q&+#N7;CT^GeV2ZAT;!42zwmx= z%=4UXcq1bqd#ve~J0(7`k0rn{eLE+Tt37(}(Zh#<V9JvP`#zT z<5DH4f*7?7;y1a$30yF8sLG?)qc#8C)iph1sK*$O04Z*AEG8h%O~KcO>(j9lIYCNX zmgIM}vwzqiN#@!`XOlXD;psBI4=<26rvG@)>5-b&OZ_yHc-my@U)J}jMw|yc#<=tJ z>EUBQ7Gg*q5%tTQ)JEvhaI-}t>9xHf_v87=$o}-@2ssb2>-(nLGd`j2 z{fvWh`1sb9Q{ft3;45inj+9SAy1aWDrcXf9c zZ*m^r{e~uxFGSq-YKgXOc#{LUeR!DX^=v2L8fC)k8BVupd^7Xrl4{}1bItaoHzzud zgnfzX<{lk$b$|cfwKU=V)*MQBGd~gZA?V3>a2)=Og3V78KO*uw9_~~Cv!8$Wu-i{- z8VRdwMqd3kNzYHJ^<8N7tt7^eJiZL!qa`hm`AL)Fb6$gP4cXedX-~$?m(6PESX3x7 zB*lPcp(sqFd@0IU+SkQ4W~{HAdfCd5jnOEy&?zoG>Xmqw5QaFw%Wo;mg${Ys5BD;juWb`sy*=oD2w# z=q_x829Nb81@Cgx9CklnaWcN|X@7?m*uL2mAs$!^+Yr%N#A{mvwbLO@0`*%N>_WA0 zjpz%YTfg1cP4Xqkf@;kFtj}C=CDS&}DuOd^K#=i4ot=ai2ac`D)Q&sSrf=Lg<4NNT zC{|S%@8i(+&^1#SMP7V+h*IFA+nz3_&F*vd!036A7_@>D%}gpNZZVLKUdn|ZDg1FI zR|_XxYm6jM!KLsGnI4x&Hx_m|uzgSkM~?1#3IZC6&=iK&voEppj?8cz)5=zMePMQ- z?ogBo<~F7c(;OOal|Ggyp@93gH7-_-En_OFmme^qqHIAr4XA|^)h1Qj_+ZIqEbaH4 zrEkUr9k4i!fQ!+gH^)VJl7^*SbFe94h_*Z%rr{(u0%Iae=UVYK5d=v@9!OMK$~&Qsfkq(V{D1 z>pV7HOhGX)l<CsL1f&F(@@jac2s_KY(BO{Jf3s_RqVCG>g_rQIIyta?* zX&PF5pMZZ7+rC6FSNNwDsF-7LA!FCvR(%RB?xKN+w{z)yNj`>eVA_Hndi)EOggeiN zGO@q|b%;BE#wL=hVsjhsJfcmb6%z8WrAw>dcz&}PJoCcPqy+tUJyWtqIG>FY<~vpQ zYUcsdsaprIxbvh8ve)RY>J7(edpEPIb~PYNpY!?g4RWEruAEZl1H3oV!|0CiS)SrE zW1D3S2tn}~>SuDZPSFdz{)&Y7MCaZkx?_Fz{lINjs&Y;p^FQX4^$On-jdb!bkp~0` zFg*z;efASF$3C4U_8)xi$IE_Deohn%phAC!=&?O3e@qtZ&n-|~ANyzV1&L?Aar=Y% zE|)6jjOotQA_&;fgKGrzS|I9l?$4m@;S zj91giI(FtP1JwppRB0^ckxn_3Rjc~LDw$PlaAp>J{|1EUbJx~_d0ww-h&Q+F{ZK$J zFoEz9lx12JQI=Iol65W4402ldjvRZ)9SrvD;1pC*T3Pf%*{$zdk~QM6G;`RVgcN3~ zG;`YF`?XR`AOcyQ0*V}nf1?np8dpZMmNjiAeU;I-9@+%9#N||z%yty?T?%h)s6;~^kg$zqP&*C}Ul0Ml%4lT=&Pgw z1J(x@GMq*(N?AjzthGJf2rI;rFpbAL@1>&;o;mG3pVDH>v))ONt&O;?f z70;zw`El%vj-^`VXR@wch$U7(D{xebDl!+1l<9xwD;|gtyuKOo?wLg9kt(Lf@u2lB z!R!H~O&96nO=XIZ;Npst)vRTq&dP{Ag>}vJzoN?^a?{Ws@SrB<&GNQRF+unGPtZ3%=YhHZV83 z(K%xxb8kCody#oxS;cADM3+MlbXak;=;~>`=5?>dGyp?6tR?@9Rqi{KT)%|y-p1@CO86+li`mh&>>Yzc3!*jA*tTsuIk9cqww;{V zHcxEZwr$(CC-d&io4L2{tM{X8|Lv~YwbttX)S0rEtlQUZ|0p?N1AlUadi2+GYfjAV z_K(a++_=!TR1%4&8)azcL4e=Knwv>mFcy&s9@xEAsksit97d#8JHU{H9?EhJ-(fL5 zo+yYz)7VjOnm1UM9Ht|4!{Axm=j~qb*+&EM{awQKYH&&=01G=>qAAe#ua@GhR=DcT zeVnZK57CRX)#V=4A1L@WeHS)p=%PRKBa2a4a2Eeo3!9ln^JdT6_Rh`}ysk1GZZGmT z5fTw&#HdjGZgO1gC5p}Co!*WKL+lOvhF#krsDi$ltZR87MKilQ_+R-LB*P`1G6H0s zjndUIWveexQ|1MeJB(?cgElFnCuTh1%6J}r6-^R4Urumlw!x1@midq&WNHrYq%9^q z$6mrmtwKB3C_`1zbuy~Mjoh^HX`6ZnHo>=B@VgmY$P!jYvIIE~IYVuosqpW*wq?n) zJ{%cCfm$XrGSS9!Q6gq7f*Hc@7*JW4R_MZA<}**)Q)=$IH@(~J@EC1IaW&$P1f1Yz zKBOyLQBx9yGtpcef#BLCXyL#9z9{MTsXvaAgG}UC_MppWxOrh|@5l1oWCBhDCn&ac^zIROjkY4K?&grrx^o`SU4DML@R ziUNZX&Eab8RHXi>jg`2wgV+TB{Ld$@}leKP6_0 z?7SXSNuINbvE;Z^qrM~3GGmy66|9_mQ2a^P4RHs1duNlfDr9SCVY0P2n27aUuNlo_ zjc+_5$-(=FfM825&P0hEmH0U=qTa_~(HXxmj70eQex3Zpjz45G=wGxjUWPV*JJO8T ztqZe9tt3mECAz~Bo??Y-{DrQg(P>}pt}avg=1YPb``dHeUlr7w{C<>lonH+*!a!*X znIdA_sTlxMK&Lw$$hnHLAR(6UMcsk>rNv;i2upZ|Il1d2__&1ojud4tfaAJI$6Ysk z4{u?6T{>*L9-h}>jv#(6IIiQ!0WCSV3fGud=&>{c`svsLtNp_EuAi}I7@jNK%&_fV zQ?4Zg$9nvqtCfaKdsC+nZhs4*xOnjxLMIk)HkuX2RUMdHRR)ov=#DZH5uc25OGRbP z6S!74MU5w)MYTEC`_}8)p1>CcKJ=;}{RzU=?W)z*HTkU)Hj#m1v?O$GaE9vp02Gx)Oh6-cSUt*IF@Qz!bck)K0wB={ z(G?Hi?XE*;u-sQWTjD+3j5Hpthl?%u^K3=oovND>|rs58fnuLX>V) zQ6I*|hG@}wQWk%@0?&3F^6J6#3x{(}O<*BCxfb~-Uw*Aq)ps&&6Kd@PF8lb3J)9N5 z{V92Cbeelaif_o$Z}i%cRQ+JPUWlDw*lu|0Pk`e`MxIGq&mf;i3i$jHcMP6sVsm=6 zg+%W7fBOZesoG*ad#0W-az!U?!Mcm4F5t-laQP#r4rz;MpT2M-tN^81E)k4Nea z9~AXn{-Y z`Zo_XpobSfs-2geZP{|!7d)UZ=C$<1XZH}yZE+HM(v^+j~u!g%|Ra7(^Gc%lvO-UH>N{9{% zAP3c=t*Mb}bPJZC8U3*p0BqE-`zwxVAkvLvnGM`dLX=d6GDFWqictjGlS!@)gIj&YnWn~eFAC( zty>ve%kS!P;r>`;WLV;4#8f+&XV5L@oQ7@8DsUzmIhE$ko<1hYo^asAzln55 z)|t*c1KZ9Q@c@hRChU}P%!W_i6@L%t4%)*F{@jkHF_F(kyMdl{q>UD_eMbtwkE}E1 zVXyxJqV-0n0ytDkalDaM5AAhQ!Y1nOg0e7^{uHg^Se9Jp|E4dk=@Zxf=pb#kbn~71 z7k4=f^*5dL7>>y8nJRu-f9U;C|NiiwH*#B?&PRA%*_{51FT+vF-%XdOd$>4qQ(m6d zSoxkRYlH)7^0x5krH@jg)y7a+ZPJ)VNvd95?Ca|zHFSW_VEe18#T@!#fzIfV+ZGEP zJt48X=O{f`0b4d_8-PX3aA`Lt^}nM(8a9hW*o6Q$C(6*p_P0LI>xjKigdB{1w<5MM zyprTLCCmY_vl1rcC8t(0+7Ch*KJeM~nX+55eO~5GiHGHv{Dena7WWW){)^4OO@vn9 z&*u872=ctx2;OIDG9A2D`{_LyB2;0jmfyd;iOc$C=P~_~d{qK%a=J%~;Fg7WK$Mw_ z3ARECAZNhXz$$Aa$xSK|g+5fN1IwHIIY7C!GmIze=nZKSrp(;NqOdM%y8;oDv8_eI zwQ6s88_lAHSGx603cQoy=3TsVZPK24=GvOeNu9^1`b4)m_Vdkpp51McokcJI3z}Wd z4oI_Na8lNG%uT-$0l*nvsv0Cdx@63*<)yD?drd{;+g!|5i2}vPDjpWZv}ui@+5#uH zIS&_G8*#vvtsrHoWChsS5y<$Hn$5h1@YXL)yn#dyDx1Bd&WsfTSgweZ1Ojg%B7LQkz@Ju7Bfh4~kS!Y;(_mqxac0u9_Ylm?#5DB5ugvOq=j2 ziW79t%$f#3Ii|!gO=9(AoJdiU% z7cdi%XWNweK7nMt@||#a?4b@PB^R+S4^N+xS2E0Ix>lF!dVaiU#9k7@(q=B(LvOd0 zmA_NOyO5`GLPB7`#eDtKigJb*dmHCkz?0G7jXihH(dq zqqnDR9y3+%HeuZg;`g!*-{7aXL z+jv58h?%xstJ3=TXf<)0|qZBCK*@Mg!HCp$^AbjvPsm|Xv6{b4 zTWbg9Dh5plnaEBi&m-r1b>i)Lt}cAH5ujV`<^ivbc|>y!%=6o@JbdTzdf7k6nI~nA z#VyXI1(C>rG}@OiBUEwDEmvYxFsQhTc0ajIS9;U}>);hQ^)(SvKMrMn%P^Cb)qx9B zHy6FLUBS3jvPdL8ptYeHD8W*tk~qbZ1i31(mXbbJK@@qbT`XD_*{1pU@%%GO+9_2V z7O~(mfvS=vD#0pC;z>M_a?Wfzd586Kq(`3QpfS67BrPZn7J1xQ|34_RmMCpTPpmS3 zlj@SqDUXJqyc?70Ps#3!rT@4fgS#M?$y;`pVB6s93@ojhvC|xkZA2HOFW;eJh{Ikw zUY@W(=#A{Y{7K%|c*R8Z2}zlpXiB#|7OxV`CyY^jpMR3|a1PW7`;3xBB;KvOm@N}$ zJ{V$f2O1@L%@i=3dwTQ%xea&UiE6*a>9p(Hh<$K2;MPg)r5B4(*<1t>k?G4 zC#2&Rh|1#|6i!$kXuJI#;I}_?Z$^-Nu^@qs!XWR)*ksFf%1{mJ5u4UE z+)!P}jPp{GTcP{itqPmFS>6Peg1Z=^Ae=57>1=JH)S~I$TOJHm)y zz0J*@|D61p`Carq51aTuZ|__HOB|Pig#S)VoH%KH(eVT#9}p_>Bby5iU>B-7J9{T0 zI~&JWkNa^NZ%w)AxwKcqb(nPbWinx+U#`v|atDHOPHC>4^PsmnS+kZ=pLhH6t&8Y$v!8*#me}Y908Yofj0IpU<>Q+%nKd zo=STKr3kBEMtpn=*pU|3f>ANcBoU+OiDF?>#EK|U<_lm^l%-3&$1?`z=yK5Zey@x~ z=C5Q^GLeQ(CUSSS#H!kq@+^sv)GL^T#Jcpg(_975G{h7;l1$Pji}1aUq2`h-N)MTG%?@_uM1Fqg_F1y|pxJ<9frH1+RjCPB0{335jahg6b{ zwb_kE%fgE3BPZ}>g@HW_`hus^4cnq%QGR(ssFnQD0Y~mhZNHZ=gZO|U3RU@jZAyBR z+j;pdK47TvJgVEg49+3~sPaxPOB^VwT492p9&&yG97s$rl*harq16g~%9OFyl3mnG zHG6;>DvmHADBXbzAkv2NF`qnZ>zg@XklcPuX^S-SXwCM5JznS{5$0yu-s_`cxyPD} z4>fM)!|_Zqo0NvB2#rPaHXw5*E;~Yt8my zI34C>Y8Tm>MB=PdPbuttrNXJkvr3#6%sX7!XnKStkLEEJ-4X;Y#m8N%Tu)2cWG?Su zsPp*teZ#Y))5E8%77~_v8TlYa`5G|VPI9X(lzUT!K_B3&VWs*KVyg^Q^Y>?=^!7;m(UN#kv5 z=y#_OAjRTz2tMsrhivMS_kz6xMeS>S}m>$ zW~ybi(H-Xkfj}tl5Q@!6I)2nnO1o~#Vu@XmEqg!3kV zN8&|UzVbB(ld=5!4O4v^qr7t5`{8zm;+ z5iF~--&Tj&she-@#;+HMx#e^sRW^BGRa!jxU_d5l#?lQQ1(;Dwn z5boO??%@hfGYal@1Vz8pVdCq9gFzJFBk}&m&2z|ZLS~H+(Cw1Y?W0s57=7|TqI(DI zFa~LH5aVDV(Pg2&agakX(v&;sRt}aJ;_@PQgt_iI8SFyWq3cBiwi0a*hH-=xa>OV& z0ICh4dXw7jX1rqVq>2B9W2z?D5pECSGe4A(U0it3AA{&XJ|(}#^kg|@MdF*Qq|NvC z*@wXrpRte?#yyTE9$}1uQmAvsi5#>!TpNxTaJEPnk-EQ`b^l|bi33NtKr(-SX*1fa zjkSe}68ndJRlNJnAbu%=)Tma6NsoxGS{RDI1GCezY!g=&Q$|_ez|m@o(Zm)v!@#Y? zfG4{1s52$&L0yVUXm`J{+eyYMoLjS-^nSE#gMwvwCy44{sc}xK136h3JG?*p`M+>* zE{M7ojDGpsa}WRkr2qfz_CMNBw2F)pjtUBo9dCPj9w7)583_dv0Sxc}KS3^t;V1$` z5P<0`1PNAVF*6Gsj}lL`=*l+~yQb}`F=7P>jZ#sOYTGTiMiKN~Cp!YlFczB6j#!V= zP20)#%GbvZ-zUT_XFX!ph>iuBv$QDUU>8L(1MQSgTUJ>=@SkZ(W^|D*ZhO23r2Foe zP=!Sz;;Dcb5nL(G6i@9*>tA}7;2b9B&ti-q-C(DIguW>&lR?yEMSC+5s!a#Jd^ z_BG|<7aVpkrChRXx5)0ZcPUfbOoS_q?F}X$|1eS?6!S80hzljxr|t$!k#^bw-iYbOyP#e6pgr76*}&Y)@ z?i;PbO~#}wRs)a27*r@Z=f;^;7&xjdU>q71fC^(CTnlz8Fwk|`BJm!IW#q@~L z!52(=d1RQ-Hv)Rw0xTMOO`)SqFI?TCu(79kxIqC0dgg{FyC;Wu`SfQzVHM}(2D96y zgN(us;4T>CBOTuC{v>3KgL*@>n0Y)efr-JN8D+U?gnWYNwa?b_lezMNEl(=1j;9Ti^8Ng64H#~h^VX9tQ zyK-QtBs+QuFn<{uldPHQV$X%`(ftQeEs(Z87+eVl?J3@{GZLr=_Vf~V@=Q4vF}_{E zmj#;)9LCG zCWObd)k-&vs9uFFSo!MtD;o49gG!005i_0D$nnsZ#%!=gt4BP@0hLT1&~_v9xDn_fq?5G^(nhG#swh z$P}3k@u)aBBgSrmK=ogj6!D}5q|gSTNdP94LT7Q!@}}lI3$C1nLWlezMUAjY)hO$E zjg8D#NrGq2cI5IAA2}Z+8ucQ(A6Xs$ysq0$zEAjG&L$pic)v;f8V(BpFNafs!*((G zx)q0~)tX*2(8wFzRU=OtU)zIEfFX7&hvB3?-l^)`u=LY;$MBz_`!W@NB%V3MgqvHE$A-1 zr}}nQKS@!2he&=>`LW+!0DQyuK<>7@W~24I9Kid2DyV!>`tcpm`+oM|lYhBS#I}6B zR^Z>f-m$YDZ2^FRriAH9uBIwhBgT^I_PmY{BJr^&)&pn(W>daI;>Ia3WqgcbNKrZ4 zSL#vG{*lQ%puxoN#o{&^3j$c)$HdLTh@*nEWRz(6C0iu{u#GFz7F#fG(JyJv%DJr5h~(PZ^RXsT+$vT;izO8rlNSq` zFrg-Y9v+Y&r^C28hZ@1!D5YpygHh7yMKuq1xkg)T7c4X8m|w+=bS>U@AkVOlvS*rW zorZKtH=(Ma=4vfL*2C|Xe6c*%g&vr*cdW~8G`%LnGxVs8WH!?5S14g!+SnUpZ*^5s z6riZ5M1i;BV?LF*h9L)0(lWgJH!QDL>Qu7ON{tH1UJWId6)7}V9me<)kP*-OMnG&C zx0HGw7KF?Ny2R=M9zE#kNin~QbfIzLJiMCQ&@Z^Mm6=j!c`lj6Pl6z}9#1-MG~0B||>v4o+wx zp@H@-u5aWI46A<&Gm?~i{pMmObIavbOyQ%SNoUu!y&RP+q+TmI*1~X9=RqraJr&vw zEa^k6>OO+7lcV|?hD_o6yWw5oLKD+E=0$$;+q_A3ygbny)_Ku$!gQFv;WpZYOEoFl zITO0tKlK!F^q#~yQ4E(*;>Il%rt%H-q%$o?x`Rx@sUsfQdRn{-r+tb2?@#!kfVQFj z5oA{EH62;EFt=7p6p6Zvt%GH}YlI>hO%tE<8)#Cu_6pGxoPttilE+{c!9}}=2ct?4 zo9;|W%zBy*BapsAAXF=*v2Nvr;Xir0Pu-HzqY@~S30|XADOqB=tQ@7JaN;;2^bgk)_dTXg-?SWg<9`*b;>x4|144)+0i5#(;>ctASl? z&jvlwu?K$9^tEvhM?k}G;;mZq#uGpq;$Ft_w2>x|{x%cA^@|B6%`~Z~DV2>T$>*)& zbj?K?S`{Y2(Xkd6NEUS_(Tz~D)JPf4mC0;cbjdDk*9#A_IBl zteZ_D8@1|}Qfxe{C#=`#xUAc>t9Nl(4-p&4G3EZS@kaVe2{t>6mp~ofwTE^fK&lF* z>~u*6!*V8&dddNtV4%Ya(O65RGMKj8oFO{)KE8yzhS&+Q!Pr1f&}q3&aQ0QgBYg(> z3JtCu2-AeG&QmM6NKB^iw#}!sVjOJsnj&l@Bqh;$8Q0`mk|85o_kPW5vXD_mmBvzLb5ziiF&I)LlA9-qpj$%( zzcpLXxE5YcG@klXg?MGKOS^#WL?r-8rwdeLGFy)}_4?qdpbVns^@A&+4W|1N%5N!H z;?`^o=S!IB)f2P_5ZjD)tq#M<&_oUq$%Yl$J#;17J8tD~lcmu-WNB_xAq@o*$$2nO zosV%hmUe37D2bq6kc$q6Ka;p+@Y^hl6(wq?dr8RB1aQbGBT zA?b6Pe&dht?&Tiop9JsT-trD;lkmf!gC|#o=^7oj|0%)^S0_oHmBzxNc_m|5RC~co9CCy24sD!{#?F}d z4!~TEh5+D8IdcQiB7LVcIPaGBF)2P~2fZ+P*XUa>(1SG1!iTB^M))E!@L=^ianx0| zs|thRkHHwTiqeLhpsk&avC7+_7lm8d^IR@J2#JcZ%T3bsld=StSJcw*MER%r2dV~* zm$p)KMqz7@V%##8c$U}izM$4hD#lRRCL3y6sm~J?r}uQ7Wf&&C4#P-YcNmt4g>rhE zH>yBDU^B|16_(k79qV<>fvx$#`?8lvd%8f+Uj@Q|l{4zBsoDc`p{b}Ec|q|cIW48V zCaHjZpX^1Sl<$C(Zw9NnN~&O=fmp<&5iW=zGw4y1t z-xmfMB-S9`kLTx$V{{z(u~5MU`2vw{cNO? z?4}GPV7nv;$wGRMu$ax`gRv;Q1?ll^Ax+nO2GMmwR=-?Tzz%E4I_jO|*n%$_^NS;U z#f`JZ&h)5~#k6Ada{Ld?Jcp3^+hdlkoWhpJmanvVJydAGvXWR>v#IU^aAzF&t%VX_ zpxr)K=lM#J=(+mJZfJe{LCwS;%?E1xhO<K6^bTHuvywZM?(r=-`=1kwz6N)|nX}kB zcif$RyE~h#!&8E8Y7=(_%Uh#YDGkUfs`)?@S4Oo6FV@lrsl+b4&DgD&0$fRH{+RdRJ zT(s+IJmaKaDdu87PaEX70L`b6%2T6B<+i8_wg`3GSl1sWj?5;};Cz#Nd$LzjH*cO; z$WBZvp5G*^3jT~$>Z8>>#8EmgwB%q4R(&P)d%fsLR?u{~w7SV|fSXrL5abMPx{hVvY`m^ZB8BQaqbt$R_ zN@*lV19LoJ99!9XqHLRm_W{*4Fd3RDNjEGO+(yT}$%`K25FZpou?ikp8N(VuepLkfWP=YyxQG}WoAsRw83ozjin zyHa-O_0O}UILzYw^}wQrQmvfa7=+R!M=&OX(zK|QJjgF`aKM^skL}T)JMR?v&iw(2 z9TfS#%$J%sKO1QzoBFY8EnRvPJ9%2wo-ozIO2s35*Bi2O2Zk=j!#72SLzbsQhCHE~jFU*CR$|aAK2R(hMoafk%8IElA-hi1cx{{I+JP@qfB8TACd%VdPItN#|;lpD?&Up6pBmx9Y^3%s2;pkS|J z3U(#~7(XH%chUrvGqb%4oLT^|TvevjK zpc~|?J7NcXLbw!=^^g%AEeiY#W;%^y?EDcDZN@Y-z!WB`PE5}Hkh9kb{CDonx;}4I zgTjkGzH$*mh9QTPxlQAg^ZBt$)dl7PW9vfeA}9E-t`*;>@OsGdyO`r8b6?@ql=BhV z>U>OHeYEYyzn9~R@vgV>Tl#c%J=7e~b5%adZ>Qm^^FpSi&cHgBv4P+m`V6EI7^(36 zUg9kgrG0eAtS4>_*_}8y+>v3|qI5uO#rbt_4A{zM9MeMMz=mvr!8(&R_T-|+s`OiN z1Hq-8Jr(@m7E?58E{EigW0+H|1Odx_oj+qs?0z;f$Kf6tiE8+EjRtkgEc=^4#Ll&0 zr~}CESR0w%BXtElr*|;Bj#JbHc>G5W+H=)*!wSF${s3BDBt)mfE}YTXS^K7ZGjm2VLctX z2h*P4Yt<9X<54tC;Ma}u;l@;2BQNlhDt_}_rM5!L-oU!C?FMJYZ2l%^nuKijcfloE z@b+!NjXAa@PdZ|^ow{nefnRlKHIHT2>s;q0zsyg^PRPDtTyfHTv>pRoa2+XuC2WD5 z5e9tkyrw)c%;WX zP1?0fB;|;3CUf`oXS~s`3-%Yt0*(!T0fZi*Y2OgydzgXY<`u^cUfBM$5Z&3SooWQ% z?!$4VFPtR6pHTfKQsZAMSnPLr*g@LHG*0UZjUy*F-s1yjG)n^==MVhMdPJ-C6(s+c zv_!KVV!SghhY9BXe)FHPJO%?EuIyjExyrBJoZ`QEppZ1S`VY!p3YJ z9sgbNO8Rus0-r0p`?)UG$Dx?n=UmC|nXdyfA)s;cc4zwU_k&({13BO4*Ha6C>pn81 z76X|9j@X~{IC~g)hcgaxc&S!oa$#vn4#?z0N?Apqc_ia*xsc(p#xR%@W+G?A65%W~ zgRnHz_$LJjC4Sj}05K4CB+a-~{es>i=1uOAmg#T~>OGukXm{maBN#*OlrY&C(NIjR z{gOpy%Tf7;^x0CIvo&e#ao{dlin2>#en%(vi>ohS5iZrmL;{bIvhc2!j#?e~i+dIyE&b*czEL z1We49G)g?Pnb~>?CVy4+8H7{JDru(jDM|LZx!4xu$?XbSGTC^_PO`|juiSLIkbrVX zvXEjtlm#qE7K=3MlvQ#kUADUG3$ngpQ6IA+gvP({o(XrL8K`#L9S+^NJ6@`BrysgW zXAs_aVK$Oav3HnMkllI6a{7v6dC__?>27^g>@DNK z@edfT(8Rn&O=r7buwzCtg}(a3jVt3TQ^u9Maam?x^G2>1NlhzsZc4q<(VTZ(2X|bN z6pA3d4@K6+I3GTDv6552|Ka*>eQGEuC{O0{G#sKccAymT zZGj~$tKG=BZnw7ql^#_OBZk)VA{J}vLjB?>Y@dG-Tnn9Wbe;+GGt9vAQH-uZK`LCa zT?${T{h8EDwwBrnM{8C`O5-BRQY&5S<%mC*S_urZ99_OmN@%8=RJ@ zY{R7!jMk4@^OkuLx(RfbF3|Erg+M|;2O@|N_Lzz}xz7esSK#ASLNxYI~^hI|ag)ND6|3XlJ_*-evhgeWrP|(Pqd;_;@w&Gl6tg9yZVQak(6&I&FH4 z4RyX{Tv!Rj4e$Pv0sUOY*3#8rP;IU|_8^gW>YiF>HI0WHngaH-ZYVcnYOcrkI;r zF~k}JT(xSU^wJkYyo-VE3-fe&?}t@{6i$?~u;?u7e4B2fYx^0>t9^2i?p!GDY2j%j z)U<0psp?AbCN8~s| zGikl_9Mj%u#!qR6(c*P7v+7*M8t6=w*v!^^&aMz(QbZTIyWD#O0(_3oNNL`$O*C`= zR4)gBNnG;69mDze!zl8CrNAlZ+l4P7OfX2jm+Az@nZ;e+H2B^jA9X2c1QR0_TmaFA z0oFhs>rKna;NqzO0h_PMf>A(7Kwuy-Oo8CM&hTHMeF2Ft-70q|@A&rQSnRLhB}EGp zCe-a*{9sFch`15dQvcVt=4HvNfz0RD4{&+j>C9Q#$O8~!@a{C6c@&elZQ z!uEf0Q+^Bl|F$v=R@9N(U_jxql|rtsGy;9@<2}vI)Fernoa68_QCgh<rv#*07Z)RJlq%u6s=i@X24)|(jyQCq|dfyW#db>!qt28 zpX`RiWqynb@!h%zY6Xne8*btK_2ZcQ1aYFw^#@VRMU`sgp3s4DwaJ%oVqMp!Ei1VB z9L*X-g?J_we}jFjEuIJ#49%5xz*nIZAYJwm%xBPtb2~d^=`P_=f&&lnUy{YoicgWf z3LV;S(K93|J~U8?x*g0v#S*a?EDfSGviHb7XzK#D6fp{u#drleBvD)V9}m{7IlWD;MrVskTn#=!^K!5CHWMg#sme> z@(3#rk(KWs&f=h@1`mQ4AvFW?Z~O&ma| zUhJJeu%+VJ3<*&LBZU}CaK#93sIia+-d zR9gA*!lQeZZ9n?#0U>EQb{(Bvo)wj(98_sDYx%!Kc$`1WeeEp;S~nj<^%)F>BC#W{GEL1NS6L}R zcDw|80AImnoqOkf8A!W58%Q}r@qR9MwSF)6oHF>VR+2p?-lSVZUehshBwmwqW?f#f zoFM8~!G7CIBzcX~Y7k|VRub7WDe~@wTh?mHS1@15oqevD+b-b&%hVuzj(%V6%RyGi zU*0gFmTFl{(8X)I&S$@mNRzo7HRW2IO!o9^MbM6YVEK-C_^_c(pMI@P#5Wc^{s-ZJqjHd@uzsi+9I9DFJRHgQM(RWD*P-_!ZNhz z>^yPv0429SF^9S>zCT)9p*OAAG(x~eCS1VMBEk9*B}?)$pQQZkOdAWFsh}V#s2xb8 z&LwHAT5w=!z6t_JsYQeZ73y0Wp`0SH2t7f_KYP1>#xS|0X18bwJpnyP%ALxF3KGz2 z?7}av1Z5x#srKL>T{idC(<2>v4JUb*(5hq&EdCb@m%<2ea49FA((()7JJhO>Gh#;g zP9*rlC+|KN`kl_;0z%XC90$=GamuGc5`s)(@^T=_-JIHP3I795L@{lmP-BW_f7NN8 zN^#mh8Qm#*2d>vk4cKgzaUKi`Y>YpdL^V0-2f4_3)zoJ2TxZ-`c$IkjqyidSSq4A%9PQ^E)EWR z(kd+}MEOwT##55 z%yY49_6As0^Y0#Y#UgbEEyYNib-Dw{$TGr8ttoHxMXsG-_XBb>ESrqnIrUOa!y1cE zRlKp9oaaRg_ktxxClU6^AVka{U`{Aj9+ojPs~&>xPaqY#1kt<&Ri`3GCwRGKk_I@_ zkwsee+>%l{?32bV@GH010XR$vHX9LIFyiT`-hkX=2YlV#+HX2QXK2nHIT~+PuZn`J zJI&x|v{Oha`Y7@-xA_lBjwasJ;=< z^pxAXR$gQ7oo9iJyv}0C&~1sPUbBLOv!*5eUR6o9Xuc1AD}-qVA3#R%ZtCjldff7p zzJ<@%;|p%@X9k8=n?9K0&kY4eG2N!0LC3Y!$g$6MH^TE#uhUg=9BuXHbsc?&HYMSc%*_DoKsPHAlYF(ASNB02 zQpfeL_t{2jwx&a|G$tOC^<r*RSQAz&yT&nm>|G2xx*c z*;jYmd4$1B&nhcQ?qBX+dpY>jPKvij65~{JvxRZ<=v3R@>ap-$wl!glP2rTvKa#z; zG@-eul`)YskZ47$FR<}$UP8il2waqZ1--)tH|`O}Vv+U9q&ErEMA8%?reh;U^slP+ z=<=GTan7O%f}g_Y1u1~V&6M=wzN21UN{?ICxz|4Sg0Xx4ui;kdmtfI8JE!OS`)*PB zyWoG9jEJ%Tt%R&7y{w$Fgpi2O6b~E_AwtOBzaTE@vfy1T>`S&xcfd9Pe+NPhHwYLc zyBj_0svhzkF4Gg@fTBz{njzsgg?SuIFr&%qTKpJ&y^mKD^ma!#&^>7z*cjw0MR5b8 z@;K<=W6b&URJ2;buRT9EZ3-hlxBVYnYa%CJi!Cp;>j9Kx4ZCC%x&JeG{m-qY59vvG z{qB+C*UR>o67qkxD*d}rStXGzO&dGx5yWp@f*%8^+)|J%6LOjL;kQC{$NuF!7>R0Z zkhj{-4dNEwZKe*l{8hajGgH0TLKE~aRYLQsg{$k!PVR@vNuN8eyRw{#s>&6~&bg-Z z?DzdL&>#6_i-pJ|isgY?pSRC9+m?^ChmMbpx0jn! ziPilHXon)rtqVY;_Q+clz6Se-bbG5c7sCQ$dazA*dDnxWOKgSA?z;W63a97t19O#WK zi_v~nN2{))D$OmyA}tfE^^eO;^uHV@4=~DyO*yVu;OzV_#*i2jROl^(|D=|L5Su~- z$T!dvQi^}pqL>{*mLBQ3xag~5f5aK#+c7QJsU`Wsxk|;vD{;qw*4Wqoxc+thgO6mL zjjZby3T!na10vX+q1k+tXb63hz8R%!2ijh+{G~-(J%Zj~Y;l(uFBp!kz)* zCy;FsitCYafNYQjCK}c^$~ENkiLDY8q*^07LEp=rouNNIb+30DVRUEG^D?8KT6bV? zQMI-k`=t3C$2|niUFh~$9yL8A*M4h7U3km6|5biQdO!y5CW2wZ3Yunc*RP{y548y# zOWyL&53BlPw{L4slsApNd`=POxL*B ze=2wxSKB2K8H&9M;&cN0GE-~vq&lJke0%Q(51l}?RRkl+8P>^#7!`u{jihzQv!dt^q+EHitri;~TC z-Hfhl7jkW)%!JIYnHBwP%H9+zE6L6#Wyb$_e)YS#_^0zc*SU}9Ij{Hme!kpX(6E*(!+>{_rg&!M`ggxZ^M8UDY-nT%kz^B2uf93lr{iq+!01p;z9-*HkPa zH-l|Fk4?&HpIMtMwK8XNeOSVR{JEgkl$XveXg^p%$UQQ&Fnf@heUmt+l6An_$_R3T7>lU^=4PQ~j`#YBZ6y24!Fv9= zE>#n5DA$-kecMuP6ORT3$z=_tOTrb(feVeSBP=6|NVYi$wU5aS4&^^~A~u3=Ypb8G{uNI+D%S1M)9gA>WQkJE1i5P}hYaxi7C762wvLXXJu z7!xHkzlRf}C&LLjwpU6@fix;Zq2k|8mWbWNiI&py{^vRoh2LXrQ~Ytu+NO3)8B!q} z>Y;4R8O20A;kmek3*z1JJJi4yC;xo;02z^UmKBKUZ?o%@u+FW$bB=terq_3|sb3rv z=4g@ATYybc!kQ$0;?;@Ck}=W;Dayk0#gR*!tJr2+qI2tt$#mcjAr3;)>sPA8uYQ#& zh7<%jZ)%%nltdJ)@75_mZe$c=;m~kKGm>%yPP?-@@f7cr`;ka3y%^LNXSeiGWXWq# z9VBIxan_*K=-=g)Z0xHUWMh<0euoghyn<{CKUbMGS_ZF}&%7ZZ7Sfe{L6o5OT|%!$ z`TdegdQeM66sMZi0CQYIq^?6jF{Kwd0b`oB5qJ1Vd&0Aaf>rqaq)+g=BU&+xTuK=} zw&*o8QjMKVJgwG10GVs1<0Cc-bW^qqQ)b6qW!hCsr(SI(VAPA)X@5<1d$;Im+hwwn z#xh8bK)Ir=oY~DC7hx~*grPD`V#h(XTz6-$_o?eR5Mi&@49Q24epDa*^sD+ZJ1-10 z#mhdodD3G>-}ND#C)P@b8!X*h-_6o=OCccKZ6il&SxHbuoY@fRM3^YYtHRmn3^EfW zIaghMrX<^j-*D;6`LZr67d(~Mapq>+5+ajps=1`I@%{p;P(zhr^ggB|i;r>SwqY|cAMH%B~uV0^AV`1QOgY$5I znVK$+xYA_0yqut3^ra7MpRBcqC4lMvs5#_xjgWj%Lk>(#;}zIIRO>Fq ztjtCz5pn*5y4-VT;5sY=vh-eD_;^mPbt`j@md+1@&3GVPoUZp|Vg2l8H*^$5`pg4p zygqwZN84XdWzI=UYF`n}X;i&Y*?0+44nH+MLd)ayK#GF(&gG{5Z4IXmk(8S&ej0)i z?;sE2w>F;7QlD6{H>uKQ@iz}li;<6B*2Sm`dLz=!8=pJG^*E2TIEpYPvmfi7;smL# z;tWg77WPZ?$|aZ2w?IkHKEjiFg2l58ov+z+b9~7>6CZ+I8%OinL__#Hm>eX>QB+&> zIDKa#F>17e6j(#y=sI1=I0eNiVOO}FuZ7}s`$BxCp4 zhVPNol1dzf(CJT)@zc5m+H6x-rIeG%$fJc2J^~j$jB16Hv#37Xv>cL&xVHQ>kiXhB zL{7|G%l!^_F_@Jg0XPsyA$s2a&RrpGD_3OZPJ)sq(oPtX|h%^uvjgd znH4Bg8JVuT_bSzVEtxszD|Noa%k!t)vYGt#^90uDvrJn3jf1&{!#a7c`QG$>M$*rs z%9f~>dwX(tT%(6bofAfs9e`EgUZtTs6*PlaSIfSqExR z9}9uHi^-c-j&_Hw5D-ksAx~wTn~+y0Crbm@Y9@NEzvlwQ-p-gu;6(3rf_69)KrpIRF&6K1G#gl`6~^Zs>-F!2KJ9&-X6UVIwa~Xg(Op^E{uY-iD#^Z9#IEnG*m=f)wmm&} z$2uzRE$^&+{|>j8cvVd%R5BrSLMXpsVidBxwlRwTRAGyHm07^Z(4M;EMi2SLJ{t8Q zpJ61WNl~un%5M?!n$7_eKI7g zGewuqpM4XT`>uX!qx<4^$grt;yQIOYnFm#m$QibBdvE*svnvT%PT4QT1_JnaOYXLb zEZPguR4wIGxsp;Sw+&mB_0keAPesMyC}>F(uzOO8&XhjF=hMuMv5gnL=EFt^o=wqv zuI7{WZl+R6dhK>MN2do;eRC&vij-eudNm@J{y|A~jj$@9iO2RnB z?Io5rr?^K%p*VsshMM0wYDu<@eK@so4W~qhe~cG*B#@`TM52%(ZtPkkKlbSgxsh~1 zI+hIo(r=OXT31A3dipjCG%TYZo^q1gm07Dn;`FI)5<%37CZ8ENe(iMqU`X9F=P2|= z!BetRa4;7+%>2SX+~Q8!g4`@w^xVLUF6=Y8(B?7QeP1;soTv{w5n;T7!F zm)dw<{_|u|l#PKYZf@#oDQSZmdz+*8J5bcNl`}|UgOi^l^dJ4Xr}@pF`d1A_TouX1 zR7^^xY3RtxEp5O-v4j%{Rm|10dCgbRv z!aMJu!lAW{Y+)*wxBlwO!=H}mWuM7<^X*6fOet5@5U!xs5L8{iIaqc4zFsM~hBuP` zZA?CuUX&BCJucO7srwcsZ^!ONgiQ-AF2=mLyOO4-wZeUKd*_B#e2KNBG99x* z1UzMRVe%7^YM<}ocHtUhDb4aN;{ramkBt_zY!%AU63;$w*hDnEZKWO`n-oTT4OwY+ zTsT+V%qaEQ@9KTZGrd$()mc4}@vPnNt>fb4^P3&ojlZvN=xo;(O27BvTg*3=T8c?$ zFG)`XMH?3dU%AWZ!Etwoc9DdD+8a0N)Ab~At@|GXu0H0wBBD2WooS7zJ>onJ-i;e# zbTMG=N7AOncfzx~qYInV^+XTE13ugjLHg#8xhAD*yKECucCfcni7O56%6HPWlz$jb z&>~|@?YV;GjrH02$8Fyn3C)c|9r#`nsW8w=~Vh4-u)Fi((U0aGCG@Gv02t9s5B za-|M{SLLp9Ypik|Novf=l7`FH2a1l~aOPe8ZzmfowbDszUAp3trK8R}wH_y$Skv;P_XOKq97rO7Z7798Ud$sde==kni(^|Mmc*sCL)>FID@F6Wsi# z#|3(piP08%r2*M>8R%c*`9%cINQA@nqoGh+m<=y5!-{Y=1DWF#Q zJAor=3~T}-7{r8uv4`XP6(8V?L@=oRmB8Uerj9-`(-sKM&Vh=v4*LUM?T$L^$W}Fk zzHtK&;JN~F*}Wgi}m`6tj9 zEWlld0!_)~ePoS*Kalmnrq&9k4pxq)W;XxrK!RT0T^~g}F$N++1w?z#-Qd@OMAQfU z6<^lQ5$<+)8i=YwXZ!Y|ehLEvsP+FHNQ6u1UukH8Ex~ZGojLfY=R1001W8O-U|Gc)|Jg!V$G3_c<`wI}LjErF!;0qx?YeJZk1f1`3RSW3Xt2z1EabP}k( zH-Lcg?xSxc9HdJ*xY?Qiwyu-~D5OW^#2(yb^1X020ImQ6w7+fOPCgzSFth+!!NI17 zSJmgUO>_JnL>d-_8kPH@5OXP zsYl<^2?cHH|1 7 -- import_tasks: access_log.yml - when: tomcat_access_log_enabled -- import_tasks: pgsql_jdbc.yml - when: tomcat_install_pg_jdbc -- import_tasks: not_pgsql_jdbc.yml - when: not tomcat_install_pg_jdbc - - diff --git a/library/roles/tomcat/tasks/not_pgsql_jdbc.yml b/library/roles/tomcat/tasks/not_pgsql_jdbc.yml deleted file mode 100644 index b029a4c9..00000000 --- a/library/roles/tomcat/tasks/not_pgsql_jdbc.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Do not load the postgresql jdbc driver on tomcat if not needed - file: dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=absent - with_items: - - postgresql-jdbc4.jar - when: not tomcat_install_pg_jdbc - notify: tomcat restart - tags: tomcat - diff --git a/library/roles/tomcat/tasks/pgsql_jdbc.yml b/library/roles/tomcat/tasks/pgsql_jdbc.yml deleted file mode 100644 index 1456dd1c..00000000 --- a/library/roles/tomcat/tasks/pgsql_jdbc.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Postgresql JDBC -- name: Install the jdbc package if needed - apt: pkg=libpostgresql-jdbc-java state=present - when: tomcat_install_pg_jdbc - tags: [ 'tomcat', 'tomcat_jdbc' ] - -- name: Configure tomcat to use the global postgresql jdbc driver - file: src=/usr/share/java/{{ item }} dest=/usr/share/tomcat{{ tomcat_version }}/lib/{{ item }} state=link - with_items: - - postgresql-jdbc4.jar - when: tomcat_install_pg_jdbc - notify: - tomcat restart - tags: [ 'tomcat', 'tomcat_jdbc' ] - diff --git a/library/roles/tomcat/tasks/tomcat-admin.yml b/library/roles/tomcat/tasks/tomcat-admin.yml deleted file mode 100644 index d1e0849f..00000000 --- a/library/roles/tomcat/tasks/tomcat-admin.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Install the tomcat console management package - apt: pkg=tomcat{{ tomcat_version }}-admin state={{ tomcat_pkg_state }} - tags: tomcat - -- name: Install the tomcat users file - template: src=tomcat-users.xml.j2 dest={{ tomcat_conf_dir }}/tomcat-users.xml owner=root group={{ tomcat_user }} mode=0640 - notify: tomcat restart - tags: tomcat - diff --git a/library/roles/tomcat/tasks/tomcat-jmx.yml b/library/roles/tomcat/tasks/tomcat-jmx.yml deleted file mode 100644 index 5d9d20e7..00000000 --- a/library/roles/tomcat/tasks/tomcat-jmx.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Distribute the jmx authorization file - template: src=jmxremote.passwd.j2 dest={{ tomcat_jmx_auth_dir }}/jmxremote.passwd owner={{ tomcat_user }} mode=0600 - when: - - tomcat_jmx_enabled - - tomcat_jmx_auth_enabled - notify: tomcat restart - tags: [ 'tomcat', 'jmx' ] - -- name: Distribute the jmx role file - copy: src=jmxremote.access dest={{ tomcat_jmx_auth_dir }}/jmxremote.access owner=root mode=0644 - when: - - tomcat_jmx_enabled - - tomcat_jmx_auth_enabled - notify: tomcat restart - tags: [ 'tomcat', 'jmx' ] diff --git a/library/roles/tomcat/tasks/tomcat-log4j-logging.yml b/library/roles/tomcat/tasks/tomcat-log4j-logging.yml deleted file mode 100644 index cc11deb9..00000000 --- a/library/roles/tomcat/tasks/tomcat-log4j-logging.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Manage tomcat internal logs with log4j -- name: Install log4j - apt: pkg=liblog4j1.2-java state={{ tomcat_pkg_state }} - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_log4j' ] - -- name: Install tomcat-juli-adapters - copy: src=tomcat{{ tomcat_version }}-juli-adapters.jar dest=/usr/share/java/tomcat-juli-adapters.jar - tags: [ 'tomcat', 'tomcat_log4j' ] - -- name: Install tomcat-juli - copy: src=tomcat{{ tomcat_version }}-juli-log4j.jar dest=/usr/share/java/tomcat-juli-log4j.jar - tags: [ 'tomcat', 'tomcat_log4j' ] - -- name: Configure tomcat to use the log4j system library - file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=link - with_items: - - log4j-1.2.jar - - tomcat-juli-adapters.jar - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_log4j' ] - -- name: Configure tomcat to use the log4j version of the juli library - file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/tomcat-juli.jar state=link - with_items: - - tomcat-juli-log4j.jar - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_log4j' ] - -- name: Install log4j.properties - template: src=log4j.properties.j2 dest={{ tomcat_catalina_home_dir }}/lib/log4j.properties mode=0644 owner=root group=root - when: tomcat_install_the_log4j_properties - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_log4j' ] - -- name: Remove logging.properties - file: dest=/etc/tomcat{{ tomcat_version }}/logging.properties state=absent - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_log4j' ] - diff --git a/library/roles/tomcat/tasks/tomcat-logger-logging.yml b/library/roles/tomcat/tasks/tomcat-logger-logging.yml deleted file mode 100644 index cae8c9b0..00000000 --- a/library/roles/tomcat/tasks/tomcat-logger-logging.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Remove the system log4j library from the tomcat libdir - file: dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=absent - with_items: - - log4j-1.2.jar - - tomcat-juli-adapters.jar - notify: tomcat restart - tags: tomcat - -- name: Configure tomcat to use the standard version of the juli library - file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/{{ item }} state=link - with_items: - - 'tomcat{{ tomcat_version }}-juli.jar' - notify: tomcat restart - tags: tomcat - -- name: Remove the system log4j.properties - file: dest={{ tomcat_catalina_home_dir }}/lib/log4j.properties state=absent - notify: tomcat restart - tags: tomcat - -- name: Install logging.properties - copy: src=logging.properties dest=/etc/tomcat{{ tomcat_version }}/logging.properties owner=root group=root mode=0644 - notify: tomcat restart - tags: tomcat - diff --git a/library/roles/tomcat/tasks/tomcat-pkgs.yml b/library/roles/tomcat/tasks/tomcat-pkgs.yml deleted file mode 100644 index 20153177..00000000 --- a/library/roles/tomcat/tasks/tomcat-pkgs.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -- name: Set the tomcat version for ubuntu Trusy - set_fact: - tomcat_version: 7 - when: - - ansible_distribution_major_version <= '16' - - tomcat_fixed_version is not defined - tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ] - -- name: Set the tomcat version for Ubuntu bionic - set_fact: - tomcat_version: 8 - when: - - ansible_distribution_major_version == '18' - - tomcat_fixed_version is not defined - tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ] - -- name: Impose a tomcat version - set_fact: - tomcat_version: '{{ tomcat_fixed_version }}' - when: tomcat_fixed_version is defined - tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ] - -- name: Print the Tomcat version - debug: - msg: "The Tomcat version we are going to install is {{ tomcat_version }}" - tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ] - -- name: Install the tomcat packages - apt: pkg={{ tomcat_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800 - tags: tomcat - -- name: Install additional packages needed by tomcat 8+ - apt: pkg={{ tomcat8_additional_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800 - when: tomcat_version >= 8 - tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf', 'tomcat_javamelody' ] - -- name: Create the tomcat tmp directory - file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} - notify: tomcat restart - tags: tomcat - -- name: Create the catalina temp directory, if different from the default - file: dest={{ catalina_tmp_directory }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} - when: catalina_tmp_directory is defined - notify: tomcat restart - tags: tomcat - -- name: Configure tomcat defaults - template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }} - when: tomcat_install_default_conf | bool - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_default' ] - -- name: Configure tomcat server.xml - template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml - when: tomcat_install_server_xml | bool - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_serverxml' ] - -- name: Configure tomcat web.xml - template: src=tomcat-web.xml.j2 dest={{ tomcat_conf_dir }}/web.xml - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_serverxml' ] - -- name: Install a slightly modified catalina.properties - copy: src=catalina.properties dest={{ tomcat_conf_dir }}/catalina.properties owner=root group={{ tomcat_user }} mode=0644 - when: tomcat_install_default_conf | bool - notify: tomcat restart - tags: [ 'tomcat', 'tomcat_catalinaprops' ] - -- name: Create some directories that the package do not creates itself - file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755 - with_items: - - common/classes - - server/classes - - shared/classes - tags: tomcat - -- name: On tomcat8, create a link to commons-daemon.jar to avoid exceptions at startup - file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/{{ item }} state=link owner=root group=root mode=0644 - with_items: - - commons-daemon.jar - when: tomcat_version >= 8 - tags: [ 'tomcat', 'tomcat_conf' ] - -- name: Install the javamelody dependency jar into the Java shared libs directory - maven_artifact: artifact_id=jrobin version=latest group_id=org.jrobin extension=jar dest=/usr/share/java/jrobin.jar verify_checksum=always mode=0644 owner=root group=root repository_url=https://repo1.maven.org/maven2 - when: tomcat_javamelody | bool - tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ] - -- name: Install the javamelody-core jar into the Java shared libs directory - maven_artifact: artifact_id=javamelody-core version={{ tomcat_javamelody_version }} group_id=net.bull.javamelody extension=jar dest=/usr/share/java/javamelody-core.jar verify_checksum=always mode=0644 owner=root group=root repository_url=https://repo1.maven.org/maven2 - when: tomcat_javamelody | bool - tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ] - -- name: Create a link to the the javamelody jar and its dependencies if the javamelody support is enabled - file: src=../../java/{{ item }} dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=link owner=root group=root mode=0644 - with_items: - - javamelody-core.jar - - jrobin.jar - when: tomcat_javamelody | bool - tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ] - -- name: Remove the javamelody jar and its dependencies if the javamelody support is disabled - file: dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=absent - with_items: - - javamelody-core.jar - - jrobin.jar - when: not tomcat_javamelody | bool - tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ] diff --git a/library/roles/tomcat/templates/jmxremote.passwd.j2 b/library/roles/tomcat/templates/jmxremote.passwd.j2 deleted file mode 100644 index cfca21cc..00000000 --- a/library/roles/tomcat/templates/jmxremote.passwd.j2 +++ /dev/null @@ -1,2 +0,0 @@ -monitorRole {{ tomcat_jmx_monitorpass }} -controlRole {{ tomcat_jmx_controlpass }} diff --git a/library/roles/tomcat/templates/log4j.properties.j2 b/library/roles/tomcat/templates/log4j.properties.j2 deleted file mode 100644 index 12dfa954..00000000 --- a/library/roles/tomcat/templates/log4j.properties.j2 +++ /dev/null @@ -1,68 +0,0 @@ -{% if tomcat_send_to_logstash %} -log4j.rootLogger = {{ tomcat_log_level }}, {{ tomcat_logstash_logger }} -{% else %} -log4j.rootLogger = {{ tomcat_log_level }}, {{ tomcat_log_logger }} -{% endif %} - -# Define all the appenders -log4j.appender.CATALINA = org.apache.log4j.RollingFileAppender -log4j.appender.CATALINA.File = ${catalina.base}/logs/catalina.log -log4j.appender.CATALINA.Append = true -log4j.appender.CATALINA.Encoding = UTF-8 -log4j.appender.CATALINA.Threshold = {{ tomcat_log_rotation_threshold }} -log4j.appender.CATALINA.MaxFileSize = {{ tomcat_log_max_file_size }} -log4j.appender.CATALINA.MaxBackupIndex = {{ tomcat_retain_old_logs }} -log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout -log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n - -log4j.appender.LOCALHOST = org.apache.log4j.RollingFileAppender -log4j.appender.LOCALHOST.File = ${catalina.base}/logs/localhost.log -log4j.appender.LOCALHOST.Append = true -log4j.appender.LOCALHOST.Encoding = UTF-8 -log4j.appender.LOCALHOST.Threshold = {{ tomcat_log_rotation_threshold }} -log4j.appender.LOCALHOST.MaxFileSize = {{ tomcat_log_max_file_size }} -log4j.appender.LOCALHOST.MaxBackupIndex = {{ tomcat_retain_old_logs }} -log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout -log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n - -log4j.appender.MANAGER = org.apache.log4j.RollingFileAppender -log4j.appender.MANAGER.File = ${catalina.base}/logs/manager.log -log4j.appender.MANAGER.Append = true -log4j.appender.MANAGER.Encoding = UTF-8 -log4j.appender.MANAGER.Threshold = {{ tomcat_log_rotation_threshold }} -log4j.appender.MANAGER.MaxFileSize = {{ tomcat_log_max_file_size }} -log4j.appender.MANAGER.MaxBackupIndex = {{ tomcat_retain_old_logs }} -log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout -log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n - -log4j.appender.HOST-MANAGER = org.apache.log4j.RollingFileAppender -log4j.appender.HOST-MANAGER.File = ${catalina.base}/logs/host-manager.log -log4j.appender.HOST-MANAGER.Append = true -log4j.appender.HOST-MANAGER.Encoding = UTF-8 -log4j.appender.HOST-MANAGER.Threshold = {{ tomcat_log_rotation_threshold }} -log4j.appender.HOST-MANAGER.MaxFileSize = {{ tomcat_log_max_file_size }} -log4j.appender.HOST-MANAGER.MaxBackupIndex = {{ tomcat_retain_old_logs }} -log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout -log4j.appender.HOST-MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n - -{% if tomcat_send_to_logstash %} -log4j.appender.LOGSTASH=org.apache.log4j.net.SocketAppender -log4j.appender.LOGSTASH.remoteHost={{ tomcat_logstash_collector_host }} -log4j.appender.LOGSTASH.port={{ tomcat_logstash_collector_socketappender_port }} -log4j.appender.LOGSTASH.ReconnectionDelay={{ tomcat_logstash_collector_socketappender_reconndelay }} -log4j.appender.LOGSTASH.LocationInfo=true -log4j.appender.LOGSTASH.layout = org.apache.log4j.PatternLayout -log4j.appender.LOGSTASH.layout.ConversionPattern = %d [%t] %-5p %c- %m%n -{% endif %} - -log4j.appender.CONSOLE = org.apache.log4j.ConsoleAppender -log4j.appender.CONSOLE.Encoding = UTF-8 -log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout -log4j.appender.CONSOLE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n - -# Configure which loggers log to which appenders -log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost] = {{ tomcat_log_level }}, LOCALHOST -log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] =\ - {{ tomcat_log_level }}, MANAGER -log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager] =\ - {{ tomcat_log_level }}, HOST-MANAGER diff --git a/library/roles/tomcat/templates/tomcat-default.j2 b/library/roles/tomcat/templates/tomcat-default.j2 deleted file mode 100644 index 698f4366..00000000 --- a/library/roles/tomcat/templates/tomcat-default.j2 +++ /dev/null @@ -1,71 +0,0 @@ -{% if limits_nofile_value is defined %} -ulimit -Hn {{ limits_nofile_value }} -ulimit -Sn {{ limits_nofile_value }} -{% endif %} - -# Run Tomcat as this user ID. Not setting this or leaving it blank will use the -# default of tomcat{{ tomcat_version}}. -TOMCAT{{ tomcat_version}}_USER={{ tomcat_user }} - -# Run Tomcat as this group ID. Not setting this or leaving it blank will use -# the default of tomcat{{ tomcat_version}}. -TOMCAT{{ tomcat_version}}_GROUP={{ tomcat_user }} - -# The home directory of the Java development kit (JDK). You need at least -# JDK version 1.5. If JAVA_HOME is not set, some common directories for -# OpenJDK, the Sun JDK, and various J2SE 1.5 versions are tried. -{% if jdk_java_home is defined %} -JAVA_HOME={{ jdk_java_home }} -{% endif %} - -JAVA_OPTS="-server -Djava.awt.headless=true -Dfile.encoding={{ tomcat_file_encoding }}" -{% if jdk_default <= 7 %} -{% if tomcat_permgen_defined %} -{% if tomcat_permgen_size is defined %} -JAVA_OPTS="-XX:MaxPermSize={{ tomcat_permgen_size }} $JAVA_OPTS" -{% endif %} -{% endif %} -{% endif %} -{% if jdk_default >= 8 %} -JAVA_OPTS="{{ tomcat_additional_java_8_opts }} $JAVA_OPTS" -{% endif %} -{% if tomcat_java_opts is defined %} -JAVA_OPTS="{{ tomcat_java_opts }} $JAVA_OPTS" -{% endif %} -{% if tomcat_java_gc_opts is defined %} -JAVA_OPTS="${JAVA_OPTS} {{ tomcat_java_gc_opts }}" -{% endif %} -{% if tomcat_proxy_enabled %} -JAVA_OPTS="${JAVA_OPTS} {{ tomcat_proxy_opts }}" -{% endif %} -{% if tomcat_other_java_opts is defined %} -JAVA_OPTS="${JAVA_OPTS} {{ tomcat_other_java_opts }}" -{% endif %} -{% if tomcat_jmx_enabled %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port={{ tomcat_jmx_port }} -Dcom.sun.management.jmxremote.ssl={{ tomcat_jmx_use_ssl }} -Dcom.sun.management.jmxremote.local.only={{ tomcat_jmx_localhost_only }}" -{% if tomcat_jmx_auth_enabled %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file={{ tomcat_jmx_auth_dir }}/jmxremote.password -Dcom.sun.management.jmxremote.access.file={{ tomcat_jmx_auth_dir }}/jmxremote.access" -{% else %} -JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false" -{% endif %} -{% if tomcat_jmx_disable_additional_ports %} -JAVA_OPTS="${JAVA_OPTS} -XX:+DisableAttachMechanism -Dcom.sun.management.jmxremote.rmi.port={{ tomcat_jmx_port }}" -{% endif %} -{% endif %} -{% if tomcat_enable_remote_debugging %} -# You will be able to use a java debugger on URI {{ tomcat_remote_debugging_uri }}. -JAVA_OPTS="${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,address={{ tomcat_remote_debugging_uri }},server=y,suspend=n" -# Obsolete -#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address={{ tomcat_remote_debugging_uri }},server=y,suspend=n" -{% endif %} -# Location of the JVM temporary directory -# WARNING: This directory will be destroyed and recreated at every startup ! -JVM_TMP={{ tomcat_tmp_dir }} -{% if catalina_tmp_directory is defined %} -export CATALINA_TMPDIR={{ catalina_tmp_directory }} -{% endif %} -{% if tomcat_load_additional_default_conf %} -if [ -f /etc/default/tomcat.local ] ; then - . /etc/default/tomcat.local -fi -{% endif %} diff --git a/library/roles/tomcat/templates/tomcat-server.xml.j2 b/library/roles/tomcat/templates/tomcat-server.xml.j2 deleted file mode 100644 index 9dc83aa6..00000000 --- a/library/roles/tomcat/templates/tomcat-server.xml.j2 +++ /dev/null @@ -1,176 +0,0 @@ - - - -{% if tomcat_shutdown_port == -1 %} - -{% else %} - - {% endif %} - - - - - - - - - - - - - - - - - - - -{% if tomcat_http_enabled %} - - -{% endif %} - - -{% if tomcat_http_enabled %} - - - -{% endif %} -{% if tomcat_ajp_enabled %} - - -{% endif %} - - - - - - - - - - - - - - - - - - - - -{% if tomcat_access_log_enabled %} - - - - -{% endif %} - - - - diff --git a/library/roles/tomcat/templates/tomcat-users.xml.j2 b/library/roles/tomcat/templates/tomcat-users.xml.j2 deleted file mode 100644 index f2563e4f..00000000 --- a/library/roles/tomcat/templates/tomcat-users.xml.j2 +++ /dev/null @@ -1,40 +0,0 @@ - - - - -{% if tomcat_manager_gui_user_enabled %} - - -{% endif %} -{% if tomcat_manager_script_user_enabled %} - - -{% endif %} -{% if tomcat_manager_jmx_user_enabled %} - - -{% endif %} -{% if tomcat_manager_status_user_enabled %} - - -{% endif %} - diff --git a/library/roles/tomcat/templates/tomcat-web.xml.j2 b/library/roles/tomcat/templates/tomcat-web.xml.j2 deleted file mode 100644 index d27fdfb5..00000000 --- a/library/roles/tomcat/templates/tomcat-web.xml.j2 +++ /dev/null @@ -1,4344 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - org.apache.catalina.servlets.DefaultServlet - - debug - 0 - - - listings - false - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - jsp - org.apache.jasper.servlet.JspServlet - - fork - false - - - xpoweredBy - false - - 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - / - - - - - jsp - *.jsp - *.jspx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -{% if tomcat_javamelody %} - - - - - javamelody - net.bull.javamelody.MonitoringFilter - - - log - true - - - - - javamelody - /* - - - net.bull.javamelody.SessionListener - -{% endif %} - - - - - - - 30 - - - - - - - - - - - - 123 - application/vnd.lotus-1-2-3 - - - 3dml - text/vnd.in3d.3dml - - - 3g2 - video/3gpp2 - - - 3gp - video/3gpp - - - 7z - application/x-7z-compressed - - - aab - application/x-authorware-bin - - - aac - audio/x-aac - - - aam - application/x-authorware-map - - - aas - application/x-authorware-seg - - - abs - audio/x-mpeg - - - abw - application/x-abiword - - - ac - application/pkix-attr-cert - - - acc - application/vnd.americandynamics.acc - - - ace - application/x-ace-compressed - - - acu - application/vnd.acucobol - - - acutc - application/vnd.acucorp - - - adp - audio/adpcm - - - aep - application/vnd.audiograph - - - afm - application/x-font-type1 - - - afp - application/vnd.ibm.modcap - - - ahead - application/vnd.ahead.space - - - ai - application/postscript - - - aif - audio/x-aiff - - - aifc - audio/x-aiff - - - aiff - audio/x-aiff - - - aim - application/x-aim - - - air - application/vnd.adobe.air-application-installer-package+zip - - - ait - application/vnd.dvb.ait - - - ami - application/vnd.amiga.ami - - - anx - application/annodex - - - apk - application/vnd.android.package-archive - - - application - application/x-ms-application - - - apr - application/vnd.lotus-approach - - - art - image/x-jg - - - asc - application/pgp-signature - - - asf - video/x-ms-asf - - - asm - text/x-asm - - - aso - application/vnd.accpac.simply.aso - - - asx - video/x-ms-asf - - - atc - application/vnd.acucorp - - - atom - application/atom+xml - - - atomcat - application/atomcat+xml - - - atomsvc - application/atomsvc+xml - - - atx - application/vnd.antix.game-component - - - au - audio/basic - - - avi - video/x-msvideo - - - avx - video/x-rad-screenplay - - - aw - application/applixware - - - axa - audio/annodex - - - axv - video/annodex - - - azf - application/vnd.airzip.filesecure.azf - - - azs - application/vnd.airzip.filesecure.azs - - - azw - application/vnd.amazon.ebook - - - bat - application/x-msdownload - - - bcpio - application/x-bcpio - - - bdf - application/x-font-bdf - - - bdm - application/vnd.syncml.dm+wbxml - - - bed - application/vnd.realvnc.bed - - - bh2 - application/vnd.fujitsu.oasysprs - - - bin - application/octet-stream - - - bmi - application/vnd.bmi - - - bmp - image/bmp - - - body - text/html - - - book - application/vnd.framemaker - - - box - application/vnd.previewsystems.box - - - boz - application/x-bzip2 - - - bpk - application/octet-stream - - - btif - image/prs.btif - - - bz - application/x-bzip - - - bz2 - application/x-bzip2 - - - c - text/x-c - - - c11amc - application/vnd.cluetrust.cartomobile-config - - - c11amz - application/vnd.cluetrust.cartomobile-config-pkg - - - c4d - application/vnd.clonk.c4group - - - c4f - application/vnd.clonk.c4group - - - c4g - application/vnd.clonk.c4group - - - c4p - application/vnd.clonk.c4group - - - c4u - application/vnd.clonk.c4group - - - cab - application/vnd.ms-cab-compressed - - - cap - application/vnd.tcpdump.pcap - - - car - application/vnd.curl.car - - - cat - application/vnd.ms-pki.seccat - - - cc - text/x-c - - - cct - application/x-director - - - ccxml - application/ccxml+xml - - - cdbcmsg - application/vnd.contact.cmsg - - - cdf - application/x-cdf - - - cdkey - application/vnd.mediastation.cdkey - - - cdmia - application/cdmi-capability - - - cdmic - application/cdmi-container - - - cdmid - application/cdmi-domain - - - cdmio - application/cdmi-object - - - cdmiq - application/cdmi-queue - - - cdx - chemical/x-cdx - - - cdxml - application/vnd.chemdraw+xml - - - cdy - application/vnd.cinderella - - - cer - application/pkix-cert - - - cgm - image/cgm - - - chat - application/x-chat - - - chm - application/vnd.ms-htmlhelp - - - chrt - application/vnd.kde.kchart - - - cif - chemical/x-cif - - - cii - application/vnd.anser-web-certificate-issue-initiation - - - cil - application/vnd.ms-artgalry - - - cla - application/vnd.claymore - - - class - application/java - - - clkk - application/vnd.crick.clicker.keyboard - - - clkp - application/vnd.crick.clicker.palette - - - clkt - application/vnd.crick.clicker.template - - - clkw - application/vnd.crick.clicker.wordbank - - - clkx - application/vnd.crick.clicker - - - clp - application/x-msclip - - - cmc - application/vnd.cosmocaller - - - cmdf - chemical/x-cmdf - - - cml - chemical/x-cml - - - cmp - application/vnd.yellowriver-custom-menu - - - cmx - image/x-cmx - - - cod - application/vnd.rim.cod - - - com - application/x-msdownload - - - conf - text/plain - - - cpio - application/x-cpio - - - cpp - text/x-c - - - cpt - application/mac-compactpro - - - crd - application/x-mscardfile - - - crl - application/pkix-crl - - - crt - application/x-x509-ca-cert - - - cryptonote - application/vnd.rig.cryptonote - - - csh - application/x-csh - - - csml - chemical/x-csml - - - csp - application/vnd.commonspace - - - css - text/css - - - cst - application/x-director - - - csv - text/csv - - - cu - application/cu-seeme - - - curl - text/vnd.curl - - - cww - application/prs.cww - - - cxt - application/x-director - - - cxx - text/x-c - - - dae - model/vnd.collada+xml - - - daf - application/vnd.mobius.daf - - - dataless - application/vnd.fdsn.seed - - - davmount - application/davmount+xml - - - dcr - application/x-director - - - dcurl - text/vnd.curl.dcurl - - - dd2 - application/vnd.oma.dd2+xml - - - ddd - application/vnd.fujixerox.ddd - - - deb - application/x-debian-package - - - def - text/plain - - - deploy - application/octet-stream - - - der - application/x-x509-ca-cert - - - dfac - application/vnd.dreamfactory - - - dib - image/bmp - - - dic - text/x-c - - - dir - application/x-director - - - dis - application/vnd.mobius.dis - - - dist - application/octet-stream - - - distz - application/octet-stream - - - djv - image/vnd.djvu - - - djvu - image/vnd.djvu - - - dll - application/x-msdownload - - - dmg - application/octet-stream - - - dmp - application/vnd.tcpdump.pcap - - - dms - application/octet-stream - - - dna - application/vnd.dna - - - doc - application/msword - - - docm - application/vnd.ms-word.document.macroenabled.12 - - - docx - application/vnd.openxmlformats-officedocument.wordprocessingml.document - - - dot - application/msword - - - dotm - application/vnd.ms-word.template.macroenabled.12 - - - dotx - application/vnd.openxmlformats-officedocument.wordprocessingml.template - - - dp - application/vnd.osgi.dp - - - dpg - application/vnd.dpgraph - - - dra - audio/vnd.dra - - - dsc - text/prs.lines.tag - - - dssc - application/dssc+der - - - dtb - application/x-dtbook+xml - - - dtd - application/xml-dtd - - - dts - audio/vnd.dts - - - dtshd - audio/vnd.dts.hd - - - dump - application/octet-stream - - - dv - video/x-dv - - - dvb - video/vnd.dvb.file - - - dvi - application/x-dvi - - - dwf - model/vnd.dwf - - - dwg - image/vnd.dwg - - - dxf - image/vnd.dxf - - - dxp - application/vnd.spotfire.dxp - - - dxr - application/x-director - - - ecelp4800 - audio/vnd.nuera.ecelp4800 - - - ecelp7470 - audio/vnd.nuera.ecelp7470 - - - ecelp9600 - audio/vnd.nuera.ecelp9600 - - - ecma - application/ecmascript - - - edm - application/vnd.novadigm.edm - - - edx - application/vnd.novadigm.edx - - - efif - application/vnd.picsel - - - ei6 - application/vnd.pg.osasli - - - elc - application/octet-stream - - - eml - message/rfc822 - - - emma - application/emma+xml - - - eol - audio/vnd.digital-winds - - - eot - application/vnd.ms-fontobject - - - eps - application/postscript - - - epub - application/epub+zip - - - es3 - application/vnd.eszigno3+xml - - - esf - application/vnd.epson.esf - - - et3 - application/vnd.eszigno3+xml - - - etx - text/x-setext - - - exe - application/octet-stream - - - exi - application/exi - - - ext - application/vnd.novadigm.ext - - - ez - application/andrew-inset - - - ez2 - application/vnd.ezpix-album - - - ez3 - application/vnd.ezpix-package - - - f - text/x-fortran - - - f4v - video/x-f4v - - - f77 - text/x-fortran - - - f90 - text/x-fortran - - - fbs - image/vnd.fastbidsheet - - - fcs - application/vnd.isac.fcs - - - fdf - application/vnd.fdf - - - fe_launch - application/vnd.denovo.fcselayout-link - - - fg5 - application/vnd.fujitsu.oasysgp - - - fgd - application/x-director - - - fh - image/x-freehand - - - fh4 - image/x-freehand - - - fh5 - image/x-freehand - - - fh7 - image/x-freehand - - - fhc - image/x-freehand - - - fig - application/x-xfig - - - flac - audio/flac - - - fli - video/x-fli - - - flo - application/vnd.micrografx.flo - - - flv - video/x-flv - - - flw - application/vnd.kde.kivio - - - flx - text/vnd.fmi.flexstor - - - fly - text/vnd.fly - - - fm - application/vnd.framemaker - - - fnc - application/vnd.frogans.fnc - - - for - text/x-fortran - - - fpx - image/vnd.fpx - - - frame - application/vnd.framemaker - - - fsc - application/vnd.fsc.weblaunch - - - fst - image/vnd.fst - - - ftc - application/vnd.fluxtime.clip - - - fti - application/vnd.anser-web-funds-transfer-initiation - - - fvt - video/vnd.fvt - - - fxp - application/vnd.adobe.fxp - - - fxpl - application/vnd.adobe.fxp - - - fzs - application/vnd.fuzzysheet - - - g2w - application/vnd.geoplan - - - g3 - image/g3fax - - - g3w - application/vnd.geospace - - - gac - application/vnd.groove-account - - - gbr - application/rpki-ghostbusters - - - gdl - model/vnd.gdl - - - geo - application/vnd.dynageo - - - gex - application/vnd.geometry-explorer - - - ggb - application/vnd.geogebra.file - - - ggt - application/vnd.geogebra.tool - - - ghf - application/vnd.groove-help - - - gif - image/gif - - - gim - application/vnd.groove-identity-message - - - gmx - application/vnd.gmx - - - gnumeric - application/x-gnumeric - - - gph - application/vnd.flographit - - - gqf - application/vnd.grafeq - - - gqs - application/vnd.grafeq - - - gram - application/srgs - - - gre - application/vnd.geometry-explorer - - - grv - application/vnd.groove-injector - - - grxml - application/srgs+xml - - - gsf - application/x-font-ghostscript - - - gtar - application/x-gtar - - - gtm - application/vnd.groove-tool-message - - - gtw - model/vnd.gtw - - - gv - text/vnd.graphviz - - - gxt - application/vnd.geonext - - - gz - application/x-gzip - - - h - text/x-c - - - h261 - video/h261 - - - h263 - video/h263 - - - h264 - video/h264 - - - hal - application/vnd.hal+xml - - - hbci - application/vnd.hbci - - - hdf - application/x-hdf - - - hh - text/x-c - - - hlp - application/winhlp - - - hpgl - application/vnd.hp-hpgl - - - hpid - application/vnd.hp-hpid - - - hps - application/vnd.hp-hps - - - hqx - application/mac-binhex40 - - - htc - text/x-component - - - htke - application/vnd.kenameaapp - - - htm - text/html - - - html - text/html - - - hvd - application/vnd.yamaha.hv-dic - - - hvp - application/vnd.yamaha.hv-voice - - - hvs - application/vnd.yamaha.hv-script - - - i2g - application/vnd.intergeo - - - icc - application/vnd.iccprofile - - - ice - x-conference/x-cooltalk - - - icm - application/vnd.iccprofile - - - ico - image/x-icon - - - ics - text/calendar - - - ief - image/ief - - - ifb - text/calendar - - - ifm - application/vnd.shana.informed.formdata - - - iges - model/iges - - - igl - application/vnd.igloader - - - igm - application/vnd.insors.igm - - - igs - model/iges - - - igx - application/vnd.micrografx.igx - - - iif - application/vnd.shana.informed.interchange - - - imp - application/vnd.accpac.simply.imp - - - ims - application/vnd.ms-ims - - - in - text/plain - - - ink - application/inkml+xml - - - inkml - application/inkml+xml - - - iota - application/vnd.astraea-software.iota - - - ipfix - application/ipfix - - - ipk - application/vnd.shana.informed.package - - - irm - application/vnd.ibm.rights-management - - - irp - application/vnd.irepository.package+xml - - - iso - application/octet-stream - - - itp - application/vnd.shana.informed.formtemplate - - - ivp - application/vnd.immervision-ivp - - - ivu - application/vnd.immervision-ivu - - - jad - text/vnd.sun.j2me.app-descriptor - - - jam - application/vnd.jam - - - jar - application/java-archive - - - java - text/x-java-source - - - jisp - application/vnd.jisp - - - jlt - application/vnd.hp-jlyt - - - jnlp - application/x-java-jnlp-file - - - joda - application/vnd.joost.joda-archive - - - jpe - image/jpeg - - - jpeg - image/jpeg - - - jpg - image/jpeg - - - jpgm - video/jpm - - - jpgv - video/jpeg - - - jpm - video/jpm - - - js - application/javascript - - - jsf - text/plain - - - json - application/json - - - jspf - text/plain - - - kar - audio/midi - - - karbon - application/vnd.kde.karbon - - - kfo - application/vnd.kde.kformula - - - kia - application/vnd.kidspiration - - - kml - application/vnd.google-earth.kml+xml - - - kmz - application/vnd.google-earth.kmz - - - kne - application/vnd.kinar - - - knp - application/vnd.kinar - - - kon - application/vnd.kde.kontour - - - kpr - application/vnd.kde.kpresenter - - - kpt - application/vnd.kde.kpresenter - - - ksp - application/vnd.kde.kspread - - - ktr - application/vnd.kahootz - - - ktx - image/ktx - - - ktz - application/vnd.kahootz - - - kwd - application/vnd.kde.kword - - - kwt - application/vnd.kde.kword - - - lasxml - application/vnd.las.las+xml - - - latex - application/x-latex - - - lbd - application/vnd.llamagraphics.life-balance.desktop - - - lbe - application/vnd.llamagraphics.life-balance.exchange+xml - - - les - application/vnd.hhe.lesson-player - - - lha - application/octet-stream - - - link66 - application/vnd.route66.link66+xml - - - list - text/plain - - - list3820 - application/vnd.ibm.modcap - - - listafp - application/vnd.ibm.modcap - - - log - text/plain - - - lostxml - application/lost+xml - - - lrf - application/octet-stream - - - lrm - application/vnd.ms-lrm - - - ltf - application/vnd.frogans.ltf - - - lvp - audio/vnd.lucent.voice - - - lwp - application/vnd.lotus-wordpro - - - lzh - application/octet-stream - - - m13 - application/x-msmediaview - - - m14 - application/x-msmediaview - - - m1v - video/mpeg - - - m21 - application/mp21 - - - m2a - audio/mpeg - - - m2v - video/mpeg - - - m3a - audio/mpeg - - - m3u - audio/x-mpegurl - - - m3u8 - application/vnd.apple.mpegurl - - - m4a - audio/mp4 - - - m4b - audio/mp4 - - - m4r - audio/mp4 - - - m4u - video/vnd.mpegurl - - - m4v - video/mp4 - - - ma - application/mathematica - - - mac - image/x-macpaint - - - mads - application/mads+xml - - - mag - application/vnd.ecowin.chart - - - maker - application/vnd.framemaker - - - man - text/troff - - - mathml - application/mathml+xml - - - mb - application/mathematica - - - mbk - application/vnd.mobius.mbk - - - mbox - application/mbox - - - mc1 - application/vnd.medcalcdata - - - mcd - application/vnd.mcd - - - mcurl - text/vnd.curl.mcurl - - - mdb - application/x-msaccess - - - mdi - image/vnd.ms-modi - - - me - text/troff - - - mesh - model/mesh - - - meta4 - application/metalink4+xml - - - mets - application/mets+xml - - - mfm - application/vnd.mfmp - - - mft - application/rpki-manifest - - - mgp - application/vnd.osgeo.mapguide.package - - - mgz - application/vnd.proteus.magazine - - - mid - audio/midi - - - midi - audio/midi - - - mif - application/x-mif - - - mime - message/rfc822 - - - mj2 - video/mj2 - - - mjp2 - video/mj2 - - - mlp - application/vnd.dolby.mlp - - - mmd - application/vnd.chipnuts.karaoke-mmd - - - mmf - application/vnd.smaf - - - mmr - image/vnd.fujixerox.edmics-mmr - - - mny - application/x-msmoney - - - mobi - application/x-mobipocket-ebook - - - mods - application/mods+xml - - - mov - video/quicktime - - - movie - video/x-sgi-movie - - - mp1 - audio/mpeg - - - mp2 - audio/mpeg - - - mp21 - application/mp21 - - - mp2a - audio/mpeg - - - mp3 - audio/mpeg - - - mp4 - video/mp4 - - - mp4a - audio/mp4 - - - mp4s - application/mp4 - - - mp4v - video/mp4 - - - mpa - audio/mpeg - - - mpc - application/vnd.mophun.certificate - - - mpe - video/mpeg - - - mpeg - video/mpeg - - - mpega - audio/x-mpeg - - - mpg - video/mpeg - - - mpg4 - video/mp4 - - - mpga - audio/mpeg - - - mpkg - application/vnd.apple.installer+xml - - - mpm - application/vnd.blueice.multipass - - - mpn - application/vnd.mophun.application - - - mpp - application/vnd.ms-project - - - mpt - application/vnd.ms-project - - - mpv2 - video/mpeg2 - - - mpy - application/vnd.ibm.minipay - - - mqy - application/vnd.mobius.mqy - - - mrc - application/marc - - - mrcx - application/marcxml+xml - - - ms - text/troff - - - mscml - application/mediaservercontrol+xml - - - mseed - application/vnd.fdsn.mseed - - - mseq - application/vnd.mseq - - - msf - application/vnd.epson.msf - - - msh - model/mesh - - - msi - application/x-msdownload - - - msl - application/vnd.mobius.msl - - - msty - application/vnd.muvee.style - - - mts - model/vnd.mts - - - mus - application/vnd.musician - - - musicxml - application/vnd.recordare.musicxml+xml - - - mvb - application/x-msmediaview - - - mwf - application/vnd.mfer - - - mxf - application/mxf - - - mxl - application/vnd.recordare.musicxml - - - mxml - application/xv+xml - - - mxs - application/vnd.triscape.mxs - - - mxu - video/vnd.mpegurl - - - n-gage - application/vnd.nokia.n-gage.symbian.install - - - n3 - text/n3 - - - nb - application/mathematica - - - nbp - application/vnd.wolfram.player - - - nc - application/x-netcdf - - - ncx - application/x-dtbncx+xml - - - ngdat - application/vnd.nokia.n-gage.data - - - nlu - application/vnd.neurolanguage.nlu - - - nml - application/vnd.enliven - - - nnd - application/vnd.noblenet-directory - - - nns - application/vnd.noblenet-sealer - - - nnw - application/vnd.noblenet-web - - - npx - image/vnd.net-fpx - - - nsf - application/vnd.lotus-notes - - - oa2 - application/vnd.fujitsu.oasys2 - - - oa3 - application/vnd.fujitsu.oasys3 - - - oas - application/vnd.fujitsu.oasys - - - obd - application/x-msbinder - - - oda - application/oda - - - - odb - application/vnd.oasis.opendocument.database - - - - odc - application/vnd.oasis.opendocument.chart - - - - odf - application/vnd.oasis.opendocument.formula - - - odft - application/vnd.oasis.opendocument.formula-template - - - - odg - application/vnd.oasis.opendocument.graphics - - - - odi - application/vnd.oasis.opendocument.image - - - - odm - application/vnd.oasis.opendocument.text-master - - - - odp - application/vnd.oasis.opendocument.presentation - - - - ods - application/vnd.oasis.opendocument.spreadsheet - - - - odt - application/vnd.oasis.opendocument.text - - - oga - audio/ogg - - - ogg - audio/ogg - - - ogv - video/ogg - - - - ogx - application/ogg - - - onepkg - application/onenote - - - onetmp - application/onenote - - - onetoc - application/onenote - - - onetoc2 - application/onenote - - - opf - application/oebps-package+xml - - - oprc - application/vnd.palm - - - org - application/vnd.lotus-organizer - - - osf - application/vnd.yamaha.openscoreformat - - - osfpvg - application/vnd.yamaha.openscoreformat.osfpvg+xml - - - otc - application/vnd.oasis.opendocument.chart-template - - - otf - application/x-font-otf - - - - otg - application/vnd.oasis.opendocument.graphics-template - - - - oth - application/vnd.oasis.opendocument.text-web - - - oti - application/vnd.oasis.opendocument.image-template - - - - otp - application/vnd.oasis.opendocument.presentation-template - - - - ots - application/vnd.oasis.opendocument.spreadsheet-template - - - - ott - application/vnd.oasis.opendocument.text-template - - - oxps - application/oxps - - - oxt - application/vnd.openofficeorg.extension - - - p - text/x-pascal - - - p10 - application/pkcs10 - - - p12 - application/x-pkcs12 - - - p7b - application/x-pkcs7-certificates - - - p7c - application/pkcs7-mime - - - p7m - application/pkcs7-mime - - - p7r - application/x-pkcs7-certreqresp - - - p7s - application/pkcs7-signature - - - p8 - application/pkcs8 - - - pas - text/x-pascal - - - paw - application/vnd.pawaafile - - - pbd - application/vnd.powerbuilder6 - - - pbm - image/x-portable-bitmap - - - pcap - application/vnd.tcpdump.pcap - - - pcf - application/x-font-pcf - - - pcl - application/vnd.hp-pcl - - - pclxl - application/vnd.hp-pclxl - - - pct - image/pict - - - pcurl - application/vnd.curl.pcurl - - - pcx - image/x-pcx - - - pdb - application/vnd.palm - - - pdf - application/pdf - - - pfa - application/x-font-type1 - - - pfb - application/x-font-type1 - - - pfm - application/x-font-type1 - - - pfr - application/font-tdpfr - - - pfx - application/x-pkcs12 - - - pgm - image/x-portable-graymap - - - pgn - application/x-chess-pgn - - - pgp - application/pgp-encrypted - - - pic - image/pict - - - pict - image/pict - - - pkg - application/octet-stream - - - pki - application/pkixcmp - - - pkipath - application/pkix-pkipath - - - plb - application/vnd.3gpp.pic-bw-large - - - plc - application/vnd.mobius.plc - - - plf - application/vnd.pocketlearn - - - pls - audio/x-scpls - - - pml - application/vnd.ctc-posml - - - png - image/png - - - pnm - image/x-portable-anymap - - - pnt - image/x-macpaint - - - portpkg - application/vnd.macports.portpkg - - - pot - application/vnd.ms-powerpoint - - - potm - application/vnd.ms-powerpoint.template.macroenabled.12 - - - potx - application/vnd.openxmlformats-officedocument.presentationml.template - - - ppam - application/vnd.ms-powerpoint.addin.macroenabled.12 - - - ppd - application/vnd.cups-ppd - - - ppm - image/x-portable-pixmap - - - pps - application/vnd.ms-powerpoint - - - ppsm - application/vnd.ms-powerpoint.slideshow.macroenabled.12 - - - ppsx - application/vnd.openxmlformats-officedocument.presentationml.slideshow - - - ppt - application/vnd.ms-powerpoint - - - pptm - application/vnd.ms-powerpoint.presentation.macroenabled.12 - - - pptx - application/vnd.openxmlformats-officedocument.presentationml.presentation - - - pqa - application/vnd.palm - - - prc - application/x-mobipocket-ebook - - - pre - application/vnd.lotus-freelance - - - prf - application/pics-rules - - - ps - application/postscript - - - psb - application/vnd.3gpp.pic-bw-small - - - psd - image/vnd.adobe.photoshop - - - psf - application/x-font-linux-psf - - - pskcxml - application/pskc+xml - - - ptid - application/vnd.pvi.ptid1 - - - pub - application/x-mspublisher - - - pvb - application/vnd.3gpp.pic-bw-var - - - pwn - application/vnd.3m.post-it-notes - - - pya - audio/vnd.ms-playready.media.pya - - - pyv - video/vnd.ms-playready.media.pyv - - - qam - application/vnd.epson.quickanime - - - qbo - application/vnd.intu.qbo - - - qfx - application/vnd.intu.qfx - - - qps - application/vnd.publishare-delta-tree - - - qt - video/quicktime - - - qti - image/x-quicktime - - - qtif - image/x-quicktime - - - qwd - application/vnd.quark.quarkxpress - - - qwt - application/vnd.quark.quarkxpress - - - qxb - application/vnd.quark.quarkxpress - - - qxd - application/vnd.quark.quarkxpress - - - qxl - application/vnd.quark.quarkxpress - - - qxt - application/vnd.quark.quarkxpress - - - ra - audio/x-pn-realaudio - - - ram - audio/x-pn-realaudio - - - rar - application/x-rar-compressed - - - ras - image/x-cmu-raster - - - rcprofile - application/vnd.ipunplugged.rcprofile - - - rdf - application/rdf+xml - - - rdz - application/vnd.data-vision.rdz - - - rep - application/vnd.businessobjects - - - res - application/x-dtbresource+xml - - - rgb - image/x-rgb - - - rif - application/reginfo+xml - - - rip - audio/vnd.rip - - - rl - application/resource-lists+xml - - - rlc - image/vnd.fujixerox.edmics-rlc - - - rld - application/resource-lists-diff+xml - - - rm - application/vnd.rn-realmedia - - - rmi - audio/midi - - - rmp - audio/x-pn-realaudio-plugin - - - rms - application/vnd.jcp.javame.midlet-rms - - - rnc - application/relax-ng-compact-syntax - - - roa - application/rpki-roa - - - roff - text/troff - - - rp9 - application/vnd.cloanto.rp9 - - - rpss - application/vnd.nokia.radio-presets - - - rpst - application/vnd.nokia.radio-preset - - - rq - application/sparql-query - - - rs - application/rls-services+xml - - - rsd - application/rsd+xml - - - rss - application/rss+xml - - - rtf - application/rtf - - - rtx - text/richtext - - - s - text/x-asm - - - saf - application/vnd.yamaha.smaf-audio - - - sbml - application/sbml+xml - - - sc - application/vnd.ibm.secure-container - - - scd - application/x-msschedule - - - scm - application/vnd.lotus-screencam - - - scq - application/scvp-cv-request - - - scs - application/scvp-cv-response - - - scurl - text/vnd.curl.scurl - - - sda - application/vnd.stardivision.draw - - - sdc - application/vnd.stardivision.calc - - - sdd - application/vnd.stardivision.impress - - - sdkd - application/vnd.solent.sdkm+xml - - - sdkm - application/vnd.solent.sdkm+xml - - - sdp - application/sdp - - - sdw - application/vnd.stardivision.writer - - - see - application/vnd.seemail - - - seed - application/vnd.fdsn.seed - - - sema - application/vnd.sema - - - semd - application/vnd.semd - - - semf - application/vnd.semf - - - ser - application/java-serialized-object - - - setpay - application/set-payment-initiation - - - setreg - application/set-registration-initiation - - - sfd-hdstx - application/vnd.hydrostatix.sof-data - - - sfs - application/vnd.spotfire.sfs - - - sgl - application/vnd.stardivision.writer-global - - - sgm - text/sgml - - - sgml - text/sgml - - - sh - application/x-sh - - - shar - application/x-shar - - - shf - application/shf+xml - - - - sig - application/pgp-signature - - - silo - model/mesh - - - sis - application/vnd.symbian.install - - - sisx - application/vnd.symbian.install - - - sit - application/x-stuffit - - - sitx - application/x-stuffitx - - - skd - application/vnd.koan - - - skm - application/vnd.koan - - - skp - application/vnd.koan - - - skt - application/vnd.koan - - - sldm - application/vnd.ms-powerpoint.slide.macroenabled.12 - - - sldx - application/vnd.openxmlformats-officedocument.presentationml.slide - - - slt - application/vnd.epson.salt - - - sm - application/vnd.stepmania.stepchart - - - smf - application/vnd.stardivision.math - - - smi - application/smil+xml - - - smil - application/smil+xml - - - smzip - application/vnd.stepmania.package - - - snd - audio/basic - - - snf - application/x-font-snf - - - so - application/octet-stream - - - spc - application/x-pkcs7-certificates - - - spf - application/vnd.yamaha.smaf-phrase - - - spl - application/x-futuresplash - - - spot - text/vnd.in3d.spot - - - spp - application/scvp-vp-response - - - spq - application/scvp-vp-request - - - spx - audio/ogg - - - src - application/x-wais-source - - - sru - application/sru+xml - - - srx - application/sparql-results+xml - - - sse - application/vnd.kodak-descriptor - - - ssf - application/vnd.epson.ssf - - - ssml - application/ssml+xml - - - st - application/vnd.sailingtracker.track - - - stc - application/vnd.sun.xml.calc.template - - - std - application/vnd.sun.xml.draw.template - - - stf - application/vnd.wt.stf - - - sti - application/vnd.sun.xml.impress.template - - - stk - application/hyperstudio - - - stl - application/vnd.ms-pki.stl - - - str - application/vnd.pg.format - - - stw - application/vnd.sun.xml.writer.template - - - sub - text/vnd.dvb.subtitle - - - sus - application/vnd.sus-calendar - - - susp - application/vnd.sus-calendar - - - sv4cpio - application/x-sv4cpio - - - sv4crc - application/x-sv4crc - - - svc - application/vnd.dvb.service - - - svd - application/vnd.svd - - - svg - image/svg+xml - - - svgz - image/svg+xml - - - swa - application/x-director - - - swf - application/x-shockwave-flash - - - swi - application/vnd.aristanetworks.swi - - - sxc - application/vnd.sun.xml.calc - - - sxd - application/vnd.sun.xml.draw - - - sxg - application/vnd.sun.xml.writer.global - - - sxi - application/vnd.sun.xml.impress - - - sxm - application/vnd.sun.xml.math - - - sxw - application/vnd.sun.xml.writer - - - t - text/troff - - - taglet - application/vnd.mynfc - - - tao - application/vnd.tao.intent-module-archive - - - tar - application/x-tar - - - tcap - application/vnd.3gpp2.tcap - - - tcl - application/x-tcl - - - teacher - application/vnd.smart.teacher - - - tei - application/tei+xml - - - teicorpus - application/tei+xml - - - tex - application/x-tex - - - texi - application/x-texinfo - - - texinfo - application/x-texinfo - - - text - text/plain - - - tfi - application/thraud+xml - - - tfm - application/x-tex-tfm - - - thmx - application/vnd.ms-officetheme - - - tif - image/tiff - - - tiff - image/tiff - - - tmo - application/vnd.tmobile-livetv - - - torrent - application/x-bittorrent - - - tpl - application/vnd.groove-tool-template - - - tpt - application/vnd.trid.tpt - - - tr - text/troff - - - tra - application/vnd.trueapp - - - trm - application/x-msterminal - - - tsd - application/timestamped-data - - - tsv - text/tab-separated-values - - - ttc - application/x-font-ttf - - - ttf - application/x-font-ttf - - - ttl - text/turtle - - - twd - application/vnd.simtech-mindmapper - - - twds - application/vnd.simtech-mindmapper - - - txd - application/vnd.genomatix.tuxedo - - - txf - application/vnd.mobius.txf - - - txt - text/plain - - - u32 - application/x-authorware-bin - - - udeb - application/x-debian-package - - - ufd - application/vnd.ufdl - - - ufdl - application/vnd.ufdl - - - ulw - audio/basic - - - umj - application/vnd.umajin - - - unityweb - application/vnd.unity - - - uoml - application/vnd.uoml+xml - - - uri - text/uri-list - - - uris - text/uri-list - - - urls - text/uri-list - - - ustar - application/x-ustar - - - utz - application/vnd.uiq.theme - - - uu - text/x-uuencode - - - uva - audio/vnd.dece.audio - - - uvd - application/vnd.dece.data - - - uvf - application/vnd.dece.data - - - uvg - image/vnd.dece.graphic - - - uvh - video/vnd.dece.hd - - - uvi - image/vnd.dece.graphic - - - uvm - video/vnd.dece.mobile - - - uvp - video/vnd.dece.pd - - - uvs - video/vnd.dece.sd - - - uvt - application/vnd.dece.ttml+xml - - - uvu - video/vnd.uvvu.mp4 - - - uvv - video/vnd.dece.video - - - uvva - audio/vnd.dece.audio - - - uvvd - application/vnd.dece.data - - - uvvf - application/vnd.dece.data - - - uvvg - image/vnd.dece.graphic - - - uvvh - video/vnd.dece.hd - - - uvvi - image/vnd.dece.graphic - - - uvvm - video/vnd.dece.mobile - - - uvvp - video/vnd.dece.pd - - - uvvs - video/vnd.dece.sd - - - uvvt - application/vnd.dece.ttml+xml - - - uvvu - video/vnd.uvvu.mp4 - - - uvvv - video/vnd.dece.video - - - uvvx - application/vnd.dece.unspecified - - - uvvz - application/vnd.dece.zip - - - uvx - application/vnd.dece.unspecified - - - uvz - application/vnd.dece.zip - - - vcard - text/vcard - - - vcd - application/x-cdlink - - - vcf - text/x-vcard - - - vcg - application/vnd.groove-vcard - - - vcs - text/x-vcalendar - - - vcx - application/vnd.vcx - - - vis - application/vnd.visionary - - - viv - video/vnd.vivo - - - vor - application/vnd.stardivision.writer - - - vox - application/x-authorware-bin - - - vrml - model/vrml - - - vsd - application/vnd.visio - - - vsf - application/vnd.vsf - - - vss - application/vnd.visio - - - vst - application/vnd.visio - - - vsw - application/vnd.visio - - - vtu - model/vnd.vtu - - - vxml - application/voicexml+xml - - - w3d - application/x-director - - - wad - application/x-doom - - - wav - audio/x-wav - - - wax - audio/x-ms-wax - - - - wbmp - image/vnd.wap.wbmp - - - wbs - application/vnd.criticaltools.wbs+xml - - - wbxml - application/vnd.wap.wbxml - - - wcm - application/vnd.ms-works - - - wdb - application/vnd.ms-works - - - weba - audio/webm - - - webm - video/webm - - - webp - image/webp - - - wg - application/vnd.pmi.widget - - - wgt - application/widget - - - wks - application/vnd.ms-works - - - wm - video/x-ms-wm - - - wma - audio/x-ms-wma - - - wmd - application/x-ms-wmd - - - wmf - application/x-msmetafile - - - - wml - text/vnd.wap.wml - - - - wmlc - application/vnd.wap.wmlc - - - - wmls - text/vnd.wap.wmlscript - - - - wmlsc - application/vnd.wap.wmlscriptc - - - wmv - video/x-ms-wmv - - - wmx - video/x-ms-wmx - - - wmz - application/x-ms-wmz - - - woff - application/x-font-woff - - - wpd - application/vnd.wordperfect - - - wpl - application/vnd.ms-wpl - - - wps - application/vnd.ms-works - - - wqd - application/vnd.wqd - - - wri - application/x-mswrite - - - wrl - model/vrml - - - wsdl - application/wsdl+xml - - - wspolicy - application/wspolicy+xml - - - wtb - application/vnd.webturbo - - - wvx - video/x-ms-wvx - - - x32 - application/x-authorware-bin - - - x3d - application/vnd.hzn-3d-crossword - - - xap - application/x-silverlight-app - - - xar - application/vnd.xara - - - xbap - application/x-ms-xbap - - - xbd - application/vnd.fujixerox.docuworks.binder - - - xbm - image/x-xbitmap - - - xdf - application/xcap-diff+xml - - - xdm - application/vnd.syncml.dm+xml - - - xdp - application/vnd.adobe.xdp+xml - - - xdssc - application/dssc+xml - - - xdw - application/vnd.fujixerox.docuworks - - - xenc - application/xenc+xml - - - xer - application/patch-ops-error+xml - - - xfdf - application/vnd.adobe.xfdf - - - xfdl - application/vnd.xfdl - - - xht - application/xhtml+xml - - - xhtml - application/xhtml+xml - - - xhvml - application/xv+xml - - - xif - image/vnd.xiff - - - xla - application/vnd.ms-excel - - - xlam - application/vnd.ms-excel.addin.macroenabled.12 - - - xlc - application/vnd.ms-excel - - - xlm - application/vnd.ms-excel - - - xls - application/vnd.ms-excel - - - xlsb - application/vnd.ms-excel.sheet.binary.macroenabled.12 - - - xlsm - application/vnd.ms-excel.sheet.macroenabled.12 - - - xlsx - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - - - xlt - application/vnd.ms-excel - - - xltm - application/vnd.ms-excel.template.macroenabled.12 - - - xltx - application/vnd.openxmlformats-officedocument.spreadsheetml.template - - - xlw - application/vnd.ms-excel - - - xml - application/xml - - - xo - application/vnd.olpc-sugar - - - xop - application/xop+xml - - - xpi - application/x-xpinstall - - - xpm - image/x-xpixmap - - - xpr - application/vnd.is-xpr - - - xps - application/vnd.ms-xpsdocument - - - xpw - application/vnd.intercon.formnet - - - xpx - application/vnd.intercon.formnet - - - xsl - application/xml - - - xslt - application/xslt+xml - - - xsm - application/vnd.syncml+xml - - - xspf - application/xspf+xml - - - xul - application/vnd.mozilla.xul+xml - - - xvm - application/xv+xml - - - xvml - application/xv+xml - - - xwd - image/x-xwindowdump - - - xyz - chemical/x-xyz - - - yang - application/yang - - - yin - application/yin+xml - - - z - application/x-compress - - - Z - application/x-compress - - - zaz - application/vnd.zzazz.deck+xml - - - zip - application/zip - - - zir - application/vnd.zul - - - zirz - application/vnd.zul - - - zmm - application/vnd.handheld-entertainment+xml - - - - - - - - - - - - - - - - - - index.html - index.htm - index.jsp - - - diff --git a/library/roles/tomcat/templates/tomcat_access.logrotate.j2 b/library/roles/tomcat/templates/tomcat_access.logrotate.j2 deleted file mode 100644 index a4082fd9..00000000 --- a/library/roles/tomcat/templates/tomcat_access.logrotate.j2 +++ /dev/null @@ -1,8 +0,0 @@ -{{ tomcat_logdir }}/localhost_access.log { - copytruncate - {{ tomcat_access_log_rotation_freq }} - rotate {{ tomcat_retain_old_logs }} - compress - missingok - create 640 {{ tomcat_user }} adm -} diff --git a/library/roles/user_services_perms/defaults/main.yml b/library/roles/user_services_perms/defaults/main.yml deleted file mode 100644 index 7a69660e..00000000 --- a/library/roles/user_services_perms/defaults/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -service_sudoers_group: adminsu - -common_users_group: service_g -# Define the following if you want some directories readable and writable by the common group but outside the default app data dirs -#additional_data_directories: -# - { name: '/data/1', perms: 0755, create: True, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rwX' } -# - { name: '/data/2', create: False, perms: 0755, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rwX' } -# - { name: '/data/bah', create: False, perms: 0644, aclperms: 'rw' } -# -# Use additional_data_directories_adjunct to list more directories in addition to the ones specified into additional_data_directories - -# Define the following array when you want to add commands to the sudoers file -#service_sudo_commands: -# - /etc/init.d/virtuoso-opensource-7 -# - /sbin/reboot -# -# Use service_sudo_commands_adjunct to list more commands in addition to the ones specified into services_sudo_commands diff --git a/library/roles/user_services_perms/meta/main.yml b/library/roles/user_services_perms/meta/main.yml deleted file mode 100644 index df990e06..00000000 --- a/library/roles/user_services_perms/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - '../../library/roles/users' diff --git a/library/roles/user_services_perms/tasks/common-users-data-dirs.yml b/library/roles/user_services_perms/tasks/common-users-data-dirs.yml deleted file mode 100644 index 4d13f9a0..00000000 --- a/library/roles/user_services_perms/tasks/common-users-data-dirs.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- block: - - name: Create the common group used to setup acls - group: name={{ common_users_group }} state=present system=yes - when: additional_data_directories is defined - - tags: [ 'users', 'users_acl' ] - -- block: - - name: Add selected users to the commong group - user: name={{ item.login }} groups={{ common_users_group }} append=yes - with_items: '{{ users_system_users }}' - - when: users_system_users is defined - tags: [ 'users', 'users_acl' ] - -- block: - - name: Add additional users to the commong group - user: name={{ item.login }} groups={{ common_users_group }} append=yes - with_items: '{{ users_system_users_adjunct }}' - - when: users_system_users_adjunct is defined - tags: [ 'users', 'users_acl' ] - -- block: - - name: Create the users additional data dirs - file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }} - with_items: '{{ additional_data_directories }}' - when: item.create and not item.file - - when: additional_data_directories is defined - tags: [ 'users', 'users_acl' ] - -- block: - - name: Create more additional data dirs - file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }} - with_items: '{{ additional_data_directories_adjunct }}' - when: item.create and not item.file - - when: additional_data_directories_adjunct is defined - tags: [ 'users', 'users_acl' ] - - -- block: - - name: Set the read/write/access permissions on the users additional data dirs - acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present recursive=yes - with_items: '{{ additional_data_directories | default([]) }}' - - - name: Set the default read/write/access permissions on the users additional data dirs - acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present default=yes recursive=yes - with_items: '{{ additional_data_directories | default([]) }}' - - when: additional_data_directories is defined - tags: [ 'users_acl' ] - -- block: - - name: Set the read/write/access permissions on the additional data dirs - acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present recursive=yes - with_items: '{{ additional_data_directories_adjunct }}' - - - name: Set the default read/write/access permissions on the additional data dirs - acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present default=yes recursive=yes - with_items: '{{ additional_data_directories_adjunct }}' - - when: additional_data_directories_adjunct is defined - tags: [ 'users_acl' ] - diff --git a/library/roles/user_services_perms/tasks/main.yml b/library/roles/user_services_perms/tasks/main.yml deleted file mode 100644 index be1cc6f1..00000000 --- a/library/roles/user_services_perms/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- import_tasks: sudoers-groups.yml -- import_tasks: sudo-config.yml -- import_tasks: common-users-data-dirs.yml - when: additional_data_directories is defined diff --git a/library/roles/user_services_perms/tasks/sudo-config.yml b/library/roles/user_services_perms/tasks/sudo-config.yml deleted file mode 100644 index 852a4d67..00000000 --- a/library/roles/user_services_perms/tasks/sudo-config.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Install the sudoers config that allows users to execute some privileged commands - template: src=service-sudoers.j2 dest=/etc/sudoers.d/service-group owner=root group=root mode=0440 - tags: [ 'service', 'sudo', 'users' ] - diff --git a/library/roles/user_services_perms/tasks/sudoers-groups.yml b/library/roles/user_services_perms/tasks/sudoers-groups.yml deleted file mode 100644 index c7b0eb3e..00000000 --- a/library/roles/user_services_perms/tasks/sudoers-groups.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- block: - - name: Add the additional service groups - group: name={{ item }} state=present - with_items: '{{ service_sudoers_group }}' - - when: users_system_users is defined - tags: [ 'services', 'users' ] - -- block: - - name: Add selected users to the limited sudoers group - user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes - with_items: '{{ users_system_users | default([]) }}' - when: item.limited_sudoers_user - - - name: Remove selected users to the limited sudoers group - user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes - with_items: '{{ users_system_users | default([]) }}' - when: not item.limited_sudoers_user - - when: - - users_system_users is defined - - item.limited_sudoers_user is defined - tags: [ 'services', 'users' ] - -- block: - - name: Add additional users to the limited sudoers group - user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes - with_items: '{{ users_system_users_adjunct }}' - when: item.limited_sudoers_user - - - name: Remove additional users to the limited sudoers group - user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes - with_items: '{{ users_system_users_adjunct }}' - when: not item.limited_sudoers_user - - when: - - users_system_users_adjunct is defined - - item.limited_sudoers_user is defined - tags: [ 'services', 'users' ] diff --git a/library/roles/user_services_perms/templates/service-sudoers.j2 b/library/roles/user_services_perms/templates/service-sudoers.j2 deleted file mode 100644 index 7226749a..00000000 --- a/library/roles/user_services_perms/templates/service-sudoers.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% if service_sudo_commands is defined %} -%{{ service_sudoers_group }} ALL=(ALL) NOPASSWD: {% for cmd in service_sudo_commands %}{{ cmd }}{% if not loop.last %}, {% endif %}{% endfor %} {% if service_sudo_commands_adjunct is defined %}, {% for cmd in service_sudo_commands_adjunct %}{{ cmd }}{% if not loop.last %}, {% endif %}{% endfor %}{% endif %} -{% endif %} diff --git a/library/roles/users/defaults/main.yml b/library/roles/users/defaults/main.yml deleted file mode 100644 index f7cc9b46..00000000 --- a/library/roles/users/defaults/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# -# This role adds users to a system -# The users can access if their ssh key is provided -# Users can have sudo privileges if the 'admin' property is 'true' -# admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true' - -deb_users_sudoers_group: sudo -rh_users_sudoers_group: wheel -users_sudoers_group: '{{ deb_users_sudoers_group }}' -users_sudoers_create_group: False -users_sudoers_create_sudo_conf: False -users_home_dir: /home -users_default_password: '*' -users_update_password: 'on_create' -#users_system_users: -# - { login: 'foo', name: "Foo Bar", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ foo_ssh_key }}', shell: '/bin/bash', admin: False, log_as_root: False } -#users_system_users_adjunct: same as above, can be used to add more users to the original list -#users_additional_groups: -# - { group: 'foo' } diff --git a/library/roles/users/tasks/main.yml b/library/roles/users/tasks/main.yml deleted file mode 100644 index f648dce6..00000000 --- a/library/roles/users/tasks/main.yml +++ /dev/null @@ -1,126 +0,0 @@ ---- -- block: - - name: Create the sudoers group if needed - group: name={{ users_sudoers_group }} state=present - when: users_sudoers_create_group - - - name: Add a sudo additional configuration for the new sudoers group - template: src=sudoers.j2 dest=/etc/sudoers.d/{{ users_sudoers_group }} - when: users_sudoers_create_sudo_conf - - tags: users - -- block: - - name: Manage additional groups - group: name={{ item.group }} state={{ item.state | default('present') }} - with_items: '{{ users_additional_groups }}' - - when: users_additional_groups is defined - tags: users - -- block: - - name: Create users - user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }} - with_items: '{{ users_system_users | default([]) }}' - - - name: ensure that the users can login with their ssh keys - authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present - with_items: '{{ users_system_users | default([]) }}' - when: item.ssh_key is defined - - - name: Add the admin users to the sudoers group on debian based systems - user: name={{ item.login }} groups={{ deb_users_sudoers_group }} append=yes - with_items: '{{ users_system_users | default([]) }}' - when: - - item.admin - - ansible_distribution_file_variety == "Debian" - - - name: Add the admin users to the sudoers group on rh/centos systems - user: name={{ item.login }} groups={{ rh_users_sudoers_group }} append=yes - with_items: '{{ users_system_users }}' - when: - - item.admin - - ansible_distribution_file_variety == "RedHat" - - - name: ensure that the users can login with their ssh keys as root if we want ensure direct access - authorized_key: user=root key="{{ item.ssh_key }}" state=present - with_items: '{{ users_system_users }}' - when: - - item.ssh_key is defined - - item.log_as_root is defined - - item.log_as_root - - - name: ensure that the users can not login with their ssh keys as root - authorized_key: user=root key="{{ item.ssh_key }}" state=absent - with_items: '{{ users_system_users }}' - when: - - item.ssh_key is defined - - item.log_as_root is defined - - not item.log_as_root - - - when: users_system_users is defined - tags: users - -- block: - - name: Create additional users - user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }} - with_items: '{{ users_system_users_adjunct }}' - - - name: ensure that the additional users can login with their ssh keys - authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present - with_items: '{{ users_system_users_adjunct }}' - when: item.ssh_key is defined - - - name: Add the additional admin users to the sudoers group on debian based systems - user: name={{ item.login }} groups={{ deb_users_sudoers_group }} append=yes - with_items: '{{ users_system_users_adjunct }}' - when: - - item.admin - - ansible_distribution_file_variety == "Debian" - - - name: Add the additional admin users to the sudoers group on rh/centos systems - user: name={{ item.login }} groups={{ rh_users_sudoers_group }} append=yes - with_items: '{{ users_system_users_adjunct }}' - when: - - item.admin - - ansible_distribution_file_variety == "RedHat" - - - name: ensure that the additional users can login with their ssh keys as root if we want ensure direct access - authorized_key: user=root key="{{ item.ssh_key }}" state=present - with_items: '{{ users_system_users_adjunct }}' - when: - - item.ssh_key is defined - - item.log_as_root is defined - - item.log_as_root - - - name: ensure that the additional users cannot login with their ssh keys as root - authorized_key: user=root key="{{ item.ssh_key }}" state=absent - with_items: '{{ users_system_users_adjunct }}' - when: - - item.ssh_key is defined - - item.log_as_root is defined - - not item.log_as_root - - when: users_system_users_adjunct is defined - tags: users - -- block: - - name: Permit sudo without password on Deb based systems - lineinfile: - path: /etc/sudoers - state: present - regexp: '^%{{ deb_users_sudoers_group }}\s' - line: '%{{ deb_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL' - when: ansible_distribution_file_variety == "Debian" - - - name: Change the sudo configuration to permit sudo without password on RH/CentOS systems - lineinfile: - path: /etc/sudoers - state: present - regexp: '^%{{ rh_users_sudoers_group }}\s' - line: '%{{ rh_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL' - when: ansible_distribution_file_variety == "RedHat" - - tags: [ 'users', 'sudo_wheel' ] - diff --git a/library/roles/users/templates/sudoers.j2 b/library/roles/users/templates/sudoers.j2 deleted file mode 100644 index 0bef21c0..00000000 --- a/library/roles/users/templates/sudoers.j2 +++ /dev/null @@ -1 +0,0 @@ -%{{ users_sudoers_group }} ALL=(ALL) ALL